ww

w.in

l.g

ov

Delivering Oracle(aaS) on a Converged Infrastructure

Success is about people, it’s never about technology

March 29, 2016

Robert Murray, INL Oracle Business Systems Architect

UT Oracle Users Group Conference

Salt Lake City, UT

Anyone wanting a copy of this slide deck, please email me at robert.murray@inl.gov

ENSURING THE NATION'S ENERGY SECURITY

• INL is the nation’s leading center for nuclear energy research and development. INL is part of the U.S. Department of Energy’s complex of national laboratories.

• The laboratory performs work in each of the strategic goal areas of DOE: energy, national security, science and environment.

• INL is the nation’s lead laboratory for nuclear energy research, development, demonstration and deployment and we are engaged in the mission of ensuring the nation’s energy security with safe, competitive and sustainable energy systems and unique national and homeland security capabilities.

• Please visit https://www.inl.gov/about-inl/general-information

Abstract

Delivering Oracle(aaS) on a Converged Infrastructure

This presentation discusses how the Oracle team at the INL is progressing in transforming database deployments into a self service portal using VMware technology.

Background information, cloning, VMDKs, Clusters, datastores, vSphere with Operations Management, vRealize Automation, and more will be discussed including the benefits this transformation brings to the organization and my team.

Part 1 – Background Information

ORACLE BUSINESS SYSTEMS

How do we succeed?

I lead the Oracle team at the INL and we are responsible for storing and delivering information.

A recent INL workshop conducted by the Table Group identified four basic ideas that my team must embrace to be successful in our responsibilities.

This presentation is about …

• Agility – the need for self-service

• Reliability – keeping “it” simple, and

• Innovation – looking “outside the box”

Information is valuable, it is stolen and sold for nefarious purposes. My next presentation is about protecting information at all costs.

• Security

Pre 2013 Situation

• Tight budgets, inadequate support staff, and limited training

• My team was too busy keeping the “wheels on the bus” to drive the bus

• De-moralized staff laying low and collecting paychecks

• Cyber and auditors were on our backs about fixing an ever increasing number of vulnerabilities: database, middleware, application, certs

• Silos focusing on their problems, choosing not to engage with the Oracle team to discuss any impacts their decisions might have on us

• Work packages ignored the Oracle Business Systems

• The majority of our systems were running on legacy technology

• We were paying out huge sums of money on software maintenance that included a large number of de-supported products

• Vendors site visits attempting to sell us more bloatware, shelfware, and costly hardware –not listening to our needs, trying end runs around us

Transformation Challenges

• Fully understand the current state of the Oracle Business Systems and the technologies OBS is built on

• Build an OBS Transformation Roadmap and have it adhere to IM’s core values of: reliability, sustainability, agility, and security

• Have management support the transformation from the top down

• Receive cooperation and support from Customers and the other organizational units

• Re-build and train a motivated work force

• Distinguish OBS from non OBS scope and define appropriate separation of duties

• The OBS reputation impacts the mission of enabling science that matters

• To be given the opportunity to be successful in fixing our situation

Some Useful Tips

• Technology can ease or increase your current work load

• Change (transformation) is always costly in resource, time, and money

• Avoid the analysis/paralysis pitfall, take ownership, and take action

• Believe in the vision, sell the vision, stand tall, and bend in the wind

• Push back on outside sales teams and quickly shutdown end runs

• Cutting edge solutions are usually just as bad as remaining legacy

• Don’t be afraid to say no (you will have to a lot)

• Recognize what is really needed to add value and what does it cost

• Leverage small wins, try to “leap frog” where possible and be careful not to leap too far

• Know the order of things and have a plan, make sure you can complete the mission, i.e. don’t sell what you can’t deliver

Tuckman Stages for the OBS Team (3 years)

Part 2 – Technology Discussion

ORACLE BUSINESS SYSTEMS

2015 – Building a HA Cloud Infrastructure

Simple, Elegant, Magic

http://www.vmware.com/files/pdf/VMware-Distributed-Resource-Scheduler-DRS-DS-EN.pdf

Database HA Cluster with DRS

Middleware HA Cluster with DRS

Live Migration

• VMs are encapsulated in a VMDK

• Hosts in the cluster are connected to the VnX via Fiber-Channel Host Bus Adapters

• The EMC VnX presents storage as LUNs to Vmware clusters

• Production and critical VMDKs are placed on shared clustered datastores

• When VMs are placed on cluster attached storage, they are free to migrate between all available hosts in the cluster (DRS)

• Live migration does not impact the operation of the VM

• This is useful under the following scenarios: host patching, hardware maintenance, hardware failure, and load balancing

• Non production VMDKs are placed on local RAID-5 datastores

• Local datastores do not support live migration

VM Cloning

Review of Technologies

Considered

• Oracle Virtual Compute Appliance, ZFS Appliance

• Oracle VM Infrastructure

• Oracle Real Application Cluster (RAC), Grid, ASM

• Oracle Data Guard

• Multitenant 12c Databases

Deployed

• Converged Hardware: HP, EMC, and Cisco

• Vmware VM Infrastructure

• Vmware HA Cluster with DRS on Shared Datastores

• EMC Data Domain and Isilon

• Single Instance 12c DB

This solution uses proven, less complicated, and more robust technology. The INL has staff experienced in these technologies and training adds to what we already know or fills in gaps. It’s also way less expensive.

DRS – Distributed Resource Scheduler

Part 3 – As a Service

ORACLE BUSINESS SYSTEMS

2016 – Defining the Cloud

• Self-service (aaS) portals for IM’s internal use and IM customers

• Rapid provisioning capability through virtualization, standard builds, and structured deployment processes – Golden Images

• Agile, resilient, and sustainable environment that integrates a continuous process improvement lifecycle into the build process

• Optimum resource utilization with minimal management – Automation

• Public Cloud has a specific function; e.g. Travel Accounting and Recruiting

• Private Cloud also has its specific function; e.g. systems where data is sensitive like Payroll and Human Capital Management

• Bottom line is, what can you safely expose and what must you do your best to secure

2016 – Building Golden Images (using a PeopleSoft example)

VM

No O/S

VM

Oracle

Linux

VM

Hardened

O/S

VM

Oracle DB

Software

VM

Application

Database

Created

VM

Oracle Linux

Server

VM

Oracle MW

Software

VM

Web/App

Installed

PSoft

SAND

DB

PSoft

DEVL

DB

PSoft

TEST

DB

PSoft

PROD

DB

Concept and Process

1. Reduce labor through reuse and recycling

2. Develop and enforce standards

3. Better builds through continuous process improvement

4. Add/remove functionality as needed

5. Apply upgrades, patches, fix vulnerabilities

6. Deploy one or more fully operational PeopleSoft databases < 1 hr

2016 – Oracle Linux UEK(PaaS)

2016 – Oracle DB(PaaS)

2016 – Oracle FMW(PaaS)

2016 – Oracle APEX(PaaS)

2016 – Oracle Forms(PaaS) This platform runs applets within the browser -- this technology is deprecated and is offered to temporarily support legacy application frameworks waiting to be upgraded to APEX, ADF, Google Web Toolkit, or other modern PaaS. Working on javaWS launch via 443.

2016 – Oracle Reports(PaaS) This platform runs applets within the browser -- this technology is deprecated and is offered to temporarily support legacy application frameworks waiting to be upgraded to APEX, OBIEE, or other modern PaaS.

2016/17 – vRealize Automation

• Kick off a Vmware clone of an operating Golden Image

• Manually run post-clone scripts (some examples)

– Change IP Address and Hostname of new VM

– Configure authentication service for new VM with Active Directory

– Register with Oracle Linux for patching, and run YUM update

– Change Data Domain mount point

– Change RMAN crontab start time based on OVM schedule

– Apply applicable PeopleSoft domain changes to database

– Apply PeopleSoft Data Masking script (optional)

– Restart PeopleSoft Web/App tier and purge cache

• To automate the manual process, we need to do the following:

– Upgrade from 5.5 to 6.x

– Deploy vSphere with Operations Management

– Convert from manual scripts to vRealize Automation

2016/17 OBS Offerings

https://www.vmware.com/files/pdf/vcloud/VMware_vRealize_Automation.pdf

Cloud Benefits for OBS Team

• Standard builds – Golden Images

• Workflow automation of most M&O activities

• Easily create disposable test beds for the following :

– Patching and upgrades

– Vulnerability management

– Data masking and tablespace encryption

– O/S hardening and firewall rules

– User acceptance testing

– Role based identity governance

– Simulated disaster and recovery scenarios

• Staffing

– Increased labor efficiencies (building workflows)

– Decrease in M&O hours means more time for documentation, training, and strategic planning

Questions?