By Laura Ramsey-Oracle on Aug 25, 2014
Finally, a centralized way to manage all the encryption keys and credential files in the data center.
Critical credential files such as Oracle wallet files, Java KeyStores, Secure Shell (SSH) key files, and Secure Sockets Layer (SSL) certificate files are often widely distributed across servers and server clusters that use error-prone synchronization and backup mechanisms. As organizations increasingly encrypt data at rest and on the network, securely managing all the encryption keys and credential files in the data center has become a major challenge.
How do you comply with stringent regulatory requirements for managing keys and certificates and ensure that keys are routinely rotated, properly destroyed, and accessed solely by authorized entities?
Oracle Key Vault a software appliance designed to securely manage encryption keys and credential files in the enterprise data center. It provides secure, centralized management of encryption keys and credential files in the data center, including Oracle wallet files, Java KeyStores, Kerberos keytab files, SSH key files, and SSL certificate files.
Want to get started? Here's what you need to know:
Q: Where can I download the software for Oracle Key Vault?
Go to https://edelivery.oracle.com;
Select Product Pack: Oracle Key Vault (188.8.131.52.0) Media Pack v1.
Q: What are the recommended hardware specifications?
A: CPU: Minimum 2x86-64 cores, Recommended: 2+cores with cryptographic acceleration support (Intel® AES-NI) Memory: Minimum 4 GB of RAM Disk: Minimum 500 GB hard disk.
Hardware Compatibility: Refer to the hardware compatibility list (HCL) for Oracle Linux Release 5 Update 10. The HCL is available at https://linux.oracle.com/hardware-certifications.
Q: How does the software appliance install work?
A: Oracle Key Vault is packaged as a software appliance, which means it contains everything, including the operating system, needed to install the product on bare hardware.
During installation, the installer completely takes over the hardware. In addition to partitioning and formatting the disks, it installs the base OS, user-space libraries, Oracle Database, Oracle Key Vault software, etc. It configures all of the software (OS, networking, database) automatically and with minimal user involvement. It hardens the operating system, network, database, and more according
to hardening best practices. It removes unnecessary packages and software and disables unused services and ports.
Q: Can I deploy the Oracle Key Vault software appliance on Windows or Solaris?
A: Oracle Key Vault can only be deployed on bare metal. Any existing OS including Windows or Solaris and software will be removed by the install process. Note that this applies only to the Oracle Key Vault appliance and is independent of the OS for the server endpoint.
Q: Can I run Oracle Key Vault on Oracle Virtual Machine?
A: For testing or proof of concept purposes, Oracle Key Vault can be run in Oracle VM or Oracle VirtualBox. However, for production deployment, Oracle Key Vault should be installed on dedicated physical hardware; otherwise VM administrators may be able to gain access to underlying keys and secrets stored inside Oracle Key Vault.
Q: Can I install Oracle Key Vault on Oracle Database Appliance (ODA) or Exadata?
A: No, at this time Oracle Key Vault is not certified with the Oracle Database Appliance or Exadata. Oracle Key Vault can however be used to manage keys used by ODA or Exadata.
Find out more on the Oracle Key Vault page on OTN.
Ciao for Now!