Google, Mozilla, and Apple choosing to no longer support Entrust as a publicly trusted certificate authority

Google, Mozilla, and Apple have all decided to stop trusting Entrust’s publicly issued certificates after specific cutoff dates, due to long-standing compliance issues.

Why the Distrust?

Browsers depend on Certificate Authorities (CAs) to uphold stringent security and industry standards. Entrust repeatedly failed to comply—examples include delay in revoking misissued certificates, poor incident reporting, and administrative errors. This pattern of “compliance failures” led browsers to lose confidence in Entrust’s ability to act responsibly and transparently.

Organization	Affected Certificates	Cutoff Date	Notes
Google Chrome	TLS certificates with Signed Certificate Timestamp (SCT) post-issue date	November 11, 2024	Entrust roots not trusted in Chrome Root Program for certs issued after Oct 31, 2024 (Entrust, DigiCert, The Wall Street Journal, Cloudflare Docs, The Cloudflare Blog, Enterprise Security Tech)
Apple (Safari and Root Store)	TLS, S/MIME, Timestamping, VMCs issued after specific date	November 15, 2024	Doesn’t affect certs issued on or before that date; broader certificate types impacted (Entrust, DigiCert)
Mozilla Firefox	TLS certificates via Entrust roots	November 30, 2024	Distrust due to repeated compliance issues and insufficient corrective action (Google Groups, Encryption Consulting, DigiCert, Wikipedia)

What This Means for Users

• Old Entrust Certificates Still Valid – Certificates issued on or before the cutoff dates will remain trusted until their natural expiry.

• New Entrust Certificates Likely to Fail – Certificates issued after the specified cutoff dates will trigger browser warnings or outright blockage.

For example:

• Chrome rejects SCT-dated Entrust certificates after Nov 11, 2024.

• Apple’s platforms (like Safari) reject Entrust TLS/S‑MIME certs issued after Nov 15, 2024.

• Firefox stops trusting Entrust-issued TLS certs from Nov 30, 2024. 

Entrust’s Reaction & Alternatives

Entrust publicly announced that certificates issued prior to the cutoff remain valid, and they’re working on fixing their internal processes—such as adding linting tools, establishing a change control board, and bolstering audit transparency.

Meanwhile, they’ve partnered with SSL.com to issue new certificates on Entrust’s behalf—that still rely on SSL.com roots to maintain browser trust. Cloudflare even enabled SSL.com certificates to ease migration.

--> Certificates issued before 31/10/2024 will remain valid. Certificate issued after 31/10/2024 will be no longer trusted by Google.

--> "Entrust made no moves to revoke or replace the affected certificates."

Summary

Google, Mozilla, and Apple have withdrawn trust in Entrust’s public roots, but each did so at slightly different times and with varying scopes:

• Chrome/Google — bye to Entrust-issued TLS certs after Nov 11, 2024.

• Apple/Safari — blocks wider certificate types (TLS, S/MIME, VMCs) after Nov 15, 2024.

• Firefox/Mozilla — distrust kicks in end-Nov 2024.

Entrust’s existing certificates issued before those dates remain valid. For new issuance, organizations should migrate to trusted alternatives—like SSL.com or DigiCert—to avoid browser compatibility issues.

Find rdf file name from EBS Concurrent Program

 

1) Go to system administrator > Concurrent > Program > Define.

Search for the program name and copy the executable name.

2) Use below query and paste the executable name.

SELECT APPLICATION_NAME,'$'||BASEPATH||'/'||'reports/US' Reports_Path,EXECUTION_FILE_NAME FROM APPS.FND_EXECUTABLES_VL A, APPS.FND_APPLICATION_VL B WHERE EXECUTION_METHOD_CODE='P' AND A.APPLICATION_ID=B.APPLICATION_ID AND EXECUTION_FILE_NAME like '%&RDF_NAME%';

General Queries

 SELECT 

    owner, 

    segment_name AS table_name,

    ROUND(SUM(bytes) / 1024 / 1024 / 1024, 2) AS size_gb

FROM 

    dba_segments

WHERE 

    segment_type = 'TABLE'

    AND segment_name in ('FV_GTAS1_PERIOD_BALANCES_V_BKPSK','FV_DACT_PERIOD_BALANCES_V_BKPSK','FV_DACT_ENDING_BALANCES_BKPSK','FV_GTAS_ENDING_BALANCES_BKPSK')

    AND owner = ('HHSBKP')

GROUP BY 

    owner, segment_name;

Size of the objects in Tablespace

SELECT

    owner,

    segment_name,

    segment_type,

    tablespace_name,

    ROUND(SUM(bytes) / 1024 / 1024/1024, 2) AS size_GB

FROM

    dba_segments

WHERE

    tablespace_name = 'UFMSD'

GROUP BY

    owner, segment_name, segment_type, tablespace_name

ORDER BY

    size_GB DESC;

Include Total and Used Space for That Tablespace:

SELECT

    df.tablespace_name,

    ROUND(df.total_space_mb, 2) AS total_space_mb,

    ROUND(NVL(fs.free_space_mb, 0), 2) AS free_space_mb,

    ROUND(df.total_space_mb - NVL(fs.free_space_mb, 0), 2) AS used_space_mb,

    ROUND((NVL(fs.free_space_mb, 0) / df.total_space_mb) * 100, 2) AS free_percent

FROM

    (SELECT

         tablespace_name,

         SUM(bytes) / 1024 / 1024 AS total_space_mb

     FROM

         dba_data_files

     WHERE

         tablespace_name = 'YOUR_TABLESPACE_NAME'

     GROUP BY

         tablespace_name) df

LEFT JOIN

    (SELECT

         tablespace_name,

         SUM(bytes) / 1024 / 1024 AS free_space_mb

     FROM

         dba_free_space

     WHERE

         tablespace_name = 'YOUR_TABLESPACE_NAME'

     GROUP BY

         tablespace_name) fs

ON

    df.tablespace_name = fs.tablespace_name;

SELECT name, total_mb/1024, free_mb/1024, usable_file_mb/1024, offline_disks 

FROM v$asm_diskgroup 

WHERE name = 'DATAC1';

SELECT type, SUM(bytes)/1024/1024/1024 AS size_gb

FROM v$asm_file

WHERE group_number = (SELECT group_number FROM v$asm_diskgroup WHERE name = 'DATAC1')

GROUP BY type;

ETCC

 1001  2025-06-25.14:32:16 ls -ltr *env

 1002  2025-06-25.14:32:21 . DRAM5I_EBSDE3.env

 1003  2025-06-25.14:32:31 mkdir -p $ORACLE_HOME/appsutil/ETCC

 1004  2025-06-25.14:32:40 cd $ORACLE_HOME/appsutil/ETCC

 1005  2025-06-25.14:32:49 unzip -o /ood_repository/RAM/Patches/CPU/Jan2025/p17537119_R12_GENERIC.zip

 1006  2025-06-25.14:33:06 source $ORACLE_HOME/DRAM5I_lufRAMfexanpq1-ram5g2.env

 1007  2025-06-25.14:33:18 ./checkDBpatch.sh

 1008  2025-06-25.14:34:07 more /u02/app/oracle/product/19.0.0.0/dbhome_2/appsutil/ETCC/log/checkDBpatch_118863.log

Terraform template to deploy a complete VCN setup in Oracle Cloud Infrastructure (OCI)

Terraform template to deploy a complete VCN setup in Oracle Cloud Infrastructure (OCI). It includes:

## VCN

### Public and Private Subnets

## Internet Gateway

### NAT Gateway

## Service Gateway

### Route Tables

## Security Lists

### Optional compute instance placeholders

provider "oci" {

  region       = var.region

  tenancy_ocid = var.tenancy_ocid

  user_ocid    = var.user_ocid

  fingerprint  = var.fingerprint

  private_key_path = var.private_key_path

}

# Create VCN

resource "oci_core_virtual_network" "vcn" {

  cidr_block     = "10.0.0.0/16"

  compartment_id = var.compartment_id

  display_name   = "my-vcn"

  dns_label      = "myvcn"

}

# Internet Gateway

resource "oci_core_internet_gateway" "ig" {

  compartment_id = var.compartment_id

  vcn_id         = oci_core_virtual_network.vcn.id

  display_name   = "my-igw"

  is_enabled     = true

}

# NAT Gateway

resource "oci_core_nat_gateway" "nat" {

  compartment_id = var.compartment_id

  vcn_id         = oci_core_virtual_network.vcn.id

  display_name   = "my-nat"

}

# Service Gateway

resource "oci_core_service_gateway" "svc_gateway" {

  compartment_id = var.compartment_id

  vcn_id         = oci_core_virtual_network.vcn.id

  services {

    service_id = data.oci_core_services.all_services.services[0].id

  }

  display_name = "my-service-gw"

}

data "oci_core_services" "all_services" {

  filter {

    name   = "name"

    values = ["All .* Services In Oracle Services Network"]

    regex  = true

  }

}

# Public Subnet

resource "oci_core_subnet" "public_subnet" {

  cidr_block        = "10.0.0.0/24"

  compartment_id    = var.compartment_id

  vcn_id            = oci_core_virtual_network.vcn.id

  display_name      = "public-subnet"

  dns_label         = "pubsubnet"

  route_table_id    = oci_core_route_table.public_rt.id

  security_list_ids = [oci_core_security_list.public_sl.id]

  prohibit_public_ip_on_vnic = false

}

# Private Subnet

resource "oci_core_subnet" "private_subnet" {

  cidr_block        = "10.0.1.0/24"

  compartment_id    = var.compartment_id

  vcn_id            = oci_core_virtual_network.vcn.id

  display_name      = "private-subnet"

  dns_label         = "privsubnet"

  route_table_id    = oci_core_route_table.private_rt.id

  security_list_ids = [oci_core_security_list.private_sl.id]

  prohibit_public_ip_on_vnic = true

}

# Route Table for Public Subnet

resource "oci_core_route_table" "public_rt" {

  compartment_id = var.compartment_id

  vcn_id         = oci_core_virtual_network.vcn.id

  display_name   = "public-rt"

  route_rules {

    destination       = "0.0.0.0/0"

    destination_type  = "CIDR_BLOCK"

    network_entity_id = oci_core_internet_gateway.ig.id

  }

}

# Route Table for Private Subnet

resource "oci_core_route_table" "private_rt" {

  compartment_id = var.compartment_id

  vcn_id         = oci_core_virtual_network.vcn.id

  display_name   = "private-rt"

  route_rules {

    destination       = "0.0.0.0/0"

    destination_type  = "CIDR_BLOCK"

    network_entity_id = oci_core_nat_gateway.nat.id

  }

  route_rules {

    destination       = data.oci_core_services.all_services.services[0].cidr_block

    destination_type  = "SERVICE_CIDR_BLOCK"

    network_entity_id = oci_core_service_gateway.svc_gateway.id

  }

}

# Security List for Public Subnet

resource "oci_core_security_list" "public_sl" {

  compartment_id = var.compartment_id

  vcn_id         = oci_core_virtual_network.vcn.id

  display_name   = "public-security-list"

  ingress_security_rules {

    protocol = "6"

    source   = "0.0.0.0/0"

    tcp_options {

      min = 22

      max = 22

    }

  }

  egress_security_rules {

    protocol = "all"

    destination = "0.0.0.0/0"

  }

}

# Security List for Private Subnet

resource "oci_core_security_list" "private_sl" {

  compartment_id = var.compartment_id

  vcn_id         = oci_core_virtual_network.vcn.id

  display_name   = "private-security-list"

  ingress_security_rules {

    protocol = "6"

    source   = oci_core_subnet.public_subnet.cidr_block

    tcp_options {

      min = 22

      max = 22

    }

  }

  egress_security_rules {

    protocol = "all"

    destination = "0.0.0.0/0"

  }

}

================

Save the files as main.tf and variables.tf.

Run:

bash

terraform init

terraform plan

terraform apply

You’ll be prompted for values (or set them via a terraform.tfvars file).

Virtual Cloud Network - Networking Constructs

 

Simple Architecture:

Oracle Cloud Infrastructure (OCI) – VCN Networking Constructs

In Oracle Cloud Infrastructure (OCI), a VCN (Virtual Cloud Network) is the foundational networking component that allows you to securely connect and isolate cloud resources like compute instances, databases, and load balancers.

What is a VCN in OCI?

A VCN (Virtual Cloud Network) is a software-defined private network that closely resembles a traditional on-premises network, including subnets, route tables, gateways, and firewall rules. It is region-specific and highly configurable.

Example Architecture:

OCI’s Virtual Cloud Network (VCN) allows you to build isolated, secure, and highly configurable networks in the cloud. Below are the key constructs used in OCI VCNs:

---

1. VCN (Virtual Cloud Network)

• A customizable, private network in a specific OCI region.

• CIDR block range: /16 to /30, e.g., 10.0.0.0/16.

• Supports multiple subnets and regional architecture.

---

2. Subnets

• Regional (not tied to availability domains).

• Two types:

  • Public Subnet: Associated with Internet Gateway; resources can be publicly accessible.

  • Private Subnet: No internet access; used for internal workloads.

---

3. Route Tables

• Define how traffic is routed from the subnet.

• Each subnet is associated with a single route table.

• Common targets:

  • Internet Gateway for public access

  • NAT Gateway for outbound access from private subnets

  • Service Gateway for OCI services (e.g., Object Storage)

  • Dynamic Routing Gateway (DRG) for on-premises or remote VCN connectivity

---

4. Internet Gateway (IG)

• Enables outbound and inbound internet traffic for public subnets.

• Must be added to the route table for use.

---

5. NAT Gateway

• Allows private subnet instances to access the internet for outbound-only communication.

• Keeps the resources not directly reachable from the internet.

---

6. Service Gateway

• Allows private subnets to access OCI services (like Object Storage) without using the internet.

• Traffic stays within the OCI network backbone.

---

7. Dynamic Routing Gateway (DRG)

• Connects a VCN with:

  • On-premises network over IPSec VPN

  • FastConnect (dedicated private connection)

  • Other VCNs (remote peering)

• Essential for hybrid and multi-region cloud setups.

---

8. Local and Remote Peering

• Local Peering: Connects two VCNs within the same region.

• Remote Peering: Connects VCNs across regions via DRG and RPC (Remote Peering Connection).

---

9. Security Lists

• Stateless or stateful firewall rules applied at the subnet level.

• Specify source/destination CIDRs, protocols, and ports.

• Less granular than NSGs.

---

10. Network Security Groups (NSGs)

• Apply firewall rules to individual resources (like compute instances or load balancers).

• Allow resource-level access control.

• Preferred over security lists for more precise configurations.

---

11. Public IPs

• Two types:

  • Ephemeral: Temporary, attached at instance launch.

  • Reserved: Static and can be attached/detached from resources.

---

Example: Simple OCI VCN Setup

Components:

• VCN: 10.0.0.0/16

• Public Subnet: 10.0.0.0/24 with IGW

• Private Subnet: 10.0.1.0/24 with NAT Gateway

• Internet Gateway

• NAT Gateway

• Route Tables (2): One for public, one for private subnet

• Security Lists or NSGs to control access

• Service Gateway for private access to OCI services

---

 Terraform Snippet (Example)

resource "oci_core_virtual_network" "vcn" {
  cidr_block = "10.0.0.0/16"
  compartment_id = var.compartment_id
  display_name = "my-vcn"
}

resource "oci_core_internet_gateway" "igw" {
  compartment_id = var.compartment_id
  display_name = "my-internet-gateway"
  vcn_id = oci_core_virtual_network.vcn.id
  is_enabled = true
}

Script to generate PNG image:

import matplotlib.pyplot as plt

import matplotlib.patches as patches

fig, ax = plt.subplots(figsize=(14, 10))

ax.set_xlim(0, 120)

ax.set_ylim(0, 110)

ax.axis('off')

# VCN

vcn = patches.Rectangle((5, 15), 90, 85, linewidth=2, edgecolor='blue', facecolor='lightblue')

ax.add_patch(vcn)

ax.text(50, 105, "VCN: 10.0.0.0/16", fontsize=14, ha='center', weight='bold')

# Public Subnet

public_subnet = patches.Rectangle((10, 75), 35, 20, linewidth=1.5, edgecolor='green', facecolor='lightgreen')

ax.add_patch(public_subnet)

ax.text(27.5, 93, "Public Subnet\n10.0.0.0/24", ha='center', fontsize=10)

# Private Subnet

private_subnet = patches.Rectangle((55, 75), 35, 20, linewidth=1.5, edgecolor='orange', facecolor='moccasin')

ax.add_patch(private_subnet)

ax.text(72.5, 93, "Private Subnet\n10.0.1.0/24", ha='center', fontsize=10)

# Instances

ax.text(20, 85, "Web Server\n(Public IP)", fontsize=9, ha='center')

ax.plot(20, 82, marker='s', markersize=10, color='darkgreen')

ax.text(30, 85, "Bastion Host", fontsize=9, ha='center')

ax.plot(30, 82, marker='s', markersize=10, color='darkgreen')

ax.text(65, 85, "App Server", fontsize=9, ha='center')

ax.plot(65, 82, marker='s', markersize=10, color='darkorange')

ax.text(80, 85, "DB Server", fontsize=9, ha='center')

ax.plot(80, 82, marker='s', markersize=10, color='darkorange')

# Gateways

ax.text(20, 55, "Internet Gateway", fontsize=9, ha='center')

ax.plot(20, 52, marker='o', markersize=10, color='blue')

ax.text(80, 55, "NAT Gateway", fontsize=9, ha='center')

ax.plot(80, 52, marker='o', markersize=10, color='purple')

ax.text(50, 30, "Service Gateway", fontsize=9, ha='center')

ax.plot(50, 27, marker='o', markersize=10, color='gray')

# DRG, VPN, FastConnect, On-Prem

ax.text(100, 80, "DRG", fontsize=10, ha='center', weight='bold')

ax.plot(100, 77, marker='o', markersize=12, color='black')

ax.text(100, 65, "IPSec VPN", fontsize=9, ha='center')

ax.plot(100, 62, marker='D', markersize=8, color='teal')

ax.text(100, 50, "FastConnect", fontsize=9, ha='center')

ax.plot(100, 47, marker='D', markersize=8, color='gold')

ax.text(115, 70, "On-Premises\nNetwork", fontsize=9, ha='center')

ax.plot(115, 67, marker='s', markersize=12, color='brown')

# Arrows

ax.annotate("", xy=(20, 75), xytext=(20, 52), arrowprops=dict(arrowstyle="->"))

ax.annotate("", xy=(80, 75), xytext=(80, 52), arrowprops=dict(arrowstyle="->"))

ax.annotate("", xy=(65, 75), xytext=(50, 27), arrowprops=dict(arrowstyle="->"))

# DRG arrows

ax.annotate("", xy=(90, 80), xytext=(100, 77), arrowprops=dict(arrowstyle="->"))

ax.annotate("", xy=(100, 77), xytext=(100, 62), arrowprops=dict(arrowstyle="->", color='teal'))

ax.annotate("", xy=(100, 77), xytext=(100, 47), arrowprops=dict(arrowstyle="->", color='gold'))

ax.annotate("", xy=(100, 62), xytext=(115, 67), arrowprops=dict(arrowstyle="->", color='brown'))

ax.annotate("", xy=(100, 47), xytext=(115, 67), arrowprops=dict(arrowstyle="->", color='brown'))

# Save to file

plt.tight_layout()

plt.savefig("oci_vcn_architecture.png", dpi=300)

plt.show()

Script to find the errors under specific directory

 script to find the errors under $FMW_HOME/user_projects/domains/EBS_domain/servers/

#!/bin/bash

# Set the base log directory

LOG_DIR="$FMW_HOME/user_projects/domains/EBS_domain/servers"

# Define output file

OUTPUT_FILE="fmw_error_report_$(date +%Y%m%d_%H%M%S).log"

# Print starting message

echo "Searching for errors under: $LOG_DIR"

echo "Results will be saved to: $OUTPUT_FILE"

# Find and search all relevant log files

find "$LOG_DIR" -type f -name "*.log" | while read -r file; do

    grep -Ei "ERROR|Exception|SEVERE" "$file" >> "$OUTPUT_FILE"

done

# Print completion message

echo "Search complete. Found errors are logged in: $OUTPUT_FILE"

Upgrade to Oracle Database 23ai for the latest capabilities, long-term support & support for next-generation applications

Upgrading to Oracle Database 23ai (previously referred to as Oracle 23c) involves several important steps and considerations, particularly since it's a long-term support (LTS) release with significant new features focused on AI integration, JSON relational duality, enhancements to developer productivity, and support for next-generation applications.

Key Considerations Before Upgrading

Check Compatibility:

Ensure your current version is eligible for a direct upgrade (Oracle supports direct upgrade from 19c and later).

Upgrade Paths for Oracle Database 23ai

Flow:

Use Oracle’s Database Pre-Upgrade tool (autoupgrade.jar) to assess readiness.

Understand New Features

⦁ AI Vector Search: Integrates with vector databases for generative AI apps.

⦁ JSON Relational Duality: Combines JSON flexibility with relational integrity.

⦁ SQL Enhancements: New syntax and functions for developers.

⦁ Automatic Storage and Performance Tuning Enhancements.

Environment Preparation

⦁ Check Version Compatibility & Run Pre-Upgrade Checks

⦁ Verify Database Integrity, Check for corruption and Ensure DB_BLOCK_CHECKING, DB_LOST_WRITE_PROTECT are appropriately set

⦁ Check for Deprecated & Desupported Features

⦁ Backup your entire database.

⦁ Check Tablespaces and Undo Settings, Ensure enough free space in SYSTEM, SYSAUX, UNDO, TEMP, verify undo retention

⦁ Clean Up Database, Remove unused components and Clean up invalid objects

⦁ Gather Statistics

⦁ Test the upgrade in a non-production environment first.

⦁ Review hardware and OS requirements—Oracle 23ai might need updated system libraries or OS versions.

⦁ Schedule Downtime

                Plan for appropriate downtime & Notify all users and application teams

High-Level Upgrade Steps

1. Download and Install Oracle 23ai Software

Download from Oracle Downloads.

Install the software in a new Oracle Home (don’t overwrite the old installation).

https://www.oracle.com/database/free/

https://container-registry.oracle.com/ords/f?p=113:4:13231839633032:::4:P4_REPOSITORY,AI_REPOSITORY,AI_REPOSITORY_NAME,P4_REPOSITORY_NAME,P4_EULA_ID,P4_BUSINESS_AREA_ID:1863,1863,Oracle%20Database%20Free,Oracle%20Database%20Free,1,0&cs=36CoLngVeCfTqAcdt8kdPDM-LpQVv8Uo3CBH8ErXg0v77WTlB-7wybwTkPbbebs7VLvuHqMB8Nog36SbD-jwehA

2. Run Pre-Upgrade Checks

$ java -jar autoupgrade.jar –version 

⦁ java -jar autoupgrade.jar -mode analyze -sourcehome <OLD_ORACLE_HOME> -targethome <NEW_ORACLE_HOME> -sid <DB_SID>

⦁ Fix any issues identified by the report.

3. Perform the Upgrade

You can do this using AutoUpgrade, DBUA (GUI-based), or manual methods. AutoUpgrade is the preferred method.

---> java -jar autoupgrade.jar -mode deploy -config upgrade_config.cfg

Where upgrade_config.cfg includes parameters like:

global.autoupg_log_dir=/u01/app/oracle/upgradelogs

upg1.source_home=/u01/app/oracle/product/19c

upg1.target_home=/u01/app/oracle/product/23ai

upg1.sid=ORCL

upg1.log_dir=/u01/app/oracle/upgradelogs/ORCL

upg1.upgrade_node=localhost

4. Post-Upgrade Steps

Run dbupgdiag.sql and utlrp.sql to recompile invalid objects.

• Validate application functionality.
• Update statistics and test performance.
• Begin using new features gradually after stability is confirmed.

Post-upgrade tasks

After upgrading to Oracle 23ai, it's essential to perform a series of post-upgrade tasks to ensure your system is stable, optimized, and ready to take advantage of the new features. Here's a checklist of recommended tasks:

1. Validate the Upgrade

Check upgrade logs:

--> catupgrd0.log, autoupgrade logs, or DBUA logs (depending on method).

--> Run dbupgdiag.sql (included in Oracle-supplied scripts) to analyze the upgrade status.

Confirm the new version:

--> SELECT * FROM v$version;

2. Gather Statistics

Gather dictionary stats:

--> EXEC DBMS_STATS.GATHER_DICTIONARY_STATS;

Gather fixed object stats:

-->EXEC DBMS_STATS.GATHER_FIXED_OBJECTS_STATS;

Gather system and object stats if not already done during upgrade:

--> EXEC DBMS_STATS.GATHER_DATABASE_STATS;

3. Recompile Invalid Objects

--> Run the recompilation script:

@$ORACLE_HOME/rdbms/admin/utlrp.sql

Check for invalid objects:

--> SELECT owner, object_name, object_type FROM dba_objects WHERE status = 'INVALID';

4. Test Application Compatibility

⦁ Thoroughly test all applications for performance and compatibility.

⦁ Validate custom PL/SQL, Java code, and any dependencies.

5. Backup the Upgraded Database

Take a full RMAN backup immediately after a successful upgrade:

RMAN> BACKUP DATABASE PLUS ARCHIVELOG;

6. Enable/Review New 23ai Features

Consider enabling features like:

⦁ AI Vector Search (if applicable to your use case).

⦁ JSON Relational Duality Views.

⦁ SQL Enhancements like new syntax or built-in functions.

7. Update Environment Variables and Scripts

Update ORACLE_HOME, PATH, TNS_ADMIN, etc.

Modify any custom scripts, monitoring tools, or backup jobs to point to the new Oracle version paths.

8. Review and Tune Initialization Parameters

Some deprecated/obsolete parameters may need to be removed.

SELECT name, value, isdefault, isdeprecated FROM v$parameter;

9. Remove Obsolete Components (Optional)

Consider removing unused or deprecated components:

SELECT comp_id, comp_name, version, status FROM dba_registry;

10. Enable New Optimizer Features (Optional, After Testing)

Oracle may retain older optimizer behavior for compatibility. Consider explicitly enabling the latest behavior:

ALTER SYSTEM SET optimizer_features_enable='23.0.0' SCOPE=SPFILE;

Source:

https://docs.oracle.com/en/database/oracle/oracle-database/23/fppad/upgrading-oracle-grid-infrastructure-to-a-later-release.html

AutoUpgrade - My Oracle Support Doc ID 2485457.1

Upgrade Paths

From Version Direct Upgrade to 23ai?

19c                  ----->  Yes

18c  ------->  Use intermediate upgrade to 19c first

OCI - Networking draft

Classless Inter-Domain Routing (CIDR):

Classless Inter-Domain Routing (CIDR) allows network routers to route data packets to the respective device based on the indicated subnet. Instead of classifying the IP address based on classes, routers retrieve the network and host address as specified by the CIDR suffix.

Range of IP Addresses (From IP) to (Last IP)

Virtual Cloud Network (VCN):

Reserved IPs:

N/W Address  (192.168.0.0)

Subnet Default Gateway Address - (192.168.0.1)

Broadcast Address - (192.168.0.255)

Finding threshold value of the sequence

 

select * from 

  (

    select

        seq.sequence_owner

      , seq.sequence_name

      , ( select application_name from 

          ( select ord, application_id, application_name from 

            ( select 1 ord, app.application_id, app.application_name

              from apps.fnd_application_vl app

              where app.product_code = substr(seq.sequence_name, 1, instr(seq.sequence_name,'_')-1)

              union

              select 2 ord, app.application_id, app.application_name

              from apps.fnd_oracle_userid fou, apps.fnd_product_installations fpi, apps.fnd_application_vl app

              where fou.oracle_username = seq.sequence_owner 

                and fpi.oracle_id = fou.oracle_id

                and app.application_id = fpi.application_id

            ) order by ord, application_id

          ) where rownum = 1

        ) application_name

      , seq.min_value

      , seq.max_value

      , seq.cache_size

      , seq.last_number

      , round(((seq.last_number-seq.min_value)/(seq.max_value-seq.min_value))*100) "% Range"

    from dba_sequences seq

    where seq.cycle_flag = 'N'

      and seq.max_value > 0

  ) 

where "% Range" >= 10 /* active threshold % */

  and max_value < 2147483648 /* limited range */

  and cache_size > 1000 /* large cache size */

order by cache_size desc;

OCI: Identity and Access Management - Basics

Create Compartment:

Creating Identity Domain

Default Domain:

Note: All Domain Users cant be deleted

Groups

Note: First create the group and assign it to Users

Users:

Who can create users

    a. Tenancy Admin, b. Domain Admin, c. User Manager Admin Role d. Using Policies (allow group domain1/group1 to manage users in tenancy)

a. Create User using Console:

b. Create User using CSV import:

Dynamic Groups

Integrated Applications

Oracle Cloud Services

Jobs

Reports

Security  -->

               

Settings

Notifications

Branding

Managing Group:

a. Collection of Users

b. Simplify Access Management

c. Audit & Compliance

Managing User

Resource manager views for monitoring performance at the PDB level.

 Resource manager views for monitoring performance at the PDB level.

--> V$RSRC_CONS_GROUP_HISTORY displays a history of consumer group statistics for each entry in V$RSRC_PLAN_HISTORY that has a non-NULL plan.

--> V$RSRC_CONSUMER_GROUP displays data related to currently active resource consumer groups.

--> V$RSRC_CONSUMER_GROUP_CPU_MTH displays all resource allocation methods defined for resource consumer groups.

--> V$RSRC_PDB displays data related to currently active resource consumer groups by pluggable database (PDB).

--> V$RSRC_PDB_HISTORY displays a history of consumer group statistics for each entry in V$RSRC_PDB that has a non-NULL plan by pluggable database (PDB).

--> V$RSRC_PLAN displays the names of all currently active resource plans.

--> V$RSRC_PLAN_CPU_MTH displays all available CPU resource allocation methods defined for resource plans.

--> V$RSRC_PLAN_HISTORY displays a history of when a resource plan was enabled, disabled, or modified on the instance. Up to 15 of the most recent entries are shown. Once the database is opened, this view shows at least one row. The row with the most recent START_TIME and with END_TIME equal to NULL gives information about the current resource plan.

--> V$RSRC_SESSION_INFO displays Resource Manager statistics per session.

--> V$RSRCPDBMETRIC displays information about resources consumed and wait times per PDB.

--> V$RSRCMGRMETRIC_HISTORY displays a history (the last one hour) of resource manager metrics, taken from V$RSRCMGRMETRIC. When a resource plan is set, this history is cleared and restarted. This view provides information about resources consumed and wait times per consumer group.

--> V$RSRCPDBMETRIC displays information about resources consumed and wait times per PDB.

--> V$RSRCPDBMETRIC_HISTORY displays a history (the last one hour) of resource manager metrics for a PDB, taken from V$RSRCPDBMETRIC. When a resource plan is set, this history is cleared and restarted. This view provides information about resources consumed and wait times per consumer group.

OCI FastConnect Overview

 

FastConnect Overview:

Oracle Cloud Infrastructure FastConnect provides an easy way to create a dedicated, private connection between your data center and Oracle Cloud Infrastructure. FastConnect provides higher-bandwidth options, and a more reliable and consistent networking experience compared to internet-based connections. This setup offers higher bandwidth, lower latency, and improved reliability compared to typical internet-based connections.

Key Features:

--> Private and Public Peering: Connect to OCI resources using private IP addresses (private peering) or access public OCI services like Object Storage and APIs over a dedicated connection 

--> Bandwidth Options: Supports port speeds ranging from 1 Gbps to 400 Gbps.

--> Cost Efficiency: No charges for inbound or outbound data transfer.

--> Flexible Peering Options:

• Private Peering: Extends your on-premises network into your OCI Virtual Cloud Network (VCN) using private IP addresses.

• Public Peering: Provides access to public OCI services (e.g., Object Storage, OCI Console) over a dedicated connection using public IP addresses.

--> No Data Transfer Charges: Unlike standard internet connections, FastConnect does not incur per-byte data transfer charges, making it cost-effective for large data movements

--> Routing Protocol: Utilizes BGP (Border Gateway Protocol) for dynamic routing.

-->Encryption Support: Options to encrypt public peering connections using IPSec VPN for enhanced security.

How does OCI FastConnect work?

FastConnect provides a dedicated private connection between  OCI environment and  data center or trusted third-party provider.

There are three physical connection types.

• -->Customers who have a presence in an existing FastConnect location (A) can provision redundant cross-connects directly to an Oracle FastConnect edge device. Port speeds of 1 Gb/sec, 10 Gb/sec, 100 Gb/sec, or 400 Gb/sec are available.
• -->Customers who have an existing connection to a FastConnect partner (B) can provision a connection to OCI, typically within hours to days. Partners can also provide connections to other clouds, enabling a multicloud deployment. Port speeds vary depending on the partner’s capabilities.
• -->Customers can independently contract with a third-party provider (C) to establish connectivity to an Oracle FastConnect location.

For resiliency and high availability, best practices recommend establishing multiple physical connections to the same OCI region.

Once a physical connection is established, there are two virtual circuit options. Public peering (D) enables you to access both private resources in a VCN as well as public resources without traversing the internet, similar in concept to using OCI as an ISP. Private peering (E) enables you to extend your on-premises private networks to OCI.

FastConnect supports the Border Gateway Protocol (BGP) to automate route updates between your environment, OCI, and (optionally) FastConnect partners or third-party providers.

North America Oracle FastConnect locations

Use Cases of OCI FastConnect:

Source: https://www.oracle.com/cloud/networking/fastconnect/