オラクルのインフラおよび プラットフォーム・クラ 2 | ORACLE CLOUD SERVICES...
date post
28-Mar-2018Category
Documents
view
229download
1
Embed Size (px)
Transcript of オラクルのインフラおよび プラットフォーム・クラ 2 | ORACLE CLOUD SERVICES...
ORACLE | 2016 3
ORACLE CLOUD SERVICES SECURITY WHITE PAPER
ORACLE CLOUD SERVICES SECURITY WHITE PAPER
1
0
1. 1
2. Oracle Cloud Services: 4
3. 6
4. Oracle Cloud 8
5. 14
6. 18
7. 36
8. 37
1 | ORACLE CLOUD SERVICES SECURITY WHITE PAPER
IaaS2015165US201432.8
Gartner20142019(CAGR)29.1
[http://www.gartner.com/newsroom/id/3055225]
SUSAN MOORE
GARTNER
1.
Infrastructure as a Service (IaaS)
(CIO)
CIO
Oracle Cloud
Oracle Cloud
Oracle Cloud
Oracle Cloud
Oracle Compute Cloud ServiceOracle Storage Cloud ServiceOracle
Network Cloud ServiceOracle Java Cloud Service Oracle Database Cloud Service
Oracle Cloud https://www.oracle.com/cloud
Oracle Cloud
2 | ORACLE CLOUD SERVICES SECURITY WHITE PAPER
:
:
:
:
:
Oracle :
Oracle
Oracle Cloud
30
3 | ORACLE CLOUD SERVICES SECURITY WHITE PAPER
Oracle Cloud
IaaS Platform as a Service (PaaS)Compute
StorageNetworkingDatabaseJavaProcessMobileData Management Business
Analytics IaaS PaaS
4 | ORACLE CLOUD SERVICES SECURITY WHITE PAPER
2. Oracle Cloud Services:
Oracle Cloud
Oracle
Oracle Cloud Infrastructure as a Service (IaaS)
Oracle Cloud
IaaS
3
Oracle Compute Cloud Service
Oracle Cloud
Elastic Compute Dedicated Compute
Oracle
Compute Cloud ServiceRepresentational State Transfer (REST) API
(CLI) Web UI
Oracle Storage Cloud Service
Oracle Storage Cloud
Service OpenStack Swift REST APIOracle Storage Cloud Software
Appliance NFSv4Java API
Web
Java
Oracle Network Cloud Service 2 VPN Dedicated
Compute Site-to-Site VPN IPSec Oracle Cloud
2 VPN
Corente Cloud Services Exchange
VPN Oracle Cloud
FastConnect FastConnect
5 | ORACLE CLOUD SERVICES SECURITY WHITE PAPER
Oracle Cloud Platform as a Service (PaaS) IT
(ISV) No.1
Oracle Cloud Software as a Service (SaaS)
Oracle Cloud PaaS Oracle Database Oracle Exadata Database Machine
Oracle WebLogic Server Oracle Java Cloud Service
Java EE
Oracle Cloud https://www.oracle.com/cloud
https://www.oracle.com/cloud
6 | ORACLE CLOUD SERVICES SECURITY WHITE PAPER
3.
Oracle Cloud
Oracle Database Oracle WebLogic Server
-
-
SSO
SSH
Oracle Cloud
7 | ORACLE CLOUD SERVICES SECURITY WHITE PAPER
Oracle Cloud Oracle Cloud Services
Oracle Compute Cloud Service Oracle Storage Cloud Service IaaS
Oracle Cloud Services
Oracle Compute Cloud Service
Oracle
Storage Cloud Service Oracle Storage Cloud Service
Oracle Database Cloud Service Oracle Java Cloud Service PaaS
Oracle Cloud Services
Oracle Database Cloud Service
Oracle Java Cloud Service
Oracle Java Cloud Service
Virtual Image
Oracle Cloud
Oracle Cloud
8 | ORACLE CLOUD SERVICES SECURITY WHITE PAPER
4. Oracle Cloud
Oracle Cloud SaaSPaaS IaaS
Oracle Cloud
1
4.1
2
24 365 ID
4.2 Oracle Cloud Services
VPNOracle
Cloud
9 | ORACLE CLOUD SERVICES SECURITY WHITE PAPER
4.3
4.4
(
/)
4.5
Oracle Cloud
Oracle Cloud
Oracle Cloud
4.6
Oracle Cloud DoS (DDoS)IP
(ACL)
IP
Oracle
Cloud
10 | ORACLE CLOUD SERVICES SECURITY WHITE PAPER
DDoS / DOS
3-7 1
Web
(7)
SYN cookie ICMP
(Internet Control Message Protocol) TCP
Oracle Cloud Services (NIDS)NIDS
(IPS)(IDS)
NIDS 24 365
4.7 Oracle Cloud Services
Transport Layer Security (TLS)Oracle Cloud Service
TLS 128
2048 TLS Oracle
Web TLS
Oracle Web
Oracle
(My Oracle Support)
11 | ORACLE CLOUD SERVICES SECURITY WHITE PAPER
Oracle CloudSSH
IPsec VPN
4.8
Oracle Cloud Oracle Cloud
4.9
24 365
Global Information Security (GIS)
GIS
4.10
Oracle Cloud
Oracle Cloud Services /
()
Global Desktop Strategy (GDS)/ Windows
Server Update Service (WSUS)/
GDS
WSUS
12 | ORACLE CLOUD SERVICES SECURITY WHITE PAPER
4.11
Oracle Security Oversight Committee (OSOC)
Global
Information Security (GIS)
GIS
GIS
4.12
4.13
4.14
Data Processing Agreement for Oracle Cloud Services (Data Processing Agreement)
Oracle Services Privacy Policy
Oracle ((PII))
Data Processing Agreement
13 | ORACLE CLOUD SERVICES SECURITY WHITE PAPER
Data Processing Agreement for Oracle Cloud Services
http://www.oracle.com/dataprocessingagreement
Oracle Services Privacy Policy
http://www.oracle.com/us/legal/privacy/services-privacy-policy-078833.html
4.15
Oracle Cloud Services
Oracle Cloud
Oracle Cloud Services
"AS-IS"
http://www.oracle.com/dataprocessingagreementhttp://www.oracle.com/us/legal/privacy/services-privacy-policy-078833.html
14 | ORACLE CLOUD SERVICES SECURITY WHITE PAPER
5.
Oracle Cloud PaaSIaaS Oracle Cloud
PaaS IaaS
Oracle
Cloud
5.1
Oracle CloudOracle Cloud 1
Oracle Cloud 1 1
Oracle Cloud
cookie
Oracle Cloud
Oracle Cloud
Oracle Cloud
Oracle Cloud
JavaDatabase Infrastructure as a Service (IaaS) 3
Oracle Cloud
Oracle Cloud
Oracle Cloud
Oracle Cloud
15 | ORACLE CLOUD SERVICES SECURITY WHITE PAPER
2
:
SFTP : SFTP (Secure FTP)
SFTP Oracle Cloud FTP
SFTP
2
: Oracle Cloud
: Oracle Cloud
Oracle Cloud
:
1 Oracle Cloud
(UI) Oracle
Cloud 1
:
""
: ""
16 | ORACLE CLOUD SERVICES SECURITY WHITE PAPER
5.2
UI Oracle Cloud
5.3 SAML 2.0
ID Oracle
Cloud (SSO)SSO 1
Oracle
Cloud Security Assertion Markup Language (SAML) 2.0
SSO
Active Directory Oracle Unified Directory
SSO
SSO SAML 2.0
Oracle Cloud LDAP
Oracle Cloud
LDAP
5.4
: 1
Oracle Cloud
Oracle Cloud
:
17 | ORACLE CLOUD SERVICES SECURITY WHITE PAPER
(SIM) LDAP
Oracle CloudOracle Cloud
Oracle Cloud Single Sign-On
SAMLSAML
Oracle Cloud Single Sign-On
SAML
5.5
Oracle Cloud Oracle Cloud
Oracle Cloud Web
Oracle Cloud
Oracle Cloud
http://www.oracle.com/webfolder/technetwork/tutorials/obe/cloud/sharedidm/doc/Identity_Concepts.pdf
18 | ORACLE CLOUD SERVICES SECURITY WHITE PAPER
6.
Oracle Compute Cloud ServiceOracle Storage Cloud ServiceOracle Network
Cloud ServiceOracle Database Cloud Service Oracle Java Cloud Service
6.1 Oracle Compute Cloud Service
Oracle Compute Cloud Service Oracle Cloud
Oracle Compute Cloud Service
Oracle Compute Cloud Service
API
SSH
Oracle Compute Cloud Service
Intel VT-x AMD-V
CPU
CPU
CPU
OS
Elastic Compute
19 | ORACLE CLOUD SERVICES SECURITY WHITE PAPER
Dedicated Compute
Elastic Compute Dedicated Compute
IOCPU Dedicated Compute
Elastic Compute
Elastic ComputeAPI
SSH
Oracle Linux
SSH
OS
Oracle Linux
SSH
SSH Oracle Linux
Oracle Linux
SSH opc
Oracle Linux
1 SSH SSH
SSH
SSH
SSH
20 | ORACLE CLOUD SERVICES SECURITY WHITE PAPER
Oracle Compute Cloud Service
Oracle Compute Cloud Service
(
)
Oracle Compute Cloud Service
IP ()
(SSH
HTTPSSNMP-TCP ) ( IP
) 22 SSH
Web SSH
SSH DefaultPublicSSHAccess
SSH
SSH
SSH
-a -a
-b
-a -b
HTTPS
21 | ORACLE CLOUD SERVICES SECURITY WHITE PAPER
-b -c
IP -a IP SSH
IP IP
IP
IP Oracle Cloud
API
Oracle Compute Cloud Service
REST (API)
22 | ORACLE CLOUD SERVICES SECURITY WHITE PAPER
Oracle Compute Cloud Service API()
30
cookie API API
cookie refresh_token
5
3
MyServices
(
)
Oracle Compute Cloud Service
TenantAdminGroup ():
MyServices
Service-instance-name.Compute_Operations ():
Oracle Compute Cloud Service
Oracle
Cloud MyServices
Compute_Operations 2
IT
Service-instance-name.Compute_Monitor:
Oracle Compute Cloud Service
Oracle Cloud MyServices
Oracle Compute Cloud Service 1GB 2TB
Oracle Compute Cloud Service 10
1 1
1
23 | ORACLE CLOUD SERVICES SECURITY WHITE PAPER
Oracle Cloud
Oracle Cloud
Oracle Shared Identity Management
(
) Oracle Compute Cloud Service
:
Compute_Operations
