Sun Microsystems, Inc.  Oracle System Handbook - ISO 7.0 May 2018 Internal/Partner Edition
   Home | Current Systems | Former STK Products | EOL Systems | Components | General Info | Search | Feedback

Asset ID: 1-71-1950058.1
Update Date:2017-12-24
Keywords:
Solution Type  Technical Instruction Sure

Solution  1950058.1 :   OKM - How to join a KMA to an existing cluster  

Related Items 
    

  • Oracle Key Manager
    •  
Related Categories 
    

  • PLA-Support>Sun Systems>TAPE>Backup Software-Filesystems>SN-TP: Encryption
    •  






In this Document


Goal


Solution


References

Created from <SR 3-9804857251>


Applies to:  

Oracle Key Manager - Version 2.1 to 3.0 [Release 2.0 to 3.0]
Information in this document applies to any platform.



Goal


What is the procedure for joining a KMA to an existing cluster?
 


Solution


This procedure is applicable after a KMA hard drive or system board replacement, a KMA server replacement or when adding a new KMA to the OKM cluster. 

1. Prior to the hard drive, system board or server replacement, make sure the KMA is shut down properly.   
    ( Refer to <Document 1019656.1> - How to Correctly Shutdown and Reboot a KMA )

2. On an existing KMA connected to the OKM cluster, bring up the OKM GUI and login with Security Officer role. 
    -- Bring up the KMA List. 
    -- Note down the management and service network addresses.
    -- Determine the gateway and netmask as this will be needed during QuickStart (when the KMA is re-initialized)

3. If existing, delete the KMA entry of the KMA that will be joining the OKM cluster.

4. Create a new KMA entry.  You may reuse the same name as the deleted KMA ( in step 3 ).
    -- This will require key split quorum authentication ( Key Split Configuration gives info on number of required users to authenticate )
    -- The new KMA id will be all zeros until it joins the cluster again through the QuickStart process.

5. When the KMA is ready to join the cluster,  power up the KMA and login to the system console ( either through the ELOM GUI or CLI ) . 
    This should bring up the OKM QuickStart program that will allow you to initialize the KMA.
    --- Provide the management and service network addresses for this KMA; as well as, the gateway and netmask information.
    --- Provide the KMA name created in Step 4.
    ---QuickStart will ask if you would like to create a new cluster or join an existing cluster. 
        The KMA should join the existing cluster and the management IP address of the KMA used in Step 2 should be provided.

6. Monitor the progress of the join operation from the OKM GUI's "KMA List" window.
  --- The new KMA will come up as "Locked" and will remain this way until unlocked.

7. Unlock the KMA once the replication lag size becomes 0.
  --- If the replication lag size does not become 0, login to the new KMA's OKM GUI and switch the replication version to a version that is compatible with that of 
       the KMA in Step 2. )
  --- Please refer to the References section of this document for current documents related to OKM replication levels


References
<NOTE:1020938.1> - KMS - Identifying the KMS Version Being Used
<NOTE:1532878.1> - Oracle Key Manager - Build, Version, and Patch Matrix
<NOTE:1291456.1> - KMS/OKM - Joining a KMA Running on OKM 2.3 to a Mixed Version Cluster
<NOTE:1569678.1> - OKM 2.5.2: Replication Lag Size Stuck Around 480k Size After Activating 2.5.2 OKM Version



Attachments

This solution has no attachment


















       

Copyright © 2018 Oracle, Inc.  All rights reserved.

 Feedback