Oracle Cloud Workshop: Database Cloud Service

Copyright © 2014 Oracle and/or its affiliates. All rights reserved. |

CINTRAThe Cloud Architects

Presenter:Kyle SmithVP, Client Services - TOLACintra

Oracle Cloud Workshop:Database Cloud Service

WELCOME• Please use the following Wifi Credentials:

– Network: clear-guest

• Open Browser once connected to authenticate– User name: guest– Password: Uxh7GtEJ

2

Before we get Started:

1. Download the zipfile: https://github.com/mpaddocktx/Cintra-Cloud-Workshop/archive/master.zip

- Putty- Keys- Cloudberry- Notes

https://github.com/mpaddocktx/Cintra-Cloud-Workshop/archive/master.zip

Oracle Cloud – Getting Started @ http://cloud.oracle.com

Oracle Cloud – Getting StartedOption 1: Sign in directly to the Cloud Services Dashboard using Identity Domain

Option 2: Sign in using Oracle Account ID to view Cloud Account Dashboard

Oracle Cloud – Signing Into Cloud Services Dashboard

Enter your IdentityDomain, provided to you by Oracle

Oracle Cloud – Signing Into Cloud Services Dashboard

Sign-in using username and the password provided to you by Oracle

Oracle Cloud – Cloud Services Dashboard

• The Compute Cloud Services Console is where you can view instances and storage used across a single domain

• If account has Raw Compute enabled, users can provision new compute instances and provision storage directly from this page

• The Compute Cloud Services Console is where you can access Network configurations

Oracle Cloud – Compute Cloud Services Detail

• The Java Cloud Services (JCS) Console is where you can provision and administer deployed Weblogic instances, either as stand-alone services or clustered with a load balancer.

• To deploy a JCS instance, you must first meet all of the perquisites, including a provisioned DBaaS instance.

Oracle Cloud – Java Cloud Services Detail

• The Database Cloud Services (DCS) Console is where you can provision and administer deployed database instances

Oracle Cloud – Database Cloud Services Detail


DBaaS Provisioning Pre-Requisites• Creating storage containers (optional)• Preparing for network access

1) Go to Dashboard and set replication policy (chicago for mine)

2) Open Terminal and execute curl to get auth tokencurl -v -X GET \

-H "X-Storage-User: Storage-cintraisv:[email protected]" \-H 'X-Storage-Pass: ps226Worm!' \https://cintraisv.storage.oraclecloud.com/auth/v1.0

RESULTS:< X-Auth-Token: AUTH_tk2388391a0b2342de3792d54628e5b7a9< X-Storage-Token: AUTH_tk2388391a0b2342de3792d54628e5b7a9< X-Storage-Url: https://storage.us2.oraclecloud.com/v1/Storage-cintraisv

Storage Configuration – Creating a Container using Curl

https://cintraisv.storage.oraclecloud.com/auth/v1.0

https://storage.us2.oraclecloud.com/v1/Storage-cintraisv

3) Create first container

curl -v -X PUT \

-H "X-Auth-Token: AUTH_tk2388391a0b2342de3792d54628e5b7a9" \

https://storage.us2.oraclecloud.com/v1/Storage-cintraisv/CW-DEC-18-CONT-01


4) List containers available

curl -v -X GET \

-H "X-Auth-Token: AUTH_tk2388391a0b2342de3792d54628e5b7a9" \

https://storage.us2.oraclecloud.com/v1/Storage-cintraisv?limit=5


• Download Cloudberry File Explorer for Openstack: www.cloudberrylab.com/download-thanks.aspx?prod=cbosfree

• If on Mac: use cyberduck

Storage Configuration – Creating a Container in Cloudberry

http://www.cloudberrylab.com/download-thanks.aspx?prod=cbosfree


Display name = Service Nickname

User name = Storage-<identity-domain>:[email protected]

Password = Cloud Services Password


• Network Access to compute nodes of the service instance is provided through SSH on port 22

• In order to authenticate to the compute node through SSH, you will need to create a public/private key pair and upload the public key during the creation of the service instance

• Additional access to the compute nodes can either be achieved by opening additional network ports on the node

ORby creating an SSH tunnel to a compute node port

Network Access

Generating an SSH Public/Private Key PairTo generate an SSH key pair on Windows using the PuTTYgenprogram:

1. Run the PuTTYgen program.

2. Set the Type of key to generate option to SSH-2 RSA.

3. In the Number of bits in a generated key box, enter 2048.

4. Click Generate to generate a public/private key pair. (As the key is being generated, move the mouse around the blank area.)

5. (Optional) Enter a passphrase for the private key in the Key passphrase box and reenter it in the Confirm passphrase box.

6. Click Save private key to save the private key to a file. To adhere to file-naming conventions, you should give the private key file an extension of .ppk (PuTTY private key)

Generating an SSH Public/Private Key Pair1. Select all of the characters in the Public key for pasting into

OpenSSH authorized_keys file box.

2. Make sure you select all the characters, not just the ones you can see in the narrow window. If a scroll bar is next to the characters, you aren't seeing all the characters.

3. Right click somewhere in the selected text and select Copy from the menu.

4. Open a text editor and paste the characters, just as you copied them. Start at the first character in the text editor, and do not insert any line breaks.

5. Save the text file in the same folder where you saved the private key, using the .pub extension to indicate that the file contains a public key.


Provisioning your first DBaaS Instance

Database Cloud Service – Provisioning an Instance

DCS –Provisioning an Instance

DCS – Provisioning OptionsOracle Database Cloud Service

Oracle Database Cloud Service - Virtual Image

Oracle Database and supporting software on the service instance

Pre-Installed and Configured

Included, but must be installed manually

(DBCA)

Tooling for automated maintenance operations

Pre-Installed and Configured Manual install

Root Access Yes Yes

Oracle DB Admin Privileges Full Full

Cloud Tooling for Database Cloud Service

• Simple Automated Backups: use the bkup_api utility (raccli on service instances that use Oracle Real Application Clusters) to perform on-demand backups and to change how automatic backups are configured.

• Simple Automated Recovery: use the orecsubcommand of the dbaascli utility (raccli on service instances that use Oracle Real Application Clusters) to restore from backups.

• Simple Automated Patching: use the dbpatchm subcommand of the dbaascliutility (raccli on service instances that use Oracle Real Application Clusters) to apply patches.

• New DBaaS Monitor: use the Oracle DBaaSMonitor web application to monitor the Oracle database and the Oracle GlassFishServer domain on the service instance.

Billing Frequency – Cannot be changed after service creation

• Hourly: Pay only for the number of hours used during your billing period.

• Monthly: Pay one price for the full month irrespective of the number of hours used.



Standard Edition:• Oracle Database Standard Edition includes all the facilities necessary to build business-

critical applications. This edition is only available for Oracle Database 11g Release 2.

Enterprise Edition• Provides the performance, availability, scalability, and security required for mission-

critical applications such as high-volume online transaction processing (OLTP) applications, query-intensive data warehouses, and demanding Internet applications. Enterprise Edition contains all the components of Oracle Database.

Enterprise Edition - High Performance• Provides all the features of Enterprise Edition, plus all the database enterprise

management packs and all the Enterprise Edition options except:• Active Data Guard | In-Memory Database | Oracle RAC One Node | Real Application

Clusters (Oracle RAC)

Enterprise Edition - Extreme Performance• Provides all the features of Enterprise Edition, plus all the database enterprise

management packs and all the Enterprise Edition options except:• Oracle RAC One Node

DCS –Provisioning Options: Software Edition



Presenter

Presentation Notes

Service Name—enter a name for your service instance. This name: – Must not exceed 50 characters (15 characters for a service instance that uses Oracle RAC). – Must start with a letter. – Must contain only letters, numbers, or hyphens. – Must not contain any other special characters. – Must be unique within the identity domain. • Description—enter a description for your service instance. (Optional) • Compute Shape—select a compute shape from the list of supported OCPU (Oracle CPU) and RAM combinations. These combinations fall into two categories: – General Purpose: OC3 - 1 OCPU, 7.5 GB RAM OC4 - 2 OCPU, 15 GB RAM OC5 - 4 OCPU, 30 GB RAM OC6 - 8 OCPU, 60 GB RAM OC7 - 16 OCPU, 120 GB RAM – High Memory: OC1M - 1 OCPU, 15 GB RAM OC2M - 2 OCPU, 30 GB RAM OC3M - 4 OCPU, 60 GB RAM OC4M - 8 OCPU, 120 GB RAM OC5M - 16 OCPU, 240 GB RAM • VM Public Key—provide the SSH public key to be used for authentication when using an SSH client to connect to a compute node VM that is associated with your service instance. Click Edit to specify the public key, either by uploading a key file or by entering the name of a key that was uploaded earlier. To specify the name of a key that was uploaded earlier, use the full hierarchical name of the key: /domain/user/keyname


Presenter

Presentation Notes

The Database Configuration section does not appear if you chose the “Oracle Database Cloud Service - Virtual Image” service level. • Usable Database Storage (GB)—enter the amount of storage you want for actual database data (in GB). • Total Data File Storage (GB)—the computed amount of storage in GB that will be allocated to your instance, including space for operating system and product binaries, supporting files, database data and configuration files, and so on. • Administration Password and Confirm Password—enter and then reenter a password for administrative access to the database and to other components of your service instance, specifically: – Oracle Database SYS and SYSTEM users – Oracle Application Express ADMIN user – Oracle GlassFish Server admin user – Cloud database monitor access The password you enter: – Must be 8 to 30 characters in length. – Must contain at least one lowercase letter – Must contain at least one uppercase letter – Must contain at least one number – Must contain at least one of these symbols: _ (underscore), # (hash sign), or $ (dollar sign). • DB Name (SID) —enter a name for the database instance. This name: – Must not exceed 8 characters. – Must start with a letter. – Must contain only letters, numbers, or these symbols: _ (underscore), # (hash sign), or $ (dollar sign). • PDB Name (Available only for Oracle Database 12c)—enter a name for the default PDB (pluggable database). This name: – Must not exceed 8 characters. – Must start with a letter. – Must contain only letters, numbers, or these symbols: _ (underscore), # (hash sign), or $ (dollar sign). • Include “Demos” PDB —include the "Demos" PDB in the database, which contains demos for many new features of 12c such as in-memory and multitenant. Usable Data File Storage must to be at least 25 GB to include this PDB. This option is available only for Oracle Database 12c. • RAC Database—controls whether a two-node Oracle Real Application Clusters (RAC) database is created. This option is available only if you choose a shape with two OCPUs for trial accounts or a shape with four or more OCPUs for subscription accounts.


Presenter

Presentation Notes

Note: The Backup and Recovery Configuration section does not appear if you chose the “Oracle Database Cloud Service - Virtual Image” service level. Backup Destination —select how backups are to be configured: Both Cloud Storage and Block Storage —backups are configured to be created automatically and stored both on block storage and on an Oracle Storage Cloud Service container. If this choice is selected, the Cloud Storage Container, User Name and Password fields are displayed: Cloud Storage Container: enter the name of an existing Oracle Storage Cloud Service container in the format: instance-id_domain/container where instance is the name of the Oracle Storage Cloud Service instance, id_domain is the name of the identity domain, and container is the name of the container. Cloud Storage User Name—enter the user name of a user who has read/write access to the container specified in Cloud Storage Container. Cloud Storage Password—enter the password of the user specified in Cloud Storage User Name. Block Store Only — backups are configured to be created automatically and stored on block storage. None — backups are not configured for your service instance. *** Do not use the Oracle Storage Cloud Service container that you are using to back up Database as a Service instances to cloud storage for any other purpose. For example, do not also use it to back up Oracle Java Cloud Service instances to cloud storage. Using the container for multiple purposes can result in billing errors. ***


Presenter

Presentation Notes

On the confirmation page, you should review all of your configuration settings and ensure they are correct. If they are not correct, click the Previous button to go back and make corrections. Once you are satisfied with the configuration, click the Create button.


Presenter

Presentation Notes

After clicking Create, you will be redirected to the Database Cloud Service Console to view the progress of your database provisioning.


Presenter

Presentation Notes

Once provisioned, you will need to update your DBaaS Security list to enable inbound packets so that we can connect to the instance.

Testing SSH ConnectivityTesting Connectivity with Putty

1. Load Private Key 2. Enter IP & Type in 3. Open Sessionunder “Auth” Session Name to Save

Presenter

Presentation Notes

Testing SSH Connectivity on Unix $ ssh – I </home/user/.ssh/private key> opc@<cloud.instance.ip>


Further Network Configuration• Enable access to compute port• Creating an SSH Tunnel• Define custom host/ domain name for DBaaS• Network Encryption and Integrity

Network Access via Cloud Security Rules (Default)

Presenter

Presentation Notes

ora_p2_dbconsole, which controls access to port 1158, the port used by Enterprise Manager 11g Database Control. ora_p2_dbexpress, which controls access to port 5500, the port used by Enterprise Manager Database Express 12c. • ora_p2_dblistener, which controls access to port 1521, the port used by SQL*Net. ora_p2_http, which controls access to port 80, the port used for HTTP connections to the instance. ora_p2_httpadmin, which controls access to port 4848, the port used by the Oracle GlassFish Server administration console. ora_p2_httpssl, which controls access to port 443, the port used for HTTPS connections to the instance, including Oracle REST Data Services, Oracle Application Express, and the Oracle Cloud on-instance database monitor.

Network Access via Security Application

Presenter

Presentation Notes

Enabling Port Access by Creating a Security Rule To enable a compute node port, or range of ports, that is not associated with one of the automatically created Oracle Compute Cloud security rules: 1. Display the Network Security Applications page of the Oracle Compute Cloud Service console: a. Open the Oracle Compute Cloud Service console. For instructions, see Accessing Oracle Compute Cloud Service in Using Oracle Compute Cloud Service. When you open the Oracle Compute Cloud Service console, the Overview page is displayed with the Instances tile foremost. b. Click Network. The Network page displays with the Security Rules tile foremost. c. Click the Security Applications tile. The Network page refreshes with the Security Applications tile foremost. 2. Click Create Security Application. In the Create Security Application dialog, enter the following information. • Name: Any name to identify the new port; for example, mynetport. • Port Type: tcp • Port Range Start: The number of the port you wish to open, or the lowest number in the range of ports that you want to open. • Port Range End: The number of the port you wish to open, or the highest number in the range of ports that you want to open. • Description: Any description of your choice. 3. Click Create. 4. Click the Security Rules tile on the left side of the page, and then click Create Security Rule. In the Create Security Rule dialog, enter the following information. • Name: Any name to identify the security rule. • Status: Enabled Security Application: Select the name of the security application you created in the steps above; for example mynetport. • Source: Select Security IP Lists, and then select public-internet from the list. • Destination: Select the name of the security list to use as the target for this security rule. By default, Database as a Service instances are assigned to security lists named ora-db. • Description: Any description of your choice. 5. Click Create. The port is opened to the public internet.

Restricting Port Access to Specific IPs

Presenter

Presentation Notes

Restricting Port Access to Specific IP Addresses If you wish to restrict access to a compute node port, to only permit connections from specific IP addresses: 1. Create a Security IP List that describes the IP addresses of the computers that are to be granted access to the compute node, as described in Creating a Security IP List in Using Oracle Compute Cloud Service. 2. Create a Security Rule that links your Security IP List to the compute node Security List on the Security Application (port) you want to open by setting fields in the Create Security Rule dialog as follows: Security Application: set to the name of the Security Application (port) on the compute node to which you want to provide access. Source: set to the name of the Security IP List you created. Destination: set to the ora_db security list for the compute node.

Configure SSH connectivity:

1. In Host Name (or IP address) box, enter the IP address of the target compute node.

2. Confirm that the Connection type option is set to SSH.

3. In the Category tree, expand Connection if necessary and then click Data.

4. In Auto-login username box, enter oracle.

5. Confirm that the when username is not specified, option is set to Prompt.

6. In the Category tree, expand SSH and then click Auth.

7. Click the Browse button next to the Private key file for authentication box. Then, in the Select private key file window, navigate to and open the private key file that matches the public key used when the service instance was created.

Add a forwarded port:

1. In the Category tree, click Tunnels.

1. In the Source Port box, enter the number of an available port on your system. Specify a port number greater than 1023 and less than 49152 to avoid conflicts with ports that are reserved for the system.

2. In the Destination box, enter the IP address of the target compute node, a colon, and the port number to which you want to create a tunnel; for example, 192.0.2.100:1521.

3. Confirm that the Local and Auto options are set.

4. Click Add to add the forwarded port.

1. The new forwarded port appears in the Forwarded ports list.

2. In the Category tree, click Session.

3. In the Saved Sessions box, enter a name for this connection configuration. Then, click Save.

4. Click Open to open the connection.

1. The PuTTY Configuration window is closed and the PuTTY window is displayed.

NOTE: If this is the first time you are connecting to the target compute node, the PuTTY Security Alert window is displayed, prompting you to confirm the public key. Click Yes to continue connecting.

*** After the SSH tunnel is created, you can access the port on the target compute node by specifying localhost:local-port on your system, where local-port is the source port you specified

when creating the tunnel. ***

Network Access via SSH Tunnel with Putty

Network Access via SSH Tunnel with Putty

Network Access via SSH Tunnel with LinuxRun the ssh utility:

$ ssh -i private-key-file -L local-port:target-ip-address:target-portlocalhostnamewhere:

private-key-file is the path to the SSH private key file.local-port is the number of an available port on your Linux system. Specify a port number greater than 1023 and less than 49152 to avoid conflicts with ports that are reserved for the system. As a good practice, and for the sake of simplicity, you should specify the same port number as the one to which you are creating a tunnel.target-ip-address is the IP address of the target compute node in x.x.x.x format.target-port is the port number to which you want to create a tunnel.local-hostname is the host name of your Linux system.

Defining a Custom Host Name or Domain Name for Database as a ServiceYou can associate a custom host name or domain name to the public IP address of a compute node associated with an Oracle Database Cloud - Database as a Service instance. To associate a custom host name to the public IP address of a compute node, contact the administrator of your DNS (Domain Name Service) and request a custom DNS record for the compute node’s public IP address.

For example, if your domain is example.com and you wanted to use clouddb1 as the custom host name for a compute node, you would request a DNS record that associates clouddb1.example.com to your compute node's public IP address. To associate a custom domainname to the public IP address of a compute node:

1. Register your domain name through a third-party domain registration vendor, such as Register.com, Namecheap, and so on. For example, example.com.

2. Resolve your domain name to the IP address of the Database as a Service compute node, using the third-party domain registration vendor console. For more information, refer to the third-party domain registration documentation.

Verifying use of Native Encryption & IntegrityYou can verify the use of native Oracle Net encryption and integrity by connecting to your Oracle database and examining the network service banner entries associated with each connection. This information is contained in the NETWORK_SERVICE_BANNER column of the V$SESSION_CONNECT_INFO view. The following example shows the SQL command used to display the network service banner entries associated with current connection:

SQL> select network_service_banner from v$session_connect_infowhere sid in (select distinct sid from v$mystat);

NOTE:

The following example output shows banner information for the available encryption service and the crypto-checksumming (integrity) service, including the algorithms in use:

NETWORK_SERVICE_BANNER ------------------------------------------------------------------------------------TCP/IP NT Protocol Adapter for Linux: Version 12.1.0.2.0 -Production Encryption service for Linux: Version 12.1.0.2.0 - Production AES256 Encryption service adapter for Linux: Version 12.1.0.2.0 - Production Crypto-checksumming service for Linux: Version 12.1.0.2.0 - Production SHA1 Crypto-checksumming service adapter for Linux: Version 12.1.0.2.0 -Production

Checking your Oracle Net Client ConfigurationThe following procedure outlines the basic steps required to confirm that native encryption and integrity are enabled in your Oracle Net client configuration.

1. In a command shell, connect to the Oracle Net client.

2. Change directories to the location of the Oracle Net configuration files tnsnames.ora and sqlnet.ora, for example:

$ cd $ORACLE_HOME/network/admin $ ls *.ora sqlnet.ora tnsnames.ora

3. View the sqlnet.ora file and confirm that it does not contain the following parameter settings:

SQLNET.ENCRYPTION_CLIENT = rejected SQLNET.CRYPTO_CHECKSUM_CLIENT = rejected

The rejected setting explicitly disables the encryption or integrity service, even if the server requires it. When a client with an encryption or integrity service setting of rejected connects to a server with the required setting, the connection fails with the following error: ORA-12660: Encryption or crypto-checksumming parameters incompatible. Because native Oracle Net encryption and integrity are enabled in your Database as a Service environment by default, any parameter setting other than rejected, or no setting at all, would result in the use of native encryption and integrity.


DBaaS Lifecycle ManagementDBaaS Instance StatesScaling DBaaS InstanceAttaching “Temporary” StorageCreating an On-Demand BackupMaintaining Manageability of your DBaaS InstanceDeleting DBaaS InstancesTracking Database InstancesDatabase Migration Scenario Overview

DBaaS Instance States

Presenter

Presentation Notes

Start When a Database as a Service instance is started: An Oracle Compute Cloud Service instance of the appropriate compute shape (OCPU and memory) is allocated to it. All other Compute Cloud Service resources associated with it at instance creation or as the result of a scaling operation are reattached to it. The allocated Oracle Compute Cloud Service instance is started. After these steps complete, the Database as a Service instance is running and available Stop When a Database as a Service instance is stopped, its CPU and RAM (an Oracle Compute Cloud Service instance) are stopped. As a consequence, it consumes no OCPU or memory resources and so metering and billing of these resources stop. However, all the other resources of the service instance continue to exist and so continue to be metered and billed, including: Oracle Compute Cloud Service resources such as storage volumes and IP address reservations Oracle Storage Cloud Service storage space used by the service instance’s backups to the Oracle Cloud Additionally, when a Database as a Service instance is stopped, backups of the service instance are not performed. Restart When you restart a Database as a Service instance, the service instance is stopped and then immediately started again Scale Up/Down When Scaling the database, the instance is put in maintenance mode and then restarted. *** As a result of the restarting, any resources you’ve manually added to the service instance using the Compute Cloud Service console become detached from the service instance. ***

Instance Scaling: Compute

Presenter

Presentation Notes

To scale up/down the compute shape of a service instance: 1. View the instance overview page for the service instance: Open the Oracle Database Cloud Service console. Click the name of the instance you want to scale. The Oracle Database Cloud Service Instance page is displayed. 2. Choose the scaling command: For service instances that use Oracle RAC, click the next to the service instance name and choose Scale Up/Down. For other service instances, click the menu in the box for the compute node and choose Scale Up/Down. The Scale Up Service overlay is displayed. Note that the overlay includes information about the instance's current compute shape. 3. Select a new compute shape. 4. Click Yes, Scale Up/Down Service to scale the service instance. The scaling operation begins. The service instance is in Maintenance status and unavailable while the scaling operation is in progress.

Instance Scaling: Storage

Presenter

Presentation Notes

In the Additional Storage (GB) box, enter an amount raw storage to add to the service instance, from 1 to 1000 GB in increments of 1 GB. An Oracle Compute Cloud Service storage volume of the indicated size will be created. Note that a small percentage of this raw storage will be used for file system constructs and other overhead. Note: When adding storage to a service instance that uses Oracle Real Application Clusters (RAC), you should specify the same size as the other storage volume or volumes already in the Oracle ASM disk group you want to scale up: Data or Backup. 4. Specify how the additional storage should be allocated in the Add Storage to list: • Create New Storage Volume: adds a new storage volume to the service instance and mounts it as the next available /u0n mount point. This option is not available for service instances that use Oracle Real Application Clusters. • Extend Data Storage Volume: adds the storage volume to the existing Linux LVM disk group (or Oracle ASM disk group on service instances that use Oracle Real Application Clusters) for database data storage. • Extend Backup Storage Volume: adds the storage volume to the existing Linux LVM disk group (or Oracle ASM disk group on service instances that use Oracle Real Application Clusters) for backup and FRA storage. Note: The Add Storage to list is not available for service instances created using the Oracle Database Cloud Service - Virtual Image service level. In this case, the Oracle Compute Cloud Service storage volume is added as a raw block device to the service instance. You need to format it, mount it, and update the /etc/ fstab file to make it usable in the service instance. .

Attaching Temporary Storage

Presenter

Presentation Notes

Adding Temporary Storage to a Service Instance To add temporary storage to a service instance, you add a storage volume to a compute node. First, you create a Compute Cloud Service storage volume and attach it to the compute node. Then, while logged into the compute node you use Linux commands to partition, format and mount the storage volume. The storage you add by following these steps is “temporary” in that you can later unmount it from the compute node and delete it. In all other ways it is “permanent”: it remains in existence, even if you delete the service instance to which it is attached, until you delete it. When adding a Compute Cloud Service storage volume as temporary storage, keep these points in mind: A compute node can have a maximum of ten storage volumes attached to it. You can create a storage volume from 1 GB to 1,000 GB in size, in increments of 1 GB. General Steps for Adding Temp Storage: Create Storage Container and Volume Attach volume to compute node Connect to compute node as OPC user Format attached volume as single partition Create file system on partition Create a directory Mount the partition on created directory Set ownership and permissions of the directory as appropriate

Creating an On-Demand BackupTo create an on-demand backup:• Connect to the compute node as the opc user.• Start a root-user command shell:

$ sudo -s

You can choose to have the backup follow the current retention policy, or you can choose to create a long-term backup that persists until you delete it:

– To create a backup that follows the current retention policy, enter the following bkup_api command:

# /var/opt/oracle/bkup_api/bkup_api bkup_start

– To create a long-term backup, enter the following bkup_api command:

# /var/opt/oracle/bkup_api/bkup_api bkup_start –keep

• Exit the root-user command shell:# exit

By default, the backup is given a timestamp-based tag. – To specify a custom backup tag, add the --tag option to the bkup_api command; for example, to create a long-term backup with the tag "monthly", enter the following

command:

# /var/opt/oracle/bkup_api/bkup_api bkup_start --keep --tag=monthly

After you enter a bkup_api bkup_start command, the bkup_api utility starts the backup process, which runs in the background.

• To check the progress of the backup process, enter the following bkup_api command:

# /var/opt/oracle/bkup_api/bkup_api bkup_status

Maintaining the Manageability of Your DBaaS InstanceThe following best practices will ensure that your Oracle Database Cloud - Database as a Service instances stay manageable.

– Do not disable or close access to the SSH port (port 22).You can open other ports and protocols.

– Do not detach, change file access permissions for, or change the mount point of any storage volume attached to a compute nodeduring the creation of your Database as a Service instance. In particular, do not unmount or change the file access permissions of /u01 through /u05.

– Do not change compute node OS users and SSH key settings that were configured during the creation of your Database as a Service instance.

– Apply only patches that are available through the Database as a Service.Do not apply patches from any other source unless directed to by Oracle Support.

– Apply the quarterly Patch Set Updates (PSUs) regularly, every quarter if possible.

– Do not change the ports for the Oracle Cloud DBaaS Monitor, Oracle Application Express, Oracle GlassFish Server Administration Console, Oracle Net Listener, Enterprise Manager Database Express 12c, or Enterprise Manager 11g Database Control.

• Migration Scenarios– From 11g to 11g DBaaS Instance– From 11g to 12c DBaaS Instance– From 12c CDB to 12c DBaaS Instance– From 12c non-CDB to 12c DBaaS

Instance

• Approved Methods– Data Pump – Export Import– Data Pump – Full Transportable– Data Pump – Transportable Tablespaces– Remote Cloning– Remote Cloning (Non-CDB)– RMAN Cross-Platform Transportable PDB– RMAN Cross-Platform Transportable

Tablespace Backup– RMAN Cross-Platform Transportable

Tablespace with Data Pump– RMAN Convert Transportable Tablespace with

Data Pump– SQL Developer

• INSERT Statements for Selected Object Migration• SQL*Loader to Migrate Selected Objects

Database Migration Options


Migrating a Pluggable Database

Pluggable Database Migration1. SSH to database server and download the PDB datafiles while on the server command line.

wget https://www.dropbox.com/s/12jd18cpnpxoos8/pdb1.zip?dl=0

2. Unzip the datafiles into an empty directory –e.g. : /u02/app/oracle/oradata/ORCL/TEST/datafile

3. Move the orcl.xml file into the $ORACLE_HOME/dbs

https://www.dropbox.com/s/12jd18cpnpxoos8/pdb1.zip?dl=0

Pluggable Database Migration4. Check compatibility in the source database:

SET SERVEROUTPUT ONDECLAREcompatible CONSTANT VARCHAR2(3) :=CASE DBMS_PDB.CHECK_PLUG_COMPATIBILITY(

pdb_descr_file => '/u01/app/oracle/product/12.1.0/dbhome_1/dbs/orcl.xml',

pdb_name => ‘pdb1')WHEN TRUE THEN 'YES'ELSE 'NO'

END;BEGINDBMS_OUTPUT.PUT_LINE(compatible);

END;/

Pluggable Database Migration

5. Plug the database in:

CREATE PLUGGABLE DATABASE orcl USING '/u01/app/oracle/product/12.1.0/dbhome_1/dbs/orcl.xml'create_file_dest='/u02/app/oracle/oradata/ORCL/TEST'source_file_name_convert=('/u02/app/oracle/oradata/ORCL/34A31D2002E41E89E053DE4EC40A8291','/u02/app/oracle/oradata/ORCL/TEST')NOCOPYTEMPFILE REUSE;

6. Open the pluggable database:alter pluggable database test open;


7. Change the wallet from auto-login to password type.a. Find the SSO file location using:

select * from v$encryption_wallet;b. Remove the file cwallet.sso from the location above.c. Close the wallet using:

administer key management set keystore close;d. Re-open the wallet using:

administer key management set keystore open identified by "Welcome1#";e. Verify that the wallet type is now "PASSWORD" using:

select * from v$encryption_wallet;


8. Import the included encryption key into the PDB:ALTER SESSION SET CONTAINER=TEST;ADMINISTER KEY MANAGEMENT SET KEYSTORE OPEN IDENTIFIED BY "Welcome1#"; ADMINISTER KEY MANAGEMENT IMPORT KEYS WITH SECRET "Welcome1#" FROM '/u01/app/oracle/admin/ORCL/tde_wallet/pdb1.exp' IDENTIFIED BY "Welcome1#" WITH BACKUP;

9. Check the status of the PDBselect pdb_name, status from CDB_PDBS; select name, open_mode from V$PDBS;

Pluggable Database Inclusion

After logging in, select the CDB hyperlink on the far right side of the main page.

You will see the PDB listed in the Containers section of this page.

Pluggable Database Inclusion


DBaaS Tooling

• EM DB Express = ip:5500/em– username:SYS

• DBaaS Monitory = ip/dbaas_monitor– username: dbaas_mointor

• Glassfish = ip:4848– username:admin

• APEX = ip/ords/PDBNAME – workspace = internal – username = admin

• PDB Self-Service = ip/ords/f?p=600– username:admin

DBaaS Tooling Reference

***All use common instance password***

DBaaS MonitorOracle DBaaS Monitor provides monitoring and management of the Oracle Database RDBMS and listener on an Oracle Database Cloud -Database as a Service instance. DBaaS Monitor provides quick and easy access to a variety of information about the database instance running on a service instance:

• Overall, how much storage is allocated to tablespaces, and how much of that storage is used• For each tablespace: how much storage is allocated and how much of that storage is used, with additional drill-down capabilities to view

segments• A real-time graph showing wait events across several selectable categories• The alert log, with log searching capabilities• A list of open user sessions, with drill-down capabilities to view session details such as the last SQL statement, explain plan, waits,

contention, etc• A list of initialization parameters, with the ability to change parameter values, both in memory and in the SPFILE.• Indication of whether certain database options are enabled• Monitoring of current and past SQL Developer PDB uploads You can use DBaaS Monitor to view information about the service instance

virtual machine:• CPU utilization information in an interactive table format, with automatic refresh intervals• OS process information, with filtering and automatic refresh capabilities DBaaS Monitor also provides the following management

capabilities:• Start up and shut down the database instance• Start and stop the listener• Access the GlassFish Administration Console

Pluggable Database Self-Service Provisioning Application• The Oracle Pluggable Database Self-Service Provisioning application provides an interface to Oracle Database 12c

Multitenant option and allows for the provisioning of Pluggable Databases (PDBs). You can perform PDB operations including create, clone, open/close, plug/unplug, and drop. Additionally, you can grant others access to the application, giving them rights to create and manage their own PDBs within the quota limits you set.

*** Important Step for using Application: Set Email

1. Log into the Pluggable Database Self-Service Provisioning application. For instructions, see Accessing the Pluggable Database Self-Service Provisioning Application.

2. Click the Administration link. The Self-Service Administration page displays.

3. Locate and click the Self-Service System Configuration item. The Self-Service System Configuration page displays.

4. Locate the row labeled Emails From and click the edit icon in the row. The Update Self-Service System Setting page displays, providing a box where you can enter a value for the Emails From setting.

5. In the box, enter the local email address of the oracle user:

[email protected]

where instance is the name of the service instance and domain is the name of the service domain.

6. Click Save Changes. Your change is saved and the Self-Service System Configuration page displays, showing the changed value.

Presenter

Presentation Notes

Configuring Email for the Pluggable Database Self-Service Provisioning Application The Pluggable Database Self-Service Provisioning application sends email messages to users of the application on occasion, such as when requesting an account. However, as a security measure, Oracle Cloud prohibits outgoing email from service instances. Thus, these email messages are blocked when using the application on an Oracle Database Cloud - Database as a Service instance. Despite the fact that outgoing email messages are blocked, you must set the application’s sender of email to a valid email address in order for the application to work correctly. To do so, you set the application’s sender to an email address that is local the service instance:

And That’s All Folks!

Cloud Service Pillars Cloud

Advisory Services

Cloud Design Services

Cloud Provisioning and Migration

Cloud Integration and Security

Cloud Enterprise Services

Cloud Managed Services

Presenter

Presentation Notes

This will be a key slide for client meetings Needs a stronger graphic

Cloud Solutions Cloud

Development Operations(DevOps)

Hybrid Cloud Data Management

Digital TransformationIoT - Big Data

IT as a Service Modernization

Cloud Applications SaaS Enablement

Cloud Managed Services

Presenter

Presentation Notes

This will be a key slide for client meetings Needs a stronger graphic

Oracle Partner Profile

Credentials

Global Platinum Partner

Managed Strategic Partner

12 Specializations

History

Established Since 1996

Oracle Partner in US since 1996

Oracle partner in UK since 2005

Awards

Global Database Partner of Year

Titan Award Winner for Clustering

Specialized Partner of the Year

Services

Architecture Services

Install and Upgrade Services

Migration Services

Managed Services

Skills

Database Data Integration

Engineered Systems

EBS Applications Services

USP

Architecture Solutions

Blueprinted Services

Proactive Support

Presenter

Presentation Notes

New version needed – timeline and pyramid Architecture slide with specializations on architecture

73

Cintra’s cloud services & key offerings:

• Cintra Cloud Provisioning, Build, and Migration Services • Cloud provisioning & configuration • Migration for Oracle Apps to IaaS• Zero Down-Time Migrations to Cloud for Oracle Database• Migration to PaaS• VM to Cloud Lift and Shift• Dev/Test in the Cloud

• Cintra Cloud Design Services • Platform Architecture Design• Migration Design for Oracle Applications on PaaS• Service Catalog Design• DevOps Design• Operations Management Design

• Cintra Cloud Advisory Services • Cloud Strategy for Oracle Deployments• Application Readiness Assessments for Cloud• Cloud Architecture Health Check• Cloud Security Health Check• Cloud ROI Architecture Scorecard

74

How to get in contact with us to engage further:

Will Dexter | UK Sales DirectorMobile: +44 (0) 7825236598Email: [email protected]

mailto:[email protected]

http://www.cintra.com/

Documents

Oracle Cloud Workshop: Database Cloud Service