Search

OakieTags

Who's online

There are currently 0 users and 30 guests online.

Recent comments

Oakies Blog Aggregator

Quiz Time. Why Do Deletes Cause An Index To Grow ? (Solution)

OK, time to reveal how a couple of simple deletes can cause an index to double in size. If we go back and look at the tree dump before the delete operation: —– begin tree dump branch: 0x180050b 25167115 (0: nrow: 19, level: 1) leaf: 0x180050c 25167116 (-1: row:540.540 avs:4) leaf: 0x180050d 25167117 (0: row:533.533 […]

Auditing Enhancements (Audit Policies and Unified Audit Trail) in Oracle Database 12c

security_image1_smallA little over a year ago I was at the BGOUG Spring Conference and I watched a session by Maja Veselica about auditing in Oracle Database 12c. At the time I noted that I really needed to take a look at this new functionality, as is was quite different to what had come before. Fast forward a year and I’ve finally got around to doing just that. :)

I’ve tried to keep the article quite light and fluffy. The Oracle documentation on this subject is really pretty good, so you should definitely invest some time reading it, but if you need a quick overview to get you started, my article might help. :)

My 12c learning experience continues…

Cheers

Tim…


Auditing Enhancements (Audit Policies and Unified Audit Trail) in Oracle Database 12c was first posted on June 29, 2015 at 7:12 am.
©2012 "The ORACLE-BASE Blog". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement.

Video Tutorial: XPLAN_ASH Active Session History - Part 6

#333333; font-family: Verdana, Arial, sans-serif; font-size: 13px; line-height: 16.8999996185303px;">The next part of the video tutorial explaining the XPLAN_ASH Active Session History functionality continuing the actual walk-through of the script output.
#333333; font-family: Verdana, Arial, sans-serif; font-size: 13px; line-height: 16.8999996185303px;" />
#333333; font-family: Verdana, Arial, sans-serif; font-size: 13px; line-height: 16.8999996185303px;" />#333333; font-family: Verdana, Arial, sans-serif; font-size: 13px; line-height: 16.8999996185303px;">More parts to follow.

Native Network Encryption and SSL/TLS are not part of the Advanced Security Option

security_image1_smallI had a little surprise the other day. I was asked to set up a SSL/TLS connection to a database and I refused, saying it would break our license agreement as we don’t have the Advanced Security Option. I opened the 11gR2 licensing manual to include a link in my email response and found this.

“Network encryption (native network encryption and SSL/TLS) and strong authentication services (Kerberos, PKI, and RADIUS) are no longer part of Oracle Advanced Security and are available in all licensed editions of all supported releases of the Oracle database.”

I checked the 11gR1, and 10gR2 docs also. Sure enough, it was removed from the Advanced Security Option from 10gR2 onward (check out update below). Check out the 10g licensing doc here, specifically the last paragraph in that linked section.

The documentation on this configuration is split among a number of manuals, most of which still say it is part of the Advanced Security Option. That made me a little nervous, so I raised an SR with Oracle to confirm the licensing situation and file bug reports against the docs to correct the inconsistency. Their response was it is definitely free and the docs are being amended to bring them in line with the licensing manual. Happy days! :)

Lessons learned here are:

  • Skim through the licensing manual for every new release to see what bits are now free.
  • Don’t trust the technical docs for licensing information. Always cross check with the licensing manual and assume that’s got the correct information. If in doubt, raise an SR to check.

As far as the configuration is concerned, I had never written about this functionality before, so I thought I should do backfill articles on it.

The documentation for TCP/IP with SSL/TCP is rather convoluted, so you could be forgiven for thinking it was rocket science. Actually, it’s pretty simple to set up. It was only after I finished doing it I found a reference to the following MOS note.

It would have saved me a lot of bloody time if the documentation included this. I would never have bothered to write the article in the first place!

cloudFor a lot of people, encrypting database connections is probably not that big a deal. If your databases and application servers are sitting behind a firewall in a “safe” part of your network, then why bother?

If there are direct database connections crossing network zones, that’s a different matter! Did anyone mention “cloud”? If you need to connect to your cloud databases from application servers or client tool sitting on-premise, I guess encrypted database connections are pretty high up your list of requirements, or at least they should be. Good job it is free now. :)

It seems I’m not the only person behind the times on this licensing change. The Amazon AWS RDS for Oracle documentation has made the same mistake. I’ve written to them to ask them to correct this page also. :)

Cheers

Tim…

Update: Simon, Jacco, Franck and Patrick all pointed out this licensing change was due to this security exploit. It was made public during 11.2, but the license change was made retrospectively back to 10.2. I don’t feel so bad about it now. :)

Update2: I’ve added a link to the Native Network Encryption stuff, based on the comment by Markus.


Native Network Encryption and SSL/TLS are not part of the Advanced Security Option was first posted on June 27, 2015 at 1:09 pm.
©2012 "The ORACLE-BASE Blog". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement.

The technology community

I remember on a flight to the UKOUG, I was doing what all presenters typically do on a plane.  They enter the cabin with the thought of "OK, I’ll spend most of the flight getting those slides just right".  Then…a set of broadcast advertisements, safety messages, hot face towels, exit row briefings, beverage services, coffee services, and before you know it you’ve burned 2 hours without touching the laptop…and then the meal service starts :-)

Anyway, I digress.  I eventually got the laptop fired up and started flicking through my slides for the 800th time – I suffer from that silliness where if I’m thinking "Hmmm, if replace with ‘database’ with ’12c database’", then this somehow will make a significant improvement for the attendees.  After a while the laptop gives me a little ‘beep’ telling me that battery is low.

I close the lid, and reach into the laptop bag for the power supply….and then the realisation hits me. 

No….power….cable.

Uh oh….I’m heading to UKOUG, with all my content on laptop which is running at 10% battery and I’ve got nothing to charge it with.  Whilst everyone around me are in that state of languor associated with long haul flights, my heart rate has hit 200, the adrenalin has gone from a trickle to a flood, and the sweat beads are forming on my brow.

A hostess stops as she passes by… "It’s OK sir, just a couple of little bumps.  No need to be nervous.  Flying is the safest form of air travel", and gives me a pat on the hand.  It very nearly wasn’t a safe form of travel for her, as at that point I wanted to swat her with my laptop…but I figured that might reduce its charge even further.

6 hours later we land in Birmingham, and even on sleep mode, the laptop has ceased to be.  So I take a taxi to an internet cafe and send out a call for help on some Oracle discussion forums:

 

"In UK, with a 6 year old Dell laptop, no power cable…HELP!"

 

And what happened next changed a nightmare start to a conference, to being an incredibly uplifting one.

Emails came firing back, all being incredible keenness to assist:

 

(from a fellow presenter who I knew)
"I have a universal adapter, and I’m not presenting on Sunday."

(from a fellow presenter who I’d never met)
"I might have one that fits.  What hotel you in, I’ll drop it over to you."

(from a local attendee)
"I’ve called PC-World, they have one that should work – here’s the address"

 

Isn’t that just amazing.

Yes, we all share a technology (Oracle). And we all love it some days, and other days we hate it.  But by and large, its still a group of relative strangers being happy to reach out and assist.  In the end, I got a taxi and PC-world and got an adapter that did the job.  But the importance of community in our technology arena was the lasting lesson from this experience.  Whether it be user groups, conferences, your working departments, communal activities such as the PL/SQL Challenge website, or OTN Community forums, just keep remembering the mantra…

We’re all in this together

 

I’ve recently joined Oracle and a number of friends and colleagues phrased the transition to me as “being on the other side of the fence” or “wrong side of the train track” etc etc.  I find that a little sad – the theory that who you work for dictates the amount that you can contribute to a technology community.  I’m aiming to contribute more rather than less.  And another cool thing with a community, is that if I’m not contributing – they’ll call me out on it.  That way, we all develop.

Friday Philosophy – At What Point Can You Claim a Skill?

I’ve just installed Oracle 12C on my laptop {I know, why only now?}. I went for the option to have a Container database with a pluggable database within it. {It is easy and free to install Oracle on your own home machine – so long as it is for personal use only and you are singed up to OTN (which is also free) }.

12C with pluggable databases (PDBs) is a little different to the last few versions of Oracle as it introduces this whole concept of the Container database that holds portions of the data dictionary and, within that, what we used to think of as Oracle instances plugged in underneath it. It is not *quite* like that – but this post is not about the technical aspects of Oracle 12C multitentant databases. And you will see why.

Whenever something I know well has changed more than a bit, I tend to hit this wall of “Whoa! it’s all changed!”. It isn’t all changed, but sometimes some of the fundamentals, the basics are different. For the last 15 years, once I have my database up and running I will have created my test users and some objects within 10 minutes and be playing away. Not this time. How do you create a user in a multi-tenant DB? How do I tell Oracle to create my users in that PDB? Hang on, how do I even check what I called my PDB? My ignorance is huge.

I popped over to Tim Hall’s site, OracleBase and the section on creating users under multi-tenant Oracle, scanned Bryn Llewellyn’s White Paper on it. A few google searches as well and soon I was there. My standard test to make sure the DB is alive, “select sysdate from dual” – only I altered it to show the PDB:

select SYSDATE from Dual

select SYSDATE from Dual

So I am logged into my working PDB on 12C, I have selected sysdate from DUAL, created my new user. I have used Oracle 12C and multitentant.

Next step?

Update CV to claim 12C expert and experience of Multi-tenant Oracle Database

This is of course a joke on my part.

Sadly, some people would actually do this.

It is something that has always annoyed me and often seems rife in the I.T. industry – people claiming skills or even expertise in something they have barely touched, let alone understood. And often about a thousand miles away from any legitimate claim to Expert. I chortle whenever I see a CV from someone with only 2 or 3 years’ experience of Oracle but list 20 areas they are expert in. Before I throw the CV in the bin.

Maybe part of the issue is that I.T. moves so fast and people feel they need to be seen to be on top of the changes to be worth employing or being listened to. Well, it’s nice to be leading edge – for much of my career I’ve been lucky enough to be exposed to the latest version of Oracle either as soon as it is out or even before (beta programs). But much more important is to have some integrity. Claiming to be an expert when you are not is incredibly dangerous as anyone who really does know the subject is going to suss you out in no time at all. And you will be exposed as a fraud and a liar. Gaining any respect after that is going to be really hard work, and so it should be.

Sadly, you do get the situation where people get away with this sort of deceit, usually by managing to deceive non-technical management but annoying the real technicians around them. Many of us have suffered from this.

This issue of claiming a skill before you had was very common with Exadata when it came out. Lots of people, it seemed, read the white papers, looked at some blogs and maybe saw a couple of talks – and then started talking to people about Exadata as though they knew it inside out. I actually saw a “professional” presentation like this at a conference, on Exadata, where it was soon clear that the presenter had probably never got as far as “select sysdate from dual;” on an exadata box (not that there is any difference for that statement :-) ). I could not help but interrupt and query a statement that was utterly untrue and at that point the presenter checked his “facts” with a more senior member of his company in the crowd. To his shame, the senior member of staff repeated the error of claiming knowledge he also did not have to back the presenter up. Every time I come across that company now, I think of that.

So when can you claim a skill? If you look at my screen shot you will see that I failed to actually log into my PDB database with my new user – #fail. Of course I can’t claim these skills based on reading some information, seeing some talks and all of an hour’s practical experience.

I think you can only claim a skill once you can tell for sure if someone else also has that skill. Or more significantly, tell when they are claiming a skill they lack. Personally, I tend towards not claiming a skill if I doubt my abilities. Don’t worry, my huge ego balances that British self-doubt quite well :-)

I used to give introductory talks on Exadata as I got so tired of the poor information I saw being given on the subject. Also, all the best talks were soon about the details of smart scans, the storage cells and patching. Not much for newbies. Interestingly, even as an intro talk, most times I did the talk I learnt something new in discussions at or after the talk. But I’ve retired that talk now. Why? Well Exadata has moved forward 2 versions since I last used it and 3 since I used it in anger. I could no longer tell you if something someone claimed for V5 of Exadata was true or not. So I am no longer skilled in Exadata.

Only claim skills you have.
Distrust those who claim skills they lack.
Try to teach those who seek your skills – you will only get better for it.

Unique Oracle Security Trainings In York, England, September 2015

I have just updated all of our Oracle Security training offerings on our company website. I have revamped all class pages and added two page pdf flyers for each of our four training classes. In have also updated the list....[Read More]

Posted by Pete On 25/06/15 At 04:36 PM

Oracle Midlands : Event #10

Just a quick heads-up about the next Oracle Midlands event. It’s good to encourage new speakers, so Mike is giving this new, unknown kid a shot at the limelight. I hope you will all come along to show your support.

om10

Cheers

Tim…


Oracle Midlands : Event #10 was first posted on June 25, 2015 at 9:47 am.
©2012 "The ORACLE-BASE Blog". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement.

Quiz Time. Why Do Deletes Cause An Index To Grow ? (Up The Hill Backwards)

OK, time for a little quiz. One of the things I’ve seen at a number of sites is the almost fanatical drive to make indexes as small as possible because indexes that are larger than necessary both waste storage and hurt performance. Or so the theory goes …   :) In many cases, this drives DBAs to […]

Why do people show Azure so much love?

cloudThe title of this post is taken from tweet I saw a few weeks ago and it keeps coming back to haunt me, so I thought I would comment on it.

Let me start by saying I don’t have any context as to why the tweeter thought people were showing Azure so much love. From my perspective, I kind-of like Azure and I think it is what my employer will end up using, but I’m not a crazed fan-boy about it. :)

Also, I fully understand a move to the cloud is not the right thing for everyone, so this post is focused on those people who do want/need to move to the cloud. Just because it is not right for you, it doesn’t mean it’s not right for everyone. So when I’m talking about running services on the cloud, it is not a recommendation. I’m not telling you you’ve got to. I’m speaking about cloud services to try to explain why someone might say something like the title of this post. I’m hoping this paragraph will stem the hate-comments that invariably come when you mention the cloud. :)

Interface

The Azure interface it pretty neat. It’s clean and reasonably intuitive. I’m a casual user, so I can’t say how I would feel about it if I were managing hundreds or thousands of resources, but from my brief time with it, I like it.

I don’t dislike the AWS interface, but it does feel a bit more cluttered and ugly than the Azure interface. I guess that could be enough to put off some people maybe.

Services

Coming from the Oracle world, we tend to think of UNIX/Linux as being the centre of the universe, but if I think back to the companies I’ve worked for over the years, the majority of their kit has been Windows-based, with the exception of the bits I work on. :) Since most corporate desktops are still Windows-based, Outlook, Office and Active Directory tend to rule the roost. If you are thinking of moving those services on to the cloud, Azure seems the “obvious choice”. Am I saying they are the best products and Azure is the best place to run them? No. What I’m saying is it will be seen as the “obvious choice” for many people wanting to move to the cloud.

The same goes with SQL Server. I happen to like the AWS RDS for SQL Server implementation, but I’m guessing a lot of SQL Server folks will get a warmer and fuzzier feeling about running SQL Server on Azure. Lots of decisions in IT are based on gut instinct or personal bias of the buyers, not necessarily fact. I can see how someone will “feel happier” there.

Once the Oracle Cloud becomes generally available, we may see a similar issue there. People may feel happier about running Oracle products on the Oracle Cloud than on AWS or Azure. Time will tell.

What’s under the hood?

This is where cloud really turns stuff on its head. If I want to run a Linux VM, I can do that on AWS, Azure, Oracle Cloud, VMware vCloud Air etc. From my perspective, if the VM stays up and gives me the performance I paid for, do I really care about what’s under the hood? You can be snobbish about hypervisors, but do I care if Oracle are using less hardware to service the same number of VMs as Azure? No. Where infrastructure as a service (IaaS) is concerned, it is all about the price:performance ratio. As I’ve heard many times, it’s a race for the bottom.

Call me naive, but I really don’t care what is happening under the hood of a cloud service, provided I get what I pay for. I think this is an important factor in how someone like Microsoft can go from zero to hero of the cloud world. If they provide the right services at the right price, people will come.

Conclusion

Q: Why do people show Azure so much love?

A: Because it does what it is meant to do. It provides the services certain companies want at a price they are willing to pay. What’s not to love?

Q: So it’s the best cloud provider right?

A: That depends on your judging criteria. No one cloud provider is “the best”. For some people Azure will be the best option. For others it might be the worst.

Cheers

Tim…


Why do people show Azure so much love? was first posted on June 25, 2015 at 7:56 am.
©2012 "The ORACLE-BASE Blog". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement.