Database Reference
In-Depth Information
What about the total cost of ownership (TCO) numbers? Oracle publishes numbers—just like all vendors do for
their competing products. Oracle's ODA TCO studies can currently be found on Oracle's main ODA product page.
Oracle's numbers can be helpful in supporting your initial purchase. However, the best TCO numbers are the ones
that you put together for your company as you gain experience with the platform.
Oracle Hardware
ODAs take advantage of the standard Oracle (formerly Sun) hardware facilities to administer the appliance and
harden it from routine failures. The management facilities include the ILOM and Automatic Service Request (ASR)
facilities. As you've seen previously in this topic, ILOMs let you remotely administer the hardware, such as powering it
down and up, and running a complete set of diagnostics. The ILOM functionality is so comprehensive that at the time
of this writing, Oracle has published eight separate manuals to cover all of the facilities. Similarly, the ASR software
provides phone-home capabilities to automatically issue alerts and upload hardware fault messages to Oracle to
initiate the service request process.
The ODA hardware is both modular and resilient. The servers are modular, consisting of two separate units
cabled together. Similarly, the storage is modular. The power supplies are redundant and field replaceable. The disk
drives are hot replaceable.
The Oracle hardware is supported by a field services unit that will fix any hardware failures that are encountered.
Backing up the field services unit is the Oracle support organization that will respond to service requests by assisting
with diagnostics to determine the cause of the issue, and then dispatch the field services group to fix the problem.
Security and Compliance
The first security feature of ODAs is the inclusion of the quarterly PSU bug fix and security patching in the quarterly
ODA release. The quarterly ODA patches are documented in MOS note 888888.1. Oracle will release the quarterly
ODA releases approximately two to four weeks after Oracle releases the quarterly PSU patch set. Oracle follows
this approach to include the latest security patches in each ODA release, and continues the process of testing all
components of a patch set as a complete unit. The ease of the one-button patching process is a key enabler of keeping
ODAs patched regularly to keep the systems compliant. Keeping systems patched with the most up-to-date security
patches is a requirement of PCI (the credit card industry) and other security compliance certifications.
The second security implementation feature for ODAs is security scanning during the development release
process. Oracle uses security scanning software from a third-party vendor to independently perform these checks.
The scan results are used to upgrade the Oracle Linux package versions deployed on an ODA to keep the system
compliant.
The third security mechanism for locking down ODAs is the ODA-specific Oracle-supplied STIG script (MOS
notes 1456609.1 and 1461102.1). The STIG script is part of the US Department of Defense's Security Technical
Implementation Guide (STIG) process. Running the STIG script is a two-step process. In first step, the script can be
run in check mode to search for security violations. In the second step, the “fix” process allows these flagged violations
to be corrected.
Some of the STIG security checks include the following list, developed by looking at the code. The list of security
checks performed is not detailed in the MOS notes.
Category 1: This is DOD speak for “You had better fix this.”
grub enabled?
Is the password for
sendmail decode command commented out in /etc/aliases ?
Is the
halt present?
Is the privilege account
 
Search WWH ::




Custom Search