Skip to Content
Technical Articles

Security and upgrading to Oracle Database 18c

Introduction

The Oracle Database 18c is marketed as the first autonomous cloud database.

Before Oracle Database 18c database administration was assumed the effort of customer’s own database management team. Tasks related to patching, performance tuning, indexing, and partitioning required manual and costly efforts.

With Oracle Database 18c, manual database administration efforts can be limited. Oracle Database 18c should also bring more benefits when used in Oracle cloud environment according to the database vendor:

  • less manual database administration effort (patching, upgrades, and backups can be done automatically)
  • no delays with down-times or waiting for manual steps
  • no down-times when adding storage
  • reduced complexity of database
  • improved reliability and security included automated threat detection and remediation
  • reduced operational cost
  • reduced tuning, performance, optimization activities
  • optimized consumption of resources

Oracle Database 18c uses machine learning to reduce human errors.

Oracle Database 18c can be however also used as on-premise database.

It is important to mention that the Oracle Database 18c autonomous operation, the database’s key feature, is only available and offered as cloud and is not available if your organization chooses to install and run the database on-premise.

If you are going to upgrade the Oracle database of your SAP NetWeaver system to Oracle Database 18c, you can use the collection of SAP notes and SAP and Oracle documentation listed below as a reference to plan, prepare and perform the upgrade.

As for the starting point to analyze and to prepare the project plan we can use the note:

SAP Note 2660027 – Upgrading to Oracle Database 18c

It describes the relevant steps and contains information including security settings about current upgrade limitations and restrictions.

The upgrade project steps include planning, preparing, pre-upgrade steps for both SAP and Oracle, upgrade with DBUA, post-upgrade activities in both SAP and Oracle database.

The note also contains information about Oracle 18c patching.

SAP support for Oracle Databases

For questions related to SAP NetWeaver and Oracle Database long-term support planning read:

2606828 – Oracle Database Roadmap for SAP NetWeaver

Oracle Database 18c Upgrade and Installation

The following SAP Notes are relevant for the Oracle Database 18c and SAP upgrade and installation.

Check the following SAP Notes before you upgrade to Oracle Database 18c:

SAP Note 2660017 – Oracle Database 18c software installation on Unix

SAP Note 2660018 – Oracle Database 18c software installation on Windows

SAP Note 2660020 – Central Technical Note for Oracle Database 18c

More Oracle Database information:

Oracle Database 18c Install and Upgrade Manuals

Oracle Database 18c Documentation

SAP Note 2470718 – Oracle Database 18c parameter settings

SAP Note 2540847 – SAP Guides for Oracle Database Upgrades

New Oracle Database 18c Security features

The following new security features were introduced to the Oracle Database 18c:

Ability to create a user-defined master encryption key

This feature enables the customer to generate keys outside the Oracle Database, in customer’s own trusted environment so there is also no need to rely on the cloud provider encryption.

Encryption of sensitive data in database replay files

Encrypted data is protected from unauthorized access and allows the customer to ensure the solution remains compliant.

Integration of Active Directory Services with Oracle Database

In Oracle Database 18c there is direct integration with Microsoft Active Directory available that supports better database security through faster and easier configuration with the enterprise identity management solution.

Oracle Connection Manager in Traffic Director Mode

The Oracle Connection Manager in Traffic Director Mode from Oracle Database 18c allows:

  • Transparent performance enhancements and connection multiplexing
  • Applications get increased scalability with load balancing
  • Zero application downtime for planned database maintenance, Pluggable Database Relocation as well as unplanned database outages for read-mostly scenarios
  • High Availability to avoid a single point of failure
  • Security and isolation with database proxy supporting TCPS and protocol conversion
  • Firewall based on the IP address, service name, and secure socket layer/transport layer security (SSL/TLS) wallets
  • Tenant isolation in a multi-tenant environment
  • Protection against Denial-of-Service and fuzzing attacks
  • Secure tunneling of database traffic across Oracle Database on-premises and Oracle Cloud

PDB lockdown profile enhancements

This feature enforces security and isolation in PDB provisioning.

Single network support for application clusters

The feature simplifies the implementation of application clusters into infrastructures with limiation of the number of networks per server.

Single network support reduces the need for maintaining different network connections for the private cluster interconnect and the public network.

More details on Oracle Database 18c Security

The Oracle Database 18c Licensing details you can find in Oracle Database 18c Licensing Manual

what security features and options are available in what license version. The Oracle Database 18c Enterprise Edition and Oracle Database Enterprise Edition on Engineered Systems allow for most of the security features with the additional Oracle Advanced Security option.

Important SAP and Oracle Database security-related topics are explained in the following SAP notes:

SAP Note 2218115 – Oracle Database Vault for SAP NetWeaver

SAP Note 2591575 – Using Oracle Transparent Data Encryption (TDE) with SAP NetWeaver

SAP Note 973450 – Oracle network encryption and data integrity

SAP Note 2572276 – Password Complexity Verification Function

SAP Note 1868094 – Overview: Oracle Security SAP Notes

and in the Oracle Security documentation:

Oracle Database 18c Security Guide

Oracle Database 18c Security documentation

Conclusions

The Oracle Database 18c is a major step forward for the Oracle database and installation and upgrade projects as always require careful preparation.

Not all potential benefits of the Oracle Database 18c are available if the database is installed on-premise.

Make sure to understand licensing differences, which are documented in the Oracle Licensing Manual.

Each database upgrade can differ depending on the configuration options and may require recovery so always be prepared for the environment full backup and recovery.

 

Be the first to leave a comment
You must be Logged on to comment or reply to a post.