7.1.1 Exadata Secure RDMA Fabric Isolation
Exadata Secure RDMA Fabric Isolation enables strict network isolation for virtual machine (VM) clusters on Oracle Exadata systems that use RDMA over Converged Ethernet (RoCE).
Secure Fabric provides critical infrastructure for secure consolidation of multiple tenants on Oracle Exadata, where each tenant resides in a dedicated VM cluster. Using this feature ensures that:
- Database servers in separate clusters cannot communicate with each other. They are completely isolated from each other on the network.
- Database servers in multiple clusters can share all of the storage server resources. However, even though the different clusters share the same storage network, no cross-cluster network traffic is possible.
Exadata Secure RDMA Fabric Isolation uses RoCE VLANs to ensure that network packets from one VM cluster cannot be seen by another VM cluster. VLAN tag enforcement is done at the KVM host level, which means that security cannot be bypassed by any software exploits or misconfiguration on the database server VMs.
See Using Exadata Secure RDMA Fabric Isolation.
Minimum requirements:
- Oracle Exadata System Software release 20.1.0
- Oracle Exadata X8M-2
- Deployment must contain VM clusters using Oracle Linux KVM
- Oracle Grid Infrastructure:
- 19.6.0.0.200114 with patches
- 18.8.0.0.191015 with patches
- 12.2.0.1.191015 with patches
- 12.1.0.2.190716 with patches
- Oracle Database:
- 19.6.0.0.200114 with patches
- 18.8.0.0.191015 with patches
- 12.2.0.1.191015 with patches
- 12.1.0.2.180831
- 11.2.0.4.180717
Refer to My Oracle Support Doc ID 888828.1 for details about the required patches.