Está en la página 1de 123

Oracle Cloud Control OEM

Day 5

Security
Provisioning & Patching
Lifecycle Management
Reports
Backup & Restore of the Cloud Control
Environment

Cloud Control
Security

Version 1.1

Objectives
At the end of this module the student will understand
the following tasks and concepts.
Administrators & Roles
Monitoring Credentials
Named Credentials
Preferred Credentials
Privilege Delegation
Agent Registration Passwords
Performance Tuning Corporation, 2012

Administrators and Roles

Administrator
An

OEM account used to log into Cloud Control


and access and maintain targets

Roles
A

set of privileges that can be applied to


administrator accounts

Performance Tuning Corporation, 2012

Administrators

Each OEM user is an Administrator


Users

should not share administrator logins


(especially the SYSMAN account)
Administrators come in different levels of privileges
Super

Administrator
Designer Administrator
Operator Administrator
Each

Administrator uses their own credentials

Performance Tuning Corporation, 2012

Administrator Types

Super Administrator
Can

administer OEM users in addition to having all


target privileges

Designer
Can

manage the software library


Can manage procedures

Operator
Restricted

privileges on software library and


procedures

Performance Tuning Corporation, 2012

Roles

A role is a collection of EM resource privileges, or


target privileges, or both, which you can grant to
administrators or to other roles
EM creates one role by default Public

Unique in that it is automatically assigned to all new nonsuper administrators when they are created
By default it has no privileges assigned to it

The Public role should be used to define default


privileges you expect to assign to a majority of nonsuper administrators you create

Performance Tuning Corporation, 2012

EM Out-of-Box Roles

(1:3)

Role

Description

EM_ALL_ADMINISTRATOR

Role has privileges to perform Enterprise Manager administrative operations. It


provides Full privileges on all secure resources (including targets)

EM_ALL_DESIGNER

Role has privileges to design Enterprise Manager operational entities such as


Monitoring Templates.

EM_ALL_OPERATOR

Role has privileges to manage Enterprise Manager operations.

EM_ALL_VIEWER

Role has privileges to view Enterprise Manager operations.

EM_CBA_ADMIN

Role has privileges to manage Chargeback Objects. It provides the ability to


create and view chargeback plans, chargeback consumers, assign chargeback
usage, and view any CaT targets.

EM_CLOUD_ADMINISTRATOR

Enterprise Manager user for setting up and managing the infrastructure cloud.
This role could be responsible for deploying the cloud infrastructure (servers,
pools, zones) and infrastructure cloud operations for performance and
configuration management.

EM_COMPLIANCE_DESIGNER

Role has privileges for create, modify and delete compliance entities.

EM_COMPLIANCE_OFFICER

Role has privileges to view compliance framework definition and results.

Performance Tuning Corporation, 2012

EM Out-of-Box Roles

(2:3)

Role

Description

EM_CPA_ADMIN

Role to manage Consolidation Objects. It gives the capability to create and view
consolidation plans, consolidation projects and view any CaT targets.

EM_HOST_DISCOVERY_OPERATOR

Role has privileges to execute host discovery

EM_INFRASTRUCTURE_ADMIN

Role has privileges to manage the Enterprise Manager infrastructure such as


managing plug-in lifecycle or managing self update.

EM_PATCH_ADMINISTRATOR

Role for creating, editing, deploying, deleting and granting privileges for any
patch plan.

EM_PATCH_DESIGNER

Role for creating and viewing for any patch plan

EM_PATCH_OPERATOR

Role for deploying patch plans

EM_PLUGIN_AGENT_ADMIN

Role to support plug-in lifecycle on Management Agent

EM_PLUGIN_OMS_ADMIN

Role to support plug-in lifecycle on Management Server

EM_PLUGIN_USER

Role to support view plug-in console

Performance Tuning Corporation, 2012

EM Out-of-Box Roles

(3:3)

Role

Description

EM_PROVISIONING_DESIGNER

Role has privileges for provisioning designer

EM_PROVISIONING_OPERATOR

Role has privileges for provisioning operator

EM_SSA_ADMINISTRATOR

Enterprise Manager user with privilege to set up the Self Service Portal. This role
can define quotas and constraints for self service users and grant them access
privileges.

EM_SSA_USER

This role grants Enterprise Manager user the privilege to access the Self Service
Portal.

EM_TARGET_DISCOVERY_OPERATOR

Role has privileges to execute target discovery.

EM_TC_DESIGNER

Role has privileges for creating Template Collections

EM_USER

Role has privilege to access Enterprise Manager Application.

PUBLIC

PUBLIC role is granted to all administrators. This role can be customized at site
level to group privileges that need to be granted to all administrators.

Performance Tuning Corporation, 2012

10

Privileges

A privilege is a right to perform management actions


within Enterprise Manager
Can be divided into two categories:

Target Privileges allow an administrator to perform


operations on a target
Resource Privileges allow a user to perform operations
against specific types of resources

See Enterprise Manager Cloud Control Administrator's Guide;


Chapter 13, Section 13.3.3.1 Granting Privileges for a
list of EM target and resource privileges

Performance Tuning Corporation, 2012

11

Monitoring Credentials

Credentials are used by the Management Agent


to monitor certain types of targets, i.e.
Database
Host

OMS

and Repository

To create or edit a monitoring credential


Setup Security Monitoring Credentials

Performance Tuning Corporation, 2012

12

Monitoring Credentials Page

Performance Tuning Corporation, 2012

13

Named Credentials

A Named Credential specifies a users' authentication


information on a system.
Named credentials can be

A username/password pair like the operating system login


credentials
Oracle home owner credentials primarily used for performing
operations such as running jobs, patching and other system
management tasks

To create or edit a named credential


Setup Security Named Credentials

Performance Tuning Corporation, 2012

14

Named Credentials Page

Performance Tuning Corporation, 2012

15

Preferred Credentials

(1:2)

Preferred credentials are used to simplify access to


managed targets by storing target login credentials in
the Management Repository

With preferred credentials set, users can access an Enterprise


Manager target that recognizes those credentials without
being prompted to log in to the target
Preferred credentials are set on a per user basis, thus ensuring
the security of the managed enterprise environment

Performance Tuning Corporation, 2012

16

Preferred Credentials

Default Credentials

Can be set for a particular target type and will be available for
all the targets of the target type
It will be overridden by target preferred credentials

Target Credentials

(2:2)

Preferred credentials set for a particular target


Can be used by applications such as the job system,
notifications, or patching

To create or edit a preferred credential


Setup Security Preferred Credentials

Performance Tuning Corporation, 2012

17

Preferred Credentials Page

Performance Tuning Corporation, 2012

18

Privilege Delegation

Privilege Delegation is a framework that allows you to use either


SUDO or PowerBroker to perform an activity with the privileges
of another user

(1:3)

Privilege Delegation is Proprietary to Oracle


SUDO and PowerBroker are third-party utilities supported in Cloud
Control
Privilege Delegation can use either SUDO or PowerBroker, but not both,
for a single host

You can ensure that the host user has enough privileges to
become a root user, and run root scripts for completing any
lifecycle management requirements for the enterprise

Performance Tuning Corporation, 2012

19

Privilege Delegation

(2:3)

Privilege Delegation offers the following advantages:

You have the flexibility to use either SUDO or PowerBroker


within the same framework
Using the framework, you can now run PowerBroker in a
password-less or password-protected mode
You can create a template with these Privilege Delegation
settings and reuse it for multiple hosts.
This not only allows you to standardize Privilege Delegation setting
across your enterprise, but also facilitates the process of configuring
Privilege Delegation Settings.
It simplifies the Privilege Delegation setting management as well.

Performance Tuning Corporation, 2012

20

Privilege Delegation

Privilege Delegation offers the following advantages


(continued):

(3:3)

You can use the Privilege Delegation settings not only for
deployment procedures, but also for jobs in Cloud Control
Privilege Delegation can read passwords from both STDIN
and TTY

To manage privilege delegation settings:


Setup Security Privilege Delegation

Performance Tuning Corporation, 2012

21

Privilege Delegation Page

Performance Tuning Corporation, 2012

22

Agent Registration Passwords


(1:2)

Agent Registration password is used to validate


that installations of OEM agents are authorized
to load their data into the OMS
The Agent Registration password is created
during installation when security is enabled for
the OMS
Agent Registration passwords can be managed
(add/edit/delete) directly from the EM console

Performance Tuning Corporation, 2012

23

Agent Registration Passwords


(2:2)

To manage Agent Registration Password settings:


Setup Security Registration Passwords

From this page:


Change the registration password
Create additional registration passwords
Remove registration passwords associated with the OMS
You can specify whether the registration password is
persistent (and available for multiple Management Agents) or
to be used only once or for a predefined period of time

Performance Tuning Corporation, 2012

24

Registration Passwords Page

Performance Tuning Corporation, 2012

25

Review

Administrators & Roles


Monitoring Credentials
Named Credentials
Preferred Credentials
Privilege Delegation
Agent Registration Passwords

Performance Tuning Corporation, 2012

26

Cloud Control
Provisioning & Patching

Version 1.1

Objectives
At the end of this module the student will understand
the following tasks and concepts.
The Software Library
Provisioning

Database Provisioning
Bare Metal Provisioning

Patching

Database Patching
Linux Patching

Performance Tuning Corporation, 2012

28

Overview of the New Lifecycle


Management Solutions

Automates time-consuming tasks related to


Discovery

Provisioning

and Cloning

Patching
Configuration

Management
Ongoing Change Management
Compliance Management

Performance Tuning Corporation, 2012

29

Lifecycle Management Solutions

Performance Tuning Corporation, 2012

30

Software Library Overview

Core feature of EM CC 12c


Repository that holds software entities

Software Patches
Virtual Appliance Images
Reference Gold Images
Application Software
Associated Directive Scripts

In addition to storage, allows for maintaining versions,


maturity levels, and states of all software entities

Performance Tuning Corporation, 2012

31

EM CC Software Library Page

Performance Tuning Corporation, 2012

32

Software Library
Users, Roles, and Privileges

Software Library folder and entities that ship


with EM CC 12c are viewable by all the
Enterprise Manager users, by default
EM Administrators do not have any Software
Library privileges, by default
EM Super Administrator must grant access and
privileges to EM Administrators

Performance Tuning Corporation, 2012

33

Software Library Privileges for


Administrators
Resource Type

Description

View any Template Entity

Ability to view any Template Entity

Export Any Software Library Entity

Ability to export any Software entity

Edit any Software Library Entity

Ability to edit any Software Library entity

Manage Any Software Library Entity

Ability to create, view, edit, and delete any Software Library


entity

Import Any Software Library Entity

Ability to import any Software Library entity

Create Any Software Library Entity

Ability to create any Software Library entity

View Any Software Library Entity

Ability to view any Software Library entity

View Any Assembly Entity

Ability to view any Assembly entity

Grant Any Entity Privilege

Ability to grant view, edit, and delete privileges on any Software


Library entity. This privilege is required if the user granting the
privilege on any entity is not a Super Administrator or owner of
the entity.

Performance Tuning Corporation, 2012

34

Software Library Roles


Role

Software Library Privileges

Super Administrator

All Software Library Privileges

EM_PROVISIONING_DESIGNER
(Designer)

Create Any Software Library Entity

EM_PROVISIONING_OPERATOR
(Operator)

View Any Software Library Entity

EM_PATCH_OPERATOR

Create Any Software Library Entity


View Any Software Library Entity

EM_USER
(Administrator)

Access Enterprise Manager

Performance Tuning Corporation, 2012

35

Software Library Storage

(1:2)

The Software Library Administration console


allows you to configure and administer the
Software Library
To start using the Software Library, you must
add at least one upload file storage location on
the host where the OMS is running
Provisioning and Patching Software
Library

Setup

Performance Tuning Corporation, 2012

36

Software Library Storage

Performance Tuning Corporation, 2012

(2:2)

37

Provisioning

(1:2)

Discovers bare metal serves and live target servers


Provisions Linux operating system on bare metal
servers (hypervisors and virtual machines)
Associates patching templates with provisioning so that
patches can be applied automatically once the operating
system is provisioned
Provisions of Oracle Databases, Oracle Real
Application Clusters (Oracle RAC), Oracle Grid
Infrastructure (for standalone servers and clustered
environments)

Performance Tuning Corporation, 2012

38

Provisioning

(2:2)

Supports initial setup through OneCommand utility and


ongoing database provisioning for Exadata Database
machines
Provisions Oracle Fusion Middleware, Oracle SOA
Suite, SOA Artifacts, Oracle BPEL, Oracle Service Bus,
Java EE Applications, Oracle Application Server
Supports mass upgrade of single instance, Oracle RAC,
and Oracle RAC One database instances one at a time

Performance Tuning Corporation, 2012

39

Database Provisioning Features

Oracle Databases (i.e. single-instance databases)


Real Application Clusters (RAC) databases
Extend

Oracle RAC nodes


Delete Oracle RAC nodes

Oracle RAC One-Node databases


Upgrade single-instance databases in a scalable
and automated manor

Performance Tuning Corporation, 2012

40

Database Provisioning Solution


in Cloud Control

Performance Tuning Corporation, 2012

41

Accessing the Database


Provisioning Screen

Enterprise Provisioning & Patching


Database Provisioning

Performance Tuning Corporation, 2012

42

Database Deployment Procedures


and Targets Provisioned (1:2)
Deployment Procedure

Targets Provisioned

Provision Oracle Database

- Oracle Database (single instance) 10g Release 1 to 11g Release 2


- Oracle Grid Infrastructure 11g Release 2
- Oracle Automatic Storage Management (Oracle ASM) 11g Release 2

Provision Oracle Real


Application Clusters

- Oracle Real Application Clusters (Oracle RAC) 11g Release 2


- Oracle RAC One Node 11g Release 2
- Oracle Grid Infrastructure 11g Release 2
- Oracle Automatic Storage Management (Oracle ASM) 11g Release 2

Create Oracle Database

- Oracle Database (single-instance database) 11g Release 2


- Oracle Real Application Clusters (Oracle RAC) 11g Release 2
- Oracle RAC One Node 11g Release 2

Provision Oracle Clusterware


/ Oracle RAC for UNIX and
RDBMS versions 10g/11g
(applicable for UNIX
platform)

- Oracle Real Application Clusters (Oracle RAC) 10g Release 1 to 11g


Release 1
- Oracle Clusterware 10g Release 1 to 11g Release 1
- Oracle Clusterware Automatic Storage Management (Oracle ASM)
10g Release 1 to 11g Release 1

Performance Tuning Corporation, 2012

43

Database Deployment Procedures


and Targets Provisioned (2:2)
Deployment Procedure

Targets Provisioned

Extend/Scale Up Oracle Real


Application Clusters

Oracle Real Application Clusters (Oracle RAC) 10g Release 1 to 11g


Release 2

Delete/Scale Down Oracle


Real Application Clusters

Oracle Real Application Clusters (Oracle RAC) 10g Release 1 to 11g


Release 2

Provision Oracle Database


Client

Oracle Database Client 10g Release 2 to 11g Release 2

Performance Tuning Corporation, 2012

44

Bare-Metal Provisioning

Bare-Metal Provisioning Application is part of the Cloud Control


Lifecycle Management Pack
http://www.oracle.com/technetwork/oem/lifecycle-mgmt-495331.html

Allows you to provision the Linux operating system on bare metal


servers using EM Cloud Control
Bare-Metal Provisioning Application addresses the data center, server
farm challenge to provision software and servers quickly, efficiently,
and make them operational
Uses standardized PXE (Pre Boot Execution environment) booting
process for provisioning both bare-metal and live servers
Provides a role based User Interface, for easily creating gold images
and initiating automated, unattended installs

Performance Tuning Corporation, 2012

45

Bare-Metal Provisioning
Environment Overview

The following need to be setup and configured


before using the provisioning application
Software

Library and its Entities


Boot Server
Stage Server
Reference Host
RPM Repository

Performance Tuning Corporation, 2012

46

Bare-Metal Provisioning
Process Overview

Consists of 2 high-level tasks:

Setting Up Provisioning Environment


Set up and configure Boot/DHCP server
Set Stage server,
Set up RPM repository and Software Library
Optionally, create bare metal provisioning entities

Provisioning Linux using Bare Metal Provisioning


Application
Launching the Bare metal Provisioning wizard to configure the bare
metal machines using MAC addresses, subnet, or re-imaging Cloud
Control hosts
Powering up the bare metal machine on the network to begin the
PXE-based OS boot and install process

Performance Tuning Corporation, 2012

47

Bare-Metal Provisioning
Supported Releases of Linux

Oracle Linux 5.0 or higher


Oracle Linux 4.0 or higher
Red Hat Enterprise Linux (RHEL) 5.0 or higher
Red Hat Enterprise Linux (RHEL) 4.0 update 2
or higher
Red Hat Enterprise Linux (RHEL) 3.0 update 6
or higher
SuSE Linux (SLES) 10

Performance Tuning Corporation, 2012

48

Patching

(1:2)

Offers an integrated patching workflow with My Oracle


Supportaccess to recommendations, search patches,
and so on.
Orchestrates patching workflow using Patch Plans,
including automated selection of deployment
procedures and analysis of the patch conflicts.
Validates patches for applicability in your environment,
validates patch plans, and automatically receives patches
to resolve conflicts.

Performance Tuning Corporation, 2012

49

Patching

(2:2)

Helps you save successfully analyzed or deployable


patch plans as patch templates, which contain a
predetermined set of patches and deployment options
saved from the source patch plan.
Offers out-of-place patching (only for standalone
databases), in-place patching, and rolling and parallel
patching modes, both in offline and online mode.

Performance Tuning Corporation, 2012

50

Database Patching

(1:2)

Cloud Control Patch Management

Integrated patching workflow with My Oracle Support, therefore,


you see recommendations, search patches, and roll out patches all
using the same user interface.
Complete, end-to-end orchestration of patching workflow using
Patch Plans, including automated selection of deployment
procedures and analysis of the patch conflicts, therefore, there is
minimal manual effort required.
Clear division of responsibilities between designers and operators Designers can focus on creating patch plans, testing them on a test
system, and saving them as patch templates. Operators can focus
on creating patch plans out of the template for rolling out the
patches on a production system.

Performance Tuning Corporation, 2012

51

Database Patching

(2:2)

Cloud Control Patch Management

Easy review of patches for applicability in your environment,


validation of patch plans, and automatic receipt of patches to
resolve validation issues.
Saving successfully analyzed or deployable patch plans as patch
templates, which contain a predetermined set of patches and
deployment options saved from the source patch plan.
Out-of-place patching for standalone (single-instance) database
targets and Oracle Grid Infrastructure targets that are part of
Oracle Exadata.
Flexible patching options such as rolling and parallel, both in
offline and online mode.

Performance Tuning Corporation, 2012

52

Patch Plans

(1:3)

Patch plans help you create a consolidated list of


patches you want to apply as a group to one or
more targets
Patch plans have states (or status) that map to
key steps in the configuration change
management process
Any administrator or role that has view
privileges can access a patch plan

Performance Tuning Corporation, 2012

53

Patch Plans

(2:3)

Patch Plans support the following type of patches

Patch Sets
Patch Sets for Oracle Database 10g Release 2 and
Oracle Database 11g Release 1
Patch Sets for Oracle Database 11g Release 2 are complete installs

Patches (One-Off)
Interim

Patches that contain a single bug fix or a collection of bug


fixes provided as required
Diagnostic Patches
Patch Set Updates (PSU)
Critical Patch Updates (CPU)

Performance Tuning Corporation, 2012

54

Patch Plans

A patch can be added to a target in a plan only if the


patch has the same release and platform as the target to
which it is being added

(3:3)

You can include any patch for any target in a plan


Automatically selects an appropriate deployment procedure
to be used for applying the patches

Patch plans are currently not available for hardware


system or operating system patching
Any administrator or role that has view privileges can
access a patch plan

Performance Tuning Corporation, 2012

55

Linux Patching Overview

(1:2)

Set up Linux RPM Repository based in Unbreakable


Linux Network (ULN) channels
Download Advisories (Erratas) from ULN
Set up Linux Patching Group to update a group of
Linux hosts and collect compliance information
Allow non-compliant packages to be patched
Rollback/Uninstall packages from host

Performance Tuning Corporation, 2012

56

Linux Patching Overview

(2:2)

Manage RPM repositories and channels (clone


channels, copy packages from one channel into
another, delete channels)
Add RPMs to custom channels
Manage Configuration file channels (create/delete
channels, upload files, copy files from one channel into
another)

Performance Tuning Corporation, 2012

57

Linux Host Patching


Deployment Procedure

Cloud Control provides the following deployment


procedures for Linux patching:

Patch Linux Hosts This deployment procedure enables you


to patch Linux hosts.
Linux RPM Repository server - This deployment procedure
enables you to set up a Linux RPM repository server.

For details of the Linux Host Patching procedure, see


the EM Lifecycle Management Administrators Guide;
Chapter 25
http://docs.oracle.com/cd/E24628_01/em.121/e27046/pat_linux_patch.htm#BABCJAGH

Performance Tuning Corporation, 2012

58

Review

Software Library
Provisioning
Provisioning Databases
Bare Metal Provisioning

Patching
Database Patching
Linux Patching

Performance Tuning Corporation, 2012

59

Cloud Control
Lifecycle Management

Version 1.1

Objectives
At the end of this module the student will understand
the following tasks and concepts.
Discovery
Provisioning and Patching
Configuration Management
Change Management
Compliance Management

Performance Tuning Corporation, 2012

61

Lifecycle Management Solutions

Performance Tuning Corporation, 2012

62

Discovery

Automatically discovers software deployments


using IP scanning techniques (NMAP).
Converts unmanaged software deployments to
managed targets in Cloud Control so that their
health can be monitored.
Offers an integrated workflow for deploying
Oracle Management Agents and discovering
targets on selected auto-discovered hosts.

Performance Tuning Corporation, 2012

63

Provisioning

Discovers bare metal serves and live target servers


Provisions Linux operating system on bare metal servers (hypervisors and
virtual machines)
Associates patching templates with provisioning so that patches can be
applied automatically once the operating system is provisioned
Provisions of Oracle Databases, Oracle Real Application Clusters (Oracle
RAC), Oracle Grid Infrastructure (for standalone servers and clustered
environments)
Supports initial setup through OneCommand utility and ongoing database
provisioning for Exadata Database machines
Provisions Oracle Fusion Middleware, Oracle SOA Suite, SOA Artifacts,
Oracle BPEL, Oracle Service Bus, Java EE Applications, Oracle Application
Server
Supports mass upgrade of single instance, Oracle RAC, and Oracle RAC One
database instances one at a time

Performance Tuning Corporation, 2012

64

Patching

Offers an integrated patching workflow with My Oracle Support


access to recommendations, search patches, and so on.
Orchestrates patching workflow using Patch Plans, including
automated selection of deployment procedures and analysis of the
patch conflicts.
Validates patches for applicability in your environment, validates patch
plans, and automatically receives patches to resolve conflicts.
Helps you save successfully analyzed or deployable patch plans as
patch templates, which contain a predetermined set of patches and
deployment options saved from the source patch plan.
Offers out-of-place patching (only for standalone databases), in-place
patching, and rolling and parallel patching modes, both in offline and
online mode.

Performance Tuning Corporation, 2012

65

Change Management

Captures database object definitions and initialization parameters at


different points in time.
Compares a baseline or a database and another baseline or a database.
Propagates changes from database definitions and initialization
parameters captured in a baseline or from a database to a target
database.
Specifies, groups, and packages object metadata changes. Create
change plans from ad hoc changes, comparison-based differences, or
developer tools.
Compares data between a local and remote database, and determines
how seed data customizations will be affected by application upgrades.

Performance Tuning Corporation, 2012

66

Configuration Management

(1:2)

Searches configuration data across the enterprise.


Displays configuration data in the context of a single managed
entityconfiguration item types and properties, system
configuration data, system target relationships, custom
configuration data.
Monitors change activity across the enterpriseincludes changes
both to configurations and to relationships, which are
associations that exist among managed entities.
Compare configurations of a particular target type using
comparison templates, which enable you to ignore the obvious
differences and set alerts on critical issues that need immediate
attention.

Performance Tuning Corporation, 2012

67

Configuration Management

(2:2)

Identifies files and other configuration data that Cloud Control


does not already collect from well-known target types or from a
target type introduced as part of the custom configuration
definition. Offers a set of custom configurations called
blueprints, which lay out precisely the files and data to collect for
a given platform such as Apache Tomcat.
Creates new relationships between managed entities using the
Topology Viewer or a generic system target type. Helps you
perform dependency analysis and impact analysis on assets in
your enterprise using the Topology Viewer.

Performance Tuning Corporation, 2012

68

Compliance Management

Evaluates the compliance of targets and systems as they relate to


your business best practices for configuration, security, and
storage.
Advises of how to change configuration to bring your targets
and systems into compliance.
Helps you define, customize, and manage Compliance
frameworks, Compliance standards, Compliance standard rules.
Helps you test your environment against the criteria defined for
your company or regulatory bodies using these self-defined
entities

Performance Tuning Corporation, 2012

69

Review

Discovery
Provisioning and Patching
Configuration Management
Change Management
Compliance Management

Performance Tuning Corporation, 2012

70

Cloud Control
Reports

Version 1.1

Objectives
At the end of this module the student will understand
the following tasks and concepts.
Using the report system
Creating reports
Creating scheduled reports
Creating public reports

Performance Tuning Corporation, 2012

72

Using Information Publisher

(1:3)

EMs Reporting Framework


Can

be used to present a view of enterprise


monitoring information for Business Intelligence
Can also serve and Administrative Role to show
Activity
Resource

Utilization
Configuration of managed targets

Access via:
Enterprise Reports Information Publisher Reports

Performance Tuning Corporation, 2012

73

Using Information Publisher

(2:3)

Create and publish customized reports


Intuitive

HTML-based reports published:

via

the Web
Stored
E-mailed to selected recipients
Comprehensive

library of pre-defined reports allows


for out-of-box report generation without additional
setup and configuration

Performance Tuning Corporation, 2012

74

Using Information Publisher

(3:3)

Key benefits of using Information Publisher

Provides a framework for creating content-rich, wellformatted HTML reports based on Management Repository
data
Out-of-box reports let you start generating reports
immediately without any system configuration or setup
Ability to schedule automatic generation of reports and store
scheduled copies and/or e-mail them to intended audiences
Ability for Enterprise Manager administrators to share
reports with the entire business community: executives,
customers, and other Enterprise Manager administrators

Performance Tuning Corporation, 2012

75

Out-of-Box Report Definitions

Performance Tuning Corporation, 2012

76

Creating Reports

(1:4)

Choose whether to modify an existing report definition or start


from scratch.
If an existing report definition closely matches your needs, it is
easy to customize it by using the Create Like function.
Specify name, category, and sub-category.
Cloud Control provides default categories and sub-categories
that are used for out-of-box reports. However, you can
categorize custom reports in any way you like.
Specify any time-period and/or target parameters.
The report viewer will be prompted for these parameters while
viewing the report.

Performance Tuning Corporation, 2012

77

Creating Reports

(2:4)

Add reporting elements.


Reporting elements are pre-defined content building blocks, that
allow you to add a variety of information to your report. Some
examples of reporting elements are charts, tables, and images.
Customize the report layout.
Once you have assembled the reporting elements, you can
customize the layout of the report.

Performance Tuning Corporation, 2012

78

Creating Reports

By declaring report parameters, you allow the user to control


what data is shown in the report.
There are two types of parameters:

(3:4)

target
time-period

Information Publisher allows you to view reports for a variety of


time-periods:

Last 24 Hours/ 7 Days/ 31 Days


Previous X Days/ Weeks/ Months/ Years (calendar units)
This Week/ This Month/ This Year (this week so far)
Any custom date range.

Performance Tuning Corporation, 2012

79

Creating Reports

(4:4)

Information Publisher provides a variety of reporting


elements

Generic reporting elements allow you to display any desired


information, such as including your corporate Logo, with a link to
your corporate Web site
Monitoring elements show monitoring information, such as
availability and alerts for managed targets
Service Level Reporting elements show availability, performance,
usage and achieved service levels
Allows you to track compliance with Service Level Agreements
Share information about achieved service levels with your customers
and business executives

Performance Tuning Corporation, 2012

80

Creating Scheduled Reports

(1:3)

Cloud Control provides the following


scheduling options:
One-time

report generation either immediately or at


any point in the future
Periodic report generation
Frequency:

Any number of Minutes/ Hours/ Days/


Weeks/ Months/ Years
You can generate copies indefinitely or until a specific
date in the future

Performance Tuning Corporation, 2012

81

Creating Scheduled Reports

(2:3)

Storing and Purging Report Copies


EM

allows you to store any number of scheduled


copies for future reference
You can delete each stored copy manually
You can set up automated purging based on:

The number of stored copies


Retention time

Performance Tuning Corporation, 2012

82

Creating Scheduled Reports

(3:3)

E-mailing Reports
You

can choose for scheduled reports to be e-mailed


to any number of recipients
You can specify a reply-to address
You can specify a subject

Performance Tuning Corporation, 2012

83

Creating Public Reports

(1:x)

EM Administrators can share reports with other


administrators and roles
Reports can also be shared with non-EM
Administrators
(i.e., customers and / or business executives)
EM

can render a separate reporting website


EM reporting website does not use authentication

Performance Tuning Corporation, 2012

84

Creating Public Reports

(1:2)

EM Administrators can share reports with other


administrators and roles
Reports can also be shared with non-EM
Administrators
(i.e., customers and / or business executives)
EM

can render a separate reporting website


EM reporting website does not use authentication

Performance Tuning Corporation, 2012

85

Creating Public Reports

(2:2)

In the Access tab of the Create Report


Definition check the Allow viewing without
logging in to Enterprise Manager checkbox
Make sure you have selected the Run report
using target privileges of the report owner in
the General tab
Create a schedule
Access via <OMS>/em/public/reports URL

Performance Tuning Corporation, 2012

86

Review

Using the report system


Creating reports
Creating scheduled reports
Creating public reports

Performance Tuning Corporation, 2012

87

Backup and Restore of the Cloud


Control Deployment Configuration

Version 1.0

Objectives
At the end of this module the student will understand
the following tasks and concepts.
Cloud Control / Cloud Control Architecture
Backup and Recovery of the Cloud Control / Cloud
Control System
Repository Backup and Recovery
OMS Backup and Recovery
Agent Backup and Recovery
EMCTL High Availability Commands
Performance Tuning Corporation, 2012

89

Cloud Control 12c / Cloud Control 12c


Architecture

3 main components
Oracle

Management Agent
Oracle Management Service (OMS)
Oracle Management Repository

Performance Tuning Corporation, 2012

90

Enterprise Manager Cloud Control 12c


Single Host Deployment Architecture

Performance Tuning Corporation, 2012

91

Enterprise Manager Cloud Control 12c


Architecture

Performance Tuning Corporation, 2012

92

Enterprise Manager Cloud Control


Architecture Core Components

Oracle Management Agent


Oracle Management Service (OMS)
Oracle Management Repository
Oracle Management Plug-Ins

Performance Tuning Corporation, 2012

93

Repository Backup and Recovery

Oracle recommends using High Availability Best


Practices for protecting the Repository database

Database should be in ARCHIVELOG mode


Perform regular online backups with RMAN using the
Recommended Backup Strategy option via the Enterprise
Manager Console
Other utilities such as DataGuard and RAC can also be used as
part of a comprehensive backup strategy

Performance Tuning Corporation, 2012

95

Repository Backup Setup (1:4)

Enterprise Manager 12c Recovery Settings Page


Targets Databases [Repository Database Target]
[Logon repository database] Availability
Recovery Settings

Enable Archive Logging and Flashback Database

Performance Tuning Corporation, 2012

96

Cloud Control 12c Backup Setup


(Recovery Settings Page 1:2)

Performance Tuning Corporation, 2012

97

Cloud Control 12c Backup Setup


(Recovery Settings Page 2:2)

Performance Tuning Corporation, 2012

98

Repository Backup Setup (2:4)

Enterprise Manager 12c Backup Policies Page


Target Database [Repository Database Target]
Availability Backup Settings Policy tab

Enable Block Change Tracking

Performance Tuning Corporation, 2012

99

Cloud Control 12c Backup Setup


(Backup Policy Page)

Performance Tuning Corporation, 2012

100

Repository Backup Setup (3:4)

Detailed information of how to back up the Enterprise


Manager Deployment is available in the
Oracle Enterprise Manager Cloud Control
Administrators Guide 12c Release 1 (12.1.0.1)
http://docs.oracle.com/cd/E24628_01/doc.121/e24473/ha_backup_recover.ht
m#BGBCCIJC

Performance Tuning Corporation, 2012

101

Repository Backup Setup (4:4)

Detailed information of how to configure database


backups using Enterprise Manager is available in the
Oracle Database 11gR2 2 Day DBA guide:
http://www.oracle.com/pls/topic/lookup?ctx=E11857-01&id=ADMQS

Information on Database High Availability best practices


can be found in the Oracle Database 11gR2 High
Availability Best Practices guide:
http://www.oracle.com/pls/topic/lookup?ctx=E11857-01&id=HABPT

Performance Tuning Corporation, 2012

102

Repository Recovery (1:3)

Recovery of the Repository database must be performed


with RMAN

Two Recovery cases:

Cloud Control will not be available when the repository


database is down
Full Recovery
Point-in-Time / Incomplete Recovery

Incomplete recovery requires that the repository be


resynchronized with the agents

Performance Tuning Corporation, 2012

103

Repository Recovery (2:3)

Resynchronization feature allows for the automation of


the process to resync the repository with the latest state
of the agent

Can only be used for Agent version 10.2.0.5 or later


Command line utility option:
emctl resync repos -full -name
"<descriptive name for the operation>

Command must be executed from the OMS HOME after


restoring the repository, but before starting the OMS
Repository recovery is complete when the resynchronization
jobs complete on all Agents

Performance Tuning Corporation, 2012

104

Repository Recovery (3:3)

Manually Resynchronizing Agents


Use

for Agents older than v10.2.0.5


Use the following procedure:

Shut down the Agent


Delete the agentstmp.txt, lastupld.xml, state/* and
upload/* files from the AGENT_HOME/sysman/emd
directory
Restart the Agent

Performance Tuning Corporation, 2012

105

OMS Backup and Recovery

OMS is generally stateless

Some transient and configuration data is stored on the OMS


file system
Shared loader recv directory stores metric data uploaded
from Agent temporarily before being loaded into the
repository

A snapshot of the OMS can be taken using the


emctl exportconfig oms command

The emctl exportconfig oms command is only available with


Enterprise Manager v10.2.0.5 or later

Performance Tuning Corporation, 2012

106

OMS Backup Strategies (1:5)

Software Homes

Composed of three WebLogic components


Middleware Home, OMS Oracle Home, WebTier (OHS)
Oracle Home
Software Homes change only when patches or patchsets are
installed
Filesystem backups should be taken after each patch /
patchset installation.
The Oracle Inventory should be backed up along with the
Software Homes

Performance Tuning Corporation, 2012

107

OMS Backup Strategies (2:5)

Instance Home

Composed of WebLogic, OMS, and WebTier configuration


files
Can be backed up using the emctl exportconfig oms
command

Performance Tuning Corporation, 2012

108

OMS Backup Strategies (3:5)

Software Library

Composed of components used by Enterprise Manager


patching and provisioning functions
Oracle Database Filesystem (DBFS) is recommended for
software library backup
DBFS technology allows an Oracle database tablespace to be
exposed to applications as a mounted filesystem
Internally, all of the files are stored as secure files in the Oracle
database

Performance Tuning Corporation, 2012

109

OMS Backup Strategies (4:5)

Shared Loader RECV Directory

Used to temporarily store metric data uploaded from Agents


before the data is loaded into the repository
A high availability storage technology should be used to
protect the receive directory

Performance Tuning Corporation, 2012

110

OMS Backup Strategies (5:5)

Administration Server

Introduced with Enterprise Manager 12cR1 in the OMS


WedLogic architecture
Operates as the central control entity for the configuration of
the entire OMS(s) domain
Integral part of the first OMS installed in the Cloud Control
deployment and shares the Software Homes and Instance
Home
Shares the Software Homes and Instance Home
Backed up at the same time as the Instance Home
(the emctl exportconfig oms command)

Performance Tuning Corporation, 2012

111

OMS Recovery (1:3)

Recovering the OMS consists of two steps:

Recover the Software Homes


Configure the Instance Home

Performance Tuning Corporation, 2012

112

OMS Recovery (2:3)

Recover the Software Homes

When restoring to the same host, the software homes can be


restored from a filesystem backup
If a backup does not exist, the software homes can be
reconstructed as follows:
Software-only installation of WebLogic and OMS
Software-only installation of add-ons (if any)
Reapply all patches that were applied prior to the crash
The location of the OMS Home is fixed; ensure the OMS
Home is restored to the same location that was previously
used

Performance Tuning Corporation, 2012

113

OMS Recovery (3:3)

Configure the Instance Home

Once the OMS Home is restored, the OMS configuration can


then be restored using the OMS Configuration Assistant
(OMSCA) using the following command:
omsca recovery BACKUP_FILE [file]

Use the export file generated by the


emctl exportconfig oms command as [file]

Performance Tuning Corporation, 2012

114

Agent Backup and Recovery

Agent is deployed on each monitored host


The Agent is responsible for

Monitoring all targets running on the host


Communicating target information to the OMS
Managing and maintaining the host(s) and its targets

Performance Tuning Corporation, 2012

115

Backing Up Agents

There are no special considerations for backing up


Agents
Best Practice

Reference Agent installs should be maintained for different


platforms
Kept up-to-date in terms of customizations in the
emd.properties file and patches applied.
Use Deployment options from the Cloud Control Console to
install and maintain reference Agent installs

Performance Tuning Corporation, 2012

116

Recovering Agents

(1:2)

When an Agent is lost, it should be reinstalled by cloning


from a reference install

Often the fastest way to recover an Agent


It is not necessary to track and reapply customizations and
patches
Care should be taken to reinstall the Agent using the same port
The EM Agent Resynchronization feature can be used to
reconfigure the Agent using target information present in the
Repository

Performance Tuning Corporation, 2012

117

Recovering Agents

(2:2)

When an Agent is reinstalled using the same port, the


OMS detects that it has be reinstalled and blocks it
temporarily to prevent auto-discovered targets in the
reinstalled Agent from overwriting previous
customizations
Blocked Agents continue to collect monitoring data, but
cannot upload any alerts or metric data to the OMS
EM Agent Resynchronization will push all targets from
the repository to the Agent and then unblocks the
Agent.

Performance Tuning Corporation, 2012

118

EMCTL High Availability


Commands (1:5)

exportconfig oms

importconfig oms

Exports a snapshot of the OMS configuration to the specified


directory
Imports the OMS configuration from the specified backup file

config emrep

Configures the OMS and repository target.


The command is used to change the monitoring Agent for the
target and/or the connection string used to monitor this target

Performance Tuning Corporation, 2012

119

EMCTL High Availability


Commands (2:5)

config repos

Configures the repository database target.


The command is used to change the monitoring Agent for the
target and/or the monitoring properties (hostname, Oracle
Home and connection string used to monitor this target)

resync repos

Submits a repository resynchronization operation.


When the full option is specified, all agents are instructed to
upload the latest state to the repository.
A list of agents can be specified using the agentlist option to
resync with a given list of agents

Performance Tuning Corporation, 2012

120

EMCTL High Availability


Commands (3:5)

abortresync repos

Aborts the currently running repository resynchronization


operation.
Use the full option to stop a full repository
resynchronization.
Use the agentlist option to stop resync on a list of agents

statusresync repos

Lists the status of given repository resynchronization


operation

Performance Tuning Corporation, 2012

121

EMCTL High Availability


Commands (4:5)

create service

Valid on Windows only.


The command creates a service for the Oracle Management Services on
Windows.
You use this command to manage the Windows service for the OMS on a
failover host in a Cold Failover Cluster setup

delete service

Valid on Windows only.


Deletes the service for the Oracle Management Services on
Windows

Performance Tuning Corporation, 2012

122

EMCTL High Availability


Commands (5:5)

resyncAgent

Resynchronizes a restored or reinstalled Agent by pushing all


target configuration from the repository

Performance Tuning Corporation, 2012

123

Summary

Cloud Control / Cloud Control Architecture


Backup and Recovery of the Cloud Control / Cloud
Control System
Repository Backup and Recovery
OMS Backup and Recovery
Agent Backup and Recovery
EMCTL High Availability Commands

Performance Tuning Corporation, 2012

124