Enabling Encryption for Data Guard Redo Transport
(Doc ID 749947.1)
Last updated on SEPTEMBER 21, 2019
Applies to:Oracle Database Cloud Schema Service - Version N/A and later
Oracle Database Exadata Cloud Machine - Version N/A and later
Oracle Cloud Infrastructure - Database Service - Version N/A and later
Oracle Database Cloud Exadata Service - Version N/A and later
Oracle Database Exadata Express Cloud Service - Version N/A and later
Information in this document applies to any platform.
***Checked for relevance on 08-MAY-2013***
*** Reviewed for relevance 16-Jul-2015 ***
The bulletin describes how to encrypt Data Guard redo traffic using the Advanced Security Option.
Data Guard redo transport can be integrated with Advanced Security Option (ASO) to ensure data and redo security and confidentiality. ASO can be used to enable encryption, cryptographic network checksums (different from log checksum during reads and writes) and authentication services between the primary and standby systems. ASO network encryption has been available since Oracle7. For example, enabling Advanced Encryption Standard (AES) encryption algorithm requires only a few parameter changes in sqlnet.ora file. No certificate or directory setup is required and only requires restart of the database.
Starting in Oracle8i and up, customers can setup certificates and SSL for stronger security infrastructure. Starting in 10g, Data Guard used authenticated network sessions to transfer redo data even in the absence of ASO. These sessions are authenticated using the SYS user password contained in the password file. All databases in the Data Guard configuration must use a password file, and the SYS password contained in this password file must be identical on all systems. Once again to further protect redo (for example, to encrypt redo or compute an integrity checksum value for redo traffic over the network to disallow redo tampering on the network), Oracle recommends that you install and use ASO.
For more information about configuring encryption or any of the advanced security services, please refer to the security guides relevant for your standby database release. For example, please refer to Oracle 11g’s Advanced Security Administrator's Guide, Oracle 10g’s Advanced Security Administrator's Guide, Oracle 9i’s Advanced Security Administrator’s Guide, Oracle 8i’s Advanced Security Administrator’s Guide, or Oracle 7’s Advanced Networking Option Administrator’s Guide.
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document