Managing Oracle Database 19c Users in Active Directory (Part 2 - CMU)

 To integrate with Active Directory we are going to use two database features 

• Kerberos authentication (Part 1),
• Centrally Managed Users (Part 2) 
• (note: Centrally Managed Users is an Enterprise Edition feature).

Centrally Managed Users (Part 2) 

Managing Oracle Database 19c Users in Active Directory (Part 1 - Kerberos)

To integrate with Active Directory we are going to use two database features 

• Kerberos authentication (Part 1),
• Centrally Managed Users (Part 2) 
• (note: Centrally Managed Users is an Enterprise Edition feature)

Kerberos authentication (Part 1)

FORWARD_LISTENER : the offsite listener forwards the connection to the new Oracle listener

 The parameter FORWARD_LISTENER is useful when it is difficult to change an existing client connect string, for example, after an offsite database has been moved into the Oracle Cloud. With the FORWARD_LISTENER parameter, clients can continue to connect to their offsite listener, and the offsite listener forwards the connection to the Oracle Cloud listener. 

Once a forward listener has been configured through the FORWARD_LISTENER parameter, the LOCAL_LISTENER parameter can be cleared by setting its value to "-oracle-none-" so that all the connections coming to an existing set of remote listeners configured through the REMOTE_LISTENER parameter are forwarded only to listeners configured through FORWARD_LISTENER.

The FORWARD_LISTENER parameter can also be specified in the LISTENER_NETWORKS parameter.

Lets play and test it, information of the environment

PDB relocate using "AVAILABILITY MAX" clause

A PDB relocation executes an online block level copy of the source PDB data files, redo, and undo while the source PDB is open with active sessions. When the target PDB comes online because of an ALTER PLUGGABLE DATABASE OPEN statement, Oracle Database terminates the active sessions and closes the source PDB. 

The AVAILABILITY MAX clause in CREATE PLUGGABLE DATABASE ... RELOCATE implicitly instructs the SQL*Net layer to reconfigure the original listener. This situation may be common when relocating a PDB between data centers. This configuration is intended to be temporary while the Oracle Internet Directory (OID) or LDAP server is updated or the client connections are modified.

Overview image Relocate PDB

Dynamic CPU Scaling in Oracle Database

Dynamic CPU Scaling in Oracle Database 

Prior to this new feature, DBAs had to allocate resources for peak loads to a database to ensure scale up was possible, and to ensure needed resources weren’t taken by other applications, commonly known as "Noisy Neighbors".

Oracle offers the ability to configure "shares" and "limits" for each Pluggable Database within a Container Database.

Stop Hardcoding your TDE keystore-password

When you encrypt your databases, you will often end up needing the keystore password to perform certain operations. For instance, cloning an encrypted PDB will require the keystore password:

CREATE PLUGGABLE DATABASE ... KEYSTORE IDENTIFIED BY S3cr3t;

DBCA - useWalletForDBCredentials 19c

You can use Oracle wallet as a secure external password store for authenticating database users in DBCA silent mode commands. Oracle wallet is a secure software container external to Oracle Database, which can be used to store authentication credentials of Oracle Database users.
The configuration of the Oracle wallet as a secure external password store will be done by the mkstore command-line utility.

Database User Authentication in DBCA Commands Using Oracle Wallet

• useWalletForDBCredentials
  Specify true to use Oracle wallet for database user authentication, else specify false.
  Default is false.
• dbCredentialsWalletLocation
  Directory in which the Oracle wallet files are stored
• (Optional) dbCredentialsWalletPasswordPassword for the Oracle wallet account user. If the Oracle wallet is auto-login enabled, then you need not specify this password