Databases Reference
In-Depth Information
How It Works
ASM-scoped security on Exadata is a means to restrict Exadata grid disks to specific Oracle RAC clusters on the
Exadata compute grid. In other words, in situations in which you have an Exadata Full Rack or Half Rack and elected
to build separate Oracle clusters of subsets of the servers, you can use ASM-scoped security to isolate grid disk storage
for different sets of clustered environments.
ASM-scoped security is accomplished by the following:
db_unique_
name
instances are assigned to each set of ASM instances on multiple Oracle RAC clusters on
an Exadata Database Machine
•
Creating a cell key for each unique Oracle RAC cluster; this assumes that different
/etc/oracle/cell/network-config/cellkey.ora
on the compute nodes
•
Copying the key to
db_unique_name
•
Altering grid disks and assigning them to an ASM
When would this configuration typically be done? Consider an organization that purchases an Exadata Full Rack
and intends to consolidate production and non-production environments. ASM-scoped security can be beneficial or
required under the following business requirements:
•
When the required compute node power for production is a subset of the available resources
on the eight-node Full Rack compute grid
•
When you want the flexibility to leverage physical storage from each of the 14 storage cells; in
other words, you want to carve your compute grid into multiple Oracle clusters but allow each
of your compute grid to access each cell
•
When you desire to have your production database always use grid disks built on the outer
tracks of the Exadata cell disks, for performance
•
When you have patching or systems life-cycle requirements in which multiple Oracle Grid
Infrastructure installations on a single Exadata Database Machine
•
When you want to prevent non-production ASM instances from accessing production storage
and vice versa
•
When you wish to physically isolate I/O calls based on site security requirements
12-4. Configuring Database-Scoped Security
Problem
You wish to restrict database storage for different Exadata databases to specific sets of Exadata grid disks.
Solution
In this recipe, you will learn how to configure Database-scoped security on Exadata to allow or restrict Oracle
databases instances to and from access specific Exadata grid disks. Figure
12-2
shows an example of Database-scoped
security in which different databases in an Exadata cluster are restricted to specific sets of grid disks.
Search WWH ::
Custom Search