Transparent Data Encryption (TDE) on Production Database Tablespaces
Oracle recommends that you enable TDE on tablespaces in the database, and then take incremental backups as usual. TDE requires the Advanced Security Option. The benefits of TDE are as follows:
-
TDE is transparent to applications.
-
Backups of encrypted tablespaces, and redo describing changes to these tablespaces, are encrypted. The TDE-encrypted data blocks are secured on the protected database, Recovery Appliance storage, tape devices, and replicated appliances, and also when transferred through any network connections.
-
TDE on the source database reduces overhead on downstream servers.
-
This technique supports an incremental-forever strategy and virtual full backups.
Note:
Oracle does not recommend encrypting backups using the RMAN SET or CONFIGURE ENCRYPTION command. See "Archival and Encrypted Backups" for more information
The following table shows the support for incremental forever when RMAN encryption and/or RMAN compression are used for the protected database backups:
Table 2-4 Support for Incremental Forever with RMAN Encryption and RMAN Compression
| Data in the Database | No RMAN Encryption and No RMAN Compression | RMAN Encryption | RMAN Compression | RMAN Encryption and RMAN Compression |
|---|---|---|---|---|
| Not Encrypted | Yes | No | Yes | No |
| TDE Tablespace Encryption | Yes | Yes | No | No |
See Also:
-
Oracle Database Advanced Security Guide to learn about TDE
-
Oracle Database Backup and Recovery User’s Guide to learn about configuring backup encryption
-
Oracle Database Backup and Recovery User’s Guide to learn about making compressed backups