Preparatory requirements

Before installing the software, Entrust recommends that you familiarize yourself with:

  • The Oracle database TDE documentation and setup process.

  • The Entrust documentation.

Entrust also recommends you have an agreed organizational Certificate Practices Statement and a Security Policy/Procedure in place covering administration of the HSM. In particular, these documents should include the following aspects of HSM administration:

  • Whether the Security World must comply with FIPS 140 Level 3 or Common Criteria restrictions.

    • If you want to use a FIPS 140 Level 3 Security World, then you must create an OCS card set for FIPS authorization. This is true even for Softcard protection which is the only protection method currently supported by WSOP.

    • If you are running multiple database instances on the same host, the same FIPS authorizing OCS cards can be used for all database instances.

  • The number and quorum of Administrator Cards in the Administrator Card Set (ACS), and a policy for managing these cards.

    If OCS cards are to be used, you need to decide the number of Operator Cards in the OCS card set. K/N functionality is not currently supported. This means that you must create 1/N OCS card sets. The number of OCS cards in a card set must at least match the number of HSMs that will be in your configuration, and with more to spare in case of a card loss or failure.

  • Entrust recommends that you create a policy for managing SQL scripts that allow use of credentials for the Oracle database. These SQL scripts should only be available to authorized users.

  • Entrust recommends that you create a policy for managing the passphrases for your:

    • ACS

    • Softcard protection

    • OCS Card Set for FIPS Authorization

    For information on passphrases, see About the HSM credential.

  • Entrust recommends that you create a policy for managing the physical security of your smartcards as used for ACS and OCS, and their deployment to authorized users.

As part of your preparation, Entrust recommends that you read Security Worlds key protection and failure recovery.

This guide assumes that Oracle database software, and (at least) one Oracle database, is already installed on your system. With Oracle database software already installed, ensure that any required patches have been added.

To integrate an Oracle database with Entrust WSOP, the following steps are required:

  1. Environment configuration.

  2. Setup and Install the Entrust WSOP server with the HSM, Security World software and WSOP software.

  3. Configure Oracle database software to use the Entrust WSOP server.

Details of your installation and configuration will depend on:

  • Whether you want to migrate encryption keys from an existing Oracle software keystore to an Entrust WSOP server, or start directly encrypting keys using an Entrust WSOP server.

The default oracle host server user is oracle unless stated otherwise.

For more information on how to configure your Entrust WSOP Server, see the User Guide for WSOP.

For more information on how to configure your Oracle environment, see the Oracle documentation.

For more detail or suggestions on how you may set up your system, see the following Appendixes: