Thanks for your input on all points. Let me explain my suggested setup
first and then tell me if it still seems absurd.
Point 1: We have an isolated network performing critical functionality.
This network has absolutely no connectivity to the outside world/internet
Point 2: Data from this network would be replicated to a MySQL server
connected to a SAN
Point 3: The TCP/IP connection between the production machine and the MySQL
server would be protected via a firewall/access control
Point 4: This SAN would ONLY be responsible for holding the
replicated/non-production data. The OS for the MySQL server would reside on
local hard-drive
Point 5: An external MySQL server having it's own local OS hard-drive, but
sharing the database stored on the SAN drive
Point 6: Firewalls/Access Control would be used to grant/deny access to the
External MySQL server, thereby adding an additional layer of security at the
network level.
Point 7: Essentially, A DMZ has been created encapsulating the two MySQL
servers and the SAN they would both access.
I was not very clear when I originally submitted this issure to the group.
Thanks,
Matthew Harris
Systems Engineer
Peoples Energy - Gas Control
(312) 240-4752
m.harris@stripped
-----Original Message-----
From: root [mailto:root@stripped]
Sent: Wednesday, January 21, 2004 12:37 PM
To: mysql@stripped
Cc: dnelson@stripped; Harris, Matt
Subject: Re: Shared Physical Database Question
I have to comment on this one....... You don't know me so feel free to
discard :)
I am not sure your management folks have any idea of what they are
requesting...
They request that you have no TCP/IP access but it seems like direct FIBER
CHANNEL is ok? I can't think of a worse security problem than direct block
access to a file system. On a compromised server that is like giving the
cracker a free ride.
I am sure that their concern is security and that is understandable, but
having a computer on the outside of your TCP/IP network that is directly
connected to your SAN is no more secure. Your SAN is most likely a separate
network (Unless you are using ISCSI) but it is still a network. A cracked
server then has direct access to your SAN file system... Not so good.
As far as solving your problem goes... I can't think of a single way to
automatically update the exterior server without some type of network,
either access to the SAN or the IP network. I guess you could manually copy
the MySQL data (mysqldump) to a CD and then manually copy them to the
exterior server. You might point out the labor overhead involved with that
scenario to your management people.
Time to take the design spec tools away from your managers :)
Jason McKnight
Mgr. Information Services
The InSite Group,LLC
m.harris@stripped <mailto:m.harris@stripped> wrote:
The one major design spec, my management has requested, is lack of TCP/IP
connectivity between the two servers using the data. One network is
completely isolated from the outside world/internet, however we are trying
to find a secure way to allow outside users to query historical data that
currently resides on the isolated network.
Thanks,
Matthew Harris
Systems Engineer
Peoples Energy - Gas Control
(312) 240-4752
m.harris@stripped <mailto:m.harris@stripped>
-----Original Message-----
From: Dan Nelson [ mailto:dnelson@stripped
<mailto:dnelson@stripped> ]
Sent: Wednesday, January 21, 2004 11:48 AM
To: Harris, Matt
Cc: mysql@stripped <mailto:mysql@stripped>
Subject: Re: Shared Physical Database Question
In the last episode (Jan 19), m.harris@stripped
<mailto:m.harris@stripped> said:
Could someone please tell me if tyhe following is possible or if a
solution
accomplishing the same thing is available?
I would like to build a database using two MySQL servers accessing
the same physical file on a common Drive attached to each computer
via a SAN. Can this be done or is there data integrity issues and
database file locking issues?. Our main goal is to provide the data
gathered on a secure network and allow it to be seen on an insecure
network. I do understand that this can be accomplished using
firewalls and other networking tools, but our management has been
very firm in their insistence that a user has no direct network
access to our internal/secure LAN.
You might want to check out replication, so that you can push a
read-only copy of the tables to a mysqld running on the web server.
