System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

Encryption options for large database files in HP-UX 11.23

 

Encryption options for large database files in HP-UX 11.23

Hello,

We have a need to send Oracle data files to a vendor that support our product for testing. This is a Oracle 9i database with approx 1.5Tb in size. What are the best options to encrypt large datafiles at Unix level? The goal is to encrypt files at OS level and then backup with fbackup utility. Tape level encryption is not an option due to differing tape technologies between two sites. Also, backup software (such as Netbackup or Networker) is not an option for encryption, again due to differing technologies between sites. Thank you.
5 REPLIES
Steven Schweda
Honored Contributor

Re: Encryption options for large database files in HP-UX 11.23

> [...] What are the best options [...]

Define "best".

> [...] at OS level [...]

Meaning what, exactly?

I'd assume that GnuPG could do the job, but
1.5TB is bulky.

http://gnupg.org/
Steven E. Protter
Exalted Contributor

Re: Encryption options for large database files in HP-UX 11.23

Shalom,

http://software.hp.com

Search for Internet Express.

GPG is available there.

You can encrypt files for transfer, but you can't open the files in that condition.

You could use an encrypted file system. The overhead on that transaction is pretty bad.

Files of this size are difficult to efficiently encrypt.

Oracle protects its data pretty well. If you control oracle access you don't really have a problem.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Steven Schweda
Honored Contributor

Re: Encryption options for large database files in HP-UX 11.23

> GPG is available there.

Apparently, GnuPG 1.4.7 is available there.
GnuPG 1.4.9 is the current version.
Michal Kapalka (mikap)
Honored Contributor

Re: Encryption options for large database files in HP-UX 11.23

hi,

you could use EVFS and them backup it with normal backup software DP / veritas ...,

http://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=EVFS

mikap
eric roseme
Respected Contributor

Re: Encryption options for large database files in HP-UX 11.23

Encrypted Volume and File System can do what you want. It's a free download. If you are just encrypting a snapshot of your DB files, you can configure separate lvols (or however you set up data volumes for Oracle) with EVFS, then copy over your data. During the copy the EVFS psuedo driver will encrypt the data as it is written to disk using your volume encryption key (VEK). The the VEK is only accessible by the private key (that you created as part of the config process), so you would have to transport your private key to the remote system to mount the volumes. The EVFS Admin Guide does a great job of explaining this - you can actually utilize the Serviceguard process because propagating the private key is required for failover. I do not know what fbackup does, but to copy data while encrypted, you have to unmount the file system and do a dd fromthe device. Any time that you copy data through the kernel you are just decrypting the data again, and it is then clear data. Check out the Admin Guide at:

http://www.docs.hp.com/en/5992-4122/5992-4122.pdf