oem 12c day 5 2014
TRANSCRIPT
-
8/9/2019 OEM 12c Day 5 2014
1/123
Oracle Cloud Control OEMDay 5 Security
Provisioning & Patching
Lifecycle Management
Reports
Backup & Restore of the Cloud ControlEnvironment
-
8/9/2019 OEM 12c Day 5 2014
2/123
Cloud Control
Security
Version 1.1
-
8/9/2019 OEM 12c Day 5 2014
3/123
Objectives
At the end of this module the student will understandthe following tasks and concepts.
Administrators & Roles
Monitoring Credentials
Named Credentials
Preferred Credentials
Privilege Delegation
Agent Registration Passwords
3© Performance Tuning Corporation, 2012
-
8/9/2019 OEM 12c Day 5 2014
4/123
Administrators and Roles
Administrator
An OEM account used to log into Cloud Controland access and maintain targets
Roles
A set of privileges that can be applied toadministrator accounts
4© Performance Tuning Corporation, 2012
-
8/9/2019 OEM 12c Day 5 2014
5/123
Administrators
Each OEM user is an Administrator
Users should not share administrator logins(especially the SYSMAN account)
Administrators come in different levels of privileges
Super Administrator
Designer Administrator
Operator AdministratorEach Administrator uses their own credentials
5© Performance Tuning Corporation, 2012
-
8/9/2019 OEM 12c Day 5 2014
6/123
Administrator Types
Super AdministratorCan administer OEM users in addition to having all
target privileges
DesignerCan manage the software library
Can manage procedures
OperatorRestricted privileges on software library and
procedures
6© Performance Tuning Corporation, 2012
-
8/9/2019 OEM 12c Day 5 2014
7/123
Roles
A role is a collection of EM resource privileges, ortarget privileges, or both, which you can grant toadministrators or to other roles
EM creates one role by default Public Unique in that it is automatically assigned to all new non-
super administrators when they are created
By default it has no privileges assigned to it
The Public role should be used to define defaultprivileges you expect to assign to a majority of non-super administrators you create
7© Performance Tuning Corporation, 2012
-
8/9/2019 OEM 12c Day 5 2014
8/123
EM Out-of-Box Roles (1:3)
Role Description
EM_ALL_ADMINISTRATORRole has privileges to perform Enterprise Manager administrative operations. It
provides Full privileges on all secure resources (including targets)
EM_ALL_DESIGNERRole has privileges to design Enterprise Manager operational entities such as
Monitoring Templates.
EM_ALL_OPERATOR Role has privileges to manage Enterprise Manager operations.
EM_ALL_VIEWER Role has privileges to view Enterprise Manager operations.
EM_CBA_ADMINRole has privileges to manage Chargeback Objects. It provides the ability to
create and view chargeback plans, chargeback consumers, assign chargeback
usage, and view any CaT targets.
EM_CLOUD_ADMINISTRATOR
Enterprise Manager user for setting up and managing the infrastructure cloud.
This role could be responsible for deploying the cloud infrastructure (servers,
pools, zones) and infrastructure cloud operations for performance andconfiguration management.
EM_COMPLIANCE_DESIGNER Role has privileges for create, modify and delete compliance entities.
EM_COMPLIANCE_OFFICER Role has privileges to view compliance framework definition and results.
8© Performance Tuning Corporation, 2012
-
8/9/2019 OEM 12c Day 5 2014
9/123
EM Out-of-Box Roles (2:3)
Role Description
EM_CPA_ADMINRole to manage Consolidation Objects. It gives the capability to create and view
consolidation plans, consolidation projects and view any CaT targets.
EM_HOST_DISCOVERY_OPERATOR Role has privileges to execute host discovery
EM_INFRASTRUCTURE_ADMINRole has privileges to manage the Enterprise Manager infrastructure such as
managing plug-in lifecycle or managing self update.
EM_PATCH_ADMINISTRATORRole for creating, editing, deploying, deleting and granting privileges for any
patch plan.
EM_PATCH_DESIGNER Role for creating and viewing for any patch plan
EM_PATCH_OPERATOR Role for deploying patch plans
EM_PLUGIN_AGENT_ADMIN Role to support plug-in lifecycle on Management Agent
EM_PLUGIN_OMS_ADMIN Role to support plug-in lifecycle on Management Server
EM_PLUGIN_USER Role to support view plug-in console
9© Performance Tuning Corporation, 2012
-
8/9/2019 OEM 12c Day 5 2014
10/123
EM Out-of-Box Roles (3:3)
Role Description
EM_PROVISIONING_DESIGNER Role has privileges for provisioning designer
EM_PROVISIONING_OPERATOR Role has privileges for provisioning operator
EM_SSA_ADMINISTRATOREnterprise Manager user with privilege to set up the Self Service Portal. This role
can define quotas and constraints for self service users and grant them access
privileges.
EM_SSA_USERThis role grants Enterprise Manager user the privilege to access the Self Service
Portal.
EM_TARGET_DISCOVERY_OPERATOR Role has privileges to execute target discovery.
EM_TC_DESIGNER Role has privileges for creating Template Collections
EM_USER Role has privilege to access Enterprise Manager Application.
PUBLICPUBLIC role is granted to all administrators. This role can be customized at site
level to group privileges that need to be granted to all administrators.
10© Performance Tuning Corporation, 2012
-
8/9/2019 OEM 12c Day 5 2014
11/123
Privileges
A privilege is a right to perform management actions within Enterprise Manager
Can be divided into two categories: Target Privileges allow an administrator to perform
operations on a target
Resource Privileges allow a user to perform operationsagainst specific types of resources
See Enterprise Manager Cloud Control Administrator's Guide ;Chapter 13, Section 13.3.3.1 Granting Privileges for alist of EM target and resource privileges
11© Performance Tuning Corporation, 2012
-
8/9/2019 OEM 12c Day 5 2014
12/123
Monitoring Credentials
Credentials are used by the Management Agentto monitor certain types of targets, i.e.
Database
Host
OMS and Repository
To create or edit a monitoring credential
Setup Security Monitoring Credentials
12© Performance Tuning Corporation, 2012
-
8/9/2019 OEM 12c Day 5 2014
13/123
Monitoring Credentials Page
13© Performance Tuning Corporation, 2012
-
8/9/2019 OEM 12c Day 5 2014
14/123
Named Credentials
A Named Credential specifies a users' authenticationinformation on a system.
Named credentials can be
A username/password pair like the operating system logincredentials
Oracle home owner credentials primarily used for performingoperations such as running jobs, patching and other system
management tasks To create or edit a named credential
Setup Security Named Credentials
14© Performance Tuning Corporation, 2012
-
8/9/2019 OEM 12c Day 5 2014
15/123
Named Credentials Page
15© Performance Tuning Corporation, 2012
-
8/9/2019 OEM 12c Day 5 2014
16/123
Preferred Credentials (1:2)
Preferred credentials are used to simplify access tomanaged targets by storing target login credentials inthe Management Repository
With preferred credentials set, users can access an EnterpriseManager target that recognizes those credentials withoutbeing prompted to log in to the target
Preferred credentials are set on a per user basis, thus ensuring
the security of the managed enterprise environment
16© Performance Tuning Corporation, 2012
-
8/9/2019 OEM 12c Day 5 2014
17/123
Preferred Credentials (2:2)
Default Credentials
Can be set for a particular target type and will be available forall the targets of the target type
It will be overridden by target preferred credentials Target Credentials
Preferred credentials set for a particular target
Can be used by applications such as the job system,
notifications, or patching
To create or edit a preferred credential
Setup Security Preferred Credentials
17© Performance Tuning Corporation, 2012
-
8/9/2019 OEM 12c Day 5 2014
18/123
Preferred Credentials Page
18© Performance Tuning Corporation, 2012
-
8/9/2019 OEM 12c Day 5 2014
19/123
Privilege Delegation (1:3)
Privilege Delegation is a framework that allows you to use eitherSUDO or PowerBroker to perform an activity with the privilegesof another user
Privilege Delegation is Proprietary to Oracle
SUDO and PowerBroker are third-party utilities supported in CloudControl
Privilege Delegation can use either SUDO or PowerBroker, but not both,for a single host
You can ensure that the host user has enough privileges tobecome a root user, and run root scripts for completing anylifecycle management requirements for the enterprise
19© Performance Tuning Corporation, 2012
-
8/9/2019 OEM 12c Day 5 2014
20/123
Privilege Delegation (2:3)
Privilege Delegation offers the following advantages:
You have the flexibility to use either SUDO or PowerBroker within the same framework
Using the framework, you can now run PowerBroker in apassword-less or password-protected mode
You can create a template with these Privilege Delegationsettings and reuse it for multiple hosts.
This not only allows you to standardize Privilege Delegation settingacross your enterprise, but also facilitates the process of configuringPrivilege Delegation Settings.
It simplifies the Privilege Delegation setting management as well.
20© Performance Tuning Corporation, 2012
-
8/9/2019 OEM 12c Day 5 2014
21/123
Privilege Delegation (3:3)
Privilege Delegation offers the following advantages(continued…):
You can use the Privilege Delegation settings not only for
deployment procedures, but also for jobs in Cloud Control Privilege Delegation can read passwords from both STDIN
and TTY
To manage privilege delegation settings:
Setup Security Privilege Delegation
21© Performance Tuning Corporation, 2012
-
8/9/2019 OEM 12c Day 5 2014
22/123
Privilege Delegation Page
22© Performance Tuning Corporation, 2012
-
8/9/2019 OEM 12c Day 5 2014
23/123
Agent Registration Passwords(1:2)
Agent Registration password is used to validatethat installations of OEM agents are authorizedto load their data into the OMS
The Agent Registration password is createdduring installation when security is enabled forthe OMS
Agent Registration passwords can be managed(add/edit/delete) directly from the EM console
23© Performance Tuning Corporation, 2012
-
8/9/2019 OEM 12c Day 5 2014
24/123
Agent Registration Passwords(2:2)
To manage Agent Registration Password settings:
Setup Security Registration Passwords
From this page:
Change the registration passwordCreate additional registration passwords
Remove registration passwords associated with the OMS
You can specify whether the registration password is
persistent (and available for multiple Management Agents) orto be used only once or for a predefined period of time
24© Performance Tuning Corporation, 2012
-
8/9/2019 OEM 12c Day 5 2014
25/123
Registration Passwords Page
25© Performance Tuning Corporation, 2012
-
8/9/2019 OEM 12c Day 5 2014
26/123
Review
Administrators & Roles
Monitoring Credentials
Named Credentials
Preferred Credentials
Privilege Delegation
Agent Registration Passwords
26© Performance Tuning Corporation, 2012
-
8/9/2019 OEM 12c Day 5 2014
27/123
Cloud Control
Provisioning & Patching
Version 1.1
-
8/9/2019 OEM 12c Day 5 2014
28/123
Objectives
At the end of this module the student will understandthe following tasks and concepts.
The Software Library
Provisioning Database Provisioning
Bare Metal Provisioning
Patching Database Patching
Linux Patching
28© Performance Tuning Corporation, 2012
-
8/9/2019 OEM 12c Day 5 2014
29/123
Overview of the New Lifecycle
Management Solutions Automates time-consuming tasks related to
Discovery
Provisioning and Cloning Patching
Configuration Management
Ongoing Change ManagementCompliance Management
29© Performance Tuning Corporation, 2012
-
8/9/2019 OEM 12c Day 5 2014
30/123
Lifecycle Management Solutions
30© Performance Tuning Corporation, 2012
-
8/9/2019 OEM 12c Day 5 2014
31/123
Software Library Overview
Core feature of EM CC 12c
Repository that holds software entities
Software Patches
Virtual Appliance Images Reference Gold Images
Application Software
Associated Directive Scripts
In addition to storage, allows for maintaining versions,maturity levels, and states of all software entities
31© Performance Tuning Corporation, 2012
-
8/9/2019 OEM 12c Day 5 2014
32/123
EM CC Software Library Page
32© Performance Tuning Corporation, 2012
-
8/9/2019 OEM 12c Day 5 2014
33/123
Software Library
Users, Roles, and Privileges
Software Library folder and entities that ship with EM CC 12c are viewable by all theEnterprise Manager users, by default
EM Administrators do not have any SoftwareLibrary privileges, by default
EM Super Administrator must grant access andprivileges to EM Administrators
33© Performance Tuning Corporation, 2012
-
8/9/2019 OEM 12c Day 5 2014
34/123
Software Library Privileges for
AdministratorsResource Type Description
View any Template Entity Ability to view any Template Entity
Export Any Software Library Entity Ability to export any Software entity
Edit any Software Library Entity Ability to edit any Software Library entity
Manage Any Software Library Entity Ability to create, view, edit, and delete any Software Library
entity
Import Any Software Library Entity Ability to import any Software Library entity
Create Any Software Library Entity Ability to create any Software Library entity
View Any Software Library Entity Ability to view any Software Library entity
View Any Assembly Entity Ability to view any Assembly entity
Grant Any Entity Privilege
Ability to grant view, edit, and delete privileges on any Software
Library entity. This privilege is required if the user granting the
privilege on any entity is not a Super Administrator or owner of
the entity.
34© Performance Tuning Corporation, 2012
-
8/9/2019 OEM 12c Day 5 2014
35/123
Software Library Roles
Role Software Library Privileges
Super Administrator All Software Library Privileges
EM_PROVISIONING_DESIGNER
(Designer)Create Any Software Library Entity
EM_PROVISIONING_OPERATOR(Operator) View Any Software Library Entity
EM_PATCH_OPERATORCreate Any Software Library Entity
View Any Software Library Entity
EM_USER
(Administrator) Access Enterprise Manager
35© Performance Tuning Corporation, 2012
-
8/9/2019 OEM 12c Day 5 2014
36/123
Software Library Storage (1:2)
The Software Library Administration consoleallows you to configure and administer theSoftware Library
To start using the Software Library, you mustadd at least one upload file storage location onthe host where the OMS is running
Setup Provisioning and Patching SoftwareLibrary
36© Performance Tuning Corporation, 2012
-
8/9/2019 OEM 12c Day 5 2014
37/123
Software Library Storage (2:2)
37© Performance Tuning Corporation, 2012
-
8/9/2019 OEM 12c Day 5 2014
38/123
Provisioning (1:2)
Discovers bare metal serves and live target servers
Provisions Linux operating system on bare metalservers (hypervisors and virtual machines)
Associates patching templates with provisioning so thatpatches can be applied automatically once the operatingsystem is provisioned
Provisions of Oracle Databases, Oracle Real Application Clusters (Oracle RAC), Oracle GridInfrastructure (for standalone servers and clusteredenvironments)
38© Performance Tuning Corporation, 2012
-
8/9/2019 OEM 12c Day 5 2014
39/123
Provisioning (2:2)
Supports initial setup through OneCommand utility andongoing database provisioning for Exadata Databasemachines
Provisions Oracle Fusion Middleware, Oracle SOASuite, SOA Artifacts, Oracle BPEL, Oracle Service Bus,
Java EE Applications, Oracle Application Server
Supports mass upgrade of single instance, Oracle RAC,
and Oracle RAC One database instances one at a time
39© Performance Tuning Corporation, 2012
-
8/9/2019 OEM 12c Day 5 2014
40/123
Database Provisioning Features
Oracle Databases (i.e. single-instance databases)
Real Application Clusters (RAC) databases
Extend Oracle RAC nodes
Delete Oracle RAC nodes
Oracle RAC One-Node databases
Upgrade single-instance databases in a scalableand automated manor
40© Performance Tuning Corporation, 2012
D b i i i S l i
-
8/9/2019 OEM 12c Day 5 2014
41/123
Database Provisioning Solution
in Cloud Control
41© Performance Tuning Corporation, 2012
A i h D b
-
8/9/2019 OEM 12c Day 5 2014
42/123
Accessing the Database
Provisioning Screen
Enterprise Provisioning & Patching Database Provisioning
42© Performance Tuning Corporation, 2012
-
8/9/2019 OEM 12c Day 5 2014
43/123
Database Deployment Procedures
and Targets Provisioned (1:2)Deployment Procedure Targets Provisioned
Provision Oracle Database
- Oracle Database (single instance) 10g Release 1 to 11g Release 2
- Oracle Grid Infrastructure 11g Release 2
- Oracle Automatic Storage Management (Oracle ASM) 11g Release 2
Provision Oracle Real Application Clusters
- Oracle Real Application Clusters (Oracle RAC) 11g Release 2
- Oracle RAC One Node 11g Release 2- Oracle Grid Infrastructure 11g Release 2
- Oracle Automatic Storage Management (Oracle ASM) 11g Release 2
Create Oracle Database
- Oracle Database (single-instance database) 11g Release 2
- Oracle Real Application Clusters (Oracle RAC) 11g Release 2
- Oracle RAC One Node 11g Release 2
Provision Oracle Clusterware/ Oracle RAC for UNIX and
RDBMS versions 10g/11g
(applicable for UNIX
platform)
- Oracle Real Application Clusters (Oracle RAC) 10g Release 1 to 11gRelease 1
- Oracle Clusterware 10g Release 1 to 11g Release 1
- Oracle Clusterware Automatic Storage Management (Oracle ASM)
10g Release 1 to 11g Release 1
43© Performance Tuning Corporation, 2012
-
8/9/2019 OEM 12c Day 5 2014
44/123
Database Deployment Procedures
and Targets Provisioned (2:2)
Deployment Procedure Targets Provisioned
Extend/Scale Up Oracle Real
Application Clusters
Oracle Real Application Clusters (Oracle RAC) 10g Release 1 to 11g
Release 2
Delete/Scale Down Oracle
Real Application Clusters
Oracle Real Application Clusters (Oracle RAC) 10g Release 1 to 11g
Release 2
Provision Oracle Database
ClientOracle Database Client 10g Release 2 to 11g Release 2
44© Performance Tuning Corporation, 2012
-
8/9/2019 OEM 12c Day 5 2014
45/123
Bare-Metal Provisioning
Bare-Metal Provisioning Application is part of the Cloud ControlLifecycle Management Packhttp://www.oracle.com/technetwork/oem/lifecycle-mgmt-495331.html
Allows you to provision the Linux operating system on bare metal
servers using EM Cloud Control Bare-Metal Provisioning Application addresses the data center, server
farm challenge to provision software and servers quickly, efficiently,and make them operational
Uses standardized PXE (Pre Boot Execution environment) booting
process for provisioning both bare-metal and live servers
Provides a role based User Interface, for easily creating gold imagesand initiating automated, unattended installs
45© Performance Tuning Corporation, 2012
B M l P i i i
http://www.oracle.com/technetwork/oem/lifecycle-mgmt-495331.htmlhttp://www.oracle.com/technetwork/oem/lifecycle-mgmt-495331.htmlhttp://www.oracle.com/technetwork/oem/lifecycle-mgmt-495331.htmlhttp://www.oracle.com/technetwork/oem/lifecycle-mgmt-495331.htmlhttp://www.oracle.com/technetwork/oem/lifecycle-mgmt-495331.htmlhttp://www.oracle.com/technetwork/oem/lifecycle-mgmt-495331.html
-
8/9/2019 OEM 12c Day 5 2014
46/123
Bare-Metal Provisioning
Environment Overview The following need to be setup and configured
before using the provisioning application
Software Library and its Entities
Boot Server
Stage Server
Reference Host
RPM Repository
46© Performance Tuning Corporation, 2012
B M l P i i i
-
8/9/2019 OEM 12c Day 5 2014
47/123
Bare-Metal Provisioning
Process Overview Consists of 2 high-level tasks:
Setting Up Provisioning Environment
Set up and configure Boot/DHCP server
Set Stage server,
Set up RPM repository and Software Library
Optionally, create bare metal provisioning entities
Provisioning Linux using Bare Metal Provisioning Application
Launching the Bare metal Provisioning wizard to configure the baremetal machines using MAC addresses, subnet, or re-imaging CloudControl hosts
Powering up the bare metal machine on the network to begin thePXE-based OS boot and install process
47© Performance Tuning Corporation, 2012
B M l P i i i
-
8/9/2019 OEM 12c Day 5 2014
48/123
Bare-Metal Provisioning
Supported Releases of Linux
Oracle Linux 5.0 or higher
Oracle Linux 4.0 or higher
Red Hat Enterprise Linux (RHEL) 5.0 or higher Red Hat Enterprise Linux (RHEL) 4.0 update 2
or higher
Red Hat Enterprise Linux (RHEL) 3.0 update 6
or higher
SuSE Linux (SLES) 10
48© Performance Tuning Corporation, 2012
-
8/9/2019 OEM 12c Day 5 2014
49/123
Patching (1:2)
Offers an integrated patching workflow with My OracleSupport — access to recommendations, search patches,and so on.
Orchestrates patching workflow using Patch Plans,including automated selection of deploymentprocedures and analysis of the patch conflicts.
Validates patches for applicability in your environment,
validates patch plans, and automatically receives patchesto resolve conflicts.
49© Performance Tuning Corporation, 2012
-
8/9/2019 OEM 12c Day 5 2014
50/123
Patching (2:2)
Helps you save successfully analyzed or deployablepatch plans as patch templates, which contain apredetermined set of patches and deployment options
saved from the source patch plan. Offers out-of-place patching (only for standalone
databases), in-place patching, and rolling and parallelpatching modes, both in offline and online mode.
50© Performance Tuning Corporation, 2012
-
8/9/2019 OEM 12c Day 5 2014
51/123
Database Patching (1:2)
Cloud Control Patch Management Integrated patching workflow with My Oracle Support, therefore,
you see recommendations, search patches, and roll out patches allusing the same user interface.
Complete, end-to-end orchestration of patching workflow usingPatch Plans, including automated selection of deploymentprocedures and analysis of the patch conflicts, therefore, there isminimal manual effort required.
Clear division of responsibilities between designers and operators -
Designers can focus on creating patch plans, testing them on a testsystem, and saving them as patch templates. Operators can focuson creating patch plans out of the template for rolling out thepatches on a production system.
51© Performance Tuning Corporation, 2012
-
8/9/2019 OEM 12c Day 5 2014
52/123
Database Patching (2:2)
Cloud Control Patch Management
Easy review of patches for applicability in your environment, validation of patch plans, and automatic receipt of patches toresolve validation issues.
Saving successfully analyzed or deployable patch plans as patchtemplates, which contain a predetermined set of patches anddeployment options saved from the source patch plan.
Out-of-place patching for standalone (single-instance) databasetargets and Oracle Grid Infrastructure targets that are part ofOracle Exadata.
Flexible patching options such as rolling and parallel, both inoffline and online mode.
52© Performance Tuning Corporation, 2012
-
8/9/2019 OEM 12c Day 5 2014
53/123
Patch Plans (1:3)
Patch plans help you create a consolidated list ofpatches you want to apply as a group to one ormore targets
Patch plans have states (or status) that map tokey steps in the configuration changemanagement process
Any administrator or role that has viewprivileges can access a patch plan
53© Performance Tuning Corporation, 2012
-
8/9/2019 OEM 12c Day 5 2014
54/123
Patch Plans (2:3)
Patch Plans support the following type of patches
Patch Sets
Patch Sets for Oracle Database 10g Release 2 andOracle Database 11g Release 1
Patch Sets for Oracle Database 11g Release 2 are complete installs
Patches (One-Off)
Interim Patches that contain a single bug fix or a collection of bugfixes provided as required
Diagnostic Patches Patch Set Updates (PSU)
Critical Patch Updates (CPU)
54© Performance Tuning Corporation, 2012
-
8/9/2019 OEM 12c Day 5 2014
55/123
Patch Plans (3:3)
A patch can be added to a target in a plan only if thepatch has the same release and platform as the target to
which it is being added
You can include any patch for any target in a plan Automatically selects an appropriate deployment procedure
to be used for applying the patches
Patch plans are currently not available for hardware
system or operating system patching Any administrator or role that has view privileges can
access a patch plan
55© Performance Tuning Corporation, 2012
-
8/9/2019 OEM 12c Day 5 2014
56/123
Linux Patching Overview (1:2)
Set up Linux RPM Repository based in UnbreakableLinux Network (ULN) channels
Download Advisories (Erratas) from ULN
Set up Linux Patching Group to update a group ofLinux hosts and collect compliance information
Allow non-compliant packages to be patched
Rollback/Uninstall packages from host
56© Performance Tuning Corporation, 2012
-
8/9/2019 OEM 12c Day 5 2014
57/123
Linux Patching Overview (2:2)
Manage RPM repositories and channels (clonechannels, copy packages from one channel intoanother, delete channels)
Add RPMs to custom channels Manage Configuration file channels (create/delete
channels, upload files, copy files from one channel intoanother)
57© Performance Tuning Corporation, 2012
Li H t P t hi
-
8/9/2019 OEM 12c Day 5 2014
58/123
Linux Host Patching
Deployment Procedure
Cloud Control provides the following deploymentprocedures for Linux patching:
Patch Linux Hosts – This deployment procedure enables you
to patch Linux hosts. Linux RPM Repository server - This deployment procedure
enables you to set up a Linux RPM repository server.
For details of the Linux Host Patching procedure, seethe EM Lifecycle Management Administrator’s Guide;Chapter 25http://docs.oracle.com/cd/E24628_01/em.121/e27046/pat_linux_patch.htm#BABCJAGH
58© Performance Tuning Corporation, 2012
http://docs.oracle.com/cd/E24628_01/em.121/e27046/pat_linux_patch.htmhttp://docs.oracle.com/cd/E24628_01/em.121/e27046/pat_linux_patch.htmhttp://docs.oracle.com/cd/E24628_01/em.121/e27046/pat_linux_patch.htm
-
8/9/2019 OEM 12c Day 5 2014
59/123
Review
Software Library
Provisioning
Provisioning Databases
Bare Metal Provisioning
Patching
Database Patching
Linux Patching
59© Performance Tuning Corporation, 2012
-
8/9/2019 OEM 12c Day 5 2014
60/123
Cloud Control
Lifecycle Management
Version 1.1
-
8/9/2019 OEM 12c Day 5 2014
61/123
Objectives
At the end of this module the student will understandthe following tasks and concepts.
Discovery
Provisioning and Patching Configuration Management
Change Management
Compliance Management
61© Performance Tuning Corporation, 2012
-
8/9/2019 OEM 12c Day 5 2014
62/123
Lifecycle Management Solutions
62© Performance Tuning Corporation, 2012
-
8/9/2019 OEM 12c Day 5 2014
63/123
Discovery
Automatically discovers software deploymentsusing IP scanning techniques (NMAP).
Converts unmanaged software deployments to
managed targets in Cloud Control so that theirhealth can be monitored.
Offers an integrated workflow for deploying
Oracle Management Agents and discoveringtargets on selected auto-discovered hosts.
63© Performance Tuning Corporation, 2012
-
8/9/2019 OEM 12c Day 5 2014
64/123
Provisioning
Discovers bare metal serves and live target servers Provisions Linux operating system on bare metal servers (hypervisors and
virtual machines)
Associates patching templates with provisioning so that patches can beapplied automatically once the operating system is provisioned
Provisions of Oracle Databases, Oracle Real Application Clusters (OracleRAC), Oracle Grid Infrastructure (for standalone servers and clusteredenvironments)
Supports initial setup through OneCommand utility and ongoing databaseprovisioning for Exadata Database machines
Provisions Oracle Fusion Middleware, Oracle SOA Suite, SOA Artifacts,Oracle BPEL, Oracle Service Bus, Java EE Applications, Oracle ApplicationServer
Supports mass upgrade of single instance, Oracle RAC, and Oracle RAC Onedatabase instances one at a time
64© Performance Tuning Corporation, 2012
-
8/9/2019 OEM 12c Day 5 2014
65/123
Patching
Offers an integrated patching workflow with My Oracle Support — access to recommendations, search patches, and so on.
Orchestrates patching workflow using Patch Plans, includingautomated selection of deployment procedures and analysis of the
patch conflicts. Validates patches for applicability in your environment, validates patch
plans, and automatically receives patches to resolve conflicts.
Helps you save successfully analyzed or deployable patch plans aspatch templates, which contain a predetermined set of patches and
deployment options saved from the source patch plan.
Offers out-of-place patching (only for standalone databases), in-placepatching, and rolling and parallel patching modes, both in offline andonline mode.
65© Performance Tuning Corporation, 2012
-
8/9/2019 OEM 12c Day 5 2014
66/123
Change Management
Captures database object definitions and initialization parameters atdifferent points in time.
Compares a baseline or a database and another baseline or a database.
Propagates changes from database definitions and initialization
parameters captured in a baseline or from a database to a targetdatabase.
Specifies, groups, and packages object metadata changes. Createchange plans from ad hoc changes, comparison-based differences, ordeveloper tools.
Compares data between a local and remote database, and determineshow seed data customizations will be affected by application upgrades.
66© Performance Tuning Corporation, 2012
-
8/9/2019 OEM 12c Day 5 2014
67/123
Configuration Management (1:2)
Searches configuration data across the enterprise.
Displays configuration data in the context of a single managedentity — configuration item types and properties, systemconfiguration data, system target relationships, custom
configuration data. Monitors change activity across the enterprise — includes changes
both to configurations and to relationships, which areassociations that exist among managed entities.
Compare configurations of a particular target type usingcomparison templates, which enable you to ignore the obviousdifferences and set alerts on critical issues that need immediateattention.
67© Performance Tuning Corporation, 2012
-
8/9/2019 OEM 12c Day 5 2014
68/123
Configuration Management (2:2)
Identifies files and other configuration data that Cloud Controldoes not already collect from well-known target types or from atarget type introduced as part of the custom configurationdefinition. Offers a set of custom configurations called
blueprints, which lay out precisely the files and data to collect fora given platform such as Apache Tomcat.
Creates new relationships between managed entities using the Topology Viewer or a generic system target type. Helps you
perform dependency analysis and impact analysis on assets inyour enterprise using the Topology Viewer.
68© Performance Tuning Corporation, 2012
-
8/9/2019 OEM 12c Day 5 2014
69/123
Compliance Management
Evaluates the compliance of targets and systems as they relate toyour business best practices for configuration, security, andstorage.
Advises of how to change configuration to bring your targets
and systems into compliance. Helps you define, customize, and manage Compliance
frameworks, Compliance standards, Compliance standard rules.
Helps you test your environment against the criteria defined for
your company or regulatory bodies using these self-definedentities
69© Performance Tuning Corporation, 2012
-
8/9/2019 OEM 12c Day 5 2014
70/123
Review
Discovery
Provisioning and Patching
Configuration Management
Change Management Compliance Management
70© Performance Tuning Corporation, 2012
-
8/9/2019 OEM 12c Day 5 2014
71/123
-
8/9/2019 OEM 12c Day 5 2014
72/123
Objectives
At the end of this module the student will understandthe following tasks and concepts.
Using the report system
Creating reports Creating scheduled reports
Creating public reports
72© Performance Tuning Corporation, 2012
-
8/9/2019 OEM 12c Day 5 2014
73/123
Using Information Publisher (1:3)
EM’s Reporting Framework
Can be used to present a view of enterprisemonitoring information for Business Intelligence
Can also serve and Administrative Role to show Activity
Resource Utilization
Configuration of managed targets
Access via:Enterprise Reports Information Publisher Reports
73© Performance Tuning Corporation, 2012
-
8/9/2019 OEM 12c Day 5 2014
74/123
Using Information Publisher (2:3)
Create and publish customized reports
Intuitive HTML-based reports published:
via the Web
StoredE-mailed to selected recipients
Comprehensive library of pre-defined reports allowsfor out-of-box report generation without additionalsetup and configuration
74© Performance Tuning Corporation, 2012
-
8/9/2019 OEM 12c Day 5 2014
75/123
Using Information Publisher (3:3)
Key benefits of using Information Publisher Provides a framework for creating content-rich, well-
formatted HTML reports based on Management Repositorydata
Out-of-box reports let you start generating reportsimmediately without any system configuration or setup
Ability to schedule automatic generation of reports and storescheduled copies and/or e-mail them to intended audiences
Ability for Enterprise Manager administrators to sharereports with the entire business community: executives,customers, and other Enterprise Manager administrators
75© Performance Tuning Corporation, 2012
-
8/9/2019 OEM 12c Day 5 2014
76/123
Out-of-Box Report Definitions
76© Performance Tuning Corporation, 2012
-
8/9/2019 OEM 12c Day 5 2014
77/123
Creating Reports (1:4)
Choose whether to modify an existing report definition or startfrom scratch.If an existing report definition closely matches your needs, it iseasy to customize it by using the Create Like function.
Specify name, category, and sub-category.Cloud Control provides default categories and sub-categoriesthat are used for out-of-box reports. However, you cancategorize custom reports in any way you like.
Specify any time-period and/or target parameters. The report viewer will be prompted for these parameters while viewing the report.
77© Performance Tuning Corporation, 2012
-
8/9/2019 OEM 12c Day 5 2014
78/123
Creating Reports (2:4)
Add reporting elements.Reporting elements are pre-defined content building blocks, thatallow you to add a variety of information to your report. Someexamples of reporting elements are charts, tables, and images.
Customize the report layout.Once you have assembled the reporting elements, you cancustomize the layout of the report.
78© Performance Tuning Corporation, 2012
-
8/9/2019 OEM 12c Day 5 2014
79/123
Creating Reports (3:4)
By declaring report parameters, you allow the user to control what data is shown in the report.
There are two types of parameters:
target
time-period
Information Publisher allows you to view reports for a variety oftime-periods:
Last 24 Hours/ 7 Days/ 31 Days
Previous X Days/ Weeks/ Months/ Years (calendar units) This Week/ This Month/ This Year (this week so far)
Any custom date range.
79© Performance Tuning Corporation, 2012
C i R
-
8/9/2019 OEM 12c Day 5 2014
80/123
Creating Reports (4:4)
Information Publisher provides a variety of reportingelements
Generic reporting elements allow you to display any desiredinformation, such as including your corporate Logo, with a link to
your corporate Web site Monitoring elements show monitoring information, such as
availability and alerts for managed targets
Service Level Reporting elements show availability, performance,
usage and achieved service levels Allows you to track compliance with Service Level Agreements
Share information about achieved service levels with your customersand business executives
80© Performance Tuning Corporation, 2012
C i S h d l d R
-
8/9/2019 OEM 12c Day 5 2014
81/123
Creating Scheduled Reports (1:3)
Cloud Control provides the followingscheduling options:
One-time report generation either immediately or at
any point in the future Periodic report generation
Frequency: Any number of Minutes/ Hours/ Days/ Weeks/ Months/ Years
You can generate copies indefinitely or until a specificdate in the future
81© Performance Tuning Corporation, 2012
C i S h d l d R
-
8/9/2019 OEM 12c Day 5 2014
82/123
Creating Scheduled Reports (2:3)
Storing and Purging Report Copies
EM allows you to store any number of scheduledcopies for future reference
You can delete each stored copy manually You can set up automated purging based on:
The number of stored copies
Retention time
82© Performance Tuning Corporation, 2012
C i S h d l d R
-
8/9/2019 OEM 12c Day 5 2014
83/123
Creating Scheduled Reports (3:3)
E-mailing Reports
You can choose for scheduled reports to be e-mailedto any number of recipients
You can specify a “reply -to” address You can specify a “subject”
83© Performance Tuning Corporation, 2012
C i P bli R
-
8/9/2019 OEM 12c Day 5 2014
84/123
Creating Public Reports (1:x)
EM Administrators can share reports with otheradministrators and roles
Reports can also be shared with non-EM
Administrators(i.e., customers and / or business executives)
EM can render a separate reporting website
EM reporting website does not use authentication
84© Performance Tuning Corporation, 2012
C i P bli R
-
8/9/2019 OEM 12c Day 5 2014
85/123
Creating Public Reports (1:2)
EM Administrators can share reports with otheradministrators and roles
Reports can also be shared with non-EM
Administrators(i.e., customers and / or business executives)
EM can render a separate reporting website
EM reporting website does not use authentication
85© Performance Tuning Corporation, 2012
C i P bli R
-
8/9/2019 OEM 12c Day 5 2014
86/123
Creating Public Reports (2:2)
In the Access tab of the Create ReportDefinition check the “Allow viewing without
logging in to Enterprise Manager” checkbox
Make sure you have selected the “Run reportusing target privileges of the report owner” in
the General tab
Create a schedule Access via /em/public/reports URL
86© Performance Tuning Corporation, 2012
R i
-
8/9/2019 OEM 12c Day 5 2014
87/123
Review
Using the report system
Creating reports
Creating scheduled reports
Creating public reports
87© Performance Tuning Corporation, 2012
-
8/9/2019 OEM 12c Day 5 2014
88/123
Backup and Restore of the Cloud
Control Deployment Configuration
Version 1.0
-
8/9/2019 OEM 12c Day 5 2014
89/123
Objectives
At the end of this module the student will understand
the following tasks and concepts.
Cloud Control / Cloud Control Architecture
Backup and Recovery of the Cloud Control / CloudControl System
Repository Backup and Recovery
OMS Backup and Recovery Agent Backup and Recovery
EMCTL High Availability Commands
89© Performance Tuning Corporation, 2012
-
8/9/2019 OEM 12c Day 5 2014
90/123
-
8/9/2019 OEM 12c Day 5 2014
91/123
Enterprise Manager Cloud Control 12c
-
8/9/2019 OEM 12c Day 5 2014
92/123
Enterprise Manager Cloud Control 12c
Architecture
92© Performance Tuning Corporation, 2012
Enterprise Manager Cloud Control
-
8/9/2019 OEM 12c Day 5 2014
93/123
Enterprise Manager Cloud Control
Architecture Core Components
93© Performance Tuning Corporation, 2012
Oracle Management Agent
Oracle Management Service (OMS)
Oracle Management Repository
Oracle Management Plug-Ins
-
8/9/2019 OEM 12c Day 5 2014
94/123
Repository Backup and Recovery
Oracle recommends using High Availability BestPractices for protecting the Repository database Database should be in ARCHIVELOG mode
Perform regular online backups with RMAN using theRecommended Backup Strategy option via the EnterpriseManager Console
Other utilities such as DataGuard and RAC can also be used aspart of a comprehensive backup strategy
95© Performance Tuning Corporation, 2012
-
8/9/2019 OEM 12c Day 5 2014
95/123
Repository Backup Setup (1:4)
Enterprise Manager 12c Recovery Settings Page
Targets Databases [Repository Database Target]
[Logon repository database]
Availability
Recovery Settings
Enable Archive Logging and Flashback Database
96© Performance Tuning Corporation, 2012
Cloud Control 12c Backup Setup
-
8/9/2019 OEM 12c Day 5 2014
96/123
Cloud Control 12c Backup Setup(Recovery Settings Page – 1:2)
97© Performance Tuning Corporation, 2012
Cloud Control 12c Backup Setup
-
8/9/2019 OEM 12c Day 5 2014
97/123
Cloud Control 12c Backup Setup(Recovery Settings Page – 2:2)
98© Performance Tuning Corporation, 2012
-
8/9/2019 OEM 12c Day 5 2014
98/123
Repository Backup Setup (2:4)
Enterprise Manager 12c Backup Policies Page
Target Database [Repository Database Target]
Availability
Backup Settings
Policy tab
Enable Block Change Tracking
99© Performance Tuning Corporation, 2012
Cloud Control 12c Backup Setup
-
8/9/2019 OEM 12c Day 5 2014
99/123
Cloud Control 12c Backup Setup(Backup Policy Page)
100© Performance Tuning Corporation, 2012
-
8/9/2019 OEM 12c Day 5 2014
100/123
Repository Backup Setup (3:4)
Detailed information of how to back up the EnterpriseManager Deployment is available in theOracle Enterprise Manager Cloud Control
Administrator’s Guide 12c Release 1 (12.1.0.1)
http://docs.oracle.com/cd/E24628_01/doc.121/e24473/ha_backup_recover.htm#BGBCCIJC
101© Performance Tuning Corporation, 2012
http://docs.oracle.com/cd/E24628_01/doc.121/e24473/ha_backup_recover.htmhttp://docs.oracle.com/cd/E24628_01/doc.121/e24473/ha_backup_recover.htmhttp://docs.oracle.com/cd/E24628_01/doc.121/e24473/ha_backup_recover.htmhttp://docs.oracle.com/cd/E24628_01/doc.121/e24473/ha_backup_recover.htmhttp://docs.oracle.com/cd/E24628_01/doc.121/e24473/ha_backup_recover.htm
-
8/9/2019 OEM 12c Day 5 2014
101/123
Repository Backup Setup (4:4)
Detailed information of how to configure databasebackups using Enterprise Manager is available in theOracle Database 11gR2 2 Day DBA guide:
http://www.oracle.com/pls/topic/lookup?ctx=E11857-01&id=ADMQS
Information on Database High Availability best practicescan be found in the Oracle Database 11gR2 High
Availability Best Practices guide:
http://www.oracle.com/pls/topic/lookup?ctx=E11857-01&id=HABPT
102© Performance Tuning Corporation, 2012
http://www.oracle.com/pls/topic/lookup?ctx=E11857-01&id=ADMQShttp://www.oracle.com/pls/topic/lookup?ctx=E11857-01&id=HABPThttp://www.oracle.com/pls/topic/lookup?ctx=E11857-01&id=HABPThttp://www.oracle.com/pls/topic/lookup?ctx=E11857-01&id=HABPThttp://www.oracle.com/pls/topic/lookup?ctx=E11857-01&id=HABPThttp://www.oracle.com/pls/topic/lookup?ctx=E11857-01&id=HABPThttp://www.oracle.com/pls/topic/lookup?ctx=E11857-01&id=ADMQShttp://www.oracle.com/pls/topic/lookup?ctx=E11857-01&id=ADMQShttp://www.oracle.com/pls/topic/lookup?ctx=E11857-01&id=ADMQShttp://www.oracle.com/pls/topic/lookup?ctx=E11857-01&id=ADMQS
-
8/9/2019 OEM 12c Day 5 2014
102/123
Repository Recovery (1:3)
Recovery of the Repository database must be performed with RMAN Cloud Control will not be available when the repository
database is down
Two Recovery cases: Full Recovery
Point-in-Time / Incomplete Recovery
Incomplete recovery requires that the repository beresynchronized with the agents
103© Performance Tuning Corporation, 2012
-
8/9/2019 OEM 12c Day 5 2014
103/123
Repository Recovery (2:3)
Resynchronization feature allows for the automation ofthe process to resync the repository with the latest stateof the agent Can only be used for Agent version 10.2.0.5 or later
Command line utility option:
emctl resync repos -full -name"”
Command must be executed from the OMS HOME afterrestoring the repository, but before starting the OMS
Repository recovery is complete when the resynchronizationjobs complete on all Agents
104© Performance Tuning Corporation, 2012
i
-
8/9/2019 OEM 12c Day 5 2014
104/123
Repository Recovery (3:3)
Manually Resynchronizing AgentsUse for Agents older than v10.2.0.5
Use the following procedure: Shut down the Agent Delete the agentstmp.txt, lastupld.xml, state/* and
upload/* files from the AGENT_HOME/sysman/emddirectory
Restart the Agent
105© Performance Tuning Corporation, 2012
-
8/9/2019 OEM 12c Day 5 2014
105/123
-
8/9/2019 OEM 12c Day 5 2014
106/123
O S k S i
-
8/9/2019 OEM 12c Day 5 2014
107/123
OMS Backup Strategies (2:5)
Instance Home Composed of WebLogic, OMS, and WebTier configuration
files
Can be backed up using the “emctl exportconfig oms”command
108© Performance Tuning Corporation, 2012
OMS B k S i
-
8/9/2019 OEM 12c Day 5 2014
108/123
OMS Backup Strategies (3:5)
Software Library Composed of components used by Enterprise Manager
patching and provisioning functions
Oracle Database Filesystem (DBFS) is recommended forsoftware library backup
DBFS technology allows an Oracle database tablespace to beexposed to applications as a mounted filesystem
Internally, all of the files are stored as secure files in the Oracle
database
109© Performance Tuning Corporation, 2012
OMS B k S i
-
8/9/2019 OEM 12c Day 5 2014
109/123
OMS Backup Strategies (4:5)
Shared Loader RECV Directory Used to temporarily store metric data uploaded from Agents
before the data is loaded into the repository
A high availability storage technology should be used toprotect the receive directory
110© Performance Tuning Corporation, 2012
OMS B k S i
-
8/9/2019 OEM 12c Day 5 2014
110/123
OMS Backup Strategies (5:5)
Administration Server Introduced with Enterprise Manager 12cR1 in the OMS
WedLogic architecture
Operates as the central control entity for the configuration ofthe entire OMS(s) domain
Integral part of the first OMS installed in the Cloud Controldeployment and shares the Software Homes and InstanceHome
Shares the Software Homes and Instance Home Backed up at the same time as the Instance Home
(the emctl exportconfig oms command)
111© Performance Tuning Corporation, 2012
OMS R
-
8/9/2019 OEM 12c Day 5 2014
111/123
OMS Recovery (1:3)
Recovering the OMS consists of two steps: Recover the Software Homes
Configure the Instance Home
112© Performance Tuning Corporation, 2012
OMS R
-
8/9/2019 OEM 12c Day 5 2014
112/123
OMS Recovery (2:3)
Recover the Software Homes When restoring to the same host, the software homes can be
restored from a filesystem backup
If a backup does not exist, the software homes can bereconstructed as follows:
Software-only installation of WebLogic and OMS
Software-only installation of add-ons (if any)
Reapply all patches that were applied prior to the crash
The location of the OMS Home is fixed; ensure the OMSHome is restored to the same location that was previouslyused
113© Performance Tuning Corporation, 2012
OMS R
-
8/9/2019 OEM 12c Day 5 2014
113/123
OMS Recovery (3:3)
Configure the Instance Home Once the OMS Home is restored, the OMS configuration can
then be restored using the OMS Configuration Assistant(OMSCA) using the following command:
omsca recovery –BACKUP_FILE [file]
Use the export file generated by the“emctl exportconfig oms” command as [file]
114© Performance Tuning Corporation, 2012
-
8/9/2019 OEM 12c Day 5 2014
114/123
B ki U A
-
8/9/2019 OEM 12c Day 5 2014
115/123
Backing Up Agents
There are no special considerations for backing up Agents
Best Practice
Reference Agent installs should be maintained for differentplatforms
Kept up-to-date in terms of customizations in theemd.properties file and patches applied.
Use Deployment options from the Cloud Control Console toinstall and maintain reference Agent installs
116© Performance Tuning Corporation, 2012
R i A t (1 2)
-
8/9/2019 OEM 12c Day 5 2014
116/123
Recovering Agents (1:2)
When an Agent is lost, it should be reinstalled by cloningfrom a reference install Often the fastest way to recover an Agent
It is not necessary to track and reapply customizations andpatches
Care should be taken to reinstall the Agent using the same port
The EM Agent Resynchronization feature can be used toreconfigure the Agent using target information present in the
Repository
117© Performance Tuning Corporation, 2012
R i A t (2 2)
-
8/9/2019 OEM 12c Day 5 2014
117/123
Recovering Agents (2:2)
When an Agent is reinstalled using the same port, theOMS detects that it has be reinstalled and blocks ittemporarily to prevent auto-discovered targets in thereinstalled Agent from overwriting previouscustomizations
Blocked Agents continue to collect monitoring data, butcannot upload any alerts or metric data to the OMS
EM Agent Resynchronization will push all targets fromthe repository to the Agent and then unblocks the Agent.
118© Performance Tuning Corporation, 2012
-
8/9/2019 OEM 12c Day 5 2014
118/123
EMCTL High Availability
-
8/9/2019 OEM 12c Day 5 2014
119/123
g y
Commands (2:5)
config repos Configures the repository database target.
The command is used to change the monitoring Agent for thetarget and/or the monitoring properties (hostname, OracleHome and connection string used to monitor this target)
resync repos Submits a repository resynchronization operation.
When the – full option is specified, all agents are instructed toupload the latest state to the repository.
A list of agents can be specified using the – agentlist option toresync with a given list of agents
120© Performance Tuning Corporation, 2012
EMCTL High Availability
-
8/9/2019 OEM 12c Day 5 2014
120/123
g y
Commands (3:5)
abortresync repos Aborts the currently running repository resynchronization
operation.
Use the – full option to stop a full repositoryresynchronization.
Use the – agentlist option to stop resync on a list of agents
statusresync repos Lists the status of given repository resynchronization
operation
121© Performance Tuning Corporation, 2012
EMCTL High Availability
-
8/9/2019 OEM 12c Day 5 2014
121/123
g y
Commands (4:5)
create service Valid on Windows only.
The command creates a service for the Oracle Management Services on Windows.
You use this command to manage the Windows service for the OMS on afailover host in a Cold Failover Cluster setup
delete service Valid on Windows only.
Deletes the service for the Oracle Management Services on Windows
122© Performance Tuning Corporation, 2012
EMCTL High Availability
-
8/9/2019 OEM 12c Day 5 2014
122/123
g y
Commands (5:5)
resyncAgent Resynchronizes a restored or reinstalled Agent by pushing all
target configuration from the repository
123© Performance Tuning Corporation, 2012
Summary
-
8/9/2019 OEM 12c Day 5 2014
123/123
y
Cloud Control / Cloud Control Architecture
Backup and Recovery of the Cloud Control / CloudControl System
Repository Backup and Recovery
OMS Backup and Recovery
Agent Backup and Recovery
EMCTL High Availability Commands