SlideShare a Scribd company logo
January 30, 2018
How to achieve PCI compliance for
MySQL & MariaDB with
ClusterControl
Laurent Blume & Vinay Joosery
Presenters
Copyright 2017 Severalnines AB
I'm Jean-Jérôme from the Severalnines Team and
I'm your host for today's webinar!
Feel free to ask any questions in the Questions
section of this application or via the Chat box.
You can also contact me directly via the chat box
or via email: jj@severalnines.com during or after
the webinar.
Your host & some logistics
Copyright 2017 Severalnines AB
Copyright 2017 Severalnines AB
About Severalnines and ClusterControl
Copyright 2017 Severalnines AB
What we do
Manage Scale
MonitorDeploy
What Problems do we Address?
Copyright 2017 Severalnines AB
Deploy
Deploy MySQL, Postgres or MongoDB - single
instances or entire clusters
Monitor
Get a unified view of all clusters across all your
data centers
Scale
Add/remove nodes, resize instances & clone
your production clusters
Manage
Automatically repair & recover broken nodes
or clusters. Test & automate upgrades
ClusterControl Platform
Copyright 2017 Severalnines AB
ClusterControl
CC Clients
Notifications
Email
PagerDuty
VictorOps
OpsGenie
Slack
TeleGram
Webhooks
Web UI
S9s CLI
JSON RPC
Support
24/7
KeepAlived
HAProxy ProxySQL MaxScale
Galera
MariaDb
Percona
Replication
MariaDb
Percona
MongoDb
MongoDb Inc
Percona
PostgreSql
PgSQL
Codership
Cloud
Backup
Deployment Features in ClusterControl
Copyright 2017 Severalnines AB
● Each Cluster can be deployed and existing Clusters can be imported.
● Web UI
○ Deployment Wizard
● CLI
○ Allows easy integration with e.g Ansible
s9s cluster
--create
--cluster-type=galera
--nodes='10.10.10.26;10.10.10.27;10.10.10.28'
--vendor=percona
--cluster-name=PXC_CENTOS7
--provider-version=5.7
--os-user=vagrant --wait
● Supports multiple NICs and templated
configurations.
Monitoring Features in ClusterControl
Copyright 2017 Severalnines AB
● Database specific stats and Health status
○ Graphs and Dashboards
● Host statistics
○ E.g Predictive disk space usage monitoring
● Query Monitoring
○ E.g Top Queries, Outlier detection
● Advisors
○ Developer Studio with JS like syntax
● Notifications
○ Email, Pagerduty, VictorOps etc
● Operational Reports
Management Features in ClusterControl
Copyright 2017 Severalnines AB
● Availability
○ Node/Cluster Recovery
● Backup and Restore
○ MySQL: mysqldump, xtrabackup
○ Postgres: pg_dump, pg_basebackup
○ MongoDb: Mongodump, MongoDb
Consistent Backup
● Configuration
● Upgrades
● Loadbalancer
○ HAProxy, ProxySQL, MaxScale
○ KeepAlived
Copyright 2017 Severalnines AB
Supported Databases
Copyright 2017 Severalnines AB
Customers
Copyright 2017 Severalnines AB
Copyright 2017 Severalnines AB
Agenda
Today’s topics
Copyright 2017 Severalnines AB
● Introduction to the PCI-DSS standard
● The impact of PCI on database management
● Meeting PCI requirements for MySQL / MariaDB with
ClusterControl
● Conclusion
● Q&A
About me
Copyright 2017 Severalnines AB
Laurent Blume, Unix Systems Engineer & PCI-DSS implementer
Copyright 2017 Severalnines AB
Copyright 2017 Severalnines AB
Introduction to the PCI-DSS standard
Header
Copyright 2017 Severalnines AB
Source: https://www.pcisecuritystandards.org/pci_security/maintaining_payment_security
What is PCI-DSS ?
Copyright 2017 Severalnines AB
● Managed by the PCI Security Standard Council, which was
founded by major payment card companies
● Set of technical & operational requirements to protect
cardholder data
● Governs all merchants and organizations that
store/process/transmits this data
What isn’t PCI-DSS ?
Copyright 2017 Severalnines AB
● Not set in stone
○ Version 3.2 (April 2016) currently in force
● Not a goal that can be reached then forgotten
○ Yearly reviews and audits
● Not a governmental regulation
○ Those also need to be respected (GDPR, …)
Applicable Data
Copyright 2017 Severalnines AB
● All revolves around the card number, aka the PAN
○ You can store it after a transaction, but it needs protection
● Other elements used during the transaction must never be
stored (PIN, CVV, …)
Ref: https://www.pcisecuritystandards.org/pdfs/pci_fs_data_storage.pdf
Why comply?
Copyright 2017 Severalnines AB
● Required in order to accept credit cards
● A security breach has serious consequences
○ Regulatory notification
○ Fines
○ Litigation
○ Impacts your customers and reputation
Compliance Checks
Copyright 2017 Severalnines AB
● The same rules apply to every company handling card
information
● Merchant levels define how the compliance is checked
○ Minimum: an annual Self Assessment Questionnaire
and network scan
○ Maximum: an annual audit by a Qualified Security
Assessor
https://pci.qualys.com/static/help/merchant/getting_started/pci_merchant_levels.htm
Copyright 2017 Severalnines AB
Copyright 2017 Severalnines AB
The Impact of PCI on Database
Management
Cardholder Data Environment (CDE)
Copyright 2017 Severalnines AB
● PCI-DSS applies to every single component inside the CDE
● That CDE must be precisely defined
● An isolated network can reduce the scope
Cardholder Data Environment (CDE)
Copyright 2017 Severalnines AB
● What’s inside the CDE:
○ Workstations
○ Application servers
○ Network equipment
○ Databases
○ ...
Cardholder Data Environment (CDE)
Copyright 2017 Severalnines AB
● The database often is the central element of the CDE
○ It contains sensitive data that must be protected
○ It sends and receives fresh data
○ It must be reachable, but only by authorized parties
(load balancers, application servers, …)
Procedures and Provability
Copyright 2017 Severalnines AB
● Doing things right: of course you must
● Proving you’re doing them right?
○ Not as obvious as you might think...
Procedures and Provability:
Making it easier
Copyright 2017 Severalnines AB
● Automation:
○ It takes time to set it up, then it saves time
○ It helps making sure an action made once will not be
forgotten next time
○ It helps proving what you’ve been doing since the last
time you saw the auditor
Database environment is distributed
Copyright 2017 Severalnines AB
● You process card numbers?
● You need security
● It’s likely you also need reliability
○ Multiple servers
○ Multiple data centers
Single view/control of distributed environment
Copyright 2017 Severalnines AB
● In short, you need a cluster
○ Distributed database of identical nodes
○ Load balancers manage access to those nodes
○ Application clients use one connection string
○ Single view: all nodes as a single entity facilitates compliance
Copyright 2017 Severalnines AB
Copyright 2017 Severalnines AB
Meeting PCI Requirements for MySQL &
MariaDB with ClusterControl
PCI Data Security Standard - Overview
Copyright 2017 Severalnines AB
2. Do not use vendor-supplied defaults for
system passwords & other security parameters
Copyright 2017 Severalnines AB
● Set root password, disable remote root login
● Remove anonymous users/test database
● Automated via ClusterControl
○ Easily audited in the UI
● … more in our ‘10 Security Tips’ blog*
* https://severalnines.com/blog/ten-tips-how-achieve-mysql-and-mariadb-security
3. Protect stored cardholder data
Copyright 2017 Severalnines AB
● Some fields must not be stored in any form
○ PIN, CVV2
● A stored PAN must be masked or encrypted
○ MySQL encryption functions
○ Transparent Data Encryption
● Ensure logs do not contain sensitive data
● ClusterControl
○ Helps understanding the database
structure
○ Allows to check its logs
4. Encrypt transmission of cardholder data
across open, public networks
Copyright 2017 Severalnines AB
● Setup TLS between database nodes
○ Replication traffic
● Setup TLS from application to database
● ClusterControl can set up the TLS
connections between nodes and for
database users
Example: Encrypting client/server traffic +
intra-cluster replication traffic
Copyright 2017 Severalnines AB
6. Develop & maintain secure systems &
applications
Copyright 2017 Severalnines AB
● Track
○ what is running in production
○ vulnerabilities and current risk level
● Patch
○ any critical vulnerability within a month
○ non-critical ones within 3 months
● Separate dev and staging environments
Upgrade Report
from ClusterControl
Automate upgrades via ClusterControl
Copyright 2017 Severalnines AB
● Makes database upgrades simpler:
○ Each node is upgraded in turn without service
interruption
○ After the database version is upgraded, the schema is
updated by the script
● Makes system upgrades simpler
○ After the OS is updated (yum upgrade, …), each node
can be rebooted in sequence
● No service interruption during upgrades
Automate upgrades via ClusterControl
Copyright 2017 Severalnines AB
ClusterControl built on standard bricks
Copyright 2017 Severalnines AB
● ClusterControl uses Apache, PHP, ssh, from standard
Linux distributions
● Easier for Severalnines developers to follow industry
Best Practices
● Easier for end-users to deploy and manage using
standard tools
7. Restrict access to cardholder data by business
need to know
Copyright 2017 Severalnines AB
● Root account accessed from localhost
● Administrator manages the DB but does not
access the content
● Developer account defines DB structure
● Service accounts to access content, used
only by application and limited to its needs
● Least privilege model
● Accounts and privileges can be audited in
ClusterControl in different environments:
development, staging, production
8. Identify & authenticate access to system
components
Copyright 2017 Severalnines AB
● View of all granted users + permissions
● Control addition/deletion of user IDs
● No shared ID rule
● ClusterControl
○ shows all database user accounts at a
glance
○ can use LDAP for its own access control
User Mgmt: Single view
Copyright 2017 Severalnines AB
10. Track & monitor all access to network
resources & cardholder data
Copyright 2017 Severalnines AB
● ClusterControl keeps
○ an audit trail for management access
○ logs to remote syslog server
● Audit plugins from MariaDB and Percona
10. Track & monitor all access to network
resources & cardholder data
Copyright 2017 Severalnines AB
● ClusterControl keeps
○ an audit trail for management access
○ logs to remote syslog server
● Audit plugins from MariaDB and Percona
10. Track & monitor all access to network
resources & cardholder data
Copyright 2017 Severalnines AB
● ClusterControl keeps
○ an audit trail for management access
○ logs to remote syslog server
● Audit plugins from MariaDB and Percona
10. Track & monitor all access to network
resources & cardholder data
Copyright 2017 Severalnines AB
1. Install & maintain a firewall configuration to
protect cardholder data
Copyright 2017 Severalnines AB
● Different flows of data either allowed or
blocked
● Limit incoming/outgoing connections to
what is absolutely needed
5. Protect all systems against malware & regularly
update anti-virus software or programmes
Copyright 2017 Severalnines AB
● Understand impact on database performance
● Can create false positives on certain file formats
● ClusterControl can’t help with that :)
9. Restrict physical access to cardholder data
Copyright 2017 Severalnines AB
● Not directly applicable to ClusterControl
11. Regularly test security systems and processes
Copyright 2017 Severalnines AB
● ClusterControl will be itself scanned
● It works as for any other web application
without adding an additional burden
● It helps keep the database part up to date
12. Maintain an information security policy for all
personnel
Copyright 2017 Severalnines AB
● Last but not least, and often overlooked:
technology matters, but people stay in
charge
● Streamline the management of the
database environment via ClusterControl
● Management actions performed via UI
Copyright 2017 Severalnines AB
Copyright 2017 Severalnines AB
Conclusion
An ongoing process
Copyright 2017 Severalnines AB
● Payment card security not a fixed goal
● PCI Standard is upgraded every year
○ Announced last week: PCI SPoC*
● Environments must evolve with the changes
* https://www.pcisecuritystandards.org/pdfs/SPOC_Press_Release_24_Jan.pdf
Making Compliance less time consuming
Copyright 2017 Severalnines AB
● MySQL/MariaDB not designed for modern security
● Reaching compliance for an existing environment can be
overwhelming
● Leverage reliable database tools to ease out crucial parts
● Automate and manage your MySQL & MariaDB databases
with ClusterControl
Secure DB Setup with ClusterControl
Copyright 2017 Severalnines AB
● A simple example of a CDE with
ClusterControl
Copyright 2017 Severalnines AB
Copyright 2017 Severalnines AB
Q&A
Additional Resources
Copyright 2017 Severalnines AB
● White paper: How to achieve PCI compliance for MySQL
& MariaDB with ClusterControl
● ClusterControl in Financial Technology
● Download ClusterControl
● Contact us: info@severalnines.com

More Related Content

Similar to Webinar slides: How to Achieve PCI Compliance for MySQL & MariaDB with ClusterControl

Webinar slides: Free Monitoring (on Steroids) for MySQL, MariaDB, PostgreSQL ...
Webinar slides: Free Monitoring (on Steroids) for MySQL, MariaDB, PostgreSQL ...Webinar slides: Free Monitoring (on Steroids) for MySQL, MariaDB, PostgreSQL ...
Webinar slides: Free Monitoring (on Steroids) for MySQL, MariaDB, PostgreSQL ...
Severalnines
 
Webinar slides: How to automate and manage MongoDB & Percona Server for MongoDB
Webinar slides: How to automate and manage MongoDB & Percona Server for MongoDBWebinar slides: How to automate and manage MongoDB & Percona Server for MongoDB
Webinar slides: How to automate and manage MongoDB & Percona Server for MongoDB
Severalnines
 
Webinar slides: How to Automate & Manage PostgreSQL with ClusterControl
Webinar slides: How to Automate & Manage PostgreSQL with ClusterControlWebinar slides: How to Automate & Manage PostgreSQL with ClusterControl
Webinar slides: How to Automate & Manage PostgreSQL with ClusterControl
Severalnines
 
PostgreSQL Security. How Do We Think? at PGCon 2017
PostgreSQL Security. How Do We Think? at PGCon 2017PostgreSQL Security. How Do We Think? at PGCon 2017
PostgreSQL Security. How Do We Think? at PGCon 2017
Ohyama Masanori
 
Automating and Managing MongoDB: An Analysis of Ops Manager vs. ClusterControl
Automating and Managing MongoDB: An Analysis of Ops Manager vs. ClusterControlAutomating and Managing MongoDB: An Analysis of Ops Manager vs. ClusterControl
Automating and Managing MongoDB: An Analysis of Ops Manager vs. ClusterControl
Severalnines
 
Introduction to Azure Functions
Introduction to Azure FunctionsIntroduction to Azure Functions
Introduction to Azure Functions
Marco Parenzan
 
SysAdmin Working from Home? Tips to Automate MySQL, MariaDB, Postgres & MongoDB
SysAdmin Working from Home? Tips to Automate MySQL, MariaDB, Postgres & MongoDBSysAdmin Working from Home? Tips to Automate MySQL, MariaDB, Postgres & MongoDB
SysAdmin Working from Home? Tips to Automate MySQL, MariaDB, Postgres & MongoDB
Severalnines
 
Biznet GIO National Seminar on Digital Forensics
Biznet GIO National Seminar on Digital ForensicsBiznet GIO National Seminar on Digital Forensics
Biznet GIO National Seminar on Digital Forensics
Yusuf Hadiwinata Sutandar
 
Advanced MySql Data-at-Rest Encryption in Percona Server
Advanced MySql Data-at-Rest Encryption in Percona ServerAdvanced MySql Data-at-Rest Encryption in Percona Server
Advanced MySql Data-at-Rest Encryption in Percona Server
Severalnines
 
Adding Recurring Revenue with Cloud Computing ProfitBricks
Adding Recurring Revenue with Cloud Computing ProfitBricksAdding Recurring Revenue with Cloud Computing ProfitBricks
Adding Recurring Revenue with Cloud Computing ProfitBricks
ProfitBricks
 
PostgreSQL Security. How Do We Think?
PostgreSQL Security. How Do We Think?PostgreSQL Security. How Do We Think?
PostgreSQL Security. How Do We Think?
Ohyama Masanori
 
Check Point and Cisco: Securing the Private Cloud
Check Point and Cisco: Securing the Private CloudCheck Point and Cisco: Securing the Private Cloud
Check Point and Cisco: Securing the Private Cloud
Check Point Software Technologies
 
Justin Fox_NuData Security_A Master_Card_Company_June 9 2017_presentation
Justin Fox_NuData Security_A Master_Card_Company_June 9 2017_presentationJustin Fox_NuData Security_A Master_Card_Company_June 9 2017_presentation
Justin Fox_NuData Security_A Master_Card_Company_June 9 2017_presentation
TriNimbus
 
An Introduction to PCI Compliance on IBM Power Systems
An Introduction to PCI Compliance on IBM Power SystemsAn Introduction to PCI Compliance on IBM Power Systems
An Introduction to PCI Compliance on IBM Power Systems
HelpSystems
 
Webinar slides: DevOps Tutorial: how to automate your database infrastructure
Webinar slides: DevOps Tutorial: how to automate your database infrastructureWebinar slides: DevOps Tutorial: how to automate your database infrastructure
Webinar slides: DevOps Tutorial: how to automate your database infrastructure
Severalnines
 
MuleSoft Manchester Meetup #4 slides 11th February 2021
MuleSoft Manchester Meetup #4 slides 11th February 2021MuleSoft Manchester Meetup #4 slides 11th February 2021
MuleSoft Manchester Meetup #4 slides 11th February 2021
Ieva Navickaite
 
Mastering the move
Mastering the moveMastering the move
Mastering the move
Trivadis
 
Multi-tenancy In the Cloud
Multi-tenancy In the CloudMulti-tenancy In the Cloud
Multi-tenancy In the Cloud
sdevillers
 
What's New in Kubernetes 1.18 Webinar Slides
What's New in Kubernetes 1.18 Webinar SlidesWhat's New in Kubernetes 1.18 Webinar Slides
What's New in Kubernetes 1.18 Webinar Slides
Mirantis
 
Enterprise Cloud Security
Enterprise Cloud SecurityEnterprise Cloud Security
Enterprise Cloud Security
MongoDB
 

Similar to Webinar slides: How to Achieve PCI Compliance for MySQL & MariaDB with ClusterControl (20)

Webinar slides: Free Monitoring (on Steroids) for MySQL, MariaDB, PostgreSQL ...
Webinar slides: Free Monitoring (on Steroids) for MySQL, MariaDB, PostgreSQL ...Webinar slides: Free Monitoring (on Steroids) for MySQL, MariaDB, PostgreSQL ...
Webinar slides: Free Monitoring (on Steroids) for MySQL, MariaDB, PostgreSQL ...
 
Webinar slides: How to automate and manage MongoDB & Percona Server for MongoDB
Webinar slides: How to automate and manage MongoDB & Percona Server for MongoDBWebinar slides: How to automate and manage MongoDB & Percona Server for MongoDB
Webinar slides: How to automate and manage MongoDB & Percona Server for MongoDB
 
Webinar slides: How to Automate & Manage PostgreSQL with ClusterControl
Webinar slides: How to Automate & Manage PostgreSQL with ClusterControlWebinar slides: How to Automate & Manage PostgreSQL with ClusterControl
Webinar slides: How to Automate & Manage PostgreSQL with ClusterControl
 
PostgreSQL Security. How Do We Think? at PGCon 2017
PostgreSQL Security. How Do We Think? at PGCon 2017PostgreSQL Security. How Do We Think? at PGCon 2017
PostgreSQL Security. How Do We Think? at PGCon 2017
 
Automating and Managing MongoDB: An Analysis of Ops Manager vs. ClusterControl
Automating and Managing MongoDB: An Analysis of Ops Manager vs. ClusterControlAutomating and Managing MongoDB: An Analysis of Ops Manager vs. ClusterControl
Automating and Managing MongoDB: An Analysis of Ops Manager vs. ClusterControl
 
Introduction to Azure Functions
Introduction to Azure FunctionsIntroduction to Azure Functions
Introduction to Azure Functions
 
SysAdmin Working from Home? Tips to Automate MySQL, MariaDB, Postgres & MongoDB
SysAdmin Working from Home? Tips to Automate MySQL, MariaDB, Postgres & MongoDBSysAdmin Working from Home? Tips to Automate MySQL, MariaDB, Postgres & MongoDB
SysAdmin Working from Home? Tips to Automate MySQL, MariaDB, Postgres & MongoDB
 
Biznet GIO National Seminar on Digital Forensics
Biznet GIO National Seminar on Digital ForensicsBiznet GIO National Seminar on Digital Forensics
Biznet GIO National Seminar on Digital Forensics
 
Advanced MySql Data-at-Rest Encryption in Percona Server
Advanced MySql Data-at-Rest Encryption in Percona ServerAdvanced MySql Data-at-Rest Encryption in Percona Server
Advanced MySql Data-at-Rest Encryption in Percona Server
 
Adding Recurring Revenue with Cloud Computing ProfitBricks
Adding Recurring Revenue with Cloud Computing ProfitBricksAdding Recurring Revenue with Cloud Computing ProfitBricks
Adding Recurring Revenue with Cloud Computing ProfitBricks
 
PostgreSQL Security. How Do We Think?
PostgreSQL Security. How Do We Think?PostgreSQL Security. How Do We Think?
PostgreSQL Security. How Do We Think?
 
Check Point and Cisco: Securing the Private Cloud
Check Point and Cisco: Securing the Private CloudCheck Point and Cisco: Securing the Private Cloud
Check Point and Cisco: Securing the Private Cloud
 
Justin Fox_NuData Security_A Master_Card_Company_June 9 2017_presentation
Justin Fox_NuData Security_A Master_Card_Company_June 9 2017_presentationJustin Fox_NuData Security_A Master_Card_Company_June 9 2017_presentation
Justin Fox_NuData Security_A Master_Card_Company_June 9 2017_presentation
 
An Introduction to PCI Compliance on IBM Power Systems
An Introduction to PCI Compliance on IBM Power SystemsAn Introduction to PCI Compliance on IBM Power Systems
An Introduction to PCI Compliance on IBM Power Systems
 
Webinar slides: DevOps Tutorial: how to automate your database infrastructure
Webinar slides: DevOps Tutorial: how to automate your database infrastructureWebinar slides: DevOps Tutorial: how to automate your database infrastructure
Webinar slides: DevOps Tutorial: how to automate your database infrastructure
 
MuleSoft Manchester Meetup #4 slides 11th February 2021
MuleSoft Manchester Meetup #4 slides 11th February 2021MuleSoft Manchester Meetup #4 slides 11th February 2021
MuleSoft Manchester Meetup #4 slides 11th February 2021
 
Mastering the move
Mastering the moveMastering the move
Mastering the move
 
Multi-tenancy In the Cloud
Multi-tenancy In the CloudMulti-tenancy In the Cloud
Multi-tenancy In the Cloud
 
What's New in Kubernetes 1.18 Webinar Slides
What's New in Kubernetes 1.18 Webinar SlidesWhat's New in Kubernetes 1.18 Webinar Slides
What's New in Kubernetes 1.18 Webinar Slides
 
Enterprise Cloud Security
Enterprise Cloud SecurityEnterprise Cloud Security
Enterprise Cloud Security
 

More from Severalnines

WEBINAR SLIDES: CCX for Cloud Service Providers
WEBINAR SLIDES: CCX for Cloud Service ProvidersWEBINAR SLIDES: CCX for Cloud Service Providers
WEBINAR SLIDES: CCX for Cloud Service Providers
Severalnines
 
LIVE DEMO: CCX for CSPs, a drop-in DBaaS solution
LIVE DEMO: CCX for CSPs, a drop-in DBaaS solutionLIVE DEMO: CCX for CSPs, a drop-in DBaaS solution
LIVE DEMO: CCX for CSPs, a drop-in DBaaS solution
Severalnines
 
Kubernetes at Scale: Going Multi-Cluster with Istio
Kubernetes at Scale:  Going Multi-Cluster  with IstioKubernetes at Scale:  Going Multi-Cluster  with Istio
Kubernetes at Scale: Going Multi-Cluster with Istio
Severalnines
 
DIY DBaaS: A guide to building your own full-featured DBaaS
DIY DBaaS: A guide to building your own full-featured DBaaSDIY DBaaS: A guide to building your own full-featured DBaaS
DIY DBaaS: A guide to building your own full-featured DBaaS
Severalnines
 
Cloud's future runs through Sovereign DBaaS
Cloud's future runs through Sovereign DBaaSCloud's future runs through Sovereign DBaaS
Cloud's future runs through Sovereign DBaaS
Severalnines
 
Tips to drive maria db cluster performance for nextcloud
Tips to drive maria db cluster performance for nextcloudTips to drive maria db cluster performance for nextcloud
Tips to drive maria db cluster performance for nextcloud
Severalnines
 
Working with the Moodle Database: The Basics
Working with the Moodle Database: The BasicsWorking with the Moodle Database: The Basics
Working with the Moodle Database: The Basics
Severalnines
 
(slides) Polyglot persistence: utilizing open source databases as a Swiss poc...
(slides) Polyglot persistence: utilizing open source databases as a Swiss poc...(slides) Polyglot persistence: utilizing open source databases as a Swiss poc...
(slides) Polyglot persistence: utilizing open source databases as a Swiss poc...
Severalnines
 
Webinar slides: How to Migrate from Oracle DB to MariaDB
Webinar slides: How to Migrate from Oracle DB to MariaDBWebinar slides: How to Migrate from Oracle DB to MariaDB
Webinar slides: How to Migrate from Oracle DB to MariaDB
Severalnines
 
Webinar slides: How to Manage Replication Failover Processes for MySQL, Maria...
Webinar slides: How to Manage Replication Failover Processes for MySQL, Maria...Webinar slides: How to Manage Replication Failover Processes for MySQL, Maria...
Webinar slides: How to Manage Replication Failover Processes for MySQL, Maria...
Severalnines
 
Webinar slides: Backup Management for MySQL, MariaDB, PostgreSQL & MongoDB wi...
Webinar slides: Backup Management for MySQL, MariaDB, PostgreSQL & MongoDB wi...Webinar slides: Backup Management for MySQL, MariaDB, PostgreSQL & MongoDB wi...
Webinar slides: Backup Management for MySQL, MariaDB, PostgreSQL & MongoDB wi...
Severalnines
 
Disaster Recovery Planning for MySQL & MariaDB
Disaster Recovery Planning for MySQL & MariaDBDisaster Recovery Planning for MySQL & MariaDB
Disaster Recovery Planning for MySQL & MariaDB
Severalnines
 
MariaDB Performance Tuning Crash Course
MariaDB Performance Tuning Crash CourseMariaDB Performance Tuning Crash Course
MariaDB Performance Tuning Crash Course
Severalnines
 
Performance Tuning Cheat Sheet for MongoDB
Performance Tuning Cheat Sheet for MongoDBPerformance Tuning Cheat Sheet for MongoDB
Performance Tuning Cheat Sheet for MongoDB
Severalnines
 
Polyglot Persistence Utilizing Open Source Databases as a Swiss Pocket Knife
Polyglot Persistence Utilizing Open Source Databases as a Swiss Pocket KnifePolyglot Persistence Utilizing Open Source Databases as a Swiss Pocket Knife
Polyglot Persistence Utilizing Open Source Databases as a Swiss Pocket Knife
Severalnines
 
Webinar slides: An Introduction to Performance Monitoring for PostgreSQL
Webinar slides: An Introduction to Performance Monitoring for PostgreSQLWebinar slides: An Introduction to Performance Monitoring for PostgreSQL
Webinar slides: An Introduction to Performance Monitoring for PostgreSQL
Severalnines
 
Webinar slides: Our Guide to MySQL & MariaDB Performance Tuning
Webinar slides: Our Guide to MySQL & MariaDB Performance TuningWebinar slides: Our Guide to MySQL & MariaDB Performance Tuning
Webinar slides: Our Guide to MySQL & MariaDB Performance Tuning
Severalnines
 
Webinar slides: Migrating to Galera Cluster for MySQL and MariaDB
Webinar slides: Migrating to Galera Cluster for MySQL and MariaDBWebinar slides: Migrating to Galera Cluster for MySQL and MariaDB
Webinar slides: Migrating to Galera Cluster for MySQL and MariaDB
Severalnines
 
Webinar slides: How to Measure Database Availability?
Webinar slides: How to Measure Database Availability?Webinar slides: How to Measure Database Availability?
Webinar slides: How to Measure Database Availability?
Severalnines
 
Webinar slides: Designing Open Source Databases for High Availability
Webinar slides: Designing Open Source Databases for High AvailabilityWebinar slides: Designing Open Source Databases for High Availability
Webinar slides: Designing Open Source Databases for High Availability
Severalnines
 

More from Severalnines (20)

WEBINAR SLIDES: CCX for Cloud Service Providers
WEBINAR SLIDES: CCX for Cloud Service ProvidersWEBINAR SLIDES: CCX for Cloud Service Providers
WEBINAR SLIDES: CCX for Cloud Service Providers
 
LIVE DEMO: CCX for CSPs, a drop-in DBaaS solution
LIVE DEMO: CCX for CSPs, a drop-in DBaaS solutionLIVE DEMO: CCX for CSPs, a drop-in DBaaS solution
LIVE DEMO: CCX for CSPs, a drop-in DBaaS solution
 
Kubernetes at Scale: Going Multi-Cluster with Istio
Kubernetes at Scale:  Going Multi-Cluster  with IstioKubernetes at Scale:  Going Multi-Cluster  with Istio
Kubernetes at Scale: Going Multi-Cluster with Istio
 
DIY DBaaS: A guide to building your own full-featured DBaaS
DIY DBaaS: A guide to building your own full-featured DBaaSDIY DBaaS: A guide to building your own full-featured DBaaS
DIY DBaaS: A guide to building your own full-featured DBaaS
 
Cloud's future runs through Sovereign DBaaS
Cloud's future runs through Sovereign DBaaSCloud's future runs through Sovereign DBaaS
Cloud's future runs through Sovereign DBaaS
 
Tips to drive maria db cluster performance for nextcloud
Tips to drive maria db cluster performance for nextcloudTips to drive maria db cluster performance for nextcloud
Tips to drive maria db cluster performance for nextcloud
 
Working with the Moodle Database: The Basics
Working with the Moodle Database: The BasicsWorking with the Moodle Database: The Basics
Working with the Moodle Database: The Basics
 
(slides) Polyglot persistence: utilizing open source databases as a Swiss poc...
(slides) Polyglot persistence: utilizing open source databases as a Swiss poc...(slides) Polyglot persistence: utilizing open source databases as a Swiss poc...
(slides) Polyglot persistence: utilizing open source databases as a Swiss poc...
 
Webinar slides: How to Migrate from Oracle DB to MariaDB
Webinar slides: How to Migrate from Oracle DB to MariaDBWebinar slides: How to Migrate from Oracle DB to MariaDB
Webinar slides: How to Migrate from Oracle DB to MariaDB
 
Webinar slides: How to Manage Replication Failover Processes for MySQL, Maria...
Webinar slides: How to Manage Replication Failover Processes for MySQL, Maria...Webinar slides: How to Manage Replication Failover Processes for MySQL, Maria...
Webinar slides: How to Manage Replication Failover Processes for MySQL, Maria...
 
Webinar slides: Backup Management for MySQL, MariaDB, PostgreSQL & MongoDB wi...
Webinar slides: Backup Management for MySQL, MariaDB, PostgreSQL & MongoDB wi...Webinar slides: Backup Management for MySQL, MariaDB, PostgreSQL & MongoDB wi...
Webinar slides: Backup Management for MySQL, MariaDB, PostgreSQL & MongoDB wi...
 
Disaster Recovery Planning for MySQL & MariaDB
Disaster Recovery Planning for MySQL & MariaDBDisaster Recovery Planning for MySQL & MariaDB
Disaster Recovery Planning for MySQL & MariaDB
 
MariaDB Performance Tuning Crash Course
MariaDB Performance Tuning Crash CourseMariaDB Performance Tuning Crash Course
MariaDB Performance Tuning Crash Course
 
Performance Tuning Cheat Sheet for MongoDB
Performance Tuning Cheat Sheet for MongoDBPerformance Tuning Cheat Sheet for MongoDB
Performance Tuning Cheat Sheet for MongoDB
 
Polyglot Persistence Utilizing Open Source Databases as a Swiss Pocket Knife
Polyglot Persistence Utilizing Open Source Databases as a Swiss Pocket KnifePolyglot Persistence Utilizing Open Source Databases as a Swiss Pocket Knife
Polyglot Persistence Utilizing Open Source Databases as a Swiss Pocket Knife
 
Webinar slides: An Introduction to Performance Monitoring for PostgreSQL
Webinar slides: An Introduction to Performance Monitoring for PostgreSQLWebinar slides: An Introduction to Performance Monitoring for PostgreSQL
Webinar slides: An Introduction to Performance Monitoring for PostgreSQL
 
Webinar slides: Our Guide to MySQL & MariaDB Performance Tuning
Webinar slides: Our Guide to MySQL & MariaDB Performance TuningWebinar slides: Our Guide to MySQL & MariaDB Performance Tuning
Webinar slides: Our Guide to MySQL & MariaDB Performance Tuning
 
Webinar slides: Migrating to Galera Cluster for MySQL and MariaDB
Webinar slides: Migrating to Galera Cluster for MySQL and MariaDBWebinar slides: Migrating to Galera Cluster for MySQL and MariaDB
Webinar slides: Migrating to Galera Cluster for MySQL and MariaDB
 
Webinar slides: How to Measure Database Availability?
Webinar slides: How to Measure Database Availability?Webinar slides: How to Measure Database Availability?
Webinar slides: How to Measure Database Availability?
 
Webinar slides: Designing Open Source Databases for High Availability
Webinar slides: Designing Open Source Databases for High AvailabilityWebinar slides: Designing Open Source Databases for High Availability
Webinar slides: Designing Open Source Databases for High Availability
 

Recently uploaded

Book dating , international dating phgra
Book dating , international dating phgraBook dating , international dating phgra
Book dating , international dating phgra
thomaskurtha9
 
How-to-Diagnose-Hard-Drives-by-DFL-DDP-2024.pdf
How-to-Diagnose-Hard-Drives-by-DFL-DDP-2024.pdfHow-to-Diagnose-Hard-Drives-by-DFL-DDP-2024.pdf
How-to-Diagnose-Hard-Drives-by-DFL-DDP-2024.pdf
Dolphin Data Lab
 
202254.com全网最高清影视香蕉影视,热门电影推荐,热门电视剧在线观看,免费电影,电影在线,在线观看。球华人在线電視劇,免费点播,免费提供最新高清的...
202254.com全网最高清影视香蕉影视,热门电影推荐,热门电视剧在线观看,免费电影,电影在线,在线观看。球华人在线電視劇,免费点播,免费提供最新高清的...202254.com全网最高清影视香蕉影视,热门电影推荐,热门电视剧在线观看,免费电影,电影在线,在线观看。球华人在线電視劇,免费点播,免费提供最新高清的...
202254.com全网最高清影视香蕉影视,热门电影推荐,热门电视剧在线观看,免费电影,电影在线,在线观看。球华人在线電視劇,免费点播,免费提供最新高清的...
ffg01100
 
Information Systems Auditing, Controls and Assurance , tanapat limsaiprom
Information Systems Auditing, Controls and Assurance , tanapat limsaipromInformation Systems Auditing, Controls and Assurance , tanapat limsaiprom
Information Systems Auditing, Controls and Assurance , tanapat limsaiprom
TanapatLimsaiprom1
 
Dewanstudio Project Portfolio 2023 show case
Dewanstudio Project Portfolio 2023 show caseDewanstudio Project Portfolio 2023 show case
Dewanstudio Project Portfolio 2023 show case
DEWANSTUDIO.COM
 
Chennai Girls Call ServiCe X00XXX00XX Tanisha Best High Class Chennai Available
Chennai Girls Call ServiCe X00XXX00XX Tanisha Best High Class Chennai AvailableChennai Girls Call ServiCe X00XXX00XX Tanisha Best High Class Chennai Available
Chennai Girls Call ServiCe X00XXX00XX Tanisha Best High Class Chennai Available
shamrisumri
 
High Profile Girls Call ServiCe Chennai XX00XXX00X Tanisha Best High Class Ch...
High Profile Girls Call ServiCe Chennai XX00XXX00X Tanisha Best High Class Ch...High Profile Girls Call ServiCe Chennai XX00XXX00X Tanisha Best High Class Ch...
High Profile Girls Call ServiCe Chennai XX00XXX00X Tanisha Best High Class Ch...
shamrisumri
 
Web development Platform Constraints.pptx
Web development Platform Constraints.pptxWeb development Platform Constraints.pptx
Web development Platform Constraints.pptx
ssuser2f6682
 
Megalive99 Situs Betting Online Gacor Terpercaya
Megalive99 Situs Betting Online Gacor TerpercayaMegalive99 Situs Betting Online Gacor Terpercaya
Megalive99 Situs Betting Online Gacor Terpercaya
Megalive99
 
Top 50 Telephone Conversation Sample Examples For IT Industries.pdf
Top 50 Telephone Conversation Sample Examples For IT Industries.pdfTop 50 Telephone Conversation Sample Examples For IT Industries.pdf
Top 50 Telephone Conversation Sample Examples For IT Industries.pdf
Krishna L
 
How Salesforce Development in the UK is Driving Digital Transformation
How Salesforce Development in the UK is Driving Digital TransformationHow Salesforce Development in the UK is Driving Digital Transformation
How Salesforce Development in the UK is Driving Digital Transformation
Sweet Potato Tec
 
Iot-Internet-of-Things_Industrial revolution 4.0-ppt.pptx
Iot-Internet-of-Things_Industrial revolution 4.0-ppt.pptxIot-Internet-of-Things_Industrial revolution 4.0-ppt.pptx
Iot-Internet-of-Things_Industrial revolution 4.0-ppt.pptx
DeepakKumar862274
 
202254.com免费观看《长相思第二季》免费观看高清,长相思第二季线上看,《长相思第二季》最新电视剧在线观看,杨紫最新电视剧
202254.com免费观看《长相思第二季》免费观看高清,长相思第二季线上看,《长相思第二季》最新电视剧在线观看,杨紫最新电视剧202254.com免费观看《长相思第二季》免费观看高清,长相思第二季线上看,《长相思第二季》最新电视剧在线观看,杨紫最新电视剧
202254.com免费观看《长相思第二季》免费观看高清,长相思第二季线上看,《长相思第二季》最新电视剧在线观看,杨紫最新电视剧
ffg01100
 
Ontology for the semantic enhancement, database definition and management and...
Ontology for the semantic enhancement, database definition and management and...Ontology for the semantic enhancement, database definition and management and...
Ontology for the semantic enhancement, database definition and management and...
Edward Blurock
 
Kolkata @Girls @Call WhatsApp Numbers 🫦0000XX0000🫦 List For Friendship Girls ...
Kolkata @Girls @Call WhatsApp Numbers 🫦0000XX0000🫦 List For Friendship Girls ...Kolkata @Girls @Call WhatsApp Numbers 🫦0000XX0000🫦 List For Friendship Girls ...
Kolkata @Girls @Call WhatsApp Numbers 🫦0000XX0000🫦 List For Friendship Girls ...
paridubey2024#G05
 
Network Layer and its protocols mod .pptx
Network Layer and its protocols mod .pptxNetwork Layer and its protocols mod .pptx
Network Layer and its protocols mod .pptx
cossykin19
 
Jarren Duran Fuck EM T shirts Jarren Duran Fuck EM T shirts
Jarren Duran Fuck EM T shirts Jarren Duran Fuck EM T shirtsJarren Duran Fuck EM T shirts Jarren Duran Fuck EM T shirts
Jarren Duran Fuck EM T shirts Jarren Duran Fuck EM T shirts
exgf28
 
@Girls @Call Chennai 🛬 XXXXXXXXXX 🛬 available 24*7 cash payment book now pay ...
@Girls @Call Chennai 🛬 XXXXXXXXXX 🛬 available 24*7 cash payment book now pay ...@Girls @Call Chennai 🛬 XXXXXXXXXX 🛬 available 24*7 cash payment book now pay ...
@Girls @Call Chennai 🛬 XXXXXXXXXX 🛬 available 24*7 cash payment book now pay ...
shamrisumri
 
202254.com香蕉影视,在线观看《我才不要和你做朋友呢》在线观看最新电影,香蕉影视在线观看《我才不要和你做朋友呢》在线观看高清电影
202254.com香蕉影视,在线观看《我才不要和你做朋友呢》在线观看最新电影,香蕉影视在线观看《我才不要和你做朋友呢》在线观看高清电影202254.com香蕉影视,在线观看《我才不要和你做朋友呢》在线观看最新电影,香蕉影视在线观看《我才不要和你做朋友呢》在线观看高清电影
202254.com香蕉影视,在线观看《我才不要和你做朋友呢》在线观看最新电影,香蕉影视在线观看《我才不要和你做朋友呢》在线观看高清电影
ffg01100
 
Girls Call Mahipalpur 000XX00000 Provide Best And Top Girl Service And No1 in...
Girls Call Mahipalpur 000XX00000 Provide Best And Top Girl Service And No1 in...Girls Call Mahipalpur 000XX00000 Provide Best And Top Girl Service And No1 in...
Girls Call Mahipalpur 000XX00000 Provide Best And Top Girl Service And No1 in...
mahigarg2024#G05
 

Recently uploaded (20)

Book dating , international dating phgra
Book dating , international dating phgraBook dating , international dating phgra
Book dating , international dating phgra
 
How-to-Diagnose-Hard-Drives-by-DFL-DDP-2024.pdf
How-to-Diagnose-Hard-Drives-by-DFL-DDP-2024.pdfHow-to-Diagnose-Hard-Drives-by-DFL-DDP-2024.pdf
How-to-Diagnose-Hard-Drives-by-DFL-DDP-2024.pdf
 
202254.com全网最高清影视香蕉影视,热门电影推荐,热门电视剧在线观看,免费电影,电影在线,在线观看。球华人在线電視劇,免费点播,免费提供最新高清的...
202254.com全网最高清影视香蕉影视,热门电影推荐,热门电视剧在线观看,免费电影,电影在线,在线观看。球华人在线電視劇,免费点播,免费提供最新高清的...202254.com全网最高清影视香蕉影视,热门电影推荐,热门电视剧在线观看,免费电影,电影在线,在线观看。球华人在线電視劇,免费点播,免费提供最新高清的...
202254.com全网最高清影视香蕉影视,热门电影推荐,热门电视剧在线观看,免费电影,电影在线,在线观看。球华人在线電視劇,免费点播,免费提供最新高清的...
 
Information Systems Auditing, Controls and Assurance , tanapat limsaiprom
Information Systems Auditing, Controls and Assurance , tanapat limsaipromInformation Systems Auditing, Controls and Assurance , tanapat limsaiprom
Information Systems Auditing, Controls and Assurance , tanapat limsaiprom
 
Dewanstudio Project Portfolio 2023 show case
Dewanstudio Project Portfolio 2023 show caseDewanstudio Project Portfolio 2023 show case
Dewanstudio Project Portfolio 2023 show case
 
Chennai Girls Call ServiCe X00XXX00XX Tanisha Best High Class Chennai Available
Chennai Girls Call ServiCe X00XXX00XX Tanisha Best High Class Chennai AvailableChennai Girls Call ServiCe X00XXX00XX Tanisha Best High Class Chennai Available
Chennai Girls Call ServiCe X00XXX00XX Tanisha Best High Class Chennai Available
 
High Profile Girls Call ServiCe Chennai XX00XXX00X Tanisha Best High Class Ch...
High Profile Girls Call ServiCe Chennai XX00XXX00X Tanisha Best High Class Ch...High Profile Girls Call ServiCe Chennai XX00XXX00X Tanisha Best High Class Ch...
High Profile Girls Call ServiCe Chennai XX00XXX00X Tanisha Best High Class Ch...
 
Web development Platform Constraints.pptx
Web development Platform Constraints.pptxWeb development Platform Constraints.pptx
Web development Platform Constraints.pptx
 
Megalive99 Situs Betting Online Gacor Terpercaya
Megalive99 Situs Betting Online Gacor TerpercayaMegalive99 Situs Betting Online Gacor Terpercaya
Megalive99 Situs Betting Online Gacor Terpercaya
 
Top 50 Telephone Conversation Sample Examples For IT Industries.pdf
Top 50 Telephone Conversation Sample Examples For IT Industries.pdfTop 50 Telephone Conversation Sample Examples For IT Industries.pdf
Top 50 Telephone Conversation Sample Examples For IT Industries.pdf
 
How Salesforce Development in the UK is Driving Digital Transformation
How Salesforce Development in the UK is Driving Digital TransformationHow Salesforce Development in the UK is Driving Digital Transformation
How Salesforce Development in the UK is Driving Digital Transformation
 
Iot-Internet-of-Things_Industrial revolution 4.0-ppt.pptx
Iot-Internet-of-Things_Industrial revolution 4.0-ppt.pptxIot-Internet-of-Things_Industrial revolution 4.0-ppt.pptx
Iot-Internet-of-Things_Industrial revolution 4.0-ppt.pptx
 
202254.com免费观看《长相思第二季》免费观看高清,长相思第二季线上看,《长相思第二季》最新电视剧在线观看,杨紫最新电视剧
202254.com免费观看《长相思第二季》免费观看高清,长相思第二季线上看,《长相思第二季》最新电视剧在线观看,杨紫最新电视剧202254.com免费观看《长相思第二季》免费观看高清,长相思第二季线上看,《长相思第二季》最新电视剧在线观看,杨紫最新电视剧
202254.com免费观看《长相思第二季》免费观看高清,长相思第二季线上看,《长相思第二季》最新电视剧在线观看,杨紫最新电视剧
 
Ontology for the semantic enhancement, database definition and management and...
Ontology for the semantic enhancement, database definition and management and...Ontology for the semantic enhancement, database definition and management and...
Ontology for the semantic enhancement, database definition and management and...
 
Kolkata @Girls @Call WhatsApp Numbers 🫦0000XX0000🫦 List For Friendship Girls ...
Kolkata @Girls @Call WhatsApp Numbers 🫦0000XX0000🫦 List For Friendship Girls ...Kolkata @Girls @Call WhatsApp Numbers 🫦0000XX0000🫦 List For Friendship Girls ...
Kolkata @Girls @Call WhatsApp Numbers 🫦0000XX0000🫦 List For Friendship Girls ...
 
Network Layer and its protocols mod .pptx
Network Layer and its protocols mod .pptxNetwork Layer and its protocols mod .pptx
Network Layer and its protocols mod .pptx
 
Jarren Duran Fuck EM T shirts Jarren Duran Fuck EM T shirts
Jarren Duran Fuck EM T shirts Jarren Duran Fuck EM T shirtsJarren Duran Fuck EM T shirts Jarren Duran Fuck EM T shirts
Jarren Duran Fuck EM T shirts Jarren Duran Fuck EM T shirts
 
@Girls @Call Chennai 🛬 XXXXXXXXXX 🛬 available 24*7 cash payment book now pay ...
@Girls @Call Chennai 🛬 XXXXXXXXXX 🛬 available 24*7 cash payment book now pay ...@Girls @Call Chennai 🛬 XXXXXXXXXX 🛬 available 24*7 cash payment book now pay ...
@Girls @Call Chennai 🛬 XXXXXXXXXX 🛬 available 24*7 cash payment book now pay ...
 
202254.com香蕉影视,在线观看《我才不要和你做朋友呢》在线观看最新电影,香蕉影视在线观看《我才不要和你做朋友呢》在线观看高清电影
202254.com香蕉影视,在线观看《我才不要和你做朋友呢》在线观看最新电影,香蕉影视在线观看《我才不要和你做朋友呢》在线观看高清电影202254.com香蕉影视,在线观看《我才不要和你做朋友呢》在线观看最新电影,香蕉影视在线观看《我才不要和你做朋友呢》在线观看高清电影
202254.com香蕉影视,在线观看《我才不要和你做朋友呢》在线观看最新电影,香蕉影视在线观看《我才不要和你做朋友呢》在线观看高清电影
 
Girls Call Mahipalpur 000XX00000 Provide Best And Top Girl Service And No1 in...
Girls Call Mahipalpur 000XX00000 Provide Best And Top Girl Service And No1 in...Girls Call Mahipalpur 000XX00000 Provide Best And Top Girl Service And No1 in...
Girls Call Mahipalpur 000XX00000 Provide Best And Top Girl Service And No1 in...
 

Webinar slides: How to Achieve PCI Compliance for MySQL & MariaDB with ClusterControl

  • 1. January 30, 2018 How to achieve PCI compliance for MySQL & MariaDB with ClusterControl Laurent Blume & Vinay Joosery Presenters
  • 2. Copyright 2017 Severalnines AB I'm Jean-Jérôme from the Severalnines Team and I'm your host for today's webinar! Feel free to ask any questions in the Questions section of this application or via the Chat box. You can also contact me directly via the chat box or via email: jj@severalnines.com during or after the webinar. Your host & some logistics
  • 3. Copyright 2017 Severalnines AB Copyright 2017 Severalnines AB About Severalnines and ClusterControl
  • 4. Copyright 2017 Severalnines AB What we do Manage Scale MonitorDeploy
  • 5. What Problems do we Address? Copyright 2017 Severalnines AB Deploy Deploy MySQL, Postgres or MongoDB - single instances or entire clusters Monitor Get a unified view of all clusters across all your data centers Scale Add/remove nodes, resize instances & clone your production clusters Manage Automatically repair & recover broken nodes or clusters. Test & automate upgrades
  • 6. ClusterControl Platform Copyright 2017 Severalnines AB ClusterControl CC Clients Notifications Email PagerDuty VictorOps OpsGenie Slack TeleGram Webhooks Web UI S9s CLI JSON RPC Support 24/7 KeepAlived HAProxy ProxySQL MaxScale Galera MariaDb Percona Replication MariaDb Percona MongoDb MongoDb Inc Percona PostgreSql PgSQL Codership Cloud Backup
  • 7. Deployment Features in ClusterControl Copyright 2017 Severalnines AB ● Each Cluster can be deployed and existing Clusters can be imported. ● Web UI ○ Deployment Wizard ● CLI ○ Allows easy integration with e.g Ansible s9s cluster --create --cluster-type=galera --nodes='10.10.10.26;10.10.10.27;10.10.10.28' --vendor=percona --cluster-name=PXC_CENTOS7 --provider-version=5.7 --os-user=vagrant --wait ● Supports multiple NICs and templated configurations.
  • 8. Monitoring Features in ClusterControl Copyright 2017 Severalnines AB ● Database specific stats and Health status ○ Graphs and Dashboards ● Host statistics ○ E.g Predictive disk space usage monitoring ● Query Monitoring ○ E.g Top Queries, Outlier detection ● Advisors ○ Developer Studio with JS like syntax ● Notifications ○ Email, Pagerduty, VictorOps etc ● Operational Reports
  • 9. Management Features in ClusterControl Copyright 2017 Severalnines AB ● Availability ○ Node/Cluster Recovery ● Backup and Restore ○ MySQL: mysqldump, xtrabackup ○ Postgres: pg_dump, pg_basebackup ○ MongoDb: Mongodump, MongoDb Consistent Backup ● Configuration ● Upgrades ● Loadbalancer ○ HAProxy, ProxySQL, MaxScale ○ KeepAlived
  • 10. Copyright 2017 Severalnines AB Supported Databases
  • 12. Copyright 2017 Severalnines AB Copyright 2017 Severalnines AB Agenda
  • 13. Today’s topics Copyright 2017 Severalnines AB ● Introduction to the PCI-DSS standard ● The impact of PCI on database management ● Meeting PCI requirements for MySQL / MariaDB with ClusterControl ● Conclusion ● Q&A
  • 14. About me Copyright 2017 Severalnines AB Laurent Blume, Unix Systems Engineer & PCI-DSS implementer
  • 15. Copyright 2017 Severalnines AB Copyright 2017 Severalnines AB Introduction to the PCI-DSS standard
  • 16. Header Copyright 2017 Severalnines AB Source: https://www.pcisecuritystandards.org/pci_security/maintaining_payment_security
  • 17. What is PCI-DSS ? Copyright 2017 Severalnines AB ● Managed by the PCI Security Standard Council, which was founded by major payment card companies ● Set of technical & operational requirements to protect cardholder data ● Governs all merchants and organizations that store/process/transmits this data
  • 18. What isn’t PCI-DSS ? Copyright 2017 Severalnines AB ● Not set in stone ○ Version 3.2 (April 2016) currently in force ● Not a goal that can be reached then forgotten ○ Yearly reviews and audits ● Not a governmental regulation ○ Those also need to be respected (GDPR, …)
  • 19. Applicable Data Copyright 2017 Severalnines AB ● All revolves around the card number, aka the PAN ○ You can store it after a transaction, but it needs protection ● Other elements used during the transaction must never be stored (PIN, CVV, …) Ref: https://www.pcisecuritystandards.org/pdfs/pci_fs_data_storage.pdf
  • 20. Why comply? Copyright 2017 Severalnines AB ● Required in order to accept credit cards ● A security breach has serious consequences ○ Regulatory notification ○ Fines ○ Litigation ○ Impacts your customers and reputation
  • 21. Compliance Checks Copyright 2017 Severalnines AB ● The same rules apply to every company handling card information ● Merchant levels define how the compliance is checked ○ Minimum: an annual Self Assessment Questionnaire and network scan ○ Maximum: an annual audit by a Qualified Security Assessor https://pci.qualys.com/static/help/merchant/getting_started/pci_merchant_levels.htm
  • 22. Copyright 2017 Severalnines AB Copyright 2017 Severalnines AB The Impact of PCI on Database Management
  • 23. Cardholder Data Environment (CDE) Copyright 2017 Severalnines AB ● PCI-DSS applies to every single component inside the CDE ● That CDE must be precisely defined ● An isolated network can reduce the scope
  • 24. Cardholder Data Environment (CDE) Copyright 2017 Severalnines AB ● What’s inside the CDE: ○ Workstations ○ Application servers ○ Network equipment ○ Databases ○ ...
  • 25. Cardholder Data Environment (CDE) Copyright 2017 Severalnines AB ● The database often is the central element of the CDE ○ It contains sensitive data that must be protected ○ It sends and receives fresh data ○ It must be reachable, but only by authorized parties (load balancers, application servers, …)
  • 26. Procedures and Provability Copyright 2017 Severalnines AB ● Doing things right: of course you must ● Proving you’re doing them right? ○ Not as obvious as you might think...
  • 27. Procedures and Provability: Making it easier Copyright 2017 Severalnines AB ● Automation: ○ It takes time to set it up, then it saves time ○ It helps making sure an action made once will not be forgotten next time ○ It helps proving what you’ve been doing since the last time you saw the auditor
  • 28. Database environment is distributed Copyright 2017 Severalnines AB ● You process card numbers? ● You need security ● It’s likely you also need reliability ○ Multiple servers ○ Multiple data centers
  • 29. Single view/control of distributed environment Copyright 2017 Severalnines AB ● In short, you need a cluster ○ Distributed database of identical nodes ○ Load balancers manage access to those nodes ○ Application clients use one connection string ○ Single view: all nodes as a single entity facilitates compliance
  • 30. Copyright 2017 Severalnines AB Copyright 2017 Severalnines AB Meeting PCI Requirements for MySQL & MariaDB with ClusterControl
  • 31. PCI Data Security Standard - Overview Copyright 2017 Severalnines AB
  • 32. 2. Do not use vendor-supplied defaults for system passwords & other security parameters Copyright 2017 Severalnines AB ● Set root password, disable remote root login ● Remove anonymous users/test database ● Automated via ClusterControl ○ Easily audited in the UI ● … more in our ‘10 Security Tips’ blog* * https://severalnines.com/blog/ten-tips-how-achieve-mysql-and-mariadb-security
  • 33. 3. Protect stored cardholder data Copyright 2017 Severalnines AB ● Some fields must not be stored in any form ○ PIN, CVV2 ● A stored PAN must be masked or encrypted ○ MySQL encryption functions ○ Transparent Data Encryption ● Ensure logs do not contain sensitive data ● ClusterControl ○ Helps understanding the database structure ○ Allows to check its logs
  • 34. 4. Encrypt transmission of cardholder data across open, public networks Copyright 2017 Severalnines AB ● Setup TLS between database nodes ○ Replication traffic ● Setup TLS from application to database ● ClusterControl can set up the TLS connections between nodes and for database users
  • 35. Example: Encrypting client/server traffic + intra-cluster replication traffic Copyright 2017 Severalnines AB
  • 36. 6. Develop & maintain secure systems & applications Copyright 2017 Severalnines AB ● Track ○ what is running in production ○ vulnerabilities and current risk level ● Patch ○ any critical vulnerability within a month ○ non-critical ones within 3 months ● Separate dev and staging environments
  • 38. Automate upgrades via ClusterControl Copyright 2017 Severalnines AB ● Makes database upgrades simpler: ○ Each node is upgraded in turn without service interruption ○ After the database version is upgraded, the schema is updated by the script ● Makes system upgrades simpler ○ After the OS is updated (yum upgrade, …), each node can be rebooted in sequence ● No service interruption during upgrades
  • 39. Automate upgrades via ClusterControl Copyright 2017 Severalnines AB
  • 40. ClusterControl built on standard bricks Copyright 2017 Severalnines AB ● ClusterControl uses Apache, PHP, ssh, from standard Linux distributions ● Easier for Severalnines developers to follow industry Best Practices ● Easier for end-users to deploy and manage using standard tools
  • 41. 7. Restrict access to cardholder data by business need to know Copyright 2017 Severalnines AB ● Root account accessed from localhost ● Administrator manages the DB but does not access the content ● Developer account defines DB structure ● Service accounts to access content, used only by application and limited to its needs ● Least privilege model ● Accounts and privileges can be audited in ClusterControl in different environments: development, staging, production
  • 42. 8. Identify & authenticate access to system components Copyright 2017 Severalnines AB ● View of all granted users + permissions ● Control addition/deletion of user IDs ● No shared ID rule ● ClusterControl ○ shows all database user accounts at a glance ○ can use LDAP for its own access control
  • 43. User Mgmt: Single view Copyright 2017 Severalnines AB
  • 44. 10. Track & monitor all access to network resources & cardholder data Copyright 2017 Severalnines AB ● ClusterControl keeps ○ an audit trail for management access ○ logs to remote syslog server ● Audit plugins from MariaDB and Percona
  • 45. 10. Track & monitor all access to network resources & cardholder data Copyright 2017 Severalnines AB ● ClusterControl keeps ○ an audit trail for management access ○ logs to remote syslog server ● Audit plugins from MariaDB and Percona
  • 46. 10. Track & monitor all access to network resources & cardholder data Copyright 2017 Severalnines AB ● ClusterControl keeps ○ an audit trail for management access ○ logs to remote syslog server ● Audit plugins from MariaDB and Percona
  • 47. 10. Track & monitor all access to network resources & cardholder data Copyright 2017 Severalnines AB
  • 48. 1. Install & maintain a firewall configuration to protect cardholder data Copyright 2017 Severalnines AB ● Different flows of data either allowed or blocked ● Limit incoming/outgoing connections to what is absolutely needed
  • 49. 5. Protect all systems against malware & regularly update anti-virus software or programmes Copyright 2017 Severalnines AB ● Understand impact on database performance ● Can create false positives on certain file formats ● ClusterControl can’t help with that :)
  • 50. 9. Restrict physical access to cardholder data Copyright 2017 Severalnines AB ● Not directly applicable to ClusterControl
  • 51. 11. Regularly test security systems and processes Copyright 2017 Severalnines AB ● ClusterControl will be itself scanned ● It works as for any other web application without adding an additional burden ● It helps keep the database part up to date
  • 52. 12. Maintain an information security policy for all personnel Copyright 2017 Severalnines AB ● Last but not least, and often overlooked: technology matters, but people stay in charge ● Streamline the management of the database environment via ClusterControl ● Management actions performed via UI
  • 53. Copyright 2017 Severalnines AB Copyright 2017 Severalnines AB Conclusion
  • 54. An ongoing process Copyright 2017 Severalnines AB ● Payment card security not a fixed goal ● PCI Standard is upgraded every year ○ Announced last week: PCI SPoC* ● Environments must evolve with the changes * https://www.pcisecuritystandards.org/pdfs/SPOC_Press_Release_24_Jan.pdf
  • 55. Making Compliance less time consuming Copyright 2017 Severalnines AB ● MySQL/MariaDB not designed for modern security ● Reaching compliance for an existing environment can be overwhelming ● Leverage reliable database tools to ease out crucial parts ● Automate and manage your MySQL & MariaDB databases with ClusterControl
  • 56. Secure DB Setup with ClusterControl Copyright 2017 Severalnines AB ● A simple example of a CDE with ClusterControl
  • 57. Copyright 2017 Severalnines AB Copyright 2017 Severalnines AB Q&A
  • 58. Additional Resources Copyright 2017 Severalnines AB ● White paper: How to achieve PCI compliance for MySQL & MariaDB with ClusterControl ● ClusterControl in Financial Technology ● Download ClusterControl ● Contact us: info@severalnines.com