Securing AR System server and Oracle database communication

Secure communication between the AR System Server and Oracle database protects sensitive data from unauthorized access, interception, and data breaches. Encryption ensures that data transmitted between these systems remains confidential, reducing the risk of data breaches. 

Related topics

Encryption-Security-for-secure-communication-between-the-client-and-server

Encryption guidelines for AR System versions 20.08 and earlier

In AR System versions 20.08 and earlier, the AR System server is installed on virtual machines. You can modify the server files, including Oracle-specific configuration files, or add certificates to the virtual machines to enable encryption. For more information about how you can enable encryption on AR System server versions 20.08 and earlier, see Trending in Support: Encrypting Data Between AR Servers and Oracle Databases.

Encryption guidelines for AR System versions 21.3 and later

With the adoption of containerization, starting with AR System version 21.3, the AR System server is deployed as a Docker container within a Kubernetes infrastructure. This encapsulation restricts direct file system modifications. The following table provides information about encryption on AR System versions 21.3 and later:

Feature

Description

AR Server deployment

Containerized (Docker and Kubernetes)

Encryption configuration

Controlled by Oracle database settings

Oracle driver type

Type 4 JDBC driver

Customization

No direct access to config files in container

Encryption enforcement

Managed by database-side settings

Configuring encryption and integrity parameters by using Oracle Net Manager

You can use the Oracle Net Manager to specify the following four possible values for the encryption and integrity configuration parameters.

  • REJECTED
  • ACCEPTED
  • REQUESTED
  • REQUIRED

The encryption behavior depends on the client and server settings as shown in the following table:

Client Setting

Server Setting

Encryption and Data Negotiation

REJECTED

REJECTED

OFF

ACCEPTED

REJECTED

OFF

REQUESTED

REJECTED

OFF

REQUIRED

REJECTED

Connection fails

REJECTED

ACCEPTED

OFF

ACCEPTED

ACCEPTED

OFF

REQUESTED

ACCEPTED

ON

REQUIRED

ACCEPTED

ON

REJECTED

REQUESTED

OFF

ACCEPTED

REQUESTED

ON

REQUESTED

REQUESTED

ON

REQUIRED

REQUESTED

ON

REJECTED

REQUIRED

Connection fails

ACCEPTED

REQUIRED

ON

REQUESTED

REQUIRED

ON

REQUIRED

REQUIRED

ON

Important

To configure server-side encryption and integrity settings, see the Configuring Encryption and Integrity Parameters Using Oracle Net Manager topic in the official Oracle documentation relevant to your Oracle version.

The Oracle Type 4 JDBC driver used in AR System server defaults to ACCEPTED, and encryption is activated when the Oracle database is configured with REQUESTED or REQUIRED settings.

The following screenshot provides an example of various settings from the database server side for an Oracle database in OCI cloud, with which BMC verified the encryption of traffic between the AR server and the Oracle database:

25101_Oracle_database_settings.png

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*