Wednesday Feb 25, 2015

Editing EM12c Jobs in Bulk

I recently received requests for suggestions on how to edit EM12c jobs in bulk. The two examples that were presented to me were:

  1. Change the start time of 70+ jobs
  2. Change the oracle home path in 80+ RMAN script jobs

So how do we do this?

Read More

Tuesday Feb 24, 2015

Q&A: The Cloud Journey with Enterprise Manager

On last week's Enterprise Manager webcast, we had a great opportunity to catch up on the latest product news and hear how Enterprise Manager is helping companies transition to the cloud. We specifically focused on new capabilities around Platform as a Service for databases and middleware. You can still view the webcast on demand.

As a speaker on the webcast, I really enjoyed seeing the high number of questions in the text chat window - that's maybe the most fun part! Here are some of the questions & answers we had. (They've been slightly edited for clarity.) As always, you're welcome to comment via the blog.

Q: Do you recommend a DBA onsite or do you provide DBA support?
A: Either way. You can have your own DBA managing your database private cloud, or hire a consultant from Oracle or an Oracle partner. The important thing is that a DBA can support many more databases once users have self-service.

Q: Please explain provisioning of a schema in the database.
A: Schema as a Service allows you to deploy a schema and use it as if it were a separate DB - but with the benefits of consolidated management at the DB layer. In Database 12c, this is achieved using multi-tenant, pluggable DBs.

Q: What is Showback?
A: Showback is like chargeback, except that no money actually changes hands. IT is just showing the users how many resources they used.

Q: In Database Replay, does the workload run on an actual production-like environment, or is it just a simulation?
A: Database Replay allows you to replay the captured workload on the actual proposed environment. This is often useful for upgrade exercises and testing new configurations.

Q: Yes, but if consolidation is in planning stage, then the actual proposed environment won't be there. Are you talking about proposed environment in the cloud only?
A: Using Consolidation Planner, you can simulate the workload and arrive at the target environment requirement for a specific set of workloads. Also, using Real Application Testing and SQL Performance Analyzer, you can test using captured workloads and replay them. 

Q: Can EM provision MS SQL Server, and can EM provision in the Azure or Amazon cloud?
A: EM has no out of box capabilities for provisioning non-Oracle DBs. Current capabilities are focused on private cloud. Provisioning for public cloud is on the roadmap.

Q: Can you buy plugins for MS SQL Server?
A: Yes, plugins are available for non-Oracle DBs, including SQL Server, Sybase, DB2. The Oracle Extensibility Exchange on OTN has a list of available plugins from Oracle and from third party sources.

Q: I have a customer that wants to use Azure Pack as their provisioning UI. Can EM talk to Azure Pack in order to do this?
A: Yes, your customer can use Oracle Cloud APIs and build the relevant application for provisioning.

Q: So would Oracle Cloud APIs be an integration layer to Azure Pack?
A: You need to write your own code to integrate the Oracle private cloud solution into any third party solution.

Q: What's difference between full and snap clone?
A: As the names suggest, a full clone is a copy of the source database - it will occupy the same amount of space as the source. Snap Clone is a sparse copy of the source database, where the copy will occupy very little space on the disk as it uses copy-on-write storage technology.

Q: So Snap Clone only stores the changes and reads most data from the source?
A: Snap Clone stores only changes made in the clone copy. 

Q: In Snap Clone, what is the continuous refresh from production?
A: When you clone a database (typically from production to either a test or dev environment), there may be a need to refresh the clone on a regular basis.

Q: What is drift tracking?
A: Using the new configuration management features, you can define a configuration standard for your databases. If there is a deviation, you can get a report (typically called) drift analysis.

Q: What are some of the critical security-related configurations that you recommend for DB12c?
A: EM12c can be used to track and enforce compliance, including industry standards such as PCI or customer policies created and monitored by EM itself. 

Q; With self-service DBaaS, can the end user can update or upgrade the database or DB home?
A: The end user (Self Service User) can upgrade the database service that he/she created earlier. Only Cloud Admin can upgrade Oracle Homes.

Q: Can you explain this with an example?
A: The Cloud Admin will upgrade all Oracle Homes in a Pool to the next patchset release. Now, SSA users can subscribe to upgrade the database services they created. If SSA users do not do so by a certain time, the Cloud Admin can force-upgrade their databases.

Q: What is the difference between a hosting environment and a cloud?
A: Resource abstraction, metering, chargeback, self-service, and a few other things are industry-accepted characteristics of a cloud.

Q: Is dev/test in the public cloud, and production in the private cloud, the most common architecture?
A: It's definitely very common. Dev/test environments are often temporary in nature and that lends itself very well to public cloud.

Q: What's the difference between Exadata and Exalogic?
A: Both are Oracle hardware systems. Exadata is optimized for databases, whereas Exalogic is meant for Oracle middleware and applications.

Q: Thank you for answering all my questions. Great webcast!
A: Thanks so much! Glad we got the opportunity to share the news.

Wednesday Feb 18, 2015

Test Drive Oracle Enterprise Manager at a City Near You

Are you tired of watching product demos? Prefer to try products for yourself? Then this is for you.

Oracle is currently running a workshop series called Oracle Database as a Service Test Drives. You bring your laptop, connect to live Oracle Database 12c and Oracle Enterprise Manager 12c instances, and try our latest database cloud management solution for yourself.

The day begins with an overview of DBaaS benefits and the architectural choices for building your enterprise cloud (OK, the introduction is actually a PowerPoint presentation!) You then use a step-by-step workbook that guides you throughout the day through the steps of creating a database cloud environment. The event is perfect for DBAs, application developers, IT managers and anyone involved in private cloud deployments.

These are the workbooks we’ll go through:

  • Database as a Service using Snap Clone – self service
  • Database as a Service using pluggable databases (PDB) – self service
  • Database as a Service setup for cloud administrators
  • Cloud management – chargeback and metering
  • Database consolidation testing with Real Application Testing
  • Database lifecycle management with Enterprise Manager 

Looks interesting? Register for an event near you.

Wednesday Feb 11, 2015

Webcast: Accelerate Your Cloud Journey With Enterprise Manager (February 17)

Webcast: Accelerate Your Cloud Journey

On February 17, join us for a webcast about the journey to the cloud with Oracle Enterprise Manager 12c. (If you can't make it, you can watch the webcast later on demand.)

Last month, Oracle announced a new release of Enterprise Manager with many new cloud management capabilities, especially around Database as a Service and Middleware as a Service. This is a good opportunity to learn how the new capabilities fit into the overall cloud story.

On the agenda:

  • The Cloud Journey
  • Private Cloud Platform as a Service
  • Making the Journey with Enterprise Manager 12c
  • Customer Case Studies
  • Looking Ahead: The Hybrid Cloud

Register here

Monday Feb 02, 2015

Snap Clone using EMC SAN and ASM

Recently we announced the latest update to Enterprise Manager Cloud Control 12c Release 4.  One of the enhancements in that release is support for Snap Clone on Automatic Storage Management (ASM) and EMC Storage.  Before we examine the details of this specific enhancement, let's look at a quick refresher on what Snap Clone provides for you.

What is Snap Clone?

Snap Clone is a storage agnostic and self service approach to creating rapid and space efficient clones of large databases (and by large, we’re talking terabytes or more). Now that’s probably more buzz words in one sentence than anyone’s brain can deal with without exploding, so let’s explain some of those terms more:
  • Storage agnostic – by that I mean Snap Clone supports all storage vendors, both NAS and SAN. It can leverage storage layer APIs or layer a ZFS filesystem on top to provide copy on write.
  • Self service – in the XaaS world – where X can be any of I, MW, P and DB :) – one of the key features is empowering the end user to do the work, rather than waiting on some techie to find time in their otherwise busy schedules. So it’s the end user who makes the adhoc clones here, not the storage admin
  • Rapid – People simply don’t have the time to wait weeks for provisioning to happen any more, so you have to support the functionality to clone databases in minutes rather than the days or weeks things used to take.
  • Space efficient – When you’re working with terabyte or larger databases, you simply may not have the storage to create full-sized clones, so you have to significantly reduce the storage footprint to start with.
Over the various EM releases,  more and more functionality has been added to Snap Clone:
  • EM12cR2 provided Snap Clone for NAS storage (NetApp and Sun ZFSSA).  It provided RMAN backup based clones, and included the Snap Clone Analyzer to show you the storage savings you could make using Snap Clone
  • EM12cR3 added in support for Snap Clone using the Solaris File System (ZFS) and admin flows for Snap Clone for PDB’s (pluggable databases)
  • EM12cR4 added a lot more:
    • Snap Clone using CloneDB – this is the biggie, as it means Snap Clone can now be used with ANY Oracle database release that supports CloneDB, regardless of what storage it’s on
    • Data Guard standby as a test master – allows offloading the impact of creating the test master from your Production environment
    • NetApp Ontap 8.x cluster mode support
    • Certification for engineered systems, with I/O over Infiniband
    • Support for NFSv4
  • And in the latest plugin update that's just been shipped, we added:
    • Integrated data lifecycle management
    • Snap Clone using EMC SAN and ASM
    • Admin flows for test master creation
    • Integration with masking, patching, upgrades etc.

Snap Clone using EMC SAN and ASM

Most NAS technologies offer storage efficient clones in the form of Snapshots. The snapshots make use of underlying volumes, knows as flexvols (Netapp) or shares (ZFS). Unfortunately, SAN storage does not provide native snapshotting capability unless a file is created on it by leveraging TCP/IP over iSCSI over Ethernet. However this defeats the purpose of having high speed fiber channel fabric, not to mention that it makes little sense to overlay SAN with a filesystem. Another complaint we heard from our customers is that cloning is a data intensive operation that could flood the corporate IT backbone if Ethernet is used. Consequently, lot of our customers want native support for SAN for cloning purposes, especially, the ones who run ASM on SAN. And they are quite a lot in number.

Using Snap Clone on ASM and EMC storage provides the ability to create ‘live’ thin clones of databases that are on ASM. A live clone is NOT snapshot based but rather a live copy of the database, residing on copy-on-write storage technology, that can be within the same cluster or indeed another one. Both single instance and RAC are supported – supported versions are 10.2.0.5 or higher of the database, 11.2 and higher of the Grid Infrastructure code. This functionality works on both EMC VMAX (with Time Finder VPSnap) and VNX storage appliances.

Diagrammatically, the configuration looks like this:



Why Use Snap Clone with EMC SAN and ASM

There are a number of major challenges that Snap Clone can be used to address:
  1. Lack of automation - Manual tasks such as provisioning and cloning of new databases (for example, for test or development systems) is one area that many DBA’s complain is too time consuming. It can take days to weeks, often because of the need to coordinate the involvement of different groups, as shown in the image below:

  2. When an end user, be it a developer or a QA engineer, needs a database he or she typically has to go through an approval process like this, which then translates into a series of tasks for the DBA, the sysadmin and storage admin. The sysadmin has to provide the compute capacity while the storage admin has to provide the space on a filer. Finally, the DBA would install the bits, create the database (optionally on Real Application Clusters), and deliver that to the user. Clearly, this is a cumbersome and time-consuming process that needs to be improved on.

  3. Database unfriendly solutions – Obviously, when there is a need looking for a solution, different people take different approaches to solving that need. There are a variety of point solutions and storage solutions out there, but the vast bulk of them are not database aware. They tend to clone storage volumes rather than databases and have no visibility into the database stack, which of course makes it hard to triage performance issues as a DBA. They also lack the ability to track configuration, compliance and data security issues, as well as having limited or no lifecycle capabilities. As mentioned before, DBAs would like to leverage the native FDDI protocol of SAN for cloning.  This will make cloning fast and efficient without disrupting regular network traffic.

  4. Storage issues and archaic processes – Of course, one of the main issues is storage. Data volumes are ever increasing, particularly in these Big Data days, and the growth can often outpace your storage capacity. You can throw more disks at the problem, but it never seems to be enough, and you can end up with degraded performance if you take the route of sharing clones between users. There can also be different processes and different priorities between the storage team and the DBA team, and you may still have fixed refresh cycles, making it difficult to clone on an adhoc basis.
So the end result of all of this is that far too often, there are competing priorities at odds. Users want flexibility – simplified self service access, rapid cloning, and the ability to revert data changes. IT, on the other hand, want standardization and control, which allows a reduction in storage use, reduction in administrative overhead, visibility into the complete database stack and lineage tracking.  

Snap Clone on EMC storage helps you to address all these competing priorities, using hardware you may already own.  Indeed, EMC is well established as an Oracle database storage vendor over many years, and that integration has become tighter and tighter over the past few years.  In addition to that, the actual setup and configuration can be simpler than is the case when using other hardware, as you do not need to create Database Profiles in this configuration.  Service Templates are created directly on either a single instance or RAC database that resides on ASM.  Because you're using this combination of ASM and EMC SAN storage, the database is already Snap Clone enabled as it resides on copy-on-write storage technology.

In my next post, I'll discuss more details of what else is new in the Snap Clone product in this latest release, so stay tuned for more details on that soon!

For More Information

You can see more details on how you actually set Snap Clone up on EMC storage by viewing the following screenwatches:

For more details on using Enterprise Manager Cloud Control 12c to provide Database as a Service functionality, visit the OTN page located here.

Stay Connected:
Twitter |
Facebook | YouTube | Linkedin | Newsletter
Download the Oracle Enterprise Manager 12c Mobile app

Tuesday Jan 13, 2015

New Enterprise Manager Release Delivers Adaptive Private PaaS

We are pleased to announce an update to Oracle Enterprise Manager Cloud Control 12c Release 4. The update is now available on OTN.

So what exactly is adaptive private PaaS?

Recent releases of Enterprise Manager have expanded capabilities around Platform as a Service (PaaS) delivery in your private cloud. In particular, the EM Cloud Management Packs have focused on two critical areas for Oracle customers: Database as a Service (DBaaS) and Middleware as a Service (MWaaS).

In this release, these PaaS capabilities have become more adaptive to complex, rapidly growing environments. Let's look at 3 areas where database and middleware users and managers will benefit.

Controlling Expanding Database as a Service Environments

Rapid adoption of database as a service can lead to even faster growth in the number of database instances and the number of database versions and configurations. This can severely impact your management costs and could even cripple your database as a service initiative. The new release enhances our solution to this problem:
  • Configuration standardization with integrated advisory, to detect differences across databases and eliminate configuration drift
  • Database fleet patching using minimum downtime techniques, to bring database configurations back into compliance
  • Rules for custom placement, to intelligently find a suitable target for database placement, based on current load, current population and placement constraints

A database as a service approach can improve service to database users while simultaneously reducing database management costs. 

Developing More Rapidly, with Increased Security

Agile application development and testing requires convenient access to up-to-date test data. The Enterprise Manager Snap Clone feature gives DBAs, developers and QA engineers direct access to self-service cloning, so they can create fully functional copies of production databases within minutes. This release introduces several exciting new Snap Clone capabilities:
  • Continuous data refresh from the source database. As your production system gets updated, you can continuously refresh your test data.
  • Integrated data masking, subsetting and patching. Use the Enterprise Manager Data Masking and Subsetting Pack together with Snap Clone to keep your test databases lean and free of sensitive information, and keep them up to date with the latest PSUs and patch sets.
  • Restore a database to a previous point in time with a convenient calendar view.
  • Snap Clone support on EMC VMAX and VNX Block Storage. This adds to Snap Clone's native support for Oracle ZFS Storage Appliance and NetApp Storage Appliance in addition to generic support of other storage systems.
Software developers can also take advantage of new test-to-production (and reverse) cloning of SOA, OSB and WebCenter environments with application artifacts automation.

Flexible APaaS Service Catalogs

If you're providing middleware (e.g. an application platform) as a service to application developers, you now have additional ways to adapt these services to developers' needs.
  • More APaaS catalog options. In addition to Java apps and WebLogic Server, you can offer SOA, OSB and WebCenter in your self-service portal for easy, template-based provisioning.
  • Updated REST API support for new service catalog options, for easy integration with 3rd party orchestration tools and service desks.
  • Sharing of service instances among self-service users, for an efficient, consolidated platform on which to provision middleware services.
For a more comprehensive list of updates, please visit Database as a Service and Middleware as a Service on OTN. In addition, we will post several articles about the new DBaaS and MWaaS capabilities on this blog over the next few weeks.

Tuesday Nov 25, 2014

Monitoring NFS mounted file systems using EM12c

A customer recently asked me how they could monitor and alert against all the NFS mounted file systems across their datacenter. Here is a quick guide to do the same.

Read More

Monday Nov 24, 2014

Download Urls for Self Update Entities in Offline Mode

Many enterprises run their EM 12c environments in the offline mode (no direct internet connection). These customers have the additional task of downloading the plug-ins, connectors, agents, etc on a machine with access to internet, and then upload them to EM. The current solution makes the task of fetching the download url rather cumbersome, so in this blog i discuss a quick hack to list all download urls for plug-ins and agents.

Read More

Thursday Nov 13, 2014

Will the REAL Snap Clone functionality please stand up?

Possibly one of the least known pieces of functionality that is provided as part of the Enterprise Manager Cloud Control 12c product suite is the Snap Clone product. In simple terms, Snap Clone is a storage agnostic self service approach to rapidly creating space efficient clones of large databases (and by large, we're talking terabytes or more).  I blogged on that a few months back, but a few months can be an eternity in software development terms, so here's an update that covers not just the functionality in the product but also addresses some of the misleading statements some of our competitors have been making about it of recent times.

Friday Oct 24, 2014

Get Compliant with Oracle Java VM Database PSU OCT 2014 using EM12c

Check for compliance and automate patching of Oracle Database fleet using EM12c

Oracle along with its regular Quarterly Database PSU/SPU/CPU update this October 2014 released Oracle JAVA VM PSU patch, the patch is recommended to be applied to all databases in your fleet (esp. the ones that uses JAVA).  (For more information, support Note- 1929745.1 explains it in detail).
The mandate primarily is to apply the patches against the databases that use JAVAVM option. Ideally, you would need to apply it against all databases, so in case a new database is created in the ORACLE_HOME it is covered.

Oracle Enterprise Manager 12c provides support features of Compliance Management and automated Patching of databases. Using both these features you could identify the databases in your fleet that needs the patch and automate applying them.  

To get started, download the starter kit here. It contains utilities to jump start on your compliance, the kit contains a readily importable Compliance Standard and a step-by-step guide.

[Read More]

Wednesday Jul 23, 2014

EM12c Release 4: Upgrading Agents with Ease

Now that Enterprise Manager 12cR4 has been out for a little while, more people are getting around to upgrading their agents.  Since the monthly Patch bundles were released we already have a few Agent side patches that we want to apply to our newly upgraded agents.  I’ve written about simplifying your agent patching before, but this feature still seems to fly under the radar.  It’s days like these that I miss running a massive Enterprise Manager with thousands of databases, because this is one of the things that would have made me dance in my cubicle.

Let's say, you have 100 12.1.0.3.0 agents (50 with Database plug-in, 50 with Middleware plug-in).  In my previous blog on EM patches, I explained the different types of patches available for EM, so I’m not going to go into detail here.   What I'm going to illustrate is how we can upgrade those 100 agents, and patch them with the following patches in one step (current as of today):

[Read More]

Thursday Jul 17, 2014

Patching 101 - The User Friendly Guide to Understanding EM Patches

There was a conversation on twitter last week about available patches for Enterprise Manager (EM) 12.1.0.4, and it got a little deeper than 140 characters will allow.  I've written this blog to give a quick Patching 101 on the types of EM patches you might see and the details around how they can be applied.

OMS Patches

The core Enterprise Manager system is typically patched with the quarterly PSU patches (released Jan, Apr, July, Oct) or a one-off when directed by support for a critical issue.  PSU patches will be cumulative, so you need not apply each of them, just apply the latest.  The OMSes must be shutdown during patching, however some patches are being released with rolling patch instructions for multi-OMS systems.  These patches must be applied at the host level, and cannot be automated via EM.   ALWAYS read the readme, yes every time.  The patching steps can change from patch to patch so it's critical to read the readme. OPatch or OPatchauto will be used to apply these patches.  Did I mention to read the readme for every patch?  It's also important to note that there may be additional steps when patching in a multi-OMS or standby environment, so read the output of OPatchauto carefully.

Always download the latest OPatch release for the appropriate version.  If you read the readme, you already know this!   Download patch 6880880 for 11.1 (the OPatch version used by EM) and unzip into the $ORACLE_HOME.  Most errors in patching are related to not updating OPatch. 

For more information on PSU Patches and patching EM:
Oracle Enterprise Manager Cloud Control Administrators Guide - Chapter 16 Patching Oracle Management Server and the Repository
EM 12c Cloud Control: List of Available Patch Set Updates PSU (Doc ID 1605609.1)
How to Determine the List of Patch Set Update(PSU) Applied to the Enterprise Manager OMS and Agent Oracle Homes? (Doc ID 1358092.1)

Each plug-in has binaries that will require patches as well.  Same downtime requirements apply for plug-in patches as the quarterly PSUs.  Starting in 12.1.0.3, the plug-in patches are being released as a monthly bundle.  This means that if you have 6 plug-ins, you may have 6 OMS side patches to apply - 1 for each plug-in.  Bundles are not always released for every plug-in every month.  They are cumulative, so pick the latest.

Starting with 12.1.0.4, the individual OMS-side plug-in bundles are being grouped into a System  Patch each month. So for example, in June 2014 the System patch includes MOS, Cloud, DB, FA, FMW, SMF, and Siebel plug-ins.  Non-required patches will be skipped.

For more information on the EM Patch Bundles and Patching EM:
Enterprise Manager 12.1.0.4.0 (PS3) Master Bundle Patch List (Doc ID 1900943.1)
Enterprise Manager 12.1.0.3 Bundle Patch Master Note (Doc ID 1572022.1)

Agent Patches

Agent patches are applied to each agent.  They can be applied via EM using the MOS patch plans, which makes it a lot easier when you have 100s or 1000s of Agents to patch!  The Patch Plans will start a blackout, validate prerequisites, check for conflicts, and update OPatch for you.  If you don't use the Patch Plan you can patch manually with OPatch, don't forget to read the readme!  The Agent must be shutdown during the patch application.  There are 4 main types of Agent patches you will see:

  • Core Agent - Starting with 12.1.0.3.0 the core Agent will have monthly patch bundles .  These are also cumulative, so my recommendation is to apply the latest one.  
  • Agent-side Discovery Plug-in - This is the lightweight piece of the plug-in used for target discovery.  Discovery plug-in patches are cumulative with other discovery plug-in patches for that component. 
  • Agent-side Monitoring Plug-in - This is the more detailed monitoring side of the plug-ins for the required components.  Monitoring plug-in patches are cumulative with other monitoring plug-in patches for that component.   So if there's a Discovery and Monitoring patch available for the DB Plug-in, you need to apply both of them.  
  • JDBC patches for the Agent will be JDBC version 11.1.0.7.0.  These patches do get applied to the Agent, and can be applied via the Patch Plans.  

You can apply the latest Agent bundle, JDBC patch and the plug-in bundles in one patch plan.   If there's a conflict, you'll be notified.   If the Agents you've selected don't have specified plug-ins, you'll also receive notice during the analyze step.  As of now, for my 12.1.0.4 agents, I would apply the 12.1.0.4.1 patch (18873338) and the two available plug-in agent patches DB monitoring (19002534) and FMW monitoring (18953219) and the latest JDBC patches (18502187,18721761) all in one patch plan.

I discovered a new feature in 12.1.0.4 while testing this.  Normally you had to have Normal Oracle Home preferred credentials set for all Agent targets to patch, or select Override and specify the Normal Oracle Home credentials.   In 12.1.0.4, the Agent uses it's internal credentials to Patch itself, so setting preferred credentials or specifying at run-time is not required.  The user patching would require the Manage Target Patch and Patch Plan privileges.  

For more details on Agent patching:
Oracle Enterprise Manager Cloud Control Administrators Guide - Chapter 17 Patching Enterprise Manager Agents 
Simplified Agent and Plug-in Patching

Infrastructure

The OMS and Agent are the key components, and my main focus here.  However it's important to keep the infrastructure stack up to date as well.  This includes the Oracle Fusion Middleware and Oracle Database that are used for EM.   The recommendation is to follow the best practices for each of these components, and regularly update with the PSU patches available.   The following reference notes will help in identifying the current PSU patches.   The WebLogic Server version used by EM 12c is 10.3.6. 

Oracle Recommended Patches -- Oracle Database (MOS 756671.1)
Master Note on WebLogic Server Patch Set Updates (PSUs) (MOS 1470197.1)

Summary

Hopefully this will help you understand the various types of components involved with keeping EM up to date.   Obviously, you may not want to patch each month and maybe not every quarter, but the patches are available to keep the software up to date and make things easier to apply in bundles.  You'll want to setup a plan for planned software maintenance in your environment.  There's a whitepaper Oracle Enterprise Manager Software Planned Maintenance that will help guide you through the best practices.  

Tuesday Jul 01, 2014

Limit Self Service User Access to Database Self Service Portal

When implementing database as a service and/or snap clone, a common request was for a way to hide the other service types like IaaS, MWaaS, etc from the self service portal for the end users. Before EM12c R4, there was no way to restrict the portal view. Essentially, any user with the EM_SSA_USER role would be directed to the self service portal and would then be able to see all service types supported by EM12c.


Of course, you could always set Database as your default self service portal from the 'My Preferences' pop up, but this only helps with their post-login experience. The end user still gets to see all the options as shown in screen above.


In EM12c R4, a new out of the box role called EM_SSA_USER_BASE has been introduced. This role, by default, does not give access to any portal, that is an explicit selection. Here is how you use this role:

1. Create a custom role and add the EM_SSA_USER_BASE role to it.


 2. Now in the Resource Privileges step, select the Resource Type 'Cloud Self Service Portal for Database', and edit it


3. Check the 'Access the Cloud Self Service Portal for Database.' privilege. Finish the rest of the wizard.


 Now, when a user with this custom role accesses the self service portal, they can only do so for databases and nothing else.


While the EM_SSA_USER role will continue to work, we recommend you start using the new EM_SSA_USER_BASE role. For more details on DBaaS or Snap Clone roles, refer to the cloud admin guide chapter on roles and users.

-- Adeesh Fulay (@AdeeshF)


Friday Jun 27, 2014

Convert Crontab to Enterprise Manager Jobs

Surprisingly, a popular question posted on our internal forum is about the possibility of using the Enterprise Manager (EM) Job System to replace customer’s numerous cron jobs. The answer is obviously YES! I say surprisingly because the EM Job system has been in existence for around 10 years (I believe since EM 10.2.0.1), and my hope was that, by now, customers would have moved to using more enterprise class job schedulers instead of cron. So, here is a quick post on how to get started with this conversion from cron to EM Jobs for some of our new users.

Benefits of EM Job System

 Before we learn about the how, let’s look at the why. The EM job system is:

  • Free - (Yes, I said free) It is included with the base EM at no cost.
  • Flexible - It supports multiple options for scheduling, notification, authentication, etc
  • Infinitely scalable - the job system seamlessly scales to every new Oracle Management Server (OMS). In fact, in case of OMS failures, the job steps are automatically picked up by the next available OMS without affecting the job execution.
  • General purpose - General purpose since it provides numerous out-of-the-box job types like run OS command, start/stop, backup, SQL Script, patch, etc that span multiple target types. As of today, there are over 50 job types available in the product.
  • Enterprise grade - It allows users to automate multiple administrative tasks like backup, patching, cloning, etc across multiple targets. Customers have not only converted their cron jobs to EM, but have also replaced other enterprise tools like Autosys and migrated 1000s of jobs to EM Job System.
  • APIs - Jobs can be scheduled and managed from the UI and using EMCLI (the command line interface).

Now back to our topic.

The Conversion Process

Let’s start with a sample crontab that we want to convert.

Sample Crontab

A cron expression consists of 6 fields, where the first 5 fields represent the schedule, while the last field represents the command or script to run.

 Field Name
Mandatory?  Allowed Values
 Allowed special characters
 Minutes  Yes 0-59  * / , -
 Hours  Yes  0-23  * / , -
 Day of month
Yes  1-31 * / , - ? L W
 Month Yes  1-12 or JAN-DEC
* / , -
 Day of week
Yes  0-6 or SUN-SAT
* / , - ? L #

Cron jobs run on the operating system, often using the native shell or other tools installed on the operating system. The equivalent of this capability in Enterprise Manager is the ‘OS Command’ job type. Here are the steps required to convert the first entry in the crontab to an EM job:

1. Navigate to the Job Activity page
Job activity menu

2. Select the ‘OS Command’ job and click Go
OS Command

A 5-tab wizard will appear. Let’s step through this one by one.

3. Select the first tab called ‘General’. Here provide a meaningful name and description for the job. Since this job will be run on the Host target, keep the target type selection as ‘Host’. Next, select all host targets in EM that you wish to run this script against.

While cron jobs are defined on a per host bases, in EM a job definition can be run and managed across multiple hosts or groups of hosts. This avoids having to maintain the same crontab across multiple hosts.

General

4. Select the ‘Parameters’ tab. Here enter the command or script as specified in the last field of the crontab entry. When constructing the command, you can make use of the various target properties.
Parameters tab

5. Next select ‘Credentials’. Here we provide the credentials required to connect to the host and execute the required commands or scripts. Three options are presented to the user:

  • Preferred – default credential set for the host
  • Named - Credentials are stored within Enterprise Manager as "named" entities. Named credentials can be a username/password, or a public key-private key pair. Here we choose pre-created named credentials
  • New – This allows us to create and use new named credential

Note: If your OS user does not have the required privileges to execute the set command, Named Credentials also support use of sudo, powerbroker, sesu, etc.

Credentials tab

6. Next, we set the schedule and this is where it gets interesting. As discussed before, crontab uses a textual representation for the schedule, while EM Job system has a graphical representation for the schedule.

Our sample schedule in the crontab is ‘00 0 * * Sun’. This translates to a weekly job at 12 midnight on every Sunday. To set this in EM, choose the ‘Repeating’ schedule type. The screenshot below shows all the other selections.
Schedule tab

 The key here is to select the correct ‘Frequency Type’, the rest of the selections are quite obvious. This also lets you choose the desired timezone for the schedule. Your options are to either start the job w.r.t a fixed timezone, or start it in individual target's timezone. The latter is very popular, for example, I want to start a job at 2 AM local time in every region around the world.

Another selection of note is that for ‘Grace Period’. This is an extremely powerful feature, but often not used by many customers. Typically, we expect jobs to be started within a few seconds or minutes (based on the load on the system and number of jobs scheduled) of the start time, but a job might not start on time for many reasons. The most common reasons are the Agent being down or due to a blackout. The grace period controls the latest start time for the job in case the job is delayed, else its is marked as skipped. By default, jobs are scheduled with indefinite grace periods, but I highly recommend setting a value for it. In the sample above, I set a 3 hr limit which may seem large but given the weekly nature of the job seems reasonable. So the job system will wait until 3 am (the job start time is 12 am) to start the job, after which the iteration will be skipped. For repeating schedules, the grace period should always be less than the repeat interval. If the job starts on time, the grace period is ignored.

7. Finally, we navigate to the ‘Access’ tab. This tab has two parts:

  • Privilege assignment to roles and users: this allows you to control job level access for other users
  • Email notifications for the Job owner: this allows you to control the events for which you wish to receive notifications. Note, this only sets notification for the job owner, the other users can subscribe to emails by setting up notification and/or incident rules.

To prevent EM from sending deluge of emails, I recommend the following settings in the notifications region:

  • Match status and severity: Both
  • Select severity of status: Critical
  • Select status: Problems & Action Required

       You can always come back and modify these settings to suit your needs.

Access tab

Not all cron jobs need to be converted to OS command. For example, if you are taking Oracle database backups using cron, then you probably want to use the out-of-the-box  job type for RMAN scripts. Just provide the RMAN script, list of databases to run this against, and the credentials required to connect to the database. Similarly, if you run sqls on numerous databases, you can leverage the SQL Script job type for this purpose. There are over 50 job types available in EM12c, all available for use from the UI and EMCLI.

Finally, the best way to learn more about the EM Job System is to actually play with it. I also recommend blogs from Maaz, Kellyn, and other users on this topic. Good luck!!

References

Maaz Anjum: http://maazanjum.com/2013/12/30/create-a-simple-job-for-a-host-target-in-em12c/
Kellyn Pot'vin: http://dbakevlar.com/

-- Adeesh Fulay (@adeeshf)

About

Latest information and perspectives on Oracle Enterprise Manager.

Related Blogs




Search

Archives
« February 2015
SunMonTueWedThuFriSat
1
3
4
5
6
7
8
10
12
13
14
15
16
17
19
20
21
22
26
27
28
       
       
Today