Introduction Oracle Databases on Oracle Cloud use the Multitenant Architecture and are encrypted with TDE by default. Creating new PDBs in Data Guard environments while using a local wallet for TDE master encryption keys requires some additional steps to copy the wallet file and recover the PDB on standby. We discussed these approaches in previous…
Tag: TDE
How to use Customer-Managed TDE Encryption Keys on VM DB Systems in Oracle Cloud
Introduction Oracle Databases in Oracle Cloud use Transparent Data Encryption (TDE) by default to protect data at rest. The default configuration “Oracle-Managed Keys” stores the master encryption keys in a wallet file locally on the database servers. Now, Oracle also supports the integration with the OCI Vault Service for VM DB Systems, where you are able…
Hot Clone a remote PDB in Data Guard Environments using Transient no-standby PDBs
Introduction Oracle Multitenant is integrated with Oracle Data Guard. Data Guard is configured at the CDB level and will replicate all transactions from the primary to the standby for all PDBs in a single stream, including creating and deleting PDBs. But! When we create a new PDB, which is a clone from PDB$SEED, or create…
How to use Customer-Managed TDE Encryption Keys in Oracle Exadata Cloud Service
Introduction Oracle Databases in Oracle Cloud use Transparent Data Encryption (TDE) by default to protect data at rest. The default configuration “Oracle-Managed Keys” stores the master encryption keys in a wallet file locally on the database servers. Now, Oracle also supports the integration with the OCI Vault Service, where you are able to create and…
Migrating from non-encrypted, non-CDB on local file system to encrypted PDB on ASM
Introduction Oracle Databases on Oracle Cloud are created using the Multitenant architecture. All databases are encrypted using Transparent Data Encryption (TDE) by default. All databases on Exadata, Bare Metal machines, and RAC on Virtual Machines use ASM storage management. For Single Instance databases on Virtual Machine DB systems you have the choice between Logical Volume…
A Simple Approach – Creating PDBs in a Data Guard environment with TDE enabled
Introduction In the Oracle Cloud, every newly created database from 12c onward uses the Oracle Multitenant Architecture. Transparent Data Encryption is also enabled by default. So, as soon as you use Data Guard and create new PDBs, you have to take care of copying the wallets to the standby server. We already discussed two approaches…
Using STANDBYS=NONE to create PDBs in a Data Guard environment with TDE enabled
Introduction Creating and cloning PDBs in a multitenant environment is a simple and straightforward task, also when TDE is enabled. However, in a Data Guard environment where primary and standby use their own TDE wallets, it becomes challenging. In a previous blog post, we discussed how creating the master encryption key on the primary PDB…
Create PDBs in a Data Guard Environment with TDE enabled
Introduction See what happens and how to proceed after creating or cloning a PDB in a Data Guard environment while Transparent Data Encryption (TDE) is enabled. If you are new to TDE, have a look at this blog post first. The Environment I’m using Oracle Database Cloud service Enterprise Edition Extreme Performance. The database version is 19.8.…
Enable TDE, auto-login wallet, and Secure External Password Store (SEPS)
Introduction In this blog post we are going to have a step by step instruction to Enable Transparent Data Encryption (TDE). Create an encrypted tablespace. Create an auto-login wallet/keystore. Create a Secure External Password Store (SEPS). Clone PDBs from local and remote CDBs and create their master encryption keys. I’ll try to keep it as…
Do I need the Advanced Security Option on-premises for Hybrid Cloud Disaster Recovery?
In the case of hybrid disaster recovery and having an unencrypted database on-premises, you can create the corresponding unencrypted standby database in the cloud using RMAN DUPLICATE or RESTORE from Object Storage. When you create a new unencrypted tablespace on the on-premises primary database, the standby database in the cloud creates the corresponding unencrypted tablespace via redo. So everything is fine and you…