Sun Microsystems, Inc.  Oracle System Handbook - ISO 7.0 May 2018 Internal/Partner Edition
   Home | Current Systems | Former STK Products | EOL Systems | Components | General Info | Search | Feedback

Asset ID: 1-71-2035604.1
Update Date:2015-07-28
Keywords:
Solution Type  Technical Instruction Sure

Solution  2035604.1 :   Oracle Key Manager (OKM) - How to Change the Agent ID or Passphrase in OKM GUI for a Encrypted ZFS Filesystem Server?  

Related Items 
    

  • Oracle Key Manager
    •  
Related Categories 
    

  • PLA-Support>Sun Systems>TAPE>Backup Software-Filesystems>SN-TP: Encryption
    •  






In this Document


Goal


Solution



Created from <SR 3-11059744801>


Applies to:  

Oracle Key Manager - Version 2.4 and later
Information in this document applies to any platform.



Goal


In an encrypted zfs filesystem and Oracle Key Manager environment, what needs to be performed on the ZFS server side if the agent is deleted (and recreated) or the passphrase is changed on the OKM side?
 


Solution


If the agent ID or passphrase is changed through the OKM GUI, it is required to re-run kmscfg using a new profile name on every ZFS node that uses that agent.

For example, if the OKM administrator changes an agent's passphrase from the OKM GUI, the system admin on each ZFS server that uses that agent must run kmscfg so that it uses the new passphrase.

Whether each server should use its own agent is a matter of preference. If each ZFS server has its own agent, then key usage can be tracked on a per ZFS server basis by reviewing the Audit Event Log. If this level of tracking is not required, then it is possible to use one agent for all of the Solaris ZFS servers.
 



Attachments

This solution has no attachment


















       

Copyright © 2018 Oracle, Inc.  All rights reserved.

 Feedback