What`s New with Oracle Database 12c on Windows

What`s New with Oracle Database 12c on Windows
What's New with Oracle
Database 12c on Windows
On-Premises and in the Cloud
Santanu Datta
Vice President
Alex Keh
Senior Principal Product Manager
Server Technologies
September 21, 2016
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
Program Agenda
1
Windows Platform Support
2
Oracle Database 12c Release 2
3
Cloud
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
3
Windows Platform Support
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
4
Windows Server 2016 and Windows 10
Supported Editions
• Windows Server 2016 editions
– Datacenter, Essentials, and Standard Edition
• Windows 10 editions
– Education, Enterprise, and Pro
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
5
Database Certification on 32-bit Windows
11.2 DB and client1
12.1 client2
Windows 7
Yes
Yes
Windows Server 2008
Yes
Yes
Windows Server 2008 R2
Yes
Yes
Windows 8
11.2.0.4
Yes
Windows 8.1
11.2.0.4
12.1.0.2
Windows Server 2012
11.2.0.4
Yes
No
12.1.0.2
OS
Windows 10
#1
RAC 11.2 and
higher does not
support for 32-bit
Windows
#2
For 12.1 and
higher, only DB
Client supports 32bit Windows
Note: Oracle Database Client 12.2 and higher will only support Windows x64.
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
6
Database Certification on 64-bit Windows
OS
11.2
12.1
12.2
Windows 71
Yes
Yes
Yes
Windows Server 2008
Yes
Yes
No
Windows Server 2008 R2
Yes
Yes
No
Windows 81
11.2.0.4
Yes
Yes
Windows 8.11
11.2.0.4
12.1.0.2
Yes
Windows Server 2012
11.2.0.4
12.1.0.2
Yes
Windows Server 2012 R2
11.2.0.4
12.1.0.2
Yes
Windows 101
No
12.1.0.2
Yes
Windows Server 2016
No
No
Yes2
#1
RAC and some server
features not
supported on
Windows clients
#2
To be certified shortly
post-release
Note: 32-bit Oracle Client is supported on Windows x64
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
7
Database Certification on Windows Hyper-V
Guest OS
11.2
12.1
12.2
11.2.0.4 (SI only)
12.1.0.2 (SI only)
No
Windows Server 2012
11.2.0.4 (SI and RAC)
12.1.0.x (SI only)
12.2 (SI and RAC)
Windows Server 2012 R2
(Generation 1)
11.2.0.4 (SI and RAC)
12.1.0.2 (SI and RAC)
12.2 (SI and RAC)
Windows Server 2012 R2
(Generation 2)
No
12.1.0.2 (SI and RAC)
12.2 (SI and RAC)
Windows Server 2008 R2
• Host OS: Microsoft Hyper-V Server 2012 and 2012 R2 are certified
• Host OS: Microsoft Hyper-V Server 2016 will be certified
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
8
Oracle Database 12c Release 2
Security
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
9
Security
• Oracle Home User
• Windows Native Authentication
• Kerberos and ASM enhancements
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
10
Oracle Home User Support
• Run Windows Services for Oracle using a standard Windows account
• Specify a standard (not an administrator) Windows User Account as
Oracle Home User during install and upgrade
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
Microsoft Windows User Types Overview
Built-in
Account
LocalSystem
(Full Administrator
Privileges)
LocalService
(Minimum
privileges)
Virtual Account
(for Windows
Service)
User Account
Administrator
(Local or
Domain user)
Standard User
(Local or
Domain User)
Managed
Service Acct
(Domain User)
• Account needs to be associated with
specific computer system (s)
• No password management needed on
local hosts
• No need to provide passwords during
Windows service configuration
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
New Windows User Account Types Supported
• Virtual Account
– Introduced by Microsoft in Windows 7 and Windows Server 2008 R2
– Each Windows Service has it’s own virtual account name
– No password management
– Can work in a workgroup or domain
– Ability to access the network with a computer identity in a domain environment
• Group Managed Service Account (gMSA)
– Introduced by Microsoft in Windows Server 2012
– Single Group Managed Service Account (gMSA) can be used on multiple hosts
– No password management needed on local hosts
– No need to provide passwords during Windows service configuration
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
Oracle Database Server Install
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
Oracle Home User
• Different from Oracle Installation User who must have OS
administration privileges
• Services for the Oracle Home run with this user name
• Can be Windows Built-in Account or Virtual Account or a standard
Windows User Account
• Can not be changed post install
• Have similarities with ‘oracle’ user on Linux, though you can not log in
as the Oracle Home User on Windows and perform administration
tasks (e.g. Create DB, Install, Upgrade)
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
Oracle Home User Enhancements
Virtual Account Support
• New default for Single Instance Oracle Database Server install
• Only supported for Single Instance Oracle Database Server install
• No need to manage user name or password for Oracle Home User
• Database files are owned by the virtual account for the Oracle
Database Windows Service (e.g. NT Service\OracleServiceORCL)
• Note: DB Client, built-in account option, uses LocalService and Service
SIDs for client side Windows services, and is very similar to how Virtual
Account works
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
Oracle Home User Enhancements
Group Managed Service Account support
• Supported for all Oracle Database installs (DB Client, Single Instance
Oracle Database, RAC and Grid Infrastructure)
• Works like any other domain user but no need to create Oracle wallet
and/or provide password for any database operation
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
Oracle RAC Database Install
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
Oracle Grid Infrastructure Install
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
Database Client Install
• For Built-in Account
option, Windows
Services run under
LocalService (not
LocalSystem) for
Database Client
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
Install
Windows Account option for
Oracle Home User
Needs to be
pre-created?
Password needed
during DB
operations?
DB
Server
(SI)
DB
Client
DB
Server
(RAC)
Grid
Infrastructure
Virtual Account
N
N
Y
N
N
N
Built-in Account (internally, use
LocalSystem)
N
N
Y
N
Y
Y
Built-in Account (internally, use
LocalService)#2
N
N
N
Y
N
N
Local User Account#2
N
Y
Y#1
Y
N
N
Managed Services Account
Y
N
Y
Y
N
N
Group Managed Services Account
Y
N
Y
Y
Y
Y
Domain Account
Y
Y
Y
Y
Y
Y
#1 –
Windows OS authentication can not be used across systems
#2 – Windows Services can not access any secure shared network resource using its own Windows identity
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
Oracle Database Services on Windows
•
Windows Services
Oracle Database
Service
Oracle Listener
Service
•
•
•
File System ACLs
ORACLE
HOME
•
ORACLE BASE
`
Databases
Other Files
Services run as a Windows User (e.g.
domain1\frank)
Each service also has a unique Service SID
(e.g. Database sid orcl has service SID:
NTAUTHORITY\OracleServiceORCL)
Either user name or Service SID can be used
to grant privileges or set ACLs for file system
access
Oracle sets appropriate ACLs for Oracle Home
and Oracle Base
For customer specific files/directories in nonstandard locations, ACLs may need to be
changed to make them accessible to Oracle
Services
Please check Oracle Database Platform
Guide for Microsoft Windows for more
information.
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
Database Creation
• Database Configuration Assistant (DBCA) is used to create or modify
Oracle Database as a part of install or as post install action
• Administrator, invoking the tools, needs to be an OS Administrator and
should have appropriate database privileges
• Use the icon Database Configuration Assistant (the icon is set up to “run
as administrator”) to invoke DBCA
• As Windows Service creation requires both user id and password, DBCA
will ask for the password of Oracle Home User (if needed) in order to
create the Windows Service
• For Single Instance DB, password is needed for Windows Local User and Domain User
• For RAC, the customer has the option to store password in wallet; if not stored, the password
needs to be input for Windows Domain User
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
Oracle Database Upgrade
ORACLE_BASE
ORACLE_
HOME (11.2)
ORACLE_BASE
ORADATA
ORACLE_
HOME (11.2)
ORACLE_
HOME (12c)
Database 1
(11.2)
ORADATA
Database 1
(12c)
Database 2
(11.2)
Database 2
(11.2)
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
Oracle Home and Database Upgrade
• Database Upgrade Assistant (DBUA) is used for database upgrade
across Oracle Homes as a part of install or as post install action
• Administrator, invoking the tools, needs to be an OS Administrator
and should have appropriate database privileges
• Use the icon Database Upgrade Assistant (the icon is set up to “run
as administrator”)
• Requirement to enter Oracle Home User and Password is similar to
Database creation
• When a database is upgraded, it will ask for password of Oracle Home
User (if needed)
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
Administration Tools
• All GUI tools (e.g. DBCA, NETCA) enhanced to support Oracle Home User
and ask for password if needed
• All command line tools (e.g. ORADIM, LSNRCTL, CMCTL) enhanced to
accept Oracle Home User name and password through stdin for service
creation
• Silent Install and Cloning enhanced to support Oracle Home User
• CRSCTL can be used to create wallet for storing password of Oracle Home
User (RAC environment)
• Enterprise Manager support of Oracle Home User for provisioning,
patching, and service creation
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
Management of Oracle Home User
• As it is a standard Windows user, Windows tools can be used to manage
the Windows account (e.g. add privileges, change password)
• For changing password of the Oracle Home User account
– Use Windows tools to change the password
– Windows also requires all Windows Services to be updated to use the new password
– For all Windows Services used by Oracle, you can use the icon Update Password for
Oracle Home User to:
• update password for all Windows services used by Oracle on a computer (Single Instance Database
or Client)
• change password in Oracle wallet and update password for all Windows services used by Oracle in
a cluster (for RAC)
You can also use the tool Oracle Home User Control (orahomeuserctl) in command
line (run as administrator)
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
Recommendations for Oracle Home User
• For DB server (SI)
– Use Virtual Account to avoid password management (12.2)
– For 12.1, specify a Windows user account during install
• For RAC DB and Grid Infrastructure install
– Use a domain user or group managed service account
– For a group managed service account (12.2), you do not need to provide the password for any
database operation
• If you want to separate out administration domains (e.g. Production and Test
databases) of different Oracle Homes for security reasons:
– Use Virtual Account and specify distinct Oracle Base directory for each administration domain
– Use distinct Oracle Home User account (and Oracle Base directory) for each administration domain
• For DB client install, use Built-in Account option
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
Security
• Oracle Home User
• Windows Native Authentication
• Kerberos and ASM enhancements
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
29
Windows Native Authentication (NTS)
• Enabled by default and can work across Windows systems
• Windows user logon credentials used for database authentication
• Windows Explorer or Oracle Administration Assistant can be used to manage
user authentication and role authorization
• Works for Pluggable Databases
• New client-side parameter in sqlnet.ora:
– "no_ntlm“, which may be set to true for security reasons. (Only works for domain users)
– Examples: CONNECT / AS SYSDBA or CONNECT /
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
30
Windows Native Authentication
SYSDBA and SYSOPER Privileges
• ORA_DBA
– SYSDBA privileges for all Oracle Databases on the system
• ORA_OPER
– SYSOPER privileges for all Oracle Databases on the system
• ORA_<HomeName>_DBA (12cR1)
– SYSDBA privileges for Oracle Databases on a specific Oracle Home
• ORA_<HomeName>_OPER (12cR1)
– SYSOPER privileges for Oracle Databases on a specific Oracle Home
All the groups are on the server system
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
31
Windows Native Authentication
Separation of Privileges
• ORA_<HomeName>_ SYSBACKUP (12cR1)
– Backup privileges (SYSBACKUP) for databases of a specific Oracle Home
• ORA_<HomeName>_SYSDG (12cR1)
– Data Guard Privileges (SYSDG) for databases of a specific Oracle Home
• ORA_<HomeName>_ SYSKM (12cR1)
– Encryption Key Management privileges (SYSKM) for databases of a specific Oracle
Home
All the groups are on the server system
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
32
Windows Native Authentication
Administrative Privileges for ASM Instance
• ORA_ASMADMIN (12cR1)
– SYSASM administration privileges on the computer
• ORA_ASMDBA (12cR1)
– SYSDBA privileges for ASM Instance on the computer
• ORA_ASMOPER (12cR1)
– SYSOPER privileges for ASM Instance on the computer
• ORA_DBA and ORA_OPER group members no longer get privileges for ASM
instance
All the groups are on the server system
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
33
Security
• Oracle Home User
• Windows Native Authentication
• Kerberos and ASM enhancements
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
34
Kerberos and ASM Enhancements
• Kerberos
– Security enhancements that were introduced in the MIT Kerberos Release 1.8
distribution
– In sqlnet.ora, set
SQLNET.KERBEROS5_CC_NAME = MSLSA: (instead of OSMSFT:)
• ASM file access control
– Restrict access of database files to the owner of the database home
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
35
Oracle Database 12c Release 2
Scalability and Performance
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
36
Large Pages
• Improve performance with large pages support
– 2 MB Page size (instead of 4 KB)
• If Oracle Home User is a standard Windows account, administrator must
grant the "Lock pages in memory" privilege to Oracle Home User or Service
SID of Oracle Database Service (NTAUTHORITY\OracleService<sid>)
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
37
Large Pages
• Under HKEY_LOCAL_MACHINE\SOFTWARE\ORACLE\KEY_HOMENAME
– Create ORA_LPENABLE or ORA_SID_LPENABLE
– Set the value to 1 for regular mode and 2 for mixed mode
– Mixed mode is the new option to allow use of large pages but fall back to small pages
if OS is not able to allocate large pages
– ORA_SID_LPMAXTIME is the optional time parameter for mixed mode
• If a server has been running for some time and memory is fragmented, OS
may fail to allocate large pages
– Mixed mode can be used to ensure that DB comes up in such cases
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
38
Multiple Processor Groups
• Support max of 10 processor groups with up to 64 CPUs in each group in
12.1.0.2 (12.1.0.1 supports 4 processor groups)
• ORACLE_AFFINITY enhanced to enable affinity of Oracle threads to CPUs in
multiple processor groups
– processorgroup is an optional parameter designating Windows CPU group
• On systems with 64+ logical CPUs, Windows divides all available CPUs into 4 groups (0,1,2,3) with
each group containing no more than 64 logical CPUs
• Details in Oracle Database Platform Guide for Microsoft Windows
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
39
DNFS Client and Resilient File System
• Database 12c DNFS client
– Standard NFS path formats allow user to utilize standard URN notation for NFS in
oranfstab config file and while working with oradnfs utility
• e.g. “nfs://server/share/file”
• Windows Resilient File System support
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
40
Oracle Database 12c Release 2
Ease of Management and Development
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
44
Oracle Database Instance Manager Available as
Microsoft Management Console Snap-In
ORADIM as an MMC Snap-In
• ORADIM performs DB create, edit, delete, start, and shutdown operations
• All ORADIM operations available in snap-in
• Benefits
– Centralized instance management for all Oracle Database Homes
– Familiar Windows GUI management tool
• Found in path ORACLE_HOME\MMC Snap-Ins\oradim or click on ORADIM
shortcut in Oracle Home
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
45
.NET Development
ODAC
• DB Client 12.2
– Application Continuity
– Sharding
• ODAC 12.2
– Connection pool tagging
– ODP.NET Database Resident Connection Pooling (DRCP)
– Oracle Multitenant improvements
– Oracle Edition-Based Redefinition improvements
– Offline Schema Compare in Visual Studio
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
46
Cloud
Windows and .NET
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
47
Oracle Compute Cloud Service
Deploy .NET applications to Oracle IaaS on Windows
• Windows 2012 R2 and Windows 2008 R2 VMs available
from Oracle Cloud Marketplace to
– Free during promotional period
– Deploy to Oracle Compute
• Deploy and configure IIS, .NET, and ODP.NET apps to
Oracle Compute
– How To White Paper: Deploying Microsoft Web Application
Server on Oracle Compute Cloud Service
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
Easy On-Ramp to Oracle Database Cloud Services
Exadata
Full-Instance
Dedicated
Express
Enterprise
Exadata
Development & Test
SMB, Departmental Applications
Enterprise Applications
Highest Availability, Scalability, Performance
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
49
49
The Best Cloud Database for Windows Developers
• Popular language drivers
– ODP.NET
• Multiple interfaces
– Full Oracle Net (SQL*Net)
– REST API, JSON storage
DATABASE
12c
• Updated tools
– Oracle Developer Tools for VS
– SQL Developer, Data Modeler
– Powerful new command-line
R2
Oracle SQL
Developer
Oracle APEX
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
50
Oracle Database Exadata Express Cloud Service
Connect from On-premises
• Use ODP.NET and ODT 12.1 for Oracle Public Cloud or higher
– ODT for VS 2015 and VS 2013
– Managed and unmanaged ODP.NET
• How to connect:
– Developing .NET Applications for Oracle Database Exadata Express
Cloud Service
– Uses Oracle Net Services with Oracle Wallet to secure connection
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
Oracle Database Cloud Service (non-Exadata Express)
Connect from On-premises
• Use ODP.NET and ODT 12.1 for Oracle Public Cloud or higher
– ODT for VS 2015 and VS 2013
– Managed and unmanaged ODP.NET
• How to connect:
– Developing .NET Applications for Oracle Database as a Service
– Secure Shell (SSH) required to secure connection
• Use SSH client to create tunnel, such as PuTTY
• PuTTY can also generate private and public SSH key pair
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
Q&A
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
53
Safe Harbor Statement
The preceding is intended to outline our general product direction. It is intended for
information purposes only, and may not be incorporated into any contract. It is not a
commitment to deliver any material, code, or functionality, and should not be relied upon
in making purchasing decisions. The development, release, and timing of any features or
functionality described for Oracle’s products remains at the sole discretion of Oracle.
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
54
Copyright © 2016, Oracle and/or its affiliates. All rights reserved. |
55
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertisement