Network Time Protocol and Transparent Data Encryption
This topic provides information to help you understand Network Time Protocol and Transparent Data Encryption.
Network Time Protocol
Oracle recommends that you run a Network Time Protocol (NTP) daemon on your 1-node DB systems to keep system clocks stable during rebooting. If you need information about an NTP daemon, see Setting Up NTP (Network Time Protocol) Server in RHEL/CentOS 7.
Oracle recommends that you configure NTP on both nodes in a 2-node RAC DB system to synchronize time across the nodes. If you do not configure NTP, then Oracle Clusterware configures and uses the Cluster Time Synchronization Service (CTSS), and the cluster time might be out-of-sync with applications that use NTP for time synchronization.
For information about configuring NTP on a version 12c database, see Setting Network Time Protocol for Cluster Time Synchronization. For a version 11g database, see Network Time Protocol Setting.
Transparent Data Encryption
All user-created tablespaces in a DB system database are encrypted by default, using Transparent Data Encryption (TDE).
- For version 12c databases, if you don’t want your tablespaces encrypted,
you can set the
ENCRYPT_NEW_TABLESPACES
database initialization parameter toDDL
. - On a 1- or 2-node RAC DB system, you can use the TDE Commands to update the master encryption key for a database.
- You must create and activate a master encryption key for any PDBs that
you create. After creating or plugging in a new PDB on a 1- or 2-node RAC DB System,
use the
dbcli update-tdekey
command to create and activate a master encryption key for the PDB. Otherwise, you might encounter the errorORA-28374: typed master key not found in wallet
when attempting to create tablespaces in the PDB. In a multitenant environment, each PDB has its own master encryption key which is stored in a single keystore used by all containers.
For more information about:
- multitenant environment, see Overview of Managing a Multitenant Environment.
- changing an existing TDE wallet password using the OCI Console, see Manage Administrator and TDE Wallet Passwords.
- database encryption, see the Oracle Database Security technical briefs.