The document discusses enhancing authentication for an organization using Oracle technologies. It describes implementing Oracle Unified Directory as an LDAP proxy for Active Directory to enable single sign-on. It also covers configuring Oracle Enterprise User Security to centrally manage users stored in Active Directory without requiring an Oracle directory. The document highlights challenges that can arise with these technologies and provides tips for troubleshooting authentication issues.
Oracle has long supported the use of Docker for Oracle databases. In theory, a simple docker run instantiates a container from a docker image. But why isn't the DB container ready in a few seconds? Where does my Oracle DB image come from and what happens if the container is stopped again? This talk explains how Oracle DBs are installed, configured and then operated as containers in a Docker Image.
Security Best Practice: Oracle passwords, but secure!Stefan Oehrli
Authentication is an integral part of database security. If authentication or passwords are insufficient or inadequate, all further security measures are generally useless. But how do you ensure that passwords are complex and authentication is secure? In this presentation, the password hashes will be explained and it will be shown how to make sure passwords and authentication are state of the art. Focusing on the current versions of the Oracle database, the following topics will be discussed:
- Oracle database authentication
- Password verification and hashes
- Where can I find password hashes?
- Check and password hashes.
- Discussion of various risks related to authentication.
- Discussion of password policies and strong passwords.
- Customer Use Case in the DB Vault environment "ups we have forgotten the passwords".
The presentation will be supplemented by corresponding examples and live demos.
SOUG PDB Security, Isolation and DB Nest 20cStefan Oehrli
Lockdown Profile, PDB_OS_CREDENTIALS and other measures to enhance security and isolation of multitenant databases are available since Oracle 12c. Unfortunately only a part of the desired measures can be technically implemented. With the latest release of Oracle 20c a new features called DB Nest has been introduced. DB Nest introduced an other approach to security in PDBs. In this presentation we will discuss the new approach and its possibilities to increase database security of PDBs. The presentation will be completed by corresponding examples and live demos.
UKOUG TechFest PDB Isolation and SecurityStefan Oehrli
The same principles and measures of database security can be implemented in container databases as in normal single-tenant environments. However, if the container databases are to be used securely by various tenants with more or less high system privileges, additional security measures are required. Especially if access to the operating system is granted directly or indirectly with JVM, external tables, scheduler jobs or directories. The aim of this presentation is to evaluate database security in the focus of container databases and to discuss appropriate measures. This includes the use of lockdown profiles, PDB_OS_CREDENTIALS and various other measures and features. Where useful, the presentation is complemented by appropriate examples and demos. As far as possible, it is also shown how Oracle handles these problems in its cloud solutions (e.g. Autonomous Database).
SOUG Day Oracle 21c New Security FeaturesStefan Oehrli
With the Innovation Release 21c Oracle has introduced one or the other security feature. These include small improvements that make DB operation more secure and easier. But also completely new concepts like DB Nest, which introduce a new approach for databases, how DB security can be implemented in multitenant.
Oracle has long supported the use of Docker for Oracle databases. In theory, a simple docker run instantiates a container from a docker image. But why isn't the DB container ready in a few seconds? Where does my Oracle DB image come from and what happens if the container is stopped again? This talk explains how Oracle DBs are installed, configured and then operated as containers in a Docker Image.
Security Best Practice: Oracle passwords, but secure!Stefan Oehrli
Authentication is an integral part of database security. If authentication or passwords are insufficient or inadequate, all further security measures are generally useless. But how do you ensure that passwords are complex and authentication is secure? In this presentation, the password hashes will be explained and it will be shown how to make sure passwords and authentication are state of the art. Focusing on the current versions of the Oracle database, the following topics will be discussed:
- Oracle database authentication
- Password verification and hashes
- Where can I find password hashes?
- Check and password hashes.
- Discussion of various risks related to authentication.
- Discussion of password policies and strong passwords.
- Customer Use Case in the DB Vault environment "ups we have forgotten the passwords".
The presentation will be supplemented by corresponding examples and live demos.
SOUG PDB Security, Isolation and DB Nest 20cStefan Oehrli
Lockdown Profile, PDB_OS_CREDENTIALS and other measures to enhance security and isolation of multitenant databases are available since Oracle 12c. Unfortunately only a part of the desired measures can be technically implemented. With the latest release of Oracle 20c a new features called DB Nest has been introduced. DB Nest introduced an other approach to security in PDBs. In this presentation we will discuss the new approach and its possibilities to increase database security of PDBs. The presentation will be completed by corresponding examples and live demos.
UKOUG TechFest PDB Isolation and SecurityStefan Oehrli
The same principles and measures of database security can be implemented in container databases as in normal single-tenant environments. However, if the container databases are to be used securely by various tenants with more or less high system privileges, additional security measures are required. Especially if access to the operating system is granted directly or indirectly with JVM, external tables, scheduler jobs or directories. The aim of this presentation is to evaluate database security in the focus of container databases and to discuss appropriate measures. This includes the use of lockdown profiles, PDB_OS_CREDENTIALS and various other measures and features. Where useful, the presentation is complemented by appropriate examples and demos. As far as possible, it is also shown how Oracle handles these problems in its cloud solutions (e.g. Autonomous Database).
SOUG Day Oracle 21c New Security FeaturesStefan Oehrli
With the Innovation Release 21c Oracle has introduced one or the other security feature. These include small improvements that make DB operation more secure and easier. But also completely new concepts like DB Nest, which introduce a new approach for databases, how DB security can be implemented in multitenant.
UKOUG Techfest 2019 Central user Administration of Oracle DatabasesStefan Oehrli
Security is one of the key challenges for on-premises and cloud based databases nowadays. However, the appropriate security and hardening measures generally only make sense if authentication and authorization have already been implemented with appropriate care. Instead of the decentralized administration of users, privileges and roles in each database, it is easier and more secure to manage them centrally. The latest version of Oracle offers different possibilities to implement this requirement. With focus on the current versions of Oracle Database the following topics are discussed among others:
• Password verifier and strong authentication like Kerberos and SSL.
• Options for central user administration of Oracle databases.
• Oracle EUS versus CMU
• Integration of Oracle Database 19c with Active Directory Services
• Sample setup of an Oracle database with Active Directory Integration via Centrally Managed User (CMU)
The presentation is complemented by appropriate examples and live demos.
IaC MeetUp Active Directory Setup for Oracle Security LABStefan Oehrli
There is always that one problem that you want to analyze or that new feature that you briefly want to test. But often you lack a corresponding LAB environment. Especially if several systems and services like MS Active Directory have to be tested in combination. In this presentation we will show how IaC, scripts etc. can be used to create LAB environments quickly and easily. We will show how to configure VMs with Vagrant to test specific topics like Oracle Database Integration with Active Directory. In addition to Vagrant, we will also take a brief look at Docker Containers and Terraform Deployment on OCI, and see how you can create a corresponding LAB environment with moderate effort. The presentation will be complemented by corresponding demos and examples.
Trivadis TechEvent 2017 How modern DBAs can use our efficient Toolbox by Rola...Trivadis
See live how easy it is to provision our Toolbox on a new database server properly, so that mails can be sent, Perl works correctly and other pitfalls are prevented. I will demonstrate the basic installation and configuration of TVD-Basenv and the very simple creation of a new 12cR2 database with TVD-Admin. Next step is a backup configuration for your database with TVD-Backup in 5 minutes and last but not least we create a Data Guard Setup with TVD-HA. I will tell you the answer to questions that people ask me all the time and show you all the new features.
DOAG Oracle Unified Audit in Multitenant EnvironmentsStefan Oehrli
Oracle Audit is a well-known and proven database functionality. Or maybe not? What does auditing look like in combination with Oracle Multitenant Databases? Does database and Unified Audit work analogous to existing configurations? In the context of this presentation the auditing in the environment of container databases will be examined more closely. It will be shown what has to be considered and how an auditing concept has to be adapted to the new architecture. With focus on the current versions of the Oracle database, specific problems and workarounds in the area of Unified Audit will be shown. The presentation will be complemented by corresponding examples and live demos.
Authentication is an integral part of security. If authentication or passwords are insufficient, all further security measures are obsolete. But how do you ensure that passwords are complex? We will explain the different password hashes and show how to make sure authentication is secure.
The Oracle Cloud allows to build and configure various infrastructure resources. But you won't get far by just using "click acrobatics" via Web Console, especially if you want to build several similar and complex environments. A mouse click cannot be saved just like that. Oracle offers several API's to create and manage objects in OCI, e.g. Oracle OCI commandline utility, OCI SDK, Terraform Provider etc. This presentation will explain how to implement Infrastructure as Code in OCI using Terraform and the Oracle Terraform Provider. Using a training environment as an example, it will be shown how to build components with Terraform Server, databases and network components and how to scale them in terms of resources or number.
Security Best Practice: Oracle passwords, but secure!Stefan Oehrli
Authentication is an integral part of database security. If authentication or passwords are insufficient or inadequate, all further security measures are generally useless. But how do you ensure that passwords are complex and authentication is secure? In this presentation, the password hashes will be explained and it will be shown how to make sure passwords and authentication are state of the art. Focusing on the current versions of the Oracle database, the following topics will be discussed:
– Oracle database authentication
– Password verification and hashes
– Where can I find password hashes?
– Check and password hashes.
– Discussion of various risks related to authentication.
– Discussion of password policies and strong passwords.
– Customer Use Case in the DB Vault environment "ups we have forgotten the passwords"
SOUG Oracle Unified Audit for Multitenant DatabasesStefan Oehrli
Oracle Audit is a proven database functionality. Or maybe not? How does auditing look like in combination with Oracle Multitenant DBs? Does DB and Unified Audit work analogous to existing configurations? In the context of this lecture audit in Container DBs (19c/20c) will be discussed more closely. We will shown where to pay attention and how to adapt an audit concept to the new architecture. Specific problems and workarounds will be shown. The presentation will be complemented by demos.
Since the manageability of RMAN backup, restore and recovery operations are nearly identical for nonclustered and clustered databases, the objective of this presentation is summarize you how RMAN can be best utilized in a RAC database.
This presentation is an overview of things all IT management team needs to consider before upgrading to Oracle Database 12c and were presented in a webinar: bit.ly/1yzSdsd
Oracle ACE Director Dan Morgan was a 12c beta tester and is intimately familiar with changes in architecture and how they will impact existing infrastructure and planning and budgeting considerations.
In 2015, most organizations will begin to migrate to the latest version of Oracle Database 12c, but few are aware of the challenges to management, planning and budgeting that need to be addressed before executing such a project. Dan Morgan presents what needs to be considered and shares a few tips about 12c new features.
If you have any questions regarding your future Oracle migrations and upgrades, feel free to visit Performance Tuning Corporation at www.perftuning.com
Trivadis TechEvent 2017 Kerberos and Databases a Success by Stefan OehrliTrivadis
Or how to mess up the day. Strong authentication is state of the art. With Kerberos, strong authentication and SSO can fairly easily be setup and configured with the Oracle database. But unfortunately, the devil is in the details. Different client / server releases, complex architectures as well as one or the other bug makes life difficult. The aim of this presentation is to show how strong authentication with Kerberos can be successfully configured. Beside we will discuss special topics like standard vs. enterprise edition, DB links, proxy user and more.
UKOUG Techfest 2019 Central user Administration of Oracle DatabasesStefan Oehrli
Security is one of the key challenges for on-premises and cloud based databases nowadays. However, the appropriate security and hardening measures generally only make sense if authentication and authorization have already been implemented with appropriate care. Instead of the decentralized administration of users, privileges and roles in each database, it is easier and more secure to manage them centrally. The latest version of Oracle offers different possibilities to implement this requirement. With focus on the current versions of Oracle Database the following topics are discussed among others:
• Password verifier and strong authentication like Kerberos and SSL.
• Options for central user administration of Oracle databases.
• Oracle EUS versus CMU
• Integration of Oracle Database 19c with Active Directory Services
• Sample setup of an Oracle database with Active Directory Integration via Centrally Managed User (CMU)
The presentation is complemented by appropriate examples and live demos.
IaC MeetUp Active Directory Setup for Oracle Security LABStefan Oehrli
There is always that one problem that you want to analyze or that new feature that you briefly want to test. But often you lack a corresponding LAB environment. Especially if several systems and services like MS Active Directory have to be tested in combination. In this presentation we will show how IaC, scripts etc. can be used to create LAB environments quickly and easily. We will show how to configure VMs with Vagrant to test specific topics like Oracle Database Integration with Active Directory. In addition to Vagrant, we will also take a brief look at Docker Containers and Terraform Deployment on OCI, and see how you can create a corresponding LAB environment with moderate effort. The presentation will be complemented by corresponding demos and examples.
Trivadis TechEvent 2017 How modern DBAs can use our efficient Toolbox by Rola...Trivadis
See live how easy it is to provision our Toolbox on a new database server properly, so that mails can be sent, Perl works correctly and other pitfalls are prevented. I will demonstrate the basic installation and configuration of TVD-Basenv and the very simple creation of a new 12cR2 database with TVD-Admin. Next step is a backup configuration for your database with TVD-Backup in 5 minutes and last but not least we create a Data Guard Setup with TVD-HA. I will tell you the answer to questions that people ask me all the time and show you all the new features.
DOAG Oracle Unified Audit in Multitenant EnvironmentsStefan Oehrli
Oracle Audit is a well-known and proven database functionality. Or maybe not? What does auditing look like in combination with Oracle Multitenant Databases? Does database and Unified Audit work analogous to existing configurations? In the context of this presentation the auditing in the environment of container databases will be examined more closely. It will be shown what has to be considered and how an auditing concept has to be adapted to the new architecture. With focus on the current versions of the Oracle database, specific problems and workarounds in the area of Unified Audit will be shown. The presentation will be complemented by corresponding examples and live demos.
Authentication is an integral part of security. If authentication or passwords are insufficient, all further security measures are obsolete. But how do you ensure that passwords are complex? We will explain the different password hashes and show how to make sure authentication is secure.
The Oracle Cloud allows to build and configure various infrastructure resources. But you won't get far by just using "click acrobatics" via Web Console, especially if you want to build several similar and complex environments. A mouse click cannot be saved just like that. Oracle offers several API's to create and manage objects in OCI, e.g. Oracle OCI commandline utility, OCI SDK, Terraform Provider etc. This presentation will explain how to implement Infrastructure as Code in OCI using Terraform and the Oracle Terraform Provider. Using a training environment as an example, it will be shown how to build components with Terraform Server, databases and network components and how to scale them in terms of resources or number.
Security Best Practice: Oracle passwords, but secure!Stefan Oehrli
Authentication is an integral part of database security. If authentication or passwords are insufficient or inadequate, all further security measures are generally useless. But how do you ensure that passwords are complex and authentication is secure? In this presentation, the password hashes will be explained and it will be shown how to make sure passwords and authentication are state of the art. Focusing on the current versions of the Oracle database, the following topics will be discussed:
– Oracle database authentication
– Password verification and hashes
– Where can I find password hashes?
– Check and password hashes.
– Discussion of various risks related to authentication.
– Discussion of password policies and strong passwords.
– Customer Use Case in the DB Vault environment "ups we have forgotten the passwords"
SOUG Oracle Unified Audit for Multitenant DatabasesStefan Oehrli
Oracle Audit is a proven database functionality. Or maybe not? How does auditing look like in combination with Oracle Multitenant DBs? Does DB and Unified Audit work analogous to existing configurations? In the context of this lecture audit in Container DBs (19c/20c) will be discussed more closely. We will shown where to pay attention and how to adapt an audit concept to the new architecture. Specific problems and workarounds will be shown. The presentation will be complemented by demos.
Since the manageability of RMAN backup, restore and recovery operations are nearly identical for nonclustered and clustered databases, the objective of this presentation is summarize you how RMAN can be best utilized in a RAC database.
This presentation is an overview of things all IT management team needs to consider before upgrading to Oracle Database 12c and were presented in a webinar: bit.ly/1yzSdsd
Oracle ACE Director Dan Morgan was a 12c beta tester and is intimately familiar with changes in architecture and how they will impact existing infrastructure and planning and budgeting considerations.
In 2015, most organizations will begin to migrate to the latest version of Oracle Database 12c, but few are aware of the challenges to management, planning and budgeting that need to be addressed before executing such a project. Dan Morgan presents what needs to be considered and shares a few tips about 12c new features.
If you have any questions regarding your future Oracle migrations and upgrades, feel free to visit Performance Tuning Corporation at www.perftuning.com
Trivadis TechEvent 2017 Kerberos and Databases a Success by Stefan OehrliTrivadis
Or how to mess up the day. Strong authentication is state of the art. With Kerberos, strong authentication and SSO can fairly easily be setup and configured with the Oracle database. But unfortunately, the devil is in the details. Different client / server releases, complex architectures as well as one or the other bug makes life difficult. The aim of this presentation is to show how strong authentication with Kerberos can be successfully configured. Beside we will discuss special topics like standard vs. enterprise edition, DB links, proxy user and more.
Powering the Cloud with Oracle WebLogicLucas Jellema
This presentation discusses the concept of the Cloud, Platform as a Service, the Application Server and the Application. It then moves on to explain what WebLogic has to offer to provide the platform in the cloud to implement the PaaS. It mentions a few of the most important features in WLS that help to power the cloud.
Here Be Dragons: Security Maps of the Container New WorldC4Media
Video and slides synchronized, mp3 and slide download available at URL http://bit.ly/1KjxPiO.
Josh Bregman explores some of the unique security challenges created by both the development workflow and application runtime, explains why and how the current approaches in SecDevOps 1.0 are insufficient, and how SecDevOps 2.0 techniques including Software Defined Firewalls (SDF) provide a promising path forward for all parties involved. Filmed at qconnewyork.com.
Josh Bregman is Information Security Architect and Executive Vice President for Technical Sales at Conjur Inc.
Serhiy Kalinets "Embracing architectural challenges in the modern .NET world"Fwdays
For more than decade .NET has been used primarily in enterprise software development. We all remember intranet deployment, IIS, SQL Server, N-tier applications and so on. The toolset (Visual Studio, SQL Management Studio, IIS Management snap-in etc) seemed to be set in stone as well as architecture (controllers, services, repositories). .NET people were isolated from other folks, who were using clusters, containers, clouds, and Linux.
However, adoption of clouds during few past years, the release of .NET Core made much more choices available to developers. It turned out that traditional way of building application is not that efficient from many viewpoints, including costs, time, performance or robustness. It happens because the environment has been changed and many assumptions are not still relevant.
In this talk, we will discuss what and why has been changed and how to deal with that. What are new requirements for our applications? What are new services available, and how to use them wisely? And finally, how should we design our applications to be cost-effective, competitive and have a lot of fun working with .NET Core.
What is expected from Chief Cloud Officers?Bernard Paques
The new CxO is taking care of cloud computing for his company. Among his responsabilities: brand experience, go-to-market and business agility. What do these mean in terms of capabilities?
The AWS cloud infrastructure has been architected to be one of the most flexible and secure cloud computing environments available today. Security for AWS is about three related elements: visibility, auditability and control. You have to know what you have and where it is before you can assess the environment against best practices and internal or compliance standards. Controls enable you to place precise, well-understood limits on the access to your information. Did you know, for example, that you can define a rule that says: "Tom is the only person who can access this data object that I store with Amazon, and he can only do so from his corporate desktop on the corporate network, from Monday-Friday 9-5 and when he uses MFA?" That's the level of granularity you can choose to implement if you wish.
Discover the NEW Mesosphere DC/OS 1.10 for more freedom of choice for container orchestration and data services. Now the most flexible platform for containerized, data-intensive applications.
To view the recorded demo on-demand, visit: http://bit.ly/2hwiWW3
Azure Days 2019: Azure Chatbot Development for Airline Irregularities (Remco ...Trivadis
During major irregularities, the service desks of airline companies are heavily overloaded for short periods of time. A chatbot could help out during these peak hours. In this session we show how SWISS International Airlines developed a chatbot for irregularity handling. We shed light on the challenges, such as sensitive customer data and a company starting its journey into the cloud.
Azure Days 2019: Trivadis Azure Foundation – Das Fundament für den ... (Nisan...Trivadis
Trivadis Azure Foundation – Das Fundament für den erfolgreichen Einsatz der Azure Cloud
Die Azure Cloud steuert auf ihr 10-jähriges Jubiläum zu und ist in der Schweiz angekommen. Im Vergleich zum Betrieb von On-Premise Lösungen bietet die Cloud eine Vielzahl von Vorteilen. Viele Aufgaben aus der On-Premise Welt werden im Cloud Computing vom Anbieter übernommen.
Aber die Freiheiten, welche Cloud Computing bietet, sind sehr mächtig und das beste Rezept für Wildwuchs und Chaos. Viele unserer Kunden werden sich erst jetzt bewusst, um welche Aufgaben sie sich bereits vor 5 Jahren hätten kümmern sollen. Die Trivadis Azure Foundation ist unser in der Praxis erprobtes Vorgehen, um alle Vorteile der Cloud optimal Nutzen zu können, ohne die Kontrolle zu verlieren. In dieser Session bekommen Sie einen Einblick in unsere Azure Foundation Methodik, zusätzlich berichten wir von den Azure-Erfahrungen unserer Kunden.
Azure Days 2019: Business Intelligence auf Azure (Marco Amhof & Yves Mauron)Trivadis
In dieser Session stellen wir ein Projekt vor, in welchem wir ein umfassendes BI-System mit Hilfe von Azure Blob Storage, Azure SQL, Azure Logic Apps und Azure Analysis Services für und in der Azure Cloud aufgebaut haben. Wir berichten über die Herausforderungen, wie wir diese gelöst haben und welche Learnings und Best Practices wir mitgenommen haben.
Azure Days 2019: Master the Move to Azure (Konrad Brunner)Trivadis
Die Azure Cloud hat sich in den letzten 10 Jahren etabliert und steht heute sowohl global, als auch lokal zur Verfügung,
der Schritt in die Cloud muss aber gut geplant werden. In diesem Talk teilen wir unsere Erfahrungen aus diversen Projekten mit Ihnen. Wir zeigen, worauf Sie besonders achten müssen, damit Ihr Wechsel in die Cloud ein Erfolg wird.
Azure Days 2019: Keynote Azure Switzerland – Status Quo und Ausblick (Primo A...Trivadis
Die Azure Cloud ist in der Schweiz angekommen. In dieser Session beleuchtet Primo Amrein, Cloud Lead bei Microsoft Schweiz, die Einführung der Azure Cloud in der Schweiz, berichtet über die Erfolgsgeschichten und die Lessons Learned. Die Session wird mit einem Ausblick auf die Roadmap abgerundet.
Azure Days 2019: Grösser und Komplexer ist nicht immer besser (Meinrad Weiss)Trivadis
«Moderne» Data Warehouse/Data Lake Architekturen strotzen oft nur von Layern und Services. Mit solchen Systemen lassen sich Petabytes von Daten verwalten und analysieren. Das Ganze hat aber auch seinen Preis (Komplexität, Latenzzeit, Stabilität) und nicht jedes Projekt wird mit diesem Ansatz glücklich.
Der Vortrag zeigt die Reise von einer technologieverliebten Lösung zu einer auf die Anwender Bedürfnisse abgestimmten Umgebung. Er zeigt die Sonnen- und Schattenseiten von massiv parallelen Systemen und soll die Sinne auf das Aufnehmen der realen Kundenanforderungen sensibilisieren.
Azure Days 2019: Get Connected with Azure API Management (Gerry Keune & Stefa...Trivadis
API-Management bietet eine integrierte Umgebung zur Erstellung, Ausführung, Verwaltung und Sicherung von Enterprise-APIs für moderne digitale Anwendungen. Die Firma Vinci Energies Schweiz setzt den Azure API-Management Dienst seit mehreren Jahren in unterschiedlichen Projekten erfolgreich ein. Ein Erfahrungsbericht, der die Möglichkeiten, aber auch die Grenzen von Azure API-Management aufzeigt.
Azure Days 2019: Infrastructure as Code auf Azure (Jonas Wanninger & Daniel H...Trivadis
Heutzutage schreibt man nicht nur Applikationen mit Code. Dank der Cloud wird die Konfiguration von Infrastruktur wie virtuellen Maschinen oder Netzwerken in Code definiert und automatisiert ausgeliefert. Man spricht von Infrastructure as Code, kurz: IAC. Für Infrastructure as Code auf Azure gibt es viele tools wie Ansible, Puppet, Chef, etc. Zwei Lösungen stechen durch Ihren unterschiedlichen Ansatz heraus - Die Azure Resource Manager Templates (ARM) als Microsoft-native Lösung, immer auf dem neusten Stand, aber an Azure gebunden. Auf der anderen Seite Terraform von HashiCorp mit einer deskriptiven Sprache als Grundlage, dafür weniger Features im Security-Bereich. Für einen Grosskunden haben wir die beiden Technologien verglichen. Die Resultate zeigen wir in dieser Session mit Livedemos auf.
Azure Days 2019: Wie bringt man eine Data Analytics Plattform in die Cloud? (...Trivadis
Was waren die Learnings und Challenges um eine auf Azure basierende, moderne Data Analytics Plattform für einen großen Konzern als Service bereitzustellen und in das Enterprise zu integrieren? Ein Projekt mit vielen interessanten Aspekten über Azure BI Services wie HDInsight, die Integration in ein Enterprise in einem "as a Service" Model, Management der Kosten und Verrechnungen der Services, und noch viel mehr. Diese Session bietet Einblicke in eines unserer Projekte, die Ihnen in Ihrem nächsten Projekt behilflich sein werden.
Azure Days 2019: Azure@Helsana: Die Erweiterung von Dynamics CRM mit Azure Po...Trivadis
Die Helsana (https://www.helsana.ch), die Nummer 2 der grössten Krankenversicherungen der Schweiz, verfolgt eine moderne Cloud-First Strategie. Um komplexe Marketingkampagnen mit einem hohen Grad an Automatisierung ausführen zu können, wurden von Helsana diverse Produkte evaluiert. Leider fand sich keines, welches allen Anforderungen genügte. In enger Zusammenarbeit mit Microsoft wurde die zu 100% Azure-basierte Anwendung CRM-Analytics (CRMa) erstellt, welche Leads und Aufgaben aus dem Dynamics CRM gemäss komplexen Verteilregelwerken an die Regionen, Niederlassungen und Kundenbetreuer verteilt. Die Resultate und Performance der Kampagnen können über eine Data Analytics Strecke analysiert und in PowerBI visualisiert werden. Manuelle Prozesse zur Zielgruppenselektion wurden automatisiert und die Zeit von der Idee bis zur Selektion der Zielgruppe konnte von 10(!) Tagen auf einige Minuten reduziert werden. Mit der Einführung von CRMa hat die Helsana einen massgebenden Schritt in die Digitalisierung und zu einem ganzheitlichen Kampagnenmanagement geschafft.
TechEvent 2019: Kundenstory - Kein Angebot, kein Auftrag – Wie Du ein individ...Trivadis
TechEvent 2019: Kundenstory - Kein Angebot, kein Auftrag – Wie Du ein individuelles Angebot in 5 Sek formulierst; Martin Kortstiege, Ronny Bauer - Trivadis
TechEvent 2019: Status of the partnership Trivadis and EDB - Comparing Postgr...Trivadis
TechEvent 2019: Status of the partnership Trivadis and EDB - Comparing PostgreSQL to Oracle, the best kept secrets; Konrad Häfeli, Jan Karremans - Trivadis
TechEvent 2019: Kundenstory - Vom Hauptmann zu Köpenick zum Polizisten 2020 -...Trivadis
TechEvent 2019: Kundenstory - Vom Hauptmann zu Köpenick zum Polizisten 2020 - von klassischen zu agilen Prozessen; Martin Moog, Esther Trapp, Norbert Ziebarth - Trivadis
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
UiPath Test Automation using UiPath Test Suite series, part 5DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 5. In this session, we will cover CI/CD with devops.
Topics covered:
CI/CD with in UiPath
End-to-end overview of CI/CD pipeline with Azure devops
Speaker:
Lyndsey Byblow, Test Suite Sales Engineer @ UiPath, Inc.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024Neo4j
Neha Bajwa, Vice President of Product Marketing, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
PHP Frameworks: I want to break free (IPC Berlin 2024)
TechEvent EUS, Kerberos, SSL and OUD
1. BASEL BERN BRUGG DÜSSELDORF FRANKFURT A.M. FREIBURG I.BR. GENF
HAMBURG KOPENHAGEN LAUSANNE MÜNCHEN STUTTGART WIEN ZÜRICH
EUS, Kerberos, SSL and OUD
A Guideline
Stefan Oehrli
2. Trivadis – Our mission.
TechEvent - EUS, Kerberos, SSL and OUD2 14.09.2018
Trivadis makes IT easier:
We provide significant support for our
customers in the smart use of data in
the digital age.
We reduce complexity for our
customers through outstanding
technological expertise.
We take over key tasks in the existing
and future IT of our customers.
3. Trivadis – What sets us apart.
TechEvent - EUS, Kerberos, SSL and OUD3 14.09.2018
We understand the business processes and economic challenges of our customers
and support them through IT consulting and in the development of comprehensive IT
solutions.
Our proven products, developed by Trivadis, are based on in-depth expertise in the
key technologies offered by Microsoft, Oracle and Open Source.
That sets us apart from the competition.
A selection of awards we have received
OPEN SOURCE
4. Trivadis – Our key figures
TechEvent - EUS, Kerberos, SSL and OUD4 14.09.2018
Founded in 1994
15 Trivadis locations with
more than 650 employees
Sales of CHF 111 million (EUR 96 million)
Over 250 Service Level Agreements
More than 4000 training participants
Research and development budget: CHF
5.0 million
More than 1900 projects each year with
over 800 customers
Financially independent and sustainably
profitable
5. Stefan Oehrli
Solution Manager BDS SEC / Trivadis Partner
Working since 1997 in IT
Since 2008 with Trivadis AG
Since 2010 Discipline Manager SEC INFR
Since 2014 Solution Manager BDS Security
Skills
Backup & Recovery
Oracle Advanced Security
Oracle AVDF and DB Vault
Oracle Directory Services
Team / Project Management
Trainer O-SEC, O-BR,…
IT Experience
Database administration and
database security solutions
Administration complex,
heterogeneous systems
IT / Database Team leader
Specialization
DB security and operation
Security concepts and their
implementation
Security assessments
Oracle Backup & Recovery
Enterprise User Security and
Oracle Unified Directory
5 TechEvent - EUS, Kerberos, SSL and OUD14.09.2018
8. The Example Inc.
TechEvent - EUS, Kerberos, SSL and OUD8 14.09.2018
Scott DBA
Bob User
Alice User
Larry Security Admin
username /
password
Weak password verifier
e.g. 10g, 11g, 12c
Risk of weak or shared
passwords
Decentralized administration
Poor usability (Admin, User,..)
Overvisibility
9. The Example Inc.
TechEvent - EUS, Kerberos, SSL and OUD10 14.09.2018
... as usual it just depends!
Different approaches for improving
authentication and authorization are possible…
10. The Example Inc.
TechEvent - EUS, Kerberos, SSL and OUD11 14.09.2018
Scott DBA
Bob User
Alice User
Larry Security Admin
Single Logon /
Single Sign On
Single logon / Single Sign On
Centralized user management Nice guy from HR
Oracle
Directory
MS AD
IAM / IdM
11. Distinguishing characteristics
TechEvent - EUS, Kerberos, SSL and OUD12 14.09.2018
Authentication methods
– Password base authentication providing different authentication protocol versions
– OS authentication
– Strong authentication using Kerberos or Radius
– Certificate based authentication using SSL and TCPS
– Special authentication like administrators (SYSxxx) or proxy
Just authentication or also authorization e.g. who versus what
Centralized versus decentralized account management
– Manual distribution and maintenance of user and roles
– IdM based distribution and maintenance of user and roles
– Centralized management of user and roles
13. Password authentication
TechEvent - EUS, Kerberos, SSL and OUD14 14.09.2018
Password authentication requires a verifier / hash stored in USER$
– USER$.PASSWORD for 10g hash (DES based)
– USER$.SPARE4 for 11g and 12c hashes (sha1 respectively sha2 based)
Old authentication protocols have serious security vulnerabilities
– CVE-2012-3137, MOS Note 1492721.1 and 1493990.1
Specifying the Version of the Logon Process
– SQLNET.ALLOWED_LOGON_VERSION (deprecated)
– SQLNET. ALLOWED_LOGON_VERSION_SERVER|CLIENT
Strong password verifiers by default as of 12.2.0.1
– Default value changed to 12 use to be 8
– Earlier releases require critical patch updates CPUOct2012 to use 12
14. Authentication protocols version
TechEvent - EUS, Kerberos, SSL and OUD15 14.09.2018
Logon
Version
Password
Version
Ability
Client
Meaning for Clients
Server Exclusive
Mode
12a 12c O7L_MR
Only Oracle DB 12c R1 (12.1.0.2 or later) clients
can connect to the server
Yes because it
excludes 10G and 11G
password versions
12 11g, 12c O5L_NP
Oracle DB 11g R2 (11.2.0.3 or later) clients can
connect to the server
Older clients need the critical patch update
CPUOct2012 or later, to gain the O5L_NP ability
Yes because it
excludes 10G
password version
11 10g, 11g, 12c O5L
Oracle 10g DB or newer clients can connect.
Clients using releases earlier than 11.2.0.3 that
have not applied critical patch update
CPUOct2012 or later patches must use the 10G
password version
No
10 10g, 11g, 12c O5L Oracle 10g DB or newer clients can connect No
9 10g, 11g, 12c O4L Oracle 9i DB or newer clients can connect No
8 10g, 11g, 12c O3L Oracle 8i DB or newer clients can connect No
15. Authentication protocols version
TechEvent - EUS, Kerberos, SSL and OUD16 14.09.2018
SQL> conn USER_10G/manager
ERROR:
ORA-01017: invalid username/password; logon denied
Logon using a wrong password verifier (Error ORA-28040 or ORA-01017)
SELECT username,password_versions FROM dba_users
WHERE username LIKE 'USER_%' ORDER BY 1;
USERNAME PASSWORD_VERSIONS
------------------------------ -----------------
USER_10G 10G
USER_11G 11G
USER_12C 12C
USER_ALL 10G 11G 12C
Available password version in DBA_USERS
16. Kerberos in a Nutshell
TechEvent - EUS, Kerberos, SSL and OUD17 14.09.2018
Network Authentication Protocol developed by MIT
Uses a trusted third-party Authentication System
KDC (not KGB…)
– “strong” Authentication
Basis for a couple of Services and Tools
Windows Servers
Requires three parties
– KDC with Authentication Service and Ticket Granting Service
– Service or Service Principle who provide a Service
– Client who request access
Has been around for some time now
17. Kerberos Authentication Workflow
TechEvent - EUS, Kerberos, SSL and OUD18 14.09.2018
Keytab file
Service Ticket
Send Ticket Granting Ticket
logon / okinit / kinit
Request Ticket Granting Ticket
Request a Service Ticket
Send Service Ticket
Acknowledge session
18. Kerberos Configuration (Demo)
TechEvent - EUS, Kerberos, SSL and OUD19 14.09.2018
Configuration a proper server name resolution (DNS and revers lookup)
Configure SQL Net e.g. sqlnet.ora, krb5.conf on server and clients
Create a service principle in MS Active Directory
Create a keytab file for the service principle
Make sure that…
– ... the times on the server, client and directory server are in sync
– … don’t mix up domain name, realm, user principle name, service principle name
– … avoid using 12.1.0.x due to incompatibility with KERBEROS5PRE
20. Oracle Directory Services
TechEvent - EUS, Kerberos, SSL and OUD21 14.09.2018
Oracle does provide a couple of directory servers the Oracle Directory Service Plus
– OID Oracle Internet Directory a Oracle Database based LDAP server
– OUD Oracle Unified Directory a small lightweight LDAP server
– ODSEE Oracle Directory Server Enterprise Edition deprecated product
(formerly Sun Directory Server Enterprise Edition)
– OVD Oracle Virtual Directory deprecated product
OUD and OID used two different approaches
– Horizontal scaling for OUD versus monolithic scalability for OID
OID does require a full Oracle Database and WebLogic stack
– Although it can be used without any additional license for Oracle Names resolution
No other Directory Server is supported for direct integration with Oracle DatabasesCentrally Managed Users CMU
21. Oracle Unified Directory
TechEvent - EUS, Kerberos, SSL and OUD22 14.09.2018
The other Oracle Directory …J
– Yes my favorite…
OUD is the latest of three Oracle LDAP directories and based on OpenDS Standard
– Full LDAPv3 compliant directory Server
– Proxy server e.g. Integrate OUD and MS Active Directory
– Replication Server
Java Based Directory
– Written in Java for multiple platform support
High performance and space effective data storage
– Embedded Berkley DB
22. Oracle Unified Directory (Demo)
TechEvent - EUS, Kerberos, SSL and OUD23 14.09.2018
Setup an OUD Active Directory Proxy for Enterprise User Security
Prepare OUD configuration scripts
The classical setup…
– Install Oracle Java
– Install Oracle Unified Directory and the latest bundle patch's
– Create the OUD proxy instance using the configuration scripts
The modern way…
– Initiate a new OUD Docker container J
24. TechEvent - EUS, Kerberos, SSL and OUD25 14.09.2018
Oracle Enterprise User Security
25. Integration of MS Active Directory Services using EUS
TechEvent - EUS, Kerberos, SSL and OUD26 14.09.2018
Until now, integration with Active
Directory also meant to…
– …maintain an Oracle Directory
– …setup OID or OUD
– …configure OUD AD Proxy, DIP etc.
– …configure Enterprise User Security
– …purchase Directory Server Plus
Oracle Enterprise User Security has a
number of advantages for medium and
large environments
To manage only a few users centrally
with EUS means “to crack a nut with a
sledgehammer”
26. OUD EUS Proxy Workflow
TechEvent - EUS, Kerberos, SSL and OUD27 14.09.2018
27. Integration of MS Active Directory Services using CMU
TechEvent - EUS, Kerberos, SSL and OUD28 14.09.2018
Centrally Managed User CMU…
– …does not require an Oracle Directory
– …does not require a license
– …allows to manage user via AD
Supports usual authentication methods
– Password
– Kerberos
– Public key infrastructure (PKI)
Requires a password filter and AD
schema extension
Requires a AD service account
Ideal for small environments
28. Configuration – Database
TechEvent - EUS, Kerberos, SSL and OUD29 14.09.2018
ldap_directory_access string PASSWORD
ldap_directory_sysauth string NO
Register Database with LDAP Directory using dbca (CLI or GUI)
– could cause issues with none default Listener Ports
Initialization parameter change by dbca
DIRECTORY_SERVERS= (oudad.postgasse.org:1389:1636)
DEFAULT_ADMIN_CONTEXT = "dc=postgasse,dc=org"
DIRECTORY_SERVER_TYPE = OID
Define the LDAP Directory using netca or directly in ldap.ora
29. Configuration – Database
TechEvent - EUS, Kerberos, SSL and OUD30 14.09.2018
ALTER USER clark IDENTIFIED GLOBALLY AS
'cn=clark, cn=Users,dc=trivadistraining,dc=com';
CREATE USER employee IDENTIFIED GLOBALLY;
Create global Database Users with IDENTIFIED GLOBALLY
WALLET_LOCATION =
(SOURCE =
(METHOD = FILE)
(METHOD_DATA = (DIRECTORY =/u00/app/oracle/admin/$ORACLE_SID/wallet)))
Oracle Wallet used to store LDAP credentials
– dbca does create a new Oracle Wallet at the WALLET_LOCATION
– WALLET_LOCATION is not supported for Container Database
30. Configuration – EUS
TechEvent - EUS, Kerberos, SSL and OUD31 14.09.2018
eusm createMapping database_name="TDB12A"
realm_dn="dc=trivadistraining,dc=com"
map_type="SUBTREE"
map_dn="cn=Users,dc=trivadistraining,dc=com"
schema="employee"
ldap_host="localhost" ldap_port=1389
ldap_user_dn="cn=orcladmin" ldap_user_password="TVD04manager"
Define Schema / Role mapping for EUS
– Enterprise Manager Cloud Control
– eusm command line utility MOS Note 1085065.1
– eusm officially documented in Oracle Database 18c
Create Mapping to a global shared schema
31. Oracle Enterprise User Security (Demo)
TechEvent - EUS, Kerberos, SSL and OUD32 14.09.2018
Configure SQL Net e.g. sqlnet.ora and ldap.conf on server and clients
Register database using dbca
Create global user and roles
Define EUS mapping using eusm
32. TechEvent - EUS, Kerberos, SSL and OUD33 14.09.2018
Troubleshooting and challenges
33. Challenges
TechEvent - EUS, Kerberos, SSL and OUD34 14.09.2018
Use of OUD, EUS and Active Directory for the central manage of users and roles,
requires the consideration of high availability and backup & recovery solutions
– Multiple OUD installation with LDAP replication
The technical aspects of EUS is one part of the problem
A corresponding user and role concept is another aspect that must be solved
seriously and comprehensively.
More complex infrastructures increase the probability to hit a bug
– Issues on the LDAP stack are not handled by the core DB dev team
34. Challenges
TechEvent - EUS, Kerberos, SSL and OUD35 14.09.2018
Some Oracle products are not always on the leading edge of certain technologies
– EUS and Databases require legacy unsecure SSL ciphers
– EUS still requires sha1 password store
– PBKDF2 SHA-512 is possible but requires some patch’s
Kerberos is not Kerberos
– Not all implementation work as excepted OS stack, DB stack, KDC etc.
Not all clients and/or applications can handle EUS, SSO and Kerberos
– theoretically and technically yes, but what to do when the app requires a username
RADIUS is not an option for EUS
35. Troubleshooting
TechEvent - EUS, Kerberos, SSL and OUD36 14.09.2018
The error messages are clearly arranged J a few common errors
– ORA-01017 : invalid username/password; logon denied
– ORA-28030 : Unable to access LDAP directory service
– ORA-12638: Credential retrieval failed
– ORA-12631: Username retrieval failed
Check your network and DNS configuration
User KRB5_TRACE environment variable available as of Oracle 12c
Get familiar with SQL Net trace
Use Wireshark to trace your network traffic
Double check if you do not hit one of the well known bug e.g. 19285025
And again, check your network and DNS configuration
36. Troubleshooting using MOS Notes
TechEvent - EUS, Kerberos, SSL and OUD37 14.09.2018
MOS Note 1375853.1 Master Note For Kerberos Authentication
https://support.oracle.com/epmos/faces/DocumentDisplay?id=1375853.1
MOS Note 185897.1 Kerberos Troubleshooting Guide
https://support.oracle.com/epmos/faces/DocumentDisplay?id=185897.1
MOS Note 1376365.1 Master Note For Enterprise User Security
https://support.oracle.com/epmos/faces/DocumentDisplay?id=1376365.1
MOS Note 453853.1 Step by Step Guide To Troubleshooting Enterprise User Security
(EUS) - Password Authentication
https://support.oracle.com/epmos/faces/DocumentDisplay?id=453853.1
And much more, but make sure to check Oracle Version and MOS Note release date!
37. Resources
TechEvent - EUS, Kerberos, SSL and OUD38 14.09.2018
DOAG RedStack Magazine Sept 2018 “Oracle Unified Directory in Docker”
Oracle Docker GitHub repository https://github.com/oracle/docker-images
Stefan Oehrli GitHub Docker repository https://github.com/oehrlis/docker
OUD Base environment scripts https://github.com/oehrlis/oudbase
O5Logon https://marcel.vandewaters.nl/oracle/security/cryptographic-flaws-in-oracle-
database-authentication-protocol
38. TechEvent - EUS, Kerberos, SSL and OUD39 14.09.2018
Conclusion
Strong password verifier and strong authentication e.g. Kerberos is state of the art today
Setup OUD and EUS isn't as hard as it looks at first glance
– Main challenge is a proper user and role concept
Centrally Managed User CMU is a promising solution for small / medium IT environments
Despite bug's, Kerberos, EUS and OUD provides reliable methods to centrally manage
users and roles and increase database security