PDB to CDP

1. Back up keys, users, and certificates on the KeySecure Classic UI. Refer to Creating a Backup File for details.

   Tip

   While taking a backup, on the Create Backup screen, select the ProtectDB Manager check box.

2. Restore the backup on the CipherTrust Manager. Refer to Migrating the Backup File for details.

   Note

   • The local users migrated from KeySecure Classic become a part of the Key Admin and User Admin groups by default.

   • You can manage the access rights for each of these users by adding or removing them from a particular group according to the requirement.

   • To perform CipherTrust Database Protection related operations on the CipherTrust Manager UI, a local user must be part of the ProtectDB group. Refer to System Defined Groups for details.

3. Replicate database connections on CipherTrust Manager. This step will migrate the database connections on KeySecure Classic to the CipherTrust Manager. The database connections must be recreated on the CipherTrust Manager with the same connection details.

4. Viewing database connection information on KeySecure Classic

   1. Log on to KeySecure Classic as an administrator.

   2. Navigate to the Database List section (Security > Databases).

   3. Select the database connection and click Edit Connection to view the connection information.

5. Replicating database connection on CipherTrust Manager

   1. Log on to the CipherTrust Manager GUI as administrator.

   2. Click CDP tile to open the application.

      The Databases screen displays the list of existing database connections, if any.

   3. Enter the Connection Information details in the respective fields. The connection information details must have the same values as specified in step 1. For more information about the fields, refer to the Managing Database Connection section of the CDP Server Admin Guide.

   4. Click Save.

      The newly added database appears on the Databases screen. The Status column reflects the status of the connection.

   5. Click the refresh icon on the screen if the status is not updated.

6. Update properties file. After the server configurations are done, update the ProtectDB.properties file with the NAE_IP and NAE_Port of the CipherTrust Manager. To reflect the changes in the properties file, perform the following steps. These steps vary for each CDP client.

   Oracle

   1. Update the ProtectDB.properties file.

      • For Linux, the properties file is copied to the <ORACLE_HOME>/lib/safenet/ directory.

      • For Windows, the properties file is copied to the <ORACLE_HOME>\bin\ directory.

   2. Execute the loadProperties.sh (UNIX/Linux) or loadProperties.bat (Windows) scripts. These scripts are placed at the following location:

      • Unix/Linux: <ORACLE_HOME>/lib/safenet/

      • Windows: <ORACLE_HOME>\bin\

   SQL Server

   1. Update the ProtectDB.properties file. The properties file is copied to the C:\Program Files\SafeNet\MsSqlProvider\MSSQLSERVER directory.

   2. Restart the database server.

   DB2

   1. Update the ProtectDB.properties file. The properties file is copied to the JAVA_HOME/lib/ext directory.

   2. Restart the database.

7. Configure error replacement values on CipherTrust Manager. Unlike all other column encryption properties, the Error Replacement property does not get saved in the metadata. So, to use this option, it must be set for each encrypted and to be encrypted column.

   To set Error Replacement:

   1. Log on to the CipherTrust Manager GUI.

   2. Click the CDP tile to open the application. The Databases screen displays the list of existing database connections, if any.

   3. Click the overflow icon corresponding to the desired database connection.

   4. Click on Manage Tables. The list of tables is displayed on the screen.

   5. Set the Error Replacement option in the encryption properties of the columns of the listed tables. Refer to the Managing Tables section of the CDP Server Admin Guide for details.

8. If required, upgrade the CipherTrust Database Protection clients. Refer to the CipherTrust Database Protection documentation for details.

1. Back up keys, users, and certificates on the KeySecure Classic UI. Refer to Creating a Backup File for details.

   Tip

   While taking a backup, on the Create Backup screen, select the ProtectDB Manager check box.

2. Restore the backup on the CipherTrust Manager. Refer to Migrating the Backup File for details.

   Note

   • The local users migrated from KeySecure Classic become a part of the Key Admin and User Admin groups by default.

   • You can manage the access rights for each of these users by adding or removing them from a particular group according to the requirement.

   • To perform CipherTrust Database Protection related operations on the CipherTrust Manager UI, a local user must be part of the ProtectDB group. Refer to System Defined Groups for details.

3. Replicate database connections on CipherTrust Manager. This step will migrate the database connections on KeySecure Classic to the CipherTrust Manager. The database connections must be recreated on the CipherTrust Manager with the same connection details.

4. Viewing database connection information on KeySecure Classic

   1. Log on to KeySecure Classic as an administrator.

   2. Navigate to the Database List section (Security > Databases).

   3. Select the database connection and click Edit Connection to view the connection information.

5. Replicating database connection on CipherTrust Manager

   1. Log on to the CipherTrust Manager GUI as administrator.

   2. Click CDP tile to open the application.

      The Databases screen displays the list of existing database connections, if any.

   3. Enter the Connection Information details in the respective fields. The connection information details must have the same values as specified in step 1. For more information about the fields, refer to the Managing Database Connection section of the CDP Server Admin Guide.

   4. Click Save.

      The newly added database appears on the Databases screen. The Status column reflects the status of the connection.

   5. Click the refresh icon on the screen if the status is not updated.

6. Update properties file. After the server configurations are done, update the ProtectDB.properties file with the NAE_IP and NAE_Port of the CipherTrust Manager. To reflect the changes in the properties file, perform the following steps. These steps vary for each CDP client.

   Oracle

   1. Update the ProtectDB.properties file.

      • For Linux, the properties file is copied to the <ORACLE_HOME>/lib/safenet/ directory.

      • For Windows, the properties file is copied to the <ORACLE_HOME>\bin\ directory.

   2. Execute the loadProperties.sh (UNIX/Linux) or loadProperties.bat (Windows) scripts. These scripts are placed at the following location:

      • Unix/Linux: <ORACLE_HOME>/lib/safenet/

      • Windows: <ORACLE_HOME>\bin\

   SQL Server

   1. Update the ProtectDB.properties file. The properties file is copied to the C:\Program Files\SafeNet\MsSqlProvider\MSSQLSERVER directory.

   2. Restart the database server.

   DB2

   1. Update the ProtectDB.properties file. The properties file is copied to the JAVA_HOME/lib/ext directory.

   2. Restart the database.

7. If required, upgrade the CipherTrust Database Protection clients. Refer to the CipherTrust Database Protection documentation for details.

8. Upgrade the pdbctl utility to 1.6.0. For details, refer to pdbctl Utility Documentation for details.

The following operations cannot be performed through the CipherTrust Manager UI. You need the pdbctl utility to perform these operations:

• View job history

• Delete views and triggers

• Create domain index

• Create views and triggers

• Delete old data

• Encrypt table

• Decrypt column

The key rotation operation can not be performed using the CipherTrust Manager UI. However, you can rotate key using the pdbctl utility.