E Enabling Transparent Data Encryption
This appendix describes how to configure Oracle Transparent Data Encryption (TDE) for Oracle Identity Manager. It contains the following topics:
E.1 Types of Data Encryption
Oracle Database supports TDE tablespace encryption and TDE column encryption.
Oracle Database supports the following types of data encryption:
-
TDE tablespace encryption: Encrypts all content stored in that tablespace. It is useful in situations where the sensitive data are stored in multiple columns.
-
TDE column encryption: Protects data stored in a table column. It encrypts and decrypts data transparently when data passes through the SQL layer.
Note:
For detailed information about TDE, see Oracle Database Advanced Security Guide.
Oracle Identity Manager supports and works with TDE tablespace encryption.
E.2 Configuring TDE for New Installation of Oracle Identity Governance
Configuring TDE requires downtime for the data movement from un-encrypted tablespaces to encrypted tablespaces. Therefore, you configure TDE for Oracle Identity Manager deployment immediately after installing the database schemas using Repository Creation Utility (RCU) and before installing Oracle Identity Manager application.
To configure TDE for a new installation of Oracle Identity Manager:
E.3 Configuring TDE for an Existing Installation of Oracle Identity Governance
Postinstallation configuration of TDE requires downtime for the data movement from un-encrypted tablespaces to encrypted tablespaces.
If you are configuring TDE after installing Oracle Identity Manager, then perform the following steps:
- Shut down Oracle Identity Manager because TDE implementation performs data movement and Oracle Identity Manager application will not be available for that time period.
- Perform steps 3 through 11, as described in Configuring TDE for New Installation of Oracle Identity Governance.
- Start Oracle Identity Manager.