Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Â
Optimize OEM Administration with Best Practices
1. Session ID:
Prepared by:
Where did my day go?: Oracle
Enterprise Manager 12c/13c
Administration
282
Alfredo Krieg
@alfredokrieg
2. April 2-6, 2017 in Las Vegas, NV USA #C17LV
About meâŚ
⢠Oracle ACE Associate
⢠Oracle Technologies since 2004 & 11g
Certified
⢠IOUGâs Cloud SIG Officer
⢠North East Ohio Oracle User Group Officer
⢠OEM Cloud Control 12c/13c and Database
Performance Tuning
@alfredokrieg
alfredokrieg@gmail.com
bitkode.blogspot.com
3.
4. April 2-6, 2017 in Las Vegas, NV USA #C17LV
Motivation
⢠As an Enterprise Manager administrator you are responsible of a wide
variety of tasks including:
⢠Discovery and maintenance of targets
⢠Deploy plug-ins
⢠Tune OEM 12c/13c performance
⢠Maintain backups
⢠Others (Cloud, Self-Service, Alerts, etc.)
⢠With such time consuming tasks, administrators need to find the most
efficient ways to manage the manager.
⢠Best practices
⢠Task automation
⢠Command Line EMCLI
⢠New Features in 13c
5. April 2-6, 2017 in Las Vegas, NV USA #C17LV
Agenda
⢠Lifecycle Management
- Performing Mass Agent Deployment
- Agent Gold Image
⢠OEM new features
- "Always on" monitoring
- Notification blackouts
⢠Target Administration
- Creating Monitoring Templates
- Using Administration Groups
⢠Security
- Secure your SYSMAN schema account
- Setup credentials and private roles
- Secure and lock the OMS and Agents
- Use EMCLI to configure OEM Audit system
6. April 2-6, 2017 in Las Vegas, NV USA #C17LV
Perform Mass Agent Deployment
7. April 2-6, 2017 in Las Vegas, NV USA #C17LV
Perform Mass Agent Deployment
8. April 2-6, 2017 in Las Vegas, NV USA #C17LV
Perform Mass Agent Deployment
9. April 2-6, 2017 in Las Vegas, NV USA #C17LV
Perform Mass Agent Deployment
10. April 2-6, 2017 in Las Vegas, NV USA #C17LV
Perform Mass Agent Deployment
11. April 2-6, 2017 in Las Vegas, NV USA #C17LV
Perform Mass Agent Deployment
⢠Perform Mass Agent Deployment
⢠Fresh Install
⢠Installs the vanilla version of the agent.
⢠Clone Existing Agent
⢠Installs an agent using an existing source agent that is well tested and
patched.
⢠Add Host to Shared Agent
⢠Installs an agent using an existing master agent that is installed on a
NFS mounted drive.
12. April 2-6, 2017 in Las Vegas, NV USA #C17LV
Perform Mass Agent Deployment
13. April 2-6, 2017 in Las Vegas, NV USA #C17LV
Perform Mass Agent Deployment
emcli submit_add_host
-host_names=<host_list>
-platform=<platform_id>
-installation_base_directory=<install_base_dir>
-credential_name=<credential_name>
-port=<agent_port>]
14. April 2-6, 2017 in Las Vegas, NV USA #C17LV
Agent Gold Image
⢠Customized configuration of the OEM Agent
⢠Version
⢠Patch Level
⢠Plugins
⢠Gold Image can be used to:
⢠Deploy â Add Host
⢠Update
⢠Upgrade
⢠Patch agent or plugins
⢠Deploy plugins
Image Version
15. April 2-6, 2017 in Las Vegas, NV USA #C17LV
Agent Gold Image
⢠Restrictions:
⢠NFS agent â cannot install, update or upgrade
⢠Unsecure agent canât be used
⢠Cannot subscribe to Agent Gold Image
⢠Central agent
⢠NFS agents
⢠Unsecure agents
⢠Agents on different platforms as the Gold Image
⢠Already subscribed agents
16. April 2-6, 2017 in Las Vegas, NV USA #C17LV
Agent Gold Image
⢠How to create agent gold image?
⢠Console
⢠EMCLI
emcli create_gold_agent_image
17. April 2-6, 2017 in Las Vegas, NV USA #C17LV
Agent Gold Image
⢠Agent Gold Image Console
18. April 2-6, 2017 in Las Vegas, NV USA #C17LV
Agent Gold Image
⢠How to create agent gold image?
⢠Console
⢠Manage All Images -> Create
⢠EMCLI
emcli create_gold_agent_image
19. April 2-6, 2017 in Las Vegas, NV USA #C17LV
Agent Gold Image
⢠How to create agent gold image version?
⢠Console
⢠Manage All Images -> Create
20. April 2-6, 2017 in Las Vegas, NV USA #C17LV
Agent Gold Image
21. April 2-6, 2017 in Las Vegas, NV USA #C17LV
Agent Gold Image
⢠Agent Gold Image Status
⢠Draft - new image version
⢠Current â ready to mass deploy or mass update (canât go back!)
⢠Restricted â to test and agent config (up to 10 agents update)
22. April 2-6, 2017 in Las Vegas, NV USA #C17LV
Agent Gold Image
23. April 2-6, 2017 in Las Vegas, NV USA #C17LV
Agent Gold Image
24. April 2-6, 2017 in Las Vegas, NV USA #C17LV
Agent Gold Image
25. April 2-6, 2017 in Las Vegas, NV USA #C17LV
Agent Gold Image
26. April 2-6, 2017 in Las Vegas, NV USA #C17LV
Agent Gold Image
27. April 2-6, 2017 in Las Vegas, NV USA #C17LV
Agent Gold Image
⢠Issues
⢠EM13c: Deploying 13c Agent Using Gold Agent Image Fails
With Error "agentDeploy.sh: No such file or directory" (Doc ID
2174189.1)
⢠EM13c: Deploying 13c Agent Using Gold Agent Image Fails
With Error "agentDeploy.sh : error=13, Permission denied"
(Doc ID 2134052.1)
⢠EM13c: Update Gold Agent Image Operation For Windows
Agent Fails With "java.lang.NullPointerException" (Doc ID
2191522.1)
28. April 2-6, 2017 in Las Vegas, NV USA #C17LV
Agent Gold Image
⢠Useful notes:
⢠EM 13c: How to Upgrade Agents From 12c to 13c Using Gold
Agent Image In 13c Cloud Control (Doc ID 2126427.1)
⢠EM 13C: How to Update Existing Gold Agent Image and Update
the Already Deployed Agents in 13c Cloud Control (Doc ID
2090976.1)
⢠EM13C: How to Deploy or Install a New Agent Using Gold
Agent Image in 13c Cloud Control (Doc ID 2093924.1)
⢠EM 13C: Understanding Gold Agent Image Functionality and
Deploying Agents Using Gold Agent Image (Doc ID 2090975.1)
⢠EM13C: How to Deploy or Install a New Agent Using Gold
Agent Image in 13c Cloud Control (Doc ID 2093924.1)
29. April 2-6, 2017 in Las Vegas, NV USA #C17LV
Agenda
⢠Lifecycle Management
- Performing Mass Agent Deployment
- Agent Gold Image
⢠OEM new features
- "Always on" monitoring
- Notification blackouts
⢠Target Administration
- Creating Monitoring Templates
- Using Administration Groups
⢠Security
- Secure your SYSMAN schema account
- Setup credentials and private roles
- Secure and lock the OMS and Agents
- Use EMCLI to configure OEM Audit system
30. April 2-6, 2017 in Las Vegas, NV USA #C17LV
Always-On Monitoring
⢠What is it?
⢠Is a separate service
⢠Sync with OMS (default every 24 hours)
⢠Receives alerts from Agents and send emails
⢠Can turn notifications off/on
⢠Requirements
⢠Separate DB instance than OMR
⢠The Always-On Monitoring code installed in the
$MW_HOME/sysman/ems
⢠Java 1.7
31. April 2-6, 2017 in Las Vegas, NV USA #C17LV
Always-On Monitoring
⢠New DB instance
⢠12.1.0.2 bundle 10 or higher (Oct 2015)
⢠OPTIMIZER_ADAPTER_FEATURES=FALSE;
⢠Same character set as OMR
⢠Can be a PDB
NAME TYPE VALUE
------------------------------------ ----------- ------------------------------
optimizer_adaptive_features boolean FALSE
32. April 2-6, 2017 in Las Vegas, NV USA #C17LV
Always-On Monitoring
cd $MW_HOME/sysman/ems
$ ls
ems_13.2.0.0.0.zip
$ unzip ems_13.2.0.0.0.zip
$ emctl config emkey -copy_to_repos
Oracle Enterprise Manager Cloud Control 13c Release 2
Copyright (c) 1996, 2016 Oracle Corporation. All rights reserved.
Enter Enterprise Manager Root (SYSMAN) Password :
The EMKey has been copied to the Management Repository. This
operation will cause the EMKey to become unsecure.
After the required operation has been completed, secure the
EMKey by running "emctl config emkey -remove_from_repos".
33. April 2-6, 2017 in Las Vegas, NV USA #C17LV
Always-On Monitoring
cd $MW_HOME/sysman/ems/ems/scripts
$ export JAVA_HOME=$MW_HOME/oracle_common/jdk/jre
$ export PATH=$JAVA_HOME/bin:$PATH
$ java -fullversion
java full version "1.7.0_111-b13"
$ ./emsca
34. April 2-6, 2017 in Las Vegas, NV USA #C17LV
Always-On Monitoring
Oracle Enterprise Manager Cloud Control 13c Release 2
Copyright (c) 2015, 2016, Oracle Corporation. All rights reserved.
---------------------------------------------------------------
Always-On Monitoring Repository Connection String : (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST = host)(PORT = 1521))(CONNECT_DATA = (SERVER = DEDICATED) (SERVICE_NAME =
emxxxx)))
Always-On Monitoring Repository Username [ems] :
Always-On Monitoring Repository Password [ems] :
User "ems" cannot be found in the database.
In order to create this user, SYSDBA credentials are required. If you do not want to continue, answer "n" to the question below.
Create the Always-On Monitoring Repository user [y] : y
Always-On Monitoring Repository SYSDBA Username : sys
Always-On Monitoring Repository SYSDBA Password :
Enterprise Manager Repository Connection String : (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST = host)(PORT = 1521))(CONNECT_DATA = (SERVER = DEDICATED) (SERVICE_NAME =
emxxxx)))
Enterprise Manager Repository Username : sysman
Enterprise Manager Repository Password :
Creating Always-On Monitoring repository user ems
Agent Registration Password :
Keystore for host hostxxxx created successfully.
Connecting to Always-On Monitoring Repository.
Creating Always-On Monitoring Repository schema
Creating repository storage for Targets data.
Creating repository storage for Alerts and Availability data.
Creating repository storage for Notification Metadata data.
Creating repository storage for Target Metric Metadata data.
Registering Always-On Monitoring instance
Always-On Monitoring Upload URL: https://hostxxxx:8081/upload
35. April 2-6, 2017 in Las Vegas, NV USA #C17LV
Always-On Monitoring
⢠Define downtime contacts
⢠System wide
$ emcli set_oms_property -
property_name='oracle.sysman.core.events.ems.downtimeCont
act' -property_value='alfredokrieg@gmail.comâ
⢠Per target: emcli set_target_property_value
36. April 2-6, 2017 in Las Vegas, NV USA #C17LV
Always-On Monitoring
⢠emsctl
⢠status
⢠sync
⢠start
⢠stop
⢠ping
⢠enable_notification
⢠disable_notification
https://docs.oracle.com/cd/E63000_01/EMADM/em_mon_svc.htm#EMADM15626
37. April 2-6, 2017 in Las Vegas, NV USA #C17LV
Always-On Monitoring
⢠Sync AOM with EM
$ ./emsctl sync
Oracle Enterprise Manager Cloud Control 13c Release 2
Copyright (c) 2015, 2016, Oracle Corporation. All rights reserved.
------------------------------------------------------------------
Connecting to Always-On Monitoring Repository.
Starting synchronization with Enterprise Manager.
Synchronizing with Enterprise Manager repository: sysman@(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = host)(PORT = 1521))(CONNECT_DATA
= (SERVER = DEDICATED) (SERVICE_NAME = db)))
Synchronizing Targets data.
Synchronizing Alerts and Availability data.
Synchronizing Notification Metadata data.
Synchronizing Target Metric Metadata data.
Synchronization complete at : Thu Mar 16 14:36:15 EDT 2017
38. April 2-6, 2017 in Las Vegas, NV USA #C17LV
Always-On Monitoring
⢠emsctl start
⢠emsctl enable_notification
⢠Test notification
Host=hostname
Target type=Type
Target name=Name
Incident creation time=Mar 10, 2017 5:11:09 AM
Last updated time=Mar 10, 2017 7:20:43 PM
Message=Database is down
Severity=Fatal
Incident ID=281
Event count=1
Incident Status=New
Escalated=No
Priority=High
Incident owner=SYSMAN
Incident Acknowledged By Owner=No
Categories=Availability
Sent by Oracle Enterprise Manager - Always-On Monitoring
39. April 2-6, 2017 in Las Vegas, NV USA #C17LV
Notification Blackouts
⢠Blackouts
⢠Suspend monitoring for a defined period of time
⢠Agent wonât collect monitoring data for the target
⢠Useful when
⢠Patching or planned maintenance
⢠Not useful when
⢠Dealing with unplanned maintenance
⢠DB crash
⢠Network issues
⢠Agent having issues?
40. April 2-6, 2017 in Las Vegas, NV USA #C17LV
Notification Blackouts
⢠Notification Blackouts
⢠Suppress notifications on targets during a period of time
⢠Agent will continue collecting monitoring data for the target
⢠Types
⢠Maintenance Notification Blackout (default)
⢠Planned downtime
⢠Notification-only Notification Blackout
⢠Unplanned downtime
41. April 2-6, 2017 in Las Vegas, NV USA #C17LV
Notification Blackouts
⢠Notification Blackouts
42. April 2-6, 2017 in Las Vegas, NV USA #C17LV
Notification Blackouts
⢠Notification Blackouts
43. April 2-6, 2017 in Las Vegas, NV USA #C17LV
Agenda
⢠Lifecycle Management
- Performing Mass Agent Deployment
- Agent Gold Image
⢠OEM new features
- "Always on" monitoring
- Notification blackouts
⢠Target Administration
- Creating Monitoring Templates
- Using Administration Groups
⢠Security
- Secure your SYSMAN schema account
- Setup credentials and private roles
- Secure and lock the OMS and Agents
- Use EMCLI to configure OEM Audit system
44. April 2-6, 2017 in Las Vegas, NV USA #C17LV
Monitoring Templates
⢠Group of metrics and their thresholds for a particular
target type
45. April 2-6, 2017 in Las Vegas, NV USA #C17LV
Monitoring Templates
46. April 2-6, 2017 in Las Vegas, NV USA #C17LV
Monitoring Templates
⢠a
47. April 2-6, 2017 in Las Vegas, NV USA #C17LV
Monitoring Templates
48. April 2-6, 2017 in Las Vegas, NV USA #C17LV
Monitoring Templates
⢠a
49. April 2-6, 2017 in Las Vegas, NV USA #C17LV
Monitoring Templates
⢠a
50. April 2-6, 2017 in Las Vegas, NV USA #C17LV
Administration Groups
50
51. April 2-6, 2017 in Las Vegas, NV USA #C17LV
Administration Groups â Target Properties
51
52. April 2-6, 2017 in Las Vegas, NV USA #C17LV
Administration Groups
52
53. April 2-6, 2017 in Las Vegas, NV USA #C17LV
Administration Groups
53
54. April 2-6, 2017 in Las Vegas, NV USA #C17LV
Administration Groups
54
55. April 2-6, 2017 in Las Vegas, NV USA #C17LV
Administration Groups
55
56. April 2-6, 2017 in Las Vegas, NV USA #C17LV
Administration Groups
56
57. April 2-6, 2017 in Las Vegas, NV USA #C17LV
Administration Groups
57
58. April 2-6, 2017 in Las Vegas, NV USA #C17LV
Administration Groups
58
59. April 2-6, 2017 in Las Vegas, NV USA #C17LV
Administration Groups
59
60. April 2-6, 2017 in Las Vegas, NV USA #C17LV
Administration Groups
60
$ emcli login -username=sysman
Enter password :
Login successful
$ emcli set_target_property_value
-property_records="Development DB:composite:LifeCycle Status:Development"
-propagate_to_members
Properties updated successfully
$ emcli logout
Logout successful
61. April 2-6, 2017 in Las Vegas, NV USA #C17LV
Agenda
⢠Lifecycle Management
- Performing Mass Agent Deployment
- Agent Gold Image
⢠OEM new features
- "Always on" monitoring
- Notification blackouts
⢠Target Administration
- Creating Monitoring Templates
- Using Administration Groups
⢠Security
- Secure your SYSMAN schema account
- Setup credentials and private roles
- Secure and lock the OMS and Agents
- Use EMCLI to configure OEM Audit system
62. April 2-6, 2017 in Las Vegas, NV USA #C17LV
Secure your SYSMAN account
62
⢠SYSMAN is the schema owner, as a result is more privileged
than a Super Administrator.
⢠Users and Administrators should login using their own accounts, this is
helpful while auditing operations.
⢠Thereâs a method to disable SYSMAN access from the console and emcli.
DB access and âemctl status oms âdetailsâ still work.
SQL> UPDATE MGMT_CREATED_USERS
SET SYSTEM_USER='-1'
WHERE user_name='SYSMAN';
http://bitkode.blogspot.com/2014/12/oracle-
enterprise-manager-security.html
Set it to 1 to re-enable it
63. April 2-6, 2017 in Las Vegas, NV USA #C17LV
Secure and Lock OMS and Agents
63
⢠Is recommended that all communications between OMS,
agents, repository and users is made by secure mode (HTTPS).
⢠In secure mode, HTTP port is locked.
⢠Secure mode is enabled by default, but upgrade does not secure-lock the
OMS.
⢠Agents should be secured in order to make use of HTTPS port.
⢠Agents not secured, will not be able to communicate with a secured
OMS.
64. April 2-6, 2017 in Las Vegas, NV USA #C17LV
Secure and Lock OMS and Agents
64
⢠Not secured OMS
$ emctl status oms âdetails
Oracle Enterprise Manager Cloud Control 12c Release 4
Copyright (c) 1996, 2014 Oracle Corporation. All rights reserved.
Enter Enterprise Manager Root (SYSMAN) Password :
EM Instance Home : /u01/oracle/oms/12.1.0.4/gc_inst/em/EMGC_OMS1
OMS Log Directory Location : /u01/oracle/oms/12.1.0.4/gc_inst/em/EMGC_OMS1/sysman/log
SLB or virtual hostname: host1-em.localdomain
HTTPS SLB Upload Port : 4900
HTTPS SLB Console Port : 443
Agent Upload is unlocked.
OMS Console is unlocked.
Active CA ID: 1
Console URL: https://host1-em.localdomain:443/em
Upload URL: https://host1-em.localdomain:4900/empbs/upload
Agent Upload is unlocked.
OMS Console is unlocked.
65. April 2-6, 2017 in Las Vegas, NV USA #C17LV
Secure and Lock OMS and Agents
65
⢠Secure OMS
$ emctl secure lock
Oracle Enterprise Manager Cloud Control 12c Release 4
Copyright (c) 1996, 2014 Oracle Corporation. All rights reserved.
Enter Enterprise Manager Root (SYSMAN) Password :
OMS Console is locked. Access the console over HTTPS ports.
Agent Upload is locked. Agents must be secure and upload over HTTPS port.
Restart OMS.
$emctl stop oms
$emctl start oms
66. April 2-6, 2017 in Las Vegas, NV USA #C17LV
Secure and Lock OMS and Agents
66
⢠Secured OMS
$ emctl status oms âdetails
Oracle Enterprise Manager Cloud Control 12c Release 4
Copyright (c) 1996, 2014 Oracle Corporation. All rights reserved.
Enter Enterprise Manager Root (SYSMAN) Password :
Console Server Host : host1.localdomain
HTTP Console Port : 7788
HTTPS Console Port : 7799
HTTP Upload Port : 4889
HTTPS Upload Port : 4900
EM Instance Home : /u01/oracle/oms/12.1.0.4/gc_inst/em/EMGC_OMS1
OMS Log Directory Location : /u01/oracle/oms/12.1.0.4/gc_inst/em/EMGC_OMS1/sysman/log
SLB or virtual hostname: host1-em.localdomain
HTTPS SLB Upload Port : 4900
HTTPS SLB Console Port : 443
Agent Upload is locked.
OMS Console is locked.
Active CA ID: 1
Console URL: https://host1-em.localdomain:443/em
Upload URL: https://host1-em.localdomain:4900/empbs/upload
Agent Upload is locked.
OMS Console is locked.
67. April 2-6, 2017 in Las Vegas, NV USA #C17LV
Secure and Lock OMS and Agents
67
⢠Secure agent
$ emctl secure agent
Oracle Enterprise Manager Cloud Control 12c Release 4
Copyright (c) 1996, 2014 Oracle Corporation. All rights reserved.
Agent successfully stopped... Done.
Securing agent... Started.
Enter Agent Registration Password : <Type agent registration password>
Agent successfully restarted... Done.
Securing agent... Successful.
Securing agent... Successful.
68. April 2-6, 2017 in Las Vegas, NV USA #C17LV
Use EMCLI to configure OEM Audit
68
⢠Basic OEM audit is enabled by default.
⢠Whenever a user login-logout, the action is audited.
⢠More default audit operations include:
⢠Apply Update
⢠Change MGMT_VIEW User Password
⢠Change Repository Password
⢠Configure Authentication
⢠Copy EM Key to Repository
⢠Remove EM Key from Repository
⢠Create Custom CA
⢠Remove Update
⢠Secure Console
⢠Secure Lock
⢠Secure OMS
69. April 2-6, 2017 in Las Vegas, NV USA #C17LV
Use EMCLI to configure OEM Audit
69
⢠You can configure the Enterprise Manager Audit System by
using the following EM CLI commands:
⢠enable_audit: Enables auditing for all user operations.
⢠disable_audit: Disables auditing for all user operations.
⢠show_operations_list: Shows a list of the user operations being audited.
⢠show_audit_settings: Shows the audit status, operation list, externalization
service details, and purge period details.
⢠update_audit_settings: Updates the current audit settings in the
repository.
70. April 2-6, 2017 in Las Vegas, NV USA #C17LV
Use EMCLI to configure OEM Audit
70
⢠The update_audit_settings command updates the current
audit settings in the repository and
restarts the Management Service.
emcli update_audit_settings -audit_switch="ENABLE/DISABLE"
-operations_to_enable="name of the operations to enable, for all
oprtations use ALL"
-operations_to_disable="name of the operations to disable, for
all oprtations use ALL"
-externalization_switch="ENABLE/DISABLE"
-directory_name="directory_name (DB Directory)"
-file_prefix="file_prefix" -file_size="file_size (Bytes)"
-data_retention_period="data_retention_period (Days)"
71. April 2-6, 2017 in Las Vegas, NV USA #C17LV
Use EMCLI to configure OEM Audit
71
⢠-audit_switch: Enables auditing across Enterprise Manager.
The values are ENABLE/DISABLE. Default value is DISABLE.
⢠-operations_to_enable: Enables auditing for specified operations.
Enter All to enable all operations.
⢠-operations_to_disable: Disables auditing for specified operations.
Enter All to disable all operations.
⢠-externalization_switch: Enables the audit data export service. The possible
values are ENABLE/DISABLE. Default value is DISABLE.
⢠-directory: The database directory that is mapped to the OS directory where
the export service archives the audit data files.
72. April 2-6, 2017 in Las Vegas, NV USA #C17LV
Use EMCLI to configure OEM Audit
72
⢠-file_prefix: The file prefix to be used by the export
service to create the file in which audit data is to be stored.
⢠-file_size: The size of the file on which the audit data is to be stored. The
default value is 5000000 bytes.
⢠data_retention_period: The period for which the audit data is to be retained
inside the repository. The default value is 365 days.
http://docs.oracle.com/cd/E24628_01/doc.121/e36415/sec_features.htm#
EMSEC12907
73. Please Complete Your
Session Evaluation
Evaluate this session in your COLLABORATE app.
Pull up this session and tap "Session Evaluation"
to complete the survey.
Session ID: 282