May 21, 2009

CarrAmerica Conference Center
4400 Rosewood Drive
Pleasanton, CA 94588


See directions to the conference location near the bottom of this page.


8:00 - 9:00 Registration and Continental Breakfast - Refreshments Served
9:00 - 9:30 General Session and Welcome - Hanan Hit, NoCOUG President
9:30 - 10:30 Keynote: For Developers: Making Friends with the Oracle Database - Cary Millsap, Method-R
10:30 - 11:00 Break
  Auditorium Tassajara Diablo
11:00 - 12:00
Session 1
Thinking Clearly About Performance
by Cary Millsap, Method-R
Oracle Database Vault: Application Data Security and Regulatory Compliance
by Kamal Tbeileh, Oracle
The Fusion Development Framework - an Oracle ADF 11g Overview
by Juan Ruiz, Oracle
12:00 - 1:00 Lunch
1:00 - 2:00
Session 2
The SAN is guilty... until proven otherwise!!!!!
(Part 1)

by Gaja Krishna Vaidyanatha, DBPerfMan LLC
Troubleshooting Streams
by Chen Shapira, Hewlett Packard
Passwords in Oracle
by Slavik Markovich, Sentrigo
2:00 - 2:30 Break and Refreshments
Last chance to visit the vendors
2:30 - 3:30
Session 3
The SAN is guilty... until proven otherwise!!!!!
(Part 2)

by Gaja Krishna Vaidyanatha, DBPerfMan LLC
End-to-End Metrics for Troubleshooting and Monitoring
by Dave Abercrombie, Convio
A Hitchhiker's View of the Oracle Underground
by Raghav Vinjamuri, UCSC Extension
3:30 - 4:00 Raffle
In the vendor area.
4:00 - 5:00
Session 4
Oracle Application Express - Developing Secure Applications
by Scott Spadafore, Oracle
Oracle Database 10gR2: An Enlightened Revisit (before we give up and move to 11g!)
by John Kanagaraj, DB Soft Inc.
DBA's Guide to Physical Dataguard II
by Ahbaid Gaffoor, Amazon.com
5:00 - ??? NoCOUG Networking and No Host Happy Hour at FAZ Restaurant (bar area), 5121 Hopyard Road, Pleasanton. 925-460-0444
(Directions: Leaving the conference, Head west on Rosewood Dr toward Owens Dr 0.6 mi. Turn right at Owens Dr 0.2 mi. Turn left at Hacienda Dr 0.3 mi. Turn right at Gibraltar Dr 0.5 mi. Turn right at Hopyard Rd.)

Mark your calendar for NoCOUG's Summer Conference:
August 20, 2009 at Chevron in San Ramon.



Speaker Abstracts for Spring Conference


“For Developers: Making Friends with the Oracle Database” - Cary Millsap, Method-R

To many application developers, a database is just a "data store" with an API that they call when they need to persist an object. It's an abstraction that makes sense from one perspective: in a world where you're expected to write dozens of new features every day in Java, PHP, or C#, who has the time or the inclination to dive into what's going on deep inside the Oracle Database? As a result of this abstraction, though, developers sometimes inflict unintended performance horrors upon their customers.

The good news is that you can avoid most of these horrors simply by better understanding a bit more about what's going on inside the Oracle kernel. The trick is knowing which details you need to study, and which you can safely learn later. This presentation describes, from a developer's perspective, the most important code paths inside the Oracle kernel that can make the difference between an application that breaks down under load and one that can scale to thousands of users.

- Which Oracle kernel code paths are the most important for a developer to understand?
- How do these code paths work?
- How does understading these code paths make you a better developer?
- How can a developer measure his own impact upon the load of a system?

“Thinking Clearly About Performance” - Cary Millsap, Method-R

Cary Millsap describes the fundamentals of performance in a session designed to put DBAs and developers alike onto the right path of thinking clearly about the speed of software and how to manage it.

“The SAN is guilty... until proven otherwise!!!!! (Part 1&2)” - Gaja Krishna Vaidyanatha, DBPerfMan LLC

Oracle Performance Management has a reputation of being part science, part art, and mostly wizardry. A system plagued with the fundamental problem of a poorly configured SAN, is guaranteed to exacerbate any application-level problems with inconsistent I/O service times. The lack of reliable I/O from your system's infrastructure will result in poor application response times. Diagnosing storage sub-system performance issues takes time, organization, discipline and a methodical approach. The configuration and performance of the various layers of storage sub-system needs to be understood and unraveled. This talk shares with you the core principles of storage performance management, including the methodology utilized to determine, investigate, and implement "meaningful solutions" to real-world storage sub-system performance problems. This talk will not only discuss the relevant concepts but also provide case studies that go into the required technical details.

* What is Oracle Performance Management?
* What is a SAN - Layers, Components?
* How to diagnose SAN issues?
* Methodology
* Key Metrics
* Best Practices
* Conclusion

* Knowledge of the Oracle Database Architecture
* Operating System Fundamentals
* Understanding of storage basics

“Oracle Application Express - Developing Secure Applications” - Scott Spadafore, Oracle

Oracle Application Express offers several built-in features which promote application security. We will explore how Oracle Application Express developers can build applications hardened against common security threats including cross-site scripting and SQL injection. In addition we will demonstrate the use of the Session State Protection feature which focuses on preventing adventurous or malicious users from tampering with URLs and manipulating other program inputs in ways that cause an application to behave in ways contrary to the developer's intention. Finally, we'll look at some new security features having to do with session expiration, encrypted session state, and password security.

“Oracle Database Vault: Application Data Security and Regulatory Compliance” - Kamal Tbeileh, Oracle

Applications represent the weakest security link in most organizations, and hence the most targeted by hackers and auditors alike. Oracle Database Vault is a real-time security policy engine inside the Oracle Database that protects sensitive application data at the source. With Database Vault, all users including privileged users are prevented from unauthorized application data access or by-passing application security policies. Database Vault requires no changes to existing applications, and comes with extensible pre-defined policies for PeopleSoft, E-Business Suite, Siebel CRM and other applications. Learn how you can increase the ROI on your Oracle Database by using Database Vault to enforce separation of duties, least privilege, and other preventive database controls for increased data privacy and regulatory compliance.

“Troubleshooting Streams” - Chen Shapira, Hewlett Packard

Streams are Oracle's preferred method of data replication. Streams are flexible, powerful and easy to setup. However, like any powerful technology, streams require careful design, correct configuration and specialized knowledge for maintenance, monitoring and troubleshooting. In this session, Oracle Ace Chen Shapira will demonstrate her approach to successful streams implementations. From design and configuration to tuning and troubleshooting.

“End-to-End Metrics for Troubleshooting and Monitoring” - Dave Abercrombie, Convio

Oracle provides an API to "tag" a session with descriptive strings from your application. These tags are exposed in V$SESSION, which provides a real-time window into session activity or status. In addition, these session-level tags get copied into Oracle's diagnostics such as ASH and AWR, where they provide essential context for troubleshooting. These tags can also be used to trigger tracing events. This API is available in PL/SQL ("dbms_application_info"), JDBC ("End-to-End Metrics"), and OCI.

This paper provides practical advice, based on years of real-world usage, to help you get the most out of this API. For example, effective use of this API requires several compromises and balancing decisions:
* The tags should be at an appropriate level of detail: not as low as individual SQL statements (which are already known by SQL_ID), and not so high that necessary detail is lost.
* The tags must be rather short (32, 48, or 64 characters), so brevity is important.
* Not all tags get swept up into all diagnostic tables, so it is non-trivial to decide which ones to use.

Use of this API can help improve communication between developers and DBAs. Overhead costs of this API will also be presented.

“Oracle Database 10gR2: An Enlightened Revisit (before we give up and move to 11g!)” - John Kanagaraj, DB Soft Inc.

There is usually a significant gap between the "New features" books and articles that accompany the first Release of a new database version and the consolidation and extension that occurs in Release 2 of that same product. This is true in the case of Oracle Database 10g Release 2, and information on new and useful (but underutilized) features reaches the user community in bits and pieces. As a result, we tend to utilize information purely from the "first revelation" and loose out on both the new features from the more stable Release 2 as well as features overlooked in the first release.

In this presentation, we will try and consolidate most of this information, specifically related to performance monitoring and tuning in Oracle Database 10g Release 2 as well as the underutilized features of Release 1. We will also point to resources, including documentation that will help us maximize our investment in Oracle Database 10gR2 before we give up and move onto Oracle Database 11gR1.

“The Fusion Development Framework - an Oracle ADF 11g Overview” - Juan Ruiz, Oracle

This session provides an overview of the new Oracle Application Development Framework (Oracle ADF) 11g release. A framework that simplifies the development of Java-based applications with built-in solutions to simplify the creation of both business services and user interfaces, Oracle ADF, with Oracle JDeveloper, provides a visual and declarative development approach that provides unparalleled productivity for building enterprise applications. Oracle ADF is the framework at the base of Oracle's upcoming Fusion Applications and has been used by multiple organizations to increase their development productivity.

“Passwords in Oracle” - Slavik Markovich, Sentrigo

One of the first attack vectors a hacker will try is attacking the password. Passwords in Oracle are stored in tables, memory, application servers, OS and client machines. In this presentation we will show different ways in which an attacker will try to obtain and abuse passwords, talk about different password storing algorithms and demonstrate some free tools. We will also discuss best practices around password selection and testing.

“A Hitchhiker's View of the Oracle Underground” - Raghav Vinjamuri, UCSC Extension

There is an underutilized expanse of powerful tools, tips and techniques that constitute the "underground secrets" of proactive Oracle maintenance. We will discuss a tools and tips encompassing sustaining operations including diverse topics such as configuration management techniques; and, the familiar yet lightly trodden paths of oradebug.

“DBA's Guide to Physical Dataguard II” - Ahbaid Gaffoor, Amazon.com

Let's quickly recap and resume where we left off the basics of physical dataguard. In this session we will cover setup and configuration of the dataguard availability modes, we will also look at configuration of the data guard broker and fast start fail over.


If you have suggestions for future meetings or would like to offer feedback on previous conferences, then please complete our online survey or send us an email.

Area Map and Driving Directions to the conference.

BART/Bus Information

From BART -
Take Bus 1B from BART and this will drop you off at the CarrAmerica Corporate Center property in the morning. Bus stops are located on Rosewood Drive across from the Conference Center at 4400.

To BART - Bus 1A will take you from the CarrAmerica Corporate Center to BART in the afternoon. Bus stops are located on Rosewood Drive across the street from the Conference Center at 4400.

For a map and schedules, see wheelsline01.pdf and www.bart.gov.

Copyright © 2009 NoCOUG.  All rights reserved.