All posts by Ann Sjökvist

Standard Edition has the same core tech as Enterprise Ed. It just haven't all nice gadgets available so different solutions is required. Easy to violate license agreements, so be careful out there :)

Oracle SE2 Security Challenge [Dbvisit Guest Blog]

(c)annsjokvist

A NEED TO RETHINK TOMORROW

This post was originally written for Dbvisit – a company providing added values to any Oracle Standard Edition Environment

Many people within the Oracle Community share their knowledge about the Oracle database from an Oracle Enterprise Edition database perspective, and therefore the advice might not be suitable for an Oracle Standard Edition 2 database due to license restrictions.

Back in 2014, my idea was not only to increase the awareness of the Oracle Standard Edition database pitfalls but also highlight its potential and opportunities by blogging and speaking at conferences about it.

I assume most of the people within the Oracle Community already know, that the luxury of using features like AWR, ASH, compression, partitioning and advanced security are out of reach for an Oracle Standard Edition 2 database customer and DBA in 2018.

Back in 2014 it was easy to advocate for the Oracle Standard Edition database, since it had the same solid core technique as Oracle Enterprise Edition and was only lacking some neat features and options, that most ISV vendors anyhow had not implemented in their application. The missing features/options like diagnostic and tuning pack wasn’t having any impact noticeable for an application user. It was more of a DBA kind of issue or problem. But….

GDPR CHALLENGES

(c)crownworkforcemanagement

The big buzz word in Europe is the “GDPR”, which is the General Data Protection Regulation. Everybody working in ICT is searching for a technical solution that supports a company’s daily business struggles to become GDPR compliant and the lack of advanced security features are starting to give Oracle Standard Edition 2 database customers in 2018 a bad headache.

Oracle provide a nice battery of technical solutions to tackle the new GDPR challenges. Following Oracle’s GDPR papers might give you an idea of the range of technical solutions for good compliance at the Oracle database level:

Accelerate Your Response to the EU General Data Protection Regulation

Accelerate Your Response to the EU General Data Protection Regulation with Oracle Cloud Applications

Helping Address GDPR Compliance Using Oracle Security Solutions

I agree with Oracle on this one:

“GDPR is technology-neutral and does not mandate organizations to implement specific security controls, technologies or methodologies. However, Article 32 does provide guidance on certain security measures that organizations may consider implementing to help secure the data….”

Since GDPR is more a technical-neutral thing, than an edition specific thing, I was expecting specific advice for all the other database editions as well. Undoubtedly the fact that Oracle provide technical solutions from an Oracle Enterprise Edition database perspective is a big challenge for many Oracle Standard Edition 2 database users today and when asking Oracle about this challenge, the answer is of course “join our cloud”.

Cloud is for sure a nice thing, but for many reasons a move to the cloud is not an option for some companies. What options are then available for such a customer? Move to another database vendor, who will provide free or very low-cost security options? Sure, why not, but for sure such a solution will also require some new investments. So far, I haven’t heard of many business applications built-in such way, that you can switch the database without any application modifications.

AVDF ON ORACLE STANDARD EDITION

© SAN Institute

At OOW17, I talked to people at the Oracle Security stand, who told me that the Oracle “Audit Vault & Database Firewall” product now is available for Oracle Standard Edition 2 databases as well. This is great, because I saw an opportunity for Oracle Standard Edition 2 database customers today to build a solution that would ease their “GDPR headache”. Please note that Oracle also has a solution called “Audit Vault”, which is a completely different product.

If you are not familiar with what these two products can achieve, here are a couple of links to SAN Institute articles about Oracle AVDF and Oracle AV.

Short summary on AVDF:

“At a High-Level Oracle Audit Vault and Database Firewall (AVDF) provides organizations with three key database security requirements: audit collection, SQL traffic monitoring and security event reporting. With an easy-to-use interface, AVDF is for organizations looking to increase security with enterprise wide database activity monitoring, auditing and reporting.”

To my understanding, at a minimum GDPR compliance requires, that a company has a good picture of and a broad understanding of their data, its sensitivity, who is using the data and for what purpose, so that if a breach occurs, they can inform the authorities.

MONITOR, BLOCK AND AUDIT

© Dreamstime

Naturally I had to test AVDF 12.2.0.7 together with an Oracle Standard Edition 2 database to get some insight. The amount of audit trail with only a standard audit option is of course a challenge in itself. I tested an approach of combining standard audit with the FDA-solution and some triggers.

The “SE2+AVDF” solution I tested is not as elegant as the ones available out-of-the-box for an Oracle Enterprise Edition database, but it gave me some new ideas on how this solution might be refined and therefore could be helpful. But no doubt the option of buying security options for an Oracle Standard Edition 2 database would be a relief.

Since Oracle Standard Edition 2 database customers are facing a challenge now, I have also checked for alternative solutions. There are many other candidates available on the market and it’s obvious they will be explored.

RETHINK TOMORROW

At OOW17, Larry Ellison announced that Oracle will make security their business. They intend to do everything in their power to make their databases more secure.

“So first, we [the business world] have gotta provide security without slowing down our other tasks, and we HAVE TO ELEVATE the priority of security in our data centers—because NO ONE wants to be on the front page about having lost their company’s data,” Ellison said at OOW17.

Sounds good and promising.

The fact that the Oracle Standard Edition 2 database doesn’t include advanced security or fine-grained auditing options is well-known, and probably one of the most significant challenges in the era of GDPR.

Both Oracle’s announcement at OOW17 about making security their business and this statement from one of the above presentations make me believe in the Oracle Standard Edition 2 opportunities:

“GDPR is technology-neutral and does not mandate organizations to implement specific security controls, technologies or methodologies.” As an optimistic and positive person, the statements make me believe in the power of “rethink tomorrow”.

Security is everybody’s concern, and should IMHO not be a matter of money. It should be a default “de facto” in every database like “Sun & Moon”, “Bonnie & Clyde” or “Cruffin & Coffee”.

Take care, stay well and let’s see what the future of tomorrow looks like.

Ann

Helsinki 20 Feb 2018

OOW17 Security and Standard Edition

(c) Ann Sjökvist 2017- Helsinki

OpenWorld 17 Thanks

The harvest of my trip to Oracle OpenWorld, San Fransisco was a huge “learning-networking-aha-new ideas”.

I specially like to thank Tammy, Martina, Wes and all the others from the ODA team that made my trip special in many ways.

I also like to give a special thanks to Hanni , Jussi and Hannu. The pre-meeting idea was super!

Larry’s Security Keynote – SE Hope

It was great to see a smiling and fun making Larry Ellison on the stage. His Keynote about Security made more than sense to me.

His speech gave me hope. Standard Edition database is part of the Oracle fleet, so when Larry announced Oracle has started the Cyberspace Security journey, and taking the business seriously, I think it looks promising from SE perspective.

I learned from Security team in San Fransisco that Audit Vault+Database Firewall is buy able for SE environment. Ofc, the challenge of not having FGA, will still be there. But that’s not a huge problem, only an issue.

In SE environment we just learn how to cope with obstacles, and if not…..well either an EE upgrade or we look for a new Vendor (with all the restrictions that Vendors DB will have). So far my experiences are; There are no free lunches. It’s simple as that.

(c) Louise Salminen 2017

Take care, stay well and enjoy the options to stay positive.

Ann

Helsinki October 2017

GDPR – Oracle Max Data Security Architecture – SE?

Using Oracle Database Security Products

Oracle Corp.(c) + my added SE notes

Standard Edition Data Security

As you already guessed, Oracle offers many solutions to tackle the GDPR (General Data Protection Regulation).  The picture above, is an Oracle (c) and I have added Standard Edition database related information to it.

Why? It is simple. Many of the options that Oracle are suggesting requires an Enterprise Edition database, because you cannot buy those options for your Standard Edition database.

And the original picture comes from document.

update: 15.10.2017: OOW17 Security Team hear saying: Standard Edition can buy AVDF option. The EE requirements no longer there

Oracle SE exit?


I guess most of the people interested in Oracle Corporations related Technology has noticed the latest moves and changes in their strategy.

I was told, that changes has occurred within customer support and education, and it looks like well qualified people have been relocated or dismissed from their duties. Really?

I was informed that the SE climate has gone from a nice warm breeze to a more ice-cold climate. Really?

Tim Hall's post about Oracle cloud license changes doesn't leave doubts about the changes.

Somewhere on the net I found an article about the amount of databases available on the market. Sorry but lost the link. The writer explicitly said 'as an Oracle DBA, I would start learning other vendors DB's'.

His thoughts and the changes in strategy of Oracle made me ask: "If Oracle strategy is only from an IT perspective instead from a customer perspective. What is the added value of having an Oracle SE database?"

postgreSQL internal database might add some new values for SE customers. For sure looks interesting. Have you read Inc article "How to select the best database software: Know your database software types". I agree with this quote "experts stress the importance of selecting a system that best meets your needs."

We are living in a new area where digitalization brings new methods, processes and new ways of looking at things. Customer care is not according to some specialist what it used to be either.

According to the specialists, customers are looking for added value and good experiences not only IT technical stuff.

Changes in climate make customers changing there behaviors. When it is getting cold you by a warmer coat. Right?

So it's all seems natural when hearing about customers starting to look for new solutions that might add a better ROI from a customer value perspective instead from an IT perspective, doesn't it?

Let me borrow this quote with a miner change (report->blog)

This blog is in no way designed to be definitive. Rather, the objective is to encourage thinking about the future, to stimulate and facilitate debate, discourse and discussion, so that we are all better placed to shape our industry in the years that lie ahead.
Holger Taubmann, Senior Vice President Distribution, Amadeus"

Take care, stay well and maybe the climate will get nice and warm again. 🙂
-Ann

26 Feb 2017

Cloud Backup Service pitfall for SE

(c) Oracle
(c) Oracle

Backup Cloud Service – Standard Edition proof?

New updates below 9.9.2016

I did some googling, and found this document “Using Oracle Database Backup Cloud Service“. In the beginning of the document it states:

use RMAN parallelism and compression??
use RMAN parallelism and compression??

“…Use RMAN parallelism and compression…”

To my understanding, the On-prem Standard Edition database have no license model allowing the DBA to use parallelism or compression, so after looking at the above document, I’m asking my self, has there been a change in the Cloud? Can a Standard Edition Cloud database use parallelism and/or compression for free?

Answer from Oracle License Specialist 11.8.2016:

“Standard Edition has the same rules in the Cloud as in On-Prem. So You may not use the parallelism and compression features”

Thanks Oracle for the clarification, and lets remember the golden rule – remember to be careful before starting to do things if your environment includes a Standard Edition database.

Below is the “Special-Use Licensing” part from the 12c License document:

available in Oracle Advanced Security Option
available in Oracle Advanced Security Option

IMHO: The information between these two different documents provided by Oracle is misleading.

To my understanding we are not able to follow this “Best Practice ….” document advice if we have a Standard Edition Cloud database.

Can we find a document like this?

“Standard Edition Howto with Cloud Backup Service” 

Update per 9th Sept 2016  – start:

i was speaking about SE at a DOUG meeting in Denmark at the end of August 2016, were we had a great time talking and exchanging thoughts about SE related stuff. We had a great interactive session during my 90 minutes talk!

Thanks to Lars Bo V, and Peter G, I learned new things about the Cloud Backup Service that need to be added to this post.

Oracle Database Backup Service – FAQ (Doc ID 1640149.1) answer the question:

Can I backup Oracle Database Standard Edition databases to Cloud Service?”

The answer is yes, but there are some restrictions and requirements that need to be fulfilled.

“Please note that all the backup related restrictions – such as single channel etc. still applies to the standard edition. “

As the Oracle License Specialist referred to earlier in this article.

According to the Edition document this feature is free of charge, and available for SE/SE1/SE2 databases:

free option
free option

The good news is that Yes you can backup to the cloud, and the costs might not even be too expensive,  so I suggest you look in to it.

Update per 9th Sept 2016  – end

Take care, stay well and enjoy the opportunities in the Cloud

Helsinki, 11.8.2016

–Ann

Talking SE at Danish Oracle UG 25.8.2016

doug_logo

Danish Oracle User Group Event August

Danish Oracle UG 25.8.2016 – Let’s talk SE

Are you a user of Oracle Standard Edition Database, or are planning to start working with a Standard Edition Database?  I would love to meet you and hear about your experiences and exchange thoughts about SE future.

I will be talking about my experiences in SE, and its different pitfalls that I think every Oracle DBA should know about.

More information on the event can be found here.

Take care, stay well, and see you in Copenhagen!

–Ann

 

 

Administrating Oracle Standard Edition in the Cloud

Exploring the journey of SE Cloud

In my previous post, I activated and created a Cloud Standard Edition Database (=CSE) .

Oracle’s promise – Cloud no DBA necessary

“Fully managed by Oracle – no DBA necessary”

Cloud - No DBA cecessary

The above statement is for a Database Schema Service database, and sounds very promising from a SME business owners perspective. Hopefully I have time to test drive it, to check the degree of truth in that statement.

Testcase Database as a Service (=DBaas)

So I am the lucky “owner” of a  Cloud Standard Edition Database.

Our Cloud Standard Edition Database is not yet aware of any companies data.

 What does my Cloud SE DB looks like?

Newly created without any Customer Data
Newly created without any Customer Data

The picture above shows my newly created CSE.

The CSE database has not yet any business related data in it, and 93% of Operating system Memory in use.

Well-known DBA routines still useful?

Should I have asked for a bigger Cloud? Are these numbers normal and good enough to hold the real customer data as well? Should I have taken something into considerations, before activating my CSE database? Did I miss something important? How can I be sure not to overdue the small budget, that the SME customer has? How about the automatic backup routines?  Can I rely on the default backup policy, or should I urgently fix them? Is this Cloud different from On-Prem or should I stick to the company’s well-known DBA routines?

I found this document, but do still have some open questions that need answers.

Start using my CSE

Oracle provide us with an “out-of-the-box”  the  “DBaas Monitor” Console, which helps us monitoring our Cloud Standard Edition Database Instance well being.

Options in “DBaas Monitor” Console:

Database - what we can do from DBaas Monitor
Database – DBaas monitor Console
OS - what we can do in DBaas Monitor
OS – DBaas monitor Console
About - DBaas monitor Console
About – DBaas monitor Console
Overall & Logout -DBaas monitor Console
Overall & Logout -DBaas monitor Console

Enable https access

Before we can use the “DBaas Monitor” Console, we need to sign in to our Cloud Service account, and enable the https access “Access Rules” option for our instance:

Instance Access Rules
Instance Access Rules
Enable https Access
Enable https Access
OK - otherwise will not work
OK – otherwise will not work

Login to DBaas Monitor

There. Now we can Open the Console and start to explore our newly created CSE.

DBaas Monitor
DBaas Monitor
DBaas monitor
DBaas monitor
DBaas monitor Login
DBaas monitor Login

Login to CSE with SQL Developer

If your attention is to use SQL Developer remember to enable the listener from our Cloud Service.

Access Role - SQL Developer
Access Role – SQL Developer

After this small exercise in the Cloud,  more questions arises.

 Thinks to think about in SE

In my next post I will talk about Cloud Backup Service and what to think about when your DB is a SE Cloud version.

Take care, stay well and let’s enjoy the sunny days of Summer!

Helsinki 31.7.2016

–Ann

Oracle Standard Edition in the Cloud – easy or not?

Oracle Database Cloud Service (Database as a Service)

It is based on VMs provided by Oracle Compute Cloud Service. You can connect to your Oracle Database Cloud Service (Database as a Service) instances by using Oracle Net Services from outside the Oracle Cloud.

Two service levels of Oracle Database Cloud Service (Database as a Service) instances are available:

  1. The Virtual Image level includes the Oracle Database and the supporting software as part of the virtual machine you provision. You have to install the Oracle Database, and you are responsible for all maintenance operations for this software.
  2. Oracle Database Cloud Service (Database as a Service).
    The instance comes with automated tooling for backup, recovery, patching and upgrade. When you provision one of these Oracle Database Cloud Service (Database as a Service) instances, your virtual machine comes with your Oracle Database instance already running, with backup jobs already scheduled.

Standard Edition is like EE in the Cloud

The Cloud is here to stay, and lot’s of people have already tried it out, and by googling, it seems that most of the articles are focused on the Enterprise Edition option. Please check out Tim Hall’s post about his tests from here.

How about if I want a Standard Edition Database? Any different steps needed?  Let’s check it out.

How-To create a SE Instance in the Cloud

1 – Create a SSH public/private key

  1. Generating a SSH Public/Private Key Pair (I used PuTTY Key Generator), to be used with our SE Cloud Database.  Enter a password/passphrase for the private key and save the private key.
    • To save the public key copy and paste in a Notepad file the generated text, and save the Notepad document with the .pub expension; for example MyPubOraCloudKey.pub
SSH Key Generator
SSH Key Generator
Copy and save your Public Key
Copy and save your Public Key

IMPORTANT – Save the keys and remember the passphrase for your private key. This will be
used in further steps.

2 – Create a Storage Container

Before creating the SE instance it’s a good idea to create the storage container, since this will be required during the Instance creation phase. It is used for backups, and I used CloudBerry,  but you can also create one with REST API if that’s more your “cup-of-tea”.

Create Storage Container for Backups

3 – Login to Your Oracle Cloud account (Create if not available)

After you have registered with your (trial) account, login and remember to choose the “Data Center” associated with your services. In my case i use a site geographically near Finland.

SE on Cloud
SE on Cloud

4 – Create a Database Cloud Service SE Instance

Click on the Oracle Database Cloud Service and you will see a a  “Create Instance” – button on the right side of the Dashboard, and choose the Database option

createService

Choose the Create Service”- button and fill in the questionnaire form

Choose Virtual Machine or a Cloud Service

Create Service

Choose a Database version you need

Choose Database version 11 or 12
Choose Database version 11 or 12

In early days of Oracle Cloud Service, the only available Standard Edition version provided was SE1. Checked the information provided by Oracle at the moment, and they say “Standard Edition”, so I guess they now provide us with the SE2 edition.

so is it Standard Edition 2?

Choose Standard Edition Database

Choose Standard Edition Database

Service Configuration Steps

Give your service a suitable name, Description, Shape, timezone, and provide your SSH public Key to be used for authentication when using a SSH client to connect to a compute node VM that is associated with your SE Cloud Service Instance:

createService4

Database and Backup Configuration

Provide the rest of the information.  Remember the CloudBerry stage performed earlier? Now is the time to provide the information about the storage you created.

Database & Backup Configuration
Database & Backup Configuration

That’s all. A note to my self: How about the “automatic backup routines” that came with the above configuration steps?

Checking with CloudBerry, and some backups available already….Nice.

Backups already there
Backups already there

There is my newly created Standard Edition Database and instance, and it didn’t take long and didn’t require much Oracle DB skills to get things working. Anybody can clearly get a DB up and running in no time.

The real question now is how about using or administrating this type of database? Any pitfalls to be aware of? How about migrating the old On-prem database with a different character set to this Cloud SE Database? How do I restore a lost Cloud SE DB? Can anybody perform the normal DBA stuff as easily, or do they need some kind of Oracle DB knowledge? I guess it’s time to figure out, if some Oracle DBA skills are needed at all in this world among clouds.

Take care, stay well, and enjoy the challenges in life!

–Ann

Turku 23.7.2016

ps. This YouTube might be handy. It shows the steps mentioned above

SE Database is On-Prem out of fashion?

SE Usage Example
(c) Oracle Corp.

Oracle Database  ver. 12.2 first on the Cloud

Many of you have probably already read from the internet, that Oracle is  first distributing the new 12.2 Database to the Cloud, and then at a later stage it will become available for customers who still prefer the On-Prem option (http://www.theregister.co.uk/2016/06/24/oracle_cloud/).

 “Cloud is growing, however, and software licensing continues to shrink. This is true right across the industry from Adobe, to IBM to Microsoft.”

Oracle for Small Business Enterprise (SME)?

Can SMEs afford an Oracle Database, or this database only for bigger companies?

Oracle  provide a Cloud option for Small and medium-sized enterprises (=SME). The costs for a Standard Edition Cloud Service is according to an Oracle slide approx. £4050 per month.

The On-prem Standard Edition 2 processor list price is approx. $17500.

After the release of their Engineered Systems ODA X6/S and ODA X6/M, which include a bare metal Standard Edition 2 installation for a list price of $18000, I would be tempted to say that Oracle do care about small customers as well.

As a comparison here is the price list for Microsoft SQL Server 2016.

At a first glance, the price difference between the two doesn’t seems to be major, so  the argument I hear a lot “Oracle is too expensive” seems a little bit enlarged. Other arguments or just “we don’t know the technology”, sounds more proper when deciding what database to use.

Oracle Database Cloud Service Standard Edition

In May this year at OUGF Conference I had the privilege to talk to Mr. Luis Moreno Campos, who is the EMEA Director, Data Management Cloud at Oracle EMEA. he said that Oracle is concentrating on Cloud, and in the long run we will see less On-Prem environments on the market.

As I told him, we all know a DBA who just needs to be able to “hug” the Database server every know and then. For long I have been a strong believer in ODA, and now Standard Edition 2 is finally available as a bare metal option. So, Oracle didn’t forget all DBAs who just loves to have a physical server luring in the room next door, Pretty cool – and yet an opportunity for Standard Edition Community.

Upcoming post…..Standard Edition Cloud Service – Is it easy or not?

Turku 23.7.2016