Upload
others
View
10
Download
0
Embed Size (px)
Citation preview
CHECO Fall 2007
Oracle 11g Database Update:
Innovating with Oracle
---
Oracle Innovation Showcase: The
Oracle SSN Vault Solution
Austin Laird
Oracle Higher Education
Agenda
• 11g Innovation
• Managing Data and Storage
• Managing Systems and Change with Confidence
• Maintaining Availability and Performance
• Security in the 11g Database
• Advanced Security Option
• Database Vault
• Audit Vault
• A Security Solution for Higher Education
• Protecting PII data with the Oracle SSN Vault Solution
The following is intended to outline our
general product direction. It is intended for
information purposes only, and may not be
incorporated into any contract. It is not a
commitment to deliver any material, code, or
functionality, and should not be relied upon
in making purchasing decisions.
The development, release, and timing of any
features or functionality described for
Oracle’s products remains at the sole
discretion of Oracle.
Continuous Innovation
Oracle 2
Oracle 5
Oracle 6
Oracle 7
Oracle 8
Oracle 8i
Oracle 9i
Oracle 10g
Audit VaultAudit Vault
Database VaultDatabase Vault
Grid ComputingGrid Computing
Automatic Storage Mgmt Automatic Storage Mgmt
Self Managing Database Self Managing Database
XML DatabaseXML Database
Oracle Data GuardOracle Data Guard
Real Application ClustersReal Application Clusters
Flashback QueryFlashback Query
Virtual Private DatabaseVirtual Private Database
Built in Java VMBuilt in Java VM
PaPartitioning Supportrtitioning Support
Built iBuilt in Messagingn Messaging
Object RelationalObject Relational SupportSupport
Multimedia SupportMultimedia Support
Data Warehousing OptimizationsData Warehousing Optimizations
Parallel OperationsParallel Operations
Distributed SQL & Transaction Distributed SQL & Transaction SupportSupport
Cluster and MPP SupportCluster and MPP Support
MultiMulti--version Read Consistencyversion Read Consistency
Client/Server SupportClient/Server Support
Platform PortabilityPlatform Portability
Commercial SQL ImplementationCommercial SQL Implementation
Oracle Grid Infrastructure
Grid Control
Fusion
Middleware
Automatic
Storage
Management
Real
Application
Clusters
Oracle Database 11g Highest Quality R&D
• Over 1500 developers and testers spread across eight development labs around the world
• 479 Development Projects
• Over 235,000 functional tests run daily on a grid of over 2000 processors
• Triple the number of cross-functional tests run versus Oracle Database 10g
• Over 15,000,000 hours of testing
• Exhaustive battery of security tests
Partners Committed to Oracle Database 11g in
Record Numbers
• Partners in Beta Program• 114 ISVs• 65 Sls• 36 Consulting Firms• 20 ASPs• 16 Resellers and 11 OEMs• 350+ Partners have previewed Oracle Database 11g
• Adoption• OEMs to support immediately• ISVs expect support within 3 months of GA• SI’s and Consultants to provide support services in the first 6 months of GA• 3,000-4,000 partners attending Readiness Technical Briefing and Training
• Key Features that Attracted Most Attention• Development Platform• Real Application Testing• Database Automation and Diagnostics• Database Security and Compliance
Agenda
• 11g Innovation
• Managing Data and Storage
• Managing Systems and Change with Confidence
• Maintaining Availability and Performance
• Security in the 11g Database
• Advanced Security Option
• Database Vault
• Audit Vault
• A Security Solution for Higher Education
• Protecting PII data with the Oracle SSN Vault Solution
Automatic Storage Management
• The preferred and best storage
manager for Oracle Databases
• Easier to manage than file systems
• Performance of raw volumes
• Built-in to Oracle database
• Shared storage pool for all databases
• Free, and widely adopted• >65% of 10g RAC deployments on ASM
• >25% of 10g customers already using ASM
• Many VLDB over 10TB
ASM DiskASM DiskASM DiskASM DiskASM Disk
Automatic Storage Management
• Spreads database files evenly
across storage arrays
• Storage arrays can be easily
added or remove
• transparent data redistribution
• Data mirrored across arrays
• Tolerates failure of disks or arrays
New ASM features in Oracle 11g:• ASM Fast Disk Resync
• ASM Preferred Mirror Read
• ASM Rolling Upgrade
• Larger extent, allocation unit sizes
ASM DiskASM DiskASM DiskASM DiskASM Disk
ASM Fast Mirror Resync
Disk again accessible:
Only need to resync modified extents
2
Failure time < DISK_REPAIR_TIME
1• Fraction of time to establish
redundancy
• Only changed blocks are
resync’ed
• Benefits:
• Fast recovery from transient
failures
• Enables pro-active
maintenance
ASM Preferred Mirror Read
Site BSite A
P S
• Allow local mirror read operations
• Eliminate network latencies in extended clusters
• Better performance
Extended Cluster
Rolling Upgrades
and Patches
• Maximizes database availability in a cluster
• How does it work:
• Place cluster in ‘Rolling Migration’ mode
• Bring down ASM on a cluster node
• Upgrade or patch software
• Re-start ASM
• Stop ‘Rolling Migration’ mode
• After upgrading all nodes
Near Unlimited Scalability
• Variable size extents
• grows automatically with
file size
• Benefits
• Increase ASM file size
• Reduce memory
utilization in SGA
• 100% automatic
• 63 disk groups
• 10,000 ASM disks
• 4 petabyte per ASM disk
• 40 exabyte of storage
• 1 million files per disk group
• Maximum file size:
• External redundancy: 140 PB
• Normal redundancy: 42 PB
• High redundancy: 15 PB
• Oracle 9i compresses data only during bulk
load; useful for DW and ILM
• Oracle 11g compresses w/ inserts, updates
• Typical compression ratio of 2x to 3x
• Database directly reads compressed data
eliminating decompression overhead
• Strategy: compress db’s 10 largest tables
• Shrink table data by 50%, increase CPU by
5%
• Savings cascade to all db copies: test, dev,
standby, mirrors, archiving, backup, etc.
Data Compression
for All Applications
Backup data and Network transport
Compression
• Fast RMAN Compression• compresses the backup set contents before writing them to disk or tape
• no extra decompression steps are required during recovery when you use RMAN compression.
• high performance, industry standard compression algorithm
• 40% faster backup compression versus Oracle Database 10g
• suitable for fast, incremental daily backups
• reduces network usage
• Data Guard Network Compression• compression of redo traffic over the network
• improves redo transport performance
• gap resolution is up to 2x faster
Oracle SecureFilesHigh-Performance Large Objects
• High-performance transactionalaccess to large object data• documents, medical, CAD, imaging …
• low-latency, high throughput, concurrent access
• space-optimized storage
• Protect your valuable data .. in the db!• transactions
• transparent encryption
• compression and de-duplication
• database-quality security, reliability, and scalability
• Better security, single view and management of data
• Superset of LOB interfaces – easy migration
Oracle Secure FilesBreaking the Performance Barrier…
Read Performance Write Performance
0 .0 1 0 .1 1 10 10 0
Mb/S
ec
0 .0 1 0 .1 1 10 10 0
Mb/S
ec
File Size (Mb) File Size (Mb)
Secure FilesLinux Files
Secure FilesLinux Files
Growing Data Volumes
Source: 2005 TopTen Program, November 2005 © Winter Corporation, Waltham, MA, USA
0
20
40
60
80
100
1998 1999 2000 2001 2002 2003 2004 2005
Database
Size
(TB)
Size of the largest
data warehouse in
Winter Corp Survey245% increase
from 2003
to 2005!
Information Lifecycle ManagementOptimize storage cost and performance
• Use Flashback Data Archive for long-term storage of “old” data
• Use table, index partitioning to separate data into different tiers
• Use new ILM assistant to establish policies, create scripts
DIGITAL DATA STORAGE
High Performance
Storage Tier
Low Cost
Storage Tier
Online Archive
Storage Tier
Active Less Active
Historical Archive
Offline Archive
Storage Tier
Implementing Oracle ILM
• DefineData
Classes
• Create Storage Tiers for the Data Classes
• Create Data Access and Migration Policies
• Define and Enforce
Compliance Policies
Implementing Oracle ILM
• Manages the ILM environment
• Define Lifecycle Definitions
• Illustrates Storage Costs & Savings
• Manage Compliance & Security
• Calendar of Events
• Advises how to
• Partition a Table
• Generates Scripts to move data when required
• Downloadable from OTN
• Supports Oracle 9i and later
Cost Savings
Migrating Data
Flashback Data ArchiveTotal Data Recall
• Tamper-proof data archive
• Efficient storage and retrieval of undo
• Keep data for months, years, decades!
• Fast access to even very old data
• View data, versions of rows as of any time
• Control data retention time, purging of data
User
Tablespaces
Flashback
Data Archive
Oracle 11g Database
Select * from orders AS OF ‘Midnight 31-Dec-2004’
Changes ArchiveArchive
TablesTables
Flashback Data ArchiveTotal Data Recall
• Access Historical Data –
”AS OF”
• Generate Reports –
“ROW VERSIONS”
• Information Lifecycle
Management (ILM)
• Auditing
• Data Recovery
• Enforce Data Retention
Policies
User
Tablespaces
Flashback
Data Archive
Oracle 11g Database
Select * from orders AS OF ‘Midnight 31-Dec-2004’
Changes ArchiveArchive
TablesTables
Oracle Partitioning10 years of innovation
1M partitions per tableOracle 10g R2
Global hash indexesOracle 10g
Composite range-list partitioningOracle9i R2
List partitioningOracle9i
Hash and composite range-hash partitioningOracle8i
Range partitions, global range indexOracle8
Core functionality
Oracle Partitioning10 years of innovation
1M partitions per tableOracle 10g R2
Global hash indexesOracle 10g
Composite range-list partitioningOracle9i R2
List partitioningOracle9i
Hash and composite range-hash partitioningOracle8i
Range partitions, global range indexOracle8
Core functionality
Partitioning by reference
Virtual column partitioning
New composite partitioning:
range-range, list-range,
list-list, list-hash
New Partitioning
Features• New composite partitioning schemes
• Partition (or index) on virtual (computed) columns
• Partition advisor
• Automatic range partition creation
• Partition by REFERENCE (primary key of parent)
11g11g11gList
8i9i11gRange
HashListRange
New in Oracle Database 11g Automated Partitioning: Interval
JANFEB MAR APR
ORDERS
JANFEB
ORDERS
MAR
JANFEB
INVENTORY
Partitioning
by REFERENCE
Table ORDERS
Jan 2006
... ...
Feb 2006
Table LINEITEMS
Jan 2006
... ...
Feb 2006
• RANGE(order_date)
• Primary key order_id
• RANGE(order_date)
• Foreign key order_id
• Partitioning key inherited through PK-FK relationship
• Avoids redundant storage, maintenance of order_date
• Oracle storage suite built-
out over last decade
• Each component
continuously enhanced to
add more value
• Best of breed in each area
8.0 8i 9i 9.2 10g 10.2 11g
• RMAN
• Data Guard
• Flashback
• XML DB, ILM, Compression
• ASM, RMAN Disk Backup
• Oracle Secure Backup, Encryption
• Secure Files
Oracle’s Storage Strategy –
Sustained Innovation
Well-tunedSQL & Schema
Partitioning Advisor
• Considers entire query
workload to improve query
performance
• Advises on partitioning
methods
• Range (equal-interval), range
key and interval
• Hash, hash key
• Integrated, non-conflicting
advice with Indexes, MVs
SQL Workload
Packaged
Apps
Custom
Apps
SQL Advisor
SQL Plan
Tuning
SQL
Structure
Analysis
Access
Analysis
SQL
Profile
SQL
Advice
Indexes
& MVs
Partition
Analysis
Partition
Advice
New!
Agenda
• 11g Innovation
• Managing Data and Storage
• Managing Systems and Change with Confidence
• Maintaining Availability and Performance
• Security in the 11g Database
• Advanced Security Option
• Database Vault
• Audit Vault
• A Security Solution for Higher Education
• Protecting PII data with the Oracle SSN Vault Solution
Lifecycle of Change Management
Make Change
Set Up TestEnvironments
Test
Diagnose & Resolve
Problems
Preserve Order Amid Change
Patches & Workarounds
Diagnose Problems
Provision for Production
Real Application Testing
Database Replay
Realistic Testing
• Recreate actual production database workload
• Capture production workload incl. concurrency
• Replay workload in test with production timing
• Analyze & fix issues before production
Middle Tier
Capture DB Workload
Storage
OracleDB servers Replay DB
Workload
ProductionEnvironment
Test (RAC) Environment`
SQL Performance Analyzer
CaptureSQL
Storage
OracleDB servers
ExecuteSQL
Queries
ProductionEnvironment
Test (RAC) Environment`
Realistic Testing• Test impact of change on SQL performance
•Capture SQL incl incl. statistics & bind vars
• Re-execute SQL in test environment
• Use SQL Tuning Advisor to seed SQL plans
SPA Report
Automatic Diagnostic WorkflowDiagnostic Repository
Apply patch / workaround
Use Repair Advisors
If unknown issue
Package incident &config
Use Repair Advisor
Auto Incident Creation
First-Failure Capture
Alert DBA
Run Health Checks
Reduce Time to Problem Resolution
Error!
Check Metalink
If known issue
EM Support Workbench
Package details and IPS in EM
Online Patching of One-off Patches
• Patch a running Oracle instance with no downtime• Many one-off patches can be online patched
• Subset of RAC online upgradeable patches
• Great for diagnostic patches
• Enable, disable and de-install one-off patches with no downtime• Integrated with OPatch and inventory
• Initially available on Linux and Solaris
• Long term goal is online patching of Critical Patch Updates (CPUs).
Agenda
• 11g Innovation
• Managing Data and Storage
• Managing Systems and Change with Confidence
• Maintaining Availability and Performance
• Security in the 11g Database
• Advanced Security Option
• Database Vault
• Audit Vault
• A Security Solution for Higher Education
• Protecting PII data with the Oracle SSN Vault Solution
Agenda
• 11g Innovation
• Managing Data and Storage
• Managing Systems and Change with Confidence
• Maintaining Availability and Performance
• Security in the 11g Database
• Advanced Security Option
• Database Vault
• Audit Vault
• A Security Solution for Higher Education
• Protecting PII data with the Oracle SSN Vault Solution
The Availability Challenge
System
Changes
Data
Changes
Planned
Downtime
Storage Failure
Human Error
Corruption
Site Failure
Server
FailuresUnplanned
Downtime Data
Failures
Server Scale-Out with
Real Application Clusters• Great scalability & availability
• Pools standard low cost servers,
improves server utilization
• Runs applications unchanged
• 1000s of production customers
Designed to Tolerate Server Failures
Pool of database
servers
Active/passiveclustered servers
New: 11g fine tunes
performance, scaling,
fail-over, management
Benefits
• Reliability/availability - more reliable as you add systems (vs.
less reliable for shared nothing systems)
• Scalability – new nodes added online without need to move data
• Flexibility - systems do NOT have to be identical
• Better usage of hardware
• Application partitioning (ex. new system for OLTP, older for DW,
small system for loading, stats generation, backup, etc)
• Capacity on demand saves money
RAC – Cache Fusion Protocol
• Locality Optimized Fusion Protocol (10.2)
• Oracle detects when most segment accesses are coming from a single instance
• Optimizes access by that instance
• Reader Optimized Fusion Protocol
• Highly read-intensive segments are automatically converted to a reader optimized messaging protocol
• Improved performance for read-intensive workloads
• improves any read from disk (not cache) whether short random reads or large table scans
• Throughput improved up to 70% for internal read-only benchmark
• Long Query Optimized Fusion Protocol
• After all modified cache buffers at start of query are written to disk, no more need for RAC communication
• Direct reads for non-parallel table scans
• Update Optimized Fusion Protocol
• Update block in parallel to readers releasing the block
Error Investigation with Flashback
• Flashback Query
• Query all data at point in time
Tx 1
Tx 2
Tx 3
select * from Emp
AS OF ‘2:00 P.M.’
where …
• Flashback Versions Query
• See all versions of a row
between times
• See transactions that changed
the row
select * from emp
VERSIONS BETWEEN
‘2:00 PM’ and ‘3:00 PM’
where …
Error Correction with Flashback
Correct errors at any level
• Flashback Database – restore database to time
• Flashback Table - restore contents of tables to time
• Flashback Drop – restores a table (and indexes) that have been dropped
Database
Customer
Order
New: Flashback Transaction –
back out transaction and all
subsequent conflicting
transactions
Oracle Data Guard –
Practical Disaster Protection
• Synchronous or asynchronous log shipping
• Corruptions don’t propagate
• Configurable for zero data loss
• Automatic fail over in seconds to standby (10.2)
• Uses far less bandwidth than remote mirroring
• Thousands of production customers
Production
Database
Standby
DatabaseLog
Shipping
Real-Time Query with
Physical Standby
• Previously available with Logical Standby
• Available with Physical Standby in 11.1
• Handles all data types, very fast, simple operation
• Eliminates cost of DR: all hardware used for production
Real-time
Queries
Production
Database
Logical or
Physical
Standby
Database
Continuous
LogShipping
Continuous
Real-Time
Query
Snapshot Standby
• Use Standby Database for
testing and development
• Eliminates cost of DR
• Preserves zero data loss while
in test/dev mode
• But no real time query or fast
failover
Physical Standby Apply Logs
Snapshot Standby Perform Testing
Continuous Redo Shipping
Open
Database
Back out
Changes
Reducing Planned Downtime
for System Changes
• Scaling Servers on Demand
• Add RAC nodes online w/o data movement
• Scaling storage on demand
• Add ASM disks online w/ auto data rebalancing
• Online patching
• RAC rolling upgrades for complex patches, CPUs
• Rolling upgrades w/ standby for patch sets, version
changes
Database
Storage
New: simple one-off patches can be
applied to a running Oracle instance
Data Recovery Advisor
• Diagnoses persistent data failures
• Presents appropriate repair actions
• Intelligently determines plan for recovery, selecting repair option
• Data file restore/recovery, media recovery, Flashback database, etc.
• Validates plan w.r.t. availability of media components required
• Can automatically apply planTime to Repair
Recovery
Investigation and Planning
Reduces Downtime by Eliminating Confusion
Uncertainty and confusionduring an outage causes
delays and errors
Sustain Optimal Performance with
Self-Managing Database
Sto
rage
Backup
Mem
ory
Apps/S
QL
Schem
a
RA
C
Recovery
Replication
Auto-TuningTuning
Advisory
InstrumentationLow Impact
Integrated
Adaptive
Sustain Optimal Performance with
Self-Managing Database
Sto
rage
Backup
�M
em
ory
�A
pps/S
QL
Schem
a
�R
AC
Recovery
Replication
Auto-TuningTuning
Advisory
InstrumentationLow Impact
Integrated
Adaptive
Automatic SQL Tuning
• Captures high-load SQL
• Tunes SQL by creating SQL profiles
• Optionally implements greatly improved SQL plans
• Reports analysis
• Runs runs in maintenance window
Nightly
Well-tunedSQL
SQL Workload
Packaged
Apps
Custom
Apps
Automatic SQL Tuning
SQL
Profiles
SQL
Analysis
Report
Manually implement
Automatic
Memory Tuning
• Automatically adapts to workload changes
• Maximizes memory use efficiency
• Adjusts PGA, SGA, o/s memory
• Single dynamic memory parameter
• Helps eliminate out-of-memory errors
OS Memory
DB Process
Memory
DB Shared
Memory
OS Memory
DB Shared
Memory
DB Process
Memory
Database Result Cache
Table 1
Table 2 Table 3
join
join
Group by
• Automatically caches results of queries, query blocks, or pl/sql function calls• Cache is shared across statements and sessions on server
• Significant speed up for read-only / read-mostly data
• Full consistency and proper semantics
• Cache refreshed when any underlying table updated
query 1executes
Database Result Cache
Table 1
Table 2 Table 3
join
join
Group bycachedresult
• Automatically caches results of queries, query blocks, or pl/sql function calls• Cache is shared across statements and sessions on server
• Significant speed up for read-only / read-mostly data
• Full consistency and proper semantics
• Cache refreshed when any underlying table updated
result iscached
Database Result Cache
• Automatically caches results of queries, query blocks, or pl/sql function calls• Cache is shared across statements and sessions on server
• Significant speed up for read-only / read-mostly data
• Full consistency and proper semantics
• Cache refreshed when any underlying table updated
Table 5 Table 5
join
Table 4
join
Group by
joinquery 2 uses cachedresult transparently
Table 1
Table 2 Table 3
join
join
Group bycachedresult
Database Result Cache
Table 1
Table 2 Table 3
join
join
Group by
Table 5 Table 5
join
Table 4
join
Group by
join
cachedresult
• Automatically caches results of queries, query blocks, or pl/sql function calls• Cache is shared across statements and sessions on server
• Significant speed up for read-only / read-mostly data
• Full consistency and proper semantics
• Cache refreshed when any underlying table updated
query 2 uses cachedresult transparently
Inst 1
• Automatic Database Diagnostics Managers (ADDM) for Real Applications Cluster (RAC)
• RAC expert in a box
• Identifies performance problems for the entire RAC cluster database
• Database-wide analysis of:• Global cache interconnect
issues
• Global resource contention, e.g. IO bandwidth, hot blocks
• Globally high-load SQL
• Skew in instance response times
• Runs proactively every hour when taking AWR snapshots (default)
AWR 1 AWR 2 AWR 3
Inst 2 Inst 3
Self-Diagnostic Engine
Database-Level
ADDM
11g
Instance-Level
ADDM
ADDM for RAC
Agenda
• 11g Innovation
• Managing Data and Storage
• Managing Systems and Change with Confidence
• Maintaining Availability, Performance and Security
• Security in the 11g Database
• Advanced Security Option
• Database Vault
• Audit Vault
• A Security Solution for Higher Education
• Protecting PII data with the Oracle SSN Vault Solution
Data Security: Oracle Products
Identity
Management• Oracle Identity Management
Data
Protection• Advanced Security
• Secure Backup
Access
Control• Database Vault
• Label Security
Monitoring• Audit Vault
• EM Configuration Pack
Core Platform Security
Oracle
Advanced Security
Transparent Data Encryption
• Column level encryption (10gR2)
• Tablespace level encryption
• For encrypting entire application data
• Supports foreign keys and range scan
• LOB encryption
• Master Key protection in hardware using PKCS #11
Oracle Database Vault
• Controls privileged users, enforces separation of duties
• Administrators can’t access application data
• Site-specific controls limit access by any user
DBA
FIN DBA Fin Realm
HR DBA
Fin
HR Realm
HR
HR DBA
CREATE …
Outside business hours
FIN user
SELECT …
Unexpected IP address
Oracle Audit Vault Trust-but-Verify
• Collect and Consolidate Audit Data
• Oracle 9i Release 2 and higher
• Simplify Compliance Reporting
• Built-in reports
• Custom reports
• Detect and Prevent Insider Threats
• Alert suspicious activity
• Scale and Security
• Robust Oracle Database technology
• Database Vault, Advanced Security
• Partitioning
• Lower IT Costs with Audit Policies
• Centrally manage/provision audit settings
10gR210gR1
Oracle 9iR2(Future)
Other Sources,Databases
Monitor Policies
Reports Security
Core Database
Security Enhancements
• Secure configuration by default
• Password management settings
• Audit sensitive administrative operations
• Stronger password verifier
• Passwords are case sensitive
• PKI / Kerberos authentication for super privileged DBAs
1977 2007
Oracle Audit Vault Oracle Database Vault
DB Security Evaluation #19
Transparent Data Encryption
EM Configuration Scanning
Fine Grained Auditing (9i)
Secure application roles
Client Identifier / Identity propagation
Oracle Label Security (2000)
Proxy authentication
Enterprise User Security
Global roles
Virtual Private Database (8i)
Database Encryption API
Strong authentication (PKI, Kerberos, RADIUS)
Native Network Encryption (Oracle7)
Database Auditing
Government customer
Oracle Database Security
Sustained Innovation
• Highest Quality of Service
• Performance
• Scalability
• Availability
• Security
• Lowest Cost
• Easier to Manage
• Reduce risk of change
Agenda
• 11g Innovation
• Managing Data and Storage
• Managing Systems and Change with Confidence
• Maintaining Availability, Performance and Security
• Security in the 11g Database
• Advanced Security Option
• Database Vault
• Audit Vault
• A Security Solution for Higher Education
• Protecting PII data with the Oracle SSN Vault Solution
Data at Rest
Encrypted
and all access
audited
Protecting your most sensitive data: SSN Vault
User
Applications
Student
HR
Financial
Alumni
Portal
Other
Legacy
Fin Aid
Single Sign On
Ora
cle
SSN
Vault
Matc
hin
g Person Data
and SSN
Alt-ID
Transcripts
State Reporting
Benefits Data
1099 Forms
SSN
SSN
SSN
SSN
Access to Sensitive
Data Restricted to
Authorized Users
Alt-ID
Alt-ID
Alt-ID
Alt-ID
Applications Contain Only Alt-ID
SS
N / A
lt-ID
Sw
itchero
o
What are the Advantages of The SSN Vault?
• Actual SSN’s are eliminated in source Systems
• A Single Centralized repository for Actual SSN’s
• Centralized Auditing, Policies, Alerts can be applied
• Encryption and VPD virtually eliminates threat of internal breaches
• Security Policy is tremendously Simplified
• “After initially providing your SSN, never give out your SSN ever again”
• Minimal Modification of existing Applications
• Clear text, 9-digit numeric Alternate ID requires no application modification
• Only (small number) apps/reports that require SSN are affected (i.e. W-2)
• Web Service design minimizes customization effort
• Heterogenous LDAP/Authentication/Authorization support
• Active Directory, eDirectory, SunOne, SiteMinder, SAML, WS-*, etc
The Oracle Technology that SSN Vault Solution is built on:
• Oracle Services Oriented Architecture Suite
• Oracle Database EE
• Oracle Database Advanced Security Option
• Oracle Database Vault
• What components
• Required
• ESB, BPEL (*), OWSM
• VPD, TDE(*)
• Optional
• Data Vault*, Audit Vault
• Key SOA Standards
• Oracle Integration / SOA Platform
• Adapters, ESB, OWSM, BPEL, BAM, Rules
• SOA Order Booking Demo
– ESB, BPEL, Rules, BAM
• Optional:
– Security / Oracle Web Services Manager
SOA, Web services, BPEL and 100% standard integration
approaches extend the reach of the application server
platform to service-based, process-centric applications.
The Oracle SOA Platform
Evolution of Oracle SOA
Portlet Web
Services (WSRP)
Web Services
Support
2000 2001 2002 20042003 20062005
BPEL Process
Manager
J2EE 1.4 Standard
Web Services
WSDL, UDDI, Development Tools,
Expanded Web Services Platform
Service
Registry
Web Services
Manager, BAM
SOA Suite
ESB
BPA
Suite
2007
Oracle
Data
Integrator
Stellent
Doc Mgmt,
Image Proc
Tangosol
…
WSDL/WSIF
XML/XML Schema
SOAP JCA JMS
BUSINESS SERVICES
More Interoperable
ERP/Legacy Apps
Custom Apps& Services
Web services
Key SOA Standards
Process FlowLogic
XSLT/XQuery
BPEL
More Adaptable
PROCESS ORCHESTRATION
WSRP, JSR-168
USER INTERFACE
Struts/JSF
Portal
Web Application
API
WS
Richer Experience
PKIDashboards
BAM
MONITORING
JMX
Fusion Effect
WS-Security
SERVICE BUS
SecurityReliabilityLoggingFailover
Dynamic Routing
WS-Policy, SAML
Web Services Mgmt
The Oracle SOA Technologies
J2EE Application Server
Oracle AS, JBoss, WebLogic, WebSphereMessaging
Metadata
Repository
DATA SERVICES &
CONNECTIVITY
Apps
AdaptersAdapters
Partners
B2BB2B
RFID
SESSES
DB Bulk
ODIODI
ETL
Multi
ProtocolRouting
XSLT
Transform
Enterprise Service BusEnterprise Service Bus
Native
BPEL
Business
Rules
Human
Workflow
BPEL Process ManagerBPEL Process Manager
ROUTING &
ORCHESTRATION
Discovery
Policies
Management
Security
Web Services Web Services ManagerManager
RegistryRegistry
GOVERNANCEEvents AnalyticsBusiness
Monitoring
System
Monitoring
Enterprise Enterprise ManagerManager
BAMBAM BIBI
MANAGEMENT
&
MONITORING
App Dev
Framework
JDeveloperJDeveloper
Analyst
Tools
BPA SuiteBPA Suite
Oracle SOA Platform Drill-down
• JDeveloper
• Complete IDE, J2EE, Web services, Supports WSIF Bindings
• Adapters
• Connectivity to 300+ back-end systems, visual design, JCA
• Oracle ESB
• Messaging, connectivity and data distribution
• Oracle Web Services Manager
• Service intermediation, security and policy management
• Oracle BPEL PM
• Standards based orchestration, workflow management
• Oracle BAM
• Application Monitoring, SLA, KPI management
• Oracle Business Rules
• Engine, repository, rules editor
• Oracle App Server
• Full featured J2EE deployment, scalability, reliability, HA
Some of the Adapters Available for Oracle SOA Suite…
Databases Oracle 8i and above
IBM DB/2
Informix
Clarion Clipper
Cloudscape DBASE
Dialog Essbase
FOCUS Data Access
Great Plains Microsoft SQL Server
MUMPS (Digital Standard MUMPS) Navision Financials (ODBC 3.x) Nucleus Paradox
Pointbase PROGRESS
Red Brick RMS
SAS Transport Format Sybase
Teradata
Unisys DMS 1100/2200 UniVerse
Applications Oracle Applications
SAP R/3, mySAP Peoplesoft
JD Edwards Siebel
Clarify Lotus Notes
Ariba
AXIOM mx/open Baan
BroadVision Clarify
Commerce One Hogan Financials
i2 Technologies Lawson
Livelink Manugistics
Microsoft CRM
Vantive Walker Interactive
Remedy Salesforce.com
Technology SOAP
HTTP, HTTP-S
Email – POP3, SMTP, IMAP
FTP, FTP-S
Flat Files
JMS
Oracle AQ
IBMMQSeries
TIBCO Rendezvous
Socket
Legacy CICS IMS/DB
IMS/TM VSAM
ADABAS
Natural Tuxedo
CA-Datacom Screen Scraping
CA-IDMS C-ISAM,D-ISAM,K-SAM,
QSAM
Oracle ESB: Component Architecture
• Components
– Integrated Designer
– Rich Monitoring Console
– JCA Adapters
– Routing Service
• XPATH Filter Expressions
• XSL Transformation
– Metadata Repository/Server
• Features
– Content Based Routing
– Enterprise Messaging - OEMS
– Native XML and Web Services
– Multi Transport Fabric
• Usage Patterns
– Point to Point
– Canonical Modeling
– Store and Forward
– Request/Response
– Externalized Services
Enterprise Service Bus
fx
BPEL BAMPortlets Web UI
MDS
UDDI
ESB
Console
Composite Applications, Portals, BI and BAM
JCA
SAPJAX
SOAP JMS
Mainframe
In Memory
Java
B2B
TradingPartner
Security
Policies
The Oracle BPEL Process Manager
Process Console
MANAGE
J2EE Application Server
(Oracle AS, WebLogic, JBoss, WebSphere)
Core BPEL Engine
BPEL
JDeveloper
BPEL Designer
BPEL Process Manager
Integrated BPM Services
Workflow DecisionService
Sensors
Dehydration Store(Oracle Database)
WSDL Binding
File, FTP
Web services
Java, JMS
Database
Apps
Enterprise-strength infrastructure for BPM
• Comprehensive and native
BPEL implementation
• Easy-to-use modeling tool
• Scalable and reliable engine
• Flexible binding framework
• Rich management and
monitoring
• Support for Oracle AS, JBoss,WebLogic and WebSphere
• Get up and running in less than 15 minutes!
BPA Suite
ProcessModeler
Workflow Services
Order Booking SOA DemoFocus on ESB, Rules, Workflow, BPEL
SHOPPING PORTAL
Web Services Interface: XML, SOAP, WSDL, WSIF
EJB 3.0
Customer service
Product
Suppliers
Order DB
Approval
(Rich Workflow)
Notification
Service
Order Booking BPEL PROCESS
receive
Insert Order
end
getCustInfo
SelectMfr RapidMfr
5-15 min
invoke
receive
invoke
receive
Manual
Review
?
Fulfill Order
Notify Cust
ESB
RulesEngine
Rule Author
Rulesrepository
DecisionService
FedEx
USPS
ESB
Operational dashboard
BAM
Single Runtime Infrastructure
BI
ODI
BPA
EDI ebXM
L
HL7 RosettaNet
B2B adapters
SAP SIEBEL
…
CICS
Apps Adapters
Service Infrastructure
Service/Event Delivery API
Business
RulesMediator
ESB
MDS
Registry
SOAP JCA
• Files
• DB
• FTP
• JMS
• AQ
• MQSeries
• TCP
• Oracle
Applications
Policy Manager
Transformation
SESB2B
B2B RFID BAM
BPELHuman
Workflow
SO
A S
uite CEP
BAM
Web Service Management
•Without WSM, policy is hard-coded into each Web Service
• Result is siloed, inconsistent security and management
• A change in enterprise standards = rework of every service
• Higher cost, more fragile, harder to change
• No unified insight into operations across services
Decouples Security and Management
Policies from Service Logic
Oracle WSM Components
BUILD
Policies
ENFORCE
Policies
Deployment as Gateway Process or as
Embedded Agents
MONITOR
Policies
Policy
Manager
Policy
Gateway
Policy
Agents Oracle Enterprise
Manager
Web Services
Key Standards: BPEL and Process Orchestration
Duplicate
Number!
SalesDB start
end
Router
Billing
Standard markup language for composing a set of discrete services
into an end-to-end process flow
• 10+ years of R&D from
MSFT and IBM
• Rich Flow Semantics
• Optimized Bindings (not
just Web services)
• Transformation
•WS-Security
• A Process is a Service
PORTAL
Extended Loan Flow Demo
PORTAL
Web Services Interface: XML, SOAP, WSDL, WSIF
Credit Rating
.NET
Oracle eBusiness
Suite
Async.
Loan Providers
Exception Task
Notification
Service
Operational dashboard
BAM
DecisionService
RulesEngine
Rule Author
Rulesrepository
LOAN FLOW BPEL PROCESS
receive
getPhone
invokeinvoke
select
receivereceive
review
United Loan Star Loan
end
5-15 min
getRating
Oracle Web Services Manager
Securing Processes and Services in a Policy-Oriented Fashion
CreditRating
start
end
Request Offer Request Offer
Receive Offer Receive Offer
Select Lowest Offer?
Handle Negative
Credit Exception
A Typical SOA Application
CreditRating
start
end
Request Offer Request Offer
Receive Offer Receive Offer
Select Lowest Offer?
Handle Negative
Credit Exception
1. Limit who can initiate
processes
<SSN>011-22-4488</SSN>
1. Encrypt SSN
1. Callback has to go
through firewall1. Make sure no other
sensitive data is
unprotected
What Are the Security Requirements?
start
end
Request Offer Request Offer
Receive Offer Receive Offer
Select Lowest Offer?
Handle Negative
Credit Exception
Oracle Web Services Manager
Add Oracle WSM
Gateways/Agents
1. SAML: Role-based access
control• WS-Security: Authentication
& auto-encryption of SSN in
XML message
• Web services
Management: Service
virtualization in DMZ
• WS-Policy: System-wide service
auditing
Oracle’s BPM Approach
• Complete Service Oriented Architecture platform for full BPM innovation cycle
• 100% standard process models
• Shared model between analysis, execution and monitoring
• Provide choice of modeling tools to customers– OEM leading BPA tool
– Enhance the logical view of BPEL PM Designer for analysts
– Provide integration with leading BPA tools so that customers can select BPA tool of their choice
Oracle ESB: An ESB Moves Data
ConnectAdapters
Metadata
WS Manager
Security
Apps Events
ConnectConnectAdaptersAdapters
MetadataMetadata
WS ManagerWS Manager
SecuritySecurity
Apps EventsApps Events
EnrichTransformation
Value Mappings
Business Rules
Workflow
System Xref
EnrichEnrichTransformationTransformation
Value MappingsValue Mappings
Business RulesBusiness Rules
WorkflowWorkflow
SystemSystem XrefXref
DistributeProtocol Bus
Messaging
Routing
Interoperability
HA, Scalability
DistributeDistributeProtocol BusProtocol Bus
MessagingMessaging
RoutingRouting
InteroperabilityInteroperability
HA, ScalabilityHA, Scalability
Model, Monitor and Configure Model, Monitor and Configure Model, Monitor and Configure