SCOM database encryption

Similar Messages

• SCOM Database Queries

  Hello
  I am in the middle of the designing a fully customized dashboard for my SCOM 2012 database. I can use existing queries but they are not complete. I need my own queries but i don't know which SQL tables or views contain a specific monitor or management pack's
  data. those people who generate these queries how find it out? is there any reference or guide about SCOM database structure?
  Appreciate your responses.
  Regards,

  Hi
  You could use These diagrams to start with
  SCOM DWH
  http://technet.microsoft.com/en-us/library/gg508713.aspx
  http://www.systemcentercentral.com/download/opsmgr-2012-database-schemas-operationsmanagerdw-db-2/
  http://capacitas.wordpress.com/2012/12/05/retrieving-data-from-the-scom-database/
  And of course Kevin's famous SQL query collection
  http://blogs.technet.com/b/kevinholman/archive/2007/10/18/useful-operations-manager-2007-sql-queries.aspx
  These are good starting Points.
  Cheers,
  Stefan
  Blog: http://blog.scomfaq.ch

• The certificate 'instance' cannot be dropped because it is bound to one or more database encryption key.

  my question is the as this one on this link
  https://social.msdn.microsoft.com/Forums/sqlserver/en-US/55deada2-95f1-46a9-82be-c7e684a4bddb/the-certificate-certname-cannot-be-dropped-because-it-is-bound-to-one-or-more-database-encryption?forum=sqlreplication. but there is no clear answer what to
  do . would anyone please help me and give me guidance?
  i had create a master key and a certificate under master database. and now i want to drop these certificate and master key from  this database and face with this error  :sg 3716, Level 16, State 15, Line 1
  The certificate 'TDECert' cannot be dropped because it is bound to one or more database encryption key .
  thanks in advance

  Have you enaled TDE for any user database? if yes, and you do not want to continue with having TDE encryption, then you need to run the first command by changing the dbname to that user database instead of master.
  ALTER DATABASE DBName SET ENCRYPTION OFF
  You can run below command to see if any database are encrypted using TDE
  Select is_encrypted,* from sys.databases
  Keerthi Deep | Blog SQLServerF1 |
  Facebook

• Database encryption in multitenant

  Hi,
  We need to implement database encryption TDE on certain columns for SAP in multitenant environment.
  We have unique client id per customer.
  How does the 'database' encryption work in an multi-tenant environment? What if one company want certain fields encrypted and other does not.
  Regards,

  Yes Bitlocker
  http://technet.microsoft.com/en-us/library/ee832792(v=exchg.150).aspx
  Windows BitLocker (volume encryption)
  Windows BitLocker is a data protection feature in Windows Server 2008. BitLocker protects against data theft or exposure on computers that are lost or stolen, and it offers more secure data deletion when computers are decommissioned.
  Supported: All Exchange database and log files.
  Supported: All Exchange database and log files. Windows failover clusters require Windows Server 2008 R2 or Windows Server 2008 R2 SP1 and the following hotfix:
  You cannot enable BitLocker on a disk volume in Windows Server 2008 R2 if the computer is a failover cluster node. Exchange volumes with Bitlocker enabled are not supported on Windows
  failover clusters running earlier versions of Windows.
  For more information about Windows 7 BitLocker encryption, see
  BitLocker Drive Encryption in Windows 7: Frequently Asked Questions.
  Twitter!: Please Note: My Posts are provided “AS IS” without warranty of any kind, either expressed or implied.

• Database encryption supported in Exchange 2013?

  hi,
  according to this: 
  http://technet.microsoft.com/en-us/library/aa998022(v=exchg.80).aspx
  MS doesn't support storing Exchange databases on  EFS volumes.
  Is the recommendation the same for Exchange 2013?
  Is there any support for encrypting databases in an Exchange 2013 environment other than in transit traffic?
  Thanks,
  rudif

  Yes Bitlocker
  http://technet.microsoft.com/en-us/library/ee832792(v=exchg.150).aspx
  Windows BitLocker (volume encryption)
  Windows BitLocker is a data protection feature in Windows Server 2008. BitLocker protects against data theft or exposure on computers that are lost or stolen, and it offers more secure data deletion when computers are decommissioned.
  Supported: All Exchange database and log files.
  Supported: All Exchange database and log files. Windows failover clusters require Windows Server 2008 R2 or Windows Server 2008 R2 SP1 and the following hotfix:
  You cannot enable BitLocker on a disk volume in Windows Server 2008 R2 if the computer is a failover cluster node. Exchange volumes with Bitlocker enabled are not supported on Windows
  failover clusters running earlier versions of Windows.
  For more information about Windows 7 BitLocker encryption, see
  BitLocker Drive Encryption in Windows 7: Frequently Asked Questions.
  Twitter!: Please Note: My Posts are provided “AS IS” without warranty of any kind, either expressed or implied.

• Remove network device inventory from SCOM database

  Hello Gurus
  I have a quick question. I think one of the internal connectors in my SCOM environment has got deleted by mistake. As a result all the network devices that were being monitored previously has now disappeared. I believe because they were present in the database,
  I can't discover them now. Is it possible somehow to list those network devices from the database, and then delete them, by using powershell and/or SQL.
  Any help in this regard will be greatly appreciated.
  Regards,

  You can delete them by:
  In the Discovery Rules option under the Administration Tab, you will be able to see all the network devices that are discovered. This shows the devices that are discovered and currently getting monitored in SCOM. You can select multiple devices and then
  remove them.
  Then Run in powershell Get-RemotelyManagedDevice to check that all Network devices deleted.
  you can also check below link to remove/restore network device
  http://technet.microsoft.com/en-us/library/hh212795.aspx
  Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question, please click "Mark As Answer"

• Database Encryption Question

  Hi All,
  We have an application that insert records to a remote database over a database link. From what I understand, the remote database is not on our network, and is accessed over the internet, or some unsecured network.
  So, I am being asked about encrypting the data. I'm not sure what they are referring to. I've seen posts referring to an Oracle package called dbms_obfuscation_toolkit.
  Or perhaps they are talking about encrypting the data during transport to the remote database?
  Can anyone provide me some insight into the encrypting of the data, and whether it is stored in the database that way, or is it just while it is in transit.....
  Thanks.

  If you are using a single key to encrypt all the data, you would only have to transmit the key when it changed. Some applications need to change the key periodically (i.e. when someone with access to the key is terminated, when there is a security breach, every N days, etc). Some applications use different keys for different pieces of data.
  Oracle Advanced Security (OAS) is definitely easier to deal with-- you make a couple of configuration settings and you're done. Rolling your own solution requires code on both systems and can get somewhat painful if you need to encrypt a lot of columns. Your security also depends on the ability of the remote site to keep your shared key secret.
  If you're transmitting data that is mostly non-confidential but has the occasional confidential element (i.e. credit card #'s, social security #'s, etc), DBMS_OBFUSCATION_TOOLKIT is probably appropriate. If the majority of the data you're sending needs to be encrypted, particularly if that is a legal requirement, I would tend to favor OAS.
  Justin
  Distributed Database Consulting, Inc.
  http://www.ddbcinc.com/askDDBC

• Database Encryption

  According to Payment Card Industry (PCI) Data Security Standard:
  meet the following
  minimum comparable key bit security:
  • 80 bits for secret key based systems (for example TDES)
  • 1024 bits modulus for public key algorithms based on the factorization
  (for example, RSA)
  • 1024 bits for the discrete logarithm (for example, Diffie-Hellman) with a
  minimum 160 bits size of a large subgroup (for example, DSA)
  • 160 bits for elliptic curve cryptography (for example, ECDSA)
  So in order to store credit card details in my 10g DB I have 3 questions, I was wondering if someone can help me with:
  Which of these encryptions Oracle support ?
  Which is the most secure?
  Is there any other Oracle products that will encryupt my data?
  Thank you in advance for your help.

  Dear drbiloukos,
  many of our customers have used TDE (Transparent Data Encryption) for their PCI compliance projects and passed successfully. If you are on 10gR2, it's recommended to upgrade to 10.2..0.4 or 10.2.0.5 as these include bug fixes that reduce the performance impact, storage impact, and general usability. What application do you want to protect, a custom or a packaged application?
  Please, for more details, see:
  http://www.oracle.com/technetwork/database/options/advanced-security/index-099011.html
  http://www.oracle.com/technetwork/database/security/twp-transparent-data-encryption-bes-130696.pdf
  http://www.oracle.com/technetwork/database/security/tde-faq-093689.html
  http://www.youtube.com/watch?v=ecdROBQIseI
  Best, Peter

• SCOM database size

  Hi!
  I will install one SCOM2012 R2 Environment and use Microsoft "System Center 2012 Operations Manager
  Sizing Helper Tool v1" excel file to figure out the HW on the SCOM servers and the database.
  I suppose that the disk RAID recommendation is for SATA or SAS disks. What happens for example if the dedicated SCOM SQL server use
  local SSD disks. The SAS disk can handle up to 200 IOPS and SSD disk can handle up to 8000 IOPS.
  For example if I use the Sizing Helper and choose 500 Agent + 100 APM servers.
  Then the RAID will be:
  OpsMgr db = 4 disk RAID 10
  OpsMgrDW = 6 disk RAID 10
  Is it the same RAID recommendation for SSD disk or can it instead be:  
  OpsMgr db = 2 disk RAID 1
  OpsMgrDW = 2 disk RAID 1
  //Mats A

  Agree with John.
  It's same RAID recommendation for SSD Disks to get more high availability because in RAID 10, you will have high performance with redundant {for example, in RAID 10, you will not lose the data until if 2 HD Failed} and Performance of Read and Write is high.
  SSD give you high performance but it will good for 500 Agent and 100 APM but in large environment, it's recommended to work on same RAID Recommendation
  Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question, please click "Mark As Answer"
  Mai Ali | My blog: Technical | Twitter:
  Mai Ali

• Oracle Streams and Database Encryption

  I am looking for encryption method for OLTP database.
  Oracle Streams will be used to synchronize the data between source and remote database.
  Business process wants all remote database to be fully encrypted.
  What Can I use?
  - TDE is not supported with Oracle Streams,
  - I can’t use DBMS_CRYPTO since it needs big Database modifications.
  Any other Oracle supported techniques, or maybe I’m gonna need to consider hardware encryption (like hard disk encryption) or OS level encryption.
  Thanks,

  TDE is not supported with LogMiner based technologies such as Streams, Data Guard (logical standby). Therefore you can not use TDE to replicated encrypted content. --You will get exception "Unsupported data type"
  But, you might replicate decrypted data into encrypted destination. This means your destination might have TDE encrypted columns.
  Unofficially Oracle will support TDE with logminer based technologies in the next database version 11.
  I am waiting for this.
  Regards,
  Mike

• Backup Restore of SCOM Databases

  Hello All.............I have SCOM OpsMgr, OpsDWH and OpsACS Databases on Physical SQL Cluster on a separate instance, but we need to move the Instance along with Databases to a new Virtual SQL Cluster.  The approach I am looking at is Backup and Restore.
  1.  Is this a good approach? Workable?
  2.  What would be required at the Target Virtual SQL Cluster?
       -Same SQL Version?
       -Same Instance Name?
       -Same Service Accounts?
       -Same Drive Letters for Database Location?
  Any help would be appreciated.

  Hello,
  http://technet.microsoft.com/en-us/library/hh278848.aspx
  http://technet.microsoft.com/en-us/library/jj127255.aspx
  http://technet.microsoft.com/en-us/library/jj127255.aspx
  http://OpsMgr.ru/

• SQLlite Database Encryption Question

  hello all, I'm developing Air Application using flex, I need to encrypt the database file. It is said that an encrytion key of exaclty 16 byte is needed...At the Start the user is given the option of either using an existing encryppted sql database or creating a new encrypted one. please how do i make sure a string is converted to a ByteArray with length of exaclty 16 byte....any form of explaination or sample code would help
  Thanks

  Sorry, the string that you pass to it must be conformed correctly.  If it isn't, it will throw this error message:
  ArgumentError: The password must be a strong password. It must be 8-32 characters long. It must contain at least one uppercase letter, at least one lowercase letter, and at least one number or symbol.
  Currently I am using the method below to generate a password.  I haven't had any issues with it not generating a password that isn't conformed correctly for the getEncryptionKey().  But you can easily edit it, for that it *will* contain "...at least one uppercase letter, at least one lowercase letter, and at least one number or symbol."
  public static function generateRandomPassword(strHash:String = 'acbdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890!@#$%^&*',lnHash:Number = 32):String
       var i:Number = 1;
       var hash:String = "";
       var nLenght:Number = strHash.length;
       while (i <= lnHash)
            var num:Number = Math.floor(Math.random()*nLenght)+1;
            hash += strHash.charAt(num);
            i++;
       return hash;
  But also keep in mind, that this key will be stored in the ELS directory of the user's machine.  So it is protected by the OS by a certain degree.

• Existing Database Encryption ?

  I have existing db ,, how i can give the encryption to this existing db ??
  After encrypted db how can i open into the sqlite tool like sqlite administration tool Lita or any othere
  Kindly reply  as soon as possible
  Amit

  Have you tried using com.adobe.air.crypto.EncryptionKeyGenerator instead?

• SCOM database compatibility with SQL 2014

  Hello Experts,
  We are finally upgrading from SCOM 2007 R2 to SCOM 2012 R2. Currently we have our DB's on SQL 2008 R2. I would like to know if the SCOM DB is compatibility with SQL 2014.
  Thanks in Advance.
  Regards,
  Prajul Nambiar

  Hi,
  With UR5 SQL2014 is now supported
  Support for SQL Server 2014 with System Center 2012 R2 Update Rollup 5
  http://blogs.technet.com/b/systemcenter/archive/2015/02/23/support-for-sql-server-2014-with-system-center-2012-r2-update-rollup-5.aspx
  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

• Encrypting data in database

  Is there any tools in an Oracle database or by Oracle to encrypt data in the database in 8.05 database or earlier? In versions above 8.05 - 8i and above, is the PL/SQL Encryption Toolkit free with the database or is it an add on package.
  Thanks

  I've never heard of any tools that encrypt the data prior to v8.0.5. In these cases you might be better server encrypting and decrypting the data outside of the database.
  The DBMS_OBFUSCATION_TOOLKIT has been added in Oracle 8.1.6. This package provides you with DES encryption only. Does not perform any kind of key management. Read the white paper "Database Encryption in Oracle8i" from OTN. Provides a very good assessment of the use of encryption in databases.
  HTH,
  Aaron Newman
  Database Security Consultant
  404-231-0679