This appendix demonstrates how Enterprise Manager can be used to enable administrators to roll out patches across their data center.
The chapter contains the following sections:
In any enterprise, a data center plays a critical role in keeping the IT functions alive and the business going. The data center may vary in size from one enterprise to another, but the fact that the data center is critical to the success of the business is clearly unquestionable.
The administrators in a data center carry out several data maintenance, data backup, and lifecycle management operations every day, and the challenges they face in carrying out these system management activities are sometimes immeasurable. These paint points become even more profound when the data centers span multiple geographical locations across multiple time zones.
One of the lifecycle management challenges that administrators regularly face is patching their entire ecosystem and keeping their data center secure and up to date. The requirement becomes even more complex when there are several types of patches, when it is difficult to identify the ones relevant to your data center, and when the entire patching operation is manual, error prone, and time consuming.
The following sections provide a solution to the previously noted challenges that leverages the features of Enterprise Manager. The goal is to use a single, integrated patching workflow that not only helps you identify the patches relevant to your data center but also helps you download and roll them out in an unattended manner, and thereby ensure 100% compliance to your policies and standards.
The following is the basic flow of this use case:
Use the patch recommendations offered by Enterprise Manager to identify the patches that are relevant to your data center. Patch recommendations are proactive notifications of potential system issues and recommendations that help you improve system performance and avert outages. The patches recommended for you are security patches and other patches based on your enterprise configuration.
Analyze your environment and verify if the targets in your data center can be patched. Once you are sure they can be patched, create a patch plan with the recommended patches, test the patches using the patch plan, diagnose and resolve all patch conflicts beforehand. Once the patch plan is deployable, certify the patch plan by converting it to a template.
Create a change activity plan to associate target types; create a series of tasks to carry out, including prepatching and postpatching tasks; select the patch plan template to use; prioritize the patching steps; and schedule the change activity plan for a formal rollout in your data center.
The following table lists the tasks that will be performed in this example scenario, and the user roles that can perform the task.
Task | User Role |
---|---|
Create Administrators with the Required Roles | EM Super Administrator |
Set Up the Infrastructure | EM_PATCH_DESIGNER |
Analyze the Environment and Identify Whether Your Targets Can Be Patched | EM_PATCH_DESIGNER |
Identify the Relevant Patches | EM_PATCH_DESIGNER |
Create a Patch Plan, Test the Patches, and Certify the Patches | EM_PATCH_DESIGNER |
Create a Change Activity Plan to Roll Out the Patches | EM_CAP_ADMINISTRATOR |
Roll Out the Patches | EM_CAP_USER |
Check and Report the Status of the Change Activities | EM_CAP_ADMINISTRATOR |
Verify If the Targets Have Been Patched | EM_CAP_ADMINISTRATOR |
Role: EM Super Administrator
Table E-1 lists the roles based on which you can create administrators for the scenario described in this chapter.
Table E-1 Creating Administrators with the Required Roles
Enterprise Manager Role | Privileges |
---|---|
EM_PATCH_DESIGNER |
CREATE_PATCH_PLAN, VIEW_ANY_PLAN_TEMPLATE |
EM_CAP_ADMINISTRATOR |
CREATE_JOB, CREATE_CAP_PLAN, BASIC_CAP_ACCESS |
EM_CAP_USER |
BASIC_CAP_ACCESS |
For instructions to create administrators with these roles, see the instructions outlined in the following URL:
http://docs.oracle.com/cd/E24628_01/em.121/e27046/infrastructure_setup.htm#BABGJAAC
Role: EM_PATCH_DESIGNER
Oracle recommends that you use the online patching mode for deployment of patches. Online patching mode is the default mode for patching in Enterprise Manager, and therefore, you do not have to manually set this up the first time. However, if you have set it to offline mode for a particular reason, and if you want to reset it to online mode, or if you want to verify that the online mode is indeed set, then follow the steps outlined in the following URL:
http://docs.oracle.com/cd/E24628_01/em.121/e27046/pat_mosem_new.htm#BABIGJHG
In online mode, Enterprise Manager connects to My Oracle Support to download patches, patch sets, ARU seed data such as products, platforms, releases, components, certification details, and patch recommendations. For this purpose, Enterprise Manager uses the Internet connectivity you have on the OMS host to connect to My Oracle Support. However, if you have a proxy server set up in your environment, then you must register the proxy details. To register the proxy server details with Enterprise Manager, see the instructions outlined in the following URL:
http://docs.oracle.com/cd/E24628_01/em.121/e27046/pat_mosem_new.htm#BGGIGCJD
Role: EM_PATCH_DESIGNER
Before creating a patch plan to patch your targets, Oracle recommends that you view the patchability reports to analyze the environment and identify whether the targets you want to patch are suitable for a patching operation. These reports provide a summary of your patchable and non patchable targets, and help you create deployable patch plans. They identify the problems with the targets that cannot be patched in your setup and provide recommendations for them.
Patchability reports are available for Oracle Database, Oracle WebLogic Server, and Oracle SOA Infrastructure targets.
To view the patchability reports, see the instructions outlined in the following URL:
http://docs.oracle.com/cd/E24628_01/em.121/e27046/pat_mosem_new.htm#BGGDJDEC
Role: EM_PATCH_DESIGNER
View the Patch Recommendations region to identify the recommended and the relevant patches to be rolled out in your data center. Patches mentioned in the Patch Recommendation section are a collection of patches offered within MOS which can be applied as a group to one or more targets.
Using the Patch Recommendations region, you can drill down to a list of recommended patches, view their details, download them, or add them to a patch plan.
To view the recommended patches, see the instructions outlined in the following URL:
http://docs.oracle.com/cd/E24628_01/em.121/e27046/pat_mosem_new.htm#CHDCGJAJ
Role: EM_PATCH_DESIGNER
Create a patch plan with the recommended patches, test the patches using the patch plan, diagnose and resolve all patch conflicts beforehand. Once the patch plan is deployable, certify the patch plan by converting it to a template.
To create a patch plan, see the instructions outlined in the following URL:
http://docs.oracle.com/cd/E24628_01/em.121/e27046/pat_mosem_new.htm#CHDHBDCE
To access the newly created patch plan, see the instructions outlined in the following URL:
http://docs.oracle.com/cd/E24628_01/em.121/e27046/pat_mosem_new.htm#CHDIGHCF
To add patches to the patch plan, to analyze and test the patches, and to save the patch plan as a patch template, follow Step (1) to Step (5) as outlined in the following URL, and then for Step (6), on the Review & Deploy page, click Save as Template. In the Create New Plan Template dialog, enter a unique name for the patch template, and click Create Template.
http://docs.oracle.com/cd/E24628_01/em.121/e27046/pat_mosem_new.htm#CHDHBEBD
Role: EM_CAP_ADMINISTRATOR
Create a change activity plan identify the change activities, assign owners to activities, associate target types, create a series of tasks to carry out, including prepatching and postpatching tasks, select the patch plan template to use, prioritize the patching steps, and schedule the change activity plan for a formal rollout in your data center.
To do so, see the instructions outlined in the following URL:
http://docs.oracle.com/cd/E24628_01/em.121/e27046/cap.htm#BEHGEIFD
Role: EM_CAP_USER
Review the tasks assigned to you, monitor the task due date, complete any prepatching tasks, roll out the patch plan, complete all postpatching tasks, and update the task status.
To do so, see the instructions outlined in the following URL:
http://docs.oracle.com/cd/E24628_01/em.121/e27046/cap.htm#BEHGFCFF
Role: EM_CAP_ADMINISTRATOR
Track the status of the tasks that are part of the change activity plan you created, and report the overall status to you higher management.
To do so, see the instructions outlined in the following URL:
http://docs.oracle.com/cd/E24628_01/em.121/e27046/cap.htm#BEHICBJG
Role: EM_CAP_ADMINISTRATOR
Verify if the targets identified for patching have indeed been patched successfully with the selected patches.
To do so, run the Oracle-supplied configuration search titled Search Patches Applied on Oracle Products from the Configuration Search Library, as described in the following URL. Search for the patch ID that you applied to the targets. The search result lists all the targets with that patch ID. Verify if the targets on your list appear in the search result.
http://docs.oracle.com/cd/E24628_01/em.121/e27046/config_mgmt.htm#CHDEGHFG