|Oracle® Enterprise Manager Cloud Control Administrator's Guide
12c Release 1 (22.214.171.124)
Part Number E24473-01
|PDF · Mobi · ePub|
This chapter introduces the concept of group management and contains the following sections:
Today's IT operations can be responsible for managing a great number of components, such as databases, application servers, hosts, or other components, which can be time consuming and impossible to manage individually. The Enterprise Manager Cloud Control group management system lets you combine components (called targets in Enterprise Manager) into logical sets, called groups. This enables you to organize, manage, and effectively monitor the potentially large number of targets in your enterprise.
Enterprise Manager Groups can include:
Targets of the same type, such as:
All hosts in your data center
All of your production databases
Targets of different types, such as:
The database, application server, listener, and host that are used in your application environment
Targets operating within a particular data center region
Note:An Enterprise Manager "System," used specifically to group the components on which a service runs, is a special kind of Enterprise Manager group. Many of the functions and capabilities for groups and systems are similar.
Typically you can gather together targets that you want to manage as a group. If you use the target properties (for example, Line of Business or Deployment Type) to put operational information about your targets in Enterprise Manager, you can use these properties when creating groups to locate targets. For example, you could search for all databases of Deployment Type = Production and belonging to Line of Business 'HCM'. You can also create a group hierarchy and use nested groups.
View a summary status of the targets within the group.
Monitor outstanding alerts and incidents for the group collectively, rather than individually.
Monitor the overall performance of the group.
Perform administrative tasks, such as scheduling jobs for the entire group, or blacking out the group for maintenance periods.
You can also customize the console to provide direct access to group management pages.
When you choose Groups from the Targets menu on the Enterprise Manager menu bar, the Groups page appears as seen in Figure 6-1. From the page you can view the currently available groups and perform the following tasks:
View a list of all the defined groups.
Search for existing groups and save search criteria for future searches.
View a roll-up of the outstanding alerts and incidents for members in a group.
Create administration groups, associate template collections, and disassociate template collections
Add groups or privilege propagating groups, remove groups, and change the configuration of currently defined groups.
Drill down from a specific group to collectively monitor and manage its member targets.
Redundancy groups and special high availability groups are not accessed from this Groups page. You can access them from the All Targets page.
Figure 6-1 Groups Home Page
The Group Home page, shown in Figure 6-2, enables you to quickly view key information about members of a group, eliminating the need to navigate to individual member targets to check on availability and performance. You can view the entire group on a single screen and drill down to obtain further details. The rolled up numbers include alerts and incidents for all members including those in nested groups. The Group Home page provides the following sections:
A General section that shows the Owner, Group Type, and Privilege Propagation status.
A Status section that shows how many member targets are in up, down, and unknown states. For nested groups, this segment shows how many targets are in up, down, and unknown states across all its sub-groups. The status roll up count is based on the unique member targets across all sub-groups. Consequently, even if a target appears more than once in sub-groups, it is counted only once in status roll ups. Click on member names to go to the member Status page.
An Overview of Incidents and Problems section that displays the number of outstanding critical, warning, and error alerts associated with the current group. For nested groups, this segment shows how many targets are in an alert state across all its sub-groups.
The rolled up information is shown for all the member targets regardless of their status. The status roll up count is based on the unique member targets across all sub-groups. Consequently, even if a target appears more than once in sub-groups, its alerts are counted only once in alert roll ups.
Click on the number in the Problems column to go to the Incident Manager page to search, view, and manage exceptions and issues in your environment. By using Incident Manager, you can track outstanding incidents and problems.
A Compliance Summary section that shows how many of your group members do not comply with Enterprise Manager policy rules. Non-compliant members are indicated with the number of critical, warning, and informational incidents along the Average Compliance Score (as a percentage) for each compliance rule. You can click on the Members tab to see the Member Targets and their types along with any violations and an average score for each member target.
The numbers include the group-level incidents (if any group-level policy is defined), as well as group members violations. The rolled-up information for all policy categories, including security, is shown for all the member targets regardless of their status.
A Job Activity section that displays the status for jobs that have started within the previous 7 days. The embedded table shows you the number of executions submitted to the group or any group members listed by status type, such as Problem Executions, Suspended Executions, and so on.
A Blackouts section that allows you to create blackout periods and view the status of existing blackouts. The table displays the Scheduled and Active blackouts for each group or group member. Click on Create to define primary blackout identification information and assign targets to be blacked out.
A Patch Recommendations section that shows the total number of Oracle critical patch advisories (including one or more critical patches) that are applicable to your enterprise, and the number of Oracle homes in your enterprise to which those patches should be applied. You can view the information by Classification or by Target Type.
Click on the Current number link to go to the Group Critical Patch Advisories page. If your Oracle MetaLink Credentials are not configured, click Not Configured to go to the Patching Setup page. After you configure this page, Enterprise Manager collects information about Oracle critical patch advisories that are relevant to your enterprise.
An Inventory and Usage section where you can view inventory summaries for deployments such as hosts, database installations, and fusion middleware installations on an enterprise basis or for specific targets. You can select an option such as Platform or Version to roll up inventory. Optionally, you can click See Details to navigate to the Inventory and Usage Details page where you can perform more detailed tasks such as viewing trends in inventory counts charted across a time line, revising selections to refresh chart and details based on new selections, or export deployment and details tables to CSV files.
A Configuration Changes for Last 7 Days section that displays the number for configuration changes and Relationship changes incurred over the previous 7 days. Configuration history is a log of changes to a target, such as a group or beacon, recorded over a period of time. The recorded history includes changes both to configurations and to relationships. Relationships are the associations that exist among managed entities. You can click on the number of changes in either column to view more detailed information about the change.
Figure 6-2 Group Home Page
The Group Charts page, shown in Figure 6-3, enables you to monitor the collective performance of the group. Out-of-box performance charts are provided based on the type of members in the group. For example, when databases are part of the group, a Wait Time (%) chart is provided that shows the top databases with the highest wait time percentage values. You can view this performance information over the last 24 hours, last 7 days, or last 31 days. You can also add your own custom charts to the page.
You can access the Charts page by choosing Charts from the Monitoring sub-menu of the Group menu.
Figure 6-3 Group Charts Page
The Group Members page, shown in Figure 6-4, summarizes information about the member targets in the group. It includes information on their current availability status, roll-up of open alerts and incidents, and key performance metrics based on the type of targets in the group.
You can visually assess availability and relative performance across all member targets. You can sort on any of the columns to rank members by a certain criterion (for example, database targets in order of decreasing wait time percentage). Default key performance metrics are displayed based on the targets you select, but you can customize these to include additional metrics that are important for managing your group.
Figure 6-4 Members for Group Page
You can use the Group Status History page to view the historical availability of a member during a specified time period, view the current status of all group members, or access the home pages for members.
Bar graphs provide a historical presentation of the availability of group members during a time period you select from the View Data drop-down list. The color-coded graphs can show statuses of Up, Down, Under Blackout, Agent Down, Metric Collection Error, and Status Pending. You can select time periods of 24 hours, 7 days, or 31 days.
To view the current status or a member, you can click on a Status icon to go to the Availability page, which shows the member's current and past availability status within the last 24 hours, 7 days, or 31 days. Click a member Name to go to the member's Home page. You can use this page as a starting point when evaluating the performance of the selected member.
You can access the Group Status History page by choosing Status History from the Monitoring section of the Group menu.
The System Dashboard, shown in Figure 6-5, enables you to pro-actively monitor the status and alerts in the group as they occur. The color-coded interface is designed to highlight problem areas using the universal colors of alarm—targets that are down are highlighted in red, metrics in critical severity are shown as red dots, metrics in warning severity are shown as yellow dots, and metrics operating within normal boundary conditions are shown as green dots.
Using these colors, you can easily spot the problem areas for any target and drill down for details as needed. An alert table is also included to provide a summary for all open alerts in the group. The alerts in the table are presented in reverse chronological order to show the most recent alerts first, but you can also click on any column in the table to change the sort order.
The Dashboard allows you to drill down for more detailed information. You can click on the following items in the Dashboard for more information:
A target name to access the target home page
A group or system name to access the System Dashboard
Status icon corresponding to specific metric columns to access the metric detail page
Alerts icon for a group to access the Alerts page for that aggregate object
Status icon for a metric with key values to access the metric page with a list of all key values
Status icon for a metric with a specific key value to access the metric detail page with the specified key
Dashboard header to access the group home page
Status icon for down, critical or warning alerts to access the Alerts page
Alerts messages to access the metric detail page containing the alert history for the target
Click Customize to access the Edit Group pages. By default, Enterprise Manager takes you to the Edit Group Dashboard page where you can change the target display and data refresh frequency. However, you can also modify any other group properties that affect the content of the System Dashboard. Columns that appear in the Dashboard target area mirror the columns that appear in the Edit Group Columns page. To display additional columns, click Modify on the Edit Group Columns page and add the desired metric columns.
In the "Group by Target Type" mode, the Dashboard displays information of the targets based on the specific target types present in the group or system. The statuses and alerts displayed are rolled up for the targets in that specific target type.
Columns that appear in the Dashboard target area mirror the columns that appear in the Edit Group Columns page. To display additional columns, click Modify on the Edit Group Columns page and add the desired metric columns.
If you minimize the dashboard window, pertinent alert information associated with the group or system is still displayed in the Microsoft Windows toolbar. For example, (#1 X3 !5) denotes there is 1 Target Down Alert, 3 Critical Alerts and 5 Warning Alerts associated with this group or system.
Enterprise Manager provides several out-of-box reports for groups as part of the reporting framework, called Information Publisher. These reports display important administrative information, such as hardware and operating system summaries across all hosts within a group, and monitoring information, such as outstanding alerts and incidents for a group.
You can access these reports from the Information Publisher Reports menu item on the Groups menu.
See Also:Chapter 10, "Information Publisher"
A redundancy group is a group that contains members of the same type that function collectively as a unit. A type of redundancy group functions like a single logical target that supports a status (availability) metric. A redundancy group is considered up (available) if at least one of the member targets is up.
You can create and administer a redundancy group from the All Targets page. Redundancy groups support all group management features previously discussed.
When you define the Redundancy Group, you must choose the member type for the members in the Redundancy Group.
You can define the options for how availability of the redundancy group is calculated by selecting either Number or Percentage:
Number - When you choose Number, you can specify either the number of member targets that should be up in order for the group to be considered up, or the number of member targets that should be down in order for the group to be considered down.
Percentage - When you choose Percentage, you can specify either the minimum percentage of member targets that must be up in order for the group to be considered up, or the minimum percentage of member targets that are down in order to consider the group to be down. If you choose Percentage, the required number of member targets will be rounded off to the next integer. For example if you define the Percentage as 50% and the total number of member targets is 5, then the value used for calculating the availability will be 3.
Figure 6-6 shows the Create Redundancy Group page while defining the group using Percentage availability.
Do not use redundancy groups if the group you want to model is an Oracle Real Application Clusters database, host cluster, HTTP server high availability group, or OC4J high availability group. Instead, you can use the following specialized target types for this purpose:
HTTP HA Group
OC4J HA Group
Privilege propagating groups enable administrators to grant privileges to other administrators in a manner in which new administrators get the same privileges as its member targets. For example, granting operator privilege on a group to an Administrator grants him the operator privilege on its member targets and also to any members that will be added in the future. Privilege propagating groups can contain individual targets or other privilege propagating groups.
Privileges on the group can be granted to an Enterprise Manager user or a role. Use a role if the privileges you want to grant are to be granted to a group of EM users. See Figure 6-7, "Granting Privileges On a Group To a Role".
For example, suppose you create a large privilege propagating group and grant a privilege to a role which is then granted to administrators. If new targets are later added to the privilege propagating group, then the administrators receive the privileges on the target automatically. Additionally, when a new administrator is hired, you only need to grant the role to the administrator for the administrator to receive all the privileges on the targets automatically.
The privilege propagating group creation function is a privileged activity. The privilege propagating group feature contains two new privileges:
Create Privilege Propagating Group
This privileged activity allows the administrators to create the privilege propagating groups. Administrators with this privilege can create propagating groups and delegate the group administration activity to other users.
This privilege can be granted to administrators on specific group targets and is used to delegate the group administration activities to other administrators. It is granted to both conventional and privilege propagating groups.
The Group Administration Privilege is available for both Privilege Propagating Groups and conventional groups. If you are granted this privilege, you can grant access to the group to other Enterprise Manager users without having to be the SuperAdministrator to grant the privilege.
The target privileges granted on a propagating group are propagated to member targets. The administrator grants target objects scoped to another administrator, and the grantee maintains the same privileges on member targets. The propagating groups maintain the following features:
The administrator with a Create Privilege Propagating Group privilege will be able to create a propagating group
To add a target as a member of a propagating group, the administrator must have Full target privileges on the target
You can add any non-aggregated target as the member of a privilege propagating group. For aggregated targets in Cloud Control version 12g, cluster and RAC databases and other propagating groups can be added as members (cluster and RAC databases must be added via the emcli verb). There is no support for this through the Enterprise Manager interface in version 10.2.0.5. Grid Control version 11g, however, supports more aggregated target types, such as redundancy groups, systems and services. These, along with cluster and RAC databases, can be added in version 12g via the Cloud Control Console.
If you are not the group creator, you must have at least the Full target privilege on the group to add a target to the group.
In Enterprise Manager version 12g you can convert conventional groups to privilege propagating groups (and vice-versa) through the use of the specified EMCLI verb. Two new parameters have been added in the modify_group EMCLI verb:
This parameter is used to modify the privilege propagation behavior of the group. The possible value of this parameter is either true or false.
This parameter indicates whether existing privilege grants on that group are to be revoked at the time of converting a group from privilege propagation to normal (or vice versa). The possible values of this parameter are yes or no. The default value of this parameter is yes.
These same enhancements have been implemented on the following EMCLI verbs: modify_system, modify_redundancy_group, and modify_aggregrate_service.
The EMCLI verb is listed below:
emcli modify_group -name="name" [-type=<group>] [-add_targets="name1:type1;name2:type2;..."]... [-delete_targets="name1:type1;name2:type2;..."]... [-privilege_propagation = true/false] [-drop_existing_grants = Yes/No]
For more information about this verb and other EMCLI verbs, see the EMCLI Reference Manual.
Administration Groups are a special type of group used to fully automate application of monitoring settings to targets upon joining the group. When a target is added to the group, Enterprise Manager applies monitoring settings using a template collection consisting of monitoring templates, compliance standards, and cloud policies. This completely eliminates the need for administrator intervention. With regular groups, Enterprise Manager applies the template settings only to those targets that are current members of the group.
Administration groups are mutually exclusive with other administration groups in terms of group membership: A target can only be a member of one administration group at any given point in time. Administration groups can also be used for hierarchically classifying targets in an organization. For example, all production databases located in Denver datacenter running financial applications could be part of one administration group. All test databases located at the same datacenter running identical financial applications could be part of another administration group.
The following are key attributes of Administration Groups:
Privilege propagation to simplify management of member target privileges
Administration groups defined and created based on membership criteria (target properties)
Enterprise Manager automatically adds targets to an administration group if that target meets membership criteria
Users cannot directly add targets to the administration group
Administration groups are essentially regular (dynamic) Enterprise Manager groups that possess the following additional characteristics:
Administration group members can be of different target types.
Members of administration groups can be either targets or other administration groups.
An administration group itself can be a member of at most one administration group.
You can add a system to an administration group. You can specify that only certain members of the system be added to the administration group by setting target properties for the system members which need to become members of the same administration group. By default, all members of the system will not be added to the administration group as some system members may belong to other systems.
Templates can be applied to administration groups and will be automatically applied to new members of the group.
All administration groups are privilege propagating groups. Groups, Generic Systems, Generic Services and any other non-privilege propagating aggregates cannot become members of an administration group.
Use these general steps to create Administration Groups.
Step 1: Design Your Grid's Hierarchy
First, design a way to organize your targets so they make a logical hierarchy of your organization. The hierarchy shown at the bottom is one example. Properties you can use to manage your hierarchy are global target properties like Contact, Lifecycle Status, Location, Line of Business, Department, and so on.
The order of the properties that make up your hierarchy matters. It determines the order that template collections are applied to groups in the hierarchy. Settings from template collections at the lowest level of the hierarchy override settings from the template collections at higher levels.
Step 2: Assign Properties To Targets
Be sure all of the targets in your organization have the correct property values associated. You can use All Targets page to view the state of each property across all targets in your grid. As for associating properties to targets, while you could use Enterprise Manager to do this, EMCLI will be more efficient, especially if you have a large number of changes to make.
Step 3: Prepare for Creating Template Collections
Template Collections are sets of Monitoring Templates, Compliance Standards and/or Cloud Policies that are applied to targets. So before you create Template Collections, prepare these items so that you can add them to your Template Collections.
Step 4: Manage Administration Groups and Template Collections
Setup the Administration Groups hierarchy. Administration Groups are a hierarchy of groups whose hierarchical structure is defined at each level of the hierarchy by target properties. To create the administration group hierarchy, choose a target property for each level, and specify the possible values for each target property. The values specified will be used as membership criteria for groups created at that level. To specify multiple values as criteria for a group, merge the multiple values together. You can preview the group hierarchy as it is defined. You can also click on the auto-generated group name to specify a more meaningful name.
Create template collections. Template Collections are sets of Monitoring Template, Compliance Standard and/or Cloud Policies that are applied to targets. Therefore before you create Template Collections, prepare these items so that you can add them to your Template Collections. For more information, see Working With Template Collections.
Next, associate Template Collections to Administration Groups.
Finally, synchronize the targets with the selected items.
A template collection is a assemblage of settings used to monitor/manage targets in Enterprise Manager. Template collections are assigned to administration groups. When members targets are added to an administration group, they automatically inherit monitoring settings specified in the template collections.
Within a template collection, there can only be one template per target type. For example, you can have a template collection containing a template for database and a template for listener, but you cannot have a template collection containing 2 templates for databases.
You create template collections when you define administration groups. Template collections may consist of three types of monitoring/management setting categories:
Monitoring Templates (monitoring settings)
Compliance Standards (compliance policy rules)
Cloud Templates (cloud policies such as determining when to start virtual machines or scale out clusters)
When creating a template collection, you can use the default monitoring templates, compliance standards, or cloud templates supplied with Enterprise Manager or you can create your own.
In order to create an administration group, you must have the requisite privileges. You must be logged in as an Enterprise Manager Super Administrator,. The same privilege requirements apply to editing and deleting administration groups.
Developing an administration group involves the following process:
Plan your administration group hierarchy by creating a group hierarchy based on how you manage your targets.
Example: If production targets are monitored differently from non-production targets, then 'Lifecycle Status' property (Production versus Non-Production) can be used as criteria in the administration group hierarchy.
Plan the management settings associated with the administration groups in the hierarchy.
Management settings: Monitoring settings, Compliance standard settings, Cloud policy settings
For Monitoring settings, you can have additional metric settings or override metric settings lower in your hierarchy
For Compliance standards or Cloud policies, additional rules/policies lower in the hierarchy are additive
Enter the group hierarchy definition and management settings in Enterprise Manager.
Create the administration group hierarchy
Create the monitoring templates, compliance standards, cloud policies and add these to template collections
Associate template collections with administration groups
Add targets to the administration group by assigning the appropriate values to the target properties such that Enterprise Manager automatically adds them to the appropriate administration group.
Follow these steps to create an Administration Group. Steps one through three are performed on the Administration Group homepage. To access this page:
From the Setup menu, choose Administration Groups from the Add Target sub menu. The Administration Groups homepage displays.
Read the relevant information on the Overview tab.
Click Hierarchy Definition and define the group hierarchy. See the Hierarchy Definition page online help for specific task information.
Click Template Collections and define the template collections to be associated with the administration groups. See the Template Collections page online help for specific task information.
Click Template/Group Associations and assign the template collections with the appropriate administration groups. See the Template/Group Associations page online help for specific task information.
Modifying an administration group occurs at two levels: Editing the group members from the Administration Groups and Template Collections area and editing/configuring the Administration Group from the Group homepage.
Editing administration group members is accomplished through the target properties that define the group hierarchy.
From the Setup menu, choose Administration Groups from the Add Target sub menu.
From the Hierarchy Definition tab, modify the Hierarchy Levels and/or associated properties as required.
Click Update. Upon successful update, you are taken to the Template/Group Association page.
Click Synchronization Schedule.
From the Synchronization Schedule dialog, click Sync Now or set a date and time for synchronization.
You edit and configure the administration group itself just as you would a regular group from the group homepage.
From the Setup menu, choose Administration Groups from the Add Target sub menu.
Click on the Template/Group Associations tab.
Select the desired group from the hierarchy diagram.
Click Goto Group Homepage.
Edit the group as appropriate.
When you delete an administration group, any stored membership criteria is removed. Note: You cannot delete a compound administration group, since it will break the hierarchy. If you must delete a compound administration group then a leaf-up approach should be followed for deletion.
From the Setup menu, choose Administration Groups from the Add Target sub menu.
Click on the Hierarchy Definition tab.
Select the administration group(s) you want to remove.