In this post I will show you how to setting up environment high availability without the option Oracle RAC.
Oracle Fail Safe is available only for Windows, for Unix / Linux would need third party software Cluster to do the Failover.
Good News From Oracle:
Oracle Clusterware provides cluster membership and high availability services. It provides the cluster membership for features such as Oracle Real Application Clusters and Oracle ASM. It includes the following features:
- Application monitoring, restart, and failover
- Cluster membership services
- Server monitoring and fencing
- Single Client Access Name (SCAN)
- Server Pools
- Grid Naming Services
Oracle Clusterware can be used to protect any application (restarting or failing over the application in the event of a failure), free of charge, if one or more of the following conditions are met:
- The server OS is supported by a valid Oracle Unbreakable Linux support contract.
- The product to be protected is either:
- Any Oracle product (e.g. Oracle Applications, Siebel, Hyperion, Oracle Database EE, Oracle Database XE)
- Any third-party product that directly or indirectly stores data in an Oracle database
- At least one of the servers in the cluster is licensed for Oracle Database (SE or EE)
A cluster is defined to include all the machines that share the same Oracle Cluster Registry (OCR) and Voting Disk.
See step by step here using clusterware 11.1, we can improvise this setup to 11.2 using SCAN feature which is more easy.
Recently we discovered a possible vulnerability on SCAN Listener, so we opened SR and Oracle give us a solution.
I recommend all apply this security. “As far as I know only the availability can be affected, none concern about data integrity” .
Thread: How prevent REMOTE LISTENER register on SCAN LISTENER
Oracle Security Alert for CVE-2012-1675
This security alert addresses the security issue CVE-2012-1675, a vulnerability in the TNS listener which has been recently disclosed as “TNS Listener Poison Attack” affecting the Oracle Database Server. This vulnerability may be remotely exploitable without authentication, i.e. it may be exploited over a network without the need for a username and password. A remote user can exploit this vulnerability to impact the confidentiality, integrity and availability of systems that do not have recommended solution applied.
Affected Products and Versions
Oracle Database 11g Release 2, versions 126.96.36.199, 188.8.131.52
Oracle Database 11g Release 1, version 184.108.40.206
Oracle Database 10g Release 2, versions 10.2.0.3, 10.2.0.4, 10.2.0.5
Recommendations for protecting against this vulnerability can be found at:
- My Oracle Support Note 1340831.1 for Oracle Database deployments that use Oracle Real Application Clusters (RAC).
- My Oracle Support Note 1453883.1 for Oracle Database deployments that do not use RAC.
Please note that Oracle has added Oracle Advanced Security SSL/TLS to the Oracle Database Standard Edition license when used with the Real Application Clusters and Oracle has added Oracle Advanced Security SSL/TLS to the Enterprise Edition Real Application Clusters (Oracle RAC) and RAC One Node options so that the directions provided in the Support Notes referenced above can be applied by all Oracle customers without additional cost.
Note: Please refer to the Oracle licensing documentation available on Oracle.com regarding licensing changes that allow Oracle Advanced Security SSL/TLS to be used with Oracle SE Oracle Real Application Clusters and Oracle Enterprise Edition Real Application Customers (Oracle RAC) and Oracle RAC OneNode Options.
Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply this Security Alert solution as soon as possible.
RACcheck is a tool developed by the RAC Assurance development team for use by customers to automate the assessment of RAC systems for known configuration problems and best practices.
RACcheck is a RAC Configuration Audit tool designed to audit various important configuration settings within a Real Application Clusters (RAC), Oracle Clusterware (CRS), Automatic Storage Management (ASM) and Grid Infrastructure environment. The tool audits configuration settings within the following categories:
- OS kernel parameters
- OS packages
- Many other OS configuration settings important to RAC.
- CRS/Grid Infrastructure
- Database parameters
- Many other database configuration settings important to RAC.
1. RACcheck is NON-INTRUSIVE and does not change anything in the environment, except as detailed below:
– SSH user equivalence for the RDBMS software owner is assumed to be configured among all the database servers being audited in order for it to execute commands on the remote database server nodes. If the tool determines that this user equivalence is not established it will offer to set it up either temporarily or permanently at the option of the user. If the user chooses to set up SSH user equivalence temporarily then the script will do so for the duration of the execution of the tool but then it will return the system to the state in which it found SSH user equivalence originally. For those wishing to configure SSH user equivalence outside the tool (if not already configured), consult My Oracle Support Note: 372795.1.
– RACcheck creates a number of small output files into which the data necessary to perform the assessment is collected
– RACcheck creates and executes some scripts dynamically in order to accomplish some of the data collection
– RACcheck cleans up after itself any temporary files that are created and not needed as part of the collection.
2. RACcheck interrogates the system to determine the status of the Oracle stack components (ie., Grid Infrastructure, RDBMS, RAC, etc) and whether they are installed and/or running. Depending upon the status of each component, the tool runs the appropriate collections and audit checks. If due to local environmental configuration the tool is unable to properly determine the needed environmental information please refer to the TROUBLESHOOTING section.
3. Watchdog daemon – RACcheck automatically runs a daemon in the background to monitor command execution progress. If, for any reason, one of the commands run by the tool should hang or take longer than anticipated, the monitor daemon kills the hung command after a configurable timeout so that main tool execution can progress. If that happens then the collection or command that was hung is skipped and a notation is made in the log. If the default timeout is too short please see the TROUBLESHOOTING section regarding adjustment of the RAT_TIMEOUT, and RAT_ROOT_TIMEOUT parameters.
4. If RACcheck’s driver files are older than 90 days, the driver files are considered to be “stale” and the script will notify the user of a stale driver file. A new version of the tool and its driver files (kit) must be obtained from MOS Note 1268927.1.
5. When the RACcheck completes the collection and analysis it produces two reports, summary and detailed. A output .zip file is also produced by RACcheck. This output .zip file can be provided to Oracle Support for further analysis if an SR needs to be logged. The detailed report will contain Benefit/Impact, Risk and Action/Repair information. In many cases it will also reference publicly available documents with additional information about the problem and how to resolve it.
6. The results of the audit checks can be optionally uploaded into database tables for reporting purposes. See below for more details on this subject.
7. In some cases customers may want to stage RACcheck on a shared filesystem so that it can be accessed from various systems but be maintained in a single location rather than being copied to each cluster on which it may be used. The default behavior of the tool is to create a subdirectory and its output files in the location where the tool is staged. If that staging area is a read only filesystem or if the user for any reason would like the output to be created elsewhere then there is an environment variable which can be used for that purpose. The RAT_OUTPUT parameter can be set to any valid writable location and the output will be created there.
Oracle Server – Enterprise Edition – Version: 10.2.0.1 to 220.127.116.11 – Release: 10.2 to 11.2
- Linux x86
- IBM AIX on POWER Systems (64-bit)
- Oracle Solaris on SPARC (64-bit)
- Linux x86-64
To download RAC Check tool use this note on MoS:
RACcheck – RAC Configuration Audit Tool [ID 1268927.1]
Example of report output:
This paper demonstrates the performance benefits that IBM® Easy Tier™ provides by seamlessly migrating hot extents from hard disk drives (HDDs) to a higher performing solid-state drives within theIBM Storwize V7000 solution.
This might be either to internal solid-state drives in the IBM Storwize V7000or to external storage systems that are virtualized by IBM Storwize V7000.
The other load generator tool that has been used here is Oracle Vdbench. The objective of Vdbench is togenerate a wide variety of controlled storage I/O workloads, allowing control over workload parameterssuch as I/O rate, logical unit number (LUN) or file sizes, transfer sizes, thread count, volume count,volume skew, read/write ratios, read and write cache hit percentages, and random or sequentialworkloads.
The other load generator used to arrive at the configuration guidelines is the Oracle I/O Calibration ToolORION) calibration tool.
This tool generates I/O using the same I/O software stack used by the Oracle server software without having to install the server software and create a database. It can simulatevarious workload types at different load levels to arrive at performance metrics for input/output operationsper second (IOPS), and latency (response time). It can also simulate the effect of striping performed byAutomatic Storage management (ASM).
The intention of this paper is not to demonstrate the maximum possible I/O benchmark or performancenumber for the IBM Storwize V7000. Those benchmark and performance numbers are likely to be shownin the Storage Performance Council SPC-1 and SPC-2 results posted by IBM on the SPC website. Thispaper demonstrates how to configure Easy Tier, and explains how Easy Tier might benefit theperformance for an Oracle database workload by optimizing the utilization of solid-state drives.
See link below…