Minimizing risks through deployment standardization Sudip Datta Principal Product Manager Oracle Corporation Agenda High level challenges in software deployment Deployment standardization through 10g Grid Control
Download ReportTranscript Minimizing risks through deployment standardization Sudip Datta Principal Product Manager Oracle Corporation Agenda High level challenges in software deployment Deployment standardization through 10g Grid Control
Minimizing risks through deployment standardization Sudip Datta Principal Product Manager Oracle Corporation Agenda High level challenges in software deployment Deployment standardization through 10g Grid Control Questions and Answers Software Deployment challenges Deployment Life Cycle Management Upgrade Clone And Update Install Configure Upgrade Activate Patch Uninstall Deactivate Activate Operate Install and Configure Data center labor distribution 5 40 25 5 5 Backup/recovery License/Doc/Training Performance/Troubleshoot Install/Upgrade/Patch Security/Planning Source: Giga Forrester research,2003 Increasing compliance challenges for the CIO More and more regulations – – – – Sarbanes Oxley Health Insurance Portability and Accountability Act USA Patriot Act SEC rules More standardization in document management, deployment life cycle management The obstacles Wide distribution of hosts Variety of platforms and versions Different hardware and network topologies – SAN,NAS,RAC,Dataguard, Load Balancer….. Too many moving parts for administration Security vulnerabilities-frequent interim patching – According to a recent Aberdeen group study, patch handling costs businesses in excess of 2 billion dollars annually. For a leading service provider, the cost was reported to be as high as $14,400 per server All the above lead to high risks and direct IT Management costs Key compliance questions-examples What is the Oracle version distribution in the enterprise? What is the Operating System and Hardware distribution in the enterprise? Is there any system that is vulnerable to the latest Oracle Security patch? When was one or more systems patched to 9.2.0.6? Are all 9.2.0.6 deployments identical? What are the databases that are using “Advanced queueing”? What are the databases that are running with compatible=9.0.1? Poor Management Tools The way forward Compliance is important for reducing risk Standardization is the means to attaining compliance Standardization includes – – – Standard configurations Standard flavors and versions Standard processes and tools Deployment management through Grid Control Deployment Management Oracle Inventory Software Configurations Hardware Configurations View/Search Enterprise Manager Compare/Diff Change Tracking Reference Configurations Install/Clone Oracle.com Configure Product Updates Patch Patches Secure Product Configuration Grid Control deployment functionalities Ability to deploy approved, gold images Ability to track configuration deviations Ability to track change history Ability to act on non-compliance Oracle software Cloning overview “Our administrators spend about 25% of their time on installs and cloning” -Verizon Information Services DBA Reduce manual labor in software life-cycle – 1 From hours to minutes Automate mass provisioning of reference systems Intelligent Cloning makes context-specific instantiations Select Software (and Instances) to Clone Clone to Selected Targets 2 3 Update Inventory Scalability through standardization Development Staging Production Synchronize Gold Image Gold Image Gold Image Synchronize The standardization process Reducing complexity by defining smallest possible bundles of standard software Rigorous testing of standard bundles before deployment to production Complete automation of gold image deployment to production Deployments of fully hardened systems ORACLE_HOME cloning overview Useful to mass deploy tested and approved “gold images” Can be cloned from one source to multiple destinations of the same platform The ORACLE_HOME can be patched to any level and then cloned The destination ORACLE_HOME is collected and discovered in EM console ORACLE_HOME cloning in 10.1 Supported products: – – – 10g RDBMS OH 9.2.0.x RDBMS (with clonerstages) 9.0.4 AS standalone J2EE (also with clonerstages) For AS 9.0.4, one can only clone a non-clustered, non-farm J2EE/Webcache mid-tier RAC, CRS ORACLE_HOME not supported-will be supported from 10.2 Does not run root.sh or post install configuration Cloning procedure User selects a source ORACLE_HOME and specifies credentials and temporary directory User also specifies credentials and destination directory for all destination hosts The agent on the source packages the ORACLE_HOME – -Uses tar on Unix, winzip on Windows The OMS brokers an agent to agent http/https file transfer for all the hosts – – One cannot clone between a secure and insecure agent The agents should NOT be firewall separated In the destination OUI is invoked in clone mode that replays the install without the copy phase Cloning - choose source Cloning - provide source settings Cloning – specify destination Cloning – schedule job Configuration tracking Deployment page gives a centralized, panoramic view of the enterprise – – – Oracle software Versions including interim patches Operating Systems Hardware Displays critical patch violations Powerful search and compare functionalities for compliance tracking, reporting and analysis Deployment Summary Reporting and Analysis Powerful ability to search and compare configurations across stacks – – – Oracle Software Hardware Operating Systems software and configurations Can be used to detect deviations from reference configurations Can also be used to detect differences between a ‘performant’ and ‘non-performant’ host Easily extensible via SQL Powerful search capabilities Powerful search capabilities Compliance tracking via comparison Compliance tracking via comparison Compliance tracking via comparison Compliance tracking via comparison Critical Patch facility Live integration with Oracle Metalink Refreshes every 24 hours or can be triggered manually as a job Flags candidate ORACLE_HOMEs as vulnerable In-context integration with the Patching Wizard Application of patches supported for DB 9iR2 and above, AS 9.0.4.1 and above Critical Patch facility-advantages Reduction in time and cost – – – Proactive detection and remedy Ability to distribute to and patch multiple targets at the same time EM job system supports scheduling and retry Critical Patch Facility Critical Patch Facility Summary of overall benefits Ease of deployment leading to lower cost of ownership Proactive tracking of vulnerabilities leading to lower security risk Rich reporting and analysis leading to smarter reactive operations Useful DBA references Database patching whitepaper – www.oracle.com/technology/ products/oem/pdf/db_patching.pdf Cloning internals whitepaper – www.oracle.com/technology/tech/grid/collateral/deployment_usag e_wp.pdf AS Cloning whitepaper – http://www.oracle.com/technology/products/ias/pdf/cloning_white_ paper.pdf Various Support notes on cloning,patching (including opatch) Questions and Answers Thank you