3. Industry data management challenges
3
¾ Cost of database
management spent
on labor
– IDC
Cost and complexity
91% experience unplanned
data center outages
– Healthcare IT News
Database downtime costs
$7,900/minute
– DB Maestro
Reliability
10% increase in data
accessibility translates
into $65.7 million
in net income
– Baseline Magazine
Speed of innovation
60% of breaches
involved vulnerabilities
for which a patch was
available but not
applied
– Security Boulevard
Security
75% 10% 85%
91%
4. Availability
Oracle Database on Oracle Engineered Systems
Most powerful data management platform in the industry
4
Oracle Database 19c
• LTS generation of the world's most popular database
• Key component of Oracle's Autonomous Database Cloud
• Available in Oracle Cloud and on-premises
Security
Performance
and scalability
Manageability Analytics
Oracle Engineered Systems
• Highly optimized, purpose-built infrastructure co-engineered with Oracle software
• Architected, integrated, tested, and optimized to work together
• Oracle Database performance that generic systems cannot match
• Foundation for Oracle Autonomous Database
5. Oracle Database Enterprise Edition
• Database with highest performance,
availability, manageability and security
• 100+ EE-specific features
5
Oracle Database Standard Edition 2
• Database with the features you need at an
affordable price
Oracle Database Editions
• Performance • Availability • Manageability • Security
6. 6
Differences between editions
Main features of each edition
Analysis, Consolidation Performance Availability Manageability Security
・Multitenant
・Spatial and Graph
・Advanced Analytics
・OLAP
・Database In-Memory
・Diagnostics & Tuning Pack
・Parallel processing
・Resource Manager
・Smart flash cache
・Result cache
・Real Application Clusters
・Active Data Guard
・Data Guard
・Flashback
・Sharding
・Automatic Storage
Management
・Fail Safe(Windows)
・Partitioning
・Advanced Compression
・Lifecycle Management Pack
・Real Application Testing
・Test Data Management Pack
・Data Masking and
Subsetting Pack
・Online maintenance
・SQL Plan Management
・Automatic memory
management
・Advanced Security
・Database Vault
・Access control
・Fine-grained audit
・Network encryption
(SSL/TLS)
EE+Option
EE
SE2
Appealing technology
7. Database Options Security & Risk
Management
7
• Customers need to ensure they are proactively
measuring the security posture, especially
with people working from home
• The security and risk management bundle has
been designed to provide capabilities to help
customers achieve this.
• Gartner Predicts 75% of CEOs Will be
Personally Liable for Cyber-Physical
Security Incidents by 2024
8. Oracle Database security features and utilities
…
Real Application
Security
Virtual Private
Database
Database
Crypto Toolkit
Database Security
Assessment Tool
Centrally
Managed Users
PKI, Kerberos,
MFA
Privilege
Analysis
Network
Encryption
Unified
Auditing
Roles and
Privileges
10. Applications
Users
System, Application and
Database Admins
Attack Admins
Attack Users
Attack Apps
Exploit Database
Bypass Database
Target Data
Copies
Test Dev
Database Clones
How Do Hackers Attack the Database?
Attack Network
11. How do you protect the database?
Monitor access to the
data
• Use native auditing
capabilities to capture
high-value activity
• Use network-based
monitoring to examine
ALL activity
Control access to the
data
• Use database roles and
privilege grants
• Control privileged user
access
• Enforce separation of
duties
• Establish and enforce a
trusted path to data
Encrypt the data and
protect the encryption
keys
• Encrypt data in motion
and at rest
• DO NOT rely on storage
level encryption
• Securely manage
encryption keys
Implement a secure
configuration and
monitor for
configuration drift
• Check configuration
against standards/best
practices
• Verify that authentication
is as strong as practical
• Review user privileges
12. Threat Landscape as per ENISA
Top 9 (October 2021)
1. Ransomware
2. Malware
3. Cryptojacking
4. E-mail related threats
5. Threats against data; (this category encompasses data breaches/leaks)
6. Threats against availability and integrity
7. Disinformation – misinformation
8. Non-malicious threats; (mostly based on human errors and system
misconfigurations)
9. Supply-chain attacks
Source: https://www.enisa.europa.eu/publications/enisa-threat-landscape-2021
13. Ransomware is a type of malicious
software, or malware, designed to
deny access to a computer system or
data until a ransom is paid.
US Cybersecurity & Infrastructure Security Agency
https://www.cisa.gov/ransomware
14. HELLO!
YOUR STORAGE WAS COMPROMISED.
YOUR FILES ARE IN OUR POSSESSION.
FOR THE MOMENT ALL YOUR FILES AND FOLDERS ARE SAFE. THEY HAVE BEEN MOVED TO OUR SECURE SERVERS AND ENCRYPTED.
IF YOU WANT YOUR FILES BACK OR DO NOT WANT THEM LEAKED PLEASE SEND 4.5 BITCOIN TO THIS BITCOIN WALLET:
1DHtv7TPk1VoGchJJs21dzKfLxRtTTFNGf
YOU HAVE UNTIL THE 3rd of DECEMBER 2021 TO MAKE THE PAYMENT OR YOUR FILES WILL BE AUTO-DELETED FROM OUR SERVERS,
LEAKED OR SOLD.
YOUR UNIQUE ID IS: 148.71.84.153
PLEASE EMAIL US YOUR ID AND PAYMENT CONFIRMATION TO:
cloud@mail2pay.com
AFTER THE PAYMENT CONFIRMATION YOU WILL RECEIVE INSTRUCTIONS ON HOW TO DOWNLOAD ALL YOUR FILES BACK.
How to obtain Bitcoin:
The easiest way to buy bitcoin is the LocalBitcoins site.
https://localbitcoins.com/buy_bitcoins
!!! ATTENTION !!!
Even if all your files are backups and you have a copy of them, do not disregard this message.
Considering the huge amount of sensitive and private information we harvested, we reserve the right to LEAK or SELL all your data, if no
payment is made.
THANK YOU FOR YOUR COOPERATION.
Cl0ud SecuritY
Ransomware attacks are also
data breaches
15. • Transparent Data Encryption (part of Oracle Advanced Security)
• Oracle Key Vault for key storage and distribution
Recommended defense against database exfiltration & extortion
16. What else?
Risk mitigation is also available from:
• Database Vault – helps isolate data from privileged accounts, compromised application
service accounts – this may prevent the spread of ransomware through database
channels
• Data Safe/Database Security Assessment Tool – helps identify configuration errors that
might be used by an attacker to gain access to the database
• Audit Vault and Database Firewall – detect and alert on access anomalies (eg: an
attacker connecting or trying to connect to the database). May catch an attack in
progress if the database is being used as a transmission vector for the attack (rare but
theoretically possible)
17. Database Options Operational
Resiliency
17
• Customers need to be able to rapidly respond
and restore business operations in a timely
fashion. They need to plan and adopt the
necessary resiliency practices needed for
continuity and fast recovery.
• The operational resiliency bundle has been
designed to provide capabilities to help
customers achieve this.
18. Customer risk
• Customers who have a bad
experience may not return
• Widely publicized outages
make it harder to attract
new customers
The importance of a business continuity plan
Let’s review some potential consequences of getting it wrong
Financial risk
• Business interruption means
revenue loss
• Unplanned recovery costs
• Reputational/brand damage
can reduce market value
Regulatory risk
• Regulated businesses may
face penalties for unplanned
interruptions
• May also be subject to
additional ongoing scrutiny
18
19. What issues need to be overcome?
Cost
Maintaining redundant—
and often idle—software and
hardware resources from
multiple vendors is costly
Complexity
Lack of integration, and
administrative complexity,
increases the chance of
error and failure
An ideal business continuity solution
should offer
1. Automated operation to reduce
administrative effort and maximize security
2. High Availability to the application with
no modification
3. Zero data loss regardless of distance
4. Rolling window maintenance
5. On-demand, reliable and fully elastic
DR site option
19
20. High Availability
• Protect from localized failures
(servers, bugs, …)
• Local redundancy
Protect data and systems from outages
High Availability and Disaster Recovery
Disaster Recovery
• Protect from site failure
(entire data center)
• Site redundancy
20
21. https://docs.oracle.com/en/database/oracle/oracle-database/19/ladbi/about-standard-edition-high-availability.html
Standard Edition High Availability
21
Standard Edition High Availability
• Provides fully integrated cluster-based failover
for single-instance Standard Edition Oracle
Databases using Oracle Clusterware.
• Benefits from Oracle Clusterware, Oracle
Automatic Storage Management (Oracle ASM)
and Oracle ASM Cluster File System (ACFS)
• Consequently, the expected failover time is
much faster than any cluster solution that
relies on failing over and remounting volumes
and file systems.
• Supports Linux x86-64, Oracle Solaris on
SPARC (64-bit), and Microsoft Windows.
• Follows Oracle Clusterware certification.
protection
level
solution
22. Standard Edition High Availability
Most Frequently Asked Questions (FAQ)
Is SEHA the same
as RAC One Node?
• NO. RAC One Node is
an option to the
Oracle Enterprise
Edition (EE).
• RAC One Node uses
the same
infrastructure
• but provides more
functionality such as
Online Database
Relocation.
• SEHA has no RAC
code enabled in the
database.
Does SEHA follow
Oracle SE2 licensing?
• YES. SEHA follows
Oracle SE2 license.
• SEHA has a 2 sockets
per server license
restriction.
• One can have
”unlimited sockets”
(100 nodes max) in
the cluster assuming
each server uses
max. 2 sockets.
How many CPUs does
SEHA use per server?
• 16 CPUs threads, as
SE2 single instance.
• CPU threads are
counted on OS-level
and can be threads
or cores depending
on the HW used.
• Unlike RAC SE2, one
SEHA instance uses
max. 16 CPU threads
for foreground
processes.
Can SEHA be licensed
using the 10-day-
failover rule?
• YES. As any other
database failover
solution, SEHA can
be licensed using the
10-day-failover rule.
• All requirements for
this rule need to be
met; for details see:
• https://www.orac
le.com/assets/da
ta-recovery-
licensing-
070587.pdf
22
23. Localized protection with Oracle Real Application Clusters (RAC)
• Highest availability
• Auto, fast failover to running instance(s)
• Zero-downtime rolling upgrades
• Highest ROI
• All instances active
(no idle resources)
• Applications run unchanged
• Scalability-on-demand
• Add, change capacity online
• Ideal for database consolidation
• Fleet patching and maintenance
High Availability (HA)
23
24. Site failover with Oracle Data Guard (DG)
• Basic DR (included with database
enterprise edition)
• License primary and secondary sites
• Active-passive
• Standby is used only for failovers
• Automatic failover to Standby site
• Zero/near-zero data loss
• Continuous data validation
• Simple migrations and upgrades
Disaster Recovery (DR)
Primary (NY) Standby (SF)
Sync
24
25. Site failover with Oracle Active Data Guard (ADG)
• Advanced DR
• Active-active*
• Queries, reports, backups
• Occasional updates (19c)
• Assurance of knowing system is operational
• Automatic corruption repair
• Rolling upgrades
• Application continuity
• Zero data loss across any distance
Disaster Recovery (DR)
*Read only
Primary (NY) Active Standby (SF)
Sync
25
26. Site failover with Oracle GoldenGate (GG)
• Advanced, flexible DR
• Licensed technology
• Active-active
• Full, multi-master, bi-directional replication
• Full read-write access
• Heterogeneous
• Zero downtime database maintenance
and platform migration
• Assurance of knowing system
is operational
Disaster Recovery (DR)
Bi-directional
sync
Primary (NY) Primary (SF)
26
27. Scale out
Data protection
Oracle Maximum Availability Architecture (MAA)
Reference
architectures
Deployment choices
HA features,
configurations
and operational
practices
Customer insights and expert recommendations
Production site Replicated site
Replication
Generic Systems Engineered Systems DBCS ExaCS/ExaCC Autonomous DB
Flashback RMAN + ZDLRA
Continuous availability
Application Continuity Global data services
Active replication
Active Data Guard
RAC Sharding
ASM
24/7
Golden Gate
Bronze
Silver
Gold
Platinum
28. Database Options Performance &
Agility
28
• Customers need to be able to have fast access
to their data to take the right actions and
make faster decisions, that means they (and
their own customers) need fast, agile access
to applications and information.
• The Performance & Agility bundle has been
designed to provide capabilities to help
customers achieve this.
29. Database Performance health check
29
• What? Database Performance Health Check provides
an initial analysis of customers’ database systems.
• Pre-Requisites : Customer background, database
system details, description of potential performance
issues faced
• Deliverable: Diagnosis Report in the form of a
presentation, identifying main performance issues
and suggesting actions to improve performance
30. Constant performance monitoring and automatic tuning
Oracle Diagnostics Pack & Oracle Tuning Pack
30
Seamlessly discover, analyze, and solve database performance problems
• Automatically collects and analyzes information necessary for database operation
• When performance problems occur, notify the administrator by e-mail etc.
• By using the Tuning Advisor, easily perform tuning without advanced knowledge.
Confirm processing
at a specific time
Check the breakdown of the
processing that was performed
during this time
Check execution plans and various statistics
Time and wait
summary
I/O overview
SQL overview
31. Holds the same data in memory in two different formats to speed up all processing
Oracle Database In-Memory (DBIM)
Buffer
cache
IM column
Store
SALES SALES
Row
format
Column
format
SALES Two formats for one
table
Only row format
in storage
• Holds the same data in both row and
column format in the database memory
space
• Row format: Buffer cache
• Column format: In-memory column store
• Accelerate all database processing by using
both formats
• Analysis and aggregation processing is
executed for column format
• Transaction processing is executed for
line type format
• Transaction consistency guaranteed
32. Exadata
32
Automated Management –
Fully automated and optimized end-to-end
Database Aware System Software –
Unique algorithms vastly improve OLTP,
Analytics, and Consolidation
Ideal Database Hardware –
Scale-out, database optimized compute,
networking, and storage
Extreme Performance and Availability, Lowest Cost, Available Everywhere
Identical
Capabilities
On Premises
Cloud@Customer
Oracle Cloud
34. Oracle Exadata is The Best Platform for Oracle Database
Exadata delivers unmatched Oracle Database capabilities for
60 Exadata-only features for Oracle Database
Scalability
1. Infiniband Cluster Interconnect
2. Remote Direct Memory Access on Storage I/O
3. Exadata High Redundancy Storage
4. High Performance I/O – 6.57 million IOPS from
SQL
5. Low Latency I/O – 200 microseconds
6. In-Memory Data Mirroring
7. Hybrid Columnar Compression
8. Bloom Filter Joins
9. In-Memory Columnar Tables
10. In-Memory External Tables
11. Memory Optimized Key/Value Data
12. Higher Consolidation Density
Performance
1. Active/Active IB Network
2. Exadata Smart Write Back, Smart Flash Logging,
Smart Scan, and Reverse Offload
3. Fastest Redo Apply and Instance Recovery
4. Efficient re-silver rebalance after Flash failure
5. I/O latency capping for reads and writes
6. Cell IO timeout threshold
7. Smart Write Back Flash Cache Persistence
8. I/O and network resource management
9. Cell to cell offload for disk repair
10. Cell-to-Cell Rebalance Preserves FlashCache
11. Appliance Mode Support
Security
1. Full Stack Patching
2. Minimal Attack Surface
3. Pre-Scanned & fixed system stack using STIG,
Nessus, and Qualys
4. Advanced Intrusion Detection Environment
(AIDE) –similar to virus scanners
5. SGX Integration in Exadata Storage Cells
Availability
1. Fast Node and Cell Death Detection
2. Fast Network Failure Detection
3. Redundancy Protection on cellsrv shutdown
4. Redundancy Protection on Cell shutdown
5. Reduced Brownout for Instance Recovery
6. ILOM Hang Detection and Repair
7. Automatic ASM Mirror Read on IO error corruption
8. IO error prevention with Exadata disk
scrubbing/ASM Corruption repair
9. Corruption Prevention with HARD support
10. Elimination of false-positive drive failures
11. Redundancy Check During Power Down
12. Blue OK-to-remove LED Light notification
13. Health Factor on predictively failed disks
14. Disk Confinement
15. I/O hang detection and repair
16. Drop Hard Disk for Replacement
17. Drop BBU for Replacement
Efficiency
1. Exadata Elastic Configuration
2. Cell Alert Summary
3. Flash and Disk Lifecycle Management Alerts
4. Auto Online
5. Auto Disk Management
6. Priority Rebalance Support
7. EM Failure Reporting
8. Failure Monitoring on Database Servers
9. Updating Database nodes with Patchmgr
10. Optimized and Faster Exadata Patching
11. Custom Diagnostic Package for Cell alerts
12. VLAN support and automation
13. Exachk – full stack health check with critical issue alerts
14. Automatic Statistics
15. Automatic Indexing
Availability Security Performance
Scalability Efficiency
34
35. Oracle Database Appliance X8 model family
35
Performance
Higher
Capacity Higher
Oracle Database Appliance X8-2S
▪ Single-instance
▪ 16 cores
▪ 192 GB memory, expandable to
384 GB
▪ Up to 3x public network cards
▪ 12.8 TB data storage (raw)
Oracle Database Appliance X8-2M
▪ Single-instance
▪ 32 cores
▪ 384 GB memory, expandable to 768 GB
▪ Up to 3x public network cards
▪ 12.8 TB data storage, expandable up to
76.8 TB (raw)
Oracle Database Appliance X8-2-HA
▪ Single-instance and RAC
▪ 64 cores
▪ 768 GB memory, expandable to 1.5 TB
▪ Up to 3x public network cards per server
▪ 46 TB SSD data storage, expandable up
to 369 TB SSD or up to 92 TB SSD / 504
TB HDD (raw)
Meets a wide range of workload
and availability requirements
36. Simplicity through integration
36
Build your own Oracle Database Appliance
5 Puzzle pieces
Server, storage, networking,
database, consultants
1 component
Easy installation
7 staff / skills for HA
DBA, network admin,
storage admin, system admin,
installation expertise,
HA expertise, optimization skills
1 DBA
~ 863 hours
3 years deploy,
maintenance, support
~ 36 hours
3 years deploy,
maintenance, support
16 + patches
per year
4 patches
per year
37. Database Options Cost
Optimization
37
• Customers need to be able to adapt their
business models and value chain as required
but in a cost effective way so managing their
underlying costs.
• The cost optimization bundle has been
designed to provide capabilities to help
customers achieve this.
• Up to 75% of organization's IT budget is
spent on maintenance, on keeping the
lights on, leaving too few resources for
innovation
39. Isolation and agility with economies of scale
Advantages of Multitenant Architecture
GL OE
AP
Self-contained PDB for each application
• Applications run unchanged
• Rapid provisioning (via clones)
• Portability (via pluggability)
Common operations performed at CDB
level
• Manage many as one
(upgrade, HA, backup)
• Granular control when appropriate
Shared memory and background
processes
• More applications per server
Complementary to VMs
40. Improve query performance by dividing large table and limiting the accessed range
Oracle Partitioning
40
Split the table into groups (partitions) whose
column values meet certain conditions
If the narrowing condition of the SQL WHERE
clause matches the partition condition, access
only that partition (partition pruning)
Table full scans for analytic and aggregate
processing are limited to full scans for a
particular partition
Partition 1
Table Table
block
Partition 2
Partition 3
41. • Tables, indexes are divided into smaller units
- Maintains performance as data volume increases
- Can be divided by various ways according to query conditions such as period and value specification
By limiting the data to be read, the amount of processing (CPU time, I/O) can be reduced
Partitioning Partition pruning
41
Oracle Client
Non-partitioned table Partitioned table
SQL> select * from TABLE1
where COLOR = ‘RED’ ;
RED GRAY YELLOW
Reads all data and
filters using DB
server CPU
Only necessary data (RED)
is read and minimum
filtering is realized.
42. Oracle Advanced Compression
Data is compressed and stored to save space and improve query performance
• By compressing the data, it is possible to reduce the amount of data from approximately 1/2 to 1/4
• Saves storage space by compressing data
• Furthermore, the I/O amount is reduced, which leads to improved search performance
• Advanced data management with automatic data optimization (ADO) and heat maps
• No changes to existing applications
42
Verification of processing time
Uncompressed
Compressed
Significantly
reduced I/O
processing time
CPU Time
I/O Time
Uncompressed
Compressed CPU Time
I/O Time
Almost no I/O
overhead
In the query process In OLTP processing
43. Database Options for Analytics
43
• Customers need to be able to have fast access
to their data to take the right decisions fasters.
They need to leverage machine learning
without moving data and use mixed data
types for their analytical workloads.
• The Analytics bundle has been designed to
provide capabilities to help customers achieve
this.
44. Oracle Partitioning and In-Memory
44
Partition 1
Table Table
block
Partition 2
Partition 3
Buffer
cache
IM column
Store
SALES SALES
Row
format
Column
format
SALES Two formats for one
table
Only row format
in storage
45. Traditional — “Move the data”
Traditional vs. Oracle Analytics
45
—“Don’t move the data!”
46. Traditional — “Move the data”
Traditional vs. Oracle Analytics
46
— “Move the algorithms”
Simpler, Smarter Data Management
+ Analytics / Machine Learning
Architecture
47. Classification
• Naïve Bayes
• Logistic Regression (GLM)
• Decision Tree
• Random Forest
• Neural Network
• Support Vector Machine
• Explicit Semantic Analysis
• Gaussian Mixture Models
Clustering
• Hierarchical K-Means
• Hierarchical O-Cluster
• Expectation Maximization (EM)
Anomaly Detection
• One-Class
Support Vector Machine (SVM)
Regression
• Generalized Linear Model
• Support Vector Machine (SVM)
• Random Forest
• Linear Model
• Stepwise Linear regression
• LASSO
Association Rules
• A priori
Attribute Importance
• Minimum Description Length
• Principal Component Analysis
(PCA)
• Unsupervised Pair-wise KL
Divergence
Predictive Queries
• Statistical Functions
• Basic statistics: median, stdev, t-
test,
F-test, Pearson’s, Chi-sq, Anova,
etc.
• Algorithm Support for Text
• Algorithms support text type
• Tokenization and theme
extraction
• Explicit Semantic Analysis (ESA)
for document similarity
Feature Extraction
• Principal Component Analysis
(PCA)
• Non-negative Matrix
Factorization
• Singular Value Decomposition
(SVD)
Time Series
• Single Exponential Smoothing
• Double Exponential Smoothing
Open Source ML Algorithms
• CRAN R Algorithm Packages
through Embedded R Execution
• Spark MLlib algorithm integration
Oracle’s Adv. Analytics Machine Learning Algorithms
A1 A2 A3 A4 A5 A6
A7
+ Ability to Mine Unstructured, Structured, &
Transactional data
+ Support for SQL “Partition-By” Models
48. In-database support for different kinds
of geospatial data
• Vector Data (Points, Lines, Linestrings, Areas)
• Geo-referenced Raster Imagery (Orthophotos,
Satellite Images, ...)
• 3D Point Cloud Data (Laser scanning,
Photogrammetry)
• Network Data (Road Networks, Utility Networks)
• Topology Data (Land management)
• Streaming Point Data (Location tracking)
Oracle Spatial and Graph
48
In-database support for different graph data
• Graph analytics
• Graph query language
• Graph visualization
• Standard interfaces
• Integration with machine learning tools
49. 49
Differences between editions
Main features of each edition
Analysis, Consolidation Performance Availability Manageability Security
・Multitenant
・Spatial and Graph
・Advanced Analytics
・OLAP
・Database In-Memory
・Diagnostics & Tuning Pack
・Parallel processing
・Resource Manager
・Smart flash cache
・Result cache
・Real Application Clusters
・Active Data Guard
・Data Guard
・Flashback
・Sharding
・Automatic Storage
Management
・Fail Safe(Windows)
・Partitioning
・Advanced Compression
・Lifecycle Management Pack
・Real Application Testing
・Test Data Management Pack
・Data Masking and
Subsetting Pack
・Online maintenance
・SQL Plan Management
・Automatic memory
management
・Advanced Security
・Database Vault
・Access control
・Fine-grained audit
・Network encryption
(SSL/TLS)
EE+Option
EE
SE2
Appealing technology