This publication includes information about the following OKM enhancements.
Support for the Netra SPARC T4-1 server.
Support for the T10000D drive.
The Windows installer of the Oracle Key Manager GUI and CLI displays a screen warning users they must have elevated privileges.
The QuickStart Program and the OKM Console displays these changes:
KMAs now perform initial configuration steps after they are first booted.
KMAs now enforce more restrictive access via SSH when the technical support account is enabled.
The password rules for the support user have changed.
The use of the term "Passphrase" has been changed to "support account" when displaying text about maximum age during enabling of technical support.
During QuickStart, if the user selects to use DHCP for the management or service network, any hostname information provided by the DHCP server will be ignored. In the Set DNS Configuration step, the KMA displays any DNS settings from a DHCP server on the management network.
During QuickStart, the user provides the KMA name. This KMA name is now used as the hostname for the KMA.
During QuickStart of the first KMA in a Cluster, the user is prompted for the IP address of an external NTP server.
After a reboot, reset, initial installation, or upgrade, a new message will appear if the SCA card is being initialized or having its firmware upgraded, and the console will be disabled until it is complete.
The prompt for zeroize has been removed. The KMA is now always zeroized.
When configuring "gateways" (routers) for network routes from the OKM Console, the dialog displayed for entering the subnet mask has changed to reflect that this field is optional. If not specified, the system determines an appropriate value for the netmask.
See "Running the QuickStart Program" and "Using the OKM Console".
In the System Time screen, the Security Officer can provide an IPv6 address for an external NTP server.
See "System Time Menu".
In the SNMP Manager List panel, the Security Officer can provide an IPv6 address when creating or modifying an SNMP Manager.
The KMA List and Software Upgrade screens display the version strings for KMAs running OKM 3.0 in a different format.The KMA List and Software Upgrade screens display the version strings for KMAs running OKM 3.0 in a different format. For OKM 3.0 KMAs, the version string has the following format: <OKM release>-5.11-<OKM build>
See "KMA List Menu" and "Software Upgrade".
The Software Upgrade screen includes a number of OKM 3.0-related changes:
OKM 2.x KMAs cannot be upgraded to OKM 3.0. Users should not attempt to upload and apply an OKM 3.0 upgrade package onto an OKM 2.x KMA.
Users must install and use an Oracle Key Manager 3.0 GUI before uploading or activating a software version on an OKM 3.0 KMA. Oracle Key Manager 2.x GUIs cannot activate a software version on an OKM 3.0 KMA.
KMAs running OKM 3.0 can display up to three software versions in the Software Upgrade panel.
Do not attempt to upload an OKM upgrade package that requires a down-level Solaris installation. The KMA will reject this upload.
See "Software Upgrade".
When the Oracle Key Manager GUI is connected to an OKM 3.0 KMA, the Network Configuration screen does not show the DNS Configured by DHCP checkbox. This checkbox is displayed for OKM 2.x KMAs.
All roles can access the KMA List screen and view the key pool size.
See "KMA List Menu".
OKM 3.0 KMAs do not support the Auto Service Request feature and do not send telemetry data. The OKM GUI continues to display the Auto Service Request screen when it is connected to a KMA running OKM 2.4.x or 2.5.x.
The OKM GUI includes a new Key List panel. From this panel, Operators and Compliance Officers can query keys directly without having to query data units and then query the keys associated with a particular data unit.
Compliance Officers and Operators can select a key and click the Details button to display more information about that key.
See "Key List Menu".
The OKM GUI displays a new Agent Performance List panel. From this panel, Operators and Compliance Officers can query agent performance information.
Compliance Officers and Operators can select an agent and click the Details button (or double-click on an agent) to display more information about that agent.
The OKM GUI contains a new KMA Performance List panel. From this panel, users with any role can query KMA performance information about KMAs in this OKM cluster.
Users with any role can select a KMA and click the Details button to display more information about that KMA.
The OKM GUI includes a new Current Load panel. From this panel, users with any role can query load information about the KMA to which the GUI is connected.
See "Current Load Menu".
The Data Unit List panel displays a new Key Counts button. By clicking this button, you can list the data units that have associated keys and the number of keys associated with each data unit.
The OKM Command Line Interface (CLI) adds the following new subcommands:
currload
listagentperformance
listdukeycount
listkeys
listkmaperformance
The OKM user must have the Operator or Compliance Officer role to be able to list agent performance, list keys, or list data unit key counts. The OKM user must have any role to be able to get current load or list KMA performance.