Advisors Database Deployment with Data Encryption
This page describes Advisors deployment with data encryption for MS SQL and Oracle database servers.
Secure Deployment for MS SQL Server 2008=
For MS SQL Server data encryption, Genesys recommends using MS SQL Server Transparent Data Encryption (TDE), which performs a real-time I/O encryption and decryption of the data and log files. This method has only a minor impact on performance, which is critical for the Advisors Suite.
It is important to mention that TDE is available only for MS SQL Server Enterprise edition. The data cannot be encrypted using TDE if any other MS SQL Server edition is used.
Advisors Suite MS SQL databases do not have any properties, such as READ-ONLY file groups, full text indexes, or filestreams that would prevent the TDE. Users must follow the standard Microsoft documentation related to this topic.
The Advisors Suite does not support MS SQL Server cell-level encryption.
|-| Database Deployment with Data Encryption for Oracle=
- Transparent Database Encryption (TDE) introduced in Oracle 10g, which allows the encryption of individual column content on the data file level.
- Tablespace encryption introduced in Oracle 11g, which allows the encryption of the entire content of a tablespace.
Genesys recommends TDE for Oracle tablespaces.
Initial Platform, Metric Graphing, and Genesys Adapter Metrics database scripts contain tablespace names in the form of variables in each create SQL statement for tables, primary keys, and indexes. The tables and indexes are distributed among several groupings based on Genesys’ recommendations related to the data update patterns and its usage characteristics.
The Platform deployment script replaces the variables dynamically with the values you provide in the deployment script dialog. The deployment script generates a new runObjCre.sql script with the substituted variables. The deployment script executes runObjCre.sql and other SQL scripts in a certain order.
It is important to make a decision about what objects need encryption and what objects should go to what tablespace before the deployment script execution.
If you decide to place all objects into one single encrypted tablespace, specify the tablespace as a user default data tablespace, and then read the script dialog prompts to ensure this tablespace is used for all objects (that is, on all prompts, specify the name of this tablespace, or simply press Enter). If you want to use different encrypted tablespaces for different groups of objects predefined in the scripts, you must specify the tablespace names you have chosen for this purpose on the corresponding prompts. Review the Readme.txt file supplied with the scripts to find out how the objects are grouped in the scripts.[+] Advanced Tablespace Customization
To verify that an Advisors schema is secured with TDE encryption, do the following:
- Run the following query to verify that the tablespaces to which the user has access are created as encrypted:
- SELECT TABLESPACE_NAME,ENCRYPTED FROM USER_TABLESPACES WHERE ENCRYPTED='YES';
- Run the following query to verify that all of the tables are created in the encrypted tablespaces:
- SELECT DISTINCT TABLESPACE_NAME FROM USER_TABLES;
List of Function-Based Indexes
TDE limitations related to the column-based encryption of the content with function-based indexes are applicable to the Advisors Suite. The Advisors schema contains a number of function-based indexes that need to be modified or dropped if the column-based encryption of the related columns is chosen. See the following Table.
|IX_APPLICATION_NAME||APPLICATION – Contains application group metadata||UPPER("NAME")|
|IX_CALL_APP_UP||CALL_APPLICATION – Contains metadata for queues, call types, services, interaction queues||UPPER("NAME")|
|IX_CALL_CENTER_NAME||CALL_CENTER – Contains contact center metadata||UPPER("NAME")|
|IX_CALL_CREGION_NAME||REGIONS – Contains metadata for geographic regions, reporting regions and operating units||UPPER("NAME"), UPPER("TYPE")|
|IX_CG_UP||CONTACT_GROUP – Contains metadata for workforce contact groups||UPPER("NAME")|
|IX_CONTACT||CONTACT – Contains Advisors users contact data||UPPER(“EMAIL”)|
|IX_PG_NAME||PG – Contains metadata for peripheral gateways||UPPER("PG_NAME")|
|IX_USERS_USERNAME||USERS – Contains the list of Advisor users||UPPER("USERNAME")|