Minimizing risks through deployment standardization

Sudip Datta

Principal Product Manager

Oracle Corporation

Agenda

High level challenges in software deployment Deployment standardization through 10g Grid

Control Questions and Answers

Software Deployment challenges

Deployment Life Cycle Management

Install andConfigure

Activate

UpgradeAndUpdateInstall

Configure

Activate

Operate

Clone

Upgrade

Patch

UninstallDeactivate

Data center labor distribution

40

525

55

Backup/recovery

License/Doc/Training

Performance/Troubleshoot

Install/Upgrade/Patch

Security/Planning

Source: Giga Forrester research,2003

Increasing compliance challenges for the CIO

More and more regulations– Sarbanes Oxley– Health Insurance Portability and Accountability

Act– USA Patriot Act– SEC rules

More standardization in document management, deployment life cycle management

Wide distribution of hosts Variety of platforms and versions Different hardware and network topologies

– SAN,NAS,RAC,Dataguard, Load Balancer…..

Too many moving parts for administration Security vulnerabilities-frequent interim patching

– According to a recent Aberdeen group study, patch handling costs businesses in excess of 2 billion dollars annually. For a leading service provider, the cost was reported to be as high as $14,400 per server

All the above lead to high risks and direct IT Management costs

The obstacles

Key compliance questions-examples

What is the Oracle version distribution in the enterprise? What is the Operating System and Hardware distribution in the

enterprise? Is there any system that is vulnerable to the latest Oracle Security

patch? When was one or more systems patched to 9.2.0.6? Are all 9.2.0.6 deployments identical? What are the databases that are using “Advanced queueing”? What are the databases that are running with compatible=9.0.1?

Poor Management Tools

The way forward

Compliance is important for reducing risk Standardization is the means to attaining

compliance Standardization includes

– Standard configurations– Standard flavors and versions– Standard processes and tools

Deployment management through Grid Control

View/Search

Compare/Diff

Change Tracking

ReferenceConfigurations

Analyze

Install/Clone

Configure

Patch

Secure

ProvisionLiveLink

Oracle.com

Product Updates

Patches

ProductConfiguration

OracleInventory

SoftwareConfigurations

HardwareConfigurations

Discover

Deployment Management

EnterpriseManager

Grid Control deployment functionalities

Ability to deploy approved, gold images Ability to track configuration deviations Ability to track change history Ability to act on non-compliance

Oracle software Cloning overview

Reduce manual labor in software life-cycle– From hours to minutes

Automate mass provisioning of reference systems Intelligent Cloning makes context-specific instantiations

Update

Inventory

Clone to

Selected Targets

2

3

Select Software (and Instances) to Clone

1

“Our administrators spend about 25% of their time on installs and cloning”

-Verizon Information Services DBA

Scalability through standardization

Development

Gold Image

Staging

Gold Image

Production

Gold ImageSynchronize

Syn

ch

ron

ize

Syn

chro

nize

Synchronize

Syn

chron

ize

The standardization process

Reducing complexity by defining smallest possible bundles of standard software

Rigorous testing of standard bundles before deployment to production

Complete automation of gold image deployment to production

Deployments of fully hardened systems

ORACLE_HOME cloning overview

Useful to mass deploy tested and approved “gold images”

Can be cloned from one source to multiple destinations of the same platform

The ORACLE_HOME can be patched to any level and then cloned

The destination ORACLE_HOME is collected and discovered in EM console

ORACLE_HOME cloning in 10.1

Supported products:– 10g RDBMS OH– 9.2.0.x RDBMS (with clonerstages)– 9.0.4 AS standalone J2EE (also with clonerstages)

For AS 9.0.4, one can only clone a non-clustered, non-farm J2EE/Webcache mid-tier

RAC, CRS ORACLE_HOME not supported-will be supported from 10.2

Does not run root.sh or post install configuration

Cloning procedure

User selects a source ORACLE_HOME and specifies credentials and temporary directory

User also specifies credentials and destination directory for all destination hosts

The agent on the source packages the ORACLE_HOME– -Uses tar on Unix, winzip on Windows

The OMS brokers an agent to agent http/https file transfer for all the hosts

– One cannot clone between a secure and insecure agent– The agents should NOT be firewall separated

In the destination OUI is invoked in clone mode that replays the install without the copy phase

Cloning - choose source

Cloning - provide source settings

Cloning – specify destination

Cloning – schedule job

Configuration tracking

Deployment page gives a centralized, panoramic view of the enterprise

– Oracle software Versions including interim patches

– Operating Systems– Hardware

Displays critical patch violations Powerful search and compare

functionalities for compliance tracking, reporting and analysis

Deployment Summary

Reporting and Analysis

Powerful ability to search and compare configurations across stacks

– Oracle Software– Hardware– Operating Systems software and configurations

Can be used to detect deviations from reference configurations

Can also be used to detect differences between a ‘performant’ and ‘non-performant’ host

Easily extensible via SQL

Powerful search capabilities

Powerful search capabilities

Compliance tracking via comparison

Compliance tracking via comparison

Compliance tracking via comparison

Compliance tracking via comparison

Critical Patch facility

Live integration with Oracle Metalink Refreshes every 24 hours or can be

triggered manually as a job Flags candidate ORACLE_HOMEs as

vulnerable In-context integration with the Patching

Wizard Application of patches supported for DB

9iR2 and above, AS 9.0.4.1 and above

Critical Patch facility-advantages

Reduction in time and cost– Proactive detection and remedy– Ability to distribute to and patch multiple

targets at the same time– EM job system supports scheduling and retry

Critical Patch Facility

Critical Patch Facility

Summary of overall benefits

Ease of deployment leading to lower cost of ownership

Proactive tracking of vulnerabilities leading to lower security risk

Rich reporting and analysis leading to smarter reactive operations

Useful DBA references

Database patching whitepaper– www.oracle.com/technology/ products/oem/pdf/db_patching.pdf

Cloning internals whitepaper– www.oracle.com/technology/tech/grid/collateral/

deployment_usage_wp.pdf

AS Cloning whitepaper– http://www.oracle.com/technology/products/ias/pdf/

cloning_white_paper.pdf

Various Support notes on cloning,patching (including opatch)

Questions and Answers

Thank you