4
Configuring the Console when Connected to a Management Server

Beginning with Release 9.0 when you launch the Enterprise Manager Console or various other Enterprise Manager applications, you are prompted to choose between launching the product standalone (i.e. not connecting to the middle tier Management Server) or logging into a Management Server. While launching the Console standalone allows a single administrator to perform direct database administration, launching the Console by connecting to a middle tier Management Server provides more comprehensive management capabilities, such as sharing of administrative data among multiple administrators, being proactively notified of potential problems, and automating repetitive administrative tasks. This chapter will describe how to configure the Enterprise Manager Console when it is connected to a middle tier Management Server.

The following topics will be discussed:

• Starting the Console with a Management Server Connection

• Discovering Nodes in Your Environment

• Creating Administrator Accounts

• Granting OEM_MONITOR Role to Database Preferred Credentials

• Enabling the Job System

• Configuring and Starting the Paging Server

• Configuring the E-mail Server

• Configuring Enterprise Manager Reporting

• Configuring the Console If Using a Dialup Line

Note: These features are not available in the standalone Console.

Choosing to Launch the Console by Logging into a Management Server

When you launch the Enterprise Manager Console, you are prompted to choose between launching the product standalone or logging into a Management Server.

Figure 4-1 Enterprise Manager Console Login

Text description of the illustration login.gif

Note: Previous to launching the Console by logging into a Management Server you must first install and configure a Management Server. For installation instructions, refer to the Installation Guide. For configuration details, refer to Chapter 3, "Configuring and Controlling the Management Server".

Choose to launch the Console by logging into a Management Server when you want access to functionality such as:

• Management of several different target types (e.g. database, web server, application server, applications, etc.)

• Sharing of administrative data among multiple administrators

• Proactive notification of potential problems

• Automation of repetitive administrative tasks

• Backup and data management tools

• Customization, scheduling, and publishing of reports

• Running the client from within a web browser

Figure 4-2 Console Connected to a Management Server

Text description of the illustration console.gif

Starting the Console with a Management Server Connection

On Windows-based platforms, you start the Console from the Windows Start Menu.

On any supported platform, you can launch the Console from the command line by using the command:

oemapp console

On UNIX platforms, the oemapp part of the command line is case-sensitive and must be entered with lowercase characters.

All of the above options prompt you with the Enterprise Manager login dialog. If you want to bypass the login dialog, you can enter the following command at the command line to automatically login to the Console by connecting to a Management Server:

oemapp console oem.loginmode=oms oem.credential=<username>/<password>@<oms>

Figure 4-3 Enterprise Manager Console Login

Text description of the illustration login.gif

When the dialog appears, choose "Login to the Management Server" and if this is the first time you have logged in to the Management Server, enter the default credentials (e.g. Enterprise Manager administrator name and password) and the Management Server machine name. The default Enterprise Manager administrator name is sysman and its password is oem_temp. The Management Server on the node you select or enter must be one which is already configured with the repository you want to access.

Note: The repository you use with a Management Server should not be confused with the standalone repository used with certain standalone, integrated applications.

If the name of the node where the Management Server is running does not appear in the pull-down list, you can either enter the machine name in the edit field or follow these instructions:

1. Click the Management Servers button, which is located to the right of the Management Server field. The Management Servers dialog appears.

2. Click the Add button. The Add Management Server dialog appears.

3. Type in the name of the node where the Management Server is running and click OK.

If you add a Management Server using the Management Server dialog it becomes the current choice when you return to the logon dialog.

Note: Oracle Enterprise Manager may resolve the node name and use the "canonical name" of the machine. That name will be used in the dialog screens from now on. For example, znripley-pc may be changed to znripley-pc.us.ovenbird.com.

After the initial login with sysman/oem_temp, a security dialog appears where you can change the default sysman password. The password you specify is not case sensitive. Other than spaces at the beginning or at the end of the password, you can specify any character in an Enterprise Manager Administrator's password.

Discovering Nodes in Your Environment

Oracle Enterprise Manager provides a Discovery Wizard for identifying network nodes and machines and populating the Console Navigator tree with these discovered nodes and targets. The discovered targets, such as databases and listeners, can then be administered with Enterprise Manager.

During start up of the Console, any manageable targets on the machine where the Management Server is running are automatically discovered if the Intelligent Agent is installed and running on that Management Server machine. The Console Navigator then displays all those discovered targets.

To discover additional nodes and targets which reside on nodes within your environment:

1. Select the Discover Nodes item from the Console's Navigator menu.

2. When the Discovery Wizard appears, read the introduction text and press Next to continue.

3. When the Specify Nodes page appears, enter the name of the node or the IP address in the text window. You can also discover targets on multiple nodes at one time by entering each node or IP address you want to discover separated by a space, comma, tab, or new line within the text window or using the Import button to import a text file of node names. Then click Next to continue.

4. A Progress page appears, showing you the status of the node discovery. A checkmark indicates that the node was discovered successfully. An X indicates that the discovery has failed. If an error occurs, the error text explaining the reason for the error appears, giving you insight on how to continue. After the discovery process has completed, press the Finish button.

5. A Discovery Results dialog appears, telling you which nodes have or have not been automatically discovered. Press the OK button to dismiss the dialog.

   If nodes have failed automatic discovery, you can press the Next button on the Progress page. On the Errors page, you will have the option to retry, skip, or perform a manual discovery on the failed nodes.

   If no Intelligent Agent is running for some nodes which failed to be discovered, you can still add the node to the navigator, and add databases to that node using manual discovery.

   During manual discovery, you will be prompted for the following information:

   • database name

   • SID

   • TCP/IP port to use for the communication

   When a node is manually added, you cannot register events or submit jobs against the node.

   Note: Manually discovered nodes must be dropped from the Navigator tree before they can be automatically discovered.

   If a node cannot be discovered, check if the node is down or if the node does not have an Intelligent Agent running. You can also check if you are using the TCP/IP network protocol. Refer to the Oracle Enterprise Manager Administrator's Guide for more information on discovering nodes.

   Note: If you discover two or more targets with the exact same name, regardless of the target type, only one of the discovered targets will appear in the navigator.

6. If regular Enterprise Manager administrators are defined, an "Access to Target" page appears, allowing a super administrator to control what appears in the Console Navigator for regular Enterprise Manager administrators. This allows the super administrator to create customized Navigators for specific users. The page provides a multi-column list. The first column shows all objects that appear in the Console Navigator. Clicking on the plus "+" sign next to the objects name expands the object. One column exists for each Enterprise Manager administrator defined by the super administrator. To allow a regular administrator to see a particular object within the Navigator, in the column belonging to that administrator, click the checkbox in the row corresponding to the Navigator entry.

7. Press the Finish button.

Creating Administrator Accounts

Enterprise Manager is a multi-administrator system: every person who is administering systems using Enterprise Manager has his or her own administrator account which he or she uses to log into the Console by connecting to a Management Server.

The installation of Enterprise Manager creates a single Super Administrator named sysman. The Super Administrator sysman can create administrators using the Manage Administrators item in the Configuration menu. In addition to an administrator name and password, each account can be tagged as a "Super Administrator" account or an account to which the administrator has access to only jobs and/or events.

Differences between the two types of accounts are as follows:

• Super Administrators automatically have full privileges for all objects in the system. To provide greater security, only Super Administrators can discover, refresh, or remove targets from the Console Navigator.

  Most Super Administrators also have a separate account for daily operations but use their Super Administrator account for special operations only available to Super Administrators, such as creating new Enterprise Manager Administrators, configuring paging or e-mail servers, defining management regions, or granting other administrators access to targets. Using the sysman account for daily administration work is not recommended. The Super Administrator account is similar to root on UNIX or Administrator on Windows NT and is a user which cannot be deleted or renamed. It is a user that can perform any task and therefore should be used only for setting up the environment.

• Regular Administrators can have access to a subset of Console operations and will only see these targets to which they have been granted access by the Super Administrator. For detailed information about customizing what administrators can see, refer to the Oracle Enterprise Manager Administrator's Guide.

Typically, all administrators share a single Enterprise Manager repository, which allows administrators to share information. The Enterprise Manager repository is one in which Management Servers share; it is not a standalone repository. Although you can set up multiple repositories, administrators using different repositories will not have access to each other's information; there is no sharing of data between repositories. Administrative data stored in the repository is filtered based on administrator permissions.

Preferred Credentials must be set up for each administrator account. When an administrator connects to managed targets through the Management Server, the preferred credentials used are those defined explicitly for that administrator.

Refer to the Oracle Enterprise Manager Administrator's Guide for information on how Enterprise Manager administrators are created, edited, and deleted with the Manage Administrators option of the Console Configuration menu.

Granting OEM_MONITOR Role to Database Preferred Credentials

Beginning with Oracle 8.0.6 databases and higher, the OEM_MONITOR role is created by the Oracle database creation scripts. This role permits access to database functionality within Enterprise Manager, such as registering events against a database or browsing through the objects in a database via the Console Navigator tree. These types of functionality require database credentials on which to perform these operations. Rather than granting the powerful DBA role to the database credentials, many administrators prefer to provide only the necessary privileges required to do these operations. Granting the OEM_MONITOR role to the database credentials, ensures that the user has the minimum sufficient privileges required for these operations.

Note: You need to create the OEM_MONITOR role using the SYS account.

Here are the steps you need to perform:

1. Create a role called OEM_MONITOR

   drop role OEM_MONITOR;
   create role OEM_MONITOR:
   
   

2. Grant the "connect" role to OEM_MONITOR

   grant connect to OEM_MONITOR;
   
   

3. Grant the system privileges "analyze any" and "create table" to OEM_MONITOR

   grant analyze any to OEM_MONITOR;
   grant create table to OEM_MONITOR;
   
   

4. Create the SELECT_CATALOG_ROLE role as defined in sc_role.sql.

5. Grant the SELECT_CATALOG_ROLE to the OEM_MONITOR role

   grant select_catalog_role to OEM_MONITOR;
   

You are now ready to grant the OEM_MONITOR role to the database user that will be used as "database preferred credentials" in Enterprise Manager. In addition to granting the OEM_MONITOR role to a user, you must also ensure that the QUOTA for the user account is set to UNLIMITED.

The "Continued Row" event test needs to analyze results into a table so it needs both the "analyze any" and "create table" privileges.

Note: The "analyze any" privilege is used by the "index rebuild" event to compute statistics.

Enabling the Job System

In order for Enterprise Manager administrators to be able to successfully submit jobs, certain configuration steps must be performed:

• An operating system user account must exist with the advanced user right, "logon as batch job" on any Intelligent Agent machine to which administrators plan to submit jobs. This only applies to Intelligent Agent machines running on Windows NT and Windows 2000 platforms. For details on creating a new operating system user or editing an existing user for this purpose, refer to the sections further below.

• Preferred credentials must be set for any node to which jobs will be submitted. The preferred credentials that are used on Windows NT and Windows 2000 must be the same as the operating system user account with the advanced user right "logon as batch job." For more details on preferred credentials, refer to the Oracle Enterprise Manager Administrator's Guide.

• the operating system user account with advanced user rights must have read/write permissions to ORACLE_HOME\NETWORK directory as well as read, write, update, and delete permissions to the TEMP directory or the ORACLE_HOME directory.

Note: If you do not set up the "logon as batch job" privilege, you will receive the "Failed to authenticate user" message when you try to run jobs on the node.

You must create a Windows NT user account for every managed Windows NT node which will have jobs submitted against it. Follow one of the three procedures listed below.

Creating a New Windows NT User Account

To create a new Windows NT user account on the Windows NT machine where the Intelligent Agent is installed and grant the "log in as batch jobs" privilege to this user, perform the procedure below.

1. Select the User Manager from the Administrative Tools via the Windows NT Start Menu. Refer to the Windows NT documentation for information on the tools.

2. Select New User from the User menu and check for the following:
   • The "User Must Change Password at the Next Logon" option box is not checked

   • "SYSTEM" or "system" cannot be used for the user name.

3. Under the Policies menu of the User Manager Windows NT utility, select the User Rights option.

4. Check the "Show Advanced User Rights" box.

5. Select "Logon as a batch job" from the list of privileges.

6. Give the selected user this privilege.

Assigning Privileges to an Existing Windows NT User Account

Alternately, to assign privileges to an existing local user account, perform the following steps.

1. Choose the user on the User Manager panel and check for the following:
   • The "User Must Change Password at the Next Logon" option box is not checked

   • "SYSTEM" or "system" is not used for the user name.

2. Under the Policies menu of the User Manager Windows NT utility, select the User Rights option.

3. Check the "Show Advanced User Rights" box.

4. Select "Logon as a batch job" from the list of privileges.

5. Add the advanced user right to this user.

6. Click the Add button.
   1. Fill in the "List Names From" field: (choose your domain)

   2. Click Show Users button.

   3. In the listbox, choose the domain user.

   4. Click Add.

   5. Click OK.

7. In the User Rights Policy window, click OK.

Configuring a Windows NT Domain User as Your Intelligent Agent User

Note: The Windows NT Domain User works only if the machine is a primary domain controller (PDC); otherwise, jobs will fail with VNI-2015 "authentication error." In all non-PDC environments the account must be local to the machine.

Alternately, to configure a domain user as your Intelligent Agent user, perform the following steps.

1. Under the Policies menu of the User Manager Windows NT utility, select the User Rights option.

2. Check the "Show Advanced User Rights" box.

3. Select "Logon as a batch job" from the list of privileges.

4. Click the Add button.
   1. Fill in the "List Names From" field: (choose your domain)

   2. Click Show Users button.

   3. In the listbox, choose the domain user.

   4. Click Add.

   5. Click OK.

5. In the User Rights Policy window, click OK.

Note: If you have both a local and a domain user with the same name, the local user takes precedence. If you have a domain user set up, you must set the domain password to be the same as the local password in order for scheduled jobs to run when they are submitted using the domain user account.

Configuring and Starting the Paging Server

To enable administrators to receive page notifications, you must explicitly install the Oracle Enterprise Manager Paging Server and then the Super Administrator must configure it from the Console. Refer to the installation guide provided with the database release for more details.

Note: The Paging Server is only available on Windows NT or Windows 2000, but the ability to configure it is available on both Unix and Windows platforms.

Only one paging server installation is required if you wish to utilize paging for notification purposes within Oracle Enterprise Manager.

The paging server supports either numeric or alphanumeric pagers and utilizes the following paging service protocols (for alphanumeric pagers only).

• TAP (Telocator Alphanumeric Protocol)

• GSM (Global System for Mobile Communications)

• FLEXTD

To use alphanumeric paging, you need a phone number to call for the modem at the paging service provider and the pin number for your alphanumeric pager. Contact your paging service provider for the phone number to call. It is the number for the modem for sending pages.

Your paging provider may also have a feature for sending e-mail to your pager. If you have that feature, you can configure an administrator's preferences for notification to use e-mail, and specify your pager as the e-mail receiver. This method will also work with many providers for sending notification to a cell phone.

Configuration of the paging server is not automatic. Follow the steps below to configure the paging server.

Configuring the Paging Server

Note: Only Super Administrators can configure the paging server; regular administrators cannot.

On the machine from which you want to run the paging server, follow these instructions:

1. Install a modem.

Note: You must have a modem installed on the Windows NT or Windows 2000 machine that you are running the paging server.

2. Specify modem settings.
   1. Go to Start > Settings > Control Panel > Modems (Windows NT).

   2. Specify how your calls are dialed by clicking Dialing Properties from the Modems Properties page and then setting the following parameters:
      • From what area code you are dialing

      • From what country you are dialing

      • How you access an outside line. If you are not required to dial a number to access an outside line, leave this field blank.

   3. Set the Maximum Speed parameter by clicking Properties from the Modems Properties page. Oracle recommends setting this parameter to 9600K Baud; however, you should find the baud rate setting optimal for your system.

   Note: A baud rate higher than 9600 may result in the loss of data with the paging service carrier. The baud rate of 9600 for your modem is only a recommendation. You must find the baud rate setting which is optimal for your system.

   3. Install the Oracle Enterprise Manager Paging Server. Refer to the installation guide provided with the database release for information.

   4. Start the Paging Server.
      1. Go to Start > Settings > Control Panel > Services.

      2. Select the Oracle<ORACLE_HOME_NAME>PagingService and click Start.

      You can also start the paging server by typing the following at a command prompt

      oemctl start paging
      

   Adding a Paging Server

   To add a paging server to the Enterprise Manager Console, perform the following operations:

   1. From the Console Configuration menu, choose Configure Paging/Email. The Configure Paging/Email property sheet appears.

   2. Click Paging Configuration in the tree list to display current paging server information.

   3. Right click on Paging Configuration to display the context-sensitive menu and choose Add Server. You can also click the Add Server icon in the detail view. The Add Paging Server dialog appears.

   4. Enter the name of the machine on which the paging server runs. For example, smpqa-pc.

   5. Click OK.

   If the Console is unable to find the paging server with the given hostname, an error appears, saying "VD-4362: Could not add paging server, as paging server <hostname> could not be reached."

   If the paging server is found, a new paging server object is added under the "Paging Configuration" object in the tree list. The new paging server will have no paging carrier. You must add at least one paging carrier in order for paging to function.

   Adding Paging Carrier

   1. From the Console Configuration menu, choose Configure Paging/Email. The Configure Paging/Email property sheet appears.

   2. Expand the Paging Configuration object in the tree list. Right-click on one of the paging servers you added previously and choose Add Server from the context-sensitive menu. You can also click the Add Carrier icon in the detail view to the right. The Add Paging Carrier dialog appears.

   3. Enter the requisite information in the text entry fields. Once the paging carrier is defined, you can view the paging carriers by expanding the appropriate paging server and carrier objects in the Configure Paging/Email tree list. See Figure 4-4, "Add Paging Carrier Dialog"

   4. Click OK.

   Figure 4-4 Add Paging Carrier Dialog

   
   
   Text description of the illustration addcarri.gif
   • Name

     Paging carrier name. Field accepts alphanumeric characters and underscores.

   • Type

     Type of paging carrier. Enterprise Manager supports alphanumeric or numeric.

   • Protocol

     TAP, FLEXTD, or GSM. Protocol selection is only available if the carrier type is Alphanumeric.

   • Connection Properties
     • Country Code: The country code used to dial the pager if the call is international.

     • Area Code: Area code used by the country in which the pager is located.

     • Number: Local dialing number of the pager.

     • Suffix: Permits identification of voice messages from a paging carrier and allows the person being paged to choose from several options when using a touch tone phone. For example, commas can be used as pauses. The Suffix field accepts the following characters: integers, commas, pound sign, and the star (asterisk). This option is only available if the paging carrier type is set to Numeric.

   • Dialing Properties
     • Timeout (in seconds): Maximum dialing time allowed for a successful page.

     • Delay (in seconds): Time delay before dialing. This option is only available if the paging carrier type is set to Numeric.

   Specifying Paging Notification Preferences

   After completing paging server configuration, notification and schedule preferences should be specified for all administrators and the configuration should be tested to ensure that it is properly configured. Refer to the Oracle Enterprise Manager Administrator's Guide for details.

   Configuring the E-mail Server

   To enable administrators to receive e-mail notifications, super administrators must first configure the e-mail server from the Console:

   1. From the Console Configuration menu, choose Configure Paging/Email. The Configure Paging/Email dialog appears. By default, the Email Configuration is already selected.

   2. Enter the node on which the SMTP mail gateway resides in the SMTP Mail Gateway entry field. For example, mailserver.company.com.

   3. Enter the name you want to use to identify the sender of the e-mail in the Sender's SMTP Mail Address entry field.

   After completing the SMTP mail configuration, notification and schedule preferences should be specified for all administrators who want to receive e-mail notifications. Refer to the Oracle Enterprise Manager Administrator's Guide for details.

   Configuring Enterprise Manager Reporting

   The Enterprise Manager reporting system provides flexible reporting functionality to administrators, permitting quick and easy access to information about the status of all monitored systems in their enterprise. Administrators can create, schedule, and publish a wide variety of enterprise system reports. When published to a web site, these reports can be accessed by a wider audience, enabling anyone from administrators to managers to executives to quickly access information regarding their monitored enterprise.

   In order to access published reports, ensure that the Enterprise Manager Web Site component has been installed. By default, it is installed with the Management Server under the Oracle_Home/oem_webstage directory. In addition, the Enterprise Manager Web Site automatically installs a preconfigured Oracle HTTP server to act as the reporting web server. This is the same HTTP server that is used by default for the browser-based Enterprise Manager.

   Starting and Stopping the Oracle HTTP Server

   If you have installed the Oracle HTTP Server that is packaged with Enterprise Manager by default, start it by performing the following steps:

   On Windows NT:

   To start the Oracle HTTP Server:

   1. From the Start menu->Settings->Control Panel, double-click the Services icon.

   2. Select the OracleHTTPServer_<Oracle_Home_Name> service.

   3. Click the Start push-button to start the Oracle HTTP Server.

   On UNIX:

   You can start the Oracle HTTP Server from the command line using the command:

   $Oracle_Home/Apache/Apache/bin/apachectl start
   
   

   To stop the Oracle HTTP Server, perform the following steps:

   On Windows NT:

   To stop the Oracle HTTP Server on Windows NT, perform the following steps:

   1. From the Start menu->Settings->Control Panel, double-click the Services icon.

   2. Select the OracleHTTPServer_<Oracle_Home_Name> service.

   3. Click the Stop push-button to stop the Oracle HTTP Server.

   On UNIX:

   You can stop the Oracle HTTP Server from the command line using the command:

   $Oracle_Home/Apache/Apache/bin/apachectl stop
   

   After installing the Enterprise Manager Web Site and starting the Oracle HTTP server, you must perform the following configuration steps in order to access the published reports.

   Change the REPORTS_USER Administrator Password

   You must change the default password (oem_temp) for the REPORTS_USER administrator.

   To change the password:

   1. From the Enterprise Manager Console, choose Manage Administrators from the Configuration menu. The Manage Administrators Accounts dialog appears.

   2. Select REPORTS_USER from the list.

   3. Click Edit. The Edit Administrator Preferences property sheet appears.

   4. Enter a new password in the Password field and retype the new password in the Confirm Password area.

   5. Click OK to set the password.

   Run the oemctl configure rws Script

   The oemctl configure rws script is a command-line utility that must be run on the machine where the Management Server and reporting web server are installed. Prior to executing the script, ensure that the Management server on the reporting web server machine is running.

   To run the configuration utility:

   1. Go to the machine running both the Management Server and reporting web server.

   2. At the command prompt, type oemctl configure rws

   3. Follow the instructions provided by the utility. You are prompted for the following information:
      • Reporting Web server host name: Enter the full node name.

      • Port Number: The default is 3339. Press Return to accept the default value.

      • Oracle Management Server host name: Enter the name of the machine running the Management Server. This defaults to the name entered for the web server.

      • Password for the REPORTS_USER: Enter the REPORTS_USER password.

        You must change the oem_temp password; otherwise the oemctl configure rws script will generate an error message when you run it if the REPORTS_USER password is left as the default.

   4. The configuration utility confirms if you want to proceed with the configuration.

   Note: Choosing "View Published Reports" from any Console menu before running oemctl configure rws will generate an error message indicating that you need to first configure the Reporting web site.

   Configuring the Console If Using a Dialup Line

   You must have the correct TCP/IP configuration; incorrect TCP/IP configurations result in timeouts and lost connections.

   Note: Dynamic IP addresses attributed by DHCP are not supported on nodes running the Management Server or an Intelligent Agent. DHCP is supported only on Enterprise Manager clients.

   When the Console connects over a dialup line, the Console machine obtains a dynamic IP address. This dynamic IP address needs to be sent by the operating system (Windows 2000, Windows NT, Windows 98) to the Enterprise Manager application.

   In order for the operating system to return the correct IP address, the network communication protocol (TCP-IP) needs to be configured to obtain the IP address using the Dynamic Host Configuration Protocol (DHCP). This setting is specified as follows:

   1. Go to Start menu-> Settings

   2. Select Control Panel -> Network

   3. Select Protocols

   4. Double-click TCP-IP Protocol.

   IMPORTANT:

   You must make note of your previous settings in order to return to those settings when you connect the same machine to the network via ethernet. Copy the Settings specified in IP Address, Subnet Mask and Default Gateway to a file.

   5. On the IP Address page, select "Obtain an IP address from a DHCP Server."

   6. Click the OK button.

   7. Connect to the network via your dial-up line. You will now be successfully able to launch the Console.

   Note: If you are not running from a web browser, you may need to restart your system after making the changes.