Managing Encryption Keys
■
User Agent ID - Agent ID.
■
Registration PIN - Registration PIN.
■
OKM Key Creation Properties
■
Keyname - Name to identify the key.
■
Shares Encryption Properties
■
Encryption - AES encryption type and key length (for more information, see
“Understanding Encryption Key Values” on page 583.
■
Inherit key - Inherit the encryption key from the parent project.
■
Key - Sets a specific LOCAL or OKM key and is used when the key is not inherited
from the parent project.
■
Project Encryption Properties
■
Name - Name to identify the project.
■
Encryption - AES encryption type and key length (for more information, see
“Understanding Encryption Key Values” on page 583.
■
Key - Specific LOCAL or OKM key.
Related Topics
■
“Data Encryption Workflow” on page 560
■
“Managing Encryption Keys” on page 582
■
“Performance Impact of Encryption” on page 584
■
“Encryption Key Life Cycle” on page 585
Managing Encryption Keys
The appliance includes a built-in LOCAL keystore and the ability to connect to the Oracle Key
Manager (OKM) system. Each encrypted project or share requires a wrapping key from either
the LOCAL or OKM keystores. The data encryption keys are managed by the storage appliance
and are stored persistently encrypted by the wrapping key from the LOCAL or OKM keystore.
OKM is a comprehensive key management system (KMS) that addresses the rapidly growing
enterprise need for storage-based data encryption. Developed to comply with open standards,
this feature provides the capacity, scalability, and interoperability to manage encryption keys
centrally over widely distributed and heterogeneous storage infrastructures.
OKM meets the unique challenges of storage key management, including:
■
Long-term key retention - OKM ensures that archive data is always available, and it
securely retains encryption keys for the full data life cycle.
582 Oracle ZFS Storage Appliance Administration Guide, Release OS8.6.x • September 2016
To Next Page
Loading...
Need help?
General
