Skip Headers
Oracle® Enterprise Manager Cloud Administration Guide
12c Release 3 (12.1.0.3)

E28814-10
Go to Documentation Home
Home
Go to Book List
Book List
Go to Table of Contents
Contents
Go to Index
Index
Go to Feedback page
Contact Us

Go to previous page
Previous
Go to next page
Next
PDF · Mobi · ePub

3 Setting Up the Cloud Management Infrastructure

This chapter describes the initial setup needed before you can begin using the Enterprise Manager Cloud Management solution.

The chapter includes the following sections:

3.1 Setting Up the Software Library

The Software Library is a repository that stores software patches, virtual appliance images, reference gold images, application software and their associated directive scripts.

In the context of Cloud, the Software Library is the repository for PaaS database provisioning profiles and middleware deployment procedures created by PaaS self service administrators, Java EE Application components created by self service users, and virtual assemblies and templates created by IaaS administrators. The database profiles and middleware deployment procedures are then associated with an appropriate PaaS zone and made available to PaaS self service users, and similarly the virtual assemblies and templates are imported to an OVM zone and made available to IaaS self service users. IaaS self service users can also save their deployment inputs in the Software Library for subsequent use as deployment plans.

To access the Software Library page, from the Enterprise menu, click Provisioning and Patching, then select Software Library. The following screen appears:

Figure 3-1 Software Library Page

Software Library Page

For the Software Library to be usable, at least one upload location must be configured. Upload File locations are locations configured for storing files uploaded by the Software Library as part of creating or updating an entity. To configure an upload file location, follow these steps:

  1. Log in to Enterprise Manager as a user with EM_CLOUD_ADMINISTRATOR role.

  2. From the Setup menu, select Provisioning and Patching, then select Software Library.

  3. From the Actions menu, click Administration. The Software Library: Administration page appears where you can select the storage location.

  4. Select OMS Shared File System in the Storage Type list and click Add....

    A storage location can be of two types:

    • Upload File Locations: Upload File Locations are locations configured for storing files uploaded by Software Library as part of creating or updating an entity. Upload File Locations support two storage options, OMS Shared File System, and OMS Agent File System. For more details on configuring the software library storage, see the Configuring Software Library section in the Enterprise Manager Administration Guide.

    • Referenced File Locations: Referenced File Locations are locations that allow you, the end user to leverage your organization's existing IT infrastructure (like file servers, web servers, or storage systems). These location configurations are used by Software Library when there is a need to stage the files to host targets as part of a provisioning or patching activity. Referenced file locations can either be HTTP or Agent. For more details on configuring the software library storage, see the Configuring Software Library section in the Enterprise Manager Administration Guide.

  5. Specify a Name and Location that is accessible to all OMSes and click OK.

    Note:

    Because the storage location for the Software Library must be accessible to all OMSes as local directories, in a multi-OMS scenario, you must set up a clustered file system using OCFS2, NFS, ACFS, or DBFS. For single OMS systems, any local directory is sufficient. Ensure that sufficient storage space (more than 100 GB for production deployment of Enterprise Manager) has been allocated for the Software Library as this storage space is used to store all the cloud components.

    After the Software Library storage has been configured, you can store the following:

Only items that are available in the Software Library can be published for deployment by self-service users.

Note:

To enable Administrators (or users) to access, and leverage an OMS Agent Filesystem Software Library Location, the owner of the Named Credential must ensure that an explicit View privilege is granted to all the Administrators accessing the OMS Agent location. To do so, you can either click Add Grant and add the names of the administrators while creating the Named Credential, or edit an existing Named Credential to grant privileges to other Administrators (or users) by following these steps:
  • From the Setup menu, select Security, then select Named Credentials.

  • On the Named Credentials page, click Manage Access.

  • On the Manage Access page, click Add Grant to add a user, or Change Privilege to edit the privileges of an existing user. Click Save.

For more details on setting up and configuring the Software Library, see the Enterprise Manager Cloud Control Administrator's Guide.

3.2 Setting Up Self Update

The Self Update feature allows you to expand Enterprise Manager's capabilities by updating Enterprise Manager components whenever new and updated features become available between official releases. Oracle makes functional updates available between releases by publishing them to the Enterprise Manager Store, an external site that is periodically checked by Enterprise Manager to obtain information about available updates.

The updatable entities for the Oracle Cloud platform include:

Before you can use the Self Update feature, you must satisfy these prerequisites:

  • If you are applying an update in online mode, ensure that the My Oracle Support credentials have been set up using the SYSMAN user. This is required to enable entities to be downloaded from the My Oracle Support site.

  • The Software Library (also known as the local store) has been configured. Updates are downloaded to this local store before being deployed into Enterprise Manager.

Review the following sections for instructions on setting up Self Update:

3.2.1 Setting Up Enterprise Manager Self Update Mode

In order to set up or modify the Enterprise Manager Self Update feature, you must have Enterprise Manager Super Administrator privileges.

  1. Log in to Enterprise Manager as an administrator with Super Administrator privileges.

  2. From the Setup menu, select Extensibility, then select Self Update. The Self Update console appears with the default setup displayed.

  3. From the General status area, click the Connection Mode status to set either offline or online mode. Enterprise Manager takes you to the Patching Setup page to specify online and offline settings.

  4. Once the desired connection mode has been selected, return to the Self Update console.

    From here you can select entity types and schedule updates from the Enterprise Manager Update Store.

3.2.2 Assigning Self Update Privileges to Users

Enterprise Manager administrators must have the requisite privileges to use the Self Update feature. The Enterprise Manager Super Administrator must assign the following Self Update roles to these administrators:

  • VIEW_SELF_UPDATE: The user can view the Self Update console and can monitor the status of download and apply jobs.

  • MANAGE_SELF_UPDATE: The user can schedule download and apply jobs. User can also suppress/unsuppress updates. This privilege implicitly contains VIEW_SELF_UPDATE.

  • EM_INFRASTRUCTURE_ADMIN: The user can perform all self update operations. This privilege implicitly contains MANAGE_SELF_UPDATE.

By default, the Super Administrator will be granted EM_INFRASTRUCTURE_ADMIN privilege.

To assign Self Update privileges to regular Enterprise Manager administrators:

  1. From the Setup menu, select Security, then select Administrators.

  2. Select an administrator and click Edit.

  3. From the Roles page, assign the appropriate Self Update roles.

3.2.3 Setting Up the EM CLI Utility (Optional)

If you plan to apply software updates in offline mode, you will need to use the Enterprise Manager Command Line Utility, or EM CLI, to import entity archives for deployment to Enterprise Manager.

A page is provided in the Enterprise Manager Cloud Control console with instructions on setting up EMCLI. Access the page by appending /console/emcli/download to the URL used to access the Cloud Control console:

https://emcc_host:emcc_port/em

For example:

https://emcc_host:emcc_port/em/console/emcli/download

3.3 Deploying the Required Plug-ins

Much of the functionality available in Enterprise Manager Cloud Control is made available through plug-ins. As its name implies, a plug-in is a component or module that can be plugged into an existing Enterprise Manager installation to extend its management and monitoring capabilities.

The features that collectively comprise the Oracle Cloud Management solution are provided via several plug-ins which must be deployed to your Oracle Management Service (OMS). The plug-ins that must be deployed to enable each Cloud model are listed below.

You can deploy the plug-ins needed to enable Cloud in two ways:

  • If you have not yet installed Enterprise Manager Cloud Control, or have not yet upgraded to the latest Enterprise Manager release, you can deploy the plug-ins as part of the installation or upgrade process. You will select the Advanced Install mode and in the Select Plug-ins screen, select the plug-ins that you wish to install.

  • If you already have Enterprise Manager Cloud Control 12c installed, you must download the needed plug-ins to the Software Library. See Section 3.3.1, "Downloading the Plug-Ins to the Software Library"for instructions.

    You will then deploy the plug-ins to your Oracle Management Service (OMS). See Section 3.3.2, "Deploying Plug-Ins to Oracle Management Service" for instructions.

Plug-ins Required to Enable Infrastructure as a Service (IaaS)

  • Enterprise Manager for Oracle Cloud (listed as Oracle Cloud Application in Self Update)

  • Enterprise Manager for Oracle Virtualization (listed as Oracle Virtualization in Self Update)

  • Enterprise Manager for Oracle Consolidation Planning and Chargeback (listed as Oracle Consolidation Planning and Chargeback in Self Update)

Plug-ins Required to Enable Database as a Service (DBaaS)

  • Enterprise Manager for Oracle Cloud (listed as Oracle Cloud Application in Self Update)

  • Enterprise Manager for Oracle Virtualization (listed as Oracle Virtualization in Self Update)

  • Enterprise Manager for Oracle Consolidation Planning and Chargeback (listed as Oracle Consolidation Planning and Chargeback in Self Update)

  • Enterprise Manager for Oracle Database (listed as Oracle Database in Self Update)

  • Enterprise Manager for Storage Management (listed as Storage Management Framework in Self Update)

Plug-ins Required to Enable Middleware as a Service (MWaaS)

  • Enterprise Manager for Oracle Cloud (listed as Oracle Cloud Application in Self Update)

  • Enterprise Manager for Oracle Virtualization (listed as Oracle Virtualization in Self Update)

  • Enterprise Manager for Oracle Consolidation Planning and Chargeback (listed as Oracle Consolidation Planning and Chargeback in Self Update)

  • Enterprise Manager for Oracle Fusion Middleware (listed as Oracle Fusion Middleware in Self Update)

Plug-ins Required to Enable Testing as a Service (TaaS)

  • Enterprise Manager for Oracle Cloud (listed as Oracle Cloud Application in Self Update)

  • Enterprise Manager for Oracle Virtualization (listed as Oracle Virtualization in Self Update)

  • Enterprise Manager for Oracle Consolidation Planning and Chargeback (listed as Oracle Consolidation Planning and Chargeback in Self Update)

3.3.1 Downloading the Plug-Ins to the Software Library

You can download the plug-ins in online or offline mode. Online refers to an environment where you have Internet connectivity to connect to Enterprise Manager Store. Offline refers to an environment where you do not have Internet connectivity.

This section contains the following sections:

3.3.1.1 Downloading Plug-Ins in Online Mode

To download the plug-ins in online mode, follow these steps:

  1. From the Setup menu, select Extensibility, then select Self Update.

  2. On the Self Update page, in the table, click on Plug-in.

  3. On the Plug-in Updates page, select the plug-in available for download, and click Download.

    Multiple selection of plug-ins is not supported.

  4. In the Schedule Download dialog, select an appropriate option to schedule the download. You can also select Immediately which schedules the job for immediate action. Select Notify Once downloaded if you want to be informed once the download is complete.

  5. Click Select.

    Enterprise Manager Cloud Control submits a job to download the selected plug-in from the Enterprise Manager Store to the Software Library.

    A confirmation dialog appears to confirm that the job has been submitted successfully. In this confirmation dialog, you can click Job Details to track the status of the job.

3.3.1.2 Downloading Plug-Ins in Offline Mode

To download the plug-ins in offline mode, follow these steps:

  1. From the Setup menu, select Provisioning and Patching, then select Offline Patching.

  2. In the Online and Offline Settings tab, select Offline.

  3. Click Apply.

  4. From the Setup menu, select Extensibility, then select Self Update.

  5. On the Self Update page, click Check for Updates.

    A message appears with a URL to an Oracle site from where the updates catalog file can be downloaded.

  6. From an Internet-enabled computer, download the catalog file using the aforementioned URL.

  7. Copy the downloaded catalog file to the OMS host or the Management Agent host where you plan to deploy the plug-ins.

  8. Import the catalog file to Enterprise Manager. For instructions, refer to Importing Catalog Archives.

  9. On the Self Update page, in the table, click Plug-in.

  10. On the Plug-in Updates page, select the imported update that is available for download. Click Download.

    A message appears with a URL to an Oracle site from where the update can be downloaded.

  11. From a computer that is connected to the internet, download the update using the aforementioned URL.

  12. Copy the downloaded file to the OMS host or the Management Agent host where you plan to deploy the plug-ins.

  13. Import the downloaded plug-in archive to Enterprise Manager. For instructions, refer to Importing Plug-in Archives.

Importing Catalog Archives

To import a catalog archive, follow these steps:

  1. Download the catalog archive.

  2. Depending on where the catalog file has been download (to a local host or a remote host), run either of the following emcli commands to import the downloaded catalog archive.

    • Use this command if the catalog file has been downloaded locally to the machine on which the Oracle Management Service has been installed.

      emcli import_update_catalog

      -file="file"

      -omslocal

    • Use this command if the catalog file has been downloaded to a remote host on which the Management Agent is running.

      emcli import_update_catalog

      -file="file"

      -host="hostname"

      In this case, you must specify the necessary credentials to access the host as follows:

      [-credential_set_name="setname"] | -credential_name="name" -credential_owner="owner"

      For more details on these commands, see the Enterprise Manager Command Line Reference Guide.

Importing Plug-In Archives

Import plug-in archives to Oracle Software Library in the following cases:

  • When you want to deploy any non-Oracle plug-ins, that is, plug-ins that have been created by a company other than Oracle.

  • When you want to import other types of entity archives when Self Update is used in offline mode.

To import a plug-in archive, follow these steps:

  1. Download the external archive as described in the previous section.

  2. Set up the Enterprise Manager Command Line (EM CLI) utility. To do so, from the Setup menu, click Command Line Interface. Follow the instructions outlined on the Enterprise Manager Command Line Interface Download page.

  3. Import the external archive in one of the following ways, depending on where EM CLI is installed.

    • If Enterprise Manager server is on the system on which you downloaded the plug-in archive (*.opar file), run the following command:

      emcli import_update 
       -file=”<path to *.opar file>”
       -omslocal
      

      The -omslocal flag indicates that the plug-in archive path mentioned in the -file option is directly accessible to the EM server.

    • If Enterprise Manager server is on a different system than the plug-in archive, run the following command:

      emcli import_update 
               -file=”<path to *.opar file you created>”  
               -host="host1.example.com" 
               -credential_name="host1_creds" 
               -credential_owner="admin1"
      

      The command syntax is as follows:

      -file: The absolute path to the *.opar file on the system where you created the archive.

      -host: The target name for a host target where the file is available.

      -credential_name: The name of the credentials on the remote system you are connecting to.

      -credential_owner: The owner of the credentials on the host system you are connecting to.

    Note:

    As an alternative to the previous step, you can also run the following command:
    emcli import_update 
          -file=”<path to *.opar file you created>”          
          -host="hostname" 
          -credential_set_name="setname"
    

    -credential_set_name: The set name of the preferred credential stored in the Management Repository for the host target. It can be one of the following:

    • HostCredsNormal: The default unprivileged credential set.

    • HostCredsPriv: The privileged credential set.

3.3.2 Deploying Plug-Ins to Oracle Management Service

You can deploy plug-ins to an OMS instance in graphical or silent mode. While the graphical mode enables you to deploy one plug-in at a time, the silent mode enables you to deploy multiple plug-ins at a time, thus saving plug-in deployment time and downtime, if applicable.

This section contains the following sections:

Note:

  • To view a visual demonstration on how you can deploy a plug-in to the OMS and discover targets using it, access the following URL:

    https://apex.oracle.com/pls/apex/f?p=44785:24:491956260237501::NO::P24_CONTENT_ID,P24_PREV_PAGE:6000,1

  • In a multi-OMS environment, Plug-in Manager automates plug-in deployment on all the management servers.

  • A plug-in upgrade failure could put the Management Repository in an inconsistent state. Therefore it is strongly suggested that you back up the Management Repository, the Oracle Management Service, and the Software Library before upgrading the plug-in. See the Enterprise Manager Administrator's Guide for more details.

  • The deployment time varies from one plug-in to another, depending on the volume of data populated in the Management Repository. A page is displayed that allows you to monitor the deployment status.

  • The deployment of some plug-ins requires the OMS to be stopped, and then restarted. This process occurs automatically as part of the plug-in deployment process.

  • While deploying plug-ins to the OMS, OMS plug-in components, discovery plug-in components, and monitoring plug-in components are deployed to the OMS.

3.3.2.1 Deploying the Plug-ins in Graphical Mode

To deploy plug-ins to the OMS in graphical mode, follow these steps:

  1. From the Setup menu, select Extensibility, then select Plug-ins.

  2. On the Plug-ins page, select the plug-in you want to deploy.

  3. From the Deploy On menu, select Management Servers.

  4. In the Deploy Plug-in on Management Servers dialog, enter the Management Repository SYS password, and click Continue. Proceed through the steps in the dialog box.

  5. Click Deploy.

3.3.2.2 Deploying the Plug-ins in Silent Mode

To deploy plug-ins to the OMS in silent mode, follow these steps:

  1. Log in to EM CLI as follows:

    $ORACLE_HOME/bin/emcli login -username=sysman

  2. Run the following command:

    $ORACLE_HOME/bin/emcli sync

  3. To deploy the plug-ins on the OMS, run the following command:

    emcli deploy_plugin_on_server

    -plugin="plug-in_id[:version]

    [-sys_password=sys_password]

    [-prereq_check]"

    For example,

    emcli deploy_plugin_on_server -plugin="oracle.sysman.db:12.1.0.3.0;oracle.sysman.emas:12.1.0.4.0"

Note:

The procedure for plug-in deployment remains the same even in a multi-OMS environment. Enterprise Manager automatically detects whether it is a single-OMS or a multi-OMS environment and in case of a multi-OMS environment, Enterprise Manager automatically deploys the selected plug-in on all OMS instances.

If the plug-in deployment on any Oracle Management Service fails, perform the same steps again.

3.4 Defining Roles and Assigning Users

Roles are named groups of related system and object privileges. You can create roles and then assign them to users and to other roles. You can assign any of the existing roles to a new role and the associated privileges. Enterprise Manager contains three out-of-the-box roles for the Cloud Self Service Portal, namely:

  • EM_CLOUD_ADMINISTRATOR: Users with this role can set up and manage the cloud infrastructure. This role is responsible for deploying the cloud infrastructure (servers, zones, storage, and networks) and infrastructure cloud operations for performance and configuration management.

  • EM_SSA_ADMINISTRATOR: Users with this role can define quotas and constraints for the self service users and grant them access privileges. Users with this role also have provisioning and patching designer privileges that allow them to create and save deployment procedures, create and view patch plans, and support the plug-in lifecycle on the Management Agent. These privileges are required for initial setup and on going maintenance of the infrastructure.

  • EM_SSA_USER: Users with this role, by default, can only access the Self Service Portal. An administrator with the EM_SSA_ADMINISTRATOR role can provide additional privileges that allow users with the EM_SSA_USER role to access other features in Enterprise Manager.

    The table below lists the roles associated with each user.

    User Profile EM_CLOUD_ADMINISTRATOR EM_SSA_ADMINISTRATOR EM_SSA_USER
    Minimum roles required to create a user
    • EM_CLOUD_ADMINISTRATOR
    • PUBLIC

    • EM_USER

    • EM_SSA_ADMINISTRATOR
    • PUBLIC

    • EM_USER

    EM_SSA_USER
    Roles to be removed when creating a user NONE NONE
    • PUBLIC
    • EM_USER

      Additional roles may be added as required  

The Oracle Cloud Management Self Service Portal is intended for end-users to be able to provision and manage their own cloud services. Since the functions performed by users with the EM_CLOUD_ADMINISTRATOR and EM_SSA_ADMINISTRATOR roles are consistent across Enterprise Manager, these out-of-box roles can be used as they are. All you need to create users with the EM_CLOUD_ADMINISTRATOR and EM_SSA_ADMINISTRATOR roles.

But the EM_SSA_USER role is used for quota assignment, and to limit access to PaaS Infrastructure zones, and service templates. In this case, the pre-defined role cannot be used as it is defined. You must create custom SSA User roles based on the standard EM_SSA_ROLE role as described in Creating a Custom Role for Self Service Application Users. After creating a custom role, you must assign users to this role.

For example, in a DBaaS Cloud setup, you may want to create the following users:

  • CLOUD_ADMIN: This user will have the EM_CLOUD_ADMINISTRATOR role and is responsible for network, system, storage, and administration activities.

  • SSA_ADMIN: This user will have the EM_SSA_ADMINISTRATOR role and is responsible for database administration activities.

  • SSA_USER: In this case, the default EM_SSA_USER role must be customized and a custom role must be created. A user in this role is typically a junior database administrator, developer, or tester.

For more details on the Users and Roles, see the Enterprise Manager Cloud Control Administrator's Guide.

3.4.1 Creating a Custom Role for Self Service Application Users

Typically, you need to create new SSA User roles either for different functional groups like developers, testers, production DBAs, or for different customer teams like the Siebel DBA team, BRM DBA team, and operations team for hosting custom Java applications, and so on. To create a custom SSA user role, follow these steps:

  1. Log in to Enterprise Manager as a Super Administrator user.

  2. From the Setup menu, select Security, then select Roles.

  3. Click Create in the Roles page to launch the Create Role wizard.

  4. Provide a name and description (SSA_DEV_ROLES) for the role and click Next.

  5. From the list of Available Roles, select the SSA_DEV_ROLES role and move it to the Selected Roles table. Click Next.

  6. Accept the default target privileges and click Next.

  7. Accept the default resource privileges and click Next.

  8. Skip the Create Role: Administrators step and click Next.

  9. Review the changes and click Finish to create the custom SSA user (SSA_DEV_USERS) role.

3.4.2 Creating a User and Assigning Roles

To create a user called SSA_USER1 and grant the custom role created earlier (SSA_DEV_USERS), follow these steps:

  1. Log in to Enterprise Manager as a Super Administrator user.

  2. From the Setup menu, select Security, then select Administrators.

  3. Click Create in the Administrators page to launch the Create Administrator wizard.

  4. Enter the name and password for the user (SSA_USER1) and create Next.

  5. From the list of Available Roles, select the SSA_DEV_USERS role and move it to the Selected Roles table. Remove the EM_USER and PUBLIC roles from the Selected Roles table. Click Next.

  6. Accept the default target privileges and click Next.

  7. Accept the default resource privileges and click Next.

  8. Review all the changes and click Finish to create the SSA_USER1 user.

    Tip:

    To create multiple users with the same role, select the newly created user and click Create Like. This will create a new user that will have the same properties as the source. You can then update the name, description, and email address for the new user.

Note:

Repeat these steps to create other users. For users with the EM_CLOUD_ADMINISTRATOR and EM_SSA_ADMINISTRATOR roles, the EM_USER and PUBLIC roles must be retained as these users need access to additional features.

3.5 Configuring LDAP Authentication

Oracle Enterprise Manager provides tools and procedures to help you ensure that you are managing your Oracle environment in a secure manner. Enterprise Manager's authentication framework consists of pluggable authentication schemes that let you use the type of authentication protocol best suited to your environment. The following authentication schemes are available:

  • Oracle Access Manager (OAM) SSO

  • Repository-Based Authentication

  • SSO-Based Authentication

  • Enterprise User Security Based Authentication

  • Oracle Internet Directory (OID) Based Authentication

  • Microsoft Active Directory Based Authentication

Enterprise User Security (EUS) provides automatic authentication to users and roles from the LDAP compliant directory server.

For more details on Enterprise User Security, see the Enterprise Manager Cloud Control Administrator's Guide.

3.6 Configuring Privilege Delegation Settings

Privilege delegation allows a logged-in user to perform an activity with the privileges of another user. Sudo and PowerBroker are privilege delegation tools that allow a logged-in user to be assigned these privileges. These privilege delegation settings will be used for all provisioning and patching activities on these hosts.

To configure privilege delegation settings on cloud hosts, follow these steps:

  1. Create a Privilege Setting Template.

    1. Log in to Enterprise Manager as a Super Administrator user.

    2. From the Setup menu, select Security, then select Privilege Delegation.

    3. Under the Related Links section, click the Manage Privilege Delegation Setting Templates link.

    4. Select Sudo or PowerBroker from the Create list and click Go.

    5. Enter a template name, and the Sudo or PowerBroker command to be used on the target hosts. Sample values are provided in the description for the command fields. For example, the command for sudo is /usr/bin/sudo -u %RUNAS% %COMMAND%

    6. Click Save.

      Note:

      • If you select the PowerBroker option, you can specify an optional value in the PowerBroker Password Prompt field.

      • Check the path to the sudo or pbrun executable. For example, if you are using sudo, you can check this by opening a terminal to one of the hosts and run the command which sudo. The command returns the path to the executable.

  2. Deploy the template to the hosts.

    1. From the Setup menu, select Security, then select Privilege Delegation.

    2. Click Manage Privilege Delegation Settings Templates in the Related Links section.

    3. Select the template that you have created and click Apply.

    4. Click Add Targets and choose the hosts for which the template is to be applied.

    5. Click Select to select the hosts and click Apply.

    6. On the Past Apply Operations page, check the Status column for all hosts. A job has been submitted to all hosts to apply this privilege delegation setting.

    7. Refresh the page using the browser refresh button, or click Go on this page to refresh the status for all hosts.

    8. From the Setup menu, select Security, then select Privilege Delegation to navigate to the Privilege Delegation page. Click the Show link in the Status column to confirm that the privilege delegation settings have been applied on all hosts. You can install on a maximum of 16 servers at a time. The total time required will increase if the Management Agent is installed on a large number of servers.

    For more details on the configuring privilege delegation settings, see the Enterprise Manager Cloud Control Administrator's Guide.

3.7 Customizing the Self Service Login Page

You can configure Enterprise Manager and provide specific access to SSA users. To configure Enterprise Manager for SSA users, you must set some properties on the OMS and copy the required images to a specified directory. This section describes the following:

3.7.1 Configuring the Self Service Login Page

To launch a separate SSA login page for all SSA users, you must do the following:

  • Set the following mandatory property on all OMSes:

    $ORACLE_HOME/bin/emctl set property -name oracle.sysman.ssa.logon.ssa_oms -value true

    If this property is not set to true, the standard Enterprise Manager login page is displayed.

  • Set the following optional OMS properties.

    • $ORACLE_HOME/bin/emctl set property -name oracle.sysman.ssa.logon.show_cloud_provider_brand -value true

      If this property is not set to true, the default Oracle Enterprise Manager 12c logo is displayed.

    • $ORACLE_HOME/bin/emctl set property -name oracle.sysman.ssa.logon.show_cloud_tenant_brand -value true

      If this property is not set to true, the tenant logo is not displayed.

    • $ORACLE_HOME/bin/emctl set property -name oracle.sysman.ssa.logon.cloud_provider_alt_text -value "Cloud Provider"

    • $ORACLE_HOME/bin/emctl set property -name oracle.sysman.ssa.logon.cloud_tenant_alt_text -value "Cloud Tenant"

      These properties are optional and if not set, the default values for "Cloud Provider", and "Cloud Tenant" are displayed.

    • $ORACLE_HOME/bin/emctl set property -name oracle.sysman.ssa.logon.show_disclaimer_text -value true

      If this property is not set to true, the default Oracle copyright message is displayed.

    • $ORACLE_HOME/bin/emctl set property -name oracle.sysman.ssa.logon.disclaimer_text -value "Customer specified Disclaimer text"

      If this property is set to true, the specified disclaimer text is displayed instead of the default Oracle copyright message.

    • $ORACLE_HOME/bin/emctl set property -name oracle.sysman.ssa.logon.show_em_branding_text -value true

      If this property is not set to false, the "Powered by Oracle Enterprise Manager" text will appear on the Self Service Login page.

  • Copy the following images to the $ORACLE_HOME/sysman/config/ directory.

    • cloud_provider_small_brand.png

    • cloud_tenant_small_brand.png

      If a single image is used, the maximum recommended size is 500 * 20 px. If 2 images are used, the maximum recommended size is 200 * 20 px per image. After login, these images are displayed instead of the Oracle logo, if the OMS properties oracle.sysman.ssa.logon.show_cloud_provider_brand and oracle.sysman.ssa.logon.show_cloud_tenant_brand are set. If the OMS property oracle.sysman.ssa.logon.show_cloud_provider_brand is not set to true, along with the tenant logo, the default Oracle logo appears.

    • cloud_provider_large_brand.png

    • cloud_tenant_large_brand.png

      If a single image is used, then the maximum recommended size is 525 * 60 px. If 2 images are used, the maximum recommended size is 250 * 50 px per image. These images are displayed on the login page, if the OMS properties oracle.sysman.ssa.logon.show_cloud_provider_brand and oracle.sysman.ssa.logon.show_cloud_tenant_brand are set.

For example, if ACME Corp is the Cloud Service Provider and XYZ is the Cloud Tenant, the customized login page appears as follows:

Figure 3-2 Customized SSA Login Page

Customized SSA Login Page

After the SSA user has logged in, the customized Infrastructure Self Service Portal is displayed as shown below:

Figure 3-3 Customized Post-Login Page

Customized Post-Login Page

3.7.2 Switching Back to the Enterprise Manager Login Page

To revert to the default Enterprise Manager login page, set the following property:

$ORACLE_HOME/bin/emctl set property -name oracle.sysman.ssa.logon.ssa_oms -value false

3.7.3 Routing SSA Requests to a Specific OMS Pool

Oracle Management Service (OMS) is one of the core components of Enterprise Manager Cloud Control that works with the Oracle Management Agents (Management Agents) and plug-ins to discover targets, monitor and manage them, and store the collected information in a repository for future reference and analysis.

When you install Enterprise Manager for the very first time, by default, one OMS is installed along with one Management Agent. This default configuration is suitable for small environments. In larger production environments with several SSA users, you may need to install additional OMS instances to reduce the load on a single OMS and improve the efficiency of the data flow. You can then configure the Server Load Balancer (SLB) to redirect all SSA requests to a specific OMS pool. The other OMS pools will then be available for administration usage. To learn more about setting up multiple OMS instances and the SLB, see Adding Additional Oracle Management Service section in the Enterprise Manager Cloud Control Basic Installation Guide.

To redirect SSA requests, you must specify the following SLB configuration:

https://<slb_host_name>:<slb_em_port>/em redirecting to oms for em

https://<slb_host_name>:<slb_ssa_port>/em redirecting to oms for ssa

The SSA and non-SSA OMS pools are differentiated based on the port number. All requests with a particular port number will be redirected to a specific OMS pool (SSA OMS pool) and all the other requests will be redirected to the other pool.