Introduction Oracle Databases on Oracle Cloud use the Multitenant Architecture and are encrypted with TDE by default. Creating new PDBs in Data Guard environments while using a local wallet for TDE master encryption keys requires some additional steps to copy the wallet file and recover the PDB on standby. We discussed these approaches in previous…
Introduction Oracle Databases in Oracle Cloud use Transparent Data Encryption (TDE) by default to protect data at rest. The default configuration “Oracle-Managed Keys” stores the master encryption keys in a wallet file locally on the database servers. Now, Oracle also supports the integration with the OCI Vault Service for VM DB Systems, where you are able…
Introduction Oracle Multitenant is integrated with Oracle Data Guard. Data Guard is configured at the CDB level and will replicate all transactions from the primary to the standby for all PDBs in a single stream, including creating and deleting PDBs. But! When we create a new PDB, which is a clone from PDB$SEED, or create…
Introduction Oracle Databases in Oracle Cloud use Transparent Data Encryption (TDE) by default to protect data at rest. The default configuration “Oracle-Managed Keys” stores the master encryption keys in a wallet file locally on the database servers. Now, Oracle also supports the integration with the OCI Vault Service, where you are able to create and…
Introduction Oracle Databases on Oracle Cloud are created using the Multitenant architecture. All databases are encrypted using Transparent Data Encryption (TDE) by default. All databases on Exadata, Bare Metal machines, and RAC on Virtual Machines use ASM storage management. For Single Instance databases on Virtual Machine DB systems you have the choice between Logical Volume…
Introduction In the Oracle Cloud, every newly created database from 12c onward uses the Oracle Multitenant Architecture. Transparent Data Encryption is also enabled by default. So, as soon as you use Data Guard and create new PDBs, you have to take care of copying the wallets to the standby server. We already discussed two approaches…
Introduction Creating and cloning PDBs in a multitenant environment is a simple and straightforward task, also when TDE is enabled. However, in a Data Guard environment where primary and standby use their own TDE wallets, it becomes challenging. In a previous blog post, we discussed how creating the master encryption key on the primary PDB…
Introduction See what happens and how to proceed after creating or cloning a PDB in a Data Guard environment while Transparent Data Encryption (TDE) is enabled. If you are new to TDE, have a look at this blog post first. The Environment I’m using Oracle Database Cloud service Enterprise Edition Extreme Performance. The database version is 19.8.…
Introduction In this blog post we are going to have a step by step instruction to Enable Transparent Data Encryption (TDE). Create an encrypted tablespace. Create an auto-login wallet/keystore. Create a Secure External Password Store (SEPS). Clone PDBs from local and remote CDBs and create their master encryption keys. I’ll try to keep it as…
In the case of hybrid disaster recovery and having an unencrypted database on-premises, you can create the corresponding unencrypted standby database in the cloud using RMAN DUPLICATE or RESTORE from Object Storage. When you create a new unencrypted tablespace on the on-premises primary database, the standby database in the cloud creates the corresponding unencrypted tablespace via redo. So everything is fine and you…
Database Heartbeat 