Introduction Oracle Databases in Oracle Cloud use Transparent Data Encryption (TDE) by default to protect data at rest. The default configuration “Oracle-Managed Keys” stores the master encryption keys in a wallet file locally on the database servers. Now, Oracle also supports the integration with the OCI Vault Service, where you are able to create and…
Introduction Oracle Databases on Oracle Cloud are created using the Multitenant architecture. All databases are encrypted using Transparent Data Encryption (TDE) by default. All databases on Exadata, Bare Metal machines, and RAC on Virtual Machines use ASM storage management. For Single Instance databases on Virtual Machine DB systems you have the choice between Logical Volume…
Introduction In the Oracle Cloud every newly created database from 12c onward uses the Oracle Multitenant Architecture. Transparent Data Encryption is also enabled by default. So, as soon as you use Data Guard and create new PDBs, you have to take care of copying the wallets to the standby server. We already discussed two approaches…
Introduction Creating and cloning PDBs in a multitenant environment is a simple and straight forward task, also when TDE is enabled. However, in a Data Guard environment where primary and standby use their own TDE wallets, it becomes challenging. In a previous blog we discussed how creating the master encryption key on the primary PDB…
Introduction See what happens and how to proceed after creating or cloning a PDB in a Data Guard environment while Transparent Data Encryption (TDE) is enabled. If you are new to TDE, have a look at this blog first. The Environment I’m using Oracle Database Cloud service Enterprise Edition Extreme Performance. The database version is 19.8. TDE…
Introduction In this blog post we are going to have a step by step instruction to Enable Transparent Data Encryption (TDE). Create an encrypted tablespace. Create an auto-login wallet/keystore. Create a Secure External Password Store (SEPS). Clone PDBs from local and remote CDBs and create their master encryption keys. I’ll try to keep it as…
In the case of hybrid disaster recovery and having an unencrypted database on-premises, you can create the corresponding unencrypted standby database in the cloud using RMAN DUPLICATE or RESTORE from Object Storage. When you create a new unencrypted tablespace on the on-premises primary database, the standby database in the cloud creates the corresponding unencrypted tablespace via redo. So everything is fine and you…
