delivering pluggable database as a service
TRANSCRIPT
Copyright © 2015, Oracle and/or its affiliates. All rights reserved.
Enterprise Manager 12c
Pete SharmanDatabase Architect, DBaaS EM [email protected]
February 2015
Pluggable Database as a Service
Copyright © 2015, Oracle and/or its affiliates. All rights reserved.
The Obligatory Slide About Me
• 20 years with Oracle
– DBA instructor / Education Centre Manager
– HA Consultant
– Internal services curriculum developer
– North America Sales and Consulting database lead
– RAC Development
– ST Curriculum DBA / EM team
– Product Manager, EM Product Suite
– Database Architect, DBaaS, EM Product Suite
• OakTable member
• Presented at conferences all over the place
• Owner, petewhodidnottweet.com ☺
Copyright © 2015, Oracle and/or its affiliates. All rights reserved.
EM 12c: Broadest, Most Complete Range of Enterprise Services
Infrastructure-as-a-Service
(IaaS)
Infrastructure-as-a-Service
(IaaS)
Oracle VMOracle VM
VM VMVM DB DBDB
Self-Service Application/ APIs
App 1 App3App 2
Java Platform
Database-as-a-Service
(DBaaS)
Database-as-a-Service
(DBaaS)
Java Platform-as-a-Service
(Java PaaS)
Java Platform-as-a-Service
(Java PaaS)
Exadata/non-ExadataExadata/non-Exadata Exalogic/non-ExalogicExalogic/non-Exalogic
Increasing Enterprise Value
Copyright © 2015, Oracle and/or its affiliates. All rights reserved.
Consolidation: DBaaS ArchitecturesEM12c Supports Database Versions 10gR2 to 12c
Virtual Machines
Share servers
Dedicated Schema(s)
Share servers, OS
and database
Increasing Consolidation
Dedicated DBs
Share servers
and OS
Pluggable DBs
Share servers, OS
and database
Copyright © 2015, Oracle and/or its affiliates. All rights reserved.
EM12c DBaaS: Unmatched Architectural Choices
Virtual
MachinesDedicated DB
Dedicated
SchemasPluggable DB
Consolidation
DensityLow-Moderate High Highest Highest
ManagementVery complex (VM
Sprawl)Easy
Easy to Involved
(based on required
resource isolation)
Easy
Isolation Excellent Good Least Good
Implementation
& OnboardingEasy Easy Difficult Easy
Application
SuitabilitySome (workload
dependent)All
Home grown; requires
app validation
All but have to be
certified for
Database 12c
Copyright © 2015, Oracle and/or its affiliates. All rights reserved.
Cloud TaxonomyCloud• Top level entity representing the collection
of all software and hardware resources
allocated to building and delivering a cloud
Zone• A logical grouping of cloud infrastructure
resources based on functional, departmental
or geographic boundaries. Example, Finance
Zone, East Coast Zone
• Separate charge plans may be defined per
zone
• Zones can also be used to enforce access
control
Resource Pool• A logical unit of homogeneous clustered or
non-clustered resources exhibiting common
characteristics. Example, Oracle VM server
Pool, Database Pool
Pool Pool
PoolPool
Pool
Pool
PoolPoolPool
Zone
Zone
Zone
cloud
Copyright © 2015, Oracle and/or its affiliates. All rights reserved.
Additional concepts
• Software Library: A centralized repository of all reusable components/cloud building blocks (scripts, assemblies, templates, profiles, etc.), accessible from all OMSs in an EM installation.
• VM Templates: A VM image that can provision an Operating System image
• VM Assembly: One or more VM images with pre-defined associations and late binding configuration (in OVF format)
Copyright © 2015, Oracle and/or its affiliates. All rights reserved.
Additional concepts
• Profile: A gold image used as a source of subsequent provisioning in DBaaS/MWaaS on physical environments. This could be a DBCA template, RMAN backup or export dump depending on the type of service
• Service Template: Is a standardized service definition that encapsulates the payload (profile) and method of provisioning
• Service Instance: The state of an already deployed service. It can be in “running” or “stopped” state.
Copyright © 2015, Oracle and/or its affiliates. All rights reserved.
Significance of Zones and Pools
• Significance of Zones
– Zones define the infrastructure boundary and can be mapped to logical entities like a department or LOB
– Zones are what Self-Service Cloud user chooses to provisions into
– Chargeback can be associated with zones
– Zones can be used to define access control on physical infrastructure
• Significance of Pools
– Pools define the boundary within which a service is placed using placement policies
– Pools in Oracle VM based IaaS define the boundary of live migration and HA
– Targets within the same member of a pool must share the same downtime. Example: Instances sharing an ORACLE_HOME must be down when the binaries are patched
Copyright © 2015, Oracle and/or its affiliates. All rights reserved.
Infrastructure as a Service (IaaS) using Oracle VM x86
ApplicationApplication
PlatformPlatform
clo
ud U
ser
clo
ud
Pro
vid
er IaaS cloud
• IaaS cloud consists of one or more
Oracle VM zones, which in turn contain
one or more Oracle VM server pools.
• Oracle VM server pool is a clustering
of Oracle VM servers. It provides a
boundary for live migration and fault
tolerance.
Server Pool
OVM Zone
Server Pool
Copyright © 2015, Oracle and/or its affiliates. All rights reserved.
IaaS: Sample Use Cases
Use Case 1: Zones based on Software Lifecycle
IT wants to setup a cloud to allow testers to request Linux machines. It also wants to
allow developers to deploy pre-configured application environments.
Server Pool 1
Dev Zone
Server Pool 2
Solution:
- Provide IaaS cloud with separate
Oracle VM zones for Developers and
Testers
- Setup role-based access so testers
can only access Test Zone and
developers can only access Dev
Zone
- Publish separate application
assemblies for Developers in the
Self Service Portal
IaaS cloud
Test ZoneServer Pool 1
Copyright © 2015, Oracle and/or its affiliates. All rights reserved.
IaaS: Sample Use Cases
Use Case 2: Zones based on LOBs
IT wants to allow business users in the Finance and HR departments to be able to request
Linux machines with various OS versions and configurations. IT wants to charge business
for the resources they consume.
Server Pool 1
Finance Zone
Server Pool 2
Solution:
- Provide IaaS cloud with separate
Oracle VM zones for HR and
Finance department
- Setup separate charge plans for HR
Zone and Finance Zone
IaaS cloud
HR ZoneServer Pool 1
Copyright © 2015, Oracle and/or its affiliates. All rights reserved.
Platform as a Service (PaaS)
ApplicationApplication
Clo
ud U
ser
Clo
ud
Pro
vid
er
PaaS cloud
• PaaS Cloud consists of PaaS Infrastructure Zones.
A PaaS Infrastructure Zone can either be physical or
virtual and comprises the hardware (hosts) that
make the cloud
• A virtual PaaS Zone contains one or more OVM
Zones. This way a PaaS cloud can be built on top of
Oracle VM environments.
• A PaaS Zone can contain Database Pools and/or
Middleware Pools.
• A Database Pool is a collection of homogeneous (4
digit version)
• Single Instance or RAC Oracle Homes
(Database as a Service)
• Single Instance or RAC Databases (for Schema
as a Service)
• A Middleware Pool is a collection of homogeneous
Fusion Middleware Oracle Homes.
Database PoolPaaS Zone
Middleware Pool
PaaS Zone
OVM Zone OVM Zone
Copyright © 2015, Oracle and/or its affiliates. All rights reserved.
PaaS: Sample Use Cases
Use Case 1: Database as a Service (DBaaS)
IT wants to setup a database cloud to allow DBAs to request databases on demand.
There are also some developers in the Finance BU who would like to request database
schemas.
Solution:
- Provide a PaaS cloud with 2 PaaS Zones.
One for DBAs and one for Developers.
- Setup role-based access so DBAs can only
access DBA Zone and developers can only
access Dev Zone using the Self service
portal
- Publish service templates to DBAs can
request database instances and developers
can request individual schemas
PaaS cloud
Database PoolDBA Zone
Database Pool
Database Pool
Dev Zone
Copyright © 2015, Oracle and/or its affiliates. All rights reserved.
PaaS: Sample Use CasesUse Case 2: Schema as a Service
IT wants to setup a database cloud to allow developers to deploy applications. The Pool1
runs 11.2.0.4 Database and accommodates empty schemas for HTMLDB (APEX)
applications while Pool 2 hosts the schemas acting as data-sources for in-house Java
application Solution:
- Provide a PaaS cloud with 2 PaaS Pools.
- Setup role-based access for individual
development groups
- Publish service templates. Service Template
associated with Pool 1 creates empty
schemas while Service Template associated
with Pool 2 creates schemas with seed data
- The databases on the two pools could be
configured with different resource
management configurations, thereby having
different QOS
PaaS cloud
Database Pool 1
Developer Zone
Database Pool 2
Copyright © 2015, Oracle and/or its affiliates. All rights reserved.
PaaS: Sample Use Cases
Use Case 3: Database as a Service (DBaaS) on Exadata
IT wants to setup a database cloud on Exadata to allow developers to request databases
of two different versions on demand.
Solution:
- Treat Exadata as a PaaS Zone
- Create Database Pools by grouping Oracle
Homes on various Exadata compute nodes
- Pool 1: Runs 11.1.0.7
- Pool 2: Runs 11.2.0.3
- Publish service templates into the Self
Service Portal for developers to deploy
database instances in the PaaS Zone
- Setup charge plans based on the zone
Database Pool 1
Compute Nodes
5 -8
Database Pool 2
Compute Nodes
1-4
PaaS ZoneExadata
Copyright © 2015, Oracle and/or its affiliates. All rights reserved.
PaaS: Sample Use Cases
Use Case 4: Middleware as a Service (MWaaS) on Physical infrastructure
IT wants to setup a cloud to allow developers in the Finance LOB to request WebLogic
domains and databases for custom app deployment . Also developers in the HR LOB
want to request WLS domains. Resource usage by each LOB needs to be tracked.
Solution:
- Provide a PaaS cloud with 2 PaaS Zones,
one for each LOB.
- Setup role-based access to both zones.
- Publish MW service templates to the Self
Service Portal
PaaS cloud
Database PoolFinance Zone
MIddleware Pool
MIddleware Pool
HR Zone
Copyright © 2015, Oracle and/or its affiliates. All rights reserved.
PaaS: Sample Use Cases
Use Case 5: Middleware as a Service (MWaaS) on Virtual infrastructure
IT wants to setup a cloud to allow developers and testers to request WebLogic domains
for custom app development. Resource usage for developers and testers needs to be
tracked.
Solution:
- Setup a PaaS cloud that contains one
or more PaaS Zones. Each PaaS
Zone in turn consists of one or more
Oracle VM Zones.
- Allow developers and testers to
access the PaaS Zone through the
Self Service Portal
- Setup charge plan for the PaaS Zone
and meter resource usage for every
tester or developer
PaaS cloud
PaaS Zone
Server Pool 1
OVM Zone 1
Server Pool 2
OVM Zone 2Server Pool 1
PaaS cloud
PaaS Zone
Copyright © 2015, Oracle and/or its affiliates. All rights reserved.
Demo
Copyright © 2015, Oracle and/or its affiliates. All rights reserved.
Pluggable Database as a Service Considerations
• Security Isolation
• Operational Isolation
• Resource Isolation
• Fault Isolation
• Scalability
• High Availability
Copyright © 2015, Oracle and/or its affiliates. All rights reserved.
Security Isolation
• In any consolidated environment, taking the “least privilege” approach will provide the maximum benefit in tightening security.
• In the PDB environment, the effect of granting a privilege or role is contained to the PDB where the grant was made, thus ensuring greater security.
Copyright © 2015, Oracle and/or its affiliates. All rights reserved.
Security Isolation
• At the user level, administrators can be defined in two ways:
– As PDB administrators - have the ability to administer just the pluggable databases they have been granted access to
– As CDB administrators - who can administer all databases within the container database).
– By defining most administrators as pluggable database administrators, security is again tightened.
• The end result is that PDBaaS provides a very high level of security isolation.
Copyright © 2015, Oracle and/or its affiliates. All rights reserved.
Operational Isolation
• Operational isolation requires that any maintenance being performed, on either a database or the environment it operates in, affects the smallest number of other databases in the same pool.
• As more databases are consolidated as pluggable databases into a single container database, it follows that operations that affect an ORACLE_HOME will affect more databases.
– Offset to a certain extent by the ease with which a pluggable database can be unplugged and moved to a different container database. Allows the administrator to move databases very easily in the situation where a container database is being patched and some pluggable databases will not be supported yet in the new release (this can happen when certain applications are only certified against specific database versions, for example).
Copyright © 2015, Oracle and/or its affiliates. All rights reserved.
Operational Isolation
• PDB’s can be both backed up and recovered separately to each other, even recovered to different points in time. This increases the operational isolation significantly.
• Further enhancements in the latest version of the Database Plugin
– Out of place patching for DBaaS, enabling administrators to standardize and maintain the cloud infrastructure by applying both major and minor updates seamlessly.
– Pool patching mechanism that allows process pools to subscribe to database and Grid Infrastructure images.
• New images are automatically deployed to service in the pool, and SSA users or administrators can choose to migrate databases to the new home.
• Enables subscription based, mass scale out of place patching and upgrades with reduced downtime.
Copyright © 2015, Oracle and/or its affiliates. All rights reserved.
Resource Isolation
• Resource Manager has the ability to create a container database (CDB) level plan to determine how resources are shared among the PDB’s in a specific container database. In particular, this CDB level plan can control:
– CPU consumed by the PDB
– Number of concurrent sessions
– Amount of parallelization via the use of parallel server processes
– File I/O, but only in the case of Exadata
• SGA, PGA and network I/O are not controlled by CDB level plans.
Copyright © 2015, Oracle and/or its affiliates. All rights reserved.
Fault Isolation
• When an individual PDB experiences some sort of problem that may impact on other PDB’s in the same CDB, the administrator can easily unplug the suspect PDB and plug it into another CDB where the problem can be resolved in isolation.
– This would be much more complex in the traditional database architecture.
Copyright © 2015, Oracle and/or its affiliates. All rights reserved.
Fault Isolation
• Once a fault has been isolated and resolved, fast recoverability and thus smaller mean time to recover (MTTR) can be improved by:
– Flashback Database
• In the first release of the multitenant architecture, Flashback Database is an operation at the CDB level only.
• Future releases will enable Flashback Database as an operation at the individual PDB level.
– Point-in-time recoverability
• Can be performed at the individual PDB level, so if you have multiple PDB’s affected by an issue, you can issue parallel point-in-time recovery commands to improve MTTR.
Copyright © 2015, Oracle and/or its affiliates. All rights reserved.
Scalability
• All databases compete for the limited hardware resources (CPU, memory, and I/O) within a database pool, so you should ensure that a database is guaranteed sufficient resources and also doesn’t have a detrimental impact on other databases within the pool.
• Variety of ways to ensure customers in a Schema as a Service environment are getting the services or resources they are paying for. These include:
– Separation of resources at the pool level
– Quotas – define the amount of memory and storage, and the number of database, schema service, and pluggable database service requests that can be allocated.
– Workloads – workloads, based on the CPU, memory, number of sessions and storage requirements, can be defined that can be chosen by the Self Service user at request time.
Copyright © 2015, Oracle and/or its affiliates. All rights reserved.
High Availability
• Topology of a complete database system architecture (e.g. a primary database along with multiple physical standby databases) is defined in the service template by the SSA administrator
– If the “Enable Standby Locking” option is selected, SSA users can use this template to provision a primary database and then later submit a request to add or remove one or more standby databases to the existing service instance.
– Alternatively, to enforce deployment standardization, locking the option will ensure that any provisioning performed using this service template will create (and delete, if selected) the primary database as well as all the standby databases at once.
Copyright © 2015, Oracle and/or its affiliates. All rights reserved.