Configure CA PPM with Oracle Database Encryption

As a database administrator, you can configure CA PPM custom JDBC URL settings when you set up Oracle to accept only encrypted connections.
As a database administrator, you can configure CA PPM custom JDBC URL settings when you set up Oracle to accept only encrypted connections.
Configure Oracle Net Encryption:
Since June 2013, Net Encryption has been licensed with Oracle Enterprise Edition and does not require Oracle Advanced Security. 
: For details see the Oracle documentation for Configuring Data Encryption and Integrity.
Add several lines to the
file on both the client and server:
  1. Client
    : Add a line for 
    and choose one of the following values (for example,
    This is the default value.
    tells the server that the client accepts secure net traffic if requested.
    The client rejects any connection requiring secure net traffic.
    The security service is activated if the server requests or requires it.
    The client accepts the connection only if the server accepts secure traffic.
  2. Server
    : Add one or more server lines (different combinations of lines and values are acceptable). For example, you might add:
    The following tested encryption algorithms are supported by Oracle:
    • AES256
      : AES with a 256-bit key size
    • RC4_256
      : RSA RC4 with a 256-bit key size
    • AES192
      : AES with a 192-bit key size
    • 3DES168
      : Three-key 3DES (with an effective key size of 168 bit)
    • AES128
      : AES with a 128-bit key size
    • RCA_128
      : RSA RC4 with a 128-bit key size
    • 3DES112
      : Two-key 3DES (with an effective key size of 112 bit)
    • RC4_56
      : RSA RC4 with a 56-bit key size
    • DES
      : DES (with an effective key size of 56 bit)
    • RC4_40
      : RSA RC4 with a 40-bit key size
  3. Verify the encryption status meets your requirements. The encryption status derived from your client and server parameter values is summarized in the following table: 
: ORA-12660 is the error returned by Oracle for the given scenario
Implement Oracle Advanced Security Encryption
Oracle Advanced Security provides the following features:
  • Transparent Data Encryption (TDE) protects information in the database from media theft by encrypting sensitive data on disk.
  • Data encryption and integrity to ensure the privacy of communications over any protocol into the Oracle database.
  • Strong authentication services such as Kerberos, PKI, Biometrics, and RADIUS-compliant smart cards.
Follow these steps
  1. Set the 
     property in the JDBC URL to 
    , or 
  2. Set the 
     property in the JDBC URL to one or multiple algorithms. Oracle Advanced Security provides the Advanced Encryption Standard (AES), DES, 3DES, and RC4 symmetric cryptosystems for protecting the confidentiality of network traffic.
    For example, your JDBC URL string in
    as seen through CSA might look like this (we broke the long string onto multiple lines to avoid scrolling):
url="jdbc:clarity:oracle://;ServiceName=clrtydev; BatchPerformanceWorkaround=true;InsensitiveResultSetBufferSize=0;ServerType=dedicated; supportLinks=true;EncryptionLevel=requested;EncryptionTypes=AES"
Configure the JDBC URL in CSA
Database encryption is completely transparent to CA PPM; however, you need to modify the JDBC URL to ensure PPM can connect to the database.
Example 1:
CA PPM uses Progress Data Direct drivers to connect to Oracle databases with the
parameter; however, you can use other parameters based on your security policy.
Example 2:
: The value of this property is ignored if the
property is set to
More Configuration Tips:
  • Separate multiple values with commas and enclose the entire set of values in parentheses.
  • If multiple values are specified and Oracle Advanced Security encryption is enabled using the EncryptionLevel property, the database server determines which algorithm is used based on how it is configured.
  • If unspecified, a list of all possible values is sent to the database server. The database server determines which algorithm is used based on how it is configured.
  • Consult your Oracle administrator to verify the data encryption settings of your Oracle server.