Migration of File based TDE to OKV for ExaDB-D Using Automation via REST
(Doc ID 2924192.1)
Last updated on JULY 12, 2024
Applies to:
Oracle Cloud Infrastructure - Exadata Cloud Service - Version N/A to N/A [Release N/A] Oracle Key Vault - Version 21.3.0.0 to 21.5.0.0 Oracle Database - Enterprise Edition - Version 12.1.0.2 to 19.17.0.0.0 [Release 12.1 to 19] Linux x86-64
Goal
The purpose of this doc is to provide step-by-step instructions on how to migrate File based TDE to Oracle Key Vault (OKV) using REST for RDBMS versions 12.1 and 19c databases that exist in the Exadata Database Service on Dedicated Infrastructure (ExaDB-D). The steps will include the VCN (Virtual Cloud Network) creation, provisioning the Exadata Infrastructure, virtual cluster, and the Oracle Key Vault instance using Oracle Key Vault Services in OCI. For Oracle Key Vault setup, automation scripts using REST were used to install the Oracle Key Vault RESTFul Service Utility, create the default wallet and endpoints, and download and install the Oracle Key Vault endpoint client software. The automation scripts can be changed to suit customer standards.
CDB/PDB isolated keystore mode is not supported on BaseDB, ExaDB-D, and ExaDB-C@C cloud services.
Summary of software versions used in this documentation:
Conventions: • Hostnames, key id’s, passwords and database names used in this documentation are fictitious • Examples are based on a two node cluster • Unless specified, commands and queries can be used for all RDBMS versions discussed in this documentation
Assumptions:
• The documentation assumes the Endpoint Adminstrator has access to create endpoints and wallets on the Oracle Key Vault Server. • The automation scripts assumes the Oracle Key Vault cluster is a multi-node cluster. Automation scripts are attached to the MOS Note • The EXADB-D Infrastructure and EXADB-D VM's have been provisioned • The documentation assumes UNITED mode for PDB keystore is used; CDB/PDB isolated keystore mode is not supported on BaseDB, ExaDB-D, and ExaDB-C@C cloud services.
Software Requirements: • dbaastools – DBAAS_21.3.1.1.0_LINUX.X64_211012.0110 and up • dbcs-agent - 21.3.1.1.0_LINUX.X64_211012.0110 and up (Please contact Oracle Support if dbcs-agent update is required) • RDBMS – For 19c - 19.6 and up
For more information on the Oracle Key Vault, please visit the following link: