Presenting “How Data Recovery Mechanisms Complicate Security, and What To Do About It” at #c16lv

Personally-identifiable information (PII) and classified information stored within an Oracle database is quite secure, as the capabilities of Oracle database ensure that it is accessible only by authenticated and authorized users.

But the definition of authentication and authorization can change, in a sense.authentication

In a production application, authentication means verifying that one is a valid application user and authorization means giving that application user the proper privileges to access and manipulate data.

But now let’s clone the data from that production application to non-production systems (i.e. development, QA, testing, training, etc), so that we can develop new application functionality, fix existing functionality, test it, and deliver user training.

By doing so, in effect the community of valid users has changed, and now instead of being production application users, the community of valid users is developers and testers.  Or it is newly-hired employees being trained using “live” information from production.

And the developers and testers and trainees are indeed authenticated properly, and are thus authorized to access and manipulate this same data in their non-production systems.temptation  The same information which can be used to defraud, steal identities, and cause all manner of mayhem, if one so chose.  This honor system is the way things have been secured in the information technology (IT) industry for decades.

Now of course, I can hear security officers from every point of the compass screaming and wildly gesticulating, “NO! That’s NOT true! The definition of authentication and authorization does NOT change, just because systems and data are copied from production to non-production!”  OK, then you explain what has been happening for the past 30 years?

In the case of classified data, these developers and testers go through a security clearance process to ensure that they can indeed be trusted with this information and that they will never misuse it.  Violating one’s security clearance in any respect is grounds for criminal prosecution, and for most people that is a scary enough prospect to wipe out any possible temptation.

Outside of government, organizations have simply relied on professionalism and trust to prevent this information from being used and abused.Medal of Honor  And for the most part, for all these many decades, that has been effective.  I know that I have never even been tempted to share PII or classified data in which I’ve come in contact.  I’m not bragging, it is just part of the job.

Now, that doesn’t mean that I haven’t been tempted to look up my own information.  This is essentially the same as googling oneself, except here it is using non-public information.

I recall a discussion with the CFO of an energy company, who was upset that the Sarbanes-Oxley Act of 2002 held she and her CEO criminally liable for any information breaches within her company.  She snarled, “I’ll be damned if I’m going to jail because some programmer gets greedy.”  I felt this is an accurate analysis of the situation, though I had scant sympathy (“That’s why you’re paid the big bucks“).  Since that time we have all seen efforts to rely less on honor and trust, and more on securing data in non-production.  Because I think everyone realizes that the bucks just aren’t big enough for that kind of liability.

This has given rise to products and features which use encryption for data at rest and data in flight.  But as pointed out earlier, encryption is no defense against a change in the definition of authentication and authorization.  I mean, if you authenticate correctly and are authorized, then encryption is reversible obfuscation, right?

To deal with this reality, it is necessary to irreversibly obfuscate PII and classified data, which is also known as data maskingGuyFawkes mask There are many vendors of data masking software, leading to a robust and growing industry.  If you irreversibly obfuscate PII and classified information within production data as it is cloned to non-production, then you have completely eliminated the risk.

After all, from a practical standpoint, it is extremely difficult as well as conceptually questionable to completely artificially generate life-like data from scratch.  It’s a whole lot easier to start with real, live production data, then just mask the PII and classified data out of it.

Problem solved!

Or is it?

Unfortunately, there is one more problem, and it has nothing to do with the concept of masking and irreversible obfuscation.  Instead, it has to do with the capabilities of the databases in which data is stored.

Most (if not all) of this PII and classified data is stored within databases, which have mechanisms built in for the purpose of data recovery in the event of a mishap or mistake.  In Oracle database, such mechanisms include Log Miner and Flashback Database.

Since data masking mechanisms use SQL within Oracle databases, then data recovery mechanisms might be used to recover the PII and classified data that existed before the masking jobs were executed.  It is not a flaw in the masking mechanism, but rather it is the perversion of a database feature for an unintended purpose.

Ouch.

Please come see my 10-minute “lightning talk” presentation on “How Oracle Data Recovery Mechanisms Complicate Data Security, and What To Do About It” from 12:00pm – 12:10pm on Wednesday 13-April at the Collaborate 2016 conference in Las Vegas to understand the problem is and what to do about it.

You can download the slidedeck here

.

Accelerating Oracle E-Business Suites upgrades

Taking backups during development, testing, or upgrades

The process of upgrading an Oracle E-Business Suites (EBS) system is one requiring dozens or hundreds of steps. Think of it like rock climbing. Each handhold or foothold is analogous to one of the steps in the upgrade.

What happens if you miss a handhold or foothold?

If you are close to the ground, then the fall isn’t dangerous. You dust yourself off, take a deep breath, and then you just start climbing again.

But what happens if you’re 25 or 35 feet off the ground? Or higher?

A fall from that height can result in serious injury, perhaps death, unless you are strapped to a climbing rope to catch your fall.  And hopefully that climbing rope is attached to piton or chock not too far from your current position.  The higher you climbed from your most recent anchor, the further you fall, and more painful.  If you set the last chock 10 feet below, that means you’re going to fall 20 feet, which is going to HURT.  It makes more sense to set chocks every 5 feet, so your longest drop will only be 10 feet at worst.

And that is the role that backups play in any lengthy process with many discrete steps, such as an EBS upgrade. Performing a backup of the systems you’re upgrading every half-dozen or dozen steps allows you to restore to the most recent backup and resume work while having only lost a relatively small amount of work.

But think of the costs of taking a full backup of the systems you’re upgrading?

Let’s assume that the EBS database is 1 TB in size, the dbTier is 4 GB, and the appsTier is another 4 GB. All told each backup takes up over a TB of backup media and takes 2 hours to perform, start to finish. So, for an upgrade process of 100 steps, and performing a backup every dozen steps, means performing 8-9 backups, at 2 hours apiece, totaling 16-18 hours alone! So not only do the backups represent a significant portion of the total number of steps to perform, but those steps also consume a significant portion of the total elapsed time of the entire upgrade process.

So, in the event of a mistake or mishap, it will probably take about 2 hours to restore to the previous backup, and then the intervening steps have to be replayed, which might take another couple of painstaking hours. Assuming there’s nothing wrong with the backup. Assuming that tapes haven’t been sent offsite to Iron Mountain. Assuming… yeah, assuming…

So just as with climbing, taking periodic backups of your work protects you against a fall.  But if each backup takes 2 hours, are you going to do that after every 15 mins?  Or after every hour?  After every 2 hours?  After every 4 hours?  Doing those time-consuming backups allows more productive work, but think of how far you’re going to fall if you slip?

Because of this high cost of failure, believe it that each step will be double-checked and triple-checked, perhaps by a second or third person, before it is committed or the ENTER key is pressed.

No wonder upgrading EBS is so exhausting and expensive!

The fastest operation is the one you never perform

What if you never had to perform all those backups, but you could still recover your entire EBS systems stack to any point-in-time as if you had?

This is what it is like to use data virtualization technology from Delphix. You start by linking a set of “source” EBS components into Delphix, and these sources are stored in compressed format within the Delphix appliance. Following that, these sources can produce virtual copies taking up very little storage in a matter of minutes. A Delphix administrator can provision virtual copies of the entire EBS systems stack into a single Delphix JetStream container for use by an individual or a team. The components of the container, which include the EBS database, the EBS dbTier, and the EBS appsTier, become the environment upon which the upgrade team is working.

Delphix captures all of the changes made to the EBS database, the EBS dbTier, and the EBS appsTier, which is called a timeflow. Additionally, Delphix JetStream containers allow users to create bookmarks, or named points-in-time, within the timeflow to speed up the location of a significant point-in-time, and easily restore to it.

So each developer or team can have their own private copy of the entire EBS systems stack. As the developer is stepping through each step of the upgrade, they can create a bookmark, which takes only seconds, after every couple steps. If they make a mistake or a mishap occurs, then they can rewind the entire JetStream container, consisting of the entire EBS systems stack, back to the desired bookmark in minutes, and then resume from there.

Let’s step through this, using the following example EBS system stack already linked and ready to use within a Delphix appliance…

Understanding concepts: timeflows, snapshots, and bookmarks

A dSource is the data loaded into Delphix from a source database or filesystem. Initially a dSource is loaded (or linked) into Delphix using a full backup, but after linking, all changes to the source database or filesystem are captured and stored in the Delphix dSource.

A timeflow is an incarnation of a dSource. The full lifecycle of a dSource may include several incarnations, roughly corresponding to a RESETLOGS event in an Oracle database. Delphix retains not just the current point-in-time of a dSource (as like replication packages like Golden Gate or Data Guard), but every action ever performed from all incarnations, from the time the dSource was initially linked into Delphix, up to the current point-in-time.

Even though Delphix compresses, de-duplicates, and performs other clever things to make the data loaded much smaller (i.e. usually about 30% of the original size), you still cannot retain everything forever. It’s just impossible. To deal with this, data is purged from timeflows that are older than the retention policy configured by the Delphix administrator.

Another useful concept to know is a snapshot, which is a small data structure that represents a usable full virtual image of a timeflow at a specific point-in-time.   Snapshots in Delphix can portray a full Oracle database as a virtual image of a point-in-time, and snapshots are subject to purge during the retention policy configured with the timeflow.

A bookmark is a named snapshot that is not subject to the configured retention policy on the timeflow, but instead can be configured with its own private retention policy, which defaults to “forever”.  Bookmarks are intended to represent points-in-time that have meaning to the end user.

An example EBS system stack in Delphix

So here we see a full E-Business Suites R12.1 system stack linked into Delphix. In the screenshot below, you can see three dSource objects in the left-hand navigation bar, under the Sources database group or folder. These three dSource objects are named…

  1. EBS R12.1 appsTier
  2. EBS R12.1 dbTechStack
  3. EBSDB

The first two items are vFiles, containing the file system sub-directories representing the E-Business Suites R12.1 applications tier and database tier, respectively. The last item is a virtual database or VDB, containing the Oracle database for the E-Business Suites R12.1 system. Each are indicated as dSources by the circular black dSource icon with the letters “dS” within (indicated below by the red arrows)…

pointing out dSource icons
dSource icons indicated by red arrows in the main Delphix administration console

Registering EBS dSources as JetStream templates

The three dSources have been encapsulated within the Delphix JetStream user-interface within a templates, as shown by the JetStream icons showing a tiny hand holding out a tiny cylinder representing a datasource (indicated below by the red arrows) just to the right of the dSource icons…

pointing out JetStream template icons
JetStream template icons indicated by red arrows in the main Delphix administration console

Within the JetStream user-interface itself, we see that all three dSources are encapsulated within one JetStream template, with the three dSources comprising the three datasources for the template…

indicating JetStream template datasources
red arrows pointing to the names of the E-Business Suite system components comprising datasources

Encapsulating EBS VDBs as JetStream containers

Once dSources are encapsulated as a JetStream template, then we can encapsulate VDBs and vFiles created from those dSources as JetStream containers. Here, we see the database group or folder called Targets circled in the left-hand navigation bar, and the blue icons for VDBs and vFiles with the letter “V” within are indicated by red arrow, while the darker icons for JetStream Containers are indicated by the green arrow

pointing to icons for VDBs and JetStream containers
Red arrow pointing to the icon for a VDB, and the green arrow pointing to the icon for a JetStream container

Working with JetStream containers for EBS

With an entire EBS system stack under the control of Delphix JetStream, we can begin the lengthy process of upgrading EBS. Before we begin, we should create a JetStream bookmark called Upgrade Step 0 to indicate the starting point of the upgrade…

starting with a timeflow within a JetStream container
starting with a timeflow within a JetStream container

Then, after performing the first five steps of the upgrade in the EBS system stack, come back to the JetStream user-interface and create a JetStream bookmark named Upgrade Step 5, as shown below…

creating JetStream bookmark
Choosing a point-in-time on a JetStream timeflow within a JetStream container, and creating a bookmark

After every couple steps of the upgrade, or prior to any lengthy step, come back to the Delphix JetStream user-interface and create a bookmark named appropriate for the step in the upgrade process, as shown below…

Naming a bookmark
Naming a JetStream bookmark

Performing a rewind in a JetStream container for EBS

So we’re cruising along, performing productive steps in the EBS upgrade process, and not worrying about making backups.

WHOOPS! At upgrade step 59, we made a serious mistake!

If we had been making backups every 12 steps or so, then the most recent backup may have been Upgrade Step 48, which was 11 steps ago. Besides the multiple hours it may take to restore the backup in the database, the dbTier, and the appsTier, we are going to have to perform 11 steps over again.

In contrast, using Delphix JetStream, we have better choices. From the Delphix JetStream user-interface, we can restore to any point-in-time on the timeflow, whether it is one of the bookmarks we previously created at a known step in the upgrade process, or to any point-in-time location on the timeflow line, which may or may be located in the middle of one the upgrade steps, and thus not a viable point from which to restart.

So, because we want to restart the upgrade from a known and viable step in the process, we’re going to restore the entire EBS systems stack consistently back to the JetStream bookmark Upgrade Step 55

Selecting a bookmark
Selecting a JetStream bookmark in preparation for performing a restore operation

So, first let’s click on the JetStream bookmark named Upgrade Step 55 and then click on the icon for the Restore operation to start the rewind…

Starting a restore
Starting a restore operation to a JetStream bookmark

After being prompted Are You Sure and then confirming Yes I Am, then the Restore process starts to create a brand new timeflow for all three datasources in the container…

Restore in progress
Seeing the restore operation in progress, and the creation of a new timeflow within the container

Please notice that the old timeflow is still visible and accessible to the left in the JetStream user-interface, even with the new timeflow being restored to the right.

Finally, the restore operation completes, and now all three parts of the EBS systems stack (i.e. appsTier, dbTier, and database) have been restored to Upgrade Step 55 in about 15 minutes elapsed time, a fraction of the 2 hours it would have taken to restore from backups.

New timeflow
Completion of the restore operation, showing the old timeflow still available, and the new timeflow following the restore operation

Now we can resume the EBS upgrade process with barely any time lost!

Summary of benefits

So a few things to bear in mind from this example when using Delphix JetStream…

  1. Once a JetStream container has been provisioned by the Delphix administrators (usually a role occupied by database administrators or DBAs), all the operations shown above are performed by JetStream data users, who are usually the developers performing the upgrade themselves
    • No need to coordinate backups or restores between teams == less time wasted
  2. Using Delphix removed the need to perform backups, because all changes across the timeflow of all three components of the EBS systems stack (i.e. appsTier, dbTechStack, and database) are recorded automatically within Delphix
    • No backups == less storage consumed == less time wasted
  3. Using Delphix removed the need to restore from backups, because the timeflow can be restored to any previous point-in-time in a fraction of the time it takes to perform a restore from backup
    • No restores == less time wasted

It is difficult to imagine not performing EBS upgrades using the methods we’ve used for decades, but the that time is here. Data virtualization, like server virtualization, is fast becoming the new norm, and it is changing everything for the better.

Free webinar

Please view the joint webinar on these topics, featuring Mike Swing of TruTek and Kyle Hailey of Delphix and myself, on the topic of “Avoiding The Pitfalls Of An Oracle E-Business Suites Upgrade Project” about how data virtualization can reduce the risk and accelerate the completion of EBS upgrades, recorded on 07-Apr 2016.

You can also download the slidedeck from the webinar here. 


Presenting “Accelerating DevOps Using Data Virtualization” at #C16LV

Borrowing from Wikipedia, the term DevOps is defined as…

DevOps (a clipped compound of "development" and "operations") is a culture, movement or practice that emphasizes the collaboration and communication of both software developers and other information-technology (IT) professionals while automating the process of software delivery and infrastructure changes. It aims at establishing a culture and environment where building, testing, and releasing software, can happen rapidly, frequently, and more reliably.

Now, I hate buzzwords as much as the next BTOM (a.k.a. bitter twisted old man)…eastwood

…but the idea behind DevOps, of building, testing, and releasing software more rapidly and reliably is simply amazing and utterly necessary.

As system complexity has increased, as application functionality has ballooned, and as the cost of production downtime has skyrocketed, writing and testing code leaves one a long way from the promised land of published and deployed production code.

As explained by DevOps visionaries like Gene Kim, the biggest barrier to that promised land is data, in the form of databases cloned from production for development and testing, in the form of application stacks cloned from production systems for development and testing.

The amount of time wasted waiting for data on which to develop or test dwarfs the amount of time spent developing or testing.  Consequently, IT has learned to be satisfied with only occasional refreshes of dev/test systems from production, resulting in humorously inadequate dev/test systems, and that has been the norm.

There is a new norm in town.

Data virtualization, like server virtualization, breaks through the constraint.  Over the past 10 years, IT has learned to wallow in the freedom of server virtualization, using tools like VMware and OpenStack to provision virtual machines for any purpose.

Unfortunately, data and storage did not benefit from virtuaMatrix1lization as well.  This has resulted in a white-hot nova in the storage industry, and while that is good news for the storage industry, it still means that IT has cloned from production to non-production the same way it has done the past 40 years, in other words slowly, expensively, and painfully.

Matrix2And we have continued to do it the old way, slowly, expensively, and painfully, because we didn’t know any better.

The IT industry couldn’t see any better way to do clone from production to non-production.  Slow and painful was the norm.

But once one realizes the nature of making copies, and how modern file-system technology can share at the block-level, compress, anMatrix3d de-duplicate, suddenly making copies of databases and file-system directories becomes easier and inexpensive.

Here is a thought-provoking question:  why doesn’t every individual developer and tester have their own private full systems stack?  Why can’t they have several of them, one or more for each task on which they’re working?

I can literally hear all of the other BTOM’s scoffing at that question:  “Nobody has that much infrastructure, you idiot!

And that is the point.  You certainly do.

You just don’t have the right infrastructure.

You can download the slidedeck here.

Presenting “UNIX/Linux Tools For The Oracle DBA” at #C16LV

Going back to the invention of the graphical user interface (GUI) in the 1970s, there has been tension between the advocates of the magical pointy-clickety GUI and the clickety-clackety command-line interface (CLI).

Part of it is stylistic… GUI’s are easier, faster, more productive.

Part of it is ego… CLI’s require more expertise and are endlessly customizable.

Given the evolutionary pressures on technology, the CLI should have gone extinct decades ago, as more and more expertise is packed into better and better GUI’s.  And in fact, that has largely happened, but the persistence of the CLI can be explained by four persistent justifications…

  1. not yet supported in the GUI
  2. need to reproduce in the native OS
  3. automation and scripting
  4. I still drive stick-shift in my car, too

This is the prime motivation for the presentation entitled “UNIX/Linux Tools For The Oracle DBA” which I’m giving at the Collaborate 2016 conference in Las Vegas (#c16lv) on Monday 11-April.

When your monitoring tool gets to the end of the information it can provide, it can be life-saving to be able to go to the UNIX/Linux command-line and get more information.  Knowing how to interpret the output from CLI tools like “top”, “vmtstat”, and “netstat” can be the difference between waiting helplessly for deus ex machina or a flat-out miracle, and obtaining more information to connect the dots to a resolution.

Oftentimes, you have a ticket open with vendor support, and they can’t use screenshots from the GUI tool or report you’re using.  Instead, they need information straight from the horse’s mouth, recognizable, trustworthy, and uninterpreted.  In that case, knowing how to obtain OS information from tools like “ps”, “pmap”, and “ifconfig” can keep a support case moving smoothly toward resolution.

Likewise, the continued survival of CLI’s has a lot to do with custom scripting and automation.  Sure, there are all kinds of formal APIs, but a significant portion of the IT world runs on impromptu and quickly-developed scripts based on shell scripts and other CLI’s.

Last, my car still has a manual transmission, and both my kids drive stick as well.  There is no rational reason for this.  We don’t believe we go faster or do anything better than automatic transmission.  After almost 40 years behind the wheel, it can be argued that I’m too old to change, but that’s certainly not true of my kids.  We just like being a part of the car.

Hopefully all of those reasons help explain why it is useful for Oracle DBAs to learn more about the UNIX/Linux command-line.  You’re not always going to need it, but when you do, you’ll be glad you did.

You can download the slidedeck here.

RMOUG calendar page

RMOUG calendar pageFor those who are always seeking FREE technical learning opportunities, the calendar webpage of the Rocky Mountain Oracle Users Group (RMOUG) is a great resource to bookmark and check back on weekly.

RMOUG volunteers compile notifications of webinars, meetings, and meetups from the internet and post them here for everyone to use.

The information technology (IT) industry is always evolving and therefore always changing.

Free webinars, even if they seem too commercial at times, always have at least one solid nugget of solid information that can make the difference in a professional’s life and career.

You never know when the need for new information that nobody else knows is going to come in handy.

Stay a step ahead…

Avoiding Regret

After working for a variety of companies in the 1980s, after working for Oracle in the 1990s, after trying (and failing) to build a company with friends at the turn of the century, and after more than a decade working as an independent consultant in this new century, I found myself in a professional dilemma last year.

I know I need to work at least another ten years, probably more like fifteen years, to be able to retire.  I had survived the nastiest economic downturn since the Great Depression, the Great Recession of 2008-2011, while self-employed, and felt ready to take on the economic upswing, so I was confident that I could work steadily as an independent Oracle performance tuning consultant for the next 15 years or more.

Problem was: I was getting bored.

I loved my work.  I enjoy the “sleuthiness” and the forensic challenge of finding performance problems, testing and recommending solutions, and finding a way to describe it clearly so that my customer can make the right decision.  I am confident that I can identify and address any database performance problem facing an application built on Oracle database, and I’ve dozens of successful consulting engagements to bear witness.  I have a legion of happy customers and a seemingly endless supply of referrals.

Being confident is a great feeling, and I had spent the past several years just enjoying that feeling of confidence on each engagement, relishing the challenge, the chase, and the conclusion.

But it was becoming routine.  The best explanation I have is that I felt like a hammer, and I addressed every problem as if it was some form of nail.  I could feel my mental acuity ossifying.

Then, opportunity knocked, in an unexpected form from an unexpected direction.

I have a friend and colleague whom I’ve known for almost 20 years, named Kyle Hailey.  Kyle is one of those notably brilliant people, the kind of person to whom you pay attention immediately, whether you meet online or in person.  We had both worked at Oracle in the 1990s, and I had stayed in touch with him over the years since.

About four years ago, I became aware that he was involved in a new venture, a startup company called Delphix.  I wasn’t sure what it was about, but I paid attention because Kyle was involved.  Then, about 3 years ago, I was working as a DBA for a Colorado-based company who had decided to evaluate Delphix’s product.

Representing my customer, my job was to prevent a disaster from taking place.  I was to determine if the product had any merit, if the problems being experienced were insurmountable, and if so let my customer know so they could kill the project.

Actually, what my boss said was, “Get rid of them.  They’re a pain in my ass“.  I was just trying to be nice in the previous paragraph.

So OK.  I was supposed to give Delphix the bum’s rush, in a valid techie sort of way.  So I called the Delphix person handling the problem, and on the other end of the phone was Kyle.  Hmmm, I can give a stranger the bum’s rush, but not a friend.  Particularly, not someone whom I respect like a god.  So, instead I started working with him to resolve the issue.  And resolve it we did.  As a result, the company bought Delphix, and the rest is history.

Here’s how we did it…

But first, what does Delphix do?  The product itself is a storage appliance on a virtual machine in the data center.  It’s all software.  It uses sophisticated compression, deduplication, and copy-on-write technical to clone production databases for non-production usage such as development and testing.  It does this by importing a copy of the production database into the application, compressing that base copy down to 25-30% of it’s original size.  Then, it provides “virtual databases” from that base copy, each virtual database consuming almost no space at first, since almost everything is read from the base copy.  As changes are made to each virtual database, copy-on-write technology stores only those changes for only that virtual database.  So, each virtual database is presented as a full image of the source database, but costs practically nothing.  Even though the Oracle database instances reside on separate servers, the virtual database actually resides on the Delphix engine appliance and is presented via NFS.

I was asked to understand why the virtual databases were slow.

On the other end of the phone was Kyle, and he was easily able to show me with repeatable tests where and what the nature of the performance problems were, and that they were predictable and resolvable.

But I’m not really writing just about Delphix, even though it is very cool and quite earthshaking.  Rather, I’m writing about something bigger that has stormed into our industry, bringing to fruition something that I had tried — and failed — to accomplish at the turn of the century.  Back then, at the turn of the century, when some colleagues and I tried to build a hosted-application services company, we failed in two ways:  1) we were ahead of our time and 2) we chose the wrong customers.

Being ahead of one’s time is not a failure, strictly speaking.  It shows a clarity of vision, but bad timing.

However, choosing the wrong customers is absolutely a failure.

Before I explain, please be aware that I’m going to change most of the names, to protect any innocent bystanders…

After leaving Oracle in July 1998, I founded my own little company-of-one, called Evergreen Database Technologies (a.k.a. EvDBT).  The dot-com boom was booming, and I wanted to operate as an independent consultant.  I had been living in Evergreen in the foothills west of Denver for years, so the choice of name for my company was by no means a brilliant leap of imagination; I just named it after my hometown.  Business was brisk, even a bit overheated as Y2K approached, and I was busy.  And very happy.

In early 2000, I had been working with another young company called Upstart, and we felt that the information technology (IT) industry was heading in one inescapable direction:  hosted services.  So I joined Upstart and we decided that providing hosted and managed Oracle E-Business Suites (EBS) was a good business.  EBS is the world’s 2nd most prevalent Enterprise Resource Planning (ERP) system and can be dizzyingly complex to deploy.  It is deployed in hundreds of different industries and is infinitely customizable, so in order to avoid being eaten alive by customization requests by our potential customers, we at Upstart would have to focus on a specific industry and pre-customize EBS according to the best practices for that industry.  We chose the telecommunications industry, because it was an even bigger industry in Colorado then, as it is now.  We wanted to focus on small telecommunications companies, being small ourselves.  At that time, small telecommunications companies were plentiful because of governmental deregulation in the industry.  These companies offered DSL internet and phone services, and in June 2000 our market research told us it was a US$9 billion industry segment and growing.

Unfortunately, all of the big primary telecommunications carriers bought the same market research and were just as quick to catch on, and they undercut the DSL providers, provided cheaper and better service, and put the myriad of small startups out of business practically overnight.  “Overnight” is not a big exaggeration.

By October 2000, we at Upstart were stunned to discover that our customer base had literally ceased answering their phones, which is chillingly ominous when you consider they were telecommunication companies.   Of course, the carnage directly impacted the companies who had hoped to make money from those companies, such as Upstart.  Only 4 months in business ourselves, our target market had vanished like smoke.  You might say we were…. a little disconcerted.

We at Upstart had a difference of opinion on how to proceed, with some of the principals arguing to continue sucking down venture-capital funding and stay the course, while others (including me) argued that we had to find some way, any way, to resume generating our own revenue on which to survive.  I advocated returning to Upstart’s previous business model of consulting services, but the principals who wanted to stay the course with the managed services model couldn’t be budged.  By December 2000, Upstart was bankrupt, and the managed-services principals ransacked the bank accounts and took home golden parachutes for themselves.  I jumped back into my own personal lifeboat, my little consulting services company-of-one, Evergreen Database Technologies.  And continued doing what I knew best.

This was a scenario that I’m told was repeated in many companies that flamed out during the “dot-bomb” era.  There are a million stories in the big city, and mine is one of them.

But let’s just suppose that Upstart had chosen a different customer base, one that didn’t disappear completely within months?  Would it still have survived?

There is a good chance that we would still have failed due to being ahead of our times and also ahead of the means to succeed.  Hosted and managed applications, which today are called “cloud services”, were made more difficult back then by the fact that software was (and is) designed with the intention of occupying entire servers.  The E-Business Suites documentation from Oracle assumed so, and support at Oracle assumed the same.  This meant that we, Upstart, had to provision several entire server machines for each customer, which is precisely what they were doing for themselves.  There was little reason we could do it cheaper.  As a result, we could not operate much more cheaply than our customers had, resulting in very thin cost savings or efficiencies in that area, leaving us with ridiculously small profit margins.

Successful new businesses are not founded on incremental improvement.  They must be founded on massive change.

What we needed at that time was server virtualization, which came along a few years later in the form of companies like VMware.  Not until server virtualization permitted us to run enterprise software on virtual machines, which could be stacked en masse on physical server machines, could we have hoped to operated in a manner efficient enough to save costs and make money.

Fast forward to today.

Today, server virtualization is everywhere.  Server virtualization is deeply embedded in every data center.  You can create virtual machines on your laptop, a stack of blade servers, or a mainframe, emulating almost any operating system that has ever existed, and creating them in such a way that finally makes full use of all the resources of real, physical servers.  No longer would system administrators rack, wire, and network physical servers for individual applications using customized specifications for each server.  Instead, virtual machines could be configured according to the customized specifications, and those virtual machines run by the dozens on physical machines.

The advent of virtual machines also brought about the operations paradise of abstracting computer servers completely into software, so that they could be built, configured, operated, and destroyed entirely like the software constructs they were.  No more racking and wiring, one server per application.  Now, banks of “blades” were racked and wired generically, and virtual machines balanced within and across blades, with busier virtual machines moving toward available CPU, memory, and networking resources and quieter virtual machines yielding CPU, memory, and networking to others.  Best of all, all of this virtualization converted hardware into software, and could be programmed and controlled like software.

Everything is virtualized, and all was good.

Except storage.

Think about it.  It is easy and cheap to provision another virtual machine, using fractions of CPU cores and RAM.  But each of those virtual machines needs a full image of operating system, application software, and database.  While server virtualization permitted data centers to use physical servers more efficiently, it caused a positive supernova explosion in storage.  So much so that analysts like Gartner have predicted a “data crisis” before the end of the decade.

This is where Delphix comes in.

By virtualizing data as well as servers, it is now truly fast, cheap, and easy to provision entire virtual environments.  Delphix works with Oracle, and it also works with SQL Server, PostgreSQL, MySQL, DB2, and Sybase.  Even more importantly, it also virtualizes file-systems, so that application software as well as databases can be virtualized.

So back in early 2014, Kyle contacted me and asked if I would be interested in joining Delphix.  My first reaction was the one I always had, which is “no thanks, I’ve already got a job“.  I mean, I’m a successful and flourishing independent consultant.  Why would I consider working within any company anymore.  Business was brisk, I never had downtime, and the economy was improving.  I had successfully been operating as an independent consultant for most of the past 15 years.  Why fix what wasn’t broken?

But here was the crux of the matter…

I wanted to try something new, to expand beyond what I had been doing for the past 25 years since I first joined Oracle.  If it was a large established company beckoning, I wouldn’t have considered it for a second.  But a promising startup company, with a great idea and a four-year track record of success already, and still pre-IPO as well?

I couldn’t resist the gamble.  What’s not to like?

It’s possible I’ve made an enormous mistake, but I don’t think so.

Not to turn excessively morbid, but all of us are just a heartbeat away from our common destination.  I believe that, when I’m at the last moments of my life, the thing I fear will not be death itself, or pain, or leaving life behind.

It is regret that I fear.

And regret can take many forms, but the most painful regret will undoubtedly be what might have been, the opportunities passed or missed.  Career is only one aspect of life, and I don’t want to give it too much significance.  I’ve accumulated regrets in how I’ve lived my life, and how I’ve treated people in my life, and in some cases they are small but there are some which will always haunt me.

But with regards to my professional career, as Robert Frost said, I’ve taken the road less traveled, and that has made all the difference.  No regrets here.

Oracle ACE program

What is the Oracle ACE program?

The Oracle ACE program is a community advocacy program for Oracle technology evangelists and enthusiasts, sponsored by and managed by Oracle Corporation.  As stated on the ACE overview page at “http://oracle.com/technetwork/community/oracle-ace”, it is both a network as well as a resource for everyone in the Oracle community.  It is not a certification program, and there is no course to study and no test to pass.  Rather, the ACE program is a recognition program by one’s colleagues and peers, and joining is a process of nomination, review, and acceptance.

Who are Oracle ACEs?

They are your colleagues in the worldwide Oracle technology community, of which you and the RMOUG community here in Colorado are a significant part.  There are now more than 500 people in 55 countries around the world who have been recognized by their peers and by Oracle Corporation.  They are not employees of Oracle, but rather partners and customers of Oracle.

The ACE program is now 10 years old and comprises three levels…

ACE Associate logoACE Associate – this is the entry-point for the program and an ideal form of recognition for technology community advocates who are building their reputations

ACElogoACE– established advocates for Oracle technology who are well-known in their community

ACEDlogoACE Directors – top-tier members of the worldwide community who engage with many users groups and advocates and with Oracle Corporation

The ACE program is always growing, and the current members of the program are always happy to help you make the step up and jump to the next level in your career.  ACEs are expected to contribute to all or some of the following:

  • contribute actively to technical forums like OTN community forum or the ORACLE-L email list
  • publishing articles in newsletters, magazines, blogs
  • publishing books
  • tweet, post on social media
  • organize community activities such as Oracle users groups
  • present sessions at Oracle conferences and Oracle user group meetings

Few people do all these things, so don’t think that everyone does, but also please be aware that there are some who do, driving their careers above and beyond.

Joining the ACE program is not a one-time task, but an on-going commitment to contribution and sharing to build your community, whether that community is local to where you live, national, or world-wide.

To find out more about the program, go to the web page at “http://oracle.com/technetwork/community/oracle-ace/become-an-ace” or just contact one of the Oracle ACEs near you and ask questions.

That’s why we’re here.

If you want something done, ask a busy person…

This is a re-post I originally made on the ODTUG website on 17-Jan 2013 at the beginning of my two-year term on the board of directors...

This past weekend, I attended my first face-to-face Board of Directors meeting with ODTUG. Monty Latiolais, current president of ODTUG, asked me to let him know if there was anything “less than stellar” about my experience, and I have say the answer is “no”.  It was a stellar experience, all weekend.  Here’s why…

For 20 years, I’ve been a member of the Rocky Mountain Oracle Users Group.  My boss at Oracle at the time, Valerie Borthwick, told everyone in our team that the best thing we could do for our career and for our business practice was to “become famous”.  Not famous (or infamous) as in “celebrity” or “rock star”, but famous as in “known within our industry”.  Today, she would be telling us to blog and tweet, but back then, she was telling us to write and post white papers and to do presentations.  Put our ideas out there.  Discuss what we knew.  Submit to peer reviews.

The biggest thing I learned then is that you cannot claim to know something until you’ve tried to explain it to others.  Lots of people know something well.  But unless they’ve tried to explain it to others, there will be gaps in knowledge, fuzzy areas in understanding, and lack of depth.  Explaining to others fills gaps, clarifies fuzzy areas, and deepens the superficial.  Weak points are rapidly exposed while presenting information in public.  So, as I found ways to explain what I thought I already knew, I had to fix these problems, and my career flourished.

So in 1995, I joined the board of directors at RMOUG, because I wanted to spend more time around smart people, and see how they make things happen. That’s where I learned my next big lesson, which is when you have an important task, give it to a busy person, because they get it done.

It seems a bit counter-intuitive, but as you stop and observe those around you, it becomes obvious…

  • Some people like to think about doing things, but never do it
  • Others plan to do things, but never do it
  • Others talk themselves out of doing things before they ever get started, so they never do it
  • And others simply refuse to do anything

The people who are always busy are always getting things done.

That is what I found with the board of ODTUG, busy people who have plenty to do already, doing one more thing.

My favorite kind of people.

Lovin’ la vida Oracle

As we prepare for the week of Oracle OpenWorld 2014, I look back on the 25 years I have spent within the orbit of Oracle Corporation.

I joined Oracle Consulting Services (OCS) as an employee on 15-January 1990 and worked my way to Technical Manager when I resigned to start my own consultancy on 31-July 1998.  I worked as an independent Oracle consultant from then (with a side trip into company-building with friends) until 30-April this year.  On 01-May 2014, I joined startup Delphix.

Throughout this quarter-century of La Vida Oracle, I’ve made a great living, but it has also been a great way of life.  I started presenting at the Rocky Mountain Oracle Users Group in 1993, and joined the board of directors in 1995.  I’ve since worked with many other Oracle users groups as a volunteer and I’ve found the experiences to be incredibly educational, in so many ways.  I’ve also met a lot of amazing people through volunteering at Oracle users groups.  I met the junta of the Oak Table Network, and joined that group in 2002.  I was elected as an Oracle ACE in 2007, before I even knew the program existed, then I was made an ACE Director in 2012, which is an elevation I appreciate but still never sought.

But over it all, all throughout, is Oracle.  The Big Red O.  Some people have had bad experiences at Oracle Corporation, some have had REALLY bad experiences, just as people have good and bad experiences at any huge corporation.  In the spirit of a comment made famous by Winston Churchill, “Democracy is the absolute worst form of government.  Except for all the others.”  Oracle is populated by, and led by, some very human … beings.  I love them all, some more than others.

So for 25 years now, out of the 37 years Oracle has been in existence, I have had a really great life.  La vida Oracle.  I am so GLAD I met ya!  And I love this life!

And so it continues today.  For the first time in a quarter century, I’m out of the direct orbit of Oracle, now that I’m working at Delphix.  I’m still heavily involved with Oracle as an Oracle ACE Director and adviser to the boards of three local Oracle users groups (RMOUG, NoCOUG, and NEOOUG) and a board member at ODTUG.

Delphix builds data virtualization software for Oracle, PostgreSQL, SQL Server, and Sybase ASE, as well as file-system directories on Unix/Linux and Windows.  Virtualizing Oracle databases is a big part of Delphix’s business, but it is not the only part, and the non-Oracle parts are growing rapidly.  It’s refreshing to work with other database technologies.  But I still love working with Oracle Database, and I’m continually impressed by Oracle’s technology prowess, with the In-Memory option of Database12c a brilliant example.

Some say that Delphix competes with Oracle.  Be serious – please name a technology company that doesn’t compete with Oracle in one way or another, as the breadth of Oracle products and services is so expansive.

As an independent contractor at EvDBT for 16 years, I myself competed with Oracle Consulting in my own very small way.  But, at the same time I cooperated with Oracle by optimizing the implementation of Oracle technology.  I sure as heck understand who hold the tent up.

The same is true with Delphix.  As a company, Delphix products can be said to compete with Oracle Enterprise Manager 12c Cloud Control, in the niche area known as Database-As-A-Service (DBaaS) in the specific SnapClone functionality.  The Delphix software appliance is very similar to this SnapClone piece, but this part of the Oracle product is just a small part of the scope the vast EM12c Cloud Control product suite.

In the same way, I as an independent consultant could have been said to have competed with the EM12c diagnostics pack and performance tuning pack, because the techniques I used and taught tended to make people independent of those tools.

That’s not to say I steered people away from EM12c; it’s just that I myself didn’t use it for performance tuning, though gradually I learned to appreciate many of its features, not least through paying attention to my wife Kellyn Pot’vin.

In fact, the Oracle Enterprise Manager 12c Cloud Control, using the Cloud API, can fully administer virtual databases created by Delphix.  After all, Delphix is just an alternate mechanism to implement data virtualization.  Instead of using the mechanism of Oracle DBaaS SnapClone, customers can also use Delphix.  So Delphix can become a part of EM12c.

So there is no competition between Delphix and Oracle.  Delphix is an alternative to the SnapClone mechanism underlying DBaaS, but Delphix virtual databases can still be orchestrated through the EM12c console.  It need not be an either-or choice.

Of course, I still have to write that extension through the EM12c cloud API, and I’m getting right on that.  Unless someone else gets to it first.

Keep your eye on the Oracle EM12c Extension Exchange webpage for more progress on integrating Delphix within EM12c…

#OakTable World at Oracle OpenWorld 2014

WhereChildren’s Creativity Museum, 221 4th St, San Francisco

When:  Mon-Tue, 29-30 September, 08:30 – 17:00 PDT

For the third year in a row at the same fantastic location right in the heart of the bustling Oracle OpenWorld 2014 extravaganza, OakTable World 2014 is bringing together the top geeks of the worldwide Oracle community to present on the topics not approved for the OpenWorld conference.  At the OpenWorld conference.  For free.

The beauty of this unconference is its ad-hoc nature.  In 2010, weary of flying from Europe to endure marketing-rich content, Mogens Norgaard conceived Oracle ClosedWorld as an informal venue for those who wanted to talk about cool deep-technical topics.  Oracle ClosedWorld was first held in the back dining room at Chevy’s Fresh Mex on 3rd and Howard, fueled by Mogens’ credit card holding an open tab.  The following year in 2011, ClosedWorld was moved a little ways down Howard Street to the upstairs room at the Thirsty Bear, once again fueled by Mogens’ (and other) credit cards keeping a tab open at the bar.

In 2012, Kyle Hailey took the lead, found a fantastic venue, herded all the cats to make a 2-day agenda, and arranged for corporate sponsorship from Delphix, Pythian, and Enkitec, who have continued to sponsor OakTable World each year since.

If you’re coming to Oracle OpenWorld 2014 and are hungry for good deep technical content, stop by at OakTable World 2014, located right between Moscone South and Moscone West, and get your mojo recharged.

If you’re local to the Bay Area but can’t afford Oracle OpenWorld, and you like deep technical stuff about Oracle database, stop by and enjoy the electricity of the largest Oracle conference in the world, and the best Oracle unconference right in the heart of it all.

OakTable World 2014 – driven by the OakTable Network, an informal society of drinkers with an Oracle problem.