Sandboxes: How they are implemented and why they are useful

The principle of a sandbox is quite simple: like the sandbox for children, the technological equivalent is an environment for trying things out. Since the test environment is not connected to other operational systems, actions do not have real consequences. This can be advantageous for various operational scenarios.

Sandboxes – Why?

There are many scenarios where sandbox environments of a database or adjacent systems can be useful. For example, you may want to set up a lab environment for prototyping, or train your staff. Of course, this should not happen directly on the productive environment, where errors have real effects, but on its best possible imitation – the sandbox.

What if, for instance, a bank wanted to establish central authentication and authorisation of database users?

Example: authentication and authorisation of database users

Recently, we supported a large bank in exactly this undertaking. In this project, the integration of different infrastructure components such as Oracle database, MS Active Directory and Kerberos authentication, but also Oracle tools such as Oracle Enterprise Manager Cloud Control was crucial. To integrate these different components correctly is not easy. Especially when mission-critical systems such as MS Active Directory are involved. Setting up a sandbox environment allowed us to carry out various tasks without disrupting productive operations. In this case, this included the following activities:

• Verification of the concept for central authentication of Oracle database accounts
• Verification and testing of the migration process
• Development of scripts and tools for administration and operation
• Troubleshooting of the configuration, especially of the different components
• Verification of operating procedures
• Training of the administration
• Proof of concept of the whole concept
  
  

Thanks to the sandbox, we were able to test these processes without any disruptions to normal operations. Apart from such operational trials, sandboxes are also advantageous for other areas in a company.

Example: training

Let's take the example of staff training: In this scenario, it is especially important that the participants are "exposed" to the real system, but can try out things without fear of breaking something.

We use sandbox environments for our recurring Oracle training courses, for example. The topics we cover are database security and the applications Oracle Unified Directory, MS Active Directory and, if necessary, Oracle Enterprise Manager Cloud Control. These cannot simply be tried out in a productive environment. With the help of a sandbox environment, employees can learn relatively easily in the form of training to test specific procedures and configurations before they execute them in practice. These include the following:

• Verification of a database security concept
• Operational procedures, e.g. central user administration, security configurations
• Troubleshooting and analysis of integration problems, e.g.: Why does Kerberos authentication not work with DB?
• Testing of new DB features for future extensions of a security concept, e.g. encryption with Transparent Data Encyrption (TDE), protection against admin access with Oracle Database Vault
• Testing the integration of different infrastructure components, e.g. DB Server with MS Active Directory with and without Oracle Unified Directory.
  
  

The following graphic shows an example of a sandbox environment in the Oracle Cloud infrastructure. The LAB user accesses his sandbox systems, which run in a protected private network, from anywhere via Bastion Host. Access can take place via SSH, Guacamole Remote Desktop Console or VPN.

For training, however, it is not only important that employees can try out procedures without danger. It is also essential ...

• ... to depict the live environments in their full complexity, and
• ... to be able to fill them with real data.
• ... to have response times comparable to the real system.
• ... to provide full remote access from any location.
  
  

To ensure these benefits, a multi-vendor sandbox is necessary.

Self-contained vs. multi-vendor sandbox environments

Many training solution vendors focus on a single vendor environment or a specific topic. This limits the possibilities that these training solutions offer. For example, a combination of Bastion Host, Oracle Database Server, Windows Active Directory and a Unified Directory Server is not readily possible due to vendor limitations. In addition, this empty system environment does not fill itself – especially for onboardings and periodic training, cross-vendor training content must be created. Finally, full remote access to test and training environments fails in many cases due to IT security.

In fact, however, there are now sandbox environments that go beyond individual vendor environments and can thus easily integrate different IT environments, infrastructures and software. In this way, they capture the entire complexity of a live system, which in reality almost always combines different vendors and software.

Thus, a multi-vendor sandbox provides the opportunity for trial and error while being complex, secure and accessible from anywhere.

Conclusion

Sandbox environments offer advantages for different scenarios that all have something in common: You should be able to try something out safely without it having any impact on the real system, just like in a sandbox.

Besides testing delicate operations, this is also ideal for training courses because the participants can then experiment with functions themselves. Cross-manufacturer sandboxes are particularly interesting: they represent the live environments in their full complexity and can be filled with real data. They enable response times comparable to those in the real system and full remote access from any location.