Automated Database Management

Oracle Solutions Provider Perspective

Abstract
Automation delivered from the Cloud to Oracle customers will dramatically reduce
the cost of ownership and the way services are delivered. New legislation such and
GDRP and CCPA, Cloud migrations and explosive database growth are forcing new
technologies to be adopted. This paper provides a technical and business overview
of our platform and the revenue opportunities for partners.
CONTENTS

About patchVantage............................................................ 1
Introduction ...................................................................... 2
1.1 Highly Scalable Enterprise Architecture ............................. 2
1.2 Key Features of Product.................................................. 3
1.3 SaaS – Reseller Benefits .................................................. 4
1.4 What does patchVantage do? ........................................... 4
1.5 Business Drivers ............................................................ 5
1.6 Addressable Market ....................................................... 5
1.7 Oracle as a Competitor.................................................... 5
1.8 Comparable Product – Sophos Endpoint Management ......... 6
1.9 Reduced Sales Cycle....................................................... 6
1.10 Pricing ......................................................................... 7
Getting Started................................................................... 8
1.11 Web Interface ............................................................... 8
1.12 Scheduling Work ........................................................... 9
1.13 API ............................................................................ 10
1.14 Topology .................................................................... 11
Deep Dive 12
1.15 SSH versus Agent......................................................... 12
1.16 Multi-Tenanted ........................................................... 13
1.17 Mobile Interface........................................................... 13
1.18 Hybrid Cloud Control .................................................... 14
1.19 One Click Database Patch Synchronization ....................... 15
1.20 Drag and Drop ............................................................. 16
1.21 Upgrade Templates and Collaboration ............................. 17
1.22 Data Masking Templates and Collaboration ...................... 18
1.23 Compliance Reporting Solution ...................................... 18
1.24 Managing Patch Conflicts .............................................. 18
1.25 Web Services .............................................................. 19
Understanding Value Creation ............................................. 20
1.26 Cost of a Patch Cycle .................................................... 20
1.27 Oracle Security Upgrades are Expensive .......................... 21
1.28 Reducing Downtime ..................................................... 22
1.29 Complexity Compressed into Single Line API .................... 23
Data-as-a-Service ............................................................ 24
1.30 DevOps Data Problem ................................................... 24
1.31 Why Data needs to be Redacted ..................................... 25
1.32 Secure Copies of Oracle in Minutes.................................. 25
Solving Oracle Complexity .................................................. 26
1.33 4-Levers..................................................................... 26
1.34 Example : Database-Security-as-a-Service ..................... 27
1.35 Example : Outsourcing Secure Data Delivery .................... 27
1.36 Example : Database Migration and Upgrade Service........... 28
Conclusions ..................................................................... 29
Appendix I ....................................................................... 30
1.37 Global Security Patching Costs (Manually) ........................ 30
Appendix II ...................................................................... 33
1.38 Pricing Calculation and ROI ............................................ 33
Appendix III ..................................................................... 34
1.39 Estimated Number of Oracle Databases ........................... 34
 Solution Architecture

About patchVantage
patchVantage is enabling security-as-a-service using automation technology which keeps
Oracle Databases , WebLogic and EBS Applications current, secure and compliant. Our aim is
to help organizations focus on innovation and let us manage the business of security and
maintenance.
Our REST API can compress complex security updates in a single command.

1
 Solution Architecture

Introduction
1.1 Highly Scalable Enterprise Architecture

The patchVantage platform enables organizations to automate the execution of patching, cloning,
backups and other administration functions for Oracle systems.

All functions can be performed using the web interface or REST API’s.

The technology stack consists of an ORDS application server running on top of an Oracle Database. It is
designed to manage large numbers of Linux Servers, Databases and Applications. The solution falls
into the category of Database as a Service (DBaaS).

Figure 1 Layered Architecture of Product

2
 Solution Architecture

1.2 Key Features of Product

Some of the salient features are described were essential to achieve customer traction

▪ Cloud Ready and Scalable – Built on an Oracle Database with ORDS and APEX(HTML5) Interface
it can be deployed on any Public Cloud(e.g. AWS or Azure ) to supply a Fortune 500 enterprise
architecture
▪ SSH – Using Java in the Database SSH and SFTP connections across public cloud or on-premise
▪ API – Complex Administration task are simplified using our Python developed API’s
▪ Cloud Agent – Customers can download Python agent and get immediate access to patching
▪ Modules – DBA Functions written in PL/SQL and designed to be extended and supported by
lower cost developers. New versions of Oracle are handled using meta-data without
programming changes
▪ Installation – The product can be installed on-premise/Cloud and configured in under an hour.
▪ Social Sign-On – On Demo versions users can get started using Azure and LinkedIn social sign-
on, this accelerates trials and reduces sales lead times
▪ Import Interface – Upgrade Solutions and Data Masks can be imported directly into product
▪ Oracle Download – Patches are downloaded automatically from Oracle’s website
(* Oracle Support Agreement Required )
▪ Drag and Drop – Patches also be uploaded using simple drag and drop
▪ Reporting – Customizable by User , can subscribe(daily, weekly etc.)
▪ Multi-tenant – Each user has private data, but this can be shared with other users if necessary
▪ AWS – Cloud API’s integration into the product which can control servers and S3 Storage access.
▪ Azure– Cloud API’s integration into the product which can control servers and BLOB Storage
access.
▪ Mobile – The user can perform some database administration task using mobile and What’s App
▪ SQL Server/MySQL – Using Java in the Database it can be integrated with other databases

3
 Solution Architecture

1.3 SaaS – Reseller Benefits

The product can be installed on-premise if necessary. When doing a pilot, we aim to provide a
virtualized copy of the software and a Cloud deployment for comparison. The benefits of the SaaS
solution are many.

▪ Defensible Intellectual Property

Competitors will not be able to reverse engineer the software

▪ Easily Supportable
Bug fixes and enhancements can be applied with minimal cost and disruption

▪ Potential Customers can Get Started in Minutes

Customer need only download the agent to start using the product on Cloud. [Faster Sales]

▪ AI
Collection of customer data allows machine learning to further automate work.

▪ Automated Account Trials

Social sign-on can be enabled to allow techies to try and buy with no direct sales. [Faster Sales]

▪ Easy and Sure Licensing

It’s impossible for a customer to evade or hack license fees. Simple to add more licenses.

▪ Long Term Retention

Oracle Customer will have long term retention(LTV)

▪ Revenue Growth
The number of Databases is always likely to increase , increasing revenue

▪ Monitor Transactions
View location of employees, replay work and repudiate, view customer jobs and resolve

1.4 What does patchVantage do?

In simple terms the product maintains Oracle systems – it is in fact a delivery mechanism for
best practice database operations management using SaaS. It is geared towards rapid high-
volume database patching with minimal downtime.

4
 Solution Architecture

1.5 Business Drivers

There are 6 key drivers which determine the product traction.

Gradually automation will replace Outsourcing firms and Inhouse teams

Driver Comment
Automation At Board level automation is seen as a priority to increasing efficiencies(KPMG)
GDRP and CCPA Compliance Security Patches and Data Masking are key requirements.
Cost of Data Breach Massive Fines(GDPR) and long-term impact of data breach is too costly
Explosive Database Volumes Some companies like Telstra have 10,000 databases, 12.5% Growth(Unisphere)
Cloud Moving critical data to the Cloud will demand applying more security patches
Agility Customers want speed and agility when handling their data ,just like the Cloud

1.6 Addressable Market

The product is focused on the Oracle Enterprise Database and Application market. The majority of the
Oracle’s 40Bn turnover is generated from support – supplying patches and upgrades – around 24Bn.
According to Gartner the annual cost to companies can be 4 times as much as cost to purchase
software, therefore Oracle Services could be worth around 70Bn.

Although the need to keep systems secure, compliant and current will increase rapidly it’s unclear that
the market size will increase only that the composition of work done by skilled administrators will
gradually be replaced with automation. Even Google is now refocusing its Cloud on Enterprise
customers.

1.7 Oracle as a Competitor

Oracle is shifting gear towards becoming a service provider and considers security patching a major
source of revenue through its Autonomous Database . However, there are serious issues with their
Cloud strategy

Not available for WebLogic or E-Business Applications

Severe Patching Restrictions

Upgrade Cost to 19c as most sites are still on 12c

Migration costs to Cloud

Cloud Vendor Lock-in and unpredictable price increases

99.9% Downtime only available on mission critical with standby at 2X cost

Oracle has less than 1.8% of the Cloud market according to Gartner.

5
 Solution Architecture

1.8 Comparable Product – Sophos Endpoint Management

Most of the Oracle administration is performed manually. Each company will have its own scripts and
procedures to semi-automate things like backups. If we contrast this to modern endpoint management
such as anti-virus for PCs or Linux servers, the current Oracle approach looks primitive.

It is widely accepted that all Oracle and non-Oracle databases will be patched automatically in the
future when migrated to the cloud. The issue is that most companies still run on-premise and there
needs to be a modern solution to address the compliance issues now.

Sophos Central runs on AWS EC2. The consumer downloads a small agent and installs this on the on-
premise PC/ Linux server. Once installed the agent will scan for viruses and alert the user of any issues.

1.9 Reduced Sales Cycle

The sales cycle is longer for an Enterprise customer but given the large number of databases per
customer the revenue target is in the range of 200K. Retention will last years and the opportunity to sell
other products and services is huge. Mid-market companies will make purchasing decisions faster.

Lead Generation DEMO Pricing & ROI Case Technical Evaluation Contract

It can take months build up a sales pipeline but once its set-in motion this will be continuous.

The Demo takes place on the Cloud and lasts about 1 hour.

Pricing is designed per customer, based on volume. Discounts apply for Development and Test

The ROI study we have helps the build a case within the business from senior management

The one area that can be shortened is the Technical Evaluation or the Valley of Death.

2 ways to achieve this currently are:

Install our API and run some simple scripts to patch against our servers at no risk or expense

This will show them what is possible………

The next step would be to install the low footprint agent on their test server.

Once installed they can upgrade their Oracle systems from the Cloud

It’s a totally different experience to on-premise evaluations and we can see what they are doing

They may choose another deployment going forward. However, they will have evidence it works and is
self-configuring. The partner can also manage the upgrades remotely from this point onwards.

Customers can also get started with 3 databases using a credit card

6
 Solution Architecture

1.10 Pricing

We use competition-based pricing to derive a price point. Appendix II shows that the average costs over
5 years to manually patch 80 Databases is 8000 USD per Database. Using Oracle’s on-premise tool, the
costs is around 4700 USD per Database.

The approach taken by our pricing specialist is to split any savings between the vendor and customer.
Any additional benefits can either be used to increase the price or help close a sale. This covers speed,
agility, less downtime and risk reduction.

Downtime reductions ,can be as high as 95% (which can costs 300K USD per Hour)
Faster vulnerability remediation reduces breach risk (e.g. patch 80 Databases in 10 minutes )
Less operators with no access to sensitive data reduces breach risk
Compliance reports means never missing security patch(e.g. Experian breach cost 700mUSD )
Schedule overnight and reduce overtime costs with no loss of service
Headcount freeze and improved productivity

The long-term goal is set pricing around 1500 -2000 USD per Database

7
 Solution Architecture

Getting Started
1.11 Web Interface
Login to the product using the URL provided. ( You may also use Social Sign on )

https://patchvantage.ai:8443/ords/f?p=101

Username: <your_username>
Password: ****

( * request additional logins and start patching from the Cloud : support@patchvantage.zendesk.com )

A dashboard will appear as displayed below:

Item Description
Main Menu: The major menu components are Dashboard, Import Data, Setup,
①
Operations, View, User Portal, Administration, Reports and Utilities. In this document
the focus will on Administration and Operations
Search: Quickly find any kind content using the search facility
②
Alerts: Important system alerts will appear in this box such as Oracle Alert File
③
Notifications, invalid logins etc. Press the HELP button for more information

8
 Solution Architecture

Console and SSH Login: You can login to the server or any Linux/UNIX server from
④
the web page without the need for Putty(Here)

1.12 Scheduling Work

The concurrent jobs screen will be frequently used to monitor the jobs submitted by the operators. The
progress of all your events(including API calls) can be monitored here. Upgrades can be very time
consuming and technical staff normally want to view the status of a patch.

Item Description
Auto Refresh: Automatically refresh the screen every 15 seconds
①
Actions: This option provides several ways to customize the output
②
See Interactive Grid Options
Cancel: Jobs can be cancelled by Selecting the Box on the LHS and pressing
③

View: Most processes produce a log file, and this can be displayed by clicking
④

9
 Solution Architecture

1.13 API
Many organizations may never login directly to the product using HTML. Instead they will simply call
one of many API’s that perform patching operations. This treats the product like a black box.

The client will be used to connect into the product and execute commands from the command line

Download the client using the navigation path Security Credentials -> Web Service Access Keys

Click on the button and take a note of your keys on the screen.

You need to install the file on your Linux server ( or Windows with Python )
After transferring the file unzip: unzip pv.ws.zip and Change Directory(cd) to the ws directory

You can examine the README. You must be logged in as root or sudo access

$ sh install.sh

In your .bash_profile add the following lines:

export PV_CLIENT_ID=<your_ID>
export PV_CLIENT_KEY=<your_KEY>
export PV_WS_URL=https://patchvantage.ai:8443

Finally test connectivity to the server : pv ping-main

It should reply with the latency. e.g. 0.0883769989014

Make sure your keys are accurate : pv get-uid

It should reply valid response e.g. user_valid-dba-xerox

10
 Solution Architecture

1.14 Topology

After setup on AWS multiple types of database can be managed from the platform

11
 Solution Architecture

Deep Dive
1.15 SSH versus Agent
Most on-premise customers are comfortable with Secure Shell Script. In order to improve the resilience
and offer the customer a choice there are 2 ways connect with the product to databases. This will be
the first decision that the product administrator needs to make.

▪ Secure Shell(SSH) – Using our Java API , file transfers and scripts can be executed against
servers. The advantage is no agent installation or maintenance, but it does mean a one-off
registration process and real-time monitoring is excluded.

▪ Agent – If you want to patch from the Cloud to on-premise then this is the only choice. In addition,
it provides real-time monitoring of data and performs automated discovery. Installation is simple
using a downloadable RPM file
Now Download the agent using the navigation path User Portal -> Web Service Access Keys

Click on the button

This will download an rpm suitable for Red Hat, CentOS, OEL ,Fedora Linux and Ubuntu

$ rpm -ivh –force pvInstall_xerox-1.240-1.el7.x86_64.rpm

Select the databases you want to be registered on pV by setting flag to Y in /etc/oratab

All the databases will be registered and DBaaS actions can begin

12
 Solution Architecture

1.16 Multi-Tenanted
The user that registered the databases has ownership. Only that user can view or perform any actions
against Oracle. However, sometimes they will need to share information with other users. This achieved
using security forms.

In addition to this segregation of duties is implemented using one of 4 roles ( admin, dba, operator ,user)
which enforces vastly different capabilities.

1.17 Mobile Interface

Some basic functionality such as backups, system reports and Self-Service Clones can be executed
using SMS ( What’s App in Development Beta Mode). This is achieved through integration with Twilio
and linking the mobile number to the User ID.

13
 Solution Architecture

1.18 Hybrid Cloud Control

Our approach is to give customers a choice and integrate with multiple Cloud vendors. Currently we
support AWS and Azure. What does this actually mean ?

▪ The product can have total control of the servers – when the Linux server is down it can be
started, and the patching cycle will be completed without manual intervention.
▪ When performing Cloud migrations and upgrades , servers can be created by the product with
the required storage and memory – completely automating the process
▪ Duplicating data across different regions requires full control of the Cloud server. This will
become more obvious in a later section but in the case of SNAP clones we might want to make
a Multi -Terabyte US database and provide a rapid [masked] copy to an offshore team in India
within minutes.
▪ Cheap storage for backups can be used (S3 or BLOB)after the backup is taken
▪ Provide access to your Cloud on behalf of a customer. It’s possible to permit DBaaS operations
using the API to your own Cloud but without the end-user having account access. In fact we use
this method to facilitate API evaluation and allow potential customers to run demo’s against our
own servers.
A managed service provider could use this to handle the infrastructure on the client’s behalf and
collect the AWS and Azure Billing data.

14
 Solution Architecture

1.19 One Click Database Patch Synchronization

Oracle patches are applied on top of a base release. Each database may have hundreds of patches.

In our experience working with most customers they have Zero information on the patch levels

When testing software, it is common practice to apply changes to a test database and then get testers
to validate that no regression took place, or the problem was solved. This can be an extensive effort
and I know of one case in an outsourcing company where the IT director was fired for testing a system
with incomplete fixes !

We offer a way to ensure that patches on master(tested and verified) can be rolled out in one click to all
other databases . These patches can be security related or otherwise. This is a unique feature of the
product and is possible because each time the product applies a patch to one database it maintains a
record of whether this patch is MISSING or APPLIED relative to all other databases.

It’s valuable because it means consistent outcomes and that important fixes can be applied quickly and
improve customer experience.

MASTER Software Release

RDBMS Patch Status Version Function

CRM 2799112 MISSING Development
18.1

CRM 2028444 APPLIED Pre-Production

18.1

CRM 2195541 APPLIED Test

18.1

HR 2805332 MISSING Test

18.1

HR 2713551 APPLIED Development

18.1

Meta Data collection easily allows synchronization in a click

15
 Solution Architecture

1.20 Drag and Drop

There are multiple ways to upload patches into the product. The default is for the software to connect
with Oracle and simply download the patch, analyze its contents to determine any special properties ,
extract the README file before loading into a central storage table . This will be totally invisible to the
operator.

A handy feature is to drag patch from your desktop into the Cloud if you already have patches.

The interface loads this into the storage table and performs the same analysis.

16
 Solution Architecture

1.21 Upgrade Templates and Collaboration

Upgrades consist of multiple patches applied in a sequence and pre-tested against a set of databases.

A high degree of skill is required to create these upgrades. Its better to have a few select DBA’s (
onshore or offshore ) develop these and then upload them to the SaaS platform.

Upgrades are the same across each version of the Database or Application with minor deviations, yet
customers keep re-inventing the wheel. Having a specialized team that produces the meta-data for
these will mean upgrades can be standardized globally and costs reduced.

Table 1 Upgrade Meta-Data Structure

Utility opatch(RDBMS) , adop or adpatch(EBS) , script ,control or group

Phase Most common is apply or rollback

Patch Number of Oracle Patch

Description Provide a description or fix based on README or Support Ticket

( * Meta-Data Upgrades Templates can only be executed using the product )

17
 Solution Architecture

1.22 Data Masking Templates and Collaboration

We provide data masking which uses the same regular expressions as DBMS_REDACT. Its reasonably
well known in the Oracle community and there many web articles to help people get up-to-speed. This is
not the case with vendors like Informatica and IRI.

Masking is much more specific to a company’s data, and therefore less scalable but it does have 50
libraries for SSN, Credit Cards etc.

1.23 Compliance Reporting Solution

In order to avoid an Experian missing patch disaster - which cost the company around 700M USD - we
provide reports that identify any missing security patches – they can subscribed daily to email. This is
only possible because we maintain a precise history of the patches.

Unlike any other software system there is no single version , instead each Oracle database can have
hundreds of patches applied which makes configuration management a nightmare. In order to collect
the history, specialized commands need to be executed by a DBA. However, the software manages this
component – in fact each time the database is started, historical information is reported back to the
Cloud.

1.24 Managing Patch Conflicts

Sometimes old applied patches conflict with new ones. This is a deficiency in Oracle’s support strategy

We manage this by rolling back any older security patches which then allows the new upgrade to work.

This process is automated and managed within our “Upgrade Template” feature.

18
 Solution Architecture

1.25 Web Services

Considerable use of REST Web Services is made to implement the software agent and the user API

This is made possible through the middle tier application called ORDS – which has no additional cost.

Currently we have around 30 distinct API calls which perform Database Management Operations

Download API Reference Guide

19
 Solution Architecture

Understanding Value Creation

1.26 Cost of a Patch Cycle
For each patch the following activities take place {Consists of a job set being executed.}

Table 2 The process required to patch an Oracle Database

Action Comment
Stop Database Required for most patches unless ONLINE is applicable
Download Patch Automatically Download patch if it does not exist in Repository
Upload Patch to Server Automatically Uploads patch to server if it does not exist
Perform RDBMS Pre-requisite Check Space Requirements, Compatibility with other patches etc.
Upgrade OPatch option to automatically upgrade OPatch based in prerequisite result
Apply Patch Apply the Patch
Start Database Start the Database in order to complete DataPatch
Post Patching DataPatch SQL Application
Update Patch History The product maintains accurate up-to-date patch history
E-mail results + send Text Message Send logfiles to administrator

We are solving the complexity issue by completely automating the time-consuming patch process .

Typically, a person would take at least 30 minutes to apply a patch this way.

The software reduces this to 10minutes ( CONSISTENTLY , with patch history and full audit trail )

DBA 100 databases would consume a total of 50 hours

patchVantage 100 databases takes a total of 10minutes

20
 Solution Architecture

1.27 Oracle Security Upgrades are Expensive

What is a security upgrade in Oracle terms ? It consists of one or more patches and scripts that need to
be applied in a specific sequence. Oracle requires that some “external “ machine or person figures out
what this upgrade looks like every 3 months and apply them to hundreds or even thousands of
databases depending on the size of the organization.

DBA’s have been delinquent at applying security patches – its hard work . However, companies are
adopting Cloud strategies and coupled with new laws like GDPR and CCPA that make security
patching(software) and data-masking(data) essential.

Oracle releases a quarterly document that must be interpreted by a DBA , who then creates the patching
recipe/solution . This is expensive and all 310,000 Oracle Database customers are expected to sort this
out each quarter . Importantly each solution is completely different depending on the version of
database or application. Almost every company has multiple versions of Oracle, so this becomes even
more costly.

Appendix I reveals what it would cost Oracle customers 100Bn’s USD to manually keep them secure,
compliant and current; however, this will be mandatory moving forward into Cloud adoption. There is
also the patching workload for bug fixes and enhancements which is not even discussed here.

21
 Solution Architecture

1.28 Reducing Downtime

The average cost of downtime is 300,000USD/hour for production systems. Development and Test
downtime affects productivity and delivery schedules, so this has a cost too. We reduce downtime
directly or indirectly as follows.

▪ Clustering
This is when databases or applications have multiple servers for resilience. A typical example is
Real Application Clusters(RAC) , about 15% of Oracle customer use this for mission critical
functions. Another example is WebLogic where there would be multiple application servers per
database.

The problem is that patching a cluster requires more skill with RAC operators earning up to 50%
more. It also means that each server must be stopped on-by-one and patched in a sequence.

patchVantage is agnostic to Clusters. It automatically detects a RAC database and quiesces

each node and applies the patch using Oracle supported commands.

▪ Out-of-Place Patching
Most of the downtime is incurred when copying the patch software to the Oracle source. For
large upgrades this can take hours. If we can copy the Oracle source and apply the updates
externally this reduces the downtime by up to 99% . The new source can then be ‘switched’ online
in minutes.

However, this requires more disk space and it also adds significant complexity and skills. There
is a greater chance of errors and downtime. Using our software this process is automated and
future extensions will allow the disk space to be acquired from AWS S3 storage.

▪ Faster patching but predictable downtime

The product is much faster at patching because it’s a machine. However, it can also give an
accurate indication of the downtime which is invaluable for the business. This would be nearly
impossible for large organizations to implement.

22
 Solution Architecture

1.29 Complexity Compressed into Single Line API

We know that Oracle patching is difficult, and customers have hundreds or thousands of databases.

The cost of downtime is also expensive and implementing reduction techniques is complex too.

The API is the simplest way to provide security-as-a-service

pv apply-security-patches --environment-names Finance-ERP

They will receive a report detailing any security patches that are missing. The aim is to make this Zero.

23
 Solution Architecture

Data-as-a-Service
1.30 DevOps Data Problem
Until now we have looked at patching which fixes vulnerabilities in the software. Equally important is
ensuring that sensitive data is not exposed to the wrong people. The difference in our approach is that
we combine rapid copies of the data and masking with a 99% reduction in disk space. Oracle
customers tend to have large databases(500Gb +) so this

A study of 460 customers from RedGate had these findings:

72% of respondents required a copy of Production for Dev, Test, QA etc

69% used a DBA to provision, very few used Self Service.

58% required weekly copies and 28% daily

69% used a DBA to provision, very few used Self Service.

83% agreed it was desirable to use production data for testing

The main factors restricting use are data security, storage and compliance

Companies are constrained by DBA’s who can take weeks to provision a copy of the data. We
conceived a solution to this problem after talking to a US Healthcare provider. The had a 20TB database
and had adopted the Agile method but this required daily sprints and multiple copies of production with
vast storage requirements. Development teams don’t run database performance tests as often as they
should, mainly because running them can require a near-copy of production hardware and they don’t
have the IT resources or budget to do that.

24
 Solution Architecture

1.31 Why Data needs to be Redacted

Its more important than ever to redact data. It can avoid fines under GDRP and CCPA.

Third parties or insiders cannot be trusted with the data. Data Breaches are expensive

1.32 Secure Copies of Oracle in Minutes

In 2015 Oracle introduced a valuable feature called dNFS which allowed backups to be used to provide
instant copies of the database with 99% reduction in disk space. Often companies want multiple
versions of production data for testers and developers.

Although specialized companies like Actifio provide solutions for this they are very expensive and
require bespoke trained DBA’s. Oracle Enterprise customers can leverage this for nothing, and it works
on low cost hardware.

The issue is the setup and database procedure required to make this copy(or clone) is extensive. Since
its relatively new many technical staff are not even aware of it. In our product we automate this
procedure and it’s even possible to project the Clone to a new Cloud server in a different region. The
most common way to activate this is through the API or Self-Service Clone .

The second part of the equation is masking. Just like patching solutions there is also a way for
technical staff to collaborate and develop data masks. Unlike most solutions from other data masking
companies our masks can be appended to the Clone to ensure a secure data pipe. This combination
results in super-fast masked copies of the data being made available anywhere.

25
 Solution Architecture

Solving Oracle Complexity

1.33 4-Levers
It solves complex issues using 4 levers : Collaboration, The Cloud , Automation & API’s

Collaboration

A central SaaS platform means that quarterly upgrades need only be created by a few people
Very Expensive E-Business Suite Upgrades can be developed offshore and executed onshore
Data Masking specialists(we use a known standard) can build solutions offshore
The upgrades are self-documenting and can be delivered consistently globally to databases

The Cloud

SaaS makes it possible to treat patching like a black box and it commoditizes costly upgrades
Public Cloud is leveraged globally to provide complex fully automated Oracle Data Management

Automation

Administration Procedures that normally require much skill and time are compressed
When applied to large numbers of databases the impact is enormous
Significant downtime reduction is now achievable at minimal cost

API

Complexity is greatly minimized using API’s

Human involvement with the product can be eliminated if necessary
A foundation exists for an AI or RPA abstraction

The focus will be to offer patching services first and then upsell data security.

26
 Solution Architecture

1.34 Example : Database-Security-as-a-Service

There are 310,000 Oracle Database customers. Provide a service that is managed from a single API call

How it works : A user is created for the customer with fixed number of database license

Customer downloads and installs on each server

( Videos and Documents will be available or Pay-As-You-Go-Support )

Once registered a daily API call is made.

pv apply-security-patches --environment-names CRM

If the security patches need to be applied an email will be send day(s) before.

The customer/partner can specify a time or using activity history this will be chosen

Email, text and What’s App notifications will be made

A compliance report will be send indicating any missing security patches

1.35 Example : Outsourcing Secure Data Delivery

The customer needs to supply copies of Data from the US to an Offshore Development center.

Regulation demands that no US data is provided without obfuscation . The database is 4TB in size and
the customer has the production environment on AWS. Development , Customer Support and BPO all
require a copy of the database daily.

The data is also used by offshore DBA’s to create patching solutions then uploaded to patchVantage

How it works : API makes a hot backup nighty from the production to flash storage ( 1 Hour )

API calculates Storage and Memory , then creates 3 AWS servers

API projects backup onto each server using NFS.

API creates SNAP clones, and the database is masked

Only when this process is complete are the URL and notifications sent to users

This ensures CCPA and GDPR rules will not result in fines or data breaches. This process should take
minutes ,is highly repeatable and consumes only 1% of the disk space.

27
 Solution Architecture

1.36 Example : Database Migration and Upgrade Service

Most Oracle customers are on relatively old versions of the database(HG Insights) . A service could be
provided to both migrate and upgrade to the Cloud for platforms already on Linux. Once this is done a
regular Database-Security-As-A-Service would be configured and offered to the customer.

This would be applicable to customers with less 500Gb and some accepted downtime(AWS)

How it works : The database for migration is first registered using the agent rpm as before

A backup of this database will be taken

The database will be shutdown

The software will use the information to create an upgrade job set

A server on AWS or Azure will be created with the correct memory and disk

Using the new Oracle 19c rpm the target environment will be installed

The compressed backup will be restored on the new server to S3

An upgrade will be performed

The new database will be registered, and on-boarding instructions sent to user

28
 Solution Architecture

Conclusions
Cybersecurity is only as strong as the weakest link, so it is necessary for Oracle customers to maintain
Compliance at the highest level and still overcome the prohibitive complexity tax that comes with Oracle.

Oracle maintenance is expensive with the average annual cost per database at 8000 USD. Delays caused
by the complex nature of patching and the sheer number of databases attenuates the company’s ability
to remain secure, compliant and current. Maintenance downtime severely impacts developer
productivity and customer service. Our aim is to greatly mitigate the cost of Oracle upgrades and allow
the customer to focus on innovation and remain competitive.

The Oracle market is heading for disruption – most of the work is carried out by armies of nebulous
administrators with little or no oversight. This primitive and siloed approach resembles the way Linux
was managed before the advent of Public Cloud – far removed from self-service. Yet despite this the
concept of minimum viable product(MVP) does not apply. It needs to be a complete Enterprise solution
that can compete with Oracle tools. However, even this is not enough because the next generation of
system architects wants on-demand SaaS based solutions that can dramatically reduce costs with
negligible training or planning.

We solve the problem by leveraging 4 key technologies : The Public Cloud, API’s, Automation and
Collaboration brought together using a SaaS platform. It creates an opportunity to acquire long term
revenue and build relationships with some of the biggest companies in the world.

Unlike most SaaS Solutions that simply provide reports or contact information(e.g. Panaya) we manage
critical infrastructure. It is built using a highly scalable architecture with the potential to manage millions
of databases. There is very considerable IP invested in this product that ensures scarcity and few
competitors.

Our sales approach is to offer security-as-a-service using our patching API and then introduce other
solutions like self-service data provisioning and redaction.

Deliver Quarterly Security Upgrades to 310,000 Oracle Customers Globally

Estimated 134m Oracle Databases Globally
Reduce downtime in Enterprises by up to 95%
Automate the rapid provisioning of redacted data across the public Cloud
Reduce the risk of fines from CCPA and GDRP through immediate patching and redaction
Faster maintenance with as much as 80% cost reduction
No training or setup costs
No CAPEX

29
 Solution Architecture

Appendix I
1.37 Global Security Patching Costs (Manually)

This assumes that all Oracle customers (Oracle Fact Sheet) apply security patches to their
environments.

Oracle customers already spend 24Bn USD on Oracle Support and possibly up to another 3 times as
much on people(Gartner)

E Average number of Databases or Applications(Environments)

P Number of Patches per Quarter

DBA1 DBA Cost to create upgrade solution

DBA2 DBA Cost to apply patches

DT Global Cost of Patching Downtime ∫n(P)

MGT Cost of Managing and coordinating upgrades and multi-discipline teams ∫n(P)

Annual Global Manual Security Upgrade Cost = ∑ (E * P * DBA2 + DBA1 + DT + MGT) * 4 * 310,000

30
 Solution Architecture

Example : Oracle Database (Manually)

Attached is an example for the Oracle Database, typically 2 or 3 patches. Applying these is an easy sell
to the IT department because database patches do not affect the functionality of the application.

Patch Operator Patch Number Phase

opatch 29799057 apply
opatch 29548437 apply
Figure 2 Quarterly CPU for RDBMS April 2019 19c

E 400

P 2

DBA1 1 Days@ 40 USD/hour , 320 USD

DBA2 2 hours Duration , 80 USD ( DBA’s usually take a day to do an upgrade )

DT 30mins@300,000K per hour, 150K ( only assumed an issue for 1 production )

MGT 10 % of DBA Cost, 4848 USD

Estimated Cost = ( 400 * 80 + 3232 + 150,000 ) * 310,000 * 4

Approx. 229 Bn ( 43.6 Bn in Operations and 186 Bn in Downtime )

* Customers run 3+ versions of the database (Unisphere) , our model is based on one, underestimating impact

* Downtime on test/development databases means lost productivity, underestimating financial impact

31
 Solution Architecture

Example : Patching Oracle E-Business Suite (Manually)

Attached is an example of an Oracle E-Business Suite Security Upgrades for April 2018 Version 12.2.7.
This upgrade has 16 patch steps that requires a specialized Applications DBA . These operators
normally cost 40% more than regular DBA’s because of the higher skills set. Although our primary focus
is database patching the product can also manage ERP and its mentioned here to seriously highlight
the cost of owning Oracle.

In this version the total patching cycle lasts 1 hour but in 12.2 there is a useful feature to reduce
downtime by 80% . There are an estimated 40,000 E-Business Suite Customers .

Patch Operator Patch Number Phase

adgrants 27468058 apply
adop 27468058 prepare
adop 27468058 apply
adop 27468058 finalize
adop 27468058 cutover
adop 27468058 cleanup
adop 25678888 prepare
adop 25678888 apply
adop 25678888 finalize
adop 25678888 cutover
adop 25678888 cleanup
adop 26282050 prepare
adop 26282050 apply
adop 26282050 finalize
adop 26282050 cutover
adop 26282050 cleanup
Figure 2 Quarterly CPU for EBS April 2018 12.2.7

E 75

P 16

DBA1 3 Days@ 60 USD/hour , 1440 USD

DBA2 4 hours Duration , 240 USD ( DBA’s usually take a day to do an upgrade )

DT 20mins@300,000K per hour, 100K ( only assumed an issue for 1 production )

MGT 10 % of DBA Cost, 1944 USD

Estimated Cost = ( 75 * 240 + 1440 + 1944 + 100,000 ) * 40,000 * 4

Approx. 7.4Bn ( 3.4 Bn in Operations and 4Bn in Downtime )

32
 Solution Architecture

Appendix II
1.38 Pricing Calculation and ROI

The attached spreadsheet has detailed analysis for an Oracle customer with 80 Databases .

You can change parameters such as labor cost and growth rates according to your business.

In summary

[1] The cost over 5 years using a Database Administrator is 8000 USD per Database
[2] The cost over 5 years using Oracle’s On-Premise automation is 4700 USD per Database

Download Pricing Calculation

33
 Solution Architecture

Appendix III
1.39 Estimated Number of Oracle Databases

The extrapolated number of databases from the Unisphere survey is 134m for 2020.

Download Database Calculation

34