Data integrity algorithms add little overhead, and protect against the following attacks:. SHA-1 is slightly slower than MD5, but produces a larger message digest, making it more secure against brute-force collision and inversion attacks. Oracle Advanced Security Release 8. This provides independent confirmation that Oracle Advanced Security conforms to federal government standards. Authentication is used to prove the identity of the user.
Authenticating user identity is imperative in distributed environments, without which there can be little confidence in network security. Passwords are the most common means of authentication. Oracle Advanced Security enables strong authentication with Oracle authentication adapters that support various third-party authentication services, including SSL with digital certificates. Figure shows user authentication with an Oracle database configured to use a third-party authentication server.
Having a central facility to authenticate all members of the network clients to servers, servers to servers, users to both clients and servers is one effective way to address the threat of network nodes falsifying their identities. Centralized authentication also provides the benefit of single sign-on SSO for users. Single sign-on enables users to access multiple accounts and applications with a single password.
A user only needs to log on once and can then automatically connect to any other service without having to give a username and password again. Single sign-on eliminates the need for the user to remember and administer multiple passwords, reducing the time spent logging into multiple services. Figure shows how a centralized network authentication service typically operates:. Oracle Advanced Security supports the following industry-standard authentication methods:. Oracle Advanced Security support for Kerberos provides the benefits of single sign-on and centralized authentication of Oracle users.
Kerberos is a trusted third-party authentication system that relies on shared secrets. It presumes that the third party is secure, and provides single sign-on capabilities, centralized password storage, database link authentication, and enhanced PC security. It does this through a Kerberos authentication server. See Chapter 6, "Configuring Kerberos Authentication" for information about configuring and using this adapter.
Oracle authentication for Kerberos provides database link authentication also called proxy authentication. Kerberos is also an authentication method that is supported with Enterprise User Security. RADIUS can be used with a variety of authentication mechanisms, including token cards and smart cards. It has memory and a processor and is read by a smart card reader located at the client workstation.
Some token cards dynamically display one-time passwords that are synchronized with an authentication service. The server can verify the password provided by the token card at any given time by contacting the authentication service.
Other token cards have a keypad and operate on a challenge-response basis. In this case, the server offers a challenge a number that the user enters into a token card. The token card provides a response another number cryptographically derived from the challenge that the user enters and sends to the server. DCE is a set of integrated network services that works across multiple systems to provide a distributed environment.
Oracle DCE Integration consists of the following two components:. Depending on the need, applications can choose to integrate very tightly with the DCE services or choose to plug in the other security authentication services provided by Oracle Advanced Security. SSL provides authentication , data encryption , and data integrity. For authentication, SSL uses digital certificates that comply with the X.
In order to use the features listed above, you must purchase licenses for the Configuration Management Pack. The Configuration Management Pack functionality can be accessed by the Enterprise Manager and through the Enterprise Manager repository views. The use of either interface requires licensing of the Configuration Management Pack. These features are no longer part of the Configuration Management Pack.
However, if you have previously licensed the Configuration Management Pack for Oracle Database, you are entitled to use these features without licensing the Oracle Provisioning and Patch Automation Pack.
When you click the Setup link, the navigation bar contains the Management Pack Access link. Click this link. This will take you to the Management Pack Access page, which allows you to grant and remove access from all the management packs. This will disable all the links and tabs associated with the Configuration Management Pack in Enterprise Manager. All the disabled links and tabs are part of the Configuration Management Pack and therefore require pack license. From the Monitoring page, the Alerts and Policy Violations link: all reports.
From the Monitoring page, the Disabled Policies link: all reports. From the Security page, the Security Policy Overview link: all reports. The Oracle Data Masking and Subsetting Pack facilitates the creation of production- like data for non-production environments by replacing production data with fictitious yet realistic values.
Generation of the fictitious data can be performed during export or on a separate staging server. The Subsetting functionality provides the ability to mask a portion of the original data.
Subsetting can also be used without masking to extract a portion of the original data. If you want to use the Oracle Database Gateways listed above not solely for the purposes of Oracle Data Masking and Subsetting Pack, then you must purchase full-use licenses for the Oracle Database Gateways.
Oracle Data Masking and Subsetting functionality cannot be executed directly against the non-Oracle database. From the Oracle database or cluster database target home page, click the Schema menu , then Application Data Models. All features, functions, links, buttons, and drill-downs on these menus are licensed as part of the Oracle Data Masking and Subsetting Pack.
From the Oracle database or cluster database target home page, click the Schema menu , then Data Masking Definitions. From the Oracle database or cluster database target home page, click the Schema menu , then Data Masking Format Library. From the Oracle database or cluster database target home page, click the Schema menu , then Data Subsetting. The Oracle Diagnostic Pack provides automatic performance diagnostic and advanced system monitoring functionality.
The Diagnostic Pack includes the following features:. In order to use the features listed above, you must purchase licenses for the Diagnostic Pack. The Diagnostics Pack functionality can be accessed by Enterprise Manager links as well as through the database server command-line APIs. The use of either interface requires a Diagnostic Pack license.
This will disable all the links and tabs associated with the Diagnostics Pack in Enterprise Manager. All the disabled links and tabs are part of the Diagnostics Pack and therefore require pack license. Diagnostics Pack features can also be accessed by way of database server APIs and command-line interfaces:. The Oracle Provisioning and Patch Automation Pack automates the deployment of software, applications, and patches for the database and underlying operating system.
It makes critical data center operations easy, efficient and scalable resulting in lower operational risk and cost of ownership.
The ability to provision the entire software stack that includes the operating system and the database, supplemented by comprehensive reporting tools make Oracle Provisioning and Patch Automation Pack an extremely significant entity in overall System Management space. The Oracle Tuning Pack provides database administrators with expert performance management for the Oracle environment, including SQL tuning and storage optimizations.
Therefore, to use the Tuning Pack, you must also have a Diagnostic Pack. Oracle Connection Manager. Available via a custom install of the Oracle Database client, usually installed on a separate machine or compute instance. Client Side Query Cache. Database Smart Flash Cache. Oracle Database In-Memory. Automatic Workload Management.
Oracle Advanced Security. Oracle Database Vault. Oracle Label Security. Real Application Security. Oracle Spatial and Graph. Oracle Spatial and Graph no longer requires an extra cost license. See Oracle Database Insider blog post for more information. Partitioned spatial indexes. Oracle Partitioning. Oracle Machine Learning formerly Advanced Analytics. Oracle Machine Learning no longer requires an extra cost license.
Oracle Advanced Compression. Prefix Compression also called Key Compression. Basic Table Compression. Bitmapped index, bitmapped join index, and bitmap plan conversions. Parallel capture and apply via XStream. Transportable tablespaces, including cross-platform and full transportable export and import. Summary management—Materialized View Query Rewrite. Table lists Oracle Database options, the Oracle Database offerings for which each option is available, and the features that are included with each option.
You must be licensed for an option in order to use any of its features. Fast Incremental Backup on Physical Standby. In an Oracle Data Guard configuration, Oracle Active Data Guard must be licensed on any standby databases with any of the above features in use, as well as the primary database. If there are additional standby databases in the Oracle Data Guard configuration that are not using any of the Oracle Active Data Guard features, those standby databases do not require an Oracle Active Data Guard license.
Oracle Active Data Guard must still be licensed on standby databases, if any other of the above features are in use. Exadata Flash Cache Compression This feature can be enabled only on Exadata storage servers, and all database processors that access the Exadata storage servers must be licensed for Oracle Advanced Compression. Oracle Advanced Security includes a restricted use license for certain Oracle Enterprise Manager features.
Oracle Database Vault includes a restricted use license for certain Oracle Enterprise Manager features. Oracle Label Security includes a restricted use license for certain Oracle Enterprise Manager features.
For EE and PE , the ability to have up to pluggable databases per multitenant container database. A restricted use license for Oracle Multitenant is included with all Oracle Database offerings.
Oracle Real Application Testing includes the following features:. The Oracle Real Application Testing license is required on both capture and replay systems for Database Replay and is charged by the total number of CPUs on those systems.
Database Migration Planner, introduced in Oracle Enterprise Manager Cloud Control 13c, provides a data-driven and systematic approach to consolidation by eliminating guess work and human errors. On the database target home page, select the Administration menu, then select Database Migration Planner.
All features, functions, links, buttons, and drill-downs on this page are licensed as part of the Database Migration Planner. Database Migration Workbench, introduced in Oracle Enterprise Manager Cloud Control 13c Release 4, is a single workbench that integrates all needs for migration sizing and performance comparison.
All features, functions, links, buttons, and drill-downs on this page are licensed as part of the Database Migration Workbench. Table lists Oracle management packs, the Oracle Database offerings for which each pack is available, and the features that are included with each pack.
You must be licensed for a management pack in order to use any of its features. Database-as-a-Service comprising self-service database provisioning on physical or virtual infrastructure. Support shared server, shared cluster, and shared database Schema-as-a-Service deployment models. Virtual assembly provisioning. For example, if there is an assembly topology of three VMs two WebLogic Server-managed servers and one database , you will need both packs to cover the respective tiers.
Metering and chargeback based on fixed cost, utilization metrics and configuration parameters of the database. Starting on the Enterprise Summary home page, click the Enterprise menu. Cloud , then Infrastructure Home. Cloud , then Infrastructure Request Dashboard.
Cloud , then Infrastructure Policies. Cloud , then Middleware and Database Home. Cloud , then Middleware and Database Request Dashboard. Cloud , then Self Service Portal. Cloud , then Service Instances. Provisioning and Patching , then Database Provisioning. Starting on the Enterprise Summary home page, click the Setup menu. Provisioning and Patching , then Storage Registration. On the Multitenant container database's home page, from the Oracle Database menu, select Provisioning , then Provision Pluggable Database.
These verbs operate on a database pool. The following objects within the repository schema are licensed under Oracle Cloud Management Pack for Oracle Database:. Also, any report created using the "create-like" feature of BI publisher referring the preceding reports, falls under this license.
If you want to use the Oracle Database Gateways listed above not solely for the purposes of Oracle Data Masking and Subsetting Pack, then you must purchase full-use licenses for the Oracle Database Gateways. Oracle Data Masking and Subsetting functionality cannot be executed directly against the non-Oracle database. Oracle Data Masking and Subsetting Pack must be licensed only for the source database server, i.
There is no requirement to license the pack for the staging database server on which masking and subsetting operations are executed, or for copies made of the masked database. All features, functions, links, buttons, and drill-downs on these Oracle Enterprise Manager menus are licensed as part of the Oracle Data Masking and Subsetting Pack. Starting on the Enterprise Summary home page, click the Enterprise menu, then Quality Management , then select:. From the Oracle database or cluster database target home page, click the Security menu, then select:.
Data Masking Definitions. With the purchase of Oracle Database Lifecycle Management Pack for Oracle Database, you also are entitled to the features described in the following sections. The init. The Licensed Links, features, and functions listed in the following sections apply only to the Oracle Database target and the associated host an Oracle Database is deployed on.
For management on non-Oracle Database targets, you must purchase the appropriate management pack. All features, functions, links, buttons, and drill-downs on this menu are licensed as part of Oracle Database Lifecycle Management Pack for Oracle Database.
From the Oracle database or cluster database target home page, click the Oracle Database menu, then Provisioning. From the Oracle cluster database target home page, click the Oracle Database menu, then Provisioning.
Oracle Advanced Security provides the following encryption algorithms to protect the privacy of network data transmissions:. Selecting the network encryption algorithm is a user configuration option, providing varying levels of security and performance for different types of data transfers.
Prior versions of Oracle Advanced Security provided three editions: Domestic, Upgrade, and Export, each with different key lengths. Oracle Advanced Security 11 g Release 2 Users deploying prior versions of the product can obtain the Domestic edition for a specific product release.
The magnitude of penalty depends on the speed of the processor performing the encryption. AES is a symmetric block cipher that can process data blocks of bits, using cipher keys with lengths of , , and bits, which are referred to as AES, AES, and AES, respectively.
All three versions operate in outer-CBC mode. To ensure the integrity of data packets during transmission, Oracle Advanced Security can generate a cryptographically secure message digest using the SHA-1 hashing algorithm and include it with each message sent across a network. Oracle Advanced Security Release 8. This provides independent confirmation that Oracle Advanced Security conforms to federal government standards. Authentication is used to prove the identity of the user.
Authenticating user identity is imperative in distributed environments, without which there can be little confidence in network security. Passwords are the most common means of authentication. Oracle Advanced Security enables strong authentication with Oracle authentication adapters that support various third-party authentication services, including SSL with digital certificates.
Figure shows user authentication with an Oracle database instance configured to use a third-party authentication server. Having a central facility to authenticate all members of the network clients to servers, servers to servers, users to both clients and servers is one effective way to address the threat of network nodes falsifying their identities. Centralized authentication also provides the benefit of single sign-on SSO for users.
Single sign-on enables users to access multiple accounts and applications with a single password. A user only needs to login once and can then automatically connect to any other service without having to giving user name and password again.
Single sign-on eliminates the need for the user to remember and administer multiple passwords, reducing the time spent logging into multiple services. Figure shows how a centralized network authentication service typically operates. A user client requests authentication services and provides identifying information, such as a token or password.
The authentication server validates the user's identity and passes a ticket or credentials back to the client, which may include an expiration time. The client passes these credentials to the Oracle server concurrent with a service request, such as connection to a database. If the credentials were accepted by the authentication server, then the Oracle server authenticates the user. If the authentication server rejected the credentials, then authentication fails, and the service request is denied.
Oracle Advanced Security supports the following industry-standard authentication methods:. Oracle Advanced Security support for Kerberos provides the benefits of single sign-on and centralized authentication of Oracle users.
0コメント