Professional Documents
Culture Documents
n se
lic e
ble
fe r a
an s
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
j e br use
z (ad to
i A zi
ran
j e b
D
Using Oracle Enterprise
Manager Cloud Control 12c
Student Guide
D73244GC20
Edition 2.0 | January 2015 | D89882
Learn more from Oracle University at oracle.com/education/
Author Copyright © 2015, Oracle and/or its affiliates. All rights reserved.
This document contains proprietary information and is protected by copyright and other
Technical Contributors intellectual property laws. You may copy and print this document solely for your own
and Reviewers use in an Oracle training course. The document may not be modified or altered in any
way. Except where your use constitutes "fair use" under copyright law, you may not
Steve Stelting use, share, download, upload, copy, print, display, perform, reproduce, publish, license,
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2016, Oracle and/or its affiliatesฺ
post, transmit, or distribute this document in whole or in part without the express
Lachlan Williams authorization of Oracle.
The information contained in this document is subject to change without notice. If you
Editors find any problems in the document, please report them in writing to: Oracle University,
Malavika Jinka 500 Oracle Parkway, Redwood Shores, California 94065 USA. This document is not
warranted to be error-free.
Smita Kommini
Restricted Rights Notice
Graphic Designers If this documentation is delivered to the United States Government or anyone using the
e
Seema Bopaiah
documentation on behalf of the United States Government, the following notice is
e n s
Daniela Hansell
applicable:
e lic
U.S. GOVERNMENT RIGHTS
r a bl
Publishers s fe
The U.S. Government’s rights to use, modify, reproduce, release, perform, display, or
an
disclose these training materials are restricted by the terms of the applicable Oracle
Joseph Fernandez
n - t r
license agreement and/or the applicable U.S. Government contract.
1 Introduction
Course Goals 1-2
Objectives 1-3
Challenges for Administrators 1-4
Cloud Computing Explained 1-5
Cloud Computing Essential Characteristics 1-6
n se
What Is Enterprise Manager Cloud Control? 1-7
lic e
Enterprise Manager Cloud Control 12c Features 1-8 ble
Complete Cloud Stack Management 1-10 fe r a
ans
Enterprise Manager Cloud Control 12c 1-11
n - t r
This Course in Context 1-13
a no
as deฺ
Course Schedule 1-14
) h
dz t Gui
Classroom Setup 1-15
Summary 1-16 o ฺ
r e do den
Practice Overview: Introduction 1-17
o o S tu
n i@ t h s Concepts
iCore
a
br use
2 Reviewing Enterprise Manager
e
Objectives j2-2
z
Core ( ad to2-3
zi Components Communication Protocols 2-7
Components
n i ACore
iii
Security Console 2-26
Exploring the Enterprise Manager Interface 2-27
Quiz 2-28
Summary 2-30
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2016, Oracle and/or its affiliatesฺ
4 Monitoring Targets
Objectives 4-2
Enterprise Monitoring 4-3
Oracle-Provided Monitoring 4-4
Metric Thresholds 4-5
Customizing Metric Settings 4-6
iv
Corrective Actions 4-8
Defining and Using Corrective Actions 4-9
Using Monitoring Templates 4-10
Working with Monitoring Templates 4-11
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2016, Oracle and/or its affiliatesฺ
v
Keeping Targets and Templates Synchronized 6-17
Summary of Group Properties 6-18
Quiz 6-19
Summary 6-20
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2016, Oracle and/or its affiliatesฺ
vi
Jobs in Enterprise Manager 8-7
Creating Jobs 8-8
Creating a Multi-Task Job 8-9
Job Executions and Job Runs 8-11
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2016, Oracle and/or its affiliatesฺ
vii
Configuring the Software Library: Review 10-6
Provisioning Elements 10-7
Provisioning Roles and Privileges 10-8
Bare Metal or OS Provisioning 10-9
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2016, Oracle and/or its affiliatesฺ
12 Managing Compliance
Objectives 12-2
Compliance: Overview 12-3
Understanding Compliance Management 12-4
Understanding Compliance Standards 12-5
Understanding Compliance Standard Rules 12-6
Implementing Compliance Management 12-8
Understanding Compliance Measurement 12-10
viii
Score and Its Factors 12-11
Accessing the Compliance Library 12-12
Associating Targets to Compliance Standards 12-13
Investigating Compliance Violations 12-14
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2016, Oracle and/or its affiliatesฺ
n se
13 Producing and Using EM Reports
lic e
Objectives 13-2
ble
Information Publisher: Overview 13-3
fe r a
Report Definitions 13-4
ans
Using Oracle-Provided Reports 13-5 n - t r
Reporting on Targets 13-6 a no
Viewing the Result 13-7
) h as deฺ
ฺ
Workflow for Creating EM Reports 13-8
o dz t Gui
Creating a Report: Example 13-9
r e do den
o
Scheduling Reports 13-10 o S tu
n i@ this
Saving and Emailing Copies of Reports 13-11
a
j e br use
Providing Access to EM Reports 13-12
(ad to
Enterprise Manager Reports Website 13-13
z
i A zi
Introduction to BI Publisher 13-14
ran BI Publisher Configuration with Enterprise Manager 13-15
j e b Quiz 13-16
D Summary 13-18
Practice Overview: Information Publisher 13-19
ix
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2016, Oracle and/or its affiliatesฺ
D j e
ra b
n i A
zzi
(ad
j e
a n
to
o
br use
o r e
i@ this S
o ฺ
tu
)
do den
h
dz t Gui
a
as deฺ
n no
- t r an
s
fe r a bl
elic e n s
e
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2016, Oracle and/or its affiliatesฺ
Introduction
n se
lic e
ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
Copyright e Oracle and/or its affiliates. All rights reserved.
j u
z (ad to
i A zi
ran
j e b
D
Course Goals
– It is an IT capability or service.
– Its implementation is both unknown and unimportant.
– It is available anytime, from anywhere.
• From the providers’ perspective:
– It allows them to use computing resources efficiently, e
wherever, and however possible. e n s
le lic
– It allows for flexibility in resource allocation to meet varying a b
consumer demand. s f er
– Meeting agreed service levels is more important - t r anthan
anything else. n on
a
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
Copyright e Oracle and/or its affiliates. All rights reserved.
dj to u
i z (a
The US
i z
ANational Institute of Standards and Technology (NIST) defines cloud computing as
“a
r n
amodel for enabling ubiquitous, convenient, on-demand network access to a shared pool
b
e of configurable computing resources (for example, networks, servers, storage, applications,
Dj and services) that can be rapidly provisioned and released with minimal management effort
or service provider interaction.”
Every Cloud Has a Silver Lining
From the perspective of a consumer of cloud-based resources, the cloud is simply a
capability or service that is used without having knowledge of how or where it is
implemented. Indeed, knowledge of how the consumable product is provided is obscured by
the very nature of it being accessed via “the cloud.” Because implementation details are of
no concern to the consumer, their primary interest is availability and usability.
From the perspective of a provider of cloud-based resources, the cloud allows them to
service consumer demand by using whatever computing resources are available. This
loosens the ties of physical resources to application topologies and gives the provider the
flexibility and agility to deploy resources in the most efficient and timely manner possible.
Like consumers of cloud-based resources, providers are also primarily interested in the
availability and usability as the efficacy of their offering will be determined by the
consumers’ satisfaction with that offering, typically defined and measured through service-
level agreements.
• On-demand self-service
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2016, Oracle and/or its affiliatesฺ
n se
lic e
bl e
fe r a
an s
n - t r
a no
Complete Cloud Lifecycle Complete Cloud Stack
) h as deIntegrated ฺ Enterprise
Management
dz t Gu i
o ฺ
Management Management
d j t
i z (a
n i Az Manager Cloud Control is a management tool that provides monitoring and
Enterprise
a
brmanagement capabilities for Oracle and non-Oracle components. It is a complete,
Dje integrated, and business-driven cloud management solution in a single product, which is
referred to as “Total Cloud Control.”
Using Enterprise Manager Cloud Control, you can:
• Create and manage a complete set of cloud services, including Infrastructure-as-a-
service, Database-as-a-service, Platform-as-a-service, and others
• Manage all phases of cloud life cycle
• Manage the entire cloud stack – from application to disk, including engineered
systems (Exa series) and with integrated support capabilities
• Monitor the health of all components, the hosts that they run on, and the key business
processes that they support
• Identify, understand, and resolve business problems through the unified and
correlated management of User Experience, Business Transactions, and Business
Services across all your packaged and custom applications
Note: Throughout this course, Oracle Enterprise Manager Cloud Control 12c is referred to
simply as “Cloud Control.”
Enterprise-Ready
Framework
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2016, Oracle and/or its affiliatesฺ
Applications
Cloud Management
Management
n se
lic e
Database
Exadata and
bl e
Management
All of these topics are covered in Exalogic
fe r a
the Oracle Enterprise Manager
Cloud Control 12c New s
Management
an
Features self-study series.
n - t r
Application Quality a no
Configuration
Management
) h as Management
d e ฺ
dzand t Gu i
o o ฺ
Provisioning
r e dPatching
u d en
@ oo s St
r a ni © 2015,
e hi and/or its affiliates. All rights reserved.
tOracle
eb o us
Copyright
d j t
z (a
A zi
Key objectives in the design of Enterprise Manager Cloud Control 12c include:
i
ran
• Designing a management framework that is capable of providing next-generation
j e b functionality
D
• Enhancing application-to-disk manageability
• Providing a complete enterprise private cloud solution
Enterprise Manager Cloud Control 12c includes the following features:
• Enterprise-Ready Framework: Provides modular and extensible architecture, target
plug-ins, self-updateable entities, integrated Support Workbench, and centralized
incident console
• Cloud Management: Provides complete cloud lifecycle management
• Chargeback and Capacity Planning: Provides chargeback based on target types,
and uses Automatic Workload Repository (AWR) Warehouse to consolidate AWR
reports from multiple databases across the enterprise
• Exadata and Exalogic Management: Provides an integrated view of the hardware
and software in an Exadata machine, and complete lifecycle management for Exalogic
systems
• Configuration and Management: Provides an integrated set of tools, agent-less
discovery, integration with My Oracle Support, and custom configuration capabilities
Using Oracle Enterprise Manager Cloud Control 12c 1 - 8
• Provisioning and Patching: Provides profiles for provisioning known configurations,
user-defined deployment procedures, and a software library integrated with self-
updating capabilities
• Application and Quality Management: Database Replay, Application Server Replay,
Real Application Testing integrated with Data Masking, and test database
management including Application Data Model
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2016, Oracle and/or its affiliatesฺ
n se
lic e
ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
j e br use
z (ad to
i A zi
ran
j e b
D
• Management of the
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2016, Oracle and/or its affiliatesฺ
complete enterprise
application stack Cloud
Control
• Management built into
every tier
n se
Ops
lic e
Center
ble
Covered in separate OU
fe r a
training courses
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
Copyright e Oracle and/or its affiliates. All rights reserved.
j u
z (ad to
A zi
Cloud Control can be used to manage the Oracle footprint in any IT organization. With the
i
ran
Ops Center system management functionality, the footprint includes the server and storage
j e b arenas as well. Manageability is built into the core infrastructure and to the applications that
D run on that infrastructure. This approach makes the IT infrastructure increasingly self-
managing and addresses complex cross-tier diagnostic issues. The integration extends in
two dimensions:
• First, you monitor and manage everything in one place (packaged applications,
custom J2EE applications, SOA applications, databases, virtualization layer, hosts,
and storage), including third-party components that are integral to an enterprise
application that delivers business services. In addition to managing the Oracle and
non-Oracle products, Cloud Control offers the capabilities to integrate with a variety of
other event-management systems and help-desk applications.
• Second, Cloud Control provides a breadth of capabilities across the life cycle of what it
takes to operate enterprise software deployment, patching, real-time monitoring and
historical trending, performance diagnostics, configuration management, and service-
level management.
n se
lic e
ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
Copyright e Oracle and/or its affiliates. All rights reserved.
j u
z (ad to
A zi
Starting with version 12.1.0.3, upon first login to Oracle Enterprise Manager Cloud Control
i
ran
console, you are presented with a Welcome page that guides you through the main
j e b functionality of the product, allows you to select the Enterprise Manager Home Page, and
D has pointers to the latest features and other applicable documentation.
n se
lic e
ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
Copyright e Oracle and/or its affiliates. All rights reserved.
j u
z (ad to
A zi
The above image is an example of the Enterprise Summary page of Oracle Enterprise
i
ran
Manager Cloud Control 12c. The user interface (UI) functionality includes:
j e b • Information displayed in graphs and tables
D
• Summary information with drill-down capability to relevant details
• User-selected home page from a predefined set, or based on any page in the console
• Menu-driven navigation
• Global target search
• History and favorites
• Customizable target home pages (per-user basis)
dj to u
i z (a
n i Az listed above were available at the time this course was released.
The courses
a course assumes students are familiar with the basic Enterprise Manager Cloud Control
ebr
This
Dj components and the out-of-box configuration. A short review of the these components and
their default configuration follows in an upcoming lesson.
Day Lessons
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2016, Oracle and/or its affiliatesฺ
1 1. Introduction
2. Reviewing EM Core Concepts
3. Managing EM Cloud Control
4. Monitoring Targets
2 5. Managing Hosts
6. Managing Groups
7. Managing Systems and Services
n se
8. Using the Job System
lic e
9. Managing Incidents
ble
fe r a
3 10. Patching and Provisioning
ans
11. Managing Configurations
n - t r
12. Managing Compliance
a no
13. Producing and Using EM Reports
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
Copyright e Oracle and/or its affiliates. All rights reserved.
j u
z (ad to
A zi
The suggested schedule for the course is shown in the slide. The actual lessons covered
i
ran
each day will be determined by your instructor.
j e b
D
WebLogic Server
Oracle Management
Browser Service(OMS) orcldatabase
n se
lic e
ble
fe r a
Oracle Management em12rep s
Oracle Management
an
Agent (OMA) database
n - t r
Agent
dom0 em12.example.com
a no
host01.example.com
) h as deฺ
o ฺ dz t Gui
Oracle Virtual Machine (OVM)
Classroom PC r e do den
o o S tu
a n i@ this
e b r © s2015,
Copyright e Oracle and/or its affiliates. All rights reserved.
dj to u
z ( a
A zi setup (as shown in the slide) provides each student with access to:
The classroom
i
b r a•n A Linux desktop, which is used to access the OMS and, if needed, the Oracle Virtual
Dj e Machine (OVM). Main components of the OMS are the Cloud Control application and
the WebLogic Server.
• A virtual Linux machine, which contains the Cloud Control installation, including the
Oracle Management Agent (OMA), Oracle Management Service, and Oracle
Management Repository
• A virtual Linux machine, which contains a sample target, including a database and an
OMA
hands-on environment.
n se
lic e
ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
Copyright e Oracle and/or its affiliates. All rights reserved.
j u
z (ad to
A zi
This is a mandatory task. It is a prerequisite for all the practices that follow.
i
ran
j e b
D
D j e
ra b
n i A
zzi
(ad
j e
a n
to
o
br use
o r e
i@ this S
o ฺ
tu
)
do den
h
dz t Gui
a
as deฺ
n no
- t r an
s
fe r a bl
elic e n s
e
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2016, Oracle and/or its affiliatesฺ
n se
lic e
ble
fe r a
an s
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r Copyright
s ©e2015, Oracle and/or its affiliates. All rights reserved.
j u
z (ad to
i A zi
ran
j e b
D
Objectives
Cloud Control
Application
? WebLogic
Server
? e
? e n s
?e lic
r a bl
? ns fe
t r a
no n- OMR Plug-ins
s a OMS Agent
dj e u
(a to
i z
n i Az Control core components were introduced in a prerequisite course. Can you label
The Cloud
b the next slide. a components above? The choices are at the bottom right of the slide. Find the answers in
rthe
D j e
Software Library
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2016, Oracle and/or its affiliatesฺ
Cloud Control
Third-party Application
applications
Agent WebLogic
Server
Fusion
OMS
n se
Middleware
Plug-in
lic e
bl e
Cloud Control
r a
Console, EM CLI
fe
OMR
an s
n - t r
Oracle
Applications a no
) h as deฺ
dz t Gui
Listeners Databases
o ฺ
Host A
r e do den
o o S tu
a n i@ this
e b r Copyright
s ©e2015, Oracle and/or its affiliates. All rights reserved.
j u
z (ad to
A zi
The details of the various components are:
i
ran
• Oracle Management Repository (OMR)
j e b
D - Persistent store of enterprise metadata and management data
- A schema in an Oracle database
- Includes schema objects belonging to the sysman user
• Oracle Management Service (OMS)
- Central Cloud Control application that processes management and monitoring
data, schedules jobs, and sends notifications
- J2EE application deployed on Oracle WebLogic Server, Oracle’s application
server solution
- Handles targets management via plug-ins
Software Library
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2016, Oracle and/or its affiliatesฺ
Cloud Control
Third-party Application
applications
Agent WebLogic ?
? Server
Fusion
OMS
n se
Middleware
Plug-in
lic e
?
bl
Cloud Controle
r a
Console, EM CLI
fe
OMR
an s
n - t r
Oracle
Applications a no
) h as deฺ
dz t Gui JDBC HTTP/
Listeners Databases
o ฺ HTTP/
Host A
r e do den HTTPS HTTPS
oo s St u
@
ni 2015,thOraclei
b r a
Copyright ©e
s and/or its affiliates. All rights reserved.
j e u
z (ad to
A zi
Can you describe the communication between the core components?
i
n
a protocols are being used? The choices are at the bottom right of the slide.
rWhat
j e b
D
Software Library
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2016, Oracle and/or its affiliatesฺ
Cloud Control
Third-party Application
HTTP/
applications HTTPS
Agent WebLogic
HTTP/ Server
HTTPS
OMS n se
Fusion
Plug-in lic e
Middleware
JDBC bl e
Cloud Control
r a
Console, EM CLI
fe
OMR
an s
n - t r
Oracle a no
Applications
) h as deฺ
Listeners Databases
o ฺ dz t Gui
Host A r e do den
o o S tu
a n i@ this
e b r Copyright
s ©e2015, Oracle and/or its affiliates. All rights reserved.
j u
z (ad to
A zi
The communication flow between the core components uses the following protocols:
i
ran
• The Agent uploads data to the OMS via HTTP or HTTPS. This communication is
j e b designed to work across wide-area networks, so a low-bandwidth connection is
D acceptable.
• The OMS communicates with the Agent via HTTP or HTTPS.
• The OMS communicates with the OMR via JDBC. OMS and OMR must be close
together and have a good bandwidth and low-latency connection.
• Cloud Control console users access the Cloud Control webpages via HTTPS or HTTP.
Where applicable, the default and recommended protocol is HTTPS for secure
communications between components.
OMR.
n se
lic e
ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
j e br use
z (ad to
i A zi
ran
j e b
D
HOST
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2016, Oracle and/or its affiliatesฺ
Solution
Solution
Plug-in
Target
Plug-in Plug-in
OMS only Target
OMS only Target
Plug-in
Plug-in
Agent
Platform
OMS
n se
Background
• Serves the core UI pages lic e
Core UI Services (PBS)
Jobs
• Handles jobs, ble
Core
Agent
Pages
(Consol Loader
fe r a
notifications, and data
s
an
e)
Notifications loading
n - t r
no
• Can discover hosts
a
Platform
) h as deฺ • Contains plug-ins that
a n i@ this
e b r Copyright
s ©e2015, Oracle and/or its affiliates. All rights reserved.
j u
z (ad to
A zi
The Oracle Management Service is the central component that:
i
ran
• Serves the Cloud Control console webpages
j e b
D • Runs jobs and notifications
• Stores in the OMR the data collected by agents
- Accesses the OMR for automated and manual reporting and diagnostics
• Communicates with the agents to orchestrate the management of their monitored
targets
- Discovers hosts
- Delivers special functionality, management, and monitoring capabilities via plug-
ins
- Can push an agent to any host that it can access across the network
- Can clone an agent from one host to one or more other hosts of the same
operating system
Oracle Management
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2016, Oracle and/or its affiliatesฺ
Service
n se
lic e
ble
fe r a
3 Silent install: an s
• AgentPull n - t r
• agentDeploy a no
• RPM h a s 4 eฺAgent clone
ฺ d z) Guid between hosts
d o o nt
e d e
o or Stu
a n i@ this
e b r Copyright
s ©e2015, Oracle and/or its affiliates. All rights reserved.
j u
z (ad to
i A zi
An agent transforms a host to a managed host.
ran
The OMS can push an agent to any host that it can access across the network by using a
j e b secure shell (SSH) connection. Once connected by using authentication credentials supplied
D through the Cloud Control console, the agent image is sent in compressed form, then
uncompressed and installed. You nominate the installation directories in the Cloud Control
console when initiating the agent push job. The agent can be pushed, using a graphical
interface, to hosts that are:
• Known to the administrator as hosts on the network, but not yet known by Cloud Control
(1)
• Discovered automatically by Cloud Control, but unmanaged hosts (2)
Agents can also be installed in silent mode, using response files. (3) In this case, the
installation is performed directly on the hosts. The installation can be performed by using a
“pull” method (using the AgentPull script), a “push” method (using the agentDeploy script), or
an RPM file (typically used while provisioning an operating system on a bare metal host).
You can also get Cloud Control to clone the agent from one host to one or more other hosts of
the same operating system. (4) This method copies not just the software but the configuration
of the agent. This is typically done to define a standard agent configuration and deploy it to
multiple hosts.
Agents installation is covered in more details in the course titled Oracle Enterprise Manager
Cloud Control 12c Install & Upgrade.
• Agent-based discovery:
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2016, Oracle and/or its affiliatesฺ
1 2 3
Target A Target B Target C Target D
n se
Discovery Discovery Discovery
lic e
ble
Management Management
fe r a
Target A Plug-in Target B Plug-in Target C Plug-in an s
n - t r
a no
Agent
Agent
) h as deฺ
o ฺ dz t Gui
e o
dHOST en
r u d
@ oo s St
a i
ni 2015,thOracle
e b r Copyright ©e
s and/or its affiliates. All rights reserved.
j u
z (ad to
i A zi
An agent (target) plug-in contains two types of components:
ran
1. A target discovery component
j e b 2. A management component specific to a target that was discovered
D
The discovery content is deployed on a host:
• When the agent is pushed or installed on that host, for the default plug-ins
• When a new plug-in is deployed to the agent from OMS
The management component for default target types are pushed to hosts when an
administrator promotes a discovered target to a managed target.
The slide shows various possible categories of targets on a host:
1. Targets may be both discovered and managed on a host. In this case the discovery
component found it and the administrator confirmed its management (promoted it to a
managed target).
2. A target may exist on a host discovered but not yet managed. This means the
administrator chose to not promote it as a managed target but it can be done at a later
time.
3. There may be un-discovered targets on a host because no plug-in exists for it.
Therefore, this type of target is not managed by Cloud Control. A plug-in for such a type
of target must be explicitly deployed from the OMS to the agent to be discovered and
then managed.
executed by
Third-party Agent
Applications
Oracle
Management
Agent
E-Business
Suite
n se
lic e
ble
fe r a
an s
n - t r Guided
Application a no Discovery
Databasesas ฺ
servers Listeners
) h i d e
o ฺ dz t Gu
r e do den
o o S tu
a n i@ this
e b r Copyright
s ©e2015, Oracle and/or its affiliates. All rights reserved.
dj to u
z ( a
Az i
After the Agent has been installed on a host, it needs to look for targets that it can manage.
a n i
As a Cloud Control administrator, you can guide that process from the Cloud Control console
e b r
D j pages. Guided discovery allows you to nominate a family of target types that you want to
search for, such as database and listeners, and then the agents where you want that search
to be executed. If any new targets are discovered, the appropriate plug-in will be pushed from
the OMS if it is not already installed on the agent, the target will be recorded in the OMR, and
monitoring will commence.
You can also configure auto discovery to run at regular intervals and get an agent to search
for known targets unattended, allowing you to review the results at a later stage and promote
discovered targets to become managed targets.
• Oracle Databases
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2016, Oracle and/or its affiliatesฺ
Enterprise
Manager Cloud
Cloud Control Control
Credentials
Authentication Management e
e n s
e lic
r a bl
s fe
- t r an
n no
a
) h as deฺ
Cloud Control
o ฺ dz t Gui Target
Authorization
r e do den Authentication
oo s St u
@ i
ni 2015,thOracle
b r a
Copyright ©e
s and/or its affiliates. All rights reserved.
dj e u
( a to
z
ziControl security system can be divided into four components as shown in the
i A
The Cloud
n in the slide:
bra
graphic
Dje • Cloud Control Authentication checks the validity of users accessing the Cloud Control
system
• Credentials Management allows credentials to be defined
• The Target Authentication system uses the defined credentials
• Cloud Control Authorization grants privileges to managed targets
) h
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r Copyright
s ©e2015, Oracle and/or its affiliates. All rights reserved.
j u
z (ad to
A zi
The Cloud Control authentication framework determines whether users accessing the Cloud
i
ran
Control system are valid and allows or rejects the access (login). Both the graphical interface
j e b and the EM command-line interface (EM CLI) use this common authentication mechanism.
D This framework is designed to allow various pluggable authentication protocols. End users
can configure the authentication scheme that best suits their environments.
By default, Cloud Control authenticates users against values saved in the OMR. This option
takes advantage of all users authentication options available with an Oracle database,
including passwords profiles, password life time, and so on.
For external authentication, Cloud Control relies on the underlying WebLogic Server that is
part of the OMS (middle tier) stack. Other supported authentication schemes are:
• Oracle Application Server Single Sign-on
• Oracle Access Manager Single Sign-on
• Enterprise User Security
• LDAP based:
- Oracle Internet Directory (OID)
- Microsoft Active Directory
ease of management
EM Users
• Support for managing
passwordless and strong Privileges
authentication credentials
(Kerberos tickets and SSH keys)
n se
• Reuse and sharing among users e
e lic
(without disclosing the sensitive
r a bl
content of credentials) s fe
• Controlled and protected access EM User1
- t r an
n no
• Support for sudo/powerbroker a
) h as deฺCentralized Credential Store
ฺ dz tEMGUser2 ui
do deno
o r e tu
o S
a n i@ this
e b r Copyright
s ©e2015, Oracle and/or its affiliates. All rights reserved.
j u
z (ad to
A zi
As a management tool that handles many scripts and powerful actions such as patching,
i
ran
Enterprise Manager has to work with many credentials for hosts, databases, and a range of
j e b other objects. Managing all these credentials can be a real challenge. The centralized store
D facilitates this task because you can name and store credentials there.
Passwordless and strong authentication credentials are supported, such as the Kerberos
tickets and SSH key pairs.
Credentials can be reused and shared among users (without disclosing sensitive content like
passwords). Users are granted access to these credentials by the use of privileges, and so
they can be reused without knowing what the contents of the credentials themselves are.
Access to the credentials is controlled and protected by privileges.
The EM credential subsystem enables you to securely store credentials as preferences or
operation credentials, which can then be used to perform different system management
activities. EM also supports sudo/powerbroker–based impersonation.
• Named credentials
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2016, Oracle and/or its affiliatesฺ
– Access level:
— View access to use the credential
— Edit to change the credential
— Full for complete access
• Preferred credentials
n se
– Default credentials e
e lic
• Usage classification: Job, collection, and monitoring
r a bl
s fe
- t r an
no n
a
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r Copyright
s ©e2015, Oracle and/or its affiliates. All rights reserved.
j u
z (ad to
A zi
As an EM administrator, you can define and store credentials (username/password, a public
i
ran
key-private key pair, or an X509v3 certificate) as named credentials in Enterprise Manager.
j e b These are used when performing operations like running jobs, patching, and other system
D management tasks. Named credentials can be global or target specific. They are
“placeholders” designed to simplify passwords management.
The three levels of access that can be granted to these credentials:
• View access: To use the named credentials
• Edit access: To change the named credentials, including changing its name and
password
• Full access: For complete access, including the ability to delete the named credential
You can define credentials as preferred credentials for specific managed targets by storing
target login credentials in the Management Repository. Default credentials can be set for a
particular target type and they will be used for all the targets of that target type, unless
overridden by a target preferred credentials.
Credentials can also be classified by their usage, such as job credentials (used by the job
system), collection credentials, and monitoring credentials (used by the agents).
its mapping to named credentials for a target without editing the system that uses the
credential. For example, you could have a credential set for patching tasks.
• Credential store is a logical store for all the named credentials of an EM administrator.
Referencing credentials by:
• Credential name: The credential is referenced by using the name of the credential in the
credential store. e
• Credential set: The credential is referenced by using the credential set name and the e n s
e lic
target name. The lookup gets the credential associated with the credential set name and
target name. r a bl
s fe
- t
reference does not refer to a credential in the credential store.
an
• Direct value: The credential is specified by providing the values of the attributes. This
r
no n
a
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
j e br use
z (ad to
i A zi
ran
j e b
D
n se
lic e
ble
fe r a
an s
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r Copyright
s ©e2015, Oracle and/or its affiliates. All rights reserved.
j u
z (ad to
A zi
The Enterprise Summary page provides a summarized view of the health of all targets (as
i
a n
shown in the activity guide), including Cloud Control itself.
j e brWhen you select Targets > All Targets, EM displays the list of the individual targets. The left
D side of the All Targets page provides a navigation tree. When you click the link under Target
Name (on the right side of the page), you navigate directly to the home page of that target.
Cloud Control provides you with different levels of detailed information, so that you can
determine how well a group or a specific target performs.
All key pages for managing and monitoring Cloud Control are grouped under Setup >
Manage Cloud Control. For example, if you need to monitor the overall health of the
management service and repository, navigate to Setup > Manage Cloud Control > Health
Overview. You can also access the repository page by navigating to Setup > Manage Cloud
Control > Repository for an overview of the status and performance of the repository DBMS
jobs, errors that might have occurred, space usage, and so on.
a. Hosts
b. Databases
c. Application servers
d. Web applications
e. OMS and OMR n se
lic e
f. All of the above e
r a bl
s fe
- t r an
no n
a
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r Copyright
s ©e2015, Oracle and/or its affiliates. All rights reserved.
j u
iz (ad to
Afz
Answer:
i
b r an
Dj e
D j e
ra b
n i A
zzi
(ad
j e
a n
to
o
br use
o r e
i@ this S
o ฺ
tu
)
do den
h
dz t Gui
a
as deฺ
n no
- t r an
s
fe r a bl
elic e n s
e
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2016, Oracle and/or its affiliatesฺ
n se
lic e
ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
Copyright e Oracle and/or its affiliates. All rights reserved.
j u
z (ad to
i A zi
ran
j e b
D
Objectives
WebLogic
EM
OHS
OMS
Repository Agents
n se
Component Control Utilities lic e
ble
Repository OMS Agent s fe r a
tra n
sqlplus or o n -
a n
srvctl emctl
h a s eฺ emctl
lsnrctl ฺ d z) Guid
d o o nt
e d e
o or Stu
a n i@ this
e b r © s2015,
Copyright e Oracle and/or its affiliates. All rights reserved.
j u
z (ad to
A zi
Each component of the Cloud Control framework has its own utility or utilities that can be
i
ran
used to monitor, start, and stop the component. In many cases, these utilities also provide
j e b some capability to configure the component beyond the simple start-and-stop functionality.
D RAC databases require the use of the srvctl commands; for single instances, there is a
choice of sqlplus or srvctl.
Examples:
• srvctl stop database -d orcl -o immediate
• srvctl start database -d orcl -o open
$ sqlplus / as sysdba
n se
Connected to:
lic e
Oracle Database 11g Enterprise Edition Release 11.2.0.3.0 – Production
ble
With the Partitioning, OLAP, Data Mining and Real Application Testing
fe r a
options
ans
n - t r
SQL> startup
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
Copyright e Oracle and/or its affiliates. All rights reserved.
j u
z (ad to
A zi
The repository database must be started before the OMS can render the Cloud Control user
i
ran
interface, and before agents can pass target status and performance data through the OMS.
j e b • To start or open the database, begin a SQL*Plus session (as shown in the slide).
D Note that the ORACLE_HOME must be setup to point to the home where the database
was installed. ORACLE_SID must point to the repository database SID. To start the
instance, mount, and open the database, use:
SQL> startup
• To check the status of the repository database use:
SQL> SELECT status FROM v$instance;
The status must display OPEN. Any result other than OPEN indicates a problem with the
repository database that should be handled just like any other Oracle database problem.
Note: Use the SRVCTL command if you have a RAC instance for the repository.
To shut down the repository database, use the shutdown immediate command from a
SQL*Plus session. This option prevents any new logins, rolls back any uncommitted
transactions, and then brings down the database. During this process, Oracle flushes all the
changes in memory out to the database data files as well, just like a regular shutdown does,
therefore making the database startup quicker.
The following command requires the SYSMAN password and shows the OMS configuration
details:
$ emctl status oms -details
Oracle Enterprise Manager Cloud Control 12c Release 4
Copyright (c) 1996, 2014 Oracle Corporation. All rights reserved.
n se
Enter Enterprise Manager Root (SYSMAN) Password :
lic e
Console Server Host : em12.example.com
ble
HTTP Console Port : 7788
fe r a
ans
HTTPS Console Port : 7802
n - t r
no
HTTP Upload Port : 4889
a
as deฺ
HTTPS Upload Port : 4903
) h
dz t Gui
EM Instance Home : /u01/app/oracle/product/gc_inst/em/EMGC_OMS1
o ฺ
OMS Log Directory Location : /u01/app/oracle/product/gc_inst/em/EMGC_OMS1/sysman/log
OMS is not configured with SLB or e
r do hostname
virtual d en
oo s St u
Agent Upload is locked.
OMS Console is locked.an
i @ thi
b r s e
Active CA ID: 1 je u
a d t o
(https://em12.example.com:7802/em
i z
Console URL:
z https://em12.example.com:4903/empbs/upload
n i
UploadAURL:
b a Domain Information
rWLS
j e
D Domain Name : GCDomain
Admin Server Host : em12.example.com
Admin Server HTTPS Port: 7102
Admin Server is RUNNING
Managed Server Information
Managed Server Instance Name: EMGC_OMS1
Managed Server Instance Host: em12.example.com
WebTier is Up
Oracle Management Server is Up
BI Publisher Server is Up
BI Publisher Server named 'BIP' running at local URL:
https://em12.example.com:7799/xmlpserver
BI Publisher Server Logs: /oracle/gc_inst/user_projects/domains/GCDomain/servers/BIP/logs/
BI Publisher Log :
/oracle/gc_inst/user_projects/domains/GCDomain/servers/BIP/logs/bipublisher/bipublisher.log
) h as deฺ
dz t Gui
Agent URL : https://em12c.example.com:3872/emd/main/
Repository URL ฺ
: https://em12c.example.com:4904/empbs/upload
o
Started at : 2014-04-04 10:49:35
r e do den
Started by user : oracle
o o S tu
Last Reload : (none)
a n i@ this
br use
Last successful upload : 2014-04-04 11:34:39
Last attempted upload
j e : 2014-04-04 11:34:39
(ad to
Total Megabytes of XML files uploaded so far : 0.06
z
i A zi
Number of XML files pending upload
Size of XML files pending upload(MB)
:0
:0
ran
j e b Available disk space on upload filesystem : 30.54%
D Collection Status
Heartbeat Status
: Collections enabled
: Ok
Last attempted heartbeat to OMS : 2014-04-04 11:37:31
Next scheduled heartbeat to OMS : 2014-04-04 11:38:31
---------------------------------------------------------------
Agent is Running and Ready
For additional agent control commands, consult the Oracle Enterprise Manager Cloud
Control Administrator's Guide.
steps:
1. Start the repository database listener.
2. Start the repository database.
3. Start the OMS.
4. Start the agent on the OMS/repository server.
n se
5. Start the agents on the managed servers. lic e
ble
fe r a
ans
WebLogic
EM
n - t r
a no
) h as deฺ
o ฺ dz t Gui
OMS do
OHS
Repository r e u d en Agents
o o S t
a n i@ this
e b r © s2015,
Copyright e Oracle and/or its affiliates. All rights reserved.
j u
z (ad to
A zi
1. Start the repository listener, for example:
i
ran $ORACLE_HOME/bin/lsnrctl start
D jeb 2. Start the repository database, for example:
$ORACLE_HOME/bin/sqlplus / as sysdba
SQL> startup
3. Start the OMS (including OHS and WebLogic Managed Server):
<OMS Home>/bin/emctl start oms
4. Start the agent (on OMS/repository host):
<Agent Home on the OMS Host>/agent_inst/bin/emctl start agent
5. Start the agent on the managed targets:
<Agent Home on managed target>/agent_inst/bin/emctl start agent
Note: Use the SRVCTL command if you have a RAC instance as a repository.
Best Practice: The database, listener, OMS, and agents can be configured to start
automatically at the operating system startup. This configuration is the default but it is
platform specific. If these components are not already starting up automatically, consult your
OS documentation to complete this on your system.
steps:
1. Stop the agents on managed servers (optional).
2. Stop the agent on the OMS/repository server.
3. Stop the OMS.
4. Stop the repository database.
n se
5. Stop the repository database listener. lic e
bl e
fe r a
ans
WebLogic
n - t r
EM
a no
) h as deฺ
ฺ d z Gui
Agents d o
o OMS
OHS nt
r e u d e Repository
o
o sS t
i @
n © 2015, hi and/or its affiliates. All rights reserved.
tOracle
r a e
eb o us
Copyright
d j t
i z (a
n i Az the agent on the managed servers (optional):
1. Stop
n se
lic e
ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
Copyright e Oracle and/or its affiliates. All rights reserved.
j u
z (ad to
A zi
Once set up and running, it is a good practice to schedule ongoing maintenance tasks and
i
ran
periodically monitor for deviations from acceptable performance. To a large extent, the
j e b Cloud Control system monitors itself and rolls up critical information to a set of pages under
D the Setup > Manage Cloud Control menu. All major components of Cloud Control are
grouped into a single system, a set of services, to simplify their management. A number of
health metrics are automatically collected and some have thresholds set to alert
administrators about impending problems.
Note the following pages that consolidate information on specific areas:
• Health Overview page: A rollup of general statistics about your system such as
Job System Status, Console Activity, Alerts, and various Performance Charts
n se
lic e
ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
Copyright e Oracle and/or its affiliates. All rights reserved.
j u
z (ad to
•
i A zi
Repository tab: A summary of all repository-related statistics
ran
j e b
D
n se
lic e
ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
Copyright e Oracle and/or its affiliates. All rights reserved.
j u
z (ad to
•
i A zi
Management Servers page: All Management Services metrics
ran
j e b
D
n se
lic e
ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
Copyright e Oracle and/or its affiliates. All rights reserved.
j u
z (ad to
•
i A zi
Agents page: A rollup of all agents that are part of the system and their associated
ran targets, status, and so on.
j e b
D
some cases, repair problems (critical errors), all with an easy-to-use graphical
interface. The Support Workbench provides a self-service means for you to gather
first-failure diagnostic data, obtain a support request number, and upload diagnostic
data to Oracle Support quickly and with minimal effort, thereby reducing time-to-
resolution for problems. The Support Workbench allows you to view and process the
contents of ADRs.
n se
lic e
ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
j e br use
z (ad to
i A zi
ran
j e b
D
) h as deฺ criteria.
group theo
dz messages,
View the matching
ฺ
messages G uori
byt message
r e dotype or message
d en ID.
oo s St u
@
ni © 2015, hi and/or its affiliates. All rights reserved.
tOracle
r a e
eb o us
Copyright
d j t
z (a
A zi
Use the Log Viewer to:
i
ran
• View log files and messages for:
j e b
D - All entities in a domain
- An Oracle WebLogic Server
- A component
- An application
• Search log files
• Download log files
On the Log Messages page, you can search for specific diagnostic messages. Use this
page to search for messages for all of the entities in a domain, for an Oracle WebLogic
Server, a component, or an application. Your search criteria can be refined through the
addition of fields. You can also view the list of targets that are part of the search, and add or
remove targets.
You can also view and download full log message files for each individual target in the
Cloud Control domain by navigating to the target home menu > Logs > View Log
Messages (for example, Oracle HTTP Server > Logs > View Log Messages).
<EM_INSTANCE_BASE>/em/<OMS_NAME>/sysman/log/
• OMS uses the following types of log files:
dj to u
z ( a
OMS andA i
zAgent log files can be viewed manually, directly from their location.
n i
a log and trace files are available in the EM instance base location, typically a location
ebr
OMS
Dj similar to this: /u01/app/oracle/product/gc_inst/em/EMGC_OMS1/sysman/log
OMS log and trace files increase in size over time as information is written to the files.
However, the files are designed to reach a maximum size. When the files reach the
predefined maximum size, the OMS renames (or rolls) the logging information to a new file
name and starts a new log or trace file. This process prevents the log and trace files from
growing too large.
<EMHOME>/sysman/log/
• The agent uses the following types of log files:
dj to u
z ( a
A
The log
i zi trace files for the agent are written in the OMA runtime directory. You can find
and
anruntime directory by using the following command:
brthe
Dje <Agent Home>/agent_inst/bin/emctl getemhome
The log and trace files are located by default in the following directory:
<Agent Home>/agent_inst/sysman/log
The main log is segmented by default into 11 segments of 5 MB each. The segments are
named gcagent.log and gcagent.log.#, where # is a number in the range of 1-10.
These settings are controlled by properties in the emd.properties file.
• Connectivity
– Verify that the repository URL is correct in the
emd.properties file.
– Use the emctl status agent command to find the repository URL.
• Throughput
– View agent logs in: n se
lic e
<Agent Home>/agent_inst/sysman/log
ble
– Check upload errors: fe r a
ans
<Agent Home>/agent_inst/sysman/log/gcagent.trc
n - t r
• Target discovery a no
– View target discovery errors:
) h as deฺ
ฺ dz t Gui
<Agent Home>/agent_inst/sysman/log/emagent_perl.trc
o
r e do den
o o S tu
a n i@ this
e b r © s2015,
Copyright e Oracle and/or its affiliates. All rights reserved.
dj to u
z ( a
A z i
Management Agent problems usually fall into one of three categories:
n i
e b ra
1. Connectivity between the Management Agent and OMS
D j When a single Management Agent is unable to connect to OMS, the problem is
normally found on the Management Agent’s server. If multiple Management Agents
are unable to connect, the problem may lie with OMS or the underlying network.
Check the following file:
<Agent Home>/agent_inst/sysman/config/emd.properties
and verify that the repository URL is correct. You can retrieve the URL also by using
the emctl status agent command. Ensure that you can ping the host identified as the
repository URL. If possible, attempt to telnet to the OMS host. Remember that the
Management Agent should connect directly to the Oracle HTTP Server.
• Basic concepts:
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2016, Oracle and/or its affiliatesฺ
dj to u
z ( a
Cloud A
i zi backup and recovery involves performing backup and recovery of all the
Control
an tiers of Cloud Control:
brthree
Dje • Oracle Management Repository
• Oracle Management Service
• Oracle Management Agent
Details of the backup and recovery of these components are covered in the next few slides.
n se
lic e
ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
j e br use
z (ad to
i A zi
ran
j e b
D
s
Cloud Control deployment. an
ฺ once a day
dz t Gu
• ) ha iat
Software Library: File system backup, deleast
o ฺ
r e do den
o o S tu
a n i@ this
e b r © s2015,
Copyright e Oracle and/or its affiliates. All rights reserved.
dj to u
z ( a
zi the backup requirements differ depending on the component:
For theAOMS,
i
b r a•n Software Homes: The software homes change only when patches or patch sets are
Dje applied, and so file system–level backups must be taken after each patch application
activity. Remember to back up the Oracle inventory files along with the software
homes.
• Instance Home: The instance home can be backed up by using the emctl
exportconfig oms command. This is a critical piece for recovery and therefore a
backup must be taken after any change to the OMS (new patches, port number
changes, and so on)
• WLS Admin Server operates as the central control entity for the configuration of the
entire domain that OMSs are part of. The admin server is co-located with the first OMS
that is installed in your Cloud Control deployment and shares the software homes and
instance home with the first OMS. Backup of the first OMS, therefore, includes backup
of the admin server.
The Software Library is a collection of patches, software images, or scripts and it must be
backed up like a file system, ideally once a day minimum. The software library is an
essential part of the Cloud Control framework that must be in sync with the OMS should any
recovery be needed.
dj to u
z ( a
A zi an OMS essentially consists of two steps, recovering the software homes, and
Recovering
i
an configuring the instance home. When restoring on the same host, the software homes
brthen
Dje can be restored from file system backup. In case a backup does not exist, the software
homes can be reconstructed by using the software-only installation of WebLogic and OMS,
software-only installation of add-ons (if any) and all patches that were applied earlier before
the crash. The location of the OMS Oracle home is fixed and cannot be changed, so take
care to restore in the same location that was used earlier.
After the software homes are recovered, the instance home can be reconstructed using the
OMS Configuration Assistant (omsca) in recovery mode, along with a saved
exportconfig file.
Note that the Software Library must also be restored to the same point in time as the OMS.
Note: Various OMS recovery techniques are covered in the course titled Oracle Enterprise
Manager Cloud Control 12c Advanced Configuration.
• Agents backup:
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2016, Oracle and/or its affiliatesฺ
dj to u
z (a
Answer: z
Ae i
n i
bra
Dje
n se
lic e
ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
Copyright e Oracle and/or its affiliates. All rights reserved.
j u
iz (ad to
Aza
Answer:
i
b r an
Dj e
n se
lic e
ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
Copyright e Oracle and/or its affiliates. All rights reserved.
j u
z (ad to
A zi
In this practice, you perform an RMAN backup of a target database to disk as a hands-on
i
ran
introduction to this topic.
j e b
D
Monitoring Targets
n se
lic e
ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
Copyright e Oracle and/or its affiliates. All rights reserved.
j u
z (ad to
i A zi
ran
j e b
D
Objectives
Target
Agent
Monitoring targets
on Cloud Control
n se
lic e
ble
fe r a
Admin Server ans
n - t r
Managed Server
a no
WLS Domain ) h as deฺ
o ฺ dz t Gui
EM Repository OMS do
EM Infrastructure en
r e u d
@ oo s St
r a ni © 2015,
e hi and/or its affiliates. All rights reserved.
tOracle
eb o us
Copyright
d j t
i z (a
Because
n i Azof the size, complexity, and criticality of today’s enterprise IT operations, the
a
brchallenge for IT professionals is to be able to maintain high levels of component availability
Dje and performance for applications and all components that make up the application’s
technology stack. Monitoring the performance of these components and quickly correcting
problems before they can impact business operations is crucial.
The management agent on each monitored host monitors the status, health, and
performance of all managed targets (such as database, application server, operating
system, and hardware) on that host. If a target goes down, or if the performance metric
crosses a warning or critical threshold, an event is generated and sent to Oracle
Management Service (OMS). By using the Cloud Control console, you can view the status
of all the monitored targets.
such as:
• In-depth monitoring with Oracle-provided metrics and
suggested thresholds
• Access to real-time performance charts
• Collection, storage, and aggregation of metric data in the se
management repository to perform tasks such as trend e n
e lic
analysis and reporting abl fer
a n s
o n -tr
a n
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
Copyright e Oracle and/or its affiliates. All rights reserved.
dj to u
i z (a
n i Az
The management agent automatically starts monitoring the targets as soon as the agents
metric values are compared. You can set the metric threshold
values for two levels of metric alert severity:
• Warning: Attention is required in a particular area, but the
area is still functional.
• Critical: Immediate action is required in a particular area. e
The area is either not functional or indicative of imminent cens
problems. l e li
b ra
f e
a ns
o n -tr
a n
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
Copyright e Oracle and/or its affiliates. All rights reserved.
j u
z (ad to
A zi
Some metrics have associated predefined limiting parameters called thresholds that cause
i
ran
metric alerts to be triggered when collected metric values exceed these limits. You can set
j e b the metric threshold values for two levels of alert severity:
D • Warning: Attention is required in a particular area, but the area is still functional.
• Critical: Immediate action is required in a particular area. The area is either not
functional or indicative of imminent problems.
Thresholds are boundary values against which monitored metric values are compared. For
example, for each disk device associated with the CPU Utilization (%) metric, you might
define a warning threshold at 80% and critical threshold at 95%.
Task Description
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2016, Oracle and/or its affiliatesฺ
(collected successively) must stay above the threshold value for 30 minutes before an alert
is triggered.
Use the “Metric and Collection Settings” page to:
• Modify metric threshold values
• Edit monitoring settings for specific metrics
• Change metric collection schedules
• Disable the collection of a metric n se
lic e
e
The Edit icon (pencil) indicates whether or not you can specify different thresholds for the
bl
r a
metric; a group of pencils indicates that the metric is monitoring multiple objects, which can
fe
ans
each have their own threshold. An example is the Archive Area Used (%) metric for
- t r
Database. A single pencil indicates that the metric monitors a single object at a single set of
n
thresholds.
a no
) h as deฺ
Note: You must have at least the OPERATOR subprivilege “MANAGE TARGET METRICS” on
o ฺ dz t Gui
the target to make changes. Without this privilege, the content of the Metric Threshold table
will be read-only.
r e do den
Refer to the demonstration titledo o
“Monitor tu for detailed examples on performing
a Target”
S
these tasks.
a n i@ this
j e br use
z ( ad to
i A zi
n
bra
Dje
Notifications
Email
Threshold crossed
Alert generated
n se
lic e
ble
Corrective action fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
Issue resolved r e do Email d en Administrator
o o S t u
a n i@ this
e b r © s2015,
Copyright e Oracle and/or its affiliates. All rights reserved.
dj to u
z ( a
A ziactions allow you to specify automated responses to alerts. Corrective actions
Corrective
i
an that routine responses to alerts are automatically executed, thereby saving
brensure
Dje administrator time and ensuring that problems are dealt with before they noticeably impact
users. For example, if Cloud Control detects that a component, such as the listener is down,
a corrective action can be specified to automatically start it back up. A corrective action is
thus any task you specify that will be executed when a metric triggers a warning or critical
alert severity. By default, the corrective action runs on the target on which the alert has been
triggered. Administrators can also receive notifications for the success or failure of
corrective actions.
A corrective action can also consist of multiple tasks, with each task running on a different
target. For example, if an application server triggers a warning alert indicating that it is
approaching its limit on the number of requests it can handle, a corrective action can be
defined to automatically start up additional service instances on another host, thereby
sharing application load among different service instances.
Note: Corrective actions for a target can be defined by all Cloud Control administrators who
have been granted the “MANAGE TARGET METRICS” (or greater) privilege on the target.
The “MANAGE TARGET METRICS” privilege is an OPERATOR subprivilege.
or in a monitoring template:
– Create a new corrective action as part of the metric
definition.
– Reuse a corrective action already defined for a metric on the
same target, or in the monitoring template.
– Apply one from the corrective actions library (at the
e n se
c
Enterprise level). e li bl
• Define a library corrective action for a corrective action
f e ra that
you plan to use repeatedly. t r a ns
- on
a n
h a s e ฺ
)
dz t Gu i d
o ฺ
r e do den
o o S tu
a n i@ this
e b r © s2015,
Copyright e Oracle and/or its affiliates. All rights reserved.
dj to u
i z (a
You can
n i Azadd a new corrective action to a metric on a specific target or in a monitoring
b r a
template in any of the following ways:
Dj e • Create a new corrective action as part of the metric definition.
• Specify the name of a corrective action that has already been defined on another
metric for that target. If you are adding the corrective action to a metric in a monitoring
template, you can also reuse corrective actions that have been previously defined in
the monitoring template.
• Specify the name of a corrective action that has been previously defined in the
corrective actions library.
Defining a corrective action as part of the corrective actions library at the enterprise level
enables you to use the corrective action definition when you define a corrective action for a
target metric.
When you define a corrective action, you choose from a list of corrective action job types
including standard types such as “Same as Warning,” “Same as Critical,” and “OS
Commands.” The list of available job types varies depending on the target type.
If you are reusing a previously defined corrective action, choose a corrective action type of
“Reuse Action.” To use a corrective action from the corrective action library, choose a
corrective action type of “From Library.”
dj to u
z ( a
A zi templates provide a way for administrators to apply standardized monitoring
Monitoring
i
an across managed targets. Oracle Corporation recommends using templates as part
brsettings
Dje of template collections. But you can also use them for ad hoc operations.
When a template is applied to a target, any monitoring settings not specified in the template
remain unaffected on the target.
You can use templates across one or more targets or groups. When a change is made to a
template (which is not in a template collection), you need to reapply the template across
affected targets to propagate the new changes. For any target, you can preserve custom
monitoring settings by specifying metric settings that can never be overwritten by a
template.
The recommended workflow is:
• Create templates (from the beginning or with the create-like functionality from Oracle’s
predefined templates)
• Add templates to the template collection (covered in the lesson titled “Managing
Groups”)
The benefit is that you do not need to perform ad hoc apply operations or the comparing
template settings because the template collection feature ensures that template settings are
applied to their target type in the administration group hierarchy.
d j t
i z (a
n i Az Manager Cloud Control includes templates for monitoring Oracle target types,
Enterprise
a as Oracle WebLogic Domain, Oracle Home, Oracle Fusion Middleware Farm,
brsuch
Dje Metadata Repository, Listener, Database Instance, Application Deployment, Oracle
WebLogic Server, Host, and Agent.
You can view these templates and any others that your organization might have on the
Monitoring Templates page. This page provides the starting point for your tasks, which
include working with the monitoring templates. Note that the correct privilege level is
required.
You can use predefined templates as a starting point (with Create Like) or create a new
monitoring template. Templates can be edited and, if no longer needed, they can be
deleted.
Compare and apply operations are needed only when you work with individual templates.
When a monitoring template is used as part of a template collection, these operations occur
automatically based on their assignment to an administration group (covered in the lesson
titled “Managing Groups”).
When you have an individual template version that you want to use, it is recommended to
compare it with targets before applying the template to the targets.
Monitoring templates are independent of the targets to which they are applied. After a
template is applied, and you make subsequent changes to the template, you must reapply
the template to any of the applicable targets in order for the changes to be propagated to
these targets. Conversely, any monitoring settings changes made to individual targets will
not appear in the template. The most common use case is to apply a monitoring template to
a group.
Two template apply options are available: n se
lic e
• Template will completely replace all metric settings in the target: All metrics
ble
r a
defined in the template are applied to the target. Pre-existing target monitoring settings
fe
ans
are disabled. Metric thresholds will be set to NULL or blank. This effectively eliminates
- t r
alerts from these metrics by clearing current severities and violations.
n
no
• Template will only override metrics that are common to both template and
a
) h as deฺ
target: Only metrics common to both the template and target are updated. Existing
o ฺ dz t Gui
target metrics that do not exist in the template remain unaffected. When this option is
r e do den
selected, additional template apply options are made available for metrics with key
value settings.
o o S tu
When an individual template
a n i@
is applied,
t h isthe apply operation is performed as asynchronous
jobs, one for each target
j e br to which
u s ethe template is applied. You can click the link under the
Pending Apply a
( d
Operationstocolumn to check on the status of apply template jobs. Any job
that is not
z i z
shown as pending indicates a successful application of the template.
You
A
nican select any existing monitoring template and export it to an XML file by clicking
r a
Dj eb Export. For any monitoring template that has been exported to an XML file, you can add it
back as an active template by clicking Import. You can only export/import metric templates
between the same Cloud Control versions.
Cloud Control allows you to set default monitoring templates that are automatically applied
to newly added targets, thus allowing you to apply monitoring settings that are appropriate
for your monitored environment.
Note: Super administrator privileges are required to define default monitoring templates.
Templates can also be grouped into template collections and associated with an
administration group. You can only have one monitoring template of a particular target type
in the template collection.
maintenance activities:
Cloud Control
Oracle
Blackout
Management Service
n se
lic e
ble
fe r a
ans
n - t r
a no
) h as Database d e ฺ backup
Oracle Management Repositoryฺdz u i
o t G
r e do den
o o S tu
a n i@ this
e b r © s2015,
Copyright e Oracle and/or its affiliates. All rights reserved.
dj to u
z ( a
A ziallow you to suspend the collection of metrics on a target when performing
Blackouts
i
an
brscheduled maintenance on the target. Blacking out a target suspends monitoring on the
Dje target for the duration of the blackout.
A blackout can be defined for individual targets, a group of multiple targets that reside on
different hosts, or for all targets on a host. Blackouts can be scheduled to run immediately or
in the future, and to run indefinitely or stop after a specific duration. Blackouts can be
created on an as-needed basis, or scheduled to run at regular intervals. During the
maintenance period, if you discover that you need more (or less) time to complete a
maintenance task, you can easily extend (or stop) the blackout that is currently in effect. The
blackout functionality is available from both the Cloud Control console as well as via the
command-line interface (EMCLI). EMCLI is often useful for administrators who need to
incorporate the blacking out of a target in their maintenance scripts.
Blackouts allow you to collect accurate monitoring data. For example, you can stop data
collections during periods where a managed target is undergoing routine maintenance, such
as a database backup (as shown in the slide) or hardware upgrade. If you continue
monitoring during these periods, the collected data shows trends and other monitoring
information that are not the result of normal day-to-day operations.
Note: Blackouts occur simultaneously across all targets, regardless of the time zone. To
black out a target, you need at least the BLACKOUT TARGET privilege on the target.
• Email notifications
– Set up a mail server
– Define email addresses
– Customize email formats
– Set up notification schedules e
e n s
– Can be set up during OMS installation
e lic
• Third-party tools notifications r a bl
s fe
– SNMP traps
- t r an
• no or PL/SQL
Custom notification methods via OS scripts n
a
procedures has eฺ z) Guid
o ฺ d
e d o
d e nt
o or Stu
a n i@ this
e b r © s2015,
Copyright e Oracle and/or its affiliates. All rights reserved.
j u
z (ad to
A zi
Cloud Control includes a notification subsystem integrated with the monitoring system and
i
ran
allows you to receive notifications in various formats if any problems (alerts, events, and so
j e b on) arise.
D
Notifications can be sent via email, in which case you must set up:
• A mail server
• Email addresses to be sent to
• Any customization to the email format
• The schedule emails are to be sent on
A default email address can be set up during the OMS installation time.
Cloud Control also supports third-party notifications via SNMP traps, including SNMP v3.
Other custom notification methods can be set up via OS scripts or custom PL/SQL
procedures.
The notifications setup interface can be accessed from the Setup > Notifications menu.
You must have Super-Administrator privileges to set up a notification method.
a. Targets
b. Groups
c. Both of the above
n se
lic e
ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
Copyright e Oracle and/or its affiliates. All rights reserved.
j u
iz (ad to
Azc
Answer:
i
b r an
Dj e
Managing Hosts
n se
lic e
ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
Copyright e Oracle and/or its affiliates. All rights reserved.
j u
z (ad to
i A zi
ran
j e b
D
Objectives
dj to u
z(a
A z i
ani
e b r
Dj
• Monitor host OS
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2016, Oracle and/or its affiliatesฺ
n se
lic e
ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
Copyright e Oracle and/or its affiliates. All rights reserved.
j u
z (ad to
A zi
The Hosts page enables you to obtain a high-level view of multiple hosts that you (as an
i
ran
Enterprise Manager administrator) are responsible for. To view the hosts being monitored
j e b by Cloud Control, navigate to Targets > Hosts.
D
Through the links in the Related Links section, you can customize the columns displayed on
the Hosts overview page and run host commands.
The Configure, Remove, and Add buttons are used as follows:
• Configure: Because availability and performance monitoring for the selected target
have been automatically enabled, no further monitoring configuration is necessary.
• Remove: Before removing the host, you must first remove all the other targets.
• Add: To add a host target, install the Oracle Management Agent on the host computer
that you want to manage. When the Management Agent begins communicating with
the Oracle Management Service, the Management Agent target and the host target
will appear in the list of targets.
View the demonstration titled “Monitor and Manage All Hosts” for additional information.
Incidents are described in detail in the “Managing Incidents” lesson. Compliance information
is provided in the “Managing Compliance” lesson.
n se
lic e
ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
Copyright e Oracle and/or its affiliates. All rights reserved.
j u
z (ad to
A zi
On the Host home page, which is displayed in the slide, you can view detailed information
i
ran
about the selected host. You can navigate to this page by selecting Targets > All Targets
j e b and then search for and select the target.
D
By clicking the “i” icon next to the host name, you can quickly determine how long the target
has been up, the availability percentage, the operating system of the target, and the name
of the agent. The Summary, Diagnostics, and Configuration sections provide more detailed
information.
This page also provides a graphical display of:
• CPU and memory utilization
• File system usage (total disk utilization)
• Network utilization in MB/second (write and read)
Additional information provided on this page includes:
• Incidents and problems listing
• Compliance standard summary, including last evaluation date
Note that the page can be personalized, enabling you to reorganize the page content and
choose additional display elements.
View the demonstration titled “Monitor an Individual Host” for additional information.
n - trauser.
a no
View and remove related
) h as deฺ
targets on the host.
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
Copyright e Oracle and/or its affiliates. All rights reserved.
dj to u
z ( a
You canA i
zexpand the Host menu to view the starting points for additional host management
n i
a A few of the operations are highlighted in the slide. Some operations, such as
tasks.
b r
e Privilege Delegation Settings, require special privileges that you may not have.
Dj
View the demonstration titled “Monitor an Individual Host” for additional information.
n se
Create custom monitoring metrics.
lic e
ble
fe r a
an
View availability history.s
n - t r
a no
h a s View ealertฺ history.
ฺ d z) Guid
d o o nt
e d e
o or Stu
a n i@ this
e b r © s2015,
Copyright e Oracle and/or its affiliates. All rights reserved.
j u
z (ad to
A zi
Navigate to Host > Monitoring to view the options for detailed monitoring of your host:
i
ran
• CPU Details: Graphical representation of CPU utilization, I/O wait, and load. The top
j e b 10 processes are ordered by CPU usage.
D
• Memory Details: Graphical representation of memory page scan rate, memory
utilization, and swap utilization. The top 10 processes are ordered by memory usage.
• Disk Details: Graphical representation of total disk I/O made across all disks and
maximum average disk I/O service time. The top disk devices are ordered by percent
busy.
Use the All Metrics page to view a list of all the performance metrics defined for the host
target. You can set the thresholds for these metrics by selecting “Metric and Collection
Settings” in the Monitoring menu. Additional information about metrics is provided in the
“Monitoring Targets” lesson.
View the demonstration titled “Monitor an Individual Host” for additional information.
• Navigation overview:
n se
lic e
bl e
• Sample tasks: fe r a
t r a ns
on-
– Modify services on the Linux operating system.
– View the network cards and the IP addresses a n available in a
Linux machine. h a s e ฺ
z ) u i d
– Add, delete, and edit groups o o ฺd andt user G accounts on Linux
d e n
hosts.
o ore Stud
a n i@ this
e b r © s2015,
Copyright e Oracle and/or its affiliates. All rights reserved.
j u
z (ad to
A zi
The screenshot in the slide provides a navigation overview for host administration tasks.
i
a Linux hosts, to leverage the capabilities offered on the Host Administration page, you n
j e brFor
D need to install Yet Another Software Tool (YaST). YaST is an operating system setup and
configuration tool that comes as a standard tool as part of SuSE Linux distribution. The
Linux administration feature uses YaST to run scripts. For Oracle Enterprise Linux and Red
Hat, the YaST Red Hat Package Manager (RPM) package contains the Cloud Control
scripts. You can download and install free of charge the YAST software from
http://oss.oracle.com/projects/yast/.
View the demonstration titled “Install YAST” for an example of a YaST install. Note that your
YaST install depends on your operating system version.
The tasks you can perform from each link are as follows:
• Services: Modify services on the Linux operating system. You can edit, start, stop,
and restart a service and also change the run level of a service.
• Default System Run Level: Set the run level into which the system boots by default.
• NFS Client: View and edit all the NFS clients mounted on your Linux host. You can add,
mount, unmount, and delete clients.
• User and Group Administration: Add, delete, and edit groups and user accounts on
Linux hosts.
View the demonstration titled “Administer a Linux Host” for additional information.
n se
lic e
ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
j e br use
z (ad to
i A zi
ran
j e b
D
t r a ns
Network Profile Configuration of Oracle Net Services n
o - on a client
features
or server a n
h a s e ฺ
)
dz t Gu i d
o ฺ
r e do den
o o S tu
a n i@ this
e b r © s2015,
Copyright e Oracle and/or its affiliates. All rights reserved.
dj to u
z ( a
i A zi Administration enables you to configure Oracle Net Services for any Oracle
Net Services
b r an It also provides common administration functions for listeners. You can use Net
home.
Dj e Services Administration to configure and administer the following:
• Listeners: Configures listeners to receive client connections and to save this
configuration in the listener.ora file
• Directory Naming: Defines simple names and connect identifiers, and maps them to
connect descriptors to identify the network location and identification of a service. It
saves database services, Net Services, and Net Service aliases in a centralized
directory service.
• Local Naming: Saves Net Service names in the tnsnames.ora file
• Network Profile: Configures parameters for a profile saved in the sqlnet.ora file,
which specifies preferences for enabling and configuring Oracle Net features on the
client or database server
You can also perform the following tasks:
• File Location: Specifies the directory location for Oracle Net Services configuration
files
• Group Copy of Network Config Files: Enables you to copy selected network
administration files to a group of one or more destination hosts
View the demonstration titled “Administer a Linux Host” for additional information.
n se
lic e
ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
Copyright e Oracle and/or its affiliates. All rights reserved.
j u
iz (ad to
Aza
Answer:
i
b r an
Dj e
dj to u
z(a
A z i
ani
e b r
Dj
n se
lic e
ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
Copyright e Oracle and/or its affiliates. All rights reserved.
j u
z (ad to
A zi
Demonstrations that are relevant for this lesson include the following:
i
ran
• Monitor and Manage All Hosts: Shows you how to explore the Hosts overview page
j e b and execute OS commands for multiple hosts
D
• Monitor an Individual Host:
- Viewing host target information, CPU, memory, and network utilization
- Monitoring your incidents and compliance, and checking log file alerts
- Viewing related targets on this host
- Navigating to All Metrics
• Use the Remote File Editor: Shows you how to edit files remotely
• Install YaST: Shows you how to download and install YAST, which is a prerequisite
for the next demonstration
• Administer a Linux Host: Shows you how to perform sample Linux tasks from the
EM interface
D j e
ra b
n i A
zzi
(ad
j e
a n
to
o
br use
o r e
i@ this S
o ฺ
tu
)
do den
h
dz t Gui
a
as deฺ
n no
- t r an
s
fe r a bl
elic e n s
e
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2016, Oracle and/or its affiliatesฺ
Managing Groups
n se
lic e
ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
Copyright e Oracle and/or its affiliates. All rights reserved.
j u
z (ad to
i A zi
ran
j e b
D
Objectives
dj to u
z(a
A z i
ani
e b r
Dj
Why would you use groups? Which goals can you achieve?
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2016, Oracle and/or its affiliatesฺ
dj to u
i z (a
Groups
i z great manageability benefits because you can:
Ahave
n
bra• Manage sets of targets as a single functional unit. You can grant administrators
Dje access to the groups of targets that they need to manage. For example, database
administrators are interested only in the databases that they are responsible for, so
you can create a group of databases for them. Some administrators might want to
manage targets within their geographic areas, so you create groups containing those
targets.
• Quickly determine the overall status and health of a subset of the cloud’s managed
targets
• Get summaries of open incidents and job activity and drill down to see the incident
itself
• Perform administrative tasks, such as scheduling jobs for the entire group or blacking
out the group for maintenance periods
• Run Host and SQL script jobs against all members of a group
• Grant privileges on all targets in a group to a set of administrators or roles
• Use a notification rule on a group
• Apply Monitoring Templates on groups
• Run reports on groups
Using Oracle Enterprise Manager Cloud Control 12c 6 - 4
Group: Example
Customize GUI.
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2016, Oracle and/or its affiliatesฺ
n se
Monitor the status, incidents and
compliance violations in the group. lic e
ble
fe r a
an s
Perform target
n - t r
operations.
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
Copyright e Oracle and/or its affiliates. All rights reserved.
j u
z (ad to
A zi
The Group home page (shown on the slide) differs for different types of target groups.
i
a n
Normally, a group has many members.
j e brYou can customize the page to best suit your working style. Customization includes layout,
D
changing options in individual regions, adding, and removing regions.
Monitoring the states of your targets is usually your most important task. Rollup of incidents,
blackouts, and policy violation are categorized by severity, so you can quickly focus on the
most critical problems first. Incidents and violations that have occurred within the last 24
hours highlight problems that recently occurred.
You can administer the group membership, view its history, and perform tasks based on the
types of members in your group.
Your dashboard contains by default status, incidents, alerts, and performance of the targets
in the group. Its color-coded interface immediately highlights problem areas. By clicking a
target name link, you can drill down to more detailed information.
dj to u
z ( a
WhichA
i zi exist in Cloud Control and how do they differ from each other?
groups
n
bra• A group can include targets of the same type, such as all your production databases,
Dje or include targets of different types. A group can include other groups. You explicitly
assign targets to a group.
• A privilege propagating group is a group wherein an EM privilege that you grant on
the group automatically extends to all its targets, including any targets added to the
group in the future.
• A Dynamic Group is a group whose membership is determined by a membership
criteria. Enterprise Manager automatically adds targets that match a predefined
membership criteria.
• Administration groups are privilege propagating groups, which are used to automate
the deployment of management settings to targets in the group. Administration groups
are created based on target properties that act as membership criteria. Privilege
propagation is included. EM automatically adds targets to an administration group if
that target meets your configured membership criteria. You cannot directly add targets
to the administration group.
n se
lic e
ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
j e br use
z (ad to
i A zi
ran
j e b
D
• Same type
• Different types
• Group hierarchy
• Specific types for redundancy group:
– Cluster n se
– Cluster database lic e
ble
– HTTP HA group fe r a
ans
n - t r
Production
a noEMEA
database
) h as deฺgroup
dz t Gui
group
o ฺ
r e do den
o o S tu
a n i@ this
e b r © s2015,
Copyright e Oracle and/or its affiliates. All rights reserved.
j u
z (ad to
A zi
When you create groups, it is your choice how you want to design them. Cloud Control
i
ran
supports:
j e b • Targets of the same type, such as:
D
- All hosts in your data center
- All of your production databases
• Targets of different types, such as:
- The database, application server, listener, and host, which are used in your
application environment
- Targets operating within a particular data center region
• Group Hierarchy with parent groups
To group a RAC database, host cluster, or HTTP server high-availability group, use the
following specific target types: cluster, cluster database, and HTTP HA group.
d j t
z (a
A zi
When a group exists, your management tasks might include:
i
ran
• Editing and deleting the group definition
j e b
D • Assigning privileges for other EM administrators:
- The View target privilege includes privileges to view a group and its members.
- The Operator target privilege includes privileges to modify group membership,
customize dashboards, add charts, and so on.
- The Full target privilege includes the operator and delete group privileges (the
latter does not delete the group members).
• Using the Group Administration privilege to delegate group administration
activities to other administrators
• Managing target membership:
- By explicit assignment for regular groups
- By automatic assignment (based on target properties) for administrative groups
Task EM Privilege
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2016, Oracle and/or its affiliatesฺ
dj to u
z ( a
A zi tasks have the privileges outlined in the slide as a prerequisite.
The upcoming
i
anspecial EM privileges are needed to create a monitoring template.
brNo
Dje To use the template (which you did not create), you must have the View privilege on that
template. Similarly, you must have the View privilege to use template collections.
• Definition tasks:
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2016, Oracle and/or its affiliatesฺ
dj to u
i z (a
n i Az group is a group of targets created only by specifying a membership criteria.
A dynamic
bra
Enterprise Manager automatically determines which members can be part of a dynamic
Dje group by evaluating the criteria. Membership criteria is based on target properties, for
example target types, lifecycle status, location, and so on. When multiple criteria are defined
for a dynamic group, a target must match all criteria before it is automatically added to the
group.
You can have Privilege Propagation enabled for a dynamic group. This means that the
target privileges granted on the group to the administrator will be propagated to the member
targets. Therefore, if this property is enabled, only targets on which the administrator has full
privileges on can be members of the group.
By using the Charts tab, you can select metrics at the target type level to monitor from the
Groups home page. These metrics will be displayed in Charts view. By using the Columns
tab, you can customize display names for group members columns and charts. By using the
Dashboard tab, you can configure display settings for the group dashboard.
Enterprise Manager automatically updates the group membership as new targets are added
or target properties are changed. Administrators can view the group members or defined
metrics, and customize the displays further.
Dynamic groups cannot contain static groups, other dynamic groups, or administration
groups.
• Preparation tasks:
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2016, Oracle and/or its affiliatesฺ
dj to u
i z (a
n i Az tasks:
Preparation
bra• Assign properties to targets. From the individual target home page menu, navigate to
Dje Target Setup > Target Properties. The target properties include lifecycle status,
location, contact, department, line of business, target type, cost center, target version,
and customer support identifier.
• Design your administration group hierarchy by grouping together targets that are
monitored in the same way (based on target property values such as, life cycle, line of
business, location, and so on).
• Template collections are made up of monitoring templates, compliance standards,
and/or cloud policies. You need to create the items needed for your organization
before you can organize them into a template collection.
Management tasks:
• Set up the administration groups hierarchy.
• Create template collections.
• Associate template collections with administration groups.
• Set or confirm the global synchronization schedule according to which EM performs
the synchronization of the targets with the selected items.
• Automatic deployment of
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2016, Oracle and/or its affiliatesฺ
A template collection:
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2016, Oracle and/or its affiliatesฺ
Production
Non-
n se
Production
lic e
a b le
Finance r
feFinance
ans
n - t r
a no HR HR
h s
a deฺ
CPU% 80 90 )
dz t Gui Sales
o o ฺ Sales
d e n
o ore Stud
a n i@ this
e b r © s2015,
Copyright e Oracle and/or its affiliates. All rights reserved.
dj to u
z ( a
A
After you
i defined the template collection setting, you may need to change them; the
zhave
an i
brthresholds might not be correct, it might need to be adjusted. How do you do it?
Dje First, edit the underlying monitoring template that contains those settings (for example, the
CPU threshold should be changed to 90% instead of 80%).
Cloud Control ensures that the change is deployed across the targets. This process is
called “synchronization.”
It can be done as part of regular maintenance work (you can specify the schedule, such as
every midnight) or on demand.
• Preventative actions:
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2016, Oracle and/or its affiliatesฺ
fe r a
Checked > Keep target-specific settings
—
t r a ns
• When editing a monitoring template in a collection:
n on-
– Message about affected template collections s a /targets
a
hhomeidpage e ฺ
• Reviewing Administration Group z ) u
o o ฺd t G
r e d
u d en
@ oo s St
r a ni © 2015,
e hi and/or its affiliates. All rights reserved.
tOracle
eb o us
Copyright
d j t
i z (a
When A
i z joins an administration group, it is synchronized with the applicable template.
a target
n
a management tasks have the potential to undermine this synchronization. Cloud
brSome
Dje Control tries to prevent such actions by:
• Not allowing ad hoc template apply operations on administration groups or targets that
are part of administration groups. (Because a target is part of an administration group,
its management and monitoring settings are managed by the template collection
mechanism as opposed to someone creating a template and applying it.)
• Preventing the deletion of a template that is part of a template collection
• While editing a target’s metric settings:
- A warning message is shown (but you can override settings for a specific target)
- If target-specific metric setting is changed without “Prevent template override”
check box, the target will be scheduled for synchronization.
- If the “Prevent template override” check box is enabled for a metric setting (even
if this setting is part of a template collection in an administrative hierarchy), your
target-specific metrics are kept and not overridden.
• While editing a monitoring template that is used in a template collection: Cloud Control
displays a message about affected template collections and targets.
Review the Synchronization section on the Administration Group home page to know
whether targets and templates are synchronized or not.
n on
Administration Yes Yes Yes s a At MOST Yes, always
Groups
h a done e ฺ
)
dz t Gu i
o ฺ
r e do den
o o S tu
a n i@ this
e b r © s2015,
Copyright e Oracle and/or its affiliates. All rights reserved.
dj to u
z ( a
A zi of groups properties are shown in the slide.
A summary
i
an
brNote
Dje • The Administration Groups were designed and must be used for automatic-apply of
monitoring templates.
• A target can belong to at most one Administration Group.
dj to u
z (a
Answer: z
Ae i
n i
bra
Dje
dj to u
z(a
A z i
ani
e b r
Dj
dj to u
i z (a
n i Az
Demonstration relevant for this lesson:
bra• Administration Groups and Template Collections (in two parts): Shows you how
Dje to create administration groups, how to create template collections, and how to
associate them with each other
D j e
ra b
n i A
zzi
(ad
j e
a n
to
o
br use
o r e
i@ this S
o ฺ
tu
)
do den
h
dz t Gui
a
as deฺ
n no
- t r an
s
fe r a bl
elic e n s
e
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2016, Oracle and/or its affiliatesฺ
n se
lic e
ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
Copyright e Oracle and/or its affiliates. All rights reserved.
j u
z (ad to
i A zi
ran
j e b
D
Objectives
Why would you use Systems and Services? Which goals can
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2016, Oracle and/or its affiliatesฺ
you achieve?
• Simplify management and monitoring tasks.
• Manage targets as one unit.
• Measure performance and availability as one unit
• Report on service-level agreements
n se
lic e
ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
Copyright e Oracle and/or its affiliates. All rights reserved.
j u
z (ad to
A zi
System and services are logical grouping of entities that provide a special function or form a
i
ran
particular application. Similar to groups, the benefits of using systems and services include:
j e b simplified management and monitoring, ability to measure performance and service
D availability levels as a single unit, as well as being able to create customized reports based
on service-level agreements.
d j t
i z (a
n i Azis a target and a collection of components, such as hosts, databases, listeners,
A system
a application servers that serve your applications or services. Targets in a system have a
brand
Dje relationship with each other called “association.” An example: you can create a system to
run your enterprise resource planning (ERP) application and include the host, listener,
database, and the application server that run the ERP application. A system has all the
features of groups and more. The application that runs on this system is modeled as
another type of target called a service. To monitor an email application in Cloud Control, you
first create a system, such as Mail System, that consists of the database, listener,
application server, and host targets on which the email application runs. Then you create a
service target to represent the email application, and specify that it runs on the Mail System
target.
Out-of-the-box systems are provided for Oracle applications such as Siebel, PeopleSoft,
and eBusiness Suite. In addition, systems are provided as for database targets that include
the database, listener, host, and Automatic Storage Management components for that
database so that you can manage the components collectively.
This is the first page that you use to define a generic system.
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2016, Oracle and/or its affiliatesฺ
Availability status
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2016, Oracle and/or its affiliatesฺ
Members
n se
status
lic e
bl e
fe r a
an s
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
Copyright e Oracle and/or its affiliates. All rights reserved.
j u
z (ad to
A zi
The home page for a specific system enables you to quickly view the overall availability and
i
ran
health of the system with drilldown to obtain further details. The rolled-up numbers include
j e b incidents, job execution status, compliance summary for all members, including those in
D nested systems.
Use the System Home page to:
• View a summary status of the targets within the system
• View an overview of issues (incidents and problems)
• View compliance information
• View job information for jobs within the last seven days
• View information on blackouts and create blackouts
• View configuration and relationship changes within the last seven days
• View information about dependent targets
• View information about services, including their status
You can drill down from most sections for more detailed information.
dj to u
i z (a
n i Az
The screenshot in the slide shows the Generic System drop-down menu that is available on
b r a home page of a selected system. As described in the slide, there are a number of
the
Dj e administrative actions that can be accessed from this menu.
dz t Gui
member.
o ฺ
r e do den
o o S tu
a n i@ this
e b r © s2015,
Copyright e Oracle and/or its affiliates. All rights reserved.
j u
z (ad to
A zi
Use the System Topology page to:
i
ran
• View the targets of the systems and the associations between them
j e b
D • View the status of the targets in your system and the overall status of the system
• Drill down to detail pages for targets on their incidents
The System Topology page provides a graphical representation of the components of your
systems as modeled in Cloud Control. This page shows all targets, represented as icons, as
well as associations between them, represented as links between targets.
The status indicators enable you to quickly assess which targets are down or have open
incidents. The screenshot shows a black icon for a fatal incident. By clicking on any of the
targets, you can see additional information about the status of the member.
The Topology page is used to identify the dependencies between the service and the
system on which it runs. From the View drop-down list, you can select services to review
which services depend on this system. The page shows the relationship between the
service and its dependencies on service tests, key components, and so on. It also displays
an overall view of the status of all the dependent subservices and key components as
already discussed for systems. You can also use this page to perform Root Cause Analysis
(discussed later in the lesson).
Service Description
Availability
Service Tests Availability of the service is defined in terms of availability
of the service test(s) or successful execution of the test(s).
A service is considered available if the key tests can be n se
executed successfully by one or more key beacons. lic e
ble
System Availability of the service is based on the underlying
fe r a
system that hosts the service. n s
n - tra
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
Copyright e Oracle and/or its affiliates. All rights reserved.
dj to u
i z (a
n i Az of a service indicates whether the service is available to the end users at any
Availability
a point in time. You can define the availability of a service based on two criteria:
brgiven
Dje • Service test: The availability is based on the successful execution of one or more
service tests (or transactions) by at least one “key” beacon. Service availability can be
based on all key tests being successful or one key test being successful.
Note: You will learn more about beacons later in this lesson.
• System: The availability is determined by the status of one or more selected key
components of the system. You can specify if service availability should be based on
the availability of all key components or at least one key component.
d j t
z (a
A zi
A service can have one or more tests associated with it. The tests are used to monitor the
i
ran
service, and to determine the service availability and performance. Beacons are defined and
j e b are used to execute the service tests at different geographical locations. The service test is
D considered available if any of the designated key beacons can execute the service test
successfully.
When you create a service, you can specify one or more tests, each of a specific test type
(as shown in the screenshot in the slide). Availability is based on one or all service tests.
n se
lic e
ble
fe r a
ans
n - t r
a noSiebel Call Center service
) h as deฺ
o ฺ dz t Gui
Can make and receive calls Cannot
r e domake dorereceive
n calls
oo s St u
@
ni © 2015, hi and/or its affiliates. All rights reserved.
tOracle
r a e
eb o us
Copyright
d j t
i z (a
n i Azis used to execute service tests including web transactions.
A beacon
a
brBeacons are typically installed at geographical locations that are representative of where
Dje your key user communities are located. For example, if your service is a call center service
and your key users are located in New York and San Francisco, you would install an agent
in New York and San Francisco. Then you can enable the beacon functionality within these
agents and run service tests for making or receiving calls from your beacon locations. If
either of the New York or San Francisco beacon is able to make or receive calls, the call
center service can be termed as “available.”
n se
lic e
ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
Copyright e Oracle and/or its affiliates. All rights reserved.
j u
z (ad to
A zi
Service home pages differ slightly depending on the type of the service.
i
n
a aggregated service has the following subtabs:
rAn
j e b
D • Charts: Use this page to view charts containing historical data for all performance and
usage metrics.
• Topology: Use this page to view the relationship between the service and its
dependencies, including other services, and system key components.
A generic service includes additional tabs:
• Test Performance: This page shows the historical and current performance of the
service tests as measured from each of the beacons.
• System: Use this page to view the underlying system and the key components that
host this service.
• Monitoring Configuration: Use this page to configure the service.
components. o ฺ dz t Gui
status of all the dependent subservices and key
r e do den
o o S tu
a n i@ this
e b r © s2015,
Copyright e Oracle and/or its affiliates. All rights reserved.
j u
z (ad to
A zi
The following pages are accessible from the service home page:
i
ran
• Charts: You can view performance and usage graphs on this page.
j e b
D • Test Performance: You can monitor the performance of your service tests by
accessing the Test Performance page. This page displays the historical performance
data of your service tests. On this page, you can view the performance trends for a
single test as executed from one or more beacons in a single graph. This enables you
to compare response times from different beacons for the same metric.
• System: From this page you can access the associated system page and topology.
This page also includes a display of the service components, status, and incident
information.
• Monitoring Configuration: You can use this page to configure the service. You can
navigate to the following tasks and pages from this page. From this page, you can
define the availability of the service, define performance and usage metrics, add
additional service tests or edit existing ones, and configure root cause analysis for the
service.
• Topology: This page displays the configuration topology.
n se
lic e
ble
fe r a
an s
n - t r
a no
) h asincident
Icons indicate the type of
d e ฺ
dz t Gu i for the component.
o ฺ
r e do den
o o S tu
a n i@ this
e b r © s2015,
Copyright e Oracle and/or its affiliates. All rights reserved.
j u
z (ad to
A zi
The Service Topology page enables you to view the relationship between the service and its
i
ran
dependent components. On this page you can view the cause of service failure as identified
j e b by Root Cause Analysis. Icons indicate incidents for targets. Detailed information on each
D component is available by clicking the appropriate icon. Links between components enable
you to view additional information on the cause of any service failure.
z (ad to
A zi
Services are used to model business functions or applications within your enterprise and
i
ran
provide an accurate measure of the availability, performance, and usage of the function or
j e b application they are modeling.
D
For each service, you can define a service-level rule. A service-level rule defines the
assessment criteria used to measure service quality. It enables you to specify availability
and performance criteria that your service must meet during business hours, as defined in
your service-level agreement. For example, an email service must be 99.99% available
between 8 AM and 8 PM, Monday through Friday.
You can define only one service-level rule for each service. This service-level rule will be
used to evaluate the actual service level over a time period and compare the actual service
level against the expected service level.
You can view service-level information directly from the Cloud Control console or as a
generated report. From any service home page, you can click the Actual Service Level link
to drill down to the Service Level Details page. This page displays what actual service level
is achieved by the service over the last 24 hours, 7 days, or 31 days, compared to the
expected service level.
Any super administrator, owner of the service, or Cloud Control administrator with the
OPERATOR target privilege can define or update the service-level rule.
n se
lic e
ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
Copyright e Oracle and/or its affiliates. All rights reserved.
j u
z (ad to
A zi
You can view service-level details from the Services Dashboard. Enterprise Manager’s
i
ran
reporting framework, Information Publisher, supplies the Services Dashboard as one of the
j e b out-of-box report definitions.
D
Access the Services Dashboard as follows: Enterprise > Reports > Information Publisher
Reports > Monitoring > Dashboards. Specify the service target type and select the
specific service for which you want to view the Services Dashboard. Specifically, for the EM
Services report you can navigate to Enterprise > Reports > Information Publisher
Reports > Enterprise Manager Health > EM Services Dashboard.
dj to u
i z (a
The RCA
n i Azfeature provides you with the ability to analyze service failures, filtering the
b r a
availability, performance, and configuration data of the system components used by the
Dj e affected service.
RCA provides administrators with a focused assessment of service problems and allows
them to quickly identify the cause and corrective action for the problem. You can use RCA
to identify problems in complex aggregate services, including component failure.
RCA processing is triggered by the occurrence of a service failure event. RCA monitors the
status of a service and any defined component tests. The component test tests an aspect of
a key component on which the service depends. Add a component test by choosing a metric
and setting a threshold on a metric key. When RCA runs, it evaluates the status of key
component and component tests, and reports violations as possible root causes. RCA also
provides the ability to include the details associated with the analysis with notifications sent
for service failure alerts.
Note: By default, RCA is configured to run automatically whenever a service fails.
You can view the RCA feature by using the service topology viewer that enables you to see
a graphical representation of the service and its relationship to other services, systems, and
infrastructure components, with the causes identified by RCA highlighted in the display. The
Incident Manager also provides access to the RCA topology.
system components.
a. True
b. False
n se
lic e
ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
Copyright e Oracle and/or its affiliates. All rights reserved.
j u
iz (ad to
Aza
Answer:
i
b r an
Dj e
n se
lic e
ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
Copyright e Oracle and/or its affiliates. All rights reserved.
j u
iz (ad to
Aza
Answer:
i
b r an
Dj e
D j e
ra b
n i A
zzi
(ad
j e
a n
to
o
br use
o r e
i@ this S
o ฺ
tu
)
do den
h
dz t Gui
a
as deฺ
n no
- t r an
s
fe r a bl
elic e n s
e
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2016, Oracle and/or its affiliatesฺ
n se
lic e
ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
Copyright e Oracle and/or its affiliates. All rights reserved.
j u
z (ad to
i A zi
ran
j e b
D
Objectives
dj to u
z(a
A z i
ani
e b r
Dj
dj to u
z ( a
A
A job is
i
azunit of work that you define and schedule to automate commonly performed tasks.
i
an Control includes a job system that enables you to create, edit, and manage jobs.
brCloud
Dje Jobs enable you to automate many administrative tasks, such as backups, cloning, and
patching. There are predefined jobs for some tasks. This eliminates the potential for human
error due to manual routine maintenance activities and enables administrators to manage
their environment more efficiently.
Jobs are defined by their names, descriptions, owners, parameters, targets, schedules, and
the steps to be performed. Jobs can be executed immediately, at a later date or time, or
repeatedly on a schedule that you define.
The Cloud Control job scheduler is different from the scheduling functionality within the
database and the two are not dependent on each other in any way. The agents perform
actions against managed targets, including running jobs. Some jobs may be run by the
OMS, for example to refresh the catalog of software updates via Self-Update, if configured.
You can define a grace period, which is a period of time that defines the maximum
permissible delay when attempting to execute a scheduled job. If the job system cannot
start the execution within a time period equal to the scheduled time + grace period, it will set
the job status to Skipped.
It is recommended that most jobs be created by a predefined Administrator. Limit the Super
Administrator accounts only to defining the most critical jobs.
d j t
i z (a
n i Az slide lists core concepts and your tasks in connection with jobs.
This overview
bra• Jobs are defined on the previous page. You can use them ad hoc or from the Job
Dje Library in Cloud Control. A job can have multiple runs.
• A job run is a run of a specific job on its scheduled start date. Recurring jobs will have
one job run per scheduled occurrence.
• Most jobs typically execute their job logic in parallel against multiple targets. For such
jobs, each job run consists of multiple job executions, one job execution per target.
• A job step is an executable unit within a job.
dj to u
i z (a
There A
i z two pages within Cloud Control that support the creation of custom jobs:
are
n
bra• Job Activity page: This is the hub of the job system within Cloud Control. From this
Dje page, you can create new custom jobs as well as manage existing jobs. For new jobs,
there is a drop-down list from which you can choose the type of job (for example, OS
Command or SQL Script). If you are looking for an existing job run or execution, there
is a search mechanism that enables you to easily find the job you are looking for. By
default, the job history for the last 24 hours is displayed. The search can be restricted
to search by name, owner, status, scheduled start, job type, target type, and target
name. After you find the job you want, you can choose to view, edit, create like,
suspend, resume, stop, or delete that job run or execution.
• Job Library page: If a particular job is going to be used over and over again, you may
want to save that job into the Job Library. This enables you to reference this job
whenever required, as well as grant other administrators access to it. The job library
stores the basic definition of jobs that can be customized to run against specific
targets, or they can be stored with the specific target information.
For all jobs you can specify email notifications, depending on the job status, as shown in the
slide. In addition, more advanced options can be enabled, such as generating events for
job status or creating corrective actions.
n se
lic e
ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
Copyright e Oracle and/or its affiliates. All rights reserved.
j u
z (ad to
A zi
From the Enterprise > Job > Activity menu, select the type of job you want from the drop-
i
ran
down list, and then click Go. Depending on the type of job you select, a page to enter further
j e b details about the job is displayed. For each job, you must specify a name and which targets
D to perform the job on. For most jobs, there are links to enable you to enter the desired
parameters, choose the appropriate credentials, determine a schedule, and grant access to
the job to other users.
For the Clone Home and Patch jobs, this information is entered in a step-by-step process.
The job details are stored in the repository, whereas the reference scripts, such as shell and
Perl scripts are stored on the hosts. For a more detailed description of the different job
types, refer to the Cloud Control Online Help pages.
Before you start creating your job, the best practice is to ensure that all preferred credentials
are set and that you have the correct security access to the targets you are creating the job
for. For example, if you want to create a job to shut down a database, you need at least
OPERATOR privileges, as well as the ability to log in as SYSDBA on that database.
Note that the list of job types is different on the Job Activity page and on the Job Library
page.
Multi-task jobs:
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2016, Oracle and/or its affiliatesฺ
dj to u
z ( a
A zi job is a complex job made up of one or more distinct tasks. It can run against
A multi-task
i
an of the same or different types.
brtargets
Dje You can create a multi-task job consisting of two tasks, each a different job type and each
operating on two separate (and different) target types.
Examples:
• Task 1 (OS Command job type) performs an operation on Server A.
• If Task 1 is successful, run Task 2 (SQL Script job type) against both Database 1 and
Database 2.
• If Task 1 fails, it can be set to run a failure job.
This multi-task functionality makes it easy to create extremely complex operations.
To create a multi-task job from the Jobs Activity page, select Multi-Task from the Create Job
drop-down list. Just as in single-task jobs, you must give the job a name. The next step is to
decide whether you want the job to run against the same targets for all tasks, or different
targets for different tasks. Because each task of a multi-task job can be considered a
complete job, when selecting “Same targets for all tasks,” you add all targets against which
the job is to run from the General tabbed page. If you select “Different targets for different
tasks,” you specify the targets (and required credentials) the tasks will run against as you
define each task.
n se
lic e
ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
Copyright e Oracle and/or its affiliates. All rights reserved.
j u
z (ad to
A zi
After entering the information on the General tabbed page, move to the Tasks tabbed page
i
ran
and enter the tasks accordingly. The tasks entered are run in sequence. If you choose to
j e b have your job run against different targets for different tasks, you have to enter the target
D information for the tasks also. If you choose the option to run the job against the same
targets for all tasks, it uses the target information entered on the General tabbed page.
If you have at least two tasks entered, you can set the Condition and Depends On options.
Task conditions define states in which the task will be executed. These condition options
include:
• Always: Task is executed each time the job is run.
• On Success: Task execution Depends On the successful execution of another task.
• On Failure: Task execution Depends On the execution failure of another task.
You can also create an initialization error handler task. This task executes if any task of the
multi-task job (except Always tasks) causes an initialization error. The initialization error
handler task does not affect the job execution status.
The remaining information, such as schedule and access information, is similar to that of
simple jobs.
1 Backup
Job Execution
Success
• Scheduled Executions
Job run
• Running Succeeded
• Suspended 2 Succeeded
resume it
• Resuming a job: Restarts the execution of a job with the
next step (after fixing problems at a previous step)
• Stopping a job: Stops the execution altogether
• Deleting a job: se
e n
– Removes a current job from the system, including the job
le lic
history a b
– Cancels all future executions of the job s f er
- t r an
– Repeating jobs: removes all job executionon information for
n
a executions
completed jobs, but does not affectsfuture
h a d e ฺ
d )
– Scheduled jobs: cancels scheduled
z Gu i
executions for the future,
oo ฺ
but does not delete executions t have already run
nthat
ed tude
o
o sS r
i @
n © 2015, hi and/or its affiliates. All rights reserved.
tOracle
r a e
eb o us
Copyright
d j t
z (a
A zi
If you are the owner of a job, or have been given appropriate privileges on that job, you can
i
ran
control it by using the Job Activity page. Depending on the type of job, you can choose to
j e b suspend, resume, stop, or delete a job.
D • Suspending a job changes its status to “Suspended by User” (unless it is currently
running, in which case it becomes “Suspend Pending” until the running step finishes).
If there are no more steps to be run, the status becomes “Succeeded,” “Failed,” or
“Error,” depending on the situation. If there are other steps, the job suspends and
stays in that state until you explicitly resume the job.
• Resuming a job restarts the execution of a job with the next step after fixing problems
at a previous step. As stated, the job suspends after fixing a problem at step level and
remains in the “Suspended” state until you click Resume. The job then starts
executing at the step that would have otherwise run next.
• Stopping a job stops it, so it never runs again. Its status changes to “Stop Pending”
until the currently running steps complete. If there are no more steps to be run, the
status becomes “Succeeded,” “Failed,” or “Failed Initialization,” depending on the
status of the last step. If there are other steps, the job status becomes “Stopped.”
execution. Users may choose a job and select the option to delete all runs to
remove all executions of that job.
- For completed jobs, deleting a job removes all job information for that execution,
but does not affect future executions.
- For scheduled jobs, deleting a job cancels all executions scheduled for the
future, but does not delete executions that have already run.
n se
lic e
ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
j e br use
z (ad to
i A zi
ran
j e b
D
Group
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2016, Oracle and/or its affiliatesฺ
Create jobs
against a group
Job Run
n se
lic e
ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
Copyright e Oracle and/or its affiliates. All rights reserved.
j u
z (ad to
A zi
In addition to submitting jobs to individual targets, you can submit jobs against a group of
i
ran
targets. Any job that you submit to a group is automatically extended to all its member
j e b targets and takes into account the membership of the group as it changes. For example, if a
D Human Resources job is submitted to the Payroll group, and if a new host is added to this
group, the host automatically becomes part of the Human Resources job. In addition, if the
Payroll group is composed of diverse targets—for example, databases, hosts, and
application servers—the job runs against only applicable targets in the group. The same
applies if you run an OS command against a group that consists of different operating
systems—it fails only on the OS that the command does not make sense for.
dj to u
z ( a
A zi
All administrators
i can create jobs, but for certain operations on existing jobs, privileges are
a n
brrequired. The table in the slide shows the possible operations for each access level (view,
Dje full, owner, and super administrator).
Super administrators can grant view access rights to regular Cloud Control administrators,
as well as revoke full or view access rights. These privileges can be granted when you
create a job and when you add a job to the Job Library.
Some additional notes:
• Create Like: The original job credentials are only copied if you are the job owner.
• The Retry operation is not available for super administrators.
• Purge job policies can only be set via the command line.
a. Job Library
b. Job Activity
c. Both of the above
n se
lic e
ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
Copyright e Oracle and/or its affiliates. All rights reserved.
j u
iz (ad to
Aza
Answer:
i
b r an
Dj e
a. True
b. False
n se
lic e
ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
Copyright e Oracle and/or its affiliates. All rights reserved.
j u
iz (ad to
Azb
Answer:
i
b r an
Dj e
dj to u
z(a
A z i
ani
e b r
Dj
D j e
ra b
n i A
zzi
(ad
j e
a n
to
o
br use
o r e
i@ this S
o ฺ
tu
)
do den
h
dz t Gui
a
as deฺ
n no
- t r an
s
fe r a bl
elic e n s
e
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2016, Oracle and/or its affiliatesฺ
Managing Incidents
n se
lic e
ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
Copyright e Oracle and/or its affiliates. All rights reserved.
j u
z (ad to
i A zi
ran
j e b
D
Objectives
efficiently
• Manage fewer, meaningful incidents:
– By business priority
– Across their life cycle
• Centralized incident console e
e n s
– Identify, resolve, and eliminate root causes of disruptions
le lic
– Integrate Oracle expertise to accelerate incident and problema b
diagnosis and resolution s f er
- t r an
on escalate,
– Assign, acknowledge, prioritize, track status,
n
suppress sa h a deฺ
)
dz t Gui
o ฺ
r e do den
o o S tu
a n i@ this
e b r © s2015,
Copyright e Oracle and/or its affiliates. All rights reserved.
dj to u
i z (a
• Azgoal of incident management is to enable you to monitor and resolve service
The
ni disruptions that may be occurring in their data center as quickly and efficiently as
r a
Dj eb possible. Instead of managing the numerous discrete events that may be raised as the
result of any of these service disruptions, you manage a smaller number of more
meaningful incidents, and to manage them based on business priority across the life
cycle of those incidents.
• Enterprise Manager provides a centralized incident console called Incident Manager
that will enable you to track, diagnose, and resolve these incidents, as well as provide
features to help eliminate the root causes of recurrent incidents.
• Incident Manager includes features to tie in to Oracle expertise via relevant My Oracle
Support knowledge base articles and documentation to enable administrators to
accelerate the process of diagnosing and resolving incidents and problems.
• Incident Manager offers the ability to do lifecycle operations for incidents, so you can
assign ownership of an incident to a specific user, acknowledge an incident, set
priority for an incident, track an incident’s status, escalate an incident or suppress it so
that you can defer it to a later time. You can also raise notifications on an incident or
open a helpdesk ticket via the helpdesk connectors.
Incident:
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2016, Oracle and/or its affiliatesฺ
) h as EVENTS d e ฺ
dz t Gu i
o ฺ
r e do den
o o S tu
a n i@ this
e b r © s2015,
Copyright e Oracle and/or its affiliates. All rights reserved.
j u
z (ad to
A zi
Enterprise Manager monitors the software stack from applications, databases to hosts and
i
ran
the operating system. When Enterprise Manager detects issues in any of this infrastructure,
j e b it raises events. Events (as shown in the graphic) include the following:
D 1. Metric alerts are raised when a metric crosses its threshold (for example, CPU
utilization or tablespace usage alerts).
2. A job status change event is raised, for example, when a job fails.
3. When there is a violation of a compliance standard, you can initiate a compliance
standard violation event being raised.
4. Target availability is the event raised when a target is down or an agent is
unreachable.
5. Other events, such as, SLA alerts, and user-reported events
Across all these events, you want to determine which ones are significant and which ones
can be combined because they refer to the same underlying issue, so that you manage a
smaller number of significant incidents. (This is shown in the graphic by multiple arrows
leading from events to fewer incidents above.)
An incident is a significant event (such as a target being down) or a combination of events
that all relate to the same issue (for example, running out of space can be detected as
separate events raised from the database, host, and storage targets).
Owner: Scott
Manage Status: Work in Progress
Incident Severity: Fatal
and Track
Priority: High
Resolution Comment: I’m working on it
Owner: SAM
HELPDESK
Manage and Status: New
Track Incident Severity: Critical
Summary: Machine Load is high
Resolution Ticket : 12345 (Assigned) n se
lic e
ble
Details of …
fe r a
[Metric Alert Event Event ans
event] n - t r
a no
MEMORY Util is 85% on host1 CPU Util isa
h 99%s on host1 e ฺ
Time: 3-10-11, 11:54 am Time: )
dz Critical
3-10-11, u i
12:03d pm
Severity: Warning o ฺ
Severity: t G
r e do den
o o S tu
a n i@ this
e b r © s2015,
Copyright e Oracle and/or its affiliates. All rights reserved.
dj to u
z ( a
A zi shows an example of an incident (blue top rectangle) that contains two events
The graphic
i
b r anthe green bottom rectangle).
(in
Dj e The events are related and point to the same underlying cause. They are two metric alert
events on a host target—a memory utilization metric alert event and a CPU utilization metric
alert event because the host experiences a heavy load. In the example, you see a warning
severity memory utilization metric alert event, and a short time later a critical severity CPU
utilization metric alert event.
An incident (blue rectangle) is created to manage and track its resolution. Attributes in the
example include: Owner, Status, Severity, Summary, and optionally, Ticket.
• Enterprise Manager automatically assigns the incident severity, based on the worst
case event severity of all the events contained in the incident (in this example,
Critical).
• The incident has a summary, which is a short description of the incident. The
individual events indicate that the machine load is high. You can write your own
summary or let it default to the message of the last event in the incident.
• If you are using one of the helpdesk connectors to interface to a helpdesk system, an
incident can result in a helpdesk ticket. Within Enterprise Manager, you can track both
the ticket number and the status of that particular ticket.
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
Copyright e Oracle and/or its affiliates. All rights reserved.
j u
z (ad to
A zi
The underlying root cause of one or more incidents can also be an Oracle software problem,
i
ran
a critical error detected in the Oracle software. In the case of the Oracle Database software,
j e b diagnostic data for an error is stored in a file-based repository outside the database, the
D Automatic Diagnostic Repository (ADR), where it can later be retrieved by incident number
and analyzed. An incident recorded in the ADR is also recorded as an incident in Enterprise
Manager and presented in the console. To resolve the root cause of these ADR incidents,
Enterprise Manager automatically creates a problem object and associates the related
diagnostic incidents to this problem. You can then use the problem object to resolve the root
cause of these diagnostic incidents. This is typically done by using Support Workbench to
open a support request with MyOracle Support and possibly receiving a patch for the
problem.
Starting with Cloud Control 12.1.0.3, you can view Root Cause Analysis (RCA) on Target
Down events (Target Availability type of events). This is automatically performed by the
incident management framework to determine whether a target down event is a root cause
or a symptom.
• Automatic functionality:
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2016, Oracle and/or its affiliatesฺ
Owner: MARY
Manage and Status: New
Track Incident Severity: Critical
Resolution Summary: Problem: ORA-600…
n se
SR Number : ####
lic e
ble
fe r a
ADR ans
error
Problem Problem
n - t r
a no
) h as deonฺDB1
ORA-600[ktcrcm…] on DB1 ORA-600[ktcrcm…]
dz 3-12-11, i am
u8:03
Time: 3-12-11, 7:03 am
o ฺ
Time: G
Severity: Critical
e d o Severity:
d e ntCritical
o or Stu
a n i@ this
e b r © s2015,
Copyright e Oracle and/or its affiliates. All rights reserved.
dj to u
z ( a
A zi shows an example of one incident (blue rectangle) created for two problems (in
The graphic
i
b r angreen rectangle).
the
Dj e Two ADR errors occurred in the example with two ORA-600 errors in the DB1 database.
Both of these incidents are of critical severity. Enterprise Manager automatically creates a
problem object containing those incidents. Within the Incident Manager user interface, you
can link to the Support Workbench to open a service request (SR) for My Oracle Support
(MOS), which you can then track from Incident Manager.
n se
lic e
4 ble
fe r a
3 an s
n - t r
a no 5
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
Copyright e Oracle and/or its affiliates. All rights reserved.
j u
z (ad to
A zi
This is a screenshot of the Incident Manager.
i
ran
1. On the left side are views that allow you to look at specific incidents of interest.
j e b Several views (created by default “out-of-box”) are for the most common tasks (for
D example, there is a view for all open incidents and problems of the currently logged in
user). You can also create your own custom views.
2. When a particular view is selected (by default, My open incidents and problems), the
user interface filters by that view. See the incident list on the top right of the page.
3. When you select a particular incident, the details are displayed in the bottom section.
4. Next to it is the section to manage the incident workflow. You can add comments,
assign ownership, and so on.
5. In the bottom-right portion of the page are links to the guided diagnostics and
resolution area to assist you in resolving the issue. Additionally, you can click My
Oracle Support Knowledge, which provides in-context access to Oracle expertise via
support notes and Oracle documentation.
dj to u
i z (a
Using AthezGeneral tab on the Details section of the Incident Manager page, you can perform
n i
a following tasks:
brthe
Dje • Update the status of an incident or problem: Click Manage and change Status
field.
• Identify owner working on an incident or problem: Click Manage and add name of
owner in the Owner field.
• Change priority of an incident or problem: Click Manage and change the Priority
field.
• Escalate an incident or problem: Click Manage and choose appropriate Escalation.
• Add comments: Either click Add Comment and type comment or click Manage and
type the Comment.
• Acknowledge an incident or problem: Click Acknowledge.
• Edit summary of an incident or problem: Click More and select Edit Summary.
• Suppress an incident or problem: Click More and select Suppress.
dj to u
i z (a
n i Azrules enable you to manage the automation of business processes relating to
Incident
a
brincidents, problems, and events.
Dje Incident rules can operate on an event, an incident, or a problem.
Some of the common scenarios or use cases for incident rules include creating an incident
based on an event, sending notifications such as email messages or pages as well as
opening helpdesk tickets, or automating incident workflow actions, such as automatically
assigning the owner of an incident or escalating an incident after it has been open for some
time.
dj to u
z ( a
is z
A rule A
i
an instruction to Enterprise Manager on how to automate actions when an event,
i
an or problem occurs. Rules do not operate retroactively, so a rule only operates on
brincident,
Dje events, incidents, or problems that occur after the rule is created.
A rule consists of the selection criteria (to identify the events, incidents, or problems for
which they apply), the conditions (when the rule should be applied, for example, if an
incident priority is changed to P1), and the actions. EM-supported actions include:
notifications, changing of the appropriate resolution management attributes, and ticket
creation.
Examples
1. If the rule criteria is a specific metric alert (for example, CPU utilization or tablespace
percent used crosses a certain threshold of either warning or critical severity), the
intended action is to create an incident.
2. Another rule can operate on incidents that are of either warning or critical severity, and
the action is to send a notification. In this case, there could be an additional condition
that if the rule condition is severity=critical, the action is notify by page, while if the rule
condition is severity=warning, the action is notify by email.
3. Another example of a rule could be for incidents that have been open longer than
seven days, where the rule action is to set the escalation level to 1.
s f er
— Collaborative: multiple co-authors an -tr
– Private n o n
a
— Sending email to yourself
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
Copyright e Oracle and/or its affiliates. All rights reserved.
dj to u
i z (a
setzare rules grouped together to operate on the same object (for example, a target
A rule A
n i
a There are two types of rule sets in Enterprise Manager: an enterprise rule set and a
brgroup).
Dje private rule set.
Use an enterprise rule set to implement your operational practices for events and
incidents. All the previously mentioned actions are possible. Since these are actions that
affect all types of incidents and problems, the EM administrator that creates these rule sets
requires the CREATE ENTERPRISE RULE SET resource privilege. Once an enterprise type
rule set is created, it is visible to all EM users. Further development of that rule set can be
done in a collaborative manner by multiple co-authors (that is, multiple EM users that can
edit a particular rule set).
A private rule set, on the other hand, is designed only to send email notifications to
yourself for events, incidents, and problems of interest. As a result, no special privileges are
required to create a private rule set.
• Notification preferences
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2016, Oracle and/or its affiliatesฺ
– Email
– Schedule
• Setup and tested SMTP Server
– Outgoing email configured
• Setup of recipient se
e n
• Appropriate target privileges
le lic
a b
• fer
Configured connectors, tickets, or advanced notifications
s
- t r an
no n
a
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
Copyright e Oracle and/or its affiliates. All rights reserved.
j u
z (ad to
A zi
Before you use rule sets to send notifications, you must meet the following prerequisites:
i
ran
• Your EM account has notification preferences (email and schedule).
j e b
D • An SMTP Server is setup and the functioning of outgoing email messages is
confirmed.
• You have a subscription to the incident rule or the rule creator made you the recipient
of the notification.
• Your EM account has been granted the appropriate privileges to manage incidents
from the managed target system.
• If you decide to use connectors, tickets, or advanced notifications, they need to be
configured before using them in the actions page.
Note: Setup tasks such as these must be performed by an EM super administrator as part
of the installation and configuration.
dj to u
i z (a
setzenables you to logically combine different rules that relate to the same object into
A rule A
n i
braasingle manageable unit. A common set of objects can be targets, groups (also of
Dje heterogeneous types), or jobs.
Rule sets, as well as the rules within a rule set, are executed in a specific order: either by
default in their creation order or as you specify it.
Predefined rule sets are provided with Enterprise Manager. They automatically create
incidents for what Oracle Corporation believes are meaningful events, as well as automating
event deletion. You can use these out-of-box rule sets as is, but you cannot edit them. It is
recommended to create your own versions by using the Create Like functionality, and
subscribe to this new rules set. The originals can then be disabled.
• General:
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2016, Oracle and/or its affiliatesฺ
creation of an incident):
- If you want to use a ticketing connector in Enterprise Manager, you can define a
rule that creates both the incident and the ticket for the incident.
- Or you can send the events to a third-party management systems by using event
connectors.
- You can also send notifications on events, rather than creating incidents (as you
could in earlier releases). This is recommended for ad hoc usage. n se
lic e
For rules that operate on incidents: Automate operations for the incident workflow, such
ble
r a
as automatically assign owners to incidents, set priority for an incident or set its escalation
fe
s
level, or to send notifications for incidents. You can also create tickets based on incident
an
- t r
conditions, for example, creating a ticket when an incident is escalated to level 2.
n
no
For rules that operate on problems: Automate the management of problem workflows in
a
) h as deฺ
much the same way as with incidents, such as automatically assigning owners to problems,
o ฺ dz t Gui
setting priority for a problem, defining its escalation level, or sending notifications for
problems.
r e do den
o o S tu
a n i@ this
j e br use
z (ad to
i A zi
ran
j e b
D
for incidents.
a. True
b. False
n se
lic e
ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
Copyright e Oracle and/or its affiliates. All rights reserved.
j u
iz (ad to
Aza
Answer:
i
b r an
Dj e
a. True
b. False
n se
lic e
ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
Copyright e Oracle and/or its affiliates. All rights reserved.
j u
iz (ad to
Azb
Answer:
i
b r an
Dj e
• Preparing an incident
• Finding and resolving an incident
n se
lic e
ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
Copyright e Oracle and/or its affiliates. All rights reserved.
j u
z (ad to
A zi
Demonstrations relevant for this lesson include:
i
ran
• Incident Management Overview: Shows you how to access and navigate the
j e b Incident Manager user interface
D
• Creating an Incident Management View: Shows you how to create a customized
view for selected incidents
• Viewing Incident Details: Shows you how to perform incident lifecycle tasks (when
you cooperate with other administrators in a data center)
n se
lic e
ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
Copyright e Oracle and/or its affiliates. All rights reserved.
j u
z (ad to
i A zi
ran
j e b
D
Objectives
• Software provisioning
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2016, Oracle and/or its affiliatesฺ
a n Configure
clone
Applications
h a s e ฺ & activate
Databasedz )
Report
u i d Patch
Middleware
Operating do
o ฺ t G
systemsr e u d en
@ oo s St
r a ni © 2015,
e hi and/or its affiliates. All rights reserved.
tOracle
eb o us
Copyright
d j t
z (a
A zi
As the enterprise grows, as an administrator, you are constantly required to acquire new
i
ran
software and hardware. At the same time, you also need to decommission the old or unused
j e b hardware and software. You are also required to upgrade the existing software and apply
D patches as required.
The provisioning and patching features of Cloud Control automate the deployment of
software, applications, and patches. They make critical data center operations easy,
efficient, and scalable resulting in lower operational risk and cost of ownership.
• Software provisioning allows you to deploy database and middleware software
enterprise wide.
• Software patch management allows you to perform complete end-to-end patch
process.
• Software upgrades can be automated (configured, tested, and deployed) in mass.
• MyOracle Support (MOS) integration allows for automatic updates and facilitates
context-sensitive access to information. (MOS also provides integrated incident
management.)
The modular nature of Cloud Control facilitates performing the lifecycle management tasks,
because you can, for example, update a plug-in without updating the entire EM
infrastructure.
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
j e br use
z (ad to
i A zi
ran
j e b
D
s a
h a d e ฺ
)
dz t Gu i
o ฺ
r e do den
o o S tu
a n i@ this
e b r © s2015,
Copyright e Oracle and/or its affiliates. All rights reserved.
j u
z (ad to
A zi
A short review from the Enterprise Manager Cloud Control Installation and Upgrade
i
a n
course:
j e brThe Software Library has two types of folders: Oracle-owned folders (marked by a lock
D
symbol, shipped with the product by default) and user-owned folders.
The storage type can be an NFS file system that is being shared between OMSs or any file
system that the agents can reach. You can define referenced locations: So, if you have a
centralized location for serving these entities that is separate to the OMS, you can reference
them via HTTP, NFS, and so forth. In this case, the OMS stores the metadata about where
this referenced location is, and the software bits are stored externally.
If you have multiple OMSs (for High Availability) in your enterprise, create the software
library in a location that can be accessed by all OMSs.
Super Administrators, who have by default complete privileges on all entities present in
Software Library, create the additional administrators as they see fit for their enterprise.
Fine-grained access privileges can be defined by the owners of entities or the Super
Administrator.
• Component or entity:
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2016, Oracle and/or its affiliatesฺ
access
• Designer: Creates provisioning workflow and its
procedures
– Give the EM_ALL_DESIGNER role
– Restrict access with the EM_PROVISIONING_DESIGNER
role only n se
lic e
• Operator: Views and uses published procedures ble
fe r a
– Give the EM_ALL_OPERATOR role ns
t r a
on-
– Restrict access with the EM_PROVISIONING_OPERATOR
n
role only a
• h
May require other roles and privileges,
) d e
depending
as
on the
ฺ
d z u i
ฺ G
doo ent
type of target being provisioned
o ore Stud
a n i@ this
e b r © s2015,
Copyright e Oracle and/or its affiliates. All rights reserved.
j u
z (ad to
A zi
To manage the software provisioning, a Super Administrator may create Provisioning
i
ran
Designers and/or Operators. The EM_ALL_DESIGNER role includes
j e b EM_PROVISIONING_DESIGNER for provisioning tasks, or you can specifically set up an
D administrator with only the EM_PROVISIONING_DESIGNER role.
The EM_ALL_OPERATOR role includes EM_PROVISIONING_OPERATOR for provisioning
tasks, or you can specifically set up an administrator with only the
EM_PROVISIONING_OPERATOR role. Depending on the type of provisioning tasks, other
roles and privileges may be required. For example, the Operator Any Target privilege
is required for Designers or Operators performing Database provisioning.
After
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2016, Oracle and/or its affiliatesฺ
Before
Discovered Provisioned with
in Cloud Control a gold image
n se
lic e
ble
fe r a
ans
n - t r
Server inserted
in rack and powered a no
on (PXE boot) ) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
Copyright e Oracle and/or its affiliates. All rights reserved.
j u
z (ad to
A zi
The Bare Metal Provisioning application provides server lifecycle management capabilities
i
ran
that enable you to build, manage, and optimize the server infrastructure. The application
j e b provides an automated, repeatable, and reliable solution that:
D • Automates the deployment of consistent, certified Linux operating system images
along with other software on a large number of servers
• Leads to faster, unattended deployment of software and operating system
• Allows provisioning of middleware, clusterware, and RAC on top of the Linux stack
• Provides a template-based approach for provisioning a variety of Linux configurations
with software on servers. This also ensures compliance to standards and consistency
across all deployments.
• Supports heterogeneous hardware and network configuration
• Automatically discovers bare metal and live target servers for provisioning
• Encodes Oracle-provided best practices for deployment and patching for Oracle
software
• Results in reduction of manual labor that leads to substantial cost savings
The application uses standardized Pre Boot Execution (PXE) environment booting process
for provisioning both bare metal and live servers. It provides a role-based user interface for
creating gold images and initiates automated, unattended installations.
Select Reference DB
Create Profile
Host
Provisioning DB Host
Designer
Use Profile to populate
Procedure Inputs
n se
DB Profile lic
e
a b le
s fer
Lock down inputs
and save Procedure
Publish to
- t r an
Operator
no n
a
Locked
) h as Provisioning
d e ฺ
Procedure
dz t Gu consumes i Operator Best Practice
o ฺ Procedure
r e do den procedure
o
o sS t u
i @
n © 2015, hi and/or its affiliates. All rights reserved.
tOracle
r a e
eb o us
Copyright
d j t
z (a
A zi
The slide depicts the workflow of a database provisioning operation.
i
a the provisioning designer takes a reference database host to create a software image. n
j e brFirst,
D So he creates a profile out of this database host that contains the software and also the
configurations information of this database. The profile prevents from having to repeat the
configuration input for each deployment procedure when some of these inputs are identical.
Then he uses this profile to create a procedure and populates it with new inputs, like
ORACLE_HOME, ORACLE_SID, and other configuration parameters.
The values stored in the procedure can be locked as such so that the operator using the
procedure for deployment is not able to modify it. The designer then saves the procedure as
a locked procedure.
This locked procedure is then published by the designer as a best practice procedure to
operators for deployment.
Deployment Procedure
Host 2
Copy & Extract bits
n se
Discover Database Target Database
lic e
bl e
Clean up
fe r a
an s Host 1
n - t r
a no
) h as deฺ
Create Profile z
o ฺ d t Gui
r e do den Source Database
oo s St u
@
ni © 2015, hi and/or its affiliates. All rights reserved.
tOracle
r a e
eb o us
Copyright
d j t
z (a
A zi
How does it work when you want to use deployment procedures?
i
a the designer creates a profile from a source host, the software image is copied from n
j e brWhen
D the source to the software library.
Then the designer creates a software deployment procedure to use this software image
from the library to deploy it to a target host, providing all the inputs stored in the procedure,
such as installation of the software and also creation of a new database with specific
parameters and other attributes. So not only the software is deployed on the target host, but
also a new database can be created.
Deployment procedures:
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2016, Oracle and/or its affiliatesฺ
• Can be extended
• Are reusable
• Can be duplicated
• Are hot pluggable
e n se
• Can be automated lic
ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
Copyright e Oracle and/or its affiliates. All rights reserved.
j u
z (ad to
A zi
Deployment procedures provide a framework to achieve synergy between Oracle’s best
i
ran
practices and your own methods. Custom scripts can be plugged into deployment
j e b procedures for handling special tasks. The following properties make deployment
D procedures useful:
• Extensible: Deployment procedures use Oracle-recommended best practices and
can be used for any target. Oracle-provided deployment procedures cannot be
modified. However, you can create a copy of the Oracle-provided deployment
procedure and modify it to insert or delete steps and error-handling modes.
• Reusable: Deployment procedures are reusable. The steps of the deployment
procedure can be based against directives that are stored in the software library.
Deployment procedures can also be exported and imported across environments. This
implies that the deployment procedures when developed for a test environment can be
reused for production environment.
• Duplicated: Oracle’s default procedures are locked. They cannot be modified, but
they can be duplicated with the CREATE LIKE functionality.
• Hot pluggable: The Oracle-provided deployment procedures are metadata driven, so
new sets of procedures can be added to the Cloud Control environment without any
additional outage.
n se
lic e
ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
j e br use
z (ad to
i A zi
ran
j e b
D
dz t Gui
associate with the component while uploading to the software library are ignored
o ฺ
while executing the step. Examples for a generic component step include
e do den
applying a patch, validating prerequisites before performing an installation, and
r
o o S tu
installing Oracle software on target machines.
- a n i@ this
Registered Component: The registered component step is a special type of an
j e br use
action step that consists of a job type and a software library component. The
z (ad to
Deployment Procedure Manager invokes the specified job type, which handles
i A zi the staging and installation of the component (for example, cloning Oracle
ran software from the software library to the target machine).
j e b - Host Command: This is a special type of an action step that encapsulates
D simple host commands. This step allows the user to enter a command line or a
script (multiple commands) to be executed on the target host. For example,
starting an agent (emctl start agent) or restarting Oracle Internet Directory
(OID).
You can provide values to various properties associated with a directive or component
through Map Properties. You have three execution privileges: Normal, sudo, and Pluggable
Authentication Modules (PAM) for UNIX platforms. You can choose the appropriate privilege
you want by selecting the privilege from the Execution privilege list in the Execution Mode
section.
dj to u
i z (a
You can
n i Azcustomize deployment procedures to suit your requirements.
a• Insert a custom step to back up the database before patching: A data center is
Dj ebr notified by Cloud Control that its Oracle database installations are affected by Oracle’s
latest Critical Patch Update (CPU). The security administrator studies the impact and
hands it over to the lead DBA who first applies it to his or her test systems. In the
process, the DBA wants to back up the database before applying the patch. The DBA
uses the Create Like feature of the “Patch Oracle Database” Deployment Procedure
and inserts a custom step before the Apply Patch step, associating the script to take a
backup, which he or she has uploaded to the software library. As a result, on the
execution of the deployment procedure, the backup of the database is performed each
time before applying the patch.
• Insert a manual step: XYZ Corporation has a process of ensuring that users are
logged off from their application before the database is shut down. The DBA checks
with key users whether they have indeed logged off before proceeding with the
database shutdown. This can be achieved by introducing a manual step before the
“Stop Database” step. The procedure pauses on the completion of the manual step.
Only when the DBA chooses to continue would the procedure advance.
• Set notification for the deployment procedure run: To receive notifications from
deployment procedures, perform the following steps during design time:
1. Click Create Like.
2. Select the Enable Notification check box, and optionally provide the Notification
Tag Name.
3. Select the statuses for which you would want the notifications to be sent from the
list (for example, Success, Failure, or Action Required).
n se
4. Save the procedure. lic e
ble
5. Select the Send Email option for the standard PAF Status Notification rule from
fe r a
the Notification Rules page under Preferences. Upon running the procedure
ans
n - t r
based on the status selected for notification, the users for whom email addresses
are set up would receive notifications.
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
j e br use
z (ad to
i A zi
ran
j e b
D
o o e Stud
Not connected torMOS
a n i@ this
e b r © s2015,
Copyright e Oracle and/or its affiliates. All rights reserved.
j u
z (ad to
A zi
The patch management functionality of Cloud Control supports patching of various target
i
ran
types such as single instance databases, the Real Application Cluster stack, WebLogic
j e b Server and so on, for specific versions, and are documented in the products release
D information. Patching your managed targets is a critical task that can only be handled by
specific Administrators. Before you begin using this functionality, the Super Administrator
must set up patching administrators and their roles based on their intended job duties. The
Software Library must also be configured as it is the location where patches are
downloaded. Patches can be accessed directly from My Oracle Support (MOS), in which
case Cloud Control is configured as “Online” mode. If your security policies prevent you
from directly accessing MOS, you can configure the MOS connection mode to “Offline”.
In this case, patches information can be downloaded separately on one of your connected
systems and later uploaded to Cloud Control.
dj to u
z ( a
PatchA
i zi are lists of patches you want to apply as a group to one or more targets. Patch
plans
an can include patch sets or one-off patches and they automatically map to a patching
brplans
Dje Deployment Procedure that can complete that task. A patch plan can be analyzed against
your system, or a subset of your targets. At this time, conflicts are identified. If the patch
plans complete the analyze phase and are found deployable, you can save them as Patch
Templates that are target independent and later can be deployed against various other
targets. Undeployable plans can still be used for analysis and manually downloading and
applying patches.
• Patch Designer: Takes a leading role in creating patch plans and patch templates, as
they apply to your organization
• Patch Operator: Has a more restrictive role, typically to only view and submit
patching jobs.
Consider the following when creating the administrators that will be performing patching
tasks:
• The EM_ALL_DESIGNER role includes EM_PATCH_DESIGNER needed for creating patching
n se
tasks, or you can specifically set up an administrator with only the EM_PATCH_DESIGNER role.
lic e
• The EM_ALL_OPERATOR role includes EM_PATCH_OPERATOR needed for viewing and ble
fe r a
submitting patching tasks, or you can specifically set up and administrator with only the
EM_PATCH_OPERATOR role.
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
j e br use
z (ad to
i A zi
ran
j e b
D
• In-place
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2016, Oracle and/or its affiliatesฺ
dj to u
i z (a
Patches
n i Azcan be applied:
bra• In place, which requires downtime during the patch application
Dje • Out-of-place, which allows you to clone your Oracle Home out of place, perform the
patching, and then migrate instances to the new Oracle Home. This method reduces
the downtime requirements for patching. This process also enhances the
recoverability; since the old Oracle Home has not been touched, you can revert to that
in case of issues after patching. This is only available for certain targets.
• Rolling or Parallel, which are applicable to multinode targets such as RAC, WebLogic,
and so on. In a rolling method application each node is patched separately, one by
one, where as a parallel application means all nodes are patched at the same time
requiring downtime for the system.
The method of choice depends on your downtime requirements and what options are made
available by Oracle at patch release time.
The patching process is integrated with My Oracle Support so that you can identify the
recommended patches for your environment. After the patches are applied from Enterprise
Manager, they do not appear in the recommended patches list for the selected target.
HOST
Home.
ORACLE HOME
2. Clone Oracle Home. DB1 DB2
3. Patch cloned Oracle se
n
HOST
Home (no down time). PATCH
lic e
ble
ORACLE HOME ORACLE HOME A
fe r a
t r a ns
4. Switch instances to n-DB1 DB2
no
cloned Oracle Home. a
as deฺ
HOST
) h
5. Apply SQL scripts (if
o ฺ dz t Gui ORACLE HOME A
needed).
e d o ORACLE e n HOME
or Stu d
o
a n i@ this
e b r © s2015,
Copyright e Oracle and/or its affiliates. All rights reserved.
j u
z (ad to
A zi
Out-of-place Database Patching: Example
i
a n
j e brAssuming that you have multiple databases in an Oracle Home, which you need to patch,
D Enterprise Manager does the following:
1. Clones the ORACLE_HOME
2. Patches the cloned home. These operations do not require down time.
3. Switches all databases to the new patched Oracle Home. This requires the database
to be shut down.
4. Applies SQL scripts, if required, such as CPU SQL scripts
This workflow gives you the flexibility for easy recovery because you can revert to the
original ORACLE_HOME and the down time is reduced to the required minimum.
Create Patch
Conflicts Detected?
Apply on n se
Template
Automated Resolution
Test lic e
with My Oracle Support
Systembl e
fe r a
t r a ns
• Creates patch plans
from templates
n- • Completes
no
a Patch Rollouts
Patching • Associates
h s
a deฺ • Refreshes Plan
production targets )
dz t GuPatch i Plan with new Target
Operators
o o ฺ
e dProduction
d n
eTargets
r
oo s St u
@
ni © 2015, hi and/or its affiliates. All rights reserved.
tOracle
r a e
eb o us
Copyright
d j t
i z (a
n i AzPlan Example Using Templates
Patching
a templates can be used to define your patch rollouts.
ebr
Patch
Dj As a patching designer, you identify the patches that need to be applied such as the
quarterly CPU patches recommended by Oracle and the patches recommended by support
analysts for specific service request (SR) resolution.
Then you create a patch plan for the identified patches and associate it with a test target.
Testing detects possible conflicts. You can use the Automated Resolution with My Oracle
Support to solve the issue. When the testing is complete, you create a patch template from
the patch plan. This patch template is published to the patching operators.
The patching operators can create patch plans from templates and associate these patch
plans to production targets and perform regular rollouts.
n se
lic e
ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
Copyright e Oracle and/or its affiliates. All rights reserved.
j u
iz (ad to
Aza
Answer:
i
b r an
Dj e
n se
lic e
ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
Copyright e Oracle and/or its affiliates. All rights reserved.
j u
iz (ad to
Aza
Answer:
i
b r an
Dj e
D j e
ra b
n i A
zzi
(ad
j e
a n
to
o
br use
o r e
i@ this S
o ฺ
tu
)
do den
h
dz t Gui
a
as deฺ
n no
- t r an
s
fe r a bl
elic e n s
e
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2016, Oracle and/or its affiliatesฺ
Managing Configurations
n se
lic e
ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
Copyright e Oracle and/or its affiliates. All rights reserved.
j u
z (ad to
i A zi
ran
j e b
D
Objectives
d j t
z (a
A zi
The IT department is responsible for maintaining the hardware and software configurations
i
ran
across the organization. Cloud Control enables you to automate configuration management
j e b of your enterprise. Using Cloud Control, you can centrally track hardware, software
D installations including patch levels, and software configuration data for software services
and systems that Cloud Control manages. These tasks collectively fall under Configuration
Management.
Target
n se
Agent
lic e
ble
fe r a
Admin Server ans
n - t r
Managed Server
a no
WLS Domain ) h as deฺ
o ฺ dz t Gui
EM Repository OMS do en
r e u d
@ oo s St
r a ni © 2015,
e hi and/or its affiliates. All rights reserved.
tOracle
eb o us
Copyright
d j t
i z (a
Using A
i z Control, you can view, save, track, compare, and search the configuration
Cloud
a n
brinformation saved in the management repository for individual hosts, databases, application
Dje servers, clients, and the entire enterprise.
Cloud Control collects configuration information for all the hosts and the managed targets
on those hosts that have a running management agent. The agent periodically sends the
configuration information to the management repository over HTTP or HTTPS, allowing you
to view up-to-date configuration information for your entire enterprise through Cloud Control.
Using Cloud Control, you can perform the following actions for targets such as hosts,
databases, application servers, and clients:
• View the last collected and saved configuration.
• Save configurations to a configuration file or to the management repository.
• Search collected configuration data.
• View the history of configuration changes.
• Compare configurations.
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
Copyright e Oracle and/or its affiliates. All rights reserved.
j u
z (ad to
A zi
In some cases, you may want to search your enterprise configuration to get answers to
i
ran
specific questions about your enterprise. Enterprise configuration searches query the
j e b enterprise configuration views in the management repository to find configuration
D information that satisfies the specified search criteria.
• Predefined searches:
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2016, Oracle and/or its affiliatesฺ
dj to u
i z (a
Cloud A
i z provides two types of enterprise configuration searches:
Control
a n
brPredefined searches: Although these searches are predefined, you can modify the search
Dje criteria for each search, allowing you the flexibility to create specific search queries. Based
on your search criteria, Cloud Control creates the SQL query that searches the enterprise
configuration views in the management repository. Cloud Control provides the following
predefined enterprise configuration searches:
• Search Oracle products, patch sets, and interim patches installed in Oracle Homes.
• Search software registered with the host operating system.
• Search initialization parameter settings and setting changes.
• Search tablespaces, data files, and recommended database settings.
• Search database feature usage.
• Search host operating system components, patches, property settings, and property
changes.
• Search host operating system and hardware summaries.
• Search host file systems and network interface card configurations.
• Search policy library.
User-defined searches: With a user-defined search, you specify the SQL query that
searches the enterprise configuration views in the management repository.
targets
n se
lic e
ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
Copyright e Oracle and/or its affiliates. All rights reserved.
j u
z (ad to
A zi
The topology viewer can be accessed from any target home menu under Configuration >
i
ran
Topology and it provides a graphical representation of that target’s relationships with other
j e b targets.
D
n se
lic e
ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
Copyright e Oracle and/or its affiliates. All rights reserved.
j u
iz (ad to
Aza
Answer:
i
b r an
Dj e
dj to u
i z (a
n i Azpractices, you view, compare, and search the configuration information in the
In these
a
brManagement Repository to monitor and manage your enterprise configuration. You
Dje complete the following tasks:
1. View the installed OS packages and their version numbers under Operating System
Components.
2. View the configuration history and use the topology viewer.
3. Compare your host configuration with another host configuration.
4. Search for Oracle products installed in Oracle Homes.
The “Manage Application Stack Configuration with System Comparisons” demonstration
shows you how to compare systems with the use of comparison templates. It shows how
one database is compared with two others. Demonstration details include using target
properties and learning how these properties can be used to ignore differences.
D j e
ra b
n i A
zzi
(ad
j e
a n
to
o
br use
o r e
i@ this S
o ฺ
tu
)
do den
h
dz t Gui
a
as deฺ
n no
- t r an
s
fe r a bl
elic e n s
e
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2016, Oracle and/or its affiliatesฺ
Managing Compliance
n se
lic e
ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
Copyright e Oracle and/or its affiliates. All rights reserved.
j u
z (ad to
i A zi
ran
j e b
D
Objectives
Is compliant
n se
or lic e
ble
fe r a
an s
n - t r
Compliance
Target
Standards a no
) h as dIsenot ฺ compliant
dz t Gu i
o ฺ
r e do den
o o S tu
a n i@ this
e b r © s2015,
Copyright e Oracle and/or its affiliates. All rights reserved.
j u
z (ad to
A zi
For an enterprise to run efficiently, it must adhere to standards that promote the best
i
ran
practices for security, configuration, and storage. After these standards are developed, you
j e b can apply and test for these standards throughout your organization, that is, test for
D compliance. Compliance is the conformance to standards, or requirements. Using Cloud
Control, you can test the conformance of your targets for security standards, and
configuration and storage requirements. By continually testing your systems, services, and
targets, you are ensuring the best possible protection and performance for your system.
d j t
i z (a
n i Az
The compliance management framework of EM Cloud Control provides ways to evaluate
a or systems for compliance with business best practices in terms of configuration,
brtargets
Dje security, storage, and other factors. To use them, you define compliance frameworks,
compliance standards, compliance standard rules, and real time facets.
To effectively use a compliance framework, organize the framework to mimic the
compliance framework you use in your organization. The compliance framework helps
administrators to create rules and standards. Compliance security officers and auditors can
take advantage of comprehensive compliance reports generated based on the structure.
There are two types of compliance frameworks:
• Out-of-box predefined compliance frameworks, such as the Security Technical
Implementation Guide (STIG), Certification, Payment Card Industry Data Security
Standard (PCI DSS), or Oracle Generic Compliance Framework
• User-defined compliance frameworks, which can be based on a predefined
compliance framework
Compliance Standard
n se
lic e
Compliance Standard Rule Folder Compliance le
rab
Standard Rule
e
a n sf
tr
n on-
Rule Folder s a
Compliance
h a
Standard d e ฺRule
)
dz t Gu i
o ฺ
r e do den
o o S tu
a n i@ this
e b r © s2015,
Copyright e Oracle and/or its affiliates. All rights reserved.
dj to u
i z (a
n i Az standard defines what to monitor and the conditions for evaluation, and is
A compliance
a to define a compliance framework.
brused
Dje Compliance standards are a hierarchical structure comprised of the following entities:
• Compliance standard rules: Checks in the form of SQL or other OS scripts. Rules
can be part of multiple compliance standards.
• Rule folders: Include individual compliance standard rules and nested rule folders.
Rule folders are a mechanism to organize rules in a compliance standard. A rule folder
can only be used within the compliance standard in which it is created.
• Other compliance standards: Various compliance standards of the same target type
can be included.
Compliance standards are the entities that must be associated to targets in order for
evaluations to take place. All rules within a standard are then evaluated.
Hundreds of predefined compliance standards, with thousands of rules, are provided with
Enterprise Manager Cloud Control, for various target types such as: database instance,
listener, host, and so on. You may use these compliance standards when defining your own
compliance frameworks or defining new compliance standards. You can use the “Create
Like” feature to create a new compliance standard with the same definition as a predefined
compliance standard. Only user-defined compliance standards can be edited and tailored
for your environments.
Using Oracle Enterprise Manager Cloud Control 12c 12 - 5
Understanding Compliance Standard Rules
• Repository rule:
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2016, Oracle and/or its affiliatesฺ
to collect data that Cloud Control does not already collect, and then associated with an
agent side rule. The association automatically deploys to the agent all needed logic to
perform the checks.
In addition, you can define a manual rule, for tasks that cannot be automated.
n se
lic e
ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
j e br use
z (ad to
i A zi
ran
j e b
D
dj to u
i z (a
n i Az in the slide on this page and the next describe how a typical Enterprise Manager
The steps
b r a
structure can be defined so that auditors can verify that targets are in compliance with the
Dj e organization’s compliance framework.
1. First, a Super Administrator creates, or assigns, existing EM administrators, the
following three distinct job roles:
- A Compliance Author or Designer: The designer of the compliance standards,
rules and facets. This user is given the predefined role
EM_COMPLIANCE_DESIGNER, which includes some target management
privileges.
- An Compliance Auditor, or Officer, is the consumer of the compliance entities
defined by the author/designer, by creating the Compliance Frameworks. This
user is given the EM_COMPLIANCE_OFFICER role with visibility across a data
center and no specific target privileges.
- An IT/DBA Administrator associates targets with standards, reviews, and
resolves compliance violations. This administrator typically is the owner of the
targets.
2. The Compliance Author/Designer reviews Oracle pre-created standards and rules and
creates new ones based on their own policies.
compliance standards.
– Scores are calculated.
• Compliance evaluation process:
– Evaluate standard rules part of a compliance standard by
performing single health or real-time monitor checks.
Can result in one or more violations n se
—
lic e
– Summarize the evaluation scores for a compliance standard
a b le
as a whole. s f er
– Roll up the results to the framework level. -tra
n
n n
othe
– Violations against a target are reported
a to OMS and
presented on the Compliance Results
h s
a and e ฺ target home
)
z Gu i d
pages. oฺdd o nt
e d e
o or Stu
a n i@ this
e b r © s2015,
Copyright e Oracle and/or its affiliates. All rights reserved.
j u
z (ad to
A zi
Compliance is measured through the evaluation of compliance standards and as a result
i
ran
each rule receives a compliance score. Compliance standard rule evaluation results are
j e b rolled up to produce a compliance standard evaluation state as well as a compliance
D summary.
) h a deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
Copyright e Oracle and/or its affiliates. All rights reserved.
dj to u
i z (a
n i Az
The compliance score, measured as a percentage, is the degree of conformance with a
b r a
particular standard. The score is a combination of severity, importance, and the percentage
Dj e of objects found to be noncompliant.
The severity level is defined at rule creation time and it can typically be specified as Critical
(serious if this rule is violated), Warning, or Minor Warning (a minor impact if violated). Each
level translates to a number during the internal calculations.
You can also set the importance of compliance standards when you define a compliance
framework. The importance setting of a compliance standard within the compliance
framework impacts the overall framework compliance score. Importance can be set to Low,
Normal, or High and these translate internally to a number.
The score for each standard rule is calculated as a function of the high and low range
severity values and the number of violations per rows evaluated. In turn, the compliance
score of a particular target against a set of rules is calculated as an average of the individual
rule scores and their importance. Finally, a compliance framework score is a rolled up
weighted average of all target scores across all compliance standards within that
compliance framework.
Refer to the Enterprise Manager Cloud Control Oracle Database Compliance Standards for
detailed information about database compliance score calculation formulas.
n se
lic e
ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
Copyright e Oracle and/or its affiliates. All rights reserved.
j u
z (ad to
A zi
Access the Compliance Library page to manage your compliance infrastructure by selecting
i
ran
Enterprise > Compliance > Library. Use the tabs to access each of the compliance
j e b entities. You can view the predefined out-of-the-box compliance frameworks, compliance
D standards, and compliance standard rules on the corresponding tabs. You also use each
tab to access the feature to create a new compliance entity or to use the “create like”
functionality to define a new entity based on an existing entity.
n se
lic e
bl e
fe r a
ans
n - t r
a no
First select the compliance
) h as deฺ
standard you want to
associate a target to. ฺdz G ui
d o o nt
e d e
o or Stu
a n i@ this
e b r © s2015,
Copyright e Oracle and/or its affiliates. All rights reserved.
j u
z (ad to
A zi
Once the compliance standard has been defined it must be associated with targets for the
i
ran
compliance evaluation to take place. When there is a change to a target’s configuration, re-
j e b evaluation takes place.
D
Note: You can also associate a compliance standard with a target by right-clicking that
target name and selecting Compliance > Standard Associations on the target’s home
page.
d j t
z (a
i A zi
You can investigate the compliance violations to resolve violations in your enterprise.
n
Resolve the most critical compliance violations or the violations that have the biggest impact
ra
j e b on the enterprise. Following are a few suggestions that may help you investigate the most
D critical compliance violations:
• Review all regions of the Compliance Dashboard, that can be accessed from the
menu Enterprise > Compliance > Dashboard. The Dashboard gives you an overall
view of the compliance of your enterprise with single scores for each compliance
framework.
• Review the compliance statistics on the Cloud Control Summary page. In particular,
look at the detail in the Compliance Summary and Least Compliant Targets in the
sections. You should first address the Critical violations.
• Review the security-related violations by navigating to Enterprise > Compliance >
Results and searching for Security. Noncompliance with these policy rules can greatly
impact the security of your enterprise.
• Address targets that have the lowest compliance scores. You can view target
compliance results on the Compliance Results > Target Compliance page.
• For the policy violations of a particular database or host target, navigate to
Compliance Results > Target Compliance or access the home page for that target.
The Compliance Standard Summary section provides overview information, and also
gives you access to trend information for the target.
Using Oracle Enterprise Manager Cloud Control 12c 12 - 14
Viewing Compliance Evaluation Results
n se
lic e
ble
fe r a
ans
n - t r
a no
Compare compliance
) h as deฺ
the i
o dz targets.
scores to determine
ฺ
worst-offending t G u
r e do den
o o S tu
a n i@ this
e b r © s2015,
Copyright e Oracle and/or its affiliates. All rights reserved.
j u
z (ad to
A zi
The screenshot in the slide shows the Compliance Summary section and the Least
i
a n
Compliant Targets section of the Enterprise Manager Cloud Control Summary page.
j e brCompliance scores provide an overall evaluation of a target’s compliance to defined
D
standards.
Compliance scores are generated for a compliance standard and target combination, which
represent a target's compliance with a certain standard. The score indicates the degree to
which the target is compliant with the standard. A 100% Compliance Score indicates that
the target follows all requirements/regulations imposed by compliance standard.
By comparing compliance scores, you can determine the worst-offending targets, giving
those targets particular attention. In other words, as the score becomes lower, the
compliance status becomes worse. A compliance score of 100% indicates a fully compliant
target with respect to that policy.
Compliance scores are also shown on the Compliance Results pages (Enterprise >
Compliance > Results).
n se
lic e
ble
fe r a
t r a ns
You canoview
n n- compliance
s a results reports.
evaluation
) h a deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
Copyright e Oracle and/or its affiliates. All rights reserved.
dj to u
i z (a
You can
n i Azaccess Compliance reports by selecting Information Publisher Reports in the
b r a
Enterprise menu. Scroll to the Compliance section to view the following types of compliance
Dj e reports:
• Descriptions: Reports that list all the compliance frameworks, compliance standards,
and compliance standard rules available in the Compliance Library. You can use
these reports to help you determine whether you need to create additional compliance
entities to correspond to your organization’s compliance standards.
• Results: The reports of type provide detailed information about the evaluation against
the defined compliance frameworks and compliance standards. The “Target with
Lowest AVG COMPLIANCE SCORE” report helps you to determine any targets that
need immediate attention.
Note that while Information Publisher compliance reports are still available in Cloud Control,
in future releases they will be fully replaced by equivalent BI Publisher reports.
n se
lic e
ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
Copyright e Oracle and/or its affiliates. All rights reserved.
j u
iz (ad to
Azb
Answer:
i
b r an
Dj e
n se
lic e
ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
Copyright e Oracle and/or its affiliates. All rights reserved.
j u
iz (ad to
Aza
Answer:
i
b r an
Dj e
n se
lic e
ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
Copyright e Oracle and/or its affiliates. All rights reserved.
j u
z (ad to
A zi
Recommended demonstrations on OLL:
i
ran
• "Oracle Enterprise Manager 12c: Use and Report on Out-of-Box Compliance
j e b Standards” (some newer functionality may not be part of this demonstration)
D
• “Oracle Enterprise Manager 12c: Using STG Compliance Std”
• “Oracle Enterprise Manager 12c: Using Agent-Side Compliance Rules”
D j e
ra b
n i A
zzi
(ad
j e
a n
to
o
br use
o r e
i@ this S
o ฺ
tu
)
do den
h
dz t Gui
a
as deฺ
n no
- t r an
s
fe r a bl
elic e n s
e
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2016, Oracle and/or its affiliatesฺ
n se
lic e
ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
Copyright e Oracle and/or its affiliates. All rights reserved.
j u
z (ad to
i A zi
ran
j e b
D
Objectives
• Oracle-provided reports
• A framework for creating HTML reports based on
management repository data
• The ability to:
– Schedule reports generation
n se
– Store scheduled copies for future reference lic e
– Email reports to intended audiences a b le
s f er
– ran
Share reports with the entire business community
n -t
n o
a
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
Copyright e Oracle and/or its affiliates. All rights reserved.
dj to u
i z (a
n i Az Publisher, Cloud Control’s powerful reporting framework, makes information
Information
a your managed environment available to users across your enterprise. Strategically,
brabout
Dje reports are used to present a view of enterprise-monitoring information for business
intelligence purposes, but can also serve an administrative role by showing activity,
resource utilization, and configuration of managed targets. IT managers can use reports to
show availability of sets of managed systems. Executives can view reports on the
availability of applications (such as corporate email) over a period of time.
The reporting framework allows you to create and publish customized reports. Intuitive
HTML-based reports can be published via the web, stored, or emailed to selected
recipients. Information Publisher comes with a comprehensive library of predefined reports
that allow you to generate reports out of the box without additional setup and configuration.
dj to u
i z (a
n i Az
The Information Publisher framework comes with a library of predefined report definitions
b r a administrators can use to generate fully formatted HTML reports, which shows critical
that
Dj e operations and business information, without any additional configuration or setup. These
report definitions are available to all Cloud Control administrators and cannot be deleted.
They can be copied (using the Create Like functionality) to make your own customized
report that suits your specific operational needs.
The report groupings are:
• Cisco
• Compliance
• Deployment and Configuration
• Enterprise Manager Setup
• Feature and License Pack Usage
• Monitoring
• Oracle ILOM Server
• Security
• Storage
Target
Unauthorized reproduction or distribution prohibitedฺ Copyright© 2016, Oracle and/or its affiliatesฺ
Time Period
n se
Elements lic e
ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
Copyright e Oracle and/or its affiliates. All rights reserved.
j u
z (ad to
A zi
The results of running a report on demand vary depending on the characteristics of the
i
ran
report definition, as well as the parameters set at run time. If the report is being run for a
j e b particular target, the target type and name of the target appear in the upper-left corner of the
D report. If the report shows information for a particular time period, that time period is
included in the upper-left corner as well. The author of the report can set it so that the
administrator running the report may change the time period. If this is the case, there is a
Set Time Period button available. The report viewer can click this button to rerun the report
with a different time. Any time-sensitive data in the report changes according to the time
period specified.
The remaining area of the report is made up of report elements. There are several types of
report elements that can be included in a report. In the slide, the Summary and Availability
History are examples of Table from SQL elements, and the Availability State is an example
of a Chart from SQL element.
For elements that display data in a table format, the column headings are interactive,
enabling the viewer to change the ordering sequence by clicking the column on which he or
she wants to order the report data.
2
1
n se
3
lic e
ble
fe r a
an s
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
Copyright e Oracle and/or its affiliates. All rights reserved.
j u
z (ad to
A zi
The slide shows screenshots of the Report Elements and Set Parameters pages.
i
ran
j e b
D
n se
lic e
bl e
fe r a
an s
n - t r
a no
) h as deฺ
o ฺ dz t Gui Saved Copies 3
r e do den
o o S tu
a n i@ this
e b r © s2015,
Copyright e Oracle and/or its affiliates. All rights reserved.
j u
z (ad to
A zi
By default, copies of reports are not saved. You can choose to save copies of the report
i
ran
each time the scheduled report completes by selecting the check box under Save copies of
j e b Report on the Schedule page. A purge schedule can also be set. Choose to purge based on
D a retention time, based on a number of saved copies, or not to purge at all. If there are
saved copies available for a report, there is a link to those copies when you view the report
on demand. When you click this link, the last saved copy is generated. Other copies can be
viewed from the link on this rendered report copy.
A report can also be emailed to appropriate recipients by selecting the check box under
Email report on the Schedule page. You can enter a Reply To email address, a list of
recipients (separated by a comma), as well as a Subject line for the email.
Note: Purging does not cause the report definition to be purged.
dj to u
i z (a
i z
ReportAdefinitions can be edited and viewed by the report creator (owner) and all super
a n
bradministrators. On the Access page, the administrator creating or editing the report can add
Dje administrators and/or roles to allow them privileges on this report as well. If you have been
given the “Publish Report” privilege, you can share the report with unauthenticated, or
public, users. Some access behavior depends on whether the report has early target
bindings (defined on the General page or with the elements) or late target bindings (targets
chosen by the person viewing the report).
When you grant access to a report with early target bindings, you grant the ability to:
• View and generate the report on demand in the report owner’s context (if “Run report
using target privileges of the report owner” is selected on the General page; otherwise,
it uses the viewer’s context)
• View stored copies of the report that were generated in the report owner’s context
• “Create Like” on the report definition (not for public users)
When you grant access to a report with late target bindings, you grant the ability to:
• View and generate on-demand reports in the viewer’s context
• View stored copies of the report that were generated in the owner’s context
• “Create Like” on the report definition
Reports with late target bindings cannot be shared with Public because public users do not
have any target privileges.
Using Oracle Enterprise Manager Cloud Control 12c 13 - 12
Enterprise Manager Reports Website
n se
Configuration lic e
ble
fe r a
WebLogic t r a ns
Server n on-
s a
Operating System h a d e ฺ
)
dz t Gu i
o ฺ
r e do den
o o S tu
a n i@ this
e b r © s2015,
Copyright e Oracle and/or its affiliates. All rights reserved.
dj to u
i z (a
n i Az can be configured to work with a data source that accesses the Enterprise
BI Publisher
definitions include:
a. Deployment and Configuration
b. Enterprise Manager Setup
c. Feature and License Pack Usage
d. Monitoring
n se
e. Security lic e
a b le
f. Storage
s f er
g. All of the above - t r an
n no
a
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
Copyright e Oracle and/or its affiliates. All rights reserved.
j u
iz (ad to
Azg
Answer:
i
b r an
Dj e
n se
lic e
ble
fe r a
ans
n - t r
a no
) h as deฺ
o ฺ dz t Gui
r e do den
o o S tu
a n i@ this
e b r © s2015,
Copyright e Oracle and/or its affiliates. All rights reserved.
j u
z (ad to
i A zi
ran
j e b
D
D j e
ra b
n i A
zzi
(ad
j e
a n
to
o
br use
o r e
i@ this S
o ฺ
tu
)
do den
h
dz t Gui
a
as deฺ
n no
- t r an
s
fe r a bl
elic e n s
e