What is Transparent Data Encryption (TDE) ?
Oracle Advanced Security Transparent Data Encryption (TDE) allows you to protect data at rest. TDE helps address privacy and PCI requirements by encrypting personally identifiable information (PII) such as Social Security numbers and credit card numbers.
TDE is completely transparent to existing applications with no triggers, views or other application changes required. Data is transparently encrypted when written to disk and transparently decrypted after an application user has successfully authenticated and passed all authorization checks. Authorization checks include verifying the user has the necessary select and update privileges on the application table and checking Database Vault, Label Security and Virtual Private Database enforcement policies.
Existing database backup routines will continue to work, with the data at rest remaining encrypted in the backup. For encryption of entire database backups, TDE can be used in combination with Oracle RMAN.
What is Tablespace Encryption ?
New in Oracle Database 11g, the Oracle Advanced Security now includes support for tablespace encryption.
When a tablespace is created through Enterprise Manager or on the command line, an option now exists to specify that the file be encrypted on the file system. When new data is added to the new tablespace using the insert command or datapump, entire tables will be transparently encrypted. When the database reads data blocks from the encrypted tablespace it will transparently decrypt the data blocks.
With this certification, Oracle E-Business Suite Release 12 environments can be migrated to the latest 11gR2 11.2.0.1 version of encrypted tablespaces. For more information, please refer to:
Prerequisites
References
Related Articles
HI,
We will be implementing TDE for EBS Oracle Financials (iExpense). We want to go with Tablespace encryption for EBS12.2. Do you have any input to the scope of magnitude (how much effort will be needed to configure this in each environment, how much testing may be needed, etc.).
Using TDE Tablespace Encryption with Oracle E-Business Suite Release 12.2 (Doc ID 1585296.1)
we are referring to the above oracle doc.
Thanks,
Tej
Hello, Tej,
I'm afraid that we don't have much insight into this. Every customer's implementations of different features can vary quite widely. I'd recommend conducting a small proof-of-concept test on a clone of your production database to assess the major requirements for this.
Regards,
Steven
Thank you Steven. I would recommend to conduct a POC as per your suggestion. May I know the most common issues while doing this TDE on EBS? As per the Oracle doc, export/import is suggested to move data to encrypted tablespaces. We have each database around 2TB. I know that this would take large time and will end with many issues while conducting exp/imp. Do we have any other alternatives?
Thanks
Tej
Hello, Tej,
There should be no issues as long as you follow our published documentation. Feel free to log a Service Request if you have any questions about a particular step.
Best of luck with your project.
Regards,
Steven