Minimizing risks through deployment standardization Sudip Datta Principal Product Manager Oracle...
-
Upload
prosper-mills -
Category
Documents
-
view
218 -
download
0
Transcript of Minimizing risks through deployment standardization Sudip Datta Principal Product Manager Oracle...
Minimizing risks through deployment standardization
Sudip Datta
Principal Product Manager
Oracle Corporation
Agenda
High level challenges in software deployment Deployment standardization through 10g Grid
Control Questions and Answers
Software Deployment challenges
Deployment Life Cycle Management
Install andConfigure
Activate
UpgradeAndUpdateInstall
Configure
Activate
Operate
Clone
Upgrade
Patch
UninstallDeactivate
Data center labor distribution
40
525
55
Backup/recovery
License/Doc/Training
Performance/Troubleshoot
Install/Upgrade/Patch
Security/Planning
Source: Giga Forrester research,2003
Increasing compliance challenges for the CIO
More and more regulations– Sarbanes Oxley– Health Insurance Portability and Accountability
Act– USA Patriot Act– SEC rules
More standardization in document management, deployment life cycle management
Wide distribution of hosts Variety of platforms and versions Different hardware and network topologies
– SAN,NAS,RAC,Dataguard, Load Balancer…..
Too many moving parts for administration Security vulnerabilities-frequent interim patching
– According to a recent Aberdeen group study, patch handling costs businesses in excess of 2 billion dollars annually. For a leading service provider, the cost was reported to be as high as $14,400 per server
All the above lead to high risks and direct IT Management costs
The obstacles
Key compliance questions-examples
What is the Oracle version distribution in the enterprise? What is the Operating System and Hardware distribution in the
enterprise? Is there any system that is vulnerable to the latest Oracle Security
patch? When was one or more systems patched to 9.2.0.6? Are all 9.2.0.6 deployments identical? What are the databases that are using “Advanced queueing”? What are the databases that are running with compatible=9.0.1?
Poor Management Tools
The way forward
Compliance is important for reducing risk Standardization is the means to attaining
compliance Standardization includes
– Standard configurations– Standard flavors and versions– Standard processes and tools
Deployment management through Grid Control
View/Search
Compare/Diff
Change Tracking
ReferenceConfigurations
Analyze
Install/Clone
Configure
Patch
Secure
ProvisionLiveLink
Oracle.com
Product Updates
Patches
ProductConfiguration
OracleInventory
SoftwareConfigurations
HardwareConfigurations
Discover
Deployment Management
EnterpriseManager
Grid Control deployment functionalities
Ability to deploy approved, gold images Ability to track configuration deviations Ability to track change history Ability to act on non-compliance
Oracle software Cloning overview
Reduce manual labor in software life-cycle– From hours to minutes
Automate mass provisioning of reference systems Intelligent Cloning makes context-specific instantiations
Update
Inventory
Clone to
Selected Targets
2
3
Select Software (and Instances) to Clone
1
“Our administrators spend about 25% of their time on installs and cloning”
-Verizon Information Services DBA
Scalability through standardization
Development
Gold Image
Staging
Gold Image
Production
Gold ImageSynchronize
Syn
ch
ron
ize
Syn
chro
nize
Synchronize
Syn
chron
ize
The standardization process
Reducing complexity by defining smallest possible bundles of standard software
Rigorous testing of standard bundles before deployment to production
Complete automation of gold image deployment to production
Deployments of fully hardened systems
ORACLE_HOME cloning overview
Useful to mass deploy tested and approved “gold images”
Can be cloned from one source to multiple destinations of the same platform
The ORACLE_HOME can be patched to any level and then cloned
The destination ORACLE_HOME is collected and discovered in EM console
ORACLE_HOME cloning in 10.1
Supported products:– 10g RDBMS OH– 9.2.0.x RDBMS (with clonerstages)– 9.0.4 AS standalone J2EE (also with clonerstages)
For AS 9.0.4, one can only clone a non-clustered, non-farm J2EE/Webcache mid-tier
RAC, CRS ORACLE_HOME not supported-will be supported from 10.2
Does not run root.sh or post install configuration
Cloning procedure
User selects a source ORACLE_HOME and specifies credentials and temporary directory
User also specifies credentials and destination directory for all destination hosts
The agent on the source packages the ORACLE_HOME– -Uses tar on Unix, winzip on Windows
The OMS brokers an agent to agent http/https file transfer for all the hosts
– One cannot clone between a secure and insecure agent– The agents should NOT be firewall separated
In the destination OUI is invoked in clone mode that replays the install without the copy phase
Cloning - choose source
Cloning - provide source settings
Cloning – specify destination
Cloning – schedule job
Configuration tracking
Deployment page gives a centralized, panoramic view of the enterprise
– Oracle software Versions including interim patches
– Operating Systems– Hardware
Displays critical patch violations Powerful search and compare
functionalities for compliance tracking, reporting and analysis
Deployment Summary
Reporting and Analysis
Powerful ability to search and compare configurations across stacks
– Oracle Software– Hardware– Operating Systems software and configurations
Can be used to detect deviations from reference configurations
Can also be used to detect differences between a ‘performant’ and ‘non-performant’ host
Easily extensible via SQL
Powerful search capabilities
Powerful search capabilities
Compliance tracking via comparison
Compliance tracking via comparison
Compliance tracking via comparison
Compliance tracking via comparison
Critical Patch facility
Live integration with Oracle Metalink Refreshes every 24 hours or can be
triggered manually as a job Flags candidate ORACLE_HOMEs as
vulnerable In-context integration with the Patching
Wizard Application of patches supported for DB
9iR2 and above, AS 9.0.4.1 and above
Critical Patch facility-advantages
Reduction in time and cost– Proactive detection and remedy– Ability to distribute to and patch multiple
targets at the same time– EM job system supports scheduling and retry
Critical Patch Facility
Critical Patch Facility
Summary of overall benefits
Ease of deployment leading to lower cost of ownership
Proactive tracking of vulnerabilities leading to lower security risk
Rich reporting and analysis leading to smarter reactive operations
Useful DBA references
Database patching whitepaper– www.oracle.com/technology/ products/oem/pdf/db_patching.pdf
Cloning internals whitepaper– www.oracle.com/technology/tech/grid/collateral/
deployment_usage_wp.pdf
AS Cloning whitepaper– http://www.oracle.com/technology/products/ias/pdf/
cloning_white_paper.pdf
Various Support notes on cloning,patching (including opatch)
Questions and Answers
Thank you