Re: encrypted filesystems for database files
From: Kevin Closson <ora_kclosson_at_yahoo.com>
Date: Thu, 18 Sep 2014 11:49:07 -0700
Message-ID: <1411066147.50285.YahooMailNeo_at_web121205.mail.ne1.yahoo.com>
Date: Thu, 18 Sep 2014 11:49:07 -0700
Message-ID: <1411066147.50285.YahooMailNeo_at_web121205.mail.ne1.yahoo.com>
rubbish ________________________________ From: Seth Miller <sethmiller.sm_at_gmail.com> To: April Sims <aprilcsims_at_gmail.com> Cc: k3nnyp_at_gmail.com; ORACLE-L <oracle-l_at_freelists.org> Sent: Thursday, September 18, 2014 10:13 AM Subject: Re: encrypted filesystems for database files Looks like a pretty typical MOS, "If you don't use only our products you must hate baby kittens and your entire data center will probably burn down" unhelpful response. Seth Miller On Thu, Sep 18, 2014 at 8:17 AM, April Sims <aprilcsims_at_gmail.com> wrote: Kenny, > >Thanks...this is from Oracle Support quoted verbatim on the question of encrypted filesystems : > > >"This is a 3th party issue, we have our own solution which would be TDE tablespace encryption, >for any 3th party solution to properly work, it must be completely transparent to oracle, >the normal read / write OS calls oracle does must be redirected to the decrypt / encrypt code, it >is possible asynch_io can no longer work and you also may need to set parameter disk_asynch_io = false, >otherwise it is entirely up to the 3th party product being tested and certified to run with oracle >by the 3th party vendor." > > > > > >On Thu, Sep 18, 2014 at 5:05 AM, Kenny Payton <k3nnyp_at_gmail.com> wrote: > >We typically do encryption in our SAN array ( Hitachi ). We are in the process of testing a SoftLayer cloud deployment and are building a SAN based on commodity hardware using EMC's ScaleIO software which has an encryption option at the volume level. The storage servers have SSD's in them and we can easily saturate a single 10gbit link doing writes with very little cpu consumption on the storage server. So far I'm pretty impressed by ScaleIO. >> >> >>We're also using TDE in a small environment but haven't stressed it at all to tell the real overhead. Of course the cost is a hard thing to swallow. There was a post recently on this board that stated ACFS is now free. I'm pretty sure it has encryption options also but not for sure if they are also free but might be worth looking at. >> >> >>Kenny >> >> >>On Tue, Sep 16, 2014 at 9:11 AM, Jeremy Schneider <jeremy.schneider_at_ardentperf.com> wrote: >> >>On Mon, Sep 15, 2014 at 1:02 PM, Powell, Mark <mark.powell2_at_hp.com> wrote: >>> >>>Isn’t that what Tablespace level TDE basically does for you? >>> >>> >>>Sure, if you want to pay for it. :) >>> >>> >>> >>> >>>From: oracle-l-bounce_at_freelists.org [mailto:oracle-l-bounce_at_freelists.org] On Behalf Of April Sims >>>>Sent: Monday, September 15, 2014 11:34 AM >>>>Subject: encrypted filesystems for database files >>>> >>>>Anyone use encryption at the filesystem level for any type of Oracle database files? >>>> >>>I'm familiar with one case where a customer did this, but it was a off-site standby database which really existed more as a backup than a standby. It was not intended for actual failover. I haven't yet run a live production database on os-level encryption. It would most likely work, but I wouldn't expect equal performance to db-level encryption. If you've got a small app and you don't want to pay for encryption then it may work fine for you. If the business & database grow then it may eventually be worth buying advanced security for the db. As always, those sorts of decisions are very dependent on your specific situation and even then they're not usually black and white... >>> >>> >>> >>>-Jeremy >>> >>> >>> >>> >>>-- >>>http://about.me/jeremy_schneider >> > > >-- > >April C. Sims >IOUG SELECT Journal Editor >http://aprilcsims.wordpress.com >Twitter, LinkedIn >Oracle Database 11g – Underground Advice for Database Administrators >https://www.packtpub.com/oracle-11g-database-implementations-guide/book >OCP 8i, 9i, 10g, 11g DBA >Southern Utah University >aprilcsims_at_gmail.com
-- http://www.freelists.org/webpage/oracle-lReceived on Thu Sep 18 2014 - 20:49:07 CEST