Re: SQL*Net encryption with SSH port forwarding
- From: "Mark Brinsmead" <pythianbrinsmead@xxxxxxxxx>
- To: Amir.Hameed@xxxxxxxxx
- Date: Tue, 7 Nov 2006 18:06:02 -0700
I suspect that Tanel is right -- you are likely to experience (very)
substantial CPU load on your database server if you do this much.
Given that you're probably paying somewhere between $5,000 and $100,000 per
CPU to run Oracle, consuming CPU cycles this way can be pretty costly.
Rather than using SSH tunnels, you could tunnel through SSL instead. There
are free software solutions for this (e.g., "stunnel") and -- more
importantly -- readily available hardware solutions. (Sorry -- it's about 7
years since I last researched this, so I can't name any names.) Hardware
devices meant to offload SSL encryption from busy webservers have been
around for many years, and are comparatively cheap. You don't have to save
a lot of CPUs on your database server to justify one.
Heck, you may well be able to do the same with SSH these days, too. Try
googling something like "SSL SSH hardware accelerator" and see what pops
up...
On 11/6/06, Hameed, Amir <Amir.Hameed@xxxxxxxxx> wrote:
Folks,
Is anyone in this list using SSH port-forwarding methodology to encrypt
SQL*Net data, preferably in an 11i environment? If yes then could you
please your share your experience with me? I am interested in knowing a)
How did it work for you b) any major issues encountered that one should
watch out for c) Performance overhead d) robustness
Thanks
Amir
--
//www.freelists.org/webpage/oracle-l
--
Cheers,
-- Mark Brinsmead
Senior DBA,
The Pythian Group
http://www.pythian.com/blogs
Other related posts:
