Re: encrypted filesystems for database files

From: Seth Miller <sethmiller.sm_at_gmail.com>
Date: Thu, 18 Sep 2014 12:13:27 -0500
Message-ID: <CAEueRAXRgn2-ew1A_k0KhYiU3Pr6vYYdeDFY962v_Sn0Zb8PKA_at_mail.gmail.com>



Looks like a pretty typical MOS, "If you don't use only our products you must hate baby kittens and your entire data center will probably burn down" unhelpful response.

Seth Miller

On Thu, Sep 18, 2014 at 8:17 AM, April Sims <aprilcsims_at_gmail.com> wrote:

> Kenny,
>
> Thanks...this is from Oracle Support quoted verbatim on the question of
> encrypted filesystems :
>
>
> "This is a 3th party issue, we have our own solution which would be TDE
> tablespace encryption,
> for any 3th party solution to properly work, it must be completely
> transparent to oracle,
> the normal read / write OS calls oracle does must be redirected to the
> decrypt / encrypt code, it
> is possible asynch_io can no longer work and you also may need to set
> parameter disk_asynch_io = false,
> otherwise it is entirely up to the 3th party product being tested and
> certified to run with oracle
> by the 3th party vendor."
>
>
>
> On Thu, Sep 18, 2014 at 5:05 AM, Kenny Payton <k3nnyp_at_gmail.com> wrote:
>
>> We typically do encryption in our SAN array ( Hitachi ). We are in the
>> process of testing a SoftLayer cloud deployment and are building a SAN
>> based on commodity hardware using EMC's ScaleIO software which has an
>> encryption option at the volume level. The storage servers have SSD's in
>> them and we can easily saturate a single 10gbit link doing writes with very
>> little cpu consumption on the storage server. So far I'm pretty impressed
>> by ScaleIO.
>>
>> We're also using TDE in a small environment but haven't stressed it at
>> all to tell the real overhead. Of course the cost is a hard thing to
>> swallow. There was a post recently on this board that stated ACFS is now
>> free. I'm pretty sure it has encryption options also but not for sure if
>> they are also free but might be worth looking at.
>>
>> Kenny
>>
>> On Tue, Sep 16, 2014 at 9:11 AM, Jeremy Schneider <
>> jeremy.schneider_at_ardentperf.com> wrote:
>>
>>> On Mon, Sep 15, 2014 at 1:02 PM, Powell, Mark <mark.powell2_at_hp.com>
>>> wrote:
>>>
>>>> Isn’t that what Tablespace level TDE basically does for you?
>>>>
>>>
>>> Sure, if you want to pay for it. :)
>>>
>>>
>>>
>>>> *From:* oracle-l-bounce_at_freelists.org [mailto:
>>>> oracle-l-bounce_at_freelists.org] *On Behalf Of *April Sims
>>>> *Sent:* Monday, September 15, 2014 11:34 AM
>>>> *Subject:* encrypted filesystems for database files
>>>>
>>>> Anyone use encryption at the filesystem level for any type of Oracle
>>>> database files?
>>>>
>>> I'm familiar with one case where a customer did this, but it was a
>>> off-site standby database which really existed more as a backup than a
>>> standby. It was not intended for actual failover. I haven't yet run a
>>> live production database on os-level encryption. It would most likely
>>> work, but I wouldn't expect equal performance to db-level encryption. If
>>> you've got a small app and you don't want to pay for encryption then it may
>>> work fine for you. If the business & database grow then it
>>> may eventually be worth buying advanced security for the db. As always,
>>> those sorts of decisions are very dependent on your specific situation and
>>> even then they're not usually black and white...
>>>
>>> -Jeremy
>>>
>>>
>>> --
>>> http://about.me/jeremy_schneider
>>>
>>
>>
>
>
> --
> April C. Sims
> IOUG SELECT Journal Editor
> http://aprilcsims.wordpress.com
> Twitter, LinkedIn
> Oracle Database 11g – Underground Advice for Database Administrators
>
> <http://www.amazon.com/Oracle-Database-Underground-Advice-Administrators/dp/1849680000/ref=sr_1_1?ie=UTF8&s=books&qid=1272289339&sr=8-1#noop>
> https://www.packtpub.com/oracle-11g-database-implementations-guide/book
> OCP 8i, 9i, 10g, 11g DBA
> Southern Utah University
> aprilcsims_at_gmail.com
>

--
http://www.freelists.org/webpage/oracle-l
Received on Thu Sep 18 2014 - 19:13:27 CEST

Original text of this message