Table of Contents
Advertisement
Managing Encryption Keys
■
■
OKM Key Creation Properties
■
■
Shares Encryption Properties
■
■
■
■
Project Encryption Properties
■
■
■
■
Related Topics
"Data Encryption Workflow" on page 560
■
"Managing Encryption Keys" on page 582
■
"Performance Impact of Encryption" on page 584
■
"Encryption Key Life Cycle" on page 585
■
Managing Encryption Keys
The appliance includes a built-in LOCAL keystore and the ability to connect to the Oracle Key
Manager (OKM) system. Each encrypted project or share requires a wrapping key from either
the LOCAL or OKM keystores. The data encryption keys are managed by the storage appliance
and are stored persistently encrypted by the wrapping key from the LOCAL or OKM keystore.
OKM is a comprehensive key management system (KMS) that addresses the rapidly growing
enterprise need for storage-based data encryption. Developed to comply with open standards,
this feature provides the capacity, scalability, and interoperability to manage encryption keys
centrally over widely distributed and heterogeneous storage infrastructures.
OKM meets the unique challenges of storage key management, including:
Long-term key retention - OKM ensures that archive data is always available, and it
■
securely retains encryption keys for the full data life cycle.
582
Oracle ZFS Storage Appliance Administration Guide, Release OS8.6.x • September 2016
User Agent ID - Agent ID.
Registration PIN - Registration PIN.
Keyname - Name to identify the key.
Encryption - AES encryption type and key length (for more information, see
"Understanding Encryption Key Values" on page
Inherit key - Inherit the encryption key from the parent project.
Key - Sets a specific LOCAL or OKM key and is used when the key is not inherited
from the parent project.
Name - Name to identify the project.
Encryption - AES encryption type and key length (for more information, see
"Understanding Encryption Key Values" on page
Key - Specific LOCAL or OKM key.
583.
583.
Advertisement
Table of Contents
