database access management
play

Database Access Management Giacomo Tenaglia CERN IT/DB HEPiX - PowerPoint PPT Presentation

Sep 17, 2022 •191 likes •588 views

Database Access Management Giacomo Tenaglia CERN IT/DB HEPiX Spring 2012 CERN IT Department CH-1211 Geneva 23 Switzerland www.cern.ch/ i t Agenda Scenario and requirements DAM: overview Implementation details CERN IT

  1. Database Access Management Giacomo Tenaglia CERN IT/DB HEPiX Spring 2012 CERN IT Department CH-1211 Geneva 23 Switzerland www.cern.ch/ i t

  2. Agenda • Scenario and requirements • DAM: overview • Implementation details CERN IT Department CH-1211 Geneva 23 Database Access Management - G. Tenaglia - HEPiX Spring 2012 Switzerland www.cern.ch/ i t

  3. Scenario • O(100) servers • “Clusters” of 1 to 6 nodes • Access via SSH • High turnover of people – Admins – Users • “Flat” network CERN IT Department CH-1211 Geneva 23 Database Access Management - G. Tenaglia - HEPiX Spring 2012 Switzerland www.cern.ch/ i t

  4. Requirements: DB clusters Database Access Management - G. Tenaglia - HEPiX Spring 2012

  5. Requirements: DB clusters Database Access Management - G. Tenaglia - HEPiX Spring 2012

  6. Requirements: DB clusters Database Access Management - G. Tenaglia - HEPiX Spring 2012

  7. Requirements: Middleware Database Access Management - G. Tenaglia - HEPiX Spring 2012

  8. Requirements: Middleware Database Access Management - G. Tenaglia - HEPiX Spring 2012

  9. Requirements: Middleware Database Access Management - G. Tenaglia - HEPiX Spring 2012

  10. Requirements: Middleware Database Access Management - G. Tenaglia - HEPiX Spring 2012

  11. Requirements: Middleware Database Access Management - G. Tenaglia - HEPiX Spring 2012

  12. Requirements: Middleware Database Access Management - G. Tenaglia - HEPiX Spring 2012

  13. Requirements: Middleware Database Access Management - G. Tenaglia - HEPiX Spring 2012

  14. Requirements • Functional requirements – Group management • Track relationships (“who can access what”) • Membership delegation to group admins • Cluster equivalence – Ease key management – CLI and Web – Use standard CERN IT tools • Security requirements – Revoke access – PKI not shared passwords CERN IT Department CH-1211 Geneva 23 Database Access Management - G. Tenaglia - HEPiX Spring 2012 Switzerland www.cern.ch/ i t

  15. DAM Overview Database Access Management - G. Tenaglia - HEPiX Spring 2012

  16. DAM Overview Database Access Management - G. Tenaglia - HEPiX Spring 2012

  17. DAM Overview Database Access Management - G. Tenaglia - HEPiX Spring 2012

  18. DAM Overview Database Access Management - G. Tenaglia - HEPiX Spring 2012

  19. System Requirements • Database – Currently Oracle, API can be ported • Management Server – Password-less access to managed nodes • LDAP directory with groups (if needed) – Currently e-groups published via LDAP Database Access Management - G. Tenaglia - HEPiX Spring 2012

  20. Interface for Administrators • APEX screenshot Database Access Management - G. Tenaglia - HEPiX Spring 2012

  21. How It Works • APEX screenshot

  22. How It Works • APEX screenshot

  23. Interface for Users • APEX screenshot Database Access Management - G. Tenaglia - HEPiX Spring 2012

  24. How It Works: APEX • APEX screenshot Database Access Management - G. Tenaglia - HEPiX Spring 2012

  25. Interface for Group Admins Database Access Management - G. Tenaglia - HEPiX Spring 2012

  26. How It Works: APEX Database Access Management - G. Tenaglia - HEPiX Spring 2012

  27. Implementation Details • PL/SQL API, Perl, APEX Application • Extensive use of Kerberos – Service keytab on management host • Tested with CERN Security Team – Easier for users than SSH keys • LDAP groups managed by users (“egroups”) Database Access Management - G. Tenaglia - HEPiX Spring 2012

  28. Implementation Details • Parallel “Access refresh” • Source accounts – Generate private keys on the nodes • Managed servers pre-seeding – Integrated in CMS • Revoke public key – Consistency checks upon refresh Database Access Management - G. Tenaglia - HEPiX Spring 2012

  29. How It Works Database Access Management - G. Tenaglia - HEPiX Spring 2012

  30. How It Works Database Access Management - G. Tenaglia - HEPiX Spring 2012

  31. How It Works Database Access Management - G. Tenaglia - HEPiX Spring 2012

  32. How It Works Database Access Management - G. Tenaglia - HEPiX Spring 2012

  33. How It Works Database Access Management - G. Tenaglia - HEPiX Spring 2012

  34. How It Works Database Access Management - G. Tenaglia - HEPiX Spring 2012

  35. How It Works Database Access Management - G. Tenaglia - HEPiX Spring 2012

  36. How It Works Database Access Management - G. Tenaglia - HEPiX Spring 2012

  37. Current usage • 500 servers • 2000 accounts • 5 teams (developers, DBA, sysadmins) • 150 groups CERN IT Department CH-1211 Geneva 23 Database Access Management - G. Tenaglia - HEPiX Spring 2012 Switzerland www.cern.ch/ i t

  38. Summary • DAM helps secure our environment • Key success factor for 11g migration • API and source code could be made available to other sites if interested CERN IT Department CH-1211 Geneva 23 Database Access Management - G. Tenaglia - HEPiX Spring 2012 Switzerland www.cern.ch/ i t

  39. Q&A Thank you! Giacomo.Tenaglia@cern.ch Credits: Alvaro Gonzalez Alvarez Andrea Ieri, Artur Wiecek, Dawid Wojcik Jacek Wojcieszuk CERN IT Department CH-1211 Geneva 23 Database Access Management - G. Tenaglia - HEPiX Spring 2012 Switzerland www.cern.ch/ i t

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Database Access via Programming Languages 5DV119 Introduction to Database Management Ume a

Database Access via Programming Languages 5DV119 Introduction to Database Management Ume a

Database Access via Programming Languages 5DV119 Introduction to Database Management Ume a University Department of Computing Science Stephen J. Hegner hegner@cs.umu.se http://www.cs.umu.se/~hegner Database Access via Programming

348 views • 20 slides
Database Management System CEN 351 Course Description A database management system (DBMS) is

Database Management System CEN 351 Course Description A database management system (DBMS) is

Database Management System CEN 351 Course Description A database management system (DBMS) is a computer application program designed for the efficient and effective storage, access and update of large volumes of information. This course

399 views • 7 slides
Last Time Why Database Management Systems? IT420: Database Management and High-level

Last Time Why Database Management Systems? IT420: Database Management and High-level

Last Time Why Database Management Systems? IT420: Database Management and High-level abstractions for data access, Organization manipulation, and administration Data integrity and security Performance and scalability Introduction

224 views • 9 slides
CS 61: Database Systems Access via programming languages Agenda 1. Direct database access 2.

CS 61: Database Systems Access via programming languages Agenda 1. Direct database access 2.

CS 61: Database Systems Access via programming languages Agenda 1. Direct database access 2. Web APIs 3. Node.js 2 Python can directly query the database Steps to access MySQL from Python 1. Install connector to MySQL: sudo pip install

578 views • 14 slides
Databases CS111 Part 1 Part 2 Know what a database is. Learning how to use Microsoft Access , a

Databases CS111 Part 1 Part 2 Know what a database is. Learning how to use Microsoft Access , a

Databases CS111 Part 1 Part 2 Know what a database is. Learning how to use Microsoft Access , a database management system Understand why they are useful and when you might want to use one. - Create a database Have a basic understanding of

800 views • 37 slides
Database Management System (DBMS) DBMS contains information about a particular enterprise

Database Management System (DBMS) DBMS contains information about a particular enterprise

Advanced Database System Architectures Advanced Topics in Database Management (INFSCI 2711) Textbook: Database System Concepts - 6 th Edition, 2010 Vladimir Zadorozhny, DINS, SCI University of Pittsburgh 1 Database Management System (DBMS) DBMS

545 views • 20 slides
Database Utilities 10/17/2007 DC/Win Database Utilities Opening Database Utilities From File on

Database Utilities 10/17/2007 DC/Win Database Utilities Opening Database Utilities From File on

Database Utilities 10/17/2007 DC/Win Database Utilities Opening Database Utilities From File on the Menu Bar DC/Win Database Utilities Options Vary Depending on Database Two Types of Databases Sequel (SQL) Database Access Database

460 views • 6 slides
Databases might want to use one. - Create a database Have a basic understanding of how the most

Databases might want to use one. - Create a database Have a basic understanding of how the most

8/05/18 Part 1 Part 2 Know what a database is. Learning how to use Microsoft Access , a database management system Understand why they are useful and when you Databases might want to use one. - Create a database Have a basic understanding

459 views • 10 slides
61A Lecture 33 Announcements Database Management Systems Database Management System Architecture

61A Lecture 33 Announcements Database Management Systems Database Management System Architecture

61A Lecture 33 Announcements Database Management Systems Database Management System Architecture 4 Architecture of a Database System by Hellerstein, Stonebreaker, and Hamilton Query Planning The manner in which tables are filtered, sorted,

208 views • 20 slides
Announcements 61A Lecture 34 Database Management System Architecture Database Management Systems

Announcements 61A Lecture 34 Database Management System Architecture Database Management Systems

Announcements 61A Lecture 34 Database Management System Architecture Database Management Systems 4 Architecture of a Database System by Hellerstein, Stonebreaker, and Hamilton Query Planning The manner in which tables are filtered, sorted,

185 views • 3 slides
Distributed Transaction Management Advanced Topics in Database Management (INFSCI 2711) Some

Distributed Transaction Management Advanced Topics in Database Management (INFSCI 2711) Some

Distributed Transaction Management Advanced Topics in Database Management (INFSCI 2711) Some materials are from Database Management Systems, Ramakrishnan and Gehrke and Database System Concepts, Siberschatz, Korth and Sudarshan and Data

515 views • 24 slides
Database Management Limitations of Relational Database Designs Systems Provides a set of

Database Management Limitations of Relational Database Designs Systems Provides a set of

Lecture 2 Database Management Limitations of Relational Database Designs Systems Provides a set of guidelines, does not result in a unique database schema Winter 2004 Does not provide a way of evaluating alternative schemas CMPUT

387 views • 17 slides
GE 103- Database Management Course Introduction DBMS Database == Data collection managed by a

GE 103- Database Management Course Introduction DBMS Database == Data collection managed by a

Lecture 1 GE 103- Database Management Course Introduction DBMS Database == Data collection managed by a specialized software called a Database Management System (DBMS) Why a whole course in Databases? Banking, ticket reservations, customer

243 views • 20 slides
Wisconsin Project Management Database August 2, 2018 Kathryn Miller WI Office of Rural Health

Wisconsin Project Management Database August 2, 2018 Kathryn Miller WI Office of Rural Health

Wisconsin Project Management Database August 2, 2018 Kathryn Miller WI Office of Rural Health Access Database Housed on a server, which allows for multiple users Used to track Flex and SHIP grants Keeps a historical record of

744 views • 16 slides
Content Management Systems Week 14 LBSC 671 Creating Information Infrastructures Putting the

Content Management Systems Week 14 LBSC 671 Creating Information Infrastructures Putting the

Content Management Systems Week 14 LBSC 671 Creating Information Infrastructures Putting the Pieces Together Web Server Browser Database HTML SQL Query CGI Results HTML Why Database-Generated Pages? Remote access to a database

796 views • 28 slides
Advanced Database Management Systems Database Management Systems Alvaro A A Fernandes School of

Advanced Database Management Systems Database Management Systems Alvaro A A Fernandes School of

Advanced Database Management Systems Database Management Systems Alvaro A A Fernandes School of Computer Science, University of Manchester AAAF (School of CS, Manchester) Advanced DBMSs 2011-2012 1 / 144 Outline Database Management Systems:

2.09k views • 144 slides
Algorithmic techniques for sparse graphs Z. Dvo rk Charles University, Prague Beroun 2011

Algorithmic techniques for sparse graphs Z. Dvo rk Charles University, Prague Beroun 2011

Algorithmic techniques for sparse graphs Z. Dvo rk Charles University, Prague Beroun 2011 Z. Dvo rk Algorithmic techniques for sparse graphs Goal Design efficient algorithms polynomial-time approximation FPT . . . for hard

463 views • 32 slides
Kevin Laatz & Ciara Loftus FOSDEM 2020 Introduction

Kevin Laatz & Ciara Loftus FOSDEM 2020 Introduction

Kevin Laatz & Ciara Loftus FOSDEM 2020 Introduction https://www.dpdk.org/wp-content/uploads/sites/35/2019/07/14-AF_XDP-dpdk-summit-china-2019.pdf

749 views • 51 slides
Stream Processing with Apache Apex Thomas Weise Apache Apex PMC Chair thw@apache.org @thweise

Stream Processing with Apache Apex Thomas Weise Apache Apex PMC Chair thw@apache.org @thweise

Stream Processing with Apache Apex Thomas Weise Apache Apex PMC Chair thw@apache.org @thweise @atrato_io October 30, 2017, Dagstuhl Seminar Stream Processing with Apache Apex Real-time visualization, Transform / Analytics Data Sources Data

398 views • 22 slides
MOVING FORWARD WHEN TOBACCO PREEMPTION IS IN EFFECT TCN and PHLC Tobacco Preemption Virtual

MOVING FORWARD WHEN TOBACCO PREEMPTION IS IN EFFECT TCN and PHLC Tobacco Preemption Virtual

MOVING FORWARD WHEN TOBACCO PREEMPTION IS IN EFFECT TCN and PHLC Tobacco Preemption Virtual Series July 25, 2019 Webinar Logistics This webinar is being recorded Full webinar materials will be made available via email and will be

972 views • 65 slides
Lecture 4.5: Hot early life and the hot early Earth The Apex Chert microfossils/ Oxygen isotopes

Lecture 4.5: Hot early life and the hot early Earth The Apex Chert microfossils/ Oxygen isotopes

41st Saas-Fee Course From Planets to Life 3-9 April 2011 Lecture 4.5: Hot early life and the hot early Earth The Apex Chert microfossils/ Oxygen isotopes and paleoclimate/ Gaucher et al. and the hot early Earth J. F. Kasting Apex Chert

277 views • 11 slides
St Storage performance modeling for future systems Yoonho Park May 3, 2016 Agenda Storage

St Storage performance modeling for future systems Yoonho Park May 3, 2016 Agenda Storage

St Storage performance modeling for future systems Yoonho Park May 3, 2016 Agenda Storage challenges Burst buffer APEX workflows document Machines analyzed LANL workflows performance modeling Workflow time distribution

441 views • 10 slides
Generative Adversarial Networks (GANs) By: Ismail Elezi ismail.elezi@gmail.com Supervised

Generative Adversarial Networks (GANs) By: Ismail Elezi ismail.elezi@gmail.com Supervised

Generative Adversarial Networks (GANs) By: Ismail Elezi ismail.elezi@gmail.com Supervised Learning vs Unsupervised Learning Supervised Learning vs Unsupervised Learning Supervised Learning vs Unsupervised Learning Supervised Learning vs

979 views • 80 slides
The Three Beaars . . . . The Three Beaars Dyalog 12 . requirements for their

The Three Beaars . . . . The Three Beaars Dyalog 12 . requirements for their

. Snake Island Research Inc Robert Bernecky October 10, 2012 bernecky@snakeisland.com tel: +1 416 203 0854 Toronto, Canada 18 Fifth Street, Wards Island Robert Bernecky . Basically, Every Array Allocation Reduces Speed The Three Beaars

1.4k views • 101 slides

More recommend