Skip Headers
Oracle® Key Manager 3 Administration Guide
Release 3.0
E41579-02
  Go To Table Of Contents
Contents

Previous
Previous
 
 

Index

A  B  C  D  E  I  J  K  L  M  N  O  P  Q  R  S  T  U  V  Z 

A

activating software upgrades, 5.21.2
adding agents to a KMA
QuickStart Program, 2.4.7
adding gateways
OKM Console, 11.6.5
QuickStart program, 2.4.2.4
QuickStart Program, 2.4.2.4
Adjust System Time menu, 5.24.2
Agent
definition, 1
Agent Assignment to Key Groups menu, 6.7
Agent List menu, 7.3
Agent Performance List menu, 7.5
Agents
assigning a Key Group to, 6.8.1
assigning to a Key Group, 6.7.1
creating, 7.3.2
deleting, 7.3.5
removing a Key Group from, 6.8.2
removing an Agent from a Key Group, 6.7.2
setting passphrases, 7.3.4
viewing an Agent list, 7.3.1
viewing or modifying agent details, 7.3.3
applying software upgrades, 7.9.2
approving pending quorum operations, 10.2.2
assigning a Key Group to a Transfer Partner, 6.9.2
assigning a Key Group to an Agent, 6.8.1
assigning a Transfer Partner to a Key Group, 6.10.2
assigning an Agent to a Key Group, 6.7.1
Audit Event List menu, 6.11
Audit Logs
exporting, 6.11.3
viewing, 6.11.1
viewing details, 6.11.2
Auditor
description, 1.6
operations, 9
role, 9.1
Autonomous Unlock option
caution, 2.4.4.3
Autonomous Unlock Option menu, 5.18.3

B

Backup command line utility
description, 12.2
IPv6 addresses with Zone IDs, 4.6.1
Backup Command Line utility
Example, 12.2.4
parameter descriptions, 12.2.3
Solaris syntax, 12.2.1
Windows syntax, 12.2.2
backup Core Security, 5.17.1
backup files
confirming destruction of, 8.2.4
creating, 8.2.3
restoring, 5.12.3
viewing details, 5.12.2, 8.2.2
viewing history, 5.12.1, 8.2.1
Backup List menu, 5.12, 8.2
Backup Operator
description, 1.6
operations, 8
role, 8.1
BIOS
configuring, D.2.9

C

CA Certificate, 4.5
certificates
Client, 4.5
converting PKCS12 format to PEM format, 4.5.1
Root CA, 4.5
saving, 4.5
changing the passphrase, 4.4.1
checking the SCA 6000 card, 5.2.2
Client Certificate, 4.5
clock
adjusting the local clock, 5.24.2
Cluster
connecting to, 4.1
definition, 1
joining an existing
QuickStart program, 2.4.5
logging the KMA back into, 11.6.1
Cluster profile
creating, 4.2
deleting, 4.3
command line utilities
Backup, 12.2
description, 12
IPv6 addresses with Zone IDs, 4.6.1
OKM, 12.1
Compliance Officer
description, 1.6
operations, 6
role, 6.1
compromising keys, 6.12.1
configuration
network information, 5.22
configuration settings
specifying, 4.6
configuring Key Transfer Partners, 5.9.1
configuring the Cluster
QuickStart program, 2.4.4
confirming destruction of backup files, 8.2.4
connecting to the OKM, 4.1
console
remote connection to (ELOM/ILOM), 2.1
converting certificate formats, 4.5.1
Core Security
creating a backup, 5.17.1
description, 5.15
Core Security Management menu, 5.16
creating a Cluster profile, 4.2
creating a Core Security backup, 5.17.1
creating a Key Transfer Public Key, 5.11.3
creating a KMA, 5.2.3
creating a site, 5.6.2
creating a system dump, 5.13.1
creating a Transfer Partner, 5.10.2
creating a user, 5.4.2
creating an Agent, 7.3.2
creating an SNMP Manager, 5.7.2
creating backup files, 8.2.3
creating Key Groups, 6.6.2
creating Key Policies, 6.3.2
current load
displaying, 5.23.1
Current Load menu, 5.23

D

Data Unit List menu, 6.12, 7.8
Data Units
description, 7.7
destroying post-operational keys, 7.8.3
key details, 7.8.2.1
modifying details, 7.8.2
viewing, 7.8.1
viewing details, 7.8.2
viewing key counts, 7.8.4
deleting a Cluster profile, 4.3
deleting a KMA, 5.2.6
deleting a site, 5.6.4
deleting Agents, 7.3.5
deleting an SNMP Manager, 5.7.4
deleting gateways
OKM Console, 11.6.5
QuickStart program, 2.4.2.4
QuickStart Program, 2.4.2.4
deleting Key Groups, 6.6.4
deleting Key Policies, 6.3.4
deleting pending quorum operations, 10.2.3
deleting users, 5.4.5
destroying post-operational keys, 7.8.3
disabling the Primary Administrator
OKM Console, 11.5.4, 11.6.11
disabling the technical support account
OKM Console, 11.5.3, 11.6.9
disconnecting from the KMA, 4.4

E

ELOM See Embedded Lights Out Manager
Embedded Lights Out Manager (ELOM)
configuring, D.1.3
configuring the BIOS, D.2.9
connecting to the KMA through ELOM, 2.2
launching the BIOS Setup Utility, D.1.6
remote connection overview, 1.1.4
upgrade overview, D.1.1
upgrading the ELOM server firmware, D.1.5
using a network connection, 2.2.1
verifying ELOM and BIOS levels, D.1.4
enabling the Primary Administrator
OKM Console, 11.6.10
enabling the Technical Support account
OKM Console, 11.6.8
QuickStart program, 2.4.2.2
enrolling tape drives
QuickStart Program, 2.4.7
entering initial Security Officer user credentials
QuickStart program, 2.4.4.2
entering Key Split Credentials
QuickStart program, 2.4.4.1
exiting from the OKM Manager, 4.7
exporting Audit Logs, 6.11.3
exporting keys, 5.9.2

I

ILOM See Integrated Lights Out Manager
Import Keys menu, 7.6
importing a KMS 1.0 Key Export file, 6.10.4
importing keys, 5.9.2
initializing the KMA
QuickStart program, 2.4.3
installing the Oracle Key Manager (OKM), 3.2
Integrated Lights Out Manager (ILOM)
configuring, D.2.3
configuring the BIOS, D.2.9
connecting to the KMA through ILOM, 2.2
launching the BIOS Setup Utility, D.2.7
remote connection overview, 1.1.4
security hardening, D.2.8
upgrade overview, D.2.1
upgrading the ILOM 3.0 server firmware, D.2.5
upgrading the ILOM 3.2 server firmware, D.2.6
using a network connection, 2.2.2
verifying ILOM and BIOS levels, D.2.4
invoking the OKM Manager, 3.3
IPv6 addresses with Zone IDs, 4.6.1, 4.6.1

J

joining an existing Cluster
QuickStart program, 2.4.5

K

Key Export file
importing a KMS 1.0 file, 6.10.4
Key Group Assignment to Agents menu, 6.8
Key Group Assignment to Transfer Partners menu, 6.9
Key Group List menu, 6.6
Key Groups
assigning a Transfer Partner to, 6.10.2
assigning an Agent to, 6.7.1
assigning to an Agent, 6.8.1
assigning to Transfer Partners, 6.9.2
assigning Transfer Partners to, 6.10
creating, 6.6.2
definition, 6.4
deleting, 6.6.4
removing an Agent from, 6.7.2
removing from a Transfer Partner, 6.9.3
removing from an Agent, 6.8.2
removing Transfer Partners from, 6.10.3
viewing, 6.6.1
viewing Key Group assignments to Transfer Partners, 6.9.1
viewing or modifying details, 6.6.3
viewing Transfer Partners assigned to, 6.10.1
Key Groups menu, 6.5, 7.2
Key List menu, 6.13
Key Management Appliance (KMA)
adding gateways, 2.4.2.4, 11.6.5
adjusting the local clock, 5.24.2
checking the SCA 6000 card, 5.2.2
connecting to through the ELOM/ILOM, 2.2
creating, 5.2.3
definition, 1
deleting, 5.2.6
deleting gateways, 2.4.2.4, 11.6.5
disconnecting from, 4.4
keyboard and monitor attachment to the KMA, D.3
locking KMA core security, 5.20.1
locking or unlocking core security, 5.20
logging back into the Cluster, 11.6.1
logging into, 11.1.1
modifying a Key Pool size, 8.3.1
network configuration information for, 5.22
rebooting, 11.5.1
resetting to the factory default, 11.6.7
setting a passphrase, 5.2.5
setting the Management IP addresses, 11.6.3
setting the Service IP addresses, 11.6.4
shutting down, 11.5.2
specifying the DNS settings, 2.4.2.5, 11.6.6
TCP/IP connections to, 1.2
unlocking core security, 5.20.2
viewing, 5.2.1
viewing gateways, 2.4.2.4, 11.6.5
viewing or modifying details, 5.2.4
viewing SNMP Managers, 5.7.1
Key Policies
creating, 6.3.2
deleting, 6.3.4
description, 6.2
modifying, 6.3.3
viewing, 6.3.1, 6.3.3
Key Policy List menu, 6.3
Key Split Configuration menu, 5.18.1
Key Split Credentials
entering, 2.4.4.1
modifying, 5.18.2
viewing, 5.18.1
key states and transitions
OKM, 1.1.8
Key Transfer Partners
configuring, 5.9.1
feature description, 5.8.1
Key Transfer process, 5.9, 5.9
Key Transfer Public Key
creating, 5.11.3
viewing details, 5.11.2
viewing the list of, 5.11.1
Key Transfer Public Key List menu, 5.11
keyboard layout
setting, 11.5.5
keys
compromising, 6.12.1
destroying post-operational keys, 7.8.3
exporting and importing, 5.9.2
importing from a Key Transfer file, 7.6
Keys
querying, 6.13.1
KMA List Menu, 5.2, 8.3
KMA performance
querying, 5.3.1
KMA Performance List menu, 5.3
KMA See Key Management Appliance

L

local clock
adjusting, 5.24.2
Local Configuration menu, 5.19
locking KMA core security, 5.20.1
locking the KMA, 5.20, 5.20.1
Lock/Unlock KMA menu, 5.20
logging into the Key Management Appliance, 11.1.1
logging out of the OKM Console session, 11.5.6, 11.5.6, 11.6.13, 11.7.2
logging the KMA back into the Cluster
OKM Console, 11.6.1

M

Master Key Provider button, 5.14.1
menu
Adjust System Time, 5.24.2
Agent Assignment to Key Groups, 6.7
Agent List, 7.3
Audit Event List, 6.11
Autonomous Unlock, 5.18.3
Backup List, 5.12, 8.2
Core Security Management, 5.16
Data Unit List, 6.12, 7.8
Help, 3.4.3
Import Keys, 7.6
Key Group Assignment to Agents, 6.8
Key Group Assignment to Transfer Partners, 6.9
Key Group List, 6.6
Key Groups, 6.5, 7.2
Key Policy List, 6.3
Key Split Configuration, 5.18.1
Key Transfer Public Key List, 5.11
KMA List, 5.2, 8.3
Local Configuration, 5.19
Lock/Unlock KMA, 5.20
Pending Quorum Operation List, 10.2
Role List, 5.5
Security Parameters, 5.14
Site List, 5.6
SNMP Manager List, 5.7
Software Upgrade, 7.9
System, 3.4.1, 4
System Dump, 5.13
System Time, 5.24
Transfer Partner Assignment to Key Groups, 6.10
Transfer Partners, 5.10
Transfer Partners List, 5.10.1
User List, 5.4
View, 3.4.2
menu accelerator keys, 3.4.6
modifying a Key Pool size, 8.3.1
modifying agent details, 7.3.3
modifying Data Unit details, 7.8.2
modifying Key Group details, 6.6.3
modifying Key Policies, 6.3.3
modifying Key Split Credentials, 5.18.2
modifying KMA details, 5.2.4
modifying security parameters, 5.14.2
modifying site details, 5.6.3
modifying SNMP Manager details, 5.7.3
modifying user details, 5.4.3

N

network configuration
specifying, 2.4.2
network configuration information, 5.22

O

OKM Command Line utility
description, 12.1
examples, 12.1.3
exit values, 12.1.4
IPv6 addresses with Zone IDs, 4.6.1
options, 12.1.2.2
parameter descriptions, 12.1.2, 12.1.2
sample perl scripts, 12.1.5
OKM Console
Auditor options, 11.4
Backup Operator options, 11.4
Compliance Officer options, 11.4
description, 11.1
launching, 2.2.3
Operator functions
disabling the Primary Administrator, 11.5.4
disabling the technical support account, 11.5.3
logging out, 11.5.6
rebooting the KMA, 11.5.1
setting the keyboard layout, 11.5.5
shutting down the KMA, 11.5.2
Operator options, 11.2
other role functions
logging out, 11.7.2
setting the keyboard layout, 11.7.1
Security Officer functions
adding gateways, 11.6.5
deleting gateways, 11.6.5
disabling the Primary Administrator, 11.6.11
disabling the technical support account, 11.6.9
enabling the Primary Administrator, 11.6.10
enabling the Technical Support account, 11.6.8
logging out, 11.6.13
logging the KMA back into the Cluster, 11.6.1
resetting the KMA to the factory default, 11.6.7
setting a user passphrase, 11.6.2
setting the keyboard layout, 11.6.12
setting the KMA Management IP addresses, 11.6.3
setting the KMA Service IP addresses, 11.6.4
specifying the DNS settings, 11.6.6
viewing gateways, 11.6.5
Security Officer options, 11.3
using, 11
OKM Manager
GUI
Help menu, 3.4.3
Menu accelerator keys, 3.4.6
overview, 3.4
panes, 3.5
Shortcut keys, 3.4.5
System Menu, 3.4.1
Toolbar buttons, 3.4.4
View menu, 3.4.2
operation details pane, 3.5.2
operations tree pane, 3.5.1
session audit log pane, 3.5.3
status bar, 3.5.4
using online help, 3.4.7
OKM See Oracle Key Manager
online help
using, 1.5, 3.4.7
operations
role-based, 1.6.1
Operator
description, 1.6
operations, 7
role, 7.1
Operator functions
disabling the Primary Administrator, 11.5.4
disabling the technical support account, 11.5.3
logging out of the OKM Console session, 11.5.6
rebooting the KMA
OKM Console, 11.5.1
setting the keyboard layout, 11.5.5
shutting down the KMA, 11.5.2
Oracle Key Manager (OKM)
changing the passphrase, 4.4.1
Cluster
definition, 1
concepts
Agents, 1.1.2
data units keys Key Groups key policies, 1.1.10
initial setup, 1.1.4, 1.1.5
key lifecycle, 1.1.6
network connections, 1.1.3
OKM Clusters, 1.1.1
OKM key states and transitions, 1.1.8
state transition, 1.1.7
users and role-based access control, 1.1.9
connecting to the OKM Cluster, 4.1
converting certificate formats from PKCS12 to PEM, 4.5.1
creating a Cluster profile, 4.2
deleting a Cluster profile, 4.3
description, 3.1
exiting from, 4.7
GUI
definition, 1
installing, 3.2
introduction, 1
invoking the OKM Manager
Solaris startup, 3.3.2
Windows startup, 3.3.1
saving certificates, 4.5
setting up and managing, 1.7
software requirements, 1.4
specifying configuration settings, 4.6
states
active, 1.1.8.2
compromised, 1.1.8.4
deactivated, 1.1.8.3
destroyed, 1.1.8.5
destroyed compromised, 1.1.8.5
pre-activation, 1.1.8.1
typical network deployment, 1.3
user roles, 1.6
using the System menu, 4
other role functions
logging out, 11.7.2
setting the keyboard layout, 11.7.1

P

passphrase
changing, 4.4.1
setting, 5.4.4
setting for a KMA, 5.2.5
setting for a user, 11.6.2
pending operations
approving, 10.2.2
deleting, 10.2.3
viewing details, 10.2.1
Pending Quorum Operation List Menu, 10.2
Post-operational Keys
destroying, 7.8.3
Primary Administrator
disabling, 11.5.4, 11.6.11

Q

QuickStart program
adding agents to a KMA, 2.4.7
adding gateways, 2.4.2.4
configuring the Cluster, 2.4.4
deleting gateways, 2.4.2.4
enabling the Technical Support account, 2.4.2.2
enrolling tape drives, 2.4.7
entering initial Security Officer user credentials, 2.4.4.2
entering Key Split Credentials, 2.4.4.1
initializing the KMA, 2.4.3
joining an existing Cluster, 2.4.5
restoring a Cluster from a backup, 2.4.6
running, 2.4
setting the Key Pool size, 2.4.4.4
setting the KMA Management IP address, 2.4.2.1
setting the KMA Service IP address, 2.4.2.3
specifying the Autonomous Unlock preference, 2.4.4.3
specifying the DNS settings, 2.4.2.5
specifying the network configuration, 2.4.2
starting, 2.4.1
synchronizing KMA time, 2.4.4.5
viewing gateways, 2.4.2.4
Quorum Member
description, 1.6
operations, 10
role, 10.1

R

rebooting the KMA
OKM Console, 11.5.1
remote connection to the console
ELOM/ILOM, 2.1
removing a Key Group from a Transfer Partner, 6.9.3
removing a Key Group from an Agent, 6.8.2
removing a Transfer Partner from a Key Group, 6.10.3
removing an Agent from a Key Group, 6.7.2
replication version
switching, 5.21.3
resetting the KMA to the factory default
OKM Console, 11.6.7
restoring a backup, 5.12.3
restoring a Cluster from a backup
QuickStart Program, 2.4.6
retrieving security parameters, 5.14.1
retrieving the system time, 5.24.1
role
viewing operations for, 5.5.2
Role List menu, 5.5
role-based operations, 1.6.1
roles
Oracle Key Manager, 1.6
viewing, 5.5.1
Root CA Certificate, 4.5

S

saving certificates, 4.5
SCA 6000 card
checking, 5.2.2
Security Officer
description, 1.6
operations, 5
role, 5.1
Security Officer functions
adding gateways, 11.6.5
deleting gateways, 11.6.5
disabling the Primary Administrator, 11.6.11
disabling the technical support account, 11.6.9
enabling the Primary Administrator, 11.6.10
enabling the Technical Support account, 11.6.8
logging the KMA back into the Cluster, 11.6.1
resetting the KMA to the factory default, 11.6.7
setting a user passphrase, 11.6.2
setting the keyboard layout, 11.6.12
setting the KMA Management IP addresses, 11.6.3
setting the KMA Service IP addresses, 11.6.4
specifying the DNS settings, 11.6.6
viewing gateways, 11.6.5
security parameters
Master Key Provider, 5.14.1
modifying, 5.14.2
retrieving, 5.14.1
Security Parameters menu, 5.14
Service Processor
accessing, 2.1
configuring the ELOM, D.1.3
connecting to the KMA through the ELOM/ILOM, 2.2
keyboard and monitor attachment to the KMA, D.3
launching the BIOS Setup Utility from the ELOM, D.1.6
launching the BIOS Setup Utility from the ILOM, D.2.7
upgrading the ELOM server firmware, D.1.5
upgrading the ILOM server firmware, D.2.5
verifying ELOM and BIOS levels, D.1.4
setting a KMA passphrase, 5.2.5
setting a user passphrase, 5.4.4
OKM Console, 11.6.2
setting an Agent passphrase, 7.3.4
setting the Key Pool size
QuickStart program, 2.4.4.4
setting the keyboard layout, 11.5.5
OKM Console, 11.5.5, 11.6.12, 11.7.1
setting the KMA Management IP address
OKM Console, 11.6.3
QuickStart program, 2.4.2.1
setting the KMA Service IP address
OKM Console, 11.6.4
QuickStart program, 2.4.2.3
shortcut keys, 3.4.5
shutting down the KMA, 11.5.2
site details
viewing or modifying, 5.6.3
Site List menu, 5.6
sites
creating, 5.6.2
deleting, 5.6.4
viewing, 5.6.1
SNMP Manager
creating, 5.7.2
deleting, 5.7.4
viewing for a KMA, 5.7.1
viewing or modifying details, 5.7.3
SNMP Manager List menu, 5.7
software requirements
Oracle Key Manager, 1.4
Software Upgrade menu, 7.9
software upgrades
activating, 5.21.2
uploading and applying, 7.9.2
specifying configuration settings, 4.6
specifying the Autonomous Unlock preference
QuickStart program, 2.4.4.3
specifying the DNS settings
OKM Console, 11.6.6
QuickStart program, 2.4.2.5
specifying the network configuration
QuickStart program, 2.4.2
starting the KMA
QuickStart program, 2.4.3
starting the OKM Manager, 3.3
starting the QuickStart program, 2.4.1
states and transitions
OKM keys, 1.1.8
switching the replication version, 5.21.3
synchronizing KMA time
QuickStart program, 2.4.4.5
system dump
creating, 5.13.1
System Dump menu, 5.13
system menu
using, 4
system time
retrieving, 5.24.1
System Time menu, 5.24

T

technical support account
disabling, 11.5.3
toolbar buttons, 3.4.4
Transfer Partner Assignment to Key Groups menu, 6.10
Transfer Partners
assigning a Key Group to, 6.9.2
assigning to a Key Group, 6.10.2
assigning to Key Groups, 6.10
creating, 5.10.2
deleting, 5.10.4
importing Keys and Data Units from a key transfer file, 7.6
Key Group Assignment to, 6.9
List, 5.10.1
removing from a Key Group, 6.10.3
removing Key Groups from, 6.9.3
viewing and modifying details, 5.10.3
viewing assignments to Key Groups, 6.10.1
viewing Key Group assignments to, 6.9.1
Transfer Partners menu, 5.10

U

unlocking KMA core security, 5.20.2
unlocking the KMA, 5.20
uploading software upgrades, 7.9.2
user details
viewing or modifying, 5.4.3
User List menu, 5.4
user passphrase
setting, 5.4.4
user roles
Oracle Key Manager, 1.6
users
creating, 5.4.2, 5.4.2
deleting, 5.4.5
viewing, 5.4.1
using online help, 3.4.7
using the OKM Console, 11
using the System menu, 4
utilities
command line, 12
utility
Backup command line
description, 12.2
IPv6 addresses with Zone IDs, 4.6.1
OKM command line
IPv6 addresses with Zone IDs, 4.6.1
OKM Command Line
description, 12.1

V

viewing agent details, 7.3.3
viewing Audit Log details, 6.11.2
viewing Audit Logs, 6.11.1
viewing backup files details, 5.12.2, 8.2.2
viewing backup files history, 5.12.1, 8.2.1
viewing Data Unit details, 7.8.2
viewing Data Units, 7.8.1
viewing gateways
OKM Console, 11.6.5
QuickStart program, 2.4.2.4
QuickStart Program, 2.4.2.4
viewing Key Group assignments to Transfer Partners, 6.9.1
viewing Key Group details, 6.6.3
viewing Key Groups, 6.6.1
viewing key policies, 6.3.1
viewing Key Policies, 6.3.3
viewing Key Transfer Public Key details, 5.11.2
viewing KMA details, 5.2.4
viewing KMA SNMP Managers, 5.7.1
viewing KMAs, 5.2.1
viewing operations for, 5.5.2
viewing pending operations details, 10.2.1
viewing roles, 5.5.1
viewing site details, 5.6.3
viewing sites, 5.6.1
viewing SNMP Manager details, 5.7.3
viewing the Agent List, 7.3.1
viewing the Key Split credentials, 5.18.1
viewing the Key Transfer Public Key list, 5.11.1
viewing Transfer Partner assignments to Key Groups, 6.10.1
viewing user details, 5.4.3
viewing users, 5.4.1

Z

Zone IDs
specifying IPv6 addresses, 4.6.1, 4.6.1