Replicating an Encrypted Share
"Managing Encryption Keys" on page 582
■
"Encryption Key Life Cycle" on page 585
■
"Replicating an Encrypted Share" on page 586
■
Replicating an Encrypted Share
To replicate an encrypted share, both the source and target must support encryption and meet
these requirements:
Software release 2013.1.3.0 (or later)
■
Encryption wrapping keys used by the share
■
OKM key name must be identical in the keystore on both replication source and target
■
appliances.
OKM Agent ID must be unique on the replication source and target replication appliances.
■
Replication peer appliances cannot use the same agent.
OKM agents for the replication peers should be configured on the OKM server to see the
■
same key groups. In this case, it is not necessary to manually create the OKM key on the
replication target system.
The replication will fail if you attempt to replicate an encrypted share and the target does not
support encryption. If the wrapping key is not available on the source or target system, or the
target software is earlier than 2013.1.3.0, an alert is raised. Review the alerts on both the source
and target to determine the reason for the replication failure.
For more information on configuring replication, see
Related Topics
"Data Encryption Workflow" on page 560
■
"Managing Encryption Keys" on page 582
■
"Encryption Key Life Cycle" on page 585
■
"Backing up and Restoring Encrypted Data" on page 585
■
Oracle ZFS Storage Appliance: Remote Replication Compatibility [Doc ID 1958039.1]
■
MOS note
586
Oracle ZFS Storage Appliance Administration Guide, Release OS8.6.x • September 2016
"Remote Replication" on page
469.