Co-authored by Kiran Tailor
Ask anybody in operations or support the question, “What keeps you up at night?” There’s a good chance that you’ll get one of the following answers:
Is everything operating as normal?
Has our website gone down?
Are the payment systems all processing transactions?
When do our servers run out of capacity?
Can we access our monitoring tools outside of our building?
We have an issue, but what is causing the issue?
Ask the same question to security and governance teams, you might get the following responses:
Which teams can see personal data?
Are we storing any information that we shouldn’t?
What data do we want to hide?
How can we hide the data?
Are we PCI-compliant?
Say that we buy some software that covers all the previously mentioned concerns. How often do these tools need patching, updates, and operational oversight? If we want to expand what we’re monitoring, do we need more licenses? These tasks require not only human capital but operating expenses (opex) and capital expenditures (capex) costs to meet the ever-growing utilization of databases. Moreover, monitoring and maintenance tools need to keep up with the following changing demands:
Stay up to date on new and emerging security threats.
Provide insight on utilization for capacity planning.
Provide insight on performance of existing Oracle databases.
“You can’t manage what you don’t measure" is an old management saying. In today’s hyper speed technology environment where planning, design, security, utilization, and monitoring requirements can change quickly, customers need tools that can stay ahead of the game.
For customers focused on growing their business, installing, updating, maintaining, and monitoring a capacity planning tool is not a value add. Data is the new gold for malicious actors and data breaches resulting in significant monetary and trust loss is a significant concern for operations teams.
So, what about cloud? Even though public cloud database can address these challenges much more efficiently and comprehensively, not all databases can be migrated or deployed in the cloud for the following reasons or others:
Legacy databases that can not be migrated
Requirements from database users to keep database on-premises
Amount of data stored on-premises
In summary, data is a customer’s most valuable assets. If not protected, maintained, and improved upon constantly, it can become the biggest liability. This data needs to be protected and monitored, and databases where the data is stored need ongoing performance monitoring and tuning.
These issues us to the introduction of two cloud native services offered by Oracle Cloud Infrastructure (OCI) for on-premises Oracle databases: Data Safe and Operations Insights.
Can you run security assessment against your Oracle databases at a moment’s notice, gather and baseline the result, and monitor for any changes? How about audit for access and risky activity, amount of sensitive data and its location, regardless of if the database is in on-premises or cloud? Am I meeting the compliance requirements?
Oracle Data Safe is a fully integrated, modern, unified, and automated security cloud service, focused on the security of your data. It provides a complete and integrated set of features for protecting sensitive and regulated data in Oracle Cloud databases.
Customers can use Oracle Data Safe to do these tasks quickly and efficiently for Oracle databases, regardless of where they’re deployed and whether those databases are running Standard or Enterprise Edition. Data Safe provides the following key features:
Security assessment: Assess the security of your database configurations. It analyzes database configurations, user accounts, and security controls and reports the findings with recommendations for remediation activities that follow best practices to reduce or mitigate risk.
User assessment: Helps assess the security of your database users and identify high risk users. It reviews information about your users in the data dictionary on your target databases and calculates a risk score for each user. It also provides a direct link to audit records related to each user so appropriate security controls and policies can be deployed.
Data discovery: Helps you find sensitive data in your databases. After it’s run, it returns a list of sensitive columns.
Data masking: Masks sensitive data so that the data is safe for non-production purposes. For test and development, simply copying production data exposes sensitive data to new users. You can use data masking to replace the sensitive data with realistic but fictitious data.
Activity auditing: Lets you audit user activity on your databases so you can monitor database usage and be alerted of unusual database activities.
Operations Insights Service enables business executives, database, and IT administrators to make informed, data-driven database resource and performance management decisions. Operations Insights provides 360-degree insight into the resource utilization and capacity of databases and hosts. You can easily analyze CPU and storage resources, forecast capacity issues, and proactively identify SQL performance issues across your database fleet by collecting and storing up to 25 months of operational telemetry. It then uses applied machine learning to analyze that telemetry. The output of the analysis, provided through advanced visualizations and notifications, helps with capacity planning, optimizing resource utilization and maximizing application performance.
The following graphic shows Data Insights working with on-premises Enterprise Manager: (Enterprise Manager is not required)
With Operations Insights, you have the following capabilities:
Analyze resource usage of databases and hosts across the enterprise.
Forecast future demand for resources, based on historical trends.
Compare SQL performance across databases and identify common patterns.
Identify SQL performance trends across enterprise-wide databases.
These two services provide customers who have Oracle databases deployed on-premises with fast, reliable, and comprehensive set of tools for operations, monitoring, planning and security. For more information, see the following reference materials: