Planning for Edge Encryption

Successful implementation of Edge Encryption requires planning and preparation.

Answer the following questions in the planning stage.

Which fields are to be encrypted?
Which encryption types are to be used?
How many Edge Encryption proxies are needed? See Sizing your Edge Encryption environment for recommendations and considerations.
If an order preserving encryption type or encryption patterns are to be used, where is the MySQL database located?
Which key management system is to be used?

System administrators, network administrators, and security team members have different tasks to fulfill for implementing Edge Encryption.

System administrators need the security-admin role. The system administrator needs to:
- Download the Edge Encryption proxy application.
- Set up an Edge Encryption user account for the proxies to use to connect to the instance. The user must be assigned the edge_encryption role.
- Configure encryption keys, and set the default keys.
- Configure Edge Encryption on the instance.
- Schedule encryption jobs.
- Monitor Edge Encryption.
- Create and edit encryption rules.
Your network administrator needs to:
- Install the Edge Encryption proxy application.
- Know the network addresses for the proxy servers and the proxy database used for order-preserving encryption and encryption patterns.
- Install the proxy database to be used for order-preserving encryption and encryption patterns.
- Start and stop the proxy applications.
- Perform encryption key management.
- Determine how to map users to encryption proxy applications. This can be done with DNS settings or routing rules, and is specific to each network.
- Manage multiple proxy servers.
- Configure load balancer pools and settings.
Your security administrator must determine the encryption types to be assigned to each field.

Planning for Edge Encryption

Successful implementation of Edge Encryption requires planning and preparation.

Answer the following questions in the planning stage.

Which fields are to be encrypted?
Which encryption types are to be used?
How many Edge Encryption proxies are needed? See Sizing your Edge Encryption environment for recommendations and considerations.
If an order preserving encryption type or encryption patterns are to be used, where is the MySQL database located?
Which key management system is to be used?

System administrators, network administrators, and security team members have different tasks to fulfill for implementing Edge Encryption.

System administrators need the security-admin role. The system administrator needs to:
- Download the Edge Encryption proxy application.
- Set up an Edge Encryption user account for the proxies to use to connect to the instance. The user must be assigned the edge_encryption role.
- Configure encryption keys, and set the default keys.
- Configure Edge Encryption on the instance.
- Schedule encryption jobs.
- Monitor Edge Encryption.
- Create and edit encryption rules.
Your network administrator needs to:
- Install the Edge Encryption proxy application.
- Know the network addresses for the proxy servers and the proxy database used for order-preserving encryption and encryption patterns.
- Install the proxy database to be used for order-preserving encryption and encryption patterns.
- Start and stop the proxy applications.
- Perform encryption key management.
- Determine how to map users to encryption proxy applications. This can be done with DNS settings or routing rules, and is specific to each network.
- Manage multiple proxy servers.
- Configure load balancer pools and settings.
Your security administrator must determine the encryption types to be assigned to each field.