X

The Latest Oracle E-Business Suite Technology News direct from
Oracle E-Business Suite Development & Product Management

TDE Tablespace Encryption 11.2.0.2 Certified with E-Business Suite

Steven Chan
Senior Director

Oracle Advanced Security is an optional licenced Oracle 11g Database add-on. Oracle Advanced Security Transparent Data Encryption (TDE) offers two different features: column encryption and tablespace encryption. TDE Tablespace Encryption 11.2.0.2 is now certified with Oracle E-Business Suite Release 11i (11.5.10.2 + ATG PF.H RUP 6 and higher) and Release 12 (Releases 12.0.6 and higher and 12.1.1 and higher).

What is Transparent Data Encryption (TDE) ?

Oracle Advanced Security Transparent Data Encryption (TDE) allows you to protect data at rest. TDE helps address privacy and PCI requirements by encrypting personally identifiable information (PII) such as Social Security numbers and credit card numbers.

TDE is completely transparent to existing applications with no triggers, views or other application changes required. Data is transparently encrypted when written to disk and transparently decrypted after an application user has successfully authenticated and passed all authorization checks. Authorization checks include verifying the user has the necessary select and update privileges on the application table and checking Database Vault, Label Security and Virtual Private Database enforcement policies.

Existing database backup routines will continue to work, with the data at rest remaining encrypted in the backup. For encryption of entire database backups, TDE can be used in combination with Oracle RMAN.

What is Tablespace Encryption ?

TDE Key Management architectureNew in Oracle Database 11g, the Oracle Advanced Security now includes support for tablespace encryption.

When a tablespace is created through Enterprise Manager or on the command line, an option now exists to specify that the file be encrypted on the file system. When new data is added to the new tablespace using the insert command or datapump, entire tables will be transparently encrypted. When the database reads data blocks from the encrypted tablespace it will transparently decrypt the data blocks.

With this certification, Oracle E-Business Suite environments can be migrated to the latest 11gR2 version of encrypted tablespaces. For more information, see:

This database option is certified for all EBS platforms on which Oracle Database 11.2.0.2 is certified.  You can refer to the Certifications system on My Oracle Support for details about certified EBS platforms for this database release.

Related Articles

 

 

Join the discussion

Comments ( 8 )
  • guest Tuesday, March 5, 2013

    But whats the use of tablespace encryption?? I am able to insert and view table/data from any other user too!


  • Steven Chan Friday, March 15, 2013

    Hello, Guest,

    Tablespace Encryption protects your backups from being hacked. It doesn't prevent authorized users from directly modifying the E-Business Suite database.

    You can use other technologies, including Database Vault, to prevent insider attacks using compromised sysadmin accounts. For more details about Database Vault, see:

    Database Vault 11gR2 11.2.0.1 Certified with Oracle E-Business Suite (Oracle E-Business Suite Technology)

    https://blogs.oracle.com/stevenChan/entry/db_vault_11gr2_11201_ebs

    Regards,

    Steven


  • sree Friday, October 18, 2013

    Hi Steven,

    What is the best way of turning off the TDE feature (at tablespace level)?? Is it "alter table/index move/rebuild" or using expdp/impdp??

    This is for EBS R12.1

    Regards


  • Steven Chan Wednesday, October 30, 2013

    Hi, Sree,

    Sorry for the delay in responding to this. I would recommend that you log a Service Request against the TDE feature to get assistance with this.

    Regards,

    Steven


  • guest Monday, June 29, 2015

    TDE provides encryption of data at rest, any idea on what could achieve data encryption in transit, like from EBS Application server to DB server which currently listens on standard tcp 1521 port.


  • Elke Phelps (Oracle Development) Sunday, July 5, 2015

    Guest,

    Thanks for the inquiry. Once part of the Database Advanced Networking Option, SQL*Net encryption is now available as a free option.

    SQL*Net encryption allows you to encrypt SQL*Net traffic from the Oracle E-Business Suite application tier to the database tier.

    Regards,

    Elke


  • Chas Thursday, August 24, 2017
    Hi,

    I understand currently for EBS R12.2 the only supported way to migrate existing tablespaces to TDE tablespace encryption requires a full database export + import (eg. mentioned in Doc ID 828229.1 + Doc ID 1926686.1).

    For large production databases this would be a big effort and risk.

    For NON EBS databases there appears to be a much less complex and less risky method of performing TDE tablespace migration (eg. ALTER DATABASE DATAFILE ... ENCRYPT) for RDBMS 11.2.0.4 / 12.1. This is documented in Doc ID 2148746.1.

    Are there any plans in the pipeline to support this simpler method for EBS R12.2 ?

    Thanks
  • Jagdish Thursday, May 9, 2019
    For EBusiness Suite, please refer below Oracle document
    Using Fast Offline Conversion to Enable Transparent Data Encryption (TDE) for Oracle E-Business Suite (Doc ID 2322920.1)
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.

Recent Content