This session was delivered as part of the Oracle Ground Breakers EMEA tour in Romania. What does "autonomous" really mean, and what makes the database autonomous? If you're looking for the answers to these questions, this is the session for you! In this session, we invite you to take a peek under the hood of the Oracle Autonomous Database, so you can get a clear understanding of how our unique Autonomous Database works. We’ll share our exclusive combination of database features, best practices and machine learning algorithms that make up this family of cloud services. With the use of live demos, we’ll illustrates how it can simplify your approach to data management and accelerate your transition to the cloud.
1. Maria Colgan
Master Product Manager
Oracle Database
October 2019
@SQLMaria
Oracle Autonomous Database
Under the Hood
1
2. Safe harbor statement
The following is intended to outline our general product direction. It is intended for information purposes
only, and may not be incorporated into any contract. It is not a commitment to deliver any material,
code, or functionality, and should not be relied upon in making purchasing decisions.
The development, release, timing, and pricing of any features or functionality described for Oracle’s
products may change and remains at the sole discretion of Oracle Corporation.
2
4. Oracle Autonomous Database Key Attributes
Self-Driving
Automates all database and
infrastructure management,
monitoring, tuning
Self-Securing
Protects from both external
attacks and malicious
internal users
Self-Repairing
Protects from all
downtime including
planned maintenance
Spend Less, Reduce Risk, Innovate More
16. Self-Driving | Automatic Tuning
16
Row Format
Optimizes Response Time
Creates Indexes
Columnar Format
Optimizes Complex SQL
Creates Data Summaries
Autonomous
Transaction Processing
Autonomous Data
Warehouse
Memory for Caching, No IOMemory Speeds Joins, Aggs
Statistics updated in real-time while preventing plan regressions
41. Benefits of Autonomous Database
• Spend Less
• ReduceAdmin Cost: Eliminates expensive, tedious, unsafe manual database management
• Reduce Runtime Cost: Cloud pay-per-use, Exadata speed, and self-tuning cuts costs up to 90%
• Reduce Risk
• Prevent cyber-attacks: Secure configurations, fully automatic and online security updates
• AlwaysAvailable: protects from all downtime including maintenance and DR
• Proven: Runs all your enterprise workloads, easy migration of existing databases
• Innovate More
• Refocus talent: Focus on new projects, user experience, analytics, ML, instead of admin
• Develop faster: Instant provisioning, self-tuning, integrated database app development
43. NEW Always Free
Services always free for as long
as you use them
FreeTrial
$300 free credits for 30 days
Highly reduced pricing
$
+
NEW Free Tier for Oracle Cloud
Learn, explore, and build for free!
44. Always Free - What’s Included
Autonomous
Database
2 x Databases
20GB Storage Each
Load
Balancing
10 Mbps
Bandwidth Shape
Storage
2 x 50GB Block
10GB Object
10GB Archive
Compute
2 xVM
1GB Memory Each
Available to all new and existing cloud accounts
Editor's Notes
The Oracle Autonomous Database is:
Self-Driving – Lower Cost & Increased Productivity
Eliminates human labor to provision, secure, monitor, backup, recover, troubleshoot, and tune the database
Automatically upgrades and patches itself while running. Testing automation ensures changes are safe.
Elastically grows and shrinks compute or storage without downtime. Pay only for what you use.
Self-Securing – Lower Risk
Protection from external attacks and from malicious internal users
Automatically applies security updates with no downtime.
Automatic encryption of all data.
Self-Repairing – Higher Availability
Automation eliminates administrator errors
SLA Guarantees 99.995% availability. Less than 30 minutes downtime per year including planned maintenance
Oracle Autonomous Database is actually a family of products with each member of the familyoptimized by workload. The first member of the family to become available in March of this year
was the Autonomous Data Warehouse (ADW), which has been optimized for analytic workloads, such as data warehouse, data marts or as part of a data lake.
The second member of the family that’s just become available is Autonomous Transaction Processing (ATP).
ATP is optimized for transaction processing or mixed workload environments and makes an excellent platformfor new application development.
Change Control, Policy, Operation, Customizable Operational Policy, Customizable Policies, Control over Policies
Lets’ deep dive into how the database automatically repairs itself.. This ensures better performance and availability of the database
This section highlights the benefits of self repairing and the key Oracle technologies and capabilities that enable them.
This is certainly not an exhaustive list. But these are the key capabilities that we will be diving into in this section and understanding how they work to make the database self repairing
Provisioning
Oracle quickly deploys a mission critical database on our Exadata infrastructure cloud, a platform optimized for Oracle Database. The database is created as a RAC cluster,so it can scale out seamlessly, but also protect the database in case of a server failure.
In order to protect the system against a complete failures, we also create a standby system using Active Data Guard in a different region in the cloud to
16
Oracle execution plans are like driving directions, they will change as the data distribution changes (data volumes and statistics).
Indexes can be thought of as roads and bridges, with auto indexing new roads will be added as the workload changes.
1.CapturePeriodically captures SQL statements into a SQL repositoryInclude plans, bind values, execution statistics, etc.
2.Identify Candidate IndexesIdentify candidate indexes that may benefit the newly captured SQL statementsCreates index candidates as unusable, invisible indexes (just metadata)
3.VerifyAsk the optimizer if index candidates will be used for these statementsIndex candidates not used by the optimizer are automatically droppedComplete creation of chosen indexes and run captured statements to verify that the indexes did improve performance
4.DecideIf performance is better for all statements, the indexes are marked visibleIf performance is worse for all statements, the indexes are droppedIf performance is worse for some, the indexes are marked visible except for statements that regressed
5.Monitor
Index usage is continuously monitoredAutomatically created indexes that have not been used in a long time will be droppedRebuilds decaying indexes
With 16 OCPUs you would get the follow number of concurrent queries before queuing would kick in
3 concurrent queries for HIGH
20 concurrent queries for MEDIUM
32 concurrent queries for LOW
Lets’ deep dive into how the database automatically repairs itself.. This ensures better performance and availability of the database
This section highlights the benefits of self repairing and the key Oracle technologies and capabilities that enable them.
This is certainly not an exhaustive list. But these are the key capabilities that we will be diving into in this section and understanding how they work to make the database self repairing
Data Encryption Security Keys
AWS/Aurora violates specific rules agreed upon by the Cloud Security Alliance (CSA). The core principle is that the key provider cannot also be the hoster of the application – the separation eliminates a key vulnerability
Oracle allows separation of keys
Encryption - At Rest
Oracle allows you to enable and disable encryption.
Oracle delivers it on by default
Aurora can turn on encryption when they start a database. Once on, it can’t be turned off.
Patches applied Weekly or biweekly with ATP-s and quarterly for ATP-d
Gold image – just as we do in Exadata today pre built image is built quarterly and applied.. So it is not available for serverless because there patching is done more frequently and it doesn’t make sense to build gold patches if the patches have to be applied very frequently.. The benefit of gold is that if there is a problem you can always go back to the previous version.
Platinum support for patching is additional but it will be built in ATP
Installs prebuilt Gold Image of patched database executables rather than directly applying patches - Currently not available in ATP-S or ADW, This functionality will only come with ATP-D
Patching is very expensive because it requires downtime and several man hours to patch all the databases in your environment. Also patches may be applied once in a quarter so its an on going effort
ADB will patch your systems for you while the database is running. Needs no downtime and manual effort. So it can never happen that you forgot to apply the patch or didn’t have time to do so
Ensures that you are always protected from know cyber attacks
Oracle tools: Data masking, database vault
1. No Access to the database node or file system
Oracle DBAs are separated from actual data. This is not true for Aurora
Aurora DBAs are given 100% access to data – cannot be revoked.
This is specific area of vulnerability. It is assumed that DBA access is the way into data theft. Therefore, AWS solutions are extremely vulnerable and unsuitable for any security exposed applications.
Aurora is not configurable to further restrict rights the DBA role. So, their superuser role has administrative rights as well as data read/write rights.
2. Dynamic Redaction/Masking
Oracle can apply security policies as data leaves the database E.g. convert SSN to XX-1234
3. Static Masking
For test/dev databases, can simply convert sensitive fields
4. Metadata Tagging – Label Security Option
Data can be marked as “sensitive” “confidential” etc.
Included for free in DB CS
5. Full DEFENSE IN DEPTH
Built over 30 years meeting the needs of the most demanding organizations: high threat environments, security services, financial institutions
Most data protection regulations require several different things:
1) Encrypt the data2) Control access to the data3) Monitor access to the data4) Anonymize data in non-production systems
Aurora handles requirement #1 but doesn't do much (if anything) for the other three. Oracle takes care of all 4
[ graphics on right too small to read text; is security assessment about configurations?
Now Oracle goes the next step by securing configurations and users…a space traditionally left to the customer to handle. I’m proud to announce we’ve extended the security capabilities of Oracle’s Autonomous DB by adding Data Safe!
Data Safe manages risk associated with configurations, users and sensitive data. It is one integrated security service to…
Identify poor configurations through configuration assessments
Flag risky users or behavior
Activity auditing tracks risky actions and streamlines audits
Discover and …
Mask sensitive data (three out of four DB instances are copies for Dev/Test, this lets you remove that risk)
Security shouldn’t be an choice to make and as your trusted technology provider we’ll never pass the buck. We’ll continue to invest and innovate to bring you the most secure cloud and platforms.
Lets’ deep dive into how the database automatically repairs itself.. This ensures better performance and availability of the database
This section highlights the benefits of self repairing and the key Oracle technologies and capabilities that enable them.
This is certainly not an exhaustive list. But these are the key capabilities that we will be diving into in this section and understanding how they work to make the database self repairing
Can the policy be set at the CBD or pod level???
ASM- automatic storage management
Automatically detect anomalies or hangs in the database behavior, compare these behaviors with know issues and fix them.
Exadata’s uses advance prediction capabilities to detect any kinds of hardware failure and migrate customer data off that failing h/w so the customer doesn’t get impacted at all. (its an exdata native feature to make it highly available). Exadata proactively looks for hardware faults, for example failure of drives and moves the data of their failed drive before the drive actually comes down.
By default exadata tries to balance itself across a whole bunch of disks. It is predictive in nature so before a fault is able to manifest itself, it has the ability to move the customer data and workload of that failing device so the customer doesn’t see these failures. It rebalances the data of these falling devices to other devices that are currently functioning. In other words properly valid mirrors, so I/Os don’t hang, any failures don’t impact the system and the DevOps guys get a notification that they need to replace
And rebalances
Package for devops – create an SR for the problem
This slide highlights how we use ML in the previous process for Database Operations
We use ML algorithms like anomaly detection, pattern recognition, problem signatures to detect and prevent issues and failures and fix the know issues or raise SRs on behalf of our customers.. Bug detection should be our job not yours..
It can correlate problems across different systems to give you a complete story of the fault that occurs.