The idea of providing databases as a service to customers and companies can be a very foreign idea to the database administrator. The DBA’s job is to carefully control and dole out resources. The concept that “in the cloud” the user can just “order up” a database on demand is a difficult one.
How does it work?
First, the a cloud-based Paas Infrastructure zone must be created. Without this, the plug-in for the “database as a service” will function. Once this is setup, then the “Database for a Service” can be completed.
The DBA must create a couple users for the distinct purpose to managing the Paas Infrastructure and the “Database as a Service”. For the Paas Infrastructure user, once the user is create, you must grant the EM_CLOUD_ADMINISTRATOR role to it. The “Database as a Service” user must be created and granted the EM_SSA_ADMINISTRATOR role for it to manage allocation of resources, etc. for users that will choose the “Database as a Service” option. Any users that are going to utilize the database as a service feature will require the EM_SSA_USER role and the role(s) that will be granted to the infrastructure zones that are created in the upcoming steps.
This is a middleware feature, so keep in mind that this is accessed from the middleware menu drop-downs. You can deploy the infrastructure server pools and zones to control what resources are allowed to be allocated to the each request.
I would recommend setting up roles that you will wish to allocate access to use the database as a service privilege. You may have one or multiple ones depending on hosts that will be assigned to different cloud groups, development vs. testing, etc., but grant these roles now, which will ease the set up once you set up your zones.
If no Paas Infrastructure exists, it will take you into the setup wizard. You will choose your VM host(s) that will be part of the Paas infrastructure zone, along with any roles you want to grant to the first zone. Each zone should be treated like you would separate development, test and production or business area or client. You may have multi-tiered zones which separate development for one department to one VM host, while having a second zone to testing for another department on another VM host.
You will decide how much total memory, CPU and desk space that will be allocated to the zone. The wizard will ask you to review the choices on the zone before you finalize the zone setup. Once you have set up each of these infrastructure zones, then the “Database as a Service” an be setup.
Database as a Service
To perform the next step in the setup, you must be logged in as the user you created and granted the EM_SSA_ADMINISTRATOR role to. This user will then access the wizard by clicking on Setup –> Cloud –> Database.
The first tab has you allocate Database pools that consist of servers/hosts that will make up each database pool. This feature is dependent on Oracle database software installed on each of the servers that will be part of each database pool. Remember that all servers that reside in one pool must have the same version of OS, database software but the Oracle home can exist in several locations and chosen as part of the steps when requesting a database later on. Named credentials are required for the OS level privileges for the database as a service feature to function. If you do not have them already set up, ensure to configure them and save them off for future use. Review your setup and save, but keep in mind that any changes that are required can be performed via the “Edit” option fro the main database pool screen.
The next screen is the “Request Settings” tab. This screen can automate all settings for requests, including when to delete requests or when to archive.
The next tab, “Quotas” is of significant importance, as it states who assigned access to what Database pools, have what resource allocation they can utilize in their requests. These are assigned at the role level that we set up in the Paas Infrastructure configuration and now we can allocate amount of memory, CPU, number of schemas and number of databases that each role has privileges to create.
Profiles and Templates tab takes the DBA through the steps to set up sample schema designs and databases for specific database or application use. There are a number of ways that this can be setup, including RMAN backups, (which uses an RMAN duplicate to perform the task…) full database template, new or existing DBCA template or schema template. If you already have DBCA templates that are saved off for use on the host these can be used in this area to be used for provisioning of the “Database as a Service” requests. You an save off these templates in the software library for future use and access by the requester by location and database version. Once submitted, the profile is created and available for use.
By now accessing the Database Cloud Self Service Setup wizard, We will create the service template, the last step in the process. No plug-in is required, just choose Create –> database/schema. For this example, we are going to stick to “database”. The previous template we created was for a database template, so it should be selected and will show in the list, along with any others that have been created and saved. If it’s a single instance template, then the service template should be set up for single instance vs. RAC, which is also an option. You can then choose what database prefix you desire, which will control some of the crazy database naming that *could* and very may likely occur, (yes, the requester will choose the database name prefixed by what you choose here….) along with domain name to control the global name settings. Listener port settings are next. I didn’t see any way to use multiple port options per zone, but for RAC, a scan listener setup was available.
The next window in the setup will look very familiar to any DBA. It looks very similar to the setup for databases in the DBCA, (Oracle’s Database Configuration Assistant utility). This allows the DBA an easy setup via ASM, but will require a defined directory path for datafiles. This can be difficult for Windows VM users if all drives are not the same for the host pool, (i.e. one server has the G:\ drive available vs. another that has the F:\ drive.) When Server admins are designing the cloud infrastructure to be used for Oracle and Windows is the OS platform, ensure they understand that having mirror image servers is important.
Security settings in this setup are going to make most DBAs a bit tense. Yes, all of the databases in this database pool will be have the same password for the SYS, SYSTEM and DBSNMP. The max configuration complexity is to set it different for each of the three users so that they have individual passwords, but all databases created through this template will have the SYS set the same for whatever you type in for the SYS password field, SYSTEM, etc.
Setting up the flash recovery area will be dependent upon the VM servers assigned to the database pool to be mirror images to each other just as the datafile location will be unless ASM is used. Setting up a default value for this may be hit or miss, as it may be difficult to judge how each database is used in the end, even if the templates are carefully designed and monitoring for FRA usage through the EM12c should be set up with significant metric thresholds that support this vulnerability.
The service template must be allocated to an Infrastructure zone, as was created in our initial steps. Once that is done, you will be asked to add your roles to the service template created earlier on, that will then offer those users rights to use this template.
As with any cloud service, it wouldn’t be an EM12c cloud feature without charge back. Maintenance features for charge back can be accessed from the Enterprise –> Chargeback menu in the dropdown, but for this post, we assume that charge back plans have already been set up, so we will simply continue with the Chargeback tab. For anyone who is unsure how to set up charge back, I highly recommend ”Enterprise Manager 12c Cloud Control Metering and Chargeback“ to get a feel for this complex task.
The charge back plans are then assigned to the actual Paas Infrastructure zones. Doing this will ensure that anyone creating databases in these zones are charged correctly for usage of these cloud resources.
Using the Self Service Portal
Within the Self Service Portal, the user can go to the “My Databases” tab click on “Request” to start the process. The request name will be automatically filled with the user name and the date, along with choices made by the privileges allocated to the individual user. Single instance/RAC, amount of memory/CPU required, time to deploy the database, (immediate or scheduled) and then create a user for instant access for the administration of the database. This is an EM job submission, so the job does exist in the EM job tables. Provisioning will show the progress of the database creation and if any errors or issues arise. Once completed, we can then re-enter the Self Service Portal and see the database listed in “My Databases”.
Managing the Database
By double-clicking on a database in the “My Databases” list, access is given to the main management page. The user is able to start/stop the database, view connection information, if any administration work is required, (including backups if they are not already configured) and basic performance information.
Pros and Cons
To have the ability to create a database for development, testing or QA without having to allocate over-stressed DBA resources is a great option.
- DBAs will most likely limit the use to production VM access to the feature to leads in departments or DBA’s for customers of their cloud services.
- Non-DBAs need to understand that backups of databases are not automatically set up when the database is created, so creating scripts to setup backups may be beneficial that can run at the end as part of the service template is recommended.
- Templates can include other post-database creation scripts to automate even more tasks that were once on the DBAs list of demands.
- The security setup is limited. If SYS/SYSTEM is discovered in one database involved in a template used, it could be used to access other databases.
- Clear understanding of how charge backs work must exist if they’re used.
DBAs should take the time to dig into the “Database as a Feature” and think about the benefits to future in how it will free up their time to take on more fascinating challenges.
No fear of the future, it’s already here….
the user who has been granted access to this feature, will be able to request a database, just like any other automated process that is available via the console. To perform the task is not any more complicated than requesting a report via an application on the web.