Installation Guide for Oracle Self-Service E-Billing > Configuring the Oracle Database >

Process of Implementing TDE Column Encryption


TDE Column Encryption encrypts the columns listed in two CSV files during the creation of the Oracle Self-Service E-Billing database.

By default, columns in the Oracle Self-Service E-Billing OLAP and OLTP schemas already known to contain sensitive data are listed in the CSV files:

  • tde_olap_columns.csv. Columns in the OLAP schema that contain sensitive data; 0 columns included by default.
  • tde_oltp_columns.csv. Columns in the OLTP schema that contain sensitive data; 95 columns included by default.

You can identify additional columns that contain sensitive data and add them to these files.

This process is a step in Roadmap for Configuring the Oracle Self-Service E-Billing Database.

To implement TDE Column Encryption, perform the following tasks:

  1. Follow the steps in Specifying the Oracle Wallet Location in the SQLnet.ora File.
  2. (Optional) To encrypt additional columns, follow these steps:
    1. Open the tde_olap_columns.csv and tde_oltp_columns.csv files, located in the following directory, where EDX_HOME is the location where you installed Oracle Self-Service E-Billing:
      • UNIX. EDX_HOME/db/oracle/encrypt
      • Windows. EDX_HOME\db\oracle\encrypt
    2. Add the additional columns, using the following format:

      table_name1, column_name1

      table_name1, column_name2

      ...

      table_name2, column_name1

      table_name2, column_name2

      ...

      table_nameN, column_name1

      table_nameN, column_name2

      ...

  3. Follow the steps in Creating the Oracle Self-Service E-Billing Database Using Ant (Single Node). Set the following encryption properties when configuring the OLAP and OLTP billing property files in those steps.
    Property File
    Encryption Property
    Description

    ebilling_olap.properties

    ENCRYPTION_WALLET_LOCN

    Specify the location of the Oracle Wallet folder. Use the same location that you set in the sqlnet.ora file.

    ebilling_olap.properties

    WALLET_AUTO_OPEN

    Specify whether to automatically open the Oracle Wallet when the database instance restarts. Valid values are Y or N. It is recommended to set the value to Y.

    ebilling_olap.properties

    TDE_ENCRYPT_OLAPCOLUMN

    Set the value to Y to set the Master Encryption Key and enable column-level encryption in the OLAP schema.

    ebilling_olap.properties

    TDE_ENCRYPT_OLAPTSPACE

    Set the value to FALSE to suppress tablespace-level encryption in the OLAP schema.

    ebilling_oltp.properties

    TDE_ENCRYPT_OLTPCOLUMN

    Set the value to Y to enable column-level encryption in the OLTP schema.

    ebilling_oltp.properties

    TDE_ENCRYPT_OLTPTSPACE

    Set the value to FALSE to suppress tablespace-level encryption in the OLTP schema.

    NOTE:  If you do not set the encryption properties while setting the other properties in the ebilling_olap.properties and ebilling_oltp.properties files, then you will have to open these files again to set the encryption properties before performing column encryption. You will also have to use the Ant Encryption menu to set the Master Encryption Key and open the Oracle Wallet, which require you to shut down and restart the database again.

  4. The Ant script prompts you to create an Oracle Wallet password when it is ready to create the Master Encryption Key. Specify a password for the Oracle Wallet, then enter it again.

    The installation script sets the Master Encryption Key for TDE column encryption after creating the schema objects.

  5. Go to the directory where the Oracle Self-Service E-Billing database installation files are located:
    • UNIX. EDX_HOME/db/oracle
    • Windows. EDX_HOME\db\oracle
  6. Enter Ant.

    By default, the Ant command runs the build.xml file in the current directory.

  7. From the Main Menu, select Option 2, Standalone Install. Select Option 4, Encrypt Sensitive Data.
  8. (Optional) Select Option 1 to run an encryption precheck.

    A precheck reviews the columns listed in the CSV files and reports how many columns can be encrypted and how many cannot. A precheck generates two log files: precheck_olap.log and precheck_oltp.log. Review these log files for details. The log files are located in the following directory:

    • UNIX. EDX_HOME/db/oracle/encrypt
    • Windows. EDX_HOME\db\oracle\encrypt
  9. If you did not set the TDE_ENCRYPT_OLAPCOLUMN and TDE_ENCRYPT_OLTPCOLUMN properties in the ebilling_olap.properties and ebilling_oltp.properties files to Y before running the Ant installation script, then do the following:
    1. Open the ebilling_olap.properties and ebilling_oltp.properties files, located in the following directory, and specify the values described in Step 3 for the current installation:
      • UNIX. EDX_HOME/db/oracle
      • Windows. EDX_HOME\db\oracle
    2. Follow the steps in Setting the Master Encryption Key Using the Ant Encryption Menu.
  10. If you did not set the WALLET_AUTO_OPEN property in the ebilling_olap.properties file to Y (to automatically open the Oracle Wallet when starting a database instance, then follow the steps in Opening the Oracle Wallet Using the Ant Encryption Menu.
  11. Select Option 4, Encrypt OLAP sensitive data. Review the encrypt_olap.log file, located in the following directory, for detailed information:
    • UNIX. EDX_HOME/db/oracle/encrypt
    • Windows. EDX_HOME\db\oracle\encrypt
  12. Select Option 5, Encrypt OLTP Sensitive Data. Review the encrypt_oltp.log file, located in the following directory, for detailed information:
    • UNIX. EDX_HOME/db/oracle/encrypt
    • Windows. EDX_HOME\db\oracle\encrypt
  13. Select Q, Quit.
Installation Guide for Oracle Self-Service E-Billing Copyright © 2016, Oracle and/or its affiliates. All rights reserved. Legal Notices.