banner

Thales Partners

Oracle

Oracle

Oracle is the world's most complete, open, and integrated business software and hardware systems company. For more than three decades, Oracle has been helping customers manage business systems and information with reliable, secure, and integrated technologies. Oracle continues to strive to connect all levels of enterprise technology to help customers access the knowledge they need to respond to market conditions with speed and agility. Oracle offers several applications that integrate effectively with Thales crypto management and authentication solutions to provide users with powerful data protection solutions.
500 Oracle Parkway Redwood Shores California United States North Americas 94065
(650) 506-7000

 

Oracle Database

Within Oracle environments, Oracle offers a native encryption functionality called transparent data encryption (TDE).  While TDE provides encryption, it is an incomplete strategy by itself due to local database encryption key storage and management.  This is especially true if regulatory compliance is a consideration, because TDE encryption keys are stored locally in software on the same server as the database.

Fortunately, Thales solves this problem for TDE customers with its CipherTrust Manager enterprise key management platform.  Separating encryption keys from  the encrypted data is a best practice and the foundation of an effective and compliant encryption strategy. Organizations that choose Oracle TDE can secure and manage their database encryption keys with CipherTrust Manager to ensure that an encrypted database cannot be accessed without CipherTrust Manager authentication.  This barrier to entry both secures data and serves as a deterrent to any would-be attackers.

Securing Oracle Database Data and Demonstrating Compliance on Amazon Web Services (AWS) - Solution Brief

Oracle Database: Database and File Encryption and Thales HSMs

Oracle Advanced Security, an option to Oracle Database, helps address privacy and regulatory requirements. Oracle Advanced Security provides data encryption and strong authentication services to the Oracle database, safeguarding sensitive data against unauthorized access to the network, operating system or through theft of hardware or backup media.

The secure storage of master encryption keys is the foundation of any robust security solution. The integration of Thales Luna hardware security modules (HSMs) with Oracle Advanced Security transparent data encryption (TDE) allows for the Oracle master encryption keys to be stored in the HSM, offering greater database security and centralized key management. The master encryption key never leaves the secure confines of the HSM. Oracle integrates with Thales Enterprise HSM to provide users with a powerful combined Thales and Oracle Database Database and File Encryption solution.

The TDE master encryption key is part of a two-tiered key architecture that protects the encryption keys used to encrypt the data. The TDE master key can be stored with minimal security, in software only in an Oracle Wallet (a PKCS#12 formatted file), or in a highly secure and auditable format in the Thales Enterprise HSM. This two-tiered key architecture allows for easy re-keying and high performance.

Resources and Additional Information

Learn more about Thales Luna HSMs

Learn more about Thales Data Protection on Demand

Oracle Database with Thales Luna HSM and Thales Luna Cloud HSM Service Integration Guide

Oracle Database with Thales Luna Cloud HSM Service Integration Guide

Oracle Database 11g and 12C with Thales Luna HSMs Integration Guide

Oracle Database TDE with Thales PSE HSM Integration Guide

Oracle Key Vault Integration with Thales Luna Network HSM 7000

Oracle Cloud

About Oracle Cloud

Oracle's complete, integrated approach makes it easy for companies to get started in the cloud and even easier to expand as business grows. With Oracle Cloud Platform, developers, IT professionals, and business leaders to develop, extend, connect, and secure cloud applications and share data. Companies use Oracle's infrastructure as a service (IaaS) to run any workload in the cloud, encompassing compute, storage, network, container services, migration tools and more. Oracle Cloud facilitates companies’ efforts to innovate faster, increase productivity, and lower costs. Whether on-premises or in the cloud, Oracle Cloud Platform offers the same set of capabilities to give organizations the flexibility and choice they need to optimize their operations.

Solution Overview

Thales data encryption and key management solutions work in the Oracle Cloud to allow customers to deploy client-side encryption, centralized key management and tokenization to secure their cloud workloads. Data control is a fundamental concern for organizations moving to the cloud. With Thales CipherTrust Data Security Platform, organizations can keep their data safe in the cloud while demonstrating their persistent control in compliance with their regulatory obligations. 

Additional Resources

Solution Brief: Secure Data-at-Rest in Oracle Cloud with Thales CipherTrust Data Security Platform

Oracle Key Vault with Luna HSM

Thales Luna Hardware Security Module (HSM) integration with Oracle Key Vault, where the HSM acts as a “Root of Trust” by storing a top-level encryption key for Oracle Key Vault.

Resources and Additional Information

Oracle Key Vault with Thales Luna HSM Integration Guide

Oracle Database TDE with Thales CipherTrust Manager

Oracle Transparent Data Encryption (TDE) provides the infrastructure necessary for implementing encryption within the database. It enables the organizations to encrypt sensitive application data such as credit card numbers on storage media completely transparent to the application (table columns or tablespaces). It encrypts the data in the data files so that in case they are obtained by other parties it is not possible to access the clear text data. In the databases where TDE is configured, any user who has access on an encrypted table, can see the data in clear text because Oracle transparently decrypts the data for any user having the necessary privileges.

This solution can be used within Oracle Exadata, which is an optimized, high-performance platform designed for organizations that handle extremely large quantities of data quickly.

TDE uses a two-tier encryption key architecture consisting of:

  • A master encryption key that is used to encrypt secondary keys used for column encryption and tablespace encryption.
  • One or more table and/or tablespace keys. These keys are used to encrypt one or more specific columns or the keys used to encrypt tablespaces. There is only one table key regardless of the number of encrypted columns in a table and it is stored in the data dictionary. The tablespace key is stored in the header of each data file of the encrypted tablespace.

The table and tablespace keys are encrypted using the master key. The master key is stored in an External Security Module (ESM) that can be one of the following:

  • An Oracle Wallet - a secure container outside of the database. It is encrypted with a password.
  • CipherTrust Manager - a device used to secure keys and perform cryptographic operations. Oracle interfaces to the device using a PKCS#11 library supplied by the CipherTrust Manager vendor.

CipherTrust Manager provides a secure location for storing the TDE master encryption key. Thales PKCS#11 provides an industry-standard interface that enables the Oracle database to communicate with CipherTrust Manager.

Resources and Additional Information

Oracle Database with Thales ProtectDb Solution Brief

Oracle Database TDE with Thales KeySecure Integration Guide

Oracle Enterprise Single Sign-on (ESSO): Identity and Access Management and Thales Enterprise HSM

Oracle Enterprise Single Sign-on Provisioning Gateway (ESSO-PG) enables an administrator to use an automatic provisioning to add, modify, and delete IDs and passwords for identity and access management. Thales Enterprise HSM (formerly Luna SA) hardware security module (HSM) integrates with ESSO to provide the logical and physical protection of the keys used in SSL/TLS encryption. Thales Enterprise HSM is the choice for enterprises requiring strong cryptographic security for paper-to-digital initiatives, digital signatures, DNSSEC, hardware key storage, transactional acceleration, certificate signing, code or document signing, bulk key generation, data encryption, and more.

Resources and Additional Information:

Oracle ESSO Provisioning Gateway with Thales Enterprise HSM Integration Guide

Oracle Glass Fish Server: Web Services and Thales HSM

Oracle GlassFish Server is a flexible, lightweight, and production-ready open-source Java EE application server for developing and deploying Java Platform Enterprise Edition (Java EE) applications and web Java Web Services. GlassFish supports Enterprise JavaBeans, JPA, JavaServer Faces, JMS, RMI, JavaServer Pages, servlets so developers can more easily create enterprise applications that are portable, scalable, and compatible with legacy technologies.

Thales HSMs integrate with Oracle GlassFish Server to provide significant performance improvements by offloading cryptographic operations from the Server to the HSM. In addition, Thales HSMs help provide a secure server environment by protecting and managing the server’s high value SSL private key within a FIPS 140-2 certified hardware security module

Resources and Additional Information:

Oracle Glass Fish Server and SafeNet HSM Integration Guide

Oracle HTTP Server: Web Server and Thales HSM

Oracle HTTP Server (OHS) is the Web server component for Oracle Fusion Middleware. It provides a HTTP listener for Oracle Web Logic Server and the framework for hosting static pages, dynamic pages, and applications over the Web. OHS is designed to handle and terminate SSL connections so organizations can deliver content securely over encrypted tunnels.

Thales HSMs integrate with Oracle HTTP Server to provide significant performance improvements by off-loading cryptographic operations from the Server to the HSM. In addition, Thales HSMs help provide a secure server environment by protecting and managing the server’s high value SSL private key within a FIPS 140-2 certified hardware security module.

Resources and Additional Information

Oracle HTTP Server and Thales HSMs Integration Guide

Oracle Internet Directory: Identity Access Management and Thales HSMs

Oracle Internet Directory, the Web server component for Oracle Fusion Middleware, is a general-purpose directory service that enables fast retrieval and centralized management of information about dispersed users and network resources. It combines Lightweight Directory Access Protocol (LDAP) Version 3 with the high performance, scalability, robustness, and availability of an Oracle database. Enabling SSL in Oracle Internet Directory ensures that data has not been modified, deleted, or replayed during transmission.

Thales HSMs integrate with the Oracle Internet Directory Server to provide significant performance improvements by off-loading cryptographic operations from the server to the HSM. The Thales HSMs also provide the highest level of security assurance by protecting and managing the server’s high-value SSL private key within a FIPS 140-2 Level 3-certified hardware security module. 

With the Thales HSM, Oracle Internet Directory Server users get the benefits of centralized secure storage and full lifecycle management of the private keys, improved server performance by offloading the cryptographic processing, and failover support. 

Resources and Additional Information

Oracle Internet Directory and Thales HSM Integration Guide

Oracle iPlanet Web server: Web Server and Thales HSMs

Oracle iPlanet Web Server delivers a secure infrastructure for hosting different web technologies and medium and large business applications. iPlanet Web Server is ideal for enterprise deployments because it can handle high throughput requirements, reduce the security vulnerabilities while maximizing uptime, and lower operational and deployment costs for enterprises.

Thales HSM integrates via the PKCS#11 standard with Oracle iPlanet Web Server to provide significant performance improvements by off-loading cryptographic operations from the Server to the HSM. In addition, Thales HSMs help provide a secure server environment by protecting and managing the server’s high value SSL private key within a FIPS 140-2 certified hardware security module.

Resources and Additional Information

Thales HSM with Oracle iPlanet Web Server

Oracle SSL Authentication: Network Access and Thales Enterprise HSM

Oracle Advanced Security supports authentication by using digital certificates over SSL in addition to the native encryption and data integrity capabilities of these protocols. By using Oracle SSL authentication to secure communications between clients and servers, organizations can use SSL to encrypt the connection between clients and servers, and authenticate any client or server, such as Oracle Application Server 10g, to any Oracle database server that is configured to communicate over SSL.

Thales HSMs integrate with Oracle SSL Authentication to provide significant performance improvements by off-loading cryptographic operations from the server to the HSM. In addition, Thales Enterprise HSMs provide the highest assurance available by protecting and managing the server’s high value SSL private key within a FIPS 140-2 Level 3-certified hardware security module.

Oracle Weblogic: Web Services and Thales Enterprise HSM

Oracle WebLogic Server is an enterprise-ready Java Platform, Enterprise Edition (Java EE) application server that supports the deployment of distributed applications. WebLogic Server provides a standard set of APIs for creating distributed Java applications that can access databases, messaging services, and connections to external enterprise systems. Enterprises using WebLogic can deploy mission-critical applications in a robust, highly available, and scalable environment with extensive security features to keep data secure and prevent malicious attacks.

Thales HSMs integrate with Oracle WebLogic Server to provide significant performance improvements by off-loading cryptographic operations from the Server to the HSMs. In addition, the Thales HSMs help provide a secure server environment by protecting and managing the server’s high value SSL private key within a FIPS 140-2 certified hardware security module.

Resources and Additional Information

Oracle WebLogic Server with Thales HSM Integration Guide

Oracle Secure Global Desktop: Remote Access and SafeNet Authentication Solutions

Oracle Secure Global Desktop Remote Access embedded Oracle Secure Global Desktop: Remote Access and SafeNet Trusted Access

Oracle Secure Global Desktop is a secure remote access solution providing access to applications running on Microsoft Windows, Linux, Oracle Solaris and mainframe servers from a wide variety of popular client devices, including Windows PCs, Macs, Linux PCs, and tablets such as the Apple iPad and Android-based devices. Oracle Secure Global Desktop allows administrators the freedom to use a single solution to provide secure access to a variety of applications and desktop environments in the data center. SafeNet Trusted Access raises the identity assurance level of users accessing Global Desktop with multi-factor authentication solutions that protect identities and ensure that individuals are who they claim to be.

Building on Thales’s award winning authentication service, SafeNet Trusted Access combines authentication and access management in a fully integrated cloud service. Our service lets you transform your business and operate securely in the cloud by preventing data breaches, simplifying access for users, and enabling compliance.

Our customers include over 25,000 organizations and 30 million users worldwide across all industries. Partnering with Thales for the long term, they trust our innovative access management and authentication services to help them securely adopt new ways of doing business on mobile, and in the cloud.

Resources and Additional Information:

SafeNet Authentication Service (SAS) is now SafeNet Trusted Access (STA).

For STA SAML integrations, please refer to STA Application Catalog. For STA RADIUS integrations, please refer to STA RADIUS Integration guides page on Thales Customer Portal.

 

 

Solaris PAM: Remote Access

Oracle Solaris PAM Remote Access embedded Solaris PAM: Remote Access and SafeNet Trusted Access

Oracle Solaris is a enterprise UNIX operating system that  provides high performance, scalability, and reliability. Optimized to run Oracle hardware, databases, and middleware for remote access, the Pluggable Authentication Module (PAM) framework lets businesses “plug in” new authentication services without changing system entry services. SafeNet Trusted Access raises the identity assurance level of users accessing Solaris with multi-factor authentication solutions that protect identities and ensure that individuals are who they claim to be.

Building on Thales’s award winning authentication service, SafeNet Trusted Access combines authentication and access management in a fully integrated cloud service. Our service lets you transform your business and operate securely in the cloud by preventing data breaches, simplifying access for users, and enabling compliance.

 

Our customers include over 25,000 organizations and 30 million users worldwide across all industries. Partnering with Thales for the long term, they trust our innovative access management and authentication services to help them securely adopt new ways of doing business on mobile, and in the cloud.

Resources & Additional Information

SafeNet Authentication Service (SAS) is now SafeNet Trusted Access (STA).

For STA SAML integrations, please refer to STA Application Catalog. For STA RADIUS integrations, please refer to STA RADIUS Integration guides page on Thales Customer Portal.

Oracle Access Manager: Remote Access and SafeNet Authentication Service

Oracle Access Manager Remote Access embedded Oracle Access Manager: Remote Access and SafeNet Trusted Access

Oracle Access Manager provides the core functionality of sign For STA SAML integrations, please refer toon, authentication, authorization, centralized policy administration, agent management, and real-time session management and auditing for remote access. Built as a 100% Java solution, Access Manager provides rich functionality, extreme scalability and high availability thereby increasing security, improving user experience and productivity, and enhancing compliance while reducing total cost of ownership. SafeNet Trusted Access raises the identity assurance level of users with multi-factor authentication solutions that protect identities and ensure that individuals are who they claim to be. SafeNet Trusted Access provides a cost-effective, innovative, unbeatable security solution that allows businesses to continue using their existing authentication systems. 

Building on Thales’s award winning authentication service, SafeNet Trusted Access combines authentication and access management in a fully integrated cloud service. Our service lets you transform your business and operate securely in the cloud by preventing data breaches, simplifying access for users, and enabling compliance.

Our customers include over 25,000 organizations and 30 million users worldwide across all industries. Partnering with Thales for the long term, they trust our innovative access management and authentication services to help them securely adopt new ways of doing business on mobile, and in the cloud.

Resources & Additional Information

SafeNet Authentication Service (SAS) is now SafeNet Trusted Access (STA).

For STA SAML integrations, please refer to STA Application Catalog. For STA RADIUS integrations, please refer to STA RADIUS Integration guides page on Thales Customer Portal.

 

NetSuite Application

NetSuite SaaS and Web Apps embedded NetSuite: SaaS and Web Apps with Thales Authentication Manager

NetSuite users require security and convenience when accessing their SaaS-based web applications. Thales Authentication Manager provides authentication and identity assurance by collecting each user’s credentials, evaluating these credentials, and then accepting them and allowing access, or, if invalid, prohibiting access. Thales Authentication Manager provides this level of security for enhanced mobile access across WiFi channels, ensuring secure access to sensitive data in web applications.

Resources & Additional Information:

Thales Authentication Manager Integration Guide Using SAM as an Identity Provider for NetSuite