Configuring Oracle TDE on a Multi-Master or replication setup
You can configure Oracle TDE on a Multi-Master or a replication setup to achieve high-availability.
In a Multi-Master or a replication setup, you can configure Oracle TDE with multiple IBM Security Guardium Key Lifecycle Manager servers that are part of the setup. If the master server is unavailable, Oracle TDE connects to the other master servers or clone servers to get the TDE master key.
Oracle uses the Oracle Wallet to manage database credentials across multiple domains. When Oracle TDE switches between one IBM Security Guardium Key Lifecycle Manager server to another, the Oracle Wallet closes automatically. To ensure that Oracle TDE can seamlessly switch between the IBM Security Guardium Key Lifecycle Manager servers according to their availability, you must configure auto-login for the Oracle Wallet. When the primary master server becomes available again, Oracle TDE automatically switches back to the master server to get the TDE master key.
Complete the following steps to configure Oracle TDE on a Multi-Master or replication setup:
- To configure the master server as the external security module for Oracle TDE, follow the steps in Configuring Oracle Transparent Data Encryption (TDE).
- On the system where Oracle is installed, enable auto-login for the Oracle Wallet. For steps, see Enabling auto-login for Oracle Wallet.