Re: Transparent Data Encryption

From: David Mann <dmann99_at_gmail.com>
Date: Thu, 12 Mar 2015 10:50:22 -0400
Message-ID: <CAGazuyVs99fzWnsuBoY3gOW0U1qY4d-RBXPe36ACfGwxG-iHyQ_at_mail.gmail.com>

Thanks Jeremy for your insights and Charles for your questions.

I'm moving forward with working TDE support into an 11gR2 project as well.

Implementation and care and feeding of the wallets when creating, cloning, etc has been going OK. I haven't found enough people that use it in order to discuss long term handling of the wallets with.

As we only have a handful of databases (<5% of enterprise) which will be using TDE we can't justify the expense of Key Vault or other 3rd party products. I want to protect the wallets at a local and remote site but my challenge is getting the DB ops teams to make sure when they get a ticket that they know they are operating on a TDE encrypted database and they should backup the wallet at key times (after creation, before/after password changes, etc).

I had a dream about a shell script which would return TDE status of a database and offer to make a backup of the wallet to a secure area. Without Key Vault are folks just doing these steps manually or is there a good basic level of automation I should be striving for?

-Dave

--

Dave Mann
General Geekery | www.brainio.us
Database Geekery | www.ba6.us | _at_ba6dotus | http://www.ba6.us/rss.xml

--

http://www.freelists.org/webpage/oracle-l Received on Thu Mar 12 2015 - 15:50:22 CET

This message: [ Message body ]
Next message: Stéphane Faroult: "Re: Query help"
Previous message: Sheehan, Jeremy: "EM 12cR4 Metric Collection - Excluding tablespaces from %used metric"
Maybe in reply to: Charles Schultz: "Transparent Data Encryption"
Next in thread: Charles Schultz: "Re: Transparent Data Encryption"
Reply: Charles Schultz: "Re: Transparent Data Encryption"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message