Delphix Server 3.1 Documentation



Documentation for Previous Versions of the Delphix Server

Delphix Server 3.0 Documentation

Skip to end of metadata
Go to start of metadata
This topic describes how to provision a VDB from an encrypted database.

The Delphix Server supports provisioning from a dSource linked to a physical database that has been encrypted with Oracle's Transparent Database Encryption (TDE), which can be used to encrypt columns or tablespaces.

Provisioning a VDB from an encrypted dSource requires that you have an auto-open wallet set up in the target environment, because the provisioning process requires the master key stored in the wallet file. You can either set up an auto-open wallet for the source database and copy the auto-open wallet files (both ewallet.p12 and cwallet.sso) to the target environment, or first copy the encryption wallet file (ewallet.p12) to the target environment, and then generate an auto-open wallet from the encryption wallet file.

When provisioning a VDB from an encrypted dSource, if the target environment has other databases that also use TDE, each database should use a different wallet. Please check Oracle documentation on how to set up different wallet locations for different databases. For example, you can use $ORACLE_SID in the DIRECTORY clause of the ENCRYPTION_WALLET_LOCATION parameter in sqlnet.ora:

ENCRYPTION_WALLET_LOCATION=(SOURCE=(METHOD=FILE)(METHOD_DATA=(DIRECTORY=/opt/oracle/wallets/$ORACLE_SID)))

Procedure

  1. Check for any encrypted columns or tablespaces on the source database by using these commands:

    SELECT t.name name, e.encryptionalg algorithm FROM v$tablespace t, v$encrypted_tablespaces e
    
    WHERE t.ts# = e.ts# and upper(e.encryptedts) = 'YES';



  2. Copy wallet files from the source database to the target environment, and then configure the sqlnet.ora file on the target to point to the directory where the wallet is located. 

    $ more sqlnet.ora
    
    ENCRYPTION_WALLET_LOCATION=(SOURCE(METHOD=file) (METHOD_DATA=(DIRECTORY=/opt/oracle/oradata/nf/wallet)))



  3. If the source database does not use auto-open wallet, create the auto-open wallet at the target environment. 
     

    $ orapki wallet create -wallet /opt/oracle/oradata/nf/wallet -auto_login



  4. Proceed with provisioning the VDB as described in Provisioning an Oracle VDB.

 

Wallet files can be copied from the source database to the target environment as a part of the provision pre-script.