database access management
play

Database Access Management Giacomo Tenaglia CERN IT/DB HEPiX - PowerPoint PPT Presentation

Sep 17, 2022 •191 likes •588 views

Database Access Management Giacomo Tenaglia CERN IT/DB HEPiX Spring 2012 CERN IT Department CH-1211 Geneva 23 Switzerland www.cern.ch/ i t Agenda Scenario and requirements DAM: overview Implementation details CERN IT

  1. Database Access Management Giacomo Tenaglia CERN IT/DB HEPiX Spring 2012 CERN IT Department CH-1211 Geneva 23 Switzerland www.cern.ch/ i t

  2. Agenda • Scenario and requirements • DAM: overview • Implementation details CERN IT Department CH-1211 Geneva 23 Database Access Management - G. Tenaglia - HEPiX Spring 2012 Switzerland www.cern.ch/ i t

  3. Scenario • O(100) servers • “Clusters” of 1 to 6 nodes • Access via SSH • High turnover of people – Admins – Users • “Flat” network CERN IT Department CH-1211 Geneva 23 Database Access Management - G. Tenaglia - HEPiX Spring 2012 Switzerland www.cern.ch/ i t

  4. Requirements: DB clusters Database Access Management - G. Tenaglia - HEPiX Spring 2012

  5. Requirements: DB clusters Database Access Management - G. Tenaglia - HEPiX Spring 2012

  6. Requirements: DB clusters Database Access Management - G. Tenaglia - HEPiX Spring 2012

  7. Requirements: Middleware Database Access Management - G. Tenaglia - HEPiX Spring 2012

  8. Requirements: Middleware Database Access Management - G. Tenaglia - HEPiX Spring 2012

  9. Requirements: Middleware Database Access Management - G. Tenaglia - HEPiX Spring 2012

  10. Requirements: Middleware Database Access Management - G. Tenaglia - HEPiX Spring 2012

  11. Requirements: Middleware Database Access Management - G. Tenaglia - HEPiX Spring 2012

  12. Requirements: Middleware Database Access Management - G. Tenaglia - HEPiX Spring 2012

  13. Requirements: Middleware Database Access Management - G. Tenaglia - HEPiX Spring 2012

  14. Requirements • Functional requirements – Group management • Track relationships (“who can access what”) • Membership delegation to group admins • Cluster equivalence – Ease key management – CLI and Web – Use standard CERN IT tools • Security requirements – Revoke access – PKI not shared passwords CERN IT Department CH-1211 Geneva 23 Database Access Management - G. Tenaglia - HEPiX Spring 2012 Switzerland www.cern.ch/ i t

  15. DAM Overview Database Access Management - G. Tenaglia - HEPiX Spring 2012

  16. DAM Overview Database Access Management - G. Tenaglia - HEPiX Spring 2012

  17. DAM Overview Database Access Management - G. Tenaglia - HEPiX Spring 2012

  18. DAM Overview Database Access Management - G. Tenaglia - HEPiX Spring 2012

  19. System Requirements • Database – Currently Oracle, API can be ported • Management Server – Password-less access to managed nodes • LDAP directory with groups (if needed) – Currently e-groups published via LDAP Database Access Management - G. Tenaglia - HEPiX Spring 2012

  20. Interface for Administrators • APEX screenshot Database Access Management - G. Tenaglia - HEPiX Spring 2012

  21. How It Works • APEX screenshot

  22. How It Works • APEX screenshot

  23. Interface for Users • APEX screenshot Database Access Management - G. Tenaglia - HEPiX Spring 2012

  24. How It Works: APEX • APEX screenshot Database Access Management - G. Tenaglia - HEPiX Spring 2012

  25. Interface for Group Admins Database Access Management - G. Tenaglia - HEPiX Spring 2012

  26. How It Works: APEX Database Access Management - G. Tenaglia - HEPiX Spring 2012

  27. Implementation Details • PL/SQL API, Perl, APEX Application • Extensive use of Kerberos – Service keytab on management host • Tested with CERN Security Team – Easier for users than SSH keys • LDAP groups managed by users (“egroups”) Database Access Management - G. Tenaglia - HEPiX Spring 2012

  28. Implementation Details • Parallel “Access refresh” • Source accounts – Generate private keys on the nodes • Managed servers pre-seeding – Integrated in CMS • Revoke public key – Consistency checks upon refresh Database Access Management - G. Tenaglia - HEPiX Spring 2012

  29. How It Works Database Access Management - G. Tenaglia - HEPiX Spring 2012

  30. How It Works Database Access Management - G. Tenaglia - HEPiX Spring 2012

  31. How It Works Database Access Management - G. Tenaglia - HEPiX Spring 2012

  32. How It Works Database Access Management - G. Tenaglia - HEPiX Spring 2012

  33. How It Works Database Access Management - G. Tenaglia - HEPiX Spring 2012

  34. How It Works Database Access Management - G. Tenaglia - HEPiX Spring 2012

  35. How It Works Database Access Management - G. Tenaglia - HEPiX Spring 2012

  36. How It Works Database Access Management - G. Tenaglia - HEPiX Spring 2012

  37. Current usage • 500 servers • 2000 accounts • 5 teams (developers, DBA, sysadmins) • 150 groups CERN IT Department CH-1211 Geneva 23 Database Access Management - G. Tenaglia - HEPiX Spring 2012 Switzerland www.cern.ch/ i t

  38. Summary • DAM helps secure our environment • Key success factor for 11g migration • API and source code could be made available to other sites if interested CERN IT Department CH-1211 Geneva 23 Database Access Management - G. Tenaglia - HEPiX Spring 2012 Switzerland www.cern.ch/ i t

  39. Q&A Thank you! Giacomo.Tenaglia@cern.ch Credits: Alvaro Gonzalez Alvarez Andrea Ieri, Artur Wiecek, Dawid Wojcik Jacek Wojcieszuk CERN IT Department CH-1211 Geneva 23 Database Access Management - G. Tenaglia - HEPiX Spring 2012 Switzerland www.cern.ch/ i t

Recommend

Database Access via Programming Languages 5DV119 Introduction to Database Management Ume a

Database Access via Programming Languages 5DV119 Introduction to Database Management Ume a

Database Access via Programming Languages 5DV119 Introduction to Database Management Ume a University Department of Computing Science Stephen J. Hegner hegner@cs.umu.se http://www.cs.umu.se/~hegner Database Access via Programming

348 views • 20 slides
Database Management System CEN 351 Course Description A database management system (DBMS) is

Database Management System CEN 351 Course Description A database management system (DBMS) is

Database Management System CEN 351 Course Description A database management system (DBMS) is a computer application program designed for the efficient and effective storage, access and update of large volumes of information. This course

399 views • 7 slides
Last Time Why Database Management Systems? IT420: Database Management and High-level

Last Time Why Database Management Systems? IT420: Database Management and High-level

Last Time Why Database Management Systems? IT420: Database Management and High-level abstractions for data access, Organization manipulation, and administration Data integrity and security Performance and scalability Introduction

224 views • 9 slides
CS 61: Database Systems Access via programming languages Agenda 1. Direct database access 2.

CS 61: Database Systems Access via programming languages Agenda 1. Direct database access 2.

CS 61: Database Systems Access via programming languages Agenda 1. Direct database access 2. Web APIs 3. Node.js 2 Python can directly query the database Steps to access MySQL from Python 1. Install connector to MySQL: sudo pip install

578 views • 14 slides
Databases CS111 Part 1 Part 2 Know what a database is. Learning how to use Microsoft Access , a

Databases CS111 Part 1 Part 2 Know what a database is. Learning how to use Microsoft Access , a

Databases CS111 Part 1 Part 2 Know what a database is. Learning how to use Microsoft Access , a database management system Understand why they are useful and when you might want to use one. - Create a database Have a basic understanding of

800 views • 37 slides
Database Management System (DBMS) DBMS contains information about a particular enterprise

Database Management System (DBMS) DBMS contains information about a particular enterprise

Advanced Database System Architectures Advanced Topics in Database Management (INFSCI 2711) Textbook: Database System Concepts - 6 th Edition, 2010 Vladimir Zadorozhny, DINS, SCI University of Pittsburgh 1 Database Management System (DBMS) DBMS

545 views • 20 slides
Database Utilities 10/17/2007 DC/Win Database Utilities Opening Database Utilities From File on

Database Utilities 10/17/2007 DC/Win Database Utilities Opening Database Utilities From File on

Database Utilities 10/17/2007 DC/Win Database Utilities Opening Database Utilities From File on the Menu Bar DC/Win Database Utilities Options Vary Depending on Database Two Types of Databases Sequel (SQL) Database Access Database

460 views • 6 slides
Databases might want to use one. - Create a database Have a basic understanding of how the most

Databases might want to use one. - Create a database Have a basic understanding of how the most

8/05/18 Part 1 Part 2 Know what a database is. Learning how to use Microsoft Access , a database management system Understand why they are useful and when you Databases might want to use one. - Create a database Have a basic understanding

459 views • 10 slides
61A Lecture 33 Announcements Database Management Systems Database Management System Architecture

61A Lecture 33 Announcements Database Management Systems Database Management System Architecture

61A Lecture 33 Announcements Database Management Systems Database Management System Architecture 4 Architecture of a Database System by Hellerstein, Stonebreaker, and Hamilton Query Planning The manner in which tables are filtered, sorted,

208 views • 20 slides
Announcements 61A Lecture 34 Database Management System Architecture Database Management Systems

Announcements 61A Lecture 34 Database Management System Architecture Database Management Systems

Announcements 61A Lecture 34 Database Management System Architecture Database Management Systems 4 Architecture of a Database System by Hellerstein, Stonebreaker, and Hamilton Query Planning The manner in which tables are filtered, sorted,

185 views • 3 slides
Distributed Transaction Management Advanced Topics in Database Management (INFSCI 2711) Some

Distributed Transaction Management Advanced Topics in Database Management (INFSCI 2711) Some

Distributed Transaction Management Advanced Topics in Database Management (INFSCI 2711) Some materials are from Database Management Systems, Ramakrishnan and Gehrke and Database System Concepts, Siberschatz, Korth and Sudarshan and Data

515 views • 24 slides
Database Management Limitations of Relational Database Designs Systems Provides a set of

Database Management Limitations of Relational Database Designs Systems Provides a set of

Lecture 2 Database Management Limitations of Relational Database Designs Systems Provides a set of guidelines, does not result in a unique database schema Winter 2004 Does not provide a way of evaluating alternative schemas CMPUT

387 views • 17 slides
GE 103- Database Management Course Introduction DBMS Database == Data collection managed by a

GE 103- Database Management Course Introduction DBMS Database == Data collection managed by a

Lecture 1 GE 103- Database Management Course Introduction DBMS Database == Data collection managed by a specialized software called a Database Management System (DBMS) Why a whole course in Databases? Banking, ticket reservations, customer

243 views • 20 slides
Wisconsin Project Management Database August 2, 2018 Kathryn Miller WI Office of Rural Health

Wisconsin Project Management Database August 2, 2018 Kathryn Miller WI Office of Rural Health

Wisconsin Project Management Database August 2, 2018 Kathryn Miller WI Office of Rural Health Access Database Housed on a server, which allows for multiple users Used to track Flex and SHIP grants Keeps a historical record of

744 views • 16 slides
Content Management Systems Week 14 LBSC 671 Creating Information Infrastructures Putting the

Content Management Systems Week 14 LBSC 671 Creating Information Infrastructures Putting the

Content Management Systems Week 14 LBSC 671 Creating Information Infrastructures Putting the Pieces Together Web Server Browser Database HTML SQL Query CGI Results HTML Why Database-Generated Pages? Remote access to a database

796 views • 28 slides
Advanced Database Management Systems Database Management Systems Alvaro A A Fernandes School of

Advanced Database Management Systems Database Management Systems Alvaro A A Fernandes School of

Advanced Database Management Systems Database Management Systems Alvaro A A Fernandes School of Computer Science, University of Manchester AAAF (School of CS, Manchester) Advanced DBMSs 2011-2012 1 / 144 Outline Database Management Systems:

2.09k views • 144 slides
Course Topics Database design IT420: Database Management and Relational model

Course Topics Database design IT420: Database Management and Relational model

Course Topics Database design IT420: Database Management and Relational model Organization SQL Normalization PHP MySQL Introduction to PHP Database administration Transaction Processing Data Storage and

310 views • 4 slides
Database Management Course Content Systems Introduction Database Design Theory

Database Management Course Content Systems Introduction Database Design Theory

Database Management Course Content Systems Introduction Database Design Theory Query Processing and Optimisation Winter 2002 Concurrency Control Data Base Recovery and Security CMPUT 391: Spatial Data Management

364 views • 10 slides
Database Management Course Content Systems Introduction Database Design Theory

Database Management Course Content Systems Introduction Database Design Theory

Database Management Course Content Systems Introduction Database Design Theory Query Processing and Optimisation Winter 2003 Concurrency Control Data Base Recovery and Security CMPUT 391: Database Design Theory

256 views • 15 slides
Chapter 11 Transaction Management Concurrent and Consistent Data Access ACID Properties

Chapter 11 Transaction Management Concurrent and Consistent Data Access ACID Properties

Transaction Management Torsten Grust Chapter 11 Transaction Management Concurrent and Consistent Data Access ACID Properties Anomalies Architecture and Implementation of Database Systems The Scheduler Summer 2016 Serializability Query

830 views • 43 slides
Distributed Transaction Management Database Management Systems, 2 nd Edition. R. Ramakrishnan and

Distributed Transaction Management Database Management Systems, 2 nd Edition. R. Ramakrishnan and

Distributed Transaction Management Database Management Systems, 2 nd Edition. R. Ramakrishnan and Johannes Gehrke 1 Distributed Concurrency Control Use global 2PL Or, simply use local Strict 2PL at each site Database Management

294 views • 4 slides
Setting DBMS must allow concurrent access to databases. Database Usage Imagine a bank

Setting DBMS must allow concurrent access to databases. Database Usage Imagine a bank

Setting DBMS must allow concurrent access to databases. Database Usage Imagine a bank where account information is (and Construction) stored in a database not allowing concurrent access. Then only one person could do a Transactions

475 views • 10 slides
Overview Database Security Semantic Integrity Controls Access Control Rules Multilevel

Overview Database Security Semantic Integrity Controls Access Control Rules Multilevel

Overview Database Security Semantic Integrity Controls Access Control Rules Multilevel Secure Databases RBAC in Commercial DBMS Statistical Database Security Simone Fischer-Hbner Applied Security, DAVC17 Relational Database

194 views • 6 slides
Goals Database Administration All large and small databases need database Database

Goals Database Administration All large and small databases need database Database

PHP Miscellaneous $db->insert_id IT420: Database Management and Retrieves the ID generated for an Organization AUTO_INCREMENT column by the previous INSERT query Return value: Managing Multi-user The ID generated for an

140 views • 11 slides

More recommend