Minimizing risks through deployment standardization Sudip Datta Principal Product Manager Oracle Corporation Agenda High level challenges in software deployment Deployment standardization through 10g Grid Control
Download
Report
Transcript Minimizing risks through deployment standardization Sudip Datta Principal Product Manager Oracle Corporation Agenda High level challenges in software deployment Deployment standardization through 10g Grid Control
Minimizing risks through deployment
standardization
Sudip Datta
Principal Product Manager
Oracle Corporation
Agenda
High level challenges in software deployment
Deployment standardization through 10g Grid
Control
Questions and Answers
Software Deployment challenges
Deployment Life Cycle Management
Upgrade
Clone
And
Update
Install
Configure
Upgrade
Activate
Patch
Uninstall
Deactivate
Activate
Operate
Install and
Configure
Data center labor distribution
5
40
25
5
5
Backup/recovery
License/Doc/Training
Performance/Troubleshoot
Install/Upgrade/Patch
Security/Planning
Source: Giga Forrester research,2003
Increasing compliance challenges
for the CIO
More and more regulations
–
–
–
–
Sarbanes Oxley
Health Insurance Portability and Accountability
Act
USA Patriot Act
SEC rules
More standardization in document
management, deployment life cycle
management
The obstacles
Wide distribution of hosts
Variety of platforms and versions
Different hardware and network topologies
–
SAN,NAS,RAC,Dataguard, Load Balancer…..
Too many moving parts for administration
Security vulnerabilities-frequent interim patching
–
According to a recent Aberdeen group study, patch handling costs
businesses in excess of 2 billion dollars annually. For a leading service
provider, the cost was reported to be as high as $14,400 per server
All the above lead to high risks and direct IT
Management costs
Key compliance questions-examples
What is the Oracle version distribution in the enterprise?
What is the Operating System and Hardware distribution in the
enterprise?
Is there any system that is vulnerable to the latest Oracle Security
patch?
When was one or more systems patched to 9.2.0.6?
Are all 9.2.0.6 deployments identical?
What are the databases that are using “Advanced queueing”?
What are the databases that are running with compatible=9.0.1?
Poor Management Tools
The way forward
Compliance is important for reducing risk
Standardization is the means to attaining
compliance
Standardization includes
–
–
–
Standard configurations
Standard flavors and versions
Standard processes and tools
Deployment management through
Grid Control
Deployment Management
Oracle
Inventory
Software
Configurations
Hardware
Configurations
View/Search
Enterprise
Manager
Compare/Diff
Change Tracking
Reference
Configurations
Install/Clone
Oracle.com
Configure
Product Updates
Patch
Patches
Secure
Product
Configuration
Grid Control deployment functionalities
Ability to deploy approved, gold images
Ability to track configuration deviations
Ability to track change history
Ability to act on non-compliance
Oracle software Cloning overview
“Our administrators spend about 25% of their time on installs and
cloning”
-Verizon Information Services DBA
Reduce manual labor in software life-cycle
–
1
From hours to minutes
Automate mass provisioning of reference systems
Intelligent Cloning makes context-specific instantiations
Select Software (and
Instances) to Clone
Clone to
Selected
Targets
2
3
Update
Inventory
Scalability through standardization
Development
Staging
Production
Synchronize
Gold Image
Gold Image
Gold Image
Synchronize
The standardization process
Reducing complexity by defining smallest
possible bundles of standard software
Rigorous testing of standard bundles before
deployment to production
Complete automation of gold image
deployment to production
Deployments of fully hardened systems
ORACLE_HOME cloning overview
Useful to mass deploy tested and approved “gold
images”
Can be cloned from one source to multiple
destinations of the same platform
The ORACLE_HOME can be patched to any level
and then cloned
The destination ORACLE_HOME is collected and
discovered in EM console
ORACLE_HOME cloning in 10.1
Supported products:
–
–
–
10g RDBMS OH
9.2.0.x RDBMS (with clonerstages)
9.0.4 AS standalone J2EE (also with clonerstages)
For AS 9.0.4, one can only clone a non-clustered,
non-farm J2EE/Webcache mid-tier
RAC, CRS ORACLE_HOME not supported-will be
supported from 10.2
Does not run root.sh or post install configuration
Cloning procedure
User selects a source ORACLE_HOME and specifies
credentials and temporary directory
User also specifies credentials and destination directory
for all destination hosts
The agent on the source packages the ORACLE_HOME
–
-Uses tar on Unix, winzip on Windows
The OMS brokers an agent to agent http/https file
transfer for all the hosts
–
–
One cannot clone between a secure and insecure agent
The agents should NOT be firewall separated
In the destination OUI is invoked in clone mode that
replays the install without the copy phase
Cloning - choose source
Cloning - provide source settings
Cloning – specify destination
Cloning – schedule job
Configuration tracking
Deployment page gives a centralized,
panoramic view of the enterprise
–
–
–
Oracle software Versions including interim
patches
Operating Systems
Hardware
Displays critical patch violations
Powerful search and compare
functionalities for compliance tracking,
reporting and analysis
Deployment Summary
Reporting and Analysis
Powerful ability to search and compare configurations
across stacks
–
–
–
Oracle Software
Hardware
Operating Systems software and configurations
Can be used to detect deviations from reference
configurations
Can also be used to detect differences between a
‘performant’ and ‘non-performant’ host
Easily extensible via SQL
Powerful search capabilities
Powerful search capabilities
Compliance tracking via comparison
Compliance tracking via comparison
Compliance tracking via comparison
Compliance tracking via comparison
Critical Patch facility
Live integration with Oracle Metalink
Refreshes every 24 hours or can be
triggered manually as a job
Flags candidate ORACLE_HOMEs as
vulnerable
In-context integration with the Patching
Wizard
Application of patches supported for DB
9iR2 and above, AS 9.0.4.1 and above
Critical Patch facility-advantages
Reduction in time and cost
–
–
–
Proactive detection and remedy
Ability to distribute to and patch multiple
targets at the same time
EM job system supports scheduling and retry
Critical Patch Facility
Critical Patch Facility
Summary of overall benefits
Ease of deployment leading to lower cost
of ownership
Proactive tracking of vulnerabilities
leading to lower security risk
Rich reporting and analysis leading to
smarter reactive operations
Useful DBA references
Database patching whitepaper
–
www.oracle.com/technology/ products/oem/pdf/db_patching.pdf
Cloning internals whitepaper
–
www.oracle.com/technology/tech/grid/collateral/deployment_usag
e_wp.pdf
AS Cloning whitepaper
–
http://www.oracle.com/technology/products/ias/pdf/cloning_white_
paper.pdf
Various Support notes on cloning,patching (including
opatch)
Questions and Answers
Thank you