Inmemory initialization parmaeters in database 12c 12.1.0.2

Make sure to disable inmemory features in 12c database if you do not have oracle licenses for that feature or avoid to use the feature accidentally.

alter system set INMEMORY_SIZE =0;

The default value is 0, which means that the IM column store is not used.

ALTER SYSTEM set INMEMORY_QUERY = DISABLE;

Set this parameter to DISABLE to disable in-memory queries.

ALTER SYSTEM set INMEMORY_CLAUSE_DEFAULT = ‘NO INMEMORY’; or

ALTER SYSTEM set INMEMORY_CLAUSE_DEFAULT =”;

If the INMEMORY_CLAUSE_DEFAULT parameter is unset or set to an empty string (the default), only tables and materialized views explicitly specified as INMEMORY will be populated into the IM column store. Setting the value of the INMEMORY_CLAUSE_DEFAULT parameter to NO INMEMORY has the same effect as setting it to the default value.

alter system set INMEMORY_FORCE=OFF;

If OFF is specified, then even if the IM column store is configured on this instance, no tables or materialized are populated in memory.

ALTER SYSTEM set INMEMORY_MAX_POPULATE_SERVERS= 0;

This parameter has meaning only if the INMEMORY_SIZE parameter is also set to a positive value. You can also set this parameter to 0 to temporarily disable populate tasks on the system from executing.

ALTER SYSTEM set INMEMORY_TRICKLE_REPOPULATE_SERVERS_PERCENT = 0;

This parameter has meaning only if the INMEMORY_SIZE parameter is also set to a positive value.

If you want to disable trickle repopulate, this parameter can be set to 0.

ALTER SYSTEM/SESSION set OPTIMIZER_INMEMORY_AWARE = FALSE;

Setting the parameter to false causes the optimizer to ignore the in-memory property of tables during the optimization of SQL statements.

Demantra Engine Fails

Provider=MSDAORA, Database Error [db_win_cpp,135], Source: ADODB.Connection, Description: Provider cannot be found. It may not be properly installed.

Solution for above error:

When you run the Engine, source oracle client binaries from 11.2.0.1 software. I have faced this issue when i was using 11.2.0.3 client.

set oracle_home=D:\app\oracle32\product\11.2.0.1\client_1

set path=%oracle_home%\bin;%path%

cd “Root\Oracle Demantra Spectrum\Demand Planner\Analytical Engines\bin”

 

EngineManager.exe EBSTEST demantra <demantra_password> 1 1

 

Runs successfully..

VMWare – VMotion Best Practices for Oracle Instances

I would like to list the best practices, i came across Oracle articles and VMWare white papers.

• All ESX server host hardware, in particular the CPU, must be compatible
• All virtual switches must be configured the same way for all participating ESX server hosts
• Use a separate non-routable subnet for all Vmotion traffic or dedicated NICs for service console and Vmotion
• Run a private Gigabit Ethernet migration network between all Vmotion enabled managed hosts
• Incase a LUN has to be shared between multiple VMs, set “DisallowSnapshotLUN” value to 0 in virtual center
• There needs to be free memory greater than the VM NVRAM file size
• Make sure that Vmotion has unique IP and there aren’t duplicate Vmotion IPs
• Make sure that Vmotion vmkernel portgroup is on its own vswitch and has a unique VLAN ID if VLANs are being used
  • VMware Network Documents also state that Vmotion and iSCSI vmkernel interfaces need to be on isolated networks vmkernel PGs in separate vswitches, and on separate networks or VLANs
• Make sure that Vmotion is NOT enabled on any other portgroups other than vmkernel interface intended for Vmotion
• Check time settings, enable NTP for the ESX/ESXi Servers in the clusters
• VMware suggests where possible to not route Vmotion traffic to limit the number of hops that Vmotion has to take, and only one vmkernel interface is permitted per vswitch
  • Every hop that Vmotion traverses adds to Vmotion latency. This is not always possible but it is a VMware suggestion
• Follow the troubleshooting guidelines from ref. notes below:
  • Troubleshooting Vmotion Failures and Vmotion Configuration Best Practices (Doc ID 1518833.1)

SHA2 certificates with EBS 12.1.3

 

Outbound Encryption involves connections from Oracle E-Business Suite to external site(s). For outbound connections, the SHA (can be SHA-1 or SHA-2) signed PKI certificate is requested from a CA by a site you are connecting to from Oracle E-Business Suite is certified.
For this case, Oracle E-Business Suite is acting as an HTTPS client. You must trust the root CA of the remote server’s certificate chain in your truststore. Example include, but are not limited to the following:

• Punchout in iProcurement.
• XML Gateway connection to a partner applications.
• Payments credit card processing.
• Dunn & Bradstreet (HZ).
• International Trade Management (ITM) for screening orders and deliveries.
• CIS Tax Module

Outbound encryption for iProcurement and XML gateway to use SSLv3 with TLS / SHA2 certificates:

• Release 12.1: Apply Patch 19835592:R12.ICX.B “Fix for Bug 19835592“
  If the supplier punchout site supports both SSLv3 and TLS, or TLS only, then it will work after applying the patch.
  • Any punchout suppliers who are only using SSLv3 will need to migrate to (or add) TLS protocol. The SSL protocol (v2 or v3) is no longer supported for use with Oracle iProcurement. Supplier sites will need to use TLS protocol
  • The fix also supports any TLS v1 version (TLS v1.0, v1.1 and v1.2)
• For XML gateway
  • Follow the instructions in the patch README and apply the following patch: 19909850

SHA-2 signed PKI certificates are now certified for inbound connections to the Oracle HTTP Server (OHS) delivered with Oracle E-Business Suite 12.1.3

You must apply the minimum requirements when using SHA-2 signed PKI certificates. Minimum requirements include the following:

• Upgrade FMW 10.1.3 to 10.1.3.5
• Apply at least the October 2015 CPU to FMW 10.1.3.5
• Follow instructions from below document for requesting SSL certificates, and loading into Oracle Wallet:
  • Enabling SSL or TLS in Oracle E-Business Suite Release 12 (Doc ID 376700.1)

Heartbleed Bug

Heartbleed Bug – OpenSSL Security Bug CVE-2014-0160

OpenSSL package version 1.0.1/1.0.2Beta is vulnerable to this bug. Hackers can intercept and break Secure-Socket Layer (SSL) protected internet communications. Google Inc., Amazon LLC, Oracle Corp., VMWare etc., have recognized this bug and published their recovery strategy to overcome. Many of the operating systems have announced patches for Heartbleed bug. Use Heartbleed Detector Tool from redhat or below link to test if your site vulnerable to this bug:

https://filippo.io/Heartbleed/

https://lastpass.com/heartbleed/

Oracle Corp:

http://www.oracle.com/technetwork/topics/security/opensslheartbleedcve-2014-0160-2188454.html

VMWare:

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2076225

Amazon LLC:

https://aws.amazon.com/security/security-bulletins/aws-services-updated-to-address-openssl-vulnerability/

Redhat:

https://access.redhat.com/site/solutions/781793

Summary:

Read the above links certain to your software vendor to realize that either you are protected or vulnerable and an action necessary.

In general the security risk can be avoided by updating the OpenSSL package version to 1.0.1g and revoke your old SSL certificates and get new one. Vulnerable sites should recommend users to reset their passwords.

Note: Apply Oracle’s latest April 2014 CPU Patches

Patch Set Update and Critical Patch Update April 2014 Availability Document (Doc ID 1618213.1)

 

I have identified these patches relevant, but please go through above document.

 

Patch 18139695: DATABASE SECURITY PATCH UPDATE 11.2.0.3.0 (CPUAPR2014) 

Patch 18139703: DATABASE SECURITY PATCH UPDATE 11.1.0.7.0 (CPUAPR2014) 

Patch 18090861: ORACLE WEBCENTER PORTAL SECURITY PATCH UPDATE FOR 11.1.1.7.0 (CPUAPR2014)

Patch 16761779: WEBCENTER PORTAL BUNDLE PATCH 11.1.1.7.1

Patch 18040640: SU Patch [T5F1]: WLS PATCH SET UPDATE 10.3.6.0.8

 

Data source name not found, and no default driver specified

Message Code: RR_4036

Message: Error connecting to database [

[unixODBC][Driver Manager]Data source name not found, and no default driver specified

Database driver error

Solution:

Informatica ships ODBC drivers along with software, when you install informatica the ODBC drivers gets installed.

You need to setup odbc.ini with proper connection information and DSN name. DSN is enclosed in square brackets [xxxxxx].

Once you edit the odbc.ini file with connection information, set the environment for Informatica Server.

$ export ODBCHOME=/u01/app/Informatica/9.5.1/ODBC7.0

$ export LD_LIBRARY_PATH=/u01/app/Informatica/9.5.1/ODBC7.0/lib:$LD_LIBRARY_PATH:.

$ export PATH=/u01/app/Informatica/9.5.1/ODBC7.0/bin:$PATH:.

 

Informatica gives a utility to check the connection from server. Run that prior to kicking the ETL to confirm that connection works fine to your source database using ODBC drivers.

 

$ ./ssgodbc.linux64 -d <DSN> -u <db_username> -p <db_password> -v

Connected

ODBC version        = -03.52.0000-

DBMS name           = -Microsoft SQL Server-

DBMS version        = -09.00.5000-

Driver name         = -DWmsss26.so-

Driver version      = -07.01.0042 (b0054, U0063)-

Driver ODBC version = -03.52-

 

Enter SQL string: select * from dbo.sysusers;

xxx

 

I can validate the connection and can run a sample query on the SQL Server Database. 

Now you can restart the Informatica and run ETL.

Java 7 Security vulnerability fixes with update 11

Homeland Security’s Computer Emergency Readiness Team is urging that we disable Java due to documented and severe security breaches over this weekend. 

Most of the server versions are not affected and the security breaches are prone when using browser java applets. Update the desktop java version recommended.

UPDATE JAVA IF USING JAVA 7 VERSION LOWER THAN UPDATE 11
Open Java from Control Panel
Click on Update tab and Click Update Now
Click Install
Click Next / uncheck the Install the Ask Toolbar………..
Click Close
Verify the update
Click on About and it should be Version 7 Update 11
Click on Security
Make sure the High (recommended) is selected

More details are published in the blog:

https://blogs.oracle.com/security/entry/security_alert_for_cve_2013