Re: ASM on encrypted filesystem files

From: pier paolo Bruno <pbrunoster_at_gmail.com>
Date: Thu, 25 May 2023 13:21:49 +0200
Message-ID: <CA+dM1yMj_59BSowN0n3SbSUPNOqPBYw3vnw_YX=V=yJftS=7_g_at_mail.gmail.com>

I would open an SR asking oracle if it is a supported configuration. In theory you can use udev ( for giving the device the correct uid and gid ) and install ASM avoiding asm filter or asm lib . I would create my dm-crypt device and i would try to install a grid upon them . But even if it works , passing the proper device name to asm, you have no guarantees that it will continue to work. If it is something that oracle supports, ok. But if it is not supported what do you do if . it works for a week or 2 monthes and then it stops working ? . we did, many times ago a similar "path" for cost saving , but the situation was different. we were on single instances, on a filesystem and the filesystem vendor certified the solution so it was transparent from an oracle point of view . You can try to create a test rac on dm-crypt but even if it works you take a great responsability in telling a customer, ok , let's do this ...

Il giorno mer 17 mag 2023 alle ore 16:05 Niklas Iveslatt < dmarc-noreply_at_freelists.org> ha scritto:

> This one might have some useful info?
>
> https://docs.oracle.com/en/learn/ol-luks/index.html#introduction
>
> Niklas Iveslatt
> Senior Partner
>
>
> Arisant LLC ~ http://www.arisant.com
> 44 Inverness Dr. E Bldg. C Suite 2 ~ Englewood, CO 80112
> mobile: 303.882.4461 ~ main: 303.330.4065 ~ fax: 888.889.0155
>
> Need to send me something securely? *Click here*
> <https://arisant.sendsafely.com/u/niklas.iveslatt>
>
>
> On Wed, May 17, 2023 at 6:22 AM Tim Gorman <tim.evdbt_at_gmail.com> wrote:
>
>> Friends and colleagues,
>>
>> I have a customer who wishes to use Linux DM-CRYPT to encrypt all
>> filesystem contents on their Linux systems. They wish for DM-CRYPT to also
>> cover their Oracle database files on ASM which they note uses "raw" block
>> devices not based on any filesystem, which they feel leaves them choosing
>> between using DM-CRYPT and ASM.
>>
>> Yes, we've discussed Oracle TDE, and they prefer not to use it. That
>> conversation is a dead end.
>>
>> I know that it is possible to pre-create empty files on remote NFS
>> filesystems and then use those as disk files for ASM, instead of block
>> devices, as described in Oracle Support note #731775.1 (entitled "*How
>> To Create ASM Diskgroups using NFS/NAS Files*
>> <https://support.oracle.com/epmos/faces/DocumentDisplay?id=731775.1>").
>> However, I can't find a similar support article describing the same method
>> for local filesystems.
>>
>> Has anyone found such a support article, or perhaps use local filesystem
>> files as ASM disk?
>>
>> Please let me know what you think?
>>
>> Thanks!
>>
>> -Tim
>>
>>
>>

--
http://www.freelists.org/webpage/oracle-l

Received on Thu May 25 2023 - 13:21:49 CEST

This message: [ Message body ]
Next message: Powell, Mark: "Re: job_priority for Oracle scheduler jobs"
Previous message: Fairlie Rego: "job_priority for Oracle scheduler jobs"
In reply to: Niklas Iveslatt: "Re: ASM on encrypted filesystem files"
In reply to Niklas Iveslatt: "Re: ASM on encrypted filesystem files"
Next in thread: Mark W. Farnham: "RE: Modifying column faster way"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message