Short summary on Oracle Transparent Data Encryption


Transparent Data Encyption features:

  • Encrypts columns or entire application data table spaces.
  • Protects the database files on disk and on backup of databases.
  • Transparent to application no changes required.

 

Below action plans are in brief:

  • Perform cold backup
  • Check the table space size.
  • Apply patch 23315889 ( one of patch)
  • $ mkdir -p /APPSOL/appsol/admin/TDE/APPSOL
  • SQL> select * from v$encryption_wallet;
  • update sqlnet.ora file.
ENCRYPTION_WALLET_LOCATION=
 (SOURCE= (METHOD = FILE)
      (METHOD_DATA=
         (DIRECTORY=/APPSOL/appsol/admin/TDE/APPSOL)
      )
 SQL> alter system set encryption key identified by "*******";
  $ ls /APPSOL/appsol/admin/TDE/APPSOL
   Restart DB in mount stage.
   SQL> select TABLESPACE_NAME,ENCRYPTED,COMPRESS_FOR from   DBA_TABLESPACES not in ('SYSTEM','SYSAUX','TEMP','UNDOTBS1');
  Restart DB.
 SQL> ALTER SYSTEM SET ENCRYPTION WALLET OPEN IDENTIFIED BY "*******";
 SQL>@tablespace_offline.sql

Create a script called tbsp_offline.sql script to bring table spaces other than system,sysaux,temp and undo offline;

$ sqlplus "/as sysdba"
SQL> spool tbsp_offline.sql
SQL> select 'alter tablespace ' ||tablespace_name||  ' offline;' from dab_tablespaces where tablespace_name not in ('SYSTEM','SYSAUX','TEMP','UNDOTBS1');
SQL> exit
  alter tablespace USERS offline;
  alter tablespace APPSOLD offline;
  alter tablespace APPSOLX offline;
  alter tablespace APPSOLTMPD offline;

Encrypt the database as below:

SQL> @tablespace_encrypt;
encrypt datafile.
 $ sqlplus / as sysdba
SQL> set heading off
SQL> set linesize 150
SQL> set datafile_encrypt.sql
SQL> select 'alter database datafile ' ' ' || file_name || ' ' ' encrypt;' from dab_data_files where tablespace_name not in ('SYSTEM','SYSAUX','TEMP','UNDOTBS1','TOOLS');
SQL> exit;
Now edit the datafile_encrypt.sql script to remove all lines other than alter database commands.
alter database datafile '/APPSOL/appsol/oradata/oradat_APPSOL/APPSOL/datafile/users01.dbf' encrypt;
alter database datafile '/APPSOL/appsol/oradata/oradat_APPSOL/APPSOL/datafile/appsol1.dbf' encrypt;
alter database datafile '/APPSOL/appsol/oradata/oradat_APPSOL/APPSOL/datafile/appsoltmp01.dbf' encrypt;
alter database datafile '/APPSOL/appsol/oradata/oradat_APPSOL/APPSOL/datafile/appsolx01.dbf' encrypt;
alter database datafile '/APPSOL/appsol/oradata/oradat_APPSOL/APPSOL/datafile/appsol02.dbf' encrypt;
alter database datafile
'/APPSOL/appsol/oradata/oradat_APPSOL/APPSOL/datafile/appsol03.dbf' encrypt;
alter database datafile '/APPSOL/appsol/oradata/oradat_APPSOL/APPSOL/datafile/appsol04.dbf' encrypt;
alter database datafile
'/APPSOL/appsol/oradata/oradat_APPSOL/APPSOL/datafile/appsol05.dbf' encrypt;
alter database datafile
'/APPSOL/appsol/oradata/oradat_APPSOL/APPSOL/datafile/appsol06.dbf' encrypt;
alter database datafile
'/APPSOL/appsol/oradata/oradat_APPSOL/APPSOL/datafile/appsol07.dbf' encrypt;

Now change tablespace online mode.

SQL> @tablespace_online.sql
alter tablespace USERS online;
  alter tablespace APPSOLD online;
  alter tablespace APPSOLX online;
   alter tablespace APPSOLTMPD online;
SQL> select * from v$instance;
SQL> select * from table_name rownum <5;
SQL> ALTER SYSTEM SET ENCRYPTION WALLET OPEN IDENTIFIED BY "********";
SQL> select * from v$encryption_wallet;


Check the status of table space encryption by connecting to sqlplus /as sysdba and running the query shown;

$ sqlplus /as sysdba
SQL> select tablespace_name,encrypted from dab_tablespaces;
$ sqlplus /as sysdba
$ administer key management create AUTO_LOGIN keystone from keystone "/APPSOL/appsol/12102/admin/TDE/APPSOL" identified by "*****";
Bounce Database
Backup Database.

Comments

Post a Comment

Popular posts from this blog

How to fix Oracle SQL Developer connection issue "Got minus one from a read call"

Image
 During connection from SQL Developer to EBS database got below error message: Status : Failure - Test failed: IO Error: Got minus one from a read call Following solution can be done : 1. Go to directory $ORACLE_HOME / network / admin 2. Modify sqlnet.ora file with following parameter : tcp.validnode_checking = no 3. If you don 't want to disable this, you can put the machine names as follows: tcp.invited_nodes=(machine1, machine2) 3. Bounce the listener. Due to security enhancements it is not good to put tcp.validnode_checking = no or comment out will through error when we start listener like below: Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=shsebs7idb1.appsolworld.com)(PORT=1522))) TNS-00584: Valid node checking configuration error TNS-12560: TNS:protocol adapter error Better plan is to add localhost or IP address of client (Local Computer) in the sqlnet.ora file That will solve the problem NAMES.DIRECTORY_PATH=(TNSNAMES, ONAMES, HOSTNAME) SQLNET.EXPI
Read more

How to troubleshoot Long Running Concurrent Request in EBS 12.2

 The following points need to answer before jumping into troubleshooting: Are there any recent code changes done in the concurrent program?           Check long_running_sid and verify the recent code change of last_ddl_timestamp after a             discussion with the developer. Was this running long in the last few run as well, or was this time only?            ==> Check the program history. How much time does it take to complete?           Once again program history can give us some idea. Are these jobs fetching higher data compared to the last run           ===> Confirm on data change . Query Plan change will indicate this issue. Does this job runs at any specific time or it can be run anytime           ===> The nature of the job can help to understand the job's nature. Does this job fetch data using DB Link          ====> Check whether the DB link is involved or not. The below-given approach would help to conclude the gray areas. Check the load of the server using t
Read more

Few Important steps of Oracle Database Clone

 Make Sure oraInst.loc location is correct and accessble. [demantra@dsiddem ~]$ cat /etc/oraInst.loc inventory_loc=/orastage/oraInventory inst_group=dba [demantra@dsiddem ~]$ cd /orastage/oraInventory [demantra@dsiddem oraInventory]$ ls -ltr total 16 drwxrwx---. 5 demantra dba 4096 Jul 22 19:37 backup drwxrwx---. 2 demantra dba 4096 Jul 22 19:37 ContentsXML drwxrwx---. 2 demantra dba 4096 Jul 22 19:37 locks drwxrwx---. 3 demantra dba 4096 Jul 23 10:08 logs Remove Oracle Home from Inventory [demantra@dsiddem oraInventory]$ cd $ORACLE_HOME/oui/bin [demantra@dsiddem bin]$ ./runInstaller -detachHome ORACLE_HOME=$ORACLE_HOME Starting Oracle Universal Installer... Checking swap space: must be greater than 500 MB.   Actual 3039 MB    Passed The inventory pointer is located at /etc/oraInst.loc Run Clone.pl [demantra@dsiddem bin]$ echo $ORACLE_HOME /dnbsid/demantra/oracle/19.0.0 [demantra@dsiddem bin]$ echo $ORACLE_BASE /dnbsid/demantra [demantra@dsiddem bin]$ E01=ORACLE_HOME=$ORACLE_HOME [dema
Read more