Iwo is a Percona Support Engineer (EMEA) since August 2017.
Prior to joining Percona Iwo was a System Administrator for more than 10 years with a focus on high availability, performance and automation. He also was helping many companies in designing infrastructure and ha/failover solutions.
The purpose of the talk is to present how to enable SSL and data-at-rest encryption and to how SSL and data-at-rest encryption work in under-the-hood of Percona XtraDB Cluster. The presentation will cover a process of making Percona XtraDB Cluster (PXC) secure.
- A configuration of Client-Server Traffic encryption. Is there any difference between C-S encryption in PXC and PS?
- A configuration of replication encryption (SST, IST). How does it work under-the-hood?
- How to make things more comfortable with the pxc-encrypt-cluster-traffic variable.
- PXC data-at-rest encryption. How does it work? How to configure it?
Is there any part of data that is unencrypted? Yes.
- Temporary files encryption.
- Binlog encryption. Possible or not?
- keyring_file. Is useful? How to make it profitable?
- keyring_vault. How does it work?
- Is Mix-match keyring plugins possible? Yes, but useful only when transitioning from keyring_file.
- What is happening in SST when data-at-rest is enabled?
- Performance overhead.
The purpose of the talk is to present data-at-rest encryption implementation in Percona Server for MySQL.
Differences between Oracle's MySQL and MariaDB implementation.
- How it is implemented?
- What is encrypted:
- General tablespace?
- Double write buffer/parallel double write buffer?
- Temporary tablespaces? (KEY BLOCKS)
- Slow/general/error logs?
- MyISAM? MyRocks? X?
- Performance overhead.
- Transportable tablespaces. Transfer key.
- Keyrings in general
- Key rotation?
- General-Purpose Keyring Key-Management Functions
- Is useful? How to make it profitable?
- Keyring Vault
- How does it work?
- How to make a transition from keyring_file
Troubleshooting the database-related problems turns out to be not a simple task even if you run your database on-premise. And performance debug can become a nightmare when you run it as a managed service in AWS/GCP/Azure, because you have no access to the underlying OS, and series of DB metrics gathered by your monitoring solution is the only subject you have to explore.
The talk will make an overview of a monitoring possibilities available for MySQL/PostgreSQL managed database in case of AWS, GCP, and Azure cloud providers. We will review what monitoring data can be gathered, speak about data granularity, and discuss ways to export these metrics to Prometheus for their simplified representation and wide/complex troubleshooting analysis of the whole instance.