|Oracle® Enterprise Manager Ops Center Concepts Guide
11g Release 1 Update 3 (18.104.22.168.0)
Part Number E17968-04
|PDF · Mobi · ePub|
Enterprise Manager Ops Center offers comprehensive system management for physical and virtual Oracle hardware and heterogeneous operating systems. The following are some software's key capabilities:
Discover the servers, storage devices, operating systems, and virtual systems in your data center using one of several standard protocols, including SSH, IPMI, Telnet, SNMP, and service tags. A service tag enables Enterprise Manager Ops Center to automatically locate the asset. Each product that contains a service tag is uniquely identified and basic information, such as product and platform data, is collected.
Once discovered, you decide which assets you want to begin managing with Enterprise Manager Ops Center. Managing assets enables you to use Enterprise Manager Ops Center to provision, monitor, and update the hardware or operating system. Updating operating systems and some monitoring capabilities require the Agent software. If required, the Agent software is installed when you first manage the asset.
Managed assets are automatically displayed in a hierarchy in the managed assets tree and are added to one or more groups based on the asset type. Groups are administrative structures that organize assets so that you can locate an asset quickly and perform operations on all assets of the same type. An asset can belong to multiple groups.
Groups enable you to quickly locate and view assets of a specific type. You can also act on groups, such as running compliance checks on all assets in the group, changing monitoring thresholds and updating discovery credentials. The Services group and subgroups contain all assets organized by the actions for which they can be targets. For example, the OS Update group contains all operating systems that can be updated.
Enterprise Manager Ops Center contains two types of groups:
Smart groups – Contain assets of the same type. These default groups are used to automatically group assets by major asset type, such as Operating Systems, Servers, Chassis, Storage, and Network Switches. Within these Smart Groups, a subgroup is created for each type of asset that is managed, such as Oracle Solaris 10 and Oracle Linux.
User-defined groups – Can contain any type of asset and can be organized by any criteria. You can configure rules for user-defined groups that automatically add assets with specific characteristics to the group.
Managed assets are automatically added to groups based on the asset type. The following is an example of the view of the Operating Systems Smart Group in the Navigation pane, you can expand the tree to view the assets that are members of the group.
Provisioning a complex data center is a daunting task that can be repetitious, inconsistent, and error-prone. Enterprise Manager Ops Center facilitates automated firmware provisioning and OS provisioning by using a combination of image libraries, profiles, and deployment plans. You can maintain a library of golden images on the Enterprise Controller and use the profiles and plans to control how, when, and where the images are applied. A user with Enterprise Manager Ops Center administrator privileges can manage a library of firmware and OS images and use profiles to establish controls for how and when the images are applied.
A profile is a template or script that defines deployment and configuration requirements. Use profiles to enforce consistency in tasks, such as configuring hardware assets, deploying firmware, provisioning operating systems, and updating Oracle Solaris and Linux operating systems. With profiles, you can consistently define what is allowed, and not allowed, to be installed on a system and enable images to be applied consistently across one or more data centers.
To provide greater automation, you can use deployment plans to define the sequence of operations or steps that must be performed to deploy an asset, the profiles to be used, and the target systems or hosts. When you use profiles as a step in a deployment plan with multiple targets, you can configure many assets simultaneously.
Enterprise Manager Ops center provides a comprehensive set of templates for all assets, including the virtualization platforms and logical domains. Deployment templates contain the basic building blocks that you can use to create your customized plans.
Use firmware provisioning to add or update firmware on servers or chassis. You create and maintain the library of firmware images in the Enterprise Controller Software Library.
A firmware image is a copy of a particular system firmware with associated metadata. The firmware metadata helps determine compatibility between a firmware image and a target system. The required metadata includes the firmware type, what system or systems the firmware is for, the version of the firmware, and any dependent firmware (other firmware on which the firmware depends).
To control how the provisioning job is performed, the administrator creates customized firmware profiles. A firmware profile is a collection of one or more firmware images and policies that defines how to update one or more firmware images on a system. You can also use a firmware profile to generate compliance reports for a set of servers.
After the images and profiles are established, you can schedule firmware update and provisioning jobs to run immediately, or on a specific date and time.
OS provisioning enables you to install supported operating systems onto systems that are attached to your network. You can provision, or install, the OS from the Enterprise Manager Ops Center UI instead of from the individual systems.
Just like with firmware provisioning, administrators maintain a library of OS images in the Software Library. To control how the provisioning job is performed, the administrator creates provisioning profiles. Once the images and profiles are established, you can schedule provisioning jobs to run immediately, or on a specific date and time. You can choose provision a single system or a group of systems.
An OS profile specifies how to configure an OS as it installs onto a set of target systems. An OS profile specifies configuration options, including what OS to install, what software groups to install, and what disk partitions and network settings to use. Each OS profile is associated with a specific OS image. Each OS profile describes how to install and configure one OS image, or one FLAR associated with one OS image.
You can use System Catalogs to create Linux and Oracle Solaris software profiles. You can also copy an existing profile, and then modify it for the release. If your site uses Oracle Solaris JumpStart Enterprise Toolkit (JET) templates, you can use them in the profiles. The SUNWjet and JetFLASH packages are automatically installed with the Proxy Controller. These packages contain the base_config, custom, and flash JET modules that provide the core JET functions required by Enterprise Manager Ops Center.
Updating operating systems can be a complex, time-consuming, and unpredictable process. You can encounter a seemingly never-ending list of dependencies which you must review for warnings, conflicts, and conditions.
Enterprise Manager Ops Center is designed to reduce the complexity of updating a large number of diverse operating systems, standardize the patch installation process, minimize downtime, track changes, and automate patching without user interaction. You control the update process, the level of automation, the scheduling, and the number of concurrent updates. You can apply customized controls for one system or a group of systems and schedule the updates to deploy during periods of low usage.
Enterprise Manager Ops Center supports update management for Oracle Solaris, Oracle Linux, Red Hat Enterprise Linux, Novell SuSe Enterprise Linux, and Microsoft Windows operating systems.
For enterprise-level users, using Enterprise Manager Ops Center to update your operating systems offers several key advantages:
Role-based update permissions – Restrict update capabilities to designated users.
Customizable update policies and profiles – Define which patches to install, patch dependencies, and the level of user interaction. Enterprise Manager Ops Center provides predefined update profiles apart from which you can create your own customized profiles and policies.
Update simulations – Identify the required updates and choose whether to download updates in preparation for the actual deployment.
Job scheduling – Schedule when to run an update simulation or update job. You can run it immediately, define a start day and time, or create a recurring schedule.
Compliance and update reports – Generate a variety of compliance and other update reports to know the state of your OS patch levels. You can use the report output to run a new OS update job.
Version control and rollback – A snapshot, known as a system catalog, is automatically taken and saved before an OS update is performed. You can use the system catalog to revert back to a previous version.
Variety of methods to detect and deploy updates – The Enterprise Controller obtains information about latest updates from the Knowledge Base and OS vendor sites. You can deploy updates through the update profiles and policies, reports, and system catalogs.
The simulation feature enables you to test update dependencies by simulating an update job before you perform an actual update. You can manage different patching conditions that exist for installing a patch and keep track of the patching conditions. You can run an update simulation on Linux and Oracle Solaris hosts to identify the updates that apply and download updates in preparation for the actual deployment. By running a simulation, you can determine the outcome of the update job and adjust the update policies and procedures for the update before scheduling a OS update job. You can deploy the update to individual systems or a group of systems simultaneously. This approach adds predictability and consistency in the status of your operating systems.
To maintain version control, a system catalog is created when the OS is managed and after any action is performed on the operating system. A system catalog is a snapshot of the operating system that contains a list of operating system software components that are installed on the system and a date and time stamp. You can also create a system catalog at any time.
For added safety, you can create a system catalog of the host before the update is deployed. If needed after an update, you can quickly and easily rollback to a saved system state.
The system catalogs are a powerful tool that provide more than just version control. Catalogs provide the capability to directly manipulate the installed software components on a single operating system or a group of operating systems and provide rollback capability. You can save a catalog as a profile, and then use the profile to run an OS update job. You can compare the catalogs between operating systems and create profiles from the saved catalogs which can be later used for creating systems. You can also make the target system the same as the source system. Modifying a catalog is an alternate option for running an OS update job to install, uninstall, or upgrade a component. Modifying a catalog does not require an OS update profile to run the update job. It is a quick way of changing the component configuration in a system.
The tools and reports vary, depending on the OS. The procedures for installing updates on Oracle Solaris and Linux operating systems are very similar. The procedures for updating Windows uses the Microsoft System Center Configuration Manager (SCCM) to implement the software updates.
The Linux and Oracle Solaris OS update functionality enables you to perform updates from the following methods:
Creating and running an update job for one or more systems
Updating from an OS profile
Modifying a system catalog
Using Oracle Solaris Live Upgrade to create, update, and deploy an alternate boot environment
Creating one of several update reports to check for recommended updates, and then deploying the updates
Oracle Solaris Live Upgrade enables you to quickly create an alternate boot environment for your Oracle Solaris OS, update the boot environment, and deploy the host to production quickly. You can synchronize boot environments and roll back to previous version, if needed.
The software is designed to make it easy to monitor and manage a large numbers of assets from a single console. It provides end to end server awareness and robust monitoring capabilities for the hardware, storage devices, and operating systems in your data center. You can track system-defined parameters for hardware power consumption, hardware status (temperature, fan speed, and voltage), and key OS statistics (load, CPU, memory.)
For more robust monitoring, the software uses editable rules and event thresholds to monitor your systems. Each asset contains attributes or resources that are available for monitoring. A rule defines a specific monitored resource and the rule parameter defines when an alert is triggered. Specific rules are available for assets such as ILOMs, Oracle Solaris Cluster, storage devices, and DHCP and system-defined rules that monitor resource values, thresholds, value comparators, and JMX expressions for specific attributes.
The rules are bundled by asset type (such as global zones, non-global zones, and operating systems) into set of monitoring profiles that are installed with the product. These profiles enable quick and easy monitoring implementation. When a new asset is discovered and managed, the corresponding default monitoring profile is automatically implemented.
Monitoring profiles are available for the following asset types:
Oracle VM server for SPARC
An administrator can adjust the thresholds that trigger alerts for different severity levels (Critical, Warning, or Informational) based on your organization's policies, or disable rules and alert conditions. The following graphic is an example of an OS monitoring profile.
Depending on the type of asset being monitored, you can edit individual rules within a monitoring profile. You can copy a profile and create a customized profile for a specific asset type, such as Oracle Solaris 10, or you can create a profile that applies to all members of a group. For example, you can create a group specifically for your critical path systems and create a monitoring profile that uses more stringent monitoring rules for members of that group.
Enterprise Manager Ops Center uses a help desk approach to managing problems. When a problem is detected, it appears as a Critical, Warning or Informational alert in the Unassigned Problem queue in the Message Center. You can configure the software to send you notification of a problem to your e-mail address or pager. You can receive notification of all problems, or filter to receive e-mail or pager notification based on the problem severity.
Use the Message Center to view unassigned problems, problems assigned to you, and problems assigned to others. From this page, an administrator can assign the problem to an authorized user and then monitor the status and resolution. The following graphic shows the Unassigned Problems display in the Message Center, including the composition of the severity levels, a table of problems, by category and severity, and a detail section.
You can highlight a problem in the detail section to view the problem, any associated annotations, comments, or suggested actions. A variety of annotation options enable you to provide status updates, notes, or a suggested action. Depending on your permission level, you can add, edit, or remove annotations for a problem instance.
More sophisticated annotation options enable authorized users to add annotations to a Problems Knowledge Base for a specific Problem and asset type and associate annotations with an operational plan. This functionality enables you to provide a resolution or an automated response when a problem of this type occurs on an asset
If a problem on a supported system requires Oracle support, you can file a service request from this page. In addition, you can view the status of service requests submitted through this UI.
Reports provide you with insight into all phases of the asset lifecycle. You can gather more detailed information about job history, firmware, OS updates, and then export that information to CSV or PDF output. Problem reports export to HTML.
You can create the following reports in Enterprise Manager Ops Center:
Problem reports summarize problem details for a specific managed asset or detailed information about specific problems. You can export these reports into an HTML output.
The Summary Reports provide you with an historical account of the detected problems. You can create a report for a specific time period, for a specific severity level, status, type of problem, or the asset groups affected by the problem. These reports are invaluable in trend analysis and identifying patterns that you can then take steps to mitigate.
The Detail Reports contains detailed information about one or more selected problems and provides you with an audit trail of the problems.
Firmware Compliance Reports enable you to maintain consistent firmware versions across your data center. You can associate one of your firmware profiles with the report, then run the Firmware Compliance Report to determine if the firmware on the asset complies with your firmware profile's specifications. If assets do not contain the firmware version identified in the profile, you can update the firmware from the report.
Like firmware compliance reports, update reports give insight into the OS compliance state and recommends patches and packages. Generate a report to view the state of your OS patch levels, and then use the report output to update specific operating systems.
Update reports enable you to check for new patches and security advisories. You can get a general report, or test a system or installed package for available fixes. For auditing purposes, you can create a job history report. Several OS update reports are available for Linux, Oracle Solaris and Windows operating systems. You can export report results to CSV or PDF format.
The following compliance reports are available for all three types of operating systems: Host Compliance - Provides information on whether your system is compliant with security and bug fixes incidents. Incidence Compliance - Provides information about the number of systems to which the selected OS updates apply.
In addition to the reports listed above, the following reports are available for Linux and Oracle Solaris operating systems:
Job History – Provides a history of OS update install and uninstall jobs completed by Enterprise Manager Ops Center on managed systems.
CVE Compliance – Provides information on incidents that are related to specific Common Vulnerability and Exposure Identifiers (CVE IDs) and the systems that should have these incidents installed. CVE IDs are unique, common identifiers for publicly known security vulnerabilities.
Distribution Update – Provides basic information of all known distribution and local incidents.
Package Compliance – Provides the details of the selected packages on your managed system that are compliant or not compliant with the latest recommended version available.
Recommended Software Configuration (RSC) – Provides information about the system compliance for installing a specific application. For example, you can check an Oracle Solaris OS for patch requirements before installing Oracle 11g Database.
Service Pack Compliance (Linux only) – Provides information on incidents created by the publication and release of a service pack by a vendor. This helps to determine whether your system has the latest service packs released by the vendor.
Oracle Solaris Update Compliance (Oracle Solaris OS only) – Provides information on whether an Oracle Solaris system is compliant with a specific update.
Baseline Analysis (Oracle Solaris OS only) – Helps to check the compliance of systems against newly released Oracle Solaris baselines.
Obtain a report of historical server provisioning actions. Run this simple ad-hoc report to obtain details about the Deployment Plan provisioning activities that occurred over a specified time period. Get specific information about the activity, including who ran the provisioning job, which profiles were selected, and the final outcome.
Use the Hardware Configuration Reports to obtain hardware change history and inventory. Inventory reports enable you to filter by hardware assets and or components. You select the asset and component properties for the report output content and its sorting.
The Hardware Configuration reports enable you to view the following types of information:
hardware configuration changes on a server or across a group of servers
hardware inventory of various components as reported by the hardware view across all or selected assets
hardware inventory based on specified hardware component attributes such as model or part number
hardware inventory based on asset type model
Virtualization is a powerful method of leveraging under-utilized systems. You can virtualize operating systems with the Oracle Solaris Zones technology, or you can virtualize SPARC hardware with the Oracle VM Server for SPARC technology. Enterprise Manager Ops Center enables you to discover, provision, update, monitor, and manage the virtual systems.
Oracle Solaris Zones to create multiple identical virtualized OS environments created within a single instance of the Oracle Solaris OS. Zones use software-defined boundaries to isolate software applications. You can run applications in different zones with complete isolation, while the underlying OS resources are centrally managed and administered by the global zone. The global zone is the default operating system and has control over all the processes.
SPARC hardware virtualization uses Oracle Solaris VM Server for SPARC technology to create multiple virtual systems on a single piece of physical hardware. Each virtual system, known as a logical domain, can run a full instance of a unique operating system. You can run full instances of Oracle Solaris and Linux operating systems inside a single Oracle VM Server.
When you provision a SPARC server with the Oracle Solaris VM Server for SPARC software, a control domain is established. The control domain manages the logical domains. You can use Enterprise Manager Ops Center to create and provision logical domains, including allocating the system's memory, CPU threads, and devices to create multiple discrete logical domains. Each logical domain has its own operating system, resources, and identity within a single system. You can monitor the logical domain performance and notify you when it begins performing outside normal parameters.
By careful architecture, a virtualized environment can help you achieve greater resource usage, better scaling, and increased security and isolation.
Oracle VM Server for SPARC functionality is especially useful in scenarios such as the following:
Reduce the number of servers by creating logical domains to host applications that are currently running on several small Oracle Solaris and Linux servers
Create logical domains to host different OS kernels in the same system
Maximize isolation and security by providing completely separate OS and hardware resources
You can use virtual pools to manage the control domain and the logical domains, including migrate logical domains and balance the load on your Oracle VM Server for SPARC systems.
Virtual pool technology enables you to automatically balance the load of several Oracle VM Servers for SPARC to maximize capacity without overloading a server. Load balancing enables you to move a virtual system from one physical system to another. You can set parameters that enable the software to automatically balance the load, or you can elect to receive email notification and then decide whether to balance the load.