The following steps must be followed to enable encryption in a database. Note that these steps do not encrypt any of the employee data, but will encrypt any user and role passwords.
1. On the database server, create two new folders to hold the database encryption keys. These folders must be secured from outside access, and only accessible by the database processes and the system administrator. These folders must also be backed up as part of any database backup, but should be backed up seperately. One folder will be known as the KEY_DIR - that holds the current active key and the KEYBACKUP_DIR which will hold all keys ever created and the files will be named with a timestamp of when they were created. Key files are also encrypted.
2. Do not allow other connection to the database while you are applying the initial encryption install. This may be as simple as taking your Personality application server connections down.
3. Connect with SQL as the P2K user
4. Execute the script DB_ENCRYPTION_INSTALL
5. Execution of UMCE
6. Execute the PRINT_TRACE script
7. Check the ENCRYPTION_INSTALL.log file for any errors and resolve.
8. Restart the system and sign on to validate access. You may now use the IMCE Screen to turn on encryption for any of the supported columns.
Screen captures are meant to be indicative of the concept being presented and may not reflect the current screen design.
If you have any comments or questions please email the Wiki Editor
All content © High Line Corporation