Andre Luiz Dutra Ontalba (Board Member)
Configuring Oracle Transparent Data Encryption (TDE) on Oracle 12c multitenant architecture
Category: Database Author: Andre Luiz Dutra Ontalba (Board Member) Date: 5 years ago Comments: 0

Configuring Oracle Transparent Data Encryption (TDE)
on Oracle 12c multitenant architecture

To configure TDE on Oracle 12c multitenant architecture we need to execute some steps in order to
be able to create encrypted tablespaces on Oracle, for example.

 

1) Adjust the sqlnet.ora file to refer your wallet path

 

[oracle@db1 admin]$ cat sqlnet.ora 
ENCRYPTION_WALLET_LOCATION=
(SOURCE=
(METHOD=FILE)
(METHOD_DATA=
(DIRECTORY=/u01/app/oracle/CDB1)
)
)
2) Create the folder on OS side

 

[oracle@db1 admin]$ mkdir -p /u01/app/oracle/CDB1
3) Log into database using the role syskm, create the keystore and the auto login keystore

 

[oracle@db1 admin]$ sqlplus / as syskm




SQL*Plus: Release 12.1.0.2.0 Production on Tue Jul 30 13:42:13 2019

Copyright (c) 1982, 2014, Oracle. All rights reserved.

Connected to:
Oracle Database 12c Enterprise Edition Release 12.1.0.2.0 - 64bit Production
With the Partitioning, OLAP, Advanced Analytics and Real Application Testing options

SQL> administer key management create keystore '/u01/app/oracle/CDB1' identified by oracle;

keystore altered.

SQL>
SQL>
SQL> ADMINISTER KEY MANAGEMENT CREATE AUTO_LOGIN KEYSTORE FROM KEYSTORE '/u01/app/oracle/CDB1' IDENTIFIED BY oracle;

keystore altered.

SQL> select * from v$encryption_wallet;

WRL_TYPE WRL_PARAMETER STATUS WALLET_TYPE WALLET_OR FULLY_BAC CON_ID
------------ --------------------------------- ---------------------- -------------- ----------------------- -----------
FILE /u01/app/oracle/CDB1/ OPEN_NO_MASTER_KEY AUTOLOGIN SINGLE UNDEFINED 0

4) Bounce the database to see if AUTO_LOGIN keystore is working correctly

 

SQL> connect / as sysdba 
Connected.
SQL> shut immediate;
Database closed.
Database dismounted.
startup
ORACLE instance shut down.
SQL> ORACLE instance started.




Total System Global Area 1660944384 bytes
Fixed Size 2925072 bytes
Variable Size 1040190960 bytes
Database Buffers 603979776 bytes
Redo Buffers 13848576 bytes
Database mounted.
Database opened.

SQL> select * from v$encryption_wallet;

WRL_TYPE WRL_PARAMETER STATUS WALLET_TYPE WALLET_OR FULLY_BAC CON_ID
------------ --------------------------------- ---------------------- -------------- ----------------------- -----------
FILE /u01/app/oracle/CDB1/ OPEN_NO_MASTER_KEY AUTOLOGIN SINGLE UNDEFINED 0

Obs.: The first time, you need to set the masterkey to avoid this status and errors with the key not open properly.

 

SQL> alter pluggable database all open;

Pluggable database altered.

SQL> show pdbs

CON_ID CON_NAME OPEN MODE RESTRICTED
---------- ------------------------------ ---------- ----------
2 PDB$SEED READ ONLY NO 
3 PDB2 READ WRITE NO 
4 PD3 READ WRITE NO


5) Let’s setup the masterkey on the keystore

 

SQL> conn / as sysdba
Connected.
SQL> grant dba,syskm to C##dba identified by oracle container=ALL;




Grant succeeded.

SQL> administer key management set keystore close container=all;

keystore altered.

SQL> administer key management set keystore open identified by oracle container=all;

keystore altered.

 

6) On pluggable database, connected with common user C##DBA, let’s set the key for all pdbs.
 


SQL> conn c##dba/oracle@db1:1521/PD3 as syskm;
Connected.
SQL>
SQL> conn / as sysdba
Connected.
SQL> administer key management set key identified by oracle with backup using 'OMK' container=ALL;

keystore altered.

SQL> select * from v$encryption_wallet;

WRL_TYPE WRL_PARAMETER STATUS WALLET_TYPE WALLET_OR FULLY_BAC CON_ID
------------ --------------------------------- ---------------------- -------------- ----------------------- -----------
FILE /u01/app/oracle/CDB1/ OPEN PASSWORD SINGLE NO 0

As you can see above, now the status is OPEN (by password)
7) Connected on PD3 as common user C##DBA and now we can create our tablespace

 

SQL> conn c##dba/oracle@db1:1521/PD3; 
Connected.




SQL> create tablespace OCM_CRYP
2 datafile '/u01/app/oracle/oradata/CDB1/8DE664DD797442E9E055000000000001/datafile/OCM.DBF'
3 size 10m
4 encryption using 'AES256'
5 default storage(ENCRYPT);

Tablespace created.

 

So, this is the new way for 12c to management keys for encryption on database.
 
I hope this helps you!!!
 
This article was written by Andre Ontalba e Rodrigo Mufalani
 
Disclaimer: “The postings on this site are my own and don’t necessarily represent may actual employer positions, strategies or opinions. The information here was edited  to be useful for general purpose, specific data and identifications was removed to allow reach generic audience and to be useful.”

 


Webniar – Patching Like a Hero
Category: Database Author: Andre Luiz Dutra Ontalba (Board Member) Date: 5 years ago Comments: 0

Webinar - Patching like a Hero

Hi guys !!

 

Yesterday we had our first Webinar and we are posting the webinar here for you.

 
 
Follow the link in the PDF presentation: Click here

 

 

 

See you next time.

André Ontalba – Board Member

 
 
 
 

Interconnect Oracle Cloud and Microsoft Azure
Category: Cloud Author: Andre Luiz Dutra Ontalba (Board Member) Date: 6 years ago Comments: 0

Interconnect Oracle Cloud and Microsoft Azure

Last week, it was announced that Oracle and Microsoft have created a cloud-to-cloud connection between Oracle Cloud Infrastructure and Microsoft Azure in certain regions.
 
This connection allows you to configure workloads between clouds without traffic between the clouds that pass through the Internet.
 
OCI and Azure Interconnect services:
 
Limited to Azure East US (eastus) region and the OCI Ashburn (us-ashburn-1) region as of now.
ExpressRoute peering location is in proximity to or in the same peering location as the OCI FastConnect.
Identity side its common and well known integration between IDCS and Microsoft Active Directory.
Provides low latency and high throughput cross-cloud connectivity
Network Peering possible between Azure and OCI.
Multi-tier application can be partitioned to run DB on OCI and Application on Azure
Cross-Connect can be established ExpressRoute circuit in Azure and Fastconnect on OCI.
Traffic between the 2 providers over a private network.
Network traffic can be controlled using Security List (OCI) and Network Security Groups (Azure)
 
 
 
Link about official documentation:
https://docs.cloud.oracle.com/iaas/Content/Network/Concepts/azure.htm
 
Hope this helps. See you !!!
 
André  Ontalba  – www.dbadutra.com
 
 
 
 

 Disclaimer: “The postings on this site are my own and don’t necessarily represent may actual employer positions, strategies or opinions. The information here was edited to be useful for general purpose, specific data and identifications was removed to allow reach generic audience and to be useful.”

 


Monitoring Data Guard operation
Category: Database Author: Andre Luiz Dutra Ontalba (Board Member) Date: 6 years ago Comments: 0

Monitoring Data Guard operation

As we saw in the last article on installing DataGuard in Oracle 19C, we will now see how to monitor Data Guard.
 
 
— This script is to be run on the Standby of a Data Guard Physical Standby Site

 

set echo off
set feedback off
column timecol new_value tstamp
column spool_extension new_value suffix
select to_char(sysdate,'Mondd_hhmi') timecol from sys.dual;
column output new_value dbname
select value || '_' output from v$parameter where name = 'db_name';
— Output the results to this file
spool dg_Standby_diag_&&dbname&&tstamp
set lines 132
set pagesize 500
set numformat 999999999999999
set trim on
set trims on
— Get the current Date
set feedback on
select systimestamp from dual;

-- Standby Site Details
set heading off
set feedback off
select 'Standby Site Details' from dual;
select '********************' from dual;
set heading on
set feedback on

col db_unique_name format a15
col flashb_on format a10

select DB_UNIQUE_NAME,DATABASE_ROLE DB_ROLE,FORCE_LOGGING F_LOG,FLASHBACK_ON FLASHB_ON,LOG_MODE,OPEN_MODE,
GUARD_STATUS GUARD,PROTECTION_MODE PROT_MODE
from v$database;
— Current SCN – this value on the primary and standby sites where real time apply is in place should be nearly the same

 

select DB_UNIQUE_NAME,SWITCHOVER_STATUS,CURRENT_SCN from v$database;

-- Incarnation Information
--

set heading off
set feedback off
select 'Incarnation Destination Configuration' from dual;
select '*************************************' from dual;
set heading on
set feedback on

select INCARNATION# INC#, RESETLOGS_CHANGE# RS_CHANGE#, RESETLOGS_TIME, PRIOR_RESETLOGS_CHANGE# PRIOR_RS_CHANGE#, STATUS,FLASHBACK_DATABASE_ALLOWED FB_OK from v$database_incarnation;

set heading off
set feedback off
select 'Archive Destination Configuration' from dual;
select '*********************************' from dual;
set heading on
set feedback on
-- Current Archive Locations
--

column host_name format a30 tru
column version format a10 tru
select INSTANCE_NAME,HOST_NAME,VERSION,ARCHIVER from v$instance;

column destination format a35 wrap
column process format a7
column archiver format a8
column dest_id format 99999999

select DEST_ID,DESTINATION,STATUS,TARGET,ARCHIVER,PROCESS,REGISTER,TRANSMIT_MODE
from v$archive_dest
where DESTINATION IS NOT NULL;

column name format a22
column value format a100
select NAME,VALUE from v$parameter where NAME like 'log_archive_dest%' and upper(VALUE) like 'SERVICE%';

set heading off
set feedback off
select 'Archive Destination Errors' from dual;
select '**************************' from dual;
set heading on
set feedback on

column error format a55 tru
select DEST_ID,STATUS,ERROR from v$archive_dest
where DESTINATION IS NOT NULL;

column message format a80
select MESSAGE, TIMESTAMP
from v$dataguard_status
where SEVERITY in ('Error','Fatal')
order by TIMESTAMP;

-- Redo Log configuration
-- The size of the standby redo logs must match exactly the size on the online redo logs

set heading off
set feedback off
select 'Data Guard Redo Log Configuration' from dual;
select '*********************************' from dual;
set heading on
set feedback on

select GROUP# STANDBY_GROUP#,THREAD#,SEQUENCE#,BYTES,USED,ARCHIVED,STATUS from v$standby_log order by GROUP#,THREAD#;

select GROUP# ONLINE_GROUP#,THREAD#,SEQUENCE#,BYTES,ARCHIVED,STATUS from v$log order by GROUP#,THREAD#;
— Data Guard Parameters

set heading off
set feedback off
select 'Data Guard Related Parameters' from dual;
select '*****************************' from dual;
set heading on
set feedback on

column name format a30
column value format a100
select NAME,VALUE from v$parameter where NAME IN ('db_unique_name','cluster_database','dg_broker_start','dg_broker_config_file1','dg_broker_config_file2','fal_client','fal_server','log_archive_config','log_archive_trace','log_archive_max_processes','archive_lag_target','remote_login_password_file','redo_transport_user') order by name;
— Managed Recovery State

 

set heading off
set feedback off
select 'Data Guard Apply Status' from dual;
select '***********************' from dual;
set heading on
set feedback on

select systimestamp from dual;

column client_pid format a10
select PROCESS,STATUS,CLIENT_PROCESS,CLIENT_PID,THREAD#,SEQUENCE#,BLOCK#,ACTIVE_AGENTS,KNOWN_AGENTS
from v$managed_standby order by CLIENT_PROCESS,THREAD#,SEQUENCE#;

host sleep 10

select systimestamp from dual;

select PROCESS,STATUS,CLIENT_PROCESS,CLIENT_PID,THREAD#,SEQUENCE#,BLOCK#,ACTIVE_AGENTS,KNOWN_AGENTS
from v$managed_standby order by CLIENT_PROCESS,THREAD#,SEQUENCE#;

host sleep 10

select systimestamp from dual;

select PROCESS,STATUS,CLIENT_PROCESS,CLIENT_PID,THREAD#,SEQUENCE#,BLOCK#,ACTIVE_AGENTS,KNOWN_AGENTS
from v$managed_standby order by CLIENT_PROCESS,THREAD#,SEQUENCE#;

set heading off
set feedback off
select 'Data Guard Apply Lag' from dual;
select '********************' from dual;
set heading on
set feedback on

column name format a12
column lag_time format a20
column datum_time format a20
column time_computed format a20
SELECT NAME, VALUE LAG_TIME, DATUM_TIME, TIME_COMPUTED
from V$DATAGUARD_STATS where name like 'apply lag';
— If there is a lag remove the comment for the select below

 

-- SELECT * FROM V$STANDBY_EVENT_HISTOGRAM WHERE NAME = 'apply lag' AND COUNT > 0;

set heading off
set feedback off
select 'Data Guard Gap Problems' from dual;
select '***********************' from dual;
set heading on
set feedback on

select * from v$archive_gap;

set heading off
set feedback off
select 'Data Guard Errors in the Last Hour' from dual;
select '**********************************' from dual;
set heading on
set feedback on

select TIMESTAMP,SEVERITY,ERROR_CODE,MESSAGE from v$dataguard_status where timestamp > systimestamp-1/24;
spool off

 



Hope this helps. See you !!!
 
André  Ontalba  – www.dbadutra.com
 
 
 
 
 
 

 Disclaimer: “The postings on this site are my own and don’t necessarily represent may actual employer positions, strategies or opinions. The information here was edited to be useful for general purpose, specific data and identifications was removed to allow reach generic audience and to be useful.”

 


New Feature in Autonomous Database – Auto Scaling
Category: Cloud Author: Andre Luiz Dutra Ontalba (Board Member) Date: 6 years ago Comments: 0

New Feature in Autonomous Database - Auto Scaling

 
Yesterday a new feature was released in the Autonomous Database.
 
The Auto Scaling feature, you can select auto scaling during provisioning or later using the Scale Up/Down button on the Oracle Cloud Infrastructure console.
 
When you select auto scaling Autonomous Data Warehouse can use up to three times more CPU and IO resources than specified by the number of OCPUs currently shown in the Scale Up/Down dialog. 
 
When auto scaling is enabled, if your workload requires additional CPU and IO resources the database automatically uses the resources without any manual intervention required.
 
To see the average number of OCPUs used during an hour you can use the “Number of OCPUs allocated” graph on the Overview page on the Autonomous Data Warehouse service console.
 
Enabling auto scaling does not change the concurrency and parallelism settings for the predefined services.
 
Hope this helps. See you !!!
 
André  Ontalba  – www.dbadutra.com
 
 
 
 
 
 

 

Disclaimer: “The postings on this site are my own and don’t necessarily represent may actual employer positions, strategies or opinions. The information here was edited to be useful for general purpose, specific data and identifications was removed to allow reach generic audience and to be useful.”


Create Database System in Exadata, Bare Metal or VM
Category: Cloud Author: Andre Luiz Dutra Ontalba (Board Member) Date: 6 years ago Comments: 0

Create Database System in Exadata, Bare Metal or VM

This article provides a run through of creating a Database System using Exadata, Bare Metal or VM on the Oracle Cloud.
 
Log into Oracle Cloud and click on  the “Bare Metal, VM and Exadata”  in the Database
 
Select the compartment you want to build the service in, then click the “Lauch DB System” button.

 

Enter the details of the service you want to create. We selected the VIRTUAL MACHINE type, because Bare Metal and Exadata were not available for our region.

We selected only 1 node to perform this article as we selected the Enterprise Edition Extreme Perfomance option. We will prepare another article explaining all the details of the differences from Shapes and Softwares to DB System.

Remember to select the appropriate licensing model. 

 

 

 

Now we will generate the keys to use in our DB System.
We recommend you generate a key using the Putty Key Generator.
Click Generate and move the mouse until the key is created

 

After it was created save a copy as Public Key and another as Private Key.
Now let’s put the public key to have access after the machine is created via SSH.

 

Click in Choose Files
 
 Select the file saved as Public Key, in my case Public_Keys. Pub
 
 After that, if you have not created any VNC (Virtual Network Circuit), it will be created automatically.  In my case I have already created then already came selected.

 

Now put information about the database and after that click Lauch DB System
Screen while creating the resource.
After an hour the environment was created, and we are asked why so much delay.

This answer is simple, building a DB System involves several components such as NETWORK, STORAGE, COMPUTE and software installation.

 

Ready your DB System is OK.
 
Now we will access the VM through SSH.
 
Take the IP that looks like for you in this item and open in an SSH client, remembering that we should use the private key now to make the connection.

In my case I access using mobaxterm, in Remote host I put the IP, select the username and type “OPC” and select Use the Private Key that was generated.

 

 

 

Ready server connected and ready to use your DB System.
Hope this helps. See you !!!
 
André  Ontalba  – www.dbadutra.com
 
Rodrigo Mufalani (OCM)
Oracle ACE Member  –  https://mufalani.wordpress.com

Create Autonomous Data Warehouse
Category: Cloud Author: Andre Luiz Dutra Ontalba (Board Member) Date: 6 years ago Comments: 0

Create Autonomous Data Warehouse

This article provides a run through of creating a new Autonomous Data Warehouse service on the Oracle Cloud.

 Log into Oracle Cloud and click the “Create Instance” link.
Click on the “Create” button in the Autonomous Data Warehouse

 

Select the compartment you want to build the service in, then click the “Create Autonomous Database” button.

 

Enter the details of the service you want to create. The default sizes are 1 CPU core and 1TB of storage. Remember to select the appropriate licensing model. Click the “Create Autonomous Database” button.

 

Wait while the service is provisioned. You will see the state is marked as “Provisioning”.

 

The details screen allows you to perform some basic operations with the service, including scale up/down, manual backups and restores from backups. Click on the “Service Console” button.

 

You are presented with the dashboard, which will look quite empty as the service has just been provisioned. Click the “Activity” link on the left menu.
You are presented with the activity screen, which will look relatively quiet as the service has just been provisioned. Click the “Administration” link on the left menu.

 

The administration screen allows you to perform some basic administration of the service.
Connecting to the Autonomous Data Warehouse Service Using SQL Developer
Go to the administration screen for the service and click the “Download Client Credentials (Wallet)”.
 
Enter the password to protect the credentials store.

 

 

Open SQL Developer and create a new connection. Use the username and password specified when you provisioned the service. Use a connection type of “Cloud Wallet” and enter the zip file location. You can now click the “Test” or “Connect” button.

 

Now all ready to use 
Hope this helps. See you !!!
 
André  Ontalba  – www.dbadutra.com
 
Rodrigo Mufalani (OCM)
Oracle ACE Member  –  https://mufalani.wordpress.com

1 5 6 7 8