Oracle Solutions on AWS : May 2014

8,912 views

Published on

An overview of running Oracle Database, Fusion Middleware and Oracle Applications on AWS. Covers licensing, pricing, support, security, networking, Amazon VPC, Amazon EC2, Amazon EBS, use cases, and customer successes.

Published in: Technology, Business
0 Comments
34 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
8,912
On SlideShare
0
From Embeds
0
Number of Embeds
48
Actions
Shares
0
Downloads
0
Comments
0
Likes
34
Embeds 0
No embeds

No notes for slide
  • Speaker Notes:[Type your notes here]
  • AWS started support for Oracle Virtual Manager (OVM) in 2010. OVM is the only hypervisor other than AWS Xen that AWS supports. With support for OVM, all Oracle products from the Database to the application server (WebLogic and SOA Suite) to the business applications PeopleSoft, E-Business Suite, Seibel and others, become fully supported by Oracle on AWS. In May 2011 Oracle on the Amazon Relational Database Service (RDS) was introduced before Microsoft SQL Server and after Oracle MySQL which was introduced October 2009. As it become apparent that enterprises were moving production workloads to AWS, AWS released the first set of Oracle on AWS test drives in 2012. These test drives were created by AWS Oracle System Integrator partners. By the end of 2012, there were 23 Oracle test drives from OSB, Oracle Standby Database, Oracle APEX, Oracle Business Intelligence Suite (OBIEE), PeopleSoft, E-Business Suite and more. The test drives were an opportunity for customers to try the Oracle products on AWS before they bought anything. Try before you buy!2013 is the year of repeatable solutions! This includes new Amazon Machine Images (AMIs) with the latest Oracle Linux operating systems and products on them, reference configurations which include white papers, CloudFormation scripts, and associated best practices, white papers, and additional test drives labs including those for WebLogic.
  • Microsoft “License Mobility through Software Assurance” program provides qualifying Microsoft Volume Licensing customers with the flexibility to deploy Windows server based applications in the AWS cloud.AWS provides Windows Server, SQL Server on AWS todayAmazon Machine Images (AMIs) jointly developed by Microsoft and AWSSharePoint Server, Exchange and other Microsoft server products can be licensed to run on AWSGeneral info on AWS and License Mobility for a variety of MS server products: http://aws.amazon.com/windows/mslicensemobility/server products: http://aws.amazon.com/windows/mslicensemobility/Detail on AWS and License Mobility with SQL Server: http://aws.amazon.com/windows/mslicensemobility/sql/
  • Without getting into the industry debate about public vs. private cloud it’s clear that most cloud benefits cannot be realized with on-premise virtualization technologies. In the on-premise virtualization model, you often have to buy expensive hardware and software which virtually eliminates the cost benefits of cloud computing. Although on-premise virtualization allows you to quickly provision new servers, your ability to scale up is limited to your physical infrastructure. You still need to buy physical servers to grow. If you want to scale down you won’t see significant cost-savings as you already paid for the hardware. These limitations of the on-premise virtualization model impact your ability to innovate fast and free up money to invest in new projects.
  • on Slide 14, under encryption we can split encryption at rest by usingo   Oracle Transparent data encryption at database and store keys in CloudHSMo   OS level encryption by using tools like trucrypt or third party encryption tools like SafeNet
  • Without getting into the industry debate about public vs. private cloud it’s clear that most cloud benefits cannot be realized with on-premise virtualization technologies. In the on-premise virtualization model, you often have to buy expensive hardware and software which virtually eliminates the cost benefits of cloud computing. Although on-premise virtualization allows you to quickly provision new servers, your ability to scale up is limited to your physical infrastructure. You still need to buy physical servers to grow. If you want to scale down you won’t see significant cost-savings as you already paid for the hardware. These limitations of the on-premise virtualization model impact your ability to innovate fast and free up money to invest in new projects.
  • Oracle ASM disk groups provide three types of redundancy: normal, high, and external. With normal and high redundancy, files are replicated within the disk group. With external redundancy, ASM does not provide any redundancy for the disk group. When creating setting up ASM for a group of volumes, we recommend using external redundancy since Amazon EBS volumes are already redundant within an availability zone.Oracle ASM best practices like having different disk groups for data and log files, work and recovery areas, also apply in Amazon EBS.Because this architecture is targeted at a medium-sized enterprise class database, we recommend using fewer than 10 total volumes. To provide a benefit, a provisioned IOPS volume must maintain an average queue length (rounded up to the nearest whole number) of 1 for every 200 provisioned IOPS per minute. If you set the queue length to less than 1 per 200 IOPS provisioned, your volume will not consistently deliver the IOPS that you've provisioned. Setting the queue length too far above the recommended setting won't affect the IOPS your volume delivers, however per-request latencies will increase. For a Provisioned IOPS volume of 500, the queue length average must be 3. If the average queue length is less than 3 for this volume, you aren't consistently sending enough I/O requests.Instance StoreZero network overhead; local, direct attached resource.No network variabilityNot optimized for random I/OGenerally better for sequential I/ORoot volume and data volume are lost on physical disk failure, stopping, or terminating of instanceIdeal for storing temporary data like buffers, caches, scratch data, and other temporary content, or for data that is replicated across a fleet of instances, such as a load-balanced pool of web servers.Maintain a number of pending I/O requests to get the most out of your Provisioned IOPS volume. The volumes must maintain an average queue length of 1 (rounded up to the nearest whole number) for every 200 provisioned IOPS in a minute Maintain a queue depth of 10 for a 2,000 Provisioned IOPS volumeMaintain a queue depth of 3 for a 500 Provisioned IOPS volumeExample: a 2000 Provisioned IOPS volume can handle:2000 16KB read/write per second, or 1000 32KB read/write per second, or 500 64KB read/write per second You will get consistent 32 MB/sec throughput (with 16KB or higher IOs)Perform an index creation action and sends I/O of 32K, IOPS becomes 1000, you still get 32MB/sec throughputOn best effort, you may get up to 40 MB/sec throughput fioLinux, WindowsFor benchmarking I/O performance. (Note that fio has a dependency on libaio-devel.)Oracle ORIONLinux, WindowsFor calibrating the I/O performance of storage systems to be used with Oracle databases.SQLIOWindowsFor calibrating the I/O performance of storage systems to be used with Microsoft SQL Server.We like ext3/4, but we love XFSHigh performance, consistentRobust and lots of options for tweaking/adjusting as neededOur favorite mount options: (your mileage may vary)inode64, noatime, nodiratime, attr2, nobarrier, logbufs=8, logbsize=256k, osyncisdsync, nobootwait, noautoYields great performance, reduces unnecessary writes, stableWe like ZFS a lot too, but we want to see more runtime on linux firstBut FreeBSD/ZFS would be a fine choiceHowever: test your workload!File systems behave differently under different workloadsAn EC2 instance comes with a certain amount of “local” storage, which is ephemeral. Any data placed on those devices will not be available after that instance is terminated by the customer, or if the underlying hardware fails which would cause an instance restart to happen on a different server. This characteristic makes instance storage ill-suited for database persistent storage. AWS offers a storage service called Amazon EBS (Elastic Block Storage), which provides persistent block-level storage volumes. Amazon EBS volumes are off-instance storage that persists independently from the life of an instance. Amazon EBS volumes are designed to be highly available and reliable. Amazon EBS volume data is replicated across multiple servers in an Availability Zone (datacenter) to prevent the loss of data from the failure of any  single component. For all these reasons, we recommend to use EBS for data files, log files and for the flash recovery area. Using ephemeral storage intelligently can boot performance. This can be used for many kind of temp files and regularly backup static files.For high I/O workloads, an alternative to Provisioned IOPS EBS volumes is to use High I/O instances, which contain SSD drives as internal storage and address the most demanding database workloads. The High I/O Quadruple Extra Large instance can provide up to 120,000 random read IOPS and 85,000 random write IOPS. The High Memory Cluster Eight Extra Large Instance offers 244 GB of memory in addition to 240 GB of local SSD storage. Note however that this SSD storage is internal to the instance and will be lost if the instance is stopped or if the underlying hardware fails. When using this type of storage for databases, you should make sure that you have a solid strategy to avoid loss of data, for example by frequently backing up your data to Amazon S3. In addition to storage performance, High I/O and High Memory Cluster Instances also have very high I/O performance via 10 Gigabit Ethernet, which allows for increased EBS performance.
  • Without getting into the industry debate about public vs. private cloud it’s clear that most cloud benefits cannot be realized with on-premise virtualization technologies. In the on-premise virtualization model, you often have to buy expensive hardware and software which virtually eliminates the cost benefits of cloud computing. Although on-premise virtualization allows you to quickly provision new servers, your ability to scale up is limited to your physical infrastructure. You still need to buy physical servers to grow. If you want to scale down you won’t see significant cost-savings as you already paid for the hardware. These limitations of the on-premise virtualization model impact your ability to innovate fast and free up money to invest in new projects.
  • 6. IDS : An intrusion detection system (IDS) is a device or software application that monitors network or system activities for malicious activities or policy violations and produces reports to a management station. Some systems may attempt to stop an intrusion attempt but this is neither required nor expected of a monitoring system.7. IPS : Intrusion prevention systems (IPS), also known as intrusion detection and prevention systems (IDPS), are network security appliances that monitor network and/or system activities for malicious activity. The main functions of intrusion prevention systems are to identify malicious activity, log information about this activity, attempt to block/stop it, and report it.   Intrusion prevention systems are considered extensions of intrusion detection systems because they both monitor network traffic and/or system activities for malicious activity.A host-based intrusion detection system (HIDS) is an intrusion detection system that monitors and analyzes the internals of a computing system, and in some cases the network packets on its network interfaces (just like an NIDS).  A host-based IDS monitors all or parts of the dynamic behavior and the state of a computer system. HIDS was first designed for the mainframe.  HIDS uses sensors (agents) located on each host.    These host-based agents, which are sometimes referred to as sensors (or agents), would typically be installed on a machine that is deemed to be susceptible to possible attacks. The term “host” refers to an individual computer/virtual host. This means that separate sensor would be needed for every machine/virtual host. Sensors/agents work by collecting data about events taking place on the system being monitored. This data is recorded by operating system in audit trails. Therefore, HIDS is very log intensive.Network-based intrusion detection systems offer a different approach. NIDS collects information from the network itself rather than from each separate host. They operate essentially based on a “wiretapping concept" (network taps).  Information is collected from the network traffic stream, as data travels on the network.  The intrusion detection system checks for attacks or irregular behavior by inspecting the contents and header information of all the packets moving across the network. The network sensors come equipped with “attack signatures” that are rules on what will constitute an attack, and most network-based systems allow advanced users to define their own signatures.  this method is also known as packet sniffing, and allows the sensor to identify hostile traffic.I still don't believe that we are injecting a 0/0 route, but I haven't personally tried setting up a no-BGP tunnel to an ASA, I will try and find one to test and reach out to the VPC team to ask.  On the HIPS/HIDS question, the typical FUD is around additional resources being used by the HIPS agent, aka Amazon wants you to run HIPS so you need to run more instances (and pay more $) because the IPS agent will use a bunch of resources.  In fact the HIPS solution we recommend, Trend Micro Deep Security, is really lightweight because it only loads the signatures that are required for that instance based on the software and OS that is running plus it has the advantage of being able to stop attacks as well as reducing false positives since the signature set is automatically tuned for that particular instance.  This is a huge benefit in my opinion because typical NIDS create a crapton of noise and thus typically no one ever looks the output, resulting in a lower security posture in many cases.  Also if they really want NIDS the Alert Logic Threat Manager product is also fairly lightweight, though it does impact network performance, and since few instances are really ever 100% network bound the additional bandwidth has a negligible impact.  CISCO ASA and SonicWall dedicated device for AWS VPC.   Configure VPN on AWS side it generates an ACL that tunnel is requesting needs to be 0.0.0.0/0 on both device then all traffic on that device will only go to AWS. BGP is available this is not an issue. Only an issue when using ASA (specific routes).Migrate R5 Demo ApplicationWhat is required to be Active/Active : How to use shopping cart session data (DynamoDB), AZ to AZ using ELB, Auto Scaling, Route 53. Database only running in one AZ.  How do they manage?·       How should specific application design be modified to utilize AWS such as shared data, shopping carts and content delivery (S3)
·       Requires Application architect resource to provide direction to the  THG development team to modify application code to be Active/Active 
  • Without getting into the industry debate about public vs. private cloud it’s clear that most cloud benefits cannot be realized with on-premise virtualization technologies. In the on-premise virtualization model, you often have to buy expensive hardware and software which virtually eliminates the cost benefits of cloud computing. Although on-premise virtualization allows you to quickly provision new servers, your ability to scale up is limited to your physical infrastructure. You still need to buy physical servers to grow. If you want to scale down you won’t see significant cost-savings as you already paid for the hardware. These limitations of the on-premise virtualization model impact your ability to innovate fast and free up money to invest in new projects.
  • Without getting into the industry debate about public vs. private cloud it’s clear that most cloud benefits cannot be realized with on-premise virtualization technologies. In the on-premise virtualization model, you often have to buy expensive hardware and software which virtually eliminates the cost benefits of cloud computing. Although on-premise virtualization allows you to quickly provision new servers, your ability to scale up is limited to your physical infrastructure. You still need to buy physical servers to grow. If you want to scale down you won’t see significant cost-savings as you already paid for the hardware. These limitations of the on-premise virtualization model impact your ability to innovate fast and free up money to invest in new projects.
  • Many architecture diagrams have all the latest and greatest services in them along with a fully scalable, available, loosely coupled, fault tolerant, and multi-tier design. In some cases, customers are moving a very basic implementation with 5 to 20 users. This is the case for the architecture shown above. It is an Oracle PeopleSoft implementation with minimal availability and DR requirements. It is a light weight and low cost solution for hosting PeopleSoft on AWS. The things that stand out about the architecture are: 1. No load balancing as there are only 5 concurrent online users. 2. No long term archiving as there are no regularity compliance needs. 3. No auto scaling for application tier as the application server can be recovered manually using the Amazon EC2 instance snapshots. 4. No automatic HA/multi-AZ for database tier as RDS backups can be used to recover the Oracle database. 5. No session recover as there are limited online transactions and the users can resubmit a failed session.PeopleSoft is hosted on an Amazon EC2 Instance. This is an Amazon Elastic Block Storage (EBS) based Amazon EC2 large Instance with 7.5 GB of memory and 4 Amazon EC2 Compute Units. The database is hosted on an Amazon RDS Oracle Instance. This is an Amazon EBS based Amazon RDS large Instance with 7.5 GB of memory and 4 Amazon EC2 Compute Units. Amazon RDS is backed up automatically. The frequency of the backups can be set automatically. A backup snapshot can be take at anytime but I/O will be suspended for a few minutes unless multi-AZ is set for Amazon RDS. Amazon EBS Snapshots will be used for Application Server high availability and potentially disaster recovery. The snapshots can be located in the same region in a different AZ or snapshot to another region for additional protection. AWS spot instances, spare Amazon EC2 instances that you bid on, can be used when there are extreme large batch files to process and load into the database.Example Architectural Patterns (sorted by increasingly optimal RTO/RPO)Backup and RestorePilot LightFully Working Low Capacity StandbyMulti-Site Hot Standby
  • On the other end of the spectrum from the minimal PeopleSoft configuration is highly available and scalable Oracle E-Business Suite implementation. These implementations can be complex and expensive. There are typically dense peak periods and wild swings in traffic patterns result in low utilization rates of expensive hardware. Amazon Web Services provides the reliable, scalable, secure, and high-performance infrastructure required for Oracle E-Business Suite while enabling an elastic, scale out and scale down infrastructure to match IT costs in real time as customer traffic fluctuate.The database server is a High-Memory Quadruple Extra Large Instance with 68.4 GB of memory and 8 virtual cores,26 EC2 Compute Units. The application server instances are also high memory as a minimum of 6 GB of memory is recommended for Oracle E-Business Suite. We will use the High-CPU extra large instances which have 7 GB of memory and 8 virtual cores. The HTTP Servers can be High-CPU Medium instances with 1.7 GB of memory and 2 virtual cores. The user's DNS requests are served by Amazon Route 53, a highly available Domain Name System (DNS) service. Network traffic is routed to infrastructure running in Amazon Web Services. The HTTP requests are first handled by the Elastic Load Balancing, which automatically distributes incoming application traffic across multiple Amazon EC2 instances across AZs. It enables even greater fault tolerance in your applications, seamlessly providing the amount of load balancing capacity needed in response to incoming application traffic. The Oracle Web, application and database servers are deployed on Amazon EC2 instances. This will be a custom AMIusing Oracle Enterprise Linux 5.3 and Oracle E-Business Suite 12.1.3. Amazon Spot Instances or Auto Scaling can be used to support batch processing.Web and application servers are deployed in an Auto Scaling group. Auto Scaling automatically adjusts your capacity according to conditions you define. This ensures that the number of Amazon EC2 instances increases seamlessly during demand spikes. Oracle database backups and the batch flat files for integration with the corporate data center are stored on Amazon S3.The storage volumes for the Applications Servers will be standard Amazon EBS volumes.The Oracle database storage volumes will be Amazon EBS PIOPS volumes. These provide up to 1000 IOPS per volume. These will be stripped using Oracle ASM. Spot instances can be used to handle large batch loads.
  • This hybrid architecture applies to all the use cases except the Amazon Glacier use case. The Oracle Database could run in an AWS Direct Connect facility. AWS Direct Connect facility are essentially a colocation allowing for low latency, high bandwidth connections directly into the AWS Datacenters. These facilities are located in close proximity to the AWS data centers and offer 1Gbps to 10 Gbps to the AWS data centers. For this Oracle configuration that is utilizing a Direct Connect facility, the web and application servers running Oracle WebLogic, or this could be any another application such as Tomcat, IBM Websphere, Microsoft IIS will run in the AWS cloud. The architecture can include all the AWS services we used in the previous use cases such as Route 53, Elastic Load Balancing, Auto Scaling, EBS, and others. The Oracle Real Application Cluster (RAC) is running in the Data Connect facility connected over a 1 Gbps or 10 Gbps dedicated link to the AWS data center. Oracle RAC is not supported inside of AWS so this is an excellent use case for running a hybrid architecture. Datapipe is one Direct Connect partner that offers RAC-as-a-service with usage based pricing for Oracle RAC. In addition to hosting Oracle RAC other AWS partners, like NetApp, offer hardware and software solutions in a Direct Connect facility.
  • Store target file(s) on a file share.Configure policies on target S3 bucketsEncrypt / Compress data sets on premiseTransfer files via regular file transfer (S3, SFTP, SCP, FTP, Custom UDP etc) – Increase transfer rate using third-party solutions (Aspera, Attunity)Retrieve encrypted file from S3 using the same optionsTest Integrity / Security / Operations / PerformanceAdd parallelization for performance optimizationConfigure on premise NetBackup (or CA, CommVault, Riverbed Whitewater etc. there are many options) to use S3Backup and Restore directly from host agentBackup agent communicates with cloud (S3) over Internet linksUse NetBackup Encryption, Compression, DeDupe, Backup Management toolsCheck Security / Integrity / Functionality / Performance / Operations / Speed Integrates on-prem IT environments with Cloud storage for remote office backup and DRUtilizes a virtual appliance that sits in customer datacenterExposes compatible iSCSI interface on front endProvides low-latency on-prem performanceAsynchronously uploads data to AWS where it is stored in Amazon S3 as Amazon EBS snapshotsPoint-in-Time snapshots accessible locally and from Amazon EBSEncryption via SSL and Amazon S3 Server Side EncryptionSnapshot schedulingWAN compressionSupported in all public RegionsBandwidth Throttling
  • Speaker Notes:[Type your notes here]
  • Carters migrated an on-premise Powerbuilder Oracle DB application to Oracle APEX and Database on EC2. This project is documented as a chapter in the book Migrating to the Cloud.KPIT Cummins runs an Oracle Ebusiness Suite 12.1.3 environment on EC2 running the Oracle Virtual Machine (OVM). The customer real likes the easy of use that the AWS web management console provides in what they call ‘infrastructure at a click’.Advanced Innovations hosts Oracle eBusiness Suite R12 on EC2 running Oracle Enterprise Linux 5.4. They also run a number of Oracle products including Oracle DataGuard, RMAN, Oracle Secure Backup Cloud Module,Oracle Fusion / SOA Middleware 11g,Oracle Beehive 2.0.1,Oracle IDM / SSO,Oracle Web Center ,Oracle Business Intelligence EE 11g, and Oracle Grid Control 11g.Sage Manufacturing moved an on premise development, test, DR, and production E-Business Suite environment to Amazon EC2 using the AWS SI partner Blue Gecko.Oracle will most likely captureHigh end enterprise market : top 10% or lessAll Oracle shopsISVs that are Oracle centric : Oracle public cloud targeted at ISVs AWS will capture : The rest … 90 % or moreProduction DaaSSmall to mid-size Oracle application environments Heterogeneous ISVs and customersOracle is showing keen interest in partnering with AWSEM 12c plug in : http://www.oracle.com/technetwork/oem/grid-control/downloads/oem-aws-plugin-1852739.html
  • VSC Technologies is a subsidiary of the French National Railway Corporation (SNCF).To move the architecture to AWS, theycreated their own 64-bit Amazon Machine Image (AMI) running Oracle Database 11g Enterprise Edition using Oracle Automated Storage Management (ASM) on top of Amazon Elastic Block Store (EBS). They also used the Oracle Data Integrator to retrieve data from the mainframe.Capgemini in Latin America moved development, test, and production Oracle E-Business Suite workloads to AWS.PBS hosts a MySQL and Oracle Database backed internet streaming website on Amazon EC2.In a success story outside of corporate and typical enterprise customers, the European Space Agency used on Oracle Database on Amazon EC2 to scan astrometric data in attempt to discover life beyond our solar system.
  • 1. Amazon.com uses OSB to backup to backup retail databases to AWS. The Client Experience group uses Amazon RDS for customer simulations.2. The latest Oracle public success story, involves another Oracle E-Business Suite implementation. This one with pasta machine maker Imperia.3. McGraw Hill work was done by Wipro and his a highly elastic, scalable environment. The story of what they have done is good. You can watch the presentation at http://www.youtube.com/watch?&v=R1AjAKz73M8 and the section starts at 43:00 minutes in.4. Smarter Agent by smartShift : HIGHLIGHTS Customer Smarter Agent hosts a platform for mobile applications in real estate industry. Project Forklifting Oracle DB and app to the cloud Key outcomes   Consistently seeing the average IO response times of less than 1 ms  Total outage time for the migration < 2 hours   Core Oracle DB is stable and performs well under the load Products / Services used   Cloud migration strategy   Oracle DB + app transformation   24X7 cloud management and monitoring
  • The Module ObjectivesBy the end of this training you will be able to do the following:Identify the Oracle and AWS alliance timeline. Describe how to identify opportunities that can be solved by AWS products and services and what other customers have done before. Verify some common best practices using Oracle and AWS product and services. Describe the support and licensing polices and other online resources.
  • The Module ObjectivesBy the end of this training you will be able to do the following:Identify the Oracle and AWS alliance timeline. Describe how to identify opportunities that can be solved by AWS products and services and what other customers have done before. Verify some common best practices using Oracle and AWS product and services. Describe the support and licensing polices and other online resources.
  • The Module ObjectivesBy the end of this training you will be able to do the following:Identify the Oracle and AWS alliance timeline. Describe how to identify opportunities that can be solved by AWS products and services and what other customers have done before. Verify some common best practices using Oracle and AWS product and services. Describe the support and licensing polices and other online resources.
  • These are six key concepts when it comes to using Oracle on AWS. Amazon S3: Plays a key role in disaster recover and high availability of Oracle databases and application servers. Amazon S3 can be used even if the production environment is running on premise. Amazon Virtual Private Cloud (VPC): Amazon VPC is used to create a virtual network for each AWS customers. It isoften times used to extend the data center in to the cloud in a secure manner.Virtual Private Network (VPN) Tunnel: VPC does not imply the use of a VPN IPSec tunnel. However, most Oracle customers run VPN when using Amazon VPC. AWSDirect Connect: Can be used to provide dedicated connection from the enterprise to AWS, as well as hosting of Oracle Real Application Cluster (RAC).
  • Oracle Solutions on AWS : May 2014

    1. 1. 2 Technical Overview of Oracle on AWS 3 Architect ure for typical use cases 5 Customer Successes We Will Discuss 1 Licensing And pricing 4 Migrating Data 6 Roadmap and resources
    2. 2. Licensing and Pricing
    3. 3. This timeline highlights the collaboration between Oracle and AWS along with the major milestones and joint deliverables. Oracle on Amazon EC2 2008 2010 2012 Oracle Secure Backup Cloud Module on Amazon EC2 Oracle VM virtualization support Oracle on RDS Oracle Test Drive Oracle & AWS 201120082007 2013 Ref Arch, AMIs AWS and Oracle
    4. 4. Oracle Licensing and Support Processor & socket licensing • Standard Edition: EC2 instances with 4 or less virtual cores are counted as 1 socket • 0.5 core multiplier for enterprise licenses (processor) BYOL • Enterprise license agreement • Unlimited license agreement • Oracle partner network • BPO license • Oracle Technology Network Pay-as-you-go • RDS for Oracle SE One Oracle AWS cloud licensing document: oracle.com/us/corporate/pricing/cloud- licensing-070579.pdf
    5. 5. Oracle E-Business Suite JD Edwards EnterpriseOne Oracle Fusion Applications PeopleSoft Applications Hyperion ATG Web Commerce Oracle SOA Suite Identity and Access Management WebLogic Suite WebCenter TimesTen MySQL Community Edition Data Guard Active Data Guard GoldenGate RMAN OSB Enterprise Manager Oracle NoSQL Coherence Oracle Products on AWS http://www.oracle.com/technetwork/topics/cloud/faq- 098970.html#support
    6. 6. Technical Overview
    7. 7. Services Key for Oracle on AWS VPC
    8. 8. Use Multiple Layers of Defense • Security Groups (EC2, VPC, RDS, ElastiCache) • IPTables • Bastion Host • Host-based Firewalls* • IDS* Protect privacy and enforce your policies with data encryption • Encrypt data in transit • (SSL/TLS) and TDE • Encrypt data at rest – TDE with keys in AWS CloudHSM – OS level : Trucrypt, TrendMicro SafeNet, CipherCoud (EBS+RDS), 3RD party Identity and Access Management • Create Users and Groups within a master account Operating system security • EC2 Key Pairs • No external SSH to Oracle DB VPC • Database in private subnet • Database access only from application server or bastion host AWS Account Management • Multiple accounts may be created to isolate resources. Accounts may be isolated by: Environment (e.g., dev, test, prod), Major System, Line of business / function, Customer, Risk level Security : Best Practices
    9. 9. Services Key for Oracle on AWS PIOPSand EBS-Optimized Instances
    10. 10. EBS • PIOPS (applies to I/O with a block size of 16KB) • Stripe using RAID 0, 10, LVM, or ASM • RAID 10 (can decrease performance) • Snapshot often : Single volume DB • 20 TB DB size (max) Tuning • Maintain an average queue length of 1 for every 200 provisioned IOPS in a minute • Pre-warm $ dd of=/dev/md0 if=/dev/null • fio, Oracle ORION • Oracle Advanced Compression File system • ext3/4, XFS (less mature) • Try different block sizes : start with 64K Stripping • Stripe multiple volumes for more IOPS (e.g., (20) x 2,000 IOPS volumes in RAID0 for 40,000 IOPS) • ASM with external redundancy • More difficult to Snapshot : Use OSB Storage • Use Instance storage for temporary storage or database Storage : Best Practices
    11. 11. Services Key for Oracle on AWS AWS Direct Connect
    12. 12. VPC • Use it…VPC by default for new accounts • Database in private subnet VPN • Redundant connections • Consider two Customer Gateways • Dynamic routing (BGP) over static (ASA) NAT • Set up multi-AZ NAT IDS/IPS • Trend Micro, AlertLogic, Snort • Host based • Conduct penetration test : prior approval from AWS Dedicated, secure connection • Direct Connect - 1 Gbps or 10 Gbps Fail over • ELB : Multi-AZ • Route 53 : Geo/region Networking : Best Practices
    13. 13. Services Key for Oracle on AWS AWS CloudFormation
    14. 14. Setting up Oracle on your own Put together all the necessary AWS infrastructure components for networking, compute and storage based on best practices. Install and configure Oracle Database Two ways to deploy Oracle on AWS Oracle on EC2 • Fully control of database and operating system • You are responsible for backups • You are responsible for HA
    15. 15. Using Amazon RDS for Oracle Avoid all the heavy lifting and launch fully configured Oracle Database instance with a couple of clicks or an API call Two ways to deploy Oracle on AWS Oracle on RDS • No access to OS • AWS does database patching • One click/API HA • One click/API for backups • Some restrictions apply : Ebusiness Suite not supported, UTL_File, UTL_HTTP, etc.
    16. 16. Architecture for typical use cases
    17. 17. Enterprise Migration Path $$$$ $$ Value to Business HighLowMedium TimetoExecute $$$$ Phase 1 Phase 2
    18. 18. 2 VPC Database Backup to AWS
    19. 19. Disaster Recovery Site on AWS
    20. 20. Development, test and QA on AWS
    21. 21. Oracle production on AWS
    22. 22. Oracle Database production on AWS : Details
    23. 23. Oracle Hybrid Architecture
    24. 24. Migrating Data
    25. 25. • Protocols – File transfer to Amazon S3 or EC2 using S/FTP, SCP, NFS, UDP, Aspera, Attunity CloudBeam, Tsunami – AWS Import/Export service: Ship your disk to AWS • Transfer methods – Configure on-premises backup application (like NetBackup, CA, CommVault, Riverbed) to use Amazon S3 – AWS Storage Gateway for asynchronous backup to Amazon S3 – Database backup tools like Oracle Secure Back – Database replication tools like GoldenGate, DbVisit • Special process for loading to Amazon Oracle RDS Data Migration options
    26. 26. Data Migration process : RDS
    27. 27. Customer Project Migration Lessons Learned
    28. 28. Global manufacturing company with operations in APAC, Europe, and North America Vendor consolidation1 Infrastructure management challenge across multiple locations 2 Hardware refresh cycles and cost optimization 3 RISO, Inc - Business Overview Key Business Drivers
    29. 29. • Capital and operational cost reduction by avoiding new hardware purchases and by redeploying IT staff to projects that directly supported the core business • Other benefits included: – 55% reduction in total IT operations costs – 35% reduction in backup infrastructure costs – Ability to start and stop nonproduction services to reduce operational costs – Reduction in the number of IT vendors (from 6 to 3) – Able to perform an office relocation of HQ in early 2013, with no interruptions to business leveraging the centralized AWS computing platform What was achieved
    30. 30. Migrate Business Critical Applications •Migrate infrastructure components like domain controller, monitoring solutions •Migrate E-Business Suite, OBIEE •Tune – enhance - optimize Migrate Non- Mission Critical Applications •Migrate Test / DEV application •Migrate noncritical applications like Track-it •Migrate backups and validate restore process Proof of Concept •Build POC environments for each critical application and validate functionality •Perform functional, integration testing Assessment •Complete study of IT infrastructure & costs, including recommendations and a detailed plan •Perform cost analysis and estimate project duration and resources Migration Process
    31. 31. US East AZ-1 Headquarters VPC Public Subnet VPC Private Subnet Location 2 Internet OBIEE EBS R12 Monitoring Solution OpenVPN VPN Connection VPN Connection AWS Architecture
    32. 32. • Complete infrastructure for North America on Amazon Web Services – Office locations and warehouses connected via VPN to VPC on AWS – Oracle EBS/OBIEE on Linux • Complete in-house infrastructure including SQL Server, Oracle EBS, OBIEE and domain controllers, track-it applications , LACROSSE etc. • Migrate from Tivoli tape backups to Amazon S3 backups using Zamanda/Glacier, Snapshots • Integrated active directory with Salesforce.com, Office 365, various file, print, fax services throughout North America • All production backups to Amazon S3 using third-party tool • All nonproduction backups to Amazon S3 (reduced redundancy store) AWS Infrastructure
    33. 33. Carters migrated an on-premise Powerbuilder Oracle DB application to Oracle APEX and Database on EC2. This project is documented as a chapter in the book Migrating to the Cloud. KPIT Cummins runs their Oracle E-Business Suite 12.1.3 environments on Amazon EC2/OVM. They have benefitted from the reduced complexity of AWS “infrastructure at a click.” Advanced Innovations hosts their entire Oracle Applications and technology platform on Amazon EC2. SOA Suite, WebCentre, Beehive, Ebusiness etc. Blue Gecko deployed SAGE Manufacturing’s dev, test, DR and production Oracle E-Business Suite environments on Amazon EC2. Customer Successes
    34. 34. The French National Railway Corporation uses Amazon EC2 to host their test reservations system backed by Oracle Database. Deploying on the cloud has allowed VSC Technologies to reduce testing and deployment times by two thirds. Oracle Data Integrator/Mainframe. Capgemini uses AWS to host the development, test and production Oracle E-Business Suite Financials supporting their business in Latin America. PBS uses AWS to host their internet streaming websites which run on MySQL and Oracle Databases hosted on Amazon EC2. The European Space Agency’s GAIA mission uses an AWS, including Oracle Database on Amazon EC2, to rapidly and cost- effective scan astrometric data sets for indications of planets outside our solar system. Customer Successes
    35. 35. Amazon.com backs up retail databases using the Oracle Secure Backup Cloud Module. The Client Experience Analytics (CXA) team uses Amazon RDS to support customer simulations against Amazons web properties on an ongoing basis. Oracle eBusiness Suite 11 - Imperia was established officially on February 3rd, 1932 as the development of a little artisan workshop and started at once to distribute pasta machines around the world. McGraw-Hill migrated an Oracle WebLogic and Oracle RAC environment to AWS using a hybrid architecture. Oracle WebLogic is clustered on EC2 using ELB and Auto Scaling. The Oracle RAC Database runs in Data Pipe. Smarter Agent is the leading provider of white label mobile applications and services to real estate industry. Smarter Agent decided to “forklift” entire stack (vs hybrid) to AWS. They used smartShift to move the Oracle 11g Database to AWS RDS and JBoss to EC2. smartShift customer success : http://www.youtube.com/watch?v=t2UcCdnNsRc&feature=youtu.be Customer Successes
    36. 36. Roadmap and Resources
    37. 37. Bigger Oracle OpenWorld Presence Updated Oracle.com FAQ and Licensing Document Test Drive Labs Customer Successes White Papers New AMIs 2014 Reference Implementations Re:Invent Sessions Oracle Database on AWS Book Oracle on AWS Roadmap
    38. 38. • Get started with a free trial – http://aws.amazon.com/free • White papers – http://aws.amazon.com/whitepapers/ • Reference architectures – http://aws.amazon.com/architecture/ • Enterprise on AWS – http://aws.amazon.com/enterprise-it/ • Executive-level overview : Extending Your Infrastructure to the AWS Cloud (4 minutes) – http://www.youtube.com/watch?v=CsGqu5L_PFI • Simple Monthly Pricing Calculator – http://calculator.s3.amazonaws.com/calc5.html • TCO calculator for web applications – http://aws.amazon.com/tco-calculator/ AWS Resources
    39. 39. • AWS Marketplace Offerings for Oracle Database – Oracle 12c and 11g on RHEL (BYOL) : https://aws.amazon.com/marketplace/search/results/ref=sp_navgno_search_box?page=1& searchTerms=oraclempbyol • Oracle Database Reference Implementation – Standard, enterprise class, large enterprise class and high performance Oracle 11g configuration on AWS EC2http://media.amazonwebservices.com/AWS_RDBMS_Oracle_11g_on_EC2_Referenc e_Architecture.pdf • Oracle Test Drives : http://awstestdrive.com • Amazon Relational Database Service: aws.amazon.com/rds • Running Oracle on AWS: aws.amazon.com/oracle • Oracle FAQ: http://www.oracle.com/technetwork/topics/cloud/faq-098970.html • Pre-configured Oracle AMIs: https://aws.amazon.com/amis?ami_provider_id=4&selection=ami_provider_id • Oracle Secure Backup Cloud Module product Page: http://www.oracle.com/us/products/database/secure-backup-066578.html • Oracle AWS cloud licensing document: oracle.com/us/corporate/pricing/cloud-licensing- 070579.pdf • Oracle Enterprise Manager 12c plug in:http://www.oracle.com/technetwork/oem/grid- control/downloads/oem-aws-plugin-1852739.html Oracle on AWS Resources
    40. 40. • OEM 12c as a Hosted Service – http://www.slideshare.net/tomlaszewski/oow-em-blueprintsv3 • AWS reInvent Sessions – Storage Tiering and Ebsuiness Suite customer success: http://www.slideshare.net/tomlaszewski/storage-tiering-for-oracle-database-on-aws-and- oracle-ebusiness-suite-on-aws-case-study – Peoplesoft on RDS and customer success: http://www.slideshare.net/tomlaszewski/dat202-using-amazon-rds-to-power-enterprise- applications-1-0 – Migrating Enterprise Applications: http://www.slideshare.net/tomlaszewski/ent303- migrating-enterprise-applications-to-aws – Migrating data from on premise to AWS RDS: http://www.slideshare.net/tomlaszewski/advanced-data-migration-techniques-for- amazon-rds • Oracle OpenWorld Session – Best Practices for running Oracle Database on AWS: http://www.slideshare.net/tomlaszewski/oracle-db-on-ec2-partner-webinar Oracle on AWS : OOW and Reinvent
    41. 41. RISO, Inc Details
    42. 42. © Copyright 2013. Apps Associates LLC. 43 • Source – Infrastructure – on-premise hosted servers – Hardware – (Dell PowerEdge, HP ML110) – Storage – (Dell Power vault) – Database – Oracle 9i/10g, SQL server – Fusion middleware – Packaged applications – Oracle E- Business Suite, Oracle Business Intelligence Suite, La-crosse, Mobile Field Service – Integration with Force.com platform – Firewalls, direct connectivity across multiple locations - (CISCO , Barracuda) – Tape backups - (Dell ML6000) • AWS – EC2, Amazon EBS, Amazon VPC – Multiple instance types (m1.medium, m1.large, m1.xlarge ) – Storage EBS , PIOPS, Amazon S3, Amazon Glacier – Management and monitoring using Nimsoft Monitoring Solution hosted on AWS – Connectivity using VPN tunnels – Archiving using Amazon Glacier – Data transfer using AWS Export/Import – DR configuration across regions
    43. 43. © Copyright 2013. Apps Associates LLC. 44 • Oracle E-Business Suite – Database (RHEL 4) • Oracle 9i – 8 cores / 32-bit – E-Business Suite (RHEL 4) • 11.5.8 – 4 cores / 32-bit • Oracle Business Intelligence – Database (RHEL 5) • Oracle 10g – 4 cores – OBIEE 10g (RHEL 5) • OBIEE 11g – 4 cores • Microsoft SQL servers – Database (Win2008Hyper-V ) • MS SQL Server 2005 • Mobile Field Server – MWA ( Win 2008VM Ware ) • Oracle E-Business Suite – Database & E-Business Suite • Oracle Business Intelligence – Database & OBIEE 10g • Multiple VPN tunnels from multiple customer locations

    ×