The Lazy Tech's Blog: 2012

Tuesday, October 02, 2012

Oracle OpenWorld 2012: Monday

Database 12c Features

Following yesterday's big announcements and new rumors I made a few schedule changes ensuring I allotted more time in the demo grounds to talk to various Oracle specialists concerning Database 12c. The demo grounds are truly amazing with a wealth of contacts to be made and things to be learnt from talking to the various "informed" vendors (including Oracle). Even more amazing are the large number of people that come solely for the purpose of winning free stuff - not that I'd complain if I won one of the numerous iPads on offer or even better the $10,000 offered by EMC (good to know where my companies money is going). I'm curious if any of these vendors do any analysis on the "real" contacts made vs. just those looking for stuff and follow-up sales made.

There are many new and usable features with 12c, and I would argue this will be the biggest release Oracle will have done to date (when it ships) in terms of changes and features. The upgrade process via DBUA has been given some attention with parallelism during the upgrade itself, fix-it scripts, resumption from some failures (instead of starting from scratch for everything) and a post-upgrade health check. Transportable Tablespaces (TTS) via Data Pump will be more efficient by automatically running all pre-requisite checks, and doing the full export and import. Meaning it figures out all the metadata dependencies, creates all the users, objects, grants, etc. from the source unto the target then copies across all the data and viola!

Some questions (but not all) surrounding Pluggable Databases (PDB), which I've mentioned yesterday, were answered today as well. It will support pre-12.1 databases (only 11.2.0.3 is my guess and based on the slides used) which will plug into a 12.1 container database (the housing or hypervisor database if you will). All databases can be backed up as one and recovered separately including point-in-time (PIT). PDB can also be run in standby setups though I'm still left wondering how PDB works exactly in a RAC environment. Migration into this architecture appears to be done via Data Pump (I'm guessing TTS since otherwise it would be long migration). Resource utilization is handled by Resource Manager (DBRM) so processor (and other settings?) usage can be allocated to each database. Patching/upgrades can be done separately to each database though I'd imagine the container DB must always be at the highest release (similar to Grid Infrastructure). A question, out of many I have, is how does affect Oracle VPD and will it be a paid feature? (we all know the answer is yes)

Another very interesting and immediately usable feature is "Automatic Usage Based Compression". Essentially a heat map of table partitions is used to compress various partitions based on usage/activity (INSERT, UPDATE and DELETE statements) using some user defined policies. Compression is done online, in the background. Does this mean HCC is open to all now? Is this using DBMS_REDEFINITION under the covers for the online compression change? What about compressing table blocks and not just partitions? Will the threshold for hot, warm and cold be adjustable (there is always some hidden parameter)? Is this part of the compression package/option and how much will it cost?

Redaction of Sensitive Data is another big feature. This moves the masking of sensitive data from the application level to the database level where the DBA does this change online and immediately (no logoff/logon required) based on set policies. I'm left wondering how this affects the Data Masking Pack and Label Security? (and again, how much?)

A new feature (which is actually available now supported for Exadata) is RMAN Cross Platform Incremental Backups. This is using RMAN to do a platform conversion from a big endian platform such as Solaris SPARC, IBM AIX and HP-UX to Linux using backups/restores where the incrementals can be applied to the target until ready to switch platforms at which point the actual switch over is considerably less time (and effort). Note 1389592.1 explains this with greater details.

The Jimmy Cliff Experience

Whomever thought up the Oracle Music Festival deserves a raise, and even better, the party responsible for bringing in Jimmy Cliff deserves a promotion! The man, Jimmy Cliff, must be in his 60's at least but has more energy than a 20 year old! He completely rocked the house with his energy, song arrangements and charisma. The crowd (including myself) was completely involved and so much so enjoyed his performance that an encore was demanded, and graciously accepted.

I had another big day ahead of me and so left during his encore. I can already feel the pain in various body parts following my "dancing" (I use the term loosely). I good end to another great day at OpenWorld...

Monday, October 01, 2012

Oracle OpenWorld 2012: Sunday (continued...)

Sessions and Keynote

I attended a few sessions which for the most part were informative in some way. One take-away was that Oracle Enterprise Manager 12c Cloud Control is very popular as it is on a lot of minds (mine including since I'm trying to get my company to bypass our implementation of 11g and go straight to 12c but I digress). The few sessions I attended had quite a lot of questions. I was also able to meet a few of my Twitter contacts (@dbakevlar @aakela and @fuadar) which was awesome!

An interesting nugget in the session "Will it blend? Verifying Capacity in Server and Database Consolidations" was that of 'Consolidated DB Replay'. This is feature introduced in a patch (13947480) for 11.2.0.2+ which (as the name suggestions) allows for the concurrent running or replay of multiple captured workloads. The use case for this, of course, is capturing workloads from multiple source database systems and replaying on a single target system which is intended as a consolidation database. Ideally the capture time and periods across the multiple source databases should be the same to get the best picture of what the consolidated workload would look like on a single consolidate database. This feature would replace (or minimize) manual efforts involving visually analyzing workload graphs using OEM (as an example) for each database or looking at consolidated/merged AWR information for the multiple source systems.

Keynote

There have been many rumors surrounding a new Exadata 1/8 rack configuration, Exadata hardware upgrades (would there be an X3-2) and database 12c (if it would be announced or not). I did not attend Enkitec Extreme Exadata Expo (E4) 2012 but did read some of the Tweets and postings concerning the sessions which did point to such announcements. As it turned out, the Larry's Keynote did not disappoint and confirmed the rumors with the announcements of Exadata X3-2 (including an Exadata X3-2 1/8 rack), Oracle Database 12c release sometime in 2013 (my guess is some features will be cut for a January/February released in 2013), Oracle Private Cloud and IaaS.

Oracle Private Cloud is an offering for companies needing their own private infrastructure which can either run externally at Oracle facilities or inside the companies own data center but managed completely by Oracle. Having experienced various Oracle Support Services (OCS, OCMS or Oracle On-Demand) I can say the success for this offering will depend heavy on improvement for these support offerings and clear understanding between all involved parties as to what is meant by "managed". Oracle Cloud is Oracle's Infrastructure as a Service or IaaS offering composed of Exadata, Exalogic, Oracle Linux, Oracle VM, Oracle Storage, and InfiniBand (IB) components.

Oracle Database 12c which will be released sometime in 2013 (January/February is the whisper) will have some interesting features (not sure if I disclose at this time other than what has just been announced) such as Pluggable Databases. This is essentially multiple databases sharing the same server using containerization at the database level therefore being more efficient (so not complete separation in terms of processes and memory) and not requiring any application changes. For those familiar with SQL Server, PostgreSQL (including Netezza) and other such database platforms this is not anything knew. It is however, in the context of Oracle databases and has several benefits in the area of consolidation and hosting.

Exadata X3-2 was announced as the hardware refresh for the previous generation X2-2 along with a new 1/8 rack deployment option (starting price for negotiations is $200,000, nice!). Strangely enough, there is also an Exadata X3-8 as the refresh for Exadata X2-8, but this got no recognition (perhaps these do not sell as well and are a niche offering?). A few quick overview specifications are below:

Database Nodes

up to 8 x Oracle/Sun X3-2 servers
up to 2 TB RAM or 256 GB/node
up to 128 cores using 2x8-core Intel E5-2690 (2.9 GHz) per node

Storage Nodes

Up to 14 x Sun X3-2L
Up to 168 cores using 2x6-core Intel E5-2600 series per node
Up to 22 TB Flash memory
Up to 168 x 600 GB 15K rpm HP or 168 x 3 TB 7.2K rpm HC HDD

In terms of performance a full rack X3-2 should scream with:

~50K IOPS using 8K IO requests (most vendors use 2K so be careful doing comparisons)
100 GB/s bandwidth taking into consideration HP HDD and Flash
16 TB/hour data loads (from past experience this is within the same array so again, be careful and ask specific questions).

A software upgrade to the platform (this means available now w/o upgrading to X3-2) brings Cached Writes along with the previous Cached Reads. So maximum IOPS for 8K IO requests involving Flash is ~1,500,000 for read and ~1,000,000 for write. With compression (your mileage will vary according to your data) numbers should be better but again, test, test and test again. Your workload was not used when obtaining these benchmark figures. Usable disk capacity is ~45 TB for HP and ~224 TB for HC HDD. Also, Oracle Cloud and Private Cloud will start with Exadata X3-2 systems.

For me, here is what is missing from Exadata or what I'd like to see:

A more appliance-centric approach where even the ASM and DB configuration is standard and factory setup (sorry, but OCS involvement/engagement would be minimized)
More work being pushed down to the storage level (more analytics, more parallel processing, more "transparent" indexing so I don't have to create and maintain)
Automatic data compression (can still provide better/advanced compression levels at cost)
Built-in Hadoop integration (storage nodes as data nodes and a dynamic compute as the named node?)
Integrated monitoring via included OEM appliance as either an included 2x1U server in the rack or external servers. You can argue you can just use existing or build your own but wouldn't it be nice to have this option? Quite frankly I'm puzzled as to why Oracle has not come out with an OEM appliance yet and have suggested as such to some powers in the OEM team (also wondering about a MySQL engineered system, ExaSQL :-))

Fujitsu Keynote
Moving on (or back) to the Fujitsu portion of the keynote, I found it most interesting since they are doing very similar work with their "Fujitsu Agricultural Cloud Service" to that of my company (though not quite as full-featured a service if I do so say). The services gathers data collected by farmers via various devices and runs analysis which will aid in providing information to improve yields. This is being done very cost effectively and near real time. Then there is project "Athena" which is the merging of hardware and software (OS and database if I understood correctly) to bring forth a new processing model which will far surpass anything currently available. Leveraging knowledge and technology from the K supercomputer, Liquid Loop Cooling (LLC), 512 GB per socket (32 TB per system), 4 CPUs w/2TB each scaling/connecting in a building block fashion (up to 16 blocks?) and software on chip (database software also in silicon) the SPARC64 X was/will be born in 2013. Testing has shown a 2x increase in performance over IBM Power7 though no specifics were given (it was just a keynote). I do love how they showed real world type scenarios and business usage instead of just pure tech.

So far that has been my OpenWorld 2012 experience to date. Sunday down, next up Monday to Thursday.

Oracle OpenWorld 2012: Sunday

MySQL Connect

First up today was a visit to the MySQL Keynote featuring some speakers from Twitter, Paypal and Verizon Wireless. I've been interested in MySQL for sometime but never really played with it for myself. My company is seeking to investigate it further since we've got over 50 instances of it running, but also to look into open source alternatives (cost reduction mainly).

Very interesting what these large companies are doing with MySQL and how they are using the technology. Twitter uses it extensively because:

It is fast, even compared with NoSQL alternatives (depending on what you are doing with it of course)
It has very low latency
It scales well
It has a large ecosystem
The safety of InnoDB (i.e. it does not lose data)

It is not all roses however, as there were some words of caution::

It is not yet optimized for SSD (which they are working on)
There is room for a configuration management tool
It is not a complete solution and should be used as a building block
It is not a purpose-built key-value (KV) store (so try other NoSQL if that is your true requirement)
It is not schema-less (both pro and con)
There is a need for better performance/response time metrics
There is a need for better monitoring

What they could share of there environment is also very interesting:

25 traditional master-slaves
3-100 machines with 6 DBAs and 1 developer
> 6 million queries per second (qps) w/400 million tweets per day (+ metadata)

The talk from Verizon Wireless was also interesting as they apparently use MySQL for their intranet with a customized landing page for each user (based on location, function, etc.) which the user can further customize. It is all highly performant (since that was a main criteria) and scalably. Their "Verizon Infrastructure as a Service (IaaS) Group" was inspirational! An internal group which provides IaaS to the rest of the company.

Tuesday, May 01, 2012

Oracle Internet Directory (OID) 11g: Part IV - OID Installation

This is the final post in my series on OID11g. I'll try and follow-up with a few other posts but essentially from here on out you would be ready to go with OID11g. If you are interested in making your OID highly available using LDAP multi-master replication then stay tuned for that follow-up post.

So OID11g (11.1.1.5.0) installation actually consists of three phases, namely installation, patching and configuration. That is how I've broken up this post which as a side effect I think, makes it easier to follow. To provide some further clarity, some Fusion Middleware 11.1.1.5.0 components are offered as full installers, but not all. You can get the distribution details for the components on MOS, or via the documentation on on OTN. Unfortunately, OID falls into the case requiring a software installation of 11.1.1.2.0, followed by patching to 11.1.1.5.0 and subsequent configuration to complete the "installation". Hopefully Oracle will move towards full installers for all products much like they've done for the database (and other products such as GoldenGate and so on).

Installation of 11.1.1.2.0

1. Edit your response file for silent installation. The items of interest are highlighted as shown below:

[ENGINE]
#DO NOT CHANGE THIS.
Response File Version=1.0.0.0.0

[GENERIC]

#Set this to true if installation and configuration need to be done, all other required variables need to be provided. Variable "INSTALL AND CONFIGURE LATER TYPE" must be set to false if this is set to true as the variables are mutually exclusive
INSTALL AND CONFIGURE TYPE=false

#Set this to true if only Software only installation need to be done. If this is set to true then variable "INSTALL AND CONFIGURE TYPE" must be set to false, since the variables are mutually exclusive.
INSTALL AND CONFIGURE LATER TYPE=true

#Write the name of the Oracle Home directory. The Oracle Home directory name may only contain alphanumeric , hyphen (-) , dot (.) and underscore (_) characters, and it must begin with an alphanumeric character.
ORACLE_HOME=/oracle/app/fmw/Oracle_IDM1

#Write the complete path to a valid Middleware Home.
AS_HOME_LOCATION=/oracle/app/fmw

#Provide the My Oracle Support Username. If you wish to ignore Oracle Configuration Manager configuration provide empty string for user name.
MYORACLESUPPORT_USERNAME=

#Provide the My Oracle Support Password
MYORACLESUPPORT_PASSWORD=

#Set this to true if you wish to decline the security updates. Setting this to true and providing empty string for My Oracle Support username will ignore the Oracle Configuration Manager configuration
DECLINE_SECURITY_UPDATES=true

#Set this to true if My Oracle Support Password is specified
SECURITY_UPDATES_VIA_MYORACLESUPPORT=false

#Provide the Proxy Host
PROXY_HOST=

#Provide the Proxy Port
PROXY_PORT=

#Provide the Proxy Username
PROXY_USER=

#Provide the Proxy Password
PROXY_PWD=

[SYSTEM]

[APPLICATIONS]

[RELATIONSHIPS]

2. Run the installation using OUI for OID 11.1.1.2.0, as the oracle user:

./runInstaller -silent -response /oracle/stage/rsp/oid11g-inst.rsp

Below is a sample execution run:

Starting Oracle Universal Installer...

Checking Temp space: must be greater than 80 MB. Actual 18983 MB Passed
Checking swap space: must be greater than 500 MB. Actual 7724 MB Passed
Preparing to launch Oracle Universal Installer from /tmp/OraInstall2012-01-24_04-05-56PM. Please wait ...[oracle@orads02 Disk1]$ Log: /u01/app/oraInventory/logs/install2012-01-24_04-05-56PM.log
Copyright (c) 1982, 2009, Oracle and/or its affiliates. All rights reserved.
Reading response file..
Expected result: One of enterprise-5.4,enterprise-4,enterprise-5,redhat-5.4,redhat-4,redhat-5,SuSE-10
Actual Result: redhat-5
Check complete. The overall result of this check is: Passed
CertifiedVersions Check: Success.
Checking for binutils-2.17.50.0.6; found binutils-2.17.50.0.6-14.el5-x86_64. Passed
Checking for compat-libstdc++-33-3.2.3-x86_64; found compat-libstdc++-33-3.2.3-61-x86_64. Passed
Checking for compat-libstdc++-33-3.2.3-i386; found compat-libstdc++-33-3.2.3-61-i386. Passed
Checking for elfutils-libelf-0.125; found elfutils-libelf-0.137-3.el5-i386. Passed
Checking for elfutils-libelf-devel-0.125; found elfutils-libelf-devel-0.137-3.el5-x86_64. Passed
Checking for gcc-4.1.1; found gcc-4.1.2-50.el5-x86_64. Passed
Checking for gcc-c++-4.1.1; found gcc-c++-4.1.2-50.el5-x86_64. Passed
Checking for glibc-2.5-12-x86_64; found glibc-2.5-58.el5_6.3-x86_64. Passed
Checking for glibc-2.5-12-i686; found glibc-2.5-58.el5_6.3-i686. Passed
Checking for glibc-common-2.5; found glibc-common-2.5-58.el5_6.3-x86_64. Passed
Checking for glibc-devel-2.5-x86_64; found glibc-devel-2.5-58.el5_6.3-x86_64. Passed
Checking for glibc-devel-2.5-12-i386; found glibc-devel-2.5-58.el5_6.3-i386. Passed
Checking for libaio-0.3.106-x86_64; found libaio-0.3.106-5-x86_64. Passed
Checking for libaio-0.3.106-i386; found libaio-0.3.106-5-i386. Passed
Checking for libaio-devel-0.3.106; found libaio-devel-0.3.106-5-i386. Passed
Checking for libgcc-4.1.1-x86_64; found libgcc-4.1.2-50.el5-x86_64. Passed
Checking for libgcc-4.1.1-i386; found libgcc-4.1.2-50.el5-i386. Passed
Checking for libstdc++-4.1.1-x86_64; found libstdc++-4.1.2-50.el5-x86_64. Passed
Checking for libstdc++-4.1.1-i386; found libstdc++-4.1.2-50.el5-i386. Passed
Checking for libstdc++-devel-4.1.1; found libstdc++-devel-4.1.2-50.el5-x86_64. Passed
Checking for make-3.81; found make-1:3.81-3.el5-x86_64. Passed
Checking for sysstat-7.0.0; found sysstat-7.0.2-3.el5_5.1-x86_64. Passed
Check complete. The overall result of this check is: Passed
Packages Check: Success.
Checking for VERSION=2.6.18; found VERSION=2.6.18-238.12.1.el5. Passed
Checking for hardnofiles=4096; found hardnofiles=131072. Passed
Checking for softnofiles=4096; found softnofiles=131072. Passed
Check complete. The overall result of this check is: Passed
Kernel Check: Success.
Expected result: ATLEAST=2.5-12
Actual Result: 2.5-58.el5_6.3
Check complete. The overall result of this check is: Passed
GLIBC Check: Success.
Expected result: 1024MB
Actual Result: 3948MB
Check complete. The overall result of this check is: Passed
TotalMemory Check: Success.
Expected result: LD_ASSUME_KERNEL environment variable should not be set in the environment.
Actual Result: Variable Not set.
Check complete. The overall result of this check is: Passed
Check Env Variable Check: Success.
Verifying data......
Copying Files...
-----------20%----------40%----------60%----------80%--------100%

Applying Oneoff Patch...
The installation of Oracle AS Common Toplevel Component, Oracle Identity Management 11g completed successfully.

Patching 11.1.1.2.0 to 11.1.1.5.0

1. Edit your response file for silent patching. It's not much different from the installation, the items of interest are highlighted as shown below:

[ENGINE]

#DO NOT CHANGE THIS.
Response File Version=1.0.0.0.0

[GENERIC]

#Provide the Oracle Home location. The location has to be the immediate child under the specified Middleware Home location. The Oracle Home directory name may only contain alphanumeric , hyphen (-) , dot (.) and underscore (_) characters, and it must begin with an alphanumeric character. The total length has to be less than or equal to 128 characters. The location has to be an empty directory or a valid IDM Oracle Home.
ORACLE_HOME=/oracle/app/fmw/Oracle_IDM1

#Provide existing Middleware Home location.
MIDDLEWARE_HOME=/oracle/app/fmw

#Provide the My Oracle Support Username. If you wish to ignore Oracle Configuration Manager configuration provide empty string for user name.
MYORACLESUPPORT_USERNAME=

#Provide the My Oracle Support Password
MYORACLESUPPORT_PASSWORD=

#Set this to true if you wish to decline the security updates. Setting this to true and providing empty string for My Oracle Support username will ignore the Oracle Configuration Manager configuration
DECLINE_SECURITY_UPDATES=true

#Set this to true if My Oracle Support Password is specified
SECURITY_UPDATES_VIA_MYORACLESUPPORT=false

#Provide the Proxy Host
PROXY_HOST=

#Provide the Proxy Port
PROXY_PORT=

#Provide the Proxy Username
PROXY_USER=

#Provide the Proxy Password
PROXY_PWD=

#Type String (URL format) Indicates the OCM Repeater URL which should be of the format [scheme[Http/Https]]://[repeater host]:[repeater port]
COLLECTOR_SUPPORTHUB_URL=

#
CONFIG_WIZARD_RESPONSE_FILE_LOCATION=0

[SYSTEM]

[APPLICATIONS]

[RELATIONSHIPS]

2. Run the patch application using OUI for OID 11.1.1.5.0, as the oracle user:

./runInstaller -silent -response /oracle/stage/rsp/oid11g-patch.rsp

Below is a sample execution run:

Starting Oracle Universal Installer...

Checking Temp space: must be greater than 80 MB. Actual 18983 MB Passed
Checking swap space: must be greater than 512 MB. Actual 7406 MB Passed
Preparing to launch Oracle Universal Installer from /tmp/OraInstall2012-01-24_04-27-11PM. Please wait ...[oracle@orads02 Disk1]$ Log: /u01/app/oraInventory/logs/install2012-01-24_04-27-11PM.log
Copyright (c) 1982, 2011, Oracle and/or its affiliates. All rights reserved.
Reading response file..
Verifying data......
Copying Files...
-----------20%----------40%----------60%----------80%--------100%

Applying Oneoff Patch...
The installation of Oracle AS Common Toplevel Component on Oracle AS Common Toplevel Component home ,Oracle Identity Management 11g Patchset on Oracle Identity Management 11g home completed successfully.

Configuring OID with ODIP, ODSM and Fusion Middleware Control in a new WebLogic Domain

At this point you now need to configure your installation of OID11g. I went with the option of configuring OID with ODIP, ODSM and Fusion Middleware Control in a new WebLogic Domain. I wanted ODIP as an option to connect and synchronize to AD, ODSM and Fusion Middleware Control (FMC) for the GUI management and monitoring, and a new WebLogic Domain (for ODSM and FMC) since I don't have one that I would like to use currently. Please check the documentation for configuration using other options.

The steps to conduct the configuration are below. Note that I've not had any success doing a silent command line installation and as such the GUI method is what is shown. I suspect this is the only option thus far unless I am missing something (not unlikely) though I have attempted many options.

1. Start the configuration as the oracle user by running '$ORACLE_HOME/bin/config.sh':

Click 'Next' to continue to the next screen...

2. Enter the credentials for the new domain's user, along with the domain name. Click on 'Next' to continue.

3. Confirm and/or correct the locations for the WebLogic Server and Oracle Instance directories as well as specify an Oracle Instance Name. When completed click 'Next' to continue.

4. The next screen concerns the usual security notifications. I do not care for security updates so I simply continued.

5. Select Oracle Internet Directory and Oracle Directory Integration Platform. The Oracle Directory Services Manager and Fusion Middleware Control management components are automatically selected for this installation. Ensure no other components are selected and click 'Next' when completed to continue.

6. Select Auto Port Configuration to allow the installer to configure ports from a predetermined range. Click 'Next' when completed to continue.

7. We already used RCU to create and configure the OID schema so here we just need to select 'Use Existing Schema', enter the connection details to the repository database in the form '::' and enter the ODS schema password. Click 'Next' when completed to continue.

8. Next up is the OID information, i.e. the realm and administrator ('orcladmin') credentials. Click 'Next' to continue to the installation summary when completed.

9. Following the installation summary you will see the configuration progress screen.

10. If all goes well you will see the Installation Completion screen

Installation Verification

To verify a successful installation you should run the following commands:

1. Execute '$ORACLE_INSTANCE/bin/opmnctl status -l'

Processes in Instance: asinst_1

---------------------------------+--------------------+---------+----------+------------+----------+-----------+------

---------------------------------+--------------------+---------+----------+------------+----------+-----------+------

oid1 | oidldapd | 8245 | Alive | 1068702846 | 375296 | 67:57:58 | N/A

oid1 | oidldapd | 8229 | Alive | 1068702845 | 95868 | 67:57:58 | N/A

oid1 | oidmon | 8214 | Alive | 1068702844 | 83744 | 67:57:58 | LDAPS:3131,LDAP:3060

EMAGENT | EMAGENT | 7402 | Alive | 1068702843 | 63908 | 68:01:31 | N/A

2. Execute the '$ORACLE_HOME/bin/ldapbind' command on the Oracle Internet Directory for non-SSL and SSL ports. Note that ORACLE_HOME must be set correctly (i.e. not the DB_HOME).

On Non-SSL ports:

$ORACLE_HOME/bin/ldapbind -h -p -D cn=orcladmin -w

On SSL ports:

$ORACLE_HOME/bin/ldapbind -h -p -D cn=orcladmin -w -U 1

Enabling WebLogic Startup

Every time an Administrator wants to run the WebLogic startup script, he/she is prompted with username and password. If the administrator wants to be configure weblogic to startup on bootup or reboot, then they will need the username and password to be automatically recognized. To enable WLS startup without password prompting create $DOMAIN_HOME/servers/AdminServer/security/boot.properties and $DOMAIN_HOME/servers/wls_ods1/security/boot.properties files with entries:

username=weblogic
password=wlsP#ssw0rd

After the initial startup, the password will be encrypted.

Summary

So now you have your first OID instance up and functional. All that is left is some configuration and tuning after some period of being operational. I will end the series on OID11g here but will try and follow-up with some further entries on setting up LDAP multi-master replication (MMR), backup/recovery and migration from 10g. I would like to point out that you should enable anonymous binds which are disabled by default. Otherwise, you will receive the error:

"Configuration exception: Could not check for the Oracle Schema:

oracle.net.config.ConfigException: TNS-04409: Directory Service Error"

When attempting to use DBCA to add your database to OID. This can be done in two ways:

Using OEM11g Fusion Middleware Control

a. Navigate to "Identity and Access' -> oid1

b. Click on 'Oracle Internet Directory' and select 'Administration' -> 'Server Properties'

c. Switch 'Anonymous Bind' from 'Disallow except for Read Access on the root DSE' to 'Allows'

d. Click 'Apply'

Using Command-line

ldapmodify -D cn=orcladmin -q -p 3060 -h orads01.na.ds.g240.lab -f [ldifFile]

LDIF File:

dn: cn=oid1,cn=osdldapd,cn=subconfigsubentry

changetype: modify

replace: orclAnonymousBindsFlag

orclAnonymousBindsFlag: 1

Friday, April 13, 2012

WebLogic Server (WLS) Installation

I was going to this blog entry under my OID series but it occured to me that it made more sense to do a generic installation blog post instead given WLS is used by OID, OEM and many other components with which I've used and the only difference would be the WLS version used. The installation process is the same for 10.3.4 to 10.3.6. I can't vouch for other versions since I've not used prior versions and 12c is a bit different. So without further ado here is the install process, first the usual command line silent installation and then the GUI method.

Common Step - JDK Installation

1. Install a certified version of JDK to use. In the case of WLS 10.3.5 this would be JDK 1.6.0_24

For Oracle JRocket (required a GUI):

chmod +x jrockit-jdk1.6.0_24-R28.1.3-4.0.1-linux-x64.bin
./jrockit-jdk1.6.0_24-R28.1.3-4.0.1-linux-x64.bin

For Sun JDK:
chmod +x jdk-6u24-linux-x64.bin
./jdk-6u24-linux-x64.bin

2. I like to setup the environment for the installation process, specfiically calling out the location of the Java version to use. This would be required if you have multiple Java installations and you want to ensure the correct location/version is used.

export JAVA_HOME=/u01/app/oracle/jdk
export PATH=$JAVA_HOME/bin:$PATH

Method 1: Command Line Silent Installation

1. Build or edit the "silent.xml" file as below:

<?xml version="1.0" encoding="UTF-8"?>


<bea-installer>
<input-fields>
<data-value name="BEAHOME" value="/u01/app/oracle/fmw" />
<data-value name="WLS_INSTALL_DIR" value="/u01/app/oracle/fmw/wlserver_10.3" />
<data-value name="COMPONENT_PATHS" value="WebLogic Server/Core Application Server|WebLogic Server/Administration Console|WebLogic Server/Configuration Wizard and Upgrade Framework|WebLogic Server/Web 2.0 HTTP Pub-Sub Server|WebLogic Server/WebLogic SCA|WebLogic Server/WebLogic JDBC Drivers|WebLogic Server/Third Party JDBC Drivers|WebLogic Server/WebLogic Server Clients|WebLogic Server/WebLogic Web Server Plugins|WebLogic Server/UDDI and Xquery Support|Oracle Coherence/Coherence Product Files" />
<data-value name="LOCAL_JVMS" value="/u01/app/oracle/jdk"/>
</input-fields>
</bea-installer>

Save the file in the same location as the installation program ("/u01/app/stage" in my case).

2. Run the installation as the oracle user:

cd /u01/app/stage/
java -d64 -Xms512m -Xmx1024m -jar wls103x_generic.jar -mode=silent -silent_xml=/u01/app/stage/silent.xml

Extracting 0%....................................................................................................100%
Jan 24, 2012 3:10:29 PM java.util.prefs.FileSystemPreferences$2 run
INFO: Created user preferences directory.

Method 2: GUI Installation

1. Run the installation as the oracle user:

For Oracle JRocket:
java -Xms512m -Xmx1024m -jar wls103x_generic.jar

For Hybrid Oracle/Sun JDK:
java -d64 -Xms512m -Xmx1024m -jar wls103x_generic.jar

2. Choose the location of middleware home:

3. Optionally register for security updates. I tend to decline since this is not production, but feel free.

It requires internet access so if you don't have, you should decline otherwise you will be greeted with the message below (you can also setup your proxy access here as well):

4. Select "Typical" installation. If you want to be a bit more specific in the components select "Custom" but ensure all the expected components are installed as expected by the application.

5. Next up is the JDK select screen. The installation will detect the available JDK versions on your server if you have multiple versions and allow you to select the appropriate version. Select the correct version.

6. Specify the product installation directories:

7. You are presented with an installation summary where you can review what products will be installed:

8. Following is the actual installation process where you can view the progress:

9. Following a successful installation the completion screen is shown. Deselect the option to run the Quickstart process and you have completed your WLS installation:

Wednesday, April 11, 2012

Oracle Internet Directory (OID) 11g: Part III - Schema Installation

This is part II in the series I started on installating and setting up OID11g (11.1.1.5.0) which is part of Oracle Fusion Middleware 11g and in this case licensed under Oracle Directory Services Plus. Please check my previous posts on licensing and requirements for those details. For this posting I'm assuming you've already created a certified repository database and are now ready to install and setup the OID schemas. In my case I created an 11.2.0.3 EE single instance database repository using ASM for storage management. Check my blog entries for details on installing and setting up Grid Infrastructure, and installing and creating a database. Yes, I know these are shameless plugs for additional page views and I would also appreciate you clicking on a few advertiser links while there as well, thanks!

The OID 11g installation will no longer create a repository so this must be done upfront. You do have the option of setting up the schemas but using the Repository Creation Utility or RCU upfront is recommended. RCU is a tool to create the repositories scheams for various Fusion Middleware tools, which in this case we will be using it to create schemas required for OID and DIP (Directory Integration Platform). What is RCU exactly? It is effectively the replacement in FMW 11g for the Oracle Application Server 10g Metadata Repository Creation Assistant (also known as MRCA or RepCA). The documentation will tell you that RCU can be downloaded from MOS, OTN and Oracle e-Delivery Cloud but for me it was a bit difficult to locate the actual download except for the latter, i.e. Oracle e-Delivery Cloud, so this is where I'd recommend searching to save time and effort. The RCU version must match the version of FMW or rather OID that you intend to use, which in my case is 11.1.1.5.0. I prefer command line installations since they can be scripted and run without user interaction so I'll start out with that method and show the GUI interactive method following.

Setup
1. Extract the download to a staging directory and export the location to your environment as RCU_HOME:

$> export RCU_HOME=/tmp/stage/rcu

2. RCU is apparently a 32-bit installation and requires a 32-bit OS to install but it is possible since 11.1.1.4.0 to install from a 64-bit OS:

$> set linux32 bash

Method 1 - Using Command Line in Silent Mode

3. Create a text file which contains the various passwords in sequence of being prompted:

$> vim rcupwd.txt
sysP#ssw0rd
odsP#ssw0rd
odsP#ssw0rd

The first password is for SYS, the second and third are for the Oracle Directory Services or ODS schema. It is repeated since there are two prompts for this user's password.

4. I prefer to use ASSM for my tablespaces but by default RCU does not create all the required tablespaces for the schemas as such. A bit curious given Oracle's constant recommendations on this front but not completely unexpected if you've done repository installations before. Modify file $RCU_HOME/integration/oid/oid_Storage.xml replacing as shown below:

<TablespaceAttributes NAME="OLTS_BATTRSTORE" >
<AutoSegmentSpaceManagement>false</AutoSegmentSpaceManagement>
...
<TablespaceAttributes NAME="OLTS_SVRMGSTORE" >
<AutoSegmentSpaceManagement>false</AutoSegmentSpaceManagement>
TO
<TablespaceAttributes NAME="OLTS_BATTRSTORE" >
<AutoSegmentSpaceManagement>true</AutoSegmentSpaceManagement>
...
<TablespaceAttributes NAME="OLTS_SVRMGSTORE" >
<AutoSegmentSpaceManagement>true</AutoSegmentSpaceManagement>

This ensures all TBS are created with ASSM as the database default of local extent management will be picked up. You may need to modify the extend sizes for the DBF manually after installation to ensure all extents are spread across all ASM disks for your AU size.

Installation

5. Run the RCU installation:

$> cd $RCU_HOME/bin

$> ./rcu -silent -createRepository -databaseType ORACLE -connectString [orads01.mydomain.lab:1521:dsrep.mydomain.lab] -dbUser sys -dbRole SYSDBA -component OID -variables RCU_LOG_LOCATION=/tmp -schemaPrefix LAB -f < rcupwd.txt

Processing command line ....

Repository Creation Utility - Checking Prerequisites

Checking Global Prerequisites

Repository Creation Utility - Checking Prerequisites

Checking Component Prerequisites

Repository Creation Utility - Creating Tablespaces

Validating and Creating Tablespaces

Repository Creation Utility - Create

Repository Create in progress.

Percent Complete: 0

Percent Complete: 35

Percent Complete: 29

Percent Complete: 91

Repository Creation Utility: Create - Completion Summary

Database details:

Host Name : orads02.mydomain.lab

Port : 1521

Service Name : DSREP.MYDOMAIN.LAB

Connected As : sys

Prefix for (non-prefixable) Schema Owners : DEFAULT_PREFIX

RCU Logfile : /u01/app/rcuHome/rcu/log/logdir.2012-01-24_13-37/rcu.log

Component schemas created:

Component Status Logfile

Oracle Internet Directory Success /u01/app/rcuHome/rcu/log/logdir.2012-01-24_13-37/oid.log

Repository Creation Utility - Create : Operation Completed

You can get the meaning of the various arguments I've used from the RCU documentation but they are pretty self explanatory.

Method 2 - Using the GUI

1. Issue the command:

$> $RCU_HOME/bin/rcu

On the welcome screen, click "Next".

2. Select "Create" for creation of the schemas:

3. Input the connection details into the appropriate fields, as shown in the screen shot:

RCU will verify the information by making a test connection while also verifying that the database requirements are met to act as a repository:

4. Select the components to install, which is "Oracle Internet Directory". I also chose the "Directory Integration Platform" in my case though this is not shown in the screen shots.

RCU checks that the component prequisites are okay.

5. The tablespace mapping is shown. I suggest leaving the defaults with the possible exception of the temp changed if needed (I changed mine to TEMP). You can manage the settings (such as ASSM and so on) via clicking on the "Manage Tablespaces" button.

A confirmation box is displayed informing any non-existent tablespaces are about to be created, which is followed by another completion confirmation box:

6. The summary screen is displayed which indicates you are about to begin creation of the schemas:

7. Once completed summary completion screen is shown:

At this point setup of the OID repository is complete and you can move on to the installation of WebLogic or OID software which I will demonstrate in another blog entry. The sequence does not matter since only the software for OID will be installed (and patched), however, the WLS piece and all other pre-requisites (DB repository) should be in place prior to starting OID configuration.

Thursday, February 16, 2012

Using udev to configure disks for ASM in Linux

I've never been the biggest fan of Oracle ASMLib. While it is far easier to configure disks for ASM using ASMLib than udev or multipath, it also added an additional requirement for rpms, an additional layer in the stack, and dependency on the kernel version. An internet search will reveal numerious discussions on this very topic, with many having a preference to not use ASMLib. However, due to the increased ease of configuration, strong recommendations from Oracle and believed performance improvements I had always used ASMLib. For what it's worth, there does seem to be some truth behind ASMLib having a performance benefit as though I've not personally tested it, I have read blog postings where its removal resulted in greater CPU usage. If you have enough resources this is not a major concern though over time it may end of being the case.

My stance, and I would think a lot of others, have since changed with the recent developments in Oracle's competition with Red Hat. To be more specific, MOS note "Oracle ASMLib Software Update Policy for Red Hat Enterprise Linux Supportd by Red Hat [ID 1089399.1]", the quote of interest being:

"For RHEL6, Oracle will only provide ASMLib software and updates when configured with a kernel distributed by Oracle. Oracle will not provide ASMLib packages for kernels distributed by Red Hat as part of RHEL6. ASMLib updates will be delivered via Unbreakable Linux Network(ULN) which is available to customers with Oracle Linux support. ULN works with both Oracle Linux or Red Hat Linux installations, but ASMlib usage will require replacing any Red Hat kernel with a kernel provided by Oracle."

With this note, I've since been devoting time to updating my Oracle database standards for Linux, i.e. SLES and RHEL since we are not an Oracle Linux shop and have no plans to pursue such a course (nothing personal Oracle, it's just business). So I began work on what I though was simply making a few modifications to use udev instead of ASMLib following which I'd do due diligence to test it out on our standard versions of SLES and RHEL. I've used it before on RHEL and it should prove simple enough, right?

The Case of the Missing SCSI ID

I was so wrong. When I tried to obtain the SCSI ID for the disks during my testing nothing was returned. I spent some time researching, but came up empty until I realized I was not searching correctly. You see we now run most of our Linux environments on VMware vSphere and I was not using this in my search terms. Correct input and bingo! Seems there is a known issue where by default VMware does not expose SCSI IDs for the disks. To correct this you will need to:

Shutdown your VM guest
In vCenter, right click your VM guest in the LHS pane and select 'Edit Settings...' (can also be obtained directly via 'Summary' tab)
Click the 'Options' tab
Select the 'Advanced -> General' navigation item on the left side and click the 'Configuration Parameters...' button displayed on the right
Click the 'Add Row' button
Add the name 'disk.EnabledUUID' with a value of 'TRUE' (no quotes of any kind) and click 'OK' all the way through the screens to save
Restart your VM guest and enjoy receiving SCSI IDs

An alternate method is to use a text editor and add the entry disk.EnabledUUID="TRUE" to your VM guest's VMX file and restart your VM guest.

UDEV Steps
Now onwards with the steps for udev configuration!

1. Add the "options=-g" line to the /etc/scsi_id.config file as the root user.

2. Obtain the SCSI ID for your disks as the root user:

/sbin/scsi_id -g -s /block/{sd_device}

3. Create a udev rules file in /etc/udev/rules.d directory as the root user with entries similar to the below:

vi /etc/udev/rules.d/99-udev-oracle.rules
# ####################################################
# FILE: 99-udev-oracle.rules
# DESC: UDEV rules file for Oracle ASM functionality.
# Should be placed under /etc/udev/rules.d
# ####################################################
# DATA disks
KERNEL=="sd*",BUS=="scsi",ENV{ID_SERIAL}=="{scsi_id}", NAME="asmdisk1", OWNER="oracle", GROUP="oinstall", MODE="660"
# FRA disks
KERNEL=="sd*",BUS=="scsi",ENV{ID_SERIAL}=="{scsi_id}", NAME="asmdisk2", OWNER="oracle", GROUP="oinstall", MODE="660"

4. Stop and start udev as the root user:

/etc/init.d/boot.udev stop
/etc/init.d/boot.udev start

The SCSI devices can now be accessed by ASM, and you can set your ASM_DISKSTRING parameter to be "/dev/asmdisk*".

Monday, February 13, 2012

Oracle Internet Directory (OID) 11g: Part II - Requirements and Components

The first part of this series on OID 11g focused on purchasing and licensing OID. Now we are ready to focus on what you is needed for a functional OID implementation. Before we get into the details, it is useful to explain what is OID and some of its components.

What is OID?
OID, a component of Fusion Middleware, is a general purpose LDAPv3 compliant directory store. Based on configuration it can scale, be highly available and secure. Most would initially use it for Directory Naming, as a central store for database connectivity details. This would alleviate clients from requiring a local TNSNAMES.ORA file (reduces management and improves efficiency), though instead they would typically require an LDAP.ORA file. This file stores the LDAP connection details, i.e. the OID hostname/IP, connection ports, and realm.

OID can also serve as the central repository for user identification and role information which again reduces management and improves efficiencies. You may think this sounds like Microsoft Active Directory (MSAD) and you would be right! They are both LDAP directories, however, Oracle does not speak with MSAD (or any other LDAP directory) out-of-box directly and this is where OID comes into play. There is also Oracle Virtual Directory (OVD) which acts as a virtual directory service, being a front-end to any LDAP directory and is a valid alternative if you don't have OID or you have multiple directory servers and are okay with extending the directories schema to support the Oracle meta-data. However, you may run into organization constraints extending your MSAD schema which in my case is what occured.

How does OID integrate with MSAD?
There are a few options when integrating OID to your existing LDAP directory store and in this post I'll focus on MSAD though the concepts are similar to other LDAP directory stores with only the details being different. Reviewing the options in the arcticle here (this is rather dated but seems still relevant and its not like Oracle has anything more recent) lead to me to several thoughts. Originally I thought to use the Directory Integration Platform (DIP) tool to synchronize passwords between MSAD and OID but that required installing the Active Directory Password Filter on each domain controller. This of course is simply not practical given the number of AD controllers and corporate policies and was immediately rejected by the Windows Admins. Another option I explored was Server Chaining but that would only work with one AD controller and required a plug-in for password change notification. Even with some creative workarounds such as using a round-robin or LB front end for some of the MSAD controllers, the plug-in had to exist on each domain controller. Again, not practical and rejected.

To take a step back, MSAD and Oracle do not use compatible hashing algorithyms for their passwords so when a user changes their AD password Oracle needs a way to capture that password, and hash it in its own format for transmission to OID. This is why the Password Filter and even the plug-in are required, and on each domain controller since the change may occur on any controller. To be fair we are currently trying to implement an IDM product from another vendor as well and it has run into the same problems so this is not anything specific to OID and MSAD.

At this point it seems my only option is using a combination of Kerberos and Server Chaining. We already use Kerberos via QAS (Quest Authentication Services) for our UNIX/Linux integration to MSAD so their is some experience. Kerberos is rather difficult I've been told and I'll just have to see how things go when I start the detailed implementation in the lab. If anyone has thoughts, experiences or details around how they successfully integrated OID and MSAD please do contact me, I would love to discuss. Such details seem to be not exact in the blogosphere, forums and definitely documentation. My vision is below:

OID Components and requirements
The basic components are:

Database Repository - This database is where OID stores all its information and can be Standard Edition (SE) or Enterprise Edition (EE). Directory Services Plus comes with a restricted use license for SE (as seen here), iAS comes with restricted use of SE and EE (or so it would seem here), though complicating all this is the statement mentiond in my Part I of this series (so I've no idea but am going with what Oracle has stated). You can visit MOS for the current listing of certified versions, I chose 11.2.0.3 EE (single instance). The basic requirements are listed in MOS note 872885.1 and documentation here:

Character Set = AL32UTF8
aq_tm_processes=1
db_block_size=8192
db_cache_size>=144M
dml_locks>=200
java_pool_size>=120M
job_queue_processes>=10
open_cursors>=500 (800 for RAC)
shared_pool_size>=175M
session_max_open_files>=50
sessions>=500
processes>=500 (2500 for RAC)
sga_target>=4G
pga_aggregate_target>=2G
session_cached_cursors>=500
_b_tree_bitmap_plans=FALSE

WebLogic Server (WLS) - I am using OID 11.1.1.5.0 so the certified WLS version is 10.3.5. Note that this is not required if you don't need a nice interface such as ODSM and Fusion Middleware Control to OID. I would recommend though that you install WLS as you lose nothing since you still have command-line and gain a nice interface for those times when you need a pretty face.

Following the installaton of the above required components, you can proceed with the installation of OID itself which, for my own installation consisted of:

Oracle Directory Services Manager (ODSM) - This is a web-based interface for managing instances of OID and OVD and replaces Oracle Directory Manager (ODM) which is now deprecated.

Oracle Enterprise Manager Fusion Middleware Control - This is a graphical interface that provides comprehensive systems management for Oracle Fusion Middleware including OID (target ype). Based on the name you would think you could just use regular OEM but thus far I've not had time to investigate this thoroughly.

Oracle Directory Integration Platform (DIP) - Provides directory synchronization capabilities which includes connectors for out-of-the-box synchronization with Novel eDirectory, and MSAD. This of course is only required if you are seeking such functionality.

Oracle Internet Directory (OID) - The internet directory component itself. Note that I am using version 11.1.1.5.0 which is actually a patchset and requires installation of 11.1.1.2.0 and then the application of the patch ontop. This is a bit strange since there are components within Fusion Middleware 11.1.1.5.0 which are self-contained installations and not patches, much like the Oracle Database 11.2.0.x software. I'm hoping Oracle will give this, along with every Oracle product, similar treatment to be installed as self-contained units instead of patches. I find this leads to clearner, more streamlined and less error-prone installations along with better out-of-place patching.

Note about High Availability
There are many options for HA with OID. The one I've chosen, as shown in my diagram, uses two OID servers each running separate OID and database instances; synchronized via LDAP multi-master replication (MMR), and optional fan-out replicas. Unless you are planning a single OID instance, I do not believe RAC makes a lot of business sense given you get the same features (availability, scalability and performance) along with others (rolling upgrades) from MMR. Using LDAP instead of database MMR provides better granular control over the replication process as an option (security, and performance) though if using SSO you will need to use database MMR. The fan-out replication is essentially just LDAP MMR with the synch process being down stream read only (and possibly filtered).

Oracle Internet Directory (OID) 11g: Part I - Which License?

Well, it has been quite some time since I last posted but I've been kept busy doing a lot of different things at work and of course family life. One such thing that has kept me occupied at work is getting up to speed on Oracle Internet Directory (OID) 11g. My previous experiences with OID were to do with merely using it much like most other people. Yes, I knew how it worked at the high level and of course what it was for, but not the internals such as how to do an installation, configuration, migrations, upgrades, patching, maintenance, backup/recovery, and other fine grained details. To be honest I still don't know a LOT of this stuff as the more I get to know OID the more I realize how much I did not know about directories and their internals and how much I appreciate the need for a separate Identity Management (IDM) Administrator. There is simple a lot to know and do, much like a normal DBA.

Anyways, the point of this series of blogs is to try and help others by exposing a lot of the simple things which I now know. Things such as installation and requirements, backup/recovery, configuration, a few notes on designs and usage, and some license assistance. By far the trickiest thing for me was the licensing which is the focus of this first blog.

How do I get OID?
At first glance this might seem like a simple topic and is exactly what I though. However, OID is bundled, and can be purchased as well, with a variety of software suites such Internet Application Server or iAS, Identity Manager, and Directory Services Plus as examples. You will need to purchase the correct suite, which depends on your actual need or usage, otherwise you may end up buying software and licenses you don't need and spend excessive capital funds as the cost depends on the suite and can be quite a large difference. Case in point:

Directory Services Plus: $50,000 per processor (+$11,000 for maintenance)
Internet Application Server (EE): $35,000 per processor (+$7,700 for maintenance)
Internet Application Server (SEO): $11,500 per processor (+$2,530 for maintenance)
Internet Application Server (SE): $5,800 per processor (+$1,276 for maintenance)

This listing does not include the other suites in which you can obtain OID, they are just examples as to the varying prices (and options). Of course, each suite also has different pieces, and restricted use licenses for varying included components. The latest pricing information can be obtained here, with FMW11g license information here. I know what some may be thinking that this is just Fusion Middleware. Yes, but Fusion Middleware is the broad software suite name, out of which you purchase individual application suites (such as those I've mentioned). Going through the various options and such is too much for a simple blog posting so I'll just say my current employ licensed OID via iAS as at the time that was the best option. Now it seems the best option, based on our current and future usage, is Directory Services Plus. This means new licenses, or does it?

OID for free!
Apparently, and I say this because regardless of going through 2 months of discussions via email and phone with Oracle sales representatives and product specialists I'm still a little confused, if you are only using OID for Directory Naming, then there is no license to be purchased. Below is the key statements taken from the "Oracle Database License Information 11g Release 2 (11.2)" manual which brought about this conclusion:

"The following restricted-use licenses are included with Oracle Database 11g in the editions indicated:

• A restricted-use license for Oracle Internet Directory (OID) is included with all editions (except for Oracle Database Express Edition) if users use the Directory Naming feature to configure Oracle Net Services. OID may not be used or deployed for other uses. Please contact your Oracle sales representative for additional information on Oracle Internet Directory (OID)."

A colleague of mine was of the opinion this meant either you can license the Oracle DB EE as the repository and use the OID mid-tier piece without cost based on this statement, or license the OID mid-tier and not the repository database (since OID also comes with a restricted use license for using the Oracle database). I though (or more hoped) this meant a license similar to OEM where the OID mid-tier does not need a license (and neither does its restricted use database repository) so long as each remote client database is only using it for Directory Naming. Turns out Oracle was of the same thinking as myself. But the problem is the license seems like such an interpretation. In any case, until we expand usage from Directory Naming into identity management we can save on some capital expenditure (CAPEX) for this financial year.

Conclusion
OID is bundled with many different software suites which all fall under the Fusion Middleware umbrella. Choosing the correct suite is important in getting the best deal, but if you only need the Directory Naming functionality it is already included in your database license purchase (so there is no cost). I would strongly recommend you check this out with your own Oracle sales representatives and if you are given a different response please do let me know! It has been my experience that licenses are different based on who you ask within Oracle and what type of relationship you have with Oracle (i.e. how big or important of a customer you are). You may disagree with this statement but that has been my experience.

In my next piece I will explore the requirements and installation of some required components for OID11g.