Download presentation
Presentation is loading. Please wait.
Published byAustin Burns Modified over 9 years ago
2
Oracle Database 12c Data Protection and Multitenancy on Oracle Solaris 11 Xiaosong Zhu Senior Software Engineer Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
3
Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.
4
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Program Agenda Database Multi-tenancy on Solaris 11 Secure Multi-tenancy with Data Protection HOL9762, 10/1/14, 13:15 - 14:15, Nikko Ballroom I 1 2 3
5
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Business Drivers Why Databases Multi-tenancy Requirements Tenant isolation Security Easy adoption Manage as one Economic Pressures Security Pressures Consolidate to cut costs Reduce power Reduce floor space Reduce hardware Deliver end-to end security database Database isolation Resource isolation Data security Cloud
6
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Secure Database Multi-tenancy on Oracle Solaris Solaris Zones share servers and OS Database 12c Multitenant share servers, OS and database Increasing Consolidation Increasing Isolation
7
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Using Solaris Zones to Set up a Secure Multitenant Environment Oracle Solaris OS built-in virtualization Safely and securely run multiple applications on a single system One OS instance for all zones Rapidly scale to meet growing demand Global Zone Oracle Solaris 11.2 dbzone2 Oracle DB 11g R2 vnic2 C2t1d0 dbzone1 Oracle DB 12c vnic1 C2t0d0 C2t2d0 C2t3d0 CPU Mem CPU Mem
8
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Oracle Database 12c Multitenant Pluggable Databases (PDBs) Multitenant Container Database cdb1 Root pdb11 12.1 pdb12 12.1 pdb13 12.1 PDBs Root CDB Oracle Database 12c offers built-in database- level multi-tenancy, supported by a unique architecture known as “Plug-able Databases” Plug-able databases are self-contained database instances that run on a shared Oracle 12c Database kernel instance, allowing for extreme database mobility (they may be moved from one database kernel instance to another via a simple migration operation) A PDB feels and operates identically to a non- CDB
9
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Solaris Zone and Database 12c multitenant Solaris Zones – Low overhead – OS isolation – Flexible resource management – Rapid scale – Secure Shared and Isolated Database 12c Multitenant – Minimize CapEx – Minimize OpEx – Maximize Agility – Ease of Adoption Number of Tenants Number of Users per tenants Per-tenant value-added services Isolated Shared
10
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Program Agenda Database Multi-tenancy on Solaris 11 Secure Multi-tenancy with Data Protection HOL9762, 10/1/14, 13:15 - 14:15, Nikko Ballroom I 2 1 3
11
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | A single security breach – Sutter Health data breach in 2011 – More than 4 million patients information stolen Massive Business Impact – Consumer confidence lost – Sued for $1 billion following data breach 11 Why We Need Data Protection?
12
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Secure Multi-tenancy with Data Protection on Solaris Two Levels of Data Protection Database Encryption Exernal Security Module (Software/Hardware Keystore) TDE Master Encryption Key Encrypt File System Encryption Database 12c pdb Encrypted ZFS
13
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | DB Secure Data on Solaris Encrypted ZFS Filesystem On-disk encryption for ZFS data Block-level encryption, activated at the dataset / file system creation time Offers: – Protection against theft of physical storage and man-in-the- middle attacks on the SAN – Secure deletion Security check against passphrase or numeric key performed when mounting the file system At Rest Protection -- File System Encryption ZFS App ZFS Encrypted ZFS PDB ZFS …
14
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Oracle Database Transparent Data Encryption Database Encryption Encrypts columns or entire application tablespaces Protects the database files on disk and on backups Compatible with applications, no changes required Crypto acceleration Solaris 11 Leverage hardware crypto of SPARC T4/T5 & Intel AES-NI Encrypted Data Managed Keys OS User Attempt to Directly Access Tablespace File Contents Unauthorized Access to Data Blocked By Encryption Tablespace files (usershol.dbf) Oracle Database
15
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Data Protection TDE and ZFS Encryption – 2-tier key architecture – Provide transparent encryption and decryption – Can leverage hardware crypto accelerator ZFS Encryption – Can use for other databases than Oracle Enterprise Edition (MySQL) TDE – OS and File System agnostic – Agile on KeyStore (wallet) management
16
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Program Agenda Database Multi-tenancy on Solaris 11 Secure Multi-tenancy with Data Protection HOL9762, 10/1/14, 13:15 - 14:15, Nikko Ballroom I 3 1 2
17
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | HOL9762 Oracle Database 12c Data Protection and Multitenancy on Oracle Solaris 11 Venue / Room: Hotel Nikko - Nikko Ballroom I Date and Time: 10/1/14, 13:15 - 14:15 Agenda: Exercise 1: Using Solaris Zones to Set up a Multitenant Database Environment Exercise 2: Exploring Oracle Database 12c Multitenant Exercise 3: Using Oracle Transparent Data Encryption with Solaris Cryptographic Framework
18
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | References Oracle Multitenant Oracle Solaris Administration: Oracle Solaris Zones, Oracle Solaris 10 Zones, and Resource Management Oracle Solaris Administration: Oracle Solaris Zones, Oracle Solaris 10 Zones, and Resource Management How to Manage ZFS Data Encryption Oracle Advanced Security Transparent Data Encryption Best Practices Oracle Advanced Security Transparent Data Encryption Best Practices Oracle Database 12c Transparent Data Encryption
19
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.