Behind*the*scenes*of*Oracle*MulCtenant - AIOUG€¦ · Oracle*Dataand*User*Data EMP DEPT ... •...
Transcript of Behind*the*scenes*of*Oracle*MulCtenant - AIOUG€¦ · Oracle*Dataand*User*Data EMP DEPT ... •...
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Behind the scenes of Oracle MulCtenant A new architecture for consolida2ng databases and simplifying opera2ons in the cloud
Deba ChaFerjee Principal Product Manager, Oracle Database
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Safe Harbor Statement The following is intended to outline our general product direcCon. It is intended for informaCon purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or funcConality, and should not be relied upon in making purchasing decisions. The development, release, and Cming of any features or funcConality described for Oracle’s products remains at the sole discreCon of Oracle.
Oracle ConfidenCal – Internal/Restricted/Highly Restricted 3
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Agenda
Horizontal ParCConing of the Data DicConary
Cloning in Oracle MulCtenant
Sharing Resources in a MulCtenant Environment
AggregaCng Data across PDBs
Security Changes
1
2
3
4
5
Oracle ConfidenCal – Internal/Restricted/Highly Restricted 4
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Agenda
Horizontal Par22oning of the Data Dic2onary
Cloning in Oracle MulCtenant
Sharing Resources in a MulCtenant Environment
AggregaCng Data across PDBs
Security Changes
1
2
3
4
5
Oracle ConfidenCal – Internal/Restricted/Highly Restricted 5
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
MulCtenant Architecture Components of a Mul2tenant Container Database (CDB)
6
Pluggable Databases
PDBs
Root CDB
MulCtenant Container Database
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
A Pluggable Database Is a Portable Database
7
Unplugging a PDB and plugging it in
GL OE AP
PO AP • Simply unplug from the old CDB…
• …and plug it into the new CDB • Moving between CDBs is a simple case of moving a PDB’s metadata
• An unplugged PDB carries with it lineage, opatch, encrypCon key info etc.
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Common Data DicConary Before 12.1: Oracle and user meta data intermingle over 2me
Database Created
Data Dictionary
User Data
Meta Data
Mature Database
Data Dictionary
User Data
Meta Data
Tables, Code, Data added
Data Dictionary
User Data
Meta Data
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
OBJ$ TAB$ SOURCE$
…
Oracle Data and User Data
OBJ$ TAB$ SOURCE$
…
EMP DEPT
…
OBJ$ TAB$ SOURCE$
…
§ Multitenant fix: Horizontally-partitioned data dictionary
§ Only Oracle system definition remains
§ Oracle and customer metadata intermingled
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Horizontally ParCConed Data DicConary
OBJ$ TAB$ SOURCE$
…
EMP DEPT
…
OBJ$ TAB$ SOURCE$
…
§ Oracle-supplied objects such as views, PL/SQL, etc., are shared across all PDBs using object “stubs”
§ In-database virtualization
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Objects in a Container database
Oracle ConfidenCal – Internal/Restricted/Highly Restricted 11
• Sharing Oracle Supplied Object definiCon • e.g. PL/SQL (DBMS_SQL) Metadata-‐Linked
• Share data stored in root across all PDBs • e.g. AWR tables (Data is stored in CDB$ROOT) Object-‐Linked
• Objects that show data from root and all available PDBs • PDB specific inside a PDB e.g. CDB_% views (CDB_USERS) Container-‐Data
• Show common metadata and PDB specific metadata • e.g. DBA_SOURCE queried within a PDB Common-‐Data
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
DicConary and Performance views
• The performance views have a new Con_ID column
• There’s a new CDB_ dicConary view family with a Con_ID column
• These are so-‐called container-‐data objects
• When queried from a PDB, the results show only Con_ID for that PDB
• When queried from the root, the results may show all Con_ID values
• The containers you see depend on an aFribute of the user that lists these (or says “all – present and future”)
PDB-‐to-‐PDB privacy; overall system image
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
CDB_xxx All objects in the mulCtenant container database across all PDBs
USER_xxx Objects owned by the current user
ALL_xxx Objects accessible by the current user
DBA_xxx All of the objects in a container or pluggable database
Data Dictionary Views
– CDB_pdbs: All PDBS within CDB – CDB_tablespaces: All tablespaces within CDB – CDB_users: All users within CDB (common and local)
• DBA dictionary views providing information within PDB:
SQL> SELECT view_name FROM dba_views WHERE view_name like 'CDB%';
SQL> SELECT table_name FROM dict WHERE table_name like 'DBA%';
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Performance Views • When queried from a PDB, queries against v$ views will show only informaCon pertaining to the PDB or the CDB as a whole.
• When queried from ROOT, v$ views and CDB_ views can return rows for more than one container. – Rows returned from querying these views have an addiConal con_id column. – These views are known as container_data views. – The container_data sekng for the common user issuing the query will determine what rows are aggregated and made visible.
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Agenda
Horizontal ParCConing of the Data DicConary
Cloning in Oracle Mul2tenant
Sharing Resources in a MulCtenant Environment
AggregaCng Data across PDBs
Security Changes
1
2
3
4
5
Oracle ConfidenCal – Internal/Restricted/Highly Restricted 15
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
MulCtenant for Provisioning Fast cloning of PDBs
16
GL OE AP
GL-‐2 GL-‐1 AP-‐1 AP-‐2 PO-‐1
PO
• PDBs can be cloned from remote CDBs
• PDBs can be cloned from within the same CDB
• Thinly provision snapshot clones in seconds
• PDBs can be cloned from non-‐CDBs
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Cloning and creaCng PDBs Rich and rapid provisioning capability delivered with the ease of SQL
create pluggable database PDB2 from PDB1@CDB2!
Provision a remote full clone
Provision a new PDB
create pluggable database PDB2 from PDB1 snapshot copy!
Thinly provision a local snapshot clone
create pluggable database PDB3 admin user PDB_Admin identified by p roles = (DBA)!
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
TradiConal File System Full copy duplicates all data blocks my_file
my_file_copy
cp my_file my_file_copy
• File is collecCon of data blocks • And headers • Copy duplicates header & data blocks
– EffecCve & simple, but expensive!
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Copy-‐on-‐Write Basics
• File is collecCon of data blocks • And headers • Copy file requires only copy of header
– Much more efficient storage – Minimal IO to create copy
• Only copy block when changed
Much more efficient storage of substan2ally similar files my_file
my_file_copy
cp my_file my_file_copy
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Provisioning & Storage Gains with Snapshots
Full Size (GB) Full Clone
24 9 min, 52 sec
216 1hr, 21 min
1300 9hr, 7 min
Internal Tests on Sun ZFS Storage Appliance
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Provisioning & Storage Gains with Snapshots
Full Size (GB) Snap Size (KB) Rela2ve Size Full Clone Snap Clone % Savings
24 140 0.00058% 9 min, 52 sec 1 min, 52 sec 80%
216 142 0.00007% 1hr, 21 min 2 min, 11 sec 97%
1300 551 0.00004% 9hr, 7 min 5 min 55 sec 99%
Internal Tests on Sun ZFS Storage Appliance
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Seed
Cloning a on-‐premise non-‐CDB to a PDB in cloud 1. Convert a non-‐CDB
upgraded to 12.1.0.2 directly as a PDB using a database link
2. The data files for clone the are copied over from the source using the database link over SQL Net
3. Once pluggable database is created you will need to run noncdb_to_pdb.sql
4. No need to generate the XML manifest file.
GL OE
GL OE
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Convert schema based consolidaCon to a PDB in cloud
Schema
GL OE AR
23
• Customers have implemented schema based consolidaCon
• The subset clone using USER_TABLESPACES clause migrate these schemas into individual pluggable databases
AP GL
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
AddiConal Plauorm Support for Cloning New Features in 12.1.0.2
• File system agnosCc snapshot clones of pluggable databases
Why ?
• Set iniCalizaCon parameter cloneDB=TRUE; Source should be READ-‐ONLY
How ?
• Support snapshot clones on local, NFS or clustered filesystem with dNFS enabled
What ?
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
DEMO
1. Create a PDB over database link 2. Create a snapshot clone
Oracle ConfidenCal – Internal/Restricted/Highly Restricted 25
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Agenda
Horizontal ParCConing of the Data DicConary
Cloning in Oracle MulCtenant
Sharing Resources in a Mul2tenant Environment
Security Changes
AggregaCng Data across PDBs
1
2
3
4
5
Oracle ConfidenCal – Internal/Restricted/Highly Restricted 26
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Managing Shared Resources Resource management in a mul2tenant environment
27
GL OE AP
High Priority Medium Priority Low Priority
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Managing Resources Between PDBs • Using Resource Manager, you can control
– CPU – Exadata I/O – Sessions – Parallel execuCon servers
• Simple-‐yet-‐powerful policies configured in terms of: – A number of shares allocated to each PDB – A “cap” (a.k.a. maximum uClizaCon limit) may be applied to each PDB
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
AllocaCng Resources in DB 12c
• Gives maximum flexibility for each PDB • Allows any PDB to consume all available resource • Risky as one PDB can run away with all resources.
No Resource AllocaCon
• Ensures all PDBs get a specific share of the resources • Allows any PDB to consume any unused resources • Kicks in at 100% resource uClizaCon. • Assumes that not all PDBs will use its allocated resources
Specify a minimum allocaCon
• Ensures all PDBs get a specific share of the resources • Prevents a PDB from taking more than the maximum value assigned. • May result in unused capacity
Specify a minimum and maximum
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Manage CPU
Pluggable Database Shares Guaranteed CPU Maximum CPU
HCM 2 2/4 = 50% 100%
CRM 1 1/4 = 25% 100%
ERP 1 1/4 = 25% 100%
2 Shares 1 Share 1 Share
A CDB Resource Plan uses shares to specify how CPU is distributed between PDBs
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Manage CPU
Pluggable Database Shares Guaranteed CPU U2liza2on Limit Maximum CPU
HCM 2 2/4 = 50% 100%
CRM 1 1/4 = 25% 50% 50%
ERP 1 1/4 = 25% 50% 50%
A CDB Resource Plan uses utilization limits to limit the CPU usage for a PDB. With utilization limits, your CPU may be under-utilized. 2 Shares 1 Share
50% 1 Share 50%
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Manage CPU
Pluggable Database Shares Guaranteed CPU U2liza2on Limit Maximum CPU
(Default direcCve) 1 50%
HCM 2 2/4 = 50% 100%
CRM default (1) 1/4 = 25% default (50%) 50%
ERP default (1) 1/4 = 25% default (50%) 50%
Configure a default directive: the default shares and utilization limit for PDBs. With a default directive, you don’t need to modify the resource plan for each PDB plug and unplug
2 Shares Default Default
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Parallel Statement Queuing in PDBs
PDB Shares Parallel Server Percentage Parallel Degree Limit
ETL 2 50 4
BI 1 50 8
DW 1 50 16
Limit the DOP of the PDB’s parallel operations.
Limit the total number of parallel servers the PDB can use at a time.
Specifies the probability that this PDB will get to launch the next parallel operation
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Sekng up Resource Manager in Oracle Enterprise Manager
• Extremely simple to manage the CDB resource plans using Enterprise Manager UI
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Agenda
Horizontal ParCConing of the Data DicConary
Cloning in Oracle MulCtenant
Sharing Resources in a MulCtenant Environment
Aggrega2ng Data across PDBs
Security Changes
1
2
3
4
5
Oracle ConfidenCal – Internal/Restricted/Highly Restricted 35
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
CONTAINERS Clause New Features in 12.1.0.2
• Provide a way to aggregate user created data from mulCple PDBs in the same container
Why ?
• select ENAME from containers(scoF.EMP) Where CON_ID in (45, 49);
How ?
• With the containers clause data can be aggregated from idenCcal tables/views across many PDBs from the root container
What ?
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Example – My Toy Company (1)
Oracle ConfidenCal – Internal/Restricted/Highly Restricted 37
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Example – My Toy Company (2)
Oracle ConfidenCal – Internal/Restricted/Highly Restricted 38
SALES_DATA SALES_DATA
ROBOTS DOLLS
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Example – My Toy Company (3) Can I write a single query to aggregate data from both PDBs ?
Oracle ConfidenCal – Internal/Restricted/Highly Restricted 39
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Agenda
Horizontal ParCConing of the Data DicConary
Cloning in Oracle MulCtenant
Sharing Resources in a MulCtenant Environment
AggregaCng Data across PDBs
Security Concepts
1
2
3
4
5
Oracle ConfidenCal – Internal/Restricted/Highly Restricted 40
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Users • Local users are the successors for customer-‐created users in a non-‐CDB
• A local user is defined only in a PDB
• A local user can administer a PDB
• A common user is defined in the root and is represented in every PDB
• A common user can log into any PDB where it has “Create Session” and can therefore administer a PDB
• The Oracle system is owned by common users
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Common Users and Privileges
• A common user can be granted privileges locally in a PDB (or root) and therefore differently in each container
• A common user can, alternaCvely, be granted a system privilege commonly – the grant is made in root and every PDB, present and future
• You can create a common role
• A common role can be granted to a common user commonly
• AuthorizaCon is checked in the container where the SQL is aFempted considering only the privileges that the user has in that container
Authoriza2on is checked in the same way as as pre-‐12.1
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
GranCng the Sysdba privilege in a PDB
• When a user authorizes AS SYSDBA in a PDB, the effect is contained to within that PDB
• NOTE: you cannot delete objects like Sys.DBMS_Sql in a PDB
• This does not enable the user to get to another container
• Gekng to a new container depends only on the privileges that the user has in the new container
You can grant any system privilege to a either local, or a common user
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Services and Sessions
• Listener locaCon, listener port, service name, username, password
• Now a service has a new property: the iniCal PDB
• A session is created in essenCally the same as before
• A local user can connect to a PDB only by using network authenCcaCon
• A local user can create a session only in the PDB where it is defined, subject, to having Create Session there
• A common user can create a session in any PDB where it has Create Session
The “five facts” have the same result as pre-‐12.1
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. |
Another way to choose the current container • For admin tasks or connecCon pooling alter session set container = PDB_01
• Of course, only a common user can do this because only a common can be known in both the present container and the desCnaCon container
• This requires the new Set Container system privilege in the desCnaCon container
Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Oracle ConfidenCal – Internal/Restricted/Highly Restricted 46