Oracle Database Cloud Service - Provisioning Your First DBaaS Instance

Raastech, Inc.2201 Cooperative Way, Suite 600Herndon, VA [email protected]

Oracle Database Cloud ServiceProvisioning Your First DBaaS Instance

Thursday, May 18, 20174:00 - 5:00pm

Session 10LL01

© Raastech, Inc. 2017 | All rights reserved. Slide 2 of 78@Raastech

Agenda

1. Introduction

2. Pricing

3. Creating an Instance

4. Administration

5. Managing Network Access

6. Oracle DBaaS Monitor

7. Command Line Utilities

8. Oracle REST Data Services

9. Oracle SQL Developer Access

10. Complaints

11. Summary



About Me

▪ Ahmed Aboulnaga @Ahmed_Aboulnaga

▪ 18+ years Oracle experience

▪ Oracle ACE, OCE, OCA

▪ Author, Blogger, Presenter, Tweeter


About Raastech

▪ Small systems integrator founded in 2009

▪ Headquartered in the Washington DC area

▪ Specializes in Oracle Fusion Middleware

▪ Oracle Gold Partner

▪ Oracle SOA Specialized


Why Cloud?

▪ No need to purchase or maintain hardware

▪ Less effort spent upgrading and patching

▪ A slew of other reasons you can find online


Will Traditional DBAs Become Obsolete?

▪ “By 2017, the DaaS market share will increase to 29%” ~Oracle Research

▪ Cloud DBA skills needed:

▪ Everything a traditional DBA knows

▪ DBaaS architecture and usage

▪ Familiarity with cloud DBA tools

▪ Security

▪ Cloud Strategic Database Administrator – one of the top 10 future job roles

▪ Strategic management of databases in the cloud

▪ Niche skills in multitenancy, tuning, high availability, and security


Oracle Database as a Service (DBaaS)

▪ Oracle DBaaS – support for both 11g and 12c

▪ Support for multiple editions (explained later)

▪ Retain full control – root OS and SYSDBA access

▪ Comprehensive CLI and REST interfaces

▪ Network access via SSH, SQL*Net, JDBC, Web, HTTPS, and other

drivers

You are responsible for setting up automated maintenance!

You are responsible for recovery in the event of a failure!


Oracle Marketing Speak

▪ “Fast,” “Elastic,” “Secure,” “Simple”

▪ “Rapid provisioning”

▪ “Full capabilities of the Oracle Database”

▪ “Flexible management options from self-managed to fully managed

by Oracle”

▪ “Reap all the benefits of the cloud including subscription-based, self-

service access to reliable, scalable, and secure cloud environments”


Multiple Editions

Standard Edition

Enterprise Edition

Enterprise Edition High Performance

Enterprise Edition Extreme Performance

Single Instance ✓ ✓ ✓ ✓

Single Instance + Data Guard Standby ✓ ✓ ✓

Database Clustering + RAC ✓

Database Clustering + RAC and Data Guard Standby ✓

▪ Enterprise – additional performance and availability

▪ High Performance – plus all management packs, but no Active Data Guard,

no in-memory, no Oracle RAC One Node, no RAC

▪ Extreme Performance – no Oracle RAC One Node


Oracle Database Cloud Differentiators

▪ Full administrative control (root OS + SYSDBA)

▪ Oracle Database Cloud Service – Bare Metal

▪ Oracle Database Schema Cloud Service

▪ Virtual Image option (pre-configured/installed, just need to run DBCA)


Multiple Oracle Database Cloud Services

▪ Oracle Database Cloud ServiceOracle 11g, 12.1, 12.2

▪ Oracle Database Cloud Service – Bare MetalDedicated hardware, local NVMe storage, secure Virtual Cloud Network, dynamically scale 2-node RAC to 72 OCPUs without downtime

▪ Oracle Database Exadata Cloud Service

▪ Oracle Database Exadata Cloud MachineFor on-premise deployments

▪ Oracle Database Exadata Express Cloud Service – Managed

▪ Oracle Database Schema Cloud Service – ManagedRuns APEX


Some Terminology

Term Explanation

Oracle DBaaS –or– DBaaS There is no product/service called “Oracle DBaaS”, merely a concept

Oracle Database Cloud ServiceOracle’s DBaaS offering ---- The service for provisioning Oracle Databases on the cloud

Oracle Compute Cloud ServiceOracle’s IaaS offering ---- The service for provisioning infrastructure/servers on the cloud

Compute node A server (e.g., Linux box) on Oracle’s Compute Cloud

Service “Create a service” means create a database installation/instance

Deployment“Create a database deployment” means create a database installation/instance



Pricing

▪ Metered - pay as you go

▪ Non-metered - pre-paid, typically cheaper if “always on”


Pricing

▪ Biggest cost variables are:

▪ Database edition

▪ Number of OCPUs

▪ Usage (number of hours, if metered)


Estimated Pricing – Standard Edition


Estimated Pricing – Standard Edition


Usage

▪ Metered – pay as you go – shutdown when not in use to control cost



Create Service

▪ Very straightforward, simple 3 page wizard (one of them the

confirmation screen!)


Details


Details – Advanced Settings


Backup and Recovery Configuration Options

▪ Want to back up to the cloud?

▪ Must set up a cloud storage container on Oracle Storage Cloud Service

▪ Cloud Storage:

▪ Provide URL of the Oracle Storage Cloud Service container for your

service instance backups

▪ Example: https://foo.storage.oraclecloud.com/MyService-bar/MyContainer

▪ To identify the URL of your storage account, see the documentation

▪ If this container doesn’t exist, use the provided checkbox to create it

https://foo.storage.oraclecloud.com/MyService-bar/MyContainer


Backup and Recovery Configuration Options


Confirmation Page


Services Dashboard


Creation Duration

▪ 25 minutes to create the instance


View/Search Activity


Indirect Access to Oracle Compute Cloud

▪ Can’t find a corresponding compute instance under Oracle Compute

Cloud (not a bad thing!)



Additional Responsibilities of the DBA

▪ Adding temporary storage

▪ Adding SSH keys

▪ Updating the Cloud Tooling (for automatic and on-demand backups,

patching and upgrading, point-in-time recovery)

▪ Administering Oracle REST Data Services (ORDS)

▪ Loading data / tuning performance / monitoring / patching

▪ Creating a database using the Virtual Image Service Level



Access Rules

▪ Oracle Database Cloud Service relies on Oracle Compute Cloud Service to provide

secure network access to database deployments (default through SSH port 22)

▪ Web console can be used to perform network access operations such as enabling

access to a port on a compute node or creating new security rules

Security Rule Name Port Application

ora_p2_dbconsole 1158 Enterprise Manager 11g Database Control

ora_p2_dbexpress 5500 Enterprise Manager Database Express 12c

ora_p2_dblistener SQL*Net

ora_p2_http 80 HTTP connections

ora_p2_httpssl 443 HTTPS connections, ORDS, Oracle APEX, DBaaS Monitor


Welcome to Oracle Cloud Email – Setting Up VPN

VPN Account

Setting up VPN involves the following steps: 1. Setting up a Corente gateway (on-premises gateway) in your data center2. Setting up Corente Gateway (cloud gateway) on Oracle Cloud3. Establishing partnership between your on-premises gateway and cloud gateway4. Configuring a GRE tunnel on your Oracle Compute Service instances

The VPN account information included in this email enables you to sign in to App Net Manager Service Portal when setting up Corente Gateway (cloud gateway) on Oracle Cloud, which is Step 2 of the setup process.

Username: a444444_admin Password: welcome1Corente Domain: a444444

Click https://docs.oracle.com/cloud/latest/stcomputecs/MCVPN/toc.htm for detailed instructions to configure your VPN account.

https://docs.oracle.com/cloud/latest/stcomputecs/MCVPN/toc.htm



Relevant URLs

▪ Oracle Database Cloud Service Dashboard

https://dbaas.oraclecloud.com/dbaas/faces/dbRunner.jspx

▪ DBaaS Monitor Console

https://129.150.xx.xx/dbaas_monitor

▪ EM Database Express Console

https://129.150.xx.xx:5500/em

▪ Application Express Console

https://129.150.xx.xx/apex/pdb1

https://dbaas.oraclecloud.com/dbaas/faces/dbRunner.jspx

https://129.150.xx.xx/dbaas_monitor

https://129.150.xx.xx:5500/em

https://129.150.xx.xx/apex/pdb1


Consoles – Navigating To

▪ Key tasks accessible from the Action Menu


Consoles – First Time Access Issue

▪ Cannot access the Oracle Database Cloud Service consoles

http://blog.raastech.com/2016/06/cannot-access-oracle-database-cloud.html

http://blog.raastech.com/2016/06/cannot-access-oracle-database-cloud.html


Consoles – Listen on Ports 443 and 5500

▪ Enable ora_p2_httpssl and ora_p2_dbexpress firewall rule

▪ Finer grain access eventually needed, not “PUBLIC-INTERNET”


Oracle DBaaS Monitor

▪ Default username is ‘dbaas_monitor’


Oracle DBaaS Monitor


Oracle DBaaS Monitor – Explore the 18 Errors


Oracle EM Console – Logging In

▪ Requires Adobe Flash


Navigate Oracle EM Console



Connect via SSH – Get Public IP Address


Connect via SSH – Setup Putty

1. Enter IP address 2. Enter location of private PPK key file

3. Set default user to ‘opc’


Connect via SSH – Connect to Compute Node


Command Line Utilities

▪ oracle-dbcs-cli

▪ To connect to Oracle Cloud and perform administrative tasks on Oracle Database Cloud Services

▪ Only runs on Linux

▪ Does not support databases that use RAC

▪ dbaascli

▪ Bouncing, patching, etc.

▪ raccli

▪ Various RAC-related administrative operations

▪ dbpatchmdg

▪ Various patching operations for deployments configured with Data Guard


oracle-dbcs-cli

▪ Download it from:

http://www.oracle.com/technetwork/database/database-cloud/public/downloads/index.html

▪ Subcommands include:

▪ create

▪ delete

▪ list

▪ patch apply/check/rollback/status/list

▪ scaleup

http://www.oracle.com/technetwork/database/database-cloud/public/downloads/index.html


dbaascli

▪ Connect to a compute node running an Oracle Database Cloud Service

▪ Run as the ‘oracle’ or ‘opc’ user depending on subcommands

▪ Subcommands include:

▪ database - bounce, changepassword, start, status, stop

▪ dataguard - failover, reinstate, status, switchover

▪ dbpatchm - apply, clonedb, list_patches, list_tools, prereq, rollback, etc.

▪ dv - off, on (Data Vault)

▪ listener - bounce, start, status, stop

▪ netsec - config, config encryption, config integrity, status

▪ orec - duplicate, keep list, keep tag, latest, list, pitr, scn

▪ tde - rotate masterkey, status


dbaascli

▪ Startup/shutdown/status commands

dbaascli database status

dbaascli database stop

dbaascli database start

dbaascli database bounce


dbaascli

▪ Environment already set in compute node

▪ Binaries under /usr/bin

▪ Stopping the database does not stop the entire service (i.e., compute node, ORDS, etc.)



REST APIs

▪ ORDS = Oracle REST Data Services

▪ ORDS makes it easy to develop modern REST interfaces for relational data in the Oracle Database

▪ Formerly known as Oracle APEX Listener

▪ Started when a deployment is started

▪ Deployments with RAC do not include ORDS


Starting/Stopping ORDS

▪ Login as ‘root’ to the compute node

▪ Start/stop using scripts or service commands

/u01/app/oracle/product/ords/ords stop

/u01/app/oracle/product/ords/ords start

/u01/app/oracle/product/ords/ords status

/etc/init.d/ords stop

/etc/init.d/ords start

/etc/init.d/ords status


REST API Documentation

▪ Click on the “REST APIs” link


Calling REST API with cURL

curl --include

--request GET

--user [email protected]:welcome1

--header "X-ID-TENANT-NAME:a444444"

https://dbaas.oraclecloud.com/paas/service/dbcs/api/v1.1/instances/a444444

▪ Don’t use passwords with ! as they will not work when authenticating

against ORDS

▪ Example call to view all services:


Calling REST API with cURL



Create SSH Tunnel with Putty

▪ Get public IP, port, and SID



▪ Click on “Data”

▪ Enter ‘oracle’ as the auto-login

username



▪ Click on “SSH”

▪ Check “Don’t start a shell or

command at all”



▪ Click on “Auth”

▪ Browse and locate your PPK file



▪ Click on “Tunnels”

▪ Add the source port as 1521

▪ Add the destination as your IP

address colon 1521

▪ Then click on “Add”



▪ Click on “Session”

▪ Enter the IP address

▪ Enter a name for the session

▪ Click on “Save”

▪ Click on “Open”:

▪ Enter the password of your private key

▪ Keep the Putty window open

▪ You now have an SSH tunnel on port 1521


Configure Oracle SQL Developer Connection

▪ Enter the information as shown, but use “localhost” as the hostname


Connect via Oracle SQL Developer

▪ Voila!


Oracle SQL Developer – SSH Hosts

▪ Newer versions support SSH Hosts

http://blog.raastech.com/2016/06/configure-oracle-sql-developer-to.html

http://blog.raastech.com/2016/06/configure-oracle-sql-developer-to.html



Confusing Accounts and Firewall Rules

▪ Relationship between Oracle Account, My Account, and My Services

continues to confuse

▪ Unintuitive firewall rule configuration


Oracle Cloud Support

▪ Disappointing response to Sev 1 SRs, no callbacks even when

requested, often multiple day response times if you don’t continually

hound them

▪ No non-CSI weekend support


Responsiveness of UI

▪ Static and unresponsive refresh icon

▪ Are pages static? Unclear when/if pages refresh



Summary

▪ Getting started is quick and easy

▪ The role of the DBA will not disappear

▪ One of the more solid and reliable Oracle Cloud services

▪ Independent performance results of Oracle Database on the Oracle

Cloud considerably outperforms those when run on competing cloud

providers

▪ Oracle pricing has gotten more competitive over the last few years

▪ Can be managed by non-DBAs for very simple databases, but

competent DBAs still required for enterprise and mission critical

systems (not just for Oracle, but any DBaaS provider)


Contact Information

▪ Ahmed Aboulnaga

▪ Technical Director

▪ @Ahmed_Aboulnaga

▪ [email protected]


Q&A

Technology

Oracle Database Cloud Service - Provisioning Your First DBaaS Instance