cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

data_encryption in global.ini in SAP HANA 2.0 and SAP HANA 1.0

Go to solution
Former Member

on ‎03-29-2017 1:38 PM

0 Kudos

In SAP HANA 2.0 it seems the parameter [persistence]data_encryption in global.ini is not being used/set for enabling encryption.

Logs: in HANA 2:

====

select * from M_ENCRYPTION_OVERVIEW;

SCOPE,IS_ENCRYPTION_ACTIVE,LAST_CHANGE_TIME
"LOG","FALSE","2017-03-29 10:38:12.000000000"
"PERSISTENCE","TRUE","2017-03-29 12:18:48.000000000"

But the value of data_encryption is still false :

SELECT * from "PUBLIC" . "M_INIFILE_CONTENTS" where LOWER(section)='persistence' and LOWER(KEY)='data_encryption';

FILE_NAME,LAYER_NAME,TENANT_NAME,HOST,SECTION,KEY,VALUE
"global.ini","DEFAULT","","","persistence","data_encryption","false"

====

in HANA 1:

FILE_NAME,LAYER_NAME,TENANT_NAME,HOST,SECTION,KEY,VALUE
"global.ini","DEFAULT","","","persistence","data_encryption","false"
"global.ini","SYSTEM","","","persistence","data_encryption","TRUE"

====

Is the parameter data_encryption obsolete in HANA 2.0 ?

Regards,

Mashood

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

martin_kittel
Advisor
Advisor
‎05-10-2017 2:58 PM

Hi,

to improve security, with HANA 2 the configuration of the encryption services was moved out of global.ini and is now part of the instance SSFS (see also SAP HANA Security Guide,

https://uacp2.hana.ondemand.com/viewer/b3ee5778bc2e4a089d3299b82ec762a7/2.0.01/en-US/555997ccf3e24fb.... The intention is to make it harder for a malicious OS administrator to tamper with the volume encryption setting of a HANA database.

As part of the upgrade the current setting of the data_encryption parameter is migrated into the instance SSFS. Setting/changing the data_encryption parameter in the global.ini file will no longer have an effect. Instead the volume encryption status should be set using the ALTER SYSTEM PERSISTENCE ENCRYPTION statement or using the corresponding UIs.

Best wishes,

Martin.

Show replies
Show replies

Answers (1)

Answers (1)

Former Member
‎05-09-2017 6:32 AM
0 Kudos

I do feel this is a bug or may be HANA needs to document data_encryption parameter in global.ini as obsolete.

Show replies
Show replies
Ask a Question