oracle modern cloud day · 2019-11-21 · exadata cloud extreme performance (ep) x on-premises...

Best Practices for Enterprise Workloads in Oracle Cloud Infrastructure

이진호상무

Master Principal Sales Consultant

Move & Improvement Team

Oracle Korea

Oracle Modern Cloud Day

Safe harbor statement

The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions.

The development, release, timing, and pricing of any features or functionality described for Oracle’s products may change and remains at the sole discretion of Oracle Corporation.

Copyright © 2019 Oracle and/or its affiliates

Enterprise Business Goal

Agenda

1

2

3

4

5

Security

Reliability

Operational Efficiency

Performance

Copyright © 2019 Oracle and/or its affiliates

6 Summary

Provision

Manage

Secure

Protect Scale

1 2 3 4 5

Optimize

: Demo - ExaCS Online Operation

엔터프라이즈클라우드관리를담당하는고객으로부터여러분들이가장많이문의받는Top Two Best Practice 영역을고르시오

Top Focus Area : Internal Survey

Copyright © 2019 Oracle and/or its affiliates4

Business Goal


보안Security

신뢰성Reliability

성능Performance

운영효율성

OperationalEfficiency

데이터, 어플리케이션, IT 리소스보호

최소한의영향으로비즈니스복구

최소노력으로인프라구성및운영

보장된성능유지, 빠른대량배포

Protect data, applications, and IT resources

Recover from outages with minimal impact

• Expected performance • Deliver more, faster

Operate the deployment with minimal effort

OCI Best Practices : Security for Enterprise


• Shared Security Responsibility Model의이해

• OCI 보안기능및서비스의이해

• Network Isolation의구현

• 리소스와비즈니스조직과의연동

• 리소스에대한접근통제

• 데이터보호및모니터링

보안

OCI Core-to-Edge Security for Enterprise


Feature Description

Network

Virtual Cloud Network 클라우드내의완벽하게분리된사설네트워크

Subnet 업무간의보안을위해서구분된공용또는사설네트워크

Security List Subnet 간의방화벽정책(Firewall)

Route Tables VCN 및외부망과의라우팅경로정의(Router)

Gateway

Internet Gateway VCN과외부인터넷과의통신을관리 (양방향)

NAT Gateway 내부사설망과인터넷과의통신을관리(단방향)

Service Gateway OCI 서비스와의안전한통신을위한게이트웨이

Dynamic Routing Gateway

외부네크워크과 VPN 연결을위한게이트웨이

ConnectVPN DRG를통해연결된보안이강화된가상사설망

FastConnect 고객사와오라클클라우드간의전용망서비스

• Tenant Isolation

• Hardened Images

• SSH Keys Certificates

• Identity Federation

• Role-Based Policy

• Compartments,

• Tagging

• Web Application Firewall

• DDoS Protection

• DNS Security엣지

테넌트 계정

• At-Rest-Crypto : DB, DISK

• In-Transit-Crypto: Network

• Keys Management

• Hardware Security Module암호

• User Activity Monitoring

• Configuration Change Monitoring

• Logging, Compliance

• Optional 3rd Party Security모니터

• Live Patching

• Hardened Images

• KSpliceAutonomous

보안

Isolate Workloads in Secure Networks


REGION

VCN 10.2/161 Virtual Cloud

Network 1

AVAILABILITY DOMAIN 1

PUBLIC SUBNET10.2.3.0/24

PUBLIC SUBNET10.2.2.0/24

2 Subnetwork

No public Access

PRIVATE SUBNET10.2.4.0/24

2

Public AccessPublic

Internet

InternetGateway4 Internet Gateway 4

Public Internet

NATGateway

PatchDownload

5 NAT Gateway

5

Object Storage

ServiceGateway

RMANBackup

6 Service Gateway

6

IPSecVPN Customer

Data Center

DRG

7 Dynamic RoutingGateway / VPN

7

FastConnect

FastSecureAccess

8 Fast Connect

8

LoadBalancer

Web Server

Database Server

Database Server

Web Server

Web Server

OCI VM

3rd Party Security10

10

보안

Firewall

33 Security List9 Routing Table

RoutingTable

9

REST API Client

Identity, Access Management and Audit


Oracle Cloud Infrastructure

Bare MetalCompute

Virtual Machine

Container Database System

Block Storage

Object Storage

Virtual CloudNetwork

Firewall Compartments

ID & AccessManagement

CustomerOracle Cloud Console

API/Service

1. Cloud Account2. User Name3. Password

AuthenticatedAccess

Sign in to Cloud

Telemetry/

MonitoringHealthcheck

Auditing

OCI Client/Terraform Script

보안

Route Table

리소스거버넌스의통합및계층화된관리


1 IT와 business, app roles의구분 2 Compartment로의매핑

• Compartment를통한리소스격리• Compartment와 Business 조직매핑

보안

Resource로의철저한접근통제


3 OCI Resource Access Policy 설정

Feature Description

TenantOCI 구매와함께프로비전되는최상위계정

User OCI 포털에접근가능한사용자계정

Compartment클라우드리소스를구성하고격리하는논리적컨테이너

Group 사용자들의모임

Dynamic Group

인스턴스들의모임

Resource OCI 리소스

Policy직관적정책언어를통해누가어떤리소스에어떻게접근가능한지지정

권한부여 (Authorization)를위한기본요소

보안

데이터보호및모니터링


보안

안전한백업및보호

• 자동백업(스케줄, 유지기간)• 백업의자체암호화• Backup Subnet

Oracle Data Safe

• 통합데이터베이스보안컨트롤센터• 위험대시보드, 사용자활동모니터링• DB 클라우드사용자에게무료제공

자체데이터암호화

• 데이터전송, 저장까지자체암호화• 블록볼륨과 Object Storage 암호화

버킷접근제어

• Object Storage의안전한보호• IAM 정책을통해접근제어• 사설버킷생성및 Service

Gateway를통한접근통제

AuditUsers DiscoverAssess Mask

OCI Best Practices : Reliability for Enterprise


신뢰성

• Cloud MAA 아키텍처

• Server, Service 장애에대한대비

• Data Center Outage로부터의보호

• Region-wide 다운타임복구

Oracle Cloud MAA Deployment Architecture


신뢰성

Primary

AD

#1

Standby

AD

#2

SILV

ER (

DR

)

Primary

Reg

ion

#1

Standby

Reg

ion

#2

GO

LD (

DR

,HA

)

RAC

RAC

ADGADG

• On-Premise와동일한 MAA 배포지원

• Cloud에서유일하게 Real Application Clusters 지원

• Active Data Guard의자동설정및배포

• Enterprise에서요구하는 Business Continuity 대응가능

• RTO, RPO에따른등급 : Gold, Silver, Bronze

BR

ON

ZE

Single Instance

DB Backup Service

RACSILV

ER (

HA

)

DB Backup Service

Oracle Database Cloud Service의고가용성솔루션


신뢰성

Data Protection & MAA 기능

Cloud Service Edition/Package RACActive Data

GuardData

GuardRMAN

Database Cloud Standard Edition (SE) ✓

Enterprise Edition (EE) ✓ ✓

High Performance (HP) ✓ ✓

Extreme Performance (EP) ✓ ✓ ✓ ✓

Exadata Cloud Extreme Performance (EP) ✓ ✓ ✓ ✓

X

On-Premises

• Enterprise MAA를위한Best Practice 완성

On-Premises Exadata

• Engineered System과MAA의통합

Exadata Cloud

• Database 관리, 구성, 툴링, 운영의반자동화

• Oracle 책임하의자동화된 MAA 적용

Autonomous Database

Oracle Cloud Infrastructure (Region)

Disaster Recovery On OCI – Single Region, Multi AD


신뢰성

• AD 간의리소스이중화

- 동일 Subnet 설정가능

- 로드밸러서

- 스토리지동기화

- Database DR

Availability Domain 2

Application Tier Subnet C

Virtual Cloud NetworkNAT

GatewayDynamic RoutingGateway

(DRG)

InternetGateway


Bastion HostSubnet A

Load BalancerSubnet B


FAULTDOMAIN-1

Host 1

FAULTDOMAIN-2

Host 2

File System Service

rsync


Load BalancerSubnet B

FAULTDOMAIN-1

Host 1

FAULTDOMAIN-2

Host 2

File System Service

Database TierSubnet D

Database TierSubnet DOracle

Active DataGuard

Disaster Recovery On OCI – Single Region, Single AD


신뢰성

Terraform Configuration을통한지정예제

Oracle Cloud Infrastructure (Region)

Virtual Cloud Network NAT

GatewayDynamic Routing

Gateway (DRG)

InternetGateway



Load BalancerTier Subnet B


FAULT-DOMAIN-1

Host 1

FAULT-DOMAIN-2

Host 2

File System Service

Fault domain간의리소스배치• 하드웨어장애또는유지보수기간에대한대처• 자동설정또는명시적지정가능

Disaster Recovery On OCI – Multi Region


신뢰성

Primary Region

2-node RAC DB16 OCPU , 2048 GB RAM

CDBCONSP

EASTELP EASTELRP EASTAXP EASRPTP EASARCP

CDBEBIZP

EASEBIZP

CDBCUSIP

EASCUSIP

CDBCUSP

EASCUSP EASHRP

52 OCPU , 768 GB RAM

Compute – Bare metal

ERP AP#1 ERP AP#2CUSTOM

AP#1CUSTOM

AP#2

Telesoft

Gateway

OAM / OID

Markview/ Kofax

BICS

Adoptive

Ent. Manager

NAT Bastion Host

Load Balancer

Block Storage20 TB

Object Storage40 TB

2-node RAC DB


CDBCONSDR

EASTELEDR EASTELERDR EASTAXDR EASRPTDR

CDBEBIDR

EASEBIZDR

CDBCUSIDR

EASCUSIDR

CDBCUSDR

EASCUSDR


Compute – Bare metal

ERP AP#1

ERP AP#2

CUSTOM AP#1

CUSTOM AP#2

OAM / OID

NAT Bastion Host

Load Balancer

Block Storage20 TB

Object Storage40 TB

File Storage Service

File Storage ServiceNFS Mount NFS Mount

Data Guard

File Sync

• Region간의이중화

- Active-Passive

- 스토리지백업

- Database DR

- VCN Peering

VCNPeering

DR Region

Exadata Cloud Service: Backup


Av

aila

bili

ty

Do

ma

in

Dynamic Routing Gateway

Virtual Cloud

Network

172.16.0.0/16

Client Subnet

(Private)

Client Subnet

(Private)

Default

Security

List

Client

Default

Security

List

Default

Security

List

Backup

Default

Security

List

Object Storage

Oracle ServiceNetwork

ServiceGateway

Customer Data Center

10.0.0.0/16

8 Channels 16 Channels 32 Channels 48 Channels

8 Channels 16 Channels 32 Channels 48 Channels

RMAN Low Compression Backup from ExaOCI to Object Storage

RMAN Incremental Backup from ExaOCI to Object Storage

Default: 2 TB/hr, Tuned: 8.31 TB/hr

Default: 18 TB/hr

• 안전한백업수행및보관

• 최소비용의백업환경구성

신뢰성

OCI Best Practices : Operational Efficiency


운영효율성

• Pricing Model

• Control Cost

• Manage Capacity

• Streamline DevOps

The Promise of Cloud

Pay for what you use,

when you use it”

“

비용절감의시작: Oracle Universal Credits


운영효율성

• 적은양으로시작하여시즌에따라사용량을증대

• Overage와연동하여최적의비용효율증대가능

Phasing Pricing Model

• Overage: Penalty 없는동일한가격제공

• 할인율: 월별계약금액과계약연수에비례

• 기존계약크레딧으로신규서비스도그대로사용가능

• 계획에없는과도한비용지출을최소화

– 고정된비용에예측가능한성능제공: 컴퓨트, 디스크, 네트워크

탄력적인가격정책

• On-Premise 라이선스를클라우드에서활용가능

• 인프라및서비스비용만부담 (약 20%)

• ULA, PULA 고객에게매우큰혜택제공

BYOL – 기존투자비용의보전

• Peak Time 기준의과도한비용지출불필요 (필요시확장)

• Overage에대해서도계약과동일한가격제공

Bursting

HourlyCharge

NormalScale Up

No Charge

ElasticResource

$ Cost Saving

Tagging을통한손쉬운사용현황및비용추적


운영효율성

1

2

3

비용추적용 Tag 생성리소스별 Tag 적용

Tag 적용된리소스별비용분석

• 부서별비용분석

• 일괄공지및통제(예: 업무시간외강제종료)

효율적인리소스/비용통제

Autoscale to manage capacity


운영효율성

• Master instance

• Instance Configuration

• Instance Pool

인스턴스풀의생성

Specify pool size, network settings, and AD

• CPU consumption

• Memory utilization

메트릭모니터

• Thresholds

• Scale-out limit

• Scale-in limit

오토스케일룰생성

Example

인프라의코드화를통한효율적인 IT 운영및확장


운영효율성

리소스매니저의Job 실행

Web application을위한Terraform 스크립트작성

Terraform 스크립트재활용:다른환경에배포

스테이징환경을통한이슈해결

• 검증된코드의재사용을통한인프라배포의안정성, 확장성및효율성확보

Demo

Exadata Cloud Service Operation Efficiency

- 온라인무정지스케일업/다운

- 리소스매니지먼트



ExaCS CPU 스케일링

다운타임이필요없음완벽한온라인작업

업무부하에맞게언제나활용Scale up / down

시간당사용된 CPU만과금

IORM

Exadata I/O 우선순위제어Flash cache limit 할당

DB 별또는 Default로할당

Predictable Low Latency & High Speed Flat Network

OCI Best Practices : Performance for Enterprise


성능

• 네트워크가상화의분리

• 네트워크, 디스크대기시간최소화

1st Generation Clouds: Most Prevalent Today

Host OS/Kernel

Network VirtualizationHypervisor

Server VirtualizationServer Virtualization

HypervisorNetwork Virtualization

VM/ Guest

OS

VM/ Guest

OS

VM/ Guest

OSVM/

Guest OS

VM/ Guest

OS

VM/ Guest

OS

Isolated Network Virtualization

2nd Generation Cloud: Oracle Cloud Infrastructure-Wide

Separates Network and

Tenant Environment

Host OS/Kernel

HypervisorContainer (Optional)

VM/ Guest

OS

VM/ Guest

OS

VM/ Guest

OSVM/

Guest OS

VM/ Guest

OS

VM/ Guest

OS

To / From Other Tenants

• 워크로드간의지속적인빠른스토리지성능보장

• VM, Bare Metal 그리고 Exadata에대한고속데이터베이스처리제공

성능 + 보안

Clustered RDMA Network (1.5 µs latency, 100Gb/s)

Cloud-first network for ultra low latency and high bandwidth(HPC, GPU, Exadata and etc.)

Highest, Most Consistence Performance


성능

• www.storagereview.com/oracle_cloud_infrastructure_co

mpute_bare_metal_instances_reviewwww.storagereview.com/amazon_ec2_i3metal_review

• https://www.storagereview.com/dell_emc_unity_450f_allflash_storage_review

0

50000

100000

150000

200000

250000

300000Oracle Database

Oracle Bare Metal

All-flash array

AWS i3.metal

Consistently Fast Performance

Mixed Workload

2-5x 빠른워크로드 vs. On-Prem 및클라우드경쟁사

http://www.storagereview.com/oracle_cloud_infrastructure_compute_bare_metal_instances_review

http://www.storagereview.com/amazon_ec2_i3metal_review

https://www.storagereview.com/dell_emc_unity_450f_allflash_storage_review

OCI Gen2 : Best Performance & Price


성능

Database Performance : 200 concurrent users

Other OCI

Transactions 1,397,270 10,916, 571

List Price / Month $345.88 $228.12

Accenture With Paper “Enterprise Workloads Meet the Cloud"

Standard Virtual Machine Instances ($/OCPU/Hour) $0.0638 +52% +52% +46%

Bare Metal Standard ($/OCPU/Hour) $0.0638 +34% N/A N/A

Data Archive ($/GB/Month) $0.0026 +35% -30% +63%

Block Storage: Massive Perf (annual cost, 400GB 20K IOPS) $204 +7,900% +2,900% +400%

Internet Data Egress (50TB/Month) $340 +1,300% +1,300% +1,300%

Private Line Network (1 Gbps, 100TB Data, Monthly) $155 +2,100% +3,700% +1,500%

AWS Azure GCP

* AWS Seoul Region은위결과보다 30% 더많은비용필요* Oracle은모든 Region에서동일한가격제공

* AWS는미국동부가격기준

1.5x ↑

7.8x ↑

25k

20k

15k

10k

5,000

0Oct 24 03:00 06:00 09:00 12:00 15:00 18:00 21:00 Oct 25 03:00

디스크읽기 I/O 패턴비교: VDBench 24 시간최대부하지속

Oracle 4 OCPUs: 25K IOPS

Other Cloud

고비용의 Provisioned IOPS추가필요

https://www.accenture.com/t20171003T083750Z__w__/us-en/_acnmedia/PDF-62/Accenture-Enterprise-Workloads-Meet-Cloud.pdf

OCI Gen2 : High Performance Computing


성능

Cluster RDMA Network

CPU GPU Exadata

Block Storage

Application

Sockets

Transport

NIC Driver

Application

Sockets

Transport

NIC Driver

1.5 µs latency, 100Gb/s network

RDMA Traffic

• 업계최초로 Bare Metal RDMA network을서비스로제공

Exadata와 HPC와같이성능에민감한서비스에최적화

Oracle Gen2 runs 4X Faster

Oracle Gen2 is 87% cheaper

4M cell CFD model 28 nodes

Oracle Autonomous Database


성능

• 실제고객이정밀튜닝하여운영중인 DW 워크로드를 ADW로이관하여수행한결과

ElapsedTime(sec)

Customer Tuned

2551

5137

ADW

Exchange

Customer Tuned

2835

4051

Manufacturer

ADW Customer Tuned

22652831

Bank

ADW

Oracle : 16 OCPUs

AWS Redshift : 8 Nodes x 36 vCPUs

10x 이상의빠른성능

10x 이상의비용절감

• Oracle ADW vs. AWS Redshift

Oracle과 MS Azure 협력관계의시사점


성능

Custom App

AutonomousDatabase

Application

OracleDatabase

Custom App

SQL Server

Application

SQL Server

Oracle Cloud Infrastructure Microsoft Azure

Cross-cloud SSO and Interconnect



OracleDatabase

Custom App

Application

Custom App

Container Enginefor Kubernetes

Application

AutonomousDatabase

Custom App

SQL Server

CognitiveServices

Azure ML



• 상호클라우드 DC 연계협력–Direct Network Connection

– Identity Interoperability

–수십 μs 내의빠른상호 Network 속도제공

• Enterprise Workload 중심협력–Oracle Database, Exadata, Autonomous

–Multi-cloud Strategy

• Roadmap–가능지역: Ashburn (Virginia, US), London

–Cloud DC가상호인접한지역 순으로확장 US West, Government, Asia, and Europe regions


Summary

• Oracle Cloud는 Enterprise Workload를위한성능과안정성

을보장하는유일한클라우드서비스입니다.

• Oracle Cloud는가장최적의성능대비비용을보장합니다.

기업의복잡하고중요한업무를클라우로전이하시려면, 오라클에문의하십시오.

가장최적의방법론과서비스를제공합니다.

Oracle OpenWorld 2018

우리의미션은사람들이새로운방식으로

데이터를보고, 통찰력을발견하고, 무한의가능

성을여는것을돕는것이다.

Thank you

Jinho Lee

Director, Master Principal Sales ConsultantMove & Improvement TeamOracle Korea


oracle modern cloud day · 2019-11-21 · exadata cloud extreme performance (ep) x on-premises...

Documents