I am very happy to announce that with the new 19.16 RU (July 2022 Release Update) for Oracle Database released last week (Doc ID 2521164.1), Data Guard is now more flexible regarding how it deals with mixed encryption configurations with the introduction of the new TABLESPACE_ENCRYPTION initialization parameter.
Previously when having a hybrid DR environment using Oracle Cloud (OCI), it was very common to have the primary database forced to use ASO (Advanced Security Options) as the standby database was encrypted by using TDE (Transparent Data Encryption that is part of ASO). Now, a primary database from 19.16 onwards is not required to use ASO when using an encrypted standby if adequately implementing the new initialization parameter TABLESPACE_ENCRYPTION. In this case, all redo transmitted from the primary database (on-premises) to the standby database (at OCI) would be encrypted on the fly on arrival at the standby. Any redo transmitted from OCI ( for example, due to a switchover or a DML redirect) would be encrypted and decrypted by the on-premises database on arrival.
Important: You need to set up your unencrypted primary or standby database as if it was encrypted. You need a wallet with a master key set for root and all PDBs on the primary database. Copy this wallet over to the standby database after every set key operation, regardless if the primary or standby database is encrypted.”
Note: It is very important to understand that this new behavior would transmit unencrypted data that could cause a security breach. Per best practices and Oracle MSA (Maximum Security Architecture), it is always recommended to use ASO to secure all data on rest and in transit.
Check Glen Hawkins’s official post about this new parameter and behavior here.
Francisco Munoz Alvarez
Want to learn more?
Check these fantastic content about Oracle MAA and MSA available for you:
- Oracle Maximum Availability Architecture (MAA) Main Page – https://bit.ly/3ysinDY
- Database Security Main Page – https://bit.ly/3NSJWw3
- Cyber Security Blog – https://bit.ly/3yPVZpG
- Cyber Security Technical Paper – https://bit.ly/3akX1Ao
- Securing the Oracle Database – a technical primer (free fourth edition) – https://bit.ly/3bUYQVa
- Security Free Labs – https://bit.ly/3NLjCDW
- Disaster and Recovery Free Labs – https://bit.ly/3yms6vK
- Exadata Security Guide: https://bit.ly/3z84iMh
- Exadata MSA presentation: https://bit.ly/3PD2ty9