SlideShare une entreprise Scribd logo

IaC MeetUp Active Directory Setup for Oracle Security LAB

Stefan Oehrli
Stefan Oehrli

There is always that one problem that you want to analyze or that new feature that you briefly want to test. But often you lack a corresponding LAB environment. Especially if several systems and services like MS Active Directory have to be tested in combination. In this presentation we will show how IaC, scripts etc. can be used to create LAB environments quickly and easily. We will show how to configure VMs with Vagrant to test specific topics like Oracle Database Integration with Active Directory. In addition to Vagrant, we will also take a brief look at Docker Containers and Terraform Deployment on OCI, and see how you can create a corresponding LAB environment with moderate effort. The presentation will be complemented by corresponding demos and examples.

Technologie
1  sur  80
Télécharger pour lire hors ligne
IaC Meetup – LAB Environments Stefan Oehrli 2021.09.16
HALLO, GRÜESSECH, HI! STEFAN OEHRLI PLATFORM ARCHITECT § Since 1997 active in various IT areas § More than 24 years of experience in Oracle databases § Focus: Protecting data and operating databases securely o Security assessments and reviews o Database security concepts and their implementation o Oracle Backup & Recovery concepts and troubleshooting o Oracle Enterprise User and Advanced Security, DB Vault, … o Oracle Directory Services § Co-author of the book The Oracle DBA (Hanser, 2016/07)
OUR WORKSPACES ROMANIA AUSTRIA GERMANY SWITZERLAND 4
AGENDA § Introduction § A set of scripts to rule them all § Trivadis LAB Company § AD Scripts § Vagrant § Oracle Init Scripts § Docker § Terraform § Use Cases § Conclusion
6 Introduction
MOTIVATION Training, testing and engineering are part of everyday life in IT § Onboarding new employees § Specific employee training or self-study § Regular training of operating activities o validate disaster recovery o Train backup & recovery use cases § PoC environment for complex architectures § Or simply the latest feature
BUT WE DO HAVE A TEST SYSTEM... 8 … indeed, but it is ... § … currently being used by someone else § … under maintenance § … not up to date § … not configured appropriately § … not scalable (number of concurrent users) § … not scalable (system resources) Time for engineering / training is limited and most of the time you don't want to spend it on setup task. Source: Stefan Oehrli, CERN LHC Data Center
SOLUTION APPROACHES 9 § Flexibility through large on-premises setup o Fixed costs? § VM local or on-premises environments § Cloud Lab and Engineering environment o Manual setup? Click, click, J § Establish or reuse of IT automation o Scripts, Ansible, Puppet,… § What about know-how on trainings itself? But why not a setup using IaC? Source: Stefan Oehrli, CERN LHC
ORACLE MAXIMUM DATA SECURITY ARCHITECTURE 10
WORKING WITH ORACLE SECURITY FEATURES 11 § Dependencies on other infrastructure components e.g., o MS Active Directory o Oracle Directory / LDAP Server § Focus on testing, engineering of features o No time setup the LAB § Possibility to test different variants and versions o Does Kerberos authentication still work with Oracle 19c? o New config required?
WHERE TO PUT THE LAB? 12 Cloud based would be state of the art… § Availability of resources § Scalability § Pay as you go Business Travels perfect time to... § Test new features § Troubleshoot / reproduce issues Have you ever tried working in the cloud while traveling on the ICE from Zurich to Stuttgart? § Being offline for 30m and longer is common
BUCKET LIST FOR THE ENGINEERING LAB 13 qOracle Database Server with the latest Oracle Binaries qTest Database preferable with Container database and single tenant database qSome fancy test schema. qOptional additional Oracle Database Server with other releases. qOracle Unified Directory Server to setup an LDAP and configure EUS or Oracle Names resolution. qActive Directory Server matching my fancy test schema somehow qKDC for Kerberos Authentication q….
14 A set of scripts to rule them all
STAY FLEXIBLE - DIFFERENT APPROACHES 15 Set of common scripts § Public available in GitHub § Reusable for different implementation § Manual to fully automatic setups
GITHUB REPOSITORIES 16 § Vagrant Configuration trivadislabs.com § AD Setup scripts ad-lab § Oracle Database Init Scripts oradba_init § Docker Oracle Engineering doe § Docker Build Scripts for Oracle docker § A couple Terraform Modules e.g., o Trivadis/terraform-oci-tvdlab-bastion o Trivadis/terraform-oci-tvdlab-host
TRIVADISLABS.COM 17
AD-LAB 18
ORADBA_INIT 19
DOCKER ORACLE ENGINEERING 20
DOCKER BUILD SCRIPTS 21
TERRAFORM MODULE 22
BUT WAIT, WHY NOT…. 23 Why stay on plain Bash / PowerShell Scripts? § There was no bigger picture / plan § Now initial roadmap § Historically grown o based on own needs / requirements § Lack of experience with Ansible, Puppet, etc. If I still would do it in plain script? § In the meantime, I would probably use a tool Contribution to those projects is highly welcome
24 Trivadis LAB Company
TRIVADIS LAB COMPANY § Engineering of User / Roles concepts requires data o dump of production data is usually "below optimal” § The fictitious company Trivadis Lab serves as a training vehicle § Company with different departments o Misc Groups and Oranisational Units OU § Oracle Database Schema TVD_HR does match the organization o Oracle Virtual Private Database o Oracle Enterprise Security
TRIVADIS LAB ORGANISATION CHART 26
DEPARTMENTS 27 ID Department Distinguished Name (DN) 10 Senior Management ou=Senior Management,ou=People,dc=trivadislabs,dc=com 20 Accounting ou=Accounting,ou=People,dc=trivadislabs,dc=com 30 Research ou=Research,ou=People,dc=trivadislabs,dc=com 40 Sales ou=Sales,ou=People,dc=trivadislabs,dc=com 50 Operations ou=Operations,ou=People,dc=trivadislabs,dc=com 60 Information Technology ou=Information Technology,ou=People,dc=trivadislabs,dc=com 70 Human Resources ou=Human Resources,ou=People,dc=trivadislabs,dc=com
GROUPS 28 Group Distinguished Name (DN) Description Trivadis LAB APP Admins ou=Trivadis LAB APP Admins,ou=Groups,dc=trivadislabs,dc=com Application Administrators Trivadis LAB DB Admins ou=Trivadis LAB DB Admins,ou=Groups,dc=trivadislabs,dc=com DB Admins from IT department Trivadis LAB Developers ou=Trivadis LAB Developers,ou=Groups,dc=trivadislabs,dc=com Developers from the Research Department Trivadis LAB Management ou=Trivadis LAB Management,ou=Groups,dc=trivadislabs,dc=com Management and Managers Trivadis LAB System Admins ou=Trivadis LAB System Admins,ou=Groups,dc=trivadislabs,dc=com System Admins from IT Department Trivadis LAB Users ou=Trivadis LAB Users,ou=Groups,dc=trivadislabs,dc=com All Users
29 AD Scripts
AD-LAB – POWERSHELL SCRIPTS 30 § Set of PowerShell scripts to setup AD and some Tools § Step by step setup and configuration o Sequence in file name o Not every step is necessary § Script 00_init_environment.ps1 is sourced in any script § Dedicated configuration file o Allows customization e.g., IP, Domain Name etc. § Direct download of AD-LAB in your setup $StageFolder = "C:stage" $GitHubURL = "https://github.com/oehrlis/ad-lab/archive/refs/heads/main.zip" New-Item -ItemType Directory -Force -Path $StageFolder Invoke-WebRequest -Uri $GitHubURL -OutFile "$StageFoldermain.zip"
CUSTOMIZATION 31 scripts/00_init_environment.ps1 config/default_configuration.txt § Update the default configuration file prior initiating the scripts § Modify the 00_init_environment.ps1 § Password are usually generated o Can be predefined in default_pwd_windows.txt
SCRIPTS PART I 32 § 00_init_environment.ps1 script to Initialize and configure the default values. § 01_install_ad_role.ps1 PowerShell script to install MS Active Directory server role § 11_config_ad.ps1 PowerShell script to configure Active Directory § 12_config_dns.ps1 PowerShell script to configure DNS server § 13_config_ca.ps1 Script to configure Certification Authority § 19_sum_up_ad.ps1 PowerShell script to display a summary of Active Directory Domain and install Windows updates § 22_install_chocolatey.ps1 PowerShell script to install Chocolatey package manager
SCRIPTS PART II 33 § 27_config_cmu.ps1 PowerShell script to configure CMU on MS Active Directory § 28_config_misc.ps1 PowerShell script to configure NAT zone records for AD domain § 28_install_oracle_client.ps1 PowerShell script to install the Oracle Client § 99_template.ps1 PowerShell template for other scripts § 40_reset_ad_users.ps1 PowerShell script to reset all domain user password Although the script 27_config_cmu.ps1 and 28_install_oracle_client.ps1 are just skeletons.
A FEW NOTES 34 § I am not a Windows specialist § There is certainly room for improvement in the scripts o Error handling, logging, automation, etc. § Windows is sometimes mmh… o … not my best friend § Certain configuration require a delay until they can be executed o Services must be available o Certification authority CA could not be setup at an early stage o I do not understand every reboot § Not sure if this AD configuration does meet common best practice o It does work for my use cases
35 Vagrant
BASE IMAGES 36 § Oracle Enterprise Linux as base Images for Oracle Databases o https://yum.oracle.com/boxes/ o Carefree package for Oracle DB’s o Linux optimization is / was not my goal § Windows Based VMs using images from the vagrant cloud o Stefan Scherer did maintain a bunch of different images https://app.vagrantup.com/StefanScherer o Ready to use with all kind of preconfigured e.g., WinRM o Based on the development License i.e., the images will not work after 180 renewal is possible.
TRIVADIS LAB 37 § Virtualbox based test and engineering environment § Infrastructure as Code with Vagrant o Vagrant Scripts available in GitHub Repository https://github.com/oehrlis/trivadislabs.com § Requires Vagrant, Virtualbox and the various images, software etc. o HashiCorp Vagrant https://www.vagrantup.com o Oracle VM Virtualbox https://www.virtualbox.org/wiki/Downloads § Different VM for different applications o win2019ad.trivadislabs.com Windows 2019 Active Directory o ol7oud12.trivadislabs.com Oracle Unified Directory Server 12c o ol7db21.trivadislabs.com Oracle DB Server with 21c o As well VMs for Oracle DB Server 19c, 18c, 12c and 11g
VAGRANT BASE LAB ENVRIONMENT
TRIVADIS LAB STRUCTURE 39 § All VM share a common config and script folder o Generic setup scripts o Vagrant config file vagrant.yml o Folder mounted as /vagrant_common § Dedicate folder for Lab and demo scripts o Folder mounted as /vagrant_labs § Dedicate vagrant folder for each VM o Location of the vagrant file o Software like Oracle binaries / RU o Specific Setup and configuration scripts o Folder mounted as /vagrant § Oracle 11g VM is also available Common config and scripts Lab and demos scripts 12g DB VM specific stuff 18c DB VM specific stuff 19c DB VM specific stuff OUD VM specific stuff Windows VM specific stuff
VAGRANT CONFIG FILE 40 # - Configuration ------------------------------------------------ params = YAML.load_file '../common/config/vagrant.yml' # shared configuration var_default_password= params['common']['default_password'] # Configuration valid for AD server win2019ad: box: StefanScherer/windows_2019 vm_name: win2019ad § YAML based configuration file vagrant.yml § Define common but also VM specific stuff like hostname, IP addresses, VM names, DB Version scripts and much more § Loaded in each Vagrant file to load config § Can be sourced with 00_init_environment.sh to load values from Vagrant config file
COMMON CONFIG SCRIPTS PART I 41 Generic configuration scripts. Primarily used for OUD and DB VMs § 00_init_environment.sh Init script to source the Vagrant config values as variables § 01_common_setup_os_db.sh Configure OS of DB VM § 01_common_setup_os_oud.shConfigure OS of OUD VM § 10_install_binaries.sh Wrapper script to install Oracle binaries. oradba_init scripts from GitHub are used to do the installation § 11_install_basenv.sh Wrapper script to install Trivadis BasEnvTM § 12_config_tnsadmin.sh Configure TNS Admin related stuff
COMMON CONFIG SCRIPTS PART II 42 § 12_config_tnsadmin.sh Configure TNS Admin related stuff § 20_create_databases.sh Wrapper script to setup the Oracle DB’s § 80_create_tvd_hr_pdb1.sqlSQL script to install TVD_HR schema in a Container DB § 81_create_tvd_hr.sql SQL script to install TVD_HR schema
VAGRANT FILE 43 § Each VM hast its own Vagrant file Vagrantfile § The file contains all information how the VM should be setup o VM memory and CPU configuration o Shared folder configuration o Setup respectively provisioning scripts § Configuration is loaded from the Vagrant config file vagrant.yml o Corresponding values are loaded as variables § A few things can easily be configured. Complex disk and network configuration a bit tricky § the easiest thing is to just look at a file…
DB VM BUILD PROCESS 44 § VM is based on the official Oracle Vagrant box § Resources 4GB, 2 CPU and a simple disk § Setup from OS config up to DB creation: o 01_common_setup_os_db.sh o 10_install_binaries.sh o 11_install_basenv.sh o 12_config_tnsadmin.sh o 20_create_databases.sh § Up and ready in about 20min depending on network speed and Host performance
OUD VM BUILD PROCESS 45 § VM is based on the official Oracle Vagrant box § Resources 1GB, 1 CPU and a simple disk § Setup OS config and binary installation: o 01_common_setup_os_oud.sh o 10_install_binaries.sh § Currently on OUD instance configuration § Up and ready in about 10min depending on network speed and Host performance
WINDOWS AD VM BUILD PROCESS 46 § VM is based on Stefan Scherer windows_2016 box on the Vagrant cloud § Resources 1GB, 1 CPU and a simple disk o 00_init_ad-lab.ps1 o 01_config_ad-lab_part1.ps1 o 02_config_ad-lab_part2.ps1 o 03_config_ad-lab_part3.ps1 § Up and ready in about 10min depending on network speed and Host performance
REQUIREMENTS IN DETAIL 47 § Vagrant Scripts available in GitHub Repository https://github.com/oehrlis/trivadislabs.com § Vagrant CLI Vagrant https://www.vagrantup.com § Vagrant Plugin vagrant-reload used for releoad / reboot during provisioning of VM § Vagrant Box or base images. o These will be downloaded during initial config of VM o Windows base Image is about 4G and will take while § Oracle VM Virtualbox https://www.virtualbox.org/wiki/Downloads § Oracle Binaries and Patch as ZIP files o Check the *.download files for the download information and links § Last but not least a little memory, disk and CPU resources
VAGRANT IN A NUTSHELL 48 cd win2016ad vagrant up git clone https://github.com/oehrlis/trivadislabs.com.git § Clone Git Repository § Copy the corresponding Oracle software into the ../software directories § Initial starting and provisioning of the VM (win2016ad, ol7db18, ol7db19 ol7oud12,…) vagrant ssh sudo su – oracle vagrant rdp § Access via vagrant ssh or rdp
SUMMARY 49 § Vagrant allows to building reproducible Lab environments § A lot is possible but not yet everything o Complex network configuration o Highly customized storage configuration § There are still a few miles to go to have all 100% automated § The current setup allows to focus on engineering… … without spending hours on setups. § If you screw it up just rebuild it!
50 Oracle Init Scripts
ORACLE INIT SCRIPTS § Bunch of Bash Scripts to install / configure Oracle Databases o Rather simple configuration via environment variables o Focus on Linux and Oracle setups o Includes response files to create databases § Initially setup for Oracle Docker container § Now used for… o ... Manually deployments and installation on-premises o … Vagrant setups o … Docker Images / Container o … Terraform bootstrap of cloud Database Resources § Strong integration with Docker, Vagrant and Terraform configuration
52 Docker
SETUP ORACLE DATABASE § Prepare the OS environment for an Oracle installation o Install the oracle-database-preinstall-19c o Create oracle user / groups / directories o … § Install the Oracle binaries including additional RU’s § Adjust the environment, SQLNet, Listener etc. § Create a database using DBCA or custom scripts § Configure database and database features § Add a couple of customization Quite some work, isn’t it? Time to simplify your setup using Docker images Source: https://www.docker.com
OPTIONS TO BUILD ORACLE DATABASE IMAGES PART I 54 § Use the official pre build Docker image provide by Oracle on https://container-registry.oracle.com/ o Limited release / version available e.g. no RU / No customization o Images are based on https://github.com/oracle/docker-images § Use third party pre build Docker images for Oracle Databases o Not supported. o Providing Oracle software for download not allowed at all.
OPTIONS TO BUILD ORACLE DATABASE IMAGES PART II 55 § Build you own Oracle Database Images based on https://github.com/oracle/docker-images o Does provide build scripts for a couple of Oracle Products including Oracle Database RAC § Build you own Oracle Database Images based https://github.com/oehrlis/docker o Similar approach as Oracle with a couple of customization. § Start with your own build environment from scratch or based on a project above or any other like ORACLE-BASE and much more on GitHub
ORADBA BUILD SCRIPTS 56 § The GitHub Repository oehrlis/docker does provide a bunch of alternative build Scripts. o Similar approach as Oracle with a couple of customization. o Continuously developed and improved. o Some improvements are added as pull requests to the official Oracle Docker build scripts. E.g. Oracle Unified Directory build scripts. § OraDBA GitHub Repository does include build scripts for the following product / version o Oracle Unified Directory (11.1.2.3.x, 12.2.1.3.x and 12.2.1.4.x) o Oracle Database Server EE 11g-21c with any kind of PSU/RU § The build scripts are modified at least every quarter to include the latest Oracle Critical Patch Updates.
USING ORADBA BUILD SCRIPTS 57 ./common/buildDB.sh 19.0.0.0 git clone https://github.com/oehrlis/docker.git docker § Clone the Oracle GitHub Repository § Download the required Oracle binary package. See the software/*.download files § Run the build wrapper script buildDB.sh or buildAllDB.sh docker build –t oracle/database:19.5.0.0 . docker build –t oracle/database:18.6.0.0 –f 18.6.0.0.Dockerfile . § Alternatively run docker build manually § Oracle does provide similar build script for different version as well Oracle editions.
PROCEDURE FOR CONTAINER START 58
PROCEDURE FOR CONTAINER START 59 § 50_run_database.sh checks the volume and starts the database with… § 50_start_database.sh starts the listener and the database instance § 52_create_database.sh creates a database with the dbca. § 55_config_database.sh checks whether configuration files (*.sh or *.sql) are present o ${INSTANCE_INIT}/setup o ${INSTANCE_INIT}/startup § 55_check_database.sh
CONTAINER SCRIPTS 60 § 50_run_database.sh checks the volume and starts the database with… o 50_start_database.sh If no database exists, the script o 52_create_database.sh is called § 50_start_database.sh starts the listener and the database instance § 52_create_database.sh creates a database with the dbca. Base parameters can be adjusted with environment variables § 55_config_database.sh checks whether configuration files (*.sh or *.sql) are present in the directory ${INSTANCE_INIT}/setup or ${INSTANCE_INIT}/startup respectively. § 55_check_database.sh is used for the health check of the Docker container and checks the status of the database instance
DOCKERIZED TESTS AT ANY PRICE? 61 But does everything make sense? § Performance test? § Complex test with high workload? § Tests with very large data sets? It depends… § Docker in particular its volumes are not high performance § Hardware-dependent tests do not make sense. § It takes time to create large and comprehensive databases. In general, do not test what is outside the scope of a Docker platform. Image Credit: Docker Inc. / Laurel Duermaël
62 Terraform
OCI BASED LABS Oracle Cloud § Run the LAB environment § Scale resources or environments Initialisation § Bootstrap scripts or Ansible workflows § Configure DBs, LAB etc. Terraform § plan, apply, destroy the env § Command line, Build Pipeline, OCI Stack Git as the basis for the code § Terraform Code § Setup Scripts § LAB / Training documentation Infrastructure as Code in GIT Terraform Configuration Oracle Cloud Infrastructure System Initialisation
INITIAL SITUATION 64
IDEA FOR A NEW ENVIRONMENT 65
BUILD PIPELINE 66
DEPLOYMENT 67
LAB USAGE 68
SYSTEM ACCESS 69 Different access paths § Direct via public IP addresses § Bastion Host o Public IP address o SSH access (putty, OpenSSH, etc) o Port forwarding o Apache Guacamole Remote Desktop § VPN Access o OpenVPN o Site2Site VPN
EXAMPLE ARCHITECTURE – ORACLE SECURITY TRAINING 70
TERRAFORM BOOTSTRAP AND WINDOWS 71 § Not yet best friends § Full automated bootstrap does not work o Reboot required § Manual or semi automated approach required.
72 Use Cases
ORACLE PATCH AND RELEASE UPDATES 73 Background § It can happen that you have to patch Oracle databases. § Critical Patch Updates, Release Updates, one-off Patch Idea § Build dedicated Docker images (tags!) for the different RU § Use the persistent volume with a new Docker database containers e.g. 19.4.0.0 to 19.5.0.0 Solution § Add a script to startup which run’s datapatch on every database start. § Allows to apply and remove release updates. § Drawback slow down Container startup. Could be workaround by adding script only when required § https://github.com/oehrlis/docker/tree/master/samples/patch
DATABASE UPGRADE 74 Idea § Build dedicated Docker images for the different major releases. § Use the persistent volume with a new Docker database container Problem § Database upgrades are not straight forward. § Some scripts must be executed with old binaries were others with new binaries. Solution § Not as easy as release updates. § Upgrade process must be split in pre and post tasks. § Pre-task have to be executed before the old container is stopped. § The Oracle datafiles do not show in which upgrade state they are.
UNIFIED AUDIT 75 Background for Use Case Unified Audit § Customer Project to engineer Oracle Unified Audit for a PDB environment. § Struggle with a couple of bug and other challenges. Idea testing Unified Audit § Be able to test a similar setup with Versions § Test dedicated one-off patch § Test multitenant and single tenant databases Solution approach § Add script to container setup folder to enable and configure unified audit. § Add script to container startup to check and enable unified audit. § https://github.com/oehrlis/docker/tree/master/samples/audit
CENTRALLY MANAGED USERS Background § New Oracle security feature introduced with Oracle 18c § Simple replacement of Oracle Enterprise User Security Idea § Setup a test environment based on Oracle Database § Use docker-compose to simplify setup Solution § Add scripts to setup sample schema § Add scripts to configure CMU § Requires preparation on Active Directory § https://github.com/oehrlis/docker/tree/master/samples/cmu
ORACLE ENTERPRISE USER SECURITY 77 Background § Customer Projects to engineer Oracle Enterprise User Security. § Test different Oracle releases, configurations, SSL settings etc. Idea § Setup a test environment based on Oracle Database and Oracle Unified Directory on Docker Solution § Add scripts to OUD container setup folder to create an OUD instance with EUS suffix. § Add scripts to DB container setup folder to configure Enterprise User Security in the database. § Script to register database § Script to configure EUS mapping § https://github.com/oehrlis/docker/tree/master/samples/eus
ORACLE ENTERPRISE USER SECURITY 78 § Oracle Database Container o Demo Schema with VPD § Oracle Unified Directory Container o Directory with EUS suffix § Initial start of containers o Creating the DB / Directory o Registration of the DB o Configuration of EUS § Available on GitHub
79 Conclusion
CONCLUSION 80 § There are way to much possibilities to setup LAB environment o I use to do more engineering on this J § Vagrant is a simple and easy solution to setup local system § Script could easily be reused for different technologies § New approach probably should be based on something like Ansible

Recommandé

Security Best Practice: Oracle passwords, but secure!
Security Best Practice: Oracle passwords, but secure!Security Best Practice: Oracle passwords, but secure!
Security Best Practice: Oracle passwords, but secure!Stefan Oehrli
 
AUSOUG Oracle Password Security
AUSOUG Oracle Password SecurityAUSOUG Oracle Password Security
AUSOUG Oracle Password SecurityStefan Oehrli
 
MythBusters Globalization Support - Avoid Data Corruption
MythBusters Globalization Support - Avoid Data CorruptionMythBusters Globalization Support - Avoid Data Corruption
MythBusters Globalization Support - Avoid Data CorruptionChristian Gohmann
 
TechEvent 2019: Oracle PDB Isolation and Security; Stefan Oehrli - Trivadis
TechEvent 2019: Oracle PDB Isolation and Security; Stefan Oehrli - TrivadisTechEvent 2019: Oracle PDB Isolation and Security; Stefan Oehrli - Trivadis
TechEvent 2019: Oracle PDB Isolation and Security; Stefan Oehrli - TrivadisTrivadis
 
REST in Piece - Administration of an Oracle Cluster/Database using REST
REST in Piece - Administration of an Oracle Cluster/Database using RESTREST in Piece - Administration of an Oracle Cluster/Database using REST
REST in Piece - Administration of an Oracle Cluster/Database using RESTChristian Gohmann
 
SOUG Day Oracle 21c New Security Features
SOUG Day Oracle 21c New Security FeaturesSOUG Day Oracle 21c New Security Features
SOUG Day Oracle 21c New Security FeaturesStefan Oehrli
 
TechEvent 2019: Oracle Databases as Managed Service at AWS, Yes it works!; Al...
TechEvent 2019: Oracle Databases as Managed Service at AWS, Yes it works!; Al...TechEvent 2019: Oracle Databases as Managed Service at AWS, Yes it works!; Al...
TechEvent 2019: Oracle Databases as Managed Service at AWS, Yes it works!; Al...Trivadis
 
SOUG PDB Security, Isolation and DB Nest 20c
SOUG PDB Security, Isolation and DB Nest 20cSOUG PDB Security, Isolation and DB Nest 20c
SOUG PDB Security, Isolation and DB Nest 20cStefan Oehrli
 

Recommandé

Security Best Practice: Oracle passwords, but secure!
Security Best Practice: Oracle passwords, but secure!Security Best Practice: Oracle passwords, but secure!
Security Best Practice: Oracle passwords, but secure!Stefan Oehrli
 
AUSOUG Oracle Password Security
AUSOUG Oracle Password SecurityAUSOUG Oracle Password Security
AUSOUG Oracle Password SecurityStefan Oehrli
 
MythBusters Globalization Support - Avoid Data Corruption
MythBusters Globalization Support - Avoid Data CorruptionMythBusters Globalization Support - Avoid Data Corruption
MythBusters Globalization Support - Avoid Data CorruptionChristian Gohmann
 
TechEvent 2019: Oracle PDB Isolation and Security; Stefan Oehrli - Trivadis
TechEvent 2019: Oracle PDB Isolation and Security; Stefan Oehrli - TrivadisTechEvent 2019: Oracle PDB Isolation and Security; Stefan Oehrli - Trivadis
TechEvent 2019: Oracle PDB Isolation and Security; Stefan Oehrli - TrivadisTrivadis
 
REST in Piece - Administration of an Oracle Cluster/Database using REST
REST in Piece - Administration of an Oracle Cluster/Database using RESTREST in Piece - Administration of an Oracle Cluster/Database using REST
REST in Piece - Administration of an Oracle Cluster/Database using RESTChristian Gohmann
 
SOUG Day Oracle 21c New Security Features
SOUG Day Oracle 21c New Security FeaturesSOUG Day Oracle 21c New Security Features
SOUG Day Oracle 21c New Security FeaturesStefan Oehrli
 
TechEvent 2019: Oracle Databases as Managed Service at AWS, Yes it works!; Al...
TechEvent 2019: Oracle Databases as Managed Service at AWS, Yes it works!; Al...TechEvent 2019: Oracle Databases as Managed Service at AWS, Yes it works!; Al...
TechEvent 2019: Oracle Databases as Managed Service at AWS, Yes it works!; Al...Trivadis
 
SOUG PDB Security, Isolation and DB Nest 20c
SOUG PDB Security, Isolation and DB Nest 20cSOUG PDB Security, Isolation and DB Nest 20c
SOUG PDB Security, Isolation and DB Nest 20cStefan Oehrli
 
Oracle and Docker
Oracle and DockerOracle and Docker
Oracle and DockerStefan Oehrli
 
Security Best Practice: Oracle passwords, but secure!
Security Best Practice: Oracle passwords, but secure!Security Best Practice: Oracle passwords, but secure!
Security Best Practice: Oracle passwords, but secure!Stefan Oehrli
 
DOAG Oracle Database Vault
DOAG Oracle Database VaultDOAG Oracle Database Vault
DOAG Oracle Database VaultStefan Oehrli
 
UKOUG TechFest PDB Isolation and Security
UKOUG TechFest PDB Isolation and SecurityUKOUG TechFest PDB Isolation and Security
UKOUG TechFest PDB Isolation and SecurityStefan Oehrli
 
TechEvent EUS, Kerberos, SSL and OUD
TechEvent EUS, Kerberos, SSL and OUDTechEvent EUS, Kerberos, SSL and OUD
TechEvent EUS, Kerberos, SSL and OUDTrivadis
 
TechEvent Oracle 18c New Security Features
TechEvent Oracle 18c New Security FeaturesTechEvent Oracle 18c New Security Features
TechEvent Oracle 18c New Security FeaturesTrivadis
 
Database 12c is ready for you... Are you ready for 12c?
Database 12c is ready for you... Are you ready for 12c?Database 12c is ready for you... Are you ready for 12c?
Database 12c is ready for you... Are you ready for 12c?Performance Tuning Corporation
 
Oracle Cloud deployment with Terraform
Oracle Cloud deployment with TerraformOracle Cloud deployment with Terraform
Oracle Cloud deployment with TerraformStefan Oehrli
 
Oracle Unified Directory. Lessons learnt. Is it ready for a move from OID? (O...
Oracle Unified Directory. Lessons learnt. Is it ready for a move from OID? (O...Oracle Unified Directory. Lessons learnt. Is it ready for a move from OID? (O...
Oracle Unified Directory. Lessons learnt. Is it ready for a move from OID? (O...Andrejs Prokopjevs
 
DOAG Oracle Unified Audit in Multitenant Environments
DOAG Oracle Unified Audit in Multitenant EnvironmentsDOAG Oracle Unified Audit in Multitenant Environments
DOAG Oracle Unified Audit in Multitenant EnvironmentsStefan Oehrli
 
Postgre sql best_practices
Postgre sql best_practicesPostgre sql best_practices
Postgre sql best_practicesEmiliano Fusaglia
 
Create non-cdb (traditional) oracle database 12c on windows
Create non-cdb (traditional) oracle database 12c on windowsCreate non-cdb (traditional) oracle database 12c on windows
Create non-cdb (traditional) oracle database 12c on windowsBiju Thomas
 
12 Things about Oracle WebLogic Server 12c
12 Things about Oracle WebLogic Server 12c12 Things about Oracle WebLogic Server 12c
12 Things about Oracle WebLogic Server 12cGuatemala User Group
 
Using VirtualBox - Learn Oracle Database 12c and EBS R12
Using VirtualBox - Learn Oracle Database 12c and EBS R12Using VirtualBox - Learn Oracle Database 12c and EBS R12
Using VirtualBox - Learn Oracle Database 12c and EBS R12Biju Thomas
 
UKOUG Techfest 2019 Central user Administration of Oracle Databases
UKOUG Techfest 2019 Central user Administration of Oracle DatabasesUKOUG Techfest 2019 Central user Administration of Oracle Databases
UKOUG Techfest 2019 Central user Administration of Oracle DatabasesStefan Oehrli
 
MySQL 5.7 in a Nutshell
MySQL 5.7 in a NutshellMySQL 5.7 in a Nutshell
MySQL 5.7 in a NutshellEmily Ikuta
 
Clone Oracle Databases In Minutes Without Risk Using Enterprise Manager 13c
Clone Oracle Databases In Minutes Without Risk Using Enterprise Manager 13cClone Oracle Databases In Minutes Without Risk Using Enterprise Manager 13c
Clone Oracle Databases In Minutes Without Risk Using Enterprise Manager 13cAlfredo Krieg
 
Trivadis TechEvent 2017 How modern DBAs can use our efficient Toolbox by Rola...
Trivadis TechEvent 2017 How modern DBAs can use our efficient Toolbox by Rola...Trivadis TechEvent 2017 How modern DBAs can use our efficient Toolbox by Rola...
Trivadis TechEvent 2017 How modern DBAs can use our efficient Toolbox by Rola...Trivadis
 
Oracle Active Data Guard 12c New Features
Oracle Active Data Guard 12c New FeaturesOracle Active Data Guard 12c New Features
Oracle Active Data Guard 12c New FeaturesEmre Baransel
 
MySQL 5.7 NEW FEATURES, BETTER PERFORMANCE, AND THINGS THAT WILL BREAK -- Mid...
MySQL 5.7 NEW FEATURES, BETTER PERFORMANCE, AND THINGS THAT WILL BREAK -- Mid...MySQL 5.7 NEW FEATURES, BETTER PERFORMANCE, AND THINGS THAT WILL BREAK -- Mid...
MySQL 5.7 NEW FEATURES, BETTER PERFORMANCE, AND THINGS THAT WILL BREAK -- Mid...Dave Stokes
 
Avoid boring work_v2
Avoid boring work_v2Avoid boring work_v2
Avoid boring work_v2Marcin Przepiórowski
 
configuring+oracle+rds+with+glasfish+server
configuring+oracle+rds+with+glasfish+serverconfiguring+oracle+rds+with+glasfish+server
configuring+oracle+rds+with+glasfish+serverhunghtc83
 

Contenu connexe

Tendances

Security Best Practice: Oracle passwords, but secure!
Security Best Practice: Oracle passwords, but secure!Security Best Practice: Oracle passwords, but secure!
Security Best Practice: Oracle passwords, but secure!Stefan Oehrli
 
DOAG Oracle Database Vault
DOAG Oracle Database VaultDOAG Oracle Database Vault
DOAG Oracle Database VaultStefan Oehrli
 
UKOUG TechFest PDB Isolation and Security
UKOUG TechFest PDB Isolation and SecurityUKOUG TechFest PDB Isolation and Security
UKOUG TechFest PDB Isolation and SecurityStefan Oehrli
 
TechEvent EUS, Kerberos, SSL and OUD
TechEvent EUS, Kerberos, SSL and OUDTechEvent EUS, Kerberos, SSL and OUD
TechEvent EUS, Kerberos, SSL and OUDTrivadis
 
TechEvent Oracle 18c New Security Features
TechEvent Oracle 18c New Security FeaturesTechEvent Oracle 18c New Security Features
TechEvent Oracle 18c New Security FeaturesTrivadis
 
Database 12c is ready for you... Are you ready for 12c?
Database 12c is ready for you... Are you ready for 12c?Database 12c is ready for you... Are you ready for 12c?
Database 12c is ready for you... Are you ready for 12c?Performance Tuning Corporation
 
Oracle Cloud deployment with Terraform
Oracle Cloud deployment with TerraformOracle Cloud deployment with Terraform
Oracle Cloud deployment with TerraformStefan Oehrli
 
Oracle Unified Directory. Lessons learnt. Is it ready for a move from OID? (O...
Oracle Unified Directory. Lessons learnt. Is it ready for a move from OID? (O...Oracle Unified Directory. Lessons learnt. Is it ready for a move from OID? (O...
Oracle Unified Directory. Lessons learnt. Is it ready for a move from OID? (O...Andrejs Prokopjevs
 
DOAG Oracle Unified Audit in Multitenant Environments
DOAG Oracle Unified Audit in Multitenant EnvironmentsDOAG Oracle Unified Audit in Multitenant Environments
DOAG Oracle Unified Audit in Multitenant EnvironmentsStefan Oehrli
 
Create non-cdb (traditional) oracle database 12c on windows
Create non-cdb (traditional) oracle database 12c on windowsCreate non-cdb (traditional) oracle database 12c on windows
Create non-cdb (traditional) oracle database 12c on windowsBiju Thomas
 
12 Things about Oracle WebLogic Server 12c
12 Things about Oracle WebLogic Server 12c12 Things about Oracle WebLogic Server 12c
12 Things about Oracle WebLogic Server 12cGuatemala User Group
 
Using VirtualBox - Learn Oracle Database 12c and EBS R12
Using VirtualBox - Learn Oracle Database 12c and EBS R12Using VirtualBox - Learn Oracle Database 12c and EBS R12
Using VirtualBox - Learn Oracle Database 12c and EBS R12Biju Thomas
 
UKOUG Techfest 2019 Central user Administration of Oracle Databases
UKOUG Techfest 2019 Central user Administration of Oracle DatabasesUKOUG Techfest 2019 Central user Administration of Oracle Databases
UKOUG Techfest 2019 Central user Administration of Oracle DatabasesStefan Oehrli
 
MySQL 5.7 in a Nutshell
MySQL 5.7 in a NutshellMySQL 5.7 in a Nutshell
MySQL 5.7 in a NutshellEmily Ikuta
 
Clone Oracle Databases In Minutes Without Risk Using Enterprise Manager 13c
Clone Oracle Databases In Minutes Without Risk Using Enterprise Manager 13cClone Oracle Databases In Minutes Without Risk Using Enterprise Manager 13c
Clone Oracle Databases In Minutes Without Risk Using Enterprise Manager 13cAlfredo Krieg
 
Trivadis TechEvent 2017 How modern DBAs can use our efficient Toolbox by Rola...
Trivadis TechEvent 2017 How modern DBAs can use our efficient Toolbox by Rola...Trivadis TechEvent 2017 How modern DBAs can use our efficient Toolbox by Rola...
Trivadis TechEvent 2017 How modern DBAs can use our efficient Toolbox by Rola...Trivadis
 
Oracle Active Data Guard 12c New Features
Oracle Active Data Guard 12c New FeaturesOracle Active Data Guard 12c New Features
Oracle Active Data Guard 12c New FeaturesEmre Baransel
 
MySQL 5.7 NEW FEATURES, BETTER PERFORMANCE, AND THINGS THAT WILL BREAK -- Mid...
MySQL 5.7 NEW FEATURES, BETTER PERFORMANCE, AND THINGS THAT WILL BREAK -- Mid...MySQL 5.7 NEW FEATURES, BETTER PERFORMANCE, AND THINGS THAT WILL BREAK -- Mid...
MySQL 5.7 NEW FEATURES, BETTER PERFORMANCE, AND THINGS THAT WILL BREAK -- Mid...Dave Stokes
 

Tendances (20)

Oracle and Docker
Oracle and DockerOracle and Docker
Oracle and Docker
 
Security Best Practice: Oracle passwords, but secure!
Security Best Practice: Oracle passwords, but secure!Security Best Practice: Oracle passwords, but secure!
Security Best Practice: Oracle passwords, but secure!
 
DOAG Oracle Database Vault
DOAG Oracle Database VaultDOAG Oracle Database Vault
DOAG Oracle Database Vault
 
UKOUG TechFest PDB Isolation and Security
UKOUG TechFest PDB Isolation and SecurityUKOUG TechFest PDB Isolation and Security
UKOUG TechFest PDB Isolation and Security
 
TechEvent EUS, Kerberos, SSL and OUD
TechEvent EUS, Kerberos, SSL and OUDTechEvent EUS, Kerberos, SSL and OUD
TechEvent EUS, Kerberos, SSL and OUD
 
TechEvent Oracle 18c New Security Features
TechEvent Oracle 18c New Security FeaturesTechEvent Oracle 18c New Security Features
TechEvent Oracle 18c New Security Features
 
Database 12c is ready for you... Are you ready for 12c?
Database 12c is ready for you... Are you ready for 12c?Database 12c is ready for you... Are you ready for 12c?
Database 12c is ready for you... Are you ready for 12c?
 
Oracle Cloud deployment with Terraform
Oracle Cloud deployment with TerraformOracle Cloud deployment with Terraform
Oracle Cloud deployment with Terraform
 
Oracle Unified Directory. Lessons learnt. Is it ready for a move from OID? (O...
Oracle Unified Directory. Lessons learnt. Is it ready for a move from OID? (O...Oracle Unified Directory. Lessons learnt. Is it ready for a move from OID? (O...
Oracle Unified Directory. Lessons learnt. Is it ready for a move from OID? (O...
 
DOAG Oracle Unified Audit in Multitenant Environments
DOAG Oracle Unified Audit in Multitenant EnvironmentsDOAG Oracle Unified Audit in Multitenant Environments
DOAG Oracle Unified Audit in Multitenant Environments
 
Postgre sql best_practices
Postgre sql best_practicesPostgre sql best_practices
Postgre sql best_practices
 
Create non-cdb (traditional) oracle database 12c on windows
Create non-cdb (traditional) oracle database 12c on windowsCreate non-cdb (traditional) oracle database 12c on windows
Create non-cdb (traditional) oracle database 12c on windows
 
12 Things about Oracle WebLogic Server 12c
12 Things about Oracle WebLogic Server 12c12 Things about Oracle WebLogic Server 12c
12 Things about Oracle WebLogic Server 12c
 
Using VirtualBox - Learn Oracle Database 12c and EBS R12
Using VirtualBox - Learn Oracle Database 12c and EBS R12Using VirtualBox - Learn Oracle Database 12c and EBS R12
Using VirtualBox - Learn Oracle Database 12c and EBS R12
 
UKOUG Techfest 2019 Central user Administration of Oracle Databases
UKOUG Techfest 2019 Central user Administration of Oracle DatabasesUKOUG Techfest 2019 Central user Administration of Oracle Databases
UKOUG Techfest 2019 Central user Administration of Oracle Databases
 
MySQL 5.7 in a Nutshell
MySQL 5.7 in a NutshellMySQL 5.7 in a Nutshell
MySQL 5.7 in a Nutshell
 
Clone Oracle Databases In Minutes Without Risk Using Enterprise Manager 13c
Clone Oracle Databases In Minutes Without Risk Using Enterprise Manager 13cClone Oracle Databases In Minutes Without Risk Using Enterprise Manager 13c
Clone Oracle Databases In Minutes Without Risk Using Enterprise Manager 13c
 
Trivadis TechEvent 2017 How modern DBAs can use our efficient Toolbox by Rola...
Trivadis TechEvent 2017 How modern DBAs can use our efficient Toolbox by Rola...Trivadis TechEvent 2017 How modern DBAs can use our efficient Toolbox by Rola...
Trivadis TechEvent 2017 How modern DBAs can use our efficient Toolbox by Rola...
 
Oracle Active Data Guard 12c New Features
Oracle Active Data Guard 12c New FeaturesOracle Active Data Guard 12c New Features
Oracle Active Data Guard 12c New Features
 
MySQL 5.7 NEW FEATURES, BETTER PERFORMANCE, AND THINGS THAT WILL BREAK -- Mid...
MySQL 5.7 NEW FEATURES, BETTER PERFORMANCE, AND THINGS THAT WILL BREAK -- Mid...MySQL 5.7 NEW FEATURES, BETTER PERFORMANCE, AND THINGS THAT WILL BREAK -- Mid...
MySQL 5.7 NEW FEATURES, BETTER PERFORMANCE, AND THINGS THAT WILL BREAK -- Mid...
 

Similaire à IaC MeetUp Active Directory Setup for Oracle Security LAB

configuring+oracle+rds+with+glasfish+server
configuring+oracle+rds+with+glasfish+serverconfiguring+oracle+rds+with+glasfish+server
configuring+oracle+rds+with+glasfish+serverhunghtc83
 
DCSF 19 Building Your Development Pipeline
DCSF 19 Building Your Development Pipeline DCSF 19 Building Your Development Pipeline
DCSF 19 Building Your Development Pipeline Docker, Inc.
 
20160307 apex on_the_rocks
20160307 apex on_the_rocks20160307 apex on_the_rocks
20160307 apex on_the_rocksMT AG
 
Running Oracle EBS in the cloud (OAUG Collaborate 18 edition)
Running Oracle EBS in the cloud (OAUG Collaborate 18 edition)Running Oracle EBS in the cloud (OAUG Collaborate 18 edition)
Running Oracle EBS in the cloud (OAUG Collaborate 18 edition)Andrejs Prokopjevs
 
AWS Webcast - Build Agile Applications in AWS Cloud for Government
AWS Webcast - Build Agile Applications in AWS Cloud for GovernmentAWS Webcast - Build Agile Applications in AWS Cloud for Government
AWS Webcast - Build Agile Applications in AWS Cloud for GovernmentAmazon Web Services
 
Using Docker EE to Scale Operational Intelligence at Splunk
Using Docker EE to Scale Operational Intelligence at SplunkUsing Docker EE to Scale Operational Intelligence at Splunk
Using Docker EE to Scale Operational Intelligence at SplunkDocker, Inc.
 
MySQL Document Store
MySQL Document StoreMySQL Document Store
MySQL Document StoreMario Beck
 
Con11257 schifano con11257-best practices for deploying highly scalable virtu...
Con11257 schifano con11257-best practices for deploying highly scalable virtu...Con11257 schifano con11257-best practices for deploying highly scalable virtu...
Con11257 schifano con11257-best practices for deploying highly scalable virtu...Berry Clemens
 
TechEvent 2019: DB, CMU and EUS engineering with vagrant; Stefan Oehrli - Tri...
TechEvent 2019: DB, CMU and EUS engineering with vagrant; Stefan Oehrli - Tri...TechEvent 2019: DB, CMU and EUS engineering with vagrant; Stefan Oehrli - Tri...
TechEvent 2019: DB, CMU and EUS engineering with vagrant; Stefan Oehrli - Tri...Trivadis
 
Developing with-devstack
Developing with-devstackDeveloping with-devstack
Developing with-devstackDeepak Garg
 
Moving your APEX app to the Oracle Exadata Express Cloud
Moving your APEX app to the Oracle Exadata Express CloudMoving your APEX app to the Oracle Exadata Express Cloud
Moving your APEX app to the Oracle Exadata Express CloudDimitri Gielis
 
Continuous Integration & Continuous Delivery
Continuous Integration & Continuous DeliveryContinuous Integration & Continuous Delivery
Continuous Integration & Continuous DeliveryDatabricks
 
Extensible dev secops pipelines with Jenkins, Docker, Terraform, and a kitche...
Extensible dev secops pipelines with Jenkins, Docker, Terraform, and a kitche...Extensible dev secops pipelines with Jenkins, Docker, Terraform, and a kitche...
Extensible dev secops pipelines with Jenkins, Docker, Terraform, and a kitche...Richard Bullington-McGuire
 
0396 oracle-goldengate-12c-tutorial
0396 oracle-goldengate-12c-tutorial0396 oracle-goldengate-12c-tutorial
0396 oracle-goldengate-12c-tutorialKlausePaulino
 
J1 T1 3 - Azure Data Lake store & analytics 101 - Kenneth M. Nielsen
J1 T1 3 - Azure Data Lake store & analytics 101 - Kenneth M. NielsenJ1 T1 3 - Azure Data Lake store & analytics 101 - Kenneth M. Nielsen
J1 T1 3 - Azure Data Lake store & analytics 101 - Kenneth M. NielsenMS Cloud Summit
 
Single Sign-On for APEX apps (Important: latest version on edocr!)
Single Sign-On for APEX apps (Important: latest version on edocr!)Single Sign-On for APEX apps (Important: latest version on edocr!)
Single Sign-On for APEX apps (Important: latest version on edocr!)Niels de Bruijn
 
Practical guide to Oracle Virtual environments
Practical guide to Oracle Virtual environmentsPractical guide to Oracle Virtual environments
Practical guide to Oracle Virtual environmentsNelson Calero
 
APEX richtig installieren und konfigurieren
APEX richtig installieren und konfigurierenAPEX richtig installieren und konfigurieren
APEX richtig installieren und konfigurierenOliver Lemm
 

Similaire à IaC MeetUp Active Directory Setup for Oracle Security LAB (20)

Avoid boring work_v2
Avoid boring work_v2Avoid boring work_v2
Avoid boring work_v2
 
configuring+oracle+rds+with+glasfish+server
configuring+oracle+rds+with+glasfish+serverconfiguring+oracle+rds+with+glasfish+server
configuring+oracle+rds+with+glasfish+server
 
DCSF 19 Building Your Development Pipeline
DCSF 19 Building Your Development Pipeline DCSF 19 Building Your Development Pipeline
DCSF 19 Building Your Development Pipeline
 
20160307 apex on_the_rocks
20160307 apex on_the_rocks20160307 apex on_the_rocks
20160307 apex on_the_rocks
 
What is this "docker"
What is this "docker" What is this "docker"
What is this "docker"
 
Running Oracle EBS in the cloud (OAUG Collaborate 18 edition)
Running Oracle EBS in the cloud (OAUG Collaborate 18 edition)Running Oracle EBS in the cloud (OAUG Collaborate 18 edition)
Running Oracle EBS in the cloud (OAUG Collaborate 18 edition)
 
AWS Webcast - Build Agile Applications in AWS Cloud for Government
AWS Webcast - Build Agile Applications in AWS Cloud for GovernmentAWS Webcast - Build Agile Applications in AWS Cloud for Government
AWS Webcast - Build Agile Applications in AWS Cloud for Government
 
Using Docker EE to Scale Operational Intelligence at Splunk
Using Docker EE to Scale Operational Intelligence at SplunkUsing Docker EE to Scale Operational Intelligence at Splunk
Using Docker EE to Scale Operational Intelligence at Splunk
 
MySQL Document Store
MySQL Document StoreMySQL Document Store
MySQL Document Store
 
Con11257 schifano con11257-best practices for deploying highly scalable virtu...
Con11257 schifano con11257-best practices for deploying highly scalable virtu...Con11257 schifano con11257-best practices for deploying highly scalable virtu...
Con11257 schifano con11257-best practices for deploying highly scalable virtu...
 
TechEvent 2019: DB, CMU and EUS engineering with vagrant; Stefan Oehrli - Tri...
TechEvent 2019: DB, CMU and EUS engineering with vagrant; Stefan Oehrli - Tri...TechEvent 2019: DB, CMU and EUS engineering with vagrant; Stefan Oehrli - Tri...
TechEvent 2019: DB, CMU and EUS engineering with vagrant; Stefan Oehrli - Tri...
 
Developing with-devstack
Developing with-devstackDeveloping with-devstack
Developing with-devstack
 
Moving your APEX app to the Oracle Exadata Express Cloud
Moving your APEX app to the Oracle Exadata Express CloudMoving your APEX app to the Oracle Exadata Express Cloud
Moving your APEX app to the Oracle Exadata Express Cloud
 
Continuous Integration & Continuous Delivery
Continuous Integration & Continuous DeliveryContinuous Integration & Continuous Delivery
Continuous Integration & Continuous Delivery
 
Extensible dev secops pipelines with Jenkins, Docker, Terraform, and a kitche...
Extensible dev secops pipelines with Jenkins, Docker, Terraform, and a kitche...Extensible dev secops pipelines with Jenkins, Docker, Terraform, and a kitche...
Extensible dev secops pipelines with Jenkins, Docker, Terraform, and a kitche...
 
0396 oracle-goldengate-12c-tutorial
0396 oracle-goldengate-12c-tutorial0396 oracle-goldengate-12c-tutorial
0396 oracle-goldengate-12c-tutorial
 
J1 T1 3 - Azure Data Lake store & analytics 101 - Kenneth M. Nielsen
J1 T1 3 - Azure Data Lake store & analytics 101 - Kenneth M. NielsenJ1 T1 3 - Azure Data Lake store & analytics 101 - Kenneth M. Nielsen
J1 T1 3 - Azure Data Lake store & analytics 101 - Kenneth M. Nielsen
 
Single Sign-On for APEX apps (Important: latest version on edocr!)
Single Sign-On for APEX apps (Important: latest version on edocr!)Single Sign-On for APEX apps (Important: latest version on edocr!)
Single Sign-On for APEX apps (Important: latest version on edocr!)
 
Practical guide to Oracle Virtual environments
Practical guide to Oracle Virtual environmentsPractical guide to Oracle Virtual environments
Practical guide to Oracle Virtual environments
 
APEX richtig installieren und konfigurieren
APEX richtig installieren und konfigurierenAPEX richtig installieren und konfigurieren
APEX richtig installieren und konfigurieren
 

Plus de Stefan Oehrli

OracleBeer_Terraform_soe.pdf
OracleBeer_Terraform_soe.pdfOracleBeer_Terraform_soe.pdf
OracleBeer_Terraform_soe.pdfStefan Oehrli
 
SOUG Oracle Unified Audit for Multitenant Databases
SOUG Oracle Unified Audit for Multitenant DatabasesSOUG Oracle Unified Audit for Multitenant Databases
SOUG Oracle Unified Audit for Multitenant DatabasesStefan Oehrli
 
Trivadis triCast Oracle Centrally Managed Users 18/19c
Trivadis triCast Oracle Centrally Managed Users 18/19cTrivadis triCast Oracle Centrally Managed Users 18/19c
Trivadis triCast Oracle Centrally Managed Users 18/19cStefan Oehrli
 
AOUG 2019 Oracle Centrally Managed Users 18c / 19c
AOUG 2019 Oracle Centrally Managed Users 18c / 19cAOUG 2019 Oracle Centrally Managed Users 18c / 19c
AOUG 2019 Oracle Centrally Managed Users 18c / 19cStefan Oehrli
 
DOAG Webinar Oracle und Docker
DOAG Webinar Oracle und DockerDOAG Webinar Oracle und Docker
DOAG Webinar Oracle und DockerStefan Oehrli
 

Plus de Stefan Oehrli (6)

OracleBeer_Terraform_soe.pdf
OracleBeer_Terraform_soe.pdfOracleBeer_Terraform_soe.pdf
OracleBeer_Terraform_soe.pdf
 
SOUG Oracle Unified Audit for Multitenant Databases
SOUG Oracle Unified Audit for Multitenant DatabasesSOUG Oracle Unified Audit for Multitenant Databases
SOUG Oracle Unified Audit for Multitenant Databases
 
Trivadis triCast Oracle Centrally Managed Users 18/19c
Trivadis triCast Oracle Centrally Managed Users 18/19cTrivadis triCast Oracle Centrally Managed Users 18/19c
Trivadis triCast Oracle Centrally Managed Users 18/19c
 
Oracle und Docker
Oracle und DockerOracle und Docker
Oracle und Docker
 
AOUG 2019 Oracle Centrally Managed Users 18c / 19c
AOUG 2019 Oracle Centrally Managed Users 18c / 19cAOUG 2019 Oracle Centrally Managed Users 18c / 19c
AOUG 2019 Oracle Centrally Managed Users 18c / 19c
 
DOAG Webinar Oracle und Docker
DOAG Webinar Oracle und DockerDOAG Webinar Oracle und Docker
DOAG Webinar Oracle und Docker
 

Dernier

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 

Dernier (20)

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 

IaC MeetUp Active Directory Setup for Oracle Security LAB

  • 1. IaC Meetup – LAB Environments Stefan Oehrli 2021.09.16
  • 2. HALLO, GRÜESSECH, HI! STEFAN OEHRLI PLATFORM ARCHITECT § Since 1997 active in various IT areas § More than 24 years of experience in Oracle databases § Focus: Protecting data and operating databases securely o Security assessments and reviews o Database security concepts and their implementation o Oracle Backup & Recovery concepts and troubleshooting o Oracle Enterprise User and Advanced Security, DB Vault, … o Oracle Directory Services § Co-author of the book The Oracle DBA (Hanser, 2016/07)
  • 3.
  • 5. AGENDA § Introduction § A set of scripts to rule them all § Trivadis LAB Company § AD Scripts § Vagrant § Oracle Init Scripts § Docker § Terraform § Use Cases § Conclusion
  • 7. MOTIVATION Training, testing and engineering are part of everyday life in IT § Onboarding new employees § Specific employee training or self-study § Regular training of operating activities o validate disaster recovery o Train backup & recovery use cases § PoC environment for complex architectures § Or simply the latest feature
  • 8. BUT WE DO HAVE A TEST SYSTEM... 8 … indeed, but it is ... § … currently being used by someone else § … under maintenance § … not up to date § … not configured appropriately § … not scalable (number of concurrent users) § … not scalable (system resources) Time for engineering / training is limited and most of the time you don't want to spend it on setup task. Source: Stefan Oehrli, CERN LHC Data Center
  • 9. SOLUTION APPROACHES 9 § Flexibility through large on-premises setup o Fixed costs? § VM local or on-premises environments § Cloud Lab and Engineering environment o Manual setup? Click, click, J § Establish or reuse of IT automation o Scripts, Ansible, Puppet,… § What about know-how on trainings itself? But why not a setup using IaC? Source: Stefan Oehrli, CERN LHC
  • 10. ORACLE MAXIMUM DATA SECURITY ARCHITECTURE 10
  • 11. WORKING WITH ORACLE SECURITY FEATURES 11 § Dependencies on other infrastructure components e.g., o MS Active Directory o Oracle Directory / LDAP Server § Focus on testing, engineering of features o No time setup the LAB § Possibility to test different variants and versions o Does Kerberos authentication still work with Oracle 19c? o New config required?
  • 12. WHERE TO PUT THE LAB? 12 Cloud based would be state of the art… § Availability of resources § Scalability § Pay as you go Business Travels perfect time to... § Test new features § Troubleshoot / reproduce issues Have you ever tried working in the cloud while traveling on the ICE from Zurich to Stuttgart? § Being offline for 30m and longer is common
  • 13. BUCKET LIST FOR THE ENGINEERING LAB 13 qOracle Database Server with the latest Oracle Binaries qTest Database preferable with Container database and single tenant database qSome fancy test schema. qOptional additional Oracle Database Server with other releases. qOracle Unified Directory Server to setup an LDAP and configure EUS or Oracle Names resolution. qActive Directory Server matching my fancy test schema somehow qKDC for Kerberos Authentication q….
  • 14. 14 A set of scripts to rule them all
  • 15. STAY FLEXIBLE - DIFFERENT APPROACHES 15 Set of common scripts § Public available in GitHub § Reusable for different implementation § Manual to fully automatic setups
  • 16. GITHUB REPOSITORIES 16 § Vagrant Configuration trivadislabs.com § AD Setup scripts ad-lab § Oracle Database Init Scripts oradba_init § Docker Oracle Engineering doe § Docker Build Scripts for Oracle docker § A couple Terraform Modules e.g., o Trivadis/terraform-oci-tvdlab-bastion o Trivadis/terraform-oci-tvdlab-host
  • 23. BUT WAIT, WHY NOT…. 23 Why stay on plain Bash / PowerShell Scripts? § There was no bigger picture / plan § Now initial roadmap § Historically grown o based on own needs / requirements § Lack of experience with Ansible, Puppet, etc. If I still would do it in plain script? § In the meantime, I would probably use a tool Contribution to those projects is highly welcome
  • 25. TRIVADIS LAB COMPANY § Engineering of User / Roles concepts requires data o dump of production data is usually "below optimal” § The fictitious company Trivadis Lab serves as a training vehicle § Company with different departments o Misc Groups and Oranisational Units OU § Oracle Database Schema TVD_HR does match the organization o Oracle Virtual Private Database o Oracle Enterprise Security
  • 27. DEPARTMENTS 27 ID Department Distinguished Name (DN) 10 Senior Management ou=Senior Management,ou=People,dc=trivadislabs,dc=com 20 Accounting ou=Accounting,ou=People,dc=trivadislabs,dc=com 30 Research ou=Research,ou=People,dc=trivadislabs,dc=com 40 Sales ou=Sales,ou=People,dc=trivadislabs,dc=com 50 Operations ou=Operations,ou=People,dc=trivadislabs,dc=com 60 Information Technology ou=Information Technology,ou=People,dc=trivadislabs,dc=com 70 Human Resources ou=Human Resources,ou=People,dc=trivadislabs,dc=com
  • 28. GROUPS 28 Group Distinguished Name (DN) Description Trivadis LAB APP Admins ou=Trivadis LAB APP Admins,ou=Groups,dc=trivadislabs,dc=com Application Administrators Trivadis LAB DB Admins ou=Trivadis LAB DB Admins,ou=Groups,dc=trivadislabs,dc=com DB Admins from IT department Trivadis LAB Developers ou=Trivadis LAB Developers,ou=Groups,dc=trivadislabs,dc=com Developers from the Research Department Trivadis LAB Management ou=Trivadis LAB Management,ou=Groups,dc=trivadislabs,dc=com Management and Managers Trivadis LAB System Admins ou=Trivadis LAB System Admins,ou=Groups,dc=trivadislabs,dc=com System Admins from IT Department Trivadis LAB Users ou=Trivadis LAB Users,ou=Groups,dc=trivadislabs,dc=com All Users
  • 30. AD-LAB – POWERSHELL SCRIPTS 30 § Set of PowerShell scripts to setup AD and some Tools § Step by step setup and configuration o Sequence in file name o Not every step is necessary § Script 00_init_environment.ps1 is sourced in any script § Dedicated configuration file o Allows customization e.g., IP, Domain Name etc. § Direct download of AD-LAB in your setup $StageFolder = "C:stage" $GitHubURL = "https://github.com/oehrlis/ad-lab/archive/refs/heads/main.zip" New-Item -ItemType Directory -Force -Path $StageFolder Invoke-WebRequest -Uri $GitHubURL -OutFile "$StageFoldermain.zip"
  • 31. CUSTOMIZATION 31 scripts/00_init_environment.ps1 config/default_configuration.txt § Update the default configuration file prior initiating the scripts § Modify the 00_init_environment.ps1 § Password are usually generated o Can be predefined in default_pwd_windows.txt
  • 32. SCRIPTS PART I 32 § 00_init_environment.ps1 script to Initialize and configure the default values. § 01_install_ad_role.ps1 PowerShell script to install MS Active Directory server role § 11_config_ad.ps1 PowerShell script to configure Active Directory § 12_config_dns.ps1 PowerShell script to configure DNS server § 13_config_ca.ps1 Script to configure Certification Authority § 19_sum_up_ad.ps1 PowerShell script to display a summary of Active Directory Domain and install Windows updates § 22_install_chocolatey.ps1 PowerShell script to install Chocolatey package manager
  • 33. SCRIPTS PART II 33 § 27_config_cmu.ps1 PowerShell script to configure CMU on MS Active Directory § 28_config_misc.ps1 PowerShell script to configure NAT zone records for AD domain § 28_install_oracle_client.ps1 PowerShell script to install the Oracle Client § 99_template.ps1 PowerShell template for other scripts § 40_reset_ad_users.ps1 PowerShell script to reset all domain user password Although the script 27_config_cmu.ps1 and 28_install_oracle_client.ps1 are just skeletons.
  • 34. A FEW NOTES 34 § I am not a Windows specialist § There is certainly room for improvement in the scripts o Error handling, logging, automation, etc. § Windows is sometimes mmh… o … not my best friend § Certain configuration require a delay until they can be executed o Services must be available o Certification authority CA could not be setup at an early stage o I do not understand every reboot § Not sure if this AD configuration does meet common best practice o It does work for my use cases
  • 36. BASE IMAGES 36 § Oracle Enterprise Linux as base Images for Oracle Databases o https://yum.oracle.com/boxes/ o Carefree package for Oracle DB’s o Linux optimization is / was not my goal § Windows Based VMs using images from the vagrant cloud o Stefan Scherer did maintain a bunch of different images https://app.vagrantup.com/StefanScherer o Ready to use with all kind of preconfigured e.g., WinRM o Based on the development License i.e., the images will not work after 180 renewal is possible.
  • 37. TRIVADIS LAB 37 § Virtualbox based test and engineering environment § Infrastructure as Code with Vagrant o Vagrant Scripts available in GitHub Repository https://github.com/oehrlis/trivadislabs.com § Requires Vagrant, Virtualbox and the various images, software etc. o HashiCorp Vagrant https://www.vagrantup.com o Oracle VM Virtualbox https://www.virtualbox.org/wiki/Downloads § Different VM for different applications o win2019ad.trivadislabs.com Windows 2019 Active Directory o ol7oud12.trivadislabs.com Oracle Unified Directory Server 12c o ol7db21.trivadislabs.com Oracle DB Server with 21c o As well VMs for Oracle DB Server 19c, 18c, 12c and 11g
  • 38. VAGRANT BASE LAB ENVRIONMENT
  • 39. TRIVADIS LAB STRUCTURE 39 § All VM share a common config and script folder o Generic setup scripts o Vagrant config file vagrant.yml o Folder mounted as /vagrant_common § Dedicate folder for Lab and demo scripts o Folder mounted as /vagrant_labs § Dedicate vagrant folder for each VM o Location of the vagrant file o Software like Oracle binaries / RU o Specific Setup and configuration scripts o Folder mounted as /vagrant § Oracle 11g VM is also available Common config and scripts Lab and demos scripts 12g DB VM specific stuff 18c DB VM specific stuff 19c DB VM specific stuff OUD VM specific stuff Windows VM specific stuff
  • 40. VAGRANT CONFIG FILE 40 # - Configuration ------------------------------------------------ params = YAML.load_file '../common/config/vagrant.yml' # shared configuration var_default_password= params['common']['default_password'] # Configuration valid for AD server win2019ad: box: StefanScherer/windows_2019 vm_name: win2019ad § YAML based configuration file vagrant.yml § Define common but also VM specific stuff like hostname, IP addresses, VM names, DB Version scripts and much more § Loaded in each Vagrant file to load config § Can be sourced with 00_init_environment.sh to load values from Vagrant config file
  • 41. COMMON CONFIG SCRIPTS PART I 41 Generic configuration scripts. Primarily used for OUD and DB VMs § 00_init_environment.sh Init script to source the Vagrant config values as variables § 01_common_setup_os_db.sh Configure OS of DB VM § 01_common_setup_os_oud.shConfigure OS of OUD VM § 10_install_binaries.sh Wrapper script to install Oracle binaries. oradba_init scripts from GitHub are used to do the installation § 11_install_basenv.sh Wrapper script to install Trivadis BasEnvTM § 12_config_tnsadmin.sh Configure TNS Admin related stuff
  • 42. COMMON CONFIG SCRIPTS PART II 42 § 12_config_tnsadmin.sh Configure TNS Admin related stuff § 20_create_databases.sh Wrapper script to setup the Oracle DB’s § 80_create_tvd_hr_pdb1.sqlSQL script to install TVD_HR schema in a Container DB § 81_create_tvd_hr.sql SQL script to install TVD_HR schema
  • 43. VAGRANT FILE 43 § Each VM hast its own Vagrant file Vagrantfile § The file contains all information how the VM should be setup o VM memory and CPU configuration o Shared folder configuration o Setup respectively provisioning scripts § Configuration is loaded from the Vagrant config file vagrant.yml o Corresponding values are loaded as variables § A few things can easily be configured. Complex disk and network configuration a bit tricky § the easiest thing is to just look at a file…
  • 44. DB VM BUILD PROCESS 44 § VM is based on the official Oracle Vagrant box § Resources 4GB, 2 CPU and a simple disk § Setup from OS config up to DB creation: o 01_common_setup_os_db.sh o 10_install_binaries.sh o 11_install_basenv.sh o 12_config_tnsadmin.sh o 20_create_databases.sh § Up and ready in about 20min depending on network speed and Host performance
  • 45. OUD VM BUILD PROCESS 45 § VM is based on the official Oracle Vagrant box § Resources 1GB, 1 CPU and a simple disk § Setup OS config and binary installation: o 01_common_setup_os_oud.sh o 10_install_binaries.sh § Currently on OUD instance configuration § Up and ready in about 10min depending on network speed and Host performance
  • 46. WINDOWS AD VM BUILD PROCESS 46 § VM is based on Stefan Scherer windows_2016 box on the Vagrant cloud § Resources 1GB, 1 CPU and a simple disk o 00_init_ad-lab.ps1 o 01_config_ad-lab_part1.ps1 o 02_config_ad-lab_part2.ps1 o 03_config_ad-lab_part3.ps1 § Up and ready in about 10min depending on network speed and Host performance
  • 47. REQUIREMENTS IN DETAIL 47 § Vagrant Scripts available in GitHub Repository https://github.com/oehrlis/trivadislabs.com § Vagrant CLI Vagrant https://www.vagrantup.com § Vagrant Plugin vagrant-reload used for releoad / reboot during provisioning of VM § Vagrant Box or base images. o These will be downloaded during initial config of VM o Windows base Image is about 4G and will take while § Oracle VM Virtualbox https://www.virtualbox.org/wiki/Downloads § Oracle Binaries and Patch as ZIP files o Check the *.download files for the download information and links § Last but not least a little memory, disk and CPU resources
  • 48. VAGRANT IN A NUTSHELL 48 cd win2016ad vagrant up git clone https://github.com/oehrlis/trivadislabs.com.git § Clone Git Repository § Copy the corresponding Oracle software into the ../software directories § Initial starting and provisioning of the VM (win2016ad, ol7db18, ol7db19 ol7oud12,…) vagrant ssh sudo su – oracle vagrant rdp § Access via vagrant ssh or rdp
  • 49. SUMMARY 49 § Vagrant allows to building reproducible Lab environments § A lot is possible but not yet everything o Complex network configuration o Highly customized storage configuration § There are still a few miles to go to have all 100% automated § The current setup allows to focus on engineering… … without spending hours on setups. § If you screw it up just rebuild it!
  • 51. ORACLE INIT SCRIPTS § Bunch of Bash Scripts to install / configure Oracle Databases o Rather simple configuration via environment variables o Focus on Linux and Oracle setups o Includes response files to create databases § Initially setup for Oracle Docker container § Now used for… o ... Manually deployments and installation on-premises o … Vagrant setups o … Docker Images / Container o … Terraform bootstrap of cloud Database Resources § Strong integration with Docker, Vagrant and Terraform configuration
  • 53. SETUP ORACLE DATABASE § Prepare the OS environment for an Oracle installation o Install the oracle-database-preinstall-19c o Create oracle user / groups / directories o … § Install the Oracle binaries including additional RU’s § Adjust the environment, SQLNet, Listener etc. § Create a database using DBCA or custom scripts § Configure database and database features § Add a couple of customization Quite some work, isn’t it? Time to simplify your setup using Docker images Source: https://www.docker.com
  • 54. OPTIONS TO BUILD ORACLE DATABASE IMAGES PART I 54 § Use the official pre build Docker image provide by Oracle on https://container-registry.oracle.com/ o Limited release / version available e.g. no RU / No customization o Images are based on https://github.com/oracle/docker-images § Use third party pre build Docker images for Oracle Databases o Not supported. o Providing Oracle software for download not allowed at all.
  • 55. OPTIONS TO BUILD ORACLE DATABASE IMAGES PART II 55 § Build you own Oracle Database Images based on https://github.com/oracle/docker-images o Does provide build scripts for a couple of Oracle Products including Oracle Database RAC § Build you own Oracle Database Images based https://github.com/oehrlis/docker o Similar approach as Oracle with a couple of customization. § Start with your own build environment from scratch or based on a project above or any other like ORACLE-BASE and much more on GitHub
  • 56. ORADBA BUILD SCRIPTS 56 § The GitHub Repository oehrlis/docker does provide a bunch of alternative build Scripts. o Similar approach as Oracle with a couple of customization. o Continuously developed and improved. o Some improvements are added as pull requests to the official Oracle Docker build scripts. E.g. Oracle Unified Directory build scripts. § OraDBA GitHub Repository does include build scripts for the following product / version o Oracle Unified Directory (11.1.2.3.x, 12.2.1.3.x and 12.2.1.4.x) o Oracle Database Server EE 11g-21c with any kind of PSU/RU § The build scripts are modified at least every quarter to include the latest Oracle Critical Patch Updates.
  • 57. USING ORADBA BUILD SCRIPTS 57 ./common/buildDB.sh 19.0.0.0 git clone https://github.com/oehrlis/docker.git docker § Clone the Oracle GitHub Repository § Download the required Oracle binary package. See the software/*.download files § Run the build wrapper script buildDB.sh or buildAllDB.sh docker build –t oracle/database:19.5.0.0 . docker build –t oracle/database:18.6.0.0 –f 18.6.0.0.Dockerfile . § Alternatively run docker build manually § Oracle does provide similar build script for different version as well Oracle editions.
  • 59. PROCEDURE FOR CONTAINER START 59 § 50_run_database.sh checks the volume and starts the database with… § 50_start_database.sh starts the listener and the database instance § 52_create_database.sh creates a database with the dbca. § 55_config_database.sh checks whether configuration files (*.sh or *.sql) are present o ${INSTANCE_INIT}/setup o ${INSTANCE_INIT}/startup § 55_check_database.sh
  • 60. CONTAINER SCRIPTS 60 § 50_run_database.sh checks the volume and starts the database with… o 50_start_database.sh If no database exists, the script o 52_create_database.sh is called § 50_start_database.sh starts the listener and the database instance § 52_create_database.sh creates a database with the dbca. Base parameters can be adjusted with environment variables § 55_config_database.sh checks whether configuration files (*.sh or *.sql) are present in the directory ${INSTANCE_INIT}/setup or ${INSTANCE_INIT}/startup respectively. § 55_check_database.sh is used for the health check of the Docker container and checks the status of the database instance
  • 61. DOCKERIZED TESTS AT ANY PRICE? 61 But does everything make sense? § Performance test? § Complex test with high workload? § Tests with very large data sets? It depends… § Docker in particular its volumes are not high performance § Hardware-dependent tests do not make sense. § It takes time to create large and comprehensive databases. In general, do not test what is outside the scope of a Docker platform. Image Credit: Docker Inc. / Laurel Duermaël
  • 63. OCI BASED LABS Oracle Cloud § Run the LAB environment § Scale resources or environments Initialisation § Bootstrap scripts or Ansible workflows § Configure DBs, LAB etc. Terraform § plan, apply, destroy the env § Command line, Build Pipeline, OCI Stack Git as the basis for the code § Terraform Code § Setup Scripts § LAB / Training documentation Infrastructure as Code in GIT Terraform Configuration Oracle Cloud Infrastructure System Initialisation
  • 65. IDEA FOR A NEW ENVIRONMENT 65
  • 69. SYSTEM ACCESS 69 Different access paths § Direct via public IP addresses § Bastion Host o Public IP address o SSH access (putty, OpenSSH, etc) o Port forwarding o Apache Guacamole Remote Desktop § VPN Access o OpenVPN o Site2Site VPN
  • 70. EXAMPLE ARCHITECTURE – ORACLE SECURITY TRAINING 70
  • 71. TERRAFORM BOOTSTRAP AND WINDOWS 71 § Not yet best friends § Full automated bootstrap does not work o Reboot required § Manual or semi automated approach required.
  • 73. ORACLE PATCH AND RELEASE UPDATES 73 Background § It can happen that you have to patch Oracle databases. § Critical Patch Updates, Release Updates, one-off Patch Idea § Build dedicated Docker images (tags!) for the different RU § Use the persistent volume with a new Docker database containers e.g. 19.4.0.0 to 19.5.0.0 Solution § Add a script to startup which run’s datapatch on every database start. § Allows to apply and remove release updates. § Drawback slow down Container startup. Could be workaround by adding script only when required § https://github.com/oehrlis/docker/tree/master/samples/patch
  • 74. DATABASE UPGRADE 74 Idea § Build dedicated Docker images for the different major releases. § Use the persistent volume with a new Docker database container Problem § Database upgrades are not straight forward. § Some scripts must be executed with old binaries were others with new binaries. Solution § Not as easy as release updates. § Upgrade process must be split in pre and post tasks. § Pre-task have to be executed before the old container is stopped. § The Oracle datafiles do not show in which upgrade state they are.
  • 75. UNIFIED AUDIT 75 Background for Use Case Unified Audit § Customer Project to engineer Oracle Unified Audit for a PDB environment. § Struggle with a couple of bug and other challenges. Idea testing Unified Audit § Be able to test a similar setup with Versions § Test dedicated one-off patch § Test multitenant and single tenant databases Solution approach § Add script to container setup folder to enable and configure unified audit. § Add script to container startup to check and enable unified audit. § https://github.com/oehrlis/docker/tree/master/samples/audit
  • 76. CENTRALLY MANAGED USERS Background § New Oracle security feature introduced with Oracle 18c § Simple replacement of Oracle Enterprise User Security Idea § Setup a test environment based on Oracle Database § Use docker-compose to simplify setup Solution § Add scripts to setup sample schema § Add scripts to configure CMU § Requires preparation on Active Directory § https://github.com/oehrlis/docker/tree/master/samples/cmu
  • 77. ORACLE ENTERPRISE USER SECURITY 77 Background § Customer Projects to engineer Oracle Enterprise User Security. § Test different Oracle releases, configurations, SSL settings etc. Idea § Setup a test environment based on Oracle Database and Oracle Unified Directory on Docker Solution § Add scripts to OUD container setup folder to create an OUD instance with EUS suffix. § Add scripts to DB container setup folder to configure Enterprise User Security in the database. § Script to register database § Script to configure EUS mapping § https://github.com/oehrlis/docker/tree/master/samples/eus
  • 78. ORACLE ENTERPRISE USER SECURITY 78 § Oracle Database Container o Demo Schema with VPD § Oracle Unified Directory Container o Directory with EUS suffix § Initial start of containers o Creating the DB / Directory o Registration of the DB o Configuration of EUS § Available on GitHub
  • 80. CONCLUSION 80 § There are way to much possibilities to setup LAB environment o I use to do more engineering on this J § Vagrant is a simple and easy solution to setup local system § Script could easily be reused for different technologies § New approach probably should be based on something like Ansible