2 Replies Latest reply on Jul 18, 2020 5:13 PM by Tamil Dhanabalan

    Encryption of data in transit – from Oracle On premise to IDQ Setup (10.4.1) on AWS EC2

    Ashutosh Jumde Active Member

      When data is read from source PowerCenter Integration service would leverage the sources database client to read and transfer the encrypted data from the source. PowerCenter would leverage the Target's database client to encrypt the data and send the encrypted data to the target database.

      This is the info from the KB article below:

      https://kb.informatica.com/faq/7/Pages/19/516731.aspx#

       

      There is a document (How to Guide) which explains how to configure Secure Communication to Oracle from PowerCenter(9.6) on UNIX. The Document is attached herein.

       

      Question:

      1. Does this hold true for the IDQ version 10.4.1 as well? – Meaning  , Will same process do the encryption when Data Integration Service (version 10.4.1)  fetches / loads  data from/to source and target?
      2. If the answer to above question is Yes ,  Will the same procedure needs to be implemented if the IDQ is installed on AWS EC2 instance and Oracle is installed on - on premise Data Center?
        • 1. Re: Encryption of data in transit – from Oracle On premise to IDQ Setup (10.4.1) on AWS EC2
          Nico Heinze Guru

          I'm not an IDQ specialist, but as of my knowledge IDQ doesn't encrypt data in transit either (just in the same way that PowerCenter does not encrypt them). Assuming my understanding is correct, the answer to Q1 is YES.

           

          An important side note: IDQ can access Oracle data via the Oracle OCI client, via ODBC, or via JDBC. PowerCenter can only leverage the OCI client (technically ODBC is possible, but it's not allowed for PowerCenter customers to use an ODBC connection to Oracle for a PowerCenter server).

          So in order to use the encryption via Oracle Wallets, it's (again, as of my understanding) mandatory to access the Oracle DBMS only via the OCI client; neither the ODBC nor the JDBC driver will provide that functionality.

           

          Q2: it doesn't matter where the IDQ installation resides (i.e. whether it's installed on on-premise hardware or some virtual machine or some AWS / EC2 instance). So the answer to this question is YES as well.

           

          Again, no authoritative answer, only my understanding.

           

          Regards,

          Nico

          • 2. Re: Encryption of data in transit – from Oracle On premise to IDQ Setup (10.4.1) on AWS EC2
            Tamil Dhanabalan New Member

            Pre-Requisite: Your oracle database has encryption enabled.

             

            IDQ is quite simple compared to PowerCenter to configure encryption.

             

            The IDQ connections(configured in admin console) generally uses the JDBC connect strings to get metadata information like table structures, column sizes, etc. and JDBC does have some encyrption support.

             

            For data access, IDQ 10.4.1 uses the progress datadirect 8.0 drivers or native ODBC drivers. Both support encryption. The above hyperlink shows you all the driver methods(Look at encrypt* Crypto* methods).

             

            1.) Yes. If pre-requisites are met

            2.) No. You just need to configure the datadirect odbc.ini entry to use encryption.

             

            The IDQ can encrypt data in transit if the DIS supports only HTTPS protocol and connections between the developer tool or Analyst web app is encrypted by this setting. Keep in mind data on the IDQ server can be decrypted as mentioend in KB.