Oracle Key Vault 21.9 prerequisite for installation

Gather Oracle Key Vault Install requirements (same for both 21.8 or 21.9)

Installation requirements:

1. OKV setup can be done using any of the following methods

1. Guest in virtualization platform

2. Guest in OCI compute

3. Oracle Cloud market place as a service

2. OKV needs min. 16 cores (x86_64 architecture) & 16 GB RAM

1. Recommended 24-48cores with intel AENSI (cryptographic acceleration support) & 32GB to 64GB memory

Boot disk needs to a local disk no SAN allowed Memory upsize allowed, downsize not allowed

3. OKV needs 2TB min storage, 6TB recommended [for test install min. 256 GB should be allocated otherwise install will crash in the beginning]

4. OKV allows only 1 network interface

1. QLogic (QL4) isn’t supported

5. OKV supports x86_64 deployment with Oracle Linux 8 update 6 min (embedded OS)

6. No RAID within Oracle Key Vault install. Only hardware RAID in backend storage possible.

7. Restful API endpoint creation requires JAVA min. version 1.7.0.21. Oracle version 12.2.0.1 is already shipped with supported version. Older releases needed exclusive installation. OpenJDK isn’t supported.

Command: namei /usr/bin/java | grep "l java" Output: l java -> /etc/alternatives/java    l java -> /usr/java/jdk1.8.0_131/jre/bin/java

8. No additional software allowed in OKV (like antivirus), oracle doesn’t support OKV with third party software added.

9. FW port exemption list:

Port Number	Protocol	Port Type	Descriptions
22	SSH/SCP port	TCP	Used by Oracle Key Vault administrators and support personnel to remotely administer Oracle Key Vault
161	SNMP port	UDP	Used by monitoring software to poll Oracle Key Vault for system information
443	HTTPS port	TCP	Used by web clients such as browsers and RESTful Administrative commands to communicate with Oracle Key Vault
5695	HTTPS port	TCP	Used by RESTful Key Management commands to communicate with Oracle Key Vault
1521 and 1522	Database TCPS listener ports	TCP	In a primary-standby configuration, listener ports used by Oracle Data Guard to communicate between the primary and standby server. In a cluster configuration, listener ports used to communicate between read-write peer nodes.
7443	HTTPS port	TCP	Listener port used in a primary-standby configuration to run OS commands like synchronizing wallets and configuration files through HTTPS. This port is also used when you add a new node to a cluster.
5696	KMIP port	TCP	Used by Oracle Key Vault endpoints and third party KMIP clients to communicate with the Oracle Key Vault KMIP server
7093	TCP port	TCP	Used by Oracle GoldenGate for transmitting data in a multi-master cluster configuration

10. OS - Supported endpoint config – x64 bit platforms are only supported for online master encryption key. The OS running should be supporting TLS (Transport Layer Security) 1.2

1. Oracle Linux (6, 7, and 8)

2. RHEL (6,7, and 8)

3. Windows Server 2012, 2016, and 2019

11. DB – supported endpoint config

1. DB that needs online master encryption keys to manage their TDE; min. 12.1.0.2 (compatible 12.1.0.0) is required

2. DB that needs just wallet management don’t have such requirement, they can use okvutil upload and download operations.

YouTube Video: