ScaleArc

Traffic Aggregation and Control

Create policy to control and monitor database access more granularly.

Because ScaleArc is a complete database proxy / Layer 7 routing engine with support for database authentication offload (ScaleArc can authenticate a database connection before sending any traffic to the database servers), you can use it to create a database architecture that allows for extremely granular, application-specific, secure access to the databases.

ScaleArc can represent the same database cluster as many different virtual endpoints.

  • Can have its own IP address / DNS Name and TCP Port
  • Can be assigned to a separate network interface / VLAN
  • Can have its own set of IP and SQL query firewall policies, connection limits, and a restricted set of usernames that can access it.
  • The database servers themselves can also be placed in their own private network, with ScaleArc acting as a bridge between all applications and clients and their respective databases.

These constructs let you create a significantly tighter database access policy that allows you to define different applications and teams as their own individual database access endpoints, so you can control and monitor database access more granularly.

For example, you could create a single highly available “Logistics” database cluster and create two separate virtual endpoints for this cluster. One endpoint could support your own internal applications and provide access only from within your internal network. It could allow any username to connect to the database for any database access with a connection limit of 50,000 connections to accommodate for any and all workload you may have. You could use the second endpoint to support an external supplier who needs access to the same database. That supplier could connect via a bridged VPN network, which allows only a specific read-only user to authenticate and access the database limits the maximum connections to no more than 10, and doesn’t allow queries that use the “SELECT *” query method to prevent easy access to full table dumps.

This level of control and isolation of workload, users, and applications not only lets you monitor and audit access very accurately but also lets you very quickly shut down access for specific endpoints or access groups in case of a breach. It also ensures no one within your organization can ever access the database through a direct administrative client connection without an audit trail.