Oracle Native Network Encryption¶
Table of Contents
Introduction¶
Oracle Native Network Encryption is the preferred method of enabling network encryption in transit for connections to Oracle for both Gluent Offload Engine and Sqoop or Spark components acting on behalf of Gluent Data Platform.
Tip
Network encryption (native network encryption, network data integrity, and SSL/TLS) and strong authentication services (Kerberos, PKI, and RADIUS) are no longer part of Oracle Advanced Security and are available in all licensed editions of all supported releases of Oracle Database.
Refer to the Database Security Guide in the Oracle Database Documentation for further details on the settings described here.
SQLNet Profile Configuration¶
Add the following to $ORACLE_HOME/network/admin/sqlnet.ora on all Oracle servers where Gluent Data Platform is installed:
SQLNET.ENCRYPTION_SERVER = ACCEPTED
SQLNET.ENCRYPTION_TYPES_SERVER = (AES256)
Add the following to the $OFFLOAD_HOME/../sqlnet.ora file on all servers where Gluent Data Platform is installed:
SQLNET.ENCRYPTION_CLIENT = REQUIRED
SQLNET.ENCRYPTION_TYPES_CLIENT = (AES256)
The above configuration ensures the Oracle instance accepts encrypted connections when required by Gluent Data Platform connections but does not enforce it for other connections.
Update Gluent Environment File¶
Add the following line to offload.env if it is not already set:
export TNS_ADMIN=$OFFLOAD_HOME/..
Important
Any changes made to the Gluent Data Platform environment file (offload.env) must be propagated across all installations.