Transparent Data Encryption
Transparent Data Encryption is one of the three components of the Oracle Advanced Security option for Oracle Database 11g Release 2 Enterprise Edition; it provides transparent encryption of stored data to support your compliance efforts. Applications do not have to be modified and will continue to work as before. Data is automatically encrypted when it is written to disk and automatically decrypted when accessed by the application. Key management is built-in, eliminating the complex task of creating, managing and securing encryption keys.
Oracle Quick Study:
|Setup TDE with Oracle Enterprise Manager (English | Deutsch | Française | Suomi)|
When Oracle Database 11g Release 2 Patchset 1 (126.96.36.199) is installed on an Intel Server with AES-NI capability, the data throughput is up to 8 times higher for decryption and up to 10 times higher for encryption (requires patch 10296641) compared to CPUs without hardware acceleration.
TDE tablespace encryption and Oracle's compression technologies allow encryption of compressed data. TDE tablespace encryption can be combined with Advanced Compression in single instance and RAC deployments, as well as Exadata Hybrid Columnar Compression (EHCC). Export files generated with Oracle Data Pump and backups created by Oracle RMAN can be compressed and encrypted as well. Because Oracle applies compression before encryption, encryption has no negative impact on the compression ratio.
The master encryption key for TDE tablespace encryption and TDE column encryption are now combined to one unified master encryption key. This allows transparent re-key operations for both TDE tablespace encryption and TDE column encryption.
The storage nodes in Oracle Exadata X2-2 and X2-8 provide hardware decryption acceleration based on Intel® Xeon®L5640 CPUs with AES-NI, delivering a near-zero performance impact for TDE tablespace encryption. To enable hardware support for encryption on the X2-2 compute node (Intel® Xeon®X5670), patch 10296641 is required. Customers no longer have to choose between security and compliance on one side and high performance computing on the other side. With Oracle Database 11g Release 2, the tablespace keys for TDE tablespace encryption, or table keys for TDE column encryption, are available to the intelligent storage cells, where encrypted data is now decrypted before Smart-Scan is applied.
When the Oracle Wallet is stored in Oracle CloudFS (a.k.a. ACFS) or a certified third-party cluster file system, commands to open or close the Wallet or re-key the unified master encryption key are propagated automatically to all nodes.
|TDE tablespace encryption
(Oracle Database 11g)
|TDE column encryption
(Oracle Database 10.2.0.5 or
Oracle Database 11g)
|Oracle E-Business Suite Click here for current updates (Datasheet)|
|Oracle PeopleSoft Enterprise 8.48+
(Datasheet | Red Paper | Migration Guide)
|Oracle PeopleSoft Enterprise 8.46+ (Datasheet)|
|Oracle Siebel CRM 8.0+ (Datasheet)||Oracle Siebel CRM 7.7+|
|Oracle JD Edwards EnterpriseOne (Datasheet)||iFLEX FlexCube 10.0|
|SAP 6.40_EX2+ (UNIX and Linux only)
|SAP 6.40 and later (SAP note 974876)|
|Oracle RETEK Retail Sales Audit 13.1.5||RETEK Retail Sales Audit:
|Oracle Communications Billing and Revenue Management (Datasheet)|
|Oracle Primavera P6 EPPM 8.x (Datasheet)|
|Oracle Internet Directory 10.1.4.2 (White paper)|