Now I am OCP in Database Administration 11g

Its gives me immense pleasure to inform you that now I am Oracle Certified Professional in Database Administration 11g.
I am also issued the OPN Certified Specialist certificate along with this.

I have successfully upgraded my OCP 10g in DBA to OCP 11g DBA. I had appeared for the bridge paper 1Z0-050 (Oracle Database 11g: New Features for Administrators) and passed by securing 70% in the exam. The pass mark for paper 1Z0-050 is 61%. There were 77 questions which had to be answered in 105 minutes.

Exam topics in 1Z0-050 is depicted in following image

My success mantra for clearing the paper:
1) Undergone one 5 day course from Oracle University.
2) Referred Oracle-base website for latest and new features in 11g
3) Download the software from oracle software and practice the new features.
4) Join forums and visit blogs of Oracle Guru’s (shared in the right hand panel of my blog)
5) Attend OTN events to get to know the latest in Oracle Technologies.

I heartily thank my faculty at Oracle University and friends and family who had been instrumental in this.

Advertisement

 

User Authentication(Part 2/4): Strong Authentication

SOS to SSO !

Authentication methods can be classified as:

1. Something user know (password)
2. Something user is (biometric)
3. Something user have (smart card)

Strong user authentication is more than password authentication. It can be combination of any two of the above authentication type to gain high confidence on the user signed in to the centralized server. This server may also be SSO (Single Sign-on).

Strong authentication is supported by the following technologies:

1. Certificates, public key infrastructure (PKI).

a) Public Key Infrastructure (PKI) in oracle can be achieved through Oracle Wallet component which in turn can be managed using Oracle Wallet Manager. Oracle PKI (orapki) utility is a command-line utility given by oracle to manage certificates in Oracle.

b) Certificates are digital documents that provide proof of user identity. Certificates can be stored in Oracle in Oracle Wallet or Oracle Internet Directory.

2. RADIUS, token and smart cards:

a) RADIUS is Remote Authentication Dial-In User Service. Its a client/server security protocol that is widely used to enable remote authentication and access.

3. Kerberos:

Kerberos server needs to be installed and configured to use for authentication with Oracle Database.

Note: All strong authentication techniques requires Oracle Advanced Security (OAS).

I will soon add a demo on configuring Oracle Wallet Manager in this space.

 

User Authentication(Part 1/4): Create users in oracle and authenticate by OS

Password! Password! Password!

Today with so many accounts and passwords for each of those accounts. Password management has become the primary focus for any database management team. DBA are burdened with additional responsibility which can be minimized and done with reduced time and cost.

Oracle provides some really good features for authentication, which are as follows:

1. Basic Authentication:
a. Database user authenticated by password
b. Database user authenticated by OS.
2. Strong Authentication
3. Enterprise User Security
4. Proxy Authentication

This post is Part 1 of 4 in the series on User Authentication in Oracle.

DBA are most needed when the user accounts get locked due to incorrect login attempts. When the user is a privileged user then it becomes utmost important to safeguard them against this unplanned lockout and mitigate the possibility of unproductive business hours.
In large organizations you can imagine the number of calls received by helpdesk and support team for resetting the password and request for unlocking accounts.

We are all familiar with basic user authentication in oracle which is mostly by password.
Following screen shows the user “whizdba” created and authenticated by password.

Database user authenticated by password

This type of authentication is very common and used widely. The advantage with this type of authentication is that database user can be audited, each user has a schema associated to them. On the other side the disadvantage is that the user can connect to only database where the account is created. The user is bind to one database server and any time there is need for the user to connect to different server, location the account has to be migrated or new account has to be created.

Another type of basic authentication provided by oracle is authentication by OS. The steps for setting up the user for this type is:

Step 1: Set the parameter os_authent_prefix. The default parameter value is ops$
Step 2: Create database user ops$whizdba with ‘identified externally’
Step 3: Create os user whizdba on the server where database resides.
Step 4: Set environment variables for the whizdba user in .bash_profile file
Step 5: Test and Connect to the database using OS authentication.

I have tried to demonstrate the above step with an example user “whizdba” as shown below

Step 1: Setting the parameter “os_authent_prefix” to ops$. In my case its already set. You can set it to different value using ALTER SYSTEM command.

Step 1: Set parameter os_authent_prefix

Step 2: Create database user ops$whizdba with ‘identified externally’

Step 2: Create database user "whizdba" identified externally

Step 3: Create os user whizdba on the server where database resides.

Step 3: Create os user "whizdba" on the server where database resides.

Step 4: Set environment variables for the whizdba user in .bash_profile file. Basic variables which need to be set are ORACLE_BASE, ORACLE_HOME, ORACLE_SID and PATH to ORACLE bin directory.

Step 4: Set environment variable in .bash_profile file of whizdba

Step 5: Test and Connect to the database using OS authentication. Externally authenticated user connect to the database as : sqlplus / (as shown in the below screenshot)

Step 5: Test and Connect to database using OS Authentication

Authenticating oracle database user externally by OS can be used in situation where scripting and batch job is performed by a user heavily. The advantage and disadvantage of this user remains same as that of basic password protected database user. The security concern here is that anyone can connect to the database from remote machine by creating an OS user with the same name as the externally authenticated database user. Hence getting unintended access to the database server. 

This calls for the need for stronger authentication techniques which I would discuss in my next post: User Authentication(Part 2/4): Strong Authentication

 

Diary on OTN (Oracle Technology Network) – Developer Day Event

Diary on OTN (Oracle Technology Network) – Developer Day Event held on 14^th July2011, New Delhi

Today I happen to attend a OTN(Oracle Technology Network) – Developer Day Event. The event was held in Hotel Intercontinental Eros, New Delhi. It was one day event.

For those of who are not aware of OTN

What is OTN?

Oracle Technology Network is the world’s largest community of application developers, database admins, system admins/developers, and architects using industry-standard technologies in combination with Oracle products.

Millions of members collaborate online to share real-world expertise and best practices about how to best design, build, deploy, manage and optimize applications. OTN is also a provider of free developer workshops across the globe, as well as a sponsor of third-party conferences, user group meetings, and events.

How to register for the event?

OTN events happen round the year at different venues across the globe. All Oracle Certified Professional, who have registered at Oracle website (http://events.oracle.com) may receive the email invite at their email with which they have registered (Usually the SSO id)

The nomination/invite for this event is sent from Oracle. After the invite is received the candidate has to register for the event at Oracle website or the link mentioned in the mail. Oracle confirms the registration on the basis of the role of the Oracle Professional and seats available for the event.
On successful confirmation candidate should receive an email at their email id.

About the Event

The event kicked-off by filling up registration form and distribution of agenda followed by breakfast.

Session 1: Development with Oracle DB 11g R2 and Oracle DB 11g XE

This was the first session on latest version of oracle database – Oracle DB 11gR2 and Oracle DB 11g XE.

The session was very exhaustive and gave overview of new features of Oracle DB 11g version from the developer and architect perspective.

Session 2: Oracle SQL Developer 3.0

This session focused on the Oracle query tool – Oracle SQL Developer 3.0 and the new features added to it after version 2.1. It’s a free tool from Oracle with extensive features. It can be downloaded directly from the oracle website without paying any license fee.

Oracle SQL Developer 3.0 is shipped with Oracle DB 11g release.

Some salient features of Oracle SQL Developer 3.0 highlighted in the session were:
1. PLSQL Unit Tester
2. Extended Tuning support
3. DBA Navigator
4. DBMS Scheduler
5. Database Migration
6. Data Miner
7. Schema Browser
8. Query Builder

This session was followed by a well needed tea/coffee break.

Session 3: Oracle Enterprise Manager 11g Database Management Packs for Developers

This session focused on OEM new features in Oracle 11g for developers. The presenter was innovative and mixed the presentation with demo – showing the OEM interface wherever required. The salient features touched were:
1. Real Time PL/SQL Monitoring.
2. SQL Monitoring in real time.

This was followed by one hour lunch break.

Post-Lunch session focused mainly on APEX 4.0, PLSQL enhancement in Oracle Database 11g and Interpreting explain plan.

Session 4: Oracle Application Express 4.0

This session dealt with the Oracle Application Express version 4.0. Oracle Application Express is a database centric web application development tool. It’s a browser based development and deployment tool and supports web 2.0.

The presenter was principal product manager of APEX 4.0 at Oracle and was keen on giving demo of all the features of APEX 4.0. He highlighted features like

1. Websheets
2. Dynamic Actions
3. Plug-ins
4. Team Development
5. Improved charting including Gantts and Maps.
6. Enhanced Interactive Reports

Oracle Application Express 4.0 is shipped with Oracle DB 11g release.

Session 5: PLSQL enhancement in Oracle Database 11g

This session highlighted the new features in Oracle DB 11g for PLSQL perspective.

The features which were presented were:
1. SIMPLE_INTEGER
2. In-lining
3. SQL Query Result Cache – Hints
4. PLSQL Function Based Result Cache
5. Compound Triggers
6. Security Level in DBMS_SQL
7. Fine Grained Audit Control for UTL_TCP and its cousins – Access Control Lists
8. Regexp_Count
9. Creating Disabled Trigger
10. Firing Order of Trigger
11. WHEN OTHERS THEN NULL – PLSQL Warning
12. Sequence.nextval can directly be assigned to a variable in 11g
13. CONTINUE statement
14. Named notation in SQL select is possible in 11g
15. DBMS_Parallel_Execute – Updating huge table with parallel execution
16. PLSQL Hierarchical Profiler

Session 6: Explaining the Explain Plan: Interpreting the execution of Explain Plan

This being the last session there were very few attendees left in the hall. I held the fort and tried to be attentive. The presenter was solution architect at Oracle and covered the topic well in given time slot.

The features highlighted were:
1. Different ways to see explain plan in Oracle
a. Explain Plan command in SQL Plus
b. V$SQL_PLAN
c. DBMS_XPLAN package
2. Criteria for plan to be good
a. Serial execution – Less cost is good.
b. Parallel execution – Faster performance is good.
3. What is cost? Parameters on which we can tune:
a. Cardinality – No. of distinct rows
b. Access Path – Best way
c. Join Order – Correct Data
d. Join Type – Right type of Join
e. Partitioning Pruning
f. Parallelism
4. Updating the statistics using DBMS_STATS and DBMS_STATS.CREATE_EXTENDED_STATS
5. It discussed various kinds of scans viz. Full Table scan, Index unique scan, Index range scan etc.

Overall the event was very informative and gave first hand info on latest technologies in Oracle 11g from developer perspective. I have tried to highlight most of the features showcased in the event.

Hope you find it useful!