Activebase: Qos Assurance, Management & Security of Large Oracle Database Centers
Activebase: Qos Assurance, Management & Security of Large Oracle Database Centers
Activebase: Qos Assurance, Management & Security of Large Oracle Database Centers
About US
Innovative technology protected by patents First production sites in 2004 Among our customers:
CONTEXT> More Data, More Users, More Tools, changing environment but Budget & Resources do not always grow and Expertise is scarce HOW CAN I > Take Preemptive measures that will enable me to: Guarantee SLA
Important tasks get served first
Improve QoS Reduce response time, accelerate performance Secure Database Access Comply to regulations Prevent Data Leakage Hide, Scramble, Mask data to both internal & external users Without modifying the applications or the databases?
ActiveBase Priority
resources
Guarantee at least 40% Server CPU and I/O to call-center on-line transactions
When Server CPU > 85%, restrict Analyst group to 20% CPU load and up to 50 parallel query servers
Reduce Server Operating System process by 50% (e.g., Export) when Server CPU>85%
Rule Engine
Identification functions: Server CPU and I/O, Instance and session CPU, Session info, SQL syntax patterns, Database Router time of day, define user grouping Priority Actions: Reduce process resources, Limit process resource consumption
Database activity and OS monitor Site environment configuration Administration users and roles Database server agent
Sessions
Session Classification: Ad-hoc or rule based Session/ group Classification
Database activity and OS monitor Site environment configuration Administration users and roles
Implementation
Installation and configuration in less than a day Installed with Knowledge packs containing expandable Priority rules, providing immediate ROI Scalable and central management supporting hundreds of ActiveBase installations on site with rule propagation Easy, clear and friendly GUI enables quick one-day concise administration training No code rewrites or data changes required
11
12
MORE SPEED: accelerates response times from hours to minutes, minutes to seconds MORE PERFORMANCE STABILITY: Prioritizes user groups during peak-loads and ensures ETL process completion MANAGE USER ACTIVITIES:
high-load
15
ActiveBase Performance
Improves response time x5-x50 by applying SQL optimization rules in real-time Rules include applying SQL rewrites and hints without touching reports and restricting ad-hoc queries Guides and trains users for correct usage with automated messages
16
Users/ applications
17
Examples
When report/ad-hoc query uses nested-loop on a specific fact scanning, change into /*+ use_hash*/
When running on another fact with index range change into partition range scan
Change month=xxx condition into date between 1-xxx and end-of-month (as date column is partitioned) Block all requests running on more then 1000 partitions and return a message the user
Change driving site of a report to use historical database when report requires old date
18
Policy example
Simulator
allows to test policy before applying.
24
Flexible architecture with negligible footprint (e.g., only 3% from all SQL throughput require ActiveBase parse)
AB installed within a day on DB server or dedicated server (hub)
Gradual deployment can start with only development tools, reporting and applications in test, QA and prod
No programming and no application changes required for optimizing incoming SQL requests
25
26
27
The Challenge
Sensitive and Personal Information (SPI) leakage is a major threat to organizations with high cost of remediation Integrity of SPI affects key decisions and financial reporting Risk of downtime
Policies cannot be enforced on all DBA & development tools unsecured, uncontrolled with unlimited access
Performance overhead No separation of duties Not secure audit trail Massive storage requirement Does not provide granularity required Does not provide proactive security (batch approach vs. real-time intervention) - before offensive requests reach the database
Prevents SQL injections, buffer overflow and applies virtual Critical Patch Update enforcement
30
Users/ applications
31
Prevents SPI leakage by applying preventive Controls on internal and outsourced operations complements detective controls (alerting and auditing) Blocks, scrambles, restricts access of privileged users from: Accessing SPI Changing application schemas Creating new DB accounts or elevating privileges Enforces separation of duties without: Risk of blocking legitimate access Impacting DBA ability to perform routine admin tasks
32
Data mask format library (masking templates) include random number and string, sub string and user functions Define once & apply on many across applications and databases No risk to application or data integrity masking only select requests Data masking can be applied selectively based on request patterns or user profiles
33
Implement robust preventive controls without the risk of blocking legitimate business access.
34
35
36
As it completes (2-4 weeks), ActiveBase detects automatically deviant action from access profile, proposing following steps
Summary
Comply with existing and new REGULATIONS (SOX,) Control the flow (data in motion and in use) of sensitive and private information in your production systems to employees, customers and partners Protect against SQL injection and published Oracle vulnerabilities (CPUs) Prevent data leakage and secure non-production systems populated with production data including SPI
Centralized security rules applicable on any application, even if source code not available
38
Implementation
Installation and configuration in less than a day Installation includes Knowledge packs for quick ROI Scalable and central management supporting hundreds of ActiveBase site installations with rule propagation Easy, clear and friendly GUI enables concise one-day training
No code rewrites or data changes required for scrambling or hiding sensitive information
With both performance and security in a single comprehensive solution, ActiveBase boosts adoption, ROI and lowers Total Cost of Ownership
39
Summary
Business applications
CRM Web
Billing etc
BI applications
AB Suite Provides:
AB Suite Provides:
1. QoS improvement & guarantee 1. Performance improvement using prioritization of resources by x10 on reports and ad-hoc during performance spikes queries QoS 1. Security & auditing 2. improvement & guarantee Data leakage prevention, learning 3. Security & auditing mode usage, alerting, SQL Injection prevention, Oracle CPU protection
Customer Cellcom
(Telco)
Over 2000 users: on-line Billing applications and BI (Cognos). AB*Performance is used in Data Warehouse environment, on a 64 CPU Superdome database server with over 30 Tera of data, delivering performance stability and report acceleration
It blocks offensive requests (e.g., that scan more than X partitions) It accelerates reports and ad-hoc query response time by x10 and more
AB* Security is used across the data center for auditing all access to sensitive data by various applications and tools
Audited information is analyzed by customers security employees
44
Customer Orange
(Telco)
database server with over 25 Tera of data, delivering performance stability and report acceleration. It accelerates reports and ad-hoc query response time, reducing overall reporting response time from 8 to 4 minutes It uses AB*Performance for fixing Orange Billing batch, that could not be tuned in any other way. It rewrites requests to use a small replicated object instead of the original object, speeding from 14 hours to hour
Using ActiveBase software made our business reporting 10 times faster and more efficient, saving substantial resources and enabling us to expand, while still maintaining our existing server."
Limor Malay, DW Division Manager, Orange (IL)
45
Important business reporting was accelerated by 27 times! The security policies proved to be highly effective
S vltos Lajos, Data mart Manager, National Bank of Hungary
48
SUMMARY of BENEFITS
For the Enterprise
Save on Control Improve Budget SLA QoS
Design & Implementation Data-Center Administrators Known-how & Expertise
50
For IT
Simplify Empower Capitalize
Thank you!