SlideShare a Scribd company logo

Dan Norris: Exadata security

Kyle Hailey
Kyle Hailey

Dan Norris: Exadata security

Internet
1 of 30
Download to read offline
Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.    |   Exadata  Database  Machine   Security   Dan  Norris   MAA  Team,  Oracle  Development   October  26,  2015  
Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.    |   Program  Agenda   PreparaKon  for  installaKon   InstallaKon,  deployment   Post-­‐deployment  configuraKon   Database  creaKon  and  configuraKon   OperaKonal  security  consideraKons   1   2   3   4   5   2  
Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.    |   Security  Terminology   •  APack  surface  –  the  code  within  a  computer  system  that  can  be  run  by   unauthorized  users     •  Port  –  network  term  referring  to  a  virtual  endpoint   •  Service  –  operaKng  system  term  referring  to  a  background  process  or   daemon   •  CPU  –  CriKcal  Patch  Update,  quarterly  released  security  patches  for  Oracle   products   Ge)ng  us  on  the  same  page   3  
Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.    |   PreparaKon  for  InstallaKon   •  Get  educated   •  Collect  security-­‐related  requirements  from  all  stakeholders   •  Determine  whether  role-­‐separated  installaKon  is  required     •  Plan  network  layout   •  Subscribe  to  security  alerts  -­‐  hPp://is.gd/orasec   •  Review  MOS  note  1068804.1:  Guidelines  for  enhancing  the  security  for  an   Oracle  Database  Machine  deployment   Security  starts  early   4  
Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.    |   Plan  Network  Layout   •  Client  Access  is  entry  point  for  most   accesses   •  Management  should  be  restricted   •  InfiniBand  is  private  to  machine,   physical  security  protects  it   Perimeter  security  for  networks   5  
Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.    |   InstallaKon  and  Deployment   •  Exadata  includes  many  security  features  by  default   •  Implement  the  recommended  security  step  during  deployment   – AKA  “Resecure  Machine”  step   •  Start  secure,  only  open  what  is  necessary   – “Doing  security”  later  almost  never  happens  (or  works)   •  Configure  ASM  audits  to  use  syslog  (audit_syslog_level)   •  Configure  ASM  &  DB  init.ora:  audit_sys_operaKons=true   Implement  the  available  features  and  security  plan   6  
Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.    |   Default  Security  Features   •  short  package  install  list   •  only  necessary  services  enabled   •  hPps  management  interface   •  sshd  secure  default  sehngs   •  password  aging   •  maximum  failed  login  aPempts   Implement  the  available  features  and  security  plan   7   •  auditd  monitoring  enabled   •  cellwall:  iptables  firewall   •  CPUs  included  in  patch  bundles,   releases  synchronized   •  system  hardening   •  boot  loader  password  protecKon  
Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.    |   Resecure  Machine  Step   •  In  this  step,  several  security  changes   are  made:   – password  complexity  requirements  are   added  (dis,dis,16,12,8)   – passwords  are  expired  (forcing  reset  on   next  login)   – password  aging  implemented   – permissions  Kghtened   Implement  the  available  features  and  security  plan   8  
Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.    |   Resecure  Machine  Step   $ ./install.sh –cf maa-phys.xml -l 1. Validate Configuration File 2. Setup Required Files <snip many steps> 17. Install Exachk 18. Create Installation Summary 19. Resecure Machine 9  
Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.    |   Resecure  Machine  Step   $ ./install.sh –cf maa-vm.xml -l 1. Validate Configuration File 2. Create Virtual Machine 3. Create Users <snip many steps> 17. Create Installation Summary 18. Resecure Machine 10  
Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.    |   Post-­‐Deployment  ConfiguraKon   •  Change  all  passwords  for  all  default   accounts  (MOS  1291766.1)   •  Perform  validaKon  for  local  policies  or   rules   – See  MOS  1405320.1  for  commonly   idenKfied  audit  findings   •  Exadata  Security  –  especially  for   consolidaKon  environments   Address  site-­‐specific  requirements   11  
Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.    |   Post-­‐Deployment  ConfiguraKon   •  *New*  in  12.1.2.2.0   •  Cells  can  have  remote  access  disabled  –  no  SSH  access  to  OS   •  Must  enable  temporarily  for  maintenance  (upgrades)   •  New  cell  aPributes:  remoteAccessPerm,  remoteAccessTemp   •  Can  temporarily  enable  access,  automaKc  lock  up  at  a  specified  Kme   •  Can  sKll  access  console  via  ILOM   •  Use  exacli/exadcli  from  DB  nodes  for  cell  commands   Cell  Lockdown   12  
Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.    |   Post-­‐Deployment  ConfiguraKon   cellcli> create role administrator cellcli> grant privilege all actions on all objects all attributes with all options to role administrator cellcli> create user celladministrator password='*' cellcli> grant role administrator to user celladministrator Cell  Lockdown  Setup   13  
Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.    |   Post-­‐Deployment  ConfiguraKon   # cellcli -e list cell detail | egrep -i 'cellversion|accesslevel' accessLevelPerm: remoteLoginDisabled cellVersion: OSS_12.1.2.2.0_LINUX.X64_150917 exacli> alter cell accessLevelTemp=((accessLevel="remoteLoginEnabled", - startTime="now", - duration="30m", - reason="Quarterly maintenance")) Cell  Lockdown   14  
Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.    |   Post-­‐Deployment  ConfiguraKon   • Cells  have  syslogconf  cell  aPributes  (for  quite  a  while)   • DB  nodes  have  /etc/rsyslog.conf   – On  12.1.2.1.0  &  later,  also  have  syslogconf  dbserver  aPribute     Centralized  syslog   15  
Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.    |   Post-­‐Deployment  ConfiguraKon   On  receiving  side,  for  rsyslogd,  modify  /etc/rsyslogd.conf:   # Provides UDP syslog reception $ModLoad imudp $UDPServerRun 514   The  HUP  rsyslogd:   kill -HUP $(cat /var/run/syslogd.pid) Centralized  syslog  setup   16  
Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.    |   Post-­‐Deployment  ConfiguraKon   cellcli> alter cell syslogconf=('authpriv.* @syslgsrv', 'security.* @seclogserver'); cellcli> alter cell validate syslogconf 'authpriv.error';   dbmcli> alter dbserver syslogconf=('authpriv.* @syslgsrv', 'security.* @seclogserver'); dbmcli> alter dbserver validate syslogconf 'authpriv.error';   Centralized  syslog   17  
Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.    |   Exadata  Security  (ASM,  Griddisks)   ConsolidaIon:  sharing  without  peeking   18   •  Privileges  on  griddisk  level   •  Restrict  griddisks  to  certain  clusters  and/or  certain  database(s)   •  Especially  effecKve  to  manage  mulKple  administrators   •  See  whitepapers   – Oracle  Exadata  Database  Machine  ConsolidaKon:  SegregaKng  Databases  and  Roles  -­‐   hPp://is.gd/exaconsolidaKon   – Best  PracKces  for  Database  ConsolidaKon  On  Exadata  Database  Machine  -­‐  hPp:// is.gd/orclconswp  
Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.    |   Database  CreaKon  and  ConfiguraKon   Implement  database-­‐specific  features  and  best  pracIces   19   •  Stay  current  with  Exadata  bundle  patches  (888828.1)   – Bundle  patches  include  latest  CPU  patches   •  Consider  TDE,  network  encrypKon,  Data  Vault,  Audit  Vault   •  Review  whitepaper:  “Cost  EffecKve  Security  and  Compliance  with  Oracle   Database  11g  Release  2”  -­‐  hPp://is.gd/seccompliance11gr2   •  Take  the  Enterprise  Data  Security  Assessment  at  hPp://is.gd/ entsecassessment  
Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.    |   Oracle  Database  Security  Defense  in  Depth   Masking & Subsetting DBA Controls & Cyber Security Encryption & Redaction PREVENTIVE Activity Monitoring Database Firewall Auditing and Reporting DETECTIVE ADMINISTRATIVE Privilege & Data Discovery Configuration Management Key & Wallet Management 20  
Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.    |   OperaKonal  Security  ConsideraKons   Remain  security-­‐minded  when  patching,  upgrading,  backing  up   21   •  Changes  permiPed  on  DB  nodes,  not   cells   •  Backups  can  be  encrypted   •  Patching  or  upgrading  may  “undo”  some   changes;  verify  aper   •  DB  node  updates  use  yum  commands   with  excludes  (see  doc  for  excludes)    
Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.    |   OperaKonal  Security  ConsideraKons   Remain  security-­‐minded  when  patching,  upgrading,  backing  up   22   •  Periodic  reviews  to  ensure  sehngs   remain  and  vulnerabiliKes  don’t   •  Secure  erase  for  storage  cells  is  available     •  Disk  drive  retenKon  is  available   •  Oracle  Enterprise  Manager  Governance,   Risk  &  Compliance  Manager   conKnuously  reviews  the  system  
Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.    |   OperaKonal  Security  ConsideraKons   Component   Access  Required   Database  –  Patch  set   Database  server  root,  sopware  home  owner,  passwordless  SSH  to  all   sopware  home  owners  (on  other  nodes)   Database  –  Patch  set   Database  server  root,  sopware  home  owner   Grid  Infrastructure   Same  as  Database   Exadata  Database  Server  (OS)   Database  server  root   Exadata  Storage  Server   Database  server  root,  Passwordless  SSH  from  database  server  root  to   storage  server  root  (temporarily  disable  lockdown)   InfiniBand  Switch   Database  server  root,  InfiniBand  switch  root   23   Patching  consideraIons  
Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.    |   Late  Breaking  Security  Updates   MOS  Note  or  URL   DescripIon   Coming  soon   UpdaKng  JDK  on  Exadata  Database  Machine  database  nodes   2060027.1   October  2015  ILOM  security  updates  –  fixes  included  in  Exadata  12.1.2.2.0   images   24  
Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.    |   Summary   PreparaKon  for  installaKon   InstallaKon,  deployment   Post-­‐deployment  configuraKon   Database  creaKon  and  configuraKon   OperaKonal  security  consideraKons   1   2   3   4   5   25  
Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.    |   References   Note  or  URL   DescripIon   hPp://is.gd/orasec   Oracle  Security  Alerts  subscripKon   1068804.1   Guidelines  for  enhancing  the  security  for  an  Oracle  Database  Machine   deployment   1291766.1   How  to  change  OS  user  password  for  Cell  Node,  Database  Node  ,  ILOM,   KVM  ,  Infiniband  Switch  ,  GigaBit  Ethernet  Switch  and  PDU  on  Exadata   888828.1   Database  Machine  and  Exadata  Storage  Server  11g  Release  2  (11.2)   Supported  Versions   1405320.1   Responses  to  common  Exadata  security  scan  findings   hPp://is.gd/exaconsolidaKon   Oracle  Exadata  Database  Machine  ConsolidaKon:  SegregaKng  Databases   and  Roles   hPp://is.gd/entsecassessment   Enterprise  Data  Security  Assessment   26  
Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.    |   References   MOS  Note  or  URL   DescripIon   1938719.1   Exadata  informaKon  on  Bash  shellshock  vulnerability   1935817.1   Exadata  informaKon  on  SSLv3  POODLE  vulnerability   hPp://is.gd/orclpoodle   Generic  info  about  POODLE  for  all  Oracle  products   hPp://is.gd/orclshellshock   Generic  info  about  Bash  Shellshock  for  all  Oracle  products   2069987.1   HOWTO:  Update  JDK  on  Exadata  Database  Nodes   27  
Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.    |   Safe  Harbor  Statement   The  preceding  is  intended  to  outline  our  general  product  direcKon.  It  is  intended  for   informaKon  purposes  only,  and  may  not  be  incorporated  into  any  contract.  It  is  not  a   commitment  to  deliver  any  material,  code,  or  funcKonality,  and  should  not  be  relied  upon   in  making  purchasing  decisions.  The  development,  release,  and  Kming  of  any  features  or   funcKonality  described  for  Oracle’s  products  remains  at  the  sole  discreKon  of  Oracle.   28  
Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.    |   29  
Dan Norris: Exadata security

Recommended

Oaktable World 2014 Kevin Closson: SLOB – For More Than I/O!
Oaktable World 2014 Kevin Closson: SLOB – For More Than I/O!Oaktable World 2014 Kevin Closson: SLOB – For More Than I/O!
Oaktable World 2014 Kevin Closson: SLOB – For More Than I/O!Kyle Hailey
 
Mark Farnam : Minimizing the Concurrency Footprint of Transactions
Mark Farnam : Minimizing the Concurrency Footprint of TransactionsMark Farnam : Minimizing the Concurrency Footprint of Transactions
Mark Farnam : Minimizing the Concurrency Footprint of TransactionsKyle Hailey
 
Oracle Open World 2014: Lies, Damned Lies, and I/O Statistics [ CON3671]
Oracle Open World 2014: Lies, Damned Lies, and I/O Statistics [ CON3671]Oracle Open World 2014: Lies, Damned Lies, and I/O Statistics [ CON3671]
Oracle Open World 2014: Lies, Damned Lies, and I/O Statistics [ CON3671]Kyle Hailey
 
Delphix for DBAs by Jonathan Lewis
Delphix for DBAs by Jonathan LewisDelphix for DBAs by Jonathan Lewis
Delphix for DBAs by Jonathan LewisKyle Hailey
 
Data Virtualization: Revolutionizing data cloning
Data Virtualization: Revolutionizing data cloning Data Virtualization: Revolutionizing data cloning
Data Virtualization: Revolutionizing data cloning Kyle Hailey
 
Delphix
DelphixDelphix
DelphixDealmaker Media
 
Christo kutrovsky oracle rac solving common scalability problems
Christo kutrovsky oracle rac solving common scalability problemsChristo kutrovsky oracle rac solving common scalability problems
Christo kutrovsky oracle rac solving common scalability problemsChristo Kutrovsky
 
Delphix Workflow for SQL Server
Delphix Workflow for SQL ServerDelphix Workflow for SQL Server
Delphix Workflow for SQL Serverrcaccia
 

Recommended

Oaktable World 2014 Kevin Closson: SLOB – For More Than I/O!
Oaktable World 2014 Kevin Closson: SLOB – For More Than I/O!Oaktable World 2014 Kevin Closson: SLOB – For More Than I/O!
Oaktable World 2014 Kevin Closson: SLOB – For More Than I/O!Kyle Hailey
 
Mark Farnam : Minimizing the Concurrency Footprint of Transactions
Mark Farnam : Minimizing the Concurrency Footprint of TransactionsMark Farnam : Minimizing the Concurrency Footprint of Transactions
Mark Farnam : Minimizing the Concurrency Footprint of TransactionsKyle Hailey
 
Oracle Open World 2014: Lies, Damned Lies, and I/O Statistics [ CON3671]
Oracle Open World 2014: Lies, Damned Lies, and I/O Statistics [ CON3671]Oracle Open World 2014: Lies, Damned Lies, and I/O Statistics [ CON3671]
Oracle Open World 2014: Lies, Damned Lies, and I/O Statistics [ CON3671]Kyle Hailey
 
Delphix for DBAs by Jonathan Lewis
Delphix for DBAs by Jonathan LewisDelphix for DBAs by Jonathan Lewis
Delphix for DBAs by Jonathan LewisKyle Hailey
 
Data Virtualization: Revolutionizing data cloning
Data Virtualization: Revolutionizing data cloning Data Virtualization: Revolutionizing data cloning
Data Virtualization: Revolutionizing data cloning Kyle Hailey
 
Delphix
DelphixDelphix
DelphixDealmaker Media
 
Christo kutrovsky oracle rac solving common scalability problems
Christo kutrovsky oracle rac solving common scalability problemsChristo kutrovsky oracle rac solving common scalability problems
Christo kutrovsky oracle rac solving common scalability problemsChristo Kutrovsky
 
Delphix Workflow for SQL Server
Delphix Workflow for SQL ServerDelphix Workflow for SQL Server
Delphix Workflow for SQL Serverrcaccia
 
Kscope 2013 delphix
Kscope 2013 delphixKscope 2013 delphix
Kscope 2013 delphixKyle Hailey
 
Transforming IT Infrastructure
Transforming IT InfrastructureTransforming IT Infrastructure
Transforming IT Infrastructuretim_evdbt
 
Oracle Exadata Performance: Latest Improvements and Less Known Features
Oracle Exadata Performance: Latest Improvements and Less Known FeaturesOracle Exadata Performance: Latest Improvements and Less Known Features
Oracle Exadata Performance: Latest Improvements and Less Known FeaturesTanel Poder
 
Jonathan Lewis explains Delphix
Jonathan Lewis explains Delphix Jonathan Lewis explains Delphix
Jonathan Lewis explains Delphix Kyle Hailey
 
Advanced Oracle Troubleshooting
Advanced Oracle TroubleshootingAdvanced Oracle Troubleshooting
Advanced Oracle TroubleshootingHector Martinez
 
VMworld 2016: vSphere 6.x Host Resource Deep Dive
VMworld 2016: vSphere 6.x Host Resource Deep DiveVMworld 2016: vSphere 6.x Host Resource Deep Dive
VMworld 2016: vSphere 6.x Host Resource Deep DiveVMworld
 
Tanel Poder - Troubleshooting Complex Oracle Performance Issues - Part 1
Tanel Poder - Troubleshooting Complex Oracle Performance Issues - Part 1Tanel Poder - Troubleshooting Complex Oracle Performance Issues - Part 1
Tanel Poder - Troubleshooting Complex Oracle Performance Issues - Part 1Tanel Poder
 
Long live to CMAN!
Long live to CMAN!Long live to CMAN!
Long live to CMAN!Ludovico Caldara
 
Oracle Drivers configuration for High Availability
Oracle Drivers configuration for High AvailabilityOracle Drivers configuration for High Availability
Oracle Drivers configuration for High AvailabilityLudovico Caldara
 
OGG Architecture Performance
OGG Architecture PerformanceOGG Architecture Performance
OGG Architecture PerformanceEnkitec
 
Looking at RAC, GI/Clusterware Diagnostic Tools
Looking at RAC, GI/Clusterware Diagnostic Tools Looking at RAC, GI/Clusterware Diagnostic Tools
Looking at RAC, GI/Clusterware Diagnostic Tools Leighton Nelson
 
VMworld 2016: Getting Started with PowerShell and PowerCLI for Your VMware En...
VMworld 2016: Getting Started with PowerShell and PowerCLI for Your VMware En...VMworld 2016: Getting Started with PowerShell and PowerCLI for Your VMware En...
VMworld 2016: Getting Started with PowerShell and PowerCLI for Your VMware En...VMworld
 
VMworld 2013: vSphere Data Protection (VDP) Technical Deep Dive and Troublesh...
VMworld 2013: vSphere Data Protection (VDP) Technical Deep Dive and Troublesh...VMworld 2013: vSphere Data Protection (VDP) Technical Deep Dive and Troublesh...
VMworld 2013: vSphere Data Protection (VDP) Technical Deep Dive and Troublesh...VMworld
 
VMworld 2015: The Future of Software- Defined Storage- What Does it Look Like...
VMworld 2015: The Future of Software- Defined Storage- What Does it Look Like...VMworld 2015: The Future of Software- Defined Storage- What Does it Look Like...
VMworld 2015: The Future of Software- Defined Storage- What Does it Look Like...VMworld
 
Jurijs Velikanovs - RAC Attack 101 - How to install 12c RAC on your laptop
Jurijs Velikanovs - RAC Attack 101 - How to install 12c RAC on your laptop Jurijs Velikanovs - RAC Attack 101 - How to install 12c RAC on your laptop
Jurijs Velikanovs - RAC Attack 101 - How to install 12c RAC on your laptop Andrejs Vorobjovs
 
Oracle Database on Docker
Oracle Database on DockerOracle Database on Docker
Oracle Database on DockerFranck Pachot
 
tow nodes Oracle 12c RAC on virtualbox
tow nodes Oracle 12c RAC on virtualboxtow nodes Oracle 12c RAC on virtualbox
tow nodes Oracle 12c RAC on virtualboxjustinit
 
VMworld 2016: Enforcing a vSphere Cluster Design with PowerCLI Automation
VMworld 2016: Enforcing a vSphere Cluster Design with PowerCLI AutomationVMworld 2016: Enforcing a vSphere Cluster Design with PowerCLI Automation
VMworld 2016: Enforcing a vSphere Cluster Design with PowerCLI AutomationVMworld
 
Become a MySQL DBA - slides: Deciding on a relevant backup solution
Become a MySQL DBA - slides: Deciding on a relevant backup solutionBecome a MySQL DBA - slides: Deciding on a relevant backup solution
Become a MySQL DBA - slides: Deciding on a relevant backup solutionSeveralnines
 
Oracle Drivers configuration for High Availability, is it a developer's job?
Oracle Drivers configuration for High Availability, is it a developer's job?Oracle Drivers configuration for High Availability, is it a developer's job?
Oracle Drivers configuration for High Availability, is it a developer's job?Ludovico Caldara
 
DevOps and its impact
DevOps and its impactDevOps and its impact
DevOps and its impactCisco DevNet
 
OakTable World Sep14 clonedb
OakTable World Sep14 clonedb OakTable World Sep14 clonedb
OakTable World Sep14 clonedb Connor McDonald
 

More Related Content

What's hot

Kscope 2013 delphix
Kscope 2013 delphixKscope 2013 delphix
Kscope 2013 delphixKyle Hailey
 
Transforming IT Infrastructure
Transforming IT InfrastructureTransforming IT Infrastructure
Transforming IT Infrastructuretim_evdbt
 
Oracle Exadata Performance: Latest Improvements and Less Known Features
Oracle Exadata Performance: Latest Improvements and Less Known FeaturesOracle Exadata Performance: Latest Improvements and Less Known Features
Oracle Exadata Performance: Latest Improvements and Less Known FeaturesTanel Poder
 
Jonathan Lewis explains Delphix
Jonathan Lewis explains Delphix Jonathan Lewis explains Delphix
Jonathan Lewis explains Delphix Kyle Hailey
 
Advanced Oracle Troubleshooting
Advanced Oracle TroubleshootingAdvanced Oracle Troubleshooting
Advanced Oracle TroubleshootingHector Martinez
 
VMworld 2016: vSphere 6.x Host Resource Deep Dive
VMworld 2016: vSphere 6.x Host Resource Deep DiveVMworld 2016: vSphere 6.x Host Resource Deep Dive
VMworld 2016: vSphere 6.x Host Resource Deep DiveVMworld
 
Tanel Poder - Troubleshooting Complex Oracle Performance Issues - Part 1
Tanel Poder - Troubleshooting Complex Oracle Performance Issues - Part 1Tanel Poder - Troubleshooting Complex Oracle Performance Issues - Part 1
Tanel Poder - Troubleshooting Complex Oracle Performance Issues - Part 1Tanel Poder
 
Oracle Drivers configuration for High Availability
Oracle Drivers configuration for High AvailabilityOracle Drivers configuration for High Availability
Oracle Drivers configuration for High AvailabilityLudovico Caldara
 
OGG Architecture Performance
OGG Architecture PerformanceOGG Architecture Performance
OGG Architecture PerformanceEnkitec
 
Looking at RAC, GI/Clusterware Diagnostic Tools
Looking at RAC, GI/Clusterware Diagnostic Tools Looking at RAC, GI/Clusterware Diagnostic Tools
Looking at RAC, GI/Clusterware Diagnostic Tools Leighton Nelson
 
VMworld 2016: Getting Started with PowerShell and PowerCLI for Your VMware En...
VMworld 2016: Getting Started with PowerShell and PowerCLI for Your VMware En...VMworld 2016: Getting Started with PowerShell and PowerCLI for Your VMware En...
VMworld 2016: Getting Started with PowerShell and PowerCLI for Your VMware En...VMworld
 
VMworld 2013: vSphere Data Protection (VDP) Technical Deep Dive and Troublesh...
VMworld 2013: vSphere Data Protection (VDP) Technical Deep Dive and Troublesh...VMworld 2013: vSphere Data Protection (VDP) Technical Deep Dive and Troublesh...
VMworld 2013: vSphere Data Protection (VDP) Technical Deep Dive and Troublesh...VMworld
 
VMworld 2015: The Future of Software- Defined Storage- What Does it Look Like...
VMworld 2015: The Future of Software- Defined Storage- What Does it Look Like...VMworld 2015: The Future of Software- Defined Storage- What Does it Look Like...
VMworld 2015: The Future of Software- Defined Storage- What Does it Look Like...VMworld
 
Jurijs Velikanovs - RAC Attack 101 - How to install 12c RAC on your laptop
Jurijs Velikanovs - RAC Attack 101 - How to install 12c RAC on your laptop Jurijs Velikanovs - RAC Attack 101 - How to install 12c RAC on your laptop
Jurijs Velikanovs - RAC Attack 101 - How to install 12c RAC on your laptop Andrejs Vorobjovs
 
Oracle Database on Docker
Oracle Database on DockerOracle Database on Docker
Oracle Database on DockerFranck Pachot
 
tow nodes Oracle 12c RAC on virtualbox
tow nodes Oracle 12c RAC on virtualboxtow nodes Oracle 12c RAC on virtualbox
tow nodes Oracle 12c RAC on virtualboxjustinit
 
VMworld 2016: Enforcing a vSphere Cluster Design with PowerCLI Automation
VMworld 2016: Enforcing a vSphere Cluster Design with PowerCLI AutomationVMworld 2016: Enforcing a vSphere Cluster Design with PowerCLI Automation
VMworld 2016: Enforcing a vSphere Cluster Design with PowerCLI AutomationVMworld
 
Become a MySQL DBA - slides: Deciding on a relevant backup solution
Become a MySQL DBA - slides: Deciding on a relevant backup solutionBecome a MySQL DBA - slides: Deciding on a relevant backup solution
Become a MySQL DBA - slides: Deciding on a relevant backup solutionSeveralnines
 
Oracle Drivers configuration for High Availability, is it a developer's job?
Oracle Drivers configuration for High Availability, is it a developer's job?Oracle Drivers configuration for High Availability, is it a developer's job?
Oracle Drivers configuration for High Availability, is it a developer's job?Ludovico Caldara
 

What's hot (20)

Kscope 2013 delphix
Kscope 2013 delphixKscope 2013 delphix
Kscope 2013 delphix
 
Transforming IT Infrastructure
Transforming IT InfrastructureTransforming IT Infrastructure
Transforming IT Infrastructure
 
Oracle Exadata Performance: Latest Improvements and Less Known Features
Oracle Exadata Performance: Latest Improvements and Less Known FeaturesOracle Exadata Performance: Latest Improvements and Less Known Features
Oracle Exadata Performance: Latest Improvements and Less Known Features
 
Jonathan Lewis explains Delphix
Jonathan Lewis explains Delphix Jonathan Lewis explains Delphix
Jonathan Lewis explains Delphix
 
Advanced Oracle Troubleshooting
Advanced Oracle TroubleshootingAdvanced Oracle Troubleshooting
Advanced Oracle Troubleshooting
 
VMworld 2016: vSphere 6.x Host Resource Deep Dive
VMworld 2016: vSphere 6.x Host Resource Deep DiveVMworld 2016: vSphere 6.x Host Resource Deep Dive
VMworld 2016: vSphere 6.x Host Resource Deep Dive
 
Tanel Poder - Troubleshooting Complex Oracle Performance Issues - Part 1
Tanel Poder - Troubleshooting Complex Oracle Performance Issues - Part 1Tanel Poder - Troubleshooting Complex Oracle Performance Issues - Part 1
Tanel Poder - Troubleshooting Complex Oracle Performance Issues - Part 1
 
Long live to CMAN!
Long live to CMAN!Long live to CMAN!
Long live to CMAN!
 
Oracle Drivers configuration for High Availability
Oracle Drivers configuration for High AvailabilityOracle Drivers configuration for High Availability
Oracle Drivers configuration for High Availability
 
OGG Architecture Performance
OGG Architecture PerformanceOGG Architecture Performance
OGG Architecture Performance
 
Looking at RAC, GI/Clusterware Diagnostic Tools
Looking at RAC, GI/Clusterware Diagnostic Tools Looking at RAC, GI/Clusterware Diagnostic Tools
Looking at RAC, GI/Clusterware Diagnostic Tools
 
VMworld 2016: Getting Started with PowerShell and PowerCLI for Your VMware En...
VMworld 2016: Getting Started with PowerShell and PowerCLI for Your VMware En...VMworld 2016: Getting Started with PowerShell and PowerCLI for Your VMware En...
VMworld 2016: Getting Started with PowerShell and PowerCLI for Your VMware En...
 
VMworld 2013: vSphere Data Protection (VDP) Technical Deep Dive and Troublesh...
VMworld 2013: vSphere Data Protection (VDP) Technical Deep Dive and Troublesh...VMworld 2013: vSphere Data Protection (VDP) Technical Deep Dive and Troublesh...
VMworld 2013: vSphere Data Protection (VDP) Technical Deep Dive and Troublesh...
 
VMworld 2015: The Future of Software- Defined Storage- What Does it Look Like...
VMworld 2015: The Future of Software- Defined Storage- What Does it Look Like...VMworld 2015: The Future of Software- Defined Storage- What Does it Look Like...
VMworld 2015: The Future of Software- Defined Storage- What Does it Look Like...
 
Jurijs Velikanovs - RAC Attack 101 - How to install 12c RAC on your laptop
Jurijs Velikanovs - RAC Attack 101 - How to install 12c RAC on your laptop Jurijs Velikanovs - RAC Attack 101 - How to install 12c RAC on your laptop
Jurijs Velikanovs - RAC Attack 101 - How to install 12c RAC on your laptop
 
Oracle Database on Docker
Oracle Database on DockerOracle Database on Docker
Oracle Database on Docker
 
tow nodes Oracle 12c RAC on virtualbox
tow nodes Oracle 12c RAC on virtualboxtow nodes Oracle 12c RAC on virtualbox
tow nodes Oracle 12c RAC on virtualbox
 
VMworld 2016: Enforcing a vSphere Cluster Design with PowerCLI Automation
VMworld 2016: Enforcing a vSphere Cluster Design with PowerCLI AutomationVMworld 2016: Enforcing a vSphere Cluster Design with PowerCLI Automation
VMworld 2016: Enforcing a vSphere Cluster Design with PowerCLI Automation
 
Become a MySQL DBA - slides: Deciding on a relevant backup solution
Become a MySQL DBA - slides: Deciding on a relevant backup solutionBecome a MySQL DBA - slides: Deciding on a relevant backup solution
Become a MySQL DBA - slides: Deciding on a relevant backup solution
 
Oracle Drivers configuration for High Availability, is it a developer's job?
Oracle Drivers configuration for High Availability, is it a developer's job?Oracle Drivers configuration for High Availability, is it a developer's job?
Oracle Drivers configuration for High Availability, is it a developer's job?
 

Viewers also liked

DevOps and its impact
DevOps and its impactDevOps and its impact
DevOps and its impactCisco DevNet
 
OakTable World Sep14 clonedb
OakTable World Sep14 clonedb OakTable World Sep14 clonedb
OakTable World Sep14 clonedb Connor McDonald
 
Indexes: Structure, Splits and Free Space Management Internals
Indexes: Structure, Splits and Free Space Management InternalsIndexes: Structure, Splits and Free Space Management Internals
Indexes: Structure, Splits and Free Space Management InternalsChristian Antognini
 
Profiling the logwriter and database writer
Profiling the logwriter and database writerProfiling the logwriter and database writer
Profiling the logwriter and database writerKyle Hailey
 
OakTable World 2015 - Using XMLType content with the Oracle In-Memory Column...
OakTable World 2015 - Using XMLType content with the Oracle In-Memory Column...OakTable World 2015 - Using XMLType content with the Oracle In-Memory Column...
OakTable World 2015 - Using XMLType content with the Oracle In-Memory Column...Marco Gralike
 
ARC202 Architecting for High Availability - AWS re: Invent 2012
ARC202 Architecting for High Availability - AWS re: Invent 2012ARC202 Architecting for High Availability - AWS re: Invent 2012
ARC202 Architecting for High Availability - AWS re: Invent 2012Amazon Web Services
 
Ash masters : advanced ash analytics on Oracle
Ash masters : advanced ash analytics on Oracle Ash masters : advanced ash analytics on Oracle
Ash masters : advanced ash analytics on Oracle Kyle Hailey
 
How to find and fix your Oracle application performance problem
How to find and fix your Oracle application performance problemHow to find and fix your Oracle application performance problem
How to find and fix your Oracle application performance problemCary Millsap
 
Oracle Open World Thursday 230 ashmasters
Oracle Open World Thursday 230 ashmastersOracle Open World Thursday 230 ashmasters
Oracle Open World Thursday 230 ashmastersKyle Hailey
 
AWR Ambiguity: Performance reasoning when the numbers don't add up
AWR Ambiguity: Performance reasoning when the numbers don't add upAWR Ambiguity: Performance reasoning when the numbers don't add up
AWR Ambiguity: Performance reasoning when the numbers don't add upJohn Beresniewicz
 
Oaktable World 2014 Toon Koppelaars: database constraints polite excuse
Oaktable World 2014 Toon Koppelaars: database constraints polite excuseOaktable World 2014 Toon Koppelaars: database constraints polite excuse
Oaktable World 2014 Toon Koppelaars: database constraints polite excuseKyle Hailey
 
Oracle Database on ACFS: a perfect marriage?
Oracle Database on ACFS: a perfect marriage?Oracle Database on ACFS: a perfect marriage?
Oracle Database on ACFS: a perfect marriage?Ludovico Caldara
 
Oracle Database Security: Top 10 Things You Could & Should Be Doing Differently
Oracle Database Security: Top 10 Things You Could & Should Be Doing DifferentlyOracle Database Security: Top 10 Things You Could & Should Be Doing Differently
Oracle Database Security: Top 10 Things You Could & Should Be Doing DifferentlyPythian
 
Worst Practices in Data Warehouse Design
Worst Practices in Data Warehouse DesignWorst Practices in Data Warehouse Design
Worst Practices in Data Warehouse DesignKent Graziano
 
Introducing the eDB360 Tool
Introducing the eDB360 ToolIntroducing the eDB360 Tool
Introducing the eDB360 ToolCarlos Sierra
 
Christo kutrovsky oracle, memory & linux
Christo kutrovsky oracle, memory & linuxChristo kutrovsky oracle, memory & linux
Christo kutrovsky oracle, memory & linuxKyle Hailey
 
DBaaS- Database as a Service in a DBAs World
DBaaS- Database as a Service in a DBAs WorldDBaaS- Database as a Service in a DBAs World
DBaaS- Database as a Service in a DBAs WorldKellyn Pot'Vin-Gorman
 
Getting Started with Managed Database Services on AWS
Getting Started with Managed Database Services on AWSGetting Started with Managed Database Services on AWS
Getting Started with Managed Database Services on AWSAmazon Web Services
 

Viewers also liked (20)

DevOps and its impact
DevOps and its impactDevOps and its impact
DevOps and its impact
 
OakTable World Sep14 clonedb
OakTable World Sep14 clonedb OakTable World Sep14 clonedb
OakTable World Sep14 clonedb
 
Indexes: Structure, Splits and Free Space Management Internals
Indexes: Structure, Splits and Free Space Management InternalsIndexes: Structure, Splits and Free Space Management Internals
Indexes: Structure, Splits and Free Space Management Internals
 
Profiling the logwriter and database writer
Profiling the logwriter and database writerProfiling the logwriter and database writer
Profiling the logwriter and database writer
 
OakTable World 2015 - Using XMLType content with the Oracle In-Memory Column...
OakTable World 2015 - Using XMLType content with the Oracle In-Memory Column...OakTable World 2015 - Using XMLType content with the Oracle In-Memory Column...
OakTable World 2015 - Using XMLType content with the Oracle In-Memory Column...
 
ARC202 Architecting for High Availability - AWS re: Invent 2012
ARC202 Architecting for High Availability - AWS re: Invent 2012ARC202 Architecting for High Availability - AWS re: Invent 2012
ARC202 Architecting for High Availability - AWS re: Invent 2012
 
Intro to ASH
Intro to ASHIntro to ASH
Intro to ASH
 
Ash masters : advanced ash analytics on Oracle
Ash masters : advanced ash analytics on Oracle Ash masters : advanced ash analytics on Oracle
Ash masters : advanced ash analytics on Oracle
 
How to find and fix your Oracle application performance problem
How to find and fix your Oracle application performance problemHow to find and fix your Oracle application performance problem
How to find and fix your Oracle application performance problem
 
Oracle Open World Thursday 230 ashmasters
Oracle Open World Thursday 230 ashmastersOracle Open World Thursday 230 ashmasters
Oracle Open World Thursday 230 ashmasters
 
AWR Ambiguity: Performance reasoning when the numbers don't add up
AWR Ambiguity: Performance reasoning when the numbers don't add upAWR Ambiguity: Performance reasoning when the numbers don't add up
AWR Ambiguity: Performance reasoning when the numbers don't add up
 
Data control
Data controlData control
Data control
 
Oaktable World 2014 Toon Koppelaars: database constraints polite excuse
Oaktable World 2014 Toon Koppelaars: database constraints polite excuseOaktable World 2014 Toon Koppelaars: database constraints polite excuse
Oaktable World 2014 Toon Koppelaars: database constraints polite excuse
 
Oracle Database on ACFS: a perfect marriage?
Oracle Database on ACFS: a perfect marriage?Oracle Database on ACFS: a perfect marriage?
Oracle Database on ACFS: a perfect marriage?
 
Oracle Database Security: Top 10 Things You Could & Should Be Doing Differently
Oracle Database Security: Top 10 Things You Could & Should Be Doing DifferentlyOracle Database Security: Top 10 Things You Could & Should Be Doing Differently
Oracle Database Security: Top 10 Things You Could & Should Be Doing Differently
 
Worst Practices in Data Warehouse Design
Worst Practices in Data Warehouse DesignWorst Practices in Data Warehouse Design
Worst Practices in Data Warehouse Design
 
Introducing the eDB360 Tool
Introducing the eDB360 ToolIntroducing the eDB360 Tool
Introducing the eDB360 Tool
 
Christo kutrovsky oracle, memory & linux
Christo kutrovsky oracle, memory & linuxChristo kutrovsky oracle, memory & linux
Christo kutrovsky oracle, memory & linux
 
DBaaS- Database as a Service in a DBAs World
DBaaS- Database as a Service in a DBAs WorldDBaaS- Database as a Service in a DBAs World
DBaaS- Database as a Service in a DBAs World
 
Getting Started with Managed Database Services on AWS
Getting Started with Managed Database Services on AWSGetting Started with Managed Database Services on AWS
Getting Started with Managed Database Services on AWS
 

Similar to Dan Norris: Exadata security

Cloud Platform Symantec Meetup Nov 2014
Cloud Platform Symantec Meetup Nov 2014Cloud Platform Symantec Meetup Nov 2014
Cloud Platform Symantec Meetup Nov 2014Miguel Zuniga
 
2014 OpenSuse Conf: Protect your MySQL Server
2014 OpenSuse Conf: Protect your MySQL Server2014 OpenSuse Conf: Protect your MySQL Server
2014 OpenSuse Conf: Protect your MySQL ServerGeorgi Kodinov
 
EM12C High Availability without SLB and RAC
EM12C High Availability without SLB and RACEM12C High Availability without SLB and RAC
EM12C High Availability without SLB and RACSecure-24
 
Zero to Manageability in 60 Minutes: Building a Solid Foundation for Oracle E...
Zero to Manageability in 60 Minutes: Building a Solid Foundation for Oracle E...Zero to Manageability in 60 Minutes: Building a Solid Foundation for Oracle E...
Zero to Manageability in 60 Minutes: Building a Solid Foundation for Oracle E...Courtney Llamas
 
MySQL Manchester TT - Performance Tuning
MySQL Manchester TT - Performance TuningMySQL Manchester TT - Performance Tuning
MySQL Manchester TT - Performance TuningMark Swarbrick
 
Splunk: Forward me the REST of those shells
Splunk: Forward me the REST of those shellsSplunk: Forward me the REST of those shells
Splunk: Forward me the REST of those shellsAnthony D Hendricks
 
Security of Oracle EBS - How I can Protect my System (UKOUG APPS 18 edition)
Security of Oracle EBS - How I can Protect my System (UKOUG APPS 18 edition)Security of Oracle EBS - How I can Protect my System (UKOUG APPS 18 edition)
Security of Oracle EBS - How I can Protect my System (UKOUG APPS 18 edition)Andrejs Prokopjevs
 
OUGLS 2016: How profiling works in MySQL
OUGLS 2016: How profiling works in MySQLOUGLS 2016: How profiling works in MySQL
OUGLS 2016: How profiling works in MySQLGeorgi Kodinov
 
Best practices in Deploying SUSE CaaS Platform v3
Best practices in Deploying SUSE CaaS Platform v3Best practices in Deploying SUSE CaaS Platform v3
Best practices in Deploying SUSE CaaS Platform v3Juan Herrera Utande
 
Managing Oracle Enterprise Manager Cloud Control 12c with Oracle Clusterware
Managing Oracle Enterprise Manager Cloud Control 12c with Oracle ClusterwareManaging Oracle Enterprise Manager Cloud Control 12c with Oracle Clusterware
Managing Oracle Enterprise Manager Cloud Control 12c with Oracle ClusterwareLeighton Nelson
 
Automating Post Exploitation with PowerShell
Automating Post Exploitation with PowerShellAutomating Post Exploitation with PowerShell
Automating Post Exploitation with PowerShellEnclaveSecurity
 
Java mission control and java flight recorder
Java mission control and java flight recorderJava mission control and java flight recorder
Java mission control and java flight recorderWolfgang Weigend
 
Exadata deployment life cycle
Exadata deployment life cycleExadata deployment life cycle
Exadata deployment life cycleUmair Mansoob
 
The State of the Dolphin, MySQL Keynote at Percona Live Europe 2019, Amsterda...
The State of the Dolphin, MySQL Keynote at Percona Live Europe 2019, Amsterda...The State of the Dolphin, MySQL Keynote at Percona Live Europe 2019, Amsterda...
The State of the Dolphin, MySQL Keynote at Percona Live Europe 2019, Amsterda...Geir Høydalsvik
 
OUGLS 2016: Guided Tour On The MySQL Source Code
OUGLS 2016: Guided Tour On The MySQL Source CodeOUGLS 2016: Guided Tour On The MySQL Source Code
OUGLS 2016: Guided Tour On The MySQL Source CodeGeorgi Kodinov
 

Similar to Dan Norris: Exadata security (20)

Maximizing Oracle RAC Uptime
Maximizing Oracle RAC UptimeMaximizing Oracle RAC Uptime
Maximizing Oracle RAC Uptime
 
Cloud Platform Symantec Meetup Nov 2014
Cloud Platform Symantec Meetup Nov 2014Cloud Platform Symantec Meetup Nov 2014
Cloud Platform Symantec Meetup Nov 2014
 
2014 OpenSuse Conf: Protect your MySQL Server
2014 OpenSuse Conf: Protect your MySQL Server2014 OpenSuse Conf: Protect your MySQL Server
2014 OpenSuse Conf: Protect your MySQL Server
 
EM12C High Availability without SLB and RAC
EM12C High Availability without SLB and RACEM12C High Availability without SLB and RAC
EM12C High Availability without SLB and RAC
 
Zero to Manageability in 60 Minutes: Building a Solid Foundation for Oracle E...
Zero to Manageability in 60 Minutes: Building a Solid Foundation for Oracle E...Zero to Manageability in 60 Minutes: Building a Solid Foundation for Oracle E...
Zero to Manageability in 60 Minutes: Building a Solid Foundation for Oracle E...
 
MySQL Manchester TT - Performance Tuning
MySQL Manchester TT - Performance TuningMySQL Manchester TT - Performance Tuning
MySQL Manchester TT - Performance Tuning
 
Apache cassandra v4.0
Apache cassandra v4.0Apache cassandra v4.0
Apache cassandra v4.0
 
Splunk: Forward me the REST of those shells
Splunk: Forward me the REST of those shellsSplunk: Forward me the REST of those shells
Splunk: Forward me the REST of those shells
 
Security of Oracle EBS - How I can Protect my System (UKOUG APPS 18 edition)
Security of Oracle EBS - How I can Protect my System (UKOUG APPS 18 edition)Security of Oracle EBS - How I can Protect my System (UKOUG APPS 18 edition)
Security of Oracle EBS - How I can Protect my System (UKOUG APPS 18 edition)
 
Cuc pcd tac_toi
Cuc pcd tac_toiCuc pcd tac_toi
Cuc pcd tac_toi
 
OUGLS 2016: How profiling works in MySQL
OUGLS 2016: How profiling works in MySQLOUGLS 2016: How profiling works in MySQL
OUGLS 2016: How profiling works in MySQL
 
Best practices in Deploying SUSE CaaS Platform v3
Best practices in Deploying SUSE CaaS Platform v3Best practices in Deploying SUSE CaaS Platform v3
Best practices in Deploying SUSE CaaS Platform v3
 
Managing Oracle Enterprise Manager Cloud Control 12c with Oracle Clusterware
Managing Oracle Enterprise Manager Cloud Control 12c with Oracle ClusterwareManaging Oracle Enterprise Manager Cloud Control 12c with Oracle Clusterware
Managing Oracle Enterprise Manager Cloud Control 12c with Oracle Clusterware
 
Automating Post Exploitation with PowerShell
Automating Post Exploitation with PowerShellAutomating Post Exploitation with PowerShell
Automating Post Exploitation with PowerShell
 
Java mission control and java flight recorder
Java mission control and java flight recorderJava mission control and java flight recorder
Java mission control and java flight recorder
 
Exadata deployment life cycle
Exadata deployment life cycleExadata deployment life cycle
Exadata deployment life cycle
 
The State of the Dolphin, MySQL Keynote at Percona Live Europe 2019, Amsterda...
The State of the Dolphin, MySQL Keynote at Percona Live Europe 2019, Amsterda...The State of the Dolphin, MySQL Keynote at Percona Live Europe 2019, Amsterda...
The State of the Dolphin, MySQL Keynote at Percona Live Europe 2019, Amsterda...
 
OpenStack with OpenDaylight
OpenStack with OpenDaylightOpenStack with OpenDaylight
OpenStack with OpenDaylight
 
Installation of EM 12c
Installation of EM 12cInstallation of EM 12c
Installation of EM 12c
 
OUGLS 2016: Guided Tour On The MySQL Source Code
OUGLS 2016: Guided Tour On The MySQL Source CodeOUGLS 2016: Guided Tour On The MySQL Source Code
OUGLS 2016: Guided Tour On The MySQL Source Code
 

More from Kyle Hailey

Hooks in postgresql by Guillaume Lelarge
Hooks in postgresql by Guillaume LelargeHooks in postgresql by Guillaume Lelarge
Hooks in postgresql by Guillaume LelargeKyle Hailey
 
Performance insights twitch
Performance insights twitchPerformance insights twitch
Performance insights twitchKyle Hailey
 
History of database monitoring
History of database monitoringHistory of database monitoring
History of database monitoringKyle Hailey
 
Successfully convince people with data visualization
Successfully convince people with data visualizationSuccessfully convince people with data visualization
Successfully convince people with data visualizationKyle Hailey
 
Virtual Data : Eliminating the data constraint in Application Development
Virtual Data : Eliminating the data constraint in Application DevelopmentVirtual Data : Eliminating the data constraint in Application Development
Virtual Data : Eliminating the data constraint in Application DevelopmentKyle Hailey
 
DBTA Data Summit : Eliminating the data constraint in Application Development
DBTA Data Summit : Eliminating the data constraint in Application DevelopmentDBTA Data Summit : Eliminating the data constraint in Application Development
DBTA Data Summit : Eliminating the data constraint in Application DevelopmentKyle Hailey
 
Accelerate Develoment with VIrtual Data
Accelerate Develoment with VIrtual DataAccelerate Develoment with VIrtual Data
Accelerate Develoment with VIrtual DataKyle Hailey
 
Delphix and Pure Storage partner
Delphix and Pure Storage partnerDelphix and Pure Storage partner
Delphix and Pure Storage partnerKyle Hailey
 
Martin Klier : Volkswagen for Oracle Guys
Martin Klier : Volkswagen for Oracle GuysMartin Klier : Volkswagen for Oracle Guys
Martin Klier : Volkswagen for Oracle GuysKyle Hailey
 
Data as a Service
Data as a Service Data as a Service
Data as a Service Kyle Hailey
 
BGOUG "Agile Data: revolutionizing database cloning'
BGOUG "Agile Data: revolutionizing database cloning'BGOUG "Agile Data: revolutionizing database cloning'
BGOUG "Agile Data: revolutionizing database cloning'Kyle Hailey
 
Denver devops : enabling DevOps with data virtualization
Denver devops : enabling DevOps with data virtualizationDenver devops : enabling DevOps with data virtualization
Denver devops : enabling DevOps with data virtualizationKyle Hailey
 
DevOps, Databases and The Phoenix Project UGF4042 from OOW14
DevOps, Databases and The Phoenix Project UGF4042 from OOW14DevOps, Databases and The Phoenix Project UGF4042 from OOW14
DevOps, Databases and The Phoenix Project UGF4042 from OOW14Kyle Hailey
 
Kscope 14 Presentation : Virtual Data Platform
Kscope 14 Presentation : Virtual Data PlatformKscope 14 Presentation : Virtual Data Platform
Kscope 14 Presentation : Virtual Data PlatformKyle Hailey
 
Data Virtualization: revolutionizing database cloning
Data Virtualization: revolutionizing database cloningData Virtualization: revolutionizing database cloning
Data Virtualization: revolutionizing database cloningKyle Hailey
 
Delphix and DBmaestro
Delphix and DBmaestroDelphix and DBmaestro
Delphix and DBmaestroKyle Hailey
 
Agile Data: revolutionizing data and database cloning
Agile Data: revolutionizing data and database cloningAgile Data: revolutionizing data and database cloning
Agile Data: revolutionizing data and database cloningKyle Hailey
 
Big data big_skills_data_visualization
Big data big_skills_data_visualizationBig data big_skills_data_visualization
Big data big_skills_data_visualizationKyle Hailey
 
Nyoug delphix slideshare
Nyoug delphix slideshareNyoug delphix slideshare
Nyoug delphix slideshareKyle Hailey
 

More from Kyle Hailey (20)

Hooks in postgresql by Guillaume Lelarge
Hooks in postgresql by Guillaume LelargeHooks in postgresql by Guillaume Lelarge
Hooks in postgresql by Guillaume Lelarge
 
Performance insights twitch
Performance insights twitchPerformance insights twitch
Performance insights twitch
 
History of database monitoring
History of database monitoringHistory of database monitoring
History of database monitoring
 
Successfully convince people with data visualization
Successfully convince people with data visualizationSuccessfully convince people with data visualization
Successfully convince people with data visualization
 
Virtual Data : Eliminating the data constraint in Application Development
Virtual Data : Eliminating the data constraint in Application DevelopmentVirtual Data : Eliminating the data constraint in Application Development
Virtual Data : Eliminating the data constraint in Application Development
 
DBTA Data Summit : Eliminating the data constraint in Application Development
DBTA Data Summit : Eliminating the data constraint in Application DevelopmentDBTA Data Summit : Eliminating the data constraint in Application Development
DBTA Data Summit : Eliminating the data constraint in Application Development
 
Accelerate Develoment with VIrtual Data
Accelerate Develoment with VIrtual DataAccelerate Develoment with VIrtual Data
Accelerate Develoment with VIrtual Data
 
Delphix and Pure Storage partner
Delphix and Pure Storage partnerDelphix and Pure Storage partner
Delphix and Pure Storage partner
 
Martin Klier : Volkswagen for Oracle Guys
Martin Klier : Volkswagen for Oracle GuysMartin Klier : Volkswagen for Oracle Guys
Martin Klier : Volkswagen for Oracle Guys
 
What is DevOps
What is DevOpsWhat is DevOps
What is DevOps
 
Data as a Service
Data as a Service Data as a Service
Data as a Service
 
BGOUG "Agile Data: revolutionizing database cloning'
BGOUG "Agile Data: revolutionizing database cloning'BGOUG "Agile Data: revolutionizing database cloning'
BGOUG "Agile Data: revolutionizing database cloning'
 
Denver devops : enabling DevOps with data virtualization
Denver devops : enabling DevOps with data virtualizationDenver devops : enabling DevOps with data virtualization
Denver devops : enabling DevOps with data virtualization
 
DevOps, Databases and The Phoenix Project UGF4042 from OOW14
DevOps, Databases and The Phoenix Project UGF4042 from OOW14DevOps, Databases and The Phoenix Project UGF4042 from OOW14
DevOps, Databases and The Phoenix Project UGF4042 from OOW14
 
Kscope 14 Presentation : Virtual Data Platform
Kscope 14 Presentation : Virtual Data PlatformKscope 14 Presentation : Virtual Data Platform
Kscope 14 Presentation : Virtual Data Platform
 
Data Virtualization: revolutionizing database cloning
Data Virtualization: revolutionizing database cloningData Virtualization: revolutionizing database cloning
Data Virtualization: revolutionizing database cloning
 
Delphix and DBmaestro
Delphix and DBmaestroDelphix and DBmaestro
Delphix and DBmaestro
 
Agile Data: revolutionizing data and database cloning
Agile Data: revolutionizing data and database cloningAgile Data: revolutionizing data and database cloning
Agile Data: revolutionizing data and database cloning
 
Big data big_skills_data_visualization
Big data big_skills_data_visualizationBig data big_skills_data_visualization
Big data big_skills_data_visualization
 
Nyoug delphix slideshare
Nyoug delphix slideshareNyoug delphix slideshare
Nyoug delphix slideshare
 

Recently uploaded

Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作ys8omjxb
 
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书zdzoqco
 
Contact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New DelhiContact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New Delhimiss dipika
 
Elevate Your Business with Our IT Expertise in New Orleans
Elevate Your Business with Our IT Expertise in New OrleansElevate Your Business with Our IT Expertise in New Orleans
Elevate Your Business with Our IT Expertise in New Orleanscorenetworkseo
 
Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Sonam Pathan
 
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一Fs
 
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Sonam Pathan
 
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书rnrncn29
 
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一z xss
 
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一Fs
 
SCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is prediSCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is predieusebiomeyer
 
Magic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptxMagic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptxMartaLoveguard
 
Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...Excelmac1
 
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一Fs
 
Top 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxTop 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxDyna Gilbert
 
Git and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMGit and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMgdsc13
 
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书rnrncn29
 
NSX-T and Service Interfaces presentation
NSX-T and Service Interfaces presentationNSX-T and Service Interfaces presentation
NSX-T and Service Interfaces presentationMarko4394
 
Film cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasaFilm cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasa494f574xmv
 

Recently uploaded (20)

Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
 
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
 
Contact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New DelhiContact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New Delhi
 
Elevate Your Business with Our IT Expertise in New Orleans
Elevate Your Business with Our IT Expertise in New OrleansElevate Your Business with Our IT Expertise in New Orleans
Elevate Your Business with Our IT Expertise in New Orleans
 
Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170
 
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
 
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
 
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Serviceyoung call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
 
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
 
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
 
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
 
SCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is prediSCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is predi
 
Magic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptxMagic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptx
 
Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...
 
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
 
Top 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxTop 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptx
 
Git and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMGit and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITM
 
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
 
NSX-T and Service Interfaces presentation
NSX-T and Service Interfaces presentationNSX-T and Service Interfaces presentation
NSX-T and Service Interfaces presentation
 
Film cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasaFilm cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasa
 

Dan Norris: Exadata security

  • 1. Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.    |   Exadata  Database  Machine   Security   Dan  Norris   MAA  Team,  Oracle  Development   October  26,  2015  
  • 2. Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.    |   Program  Agenda   PreparaKon  for  installaKon   InstallaKon,  deployment   Post-­‐deployment  configuraKon   Database  creaKon  and  configuraKon   OperaKonal  security  consideraKons   1   2   3   4   5   2  
  • 3. Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.    |   Security  Terminology   •  APack  surface  –  the  code  within  a  computer  system  that  can  be  run  by   unauthorized  users     •  Port  –  network  term  referring  to  a  virtual  endpoint   •  Service  –  operaKng  system  term  referring  to  a  background  process  or   daemon   •  CPU  –  CriKcal  Patch  Update,  quarterly  released  security  patches  for  Oracle   products   Ge)ng  us  on  the  same  page   3  
  • 4. Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.    |   PreparaKon  for  InstallaKon   •  Get  educated   •  Collect  security-­‐related  requirements  from  all  stakeholders   •  Determine  whether  role-­‐separated  installaKon  is  required     •  Plan  network  layout   •  Subscribe  to  security  alerts  -­‐  hPp://is.gd/orasec   •  Review  MOS  note  1068804.1:  Guidelines  for  enhancing  the  security  for  an   Oracle  Database  Machine  deployment   Security  starts  early   4  
  • 5. Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.    |   Plan  Network  Layout   •  Client  Access  is  entry  point  for  most   accesses   •  Management  should  be  restricted   •  InfiniBand  is  private  to  machine,   physical  security  protects  it   Perimeter  security  for  networks   5  
  • 6. Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.    |   InstallaKon  and  Deployment   •  Exadata  includes  many  security  features  by  default   •  Implement  the  recommended  security  step  during  deployment   – AKA  “Resecure  Machine”  step   •  Start  secure,  only  open  what  is  necessary   – “Doing  security”  later  almost  never  happens  (or  works)   •  Configure  ASM  audits  to  use  syslog  (audit_syslog_level)   •  Configure  ASM  &  DB  init.ora:  audit_sys_operaKons=true   Implement  the  available  features  and  security  plan   6  
  • 7. Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.    |   Default  Security  Features   •  short  package  install  list   •  only  necessary  services  enabled   •  hPps  management  interface   •  sshd  secure  default  sehngs   •  password  aging   •  maximum  failed  login  aPempts   Implement  the  available  features  and  security  plan   7   •  auditd  monitoring  enabled   •  cellwall:  iptables  firewall   •  CPUs  included  in  patch  bundles,   releases  synchronized   •  system  hardening   •  boot  loader  password  protecKon  
  • 8. Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.    |   Resecure  Machine  Step   •  In  this  step,  several  security  changes   are  made:   – password  complexity  requirements  are   added  (dis,dis,16,12,8)   – passwords  are  expired  (forcing  reset  on   next  login)   – password  aging  implemented   – permissions  Kghtened   Implement  the  available  features  and  security  plan   8  
  • 9. Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.    |   Resecure  Machine  Step   $ ./install.sh –cf maa-phys.xml -l 1. Validate Configuration File 2. Setup Required Files <snip many steps> 17. Install Exachk 18. Create Installation Summary 19. Resecure Machine 9  
  • 10. Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.    |   Resecure  Machine  Step   $ ./install.sh –cf maa-vm.xml -l 1. Validate Configuration File 2. Create Virtual Machine 3. Create Users <snip many steps> 17. Create Installation Summary 18. Resecure Machine 10  
  • 11. Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.    |   Post-­‐Deployment  ConfiguraKon   •  Change  all  passwords  for  all  default   accounts  (MOS  1291766.1)   •  Perform  validaKon  for  local  policies  or   rules   – See  MOS  1405320.1  for  commonly   idenKfied  audit  findings   •  Exadata  Security  –  especially  for   consolidaKon  environments   Address  site-­‐specific  requirements   11  
  • 12. Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.    |   Post-­‐Deployment  ConfiguraKon   •  *New*  in  12.1.2.2.0   •  Cells  can  have  remote  access  disabled  –  no  SSH  access  to  OS   •  Must  enable  temporarily  for  maintenance  (upgrades)   •  New  cell  aPributes:  remoteAccessPerm,  remoteAccessTemp   •  Can  temporarily  enable  access,  automaKc  lock  up  at  a  specified  Kme   •  Can  sKll  access  console  via  ILOM   •  Use  exacli/exadcli  from  DB  nodes  for  cell  commands   Cell  Lockdown   12  
  • 13. Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.    |   Post-­‐Deployment  ConfiguraKon   cellcli> create role administrator cellcli> grant privilege all actions on all objects all attributes with all options to role administrator cellcli> create user celladministrator password='*' cellcli> grant role administrator to user celladministrator Cell  Lockdown  Setup   13  
  • 14. Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.    |   Post-­‐Deployment  ConfiguraKon   # cellcli -e list cell detail | egrep -i 'cellversion|accesslevel' accessLevelPerm: remoteLoginDisabled cellVersion: OSS_12.1.2.2.0_LINUX.X64_150917 exacli> alter cell accessLevelTemp=((accessLevel="remoteLoginEnabled", - startTime="now", - duration="30m", - reason="Quarterly maintenance")) Cell  Lockdown   14  
  • 15. Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.    |   Post-­‐Deployment  ConfiguraKon   • Cells  have  syslogconf  cell  aPributes  (for  quite  a  while)   • DB  nodes  have  /etc/rsyslog.conf   – On  12.1.2.1.0  &  later,  also  have  syslogconf  dbserver  aPribute     Centralized  syslog   15  
  • 16. Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.    |   Post-­‐Deployment  ConfiguraKon   On  receiving  side,  for  rsyslogd,  modify  /etc/rsyslogd.conf:   # Provides UDP syslog reception $ModLoad imudp $UDPServerRun 514   The  HUP  rsyslogd:   kill -HUP $(cat /var/run/syslogd.pid) Centralized  syslog  setup   16  
  • 17. Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.    |   Post-­‐Deployment  ConfiguraKon   cellcli> alter cell syslogconf=('authpriv.* @syslgsrv', 'security.* @seclogserver'); cellcli> alter cell validate syslogconf 'authpriv.error';   dbmcli> alter dbserver syslogconf=('authpriv.* @syslgsrv', 'security.* @seclogserver'); dbmcli> alter dbserver validate syslogconf 'authpriv.error';   Centralized  syslog   17  
  • 18. Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.    |   Exadata  Security  (ASM,  Griddisks)   ConsolidaIon:  sharing  without  peeking   18   •  Privileges  on  griddisk  level   •  Restrict  griddisks  to  certain  clusters  and/or  certain  database(s)   •  Especially  effecKve  to  manage  mulKple  administrators   •  See  whitepapers   – Oracle  Exadata  Database  Machine  ConsolidaKon:  SegregaKng  Databases  and  Roles  -­‐   hPp://is.gd/exaconsolidaKon   – Best  PracKces  for  Database  ConsolidaKon  On  Exadata  Database  Machine  -­‐  hPp:// is.gd/orclconswp  
  • 19. Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.    |   Database  CreaKon  and  ConfiguraKon   Implement  database-­‐specific  features  and  best  pracIces   19   •  Stay  current  with  Exadata  bundle  patches  (888828.1)   – Bundle  patches  include  latest  CPU  patches   •  Consider  TDE,  network  encrypKon,  Data  Vault,  Audit  Vault   •  Review  whitepaper:  “Cost  EffecKve  Security  and  Compliance  with  Oracle   Database  11g  Release  2”  -­‐  hPp://is.gd/seccompliance11gr2   •  Take  the  Enterprise  Data  Security  Assessment  at  hPp://is.gd/ entsecassessment  
  • 20. Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.    |   Oracle  Database  Security  Defense  in  Depth   Masking & Subsetting DBA Controls & Cyber Security Encryption & Redaction PREVENTIVE Activity Monitoring Database Firewall Auditing and Reporting DETECTIVE ADMINISTRATIVE Privilege & Data Discovery Configuration Management Key & Wallet Management 20  
  • 21. Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.    |   OperaKonal  Security  ConsideraKons   Remain  security-­‐minded  when  patching,  upgrading,  backing  up   21   •  Changes  permiPed  on  DB  nodes,  not   cells   •  Backups  can  be  encrypted   •  Patching  or  upgrading  may  “undo”  some   changes;  verify  aper   •  DB  node  updates  use  yum  commands   with  excludes  (see  doc  for  excludes)    
  • 22. Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.    |   OperaKonal  Security  ConsideraKons   Remain  security-­‐minded  when  patching,  upgrading,  backing  up   22   •  Periodic  reviews  to  ensure  sehngs   remain  and  vulnerabiliKes  don’t   •  Secure  erase  for  storage  cells  is  available     •  Disk  drive  retenKon  is  available   •  Oracle  Enterprise  Manager  Governance,   Risk  &  Compliance  Manager   conKnuously  reviews  the  system  
  • 23. Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.    |   OperaKonal  Security  ConsideraKons   Component   Access  Required   Database  –  Patch  set   Database  server  root,  sopware  home  owner,  passwordless  SSH  to  all   sopware  home  owners  (on  other  nodes)   Database  –  Patch  set   Database  server  root,  sopware  home  owner   Grid  Infrastructure   Same  as  Database   Exadata  Database  Server  (OS)   Database  server  root   Exadata  Storage  Server   Database  server  root,  Passwordless  SSH  from  database  server  root  to   storage  server  root  (temporarily  disable  lockdown)   InfiniBand  Switch   Database  server  root,  InfiniBand  switch  root   23   Patching  consideraIons  
  • 24. Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.    |   Late  Breaking  Security  Updates   MOS  Note  or  URL   DescripIon   Coming  soon   UpdaKng  JDK  on  Exadata  Database  Machine  database  nodes   2060027.1   October  2015  ILOM  security  updates  –  fixes  included  in  Exadata  12.1.2.2.0   images   24  
  • 25. Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.    |   Summary   PreparaKon  for  installaKon   InstallaKon,  deployment   Post-­‐deployment  configuraKon   Database  creaKon  and  configuraKon   OperaKonal  security  consideraKons   1   2   3   4   5   25  
  • 26. Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.    |   References   Note  or  URL   DescripIon   hPp://is.gd/orasec   Oracle  Security  Alerts  subscripKon   1068804.1   Guidelines  for  enhancing  the  security  for  an  Oracle  Database  Machine   deployment   1291766.1   How  to  change  OS  user  password  for  Cell  Node,  Database  Node  ,  ILOM,   KVM  ,  Infiniband  Switch  ,  GigaBit  Ethernet  Switch  and  PDU  on  Exadata   888828.1   Database  Machine  and  Exadata  Storage  Server  11g  Release  2  (11.2)   Supported  Versions   1405320.1   Responses  to  common  Exadata  security  scan  findings   hPp://is.gd/exaconsolidaKon   Oracle  Exadata  Database  Machine  ConsolidaKon:  SegregaKng  Databases   and  Roles   hPp://is.gd/entsecassessment   Enterprise  Data  Security  Assessment   26  
  • 27. Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.    |   References   MOS  Note  or  URL   DescripIon   1938719.1   Exadata  informaKon  on  Bash  shellshock  vulnerability   1935817.1   Exadata  informaKon  on  SSLv3  POODLE  vulnerability   hPp://is.gd/orclpoodle   Generic  info  about  POODLE  for  all  Oracle  products   hPp://is.gd/orclshellshock   Generic  info  about  Bash  Shellshock  for  all  Oracle  products   2069987.1   HOWTO:  Update  JDK  on  Exadata  Database  Nodes   27  
  • 28. Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.    |   Safe  Harbor  Statement   The  preceding  is  intended  to  outline  our  general  product  direcKon.  It  is  intended  for   informaKon  purposes  only,  and  may  not  be  incorporated  into  any  contract.  It  is  not  a   commitment  to  deliver  any  material,  code,  or  funcKonality,  and  should  not  be  relied  upon   in  making  purchasing  decisions.  The  development,  release,  and  Kming  of  any  features  or   funcKonality  described  for  Oracle’s  products  remains  at  the  sole  discreKon  of  Oracle.   28  
  • 29. Copyright  ©  2015,  Oracle  and/or  its  affiliates.  All  rights  reserved.    |   29