SlideShare une entreprise Scribd logo

High Performance Security and Virtualization for Oracle Database and Cloud-Enabled Applications

Ramesh Nagappan
Ramesh Nagappan
Technologie
1  sur  23
Télécharger pour lire hors ligne
REMINDER Check in on the COLLABORATE mobile app High Performance Security and Virtualization for Oracle Database and Cloud-Enabled Applications Prepared by: Glenn Brunette, Ramesh Nagappan Oracle Corporation
Program Agenda ■  SPARC SuperCluster Security Overview ■  Secure Database Consolidation Strategies ■  Secure Multi-Tier Deployment Architectures ■  Summary and Q&A
Engineered Systems Security Strategy SECURITY AT EACH LAYER SECURITY BETWEEN LAYERS SECURITY SECURITY SECURITY SECURITY SECURITY SECURITY SECURITY SECURITY BETWEEN SYSTEMS SECURITY SECURITY SECURITY SECURITY SECURITY SECURITY SECURITY
SuperCluster Security Focus Areas COMPUTE STORAGE NETWORK DATABASE
SuperCluster Security Focus Areas Secure Isolation Access Control Data Protection Monitoring and Auditing COMPUTE STORAGE NETWORK DATABASE
SuperCluster Security Capabilities Compute Storage Network Database Secure Isolation !  Physical !  Hypervisor-Mediated !  Kernel-Mediated !  Physical !  ASM Instances !  ZFS Data Sets !  Physical (Ethernet) !  Ethernet VLANs !  InfiniBand Partitions !  Pluggable DBs !  Instances, Schema !  Labels Access Control !  RBAC !  LDOM Administration !  Zone Administration !  ZFS Administration !  ASM Security !  NFS Security !  IP Filter, Switch ACLs !  Audit Vault and Database Firewall !  Roles and Privileges !  Database Vault !  Mandatory Realms Data Protection !  Immutable Zones !  Read-Only Mounts !  Extended Policies !  ZFS Encryption !  LOFI Encryption !  TDE !  SSH !  SSL / TLS !  IPsec / IKE !  Virtual Private DB !  Data Redaction !  Data Masking Monitoring and Auditing !  Solaris Auditing !  Reliable Syslog !  BART !  ZFS Storage Appliance Auditing !  Exadata Storage Auditing !  IP Filter (Logging) !  Switch Logs !  Database Auditing !  Audit Vault and Database Firewall
Compute Perspective Physical Isolation Domain 1 Database Domain 1 SPARC T5-8 Server 1 SPARC T5-8 Server 2 Database Zones Isolation Domain 1 SPARC T5-8 Server Zone A Database Zone B Database Zone C Database Zone D Database POSIX Isolation Domain 1 SPARC T5-8 Server Database Database Database Database Hypervisor Isolation Domain 1 Database Domain 2 Database Hypervisor! SPARC T5-8 Server Electrical Isolation Domain 1 Database Domain 2 Database SPARC M6-32 Server Secure   Isola,on   Access   Control   Data   Protec,on   Monitoring   and  Audi,ng  
Oracle Solaris 11 Layered Capabilities ■  Pluggable Authentication ■  Role-based Access Control ■  Fine-Grained Privileges ■  Extended File Access Controls ■  Application Sandboxing ■  Hardware-Assisted Cryptography ■  Network Security Controls ■  Dynamic Resource Controls ■  Auditing and Monitoring Secure   Isola,on   Access   Control   Data   Protec,on   Monitoring   and  Audi,ng  
Database Perspective Instance Isolation Schema Isolation Label Isolation Container Isolation Domain 1 SPARC T5-8 Server Database Database Database Database Domain 1 SPARC T5-8 Server Database Schema Schema Schema Schema Domain 1 SPARC T5-8 Server Database Schema Domain 1 SPARC T5-8 Server Container Database Pluggable Database Pluggable Database Pluggable Database Pluggable Database Secure   Isola,on   Access   Control   Data   Protec,on   Monitoring   and  Audi,ng  
Network Perspective Domain 1 Domain 2 SPARC T5-8 Server Zone A Client Access Network Client A-1 Zone C VLAN C Database C-1 Client C-1 IPsec / SSL Zone B Database A-1 IPMPA-1 VLAN A-1-0 VLAN A-1-1 Database B-1 Adding Cryptographic Isolation Layer 2 VNIC and VLAN Isolation IPMPB-1 VNIC B-1-0 VNIC B-1-1 net1 net0 Client B-1 VLAN A Network B
Storage Perspective ASM Disk Groups ASM Disk Group A-1 ASM Disk Group A-2 Oracle Exadata Storage Servers ZFS Data Sets ZFS Data Set C-1 ZFS Data Set D-1 Sun ZFS Storage Appliance InfiniBand Network Partition: 0xFFFF Protocol: RDSv3 Partition: 0x8503 Protocol: NFS / IPoIB Oracle VM Server for SPARC Database Domain Oracle Solaris 11 Zone (Zone A) Oracle Database 11g Release 2 Instance A-1 Oracle Database 11g Release 2 Instance A-2 Application Domain Zone C Oracle Database 11g Release 2 Instance C-1 Zone D Oracle Database 11g Release 2 Instance D-1
Cryptographic Perspective Database Domain SPARC T5 Hardware Assisted Cryptography Zone A Oracle Database A-1 Client Access Network SSL InfiniBand Network Partition Intel AES-NI Hardware Assisted Cryptography Client A-1 Oracle PKCS#11 Wallet (Oracle Solaris PKCS#11 Softtoken) SSL Certificate A-1 Oracle Solaris Cryptographic Framework ASM Disk Groups Disk Group A-1 Oracle Exadata Storage Servers Encrypted Tablespaces ZFS Data Sets Data Sets A-1 Encrypted Backups Export Files Sun ZFS Storage Appliance RDSv3 NFSv4 TDE Master Key A-1
Database Consolidation Example InfiniBand Network Partition ASM Disk Groups RDSv3 RDSv3 InfiniBand Network Partition ZFS Data Sets NFS NFS Oracle Exadata Storage Servers Sun ZFS Storage Appliance Database Domain Application Domain SPARC T5-8 Server Zone A Database A-1 Zone C Database C-1 Zone D Database D-1 Database A-2 Tablespace Tablespace Tablespace Tablespace Tablespace Tablespace Tablespace Tablespace Tablespace Tablespace Tablespace Tablespace Tablespace Tablespace Tablespace Tablespace Client Access Network Management Network
Multi-Tier Application Security Secure  Isola,on   Access  Control   Data  Protec,on   Monitoring  and  Audi,ng   Presenta,on   Data   Compute   Storage   Network   Service   Logic  
Multi-Tier Network Isolation InfiniBand Partitioning Strategy ZFS Storage (Web) RDSv3 Application Domain Database Domain SPARC T5-8 Server App to DB Web to App 0x0503 0x8751 0x8761 0x8761 Exadata Storage 0xFFFF0x0751 ZFS Storage (App) 0x0513 0x8503 0x8513 0xFFFFZone C Database Server Zone A Web Server Zone B Application Server Oracle Exadata Storage Servers Sun ZFS Storage Appliance Client Access Network VLAN A Client A HTTPS
Multi-Tier Network Isolation End to End Deployment Scenario Client Access Network Application Domain Database Domain SPARC T5-8 Server Zone A Database A Zone B Database B VLAN B Client B HTTPS VLAN A HTTPS Client A InfiniBandNetworkPartitions IPoIB for NFSv4, iSCSI Application B Share (0x8503) Application A Share (0x8513) Database A Share (0x8523) Database B Share (0x8533) RDSv3 Database A ASM DG (0xFFFF) Database B ASM DG (0xFFFF) IPoIB/TCP (0x0751) IPoIB/TCP (0x8751) SDP (0x0752) SDP (0x8752) Zone B Application B Zone A Application A Zone C Load Balancing Proxy
Encrypted and Immutable Zones ■  Read-Only Non-Global Zone ▪  Protects the system binaries from malicious or accidental tampering ▪  MWAC Policy (Strict or Fixed) ▪  Can be augmented with additional read only ZFS data sets to protect specific applications, data sets, etc. ■  Encrypted Non-Global Zone Root ▪  ZFS encryption implemented on iSCSI LUNs from ZFS Storage Appliance ▪  Leverages FIPS 140-2 validated cryptography ▪  Secure key storage using Solaris Softtoken Keystore or Oracle Key Manager Read Only Read Only Read Only Read Only WriteableWriteable Writeable Writeable Writeable Writeable* Read Only Writeable* Read Only Read Only Read Only Read Only /, /usr /lib, … /etc /var other None Flexible Fixed Strict Solaris 11 Immutable Zone Options
Multi-tier Deployment Scenario Immutable and Encrypted Zones and InfiniBand Partitions Database Access Network InfiniBand Partition (RDSv3) 0xFFFF WebLogic Access Network InfiniBand Partition (IPoIB) Cohere nce Access Net (IPoIB) Coherence Access Network InfiniBand Partition (IPoIB) Limited SPARC T4-4 Server Solaris 11 Domain Immutable Solaris Zone (app01) Immutable Solaris Zone (app02) Weblogic Server Cluster (app-cluster) WLS 12c (as-app01-01, TCP/8001) WLS 12c (as-app01-02, TCP 8002) WLS 12c (as-app02-01, TCP/8001) WLS 12c (as-app02-02, TCP/8002) Encrypted ZFS Data Set (Mounted In Zone As Zone Read-Only /apps) Encrypted Per-Zone ZFS Data Sets (Mounted In Zone As Zone Read-Write /data) ZFS Keys (Stored In PKCS#11 Token) Encrypted Per-Zone ZFS Data Sets (Mounted In Zone as Zone Root) net1:1 net0:1 net1:2 net1 net0 net0:2 Limited Full Limited SPARC T5-8 Server Client Access Network Application Domain Application Domain Zone Cluster Oracle Traffic Director Oracle Traffic Director Encrypted Per-Zone ZFS Data Sets Encrypted Per-Zone ZFS Data Sets VLAN A HTTPS HTTPS
Cryptographic Isolation: Multi-Tier Scenario InfiniBand Network Partition #1 SPARC T5 Hardware Assisted Cryptography Client Access Network Database Domain Oracle Solaris Cryptographic Framework Zone C Oracle Database (SSL and TDE) Oracle PKCS#11 Wallet (Oracle Solaris PKCS#11 Softtoken) SSL Certificate TDE Master Key Intel AES-NI Hardware Assisted Cryptography ASM Disk Groups Oracle Exadata Storage ServersENCRYPTED Tablespaces ZFS Volumes/Data Sets ENCRYPTED Sun ZFS Storage Appliance Binaries Configurations BackupsApplication Domain Zone B Oracle WebLogic Oracle Solaris Cryptographic Framework Zone A Oracle Traffic Director TLS InfiniBand Network Partition #2 RDSv3 InfiniBand Network Partition #3 iSCSI, NFS TLS TLS
Security Performance on SuperCluster T5-8 Multi-Tier Application Security – SSL/TLS, TDE and Encrypted ZFS •  RSA-­‐2048    (Key  Alg)   •  AES-­‐256    (Bulk  Alg)   •  SHA256withRSA    (Signature  Alg)   •  TLS_RSA_WITH_AES_256_CBC_SHA  (SSL  Cipher  Suite)   •  Immutable  Zones  on  Encrypted  ZFS  Data  sets  –  (AES  128)   •  Oracle  Fusion  Middleware     •  Weblogic  12cR1   •  300  Users   •  Two-­‐way  SSL   •  JDK  7u17   •  Oracle  11gR2  TDE   •  Solaris  11.1  (SuperCluster  T5-­‐8)   9195 4296 8478 8404 1000 2000 3000 4000 5000 6000 7000 8000 9000 10000 No SSL 3rd Party JCE (Software SSL) and TDE Oracle Ucrypto SSL and TDE (SPARC T5) SPARC T5 - SSL, TDE, Encrypted ZFS on Solaris Zone Operations/sec SPARC T5-8
SuperCluster Security Summary Complete •  Layered, Defense in Depth From Applications to Disk •  Lifecycle Data Protection - In Use, In Transit and At Rest Integrated •  Hardware-Assisted Security for Encryption and Isolation •  Comprehensive Activity Monitoring and Key Management Flexible •  Enables Single and Multiple Tier and Tenant Architectures •  Satisfies Various Quality of Service and Security Levels Trusted •  Protecting Mission Critical Environments Around the Globe •  Designed, Pre-Integrated, and Tested to Work Best Together
Additional Resources ■  Oracle SuperCluster T5-8 Platform Security Principles and Capabilities ▪  http://www.oracle.com/technetwork/server-storage/ sun-sparc-enterprise/documentation/ o13-052-osc-t5-8-security-1989641.pdf ■  Secure Database Consolidation using the Oracle SuperCluster T5-8 Platform ▪  http://www.oracle.com/technetwork/server-storage/ sun-sparc-enterprise/documentation/ o13-053-securedb-osc-t5-8-1990064.pdf ■  High Performance Security for Oracle WebLogic and Fusion Middleware Applications ▪  http://www.oracle.com/technetwork/articles/systems-hardware- architecture/security-weblogic-t-series-168447.pdf
Questions?

Recommandé

Infraestructura oracle
Infraestructura oracleInfraestructura oracle
Infraestructura oracleFran Navarro
 
High Performance Security With SPARC T4 Hardware Assisted Cryptography
High Performance Security With SPARC T4 Hardware Assisted CryptographyHigh Performance Security With SPARC T4 Hardware Assisted Cryptography
High Performance Security With SPARC T4 Hardware Assisted CryptographyRamesh Nagappan
 
Sparc t4 2 system technical overview
Sparc t4 2 system technical overviewSparc t4 2 system technical overview
Sparc t4 2 system technical overviewsolarisyougood
 
Oracle Database Appliance RAC in a box Some Strings Attached
Oracle Database Appliance RAC in a box Some Strings AttachedOracle Database Appliance RAC in a box Some Strings Attached
Oracle Database Appliance RAC in a box Some Strings AttachedFuad Arshad
 
Application Engineered Routing: Allowing Applications to Program the Network
Application Engineered Routing: Allowing Applications to Program the NetworkApplication Engineered Routing: Allowing Applications to Program the Network
Application Engineered Routing: Allowing Applications to Program the NetworkCisco Canada
 
CCNP Security-VPN
CCNP Security-VPNCCNP Security-VPN
CCNP Security-VPNmohannadalhanahnah
 
2010-01-28 NSA Open Source User Group Meeting, Current & Future Linux on Syst...
2010-01-28 NSA Open Source User Group Meeting, Current & Future Linux on Syst...2010-01-28 NSA Open Source User Group Meeting, Current & Future Linux on Syst...
2010-01-28 NSA Open Source User Group Meeting, Current & Future Linux on Syst...Shawn Wells
 
Module 9: CDB Technical Intro
Module 9: CDB Technical Intro Module 9: CDB Technical Intro
Module 9: CDB Technical IntroTail-f Systems
 

Recommandé

Infraestructura oracle
Infraestructura oracleInfraestructura oracle
Infraestructura oracleFran Navarro
 
High Performance Security With SPARC T4 Hardware Assisted Cryptography
High Performance Security With SPARC T4 Hardware Assisted CryptographyHigh Performance Security With SPARC T4 Hardware Assisted Cryptography
High Performance Security With SPARC T4 Hardware Assisted CryptographyRamesh Nagappan
 
Sparc t4 2 system technical overview
Sparc t4 2 system technical overviewSparc t4 2 system technical overview
Sparc t4 2 system technical overviewsolarisyougood
 
Oracle Database Appliance RAC in a box Some Strings Attached
Oracle Database Appliance RAC in a box Some Strings AttachedOracle Database Appliance RAC in a box Some Strings Attached
Oracle Database Appliance RAC in a box Some Strings AttachedFuad Arshad
 
Application Engineered Routing: Allowing Applications to Program the Network
Application Engineered Routing: Allowing Applications to Program the NetworkApplication Engineered Routing: Allowing Applications to Program the Network
Application Engineered Routing: Allowing Applications to Program the NetworkCisco Canada
 
CCNP Security-VPN
CCNP Security-VPNCCNP Security-VPN
CCNP Security-VPNmohannadalhanahnah
 
2010-01-28 NSA Open Source User Group Meeting, Current & Future Linux on Syst...
2010-01-28 NSA Open Source User Group Meeting, Current & Future Linux on Syst...2010-01-28 NSA Open Source User Group Meeting, Current & Future Linux on Syst...
2010-01-28 NSA Open Source User Group Meeting, Current & Future Linux on Syst...Shawn Wells
 
Module 9: CDB Technical Intro
Module 9: CDB Technical Intro Module 9: CDB Technical Intro
Module 9: CDB Technical IntroTail-f Systems
 
Oracle Linux Nov 2011 Webcast
Oracle Linux Nov 2011 WebcastOracle Linux Nov 2011 Webcast
Oracle Linux Nov 2011 WebcastTerry Wang
 
Osdc2014 openstack networking yves_fauser
Osdc2014 openstack networking yves_fauserOsdc2014 openstack networking yves_fauser
Osdc2014 openstack networking yves_fauseryfauser
 
A Path to NFV/SDN - Intel. Michael Brennan, INTEL
A Path to NFV/SDN - Intel. Michael Brennan, INTELA Path to NFV/SDN - Intel. Michael Brennan, INTEL
A Path to NFV/SDN - Intel. Michael Brennan, INTELWalton Institute
 
Unleashing End-to_end TLS Security Leveraging NGINX with Intel(r) QuickAssist...
Unleashing End-to_end TLS Security Leveraging NGINX with Intel(r) QuickAssist...Unleashing End-to_end TLS Security Leveraging NGINX with Intel(r) QuickAssist...
Unleashing End-to_end TLS Security Leveraging NGINX with Intel(r) QuickAssist...Michelle Holley
 
Accelerate the SDN with Intel ONP
Accelerate the SDN with Intel ONPAccelerate the SDN with Intel ONP
Accelerate the SDN with Intel ONPOdinot Stanislas
 
LAS16-306: Exploring the Open Trusted Protocol
LAS16-306: Exploring the Open Trusted ProtocolLAS16-306: Exploring the Open Trusted Protocol
LAS16-306: Exploring the Open Trusted ProtocolLinaro
 
LAS16-300K2: Geoff Thorpe - IoT Zephyr
LAS16-300K2: Geoff Thorpe - IoT ZephyrLAS16-300K2: Geoff Thorpe - IoT Zephyr
LAS16-300K2: Geoff Thorpe - IoT ZephyrShovan Sargunam
 
Dpdk Validation - Liu, Yong
Dpdk Validation - Liu, YongDpdk Validation - Liu, Yong
Dpdk Validation - Liu, Yongharryvanhaaren
 
Software Network Data Plane - Satisfying the need for speed - FD.io - VPP and...
Software Network Data Plane - Satisfying the need for speed - FD.io - VPP and...Software Network Data Plane - Satisfying the need for speed - FD.io - VPP and...
Software Network Data Plane - Satisfying the need for speed - FD.io - VPP and...Haidee McMahon
 
MySQL Cluster overview + development slides (2014)
MySQL Cluster overview + development slides (2014) MySQL Cluster overview + development slides (2014)
MySQL Cluster overview + development slides (2014) Frazer Clement
 
Open Device Programmability: Hands-on Intro to RESTCONF (and a bit of NETCONF)
Open Device Programmability: Hands-on Intro to RESTCONF (and a bit of NETCONF)Open Device Programmability: Hands-on Intro to RESTCONF (and a bit of NETCONF)
Open Device Programmability: Hands-on Intro to RESTCONF (and a bit of NETCONF)Cisco DevNet
 
LF_OVS_17_IPSEC and OVS DPDK
LF_OVS_17_IPSEC and OVS DPDKLF_OVS_17_IPSEC and OVS DPDK
LF_OVS_17_IPSEC and OVS DPDKLF_OpenvSwitch
 
Module 1: ConfD Technical Introduction
Module 1: ConfD Technical IntroductionModule 1: ConfD Technical Introduction
Module 1: ConfD Technical IntroductionTail-f Systems
 
Chapter 2 overview
Chapter 2 overviewChapter 2 overview
Chapter 2 overviewali raza
 
Intoto Linley Tech Utm Architecture Presentation
Intoto Linley Tech Utm Architecture PresentationIntoto Linley Tech Utm Architecture Presentation
Intoto Linley Tech Utm Architecture Presentationsaddepalli
 
SDN Architecture & Ecosystem
SDN Architecture & EcosystemSDN Architecture & Ecosystem
SDN Architecture & EcosystemKingston Smiler
 
DPDK IPSec Security Gateway Application
DPDK IPSec Security Gateway ApplicationDPDK IPSec Security Gateway Application
DPDK IPSec Security Gateway ApplicationMichelle Holley
 
LF_OVS_17_Riley: Pushing networking to the edge
LF_OVS_17_Riley: Pushing networking to the edgeLF_OVS_17_Riley: Pushing networking to the edge
LF_OVS_17_Riley: Pushing networking to the edgeLF_OpenvSwitch
 
Next Generation Nexus 9000 Architecture
Next Generation Nexus 9000 ArchitectureNext Generation Nexus 9000 Architecture
Next Generation Nexus 9000 ArchitectureCisco Canada
 
Cisco Live! :: Introduction to IOS XR for Enterprises and Service Providers
Cisco Live! :: Introduction to IOS XR for Enterprises and Service ProvidersCisco Live! :: Introduction to IOS XR for Enterprises and Service Providers
Cisco Live! :: Introduction to IOS XR for Enterprises and Service ProvidersBruno Teixeira
 
Oracle Solaris 11 Built for Clouds
Oracle Solaris 11 Built for Clouds Oracle Solaris 11 Built for Clouds
Oracle Solaris 11 Built for Clouds Orgad Kimchi
 
Bloombase Spitfire StoreSafe Security Server Specifications
Bloombase Spitfire StoreSafe Security Server SpecificationsBloombase Spitfire StoreSafe Security Server Specifications
Bloombase Spitfire StoreSafe Security Server SpecificationsBloombase
 

Contenu connexe

Tendances

Oracle Linux Nov 2011 Webcast
Oracle Linux Nov 2011 WebcastOracle Linux Nov 2011 Webcast
Oracle Linux Nov 2011 WebcastTerry Wang
 
Osdc2014 openstack networking yves_fauser
Osdc2014 openstack networking yves_fauserOsdc2014 openstack networking yves_fauser
Osdc2014 openstack networking yves_fauseryfauser
 
A Path to NFV/SDN - Intel. Michael Brennan, INTEL
A Path to NFV/SDN - Intel. Michael Brennan, INTELA Path to NFV/SDN - Intel. Michael Brennan, INTEL
A Path to NFV/SDN - Intel. Michael Brennan, INTELWalton Institute
 
Unleashing End-to_end TLS Security Leveraging NGINX with Intel(r) QuickAssist...
Unleashing End-to_end TLS Security Leveraging NGINX with Intel(r) QuickAssist...Unleashing End-to_end TLS Security Leveraging NGINX with Intel(r) QuickAssist...
Unleashing End-to_end TLS Security Leveraging NGINX with Intel(r) QuickAssist...Michelle Holley
 
Accelerate the SDN with Intel ONP
Accelerate the SDN with Intel ONPAccelerate the SDN with Intel ONP
Accelerate the SDN with Intel ONPOdinot Stanislas
 
LAS16-306: Exploring the Open Trusted Protocol
LAS16-306: Exploring the Open Trusted ProtocolLAS16-306: Exploring the Open Trusted Protocol
LAS16-306: Exploring the Open Trusted ProtocolLinaro
 
LAS16-300K2: Geoff Thorpe - IoT Zephyr
LAS16-300K2: Geoff Thorpe - IoT ZephyrLAS16-300K2: Geoff Thorpe - IoT Zephyr
LAS16-300K2: Geoff Thorpe - IoT ZephyrShovan Sargunam
 
Dpdk Validation - Liu, Yong
Dpdk Validation - Liu, YongDpdk Validation - Liu, Yong
Dpdk Validation - Liu, Yongharryvanhaaren
 
Software Network Data Plane - Satisfying the need for speed - FD.io - VPP and...
Software Network Data Plane - Satisfying the need for speed - FD.io - VPP and...Software Network Data Plane - Satisfying the need for speed - FD.io - VPP and...
Software Network Data Plane - Satisfying the need for speed - FD.io - VPP and...Haidee McMahon
 
MySQL Cluster overview + development slides (2014)
MySQL Cluster overview + development slides (2014) MySQL Cluster overview + development slides (2014)
MySQL Cluster overview + development slides (2014) Frazer Clement
 
Open Device Programmability: Hands-on Intro to RESTCONF (and a bit of NETCONF)
Open Device Programmability: Hands-on Intro to RESTCONF (and a bit of NETCONF)Open Device Programmability: Hands-on Intro to RESTCONF (and a bit of NETCONF)
Open Device Programmability: Hands-on Intro to RESTCONF (and a bit of NETCONF)Cisco DevNet
 
LF_OVS_17_IPSEC and OVS DPDK
LF_OVS_17_IPSEC and OVS DPDKLF_OVS_17_IPSEC and OVS DPDK
LF_OVS_17_IPSEC and OVS DPDKLF_OpenvSwitch
 
Module 1: ConfD Technical Introduction
Module 1: ConfD Technical IntroductionModule 1: ConfD Technical Introduction
Module 1: ConfD Technical IntroductionTail-f Systems
 
Chapter 2 overview
Chapter 2 overviewChapter 2 overview
Chapter 2 overviewali raza
 
Intoto Linley Tech Utm Architecture Presentation
Intoto Linley Tech Utm Architecture PresentationIntoto Linley Tech Utm Architecture Presentation
Intoto Linley Tech Utm Architecture Presentationsaddepalli
 
SDN Architecture & Ecosystem
SDN Architecture & EcosystemSDN Architecture & Ecosystem
SDN Architecture & EcosystemKingston Smiler
 
DPDK IPSec Security Gateway Application
DPDK IPSec Security Gateway ApplicationDPDK IPSec Security Gateway Application
DPDK IPSec Security Gateway ApplicationMichelle Holley
 
LF_OVS_17_Riley: Pushing networking to the edge
LF_OVS_17_Riley: Pushing networking to the edgeLF_OVS_17_Riley: Pushing networking to the edge
LF_OVS_17_Riley: Pushing networking to the edgeLF_OpenvSwitch
 
Next Generation Nexus 9000 Architecture
Next Generation Nexus 9000 ArchitectureNext Generation Nexus 9000 Architecture
Next Generation Nexus 9000 ArchitectureCisco Canada
 
Cisco Live! :: Introduction to IOS XR for Enterprises and Service Providers
Cisco Live! :: Introduction to IOS XR for Enterprises and Service ProvidersCisco Live! :: Introduction to IOS XR for Enterprises and Service Providers
Cisco Live! :: Introduction to IOS XR for Enterprises and Service ProvidersBruno Teixeira
 

Tendances (20)

Oracle Linux Nov 2011 Webcast
Oracle Linux Nov 2011 WebcastOracle Linux Nov 2011 Webcast
Oracle Linux Nov 2011 Webcast
 
Osdc2014 openstack networking yves_fauser
Osdc2014 openstack networking yves_fauserOsdc2014 openstack networking yves_fauser
Osdc2014 openstack networking yves_fauser
 
A Path to NFV/SDN - Intel. Michael Brennan, INTEL
A Path to NFV/SDN - Intel. Michael Brennan, INTELA Path to NFV/SDN - Intel. Michael Brennan, INTEL
A Path to NFV/SDN - Intel. Michael Brennan, INTEL
 
Unleashing End-to_end TLS Security Leveraging NGINX with Intel(r) QuickAssist...
Unleashing End-to_end TLS Security Leveraging NGINX with Intel(r) QuickAssist...Unleashing End-to_end TLS Security Leveraging NGINX with Intel(r) QuickAssist...
Unleashing End-to_end TLS Security Leveraging NGINX with Intel(r) QuickAssist...
 
Accelerate the SDN with Intel ONP
Accelerate the SDN with Intel ONPAccelerate the SDN with Intel ONP
Accelerate the SDN with Intel ONP
 
LAS16-306: Exploring the Open Trusted Protocol
LAS16-306: Exploring the Open Trusted ProtocolLAS16-306: Exploring the Open Trusted Protocol
LAS16-306: Exploring the Open Trusted Protocol
 
LAS16-300K2: Geoff Thorpe - IoT Zephyr
LAS16-300K2: Geoff Thorpe - IoT ZephyrLAS16-300K2: Geoff Thorpe - IoT Zephyr
LAS16-300K2: Geoff Thorpe - IoT Zephyr
 
Dpdk Validation - Liu, Yong
Dpdk Validation - Liu, YongDpdk Validation - Liu, Yong
Dpdk Validation - Liu, Yong
 
Software Network Data Plane - Satisfying the need for speed - FD.io - VPP and...
Software Network Data Plane - Satisfying the need for speed - FD.io - VPP and...Software Network Data Plane - Satisfying the need for speed - FD.io - VPP and...
Software Network Data Plane - Satisfying the need for speed - FD.io - VPP and...
 
MySQL Cluster overview + development slides (2014)
MySQL Cluster overview + development slides (2014) MySQL Cluster overview + development slides (2014)
MySQL Cluster overview + development slides (2014)
 
Open Device Programmability: Hands-on Intro to RESTCONF (and a bit of NETCONF)
Open Device Programmability: Hands-on Intro to RESTCONF (and a bit of NETCONF)Open Device Programmability: Hands-on Intro to RESTCONF (and a bit of NETCONF)
Open Device Programmability: Hands-on Intro to RESTCONF (and a bit of NETCONF)
 
LF_OVS_17_IPSEC and OVS DPDK
LF_OVS_17_IPSEC and OVS DPDKLF_OVS_17_IPSEC and OVS DPDK
LF_OVS_17_IPSEC and OVS DPDK
 
Module 1: ConfD Technical Introduction
Module 1: ConfD Technical IntroductionModule 1: ConfD Technical Introduction
Module 1: ConfD Technical Introduction
 
Chapter 2 overview
Chapter 2 overviewChapter 2 overview
Chapter 2 overview
 
Intoto Linley Tech Utm Architecture Presentation
Intoto Linley Tech Utm Architecture PresentationIntoto Linley Tech Utm Architecture Presentation
Intoto Linley Tech Utm Architecture Presentation
 
SDN Architecture & Ecosystem
SDN Architecture & EcosystemSDN Architecture & Ecosystem
SDN Architecture & Ecosystem
 
DPDK IPSec Security Gateway Application
DPDK IPSec Security Gateway ApplicationDPDK IPSec Security Gateway Application
DPDK IPSec Security Gateway Application
 
LF_OVS_17_Riley: Pushing networking to the edge
LF_OVS_17_Riley: Pushing networking to the edgeLF_OVS_17_Riley: Pushing networking to the edge
LF_OVS_17_Riley: Pushing networking to the edge
 
Next Generation Nexus 9000 Architecture
Next Generation Nexus 9000 ArchitectureNext Generation Nexus 9000 Architecture
Next Generation Nexus 9000 Architecture
 
Cisco Live! :: Introduction to IOS XR for Enterprises and Service Providers
Cisco Live! :: Introduction to IOS XR for Enterprises and Service ProvidersCisco Live! :: Introduction to IOS XR for Enterprises and Service Providers
Cisco Live! :: Introduction to IOS XR for Enterprises and Service Providers
 

Similaire à High Performance Security and Virtualization for Oracle Database and Cloud-Enabled Applications

Oracle Solaris 11 Built for Clouds
Oracle Solaris 11 Built for Clouds Oracle Solaris 11 Built for Clouds
Oracle Solaris 11 Built for Clouds Orgad Kimchi
 
Bloombase Spitfire StoreSafe Security Server Specifications
Bloombase Spitfire StoreSafe Security Server SpecificationsBloombase Spitfire StoreSafe Security Server Specifications
Bloombase Spitfire StoreSafe Security Server SpecificationsBloombase
 
Understanding oracle rac internals part 1 - slides
Understanding oracle rac internals part 1 - slidesUnderstanding oracle rac internals part 1 - slides
Understanding oracle rac internals part 1 - slidesMohamed Farouk
 
SDN/OpenFlow #lspe
SDN/OpenFlow #lspeSDN/OpenFlow #lspe
SDN/OpenFlow #lspeChris Westin
 
SDN, OpenFlow, NFV, and Virtual Network
SDN, OpenFlow, NFV, and Virtual NetworkSDN, OpenFlow, NFV, and Virtual Network
SDN, OpenFlow, NFV, and Virtual NetworkTim4PreStartup
 
The Data Center Network Evolution
The Data Center Network EvolutionThe Data Center Network Evolution
The Data Center Network EvolutionCisco Canada
 
Внутренняя архитектура IOS-XE: средства траблшутинга предачи трафика на ASR1k...
Внутренняя архитектура IOS-XE: средства траблшутинга предачи трафика на ASR1k...Внутренняя архитектура IOS-XE: средства траблшутинга предачи трафика на ASR1k...
Внутренняя архитектура IOS-XE: средства траблшутинга предачи трафика на ASR1k...Cisco Russia
 
Application hosting in the Intelligent WAN
Application hosting in the Intelligent WANApplication hosting in the Intelligent WAN
Application hosting in the Intelligent WANCisco DevNet
 
Emc vnx2 technical deep dive workshop
Emc vnx2 technical deep dive workshopEmc vnx2 technical deep dive workshop
Emc vnx2 technical deep dive workshopsolarisyougood
 
Hardening Linux and introducing Securix Linux
Hardening Linux and introducing Securix LinuxHardening Linux and introducing Securix Linux
Hardening Linux and introducing Securix LinuxSecurity Session
 
Unleash oracle 12c performance with cisco ucs
Unleash oracle 12c performance with cisco ucsUnleash oracle 12c performance with cisco ucs
Unleash oracle 12c performance with cisco ucssolarisyougood
 
Solaris cluster customer presentation
Solaris cluster customer presentationSolaris cluster customer presentation
Solaris cluster customer presentationxKinAnx
 
Five Steps to Creating a Secure Hybrid Cloud Architecture
Five Steps to Creating a Secure Hybrid Cloud ArchitectureFive Steps to Creating a Secure Hybrid Cloud Architecture
Five Steps to Creating a Secure Hybrid Cloud ArchitectureAmazon Web Services
 
Putting Firepower into the Next Generation Firewall
Putting Firepower into the Next Generation FirewallPutting Firepower into the Next Generation Firewall
Putting Firepower into the Next Generation FirewallCisco Canada
 
Cisco Connect Vancouver 2017 - Putting firepower into the next generation fir...
Cisco Connect Vancouver 2017 - Putting firepower into the next generation fir...Cisco Connect Vancouver 2017 - Putting firepower into the next generation fir...
Cisco Connect Vancouver 2017 - Putting firepower into the next generation fir...Cisco Canada
 
Bloombase StoreSafe Compatibility Matrix
Bloombase StoreSafe Compatibility MatrixBloombase StoreSafe Compatibility Matrix
Bloombase StoreSafe Compatibility MatrixBloombase
 
Cisco Connect Halifax 2018 Putting firepower into the next generation firewall
Cisco Connect Halifax 2018 Putting firepower into the next generation firewallCisco Connect Halifax 2018 Putting firepower into the next generation firewall
Cisco Connect Halifax 2018 Putting firepower into the next generation firewallCisco Canada
 

Similaire à High Performance Security and Virtualization for Oracle Database and Cloud-Enabled Applications (20)

Oracle Solaris 11 Built for Clouds
Oracle Solaris 11 Built for Clouds Oracle Solaris 11 Built for Clouds
Oracle Solaris 11 Built for Clouds
 
Bloombase Spitfire StoreSafe Security Server Specifications
Bloombase Spitfire StoreSafe Security Server SpecificationsBloombase Spitfire StoreSafe Security Server Specifications
Bloombase Spitfire StoreSafe Security Server Specifications
 
Understanding oracle rac internals part 1 - slides
Understanding oracle rac internals part 1 - slidesUnderstanding oracle rac internals part 1 - slides
Understanding oracle rac internals part 1 - slides
 
Emc
EmcEmc
Emc
 
SDN/OpenFlow #lspe
SDN/OpenFlow #lspeSDN/OpenFlow #lspe
SDN/OpenFlow #lspe
 
SDN, OpenFlow, NFV, and Virtual Network
SDN, OpenFlow, NFV, and Virtual NetworkSDN, OpenFlow, NFV, and Virtual Network
SDN, OpenFlow, NFV, and Virtual Network
 
The Data Center Network Evolution
The Data Center Network EvolutionThe Data Center Network Evolution
The Data Center Network Evolution
 
Внутренняя архитектура IOS-XE: средства траблшутинга предачи трафика на ASR1k...
Внутренняя архитектура IOS-XE: средства траблшутинга предачи трафика на ASR1k...Внутренняя архитектура IOS-XE: средства траблшутинга предачи трафика на ASR1k...
Внутренняя архитектура IOS-XE: средства траблшутинга предачи трафика на ASR1k...
 
Application hosting in the Intelligent WAN
Application hosting in the Intelligent WANApplication hosting in the Intelligent WAN
Application hosting in the Intelligent WAN
 
Emc vnx2 technical deep dive workshop
Emc vnx2 technical deep dive workshopEmc vnx2 technical deep dive workshop
Emc vnx2 technical deep dive workshop
 
Hardening Linux and introducing Securix Linux
Hardening Linux and introducing Securix LinuxHardening Linux and introducing Securix Linux
Hardening Linux and introducing Securix Linux
 
Unleash oracle 12c performance with cisco ucs
Unleash oracle 12c performance with cisco ucsUnleash oracle 12c performance with cisco ucs
Unleash oracle 12c performance with cisco ucs
 
Solaris cluster customer presentation
Solaris cluster customer presentationSolaris cluster customer presentation
Solaris cluster customer presentation
 
Five Steps to Creating a Secure Hybrid Cloud Architecture
Five Steps to Creating a Secure Hybrid Cloud ArchitectureFive Steps to Creating a Secure Hybrid Cloud Architecture
Five Steps to Creating a Secure Hybrid Cloud Architecture
 
Putting Firepower into the Next Generation Firewall
Putting Firepower into the Next Generation FirewallPutting Firepower into the Next Generation Firewall
Putting Firepower into the Next Generation Firewall
 
Cisco Connect Vancouver 2017 - Putting firepower into the next generation fir...
Cisco Connect Vancouver 2017 - Putting firepower into the next generation fir...Cisco Connect Vancouver 2017 - Putting firepower into the next generation fir...
Cisco Connect Vancouver 2017 - Putting firepower into the next generation fir...
 
Bloombase StoreSafe Compatibility Matrix
Bloombase StoreSafe Compatibility MatrixBloombase StoreSafe Compatibility Matrix
Bloombase StoreSafe Compatibility Matrix
 
Cisco Connect Halifax 2018 Putting firepower into the next generation firewall
Cisco Connect Halifax 2018 Putting firepower into the next generation firewallCisco Connect Halifax 2018 Putting firepower into the next generation firewall
Cisco Connect Halifax 2018 Putting firepower into the next generation firewall
 
LCG-300 Industrial LoRaWAN Gateway
LCG-300 Industrial LoRaWAN GatewayLCG-300 Industrial LoRaWAN Gateway
LCG-300 Industrial LoRaWAN Gateway
 
T1-9-2.ppt
T1-9-2.pptT1-9-2.ppt
T1-9-2.ppt
 

Plus de Ramesh Nagappan

Post Quantum Cryptography: Technical Overview
Post Quantum Cryptography: Technical OverviewPost Quantum Cryptography: Technical Overview
Post Quantum Cryptography: Technical OverviewRamesh Nagappan
 
Biometric Authentication for J2EE applications - JavaONE 2005
Biometric Authentication for J2EE applications - JavaONE 2005Biometric Authentication for J2EE applications - JavaONE 2005
Biometric Authentication for J2EE applications - JavaONE 2005Ramesh Nagappan
 
Interoperable Provisioning in a distributed world
Interoperable Provisioning in a distributed worldInteroperable Provisioning in a distributed world
Interoperable Provisioning in a distributed worldRamesh Nagappan
 
Secure Multitenancy on Oracle SuperCluster
Secure Multitenancy on Oracle SuperClusterSecure Multitenancy on Oracle SuperCluster
Secure Multitenancy on Oracle SuperClusterRamesh Nagappan
 
Secure Multi-tenancy on Private Cloud Environment (Oracle SuperCluster)
Secure Multi-tenancy on Private Cloud Environment (Oracle SuperCluster)Secure Multi-tenancy on Private Cloud Environment (Oracle SuperCluster)
Secure Multi-tenancy on Private Cloud Environment (Oracle SuperCluster)Ramesh Nagappan
 
Analysis of Security and Compliance using Oracle SPARC T-Series Servers: Emph...
Analysis of Security and Compliance using Oracle SPARC T-Series Servers: Emph...Analysis of Security and Compliance using Oracle SPARC T-Series Servers: Emph...
Analysis of Security and Compliance using Oracle SPARC T-Series Servers: Emph...Ramesh Nagappan
 
ICAM - Demo Architecture review
ICAM - Demo Architecture reviewICAM - Demo Architecture review
ICAM - Demo Architecture reviewRamesh Nagappan
 
Government Citizen ID using Java Card Platform
Government Citizen ID using Java Card PlatformGovernment Citizen ID using Java Card Platform
Government Citizen ID using Java Card PlatformRamesh Nagappan
 
PIV Card based Identity Assurance in Sun Ray and IDM environment
PIV Card based Identity Assurance in Sun Ray and IDM environmentPIV Card based Identity Assurance in Sun Ray and IDM environment
PIV Card based Identity Assurance in Sun Ray and IDM environmentRamesh Nagappan
 
Java Platform Security Architecture
Java Platform Security ArchitectureJava Platform Security Architecture
Java Platform Security ArchitectureRamesh Nagappan
 
Managing PIV Card Lifecycle and Converging Physical & Logical Access Control
Managing PIV Card Lifecycle and Converging Physical & Logical Access ControlManaging PIV Card Lifecycle and Converging Physical & Logical Access Control
Managing PIV Card Lifecycle and Converging Physical & Logical Access ControlRamesh Nagappan
 
Stronger Authentication with Biometric SSO
Stronger Authentication with Biometric SSOStronger Authentication with Biometric SSO
Stronger Authentication with Biometric SSORamesh Nagappan
 
Stronger/Multi-factor Authentication for Enterprise Applications
Stronger/Multi-factor Authentication for Enterprise ApplicationsStronger/Multi-factor Authentication for Enterprise Applications
Stronger/Multi-factor Authentication for Enterprise ApplicationsRamesh Nagappan
 
Wire-speed Cryptographic Acceleration for SOA and Java EE Security
Wire-speed Cryptographic Acceleration for SOA and Java EE SecurityWire-speed Cryptographic Acceleration for SOA and Java EE Security
Wire-speed Cryptographic Acceleration for SOA and Java EE SecurityRamesh Nagappan
 

Plus de Ramesh Nagappan (14)

Post Quantum Cryptography: Technical Overview
Post Quantum Cryptography: Technical OverviewPost Quantum Cryptography: Technical Overview
Post Quantum Cryptography: Technical Overview
 
Biometric Authentication for J2EE applications - JavaONE 2005
Biometric Authentication for J2EE applications - JavaONE 2005Biometric Authentication for J2EE applications - JavaONE 2005
Biometric Authentication for J2EE applications - JavaONE 2005
 
Interoperable Provisioning in a distributed world
Interoperable Provisioning in a distributed worldInteroperable Provisioning in a distributed world
Interoperable Provisioning in a distributed world
 
Secure Multitenancy on Oracle SuperCluster
Secure Multitenancy on Oracle SuperClusterSecure Multitenancy on Oracle SuperCluster
Secure Multitenancy on Oracle SuperCluster
 
Secure Multi-tenancy on Private Cloud Environment (Oracle SuperCluster)
Secure Multi-tenancy on Private Cloud Environment (Oracle SuperCluster)Secure Multi-tenancy on Private Cloud Environment (Oracle SuperCluster)
Secure Multi-tenancy on Private Cloud Environment (Oracle SuperCluster)
 
Analysis of Security and Compliance using Oracle SPARC T-Series Servers: Emph...
Analysis of Security and Compliance using Oracle SPARC T-Series Servers: Emph...Analysis of Security and Compliance using Oracle SPARC T-Series Servers: Emph...
Analysis of Security and Compliance using Oracle SPARC T-Series Servers: Emph...
 
ICAM - Demo Architecture review
ICAM - Demo Architecture reviewICAM - Demo Architecture review
ICAM - Demo Architecture review
 
Government Citizen ID using Java Card Platform
Government Citizen ID using Java Card PlatformGovernment Citizen ID using Java Card Platform
Government Citizen ID using Java Card Platform
 
PIV Card based Identity Assurance in Sun Ray and IDM environment
PIV Card based Identity Assurance in Sun Ray and IDM environmentPIV Card based Identity Assurance in Sun Ray and IDM environment
PIV Card based Identity Assurance in Sun Ray and IDM environment
 
Java Platform Security Architecture
Java Platform Security ArchitectureJava Platform Security Architecture
Java Platform Security Architecture
 
Managing PIV Card Lifecycle and Converging Physical & Logical Access Control
Managing PIV Card Lifecycle and Converging Physical & Logical Access ControlManaging PIV Card Lifecycle and Converging Physical & Logical Access Control
Managing PIV Card Lifecycle and Converging Physical & Logical Access Control
 
Stronger Authentication with Biometric SSO
Stronger Authentication with Biometric SSOStronger Authentication with Biometric SSO
Stronger Authentication with Biometric SSO
 
Stronger/Multi-factor Authentication for Enterprise Applications
Stronger/Multi-factor Authentication for Enterprise ApplicationsStronger/Multi-factor Authentication for Enterprise Applications
Stronger/Multi-factor Authentication for Enterprise Applications
 
Wire-speed Cryptographic Acceleration for SOA and Java EE Security
Wire-speed Cryptographic Acceleration for SOA and Java EE SecurityWire-speed Cryptographic Acceleration for SOA and Java EE Security
Wire-speed Cryptographic Acceleration for SOA and Java EE Security
 

Dernier

WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGSujit Pal
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 

Dernier (20)

WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Google AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAGGoogle AI Hackathon: LLM based Evaluator for RAG
Google AI Hackathon: LLM based Evaluator for RAG
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 

High Performance Security and Virtualization for Oracle Database and Cloud-Enabled Applications

  • 1. REMINDER Check in on the COLLABORATE mobile app High Performance Security and Virtualization for Oracle Database and Cloud-Enabled Applications Prepared by: Glenn Brunette, Ramesh Nagappan Oracle Corporation
  • 2. Program Agenda ■  SPARC SuperCluster Security Overview ■  Secure Database Consolidation Strategies ■  Secure Multi-Tier Deployment Architectures ■  Summary and Q&A
  • 3. Engineered Systems Security Strategy SECURITY AT EACH LAYER SECURITY BETWEEN LAYERS SECURITY SECURITY SECURITY SECURITY SECURITY SECURITY SECURITY SECURITY BETWEEN SYSTEMS SECURITY SECURITY SECURITY SECURITY SECURITY SECURITY SECURITY
  • 4. SuperCluster Security Focus Areas COMPUTE STORAGE NETWORK DATABASE
  • 5. SuperCluster Security Focus Areas Secure Isolation Access Control Data Protection Monitoring and Auditing COMPUTE STORAGE NETWORK DATABASE
  • 6. SuperCluster Security Capabilities Compute Storage Network Database Secure Isolation !  Physical !  Hypervisor-Mediated !  Kernel-Mediated !  Physical !  ASM Instances !  ZFS Data Sets !  Physical (Ethernet) !  Ethernet VLANs !  InfiniBand Partitions !  Pluggable DBs !  Instances, Schema !  Labels Access Control !  RBAC !  LDOM Administration !  Zone Administration !  ZFS Administration !  ASM Security !  NFS Security !  IP Filter, Switch ACLs !  Audit Vault and Database Firewall !  Roles and Privileges !  Database Vault !  Mandatory Realms Data Protection !  Immutable Zones !  Read-Only Mounts !  Extended Policies !  ZFS Encryption !  LOFI Encryption !  TDE !  SSH !  SSL / TLS !  IPsec / IKE !  Virtual Private DB !  Data Redaction !  Data Masking Monitoring and Auditing !  Solaris Auditing !  Reliable Syslog !  BART !  ZFS Storage Appliance Auditing !  Exadata Storage Auditing !  IP Filter (Logging) !  Switch Logs !  Database Auditing !  Audit Vault and Database Firewall
  • 7. Compute Perspective Physical Isolation Domain 1 Database Domain 1 SPARC T5-8 Server 1 SPARC T5-8 Server 2 Database Zones Isolation Domain 1 SPARC T5-8 Server Zone A Database Zone B Database Zone C Database Zone D Database POSIX Isolation Domain 1 SPARC T5-8 Server Database Database Database Database Hypervisor Isolation Domain 1 Database Domain 2 Database Hypervisor! SPARC T5-8 Server Electrical Isolation Domain 1 Database Domain 2 Database SPARC M6-32 Server Secure   Isola,on   Access   Control   Data   Protec,on   Monitoring   and  Audi,ng  
  • 8. Oracle Solaris 11 Layered Capabilities ■  Pluggable Authentication ■  Role-based Access Control ■  Fine-Grained Privileges ■  Extended File Access Controls ■  Application Sandboxing ■  Hardware-Assisted Cryptography ■  Network Security Controls ■  Dynamic Resource Controls ■  Auditing and Monitoring Secure   Isola,on   Access   Control   Data   Protec,on   Monitoring   and  Audi,ng  
  • 9. Database Perspective Instance Isolation Schema Isolation Label Isolation Container Isolation Domain 1 SPARC T5-8 Server Database Database Database Database Domain 1 SPARC T5-8 Server Database Schema Schema Schema Schema Domain 1 SPARC T5-8 Server Database Schema Domain 1 SPARC T5-8 Server Container Database Pluggable Database Pluggable Database Pluggable Database Pluggable Database Secure   Isola,on   Access   Control   Data   Protec,on   Monitoring   and  Audi,ng  
  • 10. Network Perspective Domain 1 Domain 2 SPARC T5-8 Server Zone A Client Access Network Client A-1 Zone C VLAN C Database C-1 Client C-1 IPsec / SSL Zone B Database A-1 IPMPA-1 VLAN A-1-0 VLAN A-1-1 Database B-1 Adding Cryptographic Isolation Layer 2 VNIC and VLAN Isolation IPMPB-1 VNIC B-1-0 VNIC B-1-1 net1 net0 Client B-1 VLAN A Network B
  • 11. Storage Perspective ASM Disk Groups ASM Disk Group A-1 ASM Disk Group A-2 Oracle Exadata Storage Servers ZFS Data Sets ZFS Data Set C-1 ZFS Data Set D-1 Sun ZFS Storage Appliance InfiniBand Network Partition: 0xFFFF Protocol: RDSv3 Partition: 0x8503 Protocol: NFS / IPoIB Oracle VM Server for SPARC Database Domain Oracle Solaris 11 Zone (Zone A) Oracle Database 11g Release 2 Instance A-1 Oracle Database 11g Release 2 Instance A-2 Application Domain Zone C Oracle Database 11g Release 2 Instance C-1 Zone D Oracle Database 11g Release 2 Instance D-1
  • 12. Cryptographic Perspective Database Domain SPARC T5 Hardware Assisted Cryptography Zone A Oracle Database A-1 Client Access Network SSL InfiniBand Network Partition Intel AES-NI Hardware Assisted Cryptography Client A-1 Oracle PKCS#11 Wallet (Oracle Solaris PKCS#11 Softtoken) SSL Certificate A-1 Oracle Solaris Cryptographic Framework ASM Disk Groups Disk Group A-1 Oracle Exadata Storage Servers Encrypted Tablespaces ZFS Data Sets Data Sets A-1 Encrypted Backups Export Files Sun ZFS Storage Appliance RDSv3 NFSv4 TDE Master Key A-1
  • 13. Database Consolidation Example InfiniBand Network Partition ASM Disk Groups RDSv3 RDSv3 InfiniBand Network Partition ZFS Data Sets NFS NFS Oracle Exadata Storage Servers Sun ZFS Storage Appliance Database Domain Application Domain SPARC T5-8 Server Zone A Database A-1 Zone C Database C-1 Zone D Database D-1 Database A-2 Tablespace Tablespace Tablespace Tablespace Tablespace Tablespace Tablespace Tablespace Tablespace Tablespace Tablespace Tablespace Tablespace Tablespace Tablespace Tablespace Client Access Network Management Network
  • 14. Multi-Tier Application Security Secure  Isola,on   Access  Control   Data  Protec,on   Monitoring  and  Audi,ng   Presenta,on   Data   Compute   Storage   Network   Service   Logic  
  • 15. Multi-Tier Network Isolation InfiniBand Partitioning Strategy ZFS Storage (Web) RDSv3 Application Domain Database Domain SPARC T5-8 Server App to DB Web to App 0x0503 0x8751 0x8761 0x8761 Exadata Storage 0xFFFF0x0751 ZFS Storage (App) 0x0513 0x8503 0x8513 0xFFFFZone C Database Server Zone A Web Server Zone B Application Server Oracle Exadata Storage Servers Sun ZFS Storage Appliance Client Access Network VLAN A Client A HTTPS
  • 16. Multi-Tier Network Isolation End to End Deployment Scenario Client Access Network Application Domain Database Domain SPARC T5-8 Server Zone A Database A Zone B Database B VLAN B Client B HTTPS VLAN A HTTPS Client A InfiniBandNetworkPartitions IPoIB for NFSv4, iSCSI Application B Share (0x8503) Application A Share (0x8513) Database A Share (0x8523) Database B Share (0x8533) RDSv3 Database A ASM DG (0xFFFF) Database B ASM DG (0xFFFF) IPoIB/TCP (0x0751) IPoIB/TCP (0x8751) SDP (0x0752) SDP (0x8752) Zone B Application B Zone A Application A Zone C Load Balancing Proxy
  • 17. Encrypted and Immutable Zones ■  Read-Only Non-Global Zone ▪  Protects the system binaries from malicious or accidental tampering ▪  MWAC Policy (Strict or Fixed) ▪  Can be augmented with additional read only ZFS data sets to protect specific applications, data sets, etc. ■  Encrypted Non-Global Zone Root ▪  ZFS encryption implemented on iSCSI LUNs from ZFS Storage Appliance ▪  Leverages FIPS 140-2 validated cryptography ▪  Secure key storage using Solaris Softtoken Keystore or Oracle Key Manager Read Only Read Only Read Only Read Only WriteableWriteable Writeable Writeable Writeable Writeable* Read Only Writeable* Read Only Read Only Read Only Read Only /, /usr /lib, … /etc /var other None Flexible Fixed Strict Solaris 11 Immutable Zone Options
  • 18. Multi-tier Deployment Scenario Immutable and Encrypted Zones and InfiniBand Partitions Database Access Network InfiniBand Partition (RDSv3) 0xFFFF WebLogic Access Network InfiniBand Partition (IPoIB) Cohere nce Access Net (IPoIB) Coherence Access Network InfiniBand Partition (IPoIB) Limited SPARC T4-4 Server Solaris 11 Domain Immutable Solaris Zone (app01) Immutable Solaris Zone (app02) Weblogic Server Cluster (app-cluster) WLS 12c (as-app01-01, TCP/8001) WLS 12c (as-app01-02, TCP 8002) WLS 12c (as-app02-01, TCP/8001) WLS 12c (as-app02-02, TCP/8002) Encrypted ZFS Data Set (Mounted In Zone As Zone Read-Only /apps) Encrypted Per-Zone ZFS Data Sets (Mounted In Zone As Zone Read-Write /data) ZFS Keys (Stored In PKCS#11 Token) Encrypted Per-Zone ZFS Data Sets (Mounted In Zone as Zone Root) net1:1 net0:1 net1:2 net1 net0 net0:2 Limited Full Limited SPARC T5-8 Server Client Access Network Application Domain Application Domain Zone Cluster Oracle Traffic Director Oracle Traffic Director Encrypted Per-Zone ZFS Data Sets Encrypted Per-Zone ZFS Data Sets VLAN A HTTPS HTTPS
  • 19. Cryptographic Isolation: Multi-Tier Scenario InfiniBand Network Partition #1 SPARC T5 Hardware Assisted Cryptography Client Access Network Database Domain Oracle Solaris Cryptographic Framework Zone C Oracle Database (SSL and TDE) Oracle PKCS#11 Wallet (Oracle Solaris PKCS#11 Softtoken) SSL Certificate TDE Master Key Intel AES-NI Hardware Assisted Cryptography ASM Disk Groups Oracle Exadata Storage ServersENCRYPTED Tablespaces ZFS Volumes/Data Sets ENCRYPTED Sun ZFS Storage Appliance Binaries Configurations BackupsApplication Domain Zone B Oracle WebLogic Oracle Solaris Cryptographic Framework Zone A Oracle Traffic Director TLS InfiniBand Network Partition #2 RDSv3 InfiniBand Network Partition #3 iSCSI, NFS TLS TLS
  • 20. Security Performance on SuperCluster T5-8 Multi-Tier Application Security – SSL/TLS, TDE and Encrypted ZFS •  RSA-­‐2048    (Key  Alg)   •  AES-­‐256    (Bulk  Alg)   •  SHA256withRSA    (Signature  Alg)   •  TLS_RSA_WITH_AES_256_CBC_SHA  (SSL  Cipher  Suite)   •  Immutable  Zones  on  Encrypted  ZFS  Data  sets  –  (AES  128)   •  Oracle  Fusion  Middleware     •  Weblogic  12cR1   •  300  Users   •  Two-­‐way  SSL   •  JDK  7u17   •  Oracle  11gR2  TDE   •  Solaris  11.1  (SuperCluster  T5-­‐8)   9195 4296 8478 8404 1000 2000 3000 4000 5000 6000 7000 8000 9000 10000 No SSL 3rd Party JCE (Software SSL) and TDE Oracle Ucrypto SSL and TDE (SPARC T5) SPARC T5 - SSL, TDE, Encrypted ZFS on Solaris Zone Operations/sec SPARC T5-8
  • 21. SuperCluster Security Summary Complete •  Layered, Defense in Depth From Applications to Disk •  Lifecycle Data Protection - In Use, In Transit and At Rest Integrated •  Hardware-Assisted Security for Encryption and Isolation •  Comprehensive Activity Monitoring and Key Management Flexible •  Enables Single and Multiple Tier and Tenant Architectures •  Satisfies Various Quality of Service and Security Levels Trusted •  Protecting Mission Critical Environments Around the Globe •  Designed, Pre-Integrated, and Tested to Work Best Together
  • 22. Additional Resources ■  Oracle SuperCluster T5-8 Platform Security Principles and Capabilities ▪  http://www.oracle.com/technetwork/server-storage/ sun-sparc-enterprise/documentation/ o13-052-osc-t5-8-security-1989641.pdf ■  Secure Database Consolidation using the Oracle SuperCluster T5-8 Platform ▪  http://www.oracle.com/technetwork/server-storage/ sun-sparc-enterprise/documentation/ o13-053-securedb-osc-t5-8-1990064.pdf ■  High Performance Security for Oracle WebLogic and Fusion Middleware Applications ▪  http://www.oracle.com/technetwork/articles/systems-hardware- architecture/security-weblogic-t-series-168447.pdf