Minimizing risks through deployment standardization Sudip Datta Principal Product Manager Oracle Corporation

Agenda  High level challenges in software deployment  Deployment standardization through 10g Grid Control  Questions and Answers

Software Deployment challenges

Deployment Life Cycle Management Install and Configure Activate Upgrade And Update Install Configure Activate Operate Clone Upgrade Patch Uninstall Deactivate

Data center labor distribution Source: Giga Forrester research,2003

Increasing compliance challenges for the CIO  More and more regulations – Sarbanes Oxley – Health Insurance Portability and Accountability Act – USA Patriot Act – SEC rules  More standardization in document management, deployment life cycle management

 Wide distribution of hosts  Variety of platforms and versions  Different hardware and network topologies – SAN,NAS,RAC,Dataguard, Load Balancer…..  Too many moving parts for administration  Security vulnerabilities-frequent interim patching – According to a recent Aberdeen group study, patch handling costs businesses in excess of 2 billion dollars annually. For a leading service provider, the cost was reported to be as high as $14,400 per server  All the above lead to high risks and direct IT Management costs The obstacles

Key compliance questions-examples  What is the Oracle version distribution in the enterprise?  What is the Operating System and Hardware distribution in the enterprise?  Is there any system that is vulnerable to the latest Oracle Security patch?  When was one or more systems patched to ?  Are all deployments identical?  What are the databases that are using “Advanced queueing”?  What are the databases that are running with compatible=9.0.1?

Poor Management Tools

The way forward  Compliance is important for reducing risk  Standardization is the means to attaining compliance  Standardization includes – Standard configurations – Standard flavors and versions – Standard processes and tools

Deployment management through Grid Control

View/Search Compare/Diff Change Tracking Reference Configurations Analyze Install/Clone Configure Patch Secure Provision LiveLink Oracle.com Product Updates Patches Product Configuration Oracle Inventory Software Configurations Hardware Configurations Discover Deployment Management Enterprise Manager

Grid Control deployment functionalities  Ability to deploy approved, gold images  Ability to track configuration deviations  Ability to track change history  Ability to act on non-compliance

Oracle software Cloning overview  Reduce manual labor in software life-cycle – From hours to minutes  Automate mass provisioning of reference systems  Intelligent Cloning makes context-specific instantiations Update Inventory Clone to Selected Targets 2 3 Select Software (and Instances) to Clone 1 “Our administrators spend about 25% of their time on installs and cloning” -Verizon Information Services DBA

Scalability through standardization Development Gold Image Staging Gold Image Production Gold Image Synchronize

The standardization process  Reducing complexity by defining smallest possible bundles of standard software  Rigorous testing of standard bundles before deployment to production  Complete automation of gold image deployment to production  Deployments of fully hardened systems

ORACLE_HOME cloning overview  Useful to mass deploy tested and approved “gold images”  Can be cloned from one source to multiple destinations of the same platform  The ORACLE_HOME can be patched to any level and then cloned  The destination ORACLE_HOME is collected and discovered in EM console

ORACLE_HOME cloning in 10.1  Supported products: – 10g RDBMS OH – x RDBMS (with clonerstages) – AS standalone J2EE (also with clonerstages)  For AS 9.0.4, one can only clone a non-clustered, non-farm J2EE/Webcache mid-tier  RAC, CRS ORACLE_HOME not supported-will be supported from 10.2  Does not run root.sh or post install configuration

Cloning procedure  User selects a source ORACLE_HOME and specifies credentials and temporary directory  User also specifies credentials and destination directory for all destination hosts  The agent on the source packages the ORACLE_HOME – -Uses tar on Unix, winzip on Windows  The OMS brokers an agent to agent http/https file transfer for all the hosts – One cannot clone between a secure and insecure agent – The agents should NOT be firewall separated  In the destination OUI is invoked in clone mode that replays the install without the copy phase

Cloning - choose source

Cloning - provide source settings

Cloning – specify destination

Cloning – schedule job

Configuration tracking  Deployment page gives a centralized, panoramic view of the enterprise – Oracle software Versions including interim patches – Operating Systems – Hardware  Displays critical patch violations  Powerful search and compare functionalities for compliance tracking, reporting and analysis

Deployment Summary

Reporting and Analysis  Powerful ability to search and compare configurations across stacks – Oracle Software – Hardware – Operating Systems software and configurations  Can be used to detect deviations from reference configurations  Can also be used to detect differences between a ‘performant’ and ‘non-performant’ host  Easily extensible via SQL

Powerful search capabilities

Compliance tracking via comparison

Critical Patch facility  Live integration with Oracle Metalink  Refreshes every 24 hours or can be triggered manually as a job  Flags candidate ORACLE_HOMEs as vulnerable  In-context integration with the Patching Wizard  Application of patches supported for DB 9iR2 and above, AS and above

Critical Patch facility-advantages  Reduction in time and cost – Proactive detection and remedy – Ability to distribute to and patch multiple targets at the same time – EM job system supports scheduling and retry

Critical Patch Facility

Summary of overall benefits  Ease of deployment leading to lower cost of ownership  Proactive tracking of vulnerabilities leading to lower security risk  Rich reporting and analysis leading to smarter reactive operations

Useful DBA references  Database patching whitepaper – products/oem/pdf/db_patching.pdf  Cloning internals whitepaper – e_wp.pdf  AS Cloning whitepaper – paper.pdf  Various Support notes on cloning,patching (including opatch)

Questions and Answers

Thank you