Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Meetup Oracle Database MAD_BCN: 1.3 Gestión del ciclo de vida de Oracle Database en entornos híbridos

113 views

Published on

Presentación sobre el lifecycle management, y cómo desde la consola de Enterprise Cloud Control podemos ser capaces de gestionar una base de datos de principio a fin.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Meetup Oracle Database MAD_BCN: 1.3 Gestión del ciclo de vida de Oracle Database en entornos híbridos

  1. 1. Angel Freire Ramírez Solution Architect 30 / 11 / 2017 Information Lifecycle Management (ILM) Database
  2. 2. Agenda 1.DBLM Overview 2.Database Provisioning 3.Patch Automation 4.Configuration Standardization 5.STIG Compliance 2Oracle Database meetups para BBAs y Arquitectos
  3. 3. DBLM Overview Oracle Database meetups para BBAs y Arquitectos 3 Database
  4. 4. Key Challenges and Solutions Oracle Database meetups para BBAs y Arquitectos 4 Unmanaged asset sprawl Configuration Pollution • 28% have an annual database instance growth of more than 20% • Less than 50% have consolidated • Too many versions, patch levels and sizes • 1400 variants across 3 major releases for a large telecom customer Slow time to delivery • Days to Weeks to provision database services for key projects • Weeks to clone a complete middleware stack, such as SOA Consolidation Standardization Automation
  5. 5. Database Lifecycle Management How Do All These Come Together Oracle Database meetups para BBAs y Arquitectos 5 Advise AnalyzeAct Audit  Real-Time Monitoring – Who/When  Compliance Score  Best Practices  Oracle Recommendations  Regulatory (STIG)  Report  Inventory &Trend  Automatic Change Reconciliation  Authorized vs Unauthorized  Patch Advisories via MOS  Upgrade Advisories from MOS  Configuration Policy Violations  Patch/Upgrade database and GI  Mass deployment/Provisioning  Cloning/migration of binaries and database (incl’ pluggable)  Schema Synchronization  Settings, Drift & Policy Actions  Configuration Changes  Topology guided Impact Analysis  Config Comparison for Drift Analysis  To Gold & Baseline  1 to 1, 1 to N  Target and System  DB Change Management  Data Comparison  Data Governance  Patch Plans: Conflict & PreReq Analysis Discover y & Collectio n
  6. 6. Database Provisioning Oracle Database meetups para BBAs y Arquitectos 6 Database
  7. 7. • Mass Deployment of Oracle Software (Database, Real Application Clusters) • Supports all versions up to 12.2 including Pluggable Databases • Gold Image cloning and standardized software deployment via Profiles • Lock down access for controlled and error free deployments Databases Cloning using Oracle Enterprise Manager 13c Provisioning Database Provisioning Oracle Database meetups para BBAs y Arquitectos 7 Source DB systems Target DB Systems Software Library Storage Save Gold image (and optionally data) from source systems to EM software library Deploy saved Image and data to target systems with customizations
  8. 8. • Create CDBs with multiple PDBs • Unplug and plug full data and application • Useful for Upgrade Testing • Functional Testing • Agile development • Storage efficient snapshots within a container database Multitenant Database Provisioning Oracle Enterprise Manager Enables Fast, Flexible Copy and Snapshot of Pluggable Databases Oracle Database meetups para BBAs y Arquitectos 8
  9. 9. Multitenant Database Provisioning Oracle Enterprise Manager 13c Pluggable Databases Provisioning Oracle Database meetups para BBAs y Arquitectos 9
  10. 10. Multitenant Database Provisioning Oracle Enterprise Manager 13c Pluggable Databases Provisioning Oracle Database meetups para BBAs y Arquitectos 10
  11. 11. Multitenant Database Provisioning Oracle Enterprise Manager 13c Pluggable Databases Provisioning Oracle Database meetups para BBAs y Arquitectos 11
  12. 12. Multitenant Database Provisioning Oracle Enterprise Manager 13c Pluggable Databases Provisioning Oracle Database meetups para BBAs y Arquitectos 12
  13. 13. Multitenant Database Provisioning Oracle Enterprise Manager 13c Pluggable Databases Provisioning Oracle Database meetups para BBAs y Arquitectos 13
  14. 14. Multitenant Database Provisioning Oracle Enterprise Manager 13c Pluggable Databases Provisioning Oracle Database meetups para BBAs y Arquitectos 14
  15. 15. Multitenant Database Provisioning Oracle Enterprise Manager 13c Pluggable Databases Provisioning Oracle Database meetups para BBAs y Arquitectos 15
  16. 16. Multitenant Database Provisioning Oracle Enterprise Manager 13c Pluggable Databases Provisioning Oracle Database meetups para BBAs y Arquitectos 16
  17. 17. Patch Automation Oracle Database meetups para BBAs y Arquitectos 17 Database
  18. 18. Overview: Patch Automation Solution Oracle Database meetups para BBAs y Arquitectos 18 Engineered SystemsTraditional Estate Multi-Tenant adds… Self Service maintenance Simple Subscription using “Gold- Image” Real time Patch Tracking which helps in real time compliance adds… Plug/unplug Container DB Patching Continuous Drift and Configuration Auditing for PDB’s adds… Extending Patching beyond the Database software Patch the database grid Patch storage grid Cloud • Automated Patching via Patch Plans • Advice/recommend patches based on configuration • Minimize Downtime, identify issues with pre requisite check • Patch Templates and Compliance Standards • EMCLI Support Patch InfiniBand network Patch recommendations for the Quarterly Full Stack Download Patch. Comprehensive dashboard of the maintenance status and needs.
  19. 19. Patch Management with Oracle Enterprise Manager 13c Oracle Database meetups para BBAs y Arquitectos 19 • Detect and verify patching success • Detect drift from existing gold images and rebuild them for future software rollouts • Patch Compliance tracking and reporting • Revert to previous version in case of regression** • Support Rolling patches for RAC, Pluggable DBs** • Support out-of-place patching/upgrade for single instance databases** • Support patching Exadata Database Cluster Stack** • Support Group based patching** • Push button Patching by “Operators” • Create Patch Plans & templates to apply multiple patches in a single downtime** • Detect conflicts and file merge requests • Perform pre-flight dependency and impact analysis** **New or Significantly Enhanced • Advise/recommend patches based on configuration • Provides patch rating and community feedback Patch Rollout Patch Verification & Reporting Patch Planning Patch Advice
  20. 20. • Comprehensive overview of the maintenance status and needs. • Proactive patch recommendations for the Quarterly Full Stack Download Patch (QFSDP). • Supports auto patch download and ability to patch either in rolling and non rolling modes. • Granular step level status tracking with real time updates , Log monitoring and aggregation, supporting quick filing of support issues with pre-packaged log dumps. • Automation either at finer level on selective parts (2/7 storage server cells) or coarse level of the complete component (all storage servers cells) Patch Automation for Engineered Systems Oracle Database meetups para BBAs y Arquitectos 20
  21. 21. Oracle Database meetups para BBAs y Arquitectos 21 System State Information Patch as Layers Fine grain Logging Real time tracking Patching Process .. Add Patch > Analyze > Deploy. Rollback. 2 1
  22. 22. • Significant Labor reduction but short of initial goal  Some customers not able to support unified patch schedules • Enhanced productivity for patching focals • Decreased patch cycle times • Improved validation • Configuration changes consistently deployed and maintained within oracle homes • COTS vendor support for emergent patching changes • Consistent patching process Patch Automation Benefits Oracle Database meetups para BBAs y Arquitectos 22
  23. 23. Configuration Standardization Oracle Database meetups para BBAs y Arquitectos 23 Database
  24. 24. • Data centers have thousands of databases containing sensitive data which may be unprotected • Enterprises lack enterprise-wide tools to scan databases • Limited visibility into compliance status (encryption, masking, database vault) of sensitive data • Hard to remediate non-compliance Data Governance and Compliance Challenges Oracle Database meetups para BBAs y Arquitectos 24 Protected Application 3 Protected Application 2 Unprotected Application 1
  25. 25. • Configuration Audit  Validate conformance to standards or benchmarks using discrete logic  Best for Industry and internal standards (STIG,CIS) • Continuous Drift  Validate conformance to standards using Reference configuration  Best for critical and rapidly changing configuration settings Continuous Drift and Configuration Auditing Oracle Database meetups para BBAs y Arquitectos 25
  26. 26. • Available Standards based on :  Oracle’s best practices and Security recommendations  Oracle Database and WebLogic STIG Benchmarks  ORAchk for Engineered Systems and Databases • 1,000s of checks in Compliance Library • Automated remediation with corrective actions • Customizable to meet Internal best practices 1. Leverage Oracle provided rules matching your own 2. Tailor Oracle provided rules with known exceptions 3. Build custom rules to exactly match requirement Ready to Use Compliance Standards Oracle Database meetups para BBAs y Arquitectos 26 PCI ORAchk
  27. 27. Oracle Provided DB Compliance Content Compliance Standards Oracle Database meetups para BBAs y Arquitectos 27 • Pluggable Database ( NEW )  Storage Best Practices for Pluggable Database  Configuration Best Practices for Pluggable Database  Basic Security Configuration for Pluggable Database • Single Instance Database Instance ( and RAC Instance )  DISA Security Technical Implementation Guide (STIG) V1.8  Certification for Oracle Database  Storage Best Practices for Oracle Database  Configuration Best Practices for Oracle Database  Basic Security Configuration for Oracle Database  High Security Configuration for Oracle Database  Patchable Configuration for Oracle Database  Storage Best Practices for Oracle Database  Support Policy for Oracle Database • Cluster Database  DISA Security Technical Implementation Guide (STIG) V1.8  Basic Security Configuration for Oracle Cluster Database  Instance  High Security Configuration for Oracle Cluster Database Instance  Certification for RAC Database  Configuration Best Practices for Oracle RAC Database  Patchable Configuration for RAC Database  Storage Best Practices for Oracle RAC Database  Support Policy for RAC Database • Listener  Basic Security Configuration for Oracle Listener  High Security Configuration for Oracle Listener 500+Individual Compliance Rules
  28. 28. Configuration & Compliance Management Key Features Oracle Database meetups para BBAs y Arquitectos 28 Setup and Maintenance • Comparison Templates – Ignore expected differences • Group Association  Current and future members  Supported – Admin, Dynamic, Static • Test Mode  Test Definition before mass deploy  Option for new group members can be tested before results added Operational • Summary Dashboards  Compliance and Drift • Side by Side Results  Compare CIs across N targets in single view • Incident Management Integration  Standard ruleset notification methodology • Corrective Actions – Manual/Auto
  29. 29. • Drift Management – INTER Target  Large scale and dynamic INTER target configuration difference tracking  Source can be live or saved baseline • Consistency Management – INTRA Target  Auto comparison of member targets  System targets only ( Exadata, Cluster DB, etc ) Drift and Consistency Management Oracle Database meetups para BBAs y Arquitectos 30 Live Baseline Real Application Cluster Oracle Engineered System
  30. 30. Drift and Consistency Management Key Customer Use Cases Oracle Database meetups para BBAs y Arquitectos 31 Drift • DB Initialization Parameters  Saved DB Reference to 1200+ DBs  Compare 50 DB Initialization Parameters Only • Application Patches  Live Fusion App Instance Ref to 1000+  Compare ONLY Patches • Host Configuration  Live Linux Host Reference to 500+ Hosts  Compare Extended configuration collections Consistency • RAC DB Instances  Consistency of instances WITHIN 500+ Cluster  DBs • Data Guard Standbys  Consistency of Primary DB with it’s DG Standby Databases  100s of DB systems • Exadata Storage Cells  Consistency of Storage Cells within Exadata
  31. 31. • “Harden” any database, middleware, host, etc  Initiate remediation Manually or Automatically • Associate corrective actions to compliance rules • Violation context can be passed to repair specific issue Automated Remediation Oracle Database meetups para BBAs y Arquitectos 32
  32. 32. • Compliance Framework  Group Compliance Standards different Target Types • Compliance Standard  Group of Compliance Rules  Specific to Single Target Type • Compliance Rule  Discreet Check or Test  Specific to Target Type • Real Time Facet  Group of related entities Files, Processes or Users Reusable Compliance Hierarchy Oracle Database meetups para BBAs y Arquitectos 33 Compliance Rules Compliance Standards Compliance Frameworks Compliance Manager, Security Auditors DBAs, Admins, IT Managers Real Time Facets
  33. 33. STIG Compliance Oracle Database meetups para BBAs y Arquitectos 34 Database
  34. 34. • STIGs - Security Technical Implementation Guides • Published by US Defense Information Systems Agency • According to the DISA website, “The STIGs contain technical guidance to ‘lock down’ information systems/software that might otherwise be vulnerable to a malicious computer attack.” • Available for Operating Systems, Applications( App Svr, Databases, etc ) and much more. • Who uses them?  Many US Government agencies are required to follow them.  Many US and non-US commercial companies voluntarily follow or base their internal standards on these benchmarks. About STIGs Oracle Database meetups para BBAs y Arquitectos 35
  35. 35. • Challenges  Mainly manual effort to check/validate conformance  Drift over time can result in undetected violations until checks repeated  Very costly and resource intensive to validate • Requirement  Automated solution to continuously validate against the STIGs  Proactive alerting of change resulting in non-conformance STIG Implementation Issues Oracle Database meetups para BBAs y Arquitectos 36
  36. 36. • What is it?  Turn key solution to automatically audit and report conformance of your Oracle 11g and 12c Databases against the STIG benchmark  Based on the DISA Security Technical Implementation Guide for Oracle Database 11g Version 1.8 Rev 1.8 • What do I need to use it?  Enterprise Manager and Agent must be 12.1.0.4 or later • How is it licensed?  It is part of the Oracle Database Lifecycle Management Pack Oracle Database 11g STIG Compliance Standard Oracle Database meetups para BBAs y Arquitectos 37
  37. 37. • Includes both Oracle Database and Oracle Home Checklists • Almost all “Scripted” defined checks have been automated. • ~20% Manual/Interview checks automated. • Remaining require manual Attestation. Oracle Database 12c STIG Compliance Standard Oracle Database meetups para BBAs y Arquitectos 38
  38. 38. Compliance Rule to STIG Mapping Oracle Database meetups para BBAs y Arquitectos 40 * Exceptions Noted in Oracle Database Compliance Standards Reference guide in EM Documentation Compliance Rule STIG Check Name STIG ID + Description Severity Severity Description Check Long Name Rationale Vulnerability Discussion Configuration Extension Script Compliance Rule Type STIG Check Agent-Side Script Manual Manual/Interview
  39. 39. • Findings include violation context • Offending database  Specific Check findings  Date discovered  Guided Resolution • Recommendation offered ( as per STIG documentation.) Detailed and Actionable Findings Oracle Database meetups para BBAs y Arquitectos 41
  40. 40. • Results viewable:  Across Databases  For single Database  For single Check • Historical trend and score information • Schedule and Email • Formats – PDF, HTML, CSV Reporting – Flexible and Integrated Oracle Database meetups para BBAs y Arquitectos 42
  41. 41. • Two Simple Steps 1. Select Standard 2. Select Targets • Results – Almost Immediately • Check run daily ( by default ) • Configurable Notification on violation Simple and Easy to Use Oracle Database meetups para BBAs y Arquitectos 43 1. 2.
  42. 42. • Highly automated • Continuous auditing • Proactively alert on findings and issues • Automated remediation or guidance • Robust and flexible reporting Enterprise Manager – Single Compliance Solution for Cloud For Automated Security Compliance Auditing Oracle Database meetups para BBAs y Arquitectos 44
  43. 43. Angel Freire Ramírez Principal Solution Architect angel.freire@avanttic.com Oracle Database meetups para DBAs y Arquitectos Database

×