公开(公告)号：US09723008B2

公开(公告)日：2017-08-01

申请号：US14848109

申请日：2015-09-08

Applicant: Oracle International Corporation

Inventor： Vadim Makhervaks ,  Richard Mousseau ,  Bjørn Dag Johnsen ,  Sumanta Chatterjee ,  Avneesh Pant ,  Jean De Lavarene ,  Kant C. Patel ,  Bhaskar Mathur ,  Feroz Alam Khan ,  Sudeep Vatsanath Reguna

IPC: H04L29/06

CPC classification number: H04L63/101 ,  H04L63/0236 ,  H04L63/0254 ,  H04L63/1458 ,  H04L63/20

Abstract: An integrated firewall provides security in a multi-tenant environment having a connection-based switched fabric directly connecting database servers which provide a plurality of database services with application servers hosting database service consumers each having a different database service consumer identity. The firewall functionality integrated into each database server provides access control by discarding communication packets which do not include a database service consumer identity and using the database service consumer identity in combination with an access control list to control access from the database service consumers to the database services. The access control includes address resolution access control, connection establishment access control, and data exchange access control based on said access control list. The integrated firewall enables direct connection of database servers and application servers via an InfiniBand network providing without requiring a separate intermediary firewall appliance or security node.

公开(公告)号：US20160072816A1

公开(公告)日：2016-03-10

申请号：US14848109

申请日：2015-09-08

Applicant: Oracle International Corporation

Inventor： Vadim Makhervaks ,  Richard Mousseau ,  Bjørn Dag Johnsen ,  Sumanta Chatterjee ,  Avneesh Pant ,  Jean De Lavarene ,  Kant C. Patel ,  Bhaskar Mathur ,  Feroz Alam Khan ,  Sudeep Vatsanath Reguna

IPC: H04L29/06

CPC classification number: H04L63/101 ,  H04L63/0236 ,  H04L63/0254 ,  H04L63/1458 ,  H04L63/20

Abstract: An integrated firewall provides security in a multi-tenant environment having a connection-based switched fabric directly connecting database servers which provide a plurality of database services with application servers hosting database service consumers each having a different database service consumer identity. The firewall functionality integrated into each database server provides access control by discarding communication packets which do not include a database service consumer identity and using the database service consumer identity in combination with an access control list to control access from the database service consumers to the database services. The access control includes address resolution access control, connection establishment access control, and data exchange access control based on said access control list. The integrated firewall enables direct connection of database servers and application servers via an InfiniBand network providing without requiring a separate intermediary firewall appliance or security node.

Abstract translation: 集成防火墙在多承租人环境中提供安全性，其具有直接连接数据库服务器的基于连接的交换结构，所述数据库服务器向承载具有不同数据库服务消费者身份的数据库服务消费者的应用服务器提供多个数据库服务。 集成到每个数据库服务器中的防火墙功能通过丢弃不包括数据库服务消费者身份的通信数据包并​​使用数据库服务消费者身份与访问控制列表组合来控制从数据库服务使用者到数据库服务的访问来提供访问控制 。 访问控制包括基于所述访问控制列表的地址解析访问控制，连接建立访问控制和数据交换访问控制。 集成防火墙可以通过InfiniBand网络直接连接数据库服务器和应用程序服务器，而无需单独的中间防火墙设备或安全节点。