My first session on Wednesday was Privileged Database User Best Practices. A new feature in (for the life of me I can't remember if the presenter said OEM 12c or DB 12c) is the ability perform privilege analysis. Over a period of time privilege information is captured and afterwards a report shows which privileges were used, unused and how the user obtained the privileges.
This provides the DBA with the ability to easily identify and remove unused privileges which ensures that database users have the least amount of privileges required. How often are we confronted with developers who don't know what privileges they need and request full access? Especially if they need to troubleshoot a production issue. It happens to me almost weekly.
However, if you don't leave the capture process on long enough, information will be missing. So its hard to say how useful this feature may be.
The second session I attended was on DaaS, Database as a Service. I don't work for a service provider but this feature may be nice to help out developers. Our developers like to get their hands dirty and end up installing full stacks on their desktops. Maybe we can use DaaS to help them get a database up and running quickly for proof of concepts, etc. Its was a good session and I plan on investigating further.
Another good session was Tips and Tricks for Hardening Fusion Middleware. There doesn't seem to be alot of this type of information around so it was very useful to hear how other administrators are securing their environments. Alot of the features they discussed tho were behind the firewall. For example, we use SSL but it terminates at the load balancer. Some of the features they talked about were using connection filters for WebLogic at the network layer, securing everything with SSL, using secureListener with node manager, separating admin traffic for your domains, etc.
I realize that statistically a large number of attacks occur internally. Some figures estimate as high as 60%. Even with this figure I have had a hard time persuading architects to implement more secure configurations. They say that these configurations unnecessarily make the environment more complex, which makes it harder to develop and troubleshoot. Have you dealt with this before, were you successful in implementing additional security layers?
Finally I attended a session which I had hoped would help with promoting changes within a Fusion Middleware environment. The session was titled Oracle Fusion Middleware Test-to-Production Movement: Best Practices and Strategy. This process is documented in the Fusion Middleware Administrators Guide, http://docs.oracle.com/cd/E28271_01/core.1111/e10105/clone.htm. The T2P process (test-to-production) allows you to create a new FMW environment from an existing one. Config settings, customizations and patches are included, transactional data isn't.
It doesn't seem to be suited to what I need, which is help moving changes from test to an existing production environment. Currently to implement a change in production we follow the same steps as test. However, this is a manual process and is prone to user error.
Cloning (taking a copy of the software, configuration and data) will be addressed in 12c. With e-Business suite we clone dev and test from prod at the beginning of each release cycle so that we can be sure all the environments are identical. I'm looking forward to this feature in FMW 12c as its very easy for environments to become out of sync.
After a quick stop back at the hotel we headed out to the appreciation event on Treasure Island. The first few days we were here San Francisco experienced unusually high temperatures. Unfortunately it ended on Wednesday. Even with a long sleeved shirt, hoodie and jacket I was on the borderline of being uncomfortable. I am not sure how all the people who showed up in t-shirts and short skirts survived. I am a big fan of Pearl Jam and was looking forward to seeing them. However, I was disappointed by the sound quality. I'm not sure if the wind was a factor but the music sounded very distorted. I don't recall noticing this at previous events. I still had a great time tho and it was nice to relax and listen to great music.