|
Oracle® Enterprise Manager Concepts
10g Release 2 (10.2) B16241-01 |
|
 Previous |
 Next |
|
Oracle® Enterprise Manager Concepts
10g Release 2 (10.2) B16241-01 |
|
|
Previous |
Next |
This chapter explains how Enterprise Manager Grid Control simplifies the monitoring and management of the deployments in your enterprise, and contains the following sections:
With today's complex IT infrastructures, most of an administrator's time may be spent trying to keep the underlying software up to date. Operating systems, applications, and other software must be installed, propagated, patched to the latest level, and duplicated. Without automation and central management, deployment management could present a huge obstacle to the growth and maintenance of your enterprise.
With Enterprise Manager Grid Control, monitoring, managing, and maintaining your IT infrastructure is simplified through its powerful tools for configuration management, cloning, patching, bare metal provisioning, and policy management.
The following sections describe how your enterprise (and administrators) can benefit from Grid Control's deployment management features.
|
Note: To view a summary of deployments:
|
Use Grid Control to view, save, track, compare, and search the configuration information stored in the Management Repository for individual hosts, databases, application servers, clients, and the entire enterprise.
This section contains the following subsections:
Enterprise Manager Grid Control collects configuration information for all hosts and the managed targets on those hosts that have a running Management Agent. The agent periodically sends the configuration information to the Management Repository over HTTP or HTTPS, allowing you to view up-to-date configuration information for your entire enterprise through Grid Control.
Table 6-1 Collected Configurations for Various Targets
| Target Type | Collected Configuration Information |
|---|---|
|
HostFoot 1 |
|
|
DatabaseFoot 2 |
|
|
Application Server |
|
|
ClientFoot 3 |
|
|
EnterpriseFoot 4 |
Summary views for hardware, operating systems, Oracle Databases, Oracle Application Servers, and Oracle Collaboration Suite. Table 6-3 contains details on these summary views. |
Using Grid Control, you can perform the following actions for targets such as hosts, databases, application servers, and clients:
View the last collected and saved configuration
Save configurations to a configuration file or to the Management Repository
Search collected configuration data
View the history of configuration changes
Compare configurations (refer to "Comparing Configurations" in this chapter for more detailed information)
Table 6-2 Viewing Configurations for Various Targets
| Target Type | Instructions for Viewing Configuration |
|---|---|
|
Host |
From the Home page for that host, click the Configuration subtab. |
|
Database |
From the Database Home page, click the Maintenance subtab, then click the Last Collected Configuration link under Software Deployments, Configuration. |
|
Application Server |
From the Application Server Home page, click the Administration subtab, then click the Last Collected Configuration link under Configuration. |
|
Client |
From the Deployments tab, click the Client Configurations link. |
|
Enterprise |
From the Deployments tab, select a summary view from the View list under Deployment Summary. Summary views are provided in Table 6-3. |
Grid Control gives you the tools to perform comparisons between configurations of the same target type. These comparisons are useful for quickly finding similarities and differences between two or more configurations.
You can compare:
Two configurations in the Management Repository
Two saved configuration files
One configuration to multiple configurations
A configuration in the Management Repository to a saved configuration file
When two target configurations are compared, all categories of collected configuration information are included. Grid Control presents the summary results of the comparison in a tabular format. More detailed information is available by drilling down from those summary results.
Comparisons between multiple configurations must be performed using the Enterprise Manager Job System.
|
See Also: "About Comparisons" in the Grid Control online help |
Grid Control offers several summary views of your enterprise that you can use to monitor the state of your host and target configurations. "Enterprise" refers to the complete set of hosts and targets for which configuration information is stored in the Management Repository.You can also search enterprise configuration information using predefined or custom searches.
Table 6-3 lists the available enterprise configuration summary views.
Table 6-3 Enterprise Configuration Summary Views
|
See Also: "Viewing the Enterprise Configuration" in the Grid Control online help |
In some cases, you may want to search your enterprise configuration to get answers to specific questions about your enterprise, such as:
Which hosts have not had operating system patch 105181-05 installed?
Which hosts have an Oracle version 9.0.1.0.0 database installed, and in what Oracle home directories are those databases installed?
Enterprise configuration searches query the enterprise configuration views in the Management Repository to find configuration information that satisfies the specified search criteria.
Enterprise Manager provides two types of enterprise configuration searches:
Although these searches are predefined, you can modify the search criteria for each search, allowing you the flexibility to create specific search queries. Based on your search criteria, Grid Control creates the SQL query that searches the enterprise configuration views in the Management Repository.
Enterprise Manager provides the following predefined enterprise configuration searches:
Search Oracle products, patch sets, and interim patches installed in Oracle homes
Search software registered with the host operating system
Search initialization parameter settings and setting changes
Search tablespaces, datafiles, and recommended database settings
Search database feature usage
Search host operating system components, patches, property settings, and property changes
Search host operating system and hardware summaries
Search host file systems and network interface card configurations
Search policy library
With a user-defined search, you specify the SQL query that searches the enterprise configuration views in the Management Repository. If you do not want to create the entire SQL query yourself, you can choose one of the predefined searches, make changes to the search criteria, then click Search Using SQL to display the SQL query that is executed. You can execute the query, view the results, then modify it and execute it again until it returns the desired results.
|
See Also: "Searching the Enterprise Configuration" in the Grid Control online help |
A "client" represents an end-user or customer system—a system that is not part of your own IT infrastructure. A "client configuration" represents the configuration data collected about the end-user's system. These configurations differ from the internal deployments that you manage using Grid Control.
The Client System Analyzer (CSA) application allows Web server administrators to collect and analyze data from end-user systems. The client data is collected by an applet, diagnosed, and sent back to the CSA application. You can either use the CSA application that comes pre-installed with Grid Control, or you can deploy CSA independently to your Web server.
Using the pre-installed application allows you to collect client data without having to set up a separate Web server. The Management Agents collect, analyze, and upload the client data to the Management Repository. End users do not need login credentials to access Grid Control. Example usage scenarios include:
End-users who call the Help Desk may be asked to navigate to the Out-Of-Box CSA page so that their system information is uploaded. The Technical Support Representative can then review the system information and offer solutions.
The client's application can be changed to provide an "Upload my system information" link to the Client System Analyzer in the Grid Control application. The link can specify certain configuration parameters, such as the URL to return to after the Client System Analyzer runs.
The client's application can be modified to redirect its users to the Client System Analyzer in the Grid Control page during login or at other points in the application. Collected information can then be used from within Grid Control to obtain various bits of information about the client systems. Examples include most popular browser versions, or systems that do not have a necessary Operating System patch applied or do not have enough RAM.
CSA can be deployed independently to any J2EE-capable Web server. This deployment strategy is appropriate when:
Clients accessing CSA cannot reach or have limited access to a Grid Control deployment; for example, due to a firewall.
Further customization to the CSA application is required, such as:
Custom rules can be supplied to the CSA application so that the end users have immediate feedback as to whether their systems satisfy certain constraints.
The behavior of the applet can be changed to collect additional information or to present end users with additional or different user interfaces.
The load on the Management Service Web servers needs to be reduced.
Both pre-installed and standalone types of deployments assign a configurable identifier called a Client Configuration Collection Tag to every client configuration collection. After the client configuration data has been collected by the client configuration collection applet and written to the Web server directory specified by the CSA application, you must configure Grid Control to collect the client configuration data and upload it to the Management Repository.
|
See Also: "Viewing a Client Configuration" in the Grid Control online help"Configuring Enterprise Manager to Collect Client Configurations" in the Grid Control online help |
To access the configuration pages in Grid Control, click the Deployments tab, then click the links found under the Configuration section:
Search
Compare Configurations
Compare to Multiple Configurations (Job)
View Saved Configurations
Import Configuration
Host Configuration Collection Problems
Refresh Host Configuration
Configuration History
These links take you to pages where you can search, view, and compare configurations for your various targets.
Manually applying software patches to maintain the latest and most secure IT environment can become a full-time job. With Enterprise Manager Grid Control's deployment management tools, you can quickly see the patches available for the components in your enterprise, find out which have not been applied and which are critical, then bring those components up to the latest patch level with just a few clicks.
The enriched patching application offers an "end-to-end" patching solution that works seamlessly across a wide range of product patches and customer environments. The patching application automates the deployment of patches for the Oracle Database, including Clusterware and RAC, as well as Oracle Application Server and Oracle Collaboration Suite.
Using a direct link to Oracle's MetaLink patch repository, the Critical Patch Facility identifies the critical patches that have been released for the Oracle software running in your specific systems, and notifies administrators of only those patches that are applicable to their environment. Once a patch is identified, Grid Control can download and deploy it to multiple targets automatically.
Enterprise Manager Grid Control provides the following patching features:
To access the patching pages in Grid Control:
Click the Deployments tab, then click the links found under the Patching section:
Patch Oracle Software
View Patch Cache
Patch Linux Hosts
Click Setup, then click Patching Setup from the navigation pane. From this page, you can configure your settings for MetaLink and patching, proxy connection, and offline patching.
Grid Control's patching tools simplify the patching of Oracle software products. Some key features are listed in Table 6-4.
Table 6-4 Features for Patching Oracle Software
The "Patch Linux Hosts" tool, a powerful new feature in Grid Control, facilitates the automated management of Linux hosts in an enterprise. Use this feature to keep the Linux hosts in your enterprise up to date with vital software updates from your Linux vendor.Patch Linux Hosts uses a reference-based grouped patching model, where you can create one or more reference package repositories containing up-to-date versions of various packages, and associate a group of Linux hosts with these package repositories. The Patch Linux Hosts tool uses package repositories to patch the hosts as well as to monitor the deviation of the packages installed on the hosts. You can create different groups suited to your administrative needs and even associate different package repositories with different priorities for each group. You can independently control when and how often to update the hosts in the group, and how to determine their compliance with respect to the package repositories.
|
Note: To use this feature, make sure you have the following:
|
Some additional patching features include:
Linux Host Patching Groups: You can group a set of Linux hosts together to update all at once. Each group is associated with one or more package repositories that contain all the certified and appropriate versions of the software packages for the hosts of that group. Each group is configured with an update schedule for a recurring job to run to update the hosts with the associated package repositories.
|
See Also: "Creating a New Linux Host Group" in the Grid Control online help |
Compliance: The compliance page contains information on the number of hosts in a group that are in compliance, as well as the number of "rogue" packages on a particular host. You can see metrics and charts to measure compliance for all Linux Host Patching Groups, as well as historical compliance data.
Emergency Patching: This feature gives you the option of performing "forced" updates, outside of the established schedule, to immediately respond to critical bugs or security alerts for all configured Linux hosts.
Undo Patching: This features adds flexibility by allowing you to roll back software to its previous stable version, or even de-install the unstable version completely if that software version was found to be unsuitable or to have a bug or security vulnerability.
You can use Grid Control to manage Oracle Critical Patch Advisories.
Some Oracle software patches have been identified as critical. To help ensure a secure and reliable configuration, all relevant and current critical patches should be applied to the appropriate Oracle homes in your enterprise.
To promote critical patch application, Grid Control performs an assessment of vulnerabilities by examining your enterprise configuration to determine which Oracle homes have not applied one or more of these critical patches. Grid Control provides a list of critical patch advisories and the Oracle homes to which the critical patches should be applied.
From the summary of patch advisories, you can navigate for more information about a particular patch, and get a list of the Oracle homes to which the patch has not been applied. Then you can launch the Grid Control Patch tool to download and deploy the patches to multiple targets.
|
See Also: "Managing Critical Patch Advisories" in the Grid Control online help |
The Critical Patch Facility enables administrators to simply download the Critical Patch metadata from MetaLink and upload it to the repository. This metadata can then be used by the "RefreshFromMetalink" job for performing Critical Patch calculations in offline mode. Administrators will be alerted to security updates—even if the Management Service is not connected to MetaLink.
Some data centers are not connected to the outside world. The Critical Patch Facility's offline mode makes it easy to keep your environment patched to the latest level. Subsequent patching can be done in offline mode as well, using the patch cache feature.
To access the Critical Patch Advisories pages in Grid Control:
Click the Deployments tab, then click the link for the number of Patch Advisories in the Critical Patch Advisories for Oracle Homes section.
Navigate to Grid Control Home page, then click the link for the number of Patch Advisories in the Critical Patch Advisories for Oracle Homes section.
This takes you to the Patch Advisories page, where you can view advisories, patch sets, and patches to apply, as well as affected Oracle homes and available "remedies."
Enterprise Manager Grid Control gives you powerful cloning tools that simplify deployment management for your enterprise. Use cloning to propagate a fully patched and tested Oracle home to multiple hosts, clone database instances to create backups of important databases, and create new single-node Real Application Clusters (RAC) by cloning an existing RAC Oracle home. Cloning saves time, reduces costly configuration and deployment expenditures, and increases reliability for your IT infrastructure components.
This section covers the following areas:
To access the cloning pages in Grid Control, click the Deployments tab, then click the links found under the Cloning section:
Clone Database
Clone Oracle Home
These links invoke the cloning wizard, which guides you through the steps necessary to clone a database or an Oracle home.
You can use the Enterprise Manager Job System to clone existing Oracle home directories. Once you have configured an Oracle home into a desirable state—where you have chosen particular install options, applied required patches, and tested it—you can clone that Oracle home to one or more hosts using Grid Control's "Clone Oracle Home" tool.
There are many advantages to cloning an Oracle home:
Saves time. When cloning a source Oracle home, all source home patches and settings are seamlessly cloned to the new home. Cloning is much faster than manually creating new homes and applying all source home patches and settings.
Clone to multiple destinations. The Job System allows you to clone a source home to multiple hosts and homes in a single cloning job. This is more efficient than connecting to each host, then running Oracle Universal Installer to install the homes.
Reduces risk of errors. Cloned homes match the source home exactly; manually installing and patching homes can introduce discrepancies. For cloning, you do not have to remember all the settings and patches you used on the original source Oracle home.
Web-based operation. Clone directly from Grid Control using a Web browser.
|
Note: You can clone any Oracle home that Enterprise Manager recognizes as a clonable home. See "Out-of-Box Clonable Oracle Homes" in this chapter for more information. |
In addition to Oracle homes, you can clone Oracle Database instances. Once you have configured an Oracle Database into a desirable state, you can clone that database instance using Grid Control's "Clone Database" tool.
The Clone Database tool clones a database instance to an existing Oracle home. If you want to create a new Oracle home to clone the instance to, use the Clone Oracle Home tool to create a new Oracle home, then use the Clone Database tool to clone the instance to that cloned home.
There are many advantages to cloning an Oracle Database instance.
Provides infrastructure for Data Guard management. Data Guard embeds Database Cloning to create a standby database (a clone of the primary database) as part of the Data Guard management process.
Provides a testing environment for database application developers. The cloned database can be used for testing and debugging purposes while the original database is kept available.
Provides high availability for the source database while it is cloned. The source database instance is kept up and running during the cloning operations.
Saves time. You do not need to install a new database instance, then import the data to create an identical database. Also, you can clone the same instance to multiple Oracle homes using the saved working directory without connecting to the source database instance again.
Backs up the whole database and restores it at any time. The saved working directory contains everything needed to restore the target database. You can save the backup on disk and create a new database from it at any time. No existing target database instance is required.
|
See Also: "About Cloning" in the Grid Control online help |
The Clone Oracle Home tool supports cloning of a RAC Oracle home in a multi-node RAC environment to a new single-node cluster.In this scenario, the RDBMS RAC home will be cloned to form a single-node RAC cluster. The prerequisite is that the target node must already have Cluster Ready Services (CRS) installed on it. Since only single-node cloning is supported, you are not required to specify the node names. The RAC installation script (and consequently the RAC cloning script) identifies the node name from the host name.If you clone a RAC home to multiple targets, each target constitutes a separate single-node RAC cluster.
The Clone Oracle Home tool helps you to clone any Oracle home that Enterprise Manager recognizes as a clonable home.
Grid Control recognizes most Oracle products as "out-of-box clonable." This means that the installed Oracle homes of most Oracle products can be cloned as is, and do not require any additional support files to perform the cloning operation. Figure 6–5 lists the Oracle products and versions that are "out-of-box clonable."
Table 6-5 Out-of-Box Clonable Oracle Products
| Oracle Product | Versions |
|---|---|
|
Database |
10.1.x and 10.2 |
|
RAC Database |
10.1.x and 10.2 |
|
Application Server |
10.1.2.0.0, 10.1.2.0.2 |
|
Oracle Clusterware |
10.2 |
If you want to clone the Oracle home of a database or application server that is not in Table 6-5 (for example, Oracle Database 9.2.0.x or Oracle Application Server 9.0.4.x), you must patch Grid Control with the appropriate "Clone Support Files" before starting the cloning operation. These Clone Support Files, available from OracleMetaLink, are released as one-off patches that must be applied to Grid Control.
To locate these clone support files at OracleMetaLink:
Go to http://metalink.oracle.com and navigate to the Advanced Search option under Patches and Updates.
Select the Enterprise Manager Grid Control (emgrid) product from the list.
Select the appropriate release, platform, and patch type.
Enter "Clone Support Files" in the Description field, and click Search. The Patch Release Notes include instructions for installing the updated clone support files in the Management Service home.
System administrators spend a significant amount of their time installing and configuring new software. Enterprise Manager Grid Control's automated provisioning tools dramatically reduce the time and expense to deploy new systems and allows you to scale-out to more systems at minimal incremental cost.
Enterprise Manager Grid Control's provisioning tools allows administrators to store pre-configured and certified base images in a central software library, from which they can deploy fully configured Linux systems to bare metal, or standardize deployment of "gold images." These new systems can be deployed with any desired software configuration, certified to the appropriate version and patch level—all with a few simple clicks.
This section contains the following subsections:
Use the provisioning application to add staging servers, boot servers, Red Hat Package Manager (RPM) repositories, default images, software libraries, and network configurations to set up your provisioning environment.
To access the provisioning application, in Grid Control:
Click the Deployments tab.
Click the Provisioning subtab.
Operating system provisioning is the simplest way to deploy stable, high-performing, cost-effective systems. Grid Control provides "bare-metal" provisioning of the Linux operating system using a standardized PXE booting process. The provisioning application also facilitates the deployment of additional software on top of the operating system. Grid Control provisioning is template-based and can assign hardware profiles, storage layouts, and network configurations to the new machines. You can also use vendor-provided scripts to provision third-party hardware, such as storage disks or load balancers.
You can use the provisioning application to put together a default image of the minimum set of software packages required to provision a bare-metal hardware server. The provisioning application uses the Grid Control Job System to stage the default image onto the staging server in preparation for installation. The default image can be installed on any new machine that boots over the network. When a new machine is plugged in and the network booted, the boot server directs the machine to install the specified default image. After installation, the hardware server is configured with the operating system defined in the default image. Provisioning also deploys a Management Agent to the new hardware server so that it can communicate with the central Management Service.
Cloning is an effective way to deploy tested and approved software images (commonly referred to as "gold images") from either a reference host or the centralized software library. You can use cloning to standardize the deployment of Oracle Database and Oracle Application Server instances—in both clustered and non-clustered environments.
For Oracle Application Server environments, the cloning feature has been enhanced to handle different types of middle-tier installations, including J2EE and WebCache, Portal and Wireless, and Business Intelligence middle tiers. Cloning allows you to deploy pre-patched software to multiple hosts in an efficient and scalable way.
One of Grid Control's most powerful features is the ability to create and extend Oracle Real Application Clusters and Oracle Application Server Cluster environments. From a single gold image of Oracle Clusterware and a single gold image of Oracle Real Application Clusters, you can build new clusters or add nodes to existing clusters. You can also easily convert a single instance database to a RAC database. Similarly, you can extend middleware by cloning application servers.
Table 6-6 describes some key concepts used in provisioning:
Table 6-6 Key Concepts for Provisioning
| Concept | Description |
|---|---|
|
Hardware Server |
Applies to computers or workstations that have been installed into a rack in a data center or server farm. Hardware servers can also be any computer or workstation made available to automatic remote provisioning, such as performance tuning and benchmarking labs, cyber-cafes, training centers, or even desktop machines hosting office productivity tools within an enterprise. |
|
Staging and Boot Servers |
The staging server is an important part of the provisioning application. During the provisioning process, files associated with the image being provisioned are copied to a directory structure on the staging server in preparation for the network installation. The boot server allows network booting of the target machine that needs to be provisioned. After the hardware server reboots, the boot server instructs the machine to install the operating system and other software components that are laid out on the staging server. The Management Agent runs on the boot server. |
|
Software Components |
Refers to the Linux operating system software, Oracle software, and other third-party software applications with specific product release versions, patch versions, or software bundles that are packaged or released by a vendor. Software components are the fundamental building blocks of an image. Components may refer to other components, and they can be reused in multiple images. In provisioning, you can classify a component according to its type/property. You can also define your own component and customize it according to the requirements by classifying it as a Generic Component type. Such software components are individually maintained within the Oracle software library. |
|
Images |
Refers to specific sets of software components, including the Linux operating system, when bundled together with other supporting elements (such as directives) for the purpose of installation. The provisioning application helps you group, configure, and version such images within the software library. It also provides a basic set of software packages. The software components included in these packages have been determined by Oracle as the basic set of components required to create a default image. |
|
Default Image |
The Default Image consists of a minimum set of software components required to provision any Linux machine; for example, ssh, rpm, sudo, kernel, Management Agent, and so on. When a new hardware server (bare-metal machine) is connected to the enterprise network, and is booted for the first time via network boot protocol (PXE), this machine is automatically provisioned with the default image. When this hardware server comes up with the default image, you can use the Provisioning application to re-provision this machine with an image that meets your requirements. |
|
Directives |
The set of executable instructions that run from a supported shell (for example, Bourne, Perl), or a programming language (for example, Java). Directives are contained within a file that may be stored in the Oracle Software Library and referenced from the software components that employ them. Directive files are typed according to the technology able to execute them. The Provisioning application uses these directives associated with the software components to perform the actual work required during provisioning. |
|
Software Library |
Stores various versions of the software binaries, and acts as a repository for the software components that may be provisioned to the hardware servers in your enterprise. The Software Library is an infrastructure for storing and retrieving files and packages. The Oracle Software Library stores various versions of the software binaries and acts as a common repository for software components, scripts, and other files that can be used by provisioning, cloning, and future applications. The software library allows you to store, retrieve, update, and otherwise maintain all the software components that you create. |
|
Assignments |
Hold the necessary information to provision images to the target hardware servers. Assignments contain information about the image, network profile, stage server, boot server, and list of targets to be provisioned. Once an assignment is created, you can provision it by clicking Provision on the Assignments tab. Provision assignments immediately or schedule them for later. |
Policies define the optimal configurations of systems. Whether you use the out-of-box policies defined by Oracle or customize policies to meet your particular system requirements, any deviations to your systems or applications are reported. Examples of deviations include inappropriate settings and incorrect system configurations.
This section contains the following subsections:
To access policy management pages in Grid Control:
Click the Policies tab for a roll-up view of all policy violations across all targets. From this tab, you can also access policy associations, the policy library, "security at a glance" pages, and errors.
Navigate to the Home page for a particular target. The links in the Policy Violations section display the number of policy violations according to severity level. Click the links to drill down to critical, warning, and informational policy violations for that target.
Oracle provides a number of out-of-box policies (also known as policy rules) for various targets. When you add a target to Enterprise Manager, that target automatically uses all the predefined policy rules for that type of target. For example, Oracle provides security, configuration, and storage policy rules for the database instances and cluster databases. Security and configuration policy rules are provided for hosts.
You can customize policies by editing the existing policy rule settings. You can enable or disable a policy evaluation, change the importance for the compliance score calculation, assign a corrective action, prevent template override, override default parameter values (when possible), and exclude objects from a policy's evaluation (when possible).
|
See Also: Online help for compliance scores |
One of the features of customizing policies is the ability to define corrective actions. Corrective Actions is a special type of job that executes automatically in response to a policy violation.
Corrective Actions utilize the Enterprise Manager Grid Control Job System and, like regular jobs, can consist of multiple steps, can be run with arbitrary host and target credentials, and reports its success or failure and its output to the Management Repository.
A monitoring template defines all Enterprise Manager parameters you would normally set to monitor a target.
Monitoring templates simplify the task of setting up monitoring for large numbers of targets by allowing you to specify the monitoring and policy settings once and applying them as often as needed. You can save, edit, and apply these templates across one or more targets or groups.
Here are a few suggestions for investigating policy violations. Remember that you should attend to the most critical policy violations or those that have the biggest impact on your enterprise.
Study the statistics on the Enterprise Manager Grid Control Home page. In particular, look at the statistics in the All Targets Policy Violations section. The policy violations with "Critical" severity should be dealt with first.
Study the security-related violations reported in the Security Policy Violations section. Non-compliance with these policy rules can greatly impact the security of your enterprise.
Address targets that have the lowest compliance scores.
For the policy violations of a particular target, examine the home page for that target. The Policy Violations section provides overview information, but it also gives you access to the Policy Trend Overview for that target.
To deal with policies regardless of the target, click Policies. Using this tab, you have access to all the policy violations for the enterprise, the policy associations, the policy rule library, security-only policies, and policy evaluation errors.
Navigate to the Policy Violations page and, using the Advanced Search option, enter an appropriate value in the "Most Recent Violation within n days" filter.
Suppress violations if you want to handle the violation at a later time.
|
See Also: "About Policies" in the Grid Control online help for an overview of policies and pointers to more information about viewing and managing policies |
Security policies are available for many targets, including Host, Database Instance, Cluster Database, Listener, OC4J, Oracle HTTP Server, and Web Cache.
Because security is crucial to the stability of your enterprise, security policies are displayed prominently in Grid Control. On the Enterprise Manager Grid Control Home page, and many target home pages, there is a separate section displaying the Security Policy Violations for the target. This allows you to pay close attention to the critical policy violations.
In addition, the Security At a Glance feature provides an overview of the security health of the enterprise for all the targets or specific groups. This helps you to quickly focus on security issues by showing statistics about security policy violations and noting the critical security patches that have not been applied.
The Policy Violations Reports are available through the Reports feature. These reports deal with non-suppressed policy violations for all targets, groups, and a single target. In addition, suppressed violations are reported according to all targets, groups, and a single target.
