Skip navigation

This is to share the results of our recent research on whether and when Oracle database 12.2 will be supported on ODA platform.

 

As of January 6, 2018 the answer is two pronged - if you are lucky enough to have ODA X7-2 then Database 12.2 is already supported and it could be downloaded and deployed with or upgraded to ODA bundle 12.2.1.1.0 as needed.

 

For everybody else, that is for the owners of ODAs X6-2 and older Oracle DB 12.2 is still a thing from the future as there is no ODA bundle at the moment that will bring 12.2 to older ODA hardware.

While the different estimates have being given for it to happen the time frame seems to be February-March, again as the most likely.

Admittedly, 2018 has managed to start with one really Big Bang event as ever more dramatic security vulnerabilities had been disclosed for practically every smartphone, tablet , laptop. PC, on-prem server or a cloud server that is currently in use.

To make things even worse those newly disclosed vulnerabilities would not leave any trace if they were exploited.

Finally, as if all of it wasn't enough, the core of the problem lays within the modern Intel chip design - meaning that real fix would require a hardware replacement , not a software bug fix !

 

Yes, we are talking about Meltdown and Spectre vulnerabilities here as every responsible Exadata owner could be scrambling to understand how much this Modern Intel Chip Armageddon (MICA) could impact their environments.

While the jury is still out there on the final determination of the impact there are some strong indicators that things may not be as ugly as they sound.

 

For  the starters, Oracle Engineered systems are expected to be treated as appliances or as Oracle marketing department would be saying  "Hardware and Software Engineered to Work Together".

This is rather an important line here as on the appliances such as ODA you could barely put any third party package - even Oracle Linux kernel fix, without written permission from Oracle Support.

 

ZDLRA machine won't be that much behind ODA with that requirement, followed by Exadata and then Exalogic.

Indeed, customers are allowed to install third party products on Exadata compute nodes; although not on the storage cells or IB switches once again.

 

In short -  the majority of all Exadata environments would only have software from Oracle Corp and possibly from other trusted vendors.

That along diminishes the risk of somebody's exploiting Meltdown and Spectre vulnerabilities on Exadata and other Oracle Engineered Systems a lot.

 

Additionally, some of Oracle Engineered systems support Ksplice, for example Exadata and ODA.

Ksplice is a major differentor between Red Hat Enterprise Linux  (RHEL) and Oracle Enterprise Linux (OEL) that could come handy in the situations when OS kernel need to be updated without incurring downtime.

While Ksplice won't address the Meldown or Spectre or any other individual vulnerability  - activating Ksplice would allow Exadata owners to apply future kernel fixes and updates without a downtime.

More on Ksplice could be found in this MOS article:

HOWTO: Install ksplice kernel updates for Exadata Database Nodes (Doc ID 2207063.1)

 

For the actual remediation of the current issues, looks that it will first come in the form of software workarounds in the OS kernel.

These MOS documents below could be used to track the progress on the fixes availability and for the customer's that need to be more proactive a security / vulnerability SR could be created for each Oracle Engineered system type in the environment. That way each customer with security / vulnerability SRs will be notified as soon as an approved fix / workaround is available.

 

How to research Common Vulnerabilities and Exposures (CVE) for Exadata packages (Doc ID 2256887.1)

Responses to common Exadata security scan findings (Doc ID 1405320.1)

 

While not much could be done to address Meltdown and Spectre vulnerabilities on Exadata at the time of this writing it could be a good idea and a reminder to review the section of Exachk reports that outlines discovered security gaps as well as to consider reviewing and strengthening Exadata / Exalogic / ZDLRA / ODA security beyond the levels provided by their typical deployments.

 

As one could say these are the days to Keep Calm and Keep Securing Exadata (among other systems)