Copyright © 2013, Oracle and/or its affiliates. All rights reserved. DOAG 2013 1
Evolution of Oracle Software Installation in SAP Environments
Andreas Becker,
Principal Member Technical Staff
Oracle Server Technologies, SAP Dev.
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. DOAG 2013 3
Program Agenda
Oracle History in SAP Environments
Oracle Software Installation Evolution
Oracle Administration and Security
Summary
This presentation is about Unix and Linux platforms only.
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. DOAG 2013 4
The following is intended to outline our general product direction. It is intended
for information purposes only, and may not be incorporated into any contract.
It is not a commitment to deliver any material, code, or functionality, and should
not be relied upon in making purchasing decisions. The development, release,
and timing of any features or functionality described for Oracle’s products
remains at the sole discretion of Oracle.
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. DOAG 2013 5
Program Agenda
Oracle History in SAP Environments
Oracle Software Installation Evolution
Oracle Administration and Security
Summary
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. DOAG 2013 6
History of Oracle Releases Oracle Database Releases 7, 8, 8i, 9i, 10g, 11g
Oracle 7
Oracle 8
Single Instance
Real Application
Clusters (RAC)
Automatic Storage
Management (ASM)
Full Install
Patch Sets
Shared Oracle
Homes
1998
2000
2003
2005
2010
Oracle Clusterware
…… Oracle Parallel Server (OPS)
Oracle Grid Software
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. DOAG 2013 7
Program Agenda
Oracle History in SAP Environments
Oracle Software Installation Evolution
Oracle Administration and Security
Summary
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. DOAG 2013 8
Oracle Software Installation Evolution
11g Full Installation Patchsets
11g Installations with Oracle Grid Stack
Oracle Engineered Systems
Shared Oracle Homes
List of Features and Changes
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. DOAG 2013 10
SAP on Oracle Administration Overview
SAP Application
Oracle Database
SAP System
Administrator
Oracle DBA
SAP User
SAP Instance
Oracle Instance
<sapsid>adm
ora<dbsid>
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. DOAG 2013 11
Oracle Single Instance on Filesystem for SAP
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. DOAG 2013 12
Oracle Single Instance for SAP
One OS account ora<dbsid> (member of dba, oper groups) on the
database server for
– Oracle software installation
– Oracle database administration
32-bit + 64-bit platforms
Database patchsets are installed “in-place” into the existing Oracle
home
– Oracle home path is stable for a whole major release
Oracle Releases 8i – 10g
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. DOAG 2013 14
Oracle Single Instance for SAP Oracle Releases 8i – 10g
Release ORACLE_BASE ORACLE_HOME ORACLE_SID
8i /oracle /oracle/<SAPSID>/817_32
/oracle/<SAPSID>/817_64
<SAPSID>
9i /oracle /oracle/<DBSID>/920_32
/oracle/<DBSID>/920_64
<DBSID>
10g /oracle /oracle/<DBSID>/102_32
/oracle/<DBSID>/102_64
<DBSID>
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. DOAG 2013 15
Oracle Single Instance for SAP Scenario with one SAP system (Releases 8i – 10g)
orac11
Database
Instance
C11
C11
Database
/oracle/C11/<release>
Oracle Home
<release>
817_[32|64]
920_[32|64]
102_[32|64]
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. DOAG 2013 16
Oracle Single Instance for SAP Scenario with multiple SAP systems (Releases 8i – 10g)
orac11
Database
Instance
/oracle/C11/920_64
C11
C11
Database
Oracle Home
orac12
Database
Instance
/oracle/C12/102_64
C12
C12
Database
Oracle Home
orac13
Database
Instance
/oracle/C13/102_64
C13
C13
Database
Oracle Home
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. DOAG 2013 17
SAP on Oracle Release 11.2
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. DOAG 2013 18
Oracle Single Instance 11.2 for SAP
One OS account ora<dbsid> (member of dba, oper groups) on the
database server for
– Oracle software installation
– Oracle database administration
ORACLE_HOME=/oracle/<DBSID>/112_[32|64]
Release 11.2.0.1
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. DOAG 2013 19
Oracle Single Instance 11.2 for SAP Release 11.2.0.1
orac11
Database
Instance
/oracle/C11/112_64
C11
C11
Database
Oracle Home
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. DOAG 2013 20
Support for Full Installation Patch Sets
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. DOAG 2013 21
Oracle Single Instance 11.2 for SAP
Starting release 11.2.0.2, Oracle Database Patchsets are installed
“out-of-place”
– No installation of base release required
– Less downtime for upgrades
Release 11.2.0.1 is installed in /oracle/<DBSID>/112_64
Release 11.2.0.2 can not be installed into same directory
Solution for SAP: Concept of Installation Home (IHRDBMS) and
Runtime Home (OHRDBMS) SAP note 1524205
Release 11.2.0.2 and higher
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. DOAG 2013 22
Oracle Single Instance 11.2 for SAP Release 11.2.0.2 and higher
ORACLE_HOME=/oracle/<DBSID>/112_64
– OS command to create symbolic link (example):
$ ln -s /oracle/<DBSID>/11203 /oracle/<DBSID>/112_64
Oracle
Release
Environment
ORACLE_HOME
Install Home
IHRDBMS
Runtime Home
OHRDBMS
11.2.0.1 /oracle/<DBSID>/112_64 /oracle/<DBSID>/112_64 /oracle/<DBSID>/112_64
11.2.0.2 /oracle/<DBSID>/112_64 /oracle/<DBSID>/11202 /oracle/<DBSID>/112_64
11.2.0.3 /oracle/<DBSID>/112_64 /oracle/<DBSID>/11203 /oracle/<DBSID>/112_64
11.2.0.4 /oracle/<DBSID>/112_64
/oracle/<DBSID>/11204 /oracle/<DBSID>/112_64
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. DOAG 2013 23
Oracle Single Instance 11.2 for SAP
ORACLE_HOME=/oracle/<DBSID>/112_[32|64]
One Oracle OS account ora<dbsid> on the database server for
– Oracle software installation
– Database administration
Release 11.2.0.2 and higher
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. DOAG 2013 24
Oracle Single Instance 11.2 for SAP Release 11.2.0.2 and higher
orac11
Database
Instance
/oracle/C11/112_64
C11
C11
Database
OHRDBMS
/oracle/C11/11202
/oracle/C11/11204
/oracle/C11/11203
IHRDBMS Symbolic
link
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. DOAG 2013 25
Oracle RAC and Oracle ASM for SAP
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. DOAG 2013 26
Oracle RAC / Oracle ASM for SAP
Oracle RAC 11g for SAP
– 11.2.0.1 and higher
New: Oracle Automatic Storage Management (ASM) for SAP
– 11.2.0.2 and higher
Release 11.2.0.1 and higher
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. DOAG 2013 27
Oracle RAC / Oracle ASM for SAP
In Release 11g, software for Oracle ASM and Oracle Clusterware are
combined in the Oracle Grid stack. The grid stack is needed for
– RAC installations
– ASM installations
Installation of Oracle grid software as ora<sid> with primary group ‘dba’
is not possible (primary OS group must be oinstall).
installation with software owner oracle:oinstall
No 32-bit platforms with RAC or ASM, only 64-bit
Suffix ‘_64’ removed: ORACLE_HOME=/oracle/<DBSID>/112
Release 11.2.0.1 and higher
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. DOAG 2013 28
Oracle RAC / Oracle ASM for SAP
Oracle software installation for ‘SAP on Oracle RAC’ and ‘SAP on
Oracle with ASM’ should be identical
– Same installation path for grid home (RAC, ASM)
11.2.0.3: ORACLE_HOME=/oracle/GRID/11203
– Same installation path for database home (RAC, ASM)
OHRDBMS=/oracle/<DBSID>/112
IHRDBMS=/oracle/<DBSID>/11203
– Same software owner
‚oracle:oinstall‘
Release 11.2.0.1 and higher
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. DOAG 2013 29
Oracle RAC for SAP Release 11.2.0.1 and higher
oracle
/oracle/C11/112
C11
Database
Oracle Home
/oracle/C11/11203
orac11
!
/oracle/GRID/11203
C11003
X Grid Home
C11002 C11001
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. DOAG 2013 30
Oracle with ASM for SAP Release 11.2.0.2 and higher
oracle
/oracle/C11/112
C11
Database
Oracle Home
/oracle/C11/11203
/oracle/GRID/11203
C11
+ASM
Grid Home
orac11
!
X
Database instance
+
ASM instance
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. DOAG 2013 31
Oracle Engineered Systems for SAP
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. DOAG 2013 32
Oracle Engineered Systems for SAP
Grid home and Database Oracle home are already installed.
– Example for release 11.2.0.3:
Grid home: /u01/app/11.2.0.3/grid
Database home: /u01/app/oracle/product/11.2.0.3/dbhome_1
– Installation path for Grid home and Database home is different between
Oracle Engineered Systems and standard RAC or ASM installations
OS account for software installation: ‘oracle’ (Software owner)
There is no dedicated OS account for database administration created
after initial deployment
Release 11.2.0.2 and higher
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. DOAG 2013 33
Installation Path Comparison/Overview RAC / ASM / EXADATA / ODA / SuperCluster
Install Type Software
owner
Grid home (*) Database
Installation Home (*)
IHRDBMS
Database Runtime
Home
OHRDBMS
RAC /
ASM
oracle /oracle/GRID/11203 /oracle/<DBSID>/11203 /oracle/<DBSID>/112
Exadata /
ODA /
SuperCluster
oracle /u01/app/11.2.0.3/grid /u01/app/oracle/product/11.2.0.3/dbhome_1 /oracle/<DBSID>/112
(*) Path values are samples for release 11.2.0.3.
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. DOAG 2013 37
Oracle Engineered Systems for SAP Sample with 2 nodes / 1 database / Release 11.2.0.3
/oracle/C11/112
C11
Database
Oracle Home
/u01/app/oracle/produ
ct/11.2.0.3/dbhome_1
C11001
+ASM1
oracle /u01/app/11.2.0.3/grid
Grid Home
Node #1
/oracle/C11/112
Oracle Home
/u01/app/oracle/produ
ct/11.2.0.3/dbhome_1 /u01/app/11.2.0.3/grid
Grid Home
Node #2
DBA Task
Patching &
Installation
C11002
+ASM2
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. DOAG 2013 38
Support for using Shared Oracle Homes
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. DOAG 2013 39
Shared Oracle Homes
Shared Oracle Homes were requested by SAP customers for years
– Running multiple databases from one ‘shared’ Oracle home
– Goal: less Oracle homes less administration overhead
– not possible with different software owners ora<dbsid>
Pilot phase (11.2.0.3): SAP Note 1778431
– Requirement: software owner ‘oracle’
– Supported by SAPINST / SWPM for SI on filesystem
Release 11.2.0.3 and higher
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. DOAG 2013 40
Shared Oracle Homes
Implementation details
– Example for release 11.2.0.3
Database home: /oracle/RDBMS/11203 (IHRDBMS)
Grid home : /oracle/GRID/11203
– ORACLE_HOME=/oracle/<DBSID>/112 /oracle/RDBMS/11203
/oracle/C11/112 /oracle/RDBMS/11203
/oracle/C12/112 /oracle/RDBMS/11203
/oracle/C13/112 /oracle/RDBMS/11203
Release 11.2.0.3 and higher
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. DOAG 2013 42
Dedicated Oracle Homes Traditional approach: one Oracle home per database
/oracle/C11/112_64
C11
Database
/oracle/C11/11203
orac11
/oracle/C12/112_64
C12
Database
/oracle/C12/11203
orac12
DBA Task
Patching &
Installation
C11 C12
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. DOAG 2013 44
Shared Oracle Homes Running multiple databases from one Oracle home
/oracle/C11/112
C11
Database
/oracle/RDBMS/11203 One DBA for
C11 and C12
/oracle/C12/112
C12
Database DBA Task
Patching &
Installation
oracle
C11 C12
IHRDBMS
OHRDBMS OHRDBMS
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. DOAG 2013 45
Program Agenda
Oracle History in SAP Environments
Oracle Software Installation Evolution
Oracle Administration and Security
Summary
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. DOAG 2013 46
Database Administration and Security
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. DOAG 2013 47
Database Administration and Security
ora<dbsid1> is the software owner and administrator for DBSID1,
ora<dbsid2> for DBSID2, ora<dbsid3> for DBSID3 and so on.
– pro:
dedicated accounts for every database
Simple approach, has been used for years
Database-specific environment is set when you log on (.dbenv.*)
– contra:
no out-of-the-box segregation of databases possible
No shared Oracle homes for multiple databases
Traditional approach with ‘ora<dbsid>’ as DBA and Software Owner
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. DOAG 2013 48
Database Administration and Security
‚oracle‘ is the software owner for database homes and grid homes
Database and ASM instances run as ‚oracle‘
‚oracle‘ has no environment set for a specific database
– If you use ‚oracle‘ for administration, you must set the environment before
(custom script or oraenv/coraenv)
– However, ‚oracle‘ should not be used for daily database administration
tasks
New approach with ‘oracle:oinstall’ as software owner
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. DOAG 2013 49
Database Administration and Security
Dedicated OS accounts and database accounts for admin tasks should
be created and configured.
Using <sapsid>adm for administration of the database with SAP
BR*Tools ignores segregation between SAP adminstration and Oracle
administration
use a separate OS account for Oracle database administration
New approach with ‘oracle:oinstall’ as software owner
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. DOAG 2013 50
Database Administration and Security
One software owner ‚oracle‘ only one administration user ‚oracle‘ for
all databases. Does this mean less security?
– Only if you use ‚oracle‘ as logon account for DBAs for administration of all
databases. You should follow Oracle security recommendations.
– In the traditional model the Oracle database administrator accounts
ora<dbsid1> and ora<dbsid2> are by default members of the same ‚dba‘
group no segregation of databases and administrators
– In the new model with ‚oracle‘ you can segregate Oracle homes and
Oracle database administrators by using different OSDBA/OSOPER
groups (see SAP Note 1755636).
Segregation of Databases and Job Roles
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. DOAG 2013 51
Administration and Security
1. Create dedicated OS accounts for administration
2. Restrict access to software owner ‚oracle‘ to trusted users and use
‚sudo‘ or similar mechanism to secure and audit the ‚oracle‘ account
3. Create personalized OS accounts for administrators auditing
4. Use separate Oracle homes with different OS groups for database
administration segregation
Oracle Security Recommendations
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. DOAG 2013 53
Job Role Segregation Dedicated Accounts for Dedicated Administration Tasks
/oracle/RDBMS/11203_P DBA for
PRx
Database
Administration
Install & Patch
Software
‚oracle‘
oracle
sudo /oracle/RDBMS/11203_Q
/oracle/PR1/112
PR1
/oracle/PR2/112
PR2
/oracle/QA1/112
QA1
/oracle/QA2/112
QA2
DBA for
QAx Installing & patching
Different OSDBA
/ OSOPER
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. DOAG 2013 54
Summary
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. DOAG 2013 55
Evolution of Oracle Software Installation
Reasons for Oracle Software Installation Changes within Release 11.2
– Full Installation Patch Sets, ASM/RAC, Oracle Engineered Systems,
Shared Oracle Homes, Administration Segregation
One standard installation approach for Oracle database software that
can be used for all different installation types that are currently
supported for SAP (SI, RAC, ASM, Engineered Systems)
– consistent with Oracle security recommendations
– Supports segregation of database administration
Summary
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. DOAG 2013 60
1932366 - Oracle Grid Administrator
1930298 - Restricting Access to Software Owner 'oracle‘
1755636 - Database Administrators Segregation
1710997 - Using Personalized Database Administrator Accounts
1868094 - Overview: Oracle Security SAP Notes
1554661 - Configuration of environment for 'oracle' user
1524205 - Oracle 11.2.0: Database Software Installation
References
SAP Notes
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. DOAG 2013 61
MOS 1189783.1 (Important Changes to Oracle Database Patch Sets Starting With
11.2.0.2)
References
MOS Notes
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. DOAG 2013 62
Questions?
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. DOAG 2013 64
Copyright © 2013, Oracle and/or its affiliates. All rights reserved. DOAG 2013 65
© 2013 SAP AG. All rights reserved.
© 2013 SAP AG. All rights reserved.
No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP AG. The information contained herein may be changed without prior notice.
Some software products marketed by SAP AG and its distributors contain proprietary software components of other software vendors.
Microsoft, Windows, Excel, Outlook, PowerPoint, Silverlight, and Visual Studio are registered trademarks of Microsoft Corporation.
IBM, DB2, DB2 Universal Database, System i, System i5, System p, System p5, System x, System z, System z10, z10, z/VM, z/OS, OS/390, zEnterprise, PowerVM, Power Architecture, Power Systems, POWER7, POWER6+, POWER6, POWER, PowerHA, pureScale, PowerPC, BladeCenter, System Storage, Storwize, XIV, GPFS, HACMP, RETAIN, DB2 Connect, RACF, Redbooks, OS/2, AIX, Intelligent Miner, WebSphere, Tivoli, Informix, and Smarter Planet are trademarks or registered trademarks of IBM Corporation.
Linux is the registered trademark of Linus Torvalds in the United States and other countries.
Adobe, the Adobe logo, Acrobat, PostScript, and Reader are trademarks or registered trademarks of Adobe Systems Incorporated in the United States and other countries.
Oracle and Java are registered trademarks of Oracle and its affiliates.
UNIX, X/Open, OSF/1, and Motif are registered trademarks of the Open Group.
Citrix, ICA, Program Neighborhood, MetaFrame, WinFrame, VideoFrame, and MultiWin are trademarks or registered trademarks of Citrix Systems Inc.
HTML, XML, XHTML, and W3C are trademarks or registered trademarks of W3C®, World Wide Web Consortium, Massachusetts Institute of Technology.
Apple, App Store, iBooks, iPad, iPhone, iPhoto, iPod, iTunes, Multi-Touch, Objective-C, Retina, Safari, Siri, and Xcode are trademarks or registered trademarks of Apple Inc.
IOS is a registered trademark of Cisco Systems Inc.
RIM, BlackBerry, BBM, BlackBerry Curve, BlackBerry Bold, BlackBerry Pearl, BlackBerry Torch, BlackBerry Storm, BlackBerry Storm2, BlackBerry PlayBook, and BlackBerry App World are trademarks or registered trademarks of Research in Motion Limited.
Google App Engine, Google Apps, Google Checkout, Google Data API, Google Maps, Google Mobile Ads, Google Mobile Updater, Google Mobile, Google Store, Google Sync, Google Updater, Google Voice, Google Mail, Gmail, YouTube, Dalvik and Android are trademarks or registered trademarks of Google Inc.
INTERMEC is a registered trademark of Intermec Technologies Corporation.
Wi-Fi is a registered trademark of Wi-Fi Alliance.
Bluetooth is a registered trademark of Bluetooth SIG Inc.
Motorola is a registered trademark of Motorola Trademark Holdings LLC.
Computop is a registered trademark of Computop Wirtschaftsinformatik GmbH.
SAP, R/3, SAP NetWeaver, Duet, PartnerEdge, ByDesign, SAP BusinessObjects Explorer, StreamWork, SAP HANA, and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP AG in Germany and other countries.
Business Objects and the Business Objects logo, BusinessObjects, Crystal Reports, Crystal Decisions, Web Intelligence, Xcelsius, and other Business Objects products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of Business Objects Software Ltd. Business Objects is an SAP company.
Sybase and Adaptive Server, iAnywhere, Sybase 365, SQL Anywhere, and other Sybase products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of Sybase Inc. Sybase is an SAP company.
Crossgate, m@gic EDDY, B2B 360°, and B2B 360° Services are registered trademarks of Crossgate AG in Germany and other countries. Crossgate is an SAP company.
All other product and service names mentioned are the trademarks of their respective companies. Data contained in this document serves informational purposes only. National product specifications may vary.
The information in this document is proprietary to SAP. No part of this document may be reproduced, copied, or transmitted in any form or for any purpose without the express prior written permission of SAP AG.
Top Related