Network Time Protocol and Transparent Data Encryption

This topic provides information to help you understand Network Time Protocol and Transparent Data Encryption.

Network Time Protocol

Oracle recommends that you run a Network Time Protocol (NTP) daemon on your 1-node DB systems to keep system clocks stable during rebooting. If you need information about an NTP daemon, see Setting Up NTP (Network Time Protocol) Server in RHEL/CentOS 7.

Oracle recommends that you configure NTP on both nodes in a 2-node RAC DB system to synchronize time across the nodes. If you do not configure NTP, then Oracle Clusterware configures and uses the Cluster Time Synchronization Service (CTSS), and the cluster time might be out-of-sync with applications that use NTP for time synchronization.

For information about configuring NTP on a version 12c database, see Setting Network Time Protocol for Cluster Time Synchronization. For a version 11g database, see Network Time Protocol Setting.

Transparent Data Encryption

All user-created tablespaces in a DB system database are encrypted by default, using Transparent Data Encryption (TDE).

  • For version 12c databases, if you don’t want your tablespaces encrypted, you can set the ENCRYPT_NEW_TABLESPACES database initialization parameter to DDL.
  • On a 1- or 2-node RAC DB system, you can use the TDE Commands to update the master encryption key for a database.
  • You must create and activate a master encryption key for any PDBs that you create. After creating or plugging in a new PDB on a 1- or 2-node RAC DB System, use the dbcli update-tdekey command to create and activate a master encryption key for the PDB. Otherwise, you might encounter the error ORA-28374: typed master key not found in wallet when attempting to create tablespaces in the PDB. In a multitenant environment, each PDB has its own master encryption key which is stored in a single keystore used by all containers.

For more information about: