Contents

Title and Copyright Information

Preface

• Audience
• Related Documents
• Conventions

1 Overview

• Overview of the Architecture
  • About the Knowledge Base (KB) and Package Repository
  • About the Enterprise Controller
  • About the Proxy Controller
  • About the Agent Controllers
  • About the Database
  • Security of the Architecture
  • About Authentication Between the Proxy Controller and Agents
    • About Authentication of Agent-Managed Asset
      • Overview of the Authentication of the Agent
      • Overview of the Authentication of the Proxy Controller
    • About Authenticated Transactions
• General Principles of Security
  • About Keeping Software Up To Date
  • About Restricting Network Access
  • About the Principle of Least Privilege
    • Role Requirement for Tasks
    • Assigning Roles and Privileges to a User
  • About Monitoring System Activity
    • About Audit Logs for Performance and Security
      • Syntax of an Audit Log Entry
      • Changing the Date and Time Format of the Audit Log
      • Example of an Audit Log
    • Activity Log Files for Components
    • High Availability
    • Software Updates
    • Agents
    • Local Database

2 Secure Installation and Configuration

• Planning the Deployment
  • About High Availability
    • Requirements for Enterprise Controller High Availability
    • Limitations of High Availability
  • Overview of Network Configuration
  • About Infrastructure and Operating Systems
  • About Storage Configuration
  • About a Remote Database
  • Typical Deployment
• Installing Oracle Enterprise Manager Ops Center
  • About Controlling Access
  • About Substituting CA Certificates for the Default Certificates
  • Obtaining a Certificate Authority's Certificate
  • Viewing the Enterprise Controller's Truststore and Keystore
  • About CA Certificate Expiration
  • Verify a Certificate's Expiration Date
  • Replace the Certificate for the Enterprise Controller
  • Replace the Certificate for the Proxy Controller
  • Substituting Certificates for the Glassfish Web Container
  • Replace the Certificate for the Apache UCE Container
  • About Installing a Remote Proxy Controller Securely
• Configuring Oracle Enterprise Manager Ops Center
  • About the Connection Mode
  • Disable Multiple Logins
  • About Securing the Log Files
  • About Database Credentials
    • About Securing the Local Database
    • About Securing a Remote Database
    • Using the refactorOCPrivs_12.1.x.0.sql Script
    • Changing the Database Credentials for the Ops Center User
    • Changing the Database Credentials for the Read-Only User
  • Disable the Domain Model Navigator
  • Enable the Domain Model Navigator on the Enterprise Controller
  • Using the Domain Model Navigator
    • Logging Into the Domain Model
    • Searching the Domain Model
    • Changing the Domain Model
    • Logging Out of the Domain Model Navigator
  • Secure the Agents
  • About Securing the Browsers
  • About Strong Cipher Encryption
    • Verifying the Encryption Type
    • Configuring Proxy Controllers to Use a Strong Cipher Suite
  • Transport Layer Security (TLS)
    • About TLS Versions
    • Changing the TLS Version for Apache UCE Container
    • Changing the TLS Version for Glassfish Web Container
• Viewing the Enterprise Controller's Configuration
• About Editing the Configuration
• Access to Database Data
  • Viewing Core Product Data Using Oracle SQL Developer
    • Modifying Oracle*Net Listener
    • Opening Oracle*Net to External Access
    • Creating the Connection to the Database
    • Viewing Data From the Database Using Oracle SQL Developer
  • Viewing Core Product Data Using SQL*Plus

3 Security Features

• Configuring and Using Authentication
  • About Identity Management for Users
    • About Configuring an LDAP Server
      • To Configure the Directory Structure
      • To Add a Directory Server
    • About PAM Authentication
      • Verifying PAM Authentication
      • Changing the PAM Authentication
  • Credentials for My Oracle Support
  • Credentials for IAAS and Cloud Deployments
• About Authorization
  • About Credentials for Assets
    • Using SSH Key-Based Authentication
    • Creating Credentials for Access to the Serial Console or SSH Tunnel
      • Defining the system property for console access
      • Creating the account using Enterprise Manager Ops Center
      • Creating the account using the useradd command
    • About Managing Assets Using the agentadm Command
      • Before You Install an Agent Controller
      • Using User Credentials to Install and Configure an Agent Controller Manually
      • Using a Token to Install and Configure an Agent Controller Manually
    • Changing Credentials of Managed Assets
      • Preparing to Use sudo
      • Upgrading Management Credentials From a Previous Version
      • Updating Management Credentials
      • Creating Management Credentials
      • Editing Management Credentials
      • Copying Management Credentials
      • Deleting Management Credentials
    • Creating a Credential Plan
    • Applying the Credential Plan
  • About Certificates
• Configuring and Using Access Control
  • Verifying Security of Session Cookies
  • Setting the Expiration Time for Sessions
  • Removing Code Examples
• Configuring and Using Data Protection
  • Using an NFS Server
  • About Backing Up and Restoring the Enterprise Controller
    • Backing Up an Enterprise Controller
    • Restoring an Enterprise Controller
      • Example: Restoring an Enterprise Controller With an Embedded Database
      • Example: Restoring an Enterprise Controller With a Customer-Managed Database
      • Example: Restoring an Enterprise Controller With a Customer-Managed Database Without Restoring the Database Schema

Index