**

2

MariaDB

22nd March 2016

Nishant Vyas, Head of Product and StrategyVanessa S. D’Amelio, VP of Marketing

Enterprise Spring 2016for Mission-Critical Data

3

Let’s Get Started - Some Housekeeping

We will review the questions as they come in and answer then during the Q&A. You can post in chat

This session is being recorded1.

2.

3.

4.

5.

Running time is approximately 30 minutes

Copies of the slides will be sent out after the webinar ends

Don’t forget to share on your social networks and to follow us on Twitter, Facebook and LinkedIn to learn about upcoming webinars

4

WelcomeWe will send you the slides and a link

to the recorded webinar.

Please share this with your social network!

Nishant VyasHead of MariaDB Product and

Strategy

5

Our Objectives for MariaDB Enterprise

Enable you to quickly deliver new applications and functionality that generate business value

Make it easy to meet the uptime and performance needs of your application while operating efficiently

Protect data against security, regulatory, and operational risks

1.

2.

3.

6

MariaDB Enterprise: Packaged Enterprise RDBMS

1. Based on MariaDB open source project

2. Optimized binaries

3. MariaDB MaxScale

4. MariaDB Connectors

5. Robust technical services and support

6. Productivity tools

7. Customer Portal

8. 24x7 support

9. Optional Consulting and RemoteDBA services

MariaDB Enterprise

MariaDB Enterprise Cluster ▪ Advanced, multi-master clustering

▪ Expert support for demanding production applications

Security Stack • Data-at-Rest Encryption

• Database Firewall

• Password Validation and more

High Availability

• Built-in Galera Cluster

Replication Scalability • New Replication Methods

Performance• InnoDB Page Compression

• Defragmentation

MariaDB Enterprise Spring 2016

Prevent Attacks- Unauthorized Access- Denial of Service- SQL Injections

Make the prize unattractive with encryptionNative Mode Encryption protects data at rest

Audit for Forensics

MariaDB Enterprise Security

MariaDB 10.1

InnoDB /

XtraDB

Aria

Benefit from CommunityProtection

SSL Encryption protects data in motion

Password Validation

With MariaDB Enterprise 10.1 and the password

validation plugin API it is possible to load

plugins to verify a password against:

■ simple_password_check plugin

Enforce a minimum password length and

type/number of characters to be used

■ cracklib_password_check plugin

A widely used library. Stop users from

choosing easy to guess passwords.

Includes checks for not allowing passwords

based on username or a dictionary word.

External Authentication

Single Sign On is getting mandatory in most

Enterprises.

■ PAM-Authentication Plugin allows using

/etc/shadow and any PAM based

authentication like LDAP

■ Kerberos-Authentication as a

standardized network authentication

protocol is provided GSSAPI based on

UNIX and SSPI based on Windows

9

Security - Accessibility

Database Firewall MariaDB MaxScale Firewall

■ Protects against SQL injection

■ Prevents unauthorized user access and

data damage

■ White-list or Black-list Queries

■ Queries that match a set of rules

■ Queries matching rules for specified users

■ Queries that match certain patterns, columns,

statement types

■ Multiple ordered rule

Denial of Service attack protection MariaDB MaxScale Persistent Connections

■ Protect against connection surge

■ Thwart DDoS attacks

■ Cache the connections from MaxScale to the

database server

■ rate limitation

■ client multiplexing

10

Security - Accessibility

More information on the Firewall More information on the DoS protection

Secured Connections

■ Data-In-Motion encryption by using

SSL Connections based on the TLSv1.2

Protocol

■ Between MariaDB Connectors and

Server

■ Between MariaDB Connectors and

MaxScale

■ SSL can also be enabled for the

replication channel

Encryption Functions

■ MariaDB Enterprise Server provides

Encryption Functions for selective Data-

In-Use Encryption. As Encryption

Functions needs to be called by the

application inside of SQL Statements,

Applications have full control when data

is encrypted.

■ Encryption functions are based on the

AES (Advanced Encryption Standard) or

DES (Data Encryption Standard)

algorithm.

11

Security - Encryption

More information on the Connectors & SSL More information on those functions

Data-at-Rest Encryption

MariaDB has leveraged community contributions

and the company’s engineering talent to provide

Data at rest encryption:

■ It encrypts table or tables spaces as well as

log files to assure end user data are always

secured, without relying on the encryption

capabilities of the applications accessing

the database

■ The encryption is based on encryption keys,

key ids, key rotation and key versioning

Key Management Services

■ The encryption plugin API allows a plugin

to implement the actual data encryption,

but also the key management to be used.

■ The plugin file_key_management

included in MariaDB Enterprise Server to

provide a simple key management

■ MariaDB Enterprise also comes with the

Amazon AWS KMS Plugin as well as the

Eperi KMS (optional) for on premise key

management using the Eperi Plugin, the

Eperi Gateway

○ and if requested a Hardware Security Module 12

Security - Encryption

More information on the Encryption functions

MariaDB Audit Plugin

Enable you to audit server activity, bringing

both security and compliance to your

business

■ Logs server activity: who connected

to the server and from where, what

queries were executed, and what

tables were touched.

■ A file based or syslog based logging is

available

Security - Auditing

13More information on the Audit Plugin

Connection

Query

Object

ConnectDisconnect

Failed Connect

DDLDML+TCL

DCL

DatabaseTables

TimestampHostUser

Session

Security Vulnerabilities

https://mariadb.com/kb/en/mariadb/security/

14

Get notified by watching this page.

Galera is now inside MariaDB Enterprise 10.1

■ The MariaDB Server and MariaDB Galera Server

packages have been combined

■ Galera packages and their dependencies get

installed automatically

■ The Galera parts remain dormant until

configured, like a plugin or storage engine

■ Enterprise support services for the Galera Cluster

functionality are included in MariaDB Enterprise

Cluster subscription

15

High Availability

More information on Enterprise & Galera

To : Try to replicate any transaction in

parallel, as long as a transaction can be

rolled back and re-tried (eg. InnoDB/XtraDB

DML).

■ If there are no conflicts, then great,

parallelism will be improved.

■ If there is a conflict, the enforced

commit order will cause it to be

detected as a deadlock, and the later

transaction will be rolled back and

retried.

More information on optimistic replication

16

Replication Scalability EnhancementOptimistic parallel replication – all

transactions will be considered to be run in

parallel, giving another performance boost in

master-to-slave replication

Moving from : only run in parallel

transactions that were known to be able to

safely replicate in parallel.

InnoDB/XtraDB Page Compression

■ Alternative to compress tables different (but similar) to the InnoDB COMPRESSED storage format

● InnoDB Compressed stores : both uncompressed and compressed pages in the buffer pool

● Page Compression, stores only uncompressed pages

17

Performance - InnoDB

InnoDB Defragmentation

■ Deleted records can create gaps on pages

■ No new SQL literals needed and changes to the server needed

● OPTIMIZE TABLE is used

Optimizer enhancements including EXPLAIN JSON and EXPLAIN ANALYZE (with FORMAT=JSON)

■ ANALYZE statement provides output that looks like EXPLAIN output, but also is includes data from the query execution

■ ANALYZE FORMAT=JSON produces detailed information about the statement execution

New Service: MariaDB Security Audit

18

Evaluate and address database security policies, technologies, and practices

■ Review of your database security needs and requirements

■ Access control assessment

■ Automated attack protection review

■ Encryption tools and practices

■ Forensic capabilities review

■ Ongoing compliance and security planning

Fully leverage MariaDB’s security

capabilities

Reduce legal, financial, and brand

reputation risk

Please refer to the MariaDB Enterprise Installation Guide for additional details.19

How do I Evaluate MariaDB Enterprise?1. Go to mariadb.com

2. Login or Sign up

3. Click “My Portal”

4. Click on the Downloads tab

5. Either use our repository or download directly

New Service: MariaDB Security Audit

20

Evaluate and address database security policies, technologies, and practices

■ Review of your database security needs and requirements

■ Access control assessment

■ Automated attack protection review

■ Encryption tools and practices

■ Forensic capabilities review

■ Ongoing compliance and security planning

Fully leverage MariaDB’s security

capabilities

Reduce legal, financial, and brand

reputation risk

21

Q&AWe will send you those

slides and this video after this webinar.

Password validation plugin API https://mariadb.com/kb/en/mariadb/password-validation/

simple_password_check plugin https://mariadb.com/kb/en/mariadb/simple_password_check/

cracklib_password_check plugin https://mariadb.com/kb/en/mariadb/cracklib_password_check/

PAM-Authentication Plugin https://mariadb.com/kb/en/mariadb/pam-authentication-plugin/

Kerberos-Authentication https://mariadb.com/kb/en/mariadb/gssapi-authentication-plugin/

MaxScale Firewall https://mariadb.com/.../mariadb-enterprise/mariadb-maxscale/maxscale-database-firewall-filter/

MaxScale Dos protection https://mariadb.com/products/mariadb-maxscale/mariadb-maxscale-security

Connectors https://mariadb.com/kb/en/mariadb/client-libraries/

Encryption Functions https://mariadb.com/kb/en/mariadb/encryption-hashing-and-compression-functions/

Data-at-Rest Encryption https://mariadb.com/kb/en/mariadb/data-at-rest-encryption/

Download page: https://mariadb.com/my_portal/download

Audit Plugin https://mariadb.com/kb/en/mariadb/about-the-mariadb-audit-plugin/

Security Vulnerabilities fixed https://mariadb.com/kb/en/mariadb/security/

Enterprise & Galera https://mariadb.com/products/mariadb-enterprise-cluster

Optimistic replication https://mariadb.com/.../parallel-replication/#optimistic-mode-of-in-order-parallel-replication

Page Compression https://mariadb.com/kb/en/mariadb/compression/

InnoDB compressed storage format https://mariadb.com/kb/en/xtradbinnodb-storage-formats/#compressed22

MariaDB Enterprise: Webinar links

Product page: https://mariadb.com/products/mariadb-enterprise

Product FAQ: https://mariadb.com/products/product-faqs

Product comparison: https://mariadb.com/products/subscription-plans

Download page: https://mariadb.com/my_portal/download

Technical documentation: https://mariadb.com/kb/en/mariadb-enterprise/

Docker image: https://mariadb.com/kb/en/mariadb-enterprise/mariadb-enterprise-in-docker/

Chef Cookbook: https://mariadb.com/kb/en/mariadb-enterprise/mariadb-enterprise-chef-cookbook/

Notification Service: https://mariadb.com/.../mariadb-enterprise-notification-service-setup-guide/

Microsoft Azure: https://mariadb.com/.../mariadb-enterprise-cluster-in-azure-quick-guide/

23

MariaDB Enterprise: Additional Resources

Thank YouNishant Vyas, MariaDB Head of Product and Strategy

nishant.vyas@mariadb.com

24

* 25*