Enviar pesquisa
Carregar
InnoDB Tablespace Encryption
•
6 gostaram
•
1,900 visualizações
Satya Bodapati
Seguir
Encryption in MySQL 5.7, MySQL User Camp at Oracle India, Kalyani Magnum on 16-Dec-2016
Leia menos
Leia mais
Engenharia
Denunciar
Compartilhar
Denunciar
Compartilhar
1 de 37
Baixar agora
Baixar para ler offline
Recomendados
20171104 hk-py con-mysql-documentstore_v1
20171104 hk-py con-mysql-documentstore_v1
Ivan Ma
MySQL 5.7: Focus on InnoDB
MySQL 5.7: Focus on InnoDB
Mario Beck
Upcoming changes in MySQL 5.7
Upcoming changes in MySQL 5.7
Morgan Tocker
MySQL for Software-as-a-Service (SaaS)
MySQL for Software-as-a-Service (SaaS)
Mario Beck
MySQL For Linux Sysadmins
MySQL For Linux Sysadmins
Morgan Tocker
20190817 coscup-oracle my sql innodb cluster sharing
20190817 coscup-oracle my sql innodb cluster sharing
Ivan Ma
MySQL innodb cluster and Group Replication in a nutshell - hands-on tutorial ...
MySQL innodb cluster and Group Replication in a nutshell - hands-on tutorial ...
Frederic Descamps
MySQL Cloud Service Deep Dive
MySQL Cloud Service Deep Dive
Morgan Tocker
Recomendados
20171104 hk-py con-mysql-documentstore_v1
20171104 hk-py con-mysql-documentstore_v1
Ivan Ma
MySQL 5.7: Focus on InnoDB
MySQL 5.7: Focus on InnoDB
Mario Beck
Upcoming changes in MySQL 5.7
Upcoming changes in MySQL 5.7
Morgan Tocker
MySQL for Software-as-a-Service (SaaS)
MySQL for Software-as-a-Service (SaaS)
Mario Beck
MySQL For Linux Sysadmins
MySQL For Linux Sysadmins
Morgan Tocker
20190817 coscup-oracle my sql innodb cluster sharing
20190817 coscup-oracle my sql innodb cluster sharing
Ivan Ma
MySQL innodb cluster and Group Replication in a nutshell - hands-on tutorial ...
MySQL innodb cluster and Group Replication in a nutshell - hands-on tutorial ...
Frederic Descamps
MySQL Cloud Service Deep Dive
MySQL Cloud Service Deep Dive
Morgan Tocker
replic8 - Replication in MySQL 8
replic8 - Replication in MySQL 8
Sven Sandberg
MySQL Day Paris 2018 - MySQL JSON Document Store
MySQL Day Paris 2018 - MySQL JSON Document Store
Olivier DASINI
MySQL 5.7 Replication News
MySQL 5.7 Replication News
Ted Wennmark
MySQL Day Paris 2016 - State Of The Dolphin
MySQL Day Paris 2016 - State Of The Dolphin
Olivier DASINI
MySQL 5.7 NEW FEATURES, BETTER PERFORMANCE, AND THINGS THAT WILL BREAK -- Mid...
MySQL 5.7 NEW FEATURES, BETTER PERFORMANCE, AND THINGS THAT WILL BREAK -- Mid...
Dave Stokes
MySQL Day Paris 2018 - MySQL InnoDB Cluster; A complete High Availability sol...
MySQL Day Paris 2018 - MySQL InnoDB Cluster; A complete High Availability sol...
Olivier DASINI
MySQL Tech Tour 2015 - 5.7 Whats new
MySQL Tech Tour 2015 - 5.7 Whats new
Mark Swarbrick
Why MySQL High Availability Matters
Why MySQL High Availability Matters
Matt Lord
Using MySQL in Automated Testing
Using MySQL in Automated Testing
Morgan Tocker
MySQL 8.0 - What's New ?
MySQL 8.0 - What's New ?
Olivier DASINI
MySQL NoSQL APIs
MySQL NoSQL APIs
Morgan Tocker
NoSQL and MySQL: News about JSON
NoSQL and MySQL: News about JSON
Mario Beck
MySQL InnoDB Cluster - A complete High Availability solution for MySQL
MySQL InnoDB Cluster - A complete High Availability solution for MySQL
Olivier DASINI
MySQL JSON Document Store - A Document Store with all the benefits of a Trans...
MySQL JSON Document Store - A Document Store with all the benefits of a Trans...
Olivier DASINI
MySQL InnoDB Cluster and Group Replication - OSI 2017 Bangalore
MySQL InnoDB Cluster and Group Replication - OSI 2017 Bangalore
Sujatha Sivakumar
MySQL 8.0.17 - New Features Summary
MySQL 8.0.17 - New Features Summary
Olivier DASINI
MySQL Tech Tour 2015 - 5.7 InnoDB
MySQL Tech Tour 2015 - 5.7 InnoDB
Mark Swarbrick
MySQL Day Paris 2018 - Upgrade from MySQL 5.7 to MySQL 8.0
MySQL Day Paris 2018 - Upgrade from MySQL 5.7 to MySQL 8.0
Olivier DASINI
Unlocking Big Data Insights with MySQL
Unlocking Big Data Insights with MySQL
Matt Lord
MySQL: From Single Instance to Big Data
MySQL: From Single Instance to Big Data
Morgan Tocker
MySQL in OPC(Oracle Public Cloud)
MySQL in OPC(Oracle Public Cloud)
Ramana Yeruva
OUGLS 2016: Guided Tour On The MySQL Source Code
OUGLS 2016: Guided Tour On The MySQL Source Code
Georgi Kodinov
Mais conteúdo relacionado
Mais procurados
replic8 - Replication in MySQL 8
replic8 - Replication in MySQL 8
Sven Sandberg
MySQL Day Paris 2018 - MySQL JSON Document Store
MySQL Day Paris 2018 - MySQL JSON Document Store
Olivier DASINI
MySQL 5.7 Replication News
MySQL 5.7 Replication News
Ted Wennmark
MySQL Day Paris 2016 - State Of The Dolphin
MySQL Day Paris 2016 - State Of The Dolphin
Olivier DASINI
MySQL 5.7 NEW FEATURES, BETTER PERFORMANCE, AND THINGS THAT WILL BREAK -- Mid...
MySQL 5.7 NEW FEATURES, BETTER PERFORMANCE, AND THINGS THAT WILL BREAK -- Mid...
Dave Stokes
MySQL Day Paris 2018 - MySQL InnoDB Cluster; A complete High Availability sol...
MySQL Day Paris 2018 - MySQL InnoDB Cluster; A complete High Availability sol...
Olivier DASINI
MySQL Tech Tour 2015 - 5.7 Whats new
MySQL Tech Tour 2015 - 5.7 Whats new
Mark Swarbrick
Why MySQL High Availability Matters
Why MySQL High Availability Matters
Matt Lord
Using MySQL in Automated Testing
Using MySQL in Automated Testing
Morgan Tocker
MySQL 8.0 - What's New ?
MySQL 8.0 - What's New ?
Olivier DASINI
MySQL NoSQL APIs
MySQL NoSQL APIs
Morgan Tocker
NoSQL and MySQL: News about JSON
NoSQL and MySQL: News about JSON
Mario Beck
MySQL InnoDB Cluster - A complete High Availability solution for MySQL
MySQL InnoDB Cluster - A complete High Availability solution for MySQL
Olivier DASINI
MySQL JSON Document Store - A Document Store with all the benefits of a Trans...
MySQL JSON Document Store - A Document Store with all the benefits of a Trans...
Olivier DASINI
MySQL InnoDB Cluster and Group Replication - OSI 2017 Bangalore
MySQL InnoDB Cluster and Group Replication - OSI 2017 Bangalore
Sujatha Sivakumar
MySQL 8.0.17 - New Features Summary
MySQL 8.0.17 - New Features Summary
Olivier DASINI
MySQL Tech Tour 2015 - 5.7 InnoDB
MySQL Tech Tour 2015 - 5.7 InnoDB
Mark Swarbrick
MySQL Day Paris 2018 - Upgrade from MySQL 5.7 to MySQL 8.0
MySQL Day Paris 2018 - Upgrade from MySQL 5.7 to MySQL 8.0
Olivier DASINI
Unlocking Big Data Insights with MySQL
Unlocking Big Data Insights with MySQL
Matt Lord
MySQL: From Single Instance to Big Data
MySQL: From Single Instance to Big Data
Morgan Tocker
Mais procurados
(20)
replic8 - Replication in MySQL 8
replic8 - Replication in MySQL 8
MySQL Day Paris 2018 - MySQL JSON Document Store
MySQL Day Paris 2018 - MySQL JSON Document Store
MySQL 5.7 Replication News
MySQL 5.7 Replication News
MySQL Day Paris 2016 - State Of The Dolphin
MySQL Day Paris 2016 - State Of The Dolphin
MySQL 5.7 NEW FEATURES, BETTER PERFORMANCE, AND THINGS THAT WILL BREAK -- Mid...
MySQL 5.7 NEW FEATURES, BETTER PERFORMANCE, AND THINGS THAT WILL BREAK -- Mid...
MySQL Day Paris 2018 - MySQL InnoDB Cluster; A complete High Availability sol...
MySQL Day Paris 2018 - MySQL InnoDB Cluster; A complete High Availability sol...
MySQL Tech Tour 2015 - 5.7 Whats new
MySQL Tech Tour 2015 - 5.7 Whats new
Why MySQL High Availability Matters
Why MySQL High Availability Matters
Using MySQL in Automated Testing
Using MySQL in Automated Testing
MySQL 8.0 - What's New ?
MySQL 8.0 - What's New ?
MySQL NoSQL APIs
MySQL NoSQL APIs
NoSQL and MySQL: News about JSON
NoSQL and MySQL: News about JSON
MySQL InnoDB Cluster - A complete High Availability solution for MySQL
MySQL InnoDB Cluster - A complete High Availability solution for MySQL
MySQL JSON Document Store - A Document Store with all the benefits of a Trans...
MySQL JSON Document Store - A Document Store with all the benefits of a Trans...
MySQL InnoDB Cluster and Group Replication - OSI 2017 Bangalore
MySQL InnoDB Cluster and Group Replication - OSI 2017 Bangalore
MySQL 8.0.17 - New Features Summary
MySQL 8.0.17 - New Features Summary
MySQL Tech Tour 2015 - 5.7 InnoDB
MySQL Tech Tour 2015 - 5.7 InnoDB
MySQL Day Paris 2018 - Upgrade from MySQL 5.7 to MySQL 8.0
MySQL Day Paris 2018 - Upgrade from MySQL 5.7 to MySQL 8.0
Unlocking Big Data Insights with MySQL
Unlocking Big Data Insights with MySQL
MySQL: From Single Instance to Big Data
MySQL: From Single Instance to Big Data
Semelhante a InnoDB Tablespace Encryption
MySQL in OPC(Oracle Public Cloud)
MySQL in OPC(Oracle Public Cloud)
Ramana Yeruva
OUGLS 2016: Guided Tour On The MySQL Source Code
OUGLS 2016: Guided Tour On The MySQL Source Code
Georgi Kodinov
MySQL 5.7 -- SCaLE Feb 2014
MySQL 5.7 -- SCaLE Feb 2014
Dave Stokes
NoSQL no MySQL 5.7
NoSQL no MySQL 5.7
MySQL Brasil
MySQL 5.6, news in 5.7 and our HA options
MySQL 5.6, news in 5.7 and our HA options
Ted Wennmark
MySQL as a Document Store
MySQL as a Document Store
Ted Wennmark
Change Management for Oracle Database with SQLcl
Change Management for Oracle Database with SQLcl
Jeff Smith
Provisioning with Oracle Cloud Stack Manager
Provisioning with Oracle Cloud Stack Manager
Simon Haslam
MySql's NoSQL -- best of both worlds on the same disks
MySql's NoSQL -- best of both worlds on the same disks
Dave Stokes
Oracle Storage a ochrana dat
Oracle Storage a ochrana dat
MarketingArrowECS_CZ
Introduction to MySQL
Introduction to MySQL
Ted Wennmark
MySQL Cluster Asynchronous replication (2014)
MySQL Cluster Asynchronous replication (2014)
Frazer Clement
Oracle EM12c Release 4 New Features!
Oracle EM12c Release 4 New Features!
Kellyn Pot'Vin-Gorman
New data dictionary an internal server api that matters
New data dictionary an internal server api that matters
Alexander Nozdrin
Oracle MySQL Tutorial -- MySQL NoSQL Cloud Buenos Aires Nov, 13 2014
Oracle MySQL Tutorial -- MySQL NoSQL Cloud Buenos Aires Nov, 13 2014
Manuel Contreras
MySQL HA
MySQL HA
Ted Wennmark
Oracle Database In-Memory Meets Oracle RAC
Oracle Database In-Memory Meets Oracle RAC
Markus Michalewicz
My sql8 innodb_cluster
My sql8 innodb_cluster
Mysql User Camp
MySQL Document Store
MySQL Document Store
Mario Beck
Oracle Database in-Memory Overivew
Oracle Database in-Memory Overivew
Maria Colgan
Semelhante a InnoDB Tablespace Encryption
(20)
MySQL in OPC(Oracle Public Cloud)
MySQL in OPC(Oracle Public Cloud)
OUGLS 2016: Guided Tour On The MySQL Source Code
OUGLS 2016: Guided Tour On The MySQL Source Code
MySQL 5.7 -- SCaLE Feb 2014
MySQL 5.7 -- SCaLE Feb 2014
NoSQL no MySQL 5.7
NoSQL no MySQL 5.7
MySQL 5.6, news in 5.7 and our HA options
MySQL 5.6, news in 5.7 and our HA options
MySQL as a Document Store
MySQL as a Document Store
Change Management for Oracle Database with SQLcl
Change Management for Oracle Database with SQLcl
Provisioning with Oracle Cloud Stack Manager
Provisioning with Oracle Cloud Stack Manager
MySql's NoSQL -- best of both worlds on the same disks
MySql's NoSQL -- best of both worlds on the same disks
Oracle Storage a ochrana dat
Oracle Storage a ochrana dat
Introduction to MySQL
Introduction to MySQL
MySQL Cluster Asynchronous replication (2014)
MySQL Cluster Asynchronous replication (2014)
Oracle EM12c Release 4 New Features!
Oracle EM12c Release 4 New Features!
New data dictionary an internal server api that matters
New data dictionary an internal server api that matters
Oracle MySQL Tutorial -- MySQL NoSQL Cloud Buenos Aires Nov, 13 2014
Oracle MySQL Tutorial -- MySQL NoSQL Cloud Buenos Aires Nov, 13 2014
MySQL HA
MySQL HA
Oracle Database In-Memory Meets Oracle RAC
Oracle Database In-Memory Meets Oracle RAC
My sql8 innodb_cluster
My sql8 innodb_cluster
MySQL Document Store
MySQL Document Store
Oracle Database in-Memory Overivew
Oracle Database in-Memory Overivew
Último
notes on Evolution Of Analytic Scalability.ppt
notes on Evolution Of Analytic Scalability.ppt
MsecMca
Unit 1 - Soil Classification and Compaction.pdf
Unit 1 - Soil Classification and Compaction.pdf
RagavanV2
Call Girls Wakad Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Wakad Call Me 7737669865 Budget Friendly No Advance Booking
roncy bisnoi
Thermal Engineering -unit - III & IV.ppt
Thermal Engineering -unit - III & IV.ppt
DineshKumar4165
Unleashing the Power of the SORA AI lastest leap
Unleashing the Power of the SORA AI lastest leap
RishantSharmaFr
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
dollysharma2066
Design For Accessibility: Getting it right from the start
Design For Accessibility: Getting it right from the start
Quintin Balsdon
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
roncy bisnoi
Double Revolving field theory-how the rotor develops torque
Double Revolving field theory-how the rotor develops torque
BhangaleSonal
Top Rated Call Girls In chittoor 📱 {7001035870} VIP Escorts chittoor
Top Rated Call Girls In chittoor 📱 {7001035870} VIP Escorts chittoor
dharasingh5698
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
Cara Menggugurkan Kandungan 087776558899
Bhosari ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For ...
Bhosari ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For ...
tanu pandey
University management System project report..pdf
University management System project report..pdf
Kamal Acharya
Thermal Engineering-R & A / C - unit - V
Thermal Engineering-R & A / C - unit - V
DineshKumar4165
Thermal Engineering Unit - I & II . ppt
Thermal Engineering Unit - I & II . ppt
DineshKumar4165
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
Call Girls in Nagpur High Profile Call Girls
chapter 5.pptx: drainage and irrigation engineering
chapter 5.pptx: drainage and irrigation engineering
mulugeta48
Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...
Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...
9953056974 Low Rate Call Girls In Saket, Delhi NCR
COST-EFFETIVE and Energy Efficient BUILDINGS ptx
COST-EFFETIVE and Energy Efficient BUILDINGS ptx
JIT KUMAR GUPTA
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
ssuser89054b
Último
(20)
notes on Evolution Of Analytic Scalability.ppt
notes on Evolution Of Analytic Scalability.ppt
Unit 1 - Soil Classification and Compaction.pdf
Unit 1 - Soil Classification and Compaction.pdf
Call Girls Wakad Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Wakad Call Me 7737669865 Budget Friendly No Advance Booking
Thermal Engineering -unit - III & IV.ppt
Thermal Engineering -unit - III & IV.ppt
Unleashing the Power of the SORA AI lastest leap
Unleashing the Power of the SORA AI lastest leap
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
Design For Accessibility: Getting it right from the start
Design For Accessibility: Getting it right from the start
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
Double Revolving field theory-how the rotor develops torque
Double Revolving field theory-how the rotor develops torque
Top Rated Call Girls In chittoor 📱 {7001035870} VIP Escorts chittoor
Top Rated Call Girls In chittoor 📱 {7001035870} VIP Escorts chittoor
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
Bhosari ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For ...
Bhosari ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For ...
University management System project report..pdf
University management System project report..pdf
Thermal Engineering-R & A / C - unit - V
Thermal Engineering-R & A / C - unit - V
Thermal Engineering Unit - I & II . ppt
Thermal Engineering Unit - I & II . ppt
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
chapter 5.pptx: drainage and irrigation engineering
chapter 5.pptx: drainage and irrigation engineering
Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...
Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...
COST-EFFETIVE and Energy Efficient BUILDINGS ptx
COST-EFFETIVE and Energy Efficient BUILDINGS ptx
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
InnoDB Tablespace Encryption
1.
Copyright © 2016,
Oracle and/or its affiliates. All rights reserved. | Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | InnoDB Tablespace Encryption By Satya Bodapati Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
2.
Copyright © 2016,
Oracle and/or its affiliates. All rights reserved. | 2 Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.
3.
Copyright © 2016,
Oracle and/or its affiliates. All rights reserved. | 3 Program Agenda ❏Introduction ❏How to use it ❏Architecture ❏Key rotation ❏Import/Export ❏Replication ❏MySQL Enterprise Transparent Data Encryption
4.
Copyright © 2016,
Oracle and/or its affiliates. All rights reserved. | 4 Program Agenda ❏Introduction ❏How to use it ❏Architecture ❏Key rotation ❏Import/Export ❏Replication ❏MySQL Enterprise Transparent Data Encryption
5.
Copyright © 2016,
Oracle and/or its affiliates. All rights reserved. | 5 Introduction InnoDB supports data encryption for all file_per_table tablespaces InnoDB uses two tier encryption architecture [More on this later] There are two types of keyring plugins available for Key Management ➢keyring_file plugin - Available in all MySQL Editions ➢keyring_okv plugin - Available only in MySQL Enterprise Edition
6.
Copyright © 2016,
Oracle and/or its affiliates. All rights reserved. | 6 Program Agenda ❏Introduction ❏How to use it ❏Architecture ❏Key rotation ❏Import/Export ❏Replication ❏MySQL Enterprise Transparent Data Encryption
7.
Copyright © 2016,
Oracle and/or its affiliates. All rights reserved. | 7 Prerequisites ●MySQL 5.7 ●keyring plugin installed and active (only one) ●innodb_file_per_table=ON (default : ON)
8.
Copyright © 2016,
Oracle and/or its affiliates. All rights reserved. | 8 Use early-plugin-load in my.cnf Why early-plugin-load? Because keyring plugin should be loaded before InnoDB is loaded. InnoDB will need the keyring plugin to decrypt tablespaces before applying redo log
9.
Copyright © 2016,
Oracle and/or its affiliates. All rights reserved. | 9 Verify that Keyring plugin is loaded The status of the keyring plugin should be ACTIVE OR
10.
Copyright © 2016,
Oracle and/or its affiliates. All rights reserved. | 10 All Set! Lets create first encrypted table
11.
Copyright © 2016,
Oracle and/or its affiliates. All rights reserved. | 11 Where is the location of keyring_file data It is very important file. Remember to backup this file. Losing this keyring data file will make tables inaccessible.
12.
Copyright © 2016,
Oracle and/or its affiliates. All rights reserved. | 12 How to encrypt existing tables? ● ALTER TABLE mydb.mytab ENCRYPTION=“Y” ALGORITHM=COPY; ● ALTER TABLE mydb.mytab ENCRYPTION=“N” ALGORITHM=COPY; ● ALGORITHM=INPLACE is not supported when turning encryption ON/OFF
13.
Copyright © 2016,
Oracle and/or its affiliates. All rights reserved. | 13 Program Agenda ❏Introduction ❏How to use it ❏Architecture ❏Key rotation ❏Import/Export ❏Replication ❏MySQL Enterprise Transparent Data Encryption
14.
Copyright © 2016,
Oracle and/or its affiliates. All rights reserved. | 14 Architecture MySQL keyring plugin provides a way for MySQL components to retain or cache security data, authentication keys, encryption keys, passwords, passphrases in the MySQL Server kernel. The MySQL Keyring makes its data available to internal mysql components and plugins.
15.
Copyright © 2016,
Oracle and/or its affiliates. All rights reserved. | 15 Architecture InnoDB tablespace encryption uses a two tier encryption key architecture, consisting of a master encryption key and tablespace keys. Master Key The key that is used to encrypt and decrypt the tablespace key Tablespace key (aka private key) The key that is used to encrypt and decrypt tablespace data Secret keys are never ever seen by users – only internalcode
16.
Copyright © 2016,
Oracle and/or its affiliates. All rights reserved. |Confidential – Oracle Highly Restricted Architecture Diagram: 2 Tier Architecture 16 DISK Unencrypted files MySQL Server Plugin & Services Infrastruct ure InnoDB Client keyring_okv plugin • Master Key • Stored outside the database • Oracle Key Vault : KMIP 1.2 Compliant Key Vault • Tablespace Key • Stored in tablespace header • Protected by master key Master Key Encrypted 2 Encrypted 1 keyring_file plugin Master Key Plain file ORKey Vault
17.
Copyright © 2016,
Oracle and/or its affiliates. All rights reserved. | 17 Architecture keyring_file plugin stores the Master Key in a file at a location decided by keyring_file_data For encrypted tables, Tablespace key is encrypted by Master Key and stored in Tablespace header page. Encryption algorithm used is AES only. Encryption mode used is block encryption mode (CBC mode).
18.
Copyright © 2016,
Oracle and/or its affiliates. All rights reserved. | 18 Architecture
19.
Copyright © 2016,
Oracle and/or its affiliates. All rights reserved. | 19 Architecture
20.
Copyright © 2016,
Oracle and/or its affiliates. All rights reserved. | 20 Architecture In InnoDB, pages are encrypted using the tablespace key. This is done at IO layer. Benefits are: • A page could be modified multiple times in buffer pool and then gets flushed. So we avoid encrypting the data page everytime it changed. We only encrypt just before writing page to disk • The encryption is done by background page cleaner threads. This means the query threads don’t spend extra CPU [Set appropriate number of page cleaner threads]
21.
Copyright © 2016,
Oracle and/or its affiliates. All rights reserved. | 21 Architecture • The buffer pool pages remain decrypted and so there is no overhead for pages accessed. The pages are decrypted only when they are read. Limitations: • General Tablespaces (Shared Tablespaces) are not encrypted, system tablespace (ibdata*) is not encrypted. • Undo Log, redo Logs and binary logs are not encrypted • Advanced Encryption Standard (AES) is the only supported encryption algorithm.
22.
Copyright © 2016,
Oracle and/or its affiliates. All rights reserved. | 22 Architecture • You cannot move or copy an encrypted table from a file- per-table tablespace to an unsupported InnoDB tablespace type • Migration from the keyring_file plugin to the keyring_okv plugin, or vice-versa • Altering the ENCRYPTION attribute of a table is an ALGORITHM=COPY operation. ALGORITHM=INPLACE is not supported
23.
Copyright © 2016,
Oracle and/or its affiliates. All rights reserved. | Performance Impact • Sysbench tests did not indicate any significant impact on performance when compared to unencrypted tables • Tablespace keys are cached for faster access • Key rotation : Fast because only tablespace keys are reencrypted Confidential – Oracle Highly Restricted 23
24.
Copyright © 2016,
Oracle and/or its affiliates. All rights reserved. | 24 Program Agenda ❏Introduction ❏How to use it ❏Design ❏Key rotation ❏Import/Export ❏Replication ❏MySQL Enterprise Transparent Data Encryption
25.
Copyright © 2016,
Oracle and/or its affiliates. All rights reserved. | 25 Key rotation • The master encryption key should be rotated periodically • Rotating the master encryption key only changes the master encryption key and re-encrypts tablespace keys. It does not decrypt or re-encrypt associated tablespace data. • SQL to do rotation: ALTER INSTANCE ROTATE INNODB MASTER KEY;
26.
Copyright © 2016,
Oracle and/or its affiliates. All rights reserved. | 26
27.
Copyright © 2016,
Oracle and/or its affiliates. All rights reserved. | 27 Program Agenda ❏Introduction ❏How to use it ❏Design ❏Key rotation ❏Import/Export ❏Replication ❏MySQL Enterprise Transparent Data Encryption
28.
Copyright © 2016,
Oracle and/or its affiliates. All rights reserved. | Exporting Encrypted Tablespace • Source – USE mydb; FLUSH TABLES mytab FOR EXPORT; • For encrypted table, <tablespace_name>.cfp file is generated – Copy .ibd/.cfg/.cfp file to destination – USE mydb; UNLOCK TABLES; • Destination – ALTER TABLE mydb.mytab DISCARD TABLESPACE; – Copy imported files to database directory – ALTER TABLE mydb.mytab IMPORT TABLESPACE; • .cfp file contains temporary key used to encrypt tablespace key. Should be handled carefully. Confidential – Oracle Highly Restricted 28
29.
Copyright © 2016,
Oracle and/or its affiliates. All rights reserved. | 29 Program Agenda ❏Introduction ❏How to use it ❏Design ❏Key rotation ❏Import/Export ❏Replication ❏MySQL Enterprise Transparent Data Encryption
30.
Copyright © 2016,
Oracle and/or its affiliates. All rights reserved. | Replication • Master and slave should use different keyring file • Tables do not use same key at master and slave – At each node, encryption uses different set of keys • Key rotation : Generates different set of master key at each node – Slaves must have keyring plugin available if master performs key rotation – If master creates encrypted tables, slave should be configured with encryption Confidential – Oracle Highly Restricted 30
31.
Copyright © 2016,
Oracle and/or its affiliates. All rights reserved. | 31 Program Agenda ❏Introduction ❏How to use it ❏Design ❏Key rotation ❏MySQL Enterprise Transparent Data Encryption
32.
Copyright © 2016,
Oracle and/or its affiliates. All rights reserved. | What is Transparent Data Encryption? • Data at Rest Encryption – Tablespaces, Disks, Storage, OS File system • Transparent to applications and users – No application code or data type changes • Transparent to DBAs – Keys are hidden from DBAs, no configuration changes • Requires Key Management – Protection, rotation, storage, recovery Confidential – Oracle Highly Restricted 32
33.
Copyright © 2016,
Oracle and/or its affiliates. All rights reserved. | Transparent Data Encryption in MySQL • Data at Rest Encryption – Tablespace Encryption • Key Protection – Achieved through Oracle Key Vault • Strong Encryption – AES 256 • Simple to Manage – One master key for whole MySQL instance – One key per tablespace • High Performance & Low Overhead – Simple Key Rotation without massive decrypt/encryption costs Confidential – Oracle Highly Restricted 33
34.
Copyright © 2016,
Oracle and/or its affiliates. All rights reserved. | Why Key Vault? Confidential – Oracle Highly Restricted 34
35.
Copyright © 2016,
Oracle and/or its affiliates. All rights reserved. | Benefits of using Key Vault • Protected and Exclusive storage for key materials – Ensures that keys are safely stored away from database • Centralized repo for managing keys for multiple servers – One stop solution to deploy TDE on multiple database servers – Keys are accessible only to corresponding endpoint (or group of endpoints) • Secure communication – Protected through TLSv1.2 • Automatic provisioning – DBA intervention is not needed as long as endpoint is configured correctly Confidential – Oracle Highly Restricted 35
36.
Copyright © 2016,
Oracle and/or its affiliates. All rights reserved. | Benefits of using Key Vault ● Key lifecycle management – Critical for standard for Payment Card Industry (PCI), Data Security Standard (DSS) – Possible to define policies for key rotation and remind user about the same – Report generation to validate compliance ● Maintains key history – Useful in restore scenarios ● Key utilization tracking – Useful in identifying suspicious usage of keys Confidential – Oracle Highly Restricted 36
37.
Copyright © 2016,
Oracle and/or its affiliates. All rights reserved. | Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Thank You! Q&A ? Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Baixar agora