D73244GC20 SG

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2016, Oracle and/or its affiliatesฺ
n se
lic e
ble
fe r a
an s
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
j e br use
z (ad to
i A zi
ran
j e b
D
Using Oracle Enterprise
Manager Cloud Control 12c
Student Guide
D73244GC20
Edition 2.0 | January 2015 | D89882
Learn more from Oracle University at oracle.com/education/
Author Copyright © 2015, Oracle and/or its affiliates. All rights reserved.
Daniela Hansell Disclaimer
This document contains proprietary information and is protected by copyright and other
Technical Contributors intellectual property laws. You may copy and print this document solely for your own
and Reviewers use in an Oracle training course. The document may not be modified or altered in any
way. Except where your use constitutes "fair use" under copyright law, you may not
Steve Stelting use, share, download, upload, copy, print, display, perform, reproduce, publish, license,
post, transmit, or distribute this document in whole or in part without the express
Lachlan Williams authorization of Oracle.
The information contained in this document is subject to change without notice. If you
Editors find any problems in the document, please report them in writing to: Oracle University,
Malavika Jinka 500 Oracle Parkway, Redwood Shores, California 94065 USA. This document is not
warranted to be error-free.
Smita Kommini
Restricted Rights Notice
Graphic Designers If this documentation is delivered to the United States Government or anyone using the
e
Seema Bopaiah
documentation on behalf of the United States Government, the following notice is
e n s
Daniela Hansell
applicable:
e lic
U.S. GOVERNMENT RIGHTS
r a bl
Publishers s fe
The U.S. Government’s rights to use, modify, reproduce, release, perform, display, or
an
disclose these training materials are restricted by the terms of the applicable Oracle
Joseph Fernandez
n - t r
license agreement and/or the applicable U.S. Government contract.
Srividya Rameshkumar Trademark Notice

a no
Jobi Varghese Oracle and Java are registered trademarks
h s of Oracleeฺand/or its affiliates. Other names
aowners.
z Guid
)
may be trademarks of their respective
ฺ d
d o o nt
e d e
o or Stu
a n i@ this
j e br use
z ( ad to
i A zi
n
bra
Dje
Contents
1 Introduction
Course Goals 1-2
Objectives 1-3
Challenges for Administrators 1-4
Cloud Computing Explained 1-5
Cloud Computing Essential Characteristics 1-6
n se
What Is Enterprise Manager Cloud Control? 1-7
lic e
Enterprise Manager Cloud Control 12c Features 1-8 ble
Complete Cloud Stack Management 1-10 fe r a
ans
Enterprise Manager Cloud Control 12c 1-11
n - t r
This Course in Context 1-13
a no
as deฺ
Course Schedule 1-14
) h
dz t Gui
Classroom Setup 1-15
Summary 1-16 o ฺ
r e do den
Practice Overview: Introduction 1-17
o o S tu
n i@ t h s Concepts
iCore
a
br use
2 Reviewing Enterprise Manager
e
Objectives j2-2
z
Core ( ad to2-3
zi Components Communication Protocols 2-7
Components
n i ACore
e b ra Communication Ports Between Components 2-8

D j Oracle Management Repository 2-9
Oracle Management Service 2-11
Software Library 2-13
Oracle Management Agents Deployment Methods 2-14
Methods of Targets Discovery 2-15
Management Agent on a Host 2-16
Target Discovery Process 2-17
Managed Target Types: Examples 2-18
Security: Overview 2-19
Cloud Control Authentication 2-20
How Authentication Works 2-21
Managing Securely with Credentials 2-22
Distinguishing Credentials 2-23
Authorization Using Privileges and Roles 2-25
iii
Security Console 2-26
Exploring the Enterprise Manager Interface 2-27
Quiz 2-28
Summary 2-30
Practice Overview: Exploring Cloud Control 2-31
3 Managing Cloud Control

Objectives 3-2
Controlling the Cloud Control Framework 3-3
Controlling the Repository Database Listener 3-4
Controlling the Repository Database 3-5
n se
Controlling the OMS 3-6
lic e
Controlling the Management Agent 3-8
ble
Starting the Entire Cloud Control Framework 3-10
fe r a
Stopping the Cloud Control Framework 3-11
ans
Cloud Control Health Statistics 3-12 n - t r
Repository Statistics 3-13 a no
OMS Statistics 3-14
) h as deฺ
Agents Statistics 3-15
o ฺ dz t Gui
r e do den
Viewing Log Files and Trace Files 3-16
o o S tu
Using Log Viewer and Searching for Messages 3-18
n i@ this
OMS Log and Trace Files 3-19
a
j e br use
Agent Log and Trace Files 3-20
(ad to
Viewing Management Agent Log Files 3-21
z
i A zi
Backing Up Cloud Control Components 3-23
ran Repository Database Backup and Recovery 3-24
j e b Backup and Recovery 3-25
D OMR Backup and Recovery 3-26
OMS and Software Library Backup 3-28
OMS Recovery 3-29
Agents Backup and Recovery 3-30
Quiz 3-31
Summary 3-33
Practice Overview: Managing Cloud Control 3-34
4 Monitoring Targets
Objectives 4-2
Enterprise Monitoring 4-3
Oracle-Provided Monitoring 4-4
Metric Thresholds 4-5
Customizing Metric Settings 4-6
iv
Corrective Actions 4-8
Defining and Using Corrective Actions 4-9
Using Monitoring Templates 4-10
Working with Monitoring Templates 4-11
Using Blackouts 4-13

Setting Up Notifications 4-14
Extending Your Monitoring Scope 4-15
Developing and Deploying Metric Extensions 4-16
Securely Dividing ME Tasks 4-17
Quiz 4-18
Summary 4-21
n se
Practice Overview: Monitoring Targets 4-22
lic e
ble
5 Managing Hosts
fe r a
Objectives 5-2
ans
Monitoring the Host OS 5-3 n - t r
Managing All Hosts 5-4 a no
Host Home Page 5-5
) h as deฺ
Managing an Individual Host 5-6
o ฺ dz t Gui
Monitoring the Host 5-7
r e do den
Administering Hosts 5-8o o S tu
n i@ this
Administering Network Components 5-10
a
Quiz 5-11
j e br use
(ad
Summary 5-12
z
to
i A zi
Practice Overview: Managing Hosts 5-13
ran
j e b 6 Managing Groups
D Objectives 6-2
Groups and Goals 6-3
Managing Targets via Groups 6-4
Group: Example 6-5
Distinguishing Cloud Control Groups 6-6
Creating Groups 6-8
Managing Groups 6-9
Prerequisite Privileges 6-10
Dynamic Groups 6-11
Administration Groups and Template Collections 6-12
Using Administration Groups 6-13
Defining the Administration Group Hierarchy 6-14
Using Template Collections 6-15
Applying Template Modifications 6-16
v
Keeping Targets and Templates Synchronized 6-17
Summary of Group Properties 6-18
Quiz 6-19
Summary 6-20
Practice Overview: Managing Groups 6-21
7 Managing Systems and Services

Objectives 7-2
Systems and Services 7-3
Workflow for Systems and Services 7-4
Defining Systems 7-5
n se
Creating a Generic System 7-6
lic e
Using the System Home Page 7-7
ble
Administering a System 7-8
fe r a
Viewing the System Topology 7-9
ans
Defining Services 7-10 n - t r
Understanding Service Types 7-11 a no
h as deฺ
Defining the Availability of a Generic Service 7-12
)
Creating a Generic Service 7-13
o ฺ dz t Gui
Defining a Service Test 7-14
r e do den
o o S tu
Defining a Web Transaction Service Test 7-15
Using Beacons 7-16
a n i@ this
j e br use
Defining Service Performance 7-17
(ad to
Defining and Monitoring Usage Metrics 7-18
z
i A zi
Using the Services Home Page 7-19
ran Viewing Additional Service Information 7-20
j e b Viewing the Service Topology 7-21
D Defining Service-Level Rules 7-22
Specifying Service-Level Rule Elements 7-23
Using the Services Dashboard 7-24
Using Root Cause Analysis (RCA) 7-25
Quiz 7-26
Summary 7-28
Practice Overview: Managing Systems and Services 7-29
8 Using the Job System

Objectives 8-2
What Is a Job? 8-3
Core Concepts and Tasks 8-4
Defining Jobs 8-5
Using Predefined Jobs 8-6
vi
Jobs in Enterprise Manager 8-7
Creating Jobs 8-8
Creating a Multi-Task Job 8-9
Job Executions and Job Runs 8-11
Reviewing Job Execution Results 8-12

Performing Job Operations 8-14
Jobs and Groups 8-16
Job Privileges 8-17
Quiz 8-18
Summary 8-20
Practice Overview: Using the Job System 8-21
n se
lic e
9 Managing Incidents
ble
Objectives 9-2
fe r a
Goals of Incident Management 9-3
ans
Understanding Events 9-4 n - t r
Distinguishing Incidents and Events 9-5 a no
Incident with One Event: Example 9-6
) h as deฺ
ฺ dz t Gui
Example: Incident with Multiple Events 9-7
o
r e do den
Distinguishing Incidents and Problems 9-8
o o S tu
Monitoring Oracle Software Problems 9-9
n i@ this
Incidents and Problems: Example 9-10
a
j e br use
Using Incident Manager 9-11
(ad to
Performing Incident Lifecycle Operations 9-12
z
i A zi
Automating Responses to Incidents 9-13
ran What Is a Rule? 9-14
j e b Defining Rules 9-15
D Rule Sets 9-16
Prerequisites for Using Rule Sets 9-17
Using Incident Rule Sets 9-18
Rule Set: Example 9-19
Recommendations 9-20
Prioritization of Rules and Notifications 9-22
Quiz 9-23
Summary 9-25
Practice Overview: Managing Incidents 9-26
10 Patching and Provisioning

Objectives 10-2
Software Lifecycle Management 10-3
Software Lifecycle Requirements 10-4
vii
Configuring the Software Library: Review 10-6
Provisioning Elements 10-7
Provisioning Roles and Privileges 10-8
Bare Metal or OS Provisioning 10-9
Software and Database Provisioning Workflow 10-10

Deployment Procedures for Provisioning and Patching Automation 10-11
Deployment Procedures Properties 10-12
Phases and Steps 10-14
Customized Deployment Procedures: Examples 10-16
Software Patching 10-18
Patching Workflow 10-19
n se
Software Patching Modes 10-21
lic e
Out-of-Place Patching 10-22
ble
Patching Rollout Cycles Using Templates 10-23
fe r a
Software Upgrades 10-24
ans
Upgrades: Using Breakpoints 10-25 n - t r
Quiz 10-26 a no
Summary 10-28
) h as deฺ
ฺ
Practice Overview: Offline Patching 10-29
o dz t Gui
r e do den
11 Managing Configurationsoo S tu
Objectives 11-2 ni@
a t h is
j e br Management?
What Is Configuration u se 11-3
d
(a Management
Configuration t o 11-4
z i z
ni A
Configuration Information: Examples 11-5
ra Comparing Configurations 11-6
D jeb Searching the Enterprise Configuration 11-7

Types of Enterprise Configuration Searches 11-8
Configuration Topology Viewer 11-9
Quiz 11-10
Summary 11-12
Practice Overview: Configuration Management 11-13
12 Managing Compliance
Objectives 12-2
Compliance: Overview 12-3
Understanding Compliance Management 12-4
Understanding Compliance Standards 12-5
Understanding Compliance Standard Rules 12-6
Implementing Compliance Management 12-8
Understanding Compliance Measurement 12-10
viii
Score and Its Factors 12-11
Accessing the Compliance Library 12-12
Associating Targets to Compliance Standards 12-13
Investigating Compliance Violations 12-14
Viewing Compliance Evaluation Results 12-15

Viewing Compliance Scores 12-16
Viewing Out-of-Box Compliance Reports 12-17
Quiz 12-18
Summary 12-20
Practice Overview: Managing Compliance 12-21
n se
13 Producing and Using EM Reports
lic e
Objectives 13-2
ble
Information Publisher: Overview 13-3
fe r a
Report Definitions 13-4
ans
Using Oracle-Provided Reports 13-5 n - t r
Reporting on Targets 13-6 a no
Viewing the Result 13-7
) h as deฺ
ฺ
Workflow for Creating EM Reports 13-8
o dz t Gui
Creating a Report: Example 13-9
r e do den
o
Scheduling Reports 13-10 o S tu
n i@ this
Saving and Emailing Copies of Reports 13-11
a
j e br use
Providing Access to EM Reports 13-12
(ad to
Enterprise Manager Reports Website 13-13
z
i A zi
Introduction to BI Publisher 13-14
ran BI Publisher Configuration with Enterprise Manager 13-15
j e b Quiz 13-16
D Summary 13-18
Practice Overview: Information Publisher 13-19
ix
D j e
ra b
n i A
zzi
(ad
j e
a n
to
o
br use
o r e
i@ this S
o ฺ
tu
)
do den
h
dz t Gui
a
as deฺ
n no
- t r an
s
fe r a bl
elic e n s
e
Introduction
n se
lic e
ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
Copyright e Oracle and/or its affiliates. All rights reserved.
j u
z (ad to
i A zi
ran
j e b
D
Course Goals
After completing this course, you should be able to:

• Use Cloud Control to monitor your data center

• Manage targets, hosts, and groups
• Use the job system to create and manage jobs to
automate commonly performed tasks
• Create and use EM reports
n se
• View, search, and compare configurations lic e
a b le
• Manage incidents and deployments
s f er
• Explain compliance policies and evaluate policy- t r anviolations
n on
• Manage and monitor the overall health a of your Cloud
a s ฺ
Control system )h ide dz t Gu
o ฺ
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
z (ad to
A zi
This course is designed to give the Enterprise Manager (EM) administrator the tools that are
i
n
j e brInathis course, you learn to use the core functionality of Oracle Enterprise Manager Cloud necessary to successfully use Cloud Control.
D
Control 12c. After a brief review of the underlying architecture, you use Cloud Control to
manage an enterprise-computing environment. This includes tasks such as managing and
monitoring Cloud Control; managing hosts, groups, systems, and services; monitoring
targets; using the Job System and Information Publisher; viewing and comparing
configurations; and managing compliance.
Hands-on practices help students to learn how to use the robust features of Cloud Control to
manage, monitor, and administer their data center.
This course is not intended to train you in detail about how to administer the individual target
types. For courses that cover the administration and monitoring of the Oracle target types
presented in this course, see the Oracle University website at http://education.oracle.com.
Using Oracle Enterprise Manager Cloud Control 12c 1 - 2

Objectives
After completing this lesson, you should be able to:

• Describe Enterprise Manager Cloud Control as a single

point of management and the benefits it provides
• Describe the course structure and its relationship with
other courses
• Explain the system configuration for the course practices se
e n
e lic
r a bl
s fe
- t r an
no n
a
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
z (ad to
i A zi
ran
j e b
D

Challenges for Administrators
Key challenges for managing a data center:

• Guarantee systems high availability

• Ensure acceptable performance at all times
• Resolve problems quickly
• Contain operating costs
• Align IT with business priorities n se
lic e
– Meet service-level agreements e
r a bl
– Handle increasing systems demand fe
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
z (ad to
A zi
As the need and the composition of the data center broadens into the cloud environment,
i
ran
the challenges to manage it also increase. An administrator is faced with challenges that
j e b include:
D • Ensuring high levels of performance and availability of applications
• Identifying and resolving problems quickly and effectively
• Enabling IT professionals to use resources effectively, thereby reducing costs
• Aligning IT with business priorities to ensure that businesses are agile enough to meet
the changing needs
Cloud computing has become the ubiquitous buzz phrase of enterprise IT in the 21st
Century and is now filtering down into the consumer technology arena. Navigating the world
of cloud computing can be daunting. However, it could also be argued that it represents a
return to the roots of computing when hardware resources were prohibitively expensive, and
hence by necessity, were usually a shared resource about which end users knew very little.

Cloud Computing Explained
• From the consumers’ perspective:

– It is an IT capability or service.
– Its implementation is both unknown and unimportant.
– It is available anytime, from anywhere.
• From the providers’ perspective:
– It allows them to use computing resources efficiently, e
wherever, and however possible. e n s
le lic
– It allows for flexibility in resource allocation to meet varying a b
consumer demand. s f er
– Meeting agreed service levels is more important - t r anthan
anything else. n on
a
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
dj to u
i z (a
The US
i z
ANational Institute of Standards and Technology (NIST) defines cloud computing as
“a
r n
amodel for enabling ubiquitous, convenient, on-demand network access to a shared pool
b
e of configurable computing resources (for example, networks, servers, storage, applications,
Dj and services) that can be rapidly provisioned and released with minimal management effort
or service provider interaction.”
Every Cloud Has a Silver Lining
From the perspective of a consumer of cloud-based resources, the cloud is simply a
capability or service that is used without having knowledge of how or where it is
implemented. Indeed, knowledge of how the consumable product is provided is obscured by
the very nature of it being accessed via “the cloud.” Because implementation details are of
no concern to the consumer, their primary interest is availability and usability.
From the perspective of a provider of cloud-based resources, the cloud allows them to
service consumer demand by using whatever computing resources are available. This
loosens the ties of physical resources to application topologies and gives the provider the
flexibility and agility to deploy resources in the most efficient and timely manner possible.
Like consumers of cloud-based resources, providers are also primarily interested in the
availability and usability as the efficacy of their offering will be determined by the
consumers’ satisfaction with that offering, typically defined and measured through service-
level agreements.

Cloud Computing Essential Characteristics
• On-demand self-service
– Anytime, no human involvement is required.

• Broad network access
– Anywhere, from any device
• Resource pooling
– Shared resources to meet many demands se
e n
• Rapid elasticity
e lic
– Seamless response to meet changing demands r a bl
s fe
• Measured service - t r an
– Metering of and reporting on usage no n
a
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
z (ad to
A zi
Five Essential Characteristics of Cloud Computing
i
n
a NIST definition of cloud computing includes five essential characteristics:
rThe
j e b
D • On-demand self-service: Consumers can request and receive computing resources
as required without human intervention by a provider.
• Broad network access: The resources and self-service portals provided by the cloud
can be accessed through standard network-connected devices (for example, mobile
phones, tablets, laptops, and workstations).
• Resource pooling: Providers use their computing resources to serve the demands of
many customers in a multitenancy model. All customers can then benefit from the
dynamic allocation of resources from the pool to meet their demands. Examples of
resources include storage, processing, memory, and network bandwidth.
• Rapid elasticity: Capacity of the cloud can be scaled up or down in response to
consumer demand in a manner that appears to the consumer to provide unlimited
capabilities.
• Measured service: Consumption of cloud resources is measured in a manner
appropriate to the service (for example, storage, processing, bandwidth, and active
user accounts). Resource usage can be monitored, controlled, and reported upon by
providers and consumers alike.

What Is Enterprise Manager Cloud Control?
• Creates and manages a complete set of cloud services

• Manages all phases of cloud life cycle

• Manages the entire cloud stack
• Monitors the health of all components
• Identifies, understands, and resolves business problems
n se
lic e
bl e
fe r a
an s
n - t r
a no
Complete Cloud Lifecycle Complete Cloud Stack
) h as deIntegrated ฺ Enterprise
Management
dz t Gu i
o ฺ
Management Management
Self-Service IT I Simple r e do Automated

and d en I Business-Driven
o
o sS t u
i @
n © 2015, hi and/or its affiliates. All rights reserved.
tOracle
r a e
eb o us
Copyright
d j t
i z (a
n i Az Manager Cloud Control is a management tool that provides monitoring and
Enterprise
a
brmanagement capabilities for Oracle and non-Oracle components. It is a complete,
Dje integrated, and business-driven cloud management solution in a single product, which is
referred to as “Total Cloud Control.”
Using Enterprise Manager Cloud Control, you can:
• Create and manage a complete set of cloud services, including Infrastructure-as-a-
service, Database-as-a-service, Platform-as-a-service, and others
• Manage all phases of cloud life cycle
• Manage the entire cloud stack – from application to disk, including engineered
systems (Exa series) and with integrated support capabilities
• Monitor the health of all components, the hosts that they run on, and the key business
processes that they support
• Identify, understand, and resolve business problems through the unified and
correlated management of User Experience, Business Transactions, and Business
Services across all your packaged and custom applications
Note: Throughout this course, Oracle Enterprise Manager Cloud Control 12c is referred to
simply as “Cloud Control.”

Enterprise Manager Cloud Control 12c Features
Enterprise-Ready
Framework
Applications
Cloud Management
Management
Middleware Chargeback and

Management Capacity Planning
n se
lic e
Database
Exadata and
bl e
Management
All of these topics are covered in Exalogic
fe r a
the Oracle Enterprise Manager
Cloud Control 12c New s
Management
an
Features self-study series.
n - t r
Application Quality a no
Configuration
Management
) h as Management
d e ฺ
dzand t Gu i
o o ฺ
Provisioning
r e dPatching
u d en
@ oo s St
r a ni © 2015,
e hi and/or its affiliates. All rights reserved.
tOracle
eb o us
Copyright
d j t
z (a
A zi
Key objectives in the design of Enterprise Manager Cloud Control 12c include:
i
ran
• Designing a management framework that is capable of providing next-generation
j e b functionality
D
• Enhancing application-to-disk manageability
• Providing a complete enterprise private cloud solution
Enterprise Manager Cloud Control 12c includes the following features:
• Enterprise-Ready Framework: Provides modular and extensible architecture, target
plug-ins, self-updateable entities, integrated Support Workbench, and centralized
incident console
• Cloud Management: Provides complete cloud lifecycle management
• Chargeback and Capacity Planning: Provides chargeback based on target types,
and uses Automatic Workload Repository (AWR) Warehouse to consolidate AWR
reports from multiple databases across the enterprise
• Exadata and Exalogic Management: Provides an integrated view of the hardware
and software in an Exadata machine, and complete lifecycle management for Exalogic
systems
• Configuration and Management: Provides an integrated set of tools, agent-less
discovery, integration with My Oracle Support, and custom configuration capabilities
• Provisioning and Patching: Provides profiles for provisioning known configurations,
user-defined deployment procedures, and a software library integrated with self-
updating capabilities
• Application and Quality Management: Database Replay, Application Server Replay,
Real Application Testing integrated with Data Masking, and test database
management including Application Data Model
• Database Management: Provides management of Oracle Database systems,

including performance management and change lifecycle management. Some aspects
of Database Management are covered in detail in this course.
• Middleware Management: Provides management of Fusion Middleware systems
• Applications Management: Provides management of Fusion Applications
n se
lic e
ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
j e br use
z (ad to
i A zi
ran
j e b
D

Complete Cloud Stack Management
• Management of the
complete enterprise
application stack Cloud
Control
• Management built into
every tier
n se
Ops
lic e
Center
ble
Covered in separate OU
fe r a
training courses
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
z (ad to
A zi
Cloud Control can be used to manage the Oracle footprint in any IT organization. With the
i
ran
Ops Center system management functionality, the footprint includes the server and storage
j e b arenas as well. Manageability is built into the core infrastructure and to the applications that
D run on that infrastructure. This approach makes the IT infrastructure increasingly self-
managing and addresses complex cross-tier diagnostic issues. The integration extends in
two dimensions:
• First, you monitor and manage everything in one place (packaged applications,
custom J2EE applications, SOA applications, databases, virtualization layer, hosts,
and storage), including third-party components that are integral to an enterprise
application that delivers business services. In addition to managing the Oracle and
non-Oracle products, Cloud Control offers the capabilities to integrate with a variety of
other event-management systems and help-desk applications.
• Second, Cloud Control provides a breadth of capabilities across the life cycle of what it
takes to operate enterprise software deployment, patching, real-time monitoring and
historical trending, performance diagnostics, configuration management, and service-
level management.

Enterprise Manager Cloud Control 12c
n se
lic e
ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
z (ad to
A zi
Starting with version 12.1.0.3, upon first login to Oracle Enterprise Manager Cloud Control
i
ran
console, you are presented with a Welcome page that guides you through the main
j e b functionality of the product, allows you to select the Enterprise Manager Home Page, and
D has pointers to the latest features and other applicable documentation.

Enterprise Manager Cloud Control 12c
n se
lic e
ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
z (ad to
A zi
The above image is an example of the Enterprise Summary page of Oracle Enterprise
i
ran
Manager Cloud Control 12c. The user interface (UI) functionality includes:
j e b • Information displayed in graphs and tables
D
• Summary information with drill-down capability to relevant details
• User-selected home page from a predefined set, or based on any page in the console
• Menu-driven navigation
• Global target search
• History and favorites
• Customizable target home pages (per-user basis)

This Course in Context
• Oracle Enterprise Manager Cloud Control 12c:

Install and Upgrade

• Using Oracle Enterprise Manager Cloud Control
12c (for EM administrators or operators)
• Oracle Enterprise Manager Cloud Control 12c:
Advanced Configuration e
e n s
• Oracle Enterprise Manager Cloud Control 12c: lic
Cloud Management a b le
• Oracle Enterprise Manager Cloud Control 12c:ansf
er
Overview Bundle: Self-Study Course o n -tr
a n
• Oracle Enterprise Manager CloudaControl
s eฺ 12c:
h
Management Bundle: Self-Study ) uid
ฺdz Course
d o o
e n tG
o ore Stud
a n i@ this
e b r © s2015,
dj to u
i z (a
n i Az listed above were available at the time this course was released.
The courses
a course assumes students are familiar with the basic Enterprise Manager Cloud Control
ebr
This
Dj components and the out-of-box configuration. A short review of the these components and
their default configuration follows in an upcoming lesson.

Course Schedule
Day Lessons
1 1. Introduction
2. Reviewing EM Core Concepts
3. Managing EM Cloud Control
4. Monitoring Targets
2 5. Managing Hosts
6. Managing Groups
7. Managing Systems and Services
n se
8. Using the Job System
lic e
9. Managing Incidents
ble
fe r a
3 10. Patching and Provisioning
ans
11. Managing Configurations
n - t r
12. Managing Compliance
a no
13. Producing and Using EM Reports
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
z (ad to
A zi
The suggested schedule for the course is shown in the slide. The actual lessons covered
i
ran
each day will be determined by your instructor.
j e b
D

Classroom Setup
Cloud Control Application
WebLogic Server
Oracle Management
Browser Service(OMS) orcldatabase
n se
lic e
ble
fe r a
Oracle Management em12rep s
Oracle Management
an
Agent (OMA) database
n - t r
Agent
dom0 em12.example.com
a no
host01.example.com
) h as deฺ
o ฺ dz t Gui
Oracle Virtual Machine (OVM)
Classroom PC r e do den
o o S tu
a n i@ this
e b r © s2015,
dj to u
z ( a
A zi setup (as shown in the slide) provides each student with access to:
The classroom
i
b r a•n A Linux desktop, which is used to access the OMS and, if needed, the Oracle Virtual
Dj e Machine (OVM). Main components of the OMS are the Cloud Control application and
the WebLogic Server.
• A virtual Linux machine, which contains the Cloud Control installation, including the
Oracle Management Agent (OMA), Oracle Management Service, and Oracle
Management Repository
• A virtual Linux machine, which contains a sample target, including a database and an
OMA

Summary
In this lesson, you should have learned how to:

• Describe Enterprise Manager Cloud Control as a single

point of management and the benefits it provides
• Describe the course structure and its relationship with
other courses
• Explain the system configuration for the course practices se
e n
e lic
r a bl
s fe
- t r an
no n
a
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
z (ad to
i A zi
ran
j e b
D

Practice Overview:
Introduction
This practice covers verifying your VMs and preparing your
hands-on environment.
n se
lic e
ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
z (ad to
A zi
This is a mandatory task. It is a prerequisite for all the practices that follow.
i
ran
j e b
D

D j e
ra b
n i A
zzi
(ad
j e
a n
to
o
br use
o r e
i@ this S
o ฺ
tu
)
do den
h
dz t Gui
a
as deฺ
n no
- t r an
s
fe r a bl
elic e n s
e
Reviewing Enterprise Manager Core Concepts
n se
lic e
ble
fe r a
an s
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r Copyright
s ©e2015, Oracle and/or its affiliates. All rights reserved.
j u
z (ad to
i A zi
ran
j e b
D
Objectives

• Confirm your understanding of the Cloud Control

architecture
– Describe the different components of Cloud Control
– Explain the architecture of Cloud Control, including the
security model
n se
– List the target types managed by Cloud Control e
e lic
– Understand the security model
r a bl
• Explore the Enterprise Manager interface s fe
- t r an
no n
a
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r Copyright
j u
z (ad to
i A zi
ran
j e b
D

Core Components
?
Cloud Control
Application
? WebLogic
Server
? e
? e n s
?e lic
r a bl
? ns fe
t r a
no n- OMR Plug-ins
s a OMS Agent
) h a deฺ Cloud Control

z
d tG u i
o ฺ Console, EM CLI
Host A r e do den Software Library

o
o sS t u
i @
n 2015,thOraclei
b r a
Copyright ©e
s and/or its affiliates. All rights reserved.
dj e u
(a to
i z
n i Az Control core components were introduced in a prerequisite course. Can you label
The Cloud
b the next slide. a components above? The choices are at the bottom right of the slide. Find the answers in
rthe
D j e

Core Components
Software Library
Host target information
Cloud Control
Third-party Application
applications
Agent WebLogic
Server
Fusion
OMS
n se
Middleware
Plug-in
lic e
bl e
Cloud Control
r a
Console, EM CLI
fe
OMR
an s
n - t r
Oracle
Applications a no
) h as deฺ
dz t Gui
Listeners Databases
o ฺ
Host A
r e do den
o o S tu
a n i@ this
e b r Copyright
j u
z (ad to
A zi
The details of the various components are:
i
ran
• Oracle Management Repository (OMR)
j e b
D - Persistent store of enterprise metadata and management data
- A schema in an Oracle database
- Includes schema objects belonging to the sysman user
• Oracle Management Service (OMS)
- Central Cloud Control application that processes management and monitoring
data, schedules jobs, and sends notifications
- J2EE application deployed on Oracle WebLogic Server, Oracle’s application
server solution
- Handles targets management via plug-ins

• Oracle Management Agents, or Agents
- Java applications
- Installed in their own ORACLE_HOME (unless you are using a shared NFS-
mounted agent binaries location)
- Collect monitoring and configuration data from managed targets and upload it to
OMS
- Execute tasks on behalf of Cloud Control users

- Typically one agent installation per host or OS deployment
- Use plug-ins to discover, monitor, and manage the targets running on a host
• Software Library
- A file system repository of patches, applications software, templates, and pre-
defined procedures
- Shared by multiple OMSs n se
• Cloud Control console (GUI interface) and EM CLI (command-line interface) lic e
ble
- The management user interface
fe r a
ans
A target is any software or system that is managed by Cloud Control by using a Plug-in. One
n - t r
or more targets can reside on a host and be managed by one Agent. Each Agent Plug-in is
no
specific to a particular target type and offers special management capabilities customized to
a
suit that target type.
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
j e br use
z (ad to
i A zi
ra n
j e b
D

Core Components
Software Library
Cloud Control
applications
Agent WebLogic ?
? Server
Fusion
OMS
n se
Middleware
Plug-in
lic e
?
bl
Cloud Controle
r a
Console, EM CLI
fe
OMR
an s
n - t r
Oracle
Applications a no
) h as deฺ
dz t Gui JDBC HTTP/
Listeners Databases
o ฺ HTTP/
Host A
r e do den HTTPS HTTPS
oo s St u
@
ni 2015,thOraclei
b r a
Copyright ©e
j e u
z (ad to
A zi
Can you describe the communication between the core components?
i
n
a protocols are being used? The choices are at the bottom right of the slide.
rWhat
j e b
D

Core Components Communication Protocols
Software Library
Cloud Control
HTTP/
applications HTTPS
Agent WebLogic
HTTP/ Server
HTTPS
OMS n se
Fusion
Plug-in lic e
Middleware
JDBC bl e
Cloud Control
r a
Console, EM CLI
fe
OMR
an s
n - t r
Oracle a no
Applications
) h as deฺ
Listeners Databases
o ฺ dz t Gui
Host A r e do den
o o S tu
a n i@ this
e b r Copyright
j u
z (ad to
A zi
The communication flow between the core components uses the following protocols:
i
ran
• The Agent uploads data to the OMS via HTTP or HTTPS. This communication is
j e b designed to work across wide-area networks, so a low-bandwidth connection is
D acceptable.
• The OMS communicates with the Agent via HTTP or HTTPS.
• The OMS communicates with the OMR via JDBC. OMS and OMR must be close
together and have a good bandwidth and low-latency connection.
• Cloud Control console users access the Cloud Control webpages via HTTPS or HTTP.
Where applicable, the default and recommended protocol is HTTPS for secure
communications between components.

Communication Ports Between Components
Push via SSH Cloud Control

Application
4889 / 4900
7788 / 7799
HTTP / HTTPS WebLogic
Server HTTP / HTTPS
3872 / 3872
Cloud Control
Agent
OMS
Console User n se
lic e
JDBC 1521
bl e
OMR fe r a
an s
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r Copyright
j u
z (ad to
A zi
The communication flow between the Cloud Control components is illustrated by using
i
ra n
directional arrows because only communication between the Agent and the OMS is two-way.
j e b All ports shown and listed in the slide are default values that can be changed during
D installation, either by the installer as it searches for available ports, or explicitly by you. You
can also change ports after installation.
• The Agent uploads data to the OMS via HTTP on port 4889 or via HTTPS on port 4900.
• The OMS communicates with the Agent via HTTP or HTTPS on port 3872.
• The OMS communicates with the OMR via JDBC on port 1521. Although the OMR
returns data to the OMS, this is not considered to be a separate communication
between the two; hence, the flow is shown to be unidirectional from OMS to OMR.
• Cloud Control console users access the Cloud Control webpages via HTTP on port
7788 or via HTTPS on port 7799.
Knowing the ports used in your Cloud Control installation is important, especially if you are
managing hosts behind firewalls or where other network restrictions apply, because
communication needs to be allowed on these ports and in the directions shown.

Oracle Management Repository
The Oracle Management Repository (OMR):

• Resides in an Oracle database

• Includes schema objects belonging to SYSMAN
• Must be installed in a pre-existing database
– Use pre-defined database templates where available
– Created during installation
n se
• Can be installed in a RAC database: recommended lic e
ble
fe r a
an s
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r Copyright
j u
z (ad to
A zi
The OMR is installed in an Oracle database as a group of approximately 4,000 schema
i
n
objects belonging to the SYSMAN user stored in three tablespaces: MGMT_ECM_DEPOT_TS,
ra
j e b MGMT_TABLESPACE, and MGMT_AD4J_TS. These schema objects contain information
D about Cloud Control users and administrators, targets, and applications that are monitored
and managed by Cloud Control, and groups, systems, incidents, and other Cloud Control
artifacts. The OMR is created during installation in a pre-existing database or a new database
created just for this purpose. The OMR must be sized appropriately for the projected
managed enterprise. The fastest, and recommended way, of creating a repository is by using
pre-defined database templates. Templates allow you to create a small, medium, or large
repository at installation time. Note that database templates may not be available for all
certified database versions. In this case, a repository is created from scratch during the
installation process.
For high-availability and scalability reasons it is recommended that the OMR be installed in a
Real Application Clusters (RAC) database.

The database used to house the OMR must not be used for any other applications for the
following reasons:
• Cloud Control’s usage of the database must not have to compete with any other usage.
• Using the OMR database for other applications may restrict your ability to upgrade and
patch the OMR schema and database as required.
• Cloud Control includes a restricted-use database license that can be used only for the
OMR.
n se
lic e
ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
j e br use
z (ad to
i A zi
ran
j e b
D

Oracle Management Service
HOST
Solution
Solution
Plug-in
Target
Plug-in Plug-in
OMS only Target
OMS only Target
Plug-in
Plug-in
Agent
Platform
OMS
n se
Background
• Serves the core UI pages lic e
Core UI Services (PBS)
Jobs
• Handles jobs, ble
Core
Agent
Pages
(Consol Loader
fe r a
notifications, and data
s
an
e)
Notifications loading
n - t r
no
• Can discover hosts
a
Platform
) h as deฺ • Contains plug-ins that
ฺ d z Gui provide target

OMS
d o o nt management and
e d e
o or Stu monitoring capabilities
a n i@ this
e b r Copyright
j u
z (ad to
A zi
The Oracle Management Service is the central component that:
i
ran
• Serves the Cloud Control console webpages
j e b
D • Runs jobs and notifications
• Stores in the OMR the data collected by agents
- Accesses the OMR for automated and manual reporting and diagnostics
• Communicates with the agents to orchestrate the management of their monitored
targets
- Discovers hosts
- Delivers special functionality, management, and monitoring capabilities via plug-
ins
- Can push an agent to any host that it can access across the network
- Can clone an agent from one host to one or more other hosts of the same
operating system

The OMS has two types of plug-ins:
1. Solution Plug-ins:
- Deliver vertical Enterprise Manager functionality (for example, Cloud Application
Plug-in, Capacity Planning and Chargeback Plug-in, and so on)
- Are target agnostic
- Reside only on the OMS
- Can be updated independently from the OMS

2. Target Plug-ins:
- They have agent-side and OMS-side components.
- The OMS component determines the management options and behavior exposed
through the Cloud Control console.
The agent side of target plug-ins:
• Manage the targets as directed by the OMS n se
lic e
• Gather configuration information from their targets
ble
• Monitor their availability and performance fe r a
ans
n - t r
• Some are installed by default (for example, The Oracle Database, listener, and so on).
no
• Can be updated independently of the agent and other plug-ins
a
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
j e br use
z (ad to
i A zi
ran
j e b
D

Software Library
• Repository of various software components

• Organizes certified software entities in:

– Oracle-owned folders, locked, shipped by default
– User-owned folders
• Shared file system
– Sized appropriately based on your use se
e n
– OMS reachable
e lic
– Agent reachable r a bl
s fe
– Referenced file system
- t r an
no n
a
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r Copyright
j u
z (ad to
A zi
The Software Library is a repository that stores software entities such as software patches,
i
ran
virtual appliance images, reference gold images, application software and their associated
j e b directive scripts, and allows you to organize them in logical folders. Patching and provisioning
D deployment procedures make use of these entities available in the Software Library.
This centralized media storage can be an NFS file system that is being shared between OMS
or any file system that the agents can reach. If you have multiple OMS in your enterprise, you
should create the software library in a location that can be accessed by all OMSs. You can
also define referenced locations so that an already established centralized location of these
entities, separate from the OMS, can be referenced.
The size of this central storage is based on your usage pattern.

Oracle Management Agents Deployment Methods
Oracle Management
Service
1 Agent push to 2 Agent push to

specified host discovered host
n se
lic e
ble
fe r a
3 Silent install: an s
• AgentPull n - t r
• agentDeploy a no
• RPM h a s 4 eฺAgent clone
ฺ d z) Guid between hosts
d o o nt
e d e
o or Stu
a n i@ this
e b r Copyright
j u
z (ad to
i A zi
An agent transforms a host to a managed host.
ran
The OMS can push an agent to any host that it can access across the network by using a
j e b secure shell (SSH) connection. Once connected by using authentication credentials supplied
D through the Cloud Control console, the agent image is sent in compressed form, then
uncompressed and installed. You nominate the installation directories in the Cloud Control
console when initiating the agent push job. The agent can be pushed, using a graphical
interface, to hosts that are:
• Known to the administrator as hosts on the network, but not yet known by Cloud Control
(1)
• Discovered automatically by Cloud Control, but unmanaged hosts (2)
Agents can also be installed in silent mode, using response files. (3) In this case, the
installation is performed directly on the hosts. The installation can be performed by using a
“pull” method (using the AgentPull script), a “push” method (using the agentDeploy script), or
an RPM file (typically used while provisioning an operating system on a bare metal host).
You can also get Cloud Control to clone the agent from one host to one or more other hosts of
the same operating system. (4) This method copies not just the software but the configuration
of the agent. This is typically done to define a standard agent configuration and deploy it to
multiple hosts.
Agents installation is covered in more details in the course titled Oracle Enterprise Manager
Cloud Control 12c Install & Upgrade.

Methods of Targets Discovery
• Agent-based discovery:
– Requires that you provide the host names

– Can be performed on a single host or multiple hosts
• Agent-less discovery:
– Is performed via an IP scan over the network
– Involves the following steps to configure and use: e
e n s
1. Configure Auto Discovery, which returns a list of hosts (and
their services) as unmanaged targets le lic
a b
2. Review the discovered results and promote unmanaged s f er to
managed hosts (pushing agent to host)
- t r an
on
3. Promote discovered non-host targets tonmanaged targets
s a
h a d e ฺ
)
dz t Gu i
o ฺ
r e do den
o o S tu
a n i@ this
e b r Copyright
j u
z (ad to
A zi
For agent-based discovery, you need to know the host names before you can discover the
i
ran
products that are configured on that host.
j e b Agent-less discovery uses the network mapper (NMAP) functionality to scan your network,
D discover hosts, and make some educated guesses about which software those hosts are
running. These hosts are essentially discovered as unmanaged targets that you can
seamlessly upgrade to a managed target, which then pushes the agent software to the hosts
and discovers the configuration information.
A sample workflow:
• Discovers hosts (and their services) on a network by configuring Auto Discovery via
Setup > Add Target > Configure Auto Discovery
• Deploys Oracle Management Agent on those hosts by promoting a discovered host to a
managed target via Setup > Add Target > Auto Discovery Results. Select a host and
follow a guided workflow to provide agent installation details and named credentials, and
then click Deploy Agent.
• After agent installation, the host is automatically scanned for potential targets that you
can view via Setup > Add Target > Auto Discovery Results > Non-Host Targets (tabbed
page). Select a target (for example, a database), follow the guided workflow to provide
database monitoring details, such as the Monitor Password for the DBSNMP Monitor
user, and click Promote. Cloud Control promotes the database and its listener to
managed targets.
Management Agent on a Host
Discovered but not Undiscovered

Managed targets
yet managed targets targets
1 2 3
Target A Target B Target C Target D
n se
Discovery Discovery Discovery
lic e
ble
Management Management
fe r a
Target A Plug-in Target B Plug-in Target C Plug-in an s
n - t r
a no
Agent
Agent
) h as deฺ
o ฺ dz t Gui
e o
dHOST en
r u d
@ oo s St
a i
ni 2015,thOracle
e b r Copyright ©e
j u
z (ad to
i A zi
An agent (target) plug-in contains two types of components:
ran
1. A target discovery component
j e b 2. A management component specific to a target that was discovered
D
The discovery content is deployed on a host:
• When the agent is pushed or installed on that host, for the default plug-ins
• When a new plug-in is deployed to the agent from OMS
The management component for default target types are pushed to hosts when an
administrator promotes a discovered target to a managed target.
The slide shows various possible categories of targets on a host:
1. Targets may be both discovered and managed on a host. In this case the discovery
component found it and the administrator confirmed its management (promoted it to a
managed target).
2. A target may exist on a host discovered but not yet managed. This means the
administrator chose to not promote it as a managed target but it can be done at a later
time.
3. There may be un-discovered targets on a host because no plug-in exists for it.
Therefore, this type of target is not managed by Cloud Control. A plug-in for such a type
of target must be explicitly deployed from the OMS to the agent to be discovered and
then managed.

Target Discovery Process
Host A Host target information

Auto Discovery
executed by
Third-party Agent
Applications
Oracle
Management
Agent
E-Business
Suite
n se
lic e
ble
fe r a
an s
n - t r Guided
Application a no Discovery
Databasesas ฺ
servers Listeners
) h i d e
o ฺ dz t Gu
r e do den
o o S tu
a n i@ this
e b r Copyright
dj to u
z ( a
Az i
After the Agent has been installed on a host, it needs to look for targets that it can manage.
a n i
As a Cloud Control administrator, you can guide that process from the Cloud Control console
e b r
D j pages. Guided discovery allows you to nominate a family of target types that you want to
search for, such as database and listeners, and then the agents where you want that search
to be executed. If any new targets are discovered, the appropriate plug-in will be pushed from
the OMS if it is not already installed on the agent, the target will be recorded in the OMR, and
monitoring will commence.
You can also configure auto discovery to run at regular intervals and get an agent to search
for known targets unattended, allowing you to review the results at a later stage and promote
discovered targets to become managed targets.

Managed Target Types: Examples
• Oracle Databases
– Instances, pluggable databases

– Listeners
– ASM
• Clusters and High Availability services
• Oracle Fusion Middleware products e
e n s
• Oracle Application Server lic
• Oracle WebLogic Server a b le
s f er
• Oracle applications, including E-Business Suite,
- t r anSOA,
Siebel, and PeopleSoft n on
• Exadata and Exalogic s a
h a d e ฺ
• Cloud Control Components
)
z asGOMR
dsuch u i and OMS
o o ฺ t
• Third-party targets ored tude
n
@ o sS
a i i
n 2015,thOracle
e b r Copyright ©e
j u
z (ad to
A zi
Targets are the entities that Cloud Control manages. To do so, it uses target-type–specific
i
a n
plug-ins and host-specific agents.
j e brCloud Control can monitor, administer, maintain, and manage different types of targets as
D listed in the slide. As your environment changes, you can add and remove targets from Cloud
Control as needed. The commonly used Oracle targets (including Cloud Control components,
such as the OMR and OMS) are predefined as part of the base Cloud Control product, but
Cloud Control has an open API that enables you to create custom targets.
The target types managed by Cloud Control include:
Oracle Database, Oracle Database Listener, Fusion Middleware products, Oracle Application
Server, Oracle WebLogic Server, Oracle E-Business Suite, Oracle SOA applications,
Exadata, Exalogic, Oracle Applications, Oracle Identity Manager, Oracle Siebel, Oracle
PeopleSoft, and so on, as well as other third-party targets.
The targets shown in the slide are just some examples of Cloud Control managed targets.

Security: Overview
Enterprise
Manager Cloud
Cloud Control Control
Credentials
Authentication Management e
e n s
e lic
r a bl
s fe
- t r an
n no
a
) h as deฺ
Cloud Control
o ฺ dz t Gui Target
Authorization
r e do den Authentication
oo s St u
@ i
ni 2015,thOracle
b r a
Copyright ©e
dj e u
( a to
z
ziControl security system can be divided into four components as shown in the
i A
The Cloud
n in the slide:
bra
graphic
Dje • Cloud Control Authentication checks the validity of users accessing the Cloud Control
system
• Credentials Management allows credentials to be defined
• The Target Authentication system uses the defined credentials
• Cloud Control Authorization grants privileges to managed targets

Cloud Control Authentication
• Framework that determines if users accessing Cloud

Control are valid

– Same process for the graphical interface and EM CLI
• Methods
– Repository based (default)
– Oracle Application Server Single Sign-on e
e n s
– Oracle Access Manager Single Sign-on lic
– Enterprise User Security ble
fe r a
– LDAP based:
an s
Oracle Internet Directory (OID) n - t r
no
—
Microsoft Active Directory a

as deฺ
—
) h
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r Copyright
j u
z (ad to
A zi
The Cloud Control authentication framework determines whether users accessing the Cloud
i
ran
Control system are valid and allows or rejects the access (login). Both the graphical interface
j e b and the EM command-line interface (EM CLI) use this common authentication mechanism.
D This framework is designed to allow various pluggable authentication protocols. End users
can configure the authentication scheme that best suits their environments.
By default, Cloud Control authenticates users against values saved in the OMR. This option
takes advantage of all users authentication options available with an Oracle database,
including passwords profiles, password life time, and so on.
For external authentication, Cloud Control relies on the underlying WebLogic Server that is
part of the OMS (middle tier) stack. Other supported authentication schemes are:
• Oracle Application Server Single Sign-on
• Oracle Access Manager Single Sign-on
• Enterprise User Security
• LDAP based:
- Oracle Internet Directory (OID)
- Microsoft Active Directory

How Authentication Works
• An EM Administrator is created initially by SYSMAN

– Name, password, password profile

– Optional
— Super Administrator role: full access to all targets and
administrator accounts
— May not be able to change its own password
– Target privileges, resource privileges, and roles associated n se
with it lic e
e bl
— Provide separation of duties among administrators
f e r a
• If database authentication is used an s
n - t r
nodatabase users
– Cloud Control Administrator accounts are
a
has eฺ
– Uses database password management
z) Guid
o ฺ d
e d o
d e nt
o or Stu
a n i@ this
e b r Copyright
j u
z (ad to
A zi
A Cloud Control user logs in to EM as a predefined administrator username, created by a
i
a n
Super Administrator (SYSMAN at first).
j e brThis initial authentication translates to permissions to the managed system based on how that
D administrator was created:
• Password is managed by the database, using database password profiles, if the default
database authentication is used.
• The user may not be able to change its own password, if Super Administrator
determined that was their policy.
• Access is given to only select targets, with specific privileges and roles, all determined
by the Super Administrator.

Managing Securely with Credentials
• Centralized credential store for

ease of management
EM Users
• Support for managing
passwordless and strong Privileges
authentication credentials
(Kerberos tickets and SSH keys)
n se
• Reuse and sharing among users e
e lic
(without disclosing the sensitive
r a bl
content of credentials) s fe
• Controlled and protected access EM User1
- t r an
n no
• Support for sudo/powerbroker a
) h as deฺCentralized Credential Store
ฺ dz tEMGUser2 ui
do deno
o r e tu
o S
a n i@ this
e b r Copyright
j u
z (ad to
A zi
As a management tool that handles many scripts and powerful actions such as patching,
i
ran
Enterprise Manager has to work with many credentials for hosts, databases, and a range of
j e b other objects. Managing all these credentials can be a real challenge. The centralized store
D facilitates this task because you can name and store credentials there.
Passwordless and strong authentication credentials are supported, such as the Kerberos
tickets and SSH key pairs.
Credentials can be reused and shared among users (without disclosing sensitive content like
passwords). Users are granted access to these credentials by the use of privileges, and so
they can be reused without knowing what the contents of the credentials themselves are.
Access to the credentials is controlled and protected by privileges.
The EM credential subsystem enables you to securely store credentials as preferences or
operation credentials, which can then be used to perform different system management
activities. EM also supports sudo/powerbroker–based impersonation.

Distinguishing Credentials
• Named credentials
– Access level:
— View access to use the credential
— Edit to change the credential
— Full for complete access
• Preferred credentials
n se
– Default credentials e
e lic
• Usage classification: Job, collection, and monitoring
r a bl
s fe
- t r an
no n
a
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r Copyright
j u
z (ad to
A zi
As an EM administrator, you can define and store credentials (username/password, a public
i
ran
key-private key pair, or an X509v3 certificate) as named credentials in Enterprise Manager.
j e b These are used when performing operations like running jobs, patching, and other system
D management tasks. Named credentials can be global or target specific. They are
“placeholders” designed to simplify passwords management.
The three levels of access that can be granted to these credentials:
• View access: To use the named credentials
• Edit access: To change the named credentials, including changing its name and
password
• Full access: For complete access, including the ability to delete the named credential
You can define credentials as preferred credentials for specific managed targets by storing
target login credentials in the Management Repository. Default credentials can be set for a
particular target type and they will be used for all the targets of that target type, unless
overridden by a target preferred credentials.
Credentials can also be classified by their usage, such as job credentials (used by the job
system), collection credentials, and monitoring credentials (used by the agents).

Credentials core concepts and definitions:
• Credential type is the type of authentication supported by a target type. For example, a
host can support a username/password–based authentication, public key authentication,
or Kerberos authentication. Various authentication schemes are supported, including
native agent authentication and SSH.
• Credential set is a placeholder for a credential. Credential sets can be used to decouple
credentials from the system that uses a credential. A credential set enables you to change
its mapping to named credentials for a target without editing the system that uses the
credential. For example, you could have a credential set for patching tasks.
• Credential store is a logical store for all the named credentials of an EM administrator.
Referencing credentials by:
• Credential name: The credential is referenced by using the name of the credential in the
credential store. e
• Credential set: The credential is referenced by using the credential set name and the e n s
e lic
target name. The lookup gets the credential associated with the credential set name and
target name. r a bl
s fe
- t
reference does not refer to a credential in the credential store.
an
• Direct value: The credential is specified by providing the values of the attributes. This
r
no n
a
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
j e br use
z (ad to
i A zi
ran
j e b
D

Authorization Using Privileges and Roles
• Roles contain resource or target privileges

– Can be assigned to other roles

• Can be defined on special criteria
– Geographical location
– Line of business
• Users get assigned roles se
e n
– Easy privilege assignment
e lic
– More secure r a bl
s fe
– Implement Principle of Least Privileges
- t r an
no n
a
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r Copyright
j u
z (ad to
A zi
A role is a collection of Cloud Control–related resource privileges or target privileges granted
i
ran
to administrators or to other roles. These roles can be defined based on geographic location,
j e b line of business, or any other chosen model. Roles are advantageous because administrators
D need to only assign a role to a new user and automatically all appropriate privileges are
assigned to that user. Enterprise Manager Cloud Control comes with predefined, out-of-the-
box roles, to manage a wide variety of resource and target types. These roles are assigned to
users or administrators in your enterprise to facilitate management and increase security. In
addition, it is recommended that an organization implements the Principle of Least Privileges,
which dictates that users must be granted the least amount of privileges needed to perform
their job.
Administrators by default do not have any Software Library privileges. The Super
Administrator must explicitly grant privileges to an administrator to access the Software
Library.

Security Console
• Consolidated view of all security-related information

• Available to Super Administrators only

• Areas included:
– Overview of all security options
– Pluggable Authentication
– Fine-grained Access Control se
e n
– Secure Communication
e lic
– Credentials Management r a bl
s fe
– Comprehensive Auditing
- t r an
– Active User Session Count no n
a
– Best Practices Analysis
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r Copyright
j u
z (ad to
A zi
The Security Console is new starting with EM Cloud Control 12.1.0.4 and it offers a common,
i
a n
consolidated view of all security-related information for the entire system.
j e brThis Console can only be viewed if logged in as a Super Administrator and it can be accessed
D from the Setup > Security > Security Console menu.
The Security console areas include:
• Overview of all security options
• Pluggable Authentication: Various methods of authentication that the Oracle
WebLogic Server supports, therefore supported by the Cloud Control framework
• Fine-grained Access Control: Definition of targets privileges and their granularity
• Secure Communication: Protocols used to communicate between the various Cloud
Control components
• Credentials Management: Username and password pairs for all targets
• Comprehensive Auditing: Lists all auditable options and their configuration
• Active User Session Count: Session management information
• Best Practices Analysis: Collection of all recommend best practices that apply to all
areas of security

Exploring the Enterprise Manager Interface
n se
lic e
ble
fe r a
an s
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r Copyright
j u
z (ad to
A zi
The Enterprise Summary page provides a summarized view of the health of all targets (as
i
a n
shown in the activity guide), including Cloud Control itself.
j e brWhen you select Targets > All Targets, EM displays the list of the individual targets. The left
D side of the All Targets page provides a navigation tree. When you click the link under Target
Name (on the right side of the page), you navigate directly to the home page of that target.
Cloud Control provides you with different levels of detailed information, so that you can
determine how well a group or a specific target performs.
All key pages for managing and monitoring Cloud Control are grouped under Setup >
Manage Cloud Control. For example, if you need to monitor the overall health of the
management service and repository, navigate to Setup > Manage Cloud Control > Health
Overview. You can also access the repository page by navigating to Setup > Manage Cloud
Control > Repository for an overview of the status and performance of the repository DBMS
jobs, errors that might have occurred, space usage, and so on.

Quiz
Identify the main Cloud Control components.

a. Oracle Management Agent

b. Oracle Management Service
c. Oracle Management Repository
d. Software Library
e. All of the above n se
lic e
ble
fe r a
an s
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r Copyright
j u
iz (ad to
Aez
Answer:
i
b r an
Dj e

Quiz
Which targets can be managed by using Cloud Control?

a. Hosts
b. Databases
c. Application servers
d. Web applications
e. OMS and OMR n se
lic e
f. All of the above e
r a bl
s fe
- t r an
no n
a
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r Copyright
j u
iz (ad to
Afz
Answer:
i
b r an
Dj e

Summary

• Confirm your understanding of the Cloud Control

architecture
– Describe the different components of Cloud Control
– Explain the architecture of Cloud Control
– List the target types managed by Cloud Control e
e n s
– Understand the security model lic
• Explore the Enterprise Manager interface ble
fe r a
an s
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r Copyright
j u
z (ad to
i A zi
ran
j e b
D

Practice Overview:
Exploring Cloud Control
This practice covers the following topics:
• Accessing Enterprise Manager Cloud Control

• Setting the Summary page as the home page
• Navigating the Cloud Control console
• Performing OMS and OMR monitoring tasks
n se
lic e
ble
fe r a
an s
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r Copyright
j u
z (ad to
A zi
View the “Console Overview and Customization” demonstration (unless your instructor just
i
a n
demonstrated those topics).
j e brThe following optional demonstrations of related topics are available:
D
• Create an Enterprise Manager Administrator
• Discover and Promote Unmanaged Hosts and Targets
• Create and Use Named Credentials
• Create SSH Key Named Credentials

D j e
ra b
n i A
zzi
(ad
j e
a n
to
o
br use
o r e
i@ this S
o ฺ
tu
)
do den
h
dz t Gui
a
as deฺ
n no
- t r an
s
fe r a bl
elic e n s
e
Managing Cloud Control
n se
lic e
ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
z (ad to
i A zi
ran
j e b
D
Objectives

• Start and stop Cloud Control components

• View EM health statistics
• Identify the main log and trace files for Cloud Control
components
• Discuss options to back up and recover the various
n se
elements of Cloud Control lic e
ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
z (ad to
i A zi
ran
j e b
D

Controlling the Cloud Control Framework
WebLogic
EM
OHS
OMS
Repository Agents
n se
Component Control Utilities lic e
ble
Repository OMS Agent s fe r a
tra n
sqlplus or o n -
a n
srvctl emctl
h a s eฺ emctl
lsnrctl ฺ d z) Guid
d o o nt
e d e
o or Stu
a n i@ this
e b r © s2015,
j u
z (ad to
A zi
Each component of the Cloud Control framework has its own utility or utilities that can be
i
ran
used to monitor, start, and stop the component. In many cases, these utilities also provide
j e b some capability to configure the component beyond the simple start-and-stop functionality.
D RAC databases require the use of the srvctl commands; for single instances, there is a
choice of sqlplus or srvctl.
Examples:
• srvctl stop database -d orcl -o immediate
• srvctl start database -d orcl -o open

Controlling the Repository Database Listener
The repository database listener is controlled by the Listener

Control utility (lsnrctl):

• Start listener: $ORACLE_HOME/bin/lsnrctl start
• Stop listener: $ORACLE_HOME/bin/lsnrctl stop
• Check status: $ORACLE_HOME/bin/lsnrctl status
• Check services:
n se
$ORACLE_HOME/bin/lsnrctl services lic e
e bl
f e r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
z (ad to
A zi
The database listener must be started in order for the OMS to connect to the repository. To
i
ran
start, stop, and check the status of the listener and listener services, use the following
j e b Listener Control Utility (lsnrctl ) commands:
D $ORACLE_HOME/bin/lsnrctl start
$ORACLE_HOME/bin/lsnrctl stop
$ORACLE_HOME/bin/lsnrctl status
$ORACLE_HOME/bin/lsnrctl services
The listener must normally be started before the database because the OMR database
registers with the listener on startup. If the listener is started after the database, it may take
several minutes for the database to register with the listener.
The Oracle Home (here, $ORACLE_HOME, is an example for a UNIX-type system) is the
directory where you choose to install the software for a particular Oracle product (in this
case, the Oracle Database). For example, ORACLE_HOME could be:
/u01/app/oracle/product/11.2.0/dbhome_1

Controlling the Repository Database
The repository database is controlled with SQL*Plus.

• Begin a SQL*Plus session with sqlplus / as sysdba.

• Start the database with startup.
• Stop the database with shutdown immediate.
$ sqlplus / as sysdba
n se
Connected to:
lic e
Oracle Database 11g Enterprise Edition Release 11.2.0.3.0 – Production
ble
With the Partitioning, OLAP, Data Mining and Real Application Testing
fe r a
options
ans
n - t r
SQL> startup
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
z (ad to
A zi
The repository database must be started before the OMS can render the Cloud Control user
i
ran
interface, and before agents can pass target status and performance data through the OMS.
j e b • To start or open the database, begin a SQL*Plus session (as shown in the slide).
D Note that the ORACLE_HOME must be setup to point to the home where the database
was installed. ORACLE_SID must point to the repository database SID. To start the
instance, mount, and open the database, use:
SQL> startup
• To check the status of the repository database use:
SQL> SELECT status FROM v$instance;
The status must display OPEN. Any result other than OPEN indicates a problem with the
repository database that should be handled just like any other Oracle database problem.
Note: Use the SRVCTL command if you have a RAC instance for the repository.
To shut down the repository database, use the shutdown immediate command from a
SQL*Plus session. This option prevents any new logins, rolls back any uncommitted
transactions, and then brings down the database. During this process, Oracle flushes all the
changes in memory out to the database data files as well, just like a regular shutdown does,
therefore making the database startup quicker.

Controlling the OMS
Use the Enterprise Manager Control (emctl) utility from the

Oracle Management Service home to:

• Start and stop the required OMS components
• Get the status of OMS components
<OMS Home>/bin/emctl start oms

n se
<OMS Home>/bin/emctl stop oms
lic e
<OMS Home>/bin/emctl stop oms -all
ble
<OMS Home>/bin/emctl status oms fe r a
ans
<OMS Home>/bin/emctl status oms -details
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
z (ad to
A zi
Each OMS consists of a number of components, all of which can be started or stopped by
i
ran
using the EM Control Utility, emctl, from the OMS Home. The OMS Home must point to the
j e b location where the OMS installation was performed. For example, OMS might point to
D /u01/app/oracle/product/middleware/oms.
Here are the basic control options:
• emctl start oms starts the OMS and all its related Fusion Middleware components
required to run, such as the HTTP Server, the Node Manager, OPMN process, and the
managed server on which the Management Service is deployed. If this command is
run on a host that has Oracle BI Publisher configured, then Oracle BI Publisher is also
started.
• emctl stop oms stops only the OMS managed server and the HTTP Server.
• emctl stop oms –all stops all processes including the Administration Server,
HTTP Server, Node Manager, management server, and Oracle BI Publisher (if it is
configured on the host).
• emctl status oms shows if the OMS is started or stopped.

Here are some examples for a UNIX system:
$ emctl status oms
Oracle Enterprise Manager Cloud Control 12c Release 4
Copyright (c) 1996, 2014 Oracle Corporation. All rights reserved.
WebTier is Up
Oracle Management Server is Up
The following command requires the SYSMAN password and shows the OMS configuration
details:
$ emctl status oms -details
n se
Enter Enterprise Manager Root (SYSMAN) Password :
lic e
Console Server Host : em12.example.com
ble
HTTP Console Port : 7788
fe r a
ans
HTTPS Console Port : 7802
n - t r
no
HTTP Upload Port : 4889
a
as deฺ
HTTPS Upload Port : 4903
) h
dz t Gui
EM Instance Home : /u01/app/oracle/product/gc_inst/em/EMGC_OMS1
o ฺ
OMS Log Directory Location : /u01/app/oracle/product/gc_inst/em/EMGC_OMS1/sysman/log
OMS is not configured with SLB or e
r do hostname
virtual d en
oo s St u
Agent Upload is locked.
OMS Console is locked.an
i @ thi
b r s e
Active CA ID: 1 je u
a d t o
(https://em12.example.com:7802/em
i z
Console URL:
z https://em12.example.com:4903/empbs/upload
n i
UploadAURL:
b a Domain Information
rWLS
j e
D Domain Name : GCDomain
Admin Server Host : em12.example.com
Admin Server HTTPS Port: 7102
Admin Server is RUNNING
Managed Server Information
Managed Server Instance Name: EMGC_OMS1
Managed Server Instance Host: em12.example.com
WebTier is Up
Oracle Management Server is Up
BI Publisher Server is Up
BI Publisher Server named 'BIP' running at local URL:
https://em12.example.com:7799/xmlpserver
BI Publisher Server Logs: /oracle/gc_inst/user_projects/domains/GCDomain/servers/BIP/logs/
BI Publisher Log :
/oracle/gc_inst/user_projects/domains/GCDomain/servers/BIP/logs/bipublisher/bipublisher.log

Controlling the Management Agent
Use emctl from the agent home to:

• Start, stop, and monitor agent status

• Upload data to the OMS manually
• Retrieve various configuration parameters and properties
• Set monitoring or security functions
n se
<Agent Home>/agent_inst/bin/emctl start agent lic e
<Agent Home>/agent_inst/bin/emctl stop agent a b le
r
<Agent Home>/agent_inst/bin/emctl status agent nsfe
a
<Agent Home>/agent_inst/bin/emctl n-tr
upload agent
no
a
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
z (ad to
i A zi
The Oracle Management Agent is controlled with its own version of the emctl utility,
ran
installed in its own home directory. The agent is installed in a user-given directory called the
j e b Agent Base Home, or simply Agent Home. emctl to be used by the agent is located at:
D <Agent Home>/agent_inst/bin/emctl
There is normally little administration required for the agent. By default, agents are
configured to start automatically at reboot on most systems. Use these commands on a
UNIX system for basic control and troubleshooting:
• emctl status agent to verify the status (started or stopped) of the agent and
display its home, process ID, and so on.
• emctl start agent to start the parent agent watchdog process and the child Java
process for the agent. The watchdog monitors the agent Java process and attempts to
restart it if it fails unexpectedly.
• emctl stop agent to stop the agent.

Some other common agent control commands:
The agent automatically uploads targets metrics to the OMS. To force an upload mid-cycle,
you can use the command:
emctl upload
The following command lists the target names and types running on the host:
emctl config agent listtargets
To configure an agent to communicate with the OMS in secure (HTTPS) mode:

emctl secure agent [registration password] [-emdWalletSrcUrl <url>]
Here is an example of an agent status command:
$ emctl status agent
n se
---------------------------------------------------------------
Agent Version : 12.1.0.4.0 lic e
ble
OMS Version : 12.1.0.4.0
Protocol Version : 12.1.0.1.0 fe r a
Agent Home : /u01/app/oracle/product/agent12c/agent_inst
ans
Agent Binaries : /u01/app/oracle/product/agent12c/core/12.1.0.4.0
n - t r
Agent Process ID : 3020
a no
Parent Process ID : 2970
) h as deฺ
dz t Gui
Agent URL : https://em12c.example.com:3872/emd/main/
Repository URL ฺ
: https://em12c.example.com:4904/empbs/upload
o
Started at : 2014-04-04 10:49:35
r e do den
Started by user : oracle
o o S tu
Last Reload : (none)
a n i@ this
br use
Last successful upload : 2014-04-04 11:34:39
Last attempted upload
j e : 2014-04-04 11:34:39
(ad to
Total Megabytes of XML files uploaded so far : 0.06
z
i A zi
Number of XML files pending upload
Size of XML files pending upload(MB)
:0
:0
ran
j e b Available disk space on upload filesystem : 30.54%
D Collection Status
Heartbeat Status
: Collections enabled
: Ok
Last attempted heartbeat to OMS : 2014-04-04 11:37:31
Next scheduled heartbeat to OMS : 2014-04-04 11:38:31
---------------------------------------------------------------
Agent is Running and Ready
For additional agent control commands, consult the Oracle Enterprise Manager Cloud
Control Administrator's Guide.

Starting the Entire Cloud Control Framework
To start the Cloud Control framework, perform the following

steps:
1. Start the repository database listener.
2. Start the repository database.
3. Start the OMS.
4. Start the agent on the OMS/repository server.
n se
5. Start the agents on the managed servers. lic e
ble
fe r a
ans
WebLogic
EM
n - t r
a no
) h as deฺ
o ฺ dz t Gui
OMS do
OHS
Repository r e u d en Agents
o o S t
a n i@ this
e b r © s2015,
j u
z (ad to
A zi
1. Start the repository listener, for example:
i
ran $ORACLE_HOME/bin/lsnrctl start
D jeb 2. Start the repository database, for example:
$ORACLE_HOME/bin/sqlplus / as sysdba
SQL> startup
3. Start the OMS (including OHS and WebLogic Managed Server):
<OMS Home>/bin/emctl start oms
4. Start the agent (on OMS/repository host):
<Agent Home on the OMS Host>/agent_inst/bin/emctl start agent
5. Start the agent on the managed targets:
<Agent Home on managed target>/agent_inst/bin/emctl start agent
Note: Use the SRVCTL command if you have a RAC instance as a repository.
Best Practice: The database, listener, OMS, and agents can be configured to start
automatically at the operating system startup. This configuration is the default but it is
platform specific. If these components are not already starting up automatically, consult your
OS documentation to complete this on your system.

Stopping the Cloud Control Framework
To stop the Cloud Control framework, perform the following

steps:
1. Stop the agents on managed servers (optional).
2. Stop the agent on the OMS/repository server.
3. Stop the OMS.
4. Stop the repository database.
n se
5. Stop the repository database listener. lic e
bl e
fe r a
ans
WebLogic
n - t r
EM
a no
) h as deฺ
ฺ d z Gui
Agents d o
o OMS
OHS nt
r e u d e Repository
o
o sS t
i @
tOracle
r a e
eb o us
Copyright
d j t
i z (a
n i Az the agent on the managed servers (optional):
1. Stop
bra <Agent Home on managed target>/agent_inst/bin/emctl stop agent

Dje 2. Stop the agent (on OMS/repository host):
<Agent Home on the OMS Host>/agent_inst/bin/emctl stop agent
3. Stop the OMS (including OHS and WebLogic Managed Server):
<OMS Home>/bin/emctl stop oms -all
4. Stop the repository database, for example:
$ORACLE_HOME/bin/sqlplus / as sysdba
SQL> shutdown immediate
5. Stop the repository listener, for example:
$ORACLE_HOME/bin/lsnrctl stop
Note: Use the SRVCTL command if you have a RAC instance for the repository.
All control commands must be executed as the user associated with the installation,
typically oracle.

Cloud Control Health Statistics
n se
lic e
ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
z (ad to
A zi
Once set up and running, it is a good practice to schedule ongoing maintenance tasks and
i
ran
periodically monitor for deviations from acceptable performance. To a large extent, the
j e b Cloud Control system monitors itself and rolls up critical information to a set of pages under
D the Setup > Manage Cloud Control menu. All major components of Cloud Control are
grouped into a single system, a set of services, to simplify their management. A number of
health metrics are automatically collected and some have thresholds set to alert
administrators about impending problems.
Note the following pages that consolidate information on specific areas:
• Health Overview page: A rollup of general statistics about your system such as
Job System Status, Console Activity, Alerts, and various Performance Charts

Repository Statistics
n se
lic e
ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
z (ad to
•
i A zi
Repository tab: A summary of all repository-related statistics
ran
j e b
D

OMS Statistics
n se
lic e
ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
z (ad to
•
i A zi
Management Servers page: All Management Services metrics
ran
j e b
D

Agents Statistics
n se
lic e
ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
z (ad to
•
i A zi
Agents page: A rollup of all agents that are part of the system and their associated
ran targets, status, and so on.
j e b
D

Viewing Log Files and Trace Files
• Trace files and log files are:

– Used to troubleshoot potential problems

– Created for:
— Oracle Management Service (OMS)
— Oracle Management Agent (Management Agent)
• Diagnosing the OMR with standard Oracle database tools:
n se
– Automatic Diagnostic Repository (ADR)
lic e
– Incident Manager (covered in a separate lesson) a b le
– EM Support Workbench s f er
n a
o n -tr
a n
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
z (ad to
A zi
When you install the Oracle Management Agent or the Oracle Management Service, Cloud
i
ran
Control automatically configures the system to save certain informational, warning, and error
j e b information to a set of log and trace files.
D
Log and trace files can help you troubleshoot potential problems with a Cloud Control
installation. They provide detailed information about the actions performed by Cloud Control
and whether or not any warnings or errors occurred.
Because the OMR is an Oracle database, the diagnostic tools for any database are
available (and covered in the Oracle Database courses). These include:
• The Automatic Diagnostic Repository (ADR): A file-based hierarchical data store
for depositing diagnostic information produced by diagnostic framework clients. The
ADR contains data describing incidents, traces, dumps, alert messages, data repair
records, health check records, SQL Trace information, core dumps, and other
information essential for problem diagnosis.

• The Incident Manager: Provides a central point of control for managing events,
incidents, and problems detected within Enterprise Manager. It provides in-context
access to diagnostic and resolution capabilities. You also have in-context access to
My Oracle Support, where you can research knowledge-based articles and create
service requests. The Guided Resolution region offers recommendations and
provides links to diagnostics and resolutions.
• The EM Support Workbench: A facility that enables you to investigate, report, and in
some cases, repair problems (critical errors), all with an easy-to-use graphical
interface. The Support Workbench provides a self-service means for you to gather
first-failure diagnostic data, obtain a support request number, and upload diagnostic
data to Oracle Support quickly and with minimal effort, thereby reducing time-to-
resolution for problems. The Support Workbench allows you to view and process the
contents of ADRs.
n se
lic e
ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
j e br use
z (ad to
i A zi
ran
j e b
D

Using Log Viewer and Searching for Messages
Select “Most Recent” and enter a

time period, or select “Time
n se
Interval” and specify a range.
lic e
ble
fe r a
an
Specify one or more s
- t r
message types.
n
a no
Specify specific search
) h as deฺ criteria.
group theo
dz messages,
View the matching
ฺ
messages G uori
byt message
r e dotype or message
d en ID.
oo s St u
@
ni © 2015, hi and/or its affiliates. All rights reserved.
tOracle
r a e
eb o us
Copyright
d j t
z (a
A zi
Use the Log Viewer to:
i
ran
• View log files and messages for:
j e b
D - All entities in a domain
- An Oracle WebLogic Server
- A component
- An application
• Search log files
• Download log files
On the Log Messages page, you can search for specific diagnostic messages. Use this
page to search for messages for all of the entities in a domain, for an Oracle WebLogic
Server, a component, or an application. Your search criteria can be refined through the
addition of fields. You can also view the list of targets that are part of the search, and add or
remove targets.
You can also view and download full log message files for each individual target in the
Cloud Control domain by navigating to the target home menu > Logs > View Log
Messages (for example, Oracle HTTP Server > Logs > View Log Messages).

OMS Log and Trace Files
• OMS log and trace files are stored in

<EM_INSTANCE_BASE>/em/<OMS_NAME>/sysman/log/
• OMS uses the following types of log files:
File Name Description
emctl.log Enterprise Manager Control log file containing information

about the execution of EMCTL commands n se
lic e
emoms.log OMS log file containing record of OMS actions and errors
ble
fe r a
emoms.trc OMS trace file used for troubleshooting
ans
n - t r
emoms_pbs.log
a no
OMS log file containing information for platform background
service application
) h as deฺ
emoms_pbs.trc
ฺ dz information
OMS trace file containing
G ui for platform background
o
service application
d o nt
e d e
o or Stu
a n i@ this
e b r © s2015,
dj to u
z ( a
OMS andA i
zAgent log files can be viewed manually, directly from their location.
n i
a log and trace files are available in the EM instance base location, typically a location
ebr
OMS
Dj similar to this: /u01/app/oracle/product/gc_inst/em/EMGC_OMS1/sysman/log
OMS log and trace files increase in size over time as information is written to the files.
However, the files are designed to reach a maximum size. When the files reach the
predefined maximum size, the OMS renames (or rolls) the logging information to a new file
name and starts a new log or trace file. This process prevents the log and trace files from
growing too large.

Agent Log and Trace Files
• OMA or agent log and trace files are stored in

<EMHOME>/sysman/log/
• The agent uses the following types of log files:
File Name Description of Content
gcagent_mdu.log Information about metadata updates to the agent

n se
gcagent.log Agent trace, debug, information, and warning messages lic e
ble
gcagent_errors.log Agent error and alert information fe r a
t r a ns
emctl.log Information about the execution of emctl
n on- commands
s a
h a d e ฺ
)
dz t Gu i
o ฺ
r e do den
o o S tu
a n i@ this
e b r © s2015,
dj to u
z ( a
A
The log
i zi trace files for the agent are written in the OMA runtime directory. You can find
and
anruntime directory by using the following command:
brthe
Dje <Agent Home>/agent_inst/bin/emctl getemhome
The log and trace files are located by default in the following directory:
<Agent Home>/agent_inst/sysman/log
The main log is segmented by default into 11 segments of 5 MB each. The segments are
named gcagent.log and gcagent.log.#, where # is a number in the range of 1-10.
These settings are controlled by properties in the emd.properties file.

Viewing Management Agent Log Files
View Management Agent log files to troubleshoot:

• Connectivity
– Verify that the repository URL is correct in the
emd.properties file.
– Use the emctl status agent command to find the repository URL.
• Throughput
– View agent logs in: n se
lic e
<Agent Home>/agent_inst/sysman/log
ble
– Check upload errors: fe r a
ans
<Agent Home>/agent_inst/sysman/log/gcagent.trc
n - t r
• Target discovery a no
– View target discovery errors:
) h as deฺ
ฺ dz t Gui
<Agent Home>/agent_inst/sysman/log/emagent_perl.trc
o
r e do den
o o S tu
a n i@ this
e b r © s2015,
dj to u
z ( a
A z i
Management Agent problems usually fall into one of three categories:
n i
e b ra
1. Connectivity between the Management Agent and OMS
D j When a single Management Agent is unable to connect to OMS, the problem is
normally found on the Management Agent’s server. If multiple Management Agents
are unable to connect, the problem may lie with OMS or the underlying network.
Check the following file:
<Agent Home>/agent_inst/sysman/config/emd.properties
and verify that the repository URL is correct. You can retrieve the URL also by using
the emctl status agent command. Ensure that you can ping the host identified as the
repository URL. If possible, attempt to telnet to the OMS host. Remember that the
Management Agent should connect directly to the Oracle HTTP Server.

2. Upload throughput when the Management Agent reports information about
metric targets through the OMS to the repository.
As mentioned before, agent logs may be found in the
<Agent Home>/agent_inst/sysman/log directory.
Agent upload errors are recorded in the
<Agent Home>/agent_inst/sysman/log/gcagent.trc file.
3. Target discovery while new targets are added to a server.

Use emctl config agent listtargets or check the
<Agent Home>/agent_inst/sysman/emd/targets.xml file to determine which
targets are monitored by the agent. Remember to create a backup of the
targets.xml file before making any modifications. Errors with target discovery are
reported in the <Agent Home>/agent_inst/sysman/log/emagent_perl.trc
file.
n se
lic e
ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
j e br use
z (ad to
i A zi
ran
j e b
D

Backing Up Cloud Control Components
• Backup is important for recovery in case of a failure.

• Recommended be performed on a regular basis.

• Backup of Cloud Control includes the backup of all its
components:
– Management Repository
– Software Library e
e n s
– Oracle Management Service(s) lic
– Management Agents ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
z (ad to
A zi
For recovery purposes it is important to have a regular backup plan in place for all the Cloud
i
ran
Control components:
j e b • Management Repository
D
• Software Library
• Oracle Management Service(s)
• Management Agent
The backup of each component varies depending on its nature. This course covers some of
the basics on this topic. Note that detailed backup and recovery techniques are covered in
the course titled Oracle Enterprise Manager Cloud Control 12c Advanced
Configuration.

Repository Database Backup and Recovery
• Basic concepts:
– ARCHIVELOG mode for online backup

– Content in data files on disk and in archive logs
• Recovery Manager (RMAN):
– Primary backup and recovery tool
– Integrated with Cloud Control’s GUI interface e
e n s
• Oracle Secure Backup
le lic
– Automatic backup and recovery to/from disk r a b
sf e
– Integrated with RMAN a n
– Possible Cloud Control target o n -tr
n a
h a s e ฺ
)
dz t Gu i d
o ฺ
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
z (ad to
A zi
Notes for EM administrators who are not Oracle DBAs:
i
ran
The primary tool for the backup and recovery of any Oracle database (including the OMR) is
j e b the Recovery Manager (RMAN). Cloud Control has an integrated GUI interface to this
D functionality, but RMAN commands could also be entered on the command line and
submitted as jobs.
To perform whole online backups, a database must be in ARCHIVELOG mode, which
initiates the background processes to write changes to a predefined disk area, which is
known as Fast Recovery Area (FRA), for which the database instance performs space
management. Other areas are possible, but most likely, you would lose the automatic, rule-
based space management. The complete content of a database consists of data stored on
disk and in the archive logs. So both of these―data files and archive logs―are part of
backup and restore operations.
Integrated with RMAN is Oracle Secure Backup for backups to disk. Oracle Secure Backup
can be managed as a target in Cloud Control. As EM administrator, you can automate
backup and recovery of the OMR and of target databases to and from tape.
In the practice, you perform an RMAN backup of a target database to disk as a hands-on
introduction to this topic. A further hands-on introduction to this topic is in the Oracle
Database: Administration Workshop course. Additional courses cover the related
advanced topics.

Backup and Recovery
Cloud Control backup and recovery involves performing backup

and recovery of all the three tiers of Cloud Control:

• Oracle Management Repository
• Oracle Management Service
• Oracle Management Agent
n se
lic e
ble
WebLogic
fe r a
EM
ans
WebLogic
EM n - t r
a no
h aOHSs eฺ
OMSdz ) u id
Repository o ฺ
o OHSnt G
OMS
r d
e tude Agents
o o S
a n i@ this
e b r © s2015,
dj to u
z ( a
Cloud A
i zi backup and recovery involves performing backup and recovery of all the
Control
an tiers of Cloud Control:
brthree
Dje • Oracle Management Repository
• Oracle Management Service
• Oracle Management Agent
Details of the backup and recovery of these components are covered in the next few slides.

OMR Backup and Recovery
• For the OMR, the best backup practice is to use the

standard database tools and do the following:

– Have the database in ARCHIVELOG mode.
– Perform regular online backups by using Recovery Manager
(RMAN).
• For recovery of the OMR, consider the following:
n se
– Full recovery of the management repository is possible. e
e lic
– Point-in-time and incomplete recoveries are possible.
r a bl
s fe
- t r an
no n
a
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
z (ad to
A zi
The best backup practice for the repository database is to use the standard database tools:
i
ran
• Have the database in ARCHIVELOG mode.
j e b
D • Perform regular online backups by using RMAN.
Backup jobs can be automatically scheduled through the Cloud Control Job subsystem. The
history of the backups is available for review, and the status of the backup is displayed in
the Job Activity section of the database target’s home page.
If the Management Repository is affected, Cloud Control will not be available to provide the
management interface. In such situations, you can use RMAN. A sample syntax for
database recovery by using RMAN is as follows:
RMAN> STARTUP MOUNT;
RMAN> RESTORE DATABASE;
RMAN> RECOVER DATABASE;
RMAN> ALTER DATABASE OPEN;
Recovery of the repository database has to be performed by using RMAN or DB console
because Cloud Control is not available when the repository database is down. There are
two cases to consider:
• Full Recovery: No special consideration is required for Cloud Control.

• Point-in-time/Incomplete Recovery: The recovered repository may be out of sync
with agents because of lost transactions. Due to this, some metrics may show up
incorrectly on the Cloud Control unless the repository is synchronized with the latest
state available on the agents.
To do this, run emctl resync repos -full -name <descriptive name for the
operation> from the OMS Oracle Home after restoring the repository, but before you
start the OMS. After submitting the command, start the OMS and monitor the progress
of Repository Synchronization by using the Cloud Control console. Recovery is

considered to be complete when the resync jobs complete on all agents.
Note: resync works only for 10.2.0.5 and later agent versions. Older agents have to be
resynced manually.
n se
lic e
ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
j e br use
z (ad to
i A zi
ran
j e b
D

OMS and Software Library Backup
• OMS Homes: WebLogic software bits–Middleware Home,

OMS Oracle Home, and so on

– File system–level backups must be taken after each patch
application activity.
• Instance Home: This consists of the WebLogic, OMS, and
webtier configuration files.
– The instance home can be backed up by using the emctl n se
lic e
exportconfig oms command. le
rab
• WLS Admin Server s f e
train yourn
o n -
– It is backed up as part of the first OMS installed
s
Cloud Control deployment. an
ฺ once a day
dz t Gu
• ) ha iat
Software Library: File system backup, deleast
o ฺ
r e do den
o o S tu
a n i@ this
e b r © s2015,
dj to u
z ( a
zi the backup requirements differ depending on the component:
For theAOMS,
i
b r a•n Software Homes: The software homes change only when patches or patch sets are
Dje applied, and so file system–level backups must be taken after each patch application
activity. Remember to back up the Oracle inventory files along with the software
homes.
• Instance Home: The instance home can be backed up by using the emctl
exportconfig oms command. This is a critical piece for recovery and therefore a
backup must be taken after any change to the OMS (new patches, port number
changes, and so on)
• WLS Admin Server operates as the central control entity for the configuration of the
entire domain that OMSs are part of. The admin server is co-located with the first OMS
that is installed in your Cloud Control deployment and shares the software homes and
instance home with the first OMS. Backup of the first OMS, therefore, includes backup
of the admin server.
The Software Library is a collection of patches, software images, or scripts and it must be
backed up like a file system, ideally once a day minimum. The software library is an
essential part of the Cloud Control framework that must be in sync with the OMS should any
recovery be needed.

OMS Recovery
• Recovering an OMS is a two-step process:

– Recovering the software homes

– Recovering the instance home
• If there is no backup, you can recover the software home
by using:
– Software-only installation of WebLogic e
e n s
– Software-only installation of OMS lic
– Software-only installation of any add-ons a b le
– s
Installation of any patches applied before the failure f er
n t ra
• Instance home can then be reconstructed n -
a no by using the
OMS Configuration Assistant (omsca) a s ineฺrecovery mode.
z) Guid h
o ฺ d
e d o
d e nt
o or Stu
a n i@ this
e b r © s2015,
dj to u
z ( a
A zi an OMS essentially consists of two steps, recovering the software homes, and
Recovering
i
an configuring the instance home. When restoring on the same host, the software homes
brthen
Dje can be restored from file system backup. In case a backup does not exist, the software
homes can be reconstructed by using the software-only installation of WebLogic and OMS,
software-only installation of add-ons (if any) and all patches that were applied earlier before
the crash. The location of the OMS Oracle home is fixed and cannot be changed, so take
care to restore in the same location that was used earlier.
After the software homes are recovered, the instance home can be reconstructed using the
OMS Configuration Assistant (omsca) in recovery mode, along with a saved
exportconfig file.
Note that the Software Library must also be restored to the same point in time as the OMS.
Note: Various OMS recovery techniques are covered in the course titled Oracle Enterprise
Manager Cloud Control 12c Advanced Configuration.

Agents Backup and Recovery
• Agents backup:
– Backup configuration files that are unique to that agent, if

any
– Best practice: Create reference agent installations and
maintain them up-to-date with patches and customizations
• Agents recovery:
– Can be cloned from a reference installation (quickest) n se
lic e
– Re-push/download from the Cloud Control Console ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
z (ad to
A zi
There are no special backup strategies for an agent. Make backup copies of the
i
ran
configuration file if there are special customizations made to a particular agent. As a best
j e b practice, reference agent installations must be maintained for different platforms and kept
D up-to-date in terms of customizations to emd.properties and patches applied.
If an agent is lost, it must be cloned from a reference installation. Cloning from a reference
installation is often the fastest way to recover an agent installation because one does not
have to track and reapply customizations and patches. Care must be taken to reinstall the
agent on the same port. When the agent is reinstalled (using cloning or agent
push/download solutions), the OMS detects that it has been reinstalled and blocks it
temporarily to prevent the autodiscovered targets in the reinstalled agent from overwriting
any customizations performed previously. An agent can be resynchronized and unblocked
from the agent home page by clicking the Resynchronize button. Resynchronization
pushes all targets from the repository to the agent and then unblocks the agent.

Quiz
When do you see the agent status as unreachable?

a. When the agent is not running

b. When the agent cannot resolve the OMS host name
c. When the agent is running and has files to upload, but
cannot upload because of a problem with the upload files
d. When the OMS has been locked down to receive only
n se
HTTPS connections from the agents, but this particular lic e
agent is not configured for HTTPS communications rabl
e
n s fe
e. All of the above tra
n on-
s a
h a d e ฺ
)
dz t Gu i
o ฺ
r e do den
o o S tu
a n i@ this
e b r © s2015,
dj to u
z (a
Answer: z
Ae i
n i
bra
Dje

Quiz
Enterprise Manager administrators can automate backup and

recovery of the OMR and target databases to and from tape.

a. True
b. False
n se
lic e
ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
iz (ad to
Aza
Answer:
i
b r an
Dj e

Summary

• Start and stop Cloud Control components

• View EM health statistics
• Identify the main log and trace files for Cloud Control
components
• Discuss options to back up and recover the various
n se
elements of Cloud Control lic e
ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
z (ad to
i A zi
ran
j e b
D

Practice Overview:
Managing Cloud Control
• Preparing your database for a backup

• Performing a backup
n se
lic e
ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
z (ad to
A zi
In this practice, you perform an RMAN backup of a target database to disk as a hands-on
i
ran
introduction to this topic.
j e b
D

Monitoring Targets
n se
lic e
ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
z (ad to
i A zi
ran
j e b
D
Objectives

• Identify out-of-the-box monitoring features

• Customize metric settings
• Describe corrective actions
• Create and apply monitoring templates
• Set up and use notifications n se
lic e
• Use blackouts to suspend target monitoring e
r a bl
• Describe metric extensions s fe
- t r an
no n
a
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
z (ad to
i A zi
ran
j e b
D

Enterprise Monitoring
Target
Agent
Monitoring targets
on Cloud Control
n se
lic e
ble
fe r a
Admin Server ans
n - t r
Managed Server
a no
WLS Domain ) h as deฺ
o ฺ dz t Gui
EM Repository OMS do
EM Infrastructure en
r e u d
@ oo s St
r a ni © 2015,
tOracle
eb o us
Copyright
d j t
i z (a
Because
n i Azof the size, complexity, and criticality of today’s enterprise IT operations, the
a
brchallenge for IT professionals is to be able to maintain high levels of component availability
Dje and performance for applications and all components that make up the application’s
technology stack. Monitoring the performance of these components and quickly correcting
problems before they can impact business operations is crucial.
The management agent on each monitored host monitors the status, health, and
performance of all managed targets (such as database, application server, operating
system, and hardware) on that host. If a target goes down, or if the performance metric
crosses a warning or critical threshold, an event is generated and sent to Oracle
Management Service (OMS). By using the Cloud Control console, you can view the status
of all the monitored targets.

Oracle-Provided Monitoring
Cloud Control provides immediate monitoring functionality,

such as:
• In-depth monitoring with Oracle-provided metrics and
suggested thresholds
• Access to real-time performance charts
• Collection, storage, and aggregation of metric data in the se
management repository to perform tasks such as trend e n
e lic
analysis and reporting abl fer
a n s
o n -tr
a n
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
dj to u
i z (a
n i Az
The management agent automatically starts monitoring the targets as soon as the agents
b r a deployed and started on the targets. Out-of-the-box monitoring automatically starts as

are
Dj e soon as the management agent discovers the target. The Cloud Control monitoring
capability makes it possible to monitor Oracle components as well as non-Oracle
components such as NetApp Filer, Checkpoint Firewall, and IBM WebSphere. Metrics from
all monitored components are stored and aggregated in the management repository,
providing administrators diagnostic information and trend analysis data.
It is important to note that one particular target type, the Oracle Database, starting with
version 10g, introduced self-management capabilities built right into the database kernel.
The Oracle Database manages itself, and diagnostics, metrics data, and so on are available
via the Cloud Control console. Note that a special database user, DBSNMP, is used for
Oracle Database monitoring. This is known as the Oracle Database monitoring credential. It
is a good practice to ensure that this account is unlocked. It has a unique password and its
password expiration policy is known and managed just like any other database user.

Metric Thresholds
Metric thresholds are boundary values against which monitored

metric values are compared. You can set the metric threshold
values for two levels of metric alert severity:
• Warning: Attention is required in a particular area, but the
area is still functional.
• Critical: Immediate action is required in a particular area. e
The area is either not functional or indicative of imminent cens
problems. l e li
b ra
f e
a ns
o n -tr
a n
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
z (ad to
A zi
Some metrics have associated predefined limiting parameters called thresholds that cause
i
ran
metric alerts to be triggered when collected metric values exceed these limits. You can set
j e b the metric threshold values for two levels of alert severity:
D • Warning: Attention is required in a particular area, but the area is still functional.
• Critical: Immediate action is required in a particular area. The area is either not
functional or indicative of imminent problems.
Thresholds are boundary values against which monitored metric values are compared. For
example, for each disk device associated with the CPU Utilization (%) metric, you might
define a warning threshold at 80% and critical threshold at 95%.

Customizing Metric Settings
Task Description
Customize metric Threshold values can be set to reflect the operational

threshold values. norms of your environment accurately
Set metric collection The collection schedule of a metric can be changed;

schedules. however, it is recommended that you use the Oracle
default values.
n se
Set the number of A metric has to cross its warning or critical threshold
lic e
occurrences that triggers for a consecutive number of evaluation cycles
ble
the alert. (equivalent to the number of occurrences) before a
fe r a
warning/critical metric alert is sent.
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
z (ad to
A zi
Some metric thresholds come predefined out of the box, for each target being monitored.
i
ran
Although these values are acceptable for most monitoring conditions, your environment may
j e b require customized threshold values to reflect the operational norms of your environment
D accurately.
Metrics are collected for each managed target at predefined collection schedules. The
upload interval determines how often a metric value is uploaded to the management
repository. For example, if a metric value is collected every five minutes, and the upload
interval is set to six (every sixth collection), the metric value is uploaded every 30 minutes. It
is recommended that you use the Oracle default values for the collection schedule of a
metric. If you do need to change it, be careful when changing the collection schedule to
intervals of less than five minutes. If the metric value does not change too frequently, this
causes unnecessary work for the agent. Changing the collection schedule may also affect
data collection for other related metrics and/or compliance rules. Before changing the
collection schedule, check the Affected Metrics list to determine the impact of changing the
collection settings.
In addition to setting warning and critical thresholds, you can set the number of occurrences
when monitoring a single object. This parameter allows you to define the alert sensitivity by
permitting metric data sampling over a period of time. This prevents sporadic spikes in
collected data from triggering an alert.

Specifically, the metric has to cross its warning or critical threshold for a consecutive
number of evaluation cycles (equivalent to the number of occurrences) before a
warning/critical alert is sent.
Number of occurrences determines the period of time a collected metric value must remain
above the threshold value before an alert is triggered. For example, if a metric value is
collected every five minutes, and the number of occurrences is set to six, the metric values
(collected successively) must stay above the threshold value for 30 minutes before an alert
is triggered.
Use the “Metric and Collection Settings” page to:
• Modify metric threshold values
• Edit monitoring settings for specific metrics
• Change metric collection schedules
• Disable the collection of a metric n se
lic e
e
The Edit icon (pencil) indicates whether or not you can specify different thresholds for the
bl
r a
metric; a group of pencils indicates that the metric is monitoring multiple objects, which can
fe
ans
each have their own threshold. An example is the Archive Area Used (%) metric for
- t r
Database. A single pencil indicates that the metric monitors a single object at a single set of
n
thresholds.
a no
) h as deฺ
Note: You must have at least the OPERATOR subprivilege “MANAGE TARGET METRICS” on
o ฺ dz t Gui
the target to make changes. Without this privilege, the content of the Metric Threshold table
will be read-only.
r e do den
Refer to the demonstration titledo o
“Monitor tu for detailed examples on performing
a Target”
S
these tasks.
a n i@ this
j e br use
z ( ad to
i A zi
n
bra
Dje

Corrective Actions
Notifications
Email
Threshold crossed
Alert generated
n se
lic e
ble
Corrective action fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
Issue resolved r e do Email d en Administrator
o o S t u
a n i@ this
e b r © s2015,
dj to u
z ( a
A ziactions allow you to specify automated responses to alerts. Corrective actions
Corrective
i
an that routine responses to alerts are automatically executed, thereby saving
brensure
Dje administrator time and ensuring that problems are dealt with before they noticeably impact
users. For example, if Cloud Control detects that a component, such as the listener is down,
a corrective action can be specified to automatically start it back up. A corrective action is
thus any task you specify that will be executed when a metric triggers a warning or critical
alert severity. By default, the corrective action runs on the target on which the alert has been
triggered. Administrators can also receive notifications for the success or failure of
corrective actions.
A corrective action can also consist of multiple tasks, with each task running on a different
target. For example, if an application server triggers a warning alert indicating that it is
approaching its limit on the number of requests it can handle, a corrective action can be
defined to automatically start up additional service instances on another host, thereby
sharing application load among different service instances.
Note: Corrective actions for a target can be defined by all Cloud Control administrators who
have been granted the “MANAGE TARGET METRICS” (or greater) privilege on the target.
The “MANAGE TARGET METRICS” privilege is an OPERATOR subprivilege.

Defining and Using Corrective Actions
• To add a corrective action to a metric on a specific target

or in a monitoring template:
– Create a new corrective action as part of the metric
definition.
– Reuse a corrective action already defined for a metric on the
same target, or in the monitoring template.
– Apply one from the corrective actions library (at the
e n se
c
Enterprise level). e li bl
• Define a library corrective action for a corrective action
f e ra that
you plan to use repeatedly. t r a ns
- on
a n
h a s e ฺ
)
dz t Gu i d
o ฺ
r e do den
o o S tu
a n i@ this
e b r © s2015,
dj to u
i z (a
You can
n i Azadd a new corrective action to a metric on a specific target or in a monitoring
b r a
template in any of the following ways:
Dj e • Create a new corrective action as part of the metric definition.
• Specify the name of a corrective action that has already been defined on another
metric for that target. If you are adding the corrective action to a metric in a monitoring
template, you can also reuse corrective actions that have been previously defined in
the monitoring template.
• Specify the name of a corrective action that has been previously defined in the
corrective actions library.
Defining a corrective action as part of the corrective actions library at the enterprise level
enables you to use the corrective action definition when you define a corrective action for a
target metric.
When you define a corrective action, you choose from a list of corrective action job types
including standard types such as “Same as Warning,” “Same as Critical,” and “OS
Commands.” The list of available job types varies depending on the target type.
If you are reusing a previously defined corrective action, choose a corrective action type of
“Reuse Action.” To use a corrective action from the corrective action library, choose a
corrective action type of “From Library.”

Using Monitoring Templates
• A monitoring template defines:

– The target type to which the template applies

– The metrics, metrics extensions, thresholds, metric collection
schedules, and corrective actions
• Use monitoring templates:
– As part of a template collection (recommended)
n se
– For ad hoc operations
lic e
• Recommended workflow: ble
fe r a
– Create a template. ans
n - t r
– Add it to a template collection.
a no
• The assignment of template collections
) h as dto e ฺ administration
groups ensures that any changes ฺ dz t are G uiapplied to the
monitored target. o
do den
o r e tu
o S
a n i@ this
e b r © s2015,
dj to u
z ( a
A zi templates provide a way for administrators to apply standardized monitoring
Monitoring
i
an across managed targets. Oracle Corporation recommends using templates as part
brsettings
Dje of template collections. But you can also use them for ad hoc operations.
When a template is applied to a target, any monitoring settings not specified in the template
remain unaffected on the target.
You can use templates across one or more targets or groups. When a change is made to a
template (which is not in a template collection), you need to reapply the template across
affected targets to propagate the new changes. For any target, you can preserve custom
monitoring settings by specifying metric settings that can never be overwritten by a
template.
The recommended workflow is:
• Create templates (from the beginning or with the create-like functionality from Oracle’s
predefined templates)
• Add templates to the template collection (covered in the lesson titled “Managing
Groups”)
The benefit is that you do not need to perform ad hoc apply operations or the comparing
template settings because the template collection feature ensures that template settings are
applied to their target type in the administration group hierarchy.

Working with Monitoring Templates
• Creating new templates:

– Use a predefined template as a starting point (Create Like).

– Create a new monitoring template (Create).
• Compare template settings with targets to determine
differences before applying (Compare Settings).
• Edit to make changes (Edit). NotNot needed
needed whenwhen youwith
working work (as
template
e
collections,
recommended) as recommended
with template collections
e n s
• Apply/reapply monitoring templates to targets (Apply).
le lic
• Other monitoring templates tasks: a b
sf er
– Delete the monitoring template (Delete).
- t r an
– Export to an XML file and import from an
n n file
oXML
a
(Export/Import). as ฺ
) h d e
z u i
• Define a default template o
o ฺdnewt targets
for G of a specific
target type (Set Default edTemplates).
de n
o
o sS r t u
i @
tOracle
r a e
eb o us
Copyright
d j t
i z (a
n i Az Manager Cloud Control includes templates for monitoring Oracle target types,
Enterprise
a as Oracle WebLogic Domain, Oracle Home, Oracle Fusion Middleware Farm,
brsuch
Dje Metadata Repository, Listener, Database Instance, Application Deployment, Oracle
WebLogic Server, Host, and Agent.
You can view these templates and any others that your organization might have on the
Monitoring Templates page. This page provides the starting point for your tasks, which
include working with the monitoring templates. Note that the correct privilege level is
required.
You can use predefined templates as a starting point (with Create Like) or create a new
monitoring template. Templates can be edited and, if no longer needed, they can be
deleted.
Compare and apply operations are needed only when you work with individual templates.
When a monitoring template is used as part of a template collection, these operations occur
automatically based on their assignment to an administration group (covered in the lesson
titled “Managing Groups”).
When you have an individual template version that you want to use, it is recommended to
compare it with targets before applying the template to the targets.

The Compare Settings functionality provides details about how metric settings defined in a
template differ from those defined at the destination target. The Compare functionality is
especially useful when working with aggregate targets, such as groups and systems. For
example, after you apply a monitoring template to a group, you want to verify that the group
members now have the same monitoring settings as the template. Compare Settings makes
checking simple. You can also schedule this as a report, allowing you to check periodically if
the group members still follow the template settings.
Monitoring templates are independent of the targets to which they are applied. After a
template is applied, and you make subsequent changes to the template, you must reapply
the template to any of the applicable targets in order for the changes to be propagated to
these targets. Conversely, any monitoring settings changes made to individual targets will
not appear in the template. The most common use case is to apply a monitoring template to
a group.
Two template apply options are available: n se
lic e
• Template will completely replace all metric settings in the target: All metrics
ble
r a
defined in the template are applied to the target. Pre-existing target monitoring settings
fe
ans
are disabled. Metric thresholds will be set to NULL or blank. This effectively eliminates
- t r
alerts from these metrics by clearing current severities and violations.
n
no
• Template will only override metrics that are common to both template and
a
) h as deฺ
target: Only metrics common to both the template and target are updated. Existing
o ฺ dz t Gui
target metrics that do not exist in the template remain unaffected. When this option is
r e do den
selected, additional template apply options are made available for metrics with key
value settings.
o o S tu
When an individual template
a n i@
is applied,
t h isthe apply operation is performed as asynchronous
jobs, one for each target
j e br to which
u s ethe template is applied. You can click the link under the
Pending Apply a
( d
Operationstocolumn to check on the status of apply template jobs. Any job
that is not
z i z
shown as pending indicates a successful application of the template.
You
A
nican select any existing monitoring template and export it to an XML file by clicking
r a
Dj eb Export. For any monitoring template that has been exported to an XML file, you can add it
back as an active template by clicking Import. You can only export/import metric templates
between the same Cloud Control versions.
Cloud Control allows you to set default monitoring templates that are automatically applied
to newly added targets, thus allowing you to apply monitoring settings that are appropriate
for your monitored environment.
Note: Super administrator privileges are required to define default monitoring templates.
Templates can also be grouped into template collections and associated with an
administration group. You can only have one monitoring template of a particular target type
in the template collection.

Using Blackouts
To keep your monitoring data free from unwanted monitoring of

maintenance activities:
Cloud Control
Oracle
Blackout
Management Service
n se
lic e
ble
fe r a
ans
n - t r
a no
) h as Database d e ฺ backup
Oracle Management Repositoryฺdz u i
o t G
r e do den
o o S tu
a n i@ this
e b r © s2015,
dj to u
z ( a
A ziallow you to suspend the collection of metrics on a target when performing
Blackouts
i
an
brscheduled maintenance on the target. Blacking out a target suspends monitoring on the
Dje target for the duration of the blackout.
A blackout can be defined for individual targets, a group of multiple targets that reside on
different hosts, or for all targets on a host. Blackouts can be scheduled to run immediately or
in the future, and to run indefinitely or stop after a specific duration. Blackouts can be
created on an as-needed basis, or scheduled to run at regular intervals. During the
maintenance period, if you discover that you need more (or less) time to complete a
maintenance task, you can easily extend (or stop) the blackout that is currently in effect. The
blackout functionality is available from both the Cloud Control console as well as via the
command-line interface (EMCLI). EMCLI is often useful for administrators who need to
incorporate the blacking out of a target in their maintenance scripts.
Blackouts allow you to collect accurate monitoring data. For example, you can stop data
collections during periods where a managed target is undergoing routine maintenance, such
as a database backup (as shown in the slide) or hardware upgrade. If you continue
monitoring during these periods, the collected data shows trends and other monitoring
information that are not the result of normal day-to-day operations.
Note: Blackouts occur simultaneously across all targets, regardless of the time zone. To
black out a target, you need at least the BLACKOUT TARGET privilege on the target.

Setting Up Notifications
• Notifications: Notices sent when problems arise

• Email notifications
– Set up a mail server
– Define email addresses
– Customize email formats
– Set up notification schedules e
e n s
– Can be set up during OMS installation
e lic
• Third-party tools notifications r a bl
s fe
– SNMP traps
- t r an
• no or PL/SQL
Custom notification methods via OS scripts n
a
procedures has eฺ z) Guid
o ฺ d
e d o
d e nt
o or Stu
a n i@ this
e b r © s2015,
j u
z (ad to
A zi
Cloud Control includes a notification subsystem integrated with the monitoring system and
i
ran
allows you to receive notifications in various formats if any problems (alerts, events, and so
j e b on) arise.
D
Notifications can be sent via email, in which case you must set up:
• A mail server
• Email addresses to be sent to
• Any customization to the email format
• The schedule emails are to be sent on
A default email address can be set up during the OMS installation time.
Cloud Control also supports third-party notifications via SNMP traps, including SNMP v3.
Other custom notification methods can be set up via OS scripts or custom PL/SQL
procedures.
The notifications setup interface can be accessed from the Setup > Notifications menu.
You must have Super-Administrator privileges to set up a notification method.

Extending Your Monitoring Scope
• Metric extensions (MEs):

– Allow you to extend Enterprise Manager’s monitoring scope

to meet your data center needs
– Can be defined for any target type
– Can be used in any feature that uses metrics
– Are mechanisms for collecting metric data: SQL script, OS
script, SNMP, and JMX n se
lic e
• Scripts can generate multiple metric values. ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
z (ad to
A zi
If the predefined (out-of-the-box) metrics do not cover all of your monitoring needs, then you
i
ran
can define extensions to Enterprise Manager’s monitoring scope, so that you can meet your
j e b data center needs.
D
A metric extension (ME) can be defined for any target type in Enterprise Manager. A wizard
guides you through the workflow. When you have defined a ME, it can be used in any
feature in Enterprise Manager that uses metrics.
Mechanisms for collecting metric data include: SQL script, OS script, SNMP, and JMX.
Multiple metric values can be returned to your script in a ME.
Going forward, MEs will replace the user-defined metrics of earlier versions.
Note: All the mechanisms that Oracle’s own developers use to collect metric data are
exposed to you as well.

Developing and Deploying Metric Extensions
5. Test fails, create new version.

“Editable” “Deployable Draft” “Published”
Metric Extension Metric Extension Metric Extension
1. Create metric extension. 6. Deploy to targets. 10. Deploy from library.

2. Test against targets. 7. Review metric data. 11. Deploy using monitoring
n se
3. Edit as needed. 8. Test alert
notifications.
templates.
lic e
bl e
Develop Test Deploy fe r a
a n s
no n-tr
s eฺ a
4. Save as Deployable Draft. h aPublish.
9.
ฺ d z Guid
)
d o o nt
e d e
o or Stu
a n i@ this
e b r © s2015,
j u
z (ad to
A zi
The graphic in the slide shows (from left to right) the development and deployment life cycle
i
ran
of a metric extension. The first phase is the development, during which the ME is “editable.”
j e b It can be changed, tested, and so on.
D
When the metric is ready for testing by others, you save it as a “deployable draft.” It can now
be deployed against a target, start collecting metric data, thresholds can be placed on it,
and alerts generated, as it would when the ME is ultimately deployed in a production
environment. If you find problems at this stage, you create a new version of the metric
extension and edit it as needed.
When the ME meets your requirements, you can publish it. Then, it is available for general
use. You can deploy MEs from the metric extension library or through monitoring templates.
(The numbered activities in the graphic might not all occur. The numbers merely indicate a
likely workflow.)
Two demonstrations cover this topic:
• Using Metric Extensions - Part I: Shows you how to create and test a ME for a host
target type
• Using Metric Extensions - Part II: Shows you how to deploy the previously created
ME and view the results

Securely Dividing ME Tasks
User Roles Role Tasks Privileges

Metric • Designs and creates new • Create Metric Extension

MEs • Manage Target Metrics (per target)
Designer
• Tests and publishes MEs • Full Metric Extension (per metric
• Develops new versions of extension)
MEs • Edit Metric Extension (per metric
extension)
Target • Consumer of the ME(s) • Manage Target Metrics (per target) n se

lic e
Administrator • Deploys MEs to targets e
(DBAs, • Uses ME functionality
r a bl
middleware s fe
administrators, - t r an
system
no n
administrators, a
and so on)
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
z (ad to
A zi
Typically, there are two users involved in the use and creation of MEs. The first of these is
i
ran
the metric designer, who is responsible for the design and creation of new MEs, as well as
j e b testing and publishing MEs and developing new versions as needed. The second user is the
D target administrator, who uses MEs. This may be a DBA, middleware administrator,
system administrator, and so on. The target administrator is responsible for deploying the
ME to its targets.
To support these operations, a metric designer typically needs:
• The Create Metric Extension resource privilege
• The per-target Manage Target Metrics privilege to deploy the ME to a target
• The Full Metric Extension and Edit Metric Extension privileges on a per–metric
extension basis to work on other author’s metric extensions
The target administrator needs the Manage Target Metrics privilege to deploy metric
extensions.

Quiz
Using monitoring templates, you can:

a. Apply standardized monitoring settings across managed

targets
b. Specify monitoring and compliance settings once and
apply them as often as needed
c. Save, edit, and apply these templates se
e n
d. Apply the template only to targets of the same type
le lic
e. All of the above a b
er f
t r a ns
no n-
a
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
iz (ad to
Aze
Answer:
i
b r an
Dj e

Quiz
You can apply monitoring templates on:

a. Targets
b. Groups
c. Both of the above
n se
lic e
ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
iz (ad to
Azc
Answer:
i
b r an
Dj e

Quiz
By enabling repeat notifications, you:

a. Repeatedly receive email notifications about the same

metric or availability alert
b. Send email notifications based on the repeat frequency
c. Send email notifications based on the maximum repeat
notification se
e n
d. All of the above
e lic
r a bl
s fe
- t r an
no n
a
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
iz (ad to
Azd
Answer:
i
b r an
Dj e

Summary

• Identify out-of-the-box monitoring features

• Customize metric settings
• Describe corrective actions
• Create and apply monitoring templates
• Set up and use notifications n se
lic e
• Use blackouts to suspend target monitoring e
r a bl
• Describe metric extensions s fe
- t r an
no n
a
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
z (ad to
i A zi
ran
j e b
D

Practice Overview:
Monitoring Targets
• Reviewing Oracle-provided monitoring templates

• Creating a monitoring template
• Comparing and applying a monitoring template
• Comparing metric settings
n se
lic e
ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
z (ad to
A zi
Demonstrations relevant for this lesson include:
i
ran
• Monitor a Target: Shows you how to view metrics, thresholds, and collection settings
j e b (where they are defined), and host target values (your current monitoring information).
D The demonstration also shows context-sensitive help for metrics, pointing to additional
information to help you evaluate the monitoring data.
• Administer Monitoring Templates: Shows you how to view Oracle-provided
templates, how to create a new template, compare its settings to a target, and how to
apply the template
For advanced use:
• Using Metric Extensions - Part I: Shows you how to create and test a metric
extension for a host target type
• Using Metric Extensions - Part II: Shows you how to create and deploy the
previously created metric extension and view the results

Managing Hosts
n se
lic e
ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
z (ad to
i A zi
ran
j e b
D
Objectives

• Monitor and manage multiple hosts

• Execute host commands on one or more hosts
• View host details, such as CPU, memory, network
utilization, incidents, compliance, and log file alerts
• View related targets on this host
n se
• Use the Remote File Editor lic e
a b le
• Administer hosts: fer ns
– Verify installation of YaST
n - tra
no
– Perform administrative tasks on Linuxahosts
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
dj to u
z(a
A z i
ani
e b r
Dj

Monitoring the Host OS
• Monitor host OS
– Ensure efficient resource utilization

– Plan ahead for systems expansion
– Must discover the host first
– Metrics such as CPU, memory, and disk usage
• Operating systems include e
e n s
– Linux
e lic
– HP-UX r a bl
s fe
– AIX
- t r an
– Windows no n
a
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
z (ad to
A zi
Administrators often want to monitor the host’s operating systems to ensure that resources
i
ran
are used effectively, understand when hardware bottlenecks occur, and plan for expanding
j e b their systems. The Cloud Control console enables you to monitor the host operating system
D on which the Oracle software is running. As soon as a management agent is deployed to a
host, Cloud Control automatically starts collecting configuration information for that host and
makes that information available to the console. The key metrics to monitor are CPU,
memory, and disk usage, including the correlation to the storage utilization. Cloud Control
enables you to monitor operating systems, such as:
• RedHat
• Oracle Enterprise Linux
• SuSE
• HP-UX
• AIX
• Windows
• Others

Managing All Hosts
n se
lic e
ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
z (ad to
A zi
The Hosts page enables you to obtain a high-level view of multiple hosts that you (as an
i
ran
Enterprise Manager administrator) are responsible for. To view the hosts being monitored
j e b by Cloud Control, navigate to Targets > Hosts.
D
Through the links in the Related Links section, you can customize the columns displayed on
the Hosts overview page and run host commands.
The Configure, Remove, and Add buttons are used as follows:
• Configure: Because availability and performance monitoring for the selected target
have been automatically enabled, no further monitoring configuration is necessary.
• Remove: Before removing the host, you must first remove all the other targets.
• Add: To add a host target, install the Oracle Management Agent on the host computer
that you want to manage. When the Management Agent begins communicating with
the Oracle Management Service, the Management Agent target and the host target
will appear in the list of targets.
View the demonstration titled “Monitor and Manage All Hosts” for additional information.
Incidents are described in detail in the “Managing Incidents” lesson. Compliance information
is provided in the “Managing Compliance” lesson.

Host Home Page
n se
lic e
ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
z (ad to
A zi
On the Host home page, which is displayed in the slide, you can view detailed information
i
ran
about the selected host. You can navigate to this page by selecting Targets > All Targets
j e b and then search for and select the target.
D
By clicking the “i” icon next to the host name, you can quickly determine how long the target
has been up, the availability percentage, the operating system of the target, and the name
of the agent. The Summary, Diagnostics, and Configuration sections provide more detailed
information.
This page also provides a graphical display of:
• CPU and memory utilization
• File system usage (total disk utilization)
• Network utilization in MB/second (write and read)
Additional information provided on this page includes:
• Incidents and problems listing
• Compliance standard summary, including last evaluation date
Note that the page can be personalized, enabling you to reorganize the page content and
choose additional display elements.
View the demonstration titled “Monitor an Individual Host” for additional information.

Managing an Individual Host
Configure Oracle Net

Services, including listeners

and naming services.
View, clear, and purge open
alerts generated during log file
monitoring.
View detailed storage

utilization information and View, edit, copy, and save
usage graphs. text files on a remote host
n se
target.
lic e
Execute host commands on
a b le
a single host, multiple hosts,
or a group of hosts. – access asn as fer
Privilege delegation setting
privileged
n - trauser.
a no
View and remove related
) h as deฺ
targets on the host.
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
dj to u
z ( a
You canA i
zexpand the Host menu to view the starting points for additional host management
n i
a A few of the operations are highlighted in the slide. Some operations, such as
tasks.
b r
e Privilege Delegation Settings, require special privileges that you may not have.
Dj

Monitoring the Host
View CPU and memory usage statistics.

View disk I/O and busy percentages.
Set warning and critical thresholds for

metrics and collected items.
n se
Create custom monitoring metrics.
lic e
ble
fe r a
an
View availability history.s
n - t r
a no
h a s View ealertฺ history.
ฺ d z) Guid
d o o nt
e d e
o or Stu
a n i@ this
e b r © s2015,
j u
z (ad to
A zi
Navigate to Host > Monitoring to view the options for detailed monitoring of your host:
i
ran
• CPU Details: Graphical representation of CPU utilization, I/O wait, and load. The top
j e b 10 processes are ordered by CPU usage.
D
• Memory Details: Graphical representation of memory page scan rate, memory
utilization, and swap utilization. The top 10 processes are ordered by memory usage.
• Disk Details: Graphical representation of total disk I/O made across all disks and
maximum average disk I/O service time. The top disk devices are ordered by percent
busy.
Use the All Metrics page to view a list of all the performance metrics defined for the host
target. You can set the thresholds for these metrics by selecting “Metric and Collection
Settings” in the Monitoring menu. Additional information about metrics is provided in the
“Monitoring Targets” lesson.

Administering Hosts
• Linux Hosts Prerequisite: Install YaST for direct access.

• Navigation overview:
n se
lic e
bl e
• Sample tasks: fe r a
t r a ns
on-
– Modify services on the Linux operating system.
– View the network cards and the IP addresses a n available in a
Linux machine. h a s e ฺ
z ) u i d
– Add, delete, and edit groups o o ฺd andt user G accounts on Linux
d e n
hosts.
o ore Stud
a n i@ this
e b r © s2015,
j u
z (ad to
A zi
The screenshot in the slide provides a navigation overview for host administration tasks.
i
a Linux hosts, to leverage the capabilities offered on the Host Administration page, you n
j e brFor
D need to install Yet Another Software Tool (YaST). YaST is an operating system setup and
configuration tool that comes as a standard tool as part of SuSE Linux distribution. The
Linux administration feature uses YaST to run scripts. For Oracle Enterprise Linux and Red
Hat, the YaST Red Hat Package Manager (RPM) package contains the Cloud Control
scripts. You can download and install free of charge the YAST software from
http://oss.oracle.com/projects/yast/.
View the demonstration titled “Install YAST” for an example of a YaST install. Note that your
YaST install depends on your operating system version.
The tasks you can perform from each link are as follows:
• Services: Modify services on the Linux operating system. You can edit, start, stop,
and restart a service and also change the run level of a service.
• Default System Run Level: Set the run level into which the system boots by default.

• Network Cards: View the network cards and the IP addresses available in a Linux
machine. You can configure, enable, or disable network cards. However, this is possible
only if you have more than one network card in your Linux machine.
You can also view the network card being used by Cloud Control. You can view and edit
the domain name server (DNS) settings for the domains that are listed on the page.
Additionally, you can edit the default gateway and define routing configurations.
• Host Lookup Table: View and edit the /etc/hosts file.
• NFS Client: View and edit all the NFS clients mounted on your Linux host. You can add,
mount, unmount, and delete clients.
• User and Group Administration: Add, delete, and edit groups and user accounts on
Linux hosts.
View the demonstration titled “Administer a Linux Host” for additional information.
n se
lic e
ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
j e br use
z (ad to
i A zi
ran
j e b
D

Administering Network Components
Expand the Host menu and select Net Services Administration

to configure Oracle Net Services as follows:
Feature Administration Tasks
Listener Configuration and administration of listeners
Directory Naming Configuration and administration of net services names in

n se
a Directory server
lic e
ble
Local Naming
a tnsnames.ora file on a client fe r a
Configuration and administration of net services names in
t r a ns
Network Profile Configuration of Oracle Net Services n
o - on a client
features
or server a n
h a s e ฺ
)
dz t Gu i d
o ฺ
r e do den
o o S tu
a n i@ this
e b r © s2015,
dj to u
z ( a
i A zi Administration enables you to configure Oracle Net Services for any Oracle
Net Services
b r an It also provides common administration functions for listeners. You can use Net
home.
Dj e Services Administration to configure and administer the following:
• Listeners: Configures listeners to receive client connections and to save this
configuration in the listener.ora file
• Directory Naming: Defines simple names and connect identifiers, and maps them to
connect descriptors to identify the network location and identification of a service. It
saves database services, Net Services, and Net Service aliases in a centralized
directory service.
• Local Naming: Saves Net Service names in the tnsnames.ora file
• Network Profile: Configures parameters for a profile saved in the sqlnet.ora file,
which specifies preferences for enabling and configuring Oracle Net features on the
client or database server
You can also perform the following tasks:
• File Location: Specifies the directory location for Oracle Net Services configuration
files
• Group Copy of Network Config Files: Enables you to copy selected network
administration files to a group of one or more destination hosts
View the demonstration titled “Administer a Linux Host” for additional information.

Quiz
You can use Cloud Control to perform administration tasks on

Oracle Enterprise Linux.

a. True
b. False
n se
lic e
ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
iz (ad to
Aza
Answer:
i
b r an
Dj e

Summary

• Monitor and manage multiple hosts

• Execute host commands on one or more hosts
• View host details, such as CPU, memory, network
utilization, incidents, compliance, and log file alerts
• View related targets on this host
n se
• Use the Remote File Editor lic e
a b le
• Administer hosts fer ns
– Verify installation of YaST
n - tra
no
– Perform administrative tasks on Linuxahosts
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
dj to u
z(a
A z i
ani
e b r
Dj

Practice Overview:
Managing Hosts
• Reviewing prerequisites: YaST

• Viewing host details
• Working remotely on the host operating system
n se
lic e
ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
z (ad to
A zi
Demonstrations that are relevant for this lesson include the following:
i
ran
• Monitor and Manage All Hosts: Shows you how to explore the Hosts overview page
j e b and execute OS commands for multiple hosts
D
• Monitor an Individual Host:
- Viewing host target information, CPU, memory, and network utilization
- Monitoring your incidents and compliance, and checking log file alerts
- Viewing related targets on this host
- Navigating to All Metrics
• Use the Remote File Editor: Shows you how to edit files remotely
• Install YaST: Shows you how to download and install YAST, which is a prerequisite
for the next demonstration
• Administer a Linux Host: Shows you how to perform sample Linux tasks from the
EM interface

D j e
ra b
n i A
zzi
(ad
j e
a n
to
o
br use
o r e
i@ this S
o ฺ
tu
)
do den
h
dz t Gui
a
as deฺ
n no
- t r an
s
fe r a bl
elic e n s
e
Managing Groups
n se
lic e
ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
z (ad to
i A zi
ran
j e b
D
Objectives

• Describe the benefits of using groups

• Manage targets with groups
• Define and distinguish Enterprise Manager groups
• Create groups
• Perform group management tasks n se
lic e
• Define administration groups and a group hierarchy le
a b
• Define and use template collections s f er
• Apply template modifications - t r an
n on
sa
• Keep targets and templates synchronized
h a deฺ
)
dz t Gui
o ฺ
r e do den
o o S tu
a n i@ this
e b r © s2015,
dj to u
z(a
A z i
ani
e b r
Dj

Groups and Goals
Why would you use groups? Which goals can you achieve?
• Streamline and simplify your management and monitoring

tasks.
• Manage targets as one unit.
• Ensure consistency in your monitoring.
• Enforce permissions as an aggregate.
n se
• Deploy changes to your monitoring settings. lic e
a b le
• Scale as your data center grows. fer s
- t r an
no n
a
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
z (ad to
A zi
Groups allow you to manage targets as one unit. The goals and benefits of all groups are to
i
ran
streamline and simplify your management and monitoring tasks, as well as ensure
j e b consistency in your monitoring, enforce permissions, or easily deploy changes to your
D monitoring settings. Scalability is a very important aspect in a data center: while managing
ten targets semi-manually might be possible in a consistent way, imagine doing the same
for more than a thousand targets.

Managing Targets via Groups
Groups have great manageability benefits because you can:

• Manage sets of targets as a single functional unit (for

example, all databases)
• Monitor sets of targets
• Obtain management information about sets of targets as a
whole through group reports se
e n
• Perform administrative tasks for all targets in a group
l e lic
• Use them for notifications r a b
sf e
• Apply monitoring templates a n
-tr on
a n
h a s e ฺ
)
dz t Gu i d
o ฺ
r e do den
o o S tu
a n i@ this
e b r © s2015,
dj to u
i z (a
Groups
i z great manageability benefits because you can:
Ahave
n
bra• Manage sets of targets as a single functional unit. You can grant administrators
Dje access to the groups of targets that they need to manage. For example, database
administrators are interested only in the databases that they are responsible for, so
you can create a group of databases for them. Some administrators might want to
manage targets within their geographic areas, so you create groups containing those
targets.
• Quickly determine the overall status and health of a subset of the cloud’s managed
targets
• Get summaries of open incidents and job activity and drill down to see the incident
itself
• Perform administrative tasks, such as scheduling jobs for the entire group or blacking
out the group for maintenance periods
• Run Host and SQL script jobs against all members of a group
• Grant privileges on all targets in a group to a set of administrators or roles
• Use a notification rule on a group
• Apply Monitoring Templates on groups
• Run reports on groups
Group: Example
Customize GUI.
View group-level or target-specific.
n se
Monitor the status, incidents and
compliance violations in the group. lic e
ble
fe r a
an s
Perform target
n - t r
operations.
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
z (ad to
A zi
The Group home page (shown on the slide) differs for different types of target groups.
i
a n
Normally, a group has many members.
j e brYou can customize the page to best suit your working style. Customization includes layout,
D
changing options in individual regions, adding, and removing regions.
Monitoring the states of your targets is usually your most important task. Rollup of incidents,
blackouts, and policy violation are categorized by severity, so you can quickly focus on the
most critical problems first. Incidents and violations that have occurred within the last 24
hours highlight problems that recently occurred.
You can administer the group membership, view its history, and perform tasks based on the
types of members in your group.
Your dashboard contains by default status, incidents, alerts, and performance of the targets
in the group. Its color-coded interface immediately highlights problem areas. By clicking a
target name link, you can drill down to more detailed information.

Distinguishing Cloud Control Groups
• Group: Explicit assignment of targets for ease of

monitoring and administration

– Privilege propagating group: Future targets inherit
privileges.
– Dynamic Group: Defined by membership criteria
– Administration group:
Is a privilege propagating group n se
—
Is used to automate the deployment of management settings to lic e

—
targets in the group a b le

s f er can
Implicit assignment of targets, based on target properties,
—
n
be used with template collections. -tra o n
• Similar to groups: a n
h a s e ฺ an application
– Systems: Targets that work together ) to
i d host
or service o ฺ dz t Gu
r
– Service: A set ofoentitiesedo tthat u
n
dedeliver a function
o S
a n i@ this
e b r © s2015,
dj to u
z ( a
WhichA
i zi exist in Cloud Control and how do they differ from each other?
groups
n
bra• A group can include targets of the same type, such as all your production databases,
Dje or include targets of different types. A group can include other groups. You explicitly
assign targets to a group.
• A privilege propagating group is a group wherein an EM privilege that you grant on
the group automatically extends to all its targets, including any targets added to the
group in the future.
• A Dynamic Group is a group whose membership is determined by a membership
criteria. Enterprise Manager automatically adds targets that match a predefined
membership criteria.
• Administration groups are privilege propagating groups, which are used to automate
the deployment of management settings to targets in the group. Administration groups
are created based on target properties that act as membership criteria. Privilege
propagation is included. EM automatically adds targets to an administration group if
that target meets your configured membership criteria. You cannot directly add targets
to the administration group.

• Systems and groups have the same features, such as jobs and blackouts, but systems
contain targets that work together to host an application or service (whereas the targets
in a group continue to work independently from each other). See the lesson titled
“Managing Systems and Services” for more details.
• A service is a container target that supplies a function (like email).
n se
lic e
ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
j e br use
z (ad to
i A zi
ran
j e b
D

Creating Groups
Designing and creating groups, based on:

• Same type
• Different types
• Group hierarchy
• Specific types for redundancy group:
– Cluster n se
– Cluster database lic e
ble
– HTTP HA group fe r a
ans
n - t r
Production
a noEMEA
database
) h as deฺgroup
dz t Gui
group
o ฺ
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
z (ad to
A zi
When you create groups, it is your choice how you want to design them. Cloud Control
i
ran
supports:
j e b • Targets of the same type, such as:
D
- All hosts in your data center
- All of your production databases
• Targets of different types, such as:
- The database, application server, listener, and host, which are used in your
application environment
- Targets operating within a particular data center region
• Group Hierarchy with parent groups
To group a RAC database, host cluster, or HTTP server high-availability group, use the
following specific target types: cluster, cluster database, and HTTP HA group.

Managing Groups
• Editing and deleting the group definition

• Assigning access privileges for other EM administrators:

– View target
– Operator target
– Full target
• Using the Group Administration privilege to delegate se
tasks e n
l e lic
• Managing target membership: rab fe
– By explicit assignment for regular groups
t r a ns
– By automatic assignment (based on target
-
onproperties) for
a n
administrative groups as ฺ
) h d e
z u i
o o ฺd t G
r e d
u d en
@ oo s St
r a ni © 2015,
tOracle
eb o us
Copyright
d j t
z (a
A zi
When a group exists, your management tasks might include:
i
ran
• Editing and deleting the group definition
j e b
D • Assigning privileges for other EM administrators:
- The View target privilege includes privileges to view a group and its members.
- The Operator target privilege includes privileges to modify group membership,
customize dashboards, add charts, and so on.
- The Full target privilege includes the operator and delete group privileges (the
latter does not delete the group members).
• Using the Group Administration privilege to delegate group administration
activities to other administrators
• Managing target membership:
- By explicit assignment for regular groups
- By automatic assignment (based on target properties) for administrative groups

Prerequisite Privileges
Task EM Privilege
Create administration group Full Any Target

hierarchy. Create Privilege Propagating Group
Create a monitoring template. None
Use a specific monitoring View

template. e
e n s
Create template collections. Create Template Collection resource
e lic
privilege
r a bl
s fe
Use template collections.
- t r an
View or Full (on a specific template collection) or:
View any Template Collection n no
Associate Template Collection Operator on thea s eฺ
group a
with Administration Group. )
View on the template h
z Gucollection id
o ฺ d
e d o
d e nt
o or Stu
a n i@ this
e b r © s2015,
dj to u
z ( a
A zi tasks have the privileges outlined in the slide as a prerequisite.
The upcoming
i
anspecial EM privileges are needed to create a monitoring template.
brNo
Dje To use the template (which you did not create), you must have the View privilege on that
template. Similarly, you must have the View privilege to use template collections.

Dynamic Groups
• Definition tasks:
– Specify membership criteria

— Based on target type properties
— Targets must meet all criteria defined
– Enable/disable privilege propagation
– Select metrics to monitor
n se
– Customize displays e
e lic
• Management tasks:
r a bl
– Automatic re-evaluation of membership criteria ns fe
– View members and defined metrics n - tra
n o
– Customize displays s a
) h a deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
dj to u
i z (a
n i Az group is a group of targets created only by specifying a membership criteria.
A dynamic
bra
Enterprise Manager automatically determines which members can be part of a dynamic
Dje group by evaluating the criteria. Membership criteria is based on target properties, for
example target types, lifecycle status, location, and so on. When multiple criteria are defined
for a dynamic group, a target must match all criteria before it is automatically added to the
group.
You can have Privilege Propagation enabled for a dynamic group. This means that the
target privileges granted on the group to the administrator will be propagated to the member
targets. Therefore, if this property is enabled, only targets on which the administrator has full
privileges on can be members of the group.
By using the Charts tab, you can select metrics at the target type level to monitor from the
Groups home page. These metrics will be displayed in Charts view. By using the Columns
tab, you can customize display names for group members columns and charts. By using the
Dashboard tab, you can configure display settings for the group dashboard.
Enterprise Manager automatically updates the group membership as new targets are added
or target properties are changed. Administrators can view the group members or defined
metrics, and customize the displays further.
Dynamic groups cannot contain static groups, other dynamic groups, or administration
groups.

Administration Groups and Template Collections
• Preparation tasks:
– Assign properties to targets.

– Design your administration group hierarchy.
– Prepare monitoring templates, compliance standards, cloud
policies, and/or other templates.
• Management tasks: e
– Set up the administration groups hierarchy. e n s
le lic
– Create template collections (in a template library). a b
– Associate template collections with administration s f er
groups.
- t r an
– n
Set or confirm the global synchronizationoschedule.
n
– s a items.
Synchronize the targets with the selected
h a deฺ
)
dz t Gui
o ฺ
r e do den
o o S tu
a n i@ this
e b r © s2015,
dj to u
i z (a
n i Az tasks:
Preparation
bra• Assign properties to targets. From the individual target home page menu, navigate to
Dje Target Setup > Target Properties. The target properties include lifecycle status,
location, contact, department, line of business, target type, cost center, target version,
and customer support identifier.
• Design your administration group hierarchy by grouping together targets that are
monitored in the same way (based on target property values such as, life cycle, line of
business, location, and so on).
• Template collections are made up of monitoring templates, compliance standards,
and/or cloud policies. You need to create the items needed for your organization
before you can organize them into a template collection.
Management tasks:
• Set up the administration groups hierarchy.
• Create template collections.
• Associate template collections with administration groups.
• Set or confirm the global synchronization schedule according to which EM performs
the synchronization of the targets with the selected items.

Using Administration Groups
• Automatic deployment of
management settings All Targets

• Implicit assignment of
target to group based Non-
Lifecycle
Production Status
on membership criteria Production
• Propagating privilege e
Finance Finance
Line of
e n s
Business
e lic
r a bl
sfe
HR
- HR
t r an
n
no
a
) h as deฺ Sales
Sales
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
z (ad to
A zi
An administration group is a group with all the features that groups have, but it has special
i
ran
semantics. They are designed as a way to automatically deploy your management settings
j e b to the target, as the target joins the group. They propagate privileges.
D
You define the membership criteria. The example in the slide shows that all targets are first
grouped by the lifecycle status (production and non-production, such as test and
development) and the by line of business, such as Finance, HR, and Sales.
After you have defined the criteria, Enterprise Manager will take the targets that match that
membership criteria and put them in the right group. So you indirectly control how targets
are assigned to administration groups; you do not directly assign their group membership.

Defining the Administration Group Hierarchy
• Define membership criteria with predefined target

properties: contact, department, location, line of business,

lifecycle status, target, type, target version, cost center,
and customer support identifier.
• There is only one administration group hierarchy.
• A target can belong to at most one administration group. e
– Ensures unique monitoring settings e n s
lic
• A target does not have to be part of an administrationrable
e
group. nsf a
o n -tr
a n
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
z (ad to
A zi
A wide range of predefined properties can be used to define the administration group
i
ran
hierarchy. The “Out-of-the-box” properties are: contact, department, location, line of
j e b business, lifecycle status, target, type, target version, cost center, and customer support
D identifier.
There is only one administration group hierarchy in Cloud Control. Administration Groups
were designed primarily for the purpose of deploying monitoring settings. The single
hierarchy is a way to guarantee that when a target joins an administration group, the specific
settings are inherited. Also, a target can belong to at most one administration group in your
hierarchy, to avoid conflicts with potential different associated monitoring templates and
therefore ensuring unique target monitoring settings.
A target can still belong to more than one normal group and it does not have to join an
administration group hierarchy at all.

Using Template Collections
A template collection:
• Is a named collection of settings used to monitor and

manage targets
• Consists of:
– Monitoring template (monitoring settings; one per target type)
– Compliance standard (compliance policy rules)
e n se
– Cloud templates (cloud policies; determine when to start VM,lic
e
scale out clusters, and so on) abl er
• Is associated with an administration group a n sf
• Propagates management settings to targets o n -tr
n a
h a s e ฺ
)
dz t Gu i d
o ฺ
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
z (ad to
A zi
A template collection is a named collection of settings to monitor and manage targets within
i
ran
Enterprise Manager. It can contain a combination of a monitoring template, a compliance
j e b standard, and also cloud templates consisting of cloud policies. For monitoring templates,
D you can have only one per target type, that is: only one monitoring template for hosts, one
monitoring template for databases, and so on.
You can put any of these types of templates into your template collection. Assign a template
collection to a group within your group hierarchy.
When a new target joins a group, the target automatically inherits the management settings.

Applying Template Modifications
• Edit the underlying monitoring template.

• Automatic synchronization of target with the change

• Performed by Cloud Control in one of the following ways:
– Recurring synchronization schedule
All Targets
– Synchronization on demand
Production
Non-
n se
Production
lic e
a b le
Finance r
feFinance
ans
n - t r
a no HR HR
h s
a deฺ
CPU% 80  90 )
dz t Gui Sales
o o ฺ Sales
d e n
o ore Stud
a n i@ this
e b r © s2015,
dj to u
z ( a
A
After you
i defined the template collection setting, you may need to change them; the
zhave
an i
brthresholds might not be correct, it might need to be adjusted. How do you do it?
Dje First, edit the underlying monitoring template that contains those settings (for example, the
CPU threshold should be changed to 90% instead of 80%).
Cloud Control ensures that the change is deployed across the targets. This process is
called “synchronization.”
It can be done as part of regular maintenance work (you can specify the schedule, such as
every midnight) or on demand.

Keeping Targets and Templates Synchronized
• Preventative actions:
– Ad hoc template apply operations on administration group or

targets in administration groups
– Deletion of template that is part of template collection
• When editing a target’s metric settings:
– Warning message
n se
– “Prevent template override”:
lic e
Not checked > Synchronize ble
—
fe r a
Checked > Keep target-specific settings
—
t r a ns
• When editing a monitoring template in a collection:
n on-
– Message about affected template collections s a /targets
a
hhomeidpage e ฺ
• Reviewing Administration Group z ) u
o o ฺd t G
r e d
u d en
@ oo s St
r a ni © 2015,
tOracle
eb o us
Copyright
d j t
i z (a
When A
i z joins an administration group, it is synchronized with the applicable template.
a target
n
a management tasks have the potential to undermine this synchronization. Cloud
brSome
Dje Control tries to prevent such actions by:
• Not allowing ad hoc template apply operations on administration groups or targets that
are part of administration groups. (Because a target is part of an administration group,
its management and monitoring settings are managed by the template collection
mechanism as opposed to someone creating a template and applying it.)
• Preventing the deletion of a template that is part of a template collection
• While editing a target’s metric settings:
- A warning message is shown (but you can override settings for a specific target)
- If target-specific metric setting is changed without “Prevent template override”
check box, the target will be scheduled for synchronization.
- If the “Prevent template override” check box is enabled for a metric setting (even
if this setting is part of a template collection in an administrative hierarchy), your
target-specific metrics are kept and not overridden.
• While editing a monitoring template that is used in a template collection: Cloud Control
displays a message about affected template collections and targets.
Review the Synchronization section on the Administration Group home page to know
whether targets and templates are synchronized or not.

Summary of Group Properties
Group Type Monitoring Group Membership # of Privilege

Templates Management Criteria Based Groups a Propagating

Auto-Apply Operations on Target Target Can
(Jobs, Black-outs, Properties Belong to
Reports,
Dashboards)
Groups No Yes No One or No

more
Privilege No Yes No One or Yes, by
n se
Propagating
Group more definition lic e
a b le
Dynamic
Groups
No Yes Yes One or er
Optional,
s f
more
- t r anspecified
user
n on
Administration Yes Yes Yes s a At MOST Yes, always
Groups
h a done e ฺ
)
dz t Gu i
o ฺ
r e do den
o o S tu
a n i@ this
e b r © s2015,
dj to u
z ( a
A zi of groups properties are shown in the slide.
A summary
i
an
brNote
Dje • The Administration Groups were designed and must be used for automatic-apply of
monitoring templates.
• A target can belong to at most one Administration Group.

Quiz
Groups enable you to:

a. View a summary status of the targets within the group

b. Monitor incidents and policy violations for the group
collectively
c. Monitor the overall performance of the group through
performance charts se
e n
d. Perform administrative tasks such as scheduling jobs for
le lic
the entire group a b
s f er
e. All of the above tran
n on-
s a
h a d e ฺ
)
dz t Gu i
o ฺ
r e do den
o o S tu
a n i@ this
e b r © s2015,
dj to u
z (a
Answer: z
Ae i
n i
bra
Dje

Summary

• Describe the benefits of using groups

• Manage targets with groups
• Define and distinguish Enterprise Manager groups
• Create groups
• Perform group management tasks n se
lic e
• Define administration groups and a group hierarchy le
a b
• Define and use template collections s f er
• Apply template modifications - t r an
n on
sa
• Keep targets and templates synchronized
h a deฺ
)
dz t Gui
o ฺ
r e do den
o o S tu
a n i@ this
e b r © s2015,
dj to u
z(a
A z i
ani
e b r
Dj

Practice Overview:
Managing Groups
• Creating a privilege propagating group for your database

instance and assigning an EM database administrator Full
target privileges on this group
• Assigning an Oracle-provided monitoring template
• Creating a second group that does not propagate se
privileges when new targets are added e n
le lic
• Testing the group r a b
sfe
tr a n
n on-
s a
h a d e ฺ
)
dz t Gu i
o ฺ
r e do den
o o S tu
a n i@ this
e b r © s2015,
dj to u
i z (a
n i Az
Demonstration relevant for this lesson:
bra• Administration Groups and Template Collections (in two parts): Shows you how
Dje to create administration groups, how to create template collections, and how to
associate them with each other

D j e
ra b
n i A
zzi
(ad
j e
a n
to
o
br use
o r e
i@ this S
o ฺ
tu
)
do den
h
dz t Gui
a
as deฺ
n no
- t r an
s
fe r a bl
elic e n s
e
Managing Systems and Services
n se
lic e
ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
z (ad to
i A zi
ran
j e b
D
Objectives

• Describe systems and services

• Create a service based on a system
• Define and monitor the availability of a service
• Discuss the use of beacons
• Define and monitor service levels n se
lic e
• Explain Root Cause Analysis e
r a bl
s fe
- t r an
no n
a
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
z (ad to
i A zi
ran
j e b
D

Systems and Services
Why would you use Systems and Services? Which goals can
you achieve?
• Simplify management and monitoring tasks.
• Manage targets as one unit.
• Measure performance and availability as one unit
• Report on service-level agreements
n se
lic e
ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
z (ad to
A zi
System and services are logical grouping of entities that provide a special function or form a
i
ran
particular application. Similar to groups, the benefits of using systems and services include:
j e b simplified management and monitoring, ability to measure performance and service
D availability levels as a single unit, as well as being able to create customized reports based
on service-level agreements.

Workflow for Systems and Services
1. Install the Oracle Agent software on the hosts where the

components of your service reside.

2. Discover all the components for your service so they can
be listed as Oracle Enterprise Manager targets.
3. Define systems on which these targets will be based.
4. Create a generic service.
e n se
5. Specify the availability definition for the service. Availability lic
can be based on a service test or a system. a b le
s f er
6. For service tests, add one or more beacons toamonitor n
- t r
these service tests.
n on
s
7. If the service is not available, identify athe root cause of
h a d e ฺ
failure. )
dz t Gu i
o ฺ
o Service
edusing
8. Track service levels rby
o den tu
Level Reports.
o S
a n i@ this
e b r © s2015,
j u
z (ad to
A zi
The steps listed in the slide describe how you can use systems and services to monitor the
i
a n
performance of an application.
j e brNote: The practice for this lesson begins with the task listed in step 3, defining a system.
D

Defining Systems
• System: A logical set of targets that collectively provides

one or more applications or services

• Out-of-box systems are provided for Oracle-packaged
applications and database targets.
• Email application monitoring example:
1. Create a system, Mail System, that consists of the following e
targets: e n s
e lic
— The database
r a bl
— Listener s fe
Application server - t r an
—
n no
— Hosts targets on which the a
email application runs
) h as deฺ
2. Create a service target to ฺ dz t Gthe
represent ui email application,
o
o the Mail
specifying that it runs r e don
u d en System target.
@ oo s St
r a ni © 2015,
tOracle
eb o us
Copyright
d j t
i z (a
n i Azis a target and a collection of components, such as hosts, databases, listeners,
A system
a application servers that serve your applications or services. Targets in a system have a
brand
Dje relationship with each other called “association.” An example: you can create a system to
run your enterprise resource planning (ERP) application and include the host, listener,
database, and the application server that run the ERP application. A system has all the
features of groups and more. The application that runs on this system is modeled as
another type of target called a service. To monitor an email application in Cloud Control, you
first create a system, such as Mail System, that consists of the database, listener,
application server, and host targets on which the email application runs. Then you create a
service target to represent the email application, and specify that it runs on the Mail System
target.
Out-of-the-box systems are provided for Oracle applications such as Siebel, PeopleSoft,
and eBusiness Suite. In addition, systems are provided as for database targets that include
the database, listener, host, and Automatic Storage Management components for that
database so that you can manage the components collectively.

Creating a Generic System
This is the first page that you use to define a generic system.
Specify a name for the

system.
Specify additional information

about the system.
n se
lic e
ble
fe r a
ans
Click Add and n - t r
select targets
a no
in the search
window ) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
z (ad to
A zi
Cloud Control includes wizards for various system types. To create a generic system, select
i
ran
Systems from the Targets menu and then select Add. To define a new generic system:
j e b • General: Use this page to specify a name and additional system properties for a new
D system, and to add target members for a new system, or remove target members for
an existing system. If you choose to include dependent targets, then these will
automatically be included in your system even if the actual list of dependent targets
may change. You also select the time zone, which is used for scheduling operations
on the system.
• Define Associations: Lists associations between members detected automatically.
You can also define additional associations on this page. If you know of relevant
relationships between the targets in the system, you can enter, for example, the
“Stores on database” association between an application deployment target and a
database system target.
• Availability Criteria: On this page, specify which targets (or key members) must be
up for the system to be considered up. You can choose from “Any of the Key
Members” and “All of the Key Members.”
• Charts: This page allows you to determine which charts must be displayed on the
System Charts page. You can include any or all Oracle-suggested charts and add
other charts for selected metrics.

Using the System Home Page
Availability status
Members
n se
status
lic e
bl e
fe r a
an s
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
z (ad to
A zi
The home page for a specific system enables you to quickly view the overall availability and
i
ran
health of the system with drilldown to obtain further details. The rolled-up numbers include
j e b incidents, job execution status, compliance summary for all members, including those in
D nested systems.
Use the System Home page to:
• View a summary status of the targets within the system
• View an overview of issues (incidents and problems)
• View compliance information
• View job information for jobs within the last seven days
• View information on blackouts and create blackouts
• View configuration and relationship changes within the last seven days
• View information about dependent targets
• View information about services, including their status
You can drill down from most sections for more detailed information.

Administering a System
View charts, metric and

collection settings, status
and alert history, and

blackouts. Access the
Incident Manager.
Create and end blackouts.
View latest configuration

View results, compliance information, topology, and
standards associated with configuration and
the target, and real-time relationship changes
n se
observations. (history).
lic e
ble
r a
system, a n sfetarget
Edit and remove
view/set
the
n -tr view metric and

properties,
o
a ncollection settings, grant
h a s add access to the system, and
e ฺ the system to a group.
)
dz t Gu i d
o ฺ
r e do den
o o S tu
a n i@ this
e b r © s2015,
dj to u
i z (a
n i Az
The screenshot in the slide shows the Generic System drop-down menu that is available on
b r a home page of a selected system. As described in the slide, there are a number of
the
Dj e administrative actions that can be accessed from this menu.

Viewing the System Topology
Icons indicate the status of

n se
the system members.
lic e
ble
fe r a
ans
n - t r
Icons indicate the type of
a no
) h as deฺ
incidents for the system
dz t Gui
member.
o ฺ
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
z (ad to
A zi
Use the System Topology page to:
i
ran
• View the targets of the systems and the associations between them
j e b
D • View the status of the targets in your system and the overall status of the system
• Drill down to detail pages for targets on their incidents
The System Topology page provides a graphical representation of the components of your
systems as modeled in Cloud Control. This page shows all targets, represented as icons, as
well as associations between them, represented as links between targets.
The status indicators enable you to quickly assess which targets are down or have open
incidents. The screenshot shows a black icon for a fatal incident. By clicking on any of the
targets, you can see additional information about the status of the member.
The Topology page is used to identify the dependencies between the service and the
system on which it runs. From the View drop-down list, you can select services to review
which services depend on this system. The page shows the relationship between the
service and its dependencies on service tests, key components, and so on. It also displays
an overall view of the status of all the dependent subservices and key components as
already discussed for systems. You can also use this page to perform Root Cause Analysis
(discussed later in the lesson).

Defining Services
• Service: In an enterprise, an entity that provides a useful

function to its users

• Define one or more service models that represent the
business functions or applications that run in your
enterprise in order to assess availability and performance
of the services.
n se
lic e
ble
fe r a
an s
n - t r
a no
) h as deฺ
ฺ dz Call G ui service
Email service
d o o nt Center
e d e
o or Stu
a n i@ this
e b r © s2015,
j u
z (ad to
A zi
In an enterprise, a service is an entity that provides a useful function to the end users. Some
i
ran
examples of services include customer relationship management (CRM) applications, online
j e b banking, and email services. As an administrator, you need to monitor and manage the
D availability of these services. However, service failures and performance degradation are a
few of the problems that you may have in an enterprise. Because these services form an
important type of business delivery, monitoring these services and quickly correcting
problems before they can impact business operations are crucial in any enterprise.
Service-level agreements are used to evaluate service availability, performance, and usage.
By constantly monitoring the service levels, you can identify problems and their potential
impact, diagnose root causes of service failure, and fix these in compliance with the service-
level agreements. Cloud Control monitors not only individual components in the IT
infrastructure, but also the applications hosted by those components, allowing you to model
and monitor business functions using a top-down approach, or from an end-user
perspective. In Cloud Control you can create a new target, called a service, to model and
monitor your business applications from within Cloud Control. When creating a service, you
can define the availability, performance, and usage parameters, and service-level rules.

Understanding Service Types
Select from the following types when defining a service:

Service Type Description
Aggregate Consists of two or more services called subservices
Generic Used to model and monitor any business process

and/or application. A generic service can be:
n se
• Test Based
lic e
• System Based ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
z (ad to
A zi
Cloud Control enables you to define one or more services that represent the business
i
ran
functions or applications that run in your enterprise. You can create the following types of
j e b services:
D • Aggregate Service: This service consists of two or more services called subservices.
A subservice can be any type of service created using Cloud Control.
• Generic Service: By using this, you can define a service to model and monitor any
business process and/or application. These types of services can be Test Based (you
define a service test to monitor the availability) or System Based (based on a
predefined system).

Defining the Availability of a Generic Service
Availability of a generic service can be determined by:

Service Description
Availability
Service Tests Availability of the service is defined in terms of availability
of the service test(s) or successful execution of the test(s).
A service is considered available if the key tests can be n se
executed successfully by one or more key beacons. lic e
ble
System Availability of the service is based on the underlying
fe r a
system that hosts the service. n s
n - tra
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
dj to u
i z (a
n i Az of a service indicates whether the service is available to the end users at any
Availability
a point in time. You can define the availability of a service based on two criteria:
brgiven
Dje • Service test: The availability is based on the successful execution of one or more
service tests (or transactions) by at least one “key” beacon. Service availability can be
based on all key tests being successful or one key test being successful.
Note: You will learn more about beacons later in this lesson.
• System: The availability is determined by the status of one or more selected key
components of the system. You can specify if service availability should be based on
the availability of all key components or at least one key component.

Creating a Generic Service
Defining Generic Test Based service.

Additional pages enable

you to specify specific
service test, beacons for
the service test, and
metrics that provide
performance and usage
information.
n se
lic e
bl e
fe r a
ans
n - t r
a no
h
Define a service
) as testdand e ฺ its
dzkey components. u i
o ฺ t G
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
z (ad to
A zi
You can create a service by selecting Services in the Targets menu, selecting to Create
i
ran
and then choosing the type you would like. For a Generic Test Based service, you specify
j e b the service name and then you define a test that would monitor its availability. Additional
D pages allow you to select Beacons, components of the agents that execute tests at regular
intervals, to determine availability.

Defining a Service Test
• Service availability can be based on

a single test that you specify when

you create the service.
• Additional tests can be defined for
the service.
• Tests are used to: e
– Monitor the service remotely e n s
e lic
– Determine the availability and
r a bl
performance of the service s fe
- t r an
• Beacons are used to execute the n
service tests from different a no
geographical locations. ) h as deฺ
z ui ฺd t G
o o
r e d
u d en
@ oo s St
r a ni © 2015,
tOracle
eb o us
Copyright
d j t
z (a
A zi
A service can have one or more tests associated with it. The tests are used to monitor the
i
ran
service, and to determine the service availability and performance. Beacons are defined and
j e b are used to execute the service tests at different geographical locations. The service test is
D considered available if any of the designated key beacons can execute the service test
successfully.
When you create a service, you can specify one or more tests, each of a specific test type
(as shown in the screenshot in the slide). Availability is based on one or all service tests.

Defining a Web Transaction Service Test
• A web application is defined in terms of the availability of

the web transactions that are being monitored.

• Web transactions represent the service tests.
• Create a web transaction service test in one of the
following ways:
– Use the Transaction Recorder to automatically record user e
actions and navigation paths. e n s
lic
– Define the steps manually. ble ra
f e
a ns
o n -tr
a n
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
z (ad to
A zi
The availability of a web application is defined in terms of the availability of the web
i
ran
transactions that are being monitored. For web applications, web transactions represent the
j e b service tests. A web application is available as long as the critical functions, such as online
D purchase or generate report, can be performed. One or more key service tests can be used
to monitor the availability of the web application. When you create a service test that is a
web transaction, you can create a transaction by using the Transaction Recorder that
automatically records the user actions and the navigation paths. Alternatively, you can
create a service test by defining the steps manually.
To record a transaction, perform the steps that build your transaction (for example, opening
the web mail page, logging in to web mail, and logging out from web mail). Be sure to
provide a log out action to close the transaction. When you are done, close the browser
where you are performing the transaction and return to the Cloud Control page.
Note: Recording, replaying, and tracing transactions require the Transaction Recorder,
which runs only on Microsoft Internet Explorer 7 or later versions.

Using Beacons
• Beacon: Used to execute service tests

• Beacons are typically installed at geographical locations

representative of your key user communities.
• Run service tests from your beacon locations.
n se
lic e
ble
fe r a
ans
n - t r
a noSiebel Call Center service
) h as deฺ
o ฺ dz t Gui
Can make and receive calls Cannot
r e domake dorereceive
n calls
oo s St u
@
tOracle
r a e
eb o us
Copyright
d j t
i z (a
n i Azis used to execute service tests including web transactions.
A beacon
a
brBeacons are typically installed at geographical locations that are representative of where
Dje your key user communities are located. For example, if your service is a call center service
and your key users are located in New York and San Francisco, you would install an agent
in New York and San Francisco. Then you can enable the beacon functionality within these
agents and run service tests for making or receiving calls from your beacon locations. If
either of the New York or San Francisco beacon is able to make or receive calls, the call
center service can be termed as “available.”

Defining Service Performance
Service performance can be based on:

• Response metrics collected by beacons executing the

service tests
– Help you determine how well the service test is performing
for each of the remote beacons
– Critical and warning thresholds can be set
– Maximum, minimum, and average response data across two cen
se
or more key beacons can be calculated l e li
b ra
• fe
Performance metrics of the underlying system components
n s
a
hosting the service n-tr
nacross all o
a
– Maximum, minimum, and average value
s ฺ
components ) ha ide dz t Gu
o ฺ
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
z (ad to
A zi
Performance of the service refers to the response time experienced by end users. You can
i
ran
define service performance based on:
j e b • Response metrics: These are collected by the beacons that execute the service
D tests. You can set critical and warning thresholds for the metrics. The maximum,
minimum, and average response time across two or more key beacons can be
calculated. By reviewing this information, you can determine whether there are beacon
locations with slow performance when compared with others.
• Performance metrics: These are the metrics of the system components that host the
service. The maximum, minimum, and average values across all components can be
calculated.

Defining and Monitoring Usage Metrics
• Usage metrics: Used to measure the user demand or

workload for the service

• Collected based on the usage of the underlying system
components on which the service is hosted
• Monitor usage metrics as follows:
– Usage of a specific component e
e n s
– Statistically calculate the average, minimum, and maximum lic
values from a set of components ble ra
f e
a ns
o n -tr
a n
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
z (ad to
A zi
Usage metrics enable you to measure user demand and workload for a service. Usage
i
ran
metrics are based on the metrics of the underlying system components that host the
j e b service.
D
By monitoring service usage, you can determine whether a service is affected by high
usage or is experiencing a problem with a system component.
You can monitor the usage of a specific component or statistically calculate the average,
minimum, and maximum values from a set of components.

Using the Services Home Page
n se
lic e
ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
z (ad to
A zi
Service home pages differ slightly depending on the type of the service.
i
n
a aggregated service has the following subtabs:
rAn
j e b
D • Charts: Use this page to view charts containing historical data for all performance and
usage metrics.
• Topology: Use this page to view the relationship between the service and its
dependencies, including other services, and system key components.
A generic service includes additional tabs:
• Test Performance: This page shows the historical and current performance of the
service tests as measured from each of the beacons.
• System: Use this page to view the underlying system and the key components that
host this service.
• Monitoring Configuration: Use this page to configure the service.

Viewing Additional Service Information
Service Page Tabs Description

Charts Displays performance and usage graphs
Test Performance Shows performance data for service tests
System Displays component summary and provides for editing of

the component list
Monitoring Used to configure the service: availability, performance, n se

Configuration and usage metrics, and root cause analysis. Used to lic e
ble
add/edit service tests.
fe r a
Topology Identifies dependencies between the service and the ans
n - t r
system on which it runs. Shows the relationship between
no
the service and its dependencies on service tests, key
a
) h as deฺ
components, and so on. Displays an overall view of the
components. o ฺ dz t Gui
status of all the dependent subservices and key
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
z (ad to
A zi
The following pages are accessible from the service home page:
i
ran
• Charts: You can view performance and usage graphs on this page.
j e b
D • Test Performance: You can monitor the performance of your service tests by
accessing the Test Performance page. This page displays the historical performance
data of your service tests. On this page, you can view the performance trends for a
single test as executed from one or more beacons in a single graph. This enables you
to compare response times from different beacons for the same metric.
• System: From this page you can access the associated system page and topology.
This page also includes a display of the service components, status, and incident
information.
• Monitoring Configuration: You can use this page to configure the service. You can
navigate to the following tasks and pages from this page. From this page, you can
define the availability of the service, define performance and usage metrics, add
additional service tests or edit existing ones, and configure root cause analysis for the
service.
• Topology: This page displays the configuration topology.

Viewing the Service Topology

component.
n se
lic e
ble
fe r a
an s
n - t r
a no
) h asincident
d e ฺ
dz t Gu i for the component.
o ฺ
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
z (ad to
A zi
The Service Topology page enables you to view the relationship between the service and its
i
ran
dependent components. On this page you can view the cause of service failure as identified
j e b by Root Cause Analysis. Icons indicate incidents for targets. Detailed information on each
D component is available by clicking the appropriate icon. Links between components enable
you to view additional information on the cause of any service failure.

Defining Service-Level Rules
• A service level is:

– A measure of the quality of the service

– Calculated as a percentage of time the service meets the
specified availability and performance criteria during the
business hours
• Service-level rules enable you to:
– Define an assessment criteria to determine the quality of the n se
lic e
service le
r a b
– Specify the availability and performance criteria thatfe
the
service should meet during business hours tran
s
• Privileges required to define or update no n-
a service-level rules:
– Owner of the service
) h as deฺ
dzControl i
uadministrator
o o ฺ
– Super administrator or Cloud t G with the
n
red
OPERATOR target privilege
o o de tu
i@ this S
a n
r © s2015,e
j e bCopyright
u
Oracle and/or its affiliates. All rights reserved.
z (ad to
A zi
Services are used to model business functions or applications within your enterprise and
i
ran
provide an accurate measure of the availability, performance, and usage of the function or
j e b application they are modeling.
D
For each service, you can define a service-level rule. A service-level rule defines the
assessment criteria used to measure service quality. It enables you to specify availability
and performance criteria that your service must meet during business hours, as defined in
your service-level agreement. For example, an email service must be 99.99% available
between 8 AM and 8 PM, Monday through Friday.
You can define only one service-level rule for each service. This service-level rule will be
used to evaluate the actual service level over a time period and compare the actual service
level against the expected service level.
You can view service-level information directly from the Cloud Control console or as a
generated report. From any service home page, you can click the Actual Service Level link
to drill down to the Service Level Details page. This page displays what actual service level
is achieved by the service over the last 24 hours, 7 days, or 31 days, compared to the
expected service level.
Any super administrator, owner of the service, or Cloud Control administrator with the
OPERATOR target privilege can define or update the service-level rule.

Specifying Service-Level Rule Elements
A service-level rule is based on the following:

• Expected service level percentage: Percentage of time

during business hours that you expect your service to meet
specified availability and performance criteria. The default
is 85%.
• Actual service: Availability and performance criteria that e
an expected service level percentage is based on. e n s
le lic
– Business days, hours: Applicable days and times b
f a
er will
s
– Availability criteria: Availability states that the service
an
be considered to be up - t r
n on
– Performance criteria: Performance a metrics that will be
h a
evaluated when computing the) service
s eฺ
idlevel
dz t Gu
o ฺ
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
z (ad to
A zi
A default service-level rule is automatically applied when you create a service. The default
i
ran
expected service level is 85%. You can edit the service-level rule to specify the assessment
j e b criteria that is suitable for your service. You can have only one service-level rule for each
D service.
A service-level rule is based on the following elements:
• Expected service level: Minimum acceptable service level that the service must meet
over any applicable assessment period
• Business days, hours: Period during which the service level is calculated
• Availability criteria: When the service should be considered available. You can
choose from the following states for a service:
- Up: The service is considered up and available. You cannot change this state.
- Under Blackout: You can specify the service blackout time also as available
service time.
- Unknown: You can choose this to specify the time a service is not monitored if
an agent is down, as available service time.
• Performance criteria: Defined performance metric criteria that determines service
availability. For any performance criteria used here, if the critical threshold has been
met, it is considered a service level violation.

Using the Services Dashboard
• Out-of-box Information Publisher report

• Enables you to view the availability of managed targets

within a service hierarchy
• Drill down for additional information
n se
lic e
ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
z (ad to
A zi
You can view service-level details from the Services Dashboard. Enterprise Manager’s
i
ran
reporting framework, Information Publisher, supplies the Services Dashboard as one of the
j e b out-of-box report definitions.
D
Access the Services Dashboard as follows: Enterprise > Reports > Information Publisher
Reports > Monitoring > Dashboards. Specify the service target type and select the
specific service for which you want to view the Services Dashboard. Specifically, for the EM
Services report you can navigate to Enterprise > Reports > Information Publisher
Reports > Enterprise Manager Health > EM Services Dashboard.

Using Root Cause Analysis (RCA)
• RCA feature benefits:

– Provides the capability to analyze service failures

– Returns a list of possible causes when a service fails
– Evaluates the availability status of subservices and key
components to determine the root cause of a service failure
– Enables administrators to quickly identify problem areas
n se
– Enables administrators to assess the impact of service e
lic
failures ble ra
• Configured from the Service Monitoring Configuration
n s fe page
• View the RCA results by using the service - tra
topology
n viewer
n o
sa
or access it from the Incident Manager
h a deฺ
)
dz t Gui
o ฺ
r e do den
o o S tu
a n i@ this
e b r © s2015,
dj to u
i z (a
The RCA
n i Azfeature provides you with the ability to analyze service failures, filtering the
b r a
availability, performance, and configuration data of the system components used by the
Dj e affected service.
RCA provides administrators with a focused assessment of service problems and allows
them to quickly identify the cause and corrective action for the problem. You can use RCA
to identify problems in complex aggregate services, including component failure.
RCA processing is triggered by the occurrence of a service failure event. RCA monitors the
status of a service and any defined component tests. The component test tests an aspect of
a key component on which the service depends. Add a component test by choosing a metric
and setting a threshold on a metric key. When RCA runs, it evaluates the status of key
component and component tests, and reports violations as possible root causes. RCA also
provides the ability to include the details associated with the analysis with notifications sent
for service failure alerts.
Note: By default, RCA is configured to run automatically whenever a service fails.
You can view the RCA feature by using the service topology viewer that enables you to see
a graphical representation of the service and its relationship to other services, systems, and
infrastructure components, with the causes identified by RCA highlighted in the display. The
Incident Manager also provides access to the RCA topology.

Quiz
You can define service availability based on service test or

system components.
a. True
b. False
n se
lic e
ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
iz (ad to
Aza
Answer:
i
b r an
Dj e

Quiz
By default, Root Cause Analysis evaluates the availability

status of subservices and key components to determine the

root cause of a service failure.
a. True
b. False
n se
lic e
ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
iz (ad to
Aza
Answer:
i
b r an
Dj e

Summary

• Define systems and services

• Create a service based on a system
• Define and monitor the availability of a service
• Discuss the use of beacons
• Define and monitor service levels n se
lic e
• Explain Root Cause Analysis e
r a bl
s fe
- t r an
no n
a
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
z (ad to
i A zi
ran
j e b
D

Practice Overview:
Managing Systems and Services
• Reviewing existing Systems and Services

• Creating a system
• Creating a generic service
• Adding a web application
• Creating a web transaction manually n se
lic e
ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
z (ad to
i A zi
ran
j e b
D

D j e
ra b
n i A
zzi
(ad
j e
a n
to
o
br use
o r e
i@ this S
o ฺ
tu
)
do den
h
dz t Gui
a
as deฺ
n no
- t r an
s
fe r a bl
elic e n s
e
Using the Job System
n se
lic e
ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
z (ad to
i A zi
ran
j e b
D
Objectives

• Describe and define jobs and related terms

• Distinguish predefined jobs from user-defined ones
• Create and manage jobs of different types
– Multi-task jobs
• Use the job library
e n se
• Enable job notifications l e lic
r a b
• View job activity sf e
a n
• Explain the difference between job executions
o n -tr and job runs
• Use job operations a n
s h a deฺ
)
dz t Gui
o ฺ
r e do den
o o S tu
a n i@ this
e b r © s2015,
dj to u
z(a
A z i
ani
e b r
Dj

What Is a Job?
A job is work that you define and schedule to automate

commonly performed tasks.

A job:
• Is defined by parameters, schedules, and a target list
• Is predefined or created by you
• Can execute immediately or at a specified date and time
n s e
• Can execute once or repeatedly lic e
a b le
r
• Is run by the agents, most of the time, according tofeyour
n s
-tra
scheduled time plus an optional grace period
on
– OMS runs some jobs a n
• Should be created by an Administrator h a s e ฺ
)
dz t Gu i d
o ฺ
r e do den
o o S tu
a n i@ this
e b r © s2015,
dj to u
z ( a
A
A job is
i
azunit of work that you define and schedule to automate commonly performed tasks.
i
an Control includes a job system that enables you to create, edit, and manage jobs.
brCloud
Dje Jobs enable you to automate many administrative tasks, such as backups, cloning, and
patching. There are predefined jobs for some tasks. This eliminates the potential for human
error due to manual routine maintenance activities and enables administrators to manage
their environment more efficiently.
Jobs are defined by their names, descriptions, owners, parameters, targets, schedules, and
the steps to be performed. Jobs can be executed immediately, at a later date or time, or
repeatedly on a schedule that you define.
The Cloud Control job scheduler is different from the scheduling functionality within the
database and the two are not dependent on each other in any way. The agents perform
actions against managed targets, including running jobs. Some jobs may be run by the
OMS, for example to refresh the catalog of software updates via Self-Update, if configured.
You can define a grace period, which is a period of time that defines the maximum
permissible delay when attempting to execute a scheduled job. If the job system cannot
start the execution within a time period equal to the scheduled time + grace period, it will set
the job status to Skipped.
It is recommended that most jobs be created by a predefined Administrator. Limit the Super
Administrator accounts only to defining the most critical jobs.

Core Concepts and Tasks
• Jobs can be: You define, edit, store,

submit jobs, view the

– Used ad hoc or from the library results, and receive job
notifications.
– Run automatically by OMS
You suspend, resume,

• Job runs are: retry, stop, delete job
runs, and view the
– “Parents” of job executions results (which are the e
summary of all target e n s
executions).
e lic
• Job executions are: r a bl
You view the
s fe
– Job runs per target detailed results
per target. - t r an
n o
nestablish
s aYou the
• Job steps are: h a order ofฺ commands
e
z ) u i dwithin a job.
– Executable units within aojob
o ฺd t G
r e d
u d en
@ oo s St
r a ni © 2015,
tOracle
eb o us
Copyright
d j t
i z (a
n i Az slide lists core concepts and your tasks in connection with jobs.
This overview
bra• Jobs are defined on the previous page. You can use them ad hoc or from the Job
Dje Library in Cloud Control. A job can have multiple runs.
• A job run is a run of a specific job on its scheduled start date. Recurring jobs will have
one job run per scheduled occurrence.
• Most jobs typically execute their job logic in parallel against multiple targets. For such
jobs, each job run consists of multiple job executions, one job execution per target.
• A job step is an executable unit within a job.

Defining Jobs
There are two categories of jobs within Cloud Control:

• Predefined jobs for:

– Database (such as backup, export, and import)
– Middleware (such as start, stop, or restart components)
– Deployment (such as patching and cloning)
• Custom jobs that can: se
e n
– Use custom host or SQL scripts
e lic
– Reference target properties, such as: r a bl
s fe
— %TargetName%
- t r an
— %OracleHome%
no n
a
— %SID%
) h as deฺ
— %EMD_ROOT%
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
z (ad to
A zi
Cloud Control provides predefined job tasks for database targets and deployments. A job
i
ran
task is used to contain predefined, unchangeable logic (for example, patch an agent, back
j e b up a database, and so on). The predefined database jobs include backup, export, and
D import. The predefined jobs associated with deployments include patching, cloning Oracle
Homes, and cloning databases. In addition to predefined job tasks, you can define your own
job tasks by writing code to be included in operating system (OS) and SQL scripts.
Note: Oracle-provided deployment procedures assist you with patching and provisioning
databases, middleware components, applications, and others.

Using Predefined Jobs
• Large number of predefined jobs

• Available from specific targets

• Examples for database instance jobs:
– Shutdown Database
– RMAN Script
– Startup Database, and many more se
e n
• Examples of Deployment Procedures (which include
le lic
executing a number of jobs): r a b
– Clone and Patch Oracle Database ns fe
- t r a
– Upgrade Database non a
h a s e ฺ
)
dz t Gu i d
o ฺ
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
z (ad to
A zi
There are hundreds of predefined jobs. They are available from the target-specific pages,
i
ran
such as the Database Instance page. (Navigate Oracle Database > Job Activity and review
j e b the Create Job drop-down list.)
D There are also targetless jobs, such as Refresh From My Oracle Support (which
you will use as part of patching activities). You can use the Create Like functionality as a
starting point for your own jobs.
Deployment Procedures are best practices provided by Oracle for various Provisioning and
Patching tasks. These may include a series of jobs as well. You can view the Deployment
Procedures by navigating to Enterprise > Provisioning and Patching > Procedure Library.
Procedures supplied by Oracle cannot be edited, but can be extended by using the “Create
Like” functionality, customizing them to fit your environment.

Jobs in Enterprise Manager
• Job Activity page:

– Displays 24-hour history by default

– Used to:
— Manage search for jobs
— Create ad hoc jobs
— View, edit, create like, suspend, resume, stop, or delete job runs
or executions n se
Save jobs for
lic e
• Job Library page: e
reuse
r a bl
– Provides access to stored job definitions fe
ans
– Used to view, create (like), and modify library-trjobs
n on
s a
h a d e ฺ
)
dz t Gu i
o ฺ
r e do den
o o S tu
a n i@ this
e b r © s2015,
dj to u
i z (a
There A
i z two pages within Cloud Control that support the creation of custom jobs:
are
n
bra• Job Activity page: This is the hub of the job system within Cloud Control. From this
Dje page, you can create new custom jobs as well as manage existing jobs. For new jobs,
there is a drop-down list from which you can choose the type of job (for example, OS
Command or SQL Script). If you are looking for an existing job run or execution, there
is a search mechanism that enables you to easily find the job you are looking for. By
default, the job history for the last 24 hours is displayed. The search can be restricted
to search by name, owner, status, scheduled start, job type, target type, and target
name. After you find the job you want, you can choose to view, edit, create like,
suspend, resume, stop, or delete that job run or execution.
• Job Library page: If a particular job is going to be used over and over again, you may
want to save that job into the Job Library. This enables you to reference this job
whenever required, as well as grant other administrators access to it. The job library
stores the basic definition of jobs that can be customized to run against specific
targets, or they can be stored with the specific target information.
For all jobs you can specify email notifications, depending on the job status, as shown in the
slide. In addition, more advanced options can be enabled, such as generating events for
job status or creating corrective actions.

Creating Jobs
n se
lic e
ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
z (ad to
A zi
From the Enterprise > Job > Activity menu, select the type of job you want from the drop-
i
ran
down list, and then click Go. Depending on the type of job you select, a page to enter further
j e b details about the job is displayed. For each job, you must specify a name and which targets
D to perform the job on. For most jobs, there are links to enable you to enter the desired
parameters, choose the appropriate credentials, determine a schedule, and grant access to
the job to other users.
For the Clone Home and Patch jobs, this information is entered in a step-by-step process.
The job details are stored in the repository, whereas the reference scripts, such as shell and
Perl scripts are stored on the hosts. For a more detailed description of the different job
types, refer to the Cloud Control Online Help pages.
Before you start creating your job, the best practice is to ensure that all preferred credentials
are set and that you have the correct security access to the targets you are creating the job
for. For example, if you want to create a job to shut down a database, you need at least
OPERATOR privileges, as well as the ability to log in as SYSDBA on that database.
Note that the list of job types is different on the Job Activity page and on the Job Library
page.

Creating a Multi-Task Job
Multi-task jobs:
• Are complex jobs consisting of one or more distinct tasks

• Can run against targets of the same or different types
• Allow you to specify dependencies between the multiple
different tasks
Database 2 e
e n s
e lic
r a bl
SQL Script
s fe
Successful
job
- t r an
OS
Command
n no
a
job
Job fails!
) h as deฺDatabase 1
Server A ฺ dzFailuret job G ui
o
do den
o r e tu
o S
a n i@ this
e b r © s2015,
dj to u
z ( a
A zi job is a complex job made up of one or more distinct tasks. It can run against
A multi-task
i
an of the same or different types.
brtargets
Dje You can create a multi-task job consisting of two tasks, each a different job type and each
operating on two separate (and different) target types.
Examples:
• Task 1 (OS Command job type) performs an operation on Server A.
• If Task 1 is successful, run Task 2 (SQL Script job type) against both Database 1 and
Database 2.
• If Task 1 fails, it can be set to run a failure job.
This multi-task functionality makes it easy to create extremely complex operations.
To create a multi-task job from the Jobs Activity page, select Multi-Task from the Create Job
drop-down list. Just as in single-task jobs, you must give the job a name. The next step is to
decide whether you want the job to run against the same targets for all tasks, or different
targets for different tasks. Because each task of a multi-task job can be considered a
complete job, when selecting “Same targets for all tasks,” you add all targets against which
the job is to run from the General tabbed page. If you select “Different targets for different
tasks,” you specify the targets (and required credentials) the tasks will run against as you
define each task.

Creating a Multi-Task Job
Enter the tasks to be run in sequence.

n se
lic e
ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
z (ad to
A zi
After entering the information on the General tabbed page, move to the Tasks tabbed page
i
ran
and enter the tasks accordingly. The tasks entered are run in sequence. If you choose to
j e b have your job run against different targets for different tasks, you have to enter the target
D information for the tasks also. If you choose the option to run the job against the same
targets for all tasks, it uses the target information entered on the General tabbed page.
If you have at least two tasks entered, you can set the Condition and Depends On options.
Task conditions define states in which the task will be executed. These condition options
include:
• Always: Task is executed each time the job is run.
• On Success: Task execution Depends On the successful execution of another task.
• On Failure: Task execution Depends On the execution failure of another task.
You can also create an initialization error handler task. This task executes if any task of the
multi-task job (except Always tasks) causes an initialization error. The initialization error
handler task does not affect the job execution status.
The remaining information, such as schedule and access information, is similar to that of
simple jobs.

Job Executions and Job Runs
1 Backup
Job Execution
Success
Job Run -> e

2 Backup
e n s
Backup on
Job Execution
e lic
November 5
r a bl
Success
s fe
- t r an
no n
3 Backup a
Job Execution
) h as deฺ
o ฺ
Failure
dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
z (ad to
A zi
Job executions are usually associated with one target (for example, a backup job on a
i
ran
particular database). When a job is run against multiple targets, each execution may
j e b execute on one target.
D
Job executions are not always a one-to-one mapping to a target. Some executions have
multiple targets (for example, comparing hosts). Other executions have no targets (for
example, the Refresh From My Oracle Support job). When you submit a job to many
targets, it is tedious to examine the status of each execution of the job against each target
(for example, you run a backup job against hundred databases). In this scenario, you may
ask questions such as: Were all the backups successful? If not, which backups failed? If this
backup job runs every week, you would want to know each week which backups were
successful and which ones failed.
With the job system, you can easily get these answers by viewing the job run. A job run is
the sum of all job executions of a job that ran on a particular scheduled date. Using the
backup example, if you have a backup job against one hundred databases on November
5th, you will have one November 5 job run. The job runs once on one hundred databases.
This results in one hundred executions of the job. The job table that shows the job run
provides a rollup of the statuses of these executions.

Reviewing Job Execution Results
Job status values:

• Scheduled Executions
Job run
• Running Succeeded
• Suspended 2 Succeeded
• Succeeded 1 Problem Succeeded

• Problems n se
Failed lic e
ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
z (ad to
A zi
When a job is submitted and run, you receive a status for each execution. If a job runs
i
ran
against more than one target, each target receives a status for its execution. The job status
j e b values are:
D • Scheduled: The job has been scheduled to run at a later date.
• Running: The job is defined to be in this state if at least one of its steps is currently
running.
• Suspended: The job is in this state when:
- It has been manually suspended by the user
- It has been scheduled during a blackout window defined on any one of its targets
with the “Run jobs” option disabled. (When creating a blackout, users can
choose to run jobs or not.) Jobs in this state go to “Scheduled” after the blackout
period ends and eventually execute.
- A resource is unavailable. For example, the job is blocked from running because
it is waiting on a lock held by another process. It automatically resumes after the
lock becomes available.
- The management agent is down or unreachable due to network problems
between the Oracle Management Service (OMS) and the management agent

- It is waiting for the completion of an external event to continue. This status
currently applies only to patch jobs. For the patch job, the execution is
suspended until the agent restarts, performs some required postpatch tasks, and
sends a notification to the management service to indicate that it has completed
these tasks. At this point, the management service resumes the execution of the
job. This suspension typically takes 5–10 minutes.
• Succeeded: The job has completed successfully.

• Problems: The job is in this state for the following reasons:
- Error: The job or step could not be run for some reason (for example, the
execution of a remote command failed because of an Oracle Management Agent
internal error, incorrect credentials were specified, or the job includes an invalid
path to a script). If a step in a job fails initialization, the job status is Error.
- Failed: It executed, but did not accomplish its task; for example, the wrong
n se
password for the database user was entered.
lic e
- Stopped: The job was canceled. ble
fe r a
- Inactive: The job target or the job owner was deleted. If the job owner is deleted,
ans
n - t r
that job is in an inactive state. Jobs are deleted in the background after their
administrators are deleted.
a no
- Reassigned: The owner of the job had been removed. Ownership of the job has
been assigned to a new administrator.
) h as deฺ
o ฺ dz t Gui
- Skipped: The job could not be executed at the specified time. This could be
e do den
because a grace period has expired, execution from a current or previous job run
r
o o S tu
has not finished, the user chose to skip the job execution, or OMS problems
n i@ this
prevent the job from running.
a
j e br use
- Credentials Missing: The job or step could not be run because the credentials
(ad
were missing.
z
to
i A zi
ran
j e b
D

Performing Job Operations
• Suspending a job: Halts execution until you explicitly

resume it
• Resuming a job: Restarts the execution of a job with the
next step (after fixing problems at a previous step)
• Stopping a job: Stops the execution altogether
• Deleting a job: se
e n
– Removes a current job from the system, including the job
le lic
history a b
– Cancels all future executions of the job s f er
- t r an
– Repeating jobs: removes all job executionon information for
n
a executions
completed jobs, but does not affectsfuture
h a d e ฺ
d )
– Scheduled jobs: cancels scheduled
z Gu i
executions for the future,
oo ฺ
but does not delete executions t have already run
nthat
ed tude
o
o sS r
i @
tOracle
r a e
eb o us
Copyright
d j t
z (a
A zi
If you are the owner of a job, or have been given appropriate privileges on that job, you can
i
ran
control it by using the Job Activity page. Depending on the type of job, you can choose to
j e b suspend, resume, stop, or delete a job.
D • Suspending a job changes its status to “Suspended by User” (unless it is currently
running, in which case it becomes “Suspend Pending” until the running step finishes).
If there are no more steps to be run, the status becomes “Succeeded,” “Failed,” or
“Error,” depending on the situation. If there are other steps, the job suspends and
stays in that state until you explicitly resume the job.
• Resuming a job restarts the execution of a job with the next step after fixing problems
at a previous step. As stated, the job suspends after fixing a problem at step level and
remains in the “Suspended” state until you click Resume. The job then starts
executing at the step that would have otherwise run next.
• Stopping a job stops it, so it never runs again. Its status changes to “Stop Pending”
until the currently running steps complete. If there are no more steps to be run, the
status becomes “Succeeded,” “Failed,” or “Failed Initialization,” depending on the
status of the last step. If there are other steps, the job status becomes “Stopped.”

• Deleting a job has the following effects:
- For running and suspended jobs, deleting a job stops the job and removes it
from the system, including the job history and logs for the execution. Currently
running steps may complete execution before the job stops.
- For repeating jobs, deleting a running or scheduled execution cancels all future
executions of the job. Deleting a completed execution removes only that
execution. Users may choose a job and select the option to delete all runs to
remove all executions of that job.
- For completed jobs, deleting a job removes all job information for that execution,
but does not affect future executions.
- For scheduled jobs, deleting a job cancels all executions scheduled for the
future, but does not delete executions that have already run.
n se
lic e
ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
j e br use
z (ad to
i A zi
ran
j e b
D

Jobs and Groups
Group
Create jobs
against a group
Job Run
n se
lic e
ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
z (ad to
A zi
In addition to submitting jobs to individual targets, you can submit jobs against a group of
i
ran
targets. Any job that you submit to a group is automatically extended to all its member
j e b targets and takes into account the membership of the group as it changes. For example, if a
D Human Resources job is submitted to the Payroll group, and if a new host is added to this
group, the host automatically becomes part of the Human Resources job. In addition, if the
Payroll group is composed of diverse targets—for example, databases, hosts, and
application servers—the job runs against only applicable targets in the group. The same
applies if you run an OS command against a group that consists of different operating
systems—it fails only on the OS that the command does not make sense for.

Job Privileges
Operation View Full Owner Super
access access administrator
View submitted job Yes Yes Yes Yes
Edit description, schedule, No Yes Yes Yes

targets, credentials, and
parameters
Edit access No No Yes Yes

n se
Grant view access No No Yes Yes
lic e
Create like Yes Yes Yes Yes ble
fe r a
Copy to Library Yes Yes Yes Yes ans
n - t r
Retry/Suspend/Resume/Stop No Yes Yes
a no Yes
Delete job No
s
Yes ha Yes eฺ Yes
ฺ d z Guid
)
Purge job policies No oo No nt No Yes
e d d e
o or Stu
a n i@ this
e b r © s2015,
dj to u
z ( a
A zi
All administrators
i can create jobs, but for certain operations on existing jobs, privileges are
a n
brrequired. The table in the slide shows the possible operations for each access level (view,
Dje full, owner, and super administrator).
Super administrators can grant view access rights to regular Cloud Control administrators,
as well as revoke full or view access rights. These privileges can be granted when you
create a job and when you add a job to the Job Library.
Some additional notes:
• Create Like: The original job credentials are only copied if you are the job owner.
• The Retry operation is not available for super administrators.
• Purge job policies can only be set via the command line.

Quiz
To save and reuse the jobs for future, use:

a. Job Library
b. Job Activity
c. Both of the above
n se
lic e
ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
iz (ad to
Aza
Answer:
i
b r an
Dj e

Quiz
Predefined jobs can be directly modified.

a. True
b. False
n se
lic e
ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
iz (ad to
Azb
Answer:
i
b r an
Dj e

Summary

• Describe and define jobs and related terms

• Distinguish predefined jobs for your user-defined ones
• Create and manage jobs of different types
– Multi-task jobs
• Use the job library
e n se
• Enable job notifications l e lic
r a b
• View job activity sf e
a n
• Explain the difference between job executions
o n -tr and job runs
• Use job operations a n
s h a deฺ
)
dz t Gui
o ฺ
r e do den
o o S tu
a n i@ this
e b r © s2015,
dj to u
z(a
A z i
ani
e b r
Dj

Practice Overview:
Using the Job System
• Creating a job that runs immediately

• Creating a job that runs a host command to run at a later
time
• Changing the SQL job to run against multiple targets
n se
lic e
ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
z (ad to
i A zi
ran
j e b
D

D j e
ra b
n i A
zzi
(ad
j e
a n
to
o
br use
o r e
i@ this S
o ฺ
tu
)
do den
h
dz t Gui
a
as deฺ
n no
- t r an
s
fe r a bl
elic e n s
e
Managing Incidents
n se
lic e
ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
z (ad to
i A zi
ran
j e b
D
Objectives

• Describe the use of events, incidents, and problems in

Enterprise Manager Cloud Control
• Access Incident Manager to manage events, incidents,
and problems
• Perform incident lifecycle operations se
e n
• Understand the purpose of incident rule sets
e lic
r a bl
s fe
- t r an
no n
a
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
z (ad to
i A zi
ran
j e b
D

Goals of Incident Management
• Monitor and resolve service disruptions quickly and

efficiently
• Manage fewer, meaningful incidents:
– By business priority
– Across their life cycle
• Centralized incident console e
e n s
– Identify, resolve, and eliminate root causes of disruptions
le lic
– Integrate Oracle expertise to accelerate incident and problema b
diagnosis and resolution s f er
- t r an
on escalate,
– Assign, acknowledge, prioritize, track status,
n
suppress sa h a deฺ
)
dz t Gui
o ฺ
r e do den
o o S tu
a n i@ this
e b r © s2015,
dj to u
i z (a
• Azgoal of incident management is to enable you to monitor and resolve service
The
ni disruptions that may be occurring in their data center as quickly and efficiently as
r a
Dj eb possible. Instead of managing the numerous discrete events that may be raised as the
result of any of these service disruptions, you manage a smaller number of more
meaningful incidents, and to manage them based on business priority across the life
cycle of those incidents.
• Enterprise Manager provides a centralized incident console called Incident Manager
that will enable you to track, diagnose, and resolve these incidents, as well as provide
features to help eliminate the root causes of recurrent incidents.
• Incident Manager includes features to tie in to Oracle expertise via relevant My Oracle
Support knowledge base articles and documentation to enable administrators to
accelerate the process of diagnosing and resolving incidents and problems.
• Incident Manager offers the ability to do lifecycle operations for incidents, so you can
assign ownership of an incident to a specific user, acknowledge an incident, set
priority for an incident, track an incident’s status, escalate an incident or suppress it so
that you can defer it to a later time. You can also raise notifications on an incident or
open a helpdesk ticket via the helpdesk connectors.

Understanding Events
Significant occurrences with: Event Types:

• Type • Target Availability

• Severity: • Metric Alert
– Fatal Generate
• Job Status Change
incidents
– Critical • Compliance Standard
– Warning Violation Event se
Do not
e n
– Advisory generate
• Metric Evaluation Error le lic
– Informational
incidents
r a b
• SLA Alert e
• Raising entity a n sf
o n -tr
• High Availability
• Message • Connector n External Class
a
• Timestamp as deฺ
•z) hUseruiReported Event
• Category ฺ d
o • nand t G so on
e d o e
o or Stud
a n i@ this
e b r © s2015,
j u
z (ad to
A zi
An event is a significant occurrence detected by Enterprise Manager related to one or more
i
ran
managed entities (such as, a target or a job) at a particular point in time, which can indicate
j e b normal or problematic behavior. Each event has the set of attributes: the event type, the
D severity, the object, or the entity on which the event is raised (typically a target but it can
also be a job or some other object), the message associated with the event, the timestamp
(when the event occurred), as well as the functional category (such as availability, security).
More on event severities:
• Fatal is specifically associated with the target availability event type for when the
target is down.
• Critical and warning events can, for example, be set by you via thresholds.
• Advisory is typically associated with compliance standard violation events.
• The informational level is an event severity used to indicate simply that an event has
occurred, but there is no need to do anything about it.

Distinguishing Incidents and Events
Incident:
• One significant event

(target down) or:
Performance Space Target Down
• Group of events related to
the same underlying issue INCIDENTS
(running out of space: e
raised from database, e n s
e lic
host, and storage)
r a bl
ns fe
t r a
Metric Job
no n- Availability
Standards Other
Alerts Events a Violations Events Events
) h as EVENTS d e ฺ
dz t Gu i
o ฺ
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
z (ad to
A zi
Enterprise Manager monitors the software stack from applications, databases to hosts and
i
ran
the operating system. When Enterprise Manager detects issues in any of this infrastructure,
j e b it raises events. Events (as shown in the graphic) include the following:
D 1. Metric alerts are raised when a metric crosses its threshold (for example, CPU
utilization or tablespace usage alerts).
2. A job status change event is raised, for example, when a job fails.
3. When there is a violation of a compliance standard, you can initiate a compliance
standard violation event being raised.
4. Target availability is the event raised when a target is down or an agent is
unreachable.
5. Other events, such as, SLA alerts, and user-reported events
Across all these events, you want to determine which ones are significant and which ones
can be combined because they refer to the same underlying issue, so that you manage a
smaller number of significant incidents. (This is shown in the graphic by multiple arrows
leading from events to fewer incidents above.)
An incident is a significant event (such as a target being down) or a combination of events
that all relate to the same issue (for example, running out of space can be detected as
separate events raised from the database, host, and storage targets).

Incident with One Event: Example
Owner: Scott
Manage Status: Work in Progress
Incident Severity: Fatal
and Track
Priority: High
Resolution Comment: I’m working on it
Details of … DB1 is down n se

[Availability Event Time: 3-10-11, 8:54 am lic e
event] Severity: Fatal ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
z (ad to
A zi
The graphic shows an example of an incident (blue rectangle) that contains one event
i
ran
(green rectangle).
j e b The example is an availability event. It signals that the DB1 database is down and includes
D
a timestamp of when the event was raised. Because this is a target availability event and
the database is down, the severity is marked as Fatal.
An incident can be created for that event. To manage and track the resolution of the
incident, the incident has other attributes such as owner (the Enterprise Manager user that
is working on the incident), status, incident severity (which is based on the event severity),
priority, and a comment field.

Example: Incident with Multiple Events
Incident integrated with Ticket

helpdesk ticket Helpdesk
connector
Owner: SAM
HELPDESK
Manage and Status: New
Track Incident Severity: Critical
Summary: Machine Load is high
Resolution Ticket : 12345 (Assigned) n se
lic e
ble
Details of …
fe r a
[Metric Alert Event Event ans
event] n - t r
a no
MEMORY Util is 85% on host1 CPU Util isa
h 99%s on host1 e ฺ
Time: 3-10-11, 11:54 am Time: )
dz Critical
3-10-11, u i
12:03d pm
Severity: Warning o ฺ
Severity: t G
r e do den
o o S tu
a n i@ this
e b r © s2015,
dj to u
z ( a
A zi shows an example of an incident (blue top rectangle) that contains two events
The graphic
i
b r anthe green bottom rectangle).
(in
Dj e The events are related and point to the same underlying cause. They are two metric alert
events on a host target—a memory utilization metric alert event and a CPU utilization metric
alert event because the host experiences a heavy load. In the example, you see a warning
severity memory utilization metric alert event, and a short time later a critical severity CPU
utilization metric alert event.
An incident (blue rectangle) is created to manage and track its resolution. Attributes in the
example include: Owner, Status, Severity, Summary, and optionally, Ticket.
• Enterprise Manager automatically assigns the incident severity, based on the worst
case event severity of all the events contained in the incident (in this example,
Critical).
• The incident has a summary, which is a short description of the incident. The
individual events indicate that the machine load is high. You can write your own
summary or let it default to the message of the last event in the incident.
• If you are using one of the helpdesk connectors to interface to a helpdesk system, an
incident can result in a helpdesk ticket. Within Enterprise Manager, you can track both
the ticket number and the status of that particular ticket.

Distinguishing Incidents and Problems
• Problem: Underlying root cause of one or more incidents

• EM functionality to facilitate resolution:

– Auto-creation of problem based on Automatic Diagnostic
Repository (ADR) incidents
– Package diagnostic data
– Open Oracle service request (SR)
n se
lic e
ble
fe r a
ans
- t
Oracle
n r
Problem a no Service
Enterprise Manager
) h as deฺ Request
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
z (ad to
A zi
The underlying root cause of one or more incidents can also be an Oracle software problem,
i
ran
a critical error detected in the Oracle software. In the case of the Oracle Database software,
j e b diagnostic data for an error is stored in a file-based repository outside the database, the
D Automatic Diagnostic Repository (ADR), where it can later be retrieved by incident number
and analyzed. An incident recorded in the ADR is also recorded as an incident in Enterprise
Manager and presented in the console. To resolve the root cause of these ADR incidents,
Enterprise Manager automatically creates a problem object and associates the related
diagnostic incidents to this problem. You can then use the problem object to resolve the root
cause of these diagnostic incidents. This is typically done by using Support Workbench to
open a support request with MyOracle Support and possibly receiving a patch for the
problem.
Starting with Cloud Control 12.1.0.3, you can view Root Cause Analysis (RCA) on Target
Down events (Target Availability type of events). This is automatically performed by the
incident management framework to determine whether a target down event is a root cause
or a symptom.

Monitoring Oracle Software Problems
• Automatic functionality:
– An ADR incident generates one Enterprise Manager incident

per occurrence.
— Flood control applies
– Multiple ADR incidents with the same problem signature (for
example, same root cause) generate one problem object.
• Monitoring problems in Incident Manager n se
lic e
– Track status (assign ownership and so on) le
a b
– View diagnostic information (via Support Workbench)
s f er
– Open Oracle SR (via Support Workbench) -tra
n
n
– UI:no
Status of diagnostic activity visible in a
— Diagnostic data packaged (yes/no)
) h as deฺ
— SR # o ฺ dz t Gui
o
— Bug #
ored den
tu
o S
a n i@ this
e b r © s2015,
j u
z (ad to
A zi
When an ADR incident is raised, Enterprise Manager automatically generates an incident
i
ran
with a problem object. All the ADR incidents that have the same problem signature (that is,
j e b the same root cause) are linked into a single problem object. To prevent potential flooding
D of the Incident Manager with hundreds of messages due to the same problem, starting with
Cloud Control 12.1.0.4, the diagnostic incidents are by default limited to 5 records per hour
and 25 records per day, for any given target and problem key combination. All incidents
however continue to be recorded in the ADR.
The administrator can manage the problem in the Incident Manager in the same way as you
would manage an incident, so you can assign an owner to the problem, track the resolution,
and so on. In addition, there are in-context links to the Support Workbench functionality,
which allows the administrator to package the diagnostic material, open a service request,
and view the status of diagnostic activity such as the SR number and ultimately bug number
(if one is generated) within the user interface.

Incidents and Problems: Example
Incident integrated with MOS Service

service request Request My Oracle
Support
Owner: MARY
Manage and Status: New
Track Incident Severity: Critical
Resolution Summary: Problem: ORA-600…
n se
SR Number : ####
lic e
ble
fe r a
ADR ans
error
Problem Problem
n - t r
a no
) h as deonฺDB1
ORA-600[ktcrcm…] on DB1 ORA-600[ktcrcm…]
dz 3-12-11, i am
u8:03
Time: 3-12-11, 7:03 am
o ฺ
Time: G
Severity: Critical
e d o Severity:
d e ntCritical
o or Stu
a n i@ this
e b r © s2015,
dj to u
z ( a
A zi shows an example of one incident (blue rectangle) created for two problems (in
The graphic
i
b r angreen rectangle).
the
Dj e Two ADR errors occurred in the example with two ORA-600 errors in the DB1 database.
Both of these incidents are of critical severity. Enterprise Manager automatically creates a
problem object containing those incidents. Within the Incident Manager user interface, you
can link to the Support Workbench to open a service request (SR) for My Oracle Support
(MOS), which you can then track from Incident Manager.

Using Incident Manager
Same page structure for incidents containing events and

for incidents containing Oracle software problems
n se
lic e
4 ble
fe r a
3 an s
n - t r
a no 5
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
z (ad to
A zi
This is a screenshot of the Incident Manager.
i
ran
1. On the left side are views that allow you to look at specific incidents of interest.
j e b Several views (created by default “out-of-box”) are for the most common tasks (for
D example, there is a view for all open incidents and problems of the currently logged in
user). You can also create your own custom views.
2. When a particular view is selected (by default, My open incidents and problems), the
user interface filters by that view. See the incident list on the top right of the page.
3. When you select a particular incident, the details are displayed in the bottom section.
4. Next to it is the section to manage the incident workflow. You can add comments,
assign ownership, and so on.
5. In the bottom-right portion of the page are links to the guided diagnostics and
resolution area to assist you in resolving the issue. Additionally, you can click My
Oracle Support Knowledge, which provides in-context access to Oracle expertise via
support notes and Oracle documentation.

Performing Incident Lifecycle Operations
What you can do with Incident Manager:

• Update the status of an incident or problem.

• Identify owner working on an incident or problem.
• Change priority of an incident or problem.
• Escalate an incident or problem.
• Add comments. n se
lic e
• Acknowledge an incident or problem. le
a b
• Edit summary of an incident or problem. s f er
• Suppress an incident or problem. - t r an
n on
s a Down events
• Perform Root Cause Analysis on Target
h a deฺ
)
dz t Gui
o ฺ
r e do den
o o S tu
a n i@ this
e b r © s2015,
dj to u
i z (a
Using AthezGeneral tab on the Details section of the Incident Manager page, you can perform
n i
a following tasks:
brthe
Dje • Update the status of an incident or problem: Click Manage and change Status
field.
• Identify owner working on an incident or problem: Click Manage and add name of
owner in the Owner field.
• Change priority of an incident or problem: Click Manage and change the Priority
field.
• Escalate an incident or problem: Click Manage and choose appropriate Escalation.
• Add comments: Either click Add Comment and type comment or click Manage and
type the Comment.
• Acknowledge an incident or problem: Click Acknowledge.
• Edit summary of an incident or problem: Click More and select Edit Summary.
• Suppress an incident or problem: Click More and select Suppress.

Automating Responses to Incidents
Automate actions related to events, incidents, and problems:

• Creation of an incident based on an event

• Notification actions (including ticketing)
• Operations to manage incident workflow (assign owner,
set priority, escalate, and so on)
n se
Create Incident,
lic e
Assign owner,
bl e
Send notification
fe r a
an s
Manage your n - t r
no
Email Pager
Execute Rules
data center
a
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
dj to u
i z (a
n i Azrules enable you to manage the automation of business processes relating to
Incident
a
brincidents, problems, and events.
Dje Incident rules can operate on an event, an incident, or a problem.
Some of the common scenarios or use cases for incident rules include creating an incident
based on an event, sending notifications such as email messages or pages as well as
opening helpdesk tickets, or automating incident workflow actions, such as automatically
assigning the owner of an incident or escalating an incident after it has been open for some
time.

What Is a Rule?
• Instruction within a rule set that automates actions

• Operating on incoming events or incidents or problems

• Consisting of:
– Selection criteria (for whom)
– Condition (when)
– Response or rule action (what) se
e n
RULE CRITERIA RULE CONDITION RULE ACTION licle
CPU Util(%), Tablespace Used(%) metric -- Create Incidenter a b
alert events of warning or critical severity
a n sf
Incidents of warning or critical severity If severity = critical
o n -trby page
Notify
If severity = warning n Notify by email
s a Set escalation level to 1
Incidents open for more than seven days
h a d e ฺ
)
dz t Gu i
o ฺ
r e do den
o o S tu
a n i@ this
e b r © s2015,
dj to u
z ( a
is z
A rule A
i
an instruction to Enterprise Manager on how to automate actions when an event,
i
an or problem occurs. Rules do not operate retroactively, so a rule only operates on
brincident,
Dje events, incidents, or problems that occur after the rule is created.
A rule consists of the selection criteria (to identify the events, incidents, or problems for
which they apply), the conditions (when the rule should be applied, for example, if an
incident priority is changed to P1), and the actions. EM-supported actions include:
notifications, changing of the appropriate resolution management attributes, and ticket
creation.
Examples
1. If the rule criteria is a specific metric alert (for example, CPU utilization or tablespace
percent used crosses a certain threshold of either warning or critical severity), the
intended action is to create an incident.
2. Another rule can operate on incidents that are of either warning or critical severity, and
the action is to send a notification. In this case, there could be an additional condition
that if the rule condition is severity=critical, the action is notify by page, while if the rule
condition is severity=warning, the action is notify by email.
3. Another example of a rule could be for incidents that have been open longer than
seven days, where the rule action is to set the escalation level to 1.

Defining Rules
Common tasks for which you can define rules include:

• Creating an incident in response to an event, problem, or

incident
• Sending notifications to different users
• Managing escalation of incidents
• Creating ticket for incidents
n se
• Notifying different administrators for different classes of le lic e
events, problems, and incidents r a b
sf e
a n
• Creating notification subscription to existing-enterprise
tr
rules n o n
s a
h a d e ฺ
)
dz t Gu i
o ฺ
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
iz (ad to
How toA z the different types of rules?
use
r a
Use
nirules on events:
Dj eb • To create incidents for the alerts and events managed in EM
• To create tickets for incidents managed by helpdesk analyst (Create incidents based
on an event and then create a ticket for the incident.)
• To send events to third-party management systems
• To send notifications on events (no incident created)
Use rules on incidents:
• To automate managing the incident workflow (assign owner, set priority, escalation
levels, and so on) and to send notifications
• To create tickets based on incident conditions (For example, create a ticket if an
incident is escalated to level 2.)
Use rules on problems:
• To automate managing the problem workflow (assign owner, set priority, escalation
levels) and to send notifications

Rule Sets
• Rules grouped together to operate on the same object

• Two types of rule sets:

– Enterprise
— For operational practices of data center to manage events and
incidents
— Requiring the Create Enterprise Rule Set resource
privilege n se
EM-supported actions lic e
—
Visible to all EM users a b le

—
s f er
— Collaborative: multiple co-authors an -tr
– Private n o n
a
— Sending email to yourself
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
dj to u
i z (a
setzare rules grouped together to operate on the same object (for example, a target
A rule A
n i
a There are two types of rule sets in Enterprise Manager: an enterprise rule set and a
brgroup).
Dje private rule set.
Use an enterprise rule set to implement your operational practices for events and
incidents. All the previously mentioned actions are possible. Since these are actions that
affect all types of incidents and problems, the EM administrator that creates these rule sets
requires the CREATE ENTERPRISE RULE SET resource privilege. Once an enterprise type
rule set is created, it is visible to all EM users. Further development of that rule set can be
done in a collaborative manner by multiple co-authors (that is, multiple EM users that can
edit a particular rule set).
A private rule set, on the other hand, is designed only to send email notifications to
yourself for events, incidents, and problems of interest. As a result, no special privileges are
required to create a private rule set.

Prerequisites for Using Rule Sets
• Notification preferences
– Email
– Schedule
• Setup and tested SMTP Server
– Outgoing email configured
• Setup of recipient se
e n
• Appropriate target privileges
le lic
a b
• fer
Configured connectors, tickets, or advanced notifications
s
- t r an
no n
a
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
z (ad to
A zi
Before you use rule sets to send notifications, you must meet the following prerequisites:
i
ran
• Your EM account has notification preferences (email and schedule).
j e b
D • An SMTP Server is setup and the functioning of outgoing email messages is
confirmed.
• You have a subscription to the incident rule or the rule creator made you the recipient
of the notification.
• Your EM account has been granted the appropriate privileges to manage incidents
from the managed target system.
• If you decide to use connectors, tickets, or advanced notifications, they need to be
configured before using them in the actions page.
Note: Setup tasks such as these must be performed by an EM super administrator as part
of the installation and configuration.

Using Incident Rule Sets
• Combining rules into a manageable unit

• Applying to a common set of objects: targets, groups (also

of heterogeneous types), jobs, and so on
• Executing rule sets and rules in specified order
• Oracle predefined rule sets:
– For incident creation, event deletion
n se
– Cannot be edited lic e
ble
– Can be disabled
fe r a
• Create custom copies of out-of-box rule setstran
s
– Subscribe to this rule set n on-
s a
h a d e ฺ
)
dz t Gu i
o ฺ
r e do den
o o S tu
a n i@ this
e b r © s2015,
dj to u
i z (a
setzenables you to logically combine different rules that relate to the same object into
A rule A
n i
braasingle manageable unit. A common set of objects can be targets, groups (also of
Dje heterogeneous types), or jobs.
Rule sets, as well as the rules within a rule set, are executed in a specific order: either by
default in their creation order or as you specify it.
Predefined rule sets are provided with Enterprise Manager. They automatically create
incidents for what Oracle Corporation believes are meaningful events, as well as automating
event deletion. You can use these out-of-box rule sets as is, but you cannot edit them. It is
recommended to create your own versions by using the Create Like functionality, and
subscribe to this new rules set. The originals can then be disabled.

Rule Set: Example
Rule Set: Rule Set for PROD-GROUP

Applies to: PROD-GROUP

Type: Enterprise
RULE#1: Target down rule

Criteria: DB and WLS down availability event
Action: Create incident, Set Priority = High n se
lic e
ble
fe r a
RULE#2: Email and Pager rule
t r a ns
Criteria: All Incidents with severity= Fatal,
n o n-Critical
or Warning a
Action #1: If severity = Warning, h a s email e ฺ
Action #2: If severityฺ=dFatal
)
z orG i d
u page
Critical,
o
do den t
o r e tu
o S
a n i@ this
e b r © s2015,
j u
z (ad to
i A zi
The graphic shows an enterprise rule set that applies to the PROD-GROUP group. This
ran
heterogeneous group consists of targets that include hosts, databases, and WebLogic
j e b servers. Two rules are included:
D 1. If any database or WebLogic servers are down, the action is to automatically create an
incident and set its priority to high.
2. For any Fatal, Critical, or Warning incidents within the PROD-GROUP group, EM must
send an email if the severity is set to Warning, and a page if the severity is set to either
Fatal or Critical.

Recommendations
• General:
– Use groups as rule set targets.

– Place all the rules for the members of that group in the same
rule set.
– Control the execution order.
• Events: e
– Create incidents for what you want to manage in EM. e n s
le lic
– If appropriate, use rules to “forward” events, tickets, and
r a b
notifications to other systems. sfe n
• Incidents and problems: n - tra
o
– Automate your routine operations. s an
) h a deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
z (ad to
A zi
General recommendations:
i
ran
• Use a group as the target for your rule set.
j e b
D • Place all the rules for the members of that group in the same rule set.
• As much as possible, control the execution order of the rules within the rule set.

Here are some specific recommendations and examples for using the three different types
of rules:
For rules that operate on events:
• Create incidents for the alerts or events that you want to manage in Enterprise
Manager.
• Depending on your operation rules, you can use incident rules (with or without the
creation of an incident):
- If you want to use a ticketing connector in Enterprise Manager, you can define a
rule that creates both the incident and the ticket for the incident.
- Or you can send the events to a third-party management systems by using event
connectors.
- You can also send notifications on events, rather than creating incidents (as you
could in earlier releases). This is recommended for ad hoc usage. n se
lic e
For rules that operate on incidents: Automate operations for the incident workflow, such
ble
r a
as automatically assign owners to incidents, set priority for an incident or set its escalation
fe
s
level, or to send notifications for incidents. You can also create tickets based on incident
an
- t r
conditions, for example, creating a ticket when an incident is escalated to level 2.
n
no
For rules that operate on problems: Automate the management of problem workflows in
a
) h as deฺ
much the same way as with incidents, such as automatically assigning owners to problems,
o ฺ dz t Gui
setting priority for a problem, defining its escalation level, or sending notifications for
problems.
r e do den
o o S tu
a n i@ this
j e br use
z (ad to
i A zi
ran
j e b
D

Prioritization of Rules and Notifications
Under heavy load, processing priority is based on:

• Lifecycle status of the target

1. Mission Critical (highest priority)
2. Production
3. Stage
4. Test e
e n s
5. Development (lowest priority)
e lic
• Type of event or incident r a bl
ns fe
– Availability events and incidents (highest priority)
r a
t
on- severities
– All events and incidents of warning andncritical
a
as eฺ
– All informational events (lowest priority)
h
d z ) u id
o o ฺ tG
d e n
o ore Stud
a n i@ this
e b r © s2015,
j u
z (ad to
A zi
If Enterprise Manager experiences a very heavy load, it is important that the more important
i
ran
events and incidents are processed ahead of others. Two factors determine the processing
j e b priority.
D • The first factor is the lifecycle status of the target with the priority based on the order
shown in the slide: where Mission Critical targets have the highest priority and
Development targets have the lowest. As an EM administrator, one of your
responsibilities is to set the lifecycle status of each target appropriately. The statuses
shown here are the predefined ones.
• The second factor is the type of event or incident. Any availability event or incident,
such as target down, always has the highest priority. Next, any events or incidents that
are for critical or warning severities are handled, and finally informational events are
treated as the lowest priority.
This prioritization is taken into account only when the system is under heavy load. When the
system is under normal load, events and incidents are handled as they arrive.

Quiz
Incident Manager provides context-sensitive guided resolutions

for incidents.
a. True
b. False
n se
lic e
ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
iz (ad to
Aza
Answer:
i
b r an
Dj e

Quiz
You can never automate responses to incidents.

a. True
b. False
n se
lic e
ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
iz (ad to
Azb
Answer:
i
b r an
Dj e

Summary

• Describe the use of events, incidents, and problems in

Enterprise Manager Cloud Control
• Access Incident Manager to manage events, incidents,
and problems
• Perform incident lifecycle operations se
e n
• Understand the purpose of incident rule sets
e lic
r a bl
s fe
- t r an
no n
a
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
z (ad to
i A zi
ran
j e b
D

Practice Overview:
Managing Incidents
• Preparing an incident
• Finding and resolving an incident
n se
lic e
ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
z (ad to
A zi
Demonstrations relevant for this lesson include:
i
ran
• Incident Management Overview: Shows you how to access and navigate the
j e b Incident Manager user interface
D
• Creating an Incident Management View: Shows you how to create a customized
view for selected incidents
• Viewing Incident Details: Shows you how to perform incident lifecycle tasks (when
you cooperate with other administrators in a data center)

Patching and Provisioning
n se
lic e
ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
z (ad to
i A zi
ran
j e b
D
Objectives

• Discuss software lifecycle management

• Describe the different roles and responsibilities
• Define provisioning, patching, and the software library
• Configure the software library
• Use deployment procedures for provisioning and patching n se
automation lic e
a b le
• Patch software
s f er
• Define bare metal provisioning - t r an
n no
a
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
z (ad to
i A zi
ran
j e b
D

Software Lifecycle Management
• Software provisioning
• Software patch management

• Software upgrades
• MyOracle Support integration
Discover/ Test &
collect approve
n se
Install
lic e
bl e
Uninstall
fe r a
Software lifecycle s
n
Deactivate management -tra on
Provision/
a n Configure
clone
Applications
h a s e ฺ & activate
Databasedz )
Report
u i d Patch
Middleware
Operating do
o ฺ t G
systemsr e u d en
@ oo s St
r a ni © 2015,
tOracle
eb o us
Copyright
d j t
z (a
A zi
As the enterprise grows, as an administrator, you are constantly required to acquire new
i
ran
software and hardware. At the same time, you also need to decommission the old or unused
j e b hardware and software. You are also required to upgrade the existing software and apply
D patches as required.
The provisioning and patching features of Cloud Control automate the deployment of
software, applications, and patches. They make critical data center operations easy,
efficient, and scalable resulting in lower operational risk and cost of ownership.
• Software provisioning allows you to deploy database and middleware software
enterprise wide.
• Software patch management allows you to perform complete end-to-end patch
process.
• Software upgrades can be automated (configured, tested, and deployed) in mass.
• MyOracle Support (MOS) integration allows for automatic updates and facilitates
context-sensitive access to information. (MOS also provides integrated incident
management.)
The modular nature of Cloud Control facilitates performing the lifecycle management tasks,
because you can, for example, update a plug-in without updating the entire EM
infrastructure.

Software Lifecycle Requirements
• Configure the Software Library

– Recommended at installation time

• Define software lifecycle roles
– Site administrator: Managing access
– Designer: Creating the workflow and its procedures
– Operator: Using published procedures e
e n s
e lic
r a bl
s fe
- t r an
no n
a
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
z (ad to
A zi
To perform software lifecycle management, you must have a Software Library configured.
i
ran
The Software Library is the repository that stores all certified software entities such as
j e b software patches, virtual appliance images, reference gold images, application software and
D their associated directive scripts used by the provisioning and patching framework.
To start using the software library, it is mandatory to configure at least one storage location.
By default, a location is defined at installation time.

Access to the software lifecycle framework and to the software library that stores all its
required entities, can be implemented with the following roles:
• The site administrator, a Super Administrator, is responsible for creating the users,
granting them appropriate roles and maintaining the Cloud Control Infrastructure.
• A Designer is someone who creates the workflow and its procedures:
- Define profile or use Oracle predefined profile (for known configurations, such as
Exadata database provisioning)

- Use profile to create deployment procedures, which are tested and published.
- Create patching workflows
- Lock procedures for use by the operators.
• Operators consume the published procedures to deploy or patch software without
necessarily understanding all the nuances of more complex environments.
- Execute the published procedures on EM targets. n se
lic e
- Monitor the progress of the executions.
ble
- Debug any issues that may come up in the executions. fe r a
ans
n - t r
Typically, Designers are assigned the predefined EM_ALL_DESIGNER role and Operators
but finer role assignment can be defined as well. a no

the EM_ALL_OPERATOR. These roles include roles for both provisioning and patching tasks
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
j e br use
z (ad to
i A zi
ran
j e b
D

Configuring the Software Library: Review
• Storing certified software entities in:

– Oracle-owned folders, locked, shipped by default

– User-owned folders
• Configuring the Software Library
– Allocate sufficient space for software binaries and scripts
– Storage types: e
e n s
— NFS file system
e lic
— Any agent-reachable file system:
r a bl
OMS Shared File System (recommended for UNIX) s fe
an
—
— OMS Agent File System (recommended for Windows)

n - t r
o
Referenced locations (separate from thenOMS)
—
s a
h a d e ฺ
)
dz t Gu i
o ฺ
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
z (ad to
A zi
A short review from the Enterprise Manager Cloud Control Installation and Upgrade
i
a n
course:
j e brThe Software Library has two types of folders: Oracle-owned folders (marked by a lock
D
symbol, shipped with the product by default) and user-owned folders.
The storage type can be an NFS file system that is being shared between OMSs or any file
system that the agents can reach. You can define referenced locations: So, if you have a
centralized location for serving these entities that is separate to the OMS, you can reference
them via HTTP, NFS, and so forth. In this case, the OMS stores the metadata about where
this referenced location is, and the software bits are stored externally.
If you have multiple OMSs (for High Availability) in your enterprise, create the software
library in a location that can be accessed by all OMSs.
Super Administrators, who have by default complete privileges on all entities present in
Software Library, create the additional administrators as they see fit for their enterprise.
Fine-grained access privileges can be defined by the owners of entities or the Super
Administrator.

Provisioning Elements
• Component or entity:
– Building block of the complete software configuration

– Self-updateable (with MOS connection)
– Examples: OS, Oracle software, applications, and so on
• Directive:
– An instruction set for staging, preinstallation, installation, or e
postinstallation of an image or a component e n s
e lic
– Executed during the provisioning phase abl er
• Gold image: Compliant, tested images for consistent
a n sf use
tr
• on-
All elements are stored in the Software nlibrary.
s a
h a d e ฺ
)
dz t Gu i
o ฺ
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
z (ad to
A zi
Provisioning allows automated, unattended mass deployments of software to your managed
i
ran
enterprise. Elements of provisioning include:
j e b • Components: Are entities or primary building blocks that are combined with other
D components, to specify the complete software configuration or image that is
provisioned on target machines. A component can be any operating system software,
Oracle software, or any third-party software and applications. Many of these entities
are self-updateable (if there is a connection to MyOracle Support).
• Directives: A directive is used as an instruction set. It is a custom script that is
associated with a software component and/or image, and executed during one of the
provisioning phases from either the target hardware server or the staging server.
When you create a directive, specify the directive name, description, and the script
type (such as, Perl and BASH).
• Gold images: Created by component designers based on corporate standards from
reference deployments. They are compliant and tested images, stored in the software
library, from which they can be used by all operators in a consistent manner.
The software library serves as the central repository for metadata and binary content of
software patches, virtual appliance images, reference gold images, application software,
and their associated directive scripts. The software library maintains versions, maturity
levels, and states of its entities.

Provisioning Roles and Privileges
• Site administrator: Super Administrator for managing all

access
• Designer: Creates provisioning workflow and its
procedures
– Give the EM_ALL_DESIGNER role
– Restrict access with the EM_PROVISIONING_DESIGNER
role only n se
lic e
• Operator: Views and uses published procedures ble
fe r a
– Give the EM_ALL_OPERATOR role ns
t r a
on-
– Restrict access with the EM_PROVISIONING_OPERATOR
n
role only a
• h
May require other roles and privileges,
) d e
depending
as
on the
ฺ
d z u i
ฺ G
doo ent
type of target being provisioned
o ore Stud
a n i@ this
e b r © s2015,
j u
z (ad to
A zi
To manage the software provisioning, a Super Administrator may create Provisioning
i
ran
Designers and/or Operators. The EM_ALL_DESIGNER role includes
j e b EM_PROVISIONING_DESIGNER for provisioning tasks, or you can specifically set up an
D administrator with only the EM_PROVISIONING_DESIGNER role.
The EM_ALL_OPERATOR role includes EM_PROVISIONING_OPERATOR for provisioning
tasks, or you can specifically set up an administrator with only the
EM_PROVISIONING_OPERATOR role. Depending on the type of provisioning tasks, other
roles and privileges may be required. For example, the Operator Any Target privilege
is required for Designers or Operators performing Database provisioning.

Bare Metal or OS Provisioning
After
Before
Discovered Provisioned with
in Cloud Control a gold image
n se
lic e
ble
fe r a
ans
n - t r
Server inserted
in rack and powered a no
on (PXE boot) ) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
z (ad to
A zi
The Bare Metal Provisioning application provides server lifecycle management capabilities
i
ran
that enable you to build, manage, and optimize the server infrastructure. The application
j e b provides an automated, repeatable, and reliable solution that:
D • Automates the deployment of consistent, certified Linux operating system images
along with other software on a large number of servers
• Leads to faster, unattended deployment of software and operating system
• Allows provisioning of middleware, clusterware, and RAC on top of the Linux stack
• Provides a template-based approach for provisioning a variety of Linux configurations
with software on servers. This also ensures compliance to standards and consistency
across all deployments.
• Supports heterogeneous hardware and network configuration
• Automatically discovers bare metal and live target servers for provisioning
• Encodes Oracle-provided best practices for deployment and patching for Oracle
software
• Results in reduction of manual labor that leads to substantial cost savings
The application uses standardized Pre Boot Execution (PXE) environment booting process
for provisioning both bare metal and live servers. It provides a role-based user interface for
creating gold images and initiates automated, unattended installations.

Software and Database Provisioning Workflow
Select Reference DB
Create Profile
Host
Provisioning DB Host
Designer
Use Profile to populate
Procedure Inputs
n se
DB Profile lic
e
a b le
s fer
Lock down inputs
and save Procedure
Publish to
- t r an
Operator
no n
a
Locked
) h as Provisioning
d e ฺ
Procedure
dz t Gu consumes i Operator Best Practice
o ฺ Procedure
r e do den procedure
o
o sS t u
i @
tOracle
r a e
eb o us
Copyright
d j t
z (a
A zi
The slide depicts the workflow of a database provisioning operation.
i
a the provisioning designer takes a reference database host to create a software image. n
j e brFirst,
D So he creates a profile out of this database host that contains the software and also the
configurations information of this database. The profile prevents from having to repeat the
configuration input for each deployment procedure when some of these inputs are identical.
Then he uses this profile to create a procedure and populates it with new inputs, like
ORACLE_HOME, ORACLE_SID, and other configuration parameters.
The values stored in the procedure can be locked as such so that the operator using the
procedure for deployment is not able to modify it. The designer then saves the procedure as
a locked procedure.
This locked procedure is then published by the designer as a best practice procedure to
operators for deployment.

Deployment Procedures for Provisioning and
Patching Automation
Deployment Procedure
Host 2
Copy & Extract bits
Copy & Extract scripts
Software Library Run the install scripts
n se
Discover Database Target Database
lic e
bl e
Clean up
fe r a
an s Host 1
n - t r
a no
) h as deฺ
Create Profile z
o ฺ d t Gui
r e do den Source Database
oo s St u
@
tOracle
r a e
eb o us
Copyright
d j t
z (a
A zi
How does it work when you want to use deployment procedures?
i
a the designer creates a profile from a source host, the software image is copied from n
j e brWhen
D the source to the software library.
Then the designer creates a software deployment procedure to use this software image
from the library to deploy it to a target host, providing all the inputs stored in the procedure,
such as installation of the software and also creation of a new database with specific
parameters and other attributes. So not only the software is deployed on the target host, but
also a new database can be created.

Deployment Procedures Properties
Deployment procedures:
• Can be extended
• Are reusable
• Can be duplicated
• Are hot pluggable
e n se
• Can be automated lic
ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
z (ad to
A zi
Deployment procedures provide a framework to achieve synergy between Oracle’s best
i
ran
practices and your own methods. Custom scripts can be plugged into deployment
j e b procedures for handling special tasks. The following properties make deployment
D procedures useful:
• Extensible: Deployment procedures use Oracle-recommended best practices and
can be used for any target. Oracle-provided deployment procedures cannot be
modified. However, you can create a copy of the Oracle-provided deployment
procedure and modify it to insert or delete steps and error-handling modes.
• Reusable: Deployment procedures are reusable. The steps of the deployment
procedure can be based against directives that are stored in the software library.
Deployment procedures can also be exported and imported across environments. This
implies that the deployment procedures when developed for a test environment can be
reused for production environment.
• Duplicated: Oracle’s default procedures are locked. They cannot be modified, but
they can be duplicated with the CREATE LIKE functionality.
• Hot pluggable: The Oracle-provided deployment procedures are metadata driven, so
new sets of procedures can be added to the Cloud Control environment without any
additional outage.

• Automated: The run time for all the deployment procedures, such as Oracle patching,
OS patching, and so forth, can be automated by using the command line and
associated verbs.
n se
lic e
ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
j e br use
z (ad to
i A zi
ran
j e b
D

Phases and Steps
• A phase contains steps or more phases and is associated

with a target list. The types of phases are:

– Rolling
– Parallel
• A step is an abstraction of a unit of work. The types of
steps are:
se
– Manual: For example, logging in and updating kernel
l i cen
parameters, rebooting, or providing special privileges to ble
users f e ra
– Computational: For example, retrieving target t r a ns
properties
-
from the repository and updating the a non information
runtime
s epatching,
– Action: For example, executinghaascript, ฺ upgrading
z ) u i d
an Oracle Home oฺd d o G nt
e d e
o or Stu
a n i@ this
e b r © s2015,
j u
z (ad to
A zi
There are various phases and steps in a deployment procedure. A phase defines the
i
ran
execution of the steps. The types of phases are:
j e b • Rolling: Steps are executed serially across targets.
D
• Parallel: Steps are executed in parallel across targets.
A step is an abstraction of a unit of work (for example, starting the database). It is part of a
phase or is independent. The types of steps are:
• Manual: A manual step is a task that requires user interaction and cannot be
automated. Typically, Deployment Procedure Manager displays the instructions that
must be performed by the user.
• Computational: A computational step is a task whose operations are performed
within the deployment engine and does not require any user intervention. This step
gathers additional information for executing a procedure. This step cannot be inserted
by a user, only Oracle Corporation can insert this step.

• Action: An action step is a task, which performs some operations that are run on a
target or multiple targets. Action steps must be enclosed within a phase. The
Deployment Procedure Manager maps the action step and target pair to a job in the
Cloud Control job system. The Deployment Procedure Manager schedules, submits,
and executes a job per action step per target. Types of action steps are:
- Job: Job is a special type of an action step that executes a predefined job type
on a target. This is used if you want to execute a job type as a part of a

deployment procedure. You need to pass job parameters for a step (for example,
when staging a patch or starting a database).
- Directive: A directive step is a special type of an action step to deploy a directive
alone. This is useful when users want to store their custom scripts in the
software library and reuse them in a deployment procedure. For example,
executing root scripts, applying catpatch.sql and restarting the database,
and confirming if the prerequisites have been met. n se
lic e
- Component: A generic component step is a special type of an action step to e
deploy the software library component and the associated directive. Ther a bl
s fe
Deployment Procedure Manager executes the directive with respect to the
- t r an
component. The component used for the generic component step generally has
no n
one directive associated with it. This association is done by selecting both the
a
) h as deฺ
component and the directive while creating the step. All directives that you
dz t Gui
associate with the component while uploading to the software library are ignored
o ฺ
while executing the step. Examples for a generic component step include
e do den
applying a patch, validating prerequisites before performing an installation, and
r
o o S tu
installing Oracle software on target machines.
- a n i@ this
Registered Component: The registered component step is a special type of an
j e br use
action step that consists of a job type and a software library component. The
z (ad to
Deployment Procedure Manager invokes the specified job type, which handles
i A zi the staging and installation of the component (for example, cloning Oracle
ran software from the software library to the target machine).
j e b - Host Command: This is a special type of an action step that encapsulates
D simple host commands. This step allows the user to enter a command line or a
script (multiple commands) to be executed on the target host. For example,
starting an agent (emctl start agent) or restarting Oracle Internet Directory
(OID).
You can provide values to various properties associated with a directive or component
through Map Properties. You have three execution privileges: Normal, sudo, and Pluggable
Authentication Modules (PAM) for UNIX platforms. You can choose the appropriate privilege
you want by selecting the privilege from the Execution privilege list in the Execution Mode
section.

Customized Deployment Procedures: Examples
You can customize an Oracle-provided deployment procedure

to suit your requirements. Here are some examples:

• Insert a custom step to back up the database before
patching.
• Insert a manual step to check for key users before
stopping a database.
e n se
• Shut down and start up an application server to perform lic
operations that are outside the scope of an Oracle- able
provided procedure. Examples include stoppingnand s fer
-
starting an enterprise resource planning (ERP)
n traapplication.
n o
a
• Set a notification for the deployments procedure run.
) h a deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
dj to u
i z (a
You can
n i Azcustomize deployment procedures to suit your requirements.
a• Insert a custom step to back up the database before patching: A data center is
Dj ebr notified by Cloud Control that its Oracle database installations are affected by Oracle’s
latest Critical Patch Update (CPU). The security administrator studies the impact and
hands it over to the lead DBA who first applies it to his or her test systems. In the
process, the DBA wants to back up the database before applying the patch. The DBA
uses the Create Like feature of the “Patch Oracle Database” Deployment Procedure
and inserts a custom step before the Apply Patch step, associating the script to take a
backup, which he or she has uploaded to the software library. As a result, on the
execution of the deployment procedure, the backup of the database is performed each
time before applying the patch.
• Insert a manual step: XYZ Corporation has a process of ensuring that users are
logged off from their application before the database is shut down. The DBA checks
with key users whether they have indeed logged off before proceeding with the
database shutdown. This can be achieved by introducing a manual step before the
“Stop Database” step. The procedure pauses on the completion of the manual step.
Only when the DBA chooses to continue would the procedure advance.

• Shutdown and startup of an application server: Deployment procedures can be
used to perform operations that are outside the scope of the Oracle-provided
procedures. Examples include stopping and starting an ERP application or registering
a newly provisioned service with the load balancer. Each of these steps can run in the
context of any valid operating system user and can make use of a PAM, such as
“pbrun” (Powerbroker). They can also run in superuser mode by using “sudo.”
• Set notification for the deployment procedure run: To receive notifications from
deployment procedures, perform the following steps during design time:
1. Click Create Like.
2. Select the Enable Notification check box, and optionally provide the Notification
Tag Name.
3. Select the statuses for which you would want the notifications to be sent from the
list (for example, Success, Failure, or Action Required).
n se
4. Save the procedure. lic e
ble
5. Select the Send Email option for the standard PAF Status Notification rule from
fe r a
the Notification Rules page under Preferences. Upon running the procedure
ans
n - t r
based on the status selected for notification, the users for whom email addresses
are set up would receive notifications.
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
j e br use
z (ad to
i A zi
ran
j e b
D

Software Patching
• Available for a subset of target types

– Check product release information for supported patching

modes
– Examples of products that support patching: Specific
versions of Oracle Database, RAC, WebLogic Server and so
on
• Must be done by privileged Administrators n se
lic e
• Software Library must be configured ble
fe r a
• Patches availability modes s
– Online - t r an
n o n
— Connected to My Oracle Support (MOS)
a
— Default mode has eฺz ) id
ฺ d u
– Offline
d o o
e n tG
—
o o e Stud
Not connected torMOS
a n i@ this
e b r © s2015,
j u
z (ad to
A zi
The patch management functionality of Cloud Control supports patching of various target
i
ran
types such as single instance databases, the Real Application Cluster stack, WebLogic
j e b Server and so on, for specific versions, and are documented in the products release
D information. Patching your managed targets is a critical task that can only be handled by
specific Administrators. Before you begin using this functionality, the Super Administrator
must set up patching administrators and their roles based on their intended job duties. The
Software Library must also be configured as it is the location where patches are
downloaded. Patches can be accessed directly from My Oracle Support (MOS), in which
case Cloud Control is configured as “Online” mode. If your security policies prevent you
from directly accessing MOS, you can configure the MOS connection mode to “Offline”.
In this case, patches information can be downloaded separately on one of your connected
systems and later uploaded to Cloud Control.

Patching Workflow
1. Understand the Oracle patching concepts

– Patch Plans and Templates

2. Infrastructure setup
– Create patch administrators
– Set up MOS connection mode
3. View patch recommendations se
e n
– Identify patches of interest
e lic
4. Design a patching process for your enterprise r a bl
s fe
– Patch Plans
- t r an
– Analyze Plans n no
a
– Patch Template
) h as deฺ
5. Apply patches o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
dj to u
z ( a
PatchA
i zi are lists of patches you want to apply as a group to one or more targets. Patch
plans
an can include patch sets or one-off patches and they automatically map to a patching
brplans
Dje Deployment Procedure that can complete that task. A patch plan can be analyzed against
your system, or a subset of your targets. At this time, conflicts are identified. If the patch
plans complete the analyze phase and are found deployable, you can save them as Patch
Templates that are target independent and later can be deployed against various other
targets. Undeployable plans can still be used for analysis and manually downloading and
applying patches.

To start using the patching functionality you must first set up your MOS connection mode
(by default, Online) and the various Administrators and their roles required for patching.
Similar to the administrators that perform provisioning tasks, patching activities can be
performed by:
• Site administrator: A Super Administrator responsible for creating the users,
granting them appropriate roles, and maintaining the Cloud Control Infrastructure
• Patch Designer: Takes a leading role in creating patch plans and patch templates, as
they apply to your organization
• Patch Operator: Has a more restrictive role, typically to only view and submit
patching jobs.
Consider the following when creating the administrators that will be performing patching
tasks:
• The EM_ALL_DESIGNER role includes EM_PATCH_DESIGNER needed for creating patching
n se
tasks, or you can specifically set up an administrator with only the EM_PATCH_DESIGNER role.
lic e
• The EM_ALL_OPERATOR role includes EM_PATCH_OPERATOR needed for viewing and ble
fe r a
submitting patching tasks, or you can specifically set up and administrator with only the
EM_PATCH_OPERATOR role.
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
j e br use
z (ad to
i A zi
ran
j e b
D

Software Patching Modes
• In-place
1. Bring down instances in each ORACLE_HOME

2. Apply patches to the existing Oracle Home
3. Restart database instances
• Out-of-place
1. Clone your ORACLE_HOME out of place. e
e n s
2. Apply patches to new Oracle Home.
e lic
3. Migrate instances to the new Oracle Home. r a bl
s fe
• Rolling and Parallel
- t r an
– RAC, Data Guard, WebLogic, and so onno types of targets n
a
– Rolling: Nodes patched one by one,
) h as sequentially
d e ฺ
– Parallel: All nodes patchedฺdatz the same
i
o o Gu time nt
e d d e
o or Stu
a n i@ this
e b r © s2015,
dj to u
i z (a
Patches
n i Azcan be applied:
bra• In place, which requires downtime during the patch application
Dje • Out-of-place, which allows you to clone your Oracle Home out of place, perform the
patching, and then migrate instances to the new Oracle Home. This method reduces
the downtime requirements for patching. This process also enhances the
recoverability; since the old Oracle Home has not been touched, you can revert to that
in case of issues after patching. This is only available for certain targets.
• Rolling or Parallel, which are applicable to multinode targets such as RAC, WebLogic,
and so on. In a rolling method application each node is patched separately, one by
one, where as a parallel application means all nodes are patched at the same time
requiring downtime for the system.
The method of choice depends on your downtime requirements and what options are made
available by Oracle at patch release time.
The patching process is integrated with My Oracle Support so that you can identify the
recommended patches for your environment. After the patches are applied from Enterprise
Manager, they do not appear in the recommended patches list for the selected target.

Out-of-Place Patching
1. Multiple databases are DB1 DB2

running from an Oracle
HOST
Home.
ORACLE HOME
2. Clone Oracle Home. DB1 DB2
3. Patch cloned Oracle se
n
HOST
Home (no down time). PATCH
lic e
ble
ORACLE HOME ORACLE HOME A
fe r a
t r a ns
4. Switch instances to n-DB1 DB2
no
cloned Oracle Home. a
as deฺ
HOST
) h
5. Apply SQL scripts (if
o ฺ dz t Gui ORACLE HOME A
needed).
e d o ORACLE e n HOME
or Stu d
o
a n i@ this
e b r © s2015,
j u
z (ad to
A zi
Out-of-place Database Patching: Example
i
a n
j e brAssuming that you have multiple databases in an Oracle Home, which you need to patch,
D Enterprise Manager does the following:
1. Clones the ORACLE_HOME
2. Patches the cloned home. These operations do not require down time.
3. Switches all databases to the new patched Oracle Home. This requires the database
to be shut down.
4. Applies SQL scripts, if required, such as CPU SQL scripts
This workflow gives you the flexibility for easy recovery because you can revert to the
original ORACLE_HOME and the down time is reduced to the required minimum.

Patching Rollout Cycles Using Templates
Identify Patches Create Patch Plan

• Quarterly CPU • Associate with

• SR Test Target
• Other patches
Patching
Patch Plan
Designer
Create Patch
Conflicts Detected?
Apply on n se
Template
Automated Resolution
Test lic e
with My Oracle Support
Systembl e
fe r a
t r a ns
• Creates patch plans
from templates
n- • Completes
no
a Patch Rollouts
Patching • Associates
h s
a deฺ • Refreshes Plan
production targets )
dz t GuPatch i Plan with new Target
Operators
o o ฺ
e dProduction
d n
eTargets
r
oo s St u
@
tOracle
r a e
eb o us
Copyright
d j t
i z (a
n i AzPlan Example Using Templates
Patching
a templates can be used to define your patch rollouts.
ebr
Patch
Dj As a patching designer, you identify the patches that need to be applied such as the
quarterly CPU patches recommended by Oracle and the patches recommended by support
analysts for specific service request (SR) resolution.
Then you create a patch plan for the identified patches and associate it with a test target.
Testing detects possible conflicts. You can use the Automated Resolution with My Oracle
Support to solve the issue. When the testing is complete, you create a patch template from
the patch plan. This patch template is published to the patching operators.
The patching operators can create patch plans from templates and associate these patch
plans to production targets and perform regular rollouts.

Software Upgrades
• Upgrade multiple single instance databases in parallel

– Check versions supported

– Check and implement all prerequisites
• Extensive pre-upgrade and post-upgrade validation
• Upgrade software and instances combined or separate
• Ability to pause and resume upgrade by setting
n se
breakpoints lic e
ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
z (ad to
A zi
Cloud Control supports mass database upgrades via a Deployment Procedure called
i
ran
Upgrade Oracle Database. You can upgrade multiple single instance databases in
j e b parallel. There are limited combinations of “Target” and “Release to Upgrade to” versions.
D Upgrading databases also requires specific privileges and meeting certain prerequisites.
Always check the Oracle documentation for the current supported versions and all
prerequisites.
This upgrade method is designed to minimize downtime by:
• Doing extensive pre-upgrade analysis by using MyOracle Support for pre-upgrade
patch requirements such as CPUs, PSUs patches to apply.
• Using out-of-place copies and in-context backup before an upgrade
• Including support for pause and resume upgrade execution by setting breakpoints in
the process step by step
Using this Deployment allows you to precreate a gold image of the version on a test system
with all patches applied, usable for upgrading your databases.
For more information, view the product documentation and the “Mass Database Upgrade”
demonstration.

Upgrades: Using Breakpoints
• Set breakpoints to minimize downtime.

• Option to set breakpoint at:

– Initialize Deployment Procedure
– Execute System Checks
– Deploy Oracle Database Software
– Database Upgrade Checks e
e n s
– Upgrades Database Instance
e lic
r a bl
s fe
- t r an
no n
a
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
z (ad to
A zi
To minimize downtime during an upgrade, you can set breakpoints in the process and
i
ran
control the upgrade steps. The procedure execution pauses at the defined breakpoint to let
j e b you verify that the previous steps are successful. You have the option to:
D • Execute all the steps without any break points
• Pause once the initialization of the necessary data required for database upgrade is
completed
• Pause after system-level prerequisite checks
• Pause after the deployment of the database software on the list of hosts is completed
• Pause after database upgrade–related prerequisite checks are completed
• Pause after upgrade of the database instance

Quiz
Deployment procedures provide a workflow of all the tasks that

must be performed for a particular lifecycle management

activity.
a. True
b. False
n se
lic e
ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
iz (ad to
Aza
Answer:
i
b r an
Dj e

Quiz
Out-of-place patching keeps your original Oracle Home

available for recovery operations.

a. True
b. False
n se
lic e
ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
iz (ad to
Aza
Answer:
i
b r an
Dj e

Summary

• Discuss software lifecycle management

• Describe the different roles and responsibilities
• Define provisioning, patching, and the software library
• Configure the software library
• Use deployment procedures for provisioning and patching n se
automation lic e
a b le
• Patch software
s f er
• Define bare metal provisioning - t r an
n no
a
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
z (ad to
i A zi
ran
j e b
D

Practice Overview:
Offline Patching
• Verifying a configured a software library

• Verifying that offline patching is enabled
• Uploading patches to the software library
• Creating a patch plan
• Patching software n se
lic e
ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
z (ad to
A zi
Recommended demonstrations:
i
a n
j e br“Perform Out-of-Place Database Patching” for the Oracle-recommended patching approach,
D as well as “Mass Database Upgrade.”

D j e
ra b
n i A
zzi
(ad
j e
a n
to
o
br use
o r e
i@ this S
o ฺ
tu
)
do den
h
dz t Gui
a
as deฺ
n no
- t r an
s
fe r a bl
elic e n s
e
Managing Configurations
n se
lic e
ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
z (ad to
i A zi
ran
j e b
D
Objectives

• Explain the need for configuration management

• Describe configuration management
• View configurations of managed targets
• Compare configurations of managed targets
• View the configuration summary for managed targets n se
lic e
• Navigate to the configuration topology viewer e
r a bl
s fe
- t r an
no n
a
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
z (ad to
i A zi
ran
j e b
D

What Is Configuration Management?
Which hosts have a Which servers have a

specific operating particular version of

system patch the Oracle database
applied? installed?
When things stop

working, what has Which instances have
changed? a given patch n se
applied?
lic e
bl e
fe r a
an s
n - t r
What ports are
currently used by my a no databases
Which Oracle
have a
application server and h a s ฺ
e parameter setting?
specific initialization
its components? z ) u i d
o o ฺd t G
r e d
u d en
@ oo s St
r a ni © 2015,
tOracle
eb o us
Copyright
d j t
z (a
A zi
The IT department is responsible for maintaining the hardware and software configurations
i
ran
across the organization. Cloud Control enables you to automate configuration management
j e b of your enterprise. Using Cloud Control, you can centrally track hardware, software
D installations including patch levels, and software configuration data for software services
and systems that Cloud Control manages. These tasks collectively fall under Configuration
Management.

Configuration Management
Target
n se
Agent
lic e
ble
fe r a
Admin Server ans
n - t r
Managed Server
a no
WLS Domain ) h as deฺ
o ฺ dz t Gui
EM Repository OMS do en
r e u d
@ oo s St
r a ni © 2015,
tOracle
eb o us
Copyright
d j t
i z (a
Using A
i z Control, you can view, save, track, compare, and search the configuration
Cloud
a n
brinformation saved in the management repository for individual hosts, databases, application
Dje servers, clients, and the entire enterprise.
Cloud Control collects configuration information for all the hosts and the managed targets
on those hosts that have a running management agent. The agent periodically sends the
configuration information to the management repository over HTTP or HTTPS, allowing you
to view up-to-date configuration information for your entire enterprise through Cloud Control.
Using Cloud Control, you can perform the following actions for targets such as hosts,
databases, application servers, and clients:
• View the last collected and saved configuration.
• Save configurations to a configuration file or to the management repository.
• Search collected configuration data.
• View the history of configuration changes.
• Compare configurations.

Configuration Information: Examples
Target Type Configuration Information

Host Hardware, operating system, installed Oracle software

(product, patch sets, and interim patches), and operating
system registered software
Database SGA, PGA, undo tablespace, initialization parameters, and

database features
n se
Application Server Installation type, version, components, and Oracle Process
lic e
Manager and Notification Server (OPMN) details
ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
z (ad to
A zi
Using Cloud Control you can view configuration information for each type of target. All
i
ran
configuration information for any target is available from the target home menu under
j e b Configuration.
D
Some examples of configuration information are shown in the slide for the listed target
types.
The default collection period for host configuration information and application server
configuration information is 24 hours. The database configuration information is collected
every 12 hours.

Comparing Configurations
The Compare Configuration feature quickly finds the similarities

and differences between configurations. Use it to compare:

• The current configuration of a selected target type with one
or more current configurations of other targets of the same
type
• Saved configurations with one or more saved
configurations of the same or other targets e n se
l e lic
• Saved configurations with one or more current a b
e r
configurations of the same or other targets
a n sf
o n -tr
• A specific configuration with another configuration, and
then list the differences immediatelys a
n
) h a deฺ
• A specific configuration withฺdanother i
z Guconfiguration, and
o nt a job
edo
then schedule the comparison eas
or Stud
o
a n i@ this
e b r © s2015,
j u
z (ad to
A zi
The Compare Configuration feature enables you to compare the configurations of two
i
ran
targets or compare the configuration of one target with a saved configuration stored in a file
j e b or in the repository. Using this generic Compare Wizard, you can do the following:
D • Compare the current configuration of a selected target type with one or more current
configurations of other targets of the same type.
• Compare saved configurations with one or more saved configurations of the same or
other targets.
• Compare saved configurations with one or more current configurations of the same or
other targets.
• Compare a specific configuration with another configuration and list the differences
immediately.
• Compare a specific configuration with another configuration and schedule the
comparison as a job.
The Comparison Results Summary page summarizes the configuration comparison
results. You can view the summary of the comparison on this page, and you can navigate to
more detailed information about differences in the comparison items.

Searching the Enterprise Configuration
Which hosts have

not had the
operating system
patch 105181-05
installed?
Which hosts have an n se

Oracle version
lic e
10.2.0.4.0 database
ble
r a
installed, and in what
fe
ans
Oracle Home
- t r
directories are those
n
a no databases installed?
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
z (ad to
A zi
In some cases, you may want to search your enterprise configuration to get answers to
i
ran
specific questions about your enterprise. Enterprise configuration searches query the
j e b enterprise configuration views in the management repository to find configuration
D information that satisfies the specified search criteria.

Types of Enterprise Configuration Searches
• Predefined searches:
– Oracle products, patch sets, and interim patches

– Software registered with the host operating system
– Initialization parameter settings
– Tablespaces, data files, and database settings
– Database feature usage e
e n s
– Host operating system components, patches, property lic
settings, and property changes
a b le
– Host operating system and hardware summariesnsfe
r
– Host file systems and network interface card
n - ra
tconfigurations
– Policy library a no
s h a deฺ
• User-defined searches )
dz t Gui
o ฺ
r e do den
o o S tu
a n i@ this
e b r © s2015,
dj to u
i z (a
Cloud A
i z provides two types of enterprise configuration searches:
Control
a n
brPredefined searches: Although these searches are predefined, you can modify the search
Dje criteria for each search, allowing you the flexibility to create specific search queries. Based
on your search criteria, Cloud Control creates the SQL query that searches the enterprise
configuration views in the management repository. Cloud Control provides the following
predefined enterprise configuration searches:
• Search Oracle products, patch sets, and interim patches installed in Oracle Homes.
• Search software registered with the host operating system.
• Search initialization parameter settings and setting changes.
• Search tablespaces, data files, and recommended database settings.
• Search database feature usage.
• Search host operating system components, patches, property settings, and property
changes.
• Search host operating system and hardware summaries.
• Search host file systems and network interface card configurations.
• Search policy library.
User-defined searches: With a user-defined search, you specify the SQL query that
searches the enterprise configuration views in the management repository.

Configuration Topology Viewer
• Displays a layout of a target’s relationships with other

targets
n se
lic e
ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
z (ad to
A zi
The topology viewer can be accessed from any target home menu under Configuration >
i
ran
Topology and it provides a graphical representation of that target’s relationships with other
j e b targets.
D

Quiz
You can compare configurations between:

a. Two configurations in the management repository

b. One configuration with multiple configurations
c. A configuration in the management repository with a saved
configuration file
d. All of the above
n se
lic e
ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
iz (ad to
Azd
Answer:
i
b r an
Dj e

Quiz
By using configuration management in Cloud Control, you can

view the hardware configuration of your host.

a. True
b. False
n se
lic e
ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
iz (ad to
Aza
Answer:
i
b r an
Dj e

Summary

• Explain the need for configuration management

• Describe configuration management
• View configurations of managed targets
• Compare configurations of managed targets
• View the configuration summary for managed targets n se
lic e
• Navigate to the configuration topology viewer e
r a bl
s fe
- t r an
no n
a
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
z (ad to
i A zi
ran
j e b
D

Practice Overview:
Configuration Management
• Viewing configuration details (installed OS packages and

their version numbers under Operating System
Components)
• Viewing configuration history and topology
• Comparing one host configuration with another host se
configuration e n
le lic
• Searching configurations for Oracle products installed a b
in
Oracle Homes s f er
an -tr
n o n
a
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
dj to u
i z (a
n i Azpractices, you view, compare, and search the configuration information in the
In these
a
brManagement Repository to monitor and manage your enterprise configuration. You
Dje complete the following tasks:
1. View the installed OS packages and their version numbers under Operating System
Components.
2. View the configuration history and use the topology viewer.
3. Compare your host configuration with another host configuration.
4. Search for Oracle products installed in Oracle Homes.
The “Manage Application Stack Configuration with System Comparisons” demonstration
shows you how to compare systems with the use of comparison templates. It shows how
one database is compared with two others. Demonstration details include using target
properties and learning how these properties can be used to ignore differences.

D j e
ra b
n i A
zzi
(ad
j e
a n
to
o
br use
o r e
i@ this S
o ฺ
tu
)
do den
h
dz t Gui
a
as deฺ
n no
- t r an
s
fe r a bl
elic e n s
e
Managing Compliance
n se
lic e
ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
z (ad to
i A zi
ran
j e b
D
Objectives

• Define compliance management: framework, standards,

and rules
• Describe the predefined compliance standards
• Assign compliance standards to targets
• Understand the compliance evaluation method
n se
• Analyze compliance results lic e
le b
f e ra
ns
n - tra
n o
a
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
z (ad to
i A zi
ran
j e b
D

Compliance: Overview
Compliance is the conformance to standards or requirements.

Is compliant
n se
or lic e
ble
fe r a
an s
n - t r
Compliance
Target
Standards a no
) h as dIsenot ฺ compliant
dz t Gu i
o ฺ
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
z (ad to
A zi
For an enterprise to run efficiently, it must adhere to standards that promote the best
i
ran
practices for security, configuration, and storage. After these standards are developed, you
j e b can apply and test for these standards throughout your organization, that is, test for
D compliance. Compliance is the conformance to standards, or requirements. Using Cloud
Control, you can test the conformance of your targets for security standards, and
configuration and storage requirements. By continually testing your systems, services, and
targets, you are ensuring the best possible protection and performance for your system.

Understanding Compliance Management
• Compliance Standard Rule

Compliance Framework
– Discrete check or test

– Specific to a target type
– May result in multiple violations
Compliance Standards
• Real Time Facet
– Group of related files, processes,
and so on
e n se
– Used by a real-time rule Compliance Standard Ruleslic
le b
• Compliance Standard f e ra
s an
– Collection of compliance rules - t r
– Specific to a target type n on Time Facets
Real
s a
• Compliance Framework h a d e ฺ
)
dz t Gu i
– Collection of complianceostandards ฺ
– Compliance standards r e docan be d eof n different target types
oo s St u
@
tOracle
r a e
eb o us
Copyright
d j t
i z (a
n i Az
The compliance management framework of EM Cloud Control provides ways to evaluate
a or systems for compliance with business best practices in terms of configuration,
brtargets
Dje security, storage, and other factors. To use them, you define compliance frameworks,
compliance standards, compliance standard rules, and real time facets.
To effectively use a compliance framework, organize the framework to mimic the
compliance framework you use in your organization. The compliance framework helps
administrators to create rules and standards. Compliance security officers and auditors can
take advantage of comprehensive compliance reports generated based on the structure.
There are two types of compliance frameworks:
• Out-of-box predefined compliance frameworks, such as the Security Technical
Implementation Guide (STIG), Certification, Payment Card Industry Data Security
Standard (PCI DSS), or Oracle Generic Compliance Framework
• User-defined compliance frameworks, which can be based on a predefined
compliance framework

Understanding Compliance Standards
Compliance standards are comprised of compliance standard

rules, rule folders, and included compliance standards in a

hierarchical structure.
Compliance Standard
n se
lic e
Compliance Standard Rule Folder Compliance le
rab
Standard Rule
e
a n sf
tr
n on-
Rule Folder s a
Compliance
h a
Standard d e ฺRule
)
dz t Gu i
o ฺ
r e do den
o o S tu
a n i@ this
e b r © s2015,
dj to u
i z (a
n i Az standard defines what to monitor and the conditions for evaluation, and is
A compliance
a to define a compliance framework.
brused
Dje Compliance standards are a hierarchical structure comprised of the following entities:
• Compliance standard rules: Checks in the form of SQL or other OS scripts. Rules
can be part of multiple compliance standards.
• Rule folders: Include individual compliance standard rules and nested rule folders.
Rule folders are a mechanism to organize rules in a compliance standard. A rule folder
can only be used within the compliance standard in which it is created.
• Other compliance standards: Various compliance standards of the same target type
can be included.
Compliance standards are the entities that must be associated to targets in order for
evaluations to take place. All rules within a standard are then evaluated.
Hundreds of predefined compliance standards, with thousands of rules, are provided with
Enterprise Manager Cloud Control, for various target types such as: database instance,
listener, host, and so on. You may use these compliance standards when defining your own
compliance frameworks or defining new compliance standards. You can use the “Create
Like” feature to create a new compliance standard with the same definition as a predefined
compliance standard. Only user-defined compliance standards can be edited and tailored
for your environments.
Understanding Compliance Standard Rules
• Repository rule:
– Used to validate metric collection data in the Enterprise

Manager repository
– Repository browser can be used to aid in rule creation
• Real-time monitoring rule:
– Used to monitor actions against files, processes, and other
structures n se
lic e
– Also can be used to capture login/logout information ble ra
• WebLogic Server signature rule: f e
rans
o n -t
– Used to check a WebLogic target for best practice
configuration an
• h
Agent side rule: Checks for violations
) d e agent side,
on
as ฺ
z u i
o ฺd t G
metrics automatically collected
o
d en
o ore Stud
a n i@ this
e b r © s2015,
j u
z (ad to
A zi
Compliance standard rules specify the “check” that is to take place against the target to help
i
a n
determine its compliance.
j e brYou can define the following types of compliance standard rules:
D
• Repository rule: A repository rule is evaluated against the repository data only when
the data changes underneath and uses the current data that exists in the repository. A
repository browser is provided to aid in rule creation to build the query.
• Real-time monitoring rule: A real-time monitoring rule activates the agent to perform
real-time change detection for file actions, schema actions, and process actions to
detect when and where a particular action took place, and who performed the action.
You can apply the rule to a particular target type. A real-time monitoring rule can also
be used to detect unauthorized changes and correlate them to the Change
Management System.

• WebLogic Server Signature rule: A WebLogic Server Signature rule performs BEA
Guardian health checks using the Cloud Control agent and is used to check a
WebLogic target against Oracle Support best practices.
• Agent side rule: To check for violations on the agent side
Agent side rules are implemented by using configuration extensions, which provide
a way to extend the Compliance framework. These extensions must first be defined
to collect data that Cloud Control does not already collect, and then associated with an
agent side rule. The association automatically deploys to the agent all needed logic to
perform the checks.
In addition, you can define a manual rule, for tasks that cannot be automated.
n se
lic e
ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
j e br use
z (ad to
i A zi
ran
j e b
D

Implementing Compliance Management
1. A Super Administrator defines the Compliances users:

A. Creates or assigns Enterprise Manager users: Compliance

Author, IT Administrator, and Compliance Auditor
B. Assigns the appropriate roles and privileges to the
Compliance Author and the IT Administrator
C. Assigns the same target privileges to the IT Administrator
and the Compliance Auditor n se
lic e
2. The Compliance Author/Designer defines a company le
r a b
compliance rules and standards: f e
A. Reviews out-of-the-box compliance standards traand rules ns
o n -
a n as needed
B. Creates new compliance standard rules
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
dj to u
i z (a
n i Az in the slide on this page and the next describe how a typical Enterprise Manager
The steps
b r a
structure can be defined so that auditors can verify that targets are in compliance with the
Dj e organization’s compliance framework.
1. First, a Super Administrator creates, or assigns, existing EM administrators, the
following three distinct job roles:
- A Compliance Author or Designer: The designer of the compliance standards,
rules and facets. This user is given the predefined role
EM_COMPLIANCE_DESIGNER, which includes some target management
privileges.
- An Compliance Auditor, or Officer, is the consumer of the compliance entities
defined by the author/designer, by creating the Compliance Frameworks. This
user is given the EM_COMPLIANCE_OFFICER role with visibility across a data
center and no specific target privileges.
- An IT/DBA Administrator associates targets with standards, reviews, and
resolves compliance violations. This administrator typically is the owner of the
targets.
2. The Compliance Author/Designer reviews Oracle pre-created standards and rules and
creates new ones based on their own policies.

Implementing Compliance Management
3. The IT Administrator works on targets:

A. Sets up monitoring configuration parameters as needed by

compliance standards and rules, for a particular test target
B. Creates monitoring templates from the test target and apply
it to the other targets that require compliance standards
— Use of Administration Groups and Template Collections
recommended
n se
C. Associates the targets with the appropriate compliance lic e
standards a b le
r fe
s
ran
4. The Compliance Auditor/Officer oversees tcompliance:
-
A. Creates Compliance Frameworks n on
s a
h a
B. Views violations and errors at the eฺ level
Enterprise
z) Guid
o ฺ d
e d o
d e nt
o or Stu
a n i@ this
e b r © s2015,
j u
z (ad to
A zi
3. IT Administrators or DBAs prepare the targets to be monitored for compliance, starting
i
ran with a test target and then all targets in that category. Compliance checks make use of
j e b data collected on targets. It is recommend to group targets into Administration Groups,
D for easy management of targets including auto-deployment of monitoring settings to
targets when a new target joins the group. Management and monitoring settings can
be defined via monitoring templates, or sets of templates (Template Collections) and
associated with targets.
4. Compliance Officers evaluate compliance at the enterprise level based on frameworks
created and their compliance rolled up information.

Understanding Compliance Measurement
• Compliance is measured through the evaluation of

compliance standards.
– Scores are calculated.
• Compliance evaluation process:
– Evaluate standard rules part of a compliance standard by
performing single health or real-time monitor checks.
Can result in one or more violations n se
—
lic e
– Summarize the evaluation scores for a compliance standard
a b le
as a whole. s f er
– Roll up the results to the framework level. -tra
n
n n
othe
– Violations against a target are reported
a to OMS and
presented on the Compliance Results
h s
a and e ฺ target home
)
z Gu i d
pages. oฺdd o nt
e d e
o or Stu
a n i@ this
e b r © s2015,
j u
z (ad to
A zi
Compliance is measured through the evaluation of compliance standards and as a result
i
ran
each rule receives a compliance score. Compliance standard rule evaluation results are
j e b rolled up to produce a compliance standard evaluation state as well as a compliance
D summary.

Score and Its Factors
• Score: A percentage that reflects the degree of

conformance with a given standard

• Depends on the following attributes:
– Severity: Critical, Warning, or Minor Warning
— Set at standard or rule creation time
– Importance: Low, Normal, or High
n se
— Set when standard or rule is added to a framework
lic e
bl e
fe r a
t r a ns
n n-
oImportance can be set to
s a Low, Normal, or High.
) h a deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
dj to u
i z (a
n i Az
The compliance score, measured as a percentage, is the degree of conformance with a
b r a
particular standard. The score is a combination of severity, importance, and the percentage
Dj e of objects found to be noncompliant.
The severity level is defined at rule creation time and it can typically be specified as Critical
(serious if this rule is violated), Warning, or Minor Warning (a minor impact if violated). Each
level translates to a number during the internal calculations.
You can also set the importance of compliance standards when you define a compliance
framework. The importance setting of a compliance standard within the compliance
framework impacts the overall framework compliance score. Importance can be set to Low,
Normal, or High and these translate internally to a number.
The score for each standard rule is calculated as a function of the high and low range
severity values and the number of violations per rows evaluated. In turn, the compliance
score of a particular target against a set of rules is calculated as an average of the individual
rule scores and their importance. Finally, a compliance framework score is a rolled up
weighted average of all target scores across all compliance standards within that
compliance framework.
Refer to the Enterprise Manager Cloud Control Oracle Database Compliance Standards for
detailed information about database compliance score calculation formulas.

Accessing the Compliance Library
Use each tab to

view and define the

Compliance Library
entities.
n se
lic e
ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
z (ad to
A zi
Access the Compliance Library page to manage your compliance infrastructure by selecting
i
ran
Enterprise > Compliance > Library. Use the tabs to access each of the compliance
j e b entities. You can view the predefined out-of-the-box compliance frameworks, compliance
D standards, and compliance standard rules on the corresponding tabs. You also use each
tab to access the feature to create a new compliance entity or to use the “create like”
functionality to define a new entity based on an existing entity.

Associating Targets to Compliance Standards
Then click “Associate

Targets” to access the

Target Association page.
n se
lic e
bl e
fe r a
ans
n - t r
a no
First select the compliance
) h as deฺ
standard you want to
associate a target to. ฺdz G ui
d o o nt
e d e
o or Stu
a n i@ this
e b r © s2015,
j u
z (ad to
A zi
Once the compliance standard has been defined it must be associated with targets for the
i
ran
compliance evaluation to take place. When there is a change to a target’s configuration, re-
j e b evaluation takes place.
D
Note: You can also associate a compliance standard with a target by right-clicking that
target name and selecting Compliance > Standard Associations on the target’s home
page.

Investigating Compliance Violations
• Compliance is integrated with Incident Manager

– Events can be set and generated for

— Each compliance rule violation
— Compliance score below a threshold
• Resolve first the most critical compliance violations.
– View Compliance Dashboard for a summary of all systems
n se
• You can then investigate: lic e
– Compliance violations with critical severity a b le
– Security-related violations s f er
- t r an
– Targets with the lowest compliance scores
n on
– Compliance violations of a database s aor host target by using
h a d e ฺ
the compliance summary and z )trend i
information
u
o o ฺd t G
r e d
u d en
@ oo s St
r a ni © 2015,
tOracle
eb o us
Copyright
d j t
z (a
i A zi
You can investigate the compliance violations to resolve violations in your enterprise.
n
Resolve the most critical compliance violations or the violations that have the biggest impact
ra
j e b on the enterprise. Following are a few suggestions that may help you investigate the most
D critical compliance violations:
• Review all regions of the Compliance Dashboard, that can be accessed from the
menu Enterprise > Compliance > Dashboard. The Dashboard gives you an overall
view of the compliance of your enterprise with single scores for each compliance
framework.
• Review the compliance statistics on the Cloud Control Summary page. In particular,
look at the detail in the Compliance Summary and Least Compliant Targets in the
sections. You should first address the Critical violations.
• Review the security-related violations by navigating to Enterprise > Compliance >
Results and searching for Security. Noncompliance with these policy rules can greatly
impact the security of your enterprise.
• Address targets that have the lowest compliance scores. You can view target
compliance results on the Compliance Results > Target Compliance page.
• For the policy violations of a particular database or host target, navigate to
Compliance Results > Target Compliance or access the home page for that target.
The Compliance Standard Summary section provides overview information, and also
gives you access to trend information for the target.
Viewing Compliance Evaluation Results
Use the Compliance

Frameworks and Compliance

Standards tabs to view
summary information.
Use the Target Compliance tab

to view target compliance
evaluation results.
n se
lic e
ble
fe r a
The Compliance Standard ans
Summary region of the target
n - t r
home page displays
a no
compliance evaluation results.
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
z (ad to
A zi
You can view compliance summary information on the Enterprise Manager Cloud Control
i
n
j e brInathe Compliance Standard Summary region of a target’s home, you can obtain a Summary page and on the individual target home pages.
D
comprehensive view of a target’s compliance over a period of time. Use the tables and
graphs to watch for trends and changes.
You can drill down into each compliance standard listed to get more information about
trends, the rules that are violated, what targets violated them, and how many times they
were violated, as well as specific events that were triggered due to these violations and their
recommended resolution.

Viewing Compliance Scores
Compliance scores are generated for a

compliance standard and target combination.
n se
lic e
ble
fe r a
ans
n - t r
a no
Compare compliance
) h as deฺ
the i
o dz targets.
scores to determine
ฺ
worst-offending t G u
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
z (ad to
A zi
The screenshot in the slide shows the Compliance Summary section and the Least
i
a n
Compliant Targets section of the Enterprise Manager Cloud Control Summary page.
j e brCompliance scores provide an overall evaluation of a target’s compliance to defined
D
standards.
Compliance scores are generated for a compliance standard and target combination, which
represent a target's compliance with a certain standard. The score indicates the degree to
which the target is compliant with the standard. A 100% Compliance Score indicates that
the target follows all requirements/regulations imposed by compliance standard.
By comparing compliance scores, you can determine the worst-offending targets, giving
those targets particular attention. In other words, as the score becomes lower, the
compliance status becomes worse. A compliance score of 100% indicates a fully compliant
target with respect to that policy.
Compliance scores are also shown on the Compliance Results pages (Enterprise >
Compliance > Results).

Viewing Out-of-Box Compliance Reports
You can view descriptive reports

showing the compliance entities
in the Compliance Library.
n se
lic e
ble
fe r a
t r a ns
You canoview
n n- compliance
s a results reports.
evaluation
) h a deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
dj to u
i z (a
You can
n i Azaccess Compliance reports by selecting Information Publisher Reports in the
b r a
Enterprise menu. Scroll to the Compliance section to view the following types of compliance
Dj e reports:
• Descriptions: Reports that list all the compliance frameworks, compliance standards,
and compliance standard rules available in the Compliance Library. You can use
these reports to help you determine whether you need to create additional compliance
entities to correspond to your organization’s compliance standards.
• Results: The reports of type provide detailed information about the evaluation against
the defined compliance frameworks and compliance standards. The “Target with
Lowest AVG COMPLIANCE SCORE” report helps you to determine any targets that
need immediate attention.
Note that while Information Publisher compliance reports are still available in Cloud Control,
in future releases they will be fully replaced by equivalent BI Publisher reports.

Quiz
A compliance framework must be for one specific target type. It

cannot span several target types.

a. True
b. False
n se
lic e
ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
iz (ad to
Azb
Answer:
i
b r an
Dj e

Quiz
Oracle Enterprise Manager Cloud Control 12c provides

predefined compliance rules, standards, and frameworks.

a. True
b. False
n se
lic e
ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
iz (ad to
Aza
Answer:
i
b r an
Dj e

Summary

• Define compliance management: framework, standards,

rules, and facets
• Describe the predefined compliance standards
• Assign compliance standards to targets
• Evaluate compliance levels
n se
lic e
ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
z (ad to
i A zi
ran
j e b
D

Practice Overview:
Managing Compliance
• Reviewing predefined (out-of-the-box) compliance objects

• Using compliance standards:
– Creating a new compliance standard
– Associating targets to the new compliance standard
n se
lic e
ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
z (ad to
A zi
Recommended demonstrations on OLL:
i
ran
• "Oracle Enterprise Manager 12c: Use and Report on Out-of-Box Compliance
j e b Standards” (some newer functionality may not be part of this demonstration)
D
• “Oracle Enterprise Manager 12c: Using STG Compliance Std”
• “Oracle Enterprise Manager 12c: Using Agent-Side Compliance Rules”

D j e
ra b
n i A
zzi
(ad
j e
a n
to
o
br use
o r e
i@ this S
o ฺ
tu
)
do den
h
dz t Gui
a
as deฺ
n no
- t r an
s
fe r a bl
elic e n s
e
Producing and Using EM Reports
n se
lic e
ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
z (ad to
i A zi
ran
j e b
D
Objectives

• View and customize Oracle-provided reports

• Create custom reports
• Create custom reports by using the management
repository and its base views
• Share reports with the entire business community
n se
• Understand the direction of reports: BI Publisher lic e
ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
z (ad to
A zi
This lesson focuses on Information Publisher. While the Information Publisher reports are
i
a n
deprecated from release 12c 12.1.0.2 on, older versions remain supported.
j e brOracle recommends the use of BI Publisher (BIP) for reporting. BIP offers many advantages
D
such as flexible formatting, various access and scheduling capabilities, and so on.
Advanced BIP configuration and usage are beyond the scope of this course. However,
basic configuration and usage of BIP are covered later in this lesson.

Information Publisher: Overview
Information Publisher provides:

• Oracle-provided reports
• A framework for creating HTML reports based on
management repository data
• The ability to:
– Schedule reports generation
n se
– Store scheduled copies for future reference lic e
– Email reports to intended audiences a b le
s f er
– ran
Share reports with the entire business community
n -t
n o
a
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
dj to u
i z (a
n i Az Publisher, Cloud Control’s powerful reporting framework, makes information
Information
a your managed environment available to users across your enterprise. Strategically,
brabout
Dje reports are used to present a view of enterprise-monitoring information for business
intelligence purposes, but can also serve an administrative role by showing activity,
resource utilization, and configuration of managed targets. IT managers can use reports to
show availability of sets of managed systems. Executives can view reports on the
availability of applications (such as corporate email) over a period of time.
The reporting framework allows you to create and publish customized reports. Intuitive
HTML-based reports can be published via the web, stored, or emailed to selected
recipients. Information Publisher comes with a comprehensive library of predefined reports
that allow you to generate reports out of the box without additional setup and configuration.

Report Definitions
A report definition indicates to the reporting framework how to

generate a report by defining:

• Report content
• User access
• Scheduling information
• Targets
n se
lic e
ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
z (ad to
A zi
A report definition indicates to the reporting framework how to generate a report. It provides
i
ran
information such as:
j e b • Report content: What information must be displayed in the report
D
• User access: Who must have access to viewing the report
• Scheduling information: When the report must run and whether copies must be
stored for future usage
• Targets: For which targets to run the report. The target selection is an important part
because the target can either be fixed by name or type, or you can select to make it a
systemwide report, or let the user enter the target name.

Using Oracle-Provided Reports
A library of predefined report definitions is provided with the

Information Publisher framework. These report definitions:

• Are available to all Cloud Control administrators
• Are owned by sysman and identified by a lock icon
• Cannot be deleted
• Can be used to create customized reports to suit specific
n se
operational needs lic e
a b le
• Are grouped functional categories, such as Monitoring, er
s f
Security, and so on tran
n on-
s a
h a d e ฺ
)
dz t Gu i
o ฺ
r e do den
o o S tu
a n i@ this
e b r © s2015,
dj to u
i z (a
n i Az
The Information Publisher framework comes with a library of predefined report definitions
b r a administrators can use to generate fully formatted HTML reports, which shows critical
that
Dj e operations and business information, without any additional configuration or setup. These
report definitions are available to all Cloud Control administrators and cannot be deleted.
They can be copied (using the Create Like functionality) to make your own customized
report that suits your specific operational needs.
The report groupings are:
• Cisco
• Compliance
• Deployment and Configuration
• Enterprise Manager Setup
• Feature and License Pack Usage
• Monitoring
• Oracle ILOM Server
• Security
• Storage

Reporting on Targets
• You must have at least VIEW privileges on a target to run a

report on that target or the report must have been set to

use the privileges of the report owner.
• You can limit a report to be for a certain target or type of
target on the General page.
• Only one target can be entered as a target parameter.
(This can be a group target if desired.) e n se
l e lic
• The report target can be included or defined in the ab
individual report element parameters when supported s f er by
that element. - t r an
n no
a
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
z (ad to
i A zi
To run a report using a specific target, you must have been granted at least VIEW privileges
ran
on that target within Cloud Control. Cloud Control does not look at any privileges within the
j e b target itself (for example, it is not necessary to have a username and password for a
D particular database), only the privileges assigned within Cloud Control. The only way you
could run a report on a target without the required privileges is if that report was created:
• By an administrator with the required privileges on that target
• To use that specific target
• With the “Run a report using target privileges of the report owner” option selected
You can limit a report to accept only targets of a specific type or you can limit the report to a
specific target. This is performed on the General page under Targets. Only one target can
be entered as a target parameter, but that target can possibly be a group target. On the
parameter page, for some elements, you can choose to inherit the target from the report
parameters or specify the targets you want that element to be for. If it is an element that is
supported by SQL code, the target can be referenced in that code (for example, where
target_name = 'em12.example.com').
Note: A group is just another target that is made up of multiple targets. Even if you have
view privileges on the individual targets, you need at least VIEW privileges on that group
target to run a report against it.

Viewing the Result
Target
Time Period
n se
Elements lic e
ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
z (ad to
A zi
The results of running a report on demand vary depending on the characteristics of the
i
ran
report definition, as well as the parameters set at run time. If the report is being run for a
j e b particular target, the target type and name of the target appear in the upper-left corner of the
D report. If the report shows information for a particular time period, that time period is
included in the upper-left corner as well. The author of the report can set it so that the
administrator running the report may change the time period. If this is the case, there is a
Set Time Period button available. The report viewer can click this button to rerun the report
with a different time. Any time-sensitive data in the report changes according to the time
period specified.
The remaining area of the report is made up of report elements. There are several types of
report elements that can be included in a report. In the slide, the Summary and Availability
History are examples of Table from SQL elements, and the Availability State is an example
of a Chart from SQL element.
For elements that display data in a table format, the column headings are interactive,
enabling the viewer to change the ordering sequence by clicking the column on which he or
she wants to order the report data.

Workflow for Creating EM Reports
1. Create a new report definition.

2. Add one or more elements, such as charts and tables from

SQL, metric details, open alerts, and so on.
3. Edit Set Parameters to provide for example the underlying
SQL statement for your chosen element.
4. Schedule the report execution. se
e n
5. If needed, provide access to the report. lic e
r a bl
s fe
- t r an
no n
a
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
z (ad to
A zi
Create a new report (either based on a predefined report definition or without predefined
i
ran
elements). In the Options section on the General page, you can choose the visual layout,
j e b such as Dashboard. (The dashboard is an interactive report featuring drill-down capabilities
D for further details.)
Add one or more elements. (The available types depend on your chosen object.)
After adding a report element, click the Set Parameters icon to enter parameters for that
element. The Set Parameters pages vary according to the report element you are editing.
Only the SQL code written against the published views in the management repository is
executed.

Creating a Report: Example
2
1
n se
3
lic e
ble
fe r a
an s
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
z (ad to
A zi
The slide shows screenshots of the Report Elements and Set Parameters pages.
i
ran
j e b
D

Scheduling Reports
A report can be scheduled to run:

• One time (immediately)

• One time (later)
– Start date
– Start time
• On a repeating schedule
n se
– Frequency lic e
ble
– Start date and time
fe r a
– End date and time (can be indefinite) ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
z (ad to
A zi
By default, a report runs one time (immediately). If you want, you can change a report to run
i
ran
one time later or repeatedly over a period of time. While editing a report, go to the Schedule
j e b page and click Schedule Report. Choices for type of schedule are:
D • One Time (immediately): This is the default behavior.
• One Time Later: You specify time zone, start date, and start time information.
• Repeating: You choose a frequency type (By Minutes, By Hours, By Days, By Weeks,
By Months, Weekly, Monthly, or Yearly), and then enter how often to repeat based on
the frequency type. Also, specify the time zone, start date, start time, and repeat until
(indefinite or specified date/time) information.
Scheduled reports must always be run by using the target privileges of the report owner.
Additionally, scheduled reports cannot have “A target will be selected by the report viewer
when viewing the report” because a scheduled report is run on a schedule without a report
viewer. The scheduling option does not enable you to save a report definition with
conflicting options.

Saving and Emailing Copies of Reports
Copies of reports can be:

• Saved for future reference

• Emailed to the appropriate recipients
n se
lic e
bl e
fe r a
an s
n - t r
a no
) h as deฺ
o ฺ dz t Gui Saved Copies 3
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
z (ad to
A zi
By default, copies of reports are not saved. You can choose to save copies of the report
i
ran
each time the scheduled report completes by selecting the check box under Save copies of
j e b Report on the Schedule page. A purge schedule can also be set. Choose to purge based on
D a retention time, based on a number of saved copies, or not to purge at all. If there are
saved copies available for a report, there is a link to those copies when you view the report
on demand. When you click this link, the last saved copy is generated. Other copies can be
viewed from the link on this rendered report copy.
A report can also be emailed to appropriate recipients by selecting the check box under
Email report on the Schedule page. You can enter a Reply To email address, a list of
recipients (separated by a comma), as well as a Subject line for the email.
Note: Purging does not cause the report definition to be purged.

Providing Access to EM Reports
The owner of the report (and all super administrators) can:

• “Create Like” or edit the report definition

• Share the report definition (based on the “Publish Report”
privilege)
• Grant access with early target bindings (defined with the
elements) se
e n
• Grant access with late target bindings (chosen by the
le lic
viewer) r a b
sfe
tr a n
n on-
s a
h a d e ฺ
)
dz t Gu i
o ฺ
r e do den
o o S tu
a n i@ this
e b r © s2015,
dj to u
i z (a
i z
ReportAdefinitions can be edited and viewed by the report creator (owner) and all super
a n
bradministrators. On the Access page, the administrator creating or editing the report can add
Dje administrators and/or roles to allow them privileges on this report as well. If you have been
given the “Publish Report” privilege, you can share the report with unauthenticated, or
public, users. Some access behavior depends on whether the report has early target
bindings (defined on the General page or with the elements) or late target bindings (targets
chosen by the person viewing the report).
When you grant access to a report with early target bindings, you grant the ability to:
• View and generate the report on demand in the report owner’s context (if “Run report
using target privileges of the report owner” is selected on the General page; otherwise,
it uses the viewer’s context)
• View stored copies of the report that were generated in the report owner’s context
• “Create Like” on the report definition (not for public users)
When you grant access to a report with late target bindings, you grant the ability to:
• View and generate on-demand reports in the viewer’s context
• View stored copies of the report that were generated in the owner’s context
• “Create Like” on the report definition
Reports with late target bindings cannot be shared with Public because public users do not
have any target privileges.
Enterprise Manager Reports Website
The Enterprise Manager Reports website:

• Enables viewing by people who are not Cloud Control

administrators
• Displays reports that have been designated for public
viewing (These reports have the “Allow viewing without
logging in to Enterprise Manager” option selected.) e
e n s
• Is accessed via https://<YourEMURL>/public/reports, for lic
example: a b le
https://em12.example.com:7799/em/public/reports s f er
n a
o n -tr
a n
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
z (ad to
A zi
The Enterprise Manager Reports website enables report viewing of select reports by people
i
ran
who are not Cloud Control administrators. People who are not administrators can view only
j e b those reports that have the “Allow viewing without logging in to Enterprise Manager” option
D selected. Only reports with this option set are considered public and appear on this website.
Cloud Control administrators can also use this site for viewing reports, but they see only
public reports. If they want to see all the reports they own or have access to, they should log
in to Cloud Control and go to the Reports page.
Note: Public users can access only reports that have been published to the public URL
provided by Cloud Control.

Introduction to BI Publisher
• Java application deployed in a J2EE container

• Creates highly formatted reports

– Viewed online
– Published to a portal
– Delivered on a schedule to email, print, and so on
• Allows custom reports definition se
e n
– Can be designed using existing desktop solutions
le lic
• Minimal impact on the data systems r a b
e
sf on
• Integrated products deliver predefined reports a n
based
o n -tr
their data source n
s a
h a d e ฺ
)
dz t Gu i
o ฺ
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
z (ad to
A zi
Oracle BI Publisher (BIP) is a powerful reporting solution that allows you to create reports in
i
ran
various formats and layouts, on a variety of data sources. Starting with Enterprise Manager
j e b Cloud Control 12.1.0.4, a small footprint of Oracle BIP is installed by default. BIP, however,
D is not configured by default.
The following OLL demonstrations are recommended for more details:
• Oracle Enterprise Manager 12c R4: Configure BI Publisher and Setup BIP Security
• Oracle Enterprise Manager 12c R4: Reporting with BI Publisher

BI Publisher Configuration with
Enterprise Manager
Enterprise Manager Cloud

Control BI Publisher
n se
Configuration lic e
ble
fe r a
WebLogic t r a ns
Server n on-
s a
Operating System h a d e ฺ
)
dz t Gu i
o ฺ
r e do den
o o S tu
a n i@ this
e b r © s2015,
dj to u
i z (a
n i Az can be configured to work with a data source that accesses the Enterprise
BI Publisher
b data available for reporting. a

rManager repository views therefore making all the management, monitoring, and metrics
D j e
When BIP is configured, a special BIP schema is created in the EM repository and BIP is
integrated into EM’s WebLogic Server. The configuration steps are driven by a simple script
(configureBIP) that collects the required credentials, BIP ports to be used, and
completes the BIP web application deployment.
BI Publisher shares Enterprise Manager’s security model, via WebLogic, so new reports, or
predefined reports included with EM/BIP, can be accessed from the Enterprise > Reports
> BI Publisher Enterprise Reports menu by logging in using the Enterprise manager
credentials. Access to reports can be limited via a series of BIP-specific roles that can be
granted to EM administrators.
For more information on BIP configuration and options, consult the Oracle Enterprise
Manager Cloud Control Advanced Installation and Configuration Guide.

Quiz
Identify the benefits of the IP framework feature.

a. It enables you to view and analyze interesting data without

spending time on the report design.
b. It provides a simple framework to design reports.
c. It enables you to create ad hoc activity reports.
d. All of the above
n se
lic e
ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
iz (ad to
Azd
Answer:
i
b r an
Dj e

Quiz
The functional categories for Oracle-provided reports

definitions include:
a. Deployment and Configuration
b. Enterprise Manager Setup
c. Feature and License Pack Usage
d. Monitoring
n se
e. Security lic e
a b le
f. Storage
s f er
g. All of the above - t r an
n no
a
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
iz (ad to
Azg
Answer:
i
b r an
Dj e

Summary

• View and customize out-of-the-box reports

• Create custom reports
• Create custom reports by using the management
repository and its base views
• Schedule reports
n se
• Share reports with the entire business community lic e
a b le
• Understand the basics of BI Publisher reporting fer
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
z (ad to
i A zi
ran
j e b
D

Practice Overview:
Information Publisher
• Using Information Publisher

• Using the Create Like option to create a report
n se
lic e
ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
j u
z (ad to
i A zi
ran
j e b
D

D j e
ra b
n i A
zzi
(ad
j e
a n
to
o
br use
o r e
i@ this S
o ฺ
tu
)
do den
h
dz t Gui
a
as deฺ
n no
- t r an
s
fe r a bl
elic e n s
e

D73244GC20 SG

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

D73244GC20 SG

Uploaded by

Copyright:

Available Formats

Unauthorized reproduction or distribution prohibitedฺ Copyright© 2016, Oracle and/or its affiliatesฺ

Daniela Hansell Disclaimer

Srividya Rameshkumar Trademark Notice

e b ra Communication Ports Between Components 2-8

Practice Overview: Exploring Cloud Control 2-31

3 Managing Cloud Control

Using Blackouts 4-13

Practice Overview: Managing Groups 6-21

7 Managing Systems and Services

8 Using the Job System

Reviewing Job Execution Results 8-12

10 Patching and Provisioning

Software and Database Provisioning Workflow 10-10

D jeb Searching the Enterprise Configuration 11-7

Viewing Compliance Evaluation Results 12-15

After completing this course, you should be able to:

• Use Cloud Control to monitor your data center

Using Oracle Enterprise Manager Cloud Control 12c 1 - 2

After completing this lesson, you should be able to:

• Describe Enterprise Manager Cloud Control as a single

Using Oracle Enterprise Manager Cloud Control 12c 1 - 3

Key challenges for managing a data center:

• Guarantee systems high availability

Using Oracle Enterprise Manager Cloud Control 12c 1 - 4

• From the consumers’ perspective:

Using Oracle Enterprise Manager Cloud Control 12c 1 - 5

– Anytime, no human involvement is required.

Using Oracle Enterprise Manager Cloud Control 12c 1 - 6

• Creates and manages a complete set of cloud services

• Manages all phases of cloud life cycle

Self-Service IT I Simple r e do Automated

Using Oracle Enterprise Manager Cloud Control 12c 1 - 7

Middleware Chargeback and

• Database Management: Provides management of Oracle Database systems,

Using Oracle Enterprise Manager Cloud Control 12c 1 - 9

Using Oracle Enterprise Manager Cloud Control 12c 1 - 10

Using Oracle Enterprise Manager Cloud Control 12c 1 - 11

Using Oracle Enterprise Manager Cloud Control 12c 1 - 12

• Oracle Enterprise Manager Cloud Control 12c:

Install and Upgrade

Using Oracle Enterprise Manager Cloud Control 12c 1 - 13

Using Oracle Enterprise Manager Cloud Control 12c 1 - 14

Cloud Control Application

Using Oracle Enterprise Manager Cloud Control 12c 1 - 15

In this lesson, you should have learned how to:

• Describe Enterprise Manager Cloud Control as a single

Using Oracle Enterprise Manager Cloud Control 12c 1 - 16

Using Oracle Enterprise Manager Cloud Control 12c 1 - 17

Reviewing Enterprise Manager Core Concepts

After completing this lesson, you should be able to:

• Confirm your understanding of the Cloud Control

Using Oracle Enterprise Manager Cloud Control 12c 2 - 2

) h a deฺ Cloud Control

Host A r e do den Software Library

Using Oracle Enterprise Manager Cloud Control 12c 2 - 3

Host target information

Using Oracle Enterprise Manager Cloud Control 12c 2 - 4

- Execute tasks on behalf of Cloud Control users

Using Oracle Enterprise Manager Cloud Control 12c 2 - 5

Host target information

Using Oracle Enterprise Manager Cloud Control 12c 2 - 6

Host target information

Using Oracle Enterprise Manager Cloud Control 12c 2 - 7