Which Edition of Oracle RDBMS is Right for My Business?

Which Edition of Oracle RDBMS is Right for My Business?

by | May 11, 2020 | Database, licensing, Oracle

Do I really need Oracle Enterprise Edition? Do I need Oracle Enterprise Edition in order to have a standby database? What version of Oracle do I need?  

We get questions like these a lot. Oracle’s editions and features can be a bit overwhelming. This post shares some key information that I hope will make your choice easier.

To keep this post to a manageable length, this post deals only with Oracle Version 12c and Version 19c, and excludes Oracle cloud offerings. A future post will cover those feature sets. 

Oracle Standard Vs. Enterprise

For each version covered below, I took the feature set from Oracle’s licensing documentation and listed those things that are available only in the Enterprise Edition of Oracle, and not in any of the Standard Editions.

But before we look at the specific features available in each version, let’s explore two important categories of features:

Data Guard

One of the more frequently used options in Enterprise Edition is Data Guard. A set of Data Guard features is listed in the first table for each edition below. These are used to implement high availability; that is, having a standby database available that is kept up to date with your primary production database in case your primary database goes down.

If Data Guard related features are the only set of “Enterprise-only” features that you need, then you may still be able to use Oracle’s Standard Edition. Here’s why:

DBvisit Standby, an alternative to Oracle’s Data Guard, provides an active standby database using any version of Oracle. You will still need to license the database software on both the primary and the standby server, but both can be much less expensive Standard Edition licenses. 

Oracle Security

Oracle has a number of important security options. 

The advanced security option is an extra cost option that is only available with Enterprise Edition.  This includes transparent data encryption, data redaction, data masking and subsetting (very helpful for development environments), and other security options. To adequately secure sensitive data at the database level, we advise that you use advanced security, and thus Oracle Enterprise Edition. 

With that said, if you are not using advanced security, and the only Enterprise-only option you need is Data Guard, then we recommend taking a good look at Dbvisit.

Oracle Version 12c Features

Below are the features that are only available in Enterprise Edition for Oracle 12c. If you need anything on this list, then you need Oracle Enterprise Edition. Period! 

Category Feature
Data Warehousing and Business Intelligence Advanced Index Compression
Data Warehousing and Business Intelligence Automatic Data Optimization
Data Warehousing and Business Intelligence Basic Table Compression
Data Warehousing and Business Intelligence Bitmapped index, bitmapped join index, and bitmap plan conversions
Data Warehousing and Business Intelligence Deferred Segment Creation
Data Warehousing and Business Intelligence Exadata Flash Cache Compression
Data Warehousing and Business Intelligence Heat Map
Data Warehousing and Business Intelligence Hybrid Columnar Compression
Data Warehousing and Business Intelligence Hybrid Columnar Compression Row-Level Locking
Data Warehousing and Business Intelligence In-memory Parallel Execution
Data Warehousing and Business Intelligence Oracle Advanced Compression
Data Warehousing and Business Intelligence Oracle OLAP
Data Warehousing and Business Intelligence Oracle Partitioning
Data Warehousing and Business Intelligence Parallel capture and apply via XStream
Data Warehousing and Business Intelligence Parallel Data Pump Export/Import
Data Warehousing and Business Intelligence Parallel index build/scans
Data Warehousing and Business Intelligence Parallel query/DML
Data Warehousing and Business Intelligence Parallel Statement Queuing
Data Warehousing and Business Intelligence Parallel statistics gathering
Data Warehousing and Business Intelligence Prefix Compression (also called Key Compression)
Data Warehousing and Business Intelligence Summary management—Materialized View Query Rewrite
Data Warehousing and Business Intelligence Transportable tablespaces, including cross-platform and full transportable export and import
High Availability Application Continuity
High Availability Automatic Block Repair
High Availability Block change tracking for fast incremental backup
High Availability Block-level media recovery
High Availability Cross-platform Backup and Recovery
High Availability Duplexed backup sets
High Availability Fast-start fault recovery
High Availability Flashback Database
High Availability Flashback Table
High Availability Flashback Transaction
High Availability Flashback Transaction Query
High Availability Global Data Services
High Availability Lost Write Protection
High Availability Online Datafile Move
High Availability Online index rebuild
High Availability Online index-organized table organization
High Availability Online table redefinition
High Availability Oracle Active Data Guard
High Availability Oracle Data Guard—Far Sync Standby
High Availability Oracle Data Guard—Real-Time Cascading Standbys
High Availability Oracle Data Guard—Redo Apply
High Availability Oracle Data Guard—Snapshot Standby
High Availability Oracle Data Guard—SQL Apply
High Availability Parallel backup and recovery
High Availability Recovering tables and table partitions from RMAN backups
High Availability Rolling Upgrade Using Active Data Guard
High Availability Rolling Upgrades—Patch Set, Database, and Operating System
High Availability Tablespace point-in-time recovery
High Availability Transaction Guard
High Availability Trial recovery
High Availability Unused block compression in backups
Integration Advanced Replication
Integration Messaging Gateway
Integration Sharded Queues
Manageability Database Resource Manager
Manageability Oracle Cloud Management Pack for Oracle Database
Manageability Oracle Data Masking and Subsetting Pack
Manageability Oracle Database Lifecycle Management Pack for Oracle Database
Manageability Oracle Diagnostics Pack
Manageability Oracle Fleet Patching and Provisioning

(formerly Rapid Home Provisioning)
Manageability Oracle Real Application Testing
Manageability Oracle Tuning Pack
Manageability SQL Plan Management
Manageability SQL Tuning Sets
Networking Infiniband Support
Networking Network Compression
Networking Oracle Connection Manager
Performance Adaptive Execution Plans
Performance Attribute Clustering
Performance Client Side Query Cache
Performance Concurrent Execution of UNION and UNION ALL Branches
Performance Database Smart Flash Cache
Performance Fault Tolerant In-Memory Column Store
Performance In-Memory Aggregation
Performance In-Memory Column Store
Performance PL/SQL Function Result Cache
Performance Query Results Cache
Performance Support for Oracle Exadata Storage Server Software
Performance TimesTen Application-Tier Database Cache
Performance Zone Maps
Scalability Oracle NoSQL Database Basic Edition
Scalability Quality of Service Management
Security Enterprise User Security
Security Fine-grained Auditing
Security Oracle Advanced Security
Security Oracle Database Vault
Security Oracle Label Security
Security Privilege Analysis
Security Real Application Security
Security Redaction
Security Transparent Sensitive Data Protection
Security Virtual Private Database
Snapshots and Cloning Storage Snapshot Optimization
Spacial Multimaster replication of SDO_GEOMETRY objects
Spacial Parallel spatial index builds
Spacial Partitioned spatial indexes

Now we’ll look at features that are only available in certain versions of Oracle 12c Standard Edition, or that are limited in Standard Edition. The “Notes” column explains the limitations.

Category Feature SE1 SE/SE2 EE Notes
Data Warehousing and Business Intelligence Oracle Machine Learning (formerly Advanced Analytics) N Y N Included with SE2 and EE

Not included with SE1 and SE

OML4R (Oracle R Enterprise) Server is limited to operation on Oracle Linux 6 or higher
High Availability Optimization for Flashback Data Archive N Y N Basic Flashback Data Archive is in all editions. Optimization for Flashback Data Archive requires EE and the Oracle Advanced Compression option.
Integration Basic Replication Y Y N SE/SE1/SE2: read-only, updateable materialized view
Integration Oracle Streams Y Y N SE/SE1/SE2: no capture from redo
Manageability Instance Caging N Y N Included with SE2 and EE

Not included with SE1 and SE
Spacial Oracle Spatial N Y N Included with SE2 and EE

Not included with SE1 and SE
Spacial RDF Graph N Y N Included with SE2 and EE

Not included with SE1 and SE

If you need any of the above features, then you may need Oracle Enterprise Edition, depending on the specifics as listed in the notes.

That’s it!

Your DBA team should be able to tell you if you need/use these Enterprise-only features. 

If you don’t need any of these features, then potentially you can save many thousands of dollars by using the Standard Edition instead. 

Oracle version 19c Features

OK, that’s it for 12c. Oracle 19c is essentially the same but with a somewhat different, more “evolved” set of options. The considerations mentioned above remain valid. 

First, let’s look at the 19c features that definitely require Enterprise Edition:

Category Feature
High Availability Application Continuity
High Availability Oracle Sharding
High Availability Oracle RAC One Node
High Availability Oracle Data Guard—Redo Apply
High Availability Oracle Data Guard—Far Sync Standby
High Availability Oracle Data Guard—SQL Apply
High Availability Oracle Data Guard—Snapshot Standby
High Availability Oracle Data Guard—Real-Time Cascading Standbys
High Availability Oracle Active Data Guard
High Availability Rolling Upgrades—Patch Set, Database, and Operating System
High Availability Rolling Upgrade Using Active Data Guard
High Availability Online index rebuild
High Availability Online table organization
High Availability Online table redefinition
High Availability Duplexed backup sets
High Availability Block change tracking for fast incremental backup
High Availability Unused block compression in backups
High Availability Block-level media recovery
High Availability Lost Write Protection
High Availability Automatic Block Repair
High Availability Parallel backup and recovery
High Availability Tablespace point-in-time recovery
High Availability Trial recovery
High Availability Fast-start fault recovery
High Availability Flashback Table
High Availability Flashback Database
High Availability Flashback Transaction
High Availability Flashback Transaction Query
High Availability Optimization for Flashback Data Archive
High Availability Online Datafile Move
High Availability Transaction Guard
High Availability Cross-platform Backup and Recovery
High Availability Global Data Services
High Availability Recovering tables and table partitions from RMAN backups
Integration Messaging Gateway
Integration Sharded Queues
Manageability Oracle Cloud Management Pack for Oracle Database
Manageability Oracle Data Masking and Subsetting Pack
Manageability Oracle Database Lifecycle Management Pack for Oracle Database
Manageability Oracle Diagnostics Pack
Manageability Oracle Tuning Pack
Manageability Oracle Real Application Testing
Manageability Database Resource Manager
Manageability SQL Tuning Sets
Manageability Oracle Fleet Patching and Provisioning (formerly Rapid Home Provisioning)
Networking Infiniband Support
Networking Oracle Connection Manager
Networking Network Compression
Performance Client Side Query Cache
Performance Query Results Cache
Performance PL/SQL Function Result Cache
Performance Oracle TimesTen Application-Tier Database Cache
Performance Database Smart Flash Cache
Performance Adaptive Execution Plans
Performance Concurrent Execution of UNION and UNION ALL Branches
Performance Oracle Database In-Memory
Performance In-Memory Column Store
Performance In-Memory Aggregation
Performance Attribute Clustering
Scalability Oracle Real Application Clusters (Oracle RAC)
Scalability Oracle NoSQL Database Basic Edition
Security Column-Level Encryption
Security Tablespace Encryption
Security Oracle Advanced Security
Security Oracle Database Vault
Security Oracle Label Security
Security Enterprise User Security
Security Centrally Managed Users
Security Fine-grained Auditing
Security Privilege Analysis
Security Real Application Security
Security Redaction
Security Transparent Sensitive Data Protection
Security Virtual Private Database
Snapshots and Cloning Storage Snapshot Optimization
Spatial and Graph Data Parallel spatial index builds
Spatial and Graph Data Multimaster replication of SDO_GEOMETRY objects
Spatial and Graph Data Partitioned spatial indexes
VLDB, Data Warehousing, and Business Intelligence Oracle Partitioning
VLDB, Data Warehousing, and Business Intelligence Oracle On-Line Analytical Processing (OLAP)
VLDB, Data Warehousing, and Business Intelligence Oracle Advanced Compression
VLDB, Data Warehousing, and Business Intelligence Advanced Index Compression
VLDB, Data Warehousing, and Business Intelligence Prefix Compression (also called Key Compression)
VLDB, Data Warehousing, and Business Intelligence Hybrid Columnar Compression
VLDB, Data Warehousing, and Business Intelligence Hybrid Columnar Compression Row-Level Locking
VLDB, Data Warehousing, and Business Intelligence Heat Map
VLDB, Data Warehousing, and Business Intelligence Automatic Data Optimization
VLDB, Data Warehousing, and Business Intelligence Basic Table Compression
VLDB, Data Warehousing, and Business Intelligence Deferred Segment Creation
VLDB, Data Warehousing, and Business Intelligence Bitmapped index, bitmapped join index, and bitmap plan conversions
VLDB, Data Warehousing, and Business Intelligence Parallel query/DML
VLDB, Data Warehousing, and Business Intelligence Parallel statistics gathering
VLDB, Data Warehousing, and Business Intelligence Parallel index build/scans
VLDB, Data Warehousing, and Business Intelligence Parallel Data Pump Export/Import
VLDB, Data Warehousing, and Business Intelligence In-memory Parallel Execution
VLDB, Data Warehousing, and Business Intelligence Parallel Statement Queuing
VLDB, Data Warehousing, and Business Intelligence Parallel capture and apply via XStream
VLDB, Data Warehousing, and Business Intelligence Transportable tablespaces, including cross-platform and full transportable export and import
VLDB, Data Warehousing, and Business Intelligence Summary management—Materialized View Query Rewrite

If you need any of the above, the you must use Oracle Enterprise Edition 

Now we look at the features that are included in the Oracle 19c Standard edition, but are limited.

Category Feature Notes
Consolidation Oracle Multitenant – # of PDBs The number value in each column indicates the maximum number of pluggable databases (PDBs) that can be created for each offering.

For all offerings, if you are not licensed for Oracle Multitenant, then you may have up to 3 user-created PDBs in a given container database at any time.
Manageability SQL Plan Management SE2: Only one SQL plan baseline per SQL statement is allowed and SQL plan evolution is disabled. Limits on baseline capture methods as well.

The following DBMS_SPM functions and procedures are not allowed: CONFIGURE, LOAD_PLANS_FROM_AWR, LOAD_PLANS_FROM_SQLSET, and all functions and procedures associated with SQL plan evolution.

If you are not using pluggable databases, or if three databases are enough, and if you are not using sophisticated plan management, then you can likely use Standard Edition.

If you know of any other enterprise-only options that are not listed here, or if you think I misstated anything, please comment.  I’d like to hear from you. Also, if you know of other good disaster recovery alternatives, let me know.

If you are not sure about any of this, or you just want to double-check your thought process, leave a comment or give me a call and I will be happy to have a conversation with you about it.

Oracle Active Data Guard Replication Error with Cisco Firewall: Root Cause and Workaround

Oracle Active Data Guard Replication Error with Cisco Firewall: Root Cause and Workaround

by | Apr 22, 2020 | Backup and Recovery, Database, Oracle, Oracle DBA

One of our customers had issues over the past several months with Oracle Active Data Guard replication to a standby server. The database on the standby server would intermittently fall out of sync with the database on the primary server, and log files were not consistently shipping to the standby server. 

Active Data Guard Replication Error

The Oracle database version was 12.2.0.1 running on Oracle Linux 6. The firewall was a Cisco ASA-5585-SSP-40, and the ASA version is 9.6(4)8. 

TNS tracing showed: CORRUPTION DETECTED: In redo blocks starting at block #…

By the time I got involved, the firewall administrators had already implemented all the recommended firewall changes to disable the following:

    •     SQLNet fixup protocol 
    •     Deep Packet Inspection (DPI
    •     SQLNet packet inspection 
    •     SQL Fixup

The following errors were noted in the primary database alert log:

    •     ORA-16055: FAL request rejected 
    •     ARC6: Standby redo logfile selected for thread 2 sequence 33351 for destination LOG_ARCHIVE_DEST_2 
    •     ARC6: Attempting destination LOG_ARCHIVE_DEST_2 network reconnect (12152) 
    •     ARC6: Destination LOG_ARCHIVE_DEST_2 network reconnect abandoned 

The following errors were noted in the standby database alert log:

    •     CORRUPTION DETECTED: In redo blocks starting at block #…
    •     RFS[20]: Possible network disconnect with primary database
    •     Error 1017 received logging on to the standby 
    •     FAL[client, USER]: Error 16191 connecting to…
    •     ORA-16191: Primary log shipping client not logged on standby 

The root cause of the problem turned out to be a bug in the Cisco firewall.  For reasons unknown, when the primary and standby database listeners were using port 1521, the firewall would ignore the settings the admins had implemented for the Oracle Data Guard connections and revert to the default settings. As a workaround, we changed to a different port.

If you are experiencing intermittent or hard-to-diagnose database issues in your environment, contact Buda Consulting.

Database Patch News — February 2020 (Issue 2)

Database Patch News — February 2020 (Issue 2)

by | Feb 19, 2020 | Best Practices, Database Patch News, database patching, Database Security, Oracle, SQL Server

Welcome to Database Patch News, Buda Consulting’s monthly newsletter of current patch information for Oracle and Microsoft SQL Server. Here you’ll find information on available patches—including security patches—and desupported versions made available during the past month.

Why should you care about patching vulnerabilities and bugs? Two big reasons:

  1. Unpatched systems are a top cyber attack target. Patch releases literally advertise vulnerabilities to the hacker community. The longer you wait to patch, the greater your security risk.
  2. Along with running a supported database version, applying the latest patches ensures that you can get support from the vendor in case of an issue. Patching also helps eliminate downtime and lost productivity associated with bugs. 

Here are the latest patch updates for Oracle and SQL Server:Oracle Patches:

19c
DATABASE RELEASE UPDATE 18.9.0.0.0.200114
OJVM RELEASE UPDATE 18.9.0.0.0.200114

18c
DATABASE RELEASE UPDATE 19.6.0.0.0.200114
OJVM RELEASE UPDATE 19.6.0.0.0.200114 

12cR2
DATABASE RELEASE UPDATE 12.2.0.1.200114
OJVM RELEASE UPDATE 12.2.0.1.200114
Regular support ends Mar 2023 and extended support ends Mar 2026

12cR1
DATABASE PATCH SET UPDATE 12.1.0.2.200114
(Extended Support Contract Required)

OJVM PATCH SET UPDATE 12.1.0.2.200114
(Extended Support Contract Required)

The last freely available patch was July 2019 for 12.1.0.2. The Oct 15 2019 Patch Set Update (PSU) is available but may require an extended support purchase to access it. Patches will be released until July 2021 for this version. PSU 12.1.0.2.191015 is available.

11gR4
DATABASE PATCH SET UPDATE 11.2.0.4.200114
(Extended Support Contract Required)
OJVM PATCH SET UPDATE 11.2.0.4.200114
(Extended Support Contract Required)

The last freely available patch was October 2018 for 11.2.0.4. PSU 11.2.0.4.191015 is available but may require clients to purchase extended support to access it.

Oracle Engineered Systems
Oracle Exadata System Software for 18.1.24, 19.2.10 & 19.3.4
Oracle Exadata QFSDP for Jan 2020
Oracle SuperCluster QFSDP for Jan 2020

SQL Server Patches:
SQL Server 2019 – Cumulative Update 1 released on 01/07/2019

SQL Server 2017 – Cumulative Update 18 released on 12/09/2019
SQL Server 2016 Service Pack 2 – Cumulative Update 11 released on 12/09/2019
SQL Server 2016 Service Pack 1 – Cumulative Update 15 released on 07/09/2019
SQL Server 2014 Service Pack 3 – Cumulative Update 4 released on 07/29/2019
SQL Server 2014 Service Pack 2 – Cumulative Update 18 released on 07/29/2019

 

Oracle Data Encryption Options

Oracle Data Encryption Options

by | Nov 21, 2019 | Oracle, Oracle DBA

Oracle offers various authentication and audit features to protect data from unauthorized access. But what about data at rest in operating system files, backups or other storage media?

Protect Oracle Data At Rest With TDE

To protect data at rest, Oracle offers Transparent Data Encryption (TDE). With TDE you can encrypt sensitive data so that it is unreadable if the file it is stored in is exfiltrated or breached.

Data you encrypt with TDE is “transparently” decrypted when it is accessed by authorized users and applications. That is, decryption takes place without users even being aware that data is encrypted. Likewise, applications that process sensitive data can offer data encryption via TDE with little or no code changes.

Why use TDE? It helps ensure that your sensitive data is secure, supports compliance with a wide range of regulations like Sarbanes-Oxley (SOX), HIPAA and PCI, and can simplify your overall encryption/decryption policy and operations.

Another benefit of TDE is that it is pretty fine-grained. You can encrypt data at the column level or the tablespace level. Column-level encryption is perfect for confidential data like social security numbers or credit card numbers that are stored in table columns.

When you encrypt a tablespace, all objects created in that tablespace are encrypted automatically. Tablespace level encryption works well for tables that store sensitive data in multiple columns, or for when you want to protect an entire table and not just individual columns. It’s also handy anytime you want to avoid doing a nitty-gritty analysis of each table column to determine which ones require encryption.

To enable decryption and prevent unauthorized decryption, TDE uses a two-tiered, key-based encryption architecture. It stores encryption keys in a keystore, a hardware or software security module separate from the database. You can centrally (and automatically) manage these keystores using Oracle Key Vault.

To encrypt a tablespace, TDE uses an externally stored master key to encrypt the TDE tablespace encryption key, which is used to encrypt/decrypt tablespace data. For column-level encryption, Oracle transparently accesses a TDE master encryption key to encrypt or decrypt the TDE table key, which then encrypts/decrypts column-level data in the table.

Encryption Best Practices

Of course, your encryption strategy should be integrated with your overall information security program. Best-practice security tips related to encryption include:

      • Start by determining how sensitive the data is. Data that requires the strongest protection can be encrypted using the AES256 algorithm. Conversely, you can encrypt less sensitive data in several ways that offer performance benefits.
      • You also need to determine your approach to keystore protection based on data sensitivity. Options range from auto-login software keystores to hardware keystores. A separate keystore for TDE only is ideal if possible.
      • To limit damage from compromised admin credentials or insider threats, consider assigning separate security admins for TDE and for the database(s).
      • Backup your sensitive data using protected backup procedures.
      • Be aware that column-level encrypted data is decrypted during expression evaluation and could potentially be accessed in the associated on-disk swap file.
      • Also be aware that your Oracle data files could contain plaintext fragments (aka “ghost records” that were deleted logically from the table but still exist physically on-disk. These could potentially be accessed similarly to finding data on-disk after it has been deleted at the operating system level.

For more information on TDE, see the Oracle Advanced Security Guide online.

For expert help and guidance with encryption, backup/recovery, high availability and other business continuity and security concerns, contact Buda Consulting for a security risk assessment—the first step to finding and closing the gaps in your database security.

Database Patch News — February 2020 (Issue 2)

Database Patch News — November 2019 (Issue 1)

by | Oct 29, 2019 | Best Practices, Database Patch News, database patching, Database Security, MySQL, Oracle, Oracle DBA, SQL Server, Uncategorized

Welcome to Database Patch News, Buda Consulting’s monthly newsletter of current patch information for Oracle and Microsoft SQL Server. Here you’ll find information on available patches—including security patches—and desupported versions made available during the past month.

Why should you care about patching vulnerabilities and bugs? Two big reasons:

  1. Unpatched systems are a top cyber attack target. Patch releases literally advertise vulnerabilities to the hacker community. The longer you wait to patch, the greater your security risk.
  2. Along with running a supported database version, applying the latest patches ensures that you can get support from the vendor in case of an issue. Patching also helps eliminate downtime and lost productivity associated with bugs.

Here are the latest patch updates for Oracle and SQL Server:

Oracle Patches:

Oct 15 2019 Quarterly Patch Updates:

19c – Release Update 19.5 available

18c – Release Update 18.8 available

12.2.0.1 – OCT 2019 RELEASE UPDATE 12.2.0.1.191015 available.
Regular support ends Mar 2023 and extended support ends Mar 2026.

12.1.0.2 – Currently in extended support.
The last freely available patch was July 2019 for 12.1.0.2. The Oct 15 2019 Patch Set Update (PSU) is available but may require extended support purchase to access it. Patches will be release until July 2021 for this version. PSU 12.1.0.2.191015 is available.

11.2.0.4 – Entered extended support in December 2017
The last free available patch was October 2018 for 11.2.0.4. PSU 11.2.0.4.191015 is available but may require clients purchase extended support to access it.

SQL Server Patches:
SQL Server 2017 incremental servicing model (ISM)
CU17 (Latest build)—Released October 08, 2019

SQL Server 2016 Service Pack 2
Release date: April 24, 2018

SQL Server 2014 Service Pack 3 Cumulative update 4
Release date: July 29, 2019

SQL Server 2014 Service Pack 2 Cumulative update 18
Release date: July 29, 2019