Download Oracle Database Lifecycle Management

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
page
30
page
31
page
32
page
33
page
34
page
35
page
36
page
37
page
38
page
39
page
40
page
41
page
42
Document related concepts

Concurrency control wikipedia , lookup

Database wikipedia , lookup

Database model wikipedia , lookup

Clusterpoint wikipedia , lookup

PL/SQL wikipedia , lookup

Object-relational impedance mismatch wikipedia , lookup

Navitaire Inc v Easyjet Airline Co. and BulletProof Technologies, Inc. wikipedia , lookup

Oracle Database wikipedia , lookup

Transcript 
OracleDatabaseLifecycleManagement
DatabaseSTIGCompliance
BobBun6ng
MasterPrincipalSo;wareConsultant
OraclePublicSectorSo;ware
[email protected]
Copyright©2014Oracleand/oritsaffiliates.Allrightsreserved.|
Oracle Safe Harbor Statement
The following is intended to outline our general
product direction. It is intended for information
purposes only, and may not be incorporated into any
contract. It is not a commitment to deliver any
material, code, or functionality, and should not be
relied upon in making purchasing decisions.
The development, release, and timing of any features
or functionality described for Oracle’s products
remains at the sole discretion of Oracle.
2
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
Topics
•  Oracle Enterprise Manager Overview
–  Introduction and Overview
–  Architecture
•  Oracle Database Lifecycle Management Pack and STIG
•  Monitoring and Managing STIG Compliance Demo
•  Creating Custom Standards and Adding Rules
•  Enterprise Manager Reporting
•  Self Update
•  Database Lifecycle Management Pack Summary
•  More Discussion and Q&A
3
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
TotalCloudControl
CompleteCloudLifecycle
Management
Self-ServiceIT
IntegratedCloudStack
Management
| SimpleandAutomated
Business-DrivenApplica6on
Management
|
Copyright©2014Oracleand/oritsaffiliates.Allrightsreserved.|
BusinessDriven
Efficiency:End-to-EndManagement
EnterpriseManager
Management
insideeach
layer
ü Performance&Availability
ü ConfiguraPonManagement
ü LifecycleManagement
ü QualityManagement
ü MyOracleSupport
Management
acrosslayers
Copyright©2014Oracleand/oritsaffiliates.Allrightsreserved.|
5
Efficiency:ApplicaPonsManagement
Deep,Integrated,Business-Driven
•  ApplicaPon-centricperformance,
userexperience,configuraPon
andlifecyclemanagement
•  Integratedbusiness-ITview
•  Integratedwithfull-stack
managementcapabiliPes
Op6mizedfor:FusionApplicaPons,e-Business
suite,Siebel,PeopleSo[,JDE,ORCLverPcalapps
Copyright©2014Oracleand/oritsaffiliates.Allrightsreserved.| OracleConfidenPal–Internal/Restricted/HighlyRestricted
6
Efficiency:MiddlewareManagement
Deep,Integrated,Zero-Overhead
•  Cross-TierJavaDiagnosPcs
•  SOAGovernance
•  ConfiguraPonandLifecycle
Managementforlargeestates
•  EncouragesDevOpsiniPaPves
Op6mizedfor:WebLogic,SOA,WebCenter,IdM,
BI,Coherence,GoldenGate,Exalogic,ExalyPcs
Copyright©2014Oracleand/oritsaffiliates.Allrightsreserved.| OracleConfidenPal–Internal/Restricted/HighlyRestricted
7
Efficiency:DatabaseManagement
Industry-Leading,Built-In
•  “Alwayson”diagnosPcs
•  Guidedanalysisandself-tuning
•  AutomatedCompliance,
Provisioning,Patching,Upgrades
•  DataSecurity,Masking,Subsecng
Op6mizedfor:Database,Exadata,Database
Appliance,BigDataAppliance
Copyright©2014Oracleand/oritsaffiliates.Allrightsreserved.| OracleConfidenPal–Internal/Restricted/HighlyRestricted
8
Efficiency:InfrastructureManagement
TightlyCoupled,Large-ScaleAutoma@on
•  MaximizeDataCenterEfficiency
•  ControlVirtualizaPonSprawl
•  PatchOS,UpdateFirmware,
MaintainCompliance
•  MyOracleSupport“PhoneHome”&
RemoteAdministraPon
Op6mizedfor:OracleVM,Solaris,OracleLinux,
SuperCluster,EngineeredSystems,SunSystems
Copyright©2014Oracleand/oritsaffiliates.Allrightsreserved.| OracleConfidenPal–Internal/Restricted/HighlyRestricted
9
Efficiency:EnterpriseManagerEcosystem
DeliveringProductsandServicesfortheCloud
145+Extensions
• OracleEnterpriseManager
ExtensibilityExchange
• NewExtensibilityDevelopmentKit
andPartner-BuiltPlug-Ins
800+Partners
•  EnterpriseManagement
SpecializaPon
•  ApplicaPonQualityManagement
SpecializaPon
Copyright©2014Oracleand/oritsaffiliates.Allrightsreserved.|
10
EM 12c: Database Lifecycle Management
Discovery and Initial
Provisioning
Discover Assets and Provision Software on
them
Ongoing
Change
Management
End to End Management of patches,
upgrades, and schema changes
Continuous
Configuration and
Compliance
Management
Track inventory, configuration drifts and
compliance
Copyright©2014Oracleand/oritsaffiliates.Allrightsreserved.
NISTRiskManagementFramework(RMF)
•  CategorizeinformaPonandinformaPonsystems
Categorizethe
InformaPon
System
–  FIPS199,NISTSP800-60
•  Selectappropriatesecuritycontrols
MonitorSecurity
Controls
(ConPnuous)
SelectSecurity
Controls
–  FIPS200,NISTSP800-53,CNSSI1253,DISASRG
•  ImplementsecuritycontrolsintheinformaPonsystem
–  NISTSP800Series,DISASTIG
•  AssesstheeffecPvenessofthesecuritycontrols
–  NISTSP800-53A,DISASTIG
Authorize
InformaPon
System
Implement
SecurityControls
Assess
SecurityControls
•  AuthorizetheinformaPonsystemforprocessing
–  NISTSP800-37
•  MonitorthesecuritycontrolsonaconPnuousbasis
–  NISTSP800-137and800-53A,DISASTIG
Reference:hnp://csrc.nist.gov/groups/SMA/fisma/framework.html
Copyright©2015Oracleand/oritsaffiliates.Allrightsreserved.|
12
ConPnuousComplianceHasBroadApplicability
Copyright©2015Oracleand/oritsaffiliates.Allrightsreserved.|
13
ApprovedSTIGsforOracleTechnologies
•  OracleDatabase11gR1
•  OracleDatabase11gR2
Version8,Release1.12
Version1,Release2
•  OracleWebLogicServer12c Version1,Release1
•  OracleLinux5 •  OracleLinux6 Version1,Release1
Version1,Release1
•  OracleSolaris10
Version1,Release10
•  OracleSolaris11
•  OracleDatabase12cR1
Version1,Release2
Version1,Release1
•  OracleHTTPServer12c
Planned
Copyright©2015Oracleand/oritsaffiliates.Allrightsreserved.| OracleConfidenPal–InternalUseOnly
14
14
OracleEnterpriseManager
Lifecycle(Con6nuous)Compliance
ConPnuous
ConfiguraPon
Monitoring
Real-TimeFile
IntegrityMonitoring
CloudScale
Readytouse
Standards
Copyright©2015Oracleand/oritsaffiliates.Allrightsreserved.| OracleConfidenPal–Internal/Restricted/HighlyRestricted
15
15
EnterpriseManagerArchitecture
My Oracle Support
Offline Mode (direct connect to support)
Option to Manually Push Agents
Host 1
Agent
Oracle and 3rd Party Plug-Ins
Database, WebLogic, Fusion Apps, …
DB
Plug-In
Configuration discovery,
comparison and topology
Job system, scheduling and
blackouts
Database
Auto-Push
Management Services
Metric collection, thresholds,
notification
User authentication and access
control
Oracle Enterprise Manager
Components
16
Copyright © 2012, Oracle and/or its affiliates. All rights reserved.
WLS
Plug-In
Extensible Framework
Web Logic
Host 2
Agent
WLS
Plug-In
WebLogic
FA
Plug-In
Fusion
Apps
ComplianceManagement
EnsurealltheDatabasesarecompliant
WithoutEnterpriseManager
Lengthymanualauditsof
configura6on,repeatedeachaudit
period
ChallengesandProblems
EnterpriseManager12cSolu6ons
OutoftheBoxComplianceLibrary
MonitorandManageCompliance
HighCost
HighRisk
AdheretoComplianceandGenerate
Reports
Copyright©2014Oracleand/oritsaffiliates.Allrightsreserved.
• 
ComplianceFramework–ReusableHierarchy
ComplianceFramework
–  CollecPonofComplianceStandards
ComplianceManager,
–  ComplianceStandardscanbeofdifferentTarget
SecurityAuditors
Types
–  MapConfiguraPonStandardstoreal-worldstructure
ofComplianceFrameworks(PCI,COBIT,HIPAA,CIS,
etc)
•  ComplianceStandard
ComplianceFrameworks
ComplianceStandards
–  CollecPonofComplianceRules
–  SpecifictoSingleTargetType
•  ComplianceRule
–  DiscreetCheckorTest
–  SpecifictoTargetType
DBAs,Admins,
ITManagers
–  ResultsinViolaPon
Copyright©2014Oracleand/oritsaffiliates.Allrightsreserved.
ComplianceRules
ComplianceValidaPon–MulPpleOpPons
ValidateCollected
Configura6oninEM
Repository
•  RepositoryRule
–  Evaluatedagainstrepositorydata
–  ValidatedwhentargetconfiguraPonchanges
•  Real-PmeRule
–  DetecPonofrealPmeacPviPes(fileacPons,
schemaacPons,processacPons)
CaptureChangesin
RealTimeusingEM
Agent
–  DetecPonof“unauthorized”changesthrough
automatedcorrelaPonagainstChange
Management
•  Agent-SideRule
–  TightIntegraPonwithConfiguraPonExtensions
–  ValidaPonlogiconlyreturnsviolaPons
–  Recommendedforcustomcompliance
Agent-Side
Checkexecutedby
EMAgent
Copyright©2014Oracleand/oritsaffiliates.Allrightsreserved.
OracleProvidedDBComplianceContent
ComplianceStandards
–  ClusterDatabase
–  PluggableDatabase(NEW)
•  StorageBestPracPcesforPluggableDatabase
•  ConfiguraPonBestPracPcesforPluggableDatabase
•  BasicSecurityConfiguraPonforPluggableDatabase
–  SingleInstanceDatabaseInstance(andRAC
Instance)
• 
• 
• 
• 
• 
• 
• 
• 
• 
DISASecurityTechnicalImplementaPonGuide(STIG)V1.8
CerPficaPonforOracleDatabase
StorageBestPracPcesforOracleDatabase
ConfiguraPonBestPracPcesforOracleDatabase
BasicSecurityConfiguraPonforOracleDatabase
HighSecurityConfiguraPonforOracleDatabase
PatchableConfiguraPonforOracleDatabase
StorageBestPracPcesforOracleDatabase
SupportPolicyforOracleDatabase
•  DISASecurityTechnicalImplementaPonGuide(STIG)V1.8
•  BasicSecurityConfiguraPonforOracleClusterDatabase
Instance
•  HighSecurityConfiguraPonforOracleClusterDatabase
Instance
•  CerPficaPonforRACDatabase
•  ConfiguraPonBestPracPcesforOracleRACDatabase
•  PatchableConfiguraPonforRACDatabase
•  StorageBestPracPcesforOracleRACDatabase
•  SupportPolicyforRACDatabase
–  Listener
•  BasicSecurityConfiguraPonforOracleListener
•  HighSecurityConfiguraPonforOracleListener
400+
IndividualComplianceRules
Copyright©2014Oracleand/oritsaffiliates.Allrightsreserved.
ImprovingRequirementsTraceability
Map
Technical
Controls
ToPolicy
Source:DODDefenseInformaPonSystemsAgency
Copyright©2014Oracleand/oritsaffiliates.Allrightsreserved.
OracleProvidedOracleDB11gSTIGStandard
§  Includes both Oracle Database
and Oracle Home Checklists
§  Almost all “Scripted” defined
checks have been automated.
§  ~20% Manual/Interview checks
automated.
§  Remaining require manual
Attestation.
Copyright©2014Oracleand/oritsaffiliates.Allrightsreserved.
BothOracleDatabaseandOracleHomeChecks
Copyright©2014Oracleand/oritsaffiliates.Allrightsreserved.
QueriesmirrorSTIGChecklist
Copyright©2014Oracleand/oritsaffiliates.Allrightsreserved.
SummaryReporPng
§  Results viewable:
§  Across
Databases
§  For single DB
§  For single
Check
§  Historical trend and
score information
Copyright©2014Oracleand/oritsaffiliates.Allrightsreserved.
PermanentlyorTemporarilySuppressFindings
§  Finding ( Violations) can be
permanently or temporarily
suppressed
§  Allows Exception
§  Grace Periods
§  Suppressed Violations no longer
degrade score
§  Can still be reported on
§  User and reason captured
Copyright©2014Oracleand/oritsaffiliates.Allrightsreserved.
Non-AutomatableChecksRequireAnestaPon
§  Non-Automatable checks ( Manual )
must be manually cleared
( Attested ) after initial association
§  Permanent or Temporarily
§  User and reason captured
Copyright©2014Oracleand/oritsaffiliates.Allrightsreserved.
Copyright©2014Oracleand/oritsaffiliates.Allrightsreserved.
RefreshCollecPon
Copyright©2014Oracleand/oritsaffiliates.Allrightsreserved.
CustomizeRulesforYourEnvironmentLabSteps
•  Createacustomcompliancestandard–CREATELIKE
– Removesomerules
– Addrules
Copyright©2014Oracleand/oritsaffiliates.Allrightsreserved. OracleConfidenPal–Internal/Restricted/HighlyRestricted
30
CustomizeRulesforYourEnvironmentLabSteps
•  AddConfiguraPonExtensions
•  TestandPreview
Copyright©2014Oracleand/oritsaffiliates.Allrightsreserved. OracleConfidenPal–Internal/Restricted/HighlyRestricted
31
CustomizeRulesforYourEnvironmentLabSteps
•  CreateanAgentSideRules
•  Testtherules
•  AddRuletotheCustomStandard
Copyright©2014Oracleand/oritsaffiliates.Allrightsreserved. OracleConfidenPal–Internal/Restricted/HighlyRestricted
32
•  AssociateTarget
•  ReviewinDashboard
Copyright©2014Oracleand/oritsaffiliates.Allrightsreserved. OracleConfidenPal–Internal/Restricted/HighlyRestricted
33
Copyright©2014Oracleand/oritsaffiliates.Allrightsreserved.
OpPonalLabExercises
•  IncidentManagement
– CreateanIncidentRuletocreateanIncidentfromanEvent
– AddCommentsandnotestotheIncident
– ClosetheIncident
•  PerformtheintegraPonwithBIPublisher
– Loginandrunreports
– ExperimentwithcreaPngyourownreports
Copyright©2014Oracleand/oritsaffiliates.Allrightsreserved.
CreateaIncidentRuleSet
Setup->Incidents-IncidentRules
Copyright©2014Oracleand/oritsaffiliates.Allrightsreserved. OracleConfidenPal–Internal/Restricted/HighlyRestricted
36
CreatetheRuletoCreateorUpdatetheIncident
Copyright©2014Oracleand/oritsaffiliates.Allrightsreserved. OracleConfidenPal–Internal/Restricted/HighlyRestricted
37
ReviewandCommentontheIncidents
Copyright©2014Oracleand/oritsaffiliates.Allrightsreserved. OracleConfidenPal–Internal/Restricted/HighlyRestricted
38
Copyright©2014Oracleand/oritsaffiliates.Allrightsreserved.
Copyright©2014Oracleand/oritsaffiliates.Allrightsreserved.
Ques6ons
Copyright©2014Oracleand/oritsaffiliates.Allrightsreserved.
Copyright©2014Oracleand/oritsaffiliates.Allrightsreserved.
Related documents
Slide 1
Slide 1
Course flyer
Course flyer
Exam preparation session
Exam preparation session
Lab PowerPoint - Personal Web Pages
Lab PowerPoint - Personal Web Pages
Oracle vs. SQL Server
Oracle vs. SQL Server
Database Modeling and Implementation
Database Modeling and Implementation
the art of parallel heterogeneous data transformation
the art of parallel heterogeneous data transformation
Jerry Held
Jerry Held
Finding Petroleum - Oracle
Finding Petroleum - Oracle
Downlaod File
Downlaod File
Oracle Enterprise Manager
Oracle Enterprise Manager
IMS Maxims – Multinational Company
IMS Maxims – Multinational Company
Database Analyst - BC Public Service
Database Analyst - BC Public Service
Waters Corporation
Waters Corporation