SlideShare uma empresa Scribd logo

Harvard University database

Transferir como PPT, PDF
Md.Mojibul Hoque
Md.Mojibul Hoque

This document covers performance and security topics for Oracle Database Administration. It discusses performance tuning at the system, database and application levels. Key aspects of SQL processing architecture like the parser, optimizer, row source generator and execution are explained. The document also covers security frameworks, patching, user accounts, passwords, encryption, auditing and hacking/forensics. Reading materials on performance tuning and security are recommended.

Educação
1 de 52
Harvard University Oracle Database Administration Session 13 Performance and Security
Harvard University Performance  Wholistic view  System level  Database level  Application level
Harvard University Performance Tuning  Trade-offs Between Response Time and Throughput  OLTP applications define performance in terms of throughput  Decision Support Systems define performance in terms of response time  Response time = service time + wait time
Harvard University SQL Processing Architecture
Harvard University SQL Syntax  The syntax for the SELECT statement is: – SELECT columns FROM tables WHERE predicates;  From http://www.techonthenet.com/sql/select.php  Good Information source for basic SQL statements
Harvard University Parser  The parser performs two functions: – Syntax analysis: This checks SQL statements for correct syntax – Semantic analysis: Checks that the current database objects and object attributes are correct
Harvard University Optimizer  The optimizer is the heart of the SQL processing engine. The Oracle server provides one method of optimization: cost- based optimizer (CBO).  Default CBO – all_rows
Harvard University Row Source Generator  The row source generator receives the optimal plan from the optimizer  It outputs the execution plan for the SQL statement  A set of rows returned by an execution step is called a row source  The execution plan is a collection of row sources, structured in the form of a tree
Harvard University Row Source Generator  A row source is an iterative control structure  It processes a set of rows, one row at a time, in an iterative manner. A row source produces a data set.
Harvard University SQL Execution  The combination of steps required to execute a statement is called an execution plan  An execution plan includes an access method for each table that the statement accesses and an ordering of the tables(the join order), if required.
Harvard University SQL Execution  To perform a full table scan, Oracle reads all rows in the table, examining each row to determine whether it satisfies the statement’s WHERE clause
Harvard University SQL Execution  SQL execution is the component that operates on the execution plan associated with a SQL statement  It then produces the results of the query.  The optimizer determines the most efficient way to execute a SQL statement
Harvard University SQL Execution  To execute a DML statement, Oracle may need to perform many steps.  Each of these steps either retrieves rows of data physically from the database or prepares them in some way for use in the next step
Harvard University Explain Plan  The EXPLAIN PLAN statement displays execution plans chosen by the Oracle optimizer for SELECT, UPDATE, INSERT, and DELETE statements  A SQL statement’s plan is the sequence of operations Oracle performs to execute the statement
Harvard University Explain Plan  The components of execution plans include: – An ordering of the tables referenced by the statement. – An access method for each table mentioned in the statement. – A join method for tables affected by join operations in the statement.
Harvard University Explain Plan  EXPLAIN PLAN output shows how Oracle executes SQL statements  The EXPLAIN PLAN results cannot differentiate between well-tuned statements and those that are poorly performed  If the EXPLAIN PLAN output shows that a statement uses an index, this does not mean the statement runs efficiently
Harvard University Explain Plan  Sometimes using indexes can be extremely inefficient  It is best to use EXPLAIN PLAN to determine an access plan, and later prove that it is the optimal plan through testing  When evaluating a plan, always examine the statement’s actual resource consumption
Harvard University Explain Plan  Use the SQL trace facility and TKPROF to examine individual SQL statement performance (relative cost)  Before issuing an EXPLAIN PLAN statement, create a table to hold its output  Run the SQL script UTLXPLAN.SQL to create a sample output table called PLAN_TABLE in your schema
Harvard University Explain Plan  The UTLXPLAN.SQL is located under $ORACLE_HOME/rdbms/admin  PLAN_TABLE is the default table into which the EXPLAIN PLAN statement inserts rows describing execution plans
Harvard University Explain Plan  EXPLAIN PLAN SET STATEMENT_ID = ‘1’ INTO plan_table FOR <select * from v$datatbase>;  EXPLAIN PLAN SET STATEMENT_ID = ‘value’ INTO plan_table FOR <sql_statement>;
Harvard University Explain Plan  Display the most recent plan table output using the following scripts: – UTLXPLS.SQL - Shows plan table output for serial processing – UTLXPLP.SQL - Shows plan table output with parallel execution columns http://www.dbspecialists.com/presentations.html#explain_a
Harvard University Autotrace  SET AUTOTRACE ON EXPLAIN STATISTICS  SET AUTOTRACE OFF
Harvard University System Statistics  The gathered systems statistics are: – single block readtime in ms – multiblock readtime in ms – cpu speed in mhz – average multiblock_read_count in number of blocks
Harvard University System Statistics  http://www.oracle.com/technology/pub/articles /lewis_cbo.html  http://www.oracle.com/technology/pub/articles /tech_dba.html
Harvard University Security Framework Confidentiality Availability Integrity
Harvard University Environment Boundaries
Harvard University Strategic and Tactical
Harvard University Security Readiness  Security Framework  Defines steps  Repeatable  Verifiable  Business ‘requirements’ focused  http://iase.disa.mil/stigs/SRR/index.html
Harvard University Security Readiness  Regulations – Sarbanes-Oxley (SOX) – Gramm-Leach-Bliley (GLBA) – Health Insurance Portability and Accountability (HIPAA) – Payment Card Industry Data Security (PCI) – Federal Information Security Management (FISMA)
Harvard University Security Readiness  Secure the Network  Monitor the Network  Access Control Methods – Who – What  Audit Access and Data – Who – When – What
Harvard University Security Readiness  Encrypt specific data – SSN # – Credit Card #  Document Procedures
Harvard University Security Patches  Released 4 times a year – January – April – July – October  The single most significant step to take to protect your databases
Harvard University Security Patches  Ensure that you are using current product versions  Apply the appropriate Mandatory patches  Stay current with Security patches for the ‘environment’  Database and Application Server patches are cumulative  Application Products are not cumulative
Harvard University Init.ora parameters  Sql92_security = true – User must have ‘select’ on a table to be able to run ‘update’ or ‘delete’ statements  07_dictionary_accesssibility = false
Harvard University Accounts  Default Accounts and default passwords – 700+ accounts depending on what products are installed – 3rd party products  User profiles – Complex passwords – Script utlpwdmg.sql – /u01/app/oracle/product/ {ORACLE_HOME}/rdbms/admin
Harvard University Accounts  This script sets the default password resource parameters  This script needs to be run to enable the password features.  However the default resource parameters can be changed based on the need.  A default password complexity function is also provided.  This function makes the minimum complexity checks like the minimum length of the password, password not same as the username, etc. The user may enhance this function according to the need.
Harvard University Passwords  The default password list – http://www.petefinnigan.com/default/default_pass word_list.htm  More password information – http://www.databasejournal.com/features/oracle/ article.php/3395721
Harvard University SSL  Secure Socket Layer  Certificates  Prevent attacks from the ‘side’  Network sniffing  Virtual Private Network (VPN) tunnel  Virtual Private
Harvard University Listener  From 10g onwards no specific ‘listener’ password required  Only the owner of the tnslsnr process can run ‘listener’ command  The ‘listener.ora’ file should be write protected  http://andrewfraser.wordpress.com/2007/05/24/listen
Harvard University Transparent Data Encryption  Transparent data encryption is a key-based access control system  Must be decrypted by a key to be understood  The key is stored in an Oracle Wallet  In 10g, columns in tables can be encrypted  In 11g, tablespaces and/or columns can be encrypted
Harvard University Transparent Data Encryption  http://www.oracle.com/technology/deploy/secu rity/database-security/transparent-data- encryption/tde_faq.html  http://www.databasejournal.com/features/orac le/article.php/3649956
Harvard University SQL Injection  It is a method of inserting SQL commands as if they were user input  An attacker can append data and commands to an existing sql query  Usually occurs at the URL  The username and password screens are the most vulnerable as they are the ‘front door’ to your application
Harvard University Buffer Overflow  An application has an array (buffer) setup to hold data.  Usually with languages C and C++  The array may not have specific boundaries setup  If identified, a hacker can write data to this buffer, overrun the array boundary and replace other data values stored in memory
Harvard University Buffer Overflow  Overflow is the process of writing to adjacent buffers  http://www.windowsecurity.com/articles/Analy sis_of_Buffer_Overflow_Attacks.html
Harvard University Auditing  Enable auditing at the DB level by issuing the below listed command  ALTER SYSTEM SET audit_trail=db SCOPE=SPFILE; (if spfile in use)  Add the following to the startup script  EXECUTE dbms_workload_repository.create_snapshot()  audit connect;
Harvard University Auditing  Audit data is stored in the aud$ table in the ‘system’ tablespace  Purge the data in the AUD$ table periodically or make sure that there is adequate space in “SYSTEM” tablespace.  Recycle the environment to enable auditing
Harvard University Auditing  Data collected – Login/logout – Source IP – Programs used to connect from  Describe aud$ for more information
Harvard University Advanced Security Option (ASO)  Encrypted sql*net  Used to secure direct connections to the database.  Can encrypt data moving in both directions  Needs client side setup – Sql*net.ora – SQLNET.CRYPTO_SEED = (some value)  SQLNET.ENCRYPTION_TYPES_SERVER  SQLNET.ENCRYPTION_TYPES_CLIENT
Harvard University Hacking  http://www.dbasupport.com/oracle/ora10g/hac king01.shtml
Harvard University Forensics  If some one gets into your database, what did that do. – What did they look at – What did they change – Did they extract any data  http://www.ngssoftware.com/  http://www.ngssoftware.com/company- news/oracle-forensics-a-new-series-of- papers-by-david-litchfield/
Harvard University Recap  Design performance into the database setup and configuration  Have a security and performance mind set  Understand your application and make decisions based on that understanding  No absolutes  Be willing to change course
Harvard University Reading  Oracle Performance Tuning, Oracle Press – Richard J.Niemiec  Oracle 10g and 11g Security Guide  Practical Oracle Security (e-book) – http://www.syngress.com/catalog/?pid=4620  Other Sources – http://infosecurity.us/ – http://www.ngssoftware.com/

Recomendados

Oracle RAC 12c Release 2 - Overview
Oracle RAC 12c Release 2 - OverviewOracle RAC 12c Release 2 - Overview
Oracle RAC 12c Release 2 - OverviewMarkus Michalewicz
 
Paper: Oracle RAC Internals - The Cache Fusion Edition
Paper: Oracle RAC Internals - The Cache Fusion EditionPaper: Oracle RAC Internals - The Cache Fusion Edition
Paper: Oracle RAC Internals - The Cache Fusion EditionMarkus Michalewicz
 
New in Oracle Universal Installer (OUI)
New in Oracle Universal Installer (OUI) New in Oracle Universal Installer (OUI)
New in Oracle Universal Installer (OUI) Markus Michalewicz
 
Oracle RAC on Extended Distance Clusters - Customer Examples
Oracle RAC on Extended Distance Clusters - Customer ExamplesOracle RAC on Extended Distance Clusters - Customer Examples
Oracle RAC on Extended Distance Clusters - Customer ExamplesMarkus Michalewicz
 
Oracle Cloud is Best for Oracle Database - High Availability
Oracle Cloud is Best for Oracle Database - High AvailabilityOracle Cloud is Best for Oracle Database - High Availability
Oracle Cloud is Best for Oracle Database - High AvailabilityMarkus Michalewicz
 
What's New and Coming in Oracle ASM 12c Rel. 2 - by Jim Williams
What's New and Coming in Oracle ASM 12c Rel. 2 - by Jim WilliamsWhat's New and Coming in Oracle ASM 12c Rel. 2 - by Jim Williams
What's New and Coming in Oracle ASM 12c Rel. 2 - by Jim WilliamsMarkus Michalewicz
 
Paper: Oracle RAC and Oracle RAC One Node on Extended Distance (Stretched) Cl...
Paper: Oracle RAC and Oracle RAC One Node on Extended Distance (Stretched) Cl...Paper: Oracle RAC and Oracle RAC One Node on Extended Distance (Stretched) Cl...
Paper: Oracle RAC and Oracle RAC One Node on Extended Distance (Stretched) Cl...Markus Michalewicz
 
Understanding oracle rac internals part 2 - slides
Understanding oracle rac internals part 2 - slidesUnderstanding oracle rac internals part 2 - slides
Understanding oracle rac internals part 2 - slidesMohamed Farouk
 

Recomendados

Oracle RAC 12c Release 2 - Overview
Oracle RAC 12c Release 2 - OverviewOracle RAC 12c Release 2 - Overview
Oracle RAC 12c Release 2 - OverviewMarkus Michalewicz
 
Paper: Oracle RAC Internals - The Cache Fusion Edition
Paper: Oracle RAC Internals - The Cache Fusion EditionPaper: Oracle RAC Internals - The Cache Fusion Edition
Paper: Oracle RAC Internals - The Cache Fusion EditionMarkus Michalewicz
 
New in Oracle Universal Installer (OUI)
New in Oracle Universal Installer (OUI) New in Oracle Universal Installer (OUI)
New in Oracle Universal Installer (OUI) Markus Michalewicz
 
Oracle RAC on Extended Distance Clusters - Customer Examples
Oracle RAC on Extended Distance Clusters - Customer ExamplesOracle RAC on Extended Distance Clusters - Customer Examples
Oracle RAC on Extended Distance Clusters - Customer ExamplesMarkus Michalewicz
 
Oracle Cloud is Best for Oracle Database - High Availability
Oracle Cloud is Best for Oracle Database - High AvailabilityOracle Cloud is Best for Oracle Database - High Availability
Oracle Cloud is Best for Oracle Database - High AvailabilityMarkus Michalewicz
 
What's New and Coming in Oracle ASM 12c Rel. 2 - by Jim Williams
What's New and Coming in Oracle ASM 12c Rel. 2 - by Jim WilliamsWhat's New and Coming in Oracle ASM 12c Rel. 2 - by Jim Williams
What's New and Coming in Oracle ASM 12c Rel. 2 - by Jim WilliamsMarkus Michalewicz
 
Paper: Oracle RAC and Oracle RAC One Node on Extended Distance (Stretched) Cl...
Paper: Oracle RAC and Oracle RAC One Node on Extended Distance (Stretched) Cl...Paper: Oracle RAC and Oracle RAC One Node on Extended Distance (Stretched) Cl...
Paper: Oracle RAC and Oracle RAC One Node on Extended Distance (Stretched) Cl...Markus Michalewicz
 
Understanding oracle rac internals part 2 - slides
Understanding oracle rac internals part 2 - slidesUnderstanding oracle rac internals part 2 - slides
Understanding oracle rac internals part 2 - slidesMohamed Farouk
 
Oracle Multitenant meets Oracle RAC - IOUG 2014 Version
Oracle Multitenant meets Oracle RAC - IOUG 2014 VersionOracle Multitenant meets Oracle RAC - IOUG 2014 Version
Oracle Multitenant meets Oracle RAC - IOUG 2014 VersionMarkus Michalewicz
 
Oracle RAC 12c Collaborate Best Practices - IOUG 2014 version
Oracle RAC 12c Collaborate Best Practices - IOUG 2014 versionOracle RAC 12c Collaborate Best Practices - IOUG 2014 version
Oracle RAC 12c Collaborate Best Practices - IOUG 2014 versionMarkus Michalewicz
 
Cluster Health Advisor (CHA) Deep Dive by Mark Scardina
Cluster Health Advisor (CHA) Deep Dive by Mark ScardinaCluster Health Advisor (CHA) Deep Dive by Mark Scardina
Cluster Health Advisor (CHA) Deep Dive by Mark ScardinaMarkus Michalewicz
 
Oracle RAC One Node 12c Overview
Oracle RAC One Node 12c OverviewOracle RAC One Node 12c Overview
Oracle RAC One Node 12c OverviewMarkus Michalewicz
 
Oracle RAC 12c Rel. 2 for Continuous Availability
Oracle RAC 12c Rel. 2 for Continuous AvailabilityOracle RAC 12c Rel. 2 for Continuous Availability
Oracle RAC 12c Rel. 2 for Continuous AvailabilityMarkus Michalewicz
 
How to Use Oracle RAC in a Cloud? - A Support Question
How to Use Oracle RAC in a Cloud? - A Support QuestionHow to Use Oracle RAC in a Cloud? - A Support Question
How to Use Oracle RAC in a Cloud? - A Support QuestionMarkus Michalewicz
 
Oracle RAC 12c Overview
Oracle RAC 12c OverviewOracle RAC 12c Overview
Oracle RAC 12c OverviewMarkus Michalewicz
 
Oracle RAC 11g Release 2 Client Connections
Oracle RAC 11g Release 2 Client ConnectionsOracle RAC 11g Release 2 Client Connections
Oracle RAC 11g Release 2 Client ConnectionsMarkus Michalewicz
 
Oracle RAC Internals - The Cache Fusion Edition
Oracle RAC Internals - The Cache Fusion EditionOracle RAC Internals - The Cache Fusion Edition
Oracle RAC Internals - The Cache Fusion EditionMarkus Michalewicz
 
Oracle RAC - Customer Proven Scalability
Oracle RAC - Customer Proven ScalabilityOracle RAC - Customer Proven Scalability
Oracle RAC - Customer Proven ScalabilityMarkus Michalewicz
 
Understanding oracle rac internals part 1 - slides
Understanding oracle rac internals part 1 - slidesUnderstanding oracle rac internals part 1 - slides
Understanding oracle rac internals part 1 - slidesMohamed Farouk
 
Why Upgrade to Oracle Database 12c?
Why Upgrade to Oracle Database 12c?Why Upgrade to Oracle Database 12c?
Why Upgrade to Oracle Database 12c?DLT Solutions
 
Oracle RAC 12c Best Practices Sanger OOW13 [CON8805]
Oracle RAC 12c Best Practices Sanger OOW13 [CON8805]Oracle RAC 12c Best Practices Sanger OOW13 [CON8805]
Oracle RAC 12c Best Practices Sanger OOW13 [CON8805]Markus Michalewicz
 
Oracle RAC and Your Way to the Cloud by Angelo Pruscino
Oracle RAC and Your Way to the Cloud by Angelo PruscinoOracle RAC and Your Way to the Cloud by Angelo Pruscino
Oracle RAC and Your Way to the Cloud by Angelo PruscinoMarkus Michalewicz
 
The Oracle RAC Family of Solutions - Presentation
The Oracle RAC Family of Solutions - PresentationThe Oracle RAC Family of Solutions - Presentation
The Oracle RAC Family of Solutions - PresentationMarkus Michalewicz
 
Oracle RAC BP for Upgrade & More by Anil Nair and Markus Michalewicz
Oracle RAC BP for Upgrade & More by Anil Nair and Markus MichalewiczOracle RAC BP for Upgrade & More by Anil Nair and Markus Michalewicz
Oracle RAC BP for Upgrade & More by Anil Nair and Markus MichalewiczMarkus Michalewicz
 
Understanding Oracle RAC 12c Internals OOW13 [CON8806]
Understanding Oracle RAC 12c Internals OOW13 [CON8806]Understanding Oracle RAC 12c Internals OOW13 [CON8806]
Understanding Oracle RAC 12c Internals OOW13 [CON8806]Markus Michalewicz
 
Oracle RAC 12c Rel. 2 Under the Hood and Best Practices
Oracle RAC 12c Rel. 2 Under the Hood and Best PracticesOracle RAC 12c Rel. 2 Under the Hood and Best Practices
Oracle RAC 12c Rel. 2 Under the Hood and Best PracticesMarkus Michalewicz
 
Expert performance tuning tips for Oracle RAC
Expert performance tuning tips for Oracle RACExpert performance tuning tips for Oracle RAC
Expert performance tuning tips for Oracle RACSolarWinds
 
Anil nair rac_internals_sangam_2016
Anil nair rac_internals_sangam_2016Anil nair rac_internals_sangam_2016
Anil nair rac_internals_sangam_2016Anil Nair
 
Overview of query evaluation
Overview of query evaluationOverview of query evaluation
Overview of query evaluationavniS
 
Oracle database performance tuning
Oracle database performance tuningOracle database performance tuning
Oracle database performance tuningYogiji Creations
 

Mais conteúdo relacionado

Mais procurados

Oracle Multitenant meets Oracle RAC - IOUG 2014 Version
Oracle Multitenant meets Oracle RAC - IOUG 2014 VersionOracle Multitenant meets Oracle RAC - IOUG 2014 Version
Oracle Multitenant meets Oracle RAC - IOUG 2014 VersionMarkus Michalewicz
 
Oracle RAC 12c Collaborate Best Practices - IOUG 2014 version
Oracle RAC 12c Collaborate Best Practices - IOUG 2014 versionOracle RAC 12c Collaborate Best Practices - IOUG 2014 version
Oracle RAC 12c Collaborate Best Practices - IOUG 2014 versionMarkus Michalewicz
 
Cluster Health Advisor (CHA) Deep Dive by Mark Scardina
Cluster Health Advisor (CHA) Deep Dive by Mark ScardinaCluster Health Advisor (CHA) Deep Dive by Mark Scardina
Cluster Health Advisor (CHA) Deep Dive by Mark ScardinaMarkus Michalewicz
 
Oracle RAC One Node 12c Overview
Oracle RAC One Node 12c OverviewOracle RAC One Node 12c Overview
Oracle RAC One Node 12c OverviewMarkus Michalewicz
 
Oracle RAC 12c Rel. 2 for Continuous Availability
Oracle RAC 12c Rel. 2 for Continuous AvailabilityOracle RAC 12c Rel. 2 for Continuous Availability
Oracle RAC 12c Rel. 2 for Continuous AvailabilityMarkus Michalewicz
 
How to Use Oracle RAC in a Cloud? - A Support Question
How to Use Oracle RAC in a Cloud? - A Support QuestionHow to Use Oracle RAC in a Cloud? - A Support Question
How to Use Oracle RAC in a Cloud? - A Support QuestionMarkus Michalewicz
 
Oracle RAC 11g Release 2 Client Connections
Oracle RAC 11g Release 2 Client ConnectionsOracle RAC 11g Release 2 Client Connections
Oracle RAC 11g Release 2 Client ConnectionsMarkus Michalewicz
 
Oracle RAC Internals - The Cache Fusion Edition
Oracle RAC Internals - The Cache Fusion EditionOracle RAC Internals - The Cache Fusion Edition
Oracle RAC Internals - The Cache Fusion EditionMarkus Michalewicz
 
Oracle RAC - Customer Proven Scalability
Oracle RAC - Customer Proven ScalabilityOracle RAC - Customer Proven Scalability
Oracle RAC - Customer Proven ScalabilityMarkus Michalewicz
 
Understanding oracle rac internals part 1 - slides
Understanding oracle rac internals part 1 - slidesUnderstanding oracle rac internals part 1 - slides
Understanding oracle rac internals part 1 - slidesMohamed Farouk
 
Why Upgrade to Oracle Database 12c?
Why Upgrade to Oracle Database 12c?Why Upgrade to Oracle Database 12c?
Why Upgrade to Oracle Database 12c?DLT Solutions
 
Oracle RAC 12c Best Practices Sanger OOW13 [CON8805]
Oracle RAC 12c Best Practices Sanger OOW13 [CON8805]Oracle RAC 12c Best Practices Sanger OOW13 [CON8805]
Oracle RAC 12c Best Practices Sanger OOW13 [CON8805]Markus Michalewicz
 
Oracle RAC and Your Way to the Cloud by Angelo Pruscino
Oracle RAC and Your Way to the Cloud by Angelo PruscinoOracle RAC and Your Way to the Cloud by Angelo Pruscino
Oracle RAC and Your Way to the Cloud by Angelo PruscinoMarkus Michalewicz
 
The Oracle RAC Family of Solutions - Presentation
The Oracle RAC Family of Solutions - PresentationThe Oracle RAC Family of Solutions - Presentation
The Oracle RAC Family of Solutions - PresentationMarkus Michalewicz
 
Oracle RAC BP for Upgrade & More by Anil Nair and Markus Michalewicz
Oracle RAC BP for Upgrade & More by Anil Nair and Markus MichalewiczOracle RAC BP for Upgrade & More by Anil Nair and Markus Michalewicz
Oracle RAC BP for Upgrade & More by Anil Nair and Markus MichalewiczMarkus Michalewicz
 
Understanding Oracle RAC 12c Internals OOW13 [CON8806]
Understanding Oracle RAC 12c Internals OOW13 [CON8806]Understanding Oracle RAC 12c Internals OOW13 [CON8806]
Understanding Oracle RAC 12c Internals OOW13 [CON8806]Markus Michalewicz
 
Oracle RAC 12c Rel. 2 Under the Hood and Best Practices
Oracle RAC 12c Rel. 2 Under the Hood and Best PracticesOracle RAC 12c Rel. 2 Under the Hood and Best Practices
Oracle RAC 12c Rel. 2 Under the Hood and Best PracticesMarkus Michalewicz
 
Expert performance tuning tips for Oracle RAC
Expert performance tuning tips for Oracle RACExpert performance tuning tips for Oracle RAC
Expert performance tuning tips for Oracle RACSolarWinds
 
Anil nair rac_internals_sangam_2016
Anil nair rac_internals_sangam_2016Anil nair rac_internals_sangam_2016
Anil nair rac_internals_sangam_2016Anil Nair
 

Mais procurados (20)

Oracle Multitenant meets Oracle RAC - IOUG 2014 Version
Oracle Multitenant meets Oracle RAC - IOUG 2014 VersionOracle Multitenant meets Oracle RAC - IOUG 2014 Version
Oracle Multitenant meets Oracle RAC - IOUG 2014 Version
 
Oracle RAC 12c Collaborate Best Practices - IOUG 2014 version
Oracle RAC 12c Collaborate Best Practices - IOUG 2014 versionOracle RAC 12c Collaborate Best Practices - IOUG 2014 version
Oracle RAC 12c Collaborate Best Practices - IOUG 2014 version
 
Cluster Health Advisor (CHA) Deep Dive by Mark Scardina
Cluster Health Advisor (CHA) Deep Dive by Mark ScardinaCluster Health Advisor (CHA) Deep Dive by Mark Scardina
Cluster Health Advisor (CHA) Deep Dive by Mark Scardina
 
Oracle RAC One Node 12c Overview
Oracle RAC One Node 12c OverviewOracle RAC One Node 12c Overview
Oracle RAC One Node 12c Overview
 
Oracle RAC 12c Rel. 2 for Continuous Availability
Oracle RAC 12c Rel. 2 for Continuous AvailabilityOracle RAC 12c Rel. 2 for Continuous Availability
Oracle RAC 12c Rel. 2 for Continuous Availability
 
How to Use Oracle RAC in a Cloud? - A Support Question
How to Use Oracle RAC in a Cloud? - A Support QuestionHow to Use Oracle RAC in a Cloud? - A Support Question
How to Use Oracle RAC in a Cloud? - A Support Question
 
Oracle RAC 12c Overview
Oracle RAC 12c OverviewOracle RAC 12c Overview
Oracle RAC 12c Overview
 
Oracle RAC 11g Release 2 Client Connections
Oracle RAC 11g Release 2 Client ConnectionsOracle RAC 11g Release 2 Client Connections
Oracle RAC 11g Release 2 Client Connections
 
Oracle RAC Internals - The Cache Fusion Edition
Oracle RAC Internals - The Cache Fusion EditionOracle RAC Internals - The Cache Fusion Edition
Oracle RAC Internals - The Cache Fusion Edition
 
Oracle RAC - Customer Proven Scalability
Oracle RAC - Customer Proven ScalabilityOracle RAC - Customer Proven Scalability
Oracle RAC - Customer Proven Scalability
 
Understanding oracle rac internals part 1 - slides
Understanding oracle rac internals part 1 - slidesUnderstanding oracle rac internals part 1 - slides
Understanding oracle rac internals part 1 - slides
 
Why Upgrade to Oracle Database 12c?
Why Upgrade to Oracle Database 12c?Why Upgrade to Oracle Database 12c?
Why Upgrade to Oracle Database 12c?
 
Oracle RAC 12c Best Practices Sanger OOW13 [CON8805]
Oracle RAC 12c Best Practices Sanger OOW13 [CON8805]Oracle RAC 12c Best Practices Sanger OOW13 [CON8805]
Oracle RAC 12c Best Practices Sanger OOW13 [CON8805]
 
Oracle RAC and Your Way to the Cloud by Angelo Pruscino
Oracle RAC and Your Way to the Cloud by Angelo PruscinoOracle RAC and Your Way to the Cloud by Angelo Pruscino
Oracle RAC and Your Way to the Cloud by Angelo Pruscino
 
The Oracle RAC Family of Solutions - Presentation
The Oracle RAC Family of Solutions - PresentationThe Oracle RAC Family of Solutions - Presentation
The Oracle RAC Family of Solutions - Presentation
 
Oracle RAC BP for Upgrade & More by Anil Nair and Markus Michalewicz
Oracle RAC BP for Upgrade & More by Anil Nair and Markus MichalewiczOracle RAC BP for Upgrade & More by Anil Nair and Markus Michalewicz
Oracle RAC BP for Upgrade & More by Anil Nair and Markus Michalewicz
 
Understanding Oracle RAC 12c Internals OOW13 [CON8806]
Understanding Oracle RAC 12c Internals OOW13 [CON8806]Understanding Oracle RAC 12c Internals OOW13 [CON8806]
Understanding Oracle RAC 12c Internals OOW13 [CON8806]
 
Oracle RAC 12c Rel. 2 Under the Hood and Best Practices
Oracle RAC 12c Rel. 2 Under the Hood and Best PracticesOracle RAC 12c Rel. 2 Under the Hood and Best Practices
Oracle RAC 12c Rel. 2 Under the Hood and Best Practices
 
Expert performance tuning tips for Oracle RAC
Expert performance tuning tips for Oracle RACExpert performance tuning tips for Oracle RAC
Expert performance tuning tips for Oracle RAC
 
Anil nair rac_internals_sangam_2016
Anil nair rac_internals_sangam_2016Anil nair rac_internals_sangam_2016
Anil nair rac_internals_sangam_2016
 

Semelhante a Harvard University database

Overview of query evaluation
Overview of query evaluationOverview of query evaluation
Overview of query evaluationavniS
 
Oracle database performance tuning
Oracle database performance tuningOracle database performance tuning
Oracle database performance tuningYogiji Creations
 
Web Cloud Computing SQL Server - Ferrara University
Web Cloud Computing SQL Server - Ferrara UniversityWeb Cloud Computing SQL Server - Ferrara University
Web Cloud Computing SQL Server - Ferrara Universityantimo musone
 
Relational Database Management System
Relational Database Management SystemRelational Database Management System
Relational Database Management Systemsweetysweety8
 
Getting optimal performance from oracle e-business suite presentation
Getting optimal performance from oracle e-business suite presentationGetting optimal performance from oracle e-business suite presentation
Getting optimal performance from oracle e-business suite presentationBerry Clemens
 
Data base testing
Data base testingData base testing
Data base testingBugRaptors
 
SQL Server 2008 Development for Programmers
SQL Server 2008 Development for ProgrammersSQL Server 2008 Development for Programmers
SQL Server 2008 Development for ProgrammersAdam Hutson
 
Tony Jambu (obscure) tools of the trade for tuning oracle sq ls
Tony Jambu (obscure) tools of the trade for tuning oracle sq lsTony Jambu (obscure) tools of the trade for tuning oracle sq ls
Tony Jambu (obscure) tools of the trade for tuning oracle sq lsInSync Conference
 
Step-by-Step: APEX Installation on Tomcat (Windows Server 2016)
Step-by-Step: APEX Installation on Tomcat (Windows Server 2016)Step-by-Step: APEX Installation on Tomcat (Windows Server 2016)
Step-by-Step: APEX Installation on Tomcat (Windows Server 2016)sheriframadan18
 
Chapter 3.pptx Oracle SQL or local Android database setup SQL, SQL-Lite, codi...
Chapter 3.pptx Oracle SQL or local Android database setup SQL, SQL-Lite, codi...Chapter 3.pptx Oracle SQL or local Android database setup SQL, SQL-Lite, codi...
Chapter 3.pptx Oracle SQL or local Android database setup SQL, SQL-Lite, codi...TAISEEREISA
 
Explain the explain_plan
Explain the explain_planExplain the explain_plan
Explain the explain_planMaria Colgan
 
Oracle RI ETL process overview.
Oracle RI ETL process overview.Oracle RI ETL process overview.
Oracle RI ETL process overview.Puneet Kala
 
Satyapriya rajguru oracle app test
Satyapriya rajguru oracle app testSatyapriya rajguru oracle app test
Satyapriya rajguru oracle app testSatyapriya Rajguru
 
Performance Testing in Oracle Apps
Performance Testing in Oracle AppsPerformance Testing in Oracle Apps
Performance Testing in Oracle AppsBiswajit Pratihari
 
Towards sql for streams
Towards sql for streamsTowards sql for streams
Towards sql for streamsRadu Tudoran
 

Semelhante a Harvard University database (20)

Overview of query evaluation
Overview of query evaluationOverview of query evaluation
Overview of query evaluation
 
Oracle database performance tuning
Oracle database performance tuningOracle database performance tuning
Oracle database performance tuning
 
Web Cloud Computing SQL Server - Ferrara University
Web Cloud Computing SQL Server - Ferrara UniversityWeb Cloud Computing SQL Server - Ferrara University
Web Cloud Computing SQL Server - Ferrara University
 
Relational Database Management System
Relational Database Management SystemRelational Database Management System
Relational Database Management System
 
Sql lite android
Sql lite androidSql lite android
Sql lite android
 
Getting optimal performance from oracle e-business suite presentation
Getting optimal performance from oracle e-business suite presentationGetting optimal performance from oracle e-business suite presentation
Getting optimal performance from oracle e-business suite presentation
 
Using AWR for SQL Analysis
Using AWR for SQL AnalysisUsing AWR for SQL Analysis
Using AWR for SQL Analysis
 
Data base testing
Data base testingData base testing
Data base testing
 
SQL Server 2008 Development for Programmers
SQL Server 2008 Development for ProgrammersSQL Server 2008 Development for Programmers
SQL Server 2008 Development for Programmers
 
Tony Jambu (obscure) tools of the trade for tuning oracle sq ls
Tony Jambu (obscure) tools of the trade for tuning oracle sq lsTony Jambu (obscure) tools of the trade for tuning oracle sq ls
Tony Jambu (obscure) tools of the trade for tuning oracle sq ls
 
Step-by-Step: APEX Installation on Tomcat (Windows Server 2016)
Step-by-Step: APEX Installation on Tomcat (Windows Server 2016)Step-by-Step: APEX Installation on Tomcat (Windows Server 2016)
Step-by-Step: APEX Installation on Tomcat (Windows Server 2016)
 
Chapter 3.pptx Oracle SQL or local Android database setup SQL, SQL-Lite, codi...
Chapter 3.pptx Oracle SQL or local Android database setup SQL, SQL-Lite, codi...Chapter 3.pptx Oracle SQL or local Android database setup SQL, SQL-Lite, codi...
Chapter 3.pptx Oracle SQL or local Android database setup SQL, SQL-Lite, codi...
 
Mark C Clayton
Mark C ClaytonMark C Clayton
Mark C Clayton
 
Oracle Intro.ppt
Oracle Intro.pptOracle Intro.ppt
Oracle Intro.ppt
 
Troubleshooting sql server
Troubleshooting sql serverTroubleshooting sql server
Troubleshooting sql server
 
Explain the explain_plan
Explain the explain_planExplain the explain_plan
Explain the explain_plan
 
Oracle RI ETL process overview.
Oracle RI ETL process overview.Oracle RI ETL process overview.
Oracle RI ETL process overview.
 
Satyapriya rajguru oracle app test
Satyapriya rajguru oracle app testSatyapriya rajguru oracle app test
Satyapriya rajguru oracle app test
 
Performance Testing in Oracle Apps
Performance Testing in Oracle AppsPerformance Testing in Oracle Apps
Performance Testing in Oracle Apps
 
Towards sql for streams
Towards sql for streamsTowards sql for streams
Towards sql for streams
 

Mais de Md.Mojibul Hoque

Value chain and SWOT analysis
Value chain and SWOT analysisValue chain and SWOT analysis
Value chain and SWOT analysisMd.Mojibul Hoque
 
University Student Payment System ( USPS )
University Student Payment System ( USPS )University Student Payment System ( USPS )
University Student Payment System ( USPS )Md.Mojibul Hoque
 
Software design principles
Software design principlesSoftware design principles
Software design principlesMd.Mojibul Hoque
 

Mais de Md.Mojibul Hoque (11)

Facebook Marketing
Facebook Marketing Facebook Marketing
Facebook Marketing
 
Surela
SurelaSurela
Surela
 
Business level strategy
Business level strategyBusiness level strategy
Business level strategy
 
Establishing objectives
Establishing objectivesEstablishing objectives
Establishing objectives
 
Value chain and SWOT analysis
Value chain and SWOT analysisValue chain and SWOT analysis
Value chain and SWOT analysis
 
Ms sql-server
Ms sql-serverMs sql-server
Ms sql-server
 
University Student Payment System ( USPS )
University Student Payment System ( USPS )University Student Payment System ( USPS )
University Student Payment System ( USPS )
 
Code smells and remedies
Code smells and remediesCode smells and remedies
Code smells and remedies
 
Software design principles
Software design principlesSoftware design principles
Software design principles
 
Writing a research report
Writing a research reportWriting a research report
Writing a research report
 
Dynamic programming
Dynamic programmingDynamic programming
Dynamic programming
 

Último

Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...EduSkills OECD
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)eniolaolutunde
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhikauryashika82
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeThiyagu K
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfsanyamsingh5019
 
Student login on Anyboli platform.helpin
Student login on Anyboli platform.helpinStudent login on Anyboli platform.helpin
Student login on Anyboli platform.helpinRaunakKeshri1
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxiammrhaywood
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Celine George
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphThiyagu K
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfAdmir Softic
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingTechSoup
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationnomboosow
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactPECB
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3JemimahLaneBuaron
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13Steve Thomason
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...christianmathematics
 

Último (20)

Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
 
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and Mode
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdf
 
Student login on Anyboli platform.helpin
Student login on Anyboli platform.helpinStudent login on Anyboli platform.helpin
Student login on Anyboli platform.helpin
 
Advance Mobile Application Development class 07
Advance Mobile Application Development class 07Advance Mobile Application Development class 07
Advance Mobile Application Development class 07
 
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptxINDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot Graph
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdf
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communication
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
 

Harvard University database

  • 1. Harvard University Oracle Database Administration Session 13 Performance and Security
  • 2. Harvard University Performance  Wholistic view  System level  Database level  Application level
  • 3. Harvard University Performance Tuning  Trade-offs Between Response Time and Throughput  OLTP applications define performance in terms of throughput  Decision Support Systems define performance in terms of response time  Response time = service time + wait time
  • 5. Harvard University SQL Syntax  The syntax for the SELECT statement is: – SELECT columns FROM tables WHERE predicates;  From http://www.techonthenet.com/sql/select.php  Good Information source for basic SQL statements
  • 6. Harvard University Parser  The parser performs two functions: – Syntax analysis: This checks SQL statements for correct syntax – Semantic analysis: Checks that the current database objects and object attributes are correct
  • 7. Harvard University Optimizer  The optimizer is the heart of the SQL processing engine. The Oracle server provides one method of optimization: cost- based optimizer (CBO).  Default CBO – all_rows
  • 8. Harvard University Row Source Generator  The row source generator receives the optimal plan from the optimizer  It outputs the execution plan for the SQL statement  A set of rows returned by an execution step is called a row source  The execution plan is a collection of row sources, structured in the form of a tree
  • 9. Harvard University Row Source Generator  A row source is an iterative control structure  It processes a set of rows, one row at a time, in an iterative manner. A row source produces a data set.
  • 10. Harvard University SQL Execution  The combination of steps required to execute a statement is called an execution plan  An execution plan includes an access method for each table that the statement accesses and an ordering of the tables(the join order), if required.
  • 11. Harvard University SQL Execution  To perform a full table scan, Oracle reads all rows in the table, examining each row to determine whether it satisfies the statement’s WHERE clause
  • 12. Harvard University SQL Execution  SQL execution is the component that operates on the execution plan associated with a SQL statement  It then produces the results of the query.  The optimizer determines the most efficient way to execute a SQL statement
  • 13. Harvard University SQL Execution  To execute a DML statement, Oracle may need to perform many steps.  Each of these steps either retrieves rows of data physically from the database or prepares them in some way for use in the next step
  • 14. Harvard University Explain Plan  The EXPLAIN PLAN statement displays execution plans chosen by the Oracle optimizer for SELECT, UPDATE, INSERT, and DELETE statements  A SQL statement’s plan is the sequence of operations Oracle performs to execute the statement
  • 15. Harvard University Explain Plan  The components of execution plans include: – An ordering of the tables referenced by the statement. – An access method for each table mentioned in the statement. – A join method for tables affected by join operations in the statement.
  • 16. Harvard University Explain Plan  EXPLAIN PLAN output shows how Oracle executes SQL statements  The EXPLAIN PLAN results cannot differentiate between well-tuned statements and those that are poorly performed  If the EXPLAIN PLAN output shows that a statement uses an index, this does not mean the statement runs efficiently
  • 17. Harvard University Explain Plan  Sometimes using indexes can be extremely inefficient  It is best to use EXPLAIN PLAN to determine an access plan, and later prove that it is the optimal plan through testing  When evaluating a plan, always examine the statement’s actual resource consumption
  • 18. Harvard University Explain Plan  Use the SQL trace facility and TKPROF to examine individual SQL statement performance (relative cost)  Before issuing an EXPLAIN PLAN statement, create a table to hold its output  Run the SQL script UTLXPLAN.SQL to create a sample output table called PLAN_TABLE in your schema
  • 19. Harvard University Explain Plan  The UTLXPLAN.SQL is located under $ORACLE_HOME/rdbms/admin  PLAN_TABLE is the default table into which the EXPLAIN PLAN statement inserts rows describing execution plans
  • 20. Harvard University Explain Plan  EXPLAIN PLAN SET STATEMENT_ID = ‘1’ INTO plan_table FOR <select * from v$datatbase>;  EXPLAIN PLAN SET STATEMENT_ID = ‘value’ INTO plan_table FOR <sql_statement>;
  • 21. Harvard University Explain Plan  Display the most recent plan table output using the following scripts: – UTLXPLS.SQL - Shows plan table output for serial processing – UTLXPLP.SQL - Shows plan table output with parallel execution columns http://www.dbspecialists.com/presentations.html#explain_a
  • 22. Harvard University Autotrace  SET AUTOTRACE ON EXPLAIN STATISTICS  SET AUTOTRACE OFF
  • 23. Harvard University System Statistics  The gathered systems statistics are: – single block readtime in ms – multiblock readtime in ms – cpu speed in mhz – average multiblock_read_count in number of blocks
  • 24. Harvard University System Statistics  http://www.oracle.com/technology/pub/articles /lewis_cbo.html  http://www.oracle.com/technology/pub/articles /tech_dba.html
  • 28. Harvard University Security Readiness  Security Framework  Defines steps  Repeatable  Verifiable  Business ‘requirements’ focused  http://iase.disa.mil/stigs/SRR/index.html
  • 29. Harvard University Security Readiness  Regulations – Sarbanes-Oxley (SOX) – Gramm-Leach-Bliley (GLBA) – Health Insurance Portability and Accountability (HIPAA) – Payment Card Industry Data Security (PCI) – Federal Information Security Management (FISMA)
  • 30. Harvard University Security Readiness  Secure the Network  Monitor the Network  Access Control Methods – Who – What  Audit Access and Data – Who – When – What
  • 31. Harvard University Security Readiness  Encrypt specific data – SSN # – Credit Card #  Document Procedures
  • 32. Harvard University Security Patches  Released 4 times a year – January – April – July – October  The single most significant step to take to protect your databases
  • 33. Harvard University Security Patches  Ensure that you are using current product versions  Apply the appropriate Mandatory patches  Stay current with Security patches for the ‘environment’  Database and Application Server patches are cumulative  Application Products are not cumulative
  • 34. Harvard University Init.ora parameters  Sql92_security = true – User must have ‘select’ on a table to be able to run ‘update’ or ‘delete’ statements  07_dictionary_accesssibility = false
  • 35. Harvard University Accounts  Default Accounts and default passwords – 700+ accounts depending on what products are installed – 3rd party products  User profiles – Complex passwords – Script utlpwdmg.sql – /u01/app/oracle/product/ {ORACLE_HOME}/rdbms/admin
  • 36. Harvard University Accounts  This script sets the default password resource parameters  This script needs to be run to enable the password features.  However the default resource parameters can be changed based on the need.  A default password complexity function is also provided.  This function makes the minimum complexity checks like the minimum length of the password, password not same as the username, etc. The user may enhance this function according to the need.
  • 37. Harvard University Passwords  The default password list – http://www.petefinnigan.com/default/default_pass word_list.htm  More password information – http://www.databasejournal.com/features/oracle/ article.php/3395721
  • 38. Harvard University SSL  Secure Socket Layer  Certificates  Prevent attacks from the ‘side’  Network sniffing  Virtual Private Network (VPN) tunnel  Virtual Private
  • 39. Harvard University Listener  From 10g onwards no specific ‘listener’ password required  Only the owner of the tnslsnr process can run ‘listener’ command  The ‘listener.ora’ file should be write protected  http://andrewfraser.wordpress.com/2007/05/24/listen
  • 40. Harvard University Transparent Data Encryption  Transparent data encryption is a key-based access control system  Must be decrypted by a key to be understood  The key is stored in an Oracle Wallet  In 10g, columns in tables can be encrypted  In 11g, tablespaces and/or columns can be encrypted
  • 41. Harvard University Transparent Data Encryption  http://www.oracle.com/technology/deploy/secu rity/database-security/transparent-data- encryption/tde_faq.html  http://www.databasejournal.com/features/orac le/article.php/3649956
  • 42. Harvard University SQL Injection  It is a method of inserting SQL commands as if they were user input  An attacker can append data and commands to an existing sql query  Usually occurs at the URL  The username and password screens are the most vulnerable as they are the ‘front door’ to your application
  • 43. Harvard University Buffer Overflow  An application has an array (buffer) setup to hold data.  Usually with languages C and C++  The array may not have specific boundaries setup  If identified, a hacker can write data to this buffer, overrun the array boundary and replace other data values stored in memory
  • 44. Harvard University Buffer Overflow  Overflow is the process of writing to adjacent buffers  http://www.windowsecurity.com/articles/Analy sis_of_Buffer_Overflow_Attacks.html
  • 45. Harvard University Auditing  Enable auditing at the DB level by issuing the below listed command  ALTER SYSTEM SET audit_trail=db SCOPE=SPFILE; (if spfile in use)  Add the following to the startup script  EXECUTE dbms_workload_repository.create_snapshot()  audit connect;
  • 46. Harvard University Auditing  Audit data is stored in the aud$ table in the ‘system’ tablespace  Purge the data in the AUD$ table periodically or make sure that there is adequate space in “SYSTEM” tablespace.  Recycle the environment to enable auditing
  • 47. Harvard University Auditing  Data collected – Login/logout – Source IP – Programs used to connect from  Describe aud$ for more information
  • 48. Harvard University Advanced Security Option (ASO)  Encrypted sql*net  Used to secure direct connections to the database.  Can encrypt data moving in both directions  Needs client side setup – Sql*net.ora – SQLNET.CRYPTO_SEED = (some value)  SQLNET.ENCRYPTION_TYPES_SERVER  SQLNET.ENCRYPTION_TYPES_CLIENT
  • 50. Harvard University Forensics  If some one gets into your database, what did that do. – What did they look at – What did they change – Did they extract any data  http://www.ngssoftware.com/  http://www.ngssoftware.com/company- news/oracle-forensics-a-new-series-of- papers-by-david-litchfield/
  • 51. Harvard University Recap  Design performance into the database setup and configuration  Have a security and performance mind set  Understand your application and make decisions based on that understanding  No absolutes  Be willing to change course
  • 52. Harvard University Reading  Oracle Performance Tuning, Oracle Press – Richard J.Niemiec  Oracle 10g and 11g Security Guide  Practical Oracle Security (e-book) – http://www.syngress.com/catalog/?pid=4620  Other Sources – http://infosecurity.us/ – http://www.ngssoftware.com/