Go Oracle DB-Enhanced Data security management

Source: Internet
Author: User

describe how securefiles improves the performance of large object (LOB) data types? Access the securefiles using SQL and PL + + APIs
    • Manage Corporate Information
Organizations need to manage many types of data efficiently and securely:? Structured: Simple data, Object relational data? Semi-structured: XML documents, word processing documents? Unstructured: Media, medical data, image management enterprise information today, applications must deal with multiple types of data, which are divided into structured, semi-structured, and unstructureddata. With large object (LOB) functionality, you can store all of these types of data in a database and can beThe operating system (OS) files that are accessed from the database. When you save object relational data in a relational database, the textThe simplicity and performance of a piece system makes it ideal for storing file data.
    • Problems with existing LOB implementations
? LOB size limit? The main consideration is "write more than one read" data? Provides low-concurrency DML? User-defined version control? Unified Chunk Size: – Impact fragmentation – maximum size? The scalability of Oracle Real application Clusters (RAC)problem Problems with existing LOB implementations in Oracle8i, the LOB design is based on the following assumptions:? The size of the LOB instantiation is expected to be several megabytes.? LOBs are typically treated as "write-to-read" types of data. Is rarely updated, so it can be used for all types ofnew (large or small) the entire block is versioned. ? It is expected that very few batches will stream data. An online transaction processing (OLTP) type of work is not expected to occurvolume. ? The amount of restore that is retained is controlled by the user using the pctversion and retention parameters. This is an extra tube.management work. ? The chunk size is a static parameter, assuming that the lob size is usually uniform. Chunk size ofthe upper limit is KB. ? It is expected that there will be no high-concurrency writes in the Oracle RAC. The business requirements have changed significantly since the first implementation. LOB is now used in a similar way to relational data, withto store semi-structured and unstructured data of all sizes. Data size can be from thousands of bytes (for HTML chainingto a few megabytes (for streaming video). Oracle file systems that store all file system data in an LOBthe system encounters high concurrency access similar to OLTP. With the growing application of Oracle RAC, Oracle must be addressedScalability issues with RAC. The existing design of the LOB space structure does not meet these new requirements.
    • Oracle Securefiles
Oracle Securefiles re-engineered unstructured (file) dataapproach, providing the following new design:? Disk Format – variable block size? Network protocol – Improved input/output? Versioning and sharing mechanisms? Redo and restore algorithm – no user Configuration? Space and Memory Enhancements Oracle Securefiles Oracle Database one-to-one has completely redesigned the LOB data type as Oracle Securefiles, significantlyimproved performance, manageability, and ease of use for application development. The new implementation also provides next-generation advanced features such as Smartcan be compressed and transparently encrypted. When using Securefiles, the block size is between the size of the Oracle data block and the number of megabytes. Oracle DB attempts to make severalTo minimize internal fragmentation by concentrating on the adjacent physical location of the disk. By using a variable block size,Securefiles Avoid versioning unnecessary large lob chunks. The Securefiles also provides a new client/server network layer that allows servers that support higher read and write performanceand high-speed data transfer between the clients. Securefiles automatically determines the most efficient way to generate redo and restoreuser-defined parameters are not required. Securefiles automatically determines whether to generate redo and restore for changes only, or by buildingA complete redo record creates a new version. Because Securefiles needs to maintain various in-memory statistics to help allocate memory and space efficiently, itdesigned as an adaptive smart tool. As a result, it reduces the difficulty of using an unpredictable load to optimizethe number of parameters, manageability has improved.
    • Enable Securefiles Storage
You can enable Securefiles storage in the following ways:? Using the Db_securefile initialization parameter, this parameter can take the followingvalues:–always | Force |   Permitted |  Never | IGNORE? Use Enterprise Manager?  Using Alter SESSION | System command:sql> ALTER system SET Db_securefile = ' always '; Enabling Securefiles storage using Db_securefile initialization parameters, the database administrator (DBA) can determine the use of securefileswhere the valid values are:? Always: Try to create all lobs as Securefile lobs, but only automatic segment space management can be(ASSM) any lob outside the tablespace is created as a basicfile lob? Force: Forces all lobs to be created as Securefile lobs? Permitted: Allow Securefiles to be created (default value)? Never: Prohibit creation of securefiles? IGNORE: Disable creation of securefiles and ignore force creation of basicfiles with SECUREFILES optionany errors that are caused If never is specified, any lob specified as Securefiles is created as Basicfiles. If theBasicfiles Use any securefiles-specific storage options and features (such as compression, encryption, and de-duplication), thecan cause an exception error. The Basicfiles default value is used for any storage options that are not specified. If you specify aalways, all lobs created in the system are created as securefiles. Must be in the ASSM table spaceCreate the LOB, or an error will occur. All specified Basicfiles storage options are ignored. You can use the AlterThe SYSTEM command changes all stored securefiles default values, as shown in the slide show. You can also click the initialization Parameters in the Server tab (initialization parameter"link to set parameters using Enterprise Manager.
    • Securefiles: Advanced Features
? Oracle Securefiles offers the following advanced features: – Smart LOB compression – de-duplication – transparent encryption? These capabilities take advantage of the security, reliability, and scalability of the database. Securefiles: Advanced features the Oracle Securefiles implementation also provides next-generation advanced features such as smart compression and transparent encryption. Compression feature Supportexplicitly compresses the securefiles. Securefiles is only a set of data blocks required for random read or write access to transparent decompression.This automatically maintains a mapping between uncompressed and compressed offsets. If you change the compression level from medium toHigh , the mapping is automatically updated to reflect the new compression algorithm. De-duplication can automatically detect duplicatessecurefile LOB data and save space by storing only one copy-reduces disk storage, I/O, and heavydo event logging. You can specify that you cancel duplicates at the table level or at the partition level, but not across the partitioned lob. Cancel Duplicateyou need to use advanced compression options. Encrypted LOB data can now be stored and randomly read and written in the appropriate location, thus increasing the number ofsecurity of the data. Securefile lobs can only be encrypted by column (same as transparent data encryption). will use the same encryptionThe algorithm encrypts all the partitions in the LOB column. The Basicfiles data cannot be encrypted. Securefiles Branchindustry-Standard cryptographic algorithms: 3des168, AES128, AES192 (default), and AES256. Encryption is an advanced securitypart of the full option. Note: The compatible initialization parameter must be set to 11.0.0.0.0 or higher to use securefiles. InBasicfiles (formerly LOB) format is still supported under 11.1.0.0.0 compatibility. No 11.0.0.0.0 after setting thereduce the current function.
    • Securefiles: Storage Options
? MAXSIZE: Specify the maximum LOB segment size? RETENTION: Specifies the retention policy to use – Max: Preserves the old version until MaxSize is reached. –min: Keep the old version at least MIN seconds. –auto: Default value –none: Reuse older versions as much as possible. The following storage clauses do not apply to Securefiles:–chunk, Pctversion, Freepools, Freelists, andFREELIST GROUPS Securefiles: Storage option maxsize is a new storage clause that controls the physical storage properties of Securefiles. MaxSize Specifying and savingthe maximum segment size associated with the storage clause level. RETENTION Specifies the following entry for Securefiles:? MAX re-uses the old version after reaching segment maxsize. MIN keep the old version in the shortest time specified. AUTO is the default setting that balances space and time with the main tradeoff. This is automatically determined. NONE reuse older versions as much as possible. Using the ALTER TABLE statement to change retention only affects the space created after the statement is executed. For Securefiles, it is no longer necessary to specify chunk, Pctversion, Freepools, Freelists, andFREELIST GROUPS. To be compatible with existing scripts, these clauses are parsed but not interpreted.
    • Create Securefiles
CREATE TABLE Func_spec (ID number, doc CLOB ENC rypt USING ' AES128 ') LOB (DOC) STORE as Securefile( deduplicateLOB CACHE nologging); CREATE TABLE Test_spec (ID number, doc CLOB) LOB (DOC) STORE as Securefile( COMPRESS High Keep_duplicatesCACHE nologging); CREATE TABLE Design_spec (ID number, doc CLOB) LOB (DOC) STORE as Securefile(ENCRYPT); CREATE TABLE Design_spec (ID number, doc CLOB ENCRYPT) LOB (DOC) STORE as Securefile; Create Securefiles You can use the Store keyword in the CREATE TABLE statement to create a securefile with LOB columnsSecurefiles. LOB implementations in earlier database versions are now known as Basicfiles. To add a LOB column to a table, you can specify whether to create it as Securefiles or basicfiles. If no storage type is specified, the LOBcreate as Basicfiles to ensure backward compatibility. In the first example of a slide, a table named Func_spec is created to store the document asSecurefiles. In this example, you specify that you do not want duplicate content to store the lob, that the LOB is cached when Read ,And does not generate a restore when an update is performed on the lob. In addition, you specify that the AES128 encryption algorithm will be used to store thethe document in the Doc column is encrypted. Contrary to Deduplicate, keep_duplicates can be used in the Alterstatement. In the second example, you create a table named Test_spec that stores the document as Securefiles. Rightin this table, you specify that duplicate content can be stored, the LOB will be stored in a compressed format, and the LOB will be cached withoutto record. High compression settings require more work, but can provide more efficient data compression. Default Compressionit's medium. The compression algorithm is implemented on the server side, allowing random reads and writes of LOB data toThe ALTER statement to change it. The third and fourth examples above produce the same result: Use the default AES192 encryption to create a securefilesthe table for the LOB column.
    • Create Securefiles with Enterprise Manager
Using Enterprise Manager to create Securefiles can use the Tables (table) link in the Schema tab of Enterprise ManagerCreate a securefiles. When you click the Create button, you can target the list you want to store as SecurefileClick the Advanced Attributes button to enter any of the securefiles options. For backward compatibility, LOB implementations in earlier versions are still supported, and are now referred to as basicfiles. If theLOB columns are added to the table, you can specify whether to create them as Securefile or basicfile. If no storage is specifiedtype, lobs are created as basicfiles to ensure backward compatibility. You can select the following values for the cache options:? CACHE: To improve access speed, Oracle places the LOB page in the buffer cache. NOCACHE: As a parameter in the store as clause, NOCACHE specifies that the LOB value is not placed in the bufferCache. ? CACHE READS: The LOB value is placed in a buffer only during a read operation, not during a write operationCache. NoCache is the default value for Securefile and Basicfile lobs.
    • Shared I/O pools
In order to support shared memory (as opposed to the program Global Zone (PGA)), a large i/o,oracle Database is addeda shared I/O pool memory component for direct path access. This is only useful if you are creating Securefiles asNoCache (default). Shared I/O pool default size is zero, only if there is securefiles NoCache workload, the system will increase its size to 4% of the cache. Because this is a shared resource, it can be used by large concurrentSecurefiles workload usage. Unlike other pools, such as large pools or shared pools, user processes do not generateORA-04031 error, but will temporarily bounce back to the PGA before releasing more shared I/O pool buffers. The LOB cache is a new component in the Securefiles architecture by collecting and batching data and overlapping networksand disk I/O improves LOB access performance. LOB cache from buffer cache (regular buffer or sharedmemory of the I/O pool) borrowed memory. Because the memory borrowed from the buffer cache is essentially suitable for executing the databaseI/O and is suitable for fallback to the buffer cache after I/O is complete, thus avoiding unnecessary memory re-System. In a multi-instance Oracle Real application Clusters, the LOB cache retains a per-access loba lock.
    • Change Securefiles
Change Securefiles Use the deduplicate option to specify the same LOB data share in two or more rows of the LOB columna data block. The keep_duplicates is the opposite. Oracle detects duplicates using a secure hash index, andcombine lobs with the same content into one replica, reducing storage space and simplifying storage management. LOB offThe key word is optional, which can make the syntax clearer. The COMPRESS or nocompress keywords Enable or disable LOB compression, respectively. The new compression settings will changeall lobs in the LOB segment. The Encrypt or decrypt keyword can turn LOB encryption on or off using transparent Data encryption (TDE). New settingsall lobs in the LOB segment are changed. You can change the LOB segment to enable only or disable LOB encryption only. AlsoSaid, alter cannot be used to update an encryption algorithm or encryption key. Can be updated with ALTER TABLE rekey syntaxcryptographic algorithm or encryption key. With other options, performing encryption at the block level can improve performance (possibly the smallestamount of encryption).
    • Access to securefiles meta data
The data-tier interface is the same as the Basicfiles interface. Access the Securefiles Metadata Dbms_lob package: LOB inheritance for LOB column settings that are de-duplicated, encrypted, and compressed, or you can use LOB-fixedThe bit API is configured at each LOB level. However, these LOB settings cannot be configured with the long API. MustYou must use the following DBMS_LOB package additional functions for these features:? Dbms_lob. GetOptions: You can use this function to get the settings. Returned with predefined based on option typethe integer that corresponds to the constant. ? Dbms_lob. SetOptions: This procedure sets the feature and allows these features to be set by LOB, overwritingthe default LOB settings. This requires a round-trip server to make the changes permanent. Dbms_space. Space_usage: Overloading an existing space_usage process to return information about LOB spaceusage information. It returns the amount of disk space in the block used by all lobs in the LOB segment. This procedure can only be used to makeuse the tablespace created with ASSM and do not treat lob blocks that belong to Basicfiles as used space.
    • migrating to Securefiles
With the LOB interface superset, you can easily migrate from Basicfile lob. There are two kinds of suggestions for migrating to Securefilesmethod: Partition switching and online redefinition. Partition switching? Need extra space equal to the largest partition in the table? Can I maintain an index during an interchange? Can you spread the workload across multiple smaller maintenance windows? require a table or partition to be taken offline for Exchange online redefinition (recommended practice)? Don't require a table or partition to go offline? can be done in parallel? Require additional storage space equal to the entire table, and all LOB segments are available? Require rebuilding all global indexes these solutions typically mean twice times the amount of disk space used for data in the input LOB column. However, makeperforming these operations with partitioning and partitioning can help reduce the amount of disk space required.
    • Securefiles Migration: Example
Securefiles Migration: Examples can use the example on the slide to migrate basicfile lobs to Securefile lobs. First, create a table using Basicfiles. The example uses a partitioned table. Then, insert the data in the table. After that, create a temporary table with the same number of partitions, but this time use Securefiles. Note that this temporary table has a phasethe same columns and types. The last section demonstrates how to use the Dbms_redefinition procedure to redefine a temporary table that was previously createdtable.
    • Securefiles Monitoring
To show the usage of securefiles, the following views have been modified:? *_segments? *_lobs? *_lob_partitions? *_part_lobssql> SELECT segment_name, Segment_type, segment_subtype2 from dba_segments3 WHERE tablespace_name = ' SECF_ TBS2 ' 4 and Segment_type = ' lobsegment ' 5/segment_name segment_type segment_su-------------------- ------------------------------------sys_lob0000071583c00004$$ lobsegment securefile
    • Summary
? Securefiles Improve LOB performance? SQL and PL + + API access Securefiles

http://blog.csdn.net/rlhua/article/details/14126785

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.