Monday, August 1, 2011

Parallel Query Option in Oracle


The Parallel Query Option is a mechanism that allows a large query to be split up (transparently to the end-user) into a number of smaller queries that can all be run simultaneously.

The separate sections of the query are operated by processes that can run virtually independently of each other, so that under suitable conditions the performance of the base query can scale almost linearly with the requested degree of parallelism.

The Parallel Query Option (PQO) should not be confused with the Oracle Parallel Server (OPS) which allows multiple instances of Oracle (usually running on a number of separate machines) to address a single set of database files and uses a high-speed ‘distributed lock manager’ to synchronise the ownership of blocks and locks across the separate SGAs.  Parallel Query Option does work on Oracle Parallel Server, but for the rest of this article I shall assume that we are running only a single instance.

Parallel Query Option: the purpose  :  The Parallel Query Option is based on the premises that: 
  • Disc is very much slower than CPU
  • Seek time is much larger than read time
  • An inefficient job that ‘wastes’ CPU may give better overall response time than an efficient job that leaves the CPU idle most of the time.
As a simple example, this means that a very large tablescan can produce results more quickly than even a good indexed access path if:
  •  the table is split over many discs
  •  different discs can be accessed in parallel with minimal contention
  • there are multiple CPUs in use so that there is no contention for CPU (although PQO can help even on single CPU systems).

  For example : 
   SQL> select count(*) from BIGT  where COLX = 99;

The above statement would be split down internally into a number of separately executed queries of the form:

AQL> select /*+ rowid(A1) PIV_SSF */ count(*)
from “BIGT” A1
where ROWID between :1 and :2
and COLX = 99;

The predicate
ROWID between :1 and :2
combined with the hint:
/*+ rowid (alias) */
is the real key to the operation of the PQO.  The predicate and hint ensure that the query operates only on a selected set of contiguous blocks from the table

Since it is possible to restrict a query to a range of blocks, Oracle need only determine that different blocks can be found on different devices to be able to run multiple copies of the query in parallel in such a way that they don’t interfere with each other;  and this separation of I/O is how a near linear performance gain can be achieved by PQO.

Clearly, the PQO is of most benefit when planning fairly large database systems (since these are the ones likely to have a significant number of discs and CPUs).  As a very rough guideline, I probably wouldn’t ‘design for PQO’ on a database of less than 25 GB. 

Implementing PQO:
There are three main steps to using PQO.  First, make sure that it is linked into our Oracle server (this usually happens by default);  second, set up the init.ora to allow for parallel query slaves and to control the side-effects of parallel query slaves;  third change the definitions of tables, views, or application SQL statements to allow the optimiser to invoke parallelism.

Init.ora Parameters
To use PQO, we need to have a number of ‘floating’ processes available in the system that can be called by our normal shadow process (dedicated server). These processes, called the ‘parallel query slaves’  will have names like ora_p000_{SID}, and we can have up to 256 of them.

The parameter parallel_min_servers specifies the number of such processes that we want permanently running and waiting for calls.  Since such processes take up machine resources we may want to keep this number low for normal running:  if we set  parallel_max_servers  Oracle will then spawn further processes on demand up to this limit.  One odd feature of dynamically spawned processes, however, is that they are owned at the O/S level by the user running the session’s shadow process, and not by any special ‘Oracle id.

To ensure that the dynamically spawned processes die when they are no longer needed, we  can set
parallel_server_idle_time to the number of minutes  a process is allowed to be idle before it dies.

Once we have the capability of running parallel queries, there are two other parameters which we should consider.  These relate to the way the system performance will degrade as the load increases.

Consider the problem of a query that takes 3 minutes to complete when running with a degree of parallelism of 15.  What happens if the database is so busy that no parallel slaves are free when someone starts the query.  Is it acceptable for the query to run serially and take 45 minutes, or should it simply die with a warning message ?

Set parallel_min_percent to a number between 0 and 100, and if Oracle is unable to get that percentage of the demanded degree of parallelism  it returns an error (ORA-12827 insufficient parallel query slaves available).  For example, we want a tablescan at degree 6.  We have parallel_min_percent set to 50.  If the query can run at least at degree 3 with the current number of slaves available it will run, but it there are insufficient slaves available for running at degree 3 the error is raised.

Associated with this parameter is optimizer_percent_parallel which affects the assumptions that the optimiser makes about the degree of parallelism at which a query is expected to run. 

Imagine a query which works best at a high degree of parallelism (20 say) by using hash-joins, but gives an acceptable performance at a lower level of parallelism (5 to 15 say) by switching to nested loops.  If the optimiser decides that the default degree of the query is 20, then it will always generate the hashing path, even when the system is busy and there are not enough free slaves around to run the query at degree 20.  Setting this parameter to a number between 0 and 100, however, tells the optimiser to reduce the assumed degree of parallelism - setting it to 50 in our example would make the optimiser choose the path that was appropriate to degree 10, hence taking the nested loop path.

Just for the record, I have only found a few extreme examples where a change in the value of this parameter has affected the path, and even then the actual performance effect was not hugely significant.  It is worth noting that the option exists though, as there are likely to be some types of application where it can be used to flatten out response times.

Both these parameters can be set at the session level using:

    SQL> alter session set parm = nnn;

which is very convenient both for testing and in production running.

Invoking PQO
After setting our parameters and restarting our database, what makes it happen ?

The first possibility is to give a table an explicit (or implicit) degree of parallelism:

alter table PX parallel (degree 4);
alter table PX parallel (degree default)

Whenever a query involves this table, the optimiser will try to find a path that uses parallel techniques on the table. 
Two points that are specific to 7.3.2:
First, the Cost Based Optimiser will always take over in queries where there are parallel tables available even if the current optimiser goal is Rule.  Second, the default keyword translates into ‘the smaller of the number of CPUs and the number of devices across which the table appears to be spread’. 

The second possibility for introducing parallelism into a query is to put an explicit hint into it:

SQL> select /*+ parallel (px, 4)*/
count(*) from PX;

SQL> select /*+ parallel (px, default) */
count(*) from PX;

The third option is to define views which contain hints, so that application code does not have to worry about degrees of parallelism,

create or replace view big_px as
SQL> select
/*+
    parallel (px1, 4)
    parallel (px2, 6)
*/
from px1, px2
where
px1.id = px2.x_id ;

An interesting, and possibly irritating, feature of the view definition above is the question of what happens when there are several parallel tables in a query.

In general it is not possible to predict the degree of parallelism that such a query will use, as it depends on the usage, the driving table, and the join paths used.  In the view above I could only say that, if no other parallel tables are introduced, the final query will run with degree 1, 4 or 6.

How Many Slaves:
So far in this article I have repeatedly used the expression ‘degree of parallelism’ and avoided saying anything explicitly about the number of parallel slave processes involved in a parallel query.

It is now time to come clean, and admit that the degree and the number of slaves are not always the same.  Specifically, a query of degree N may take 2N slaves.  Basically this is to handle sorting. 

Consider a query like:

SQL> select /*+ parallel (fa,3) */
prod_id, count(*)
from fa
group by prod_id ;

When the PQO cuts in, the degree (3)  specifies the number of slaves to be used to scan the table.   By looking at the other and other_tag columns of the 7.3 Explain Plan utility, it is possible to determine that each slave will perform the required aggregation on each subset of the table that it is required to scan.  The partial results are then shared out to another set of 3 slaves using some form of hashing algorithm to achieve a complete and even share.  Each slave in this second set sorts and aggregates the results it has received before forwarding them to the normal shadow process (which is given the title ‘query co-ordinator’.  

There are four things we can infer :

1) If we fire off a query that involves sorting, then half the slaves will be I/O intensive as they read the disc, and the others will be CPU intensive in brief bursts and quiet the rest of the time.

2) There will be large demands on memory as every slave will require its own sort_area_size, as will the normal shadow.

3) There must be some memory used up in the ‘n-squared’ lines of communication going on between the two layers of slaves:  this is actually in the SGA, and a guideline I have seen suggests an addition to the SGA of:
 parallel_max_servers * (largest degree used + 2) * 3K

4) If we have a query that returns a lot of rows, then the ultimate bottleneck on response may be the link between the normal shadow and the front-end, which is often the only serialised part of the process.  This is a good reason for not using PQO through the multi-threaded server.

One interesting little point that is not obvious is that we cannot rely on a group by to do an implicit order by.  In the example, slave p000 may return results about prod_ids 1,4,7,11 whilst slave p001 returns results about prod_ids 2,5,8,12:  unless the query does an explicit order, the result set returned to SQL*Plus will be in the order 1,4,7,11,2,5,8,12. etc

Conclusion:
The parallel query option is in principle a very simple concept which in practice means reviewing the assumptions we may have made about optimising Oracle over the last few years since it relies very much on a huge amount of table-scanning.

The main benefit of the PQO is in large databases, where a significant number of disks is available for spreading I/O;  but behind this it also requires lots of memory and multiple CPUs.


Enjoy  :-) 

Friday, July 29, 2011

Flashback Architecture In Oracle

Oracle Flashback Technology  is  a  group  of  Oracle  Database  features  that  let  us  view  past states  of  database  objects or  to  return  database  objects  to  a  previous  state  without  using point-in-time media  recovery. Flashback Database  is  a  part  of  the  backup &  recovery  enhancements  in  Oracle  10g Database that are called Flashback Features .                           

Flashback Database enables us to wind our entire database backward in time, reversing the effects of unwanted database changes within a given time window. The effects are similar to database point-in-time recovery.  It is similar to conventional point in time recovery in its effects, allowing us to return a database to its state at a time in the recent past.

Flashback Database can be used to reverse most unwanted changes to a database, as long as the datafiles are intact.  Oracle Flashback Database lets us quickly recover an Oracle database to a previous time to correct problems caused by logical data corruptions or user errors.

What are the Benefits?
According to many studies and reports, Human Error accounts for 30-35% of data loss episodes. This makes Human Errors one of the biggest single causes of downtime.  With Flashback Database feature Oracle is trying to fight against user and operator errors in an extremely fast and effective way. 

In most cases, a disastrous logical failure caused by human error can be solved by performing a Database Point-in-Time Recovery (DBPITR). Before 10g the only way to do a DBPITR was incomplete media recovery. Media Recovery is a slow and time-consuming process that can take a lot of hours. On the other side, by using of Flashback Database a DBPITR can be done in an extremely fast way: 25 to 105 times faster than usual incomplete media recovery and in result it can minimize the downtime significantly.

Flashback Database provides :
  • Very effective way to recover from complex human errors.
  • Faster database point-in-time recovery.
  • Simplified management and administration .
  • Little performance overhead .
  • It provides a lot of benefits and almost no disadvantages.
The Flashback Database is not just our database “rewind” button. It is a “Time Machine” for our Database data that is one single command away from us.


The Flashback Database Architecture : 
Flashback Database uses its own type of log files, called Flashback Database Log Files. To support this mechanism, Oracle uses new background process called RVWR (Recovery Writer) and a new buffer in the SGA,  called Flashback Buffer.  The Oracle database periodically logs before images of data blocks in the flashback buffer. The flashback buffer records images of all changed data blocks in the database. This means that every time a data block in the database is altered, the database writes a before image of this block to the flashback buffer. This before image can be used to reconstruct a datafile to the current point of time.


The maximum allowed memory for the flashback buffer is 16 MB. We don’t have direct control on its size. The flashback buffer size depends on the size of the current redo log buffer that is controlled by Oracle. Starting at 10g R2, the log buffer size cannot be controlled manually by setting the initialization parameter LOG_BUFFER.



In 10G R2, Oracle combines fixed SGA area and redo buffer together. If there is a free space after Oracle puts the combined buffers into a granule, that space is added to the redo buffer. The sizing of the redo log buffer is fully controlled by Oracle. According to SGA and its atomic sizing by granules, Oracle will calculate automatically the size of the log buffer depending of the current granule size. For smaller SGA size and 4 MB granules, it is possible redo log buffer size + fixed SGA size to be multiple of the granule size. For SGAs bigger than 128 MB, the granule size is 16 MB. We can see current size of the redo log buffer, fixed SGA and granule by querying the V$SGAINFO view , and can query the V$SGASTAT view to display detailed information on the SGA and its structures.
To find current size of the flashback buffer, we can use the following query:
SQL> SELECT * FROM v$sgastat WHERE NAME = 'flashback generation buff';


There is no official information from Oracle that confirms the relation between 'flashback generation buff' structure in SGA and the real flashback buffer structure. This is only a suggestion. A similar message message is written to the alertSID.log file during opening of the database .   
Allocated 3981204 bytes in shared pool for flashback generation buffer Starting background process RVWR RVWR started with pid=16, OS id=5392 . 

RVWR writes periodically flashback buffer contents to flashback database logs. It is an asynchronous process and we don’t have control over it. All available sources are saying that RVWR writes periodically to flashback logs. The explanation for this behavior is that Oracle is trying to reduce the I/O and CPU overhead that can be an issue in many production environments.


Flashback log files can be created only under the Flash Recovery Area (that must be configured before enabling the Flashback Database functionality). RVWR creates flashback log files into a directory named “FLASHBACK” under FRA. The size of every generated flashback log file is again under Oracle’s control. According to current Oracle environment – during normal database activity flashback log files have size of 8200192 bytes. It is very close value to the current redo log buffer size. The size of a generated flashback log file can differs during shutdown and startup database activities. Flashback log file sizes can differ during high intensive write activity as well.

Flashback log files can be written only under FRA (Flash Recovery Area). FRA is closely related and is built on top of Oracle Managed Files (OMF). OMF is a service that automates naming, location, creation and deletion of database files. By using OMF and FRA, Oracle manages easily flashback log files. They are created with automatically generated names with extension .FLB. For instance, this is the name of one flashback log file: O1_MF_26ZYS69S_.FLB

By its nature flashback logs are similar to redo log files. LGWR writes contents of the redo log buffer to online redo log files, RVWR writes contents of the flashback buffer to flashback database log files. Redo log files contain all changes that are performed in the database, that data is needed in case of media or instance recovery. Flashback log files contain only changes that are needed in case of flashback operation. The main differences between redo log files and flashback log files are :
  • Flashback log files are never archived - they are reused in a circular manner.
  • Redo log files are used to forward changes in case of recovery while flashback log files are used to backward changes in case of flashback operation. 
  • Flashback log files can be compared with UNDO data (contained in UNDO tablespaces) as well. While UNDO data contains changes at the transaction level, flashback log files contain UNDO data at the data block level. While UNDO tablespace doesn’t record all operations performed on the database (for instance, DDL operations), flashback log files record that data as well. In few words, flashback log files contain the UNDO data for our database.
To  Summarize   :
  • UNDO data doesn’t contain all changes that are performed in the database while flashback logs contain all altered blocks in the database .
  • UNDO data is used to backward changes at the transaction level while flashback logs are used to backward changes at the database level .
We can query the V$FLASHBACK_DATABASE_LOGFILE to find detailed info about our flashback log files. Although this view is not documented it can be very useful to check and monitor generated flashback logs.


There is a new record section within the control file header that is named FLASHBACK LOGFILE RECORDS. It is similar to LOG FILE RECORDS section and contains info about the lowest and highest SCN contained in every particular flashback database log file . 
***************************************************************************
FLASHBACK LOGFILE RECORDS
***************************************************************************
(size = 84, compat size = 84, section max = 2048, section in-use = 136,
last-recid= 0, old-recno = 0, last-recno = 0)
(extent = 1, blkno = 139, numrecs = 2048)
FLASHBACK LOG FILE #1:
(name #4) E:\ORACLE\FLASH_RECOVERY_AREA\ORCL102\FLASHBACK\O1_MF_26YR1CQ4_.FLB
Thread 1 flashback log links: forward: 2 backward: 26
size: 1000 seq: 1 bsz: 8192 nab: 0x3e9 flg: 0x0 magic: 3 dup: 1
Low scn: 0x0000.f5c5a505 05/20/2006 21:30:04
High scn: 0x0000.f5c5b325 05/20/2006 22:00:38


What does a Flashback Database operation ?


When we perform a flashback operation, Oracle needs all flashback logs from now on to the desired time. They will be applied consecutively starting from the newest to the oldest.  For instance, if we want to flashback the database to SCN 4123376440, Oracle will read flashback logfile section in control file and will check for the availability of all needed flashback log files. The last needed flashback log should be this with Low scn and High scn values between the desired SCN 4123376440 .

In current environment this is the file with name: O1_MF_26YSTQ6S_.FLB and with values of:
Low SCN    : 4123374373
High SCN   : 4123376446


Note:  If we want to perform successfully a flashback operation we will always need to have available at least one archived (or online redo) log file. This is a particular file that contains redo log information about changes around the desired flashback point in time (SCN 4123376440). In this case, this is the archived redo log with name: ARC00097_0587681349.001 that has values of:
First change#: 4123361850
Next change#: 4123380675


The flashback operation will not succeed without this particular archived redo log. The reason for this : Flashback log files contain information about before-images of data blocks, related to some SCN (System Change Number). When we  perform flashback operation to SCN 4123376440, Oracle cannot apply all needed flashback logs and to complete successfully the operation because it applying before-images of data. Oracle needs to restore each data block copy (by applying flashback log files) to its state at a closest possible point in time before SCN 4123376440. This will guarantee that the subsequent “redo apply” operation will forward the database to SCN 4123376440 and the database will be in consistent state. After applying flashback logs, Oracle will perform a forward operation by applying all needed archive log files (in this case redo information from the file: ARC00097_0587681349.001) that will forward the database state to the desired SCN.


Oracle cannot start applying redo log files before to be sure that all data blocks are returned to their state before the desired point in time. So, if desired restore point of time is 10:00 AM and the oldest restored data block is from 09:47 AM then we will need all archived log files that contain redo data for the time interval between 09:47 AM and 10:00 AM. Without that redo data, the flashback operation cannot succeed.   When a database is restored to its state at some past target time using Flashback Database, each block changed since that time is restored from the copy of the block in the flashback logs most immediately prior to the desired target time. The redo log is then used to re-apply changes since the time that block was copied to the flashback logs.

Note  :  Redo logs must be available for the entire time period spanned by the flashback logs, whether on tape or on disk. (In practice, however, redo logs are generally needed much longer than the flashback retention target to support point-in-time recovery.)

Flashback logs are not independent. They can be used only with the redo data that contains database changes around the desired SCN. This means that if we want to have working flashback window (and to be able to restore the database to any point in time within this window) we need to ensure the availability of redo logs as well.  If we are familiar with this information then we will be able to work in a better way with this feature and to ensure that it will help us  to perform faster recovery without unexpected problems.

Rules for Retention and Deletion of Flashback Logs : 
The following rules govern the flash recovery area's creation, retention, overwriting and deletion of flashback logs:
  • A flashback log is created whenever necessary to satisfy the flashback retention target, as long as there is enough space in the flash recovery area.
  • A flashback log can be reused, once it is old enough that it is no longer needed to satisfy the flashback retention target.
  • If the database needs to create a new flashback log and the flash recovery area is full or there is no disk space, then the oldest flashback log is reused instead.
  • If the flash recovery area is full, then an archived redo log may be automatically deleted by the flash recovery area to make space for other files. In such a case, any flashback logs that would require the use of that redo log file for the use of FLASHBACK DATABASE are also deleted.
Note : Re-using the oldest flashback log shortens the flashback database window. If enough flashback logs are reused due to a lack of disk space, the flashback retention target may not be satisfied.

 Limitations  of  Flashback  Database :
  • Since Flashback Database works by undoing changes to the datafiles that exist at the moment that we run the command, it has the following limitations:Flashback Database can only undo changes to a datafile made by an Oracle database. It cannot be used to repair media failures, or to recover from accidental deletion of datafiles.
  • we cannot use Flashback Database to undo a shrink datafile operation.
  • If the database control file is restored from backup or re-created, all accumulated flashback log information is discarded. We cannot use FLASHBACK DATABASE to return to a point in time before the restore or re-creation of a control file.
When using Flashback Database with a target time at which a NOLOGGING operation was in progress, block corruption is likely in the database objects and datafiles affected by the NOLOGGING operation. For example, if  we perform a direct-path INSERT operation in NOLOGGING mode, and that operation runs from 9:00 to 9:15 , and we later need to use Flashback Database to return to the target time 09:07 on that date, the objects and datafiles updated by the direct-path INSERT may be left with block corruption after the Flashback Database operation completes.

If possible, avoid using Flashback Database with a target time or SCN that coincides with a NOLOGGING operation. Also, perform a full or incremental backup of the affected datafiles immediately after any NOLOGGING operation to ensure recoverability to points in time after the operation. If we expect to use Flashback Database to return to a point in time during an operation such as a direct-path INSERT, consider performing the operation in LOGGING mode.


Finally few important point to be noted : 

  • The Flashback Database should be part of our Backup & Recovery Strategy but it not supersedes the normal physical backup & recovery strategy. It is only an additional protection of our database data.
  • The Flashback Database can be used to flashes back a database to its state to any point in time into the flashback window, only if all flashback logs and their related archived redo logs for the spanned time period are physically available and accessible.
  • Always ensure that archived redo logs covering the flashback window are available on either the tape or disk.
  • We cannot perform flashback database operation if we have media failure. In this case we must use the traditional database point-in-time media recovery method.
  • Always write down the current SCN or/and create a restore point (10g R2) before any significant change over our database: applying of patches, running of batch jobs that can can corrupt the data, etc. As we know: The most common cause for downtime is change.
  • Always write down the current SCN or/and create a restore point (10g R2) before to start a flashback operation .
  • Flashback database is the only one flashback operation that can be performed to undone result of a TRUNCATE command (FLASHBACK DROP, FLASHBACK TABLE, or FLASHBACK QUERY cannot be used for this).
  • Dropping of tablespace cannot be reversed with Flashback Database. After such an operation, the flashback database window begins at the time immediately following that operation.
  • Shrink a datafile cannot be reversed with Flashback Database. After such an operation, the flashback database window begins at the time immediately following that operation.
  • Resizing of datafile cannot be reversed with Flashback Database. After such an operation, the flashback database window begins at the time immediately following that operation. If we need to perform flashback operation in this time period, we must offline this datafile before performing of flashback operation.
  • Recreating or restoring of control file prevents using of Flashback Database before this point of time.
  • We can flashback database to a point in time before a RESETLOGS operation. This feature is available from 10g R2 because the flashback log files are not deleted after RESETLOGS operation. We cannot do this in 10g R1 because old flashback logs are deleted immediately after an RESETLOGS operation.
  • Don’t exclude the SYSTEM tablespace from flashback logging. Otherwise we will not be able to flashback the database.
  • The DB_FLASHBACK_RETENTION_TARGET parameter is a TARGET parameter. It doesn’t guarantee the flashback database window. Our proper configuration of the Flashback Database should guarantee it.
  • Monitor regularly the size of the FRA and generated flashback logs to ensure that there is no space pressure and the flashback log data is within the desired flashback window


For Flashback Configuration and examples .Click Here


Reference :   http://docs.oracle.com/cd/B19306_01/backup.102/b14192/rpfbdb003.htm
                     http://dba-blog.blogspot.in/


Enjoy   :-) 


Wednesday, July 27, 2011

Resource Manager In Oracle


Manager (the Resource Manager) enables us to optimize resource allocation among the many concurrent database sessions.Although we can manage resources via profiles a better option is to use the resource manager, by creating resource plans which specify how much of our resources should go to the various consumer groups, we can prioritize users and jobs. The resource manager can kill long running jobs, switch jobs to higher priority all automatically, the DBA can also manually switch users between resource groups.

What Problems Does the Resource Manager Address?
When database resource allocation decisions are left to the operating system, we may encounter the following problems:

Excessive overhead  :  Excessive overhead results from operating system context switching between Oracle Database server processes when the number of server processes is high.

Inefficient scheduling  :  The operating system deschedules database servers while they hold latches, which is inefficient.

Inappropriate allocation of resources  :  The operating system distributes resources equally among all active processes and is unable to prioritize one task over another.

Inability to manage database-specific resources, such as parallel execution servers and active sessions

How Does the Resource Manager Address These Problems?

The Resource Manager helps to overcome these problems by allowing the database more control over how hardware resources are allocated. The Resource Manager enables us to classify sessions into groups based on session attributes, and to then allocate resources to those groups in a way that optimizes hardware utilization for our application environment.

With the Resource Manager, we can:

  • Guarantee certain sessions a minimum amount of processing resources regardless of the load on the system and the number of users.
  • Distribute available processing resources by allocating percentages of CPU time to different users and applications. In a data warehouse, a higher percentage can be given to ROLAP (relational online analytical processing) applications than to batch jobs.
  • Limit the degree of parallelism of any operation performed by members of a group of users.
  • Create an active session pool. An active session pool consists of a specified maximum number of user sessions allowed to be concurrently active within a group of users. The active session pool limits the total number of sessions actively competing for resources, thereby enabling active sessions to make faster progress.
  • Manage runaway sessions or calls by detecting when they consume more than a specified amount of CPU or I/O. Such sessions can be automatically terminated or switched into a different (lower priority) group.
  • Prevent the execution of operations that the optimizer estimates will run for a longer time than a specified limit.
  • Limit the amount of time that a session can be idle. This can be further defined to mean only sessions that are blocking other sessions.

Example: A Simple Resource Plan

                     


There are four elements to the Database Resource Manager (DRM) :

1.) Resource Consumer Group   -  A resource consumer group is a collection of users with similar requirements for resource consumption. Users can be assigned to more than one resource consumer group, but each user's active session can only be assigned to one resource consumer group at a time. For example, I can construct separate consumer groups for OLTP users, one for decision support users and one for users who typically create ad hoc queries.

2.) Resource plan -  A resource plan can also have multiple subplans that specify a finer grain of resource allocation detail. For example, I can create two subplans for my OLTP users, one for high-volume users and one for lower-volume users. Note that a subplan can have more than one parent plan, but Oracle will not permit a subplan to "loop back" upon itself.

3.) Resource allocation method - dictates the specific method we choose to use to allocate resources like CPU.  

4.) Resource Plan Directive -  Resource plan directives allocate resources among the resource consumer groups in the resource plan. Essentially, directives connect resource consumer groups or subplans to their resource plans. There is at least one resource plan directive for each entry in the resource plan.

Resource plan directives use resource allocation methods to determine how the DRM will allocate resources to a resource consumer group or resource plan. Several allocation methods are available:

CPU  :  As its name implies, this method controls how much CPU utilization will be permitted to user sessions for different resource consumer groups within a specific resource plan. CPU utilization is parceled out in declining levels from 1 to 8, and percentages are used to assign how much CPU should be granted to each consumer group at each level. User sessions for a consumer group with the highest level will receive resources before sessions assigned to a lower level are allowed to receive resources, so this method provides a mechanism to insure the highest-priority sessions receive at least some CPU resources.

Automatic Consumer Group Switching :  In some circumstances, I would like to have a user session that has begun to consume too many resources get switched automatically to a lower priority (for example, an ad hoc query user starts a "not in our lifetime" query, or a user runs a large report during peak OLTP processing hours). Using this method, the DRM can be directed to automatically switch such a user session to a different resource consumer group if the session is actively consuming resources beyond a certain amount of time. Even more impressive, this method can estimate an approximate time for the completion of the query and switch the session to a different group before the query is executed.

Active Session Pool Queueing  :  In some cases, I would like to be able to limit the activity for some groups of users based upon their maximum number of active sessions. This method detects when a specified threshold of user sessions has been reached for a consumer group and queues sessions until a "slot" is available. This method can also detect if a queued task has exceeded a specified time threshold, automatically terminate the queued task and return an error.

Maximum Estimated Execution Time  :  The DRM can also be directed to terminate an operation that has exceeded a specified maximum execution time. DRM will terminate the session and return a trappable error.

Maximum Degree of Parallelism  :  The DRM can limit the maximum degree of parallel processing for any operation within the plan.

Undo Pool Quota  :  Finally, the DRM can be directed to monitor the amount of undo (i.e. rollback) space being used by a resource consumer group. When undo utilization reaches the specified threshold, the DRM will terminate the current DML generating the redo log entries; no other members of that consumer group will be allowed to continue DML operations until sufficient redo space is available.

For more detail and examples click the below scripts

http://www.datadisk.co.uk/html_docs/oracle/resource_manager.htm

http://www.rittmanmead.com/2010/01/oracle-database-resource-manager-and-obiee/

http://oradbpedia.com/wiki/DBMS_RESOURCE_MANAGER_-_Overview

http://download.oracle.com/docs/cd/B28359_01/server.111/b28310/dbrm001.htm


Enjoy   :-)



Saturday, July 23, 2011

Auditing in Oracle

Auditing is the monitoring and recording of selected user database actions. Auditing is normally used to:

1.) Investigate suspicious activity. For example, if an unauthorized user is deleting data from tables,the security administrator might decide to audit all connections to the database and all successful and unsuccessful deletions of rows from all tables in the database.

2.) Monitor and gather data about specific database activities. For example, the database administrator can gather statistics about which tables are being updated, how many logical I/Os are performed, or how many concurrent users connect at peak times.

There are two distinct types of auditing
1.) Standard        ->>  auditing based on statement, privilege and object-level
2.) Fine-grained  ->>  auditing on a finer granule which is based on content i.e. value > 10,000


Standard Auditing is further classified into 3 levels of standards auditing.The following are 
 i.)    Statement    ->>  audit all actions on any type of object.
ii.)   Privilege       ->>  audit actions that stem from system privileges.
iii.)  Object-level ->>  specific audit actions like select, update, insert or delete.


For all 3 levels of auditing we can choose to audit by access (audit every time we access) or by session (audit only once per access during the session), we can also auditing on if the access was successful (whenever successful) or not (whenever not successful).

How to eanable auditing : 
Below are some basic methods for auditing : 


1.) AUDIT_SYS_OPERATION : This parameter audits the SYS and SYSDBA connections. when we enable the parameter audit_sys_operations the database will write a trace file of the session action to the udump directory. This parameter should be enables on ALL production databases. Here is the method of enabling auditing .


SQL> alter system set audit_sys_operations=true scope=spfile;
SQL> shut immediate
SQL> startup
SQL> sho parameter audit
NAME                                TYPE                       VALUE
------------------                -----------            --------------------------------------------------------------
audit_file_dest                string               D:\ORACLE\PRODUCT\10.2.0\ADMIN\NOIDA\ADUMP
audit_sys_operations     boolean           TRUE
audit_trail                       string               DB
We can audit sys and sysdba connections from event logfile .(eventvwr.msc)


2.) AUDIT_TRAIL  Parameter : This parameter audit SESSION, DCL, DDL, DML, Select statements to table AUD$ or OS files.This is the easiest and most common method of auditing an oracle database, and this parameter should be set on ALL production databases. The audit_trail parameter can take the following values :

none  = disables auditing
os      = records the information to a o/s file (uses parameter audit_file_dest for the file location)
db      = records the information in the database, use the view dba_audit_trail ( view accesses table sys.aud$ )   to display audit information.
db, extended   = as per the db value but also populates the sqlbind and sqltext clob columns
xml     = audits to the o/s file but in xml format (uses parameter audit_file_dest for the file location)
xml,extended  =  as per xml option but also populates the sqlbind and sqltext clob columns


A basic list of audit option are as : 


==>Turn off auditing : 
SQL> alter system set audit_trail=none scope=spfile;


==> Auditing written to o/s :
SQL> alter system set audit_file_dest='c:\oracle\auditing';
SQL> alter system set audit_trail=os scope=spfile;


Note: if the audit_file_dest is not set then the default location is $oracle_home/rdbms/audit/


To start auditing we can use the below (there are many more options than stated below)
==> On Session    
SQL> audit session by neer;


==> On Table 
SQL> audit table;


==>Table and Specific user   
SQL>audit table by neer;


==>Table, Specific User and Access
SQL> audit table by neer by access;

==>Privilege auditing
SQL>audit create any table;

SQL>audit create any table by neer;


==>Object auditing
SQL> audit select on neer.employees by access whenever successful;

SQL> audit select on neer.employees by access whenever not successful;


==>Disabling audit
SQL>noaudit table;
SQL>noaudit all privileges;
SQL>noaudit create any table by neer;


==>Turn off all auditing
SQL> noaudit all;                              (turn off all statement auditing)

SQL> noaudit all privileges;               (turn off all privilege auditing)
SQL> noaudit all on default;               (turn off all object auditing)


==>Purge audit table
SQL>delete from sys.aud$;
SQL>truncate from sys.aud$;


Here is demo of the Standard auditting  :


C:\>sqlplus / as sysdba
SQL*Plus: Release 10.2.0.1.0 - Production on Sat Jul 23 13:58:26 2011
Copyright (c) 1982, 2005, Oracle.  All rights reserved.
Connected to:
Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production
With the Partitioning, OLAP and Data Mining options


SQL> alter system set audit_trail=db scope=spfile;   
System altered.


SQL> shut immediate
Database closed.
Database dismounted.
ORACLE instance shut down.
SQL> startup
ORACLE instance started.


Total System Global Area      167772160  bytes
Fixed Size                             1247876      bytes
Variable Size                         75498876    bytes
Database Buffers                   83886080    bytes
Redo Buffers                         7139328      bytes
Database mounted.
Database opened.
SQL> create user test identified by test
  2  default tablespace users
  3  quota unlimited on users;
User created.


SQL> grant connect to test;
Grant succeeded.


SQL> grant create table,create procedure to test;
Grant succeeded.


SQL> audit select table,update table,insert table,delete table by test by access;
Audit succeeded.


SQL> audit all by test by access;
Audit succeeded.


SQL> conn test/test@noida
Connected.


SQL> create table aud_table(id number);
Table created.


SQL> insert into aud_table values (&A);
Enter value for a: 1
old   1: insert into aud_table values (&A)
new   1: insert into aud_table values (1)
1 row created.


SQL> insert into aud_table values (&A);
Enter value for a: 2
old   1: insert into aud_table values (&A)
new   1: insert into aud_table values (2)
1 row created.


SQL> /
Enter value for a: 3
old   1: insert into aud_table values (&A)
new   1: insert into aud_table values (3)
1 row created.


SQL> update aud_table set id=123 where id=2;
1 row updated.


SQL> select  *  from aud_table;
        ID
----------
         1
       123
         3


SQL> delete from aud_table;
3 rows deleted.


SQL> drop table aud_table;
Table dropped.


SQL> conn / as sysdba
Connected.


SQL> select username,obj_name,action_name from dba_audit_trail
  2       where owner='TEST' order by timestamp;


USERNAME              OBJ_NAME             ACTION_NAME
---------                   ---------------           -------------------
TEST                      AUD_TABLE              CREATE TABLE
TEST                      AUD_TABLE              INSERT
TEST                      AUD_TABLE              INSERT
TEST                      AUD_TABLE              INSERT
TEST                      AUD_TABLE              UPDATE
TEST                      AUD_TABLE              SELECT
TEST                      AUD_TABLE              DELETE
TEST                      AUD_TABLE              DROP TABLE
8 rows selected.


FGA (fine-grained auditing)  :  Fine-grain auditing (FGA) allows us to audit users accessing data of a certain criteria. As per standard auditing we can audit select, insert, update and delete operations. We use the package dbms_fga to add, remove, enable and disable FGA auditing policies, it is virtually impossible to bypass these policies, one nice feature is that we can attach handlers (like a trigger) to the policies which can execute procedures.


There are many options that can be applied to the dbms_fga package, here are some simple examples : 
==> Creating  :  


SQL> begin
dbms_fga.add_policy (
object_schema=>'neer',
object_name=>'employees',
policy_name=>'aud_test',
audit_column=>'salary,commission_pct',
enable=>false,
statement_types=>'select'); 
end;
/


==> Removing  :  


SQL> begin
dbms_fga.drop_policy (
object_schema=>'neer',
object_name=>'employees',
policy_name=>'aud_test');
end;
/


==>Enabling  :  


SQL>begin
dbms_fga.enable_policy (
object_schema=>'neer',
object_name=>'employees',
policy_name=>'aud_test');
end;
/


==> Disabling  :


SQL> begin
dbms_fga.edisable_policy (
object_schema=>'neer',
object_name=>'employees',
policy_name=>'aud_test');
end;
/

Here is Demo of the FGA Auditing  :  

First,we will create the FGA policy say "FGA_AUD"

SQL>  begin
  2  dbms_fga.add_policy (
  3  object_schema=>'test',
  4  object_name=>'hot',
  5  policy_name=>'FGA_AUD',
  6  audit_column=>'id',
  7  enable=>true,
  8  statement_types=>'select,update');
  9  end;
 10  /
PL/SQL procedure successfully completed.

Now we will perform some "select" and "update" statements to audit  :

SQL> update hot set id=2222 where id=123;
0 rows updated.

SQL> update hot set id=2222 where id=2;
1 row updated.

SQL> select * from hot;
        ID
   ----------
       22
      2222
      2342

SQL> update hot set id=8888 where id=2342;
1 row updated.

SQL> commit;
Commit complete.

To audit the table and the statements fired by db_user, fire the below query :

SQL> select   db_user  ,scn,  sql_text   from  dba_fga_audit_trail   where   db_user='TEST';
db_user         SCN                        SQL_TEXT
--------        ----------              ------------------------------------
TEST          1186412              update hot set id=2222 where id=123
TEST          1186421              update hot set id=2222 where id=2
TEST          1186431              select * from hot
TEST          1186440              update hot set id=8888 where id=2342

SYS.AUD$ table :  Make sure that the sys.aud$ table gets purged from time to time as connections and DML activity in the database might come to a stand still if it becomes full.


 Purge Audit Table : 
SQL> delete from sys.aud$;
SQL> truncate from sys.aud$;