Professional Documents
Culture Documents
.
3
www.tpc.org top ten tpmC results where the operating system being used was either
Linux or \indows as o ,,2008
4 Source IDC 200 \orldwide RDBMS market share results
5 See http:,,en.wikipedia.org,wiki,SQL_slammer_,computer_worm,
6 See http:,,nd.nist.go,
Determining Database VaIue: OracIe Database 11g Compared to SQL Server 2008Page 8
1his is because the number o published ulnerabilities is not by itsel a good
indicator o the security proided by a gien sotware product because:
1. 1be vvvber of rvtverabititie. i. vot av ivaicatiov of tbe breaatb of .ecvrit, featvre.
ivctvaea iv a .oftrare rograv. A piece o lawless code ,i.e. ree o ulnerabilities,
may proide no security controls whatsoeer!
2. 1be vvvber of vbti.bea rvtverabititie. aeeva. airectt, of tbe rvtverabitit, ai.cto.vre
oticie. of tbe revaor. 1he Critical Patch Update documentation proides detailed
inormation about ulnerabilities in Oracle products and their respectie
seerity using the Common Vulnerability Scoring System ,CVSS, standard.
3. 1bere i. vo .tavaara aroacb to covvt rvtverabititie.. lor example, how
should one account or a ulnerability aecting a single section o code but
exploitable through arious interaces lurthermore, current reporting system
such as the National Vulnerability Database oten account or a ulnerability
more than once, thus artiicially inlating the number o reported ulnerabilities
or a gien product.
\ith Oracle Sotware Security Assurance, Oracle has been committed to leading
the industry in terms o sotware security assurance practices. Oer the years,
the company has deeloped strong security coding standards, and with oer 25
independent security ealuations the company has a proen track record with its
secure deelopment practices. lurthermore, with the Critical Patch Update,
Oracle proides one o the most transparent ulnerability remediation programs
in the industry, oering a predictable patching schedule and standard-based
criticality ratings, reducing as much as possible the cost and complexity
associated with applying security patches in Oracle enironment and proiding
Oracle customers with a superior security posture. Mea.vrivg tbe qvatit, of a iece
of .oftrare b, tbe vetric of vvvber of rvtverabititie. atove i. aoivg a ai..errice to cv.tover.`
8
,
customers need to holistically reiew the security assurance practices o a
endor and ealuate the security eatures that are most releant to them in order
to make the best security choice or their organization.
Microsot only began to ormulate its 1rustworthy Computing concept in a
memo written in 2002
9
. 1he concept might hae been new to Microsot but had
been an accepted practice by enterprise sotware endors such as Oracle rom
the beginning. Microsot SQL Serer has submitted to only two third-party
security ealuations. 1he irst was against the now obsolete US 1CSLC ,Orange
Book,. Microsot SQL Serer completed an ealuation against the Common
Criteria at LAL2 and is currently seeking its ery irst common criteria LAL4-
See Lchelon One`s research note: Security Criteria lor Selecting A Database`, dated
January 29, 2008
9
1rustworthy Computing \ikipedia
Determining Database VaIue: OracIe Database 11g Compared to SQL Server 2008Page 9
ealuation. Oracle's database was the irst to receie an LAL4 certiicate o any
type against Common Criteria.
One should also take into account the breadth and maturity o the security
eatures aailable. 1he table below illustrates Oracle`s leadership in this area
ersus Microsot in this decade.
MANAGEABILITY
I 5 o the aerage I1 budget is dedicated to operational costs, it makes
sense that by reducing the labor intensie and at times complex task o
maintaining a database management system, a business could reap signiicant
ROI.
It may be inherently unair to compare Oracle Database 11g ersus Microsot
SQL Serer 2008 in the area o manageability because each product has
traditionally sered a signiicantly dierent user base. \hile Oracle has been
supporting larger, critical enterprise enironments or thirty years, Microsot has
traditionally ocused on the needs o the lower end, small business or
departmental user. \hile database administrators hae historically managed
Oracle databases, application deelopers or other indiiduals, not dedicated
database administrators, hae traditionally maintained Microsot SQL Serer.
lor this reason, it is oten a apples to oranges comparison to try and look at
simplistic ratios such as DBA to instance managed or gigabyte to DBA ratios.
Determining Database VaIue: OracIe Database 11g Compared to SQL Server 2008Page 10
\hen considering the cost o management we must consider measures such as
transaction olumes, database size, and critical nature o the database. Users must
also consider the rate o change or the application or the database itsel as this
actor directly impacts the cost o managing a database as well as the oerall
aailability o the system. It is comparatiely easy to maintain a database with ery
ew users, low criticality and where nothing much eer changes than it is to manage
a ery high olume and dynamic enironment. As one CIO summed it up, ra.
feetivg cov.traivea b, tbe Micro.oft atb ava ove of tbe targe i..ve. baa at tbe tive ra.
Q errer beivg abte to /ee v ritb tbe erforvavce tbat re reqvirea ovt of it.
Coivg ritb .v.taivea, ovgoivg grortb of tbe teret tbat re bare i. vo .vatt i..ve. t`.
.igvificavt, .vb.tavtiat, ovgoivg grortb, ava it ba.v`t cbavgea for fire ,ear.,
10
Oracle has traditionally oered a great deal o isibility into the perormance
internals o its database. Database Administrators or years were content to
write scripts that accessed Oracle`s V> perormance iews and use the proided
tools ,e.g., 1KPro, S1A1SPack,. As the needs o the Oracle user base hae
grown, Oracle had to adapt to the changing reality that the requirement or
more inormation would continue to increase. Database administrators were
being asked to assume new responsibilities to meet these challenges, tasks such
as inormation consolidation, inormation liecycle planning, security and
regulatory standards. DBAs were becoming more inoled in higher-leel tasks,
leaing less time or manual, labor intensie and error prone repetitie tasks
oten associated with database management.
Business needed a database that could be sel-monitoring and sel-healing, one
that could help DBAs to tackle the most labor intensie and error prone tasks.
A typical DBA works an aerage o ity hours per week, much o their time
spent doing tasks that could be done by the system itsel. 1he goal should be to
not only ree up key personnel or higher alue tasks but to reduce human error
that can create aailability issues.
Manageability spans many disciplines including object change management,
backup and recoery, perormance monitoring and tuning, security in-depth
administration to name a ew. Many o these tasks require experienced ,i.e.
expensie, personnel and are ery labor intensie. 1o automate these tasks the
database would need to be designed in such a way as to shit the burden o
these tasks to the database system itsel.
Oracle Database 11g and Oracle Database 10g beore it, deliered on this
promise by signiicantly instrumenting the code and deliering best-o-breed
management tools.
Both Oracle Database 11g and Microsot SQL Serer 2008 bundle a GUI based
management tool with eery ersion o the database. Oracle reers to its tool as
Oracte vterri.e Mavager Databa.e Covtrot while Microsot SQL Serer reers to
10
www.zdnet.com.au Migration News: \indows to Linux and ice ersa April 24, 2006
ra. feetivg cov.traivea b, tbe
Micro.oft atb ava ove of tbe targe
i..ve. baa at tbe tive ra. Q
errer beivg abte to /ee v ritb tbe
erforvavce tbat re reqvirea ovt of it.
- Paul \oung, CIO \oti.com
Determining Database VaIue: OracIe Database 11g Compared to SQL Server 2008Page 11
its tool as Q errer Mavagevevt tvaio. \hile Oracle`s tool is l1ML based,
enabling ubiquitous access or administrators to manage enironments rom
anywhere while signiicantly simpliying installation, SQL Serer Management
Studio is client based. Oracle Lnterprise Manager Database Control oers
manageability reports, alert notiication, scheduling, object management,
security management and much more.
Oracle Database 11g also oers Oracte vterri.e Mavager Cria Covtrot as a
bundled eature. Grid Control utilizes the same interace and includes all the
eatures o Lnterprise Manager but it extends the management capability
beyond simply the database to enable end-to-end management and monitoring
or things like the application serer, serer OS and the storage tier.
ExtensibiIity
\hile Microsot SQL Serer 2008 oers a basic collection o tools, it oers
zero extensibility beyond those tools een though the user is basically orced
into using an entire Microsot sotware stack. Oracle realizes that data centers
operate in a mixed endor enironment. \e recognize that the aerage
administrator must manage many application enironments so Oracle`s
management tools were designed or these real-world enironments.
Oracle Lnterprise Manager Grid Control oers a number o management plug-
ins to enable monitoring and management o third party sotware including
databases, application serers, and operating systems.
Oracle also oers adanced management option packs or the ollowing areas:
Automatic, historical perormance monitoring and analysis
Adanced and automated SQL tuning
Dynamic and sel learning perormance thresholds or improed
management by exception
Patch proisioning and installation
Adanced Object Change Management
Oracle realizes that data centers
operate in a mixed endor
enironment. \e recognize that
the aerage administrator must
manage many application
enironments so Oracle`s
management tools were designed
or these real-world
enironments.
Determining Database VaIue: OracIe Database 11g Compared to SQL Server 2008Page 12
Let`s look at a ew o the dierentiating eatures between Oracle Database 11g
and Microsot SQL Serer 2008 in the area o manageability.
Capability Oracle Database JJg Microsoft SQL Server
2008
l1ML based
management console
\es No, requires client install
on all systems
Lnd-to-Lnd mgmt o
entire system rom
single console
\es No, O,S, middleware,
serers, or network can
be monitored.
Manage by Lxception \es, automatic upon
install - proactie
No, tracing must be
turned on after a
problem is reported.
Rerun workload
Storage Management \es Automatic Storage
Management is a eature
o all Oracle Database
11g editions. Supports
tiered storage, auto
rebalancing and
mirroring
No equialent
Online table
reorganization or
redeinition
\es, tables or indexes
can be changed ,e.g.,
moed, reorganized,
deinitions changed,
while queries, updates,
and deletes continue
Partial, Indexes can be
built online with
concurrent access to
underlying tables. No
1able online changes
howeer
listorical repository o
perormance statistics
\es, enables in-context
perormance trending
and dynamic alert
thresholds
\es but only or
reporting
Automatic database
diagnostic analysis
\es, proactiely and
automatically identiies
problems and notiies
DBA with correctie
adice
No, All perormance
issues must be manually
monitored and
diagnosed. Seeral tools
required: SQL Proiler, SQL
1race, Actiity Monitor,
ShowPlan, DBCC cmds
1he aboe table illustrates only a small number o the many dierentiating
eatures relatie to managing Oracle Database 11g ersus a Microsot SQL
Determining Database VaIue: OracIe Database 11g Compared to SQL Server 2008Page 13
Serer 2008 database. \ith oer a decade head start, Oracle users hae already
met and oercome many o the management challenges that the majority o
Microsot SQL Serer users hae yet to experience but will, assuming they
expect change to come in the orm o a larger user base and more inormation
to manage.
BUSINESS VALUE (TCO) AND BUSINESS AGILITY
\hile we hae mentioned some o the typical areas in which organizations hae
traditionally compared database solutions on during a purchase ealuation ,and
certainly there are more we could mention, perhaps the largest dierentiator is
dealing with business change.
1he Pressure to Adapt to Change
As the aboe igure indicates, Gartner Group has ound the rate o change to
be the greatest pressure on I1 organizations. Not surprisingly cost, aailability
and complexity all o which are directly impacted by change are also ranked
near the top, as I1`s biggest challenge.
1oday business is more dependent on its I1 inrastructure that eer beore. A
business`s ability to change is directly related to the ability o its I1
inrastructure to change. I the inormation inrastructure is too complex,
meaning that there are too many vvvber. o things to manage and too many
/iva. o things to manage, then change becomes expensie and it usually
impacts aailability o an application, either intended ,i.e. planned, or
unintended.
Microsot has long touted its superior total cost o ownership ,1CO, and
supports this distinction by comparing their pricing ersus Oracle. It certainly
would be easy i 1CO could be calculated simply on the purchase price o
sotware. Covvter !orta looked into the 1CO debate back in May o 2003 as
Determining Database VaIue: OracIe Database 11g Compared to SQL Server 2008Page 14
the debate oer ree` sotware was gathering steam. Ater researching a
number o studies, their realization was that tbe rice of .oftrare it.etf rbetber it.
free or vot i. .o tor retatire to tbe 1CO tbat it va, bare tittte ivact ov tbe ovtcove of 1
ivre.tvevt aeci.iov. for vav, vrcba.er.. v vo.t ca.e., tbe rice of .oftrare rorea to be te..
tbav 10 of tbe totat co.t of orver.bi.`
1he global inormation economy has orced business to rethink the dimensions
o what it means to be aailable and secure and where true long-term database
alue exists. 1he increasing dependence on inormation technology means that
business cannot adapt to change unless its I1 inrastructure can also adapt,
aster and at a lower cost and most importantly without impacting aailability.
So bv.ive.. agitit, is becoming the dierentiating actor in any strategic I1
inrastructure decision because that is where the greatest risk exists.
1erms like agility get thrown around by marketers about as much as the term
1CO, at Oracle we hae tried to clearly deine what I1 agility means and to
engineer towards that goal:
the ability of the business to innovate its
information infrastructure while sustaining the
system's availability and utilizing all computing
resources to their fullest potential to reduce
capital and operational costs.
1he reason why changing an I1 enironment is oten slow and raught with
pain is because there has neer been a sae way to accurately test changes beore
they are introduced into production. Oracle Database 11g addresses this issue
with the introduction o the Oracle Reat .ticatiov 1e.tivg option. Instead o
using scripts and simulations, Real Application 1esting can capture the actual
production workload and replay that workload on a changed test enironment.
Real Application 1esting will analyze the impact o those changes on the
production workload. Since this is not a simulation but the actual workload, we
can compare execution perormance and drill into and ix those issues that may
hae become broken or regressed in perormance. So Oracle Real Application
1esting enables organizations to test saely, accurately and in a shorter amount
o time. 1his means that companies can innoate aster.
Microsot SQL Serer 2008 and all o the other Microsot deelopment tools
that are oered do not proide the accuracy, ease, and speed that Oracle
Database 11g can. 1esting can take many man months to accomplish and is
crucial to enabling change, howeer Microsot SQL Serer not only oers no
equialent, it does not een oer the underlying inrastructure to make change
happen saely.
Oracle Database 11g has engineered a sae and cost eectie adaptie
inrastructure. As preiously mentioned, Oracte Reat .ticatiov Ctv.terivg enables
you to scale to additional serer nodes on demand and balance workloads
across them automatically without downtime. So adaptie scalability along with
Microsot SQL Serer and all o
the other Microsot deelopment
tools that are oered do not
proide the accuracy, ease, and
speed that Oracle Database 11g
can.
Determining Database VaIue: OracIe Database 11g Compared to SQL Server 2008Page 15
high aailability on low cost commodity serers proides companies an
extremely agile inormation inrastructure on which to build or uture change.
Data Cvara, a bundled eature o Oracle Database 11g Lnterprise Ldition can
maintain disaster recoery sites much in the manner o SQL Serer 2008 Data
Mirroring. Data Guard howeer enables organizations to make use o this
redundant inrastructure by oloading production reporting workloads and
backups rom the production serer. Data Guard can also automate the
maintenance o test enironments to speed deelopment. Indeed, with Oracle
Database 11g, the .ctire Data Cvara option can enable your organization to
utilize its standby enironment or complete read,write testing while continuing
to capture data changes rom production in case o an outage. Used in
conjunction with Real Application 1esting, organizations can signiicantly
reduce the time and expense o maintaining test enironments or cost eectie
business agility.
Oracle`s adanced architecture also enables a unique eature known as ta.bbac/
1ecbvotog, that is essentially a rewind button or the database. \hile it can be
used to ix human error such as the deletion o a single customer, or to back
out the changes made by an inadertently executed batch job, deelopers
wanting to return a test database to some prior state ater testing, quickly and
without DBA inolement, also use llashback.
low much alue does your business place on the ability to introduce change
into the inormation inrastructure saely and quickly while utilizing all o your
computing resources to their ullest adantage low many years will it take or
Microsot to oer the same capability and can your organization accept the
risk
CONCLUSION
\ith the billions o dollars wasted annually to under-utilized hardware and
database sotware that does not automate complex labor intensie tasks we can
see the truth in the statement that the price o sotware itsel -- whether it's
ree or not -- is so low relatie to the 1CO that it may hae little impact on the
outcome o I1 inestment..` \hile Microsot oers a lower purchase price
than Oracle, in the long run does that not seem inconsequential in light o the
greater alue that Oracle Database 11g brings to an organization Oracle has
been ocused on addressing the real costs and risks built in to today`s I1
inrastructure. 1he risks and cost o maintaining, scaling and changing your
inormation inrastructure are sure to be the most important actors on which
an organization must base its buying decision upon. \hich solution proided
the best support or planned and unplanned outages \hich solution proided
the best tools to maintain a strong quality o serice \hich solution proides
improed disaster recoery preparedness, lowers testing and inrastructure
expenses and enables incremental growth \e are conident that the answer is
Determining Database VaIue: OracIe Database 11g Compared to SQL Server 2008Page 16
Oracle Database 11g. Let Oracle help your organization understand the alue
Oracle Database 11g can delier to your business.
Determining Database VaIue: OracIe Database 11g Compared to SQL Server 2008Page
August 2008
Author: CharIes Garry
OracIe Corporation
WorId Headquarters
500 OracIe Parkway
Redwood Shores, CA 94065
U.S.A.
WorIdwide Inquiries:
Phone: +1.650.506.7000
Fax: +1.650.506.7200
oracIe.com
Copyright 2008, OracIe. AII rights reserved.
This document is provided for information purposes onIy and the
contents hereof are subject to change without notice.
This document is not warranted to be error-free, nor subject to any
other warranties or conditions, whether expressed oraIIy or impIied
in Iaw, incIuding impIied warranties and conditions of merchantabiIity
or fitness for a particuIar purpose. We specificaIIy discIaim any
IiabiIity with respect to this document and no contractuaI obIigations
are formed either directIy or indirectIy by this document. This document
may not be reproduced or transmitted in any form or by any means,
eIectronic or mechanicaI, for any purpose, without our prior written permission.
OracIe is a registered trademark of OracIe Corporation and/or its affiIiates.
Other names may be trademarks of their respective owners.