Encryption on Azure

What is encryption?

Encryption is the process of making data unreadable and unusable to unauthorized viewers. To use or read the encrypted data, it must be decrypted, which requires the use of a secret key. 

There are two different type :-

  • Symmetric encryption :– Which mean you will use same key  to encrypt and decrypt the data
  • Asymmetric encryption :– Which mean you will use different key , for example Private and public key.

both of these two type having two different ways :-

  • Encryption at rest which mean data stored in a database, or data stored in a storage account.
  • Encryption in transit which means  data actively moving from one location to another.

So, there are different type of Encryption provided by Azure:-

  • Encrypt raw storage
    • Azure Storage Service Encryption :-  encrypts your data before persisting it to Azure Managed Disks, Azure Blob storage, Azure Files, or Azure Queue storage, and decrypts the data before retrieval.
    • Encrypt virtual machine disks low-level encryption protection for data written to physical disk
  • Azure Disk Encryption : this method helps you to encruypt the actually windows or Linux disk, the best way to do this is h Azure Key Vault.
  • Encrypt databases
    • Transparent data encryption :- helps protect Azure SQL Database and Azure Data Warehouse against the threat of malicious activity. It performs real-time encryption and decryption of the database.

The best way to do this which is Azure Key Vault,  cloud service for storing your application secrets. Key Vault helps you control your applications’ secrets by keeping them in a single, why should i use it :-

  • Centralizing the solutions.
  • Securely stored secrets and keys.
  • Monitor access and use.
  • Simplified administration of application secrets.

There are also two different kind of certificate in Azure which will helps you to encrypt for example the website or application, you need to know that Certificates used in Azure are x.509 v3 and can be signed by a trusted certificate authority, or they can be self-signed.

Types of certificates

  • Service certificates are used for cloud services
  • Management certificates are used for authenticating with the management API

Service certificates

which is attached to cloud services and enable secure communication to and from the service. For example, if you deploy a web site, you would want to supply a certificate that can authenticate an exposed HTTPS endpoint. Service certificates, which are defined in your service definition, are automatically deployed to the VM that is running an instance of your role.

Management certificates

allow you to authenticate with the classic deployment model. Many programs and tools (such as Visual Studio or the Azure SDK) use these certificates to automate configuration and deployment of various Azure services. However, these types of certificates are not related to cloud services.

Be noted that you can use Azure Key Vault to store your certificates.



Use "sudo" Command without password Prompt

Sometimes you need to run Linux command without password prompt using sudo command.

to learn more about this command read the link here.

For Example i need to run the following command without password prompt, However there are three sudo commands I want to run without entering password:

  • sudo reboot
  • sudo shutdown -r now
  • sudo shutdown -P now
to do this follow the below steps :-
  • edit the following /etc/sudoers file.
  • you find the following lines depend on the username and hostname for the server.

user host = (root) NOPASSWD: /sbin/shutdown
user host = (root) NOPASSWD: /sbin/reboot

This will allow the user user to run the desired commands on host without entering a password. All other sudoed commands will still require a password.


  • Always use the command visudo to edit the sudoers file to make sure you do not lock yourself out of the system for example 

sudo visudo -f /etc/sudoers.d/shutdown

  • Using /etc/sudoers.d instead of modifying /etc/sudoers, you could add the two lines to a new file in /etc/sudoers.d for example  /etc/sudoers.d/shutdown.
  • If you did not use visudo to edit your files and then accidentally messed up /etc/sudoers or messed up a file in /etc/sudoers.d then you will be locked out of sudo.to fix it use command pkexec.
Osama Mustafa

ORA-47401: Realm violation for CREATE TABLE on SYSTEM.SYS_EXPORT_SCHEMA_07

When trying to export any user using system the below error appeared

Connected to: Oracle Database 11g Enterprise Edition Release – 64bit Production
With the Partitioning, Real Application Clusters, Automatic Storage Management, Oracle Label Security,
OLAP, Data Mining, Oracle Database Vault and Real Application Testing optio
ORA-31626: job does not exist
ORA-31633: unable to create master table “SYSTEM.SYS_EXPORT_SCHEMA_07”
ORA-06512: at “SYS.DBMS_SYS_ERROR”, line 95
ORA-06512: at “SYS.KUPV$FT”, line 1020
ORA-47401: Realm violation for CREATE TABLE on SYSTEM.SYS_EXPORT_SCHEMA_07

The above error related because the system user is not allow to access data Dictionary files.

Run the below command
realm_name => ‘Oracle Data Dictionary’,
grantee => ‘SYSTEM’);
PL/SQL procedure successfully completed.

Or you can use the GUI in Database vault and under Data Dictionray realms add the system user as participant.

Thank you  

Configure DBConsole as Active/passive

Sometimes Database Configured as Active/Passive ( Cluster ) Which mean one node working/time and regarding to this if the failover happened on 2nd node the customer will expected that everything will be the same as it was on node 1 include to this Dbconsole.

To do this follow the below steps :-

  • Database should be configured on VIP.
  • Listener should be configured on VIP.
  • Database , Configuration should be installed on Shared Storage
  • inventory Files should be on shared storage as well.
  • ORACLE_HOSTNAME Should be set to VIP Hostname.
Listener example :-


Don’t forget to set the LOCAL_LISTENER Parameter :-

SQL> alter system set local_listener=’LISTENER’;


SQL> alter system set local_listener='(ADDRESS = (PROTOCOL = TCP)(HOST = VIP-HOST )(PORT = 1521)) ‘;


emca -config dbcontrol db -repos create

Test the failover on node #2

if for some reason when you try to start emctl and the error still asking for oc4j then export ORACLE_HOSTNAME is bash_profile.

It should work


Error in invoking target ‘rat_on part_on dm_on olap_on sdo_on’

Today while i was browsing on Oracle Fourms i found Threads related to 11gR2 Installation , the OP faced an error like the below :-

The above error related to Space On Temp File system all you have to do make sure that there is enough space on temp ( tmp ) or use the below command :-

export TMP=/u01/Foldername
export TMPDIR=/u01/Foldername

Try again now

Osama ..  

Share Folder as File System From Windows to Linux

in this post i will show you how to share folder from windows to Linux , you can use smb but in this post i will use it in command line.

Option #1:

By Press ( ALT+F2 ) the new dialog will be opened just type in the box the below :

smb://windows-server-ip/shared folder 

Option #2: 
Using command line.
  • mkdir /windows-backup
  • as root user
  • mount -t cifs //windowsip/sharefolder -o username=administrator,password=administratorpassword /windows-backup.
  • run df -h to make sure the folder has been mounted.
Note :
If you are using RHEL 4 the above command will not work, check the below

mount -t smbfs -o username=administrator,password=administratorpassword //windowsip/backup /windwos-backup

Thank you
Osama mustafa

Reference :
1- cyberciti Here

Oracle ACE

I am writing this topic while i don’t know what should i write, So happy To Join The Most Amazing Community In the World, Oracle ACE world , Today I join this Amazing Community and i would take this opportunity and thanks my family and friends , and how can i forgot the people who motivate me and show me how this world and community is amazing Kamran, Hans,Kai,  Gokhan , Eddie, Aman and lot of others guys.

Oracle is my world, this is what i love i will love it to the end .

Thank you Guys again

Osama Mustafa