SCOM database encryption
I've seem it said nowhere if the database for the Audit Collection service is encrypted. I see encrypting the backup but not the running database. Does that need to or can it be done via SQL TDE?
Hi,
As far as I know, there is no document indicate how we encrypt SCOM database, including ACS database.
There is an encryption key for secure data in the operational database, and with that key we can restore your SCOM database.
In addition, for database encryption, you may also post in the SQL forum for further assistance.
Regards,
Yan Li
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]
Similar Messages
-
Hello
I am in the middle of the designing a fully customized dashboard for my SCOM 2012 database. I can use existing queries but they are not complete. I need my own queries but i don't know which SQL tables or views contain a specific monitor or management pack's
data. those people who generate these queries how find it out? is there any reference or guide about SCOM database structure?
Appreciate your responses.
Regards,Hi
You could use These diagrams to start with
SCOM DWH
http://technet.microsoft.com/en-us/library/gg508713.aspx
http://www.systemcentercentral.com/download/opsmgr-2012-database-schemas-operationsmanagerdw-db-2/
http://capacitas.wordpress.com/2012/12/05/retrieving-data-from-the-scom-database/
And of course Kevin's famous SQL query collection
http://blogs.technet.com/b/kevinholman/archive/2007/10/18/useful-operations-manager-2007-sql-queries.aspx
These are good starting Points.
Cheers,
Stefan
Blog: http://blog.scomfaq.ch -
my question is the as this one on this link
https://social.msdn.microsoft.com/Forums/sqlserver/en-US/55deada2-95f1-46a9-82be-c7e684a4bddb/the-certificate-certname-cannot-be-dropped-because-it-is-bound-to-one-or-more-database-encryption?forum=sqlreplication. but there is no clear answer what to
do . would anyone please help me and give me guidance?
i had create a master key and a certificate under master database. and now i want to drop these certificate and master key from this database and face with this error :sg 3716, Level 16, State 15, Line 1
The certificate 'TDECert' cannot be dropped because it is bound to one or more database encryption key .
thanks in advanceHave you enaled TDE for any user database? if yes, and you do not want to continue with having TDE encryption, then you need to run the first command by changing the dbname to that user database instead of master.
ALTER DATABASE DBName SET ENCRYPTION OFF
You can run below command to see if any database are encrypted using TDE
Select is_encrypted,* from sys.databases
Keerthi Deep | Blog SQLServerF1 |
Facebook -
Database encryption in multitenant
Hi,
We need to implement database encryption TDE on certain columns for SAP in multitenant environment.
We have unique client id per customer.
How does the 'database' encryption work in an multi-tenant environment? What if one company want certain fields encrypted and other does not.
Regards,Yes Bitlocker
http://technet.microsoft.com/en-us/library/ee832792(v=exchg.150).aspx
Windows BitLocker (volume encryption)
Windows BitLocker is a data protection feature in Windows Server 2008. BitLocker protects against data theft or exposure on computers that are lost or stolen, and it offers more secure data deletion when computers are decommissioned.
Supported: All Exchange database and log files.
Supported: All Exchange database and log files. Windows failover clusters require Windows Server 2008 R2 or Windows Server 2008 R2 SP1 and the following hotfix:
You cannot enable BitLocker on a disk volume in Windows Server 2008 R2 if the computer is a failover cluster node. Exchange volumes with Bitlocker enabled are not supported on Windows
failover clusters running earlier versions of Windows.
For more information about Windows 7 BitLocker encryption, see
BitLocker Drive Encryption in Windows 7: Frequently Asked Questions.
Twitter!: Please Note: My Posts are provided “AS IS” without warranty of any kind, either expressed or implied. -
Database encryption supported in Exchange 2013?
hi,
according to this:
http://technet.microsoft.com/en-us/library/aa998022(v=exchg.80).aspx
MS doesn't support storing Exchange databases on EFS volumes.
Is the recommendation the same for Exchange 2013?
Is there any support for encrypting databases in an Exchange 2013 environment other than in transit traffic?
Thanks,
rudifYes Bitlocker
http://technet.microsoft.com/en-us/library/ee832792(v=exchg.150).aspx
Windows BitLocker (volume encryption)
Windows BitLocker is a data protection feature in Windows Server 2008. BitLocker protects against data theft or exposure on computers that are lost or stolen, and it offers more secure data deletion when computers are decommissioned.
Supported: All Exchange database and log files.
Supported: All Exchange database and log files. Windows failover clusters require Windows Server 2008 R2 or Windows Server 2008 R2 SP1 and the following hotfix:
You cannot enable BitLocker on a disk volume in Windows Server 2008 R2 if the computer is a failover cluster node. Exchange volumes with Bitlocker enabled are not supported on Windows
failover clusters running earlier versions of Windows.
For more information about Windows 7 BitLocker encryption, see
BitLocker Drive Encryption in Windows 7: Frequently Asked Questions.
Twitter!: Please Note: My Posts are provided “AS IS” without warranty of any kind, either expressed or implied. -
Remove network device inventory from SCOM database
Hello Gurus
I have a quick question. I think one of the internal connectors in my SCOM environment has got deleted by mistake. As a result all the network devices that were being monitored previously has now disappeared. I believe because they were present in the database,
I can't discover them now. Is it possible somehow to list those network devices from the database, and then delete them, by using powershell and/or SQL.
Any help in this regard will be greatly appreciated.
Regards,You can delete them by:
In the Discovery Rules option under the Administration Tab, you will be able to see all the network devices that are discovered. This shows the devices that are discovered and currently getting monitored in SCOM. You can select multiple devices and then
remove them.
Then Run in powershell Get-RemotelyManagedDevice to check that all Network devices deleted.
you can also check below link to remove/restore network device
http://technet.microsoft.com/en-us/library/hh212795.aspx
Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question, please click "Mark As Answer" -
Hi All,
We have an application that insert records to a remote database over a database link. From what I understand, the remote database is not on our network, and is accessed over the internet, or some unsecured network.
So, I am being asked about encrypting the data. I'm not sure what they are referring to. I've seen posts referring to an Oracle package called dbms_obfuscation_toolkit.
Or perhaps they are talking about encrypting the data during transport to the remote database?
Can anyone provide me some insight into the encrypting of the data, and whether it is stored in the database that way, or is it just while it is in transit.....
Thanks.If you are using a single key to encrypt all the data, you would only have to transmit the key when it changed. Some applications need to change the key periodically (i.e. when someone with access to the key is terminated, when there is a security breach, every N days, etc). Some applications use different keys for different pieces of data.
Oracle Advanced Security (OAS) is definitely easier to deal with-- you make a couple of configuration settings and you're done. Rolling your own solution requires code on both systems and can get somewhat painful if you need to encrypt a lot of columns. Your security also depends on the ability of the remote site to keep your shared key secret.
If you're transmitting data that is mostly non-confidential but has the occasional confidential element (i.e. credit card #'s, social security #'s, etc), DBMS_OBFUSCATION_TOOLKIT is probably appropriate. If the majority of the data you're sending needs to be encrypted, particularly if that is a legal requirement, I would tend to favor OAS.
Justin
Distributed Database Consulting, Inc.
http://www.ddbcinc.com/askDDBC -
According to Payment Card Industry (PCI) Data Security Standard:
meet the following
minimum comparable key bit security:
• 80 bits for secret key based systems (for example TDES)
• 1024 bits modulus for public key algorithms based on the factorization
(for example, RSA)
• 1024 bits for the discrete logarithm (for example, Diffie-Hellman) with a
minimum 160 bits size of a large subgroup (for example, DSA)
• 160 bits for elliptic curve cryptography (for example, ECDSA)
So in order to store credit card details in my 10g DB I have 3 questions, I was wondering if someone can help me with:
Which of these encryptions Oracle support ?
Which is the most secure?
Is there any other Oracle products that will encryupt my data?
Thank you in advance for your help.Dear drbiloukos,
many of our customers have used TDE (Transparent Data Encryption) for their PCI compliance projects and passed successfully. If you are on 10gR2, it's recommended to upgrade to 10.2..0.4 or 10.2.0.5 as these include bug fixes that reduce the performance impact, storage impact, and general usability. What application do you want to protect, a custom or a packaged application?
Please, for more details, see:
http://www.oracle.com/technetwork/database/options/advanced-security/index-099011.html
http://www.oracle.com/technetwork/database/security/twp-transparent-data-encryption-bes-130696.pdf
http://www.oracle.com/technetwork/database/security/tde-faq-093689.html
http://www.youtube.com/watch?v=ecdROBQIseI
Best, Peter -
Hi!
I will install one SCOM2012 R2 Environment and use Microsoft "System Center 2012 Operations Manager
Sizing Helper Tool v1" excel file to figure out the HW on the SCOM servers and the database.
I suppose that the disk RAID recommendation is for SATA or SAS disks. What happens for example if the dedicated SCOM SQL server use
local SSD disks. The SAS disk can handle up to 200 IOPS and SSD disk can handle up to 8000 IOPS.
For example if I use the Sizing Helper and choose 500 Agent + 100 APM servers.
Then the RAID will be:
OpsMgr db = 4 disk RAID 10
OpsMgrDW = 6 disk RAID 10
Is it the same RAID recommendation for SSD disk or can it instead be:
OpsMgr db = 2 disk RAID 1
OpsMgrDW = 2 disk RAID 1
//Mats AAgree with John.
It's same RAID recommendation for SSD Disks to get more high availability because in RAID 10, you will have high performance with redundant {for example, in RAID 10, you will not lose the data until if 2 HD Failed} and Performance of Read and Write is high.
SSD give you high performance but it will good for 500 Agent and 100 APM but in large environment, it's recommended to work on same RAID Recommendation
Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question, please click "Mark As Answer"
Mai Ali | My blog: Technical | Twitter:
Mai Ali -
Oracle Streams and Database Encryption
I am looking for encryption method for OLTP database.
Oracle Streams will be used to synchronize the data between source and remote database.
Business process wants all remote database to be fully encrypted.
What Can I use?
- TDE is not supported with Oracle Streams,
- I cant use DBMS_CRYPTO since it needs big Database modifications.
Any other Oracle supported techniques, or maybe Im gonna need to consider hardware encryption (like hard disk encryption) or OS level encryption.
Thanks,TDE is not supported with LogMiner based technologies such as Streams, Data Guard (logical standby). Therefore you can not use TDE to replicated encrypted content. --You will get exception "Unsupported data type"
But, you might replicate decrypted data into encrypted destination. This means your destination might have TDE encrypted columns.
Unofficially Oracle will support TDE with logminer based technologies in the next database version 11.
I am waiting for this.
Regards,
Mike -
Backup Restore of SCOM Databases
Hello All.............I have SCOM OpsMgr, OpsDWH and OpsACS Databases on Physical SQL Cluster on a separate instance, but we need to move the Instance along with Databases to a new Virtual SQL Cluster. The approach I am looking at is Backup and Restore.
1. Is this a good approach? Workable?
2. What would be required at the Target Virtual SQL Cluster?
-Same SQL Version?
-Same Instance Name?
-Same Service Accounts?
-Same Drive Letters for Database Location?
Any help would be appreciated.Hello,
http://technet.microsoft.com/en-us/library/hh278848.aspx
http://technet.microsoft.com/en-us/library/jj127255.aspx
http://technet.microsoft.com/en-us/library/jj127255.aspx
http://OpsMgr.ru/ -
SQLlite Database Encryption Question
hello all, I'm developing Air Application using flex, I need to encrypt the database file. It is said that an encrytion key of exaclty 16 byte is needed...At the Start the user is given the option of either using an existing encryppted sql database or creating a new encrypted one. please how do i make sure a string is converted to a ByteArray with length of exaclty 16 byte....any form of explaination or sample code would help
ThanksSorry, the string that you pass to it must be conformed correctly. If it isn't, it will throw this error message:
ArgumentError: The password must be a strong password. It must be 8-32 characters long. It must contain at least one uppercase letter, at least one lowercase letter, and at least one number or symbol.
Currently I am using the method below to generate a password. I haven't had any issues with it not generating a password that isn't conformed correctly for the getEncryptionKey(). But you can easily edit it, for that it *will* contain "...at least one uppercase letter, at least one lowercase letter, and at least one number or symbol."
public static function generateRandomPassword(strHash:String = 'acbdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890!@#$%^&*',lnHash:Number = 32):String
var i:Number = 1;
var hash:String = "";
var nLenght:Number = strHash.length;
while (i <= lnHash)
var num:Number = Math.floor(Math.random()*nLenght)+1;
hash += strHash.charAt(num);
i++;
return hash;
But also keep in mind, that this key will be stored in the ELS directory of the user's machine. So it is protected by the OS by a certain degree. -
Existing Database Encryption ?
I have existing db ,, how i can give the encryption to this existing db ??
After encrypted db how can i open into the sqlite tool like sqlite administration tool Lita or any othere
Kindly reply as soon as possible
AmitHave you tried using com.adobe.air.crypto.EncryptionKeyGenerator instead?
-
SCOM database compatibility with SQL 2014
Hello Experts,
We are finally upgrading from SCOM 2007 R2 to SCOM 2012 R2. Currently we have our DB's on SQL 2008 R2. I would like to know if the SCOM DB is compatibility with SQL 2014.
Thanks in Advance.
Regards,
Prajul NambiarHi,
With UR5 SQL2014 is now supported
Support for SQL Server 2014 with System Center 2012 R2 Update Rollup 5
http://blogs.technet.com/b/systemcenter/archive/2015/02/23/support-for-sql-server-2014-with-system-center-2012-r2-update-rollup-5.aspx
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. -
Is there any tools in an Oracle database or by Oracle to encrypt data in the database in 8.05 database or earlier? In versions above 8.05 - 8i and above, is the PL/SQL Encryption Toolkit free with the database or is it an add on package.
ThanksI've never heard of any tools that encrypt the data prior to v8.0.5. In these cases you might be better server encrypting and decrypting the data outside of the database.
The DBMS_OBFUSCATION_TOOLKIT has been added in Oracle 8.1.6. This package provides you with DES encryption only. Does not perform any kind of key management. Read the white paper "Database Encryption in Oracle8i" from OTN. Provides a very good assessment of the use of encryption in databases.
HTH,
Aaron Newman
Database Security Consultant
404-231-0679
Maybe you are looking for
-
(A) When I click "Print Information Sheet" on the HP Web Services tab/ "Web Service Setup" to obtain my printer's email address to use in the claim code box...NOTHING HAPPENS. No claim code, No email address (B) When I click "Print Information Shee
-
Passing UNIX command in SQL Script
Hi, I am writing a sql-script in unix. The logic is as below: SELECT flag FROM dummy_table; If flag = Y Then cp ./abc.txt $HOME/abc.txt Else SELECT id, roll FROM employees; Please help me out. Thanks and Regards, Tony
-
I am new to working with Adobe Acrobat Pro XI and Adobe Reader XI. Based on research I have done and questions answered in the Adobe Communities and Forum, I wanted to make sure I understand the limitations of these two products before I report back
-
Is there any function module which will gives all details related to service po? Required total qty from service tab,tax code from invoice tab,base amount & total value from condition tab. waiting for your valuable input . Regards, Rachel
-
Acrobat 11 upgrade on new laptop
I have installed Acrobat 11 on my new laptop. Will not run as products to upgrade from not installed on the new laptop