mariadb enterprise spring 2016 release
TRANSCRIPT
3
MariaDB
Maria%Luisa%Raviol,%MariaDB%Senior%Sales%Engineer%%
Enterprise Spring 2016
4
Our Objectives for MariaDB Enterprise
Enable$you$to$quickly$deliver$new$applica&ons$and$
func&onality$that$generate$business$value$
Make$it$easy$to$meet$the$up&me$and$performance$
needs$of$your$applica&on$while$opera&ng$efficiently$
Protect$data$against$security,$$regulatory,$and$
opera&onal$risks$
1. 2. 3.
5
MariaDB Enterprise: Packaged Enterprise RDBMS 1. Based%on%MariaDB%open%source%project%2. OpVmized%binaries%3. MariaDB%MaxScale%4. Robust%technical%services%and%support%5. ProducVvity%tools%6. Customer%Portal%7. 24x7%support%8. OpVonal%ConsulVng%and%RemoteDBA%services%
MariaDB Enterprise
MariaDB Enterprise Cluster ▪ Advanced,%mulV\master%clustering%%▪ Expert%support%%for%demanding%producVon%applicaVons%
Security Stack$$• Data\at\Rest%EncrypVon%
• Database%Firewall%
• Password%ValidaVon%and%more%
High Availability
• Built\in%Galera%Cluster%
Scalability • New%ReplicaVon%Methods%%%
Performance • InnoDB%Page%Compression%
• DefragmentaVon%
MariaDB Enterprise Spring 2016
Detect and Prevent Attacks - Unauthorized Access - Denial of Service - SQL Injections
Protect Data with Encryption Native Mode Encryption protects data at rest
Audit for Forensics and Compliance
MariaDB$10
.1$
InnoDB$/
$
XtraDB$
Aria$
Benefit from Community Protection
SSL Encryption protects data in motion
MariaDB Enterprise Security
Password$Valida&on$$
With%MariaDB%Enterprise%10.1%and%the%password$valida&on$plugin$API%it%is%possible%to%load%plugins%to%verify%a%password%against:%
■ simple_password_check$plugin%%Enforce%a%minimum%password%length%and%type/number%of%characters%to%be%used%%
■ cracklib_password_check$plugin%A%widely%used%library.%Stop%users%from%choosing%easy%to%guess%passwords.%Includes%checks%for%not%allowing%passwords%based%on%username%or%a%dicVonary%word.%
%
External$Authen&ca&on$$
Single%Sign%On%is%gecng%mandatory%in%most%Enterprises.%%
■ PAM`Authen&ca&on$Plugin%allows%using%/etc/shadow%and%any%PAM%based%authenVcaVon%like%LDAP%
■ Kerberos`Authen&ca&on%as%a%standardized%network%authenVcaVon%protocol%is%provided%GSSAPI%based%on%UNIX%and%SSPI%based%on%Windows%%%
%8
Security - Accessibility
Database$Firewall$$
MariaDB%MaxScale%Firewall%%
■ Protects%against%SQL%injecVon%■ Prevents%unauthorized%user%access%and%
data%damage%%■ White\list%or%Black\list%Queries%■ Queries%that%match%a%set%of%rules%■ Queries%matching%rules%for%specified%users%
■ Queries%that%match%certain%pagerns,%columns,%statement%types%
■ MulVple%ordered%rule%%
%
Denial$of$Service$aRack$protec&on$$
MariaDB%MaxScale%Persistent%ConnecVons%
■ Protect%against%connecVon%surge%■ Thwart%DDoS%agacks%
%%■ Cache%the%connecVons%from%MaxScale%to%the%
database%server%■ rate%limitaVon%
■ client%mulVplexing%
%
9
Security - Accessibility
More information on the Firewall More information on the DoS protection
Secured$Connec&ons$$
■ Data\In\MoVon%encrypVon%by%using%SSL%ConnecVons%based%on%the%TLSv1.2%Protocol%
■ Between%MariaDB%Connectors%and%Server%%
■ Between%MariaDB%Connectors%and%MaxScale%
■ SSL%can%also%be%enabled%for%the%replicaVon%channel%
%
Encryp&on$Func&ons$$
■ MariaDB%Enterprise%Server%provides%EncrypVon%FuncVons%for%selecVve%Data\In\Use%EncrypVon.%As%EncrypVon%FuncVons%needs%to%be%called%by%the%applicaVon%inside%of%SQL%Statements,%ApplicaVons%have%full%control%when%data%is%encrypted.%
■ EncrypVon%funcVons%are%based%on%the%AES%(Advanced%EncrypVon%Standard)%or%DES%(Data%EncrypVon%Standard)%algorithm.%
10
Security - Encryption
More information on the Connectors & SSL More information on those functions
Data`at`Rest$Encryp&on$$
MariaDB%has%leveraged%community%contribuVons%and%the%company’s%engineering%talent%to%provide%Data%at%rest%encrypVon:%
■ It%encrypts%table$or$tables$spaces%as%well%as%log$files%to%assure%end%user%data%are%always%secured,%without%relying%on%the%encrypVon%capabiliVes%of%the%applicaVons%accessing%the%database%
■ The%encrypVon%is%based%on%encrypVon%keys,%key%ids,%key%rotaVon%and%key%versioning%%
%
Key$Management$Services$
■ The%encrypVon%plugin%API%allows%a%plugin%to%implement%the%actual%data%encrypVon,%but%also%the%key%management%to%be%used.%
■ The%plugin%file_key_management%included%in%MariaDB%Enterprise%Server%to%provide%a%simple%key%management%
■ MariaDB%Enterprise%also%comes%with%the%Amazon$AWS$KMS$Plugin%as%well%as%the%Eperi$KMS%(opVonal)%for%on%premise%key%management%using%the%Eperi%Plugin,%the%Eperi%Gateway%%
○ and%if%requested%a%Hardware%Security%Module%%%11
Security - Encryption
More information on the Encryption functions
MariaDB$Audit$Plugin$$
Enable%you%to%audit%server%acVvity,%bringing%both%security%and%compliance%to%your%business%
■ Logs%server%acVvity:%who%connected%to%the%server%and%from%where,%what%queries%were%executed,%and%what%tables%were%touched.%
■ A%file%based%or%syslog%based%logging%is%available%
Security - Auditing
12 More information on the Audit Plugin
Connection
Query
Object
Connect Disconnect
Failed Connect
DDL DML+TCL
DCL
Database Tables
Timestamp Host User
Session
Security Vulnerabilities
hgps://mariadb.com/kb/en/mariadb/security/%
%
13
Get notified by watching this page.
Galera$is$now$inside$MariaDB$Enterprise$10.1$$
■ The%MariaDB%Server%and%MariaDB%Galera%Server%packages%have%been%combined%
■ Galera%packages%and%their%dependencies%get%installed%automaVcally%
■ The%Galera%parts%remain%dormant%unVl%configured,%like%a%plugin%or%storage%engine%
■ Enterprise%support%services%for%the%Galera%Cluster%funcVonality%are%included%in%MariaDB%Enterprise%Cluster%subscripVon%
%
%
14
High Availability
More information on Enterprise & Galera
To$:%Try%to%replicate%any$transacVon%in%parallel,%as%long%as%a%transacVon%can$be$rolled$back$and$re`tried$(eg.%InnoDB/XtraDB%DML).%%
■ If%there%are%no%conflicts,%then%great,%parallelism%will%be%improved.%%
■ If%there%is%a%conflict,%the%enforced%commit%order%will%cause%it%to%be%detected%as%a%deadlock,%and%the%later%transacVon%will%be%rolled%back%and%retried.%
More%informaVon%on%opVmisVc%replicaVon%15
Scalability Enhancement OpVmisVc%parallel%replicaVon%–%all%transacVons%will%be%considered%to%be%run%in%parallel,%giving%another%performance%boost%in%master\to\slave%replicaVon%
Moving$from$:%only$run$in%parallel%transacVons%that%were%known%to%be%able%to%safely$replicate$in$parallel.%
%
%
InnoDB/XtraDB$Page$Compression$$
■ AlternaVve%to%compress%tables%different%(but%similar)%to%the%InnoDB%COMPRESSED%storage%format%%
● InnoDB%Compressed%stores%:%both%uncompressed%and%compressed%pages%in%the%buffer%pool%
● Page%Compression,%%stores%only%uncompressed%pages%%
16
Performance - InnoDB InnoDB$Defragmenta&on$
■ Deleted%records%can%create%gaps%on%pages%
■ No%new%SQL%literals%needed%and%changes%to%the%server%needed%
● OPTIMIZE$TABLE%is%used%
Op&mizer$enhancements$including$EXPLAIN$JSON$
and$EXPLAIN$ANALYZE$(with$FORMAT=JSON)$
■ ANALYZE$statement%provides%output%that%looks%like%EXPLAIN%output,%but%also%is%includes%data%from%the%query%execuVon%
■ ANALYZE$FORMAT=JSON%produces%detailed%informaVon%about%the%statement%execuVon%
New Service: MariaDB Security Audit
17
Evaluate$and$address$database$security$policies,$technologies,$and$prac&ces$
■ Review%of%your%database%security%needs%and%requirements%■ Access%control%assessment%■ Automated%agack%protecVon%review%■ EncrypVon%tools%and%pracVces%
■ Forensic%capabiliVes%review%■ Ongoing%compliance%and%security%planning%%
Fully$leverage$
MariaDB’s$security$
capabili&es$
Reduce$legal,$
financial,$and$brand$
reputa&on$risk$
Please%refer%to%the%MariaDB%Enterprise%InstallaVon%Guide%for%addiVonal%details.% 18
How do I Evaluate MariaDB Enterprise? 1. Go%to%mariadb.com%2. Login%or%Sign%up%%3. Click%“My%Portal”%4. Click%on%the%Downloads%tab%5. Either%use%our%repository%or%download%directly%
MariaDB Enterprise
19
More$secure$by$default$
■ “root”%user%uses%unix_socket%authenVcaVon%by%default%
■ cracklib%password%validaVon%plugin%enabled%by%default%
■ No%more%anonymous%users%
■ No%more%“test”%database%
Encryp&on$
■ Amazon%Web%Services%(AWS)%Key%Management%Service%(KMS)%plugin%■ eperi%gateway%plugin%■ Improved%SSL%support%in%MariaDB%MaxScale%
New Service: MariaDB Security Audit
20
Evaluate$and$address$database$security$policies,$technologies,$and$prac&ces$
■ Review%of%your%database%security%needs%and%requirements%■ Access%control%assessment%■ Automated%agack%protecVon%review%■ EncrypVon%tools%and%pracVces%
■ Forensic%capabiliVes%review%■ Ongoing%compliance%and%security%planning%%
Fully$leverage$
MariaDB’s$security$
capabili&es$
Reduce$legal,$
financial,$and$brand$
reputa&on$risk$
MariaDB$Roadshow$2016$
%Milano, 8. June 2016 bit.ly/1s4KQeN or: mariadb.com/roadshow-2016
22
Q&A
We will send you those slides and this video
after this webinar.
Password%validaVon%plugin%API % %https://mariadb.com/kb/en/mariadb/password-validation/ simple_password_check%plugin % %hgps://mariadb.com/kb/en/mariadb/simple_password_check/%cracklib_password_check%plugin% %hgps://mariadb.com/kb/en/mariadb/cracklib_password_check/%PAM\AuthenVcaVon%Plugin % %hgps://mariadb.com/kb/en/mariadb/pam\authenVcaVon\plugin/%Kerberos\AuthenVcaVon % %hgps://mariadb.com/kb/en/mariadb/gssapi\authenVcaVon\plugin/%
MaxScale%Firewall % %hgps://mariadb.com/.../mariadb\enterprise/mariadb\maxscale/maxscale\database\firewall\filter/%MaxScale%Dos%protecVon % %hgps://mariadb.com/products/mariadb\maxscale/mariadb\maxscale\security%Connectors % % %hgps://mariadb.com/kb/en/mariadb/client\libraries/%
EncrypVon%FuncVons% % %hgps://mariadb.com/kb/en/mariadb/encrypVon\hashing\and\compression\funcVons/%Data\at\Rest%EncrypVon % %hgps://mariadb.com/kb/en/mariadb/data\at\rest\encrypVon/%Download%page: % %hgps://mariadb.com/my_portal/download%
Audit%Plugin % % %hgps://mariadb.com/kb/en/mariadb/about\the\mariadb\audit\plugin/%Security%VulnerabiliVes%fixed % %hgps://mariadb.com/kb/en/mariadb/security/%Enterprise%&%Galera % %hgps://mariadb.com/products/mariadb\enterprise\cluster%OpVmisVc%replicaVon % %hgps://mariadb.com/.../parallel\replicaVon/#opVmisVc\mode\of\in\order\parallel\replicaVon%Page%Compression % %hgps://mariadb.com/kb/en/mariadb/compression/%
InnoDB%compressed%storage%format %hgps://mariadb.com/kb/en/xtradbinnodb\storage\formats/#compressed%
23
MariaDB Enterprise: Webinar links
Product%page: % % %hgps://mariadb.com/products/mariadb\enterprise%
Product%FAQ: % % %hgps://mariadb.com/products/product\faqs%
Product%comparison:% % %hgps://mariadb.com/products/subscripVon\plans%
Download%page: % %hgps://mariadb.com/my_portal/download%
%
Technical%documentaVon: %hgps://mariadb.com/kb/en/mariadb\enterprise/%
Docker%image:% %hgps://mariadb.com/kb/en/mariadb\enterprise/mariadb\enterprise\in\docker/%
Chef%Cookbook: %hgps://mariadb.com/kb/en/mariadb\enterprise/mariadb\enterprise\chef\cookbook/%
NoVficaVon%Service: %hgps://mariadb.com/.../mariadb\enterprise\noVficaVon\service\setup\guide/%
Microsot%Azure: %hgps://mariadb.com/.../mariadb\enterprise\cluster\in\azure\quick\guide/%
% 24
MariaDB Enterprise: Additional Resources
