|
Installation Guide for Oracle Self-Service E-Billing > Configuring the Oracle Database >
Process of Implementing TDE Tablespace Encryption
By default, TDE Tablespace Encryption is disabled in Oracle Self-Service E-Billing. To enable TDE Tablespace Encryption, you must specify the encryption properties in ebilling_olap.properties and ebilling_oltp.properties files when setting the configuration values for use by Ant script that creates the Oracle Self-Service E-Billing database. When you enable TDE Tablespace Encryption, the Oracle Self-Service E-Billing database installation script encrypts the following OLTP tablespaces by default:
- EDX_DATA
- EDX_FS_DATA
- EDX_PWC_DATA
- EDX_APP_DATA
You can optionally identify any additional tablespaces you want to encrypt in two SQL files. No OLAP tablespaces are encrypted by default. This process is a step in Roadmap for Configuring the Oracle Self-Service E-Billing Database. To set up TDE Tablespace Encryption, perform the following tasks:
- Follow the steps in Specifying the Oracle Wallet Location in the SQLnet.ora File.
- For other tablespaces you want to encrypt, in the setuptablespaces.sql file for the OLTP and OLAP databases, change the encrypted field value from FALSE to TRUE in the corresponding insert statements. The setuptablespaces.sql files are located in the following directories:
- OLTP Database:
- UNIX.
EDX_HOME/db/oracle/oltp/setuptablespaces.sql
- Windows.
EDX_HOME\db\oracle\oltp\setuptablespaces.sql
- OLAP Database:
- UNIX.
EDX_HOME/db/oracle/olap/setuptablespaces.sql
- Windows.
EDX_HOME%\db\oracle\olap\setuptablespaces.sql
In the following example of an insert statement, EDX_REPORT_IDX is the tablespace name. In the last two field values, FALSE and 3DES168, FALSE means this tablespace will not be encrypted by default, and 3DES168 is the encryption algorithm used for the Tablespace Encryption. Change the encrypted field value from FALSE to TRUE to enable encryption for this tablespace.
:insert into "ebill_tablespace" (name, location, tablespace_size, auto_extend, auto_allocate, uniform_size, encrypted, encrypt_algorithm)
value ('EDX_REPORT_IDX', '$L_DB_EDX_INDX_TB_FILE_LOC/edx_report_idx_01.dbf', '28M', 'TRUE', 'FALSE', '1m', 'FALSE', '3DES168');
- Follow the steps in Creating the Oracle Self-Service E-Billing Database Using Ant (Single Node) to create the Oracle Self-Service E-Billing database. You must set the encryption properties as follows when configuring the OLAP and OLTP billing property files in those steps.
|
|
|
ebilling_olap.properties |
ENCRYPTION_WALLET_LOCN |
Specify the location of the Oracle Wallet folder. Use the same location that you set in the sqlnet.ora file. |
ebilling_olap.properties |
WALLET_AUTO_OPEN |
Specify whether the Oracle wallet opens automatically when the database instance is restarted, or whether you must open it manually. Valid values are Y or N. It is recommended to set the value to Y. |
ebilling_olap.properties |
TDE_ENCRYPT_OLAPCOLUMN |
Set the value to N to suppress column-level encryption in the OLAP schema. |
ebilling_olap.properties |
TDE_ENCRYPT_OLAPTSPACE |
Set the value to TRUE to set the Master Encryption Key and encrypt tablespaces in the OLAP schema. |
ebilling_oltp.properties |
TDE_ENCRYPT_OLTPCOLUMN |
Set the value to N to suppress column-level encryption in the OLTP schema. |
ebilling_oltp.properties |
TDE_ENCRYPT_OLTPTSPACE |
Set the value to TRUE to encrypt tablespaces in the OLTP schema. |
- The Ant script prompts you to create an Oracle Wallet password when it is ready to create the Master Encryption Key. Specify a password for the Oracle Wallet, then enter it again.
The installation script sets the Master Encryption Key for TDE tablespace encryption and creates the encrypted tablespaces as you specified.
|
