23.7 Configuring TDE in case of Upgrade

This section details about the configurations required in case you want to enable TDE in OFSAA applications after upgrade to OFSAA 8.0.8.0.0 version from a previous version. Additionally, these configurations are required in case you did not enable TDE during 8.0.8.0.0 installation and want to enable at a later point of time.

  1. Create a new PDB (12c)/ instance (11g) on same or different Database Server for TDE. For more information, see Configuring Software Keystore and Encrypted Tablespace Creation.
  2. Shutdown the OFSAAI Services.
  3. Export all Configuration, Atomic and Sandbox Schemas as per the applications installed in your OFSAA instance.

    For example:

    expdp SYSTEM/oracle@OFSA12C2DB DIRECTORY=data_pump_dir DUMPFILE=ofsaaconf_ofsaaatm_%U.dmp filesize=2G SCHEMAS=ofsaaconf,ofsaaatm LOGFILE=ofsaaconf_ofsaaatm_exp.log

    Note:

    The above command will create data dumps as files of 2GB size each (multiples). Any other commands/ tools as appropriate may be used to archive the schemas.
  4. Import all schemas that are exported using the above command, into the new DB instance. For example:

    impdp SYSTEM/oracle@OFSA12nDB DIRECTORY=data_pump_dir DUMPFILE=ofsaaconf_ofsaaatm_%U.dmp SCHEMAS=ofsaaconf,ofsaaatm LOGFILE=ofsaaconf_ofsaaatm_imp.log

    Note:

    Restoring the exported dumps creates Configuration and Atomic Schema(s) with the same user credentials as that of the source, along with the existing grants.

    If schemas are restored using a tool/ mechanism other than as mentioned in the Step 1 and 2, retain the user credentials of Configuration and Atomic Schemas same as in the Source environment, along with the Schema grants..

  5. Provide select grants on sys.V_$parameter to view Configuration and Atomic Schemas of Target Environment database

    For example:

    Login as sys user:

    SQL> GRANT SELECT ON SYS.V_$PARAMETER TO ofsaaconf;

    Grant succeeded

    SQL> GRANT SELECT ON SYS.V_$PARAMETER TO ofsaaatm;

    Grant succeeded

  6. Update .profile for ORACLE_SID environment variable with new ORACLE_SID.
  7. Update JDBC URL by executing Port Changer utility. For details on how to execute Port Changer utility, see Changing IP/ Hostname, Ports, Deployed paths, Protocol of the OFSAA Instance sections.
  8. Navigate to the $FIC_WEB_HOME directory and execute the following command to trigger the creation of EAR/WAR file:

    ./ant.sh

    The EAR/WAR file - <contextname>.ear/.war - is created in $FIC_WEB_HOME directory.

    On completion of EAR/WAR file creation, the message "BUILD SUCCESSFUL" will be displayed.

  9. Edit the existing Connection Pool settings to point to new JDBC URL and verify connections.
  10. Clear the webserver cache and redeploy the application onto your configured web application server.
  11. Restart the OFSAA Services. For more information, refer to the Start/Stop Infrastructure Services section in the Oracle Financial Services Advanced Analytical Applications Infrastructure Application Pack Installation and Configuration Guide.