Oracle Database Vault has been on the market for a few years now. The product has been constantly improved over the years. But where is it worthwhile to use it? Which security measures can be implemented with it? And from whom does DB Vault protect me at all? In this presentation, the technical possibilities of Database Vault 19c / 21c will be explained in addition to the experiences from two customer projects. We will try to show where the use of Database Vault is worthwhile under certain circumstances and under which conditions it is not. This also includes whether protection against snakes and thieves is ensured. PS: I asked my children what kind of presentation I should submit.The answers were snakes, thieves and cheetahs…
Oracle Database 19c, builds upon key architectural, distributed data and performance innovations established in earlier versions Oracle Database 12c and 18c releases. Oracle 19c has many new features, in this presentation we have covered below areas
Automated Installation, Configuration and Patching
AutoUpgrade and Database Utilities
Maximum Availability Architecture - Best Practices for Oracle Database 19cGlen Hawkins
Provides the latest updates on high availability (HA) best practices in this well-established technical deep-dive session. Learn how to optimize all aspects of Oracle Active Data Guard 19c. See how to use session draining, transparent application continuity, Oracle RAC, and Oracle GoldenGate to mask outages and planned maintenance from users and to accelerate time to repair for single database or your fleet of databases. Hear about the latest HA best practices with Oracle Multitenant and understand how the new sharded architecture can achieve even higher levels of HA and fault isolation for OLTP applications. Find out how everything you know about Oracle Maximum Availability Architecture (MAA) on-premises can be deployed in the cloud.
Oracle Database 19c, builds upon key architectural, distributed data and performance innovations established in earlier versions Oracle Database 12c and 18c releases. Oracle 19c has many new features, in this presentation we have covered below areas
Automated Installation, Configuration and Patching
AutoUpgrade and Database Utilities
Maximum Availability Architecture - Best Practices for Oracle Database 19cGlen Hawkins
Provides the latest updates on high availability (HA) best practices in this well-established technical deep-dive session. Learn how to optimize all aspects of Oracle Active Data Guard 19c. See how to use session draining, transparent application continuity, Oracle RAC, and Oracle GoldenGate to mask outages and planned maintenance from users and to accelerate time to repair for single database or your fleet of databases. Hear about the latest HA best practices with Oracle Multitenant and understand how the new sharded architecture can achieve even higher levels of HA and fault isolation for OLTP applications. Find out how everything you know about Oracle Maximum Availability Architecture (MAA) on-premises can be deployed in the cloud.
What to Expect From Oracle database 19cMaria Colgan
The Oracle Database has recently switched to an annual release model. Oracle Database 19c is only the second release in this new model. So what can you expect from the latest version of the Oracle Database? This presentation explains how Oracle Database 19c is really 12.2.0.3 the terminal release of the 12.2 family and the new features you can find in this release.
Oracle Transparent Data Encryption (TDE) 12cNabeel Yoosuf
This presentation provides an introduction to Oracle Transparent Data Encryption technology in 12c. It is provided as part of Oracle Advanced Security.
Oracle Active Data Guard: Best Practices and New Features Deep Dive Glen Hawkins
Oracle Data Guard and Oracle Active Data Guard have long been the answer for the real-time protection, availability, and usability of Oracle data. This presentation provides an in-depth look at several key new features that will make your life easier and protect your data in new and more flexible ways. Learn how Oracle Active Data Guard 19c has been integrated with Oracle Database In-Memory and offers a faster application response after a role transition. See how DML can now be redirected from an Oracle Active Data Guard standby to its primary for more flexible data protection in today’s data centers or your data clouds. This technical deep dive on Active Data Guard is designed to give you a glimpse into upcoming new features brought to you by Oracle Development.
Automating Your Clone in E-Business Suite R12.2Michael Brown
It is possible to automate the cloning process in Oracle E-Business Suite 12.2. This presentation discusses how to accomplish that and gives some warnings about when it is not possible to run a clone.
For OAUG members, the slides and a recording of the presentation are available on www.oaug.org.
Oracle RAC 12c Practical Performance Management and Tuning as presented during Oracle Open World 2013 with Michael Zoll.
This is part three of the Oracle RAC 12c "reindeer series" used for OOW13 Oracle RAC-related presentations.
This part concludes the main part of the "reindeer series" except for one bonus track "Oracle Multitenant meets Oracle RAC 12c" (available via SlidesShare, too).
Oracle Cloud is Best for Oracle Database - High AvailabilityMarkus Michalewicz
This presentation looks behind the covers and evaluates the offerings provided by various cloud vendors and compares them to the Oracle Database offerings available in the Oracle Cloud. The comparison includes Oracle Database in general, focusing on High Availability (HA) and Disaster Recovery (DR), as those areas have historically distinguished the Oracle Database from other databases and will likely continue to be some of the most distinguishing features when it comes to operating the Oracle Database in the cloud.
Starting with 12c Release 1, Oracle introduced a completely new architecture concept for its database - the Container Database.
With this new architecture, new challenges came up but with the same breath a wide branch of new opportunities.
The presentation will address the capabilities to create fast and easy new (test) databases or clones for a running production database. Five different ways will be discussed.
- Using Local and Remote Cloning
- Using an Unplugged PDB (predefined master)
- Using Refreshable PDBs as a master for new (test) databases
- Snapshot Carousel
Another point of the agenda is the usage of the Snapshot features of ACFS and Direct NFS to speed up the creation process.
ORACLE 12C DATA GUARD: FAR SYNC, REAL-TIME CASCADE STANDBY AND OTHER GOODIESLudovico Caldara
The new release of Oracle Database has come with many new exciting enhancements for the High Availability.
This whitepaper introduces some new Data Guard features. Among various enhancements, special attention will be given to
the new Far Sync Instance and the Real-Time Cascade Standby.
Oracle Real Application Clusters 19c- Best Practices and Internals- EMEA Tour...Sandesh Rao
In this session, I will cover under-the-hood features that power Oracle Real Application Clusters (Oracle RAC) 19c specifically around Cache Fusion and Service management. Improvements in Oracle RAC helps in integration with features such as Multitenant and Data Guard. In fact, these features benefit immensely when used with Oracle RAC. Finally we will talk about changes to the broader Oracle RAC Family of Products stack and the algorithmic changes that helps quickly detect sick/dead nodes/instances and the reconfiguration improvements to ensure that the Oracle RAC Databases continue to function without any disruption
Oracle Data Guard ensures high availability, disaster recovery and data protection for enterprise data. This enable production Oracle databases to survive disasters and data corruptions. Oracle 18c and 19c offers many new features it will bring many advantages to organization.
This version of "Oracle Real Application Clusters (RAC) 19c & Later – Best Practices" was first presented in Oracle Open World (OOW) London 2020 and includes content from the OOW 2019 version of the deck. The deck has been updated with the latest information regarding ORAchk as well as upgrade tips & tricks.
What to Expect From Oracle database 19cMaria Colgan
The Oracle Database has recently switched to an annual release model. Oracle Database 19c is only the second release in this new model. So what can you expect from the latest version of the Oracle Database? This presentation explains how Oracle Database 19c is really 12.2.0.3 the terminal release of the 12.2 family and the new features you can find in this release.
Oracle Transparent Data Encryption (TDE) 12cNabeel Yoosuf
This presentation provides an introduction to Oracle Transparent Data Encryption technology in 12c. It is provided as part of Oracle Advanced Security.
Oracle Active Data Guard: Best Practices and New Features Deep Dive Glen Hawkins
Oracle Data Guard and Oracle Active Data Guard have long been the answer for the real-time protection, availability, and usability of Oracle data. This presentation provides an in-depth look at several key new features that will make your life easier and protect your data in new and more flexible ways. Learn how Oracle Active Data Guard 19c has been integrated with Oracle Database In-Memory and offers a faster application response after a role transition. See how DML can now be redirected from an Oracle Active Data Guard standby to its primary for more flexible data protection in today’s data centers or your data clouds. This technical deep dive on Active Data Guard is designed to give you a glimpse into upcoming new features brought to you by Oracle Development.
Automating Your Clone in E-Business Suite R12.2Michael Brown
It is possible to automate the cloning process in Oracle E-Business Suite 12.2. This presentation discusses how to accomplish that and gives some warnings about when it is not possible to run a clone.
For OAUG members, the slides and a recording of the presentation are available on www.oaug.org.
Oracle RAC 12c Practical Performance Management and Tuning as presented during Oracle Open World 2013 with Michael Zoll.
This is part three of the Oracle RAC 12c "reindeer series" used for OOW13 Oracle RAC-related presentations.
This part concludes the main part of the "reindeer series" except for one bonus track "Oracle Multitenant meets Oracle RAC 12c" (available via SlidesShare, too).
Oracle Cloud is Best for Oracle Database - High AvailabilityMarkus Michalewicz
This presentation looks behind the covers and evaluates the offerings provided by various cloud vendors and compares them to the Oracle Database offerings available in the Oracle Cloud. The comparison includes Oracle Database in general, focusing on High Availability (HA) and Disaster Recovery (DR), as those areas have historically distinguished the Oracle Database from other databases and will likely continue to be some of the most distinguishing features when it comes to operating the Oracle Database in the cloud.
Starting with 12c Release 1, Oracle introduced a completely new architecture concept for its database - the Container Database.
With this new architecture, new challenges came up but with the same breath a wide branch of new opportunities.
The presentation will address the capabilities to create fast and easy new (test) databases or clones for a running production database. Five different ways will be discussed.
- Using Local and Remote Cloning
- Using an Unplugged PDB (predefined master)
- Using Refreshable PDBs as a master for new (test) databases
- Snapshot Carousel
Another point of the agenda is the usage of the Snapshot features of ACFS and Direct NFS to speed up the creation process.
ORACLE 12C DATA GUARD: FAR SYNC, REAL-TIME CASCADE STANDBY AND OTHER GOODIESLudovico Caldara
The new release of Oracle Database has come with many new exciting enhancements for the High Availability.
This whitepaper introduces some new Data Guard features. Among various enhancements, special attention will be given to
the new Far Sync Instance and the Real-Time Cascade Standby.
Oracle Real Application Clusters 19c- Best Practices and Internals- EMEA Tour...Sandesh Rao
In this session, I will cover under-the-hood features that power Oracle Real Application Clusters (Oracle RAC) 19c specifically around Cache Fusion and Service management. Improvements in Oracle RAC helps in integration with features such as Multitenant and Data Guard. In fact, these features benefit immensely when used with Oracle RAC. Finally we will talk about changes to the broader Oracle RAC Family of Products stack and the algorithmic changes that helps quickly detect sick/dead nodes/instances and the reconfiguration improvements to ensure that the Oracle RAC Databases continue to function without any disruption
Oracle Data Guard ensures high availability, disaster recovery and data protection for enterprise data. This enable production Oracle databases to survive disasters and data corruptions. Oracle 18c and 19c offers many new features it will bring many advantages to organization.
This version of "Oracle Real Application Clusters (RAC) 19c & Later – Best Practices" was first presented in Oracle Open World (OOW) London 2020 and includes content from the OOW 2019 version of the deck. The deck has been updated with the latest information regarding ORAchk as well as upgrade tips & tricks.
SOUG Day Oracle 21c New Security FeaturesStefan Oehrli
With the Innovation Release 21c Oracle has introduced one or the other security feature. These include small improvements that make DB operation more secure and easier. But also completely new concepts like DB Nest, which introduce a new approach for databases, how DB security can be implemented in multitenant.
[db tech showcase Tokyo 2018] #dbts2018 #B31 『1,2,3 and Done! 3 easy ways to ...Insight Technology, Inc.
[db tech showcase Tokyo 2018] #dbts2018 #B31
『1,2,3 and Done! 3 easy ways to migrate to the cloud!』
Data Intensity - Director of Innovation Francisco Munoz Alvarez 氏
Oracle 12c comes with a new Security offer, and a set of new features related to. By default, Oracle is not very well secured but it comes with a lot of tools and options to improve the security inside the database. The presentation will show to attendees that building a strong security policy based on 4 security topics can improve the data security. These ones are Authentication, Authorization, Encryption and Audit. Each of these four topics will be detailed by presenting Oracle 12c new security features, for example: privilege analysis, transparent network encryption and checksumming, unified auditing etc. Finally, a presentation on Database Vault will be made to show how a "divide and conquer" policy can improve the global security of Oracle databases.
IaC MeetUp Active Directory Setup for Oracle Security LABStefan Oehrli
There is always that one problem that you want to analyze or that new feature that you briefly want to test. But often you lack a corresponding LAB environment. Especially if several systems and services like MS Active Directory have to be tested in combination. In this presentation we will show how IaC, scripts etc. can be used to create LAB environments quickly and easily. We will show how to configure VMs with Vagrant to test specific topics like Oracle Database Integration with Active Directory. In addition to Vagrant, we will also take a brief look at Docker Containers and Terraform Deployment on OCI, and see how you can create a corresponding LAB environment with moderate effort. The presentation will be complemented by corresponding demos and examples.
Click, click, click and I have already built my infrastructure in the cloud. But do you still know what you have built afterwards? With Infrastructure as Code or Terraform, cloud resources can be built, changed and deleted again relatively easily. This is ideal for dynamically building test and lab environments. But how do you make sure that a wrong command in the Terraform configuration does not dismantle the whole infrastructure again or shoot the costs up to astronomical heights? Where is the boundary between IaC testing and the actual release tests on the generated systems? Using Accenture Lab and training environments as an example, I will show various aspects around deploying cloud based infrastructures with Terraform. This course presentation will be complemented with demos and examples.
Authentication is an integral part of security. If authentication or passwords are insufficient, all further security measures are obsolete. But how do you ensure that passwords are complex? We will explain the different password hashes and show how to make sure authentication is secure.
Security Best Practice: Oracle passwords, but secure!Stefan Oehrli
Authentication is an integral part of database security. If authentication or passwords are insufficient or inadequate, all further security measures are generally useless. But how do you ensure that passwords are complex and authentication is secure? In this presentation, the password hashes will be explained and it will be shown how to make sure passwords and authentication are state of the art. Focusing on the current versions of the Oracle database, the following topics will be discussed:
- Oracle database authentication
- Password verification and hashes
- Where can I find password hashes?
- Check and password hashes.
- Discussion of various risks related to authentication.
- Discussion of password policies and strong passwords.
- Customer Use Case in the DB Vault environment "ups we have forgotten the passwords".
The presentation will be supplemented by corresponding examples and live demos.
SOUG PDB Security, Isolation and DB Nest 20cStefan Oehrli
Lockdown Profile, PDB_OS_CREDENTIALS and other measures to enhance security and isolation of multitenant databases are available since Oracle 12c. Unfortunately only a part of the desired measures can be technically implemented. With the latest release of Oracle 20c a new features called DB Nest has been introduced. DB Nest introduced an other approach to security in PDBs. In this presentation we will discuss the new approach and its possibilities to increase database security of PDBs. The presentation will be completed by corresponding examples and live demos.
Security Best Practice: Oracle passwords, but secure!Stefan Oehrli
Authentication is an integral part of database security. If authentication or passwords are insufficient or inadequate, all further security measures are generally useless. But how do you ensure that passwords are complex and authentication is secure? In this presentation, the password hashes will be explained and it will be shown how to make sure passwords and authentication are state of the art. Focusing on the current versions of the Oracle database, the following topics will be discussed:
– Oracle database authentication
– Password verification and hashes
– Where can I find password hashes?
– Check and password hashes.
– Discussion of various risks related to authentication.
– Discussion of password policies and strong passwords.
– Customer Use Case in the DB Vault environment "ups we have forgotten the passwords"
The Oracle Cloud allows to build and configure various infrastructure resources. But you won't get far by just using "click acrobatics" via Web Console, especially if you want to build several similar and complex environments. A mouse click cannot be saved just like that. Oracle offers several API's to create and manage objects in OCI, e.g. Oracle OCI commandline utility, OCI SDK, Terraform Provider etc. This presentation will explain how to implement Infrastructure as Code in OCI using Terraform and the Oracle Terraform Provider. Using a training environment as an example, it will be shown how to build components with Terraform Server, databases and network components and how to scale them in terms of resources or number.
DOAG Oracle Unified Audit in Multitenant EnvironmentsStefan Oehrli
Oracle Audit is a well-known and proven database functionality. Or maybe not? What does auditing look like in combination with Oracle Multitenant Databases? Does database and Unified Audit work analogous to existing configurations? In the context of this presentation the auditing in the environment of container databases will be examined more closely. It will be shown what has to be considered and how an auditing concept has to be adapted to the new architecture. With focus on the current versions of the Oracle database, specific problems and workarounds in the area of Unified Audit will be shown. The presentation will be complemented by corresponding examples and live demos.
SOUG Oracle Unified Audit for Multitenant DatabasesStefan Oehrli
Oracle Audit is a proven database functionality. Or maybe not? How does auditing look like in combination with Oracle Multitenant DBs? Does DB and Unified Audit work analogous to existing configurations? In the context of this lecture audit in Container DBs (19c/20c) will be discussed more closely. We will shown where to pay attention and how to adapt an audit concept to the new architecture. Specific problems and workarounds will be shown. The presentation will be complemented by demos.
UKOUG Techfest 2019 Central user Administration of Oracle DatabasesStefan Oehrli
Security is one of the key challenges for on-premises and cloud based databases nowadays. However, the appropriate security and hardening measures generally only make sense if authentication and authorization have already been implemented with appropriate care. Instead of the decentralized administration of users, privileges and roles in each database, it is easier and more secure to manage them centrally. The latest version of Oracle offers different possibilities to implement this requirement. With focus on the current versions of Oracle Database the following topics are discussed among others:
• Password verifier and strong authentication like Kerberos and SSL.
• Options for central user administration of Oracle databases.
• Oracle EUS versus CMU
• Integration of Oracle Database 19c with Active Directory Services
• Sample setup of an Oracle database with Active Directory Integration via Centrally Managed User (CMU)
The presentation is complemented by appropriate examples and live demos.
UKOUG TechFest PDB Isolation and SecurityStefan Oehrli
The same principles and measures of database security can be implemented in container databases as in normal single-tenant environments. However, if the container databases are to be used securely by various tenants with more or less high system privileges, additional security measures are required. Especially if access to the operating system is granted directly or indirectly with JVM, external tables, scheduler jobs or directories. The aim of this presentation is to evaluate database security in the focus of container databases and to discuss appropriate measures. This includes the use of lockdown profiles, PDB_OS_CREDENTIALS and various other measures and features. Where useful, the presentation is complemented by appropriate examples and demos. As far as possible, it is also shown how Oracle handles these problems in its cloud solutions (e.g. Autonomous Database).
Security is one of the key challenges for on-premises and cloud based databases today. But the appropriate security and hardening measures usually only make sense if authentication and authorisation have already been implemented with appropriate care. Instead of decentralised administration, where users, rights and roles are managed in each database, it is clearer and more secure to manage them centrally. The latest version of Oracle offers different possibilities to implement this requirement.
Oracle unterstützt seit längerem die Nutzung von Docker für die Oracle Datenbanken. In der Theorie wird mit einem einfacher docker run aus einem Docker Image ein Container instanziiert. Doch wieso ist der DB Container nicht in wenigen Sekunden bereit? Wo kommt mein Oracle DB Image überhaupt her und was geschieht, wenn der Container wieder gestoppt wird? Dieser Vortrag erläutert, wie Oracle DBs in einem Docker Image installiert, konfiguriert und anschliessend als Container betrieben werden.
Oracle has long supported the use of Docker for Oracle databases. In theory, a simple docker run instantiates a container from a docker image. But why isn't the DB container ready in a few seconds? Where does my Oracle DB image come from and what happens if the container is stopped again? This talk explains how Oracle DBs are installed, configured and then operated as containers in a Docker Image.
Sicherheit ist heutzutage eine der zentralen Herausforderungen für On-Premises und Cloud basierte Datenbanken. Doch die entsprechenden Sicherheits- und Härtungsmassnahmen sind in der Regel nur sinnvoll, wenn bereits die Authentifizierung und Autorisierung mit entsprechender Sorgfalt umgesetzt wurde. Anstelle der dezentralen Verwaltung der Benutzer, Rechte und Rollen in jeder Datenbank ist es dabei übersichtlicher und vor allem sicherer, diese zentral zu verwalten. Die aktuellste Version von Oracle bietet hierbei verschiedene Möglichkeiten diese Anforderung umzusetzen. Mit Fokus auf die aktuellen Versionen von Oracle Database 18c / 19c wird die Integration mit Centrally Managed User und Active Directory Services erarbeitet.
Oracle does support Docker for a couple of products since a while. In theory, a simple "docker run" instantiates a container from a docker image. But why isn't the DB container ready in a few seconds? Where does my Oracle DB image come from and what happens if the container is stopped again? The functional scope as well as the size of Oracle database container presuppose that one or the other thoughts about the use and the operation are made in advance. This includes topics such as data persistence, licensing and other operational aspects. This presentation explains how Oracle databases can be installed, configured and operated as containers in a Docker Image.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
2. 2
§ Together we are 1500 specialists at 34 locations in
Switzerland, Germany and Austria with a focus on Data &
Applied Intelligence.
§ Together we support you in the intelligent end-to-end use
of your data.
§ We cover the entire spectrum: from the development and
operation of data platforms and solutions, to the
refinement of data as well as consulting and training.
§ We achieve this through the unique combination of Trivadis'
technological expertise and Accenture's strategic know-how
in the field of data.
TRIVADIS & ACCENTURE: #1 FOR DATA & AI
3. 3 OUR RANGE OF SERVICE
BUSINESS
ANALYTICS
BUSINESS
AUTOMATION
MODERNE DATEN-
PLATTFORMEN
MODERNE CLOUD-
INFRASTRUKTUR
4. 4 VISIT OUR BOOTH IN GATHER.TOWN - STAGE 1
§ Find us on stage 1 to the right of
the escalator
§ Play our game «ALPAKA»
§ Meet our experts at the booth
§ Attend the interview about the joint future of
Trivadis and Accenture on
Thursday, 18.11.2021, 11:50h
(DOAG Studio)
5. 5 HALLO, GRÜESSECH, HI!
§ Since 1997 active in various IT areas
§ More than 24 years of experience in Oracle databases
§ Focus: Protecting data and operating databases securely
o Security assessments and reviews
o Database security concepts and their implementation
o Oracle Backup & Recovery concepts and troubleshooting
o Oracle Enterprise User and Advanced Security, DB Vault, …
o Oracle Directory Services
§ Co-author of the book The Oracle DBA (Hanser, 2016/07)
STEFAN OEHRLI
PLATFORM ARCHITECT
6. 6 AGENDA
§ Introduction
§ Oracle Database Vault in a Nutshell
§ Latest Database Vault Features
§ Conceptual Considerations
§ Good Practice
§ Further Measures
§ Alternatives to Database Vault
§ Conclusion
Thief
Snake
Cheetah
8. 8 PROTECT FROM WHOM?
§ Theft of backups
§ Disclosure / access to
the storage medium
§ Datafile (modification, access)
Thief
Snake
Cheetah
§ Privileges escalation
§ Improper use of rights
§ Vulnerabilities and
misconfiguration
§ Excessive and unnecessary
user authorizations
§ Denial of Service
§ Unmonitored sensitive data
§ Input Injection / SQL Injection
9. 9 THE PROBLEM
§ Database with classified data
o Individual Objects
o Schemas or whole database
§ High privileges users are not allowed to read / modify data
o User with ANY privileges
o User with administrative privileges e.g., SYSDBA
o OS user oracle
o OS super user like root
§ No segregation of duties enforced
Highly privileged users can basically read everything or
assign themselves the appropriate rights.
11. 11 ORACLE DATABASE VAULT…
§ …provides advanced controls for sensitive data
o Basic security concept is still necessary respectively even mandatory
§ … integrated with existing security measures and features
o Transparent Data Encryption
o Oracle Multitenant architecture
o Enterprise User Security
o Secure Application Roles, Data Redaction, Virtual Private Database and other security features
§ … implements a few basic security measures by just switching it on.
o Update existing database roles
o Modify some commands by adding command rules
o Change some init.ora parameter
12. 12 DATABASE VAULT BASIC FEATURES
§ Controls for privileged accounts
§ Controls for database configuration
§ Enforce separation of duty out of the box
§ Operation Control and Manageability
o Day to day DB Administration ”as usual”
under the premise of separation of duties
§ Integration through a change of binaries
§ Database Vault is based on the existing access and protection
§ Rule sets for four eyes principle possible
§ Only data in a realm is protected
o A realm is a functional group of schemas and roles
o A realm must be set up after activation of Database Vault
13. 14 ACCESS WORKFLOW
§ Verify if object is protected by a REALM
§ Verify if a ANY or system privilege is used
§ Check if REALM is mandatory
§ User must be part of the REALM
§ Is there a RULE SET defined?
§ How does the RULE SET evaluate?
§ Is there a COMMAND RULE defined?
§ Command is either executed or not
16. 17 MAJOR ENHANCEMENTS OVER THE PAST RELEASES
§ Oracle Database 12c Release 1 and 2
o Introduction of the Oracle Database Vault Simulation Mode
o Vault Mandatory Realms e.g., to control access to own objects
§ Oracle Database 19c
o Enhanced support for Unified Audit Policies
o Database Vault Operations Control for Infrastructure Database Administrators in Oracle Multitenant
o Enhancements to Oracle Database Vault Simulation Mode
o Ability to Grant Data Pump-Database Vault Authorizations to Roles
o Oracle Database Vault Support for Oracle Database Replay
§ Oracle Database 21c (innovation release)
o Operational Improvements e.g., no Need to Disable Oracle Database Vault Before Upgrades
o Better support for Oracle Multitenant
o Uninstalling and Installing Oracle Label Security and Oracle Database Vault Now Supported
18. 19 RECOMMENDED PREREQUISITES FOR DATABASE VAULT
§ Existing Database Security Concept covering Users and Roles
§ Moderate Database Hardening
o Database Vault for a DB with holes like a Swiss Emmental makes no sense
§ Have an idea about Operation and Administration Use Cases
o What has to be done by a DB operator?
o What activities are performed by a DBA?
o => Get an idea of where additional costs might be generated
§ Have an idea about Application Use Cases
o Who is doing what?
§ Propre data classification or be sure what requires protection
§ Review what is available
o Pre-Defined Oracle Database Vault configuration / guidelines for SAP, People Soft and more
19. 20 DATABASE VAULT ADMINISTRATION USE CASES
Administration Task Oracle Database Vault operational
controls required?
Comments
Starting up and shutting down the
database
No
Managing database initialization
parameters
Yes Some parameters are protected by the
ALTER SYSTEM command rule.
Managing users and roles Yes
Oracle Data Pump Yes Proper Oracle Database Vault
authorization should be granted
before doing this task.
EXPLAIN PLAN Yes PLAN_TABLE should be accessible to
DBA.
20. 21
§ Not everything what is possible should be done
o REALMS
o COMMAND RULES
o RULES / RULE SET
o FACTORES
§ Use a simple as possible concept
§ The more complex the configuration, the more vulnerable
to vulnerabilities
§ Plan enough time to application and functional tests
§ Database Simulation Mode does help
KEEP THE CONFIGURATION SIMPLE
21. 22 OBJECT TYPES
§ Object types that can be protected by realms. Use them all?
CLUSTER LIBRARY ROLE
DIMENSION MATERIALIZED VIEW SEQUENCE
FUNCTION MATERIALIZED VIEW LOG SYNONYM
INDEX OPERATOR TABLE
INDEX PARTITION PACKAGE TRIGGER
INDEXTYPE PROCEDURE TYPE
JOB PROGRAM VIEW
22. 23 PL/SQL API
BEGIN
DVSYS.DBMS_MACADM.CREATE_REALM(
realm_name => 'TVD_SCOTT',
description => 'Protect highly sensitive SCOTT schema',
enabled => 'Y',
audit_options => 3,
realm_type =>'0' );
END;
/
§ Database Vault is configured using the PL/SQL API
§ Not that simple for engineering but easy reproducible (script)
26. 27 GOOD PRACTICE AND WHITE PAPERS
§ Check the security configuration of your database
o Oracle Database Security Assessment Tool (DBSAT) and Support Note 2484219.1
o Oracle Data Safe - unified control center for your Oracle databases
o CIS Assessor Tool CIS Cat Pro
§ Do the security audit initially as well on a regular basis
o Configuration may change
§ Consider the Oracle White Papers regarding Oracle Database Vault
o Oracle Database Vault DBA Administrative Best Practices
o Does provide information about different administration tasks and the impact
o Oracle Database Vault Best Practices
o General information and best practices for implementing Oracle Database Vault protections
27. 28
§ Verify Database Vault configuration using simulation Mode
§ Configured when creating REALMS or COMMAND RULES
§ Protection is enabled but not enforces
§ Violations are reported in DBA_DV_SIMULATION_LOG
§ Database Vault use either traditional or unified audit
§ Traditional Audit use DVSYS.AUDIT_TRAIL$ table
§ Unified Audit does support policy based auditing
§ All goes to the unified audit train
AUDIT AND SIMULATION
28. 29 MANDATORY REALMS
§ User with object privileges can always access an
object
§ Consider using Mandatory REALMS
Mandatory REALMS …
§ … can block object owners and object privileged users
§ … provide more flexible configurations for access control
§ … add a layer of protection during patch upgrades
§ ... secure tables during runtime
§ … freeze security settings by preventing changes to
configured roles
29. 30 BACKUP ACCOUNTS
§ DBA or SYSDBA can no longer do everything
o Segregation of duties
§ DV_OWNER is the schema owner
o Configure / control Database Vault
§ DV_ACCMGR is the account manager
o Only user who can maintain accounts
Loss of passwords for DV_OWNER / DV_ACCMGR
means loss of control over Database Vault
§ Make sure you do have backup accounts with DV_OWNER
and DV_ACCMGR
o => Also, a risk for a backdoor
31. 32 ORACLE TRANSPARENT DATA ENCRYPTION
§ Database Vault provides advanced controls only within the
database
o REALMS, RULES, FACTORS, COMMAND RULES
§ No measures for external access
o Theft of backups
o Disclosure / access to the storage medium
o Datafile manipulations e.g., hexedit, strings etc.
§ Oracle Advanced Security and Transparent Data Encryption is a
mandatory companion
o Protect data at REST
o Secure Backup Thief
32. 33 USE CENTRAL MANAGED USERS / ROLES
§ Database Vault enforce segregation of duties
o DBA is no longer maintaining accounts
o Task is handed over e.g., Service Desk, Sec
Operation, IAM etc.
§ Increased effort for decentralized account
management
§ Consider using
o Oracle Centrally Managed Users (CMU)
o Oracle Enterprise User Security (EUS)
§ Account Management is done centrally
§ Ideally integrated with an IAM solution
33. 34 NETWORK ENCRYPTION
§ By default SQL*Net Traffic is not encrypted
§ Everybody on the network can read the TCP packets
§ Encryption on transportation is recommended
§ Oracle Native SQL*Net encryption using
SQLNET.ENCRYPTION_CLIENT or
SQLNET.ENCRYPTION_SERVER
o Simple and transparent
o Does work for any Oracle Client
§ SSL Network Encryption using Secure Listener TCPS
o Requires Certificate
o Can be combined with Authentication
35. 36 PDB ISOLATION
A multitenant container database provides the following
features beyond regular security measures:
§ PATH_PREFIX and CREATE_FILE_DEST clause to limit data
files and directory objects to certain paths.
§ PDB_OS_CREDENTIAL parameter assigning a dedicated user
account for OS interactions
§ Lockdown profiles to restrict certain operations or
functionalities in a PDBs
37. 38
§ Third party tools to “monitor” the database access
§ McAfee Database Activity Monitoring
o Running on the Database Server / SGA
§ Imperva SecureSphare
o Network Appliance; Some kind of an application firewall
§ IBM Guardian
o Database / Application firewall
§ Oracle Database Firewall and Audit Vault Server
o Software Appliance
§ All tools must learn the access rules / firewall rules
o More or less; predefined rules are available
§ Residual risk that the tools can be bypassed
ACTIVITY MONITORING / DATABASE FIREWALL
39. 40 CONCLUSION
§ Oracle Database Vault has matured
o Shortcomings such as those in Oracle 9i, 10g are pass
§ Advanced controls for a robust protection of sensitive data
o On-premises and especially in cloud environments
§ A clear security concept is a mandatory prerequisite
o E.g., user and role concept, hardening, data classification
§ Accompanying measures such as TDE, CMU, etc. are required
§ The additional effort is to be verified
o E.g., License costs, operating expenses, etc.
The question remains whether data is
so important that it is worth the effort
40. TOGETHER WE ARE
#1 PARTNER FOR BUSINESSES TO
HARNESS THE POWER OF DATA
FOR A SMARTER LIFE