SlideShare a Scribd company logo

InnoDB Tablespace Encryption

Satya Bodapati
Satya Bodapati

Encryption in MySQL 5.7, MySQL User Camp at Oracle India, Kalyani Magnum on 16-Dec-2016

Engineering
1 of 37
Download to read offline
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | InnoDB Tablespace Encryption By Satya Bodapati Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | 2 Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | 3 Program Agenda ❏Introduction ❏How to use it ❏Architecture ❏Key rotation ❏Import/Export ❏Replication ❏MySQL Enterprise Transparent Data Encryption
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | 4 Program Agenda ❏Introduction ❏How to use it ❏Architecture ❏Key rotation ❏Import/Export ❏Replication ❏MySQL Enterprise Transparent Data Encryption
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | 5 Introduction InnoDB supports data encryption for all file_per_table tablespaces InnoDB uses two tier encryption architecture [More on this later] There are two types of keyring plugins available for Key Management ➢keyring_file plugin - Available in all MySQL Editions ➢keyring_okv plugin - Available only in MySQL Enterprise Edition
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | 6 Program Agenda ❏Introduction ❏How to use it ❏Architecture ❏Key rotation ❏Import/Export ❏Replication ❏MySQL Enterprise Transparent Data Encryption
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | 7 Prerequisites ●MySQL 5.7 ●keyring plugin installed and active (only one) ●innodb_file_per_table=ON (default : ON)
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | 8 Use early-plugin-load in my.cnf Why early-plugin-load? Because keyring plugin should be loaded before InnoDB is loaded. InnoDB will need the keyring plugin to decrypt tablespaces before applying redo log
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | 9 Verify that Keyring plugin is loaded The status of the keyring plugin should be ACTIVE OR
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | 10 All Set! Lets create first encrypted table
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | 11 Where is the location of keyring_file data It is very important file. Remember to backup this file. Losing this keyring data file will make tables inaccessible.
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | 12 How to encrypt existing tables? ● ALTER TABLE mydb.mytab ENCRYPTION=“Y” ALGORITHM=COPY; ● ALTER TABLE mydb.mytab ENCRYPTION=“N” ALGORITHM=COPY; ● ALGORITHM=INPLACE is not supported when turning encryption ON/OFF
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | 13 Program Agenda ❏Introduction ❏How to use it ❏Architecture ❏Key rotation ❏Import/Export ❏Replication ❏MySQL Enterprise Transparent Data Encryption
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | 14 Architecture MySQL keyring plugin provides a way for MySQL components to retain or cache security data, authentication keys, encryption keys, passwords, passphrases in the MySQL Server kernel. The MySQL Keyring makes its data available to internal mysql components and plugins.
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | 15 Architecture InnoDB tablespace encryption uses a two tier encryption key architecture, consisting of a master encryption key and tablespace keys. Master Key The key that is used to encrypt and decrypt the tablespace key Tablespace key (aka private key) The key that is used to encrypt and decrypt tablespace data Secret keys are never ever seen by users – only internalcode
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |Confidential – Oracle Highly Restricted Architecture Diagram: 2 Tier Architecture 16 DISK Unencrypted files MySQL Server Plugin & Services Infrastruct ure InnoDB Client keyring_okv plugin • Master Key • Stored outside the database • Oracle Key Vault : KMIP 1.2 Compliant Key Vault • Tablespace Key • Stored in tablespace header • Protected by master key Master Key Encrypted 2 Encrypted 1 keyring_file plugin Master Key Plain file ORKey Vault
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | 17 Architecture keyring_file plugin stores the Master Key in a file at a location decided by keyring_file_data For encrypted tables, Tablespace key is encrypted by Master Key and stored in Tablespace header page. Encryption algorithm used is AES only. Encryption mode used is block encryption mode (CBC mode).
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | 18 Architecture
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | 19 Architecture
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | 20 Architecture In InnoDB, pages are encrypted using the tablespace key. This is done at IO layer. Benefits are: • A page could be modified multiple times in buffer pool and then gets flushed. So we avoid encrypting the data page everytime it changed. We only encrypt just before writing page to disk • The encryption is done by background page cleaner threads. This means the query threads don’t spend extra CPU [Set appropriate number of page cleaner threads]
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | 21 Architecture • The buffer pool pages remain decrypted and so there is no overhead for pages accessed. The pages are decrypted only when they are read. Limitations: • General Tablespaces (Shared Tablespaces) are not encrypted, system tablespace (ibdata*) is not encrypted. • Undo Log, redo Logs and binary logs are not encrypted • Advanced Encryption Standard (AES) is the only supported encryption algorithm.
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | 22 Architecture • You cannot move or copy an encrypted table from a file- per-table tablespace to an unsupported InnoDB tablespace type • Migration from the keyring_file plugin to the keyring_okv plugin, or vice-versa • Altering the ENCRYPTION attribute of a table is an ALGORITHM=COPY operation. ALGORITHM=INPLACE is not supported
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Performance Impact • Sysbench tests did not indicate any significant impact on performance when compared to unencrypted tables • Tablespace keys are cached for faster access • Key rotation : Fast because only tablespace keys are reencrypted Confidential – Oracle Highly Restricted 23
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | 24 Program Agenda ❏Introduction ❏How to use it ❏Design ❏Key rotation ❏Import/Export ❏Replication ❏MySQL Enterprise Transparent Data Encryption
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | 25 Key rotation • The master encryption key should be rotated periodically • Rotating the master encryption key only changes the master encryption key and re-encrypts tablespace keys. It does not decrypt or re-encrypt associated tablespace data. • SQL to do rotation: ALTER INSTANCE ROTATE INNODB MASTER KEY;
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | 26
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | 27 Program Agenda ❏Introduction ❏How to use it ❏Design ❏Key rotation ❏Import/Export ❏Replication ❏MySQL Enterprise Transparent Data Encryption
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Exporting Encrypted Tablespace • Source – USE mydb; FLUSH TABLES mytab FOR EXPORT; • For encrypted table, <tablespace_name>.cfp file is generated – Copy .ibd/.cfg/.cfp file to destination – USE mydb; UNLOCK TABLES; • Destination – ALTER TABLE mydb.mytab DISCARD TABLESPACE; – Copy imported files to database directory – ALTER TABLE mydb.mytab IMPORT TABLESPACE; • .cfp file contains temporary key used to encrypt tablespace key. Should be handled carefully. Confidential – Oracle Highly Restricted 28
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | 29 Program Agenda ❏Introduction ❏How to use it ❏Design ❏Key rotation ❏Import/Export ❏Replication ❏MySQL Enterprise Transparent Data Encryption
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Replication • Master and slave should use different keyring file • Tables do not use same key at master and slave – At each node, encryption uses different set of keys • Key rotation : Generates different set of master key at each node – Slaves must have keyring plugin available if master performs key rotation – If master creates encrypted tables, slave should be configured with encryption Confidential – Oracle Highly Restricted 30
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | 31 Program Agenda ❏Introduction ❏How to use it ❏Design ❏Key rotation ❏MySQL Enterprise Transparent Data Encryption
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | What is Transparent Data Encryption? • Data at Rest Encryption – Tablespaces, Disks, Storage, OS File system • Transparent to applications and users – No application code or data type changes • Transparent to DBAs – Keys are hidden from DBAs, no configuration changes • Requires Key Management – Protection, rotation, storage, recovery Confidential – Oracle Highly Restricted 32
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Transparent Data Encryption in MySQL • Data at Rest Encryption – Tablespace Encryption • Key Protection – Achieved through Oracle Key Vault • Strong Encryption – AES 256 • Simple to Manage – One master key for whole MySQL instance – One key per tablespace • High Performance & Low Overhead – Simple Key Rotation without massive decrypt/encryption costs Confidential – Oracle Highly Restricted 33
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Why Key Vault? Confidential – Oracle Highly Restricted 34
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Benefits of using Key Vault • Protected and Exclusive storage for key materials – Ensures that keys are safely stored away from database • Centralized repo for managing keys for multiple servers – One stop solution to deploy TDE on multiple database servers – Keys are accessible only to corresponding endpoint (or group of endpoints) • Secure communication – Protected through TLSv1.2 • Automatic provisioning – DBA intervention is not needed as long as endpoint is configured correctly Confidential – Oracle Highly Restricted 35
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Benefits of using Key Vault ● Key lifecycle management – Critical for standard for Payment Card Industry (PCI), Data Security Standard (DSS) – Possible to define policies for key rotation and remind user about the same – Report generation to validate compliance ● Maintains key history – Useful in restore scenarios ● Key utilization tracking – Useful in identifying suspicious usage of keys Confidential – Oracle Highly Restricted 36
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Thank You! Q&A ? Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |

Recommended

20171104 hk-py con-mysql-documentstore_v1
20171104 hk-py con-mysql-documentstore_v120171104 hk-py con-mysql-documentstore_v1
20171104 hk-py con-mysql-documentstore_v1Ivan Ma
 
MySQL 5.7: Focus on InnoDB
MySQL 5.7: Focus on InnoDBMySQL 5.7: Focus on InnoDB
MySQL 5.7: Focus on InnoDBMario Beck
 
Upcoming changes in MySQL 5.7
Upcoming changes in MySQL 5.7Upcoming changes in MySQL 5.7
Upcoming changes in MySQL 5.7Morgan Tocker
 
MySQL for Software-as-a-Service (SaaS)
MySQL for Software-as-a-Service (SaaS)MySQL for Software-as-a-Service (SaaS)
MySQL for Software-as-a-Service (SaaS)Mario Beck
 
MySQL For Linux Sysadmins
MySQL For Linux SysadminsMySQL For Linux Sysadmins
MySQL For Linux SysadminsMorgan Tocker
 
20190817 coscup-oracle my sql innodb cluster sharing
20190817 coscup-oracle my sql innodb cluster sharing20190817 coscup-oracle my sql innodb cluster sharing
20190817 coscup-oracle my sql innodb cluster sharingIvan Ma
 
MySQL innodb cluster and Group Replication in a nutshell - hands-on tutorial ...
MySQL innodb cluster and Group Replication in a nutshell - hands-on tutorial ...MySQL innodb cluster and Group Replication in a nutshell - hands-on tutorial ...
MySQL innodb cluster and Group Replication in a nutshell - hands-on tutorial ...Frederic Descamps
 
MySQL Cloud Service Deep Dive
MySQL Cloud Service Deep DiveMySQL Cloud Service Deep Dive
MySQL Cloud Service Deep DiveMorgan Tocker
 

Recommended

20171104 hk-py con-mysql-documentstore_v1
20171104 hk-py con-mysql-documentstore_v120171104 hk-py con-mysql-documentstore_v1
20171104 hk-py con-mysql-documentstore_v1Ivan Ma
 
MySQL 5.7: Focus on InnoDB
MySQL 5.7: Focus on InnoDBMySQL 5.7: Focus on InnoDB
MySQL 5.7: Focus on InnoDBMario Beck
 
Upcoming changes in MySQL 5.7
Upcoming changes in MySQL 5.7Upcoming changes in MySQL 5.7
Upcoming changes in MySQL 5.7Morgan Tocker
 
MySQL for Software-as-a-Service (SaaS)
MySQL for Software-as-a-Service (SaaS)MySQL for Software-as-a-Service (SaaS)
MySQL for Software-as-a-Service (SaaS)Mario Beck
 
MySQL For Linux Sysadmins
MySQL For Linux SysadminsMySQL For Linux Sysadmins
MySQL For Linux SysadminsMorgan Tocker
 
20190817 coscup-oracle my sql innodb cluster sharing
20190817 coscup-oracle my sql innodb cluster sharing20190817 coscup-oracle my sql innodb cluster sharing
20190817 coscup-oracle my sql innodb cluster sharingIvan Ma
 
MySQL innodb cluster and Group Replication in a nutshell - hands-on tutorial ...
MySQL innodb cluster and Group Replication in a nutshell - hands-on tutorial ...MySQL innodb cluster and Group Replication in a nutshell - hands-on tutorial ...
MySQL innodb cluster and Group Replication in a nutshell - hands-on tutorial ...Frederic Descamps
 
MySQL Cloud Service Deep Dive
MySQL Cloud Service Deep DiveMySQL Cloud Service Deep Dive
MySQL Cloud Service Deep DiveMorgan Tocker
 
replic8 - Replication in MySQL 8
replic8 - Replication in MySQL 8replic8 - Replication in MySQL 8
replic8 - Replication in MySQL 8Sven Sandberg
 
MySQL Day Paris 2018 - MySQL JSON Document Store
MySQL Day Paris 2018 - MySQL JSON Document StoreMySQL Day Paris 2018 - MySQL JSON Document Store
MySQL Day Paris 2018 - MySQL JSON Document StoreOlivier DASINI
 
MySQL 5.7 Replication News
MySQL 5.7 Replication News MySQL 5.7 Replication News
MySQL 5.7 Replication News Ted Wennmark
 
MySQL Day Paris 2016 - State Of The Dolphin
MySQL Day Paris 2016 - State Of The DolphinMySQL Day Paris 2016 - State Of The Dolphin
MySQL Day Paris 2016 - State Of The DolphinOlivier DASINI
 
MySQL 5.7 NEW FEATURES, BETTER PERFORMANCE, AND THINGS THAT WILL BREAK -- Mid...
MySQL 5.7 NEW FEATURES, BETTER PERFORMANCE, AND THINGS THAT WILL BREAK -- Mid...MySQL 5.7 NEW FEATURES, BETTER PERFORMANCE, AND THINGS THAT WILL BREAK -- Mid...
MySQL 5.7 NEW FEATURES, BETTER PERFORMANCE, AND THINGS THAT WILL BREAK -- Mid...Dave Stokes
 
MySQL Day Paris 2018 - MySQL InnoDB Cluster; A complete High Availability sol...
MySQL Day Paris 2018 - MySQL InnoDB Cluster; A complete High Availability sol...MySQL Day Paris 2018 - MySQL InnoDB Cluster; A complete High Availability sol...
MySQL Day Paris 2018 - MySQL InnoDB Cluster; A complete High Availability sol...Olivier DASINI
 
MySQL Tech Tour 2015 - 5.7 Whats new
MySQL Tech Tour 2015 - 5.7 Whats newMySQL Tech Tour 2015 - 5.7 Whats new
MySQL Tech Tour 2015 - 5.7 Whats newMark Swarbrick
 
Why MySQL High Availability Matters
Why MySQL High Availability MattersWhy MySQL High Availability Matters
Why MySQL High Availability MattersMatt Lord
 
Using MySQL in Automated Testing
Using MySQL in Automated TestingUsing MySQL in Automated Testing
Using MySQL in Automated TestingMorgan Tocker
 
MySQL 8.0 - What's New ?
MySQL 8.0 - What's New ?MySQL 8.0 - What's New ?
MySQL 8.0 - What's New ?Olivier DASINI
 
MySQL NoSQL APIs
MySQL NoSQL APIsMySQL NoSQL APIs
MySQL NoSQL APIsMorgan Tocker
 
NoSQL and MySQL: News about JSON
NoSQL and MySQL: News about JSONNoSQL and MySQL: News about JSON
NoSQL and MySQL: News about JSONMario Beck
 
MySQL InnoDB Cluster - A complete High Availability solution for MySQL
MySQL InnoDB Cluster - A complete High Availability solution for MySQLMySQL InnoDB Cluster - A complete High Availability solution for MySQL
MySQL InnoDB Cluster - A complete High Availability solution for MySQLOlivier DASINI
 
MySQL JSON Document Store - A Document Store with all the benefits of a Trans...
MySQL JSON Document Store - A Document Store with all the benefits of a Trans...MySQL JSON Document Store - A Document Store with all the benefits of a Trans...
MySQL JSON Document Store - A Document Store with all the benefits of a Trans...Olivier DASINI
 
MySQL InnoDB Cluster and Group Replication - OSI 2017 Bangalore
MySQL InnoDB Cluster and Group Replication - OSI 2017 BangaloreMySQL InnoDB Cluster and Group Replication - OSI 2017 Bangalore
MySQL InnoDB Cluster and Group Replication - OSI 2017 BangaloreSujatha Sivakumar
 
MySQL 8.0.17 - New Features Summary
MySQL 8.0.17 - New Features SummaryMySQL 8.0.17 - New Features Summary
MySQL 8.0.17 - New Features SummaryOlivier DASINI
 
MySQL Tech Tour 2015 - 5.7 InnoDB
MySQL Tech Tour 2015 - 5.7 InnoDBMySQL Tech Tour 2015 - 5.7 InnoDB
MySQL Tech Tour 2015 - 5.7 InnoDBMark Swarbrick
 
MySQL Day Paris 2018 - Upgrade from MySQL 5.7 to MySQL 8.0
MySQL Day Paris 2018 - Upgrade from MySQL 5.7 to MySQL 8.0MySQL Day Paris 2018 - Upgrade from MySQL 5.7 to MySQL 8.0
MySQL Day Paris 2018 - Upgrade from MySQL 5.7 to MySQL 8.0Olivier DASINI
 
Unlocking Big Data Insights with MySQL
Unlocking Big Data Insights with MySQLUnlocking Big Data Insights with MySQL
Unlocking Big Data Insights with MySQLMatt Lord
 
MySQL: From Single Instance to Big Data
MySQL: From Single Instance to Big DataMySQL: From Single Instance to Big Data
MySQL: From Single Instance to Big DataMorgan Tocker
 
MySQL in OPC(Oracle Public Cloud)
MySQL in OPC(Oracle Public Cloud)MySQL in OPC(Oracle Public Cloud)
MySQL in OPC(Oracle Public Cloud)Ramana Yeruva
 
OUGLS 2016: Guided Tour On The MySQL Source Code
OUGLS 2016: Guided Tour On The MySQL Source CodeOUGLS 2016: Guided Tour On The MySQL Source Code
OUGLS 2016: Guided Tour On The MySQL Source CodeGeorgi Kodinov
 

More Related Content

What's hot

replic8 - Replication in MySQL 8
replic8 - Replication in MySQL 8replic8 - Replication in MySQL 8
replic8 - Replication in MySQL 8Sven Sandberg
 
MySQL Day Paris 2018 - MySQL JSON Document Store
MySQL Day Paris 2018 - MySQL JSON Document StoreMySQL Day Paris 2018 - MySQL JSON Document Store
MySQL Day Paris 2018 - MySQL JSON Document StoreOlivier DASINI
 
MySQL 5.7 Replication News
MySQL 5.7 Replication News MySQL 5.7 Replication News
MySQL 5.7 Replication News Ted Wennmark
 
MySQL Day Paris 2016 - State Of The Dolphin
MySQL Day Paris 2016 - State Of The DolphinMySQL Day Paris 2016 - State Of The Dolphin
MySQL Day Paris 2016 - State Of The DolphinOlivier DASINI
 
MySQL 5.7 NEW FEATURES, BETTER PERFORMANCE, AND THINGS THAT WILL BREAK -- Mid...
MySQL 5.7 NEW FEATURES, BETTER PERFORMANCE, AND THINGS THAT WILL BREAK -- Mid...MySQL 5.7 NEW FEATURES, BETTER PERFORMANCE, AND THINGS THAT WILL BREAK -- Mid...
MySQL 5.7 NEW FEATURES, BETTER PERFORMANCE, AND THINGS THAT WILL BREAK -- Mid...Dave Stokes
 
MySQL Day Paris 2018 - MySQL InnoDB Cluster; A complete High Availability sol...
MySQL Day Paris 2018 - MySQL InnoDB Cluster; A complete High Availability sol...MySQL Day Paris 2018 - MySQL InnoDB Cluster; A complete High Availability sol...
MySQL Day Paris 2018 - MySQL InnoDB Cluster; A complete High Availability sol...Olivier DASINI
 
MySQL Tech Tour 2015 - 5.7 Whats new
MySQL Tech Tour 2015 - 5.7 Whats newMySQL Tech Tour 2015 - 5.7 Whats new
MySQL Tech Tour 2015 - 5.7 Whats newMark Swarbrick
 
Why MySQL High Availability Matters
Why MySQL High Availability MattersWhy MySQL High Availability Matters
Why MySQL High Availability MattersMatt Lord
 
Using MySQL in Automated Testing
Using MySQL in Automated TestingUsing MySQL in Automated Testing
Using MySQL in Automated TestingMorgan Tocker
 
MySQL 8.0 - What's New ?
MySQL 8.0 - What's New ?MySQL 8.0 - What's New ?
MySQL 8.0 - What's New ?Olivier DASINI
 
NoSQL and MySQL: News about JSON
NoSQL and MySQL: News about JSONNoSQL and MySQL: News about JSON
NoSQL and MySQL: News about JSONMario Beck
 
MySQL InnoDB Cluster - A complete High Availability solution for MySQL
MySQL InnoDB Cluster - A complete High Availability solution for MySQLMySQL InnoDB Cluster - A complete High Availability solution for MySQL
MySQL InnoDB Cluster - A complete High Availability solution for MySQLOlivier DASINI
 
MySQL JSON Document Store - A Document Store with all the benefits of a Trans...
MySQL JSON Document Store - A Document Store with all the benefits of a Trans...MySQL JSON Document Store - A Document Store with all the benefits of a Trans...
MySQL JSON Document Store - A Document Store with all the benefits of a Trans...Olivier DASINI
 
MySQL InnoDB Cluster and Group Replication - OSI 2017 Bangalore
MySQL InnoDB Cluster and Group Replication - OSI 2017 BangaloreMySQL InnoDB Cluster and Group Replication - OSI 2017 Bangalore
MySQL InnoDB Cluster and Group Replication - OSI 2017 BangaloreSujatha Sivakumar
 
MySQL 8.0.17 - New Features Summary
MySQL 8.0.17 - New Features SummaryMySQL 8.0.17 - New Features Summary
MySQL 8.0.17 - New Features SummaryOlivier DASINI
 
MySQL Tech Tour 2015 - 5.7 InnoDB
MySQL Tech Tour 2015 - 5.7 InnoDBMySQL Tech Tour 2015 - 5.7 InnoDB
MySQL Tech Tour 2015 - 5.7 InnoDBMark Swarbrick
 
MySQL Day Paris 2018 - Upgrade from MySQL 5.7 to MySQL 8.0
MySQL Day Paris 2018 - Upgrade from MySQL 5.7 to MySQL 8.0MySQL Day Paris 2018 - Upgrade from MySQL 5.7 to MySQL 8.0
MySQL Day Paris 2018 - Upgrade from MySQL 5.7 to MySQL 8.0Olivier DASINI
 
Unlocking Big Data Insights with MySQL
Unlocking Big Data Insights with MySQLUnlocking Big Data Insights with MySQL
Unlocking Big Data Insights with MySQLMatt Lord
 
MySQL: From Single Instance to Big Data
MySQL: From Single Instance to Big DataMySQL: From Single Instance to Big Data
MySQL: From Single Instance to Big DataMorgan Tocker
 

What's hot (20)

replic8 - Replication in MySQL 8
replic8 - Replication in MySQL 8replic8 - Replication in MySQL 8
replic8 - Replication in MySQL 8
 
MySQL Day Paris 2018 - MySQL JSON Document Store
MySQL Day Paris 2018 - MySQL JSON Document StoreMySQL Day Paris 2018 - MySQL JSON Document Store
MySQL Day Paris 2018 - MySQL JSON Document Store
 
MySQL 5.7 Replication News
MySQL 5.7 Replication News MySQL 5.7 Replication News
MySQL 5.7 Replication News
 
MySQL Day Paris 2016 - State Of The Dolphin
MySQL Day Paris 2016 - State Of The DolphinMySQL Day Paris 2016 - State Of The Dolphin
MySQL Day Paris 2016 - State Of The Dolphin
 
MySQL 5.7 NEW FEATURES, BETTER PERFORMANCE, AND THINGS THAT WILL BREAK -- Mid...
MySQL 5.7 NEW FEATURES, BETTER PERFORMANCE, AND THINGS THAT WILL BREAK -- Mid...MySQL 5.7 NEW FEATURES, BETTER PERFORMANCE, AND THINGS THAT WILL BREAK -- Mid...
MySQL 5.7 NEW FEATURES, BETTER PERFORMANCE, AND THINGS THAT WILL BREAK -- Mid...
 
MySQL Day Paris 2018 - MySQL InnoDB Cluster; A complete High Availability sol...
MySQL Day Paris 2018 - MySQL InnoDB Cluster; A complete High Availability sol...MySQL Day Paris 2018 - MySQL InnoDB Cluster; A complete High Availability sol...
MySQL Day Paris 2018 - MySQL InnoDB Cluster; A complete High Availability sol...
 
MySQL Tech Tour 2015 - 5.7 Whats new
MySQL Tech Tour 2015 - 5.7 Whats newMySQL Tech Tour 2015 - 5.7 Whats new
MySQL Tech Tour 2015 - 5.7 Whats new
 
Why MySQL High Availability Matters
Why MySQL High Availability MattersWhy MySQL High Availability Matters
Why MySQL High Availability Matters
 
Using MySQL in Automated Testing
Using MySQL in Automated TestingUsing MySQL in Automated Testing
Using MySQL in Automated Testing
 
MySQL 8.0 - What's New ?
MySQL 8.0 - What's New ?MySQL 8.0 - What's New ?
MySQL 8.0 - What's New ?
 
MySQL NoSQL APIs
MySQL NoSQL APIsMySQL NoSQL APIs
MySQL NoSQL APIs
 
NoSQL and MySQL: News about JSON
NoSQL and MySQL: News about JSONNoSQL and MySQL: News about JSON
NoSQL and MySQL: News about JSON
 
MySQL InnoDB Cluster - A complete High Availability solution for MySQL
MySQL InnoDB Cluster - A complete High Availability solution for MySQLMySQL InnoDB Cluster - A complete High Availability solution for MySQL
MySQL InnoDB Cluster - A complete High Availability solution for MySQL
 
MySQL JSON Document Store - A Document Store with all the benefits of a Trans...
MySQL JSON Document Store - A Document Store with all the benefits of a Trans...MySQL JSON Document Store - A Document Store with all the benefits of a Trans...
MySQL JSON Document Store - A Document Store with all the benefits of a Trans...
 
MySQL InnoDB Cluster and Group Replication - OSI 2017 Bangalore
MySQL InnoDB Cluster and Group Replication - OSI 2017 BangaloreMySQL InnoDB Cluster and Group Replication - OSI 2017 Bangalore
MySQL InnoDB Cluster and Group Replication - OSI 2017 Bangalore
 
MySQL 8.0.17 - New Features Summary
MySQL 8.0.17 - New Features SummaryMySQL 8.0.17 - New Features Summary
MySQL 8.0.17 - New Features Summary
 
MySQL Tech Tour 2015 - 5.7 InnoDB
MySQL Tech Tour 2015 - 5.7 InnoDBMySQL Tech Tour 2015 - 5.7 InnoDB
MySQL Tech Tour 2015 - 5.7 InnoDB
 
MySQL Day Paris 2018 - Upgrade from MySQL 5.7 to MySQL 8.0
MySQL Day Paris 2018 - Upgrade from MySQL 5.7 to MySQL 8.0MySQL Day Paris 2018 - Upgrade from MySQL 5.7 to MySQL 8.0
MySQL Day Paris 2018 - Upgrade from MySQL 5.7 to MySQL 8.0
 
Unlocking Big Data Insights with MySQL
Unlocking Big Data Insights with MySQLUnlocking Big Data Insights with MySQL
Unlocking Big Data Insights with MySQL
 
MySQL: From Single Instance to Big Data
MySQL: From Single Instance to Big DataMySQL: From Single Instance to Big Data
MySQL: From Single Instance to Big Data
 

Similar to InnoDB Tablespace Encryption

MySQL in OPC(Oracle Public Cloud)
MySQL in OPC(Oracle Public Cloud)MySQL in OPC(Oracle Public Cloud)
MySQL in OPC(Oracle Public Cloud)Ramana Yeruva
 
OUGLS 2016: Guided Tour On The MySQL Source Code
OUGLS 2016: Guided Tour On The MySQL Source CodeOUGLS 2016: Guided Tour On The MySQL Source Code
OUGLS 2016: Guided Tour On The MySQL Source CodeGeorgi Kodinov
 
MySQL 5.7 -- SCaLE Feb 2014
MySQL 5.7 -- SCaLE Feb 2014MySQL 5.7 -- SCaLE Feb 2014
MySQL 5.7 -- SCaLE Feb 2014Dave Stokes
 
NoSQL no MySQL 5.7
NoSQL no MySQL 5.7NoSQL no MySQL 5.7
NoSQL no MySQL 5.7MySQL Brasil
 
MySQL 5.6, news in 5.7 and our HA options
MySQL 5.6, news in 5.7 and our HA optionsMySQL 5.6, news in 5.7 and our HA options
MySQL 5.6, news in 5.7 and our HA optionsTed Wennmark
 
MySQL as a Document Store
MySQL as a Document StoreMySQL as a Document Store
MySQL as a Document StoreTed Wennmark
 
Change Management for Oracle Database with SQLcl
Change Management for Oracle Database with SQLcl Change Management for Oracle Database with SQLcl
Change Management for Oracle Database with SQLcl Jeff Smith
 
Provisioning with Oracle Cloud Stack Manager
Provisioning with Oracle Cloud Stack ManagerProvisioning with Oracle Cloud Stack Manager
Provisioning with Oracle Cloud Stack ManagerSimon Haslam
 
MySql's NoSQL -- best of both worlds on the same disks
MySql's NoSQL -- best of both worlds on the same disksMySql's NoSQL -- best of both worlds on the same disks
MySql's NoSQL -- best of both worlds on the same disksDave Stokes
 
Introduction to MySQL
Introduction to MySQLIntroduction to MySQL
Introduction to MySQLTed Wennmark
 
MySQL Cluster Asynchronous replication (2014)
MySQL Cluster Asynchronous replication (2014) MySQL Cluster Asynchronous replication (2014)
MySQL Cluster Asynchronous replication (2014) Frazer Clement
 
Oracle EM12c Release 4 New Features!
Oracle EM12c Release 4 New Features!Oracle EM12c Release 4 New Features!
Oracle EM12c Release 4 New Features!Kellyn Pot'Vin-Gorman
 
New data dictionary an internal server api that matters
New data dictionary an internal server api that mattersNew data dictionary an internal server api that matters
New data dictionary an internal server api that mattersAlexander Nozdrin
 
Oracle MySQL Tutorial -- MySQL NoSQL Cloud Buenos Aires Nov, 13 2014
Oracle MySQL Tutorial -- MySQL NoSQL Cloud Buenos Aires Nov, 13 2014Oracle MySQL Tutorial -- MySQL NoSQL Cloud Buenos Aires Nov, 13 2014
Oracle MySQL Tutorial -- MySQL NoSQL Cloud Buenos Aires Nov, 13 2014Manuel Contreras
 
Oracle Database In-Memory Meets Oracle RAC
Oracle Database In-Memory Meets Oracle RACOracle Database In-Memory Meets Oracle RAC
Oracle Database In-Memory Meets Oracle RACMarkus Michalewicz
 
MySQL Document Store
MySQL Document StoreMySQL Document Store
MySQL Document StoreMario Beck
 
Oracle Database in-Memory Overivew
Oracle Database in-Memory OverivewOracle Database in-Memory Overivew
Oracle Database in-Memory OverivewMaria Colgan
 

Similar to InnoDB Tablespace Encryption (20)

MySQL in OPC(Oracle Public Cloud)
MySQL in OPC(Oracle Public Cloud)MySQL in OPC(Oracle Public Cloud)
MySQL in OPC(Oracle Public Cloud)
 
OUGLS 2016: Guided Tour On The MySQL Source Code
OUGLS 2016: Guided Tour On The MySQL Source CodeOUGLS 2016: Guided Tour On The MySQL Source Code
OUGLS 2016: Guided Tour On The MySQL Source Code
 
MySQL 5.7 -- SCaLE Feb 2014
MySQL 5.7 -- SCaLE Feb 2014MySQL 5.7 -- SCaLE Feb 2014
MySQL 5.7 -- SCaLE Feb 2014
 
NoSQL no MySQL 5.7
NoSQL no MySQL 5.7NoSQL no MySQL 5.7
NoSQL no MySQL 5.7
 
MySQL 5.6, news in 5.7 and our HA options
MySQL 5.6, news in 5.7 and our HA optionsMySQL 5.6, news in 5.7 and our HA options
MySQL 5.6, news in 5.7 and our HA options
 
MySQL as a Document Store
MySQL as a Document StoreMySQL as a Document Store
MySQL as a Document Store
 
Change Management for Oracle Database with SQLcl
Change Management for Oracle Database with SQLcl Change Management for Oracle Database with SQLcl
Change Management for Oracle Database with SQLcl
 
Provisioning with Oracle Cloud Stack Manager
Provisioning with Oracle Cloud Stack ManagerProvisioning with Oracle Cloud Stack Manager
Provisioning with Oracle Cloud Stack Manager
 
MySql's NoSQL -- best of both worlds on the same disks
MySql's NoSQL -- best of both worlds on the same disksMySql's NoSQL -- best of both worlds on the same disks
MySql's NoSQL -- best of both worlds on the same disks
 
Oracle Storage a ochrana dat
Oracle Storage a ochrana datOracle Storage a ochrana dat
Oracle Storage a ochrana dat
 
Introduction to MySQL
Introduction to MySQLIntroduction to MySQL
Introduction to MySQL
 
MySQL Cluster Asynchronous replication (2014)
MySQL Cluster Asynchronous replication (2014) MySQL Cluster Asynchronous replication (2014)
MySQL Cluster Asynchronous replication (2014)
 
Oracle EM12c Release 4 New Features!
Oracle EM12c Release 4 New Features!Oracle EM12c Release 4 New Features!
Oracle EM12c Release 4 New Features!
 
New data dictionary an internal server api that matters
New data dictionary an internal server api that mattersNew data dictionary an internal server api that matters
New data dictionary an internal server api that matters
 
Oracle MySQL Tutorial -- MySQL NoSQL Cloud Buenos Aires Nov, 13 2014
Oracle MySQL Tutorial -- MySQL NoSQL Cloud Buenos Aires Nov, 13 2014Oracle MySQL Tutorial -- MySQL NoSQL Cloud Buenos Aires Nov, 13 2014
Oracle MySQL Tutorial -- MySQL NoSQL Cloud Buenos Aires Nov, 13 2014
 
MySQL HA
MySQL HAMySQL HA
MySQL HA
 
Oracle Database In-Memory Meets Oracle RAC
Oracle Database In-Memory Meets Oracle RACOracle Database In-Memory Meets Oracle RAC
Oracle Database In-Memory Meets Oracle RAC
 
My sql8 innodb_cluster
My sql8 innodb_clusterMy sql8 innodb_cluster
My sql8 innodb_cluster
 
MySQL Document Store
MySQL Document StoreMySQL Document Store
MySQL Document Store
 
Oracle Database in-Memory Overivew
Oracle Database in-Memory OverivewOracle Database in-Memory Overivew
Oracle Database in-Memory Overivew
 

Recently uploaded

UNIT-III FMM. DIMENSIONAL ANALYSIS
UNIT-III FMM. DIMENSIONAL ANALYSISUNIT-III FMM. DIMENSIONAL ANALYSIS
UNIT-III FMM. DIMENSIONAL ANALYSISrknatarajan
 
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur High Profile
 
College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service NashikCollege Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service NashikCall Girls in Nagpur High Profile
 
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...ranjana rawat
 
247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt
247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt
247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).pptssuser5c9d4b1
 
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur High Profile
 
Porous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writingPorous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writingrakeshbaidya232001
 
UNIT-V FMM.HYDRAULIC TURBINE - Construction and working
UNIT-V FMM.HYDRAULIC TURBINE - Construction and workingUNIT-V FMM.HYDRAULIC TURBINE - Construction and working
UNIT-V FMM.HYDRAULIC TURBINE - Construction and workingrknatarajan
 
Coefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxCoefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxAsutosh Ranjan
 
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...ranjana rawat
 
Processing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptxProcessing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptxpranjaldaimarysona
 
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...Call Girls in Nagpur High Profile
 
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINEMANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINESIVASHANKAR N
 
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...Soham Mondal
 
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete RecordCCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete RecordAsst.prof M.Gokilavani
 
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...ranjana rawat
 
HARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IVHARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IVRajaP95
 
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...Dr.Costas Sachpazis
 

Recently uploaded (20)

UNIT-III FMM. DIMENSIONAL ANALYSIS
UNIT-III FMM. DIMENSIONAL ANALYSISUNIT-III FMM. DIMENSIONAL ANALYSIS
UNIT-III FMM. DIMENSIONAL ANALYSIS
 
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
 
College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service NashikCollege Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
 
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
 
★ CALL US 9953330565 ( HOT Young Call Girls In Badarpur delhi NCR
★ CALL US 9953330565 ( HOT Young Call Girls In Badarpur delhi NCR★ CALL US 9953330565 ( HOT Young Call Girls In Badarpur delhi NCR
★ CALL US 9953330565 ( HOT Young Call Girls In Badarpur delhi NCR
 
247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt
247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt
247267395-1-Symmetric-and-distributed-shared-memory-architectures-ppt (1).ppt
 
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
 
Porous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writingPorous Ceramics seminar and technical writing
Porous Ceramics seminar and technical writing
 
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINEDJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
 
UNIT-V FMM.HYDRAULIC TURBINE - Construction and working
UNIT-V FMM.HYDRAULIC TURBINE - Construction and workingUNIT-V FMM.HYDRAULIC TURBINE - Construction and working
UNIT-V FMM.HYDRAULIC TURBINE - Construction and working
 
Coefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxCoefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptx
 
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
Processing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptxProcessing & Properties of Floor and Wall Tiles.pptx
Processing & Properties of Floor and Wall Tiles.pptx
 
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
 
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINEMANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
 
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
OSVC_Meta-Data based Simulation Automation to overcome Verification Challenge...
 
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete RecordCCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
 
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
 
HARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IVHARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IV
 
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
Sheet Pile Wall Design and Construction: A Practical Guide for Civil Engineer...
 

InnoDB Tablespace Encryption

  • 1. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | InnoDB Tablespace Encryption By Satya Bodapati Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
  • 2. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | 2 Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.
  • 3. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | 3 Program Agenda ❏Introduction ❏How to use it ❏Architecture ❏Key rotation ❏Import/Export ❏Replication ❏MySQL Enterprise Transparent Data Encryption
  • 4. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | 4 Program Agenda ❏Introduction ❏How to use it ❏Architecture ❏Key rotation ❏Import/Export ❏Replication ❏MySQL Enterprise Transparent Data Encryption
  • 5. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | 5 Introduction InnoDB supports data encryption for all file_per_table tablespaces InnoDB uses two tier encryption architecture [More on this later] There are two types of keyring plugins available for Key Management ➢keyring_file plugin - Available in all MySQL Editions ➢keyring_okv plugin - Available only in MySQL Enterprise Edition
  • 6. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | 6 Program Agenda ❏Introduction ❏How to use it ❏Architecture ❏Key rotation ❏Import/Export ❏Replication ❏MySQL Enterprise Transparent Data Encryption
  • 7. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | 7 Prerequisites ●MySQL 5.7 ●keyring plugin installed and active (only one) ●innodb_file_per_table=ON (default : ON)
  • 8. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | 8 Use early-plugin-load in my.cnf Why early-plugin-load? Because keyring plugin should be loaded before InnoDB is loaded. InnoDB will need the keyring plugin to decrypt tablespaces before applying redo log
  • 9. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | 9 Verify that Keyring plugin is loaded The status of the keyring plugin should be ACTIVE OR
  • 10. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | 10 All Set! Lets create first encrypted table
  • 11. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | 11 Where is the location of keyring_file data It is very important file. Remember to backup this file. Losing this keyring data file will make tables inaccessible.
  • 12. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | 12 How to encrypt existing tables? ● ALTER TABLE mydb.mytab ENCRYPTION=“Y” ALGORITHM=COPY; ● ALTER TABLE mydb.mytab ENCRYPTION=“N” ALGORITHM=COPY; ● ALGORITHM=INPLACE is not supported when turning encryption ON/OFF
  • 13. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | 13 Program Agenda ❏Introduction ❏How to use it ❏Architecture ❏Key rotation ❏Import/Export ❏Replication ❏MySQL Enterprise Transparent Data Encryption
  • 14. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | 14 Architecture MySQL keyring plugin provides a way for MySQL components to retain or cache security data, authentication keys, encryption keys, passwords, passphrases in the MySQL Server kernel. The MySQL Keyring makes its data available to internal mysql components and plugins.
  • 15. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | 15 Architecture InnoDB tablespace encryption uses a two tier encryption key architecture, consisting of a master encryption key and tablespace keys. Master Key The key that is used to encrypt and decrypt the tablespace key Tablespace key (aka private key) The key that is used to encrypt and decrypt tablespace data Secret keys are never ever seen by users – only internalcode
  • 16. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |Confidential – Oracle Highly Restricted Architecture Diagram: 2 Tier Architecture 16 DISK Unencrypted files MySQL Server Plugin & Services Infrastruct ure InnoDB Client keyring_okv plugin • Master Key • Stored outside the database • Oracle Key Vault : KMIP 1.2 Compliant Key Vault • Tablespace Key • Stored in tablespace header • Protected by master key Master Key Encrypted 2 Encrypted 1 keyring_file plugin Master Key Plain file ORKey Vault
  • 17. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | 17 Architecture keyring_file plugin stores the Master Key in a file at a location decided by keyring_file_data For encrypted tables, Tablespace key is encrypted by Master Key and stored in Tablespace header page. Encryption algorithm used is AES only. Encryption mode used is block encryption mode (CBC mode).
  • 18. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | 18 Architecture
  • 19. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | 19 Architecture
  • 20. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | 20 Architecture In InnoDB, pages are encrypted using the tablespace key. This is done at IO layer. Benefits are: • A page could be modified multiple times in buffer pool and then gets flushed. So we avoid encrypting the data page everytime it changed. We only encrypt just before writing page to disk • The encryption is done by background page cleaner threads. This means the query threads don’t spend extra CPU [Set appropriate number of page cleaner threads]
  • 21. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | 21 Architecture • The buffer pool pages remain decrypted and so there is no overhead for pages accessed. The pages are decrypted only when they are read. Limitations: • General Tablespaces (Shared Tablespaces) are not encrypted, system tablespace (ibdata*) is not encrypted. • Undo Log, redo Logs and binary logs are not encrypted • Advanced Encryption Standard (AES) is the only supported encryption algorithm.
  • 22. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | 22 Architecture • You cannot move or copy an encrypted table from a file- per-table tablespace to an unsupported InnoDB tablespace type • Migration from the keyring_file plugin to the keyring_okv plugin, or vice-versa • Altering the ENCRYPTION attribute of a table is an ALGORITHM=COPY operation. ALGORITHM=INPLACE is not supported
  • 23. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Performance Impact • Sysbench tests did not indicate any significant impact on performance when compared to unencrypted tables • Tablespace keys are cached for faster access • Key rotation : Fast because only tablespace keys are reencrypted Confidential – Oracle Highly Restricted 23
  • 24. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | 24 Program Agenda ❏Introduction ❏How to use it ❏Design ❏Key rotation ❏Import/Export ❏Replication ❏MySQL Enterprise Transparent Data Encryption
  • 25. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | 25 Key rotation • The master encryption key should be rotated periodically • Rotating the master encryption key only changes the master encryption key and re-encrypts tablespace keys. It does not decrypt or re-encrypt associated tablespace data. • SQL to do rotation: ALTER INSTANCE ROTATE INNODB MASTER KEY;
  • 26. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | 26
  • 27. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | 27 Program Agenda ❏Introduction ❏How to use it ❏Design ❏Key rotation ❏Import/Export ❏Replication ❏MySQL Enterprise Transparent Data Encryption
  • 28. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Exporting Encrypted Tablespace • Source – USE mydb; FLUSH TABLES mytab FOR EXPORT; • For encrypted table, <tablespace_name>.cfp file is generated – Copy .ibd/.cfg/.cfp file to destination – USE mydb; UNLOCK TABLES; • Destination – ALTER TABLE mydb.mytab DISCARD TABLESPACE; – Copy imported files to database directory – ALTER TABLE mydb.mytab IMPORT TABLESPACE; • .cfp file contains temporary key used to encrypt tablespace key. Should be handled carefully. Confidential – Oracle Highly Restricted 28
  • 29. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | 29 Program Agenda ❏Introduction ❏How to use it ❏Design ❏Key rotation ❏Import/Export ❏Replication ❏MySQL Enterprise Transparent Data Encryption
  • 30. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Replication • Master and slave should use different keyring file • Tables do not use same key at master and slave – At each node, encryption uses different set of keys • Key rotation : Generates different set of master key at each node – Slaves must have keyring plugin available if master performs key rotation – If master creates encrypted tables, slave should be configured with encryption Confidential – Oracle Highly Restricted 30
  • 31. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | 31 Program Agenda ❏Introduction ❏How to use it ❏Design ❏Key rotation ❏MySQL Enterprise Transparent Data Encryption
  • 32. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | What is Transparent Data Encryption? • Data at Rest Encryption – Tablespaces, Disks, Storage, OS File system • Transparent to applications and users – No application code or data type changes • Transparent to DBAs – Keys are hidden from DBAs, no configuration changes • Requires Key Management – Protection, rotation, storage, recovery Confidential – Oracle Highly Restricted 32
  • 33. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Transparent Data Encryption in MySQL • Data at Rest Encryption – Tablespace Encryption • Key Protection – Achieved through Oracle Key Vault • Strong Encryption – AES 256 • Simple to Manage – One master key for whole MySQL instance – One key per tablespace • High Performance & Low Overhead – Simple Key Rotation without massive decrypt/encryption costs Confidential – Oracle Highly Restricted 33
  • 34. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Why Key Vault? Confidential – Oracle Highly Restricted 34
  • 35. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Benefits of using Key Vault • Protected and Exclusive storage for key materials – Ensures that keys are safely stored away from database • Centralized repo for managing keys for multiple servers – One stop solution to deploy TDE on multiple database servers – Keys are accessible only to corresponding endpoint (or group of endpoints) • Secure communication – Protected through TLSv1.2 • Automatic provisioning – DBA intervention is not needed as long as endpoint is configured correctly Confidential – Oracle Highly Restricted 35
  • 36. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Benefits of using Key Vault ● Key lifecycle management – Critical for standard for Payment Card Industry (PCI), Data Security Standard (DSS) – Possible to define policies for key rotation and remind user about the same – Report generation to validate compliance ● Maintains key history – Useful in restore scenarios ● Key utilization tracking – Useful in identifying suspicious usage of keys Confidential – Oracle Highly Restricted 36
  • 37. Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Copyright © 2016, Oracle and/or its affiliates. All rights reserved. | Thank You! Q&A ? Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |