Archive for April, 2016

Evolution of Masking Vendors

April 25th, 2016

Screen Shot 2016-04-22 at 12.47.52 PM

Masking with Delphix (where duplicate blocks are shared making a new copy almost free storage wise and almost instantaneous) has 4 big advantages

  1. Instant data, no copying
  2. Ease of Use
  3. Consistent across data centers and databases vendors
  4. Master/Slave

Virtual Data Masking

Delphix masking and virtualization is the most advanced solution in the market place, because Delphix doesn’t provision data. Instead of provisioning data, Delphix sets up pointers back to existing data for a new clone. When that new clone tries to modify data, the existing data stays unchanged, and the changed data is stored elsewhere and only visible to the clone that made the change. This allows Delphix to mask once and provision many masked copies in minutes for almost no storage.

  • Some tools requires to subset data. Imagine writing code to subset data from a medium size (5000 objects) custom database, and maintain it.
  • Some tools requires 1.5X disk in the target, because it creates temp tables to copy and mask data.
  • Whereas, Delphix masks in memory, no need for disk, and virtualizes the data.


Ease of use saves money

Largest cost in data masking is the personnel to develop and maintain masking code.

Most tools require significant programming skills and dedicated administrators.

    • Users with no programming background can use the product in 4 hours.
    • Web based interface with profiling integrated to masking: You can profile and start masking in minutes without any programming knowledge.

Mask data consistently

Delphix masks data consistently across different type of data sources, across different data centers automatically

Some tools either masked different data sources differently breaking referential integrity or they require the user to manually maintain relationships across all attributes and across all data sources using the ‘Translation Matrix’.  Other tools based on specific databases require the user to import data into that proprietary database in order to mask it and then the data needs to be copied back out of the proprietary database into the location it is used.

    • The module which identifies sensitive data (Profiler), also assigns the masking algorithms, so no need to manually define relationships.
    • Delphix masking algorithms are deterministic, so based on the input we create a consistent output, regardless of the data source
    • Delphix architecture separates transformation from a data source

Master/Slave configuration

Delphix provides a central interface to configure/manage users, metadata and algorithms, and execute masking in a consistent and distributed manner for each department, entity, or data center. Without this, each entity would have masked data differently, and aggregation of data would be useless.

Screen Shot 2016-03-07 at 5.21.34 PM

Next Steps

Pete Finnigan recently did a paper reviewing of Delphix and data masking where he points out some of the challenges to masking and solutions.

Pete goes into ways of securing the source database such that the cloned copy benefits from the security in the source. Pete also shares some of the top reasons he has heard at customer sites for why people don’t mask even though they want to.

The top 5 reasons people don’t mask when they should

  1. Fear of not locating all data to mask
  2. Referential integrity
  3. Data distribution
  4. Testing may not be valid with masked data
  5. Time, cost and skills needed

Pete has done a second paper on specifically how to secure data in non production areas. We will be publishing this paper soon.

Pete’s first paper with Delphix on masking is available here.



Delphix replication and push button cloud migration

April 22nd, 2016

Someone just asked on the Delphix Forums whether they could test Delphix replication with the free version of Delphix called Delphix Express.

I’d never tried, so I sat down to try and was amazed at how easy it was.

One of the coolest things about Delphix replication is that it makes it super easy to migrate to the cloud and also to fall back to in house if need be.  For cloud migration, I just set up a Delphix engine in house and one in a cloud, for example Amazon EC2. Then I just give the in house engine the  credentials to replicate to the engine in the cloud. The replication can been compressed and encrypted. The replication is active/active so I can use either or both engines.  (stay tuned for a Delphix Express .ami file that we plan to release. Currently Delphix enterprise is supplied as an ami for AWS/EC2 but not Delphix Express though you could use the .ova to set up Delphix Express in AWS/EC2)


I created two Delphix Express installations.

On one engine, the source engine, (  I linked to an Oracle database on Solaris Sparc called “yesky”.

On that same engine I went to the menu “system” and chose “replication”

Screen Shot 2016-04-22 at 12.28.25 PM


That brought me to the configuration page

Screen Shot 2016-04-22 at 12.22.46 PM

where I filled out

  1. Replica Profile name – any name
  2. Description – any description
  3. Target Engine – in my case I used the IP address of the engine to receive the replicaiton
  4. User Name – login name to the target engine
  5. Password – password for the login to the target engine
  6. Enabled – check this to make replication run automatically on a schedule
  7. Every – set the schedule to every 15 minutes for my test

Then I clicked “Create Profile” in the bottom right.

And within a few minutes the replicated version was available on my replication target engine ( On the target I choose from the Databases pulldown menu “DelphixExpress” and there is my “yesky” source replicated from my source Delphix Express engine.

Screen Shot 2016-04-22 at 12.20.56 PM


Now I have two Delphix engines where engine 1 is replicating to engine 2. Both engines are active active so I can use the second engine for other work and/or actually cloning the Oracle datasource replicated from engine 1 (“yesky”).

Next Steps

Try it out  yourself with our free version of Delphix called Delphix Express.



Collaborate 2016 Oaktable World Sessions

April 12th, 2016

Oaktable World Las Vegas is happening at Collaborate 2016! Many thanks to Tim Gorman, Alex Gorbachev and Mark Farnham for organizing!
Free Oaktable World t-shirts available at Delphix booth 1613 on Tuesday and at the Oaktable World talks on Wednesday. Also available at the Delphix booth is free copies of Mike Swing’s “the little r12.2.5 upgrade essentials for managers and tema members”. Mike will be doing Q&A at the Delphix booth Tuesday 1:15-2:00 and book signing on Wednesday 2:00- 2:45.

Oaktable World all day Wednesday 9:15-6:15 Mandalay Bay Ballroom I


Time Session Type Presenter Name Proposed Topic
09:15 – 10:15 60 mins Alex Gorbachev Back of a Napkin Guide to Oracle Database in the Cloud
10:30 – 11:30 “Re-Energize” session no OTW session
11:45 – 11:55 10 mins Alex Gorbachev Internet of Things 101
12:00 – 12:10 10 mins Tim Gorman How Oracle Data Recovery Mechanisms Complicate Data Security, and What To Do About It
12:15 – 12:25 10 mins
12:30 – 12:40 10 mins Kyle Hailey Challenges and solutions masking data
12:45 – 12:55 10 mins Dan Norris Tools used for security and compliance on Linux
13:00 – 14:00 Oracle keynote no OTW session
14:00 – 15:00 60 mins Kellyn Pot’Vin-Gorman Performance Feature Enhancements in Enterprise Manager 13c wtih DB12c
15:00 – 16:00 60 mins Dan Norris IPv6: What You Need to Know (with Linux & Exadata references)
17:15 – 18:15 60 mins Kyle Hailey Data for DevOps

All talks in Mandalay Bay Ballroom I