To integrate the SafeGuard CryptoServer into the Oracle Database 11g (Release 2) TDE complete the following steps:
-
Install SafeGuard CryptoServer hardware an/d software
-
Install Oracle Database 11g (Release 2)
At this point you have to choose between two following approaches:
-
Configure the Oracle Software Wallet first and then migrate to TDE with SafeGuard CryptoServer. If you choose this, you have to perform the following steps:
-
Configure and test Transparent Data Encryption (TDE) with the Oracle Wallet
-
Migrate from TDE with the Oracle Wallet to TDE with the SafeGuard CryptoServer PKCS#11 library
-
-
or you can choose to configure TDE with SafeGuard CryptoServer right away. Then you have to perform the next step:
-
Configure Oracle Advanced Security Transparent Data Encryption with the SafeGuard CryptoServer PKCS#11 library
-
The first approach is appropriate for getting familiar with TDE without configuring the HSM first. After migration the master key is stored in the HSM.
The second approach demonstrates TDE with a HSM without initializing the Oracle Wallet first. If the Oracle Wallet is already initialized in Oracle Database 11.1.0.7, tablespace encryption will rely on that software wallet even after migration to HSM. It is not possible to migrate the tablespace master key to HSM until Oracle Database 11g Release 2.