Proactive monitoring and logging in a cloud environment is very important and in many cases helps mitigate attacks originating from security loopholes and vulnerabilities. Whether for compliance reporting or incident response, monitoring and auditing is a critical function for the cloud provider, and tenant organizations must enforce a well-defined logging and auditing policy to gain increased visibility into their hosting environment. The degree to which monitoring and auditing is employed is often based upon the risk or criticality of the environment being protected.
The SuperCluster cloud architecture relies on the use of the Oracle Solaris audit subsystem to collect, store, and process audit event information. Each tenant-specific non-global zone will generate audit records that are stored locally to each of the SuperCluster dedicated domains (global zone). This approach will ensure that individual tenants are not able to alter their auditing policies, configurations, or recorded data, because that responsibility belongs to the cloud service provider. The Oracle Solaris auditing functionality monitors all administrative actions, command invocations, and even individual kernel-level system calls in both tenant zones and domains. This facility is highly configurable, offering global, per-zone, and even per-user auditing policies. When configured to use tenant zones, audit records for each zone can be stored in the global zone to protect them from tampering. Dedicated domains and I/O domains also leverage the native Oracle Solaris auditing facility to record actions and events associated with virtualization events and domain administration.
The Python programming language is used to create SuperCluster-specific utilities such as the SuperCluster Virtual Assistant. The SuperCluster 2020 Q2 Quarterly Patch Update provides utilities that are based on Python 3. Prior to the 2020 Q2 update, the utilities were developed using Python 2. To determine your SuperCluster software version, see Determine the SuperCluster Software Version.
Exadata Storage Servers and ZFS storage appliance support login, hardware, and configuration auditing. This enables organizations to determine who accessed a device and what actions were taken. While not directly exposed to the end user, Oracle Solaris auditing provides the underlying content for information presented by ZFS storage appliance.
Similarly, the Exadata Storage Server audit is a rich collection of system events that can be used along with hardware and configuration alert information provided by Exadata Storage Server Software. With the IP Filter capability of Oracle Solaris, the cloud provider can selectively record both inbound and outbound network communications, and the capability can be applied at the level of both the domain and non-global zone. This helps organizations segment their network policies and verify activity records. Optionally, the Oracle Audit Vault and Database Firewall appliance can be deployed to securely aggregate and analyze audit information from a variety of Oracle and non-Oracle databases as well as audit information from Oracle Solaris.
Through integration with Oracle Enterprise Manager, SuperCluster is able to support a variety of cloud self-service operations. Cloud providers can define pools of resources, assign pools and quota to individual tenants, identify and publish service catalogs, and ultimately support the monitoring and logging of application and database resources.