3. Lifetime Support Policy
Feature Premier Extended Sustaining
Support Support Support
Major Product and Technology Releases
Technical Support
Access to Knowledge Base
(MetaLink/Customer
Connection/SupportWeb)
Updates, Fixes, Security Alerts and Critical Pre-
Pre-existing
Patch Updates Only
Tax, Legal and Regulatory Updates No
Upgrade Scripts No
Certification with existing Third Party No
Products/Versions
Certification with New Third Party No No
Products/Versions
Certification with new Oracle Products No
4. Lifetime Support Policy
today
August 2012 August 2015
July 2010 July 2011 July 2013
R2
January 2009 January 2012
Sustaining Support
Premier Support Extended Support
R2 July 2007 July 2008 July 2010
t
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2016
2015
http://www.oracle.com/support/library/brochure/lifetime-support-technology.pdf
9. Real Application Testing Delivers
Adaptive Change Assurance
• Reduces risk of new
technology adoption Deploy
through higher testing Test
quality Change
• Reduces time for
effective testing from Remediate
weeks to days
Solution for the Agile Business
10. RAT: From Manual to Automated
Typical Steps in Test Phase
1 2 3 4 5
12. Real Application Testing with
SQL Performance Analyzer (SPA)
• Measure and report on performance before and
after a change
Great For
• Database upgrades including patch deployments
• Database Initialization Parameter Changes
• Schema Changes
• Optimizer Statistics Refresh
• Changes to the OS & HW
• Implementing Tuning Recommendations
13. Real Application Testing with
SQL Performance Analyzer (SPA)
• Test impact of change on SQL query performance
• Capture SQL workload in production including statistics & bind
variables
• Re-execute SQL queries in test environment
• Tune regressed SQL and seed SQL plans for production
Client Client Client
… Production Test
Middle Tier Re-execute SQL Queries
Capture SQL
… … Use SQL Tuning
Oracle DB Advisor to tune
regression
Storage
14. SQL Performance Analyzer
Workflow
Make Change Tune SQL
Initial Post-Change Tuned
Environment Environment Environment
Execute Re-execute SQL Tuning
Production SQL SQL Advisor
and Gather Stats
Execute SQL
Compare Performance
19. Real Application Testing with
Database Replay
• Recreate actual production database workload in test environment
• Capture workload in production including critical concurrency
• Replay workload in test with production timing
• Analyze & fix issues before production
Client Client Client
… Production Test
Middle Tier Replay DB Workload
Capture DB Workload … …
Test migration
Oracle DB to RAC
Storage
26. Oracle Active Data Guard 11g
Increase performance and utilization
• Physical standbys:
• Most popular type of standby database
• Simple, fast, supports all data types and applications
• In Data Guard 10g
• Can be open read-only, but Redo Apply has to stop
• Latest data is not available for query or reports
• Also prolongs switchover / failover
• Oracle Active Data Guard 11g – a new Database Option
• Real-time Query enables read-only access to a physical
standby database while Redo Apply is active
27. Active Data Guard
Real-time Query
Concurrent
Real-Time Query
Continuous Redo
Shipment and Apply
Primary Physical Standby
Database Database
• Read-only queries on physical standby concurrent with redo
apply
• Supports RAC on primary and/or standby
• Queries see transactionally consistent results
• Handles all data types, but not as flexible as logical standby
28. Snapshot Standby
Leverage Standby Database for Testing
Updates Queries
Updates
Primary Snapshot Standby
Physical
Database Database
Database
• Preserves zero data loss – continuous redo transport while open read-write
• Truly leverages standby database and DR hardware for multiple purposes
• Similar to storage snapshots, but provides DR at the same time and uses
single copy of storage
30. Online Application Upgrade
Edition-based redefinition
• Code changes are installed in the privacy of a new
edition
• Data changes are made safely by writing only to new
columns or new tables not seen by the old edition
• An editioning view exposes a different projection of a
table into each edition to allow each to see just its own
columns
• A crossedition trigger propagates data changes made
by the old edition into the new edition’s columns, or (in
hot-rollover) vice-versa
33. Oracle Database 11g Release 2
Dynamic Cluster Partitioning via
Server Pools
Back Office Front Office Depart/LOB Free
• Dynamically assigns servers to run groups of related workload
• Allocation is Policy Managed – Min/Max, Relative Importance
• Unassigned Servers go to Free Pool
• Cluster reconfigures if a pool falls below its minimums
34. Database Diagnostic Pack with
RAC • “Plain English”
Database-Level performance expert in a
ADDM box
11g • Identify the most
“Globally Significant”
Self-Diagnostic Engine performance problems for
the entire RAC cluster
database
• Database-wide analysis
of:
Instance-Level • Global cache
ADDM interconnect issues
• Global resource
contention, e.g. IO
Inst 1 Inst 2 Inst 3 bandwidth, hot blocks
• Globally high-load
AWR 1 AWR 2 AWR 3 SQL
• Skew in instance
response times
35. Agenda
Oracle 11g Overview
• Manageability & Testing
• Real Application Testing
• Grid Computing / High Availability
• Active DG
• Online Application Upgrade
• RAC (New Features)
• Performance / Storage Management
• Advance Compression
• Partitioning
• In-Memory Cache
• ASM Cluster File System
• Database Security
• Monitoring
• Access Control
• Encryption & Masking
40. Oracle Advanced
Compression Option
• SecureFiles • Data Pump Data
Compression • Data Guard Redo
• OLTP Table Deduplication
Transport
Compression • SecureFiles • RMAN Fast Backup Compression
Compression Compression
Unstructured
Relational Data Backup Data Network Data
Data
Compression Compression Compression
Compression
• Reduces resource requirements and
costs
• Storage System
• Network Bandwidth
• Memory Usage
41. New Features in Oracle Database 11g
• Data Recovery Advisor
• Multisection Backups
• Fast Backup Compression
• Network-enabled Database Duplication.
• Virtual Private Catalog
• Integration with Windows Volume Shadow
Copy Services (VSS)
42. Real World Compression Results
10 Largest ERP Database Tables
2500
Data Storage
2000
1500
Table Scans
1000 0.4
500
0.3
DML
0
3x Saving
0.2 40
Performance
30
0.1
20
0
10
2.5x Faster
0
< 3% Overhead
45. Oracle Partitioning
10 years of innovation
Core functionality
Oracle8 Range partitions, global range index
Oracle8i Hash and composite range-hash partitioning
Oracle9i List partitioning
Oracle9i R2 Composite range-list partitioning
Oracle 10g Global hash indexes
Oracle 10g 1M partitions per table
Partitioning by reference
R2 Virtual column partitioning
Automatic interval partitioning
New composite partitioning:
range-range, list-range,
list-list, list-hash
46. Partitioning in Oracle Database 11g
Advice, Ease, even more Business-driven designs
ORDERS ORDERS ORDERS
>5000
<4999
Jan Feb Jan Feb
Partition Automatic Business-driven
Advisor Interval, and Composite
Reference Partitioning
Partitioning
47. Partitioning in Oracle Database 11g
Advice, Ease, even more Business-driven designs
ORDERS ORDERS ORDERS
>5000
<4999
Jan Feb Jan Feb
Partition Automatic Business-driven
Advisor Interval, and Composite
Reference Partitioning
Partitioning
48. Manage Data Growth
Partition for performance, management
and cost
ORDERS TABLE (7 years)
2003 2008 2009
95% Less Active 5% Active
Low End Storage Tier High End Storage Tier
2-3x less per terabyte
49. Partitioning and Advanced Compression
Better Together – Simple Savings You Can Count On
ORDERS
ORDERS (10 TB @ $72*) (2 TB @ $72* & 8 TB @ $14*)
Single Large Table 2009 2008 2007 2006 2005
Europe
Partitioning
USA
Cost = $720,000 Savings = $464,000
Over 85%
Storage Compression
Compression
Savings 3 to 1
3 to 1
ORDERS
ORDERS
(.7 TB @ $72* & 2.7 TB @ $14*)
(3.3 TB @ $72*) 2009 2008 2007 2006 2005
Europe
Partitioning
USA
Savings - $482,400
Combined Savings = $631,800
Note: * - $ per GB of storage
50. Oracle ILM Assistant
• Oracle ILM Assistant Manages the ILM
environment
• Define Lifecycle Definitions
• Illustrates Storage Costs & Savings
• Manage Compliance & Security
• Calendar of Events
• Simulates the impact of partitioning on a table
• Advises how to
• Partition a Table
• Generates Scripts to move data when required
56. ASM 11g Enhancements
Cluster File System (ACFS)
Databases Applications File Systems
Automatic Storage Management (ASM)
DB Datafiles OCR and Voting Files Oracle Binaries 3rd Party File Systems
• ASM supports ALL data
• Database files
• File systems: ACFS, 3rd-party file systems
• Shared Clusterware files: OCR and Voting disk now stored
in ASM
62. Encryption and Masking
What We Heard From Our Customers…
• “Our PCI auditors say we have to encrypt credit card data
whether it is in motion, rest, or storage.”
• “We need to encrypt personal identity information to comply
with EU Data Privacy but cannot change our applications.”
• “We want to store medical records in our database but we
need to encrypt to comply with CA AB 1298.”
• “We send back-ups off-site and need to make sure they are
secure even if off-site facility is compromised.”
• “We need to protect confidential data in test environments
when the data is used by developers or offshore vendors
• “We need to share customer data with 3rd parties without
revealing personally identifiable information”
When in Doubt, Encrypt or Mask
Encryption / Masking Recognized as Defensible Safeguard
63. Oracle Advanced Security
Transparent Data Encryption
Disk
Backups
Exports
Application
Off-Site
Facilities
• Complete encryption for data at rest
• No application changes required
• Efficient encryption of all application data
• Built-in key lifecycle management
Oracle Confidential
63
64. Oracle Advanced Security
Network Encryption & Strong
Authentication
• Standard-based encryption for data in transit
• Strong authentication of users and servers
• No infrastructure changes required
• Easy to implement
Oracle Confidential
64
65. Oracle Advanced Security Option
Encryption and Strong Authentication Services
Strong
Authentication
Network
Encryption
Data Data
Automatically Written Transparent
Decrypted To Disk Data Encryption
Through Automatically
SQL Interface Encrypted
Transparent Data Encryption
With RMAN Can Encrypt
Entire Backups Sent to Disk
66. Oracle Data Masking
What is data masking?
What LAST_NAME SSN SALARY
• The act of anonymizing customer, AGUILAR 203-33-3234 40,000
financial, or company confidential BENSON 323-22-2943 60,000
data to create new, legible data
D’SOUZA 989-22-2403 80,000
which retains the data's properties,
such as its width, type, and format. FIORANO 093-44-3823 45,000
Why
• To protect confidential data in test
LAST_NAME SSN SALARY
environments when the data is used
by developers or offshore vendors ANSKEKSL 111—23-1111 40,000
• When customer data is shared with BKJHHEIEDK 111-34-1345 60,000
3rd parties without revealing KDDEHLHESA 111-97-2749 80,000
personally identifiable information FPENZXIEK 111-49-3849 45,000
67. Enterprise Manager
Data Masking Pack
Test
Clone Clone
Test
Production Staging
Major features
• Automatic database referential integrity when masking primary keys
• Implicit – database enforced
• Explicit – application enforced
• Data mask format library
• View sample data before masking
• Application masking templates
• Define once; execute multiple times
68. Oracle Data Masking
Irreversible De-Identification
Production Non-Production
LAST_NAME SSN SALARY LAST_NAME SSN SALARY
AGUILAR 203-33-3234 40,000 111—23-
ANSKEKSL 60,000
1111
BENSON 323-22-2943 60,000 BKJHHEIEDK 222-34-1345 40,000
• Remove sensitive data from non-production databases
• Referential integrity preserved so applications continue to work
• Sensitive data never leaves the database
• Extensible template library and policies for automation
Oracle Confidential
68
70. Access Control
What we heard from our customers…
• “No user should be able to by-pass our application to access
information in the database directly.”
• “How can I restrict access to data on a “need to know” basis in
order to protect dat privacy and achieve regulatory
compliance?”
• “Legal says our DBA should not be able to read financial
records, but the DBA needs to access the database to do her
job. What do we do?”
• “Our SOX auditors require that we separate account creation
from granting privileges to accounts.”
• “How do we keep the Finance department from running reports
during production hours?”
• “New DBAs should not be able to make database changes
without a senior DBA being present.”
71. Oracle Label Security
Data Classification for Access Control
Sensitive
Transactions
Confidential
Report Data
Public
Reports
Confidential Sensitive
• Classify users and data based on business drivers
• Database enforced row level access control
• Users classification through Oracle Identity Management Suite
• Classification labels can be factors in other policies
Oracle Confidential
71
72. Oracle Label Security
Row Level Security
Select * from employee_org
Label Authorization
Sensitive : HR : US
employee_org
LJ1 Confidential
LUS3 Sensitive : HR : US
LUK4 Sensitive : HR : UK
73. Oracle Label Security
Policy Administration Model
HR Law Enforcement Government
Policy Policy Policy
Confidential Level 1 Confidential
Levels Sensitive Level 2 Secret
Highly Sensitive Level 3 Top Secret
Compartments PII Data Internal Affairs Desert Storm
Investigation Drug Border Protection
Enforcement
HR REP Local Jurisdiction NATO
Groups Senior HR REP FBI Homeland
Justice Security
74. Oracle Database Vault
Separation of Duties & Privileged User
Controls
Procurement
DBA
HR
Application
Finance
select * from finance.customers
• DBA separation of duties
• Limit powers of privileged users
• Securely consolidate application data
• No application changes required
Oracle Confidential
74
75. Extend the Separation of Duties to the
application level
SELECT * FROM HR.EMP
• Customer may want to lock down the
DB application structure even from the
application owner. DBA
• Prevent HR user from changing the HR Realm
DB structure even though he owns HR
these objects. Disallow
HR App DBA Drop Table
• Using DV, we can prevent HR App
DBA from dropping any table he FIN Realm
owns. FIN
FIN App DBA
76. Oracle Database Vault
Multi-Factor Access Control Policy
Enforcement
Procurement
HR
Application Rebates
• Protect application data and prevent application by-pass
• Enforce who, where, when, and how using rules and factors
• Out-of-the box policies for Oracle applications, customizable
Oracle Confidential
76
77. Oracle Database Vault Demo
Transparent Multi-factor Authorization
• DV helps customers
implement strict access
control security policies SELECT ….
HR
• Access can be restricted Unexpected IP address
by IP address, or subnet,
HR account
time or application
interface.
• Using DV, we can prevent
CREATE …
the DBA from executing
alter system commands FIN
from a specific IP Business hours
FIN DBA
address.
79. Monitoring
What We Heard From Our Customers…
• “How can I monitor all of my database
users, especially privilege users to ensure
they are not abusing their powers?”
• “I would like to get alerts to flag
unauthorized activities making it easy to
detect insider threats”
• “I need out-of-the-box reports for activities
associated with privileged user activity and
access to sensitive data”
80. Oracle Audit Vault
Automated Activity Monitoring & Audit
HR DataReporting ! Alerts
Built-in
CRM Data Reports
Audit
Data Custom
ERP Data Reports
Databases Policies
Auditor
• Consolidate audit data into secure repository
• Detect and alert on suspicious activities
• Out-of-the box compliance reporting
• Centralized audit policy management
Oracle Confidential
81. Oracle Audit Vault
Monitor Database Activity with a Secure Audit Data Warehouse
• Manage Audit Data
• Secure consolidation of audit data
from all Oracle databases
• Centrally manage all Oracle Report Monitor Enforce Secure
database audit settings
• Detect suspicous activities IBM DB2
• Monitor all database users –
especially privileged users Sybase
• Alert on unauthorized activities Oracle Database
• Simplify compliance reporting 9i Release 2 SQL Server
Oracle Database 10g Oracle Database
• Built-in compliance reports Release 1 11g
Oracle Database
• Define custom reports 10g Release 2
82. Oracle Total Recall
Secure Change Tracking
select salary from emp AS OF TIMESTAMP
'02-MAY-09 12.00 AM‘ where emp.title = ‘admin’
• Transparently track data changes
• Efficient, tamper-resistant storage of archives
• Real-time access to historical data
• Simplified forensics and error correction
Oracle Confidential
82
83. “Well, there wasn't enough time, Michael.
There just wasn't enough time.”
Steve Flournoy
OD Solutions Specialist
84. Not Enough Time to Cover All
of the Features For…
Availability
Availability Manageability
Manageability
Oracle Clusterware
Diagnostics Pack
Oracle Real Application Clusters
Tuning Pack
Oracle Secure Backup
Change Management Pack
Oracle Data Guard
Configuration Management Pack
Flashback Operations
Provisioning Pack
Online Operations
Automatic Storage Management Fine Grained Access
Automatic Space Management Identity Management
Disk based Backup/Recovery Transparent Data Encryption
Compression Data Masking Pack
Partitioning Database Vault
Exadata Storage Audit Vault
Storage Management Security
85. And Other 11gR2 Features
• Grid Plug and Play!!
• Oracle Restart – DB, ASM, Listener after restart of software/hardware
• Out of Place Upgrades (zero downtime for patching)
• In Memory Parallel Execution & Auto Degree of Parallelism (DOP)
• Enterprise Manager for Provisioning, Clusterware, GPnP, Restart
• Universal installer (Remove RAC, de-install, downgrades, patches,restarts)
• ASM FS (file system) snapshots – 64 images – backup/reco/data mining!
• Intelligent data placement on fast tracks
• Flashback Data Archive support for DDL
• Instance caging – allocate CPU usage to instances (CPU_COUNT)
• Compare SQL Tuning sets to each other
• Tuning Advisor can use auto DOP, searches historical performance, transport
back to 10gR2 or later for testing.
• Virtual Columns can be in PK/FK of reference partition table
• Stored outline migration to SQL Plan Management (SPM)
• Automatic Block Repair
• Etc..
86. But Still Time to Remind You How
Oracle Can Help You Maximize Your Budget Value
Deploys SOA Saves 80% time and
Avoids online revenue
infrastructure 92% effort for managing
losses up to 25%
faster Databases
Cuts configuration
Improves IT Drives asset utilization
management effort by
productivity by 25% up by 70%
90%
Saves $1.9 million Saves $170,000 per Replaces manual
with Oracle Enterprise year with Oracle tools with automation;
Manager Enterprise Manager saves time by 50%
Saves weeks on
Reduces Database Reduces provisioning
application testing
testing time by 90% effort by 75%
time
Cuts application Delivers 24/7 uptime
Reduces critical
testing from weeks to with Oracle Enterprise
patching time by 80%
hours Manager