Pankaj Chandiramani's Blog

Been lazy (& bussy) for past couple of weeks with new implementations on Rman Catalog , AS & others ......

So continuing with the discussion on DR .....

Some of the biggest question faced when implementing a DR are :

• What Kind of standby - physical or logical
  
• What king of Protection mode
  
• What to use - Log Writer or Archiver 

Here is a small table to help you make a better decesion :

Mode	Log Writing Process	Network Trans Mode	Disk Write Option	Redo Log Reception Option	Supported on
Maximum Protection	LGWR	SYNC	AFFIRM	Standby redo logs are required	Physical standby databases
Maximum Availability	LGWR	SYNC	AFFIRM	Standby redo logs	Physical and logical standby databases
Maximum Performance	LGWR or ARCH	ASYNC if LGWR	NOAFFIRM	Standby redo logs	Physical and logical standby databases

Physical Standby : is a exact replica of Primary DB , it uses redo apply technique & has to be open in "Read only" mode .

Logical Standby : uses SQL apply technique & is in read-write mode as it can also hold addtional objects for reporting use .

One of the reasons people opt for physical standby is that logical standby has some limitations when it comes to objects , so before proceding to logical one should always check weather all his objects can be supported in Logical standby .

in couple of days i will describr the process of implementing DR (both logical & Physical).....keep watching the blog ..

 

Security is one of the major concerns for today's IT organizations and its driven by partially two issues. Firstly, how to protect against insiders attack (?) and secondly, How to put controls in place for compliances like HIPAA etc (?).

Oracle 10g Database Vault provides the option for the customers to address most of the security issues, protecting from insider threats and also meeting regulatory compliances.

Data Vault Architecture & Components

Database Vault is built into the kernel of the database and cannot be breeched by the DBA.It consists of a number of components that form the whole product. It is also integrated with Oracle Label Security and Virtual Private Database, extending the protection that is offered by those products.  

It addresses the security concerns through the use of realms of responsibility and pre-defined reports.  Realms allow companies to set up virtual fences around segments of the database, such as all the data around HR.  These realms are so deeply established they go down to the very core of the DB  Thus, a highly privileged user of a HR system cannot bypass the app, go directly to the db and be able to access information they are not authorized for.  Another application of realms will be DB consolidation in future as companies are looking to reduce the costs associated with multiple databases as of current DB functionality lacks this, most have HR DB running on separate instances from Finance DB.  Now, cost-savings can be achieved by setting up realms of responsibility and running multiple apps on a single DB.

Many Pre-defined reports have also been shipped with Data Vault that help companies to provide the audit trails of who has had access to what, and ensuring the activity of the most highly privileged users are tracked.  No single person can turn off the auditing, before the DBA could do it.  

Components of Data Vault:

• DVA  Data Vault administrator
  
• DVSYS & DVF schema
  
• DVCA  Config assistant
  
• PL/Sql interface
  
•  Policy manager, label security
  
• Access control components

Access Control Components are the new and very powerful security concepts:

• Realms make it easy to restrict users with powerful DBA privileges to specified application schemas  Separation of Duty; e.g. Easy to create an HR dba or Financials dba

• Factors extend access beyond User and Role based Access; e.g. IP Address

• Rules control database access based on factors in the environment ; e.g. Control access based on time of day, IP address, location
  

Installation & Configuration:

Oracle Data Vault has been released for 10gR2 (10.2.0.2) release of Database for Linux x86 & Solaris (SPARC) 64bit.

What all you require before starting Data Vault installation:

1. 10.2.0.2 Db version (If you are on 10gR1, you have to upgrade, but before doing upgrade install OLS on 10gR1 as it a pre-req)
   
2. OLS  Oracle Label security also on 10.2.0.2 (this is a additional red)
   
3. EM 10g
   
4. Pls check latest install doc for updates.
   
5. Installation will ask you to create a new account for DV manager & DV owner (very important to remember these, as these only will allow to access your db after install)

Installation Steps (assuming 10gR1, single instance):

1.    Install OLS
Ãi??�Ãi??§    ./runInstaller -> Custom Install -> Oracle Label Security -> Install

2.    Configure the DB to run with OLS
Ãi??�Ãi??§    ./Dbca -> Configure DB -> Add OLS schema -> Finish

3.    Upgrade to 10gR2  10.2.0.2
Ãi??�Ãi??§    ./runInstaller -> Select OH -> Patch

4.    Install Data Vault
Ãi??�Ãi??§    ./runInstaller -> Select OH -> User/Pass for DV owner -> User/pass for SYS of current DB -> Finish -> Install & Configure DVCA

This will install Data Vault on top of your existing database, but after the install you should do couple of post install steps:

1.    Unlock Accounts that you want to use by accessing database using DV owner user/pass.
2.    If you want Sysdba access, you have to recreate the password file with orapwd with some options that data vault recognizes:

E.g. : orapwd file=$ORACLE_HOME/dbs/orapworcl password=5hjk99 force=y nosysdba=n

Here:
file name is :orapw$SID
    nosysdba = n , this is default which will enable the sysdba access, if you want to disable the access just change this to y.

Data Vault installation will change couple of initialization parameters due to security, these are:
REMOTE_LOGIN_PASSWORDFILE = default, EXCLUSIVE
AUDIT_SYS_OPERATIONS = TRUE
REMOTE_OS_AUTHENT = FALSE
REMOTE_OS_ROLES = FALSE
OS_ROLES = FALSE
OS_AUTHENT_PREFIX = ''
SQL92_SECURITY = TRUE
O7_DICTIONARY_ACCESSIBILITY = FALSE

You are all set to go & access the Data Vault in EM.
 http://localhost:1158/dva

Other Readings: OTN & OBE have good resources available on Data Vault

B25165-01- install guide

I always wanted a RAC test env , finally found a simple way to create it using just one computer .........here it goes

What all you need :

1. one windows box (powerfull , i had 2ghz)
   
2. atleast 1 gb Ram
   
3. Vm ware licence (or trial 30 days) 
   
4. ard 15gb disk space

What all you will get :

1. RHEL AS4
   
2. Oracle db 10.2.0.1
   
3. RAC + CRS + ASM
   
4. HTML DB
   
5. Secure backup

Installation :

Oracle provides a image for RAC on Linux , that can be downloaded from here . Also you will need to download some addtional files from Redhat .......have downlaoded all ?? if yes , you are all set to go ....unzip everything & use runinstaller .......

Fill in the necessary details & you are done .

you will get an environment is built in a VMware Virtual Machine (VM). The VM contains a simulated Oracle Real Application Cluster running on Red Hat Enterprise Linux 4.0 . Database storage is managed by Oracle Automatic Storage Management (ASM). The diagram summarizes the architecture deployed in the VM. Notice that the cluster hosts 2 instances RACDB1 & RACDB2 as well as 2 listeners

Just start the virtual machine , user/pass are oracle/oracle

Give it 15 mins or so to start process(automatically) & use crs_stat for checking the details ...........

All done now you have a play ground for atleast 30 days ;)enjoy

More Readings........click here

Just got to know that oracle has extended its beta exam period till 31st Jan 2007 ........so call up test centers in your area to book the seats ....exam is for 50$........
Atleast i am planning to give :
 1Z1-233 Oracle 11i Install, Patch and Maintain Applications

hope for the best ;)

Just got a new machine , dell 3ghz cpu + 2gb Ram + 19inch monitor(biiigggg) +dvd burner :)

Will use this to setup my playground for DR , AS & data Vault ........so soon you will see loads of articles on these topics :)

till then happy holidays .........

Does this sounds as a RAC topic ......yes it was .....but now in Oracle 10g it is possible to use the Oracle Clustersoftware to protect single instance databases .

OTN has a nice sample code on how to's for a cold failover for a single db instance .

click here to download it

It has sample code + witepaper to get you going .The best part is that it covers couple of case studies also .

 

Few days back i created a RMAN catalog for our Production RAC env which has a 8-node cluster , sharing my experience on the same ........

First we need to understand why we need a Catalog .....
To have a better Back up solutions for large no of db's ; Backup policy is easy to manage  ; Catalog offers enterprise-wide repository ; Reporting is easier ...etc

Basic Architecture shows how this is implemented ....refer below pic

So we will get right to the work & do teh installation & config as below :

Creating a RMAN Catlog is a 3 phase process :
    Create DB that will contain catalog
    Create User , Table space etc
    Create Catalog

Step 1 :Create DB that will contain catalog
Here is what i did :
    Instal 10gR2(without the db ) -> Upgrade to 10.2.0.2
    ->Create a DB
As we were to ues this as just a RMAN Catalog , we created a custom db .

Step 2: Create User , Table space etc
We created a table space for Rman called TRMAN
eg : CREATE SMALLFILE TABLESPACE "TRAMAN" DATAFILE '/u02/oradata/T_02.dbf' SIZE 2000M REUSE , '/u02/oradata/T_01.dbf' SIZE 2000M REUSE LOGGING EXTENT MANAGEMENT LOCAL SEGMENT SPACE MANAGEMENT AUTO

We then created a USER called Rman with defalut table space TRMAN & unlimited quota
eg : CREATE USER RMAN PROFILE "DEFAULT" IDENTIFIED BY "*******" DEFAULT TABLESPACE "TRAMN" TEMPORARY TABLESPACE "TEMP" QUOTA UNLIMITED ON "CATTBS" ACCOUNT UNLOCK

Then we gave the required priviledges
GRANT "CONNECT" TO RMAN
GRANT "RECOVERY_CATALOG_OWNER" TO RMAN

Step 3 : Create Catalog

Connect to RMAN & create a catalog like below :
RMAN> connect catalog rman/oracle
RMAN>create catalog TRAMN (tablespacename)

So Rman catalog is created .................
No to register any DB into this we use the below command

./rman target / catalog rman/oracle

RMAN> register database ;

will cover exp + backup details in some of my next posts ........