Sounds like a solid plan. Plus since ONTAP-NFS sees the clone as a separate volume you only need to export the clone to the less secure network.
If you really want to split it security-wise, you could implement multistore and assign the clone to a vfiler which is managed administratively like a separate box and gives you an even bigger firewall. I think that may be overkill, but it's there if you want it.
-- Adam Fox ------------------------ Typed with my thumbs on a very small keyboard.
----- Original Message ----- From: Stephen C. Losen scl@sasha.acc.virginia.edu To: toasters@mathworks.com toasters@mathworks.com Sent: Fri Mar 27 10:04:56 2009 Subject: Security best practice question
Hello toasters,
Our Oracle admins are replacing their old FC SAN storage and are considering going with NetApp and NFS. But they are concerned about security.
They are really attracted to flex clone because they would like to instantly replicate a database on a secure, firewalled Oracle server, run a job to sanitize the clone and then serve the sanitized DB from a less secure Oracle server in a DMZ. They are concerned that if the DMZ server were hacked, could it be leveraged to gain unauthorized NFS access, perhaps by hijacking an IP address?
I have suggested that they set up two separate private data Ethernets, one for the secure servers and one for the DMZ servers. Use two different address blocks (subnets) and plug the netapp into both networks with two different ethernet ports. That way the netapp would never send data exported to the secure servers out the interface for the DMZ servers.
Am I on the right track here? Is this "secure enough"? Is there an easier way? We don't have any Kerberos infrastructure and we can't sacrifice performance, so I think NFSv4 is out.
Steve Losen scl@virginia.edu phone: 434-924-0640
University of Virginia ITC Unix Support