SlideShare a Scribd company logo

Plam16 jan

Jan Lindström
Jan Lindström

This document discusses transparent encryption of MariaDB databases using the Amazon Key Management Service (KMS). It provides an overview of transparent encryption concepts, how encryption is implemented for InnoDB/XtraDB tables and logs, available encryption plugins including the AWS KMS plugin, and how to configure MariaDB for encryption using AWS KMS for key management. The AWS KMS plugin allows MariaDB to store encrypted encryption keys in AWS KMS and handle key rotation. Documentation links are also provided.

Software
1 of 32
Download to read offline
Transparent tablespace and log encryption on MariaDB 10.1 using Amazon Key Management Service Jan Lindström, Principal Engineer, MariaDB Corporation Amsterdam, Netherlands | October 5, 2016
2 Agenda 1. Introduction 2. Concepts 3. InnoDB/XtraDB 4. Encryption Plugins 5. Amazon AWS KMS 6. Configuration
Introduction
4 What is transparent encryption? • Transparent to application • Application does’t know anything about keys, algorithm, etc • Anyone that can connect to MariaDB can dump data • Not data-in-transit encryption (SSL/TLS) • Not per-column encryption • Not application-side encryption • No encryption functions needed (AES_ENCRYPT())
5 All data written to disk should be encrypted • InnoDB tablespaces (per-file and system) • InnoDB log files • Aria tables • Temporary files • Temporary tables • Binary log • No mysqlbinlog, though!
6 What’s missing? • Aria logs • Audit log • Error log • Slow query log • General query log • MyISAM tables • CONNECT, CSV, et. Al. • Galera gcache
7 Implementation • MariaDB has a new interface for encryption plugins • Key management • Encryption/decryption • Implemented co-operation together with Google and Eperi • https://mariadb.com/kb/en/mariadb/encryption-plugins/
Concepts
9 Concepts • Key ID • ID 1 for system data, like InnoDB redo logs, binary logs, etc • ID 2 (if available) for temporary data, like temporary files and temporary tables • Other Ids as configured when creating tables, etc. • Key Version (for rotation) • Encryption algorithm • Default AES_CBC • Support for these items may vary across plugins!
InnoDB/XtraDB
11 InnoDB/XtraDB • ON/OFF/FORCE • innodb-encrypt-tables = [ON | OFF | FORCE]; • Encrypt log • innodb-encrypt-log = [ON | OFF]; • Monitoring (IS) • innodb-tablespaces-scrubbing • innodb-tablespaces-encryption
12 InnoDB/XtraDB • Optional background rotation • innodb-encryption-threads = n; • innodb-encryption-rotate-key-age= n; - ”Age” in key versions • innodb-encryption-rotation-iops = n; • Optional data scrubbing • innodb-background-scrub-data-compressed = [ON | OFF]; • innodb-background-scrub-data-uncompressed = [ON | OFF]; • innodb-immediate-scrub-data-uncompressed = [ON | OFF]; • innodb-scrub-log = [ON|OFF]; • innodb-scrub-log-speed=n; • innodb-background-scrub-data-check-interval=n; https://mariadb.com/kb/en/mariadb/xtradb-innodb-data-scrubbing/
Encryption plugins
14 Encryption plugins • File key management • https://mariadb.com/kb/en/mariadb/data-at-rest-encryption/#file_key_management- plugin • AWS KMS plugin • https://mariadb.com/kb/en/mariadb/aws-key-management-encryption-plugin/ • Eperi plugin • http://eperi.de/en/products/database-encryption/ • Custom plugins to meet customer needs?
15 File_key_management • Keys stored in a local file (note that this file could be on USB stick) • No support for key rotation/version • Key file itself can be encrypted (but used key in my.cnf) • Do you feel good having your encryption keys sitting next to your data ?
16 Eperi plugin • Separate Eperi gateway software • Licenses and downloads from Eperi’s web portal • KMS • Plugin opens listener that the KMS connects to in order to authenticate the connecting MariaDB instance • Page encryption server • InnoDB actually sends pages to the Eperi gateway node to be encrypted!
Amazon KMS Encryption Plugin
18 AWS KMS Encryption Plugin • Amazon Web Services Key Management Service • CloadTrail & CloudWatch • Logging • Auditing • Notifications • Identity and Access Management (IAM) • Interesting possibilities • MFA for MariaDB startup • IAM roles to read keys • AWS logging & alerts
19 Requirements • You need to sign up for Amazon Web Services • You need to create IAM user • MariaDB server will use these credentials to authenticate AWS server • You need to create a master encryption key • Used to encrypt the actual encryption keys that will be used by MariaDB • You will need to configure AWS credentials • You will need to configure MariaDB (naturally)
20 AWS KMS Plugin • Writes enrypted keys to local disk • MariaDB must connect to KMS to decrypt keys - MariaDB startup - Creating a table that uses a new key • Supports key rotation • Limited platform support due to C++11 requirement of AWS SDK • Requires C++11 compiler: gcc4.7+, clang 3.3+ or VS2013+ • RHEL • CentOS 7 • ~600 lines • Great reference for people who want to write their own plugins
21 Credentials Management • Identify and Access Management (IAM) policy for keys • Authorized source addresses • IAM users w/ restricted privileges • Multi-Factor Authentication (2FA/MFA) • AWS SDK • Config file, environment variables, etc. • Flexible wrapper program • EC2 (Elastic Compute Cloud) instance IAM role
Configuration
23 Install, enable, and configure $ cat /etc/my.cnf.d/aws_key_management.cnf [mariadb] plugin-load-add=aws_key_management.so aws-key-management aws-key-management-master-key-id = alieas/mariadb2 # aws_key_management_log_level = Trace ignore-db-dirs=.pki !include /etc/my.cnf.d/enable_encryption.preset
24 Turn on encryption settings $ cat /etc/my.cnf.d/enable_encryption.preset [mariadb] aria-encrypt-tables encrypt-binlog encrypt-tmp-disk-tables encrypt-tmp-files loose-innodb-encrypt-log loose-innodb-encrypt-tables
25 Encrypted system tablespace $ sudo –u mysql mysql_install_db … 2016-09-29 11:40:00 [Note] AWK KMS plugin: generated encrypted datakey for key id=1, version=1 2016-09-29 11:40:00 [Note] AWK KMS plugin: loaded key 1, version 1, key length 128 bit … 2016-09-29 11:40:01 [Note] AWK KMS plugin: generated encrypted datakey for key id=2, version=1 2016-09-29 11:40:01 [Note] AWK KMS plugin: loaded key 2, version 1, key length 128 bit 2016-09-29 11:40:01 [Note] Using encryption key id 2 for temporary files …
26 Why encrypt data ? MariaDB [db]> create table client_credit_card(id int not null primary key, credit_card varchar(20)) engine=innodb encrypted=no; MariaDB [db]> insert into client_credit_cards values(20071992, ’5275-0000- 0000-0000’): … $ sudo strings /var/lib/mysql/db/client_credit_cards.ibd infimum supremum 5275-0000-0000-0000
27 Automatic key generation MariaDB [db]> create table client_credit_card(id int not null primary key, credit_card varchar(20)) engine=innodb encrypted=yes encryption_key_id=3; MariaDB [db]> insert into client_credit_card values(20071992, ’5275-0000-0000- 0000’): … $ sudo strings /var/lib/mysql/db/client_credit_card.ibd {7fgh k6klj B_0= …
28 I_S table for encryption info MariaDB [(none)]> select * from information_schema.innodb_tablespaces_encryption where name='db/client_credit_card'G *************************** 1. row *************************** SPACE: 6 NAME: db/client_credit_card ENCRYPTION_SCHEME: 1 KEYSERVER_REQUESTS: 1 MIN_KEY_VERSION: 1 CURRENT_KEY_VERSION: 1 KEY_ROTATION_PAGE_NUMBER: NULL KEY_ROTATION_MAX_PAGE_NUMBER: NULL CURRENT_KEY_ID: 3 1 row in set (0.00 sec)
29 Key rotation MariaDB [(none)]> show variables like 'aws%'; +----------------------------------+----------------+ | Variable_name | Value | +----------------------------------+----------------+ | aws_key_management_key_spec | AES_128 | | aws_key_management_log_level | Off | | aws_key_management_master_key_id | alias/mariadb2 | | aws_key_management_rotate_key | 0 | +----------------------------------+----------------+ 4 rows in set (0.00 sec) MariaDB [(none)]> set global aws_key_management_rotate_key=3; Query OK, 0 rows affected (0.27 sec)
30 Key rotation MariaDB [db]> set global innodb_encryption_threads=4; Query OK, 0 rows affected (0.00 sec) MariaDB [db]> set global innodb_encryption_rotate_key_age=0; Query OK, 0 rows affected (0.00 sec) MariaDB [db]> select * from information_schema.innodb_tablespaces_encryption where name like 'db/c%'G *************************** 1. row *************************** SPACE: 6 NAME: db/client_credit_card ENCRYPTION_SCHEME: 1 KEYSERVER_REQUESTS: 2 MIN_KEY_VERSION: 2 CURRENT_KEY_VERSION: 2 KEY_ROTATION_PAGE_NUMBER: NULL KEY_ROTATION_MAX_PAGE_NUMBER: NULL CURRENT_KEY_ID: 3 1 row in set (0.00 sec)
31 Documentation •https://mariadb.com/kb/en/mariadb-enterprise/mariadb-enterprise-aws-kms- encryption-plugin-setup-guide/ •https://mariadb.com/kb/en/mariadb-enterprise/mariadb-enterprise-aws-kms- encryption-plugin-advanced-usage/ •https://mariadb.com/kb/en/mariadb/data-at-rest-encryption/ •https://mariadb.com/kb/en/mariadb/xtradb-innodb-data-scrubbing/
Q/A

Recommended

What is MariaDB Server 10.3?
What is MariaDB Server 10.3?What is MariaDB Server 10.3?
What is MariaDB Server 10.3?Colin Charles
 
Differences between MariaDB 10.3 & MySQL 8.0
Differences between MariaDB 10.3 & MySQL 8.0Differences between MariaDB 10.3 & MySQL 8.0
Differences between MariaDB 10.3 & MySQL 8.0Colin Charles
 
Icinga 2009 at OSMC
Icinga 2009 at OSMCIcinga 2009 at OSMC
Icinga 2009 at OSMCIcinga
 
Better encryption & security with MariaDB 10.1 & MySQL 5.7
Better encryption & security with MariaDB 10.1 & MySQL 5.7Better encryption & security with MariaDB 10.1 & MySQL 5.7
Better encryption & security with MariaDB 10.1 & MySQL 5.7Colin Charles
 
Databases in the hosted cloud
Databases in the hosted cloud Databases in the hosted cloud
Databases in the hosted cloud Colin Charles
 
MySQL features missing in MariaDB Server
MySQL features missing in MariaDB ServerMySQL features missing in MariaDB Server
MySQL features missing in MariaDB ServerColin Charles
 
Meet MariaDB Server 10.1 London MySQL meetup December 2015
Meet MariaDB Server 10.1 London MySQL meetup December 2015Meet MariaDB Server 10.1 London MySQL meetup December 2015
Meet MariaDB Server 10.1 London MySQL meetup December 2015Colin Charles
 
MariaDB und mehr - MariaDB Roadshow Summer 2014 Hamburg Berlin Frankfurt
MariaDB und mehr - MariaDB Roadshow Summer 2014 Hamburg Berlin FrankfurtMariaDB und mehr - MariaDB Roadshow Summer 2014 Hamburg Berlin Frankfurt
MariaDB und mehr - MariaDB Roadshow Summer 2014 Hamburg Berlin FrankfurtMariaDB Corporation
 

Recommended

What is MariaDB Server 10.3?
What is MariaDB Server 10.3?What is MariaDB Server 10.3?
What is MariaDB Server 10.3?Colin Charles
 
Differences between MariaDB 10.3 & MySQL 8.0
Differences between MariaDB 10.3 & MySQL 8.0Differences between MariaDB 10.3 & MySQL 8.0
Differences between MariaDB 10.3 & MySQL 8.0Colin Charles
 
Icinga 2009 at OSMC
Icinga 2009 at OSMCIcinga 2009 at OSMC
Icinga 2009 at OSMCIcinga
 
Better encryption & security with MariaDB 10.1 & MySQL 5.7
Better encryption & security with MariaDB 10.1 & MySQL 5.7Better encryption & security with MariaDB 10.1 & MySQL 5.7
Better encryption & security with MariaDB 10.1 & MySQL 5.7Colin Charles
 
Databases in the hosted cloud
Databases in the hosted cloud Databases in the hosted cloud
Databases in the hosted cloud Colin Charles
 
MySQL features missing in MariaDB Server
MySQL features missing in MariaDB ServerMySQL features missing in MariaDB Server
MySQL features missing in MariaDB ServerColin Charles
 
Meet MariaDB Server 10.1 London MySQL meetup December 2015
Meet MariaDB Server 10.1 London MySQL meetup December 2015Meet MariaDB Server 10.1 London MySQL meetup December 2015
Meet MariaDB Server 10.1 London MySQL meetup December 2015Colin Charles
 
MariaDB und mehr - MariaDB Roadshow Summer 2014 Hamburg Berlin Frankfurt
MariaDB und mehr - MariaDB Roadshow Summer 2014 Hamburg Berlin FrankfurtMariaDB und mehr - MariaDB Roadshow Summer 2014 Hamburg Berlin Frankfurt
MariaDB und mehr - MariaDB Roadshow Summer 2014 Hamburg Berlin FrankfurtMariaDB Corporation
 
Why MariaDB?
Why MariaDB?Why MariaDB?
Why MariaDB?Colin Charles
 
Icinga lsm 2015 copy
Icinga lsm 2015 copyIcinga lsm 2015 copy
Icinga lsm 2015 copyNETWAYS
 
SSL certificates in the Oracle Database without surprises
SSL certificates in the Oracle Database without surprisesSSL certificates in the Oracle Database without surprises
SSL certificates in the Oracle Database without surprisesNelson Calero
 
MariaDB 10 Tutorial - 13.11.11 - Percona Live London
MariaDB 10 Tutorial - 13.11.11 - Percona Live LondonMariaDB 10 Tutorial - 13.11.11 - Percona Live London
MariaDB 10 Tutorial - 13.11.11 - Percona Live LondonIvan Zoratti
 
Techdays Finland 2018 - Building secure cloud applications with Azure Key Vault
Techdays Finland 2018 - Building secure cloud applications with Azure Key VaultTechdays Finland 2018 - Building secure cloud applications with Azure Key Vault
Techdays Finland 2018 - Building secure cloud applications with Azure Key VaultTom Kerkhove
 
Databases in the hosted cloud
Databases in the hosted cloudDatabases in the hosted cloud
Databases in the hosted cloudColin Charles
 
MariaDB - the "new" MySQL is 5 years old and everywhere (LinuxCon Europe 2015)
MariaDB - the "new" MySQL is 5 years old and everywhere (LinuxCon Europe 2015)MariaDB - the "new" MySQL is 5 years old and everywhere (LinuxCon Europe 2015)
MariaDB - the "new" MySQL is 5 years old and everywhere (LinuxCon Europe 2015)Colin Charles
 
Securing your MySQL / MariaDB Server data
Securing your MySQL / MariaDB Server dataSecuring your MySQL / MariaDB Server data
Securing your MySQL / MariaDB Server dataColin Charles
 
MariaDB 10: The Complete Tutorial
MariaDB 10: The Complete TutorialMariaDB 10: The Complete Tutorial
MariaDB 10: The Complete TutorialColin Charles
 
MySQL Monitoring with Zabbix
MySQL Monitoring with ZabbixMySQL Monitoring with Zabbix
MySQL Monitoring with ZabbixFromDual GmbH
 
Introduction to MariaDB
Introduction to MariaDBIntroduction to MariaDB
Introduction to MariaDBJongJin Lee
 
The MySQL ecosystem - understanding it, not running away from it!
The MySQL ecosystem - understanding it, not running away from it! The MySQL ecosystem - understanding it, not running away from it!
The MySQL ecosystem - understanding it, not running away from it! Colin Charles
 
MariaDB Server & MySQL Security Essentials 2016
MariaDB Server & MySQL Security Essentials 2016MariaDB Server & MySQL Security Essentials 2016
MariaDB Server & MySQL Security Essentials 2016Colin Charles
 
Icinga 2 at Icinga Camp San Francisco
Icinga 2 at Icinga Camp San FranciscoIcinga 2 at Icinga Camp San Francisco
Icinga 2 at Icinga Camp San FranciscoIcinga
 
The New MariaDB Offering: MariaDB 10, MaxScale and More
The New MariaDB Offering: MariaDB 10, MaxScale and MoreThe New MariaDB Offering: MariaDB 10, MaxScale and More
The New MariaDB Offering: MariaDB 10, MaxScale and MoreMariaDB Corporation
 
MariaDB 10 and what's new with the project
MariaDB 10 and what's new with the projectMariaDB 10 and what's new with the project
MariaDB 10 and what's new with the projectColin Charles
 
Meet MariaDB 10.1 at the Bulgaria Web Summit
Meet MariaDB 10.1 at the Bulgaria Web SummitMeet MariaDB 10.1 at the Bulgaria Web Summit
Meet MariaDB 10.1 at the Bulgaria Web SummitColin Charles
 
Hadoop Security Now and Future
Hadoop Security Now and FutureHadoop Security Now and Future
Hadoop Security Now and Futuretcloudcomputing-tw
 
MariaDB 10.1 what's new and what's coming in 10.2 - Tokyo MariaDB Meetup
MariaDB 10.1 what's new and what's coming in 10.2 - Tokyo MariaDB MeetupMariaDB 10.1 what's new and what's coming in 10.2 - Tokyo MariaDB Meetup
MariaDB 10.1 what's new and what's coming in 10.2 - Tokyo MariaDB MeetupColin Charles
 
MariaDB: in-depth (hands on training in Seoul)
MariaDB: in-depth (hands on training in Seoul)MariaDB: in-depth (hands on training in Seoul)
MariaDB: in-depth (hands on training in Seoul)Colin Charles
 
Leona Chin Cover of Health and Beauty Magazine 2015
Leona Chin Cover of Health and Beauty Magazine 2015Leona Chin Cover of Health and Beauty Magazine 2015
Leona Chin Cover of Health and Beauty Magazine 2015Leona Chin
 
The pathway of god
The pathway of godThe pathway of god
The pathway of godSteve Moreland
 

More Related Content

What's hot

Icinga lsm 2015 copy
Icinga lsm 2015 copyIcinga lsm 2015 copy
Icinga lsm 2015 copyNETWAYS
 
SSL certificates in the Oracle Database without surprises
SSL certificates in the Oracle Database without surprisesSSL certificates in the Oracle Database without surprises
SSL certificates in the Oracle Database without surprisesNelson Calero
 
MariaDB 10 Tutorial - 13.11.11 - Percona Live London
MariaDB 10 Tutorial - 13.11.11 - Percona Live LondonMariaDB 10 Tutorial - 13.11.11 - Percona Live London
MariaDB 10 Tutorial - 13.11.11 - Percona Live LondonIvan Zoratti
 
Techdays Finland 2018 - Building secure cloud applications with Azure Key Vault
Techdays Finland 2018 - Building secure cloud applications with Azure Key VaultTechdays Finland 2018 - Building secure cloud applications with Azure Key Vault
Techdays Finland 2018 - Building secure cloud applications with Azure Key VaultTom Kerkhove
 
Databases in the hosted cloud
Databases in the hosted cloudDatabases in the hosted cloud
Databases in the hosted cloudColin Charles
 
MariaDB - the "new" MySQL is 5 years old and everywhere (LinuxCon Europe 2015)
MariaDB - the "new" MySQL is 5 years old and everywhere (LinuxCon Europe 2015)MariaDB - the "new" MySQL is 5 years old and everywhere (LinuxCon Europe 2015)
MariaDB - the "new" MySQL is 5 years old and everywhere (LinuxCon Europe 2015)Colin Charles
 
Securing your MySQL / MariaDB Server data
Securing your MySQL / MariaDB Server dataSecuring your MySQL / MariaDB Server data
Securing your MySQL / MariaDB Server dataColin Charles
 
MariaDB 10: The Complete Tutorial
MariaDB 10: The Complete TutorialMariaDB 10: The Complete Tutorial
MariaDB 10: The Complete TutorialColin Charles
 
MySQL Monitoring with Zabbix
MySQL Monitoring with ZabbixMySQL Monitoring with Zabbix
MySQL Monitoring with ZabbixFromDual GmbH
 
Introduction to MariaDB
Introduction to MariaDBIntroduction to MariaDB
Introduction to MariaDBJongJin Lee
 
The MySQL ecosystem - understanding it, not running away from it!
The MySQL ecosystem - understanding it, not running away from it! The MySQL ecosystem - understanding it, not running away from it!
The MySQL ecosystem - understanding it, not running away from it! Colin Charles
 
MariaDB Server & MySQL Security Essentials 2016
MariaDB Server & MySQL Security Essentials 2016MariaDB Server & MySQL Security Essentials 2016
MariaDB Server & MySQL Security Essentials 2016Colin Charles
 
Icinga 2 at Icinga Camp San Francisco
Icinga 2 at Icinga Camp San FranciscoIcinga 2 at Icinga Camp San Francisco
Icinga 2 at Icinga Camp San FranciscoIcinga
 
The New MariaDB Offering: MariaDB 10, MaxScale and More
The New MariaDB Offering: MariaDB 10, MaxScale and MoreThe New MariaDB Offering: MariaDB 10, MaxScale and More
The New MariaDB Offering: MariaDB 10, MaxScale and MoreMariaDB Corporation
 
MariaDB 10 and what's new with the project
MariaDB 10 and what's new with the projectMariaDB 10 and what's new with the project
MariaDB 10 and what's new with the projectColin Charles
 
Meet MariaDB 10.1 at the Bulgaria Web Summit
Meet MariaDB 10.1 at the Bulgaria Web SummitMeet MariaDB 10.1 at the Bulgaria Web Summit
Meet MariaDB 10.1 at the Bulgaria Web SummitColin Charles
 
Hadoop Security Now and Future
Hadoop Security Now and FutureHadoop Security Now and Future
Hadoop Security Now and Futuretcloudcomputing-tw
 
MariaDB 10.1 what's new and what's coming in 10.2 - Tokyo MariaDB Meetup
MariaDB 10.1 what's new and what's coming in 10.2 - Tokyo MariaDB MeetupMariaDB 10.1 what's new and what's coming in 10.2 - Tokyo MariaDB Meetup
MariaDB 10.1 what's new and what's coming in 10.2 - Tokyo MariaDB MeetupColin Charles
 
MariaDB: in-depth (hands on training in Seoul)
MariaDB: in-depth (hands on training in Seoul)MariaDB: in-depth (hands on training in Seoul)
MariaDB: in-depth (hands on training in Seoul)Colin Charles
 

What's hot (20)

Why MariaDB?
Why MariaDB?Why MariaDB?
Why MariaDB?
 
Icinga lsm 2015 copy
Icinga lsm 2015 copyIcinga lsm 2015 copy
Icinga lsm 2015 copy
 
SSL certificates in the Oracle Database without surprises
SSL certificates in the Oracle Database without surprisesSSL certificates in the Oracle Database without surprises
SSL certificates in the Oracle Database without surprises
 
MariaDB 10 Tutorial - 13.11.11 - Percona Live London
MariaDB 10 Tutorial - 13.11.11 - Percona Live LondonMariaDB 10 Tutorial - 13.11.11 - Percona Live London
MariaDB 10 Tutorial - 13.11.11 - Percona Live London
 
Techdays Finland 2018 - Building secure cloud applications with Azure Key Vault
Techdays Finland 2018 - Building secure cloud applications with Azure Key VaultTechdays Finland 2018 - Building secure cloud applications with Azure Key Vault
Techdays Finland 2018 - Building secure cloud applications with Azure Key Vault
 
Databases in the hosted cloud
Databases in the hosted cloudDatabases in the hosted cloud
Databases in the hosted cloud
 
MariaDB - the "new" MySQL is 5 years old and everywhere (LinuxCon Europe 2015)
MariaDB - the "new" MySQL is 5 years old and everywhere (LinuxCon Europe 2015)MariaDB - the "new" MySQL is 5 years old and everywhere (LinuxCon Europe 2015)
MariaDB - the "new" MySQL is 5 years old and everywhere (LinuxCon Europe 2015)
 
Securing your MySQL / MariaDB Server data
Securing your MySQL / MariaDB Server dataSecuring your MySQL / MariaDB Server data
Securing your MySQL / MariaDB Server data
 
MariaDB 10: The Complete Tutorial
MariaDB 10: The Complete TutorialMariaDB 10: The Complete Tutorial
MariaDB 10: The Complete Tutorial
 
MySQL Monitoring with Zabbix
MySQL Monitoring with ZabbixMySQL Monitoring with Zabbix
MySQL Monitoring with Zabbix
 
Introduction to MariaDB
Introduction to MariaDBIntroduction to MariaDB
Introduction to MariaDB
 
The MySQL ecosystem - understanding it, not running away from it!
The MySQL ecosystem - understanding it, not running away from it! The MySQL ecosystem - understanding it, not running away from it!
The MySQL ecosystem - understanding it, not running away from it!
 
MariaDB Server & MySQL Security Essentials 2016
MariaDB Server & MySQL Security Essentials 2016MariaDB Server & MySQL Security Essentials 2016
MariaDB Server & MySQL Security Essentials 2016
 
Icinga 2 at Icinga Camp San Francisco
Icinga 2 at Icinga Camp San FranciscoIcinga 2 at Icinga Camp San Francisco
Icinga 2 at Icinga Camp San Francisco
 
The New MariaDB Offering: MariaDB 10, MaxScale and More
The New MariaDB Offering: MariaDB 10, MaxScale and MoreThe New MariaDB Offering: MariaDB 10, MaxScale and More
The New MariaDB Offering: MariaDB 10, MaxScale and More
 
MariaDB 10 and what's new with the project
MariaDB 10 and what's new with the projectMariaDB 10 and what's new with the project
MariaDB 10 and what's new with the project
 
Meet MariaDB 10.1 at the Bulgaria Web Summit
Meet MariaDB 10.1 at the Bulgaria Web SummitMeet MariaDB 10.1 at the Bulgaria Web Summit
Meet MariaDB 10.1 at the Bulgaria Web Summit
 
Hadoop Security Now and Future
Hadoop Security Now and FutureHadoop Security Now and Future
Hadoop Security Now and Future
 
MariaDB 10.1 what's new and what's coming in 10.2 - Tokyo MariaDB Meetup
MariaDB 10.1 what's new and what's coming in 10.2 - Tokyo MariaDB MeetupMariaDB 10.1 what's new and what's coming in 10.2 - Tokyo MariaDB Meetup
MariaDB 10.1 what's new and what's coming in 10.2 - Tokyo MariaDB Meetup
 
MariaDB: in-depth (hands on training in Seoul)
MariaDB: in-depth (hands on training in Seoul)MariaDB: in-depth (hands on training in Seoul)
MariaDB: in-depth (hands on training in Seoul)
 

Viewers also liked

Leona Chin Cover of Health and Beauty Magazine 2015
Leona Chin Cover of Health and Beauty Magazine 2015Leona Chin Cover of Health and Beauty Magazine 2015
Leona Chin Cover of Health and Beauty Magazine 2015Leona Chin
 
Tinh cathaptu
Tinh cathaptuTinh cathaptu
Tinh cathaptuducal
 
Descubra+a+mensagem
Descubra+a+mensagemDescubra+a+mensagem
Descubra+a+mensagemvilmaca
 
Who is Leona Chin?
Who is Leona Chin?Who is Leona Chin?
Who is Leona Chin?Leona Chin
 
Ensayo de jose maria arguedas
Ensayo de jose maria arguedasEnsayo de jose maria arguedas
Ensayo de jose maria arguedasBriigyttee
 
2016 Triton Adventure VGT X Mivec Turbo Diesel Brochure
2016 Triton Adventure VGT X Mivec Turbo Diesel Brochure2016 Triton Adventure VGT X Mivec Turbo Diesel Brochure
2016 Triton Adventure VGT X Mivec Turbo Diesel BrochureLeona Chin
 
Ms1 seq 1 me and my friends ( 2 g)
Ms1 seq 1 me and my friends ( 2 g)Ms1 seq 1 me and my friends ( 2 g)
Ms1 seq 1 me and my friends ( 2 g)Mr Bounab Samir
 

Viewers also liked (10)

Leona Chin Cover of Health and Beauty Magazine 2015
Leona Chin Cover of Health and Beauty Magazine 2015Leona Chin Cover of Health and Beauty Magazine 2015
Leona Chin Cover of Health and Beauty Magazine 2015
 
The pathway of god
The pathway of godThe pathway of god
The pathway of god
 
Adel CV - Copy
Adel CV - CopyAdel CV - Copy
Adel CV - Copy
 
697_conference
697_conference697_conference
697_conference
 
Tinh cathaptu
Tinh cathaptuTinh cathaptu
Tinh cathaptu
 
Descubra+a+mensagem
Descubra+a+mensagemDescubra+a+mensagem
Descubra+a+mensagem
 
Who is Leona Chin?
Who is Leona Chin?Who is Leona Chin?
Who is Leona Chin?
 
Ensayo de jose maria arguedas
Ensayo de jose maria arguedasEnsayo de jose maria arguedas
Ensayo de jose maria arguedas
 
2016 Triton Adventure VGT X Mivec Turbo Diesel Brochure
2016 Triton Adventure VGT X Mivec Turbo Diesel Brochure2016 Triton Adventure VGT X Mivec Turbo Diesel Brochure
2016 Triton Adventure VGT X Mivec Turbo Diesel Brochure
 
Ms1 seq 1 me and my friends ( 2 g)
Ms1 seq 1 me and my friends ( 2 g)Ms1 seq 1 me and my friends ( 2 g)
Ms1 seq 1 me and my friends ( 2 g)
 

Similar to Plam16 jan

SAP SDM Hacking
SAP SDM HackingSAP SDM Hacking
SAP SDM HackingERPScan
 
MySQL Data Encryption at Rest
MySQL Data Encryption at RestMySQL Data Encryption at Rest
MySQL Data Encryption at RestMydbops
 
Using advanced security and data-protection features
Using advanced security and data-protection featuresUsing advanced security and data-protection features
Using advanced security and data-protection featuresMariaDB plc
 
Deep Dive on Amazon Relational Database Service
Deep Dive on Amazon Relational Database ServiceDeep Dive on Amazon Relational Database Service
Deep Dive on Amazon Relational Database ServiceAmazon Web Services
 
Deploying MariaDB databases with containers at Nokia Networks
Deploying MariaDB databases with containers at Nokia NetworksDeploying MariaDB databases with containers at Nokia Networks
Deploying MariaDB databases with containers at Nokia NetworksMariaDB plc
 
MongoDB .local Bengaluru 2019: New Encryption Capabilities in MongoDB 4.2: A ...
MongoDB .local Bengaluru 2019: New Encryption Capabilities in MongoDB 4.2: A ...MongoDB .local Bengaluru 2019: New Encryption Capabilities in MongoDB 4.2: A ...
MongoDB .local Bengaluru 2019: New Encryption Capabilities in MongoDB 4.2: A ...MongoDB
 
Injecting evil code in your SAP J2EE systems. Security of SAP Software Deploy...
Injecting evil code in your SAP J2EE systems. Security of SAP Software Deploy...Injecting evil code in your SAP J2EE systems. Security of SAP Software Deploy...
Injecting evil code in your SAP J2EE systems. Security of SAP Software Deploy...ERPScan
 
The Complete MariaDB Server Tutorial - Percona Live 2015
The Complete MariaDB Server Tutorial - Percona Live 2015The Complete MariaDB Server Tutorial - Percona Live 2015
The Complete MariaDB Server Tutorial - Percona Live 2015Colin Charles
 
Deep Dive on Amazon Relational Database Service
Deep Dive on Amazon Relational Database ServiceDeep Dive on Amazon Relational Database Service
Deep Dive on Amazon Relational Database ServiceAmazon Web Services
 
Amazon RDS for Microsoft SQL: Performance, Security, Best Practices (DAT303) ...
Amazon RDS for Microsoft SQL: Performance, Security, Best Practices (DAT303) ...Amazon RDS for Microsoft SQL: Performance, Security, Best Practices (DAT303) ...
Amazon RDS for Microsoft SQL: Performance, Security, Best Practices (DAT303) ...Amazon Web Services
 
Database Security Threats — MariaDB Security Best Practices
Database Security Threats — MariaDB Security Best PracticesDatabase Security Threats — MariaDB Security Best Practices
Database Security Threats — MariaDB Security Best PracticesMariaDB plc
 
The Complete MariaDB Server tutorial
The Complete MariaDB Server tutorialThe Complete MariaDB Server tutorial
The Complete MariaDB Server tutorialColin Charles
 
2012 09 MariaDB Boston Meetup - MariaDB 是 Mysql 的替代者吗
2012 09 MariaDB Boston Meetup - MariaDB 是 Mysql 的替代者吗2012 09 MariaDB Boston Meetup - MariaDB 是 Mysql 的替代者吗
2012 09 MariaDB Boston Meetup - MariaDB 是 Mysql 的替代者吗YUCHENG HU
 
2022-Db2-Securing_Your_data_in_motion.pdf
2022-Db2-Securing_Your_data_in_motion.pdf2022-Db2-Securing_Your_data_in_motion.pdf
2022-Db2-Securing_Your_data_in_motion.pdfRoland Schock
 
7 Reasons Not to Put an External Cache in Front of Your Database.pptx
7 Reasons Not to Put an External Cache in Front of Your Database.pptx7 Reasons Not to Put an External Cache in Front of Your Database.pptx
7 Reasons Not to Put an External Cache in Front of Your Database.pptxScyllaDB
 
MariaDB Encryption using AWS Key Management Service
MariaDB Encryption using AWS Key Management ServiceMariaDB Encryption using AWS Key Management Service
MariaDB Encryption using AWS Key Management ServiceHeinz Wiesinger
 
Deep Dive RDS & Aurora - Pop-up Loft TLV 2017
Deep Dive RDS & Aurora - Pop-up Loft TLV 2017Deep Dive RDS & Aurora - Pop-up Loft TLV 2017
Deep Dive RDS & Aurora - Pop-up Loft TLV 2017Amazon Web Services
 
Deep Dive: Amazon Relational Database Service (March 2017)
Deep Dive: Amazon Relational Database Service (March 2017)Deep Dive: Amazon Relational Database Service (March 2017)
Deep Dive: Amazon Relational Database Service (March 2017)Julien SIMON
 
MySQL Security on AWS Rds
MySQL Security on AWS RdsMySQL Security on AWS Rds
MySQL Security on AWS RdsMydbops
 
Protecting Your Data with Encryption on AWS
Protecting Your Data with Encryption on AWSProtecting Your Data with Encryption on AWS
Protecting Your Data with Encryption on AWSAmazon Web Services
 

Similar to Plam16 jan (20)

SAP SDM Hacking
SAP SDM HackingSAP SDM Hacking
SAP SDM Hacking
 
MySQL Data Encryption at Rest
MySQL Data Encryption at RestMySQL Data Encryption at Rest
MySQL Data Encryption at Rest
 
Using advanced security and data-protection features
Using advanced security and data-protection featuresUsing advanced security and data-protection features
Using advanced security and data-protection features
 
Deep Dive on Amazon Relational Database Service
Deep Dive on Amazon Relational Database ServiceDeep Dive on Amazon Relational Database Service
Deep Dive on Amazon Relational Database Service
 
Deploying MariaDB databases with containers at Nokia Networks
Deploying MariaDB databases with containers at Nokia NetworksDeploying MariaDB databases with containers at Nokia Networks
Deploying MariaDB databases with containers at Nokia Networks
 
MongoDB .local Bengaluru 2019: New Encryption Capabilities in MongoDB 4.2: A ...
MongoDB .local Bengaluru 2019: New Encryption Capabilities in MongoDB 4.2: A ...MongoDB .local Bengaluru 2019: New Encryption Capabilities in MongoDB 4.2: A ...
MongoDB .local Bengaluru 2019: New Encryption Capabilities in MongoDB 4.2: A ...
 
Injecting evil code in your SAP J2EE systems. Security of SAP Software Deploy...
Injecting evil code in your SAP J2EE systems. Security of SAP Software Deploy...Injecting evil code in your SAP J2EE systems. Security of SAP Software Deploy...
Injecting evil code in your SAP J2EE systems. Security of SAP Software Deploy...
 
The Complete MariaDB Server Tutorial - Percona Live 2015
The Complete MariaDB Server Tutorial - Percona Live 2015The Complete MariaDB Server Tutorial - Percona Live 2015
The Complete MariaDB Server Tutorial - Percona Live 2015
 
Deep Dive on Amazon Relational Database Service
Deep Dive on Amazon Relational Database ServiceDeep Dive on Amazon Relational Database Service
Deep Dive on Amazon Relational Database Service
 
Amazon RDS for Microsoft SQL: Performance, Security, Best Practices (DAT303) ...
Amazon RDS for Microsoft SQL: Performance, Security, Best Practices (DAT303) ...Amazon RDS for Microsoft SQL: Performance, Security, Best Practices (DAT303) ...
Amazon RDS for Microsoft SQL: Performance, Security, Best Practices (DAT303) ...
 
Database Security Threats — MariaDB Security Best Practices
Database Security Threats — MariaDB Security Best PracticesDatabase Security Threats — MariaDB Security Best Practices
Database Security Threats — MariaDB Security Best Practices
 
The Complete MariaDB Server tutorial
The Complete MariaDB Server tutorialThe Complete MariaDB Server tutorial
The Complete MariaDB Server tutorial
 
2012 09 MariaDB Boston Meetup - MariaDB 是 Mysql 的替代者吗
2012 09 MariaDB Boston Meetup - MariaDB 是 Mysql 的替代者吗2012 09 MariaDB Boston Meetup - MariaDB 是 Mysql 的替代者吗
2012 09 MariaDB Boston Meetup - MariaDB 是 Mysql 的替代者吗
 
2022-Db2-Securing_Your_data_in_motion.pdf
2022-Db2-Securing_Your_data_in_motion.pdf2022-Db2-Securing_Your_data_in_motion.pdf
2022-Db2-Securing_Your_data_in_motion.pdf
 
7 Reasons Not to Put an External Cache in Front of Your Database.pptx
7 Reasons Not to Put an External Cache in Front of Your Database.pptx7 Reasons Not to Put an External Cache in Front of Your Database.pptx
7 Reasons Not to Put an External Cache in Front of Your Database.pptx
 
MariaDB Encryption using AWS Key Management Service
MariaDB Encryption using AWS Key Management ServiceMariaDB Encryption using AWS Key Management Service
MariaDB Encryption using AWS Key Management Service
 
Deep Dive RDS & Aurora - Pop-up Loft TLV 2017
Deep Dive RDS & Aurora - Pop-up Loft TLV 2017Deep Dive RDS & Aurora - Pop-up Loft TLV 2017
Deep Dive RDS & Aurora - Pop-up Loft TLV 2017
 
Deep Dive: Amazon Relational Database Service (March 2017)
Deep Dive: Amazon Relational Database Service (March 2017)Deep Dive: Amazon Relational Database Service (March 2017)
Deep Dive: Amazon Relational Database Service (March 2017)
 
MySQL Security on AWS Rds
MySQL Security on AWS RdsMySQL Security on AWS Rds
MySQL Security on AWS Rds
 
Protecting Your Data with Encryption on AWS
Protecting Your Data with Encryption on AWSProtecting Your Data with Encryption on AWS
Protecting Your Data with Encryption on AWS
 

Recently uploaded

Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsJhone kinadey
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerThousandEyes
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfkalichargn70th171
 
Test Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and BackendTest Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and BackendArshad QA
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxComplianceQuest1
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...OnePlan Solutions
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software DevelopersVinodh Ram
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsArshad QA
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providermohitmore19
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...harshavardhanraghave
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...ICS
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsAlberto González Trastoy
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...MyIntelliSource, Inc.
 
DNT_Corporate presentation know about us
DNT_Corporate presentation know about usDNT_Corporate presentation know about us
DNT_Corporate presentation know about usDynamic Netsoft
 
why an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfwhy an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfjoe51371421
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...gurkirankumar98700
 
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️anilsa9823
 

Recently uploaded (20)

Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial Goals
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
 
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
 
Test Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and BackendTest Automation Strategy for Frontend and Backend
Test Automation Strategy for Frontend and Backend
 
Microsoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdfMicrosoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdf
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docx
 
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
Tech Tuesday-Harness the Power of Effective Resource Planning with OnePlan’s ...
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software Developers
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview Questions
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
 
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
 
DNT_Corporate presentation know about us
DNT_Corporate presentation know about usDNT_Corporate presentation know about us
DNT_Corporate presentation know about us
 
why an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdfwhy an Opensea Clone Script might be your perfect match.pdf
why an Opensea Clone Script might be your perfect match.pdf
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
 
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
 

Plam16 jan

  • 1. Transparent tablespace and log encryption on MariaDB 10.1 using Amazon Key Management Service Jan Lindström, Principal Engineer, MariaDB Corporation Amsterdam, Netherlands | October 5, 2016
  • 2. 2 Agenda 1. Introduction 2. Concepts 3. InnoDB/XtraDB 4. Encryption Plugins 5. Amazon AWS KMS 6. Configuration
  • 4. 4 What is transparent encryption? • Transparent to application • Application does’t know anything about keys, algorithm, etc • Anyone that can connect to MariaDB can dump data • Not data-in-transit encryption (SSL/TLS) • Not per-column encryption • Not application-side encryption • No encryption functions needed (AES_ENCRYPT())
  • 5. 5 All data written to disk should be encrypted • InnoDB tablespaces (per-file and system) • InnoDB log files • Aria tables • Temporary files • Temporary tables • Binary log • No mysqlbinlog, though!
  • 6. 6 What’s missing? • Aria logs • Audit log • Error log • Slow query log • General query log • MyISAM tables • CONNECT, CSV, et. Al. • Galera gcache
  • 7. 7 Implementation • MariaDB has a new interface for encryption plugins • Key management • Encryption/decryption • Implemented co-operation together with Google and Eperi • https://mariadb.com/kb/en/mariadb/encryption-plugins/
  • 9. 9 Concepts • Key ID • ID 1 for system data, like InnoDB redo logs, binary logs, etc • ID 2 (if available) for temporary data, like temporary files and temporary tables • Other Ids as configured when creating tables, etc. • Key Version (for rotation) • Encryption algorithm • Default AES_CBC • Support for these items may vary across plugins!
  • 11. 11 InnoDB/XtraDB • ON/OFF/FORCE • innodb-encrypt-tables = [ON | OFF | FORCE]; • Encrypt log • innodb-encrypt-log = [ON | OFF]; • Monitoring (IS) • innodb-tablespaces-scrubbing • innodb-tablespaces-encryption
  • 12. 12 InnoDB/XtraDB • Optional background rotation • innodb-encryption-threads = n; • innodb-encryption-rotate-key-age= n; - ”Age” in key versions • innodb-encryption-rotation-iops = n; • Optional data scrubbing • innodb-background-scrub-data-compressed = [ON | OFF]; • innodb-background-scrub-data-uncompressed = [ON | OFF]; • innodb-immediate-scrub-data-uncompressed = [ON | OFF]; • innodb-scrub-log = [ON|OFF]; • innodb-scrub-log-speed=n; • innodb-background-scrub-data-check-interval=n; https://mariadb.com/kb/en/mariadb/xtradb-innodb-data-scrubbing/
  • 14. 14 Encryption plugins • File key management • https://mariadb.com/kb/en/mariadb/data-at-rest-encryption/#file_key_management- plugin • AWS KMS plugin • https://mariadb.com/kb/en/mariadb/aws-key-management-encryption-plugin/ • Eperi plugin • http://eperi.de/en/products/database-encryption/ • Custom plugins to meet customer needs?
  • 15. 15 File_key_management • Keys stored in a local file (note that this file could be on USB stick) • No support for key rotation/version • Key file itself can be encrypted (but used key in my.cnf) • Do you feel good having your encryption keys sitting next to your data ?
  • 16. 16 Eperi plugin • Separate Eperi gateway software • Licenses and downloads from Eperi’s web portal • KMS • Plugin opens listener that the KMS connects to in order to authenticate the connecting MariaDB instance • Page encryption server • InnoDB actually sends pages to the Eperi gateway node to be encrypted!
  • 18. 18 AWS KMS Encryption Plugin • Amazon Web Services Key Management Service • CloadTrail & CloudWatch • Logging • Auditing • Notifications • Identity and Access Management (IAM) • Interesting possibilities • MFA for MariaDB startup • IAM roles to read keys • AWS logging & alerts
  • 19. 19 Requirements • You need to sign up for Amazon Web Services • You need to create IAM user • MariaDB server will use these credentials to authenticate AWS server • You need to create a master encryption key • Used to encrypt the actual encryption keys that will be used by MariaDB • You will need to configure AWS credentials • You will need to configure MariaDB (naturally)
  • 20. 20 AWS KMS Plugin • Writes enrypted keys to local disk • MariaDB must connect to KMS to decrypt keys - MariaDB startup - Creating a table that uses a new key • Supports key rotation • Limited platform support due to C++11 requirement of AWS SDK • Requires C++11 compiler: gcc4.7+, clang 3.3+ or VS2013+ • RHEL • CentOS 7 • ~600 lines • Great reference for people who want to write their own plugins
  • 21. 21 Credentials Management • Identify and Access Management (IAM) policy for keys • Authorized source addresses • IAM users w/ restricted privileges • Multi-Factor Authentication (2FA/MFA) • AWS SDK • Config file, environment variables, etc. • Flexible wrapper program • EC2 (Elastic Compute Cloud) instance IAM role
  • 23. 23 Install, enable, and configure $ cat /etc/my.cnf.d/aws_key_management.cnf [mariadb] plugin-load-add=aws_key_management.so aws-key-management aws-key-management-master-key-id = alieas/mariadb2 # aws_key_management_log_level = Trace ignore-db-dirs=.pki !include /etc/my.cnf.d/enable_encryption.preset
  • 24. 24 Turn on encryption settings $ cat /etc/my.cnf.d/enable_encryption.preset [mariadb] aria-encrypt-tables encrypt-binlog encrypt-tmp-disk-tables encrypt-tmp-files loose-innodb-encrypt-log loose-innodb-encrypt-tables
  • 25. 25 Encrypted system tablespace $ sudo –u mysql mysql_install_db … 2016-09-29 11:40:00 [Note] AWK KMS plugin: generated encrypted datakey for key id=1, version=1 2016-09-29 11:40:00 [Note] AWK KMS plugin: loaded key 1, version 1, key length 128 bit … 2016-09-29 11:40:01 [Note] AWK KMS plugin: generated encrypted datakey for key id=2, version=1 2016-09-29 11:40:01 [Note] AWK KMS plugin: loaded key 2, version 1, key length 128 bit 2016-09-29 11:40:01 [Note] Using encryption key id 2 for temporary files …
  • 26. 26 Why encrypt data ? MariaDB [db]> create table client_credit_card(id int not null primary key, credit_card varchar(20)) engine=innodb encrypted=no; MariaDB [db]> insert into client_credit_cards values(20071992, ’5275-0000- 0000-0000’): … $ sudo strings /var/lib/mysql/db/client_credit_cards.ibd infimum supremum 5275-0000-0000-0000
  • 27. 27 Automatic key generation MariaDB [db]> create table client_credit_card(id int not null primary key, credit_card varchar(20)) engine=innodb encrypted=yes encryption_key_id=3; MariaDB [db]> insert into client_credit_card values(20071992, ’5275-0000-0000- 0000’): … $ sudo strings /var/lib/mysql/db/client_credit_card.ibd {7fgh k6klj B_0= …
  • 28. 28 I_S table for encryption info MariaDB [(none)]> select * from information_schema.innodb_tablespaces_encryption where name='db/client_credit_card'G *************************** 1. row *************************** SPACE: 6 NAME: db/client_credit_card ENCRYPTION_SCHEME: 1 KEYSERVER_REQUESTS: 1 MIN_KEY_VERSION: 1 CURRENT_KEY_VERSION: 1 KEY_ROTATION_PAGE_NUMBER: NULL KEY_ROTATION_MAX_PAGE_NUMBER: NULL CURRENT_KEY_ID: 3 1 row in set (0.00 sec)
  • 29. 29 Key rotation MariaDB [(none)]> show variables like 'aws%'; +----------------------------------+----------------+ | Variable_name | Value | +----------------------------------+----------------+ | aws_key_management_key_spec | AES_128 | | aws_key_management_log_level | Off | | aws_key_management_master_key_id | alias/mariadb2 | | aws_key_management_rotate_key | 0 | +----------------------------------+----------------+ 4 rows in set (0.00 sec) MariaDB [(none)]> set global aws_key_management_rotate_key=3; Query OK, 0 rows affected (0.27 sec)
  • 30. 30 Key rotation MariaDB [db]> set global innodb_encryption_threads=4; Query OK, 0 rows affected (0.00 sec) MariaDB [db]> set global innodb_encryption_rotate_key_age=0; Query OK, 0 rows affected (0.00 sec) MariaDB [db]> select * from information_schema.innodb_tablespaces_encryption where name like 'db/c%'G *************************** 1. row *************************** SPACE: 6 NAME: db/client_credit_card ENCRYPTION_SCHEME: 1 KEYSERVER_REQUESTS: 2 MIN_KEY_VERSION: 2 CURRENT_KEY_VERSION: 2 KEY_ROTATION_PAGE_NUMBER: NULL KEY_ROTATION_MAX_PAGE_NUMBER: NULL CURRENT_KEY_ID: 3 1 row in set (0.00 sec)
  • 32. Q/A