Scribd
Upload
760 views

Oracle 19c New Features

Oracle Database 19c is a long term support release that provides several new features to improve performance, including automatic indexing to identify and validate candidate indexes, memory optimized rowstore to enable fast data ingestion for IoT workloads, and performance improvements for COUNT DISTINCT and GROUP BY queries. It allows direct upgrades from prior releases and runs on multiple platforms. Automatic indexing analyzes workloads and automatically builds and validates indexes to improve performance similar to expert manual tuning.

Uploaded by

Gonzalo López Coloma
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
760 views

Oracle 19c New Features

Oracle Database 19c is a long term support release that provides several new features to improve performance, including automatic indexing to identify and validate candidate indexes, memory optimized rowstore to enable fast data ingestion for IoT workloads, and performance improvements for COUNT DISTINCT and GROUP BY queries. It allows direct upgrades from prior releases and runs on multiple platforms. Automatic indexing analyzes workloads and automatically builds and validates indexes to improve performance similar to expert manual tuning.

Uploaded by

Gonzalo López Coloma
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 67

Oracle Database 19c

New Features
Valentin Leonard Tabacaru
Principal Product Manager
October 2019

1 Oracle Database 19c New Features


Safe harbor statement

The following is intended to outline our general product direction. It is intended for information
purposes only, and may not be incorporated into any contract. It is not a commitment to deliver
any material, code, or functionality, and should not be relied upon in making purchasing
decisions.

The development, release, timing, and pricing of any features or functionality described for
Oracle’s products may change and remains at the sole discretion of Oracle Corporation.

2 Oracle Database 19c New Features


Oracle Database : 40 Years of Innovation

• Worlds most popular database


• Scales from a single CPU to
thousands of CPUs
• Manages both OLTP and Data
Warehousing workloads
• The most secure and highly available
database for the enterprise

3 Oracle Database 19c New Features


Database Release and Support Timelines
2009

2010

2011

2012

2013

2014

2015

2016

2017

2018

2019

2020

2021

2022

2023

2024

2025

2026

2027
11.2.0.4 EXTENDED

12.1.0.2 EXTENDED

12.2.0.1

18c
19c EXTENDED*

*Oracle Database 19c is the long term support release.


Always check MOS Note 742060.1 for the latest schedule.
Premier Waived Extended Support Fee Paid Extended Support

4 Oracle Database 19c New Features


Direct Upgrade to Oracle Database 19c

11.2.0.4

12.1.0.2

12.2.0.1

12.2.0.3
12.2.0.2

5 Oracle Database 19c New Features


Production on
Exadata, Linux,
Solaris, Windows,
ZLinux, AIX and
HP-UX

6 Oracle Database 19c New Features


Core aims :
Long Term
Stability

7 Oracle Database 19c New Features


Long Term
Support Release of
the 12.2 Family

12.2.0.1 12.2.0.2 12.2.0.3


8 Oracle Database 19c New Features
Database Release and Support Timelines
Today

9
*Oracle Database 19c is the long term support release.
Oracle Database 19c New Features
Always check MOS Note 742060.1 for the latest schedule.
Database Software Innovation in 19c

In-Memory for IoT


Data Streams
Updates on Active
Data Guard Standby

Automatic Indexing

SQL Query of Object Stores


SALES TABLE

Q1 Q2 Q3

12.2.0.1 12.2.0.2
Global Fault-Tolerant 12.2.0.3
Key Vault

10 Oracle Database 19c New Features


New Install Approaches

• Oracle Database 18c and 19c


RPM Install
Yum install from OLN
• No click-through Oracle
Client software install
• Oracle Read Only Homes
• Oracle Docker images

11 Oracle Database 19c New Features


Performance

12.2, 12.2 18c, 19c


§ 18c
§ 12.1 • Memory Optimized Row Store
• In-Memory Column Store § 19c
• Engineered Systems • Fast ingest support for IoT type workloads
§ 12.2 • Stats Only Queries
• In Memory JSON Queries • Improvements for COUNT DISTINCT and
GROUP BY queries
• In Memory Active Stand By
• SQL Quarantine

12 Oracle Database 19c New Features


Automatic Indexing

Capture • The Automatic Indexing methodology


is based on a common approach to
manual SQL tuning
Monitor Identify • It identifies candidate indexes and
validates them before implementing
• The entire process is fully automatic
• Transparency is equally important as
sophisticated automation
Decide Verify All tuning activities are auditable via
reporting

13 Oracle Database 19c New Features


Automatic Indexing In Action On Netsuite Workload

Ran a complex Netsuite workload, and compared ATP to existing expert tuning
17,542 SQL statements, 1,852 tables, 8,151 indexes - years of tuning to create these indexes
Before running on ATP, all indexes and statistics were dropped

1172 1155 4663

Elapsed Indexes
Expert Autonomous Expert
Time Used 1733
(sec)
Autonomous

Achieved identical performance to expert manual tuning


Stays tuned as workload changes
14 Oracle Database 19c New Features
Automatic Indexing in Action
PERFORMANCE IMPROVEMENT BY AUTO INDEX TASK
Workload:
Transaction Processing workload 43 auto Indexes created,
from an Oracle internal system built, and validated in
30min

CPU USAGE(USER%+SYS%)
Default:
Manual tuned with all integrity
constraints and secondary
indexes
No Secondary Indexes:
All secondary index removed
Auto Indexing
All secondary index removed and
Auto indexing running WORKLOAD ELAPSED TIME (1/2 SECOND INTERVAL)
DEFAULT AI + NO SECONDARY INDEXES NO SECONDARY INDEXES

15 Oracle Database 19c New Features


Configuring & Monitoring Automatic Indexes

16 Oracle Database 19c New Features


Automatic
Indexes
Report

17 Oracle Database 19c New Features


Automatic
Indexes
Report

18 Oracle Database 19c New Features


Memoptimized Rowstore – Fast Ingest

• Enable fast data inserts into Oracle Database


• Applications that generate lots of informational data – important
value in the aggregate
• Doesn't necessarily require full ACID requirements
• Applications like Internet of Things (IoT) with rapid unattended
workload
E.g. sensor data, smart meter data, traffic camera data
• Collected and written to the database in high volumes for later
analysis

19 Oracle Database 19c New Features


Memoptimized Rowstore – Fast Ingest
SGA
High-
frequency
inserts
Large Pool
Application Server
Background process
Batched Rows
Internet
of Deferred
Things inserts Batched Rows DRAINER
DRAINER
Data DRAINER
Batched Rows

Write Verification API

Database
20 Oracle Database 19c New Features
In-Memory for IoT Data Streams
Example: Insert Temperature Sensor Readings

IoT
TEMPERATURE SENSOR
Insert: • New in-memory insert algorithm
<6:05AM, 55o >
• Declare table MEMOPTIMIZE FOR
In-Memory
Ingest Buffer
WRITE
Time Temp • Client performs low-latency insert into
In-Memory 05:50 52o in-memory buffer using standard SQL
Append
05:55 54o Insert
06:00 54o • High throughput bulk insert done
06:05 55o asynchronously in background
DRAINER PROCESSES • Ultra-fast
PERIODICALLY
DRAIN BUFFER TO DISK • 25 million inserts per second on two
socket server
TEMPERTURE READINGS

21 Oracle Database 19c New Features


Fast Ingest – Dummy Example

• First time an insert is run, fast ingest area allocated from large pool
• Amount of memory allocated written to alert.log:
2018-09-04T15:43:43.667014-07:00
Memoptimize Write allocated 884M from large pool

22 Oracle Database 19c New Features


Automatic Resolution of SQL Plan Regressions
Automatic SPM Evolve Advisor

• SQL plan management searches top SQL statements


Checks AWR for top SQL
Looks for alternative plans in all available sources
Adds unaccepted plans to the Plan History
Tests the execution of as many plans as possible during the
maintenance window

23 Oracle Database 19c New Features


Automatic
Resolution of
SQL Plan
Regressions

24 Oracle Database 19c New Features


Protecting the System from Runaway SQL Statements

• Execution plans that exceed Database Resource


Manager limits are automatically Quarantined
• Quarantined plans are prevented from
executing DBRM resource
• New QUARANTINED column in v$SQL limit exceeded

Quarantine

25 Oracle Database 19c New Features


Protecting the System from Runaway SQL Statements

DBRM resource
limit exceeded
SQL> select /* Time consuming query */ * from ...;
SQL Quarantined
*
ERROR at line 1:
ORA-56955: quarantined plan used
26 Oracle Database 19c New Features
High-Frequency Automatic Optimizer Statistics Collection

• Complements the standard statistics collection job


• By default, the collection occurs every 15 minutes
• Lightweight – only gathers stale statistics
• It DOES NOT perform actions such as purging statistics for non-
existent objects or invoking Optimizer Statistics Advisor
• Automatic statistics collection jobs (maintenance window) not
affected by high-frequency jobs
DOESN’T start during the maintenance window

27 Oracle Database 19c New Features


High-Frequency Automatic Optimizer Statistics Setup

• DBMS_STATS.SET_GLOBAL_PREFS
• AUTO_TASK_STATUS (ON/OFF)
• AUTO_TASK_MAX_RUN_TIME (3600 – max & default)
• AUTO_TASK_INTERVAL (900 – default, 60 – minimum)
• Monitor high-frequency tasks – DBA_AUTO_STAT_EXECUTIONS

EXEC DBMS_STATS.SET_GLOBAL_PREFS('AUTO_TASK_STATUS','ON');
EXEC DBMS_STATS.SET_GLOBAL_PREFS('AUTO_TASK_MAX_RUN_TIME','600');
EXEC DBMS_STATS.SET_GLOBAL_PREFS('AUTO_TASK_INTERVAL','240');

28 Oracle Database 19c New Features


Real-Time Statistics

• Gather statistics as part of conventional DML INSERTS/UPDATES


DELETES
(insert/update/merge)
• Fast, with negligible overhead ORDERS
• Only most essential stats are gathered to avoid
catastrophic SQL execution plan performance
regressions (e.g. avoiding out-of-range conditions)
Min, Max, num_rows, etc.
• Gathering of remaining statistics is deferred
ORDERS Stats
Automatic statistics gathering job
STATS ARE MAINTAINED AS
High frequency statistics gathering DATA IS MODIFIED

29 Oracle Database 19c New Features


Real-Time Statistics Report Example

30 Oracle Database 19c New Features


High Availability

12.2, 12.2 18c, 19c


§ 18c
§ 12.1 • Sharded RAC
• Comprehensive HA and disaster • User-defined Sharding Methods
recovery functionality § 19c
• Oracle Golden Gate for heterogeneous • Data Guard DML Redirect
replication
• Sharding:
§ 12.2 • Supports multiple PDB shards in a CDB
• Sharding • Unique sequence number generation per shard

• Autonomous Health Framework • Zero Downtime Grid Infrastructure Patching


31 Oracle Database 19c New Features • PDB Recovery Catalog
Extend the Footprint of Active Data Guard Applications
Support for DML Re-direction

• DML Re-direction is automatically performed from an Active Data Guard


Standby to the Primary without compromising ACID
New documented parameter ADG_REDIRECT_DML controls DML Redirection
New alter session ADG_REDIRECT_DML allows for per-session
override
New ADG_REDIRECT_PLSQL commands

• Supported with Oracle Database 19c


Targeted for “Read-Mostly, Occasional Updates” applications

32 Oracle Database 19c New Features


Active Data Guard : DML Redirection
Read Mostly Standby

5 DATA IS VISIBLE TO
CLIENT
1 DML
PRIMARY ACTIVE STANDBY

2 DML IS REDIRECTED TO PRIMARY

3 DML IS APPLIED TO PRIMARY

4 DATA CHANGE IS STREAMED TO STANDBY

33 Oracle Database 19c New Features


DML Redirection 19c Method

Enabled by ADG_REDIRECT_DML at system or session level – Example:


• Primary
> alter system set ADG_REDIRECT_DML=TRUE scope=both;
• Standby
> alter system set ADG_REDIRECT_DML=TRUE scope=both;
> insert into mytable(col) values(1);
> commit;
• Primary/Standby
> select * from mytable;

COL
----------
1
34 Oracle Database 19c New Features
Application Development

12.2, 12.2 18c, 19c


§ 18c
§ 12.1 • Improved JSON Support
• Application Express 5.1 • C, Python, JavaScript JSON SODA API
• Comprehensive Language support • Private Temporary Tables
• PL/SQL, SQL , Python, Node.js, PHP, Java, C, § 19c
.NET, REST
• JSON • SQL JSON Enhancements

§ 12.2 • Materialized View for JSON_TABLE

• Long Identifiers • Partial JSON Update support

• Case Insensitive Databases • Realtime SQL Monitoring for Developers


35 Oracle Database 19c New Features
JSON 12.1 vs. 18c

select d.department_id, j.* select d.department_id, j.*


from departments d, json_table ( from departments d, json_table (
d.dept_data, '$' columns d.dept_data columns (
(
department,
department path
nested employees[*]
'$.department',
columns (
nested path
'$.employees[*]' name,
columns ( job
name path '$.name', ) ) ) j;
job path '$.job'
) ) ) j;
36 Oracle Database 19c New Features
Oracle Database 19c JSON Support

The Oracle Database provides comprehensive support for JSON


• Via Standard DML
• NoSQL APIs (Java, REST, C, Python, JavaScript, PL/SQL)
• Analytics (Dot Notation Access, Parallel Query, QBE, Columnar Access)
• JSON Data Guide to analyze the meta data of JSON Collections
Improvements in Oracle Database 19c include
• JSON Update operations
• Materialized View Support for Queries containing JSON_TABLE
• JSON Function Simplification

37 Oracle Database 19c New Features


Data Guide : Understanding Your JSON Documents

Metadata discovery: discovers the structure of


collection of JSON documents
Optional: deep analysis of JSON for List of Values,
ranges, sizing etc.
Automatically Generates
• Virtual columns
• Relational views
De-normalized relational views for arrays
• Reports/Synopsis of JSON structure

38 Oracle Database 19c New Features


Data Guide : Understanding Your JSON Documents

SQL> SELECT JSON_DATAGUIDE(t.json_documents)


FROM theater t;

JSON_DATAGUIDE(T.JSON_DOCUMENTS)
----------------------------------------------------------------------
[ {"o:path": "$.Id", "type": ”number", "o:length": 132},
{"o:path": "$.Name", "type": "string", "o:length": 256},
{"o:path": "$.Location", "type": ”object", "o:length": 64 },
{"o:path": "$.Location.Street", "type": ”number", "o:length": 132},
....
{"o:path": "$.Tickets", "type": ”object", "o:length": 64 },
{"o:path": "$.Tickets. AdultPrice","type": ”number", "o:length": 5 },
....
]
39 Oracle Database 19c New Features
JSON DataGuide – Automatic Schema Inference

Table containing Table enhanced with


JSON documents JSON DataGuide virtual columns
SQL> desc MOVIE_TICKETS
NAME TYPE
DBMS_JSON. ---------------------- --------------
ADD_VIRTUAL_COLUMNS BOOKING_ID RAW(16)
( 'MOVIE_TICKETS', BOOKING_TIME TIMESTAMP(6)
'BOOKING_DETAILS'); BOOKING_DETAILS VARCHAR2(4000)
BOOKING_DETAILS$Movie VARCHAR2(16)
BOOKING_DETAILS$Theater VARCHAR2(16)
BOOKING_DETAILS$Adults NUMBER
BOOKING_DETAILS$Time VARCHAR2(32)

40 Oracle Database 19c New Features


Materialized View Support for Queries containing JSON_TABLE

• Queries with JSON_EXISTS, JSON_VALUE can utilize a materialized


view created over a query that contains a JSON_TABLE function
• A query that matches the query defining a refresh-on-statement MV
over JSON_TABLE can be rewritten to a materialized-view table
access
• You can use this feature instead of creating multiple functional
indexes
• Good for performance!

41 Oracle Database 19c New Features


Querying JSON For NULLs

• The JSON_EXISTS condition allows you to make the distinction between


empty and missing elements
• The default error handling is FALSE ON ERROR

SELECT t.json_document.id
FROM theater t
WHERE JSON_EXISTS(t.json_document.location, '$.Phone' FALSE ON ERROR)
AND t.json_document.location.Phone IS NULL;

ID
--------------------
Redwood

42 Oracle Database 19c New Features


Partial JSON Update Support

§ New SQL function JSON_MERGEPATCH


§ Update specific portions of a JSON
document without having to replace
the entire document UPDATE purchaseorder_tab
SET po_document = json_mergepatch(
§ Imagine we need to update all of the
po_document,
JSON documents in the
'{"Special Instructions":null}’
po_document column of the
purchaseorder_tab table to );
remove the field "Special
Instructions"

43 Oracle Database 19c New Features


SQL Diagnostics and Repair Enhancements

New SQL diagnostics and repair tools, to provide better diagnosis and repair capabilities for
managing problematic SQL statements
• SQL Repair Advisor (DBMS_SQLDIAG.SQL_DIAGNOSE_AND_REPAIR)
• Creates a diagnostic task, executes it, and accepts SQL patch recommendation for a SQL
statement that is generating a critical error
• SQL Test Case Builder (DBMS_SQLDIAG.EXPORT_SQL_TESTCASE)
• compress: compress the SQL Test Case Builder output files into a zip file
• diag_event: specify the level of trace information to include in SQL Test Case Builder output
• problem_type: assign an issue type for a SQL Test Case Builder test case

44 Oracle Database 19c New Features


SQL Diagnostics and Repair Enhancements

A SQL test case contains a set of files needed to help reproduce a SQL problem on a different
machine
1. A dump file containing schemas objects and
statistics (.dmp)
2. The explain plan for the statements
(in advanced mode)
3. Diagnostic information gathered on the
offending statement
4. An import script to execute to reload the objects
5. A SQL script to replay system statistics
of the source
6. A table of content file describing the
SQL test case
7. Metadata (xxxxmain.xml).

45 Oracle Database 19c New Features


Data Warehousing and Big Data

12.2, 12.2 18c, 19c


§ 12.1 § 18c
• Partitioning, Compression, SQL, Analytical • In-Memory for external tables
Views, Analytical SQL, Data Mining
• Automatic propagation of nologged data to
• Easily analyze data held in Hadoop with standby
Big Data SQL
• Machine Learning :
• Big Data Appliance • Random Forrest, Neural Network
§ 12.2 § 19c
• Partitioned External Tables • Hybrid Partitioned Tables
• Analytical Views • Stats only Queries
46 Oracle Database 19c New Features
Inline external tables
Transparently access external data

External table definition provided at runtime


Similar to inline view
No need to pre-create external tables that are used one time only
Increased developer productivity
CREATE TABLE sales_xt INSERT INTO sales
(prod_id number, … ) SELECT sales_xt.*
TYPE ORACLE_LOADER FROM EXTERNAL(
… (prod_id number, … )
LOCATION ’new_sales_kw13') TYPE ORACLE_LOADER
REJECT LIMIT UNLIMITED ); …
LOCATION ’new_sales_kw13')
INSERT INTO sales SELECT * FROM sales_xt; REJECT LIMIT UNLIMITED );

DROP TABLE sales_xt;


47 Oracle Database 19c New Features
SQL Query of Object Stores

• Enables high-performance SQL over


• Oracle Object Store,
• AWS S3,
• Azure Blob Storage
• Scalable scans and joins can span Oracle and data
lakes
• Loading of data into data warehouse
• Queries on data lake data in object stores
• Supports all popular file formats
Oracle Object Store Azure Blob Storage Amazon Object Storage
• Including CSV, JSON, Parquet and Avro
48 Oracle Database 19c New Features
Hybrid Partitioned Tables

• Extends Oracle Partitioning by enabling partitions to reside in both


Oracle Database segments and in external files
• External partitions may reside on standard file systems, HDFS or
Object Storage
• This model supports the placement of data for long term archiving
on lower cost storage whilst allowing it’s continued online access
• Supports long term access to infrequently accessed data for
regulatory requirements

49 Oracle Database 19c New Features


Hybrid Partitioned Tables

COLD DATA SQL HOT DATA


ORDERS
Q4_2016 Q1_2017 Q2_2017 Q3_2017 Q4_2017 Q1_2018 Q2_2018 Q3_2018 Q4_2018

UPDATES

TABLE PARTITIONED BY QUARTER

OBJECT STORAGE

50 Oracle Database 19c New Features


SQL> create table hybrid_sales
2 (
3 part_key varchar2(10) not null
4 ...
5 )
6 external partition attributes (
7 type oracle_loader
8 default directory sales_data
9 )
10 partition by list (part_key)
11 (partition sales_2015 values ('2015') external
12 location ('sales2015.txt'),
13 partition sales_2016 values ('2016') external
14 location ('sales2016.txt'),
15 partition sales_2017 values '2017'),
16 partition sales_2018 values '2018'),
17 );

Table created.
51 Oracle Database 19c New Features
Multitenant

12.2, 12.2 18c, 19c


§ 12.1 § 18c
• Container managed database virtualization • Transportable backups
• Manage Many as one • Snapshot carousel
• Patching, Backup, Security, Online • Refreshable PDB switchover
Cloning, Online Relocation
§ 19c
§ 12.2
• DBCA Silent mode operations for PDB
• Online cloning & relocation
• RAT and ADDM at PDB level
• Incremental refresh of test/dev master
• Automated PDB Relocation
• Application containers

52 Oracle Database 19c New Features


Oracle Multitenant | Upgrade

Everything at once Unplug + Plug + Upgrade

PDB$ PDB$
SEED SEED

CDB1 CDB1

PDB$ PDB$
Upgrade
SEED SEED

Upgrade Upgrade
Upgrade

Upgrade CDB1 CDB2

53 Oracle Database 19c New Features


Multitenant – Licensing Changes

• For all offerings using Oracle Database 19c, if you are not licensed for
Oracle Multitenant, then you may have up to 3 PDBs in a given
container database at any time
• EE: Extra cost option – if you are licensed for Oracle Multitenant, then
you can create up to 252 PDBs.
• Exadata and ODA: Extra cost option – if you are licensed for Oracle
Multitenant, then you can create up to 4096 PDBs
• DBCS EE-HP, DBCS EE-EP, and ExaCS: Included option – you can
create up to 4096 PDBs

54 Oracle Database 19c New Features


Multitenant – New Features

• Ability to Create a PDB by Cloning a Remote PDB Using DBCA in Silent Mode
• You can now create a PDB by cloning a remote PDB using the
createFromRemotePDB parameter of the createPluggableDatabase
command of DBCA in silent mode
• Ability to Relocate a PDB to Another CDB Using DBCA in Silent Mode
• You can now relocate a PDB to another CDB by using the relocatePDB
command of DBCA in silent mode
• Automated PDB Relocation
• In Oracle Grid Infrastructure, you can use Fleet Patching and Provisioning to
automate relocation of a PDB from one CDB to another

55 Oracle Database 19c New Features


Multitenant – New Features

• Automatic Database Diagnostic Monitor (ADDM) Support for Pluggable Databases


• You can now use ADDM analysis for PDBs in a multitenant environment
• Oracle Real Application Testing (RAT) Workload Capture and Replay in a PDB
• You can capture and replay the workload from within an individual pluggable database
• Oracle Data Pump Support for Resource Usage Limitations
• Two new parameters, MAX_DATAPUMP_JOBS_PER_PDB and
MAX_DATAPUMP_PARALLEL_PER_JOB are introduced to give DBAs more control
over the number of jobs that can be started in a multitenant container database
environment, and over the number of parallel workers that can be used for an
individual Data Pump job, respectively

56 Oracle Database 19c New Features


Security

12.2, 12.2 18c, 19c


§ 12.1
• Security In-Depth § 18c Active Directory
• Access Controls, Encryption, Redaction, • Integration with Active Directory
Masking, Auditing, SQL Firewalls
• Password-less schema creation
• Key Vault
§ 19c
• Audit Vault Database Firewall
• Data Dictionary Encryption
• Security Assessment Tool
• Password-less Schema-only Oracle accounts
§ 12.2
• Database Vault Operations Control
• Online encryption
• Privilege Analysis available in EE
57 Oracle Database 19c New Features
Encryption Enhancements in Oracle Database

• Migrating clear tablespace data to encrypted data with minimal downtime


• Online encryption with minimal incremental storage for NO downtime
(12cR2); Supports live re-encryption of tablespace data
• Fast offline data encryption (12cR2, 12c, 11gR2); Minimal downtime with
Data Guard
• Automatic encryption when migrating clear-text to the cloud with RMAN
• Bring Your Own TDE Master Encryption Key (BYOK) into the database
• Per-PDB wallet so that each PDB can manage its own keystore (18c)
• FIPS 140-2 Level 1 Cryptographic Module for SSL/TLS and TDE (18c)
• Oracle Dictionary Encryption (19c)

58 Oracle Database 19c New Features


Schema Only Accounts

Problem
• Database user accounts came with password authentication whether or not it was
used as a login account
• Some accounts will never be used for login, but passwords still need to be maintained
Solution
• Remove passwords (and all authentication) from these accounts
CREATE USER auxapp NO AUTHENTICATION;
• Use ALTER USER to add/remove authentication
19c Update
• On fresh 19c Database installations, Oracle Database accounts will be installed without
passwords (*Only SYS will have a password provided during installation)

59 Oracle Database 19c New Features


Oracle Database Vault
Reducing the Risk from Malicious Users

Minimize impact to
• Applications
Least Privilege Separation of Duty • Performance
• High Availability
• Operations

Protect Sensitive Data

Over Privileged Account


Prevent Database Change

60 Oracle Database 19c New Features


Database Vault – Operations Control

• Challenges with multitenant databases


• Customer IT organizations manage database infrastructure, but
didn’t need to see business unit sensitive data in PDBs
• Cloud operations shouldn’t be able to see customer PDB data
• Operations Control
• Block common user access to PDB local data transparently to PDB
user

61 Oracle Database 19c New Features


Database Vault Operations Control with 19c

• Enable DV in CDB root


• Enable DV Operations Control by DV Admin
• CDB root common users are prevented from
PDB Local accessing PDB local data by default
PDB Common XYZ XYZ XYZ – transparent to PDB customers
• Complementary protection with PDB lockdown
CDB Root XYZ
profile which prevents PDB users from
impacting other PDBs and the database
Multitenant Container Database

62 Oracle Database 19c New Features


Database Vault Operations Control and Lockdown

Lockdown
• Database Vault Operations Control and
Lockdown work together for unequaled
customer security
DB Vault • Lockdown prevents PDB users from accessing
Ops Control or impacting other PDBs and CDB operations
• DV Ops Control prevents CDB operations
(common users) from accessing PDB local
customer data
Multitenant Container Database

63 Oracle Database 19c New Features


Database Vault Operations Control

Benefit
• New use case for multitenant database for on-premises customers
• Transparently prevent Cloud Admin (infrastructure DBA) access to PDB data
• Protected by default for every PDB customer – no customer action required
• No special SoD processes for PDB customers – operate the same way they do
today
• Adds to any existing PDB customer Database Vault protections – without
changes
• Simpler, faster Database Vault implementation

64 Oracle Database 19c New Features


Global Fault-Tolerant Key Vault

• Key Vault stores and manages encryption keys for 1000s of databases
Supports popular hardware security modules

• New multi-master replication architecture


Replication across regions provides continuous key availability
Speed of local access with global consistency
For cloud and on-premises databases

65 Oracle Database 19c New Features


Thank you

Valentin Leonard Tabacaru


Principal Product Manager
[email protected]

66 Oracle Database 19c New Features

You might also like