Database Reference
In-Depth Information
Future Learning Sources
I have studied using the excellent Oracle On Demand platform, but the videos don't keep up with the new software
versions as fast as I would like and tend to be quite formal and instructor oriented. For more terse “nugget”-style tech
“How-to” videos I recommend the Oracle Learning Library, which is publishing to YouTube. As an example, this video
Well done, Oracle, for opening up the e-learning platforms.
New technology opens up organizational change-management issues, so management skills for senior DBAs will
be crucial.
Managing Change
Management strategies are moving more from human team management to “resource” management as PAC
enables closer control of high privilege. Change tickets become shorter and more tightly planned and DBA access
less frequent often enabling the SYS password to be put under break-glass cover, as preparation for consolidation to
shared infrasture AKA cloud.
From experiences of e-government deployments it is sometimes necessary to build a new separate working
Cloud infrastructure as a mirror of current internal functionality seperately. Once a working copy in the Cloud is
achieved then the old internal system can be safely consolidated. This avoids the Jacquard Loom Sabot scenario.
In order to control internal resources, DBA privilege management is moving from preventing privilege escalation
to also preventing the extension of privilege over time-ticketed boundaries. Yet Oracle is still susceptible to sabotage
given that the most important component, the EM12c repository DB, is still on an old and vulnerable version of the
DB. This needs updating urgently.
On the positive side, recovering startup economies require fast provisioning and highly scalable systems that are
enabled by virtualized cloud deployments and 12c database. The closer relationship between customer and vendor
leading up to a cloud deployment will require close support processes. I have noticed that MOS note IDs appear to be
removable by Oracle, so one tip is to keep local copies of notes in case they get removed by Oracle support.
Also on the positive side, the free licensing of SSL and network encryption represents an opportunity for
significant risk reduction and will be at the center of many new project proposals.
Looking at the last Oracle DB exploit published in the exploit DB we can that it is the stealth brute-force issue
DB security in general is moving from software vulnerabilities to account management, so fewer CPUs and more
ID management with privileged access control is the order of the day. This trend is corroborrated by the sale of one of
the early DB vulnerability research companies, namely AppSecInc, to Trustwave.
12c improves on 11g account management issues, such as SYS password insecurities with dataguard, by
providing SYSDG privilege. This is a significant attraction of 12c, but PDB/CDB architecture user management can
be misleading, as SYS has the same password on all PDBs, but local users with the same username can have different
passwords.
Multi-tenant Future?
The most significant change on many DBA managers' agendas is the upgrade plan for 12c. The first question will be,
should I consider multi-tenant (pluggable database architecture)? Of interest is the fact that initially the first two PSUs
for 12c cannot be applied to multi-tenant RAC. Oracle has now reportedly decided to try and support RAC
multi-tenant for future PSUs, as discussed by Oracle's upgrade expert David Dietrich at this URL:
