Transparent Data Encryption (TDE)
Once the cryptographic key store (called wallet in 11g) is set up and encryption is CONFIGUREd in RMAN, the encryption/decryption is automatic during backup/restore operations.
Password Encryption
Requires the user to provide a password – no encryption done or keystore set up needed.
This mode is used for transporting backups to sites where keys are not available.
Dual Mode Encryption
Uses either password encryption or transparent encryption (if a wallet is open)
In 12c, RMAN adds support for pluggable databases, and supports backup/restore of individual tables or partitions of tables.
To back up a partition named P2010 of the sales table owned by the SALESADMIN schema, in the SALESPDB tenant database the rman syntax would be:
BACKUP TABLESPACE SALESPDB.SALESADMIN.SALES:P2010;
Topics:
- Backup of a tablespace in a tenant database using TDE
- Restore of a tablespace in a tenant database from an encrypted backup using TDE
Backup of a tablespace in a tenant database using TDE
We will use the BACKUP TABLESPACE command to back up a tablespace in the SALESPDB pluggable database of a CDB called CDB1. The backup will be encrypted using TDE by enabling encryption for the RMAN session.
Note:
For cryptography, an explicit open of the encryption wallet may be required.
To open it, use ADMINISTER...SET KEYSTORE OPEN.
Environment
Oracle Database 12c Enterprise Edition/Linux 2.6Transparent encryption can be enabled by default the rman CONFIGURE command as shown:
The screenshot below demonstrates the RMAN backup session.
First TDE is enabled using SET ENCRYPTION ON. Then, the tablespace is backed up with
BACKUP TABLESPACE pdbname:tablespace
Restore of a tablespace in a tenant database from an encrypted backup
Before attempting a restore, the encryption wallet should be open, else the following error occurs.
With the wallet opened, the restore is accomplished with the backup command.
To restore a tablespace the command to use is
RESTORE TABLESPACE pdbname:tablespace
No comments:
Post a Comment