Oracle Autonomous Database in Enterprise Architecture E-Book

Oracle Autonomous Database in Enterprise Architecture

Utilize Oracle Cloud Infrastructure Autonomous Databases for better consolidation, automation, and security

Bal Mukund Sharma

Krishnakumar KM

Rashmi Panda

BIRMINGHAM—MUMBAI

Oracle Autonomous Database in Enterprise Architecture

Copyright © 2022 Packt Publishing

All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.

Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the authors, nor Packt Publishing or its dealers and distributors, will be held liable for any damages caused or alleged to have been caused directly or indirectly by this book.

Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.

Group Product Manager: Gebin George

Senior Editor: Kinnari Chohan

Technical Editor: Jubit Pincy

Copy Editor: Safis Editing

Project Coordinator: Prajakta Naik

Proofreader: Safis Editing

Indexer: Hemangini Bari

Production Designer: Ponraj Dhandapani

Marketing Coordinator: Sonakshi Bubbar

First published: December 2022

Production reference: 1251122

Published by Packt Publishing Ltd.

Livery Place

35 Livery Street

Birmingham

B3 2PB, UK.

ISBN 978-1-80107-224-3

www.packt.com

It is worth mentioning that the team at Packt Publishing has been the persistent driving force behind the successful publishing of this book.

There were several obstacles that arose during the pandemic that made the fate of this book appear gloomy. But we really appreciate how the Packt Publishing team pulled through and worked hard from the beginning to the completion of the book, extensively collaborating and coordinating with multiple stakeholders.

We would like to convey special thanks to our reviewers who have been very instrumental in getting the book to its final form, including refining the overall structure.

And last but not least, we will always be grateful to our families, who have always been the motivation of our lives.

- Bal, Krishna, and Rashmi

Contributors

About the authors

Bal Mukund Sharma is a technology specialist specializing in Oracle Cloud Infrastructure, databases, and engineered systems. He has experience across industries including Telecom, healthcare, financial services, and insurance. Bal is currently working as a senior cloud practice manager with Oracle and has worked in roles such as product manager, technical delivery manager, lead DBA, content architect, software engineer, and QA engineer. He helps customers with OCI-infrastructure implementation, networking, and SecDevOPS practices, along with technologies such as high availability, engineered systems, and autonomous databases. He has been very successful in helping several customers, such as banks and Telcos, to adopt the right database and cloud strategies and complex technology implementations across the world.

Besides this, Bal enjoys cooking for friends and family.

Krishnakumar KM is a cloud architect. He holds a master’s in business administration from Anna University. He started his career in 2004 as a DBA and has experience working in industries including banking, Telecom, and financial services. He has been working with Oracle for 12+ years. He is passionate about innovating, deploying, debugging, and designing cloud solutions for customers. He has extensive knowledge of computing, networks, storage, and virtualization theory and architecture. He is a part of beta testing database products and has written Oracle knowledge-base articles. He has delivered presentations through various channels, including Oracle OpenWorld. He actively participates in Oracle-related forums, such as OTN communities. He has also co-authored books on Oracle database upgrade and migration methods and Oracle database high availability.

RashmiPanda is a database enthusiast with a keen interest in Oracle Database technologies. He has spent around 18 years in different roles, including as a developer and database administrator and consulting roles. He enjoys working with customers, providing guidance in adopting better deployment solutions to address their business transformation needs in their growth roadmap. Besides databases, he has garnered excellent experience in the data integration arena, which involves performing PoC and demos on OGG, ODI, and EDQ to meet the extensive and complex data integration needs of customers. Whether on-premises, cloud, or a hybrid kind of deployment, he has been successful in creating customer solutions in designated platforms that adhere to the customer’s data security requirements.

About the reviewers

Venkata Ravi Kumar, Yenugula (YVR) is an Oracle ACE Director and Oracle Certified Master (OCM) with 25 years of experience in the banking, financial services, and insurance (BFSI) verticals. He has worked as a vice president (DBA), senior database architect, senior specialist production DBA, and Oracle engineered systems architect.

He is an Oracle Certified Professional (OCP) from Oracle 8i/9i/10g/11g/12c/19c and also an Oracle Certified Expert (OCE) in Oracle GoldenGate, RAC, Performance Tuning, Oracle Cloud Infrastructure, Terraform, and Oracle Engineered Systems (Exadata, ZDLRA, and ODA), as well as Oracle Security and Maximum Availability Architecture (MAA) certified.

He has published over 100 Oracle technology articles, including on Oracle Technology Network (OTN), OraWorld Magazine, UKOUG, OTech Magazine, and Redgate. He has spoken twice at Oracle Open World (OOW), San Francisco, US.

He has designed, architected, and implemented the core banking system (CBS) database for the central banks of two countries – India and Mahé, Seychelles. Oracle Corporation, US, awarded him the title Oracle ACE Director and published his profile in their Oracle ACE Program.

They also published his profile on their OCM list and in their Spotlight on Success stories.

Dipanjan Biswas has more than 24 years of experience in the IT industry. He has played technology and delivery leadership roles in large IT consulting organizations, niche solution providers, and start-ups. He has led enterprise data platform implementations for multiple Fortune 500 customers in the pharma, retail, and banking domains. He has architected an enterprise fraud and risk management system for one of the world’s largest payment network providers.

He loves listening to music and reading books.

Sonali Malik is a mother, an engineer, a techie, a tech community leader, a mentor, and a chief architect with over 20 years of experience in Oracle Database technologies, cloud services, cloud consulting, and the IT industry. As a master principal cloud architect for strategic clients, Sonali specializes in Oracle Cloud Infrastructure and platform services, software delivery networks, cloud security, and Oracle products, along with other cloud platforms and on-premises technologies. Sonali has garnered substantial industry experience. In the past, she held technical and managerial positions in various organizations. She has an extensive history of customer advocacy with an understanding of how to suggest and help with making innovative technical decisions, get client consensus, and deliver commitments.

When she is not working, she spends her time pursuing hobbies such as dancing, reading books, cooking, traveling, and spending time with her family and friends. She also volunteers at different organizations that support diversity and inclusion.

Table of Contents

Preface

Part 1 – Understanding Autonomous Database in OCI

1

Introduction to Oracle's Autonomous Database

Technical requirements

Learning what an Autonomous Database is

Always Free ADB

Technology building blocks – ADB

Oracle DBEE

Oracle Exadata Database Machine

OCI

Oracle best practices

Oracle knowledge base

ML

Classification of ADB based on workload

ADW

ATP

AJD

ADB infrastructure deployment choices – shared and dedicated

Shared

Dedicated

ADB on Exadata Cloud@Customer

Understanding why to use an Autonomous Database

Decades of innovation in the ML capabilities of Oracle Database

Autonomous Database value proposition

Reviewing use cases for ADB

Understanding the business benefits of using ADB

Improved business performance gains

Improved DBA and system administrator productivity

Reduced development cycle time

Reduced non-compliance risks – data

Reduced planned downtime

Reduced unplanned downtime

Reduced IT infrastructure acquisition

Reduced IT infrastructure maintenance and support

BOM and SKUs for autonomous databases

Summary

Questions

Further reading

Answers

2

Autonomous Database Deployment Options in OCI

Technical requirements

OCI’s Free tier account

OCI Free Trial

Always Free resources on OCI

Creating an Always Free ADB

Networking, IAM, and security for shared and dedicated deployments

Prerequisites – IAM considerations

Policy requirements for your ADB

Networking considerations

Deploying a serverless shared ADB

Deploying a dedicated Exadata infrastructure

Summary

Part 2 – Migration and High Availability with Autonomous Database

3

Migration to Autonomous Database

Migration considerations

About the Zero-Downtime Migration tool

Migrating on-premises database to Autonomous Database using ZDM

Implementing migration to Autonomous Database using ZDM

Installing and configuring ZDM software on a dedicated host

Target Autonomous Database creation

Generating an OCI API key pair in the pem format

Installing the OCI CLI

Preparing an SSH key pair

Creating an Object Store bucket

Creating an OCI user authentication token

Keeping the same time zone

Database character set

Setting up the GoldenGate Microservices hub in the OCI marketplace

Setting up the OCI CLI in the source database server for file transfer

Preparing a ZDM response file for migration

A dry run of ZDM

Run the migration job

Summary

Questions

Answers

4

ADB Disaster Protection with Autonomous Data Guard

Overview and associated terminologies

AuDG

Local standby

Remote standby (cross-region standby)

Associated specifications in AuDG

Region and roles specification

RTO and RPO in an AuDG configuration

Status and operation in AuDG

Implementing AuDG

Enabling AuDG

Performing a manual switchover operation – local standby

Performing a manual switchover operation – remote standby

Disabling AuDG

Leveraging OCI Events Service for AuDG operations

Points to remember about AuDG

Summary

Questions

Answers

Further reading:

5

Backup and Restore with Autonomous Database in OCI

Technical requirements

Understanding the backup types

Working with automated backup in the OCI portal

Learning how to take a manual backup

Restoring database backups

Manual database backup using Data Pump

Creating a dump set

Creating a Data Pump backup directly to object storage

Data Pump import backup

Refreshing Autonomous Database schemas

Database links between autonomous databases

Summary

Questions

Further reading

Answers

6

Managing Autonomous Databases

Technical requirements

Autonomous database actions

Starting or stopping an autonomous database

Autonomous database connection

Performance Hub

ASH Analytics

SQL monitoring

Workload

Blocking Sessions

Scale Up/Down

Cloning

Updated Network Access

Access control list

Administrator password

Updating the license type

Renaming a database

Move Resource

The service console

Changing the workload type

Enabling Operations Insights

Terminate

Registering autonomous databases with Oracle Data Safe

Security Assessment

Summary

Part 3 – Security and Compliance with Autonomous Database

7

Security Features in Autonomous Database

Operating system access restriction

Dedicated ADMIN users for the database

Private endpoint

NSG

Data Safe

Security Assessment

User Assessment

Data Discovery

Data Masking

Activity Auditing

Data encryption

Encryption of data at rest

Encryption of data in transit

Database backup encryption

Access control lists

SQL*Net Connection

SQL command restrictions

Automatic security patch update

Summary

FAQs

Index

Other Books You May Enjoy

Part 1 – Understanding Autonomous Database in OCI

The objective of this part is to give you a clear understanding of Autonomous Database (ADB) concepts. You will be able to clearly articulate the business benefits and technical merits of using Oracle’s ADB.

After completing Part 1 of the book, you should be able to deploy ADB based on use cases such as transaction processing versus data warehousing and Shared versus Dedicated, all based on a better understanding of networking and IAM best practices for deployment in OCI.

This part comprises the following main chapters:

1

Introduction to Oracle's Autonomous Database

This chapter is an introduction to Oracle’s Autonomous Database (ADB). It explains the hardware architecture supporting this service. You will learn how it differentiates from traditional database deployments and the reasons to select ADB. We will explore various use cases for ADB along with business benefits in terms of Total Cost of Ownership (TCO)/Return on Investment (ROI), compared to traditional deployment.

With this chapter, you will build a solid foundation on ADB, which will be very useful later when you start architecting your application use case.

In this chapter, we will cover the following topics:

By the end, you should have a clear understanding in terms of which flavor of ADB is good for your use case.

Technical requirements

For this chapter, although there are no technical requirements, if you are familiar with the Oracle Cloud Infrastructure (OCI) Console, you will be able to visualize the topics discussed.

Learning what an Autonomous Database is

Before we start learning about ADB, let’s first understand what OCI is.

OCI was designed to satisfy the needs of enterprise workloads that often require high performance, security, elasticity, availability, and integrity for their critical applications. Enterprises today want to lower their cost and move from a traditional CAPEX-based model to an OPEX-based culture. At the same time, they need a rich set of cloud services and automation capabilities built using cloud-native technologies to provide a comprehensive cloud solution for customers. OCI provides services around infrastructure, data management, analytics, applications, development/DevOps, governance, and security to cater to requirements from big to small enterprises. OCI is not just limited to Oracle’s data center but can also be extended to customers’ data centers; an offering called Cloud@Customer, which runs behind the company’s firewall, is available, and solves data sovereignty requirements. OCI is also available as dedicated regions for those workloads that require an in-country location or have data sovereignty requirements.

OCI’s ADB is a self-driving, self-securing, and self-repairing fully-managed database environment available on the cloud as well as on-premises. As of right now (the cloud is all about change), four distinct workload types are available with autonomous databases: Autonomous Transaction Processing (ATP), Autonomous Data Warehouse (ADW), Application Express (APEX), and Autonomous JSON Database (AJD).

You can build data-driven apps and gain operational insight in real time without worrying about the operational aspects of a database in terms of maintenance tasks such as backups, patching, upgrades, and performance tuning. You can scale the number of CPU cores or the storage capacity of the database at any time without impacting the availability or performance of the database system. With cloud-native developments and auto, we have highlighted and discussed auto scaling in detail in other chapters. Here, we give an overview of all the scaling features OCI provides and its automated responses to your workload needs.

ADB is built upon a very solid foundation with more than three decades of technical innovations developed by Oracle, providing customers flexibility combined with Machine Learning (ML) and Artificial Intelligence (AI). Oracle manages everything for you, so you can focus on your data, development, and delivering solutions that impact your business.

ML models and algorithms run inside Oracle ADB. It brings the following advantages:

In addition to these benefits, ADB also supports key Oracle database features and open source programming languages:

With Oracle Machine Learning and Oracle ADB, users have a variety of options for building and deploying models involved in data science projects, whether they use in-database algorithms or open source Python algorithms. An autonomous database uses AI and ML to achieve a complete, automated provisioning experience, applying security, automated patch updates, continuous availability, and performance tuning based on the workload types; managing changes; and avoiding mistakes. Oracle Machine Learning for Python (OML4Py) in Oracle ADB upholds versatile in-dataset information investigation and arrangement utilizing local Python grammar, conjuring in-dataset calculations for model structure and scoring, and implanting the execution of client-characterized Python capacities from Python or REST APIs. Likewise, OML4Py incorporates the AutoML interface for automated calculations and component choice and hyperparameter tuning to augment model execution. On the other hand, ODM, which is an extension of Oracle SQL Developer, helps develop ML methods.

Let’s discuss a bit about security in autonomous databases. We will go through the details of it in Chapter 7, Security Features in Autonomous Database. All data in ADB is encrypted, and users or applications need to be authenticated in order to use the database. ADB does not require any manual configuration for providing encryption – whether data is at rest or in motion, all connections use certificate-based authentication over Secure Socket Layer (SSL). ADB enforces strong password complexity for all users based on Oracle Cloud Security standards. ADB provides a network Access Control List (ACL), using which databases can only accept connections from allowed IP addresses and reject all other client connections. ADB also provides network access through private endpoints that help organizations implement strict security mandates to only allow connections privately from inside a Virtual Cloud Network (VCN), and traffic never uses public subnet and public internet within your tenancy VCN.

Quick note

In OCI, ADW was the first offering launched in 2018. Later, ATP was added to the service portfolio of offerings at beginning of 2019. Recently, in August 2020, Oracle also added JavaScript Object Notation (JSON) databases to the Autonomous Database service catalog, known as AJD.

Quick note

You can think of a VCN as a private network set up inside an Oracle data center, which consists of several firewall rules and communication gateways. The components of a VCN are one or more subnets, Internet Gateways (IGWs), Dynamic Routing Gateways (DRGs), route tables, security lists, and DHCP options. When you create a VCN inside OCI, most of these components are created by default. Another thing to keep in mind is that a VCN covers a single, continuous IPv4 CIDR block of your choice. In other words, you can say that a VCN provides software-defined networking in OCI.

Always Free ADB

Always Free ADB is available through Oracle’s Free Tier, which provides customers with up to two instances of ADB (Serverless/Shared) for every tenancy. Always Free ADB supports both ATP and ADW workload types. Customers can upgrade a Free database to Paid anytime.

Quick note

You can sign up for an Oracle Free Tier account by navigating to https://www.oracle.com/cloud and clicking on the Try Oracle Cloud Free Tier button on the right side.

The key characteristics are as follows:

Always Free ADB gets automatically stopped after 7 days of continuous inactivity. After 90 (cumulative) days of continuous inactivity, Free ADB instances are also automatically terminated. Users are notified via console UI banners for both of these events.

Always Free autonomous databases can only be created in your account’s home region as shown:

Figure 1.1 – The Always Free ADB option during deployment

Customers can create autonomous databases quickly and easily using the OCI Console, Command-Line Interface (CLI), Software Development Kit (SDK), and Terraform. To create a database, customers can log in to their OCI Console and select Oracle Database | Autonomous Data Warehouse | Transaction Processing | JSON Database. You need to provide details such as the database name, the number of OCPUs, storage (in TB), and the admin password. In a couple of minutes, a fully ready autonomous database is ready for use by the customer. Customers can perform various management operations on their databases, such as starting, stopping, restarting, backing up, cloning, using Data Guard, and monitoring. Backups are automatic and the customer has the option to take a full backup anytime, as well as the ability to restore to a “point in time” backup. Backups are retained for 60 days by default and the customer can configure it to be more or less. The customer can scale their database CPUs and storage without any downtime. Using administration credentials, customers can access and start using the ADB service using a separate service console. You can also update admin credentials anytime.

Technically, ADB is built on OCI Exadata infrastructure. Each ADB database is an independent Pluggable Database (PDB) to which the customer doesn’t have host access. Oracle manages the entire life cycle activities of the database based on customer inputs and preferences. You can check the ADB page within Oracle Cloud Console as depicted in the following screenshot. It shows deployed ADBs within a region.

Figure 1.2 – ADB page on the Console

As we can see in Figure 1.2, a single page has both a shared and dedicated infrastructure link for the easy creation of these services and navigation capabilities.

Technology building blocks – ADB

Let’s see what makes an Oracle database autonomous. We will look at various building blocks for autonomous databases. You will notice that starting from Oracle Database version 9i, Oracle introduced several automation capabilities around memory management, workload monitoring, and self-tuning capabilities, which set the base for autonomous databases. With the acquisition of Sun Microsystems, Oracle drove a database infrastructure with engineered systems focused on more automation capabilities and bringing data processing to the storage layer, with innovations such as Smart Scan, query offloading, a storage index, columnar compression, and so on. These database platforms are preconfigured and highly optimized for running database workloads, pre-tested across thousands of deployments, thus forming the base for autonomous databases.

The ADB building blocks are as follows:

We will talk about each block in detail in the next sections.

Oracle DBEE

If you have prior knowledge of Oracle databases, you will already know that Oracle had two distinct editions of databases targeted for different market segmentation: a Standard edition and an Enterprise edition. As the Enterprise edition was built to suit the high-performance requirements of enterprise customers for transactional and analytical workloads, it has several features that make it enterprise-class. With traditional database deployments, the DBA needs to tweak several configuration parameters based on workload types, not just the database but also the Operating System (OS) and network configuration – everything that goes with any production-ready database deployment. ADB removes these complexities and comes preconfigured with optimal values based on deployment types.

Oracle DBEE sets the foundation for autonomous databases. The database options available with DBEE provide the required capabilities to run ADB. The following options give ADB autonomous capabilities:

Quick note – database parameters

All database parameters are set to optimal values based on workload type. Users can only change a limited number of parameters. These parameters are shown in the following screenshot.

Figure 1.3 – List of allowed parameters for modification in ADB

As we can see, most of the changeable parameters are around the user’s profile, related to NLS, time zones, and so on. Oracle sets all other parameters to optimal values by default.

Oracle Exadata Database Machine

If you are new to Exadata Database Machine, you can consider it a combination of software and hardware optimized to run Oracle Database. The current version of Exadata is X9-M and it will be keep being updated based on the latest version. Normally, Oracle follows a cycle of 12 to 18 months to release a new generation of Exadata machines. The very first version of Exadata was released back in 2008. With each Exadata refresh cycle, customers get the most recent CPU processors, memory, increased disk capacity, flash, and high-speed networking components, which provide increased performance, security, availability, and management capabilities. Exadata is known as a great consolidation platform because of the massive capacity and performance available with these machines.

Oracle introduced a storage layer within the database machine, with several innovations supporting scale-out architecture, and parallel query operation, which greatly optimized data processing at its storage layer. Exadata solved two major problems: avoiding network bottlenecks for data movement within the machine through SQL offloading and, at the same time, providing a larger network bandwidth (100 Gbit/s) Ethernet fabric for data access. Exadata also provided separate Ethernet ports for data center connectivity and management operations such as backups. Some of the key innovations within machines can be considered Smart Scan, query offloading to storage, storage indexes, flash caching, resource management, Hybrid Columnar Compression (HCC), and in-memory database capabilities with fault tolerance.

Quick note – ADB platform

ADB runs on RAC on Exadata. ADB decides where to place each database during provisioning. A fewer number of instances are preferred when possible. Even though it’s running on RAC, the database can only be open on one node.

OCI

OCI provides required technologies such as networking elements, VCNs, subnets, virtual firewalls (network security groups), security lists, communication gateways, identity and access control, automated provisioning, logging, audit, monitoring capabilities, and so on, which are needed to run Exadata Cloud Service natively. OCI provides end-to-end security with a focus on the unified, automated, prescriptive security experience that makes life easier for customers. Identity management is a key focus for OCI, which helps simplify a customer’s security landscape, starting with data and then moving through the infrastructure, network, monitoring, and edge services. At the data or database layer, OCI supports encryption at rest and in transit and supports hardware security modules.

Within infrastructure, for compute instances, OCI supports hardened OS images, autonomous Linux, hardware root-of-trust, and signed firmware. In the networking domain, OCI supports isolated network virtualization with off-box Network Interface Cards (NICs), private networking with FastConnect, and security zones, which can be used to apply context-specific security policies to compartments. For monitoring, OCI has integrated Cloud Security Posture Management with Cloud Guard. Cloud Guard is very dynamic and OCI releases new services every week for customer needs. Recently, Oracle announced Scanning Service, which scans compute hosts and container images for vulnerabilities. The Bastion service automates the configuration of secure Bastion servers. The Certificates service automates the provisioning and management of private and public certificates. Threat Intelligence Service centralizes threat intelligence and vulnerability feeds integrated across cloud services.

Oracle best practices

Every organization emphasizes adopting best practices, Oracle has published several “best practices,” which are based on expert recommendations for deploying a product, fine-tuning, configuration changes, and so on. In addition to this, Oracle’s Maximum Availability Architecture (MAA) focuses on best practices for the availability of applications based on the categorization of Service-Level Agreements (SLAs). Oracle