<Insert Picture Here>

Technology Infrastructure for Applications

Prepared for
Ahmed Adly
Solution Specialists Director
Oracle Middle East and Africa
Date 12 June
2011
THE CHALLENGE

2
Modernization….but
Robustness

3
Open Platform….but
Secure

4
Customizable….but
Standard

5
INFRASTRUCTURE

6
 Traditional Infrastructure Planning
Expensive Idle Redundancy

Idle Redundant systems & storage

Production Failover Impossible to know if it all works…
Server Server until you try to failover
3rd party cold
failover cluster Idle Disaster
Recovery
Systems

3rd party remote mirroring

3rd party
backup software Storage Array Matching Storage
3rd party volume manager Array
and file system…

7
Today s High Availability Requirements
From Oracle Customers

Requirements Solution Profile

Protection from outages Any type, anywhere

Typical recovery time Seconds to minutes

Testing frequency Whenever

Typical data loss Zero or seconds

Complexity in deployment Simple

Stack integration required Pre-integrated

ROI Show me the money!

8
Oracle s HA Design Principles
1.  Complete
–  Minimize all planned and unplanned downtime
–  Offer a standard validated platform for maximum availability

2.  Application oriented

–  Protect and recover application objects
–  Enable online application changes

3.  Scale-out model

–  Low-cost commodity hardware
–  All components active in a grid infrastructure

4.  Integrated and simple

–  Built-in HA with pluggable components
–  Automatic - eliminate manual processes

9
 Oracle s Database HA Solution Set
Database Integration Unique in the Industry!

Server Real Application Clusters

Oracle MAA Best Practices

Availability
Unplanned Flashback
Downtime RMAN & Oracle Secure Backup
Data
ASM
Availability
Data Guard
GoldenGate

System Online Reconfiguration

Changes Rolling Upgrades

Planned Data
Online Redefinition
Downtime Changes

App Edition-based Redefinition

Changes

10
 Best-of-Breed Server Availability
At Lowest Cost

Server Real Application

Availability
Unplanned Clusters (RAC)
Downtime Data
Availability

System
Changes

Planned Data
Downtime Changes

App
Changes

11
Real Application Clusters
Virtualize Low-cost Servers

HR SALES ERP

•  Scale workloads across multiple low cost servers

•  Consolidate into fewer servers and databases
•  Runs all Oracle database applications
•  Built-in HA to support mission critical workloads

12
 Best-of-Breed Data Availability
At Lowest Cost

Server
Availability
Flashback
Unplanned RMAN
Downtime Data Oracle Secure Backup
Availability ASM
Data Guard
GoldenGate

Protection from Protection from Protection from Enabling Active-

Human Errors Data Corruptions Storage / Site Failures Active Data Centers

13
 Traditional
Flashback Technologies 80
Recovery

Error Detection & Correction

60

Recovery Time
•  Flashback revolutionizes error recovery 40
–  View good data as of a past point-in-time
–  Simply rewind data changes
20
Flashback
–  Time to correct error equals time to make error 0

Correction Time = Error Time + f(DB_SIZE)

•  Low impact, easy – simple commands, no complex procedure

•  Flashback Query, Table, Transaction, Database, Drop
•  E.g.: SQL> flashback database to <timestamp>;

•  Enhancements in Oracle Database 11g Release 2:

•  Flashback database performance & monitoring optimizations
•  Flashback archive support for schema evolutions

14
 Oracle Backup & Recovery
Integrated Disk, Tape & Cloud Backup

Oracle Enterprise
Manager •  Recovery Manager (RMAN) provides
the infrastructure for Oracle s
Integrated Backup & Recovery
Oracle Secure
Backup •  Intrinsic knowledge of database file
formats and recovery procedures
•  Block validation
RMAN
•  Online block-level recovery
•  Unused block compression
•  Online, multi-streamed backup
•  Native encryption
Tape Drive •  Multiple compression levels (11.2)

•  Integrated disk backup: Fast

Recovery Area
Fast Recovery •  Integrated tape & cloud backup:
Area
Data Files Cloud Oracle Secure Backup
(Amazon S3)

15
Automatic Storage Management (ASM)
Stores & Manages All Data
Database Application 3rd Party FS

Automatic Storage Management (ASM)

ACFS Snapshot
ASM Instance
Managing Oracle DB ASM Cluster & Single
Files Node File System
(ACFS)

Dynamic Volume Manager

ASM
Disk
Group

DB Datafiles, OCR and Voting Files Oracle Binaries 3rd Party File Systems

•  ASM supports ALL data - database files, file systems, Clusterware files (OCR, Voting Disk)
•  Built-in mirroring protects from disk failures New in 11.2
•  Enables auto-repair from corrupt blocks using a valid mirror copy

16
 Oracle Data Guard
Best Data Protection

Active Data Guard

Sync / Async Standby Database
Redo Transport

Primary
Database

Data Guard Broker

•  Data availability and data protection for the Oracle Database

•  Up to thirty standby databases in a single configuration
•  Standby database used for queries, reports, test, or backups

17
 Data Protection with Storage Mirroring?

Primary Site: RAC - All Servers Active DR Site: All Servers Inactive

Database
Instance

Storage
Mirroring
Database
Storage

Storage mirroring: Redundant storage protects from storage failures, but:

•  No protection from physical data corruptions
•  DR systems offline during mirroring – no real-time data validation
•  Distance limited, storage vendor lock-in, manual failover, no rolling upgrades, high network use

More info:
http://www.oracle.com/technetwork/database/features/availability/dataguardremotemirroring-086151.html

18
 Example: Storage Mirroring Weakness
High Usage of Network Resources

Network I/O
Primary Target
Volumes Volumes
Log
Buffer
Online
Logs Much more
fil
network volume
Archive
Logs Much more
Flashback
network impact
Logs
Control Zero Oracle
Files awareness
Data Poor fault
Files isolation
SYSTEM
USER Idle standby
TEMP
systems
UNDO

Also: database block corruptions propagated to target 19

 Example: Data Guard Strengths
Optimized Usage of Network Resources
Oracle-optimized redo
block transmission
Oracle Apply
Primary Active
& Validation
Database Standby
Log Database
Buffer
Online
Logs
Storage agnostic
fil

Archive
Logs Minimal
Flashback network impact
Logs
Control Strong fault
Files isolation
Data Automatic
Files block repair
SYSTEM
USER Active standby
TEMP systems
UNDO

Also: standby database protected from primary database block corruptions 20

 Oracle Active Data Guard – What Is It?
•  New Oracle Database 11g capability that builds upon Data Guard
–  Physical standby open read-only while changes applied from primary database
–  RMAN fast incremental backups on physical standby using Block Change Tracking
–  Auto-repair corrupted data blocks

•  Benefits
–  Improves primary database performance by offloading processing to standby
–  Makes productive use of existing physical standby databases

•  Licensing
–  Packaged as a separate database Option for Oracle Enterprise Edition
–  Requires licensing of the production database and all the physical standbys that
are used for any of the above capabilities

21
Data Guard
Standby Database: Failover Target

Read-write
Workload Fast
Real-time Incremental
Reporting Backups

Continuous redo
shipping, validation & apply

Production Physical Standby

Database Database

22
Active Data Guard
Standby Database: Offload Production + Failover Target

Read-write Fast
Workload Real-time Incremental
Reporting Backups

Continuous redo
shipping, validation & apply

Production Active Standby Database

Database (physical standby open read-only)

23
 Data Guard vs. Active Data Guard
Zero Impact to Recovery Time Objective (RTO)

Data Guard 11g Active Data Guard Option

•  Stop redo apply at 8am •  Redo apply is always on
•  Open read-only for queries •  Always open read only

•  By 4pm, data on physical •  Queries and reports always

standby is 8 hours old see latest data

•  Any failover will be delayed •  Failover is immediate when

due to backlog of data that needed, standby database
must be applied always up-to-date

24
 Best Online Planned Maintenance
At Lowest Cost

Server
Availability
Unplanned
Downtime Data
Availability

System Online Reconfiguration

Changes Rolling Upgrades

Planned Data Online Redefinition

Downtime Changes

App Edition-based Redefinition

Changes

25
Online Reconfiguration
Scaling on Demand

•  Servers
–  Add/Remove RAC nodes online
–  No data movement needed

Database •  Storage
–  Add/Remove ASM disks or arrays online
–  Automatically rebalance after storage change

Storage
•  Clusterware, ASM
–  Upgrade Oracle Clusterware and ASM in an
online manner

26
Online Patching and Upgrades
•  Some one-off patches can be applied to a running Oracle instance
–  Linux-x86, Solaris 10, HP-UX 11i
–  [New in 11.2] Windows 32-bit and Windows 64-bit, AIX v6.1 [TL2 SP1]

•  Many one-off patches can be deployed in a rolling manner using RAC

•  Rolling database release / patchset upgrades, OS upgrades, platform

migrations with Data Guard / GoldenGate
•  Ref. Support Note: 1265700.1 - Data Guard Standby-First Patch Apply

•  Data Center moves / SAN migration / Technology Refresh etc. can be

done with minimal downtime using Data Guard / GoldenGate

27
Oracle GoldenGate
Oracle s Strategic Solution for Information Integration
•  Best-in-class leader in real-time data solutions
•  Continuous Availability for heterogeneous
systems
•  Real-time data access for Reporting & BI/EPM
•  Zero-downtime migrations / upgrades to Oracle
Database and Applications

•  Over 500 customers with 4,000+ implementations

across Fortune 500 companies: Financial Services,
Communications, Healthcare, Public Sector, Retail &
Utilities industries
•  Top 3 of 5 largest commercial banks
•  Top 3 of 3 busiest ATM networks
•  Top 7 of 10 financial data services companies
•  Top 4 of 5 telecommunications providers
•  Top 3 of 5 largest food & drug stores

28
 Oracle GoldenGate
Architecture
Capture: Committed changes are captured (and can be filtered)
as they occur by reading the transaction logs.

Trail files: Stages and queues data for routing.

Pump: Distribute data for routing to multiple targets.

Route: Data is compressed, encrypted for routing to targets.

Delivery: Applies data with transaction Read/Write

Read/Write
integrity, transforming the data as required. Workload
Workload

Pump
Source Trail LAN / WAN / Target Trail
Capture Internet Delivery
(TCP/IP)
Pump

Source Target Trail Source Trail

Target
Database(s) Delivery Capture Database(s)
Bi-directional

29
Oracle GoldenGate
Support for Heterogeneous Databases / Platforms
Databases O/S and Platforms
Oracle GoldenGate Capture:
  Oracle Linux
  DB2
Sun Solaris
  Microsoft SQL Server
  Sybase ASE Windows 2000, 2003, XP
  Teradata HP NonStop
  Enscribe
HP-UX
  SQL/MP
  SQL/MX
HP OpenVMS
  MySQL IBM AIX
  JMS message queues IBM z Series
zLinux
Oracle GoldenGate Delivery:
  All listed above, plus:
 TimesTen, DB2 for IBM System i
  Netezza, Greenplum, and HP Neoview
  ETL products

30
 Powerful Combination!
Integrated HA, DR and Active-Active Replication

RAC Active Data Guard

- Scalability - DR & Data Protection
- Server HA - Real-time Query

Primary
Database Standby
GoldenGate Database
- Information Distribution
- Heterogeneous

Bi-directional
Replication Subsetting MySQL

31
 Online Index & Table Redefinition

•  All index changes can be done online

•  Tables can be Reorganized & Redefined online with the
DBMS_REDEFINITION package
–  Allows changing location, table type, partitioning, columns, column types
–  Contents can be transformed as they are copied

Copy Transform
Source Table
Table Result
Table

Store
Continuous Update Updates
Queries & Tracking Transform
Updates Updates

32
 Oracle Maximum Availability Architecture
Low-cost, Integrated, Fully Active, High ROI
Production Site Active Replica

RAC Active Data Guard

– Data Protection, DR
– Scalability
– Query Offload
– Server HA

Flashback GoldenGate
– Human error – Active-active
correction – Heterogeneous

ASM
– Volume Management

RMAN & Fast Recovery Area

– On-disk backups
Oracle Secure Backup
Edition-based Redefinition, – Backup to tape / cloud
Online Redefinition, Data Guard, GoldenGate
–  Minimal downtime maintenance, upgrades, migrations

33
Reduce the impact of Data Growth
Partition for performance, management and cost

ORDERS TABLE (7 years)

2003 2008 2009

95% Less Active 5% Active

Low End Storage Tier High End Storage Tier

2-3x less per terabyte

34
Partitioning Concepts

•  Data Partitioning:
–  Process of logically and/or physically segmenting data (and
it s associated storage, tables and indexes) into more
manageable pieces, in order to improve manageability and
accessibility.
–  Example
•  Divide large Applications tables and their indexes such as
GL_BALANCES into smaller segments.

35
 Partitioning in the E-Business Suite

•  Oracle Applications utilizes partitioning in the standard product in

many modules:
–  Advanced Planning and Scheduling
–  Payables (Trial Balances)
–  Projects Resources
–  Workflow
•  Directory Services
•  Runtime tables
–  Daily Business Intelligence
–  HR (Employee Directory)
–  Engineering

36
Options Available

ILM

Archive
Data Storage

Purge

Partitioning Data Access

37
Implementing
Purging & Archiving
•  Consider
–  Data Retention Requirements
–  Recovery Requirements
–  Data access methods and security
–  Storage topology and costs
•  Define
–  Your archive and purge policy

38
 Database Diagnostics Pack
Applications and Application Services Enterprise
Manager

•  Diagnostics Pack
•  DB EE only
Middleware •  Perf. & Availability Monitoring
•  Automatic Workload Repository
•  Metric Baselines
•  Auto. DB Diagnostic Monitor
•  Historical Analysis
Oracle •  Event Management:
•  Notifications
•  Metric history, Blackouts
•  Memory Access Mode
•  System Monitoring Plug-in for
Host, OS , Storage and Network Hosts (for system running DB)

39
 Database Tuning Pack
Applications and Application Services Enterprise
Manager

•  Tuning Pack
• DB EE only
Middleware
• SQL Tuning Advisor
•  SQL Profiles
•  Statistical Analysis
•  SQL Plan Management
Oracle • SQL Access Advisor
•  Index on Table
•  Materialized View on Table
•  Index on Materialized View
•  Reorganize Objects
Host, OS , Storage and Network •  Partition Advisor

Must license diagnostics pack

to get tuning pack

40
Open Platform….but
Secure

41
 Powerful Combination!
Integrated HA, DR and Active-Active Replication

RAC Active Data Guard

- Scalability - DR & Data Protection
- Server HA - Real-time Query

Primary
Database Standby
GoldenGate Database
- Information Distribution
- Heterogeneous

Bi-directional
Replication Subsetting MySQL

42
 Oracle Security Inside Out
Database Security

•  Encryption and Masking

•  Privileged User Controls
•  Multi-Factor Authorization
•  Activity Monitoring and Audit
•  Secure Configuration

Identity Management

•  User Provisioning
•  Role Management
Information
•  Entitlements Management
•  Risk-Based Access Control
Infrastructure
•  Virtual Directories
Databases Information Rights Management
Applications
•  Document-level access control
Content
•  All copies, regardless of
location
(even beyond the firewall)
•  Auditing and revocation

43

Oracle Confidential 43
43
 Oracle s Comprehensive IdM
Solutions
Identity Admin. Access Management Directory Services
Identity lifecycle Strong authentication Storage
Role management Risk based authorization Virtualization
Organization management Single sign-on Synchronization
Provisioning Federation & STS
Reconciliation Fine grained entitlements
Password management Web Services security
Operating systems security

Identity & Access Governance Manageability

Audit Reporting Analytics Fraud Service level Performance
Attestation Segregation of duties Configuration Automation

44
 Oracle Access Manager
Oracle HTTP Server Deployed
Application
Authentication
OAM Webgate agent Local User
Store
End User
Authentication WebLogic Server
Decisions
LDAP
Authentication User
Authentication Flexibility to use other LDAP
servers for Authentication
Optional with Decisions
OAM Oracle Access Manager

User Data User Enterprise

Synchronization User Store

Oracle Internet Directory Directory Integration Enterprise User Store

Platform or Oracle
Identity Manager

45
 Oracle eSSO Suite
Oracle Enterprise SSO (Desktop/Legacy)

•  Benefits
–  Eliminates forgotten passwords for Windows
desktop and applications
–  Improves security & user experience
–  Meet regulatory compliance
•  Features
–  Sign-on to any Windows, web, host, mainframe or Java application
–  Use any combination of tokens, smart cards, biometrics and
passwords
–  Auto inactive session termination and application shutdown for
shared workstation
–  Reset Windows password directly from locked workstation

46
 Oracle Adaptive Access Manager

User Context
3RD Party Apps/Data

Context
Location Device Context
ARM
Historical Data

Context •  Current vs historical

Context –  User
–  Device
Context –  Location
ASA
–  Transaction
–  3rd Party
•  Cross comparisons

47
 Oracle s Comprehensive IdM
Solutions
Identity Admin. Access Management Directory Services
Identity lifecycle Strong authentication Storage
Role management Risk based authorization Virtualization
Organization management Single sign-on Synchronization
Provisioning Federation & STS
Reconciliation Fine grained entitlements
Password management Web Services security
Operating systems security

Identity & Access Governance Manageability

Audit Reporting Analytics Fraud Service level Performance
Attestation Segregation of duties Configuration Automation

48
 Oracle Identity Administration

Users Roles Enterprise Resources

•  Tens of thousands of users with hundreds of entitlements

•  Automate Provisioning / Deprovisioning
•  Identify orphaned accounts
•  Report on Who has access to what
•  Self-service requests & Delegated Administration

49
 Role Based User Provisioning
Oracle Identity Manager

GRANT
REVOKE

GRANT
REVOKE

GRANT
REVOKE

Employee HR System Approval Applications

Joins / Departs Workflows
•  Automate Roles Based Provisioning / Deprovisioning
•  Identify orphaned accounts
•  Report on Who has access to what
•  Self-service requests

50
 Sample Out-of-The-Box Connectors
Database Servers Directory Servers

Enterprise Applications Messaging & Help Desk

Operating Systems Security Management

RACF ACF2
AS/400 TopSecret

51 51
 Oracle s Comprehensive IdM
Solutions
Identity Admin. Access Management Directory Services
Identity lifecycle Strong authentication Storage
Role management Risk based authorization Virtualization
Organization management Single sign-on Synchronization
Provisioning Federation & STS
Reconciliation Fine grained entitlements
Password management Web Services security
Operating systems security

Identity & Access Governance Manageability

Audit Reporting Analytics Fraud Service level Performance
Attestation Segregation of duties Configuration Automation

52
 Identity Analytics

•  Exhaustive set of Audit and Compliance

Reports and Dashboards
?
•  Role Mining and Engineering
?
•  Built-in Attestation/Certification based on
users, roles and entitlements

•  Ability to setup Segregation of Duties (SoD)

policies for monitoring, and resolution across
IT assets

•  Rich Identity Warehouse that is pre-integrated

with OIM 9.1x/OIM11g and Oracle Waveset

- Confidential - © 2009 Oracle Corporation 53

53
 Oracle s Comprehensive IdM
Solutions
Identity Admin. Access Management Directory Services
Identity lifecycle Strong authentication Storage
Role management Risk based authorization Virtualization
Organization management Single sign-on Synchronization
Provisioning Federation & STS
Reconciliation Fine grained entitlements
Password management Web Services security
Operating systems security

Identity & Access Governance Manageability

Audit Reporting Analytics Fraud Service level Performance
Attestation Segregation of duties Configuration Automation

54
 Oracle Internet Directory
•  LDAP storage built upon Oracle database
•  Full functional meta directory with Directory Integration
Platform (DIP) component
•  Integrated into Oracle Fusion Middleware and
applications
•  High performance and scalability with 2-billion-entry
benchmark
•  Maximum availability with multi-layer HA including
LDAP replications and Oracle RAC etc
•  Extreme security with database vault and encryption in
addition to LDAP access control

55
Database Defense-in-Depth
Encryption and Masking
• Oracle Advanced Security
• Oracle Secure Backup
• Oracle Data Masking
Access Control
• Oracle Database Vault
• Oracle Label Security
Auditing and Tracking
• Oracle Audit Vault
• Oracle Configuration Management
• Oracle Total Recall

Monitoring and Blocking

•  Oracle Database Firewall

56 56
 Database Security – Big Picture

Audit
Consolidation

New!
Unauthorized DBA Activity
Procurement
Sensitive
Auditing
Multi-factor Authorization
HR
Confidential
Authorization
DB Consolidation Security
Applications Public
Rebates
Authentication

Network
SQL
Monitoring
and
Blocking
Encrypted Encrypted Encrypted Data
Database Backups Traffic Masking

57 57
Database Defense-in-Depth
Encryption and Masking
• Oracle Advanced Security
• Oracle Secure Backup
• Oracle Data Masking
Access Control
• Oracle Database Vault
• Oracle Label Security
Auditing and Tracking
• Oracle Audit Vault
• Oracle Configuration Management
• Oracle Total Recall

Blocking and Monitoring

•  Oracle Database Firewall

58 58
Oracle Advanced Security
Transparent Data Encryption
Disk

Backups

Exports

Application
Off-Site
Facilities

•  No application changes required

•  Efficient encryption of all application data
•  Built-in key lifecycle management
•  Works with Exadata V2 Smart Scans
•  Works with Oracle Advanced Compression

59 59
Oracle Advanced Security
Network Encryption & Strong Authentication

•  Standard-based encryption for data in transit

•  Strong authentication of users and servers
•  No infrastructure changes required
•  Easy to implement

60 60
 Oracle Data Masking
Irreversible De-Identification

Production Non-Production
LAST_NAME SSN SALARY LAST_NAME SSN SALARY

AGUILAR 203-33-3234 40,000 ANSKEKSL 111—23-1111 40,000

BENSON 323-22-2943 60,000 BKJHHEIEDK 222-34-1345 60,000

•  Remove sensitive data from non-production databases

•  Referential integrity preserved so applications continue to work
•  Extensible template library and policies for automation

61 61
Database Defense-in-Depth
Encryption and Masking
• Oracle Advanced Security
• Oracle Secure Backup
• Oracle Data Masking
Access Control
• Oracle Database Vault
• Oracle Label Security
Auditing and Tracking
• Oracle Audit Vault
• Oracle Configuration Management
• Oracle Total Recall

Blocking and Monitoring

•  Oracle Database Firewall

62 62
Oracle Database Vault
Privileged Account Controls

Procurement
DBA
HR
Application
Finance

select * from finance.customers

•  Limit access of privileged accounts

•  Securely consolidate application data
•  No application changes required
•  Works with Oracle Exadata V2 Database Machine

63 63
Oracle Database Vault
Multi-Factor Access Control

Procurement

HR

Application Rebates

•  Protect application data and prevent application by-pass

•  Enforce who, where, when, and how using rules and factors
•  Out-of-the box policies for Oracle applications, customizable

64 64
 Oracle Database Vault
Built-In Factors

•  User Factors •  Database Factors

•  Name
•  Authentication type
•  Session User
•  Proxy Enterprise Identity
•  Network Factors
•  Machine name
•  Client IP
•  Network Protocols
•  Extensible
•  Define custom factors
•  Database IP
•  Database Instance
•  Database Hostname
•  Database SID
•  Runtime Factors
•  Language
•  Date
•  Time

65 65
 Oracle Database Vault
Command Rules

•  Alter table •  Drop table

•  Alter trigger •  Drop user
•  Alter package •  Drop index
•  Alter tablespace
•  Truncate table
•  Connect / login
•  ….
•  Create table
•  Create index •  ....
•  Create view •  ….

66 66
Oracle Label Security
Data Classification for Access Control

Sensitive
Transactions

Confidential
Report Data

Public
Reports

Confidential Sensitive

•  Classify users and data based on business drivers

•  Database enforced row level access control
•  Users classification through Oracle Identity Management Suite
•  Classification labels can be factors in other policies

67 67
Database Defense-in-Depth
Encryption and Masking
• Oracle Advanced Security
• Oracle Secure Backup
• Oracle Data Masking
Access Control
• Oracle Database Vault
• Oracle Label Security
Auditing and Tracking
• Oracle Audit Vault
• Oracle Configuration Management
• Oracle Total Recall

Blocking and Monitoring

•  Oracle Database Firewall

68 68
Oracle Audit Vault
Automated Activity Monitoring & Audit Reporting
HR Data ! Alerts

Built-in
CRM Data Reports
Audit
Data Custom
ERP Data Reports

Databases Policies
Auditor

•  Consolidate audit data into secure repository

•  Detect and alert on suspicious activities
•  Out-of-the box compliance reporting
•  Centralized audit policy management

69 69
70 70
71 71
Database Defense-in-Depth
Encryption and Masking
• Oracle Advanced Security
• Oracle Secure Backup
• Oracle Data Masking
Access Control
• Oracle Database Vault
• Oracle Label Security
Auditing and Tracking
• Oracle Audit Vault
• Oracle Configuration Management
• Oracle Total Recall

Blocking and Monitoring

•  Oracle Database Firewall

72 72
 Oracle Database Firewall
First Line of Defense
Allow

Log

Alert

Substitute
Applications Block

Alerts Built-in Custom Policies

Reports Reports

•  Monitor database activity to help prevent unauthorized activity,

application bypass and SQL injections
•  Highly accurate SQL grammar based analysis
•  White-list, black-list, and exception-list based security policies
•  Built-in and custom compliance reports for regulations

73 73
 Oracle Database Firewall
Positive Security Model Based Enforcement

White List
Allow

Block
Applications

•  White-list based policies enforce normal or expected behavior

•  Policies evaluate factors such as time, day, network, and application
•  Easily generate white-lists for any application
•  Out of policy SQL statements can be logged, alerted, blocked or substituted
with a harmless SQL statement
•  SQL substitution foils attackers without disrupting applications

74 74
 Oracle Database Firewall
Architecture
In-Line Blocking and
Monitoring

Out-of-Band
Inbound Monitoring
SQL Traffic
HA Mode
Management Policy
Server Analyzer

•  In-line blocking and monitoring, or out-of-band monitoring modes

•  High availability with parallel firewalls
•  Monitoring of remote databases by forwarding network traffic
•  Application agnostic
•  Support for Oracle and non-Oracle Databases

75 75
 Oracle Database Security Solutions
Inside. Outside. Complete.

•  Preventive and detective controls within the Oracle database

•  Database Firewall to prevent threats from reaching databases
•  Transparent – no changes to existing applications
•  Complete integrated solutions for lower TCO

Encryption Access Auditing Monitoring

& Masking Control & Tracking & Blocking
•  Advanced Security •  Database Vault •  Audit Vault •  Database Firewall
•  Secure Backup •  Label Security •  Total Recall
•  Data Masking •  Identity Management •  Configuration
Management

76 76
Customizable….but
Standard

77
INTEGRATION AND BUSINESS
PROCESS

78
 Business Processes are Evolving…
from sequential and siloed… Example: Bank Lending
Originate Approve Service Analyze

to parallel and collaborative…

Application Payment
Customer
Define Product Syndicate Refine Product
Lending Market Product Process Application

Dept.
Approve Product Analyze Profitability
Finance

Credit Approval
Credit

Set Up Servicing Billing

Servicer (Outsourced)

…requiring technology that is smart, agile, low cost, and secure

79
 The Reality Of Modern Business

•  Heterogeneous Environments
•  Mergers & Acquisitions E-Business PeopleSoft
Suite
•  Multi Channel Businesses
•  Data Dispersion
•  Hard coding Suppliers
Business
•  Lack of Standards Intelligence

The Result: Siebel

Web
Services
Inflexible business processes Legacy
SAP
Uninformed business owners
Costly development and maintenance

80
Almost There

81
 SOA Defined

Service Oriented Architecture is an Application

Architecture that is designed to achieve loose
coupling among interacting software applications
by defining a service once and re-using it many
times.

82
 Service Oriented Architecture – An
Architectural Style

SOA
Create building blocks of
functionality (services) –
new or existing
functionality

Assemble building blocks in

many ways to create new
business processes
Change configuration of
blocks to quickly create new
processes

83
SOA Benefits

84
 Oracle ESB: Component Architecture
•  Components
–  Integrated Designer
Composite Applications, Portals, BI and BAM
–  Rich Monitoring Console
–  JCA Adapters
–  Routing Service
fx •  XPATH Filter Expressions
ESB •  XSL Transformation
Console Portlets Web UI BPEL BAM
–  Metadata Repository/Server

Enterprise Service Bus

•  Features
–  Content Based Routing
UDDI –  Enterprise Messaging - OEMS
–  Native XML and Web Services
–  Multi Transport Fabric
MDS
•  Usage Patterns
Security –  Point to Point
Policies SOAP JCA In Memory JMS B2B –  Canonical Modeling
–  Store and Forward
Trading
JAX SAP Java Mainframe
Partner
–  Request/Response
–  Externalized Services

85
Some of the Adapters Available for Oracle SOA Suite…
Applications Databases Technology
Ÿ  Oracle Applications Ÿ  SOAP
Ÿ  Oracle 8i and above
Ÿ  SAP R/3, mySAP Ÿ  HTTP, HTTP-S
Ÿ  IBM DB/2
Ÿ  Peoplesoft Ÿ  Email – POP3, SMTP, IMAP
Ÿ  Informix
Ÿ  JD Edwards Ÿ  FTP, FTP-S
Ÿ  Clarion
Ÿ  Siebel Ÿ  Flat Files
Ÿ  Clipper
Ÿ  Clarify Ÿ  JMS
Ÿ  Cloudscape
Ÿ  Lotus Notes Ÿ  Oracle AQ
Ÿ  DBASE
Ÿ  Ariba Ÿ  IBM MQSeries
Ÿ  Dialog
Ÿ  AXIOM mx/open Ÿ  TIBCO Rendezvous
Ÿ  Essbase
Ÿ  Baan Ÿ  Socket
Ÿ  FOCUS Data Access
Ÿ  BroadVision
Ÿ  Clarify
Ÿ  Microsoft SQL Server
Legacy
Ÿ  MUMPS (Digital Standard MUMPS)
Ÿ  CICS
Ÿ  i2 Technologies Ÿ  Nucleus
Ÿ  IMS/DB
Ÿ  Lawson Ÿ  Paradox
Ÿ  IMS/TM
Ÿ  Livelink Ÿ  Pointbase
Ÿ  VSAM
Ÿ  Manugistics Ÿ  PROGRESS
Ÿ  ADABAS
Ÿ  Microsoft CRM Ÿ  RMS
Ÿ  Natural
Ÿ  Vantive Ÿ  SAS Transport Format
Ÿ  Tuxedo
Ÿ  Walker Interactive Ÿ  Sybase
Ÿ  Screen Scraping
Ÿ  Remedy Ÿ  Teradata
Ÿ  CA-IDMS
Ÿ  Salesforce.com Ÿ  Unisys DMS 1100/2200
Ÿ  C-ISAM,D-ISAM,K-SAM, QSAM
Ÿ  UniVerse

86
 The Oracle BPEL Process Manager
Enterprise-strength infrastructure for BPM

BPA Suite JDeveloper

Process
•  Comprehensive and native
BPEL Designer
Modeler BPEL

BPEL implementation

•  Easy-to-use modeling tool

Workflow Services
BPEL Process Manager
Integrated BPM Services
•  Scalable and reliable engine
WSDL Binding
•  Flexible binding framework
Web

Workflow Decision Sensors

services
Java, JMS
Metadata Repository •  Rich management and
(Dehydration)
Service monitoring
File, FTP

Database
•  Support for Oracle AS,
Core BPEL Engine
Process
JBoss,
Apps
Console WebLogic and WebSphere
MANAGE

J2EE Application Server

•  Get up and running in less
(Oracle AS, WebLogic, JBoss, WebSphere)
than 15 minutes!

87
Including humans in the process
Human Workflow
•  Task routing & assignment
•  Integration with LDAP
•  Sub tasks
•  Notification

•  Out of the box

•  Customisable
•  Available as
portlets
•  Reports/audit trails

88
Applying business rules
Business Rules

•  Abstract from
process
•  If/then
•  Decision tables
•  Conflict/gap analysis

•  Modify at runtime
•  Commit/rollback
•  Activation/effective dates

89
 90
Slide 90
BUSINESS INTELLIGENCE

91
Management Excellence:
The Next Competitive Edge
Smart – Deep Insight
Agile – Decisive Action
Competitive
Advantage Aligned – Across the
extended enterprise

MANAGEMENT EXCELLENCE

Cost – Lean and Mean

Quality – Six Sigma, TQM
Speed – Real-time, JIT

OPERATIONAL EXCELLENCE

Time

92
 Business Intelligence – Market Definition

“Business Intelligence is
the process of transforming data into
information
and through discovery transforming that
information into knowledge”
Gartner Group, circa 1993

Then taking Action Oracle’s approach!

93
 Most Integrated.
Oracle Business Intelligence 11g
Data Scorecards Interactive Reporting & Ad-hoc Office Search Detect Collaborate Mobile Embedded
Integration Dashboards Publishing Analysis Integration & Alert

Common Enterprise Information Model

•  Common Metadata Foundation across all Data Sources
•  Common Security, Access Control, Authorization, Auditing
•  Common Request Generation and Optimized Data Access Services
•  Common Clustering, Workload Management, & Deployment
•  Common Systems & Operational Lifecycle Management

OLTP & ODS Data Warehouse Exadata OLAP Packaged Unstructured Excel Business
Systems Data Mart Sources Applications & Semi- XML/Office Process
(Oracle, SAP, Others) Structured

Copyright © 2010, Oracle and/or its affiliates. All rights reserved. 94 94

 New Interactive Visualizations
Gain Insight Quicker with Greater Visibility

•  Rich Interactive Visualizations

•  Animated transitions

•  Range and Paging sliders

•  Legend-based interactions

•  Master-Detail linking

•  Extensive and extended set of

chart types

•  Consistent, hi-fidelity charting

across Oracle product line

Copyright © 2010, Oracle and/or its affiliates. All rights reserved. 95 95

 Best in Class Ad-hoc Query & Analysis
Oracle Business Intelligence 11g
•  First, seamless ROLAP & OLAP
browser interface
•  OLAP query building with
member selection
–  Member selection
–  Calculated members
–  Hierarchical calculations
–  Custom aggregates
•  Navigate across relational and
multidimensional sources
–  Shared metadata, calculations,
dimensions, security
–  Ragged & skip-level hierarchies
–  Performance for each source
•  Microsoft Office Integration

Copyright © 2010, Oracle and/or its affiliates. All rights reserved. 96 96

 Best in Class Production Reporting
Oracle BI Publisher
•  100% thin-client design environment
•  Pixel-perfect documents
•  Lightweight, easy to use
–  Easy to embed: 5 MB Download
–  Relational, OLAP, unstructured sources
–  Multiple output formats: XML, HTML, Word, PPT,
PDF, RTF, Open Office, …

•  Powerful & highly scalable server

–  1,000,000 Reports/Hour on 2 CPUs
–  Highly scalable: Optimal resource and print
queue management
–  Active-Active clustering
•  Separates data extraction, formatting,
delivery models
–  Dynamic font substitution
–  Dynamic language substitution

Copyright © 2010, Oracle and/or its affiliates. All rights reserved. 97 97

 Uncover Patterns Hidden in Tables
New Spatial Integration Goes Beyond the
Interface

Copyright © 2010, Oracle and/or its affiliates. All rights reserved. 98 98

 Oracle BI Server EE
Leading ROLAP Server

•  Complete BI Tools Suite

–  Consistent UI, metadata, calculations,
data access, security
•  Best ROLAP Performance
–  Intelligent Request Generation ORACLE BI SERVER
Complete. Open. Integrated.
–  Intelligent Function Shipping
–  With multi-pass calculations
Common Enterprise Information Model
–  Intelligent Aggregate Navigation
–  Intelligent Caching
–  Optimized Distributed Data Access
•  Multi-user Development
–  Enterprise consolidation & scale
•  Heterogeneous Data Sources
–  Relational, OLAP, unstructured

99
UNIFIED INTERFACE

100
 A Typical Portal Site
Global Chrome – Template – Navigation – Search – Corp. Identity

Useful
RSS Content Integration / Links
Publishing

Content Portlets
Int. / Third
Portlets
Publ. Party
Business Intelligence

Polls Content Integration / News

Publishing

101
Enterprise Challenges
Information Explosion
•  Meteoric growth – 35% CAGR with 80% of
content unmanaged
•  30% of information workers time spent
searching
Website Proliferation
•  Dramatic increase in intranet Web sites,
applications, and destinations
•  User frustration with poor interfaces and
system complexity
Application Silos
•  Most processes / projects span more than
one application
•  Difficult to execute tasks across multiple
systems
Disconnected Stakeholders
•  Most projects require contributions &
coordination of multiple stakeholders
across geographies

102
 Oracle WebCenter Suite
Portals and User Interaction Solution

•  Improve employee productivity with a

unified workspace that combines
access to content, applications,
processes and social networks.
•  Increase revenue with an enhanced
user experience for relevant
information, transactions, and customer
support across multiple channels
•  Reduce IT costs with a composite
framework that enables lower
integration costs and greater reuse for
developers building and deploying
applications
103
 Oracle WebCenter Suite
Next-Gen Platform for Enterprise 2.0

Dynamic Desktop Multi-Channel

Business User Communities Integration Interactions
Productivity

IT Agility
User-Driven
Personalization

Pre-packaged
Enterprise
Integration:
Apps,
Content,
Standards-based Processes
Enterprise Ready Web 2.0
SharePoint Integration

104
ECM Directly from E-Business Suite
Easy Access to Imaged Documents and Tasks

Viewer and Task List is

launched from ERP UI to:

•  View task & image

•  Key from image
•  Resolve exceptions
•  Annotate & add
comments to
documents
•  Viewer supports
500+ document
formats

105
ECM Directly from E-Business Suite
Easy Access to Attached HR Documents

•  Managed Attachments is
launched from App UI to:
•  View/Edit Attachments
•  Check-in, Scan, etc.

106
REFERENCES

107
 References

Indústria Aeronáutica
de Portugal

108
Oracle s Recommendation: Fusion Platform

Oracle Fusion Platform • Built for application

implementations
•  Optimal Apps
Integrations

•  Upgrade-Safe • Optimizes TCO & time-to-

Extensions
market of any apps project
•  Process Visibility

•  Workflow • Maximizes process quality &

Automation (BPM)
visibility

• Future Proof – the same

platform as Fusion Apps
109
Oracle End to End Platform

•  Pre-Integrated
•  Comprehensive
•  Optimized
•  Certified
•  Cost Optimized
•  Standard

110
Questions

111111