Choosing the Right Encryption Approach for RDBMS

Sometimes, specially now a days when people are planning to move to cloud, security is one of the key factor, and in my experience, what I saw is the cloud architect tries to sell the full disk encryption as a solution for all applications, databases etc. Which in my opinion, is absolutely incorrect.

The goal of this post is to evaluate, at a higher level, different encryption approach for different scenario (specially RDBMS) to better inform the decision making process.

MySQL vs. MariaDB

A high level comparison between MySQL & MariaDB.
The goal of this post is to evaluate, at a higher level, MySQL & MariaDB to better inform the decision making process.

ZERO Downtime Kernel Security updates for Oracle & Redhat Linux

Linux Kernel vulnerabilities, e.g. Kernel Side-Channel Attacks (Meltdown, Spectre), Dirty COW, Linux Kernel Double Fetch Denial of Service Vulnerability, udp.c in the Linux kernel ... … … the list goes on and on.

Linux kernel security updates with important new security and reliability patches are released about once per month to stay up to date with important kernel and user-space security updates.

Industry regulations and best practices require companies to apply these security updates and patches regularly because security is compromised by a failure to update. System administrators are forced to choose between known best practices and system reboots that are costly and disruptive.

Since these are kernel security fixes which means the operating system requires restart in order to active the new kernel and the fixes.

ONLY to fix Linux kernel vulnerabilities, every month organizations have hundreds of hour's system downtime in every quarter at minimum.

Oracle SPARC: Software & SQL in Silicon: What It Does and Why

Software in Silicon: Software features incorporated into Oracle's SPARC processors (e.g. M7, M8) provide increased security and higher performance for databases and software applications.

Software in Silicon is comprised of three very unique technology offerings: SQL in Silicon, Capacity in Silicon and Security in Silicon.

Observation: Amazon Redshift & Aurora

Many organizations are thinking about Amazon's Redshift & Aurora Databases. Followings are some observations and thoughts for anyone who plans to use these database technologies  -

Next Oracle Release will be Oracle Database 18 instead 12.2.0.2

Release 12.2: New releases will be annual and the version will be the last two digits of the release year. The release originally planned as 12.2.0.2 will now be release 18, and the release originally planned as 12.2.0.3 will be release 19. Releases 18 and 19 will be treated as under the umbrella of 12.2 for Lifetime Support purposes. The current plan is for Oracle Database 19 to be the last release for 12.2. This may change in the future to Oracle 20 as the last release for 12.2.


Reference:

• My Oracle Support Note: Release Schedule of Current Database Releases (Doc ID 742060.1)
• https://mikedietrichde.com/2017/08/10/thoughts-new-oracle-database-release-schedule/

Oracle Database Security Assessment Tool (DBSAT)

Check this one out -

DB Security: Oracle Database Security Assessment Tool (DBSAT) (MOS Note # 2138254.1)
-- Works with: 10.2.0.5 and later releases.

This tool provides a detail analysis, insights & recommendations.

Review MOS Note: 2312911.1 - Before upgrading an Oracle Database from 12.1 to 12.2 or later

If you are planning to upgrade an Oracle Database from 12.1 to 12.2 or later, depending on your configuration, there is a possibility that the upgrade can result in immediate execution plan changes for a lot of SQLs due to the changes in adaptive feature in 12cR2.

Review the MOS Note: 2312911.1 for optimizer behavior (adaptive feature) change in 12cR2.

Storage Mirroring vs. Database Replications/Mirroring Technologies

Most organizations have some sort of storage based remote mirroring (array mirroring) technology as a disaster recovery solution. It's really a good solution for files and applications but definitely NOT for RDBMS.

Array mirroring is a sophisticated technology promoted as a generic infrastructure solution that makes a simple promise – whatever is written to a primary volume will also be written to a mirrored volume at a remote site.

Keeping this promise, however, can have disastrous consequences for data protection and availability when the data written to primary volumes is corrupt.

Running Oracle on VMware: Challenges

I am sure that there are number of reasons why VMware is preferred to run RDBMS in some cases. But there are some major challenges are there as well.

This note is just to highlight the challenges observed when running Oracle in VMware environment.