BehindthescenesofOracleMulCtenant - AIOUG€¦ · OracleDataandUserData EMP DEPT ... •...

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |

Behind the scenes of Oracle MulCtenant A new architecture for consolida2ng databases and simplifying opera2ons in the cloud

Deba ChaFerjee Principal Product Manager, Oracle Database


Safe Harbor Statement The following is intended to outline our general product direcCon. It is intended for informaCon purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or funcConality, and should not be relied upon in making purchasing decisions. The development, release, and Cming of any features or funcConality described for Oracle’s products remains at the sole discreCon of Oracle.

Oracle ConfidenCal – Internal/Restricted/Highly Restricted 3


Agenda

Horizontal ParCConing of the Data DicConary

Cloning in Oracle MulCtenant

Sharing Resources in a MulCtenant Environment

AggregaCng Data across PDBs

Security Changes

1

2

3

4

5



Agenda

Horizontal Par22oning of the Data Dic2onary




Security Changes

1

2

3

4

5



MulCtenant Architecture Components of a Mul2tenant Container Database (CDB)

6

Pluggable Databases

PDBs

Root CDB

MulCtenant Container Database


A Pluggable Database Is a Portable Database

7

Unplugging a PDB and plugging it in

GL OE AP

PO AP •  Simply unplug from the old CDB…

• …and plug it into the new CDB • Moving between CDBs is a simple case of moving a PDB’s metadata

• An unplugged PDB carries with it lineage, opatch, encrypCon key info etc.


Common Data DicConary Before 12.1: Oracle and user meta data intermingle over 2me

Database Created

Data Dictionary

User Data

Meta Data

Mature Database

Data Dictionary

User Data

Meta Data

Tables, Code, Data added

Data Dictionary

User Data

Meta Data


OBJ$ TAB$ SOURCE$

…

Oracle Data and User Data

OBJ$ TAB$ SOURCE$

…

EMP DEPT

…

OBJ$ TAB$ SOURCE$

…

§ Multitenant fix: Horizontally-partitioned data dictionary

§ Only Oracle system definition remains

§ Oracle and customer metadata intermingled


Horizontally ParCConed Data DicConary

OBJ$ TAB$ SOURCE$

…

EMP DEPT

…

OBJ$ TAB$ SOURCE$

…

§ Oracle-supplied objects such as views, PL/SQL, etc., are shared across all PDBs using object “stubs”

§  In-database virtualization


Objects in a Container database


• Sharing Oracle Supplied Object definiCon • e.g. PL/SQL (DBMS_SQL) Metadata-‐Linked

• Share data stored in root across all PDBs • e.g. AWR tables (Data is stored in CDB$ROOT) Object-‐Linked

• Objects that show data from root and all available PDBs • PDB specific inside a PDB e.g. CDB_% views (CDB_USERS) Container-‐Data

• Show common metadata and PDB specific metadata • e.g. DBA_SOURCE queried within a PDB Common-‐Data


DicConary and Performance views

•  The performance views have a new Con_ID column

•  There’s a new CDB_ dicConary view family with a Con_ID column

•  These are so-‐called container-‐data objects

• When queried from a PDB, the results show only Con_ID for that PDB

• When queried from the root, the results may show all Con_ID values

•  The containers you see depend on an aFribute of the user that lists these (or says “all – present and future”)

PDB-‐to-‐PDB privacy; overall system image


CDB_xxx All objects in the mulCtenant container database across all PDBs

USER_xxx Objects owned by the current user

ALL_xxx Objects accessible by the current user

DBA_xxx All of the objects in a container or pluggable database

Data Dictionary Views

– CDB_pdbs: All PDBS within CDB – CDB_tablespaces: All tablespaces within CDB – CDB_users: All users within CDB (common and local)

• DBA dictionary views providing information within PDB:

SQL> SELECT view_name FROM dba_views WHERE view_name like 'CDB%';

SQL> SELECT table_name FROM dict WHERE table_name like 'DBA%';


Performance Views • When queried from a PDB, queries against v$ views will show only informaCon pertaining to the PDB or the CDB as a whole.

• When queried from ROOT, v$ views and CDB_ views can return rows for more than one container. – Rows returned from querying these views have an addiConal con_id column. – These views are known as container_data views. – The container_data sekng for the common user issuing the query will determine what rows are aggregated and made visible.


Agenda


Cloning in Oracle Mul2tenant



Security Changes

1

2

3

4

5



MulCtenant for Provisioning Fast cloning of PDBs

16

GL OE AP

GL-‐2 GL-‐1 AP-‐1 AP-‐2 PO-‐1

PO

•  PDBs can be cloned from remote CDBs

•  PDBs can be cloned from within the same CDB

•  Thinly provision snapshot clones in seconds

•  PDBs can be cloned from non-‐CDBs


Cloning and creaCng PDBs Rich and rapid provisioning capability delivered with the ease of SQL

create pluggable database PDB2 from PDB1@CDB2!

Provision a remote full clone

Provision a new PDB

create pluggable database PDB2 from PDB1 snapshot copy!

Thinly provision a local snapshot clone

create pluggable database PDB3 admin user PDB_Admin identified by p roles = (DBA)!


TradiConal File System Full copy duplicates all data blocks my_file

my_file_copy

cp my_file my_file_copy

•  File is collecCon of data blocks • And headers • Copy duplicates header & data blocks

– EffecCve & simple, but expensive!


Copy-‐on-‐Write Basics

•  File is collecCon of data blocks • And headers • Copy file requires only copy of header

– Much more efficient storage – Minimal IO to create copy

• Only copy block when changed

Much more efficient storage of substan2ally similar files my_file

my_file_copy

cp my_file my_file_copy


Provisioning & Storage Gains with Snapshots

Full Size (GB) Full Clone

24 9 min, 52 sec

216 1hr, 21 min

1300 9hr, 7 min

Internal Tests on Sun ZFS Storage Appliance


Provisioning & Storage Gains with Snapshots

Full Size (GB) Snap Size (KB) Rela2ve Size Full Clone Snap Clone % Savings

24 140 0.00058% 9 min, 52 sec 1 min, 52 sec 80%

216 142 0.00007% 1hr, 21 min 2 min, 11 sec 97%

1300 551 0.00004% 9hr, 7 min 5 min 55 sec 99%

Internal Tests on Sun ZFS Storage Appliance


Seed

Cloning a on-‐premise non-‐CDB to a PDB in cloud 1.  Convert a non-‐CDB

upgraded to 12.1.0.2 directly as a PDB using a database link

2.  The data files for clone the are copied over from the source using the database link over SQL Net

3.  Once pluggable database is created you will need to run noncdb_to_pdb.sql

4.  No need to generate the XML manifest file.

GL OE

GL OE


Convert schema based consolidaCon to a PDB in cloud

Schema

GL OE AR

23

• Customers have implemented schema based consolidaCon

• The subset clone using USER_TABLESPACES clause migrate these schemas into individual pluggable databases

AP GL


AddiConal Plauorm Support for Cloning New Features in 12.1.0.2

•  File system agnosCc snapshot clones of pluggable databases

Why ?

•  Set iniCalizaCon parameter cloneDB=TRUE; Source should be READ-‐ONLY

How ?

•  Support snapshot clones on local, NFS or clustered filesystem with dNFS enabled

What ?


DEMO

1. Create a PDB over database link 2. Create a snapshot clone



Agenda



Sharing Resources in a Mul2tenant Environment

Security Changes


1

2

3

4

5



Managing Shared Resources Resource management in a mul2tenant environment

27

GL OE AP

High Priority Medium Priority Low Priority


Managing Resources Between PDBs • Using Resource Manager, you can control

– CPU – Exadata I/O – Sessions – Parallel execuCon servers

•  Simple-‐yet-‐powerful policies configured in terms of: – A number of shares allocated to each PDB – A “cap” (a.k.a. maximum uClizaCon limit) may be applied to each PDB


AllocaCng Resources in DB 12c

•  Gives maximum flexibility for each PDB •  Allows any PDB to consume all available resource •  Risky as one PDB can run away with all resources.

No Resource AllocaCon

•  Ensures all PDBs get a specific share of the resources •  Allows any PDB to consume any unused resources •  Kicks in at 100% resource uClizaCon. •  Assumes that not all PDBs will use its allocated resources

Specify a minimum allocaCon

•  Ensures all PDBs get a specific share of the resources •  Prevents a PDB from taking more than the maximum value assigned. •  May result in unused capacity

Specify a minimum and maximum


Manage CPU

Pluggable Database Shares Guaranteed CPU Maximum CPU

HCM 2 2/4 = 50% 100%

CRM 1 1/4 = 25% 100%

ERP 1 1/4 = 25% 100%

2 Shares 1 Share 1 Share

A CDB Resource Plan uses shares to specify how CPU is distributed between PDBs


Manage CPU

Pluggable Database Shares Guaranteed CPU U2liza2on Limit Maximum CPU

HCM 2 2/4 = 50% 100%

CRM 1 1/4 = 25% 50% 50%

ERP 1 1/4 = 25% 50% 50%

A CDB Resource Plan uses utilization limits to limit the CPU usage for a PDB. With utilization limits, your CPU may be under-utilized. 2 Shares 1 Share

50% 1 Share 50%


Manage CPU

Pluggable Database Shares Guaranteed CPU U2liza2on Limit Maximum CPU

(Default direcCve) 1 50%

HCM 2 2/4 = 50% 100%

CRM default (1) 1/4 = 25% default (50%) 50%

ERP default (1) 1/4 = 25% default (50%) 50%

Configure a default directive: the default shares and utilization limit for PDBs. With a default directive, you don’t need to modify the resource plan for each PDB plug and unplug

2 Shares Default Default


Parallel Statement Queuing in PDBs

PDB Shares Parallel Server Percentage Parallel Degree Limit

ETL 2 50 4

BI 1 50 8

DW 1 50 16

Limit the DOP of the PDB’s parallel operations.

Limit the total number of parallel servers the PDB can use at a time.

Specifies the probability that this PDB will get to launch the next parallel operation


Sekng up Resource Manager in Oracle Enterprise Manager

•  Extremely simple to manage the CDB resource plans using Enterprise Manager UI


Agenda




Aggrega2ng Data across PDBs

Security Changes

1

2

3

4

5



CONTAINERS Clause New Features in 12.1.0.2

• Provide a way to aggregate user created data from mulCple PDBs in the same container

Why ?

•  select ENAME from containers(scoF.EMP) Where CON_ID in (45, 49);

How ?

• With the containers clause data can be aggregated from idenCcal tables/views across many PDBs from the root container

What ?


Example – My Toy Company (1)



Example – My Toy Company (2)


SALES_DATA SALES_DATA

ROBOTS DOLLS


Example – My Toy Company (3) Can I write a single query to aggregate data from both PDBs ?



Agenda





Security Concepts

1

2

3

4

5



Users •  Local users are the successors for customer-‐created users in a non-‐CDB

•  A local user is defined only in a PDB

•  A local user can administer a PDB

•  A common user is defined in the root and is represented in every PDB

•  A common user can log into any PDB where it has “Create Session” and can therefore administer a PDB

•  The Oracle system is owned by common users


Common Users and Privileges

• A common user can be granted privileges locally in a PDB (or root) and therefore differently in each container

• A common user can, alternaCvely, be granted a system privilege commonly – the grant is made in root and every PDB, present and future

•  You can create a common role

• A common role can be granted to a common user commonly

• AuthorizaCon is checked in the container where the SQL is aFempted considering only the privileges that the user has in that container

Authoriza2on is checked in the same way as as pre-‐12.1


GranCng the Sysdba privilege in a PDB

• When a user authorizes AS SYSDBA in a PDB, the effect is contained to within that PDB

• NOTE: you cannot delete objects like Sys.DBMS_Sql in a PDB

•  This does not enable the user to get to another container

• Gekng to a new container depends only on the privileges that the user has in the new container

You can grant any system privilege to a either local, or a common user


Services and Sessions

•  Listener locaCon, listener port, service name, username, password

•  Now a service has a new property: the iniCal PDB

•  A session is created in essenCally the same as before

•  A local user can connect to a PDB only by using network authenCcaCon

•  A local user can create a session only in the PDB where it is defined, subject, to having Create Session there

•  A common user can create a session in any PDB where it has Create Session

The “five facts” have the same result as pre-‐12.1


Another way to choose the current container •  For admin tasks or connecCon pooling alter session set container = PDB_01

• Of course, only a common user can do this because only a common can be known in both the present container and the desCnaCon container

•  This requires the new Set Container system privilege in the desCnaCon container

BehindthescenesofOracleMulCtenant - AIOUG€¦ · OracleDataandUserData EMP DEPT ... •...

Documents

Transcript of BehindthescenesofOracleMulCtenant - AIOUG€¦ · OracleDataandUserData EMP DEPT ... •...

Behind*the*scenes*of*Oracle*MulCtenant - AIOUG€¦ · Oracle*Dataand*User*Data EMP DEPT ... •...

Documents

Transcript of Behind*the*scenes*of*Oracle*MulCtenant - AIOUG€¦ · Oracle*Dataand*User*Data EMP DEPT ... •...

BehindthescenesofOracleMulCtenant - AIOUG€¦ · OracleDataandUserData EMP DEPT ... •...

Transcript of BehindthescenesofOracleMulCtenant - AIOUG€¦ · OracleDataandUserData EMP DEPT ... •...