TDE encryption in Oracle/MSSQL

book

Article ID: 107115

calendar_today

Updated On:

Products

Clarity PPM SaaS Clarity PPM On Premise

Issue/Introduction

This article describes the features of Oracle Advanced Security supported by CA PPM.

The Progress DataDirect Driver that we ship with PPM does support JDBC Encryption starting with DD release 5.1.0 and it requires Oracle Advanced Security (OAS) licensing.
 
Encrypting the data at rest (i..e the data stored in the Oracle RAC hosts) uses the Transparent Data Encryption (TDE) feature of Oracle Advanced Security. We have tested TDE in our labs and we have found that this causes a 20% performance overhead impact to our (PPM) application. You can enable this on the PPM side by adding the two tags that we discussed earlier to the JDBC URL in NSA. 

Encyrpting the (network) data flow between Oracle RAC servers and PPM Application server hosts requires the Network Data Encryption (NDE) feature of Oracle Advanced Security- we have not tested this in our labs yet so we do not support it.
 

Environment

CA PPM 15.3+

Resolution

To implement Oracle Advanced Security encryption
                 -Set the EncryptionLevel property in the JDBC URl to accepted, requested, or required
                - Set the EncryptionTypes property in the JDBC URL to one or multiple algorithms (Oracle Advanced Security provides the Advanced Encryption Standard (AES), DES, 3DES, and RC4 symmetric cryptosystems for protecting the confidentiality of network traffic)
 
For example, your JDBC URL string in NSA or properties.xml including these 2 tags should look something like this:

url="jdbc:clarity:oracle://databaseserver1.ca.com:1521;ServiceName=clrtydev;BatchPerformanceWorkaround=true;InsensitiveResultSetBufferSize=0;ServerType=dedicated;supportLinks=true;EncryptionLevel=requested;EncryptionTypes=AES" 

 

Additional Information

MSSQL DB Encryption is also supported:

Transparent Data Encryption (TDE)