Oracle Database Exadata Cloud Do's and Don'ts

Sebastian Solbach
Consulting Member Technical Staff
Oracle Cloud Infrastructure - Oracle Database Service(s)
sebastian.solbach@oracle.com
@s2solbach

Copyright © 2019 Oracle and/or its affiliates.

Safe Harbor

The following is intended to outline our general product direction. It is intended for information purposes
only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code,
or functionality, and should not be relied upon in making purchasing decisions. The development,
release, timing, and pricing of any features or functionality described for Oracle’s products may change
and remains at the sole discretion of Oracle Corporation.

Statements in this presentation relating to Oracle’s future plans, expectations, beliefs, intentions and
prospects are “forward-looking statements” and are subject to material risks and uncertainties. A detailed
discussion of these factors and other risks that affect our business is contained in Oracle’s Securities and
Exchange Commission (SEC) filings, including our most recent reports on Form 10-K and Form 10-Q
under the heading “Risk Factors.” These filings are available on the SEC’s website or on Oracle’s website
at http://www.oracle.com/investor. All information in this presentation is current as of September 2019
and Oracle undertakes no duty to update any statement in light of new information or future events.

Copyright © 2019 Oracle and/or its affiliates.

Agenda

1. ExaCS Overview

2. Networking

3. Sizing/Service/Database Creation

4. Security ü Do’s
5. Maximum Availability Architecture

6. Patching/Maintenance ✖ Dont’s
7. Migrating to the Cloud

8. A Customer Story

Copyright © 2019 Oracle and/or its affiliates.

Exadata Database Machine

Integrated hardware/software
• Ideal database hardware
• Smart system software for Analytics, OLTP and Consolidation
• Superior performance, availability and security
Deployment and consumption models
• Exadata Cloud Service (Public cloud)
• Cloud at Customer (Cloud services behind corporate firewall)
• On-premises (licensed software on Engineered Systems
hardware)
Platform for Oracle Autonomous Database
Oracle Database Exadata Cloud Service
Full Oracle Database with all advanced options
• Oracle Cloud exclusive options like RAC and Active Data Guard
• Oracle Database 11.2.0.4 , 12.1.0.2, 12.2.0.1, 18c and 19c

On fastest and most available database cloud platform

• Highly available and redundant hardware for maximum uptime
• https://www.oracle.com/cloud/iaas/sla.html
• Complete isolation of tenants with no overprovisioning and dedicated hardware

All the benefits of a Public Cloud

• Fast, elastic, web driven or API/CLI provisioning
• Deploy across the world
• No capex monthly subscription
• Start with what you need, scale anytime
Oracle Database Exadata Cloud Service
X7 Exadata Specs Base Quarter Half Full
CPU and Memory CPU: 0 – 48 CPU: 0 – 92 CPU: 0 – 184 CPU: 0 – 368
Memory: 720 GB Memory: 1440 GB Memory: 2880 GB Memory: 5760 GB
Compute/Storage Nodes 2/3 2/3 4/6 8/12
Storage Type Exadata
Flash Storage 38.4 TB 76.8 TB 153.6 TB 307.2 TB
Max DB Size 59.8 TB 85.5 TB 171.1 TB 342.1 TB
Scaling CPU Scaling
High Availability RAC
Backups Automatic (Incremental) as well as On Demand (Full)
Disaster Recovery Data Guard
Patching User Controlled
Versions 11.2,12.1, 12.2, 18c, 19c Extreme Performance Editions
Licensing BYOL or License Included

6
ExaCS Responsibilities

Databases • Customer invokes Oracle Automation for DB and VM

DomU lifecycle operations
• Automated: create, delete, patch, backup, scale up/down …
Hypervisor • Runs all supported Oracle Database versions 11.2.0.4 to 19c
• Only Customer has DomU & DB administrator credentials
• Customer can install and manage additional software in DomU

Internal Fabric
• Oracle owns, manages, and controls hypervisor, DB
Storage servers, storage servers, InfiniBand network.
• No customer access
Storage

7 Copyright © 2019 Oracle and/or its affiliates.

Which Documentation ?
• Oracle Cloud Infrastructure Documentation?
https://docs.cloud.oracle.com/iaas/Content/Database/Concepts/exaoverview.htm
• Oracle Exadata Cloud Service Documentation?
https://docs.oracle.com/en/cloud/paas/exadata-cloud/index.html
• Oracle Exadata Documentation?
https://docs.oracle.com/en/engineered-systems/exadata-database-machine/
• Oracle Datenbank Dokumentation?
https://docs.oracle.com/en/database/oracle/oracle-database/index.html

Copyright © 2019 Oracle and/or its affiliates.

Networking
Do
ü Deploy in Private Subnets (1 VCN with 2 Subnets)
ü Use the Default VCN Resolver
ü Create Network Security Groups and/or Security List
ü Open Ports only for Midtier & DB Clients
ü Use Service Gateway to Object Storage
ü Deploy fast connect / IP Sec for connectivity
ü Plan VCNs for Cross Regional connectivity (VCN Peering)

Don’t
✖ Use 192.168.X.X as your CIDR block
✖ Mix other infrastructure (e.g. App servers) in the ExaCS Subnets
✖ Leave ports open
https://docs.cloud.oracle.com/iaas/Content/Database/Tasks/exanetwork.htm

Copyright © 2019 Oracle and/or its affiliates.

Sizing/Service/Database Creation
Do Don’t
ü Look at on-premises AWRs and ✖ Forget about Query Offloading
Workloads ✖ Purchase for peak loads
ü Calculate the storage you need
✖ Include system/oracle/
ü Include growth welcome in passwords
ü Monitor Space (FS, DATA, FRA)
✖ Use malformed SSH Keys
ü Scale to larger Shapes with Data Guard
ü Check Grid Infrastructure Version ✖ Scale down to less than 3
OCPUs per node
ü Consolidate: IORM/DBRM/Shared
Homes/CDBs ✖ Use DBCA

ü Always use the UI/API/CLI

ü Choose correct Licensing!

Copyright © 2019 Oracle and/or its affiliates.
Limits & Placement
• Customers get ”a” Limit
• Unlike Compute
Exadata Capacity is
restricted
• Request ExaCS limit first
• Especially for Full/Half
specific AD will be assigned
• Plan in advance for DR
within Region/across Region
Setting Up Exadata (OCI Controlplane)
• How oci db system launch
• Console
--availability-domain, --compartment-id, --cpu-core-
• OCI CLI count, --hostname, --shape, --subnet-id, --backup-
• Terraform subnet-id, --cluster-name, --display-name, --domain, --
sparse-diskgroup, --database-edition, --admin-password,
• SDK --db-name, --db-version, --ssh-authorized-keys-file ...

• Functions
• Created/Terminated
• Scale Up/Down
• Create/Delete DB/DBHome
• Near Future: Move Database / Patching

Confidential – Oracle Internal/Restricted/Highly Restricted

Security
Do Don’t
ü Control access: ✖ Use Password based
ü Policies and Groups (OCI IAM) authentication on OS users
ü Enable AIDE on the OS (OL 7) ✖ Alter OS level files
ü Secure the VCN ✖ Add unneeded RPMs
ü Enhance Security with ✖ Change DB_Wallet location
ü Data Safe / DBSAT
✖ Use 0.0.0.0/0 in a network
ü DB Vault
security rule
ü RotateKeys and Passwords
✖ Change Listener Port
ü Encrypt Tablespaces
✖ Add a Listener
ü Secure SQL*Net over 1521 (TLS)

Copyright © 2019 Oracle and/or its affiliates.

Maximum Availability Architecture (MAA)
Do Don’t
ü Create Application Services
ü Enable FAN
✖ Use Default Service or PDB Service for
ü Transaction Guard & Application Continuity
applications connections
ü Backup ✖ Rely on a successful backup without a
ü Configure Automatic Backups restore test
ü Backup Wallet / Keep Wallet Password
ü Periodic Full Backup ✖ Think DR is an IF (It’s a WHEN!)
ü Customize Backup Schedule ✖ Have your DR environment less than
ü Test Restore production
ü Enable Data Guard
ü Cross AD / Cross Region ✖ Disable Backup, Disable Archive Logging or
ü Use same shapes Disable Flashback
ü Practice Fail Over/Switch Back
ü Use SCAN to access database

Copyright © 2019 Oracle and/or its affiliates.

Patching & Maintenance
Do
ü Set OCI Tenant Email to a Distribution List for Maintenance Announcements
ü Enable your applications for Rolling Patching
ü Use Connection Pools & Database Services
ü Transparent Application Continuity
ü Coordinate Infra Patching via. SR
ü Update the Exadata Image & keep Tooling up to date
ü Run Exachk !
ü Continuously Patch the Databases & Grid Infrastructure
ü Have a strategy/plan for patching (DR instance)

Don’t
✖ Forget about Patching ….

Copyright © 2019 Oracle and/or its affiliates.

ExaCS Responsibilities

Databases • Customer invokes Oracle Automation for DB and VM

DomU lifecycle operations
• Automated: create, delete, patch, backup, scale up/down …
Hypervisor • Runs all supported Oracle Database versions 11.2.0.4 to 19c
• Only Customer has DomU & DB administrator credentials
• Customer can install and manage additional software in DomU

Internal Fabric
• Oracle owns, manages, and controls hypervisor, DB
Storage servers, storage servers, InfiniBand network.
• No customer access
Storage

16 Copyright © 2019 Oracle and/or its affiliates.

Migrating Databases to the Cloud
Do
ü Use Oracle Zero Downtime Migration
ü Directly create Cloud Database
ü From OnPremise DB (www.oracle.com/goto/maa)
ü From Backup in Object Storage Hybrid Data Guard to Exadata Cloud Services -
ü Ensure Patch compatibility Production Database on Premises and
ü Plan to move to Multitenant Disaster Recovery with OCI Exadata Cloud
ü Use following movement options: Services
ü Fast Connect
ü IPSec
ü Data Transfer Appliance
ü Public Internet (use network encrpytion!)

Don’t
✖ Copy over Public Internet without network Encryption
✖ Use unencrypted Backup
Metadata Service
• Every OCI Instance has a Metadata Service
curl -H "Content-Type: application/json" -X GET
"http://169.254.169.254/opc/v1/vnics/"
[ {
"vnicId" : "ocid1.vnic.oc1.eu-frankfurt-1.abtheljsxvhe6...",
"privateIp" : "10.170.3.2",
"vlanTag" : 0,
"macAddr" : "90:e2:ba:d6:f1:84",
"virtualRouterIp" : "10.170.3.1",
"subnetCidrBlock" : "10.170.3.0/24",
"nicIndex" : 0
} ]

18
Summary
• Plan ahead:
• Network and Setup (”Redo” is time consuming and can be expensive)
• Scaling: While you can scale, make sure fixed values are calculated
(Storage, Network etc.)
• Cloud is secure, but don’t take security ”lightly”
• Follow MAA (Rolling Patching) to get the most out of your ExaCS
Service
• Use Control Plane wherever applicable, fall back to CLI is
necessary
• Configure Events ….

Copyright © 2019 Oracle and/or its affiliates.

Information
• OCI Exadata Documentation:
• https://docs.cloud.oracle.com/iaas/Content/Database/Concepts/exaoverview.htm
• https://docs.cloud.oracle.com/iaas/Content/Database/Tasks/exanetwork.htm

• MOS Notes:
• Exadata Cloud Service in OCI Best Practices (Doc ID 2570952.1)
• Oracle Database Cloud Exadata Service Supported Software Versions and Planning for
Updates (Doc ID 2124174.1)
• How to update the Exadata System Software (DomU) to 19 from 18 on the Exadata Cloud
Service in OCI (Doc ID 2521053.1)
• How to update the Exadata System Software (DomU) on the Exadata Cloud Service in OCI
(19.x to 19.x) (Doc ID 2566035.1)
• Creating non-CDB databases using Oracle Database 12c on the Exadata Cloud Service (Doc
ID 2528257.1)

• MAA: www.oracle.com/goto/maa

Copyright © 2019 Oracle and/or its affiliates.

Thank You

Sebastian Solbach