Enterprise Manager Cloud Control 12c Architecture
by Pete Sharman
Oracle Enterprise Manager Cloud Control 12c (referred to hereafter as EM12c) is the latest version of Oracle Corporation’s end-to-end management tool for both Oracle and non-Oracle technology. Previously known as Oracle Enterprise Manager (OEM) or Oracle Enterprise Manager Grid Control, the tool has been around for quite some time now. The 12c release, though, is a landmark version that makes huge advances in terms of both the breadth and depth of its functionality. In many ways, this release has moved Enterprise Manager from being a database administrator’s monitoring tool, to a tool that can be used to manage your entire data center. EM12c now covers several focus areas, including the following:
Coverage of all these focus areas adds up to a robust product for managing the complete data center. The rest of this book drills into the details of many of these areas. The remainder of this chapter introduces you to the basic architecture that you need to understand before delving further into the wonders of EM12c.
Architecture Overview
From an architectural perspective, EM12c is composed of five main parts:
Let’s look at each of these in more detail.
Note A discussion of the licensing for EM12c is beyond the scope of this book. (An entire licensing document is available in the Enterprise Manager documentation at http://docs.oracle.com/cd/E24628_01/license.121/e24474/toc.htm.) However, it’s worth noting that, in general, most of the basic functionality described here carries a restricted-use license and therefore is free. This restricted-use license refers specifically to Enterprise Manager, however, and many add-on options do come with license costs. Refer to the licensing documentation for full details.
The Cloud Control Console
The Cloud Control console provides the user interface that you use to access, monitor, and administer your computing environment. The console is accessed via a web browser, thus allowing you to access the central console from any location. You can customize the EM12c console much more than in previous releases, allowing you the following options:
The graphical user interface (GUI) provides a history of the most recent targets you have visited (the standard browser history is also available). In addition, you can mark pages as favorites and have them appear in a favorites list on the new menu-driven interface. Figure 1-1 shows an example of the default home page.
Figure 1-1. The new default home page in EM12c
Oracle Management Agents
An Oracle Management Agent (usually referred to as simply an agent or abbreviated to OMA) is generally installed on each host that is monitored in your computing environment. (EM12c also introduces the capability to manage environments remotely in some cases.) These agents are deployed from the console (see Figure 1-2), and then monitor all the targets that have been discovered by the agents. They are used to control blackouts on those targets, execute jobs, collect metrics, and so forth, and in turn provide details such as availability, metrics, and job statuses back to the Oracle Management Service.
Figure 1-2. User interface for managing agents within EM12c
For the EM12c release, agents were completely rewritten from the ground up for greater reliability, availability, and performance (see the upcoming section on plug-ins for details of how this was achieved). The only downside of this change is that you must use an EM12c agent to talk to the EM12c Oracle Management Service. Backward compatibility between 12c and earlier agents was lost because of the number of changes that were made in the new release.
Oracle Management Service
The Oracle Management Service (OMS) is a web-based application that communicates with the agents and the Oracle Management Repository to collect and store information about all the targets on the various agents. (Note that the information itself is stored in the Oracle Management Repository, not the OMS.) The OMS is also responsible for rendering the user interface for the console.
The OMS is installed into an Oracle middleware home, which also contains the Oracle WebLogic Server (including the WebLogic Server administration console), an Oracle Management Agent for the middleware tier, the management service instance base directory, the Java Development Kit (JDK), and other configuration files. You can install the OMS into an existing WebLogic Server (WLS) configuration if it exists, but usually it is better from an availability perspective to have it installed in a dedicated WLS home.
Oracle Management Repository
The Oracle Management Repository (also called the repository or OMR) is an Oracle database that stores all the information collected by the various management agents. It is composed of database users, tablespaces, tables, views, indexes, packages, procedures, and database jobs.
Unlike the OMS, the installation process for the OMR requires that a database already exists for the repository. This means you need to have created the database somewhere in your environment prior to installing the OMS. Again, it is typically recommended for the repository to be created in a dedicated database.
Plug-ins
Plug-ins take on a whole new meaning in EM12c. In earlier releases, plug-ins were largely system-monitoring utilities used to monitor and manage non-Oracle (heterogeneous) software including databases and middleware. Partners or Oracle Corporation itself usually built them. Some technically savvy customers built their own as well, but there weren’t many plug-ins overall.
In the EM12c release, a few of these monitoring plug-ins remain, but plug-ins have been greatly expanded to include every target type being managed. As such, there is now an Oracle database plug-in to manage Oracle databases, a Fusion Middleware plug-in to manage Oracle’s middleware, a Fusion Application plug-in to manage Oracle’s Fusion Applications product suite, and so on. Because new releases of the Oracle software will include plug-ins used to manage that software, this means EM12c (and later releases) will be able to monitor and manage those releases much more quickly than has been the case in the past. Plug-ins can be downloaded, applied, and deployed using the new Self Update functionality available from the Cloud Control console (if you have sufficient privileges to use it).
In addition, this modular plug-in architecture means that an agent is no longer configured to be able to monitor any target type. Now, an agent will download only the plug-ins that are needed for the targets that the agent is monitoring. This means the agents themselves are smaller than they were in previous releases. This change is one of the biggest improvements in the architecture of the EM12c release.
A High-Availability EM12c Configuration
In the most basic of EM12c installations, the OMS and the repository can be physically located on a single machine. However, Oracle recommends placing these two components on different machines. Figure 1-3 shows the simplest installation.
Figure 1-3. Basic EM12c architecture
Although this relatively simple architecture may be sufficient for an initial deployment, you might need to grow it into a more scalable, available architecture. There are four levels of deployment that you could use with EM12c to achieve higher scalability and availability. Of course, as in any architecture requiring both scalability and availability, trade-offs need to be made in terms of increasing cost as performance and availability increase.
Level 1
Figure 1-3 shows a level 1 deployment. The OMS and repository are installed either on a single host or, more preferably, on two separate hosts. However, neither of these hosts has any failover configured.
Level 2
For level 2, the OMS is installed on shared storage and uses VIP-based (virtual IP–based) failover. The repository database is protected by using local physical standby database technology. Usually, this means that level 2 deployments use double the number of machines used by level 1. Level 2’s active/passive configuration (albeit located locally rather than having remote passive sites), leads to a downtime window when failing over from the active site to the passive site. This architecture is shown in Figure 1-4.
Figure 1-4. Schematic diagram of a level 2 deployment
Level 3
In a level 3 configuration, the OMS is installed using an active/active configuration, requiring a local load balancer. The repository database is protected by both Real Application Clusters (RAC) and local Data Guard. This level is shown in Figure 1-5.
Figure 1-5. Schematic diagram of a level 3 deployment
Level 4
Level 4 is the deployment level providing the most scalability and availability. In this case, the OMS is running in an active/active configuration on a primary site (just like level 3), but additional standby OMS installations are at a remote site. (Note that because of network latency requirements between the OMS and the repository being less than 1 millisecond consistently, the remote site cannot be running an active OMS). This configuration requires a local load balancer at both the primary and standby sites. The repository database is again running on RAC, but in this case the standby RAC database is located at the disaster recovery site. As you can tell, this is quite a complex architecture, shown in Figure 1-6 (without all the lines of communication that would make it even harder to understand).
Figure 1-6. Schematic diagram of a level 4 deployment
You’ve now got the gist of the four possible deployment levels. Chapter 13 covers them in greater detail in the context of high availability. Also, be aware that it is possible to create configurations that do not match these levels exactly. Don’t be too surprised if someday you see a configuration slightly different from what’s just been described. EM12c provides you a great deal of flexibility.
Another important part of an Enterprise Manager installation is the Software Library. The Software Library is a storage area used for such things as patches, Self Update downloads, and gold images. It is depicted earlier, in the diagrams in the section “A High-Availability EM12c Configuration,” as shared storage sitting between the OMSs. (Figure 1-5 shows it clearly. There you’ll see the shared storage icon almost dead-center). To create the Software Library, you use the Software Library: Administration page, available from the Setup Provisioning and Patching Software Library menu path. The Software Administration page is shown in Figure 1-7.
Figure 1-7. The Software Library: Admnistration page
One important point to be aware of when creating your Software Library is that you need to ensure that the location you create the Software Library in is accessible from each OMS, if at some stage you believe your EM12c deployment will require some level of high availability. This can be achieved by using the same network file system (NFS) share mounted on each OMS, or any other technology that allows sharing file systems between machines.
The EM12c release includes several new features related to the Software Library:
Management Tools
So right about now, you’re probably asking, “Well, what about all those other management tools that Oracle has?” Often you’ll find there’s some level of confusion about what all these tools are, how to differentiate between them, and of course when to use which one. Let’s spend some time discussing that now.
First, the main point of differentiation between Cloud Control and the other Oracle management tools such as Database Control (DB Control) and Fusion Middleware Control (FMW Control) is the architecture. Cloud Control is designed to manage your entire data center, and as such it has a much more robust, multi-tier architecture than you’ll find in the other tools.
Second, the other management tools are scaled-down tools that generally connect to only a single environment at a time, rather than giving you the much broader data center–wide vision of your environment. As an example, DB Control can connect to only a single Oracle database at a time. If you want to use DB Control to manage or monitor another Oracle database, you have to first disconnect from the original database before connecting to the new one. In fact, if you don’t do that, Oracle will do it for you automatically.
Finally, there are some incompatibilities between the different tools. For example, when you create an Oracle database by using the Database Configuration Assistant (DBCA), you will be asked whether you want the database to be managed centrally (via EM12c) or locally (via DB Control). It’s an either/or decision; you can’t choose both. This incompatibility reaches its zenith with the OMR. When you install EM12c, you are prompted for the location of the repository. (The installer does not create the database for you; it simply prompts you to point to the location of an existing Oracle database somewhere in your environment.) If the database you point the installer to has been configured by DBCA to be locally managed by DB Control, you will in fact get an error from the installer indicating that the database is already locally managed. (The installer does give you the command to remove the DB Control configuration if you so choose, but won’t actually execute the command for you.)
On a final note, at the time of writing this chapter, Oracle has announced that DB Control will be desupported in database releases after 11.2. Although we don’t know yet what the new product will be called, Oracle notes, “In future Oracle Database releases, basic database management will be available through a streamlined management tool, while extensive management capabilities will exist through the latest Oracle Database plug-in deployed from Oracle Enterprise Manager Cloud Control” (see Note 1484775.1 on My Oracle Support for details).
Command-Line Tools
In addition to the GUI that most users of EM12c will use for their day-to-day work, Oracle provides two command-line tools that you need to become familiar with:
Repository Users
In terms of database users, the most important user in an EM12c installation is the SYSMAN user. The SYSMAN user has been around for a number of releases now. It is basically the owner of the database schema containing the repository. In many ways, it is akin to the SYS user in an Oracle database, and as such, should not be used apart from the first time you create another Super Administrator account (see Chapter 4 for more details on Super Administrator accounts).
Apart from the SYSMAN account, other database users are created in the repository during repository creation or upgrade. These include the following:
Not much detail is provided in the Oracle documentation on these accounts. Suffice it to say, though, that these are all special accounts that you should not drop. Nor should you change their passwords.
Repository Views
Information about administrators, targets, metrics, blackouts, and jobs is all kept in the Oracle Management Repository in a group of repository views. Although the information in these views is obviously used by the Cloud Control console to display that information to you, it can also be used in other ways, primarily by a programmer building extensibility on top of the Enterprise Manager product. As a plug-in developer, for example, you may want to extend Enterprise Manager to manage your own, custom-developed targets, or indeed expand on the target types that Oracle provides out of the box. You may also want to write your own scripts to query historical data from these views, or build your own custom reports to run from SQL Developer or other products. Clearly, a chapter on the Enterprise Manager architecture is not the place to drill into gory details on how to do all these things, but it is worthwhile to understand what these repository views are and how to find more information about them.
The repository views are documented as part of the Enterprise Manager Cloud Control Extensibility Programmer’s Reference (you can access this from the EM12c documentation located at http://docs.oracle.com/cd/E24628_01/index.htm). Chapter 18 of that online reference details the use of those views, along with a complete listing of the views displaying the column names for each view.
When you first start using a product such as Enterprise Manager Cloud Control 12c, one of the areas of greatest confusion is just how communications flow between the various parts of the product. Essentially, you need to understand three areas: the protocols involved, the ports that are being used, and whether firewalls are being used.
Protocols
Three main protocols are used to communicate between the components in an EM12c installation:
Ports
During the EM12c installation, you are prompted to supply a list of ports for entities to communicate on. A default list is provided on the Port Configuration Details page, shown in Figure 1-8. The page displays a Recommended Port Range column. The first port number listed in this column is the default port. If for any reason the default port is already used when you are doing an installation, the next port number in the Recommended Port Range will be used. Post installation, you can also find the port numbers that were used in the staticports.ini file, located on the OMS host.
Figure 1-8. The Port Configuration Details page
Firewalls
In many cases, a business will require firewalls to be used to control both outgoing and incoming network traffic. This typically involves restricting either the availability of ports or the type of traffic that can pass through a particular port. Because this restriction can be difficult to set up, it is usually recommended that firewall configuration and enablement are left until after you have deployed your Enterprise Manager configuration. However, if the firewalls are already in place, you should open the communication ports you are planning to use until the installation is complete.
Pulling these three areas (protocols, ports, and firewalls) together, the default communication flows in an EM12c installation are shown in Figure 1-9.
Figure 1-9. Ports, protocols, and firewalls in an EM12c configuration
With the new pluggable framework that is available to you in the EM12c release, you now have more options as far as authentication is concerned. The framework accepts a range of pluggable authentication schemes, enabling you to choose the methods that are most suitable to your environment. Because EM12c relies on Oracle’s WebLogic Server for external authentication, any authentication method that WLS supports can be used to authenticate to EM12c. Supported authentication methods include the following:
Summary
This chapter has introduced you to the major architectural components of Enterprise Manager Cloud Control 12c: the Cloud Control console, the Oracle Management Agent, the Oracle Management Service, the Oracle Management Repository, and plug-ins. You’ve looked at options for deploying this architecture and the authentication methods you can use to connect to EM12c. This chapter also covered the protocols, ports, and firewalls used by EM12c, so you’re now ready to drill into the installation of the product in more detail. That’s the subject of our next chapter.