Oracle Data Mask

NETAPP TECHNICAL REPORT
Oracle Data Masking and Regulatory Compliance Using SnapManager 3.0 for Oracle
Kannan Mani and Antonio Jose Rodrigues Neto, NetApp April 2009 | TR-3762
Abstract This document describes how to create a master clone that has sensitive data masked using the Oracle data masking pack and SnapManager 3.0 for Oracle postclone option. It also describes how to create multiple clones from the master clone.
Oracle Data Masking and regulatory compliance using SnapManager for Oracle 3.0
TABLE OF CONTENTS
1 INTRODUCTION ......................................................................................................................... 3
1.1 1.2 PURPOSE AND SCOPE .................................................................................................................................3 PREREQUISITES FOR USING THIS SOLUTION ..........................................................................................3
2 SOLUTION OVERVIEW.............................................................................................................. 4
2.1 SOLUTION ARCHITECTURE .........................................................................................................................4
3 SNAPMANAGER FOR ORACLE AND ORACLE DATA MASKING ......................................... 5

3.1 3.2 SNAPMANAGER FOR ORACLE 3.0 ..............................................................................................................5 ORACLE DATA MASKING PACK ..................................................................................................................6
4 DEPLOYMENT PROCESS AND SETUP INSTRUCTIONS ....................................................... 7

4.1 4.2 4.3 4.4 4.5 4.6 DEPLOYMENT PROCESS ..............................................................................................................................7 CREATING SAMPLE DATA ...........................................................................................................................7 CREATING BACKUP FOR GOLDEN IMAGE ................................................................................................8 DATA MASKING GOLDEN IMAGE USING ORACLE DATA MASKING ....................................................13 CLONE WITH SNAPMANAGER FOR ORACLE 3.0 AND CALL POSTTASK FOR DATA MASKING ......14 CREATING CLONE FROM GOLDEN IMAGE USING SNAPMANAGER FOR ORACLE ...........................23
5 CONCLUSION .......................................................................................................................... 24 6 ACKNOWLEDGMENTS ........................................................................................................... 24 APPENDIX A: POSTCLONE SCRIPT ............................................................................................ 25 APPENDIX B: CHECKING GOLDEN IMAGE ................................................................................ 26
INTRODUCTION
Safeguarding production data and preventing leaks of confidential or sensitive information to nonproduction users have become corporate imperatives for all organizations, thanks to an abundance of global regulations governing data privacy. The Sarbanes Oxley Act of 2002 in the United State or the Financial Instruments Exchange Law (FIEL) of Japan (also called J-SOX) provides enhanced standards on internal controls for corporate information. The Health Insurance Portability and Accountability Act (HIPAA) of 1996 in the United States and the European Unions Data Protection Directive are a part of the global laws governing the privacy of personal data related to individuals. Even credit card payment processors have adopted Payment Card Industry (PCI) standards regarding the use and sharing of credit card information. Organizations have always maintained confidential, personally identifiable, or sensitive information in their production databases. These organizations must protect the use and sharing of this information in compliance with regulations or risk the fines and penalties that accompany violations of these data privacy laws. These fines and penalties can cost companies thousands of dollars per day. Thus, no organization can afford to break these laws and risk the unsavory publicity caused by unauthorized data breaches. SnapManager for Oracle 3.0 and the Oracle Data Masking Pack can help organizations comply with privacy and confidentiality laws by masking sensitive or confidential data in nonproduction environments that leverage database clones.
1.1
PURPOSE AND SCOPE
This report details how to create a masked golden clone using SnapManager for Oracle 3.0 and Oracle Data Masking. SnapManager 3.0 for Oracle postclone option is used to call Oracle Data Masking to mask sensitive data. 1.2 PREREQUISITES FOR USING THIS SOLUTION
This report is intended for Oracle Database administrators, storage administrators, and architects who are designing and implementing Oracle development and testing solutions using Oracle Databases running on NetApp and third-party data and storage management solutions requiring regulatory compliance. Readers should have a solid understanding of the architecture and administration of Oracle Databases. We recommend reviewing the following documentation: Data ONTAP 7.2 or 7.3 System Administration Guide SnapManager 3.0 for Oracle Installation and Administration Guide SnapManager 3.0 for Oracle Release Notes SnapDrive 4.1 for UNIX Installation and Administration Guide (for Oracle on UNIX) NetApp Best Practice Guidelines for Oracle NetApp Best Practice Guidelines for Oracle Database 11g Oracle Enterprise Manager 10g Data Masking Pack
2
2.1
SOLUTION OVERVIEW
SOLUTION ARCHITECTURE
Following are the use cases used with SnapManager for Oracle 3.0 and Oracle Data Masking to provide this solution. The deployment process is shown in Figure 1.
Generate production database schema using the Swingbench oewizard tool Create a production database clone using SMO 3.0 Use postclone scripts to call Oracle Data Masking to mask Oracle data within the clone Masking columns (foreign keys) to demonstrate integrity of the masking process
ProductionSite
AnyNonNetApp Storage(HPEVA)
Dev/TestSite
NetApp storage FlexClone
SnapManager3.0 forOracle
Read/Write
DatabaseDataFiles DatabaseLogFiles
Figure 1) Architecture of a Non-NetApp to NetApp Oracle environment that was set up to create data-masked clones.
ProductionSite
NetApp storage
MirrorSite
NetApp storage FlexClone
SnapManager3.0 forOracle
Read/Write
DatabaseDataFiles DatabaseLogFiles
Figure 2) Architecture of a NetApp to NetApp Oracle environment that was set up to create data-masked clones.
3
3.1
SNAPMANAGER FOR ORACLE AND ORACLE DATA MASKING

SNAPMANAGER FOR ORACLE 3.0
SnapManager for Oracle is a data management tool that leverages NetApp Snapshot, SnapRestore, and FlexClone to provide near instantaneous and space-efficient backup, restore, and cloning for Oracle Databases. SnapManager for Oracle provides a graphical user interface (GUI) or command-line interface (CLI) to enable DBAs to perform frequent backups, enable rapid restores, and quickly create space-efficient Oracle Database clones for use in development, test, QA, training, and other processes. SnapManager integrates with native Oracle technology and allows IT organizations to scale their storage infrastructure to meet increasingly stringent SLA commitments while improving the productivity of database and storage administrators across the enterprise.
Production
Mirror
MasterMaskedClone
Dev1
Dev2
DevN
Test1
Test2
TestN
Figure 3) Data masking in a master clone so that multiple clones can be created for both development and testing environments.
3.2
ORACLE DATA MASKING PACK
Organizations routinely share production application data for a variety of reasons. For example, database administrators copy production data into testing environments for realistic and accurate application testing, or businesses share nonspecific consumer information with market research organizations. This requires most organizations to mask sensitive parts of its production data to protect against inadvertent or intentional discovery. Today, these processes are manual and error-prone and can lead to exposing sensitive data to unauthorized users. The Oracle Data Masking Pack enables regulatory compliance through consistent and rule-based application of masking formats across enterprise-wide databases. The Oracle Data Masking Pack supports a rich and extensible format library that can support a variety of mask formats and needs only to be defined once. This helps make sure of consistent enforcement of information security policies and allows organizations to share data quickly and broadly without violating privacy regulations.
4
4.1
DEPLOYMENT PROCESS AND SETUP INSTRUCTIONS

DEPLOYMENT PROCESS
Figure 4) Five-step deployment process for data masking using SnapManager 3.0 for Oracle.
4.2
CREATING SAMPLE DATA
Sample data can be created by installing the sample schemas that come with Oracle Enterprise Edition, or it can be generated using Swingbench. Swingbench is used in this solution to create sample production data, which in a customer deployment is the actual production data.
4.3
CREATING BACKUP FOR GOLDEN IMAGE
Repository: SMOMASTER Host: atl46001 Profile: SPANKY3
On Profile: SPANKY3 select Backup option
On Backup option, click Next
Label: Snap-Golden Image Comment: Golden Image NetApp Snapshot Copy Type: Auto (Online Backup) Retention Class: Hourly
Select Full Backup
10
Click Backup
Backup is running
11
Backup has finished with success
Backup creating successful
12
4.4
DATA MASKING GOLDEN IMAGE USING ORACLE DATA MASKING Follow Replacing Sensitive Data Using the Data Masking Pack steps for creating Oracle Data Masking script.
Oracle Enterprise Grid Control Database: Spanky3
Select Full Script button and Copy and Paste to clipboard or a file.
13
4.5
CLONE WITH SNAPMANAGER FOR ORACLE 3.0 AND CALL POSTTASK FOR DATA MASKING
Select Clone from previous backup on SnapManager for Oracle
14
Click Next
New SID: golden Label: GoldenImage4Data Masking Comment: Golden Image for Data Masking
Add SQL statement alter tablespace TEMP add tempfile +DATA_GOLDEN/S PANKY3/temp4data masking.dbf size 1000m
Click Next
15
Data Masking Alert: Selecting "Define Format and Add" Results in "An Internal Error Has Occurred"
On this script it is necessary to add a tempfile on the TEMP tablespace for the cloning.
Doc ID: 728850.1 Applies to: Enterprise Manager for RDBMS - Version: 10.2.0.4.0: This problem can occur on any platform.
Symptoms: -- Problem Statement: On 10.2.0.4, on the "Masking Definition: Add Columns" page, when the link "Define Format and Add" is clicked, the following error is received: ERROR "Internal Error has occurred. Check the log file for details." -- Steps to Reproduce: In "Masking Definition: Add Columns," select any table or column and click "Define Format and Add. Cause Data Masking was unable to execute a SELECT statement due to receiving: ORA-25153: Temporary Tablespace is Empty (This was not in the log file.) Solution: First verify that there are no tempfiles: SQL> select tablespace_name, file_name from dba_temp_files; If there are no tempfiles associated with the temporary tablespace, add one using syntax like the following:
SQL> alter tablespace temp SQL> add tempfile '/oracle/oradata/V901/temp2_01.tmp' size 5m; See Note 178992.1 and Note 160426.1 for more information on this topic.
16
Click Post-Tasks and select Data Masking script (check Appendix A)
17
Select Data Masking Script and Press >> button
Click Next
Call the postscript for data masking the golden clone refer to appendix A for postscript Location: /opt/NetApp/smo/plu gins/clone/create/po st
18
Click Clone
19
Cloning database spanky3 generating a clone called golden that will have columns masked.
20
Check the log with the info about: Executing userdefined SQL statement
21
Check the log with the info about: Plugin Data Masking (NetApp and Oracle) Golden Image successfully completed
22
4.6
CREATING CLONE FROM GOLDEN IMAGE USING SNAPMANAGER FOR ORACLE
Creating Clone from Golden Image Cloned Database: dev with masked data
Refer to SnapManager 3.0 for Oracle Installation and Administration Guide for creating backup and cloning the Master clone.
23
Cloned Database: dev with masked data shown in SnapManager for Oracle 3.0
CONCLUSION
NetApp storage solutions provide robust, high-performance data storage for Oracle Database environments. NetApp SnapManager for Oracle, in combination with data masking tools such as Oracle Data Masking, Solix, and Applimation, simplifies and automates clone creation with masked data by leveraging NetApp Snapshot and FlexClone technologies to provide fast, spaceefficient, disk-based backups and rapid provisioning of Oracle environments. This solution helps organizations comply with privacy and confidentiality laws by masking sensitive or confidential data in staging a variety of clone database environments.
ACKNOWLEDGMENTS
Michael Doherty Consulting System Engineer, NetApp Greg Loughmiller - Professional Services Consultant, NetApp Steven Schuettinger - Technical Alliance Manager, NetApp Lynne Thieme - Sr. Mgr. Oracle Alliances Engineering, NetApp Bill Heffelfinger - Database and Business Apps Global Field Technology Lead, NetApp Tom Shields - Sr. Manager Solutions Marketing, NetApp Gary Franks MTS, NetApp Anand Ranganathan - Technical Marketing Engineer, NetApp
24
APPENDIX A: POSTCLONE SCRIPT

#!/bin/bash # Data Masking (NetApp and Oracle) - Golden Image (SMO) # Version 1.0 # Copyright (c) 2009 NetApp, Inc. # All rights reserved. # Authors: # - Kannan Mani # - Antonio Jose Rodrigues Neto (neto from Brazil) # - Anand Ranganathan # - Gary Franks # - Mike Doherty # - Greg Loughmiller name="Data Masking (NetApp and Oracle) - Golden Image" description="Data Masking (NetApp and Oracle) - Golden Image" context=$SM_TARGET_OS_USER timeout="0" parameter=() EXIT=0 function _exit { rc=$1 echo "Command complete." exit $rc } function usage { echo "usage: $(basename $0) { -check | -describe | -execute }" _exit 99 } function describe { echo "SM_PI_NAME:$name" echo "SM_PI_DESCRIPTION:$description" echo "SM_PI_CONTEXT:$context" echo "SM_PI_TIMEOUT:$timeout" IFS=^ for entry in ${parameter[@]}; do echo "SM_PI_PARAMETER:$entry" done _exit 0 } function check { _exit 0 } function execute { sqlplus / as sysdba <<EOF @/opt/NetApp/smo/plugins/clone/create/post/data-masking.sql exit EOF _exit $? }
25
case $(echo $1 | tr [A-Z] [a-z]) in -check) check ;; -execute) execute ;; -describe) describe ;; *) echo "unknown option $1" usage ;; esac
Note: Data Masking Script (data-masking.sql) is called from this postclone script.
APPENDIX B: CHECKING GOLDEN IMAGE

Original Database with sensitive data
26
Golden Image with masked data
For the golden image (Golden database) a possibility could be to execute a volume split to create an independent copy and image with data masking applied.
2009 NetApp. All rights reserved. Specifications are subject to change without notice. NetApp, the NetApp logo, Go further, faster, Data ONTAP, FlexClone, SnapDrive, SnapManager, SnapRestore, and Snapshot are trademarks or registered trademarks of NetApp, Inc. in the United States and/or other countries. UNIX is a registered trademark of The Open Group. Oracle is a registered trademark of Oracle Corporation. All other brands or products are trademarks or registered trademarks of their respective holders and should be treated as such.

Oracle Data Mask

Hochgeladen von

Dokumentinformationen

Originalbeschreibung:

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Oracle Data Mask

Hochgeladen von

Copyright:

Verfügbare Formate

NETAPP TECHNICAL REPORT

3 SNAPMANAGER FOR ORACLE AND ORACLE DATA MASKING ......................................... 5

4 DEPLOYMENT PROCESS AND SETUP INSTRUCTIONS ....................................................... 7

PURPOSE AND SCOPE

SNAPMANAGER FOR ORACLE AND ORACLE DATA MASKING

ORACLE DATA MASKING PACK

DEPLOYMENT PROCESS AND SETUP INSTRUCTIONS

CREATING SAMPLE DATA

CREATING BACKUP FOR GOLDEN IMAGE

Repository: SMOMASTER Host: atl46001 Profile: SPANKY3

On Profile: SPANKY3 select Backup option

On Backup option, click Next

Select Full Backup

Backup has finished with success

Backup creating successful

Oracle Enterprise Grid Control Database: Spanky3

Select Clone from previous backup on SnapManager for Oracle

Click Post-Tasks and select Data Masking script (check Appendix A)

Select Data Masking Script and Press >> button

CREATING CLONE FROM GOLDEN IMAGE USING SNAPMANAGER FOR ORACLE

APPENDIX A: POSTCLONE SCRIPT

APPENDIX B: CHECKING GOLDEN IMAGE

Golden Image with masked data

Das könnte Ihnen auch gefallen