geraldv at stanford
Mar 27, 2009, 11:45 AM
Post #3 of 5
(1112 views)
Permalink
|
We had the same issue when moving our pre-production Oracle DB
environments
from FC SAN to NFS on NetApp.
Here's how we handled it:
Traffic isoloation
*dedicated network and interfaces using private IPs with IP network
prevented from leaving using IP ACLs
Traffic separation
*separate vlan for each logical grouping of Oracle systems
(dev/test/uat/prd)
*separate vfiler (using Multistore) for logical grouping
*separate ipspace (using Multistore) for each logical grouping
Conformance to PCI DSS security standards
*Development data is stored on a separate storage system from UAT
and
PRD.
Many folks I talk to considier this overkill, I tend to agree but it
does
make it easier to manage. Multistore results in a separate nfsd for
each
subnet and separate /etc/exports files.
We also use flexclone and delagate clone creation to the DBAs. However
we needed to give them cli-vol* RBAC which has the unfortunate effect
of enabling vol delete in addition to vol clone. We're fixing this by
using ontapi to create a intermediede provisioning layer to disallow
sub-commands.
-=--=-
gerald villabroza <geraldv at stanford.edu>
technical lead, its storage, stanford university
On Mar 27, 2009, at 8:26 AM, Fox, Adam wrote:
> Sounds like a solid plan. Plus since ONTAP-NFS sees the clone as a
> separate volume you only need to export the clone to the less secure
> network.
>
> If you really want to split it security-wise, you could implement
> multistore and assign the clone to a vfiler which is managed
> administratively like a separate box and gives you an even bigger
> firewall. I think that may be overkill, but it's there if you want
> it.
>
>
> -- Adam Fox
> ------------------------
> Typed with my thumbs on a very small keyboard.
>
>
> ----- Original Message -----
> From: Stephen C. Losen <scl[at]sasha.acc.virginia.edu>
> To: toasters[at]mathworks.com <toasters[at]mathworks.com>
> Sent: Fri Mar 27 10:04:56 2009
> Subject: Security best practice question
>
>
> Hello toasters,
>
> Our Oracle admins are replacing their old FC SAN storage and are
> considering going with NetApp and NFS. But they are concerned about
> security.
>
> They are really attracted to flex clone because they would like to
> instantly replicate a database on a secure, firewalled Oracle server,
> run a job to sanitize the clone and then serve the sanitized DB from
> a less secure Oracle server in a DMZ. They are concerned
> that if the DMZ server were hacked, could it be leveraged to gain
> unauthorized NFS access, perhaps by hijacking an IP address?
>
> I have suggested that they set up two separate private data Ethernets,
> one for the secure servers and one for the DMZ servers. Use two
> different
> address blocks (subnets) and plug the netapp into both networks with
> two
> different ethernet ports. That way the netapp would never send data
> exported to the secure servers out the interface for the DMZ servers.
>
> Am I on the right track here? Is this "secure enough"? Is there an
> easier
> way? We don't have any Kerberos infrastructure and we can't sacrifice
> performance, so I think NFSv4 is out.
>
> Steve Losen scl[at]virginia.edu phone: 434-924-0640
>
> University of Virginia ITC Unix Support
|
