At Risk for an Oracle Audit? We Can Help

Amazon RDS for Oracle vs. Oracle on AWS EC2

by | Aug 31, 2021 | Uncategorized | 0 comments

It’s 2021, and while a significant portion of the IT sector is adopting the cloud to some degree, there are still plenty of clients that have questions about running Oracle databases in the cloud. In AWS, there are two ways to run Oracle Database workloads: EC2 and RDS. This article offers a quick introduction to each service, and some key differences between them.

What is Amazon EC2?

In a nutshell, Amazon’s Elastic Compute Cloud (EC2) offers virtual machines to customers. When you launch (create) an EC2 instance you have choices to make regarding the resources that your virtual machine will use:

  • Choice of processors
  • Memory
  • Storage
  • Networking

AWS offers a wide selection of instance types that are appropriate for different use cases. Different instance types are backed by different physical CPU models. The different instance sizes within each type offer preconfigured combinations of vCPUs, memory, as well as varying storage and networking capacity. Some of the AWS EC2 instance types include Compute Optimized, Memory Optimized and Storage Optimized. For Oracle databases House of Brick generally recommends either R5 or R5B, which are both included in the Memory Optimized family, with R5B allowing for greater I/O throughput when the workload requires it.

There are multiple methods for creating an EC2 instance, but one of the easiest is to deploy from an Amazon Machine Image (AMI). An AMI is a template that contains an OS, configurations, and optional software (i.e. web/application server, application software, etc.). For your first EC2 build, you can pick an AMI from the Amazon Marketplace. As of this writing there are many flavors/versions of Linux available, as well as multiple versions of Microsoft Windows Server. You can even find AMIs that have the OS and Oracle Database software already installed and configured.

Using AWS EC2 instances is very similar to using on-premises servers: you manage the server yourself. You have complete access to the OS, and are responsible for patching the OS, installing and/or patching application software, applying security updates, etc.

What is Amazon RDS for Oracle?

AWS RDS is Amazon’s Relational Database Service. AWS RDS has many different database platforms that are supported, but this article will focus solely on Oracle Database. Amazon describes their offering as “a fully managed commercial database that makes it easy to set up, operate, and scale Oracle deployments in the cloud.”[1] What does this mean? With a few clicks you can provision a database instance, running either Standard Edition 2 (SE2) or Enterprise Edition (EE) with the resources that suit your needs. When you deploy an Oracle RDS instance you will have, usually in a matter of minutes, a database instance that you can start working with. No waiting for requisitions to go through, or waiting on the availability of administrators to install/configure an OS, install Oracle binaries, create a new database, etc. – you can have an Oracle database in its own container in minutes.

AWS RDS runs on EC2, so you’ll still have choices to make with regards to how much compute power you’ll need, storage type and memory. Again, House of Brick usually recommends R5 and R5B for Oracle databases, due to the ratio of memory-to-vCPU.

What are the differences?

AWS RDS is going to be easier to get started with than EC2. Once your RDS instance is launched, you have an empty database that you can immediately start working with. There are some trade-offs to have the AWS RDS service maintain your Oracle Database for you, though. A few of them are listed below:

  • AWS RDS for Oracle does not support every version of Oracle Database. As of this writing, the following versions are supported[2]:
    • Oracle Database 12c Release 1 (12.1.0.2)
    • Oracle Database 12c Release 2 (12.2.0.1)
    • Oracle Database 18c – Oracle deprecated support for Oracle Database 18c (18.0.0.0) on July 1, 2021. Effective that same date, AWS RDS for Oracle began upgrading all Oracle Database 18c instances to Oracle Database 19c automatically. You can no longer create new Oracle Database 18c instances with Amazon RDS.
    • Oracle Database 19c (19.0.0.0)
  • RDS does not grant you SYSDBA access. This makes sense, as you’re paying for a database service, and RDS is managing your database for you. AWS RDS is taking care of the administration for you, and ensuring the integrity of the database, and one way to ensure this is to keep the SYSDBA privileges in-house. You do have access to a master user with the following system privileges:
ALTER DATABASE LINK

ALTER PUBLIC DATABASE LINK

DROP ANY DIRECTORY

EXEMPT ACCESS POLICY

EXEMPT IDENTITY POLICY

GRANT ANY OBJECT PRIVILEGE

RESTRICTED SESSION

EXEMPT REDACTION POLICY

and the following database roles:

AQ_ADMINISTRATOR_ROLE

AQ_USER_ROLE

CONNECT

CTXAPP

DBA

EXECUTE_CATALOG_ROLE

RECOVERY_CATALOG_OWNER

RESOURCE

SELECT_CATALOG_ROLE

You can use the master user to set up other schemas in the database and administer them using the master user account.

  • AWS RDS will patch the database software on a scheduled basis.

This may take a little getting used to for some; however, it ensures that Oracle’s quarterly security patches will be applied in a timely manner. When you create an RDS instance, you define a maintenance window. This window will be used to apply any patches that RDS deems mandatory (i.e. security-related patches). You do have some flexibility to defer patches, but not indefinitely. You can be sure that any patches that are applied have been tested by both Oracle and AWS.

  • RDS takes automatic backups (via snapshot) of your database. These backups are available according to a retention policy that you specify. With EC2, you schedule and maintain your own backups (either via snapshot or traditional RMAN backups).
  • RDS does not offer any direct OS access. There is no prompt to login to the database server. For many Oracle shops, connections to the database are made via a connect-string, without logging in to the database host, and RDS will work for those cases. However, if you have any processes that read or write from/to files, then this could be problematic.

I said that RDS does not offer any direct OS access. AWS does provide some PL/SQL procedures for dealing with files:

  • You can create directories by calling
    • rdsadmin_util.create_directory, and drop them using by calling rdsadmin.rdsadmin_util.drop_directory. This can be useful if you’re using Data Pump to load data into your database.
  • You can list the files in a directory by calling
    • rds_file_util.listdir.
    • And, you can read a text file by calling
      • rds_file_util.read_text_file.
  • With EC2 you can select your own OS; you also patch and maintain your OS.
  • With EC2 you install your own software.

 

What About Oracle licensing?

  • Amazon RDS for Oracle offers a license included option for Standard Edition One (SE1) and Standard Edition Two (SE2).
    • Oracle licensing costs are built-in to the AWS costs.
    • No dealing with Oracle, as your contract is with AWS, not Oracle. Note that this means that you do not have a CSI with which to login to My Oracle Support. If you have an active AWS Premium Support account you should contact AWS Premium Support for both Amazon RDS and Oracle Database specific service requests.[3]
    • License Included terms do not allow for applications that are “hosted” to 3rd Basically, License Included cannot be used for SaaS products[4].
  • Oracle RDS for Enterprise Edition and EC2 are both BYOL.
    • Since AWS is in Oracle’s list of approved cloud vendors[5], you are allowed to license selected Oracle products[6] counting vCPUs instead of counting physical cores.
    • It is generally more expensive to license Oracle products on a vCPU-basis vs. physical core-basis. In traditional on-premises environments, the Oracle Processor Core Factor Table[7] is used, whereas in AWS it generally isn’t. Using x86 CPUs as an example, in an on-premises environment you total the number of physical cores that your Oracle programs are installed and/or running on and apply the Core Processor Licensing Factor of 0.5 to arrive at the number of processor licenses you need for Oracle products. In AWS, if you’re licensing by vCPU, 2 vCPUs count as 1 processor license as long as hyper-threading is enabled, or 1 vCPU counts as 1 processor if hyper-threading is not enabled. Essentially, licensing physical cores enables you to license more physical cores per Oracle processor license than if you license by vCPU.
  • You can still use traditional processor-based licensing in AWS, as you would on-premises, but you’d have to lease entire physical hosts to do so. If you have questions regarding Oracle licensing in the cloud, reach out to House of Brick, we’d love to discuss it with you.

 

Which is Right For You?

Oracle workloads run well on both EC2 and RDS, but you need to decide which one is right for your environment. AWS has shown a history of listening to what their customers want and incorporating many of those changes into their offerings. You can be sure that moving into AWS will allow you the opportunity to run on current compute and storage resources, without costly hardware-refresh projects.

When discussing Oracle database options with clients one of the first questions I ask is whether or not any direct OS access is needed on the database server. The requirements for direct OS access could include any of the following:

  • Individual user OS accounts
  • Shell scripts
  • Regular use of UTL_FILE operations
  • External tables
  • 3rd party software

If any of these apply to your application then RDS may not be suitable for you.

If you’d like to relieve your DBA of the burdens of patching, backups and other maintenance tasks, freeing them up to focus on application-specific administrative duties, then RDS may be the better choice for you.

If your application can run on Oracle Database SE1 or SE2, and you’d prefer to not have any direct dealings with Oracle, RDS can be a very attractive option. Again, if you choose RDS for Oracle with the License Included option, your contract is with AWS, not Oracle; as long as you abide by the terms of the AWS Service Terms you shouldn’t have to deal with Oracle.

If you’re considering a move to the cloud and have any architectural, technical or licensing questions, feel free to reach out to House of Brick. We will be happy to discuss how House of Brick can assist in quickly identifying solutions for you.

 

 

 

[1] https://aws.amazon.com/rds/oracle/

[2] https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Oracle.Concepts.database-versions.html#Oracle.Concepts.FeatureSupport.12c

[3] https://aws.amazon.com/rds/oracle/faqs/

[4] https://houseofbrick.com/oracle-proprietary-application-hosting-dangers-in-aws-rds/

[5] https://www.oracle.com/assets/cloud-licensing-070579.pdf

[6] https://www.oracle.com/us/corporate/pricing/authorized-cloud-environments-3493562.pdf

[7] https://www.oracle.com/us/corporate/contracts/processor-core-factor-table-070634.pdf

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *