Go to main content
1/7
Contents
Title and Copyright Information
Preface
Audience
Related Documents
Conventions
1
Overview
Overview of the Architecture
About the Knowledge Base (KB) and Package Repository
About the Enterprise Controller
About the Proxy Controller
About the Agent Controllers
About the Database
Security of the Architecture
About Authentication Between the Proxy Controller and Agents
About Authentication of Agent-Managed Asset
Overview of the Authentication of the Agent
Overview of the Authentication of the Proxy Controller
About Authenticated Transactions
General Principles of Security
About Keeping Software Up To Date
About Restricting Network Access
About the Principle of Least Privilege
Role Requirement for Tasks
Assigning Roles and Privileges to a User
About Monitoring System Activity
About Audit Logs for Performance and Security
Syntax of an Audit Log Entry
Changing the Date and Time Format of the Audit Log
Example of an Audit Log
Activity Log Files for Components
High Availability
Software Updates
Agents
Local Database
2
Secure Installation and Configuration
Planning the Deployment
About High Availability
Requirements for Enterprise Controller High Availability
Limitations of High Availability
Overview of Network Configuration
About Infrastructure and Operating Systems
About Storage Configuration
About a Remote Database
Typical Deployment
Installing Oracle Enterprise Manager Ops Center
About Controlling Access
About Substituting CA Certificates for the Default Certificates
Obtaining a Certificate Authority's Certificate
Viewing the Enterprise Controller's Truststore and Keystore
About CA Certificate Expiration
Verify a Certificate's Expiration Date
Replace the Certificate for the Enterprise Controller
Replace the Certificate for the Proxy Controller
Substituting Certificates for the Glassfish Web Container
Replace the Certificate for the Apache UCE Container
About Installing a Remote Proxy Controller Securely
Configuring Oracle Enterprise Manager Ops Center
About the Connection Mode
Disable Multiple Logins
About Securing the Log Files
About Database Credentials
About Securing the Local Database
About Securing a Remote Database
Using the refactorOCPrivs_12.1.x.0.sql Script
Changing the Database Credentials for the Ops Center User
Changing the Database Credentials for the Read-Only User
Disable the Domain Model Navigator
Enable the Domain Model Navigator on the Enterprise Controller
Using the Domain Model Navigator
Logging Into the Domain Model
Searching the Domain Model
Changing the Domain Model
Logging Out of the Domain Model Navigator
Secure the Agents
About Securing the Browsers
About Strong Cipher Encryption
Verifying the Encryption Type
Configuring Proxy Controllers to Use a Strong Cipher Suite
Transport Layer Security (TLS)
About TLS Versions
Changing the TLS Version for Apache UCE Container
Changing the TLS Version for Glassfish Web Container
Viewing the Enterprise Controller's Configuration
About Editing the Configuration
Access to Database Data
Viewing Core Product Data Using Oracle SQL Developer
Modifying Oracle*Net Listener
Opening Oracle*Net to External Access
Creating the Connection to the Database
Viewing Data From the Database Using Oracle SQL Developer
Viewing Core Product Data Using SQL*Plus
3
Security Features
Configuring and Using Authentication
About Identity Management for Users
About Configuring an LDAP Server
To Configure the Directory Structure
To Add a Directory Server
About PAM Authentication
Verifying PAM Authentication
Changing the PAM Authentication
Credentials for My Oracle Support
Credentials for IAAS and Cloud Deployments
About Authorization
About Credentials for Assets
Using SSH Key-Based Authentication
Creating Credentials for Access to the Serial Console or SSH Tunnel
Defining the system property for console access
Creating the account using Enterprise Manager Ops Center
Creating the account using the useradd command
About Managing Assets Using the agentadm Command
Before You Install an Agent Controller
Using User Credentials to Install and Configure an Agent Controller Manually
Using a Token to Install and Configure an Agent Controller Manually
Changing Credentials of Managed Assets
Preparing to Use sudo
Upgrading Management Credentials From a Previous Version
Updating Management Credentials
Creating Management Credentials
Editing Management Credentials
Copying Management Credentials
Deleting Management Credentials
Creating a Credential Plan
Applying the Credential Plan
About Certificates
Configuring and Using Access Control
Verifying Security of Session Cookies
Setting the Expiration Time for Sessions
Removing Code Examples
Configuring and Using Data Protection
Using an NFS Server
About Backing Up and Restoring the Enterprise Controller
Backing Up an Enterprise Controller
Restoring an Enterprise Controller
Example: Restoring an Enterprise Controller With an Embedded Database
Example: Restoring an Enterprise Controller With a Customer-Managed Database
Example: Restoring an Enterprise Controller With a Customer-Managed Database Without Restoring the Database Schema
Index
Scripting on this page enhances content navigation, but does not change the content in any way.