Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: Multi-Master Replication over an air-gap

Re: Multi-Master Replication over an air-gap

From: steve <me_at_me.com>
Date: Sat, 20 Dec 2003 6:13:59 +0800
Message-ID: <0001HW.BC099927000344E8F04075B0@news.newsguy.com>


On Thu, 18 Dec 2003 22:09:28 +0800, Andrew Blakeslee wrote (in message <5ddf960e.0312180609.c68211e_at_posting.google.com>):

> Richard Kuhler <noone_at_nowhere.com> wrote in message
> news:<iSIDb.8222$Oh1.249_at_twister.socal.rr.com>...

>> Gerry Sinkiewicz wrote:
>>> The answer is probably to secure both devices on a secure isolated network
>>> 
>>> That would be the only way to satisfy a security audit, if it is
>>> multi-master, then
>>> the information goes both ways, so the information is just as "sensitive" 
>>> at
>>> both ends, isn't it?
>>> 
>>> "Andrew Blakeslee" <andrew_at_soft-solutions-inc.com> wrote in message
>>> news:5ddf960e.0312111124.2e8d770e_at_posting.google.com...
>>> 
>>>> I am investigating a scenario where I need to keep two databases
>>>> synchronized, but there cannot be a physical connection due to
>>>> security constraints. Is it possible to setup a multi-master
>>>> replication scenario where the replication transactions are copied to
>>>> a removable media from one database and then loaded from the removable
>>>> media to the other database at fixed intervals? There should be a
>>>> relatively low volume of transactions, so the size of the data being
>>>> transferred should not be an issue.
>>>> 
>> 
>> The OP didn't say this but I had assumed that the information being 
>> replicated was not security sensitive since this is multi-master. 
>> Rather, I imagine there is _other_ information on the "secure" machine 
>> that is sensitive.

>
> Richard, that is correct - the data itself is not sensitive, it just
> resides on a network that contains sensitive data. So far in this
> environment, the only solutions that have been approved for
> transferring data between classified and unclassified networks are
> air-gap solutions. I know that replication transactions can
> accumulate while databases are offline, but it sounds like there has
> to be an actual physical connection in order to propagate these
> transactions. I was hoping someone had come across a way to fool
> Oracle into thinking there was a connection.
>
> Thanks,
> Andy

why can you not just "pop" in another network card into each of the servers, then allocate a new network just for the link , then run a single cable between the machines, also make it a different class of network, and add in a small firewall that only allows traffic on the 2 ports oracle uses for replication communication, finally setup the oracle listener on this address to not use rondom port allocations.

letting transactions accumulate is a real bad idea, as there would be no way to keep the databases correct and syncronised.   Received on Fri Dec 19 2003 - 16:13:59 CST

Original text of this message

HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US