2THE FOLLOWING IS INTENDED TO OUTLINE OUR GENERAL PRODUCT DIRECTION THE FOLLOWING IS INTENDED TO OUTLINE OUR GENERAL PRODUCT DIRECTION. IT IS INTENDED FOR INFORMATION PURPOSES ONLY, AND MAY NOT BE INCORPORATED INTO ANY CONTRACT. IT IS NOT A COMMITMENT TO DELIVER ANY MATERIAL, CODE, OR FUNCTIONALITY, AND SHOULD NOT BE RELIED UPON IN MAKING PURCHASING DECISION. THE DEVELOPMENT, RELEASE, AND TIMING OF ANY FEATURES OR FUNCTIONALITY DESCRIBED FOR ORACLE'S PRODUCTS REMAINS AT THE SOLE DISCRETION OF ORACLE.
3Oracle Solaris 11: Innovations for Your Data Center <name>
4Oracle Cloud Computing Strategy Private Public HybridSaaS PaaS IaaSFlexible AdoptionBecause we see customers adopting cloud in so many different ways, our goal is to offer customers with choice and a broad set of products and services.Our strategy is:First, to provide products to help customers build, deploy and manage private clouds, as well as different options for public cloud services. Customers need deployment flexibilitySecond, to deliver a wide range of offerings spanning SaaS applications, PaaS including middleware and database, and IaaS including servers, storage, networking and associated OS and virtualization software.Third, to enable solutions that enable customers to adopt cloud at a pace that fits their business. We find that customers vary a lot in terms of how rapidly they wish to move to clouds and to what extent they wish to move to clouds. We enable customers to evolve and transform to cloud at whatever pace makes sense for their business.So what exactly are Oracle’s offerings for cloud computing?....ORACLETUXEDOFLEXCUBEORACLESECURE BACKUP
6Foundation of Every Enterprise Class Cloud Infrastructure Oracle Solaris 11Mission Critical Meets CloudHighly Available, SecurePlatform for Enterprise AppsLarge-scale CloudManagementPredictive self healingZFS data integrityEnd to end encryptionCompliance reportingDTrace observabilityImmutable zonesApplication Aware ClusteringAutomated InstallFast, Fail-safe PackagingZero overhead Server, Storage, Network virtualizationComprehensive cloud management solutionSolaris 11Foundation of Every Enterprise Class Cloud Infrastructure
7Create as a build Create as a build Create as a build Solaris 11 From IaaS to SaaS – One SolutionSaaSPaaSIaaSCustomerexamplesSPARC SuperClusterOracle 11gR2Oracle X, T, M-SeriesHW, Solaris zonesOracle 11gR2OVM SPARCOracle SolarisClusterSPARC T4Major US Mobile ServiceProviderTimes may vary depending on size of systems to boot.Solaris 11 can update a system very quickly and then Fast Reboot for SPARC an x86 gets the new environment back online quickly.If you don’t like the update boot the previous ZFS boot environment – Fool-proof updates7
10Oracle Solaris 11.1 Built for Cloud Infrastructures Best UNIXTM for Oracle Deployments#1 UNIXTM forEnterprise ApplicationsEngineered for Oracle EnvironmentsOptimized for Oracle software and hardwareDelivering the performance you need in an Optimized DatacenterBuilt for Cloud InfrastructuresBreakthrough architecture to deploy and secure and manage enterprise cloudsDelivering the simplicity you need in an Optimized Datacenter#1 UNIXIndustry leading availability, security and performance for enterprise applicationsInvestment protection for enterprise environmentsReducing risk in your Optimized Datacenter with over 25 years of enterprise experience
11Dramatically Faster Lifecycle Management Create as a buildCreate as a buildDramatically Faster Lifecycle ManagementCreate as a buildNew Security FixMaintenance window: 6-7pm6:00 Start Update6:00-6:02 Dependency checks, patch/update planningTimes may vary depending on size of systems to boot.Solaris 11 can update a system very quickly and then Fast Reboot for SPARC an x86 gets the new environment back online quickly.If you don’t like the update boot the previous ZFS boot environment – Fool-proof updates6:02-6:04 New boot environment created, updates downloaded and applied6:04-6:06 reboot up and running againBack in Service in 2 Minutes!11
12Fail-Safe Lifecycle Management New Software UpdateMaintenance window: 6-7pm6:00-6:02 Dependency checks, patch/update planning6:00 Start Update6:02-6:04 New boot environment created, updates downloaded and applied6:06-6:08 Reboot into previous boot environmentTimes may vary depending on size of systems to boot.Solaris 11 can update a system very quickly and then Fast Reboot for SPARC an x86 gets the new environment back online quickly.If you don’t like the update boot the previous ZFS boot environment – Fool-proof updates6:04-6:06 rebootWorst-case Scenario: Back in Service in 4 Minutes!12
13Fast, Fail-Safe Lifecycle Management Create as a buildCreate as a buildFast, Fail-Safe Lifecycle ManagementCreate as a buildAt Massive Scale through AutomationNew Security PatchIdentity ServerMail ServerFile ServerVMTimes may vary depending on size of systems to boot.Solaris 11 can update a system very quickly and then Fast Reboot for SPARC an x86 gets the new environment back online quickly.If you don’t like the update boot the previous ZFS boot environment – Fool-proof updates13
14Fully Automated updates with Solaris 11 Public Sector Customer exampleMulti-tenant cloud environmentDelegated administration allows SAP and database administrators to safely control their own Zones without access to other Zones and services on the systemsDatabase and Applications per zoneHA SAP and Oracle Database Zone ClustersAutomated updatesBoth Solaris 11 and Solaris Cluster 4.0 are automatically updated from IPS repository every weekOracle Database on SPARCOracle Elastic Cloud SoftwareOracle ApplicationsThird-party ApplicationsMulti-tier ConsolidationIt is important to understand how the SSC can be virtualized to understand its use as a consolidation platform. Using Oracle VM for SPARC (OVM SPARC) the T4-4 compute nodes can be partitioned into three types of partitions. One is a Database Domain that is used to run S11 and Oracle 11gR2. There can be only one DB Domain per T4-4. A DB Domain does not have to include all processors in a T4-4 node. There is a maximum of 3 domains on a T4-4 node that has a DB domain. DB Domains will access the Exadata storage cells. Only DB Domains running Oracle 11gR2 can use the Exadata storage cells. General Purpose (GP) domains can run S10 or S11 and has their name implies are used to run general-purpose applications such as Oracle Ebiz, Siebel, PSFT or even third-party applications. GP Domains will use the ZFS Storage appliance for its disk requirements. GP domains can also access legacy SAN’s. Exalogic domains are domains that run the Exalogic Elastic Cloud software. Exalogic domains will use the ZFSSA for storage. Up to 4 domains can be deployed on any T4-4 nodes but since only one DB Domain is possible on a T4-4 node the other three domains would have to be GP Domains or Exalogic Domains.This slide shows all three types of domains indicating how to virtualize/partition an SSC T4-4. It also shows how it is possible to consolidate app tier and db tier on a single SSC T4-4. It shows that all four T4-4 nodes are used for database domains and are clustered using RAC. These domains will have exclusive access to the 6 Exadata Storage nodes. The other domains nodes are partitioned into 3 GP domains and 1 exalogic domain. Note that only GP domains can run S10. If a customer wants a T4-4 node to run just an S10 GP Domain then they still need to set up a small S11 control domain as it is not allowed to have a node running just S10.Deploying DB’s in containers in DB Domains is not supported.Lastly, live migration is not supported on SSC T4-4.“Patching is so easy we that we’ve even made the systems automatically update every week”version 4
15Solaris Zones Best Foundation for your Cloud Programmable management APIsOpsCenter IntegrationZone images encrypted on shared storageImmutable zonesTightly integrated Network virtualizationZero overhead IB and Ethernet connectivityScalable to 100s of zones/ physical machineiSCSI 1Global zoneiSCSI NZoneArad(1m) mgmt. APIsZone1Virtual RouterMaps integration of Solaris to SPARC hardware roadmap (and notes our plans to continue to track x86 advances as well, especially as a result of our ongoing work with Intel10GbE NetworkInfiniBand Fabric
16Evolution of Solaris Network Virtualization Staying Ahead of the Virtualization ChallengesGlobal zoneSolaris 10:Zones virtualizationShared, later: exclusive stackZone AZone BZone CSolaris 11:VNICsVswitchFlowsZero overhead QoSVirtual networking servicesVirtual Router/ LB/ FirewallSolaris 11.1:SLAs to next hop switchConvergence of FC onto EthernetDatalink multipathingMaps integration of Solaris to SPARC hardware roadmap (and notes our plans to continue to track x86 advances as well, especially as a result of our ongoing work with IntelPhysical switch
17Solaris and Xsigo High Performance End-to-End Cloud Solution Storage FinanceZone AHRZone BSalesZone CStorageComputeSalesDatasetEthernetOnly Solaris and Oracle Linux delivers this featureThe Oracle Real Application Clusters (RAC) distributed database product includes the Lock Management System (LMS), a user-level distributed lock protocol which mediates requests for database blocks between processes on the nodes of a database cluster. Fulfilling a request requires traversing and copying data across the user/kernel boundary on the requesting and serving nodes, even for the significant number of requests for blocks with uncontended locks.We have created a "kernel accelerator" (KA), which filters database block requests destined for LMS processes and directly grants requests for blocks with uncontended locks, thereby eliminating user-kernel context switches, the associated data copying, and LMS application-level processing for those requests.The KA exports shared memory in which the LMS locking daemon places its lock table. The KA intercepts DBMS block requests over the RDSv3 communications protocol used between cluster nodes and calls into a DBMS-provided kernel accelerator run-time (KA RT) module, which consults the shared-memory lock table. If the lock is available, the KA replies from the kernel, granting the request directly to the requesting node; if the lock is not available, the KA passes the request up to the LMS user process, which handles the request in the same fashion as when no KA is present.This not only speeds up the process of granting locks, but it also frees up CPU cycles, thus allowing for better throughput in the order of 30-40% depending on the workload.HRDatasetXsigo Fabric DirectorFinanceDatasetFCNetwork
18Security Tailored for the Cloud Built-in, Flexible, Transparent, Hardware AssistedApplication RuntimeImmutable Zones, Sandboxing: new basic privileges (net_access,file_write, file_read), further executable address space reduction. Network data-link & IP anti-spoofing for Zones.AuthenticationSSH X.509 Certificate support, Kerberos PKINIT (X.509). Kerberos data in LDAP. Root login disabled by default. Role auth via user password, Authentication caching.AuditAuditing on by default, audit policy in SMF, Secure remote audit trail.DelegationSudo with auditing. Fine-grained user/password/RBAC management CLI with LDAP support.Data SecurityZFS filesystem, swap, dump and zvol encryption, NFSv4/NT style ACLs, Multilevel security with file labeling. IPsec/IKE policy per zone. Per Zone NFS server and Kerberos Realm.CryptographyTransparent Hardware Encryption for Solaris, Java. OpenSSL 4x faster. Trusted Platform Module (TPM) keystore, file integrity scanner Signed binaries & packages, Oracle Key Manager appliance integration
19Solaris 11.1 Security Highlights Built-in, Flexible, Transparent, Hardware AssistedApplication RuntimeASLR & Security Extensions Framework, rsyslog (GSSAPI & TLS), OpenSCAP Compliance toolAuthentication/etc/pam.d Linux Compat & Minimisation, Per User PAM stack, Kerberos client multi master, Last failed login timeAuditAudit Remote ServerDelegationExtended Policy – privileges on objects, pfedit, auths admin command, RAD usermgrData SecurityPer file security labels, multiple zones per security label, 1024 groups for AUTH_SYS/NFSCryptographyTPM key migration, SHA512/t, Large DSA keys, Intel RDRAND, AES XTS, Perf improvements SPARC & Intel
20Compliance Reporting. Secure Audit Minimize Your Time Spent on ComplianceNew with Solaris 11.1Know when an unauthorized login attempt was madeSave time and resources with automated compliance reportingKeep audit logs safe from tamperingCompliance reporting toolAutomates compliance reportsExtensible & standards basedWhite paper for Solaris PCI-DSS ComplianceAlways record & report last failed login attemptRemote Audit server (client in Solaris 11)Syslog over TLS (rsyslog)Planned Oracle Audit Vault integrationSolaris 11.1 serverAudit & SyslogOpenSCAP Compliance toolAdmin can define operational policiesprogrammatic checks can be made against these profilesReports can be produced for compliance checkingLast failed login timeRecord actual time of login failures. Required for complianceAudit Remote ServerSecure remote audit. Client ships audit data to remote server and server stores them in a specific place. Can specify what data to keep on server.Tamper –proof audit log on the attached system.Uses Secure transport (kerberos)Can have multiple servers for HA configurationEncrypted Log &Audit trail storage
21ZFS Virtualized Pooled Storage Scale Out Design. Built-in Data Services.Flash-enabled virtual storage poolsCompressionReplicationDeduplicationDataset Encryption10x Deduplication for Virtualized Environments Rapid Provisioning of Virtualized Storage ResourcesNo Silent Data Corruption. Ever.
22Cloud Ready Data Sharing Built-in, Flexible, Transparent, Hardware AssistedFile SharingUnified User and Access Control with Active Directory integration: ZFS, NFSv4, CIFS, WebDAV, FTP(S), SCP/SFTPCloud Ready OS installSolaris boot from SAN, iSCSI and FCoEZones on iSCSI/FCoE ZFS poolsBlock Storage SharingRaw Disk & ZFS LUN: iSCSI, iSER, FCoE
23Solaris 11.1 Storage Highlights ZFSImproved FMA integration for better diagnosis.Semantic (Veritas) DMP support.Boot from UEFI & 4K disk.SCSI UNMAP for thin provisioning.Dump/SWAP on RAIDZ. Auto-resize swap ZVOLs.Incremental (Token) based backup for NDMP.Per file security labels.Finegrained Share control for NFS & CIFSSCSI Disk write Cache StateNFSAUTH_SYS support fro 1024 groups.NFSv2 DTrace provider.FedFS LDAP support for NFS reparse points.CIFSAD Domain join improvements, DC failover improvementsMiscRemovable device simulation with lofi(7D) . COMSTAR SCSI UNMAP.Shared datasets for boot environments (/var/share).Storage URI tools. Per Zone file system statistics (fsstat).
24Solaris-as-a-Service >40x Consolidation RatiosPhysical Ethernet Switch…Customer 1Solaris ZoneCustomer applicationCustomer 2Customer application 1Customer application 2Oracle x86, Oracle SPARC T and M seriesSolaris 11 Global Zone Integrated Virtual Switching, Load Balancer, FirewallIaaS cloud based on Solaris 11For both internal IT as well as external public cloud customers>40x consolidation ratiosSolaris 11 low-overhead zonesIntegrated network virtualizationAdditional cost savingNetwork services consolidated into hostOne of Australia’s largest Network Operators. Over 11,000 km of fiber and 370 exchanges
25IaaS – Major US Mobile Service Provider Virtualization Meets Mission CriticalSMALLMedLARGEORACLE SOLARIS CLUSTER 4.0ORACLE SOLARIS 11 CONTROL DOMAINAPPLive MigrationFail overVirtualized Wireless Service DeliveryCompute intensive, clusteredNon stop serviceDatacenter Datacenter failoverEncrypted live migration5x application performance10x consolidationUpdating the SPARC Virtual Environment with SPARC T4, Solaris 11, Solaris Cluster 4.0 and OVM for SPARCReduced time-to-deploy to less than 1 week from standard 4-6 weeksSaved $800K in CAPEXReduced OPEX by $100KSaved 20x power and cooling costsSaved 8x floor spaceApplications see a 5x increase in single-thread performance compared to a T5440 processor and aLive migration of HA virtual machinesAll live migration traffic is compressed and encrypted at wire-speed using Solaris crypto framework and built-in T4 hardware crypto-accelerator500m+
26#1 UNIX. Engineered for Oracle. Investing in Best of BreedSolaris 11 take immediate advantage of the latest hardware innovations such as critical threads, crypto off-load engines, large networking pipes and power management controls to deliver the benefits of hardware innovation to the datacenter.Solaris engineers have worked closely with Oracle’s software and hardware teams to co-engineer innovation in the stack to deliver the best possible platform for Oracle deployments.Solaris 11 is at the heart of the Engineered Systems delivering unique value such as Infiniband enhancements and built-in virtualization.Best of breed componentsCo-Engineered withapplications and hardwareUnique value in Engineered Systems
27SPARC SuperCluster Implementation From Months to Weeks
28Engineered Together Tested Together Certified Together Deployed TogetherUpgraded TogetherManaged TogetherSlide Transition: When we say that Oracle hardware and software is engineered to work together, this refers to our unique ability to offer customers a complete hardware and software stack -- from applications through middleware and databases, and all the way down into servers and storage – that is integrated throughout.Oracle tests everything within a stack layer together–between different applications, between different middleware suites, between various database products, and so on. Oracle also tests everything across stack layers, from applications all the way down to the servers and storage.Oracle certifies the complete stack so that customers know which particular versions of software are designed to work together. For example, every major application that Oracle delivers, including Oracle E-Business Suite, PeopleSoft Enterprise, JD Edwards and Siebel CRM is certified with Oracle Fusion Middleware.Oracle packages the different technologies into standardized solutions, which customers can then deploy together.These complete solutions are designed to be upgraded effectively and efficiently together. And, the entire stack can be managed together, supported together and so on.Supported Together
29Examples of Optimizations for Oracle RDBMS The Tip of the IcebergKey: In Solaris New in S11.1CPUFull MT-hot kernel, scales to 100s of cores and 10,000s of HW threadsSupport for Critical Threads features in T4 chip5x performance improvement of high-resolution timerMulti-processing and multi-threading support for Oracle DBMemoryLarge Page supportOptimized Shared Memory (OSM)NUMA I/O FrameworkFast DB RestartLatency-aware kernel memory allocator (x86, SPARC)Re-architecture of Virtual Memory sub-systemUserland Fast-Memory Registration and Shared Protection DomainFile SystemUserland file system for DB, Oracle File Server supportI/OuDAPL, RDSv1, RDSv3, SDP: Support for low-latency Infiniband protocolsDirect I/O with concurrent writesExclusive-IP zone support for RDSv3 to support DBaaSDynamic reconfiguration for IB HCAs
30Examples of Optimizations for Oracle RDBMS The Tip of the IcebergKey: In Solaris New in S11.1ObservabilityEnhanced observability for segmentation faultsRead-out of libdtrace by Oracle 12cReliability and AvailabilityDynamic reconfiguration notifications for DB for resources rebalancingFMA callback for bad hardwarePerformanceImproved PGA performanceKernel lock acceleration for Oracle RACMessage Passing Co-processorRemote Memory Access (RMA)ExafusionMult-tenancyZones: Secure isolation, lowest latency virtualizationSecurityTransparent crypto off-load for SPARC and x86
31Oracle Database I/O Observability Optimize your Database I/O performanceNew with Oracle Database 12cQuick resolution of I/O issuesAdded DTrace I/O Event Tracing to Oracle Database 12cTracing info loaded in V$ views for queriesEnables DBAs and Oracle support to quickly resolve I/O related escalationsv$kernel_io_outlierTIMESTAMPIO_SIZEIO_OFFSETDEVICE_NAME VARCHAR2(513) PROCESS_NAME VARCHAR2(64) TOTAL_LATENCYSETUP_LATENCY…Only available with Solaris. More DTrace integration to come in later DB releases.A simple example of an outlier I/O: We can check the v$kernel_io_outlier table to extract information about time spent in the kernel for I/O's whose end to end latency exceeds a given threshold (500ms be default but tunable via the '_io_outlier_threshold' tunable - the example below was on an instance with this set to 200ms): SQL> desc v$kernel_io_outlier Name Null? Type TIMESTAMP NUMBER IO_SIZE NUMBER IO_OFFSET NUMBER DEVICE_NAME VARCHAR2(513) PROCESS_NAME VARCHAR2(64) TOTAL_LATENCY NUMBER SETUP_LATENCY NUMBER QUEUE_TO_HBA_LATENCY NUMBER TRANSFER_LATENCY NUMBER CLEANUP_LATENCY NUMBER PID NUMBER CON_ID NUMBER SQL> select IO_SIZE,PID,TOTAL_LATENCY,SETUP_LATENCY,QUEUE_TO_HBA_LATENCY,TRANSFER_LATENCY,CLEANUP_LATENCY from v$kernel_io_outlier; DEVICE_NAME IO_SIZE PID TOTAL_LATENCY SETUP_LATENCY QUEUE_TO_HBA_LATENCY TRANSFER_LATENCY CLEANUP_LATENCY 64 0 107 64 This example shows that this single 64k write to a scsi target had an end to end latency of just over 400 millisec (the timing numbers above are in microsec) and the breakdown is: SETUP_LATENCY: 2020 microsec - Time in microseconds spent during initial I/O setup before sending to scsi target device driver QUEUE_TO_HBA_LATENCY: 107 microsec - Time in microseconds spent in the scsi target device driver before being sent to the Host Bus Adaptor QUEUE_TO_HBA_LATENCY: ~400 millisec of this was spent being transferred to the physical device (in the Host Bus Adaptor and physically DMA'ing to the device). CLEANUP_LATENCY: 64 microsec- Time in microseconds spent freeing resources used by the completed I/O
32Database-as-a-Service on SPARC SuperCluster High-performance Infiniband Networking Meets VirtualizationNew in Solaris 11.1Multi-tenant Engineered SystemT4-4 Node 1Oracle Solaris 10Oracle Solaris 11DB DomainGP DomainZonesSolaris ZoneInfiniBand NetworkEXADATA STORAGEZFS STORAGEAPPLIANCEZones support for Exadata stack on SPARC SuperClusterZero Overhead zones virtualizationSecure Multi-Tenant IsolationHigh-performance 40 Gigabit Infiniband NetworkingOrganizations worldwide are scrambling to secure sensitive information in response to regulatory pressure for protecting data privacy and integrity, as well as protect from increasingly sophisticated attacks targeting this data. Encrypting data in applications, however, requires costly and complex code changes, often with disastrous performance consequences. Fortunately these pitfalls can be avoided.Oracle Advanced Security TDE provides the ability to encrypt sensitive application data on storage media completely transparent to the application itself. TDE addresses encryption requirements associated with public and private privacy and security mandates such as PCI and California SB1386.Oracle's Transparent Data Encryption (TDE) feature simplifies the encryption of data within datafiles, preventing unauthorized access to it from the operating system. Tablespace encryption, allows encryption of the entire contents of a tablespace.Data is transparently encrypted when written to disk and transparently decrypted after an application user has successfully authenticated and passed all authorization checks. Authorization checks include verifying the user has the necessary select and update privileges on the application table and checking Database Vault, Label Security and Virtual Private Database enforcement policies.Oracle's SPARC T4 processor with hardware cryptography acceleration can greatly improve performance over software implementations. This should greatly expand the use of TDE for many customers.Performance on Oracle TDE (Transparent Data Encryption)SPARC T4 44% faster secure queries than x86 Westmere (AES/NI)Combination of fast query processing and TDETests 8 different queries on 2-socket serversConsistent SPARC T4 query time 128-bit to 256-bit ciphersOracle Advanced Security TDE column encryption was introduced in Oracle Database 10g Release 2, enabling encryption of application table columns, containing credit card or social security numbers. Oracle Advanced Security TDE tablespace encryption and support for hardware security modules (HSM) were introduced with Oracle Database 11gR1.Hardware Security Module (HSM) - A device used to secure keys and perform cryptographic operations. These devices can be standalone network based appliances or plug-able PCI cards. In the context of TDE, these devices can create and store the TDE master key.Advanced Encryption Standard (AES) – A symmetric cipher algorithm defined in the Federal Information Processing (FIPS) standard no AES provides 3 approved key lengths: 256, 192, and 128 bits.PKCS#11 – A standard developed by RSA for communicating with cryptographic devices.Transparent Data Encryption is one of the three components of the Oracle Advanced Security option for Oracle Database 11g Release 2 Enterprise Edition; it provides transparent encryption of stored data to support your compliance efforts. Applications do not have to be modified and will continue to work seamlessly as before. Data is automatically encrypted when it is written to disk and automatically decrypted when accessed by the application. Key management is built-in, eliminating the complex task of creating, managing and securing encryption keys.
33Centralized Audit Reporting and Alerts More easily detect and analyze security threatsSimplify compliance reporting for Solaris and DatabaseNew with Solaris 11.1New collector in Oracle Audit Vault and Database FirewallPuts Solaris Audit logs in the same repository as the Database audit logsSolarisDatabaseCompliance ToolsAudit LogAudit log collector built in the new combined Oracle Audit Vault and Database Firewall product takes the audit log information generated by the Solaris operating system and consolidates it in the same repository (Oracle Audit Vault and Database Firewall) as the database audit information. This provides centralized consolidated security reporting and alerting on audit data across the operating system and databases.Oracle Solaris 11 new security Audit features such as: audit on by default, audit policy in SMF and secure remote audit trail along with the Oracle Audit Vault and Database Firewall provide the best in class auditing features in the industry.
34Oracle Application Accelerators Unmatched Silicon Enhancements for Enterprise SoftwareMemory scan offloadApplication Data ProtectionDecompression offloadLow latent cluster interconnectDynamic threadsEncryption
35Examples of Optimizations for Java The Tip of the IcebergKey: In Solaris New in S11.1CPUUser-level high resolution timer supportWLS scalability, Single-thread modesmt pause() to optimize busy waits in the JVMFused compare-and-branch with no delay slotNew block initializing store (BIS instruction)MemoryLarge Page support by JVMT4 2GB pages for Java performanceI/OSDP: Support for low-latency Infiniband protocolHA for SDPSecurityIntegration with Solaris crypto offload engines (Java 7u4)Zones support for SDPZones: Secure isolation, lowest latency virtualizationObservabilityDTrace plugin in Java Mission Control Generic dispatcher improvement Critical thread support for T4
37Java Performance Optimizations on Solaris The Tip of the Iceberg Generic dispatcher improvement Critical thread support for T4* 4x2.4GHz WSM-EX, Oracle Solaris 11 Express snv_156 X86* 2.2x Improvement through JDK 7 development
38Oracle Solaris 11 Best UNIX Platform for all Oracle Deployments ORACLE FLEXCUBEORACLERETAILORACLETUXEDOORACLESECURE BACKUPORACLEAGILEORACLEGOLDEN GATEORACLEGOLDEN GATEORACLEHYPERION
39SPARC SuperCluster Customers Implementations and Performance ResultsMulti-Tenant cloud, SAP, databases, and Java applications10x consolidation ratio and 4x efficiency improvements3x software license savingsSPARC consolidation, Kenan applicationsOracle Database 11gR2 and Comverse Kenan FX Billing5x performance improvementHP Superdome replacement, Java applications20x consolidation of complex business systemsSignificant reduction in TCOAtivas:10x consolidation ratio based on consolidation of known / potential environments into SuperCluster.4x efficiency improvements are based on the current 4 customers that plan to move to SuperCluster and the gain they get from only have to manage one SuperCluster rack rather than 4 individual setups for each of the customers3x software licensing savings. Customers moving from HP and IBM gear to SSC. Able to leverage fewer resources on SuperCluster. All numbers approved by customer.Liberty Global (UPC):5x performance improvement based on comparison of SuperCluster (only one node of T4-4) to E25k using a Kenan billing test case.KED:20x consolidation of complex business systems came from quote from KED. Migrate a total of 20 complex business systems onto 1 SuperCluster. (1:20 = 20x)Federal Agency:10x performance improvement came from a comparison to their POC environment. They were only able to get to 600 concurrent users and now they say 6000k concurrent users on SSC (600:6000=10x). POC environment was T-series. Customer reported 18k concurrent users.30x performance improvements comes from comparison to mainframe environment. The amount of work that SuperCluster does is equal to what they did in 30 days with the mainframe environment. 1:30 = 30x improvement. Statement comes directly from the customer.POC environment was 3 x T5240 servers, 4 x x4150 servers, 8 x6240 blades.Federal Agency,North AmericaMainframe replacement, Oracle Maximum Availability Architecture10x-30x higher performance for 18,000 concurrent usersversion 4
40SPARC SuperCluster Customers Implementations and Performance ResultsLarge scale SPARC consolidation, Java applications5x consolidation ratio, 4x potentialTCO reduction6.5 million database transactions per dayState Agency,North AmericaReplaced IBM Power systems, DB2 and WebSphere with WebLogicand Database 11gR26x consolidation ratioReplaced IBM Power systems for securities trading19x consolidation ratio2x savings in datacenter infrastructure costsLeading Financial Institution,AsiaState Agency North America (Implemented by Accenture)5x consolidation ratio based on domain reduction- $8M to $2M TCO comparing current environment to SSC. From value navigator based on previous production environment vs. SuperCluster.- 6.5 million DB transactions per day from implementation team directlyChina National Tobacco Company6x consolidation ratio based on them taking 6 web/app/db environments and moving them to SuperCluster (1:6=6x)Leading Financial Customer, Asia19x consolidation ratio. Based on hardware in existing environment (IBM p series, v240s, storage, etc) compared to 1 SuperCluster rack. (1:19=19x)2x savings in datacenter infrastructure costs based on numbers generated by account team. $400k in just floor space, power and cooling over 3 years.Leading Retail Company, North AmericaNumbers provided directly by Macy’s comparing to their Dell / M5k environment.The TIBCO BusinessEvents solution is a new environment for the customer. They have existing TIBCO middle tier software in use for other solutions, at least some of which run on SPARC M5000 systems running Solaris. The John's Creek, GA installation replaces 6 x Dell R700 servers running TIBCO and a M5000 zone running the database.SPARC consolidation, Oracle Database 11gR2 and TIBCO6x performance improvement in loading Oracle Database2x raw I/O throughput improvement running backupLeading Retail Company,North Americaversion 4
41Oracle on Oracle: E-Business Suite (GSI) Application StatsMetrics after FY12Q4 closeMetrics increase in FY12Q465 Billion Rows of Data1,044,966 Customers132,007 Quote Headers201,731 Service Contracts111 Operating Units533,049 Vendors176,613 Shipments507,234 Expense Reports723 Ledgers446,353 Projects797,705 AP Invoices108,629 Purchase Orders11 Languages56.7M Sales Order Lines315,543 Order Headers6,116,639 AR Lines23 years of SLA data (only 8 years SLA data converted during R12 upgrade in Jan2008)122.8M AR Invoice Lines33,262,474 GL Lines7,992 Internal Mfg Jobs1.1B GL LinesField ServicesService Requests 79,061Field Service Tasks 120,043MQF Queries To 19,3702,136,500 Inventory Trans
43Enterprise Performance Built for Next-Decade HardwareDynamic threadsNUMA I/OCrypto accelerationZFS 128 bit block addressesLatency-aware kernel memory allocatorOptimized shared memoryDTraceAdaptable thread and memory placementFully parallel network processingVM 2.010x Networking10x CPU10x Memory10x Data
44Page Requests over 30 seconds New in S11.1: VM 2The PredictorSamplerAnalyzerAction EngineBeforeAfterResults:- 2x faster Database start/stop- 45x improvement in mmap() performancePage Requests over 30 secondsAnalyzer evaluates information and determines action to takeStates: disabled, shortage, deficit, inbounds, surplusAction Engine—up to 8 taskq threads created per mnode
45Oracle Solaris 11 – THE #1 Unix Create as a buildOracle Solaris 11 – THE #1 UnixCreate as a buildAhead of the Scalability CurveSolaris 12201?Solaris 9May 2002721.15Solaris 11November 201164+2048+1024TB DRAMSolaris 10January 200541024256# of ThreadsTimes may vary depending on size of systems to boot.Solaris 11 can update a system very quickly and then Fast Reboot for SPARC an x86 gets the new environment back online quickly.If you don’t like the update boot the previous ZFS boot environment – Fool-proof updates# of Cores45
46Looking Forward: Full Stack Observability Administrator-focused analysisSingle pane of glassSystem performance tuningCapacity planningNotable system eventsHistorical views of performanceIncorporate your application performance metricsNotification: Bad Database Performance!ZFSSASolaris Global ZoneMaps integration of Solaris to SPARC hardware roadmap (and notes our plans to continue to track x86 advances as well, especially as a result of our ongoing work with IntelOracle Database ZoneApplication ZoneApplication Zone
47Looking Forward: Full Stack Observability !Notification: Bad Database PerformanceAnalysis: Rule out ZFSSA. No problems on appliance dashboardObservability EngineAnalysis: Server link to storage is saturatedNotice: New application zone recently startedAnalysis: New zone using 90% of storage bandwidthZFSSASolaris Global ZoneMaps integration of Solaris to SPARC hardware roadmap (and notes our plans to continue to track x86 advances as well, especially as a result of our ongoing work with IntelOracle Database ZoneApplication ZoneApplication ZoneAnalysis: Runaway backup using all bandwidthResolution: Administrator sets bandwidth cap on backup. Issue resolved.
48Future Zones Clouds Unified archive-based deployment ZoneAzonehostrad(1m) daemonZoneGZFS1Unified archive-based deploymentArchive/Restore zones, bare metal, LDOMs, etc.Template-based archive creationIntegrated cloud controlGreater independence between zonesDiffering patch levelsMore agile migrationZFS2Converged FabricZoneAzonehostrad(1m) daemonZoneM
49Looking forward: Software Defined Networking ZoneAzonehostZFS1Engaged in Open Networking FoundationEmbracing OpenFlowApplication driven network traffic priorities across fabricProvide end-to-end SLAsZFS2OpenFlow Control PathNetwork FabricZoneAzonehostZoneM
50Looking Forward: Zero Downtime Security Updates Create as a buildCreate as a buildLooking Forward: Zero Downtime Security UpdatesCreate as a buildNew Security UpdateDependency Checks, patch/update planning# pkg updateImpacted subsystems are briefly quiesced, update installed liveTimes may vary depending on size of systems to boot.Solaris 11 can update a system very quickly and then Fast Reboot for SPARC an x86 gets the new environment back online quickly.If you don’t like the update boot the previous ZFS boot environment – Fool-proof updatesBackup boot environment created, update applied on diskNo application response time impact, Zero downtime.50
51Solaris Roadmap Accelerating The Pace Solaris 12 Solaris 11 Update 9Solaris 10Update 10Solaris 10Update 11Premier SupportExtended SupportMaps integration of Solaris to SPARC hardware roadmap (and notes our plans to continue to track x86 advances as well, especially as a result of our ongoing work with Intel20102011201220132014……M-3M-4M-5M-6T-3T-4T-5T-6