Minimizing risks through deployment standardization - PowerPoint PPT Presentation

About This Presentation
Title:

Minimizing risks through deployment standardization

Description:

High level challenges in software deployment. Deployment standardization ... Health Insurance Portability and Accountability Act. USA Patriot Act. SEC rules ... – PowerPoint PPT presentation

Number of Views:44
Avg rating:3.0/5.0
Slides: 41
Provided by: noc8
Learn more at: http://www.nocoug.org
Category:

less

Transcript and Presenter's Notes

Title: Minimizing risks through deployment standardization


1
Minimizing risks through deployment
standardization
  • Sudip Datta
  • Principal Product Manager
  • Oracle Corporation

2
Agenda
  • High level challenges in software deployment
  • Deployment standardization through 10g Grid
    Control
  • Questions and Answers

3
Software Deployment challenges
4
Deployment Life Cycle Management
Clone
Install
Configure
Upgrade
Activate
Patch
Uninstall
Operate
Deactivate
5
Data center labor distribution
Source Giga Forrester research,2003
6
Increasing compliance challenges for the CIO
  • More and more regulations
  • Sarbanes Oxley
  • Health Insurance Portability and Accountability
    Act
  • USA Patriot Act
  • SEC rules
  • More standardization in document management,
    deployment life cycle management

7
The obstacles
  • Wide distribution of hosts
  • Variety of platforms and versions
  • Different hardware and network topologies
  • SAN,NAS,RAC,Dataguard, Load Balancer..
  • Too many moving parts for administration
  • Security vulnerabilities-frequent interim
    patching
  • According to a recent Aberdeen group study, patch
    handling costs businesses in excess of 2 billion
    dollars annually. For a leading service provider,
    the cost was reported to be as high as 14,400
    per server
  • All the above lead to high risks and direct IT
    Management costs

8
Key compliance questions-examples
  • What is the Oracle version distribution in the
    enterprise?
  • What is the Operating System and Hardware
    distribution in the enterprise?
  • Is there any system that is vulnerable to the
    latest Oracle Security patch?
  • When was one or more systems patched to 9.2.0.6?
  • Are all 9.2.0.6 deployments identical?
  • What are the databases that are using Advanced
    queueing?
  • What are the databases that are running with
    compatible9.0.1?

9
Poor Management Tools
10
The way forward
  • Compliance is important for reducing risk
  • Standardization is the means to attaining
    compliance
  • Standardization includes
  • Standard configurations
  • Standard flavors and versions
  • Standard processes and tools

11
Deployment management through Grid Control
12
Deployment Management
Enterprise Manager

Install/Clone
Provision
Configure
Patch
Secure
13
Grid Control deployment functionalities
  • Ability to deploy approved, gold images
  • Ability to track configuration deviations
  • Ability to track change history
  • Ability to act on non-compliance

14
Oracle software Cloning overview
  • Our administrators spend about 25 of their time
    on installs and cloning
  • -Verizon Information Services DBA
  • Reduce manual labor in software life-cycle
  • From hours to minutes
  • Automate mass provisioning of reference systems
  • Intelligent Cloning makes context-specific
    instantiations

3
Update Inventory
15
Scalability through standardization
Development Gold Image
Staging Gold Image
Production Gold Image
Synchronize
Synchronize
Synchronize
Synchronize
Synchronize
16
The standardization process
  • Reducing complexity by defining smallest possible
    bundles of standard software
  • Rigorous testing of standard bundles before
    deployment to production
  • Complete automation of gold image deployment to
    production
  • Deployments of fully hardened systems

17
ORACLE_HOME cloning overview
  • Useful to mass deploy tested and approved gold
    images
  • Can be cloned from one source to multiple
    destinations of the same platform
  • The ORACLE_HOME can be patched to any level and
    then cloned
  • The destination ORACLE_HOME is collected and
    discovered in EM console

18
ORACLE_HOME cloning in 10.1
  • Supported products
  • 10g RDBMS OH
  • 9.2.0.x RDBMS (with clonerstages)
  • 9.0.4 AS standalone J2EE (also with
    clonerstages)
  • For AS 9.0.4, one can only clone a non-clustered,
    non-farm J2EE/Webcache mid-tier
  • RAC, CRS ORACLE_HOME not supported-will be
    supported from 10.2
  • Does not run root.sh or post install
    configuration

19
Cloning procedure
  • User selects a source ORACLE_HOME and specifies
    credentials and temporary directory
  • User also specifies credentials and destination
    directory for all destination hosts
  • The agent on the source packages the ORACLE_HOME
  • -Uses tar on Unix, winzip on Windows
  • The OMS brokers an agent to agent http/https file
    transfer for all the hosts
  • One cannot clone between a secure and insecure
    agent
  • The agents should NOT be firewall separated
  • In the destination OUI is invoked in clone mode
    that replays the install without the copy phase

20
Cloning - choose source
21
Cloning - provide source settings
22
Cloning specify destination
23
Cloning schedule job
24
Configuration tracking
  • Deployment page gives a centralized, panoramic
    view of the enterprise
  • Oracle software Versions including interim
    patches
  • Operating Systems
  • Hardware
  • Displays critical patch violations
  • Powerful search and compare functionalities for
    compliance tracking, reporting and analysis

25
Deployment Summary
26
Reporting and Analysis
  • Powerful ability to search and compare
    configurations across stacks
  • Oracle Software
  • Hardware
  • Operating Systems software and configurations
  • Can be used to detect deviations from reference
    configurations
  • Can also be used to detect differences between a
    performant and non-performant host
  • Easily extensible via SQL

27
Powerful search capabilities
28
Powerful search capabilities
29
Compliance tracking via comparison
30
Compliance tracking via comparison
31
Compliance tracking via comparison
32
Compliance tracking via comparison
33
Critical Patch facility
  • Live integration with Oracle Metalink
  • Refreshes every 24 hours or can be triggered
    manually as a job
  • Flags candidate ORACLE_HOMEs as vulnerable
  • In-context integration with the Patching Wizard
  • Application of patches supported for DB 9iR2 and
    above, AS 9.0.4.1 and above

34
Critical Patch facility-advantages
  • Reduction in time and cost
  • Proactive detection and remedy
  • Ability to distribute to and patch multiple
    targets at the same time
  • EM job system supports scheduling and retry

35
Critical Patch Facility
36
Critical Patch Facility
37
Summary of overall benefits
  • Ease of deployment leading to lower cost of
    ownership
  • Proactive tracking of vulnerabilities leading to
    lower security risk
  • Rich reporting and analysis leading to smarter
    reactive operations

38
Useful DBA references
  • Database patching whitepaper
  • www.oracle.com/technology/ products/oem/pdf/db_pat
    ching.pdf
  • Cloning internals whitepaper
  • www.oracle.com/technology/tech/grid/collateral/dep
    loyment_usage_wp.pdf
  • AS Cloning whitepaper
  • http//www.oracle.com/technology/products/ias/pdf/
    cloning_white_paper.pdf
  • Various Support notes on cloning,patching
    (including opatch)

39
Questions and Answers
40
Thank you
Write a Comment
User Comments (0)
About PowerShow.com