Tuesday, June 7, 2011

Pretty happy with Oracle Advanced Security option

The Oracle Advanced Security aka OAS ( one of many Oracle anacronyms using OAS unfortunately ) is an extra cost feature/option that we implemented a while back in an 11.1 environment. One of the many possible Oracle references here is: OAS ...

We implemented tablespace based Transparent Data Encryption for 2 fairly large ASM based tablespaces ( the old data and index separation which may not really be needed any longer ) and that has worked very well. Used expdp to put all the existing data out into a file, deleted and recreated the tablespaces using AES256 based encryption, and reloaded all the data via impdp from file. The reloading process did take a little longer ( compared to doing it without TDE tablespace encryption ) with the full tablespace encryption on ( lots of IO and cpu taken ). The system though under normal usage shows almost no impact from using tablespace based TDE.

We also have switched on and back off then on again the network based session encryption also using AES256. That does take up a slightly noticeable amount of extra cpu usage on our systems ... maybe a little more than Oracle advertises as typical ... but still not anything that has slowed us down ( I often see in an 8 hour AWR report from busy days 2.5/3 percent DB time in SQL * net more data to client ... a wait event I never saw before implementing session based encryption ).

All in all we are pretty satisfied with the stability and useability and performance of the two largest features of OAS in an 11.1 environment.

2 comments:

  1. This comment has been removed by a blog administrator.

    ReplyDelete
  2. Yes its true that the new version has came up with so many promising features out of which security option is the best of all. I am also currently working on security module and is trying to figure out all the options.
    oracle ebs r12

    ReplyDelete