* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Download Document Scope - Database Security Systems
Survey
Document related concepts
Entity–attribute–value model wikipedia , lookup
Microsoft Access wikipedia , lookup
Commitment ordering wikipedia , lookup
Global serializability wikipedia , lookup
Serializability wikipedia , lookup
Microsoft SQL Server wikipedia , lookup
Extensible Storage Engine wikipedia , lookup
Open Database Connectivity wikipedia , lookup
Functional Database Model wikipedia , lookup
Ingres (database) wikipedia , lookup
Microsoft Jet Database Engine wikipedia , lookup
Relational model wikipedia , lookup
Concurrency control wikipedia , lookup
Oracle Database wikipedia , lookup
Database model wikipedia , lookup
Transcript
Global Database Technical Services Standards Database Configuration Standards For Oracle9i on UNIX Platforms On Date: Version: Status: 5/12/2017 9:20:00 PM 1.1 alpha review Page i 5/12/2017 Global Database Technical Services Standards Document Scope ........................................................................................................................... 1 Introduction .................................................................................................................................... 1 Terminology ................................................................................................................................... 1 Section 1. Platform .................................................................................................................... 1 1.1. Hewlett Packard HP-UX ...................................................................................................... 1 1.2. IBM AIX ................................................................................................................................ 1 Section 2. 2.1. Requirements ........................................................................................................... 1 Directory Configuration ..................................................................................................... 1 2.1.1. Database File System ................................................................................................ 1 2.1.2. Administrative File System ........................................................................................ 1 2.2. Database Parameters ......................................................................................................... 2 2.3. Database Creation .............................................................................................................. 2 2.4. 2.3.1. Character Set ............................................................................................................. 2 2.3.2. Control Files ............................................................................................................... 2 2.3.3. Required Tablespaces ............................................................................................... 3 2.3.3.1. System ................................................................................................................... 3 2.3.3.2. Tools ....................................................................................................................... 3 2.3.3.3. Users ...................................................................................................................... 3 2.3.3.4. Temp ...................................................................................................................... 3 2.3.3.5. Undotbs .................................................................................................................. 4 2.3.4. Redo Logs .................................................................................................................. 4 2.3.5. Archiving .................................................................................................................... 4 2.3.6. Configuration Files ..................................................................................................... 4 Application Tablespaces .................................................................................................... 5 2.4.1. Application Tablespace Name ................................................................................... 5 2.4.2. Application Tablespace Configuration ....................................................................... 5 2.5. Network Configuration ....................................................................................................... 5 2.6. User Setup ........................................................................................................................... 5 2.7. Scheduled Administration Scripts .................................................................................... 5 2.8. 2.7.1. Database Dependent Maintenance Scripts ............................................................... 5 2.7.2. Database Independent Maintenance Scripts............................................................. 6 2.7.3. Statistics Scripts......................................................................................................... 6 Backup Configuration ........................................................................................................ 6 2.8.1. Logical Backup........................................................................................................... 6 Page ii 5/12/2017 Global Database Technical Services Standards 2.8.2. Physical Backup......................................................................................................... 6 2.8.3. Archive Backup .......................................................................................................... 6 Monitoring Configuration ................................................................................................... 7 2.9. 2.9.1. 2.10. Standard Database Events ........................................................................................ 7 GDTS Notification ........................................................................................................... 7 Section 3. Flexibility .................................................................................................................. 7 Section 4. Compliance ............................................................................................................... 7 Section 5. Variance Procedure ................................................................................................. 7 Appendix A. Revision History ............................................................................................... 8 Page iii 5/12/2017 Global Database Technical Services Standards Document Scope This document contains the GDTS standards for creating and configuring a database for Oracle on Unix platforms. Introduction These standards will help ensure consistency in databases created for Oracle installations on Unix. Terminology See the GDTS Standards Terminology for the definition of guidelines, recommendations and standards. Section 1. Platform 1.1. Hewlett Packard HP-UX 1.2. IBM AIX 1.3. Red Hat Linux 1.4. Sun Solaris Section 2. Requirements 2.1. Directory Configuration (S) The storage architecture for a database, at a minimum, shall include 2 file systems; one for the database files and one for the administrative files. The number of files systems defined for the database environment will be dependent on the storage array network configuration. 2.1.1. Database File System (S) Name all mount points required for the database data files to match the pattern /mnt/um/oradata/sid, where m is a unique fixed-length 2 digit integer identifier, beginning with 01, that distinguishes one mount point from another. The number of files systems defined for the database environment will be dependent on the storage array network configuration. [Example: /mnt/u01/oradata/sid, /mnt/u02/oradata/sid, etc.] 2.1.2. Administrative File System (S) $ORACLE_BASE is the admin branch of the OFA directory tree. Because of its dynamic nature, $ORACLE_BASE is not created under /opt/oracle/product. It will be defined under /var/opt/oracle. For each database, database administration files shall be stored in the following subdirectories of /var/opt/oracle/admin/sid, where sid is the Oracle SID. This administration file directory structure should be located on a separate physical Page 1 5/12/2017 Global Database Technical Services Standards disk from the database data file system. This will enhance performance and database recoveries. adhoc arch audit bdump cdump cntrl create exp pfile redo statspack udump utlfile ad hoc SQL scripts for a given database archived redo log files database audit files background process trace files core dump files mirrored control file for the database scripts used to create the database database export files instance parameter file mirrored online redo logs for the database statspack reports user SQL trace files directory for PL/SQL file I/O. [Example: /var/opt/oracle/admin/dsid/exp, /var/opt/oracle/admin/tsid/pfile, ...] 2.2. Database Parameters (S) An init.ora is generated when running the perl create database script. It will only list non-default parameters. 2.3. Database Creation 2.3.1. Character Set (R) The standard character set for all databases should be WEISO8859P1, Western European 8 bit character set. This character set allows use of a wider set of characters and improves capability of exporting and importing data between geographies. (R) GDTS recommends using national character set of UTF8. In Oracle 9i the national character set can only be AL16UTF16 or UTF8. If you use AL16UTF16 and the client uses Oracle 8 or Oracle 8i you will encounter data issues with data types NCAHR, NVARCHAR2 and NCLOB unless you apply client side patches, see Meta-link note 140014.1. 2.3.2. Control Files (S) Every Oracle database will have 2 control files, each stored on a different file system. Each file system that stores members of on-line redo log groups should also include a control file copy. This minimizes the risk that all control files and all groups of on-line redo logs will be lost in a single disk failure. Each control file shall be named controlnn.ctl where nn is a sequential number, starting with 01, to guarantee uniqueness. Page 2 5/12/2017 Global Database Technical Services Standards There shall be one control file created under the database data file system (/mnt/u01/oradata/sid) and a second control file created under the administrative file system ($ORACLE_BASE/sid/cntrl). 2.3.3. Required Tablespaces (S) There are 5 standard tablespaces; System, Tools, Users, Temp, and Undotbs. This is the minimum set of tablespaces that GDTS requires for each database. If you choose to have a locally managed system tablespaces then all tablespaces will be locally managed. 2.3.3.1. System (S) The locally managed system tablespace will have the following characteristics: Name - System Minimum Size – 300 megabytes Type – Permanent Extent Management – Local, Automatic Allocation Datafile Name – system01.dbf Segment Space Management – Automatic Enable Logging - Yes Autoextend – NO 2.3.3.2. Tools (S) The tools tablespace will have the following characteristics: Name - Tools Minimum Size – 10 megabytes Type – Permanent Extent Management – Local, uniform extent size of 128K Datafile Name – tools01.dbf Segment Space Management – Automatic Enable Logging - Yes Autoextend – increment by 10 megabyte with no max size 2.3.3.3. Users (S) The users tablespace will have the following characteristics: Name - Users Minimum Size – 10 megabytes Type – Permanent Extent Management – Local, uniform extent size of 128K Datafile Name – users01.dbf Segment Space Management – Automatic Enable Logging - Yes Autoextend – increment by 10 megabyte with no max size 2.3.3.4. Temp (S) The temporary tablespace will have the following characteristics: Name - Temp Minimum Size – 100 megabytes Page 3 5/12/2017 Global Database Technical Services Standards 2.3.3.5. Type – Temporary Extent Management - Locally Managed with uniform extent size of 1024K Tempfile Name – temp01.dbf Enable Logging - Yes Autoextend – No Undotbs (S) The undo tablespace will have the following characteristics: Name – Undotbs Minimum Size – 800 megabytes Type – Undo Extent Management - Locally Managed, Automatic Allocation Datafile Name – undotbs01.dbf Autoextend – No 2.3.4. Redo Logs (S) Every Oracle database instance has an on-line redo log that consists of groups of online redo log files. Each database should have at least 2 redo log groups. Additionally, databases should have mirrored groups of on-line redo logs. Members of the same group should be placed on different file systems so that no single disk failure can cause the database instance to fail. Each redo log in a group shall be named redonna.log where nn is a sequential number, and a is an alphabetic character (starting with the letter a and moving through the alphabet for each additional redo log group). There shall be one redo log group created under the database file directory structure /mnt/u01/oradata/sid. A second redo log group shall be created under the administrative file directory structure $ORACLE_BASE/sid/redo. (S) The redo logs should be sized to 50 Megs. The redo log size and the init.ora parameter Archive_Lag_Target=1800 will cause log switch to occur every 30 minutes. 2.3.5. Archiving (S) All production databases will be configured to run in archive log mode. This allows the database to be backed up online and enhances the ability to recover the database up to the time of failure. Normally, unless this is a standby database environment, there will be one archive log destination defined in the init.ora file. This destination should be set to $ORACLE_BASE\sid\arch. log_arch_dest_1 = ‘LOCATION = /var/opt/oracle/admin/sid/arch MANDATORY REOPEN=120’ 2.3.6. Configuration Files Page 4 5/12/2017 Global Database Technical Services Standards (S) For every new database that you want to configure for automated startup and shutdown and maintenance scripts you must configure the oratab file. To set up the automated startup and shutdown scripts so that they are called at system startup, database entries must appear in the oratab file in the format: ORACLE_SID:ORACLE_HOME:{Y|N} Where Y or N specifies whether you want the automated startup and shutdown scripts to start up and shut down the database. Oratab is located in the /etc directory. 2.4. Application Tablespaces 2.4.1. Application Tablespace Name (R) Application tablespace names sometimes cannot be controlled by GDTS. Every effort should be made so that the tablespace names are identifiable with the applications that they are used by. If the application/vendor will accept GDTS tablespace naming standards, table tablespaces should be named application_DAT and index tablespaces should be named application_IDX. 2.4.2. Application Tablespace Configuration (S) The tablespaces should be locally managed with auto allocate or uniform extent sizes. Tables and indexes should have separate tablespaces. The datafile names for tablespaces should be lower case. Each datafile should be named tablespace_namenn.dbf where nn is a sequential number beginning with 01, to guarantee uniqueness. 2.5. Network Configuration (S) Each database will need an entry in the listener.ora. Each database will require an entry in Oracle Names. Verify that the server is using Oracle Names by looking in the sqlnet.ora file located in the $ORACLE_HOME/network/admin directory of the $ORACLE_HOME that the listener and agent are running from. Each database will require an entry in Oracle Names. If the server is not using Oracle Names, then you will need to add an entry in the local tnsnames.ora file located in either the /etc directory or the $ORACLE_HOME/network/admin directory. 2.6. User Setup (S) Database users dbsnmp, listuser, oemmgr and cargillexp should be created and their passwords should match the GDTS standard password for each account. Any variation from the standard passwords should be logged in table listuser.db_app_info. The regional IP administrator for the database should be notified to create the individual DBA accounts and secure the passwords for the sys, system, and internal accounts. 2.7. Scheduled Administration Scripts 2.7.1. Database Dependent Maintenance Scripts (R) All database dependent maintenance scripts should be scheduled using the cron scheduler. The following scripts are database dependent and should be scheduled to run Page 5 5/12/2017 Global Database Technical Services Standards on the server. arch_compress_new.---compresses and deletes archive logs. ora_ofa_exp.pl---exports the database. ora_cr_controfile.sh---backup controlfile to trace. 2.7.2. Database Independent Maintenance Scripts (R) All database independent maintenance scripts should be scheduled using the cron scheduler. The following scripts are database independent and should be scheduled to run on the server. ora_rm_trc.sh---removes trace files from the udump directory. ora_rm_aud.sh---removes audit files from the audit directory. ora_log_maint.sh---listener log maintenance. 2.7.3. Statistics Scripts (R) All scripts that generate statistics for the Oracle optimizer should be scheduled using the cron scheduler. Statistics should be generated for all application tables and indexes unless directed otherwise by application support or the vendor. Depending on the distribution of data, one of the following scripts should be scheduled to run on the server against the application schemas. ora_compute_stats.sh---computes table and index statistics for application schemas ora_compute_Hstats.sh---computes table and index statistics with histograms for application schemas NOTE: Once statistics have been generated, the cost-based optimizer will be used by the instance if CHOOSE, FIRST_ROWS, or ALL_ROWS was set for the OPTIMIZER_MODE in the database parameter file. 2.8. Backup Configuration The backup strategy for the database will integrate logical and physical backups based on the database's usage characteristics. 2.8.1. Logical Backup (R) A logical backup of an Oracle database is accomplished by using the Oracle export utility. Exports provide supplemental protection for a backup strategy, and are used to recover data lost due to user error. A database export should be produced once every 24 hours. 2.8.2. Physical Backup (S) All production databases will be backed up online. The online database backup is integrated with the operating system backup, and its' schedule will be based on project and infrastructure requirements. The backup process will be monitored and alerts will be sent to DBAs, via ITO, in the event of backup anomalies. 2.8.3. Archive Backup Page 6 5/12/2017 Global Database Technical Services Standards (R) In addition, the database will have the archive log directory backed up every hour. This is done to ensure that we can recover a database in the event of a disk failure that includes the archive log directory. A journaling job will be scheduled to execute every 60 minutes during normal business hours on the backup server. 2.9. Monitoring Configuration 2.9.1. Standard Database Events (S) OEM monitoring is the Standard monitoring tool. OEM monitoring allows for proactive monitoring measures. The five standard database events monitored are: Event Name Alert Log Archive Full DB Up/Down Max Extents Process Limit 2.10. Frequency 31 minutes 16 minutes 2 minutes 23 minutes 5 minutes Description Checks alert log for Oracle ORA- errors. Monitors archive destinations for space usage. Monitors for database availability. Monitors for objects reaching max extents. Monitors database for number of processes. GDTS Notification (S) Notification of new databases should be emailed to –admin-it-cit-gia-gdts/mtkb with the following information: database name server name os type database version application business unit business owner technical owner csi db creator Section 3. Flexibility N/A Section 4. Compliance A post-creation review with another DBA is required if GDTS will support the Oracle database. Section 5. Variance Procedure Guidelines may be implemented with necessary and appropriate modifications without further documentation. Variations from Recommendations must be documented and sent to the Technical Review Group for review. Deviations from Standards require a variance. Document the change and the reasons for it and submit to the Technical Review Group for review, discussion, and approval or denial. Page 7 5/12/2017 Global Database Technical Services Standards Appendix A. Revision History 1) 11/25/2003 Initial release by Todd Hansen Page 8 5/12/2017