• IBM Consulting

    DBA Consulting can help you with IBM BI and Web related work. Also IBM Linux is our portfolio.

  • Oracle Consulting

    For Oracle related consulting and Database work and support and Migration call DBA Consulting.

  • Novell/RedHat Consulting

    For all Novell Suse Linux and SAP on Suse Linux questions releated to OS and BI solutions. And offcourse also for the great RedHat products like RedHat Enterprise Server and JBoss middelware and BI on RedHat.

  • Microsoft Consulting

    For Microsoft Server 2012 onwards, Microsoft Client Windows 7 and higher, Microsoft Cloud Services (Azure,Office 365, etc.) related consulting services.

  • Citrix Consulting

    Citrix VDI in a box, Desktop Vertualizations and Citrix Netscaler security.

  • Web Development

    Web Development (Static Websites, CMS Websites (Drupal 7/8, WordPress, Joomla, Responsive Websites and Adaptive Websites).

26 June 2013

Oracle Database 12c is here


Oracle Database 12c is here and has indeed multi-tenancy and pluggable Databases.

The long waited Oracle Database 12c has finally come. You can download the software from the Oracle Software Delivery Cloud for the three OS versions:
 
1.Oracle Database 12c Release 1 (12.1.0.1.0) Media Pack for Linux x86-64 :
2. Oracle Database 12c Release 1 (12.1.0.1.0) Media Pack for Oracle Solaris on x86-64 (64-bit)
3. Oracle Database 12c Release 1 (12.1.0.1.0) Media Pack for Oracle Solaris on SPARC (64-bit)

The following is the screen shot of downloading Oracle 12cR1.  





The videos below give an overview of the architecture of the new Database release Oracle Database 12c.

Oracle Database 12c Architecture Overview

This video provides an overview of the Oracle Database 12c Architecture.





This video provides an overview of the new Oracle Database 12c Multitenant Architecture.





Pluggable Database


* Oracle 12c introduces a new feature called 'Pluggable Database'. Here Oracle Metadata and user data are totally separated into two sections. One is Container DB (or CDB) which will hold Oracle Metadata. The other is Pluggable DB (or PDB) which will hold user data.






How does a Pluggable Database work?

In the regular database, Oracle's metadata and user's application data are integrated. For beginners, Oracle Metadata is the data that is present when you install a new Oracle Database (without any sample schemas). Even though it can be called as an empty database, it still has data provided by Oracle. This data is needed by the database to function. For example, the objects owned by SYS, SYSTEM are mostly metadata.

Then user data is entered into that database. They will go under multiple user schemas. Now the database is being used by the users.

Now a situation arises so that we need to create another database on the same server. Why? Let us say that you need to provide data to two clients. And you don't want one client to other's data. And your data is contained in an extensive set of application schemas.

In this case, making a copy of those applications schemas into a different set of names and making them reside in the same database is very difficult.

So, you provide two separate databases. This also ensures that there is no security violation.

So, we install another new database, which comes with Oracle Metadata. Then we load the user data. In this method, which is currently being used (Year 2013), there will be a need for more memory for both the database instances. There will be two SGAs, two sets of smon, pmon and other background processes running.

Then if we need to copy one database to another, we need to rely on extensive procedures which includes exporting the data from the source database first, then removing the data at the target and then finally loading the data in there. After that, we need to take care of the user security and object privileges etc.

So, if you want to provide data for multiple tenants, that is multiple clients, then with the current set of features (till Oracle 11g), we have to create multiple databases. That is, one database for one client. In other words, there is no multi-tenancy.

Multi-Tenancy is becoming an important requirement in cloud infrastructure, these days. You would like to have the ability of providing data to multiple clients from the same database system with full confidence in security.

This can be achieved in Pluggable Database.

In a Pluggable Database, Oracle basically separates its metadata entirely from the user data. Metadata is stored in a section called Container DB. Then the user data are stored in Pluggable DBs. It also stores user metadata in the Pluggable DB.

By the way, what is user metadata? For example, earlier, the list of user accounts that exist in a database is tightly inegrated with Oracle Metadata. Now, with the separation of Container DB and Pluggable DB, the user accounts must exist in the Pluggable DB. So, the Pluggable DB not only contains user data, but also some user metadata.

So, what are the benefits?

* Multi-Tenancy - We can bring in two Pluggable DBs under one Container DB. Both will be totally segregated, but yet controlled by one instance. This is an important feature for SaaS (Software as a Service) platforms, Cloud, On-Demand and Vendor Managed Application solutions.

* Easy cloning/copying. Now the cloning and copying the databases across servers would be much easier. Just clone a Pluggable DB and plug-it-in in a different server.

* Very easy upgrades and patching.

Oracle 12c Database New Features - Pluggable Database – Video.




More information on the Oracle Dataabase 12c Optimizer:


Some usefull inside information from Tom Kyte and other Oracle Ace experts!


Download links for Dataabse 12c:


Learn more about administration with this book:








For more information please contact me at:Drs. Albert Spijkers
DBA Consulting
web:            http://www.dbaconsulting.nl
blog:            DBA Consulting blog
profile:         DBA Consulting profile
Facebook :   DBA Consulting on Facebook
email:          info@dbaconsulting.nl 





18 June 2013

Linux Kernel Security (it is necessary).



Linux Kernel Security (it is necessary).


 

Linux kernel is the central component of Linux operating systems. It is responsible for managing the system's resources, the communication between hardware and software and security. Kernel play a critical role in supporting security at higher levels. Unfortunately, stock kernel is not secured out of box. There are some important Linux kernel patches to secure your box. They differ significantly in how they are administered and how they integrate into the system. They also allow for easy control of access between processes and objects, processes and other processes, and objects and other objects. The following pros and cons list is based upon my personal experience.

 There are three kinds of flavors in securing your Linux kernel:


1)      SE Linux

2)      AppArmor

3)      Grsecurity

 
SELinux

 

Security-Enhanced Linux (SELinux) is a Linux feature that provides a variety of security policies for Linux kernel. It is included with CentOS / RHEL / Fedora Linux, Debian / Ubuntu, Suse, Slackware and many other distributions.

 

A video introduction to SELinux for mere mortals:

 

While Security-Enhanced Linux (SELinux) is an incredibly powerful tool for securing Linux servers, it has a reputation for being difficult to configure. As a result, many system administrators would simply turn it off. Fortunately, the incredible amount of work completed by the SELinux community in recent years has made SELinux much more system administrator-friendly.

In this session, Thomas Cameron explains the basics of SELinux, which include configuring, analyzing, and correcting SELinux errors, as well as writing basic policies to enable non-SELinux-aware applications to work on SELinux-protected systems. Real-world examples will be used to better demonstrate how to use SELinux.

 


  

SELinux features

1. Clean separation of policy from enforcement

2. Well-defined policy interfaces

3. Support for applications querying the policy and enforcing access control

4. Independent of specific policies and policy languages

5. Independent of specific security label formats and contents

6. Individual labels and controls for kernel objects and services

7. Caching of access decisions for efficiency

8. Support for policy changes

9. Separate measures for protecting system integrity (domain-type) and data confidentiality (multilevel security)

10. Very flexible policy

11. Controls over process initialization and inheritance and program execution

12. Controls over file systems, directories, files, and open file descriptors

13. Controls over sockets, messages, and network interfaces

14. Controls over use of "capabilities"

 

Pros and Cons

• Admin skill set (learning curve) - High

• Complex and powerful access control mechanism - Yes

• Detailed configuration required - Yes

• GUI tools to write / modify rules set - Yes

• CLI tools to write / modify rules set - Yes

• Ease of use - No (often described as horrible to use)

• Binary package - Available for most Linux distributions

• System performance impact: None

• Security Framework: Mandatory access controls using Flask

• Auditing and logging supported - Yes

• Typical user base - Enterprise users

• Documentation - Well documented


AppArmor


 

AppArmor (Application Armor) is another security software for Linux which maintained and released by Novell under GPL. AppArmor was created as an alternative to SELinux. AppArmor works with file paths. According to official Novell FAQ:

 AppArmor is the most effective and easy-to-use Linux application security system available on the market today. AppArmor is a security framework that proactively protects the operating system and applications from external or internal threats, even zero-day attacks, by enforcing good program behavior and preventing even unknown software flaws from being exploited. AppArmor security profiles completely define what system resources individual programs can access, and with what privileges. A number of default policies are included with AppArmor, and using a combination of advanced static analysis and learning-based tools, AppArmor policies for even very complex applications can be deployed successfully in a matter of hours.

AppArmor is default in OpenSUSE and Suse Enterprise Linux. It was first successfully packaged for Ubuntu Linux.

 AppArmor Overview:


 Video Novell SUSE Linux and AppArmor - Speaker: Crispin Cowan Director of Software Engineering, SUSE/Novell


The core of the security problem is that most software contains latent bugs, and many of these bug can be exploited by attackers to cause the software to do something undesirable to the victim's computer. To block this threat, one can either use only perfect software (of which there is a shortage :) or use a security system to control what software may and may not do. The problem is that such systems are historically very difficult to use.

AppArmor is an application security system that directly attacks the ease of use problem, making it possible for widespread adoption by developers, system administrators, and users. AppArmor provides for security profiles (policies) that specify the the files that a given program may read, write, and execute, and provides tools to quickly and automatically generate these profiles.

This presentation will briefly introduce the AppArmor system, and then spend much of the time showing how to best use AppArmor to confine applications and protect systems. AppArmor is pure GPL software, and is available for SUSE, Slackware, Ubuntu, Gentoo, and Red Hat Linux.


Securing Linux with AppArmor:



 Novell SUSE Linux and AppArmor (video could do with better focus):



 Features


1. Full integration.

2. Easy deployment.

3. AppArmor includes a full suite of console and YaST-based tools to help you develop, deploy and maintain application security policies.

4. Protects the operating system, custom and third-party applications from both external and internal threats by enforcing appropriate application behavior.

5. Reporting and alerting. Built-in features allow you to schedule detailed event reports and configure alerts based on user-defined events.

6. Sub-process confinement. AppArmor allows you to define security policies for individual Perl and PHP scripts for tighter Web-server security.


Pros and Cons

 • Admin skill set (learning curve) - Medium

• Complex and powerful access control mechanism - Yes.

• Detailed configuration required - Yes.

• GUI tools to write / modify rules set - Yes (yast2 and wizards).

• CLI tools to write / modify rules set - Yes.

• Ease of use - Yes (often described as less complex and easier for the average user to learn than SELinux).

• Binary package - Available for Ubuntu / Suse / Opensuse and distros.

• System performance impact - None.

• Security Framework - Mandatory access controls.

• Auditing and logging supported - Yes.

• Typical user base - Enterprise users.

• Documentation - Documented (mostly available from Opensuse and Suse enterprise Linux).

 



Grsecurity


 

Grsecurity is a set of patches for the Linux kernel with an emphasis on enhancing security. It utilizes a multilayered detection, prevention, and containment model. It is licensed under the GPL.

 
Video on Gentoo Grsecurity Published on Oct 25, 2012

The talk gives an overview on how Open Source Security works, and how Gentoo in particular handles vulnerabilities. You will get to know the tools that are available to ensure your packages are safe and an outline on other efforts made within Gentoo to enhance the safety and security of your system.

 


 
Features

1. An intelligent and robust Role-Based Access Control (RBAC) system that can generate least privilege policies for your entire system with no configuration

2. Change root (chroot) hardening

3. /tmp race prevention

4. Extensive auditing

5. Prevention of arbitrary code execution, regardless of the technique used (stack smashing, heap corruption, etc)

6. Prevention of arbitrary code execution in the kernel

7. Randomization of the stack, library, and heap bases

8. Kernel stack base randomization

9. Protection against exploitable null-pointer dereference bugs in the kernel

10. Reduction of the risk of sensitive information being leaked by arbitrary-read kernel bugs

11. A restriction that allows a user to only view his/her processes

12. Security alerts and audits that contain the IP address of the person causing the alert

 
Pros and Cons

 • Admin skill set (learning curve) - Low.

• Complex and powerful access control mechanism - No (it is simpler to administer than other two implementations. Also, policies are simpler to create, since there are no roles or complicated domain/file transitions).

• Detailed configuration required - No (works in learning mode).

• GUI tools to write / modify rules set - No.

• CLI tools to write / modify rules set - Yes (gradm tool).

• Ease of use - Yes.

• Binary package - Available for Ubuntu / RHEL / CentOS / Debian distros.

• System performance impact - None.

• Security Framework - Mandatory access controls (precisely, it is a RBAC implementation) using access control lists.

• Auditing and logging supported - Yes.

• Typical user base - Webserver and hosting companies.

• Documentation - unfortunately, is not well documented.


Conclusion:

All three offers very good protection and one can select them based upon the following simple criteria:

 

• New user / ease of use : Grsecurity

• Easy to understand policy and tools : AppArmor

• Most powerful access control mechanism : SELinux
 



 For more information please contact me at:

Drs. Albert Spijkers
DBA Consulting
web:            http://www.dbaconsulting.nl
blog:            DBA Consulting blog
profile:         DBA Consulting profile
Facebook :   DBA Consulting on Facebook


 

 

13 June 2013

Oracle Enterprise Manager 12c Ops Center



Oracle Enterprise Manager 12c Ops Center:


 


Total Cloud Control for Oracle Systems

Oracle Enterprise Manager 12c is Oracle’s leading solution for transforming traditional IT into an enterprise cloud. It provides IT leaders total cloud control, enabling as much as 12 times higher operational agility for cloud, mission-critical applications and traditional IT environments.

Key capabilities in Oracle Enterprise Manager Ops Center 12c help customers:

Accelerate Mission Critical Cloud Deployment: delivers comprehensive cloud lifecycle management across Oracle hardware, Oracle Linux and Oracle Solaris, including central management of all virtualization technologies, self-service management of cloud lifecycle, and dynamic resource scheduling. Oracle Enterprise Manager Ops Center 12c is the industry’s first and only solution for managing virtualized pools of x86, via tight integration with Oracle VM Manager 3, and SPARC servers through a uniform interface.

Provide Total Management for Oracle Solaris 11: adds support for Oracle Solaris Image Packaging System (IPS), Automated Installer (AI) and Alternate Boot Environments. Enhances the I/O manageability in Oracle Solaris environments with improved manageability of iSCSI, fibre channel interfaces and network and storage technologies. These capabilities help customers unlock the power of Oracle Solaris 11 to accelerate mission-critical enterprise and ISV application delivery.

Simplify Oracle Engineered Systems Management: adds management support forOracle’s SPARC SuperCluster T4-4 and enhances the rich management of Oracle Exadata Database Machine and Oracle Exalogic Elastic Cloud – enabling customers to go from bare-metal to the cloud in minutes.

Deliver Proactive Cloud Support: enhancements in MyOracle Support allow cloud administrators to benefit from Automatic Service Requests (ASR), proactive patch recommendations and health checks, integrated with Oracle Enterprise Manager’s comprehensive automated patch planner and end-of-life advisor for all of the application technology deployed within Oracle clouds.

The new Ops Center Everywhere Program demonstrates Oracle’s commitment to delivering the best value to its systems customers. Oracle server, storage, networking, Oracle Linux, Oracle Solaris and Oracle VM customers can now receive access to Oracle Enterprise Manager Ops Center though their Oracle Premier Support agreements, at no additional cost. Benefits include the ability to:

Manage all Oracle systems technologies from a single pane, with no extra license charges.

Deploy and manage Infrastructure as a Service powered by Oracle systems faster than alternative solutions.

Receive proactive support information and recommendations, manage service requests and apply patches. These capabilities, provided through a single console are not offered by other management solutions.

Eliminate third party tools and save complexity and cost. Oracle Enterprise Manager Ops Center 12c can do the job of multiple tools to manage Oracle systems including discovery, inventory, monitoring, patching, configuration management, server provisioning, host management, storage management, virtualization management, network management, and cloud infrastructure management.

Provide total cloud control across applications, middleware, databases and hardware through built-in integration with Oracle Enterprise Manager 12c.





Overview video:

Oracle Enterprise Manager Ops Center is the industry's first converged hardware management solution for Oracle's Sun environments - combining management across servers, operating systems, firmware, virtual machines, storage, and network fabrics into a single console, to maximize the value of infrastructure investments. With its end-to-end lifecycle management and built-in integration with My Oracle Support, Oracle Enterprise Manager Ops Center dramatically improves the efficiency of IT operations.





Speed of deployment:








Overview Demo of Cloud Management by Oracle Enterprise Manager 12c:





Oracle Cloud Control demo series:




Integrated Linux Management in the Cloud

Linux Management functionality is available as part of Oracle Enterprise Manager 12c and is available to Oracle Linux Basic and Premier Support customers at no cost. The solution provides an integrated and cost-effective solution for complete Linux server lifecycle management and delivers comprehensive provisioning, patching, monitoring, and administration capabilities via a single, web-based user interface thus significantly reducing the complexity and cost associated with managing Linux operating system environments.

Using these rich Linux management features along with the complete Oracle Enterprise Manager product solution, the global financial company takes advantage of enterprise-scale service level management, automated change and configuration management, and comprehensive system and application performance management.

Integrated Lifecycle Management for Physical and Virtual Servers in the Cloud

Oracle VM offers server virtualization for both x86 and SPARC architectures that enable the deployment of agile cloud infrastructures. Virtualized server environments integrated with Oracle Enterprise Manager Ops Center allow you to easily create, deploy, clone virtual servers, and live migrate workloads while dynamically controlingcompute resources. Integrated lifecycle management of both physical & virtual servers with Ops Center simplifies the daily workflowneeded to control cloud infrastructures. This is one of the key reasons why this company decided power their private cloud with Oracle virtualization technologies.

Oracle Solaris 11 – The First Cloud OS

With its new and improved features, Oracle Solaris brings mission-critical enterprise class computing to cloud scale environments. These features include extremely agile, no overhead virtualization, simplified software lifecycle management, and built-in security across all layers. Oracle Enterprise Manager Ops Center understands all these new technologies, and therefore is the perfect tool to manage Oracle Solaris deployments at data center and cloud scales.

Manage Mission Critical Applications in the Cloud
 

Deploying and managing mission critical applications in cloud are one of the key strategic interests of the enterprises. Oracle SPARC based Infrastructure-as-a-Service ( IaaS ) offers the scale, reliability, and performance needed for those mission critical applications. In this demo, you will learn about how to manage SPARC server platforms, which is the foundation of the enterprise cloud this global financial company wants to deploy The Oracle SPARC technologies offers an extreme thread count and memory density in a small and eco-friendly form factor. This company wanted to insure they could leverage their existing SPARC population with not excluding new growth into the T4 chassis models. They found Ops Center offered them complete coverage of where they were the most invested.

Private PaaS and IaaS Cloud with Oracle Enterprise Manager

Oracle Enterprise Manager provides complete lifecycle management for cloud - from automated cloud setup, to delivery, to cloud operations. Learn how Oracle Enterprise Manager Cloud Control 12c and Oracle Enterprise Manager Ops Center 12c work together to provide an end-to-end solution to take you from zero to cloud in a day, whether the goal of your private cloud is Infrastructure as a Service (IaaS) or Platform as a Service (PaaS).

Managing DBaaS and MWaaS Cloud Services Delivery with Oracle Enterprise Manager

This demo showcases Engineered Systems Management capabilities of Oracle Enterprise Manager Cloud Control and Ops Center 12c. You can now manage all components of Oracle Exadata Database Machine, from databases to cell storage to network swicthes, from a single console. Similarly, you can now manage all aspects of Oracle Exalogic, including software and hardware, from a single console. Learn how Oracle Enterprise Manager is engineered systems-aware and provides insight into the performance, configuration and physical health of these highly performance machines.

Simplify Your Data Center with Exalogic Elastic Cloud

Oracle Exalogic Elastic Cloud is the industry’s Best Foundation for Cloud. It is hardware and software engineered together to provide extreme performance for Java applications, Oracle Applications, and other enterprise applications. Exalogic offers fully integrated compute nodes, storage and networking, fully integrated ZFS network attached storage appliance with 40TB of SAS disk storage, QDR InfiniBand IO Fabric, with 40 Gb/second throughput and microsecond latencies, Data center service network integration with 10 GbE, Scalable, open standard grid architecture. That means less effort spent by you on putting the pieces together and more time spend on extending the business value of your applications.

Check out this demonstration to learn more about Exalogic and the right configuration that meets your needs.

Oracle Software Runs Best on Oracle Hardware







Oracle Learning Library (OLL):

Provides an overview of the features of the latest release of the Oracle Learning Library (OLL). The Oracle Learning Library provides free online training of Oracle's products. Check it out athttp://www.oracle.com/goto/oll. Copyright © 2012 Oracle and/or its affiliates. Oracle® is a registered trademark of Oracle and/or its affiliates. All rights reserved. Oracle disclaims any warranties or representations as to the accuracy or completeness of this recording, demonstration, and/or written materials (the "Materials"). The Materials are provided "as is" without any warranty of any kind, either express or implied, including without limitation warranties of merchantability, fitness for a particular purpose, and non-infringement





This video demonstrates the steps to deploy a Solaris 10 or Solaris 11 local zone in a Solaris 11 global zone.:





Webcasts on demand on OEM Ops Center:



For more information please contact me at:

Drs. Albert Spijkers
DBA Consulting
web:            http://www.dbaconsulting.nl
blog:            DBA Consulting blog
profile:         DBA Consulting profile
Facebook :   DBA Consulting on Facebook


email:          info@dbaconsulting.nl