Oracle Base Database Service overview - Oracle Cloud Infrastructure Tutorial

(bright music) - [Eddie] Hello and welcome. My name is Eddie Ambler. Today we're going to take a look at the Oracle Base Database service, which runs in Oracle's Public Cloud. The Oracle Base Database Service enables you to maintain absolute control over your data while using the combined capabilities of the Oracle Database and Oracle Cloud infrastructure. Over the next few minutes, I will introduce you to this service, ensuring to highlight some of its key features and capabilities. The Oracle Base Database Service provides you with the ability to deploy full-featured Oracle Databases in Oracle's Public Cloud. The Oracle Base Database Service offers database systems on virtual machines that are available around the world in Oracle Cloud infrastructure regions. The service allows you to run Oracle Database Standard Edition and Enterprise Edition workloads on flexible virtual machine shapes. It leverages a multilevel security model that helps to protect databases with features like always-on database encryption. The Base Database service supports licensing the database server compute cores with a license-included or bring your own license model. The service currently supports the deployment of Oracle Databases with version 12c, 19c, 21c, and 23ai using virtual machines, which are referred to as DB systems. With the Oracle Base Database Service, you can choose to run and manage workloads on a single-instance virtual machine DB system, or a 2-node RAC virtual machine DB system. The Base Database Service is a co-managed service in which Oracle manages the infrastructure and you manage the contents of the database VM. To simplify user-managed tasks, the service provides you with a rich set of cloud automation functions that allows you to conduct tasks on your schedule. Now let's dig into the powerful set of cloud automation functions and tools that the Base Database Service provides to allow you to easily conduct database lifecycle operational tasks on your schedule. Having automated database lifecycle management capabilities in the cloud helps IT teams to avoid configuration and maintenance errors, and reduces the required database administration workload and the time required to deploy new database environments. Database lifecycle management in the cloud automates time-consuming tasks such as database provisioning, resource scaling, patching, backup and recovery, HA and DR deployments with Data Guard, all on your schedule with security built in at all layers. Cloud automation frees your DBA team from these tasks, allowing them to focus on delivering value-added functions to their line of business. When you run the Oracle Database in the cloud, you have a choice of two cost-effective compute core licensing models that you can leverage to best meet your business needs. The license-included model includes all of the Oracle Database Enterprise Edition options, plus the Oracle Database Enterprise Manager packs. This subscription model is ideal for customers without sufficient existing Oracle Database licenses seeking to build new applications, or customers seeking to use Oracle Database features beyond what they're currently licensed to use. The cost efficiency of license-included model and elastic OCPU metering usually drives innovation with Oracle Database features that might have been out of reach due to cost with the on-premise licensing model. The bring your own license model is designed to minimize costs when migrating existing workloads to the cloud. In a BYOL model, customers can deploy their existing database and database option licenses to their Oracle Cloud Database service. When a customer brings an Oracle Database Enterprise Edition license to the Oracle Cloud with the BYOL model, they're granted the rights to use transparent data encryption, diagnostic pack, tuning pact, data masking and subsetting pack, and real application testing without needing to bring those licenses to the cloud. BYOL customers can also save on their existing Oracle Database software support costs by leveraging the Oracle Support Rewards program, which provides them with 25% credit of their cloud spend that can be applied towards their on-premise support bill. When leveraging Oracle Base Database service with the license-included model, you can choose to license your compute cores using one of four licensing tiers. Each cloud database licensing tier provides access to additional database options and also includes all of the database options from the lower tier. The first tier is Standard Edition 2, which includes the license for multitenant for up to three or less pluggable databases per container, machine learning, spatial, and graph. The second tier is Enterprise Edition, which adds database features such as Data Guard and the enterprise management packs for data masking and subsetting, and tuning and diagnostics. The third tier is Enterprise Edition High Performance, which adds a lifecycle and cloud management packs, as well as partitioning, advanced compression, and advanced security. And if you need multitenant with more than three PDBs, you'll need Enterprise Edition High Performance as well. And the fourth tier is Enterprise Edition Extreme Performance, which has all of the previously discussed features plus active Data Guard, real application clusters, known as RAC, and database in-memory. Since security's at the top of Oracle's Cloud mission, note that all of the licensing tiers include Oracle's Database transparent data encryption. If you're licensing the Base Database service with RAC or the Exadata Database Service with license-included, note that both will require the use of the Enterprise Edition Extreme Performance CPU licensing tier. The Oracle Base Database Service enables customers to build, scale, and manage full-featured Oracle Databases on virtual machines. The key benefits of running databases on VMs are ease of getting started, durable and scalable storage, and the ability to run real application clusters to improve availability. With this service, you are the only one who has root access to your database VM. When launching a virtual machine DB system, you select the Oracle Database edition and version that you want to be created on the virtual machine DB system. A single container database is then created in the VM with the database version you selected. You can then choose the desired number of OCPUs and corresponding memory size that meet your workload requirements. With Base Database service, OCPU usage is billed by the second based on the license tier selection you make. Oracle Base Database Service uses block volumes that are attached to the VM for its data storage. For the database storage, simply specify the amount of storage that you want for data, and the cloud automation will do the rest. For backups, the Base Database service has a choice of using object storage or the recovery service, which is the default option for the backup destination. The recovery service offers more backup and recovery features and the ability to achieve a better recovery time and recovery point objective at the same price point as using object storage for the backup destination. When creating the Base Database service, you will have a choice of Ampere, AMD, and Intel flexible shapes and high-performance OCI block volume storage to choose from that can satisfy a broad range of application and business requirements. The maximum number of OCPUs, memory, and storage for your database on a virtual machine depends on the shape you choose. Note that the amount of memory allowed is based on the number of OCPUs selected, and the ratio of memory to OCPUs depends on the shape that you select. After creating your virtual machine database system, you can scale the usable block volume storage online up to 80 terabytes for data and 20 terabytes for RECO. Note that the available IO performance will increase as you scale up the amount of allocated storage. Although Base Database service supports single-instance and 2-node RAC deployments, you cannot scale your existing VM from a single-node VM to a two-node VM. Deploying the Base Database service as a 2-node RAC requires the use of the Extreme Performance Edition license. When you're scaling the OCPU with a 2-node RAC virtual machine DB system, the CPU change is done in a rolling manner on one virtual machine at a time. Let's review the four different types of compute shapes that are available for the Base Database service DB system shape. These shapes range in CPU configurations from one to 64 cores to support customers with small to large size database workloads. There are three flexible VM shape types to choose from. The Ampere flexible shape is the most economical shape, but it is only supported on logical volume manager and on single-node DB systems. Also, Oracle Database Standard Edition is not supported on Ampere A1 shape-based DB systems. For Ampere flex VM shapes, the OPCUs can be assigned from one to 57 in increments of one, and the memory is allocated at eight gigabytes per OCPU. As you increase the allocated OCPUs, the available network throughput for your VM configuration will be increased by one gigabit per OCPU all the way up to 40 gigabits per second. The Intel and AMD flexible shapes both provide you with the ability to run single-instance or 2-node RAC database systems, and both support standard and Enterprise Edition databases. For the Intel Flex VM shapes, the OCPUs can be assigned from one to 32 in increments of one, and the memory is allocated at 16 gigabytes per OCPU. As you increase the allocated OCPUs, the available network throughput for your VM configuration will be increased by one gigabyte per second per OCPU up to 32 gigabytes per second. For the AMD flex VM shapes, the OPU can be assigned from one to 64 in increments of one, and the memory is allocated at 16 gigabytes per OCPU. As you increase the allocated OCPUs, the available network throughput for your VM configuration will be increased by one gigabit per second per OCPU, all the way up to 40 gigabits per second. The fourth and final shape option is the older standard fixed shapes. Note that fixed VM shapes are available from one to 24 OCPUs, and that the memory is allocated at 15 gigabytes per OCPU, and that to scale a fixed shape DB system, you must change to another shape size. Remember, when planning for OCPU scaling that changing the shape from a single-instance VM DB system to a 2-node RAC VM DB system is not supported. Now let's take a look at the available storage architecture options for creating the Base Database service VM DB system. When creating your Base Database service instance, there's a choice of logical volume manager or grid infrastructure storage management. For single-node virtual machine deployments, you can select logical volume manager or ASM for your storage management architecture. When deploying a single-node Base Database service DB system, you can select a fast provisioning option that allows you to create your database VM system with block storage using logical volume manager as the storage management software. The default storage architecture for the Base Database service is Oracle Automatic Storage Management, known as ASM. When you select ASM storage management for the virtual machine database system, ASM uses data and RECO disk groups by default when you create a virtual machine DB system. The ASM disk group allocation will be 80% for data and 20% for the RECO storage. Block storage provides triple mirroring of the data. The use of ASM for the storage management layer is required for 2-node RAC DB system deployments. Note that DB system clones are also supported for both LVM and ASM storage management. Since a virtual machine DB system uses Oracle Cloud infrastructure block storage, you will specify your desired storage size when you launch the system. Once the DB system has been created, you can scale up the storage online as needed at any time. Before we proceed further, let's take a look at the Oracle Cloud concepts of regions, availability domains, and fault domains. In Oracle Cloud, a region is a single localized geographical area where Oracle has deployed Oracle Cloud infrastructure. Each region is wholly independent of other regions and can be thousands of miles apart from other regions, and availability domain consists of a set of data centers within an Oracle Cloud infrastructure region. The availability domains within a region are interconnected via a low latency network. A region can have multiple isolated availability domains with separate power and cooling. A fault domain is a grouping of hardware and infrastructure within an availability domain. Each availability domain contains three fault domains. Fault domains are used to reduce the impact of hardware failures. Now that we've covered what fault domains, availability domains, and regions are, let's take a look at how they are used to deliver high-availability and disaster recovery protection for the Base Database service. When you create your Base Database service as a 2-node RAC deployment, you select an availability domain, and to improve availability, the individual virtual machines in the configuration are deployed on separate physical servers in separate fault domains. Placing the database servers on separate fault domains isolates each RAC database instance, so they both won't be impacted by the same network failure, power failure, or outages from the same infrastructure maintenance window. Additional availability can be added to the Base Database service by adding a standby Data Guard instance in another availability domain to protect against availability domain outages. You can also create a standby Data Guard instance that is deployed in another region to provide disaster recovery protection. A key feature of Base Database service is that the Oracle best practices are built in. You no longer need to comb over technical briefs and documentations to figure out how to deploy your database for best performance, availability, and security. Just deploy using the cloud automation, and your system will be optimally configured. You have the option to deploy Oracle RAC to provide a scalable, highly available database. Oracle RAC protects from unplanned failures by spreading work across multiple database instances. In addition to RAC, system and database updates are deployed in a rolling manner to maintain system availability. To provide additional availability protection, automatic backups and replication with Data Guard can be easily configured for local HA or disaster recovery using the cloud automation. In fact, the Base Database service supports all of the Oracle maximum availability architecture technologies, which form the high-availability blueprint for Oracle Databases in the cloud. This table is a quick reference to the MAA components and the four license-included tiers available for the Base Database service. The components used to deliver and enhance availability for the Base Database service are flashback, backup and recovery, multitenant, RAC, Data Guard, and application continuity. Flashback, as well as backup and recovery, are available with all license-included editions. Multitenant is available in all database editions with up to three PDB without a license. For database instances licensed with the high-performance or extreme performance licensing tier, the PDB limit is lifted, and you can deploy up to 4,098 PDBs. Data Guard is available with all of the Enterprise Editions license tiers, but if you need the benefits of active Data Guard, then you must use the Enterprise Edition Extreme Performance licensing tier. Two-node database deployments with RAC also require the use of the Enterprise Edition Extreme Performance license. Finally, application continuity is only available with environments license for Enterprise Edition Extreme Performance because it requires active Data Guard and/or RAC licenses. Ensure that the license-included edition that you select, when provisioning the Base Database service DB system, has the features that aligns with your availability requirements. At the core of every layer in the Oracle Cloud is security. Oracle strategy to security is defense-in-depth, which is designed to permit authorized work and prevent, detect, and respond to unauthorized work. Defense-in-depth works by implementing controls throughout the Oracle stack to strike the prudent balance of risk mitigation and operational efficiency. The bubble drawing shows the concentric circles that protects data expanded out so that you can see how each ring adds to the defense-in-depth posture. The Base Database service security posture starts by securing the data in the Oracle Database. Oracle Database security features lead the industry in helping to prevent unauthorized data access, and includes the following, transparent data encryption to encrypt user data at rest, data redaction, masking and subsetting to permit users to see only the relevant data to do their job, key vault to separate the control of PDE keys from control of the Base Database service infrastructure, customer VMs and databases, database vault to control DBA access so that DBAs are prevented from accessing user data with SQL queries, database firewall to control what SQL statements can be executed against a database, Data Safe to automatically detect sensitive data and assess risk so that you can better secure your database. The virtual machine DB systems are built from the hardened operating system image based on Oracle Linux 7. It secures the core operating environment by restricting the installation image to only the required software packages, disabling unnecessary services and implementing secure configuration parameters throughout the system. The networking is implemented with OCI Virtual Cloud Networks, or VLANs, to isolate access to your databases. To further protect database user and application connections, the Base Database service provides Oracle native network encryption to encrypt connections from the database clients in applications to the database. The Base Database service also constitutes a complete deployment and service, and is subject to industry standard external audits such as PCI, HIPAA, and ISO 27001. These external audit requirements impose additional value-added service features such as anti-virus scanning, automated alerting for unexpected changes to the system, and vulnerability scans for all Oracle managed infrastructure systems in the fleet. By integrating the security features throughout the stack, Oracle's approach to defense-in-depth security provides you the control you need to govern how instances of your cloud services can be created, accessed, used, maintained, and destroyed. (graphics whoosh)