Storing UCM Content in the Database

One of the very cool things that the Filestore Provider added when it was officially released in 10gR3 was the ability to store content in the database.  For a long time we (Stellent) had argued that metadata belonged in the database and content belonged on the file system.  There were very good arguments for that, primarily around performance, but that changed when Oracle bought Stellent.

Actually what changed was that in Oracle Database 11g, there's a really cool feature called SecureFiles (much more info here) that allows the database to act as a file system (DBFS).  Performance is comparable to a Linux file system and Oracle has run tests showing ingestion rates of 120-270 items/second (depending on file size, smaller is faster) on a 2x dual core proc server with 16GB of RAM.  Presentation of web pages ran 81-124 pages accesses/sec on the same hardware but with various different cache and presentation settings.

What made me think of this recently, though, was a conversation we had with a customer yesterday concerning high security.  Storing content on the file system with UCM requires securing physical access to the server (or storage array) because the application controls security rather than the file system.  If you store content in the database (using Oracle 11g) you can also leverage Database Vault and Audit Vault to add multiple extra layers of security and auditing on top of the storage layer.  This makes it impossible for even the most trusted DBAs to access the content without permission and auditing, but it's transparent to the authorized user submitting and retrieving content through the UCM interface.

Database Vault and Audit Vault are additional cost add-ons to the Oracle 11g database.  Transparent Data Encryption may be included in another SKU or it may be standard (you'll have to ask your Oracle license rep or SE) - but they provide substantial additional security for those really secret content items.  Remember, using FSP you can also set up storage rules to have some content stored on the file system and some in the database if that makes sense for you.  Perhaps dSecurityGroup=secret store in database using TDE and dSecurityGroup=public goes to the filesystem.

Important Note:  While it's possible to store content in the database using database 10g, I wouldn't recommend it.  It will be stored as a BLOB and retrieval performance will be far below that using SecureFiles on database 11g.

Another Important Note: Database storage is only supported on Oracle database, so if you are using MS SQL Server or IBM DB2 you are out of luck.  If you are using Sybase not only can you not store files in the database, you will be experiencing column indexing issues now and you should migrate ASAP as Sybase is not be supported as a metadata store in UCM 11g.