Answer the following questions in the planning stage.

• Which fields are to be encrypted?
• Which encryption types are to be used?
• How many Edge Encryption proxies are needed? See Sizing your Edge Encryption environment for recommendations and considerations.
• If an order preserving encryption type or encryption patterns are to be used, where is the MySQL database located?
• Which key management system is to be used?

System administrators, network administrators, and security team members have different tasks to fulfill for implementing Edge Encryption.

• System administrators need the security-admin role. The system administrator must :
  • Download the Edge Encryption proxy application.
  • Set up an Edge Encryption user account for the proxies to use to connect to the instance. The user must be assigned the edge_encryption role.
  • Configure encryption keys, and set the default keys.
  • Configure Edge Encryption on the instance.
  • Schedule encryption jobs.
  • Monitor Edge Encryption.
  • Create and edit encryption rules.
• Your network administrator must:
  • Install the Edge Encryption proxy application.
  • Know the network addresses for the proxy servers and the proxy database used for order-preserving encryption and encryption patterns.
  • Install the proxy database to be used for order-preserving encryption and encryption patterns.
  • Start and stop the proxy applications.
  • Perform encryption key management.
  • Determine how to map users to encryption proxy applications. This can be done with DNS settings or routing rules, and is specific to each network.
  • Manage multiple proxy servers.
  • Configure load balancer pools and settings.
• Your security administrator must determine the encryption types to be assigned to each field.