Back to the Advanced Security Homepage

Transparent Data Encryption

Transparent Data Encryption is one of the three components of the Oracle Advanced Security option for Oracle Database 11g Release 2 Enterprise Edition; it provides transparent encryption of stored data to support your compliance efforts. Applications do not have to be modified and will continue to work seamlessly as before. Data is automatically encrypted when it is written to disk and automatically decrypted when accessed by the application. Key management is built-in, eliminating the complex task of creating, managing and securing encryption keys.

Oracle Quick Study:

Setup TDE with Oracle Enterprise Manager (English | Deutsch | Française | Suomi)

New in Oracle Database 11g Release 2:

Cryptographic hardware acceleration delivers near-zero performance impact of TDE tablespace encryption

When Oracle Database 11g Release 2 Patchset 1 (11.2.0.2) is installed on an Intel Server with AES-NI capability, the data throughput is up to 8 times higher for decryption and up to 10 times higher for encryption (requires patch 10296641) compared to CPUs without hardware acceleration.

Compress and encrypt

TDE tablespace encryption and Oracle's compression technologies allow encryption of compressed data. TDE tablespace encryption can be combined with Advanced Compression in single instance and RAC deployments, as well as Exadata Hybrid Columnar Compression (EHCC). Export files generated with Oracle Data Pump and backups created by Oracle RMAN can be compressed and encrypted as well. Because Oracle applies compression before encryption, encryption has no negative impact on the compression ratio.

Unified master encryption key

The master encryption key for TDE tablespace encryption and TDE column encryption are now combined to one unified master encryption key. This allows transparent re-key operations for both TDE tablespace encryption and TDE column encryption, regardless if the master encryption key is stored in the Oracle Wallet, or in one of the certified Hardware Security Modules offered by Oracle (SCA 6000), Bull, SafeNet, Thales and Utimaco.

Hardware encryption support for Oracle Exadata X2

The storage nodes in Oracle Exadata X2-2 and X2-8 provide hardware decryption acceleration based on Intel® Xeon®L5640 CPUs with AES-NI, delivering a near-zero performance impact for TDE tablespace encryption. To enable hardware support for encryption on the X2-2 compute node (Intel® Xeon®X5670), patch 10296641 is required. Customers no longer have to choose between security and compliance on one side and high performance computing on the other side. With Oracle Database 11g Release 2, the tablespace keys for TDE tablespace encryption, or table keys for TDE column encryption, are available to the intelligent storage cells, where encrypted data is now decrypted before Smart-Scan is applied.

Automatic Wallet Management across RAC instances

When the Oracle Wallet is stored on ACFS, or a certified third party cluster file system, or the TDE master encryption key is managed by a Hardware Security Module, commands to open or close the Wallet or re-key the unified master encryption key are propagated automatically to all other instances.


Applications certified with Transparent Data Encryption
TDE tablespace encryption
(Oracle Database 11g)		 TDE column encryption
(Oracle Database 10.2.0.5 or
Oracle Database 11g)
Oracle E-Business Suite Click here for current updates (Datasheet)
Oracle PeopleSoft Enterprise 8.48+
(Datasheet | Red Paper | Migration Guide)		 Oracle PeopleSoft Enterprise 8.46+ (Datasheet)
Oracle Siebel CRM 8.0+ (Datasheet) Oracle Siebel CRM 7.7+
Oracle JD Edwards EnterpriseOne (Datasheet) iFLEX FlexCube 10.0
SAP 6.40_EX2+ (UNIX and Linux only)
(White Paper)		 SAP 6.40 and later (SAP note 974876)
Oracle RETEK Retail Sales Audit 13.1.5 RETEK Retail Sales Audit:
  • RESA 12.0+ and 13.0 (10gR2)
  • RESA 13.1 (11gR1)
Oracle Communications Billing and Revenue Management (Datasheet)  
Oracle Primavera P6 EPPM 8.x (Datasheet)  
Oracle Internet Directory 10.1.4.2 (White paper)

Oracle Advanced Security Customers
Columbia University Encrypts PeopleSoft Data With Oracle Advanced Seucrity (Success Cast)
Montage: Customers Discuss Using Oracle Advanced Security TDE to Encrypt Sensitive Data (Video)
TransUnion Encrypts Financial and Credit Data (Video | Magazine Article | Success Cast | Webcast)
Ross Stores Encrypts PCI and PII Data With Oracle Advanced Seucrity (Success Cast)
Oracle Advanced Security Helps Sabre Comply with PCI-DSS Encryption Requirements (Success Cast | iPhone)
National Marrow Donor Program Encrypts Healthcare Data (Video)
Educational Testing Services (ETS) Encrypts Student Data (Video | Success Story | Success Cast | Magazine Article)
South Korean Travel Firm Hanatour Encrypts Customer Data (Success Story)
IBI Group Encrypts Road Tolling Data for PCI DSS Compliance (Success Cast)
Philadelphia College of Osteopathic Medicine Encrypts Healthcare Data (Success Cast)
More Oracle Advanced Security Customers

Hands-On
Transparent Data Encryption
Configuring native network encryption

Security Features
Data Encryption
Virtual Private Database
Database Auditing
Backup Encryption
Export file encryption
Proxy Authentication
Enterprise User Security
Secure Application Roles
Fine Grained Auditing

Technical Information
Oracle Transparent Data Encryption best practices
Datasheet
Overview Whitepaper
Transparent Data Encryption Frequently Asked Questions
Technical White Paper

Security Options
Oracle Database Vault
Oracle Advanced Security
Oracle Label Security

Related Technologies
Database Firewall
Audit Vault
Data Masking (pdf)
Secure Backup
Oracle Database Lifecycle Management
Identity Management

Discussion Forums
Security
Audit Vault
Left Curve
Popular Downloads
 Right Curve
Untitled Document
Left Curve
More Database Downloads
 Right Curve