Wednesday, September 23, 2020

Upcoming End date of OVM Premier Support. It is time to consider KVM + OLVM (especially for the new projects)

This is for the ones who is considering a virtualization solution for new projects.

Especially for the ones considering Oracle Virtıalization... 

Usually when we say Oracle virtualization, we mean Oracle VM Server, but actually that was in the past. Now we have an alternative to OVM..  It is KVM (Kernel Based Virtual Machine).

KVM is actually an open source virtualization technology that turns Linux into a hypervisor. 

I firstly used this KVM in ODA X7-2 S and M environments. At that time, we had some limitations though.. For instance, there were no capacity-on-demand option for databases and application that are running on Guest KVM Machines.

However; now we have the cpu pinning/ hard partitioning / capacity-on-demand option in KVM!

Note that,  using hard partitioning to limit Oracle product software licensing still adds some restrictions such as live migration and scheduling policies available on Oracle Linux Virtualization Manager.


If you want to check out some of my advantures on ODA and KVM, you can read the blogposts pointed by the following urls.  :)

Also note that, Oracle Linux KVM is the same hypervisor used in Oracle Cloud. You can read the related  article in the following url to get more info : https://www.oracle.com/a/ocom/docs/olvm-datasheet-nov2019.pdf

At the moment, KVM has a support contract advantage too.. KVM is offered under Oracle Linux Virtualization Manager (OLVM). Note that OLVM is the virtualization management platform that can be easily deployed to configure, monitor, and manage KVM environments.

So, KVM is offered under Oracle Linux Premier limited support.  So no need to purchase support for the virtual layer seperately.. 

Another thing that motivates us to prefer KVM is the upcoming end date of OVM premier support.
As per Lifetime Support Policy document; Oracle VM Premier Support period will end in March, 2021. Therefore, the users of OVM would need to buy additional extended support. 

As I mentioned, alternative to OVM is KVM, offered under Oracle Linux Virtualization Manager (OLVM). 

Here is the key benefits of using KVM and OLVM -> 
  • Complete server virtualization and management solution with zero license cost
  • Single software distribution for Oracle Linux OS or Oracle Linux KVM 
  • Speeds application deployment with Oracle Virtual Appliances
  • Ksplice integration to patch kernel, QEMU, and user space libraries with no service interruption
  • Hard Partitioning support enables efficient Oracle application software licensing
  • Full Stack Management with Oracle Enterprise Manager
  • Path to Oracle Cloud Infrastructure with a common hypervisor
So, we advise our customers to use KVM which is offered under Oracle Linux Premier limited support, especially for their new virtualization projects. This is the purpose of this blog post actually. Final decision is still yours :)

Wednesday, September 16, 2020

RDBMS / ASM / Exadata - "Smart Rebalance" / Seems like the %15 free space rule (or %9 free space rule) is becoming history

Yesterday, I published a blog post about the %15 rule. I shared my thoughts on %15 free size rule, which states that, in order to be in the safe side in case of a cell/or disk failure in Exadata/ASM environments, we need to have some free space in the relevant diskgroups. This actually guarantees the rebalance, which should be done after a disk or cell failure, to be succesful. The rule states that, at least %15 of a diskgroup should be free. 

I found this magic number, or let's say this magic percentage (%15) a little interesting and felt the need to write a publish a blog post about it.

You can access that blog post via the url below;
http://ermanarslan.blogspot.com/2020/09/asm-grid-my-thougths-on-15-free-disk.html

Yestarday night, I was still curious and checking the documents to learn something new about this subject and I finally found the thing I was looking for. That was exactly what was expected. "Smart Rebalance"

Smart rebalance used with Oracle ASM which eliminates the need for free space for Grid Infrastructure 19c and Higher using high redundancy diskgroups.

In other words;  no need for free space!   If there is not enough space to rebalance at the time of failure, offline the disk! Upon replacement, efficiently repopulate it from partner disks automatically! 
This eliminates the need to reserve free space for rebalance when using high redundancy. It provides  seamless repair without the risk of out of space errors..

Currently there is no internal info about it, but you may visit the following the url to see  Exadata MAA slides.. Slide 58 introduces the smart rebalance and shows the dissaperance of %15 rule gradually :)


I will give you more information on this topic when I have a little more detail.

Tuesday, September 15, 2020

EBS - Attention ! Workflow mailer & oAuTH2.0 and office365 - Microsoft / End of Support for Basic Auth - "Deadline has been pushed to the second half of 2021"

Thanks to the community in my forum (Erman Arslan's Oracle Forum), we realized something important and fortuneatly, it is still not to late to report this!

Thanks Laurel for pointing it out in the following thread :) -> 


First, Microsoft announced, that they will stop supporting Basic Authentication for Exchange online on October 13, 2020.  EAS, POP and IMAP..

But then, they changed the deadline .. That is, the Basic Auth is "not" going to be disabled on October 13, 2020. Due to the COVID... That deadline has been pushed to the second half of 2021
So, it seems we still have time. Good news, right? :)


Microsoft says: In response to the COVID-19 crisis and knowing that priorities have changed for many of our customers we have decided to postpone disabling Basic Authentication in Exchange Online for those tenants still actively using it until the second half of 2021. We will provide a more precise date when we have a better understanding of the impact of the situation.

Anyways, when that time will come, workflow Mailer IMAP with Office 365 basic authentication will not be supported and probably it will just not work.(Basic authentication will be turned off)

EBS customers will have to use OAuth 2.0 token based authentication for IMAP.

So, EBS customers who are using Workflow mailer with office365 may be in trouble , and I think Microsoft is ready for this -> 

https://developer.microsoft.com/en-us/outlook/blogs/announcing-oauth-2-0-support-for-imap-smtp-client-protocols-in-exchange-online

They say : We’re announcing the availability of OAuth 2.0 authentication for IMAP, SMTP AUTH protocols to Exchange Online mailboxes. If you have an existing application that reads or sends email using one or more of these two protocols, the new OAuth authentication method will enable you to implement secure, modern authentication experiences for your users. This functionality is built on top of Microsoft Identity platform (v2.0) and supports access to email of Microsoft 365 (formerly Office 365) users.

Oracle address this situation by the following document ;

EBS Workflow Mailer Configuration with OAuth 2.0 Token-Based Authentication for Cloud-Based Email Services (Gmail, Yahoo, Office365, etc) (Doc ID 2650084.1)
Note that, this document is not up-to-date...

We have also a bug record, an Enhancement Request for it. 
Bug 30505419 : WORKFLOW MAILER SUPPORT OF OAUTH2 - GENERIC PLATFORMS

Unlike the document, the enhancement requests seems up-to-date. Oracle seems working on this subject as I see some recent updates on the bug record;

*** 09/11/20 08:45 am ***
*** 09/11/20 09:18 am RESPONSE ***

The Enhancement Request is in Internal Review status, meaning not approved nor denied.
However, currently we have no ETA for this. 

In any case, I think the solution/patch will be for EBS 12.2.x.. So, I think, upgrading to the latest version (12.2.10)  should not be a must.

But still, you need to design and implement your backup solution, because the ATG fix may not be ready until the second half of 2021.. ( Actually, I think there is enough time to deliver the fix, but still we need to be prepared)  
Especially EBS 12.1.3 customers should be careful and ready. 12.1.3 is also subject to restriction on new patches starting Dec 1, 2021 and a solution for 12.1.3 cannot be guaranteed until the final solution for EBS 12.2 connecting to Office365 will be developed.

In order to be in the safe side, customer should just create a local mail server, test it and be ready for activating it on the second half of 2021.. (just in case)

I will continue to follow this subject and keep you updated.

ASM / GRID -- My Thougths on %15 free size rule --- rebalance, imbalance, calculations, bugs and all that

The rule states that, in order to be in the safe side in case of a cell/or disk failure in Exadata/ASM environments, we need to have some free space in the relevant diskgroups. This actually guarantees the rebalance, which should be done after a disk or cell failure, to be succesful. The rule states that, at least %15 of a diskgroup should be free.

Well, I found this magic number, or let's say this magic percentage (%15) a little interesting and that's why I want to share my thoughths on this with you.

Normally, we have a metric named USABLE_FILE_MB as you may already know. It may depend on the version but, normally this metric gives us the safe allocatable size considering a case of a disk failure.. In the old versions, this was reporting the safe allocatable size, a value which can be taken as a reference for being safe even in a cell failure.

In simple logic, we can say that; we have no risks, ofcourse if the USABLE_FILE_MB has a positive value and if we think it will stay positive even when we consider potential new future allocations.

Moreover, USABLE_FILE_MB is derived by considering the REQUIRED_MIRROR_FREE_MB, which is the required size for a rebalance operation to complete in the worst case scenario.

The formulas are as follows;

Normal Redundancy
USABLE_FILE_MB = (FREE_MB – REQUIRED_MIRROR_FREE_MB) / 2

High Redundancy
USABLE_FILE_MB = (FREE_MB – REQUIRED_MIRROR_FREE_MB) / 3

If USABLE_FILE_MB is a negative value, then we can directly say that the normal redundancy environments are in danger, but in any case we can still check FREE_MB. If the value that we see in FREE_MB is bigger than the disk size (if the disk sizes are equal.. If they are not equal, then FREE_MB should be bigger than the largest disk size), we can still rebalance in case of a disk failure. 

So far so good. These are all related with disk failures. (as I mentioned earlier, we need to check the version and conclude what the USABLE_FILE_MB reports to us.. Usable file mb even in the case of a disk failure or Usable file mb even in the case of a cell failure)

Of course, if we lose a cell and if the USABLE_FILE_MB considers only the disk failures, the situation is different. We need to multiple the USABLE_FILE_MB with the count of disks in the cell.

It is independent from the redundancy being normal or high; for instance , if the USABLE_FILE_MB is 10 and it reporting us the usable file mb in the case of disk failures and if we have 12 disks in a cell, then we have to  multiply that value 10 with 12. This makes 120 and that 's minimum usable file mb that we need to see in USABLE_FILE_MB in order to be safe even in  a case of a cell failure.

At this point and in this context, following article of Emre Baransel might be nice for reading.

https://www.doag.org/formes/pubfiles/8587254/2016-INF-Emre_Baransel-A_Deep_Dive_into_ASM_Redundancy_in_Exadata-Manuskript.pdf 

Until here, if you notice, I have never mentioned the 15% rule.  So I have explained  the subject ignoring this rule, but actually this rule must not be ignored.

Now it is time to explain that rule:)

Well, we first revisit the MOS note named, "Understanding ASM Capacity and Reservation of Free Space in Exadata (Doc ID 1551288.1)".

In MOS note, we have a script that calculates the reserve space and capacity for the disk failure coverage and it has a reserve factor of 0.15 and that's where the %15 rule comes in..

When we examine the script, we can say that, it directly multiplies the raw total disk size by %15 and then, it substract that value from the raw total disk size.

In my opinion, it shouldn't be that way.. I mean, there shouldn't be a %15 rule and I think this subject is a little buggy.

Note that, at the moment;  we need to consider the %15 rule and we must follow it!

Anways; if we reserve %15 of space , are we safe ? Well, probably.. But, the following bug says that, even if we have %15 reserve space ,we still may have problem during rebalance..

Bug 21083850  ORA-15041 during rebalance despite having free space -> Bug 21083850 - ORA-15041 during rebalance despite having free space (Doc ID 21083850.8)

The cause of this bug is probably the imbalance during rebalance -> 

When a disk is force dropped, its partners lose a partner.
As a result, the partners of its partners get more extents relocated to them, causing an imbalance.
This imbalance results in the ORA-15041, because some disks run out of space faster than others.

In the document above, we see a patch is addressed. However, in another Oracle script, we see a comment like the following -> "Use the new 15% of DG size rule for single disk failure, regardless of redundancy type (Bug 21083850)" 

This makes me think that this subject is buggy :) The %15 rule is there not only to address that specific bug, but it is there due to other bugs as well.  In my opinion, these kinds of rules are there because of other problems.. In this specific case, probably because of imbalance, or let's say it is probably due to the ASM extents not being distributed properly.

Normally, when we lose a disk, ASM will distribute the mirror extents of that failing/lost disk to the other disks that are available on the relevant diskgroup (ofcourse, according to the redundancy type).. That comes from the logic of disk mirroring. However, probably, ASM distributes these extents not evenly and overloads some discs in some cases and that's where we get ORA-15041.

This situation can also be explained by ; having those disks already overloaded even before the rebalance.. So as you may guess, if ASM uses them aggressively during the rebalance they get full and the rebalance code returns an error.

Ofcouse, imbalance  may be normal in some cases.. For instance when we have fail groups .. 

That is; when we have a fail group configuration, ASM will have a more difficult job during the rebalance.. I mean, when we have fail groups; ASM will have less choices for distributing the mirror extents when a disk is dropped.. Still, I don't think that these kinds of causes should not be enough to reveal such a  rule (%15 rule)

Well, these are my thought on this subject... Please feel free to comment and correct me if I'm wrong. Please share your thoughts on this subjects by commenting to this blog post.

Sunday, September 6, 2020

ACE Virtual Happy Hour - The Great Gathering

A Virtual Happy Hour. An ACE get-together. 111 ACEs & Oracle members in call.  Thanks to Jennifer Nicholson and Oracle Ace Program for organizing this. Being an Oracle ACE has always been an honor for me, and as I see these valuable people who are experts in their fields together, my curiosity for new technologies, my passion for Oracle and my motivation for research continue to increase even today. 
PS: Ace video and song was great :) It's a good memory.


Friday, September 4, 2020

OBIEE - SSO -- Integrating with a third party login with AD authentication / passing user and pass in URL

Implementing SSO or Windows Native authentication in OBIE is something we do frequently.

Basically, we integrate OBIEE with Microsoft Active Directory and obtain centralized password management. 

This is also more secure and easy for the users.. They don't have to remember or manage their OBIEE usernames and passwords as they already have more important usernames and passwords, I mean their domain users and passwords. 

This gain we make by implementing SSO is actually in convenience, manageability and security. This benefit or gain is provided by all types of SSO configurations. In single password implementations, users login with their domain usernames and passwords. In windows native authentication, they don't even login as we get the credentials (or lets say the auth info) from the client OS on the fly in the backend transparently to the user :) It's been a long sentence :)

Anways, this is what we do in OBIEE and even in EBS envirıonments. In EBS, we use OID and OAM as well. (Things get complicated there but that 's true :)

So I guess all of us are familiar with this single sign-on (single password or no password)  concepts already. 

However; what I want to share in this blog post is something, which is a little different than a standard configuration.. A scenario, a real life story, a workaround; you name it :)

That is, suppose your customer wants your OBIEE to authenticate the users with AD usernames and passwords but suppose the customer has a custom web page which is in front of the OBIEE and the customer wants to get the usernames and passwords through that custom web page. The custom web page must authenticate the users and then redirect to OBIEE..

So what we do?

Well, we implement SSO in OBIEE side. This is what we need to do in the first place. 

Then we make our OBIEE to get the user and pass through the OBIEE url. (on-the-fly login using url arguments).. Note that this is the simplest way of doing this work.. Ofcouse, customer's ability to post the usernames and passwords using any other method than this one, will make us change/improve the design of this login flow.

At this point, we pay attention to the following;

"12.2.1.3 LightWeightSSO is ON by default and NQPwd/User wont work." 

This means, the news versions of OBIEE won't let you in with the usernames and passwords supplied through the url.

So, what we do? 

If that is a must.. I mean if the page can't post the username and password information to OBIEE using any other method than the url method, then we disable the LightWeightSSO. 

In other words; If we must use the NQUser and NQPassword login url parameters, we must disable lightweight SSO using the WLST disableSingleSignOn command. 

The following document will help us for that;

OBIEE 12c: Using NQUser and NQPassword in URL, Fails to Login When Single Sign-On (S
SO) or Lightweight SSO (LWSSO) Is Enabled (Doc ID 2316810.1)

Once we configure our OBIEE side, we tell the customer to make the necessary modifications in the custom webpage to make it pass the username and password information to OBIEE during the login process. That is it..

We reached our goal.. Clients will use the custom web page to enter their AD/domain usernames and passwords and then the custom web page will make OBIEE to authenticate it in the backend and the clients will see his/or her BI dashboards without authenticating again.

Before finishing, 2 important reminders ->

Don't forget to implement a full path SSL for the HTTPS communication.
Consider implementing  LDAPS for the ldap traffic between OBIEE and AD.

This is the story of the day :) I hope you will find it useful.