| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Mailing Lists -> Oracle-L -> Re: SQL*Net encryption with SSH port forwarding
I suspect that Tanel is right -- you are likely to experience (very)
substantial CPU load on your database server if you do this much.
Given that you're probably paying somewhere between $5,000 and $100,000 per CPU to run Oracle, consuming CPU cycles this way can be pretty costly.
Rather than using SSH tunnels, you could tunnel through SSL instead. There are free software solutions for this (e.g., "stunnel") and -- more importantly -- readily available hardware solutions. (Sorry -- it's about 7 years since I last researched this, so I can't name any names.) Hardware devices meant to offload SSL encryption from busy webservers have been around for many years, and are comparatively cheap. You don't have to save a lot of CPUs on your database server to justify one.
Heck, you may well be able to do the same with SSH these days, too. Try googling something like "SSL SSH hardware accelerator" and see what pops up...
On 11/6/06, Hameed, Amir <Amir.Hameed_at_xerox.com> wrote:
>
> Folks,
> Is anyone in this list using SSH port-forwarding methodology to encrypt
> SQL*Net data, preferably in an 11i environment? If yes then could you
> please your share your experience with me? I am interested in knowing a)
> How did it work for you b) any major issues encountered that one should
> watch out for c) Performance overhead d) robustness
>
> Thanks
> Amir
>
> --
> http://www.freelists.org/webpage/oracle-l
>
>
>
-- Cheers, -- Mark Brinsmead Senior DBA, The Pythian Group http://www.pythian.com/blogs -- http://www.freelists.org/webpage/oracle-lReceived on Tue Nov 07 2006 - 19:06:02 CST
 |
 |