Tuesday Aug 06, 2013

Secure, Subset and Self-Service Database provisioning in Cloud


One-step inline data masking and data subsetting is a very innovative solution in Oracle Enterprise Manager 12c that enables enterprises to provision secure and reduced size test systems directly from the production or standby database without the need for a full production database copy. So you are able to create reduced size copies of production database keeping the referential integrity of data set intact saving on storage costs and more importantly also ensure your sensitive database never creeps into any of your development or test systems in compliance with data privacy policies.

With Oracle Enterprise Manager 12c Release 3 customers have now started adopting this one-step on-the-fly masking and subsetting solution along with Database-as-a-Service(DBaaS) self-service provisioning capabilities and the outcome is one of the most comprehensive and unique solution to realize self-service provisioning of secured, subset copies of production like databases for all of testing and development needs in a private cloud model.




In this blog post I will walk through the steps required to achieve this comprehensive solution for test and development systems provisioning in enterprise private cloud.


1) Prepare source database

One of the ideal option in case customer has physical standby is to convert physical standby into a snapshot standby for one-step data subsetting and masking operation. A snapshot standby receives and archives but does not apply redo from primary until converted back to physical standby. So once you have created subsetted and secure dump from snapshot standby you can convert snapshot standby back to physical standby using Oracle Enterprise Manager. Refer to Oracle Data Guard guide for considerations in using snapshot standby.  In-line data subsetting and masking can also be performed on production database in case there is no physical standby.

2) Perform Inline data subsetting and masking workflow

Here are the steps :

a) Create Application Data Model(ADM)
ADM is a knowledge base entity in Oracle Enterprise Manager that captures application metadata, referential relationships, sensitive columns and is used by both test data management and data masking. There are pre-defined drivers to capture data relationships from application metadata tables for Oracle Applications such as Fusion Apps and eBusiness Suite. Security Administrator requires EM_ALL_OPERATOR privilege to create ADM and Data Masking and Subsetting definition.

b) Create Masking and Subsetting definition

As a best practice, Security Administrator can create masking formats for all regulated information in the enterprise. There are out-of-box Oracle supplied default masking formats also that can be used from format library. Next step is to create masking definition that includes information regarding table columns and the format for each column. You can choose which columns to mask. Data Masking workflow can be referred here.
Next step is to create Data subset definition and use the same ADM and database used in creating the masking definition. In this step you can define the table rules,rule parameters, include 'Ancestor and Descendant tables' or 'Ancestor tables only' option this ensuring referential integrity is maintained. At this step Space estimates can also be reviewed and depending on the result, you can modify or add new rules and review back on space estimates value. Pre/Post subset scripts can also be included in definition.

c) Generate subset using export option

Using the definition subset can be created by writing the subset data to export file. Specify directory where to save the export dump and schedule the subset job. Once the job is complete, the subset Data pump file of production data with sensitive data masked is ready. The overall flow is described here
Some key tips -
- Parallel degree can be used for faster export. Start with twice the number of CPUs and tune from there
- %U and max file size parameter can be used to ensure optimum use of parallelism
- Rule parameter in where clause can be used for actual subset generation with different values
- Column rules can be used to set large-sized columns to null or fix value to reduce database size further

3) Prepare secure test/reference database

Once the Data pump export file is generated it can be imported in a test/staging database . For details refer here.This test database can be used as a reference for all development and testing copies and hosted in Self-Service portal for end users to request from service catalog.

4) Self-Service Portal Setup

Following two options are available to cloud-enable this secure reference database for self-service provisioning of future copies of this database via Oracle Enterprise Manager 12c Database-as-a-Service (DBaaS) solution :

a) Snap Clone option that leverages storage level copy-on-write technologies for cloning and is suited best for functional testing requirements and for short lived databases.With this option you can clone terabytes of data in few minutes and storage saving is enormous with this option. you need to review the supported storage options for this method. As of time of writing the post Netapp and ZFS is supported though there are plans to support more storage options in near future.

b)  RMAN based cloning from backup is one of the favorite option for DBAs. The restore process is completely automated with EM 12c DBaaS and this option is best suited for performance and load testing, development requirements and for databases used for significant updates.
Once you decide on the option, steps to follow are documented in one of my recent blog post around Planning Database as a Service Implementation Project

Refer to Private Cloud Setup and Administration guide here for details on DBaaS Setup and Snap Clone, RMAN Profile options. The secure database prepared in previous step will be used as reference target by SSA Administrator while creating database provisioning profile using RMAN backup or Snapshot option. Please also ensure you have reviewed this MOS Note for DBaaS related patches -
"Enterprise Manager Cloud Control 12c Recommended Plug-Ins and Patches for Database as a Service (DBaaS) (Doc ID 1549855.1)"




5) Self-Service database provisioning in Cloud

End users can now request for secure subset copies of production database via Self-service portal for all kind of functional QA, load and performance testing, development requirements. All the databases provisioned from this approach are also enabled by default with EM 12c powered monitoring and diagnostics, lifecycle and cloud management capabilities.




Solution References

1) Oracle Enterprise Manager 12c Packs
Oracle Test Data Management Pack
Oracle Data Masking Pack
Oracle Database Lifecycle Management Pack
Oracle Database Cloud Management Pack

2) Oracle Enterprise Manager 12c Platform and Plug-ins
Enterprise Manager Cloud Control 12c Release 3 Base Platform (12.1.0.3)
Enterprise Manager for Oracle Database (DB) plug-in 12.1.0.4
Enterprise Manager for Oracle Virtualization (VT) plug-in 12.1.0.5
Enterprise Manager Storage Management Framework (SMF) plug-in 12.1.0.2
Enterprise Manager for Oracle Cloud (SSA) plug-in 12.1.0.6


Additional information

Stay Connected:

Twitter |  Face book |  You Tube |  Linked in |  Newsletter

Monday Feb 25, 2013

New and updated Oracle Enterprise Manager 12c Plug-Ins for Infrastructure as a Servce ( IaaS )

With the recent announcement of Oracle Enterprise Manager 12c Release 2 Plugin Update 1 (12.1.0.2), building and managing Infrastructure as a Service ( IaaS ) cloud is simpler than ever. Enterprise Manager for Oracle Virtualization (VT) plug-in 12.1.0.4 now support Oracle VM 3.2.1 which is enhanced for building much more secure and scalable enterprise class infrastructure cloud. Particularly, we were able to see significant performance improvement in handling parallel operations in the area of storage and VM management. Some of the key features supported for Oracle VM 3.2.1 include:

• Virtual Machine Tagging- During deployment, users specify tags (that can be edited later) for the machines they are creating, and search based on the tags.

• Periodic Storage Repository Refresh - Synchronization between data on the repository and that on the Oracle VM Manager can now be automated

• Oracle VM Agent password update support - Oracle VM Agent password can now be updated via the EM UI

• Virtual Server Roles support – Servers can be marked for playing different roles, such as utility role or virtual machine role

• VM start policy – Users can set the policy on where the VM should be started on (e.g., Current Server, Best Server or based on Pool Policy)

• OCFS2 timeout support – Users can set heartbeat timeout for servers in a clustered server pool

More details on Oracle VM 3.2.1 features can be found here

Enterprise Manager for Oracle Cloud (SSA) 12.1.0.5 enables the new capabilities provided by Enterprise manager for Oracle Virtualization plug-in 12.1.0.4 for self service users through self service portal.

Some of the key features and improvements in Enterprise Manager for Oracle Virtualization 12.1.0.4 and Enterprise Manager for Cloud 12.1.0.5 plug-ins for building Infrastructure as a Service cloud include:

• Faster and consistent synchronization with Oracle VM Manager – Any VM status change is reflected in Enterprise Manager must faster than before and more consistently. Both target status and OVM status of VM target instance in EM are consistently updated when VM goes through any status changes

• Improved UI page performance – Many of key UI pages for cloud management load much faster now

• Improved assembly deployment – There are multiple enhancements in this area including better error handling, improved and more robust Storage Repository selection for better distribution on storage usage, and enhanced network placement logic.

• Out of box assembly support - Database assemblies available in Self Update Console can be downloaded and used in Self Service Portal for easy deployment of database in your cloud. Deployment is completely integrated with EM agent deployment so that host and applications like database instance can be discovered and managed when the assembly deployment is complete

Follow the steps below to enable the latest functionality using these plug-ins:

1.    Apply patchset update (PSU) patch 14840279 to EM 12c Release 2 (12.1.0.2) OMS $ORACLE_HOME. This is a recommended patch on 12.1.0.2.0
2.    Deploy the Oracle Virtualization Plug-in 12.1.0.4.0 and Oracle Cloud Plug-in 12.1.0.5.0 on the OMS using the Enterprise Manager 12c console. If you plan to use the database assemblies, also deploy the Oracle Database Plug-in 12.1.0.3.0

To deploy the above three plug-ins use the following EM CLI command:

$ emcli login -username=sysman -password=<password>
$ emcli deploy_plugin_on_server -plugin="oracle.sysman.vt;oracle.sysman.ssa;oracle.sysman.db"

3.    Apply the Virtualization Plug-in patch 16235354 on to the Plug-in $ORACLE_HOME. (Make sure PSU mentioned in step 1 is applied before this step.)
4.    Deploy the Oracle Virtualization 12.1.0.4.0 Plug-in on the Enterprise Manager Agent managing Oracle VM Manager using the Enterprise Manager console. (This is the agent used when registering the OVM Manager to Cloud Control)
5.    Apply patch 16219750 on this same Agent used to manage the Oracle VM Manager target. This can be done via a Patching Plan in the Enterprise Manager Console.
6.    Apply the Virtualization Plug-in patch 16235337 on the Agent. (Make sure patches mentioned in steps 3 and 5 are applied before this step - this can also be applied via a Patching Plan)

Refer to support note 1371536.1 for more details.

Stay Connected:
Twitter |
Facebook | YouTube | Linkedin | Newsletter

Tuesday Oct 18, 2011

IDC Report : Oracle Enterprise Manager 12c Embraces the Cloud with Integrated Lifecycle Management

Oracle Enterprise Manager 12c  was announced earlier this month at Oracle Open World . Oracle Enterprise Manager 12c is the only complete cloud management solution for enterprise cloud that is built and engineered to help you reduce IT complexity and improve agility. 

IDC analysts Mary Turner and Tim Grieser covered the launch event and various Oracle Enterprise Manager sessions and demos at the Oracle Open World 2011 event. They published their observation in their Research Report : Oracle Enterprise Manager 12c Embraces the Cloud with Integrated Lifecycle Management 

In this research report, Mary and Tim said, "Oracle is to be given kudos for raising the bar and actively including mission critical database, middleware and application self service provisioning and dynamic scaling in the corporate cloud management discussion. Oracle is also to be commended for developing a comprehensive cloud lifecycle approach and for being remarkably clear on the steps needed to plan, implement, operate and manage clouds to derive business value from increasingly complex application deployments."

Oracle Enterprise Manager 12c brings together three essential capabilities to help enterprises gain Total Cloud Control:

  • Complete cloud life cycle management - New capabilities such as cloud setup and configuration, policy-driven resource management, self-service access, metering and chargeback.
  • Integrated cloud stack management - Includes the entire Oracle stack ranging from Oracle Fusion Applications, Oracle Fusion Middleware, Oracle Database and Hardware—as well as key non-Oracle technologies.
  • Business-driven application management - Enables application performance to be optimized based on the real-time experience of end-users.

 For more information, please go to Oracle Enterprise Manager  web page or  follow us at : 

Twitter   Facebook YouTube Linkedin


About

Latest information and perspectives on Oracle Enterprise Manager.

Related Blogs




Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
3
5
6
7
9
10
11
12
13
14
15
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today