Wednesday, October 5, 2011

The new MySQL Enterprise Backup 3.6.1 release

This maintenance release allow MySQL Enterprise Backup to leverage the new authentication feature of the commercial MySQL 5.5.16 server release. MySQL Enterprise Backup 3.6.1 allows the backup user to be authenticated by an external authentication method supported by the MySQL Server.

We have also fixed the following issues:
  • If the user has given a wrong combination of options or misspelled an option, MySQL Enterprise Backup now prints a message to allow the users to diagnose the issue.
  • Behavior of the incremental backup feature when used with the --only-innodb option has been corrected. If there are DDL changes between the previous backup and a new incremental backup, it is now ensured that all such DDL changes are correctly reflected when the incremental backup is restored.
  • This release also addresses the cleanup of empty temporary files that were left behind after backup.
  • The message “mysqlbackup completed OK!” is printed for each successful “copy-back” and “apply-log” operation.
For further details, please refer the the change log in the MySQL Enterprise Backup documentation.

MySQL Enterprise Backup 3.6.1 is now available for download on the My Oracle Support (MOS) website.

This text was written by Sanjay Manwani, MySQL Enterprise Backup Team.

If you are at Oracle Open World, we give two talks about backup for MySQL today: Data Protection and Recovery for MySQL and MySQL Enterprise Backup. You are very welcome to attend!

Monday, October 3, 2011

MySQL Oracle Open World talks

Some suggestions for MySQL sessions at Oracle Open World 2011.

Tomas Ulin will give the MySQL keynote today:
  • MySQL Executive Keynote: The state of the dolphin, Monday 12:30pm
Luis Soares, Sanjay Manwani, Chuck Bell and myself will give the following talks:
  • Introduction to MySQL Replication, Monday 2:00pm
    A walk-through of how MySQL Replication works and what you can do with it.  An introduction if you don't know it, and a summary of possible use cases for those of you that are already familiar with the technology.
  • Advanced MySQL Replication Architectures, Tuesday 10:15am
    Directed for the more advanced users, in this talk we go through not only the traditional but also more complex scenarious, e.g. hierarchical replication and replicating from multiple master servers into a slave server.
  • Data Protection and Recovery for MySQL, Wednesday 1:00pm
    Describes different ways to do protect your data, logical backups using mysqldump, snapshot backups, and MySQL Enterprise Backup to do backup and restore. Benefits of the different technologies and when to use what.
  • MySQL Enterprise Backup, Wednesday 5:00pm
    An introduction to the MySQL Enterprise backup tool, what you can do with it and its integration with media managers, such as Oracle Secure Backup. How to create full, incremental, and partial backups.
  • Cloud Computing Solutions for MySQL, Thursday 1:30pm
    How to use MySQL in the cloud with use cases. Describes benefits and risks. Improvements in MySQL 5.6 for InnoDB and MySQL Replication to improve the use of MySQL in the cloud.
(Please double check the time of the talks, since schedule may change.)

Windows Native Authentication for MySQL

Starting with MySQL 5.5.16 it is possible to setup password-less connections from clients into the MySQL server using the Windows SSPI authentication framework.

This functionality is provided by the Windows Native Authentication (WNA) plugin distributed with the commercial version of 5.5.16 server. The client-side support for WNA authentication is built into the client library (libmysql) distributed with the community version of 5.5.16 server and requires no additional configuration. Clients which link to 5.5.16 or higher version of libmysql will be able to connect to MySQL accounts using WNA authentication out-of-the-box.

For password-less connections to work, the server's administrator must install the WNA plugin in the server and create user accounts which use this plugin for authentication. It is also possible to allow connections to existing MySQL accounts via a proxy WNA account. With this setup Windows clients can password-less connect to the proxy account, and then proxy configuration selects the final MySQL account based on client's Windows credentials (user name or group membership). Detailed instructions on how to install the WNA plugin and setup and configure WNA accounts are given in the documentation.

Internally, the WNA plugin uses Windows SSPI API to create a shared security context between client and server, which allows server to read client's credentials. For this to work, obviously both client and server must run on a Windows machine. Additionally, both computers must be registered inside a Windows domain (in which case Windows internally uses Kerberos authentication). If this is not the case then password-less connections are still possible but only from the same computer on which server is running (in which case NTLM authentication is used).

Note that whether native Windows authentication is used or not entirely depends on the MySQL account to which a client tries to connect. If that account is configured by DBA to authenticate using WNA plugin, then this is the only option for that account - a client can connect to it only if the client supports WNA and is run by an authorized Windows user. It can not fall-back to the standard MySQL password authentication, as well as it can not request native Windows authentication when connecting to a non-WNA account.

At the moment, client support for WNA plugin is implemented mainly in the libmysql client library which is shipped with MySQL 5.5.16 (the community version). This support is built into the library and does not require any additional configuration. If your client uses this version of libmysql for connecting to the server it should be able to connect to WNA accounts.

Note that if the client is using a connector library like Connector/C++ and that library links to libmysql dynamically, then configuring the dynamic linker to use version 5.5.16 or later of libmysql will enable WNA support in your client application. If, however, the client uses libmysql based connector which is statically linked to an older version of the library (as is the case with Connector/ODBC), then it will not work with WNA plugin.

Some connectors do not use libmysql but have their own implementation of the MySQL client-server protocol (for example Connector/Java). These connectors will require changes in their implementation of the protocol to support WNA plugin.

Here is a summary of which MySQL connector products support WNA plugin at the moment:
  • Libmysql 5.5.16: Yes
  • Connector/NET 6.4.4: Yes
  • Connector/C++ 1.1.0: Yes, although not in statically linked version
  • Connector/ODBC 3.51.28 & 5.1.8: No, but watch for coming releases
  • Connector/Java 5.1.17: No, will not happen very soon
  • Connector/PHP 5.3: No, currently no plans to support WNA in PHP
This text was written by Rafal Somla, MySQL Connectors Team.