Autonomous Data Guard: Disaster Recovery Protection with a Couple Clicks in the Cloud

What improvement can we roll out for our Oracle Generation 2 Cloud that would truly take the current Oracle Autonomous Database to the next level? I think the answer lays in the most requested feature for the Autonomous Database which is disaster recovery (DR) that leverages all the fantastic capabilities of Active Data Guard which are available in our Exadata Cloud Service and Database Cloud Service offerings combined with all of the advanced automation and self-management capabilities of the Autonomous Database. 

So, now the obvious question is, what exactly is Autonomous Data Guard? Autonomous Data Guard provides a fully managed high availability and disaster recovery configuration across Availability Domains (ADs) with the simple click of a button or REST API call to enable it. ADs are independent and isolated data centers separated by kilometers within a region to make them resilient to disasters. In the case of a disaster after zero data loss is validated and confirmed, Autonomous Data Guard can switchover over to the standby with just a few clicks. In the case of possible data loss, the customer can choose whether they still want to switch over to the standby. 

In a nutshell, it utilizes a combination of advancements made in the Oracle Autonomous Database Multitenant architecture with the capabilities of Data Guard to provide you with the most resilient and automated disaster recovery humanly (pun intended, perhaps superhumanly would be a better term) possible.

When will Autonomous Data Guard be available on Autonomous Database? The answer is that it depends on the Autonomous Database service. Autonomous Database Shared (ADB-S, Serverless) is available today with support for Autonomous Database Dedicated (ADB-D) coming in the subsequent future. 

Okay, enough of the announcement details and the various technologies utilized, how can you enable it in your Autonomous Database Shared environments? The good news is that it couldn’t be simpler.Whether you are creating a new Autonomous Database – Shared instance (as I have done in this case, creating a brand new instance within my tenant) or using one previously spun up, you can simply navigate to the instance in question as shown below and click “enable” for the Autonomous Data Guard option.

Next, we get a quick notice that enabling Autonomous Data Guard will spin up a Standby database instance which will incur additional service charges which isn’t a surprise as it is yet another resource running in my tenant. I will of course click “Enable Autonomous Data Guard” to continue my adventure in having a full DR environment provisioned and configured for me autonomously with no more than 2 clicks so far.

The excitement begins to mount as I can now see that Autonomous Data Guard is updating my Autonomous Data - Shared instance by provisioning my standby database in another availability domain (AD). Not only that, but if I look closely I can already see a “Switchover” option has appeared which begs to be pressed to test it out as soon as provisioning is complete.

Upon completion, we now see the following screen informing me of success and the updated “Peer State” as "available".

At this point, my DR environment has been fully provisioned and configured by Autonomous Data Guard and is already providing me with the desired protection. Let’s perform a switchover now to the standby database by clicking on “Switchover” which will pull up a dialog confirming that I indeed want to manually switchover to the standby database. I of course will type in the name of my database and click the associated button in the dialog to confirm my wonderful decision to move forward with the switchover.

Now, we wait a short time in excited anticipation to see the switchover in action protecting my data as we go through the role transition. We see the peer state has changed to "Role Change in Progress".

I am then informed that the switchover is complete and that no data loss occurred. Mission complete, but what about my standby database? Don’t I need that re-provisioned? Oh wait, Autonomous Data Guard has already taken care of that for me and is re-provisioning it!! I guess I will just drink my coffee.

Once that completes, I get the good news that my standby database is back up and running and thus my peer state is “Available” again. My data is once again completely protected by Autonomous Data Guard and now I can go get some more coffee.

Alright, the good news is that there is not much else to say thanks to all of the automation built into the system. I suggest taking it for a spin yourselves when you get a chance in whichever region you are running.

Source: oracle.com

Continue reading

Autonomous Database comes to the customer datacenter

Big News:  Autonomous Database is now available for on-premises use via Autonomous Database on Exadata Cloud@Customer

Developers and administrators of database applications can now use the best database in the world, the Oracle Autonomous Database, which was previously only available in Oracle Public Cloud, now on-premises to support applications in your company’s data center. Autonomous Database on Exadata Cloud@Customer enables the simplest transformation to database cloud self-service and a pay-per-use, with identical hardware, software and pricing in both public cloud and on-premises.  

What’s Autonomous Database

Autonomous Database represents a shift in the database industry similar to what’s happening in the auto industry where cars are now parking and driving themselves, without direct human intervention.  Autonomous Database is bringing both a technological shift and a financial model change to the way people leverage the best database in the world, Oracle Database.  Autonomous Database delivers a machine-learning driven, self-managed database capability that natively builds in Oracle’s extensive technology stack and best practices for self-driving, self-securing and self-repairing operation. The Autonomous Database is completely self-managed, allowing you to focus on business innovations instead of technology and is consumed in a true pay-per-use subscription model to lower operational cost. 

What’s Exadata Cloud@Customer

Many companies cannot simply move to public cloud due to challenges involving the regulatory nature of their data, data sovereignty laws requiring data to stay in country of origin, and the complexities of systems entanglement present in enterprise architectures. Systems entanglement happens because individual applications are coupled to others in such a way that changes to one impact the others, thereby complicating a move to public cloud.  To mitigate these challenges while providing customers the benefits of cloud self-service and a pay-per-use financial model, Oracle introduced Exadata Cloud@Customer in 2017, bringing the cloud to customers who cannot simply transform to public cloud. 

What’s unique about Autonomous on Exadata Cloud@Customer

With the introduction of Oracle Autonomous Database on Exadata Cloud@Customer (ADB-ExaC@C), the responsibility for managing both the infrastructure and the database software is transferred to Oracle’s autonomous operations and Oracle becomes responsible and accountable for the health and lifecycle operations of the databases. Exadata Cloud@Customer enables users of Autonomous Database to take advantage of their architectural Identicality with Oracle public cloud and the Cloud@Customer experience on-premises in the customer data center. Architectural Identicality enables hybrid usage such as development and stress testing in public cloud with production deployment on-premises.  Further, Autonomous Database is uniquely elastic in that it can auto-scale up and down based on the real-time incoming workload while staying completely online, thus enabling a true pay-per-use model for ADB-ExaC@C users.  The Autonomous Database also handles workload isolation and dynamic resource allocations to prevent the underutilization of physical resources and further optimize costs.  These ADB-ExaC@C capabilities mean users no longer have to worry about administrative tasks such as database updates or security patching which are handled by Oracle’s autonomous fleet operations.  Customers simply put autonomous operational policies in place and the autonomous software layers operate within the guidelines of the policies and the end result is a database cloud in the customer data center that provides governance and best practices for IT while delivering independence, agility and complete self-service for developers and line of business DBAs.

Getting started with Autonomous Database on Exadata Cloud@Customer

Autonomous Database on Exadata Cloud@Customer is easy to get started and begins with subscribing to some dedicated Exadata Cloud@Customer infrastructure.  Oracle delivers and works with IT to register and activate the infrastructure with a regional control plane in Oracle’s public cloud.  Autonomous Database on Exadata Cloud@Customer delivers a win-win for both IT and project team developers because IT gets governance and best practices in place while freeing developers to innovate with a simple to use self-service database cloud.

An IT Fleet group is created and allocates VM Clusters and Database Containers for the business, separating out dev-test, pre-production, and production environments according to best practices.  Project team developers and/or DBAs are given access to specific labeled environments with quotas settled on by organizational budgeting plans.  The developers and DBA’s self-service Autonomous Database within the limits of their issued quota and are free to create, start, stop, scale, clone, terminate and other actions on their Autonomous Databases completely independent of the Fleet Admin group.  It’s possible for developers to get a mission-critical Autonomous Database with the click of a button or the call of a CLI or REST command in what amounts to seconds.

Problem Solved

Autonomous Database on Exadata Cloud@Customer solves the regulatory and systems entanglement challenges some customers have that prevent a move to a public cloud. It brings the benefits sought after in a cloud based database solution right to their data center.  It gives customers a complete self-service database capability implementing Oracle best practices in a self-managed, autonomous solution. Autonomous Database on Exadata Cloud@Customer enables the simplest transformation to database cloud, optimizing cost thru true pay-per-use,  eliminating manual labor and human errors with a machine learning based self-driving, self-securing and self-repairing database.

Source: oracle.com

Continue reading

Keeping Data Safe – on-premises!

Most organizations rely on databases to manage their most critical asset – their data.  If not protected, this data can become their biggest liability.  Last year, we introduced Oracle Data Safe to help customers secure their cloud databases and help them meet compliance regulations.  It wasn’t long before we were asked to expand Data Safe’s scope and also include support for databases on-premises.  We are excited to announce that Data Safe is now also available for your Oracle Database on-premises, bringing the same level of security and visibility to all of your databases, whether cloud or on-premises.

While many organizations are moving or evaluating their move to the cloud, many others continue to retain their critical databases on-premises. However, data security requirements remain, and these databases are equally susceptible to cyberattacks and subject to compliance regulations. Security teams worry about risks with their databases' configuration, users, and data. 

◉ Is my database configured securely? What are the gaps? Has my database drifted away from its approved configuration?

◉ Who are my privileged users? Are they following our security policies?  What if they become the target of an attack?

◉ Can we audit our user activities? What activities should I audit?

◉ What sensitive data do I have, where, and how much?  How much risk do I have?

◉ Can I protect our sensitive data outside of production environments for test and dev?

Organizations want to address these challenges, but without special expertise, time, and resources, the status-quo takes over, and the security risks just keep piling up. Attackers don't wait – they go for easy targets with lots of monetizable data. Auditors don't wait either. 

Data Safe addresses security challenges for on-premises databases with a cloud service that detects gaps in databases’ defensive posture. The easy to use cloud service provides visibility into security issues with data and database users. Data Safe provides recommendations on how to contain security risks and highlights any drifts from approved security baselines.  It discovers and categorizes sensitive data, and for non-production databases, it anonymizes and masks sensitive data to minimize security. With Data Safe, all security data along with the related reports and alerts are available in a single dashboard.

Instead of spending many months deploying and managing multiple point products for each of the above challenges, you can use Data Safe right away as your single, unified security service with an integrated dashboard.

Data Safe works with all Oracle databases, whether on-premises or in the cloud, including Oracle Database Standard Edition and Enterprise Edition, Exadata, and Oracle Autonomous Database.

Data Safe takes just minutes to configure and provides actionable information within the first hour. No deployment hassles.  No management hassles.  No deep security expertise needed.  No technology risk – it’s a cloud service that requires no deployment or maintenance and grows as your needs change.

Continue reading

Oracle Data Safe: Five Ways to Help Protect Your Digital Assets

Data is one of your most valuable assets. If you don’t protect it properly, this same data can become your biggest liability. Just ask any of the companies who have been in the news after they experienced a large breach. They lost not just highly sensitive personal, financial, health and IP data, but it also often impacted their brand and resulted in significant remediation expenses and fines.

With today’s cyber attackers using advanced, automated hacking tools, typical organizations with limited expertise, time, or tools do not stand a chance against this asymmetric warfare. The question for them becomes not if they will be breached, but when.

Without technology and automation, most organizations are sitting ducks. We need to rethink how to defend databases, the repository of most sensitive assets.

What About the Cloud?

As breach awareness has gone up, our customers are increasingly asking about security as they move their databases to the cloud. First and foremost, they are concerned with the security of the underlying OS, VMs, and networking infrastructure. But they are also asking about protection and isolation from the cloud service providers as well.

As customers hear about our cloud security, along with the on-line security patching, strict separation of duties for our administrators, and always-on encryption options for cloud databases, those concerns are alleviated.

As we double-click into their remaining concerns, the following issues bubble up:

• Are my databases configured securely? Are there any gaps?
• Where is my sensitive data? Is it properly secured? 
• Who are my risky users? What are they doing? What could they do, given their privileges?
• Can I meet my compliance requirements?

Customers want to protect their systems 24x7x365 because a single hit could lead to a total loss. But protecting is not straight forward without automation and unification.   

Enter Data Safe!

In response to customer concerns, we created Oracle Data Safe – a modern, unified, and automated security service – to help defend customers’ databases on Oracle Cloud. Data Safe is designed to detect gaps in their defensive posture, give visibility into security issues with data, users, and applications, and provide recommendations on how to contain security risks.

Five Primary Features of Oracle Data Safe

At a high-level, Data Safe provides:

• Database Security and Compliance Assessment: Data Safe helps ensure your databases are securely configured. It identifies drifts from best practices, offers recommendations for remediation, and helps you comply with regulations such as EU GDPR, DISA STIGs, and CIS Benchmarks. It categorizes and prioritizes these risks so that you can decide which ones to address first.
• User Risk Assessment: Data Safe can create reports on your users, roles, and privileges, highlighting critical users you should closely monitor/control. It can further analyze static and dynamic user profiles highlighting last login times and IP addresses. As hackers typically target users, it is critical to understand the gaps they might exploit.
• User Activity Auditing and Reporting: Data Safe can track database user activity and raise alerts on risky actions, a must-have requirement for many regulations. You can select from default audit policies for regular and privileged users and use one of many out-of-the-box audit reports for various database activities. You can retain the audit data for up to a year for forensics in case something were to go wrong.  
• Sensitive Data Discovery: Today most customers do not know what sensitive data they have and where it is located. Data Safe helps you discover the amount and location of 125+ different types of sensitive data across hundreds of columns spanning multiple databases. Customers can also add support for their own custom sensitive types easily. Once you know how much sensitive data you have and where it resides, it is easier to assess the risk and protect that data.
• Data Masking: Data Safe can mask data while maintaining complex data relationships. Data Safe minimizes the amount of personal data and allows internal test, development, and analytics teams to operate with reduced risk in an environment where sensitive data has been removed. 

360 Degree Insight

Oracle Data Safe can give you full 360-degree insight into the security of all of your databases, including risks with security configuration, data, users, and open alerts. This unification helps simplify understanding the security posture, and the risk profile of the database.

Oracle Data Safe Console

Data Safe helps businesses gain insight into their data by helping them discover where their sensitive data is, what sensitive categories and types they have, and how much they have.

Identify Sensitive Data with Data Safe

 

No More Compromises!

We believe that keeping data secure by default is absolutely critical to help protect against the asymmetric cyber warfare. No “ifs, ands, or buts” about it. Organizations should not have to choose between security and performance, or security and complexity, or for that matter, security and expenses.  

To this end, we have unified and simplified proven security technologies from our on-premises portfolio, and combined Oracle Data Safe with all Database as a Service offerings in the Oracle Cloud, including the Oracle Autonomous Database.

Data Safe scales from organizations with just one database to enterprises with hundreds. With Data Safe, you neither have to worry about any expensive setup, nor train any specialized resources. It can provide defaults based upon best practices, and allows customization. With Data Safe, there are no compromises!

Source: oracle.com

Continue reading

Introducing Oracle Autonomous JSON Database for application developers

Oracle announced the availability of Autonomous JSON Database—a new cloud service built for developers who are looking for an easy to use, cost-effective JSON database with simple NoSQL API's. Autonomous JSON Database provides all the core capabilities of MongoDB along with high performance, simple elasticity, full ACID support and complete SQL functionality.

{WE KNOW JSON}

JSON is extremely popular: what started as a serialization format for JavaScript objects and moved on to the de-facto messaging format for web applications has become the main data model for many new applications—including the database tier.

{ "name":"San Jose", "population":1021795, "county":"Santa Clara" }

{ "name":"Atlanta", "population":506811, "county":["Fulton","DeKalb"] }

Developers love JSON because it supports dynamic schemas and hence makes schema changes easy. Instead of normalizing data into a fixed relational schema with tables and columns, developers can use JSON documents to also gain agility on the data tier when making application changes.

{WE MAKE IT EASY TO USE}

Oracle identified the benefits and requirements of JSON very early: in 2014, Oracle Database delivered the first enterprise-class implementation of SQL/JSON - an open standard that Oracle initiated and that has since been adopted by many other commercial and open-source database products.

While SQL is a great language for analytics or complex reporting, many developers prefer a simpler and more flexible way to interact with JSON data. Consequently, Oracle added a native, open-source document store API called SODA (Simple Oracle Document Access) for common programming languages including Java, JavaScript and Python. Developing applications with JSON and SODA is as easy with Oracle as it is with NoSQL databases like MongoDB.

   soda create cities;

   soda insert cities {"name":"San Jose","population":1021795,"county":"Santa Clara"}

   soda insert cities {"name":"Atlanta","population":506811,"county":["Fulton", "DeKalb"]}

   soda get cities -f {"county":"Fulton"}

   soda get cities -f {"population":{"$gte":1000000}}

Oracle continues to deliver database innovations for JSON with today’s announcement of Autonomous JSON Database, bringing all of the autonomous benefits to JSON application developers.

{WE LEAD AUTONOMOUS}

One really cool thing is that Oracle didn’t create a JSON cloud service from scratch. Autonomous JSON Database is built on the Oracle Autonomous Database foundation. This service provisions new databases in minutes, scales up and down with no downtime to the application, patches databases online, takes automatic backups with point-in-time recovery, provides disaster-recovery capabilities, and has advanced security features. The goal of an autonomous database is zero administration, so that developers can spend more time on their application and less on setting up and managing a database.

{WE GIVE YOU AN AUTONOMOUS CLOUD SERVICE}

Autonomous JSON Database stores JSON documents in a native tree-oriented binary format. This native JSON format is highly optimized for fast reads (avoiding linear scans) and partial updates (reducing redo/undo log sizes). The result is a no-compromise document database providing low latency CRUD operations *and* full ACID consistency (including multi-document transactions); native document API for application development *and* full SQL support for applications; native JSON storage *and* scalable, parallel, in-memory query optimizations. 

Autonomous JSON Database provides a wealth of application features not found in less-mature NoSQL databases:

◉ built-in machine learning algorithms, spatial queries

◉ advanced security features like fine-grained access control

◉ a mature server-side procedural language

◉ a complete low-code development environment

◉ ACID transactions with no time or transaction size limits

◉ simple and fast cross-collection joins and/or aggregations

◉ intelligent search indexes over entire JSON documents

And, the list goes on

{IT’S AFFORDABLE ...}

Autonomous JSON Database is surprisingly low-cost. This service is designed for application developers to build new JSON applications on Oracle, and Oracle has given developers a real opportunity to tap into all of the features of its Autonomous Database at a very competitive price. Autonomous JSON Database costs 30% less than comparable MongoDB Atlas configurations: $2.74/hr versus $3.95/hr (Dedicated Cluster at M60 tier compared to 8 OCPU's). In practice, Autonomous JSON Database may be even lower cost compared to MongoDB Atlas because Autonomous JSON database is elastic and does not rely on fixed hardware shapes—you can choose any number of CPUs for your Autonomous JSON Database. Autonomous JSON Database's cost includes backup and simple connectivity to BI tools -- both extra cost items for MongoDB Atlas.

{... YET SCALABLE AND FAST}

The added features of Autonomous JSON database do no come with a performance penalty - on the contrary: if compared with MongoDB Atlas (same setup as used above for pricing) Autonomous JSON database gives you 2x throughput consistently across different workload types and collection sizes. The MongoDB Atlas results were run by MongoDB and published here using the industry-standard YCSB benchmark.

Autonomous JSON Database with 8 OCPUs compared to MongoDB Atlas on M60

Industry-standard Yahoo Cloud Serving Benchmark (YCSB)

Source of MongoDB results: https://www.mongodb.com/atlas-vs-amazon-documentdb/performance as of 8/12/2020

{GO TRY ONE!}

You can try the new Autonomous JSON Database with a free Oracle Cloud Trial account: sign up here

A quick note on Autonomous JSON Database and Oracle Cloud Free Tier:

Autonomous JSON Database is part of the Autonomous Database family. Autonomous JSON Database shares all of the core features for automation, lifecycle management, security, availability, scalability and elasticity with all other Autonomous Database services.

If you want to try out Autonomous JSON Database on Oracle Cloud Free Tier, you should start with Autonomous Transaction Processing. When you are ready to expand your system or move to production, you can move your Autonomous Transaction Processing on free tier directly to the paid version of Autonomous JSON Database.

If you are wondering whether there is any way that you could use features in the free version of Autonomous Transaction Processing that might prevent you from moving to Autonomous JSON Database, the answer is 'no'. The data size limit on the free tier is 20GB, and Autonomous JSON Database similarly supports 20GB of non-JSON data.

{COMPARISON OF AUTONOMOUS JSON AND MONGODB ATLAS}

Not only is Autonomous JSON Database cheaper and faster than MongoDB Atlas but it also comes with more capabilities:

	Autonomous JSON Database	MongoDB Atlas
Max Document Size	32 MB	16 MB
Max nested depth of documents	1024 levels	100 levels
Indexes per collection	unlimited	64
Compound index fields	unlimited	32
Full document index	JSON Search Index	X
Server-side functions	Functions, procedures, triggers	Not recommended*
Multi-document transactions	Always ACID	ACID only upon request via explicit API calls
Transaction duration	unlimited	60 seconds default
Transaction size	unlimited	maximum of 1000 documents*
Aggregation data size	unlimited	100 MB RAM + explicit allowDiskUse param
Serverless auto-scaling	✓	X
SQL access over JSON documents	✓	X
Comprehensive security (e.g. Virtual Private Database, Data Redaction, Custom Database Roles)	✓	X
Low Price	$2.74 / hour	$3.95 / hour

* recommendations as per MongoDB documentation: link1, link2 

{HOW TO GET STARTED WITH AJD: Step by Step}

After login into Oracle Cloud select 'Autonomous JSON Database' in the left menu:

This brings you to this screen, press the blue button to create a database

Give your database a name (and Displayname), make sure 'JSON' in selected.

On the same screen you also need to provide an 'admin' password. Remember it, you'll need it.

Click 'Create Autonomous Database' and you'll see that a new instance is provisioning. 

This should not take longer than a few minutes. The screen refreshes and you see a green logo - the service is available

Click on Tools and chose 'SQL Developer Web'

Here you need the 'admin' password. 

You now have a web console where you can enter SQL and SODA commands. SODA stands for 'Simple Oracle Document Access' and gives you a simple document-store interface to store JSON documents in collection.  'soda help' gives you an overview of the soda commands.

Type the following to create a collection 'cities' and insert two JSON documents. Note that they are a little different. The first record assumes that a city belongs to one county. But some cities belong to multiple counties. This is why the second document uses an array. Run the following commands to create the collection and insert two documents:

   soda create cities;

   soda insert cities {"name":"San Jose","population":1021795,"county":"Santa Clara"}

   soda insert cities {"name":"Atlanta","population":506811,"county":["Fulton", "DeKalb"]}

We can now query the collection to find documents matching a search/filter criteria. We call this 'Query By Example' or short QBE. The first QBE looks for cities in the county of 'Fulton':

   soda get cities -f {"county":"Fulton"} 

The second QBE selects all cities with a population greater than 250000. It selects both documents.

   soda get cities -f {"population":{"$gt":250000}}

In these examples we used a console to enter SODA commands. Typically, you would use SODA directly from a programming language. We do have SODA drivers for Java, JavaScript (nodeJS), Python, REST, Pl/Sql and ODPI-C.

With the JSON data stored in an Oracle Database it is also possible to use SQL to access the very same data. First, let's describe the collection

describe cities;

As one can see the JSON collection is backed by a regular table. The JSON data is stored in a binary representation optimized for fast reads and piece-wise updates. In order to convert it to a JSON string we use JSON_SERIALIZE.

select JSON_Serialize(JSON_Document) from cities;

With JSON_Table it is possible to unnest the JSON data and project it to relational columns and rows. Please note that the two JSON documents generate 3 rows as one city has two counties.

   select j.* from cities NESTED json_document 

            COLUMNS (name, population number, 

              NESTED county[*] 

              COLUMNS(countyName PATH '$')) j;

Going from a relational representation back to JSON is similarly easy. All we do is add one (or more) JSON generation functions to a query. In the following we are generating an array of all city name. 

select JSON_ArrayAgg(c.json_document.name) from cities c;

Source: oracle.com

Continue reading

Fleet Patching and Provisioning with Oracle (Autonomous) Database 19c

Managing the lifecycle of large database deployments has always caused some challenges. Most of these challenges can be addressed by running Oracle Databases in the Oracle Cloud, especially using Oracle Autonomous Database. The opposite, however, holds true, too. Using Oracle Fleet Patching & Provisioning (FPP), which is the standard for the lifecycle management of Oracle’s Autonomous Database, will help you managing your on-premises Oracle software estate easier and more efficiently. In this blog post, you will learn how.

Why Use Fleet Patching & Provisioning On-Premises and in the Cloud?

Oracle Autonomous Database provides simplicity at all administrative levels, basing its offering on automated management, security, self-repairing and self-driving capabilities. The ability to auto-provision and self-patch when required, is largely based on Oracle’s recommended solution for performing lifecycle management operations, Oracle FPP and you can benefit from it, too!

Oracle FPP is a feature of Oracle Grid Infrastructure (GI), which provides a framework to automate the lifecycle management of large estates of Oracle Databases. Oracle FPP leverages GI’s high availability capabilities and streamlines the upgrade and patching process for Oracle's customers.

Oracle FPP leverages the concept of Gold Images, well defined software homes (Oracle Database, Grid Infrastructure and even Oracle Fusion Application homes) that you have tested and validated and would like to repurpose for other deployments. Oracle FPP gathers these validated homes and imports them into a managed repository so that they can be reused for patching and upgrading purposes throughout across entire deployment estate.

Oracle FPP’s Gold Image repository is used as an a-la-carte menu, in which the chosen Gold Image is used by Oracle FPP to automate the out-of-place patching, upgrading or provisioning process on any desired target. Furthermore, Oracle FPP evaluates the target to be patched, upgraded or provisioned and provides the required course of corrections to be performed prior to executing the actual lifecycle operation. 

How can You Benefit from Autonomous Database’s Secret Sauce?  

You can benefit from Oracle’s experience with Oracle FPP in three simple steps:

1. Download and install the latest version of Oracle Grid Infrastructure and configure and deploy an Oracle FPP server as a post-installation step. 

2. Create a Gold Image repository and import validated homes from across your estate. 

3. Start provisioning, patching and upgrading your Oracle software with Oracle FPP. 

What’s the Latest in Oracle Database 19c and Oracle FPP?

While generally not bound to Oracle Database versions, certain Oracle FPP features inherently benefit from enhancements in later versions of the Oracle Database. Below is just a selection of features that is generally available to you. 

Zero-Downtime Oracle Grid Infrastructure Patching

Starting with Oracle Grid Infrastructure 19c, Oracle FPP leverages this Oracle Grid Infrastructure feature to reduce patching-related downtime by allowing GI home patching with no interruption to the Oracle Real Application Clusters (RAC) Databases running on the GI cluster node being patched. All Oracle RAC clusters with two or more nodes are supported in this patching mode, in which the database instance on the actively patched node remains running during the rolling patching of the GI home.

Zero-Downtime Database Upgrade (ZDU)

With this Oracle FPP-exclusive feature you can upgrade your Oracle Database with no downtime. ZDU creates an ACFS snapshot or full clone of the Oracle Database and initiates a synchronization process either leveraging GoldenGate or Oracle Data Guard to sync-up the cloned database, to upgrade the database to the desired release and finally to sync back; providing the highest level of availability during Oracle Database upgrades. 

Exadata Support

Oracle FPP fully supports all lifecycle management operations of your database and Grid Infrastructure on Oracle Exadata Database Machine, including Exadata Storage Cells, Database Nodes and Infiniband switch patching. 

Gold Image Drift Report

One of the most useful Oracle FPP features to efficiently manage fleets is “Gold Image Drift Management” which alerts you of the fact that the version of a FPP-managed home has drifted away from the desired version. Based on this assessment and alert, FPP offers a corrective action by either incorporating the patch that has caused the drift into the Gold Image registered in the repository or by rolling back the target that has drifted.

Source: oracle.com

Continue reading

Simplify Security for your on-premises Oracle Databases with Oracle Data Safe

Connect your on-premises databases to Data Safe in a few simple steps

In this blog post, I will explain how you can connect and register your on-premises database in Data Safe.

The main step involves creating a network connectivity path for Data Safe to talk to your on-premises database.  Once this step is complete, there should be no connection differences between your databases whether on Oracle Cloud or on-premises.

Requirements

Before I describe how to connect, it’s important to understand what a Virtual Cloud Network (VCN) is. A VCN is a private network in Oracle Cloud Infrastructure. Just like a traditional data center network, the VCN provides you with complete control over your network environment. A VCN typically connects your Oracle Cloud Infrastructure resources including compute, storage, or databases. You can also create an empty VCN with no resources if you are not using the Oracle Cloud Infrastructure for any other service.

The current Data Safe service requires a FastConnect or VPN connection from your data center to the Oracle Cloud Infrastructure that basically extends your VCN to your on-premises network as shown. More information on FastConnect and VPN Connect is linked at the end of the blog post.

Figure 1 - Extending a VCN to your on-premises network via FastConnect or VPN

If you don’t have a FastConnect or VPN connection, or would prefer not to link up the networks, we offer another connectivity option as part of a limited availability program. Please scroll to the end of the blog post for more information.

Connecting your on-premises database to Data Safe

Once you have a connection to Oracle Cloud Infrastructure using FastConnect or VPN Connect, connecting your database to Data Safe is done in three simple steps:

1. Create a representation of Data Safe in your VCN

2. Allow communication from Data Safe to your on-premises database

3. Register your database in Data Safe

If you are already using Data Safe for your Oracle cloud databases running in a private VCN, then you’ll find that these steps are very similar.

Step 1 – Create a representation of Data Safe in your VCN

For this step, all you need to know is the name of your VCN that is connected to your on-premises network. In my environment, I have a FastConnect connection to the VCN called CorpDev1-iad.vcn. The VCN has one subnet called CorpDev1-iad.

Figure 2 – Example VCN and Subnet

To create a representation of Data Safe in your VCN and to ultimately allow communication between Data Safe and your on-premises databases, you need to create a Data Safe private endpoint.

To create the private endpoint, navigate to the Data Safe console in Oracle Cloud Infrastructure by selecting Data Safe in the menu on the left under Database related services and then clicking on Private Endpoints.

Figure 3 – Data Safe console

Select Create Private Endpoint in the console, enter the name of the new private endpoint you want to create and select the VCN and subnet that are connected to your on-premises databases.

Figure 4 - Creating the Data Safe Private Endpoint

Once the private endpoint is created, click on the private endpoint name to find the private IP address assigned to the private endpoint. Please note that this private endpoint is a virtual representation of Data Safe in your network.

Figure 5 - Private Endpoint Details

By the way, you only need to create one Data Safe private endpoint for your Virtual Cloud Network, no matter how many on-premises databases you want to register in Data Safe.

Step 2 – Allow communication from the Data Safe private endpoint to your database

Now we need to allow communication from the Data Safe private endpoint to your database. You can either allow communication to all your on-premises databases that are accessible from the Virtual Cloud Network or you can limit it to one or more databases specifically. To allow outgoing communication from the Data Safe private endpoint, you need to define an egress rule.

For my example, I want to allow communication from the Data Safe private endpoint to just one on-premises database accessible in the VCN by defining the security rules of my VCN, but you could also use Network Security Groups (NSGs). You can see a simple example for an egress rule, allowing communication from my Data Safe private endpoint to my database (10.89.69.237, port 1527):

Figure 6 - Example Egress Rule

Please note: If your database has multiple database nodes, you need to include them all in the egress rules of your security list (or NSG).

Step 3 – Register your on-premises database in Data Safe

The only step left is to register your on-premises database in Data Safe.

To register your database, go back to the Data Safe console in Oracle Cloud Infrastructure and click on the Service Console button. In the Data Safe UI select Targets in the top menu and click the + Register button.

In the registration dialog, enter a name for your database and select Oracle On-Premises Database in the drop-down menu under Target Type. This will change some of the input options. You see that Private Endpoint is automatically selected under Connectivity Option. In the next entry field, select the Data Safe private endpoint you created in step 1. Now enter the connection details for your database including IP address, port number and the database service name. If your database has more than one database node, please enter all nodes under IP Address.

The last entry is for the credentials Data Safe will use to connect to your database. We suggest creating a dedicated database user for Data Safe in your database. To help grant the necessary privileges to this database user, you can download a privilege script from the registration dialog and run it in your database before you complete the registration. Now click on Test Connection to ensure that everything was set up correctly. Then click on Register Target.

Figure 7 - Database Registration

And that’s it! Your on-premises database is now all set up to be secured by Data Safe. I recommend running a Security Assessment and User Assessment first. Just go to Security Assessment on the Data Safe home page, select your database and click the Assess button. And then repeat the same for User Assessment. You will receive comprehensive assessment reports in minutes showing you potential risks that you can then address.

Figure 8 - Data Safe Home Page and Dashboards

Alternative Connectivity Option

If you don’t have a FastConnect or VPN Connect, or would prefer not to link up the networks, we are offering a Data Safe on-premises connector as part of a limited availability program. You can configure and download the lightweight connector and deploy on a node in your network. The connector is easy to install, doesn’t require deep network knowledge, and can be used to connect to all your on-premises databases.

Continue reading