ENABLING ENCRYPTION
Back to current versionRestore this version

The following steps must be followed to enable encryption in a database. Note that these steps do not encrypt any of the employee data.

1. On the database server, create two new folders to hold the database encryption keys. These folders must be secured from outside access, and only accessible by the database processes and the system administrator. These folders must also be backed up as part of any database backup. One folder will be known as the KEY_DIR - that holds the current active key and the KEYBACKUP_DIR which will hold all keys ever created and the files will be named with a timestamp of when they were created. Key files are also encrypted.

2. Do not allow other connection to the database while you are applying the initial encryption install. This may be as simple as taking your ePersonality application server connections down.

3. Connect with SQL as the P2K user

4. Execute the script DB_ENCRYPTION_INSTALL

5. Execution of UMCE

6. Execute the PRINT_TRACE script

7. Check the ENCRYPTION_INSTALL.log file for any errors and resolve.

8. Restart the system and sign on to validate access. You may now use the IMCE Screen to turn on encryption for any of the supported columns.


Notes#

Click to create a new notes page