This post is part of a series of blog posts on the Oracle Autonomous Database.

Resource Components:

1. Exadata Infrastructure
2. Container Database
3. Autonomous Database

• Fleet Administrator provisions Exadata Infrastructure by specifying its size, availability domain, and region
• Fleet Administrator then partitions the system by provisioning desired clusters and container databases
• Developers & DBAs provision databases (PDBs) within container databases
• Billing is based on size of Exadata Infrastructure and number of CPUs used by the databases

ADB-Dedicated General Selection Considerations

• Higher cost entry. Must subscribe to minimum 48 hours Exadata Infrastructure
• Includes Availability Domain placement controls for latency sensitive apps
• Policy controls for patch scheduling and software versioning.
  Oracle manages all patching, but you can control what version and when.
• You must setup a VCN for ADB-D. It is mandatory. VCN must exist before provisioning Exadata infrastructure.

ADB Feature Comparison

Feature | ADB Dedicated | ADB Shared

Create Tablespace | YES | NO
Transparent Application Continuity | YES | NO (Application Continuity only)
Clone Support | YES | YES
Profile | YES | NO
Auto Scaling | YES | YES
OCI Notification Services Integrated | YES | NO (Classic Admin Notifications)
EM Monitoring | YES | NO
Private Single Tenant | YES | NO
Controllable Software Update Version | YES | NO
Controllable Software Update Schedule | YES | NO
Availability Domain Placement Choice | YES | NO
Non-TLS SQL*Net | YES | NO

This post is part of a series of blog posts on the Oracle Autonomous Database.

Connecting to the Oracle Autonomous Database relies upon a wallet to help with an encrypted SSL connection over the public internet. Keep in mind that the wallet is mandatory when connecting to Autonomous Database Shared. However, with Autonomous Database Dedicated, you can choose to connect directly without using a wallet. So most of this post is 100% required when connecting to the Autonomous Database Shared. It’s optional when connecting to Dedicated.

So with that being said, all apps will use a secure connection to connect to the Autonomous Database, and the Autonomous Database uses certificate authentication and SSL. This ensures that no unauthorized access is available to the ADB, and it also ensures that communications between the app and the server are fully encrypted and cannot be intercepted or altered. This information that’s required to authenticate to the database is stored in a wallet that’s available on both the client (where your application is running) and the server (where your database is running), and is automatically generated for you when provisioning the Autonomous Database.

When you actually download this wallet from your Autonomous Database, you’ll see there’s a collection of files that are included with it– like a couple of key files– in addition to a TNS entry, a tnsnames names file, and a sqlnet file. These files have existing service handles and connect strings to connect to your Autonomous Database. And you will also see there’s a readme file. The readme file contains information about when the wallet is expected to expire. And just so you know, the expiration date of a wallet is around about 2 and 1/2 year mark. So you’re looking at a long period of time before these wallets do expire. And you will get warnings before that’s required to replace it.

There are two types of wallets:

For ADB-Shared:

• Instance Wallet file
  Instance wallet contains only credentials and keys for a single Autonomous Database
  
• Regional Wallet file
  Regional wallet contains credentials and keys for all Autonomous DBs in a specified region.
  Regional wallets should only be used by DBAs.

For ADB-Dedicated, the wallet file contains only credentials and keys for a single autonomous database. There is no regional file.

The ADB only accepts secure connections to the database, and you need to download that wallet first. You can download it both from the DB Connection button on your main instance details page, as well as through the Service Console. You can also use API calls to download the wallet as well. It’s definitely a good practice to store the credential file in a secured location and only share the file contents with people that have authorized access. However, with that file alone, you cannot connect to the database. You still need to know the database password. It provides a secure way to connect to your database to route you to it, but not to actually log into the database.

You also have the option to rotate either the instance wallet or the region wallet. If you rotate the instance wallet, all the keys for that associated instance are discarded, and it generates a completely new wallet. With a regional wallet, if I were to replace or rotate my instance, the regional wallet will continue to work. However, all existing connections will continue to work, but any new connections will be terminated and will need to be re-established using the new wallet. So ADB gracefully allows the controlled operation of rotating your wallet.

Predefined Database Service Names

If you look inside your wallet file, you will notice that there are several connections that are predefined for you– connection services– depending what service you’re running.

• tpurgent (ATP only):
  The highest priority application connection service for time critical OLTP operations.
  This connection supports manual parallelism
  Share of resources: 12
  
• tp (ATP only):
  A typical application connection service for OLTP operations.
  This connection service does not run with parallelism.
  Share of resources: 8
  
• high:
  A high priority application connection service for reporting and batch operations.
  All operations run in parallel and are subject to queuing.
  Share of resources: 4
  
• medium:
  A typical application connection service for reporting and batch operations.
  All operations run in parallel and are subject to queuing.
  Using this service, the degree of parallelism is limited to 1.25 × OCPUs
  Share of resources: 2
  
• low:
  A lowest priority application connection service for reporting and batch processing operations.
  This connection service does not run with parallelism.
  Share of resources: 1

Please note: After connecting to the database using one service, do not attempt to manually switch that connection to a different service by simply changing the consumer group of the connection. When you connect using a service, ADB performs more actions to configure the connection than just setting its consumer group.

If we were running an Autonomous Data Warehouse (ADW), we would only have high, medium, and low. In the case of Autonomous Transaction Processing (ATP), we have both tpurgent and tp in addition to high, medium, and low. When you go to download or to connect to the database, the autonomous database will automatically create the service handles for you. But they will be prefixed with your database name. e.g. dbname_high, dbname_medium, and dbname_low.

The tp and tpurgent are focused on OLTP workloads, they’re intended to support a very high concurrency. As you would typically see for a transactional workload, you’ll see that ADB supports up to 100 times the number of CPUs before it starts queuing, versus the high, medium, and low data warehouse ones have a limitation on the number of concurrent sessions that you would see connected to the database.

With that being said, the parallelism for the high, medium, and low is different. For high, ADB allows you to run parallelism– so operating parallel operations that might run with parallel query can run across all CPUs. Medium would run with a default of 4, and low would run with a default of 1. And it’s not possible to change that for low.

With OLTP, ADB explicitly sets tp as only ever using one parallel query slave. And that’s because this is a transactional workload. It’s not typical to run things with parallel query enabled. If, however, you have some batch process or some operation that requires some level of parallelism, if you’re using tpurgent as your service to connect to, you can explicitly define your parallel degree on the operation you’re performing.

Now, in addition to parallelism, ADB also controls the amount of resource shares. So you’ll notice OLTP tpurgent has a high number of shares of resources that it gets slices to, if you wish. tp doesn’t have as high a number of resource shares, but it is up there, because we’re intending to run operations concurrently and simultaneously. And in transactional workloads, typically you’re going to see these will be short, bursty style operations.

With warehouse, batch, and reporting, on the other hand, the number of resource shares you get are diminished. And that’s because the idea is this is more of an ad-hoc, asynchronous style of performing work, where the units of work could be varied in complexity and size. So we typically do not share as many of these resources, bearing in mind that these resources could also be consuming a lot of memory or running for an inordinate amount of time when compared to an OLTP workload.

So connecting to the Autonomous Database– I will point out that the Autonomous Database licensed on port 1522. And that’s the standard on ADB Shared. And it’s the default for ADB Dedicated. All connections, as I pointed out earlier, are using SSL for encryption. And then, unlike other cloud services, you do not have a Unix command line interface on the system you’re connecting to. Whether you’re running in Autonomous Database Shared or Dedicated, you do not have access to the underlying operating system.

Having said that, all Autonomous Databases can be connected through the typical client utilities, such as SQL*Net, JDBC thick or thin, OCI, etc. Remember, the clients will require the security credentials wallet to connect when using those tools. And there’s a few connectivity options. The first one is through the public internet. And when connecting through the public internet, you could do public endpoints or private endpoints. So there’s two parts to that.

And then the additional approach is using the FastConnect model with public peering, in which you could connect through either a private connection from an on-premise network or from another cloud vendor. And obviously, through public internet, you could set up private endpoints, or you could set up a FastConnect private connectivity to other clouds. FastConnect is useful for extremely high bandwidth. Perhaps you have an application tier that does require the benefit of being on a dedicated pipe to connect to.

There is no SYS or SYSTEM. Admin is the highest user you will have in an Autonomous Database.

Transparent Application Continuity

Preconfigured with Autonomous Dedicated and can be enabled in Autonomous-Shared with DBMS_CLOUD_ADMIN.ENABLE_APP_CONT

Transparent application continuity is there to help with failover and masking transferring of instances from one machine to another. So remember, Autonomous Shared provides application continuity versus Dedicated provides the full on transparent application continuity. Both have a full view of session state, but application continuity allows customers the flexibility to keep their side effects and restore more complex states, such as session during lobs at failover for example. And you can use the ORAchk protection report to identify the protection level, to see where things are at.

Oracle Call Interface (OCI), ODBC, JDBC, OCI

• Wallet File is required
• Set WALLET_LOCATION in sqlnet.ora
• Set TNS_ADMIN environment variable to credentials file
• Oracle Client 11.2.0.4 or higher
• HTTP Proxy in tnsnames.ora

So to connect through OCI, the traditional TNS model, you still require your wallet. But you would set your wallet location in the sqlnet.ora file, and you would point to wherever it is you’ve downloaded that wallet. Once you’ve done that, SQLNet, if you’re running a client 11.2.0.4 or higher, is capable of knowing and reading that wallet to find what it needs. And you would also set your TNS_ADMIN environment variable to point to that location of that wallet, or where you’ve put your tnsnames.ora file if you’ve unzipped your wallet.

Connecting with .NET applications, you would download and install ODT and ODP.NET. And then you can go ahead and run Visual Studio, and use the NuGet package manager, and then you can download ODAC, which is the Oracle Data Access Components for Windows. Once you’ve got all that configured and setup, you can then set your wallet location in sqlnet.ora, and you would ensure that you’ve set TLS 1.2 to be enabled. And then your .NET applications will connect no problem.

JDBC Thin or Universal Connection Pool (UCP)

A couple of requirements– you need to install JDK8u161 or higher. Or just use JDK9, and you’re good to go– or higher. And you would download either the JDBC Thin driver, ojdbc8.jar. Or you could use the 12.1 version, and you would patch it up to use the upc.jar for the universal connection pool.

Once you’ve set that up or you’ve got the correct driver working, you would want to go ahead and copy the ojdbc.properties file, which is inside your wallet. You could unzip your wallet, copy those contents to your TNS_ADMIN directory, set the properties to be your net wallet location. And then the JDCB URL is going to use oracel:thin@service_name– so the service name that’s inside your tns entry is what you would point to.

Now, if you’re not using a TNS_ADMIN environment variable, if you’ve not set that, you would then point to the TNS_ADMIN = wallet directory as part of your connect string. If you’re using a HTTP proxy– perhaps you have a proxy server to block your requests– that can easily be configured. You would add the HTTP proxy hostname to tnsnames.ora very easily. And that’s documented for you as well.

Using SQLNet connections

Changes required to sqlnet.ora

WALLET_LOCATION = (SOURCE = (METHOD = file) (METHOD_DATA = (DIRECTORY=”?/network/admin”)))
SSL_SERVER_DN_MATCH=yes

ADB also supports connecting through Python, Node,js, and other scripting languages. You install the Instant Client, install the language driver, unzip the credentials wallet, and use the TNS entry file with the various contents. In some cases, like Python, you can simply run a yum install command to get that.

Perl: DBD-Oracle
Python: cx_Oracle
Node.js: Node-oracledb
PHP: PHP OCI8 or PDO_OCI
Ruby: Ruby-oci8

ADB also supports connecting through Active Directory. So if you are running Active Directory, traditionally, in the past, you would have been expected to authenticate through your LDAP repository, Oracle LDAP. Now, since Oracle 18c, we are able to directly connect to Active Directory and authorize and authenticate your users and manage them through Active Directory and have them routed to your Autonomous Database. So if you have a Windows or a Microsoft-based application that uses Active Directory to connect to your workloads, that is supported to work natively with the Autonomous Database. Just keep in mind that when using Autonomous Database with Active Directory, both users and roles are mapped in Active Directory and not in the Autonomous Database.

This post is part of a series of blog posts on the Oracle Autonomous Database.

Patching

For ADB-Shared:

• Oracle patches the database during scheduled maintenance windows
• The database remains available throughout the maintenance operation (usually 2 hours)
• The date/time for the next scheduled maintenance is shown on the OCI Console page for each instance
• Currently, users cannot change the patching schedule

For ADB-Dedicated:

• Oracle is responsible for all software update operations
• Database is continuously available to application
  –> Updates applied rolling across RAC nodes and Exadata storage servers
  –> Applications using Application Continuity best practices run without interruption
• Quarterly updates of all components (on-demand for critical security issue)
  –> Firmware, OS, Storage, Network, Hypervisor, Clusterware, Database
• Updates are automatically scheduled based on customer preferences
  –> Customers can adjust timing to accommodate critical business periods
  –> Deploy new versions on !PRD before PRD
  –> Avoid updates during peak periods (e.g. month-end)
  –> Control upgrade to confirm to application certified version
  –> Customer chooses target software (current or previous RU quarterly update)
  –> Can skip up to 2 quarterely patches
  –> Release Update (RU) is set at the CDB level
  –> Release Update Revision (RUR) is not currently supported

Database features and behaviour

• Administrative interfaces and utilities such as RMAN are not available
• The default data and temporary tablespaces for the database are configured automatically
• Adding, removing, or modifying tablespaces is not allowed
• Parallelism is enabled by default. Degree of parallelism for SQL statements is set based on the number of OCPU’s in the system and the database service the user is connecting to. Parallel DML is enabled by default. It is possible to disable parallel DML in your session: ALTER SESSION DISABLE PARALLEL DML;
• Compression is enabled by default. ADB uses Hybrid Columnar Compression for all tables by default. You can also use different compression methods for your tables by specifying the compression clause in your CREATE TABLE or ALTER TABLE commands
• Oracle Database Result Cache is enabled by default for all SQL statements. Changing the result cache mode is not allowed
• Direct access to the database node and local file systems are not allowed
• Database links are supported, both to and from other databases to ADB are allowed
• Calling PL/SQL programs using database links is not supported
• The Java VM (JVM) is not installed in ADB
• ADB uses Unicode AL32UTF8 as the database character set
• Database initialisation parameters are based on the compute and storage capacity you provision. You do not need to set any init parameters to start using your service. But, you can modify some parameters if required.
  • APPROX*
  • NLS*
  • OPTIMIZER* (ADW ignores HINTS by default, ATP honours them)
  • PLSQL_*
  • STATISTICS_LEVEL (only with ALTER SESSION)

ADB Consumer Groups

Run the following SQL to check the resource allocations of your connection session:

SELECT plan, group_or_subplan, mgmt_pl, parallel_degree_limit_pl, parallel_server_limit
FROM DBA_RSRC_PLAN_DIRECTIVES
WHERE group_or_subplan IN ( SELECT resource_consumer_group
FROM v$session
WHERE sid = SYS_CONTEXT(‘USERENV’,’SID’));

Run the following SQL to check the resource allocations of other consumer groups:

SELECT plan, group_or_subplan, mgmt_pl, parallel_degree_limit_pl, parallel_server_limit
FROM DBA_RSRC_PLAN_DIRECTIVES
WHERE group_or_subplan IN (‘TP’,’TPURGENT’,’LOW’,’MEDIUM’,’HIGH’);

Run-Away Query Management

Run-away query limits can be set using ADB Service Console or using CS_RESOURCE_MANAGER package.

Users can specify the following limits for Consumer Groups:
– Statement runtime is greater than
– Amount of I/O is greater than

Statements exceeding the limits will be cancelled, but the session stays connected

By default a pre-defined session idle time limit of 5 minutes is set to prevent idle sessions from holding system resources for a long period of time.

License Management

BYOL Licensing: Provides a significant discount on OCPU/Hour rate

If you run Oracle Database Enterprise Edition and the Multitenant option then your BYOL requirements are as follows:

• For 1-16 OCPUs of Oracle Autonomous Database:
  • For each supported Processor license of Oracle Database Enterprise Edition plus Options: Multitenant, you may activate up to 2 OCPUs of the BYOL Cloud Service
    
  • For every 25 supported Named User Plus licenses of Oracle Database Enterprise Edition plus Options: Multitenant, you may activate 1 OCPU of the BYOL Cloud Service
    
• For 17 OCPUs or more of Oracle Autonomous Database:
  • For each supported Processor license of Oracle Database Enterprise Edition plus Options: Multitenant and Real Application Clusters, you may activate up to 2 OCPUs of the BYOL Cloud Service
    
  • For every 25 supported Named User Plus licenses of Oracle Database Enterprise Edition plus Options: Multitenant and Real Application Clusters, you may activate 1 OCPU of the BYOL Cloud Service

Application Continuity

Note: By default Application Continuity is disabled.

Application Continuity masks outages from end users and applications by recovering the in-flight work for impacted database sessions following outages. Application Continuity performs this recovery beneath the application so that the outage appears to the application as a slightly delayed execution.

Change the failover type on Autonomous Transaction Processing using the DBMS_CLOUD_ADMIN procedures to enable or to disable Application Continuity. New sessions use the new failover type from the time when you modify the current value.

Enabling Application Continuity requires Oracle Client software version 18.3 (or higher).

If DRAIN_TIMEOUT (in V$SERVICES) has the value 0, this indicates that Application Continuity is disabled.

DBMS_CLOUD_ADMIN.ENABLE_APP_CONT( service_name => ‘nvt21_adb1_high.atp.oraclecloud.com’ );
DBMS_CLOUD_ADMIN.DISABLE_APP_CONT( service_name => ‘nvt21_adb1_high.atp.oraclecloud.com’ );

Use Database Resident Connection Pooling with Autonomous Database

Database Resident Connection Pool (DRCP) in Autonomous Database supports easier and more efficient management of open connections. Using DRCP provides you with access to a connection pool in your Autonomous Transaction Processing database that enables a significant reduction in key database resources required to support many client connections and when the database needs to scale for many simultaneous connections.

When you connect to Autonomous Database you choose one of the following depending on values specified in the tnsnames.ora configuration file:

• A dedicated server process, which services only one user process.
• A pooled server process, obtained from DRCP, which can service multiple user processes.

DRCP is enabled by default; however using DRCP is optional. To choose a pooled connection specify SERVER=POOLED in tnsnames.ora. If you do not specify SERVER=POOLED, you connect with a dedicated connection.

This post is part of a series of blog posts on the Oracle Autonomous Database.

Autonomous Database – REST APIs

• Permit interaction with Oracle ADB cloud services programmatically over REST rather than log into the OCI Cloud Console and click through screens
• A mechanism for developing customized deployment and management scripts that can be saved and reused for deployments, set gold standards, and store entire application infrastructure stacks as version controlled code
• The Oracle Cloud Infrastructure APIs are typical REST APIs that use HTTPS requests and responses and support HTTPS and SSL protocol TLS 1.2
• Calls to Oracle Cloud Infrastructure using REST APIs can be written in popular scripting languages such as node.js, Python, Ruby, Perl, Java, C#, bash or curl
• All OCI API requests must be signed for authentication purposes

The steps to create and sign API requests are:

• Form the HTTPS request (SSL protocol TLS 1.2 protocol required)
• Create the signing string, which is based on parts of the request
• Create the signature from the signing string, using your private key and the RSA-SHA256 algorithm
• Add the resulting signature and other required information to the Authorization header in the request
• You will also need to generate an ssh key pair in the pem format

These avoid using username/passwords (insecure communication of the internet)

Autonomous Database – Using OCI-CLI

• The Command Line Interface (CLI) is a small footprint tool that you can use on its own or with the Shell Console to complete OCI tasks.
• The CLI provides the same core functionality as the Service Console, plus additional commands. Some of these, such as the ability to run scripts, extend the Console’s functionality.
• The CLI is built on Python. The Python code makes calls to OCI APIs to provide the functionality implemented for the various services.
• Preinstalled in OL7 (or download using yum or curl or download from github)

To install and use the CLI, you must have:

• An OCI account
• A user created in that account, in a group with a policy that grants the desired permissions
• A keypair used for signing API requests, with the public key uploaded to Oracle. Only the user calling the API should possess the private key

The Cloud shell will start up a shell console to access your tenancy. It is an ephemeral machine from which you can run OS commands and scripts across your whole tenancy.

$ oci db autonomous-database

Please refer to the documentation for the available commands:

e.g.

change-compartment
create
create-from-backup-id
create-from-backup-timestamp
create-from-clone
create-refreshable-clone
data-safe
deregister
register
delete
disable-operations-insights
enable-operations-insights
fail-over
generate-wallet
get
list
list-clones
manual-refresh
restart
restore
rotate-key
start
stop
switchover
update

This post is part of a series of blog posts on the Oracle Autonomous Database.

The Oracle Autonomous Database (ADB) isn’t really a product or service itself. Rather, it’s an umbrella term that refers to two underlying services: the Autonomous Data Warehouse (ADW) and the Autonomous Transaction Processing database (ATP). The Autonomous Data Warehouse was introduced first in 2017 and to add complexity to the discussion, is often (or was originally) referred to as ADWC where the final “C” in the acronym is for cloud. But for clarity, from this point forward, we’ll refer to the ADB offering as the combination of ATP and ADW.

The next logical question is: what’s the difference between ATP and ADW? The answer is pretty simple: they’re both built on common underlying technology and components but are tuned and optimized differently for different workloads.

The ADW has some Oracle database settings that are tuned for data warehouse workloads. And significantly, the underlying data is stored in the columnar format. Columnar data stores allow for effective reads of large amounts of data at the column level. They’re less effective for transient data and row updates or queries that process many or all table columns.

Not surprisingly, the ATP uses Oracle database settings that are tuned for Online Transaction Processing (OLTP) type workloads that might involve some small tables, reasonably frequent deletes and updates, etc. It uses the more traditional row storage format.

A key aspect of ADB that’s often overlooked is that it’s fundamentally built on known technologies and components. Specifically, Oracle Exadata hardware leveraging software features such as Pluggable Database (PDB) with lockdown profiles to provide tenant isolation and restrict the customer’s ability to see or reach outside of their individual PDB. And a recently announced dedicated version for customers requiring full isolation of the infrastructure.

One can think of the ADB philosophy this way: over recent years (or decades) Oracle has built an elaborate set of hardware and software components for running Oracle databases. Exadata is at the core as their highly performant and scalable hardware. On top of that, they have horizontal scaling and redundancy with Real Application Clusters (RAC) and high availability via Data Guard. Exadata also adds storage redundancy and scalability connected with a high speed Infiniband network and Exadata-specific software allowing this hardware footprint to be used to its maximum potential while ensuring that a “build-your-own” similar system isn’t truly an equivalent. Inside the database they have many “somewhat” automated tuning and query stabilization features. And true multi tenant capabilities through the Container Database (CDB) and pluggable Database (PDB) architecture with resource sharing and governing software to reduce the risk of nosy neighbors hijacking the entire system.

So essentially what Oracle did was package all of these (their most advanced technologies) together, manage them for you (the automation part), add a modest amount of new features, and just make you the customer a consumer of all of this. The customer gets a PDB in an Oracle container database, running on RAC (after a certain number of allocated CPUs), locked down for isolation and security, on an Exadata system that Oracle procured and maintains in their own data center, and with Oracle managing the entire stack. That essentially is ADB. Some are tuned for data warehouse workloads for ADW and others are tuned for OLTP workloads for ATP.

When you create an Autonomous Database, you can deploy it to one of two kinds of Exadata infrastructure:

–Shared: a simple and elastic choice. Oracle autonomously operates all aspects of the database life cycle from database placement to backup and updates.

–Dedicated: a private cloud in public cloud choice. A completely dedicated compute, storage, network and database service for only a single tenant, providing for the highest levels of security isolation and governance.

LIMITATIONS OF THE ORACLE AUTONOMOUS DATABASE

As would be expected with a managed service, there are a number of features and functionality that can’t be used or are limited. This includes things like:

• The ability to change encryption or disable TDE.
• No control over tablespaces.
• No ability to control database instance memory sizes and configurations.
• No control over database initialization parameters.
• Inability to use many Oracle features such as: Java in the Database

In addition, a small number of commands such as CREATE DATABASE LINK or ALTER TABLESPACE are restricted using PDB Lockdown Profiles. However, the service is evolving rapidly and new capabilities are being added regularly.

DO WE STILL NEED A DBA IN AN AUTONOMOUS WORLD?

Short answer: “YES”. While a lot of the general maintenance tasks such as backups, monitoring, checking log files, patching, and quite possibly tuning are offloaded to Oracle, there is still a lot that the DBA needs to do. Your DBAs are still needed to:

• Move your data in and out of ADB.
• Create long-term retention backups/exports as may be required for regulatory or business needs.
• Perform specialized restoration or duplication activities.
• Model and design application schemas.
• Design, implement, and enforce database security (controls).
• Tune and help developers write well-structured queries.
• Manage resource scale and monitor spend.

So there’s still a lot that the DBA is needed for, even in the ADB world. Some of the above may be minimal for commercial, packaged applications and more applicable with custom or in-house developed applications.

WHY WOULDN’T WE WANT TO MOVE INTO ADB?

ADB is an attractive offering for a lot of customers and specific use cases, but as with anything, there are a number of exceptions. Some reasons where ADB may not be a good fit:

• Applications with tight restrictions on the Oracle database release or version.
• Applications that require specialized (known as “one-off”) patches to fix specific problems.
• Databases requiring very specific initialization parameter or tablespace settings.
• Applications that rely on some more advanced Oracle features such as Oracle Spatial or OLAP, for example.
• Workflows that involve logical replication of data (a subset of the entire database) out of the source database using tools such as Oracle GoldenGate.
• Businesses with a high expectation of performance consistency.

To expand on that last point: the mantra of “faster is better” isn’t always true. In the database world, sometimes “consistent” is more important than “fastest”.

Oracle Cloud Infrastructure

• OCI Region – HA Building Blocks
• Multiple fault de-correlated, completely independent data centres
• Region: Has Data Centres (Availability Domain 1, Availability Domain 2, Availability Domain 3)
• Grouping of hardware and infrastructure within an Availability Domain: Fault Domain
• AD1: FD1, FD2, FD3
• Predictable low latency and high speed, encrypted interconnect between ADs

An Autonomous Database is placed on an Exadata System based on region. Placement is invisible to customers except for the region (for Shared). ADB storage is on Exadata Storage Servers directly attached to the Exadata system. Connections to ADB run through connection managers attached to OCI network infrastructure.

Object Storage: Automatic backups (dedicated OCI Storage, cannot be accessed by database users), User backups (user created OCI storage), Staging (flat files, dump files).

Oracle Autonomous Database Attributes

• Self-Driving
  Automates database and infrastructure management, monitoring, tuning

• Self-Securing
  Protects from both external attacks and malicious internal users

• Self-Repairing
  Protects from all downtime during planned maintenance

Allows customers to focus on business goals and not technology.

Self-Driving attributes:
* Rapid provisioning (create mission critical scale-out database in minutes)
* Self scaling
* Automatic tuning (physical schema tuning is not recommended)
* Automatic indexing

Performance resources are allocated proportionally to number of CPUs chosen.
Tables do not need to be partitioned or configured for in-memory. Indexes do not need to be created. Compression does not need to be specified. Machine Learning optimizes database for each workload. Continuously optimizes memory, data formats, indexes, parallelism, and plans for each workload.

ADB autonomously and continuously monitors overall system performance. Scaling up autonomously expands CPU-IO resources by up to 3x. Scaling is an online operation with no downtime to the database or applications.

Backups are scheduled on a nightly basis to OCI Object Storage. Retention time is 60 days by default.

Full stack patching once a quarter, in a rolling fashion across nodes of cluster for availability.

Self-Securing attributes:
* Encryption by default (Transparent Data Encryption is automatically configured)
* Self Patching
* Separation of Duties
* Auditing

Protects from both external and malicious internal threats.

Monitors threats, applies security updates online, stops admin snooping with DB Vault, encrypts all data.

All connections use certificate based authentication and SSL.
Encrypted key stored in a wallet on both the client and the server.
Encryption both for Data at Rest (TDE) & Data in Motion (TLS 1.2).
Database backups are also encrypted.

“Admin” is the default database user and the only privileged user. All other users need to be created and granted privileges. Outside OS calls are not allowed.

“Break glass” function to enable Cloud Operations access. Well-defined procedure (with customer approval) for Oracle Cloud Operations to access the system for exceptional scenarios.

In the cloud, security is a shared responsibility.

Security managed by Oracle:

• Network security and monitoring
• OS and platform security
• Database patches and upgrades
• Administrative separation of duties
• Data encryption by default

Security managed by Customer:

• Ongoing security assessments
• Users & privileges
• Sensitive data recovery
• Data protection
• Actively auditing
• Data Masking and redaction

ADB leverages Oracle Unified Audit to capture security-relevant activity

• Login failures
• Changes to users, including creation of new accounts, grants, privileges, or roles
• Changes to database structures

Oracle Data Safe is a unified control center for your Oracle databases which helps you understand the sensitivity of your data, evaluate risks to data, mask sensitive data, implement and monitor security controls, assess user security, monitor user activity, and address data security compliance requirements.

Self-Repairing attributes:
* Self-healing hardware
* Self-healing software

Recovers automatically from any failure and protects from downtime. 99.95% Service Level Objective

Database Infrastructure for ADB is provided by Exadata. Exadata provides advanced predictive failure capabilities. Unique detection of server failures without a long timeout avoids system hangs. Unique sub-second redirection of IOs around sick devices avoid database hangs.

Exadata environment continuously monitors for failing devices.
e.g. Automatically detects change in disk latency
–> Failing disk is automatically taken offline and database activities redirected to mirror
–> ASM automatically rebalances data off of failing disk to create additional mirror
–> DevOps is notified and fail drive is replaced
–> ASM automatically detects new disk and rebalances data to create additional mirror

Self-healing software: Uses Oracle’s 40 years of experience to build machine learning models. Applies machine learning algorithms and Oracle’s best practices to fully automate database operations. Uses pattern recognition to determine if it’s a known problem.

Cluster Verification Utility, EXAchk, Trace File Analyzer, Memory Guard, etc.

Maximum Availability Architecture: RAC Database, redundant compute, networking, triple mirrored storage, backup