Thứ Tư, 27 tháng 4, 2016

[Oracle 11gr2-RAC-PCIDSS] Configure TDE Wallet on RAC to Encryption Tablespace, Table, Column Request by PCIDSS Certificate.


1/ Create Wallet
[oracle@oel01 ~]$ owm












Save to:
/u01/app/oracle/admin/$ORACLE_UNQNAME/wallet








2/ Configure ENV
-        Bash_profile:
[oracle@oel01 ~]$ cat .bash_profile
ORACLE_UNQNAME=RAC; export ORACLE_UNQNAME
-          Set srvctl env:
[oracle@oel01 ~]$ srvctl setenv database -d RAC -T ORACLE_UNQNAME=RAC
[oracle@oel01 ~]$ srvctl setenv database -d RAC -T ORACLE_BASE=/u01/app/oracle
[oracle@oel01 ~]$ srvctl setenv database -d RAC -T TNS_ADMIN=/u01/app/oracle/product/11.2.0/dbhome_1/network/admin
[oracle@oel01 ~]$ srvctl getenv database -d RAC
RAC:
ORACLE_UNQNAME=RAC
ORACLE_BASE=/u01/app/oracle
TNS_ADMIN=/u01/app/oracle/product/11.2.0/dbhome_1/network/admin

3/ Configure sqlnet.ora
[oracle@oel01 ~]$ vi $ORACLE_HOME/network/admin/sqlnet.ora

ENCRYPTION_WALLET_LOCATION
   =(source
       =(method=file)
        (method_data=(directory=/u01/app/oracle/admin/$ORACLE_UNQNAME/wallet))
     )

4/ Set file permission for Wallet file:
Chmod 700 /u01/app/oracle/admin/$ORACLE_UNQNAME/wallet
Chmod 600 /u01/app/oracle/admin/$ORACLE_UNQNAME/wallet/*
Chmod u+i /u01/app/oracle/admin/$ORACLE_UNQNAME/wallet/*
5/ Configure Database using Wallet:
-          Stop Database:
[oracle@oel01 ~]$ srvctl stop database -d RAC
-          Start one node, the others is shutdown.
[oracle@oel01 ~]$ srvctl start instance -d RAC –i RAC1

SQL>alter system set encryption wallet open identified by “Password”;
SQL >select * from v$encryption_wallet; -> Must be open, file_name
SQL >alter system set encryption key identified by “Master_Password”;
SQL >alter system set encryption wallet close identified by “Password”;
-          Copy Wallet file to the others host:
$scp /u01/app/oracle/admin/$ORACLE_UNQNAME/wallet/* oracle@othernode: /u01/app/oracle/admin/$ORACLE_UNQNAME/wallet
-          Start all of instance:
[oracle@oel01 ~]$ srvctl start instance -d RAC –i RAC2
-          Let’s open wallet:
SQL >alter system set encryption wallet open identified by “Password”;
-          Check status:
SQL >select * from gv$encryption_wallet; -> Must be open, file_name;

Next, We will using TDE Wallet to encrypt Data on Tablespace, Table, Column.













Người đăng: vào lúc

Không có nhận xét nào:

Đăng nhận xét

Đăng ký: Đăng Nhận xét (Atom)