Re: encrypted filesystems for database files

Thanks...this is from Oracle Support quoted verbatim on the question of encrypted filesystems :

"This is a 3th party issue, we have our own solution which would be TDE tablespace encryption,
for any 3th party solution to properly work, it must be completely transparent to oracle,
the normal read / write OS calls oracle does must be redirected to the decrypt / encrypt code, it
is possible asynch_io can no longer work and you also may need to set parameter disk_asynch_io = false,
otherwise it is entirely up to the 3th party product being tested and certified to run with oracle
by the 3th party vendor."

On Thu, Sep 18, 2014 at 5:05 AM, Kenny Payton <k3nnyp_at_gmail.com> wrote:

> We typically do encryption in our SAN array ( Hitachi ). We are in the
> process of testing a SoftLayer cloud deployment and are building a SAN
> based on commodity hardware using EMC's ScaleIO software which has an
> encryption option at the volume level. The storage servers have SSD's in
> them and we can easily saturate a single 10gbit link doing writes with very
> little cpu consumption on the storage server. So far I'm pretty impressed
> by ScaleIO.
>
> We're also using TDE in a small environment but haven't stressed it at all
> to tell the real overhead. Of course the cost is a hard thing to swallow.
> There was a post recently on this board that stated ACFS is now free. I'm
> pretty sure it has encryption options also but not for sure if they are
> also free but might be worth looking at.
>
> Kenny
>
> On Tue, Sep 16, 2014 at 9:11 AM, Jeremy Schneider <
> jeremy.schneider_at_ardentperf.com> wrote:
>
>> On Mon, Sep 15, 2014 at 1:02 PM, Powell, Mark <mark.powell2_at_hp.com>
>> wrote:
>>
>>> Isn’t that what Tablespace level TDE basically does for you?
>>>
>>
>> Sure, if you want to pay for it. :)
>>
>>
>>
>>> *From:* oracle-l-bounce_at_freelists.org [mailto:
>>> oracle-l-bounce_at_freelists.org] *On Behalf Of *April Sims
>>> *Sent:* Monday, September 15, 2014 11:34 AM
>>> *Subject:* encrypted filesystems for database files
>>>
>>> Anyone use encryption at the filesystem level for any type of Oracle
>>> database files?
>>>
>> I'm familiar with one case where a customer did this, but it was a
>> off-site standby database which really existed more as a backup than a
>> standby. It was not intended for actual failover. I haven't yet run a
>> live production database on os-level encryption. It would most likely
>> work, but I wouldn't expect equal performance to db-level encryption. If
>> you've got a small app and you don't want to pay for encryption then it may
>> work fine for you. If the business & database grow then it
>> may eventually be worth buying advanced security for the db. As always,
>> those sorts of decisions are very dependent on your specific situation and
>> even then they're not usually black and white...
>>
>> -Jeremy
>>
>>
>> --
>> http://about.me/jeremy_schneider
>>
>
>

-- 
April C. Sims
IOUG SELECT Journal Editor
http://aprilcsims.wordpress.com
Twitter, LinkedIn
Oracle Database 11g – Underground Advice for Database Administrators
<http://www.amazon.com/Oracle-Database-Underground-Advice-Administrators/dp/1849680000/ref=sr_1_1?ie=UTF8&s=books&qid=1272289339&sr=8-1#noop>
https://www.packtpub.com/oracle-11g-database-implementations-guide/book
OCP 8i, 9i, 10g, 11g DBA
Southern Utah University
aprilcsims_at_gmail.com

--
http://www.freelists.org/webpage/oracle-l