Title: Minimizing risks through deployment standardization
1Minimizing risks through deployment
standardization
- Sudip Datta
- Principal Product Manager
- Oracle Corporation
2Agenda
- High level challenges in software deployment
- Deployment standardization through 10g Grid
Control - Questions and Answers
3Software Deployment challenges
4Deployment Life Cycle Management
Clone
Install
Configure
Upgrade
Activate
Patch
Uninstall
Operate
Deactivate
5Data center labor distribution
Source Giga Forrester research,2003
6Increasing compliance challenges for the CIO
- More and more regulations
- Sarbanes Oxley
- Health Insurance Portability and Accountability
Act - USA Patriot Act
- SEC rules
- More standardization in document management,
deployment life cycle management
7The obstacles
- Wide distribution of hosts
- Variety of platforms and versions
- Different hardware and network topologies
- SAN,NAS,RAC,Dataguard, Load Balancer..
- Too many moving parts for administration
- Security vulnerabilities-frequent interim
patching - According to a recent Aberdeen group study, patch
handling costs businesses in excess of 2 billion
dollars annually. For a leading service provider,
the cost was reported to be as high as 14,400
per server - All the above lead to high risks and direct IT
Management costs
8Key compliance questions-examples
- What is the Oracle version distribution in the
enterprise? - What is the Operating System and Hardware
distribution in the enterprise? - Is there any system that is vulnerable to the
latest Oracle Security patch? - When was one or more systems patched to 9.2.0.6?
- Are all 9.2.0.6 deployments identical?
- What are the databases that are using Advanced
queueing? - What are the databases that are running with
compatible9.0.1?
9Poor Management Tools
10The way forward
- Compliance is important for reducing risk
- Standardization is the means to attaining
compliance - Standardization includes
- Standard configurations
- Standard flavors and versions
- Standard processes and tools
11Deployment management through Grid Control
12Deployment Management
Enterprise Manager
Install/Clone
Provision
Configure
Patch
Secure
13Grid Control deployment functionalities
- Ability to deploy approved, gold images
- Ability to track configuration deviations
- Ability to track change history
- Ability to act on non-compliance
14Oracle software Cloning overview
- Our administrators spend about 25 of their time
on installs and cloning - -Verizon Information Services DBA
- Reduce manual labor in software life-cycle
- From hours to minutes
- Automate mass provisioning of reference systems
- Intelligent Cloning makes context-specific
instantiations
3
Update Inventory
15Scalability through standardization
Development Gold Image
Staging Gold Image
Production Gold Image
Synchronize
Synchronize
Synchronize
Synchronize
Synchronize
16The standardization process
- Reducing complexity by defining smallest possible
bundles of standard software - Rigorous testing of standard bundles before
deployment to production - Complete automation of gold image deployment to
production - Deployments of fully hardened systems
17ORACLE_HOME cloning overview
- Useful to mass deploy tested and approved gold
images - Can be cloned from one source to multiple
destinations of the same platform - The ORACLE_HOME can be patched to any level and
then cloned - The destination ORACLE_HOME is collected and
discovered in EM console -
18ORACLE_HOME cloning in 10.1
- Supported products
- 10g RDBMS OH
- 9.2.0.x RDBMS (with clonerstages)
- 9.0.4 AS standalone J2EE (also with
clonerstages) - For AS 9.0.4, one can only clone a non-clustered,
non-farm J2EE/Webcache mid-tier - RAC, CRS ORACLE_HOME not supported-will be
supported from 10.2 - Does not run root.sh or post install
configuration
19Cloning procedure
- User selects a source ORACLE_HOME and specifies
credentials and temporary directory - User also specifies credentials and destination
directory for all destination hosts - The agent on the source packages the ORACLE_HOME
- -Uses tar on Unix, winzip on Windows
- The OMS brokers an agent to agent http/https file
transfer for all the hosts - One cannot clone between a secure and insecure
agent - The agents should NOT be firewall separated
- In the destination OUI is invoked in clone mode
that replays the install without the copy phase -
20Cloning - choose source
21Cloning - provide source settings
22Cloning specify destination
23Cloning schedule job
24Configuration tracking
- Deployment page gives a centralized, panoramic
view of the enterprise - Oracle software Versions including interim
patches - Operating Systems
- Hardware
- Displays critical patch violations
- Powerful search and compare functionalities for
compliance tracking, reporting and analysis
25Deployment Summary
26Reporting and Analysis
- Powerful ability to search and compare
configurations across stacks - Oracle Software
- Hardware
- Operating Systems software and configurations
- Can be used to detect deviations from reference
configurations - Can also be used to detect differences between a
performant and non-performant host - Easily extensible via SQL
27Powerful search capabilities
28Powerful search capabilities
29Compliance tracking via comparison
30Compliance tracking via comparison
31Compliance tracking via comparison
32Compliance tracking via comparison
33Critical Patch facility
- Live integration with Oracle Metalink
- Refreshes every 24 hours or can be triggered
manually as a job - Flags candidate ORACLE_HOMEs as vulnerable
- In-context integration with the Patching Wizard
- Application of patches supported for DB 9iR2 and
above, AS 9.0.4.1 and above
34Critical Patch facility-advantages
- Reduction in time and cost
- Proactive detection and remedy
- Ability to distribute to and patch multiple
targets at the same time - EM job system supports scheduling and retry
35Critical Patch Facility
36Critical Patch Facility
37Summary of overall benefits
- Ease of deployment leading to lower cost of
ownership - Proactive tracking of vulnerabilities leading to
lower security risk - Rich reporting and analysis leading to smarter
reactive operations
38Useful DBA references
- Database patching whitepaper
- www.oracle.com/technology/ products/oem/pdf/db_pat
ching.pdf - Cloning internals whitepaper
- www.oracle.com/technology/tech/grid/collateral/dep
loyment_usage_wp.pdf - AS Cloning whitepaper
- http//www.oracle.com/technology/products/ias/pdf/
cloning_white_paper.pdf - Various Support notes on cloning,patching
(including opatch)
39Questions and Answers
40Thank you