Thursday Oct 23, 2014

Managing user access in multiple sites

An Ops Center user who's setting up their environment sent in a question about their users:

"I'm looking to manage three different data centers from one Enterprise Controller instance. However, the three data centers have different administrators. How can I make sure that each administrator can see and manage only the resources that they're supposed to?"

The answer here is that you can use Ops Center's asset groups, combined with its fine-grained roles capabilities, to control which users can see and do what.

First, you create a new asset group in the Assets section of the UI. In this example, I'm creating a group for one of the three data centers:


Once you've created the group, you can add the correct assets to it, by selecting the assets and clicking Add Asset to Group:


Now that you have the assets for one of the datacenters grouped together, you add that admin to Ops Center:


Then you'll select that user and click the Manage User Roles icon. When the wizard comes up, you make sure they have the correct roles, then deselect the "Use the default role associations" checkbox:


When you click next, you select which groups the roles should apply to. So, for this user, we can apply their Asset Admin role only to the Data Center A group:


And there you have it. Rinse and repeat for other groups and users, and each user will be able to see and manage only the correct assets. For more information, check out the Asset Management and User and Role Management chapters.

Thursday Oct 16, 2014

How-To: Creating and Managing Network Domains

Efficient networking is crucial for a virtual datacenter. (I suppose it's crucial for any kind of datacenter, but I'm focusing here.) In Ops Center, you can keep your vDC networks running using network domains. Network domains manage public networks with defined resources as well as ad-hoc private networks.

To create a network domain through Ops Center, you need to identify at least one fabric to support it, then run the Create Network Domain wizard. This wizard lets you create new dynamic private networks for the new domain and associate existing networks with it.

Once you've created a network domain, you can associate it with a server pool by selecting the server pool and running the Associate Network Domain wizard. This wizard lets you pick a network domain, then pick a physical interface on each server in the server pool for the network domain to use. Once you've done this, the server pool can use public and private networks within the network domain.

The Creating and Managing Network Domains how-to provides more background information and walks you through both of these wizards.

Thursday Oct 09, 2014

How-To: Lifecycle Management for Zones

Oracle Solaris Zones are a useful too. As I've been discussing over the past few weeks, Ops Center lets you manage zones from a high level by creating them, grouping them into server pools, and migrating them. However, I haven't talked about how to use Ops Center for more day-to-day zone management.

When a zone is managed in Ops Center, you can see its current state - running, shut down, or unreachable - in the Assets section, shown by an icon over the asset. By selecting a specific zone, you can take a number of possible actions: you can reboot or shut down a running zone, halt a zone if it's not responding to a graceful shutdown, boot a stopped zone, or delete a zone if it's no longer needed.

The Lifecycle Management of Zones how-to explains how to take each of these actions. The zones chapter in the Feature Reference Guide also discusses them.

Thursday Oct 02, 2014

How-To: Migrating Oracle Solaris 11 Zones

I've talked a bit over the past couple of weeks about how to create Oracle Solaris 11 zones and how to group them into a server pool to enable automatic load balancing and high availability.

You can also use the server pools to manually migrate zones from one host to another. You can perform this migration to do your own load balancing, to reorganize your zones, or in preparation for system maintenance. When you use the Migrate Zone action to move the zone, the wizard lists all of the global zones in the pool, including the number of running zones, total CPU, and available dedicated CPUs. If you don't have enough resources in that server pool, you can migrate the zone to a global zone in a different server pool, as long as they're compatible and meet the storage and network requirements. 

The Migrating Zones how-to walks you through migrating a zone to a new global zone in the same server pool. There's also more information in the Oracle Solaris Zones chapter in the Feature Reference Guide.

Thursday Sep 25, 2014

How-To: Creating a Server Pool for Oracle Solaris 11 Zones

I talked a bit last week about creating Oracle Solaris 11 zones by following the zone creation how-to. If you're creating zones on at least two systems, it's a good idea to create a server pool for them. A zones server pool lets you group 2 or more global zones (hosts) that have the same processor architecture. The hosts must share storage resources and have access to the same virtual and physical networks.

There are some big advantages to pooling your zones, including load balancing and high availability. When you add hosts to the server pool, you can share resources between the zones, and create policies to manage a lot of the CPU utilization and resource balancing functions and automatically migrate hosts between servers to balance the load. You can also manually move zones between hosts, and restart zones on a new host if a pooled host shuts down.

If you want to know more, there's a Server Pools chapter in the Feature Reference Guide. There's also a Creating a Server Pool for Zones how-to which walks through the process, using a hypothetical environment with two Oracle Solaris 11 zones.

Thursday Sep 18, 2014

How-To: Creating Oracle Solaris 11 Zones

The odds are good that you use Oracle Solaris 11 Zones in your environment or are interested in doing so - it's an effective and secure virtualization technology that lets you get more use out of each piece of hardware.

If your environment uses Ops Center, you can use a profile to quickly create new zones with a specific setup. The profile specifies the OS version, zone configuration, storage, and file system for the zone. Once you've created a profile, it automatically generates a deployment plan, which you can run to create a new zone. At runtime you specify the target system, and the name, IP address, and network resources for the new zone, edit any of the info from the profile if you want, and schedule the zone creation.

We've put together a how-to that walks you through the whole process, so take a look.

Thursday Sep 11, 2014

OCDoctor Updated

The OCDoctor is a tool that you can use to gather prerequisite and troubleshooting information about your systems. It's included in Ops Center, but you can also download it from here.

Update 4.38 was just released a couple of days ago. It has some new checks, including checking the remote database tablespace sizes and looking for lockfiles left over from prior upgrades. Also, if you run the doctor with the --update option from an Agent managed system, it'll pull the latest version from the Enterprise Controller. This could be handy if you're in a site with limited connectivity.

The OCDoctor chapter explains some of the things that you can do with the OC Doctor, so take a look and get the latest version. (Note that if you're using Ops Center in connected mode, the latest version is downloaded automatically.)

Thursday Sep 04, 2014

Communication Between OC and EM

I've seen a few questions about connecting Ops Center and EM Cloud Control monitoring - what permissions are needed to make it work.

Ops Center and EM can share data using the Infrastructure Stack Plug-In. This plug-in lets you view EM processes in the Ops Center UI and Ops Center monitoring and annotations in the EM console, including monitoring for service processors, chassis, server domains, zones, and Oracle VM Server for SPARC domains and guests.

To share data between Ops Center and EM, you create an Ops Center user to interact with the plugin. This user can have any roles you choose, including the read-only role.

Each product has its own set of users and roles. The SYSMAN user can see asset information collected by Ops Center software in the EM console and can launch the Ops Center console, but doesn't have  SYSMAN permissions in Ops Center - they only have the permissions of the user you created for the connection. Similarly, an Ops Center Admin can launch the EM console from Ops Center to view information, but they don't have Admin permissions in the EM console. 

For more information about the plugin, see the Plugin Guide.

Thursday Aug 28, 2014

Oracle Solaris 11.2 Support

Oracle Solaris 11.2 was released just after Ops Center 12.2.1, and I've seen a few questions about when we'll support it, and to what degree.

The first answer is that Oracle Solaris 11.2 is now supported for most features in Ops Center. You can manage it, install it, update it, create zones on it - basically, anything you can do with Oracle Solaris 11.1, you can also do with Oracle Solaris 11.2.

The caveat to that is that the features introduced with Oracle Solaris 11.2, such as Kernel Zones, are not yet officially supported through Ops Center. We're working hard on adding that support right now.

Thursday Aug 21, 2014

Using Asset Groups

I got a question about putting assets in groups:

"I'm planning on installing some agents manually on existing systems, and I want to have them put in a specific asset group once they're discovered. I don't see any way to tell the install script to put the asset in a group. How can I add the assets to a group, either through the UI or the CLI?"

There are a few ways.

In the CLI, you can use groups mode, and use this command to add an asset to a group:

attach -n| --gear <asset name> -g| --group <group>

You can also use -U| --uuid <UUID> to specify the asset if you have multiple assets with the same name.

In the UI, you have a couple of options. You can select an asset and click Add Asset to Group to add it to a group you select.

Alternatively, if you're trying to make a group for assets with a specific characteristic, you can specify rules that will automatically add assets to a group based on that characteristic.

Thursday Aug 14, 2014

CPU Architectures in 12.2.1

I've talked about a few of the enhancements that came in version 12.2.1 over the past few weeks. The last one is a new generic architecture class for newer systems that gives you new migration options for logical domains.

Some new systems - Oracle SPARC T4 servers, Oracle M5 and M6 servers, and Fujitsu M10 servers - have a class1 architecture. When you start a guest domain on one of these systems, Ops Center recognizes the architecture, and you can migrate the guest to systems with other CPU architectures without losing any LDOM capabilities.

Take a look at the Oracle VM Server for SPARC chapter in the Feature Reference Guide for more information about CPU architectures and other Logical Domain configuration options.

Thursday Aug 07, 2014

Audit Logs in 12.2.1

An increased audit capacity for Ops Center is something that folks have been asking about for a while. In 12.2.1, we added audit logs to provide this capability.

The audit logs are kept on the Enterprise Controller system starting in 12.2.1. They contain records of user logins, changes to user accounts, and job details. The logs require root access on the EC system and can't be edited, so they're a secure means of tracking who's logged in to Ops Center and done what.

The Feature Reference Guide has more information about how to view the audit logs.

Thursday Jul 31, 2014

LDAP Enhancements in 12.2.1

In Ops Center 12.2 and older versions, there were limitations on how a user pulled from an LDAP could log in to Ops Center - basically, users could only log in using the user name field.

One of the improvements in version 12.2.1 is that an Ops Center Admin can designate other fields, such as email address, name, or member ID, to be used when logging in to Ops Center.

The Admin Guide's section on Users and Roles has more information about adding users from directory servers.

Thursday Jul 24, 2014

Upgrading to version 12.2.1

Now that Ops Center 12.2.1 is out, I thought I'd give a brief walkthrough of the upgrade process.

The first thing to do if you're planning on upgrading to 12.2.1 is checking the upgrade paths. If you're using an older version of Ops Center, such as 12.1.4, you'll have to upgrade to version 12.2 first. Here's a flowchart that shows the supported upgrade paths:


Once you've figured out your upgrade path, you should check the release notes. They have a list of known issues that could be relevant to your environment. In particular, if you're using version 12.2, there's a patch that you have to apply if you want to upgrade through the UI.

Once you've taken a look at the release notes, the Upgrade Guide will take you through the upgrade itself, with different procedures based on how you're doing your upgrade (through the UI or command line) and what sort of environment you have.

Monday Jul 21, 2014

Version 12.2.1 Released

Version 12.2.1 of Ops Center is out today.

There are a number of improvements in this version. The big ones are:

  • Support for discovering x86 64-bit Oracle Sun X4-8 servers through the ILOM SP.
  • Additional options for adding users from an external LDAP, using characteristics like full name or email addresses as Ops Center user names.
  • Audit logs let admins track Ops Center jobs, user logins, and changes to a user's roles.
  • A generic CPU architecture lets you migrate logical domains between systems with different architectures.

We've also made a number of performance enhancements - cutting the start-up times for several parts of Ops Center - and a number of bug fixes. You can find the full listing of what's new here.

For information about upgrading to 12.2.1, take a look at the Upgrade Guide.

If you're on 12.2, you'll need to apply a patch to your environment if you want to upgrade through the UI.  See the Release Notes for more information.

About

This blog discusses issues encountered in Ops Center and highlights the ways in which the documentation can help you

Search

Archives
« March 2015
SunMonTueWedThuFriSat
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
    
       
Today