Skip to Content
0

data_encryption in global.ini in SAP HANA 2.0 and SAP HANA 1.0

Mar 29, 2017 at 12:38 PM

195

avatar image
Former Member

In SAP HANA 2.0 it seems the parameter [persistence]data_encryption in global.ini is not being used/set for enabling encryption.

Logs: in HANA 2:

====

select * from M_ENCRYPTION_OVERVIEW;

SCOPE,IS_ENCRYPTION_ACTIVE,LAST_CHANGE_TIME
"LOG","FALSE","2017-03-29 10:38:12.000000000"
"PERSISTENCE","TRUE","2017-03-29 12:18:48.000000000"

But the value of data_encryption is still false :

SELECT * from "PUBLIC" . "M_INIFILE_CONTENTS" where LOWER(section)='persistence' and LOWER(KEY)='data_encryption';

FILE_NAME,LAYER_NAME,TENANT_NAME,HOST,SECTION,KEY,VALUE
"global.ini","DEFAULT","","","persistence","data_encryption","false"

====

in HANA 1:

FILE_NAME,LAYER_NAME,TENANT_NAME,HOST,SECTION,KEY,VALUE
"global.ini","DEFAULT","","","persistence","data_encryption","false"
"global.ini","SYSTEM","","","persistence","data_encryption","TRUE"

====

Is the parameter data_encryption obsolete in HANA 2.0 ?

Regards,

Mashood

10 |10000 characters needed characters left characters exceeded
* Please Login or Register to Answer, Follow or Comment.

2 Answers

Best Answer
Martin Kittel
May 10, 2017 at 01:58 PM
2

Hi,

to improve security, with HANA 2 the configuration of the encryption services was moved out of global.ini and is now part of the instance SSFS (see also SAP HANA Security Guide,

https://uacp2.hana.ondemand.com/viewer/b3ee5778bc2e4a089d3299b82ec762a7/2.0.01/en-US/555997ccf3e24fb39cf018b1182acae3.html). The intention is to make it harder for a malicious OS administrator to tamper with the volume encryption setting of a HANA database.

As part of the upgrade the current setting of the data_encryption parameter is migrated into the instance SSFS. Setting/changing the data_encryption parameter in the global.ini file will no longer have an effect. Instead the volume encryption status should be set using the ALTER SYSTEM PERSISTENCE ENCRYPTION statement or using the corresponding UIs.

Best wishes,

Martin.

Share
10 |10000 characters needed characters left characters exceeded
avatar image
Former Member May 09, 2017 at 05:32 AM
0

I do feel this is a bug or may be HANA needs to document data_encryption parameter in global.ini as obsolete.

Share
10 |10000 characters needed characters left characters exceeded