| Home | Current Systems | Former STK Products | EOL Systems | Components | General Info | Search | Feedback |
| Sun System Handbook - ISO 3.4 June 2011 Internal/Partner Edition | ||
|
|
||
 |
||||||||||||
Solution Type Technical Instruction Sure Solution 1309492.1 : KMS - KMS Key Policy for Different Applications - Can They be Shared?
In this Document
Applies to:Oracle Key Manager - Version: 1.2.0Sun StorageTek Crypto Key Management System - Version: Not Applicable and later [Release: N/A and later] Information in this document applies to any platform. GoalI am reading the KMS System Administration Guide and understand that ...1. First create Key Policies. 2. Then Create Key Groups (which mapped to a particular Key Policy). 3. Finally assign a Key Group to a list of Agents -or- assign a Agent to a list of Key Groups. Now the question is: 1. Suppose the Tape Library is shared for two applications. 2. Application #1 is Solaris platform Netbackup. 3. Application #2 is Windows platform Backup. 4. They both use the same pool of tape drives (i.e. a tape drive serves both platforms). How can one configure the Data Units such that they have different retention policy? Say, Data Units for Solaris/Netbackup require one year encryption period while Data Units for Windows/Backup require three months encryption period. SolutionOne can only have one default Key group/policy which it uses as write key which determines the encryption period/crypto period.To have different encryption/crypto period, one would need to assign separate drive pools for Solaris and Windows applications. You can not share the drives between application #1 and application #2. Only use certain agents for writing on application #1 and certain drives for application #2. You can still assign another key group to the agents to allow them to read the data that was written from a drive with a different key group. Attachments This solution has no attachment |
||||||||||||
|
||||||||||||