Database Secure Deployment
This page describes secure deployment for MS SQL 2008 and Oracle 11g databases.
<tabber>
Secure Deployment for MS SQL Server 2008=
For MS SQL Server 2008 secure deployment, Genesys recommends using MS SQL Server Transparent Data Encryption (TDE) which performs a real-time I/O encryption and decryption of the data and log files. This method has only a minor impact on performance, which is critical for the Advisors Suite.
It is important to mention that TDE is available only for MS SQL Server Enterprise edition. The data cannot be encrypted using TDE if any other MS SQL Server edition is used.
Advisors Suite MS SQL databases do not have any properties that can prevent the application of TDE. The databases do not contain any READ-ONLY file groups, full text indexes, or filestreams. Users must follow the standard Microsoft documentation related to this topic.
The Advisors Suite does not support MS SQL Server cell-level encryption.
|-| Secure Deployment for Oracle 11g=
Oracle 11g offers:
- Transparent Database Encryption (TDE) introduced in Oracle 10g, which allows the encryption of individual column content on the data file level.
- Tablespace encryption introduced in Oracle 11g, which allows the encryption of the entire content of a tablespace.
To verify that databases are secured with TDE encryption, do the following:
- Run the following query and all your tables should be using the ENCRYPTED_TS tablespace:
select * from user_tables - Run the following query and check if the ENCRYPTED_TS table space shows Yes:
select tablespace_name,encrypted from user_tablespaces
The following specifics of Advisors database deployment must be considered if the above Oracle features are used.
[+] Platform, Metric Graphing, and Genesys Adapter Metrics DatabasesList of Function-Based Indexes
TDE limitations related to the column-based encryption of the content with function-based indexes are applicable to the Advisors Suite. The Advisors schema contains a number of function-based indexes that need to be modified or dropped if the column-based encryption of the related columns is chosen. See the following Table.
Platform Schema
| Index | Table | Column expression |
|---|---|---|
| IX_APPLICATION_NAME | APPLICATION – Contains application group metadata | UPPER("NAME") |
| IX_CALL_APP_UP | CALL_APPLICATION – Contains metadata for queues, call types, services, interaction queues | UPPER("NAME") |
| IX_CALL_CENTER_NAME | CALL_CENTER – Contains contact center metadata | UPPER("NAME") |
| IX_CALL_CREGION_NAME | REGIONS – Contains metadata for geographic regions, reporting regions and operating units | UPPER("NAME"), UPPER("TYPE") |
| IX_CG_UP | CONTACT_GROUP – Contains metadata for workforce contact groups | UPPER("NAME") |
| IX_CG_ORIGIN | CONTACT_GROUP | UPPER("WFM_EQUIVALENT_ID"), UPPER("SOURCE_SYSTEM") |
| IX_CONTACT | CONTACT – Contains Advisors users contact data | UPPER(“EMAIL”) |
| IX_PG_NAME | PG – Contains metadata for peripheral gateways | UPPER("PG_NAME") |
| IX_USERS_USERNAME | USERS – Contains the list of Advisor users | UPPER("USERNAME") |
| IX_KEY_ACTION_NAME | KEY_ACTION | UPPER("NAME") |
| IX_ADAPTER_INST_HOST_PORT | ADAPTER_INSTANCES | UPPER(“HOST”) |