1. Administering Oracle Data Safe
  2. Getting Started
  3. Oracle Data Safe Architecture

Oracle Data Safe Architecture

The main components of Oracle Data Safe are the Oracle Data Safe service in Oracle Cloud Infrastructure, a back-end Oracle database repository, and target databases.

Oracle Data Safe Service

You can access the Oracle Data Safe service in Oracle Cloud Infrastructure. The service has the following pages:

  • Overview page - On this page you can review what's new in Oracle Data Safe, access the Oracle Data Safe dashboard, register target databases with Oracle Data Safe, and access documentation and related resources.
  • Target Databases page - On this page, you can view details for target databases to which you have access and register new target databases, either manually or by using a wizard.
  • Settings page - On this page, you can set global paid usage and global audit record retention policy settings for the regional Oracle Data Safe service.
  • Security Center pages - The Security Center page provides access to the Dashboard, Security Assessment, User Assessment, Data Discovery, Data Masking, Activity Auditing, and Alerts pages.

    Note:

    To migrate content from the former Oracle Data Safe Console to Security Center, you need access to the Oracle Data Safe Console. Links to this Console are provided in the Security Center user interface.
  • Private Endpoints page - On this page, you can manually create and manage Oracle Data Safe private endpoints. Private endpoints are needed to connect to Oracle Cloud databases running in a private VCN (including Oracle Database on OCI Compute) as well as to connect to Oracle on-premises databases and Cloud at Customer databases that have a FastConnect or IPSec VPN connection to OCI.
  • On-Premises Connectors page - On this page, you can manually create and manage Oracle Data Safe on-premises connectors. On-premises connectors are needed to access Oracle on-premises databases via a locally installed on-premises connector.

Oracle Data Safe Database Repository

Oracle Data Safe uses its own database to store your service information, such as audit data (trails), masking settings, reports, alerts, and many other things. This database is a secure and highly available Oracle Database stored in the Oracle Cloud.

Target Databases

Oracle Data Safe can connect to your Oracle databases, including Autonomous Databases, DB systems (Bare Metal, Virtual Machine, and Exadata), on-premises Oracle Databases, Oracle Cloud@Customer databases (Exadata Cloud@Customer and Autonomous Database on Exadata Cloud@Customer), and Oracle Databases on compute instances in both Oracle Cloud Infrastructure and non-Oracle cloud environments.

You can choose to use all Oracle Data Safe features with a target database or just certain ones. For example, you may want to use Activity Auditing with one target database and use Data Discovery and Data Masking with another.

Two different protocols are supported for connecting Oracle Data Safe to your target databases:

  • TCP with network encryption, where your target database has to have network encryption enabled.
  • TCPS, where your target database has to be configured with TLS version 1.2.

Oracle recommends that you back up your target databases when using features like Data Masking. You can use services in Oracle Cloud Infrastructure, such as Oracle Storage Cloud Service or Oracle Cloud Infrastructure Storage Service to back up your target databases.

The following diagram illustrates the Oracle Data Safe components, including the Oracle Data Safe service, Oracle Data Safe's back-end database, and target databases.