Cloud Security Perspectives and Insights

Continuous Availability and Extreme Scalability with Oracle Key Vault

Vipin Samar
Senior VIce President

Today’s databases run huge workloads, with big demands on their availability, scalability, and security.  Encryption has now become common place in today's cybersecurity and regulatory landscape, but people often struggle with securing and managing the keys. Not only do they need an easy to configure and manage centralized key management solution, but they also need a system that is resilient to network, operating system, and other node failures.  Additionally, the key management system should be able to keep up with the availability requirements of thousands of databases spread across data centers. 

We are thrilled to announce that Oracle Key Vault 18 with multi-master clustering is now available for download.  It provides unprecedented improvements in the scalability and availability of keys, while significantly decreasing the operational burden of key management.  Oracle Key Vault cluster is optimized to serve keys for tens of thousands of databases, and at the same time handle disaster scenarios too common in today's world.

Based upon feedback from our customers, we redesigned Oracle Key Vault to be continuously available for both read and write operations without any data loss.  Now customers can group up to 16 nodes to form a multi-master cluster that can be deployed across geographically distributed data centers.  All nodes run in active mode and significantly lower the total cost of ownership.

Databases can connect to any node in the Oracle Key Vault cluster to get encryption keys.  Any updates to keys or changes to authorization rules are quickly replicated to all other Oracle Key Vault nodes so they are available on at least one other node providing zero data loss. If the Oracle Key Vault connection fails or an Oracle Key Vault node goes down for any reason, the database servers transparently failover to the nearby active Oracle Key Vault nodes for read/write operations without any down time, hiccups, or user intervention.

Oracle Key Vault has been extended for streamlined management and security through:

  • Introduction of RESTful APIs to support the full portfolio of key management operations such as create key, register secret, get key, and revoke/destroy key
  • Integration with external Hardware Security Modules (HSM) as root of trust
  • Capability to run in the FIPS mode for stronger assurance through FIPS certified cryptographic modules

Oracle Key Vault provides key management for Oracle Database 11g Release 2 and later releases running on a variety of platforms including Oracle Linux, Red Hat Linux, Solaris Sparc, Solaris x64, IBM AIX, HP-UX, and Microsoft Windows.

Oracle Key Vault is the only enterprise-grade key management solution tightly integrated with Oracle databases including support for Transparent Data Encryption (TDE), Real Application Clusters (RAC), Multi-tenant databases, Data Guard, Golden Gate, and ASM Cluster File System.

For more information, review the Data Sheet and FAQ, and be sure to attend our upcoming Database Security Office Hours session focused on Oracle Key Vault 18. 

So, if you are using Oracle Database Transparent Data Encryption (TDE), or MySQL database TDE, download the Oracle Key Vault 18 software today from Oracle Software Delivery Cloud.  If you are an existing Oracle Key Vault customer, be sure to upgrade to Oracle Key Vault 18 (patch 29695836 from Oracle Support).

Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.