Operational Prerequisites to Maximizing Availability

6.1 Understand Availability and Performance SLAs

Understand and document your high availability and performance service-level agreements (SLAs):

Understand the attributes of High Availability and various causes of downtime as described in Overview of High Availability.
Get agreement from line of business, upper management, and technical teams on HA and performance service level agreements as described in High Availability Requirements, and A Methodology for Documenting High Availability Requirements.

6.2 Implement and Validate a High Availability Architecture That Meets Your SLAs

Once you have agreement on your high availability and performance service level requirements, map requirements to one of Oracle's standard and validated architectures as described in High Availability and Data Protection – Getting From Requirements to Architecture. Evaluate Outage and Planned Maintenance matrices relevant for your MAA referenced architecture similar to those found in Oracle Database High Availability Solutions for Unplanned Downtime, and Oracle Database High Availability Solutions for Planned Downtime. For more details about your chosen MAA reference architecture, refer to High Availability Architectures.

See Also:

High Availability Architectures

http://www.oracle.com/goto/maa for Oracle MAA white paper "High Availability Best Practices for Database Consolidation: The Foundation for Database-as-a-Service"

6.3 Establish Test Practices and Environment

Validate and automate repair operations to ensure that you meet your target high availability service-level agreements (SLAs). You should validate the backup, restore, and recovery operations and periodically evaluate all repair operations for various types of possible outages.

If you use Data Guard for disaster recovery and data protection, Oracle recommends that you perform periodic switchover operations or conduct full application and database failover tests. Also, periodically execute Application and Data Guard switchovers to fully validate all role transition procedures.

A good test environment and proper test practices are essential prerequisites in achieving the highest stability and availability in your production environment. By validating every change in your test environment thoroughly, you can proactively detect, prevent and avoid problems before applying the same change on production.

These practices involve the following:

Topics:

See Also:

6.3.1 Configuring the Test System and QA Environments

The test system should be a replica of the production MAA environment (for example, using the MAA Gold tier). There will be trade offs if the test system is not identical to the MAA service-level driven standard reference architecture that you chose. It's recommended to execute functional, performance and availability tests with a workload that mimics production. Evaluate if availability and performance SLAs are maintained after each change and ensure that clear fallback or repair procedures are in place if things go awry while applying the change on the production environment.

With a properly configured test system, many problems can be avoided because changes are validated with an equivalent production and standby database configuration containing a full data set and using a workload framework to mimic production (for example, using Oracle Real Application Testing).

Do not try to reduce costs by eliminating the test system because that decision ultimately affects the stability and the availability of your production applications. Using only a subset of system resources for testing and QA has the tradeoffs shown in Table 6-1, which is an example of the MAA Gold tier.

Table 6-1 Tradeoffs for Different Test and QA Environments

Test Environment	Benefits and Tradeoffs
Full Replica of Production and Standby Systems	Validate all patches and software changes. Validate all functional tests. Full performance validation at production scale. Full high availability validation.
Full Replica of Production Systems	Validate all patches and software changes. Validate all functional tests. Full performance validation at production scale. Full high availability validation minus the standby system. No functional, performance, high availability and disaster recovery validation with standby database.
Standby System	Validate most patches and software changes. Validate all functional tests. Full performance validation if using Data Guard Snapshot Standby but this can extend recovery time if a failover is required. Role transition validation. Resource management and scheduling is required if standby and test databases exist on the same system.
Shared System Resource	Validate most patches and software changes. Validate all functional tests. This environment may be suitable for performance testing if enough system resources can be allocated to mimic production. Typically, however, the environment includes a subset of production system resources, compromising performance validation. Resource management and scheduling is required.
Smaller or Subset of the system resources	Validate all patches and software changes. Validate all functional tests. No performance testing at production scale. Limited full-scale high availability evaluations.
Different hardware or platform system resources but same operating system	Validate most patches and software changes. Limited firmware patching test. Validate all functional tests unless limited by new hardware features. Limited production scale performance tests. Limited full-scale high availability evaluations.

Oracle Database Testing Guide

6.3.2 Performing Preproduction Validation Steps

Pre-production validation and testing of hardware, software, database, application or any changes is an important way to maintain stability. The high-level pre-production validation steps are:

Review the patch or upgrade documentation or any document relevant to that change. Evaluate the possibility of performing a rolling upgrade if your SLAs require zero or minimal downtime. Evaluate any rolling upgrade opportunities to minimize or eliminate planned downtime. Evaluate whether the patch or the change qualifies for Standby-First Patching.

Note:

Standby-First Patch enables you to apply a patch initially to a physical standby database while the primary database remains at the previous software release (this applies to certain types of patches and does not apply to Oracle patch sets and major release upgrades; use the Data Guard transient logical standby method for patch sets and major releases). Once you are satisfied with the change, then perform a switchover to the standby database. The fallback is to switchback if required. Alternatively, you can proceed to the following step and apply the change to your production environment. For more information, see "Oracle Patch Assurance - Data Guard Standby-First Patch Apply" in My Oracle Support Note 1265700.1 at https://support.oracle.com/CSP/main/article?cmd=show&type=NOT&id=1265700.1
Validate the application in a test environment and ensure the change meets or exceeds your functionality, performance, and availability requirements. Automate the procedure and be sure to also document and test a fallback procedure. This requires comparing metrics captured before and after patch application on the test and against metrics captured on the production system. Real Application Testing may be used to capture the workload on the production system and replay it on the test system. AWR and SQL Performance Analyzer may be used to assess performance improvement or regression resulting from the patch.

Validate the new software on a test system that mimics your production environment, and ensure the change meets or exceeds your functionality, performance, and availability requirements. Automate the patch or upgrade procedure and ensure fallback. Being thorough during this step eliminates most critical issues during and after the patch or upgrade.
Use Oracle Real Application Testing and test data management features to comprehensively validate your application while also complying with any security restrictions your line of business may have. Oracle Real Application Testing (a separate database option) enables you to perform real-world testing of Oracle Database. By capturing production workloads and assessing the impact of system changes on these workloads before production deployment, Oracle Real Application Testing minimizes the risk of instabilities associated with system changes. SQL Performance Analyzer and Database Replay are key components of Oracle Real Application Testing. Depending on the nature and impact of the system change being tested, and on the type of system on which the test will be performed, you can use either or both components to perform your testing.

When performing real-world testing there is a risk of exposing sensitive data to non-production users in a test environment. The test data management features of Oracle Database help to minimize this risk by enabling you to perform data masking and data subsetting on the test data.
If applicable, perform final pre-production validation of all changes on a Data Guard standby database before applying them to production. Apply the change in a Data Guard environment, if applicable.
Apply the change in your production environment.

See Also:

Data Guard Redo Apply and Standby-First Patching and Data Guard Transient Logical Rolling Upgrades for more information about Data Guard standby-first patch apply and transient logical standby method

Oracle Database Testing Guide

Oracle Data Guard Concepts and Administration for complete information about Converting a Physical Standby Database into a Snapshot Standby Database

Oracle Data Guard Concepts and Administration for more information about Performing a Rolling Upgrade With an Existing Physical Standby Database

Oracle GoldenGate For Windows and UNIX Administrator's Guide for more information about Oracle GoldenGate

http://www.oracle.com/goto/maa for Oracle MAA white paper "Oracle Database Rolling Upgrades: Using a Data Guard Physical Standby Database"

See "Oracle Patch Assurance - Data Guard Standby-First Patch Apply" in My Oracle Support Note 1265700.1 at https://support.oracle.com/CSP/main/article?cmd=show&type=NOT&id=1265700.1

6.4 Set Up and Use Security Best Practices

Corporate data can be at grave risk if placed on a system or database that does not have proper security measures in place. A well-defined security policy can help protect your systems from unwanted access and protect sensitive corporate information from sabotage. Proper data protection reduces the chance of outages due to security breaches.

See Also:

Oracle Database Security Guide.

6.5 Establish Change Control Procedures

Institute procedures that manage and control changes as a way to maintain the stability of the system and to ensure that no changes are incorporated in the primary database unless they have been rigorously evaluated on your test systems, or any one of the base architectures in the MAA service-level tiers.

Review the changes and get feedback and approval from your change management team, which should include representatives for any component that affects the business requirements, functionality, performance, and availability of your system. For example, the team can include representatives for end-users, applications, databases, networks, and systems.

6.6 Apply Recommended Patches and Software Periodically

By periodically testing and applying the latest recommended patches and software versions, you ensure that your system has the latest security and software fixes required to maintain stability and avoid many known issues. Remember to validate all updates and changes on a test system before performing the upgrade on the production system.

Furthermore, Oracle health check tools such as orachk (supporting Non-Engineered Systems and Oracle Database Appliance) and exachk (supporting Engineered Systems such as Oracle Exadata Database Machine, Exalogic, Zero Data Loss Recovery Appliance, and Big Data Appliance) provide Oracle software upgrade advice, critical software update recommendations, and patching and upgrading pre-checks, along with its system and database health checks and MAA recommendations.

See Also:

"Oracle Recommended Patches -- Oracle Database" in My Oracle Support Note 756671.1 at https://support.oracle.com/CSP/main/article?cmd=show&type=NOT&id=756671.1

"Exadata Database Machine and Exadata Storage Server Supported Versions" in My Oracle Support Note 888828.1 at https://support.oracle.com/CSP/main/article?cmd=show&type=NOT&id=888828.1

"ORAchk - Health Checks for the Oracle Stack" in My Oracle Support Note 1268927.2 at https://support.oracle.com/CSP/main/article?cmd=show&type=NOT&id=1268927.2

"Oracle Exadata Database Machine exachk or HealthCheck" in My Oracle Support Note 1070954.1 at https://support.oracle.com/CSP/main/article?cmd=show&type=NOT&id=1070954.1

6.7 Execute Disaster Recovery Validation

Disaster recovery validation is required to ensure that you meet your disaster recovery service level requirements such as RTO and RPO.

Whether you have a standby database, Oracle GoldenGate replica, or leverage database backups from Zero Data Loss Recovery Appliance (Recovery Appliance), ZFS Storage, or another third party, it is important to ensure that the operations and database administration teams are well prepared to fail over or restore the database and application any time the primary database is down or underperforming, according to a predetermined threshold. By reacting and executing efficiently, which includes detection and making the decision to fail over or restore, overall down time can be reduced significantly.

If you use Data Guard or Oracle GoldenGate for high availability, disaster recovery, and data protection, Oracle recommends that you perform regular application and database switchover operations every three to six months, or conduct full application and database failover tests.

Periodic RMAN cross checks, RMAN backup validations, and complete database restore and recovery are required to validate your disaster recovery solution using your existing backup solution. With Recovery Appliance there are inherent backup checks and validations done automatically within the appliance, but periodic restore and recovery tests are still recommended.

See Also:

Oracle Database High Availability Best Practices for more information about configuring Oracle Data Guard and role transition best practices

Oracle Data Guard Concepts and Administration for information about role transitions

Oracle Data Guard Broker for information about switchover and failover operations

Zero Data Loss Recovery Appliance Administrator's Guide

6.8 Establish Escalation Management Procedures

Establish escalation management procedures so repair is not hindered. Most repair solutions, when conducted properly are automatic and transparent with the MAA solution. The challenges occur when the primary database or system is not meeting availability or performance SLAs and failover procedures are not automatic as in the case with some Data Guard failover scenarios. Downtime can be prolonged if proper escalation policies are not followed and decisions are not made quickly.

If availability is the top priority, execute repair and failover operations first and then proceed with gathering logs and information for Root Cause Analysis (RCA) after the application service has been reestablished. For simple data gathering, use the Trace File Analyzer Collector (TFA).

See Also:

For more information about MAA outage and repair, check the MAA web page on the Oracle Technology Network (OTN) at http://www.oracle.com/goto/maa

My Oracle Support note 1513912.2 “TFA Collector - Tool for Enhanced Diagnostic Gathering” at 1513912.2

6.9 Configure Monitoring and Service Request Infrastructure for High Availability

To maintain your High Availability environment, you should configure the monitoring infrastructure that can detect and react to performance and high availability related thresholds before any downtime has occurred. Also, where available, Oracle can detect failures, dispatch field engineers, and replace failed hardware components such as disks, flash cards, fans, or power supplies without customer involvement.

Topics:

6.9.1 Execute Database Health Checks Periodically

Oracle database health checks are designed to evaluate your hardware and software configuration and MAA compliance to best practices. All of the Oracle health check tools will evaluate Oracle Grid Infrastructure, Oracle Database, and provide an automated MAA scorecard or review that highlights when key architectural and configuration settings are not enabled for tolerance of failures or fast recovery. For Oracle's engineered systems such as Exadata Database Machine, there may be hundreds of additional software, fault and configuration checks.

Oracle recommends periodically (for example, monthly for Exadata Database Machine) downloading the latest database health check, executing the health check, and addressing the key FAILURES, WARNINGS, and INFO messages. Use exachk for Engineered Systems such as Oracle Exadata Database Machine, Exalogic, Zero Data Loss Recovery Appliance, and Big Data Appliance, and use orachk for Non-Engineered Systems and Oracle Database Appliance.

Furthermore, it is recommended that you execute the health check prior to and after any planned maintenance activity.

Evaluate existing or new critical health check alerts prior to planned maintenance window
Evaluate adding any new recommendations to the planned maintenance window after testing
Evaluate existing software or critical software recommendations

See Also:

My Oracle Support Note 1268927.2 "ORAchk - Health Checks for the Oracle Stack" at https://support.oracle.com/CSP/main/article?cmd=show&type=NOT&id=1268927.2

My Oracle Support Note 1070954.1 "Oracle Exadata Database Machine exachk or HealthCheck" at https://support.oracle.com/CSP/main/article?cmd=show&type=NOT&id=1070954.1

6.9.2 Configure Oracle Enterprise Manager Monitoring Infrastructure for High Availability

You should configure and use Enterprise Manager and the monitoring infrastructure that detects and reacts to performance and high availability related thresholds to avoid potential downtime. The monitoring infrastructure assists you with monitoring for High Availability and enables you to do the following:

Monitor system, network, application, database and storage statistics
Monitor performance and service statistics
Create performance and high availability thresholds as early warning indicators of system or application problems
Provide performance and availability advice
Established alerts and tools and database performance
Receive alerts for engineered systems hardware faults

See Also:

Oracle Database High Availability Best Practices for information about monitoring for high availability

Oracle Enterprise Manager Cloud Control Advanced Installation and Configuration Guide for information about detecting and reacting to potential problems and failures

The MAA Best Practices area for Enterprise Manager at http://www.oracle.com/goto/maa for Enterprise Manager and Exadata manageability best practices

6.9.3 Configure Automatic Service Request Infrastructure

In addition to monitoring infrastructure with Enterprise Manager in the Oracle high availability environment where available, Oracle can detect failures, dispatch field engineers, and replace failing hardware without customer involvement. For example, Oracle Automatic Service Request (ASR) is a secure, scalable, customer-installable software solution available as a feature. The software resolves problems faster by using auto-case generation for Oracle's Solaris server and storage systems when specific hardware faults occur.

See Also:

See "Oracle Automatic Service Request" in My Oracle Support Note 1185493.1 at

https://support.oracle.com/CSP/main/article?cmd=show&type=NOT&id=1185493.1

6.10 Check the Latest MAA Best Practices

MAA solutions and best practices continue to be developed and published on the Oracle Technology Network (OTN) at http://www.oracle.com/goto/maa.

For Oracle Database MAA best practices, refer to the Oracle Databases, Exadata Database Machine, Zero Data Loss Recovery Appliance, and Oracle Cloud pages.

The MAA solution encompasses the full stack of Oracle technologies, so you can find MAA best practices for Oracle Fusion Middleware, Oracle Fusion Applications, Oracle Applications Unlimited, Oracle Exalytics, Oracle Exalogic, Oracle VM, and Oracle Enterprise Manager Cloud Control on the MAA pages.