Tag Archives: oracle

Oracle SE2 Security Challenge [Dbvisit Guest Blog]

(c)annsjokvist

A NEED TO RETHINK TOMORROW

This post was originally written for Dbvisit – a company providing added values to any Oracle Standard Edition Environment

Many people within the Oracle Community share their knowledge about the Oracle database from an Oracle Enterprise Edition database perspective, and therefore the advice might not be suitable for an Oracle Standard Edition 2 database due to license restrictions.

Back in 2014, my idea was not only to increase the awareness of the Oracle Standard Edition database pitfalls but also highlight its potential and opportunities by blogging and speaking at conferences about it.

I assume most of the people within the Oracle Community already know, that the luxury of using features like AWR, ASH, compression, partitioning and advanced security are out of reach for an Oracle Standard Edition 2 database customer and DBA in 2018.

Back in 2014 it was easy to advocate for the Oracle Standard Edition database, since it had the same solid core technique as Oracle Enterprise Edition and was only lacking some neat features and options, that most ISV vendors anyhow had not implemented in their application. The missing features/options like diagnostic and tuning pack wasn’t having any impact noticeable for an application user. It was more of a DBA kind of issue or problem. But….

GDPR CHALLENGES

(c)crownworkforcemanagement

The big buzz word in Europe is the “GDPR”, which is the General Data Protection Regulation. Everybody working in ICT is searching for a technical solution that supports a company’s daily business struggles to become GDPR compliant and the lack of advanced security features are starting to give Oracle Standard Edition 2 database customers in 2018 a bad headache.

Oracle provide a nice battery of technical solutions to tackle the new GDPR challenges. Following Oracle’s GDPR papers might give you an idea of the range of technical solutions for good compliance at the Oracle database level:

Accelerate Your Response to the EU General Data Protection Regulation

Accelerate Your Response to the EU General Data Protection Regulation with Oracle Cloud Applications

Helping Address GDPR Compliance Using Oracle Security Solutions

I agree with Oracle on this one:

“GDPR is technology-neutral and does not mandate organizations to implement specific security controls, technologies or methodologies. However, Article 32 does provide guidance on certain security measures that organizations may consider implementing to help secure the data….”

Since GDPR is more a technical-neutral thing, than an edition specific thing, I was expecting specific advice for all the other database editions as well. Undoubtedly the fact that Oracle provide technical solutions from an Oracle Enterprise Edition database perspective is a big challenge for many Oracle Standard Edition 2 database users today and when asking Oracle about this challenge, the answer is of course “join our cloud”.

Cloud is for sure a nice thing, but for many reasons a move to the cloud is not an option for some companies. What options are then available for such a customer? Move to another database vendor, who will provide free or very low-cost security options? Sure, why not, but for sure such a solution will also require some new investments. So far, I haven’t heard of many business applications built-in such way, that you can switch the database without any application modifications.

AVDF ON ORACLE STANDARD EDITION

© SAN Institute

At OOW17, I talked to people at the Oracle Security stand, who told me that the Oracle “Audit Vault & Database Firewall” product now is available for Oracle Standard Edition 2 databases as well. This is great, because I saw an opportunity for Oracle Standard Edition 2 database customers today to build a solution that would ease their “GDPR headache”. Please note that Oracle also has a solution called “Audit Vault”, which is a completely different product.

If you are not familiar with what these two products can achieve, here are a couple of links to SAN Institute articles about Oracle AVDF and Oracle AV.

Short summary on AVDF:

“At a High-Level Oracle Audit Vault and Database Firewall (AVDF) provides organizations with three key database security requirements: audit collection, SQL traffic monitoring and security event reporting. With an easy-to-use interface, AVDF is for organizations looking to increase security with enterprise wide database activity monitoring, auditing and reporting.”

To my understanding, at a minimum GDPR compliance requires, that a company has a good picture of and a broad understanding of their data, its sensitivity, who is using the data and for what purpose, so that if a breach occurs, they can inform the authorities.

MONITOR, BLOCK AND AUDIT

© Dreamstime

Naturally I had to test AVDF 12.2.0.7 together with an Oracle Standard Edition 2 database to get some insight. The amount of audit trail with only a standard audit option is of course a challenge in itself. I tested an approach of combining standard audit with the FDA-solution and some triggers.

The “SE2+AVDF” solution I tested is not as elegant as the ones available out-of-the-box for an Oracle Enterprise Edition database, but it gave me some new ideas on how this solution might be refined and therefore could be helpful. But no doubt the option of buying security options for an Oracle Standard Edition 2 database would be a relief.

Since Oracle Standard Edition 2 database customers are facing a challenge now, I have also checked for alternative solutions. There are many other candidates available on the market and it’s obvious they will be explored.

RETHINK TOMORROW

At OOW17, Larry Ellison announced that Oracle will make security their business. They intend to do everything in their power to make their databases more secure.

“So first, we [the business world] have gotta provide security without slowing down our other tasks, and we HAVE TO ELEVATE the priority of security in our data centers—because NO ONE wants to be on the front page about having lost their company’s data,” Ellison said at OOW17.

Sounds good and promising.

The fact that the Oracle Standard Edition 2 database doesn’t include advanced security or fine-grained auditing options is well-known, and probably one of the most significant challenges in the era of GDPR.

Both Oracle’s announcement at OOW17 about making security their business and this statement from one of the above presentations make me believe in the Oracle Standard Edition 2 opportunities:

“GDPR is technology-neutral and does not mandate organizations to implement specific security controls, technologies or methodologies.” As an optimistic and positive person, the statements make me believe in the power of “rethink tomorrow”.

Security is everybody’s concern, and should IMHO not be a matter of money. It should be a default “de facto” in every database like “Sun & Moon”, “Bonnie & Clyde” or “Cruffin & Coffee”.

Take care, stay well and let’s see what the future of tomorrow looks like.

Ann

Helsinki 20 Feb 2018

SE2 released TODAY 1st Sept 2015

(c) Ann sjökvist

SE2 released TODAY 1st Sept 2015

Today is a great day for Oracle Standard Edition Community!

The “Oracle Database Standard Edition 2 (=SE2)” has been released, and can now be downloaded

What’s new with SE2?

  1. The concepts “Standard Edition (=SE)” and “Standard Edition One (=SE1)” is gone, and the new name is “Oracle Database Standard Edition 2 (=SE2) edition”
  2. Oracle Database Standard Edition (=SE) Licensed Customers can download the new SE2 without any extra costs
  3. Standard Edition One (=SE1) Licensed Customers can download the new SE2 with an extra migration fee. Yes, that’s right. Without the extra migration cost, these customers are not allowed to migrate to the SE2.
  4. The Oracle Database Standard Edition Two (=SE2) will have a restriction of max 2 sockets, and max 16 threads/database. And if hyper thread is in use, there is a max 8 threads/database.
  5. The RAC feature will be available in the new SE2 release. Please keep in mind the max 2 socket and max 16 cores (hyper thread= max2 socket &max 8 core) rule.

See oracle.com for more information.

  • http://www.oracle.com/us/corporate/pricing/databaselicensing-070584.pdf
  • http://www.oracle.com/us/corporate/pricing/sig-070616.pdf

How long will Oracle Database 12.1.0.1 in any edition remain under Premier Support?

Full patching support for 12.1.0.1 for all versions of 12gR1 (Enterprise Edition, Standard Edition and Standard One Edition) will be proviced for an additional 12 months from the release of 12.1.0.2 SE2, so through until end August 2016.

After that period Oracle Database 12.1.0.1 will enter Sustaining Support. There won’t be any Extended Support for Oracle Database 12.1.0.1 in any edition.

Will there be an Oracle Database Standard Edition 12.1.0.2 SE/SE1?

Beginning with the release of Oracle Database 12.1.0.2,  Oracle Database Standard Edition (SE) and Oracle Database Standard Edition One (SE1) are no longer being released.  12.1.0.1 was the final edition that we will produce for SE and SE1.

MOS Note:742060.1 Release Schedule of Current Database Releases does reflect this extension already:  Release:12.1.0.1 Patching Ends: 31st of August 2016

I suspect lot’s of tweets on this subject, so I hope you all will remember to use the #orclse or #orclse2 tag.

Take care, stay well, and enjoy a life with the new SE2!

-Ann

Turku 1st September 2015

Standard Edition Community – DOAG &UKOUG Conference

uk_doag


Standard Edition Community Represented at Conferences

As an Oracle Standard Edition Advocate, I feel privileged to say, that after many discussions and many blog posts, Standard Edition Database is getting its well deserved spot in the sun, and the Standard Edition Community is starting to speak and socially discuss its role, opportunities, and challenges in the IT society.

Birmingham 7th-9th Dec

Tech15_ResourcePk_ISA_v1This year UKOUG Conference has decided to dedicate a whole day/track (7th Dec 2015) especially for Standard Edition Database. This is the first time ever a conference has done so. If keen to know the reasons why this conference made such decision, please read about this on my blog. But below is a small part from that interview:

Since this is the first conference in history, that has dedicated a whole day to a Standard Edition Track, could you please tell us the database team reasons for having this track?

Martin: Standard Edition is used by a large number of UKOUG members (and non-members), either because there has been a decision to only licence SE to reduce costs or because they have SE databases as part of the whole mix of Oracle systems within the organisation. SE has it’s own challenges, mostly due to the lack of certain options and technologies such as Partitioning, Data Guard and many of the security features. There are ways to work around these issues but there are few presentation given that address them. Joel Goodman (a highly respected Oracle trainer and presenter who is part of the database committee) initially raised the need for such talks to support what is often an under-represented part of the community and we were happy to support it within this year’s conference.
Joel: I attended Harmony 2014 and saw the interest there in SE. I also help to organise the Oracle University Expert Summits and in the London 2014 summit attended by about 50 people.
Of those over 30 of them either used or supported Standard Edition for at least some of their databases. I realised then that UKOUG should be addressing that audience, so proposed this to the committee at the kick-off meeting for planning Tech15. The committee accepted this suggestion immediately, agreeing that there is a large SE community for whom there has not been a conference before and that we should be the first to do so.

In Birmingham I will have two presentations, plus one Standard Edition Roundtable. Please see below, there are lots of good presentations in this track! Here is the whole UKOUG agenda.

Official Standard Edition AGENDA – 7th of December:

  • 09:00 – 09:50 “Oracle Standard Edition is Awesome!” – Tom Dale – Fivium
  • 11:20-12:10 “Standard Edition Something for the Enterprise?” – Ann Sjökvist
  • 12:20 – 13:10 “Looking for Performance Issues in Oracle SE – Check what OraSASH Can do for You” -Marcin Przepiorowski – Delphix
  • 14:10 – 15:00 – “Silent but Deadly : SE Deserves Your Attention” -Philippe Fierens – FCP
  • 15:10 – 16:00- “Max Protection Standby in Standard Edition RAC Environment” -Eter Pani – TSYS International
  • 16:30 – 17:20 – “SE DBA’s Life a Bed of Roses?” – Ann Sjökvist
  • 17:30 – 18:20 – “A Manly Man’s Guide to Open-Source Database Tuning Tools: Life Without EM12c” – Bjorn Rost
  • 17:30-18:20 – “Oracle Standard Edition Round Table” – Joel Goodman – Oracle Co-presenter(s): Ann Sjokvist (also:Philippe Fierens, and Jan Karremans)

DOAG Conference 17th-20th November

I just received the acceptance letter from DOAG conference team, so the Standard Edition Community will also be represented in Nuremberg. I have not yet seen the agenda, but I am sure other people who supports Oracle Standard Edition Database will be there.

Keen to make Standard Edition Community even bigger?

Can we rock the boat like APEX Community has done in the past months?

Join the Standard Edition Community lovers at both DOAG conference in Nuremberg (17th-20th Nov) UKOUG TECH15 in Birmingham (7th-9th Dec). Book your tickets as soon as possible!


Take care, stay well and let’s enjoy the summer!

-Ann

Turku, Finland 22 July 2015

Network Encryption in Standard Edition

lock-icon

This topic is doubtfully something to write about, and I was very pleased to find this blog post about

Native Network Encryption and SSL/TLS are not part of the Advanced Security Option


As you  already might have noticed, I look into things from a Standard Edition Database point of view, and to me Tim Hall’s post was executed in a more “Standard Edition Mind Thinking” fashion, and that is for me so amazing to notice, since there are not too many blogs out there at the moment, which are blending the “Standard Edition Database challenges” flavour into their post.

Please check his blog, but the main thing for SE is:

“Network encryption (native network encryption and SSL/TLS) and strong authentication services (Kerberos, PKI, and RADIUS) are no longer part of Oracle Advanced Security and are available in all licensed editions of all supported releases of the Oracle database.”


GDRP – Standard Edition Database – any options out-of-the-box?

updated: 31.7.2017

Oracle released this document in January 2017:

“Accelerate Your Response to the EU General Data Protection Regulation (GDPR) – Using Oracle Database Security Products”

When you have an Enterprise Edition Database, and money are no issue, it looks like a pretty straight solution.

The “Oracle Maximum Data Security architecture” gives a nice overlook about what is available for EE:Oracle Corp.(c) + my added SE notes

(pic:Oracle Corp (c) + My SE notes)

Take care, stay well, and enjoy the weekend!

-Ann

Turku 3rd July 2015

Row Pattern Match in Oracle 12c Standard Edition?

Row Pattern Match – Standard Edition proof


Note: Oracle licensing is a complicated business. The notes here are only a guide. You should always discuss your licensing with Oracle License Management Services or any other third-party company, who are professionals on this business.


The Oracle12c Database has provided the Oracle community with many new features, and one of them is  “the Row Pattern Match“.

In this video by Tom Kyte from December 2013, we can se that he put this feature on the Top 12 features list.

What is Row Pattern Match?

Oracle now provides a completely new native SQL syntax for pattern matching.

It has adopted the regular expression capabilities of Perl by implementing a core set of rules to define patterns in sequences (streams of rows) using SQL.

This new inter-row pattern search capability complements the already existing capabilities of regular expressions that match patterns within character strings of a single record.

The 12c MATCH_RECOGNIZE feature allows the definition of patterns, in terms of characters or sets of characters, and provides the ability to search for those patterns across row boundaries.


This is a nice feature, and nice features usually are delivered through some options or management packs, and only to the Enterprise Edition database.

This post asks the question is: “the Row Pattern Match feature Standard Edition Proof? Can I use it?”

You can check this article by Tom Kyte with an example on how to use this feature. Here is the example from that article:

SQL> SELECT *
  2  FROM stocks MATCH_RECOGNIZE
  3  ( PARTITION BY symbol
  4    ORDER BY tstamp
  5    MEASURES
  6       STRT.tstamp AS start_tstamp,
  7       LAST(DOWN.tstamp) AS 
          bottom_tstamp,
  8       LAST(UP.tstamp) AS end_tstamp
  9    ONE ROW PER MATCH
 10    AFTER MATCH SKIP TO LAST UP
 11    PATTERN (STRT DOWN+ UP+)
 12    DEFINE
 13      DOWN AS 
         DOWN.price < PREV(DOWN.price),
 14      UP AS UP.price > PREV(UP.price)
 15  ) MR
 16   ORDER BY MR.symbol, 
               MR.start_tstamp;

SYMBOL  START_TST BOTTOM_TS END_TSTAM
——————  ————————— ————————— —————————
XYZ     01-SEP-12 03-SEP-12 07-SEP-12
XYZ     07-SEP-12 10-SEP-12 13-SEP-12

Question: PARTITION – so I cannot use the “Row Pattern Matching”-feature?  Or is this referring to something else and not the Oracle Partitioning context?

By checking the Oracle12c License Document and the Enterprise Manager License documents, I cannot find anything referring to the keywords. There is though one row on Oracle Advanced Analytics (=OAA) option, and a second row on Oracle On-Line Analytic Processing (OLAP). Both options are only available in an Enterprise Edition Database.

  1. Oracle OTN site on OLAP, you can find this video explaining the features of OLAP. After looking at this video, OLAP option can to my understanding, make use of any available Analytic Functions as well as basic SQL commands together with its own Cube/OLAP specific “language”, so I am tempted to assume that “Row Pattern Matching” is not  part of the OLAP option.
  2. Oracle OTN site on Oracle Advanced Analytics 

o_advanced_analyze

“Analyze “market baskets” to discover associations, PATTERNS and relationships”

Can it be so, that “Row Pattern Matching” is part of OAA option?


Reaching out for help from an Advanced Analytic Expert

Since the documentations is not very straightforward on answering  my question, (or maybe its the fact that English is not my mother tongue), I thought I better reach out to one of my peers, Brendan Tierney – who is an expert on Advanced Analytics, and see what kind of thoughts he might have about this new feature:

“As far as I am aware of, the Row Pattern Matching is part of the suite of Analytic Function in Oracle, and as far as I know, it is not part of the Advanced Analytics Option.  It has never been mentioned or associated with Oracle Advanced Analytics.”

Promising….. How about PARTITION?

“The  PARTITION clause is a special feature of the Analytics Functions that allows for the processing/analytics to be performed on different groupings of attributes and their values.”

This is also verified in the above Analytic Function document (Note that the term “partitions” used within the context of analytic functions is unrelated to Oracle Partitioning.)

BTW: Brendan is going to speak about “Predictive Analytics”,  “Data Miner”, and”Predictive Queries” at OUGE Harmony15 Conference in Tallinn. Why not join?

Thanks for sharing your knowledge, and helping me out!


Summary

How cool would it be to find a link within the Oracle License Documentation to a  list on for example the OAA options all packages, functions, tables, views, procedures etc that it is using – It would give a very quick answer to Standard Edition specific questions. Now finding an answer to the question “SE Proof?”, can be pretty time consuming, because the information is scattered around. Or a Standard Edition Spokesperson, to whom you could send your question(s) to? Wouldn’t that also be pretty cool?

The “Row Pattern Matching” feature seems to be part of the general Analytic Functions Suite that seems to be a standard functionality of the Oracle database,  and I couldn’t find any text referring to the Enterprise Edition options mentioned above.  I am tempted to say “yes, it’s SE proof”

What’s your thoughts? Is this new feature Standard Edition Proof or not?

June: Message from an Oracle License Expert: Yes it is Standard Edition Proof.


Take care (also remember your data), stay well and lets enjoy the long and bright Summer Nights of Scandinavia!

– Ann

Turku 1st June 2015