oracle corporation - doag.orgƒ¤rz/... · g zero-implementation, zero time-to-value access by...
TRANSCRIPT
Realize Immediate Value
� Grid Control– Management of all the Oracle Grid components– Centrally manage entire enterprise– Out-of-box management for all Oracle products
� Product Controls– Fully functional standalone management– Out-of-box with each product
g
� Zero-implementation, Zero time-to-value� Access by Anybody, Anywhere� Open Repository Schema� Easy extensibility and customization� Support of Standards� Scalability, robustness and self-maintenance
Fire
wal
l
Mobile Device
HTML Console
PortalsHTTP/S
HTTP/S
HTTP/S
HTTP/S
Open Repository
Manage from Anywhere
� Installed in a private oracle home via– Regular install off a CD/Stage– Download from central Management Server
� Controlled by: emctl start|stop|status agent� Typically started at bootup time� By default occupies port 1813 (http/s)
(Continued)
� Runtime consists of:– Persistent emagent process– Periodic, short-lived processes (due to OSCmd
fetchlet)– Lightweight Watchdog process that monitors and
corrects
From OMS
Upload Data & HeartbeatingReceive Commands:Config changes, Realtime Metric ValuesRemoreOp Submission
Scheduler
Self Monitor Metadata Mgr
Target Inv.
To OMS
State MgrAgent Services
Fetchlet EngineOS CmdSQL
SNMPHTTP
� Installed in private oracle home along with all its dependencies
� Controlled via: emctl start|stop|status oms� Runtime consists of:
– Apache Server – Oracle’s J2EE Container (OC4J) with EM App– Lightweight Watchdog process that monitors and
corrects
Data and Heartbeat ReceiverAgent Client Layer:�Configuration changes
�Real time metrics�Remote Ops submission
Console User Interface (JSPs / Servlets)
To R
epos
itory
To Agent From Agent
Console Access
Data LoaderSelf MonitorJob DispatcherNotification Dispatcher
� Installed within an Oracle database– For large scale, it should be a dedicated database
� Consists of data storage structures plus pl/sql code that executes on demand or on schedule
� Performs the following operations:– Historical data summarization and purging– Availability calculations – Notification queuing and dispatching– Job scheduling
Browser OMS
EM Repository
Managed Target
https
Managed Target
agentagent
https
net - ASO
icmpNet - ASO
AgentAgent
1. Define and instrument target metrics 1
Agent
ActiveManagementRepository
2. Build custom UI’s and Report through Repository
Access2
3. Extend Console UI 3
EM Black Box
� Extend EM to mange to custom applications– Add new managed target types
� Ex: 3rd party Application management– Add metrics to existing target types
� Ex: Site-specific host monitoring � Extend EM for comprehensive management
– Custom reporting based on EM Repository data� Ex: Service Level Reporting
– Custom job system � Ex: Scriptable EM commands via the CLI
� Integrate EM with 3rd party management products– Custom alert notification methods
� Ex: Link to trouble-ticketing system– Customize GUI for existing target types
� Ex: Link in-context to 3rd party tools
� User Security– The breadth of management tasks available in
Enterprise Manager depends on the privilegesand roles assigned to the administrators.
� Default Users:– SYSMAN - is created by default during the installation of
Oracle Enterprise Manager. The SYSMAN Super Administrator then creates other administrator accounts for daily administration work. The SYSMAN account should only be used to perform infrequent system wide, global configuration tasks.
– SYS - database users defined in the Management Repository after install
– SYSTEM - database users defined in the Management Repository after install
� By default during the installation of Oracle Enterprise Manager, one Super Administrator is created with the username of SYSMAN.
� A Super Administrator has the ability to perform all of the following tasks:
– Ability to create, modify and delete any Enterprise Manager administrator.
– Ability to create any role in the system.– Ability to perform any action on any target in the system.– Ability to see all areas of the Management System primary
tab.
� System Privileges - allow a user to perform system wide operations within Enterprise Manager 10g Grid Control.
– VIEW ANY TARGET– ADD ANY TARGET– USE ANY BEACON– MONITOR ENTERPRISE MANAGER
� Target Privileges - allow a user to perform operations on a specific target within Enterprise Manager 10g Grid Control.
– VIEW - Allows the administrator to view properties, inventory and monitor information about a target.
– OPERATOR - Allows the administrator to perform Startup, Shutdown, and Edit target properties operations on a target.
– FULL - Implicitly grants all the target privileges and allows the administrator to 1) Delete a targetand 2) Configure credentials for maintenance operations of a target
– ADD TARGET IN GROUP - Allows the administrator to add a target in a specific group and to grant privileges on a group. The privileges are propagated.
– MANAGE TARGET GROUP - Allows the administrator to add a target in a specific target group or delete a target from a specific target group.
� To facilitate wireless access to performance and diagnostics information
� To enable a DBA to perform a corrective action from a wireless device on occurrence of an event.
� Perform basic administration tasks from a wireless device.
EM 10g
EM2Go
Downloadable agent installs– Installs from central OMS site containing agent
binaries on all ports– Uses scripted ‘pull’ install via OUI in silent mode– Script can be wrapped to automate delivery to
multiple nodes
� Goal: 2000 hosts, 100 concurrent users
� Deployment Suggestion:– 3 OMS Lintel boxes (Dell 1650) behind an SLB– 2 Repository Lintel boxes (Dell 2650) running RAC– Fast Disk subsystem, striped, mirrored (NetApps)– DR solution based on physical standby database
� Total hardware cost: Less than $50K
� Installation of EM10g Agent– Automated using EM9i Job System
� Repository Migration captures EM9i Information:– Administrators– Preferred Credentials– Roles– Groups– Hosts– Databases– Listeners
� EM9i and EM10g can be run in tandem– Migration can be implemented incrementally– Simplifies transition to the EM10g Grid Control Framework
� Monitoring of Oracle Eco-system
� Complements ASLM for end-to-end monitoring
� Critical performance rollups� “Need to know” management
� Application availability
Applications
HomogenousLogical Sets
� Monitor from anywhere via HTML-based Console� Immediate Out-of-Box value:
– Real time monitoring– Predefined metrics with Oracle-recommended defaults– Historical collections for trend analysis– Out-of-box notifications for critical alerts
� Enhanced Diagnostics– Alerts shown in context of metric history– Can compare metrics across targets for problem isolation
� Enhanced Availability monitoring– Breakdown of availability states over past day, week, month– Blackouts for scheduled maintenance periods
� Can use EM baselines as aid to thresholding– EM calculates thresholds based on deviations from past target
performance� Notifications
– Supports: E-mail, OS script, PL/SQL script, SNMP traps– E-mail message has context-sensitive link to metric details in
EM Console� User Defined Metrics
� User-defined monitoring policies (templates)� Enhanced real-time graphs� Availability enhancements
– Allow users to specify window for SLA calculations� Notification enhancements:
– Customize messages– Repeat notifications / Notification Escalations
� Integration with 3rd party management vendors
� Distributed architecture� Execute simple or complex tasks across
100’s of systems� Easy to use and scalable� Pre-packaged jobs
– Backup, export/import, patch, clone…
� Ad hoc jobs – Custom Host or SQL scripts– Support for Group targets
EM 10gJob System
� Operational control– Use of preferred credentials– Stop / Retry / Resume & Suspend– Simple purge policy
� Job Access privileges for cooperative management
� Job Library
EM 10gJob System
� Notification support
� User-defined multi-task jobs across different hosts– Support dependencies between tasks on diff. targets/hosts
� Definer’s rights jobs with new ‘Execute’ privilege
� New job tasks (e.g. iAS jobs)
� User-defined target properties as job parameters
� “Abort” job
� Enhanced scheduling– Business calendars, run job on machine idle time, run on event, etc
� Enhanced load-balancing for jobs running in clusters/groups
� Job SDK
� Complete inventory of all Oracle software
– Versions– Patch levels
� Configuration details for all Oracle products
� Related software and hardware configuration details
“How many instances need to have a given patch applied? –Is my O/S at the right patch level?”
� Tracking changes� Comparing and
validating configurations� Searching across
enterprise� Understanding product
and feature usage
“When things stop working, the first thing we do is try to figure out what has changed”
–CalISO DBA
� Reduce manual labor in software life-cycle– From hours to minutes
� Automate mass provisioning of reference systems� Intelligent Cloning makes context-specific adjustments
– DB: home, host name, listener– iAS: IP address, host name, web listener
UpdateInventory
Clone to Selected Targets
2
3
Select Software (and Instances) to Clone1
“Our administrators spend about 25% of their time on installs andcloning”
-Verizon Information Services DBA
� Cloning an Entire Database– RMAN-based– Clone Library– Online (w/ Archivelog
mode)– Scheduled as EM
Job� Data+Schema Cloning
– DBLINK-based– Schema and data (sub-
set) cloning– Version and platform
independent Cloning Wizard
� Real-time discovery of new patches � Security patch rapid deployment dramatically reduces
vulnerabilities� Automated staging and application
– From hours to minutes
UpdateInventory
DetermineApplicability
2
Apply Patch3
4Patch Published1
Slammer virus exploited known security flaw to which patch was available 6 months prior to attack
� Automatic tracking by EM of critical bug advisories on MetaLink
� Daily inspection of all installations and flagging of “violators”
� In-context launch of patch wizard to deploy and apply appropriate patches
� Out-of-box policy definition� Identify security
vulnerabilities� Missing patches� Access vulnerabilities� Open ports
� Configuration best practices� Search enterprise for policy
violations� Standardize across systems
Policy
All Oracle Software1. Security alerts2. Critical patches
Host1. Detect open ports2. Detect insecure services
Application Server1. HTTPD has minimal privileges2. Use HTTP/S3. Apache logging should be on4. Demo applications disabled5. Disable default banner page6. Disable access to unused directories7. Disable directory indexing8. Forbid access to certain packages9. Disable packages not used by DAD owner10. Remove unused DAD configurations11. Redirect _pages directory12. Password complexity enabled13. Use HTTP/S
Database Services1. Enable listener logging2. Password-protect listeners3. Disable direct listener administration4. Disallow remote OS roles and authentication5. Disallow use of remote password file6. Restrict access to external procedure service
Database User Privileges1. Disable install and demo accounts2. Disallow default user/password3. PUBLIC has execute System privilege4. PUBLIC has execute Object privilege5. PUBLIC has execute UTL_FILE privilege6. PUBLIC has execute UTL_SMTP privilege7. PUBLIC has execute UTL_HTTP privilege8. PUBLIC has execute UTL_TCP privilege9. PUBLIC has execute DBMS_RANDOM10. Password complexity11. Restrict number of failed login attempts12. Authentication protocol fallback13. Connect and Resource grants
1. Insufficient Number of Control Files
2. Insufficient Redo Log Size
3. Insufficient Number of Redo Logs
4. Use of Unlimited Autoextension
5. Use of Non-Standard Init. Parameters
6. Recovery Area Location Not Set
7. Autobackup of Control File is not Enabled
8. SYSTEM TS Used as User Default TS
9. Segment with Extent Growth Policy Violation
10.Tablespace Containing Mixed Segment Types
11. Not Using Locally Managed Tablespaces
12. SYSTEM TS Contains Non-System Data Seg
13. Users with Permanent TS as Temporary TS
14. Insufficient Recovery Area Size
15. Force Logging Disabled
16. Not Using Spfile
17. Rollback in SYSTEM Tablespace
18. Not Using Undo Space Management
19. Non-uniform Default Extent Size
YesYesPolicy Management
YesNot AvailableSearching
YesYes within same hostCloning
YesNot applicable as there’s only one host and one DB
Host and DB Comparison
YesYesPatching
YesYesCritical Patch Advisory
YesInherently only one deployment, thus not applicable
Deployments Summary
Grid ControlDB Control
Model End-User Communities
Web Application
Availability and Performance may vary from location to location