CHAPTER 1

image

Enterprise Manager Cloud Control 12c Architecture

by Pete Sharman

Oracle Enterprise Manager Cloud Control 12c (referred to hereafter as EM12c) is the latest version of Oracle Corporation’s end-to-end management tool for both Oracle and non-Oracle technology. Previously known as Oracle Enterprise Manager (OEM) or Oracle Enterprise Manager Grid Control, the tool has been around for quite some time now. The 12c release, though, is a landmark version that makes huge advances in terms of both the breadth and depth of its functionality. In many ways, this release has moved Enterprise Manager from being a database administrator’s monitoring tool, to a tool that can be used to manage your entire data center. EM12c now covers several focus areas, including the following:

  • Framework and infrastructure: EM12c provides security, scalability, a rich user interface, the new Self Update functionality, and more.
  • Enterprise monitoring: You can monitor the status of your entire infrastructure, including databases, middleware, and applications. EM12c provides ways of notifying you when issues arise, resolving them, and reporting on them.
  • Cloud management: Managing the cloud is a hot topic in the industry today, and EM12c provides a range of solutions in this space, including chargeback/showback, policy-based resource management, and self-service provisioning.
  • Lifecycle management: Administering computing systems today requires many manual processes for the discovery, provisioning, patching, change management, and configuration management of those systems. EM12c automates many of these manual processes, freeing the administrator to spend more time on other, higher-priority tasks.
  • Database management: Managing databases has been a key feature of OEM since its first release. That continues in the EM12c release, including solutions around patching, upgrading, provisioning, performance tuning, data masking, and subsetting, as well as configuration and change management.
  • Middleware management: A key component of EM12c is providing comprehensive management capabilities across all of Oracle’s middleware products (including WebLogic Server, SOA Suite, Identity Management, WebCenter, and Coherence), as well as non-Oracle middleware (such as IBM’s WebSphere or JBoss Application Server).
  • Application management: Monitoring and management solutions for all the Oracle-provided applications (E-Business Suite, PeopleSoft, Siebel, JD Edwards, and Fusion Applications) come out of the box with EM12c, in addition to capabilities for managing your own custom-built or third-party applications.
  • Application performance management: EM12c delivers end-to-end monitoring of your applications, including real-user monitoring via Real User Experience Insight (RUEI) as well as synthetic-transaction monitoring via Service Level Management beacons. Other functionality introduced here includes the ability to monitor and trace business transactions, topology discovery, and Java and database monitoring and diagnostics.
  • Application quality management (AQM): Three areas of testing are provided—application testing via the Application Testing Suite product, infrastructure testing via Real Application Testing and Application Replay, and test data management functionality that includes test system creation, data masking, and data subsetting technologies.
  • Hardware and virtualization management: Complete lifecycle management is offered for both physical and virtual environments, including provisioning, patching, configuration management, administration, and monitoring. This includes managing systems running on Linux, Unix, Windows, and Oracle Virtualization Server (Oracle VM Server) operating systems, as well as providing insight into the server, network, and storage layers for systems built on top of Oracle Sun hardware.
  • Heterogeneous (non-Oracle) management: Supplying a range of extensions known as connectors and plug-ins (among others), EM12c provides capabilities to manage non-Oracle technology in addition to Oracle environments. These extensions could be built by Oracle, partners, or even customers themselves. They are based on the same management framework as the rest of the EM12c product, and so can be downloaded, imported, and deployed by the Self Update mechanism.

Coverage of all these focus areas adds up to a robust product for managing the complete data center. The rest of this book drills into the details of many of these areas. The remainder of this chapter introduces you to the basic architecture that you need to understand before delving further into the wonders of EM12c.

Architecture Overview

From an architectural perspective, EM12c is composed of five main parts:

  • Cloud Control console
  • Oracle Management Agent
  • Oracle Management Service
  • Oracle Management Repository
  • Plug-ins

Let’s look at each of these in more detail.

image Note  A discussion of the licensing for EM12c is beyond the scope of this book. (An entire licensing document is available in the Enterprise Manager documentation at http://docs.oracle.com/cd/E24628_01/license.121/e24474/toc.htm.) However, it’s worth noting that, in general, most of the basic functionality described here carries a restricted-use license and therefore is free. This restricted-use license refers specifically to Enterprise Manager, however, and many add-on options do come with license costs. Refer to the licensing documentation for full details.

The Cloud Control Console

The Cloud Control console provides the user interface that you use to access, monitor, and administer your computing environment. The console is accessed via a web browser, thus allowing you to access the central console from any location. You can customize the EM12c console much more than in previous releases, allowing you the following options:

  • Choosing your home page from various predefined pages (or indeed setting any page you want to be your personal home page)
  • Moving regions around on a target home page
  • Adding regions that might be of more interest to you than the defaults
  • Deleting regions that aren’t of interest to you

The graphical user interface (GUI) provides a history of the most recent targets you have visited (the standard browser history is also available). In addition, you can  mark pages as favorites and have them appear in a favorites list on the new menu-driven interface. Figure 1-1 shows an example of the default home page.

9781430249382_Fig01-01.jpg

Figure 1-1. The new default home page in EM12c

Oracle Management Agents

An Oracle Management Agent (usually referred to as simply an agent or abbreviated to OMA) is generally installed on each host that is monitored in your computing environment. (EM12c also introduces the capability to manage environments remotely in some cases.) These agents are deployed from the console (see Figure 1-2), and then monitor all the targets that have been discovered by the agents. They are used to control blackouts on those targets, execute jobs, collect metrics, and so forth, and in turn provide details such as availability, metrics, and job statuses back to the Oracle Management Service.

9781430249382_Fig01-02.jpg

Figure 1-2. User interface for managing agents within EM12c

For the EM12c release, agents were completely rewritten from the ground up for greater reliability, availability, and performance (see the upcoming section on plug-ins for details of how this was achieved). The only downside of this change is that you must use an EM12c agent to talk to the EM12c Oracle Management Service. Backward compatibility between 12c and earlier agents was lost because of the number of changes that were made in the new release.

Oracle Management Service

The Oracle Management Service (OMS) is a web-based application that communicates with the agents and the Oracle Management Repository to collect and store information about all the targets on the various agents. (Note that the information itself is stored in the Oracle Management Repository, not the OMS.) The OMS is also responsible for rendering the user interface for the console.

The OMS is installed into an Oracle middleware home, which also contains the Oracle WebLogic Server (including the WebLogic Server administration console), an Oracle Management Agent for the middleware tier, the management service instance base directory, the Java Development Kit (JDK), and other configuration files. You can install the OMS into an existing WebLogic Server (WLS) configuration if it exists, but usually it is better from an availability perspective to have it installed in a dedicated WLS home.

Oracle Management Repository

The Oracle Management Repository (also called the repository or OMR) is an Oracle database that stores all the information collected by the various management agents. It is composed of database users, tablespaces, tables, views, indexes, packages, procedures, and database jobs.

Unlike the OMS, the installation process for the OMR requires that a database already exists for the repository. This means you need to have created the database somewhere in your environment prior to installing the OMS. Again, it is typically recommended for the repository to be created in a dedicated database.

Plug-ins

Plug-ins take on a whole new meaning in EM12c. In earlier releases, plug-ins were largely system-monitoring utilities used to monitor and manage non-Oracle (heterogeneous) software including databases and middleware. Partners or Oracle Corporation itself usually built them. Some technically savvy customers built their own as well, but there weren’t many plug-ins overall.

In the EM12c release, a few of these monitoring plug-ins remain, but plug-ins have been greatly expanded to include every target type being managed. As such, there is now an Oracle database plug-in to manage Oracle databases, a Fusion Middleware plug-in to manage Oracle’s middleware, a Fusion Application plug-in to manage Oracle’s Fusion Applications product suite, and so on. Because new releases of the Oracle software will include plug-ins used to manage that software, this means EM12c (and later releases) will be able to monitor and manage those releases much more quickly than has been the case in the past. Plug-ins can be downloaded, applied, and deployed using the new Self Update functionality available from the Cloud Control console (if you have sufficient privileges to use it).

In addition, this modular plug-in architecture means that an agent is no longer configured to be able to monitor any target type. Now, an agent will download only the plug-ins that are needed for the targets that the agent is monitoring. This means the agents themselves are smaller than they were in previous releases. This change is one of the biggest improvements in the architecture of the EM12c release.

A High-Availability EM12c Configuration

In the most basic of EM12c installations, the OMS and the repository can be physically located on a single machine. However, Oracle recommends placing these two components on different machines. Figure 1-3 shows  the simplest installation.

9781430249382_Fig01-03.jpg

Figure 1-3. Basic EM12c architecture

Although this relatively simple architecture may be sufficient for an initial deployment, you might need to grow it into a more scalable, available architecture. There are four levels of deployment that you could use with EM12c to achieve higher scalability and availability. Of course, as in any architecture requiring both scalability and availability, trade-offs need to be made in terms of increasing cost as performance and availability increase.

Level 1

Figure 1-3 shows a level 1 deployment. The OMS and repository are installed either on a single host or, more preferably, on two separate hosts. However, neither of these hosts has any failover configured.

Level 2

For level 2, the OMS is installed on shared storage and uses VIP-based (virtual IP–based) failover. The repository database is protected by using local physical standby database technology. Usually, this means that level 2 deployments use double the number of machines used by level 1. Level 2’s active/passive configuration (albeit located locally rather than having remote passive sites), leads to a downtime window when failing over from the active site to the passive site. This architecture is shown in Figure 1-4.

9781430249382_Fig01-04.jpg

Figure 1-4. Schematic diagram of a level 2 deployment

Level 3

In a level 3 configuration, the OMS is installed using an active/active configuration, requiring a local load balancer. The repository database is protected by both Real Application Clusters (RAC) and local Data Guard. This level is shown in Figure 1-5.

9781430249382_Fig01-05.jpg

Figure 1-5. Schematic diagram of a level 3 deployment

Level 4

Level 4 is the deployment level providing the most scalability and availability. In this case, the OMS is running in an active/active configuration on a primary site (just like level 3), but additional standby OMS installations are at a remote site. (Note that because of network latency requirements between the OMS and the repository being less than 1 millisecond consistently, the remote site cannot be running an active OMS). This configuration requires a local load balancer at both the primary and standby sites. The repository database is again running on RAC, but in this case the standby RAC database is located at the disaster recovery site. As you can tell, this is quite a complex architecture, shown in Figure 1-6 (without all the lines of communication that would make it even harder to understand).

9781430249382_Fig01-06.jpg

Figure 1-6. Schematic diagram of a level 4 deployment

You’ve now got the gist of the four possible deployment levels. Chapter 13 covers them in greater detail in the context of high availability. Also, be aware that it is possible to create configurations that do not match these levels exactly. Don’t be too surprised if someday you see a configuration slightly different from what’s just been described. EM12c provides you a great deal of flexibility.

The Software Library

Another important part of an Enterprise Manager installation is the Software Library. The Software Library is a storage area used for such things as patches, Self Update downloads, and gold images. It is depicted earlier, in the diagrams in the section “A High-Availability EM12c Configuration,” as shared storage sitting between the OMSs. (Figure 1-5 shows it clearly. There you’ll see the shared storage icon almost dead-center). To create the Software Library, you use the Software Library: Administration page, available from the Setup arrow Provisioning and Patching arrow Software Library menu path. The Software Administration page is shown in Figure 1-7.

9781430249382_Fig01-07.jpg

Figure 1-7. The Software Library: Admnistration page

One important point to be aware of when creating your Software Library is that you need to ensure that the location you create the Software Library in is accessible from each OMS, if at some stage you believe your EM12c deployment will require some level of high availability. This can be achieved by using the same network file system (NFS) share mounted on each OMS, or any other technology that allows sharing file systems between machines.

The EM12c release includes several new features related to the Software Library:

  • In this release, the Software Library becomes the single location for a lot more entities, such as directives and assemblies. (These new entities are explained in Chapter 5.) Many of these entities are self-updateable, so we now have integration with Self Update.
  • Oracle has also expanded the storage-type support, so you now have support for NFS filesystems being shared between OMSs as well as any filesystem that we can reach (that is, agent filesystems can now be used to host the Software Library as well).
  • Referenced locations are now supported for the Software Library, so if you have a centralized location for serving these entities that is separate from the OMS, you can now reference those via HTTP, NFS, and so forth. In this case, the OMS stores the metadata about where this referenced location is, and the software bits are stored externally.
  • A range of other capabilities exist in this release. You can, for example, attach support notes or readme files to Software Library entities. The library includes improved search capabilities, and of course the new privilege model allows the use of fine-grained privileges for entity access.

Management Tools

So right about now, you’re probably asking, “Well, what about all those other management tools that Oracle has?” Often you’ll find there’s some level of confusion about what all these tools are, how to differentiate between them, and of course when to use which one. Let’s spend some time discussing that now.

First, the main point of differentiation between Cloud Control and the other Oracle management tools such as Database Control (DB Control) and Fusion Middleware Control (FMW Control) is the architecture. Cloud Control is designed to manage your entire data center, and as such it has a much more robust, multi-tier architecture than you’ll find in the other tools.

Second, the other management tools are scaled-down tools that generally connect to only a single environment at a time, rather than giving you the much broader data center–wide vision of your environment. As an example, DB Control can connect to only a single Oracle database at a time. If you want to use DB Control to manage or monitor another Oracle database, you have to first disconnect from the original database before connecting to the new one. In fact, if you don’t do that, Oracle will do it for you automatically.

Finally, there are some incompatibilities between the different tools. For example, when you create an Oracle database by using the Database Configuration Assistant (DBCA), you will be asked whether you want the database to be managed centrally (via EM12c) or locally (via DB Control). It’s an either/or decision;  you can’t choose both. This incompatibility reaches its zenith with the OMR. When you install EM12c, you are prompted for the location of the repository. (The installer does not create the database for you; it simply prompts you to point to the location of an existing Oracle database somewhere in your environment.) If the database you point the installer to has been configured by DBCA to be locally managed by DB Control, you will in fact get an error from the installer indicating that the database is already locally managed. (The installer does give you the command to remove the DB Control configuration if you so choose, but won’t actually execute the command for you.)

On a final note, at the time of writing this chapter, Oracle has announced that DB Control will be desupported in database releases after 11.2. Although we don’t know yet what the new product will be called, Oracle notes, “In future Oracle Database releases, basic database management will be available through a streamlined management tool, while extensive management capabilities will exist through the latest Oracle Database plug-in deployed from Oracle Enterprise Manager Cloud Control” (see Note 1484775.1 on My Oracle Support for details).

Command-Line Tools

In addition to the GUI that most users of EM12c will use for their day-to-day work, Oracle provides two command-line tools that you need to become familiar with:

  • Enterprise Manager Command Line Interface (EMCLI): This tool is largely used for scripting operations that might need to be repeated. It is a tool often used by consulting companies that make a business out of configuring EM12c, who thus have a need to execute the same operations repeatedly across different customers. EMCLI can be installed on any computer (not necessarily the OMS or OMR) simply by downloading the tool via the Cloud Control Setup menu and then following the installation instructions. Not all operations that can be performed through the GUI can be performed with EMCLI, however.
  • Enterprise Manager Control (EMCTL): This utility is used for a variety of tasks, the most important of which are starting, stopping, and checking the status of the OMS, agent, and Cloud Control itself. It is also used to secure/unsecure agents and the OMS, starting and stopping blackouts and other operations.

Repository Users

In terms of database users, the most important user in an EM12c installation is the SYSMAN user. The SYSMAN user has been around for a number of releases now. It is basically the owner of the database schema containing the repository. In many ways, it is akin to the SYS user in an Oracle database, and as such, should not be used apart from the first time you create another Super Administrator account (see Chapter 4 for more details on Super Administrator accounts).

Apart from the SYSMAN account, other database users are created in the repository during repository creation or upgrade. These include the following:

  • CLOUD_ENGINE_USER and CLOUD_SWLIB_USER are used to perform cloud operations.
  • MGMT_VIEW is used for report generation.
  • SYSMAN_APM, SYSMAN_MDS, and SYSMAN_OPSS are metadata schemas for Fusion Middleware components.
  • SYSMAN_BIP is used for Business Intelligence (BI) Publisher integration.
  • SYSMAN_RO is a general-purpose, read-only user.

Not much detail is provided in the Oracle documentation on these accounts. Suffice it to say, though, that these are all special accounts that you should not drop. Nor should you change their passwords.

Repository Views

Information about administrators, targets, metrics, blackouts, and jobs is all kept in the Oracle Management Repository in a group of repository views. Although the information in these views is obviously used by the Cloud Control console to display that information to you, it can also be used in other ways, primarily by a programmer building extensibility on top of the Enterprise Manager product. As a plug-in developer, for example, you may want to extend Enterprise Manager to manage your own, custom-developed targets, or indeed expand on the target types that Oracle provides out of the box. You may also want to write your own scripts to query historical data from these views, or build your own custom reports to run from SQL Developer or other products. Clearly, a chapter on the Enterprise Manager architecture is not the place to drill into gory details on how to do all these things, but it is worthwhile to understand what these repository views are and how to find more information about them.

The repository views are documented as part of the Enterprise Manager Cloud Control Extensibility Programmer’s Reference (you can access this from the EM12c documentation located at http://docs.oracle.com/cd/E24628_01/index.htm). Chapter 18 of that online reference details the use of those views, along with a complete listing of the views displaying the column names for each view.

Communication Flow

When you first start using a product such as Enterprise Manager Cloud Control 12c, one of the areas of greatest confusion is just how communications flow between the various parts of the product. Essentially, you need to understand three areas: the protocols involved, the ports that are being used, and whether firewalls are being used.

Protocols

Three main protocols are used to communicate between the components in an EM12c installation:

  • Hypertext Transfer Protocol (HTTP) or Hypertext Transfer Protocol/Secure (HTTP/S): These are the underlying protocols used by the World Wide Web. They define how messages are transmitted and formatted, as well as the actions that browsers and web servers take in response to different commands. HTTP and HTTP/S are used to communicate between the OMA, OMS, and OMR. For security reasons, Oracle typically recommends using HTTP/S rather than HTTP.
  • Java Database Connectivity (JDBC): This Java standard is used by the OMS to communicate with the repository, as well as to communicate with any database targets.
  • Internet Control Message Protocol (ICMP): This protocol is used by the OMS to communicate with a host, to check the status of the host. Essentially, a ping command is used to check its status.

Ports

During the EM12c installation, you are prompted to supply a list of ports for entities to communicate on. A default list is provided on the Port Configuration Details page, shown in Figure 1-8. The page displays a Recommended Port Range column. The first port number listed in this column is the default port. If for any reason the default port is already used when you are doing an installation, the next port number in the Recommended Port Range will be used. Post installation, you can also find the port numbers that were used in the staticports.ini file, located on the OMS host.

9781430249382_Fig01-08.jpg

Figure 1-8. The Port Configuration Details page

Firewalls

In many cases, a business will require firewalls to be used to control both outgoing and incoming network traffic. This typically involves restricting either the availability of ports or the type of traffic that can pass through a particular port. Because this restriction can be difficult to set up, it is usually recommended that firewall configuration and enablement are left until after you have deployed your Enterprise Manager configuration. However, if the firewalls are already in place, you should open the communication ports you are planning to use until the installation is complete.

Pulling these three areas (protocols, ports, and firewalls) together, the default communication flows in an EM12c installation are shown in Figure 1-9.

9781430249382_Fig01-09.jpg

Figure 1-9. Ports, protocols, and firewalls in an EM12c configuration

Authentication in EM12c

With the new pluggable framework that is available to you in the EM12c release, you now have more options as far as authentication is concerned. The framework accepts a range of pluggable authentication schemes, enabling you to choose the methods that are most suitable to your environment. Because EM12c relies on Oracle’s WebLogic Server for external authentication, any authentication method that WLS supports can be used to authenticate to EM12c. Supported authentication methods include the following:

  • Repository-based authentication: In this default authentication option that you might be familiar with from previous releases of Enterprise Manager, you are prompted for a username and password. Standard password options—such as password lifetime, password grace, number of failed attempts, and password complexity—are available with this authentication method.
  • Single sign-on authentication: If you use single sign-on (SSO) authentication in your enterprise, you can register those SSO credentials as an administrator in EM12c. You can then use those credentials to access the Cloud Control console.
  • Oracle Access Manager SSO authentication: Oracle Access Manager (OAM) is the SSO solution supplied with Oracle’s Fusion Middleware product. Again, if you are using OAM SSO, you can register those credentials as an administrator in EM12c and use them to access the console.
  • Enterprise User Security authentication: EUS allows you to create and store enterprise users and roles as directory objects in a directory server compliant with the Lightweight Directory Access Protocol (LDAP). You can then use EMCTL to set some properties to allow you to drill into those databases without displaying the standard logon pages.
  • LDAP authentication: In previous releases of Enterprise Manager, LDAP authentication was allowed, but it was restricted to Oracle’s LDAP solution, Oracle Internet Directory (OID). In the 12c release, that has now been extended to allow you to use Microsoft’s Active Directory product in addition to OID.

Summary

This chapter has introduced you to the major architectural components of Enterprise Manager Cloud Control 12c: the Cloud Control console, the Oracle Management Agent, the Oracle Management Service, the Oracle Management Repository, and plug-ins. You’ve looked at options for deploying this architecture and the authentication methods you can use to connect to EM12c. This chapter also covered the protocols, ports, and firewalls used by EM12c, so you’re now ready to drill into the installation of the product in more detail. That’s the subject of our next chapter.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset