-
7/28/2019 Oracle Database Vault for SAP
1/99
IOUG SAP SIGOracle Database Vault for SAP
Kamal Tbeileh, Principal Product Manager, Oracle Database
SecurityAndreas Becker, Principal Member, Oracle/SAP
Development
-
7/28/2019 Oracle Database Vault for SAP
2/99
The following is intended to outline our generalproduct
direction. It is intended for informationpurposes only, and may not
be incorporated into anycontract. It is not a commitment to deliver
anymaterial, code, or functionality, and should not be
relied upon in making purchasing decisions.The development,
release, and timing of anyfeatures or functionality described for
Oraclesproducts remains at the sole discretion of Oracle.
-
7/28/2019 Oracle Database Vault for SAP
3/99
Agenda
Database Vault Overview Realms, Command Rules, and Separation Of
Duty
Database Vault Certification for SAP Project Details
Overview
Technical Details
Best Practices and more
Database Vault Best Practices Database Vault Performance
Numbers
Feedback and Questions
-
7/28/2019 Oracle Database Vault for SAP
4/99
EM Data Masking
TDE Tablespace EncryptionOracle Audit Vault
Oracle Database Vault
Secure Backup (Tape)
TDE Column EncryptionVPD Column Masking
VPD Column Relevant
EM Secure Config Scanning
Client Identity Propagation
Fine Grained Auditing
Oracle Label Security
Proxy authentication
Enterprise User Security
Virtual Private Database (VPD)
Database Encryption API
Strong Authentication
Native Network Encryption
Database Auditing
Government customer
Oracle Database SecurityContinuous Innovation
Oracle7
Oracle8i
Oracle Database 9i
Oracle Database 10g
Oracle Database 11g
-
7/28/2019 Oracle Database Vault for SAP
5/99
Data Security Business Drivers
Regulatory and Privacy Requirements Sarbanes-Oxley (SOX), GLBA,
HIPAA, PCI
Japan, Korea have similar versions of SOX Regulations continue
to expand in global economy
Privacy breach disclosure laws
40+ US States have such laws
EU Data Privacy
Strong IT / Internal Security Controls Customers looking for
real-time preventive controls
Separation of duty
Strong security in outsourcing and off-shoring environments
COSO, ITIL, COBIT frameworks
-
7/28/2019 Oracle Database Vault for SAP
6/99
Customer Security Requirements
Restrict full access of privileged users Restrict access to
application data stored in the database
Separation of duty controls
Easily implement environment based access control User
parameters
Network parameters
Database parameters
Applying on existing and legacy applications Highly
transparent
Minimal performance impact
Less than 5%
-
7/28/2019 Oracle Database Vault for SAP
7/99
Database Vault
Oracle Database Security
Solutions for Privacy and Compliance
DataMasking
Advanced
Security
Label
Security
SecureBackup
AuditVault
ConfigurationManagement
47986 $5%&*
TotalRecall
-
7/28/2019 Oracle Database Vault for SAP
8/99
Oracle Database Vault
Controls on privilegedusers Restrict highly privileged
users from application data
Provide Separation of Duty
Security for database and
information consolidation
Real time access controls Control who, when, where
and how data is accessed Make decision based on IP
address, time, auth
Reports
Protection Realms
Multi-FactorAuthorization
Separation
of Duty
Command
Rules
-
7/28/2019 Oracle Database Vault for SAP
9/99
Oracle Database Vault
Realms
DBA
HR DBA HRHR Realm
HR
Database DBA views HRdata
select * from HR.empCompliance andprotection from insiders
Fin
FIN DBA
HR DBA views Fin. data
Eliminates securityrisks from server
consolidation Fin RealmFin
Realms can be easily applied to existing applicationswith
minimal performance impact
-
7/28/2019 Oracle Database Vault for SAP
10/99
Oracle Database Vault
Transparent Multi-factor Authorization
HR account
FIN DBA
HR
FIN
SELECT .
CREATE
Business hours
Unexpected IP address
-
7/28/2019 Oracle Database Vault for SAP
11/99
Example #1:Protecting application data from
privileged users
-
7/28/2019 Oracle Database Vault for SAP
12/99
-
7/28/2019 Oracle Database Vault for SAP
13/99
-
7/28/2019 Oracle Database Vault for SAP
14/99
Database Vault Administration Page
-
7/28/2019 Oracle Database Vault for SAP
15/99
Step 1. Defining a Realm
-
7/28/2019 Oracle Database Vault for SAP
16/99
Step 2. Adding Protected Schema
-
7/28/2019 Oracle Database Vault for SAP
17/99
-
7/28/2019 Oracle Database Vault for SAP
18/99
-
7/28/2019 Oracle Database Vault for SAP
19/99
Example #2:
Limiting connection from non-application server
IP addresses
-
7/28/2019 Oracle Database Vault for SAP
20/99
Limit Access to Specific IP Addresses
Creating a Command Rule
-
7/28/2019 Oracle Database Vault for SAP
21/99
List of Allowed IP Addresses
-
7/28/2019 Oracle Database Vault for SAP
22/99
Connection Blocked from Other IP
Addresses
-
7/28/2019 Oracle Database Vault for SAP
23/99
Database Vault Certification for SAP
Project Details
Project Overview
Technical Requirements DBV Software and Documentation
DBV Installation Preparation
DBV Installation Steps DBV Configuration Steps
DBV Best practices
DBV Overview of Changes
More advanced configurations
Summary
-
7/28/2019 Oracle Database Vault for SAP
24/99
Project Overview
Technical Requirements DBV Software and Documentation
DBV Installation Preparation
DBV Installation Steps DBV Configuration Steps
DBV Best practices
DBV Overview of Changes
More advanced configurations
Summary
Database Vault Certification for SAP
Project Details
-
7/28/2019 Oracle Database Vault for SAP
25/99
Database Vault Certification for SAP
Project Overview
December 2007 - started First Database Vault Integration and
Evaluation Tests started
Oracle Release 10.2.0.4 Beta DBV 10.2.0.4 Beta Shiphome
SAP NetWeaver (ABAP+Java) on Linux 32bit
May 2008 - continued Oracle Release 10.2.0.4 Beta/DBV 10.2.0.4
Beta Shiphome
SAP NetWeaver (ABAP+Java) on Linux 32bit
SAP NetWeaver (ABAP+Java) on Windows 32bit
August 2008 continued Oracle Release 10.2.0.4 + DBV 10.2.0.4
(Production) SAP NetWeaver (ABAP+Java) on AIX 64Bit
-
7/28/2019 Oracle Database Vault for SAP
26/99
Database Vault Certification for SAP
Project Overview (contd)
August/September 2008 Today Start of Pilot program
Plan:
Pilot program with ~5 pilot customers until end of 2008
2009: DBV Certification for SAP Generally Available
-
7/28/2019 Oracle Database Vault for SAP
27/99
Project Overview
Technical Requirements DBV Software and Documentation
DBV Installation Preparation
DBV Installation Steps
DBV Configuration Steps
DBV Best practices
DBV Overview of Changes
More advanced configurations
Summary
Database Vault Certification for SAP
Project Details
-
7/28/2019 Oracle Database Vault for SAP
28/99
Database Vault Certification for SAP
Technical Prerequisites and Requirements
Oracle Database Release 10.2.0.4
Oracle database is installed and configured accordingto joint
Oracle/SAP recommendations Database patches SAP note 1137346
Database parameters SAP note 830576
SAP NetWeaver with SAP Kernel Release 7.00+ SAP BR*Tools Release
7.00 Patchlevel 36+
-
7/28/2019 Oracle Database Vault for SAP
29/99
Project Overview
Technical Requirements DBV Software and Documentation
DBV Installation Preparation
DBV Installation Steps
DBV Configuration Steps
DBV Best practices
DBV Overview of Changes
More advanced configurations
Summary
Database Vault Certification for SAP
Project Details
-
7/28/2019 Oracle Database Vault for SAP
30/99
Database Vault Certification for SAP
DBV software and documentation
Oracle software for RDBMS and Database Vault canbe downloaded
from SAP Service Marketplace
http://service.sap.com/oracle-download Oracle 10.2.0.4 RDBMS
10.2.0.4 Patchset, RDBMS Patches DBV 10.2.0.4 Software, DBV
Patches
DBV scripts
Documentation about Oracle Database Vault for SAP SAP note
1241462 (accessible for Pilot customers only)
Planned: Oracle whitepaper about SAP on Oracle with DV Oracle
documentation (Install Guides, Admin Guide, Release
notes, White papers on OTN)
-
7/28/2019 Oracle Database Vault for SAP
31/99
Project Overview
Technical Requirements
DBV Software and Documentation
DBV Installation Preparation
DBV Installation Steps
DBV Configuration Steps
DBV Best practices
DBV Overview of Changes
More advanced configurations
Summary
Database Vault Certification for SAPProject Details
-
7/28/2019 Oracle Database Vault for SAP
32/99
Database Vault Certification for SAP
DBV Installation Preparation Steps
Installation of DBV will affect
Database Software (ORACLE_HOME)
Database (Installation of new db components)
Database Parameters
1. Backup ORACLE_HOME and Oracle Inventory
2. Backup your database (brbackup)
3. Backup your database configuration files(OH/dbs,
OH/network/admin)(init.ora, sqlnet.ora, tnsnames.ora,
listener.ora)
-
7/28/2019 Oracle Database Vault for SAP
33/99
Database Vault Certification for SAP
DBV Installation Preparation Steps (2)
Preparation Steps:
Create a working directory for the installation (spool
output, install logs, software, patches, stages, ) Ensure that
all database connections are working as
expected Check database connections (as ora adm user
before DBV is installed)
Verify database connection via R3trans d
Turn off database auditing
can be turned on again after DBV installation Rename temporary
tablespace SQL> ALTER TABLE PSAPTEMP RENAME TO TEMP;
-
7/28/2019 Oracle Database Vault for SAP
34/99
Database Vault Certification for SAP
DBV Installation Preparation Steps (3)
Preparation Steps:
Configure Oracle Enterprise Manager DB Control EM DB Control is
per default not configured in SAP envs.
Prerequisite for Database Vault Administrator (DVA) Gui
DVA uses same OC4J configuration as DB Control
Run Database Configuration Assistant DBCA to install EMDB
Control
%dbca
-
7/28/2019 Oracle Database Vault for SAP
35/99
Database Vault Certification for SAP
DBV Installation Preparation Steps EM DB Control
-
7/28/2019 Oracle Database Vault for SAP
36/99
Database Vault Certification for SAP
DBV Installation Preparation Steps EM DB Control
-
7/28/2019 Oracle Database Vault for SAP
37/99
Database Vault Certification for SAP
DBV Installation Preparation Steps EM DB Control
-
7/28/2019 Oracle Database Vault for SAP
38/99
Database Vault Certification for SAP
DBV Installation Preparation Steps EM DB Control
-
7/28/2019 Oracle Database Vault for SAP
39/99
Database Vault Certification for SAP
DBV Installation Preparation Steps EM DB Control
-
7/28/2019 Oracle Database Vault for SAP
40/99
Database Vault Certification for SAP
DBV Installation Preparation Steps (4)
Preparation Steps:
Download and extract Database Vault Policy Scriptsfor SAP
sqlplus / as sysdba
SQL> @dbv_sap_prerequisite_script.sql
creates new database accountsbefore installing DV
-
7/28/2019 Oracle Database Vault for SAP
41/99
Database Vault Certification for SAP
DBV Installation Preparation Steps (5)
Last preparation Steps:
Download Database Vault Software from SAPService Marketplace and
extract to a staging area
Stop SAP Application
Shutdown Oracle Instance and all Oracle processes
running from the ORACLE_HOME
Database Vault Certification for SAP
-
7/28/2019 Oracle Database Vault for SAP
42/99
Project Overview
Technical Requirements
DBV Software and Documentation
DBV Installation Preparation
DBV Installation Steps
DBV Configuration Steps
DBV Best practices
DBV Overview of Changes
More advanced configurations
Summary
Database Vault Certification for SAPProject Details
D t b V lt C tifi ti f SAP
-
7/28/2019 Oracle Database Vault for SAP
43/99
Database Vault Certification for SAP
DBV Installation Steps (1)
Start runInstaller from DBV stage./runInstaller
(interactive or silent install)
D t b V lt C tifi ti f SAP
-
7/28/2019 Oracle Database Vault for SAP
44/99
Database Vault Certification for SAP
DBV Installation Steps (1)
D t b V lt C tifi ti f SAP
-
7/28/2019 Oracle Database Vault for SAP
45/99
Database Vault Certification for SAP
DBV Installation Steps (1)
Database Vault Certification for SAP
-
7/28/2019 Oracle Database Vault for SAP
46/99
Database Vault Certification for SAP
DBV Installation Steps (1)
Database Vault Certification for SAP
-
7/28/2019 Oracle Database Vault for SAP
47/99
Database Vault Certification for SAP
DBV Installation Steps (1)
Database Vault Certification for SAP
-
7/28/2019 Oracle Database Vault for SAP
48/99
Database Vault Certification for SAP
DBV Installation Steps (1)
Database Vault Certification for SAP
-
7/28/2019 Oracle Database Vault for SAP
49/99
Database Vault Certification for SAP
DBV Installation Steps (1)
Database Vault Administrator URL:
https://:1158/dva
Enterprise Manager Database Control URL:
https://:1158/em
Database Vault Certification for SAP
-
7/28/2019 Oracle Database Vault for SAP
50/99
Database Vault Certification for SAP
DBV Installation Steps (2)
Post-Installation Steps
Rename temporary tablespace back
SQL> ALTER TABLESPACE
Adapt certain database parameters that werechanged during DBV
installation
os_authent_prefix, remote_os_authent
Start EM DB Control: % emctl start dbconsole
Run DBV Post-Install Script for SAP
post_dbv_install_secadmin.sql
post_dbv_install_secacctmgr.sql
Logon to DBV Administrator
Database Vault Certification for SAP
-
7/28/2019 Oracle Database Vault for SAP
51/99
Database Vault Certification for SAP
DBV Installation Steps (3)
Database Vault Certification for SAP
-
7/28/2019 Oracle Database Vault for SAP
52/99
Database Vault Certification for SAP
DBV Installation Steps (3)
Logon to DBV Admininstrator as SECADMIN
Database Vault Certification for SAP
-
7/28/2019 Oracle Database Vault for SAP
53/99
Project Overview
Technical Requirements
DBV Software and Documentation
DBV Installation Preparation
DBV Installation Steps
DBV Configuration Steps
DBV Best practices
DBV Overview of Changes
More advanced configurations
Summary
Project Details
Database Vault Certification for SAP
-
7/28/2019 Oracle Database Vault for SAP
54/99
Database Vault Certification for SAPDBV Configuration Steps
(1)
Run DBV configuration scripts for SAP
sqlplus /nolog
SQL> connect SECADMIN/
SQL> spool create_dbv_sap_policies.log
SQL> @create_dbv_sap_policies.sql
SQL> spool off
Database Vault Certification for SAP
-
7/28/2019 Oracle Database Vault for SAP
55/99
Database Vault Certification for SAPDBV Configuration Steps
(2)
Run tests
Basic Database connection tests
SAP Application Start/stop
Database Administration Tasks
SAP BR*Tools Backup/Recovery
Daily Database Administration Tasks
SAP Administration Tasks ...
Database Vault Certification for SAP
-
7/28/2019 Oracle Database Vault for SAP
56/99
Project Overview: Database Vault Integration Project:
ProjectStatus and Time Schedule
Technical Requirements DBV Software and Documentation
DBV Installation Preparation
DBV Installation Steps
DBV Configuration Steps
DBV Best practices
DBV Overview of Changes
DBV Open issues
Special configurations
Summary
Project Details
Database Vault Certification for SAP
-
7/28/2019 Oracle Database Vault for SAP
57/99
atabase au t Ce t cat o o SDBV Best Practices
Configure glogin.sql for sqlplus cd
$ORACLE_HOME/sqlplus/admin
Add the following lines to glogin.sql:-- Set SQL prompt
SET sqlprompt "_user _privilege '@' _connect_identifier>
Result:
sqlplus / as sysdba
SYS AS SYSDBA @ QO1> connect / as sysoper
PUBLIC AS SYSOPER @ QO1> connect /
OPS$ORAQO1 @ QO1>
Database Vault Certification for SAP
-
7/28/2019 Oracle Database Vault for SAP
58/99
Project Overview: Database Vault Integration Project:
ProjectStatus and Time Schedule
Technical Requirements DBV Software and Documentation
DBV Installation Preparation
DBV Installation Steps
DBV Configuration Steps
DBV Best practices
DBV Overview of Changes
DBV Open issues
Special configurations
Summary
Project Details
Database Vault Certification for SAP
-
7/28/2019 Oracle Database Vault for SAP
59/99
Overview of changes
Installation of DBV changes and affects:
New software component
New database components and database users
Database Vault Certification for SAP
-
7/28/2019 Oracle Database Vault for SAP
60/99
Overview of changes
New database schema for Database Vault SYSMAN schema (EM
Repository)
DVSYS/DVF schema (DBV Repository)
New Database Vault Accounts
SECADMIN: DBV Security Administratormanages DBV security
policy
SECACCTMGR: DBV Account Mgr
Create/drop/alter database users
Database Vault Certification for SAP
-
7/28/2019 Oracle Database Vault for SAP
61/99
Overview of changes
New database accounts for SAP ABAP_CRED_MGR: account to manage
SAP account
password
SUPPORT_USER: Login account for Oracle/SAP Support
Login account for Oracle/SAP Support
locked by default
EMERGENCY_USER: Login account in an emergency /support
situation
Login account in an emergency situation
Same privileges as SUPPORT_USER
Database Vault Certification for SAP
-
7/28/2019 Oracle Database Vault for SAP
62/99
Overview of changes
New database accounts for SAP BR_DBA: DBA account (instead of
Oracle default account
SYSTEM) Account with DBA privilege for database
administration
with SAP BR*Tools
Replaces Oracle Default DBA account SYSTEM
Database Vault Certification for SAP
-
7/28/2019 Oracle Database Vault for SAP
63/99
GOAL
GOAL: Protection of SAP Application DataDBA/SYSDBA account can
not see/access SAP
data any more
sqlplus / as SYSDBASQL> select * from SAPSR3.T100;ORA-01031:
insufficient privileges
Database Vault Certification for SAP
-
7/28/2019 Oracle Database Vault for SAP
64/99
Defined Realms
Default Realms Oracle Database Vault Account Management
Oracle Database Vault Oracle Data Dictionary
Oracle Enterprise Manager
SAP Realms SAP Protection Realm for ABAP Stack SAP Protection
Realm for Java Stack
SAP Application Administration Realm for SAP BRTools
SAP Application Credential Protection Realm SAP Application
Protection Realm for SAP Admin Roles
Database Vault Certification for SAPD li d S it P li i
-
7/28/2019 Oracle Database Vault for SAP
65/99
Delivered Security Policies
Database Vault Certification for SAPProject Details
-
7/28/2019 Oracle Database Vault for SAP
66/99
Project Overview
Technical Requirements
DBV Software and Documentation
DBV Installation Preparation
DBV Installation Steps
DBV Configuration Steps
DBV Best practices
DBV Overview of Changes
More advanced configurations
Summary
Project Details
Database Vault Certification for SAPM d d fi ti
-
7/28/2019 Oracle Database Vault for SAP
67/99
More advanced configurations
Real Application Clusters / RAC
Tranparent for DBV
Data Guard Physical Standby Tranparent for DBV
MCOD
Customer input is needed
3rd-party application installed
Generic guidelines
Database Vault Certification for SAPProject Details
-
7/28/2019 Oracle Database Vault for SAP
68/99
Project Overview
Technical Requirements
DBV Software and Documentation
DBV Installation Preparation
DBV Installation Steps
DBV Configuration Steps
DBV Best practices
DBV Overview of Changes
More advanced configurations
Summary
Project Details
Database Vault Certification for SAPSummary Current Status
Plans
-
7/28/2019 Oracle Database Vault for SAP
69/99
Summary Current Status Plans
Initial evaluation tests with DBV and SAP startedDecember
2007
Internal Integration tests with SAP and DBV stillongoing (2008)
during pilot phase
Pilot tests started in September 2008
-
7/28/2019 Oracle Database Vault for SAP
70/99
SAP Certification
Database Vault Application Protection Matrix
Database Vault with SAPDelivered Security Policies
-
7/28/2019 Oracle Database Vault for SAP
71/99
Delivered Security Policies
Database Vault with SAPDelivered Security Policies
-
7/28/2019 Oracle Database Vault for SAP
72/99
Delivered Security Policies
Database Vault with SAPDelivered Security Policies
-
7/28/2019 Oracle Database Vault for SAP
73/99
Delivered Security Policies
-
7/28/2019 Oracle Database Vault for SAP
74/99
Best Practices Overview: Separation of Duty
Database Vault Separation of Duty
-
7/28/2019 Oracle Database Vault for SAP
75/99
Database Vault Defines Three main responsibilities Account
Management responsibility
Security Administration responsibility
Traditional DBA responsibility These responsibilities can be
further subdivided
Security Administration responsibility
Security Administration
Security Reporting Traditional DBA responsibility: with rule
sets and command
rules, it can be subdivided to any required level.
Optionally can be consolidated to :
Security and Account Management responsibility Resource
Management responsibility
Separation of Duty Best Practice
-
7/28/2019 Oracle Database Vault for SAP
76/99
SOD is important for companies Big and Small Have separate
accounts:
Named accounts for database account management
Named accounts for Database Security Administration
Named accounts for DBAs
Create at least two named accounts for each responsibility
Auditors look for
Separate database accounts for different responsibilities Being
able to track the actions of each account
Less important is the Number of people doing the tasks
Database Vault audit events are protected
Reports show any attempted violations
Best Practices For Deploying Database VaultMain Stages and their
Steps
-
7/28/2019 Oracle Database Vault for SAP
77/99
Strategy Analysis and Design Stage
Build and Document Stage
Recommendations for
Pre-Installation Installation
Post Installation
Naming Convention
Transition and Production Stages Deployment Recommendations
-
7/28/2019 Oracle Database Vault for SAP
78/99
Strategy, Analysis, and Design Stage
Identifying Your Security RequirementsWhat to protect and who to
authorize
-
7/28/2019 Oracle Database Vault for SAP
79/99
What databases and applications need to be protected? Oracle
Applications
Partner Applications
Custom Applications Who needs to be authorized to access
business data?
Application Owners through middle tier processes
Business Users through Application interface
Who needs to manage the system without accessingbusiness data?
Back end users for:
Backup Patching
Tuning and Monitoring
Identifying Your Security RequirementsHow to implement
Separation of Duty?
-
7/28/2019 Oracle Database Vault for SAP
80/99
Who will be setting up new database accounts?
Who will be running security audit reports?
Who will be doing security administration of the database?
Creating Realms and Command Rules
Setting security policies for database users access
Authorizing database users to what they are allowed to do
Who are the Alternate accounts for management andsecurity?
Identifying Your Security RequirementsWhat is the current access
structure?
-
7/28/2019 Oracle Database Vault for SAP
81/99
Who are all the users currently having access? What kind of
access do they need?
Application Owners -> data access
Patching DBAs -> temporary access during patching time only
Backup DBAs -> predefined time to do backup using predefined
tools
Tuning DBAs -> on-going performance monitoring and
analysis
Developers -> access to development instances only Data
Masking or Scrambling is required
Create a separation of duty matrix of who will be doing what,
When, and How?
Create an Application Protection Matrix
Example Separation of Duty Matrix
-
7/28/2019 Oracle Database Vault for SAP
82/99
-
7/28/2019 Oracle Database Vault for SAP
83/99
Build and Document Stage
Build and Document Stage
Build your Security Policies using API scripts
-
7/28/2019 Oracle Database Vault for SAP
84/99
Document the Application Security policies with the: The
Separation of Duty Matrix
The Application Protection Matrix
Document processes and Procedures for daily use cases:
Backup Patching
Tuning and Monitoring
Document production database accounts
The responsibilities of each Which should be locked by
default
When to use sys or system logins
Document Emergency or Break the Glass Scenarios
Reporting in production environment: Define Which reports to run
and who runs them
Identify the needed frequency for each report
Identify the parties these reports need to go to
-
7/28/2019 Oracle Database Vault for SAP
85/99
Transition and Production Stages
Transition and Production Stages
-
7/28/2019 Oracle Database Vault for SAP
86/99
Run a Full Test of Your Application Monitor Performance and tune
your rule expressions
Apply Your DBV API scripts to production environment
Hand responsibilities to the production support andsecurity
groups Hand Security responsibility to the Database Security
Admin
Hand Account Management to the Database Account Manager
Hand Resource Management to the DBAs
Backup Your DBV API scripts in a Secure Server
-
7/28/2019 Oracle Database Vault for SAP
87/99
Database Vault Performance Numbers
Database Vault Performance Numbers
P f d OLTP t t ALL i f DB V lt
-
7/28/2019 Oracle Database Vault for SAP
88/99
Performed OLTP tests on ALL versions of DB Vault 9.2.0.8
10.2.0.3
11.1
Each test had 6 different measure points: Vanilla Database
without DB Vault
DB Vault enabled
Setup Realm by itself Setup Command Rules without Realm
Setup Realms and Command Rules
Setup Command Rules, Realms, plus a CONNECT command rule
10 2 0 3 d 11 1
Database Vault Performance Numberstest profile
-
7/28/2019 Oracle Database Vault for SAP
89/99
10.2.0.3 and 11.1: Hardware profile:
Linux 64 bit on Em64t Dell server
4 CPUs with 3.40 GH
4 GB of RAM Number of users:
20 dedicated users with multiple connections each
Ramp up to over 400 concurrent database connections
9.2.0.8: Hardware profile:
Sun Solaris 9 Sparc, 64 bit on Sun4800-6 Sun-Fire server
8 CPUs
4 GB of RAM
Number of users: 20 dedicated users with multiple connections
each
Ramp up to over 400 concurrent database connections
10 2 0 3 b
Database Vault Performance Numbersresults
-
7/28/2019 Oracle Database Vault for SAP
90/99
10.2.0.3 numbers: Vanilla Database without DB Vault - Base
DB Vault enabled
zero overhead (within the margin of error 0.25 %)
Setup a Realm by itself
1% overhead
Setup Command Rules without Realm
1% overhead or less Setup Realms and Command Rules
1% to 1.5 % overhead
Setup Command Rules, Realms, plus a CONNECT command rule
1% to 2% overhead
9 2 0 8 and 11 1 numbers are comparable
Database Vault Performance Numbersresults
-
7/28/2019 Oracle Database Vault for SAP
91/99
9.2.0.8 and 11.1 numbers are comparable This is consistent with
the fact that DB Vault 9i is a back port of 11g
9.2.0.8 and 11.1 numbers:
Vanilla Database without DB Vault - Base
DB Vault enabled
zero overhead (within a margin of error 0.25 %)
Setup Realm by itself
less than 1% overhead
Setup Command Rules without Realm
1% overhead or less
Setup Realms and Command Rules
1% to 1.5% overhead
Setup Command Rules, Realms, plus a CONNECT command rule
1% to 1.5% overhead
-
7/28/2019 Oracle Database Vault for SAP
92/99
Database Vault certification with SAP
Work has started
-
7/28/2019 Oracle Database Vault for SAP
93/99
Work has started Customer Pilot kick-off in June 2008
Pilot Customers should have the following profile: Existing
production customers with SAP on Oracle database
Customers have to be on 10.2 database
Customers have to be on SAP ERP 2005 (SAP 6.1) or higher
Send your nominations to me:([email protected])
-
7/28/2019 Oracle Database Vault for SAP
94/99
Summary
-
7/28/2019 Oracle Database Vault for SAP
95/99
-
7/28/2019 Oracle Database Vault for SAP
96/99
Learn More
-
7/28/2019 Oracle Database Vault for SAP
97/99
SAP Service Marketplace site
Visit: http://service.sap.com/oracle-download
Oracle Technical Information, Demos, Software
Visit OTN: otn.oracle.com -> products ->database ->
security and compliance
-
7/28/2019 Oracle Database Vault for SAP
98/99
-
7/28/2019 Oracle Database Vault for SAP
99/99
