SlideShare a Scribd company logo

Plam16 jan

Jan Lindström
Jan Lindström

This document discusses transparent encryption of MariaDB databases using the Amazon Key Management Service (KMS). It provides an overview of transparent encryption concepts, how encryption is implemented for InnoDB/XtraDB tables and logs, available encryption plugins including the AWS KMS plugin, and how to configure MariaDB for encryption using AWS KMS for key management. The AWS KMS plugin allows MariaDB to store encrypted encryption keys in AWS KMS and handle key rotation. Documentation links are also provided.

Software
1 of 32
Download to read offline
Transparent tablespace and log encryption on MariaDB 10.1 using Amazon Key Management Service Jan Lindström, Principal Engineer, MariaDB Corporation Amsterdam, Netherlands | October 5, 2016
2 Agenda 1. Introduction 2. Concepts 3. InnoDB/XtraDB 4. Encryption Plugins 5. Amazon AWS KMS 6. Configuration
Introduction
4 What is transparent encryption? • Transparent to application • Application does’t know anything about keys, algorithm, etc • Anyone that can connect to MariaDB can dump data • Not data-in-transit encryption (SSL/TLS) • Not per-column encryption • Not application-side encryption • No encryption functions needed (AES_ENCRYPT())
5 All data written to disk should be encrypted • InnoDB tablespaces (per-file and system) • InnoDB log files • Aria tables • Temporary files • Temporary tables • Binary log • No mysqlbinlog, though!
6 What’s missing? • Aria logs • Audit log • Error log • Slow query log • General query log • MyISAM tables • CONNECT, CSV, et. Al. • Galera gcache
7 Implementation • MariaDB has a new interface for encryption plugins • Key management • Encryption/decryption • Implemented co-operation together with Google and Eperi • https://mariadb.com/kb/en/mariadb/encryption-plugins/
Concepts
9 Concepts • Key ID • ID 1 for system data, like InnoDB redo logs, binary logs, etc • ID 2 (if available) for temporary data, like temporary files and temporary tables • Other Ids as configured when creating tables, etc. • Key Version (for rotation) • Encryption algorithm • Default AES_CBC • Support for these items may vary across plugins!
InnoDB/XtraDB
11 InnoDB/XtraDB • ON/OFF/FORCE • innodb-encrypt-tables = [ON | OFF | FORCE]; • Encrypt log • innodb-encrypt-log = [ON | OFF]; • Monitoring (IS) • innodb-tablespaces-scrubbing • innodb-tablespaces-encryption
12 InnoDB/XtraDB • Optional background rotation • innodb-encryption-threads = n; • innodb-encryption-rotate-key-age= n; - ”Age” in key versions • innodb-encryption-rotation-iops = n; • Optional data scrubbing • innodb-background-scrub-data-compressed = [ON | OFF]; • innodb-background-scrub-data-uncompressed = [ON | OFF]; • innodb-immediate-scrub-data-uncompressed = [ON | OFF]; • innodb-scrub-log = [ON|OFF]; • innodb-scrub-log-speed=n; • innodb-background-scrub-data-check-interval=n; https://mariadb.com/kb/en/mariadb/xtradb-innodb-data-scrubbing/
Encryption plugins
14 Encryption plugins • File key management • https://mariadb.com/kb/en/mariadb/data-at-rest-encryption/#file_key_management- plugin • AWS KMS plugin • https://mariadb.com/kb/en/mariadb/aws-key-management-encryption-plugin/ • Eperi plugin • http://eperi.de/en/products/database-encryption/ • Custom plugins to meet customer needs?
15 File_key_management • Keys stored in a local file (note that this file could be on USB stick) • No support for key rotation/version • Key file itself can be encrypted (but used key in my.cnf) • Do you feel good having your encryption keys sitting next to your data ?
16 Eperi plugin • Separate Eperi gateway software • Licenses and downloads from Eperi’s web portal • KMS • Plugin opens listener that the KMS connects to in order to authenticate the connecting MariaDB instance • Page encryption server • InnoDB actually sends pages to the Eperi gateway node to be encrypted!
Amazon KMS Encryption Plugin
18 AWS KMS Encryption Plugin • Amazon Web Services Key Management Service • CloadTrail & CloudWatch • Logging • Auditing • Notifications • Identity and Access Management (IAM) • Interesting possibilities • MFA for MariaDB startup • IAM roles to read keys • AWS logging & alerts
19 Requirements • You need to sign up for Amazon Web Services • You need to create IAM user • MariaDB server will use these credentials to authenticate AWS server • You need to create a master encryption key • Used to encrypt the actual encryption keys that will be used by MariaDB • You will need to configure AWS credentials • You will need to configure MariaDB (naturally)
20 AWS KMS Plugin • Writes enrypted keys to local disk • MariaDB must connect to KMS to decrypt keys - MariaDB startup - Creating a table that uses a new key • Supports key rotation • Limited platform support due to C++11 requirement of AWS SDK • Requires C++11 compiler: gcc4.7+, clang 3.3+ or VS2013+ • RHEL • CentOS 7 • ~600 lines • Great reference for people who want to write their own plugins
21 Credentials Management • Identify and Access Management (IAM) policy for keys • Authorized source addresses • IAM users w/ restricted privileges • Multi-Factor Authentication (2FA/MFA) • AWS SDK • Config file, environment variables, etc. • Flexible wrapper program • EC2 (Elastic Compute Cloud) instance IAM role
Configuration
23 Install, enable, and configure $ cat /etc/my.cnf.d/aws_key_management.cnf [mariadb] plugin-load-add=aws_key_management.so aws-key-management aws-key-management-master-key-id = alieas/mariadb2 # aws_key_management_log_level = Trace ignore-db-dirs=.pki !include /etc/my.cnf.d/enable_encryption.preset
24 Turn on encryption settings $ cat /etc/my.cnf.d/enable_encryption.preset [mariadb] aria-encrypt-tables encrypt-binlog encrypt-tmp-disk-tables encrypt-tmp-files loose-innodb-encrypt-log loose-innodb-encrypt-tables
25 Encrypted system tablespace $ sudo –u mysql mysql_install_db … 2016-09-29 11:40:00 [Note] AWK KMS plugin: generated encrypted datakey for key id=1, version=1 2016-09-29 11:40:00 [Note] AWK KMS plugin: loaded key 1, version 1, key length 128 bit … 2016-09-29 11:40:01 [Note] AWK KMS plugin: generated encrypted datakey for key id=2, version=1 2016-09-29 11:40:01 [Note] AWK KMS plugin: loaded key 2, version 1, key length 128 bit 2016-09-29 11:40:01 [Note] Using encryption key id 2 for temporary files …
26 Why encrypt data ? MariaDB [db]> create table client_credit_card(id int not null primary key, credit_card varchar(20)) engine=innodb encrypted=no; MariaDB [db]> insert into client_credit_cards values(20071992, ’5275-0000- 0000-0000’): … $ sudo strings /var/lib/mysql/db/client_credit_cards.ibd infimum supremum 5275-0000-0000-0000
27 Automatic key generation MariaDB [db]> create table client_credit_card(id int not null primary key, credit_card varchar(20)) engine=innodb encrypted=yes encryption_key_id=3; MariaDB [db]> insert into client_credit_card values(20071992, ’5275-0000-0000- 0000’): … $ sudo strings /var/lib/mysql/db/client_credit_card.ibd {7fgh k6klj B_0= …
28 I_S table for encryption info MariaDB [(none)]> select * from information_schema.innodb_tablespaces_encryption where name='db/client_credit_card'G *************************** 1. row *************************** SPACE: 6 NAME: db/client_credit_card ENCRYPTION_SCHEME: 1 KEYSERVER_REQUESTS: 1 MIN_KEY_VERSION: 1 CURRENT_KEY_VERSION: 1 KEY_ROTATION_PAGE_NUMBER: NULL KEY_ROTATION_MAX_PAGE_NUMBER: NULL CURRENT_KEY_ID: 3 1 row in set (0.00 sec)
29 Key rotation MariaDB [(none)]> show variables like 'aws%'; +----------------------------------+----------------+ | Variable_name | Value | +----------------------------------+----------------+ | aws_key_management_key_spec | AES_128 | | aws_key_management_log_level | Off | | aws_key_management_master_key_id | alias/mariadb2 | | aws_key_management_rotate_key | 0 | +----------------------------------+----------------+ 4 rows in set (0.00 sec) MariaDB [(none)]> set global aws_key_management_rotate_key=3; Query OK, 0 rows affected (0.27 sec)
30 Key rotation MariaDB [db]> set global innodb_encryption_threads=4; Query OK, 0 rows affected (0.00 sec) MariaDB [db]> set global innodb_encryption_rotate_key_age=0; Query OK, 0 rows affected (0.00 sec) MariaDB [db]> select * from information_schema.innodb_tablespaces_encryption where name like 'db/c%'G *************************** 1. row *************************** SPACE: 6 NAME: db/client_credit_card ENCRYPTION_SCHEME: 1 KEYSERVER_REQUESTS: 2 MIN_KEY_VERSION: 2 CURRENT_KEY_VERSION: 2 KEY_ROTATION_PAGE_NUMBER: NULL KEY_ROTATION_MAX_PAGE_NUMBER: NULL CURRENT_KEY_ID: 3 1 row in set (0.00 sec)
31 Documentation •https://mariadb.com/kb/en/mariadb-enterprise/mariadb-enterprise-aws-kms- encryption-plugin-setup-guide/ •https://mariadb.com/kb/en/mariadb-enterprise/mariadb-enterprise-aws-kms- encryption-plugin-advanced-usage/ •https://mariadb.com/kb/en/mariadb/data-at-rest-encryption/ •https://mariadb.com/kb/en/mariadb/xtradb-innodb-data-scrubbing/
Q/A

Recommended

What is MariaDB Server 10.3?
What is MariaDB Server 10.3?What is MariaDB Server 10.3?
What is MariaDB Server 10.3?Colin Charles
 
Differences between MariaDB 10.3 & MySQL 8.0
Differences between MariaDB 10.3 & MySQL 8.0Differences between MariaDB 10.3 & MySQL 8.0
Differences between MariaDB 10.3 & MySQL 8.0Colin Charles
 
Icinga 2009 at OSMC
Icinga 2009 at OSMCIcinga 2009 at OSMC
Icinga 2009 at OSMCIcinga
 
Better encryption & security with MariaDB 10.1 & MySQL 5.7
Better encryption & security with MariaDB 10.1 & MySQL 5.7Better encryption & security with MariaDB 10.1 & MySQL 5.7
Better encryption & security with MariaDB 10.1 & MySQL 5.7Colin Charles
 
Databases in the hosted cloud
Databases in the hosted cloud Databases in the hosted cloud
Databases in the hosted cloud Colin Charles
 
MySQL features missing in MariaDB Server
MySQL features missing in MariaDB ServerMySQL features missing in MariaDB Server
MySQL features missing in MariaDB ServerColin Charles
 
Meet MariaDB Server 10.1 London MySQL meetup December 2015
Meet MariaDB Server 10.1 London MySQL meetup December 2015Meet MariaDB Server 10.1 London MySQL meetup December 2015
Meet MariaDB Server 10.1 London MySQL meetup December 2015Colin Charles
 
MariaDB und mehr - MariaDB Roadshow Summer 2014 Hamburg Berlin Frankfurt
MariaDB und mehr - MariaDB Roadshow Summer 2014 Hamburg Berlin FrankfurtMariaDB und mehr - MariaDB Roadshow Summer 2014 Hamburg Berlin Frankfurt
MariaDB und mehr - MariaDB Roadshow Summer 2014 Hamburg Berlin FrankfurtMariaDB Corporation
 

Recommended

What is MariaDB Server 10.3?
What is MariaDB Server 10.3?What is MariaDB Server 10.3?
What is MariaDB Server 10.3?Colin Charles
 
Differences between MariaDB 10.3 & MySQL 8.0
Differences between MariaDB 10.3 & MySQL 8.0Differences between MariaDB 10.3 & MySQL 8.0
Differences between MariaDB 10.3 & MySQL 8.0Colin Charles
 
Icinga 2009 at OSMC
Icinga 2009 at OSMCIcinga 2009 at OSMC
Icinga 2009 at OSMCIcinga
 
Better encryption & security with MariaDB 10.1 & MySQL 5.7
Better encryption & security with MariaDB 10.1 & MySQL 5.7Better encryption & security with MariaDB 10.1 & MySQL 5.7
Better encryption & security with MariaDB 10.1 & MySQL 5.7Colin Charles
 
Databases in the hosted cloud
Databases in the hosted cloud Databases in the hosted cloud
Databases in the hosted cloud Colin Charles
 
MySQL features missing in MariaDB Server
MySQL features missing in MariaDB ServerMySQL features missing in MariaDB Server
MySQL features missing in MariaDB ServerColin Charles
 
Meet MariaDB Server 10.1 London MySQL meetup December 2015
Meet MariaDB Server 10.1 London MySQL meetup December 2015Meet MariaDB Server 10.1 London MySQL meetup December 2015
Meet MariaDB Server 10.1 London MySQL meetup December 2015Colin Charles
 
MariaDB und mehr - MariaDB Roadshow Summer 2014 Hamburg Berlin Frankfurt
MariaDB und mehr - MariaDB Roadshow Summer 2014 Hamburg Berlin FrankfurtMariaDB und mehr - MariaDB Roadshow Summer 2014 Hamburg Berlin Frankfurt
MariaDB und mehr - MariaDB Roadshow Summer 2014 Hamburg Berlin FrankfurtMariaDB Corporation
 
Why MariaDB?
Why MariaDB?Why MariaDB?
Why MariaDB?Colin Charles
 
Icinga lsm 2015 copy
Icinga lsm 2015 copyIcinga lsm 2015 copy
Icinga lsm 2015 copyNETWAYS
 
SSL certificates in the Oracle Database without surprises
SSL certificates in the Oracle Database without surprisesSSL certificates in the Oracle Database without surprises
SSL certificates in the Oracle Database without surprisesNelson Calero
 
MariaDB 10 Tutorial - 13.11.11 - Percona Live London
MariaDB 10 Tutorial - 13.11.11 - Percona Live LondonMariaDB 10 Tutorial - 13.11.11 - Percona Live London
MariaDB 10 Tutorial - 13.11.11 - Percona Live LondonIvan Zoratti
 
Techdays Finland 2018 - Building secure cloud applications with Azure Key Vault
Techdays Finland 2018 - Building secure cloud applications with Azure Key VaultTechdays Finland 2018 - Building secure cloud applications with Azure Key Vault
Techdays Finland 2018 - Building secure cloud applications with Azure Key VaultTom Kerkhove
 
Databases in the hosted cloud
Databases in the hosted cloudDatabases in the hosted cloud
Databases in the hosted cloudColin Charles
 
MariaDB - the "new" MySQL is 5 years old and everywhere (LinuxCon Europe 2015)
MariaDB - the "new" MySQL is 5 years old and everywhere (LinuxCon Europe 2015)MariaDB - the "new" MySQL is 5 years old and everywhere (LinuxCon Europe 2015)
MariaDB - the "new" MySQL is 5 years old and everywhere (LinuxCon Europe 2015)Colin Charles
 
Securing your MySQL / MariaDB Server data
Securing your MySQL / MariaDB Server dataSecuring your MySQL / MariaDB Server data
Securing your MySQL / MariaDB Server dataColin Charles
 
MariaDB 10: The Complete Tutorial
MariaDB 10: The Complete TutorialMariaDB 10: The Complete Tutorial
MariaDB 10: The Complete TutorialColin Charles
 
MySQL Monitoring with Zabbix
MySQL Monitoring with ZabbixMySQL Monitoring with Zabbix
MySQL Monitoring with ZabbixFromDual GmbH
 
Introduction to MariaDB
Introduction to MariaDBIntroduction to MariaDB
Introduction to MariaDBJongJin Lee
 
The MySQL ecosystem - understanding it, not running away from it!
The MySQL ecosystem - understanding it, not running away from it! The MySQL ecosystem - understanding it, not running away from it!
The MySQL ecosystem - understanding it, not running away from it! Colin Charles
 
MariaDB Server & MySQL Security Essentials 2016
MariaDB Server & MySQL Security Essentials 2016MariaDB Server & MySQL Security Essentials 2016
MariaDB Server & MySQL Security Essentials 2016Colin Charles
 
Icinga 2 at Icinga Camp San Francisco
Icinga 2 at Icinga Camp San FranciscoIcinga 2 at Icinga Camp San Francisco
Icinga 2 at Icinga Camp San FranciscoIcinga
 
The New MariaDB Offering: MariaDB 10, MaxScale and More
The New MariaDB Offering: MariaDB 10, MaxScale and MoreThe New MariaDB Offering: MariaDB 10, MaxScale and More
The New MariaDB Offering: MariaDB 10, MaxScale and MoreMariaDB Corporation
 
MariaDB 10 and what's new with the project
MariaDB 10 and what's new with the projectMariaDB 10 and what's new with the project
MariaDB 10 and what's new with the projectColin Charles
 
Meet MariaDB 10.1 at the Bulgaria Web Summit
Meet MariaDB 10.1 at the Bulgaria Web SummitMeet MariaDB 10.1 at the Bulgaria Web Summit
Meet MariaDB 10.1 at the Bulgaria Web SummitColin Charles
 
Hadoop Security Now and Future
Hadoop Security Now and FutureHadoop Security Now and Future
Hadoop Security Now and Futuretcloudcomputing-tw
 
MariaDB 10.1 what's new and what's coming in 10.2 - Tokyo MariaDB Meetup
MariaDB 10.1 what's new and what's coming in 10.2 - Tokyo MariaDB MeetupMariaDB 10.1 what's new and what's coming in 10.2 - Tokyo MariaDB Meetup
MariaDB 10.1 what's new and what's coming in 10.2 - Tokyo MariaDB MeetupColin Charles
 
MariaDB: in-depth (hands on training in Seoul)
MariaDB: in-depth (hands on training in Seoul)MariaDB: in-depth (hands on training in Seoul)
MariaDB: in-depth (hands on training in Seoul)Colin Charles
 
Leona Chin Cover of Health and Beauty Magazine 2015
Leona Chin Cover of Health and Beauty Magazine 2015Leona Chin Cover of Health and Beauty Magazine 2015
Leona Chin Cover of Health and Beauty Magazine 2015Leona Chin
 
The pathway of god
The pathway of godThe pathway of god
The pathway of godSteve Moreland
 

More Related Content

What's hot

Icinga lsm 2015 copy
Icinga lsm 2015 copyIcinga lsm 2015 copy
Icinga lsm 2015 copyNETWAYS
 
SSL certificates in the Oracle Database without surprises
SSL certificates in the Oracle Database without surprisesSSL certificates in the Oracle Database without surprises
SSL certificates in the Oracle Database without surprisesNelson Calero
 
MariaDB 10 Tutorial - 13.11.11 - Percona Live London
MariaDB 10 Tutorial - 13.11.11 - Percona Live LondonMariaDB 10 Tutorial - 13.11.11 - Percona Live London
MariaDB 10 Tutorial - 13.11.11 - Percona Live LondonIvan Zoratti
 
Techdays Finland 2018 - Building secure cloud applications with Azure Key Vault
Techdays Finland 2018 - Building secure cloud applications with Azure Key VaultTechdays Finland 2018 - Building secure cloud applications with Azure Key Vault
Techdays Finland 2018 - Building secure cloud applications with Azure Key VaultTom Kerkhove
 
Databases in the hosted cloud
Databases in the hosted cloudDatabases in the hosted cloud
Databases in the hosted cloudColin Charles
 
MariaDB - the "new" MySQL is 5 years old and everywhere (LinuxCon Europe 2015)
MariaDB - the "new" MySQL is 5 years old and everywhere (LinuxCon Europe 2015)MariaDB - the "new" MySQL is 5 years old and everywhere (LinuxCon Europe 2015)
MariaDB - the "new" MySQL is 5 years old and everywhere (LinuxCon Europe 2015)Colin Charles
 
Securing your MySQL / MariaDB Server data
Securing your MySQL / MariaDB Server dataSecuring your MySQL / MariaDB Server data
Securing your MySQL / MariaDB Server dataColin Charles
 
MariaDB 10: The Complete Tutorial
MariaDB 10: The Complete TutorialMariaDB 10: The Complete Tutorial
MariaDB 10: The Complete TutorialColin Charles
 
MySQL Monitoring with Zabbix
MySQL Monitoring with ZabbixMySQL Monitoring with Zabbix
MySQL Monitoring with ZabbixFromDual GmbH
 
Introduction to MariaDB
Introduction to MariaDBIntroduction to MariaDB
Introduction to MariaDBJongJin Lee
 
The MySQL ecosystem - understanding it, not running away from it!
The MySQL ecosystem - understanding it, not running away from it! The MySQL ecosystem - understanding it, not running away from it!
The MySQL ecosystem - understanding it, not running away from it! Colin Charles
 
MariaDB Server & MySQL Security Essentials 2016
MariaDB Server & MySQL Security Essentials 2016MariaDB Server & MySQL Security Essentials 2016
MariaDB Server & MySQL Security Essentials 2016Colin Charles
 
Icinga 2 at Icinga Camp San Francisco
Icinga 2 at Icinga Camp San FranciscoIcinga 2 at Icinga Camp San Francisco
Icinga 2 at Icinga Camp San FranciscoIcinga
 
The New MariaDB Offering: MariaDB 10, MaxScale and More
The New MariaDB Offering: MariaDB 10, MaxScale and MoreThe New MariaDB Offering: MariaDB 10, MaxScale and More
The New MariaDB Offering: MariaDB 10, MaxScale and MoreMariaDB Corporation
 
MariaDB 10 and what's new with the project
MariaDB 10 and what's new with the projectMariaDB 10 and what's new with the project
MariaDB 10 and what's new with the projectColin Charles
 
Meet MariaDB 10.1 at the Bulgaria Web Summit
Meet MariaDB 10.1 at the Bulgaria Web SummitMeet MariaDB 10.1 at the Bulgaria Web Summit
Meet MariaDB 10.1 at the Bulgaria Web SummitColin Charles
 
Hadoop Security Now and Future
Hadoop Security Now and FutureHadoop Security Now and Future
Hadoop Security Now and Futuretcloudcomputing-tw
 
MariaDB 10.1 what's new and what's coming in 10.2 - Tokyo MariaDB Meetup
MariaDB 10.1 what's new and what's coming in 10.2 - Tokyo MariaDB MeetupMariaDB 10.1 what's new and what's coming in 10.2 - Tokyo MariaDB Meetup
MariaDB 10.1 what's new and what's coming in 10.2 - Tokyo MariaDB MeetupColin Charles
 
MariaDB: in-depth (hands on training in Seoul)
MariaDB: in-depth (hands on training in Seoul)MariaDB: in-depth (hands on training in Seoul)
MariaDB: in-depth (hands on training in Seoul)Colin Charles
 

What's hot (20)

Why MariaDB?
Why MariaDB?Why MariaDB?
Why MariaDB?
 
Icinga lsm 2015 copy
Icinga lsm 2015 copyIcinga lsm 2015 copy
Icinga lsm 2015 copy
 
SSL certificates in the Oracle Database without surprises
SSL certificates in the Oracle Database without surprisesSSL certificates in the Oracle Database without surprises
SSL certificates in the Oracle Database without surprises
 
MariaDB 10 Tutorial - 13.11.11 - Percona Live London
MariaDB 10 Tutorial - 13.11.11 - Percona Live LondonMariaDB 10 Tutorial - 13.11.11 - Percona Live London
MariaDB 10 Tutorial - 13.11.11 - Percona Live London
 
Techdays Finland 2018 - Building secure cloud applications with Azure Key Vault
Techdays Finland 2018 - Building secure cloud applications with Azure Key VaultTechdays Finland 2018 - Building secure cloud applications with Azure Key Vault
Techdays Finland 2018 - Building secure cloud applications with Azure Key Vault
 
Databases in the hosted cloud
Databases in the hosted cloudDatabases in the hosted cloud
Databases in the hosted cloud
 
MariaDB - the "new" MySQL is 5 years old and everywhere (LinuxCon Europe 2015)
MariaDB - the "new" MySQL is 5 years old and everywhere (LinuxCon Europe 2015)MariaDB - the "new" MySQL is 5 years old and everywhere (LinuxCon Europe 2015)
MariaDB - the "new" MySQL is 5 years old and everywhere (LinuxCon Europe 2015)
 
Securing your MySQL / MariaDB Server data
Securing your MySQL / MariaDB Server dataSecuring your MySQL / MariaDB Server data
Securing your MySQL / MariaDB Server data
 
MariaDB 10: The Complete Tutorial
MariaDB 10: The Complete TutorialMariaDB 10: The Complete Tutorial
MariaDB 10: The Complete Tutorial
 
MySQL Monitoring with Zabbix
MySQL Monitoring with ZabbixMySQL Monitoring with Zabbix
MySQL Monitoring with Zabbix
 
Introduction to MariaDB
Introduction to MariaDBIntroduction to MariaDB
Introduction to MariaDB
 
The MySQL ecosystem - understanding it, not running away from it!
The MySQL ecosystem - understanding it, not running away from it! The MySQL ecosystem - understanding it, not running away from it!
The MySQL ecosystem - understanding it, not running away from it!
 
MariaDB Server & MySQL Security Essentials 2016
MariaDB Server & MySQL Security Essentials 2016MariaDB Server & MySQL Security Essentials 2016
MariaDB Server & MySQL Security Essentials 2016
 
Icinga 2 at Icinga Camp San Francisco
Icinga 2 at Icinga Camp San FranciscoIcinga 2 at Icinga Camp San Francisco
Icinga 2 at Icinga Camp San Francisco
 
The New MariaDB Offering: MariaDB 10, MaxScale and More
The New MariaDB Offering: MariaDB 10, MaxScale and MoreThe New MariaDB Offering: MariaDB 10, MaxScale and More
The New MariaDB Offering: MariaDB 10, MaxScale and More
 
MariaDB 10 and what's new with the project
MariaDB 10 and what's new with the projectMariaDB 10 and what's new with the project
MariaDB 10 and what's new with the project
 
Meet MariaDB 10.1 at the Bulgaria Web Summit
Meet MariaDB 10.1 at the Bulgaria Web SummitMeet MariaDB 10.1 at the Bulgaria Web Summit
Meet MariaDB 10.1 at the Bulgaria Web Summit
 
Hadoop Security Now and Future
Hadoop Security Now and FutureHadoop Security Now and Future
Hadoop Security Now and Future
 
MariaDB 10.1 what's new and what's coming in 10.2 - Tokyo MariaDB Meetup
MariaDB 10.1 what's new and what's coming in 10.2 - Tokyo MariaDB MeetupMariaDB 10.1 what's new and what's coming in 10.2 - Tokyo MariaDB Meetup
MariaDB 10.1 what's new and what's coming in 10.2 - Tokyo MariaDB Meetup
 
MariaDB: in-depth (hands on training in Seoul)
MariaDB: in-depth (hands on training in Seoul)MariaDB: in-depth (hands on training in Seoul)
MariaDB: in-depth (hands on training in Seoul)
 

Viewers also liked

Leona Chin Cover of Health and Beauty Magazine 2015
Leona Chin Cover of Health and Beauty Magazine 2015Leona Chin Cover of Health and Beauty Magazine 2015
Leona Chin Cover of Health and Beauty Magazine 2015Leona Chin
 
Tinh cathaptu
Tinh cathaptuTinh cathaptu
Tinh cathaptuducal
 
Descubra+a+mensagem
Descubra+a+mensagemDescubra+a+mensagem
Descubra+a+mensagemvilmaca
 
Who is Leona Chin?
Who is Leona Chin?Who is Leona Chin?
Who is Leona Chin?Leona Chin
 
Ensayo de jose maria arguedas
Ensayo de jose maria arguedasEnsayo de jose maria arguedas
Ensayo de jose maria arguedasBriigyttee
 
2016 Triton Adventure VGT X Mivec Turbo Diesel Brochure
2016 Triton Adventure VGT X Mivec Turbo Diesel Brochure2016 Triton Adventure VGT X Mivec Turbo Diesel Brochure
2016 Triton Adventure VGT X Mivec Turbo Diesel BrochureLeona Chin
 
Ms1 seq 1 me and my friends ( 2 g)
Ms1 seq 1 me and my friends ( 2 g)Ms1 seq 1 me and my friends ( 2 g)
Ms1 seq 1 me and my friends ( 2 g)Mr Bounab Samir
 

Viewers also liked (10)

Leona Chin Cover of Health and Beauty Magazine 2015
Leona Chin Cover of Health and Beauty Magazine 2015Leona Chin Cover of Health and Beauty Magazine 2015
Leona Chin Cover of Health and Beauty Magazine 2015
 
The pathway of god
The pathway of godThe pathway of god
The pathway of god
 
Adel CV - Copy
Adel CV - CopyAdel CV - Copy
Adel CV - Copy
 
697_conference
697_conference697_conference
697_conference
 
Tinh cathaptu
Tinh cathaptuTinh cathaptu
Tinh cathaptu
 
Descubra+a+mensagem
Descubra+a+mensagemDescubra+a+mensagem
Descubra+a+mensagem
 
Who is Leona Chin?
Who is Leona Chin?Who is Leona Chin?
Who is Leona Chin?
 
Ensayo de jose maria arguedas
Ensayo de jose maria arguedasEnsayo de jose maria arguedas
Ensayo de jose maria arguedas
 
2016 Triton Adventure VGT X Mivec Turbo Diesel Brochure
2016 Triton Adventure VGT X Mivec Turbo Diesel Brochure2016 Triton Adventure VGT X Mivec Turbo Diesel Brochure
2016 Triton Adventure VGT X Mivec Turbo Diesel Brochure
 
Ms1 seq 1 me and my friends ( 2 g)
Ms1 seq 1 me and my friends ( 2 g)Ms1 seq 1 me and my friends ( 2 g)
Ms1 seq 1 me and my friends ( 2 g)
 

Similar to Plam16 jan

SAP SDM Hacking
SAP SDM HackingSAP SDM Hacking
SAP SDM HackingERPScan
 
MySQL Data Encryption at Rest
MySQL Data Encryption at RestMySQL Data Encryption at Rest
MySQL Data Encryption at RestMydbops
 
Using advanced security and data-protection features
Using advanced security and data-protection featuresUsing advanced security and data-protection features
Using advanced security and data-protection featuresMariaDB plc
 
Deep Dive on Amazon Relational Database Service
Deep Dive on Amazon Relational Database ServiceDeep Dive on Amazon Relational Database Service
Deep Dive on Amazon Relational Database ServiceAmazon Web Services
 
Deploying MariaDB databases with containers at Nokia Networks
Deploying MariaDB databases with containers at Nokia NetworksDeploying MariaDB databases with containers at Nokia Networks
Deploying MariaDB databases with containers at Nokia NetworksMariaDB plc
 
MongoDB .local Bengaluru 2019: New Encryption Capabilities in MongoDB 4.2: A ...
MongoDB .local Bengaluru 2019: New Encryption Capabilities in MongoDB 4.2: A ...MongoDB .local Bengaluru 2019: New Encryption Capabilities in MongoDB 4.2: A ...
MongoDB .local Bengaluru 2019: New Encryption Capabilities in MongoDB 4.2: A ...MongoDB
 
Injecting evil code in your SAP J2EE systems. Security of SAP Software Deploy...
Injecting evil code in your SAP J2EE systems. Security of SAP Software Deploy...Injecting evil code in your SAP J2EE systems. Security of SAP Software Deploy...
Injecting evil code in your SAP J2EE systems. Security of SAP Software Deploy...ERPScan
 
The Complete MariaDB Server Tutorial - Percona Live 2015
The Complete MariaDB Server Tutorial - Percona Live 2015The Complete MariaDB Server Tutorial - Percona Live 2015
The Complete MariaDB Server Tutorial - Percona Live 2015Colin Charles
 
Deep Dive on Amazon Relational Database Service
Deep Dive on Amazon Relational Database ServiceDeep Dive on Amazon Relational Database Service
Deep Dive on Amazon Relational Database ServiceAmazon Web Services
 
Amazon RDS for Microsoft SQL: Performance, Security, Best Practices (DAT303) ...
Amazon RDS for Microsoft SQL: Performance, Security, Best Practices (DAT303) ...Amazon RDS for Microsoft SQL: Performance, Security, Best Practices (DAT303) ...
Amazon RDS for Microsoft SQL: Performance, Security, Best Practices (DAT303) ...Amazon Web Services
 
Database Security Threats — MariaDB Security Best Practices
Database Security Threats — MariaDB Security Best PracticesDatabase Security Threats — MariaDB Security Best Practices
Database Security Threats — MariaDB Security Best PracticesMariaDB plc
 
The Complete MariaDB Server tutorial
The Complete MariaDB Server tutorialThe Complete MariaDB Server tutorial
The Complete MariaDB Server tutorialColin Charles
 
2012 09 MariaDB Boston Meetup - MariaDB 是 Mysql 的替代者吗
2012 09 MariaDB Boston Meetup - MariaDB 是 Mysql 的替代者吗2012 09 MariaDB Boston Meetup - MariaDB 是 Mysql 的替代者吗
2012 09 MariaDB Boston Meetup - MariaDB 是 Mysql 的替代者吗YUCHENG HU
 
2022-Db2-Securing_Your_data_in_motion.pdf
2022-Db2-Securing_Your_data_in_motion.pdf2022-Db2-Securing_Your_data_in_motion.pdf
2022-Db2-Securing_Your_data_in_motion.pdfRoland Schock
 
7 Reasons Not to Put an External Cache in Front of Your Database.pptx
7 Reasons Not to Put an External Cache in Front of Your Database.pptx7 Reasons Not to Put an External Cache in Front of Your Database.pptx
7 Reasons Not to Put an External Cache in Front of Your Database.pptxScyllaDB
 
MariaDB Encryption using AWS Key Management Service
MariaDB Encryption using AWS Key Management ServiceMariaDB Encryption using AWS Key Management Service
MariaDB Encryption using AWS Key Management ServiceHeinz Wiesinger
 
Deep Dive RDS & Aurora - Pop-up Loft TLV 2017
Deep Dive RDS & Aurora - Pop-up Loft TLV 2017Deep Dive RDS & Aurora - Pop-up Loft TLV 2017
Deep Dive RDS & Aurora - Pop-up Loft TLV 2017Amazon Web Services
 
Deep Dive: Amazon Relational Database Service (March 2017)
Deep Dive: Amazon Relational Database Service (March 2017)Deep Dive: Amazon Relational Database Service (March 2017)
Deep Dive: Amazon Relational Database Service (March 2017)Julien SIMON
 
MySQL Security on AWS Rds
MySQL Security on AWS RdsMySQL Security on AWS Rds
MySQL Security on AWS RdsMydbops
 
Protecting Your Data with Encryption on AWS
Protecting Your Data with Encryption on AWSProtecting Your Data with Encryption on AWS
Protecting Your Data with Encryption on AWSAmazon Web Services
 

Similar to Plam16 jan (20)

SAP SDM Hacking
SAP SDM HackingSAP SDM Hacking
SAP SDM Hacking
 
MySQL Data Encryption at Rest
MySQL Data Encryption at RestMySQL Data Encryption at Rest
MySQL Data Encryption at Rest
 
Using advanced security and data-protection features
Using advanced security and data-protection featuresUsing advanced security and data-protection features
Using advanced security and data-protection features
 
Deep Dive on Amazon Relational Database Service
Deep Dive on Amazon Relational Database ServiceDeep Dive on Amazon Relational Database Service
Deep Dive on Amazon Relational Database Service
 
Deploying MariaDB databases with containers at Nokia Networks
Deploying MariaDB databases with containers at Nokia NetworksDeploying MariaDB databases with containers at Nokia Networks
Deploying MariaDB databases with containers at Nokia Networks
 
MongoDB .local Bengaluru 2019: New Encryption Capabilities in MongoDB 4.2: A ...
MongoDB .local Bengaluru 2019: New Encryption Capabilities in MongoDB 4.2: A ...MongoDB .local Bengaluru 2019: New Encryption Capabilities in MongoDB 4.2: A ...
MongoDB .local Bengaluru 2019: New Encryption Capabilities in MongoDB 4.2: A ...
 
Injecting evil code in your SAP J2EE systems. Security of SAP Software Deploy...
Injecting evil code in your SAP J2EE systems. Security of SAP Software Deploy...Injecting evil code in your SAP J2EE systems. Security of SAP Software Deploy...
Injecting evil code in your SAP J2EE systems. Security of SAP Software Deploy...
 
The Complete MariaDB Server Tutorial - Percona Live 2015
The Complete MariaDB Server Tutorial - Percona Live 2015The Complete MariaDB Server Tutorial - Percona Live 2015
The Complete MariaDB Server Tutorial - Percona Live 2015
 
Deep Dive on Amazon Relational Database Service
Deep Dive on Amazon Relational Database ServiceDeep Dive on Amazon Relational Database Service
Deep Dive on Amazon Relational Database Service
 
Amazon RDS for Microsoft SQL: Performance, Security, Best Practices (DAT303) ...
Amazon RDS for Microsoft SQL: Performance, Security, Best Practices (DAT303) ...Amazon RDS for Microsoft SQL: Performance, Security, Best Practices (DAT303) ...
Amazon RDS for Microsoft SQL: Performance, Security, Best Practices (DAT303) ...
 
Database Security Threats — MariaDB Security Best Practices
Database Security Threats — MariaDB Security Best PracticesDatabase Security Threats — MariaDB Security Best Practices
Database Security Threats — MariaDB Security Best Practices
 
The Complete MariaDB Server tutorial
The Complete MariaDB Server tutorialThe Complete MariaDB Server tutorial
The Complete MariaDB Server tutorial
 
2012 09 MariaDB Boston Meetup - MariaDB 是 Mysql 的替代者吗
2012 09 MariaDB Boston Meetup - MariaDB 是 Mysql 的替代者吗2012 09 MariaDB Boston Meetup - MariaDB 是 Mysql 的替代者吗
2012 09 MariaDB Boston Meetup - MariaDB 是 Mysql 的替代者吗
 
2022-Db2-Securing_Your_data_in_motion.pdf
2022-Db2-Securing_Your_data_in_motion.pdf2022-Db2-Securing_Your_data_in_motion.pdf
2022-Db2-Securing_Your_data_in_motion.pdf
 
7 Reasons Not to Put an External Cache in Front of Your Database.pptx
7 Reasons Not to Put an External Cache in Front of Your Database.pptx7 Reasons Not to Put an External Cache in Front of Your Database.pptx
7 Reasons Not to Put an External Cache in Front of Your Database.pptx
 
MariaDB Encryption using AWS Key Management Service
MariaDB Encryption using AWS Key Management ServiceMariaDB Encryption using AWS Key Management Service
MariaDB Encryption using AWS Key Management Service
 
Deep Dive RDS & Aurora - Pop-up Loft TLV 2017
Deep Dive RDS & Aurora - Pop-up Loft TLV 2017Deep Dive RDS & Aurora - Pop-up Loft TLV 2017
Deep Dive RDS & Aurora - Pop-up Loft TLV 2017
 
Deep Dive: Amazon Relational Database Service (March 2017)
Deep Dive: Amazon Relational Database Service (March 2017)Deep Dive: Amazon Relational Database Service (March 2017)
Deep Dive: Amazon Relational Database Service (March 2017)
 
MySQL Security on AWS Rds
MySQL Security on AWS RdsMySQL Security on AWS Rds
MySQL Security on AWS Rds
 
Protecting Your Data with Encryption on AWS
Protecting Your Data with Encryption on AWSProtecting Your Data with Encryption on AWS
Protecting Your Data with Encryption on AWS
 

Recently uploaded

Innovate and Collaborate- Harnessing the Power of Open Source Software.pdf
Innovate and Collaborate- Harnessing the Power of Open Source Software.pdfInnovate and Collaborate- Harnessing the Power of Open Source Software.pdf
Innovate and Collaborate- Harnessing the Power of Open Source Software.pdfYashikaSharma391629
 
Odoo 14 - eLearning Module In Odoo 14 Enterprise
Odoo 14 - eLearning Module In Odoo 14 EnterpriseOdoo 14 - eLearning Module In Odoo 14 Enterprise
Odoo 14 - eLearning Module In Odoo 14 Enterprisepreethippts
 
VK Business Profile - provides IT solutions and Web Development
VK Business Profile - provides IT solutions and Web DevelopmentVK Business Profile - provides IT solutions and Web Development
VK Business Profile - provides IT solutions and Web Developmentvyaparkranti
 
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...Natan Silnitsky
 
CRM Contender Series: HubSpot vs. Salesforce
CRM Contender Series: HubSpot vs. SalesforceCRM Contender Series: HubSpot vs. Salesforce
CRM Contender Series: HubSpot vs. SalesforceBrainSell Technologies
 
Introduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdfIntroduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdfFerryKemperman
 
Simplifying Microservices & Apps - The art of effortless development - Meetup...
Simplifying Microservices & Apps - The art of effortless development - Meetup...Simplifying Microservices & Apps - The art of effortless development - Meetup...
Simplifying Microservices & Apps - The art of effortless development - Meetup...Rob Geurden
 
PREDICTING RIVER WATER QUALITY ppt presentation
PREDICTING RIVER WATER QUALITY ppt presentationPREDICTING RIVER WATER QUALITY ppt presentation
PREDICTING RIVER WATER QUALITY ppt presentationvaddepallysandeep122
 
How To Manage Restaurant Staff -BTRESTRO
How To Manage Restaurant Staff -BTRESTROHow To Manage Restaurant Staff -BTRESTRO
How To Manage Restaurant Staff -BTRESTROmotivationalword821
 
英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作qr0udbr0
 
Xen Safety Embedded OSS Summit April 2024 v4.pdf
Xen Safety Embedded OSS Summit April 2024 v4.pdfXen Safety Embedded OSS Summit April 2024 v4.pdf
Xen Safety Embedded OSS Summit April 2024 v4.pdfStefano Stabellini
 
How to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion ApplicationHow to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion ApplicationBradBedford3
 
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...OnePlan Solutions
 
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...Angel Borroy López
 
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...Matt Ray
 
Sending Calendar Invites on SES and Calendarsnack.pdf
Sending Calendar Invites on SES and Calendarsnack.pdfSending Calendar Invites on SES and Calendarsnack.pdf
Sending Calendar Invites on SES and Calendarsnack.pdf31events.com
 
MYjobs Presentation Django-based project
MYjobs Presentation Django-based projectMYjobs Presentation Django-based project
MYjobs Presentation Django-based projectAnoyGreter
 
Machine Learning Software Engineering Patterns and Their Engineering
Machine Learning Software Engineering Patterns and Their EngineeringMachine Learning Software Engineering Patterns and Their Engineering
Machine Learning Software Engineering Patterns and Their EngineeringHironori Washizaki
 
Folding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesFolding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesPhilip Schwarz
 
Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureImplementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureDinusha Kumarasiri
 

Recently uploaded (20)

Innovate and Collaborate- Harnessing the Power of Open Source Software.pdf
Innovate and Collaborate- Harnessing the Power of Open Source Software.pdfInnovate and Collaborate- Harnessing the Power of Open Source Software.pdf
Innovate and Collaborate- Harnessing the Power of Open Source Software.pdf
 
Odoo 14 - eLearning Module In Odoo 14 Enterprise
Odoo 14 - eLearning Module In Odoo 14 EnterpriseOdoo 14 - eLearning Module In Odoo 14 Enterprise
Odoo 14 - eLearning Module In Odoo 14 Enterprise
 
VK Business Profile - provides IT solutions and Web Development
VK Business Profile - provides IT solutions and Web DevelopmentVK Business Profile - provides IT solutions and Web Development
VK Business Profile - provides IT solutions and Web Development
 
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...
Taming Distributed Systems: Key Insights from Wix's Large-Scale Experience - ...
 
CRM Contender Series: HubSpot vs. Salesforce
CRM Contender Series: HubSpot vs. SalesforceCRM Contender Series: HubSpot vs. Salesforce
CRM Contender Series: HubSpot vs. Salesforce
 
Introduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdfIntroduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdf
 
Simplifying Microservices & Apps - The art of effortless development - Meetup...
Simplifying Microservices & Apps - The art of effortless development - Meetup...Simplifying Microservices & Apps - The art of effortless development - Meetup...
Simplifying Microservices & Apps - The art of effortless development - Meetup...
 
PREDICTING RIVER WATER QUALITY ppt presentation
PREDICTING RIVER WATER QUALITY ppt presentationPREDICTING RIVER WATER QUALITY ppt presentation
PREDICTING RIVER WATER QUALITY ppt presentation
 
How To Manage Restaurant Staff -BTRESTRO
How To Manage Restaurant Staff -BTRESTROHow To Manage Restaurant Staff -BTRESTRO
How To Manage Restaurant Staff -BTRESTRO
 
英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作英国UN学位证,北安普顿大学毕业证书1:1制作
英国UN学位证,北安普顿大学毕业证书1:1制作
 
Xen Safety Embedded OSS Summit April 2024 v4.pdf
Xen Safety Embedded OSS Summit April 2024 v4.pdfXen Safety Embedded OSS Summit April 2024 v4.pdf
Xen Safety Embedded OSS Summit April 2024 v4.pdf
 
How to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion ApplicationHow to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion Application
 
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
 
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
 
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
 
Sending Calendar Invites on SES and Calendarsnack.pdf
Sending Calendar Invites on SES and Calendarsnack.pdfSending Calendar Invites on SES and Calendarsnack.pdf
Sending Calendar Invites on SES and Calendarsnack.pdf
 
MYjobs Presentation Django-based project
MYjobs Presentation Django-based projectMYjobs Presentation Django-based project
MYjobs Presentation Django-based project
 
Machine Learning Software Engineering Patterns and Their Engineering
Machine Learning Software Engineering Patterns and Their EngineeringMachine Learning Software Engineering Patterns and Their Engineering
Machine Learning Software Engineering Patterns and Their Engineering
 
Folding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesFolding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a series
 
Implementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with AzureImplementing Zero Trust strategy with Azure
Implementing Zero Trust strategy with Azure
 

Plam16 jan

  • 1. Transparent tablespace and log encryption on MariaDB 10.1 using Amazon Key Management Service Jan Lindström, Principal Engineer, MariaDB Corporation Amsterdam, Netherlands | October 5, 2016
  • 2. 2 Agenda 1. Introduction 2. Concepts 3. InnoDB/XtraDB 4. Encryption Plugins 5. Amazon AWS KMS 6. Configuration
  • 4. 4 What is transparent encryption? • Transparent to application • Application does’t know anything about keys, algorithm, etc • Anyone that can connect to MariaDB can dump data • Not data-in-transit encryption (SSL/TLS) • Not per-column encryption • Not application-side encryption • No encryption functions needed (AES_ENCRYPT())
  • 5. 5 All data written to disk should be encrypted • InnoDB tablespaces (per-file and system) • InnoDB log files • Aria tables • Temporary files • Temporary tables • Binary log • No mysqlbinlog, though!
  • 6. 6 What’s missing? • Aria logs • Audit log • Error log • Slow query log • General query log • MyISAM tables • CONNECT, CSV, et. Al. • Galera gcache
  • 7. 7 Implementation • MariaDB has a new interface for encryption plugins • Key management • Encryption/decryption • Implemented co-operation together with Google and Eperi • https://mariadb.com/kb/en/mariadb/encryption-plugins/
  • 9. 9 Concepts • Key ID • ID 1 for system data, like InnoDB redo logs, binary logs, etc • ID 2 (if available) for temporary data, like temporary files and temporary tables • Other Ids as configured when creating tables, etc. • Key Version (for rotation) • Encryption algorithm • Default AES_CBC • Support for these items may vary across plugins!
  • 11. 11 InnoDB/XtraDB • ON/OFF/FORCE • innodb-encrypt-tables = [ON | OFF | FORCE]; • Encrypt log • innodb-encrypt-log = [ON | OFF]; • Monitoring (IS) • innodb-tablespaces-scrubbing • innodb-tablespaces-encryption
  • 12. 12 InnoDB/XtraDB • Optional background rotation • innodb-encryption-threads = n; • innodb-encryption-rotate-key-age= n; - ”Age” in key versions • innodb-encryption-rotation-iops = n; • Optional data scrubbing • innodb-background-scrub-data-compressed = [ON | OFF]; • innodb-background-scrub-data-uncompressed = [ON | OFF]; • innodb-immediate-scrub-data-uncompressed = [ON | OFF]; • innodb-scrub-log = [ON|OFF]; • innodb-scrub-log-speed=n; • innodb-background-scrub-data-check-interval=n; https://mariadb.com/kb/en/mariadb/xtradb-innodb-data-scrubbing/
  • 14. 14 Encryption plugins • File key management • https://mariadb.com/kb/en/mariadb/data-at-rest-encryption/#file_key_management- plugin • AWS KMS plugin • https://mariadb.com/kb/en/mariadb/aws-key-management-encryption-plugin/ • Eperi plugin • http://eperi.de/en/products/database-encryption/ • Custom plugins to meet customer needs?
  • 15. 15 File_key_management • Keys stored in a local file (note that this file could be on USB stick) • No support for key rotation/version • Key file itself can be encrypted (but used key in my.cnf) • Do you feel good having your encryption keys sitting next to your data ?
  • 16. 16 Eperi plugin • Separate Eperi gateway software • Licenses and downloads from Eperi’s web portal • KMS • Plugin opens listener that the KMS connects to in order to authenticate the connecting MariaDB instance • Page encryption server • InnoDB actually sends pages to the Eperi gateway node to be encrypted!
  • 18. 18 AWS KMS Encryption Plugin • Amazon Web Services Key Management Service • CloadTrail & CloudWatch • Logging • Auditing • Notifications • Identity and Access Management (IAM) • Interesting possibilities • MFA for MariaDB startup • IAM roles to read keys • AWS logging & alerts
  • 19. 19 Requirements • You need to sign up for Amazon Web Services • You need to create IAM user • MariaDB server will use these credentials to authenticate AWS server • You need to create a master encryption key • Used to encrypt the actual encryption keys that will be used by MariaDB • You will need to configure AWS credentials • You will need to configure MariaDB (naturally)
  • 20. 20 AWS KMS Plugin • Writes enrypted keys to local disk • MariaDB must connect to KMS to decrypt keys - MariaDB startup - Creating a table that uses a new key • Supports key rotation • Limited platform support due to C++11 requirement of AWS SDK • Requires C++11 compiler: gcc4.7+, clang 3.3+ or VS2013+ • RHEL • CentOS 7 • ~600 lines • Great reference for people who want to write their own plugins
  • 21. 21 Credentials Management • Identify and Access Management (IAM) policy for keys • Authorized source addresses • IAM users w/ restricted privileges • Multi-Factor Authentication (2FA/MFA) • AWS SDK • Config file, environment variables, etc. • Flexible wrapper program • EC2 (Elastic Compute Cloud) instance IAM role
  • 23. 23 Install, enable, and configure $ cat /etc/my.cnf.d/aws_key_management.cnf [mariadb] plugin-load-add=aws_key_management.so aws-key-management aws-key-management-master-key-id = alieas/mariadb2 # aws_key_management_log_level = Trace ignore-db-dirs=.pki !include /etc/my.cnf.d/enable_encryption.preset
  • 24. 24 Turn on encryption settings $ cat /etc/my.cnf.d/enable_encryption.preset [mariadb] aria-encrypt-tables encrypt-binlog encrypt-tmp-disk-tables encrypt-tmp-files loose-innodb-encrypt-log loose-innodb-encrypt-tables
  • 25. 25 Encrypted system tablespace $ sudo –u mysql mysql_install_db … 2016-09-29 11:40:00 [Note] AWK KMS plugin: generated encrypted datakey for key id=1, version=1 2016-09-29 11:40:00 [Note] AWK KMS plugin: loaded key 1, version 1, key length 128 bit … 2016-09-29 11:40:01 [Note] AWK KMS plugin: generated encrypted datakey for key id=2, version=1 2016-09-29 11:40:01 [Note] AWK KMS plugin: loaded key 2, version 1, key length 128 bit 2016-09-29 11:40:01 [Note] Using encryption key id 2 for temporary files …
  • 26. 26 Why encrypt data ? MariaDB [db]> create table client_credit_card(id int not null primary key, credit_card varchar(20)) engine=innodb encrypted=no; MariaDB [db]> insert into client_credit_cards values(20071992, ’5275-0000- 0000-0000’): … $ sudo strings /var/lib/mysql/db/client_credit_cards.ibd infimum supremum 5275-0000-0000-0000
  • 27. 27 Automatic key generation MariaDB [db]> create table client_credit_card(id int not null primary key, credit_card varchar(20)) engine=innodb encrypted=yes encryption_key_id=3; MariaDB [db]> insert into client_credit_card values(20071992, ’5275-0000-0000- 0000’): … $ sudo strings /var/lib/mysql/db/client_credit_card.ibd {7fgh k6klj B_0= …
  • 28. 28 I_S table for encryption info MariaDB [(none)]> select * from information_schema.innodb_tablespaces_encryption where name='db/client_credit_card'G *************************** 1. row *************************** SPACE: 6 NAME: db/client_credit_card ENCRYPTION_SCHEME: 1 KEYSERVER_REQUESTS: 1 MIN_KEY_VERSION: 1 CURRENT_KEY_VERSION: 1 KEY_ROTATION_PAGE_NUMBER: NULL KEY_ROTATION_MAX_PAGE_NUMBER: NULL CURRENT_KEY_ID: 3 1 row in set (0.00 sec)
  • 29. 29 Key rotation MariaDB [(none)]> show variables like 'aws%'; +----------------------------------+----------------+ | Variable_name | Value | +----------------------------------+----------------+ | aws_key_management_key_spec | AES_128 | | aws_key_management_log_level | Off | | aws_key_management_master_key_id | alias/mariadb2 | | aws_key_management_rotate_key | 0 | +----------------------------------+----------------+ 4 rows in set (0.00 sec) MariaDB [(none)]> set global aws_key_management_rotate_key=3; Query OK, 0 rows affected (0.27 sec)
  • 30. 30 Key rotation MariaDB [db]> set global innodb_encryption_threads=4; Query OK, 0 rows affected (0.00 sec) MariaDB [db]> set global innodb_encryption_rotate_key_age=0; Query OK, 0 rows affected (0.00 sec) MariaDB [db]> select * from information_schema.innodb_tablespaces_encryption where name like 'db/c%'G *************************** 1. row *************************** SPACE: 6 NAME: db/client_credit_card ENCRYPTION_SCHEME: 1 KEYSERVER_REQUESTS: 2 MIN_KEY_VERSION: 2 CURRENT_KEY_VERSION: 2 KEY_ROTATION_PAGE_NUMBER: NULL KEY_ROTATION_MAX_PAGE_NUMBER: NULL CURRENT_KEY_ID: 3 1 row in set (0.00 sec)
  • 32. Q/A