Planning for Edge Encryption
-
- UpdatedJan 30, 2025
- 2 minutes to read
- Yokohama
- Edge Encryption
Successful implementation of Edge Encryption requires planning and preparation.
Answer the following questions in the planning stage.
- Which fields are to be encrypted?
- Which encryption types are to be used?
- How many Edge Encryption proxies are needed? See Sizing your Edge Encryption environment for recommendations and considerations.
- If an order preserving encryption type or encryption patterns are to be used, where is the MySQL database located?
- Which key management system is to be used?
System administrators, network administrators, and security team members have different tasks
to fulfill for implementing Edge Encryption.
- System administrators need the security-admin role. The system administrator must :
- Download the Edge Encryption proxy application.
- Set up an Edge Encryption user account for the proxies to use to connect to the instance. The user must be assigned the edge_encryption role.
- Configure encryption keys, and set the default keys.
- Configure Edge Encryption on the instance.
- Schedule encryption jobs.
- Monitor Edge Encryption.
- Create and edit encryption rules.
- Your network administrator must:
- Install the Edge Encryption proxy application.
- Know the network addresses for the proxy servers and the proxy database used for order-preserving encryption and encryption patterns.
- Install the proxy database to be used for order-preserving encryption and encryption patterns.
- Start and stop the proxy applications.
- Perform encryption key management.
- Determine how to map users to encryption proxy applications. This can be done with DNS settings or routing rules, and is specific to each network.
- Manage multiple proxy servers.
- Configure load balancer pools and settings.
- Your security administrator must determine the encryption types to be assigned to each field.