Path: dp-news.maxwell.syr.edu!spool.maxwell.syr.edu!drn.maxwell.syr.edu!news.maxwell.syr.edu!cyclone.bc.net!newsfeed2.telusplanet.net!newsfeed.telus.net!edtnps84.POSTED!3fabb59e!not-for-mail From: HansF Subject: Re: ASM and O/S Security User-Agent: Pan/0.14.2.92 ('Ere, he says he's not dead.) Message-Id: Newsgroups: comp.databases.oracle.server References: <1112619630.680158.131360@o13g2000cwo.googlegroups.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit Lines: 54 Date: Mon, 04 Apr 2005 13:59:13 GMT NNTP-Posting-Host: 64.230.44.53 X-Trace: edtnps84 1112623153 64.230.44.53 (Mon, 04 Apr 2005 07:59:13 MDT) NNTP-Posting-Date: Mon, 04 Apr 2005 07:59:13 MDT Xref: dp-news.maxwell.syr.edu comp.databases.oracle.server:239592 On Mon, 04 Apr 2005 06:00:30 -0700, GeoPappas interested us by writing: > I was reading about how ASM uses raw partitions, instead of an O/S file > system, and had a few questions: > > - Does this mean that the O/S is not used for ASM at all? IMO, you are mixing metaphors. I like to think of ASM replacing the file system layer for an existing operating system. As examples: for a Windows machine you would have NTFS, Fat32 and ASM; for Linux, ext3, ReiserFS and ASM. However, ASM is geared toward managing Oracle-related data, as compared to traditional files, and it is not meant to be used in place of a traditional file system for non-Oracle files. To do this, is is best to give the ASM instance free run of the disk, bypassing the operating system's control of the disk (ie. raw disk). Although, for demonstration and study purposes, in a *nix environment it is possible to set dd an empty file on existng file systems that can be used for ASM storage. If this makes you uneasy, remember that Oracle has been managing raw disks since the early 80s - it's much easier to get performance when there are fewer layers. Probably the only reason [that I can see] for us ending up using cooked file systems is that undertrained DBAs and SAs alike didn't know how to back up and restore raw filesystems. > > - How is security handled? Normally, O/S patches come out every so > often to handle security holes. How is this handled with Oracle raw > devices? Does this make ASM less secure than typical O/S file systems? The OS gets it's patches from the OS vendor. ASM gets it's patches from Oracle. Both sets of patches are needed. In *nix, you could get file system patches independent of kernel patches - also happens in Windows, but is just not as obvious. I don';t really see how 'security' enters into the picture, though. Unless you are silly enough to use files instead of raw disks, there is a strict separation of disks. For raw disks, the OS is generally not fully aware of the disk and will not even attempt to read or write unless coerced. My conclusion is that your security questions are irrelevant because you are attempting to 'discuss apple picking machinery in an orange grove'. Or ASM will be even more secure because most security issues occure at the operating system level, and ASM isolates the data from the OS. -- Hans Forbrich Canada-wide Oracle training and consulting mailto: Fuzzy.GreyBeard_at_gmail.com *** I no longer assist with top-posted newsgroup queries ***