MariaDB Enterprise & MariaDB Enterprise Cluster - MariaDB Webinar July 2014, presented in French
MariaDB Enterprise Spring 2016 for mission-critical data
Transcript of MariaDB Enterprise Spring 2016 for mission-critical data
**
2
MariaDB
22nd March 2016
Nishant Vyas, Head of Product and StrategyVanessa S. D’Amelio, VP of Marketing
Enterprise Spring 2016for Mission-Critical Data
3
Let’s Get Started - Some Housekeeping
We will review the questions as they come in and answer then during the Q&A. You can post in chat
This session is being recorded1.
2.
3.
4.
5.
Running time is approximately 30 minutes
Copies of the slides will be sent out after the webinar ends
Don’t forget to share on your social networks and to follow us on Twitter, Facebook and LinkedIn to learn about upcoming webinars
4
WelcomeWe will send you the slides and a link
to the recorded webinar.
Please share this with your social network!
Nishant VyasHead of MariaDB Product and
Strategy
5
Our Objectives for MariaDB Enterprise
Enable you to quickly deliver new applications and functionality that generate business value
Make it easy to meet the uptime and performance needs of your application while operating efficiently
Protect data against security, regulatory, and operational risks
1.
2.
3.
6
MariaDB Enterprise: Packaged Enterprise RDBMS
1. Based on MariaDB open source project
2. Optimized binaries
3. MariaDB MaxScale
4. MariaDB Connectors
5. Robust technical services and support
6. Productivity tools
7. Customer Portal
8. 24x7 support
9. Optional Consulting and RemoteDBA services
MariaDB Enterprise
MariaDB Enterprise Cluster ▪ Advanced, multi-master clustering
▪ Expert support for demanding production applications
Security Stack • Data-at-Rest Encryption
• Database Firewall
• Password Validation and more
High Availability
• Built-in Galera Cluster
Replication Scalability • New Replication Methods
Performance• InnoDB Page Compression
• Defragmentation
MariaDB Enterprise Spring 2016
Prevent Attacks- Unauthorized Access- Denial of Service- SQL Injections
Make the prize unattractive with encryptionNative Mode Encryption protects data at rest
Audit for Forensics
MariaDB Enterprise Security
MariaDB 10.1
InnoDB /
XtraDB
Aria
Benefit from CommunityProtection
SSL Encryption protects data in motion
Password Validation
With MariaDB Enterprise 10.1 and the password
validation plugin API it is possible to load
plugins to verify a password against:
■ simple_password_check plugin
Enforce a minimum password length and
type/number of characters to be used
■ cracklib_password_check plugin
A widely used library. Stop users from
choosing easy to guess passwords.
Includes checks for not allowing passwords
based on username or a dictionary word.
External Authentication
Single Sign On is getting mandatory in most
Enterprises.
■ PAM-Authentication Plugin allows using
/etc/shadow and any PAM based
authentication like LDAP
■ Kerberos-Authentication as a
standardized network authentication
protocol is provided GSSAPI based on
UNIX and SSPI based on Windows
9
Security - Accessibility
Database Firewall MariaDB MaxScale Firewall
■ Protects against SQL injection
■ Prevents unauthorized user access and
data damage
■ White-list or Black-list Queries
■ Queries that match a set of rules
■ Queries matching rules for specified users
■ Queries that match certain patterns, columns,
statement types
■ Multiple ordered rule
Denial of Service attack protection MariaDB MaxScale Persistent Connections
■ Protect against connection surge
■ Thwart DDoS attacks
■ Cache the connections from MaxScale to the
database server
■ rate limitation
■ client multiplexing
10
Security - Accessibility
More information on the Firewall More information on the DoS protection
Secured Connections
■ Data-In-Motion encryption by using
SSL Connections based on the TLSv1.2
Protocol
■ Between MariaDB Connectors and
Server
■ Between MariaDB Connectors and
MaxScale
■ SSL can also be enabled for the
replication channel
Encryption Functions
■ MariaDB Enterprise Server provides
Encryption Functions for selective Data-
In-Use Encryption. As Encryption
Functions needs to be called by the
application inside of SQL Statements,
Applications have full control when data
is encrypted.
■ Encryption functions are based on the
AES (Advanced Encryption Standard) or
DES (Data Encryption Standard)
algorithm.
11
Security - Encryption
More information on the Connectors & SSL More information on those functions
Data-at-Rest Encryption
MariaDB has leveraged community contributions
and the company’s engineering talent to provide
Data at rest encryption:
■ It encrypts table or tables spaces as well as
log files to assure end user data are always
secured, without relying on the encryption
capabilities of the applications accessing
the database
■ The encryption is based on encryption keys,
key ids, key rotation and key versioning
Key Management Services
■ The encryption plugin API allows a plugin
to implement the actual data encryption,
but also the key management to be used.
■ The plugin file_key_management
included in MariaDB Enterprise Server to
provide a simple key management
■ MariaDB Enterprise also comes with the
Amazon AWS KMS Plugin as well as the
Eperi KMS (optional) for on premise key
management using the Eperi Plugin, the
Eperi Gateway
○ and if requested a Hardware Security Module 12
Security - Encryption
More information on the Encryption functions
MariaDB Audit Plugin
Enable you to audit server activity, bringing
both security and compliance to your
business
■ Logs server activity: who connected
to the server and from where, what
queries were executed, and what
tables were touched.
■ A file based or syslog based logging is
available
Security - Auditing
13More information on the Audit Plugin
Connection
Query
Object
ConnectDisconnect
Failed Connect
DDLDML+TCL
DCL
DatabaseTables
TimestampHostUser
Session
Security Vulnerabilities
https://mariadb.com/kb/en/mariadb/security/
14
Get notified by watching this page.
Galera is now inside MariaDB Enterprise 10.1
■ The MariaDB Server and MariaDB Galera Server
packages have been combined
■ Galera packages and their dependencies get
installed automatically
■ The Galera parts remain dormant until
configured, like a plugin or storage engine
■ Enterprise support services for the Galera Cluster
functionality are included in MariaDB Enterprise
Cluster subscription
15
High Availability
More information on Enterprise & Galera
To : Try to replicate any transaction in
parallel, as long as a transaction can be
rolled back and re-tried (eg. InnoDB/XtraDB
DML).
■ If there are no conflicts, then great,
parallelism will be improved.
■ If there is a conflict, the enforced
commit order will cause it to be
detected as a deadlock, and the later
transaction will be rolled back and
retried.
More information on optimistic replication
16
Replication Scalability EnhancementOptimistic parallel replication – all
transactions will be considered to be run in
parallel, giving another performance boost in
master-to-slave replication
Moving from : only run in parallel
transactions that were known to be able to
safely replicate in parallel.
InnoDB/XtraDB Page Compression
■ Alternative to compress tables different (but similar) to the InnoDB COMPRESSED storage format
● InnoDB Compressed stores : both uncompressed and compressed pages in the buffer pool
● Page Compression, stores only uncompressed pages
17
Performance - InnoDB
InnoDB Defragmentation
■ Deleted records can create gaps on pages
■ No new SQL literals needed and changes to the server needed
● OPTIMIZE TABLE is used
Optimizer enhancements including EXPLAIN JSON and EXPLAIN ANALYZE (with FORMAT=JSON)
■ ANALYZE statement provides output that looks like EXPLAIN output, but also is includes data from the query execution
■ ANALYZE FORMAT=JSON produces detailed information about the statement execution
New Service: MariaDB Security Audit
18
Evaluate and address database security policies, technologies, and practices
■ Review of your database security needs and requirements
■ Access control assessment
■ Automated attack protection review
■ Encryption tools and practices
■ Forensic capabilities review
■ Ongoing compliance and security planning
Fully leverage MariaDB’s security
capabilities
Reduce legal, financial, and brand
reputation risk
Please refer to the MariaDB Enterprise Installation Guide for additional details.19
How do I Evaluate MariaDB Enterprise?1. Go to mariadb.com
2. Login or Sign up
3. Click “My Portal”
4. Click on the Downloads tab
5. Either use our repository or download directly
New Service: MariaDB Security Audit
20
Evaluate and address database security policies, technologies, and practices
■ Review of your database security needs and requirements
■ Access control assessment
■ Automated attack protection review
■ Encryption tools and practices
■ Forensic capabilities review
■ Ongoing compliance and security planning
Fully leverage MariaDB’s security
capabilities
Reduce legal, financial, and brand
reputation risk
21
Q&AWe will send you those
slides and this video after this webinar.
Password validation plugin API https://mariadb.com/kb/en/mariadb/password-validation/
simple_password_check plugin https://mariadb.com/kb/en/mariadb/simple_password_check/
cracklib_password_check plugin https://mariadb.com/kb/en/mariadb/cracklib_password_check/
PAM-Authentication Plugin https://mariadb.com/kb/en/mariadb/pam-authentication-plugin/
Kerberos-Authentication https://mariadb.com/kb/en/mariadb/gssapi-authentication-plugin/
MaxScale Firewall https://mariadb.com/.../mariadb-enterprise/mariadb-maxscale/maxscale-database-firewall-filter/
MaxScale Dos protection https://mariadb.com/products/mariadb-maxscale/mariadb-maxscale-security
Connectors https://mariadb.com/kb/en/mariadb/client-libraries/
Encryption Functions https://mariadb.com/kb/en/mariadb/encryption-hashing-and-compression-functions/
Data-at-Rest Encryption https://mariadb.com/kb/en/mariadb/data-at-rest-encryption/
Download page: https://mariadb.com/my_portal/download
Audit Plugin https://mariadb.com/kb/en/mariadb/about-the-mariadb-audit-plugin/
Security Vulnerabilities fixed https://mariadb.com/kb/en/mariadb/security/
Enterprise & Galera https://mariadb.com/products/mariadb-enterprise-cluster
Optimistic replication https://mariadb.com/.../parallel-replication/#optimistic-mode-of-in-order-parallel-replication
Page Compression https://mariadb.com/kb/en/mariadb/compression/
InnoDB compressed storage format https://mariadb.com/kb/en/xtradbinnodb-storage-formats/#compressed22
MariaDB Enterprise: Webinar links
Product page: https://mariadb.com/products/mariadb-enterprise
Product FAQ: https://mariadb.com/products/product-faqs
Product comparison: https://mariadb.com/products/subscription-plans
Download page: https://mariadb.com/my_portal/download
Technical documentation: https://mariadb.com/kb/en/mariadb-enterprise/
Docker image: https://mariadb.com/kb/en/mariadb-enterprise/mariadb-enterprise-in-docker/
Chef Cookbook: https://mariadb.com/kb/en/mariadb-enterprise/mariadb-enterprise-chef-cookbook/
Notification Service: https://mariadb.com/.../mariadb-enterprise-notification-service-setup-guide/
Microsoft Azure: https://mariadb.com/.../mariadb-enterprise-cluster-in-azure-quick-guide/
23
MariaDB Enterprise: Additional Resources
Thank YouNishant Vyas, MariaDB Head of Product and Strategy
24
* 25*