Elective-Database Administration – CSIT 7th Semester

Unit-6: Multitenant Database Architecture

Introduction:
Oracle Multitenant is a new architecture in Oracle database 12c and later version to
support cloud infrastructure and consolidation (integration) strategies in the data
centers. The new database option will allow the database practitioners to
consolidate multiple physical databases within a single database. The option can be
exercised in Oracle Database 12c Enterprise Edition and later version and fully
compliant with other database features like Real Application Clusters and Data
Guard. The major benefits of Oracle Multitenant option is easy adoption,
manageability, database isolation and security, and resource prioritization for each
database.

The Multitenant Architecture

The multitenant architecture enables an Oracle database to function as a
multitenant container database called CDB.

Multi-tenancy is an architecture in which a single instance of a software

application serves multiple customers. Each customer is called a tenant. Tenants
can be given the ability to customize some parts of the application, such as
interface, business rules, but they can't customize the application's code.

The Multitenant architecture allows a single super container (“Container” alias

CDB) to shelter multiple other containers (“Pluggable” alias PDB). From the
server subsystem, there is only one database i.e. the container database, and
therefore only one instance (and one SID) is available i.e. the CDB, while each
application sees only the specific PDB to which it connects to. There is no
application code change required while connecting to a PDB. Each PDB runs as a
service within the CDB but ensures complete security and isolation amongst them.

A CDB includes zero, one, or many customer-created pluggable databases (PDBs).

A PDB is a portable collection of schemas, schema objects, and non-schema
objects that appears to an Oracle Net client as a non-CDB. All Oracle databases
before Oracle Database 12c were non-CDBs.

By Lec. Pratik Chand, Page 1

 Elective-Database Administration – CSIT 7th Semester

Containers in a CDB

A container is logical collection of data or metadata within the multitenant

architecture.

Every CDB has the following containers:

 Exactly one root: The root stores Oracle-supplied metadata and common
users. An example of metadata is the source code for Oracle-supplied
PL/SQL packages. A common user is a database user known in every
container. The root container is named CDB$ROOT.
 Exactly one seed PDB: The seed PDB is a system-supplied template that
the CDB can use to create new PDBs. The seed PDB is named PDB$SEED.
You cannot add or modify objects in PDB$SEED.
 Zero or more user-created PDBs: A PDB is a user-created entity that
contains the data and code required for a specific set of features. For
example, a PDB can support a specific application, such as a human
resources or sales application. No PDBs exist at creation of the CDB. You
add PDBs based on your business requirements.

The following figure shows a CDB with four containers: the root, seed, and two
PDBs. Each PDB has its own dedicated application. A different PDB administrator
manages each PDB. A common user exists across a CDB with a single identity. In
this example, common user SYS can manage the root and every PDB. At the
physical level, this CDB has a database instance and database files, just as a non-
CDB does.

It the diagram bellow hrpdb and salespdb are pluggable database inside the
container CDB. Seed PDB$SEED is the template which is used to create a new
pluggable database.

By Lec. Pratik Chand, Page 2

 Elective-Database Administration – CSIT 7th Semester

Fig: CDB with two PDBs

User Interfaces for the Multitenant Architecture

You can use the same administration tools for both CDBs and non-CDBs.

For example, you can use the following tools in a multitenant environment:

 SQL*Plus: SQL*Plus is a command-line program that you use to submit

SQL and PL/SQL statements to an Oracle database.
 SQL Developer: SQL Developer provides another GUI for accessing your
Oracle database. SQL Developer supports PDB provisioning.
 Oracle Enterprise Manager Cloud Control (Cloud Control): Cloud
Control is an Oracle Database administration tool that provides a graphical
user interface (GUI). Cloud Control supports Oracle Database 12c targets,
including PDBs, CDBs, and non-CDBs.
By Lec. Pratik Chand, Page 3
 Elective-Database Administration – CSIT 7th Semester

 Oracle Enterprise Manager Database Express (EM Express): EM

Express is a web-based management product built into the Oracle database.
EM Express enables you to provision and manage PDBs, including the
following operations:
o Creating and dropping PDBs
o Plugging in and unplugging and PDBs
o Cloning PDBs
o Setting resource limits for PDBs
 Oracle Database Configuration Assistant (DBCA): DBCA enables you to
create CDBs or non-CDBs, and create, plug, and unplug PDBs.

Benefits of Multitenant Database Architecture:

 Better Consolidation (integration) density: Comparing to the virtualization
approach or dedicated databases approach, one can achieve a better
consolidation density using Oracle 12c or later version Multitenant option.
The reason being that the Multitenant architecture uses a single copy of the
redundant bootstrap components of a database i.e. background process,
memory and system metadata. Schema based consolidation can give a better
consolidation density but restricts the management activities like patching,
upgrading, and recovery.
 Improved Manageability: One can leverage „Manage many as one‟
capabilities using Multitenant option. All the pluggable databases can be
backed up by just backing up the container, while point-in-time-recovery can
still be done at the PDB level. All pluggable databases can be upgraded or
patched by just performing the activity at the container level. All the PDBs
acquire the database release number or the patch set level of the container in
which they are placed. Data guard can be setup for the container and each
new PDB on the primary site will be auto discovered at the standby site.
 Data Mobility made easy: The unplug and plug operation of a PDB eases
the data mobility across the containers. This feature finds wide scope of
application in real time scenarios. For example, a PDB can comply to a
specific service level agreement (SLA) at one stage. To raise the SLA terms,
the PDB can be simply unplugged from the current container and plugged
into the new container which complies with the new SLA. Independent

By Lec. Pratik Chand, Page 4

 Elective-Database Administration – CSIT 7th Semester

Software Vendors (ISVs) can ship their development PDBs to the

customer‟s container database.
 Easy provisioning of databases: In 12c Multitenant world, the database
provisioning would be possible using SQL or self-service PDB provisioning
application. In addition, it supports thin provisioning of tenants on copy-on-
write supported file systems.

Creating CDB:
To create a Container Database (CDB) in Oracle, you can use the Database
Configuration Assistant (DBCA) tool or the SQL command "CREATE
DATABASE".

Using DBCA:
 Start the DBCA tool.
 Select "Create a Database"
 Select "Advanced Options" and then "Container Database"
 Follow the prompts to configure the CDB

Using SQL:
 Connect to the SQL*Plus command line
 Run the following command to create the CDB:

SQL> CREATE DATABASE cdbname

CONTAINER = ALL / PRIMARY
USER sys IDENTIFIED BY password
USER system IDENTIFIED BY password
LOGFILE GROUP 1 ('/path/to/redo01.log') SIZE 100M,
GROUP 2 ('/path/to/redo02.log') SIZE 100M
CHARACTER SET AL32UTF8
NATIONAL CHARACTER SET AL16UTF16
EXTENT MANAGEMENT LOCAL
DATAFILE '/path/to/system.dbf' SIZE 400M
SYSAUX DATAFILE '/path/to/sysaux.dbf' SIZE 400M
DEFAULT TABLESPACE tbsdefault
By Lec. Pratik Chand, Page 5
 Elective-Database Administration – CSIT 7th Semester

DATAFILE '/path/to/users.dbf' SIZE 500M

UNDO TABLESPACE tbsundo
DATAFILE '/path/to/undo.dbf' SIZE 200M;
AUTOEXTEND ON;

Character Set:

A character set in an Oracle database refers to the set of characters that can be
stored and used in the database. It defines the way characters are represented in the
database, including the encoding and mapping of characters to specific code points.

Oracle supports several character sets, including the following:

 AL32UTF8: a Unicode character set that supports all languages and can
store any character in the Unicode standard.
 UTF8: a Unicode character set that supports all languages, but can only
store characters in the Unicode Basic Multilingual Plane (BMP).
 WE8MSWIN1252: a character set that supports the Western European
languages and is commonly used for data in the United States and Western
Europe.

When creating a new database or table, you can specify the character set to be
used. If you do not specify a character set, Oracle will use the default character set
for the database or table. You can also change the character set of an existing
database or table, but it can be a complex process and can impact the data stored in
the database.

It is important to choose an appropriate character set for the data you will be
storing in the database, as using the wrong character set can lead to data corruption
or loss, and also affect the performance of the database.

National Character Set:

A national character set in an Oracle database is a character set that is specific to a

particular country or region and is used to store characters that are not part of the
standard character set. These characters are typically used for languages that have
unique characters or diacritical marks.
By Lec. Pratik Chand, Page 6
 Elective-Database Administration – CSIT 7th Semester

For example, the AL16UTF16 character set is a national character set that is used
for storing Chinese, Japanese, and Korean characters. It is a Unicode character set
and allows for storing any character in the Unicode standard.

When creating a new database or table, you can specify both a character set and a
national character set. The national character set is used to store characters that are
not part of the standard character set and are specific to a particular country or
region.

It is important to note that the national character set must be a subset of the
character set, and the use of a national character set can affect the performance of
the database.

It's important to choose an appropriate national character set for the data you will
be storing in the database, as using the wrong national character set can lead to
data corruption or loss, and also affect the performance of the database.

Extent Management:

In an Oracle database, an extent is a group of contiguous data blocks that are

allocated to a specific segment, such as a table or index. The extent management
system in Oracle is responsible for allocating and deallocating extents as needed to
manage the storage of data in the database.

SYSAUX datfile:

In an Oracle database, the SYSAUX datafile is a datafile that is part of the

SYSTEM tablespace and is used to store various types of auxiliary information,
such as the data dictionary and undo information. The SYSAUX datafile is created
automatically when the database is created and is typically located in the same
location as the other datafiles for the SYSTEM tablespace.

The SYSAUX datafile contains a variety of information, including:

 Data dictionary: The data dictionary is a set of tables and views that
contains information about the structure of the database, such as the tables,
indexes, and constraints.

By Lec. Pratik Chand, Page 7

 Elective-Database Administration – CSIT 7th Semester

 Undo data: The undo data is used to roll back transactions and is used for
read consistency and crash recovery.
 Other auxiliary information: The SYSAUX datafile also contains other
types of information, such as the data for the Oracle Scheduler, the
Automatic Workload Repository (AWR), and the Automatic Database
Diagnostic Monitor (ADDM).

It is important to monitor the size of SYSAUX datafile, because if the SYSAUX

datafile becomes full, it can cause the database to fail. To avoid this, you can
increase the size of SYSAUX datafile by using the Alter database command.

Creating PDB:
Creating a pluggable database (PDB) in Oracle is a multi-step process that involves
several different commands and options. The basic steps for creating a PDB in
Oracle are:

 Create a container database (CDB) if you don't have one already.

 Connect to the CDB as a user with the CREATE PLUGGABLE
DATABASE privilege, such as the SYS user.
 Use the CREATE PLUGGABLE DATABASE command to create the PDB.
This command requires several options, including the name of the PDB and
the location of the PDB's datafiles.

Command for PDB inside the CDB:

SQL> create pluggable database xepdb2
admin user xepdb2adm identified by xepdb2adm
roles = (pdb_dba)
storage (maxsize 1G)
default tablespace tbs_xepdb2
datafile'C:\app\product\18.0.0\oradata\XE\xepdb2\datafile\xepdb2_01.dbf' size
200k autoextend on
path_prefix = 'C:\app\product\18.0.0\oradata\XE\xepdb2\'
create_file_dest = 'C:\app\product\18.0.0\oradata\XE\xepdb2\';

By Lec. Pratik Chand, Page 8

 Elective-Database Administration – CSIT 7th Semester

After creating the PDB alter database from mount mode to open mode. To do this
execute following command.

SQL> alter pluggable database xepdb2 open;

Database in Cloud:
Oracle Database is available in the cloud through the Oracle Cloud Infrastructure
(OCI) platform, which is a collection of cloud-based services that can be used to
deploy and manage Oracle databases in the cloud.

The three cloud service models are Infrastructure as a Service (IAAS), Platform as
a Service (PAAS), and Software as a Service (SaaS).

With Oracle Database in the cloud, users can create and manage databases using
the same tools and features as on-premises Oracle databases, but with the added
benefits of cloud-based infrastructure. This allows users to take advantage of the
scalability, availability, and cost-effectiveness of the cloud.

There are several different options for deploying Oracle Database in the cloud,
including:

 Oracle Autonomous Database: This is a fully-managed service that

automatically creates, scales, and patches Oracle databases in the cloud. It
uses machine learning to optimize database performance and minimize
downtime.
 Oracle Database Cloud Service: This is a platform-as-a-service (PaaS)
offering that allows users to deploy and manage Oracle databases in the
cloud using the same tools and features as on-premises Oracle databases.
 Oracle Cloud Infrastructure (OCI) Virtual Machine: This option allows
users to deploy and manage Oracle databases in the cloud using virtual
machines. Users have full control over the underlying infrastructure and can
customize their database environment to meet their specific requirements.

Oracle also offers a range of services to help with migration of on-premises

databases to the cloud. Additionally, the database can be integrated with other

By Lec. Pratik Chand, Page 9

 Elective-Database Administration – CSIT 7th Semester

services provided by OCI like the Object Storage, Load Balancer and Identity
Access Management (IAM).

Core cloud concepts supported by OCI are:

 High availability: Cloud resources are always available and do not have
single point of failure.
 Disaster Recovery: Enable quick recovery or continuation of service from
any kind of downtime.
 Fault Tolerance: Ensure minimal downtime.
 Scalability: Support scaling of resources up or down (vertical scaling), in
or out (horizontal scaling).
 Elasticity: Ability to quickly scale resources including VMs and storage.
 Pricing: Capital expenditure (CAPEX) spent for fixed assets such as
physical infrastructure. Operational expenditure (OPEX) spent for
operational cost such as utility and power.

OCI Architecture

The four main components that constitute the OCI architecture are:

Region: These are geographical locations around the world where the cloud
services are available.

Availability Domain: These are isolated data centers located within a region.

Fault Domain: These are logical data centers within an availability domain.

Compartment: These are logical collection of related resources.

Though availability domains are isolated they are connected to each other by low
latency, high bandwidth network. Each AD consists of three fault domains for high
availability of resources. Resources placed in different fault domains do not share
single point of failure. Compartments help to isolate and control access to the
resources in the cloud.

By Lec. Pratik Chand, Page 10

 Elective-Database Administration – CSIT 7th Semester

Some notable features of compartments are:

 Compartments can be nested up to six levels.
 Each resource can belong to only one compartment.
 Resources can be deleted or added to the compartment.
 Resources can interact with other resources in different compartments.
 Resources can be moved from one compartment to another.
 Resources from multiple regions can be in the same compartment.
 Budget is assigned for resources located in the compartment.

OCI Services:
OCI services can be divided into five categories:

 Compute Service
 Storage Service
 Network Service
 Identity and Access Management Service
 Database Service

Compute Service:

OCI offers five types of compute services:

 Bare metal
 Virtual machine
 Dedicated virtual host
 Container engine
 Function.

Bare metal offers just the physical server without any virtualization. Virtual
machines offer the virtualization layer in addition to the server. In case of
dedicated virtual host the user gets complete control of the VMs running on the
host. In container engine user will be only managing the application as the OS also
is managed by the cloud provider. Finally, in case of Oracle Function user is
responsible for only the code and rest everything is taken care. The highlight of

By Lec. Pratik Chand, Page 11

 Elective-Database Administration – CSIT 7th Semester

Oracle Functions is that user has to pay only for the resources consumed during the
execution of the code.

Storage Service:

Oracle offers four types of storage services:

 Block storage: Data is stored as fixed size blocks. There is no metadata

stored. It is a remote and network based storage. User can do periodic
backup of the block volume. It can be manual or automated.
 Local NVMe: This is temporary storage that is attached to the compute
instance. The data is not available once the instance dies, which is not the
case in other types of storage.
 File storage: This is a hierarchical collection of documents organized into
directories. It is a type of network storage that is highly durable. Backups
can be taken as snapshots.
 Object storage: In this all kinds of data such as image, video, documents
are stored as objects in a bucket. These are stored in single flat structure,
without a folder hierarchy. Hence, data retrieval is very fast and even
metadata is stored. It is highly scalable and commonly used to store Big
Data, and unstructured data. In archive object storage rarely accessed data
can be stored for long periods with less cost.

You can choose the required type of storage based on the type and volume of data,
data durability, and performance.

Networking Service:

A Virtual Cloud Network (VCN) provides networking capabilities in OCI. VCN is

a software defined private network that is set up in OCI. It enables your cloud
resources to securely communicate through the internet with other instances
running in OCI or your on-premises data centers. Data is routed on the internet
through public or private means depending on the type of network connection.

 Internet gateway provides connection between the VCN and the internet
and its public connection.

By Lec. Pratik Chand, Page 12

 Elective-Database Administration – CSIT 7th Semester

 NAT gateway provides private connection to the internet as it blocks

inbound connection from the internet.
 Dynamic Routing Gateway (DRG) provides secure connection between
the on-premises environment and the VCN.
 Service gateway connects public OCI services such as object storage with
the VCN in a secure way.
 Peering is a terminology used for the communication between VCNs.

Identity and Access Management Service:

Identity refers to user who is requesting for access, and Access refers to type of
permissions granted to the user or principal. Here principal can be a user or an
instance. The first user in OCI is always the administrator who will provide access
and permission to other users. Here a user has to belong to a group and each group
needs to be associated with a policy. Policy will have details of the resources for
which permission is given to the user. Policy can be attached to a compartment as
it is a collection of resources.

Authentication of the user is done in 3 ways:

 First is through the straightforward method of using username and password

 Second is through API signing keys
 Third is by using authorization tokens

Database Service:
The main objective of database backup is high availability and disaster recovery.
OCI offers five different types of database services namely, Virtual Machine DB
system, Bare Metal DB system, Oracle RAC, Exadata DB system, and
Autonomous DB.

 VM DB system uses block storage that can be quickly provisioned.

 Bare Metal DB system leverages local storage that provides high
performance.

By Lec. Pratik Chand, Page 13

 Elective-Database Administration – CSIT 7th Semester

 Oracle RAC enables user to cluster databases where same database is

shared by different instances.
 Exadata DB system is a managed storage service suitable for transaction
data.
 Autonomous DB is a self-driving, self-securing, and self-repairing service
that supports CPU and storage scaling without any downtime. Two kinds of
workloads are supported by Autonomous DB. One is Autonomous
Transaction Processing (ATP). Another is Autonomous Data Warehouse
(ADW).

Oracle data guard replicates databases to survive data corruptions or disasters.

OCI Security
OCI provides Shared Security model. Users are responsible for securing their data
and Oracle secures the underlying infrastructure. Users are responsible for patching
applications and operating system.

 Data safe is used to protect sensitive and regulated data residing in the
Oracle cloud databases.
 Key Management or Oracle Vault encrypts storage and database services.
 Keys are stored on highly available and durable Hardware Security Modules
(HSM).
 OCI also supports centralized key management where users can use their on-
premises environment keys.
 The Identity and Access Management service supports Multi-Factor
Authentication (MFA).
 Web application firewall can be used to authenticate HTTP traffic.
 OCI also offers compliance certifications such as HIPAA.

End of Unit-6

By Lec. Pratik Chand, Page 14