Download Document Scope - Database Security Systems

Global Database Technical Services
Standards
Database Configuration Standards
For
Oracle9i on UNIX Platforms
On Date:
Version:
Status:
5/12/2017 9:20:00 PM
1.1 alpha
review
Page i
5/12/2017
Global Database Technical Services
Standards
Document Scope ........................................................................................................................... 1
Introduction .................................................................................................................................... 1
Terminology ................................................................................................................................... 1
Section 1.
Platform .................................................................................................................... 1
1.1.
Hewlett Packard HP-UX ...................................................................................................... 1
1.2.
IBM AIX ................................................................................................................................ 1
Section 2.
2.1.
Requirements ........................................................................................................... 1
Directory Configuration ..................................................................................................... 1
2.1.1.
Database File System ................................................................................................ 1
2.1.2.
Administrative File System ........................................................................................ 1
2.2.
Database Parameters ......................................................................................................... 2
2.3.
Database Creation .............................................................................................................. 2
2.4.
2.3.1.
Character Set ............................................................................................................. 2
2.3.2.
Control Files ............................................................................................................... 2
2.3.3.
Required Tablespaces ............................................................................................... 3
2.3.3.1.
System ................................................................................................................... 3
2.3.3.2.
Tools ....................................................................................................................... 3
2.3.3.3.
Users ...................................................................................................................... 3
2.3.3.4.
Temp ...................................................................................................................... 3
2.3.3.5.
Undotbs .................................................................................................................. 4
2.3.4.
Redo Logs .................................................................................................................. 4
2.3.5.
Archiving .................................................................................................................... 4
2.3.6.
Configuration Files ..................................................................................................... 4
Application Tablespaces .................................................................................................... 5
2.4.1.
Application Tablespace Name ................................................................................... 5
2.4.2.
Application Tablespace Configuration ....................................................................... 5
2.5.
Network Configuration ....................................................................................................... 5
2.6.
User Setup ........................................................................................................................... 5
2.7.
Scheduled Administration Scripts .................................................................................... 5
2.8.
2.7.1.
Database Dependent Maintenance Scripts ............................................................... 5
2.7.2.
Database Independent Maintenance Scripts............................................................. 6
2.7.3.
Statistics Scripts......................................................................................................... 6
Backup Configuration ........................................................................................................ 6
2.8.1.
Logical Backup........................................................................................................... 6
Page ii
5/12/2017
Global Database Technical Services
Standards
2.8.2.
Physical Backup......................................................................................................... 6
2.8.3.
Archive Backup .......................................................................................................... 6
Monitoring Configuration ................................................................................................... 7
2.9.
2.9.1.
2.10.
Standard Database Events ........................................................................................ 7
GDTS Notification ........................................................................................................... 7
Section 3.
Flexibility .................................................................................................................. 7
Section 4.
Compliance ............................................................................................................... 7
Section 5.
Variance Procedure ................................................................................................. 7
Appendix A.
Revision History ............................................................................................... 8
Page iii
5/12/2017
Global Database Technical Services
Standards
Document Scope
This document contains the GDTS standards for creating and configuring a database for
Oracle on Unix platforms.
Introduction
These standards will help ensure consistency in databases created for Oracle installations on
Unix.
Terminology
See the GDTS Standards Terminology for the definition of guidelines, recommendations and
standards.
Section 1.
Platform
1.1. Hewlett Packard HP-UX
1.2. IBM AIX
1.3. Red Hat Linux
1.4. Sun Solaris
Section 2.
Requirements
2.1. Directory Configuration
(S) The storage architecture for a database, at a minimum, shall include 2 file systems;
one for the database files and one for the administrative files. The number of files
systems defined for the database environment will be dependent on the storage array
network configuration.
2.1.1. Database File System
(S) Name all mount points required for the database data files to match the pattern
/mnt/um/oradata/sid, where m is a unique fixed-length 2 digit integer identifier, beginning
with 01, that distinguishes one mount point from another. The number of files systems
defined for the database environment will be dependent on the storage array network
configuration.
[Example: /mnt/u01/oradata/sid, /mnt/u02/oradata/sid, etc.]
2.1.2. Administrative File System
(S) $ORACLE_BASE is the admin branch of the OFA directory tree. Because of its
dynamic nature, $ORACLE_BASE is not created under /opt/oracle/product. It will be
defined under /var/opt/oracle. For each database, database administration files shall be
stored in the following subdirectories of /var/opt/oracle/admin/sid, where sid is the Oracle
SID. This administration file directory structure should be located on a separate physical
Page 1
5/12/2017
Global Database Technical Services
Standards
disk from the database data file system. This will enhance performance and database
recoveries.
adhoc
arch
audit
bdump
cdump
cntrl
create
exp
pfile
redo
statspack
udump
utlfile
ad hoc SQL scripts for a given database
archived redo log files
database audit files
background process trace files
core dump files
mirrored control file for the database
scripts used to create the database
database export files
instance parameter file
mirrored online redo logs for the database
statspack reports
user SQL trace files
directory for PL/SQL file I/O.
[Example: /var/opt/oracle/admin/dsid/exp, /var/opt/oracle/admin/tsid/pfile, ...]
2.2. Database Parameters
(S) An init.ora is generated when running the perl create database script. It will only list
non-default parameters.
2.3. Database Creation
2.3.1. Character Set
(R) The standard character set for all databases should be WEISO8859P1, Western
European 8 bit character set. This character set allows use of a wider set of characters
and improves capability of exporting and importing data between geographies.
(R) GDTS recommends using national character set of UTF8. In Oracle 9i the national
character set can only be AL16UTF16 or UTF8. If you use AL16UTF16 and the client
uses Oracle 8 or Oracle 8i you will encounter data issues with data types NCAHR,
NVARCHAR2 and NCLOB unless you apply client side patches, see Meta-link note
140014.1.
2.3.2. Control Files
(S) Every Oracle database will have 2 control files, each stored on a different file system.
Each file system that stores members of on-line redo log groups should also include a
control file copy. This minimizes the risk that all control files and all groups of on-line redo
logs will be lost in a single disk failure.
Each control file shall be named controlnn.ctl where nn is a sequential number, starting
with 01, to guarantee uniqueness.
Page 2
5/12/2017
Global Database Technical Services
Standards
There shall be one control file created under the database data file system
(/mnt/u01/oradata/sid) and a second control file created under the administrative file
system ($ORACLE_BASE/sid/cntrl).
2.3.3. Required Tablespaces
(S) There are 5 standard tablespaces; System, Tools, Users, Temp, and Undotbs.
This is the minimum set of tablespaces that GDTS requires for each database. If you
choose to have a locally managed system tablespaces then all tablespaces will be locally
managed.
2.3.3.1.
System
(S) The locally managed system tablespace will have the following characteristics:
 Name - System
 Minimum Size – 300 megabytes
 Type – Permanent
 Extent Management – Local, Automatic Allocation
 Datafile Name – system01.dbf
 Segment Space Management – Automatic
 Enable Logging - Yes
 Autoextend – NO
2.3.3.2.
Tools
(S) The tools tablespace will have the following characteristics:
 Name - Tools
 Minimum Size – 10 megabytes
 Type – Permanent
 Extent Management – Local, uniform extent size of 128K
 Datafile Name – tools01.dbf
 Segment Space Management – Automatic
 Enable Logging - Yes
 Autoextend – increment by 10 megabyte with no max size
2.3.3.3.
Users
(S) The users tablespace will have the following characteristics:
 Name - Users
 Minimum Size – 10 megabytes
 Type – Permanent
 Extent Management – Local, uniform extent size of 128K
 Datafile Name – users01.dbf
 Segment Space Management – Automatic
 Enable Logging - Yes
 Autoextend – increment by 10 megabyte with no max size
2.3.3.4.
Temp
(S) The temporary tablespace will have the following characteristics:
 Name - Temp
 Minimum Size – 100 megabytes
Page 3
5/12/2017
Global Database Technical Services
Standards





2.3.3.5.
Type – Temporary
Extent Management - Locally Managed with uniform extent size of 1024K
Tempfile Name – temp01.dbf
Enable Logging - Yes
Autoextend – No
Undotbs
(S) The undo tablespace will have the following characteristics:
 Name – Undotbs
 Minimum Size – 800 megabytes
 Type – Undo
 Extent Management - Locally Managed, Automatic Allocation
 Datafile Name – undotbs01.dbf
 Autoextend – No
2.3.4. Redo Logs
(S) Every Oracle database instance has an on-line redo log that consists of groups of online redo log files. Each database should have at least 2 redo log groups. Additionally,
databases should have mirrored groups of on-line redo logs. Members of the same group
should be placed on different file systems so that no single disk failure can cause the
database instance to fail.
Each redo log in a group shall be named redonna.log where nn is a sequential number,
and a is an alphabetic character (starting with the letter a and moving through the
alphabet for each additional redo log group).
There shall be one redo log group created under the database file directory structure
/mnt/u01/oradata/sid. A second redo log group shall be created under the administrative
file directory structure $ORACLE_BASE/sid/redo.
(S) The redo logs should be sized to 50 Megs. The redo log size and the init.ora
parameter Archive_Lag_Target=1800 will cause log switch to occur every 30 minutes.
2.3.5. Archiving
(S) All production databases will be configured to run in archive log mode. This allows
the database to be backed up online and enhances the ability to recover the database up
to the time of failure.
Normally, unless this is a standby database environment, there will be one archive log
destination defined in the init.ora file. This destination should be set to
$ORACLE_BASE\sid\arch.
log_arch_dest_1 = ‘LOCATION = /var/opt/oracle/admin/sid/arch MANDATORY
REOPEN=120’
2.3.6. Configuration Files
Page 4
5/12/2017
Global Database Technical Services
Standards
(S) For every new database that you want to configure for automated startup and
shutdown and maintenance scripts you must configure the oratab file. To set up the
automated startup and shutdown scripts so that they are called at system startup,
database entries must appear in the oratab file in the format:
ORACLE_SID:ORACLE_HOME:{Y|N}
Where Y or N specifies whether you want the automated startup and shutdown scripts to
start up and shut down the database. Oratab is located in the /etc directory.
2.4. Application Tablespaces
2.4.1. Application Tablespace Name
(R) Application tablespace names sometimes cannot be controlled by GDTS. Every
effort should be made so that the tablespace names are identifiable with the applications
that they are used by. If the application/vendor will accept GDTS tablespace naming
standards, table tablespaces should be named application_DAT and index tablespaces
should be named application_IDX.
2.4.2. Application Tablespace Configuration
(S) The tablespaces should be locally managed with auto allocate or uniform extent
sizes. Tables and indexes should have separate tablespaces. The datafile names for
tablespaces should be lower case. Each datafile should be named
tablespace_namenn.dbf where nn is a sequential number beginning with 01, to
guarantee uniqueness.
2.5. Network Configuration
(S) Each database will need an entry in the listener.ora. Each database will require an entry
in Oracle Names. Verify that the server is using Oracle Names by looking in the sqlnet.ora
file located in the $ORACLE_HOME/network/admin directory of the $ORACLE_HOME that
the listener and agent are running from. Each database will require an entry in Oracle
Names. If the server is not using Oracle Names, then you will need to add an entry in the
local tnsnames.ora file located in either the /etc directory or the
$ORACLE_HOME/network/admin directory.
2.6. User Setup
(S) Database users dbsnmp, listuser, oemmgr and cargillexp should be created and their
passwords should match the GDTS standard password for each account. Any variation from
the standard passwords should be logged in table listuser.db_app_info. The regional IP
administrator for the database should be notified to create the individual DBA accounts and
secure the passwords for the sys, system, and internal accounts.
2.7. Scheduled Administration Scripts
2.7.1. Database Dependent Maintenance Scripts
(R) All database dependent maintenance scripts should be scheduled using the cron
scheduler. The following scripts are database dependent and should be scheduled to run
Page 5
5/12/2017
Global Database Technical Services
Standards
on the server.
arch_compress_new.---compresses and deletes archive logs.
ora_ofa_exp.pl---exports the database.
ora_cr_controfile.sh---backup controlfile to trace.
2.7.2. Database Independent Maintenance Scripts
(R) All database independent maintenance scripts should be scheduled using the cron
scheduler. The following scripts are database independent and should be scheduled to
run on the server.
ora_rm_trc.sh---removes trace files from the udump directory.
ora_rm_aud.sh---removes audit files from the audit directory.
ora_log_maint.sh---listener log maintenance.
2.7.3. Statistics Scripts
(R) All scripts that generate statistics for the Oracle optimizer should be scheduled using
the cron scheduler. Statistics should be generated for all application tables and indexes
unless directed otherwise by application support or the vendor. Depending on the
distribution of data, one of the following scripts should be scheduled to run on the server
against the application schemas.
ora_compute_stats.sh---computes table and index statistics for application schemas
ora_compute_Hstats.sh---computes table and index statistics with histograms for
application schemas
NOTE: Once statistics have been generated, the cost-based optimizer will
be used by the instance if CHOOSE, FIRST_ROWS, or ALL_ROWS was set for the
OPTIMIZER_MODE in the database parameter file.
2.8. Backup Configuration
The backup strategy for the database will integrate logical and physical backups based on
the database's usage characteristics.
2.8.1. Logical Backup
(R) A logical backup of an Oracle database is accomplished by using the Oracle export
utility. Exports provide supplemental protection for a backup strategy, and are used to
recover data lost due to user error. A database export should be produced once every
24 hours.
2.8.2. Physical Backup
(S) All production databases will be backed up online. The online database backup is
integrated with the operating system backup, and its' schedule will be based on project
and infrastructure requirements. The backup process will be monitored and alerts will be
sent to DBAs, via ITO, in the event of backup anomalies.
2.8.3. Archive Backup
Page 6
5/12/2017
Global Database Technical Services
Standards
(R) In addition, the database will have the archive log directory backed up every hour.
This is done to ensure that we can recover a database in the event of a disk failure that
includes the archive log directory. A journaling job will be scheduled to execute every 60
minutes during normal business hours on the backup server.
2.9. Monitoring Configuration
2.9.1. Standard Database Events
(S) OEM monitoring is the Standard monitoring tool. OEM monitoring allows for proactive monitoring measures. The five standard database events monitored are:
Event Name
Alert Log
Archive Full
DB Up/Down
Max Extents
Process Limit
2.10.
Frequency
31 minutes
16 minutes
2 minutes
23 minutes
5 minutes
Description
Checks alert log for Oracle ORA- errors.
Monitors archive destinations for space usage.
Monitors for database availability.
Monitors for objects reaching max extents.
Monitors database for number of processes.
GDTS Notification
(S) Notification of new databases should be emailed to –admin-it-cit-gia-gdts/mtkb with the
following information:
database name
server name
os type
database version
application
business unit
business owner
technical owner
csi
db creator
Section 3.
Flexibility
N/A
Section 4.
Compliance
A post-creation review with another DBA is required if GDTS will support the Oracle database.
Section 5.
Variance Procedure
Guidelines may be implemented with necessary and appropriate modifications without further
documentation.
Variations from Recommendations must be documented and sent to the Technical Review Group
for review.
Deviations from Standards require a variance. Document the change and the reasons for it and
submit to the Technical Review Group for review, discussion, and approval or denial.
Page 7
5/12/2017
Global Database Technical Services
Standards
Appendix A. Revision History
1) 11/25/2003 Initial release by Todd Hansen
Page 8
5/12/2017