Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: ASM and O/S Security

Re: ASM and O/S Security

From: HansF <News.Hans_at_telus.net>
Date: Mon, 04 Apr 2005 13:59:13 GMT
Message-Id: <pan.2005.04.04.15.01.00.77008@telus.net> 





On Mon, 04 Apr 2005 06:00:30 -0700, GeoPappas interested us by writing:



> I was reading about how ASM uses raw partitions, instead of an O/S file

> system, and had a few questions:

> 

> - Does this mean that the O/S is not used for ASM at all?




IMO, you are mixing metaphors.  



I like to think of ASM replacing the file system layer for an existing
operating system.  As examples: for a Windows machine you would have NTFS,
Fat32 and ASM;  for Linux, ext3, ReiserFS and ASM. 



However, ASM is geared toward managing Oracle-related data, as compared
to traditional files, and it is not meant to be used in place of a
traditional file system for non-Oracle files.



To do this, is is best to give the ASM instance free run of the disk,
bypassing the operating system's control of the disk (ie. raw disk). 
Although, for demonstration and study purposes, in a *nix environment it
is possible to set dd an empty file on existng file systems that can be
used for ASM storage. 



If this makes you uneasy, remember that Oracle has been managing raw disks
since the early 80s - it's much easier to get performance when there are
fewer layers.  Probably the only reason [that I can see] for us ending up
using cooked file systems is that undertrained DBAs and SAs alike didn't
know how to back up and restore raw filesystems.



> 

> - How is security handled?  Normally, O/S patches come out every so

> often to handle security holes.  How is this handled with Oracle raw

> devices?  Does this make ASM less secure than typical O/S file systems?




The OS gets it's patches from the OS vendor.  ASM gets it's patches from
Oracle.  Both sets of patches are needed.  In *nix, you could get file
system patches independent of kernel patches - also happens in Windows,
but is just not as obvious.



I don';t really see how 'security' enters into the picture, though. Unless
you are silly enough to use files instead of raw disks, there is a strict
separation of disks.   For raw disks, the OS is generally not fully aware
of the disk and will not even attempt to read or write unless coerced.



My conclusion is that your security questions are irrelevant because you
are attempting to 'discuss apple picking machinery in an orange grove'. 
Or ASM will be even more secure because most security issues occure at the
operating system level, and ASM isolates the data from the OS.


-- 
Hans Forbrich                           
Canada-wide Oracle training and consulting
mailto: Fuzzy.GreyBeard_at_gmail.com   
*** I no longer assist with top-posted newsgroup queries ***


Received on Mon Apr 04 2005 - 08:59:13 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US