X

An Oracle blog about Oracle Enterprise Manager and Oracle Management Cloud

  • March 22, 2019

Enterprise Manager on OCI Installation Phase 1 - EM App OCI Environment Prerequisites...You Must Do These Things Before Installing the EM App!

Dan Koloski
Vice President

Hi there!  If you're reading this blog post, you are either in the process of installing the new Oracle Enterprise Manager (EM) app into Oracle Cloud Infrastructure (OCI), or you are an OCI Administrator who's been asked to help your friend (an EM administrator who wants to install the EM app) with Phase 1 of the deployment process:  the required OCI Compartment setup.

Phase 1 contains some prerequisite preparation of the OCI Compartment that is required before installing the EM app, and the prerequisite steps must be done by an OCI Administrator.  The steps only take a few minutes, but THEY MUST BE COMPLETED BEFORE STARTING THE EM APP INSTALLATION OR YOUR EM INSTALLATION WILL FAIL. 

Once you have completed the prerequisite steps the person installing EM will need to use the the name of the OCI Compartment as into which you should be installing your EM app.  In the example steps below, we are assuming the OCI administrator created a compartment called...

eminfra  

OCI Compartment setup prerequisites for EM App Installation
(estimated time: 5 minutes, requires OCI Administrator role)

  1. Create a compartment for the EM App installation, and make sure the EM administrator's user account is added to the compartment.  We'll assume you've created one called "eminfra."

    Image 1:  The home page of your OCI Compartment
    Image 1:  The home page of your OCI Compartment.

     
  2. In the OCI compartment, you’ll need to create a Dynamic Group called ‘OEM_Group’ to group the instances of the Compartment and add the following rule

    ALL {instance.compartment.id = ‘<compartment ocid>’}

Image 2:  Creating a Dynamic Group for your EM instance

Image 2:  Creating a Dynamic Group for your EM instance

  1. In the OCI compartment, you’ll need to create a Policy with following rules in the root compartment of the tenancy:
Allow dynamic-group OEM_Group to manage instancefamily in tenancy Allow dynamic-group OEM_Group to manage volumefamily in tenancy

Image 3:  Creating a Policy for your EM instance

Image 3:  Creating a Policy for your EM instance

  1. In the OCI compartment, you’ll need to create a Virtual Cloud Network (VCN) with the following properties:

Public Subnet

Internet Gateway

Image 4:Creating a VCN for your EM instance

Image 4: Creating a VCN for your EM instance

  1. And you’ll need to add the following Stateful Ingress rules into the Security List of VCN you just created
Destination Port Range Protocol Type Service

22

TCP SSH
7803 TCP Console
4903 TCP Agent Upload
7301 TCP JVMD
9851 TCP BIP

Image 5:Creating a Security Rules for your EM instance

Image 5: Creating Security Rules for your EM instance

 

  1. (FastConnect Customers only) Configuring a Service Gateway: If (and only if) you are using a private subnet/FastConnect with your VCN, there are a few additional steps required to create the Service gateway, define the routing rule and egress rules.  If you are not using a private subnet/FastConnect, you can skip this section and move to the EM installation section.
  • Create the Service Gateway and “All <RegionCode> Services in Oracle Services Network”, where <regioncode> refers to the OCI region of your EM compartment. 

(FastConnect Customers only) Image FC-1.Creating a Service Gateway for your private subnet.

(FastConnect Customers only) Image FC-1.Creating a Service Gateway for your private subnet.

  • Add a new Route Rule for the Service Gateway you just created.

(FastConnect Customers only) Image FC-2.Creating a Route Rule for your new Service Gateway for your private subnet

(FastConnect Customers only) Image FC-2.Creating a Route Rule for your new Service Gateway for your private subnet.

(FastConnect Customers only) Image FC-3.Sample Egress Rules for the CIDRs associated with the US-Ashburn region.Consult OCI documentation for your own region.

(FastConnect Customers only) Image FC-3.Sample Egress Rules for the CIDRs associated with the US-Ashburn region.Consult OCI documentation for your own region.

And that's it! You're now done with the OCI prerequisites and are ready to continue with Phase 2 of the EM app deployment processAlternatively, you can return to the overview of the EM app deployment process.  

(In either case, make sure you copy and paste the Compartment Name so you can use it later). 

 

TO:  Helpful OCI Administrator

Many thanks for your help!

From:  Your Friendly EM Administrator