Synopsis. Oracle Database 11g Release 1 (11gR1) was launched in mid-July 2007. This article the second in this two-part series takes some tantalizing glimpses into the upcoming improvements to database performance and database management that expand even further the revolutionary concepts introduced in Oracle Database 10g.
In the prior article in this series, I focused on five impressive and obvious features in Oracle Database 11g that are sure to change the way that DBAs gather data, tune SQL, perform unit and system testing, and handle complex transaction-level recovery. However, there are equally impressive features lurking just beneath the surface of Oracle Database 11g that demand attention because they provide increased database security, improved data storage capabilities, and enhanced disaster recovery. So, heres the second half of my personal top ten list of Oracle Database 11g new features. Please be sure to visit this article and Oracle 11g Central periodically as I dive more deeply into these features over the next several months.
Oracle Database 11g provides a series of brand-new methods for storing large binary objects (also known as LOBs) inside the database. These new features, collectively called SecureFiles, will allow Oracle Database 11g to store images, extremely large text objects, and the more advanced datatypes introduced in prior Oracle releases (e.g. XMLType, Spatial, and medical imaging objects that utilize the DICOM (Digital Imaging and Communications In Medicine) format).
SecureFiles promises to offer performance that compares favorably with file system storage of these object types, as well as the ability to transparently compress and deduplicate these data. (Deduplication is yet another brand-new feature in Oracle Database 11g. It can detect identical LOB data in the same LOB column thats referenced in two or more rows, and then stores just one copy of that data, thus reducing the amount of space required to store these LOBs.) Perhaps most importantly, Oracle Database 11g will also insure that these data can be encrypted using Transparent Data Encryption (TDE) methods especially important (and welcome!) in the current security-conscious environments we inhabit today as database administrators.
#7: Improved Database Security
Oracle Database 10gR2 dramatically improved the options for encrypting sensitive data both within Oracle database tables and indexes, as well as outside the database (i.e. RMAN backups and DataPump export files) with Transparent Data Encryption (TDE). Oracle Database 11g continues to expand the use of TDE within the database. For example, its now possible to encrypt data at the tablespace level as well as the table and index level. Also, logical standby databases can utilize TDE to protect data thats been transferred from its corresponding primary standby database site. Moreover, secured storage of the TDE master encryption key is insured by allowing it to be stored externally from the database server in a separate Hardware Security Module.
Secure By Default. Oracle Database 11g also implements a new set of out-of-the-box security enhancements that are collectively called Secure By Default. These security settings can be enabled during database creation via the Database Configuration Assistant (DBCA), or they can be enabled later after the database has been created. Heres a sample of these new security features:
- Every user account password is now checked automatically to ensure sufficient password complexity is being used.
- To further strengthen password security, the DEFAULT user profile now sets standard values for password grace time, life time, and lock time, as well as for the maximum number of failed login attempts.
- Auditing will be turned on by default for over twenty of the most sensitive DBA activities (e.g. CREATE ANY PROCEDURE, GRANT ANY PRIVILEGE, DROP USER, and so forth). Also, the AUDIT_TRAIL parameter is set to DB by default when the database is created, so this means that a database bounce will no longer be required to activate auditing.
- Fine-Grained Access Control (FGAC) is now available for network callouts when using raw TCP (e.g. via the UTL_TCP package), FGAC will be able to construct Access Control Lists (ACLs) to provide fine-grained access to external network services for specific Oracle Database 11g database user accounts.
- Enterprise Manager now provides interfaces for direct management of the External Security Module (ESM), Fine-Grained Auditing (FGA) policies, and Row-Level Security (RLS) policies.
- Finally, an RMAN recovery catalog can now be secured via Virtual Private Catalog to prevent unauthorized users from viewing backups that are registered within the catalog.
#8: Partitioning Upgrades
Oracle Database 10g made a few important improvements to partitioned tables and indexes (e.g. hash-partitioned global indexes), but Oracle Database 11g dramatically expands the scope of partitioning with several new composite partitioning options: Range Within Range, List Within Range, List Within Hash, and List Within List. And thats not all:
- Interval Partitioning. One of the more intriguing new partitioning options, interval partitioning is a special version of range partitioning that requires the partition key be limited to a single column with a datatype of either NUMBER or DATE. Range partitions of a fixed duration can be specified just like in a regular range partition table based on this partition key. However, the table can also be partitioned dynamically based on which date values fall into a calculated interval (e.g. month, week, quarter, or even year). This enables Oracle Database 11g to create future new partitions automatically based on the interval specified without any future DBA intervention.
- Partitioning On Virtual Columns. The concept of a virtual column a column whose value is simply the result of an expression, but which is not stored physically in the database is a powerful new construct in Oracle Database 11g. Its now possible to partition a table based on a virtual column value, and this leads to enormous flexibility when creating a partitioned table. For example, its no longer necessary to store the date value that represents the starting week date for a table that is range-partitioned on week number; the value of week number can be simply calculated as a virtual column instead.
- Partitioning By Reference. Another welcome partitioning enhancement is the ability to partition a table that contains only detail transactions based on those detail transactions relationships to entries in another partitioned table that contains only master transactions. The relationship between a set of invoice line items (detail entries) that corresponds directly to a single invoice (the master entry) is a typical business example. Oracle Database 11g will automatically place the detail tables data into appropriate subpartitions based on the foreign key constraint that establishes and enforces the relationship between master and detail rows in the two tables. This eliminates the need to explicitly establish different partitions for both tables because the partitioning in the master table drives the partitioning of the detail table.
- Transportable Partitions. Finally, Oracle Database 11g makes it possible to transport a partitioned tables individual partitions between a source and a target database. This means its now possible to create a tablespace version of one or more selected partitions of a partitioned table, thus archiving that partitioned portion of the table to another database server.
#9: ASM Enhancements
Oracle Database 10g introduced Automatic Storage Management (ASM) that at its essence is a file system specifically developed for Oracle database files. (See my article series on ASM for more details.) Oracle Database 11g expands the reach of ASM with several new features, including:
- SYSASM Role. A new role, SYSASM, has been created so that ASM instances can be managed separately from the roles typically granted for traditional Oracle database instance management.
- ASM Rolling Upgrades. One of the most popular and sensible uses of ASM is in a Real Applications Cluster (RAC) environment. Oracle Database 10g made it possible to initiate a rolling patch set upgrade to the software in the Oracle database home on each node in the cluster. This insures that the clustered database remains accessible at all times because at least one Oracle database instance is active while the patch set is applied to the other node(s). The good news is that Oracle Database 11g now extends this concept to ASM instances in a RAC clustered environment.
- Fast Mirror Resynchronization. An ASM disk group thats mirrored using ASM two-way or three-way mirroring could lose an ASM disk due to a transient failure (e.g., failure of a Host Bus Adapter, SCSI cable, or disk I/O controller). Should this occur, ASM will now utilize the Fast Mirror Resynchronization feature to quickly resynchronize only the extents that were affected by the temporary outage when the disk is repaired, thus reducing the time it takes to restore the redundancy of the mirrored ASM disk group.
- Preferred Mirror Read. An ASM disk group thats mirrored using ASM two-way or three-way mirroring requires the configuration of failure groups. (A failure group defines the set of disks across which ASM will mirror allocation units; this insures that the loss of any disk(s) in the failure group doesnt cause data loss.) In Oracle Database 11g, its now possible to inform ASM that its acceptable to read from the nearest secondary extent (i.e. the extent thats really supporting the mirroring of the ASM allocation unit) if that extent is actually closer to the node thats accessing the extent. This feature is most useful in a Real Application Clusters (RAC) database environment, especially when the primary mirrored extent is not local to the node thats attempting to access the extent.
- Resizable Allocation Unit. Oracle Database 11g now permits an ASM allocation unit to be sized at either 2, 4, 8, 16, 32, or 64 MB when an ASM disk group is first created. This means that larger sequential I/O is now possible for very large tablespaces, and/or tablespaces with larger block sizes. The extent size is now automatically increased as necessary and this allows an ASM file to grow up to the maximum of 128 TB as supported by Bigfile Tablespaces (BFTs).
- Improved ASMCMD Command Set. ASMCMD now includes several new commands that increase visibility of ASM disk group information, support faster restoration of damaged blocks, and retain and restore complex metadata about disk groups:
- A system / storage administrator can execute the lsdsk command to view a list of all ASM disks even if an ASM instance is not currently running.
- The remap command utilizes the existing backup of a damaged block on an ASM-mirrored disk group to recover the damaged block to an alternate location elsewhere in the ASM disk group.
- Commands md_backup and md_restore allow a DBA to back up and restore, respectively, the metadata reflecting the exact structure of an ASM disk group. These new commands are an immense boon because the recreation of extremely large disk groups consisting of several dozen mount points can be tedious, time-consuming, and prone to error.
#10: DataGuard Enhancements
Last but most certainly not least, Oracle Database 11g adds plenty of enhancements to its flagship high-availability solution for site survivability, DataGuard:
- Snapshot Standby Database. Prior versions of Oracle Database supported two types of standby databases: the physical standby, which is an exact duplicate of the primary database and is updated via direct application of archived redo logs; and the logical standby, which contains the same logical information as the primary database, but whose data is organized and/or structured differently than on the primary database and which is updated via SQL Apply. Oracle Database 11g adds a third standby database type, the snapshot standby database, thats created by converting an existing physical standby database to this format. A snapshot standby database still accepts redo information from its primary, but unlike the first two standby types, it does not apply the redo to the database immediately; instead, the redo is only applied when the snapshot standby database is reconverted back into a physical standby. This means that the DBA could convert an existing physical standby database to a snapshot standby for testing purposes, allow developers or QA personnel to make changes to the snapshot standby, and then roll back those data created during testing and immediately reapply the valid production redo data, thus reverting the snapshot standby to a physical standby again.
- Rolling Database Upgrades Support Physical Standby Databases. Oracle Database 10g introduced the ability to utilize SQL Apply to perform rolling upgrades against a primary database and its logical standby database. During a rolling upgrade, the DBA first upgrades the logical standby database to the latest database version, and then performs a switchover to make the standby database the primary and vice versa. The original primary database is then upgraded to the new database version, and a switchover reverses the roles once again. This insures that the only interruption to database access is the time it takes to perform the switchovers. The good news is that Oracle Database 11g now allows a rolling database upgrade to be performed on a physical standby database by allowing the physical standby to be converted into a logical standby database before the upgrade begins. After the rolling upgrade is completed, the upgraded logical standby is simply reconverted back into a physical standby.
- Real-Time Query Capability. DataGuard will now allow the execution of real-time queries against a physical standby database, even while the physical standby continues to receive and apply redo transactions via Redo Apply. (In prior releases, the physical standby could only be accessed for reporting if it was opened in read-only mode while the application of redo was suspended.) This means that a physical standby database can be utilized more flexibly for read-only reporting purposes; also, the considerable resources needed to create and maintain the standby environment may now be put to much more effective use.
- Expanded DataType and Security Support. Oracle Database 11g now supports XMLType data stored in CLOB datatypes on logical standby databases. In addition, Transparent Data Encryption (TDE) can now support encrypted table data as well as encrypted tablespaces, and Virtual Private Database (VPD) is supported for logical standby databases
- Heterogeneous DataGuard. Finally, its now possible to set up the primary database site using one operating system (e.g. Oracle Enterprise Linux 4.4) while using another operating system (e.g. Windows 2003 Server) for the standby database site.
Oracle Database 11g Release 1 continues to improve upon the massive paradigm shift in Oracle Database 10g toward self-managed, self-tuning, and self-healing databases. Though I believe Ive thoroughly reviewed what I consider to be the major features of this massive new release, Im sure there are areas Ive yet to probe. These automatic database management features will be especially valuable to IT organizations that continue to struggle with ever-larger databases and ever-increasing computing workloads while attempting to answer the demand for lowered costs and value-added service.
References and Additional Reading
Even though Ive hopefully provided enough technical information in this article to encourage you to explore with these features, I also strongly suggest that you first review the corresponding detailed Oracle documentation before proceeding with any experiments. Actual implementation of these features should commence only after a crystal-clear understanding exists. Please note that Ive drawn upon the following Oracle Database 11gR1 documentation for the deeper technical details of this article:
B28279-01 Oracle Database 11gR1 New Features
B28286-01 Oracle Database 11gR1 SQL Language Reference
B28294-01 Oracle Database 11gR1 DataGuard Concepts and Administration
B28310-01 Oracle Database 11gR1 Administrators Guide
B28318-01 Oracle Database 11gR1 Concepts
B28320-01 Oracle Database 11gR1 Reference
B31107-01 Oracle Database 11gR1 Storage Administrators Guide
B32024-01 Oracle Database 11gR1 VLDB and Partitioning Guide