Solution Review – Technology Example: Data at Rest Encryption

Question

Greetings! In this post, https://community.emc.com/thread/123402?tstart=0, I mentioned how the SDC uses this community to help you with your Oracle solutions.  I’d like to give you an example of the kinds of solutions that we can assist with. Oracle and Data at Rest Encryption You’ve been working with a customer who has some pretty robust security standards – including data at rest encryption.  You’re pretty sure you have a great solution to protect their document management system (running on Oracle) using PowerPath with Encryption but you want to get another set of eyes on your solution. Well, the SDC can help you out here.  Post a new thread about what you’re trying to do and any details you have around it and we’ll weigh in.  The SDC has some folks who’ve been evaluating data at rest encryption solutions for several years.  We can talk to you about server load, impact on replication, backup options and ramifications, and interoperability with RSA key manager. We’re here to help. R.

Jingyi1 · Answer

As RSA key manager is used to manage the keys, are all keys generated by PowerPath?

taceyr · Answer

Welcome to the community, JingYi!

The keys used by PowerPath Encryption are generated by the RKM at PowerPath's request. It's a fairly involved process to set up the key manager objects and copy the certificates to the various hosts. All told there's about five major steps when you consider generating the PKI credentials, deploying the RKM appliances, defining the PowerPath manager objects, installing the PowerPath encryption functionality and then configuring the encryption.

You can read about what's involved in the "EMC PowerPath Encryption with RSA User Guide" which is available on Powerlink at http://powerlink.emc.com/km/live1/en_US/Offering_Technical/Technical_Documentation/300-011-784.pdf?mtcs=ZXZlbnRUeXBlPUttQ2xpY2tDb250ZW50RXZlbnQsZG9jdW1lbnRJZD0wOTAxNDA2NjgwNWMyYjZlLG5hdmVOb2RlPVNvZndhcmVEb3dubG9hZHMtMg__

.

Rob

Jingyi1 · Answer

Thanks for the info, Rob. The reason I'm asking is I reviewed a solution with Brocade Encryption Switch working with RSA KV. In that scenario, all Keys are generated from BES not from RSA KV. It's good to know RKM can be used to generate keys with the requested initialized from other device/software.

Jingyi

Oracle

Was this post helpful?