Installation Guides › Upgrade Guide › Upgrading from r12.1 › How to Configure a Parallel Environment › Parallel Environment Key Management Options › Multiple Key Store Deployment

Multiple Key Store Deployment

Existing r12.1 Policy Servers can use an r12.1 key store for key rollover, while r12.1 SP3 Policy Servers can use an r12.1 SP3 key store for key rollover. The following figure illustrates:

• r12.1 Policy Servers connecting to an r12.1 policy store.
• r12.1 SP3 Policy Servers connecting to an r12.1 SP3 policy store.
• r12.1 Policy Servers connecting to an r12.1 key store to retrieve new keys.
• r12.1 SP3 Policy Servers connecting to an r12.1 SP3 key store to retrieve new keys.
• A SOA Security Manager administrator using the Administrative UI to configure static Agent and Session keys for each key store.

  Important! If all key stores do not use the same Agent and Session keys, single sign–on fails.

• r12.1 SOA Agents polling their respective r12.1 Policy Servers to retrieve new keys.
• r12.1 SP3 SOA Agents polling their respective r12.1 SP3 Policy Servers to retrieve new keys.

Note: Although not illustrated, policy store and key store data can be replicated for failover. The database or directory server type determines how you replicate data. For more information about key management in a master/slave environment, see the Policy Server Administration Guide. For more information about replicating data, see your vendor–specific documentation.