|Oracle® Enterprise Manager Configuration Change Console User's Guide
10g Version 10.2.0.5 for Windows or UNIX
Part Number E15313-01
|PDF · Mobi · ePub|
When initially configuring the Configuration Change Console, you must specify both the hierarchy of people who will use the solution and the grouping of your infrastructure's managed devices that will be monitored by the solution.
People: Defines the members of your organization, including their reporting responsibilities and the teams of the organization that interact with the IT infrastructure. By default, you have only the one default account, administrator.
Infrastructure: Configures the managed devices and their groups. By default, every device with a Configuration Change Console Agent will appear in the interface automatically. Device groups can be created through the interface and are useful for simplifying reporting and configuration.
Once you have defined these elements, you can start defining the policies for monitoring and managing change in the IT infrastructure.
Configure the environment by clicking the Administration tab and then selecting the relevant tasks under People and Devices.
The individuals in your organization may interact with Configuration Change Console monitoring policies and the IT infrastructure in many ways as described in the sections below.
The term people refers to individuals in your organization who can log in and view data within the Configuration Change Console using a configured username and password. The term user refers to the individual user accounts detected by Configuration Change Console Agent on managed devices. Configured people may or may not be associated with one or many detected users, and vice versa.
People comprise a team that is responsible for a given set of infrastructure components. Each team should have responsibilities that are distinct from other teams. For example, one team may administer production machines while another manages development machines.
Teams should mirror your organization's operations. Some organizations may find it beneficial to create teams based on geographic locations, while others may create teams for functional areas. Team assignments are used in the routing of notifications when escalations are required, and can be used to limit the view of devices and data individuals can access.
Use the People screen to view, update or add user information.
You can display this screen by navigating to Administration --> People --> People.
If you already have defined people in the interface, they will appear in this view. If you are just beginning, this screen will include only the default account.
Login Name is the name used to access the Configuration Change Console interface. This link takes you directly to the Add or Update a Person screen to modify the individual's information.
Primary Email Address is the email address used for notifications. Click this link to add or update an email address for the individual.
User Assignment allows you to map individual people in your organization to detected user accounts on monitored devices.
To add a person, select the Add Person button to access the Add or Update a Person screen.
To update a person, click on the person's link in the Login Name column to access the Add or Update a Person screen.
To update a user assignment, click the number link in the User Assignments column to access the Add Person to User Assignment screen to add or modify user assignments
Use the Add or Update a Person screen to view, update or add user information.
To get to this screen navigate to either Administration --> People --> People --> Login Name link or Administration --> People --> People --> Add Person button.
Account Information -- Name, password, and email address are required. Supports Long Messages is selected by default, signifying support for messages greater than 252 characters. If a person's address will go to a cell phone or a similar device, uncheck this box.
Locale Settings -- Select the country, language and time zone from the pull-down menus.
Organizational Settings -- Select the Manager from the pull-down menu and check the appropriate teams from the available selections. Managers are used when routing escalations for notifications. If you have not yet defined teams, the team settings will not be available.
Product role -- The following product roles are available:
Regular: A person with access to all features except configuration features. Every person must have at least a Regular product role.
Administrator: A person with access to all features. View of some devices may be limited through the Team Support Assignment.
Super Administrator: A person with access to all features.
Click Save to save your changes or Cancel to exit without saving changes.
Note:Changes to a person's role and team settings will take effect the next time the person logs in.
The Person to User Assignment screen allows you to map individual people in your organization to detected user accounts on monitored devices.
Warning:It is extremely important that you do not map the Windows domain Administrator account or root account to a user in the User Assignments screen.
To get to this screen, navigate to Administration --> People --> People --> User Assignments link.
The following fields are described below:
Username -- The user account
Device -- The devices where the user account exists
Component -- Component on which the user account exists
Click Modify Assignment to select or de-select users on devices.
The Teams screen provides details about any configured teams. Use this screen to add a new team or modify existing team information, including team membership.
To get to this screen, navigate to Administration --> People --> Teams.
To add a team, click the Add Team button. To update a team, click the link under the Team Name column. Either way, the Add or Update a Team screen will be displayed.
Enter a team name and select an administrator. The Team Administrator is specified primarily for company record-keeping, but also serves as the final escalation point for notifications associated with the team.
Once you have created a team, click its associated Members link in the Teams page to display the Edit Membership screen.
Note that all current team members are displayed in bold with a marked checkbox.
To edit Team Membership, follow these steps:
Select or unselect members from the available list
Click Save to save changes or Cancel to exit without changes
Once you have created People entries, you must identify the servers (managed devices) that will be monitored. The following sections describe this process.
New managed devices are automatically added to the server following a successful agent installation. You can verify a successful installation, as well as review the list of all managed devices, from the Devices screen.
To get to this screen, navigate to Administration --> Devices --> Devices.
You can modify the agent status, such as pausing and stopping an agent, from this screen by clicking the link under Agent: Last Known State. For additional information about remotely managing agents, see Chapter 12, "
Administering Servers and Agents".
Note:Devices can be added manually using the Add a Device button. It is recommended that you do not manually add a device unless specifically directed to do so by technical support for resolving an issue. Installing an agent with a pre-determined agent ID will require additional manual steps to be performed after installation.
To review or modify device details or to delete a device, click the link in the Device Name column in the Devices window. The Add or Update a Device screen is displayed. Use this screen to add or modify a device, or to delete a managed device. When you save changes, the Devices screen will reflect the changes you have made.
To add or update a device, enter the following fields:
Type. Device type. Currently, only servers are supported.
Operating System. Operating system of the device. Note that no matter which operating system you use, if the agent detects a different OS, it will automatically adjust this setting.
Device Name. Name assigned to the device. If you change this value, the agent will change it back to the real device name next time the appropriate message is received from the agent.
OS Instance Name. The instance name can be a descriptive title for the OS. For example: Win2k Server SP3.
Owning Team. Select the team, if any, that owns this device. This is for reference only and does not affect any configured rules in the system.
Device Groups. Select the device group(s) to which this device belongs.
Asset Tag. Enter an asset tag (if appropriate) and a description for the device. Note that asset tags serve as the integration point with a Change Management server. The asset tag specified here will be compared to the device asset tag in the Change Management server.
Click Save to save changes, or Cancel to exit without changes.
To delete a device, click the Delete button. Upon subsequent restarts of the device, the agent on the deleted device will be stopped by the server. You must uninstall the agent manually from the managed device, as this delete action does not uninstall the agent.
Note:If the managed device (on which the agent is installed) is restarted, and the old agent has not been uninstalled, the old agent will restart and continue to send unwanted messages to the server.
IT organizations often classify servers to form logical groupings based upon shared characteristics, such as operating systems, server types, or geographical locations. By grouping managed devices, you can apply device policies to a group of devices, thereby simplifying management and reporting of changes across complex or large IT infrastructures.
Managed devices can belong to one or more device groups. Groups are used to sort change-management data based on user-defined associations. For example, to simplify retrieval of change data for a group of devices, you can group all web servers under a parent group, or group all of the components that comprise a specific distributed application.
Device groups are hierarchical. One device can belong to one or many groups, but each group can have only one parent. For example, you can group all web servers under a parent group called Production Servers. In fact, you can represent your organization with multiple "generations" of parents, as shown in the following example:
Continent --> Country --> Region --> Organization --> Production Servers --> Device
The following are device group attributes:
A device can belong to any number of device groups
A group can have only one direct parent
Multiple parent levels (generations) can be used to represent your organization
The screens for Device Group management and related activities are all accessible from the following navigation path: Administration --> Devices --> Device Groups.
The Device Groups screen displays all defined device groups. Use this screen to add or update device groups. Note that the device counts listed indicate device membership within the listed group only; they do not factor in devices belonging to any member child groups.
To get to this screen, navigate to Administration --> Devices --> Device Groups.
To add a new device group, click Add a Device Group. To modify an existing device group, click on the link in the Group Name column. Either way, the Add or Update a Device Group screen will be displayed, enabling you to create new device groups or edit the membership of an existing device group.
Use this screen to add, modify, or delete a device group.
Note:If you delete a group, the devices that belonged to that group will be unassigned from the group. If the group selected for deletion has sub-groups, those groups will become sub-groups of the deleted group's parent. If no parent group exists, those groups will become independent, without parent affiliations.
Enter the following Device Group information:
Group name -- Enter a meaningful name for this group
Parent Group -- Select from the drop-down list of existing groups
Click Save to save changes or Cancel to exit without changes.
After creating a group, you can change the devices that belong to a group from the Device Groups screen. Under the column Devices, clicking on the count of devices in the group takes you to a screen that lists all devices currently in the group. From this screen you can select devices and remove them from the group in bulk.
Note: You cannot remove a device from a group if it does not already belong to another group. A device must always belong to at least one device group.
Clicking on the Modify Device Assignments button will take you to a screen listing all of the devices filtered by group in the filter bar. By default, all devices are added to the group called Default Group. To move the device to another group, you would choose Default Group on this screen, select the devices you want to add to your group and click Save. The devices will now belong to both default group and this new group. You can now go back to the default group and remove these devices from that group.
The Modify Device Assignments screen has a selection helper at the bottom of the device list to make it easier to select many devices at once. You can use various filters to select or unselect all items based on some starting text, ending text, or containing text.
By assigning teams to managed device groups, you can restrict which device group team members can access when using the Configuration Change Console. This feature limits the device groups on which team members can administer policies and view change event data. For example, when viewing data on relevant Event Visualization screens, if the Finance team is assigned the Finance device group, then members of the finance team will only see changes that are detected on device groups belonging to the Finance device group. Note that users with Super Administrator privileges can access all device groups.
To get to this screen, navigate to Administration --> People --> Team Support Assignments.
To view current team assignments for a device group, click the associated link in the Number of Teams column. To add a team assignment, click Add Assignment.
Note:To Add a Team Support Assignment you must have an available, unassigned team configured.
To add a new team assignment, enter information into the following fields:
Team. Select the team from the pull-down list.
Group. Select one or more device groups, if shown, or select and expand device groups to select specific device groups. When doing this assignment, only the device groups that are in the group at the time you make the assignment are actually assigned. If you change the group membership, you must return to this screen and edit the assignment and save again for it to pick up the group changes.
Time Window. Optionally, select the Time Window during which the team is allowed to access the device group, for documentation purposes. Currently the only available time window is Always.
Click Save to save changes or Cancel to exit without changes.
After assigning teams to device groups using Team Support Assignments, you must enable the Team Device Limiting under Administration --> Server Configuration --> Team Device Limiting screen for the limits to be put in place. Any user that has the Super Administrator product role will see all device groups, while any user that only has regular or administrator product roles will only see the device groups their team is allowed to see under Team Support Assignments.
Once you have defined the people, teams, devices and device groups, you can verify the accuracy of the definitions and assignments.
To identify any unused teams, navigate to Administration --> People --> Validate People Assignments. This displays a screen listing elements within the monitored environment that have been created but remain unused; for example, teams without members.
From this screen you can click on a count link to jump to the appropriate details screen, where further information can be viewed and assignments corrected, if needed.
There are some considerations to make when working in a large clustered environment with more than 1000 agents. In these situations, there are various ways to organize your configurations to make them easier to manage and to make the UI work faster.
When you have a large number of agents, it is recommended that you create a device group structure to break these sets of devices down into more management groups. Although you can put device groups inside of other device groups, it is recommended that at a top level device group, you do not have that group containing more than 1000 devices (in that group or any group under that one).
For instance, you might have a structure like this:
West Coast Production group (contains 900 total devices summing up all child groups) North (contains 300 devices) Central (contains 300 devices) South (contains 300 devices) East Coast Production Group - 900 total devices summing up all child groups North (contains 300 devices) Central (contains 300 devices) South (contains 300 devices)
If you had a group say, West Coast Production Group > North that had 2000 devices in itself, it would be better to organize multiple top level groups where each group had no more than 1000 devices.
When a device is added to the server through an agent connecting the first time a server, it will be put into the group called "Default Group". After this, you should add the device to a group that fits into the desired grouping model and then remove the device from the Default Group. A device must belong to at least one group. You cannot remove a device from a group without first reassigning it to another group.
Once your group structures are understood and you have set up your device grouping so that each top level group has at most 1000 devices under it then you can create what is called a Team Support Assignment where you assign a different CCC team to each group. Team Support Assignments are discussed earlier in this chapter. You may have one set of IT people that only deal with one group. If you configure the team support assignments and turn on Team Device Limiting (Server Administration option) then when a person in that group logs in to the Configuration Change Console interface, they will only have to look at the information related to the devices in their teams.
Even if you have one person that manages all devices, you might want to consider using team support assignments where that one user has multiple Configuration Change Console people accounts to log in to see the view for various devices independently of others.
Some screens in the Configuration Change Console product will have slightly different behavior if your instance has more than 1000 devices. This is a built in trip point where screens will behave differently to handle the larger number of devices. The most common behavior change is that on some screens you can only choose device groups when looking at data/managing configuration rather than individual devices.
In screens that normally might have ALL as a filter option in the Device Group filter, this option for ALL will go away once your agent count has reached a size where there would be too many devices to show in the screen. After this point, you would have to select a specific group instead of being able to filter on all groups.