CHECO 11g Vault copy - checoweb.org...Oracle Database 11g Highest Quality R&D • Over 1500 developers and testers spread across eight development labs around the world • 479 Development

CHECO Fall 2007

Oracle 11g Database Update:

Innovating with Oracle

---

Oracle Innovation Showcase: The

Oracle SSN Vault Solution

Austin Laird

[email protected]

Oracle Higher Education

Agenda

• 11g Innovation

• Managing Data and Storage

• Managing Systems and Change with Confidence

• Maintaining Availability and Performance

• Security in the 11g Database

• Advanced Security Option

• Database Vault

• Audit Vault

• A Security Solution for Higher Education

• Protecting PII data with the Oracle SSN Vault Solution

The following is intended to outline our

general product direction. It is intended for

information purposes only, and may not be

incorporated into any contract. It is not a

commitment to deliver any material, code, or

functionality, and should not be relied upon

in making purchasing decisions.

The development, release, and timing of any

features or functionality described for

Oracle’s products remains at the sole

discretion of Oracle.

Continuous Innovation

Oracle 2

Oracle 5

Oracle 6

Oracle 7

Oracle 8

Oracle 8i

Oracle 9i

Oracle 10g

Audit VaultAudit Vault

Database VaultDatabase Vault

Grid ComputingGrid Computing

Automatic Storage Mgmt Automatic Storage Mgmt

Self Managing Database Self Managing Database

XML DatabaseXML Database

Oracle Data GuardOracle Data Guard

Real Application ClustersReal Application Clusters

Flashback QueryFlashback Query

Virtual Private DatabaseVirtual Private Database

Built in Java VMBuilt in Java VM

PaPartitioning Supportrtitioning Support

Built iBuilt in Messagingn Messaging

Object RelationalObject Relational SupportSupport

Multimedia SupportMultimedia Support

Data Warehousing OptimizationsData Warehousing Optimizations

Parallel OperationsParallel Operations

Distributed SQL & Transaction Distributed SQL & Transaction SupportSupport

Cluster and MPP SupportCluster and MPP Support

MultiMulti--version Read Consistencyversion Read Consistency

Client/Server SupportClient/Server Support

Platform PortabilityPlatform Portability

Commercial SQL ImplementationCommercial SQL Implementation

Oracle Grid Infrastructure

Grid Control

Fusion

Middleware

Automatic

Storage

Management

Real

Application

Clusters

Oracle Database 11g Highest Quality R&D

• Over 1500 developers and testers spread across eight development labs around the world

• 479 Development Projects

• Over 235,000 functional tests run daily on a grid of over 2000 processors

• Triple the number of cross-functional tests run versus Oracle Database 10g

• Over 15,000,000 hours of testing

• Exhaustive battery of security tests

Partners Committed to Oracle Database 11g in

Record Numbers

• Partners in Beta Program• 114 ISVs• 65 Sls• 36 Consulting Firms• 20 ASPs• 16 Resellers and 11 OEMs• 350+ Partners have previewed Oracle Database 11g

• Adoption• OEMs to support immediately• ISVs expect support within 3 months of GA• SI’s and Consultants to provide support services in the first 6 months of GA• 3,000-4,000 partners attending Readiness Technical Briefing and Training

• Key Features that Attracted Most Attention• Development Platform• Real Application Testing• Database Automation and Diagnostics• Database Security and Compliance

Agenda

• 11g Innovation






• Database Vault

• Audit Vault



Automatic Storage Management

• The preferred and best storage

manager for Oracle Databases

• Easier to manage than file systems

• Performance of raw volumes

• Built-in to Oracle database

• Shared storage pool for all databases

• Free, and widely adopted• >65% of 10g RAC deployments on ASM

• >25% of 10g customers already using ASM

• Many VLDB over 10TB

ASM DiskASM DiskASM DiskASM DiskASM Disk

Automatic Storage Management

• Spreads database files evenly

across storage arrays

• Storage arrays can be easily

added or remove

• transparent data redistribution

• Data mirrored across arrays

• Tolerates failure of disks or arrays

New ASM features in Oracle 11g:• ASM Fast Disk Resync

• ASM Preferred Mirror Read

• ASM Rolling Upgrade

• Larger extent, allocation unit sizes

ASM DiskASM DiskASM DiskASM DiskASM Disk

ASM Fast Mirror Resync

Disk again accessible:

Only need to resync modified extents

2

Failure time < DISK_REPAIR_TIME

1• Fraction of time to establish

redundancy

• Only changed blocks are

resync’ed

• Benefits:

• Fast recovery from transient

failures

• Enables pro-active

maintenance

ASM Preferred Mirror Read

Site BSite A

P S

• Allow local mirror read operations

• Eliminate network latencies in extended clusters

• Better performance

Extended Cluster

Rolling Upgrades

and Patches

• Maximizes database availability in a cluster

• How does it work:

• Place cluster in ‘Rolling Migration’ mode

• Bring down ASM on a cluster node

• Upgrade or patch software

• Re-start ASM

• Stop ‘Rolling Migration’ mode

• After upgrading all nodes

Near Unlimited Scalability

• Variable size extents

• grows automatically with

file size

• Benefits

• Increase ASM file size

• Reduce memory

utilization in SGA

• 100% automatic

• 63 disk groups

• 10,000 ASM disks

• 4 petabyte per ASM disk

• 40 exabyte of storage

• 1 million files per disk group

• Maximum file size:

• External redundancy: 140 PB

• Normal redundancy: 42 PB

• High redundancy: 15 PB

• Oracle 9i compresses data only during bulk

load; useful for DW and ILM

• Oracle 11g compresses w/ inserts, updates

• Typical compression ratio of 2x to 3x

• Database directly reads compressed data

eliminating decompression overhead

• Strategy: compress db’s 10 largest tables

• Shrink table data by 50%, increase CPU by

5%

• Savings cascade to all db copies: test, dev,

standby, mirrors, archiving, backup, etc.

Data Compression

for All Applications

Backup data and Network transport

Compression

• Fast RMAN Compression• compresses the backup set contents before writing them to disk or tape

• no extra decompression steps are required during recovery when you use RMAN compression.

• high performance, industry standard compression algorithm

• 40% faster backup compression versus Oracle Database 10g

• suitable for fast, incremental daily backups

• reduces network usage

• Data Guard Network Compression• compression of redo traffic over the network

• improves redo transport performance

• gap resolution is up to 2x faster

Oracle SecureFilesHigh-Performance Large Objects

• High-performance transactionalaccess to large object data• documents, medical, CAD, imaging …

• low-latency, high throughput, concurrent access

• space-optimized storage

• Protect your valuable data .. in the db!• transactions

• transparent encryption

• compression and de-duplication

• database-quality security, reliability, and scalability

• Better security, single view and management of data

• Superset of LOB interfaces – easy migration

Oracle Secure FilesBreaking the Performance Barrier…

Read Performance Write Performance

0 .0 1 0 .1 1 10 10 0

Mb/S

ec

0 .0 1 0 .1 1 10 10 0

Mb/S

ec

File Size (Mb) File Size (Mb)

Secure FilesLinux Files

Secure FilesLinux Files

Growing Data Volumes

Source: 2005 TopTen Program, November 2005 © Winter Corporation, Waltham, MA, USA

0

20

40

60

80

100

1998 1999 2000 2001 2002 2003 2004 2005

Database

Size

(TB)

Size of the largest

data warehouse in

Winter Corp Survey245% increase

from 2003

to 2005!

Information Lifecycle ManagementOptimize storage cost and performance

• Use Flashback Data Archive for long-term storage of “old” data

• Use table, index partitioning to separate data into different tiers

• Use new ILM assistant to establish policies, create scripts

DIGITAL DATA STORAGE

High Performance

Storage Tier

Low Cost

Storage Tier

Online Archive

Storage Tier

Active Less Active

Historical Archive

Offline Archive

Storage Tier

Implementing Oracle ILM

• DefineData

Classes

• Create Storage Tiers for the Data Classes

• Create Data Access and Migration Policies

• Define and Enforce

Compliance Policies

Implementing Oracle ILM

• Manages the ILM environment

• Define Lifecycle Definitions

• Illustrates Storage Costs & Savings

• Manage Compliance & Security

• Calendar of Events

• Advises how to

• Partition a Table

• Generates Scripts to move data when required

• Downloadable from OTN

• Supports Oracle 9i and later

Cost Savings

Migrating Data

Flashback Data ArchiveTotal Data Recall

• Tamper-proof data archive

• Efficient storage and retrieval of undo

• Keep data for months, years, decades!

• Fast access to even very old data

• View data, versions of rows as of any time

• Control data retention time, purging of data

User

Tablespaces

Flashback

Data Archive

Oracle 11g Database

Select * from orders AS OF ‘Midnight 31-Dec-2004’

Changes ArchiveArchive

TablesTables

Flashback Data ArchiveTotal Data Recall

• Access Historical Data –

”AS OF”

• Generate Reports –

“ROW VERSIONS”

• Information Lifecycle

Management (ILM)

• Auditing

• Data Recovery

• Enforce Data Retention

Policies

User

Tablespaces

Flashback

Data Archive

Oracle 11g Database

Select * from orders AS OF ‘Midnight 31-Dec-2004’

Changes ArchiveArchive

TablesTables

Oracle Partitioning10 years of innovation

1M partitions per tableOracle 10g R2

Global hash indexesOracle 10g

Composite range-list partitioningOracle9i R2

List partitioningOracle9i

Hash and composite range-hash partitioningOracle8i

Range partitions, global range indexOracle8

Core functionality

Oracle Partitioning10 years of innovation

1M partitions per tableOracle 10g R2

Global hash indexesOracle 10g

Composite range-list partitioningOracle9i R2

List partitioningOracle9i

Hash and composite range-hash partitioningOracle8i

Range partitions, global range indexOracle8

Core functionality

Partitioning by reference

Virtual column partitioning

New composite partitioning:

range-range, list-range,

list-list, list-hash

New Partitioning

Features• New composite partitioning schemes

• Partition (or index) on virtual (computed) columns

• Partition advisor

• Automatic range partition creation

• Partition by REFERENCE (primary key of parent)

11g11g11gList

8i9i11gRange

HashListRange

New in Oracle Database 11g Automated Partitioning: Interval

JANFEB MAR APR

ORDERS

JANFEB

ORDERS

MAR

JANFEB

INVENTORY

Partitioning

by REFERENCE

Table ORDERS

Jan 2006

... ...

Feb 2006

Table LINEITEMS

Jan 2006

... ...

Feb 2006

• RANGE(order_date)

• Primary key order_id

• RANGE(order_date)

• Foreign key order_id

• Partitioning key inherited through PK-FK relationship

• Avoids redundant storage, maintenance of order_date

• Oracle storage suite built-

out over last decade

• Each component

continuously enhanced to

add more value

• Best of breed in each area

8.0 8i 9i 9.2 10g 10.2 11g

• RMAN

• Data Guard

• Flashback

• XML DB, ILM, Compression

• ASM, RMAN Disk Backup

• Oracle Secure Backup, Encryption

• Secure Files

Oracle’s Storage Strategy –

Sustained Innovation

Well-tunedSQL & Schema

Partitioning Advisor

• Considers entire query

workload to improve query

performance

• Advises on partitioning

methods

• Range (equal-interval), range

key and interval

• Hash, hash key

• Integrated, non-conflicting

advice with Indexes, MVs

SQL Workload

Packaged

Apps

Custom

Apps

SQL Advisor

SQL Plan

Tuning

SQL

Structure

Analysis

Access

Analysis

SQL

Profile

SQL

Advice

Indexes

& MVs

Partition

Analysis

Partition

Advice

New!

Agenda

• 11g Innovation






• Database Vault

• Audit Vault



Lifecycle of Change Management

Make Change

Set Up TestEnvironments

Test

Diagnose & Resolve

Problems

Preserve Order Amid Change

Patches & Workarounds

Diagnose Problems

Provision for Production

Real Application Testing

Database Replay

Realistic Testing

• Recreate actual production database workload

• Capture production workload incl. concurrency

• Replay workload in test with production timing

• Analyze & fix issues before production

Middle Tier

Capture DB Workload

Storage

OracleDB servers Replay DB

Workload

ProductionEnvironment

Test (RAC) Environment`

SQL Performance Analyzer

CaptureSQL

Storage

OracleDB servers

ExecuteSQL

Queries

ProductionEnvironment

Test (RAC) Environment`

Realistic Testing• Test impact of change on SQL performance

•Capture SQL incl incl. statistics & bind vars

• Re-execute SQL in test environment

• Use SQL Tuning Advisor to seed SQL plans

SPA Report

Automatic Diagnostic WorkflowDiagnostic Repository

Apply patch / workaround

Use Repair Advisors

If unknown issue

Package incident &config

Use Repair Advisor

Auto Incident Creation

First-Failure Capture

Alert DBA

Run Health Checks

Reduce Time to Problem Resolution

Error!

Check Metalink

If known issue

EM Support Workbench

Package details and IPS in EM

Online Patching of One-off Patches

• Patch a running Oracle instance with no downtime• Many one-off patches can be online patched

• Subset of RAC online upgradeable patches

• Great for diagnostic patches

• Enable, disable and de-install one-off patches with no downtime• Integrated with OPatch and inventory

• Initially available on Linux and Solaris

• Long term goal is online patching of Critical Patch Updates (CPUs).

Agenda

• 11g Innovation






• Database Vault

• Audit Vault



Agenda

• 11g Innovation






• Database Vault

• Audit Vault



The Availability Challenge

System

Changes

Data

Changes

Planned

Downtime

Storage Failure

Human Error

Corruption

Site Failure

Server

FailuresUnplanned

Downtime Data

Failures

Server Scale-Out with

Real Application Clusters• Great scalability & availability

• Pools standard low cost servers,

improves server utilization

• Runs applications unchanged

• 1000s of production customers

Designed to Tolerate Server Failures

Pool of database

servers

Active/passiveclustered servers

New: 11g fine tunes

performance, scaling,

fail-over, management

Benefits

• Reliability/availability - more reliable as you add systems (vs.

less reliable for shared nothing systems)

• Scalability – new nodes added online without need to move data

• Flexibility - systems do NOT have to be identical

• Better usage of hardware

• Application partitioning (ex. new system for OLTP, older for DW,

small system for loading, stats generation, backup, etc)

• Capacity on demand saves money

RAC – Cache Fusion Protocol

• Locality Optimized Fusion Protocol (10.2)

• Oracle detects when most segment accesses are coming from a single instance

• Optimizes access by that instance

• Reader Optimized Fusion Protocol

• Highly read-intensive segments are automatically converted to a reader optimized messaging protocol

• Improved performance for read-intensive workloads

• improves any read from disk (not cache) whether short random reads or large table scans

• Throughput improved up to 70% for internal read-only benchmark

• Long Query Optimized Fusion Protocol

• After all modified cache buffers at start of query are written to disk, no more need for RAC communication

• Direct reads for non-parallel table scans

• Update Optimized Fusion Protocol

• Update block in parallel to readers releasing the block

Error Investigation with Flashback

• Flashback Query

• Query all data at point in time

Tx 1

Tx 2

Tx 3

select * from Emp

AS OF ‘2:00 P.M.’

where …

• Flashback Versions Query

• See all versions of a row

between times

• See transactions that changed

the row

select * from emp

VERSIONS BETWEEN

‘2:00 PM’ and ‘3:00 PM’

where …

Error Correction with Flashback

Correct errors at any level

• Flashback Database – restore database to time

• Flashback Table - restore contents of tables to time

• Flashback Drop – restores a table (and indexes) that have been dropped

Database

Customer

Order

New: Flashback Transaction –

back out transaction and all

subsequent conflicting

transactions

Oracle Data Guard –

Practical Disaster Protection

• Synchronous or asynchronous log shipping

• Corruptions don’t propagate

• Configurable for zero data loss

• Automatic fail over in seconds to standby (10.2)

• Uses far less bandwidth than remote mirroring

• Thousands of production customers

Production

Database

Standby

DatabaseLog

Shipping

Real-Time Query with

Physical Standby

• Previously available with Logical Standby

• Available with Physical Standby in 11.1

• Handles all data types, very fast, simple operation

• Eliminates cost of DR: all hardware used for production

Real-time

Queries

Production

Database

Logical or

Physical

Standby

Database

Continuous

LogShipping

Continuous

Real-Time

Query

Snapshot Standby

• Use Standby Database for

testing and development

• Eliminates cost of DR

• Preserves zero data loss while

in test/dev mode

• But no real time query or fast

failover

Physical Standby Apply Logs

Snapshot Standby Perform Testing

Continuous Redo Shipping

Open

Database

Back out

Changes

Reducing Planned Downtime

for System Changes

• Scaling Servers on Demand

• Add RAC nodes online w/o data movement

• Scaling storage on demand

• Add ASM disks online w/ auto data rebalancing

• Online patching

• RAC rolling upgrades for complex patches, CPUs

• Rolling upgrades w/ standby for patch sets, version

changes

Database

Storage

New: simple one-off patches can be

applied to a running Oracle instance

Data Recovery Advisor

• Diagnoses persistent data failures

• Presents appropriate repair actions

• Intelligently determines plan for recovery, selecting repair option

• Data file restore/recovery, media recovery, Flashback database, etc.

• Validates plan w.r.t. availability of media components required

• Can automatically apply planTime to Repair

Recovery

Investigation and Planning

Reduces Downtime by Eliminating Confusion

Uncertainty and confusionduring an outage causes

delays and errors

Sustain Optimal Performance with

Self-Managing Database

Sto

rage

Backup

Mem

ory

Apps/S

QL

Schem

a

RA

C

Recovery

Replication

Auto-TuningTuning

Advisory

InstrumentationLow Impact

Integrated

Adaptive

Sustain Optimal Performance with

Self-Managing Database

Sto

rage

Backup

�M

em

ory

�A

pps/S

QL

Schem

a

�R

AC

Recovery

Replication

Auto-TuningTuning

Advisory

InstrumentationLow Impact

Integrated

Adaptive

Automatic SQL Tuning

• Captures high-load SQL

• Tunes SQL by creating SQL profiles

• Optionally implements greatly improved SQL plans

• Reports analysis

• Runs runs in maintenance window

Nightly

Well-tunedSQL

SQL Workload

Packaged

Apps

Custom

Apps

Automatic SQL Tuning

SQL

Profiles

SQL

Analysis

Report

Manually implement

Automatic

Memory Tuning

• Automatically adapts to workload changes

• Maximizes memory use efficiency

• Adjusts PGA, SGA, o/s memory

• Single dynamic memory parameter

• Helps eliminate out-of-memory errors

OS Memory

DB Process

Memory

DB Shared

Memory

OS Memory

DB Shared

Memory

DB Process

Memory

Database Result Cache

Table 1

Table 2 Table 3

join

join

Group by

• Automatically caches results of queries, query blocks, or pl/sql function calls• Cache is shared across statements and sessions on server

• Significant speed up for read-only / read-mostly data

• Full consistency and proper semantics

• Cache refreshed when any underlying table updated

query 1executes


Table 1

Table 2 Table 3

join

join

Group bycachedresult





result iscached






Table 5 Table 5

join

Table 4

join

Group by

joinquery 2 uses cachedresult transparently

Table 1

Table 2 Table 3

join

join

Group bycachedresult


Table 1

Table 2 Table 3

join

join

Group by

Table 5 Table 5

join

Table 4

join

Group by

join

cachedresult





query 2 uses cachedresult transparently

Inst 1

• Automatic Database Diagnostics Managers (ADDM) for Real Applications Cluster (RAC)

• RAC expert in a box

• Identifies performance problems for the entire RAC cluster database

• Database-wide analysis of:• Global cache interconnect

issues

• Global resource contention, e.g. IO bandwidth, hot blocks

• Globally high-load SQL

• Skew in instance response times

• Runs proactively every hour when taking AWR snapshots (default)

AWR 1 AWR 2 AWR 3

Inst 2 Inst 3

Self-Diagnostic Engine

Database-Level

ADDM

11g

Instance-Level

ADDM

ADDM for RAC

Agenda

• 11g Innovation



• Maintaining Availability, Performance and Security



• Database Vault

• Audit Vault



Data Security: Oracle Products

Identity

Management• Oracle Identity Management

Data

Protection• Advanced Security

• Secure Backup

Access

Control• Database Vault

• Label Security

Monitoring• Audit Vault

• EM Configuration Pack

Core Platform Security

Oracle

Advanced Security

Transparent Data Encryption

• Column level encryption (10gR2)

• Tablespace level encryption

• For encrypting entire application data

• Supports foreign keys and range scan

• LOB encryption

• Master Key protection in hardware using PKCS #11

Oracle Database Vault

• Controls privileged users, enforces separation of duties

• Administrators can’t access application data

• Site-specific controls limit access by any user

DBA

FIN DBA Fin Realm

HR DBA

Fin

HR Realm

HR

HR DBA

CREATE …

Outside business hours

FIN user

SELECT …

Unexpected IP address

Oracle Audit Vault Trust-but-Verify

• Collect and Consolidate Audit Data

• Oracle 9i Release 2 and higher

• Simplify Compliance Reporting

• Built-in reports

• Custom reports

• Detect and Prevent Insider Threats

• Alert suspicious activity

• Scale and Security

• Robust Oracle Database technology

• Database Vault, Advanced Security

• Partitioning

• Lower IT Costs with Audit Policies

• Centrally manage/provision audit settings

10gR210gR1

Oracle 9iR2(Future)

Other Sources,Databases

Monitor Policies

Reports Security

Core Database

Security Enhancements

• Secure configuration by default

• Password management settings

• Audit sensitive administrative operations

• Stronger password verifier

• Passwords are case sensitive

• PKI / Kerberos authentication for super privileged DBAs

1977 2007

Oracle Audit Vault Oracle Database Vault

DB Security Evaluation #19

Transparent Data Encryption

EM Configuration Scanning

Fine Grained Auditing (9i)

Secure application roles

Client Identifier / Identity propagation

Oracle Label Security (2000)

Proxy authentication

Enterprise User Security

Global roles

Virtual Private Database (8i)

Database Encryption API

Strong authentication (PKI, Kerberos, RADIUS)

Native Network Encryption (Oracle7)

Database Auditing

Government customer

Oracle Database Security

Sustained Innovation

• Highest Quality of Service

• Performance

• Scalability

• Availability

• Security

• Lowest Cost

• Easier to Manage

• Reduce risk of change

Agenda

• 11g Innovation



• Maintaining Availability, Performance and Security



• Database Vault

• Audit Vault



Data at Rest

Encrypted

and all access

audited

Protecting your most sensitive data: SSN Vault

User

Applications

Student

HR

Financial

Alumni

Portal

Other

Legacy

Fin Aid

Single Sign On

Ora

cle

SSN

Vault

Matc

hin

g Person Data

and SSN

Alt-ID

Transcripts

State Reporting

Benefits Data

1099 Forms

SSN

SSN

SSN

SSN

Access to Sensitive

Data Restricted to

Authorized Users

Alt-ID

Alt-ID

Alt-ID

Alt-ID

Applications Contain Only Alt-ID

SS

N / A

lt-ID

Sw

itchero

o

What are the Advantages of The SSN Vault?

• Actual SSN’s are eliminated in source Systems

• A Single Centralized repository for Actual SSN’s

• Centralized Auditing, Policies, Alerts can be applied

• Encryption and VPD virtually eliminates threat of internal breaches

• Security Policy is tremendously Simplified

• “After initially providing your SSN, never give out your SSN ever again”

• Minimal Modification of existing Applications

• Clear text, 9-digit numeric Alternate ID requires no application modification

• Only (small number) apps/reports that require SSN are affected (i.e. W-2)

• Web Service design minimizes customization effort

• Heterogenous LDAP/Authentication/Authorization support

• Active Directory, eDirectory, SunOne, SiteMinder, SAML, WS-*, etc

The Oracle Technology that SSN Vault Solution is built on:

• Oracle Services Oriented Architecture Suite

• Oracle Database EE

• Oracle Database Advanced Security Option

• Oracle Database Vault

• What components

• Required

• ESB, BPEL (*), OWSM

• VPD, TDE(*)

• Optional

• Data Vault*, Audit Vault

• Key SOA Standards

• Oracle Integration / SOA Platform

• Adapters, ESB, OWSM, BPEL, BAM, Rules

• SOA Order Booking Demo

– ESB, BPEL, Rules, BAM

• Optional:

– Security / Oracle Web Services Manager

SOA, Web services, BPEL and 100% standard integration

approaches extend the reach of the application server

platform to service-based, process-centric applications.

The Oracle SOA Platform

Evolution of Oracle SOA

Portlet Web

Services (WSRP)

Web Services

Support

2000 2001 2002 20042003 20062005

BPEL Process

Manager

J2EE 1.4 Standard

Web Services

WSDL, UDDI, Development Tools,

Expanded Web Services Platform

Service

Registry

Web Services

Manager, BAM

SOA Suite

ESB

BPA

Suite

2007

Oracle

Data

Integrator

Stellent

Doc Mgmt,

Image Proc

Tangosol

…

WSDL/WSIF

XML/XML Schema

SOAP JCA JMS

BUSINESS SERVICES

More Interoperable

ERP/Legacy Apps

Custom Apps& Services

Web services

Key SOA Standards

Process FlowLogic

XSLT/XQuery

BPEL

More Adaptable

PROCESS ORCHESTRATION

WSRP, JSR-168

USER INTERFACE

Struts/JSF

Portal

Web Application

API

WS

Richer Experience

PKIDashboards

BAM

MONITORING

JMX

Fusion Effect

WS-Security

SERVICE BUS

SecurityReliabilityLoggingFailover

Dynamic Routing

WS-Policy, SAML

Web Services Mgmt

The Oracle SOA Technologies

J2EE Application Server

Oracle AS, JBoss, WebLogic, WebSphereMessaging

Metadata

Repository

DATA SERVICES &

CONNECTIVITY

Apps

AdaptersAdapters

Partners

B2BB2B

RFID

SESSES

DB Bulk

ODIODI

ETL

Multi

ProtocolRouting

XSLT

Transform

Enterprise Service BusEnterprise Service Bus

Native

BPEL

Business

Rules

Human

Workflow

BPEL Process ManagerBPEL Process Manager

ROUTING &

ORCHESTRATION

Discovery

Policies

Management

Security

Web Services Web Services ManagerManager

RegistryRegistry

GOVERNANCEEvents AnalyticsBusiness

Monitoring

System

Monitoring

Enterprise Enterprise ManagerManager

BAMBAM BIBI

MANAGEMENT

&

MONITORING

App Dev

Framework

JDeveloperJDeveloper

Analyst

Tools

BPA SuiteBPA Suite

Oracle SOA Platform Drill-down

• JDeveloper

• Complete IDE, J2EE, Web services, Supports WSIF Bindings

• Adapters

• Connectivity to 300+ back-end systems, visual design, JCA

• Oracle ESB

• Messaging, connectivity and data distribution

• Oracle Web Services Manager

• Service intermediation, security and policy management

• Oracle BPEL PM

• Standards based orchestration, workflow management

• Oracle BAM

• Application Monitoring, SLA, KPI management

• Oracle Business Rules

• Engine, repository, rules editor

• Oracle App Server

• Full featured J2EE deployment, scalability, reliability, HA

Some of the Adapters Available for Oracle SOA Suite…

Databases Oracle 8i and above

IBM DB/2

Informix

Clarion Clipper

Cloudscape DBASE

Dialog Essbase

FOCUS Data Access

Great Plains Microsoft SQL Server

MUMPS (Digital Standard MUMPS) Navision Financials (ODBC 3.x) Nucleus Paradox

Pointbase PROGRESS

Red Brick RMS

SAS Transport Format Sybase

Teradata

Unisys DMS 1100/2200 UniVerse

Applications Oracle Applications

SAP R/3, mySAP Peoplesoft

JD Edwards Siebel

Clarify Lotus Notes

Ariba

AXIOM mx/open Baan

BroadVision Clarify

Commerce One Hogan Financials

i2 Technologies Lawson

Livelink Manugistics

Microsoft CRM

Vantive Walker Interactive

Remedy Salesforce.com

Technology SOAP

HTTP, HTTP-S

Email – POP3, SMTP, IMAP

FTP, FTP-S

Flat Files

JMS

Oracle AQ

IBMMQSeries

TIBCO Rendezvous

Socket

Legacy CICS IMS/DB

IMS/TM VSAM

ADABAS

Natural Tuxedo

CA-Datacom Screen Scraping

CA-IDMS C-ISAM,D-ISAM,K-SAM,

QSAM

Oracle ESB: Component Architecture

• Components

– Integrated Designer

– Rich Monitoring Console

– JCA Adapters

– Routing Service

• XPATH Filter Expressions

• XSL Transformation

– Metadata Repository/Server

• Features

– Content Based Routing

– Enterprise Messaging - OEMS

– Native XML and Web Services

– Multi Transport Fabric

• Usage Patterns

– Point to Point

– Canonical Modeling

– Store and Forward

– Request/Response

– Externalized Services

Enterprise Service Bus

fx

BPEL BAMPortlets Web UI

MDS

UDDI

ESB

Console

Composite Applications, Portals, BI and BAM

JCA

SAPJAX

SOAP JMS

Mainframe

In Memory

Java

B2B

TradingPartner

Security

Policies

The Oracle BPEL Process Manager

Process Console

MANAGE

J2EE Application Server

(Oracle AS, WebLogic, JBoss, WebSphere)

Core BPEL Engine

BPEL

JDeveloper

BPEL Designer

BPEL Process Manager

Integrated BPM Services

Workflow DecisionService

Sensors

Dehydration Store(Oracle Database)

WSDL Binding

File, FTP

Web services

Java, JMS

Database

Apps

Enterprise-strength infrastructure for BPM

• Comprehensive and native

BPEL implementation

• Easy-to-use modeling tool

• Scalable and reliable engine

• Flexible binding framework

• Rich management and

monitoring

• Support for Oracle AS, JBoss,WebLogic and WebSphere

• Get up and running in less than 15 minutes!

BPA Suite

ProcessModeler

Workflow Services

Order Booking SOA DemoFocus on ESB, Rules, Workflow, BPEL

SHOPPING PORTAL

Web Services Interface: XML, SOAP, WSDL, WSIF

EJB 3.0

Customer service

Product

Suppliers

Order DB

Approval

(Rich Workflow)

Notification

Service

Order Booking BPEL PROCESS

receive

Insert Order

end

getCustInfo

SelectMfr RapidMfr

5-15 min

invoke

receive

invoke

receive

Manual

Review

?

Fulfill Order

Notify Cust

ESB

RulesEngine

Rule Author

Rulesrepository

DecisionService

FedEx

USPS

ESB

Operational dashboard

BAM

Single Runtime Infrastructure

BI

ODI

BPA

EDI ebXM

L

HL7 RosettaNet

B2B adapters

SAP SIEBEL

…

CICS

Apps Adapters

Service Infrastructure

Service/Event Delivery API

Business

RulesMediator

ESB

MDS

Registry

SOAP JCA

• Files

• DB

• FTP

• JMS

• AQ

• MQSeries

• TCP

• Oracle

Applications

Policy Manager

Transformation

SESB2B

B2B RFID BAM

BPELHuman

Workflow

SO

A S

uite CEP

BAM

Web Service Management

•Without WSM, policy is hard-coded into each Web Service

• Result is siloed, inconsistent security and management

• A change in enterprise standards = rework of every service

• Higher cost, more fragile, harder to change

• No unified insight into operations across services

Decouples Security and Management

Policies from Service Logic

Oracle WSM Components

BUILD

Policies

ENFORCE

Policies

Deployment as Gateway Process or as

Embedded Agents

MONITOR

Policies

Policy

Manager

Policy

Gateway

Policy

Agents Oracle Enterprise

Manager

Web Services

Key Standards: BPEL and Process Orchestration

Duplicate

Number!

SalesDB start

end

Router

Billing

Standard markup language for composing a set of discrete services

into an end-to-end process flow

• 10+ years of R&D from

MSFT and IBM

• Rich Flow Semantics

• Optimized Bindings (not

just Web services)

• Transformation

•WS-Security

• A Process is a Service

PORTAL

Extended Loan Flow Demo

PORTAL

Web Services Interface: XML, SOAP, WSDL, WSIF

Credit Rating

.NET

Oracle eBusiness

Suite

Async.

Loan Providers

Exception Task

Notification

Service

Operational dashboard

BAM

DecisionService

RulesEngine

Rule Author

Rulesrepository

LOAN FLOW BPEL PROCESS

receive

getPhone

invokeinvoke

select

receivereceive

review

United Loan Star Loan

end

5-15 min

getRating

Oracle Web Services Manager

Securing Processes and Services in a Policy-Oriented Fashion

CreditRating

start

end

Request Offer Request Offer

Receive Offer Receive Offer

Select Lowest Offer?

Handle Negative

Credit Exception

A Typical SOA Application

CreditRating

start

end




Handle Negative

Credit Exception

1. Limit who can initiate

processes

<SSN>011-22-4488</SSN>

1. Encrypt SSN

1. Callback has to go

through firewall1. Make sure no other

sensitive data is

unprotected

What Are the Security Requirements?

start

end




Handle Negative

Credit Exception

Oracle Web Services Manager

Add Oracle WSM

Gateways/Agents

1. SAML: Role-based access

control• WS-Security: Authentication

& auto-encryption of SSN in

XML message

• Web services

Management: Service

virtualization in DMZ

• WS-Policy: System-wide service

auditing

Oracle’s BPM Approach

• Complete Service Oriented Architecture platform for full BPM innovation cycle

• 100% standard process models

• Shared model between analysis, execution and monitoring

• Provide choice of modeling tools to customers– OEM leading BPA tool

– Enhance the logical view of BPEL PM Designer for analysts

– Provide integration with leading BPA tools so that customers can select BPA tool of their choice

Oracle ESB: An ESB Moves Data

ConnectAdapters

Metadata

WS Manager

Security

Apps Events

ConnectConnectAdaptersAdapters

MetadataMetadata

WS ManagerWS Manager

SecuritySecurity

Apps EventsApps Events

EnrichTransformation

Value Mappings

Business Rules

Workflow

System Xref

EnrichEnrichTransformationTransformation

Value MappingsValue Mappings

Business RulesBusiness Rules

WorkflowWorkflow

SystemSystem XrefXref

DistributeProtocol Bus

Messaging

Routing

Interoperability

HA, Scalability

DistributeDistributeProtocol BusProtocol Bus

MessagingMessaging

RoutingRouting

InteroperabilityInteroperability

HA, ScalabilityHA, Scalability

Model, Monitor and Configure Model, Monitor and Configure Model, Monitor and Configure

Documents

CHECO 11g Vault copy - checoweb.org...Oracle Database 11g Highest Quality R&D • Over 1500 developers and testers spread across eight development labs around the world • 479 Development