This chapter lists the prerequisites that must be met before you can discover and manage an Oracle Public Cloud Machine target in Enterprise Manager. It covers the following sections:
By default, the Virtual Infrastructure (VI) plug-in is included with your installation of Enterprise Manager. To verify that this plug-in is installed:
From the Setup menu, select Extensibility and then Plug-ins.
Expand the Servers, Storage and Network folder.
Verify that the minimum Oracle Virtual Infrastructure plug-in version 13.2.1.0.0 appears in the list.
If the plug-in is not installed, then you must download and install it. See Deploying the Enterprise Manager for Virtual Infrastructure Plug-in for details Deploying the Enterprise Manager for Virtual Infrastructure Plug-in.
Much of the functionality available in Enterprise Manager Cloud Control is made available through plug-ins. As its name implies, a plug-in is a component or module that can be plugged into an existing Enterprise Manager installation to extend its management and monitoring capabilities.
You can deploy the Enterprise Manager for Virtual Infrastructure plug-in by using one of the following methods:
If you have not yet installed Enterprise Manager, or have not yet upgraded to the latest Enterprise Manager release, you can deploy the plug-ins as part of the installation or upgrade process. You will select the Advanced Install mode and in the Select Plug-ins screen, select the plug-ins that you wish to install.
If you already have Enterprise Manager Cloud Control 13c installed, you must download the needed plug-ins to the Software Library. You can then deploy the plug-ins to your Oracle Management Service (OMS).
See the Enterprise Manager Cloud Control Administrator's Guide for instructions on downloading and deploying the plug-ins.
The following types of users are available:
Cloud Administrator: A cloud administrator can create other cloud administrators. The cloud administrators are created in the /cloud tenant namespace. The cloud administrator is responsible for maintaining the entire rack and has access to all tenants.
Tenant Administrator: A default tenant administrator for a tenant is automatically created when a tenant is created. Cloud administrators can create other tenant administrators for a tenant depending on the requirements to manage the tenant users and the resources. Tenant Administrators have access to only those in which they are created.
Tenant User: Cloud Administrators or Tenant Administrators can create Tenant Users. Tenant users have privileged access only to a particular tenant.
The primary task of a cloud administrator is to setup the infrastructure for Oracle Compute Cloud Service and manage the overall cloud infrastructure. The infrastructure for self service consists of setting up the following:
Setting Up Tenants: Tenants are entities that are allocated with quotas of the system resources. Tenant users are authorized to use the compute, storage, and memory resources of the tenant. You can create tenants with default or custom quota. Tenants created with default quota can use the resources without any limit. Or you can define CPU, memory, and storage resources for the tenant in the custom quota option. You can opt to oversubscribe the tenant CPU by defining the fraction in which the CPU resource must be oversubscribed.
Setting Up Networks: When you create tenants, two security domains, namely Public and Private Security Domain are created. The public security domain is for deployment of networks for communication between the Compute nodes and entities external to the Oracle Public Cloud Machine. The private security domain is for deployment of networks for communication within the tenant. As a cloud administrator, you must set up public networks and service networks for use by the instances.
Setting Up Users: By default, a tenant administrator is created when a tenant is created. Cloud administrator can grant tenant administrator role to some of the tenant users. Tenant Administrators can create Tenant Users, manage the users, instances, and private networks for instances.
Setting Up Tenant Resources: Manage the tenant resources and decide upon vCPU oversubscription. Manage the tenant quota as the requirement for the resources increases and decreases.
Monitoring Hardware Components: Monitor the hardware components such as compute node status, temperature, and hardware resources to ensure that they are maintained for cloud resources.
Monitoring Cloud Resources: Monitor the cloud infrastructure resources for any incidents and ensure that the tenants have enough resources to host the instances.
A default tenant administrator is created automatically when a tenant is created. The cloud administrator can create more tenant administrators as required to manage the tenant. The tasks of a tenant administrator include:
Creating tenant users
Creating IPoIB tenant networks
Uploading templates
Managing storage volumes
The tenant administrator has all the permissions as that of a tenant user to create and manage orchestrations, and instances. For detailed information on the tenant administrator operations, refer to the Oracle Public Cloud Machine Using Oracle Compute Cloud Service on OPCM.
The tenant user has privileged access to the tenancy to which the user belongs and can perform the following tasks:
Provision resources
Request orchestrations
For detailed information on the tenant user operations, refer to the Using Oracle Compute Cloud Service on Oracle Public Cloud Machine Guide.
You must create Tenant Administrator and Tenant User roles and map them to an OPCM target. To create an Enterprise Manager user role, follow these steps:
Log into Enterprise Manager as SYSMAN (or any user with the EM_CLOUD_ADMINISTRATOR role)
From the Setup menu, select Security, and then select Roles.
Click Create on the Roles page.
In the Create Role: Properties page, enter the name and description for the Tenant Administrator or Tenant User role and click Next.
Select the EM_SSA_USER role from the available roles list and move to the selected roles list.
At this point, you can choose to directly navigate to the last page, complete the role creation process and use the Role Mappings page (see Mapping Enterprise Manager User Roles to Oracle Compute User Roles for details) to assign the Oracle Compute Site Target Privileges.
Alternatively, you can click Next and continue with the rest of the steps in the wizard to assign the Oracle Compute Site Target Privileges manually.
In the Target Privileges step, click Add at the bottom left corner.
In the Search and Add Targets window, select the Target Type as Oracle Compute Site.
The Oracle Compute Sites that have been registered in Enterprise Manager are listed.
Select the Oracle Compute site to which you want to map the user role and click Select.
Select Advanced Privilege Settings option in the bottom of the Target Privileges page.
For each Oracle Compute site target selected, edit the Aggregate Privileges.
Select the following actions:
Table 9-1 Users and Roles
| Tenant Administrator | Tenant User |
|---|---|
| User Management | N/A |
| Image Management | Image Management |
| Instance Management | Instance Management |
For the EM_SSA_USER role, select Manage Target Privilege Grants and unselect the View option.
Click Next in the following steps of the wizard and click Finish to create the Enterprise Manager role.
You can associate an Enterprise Manager role with an Oracle Compute role. To define a role mapping, follow these steps:
Log in as SYSMAN (or any user with the EM_CLOUD_ADMINISTRATOR role).
From the Enterprise menu, select Cloud, then select Cloud Home.
From the Oracle Cloud menu, select Getting Started, then click on the Setup link next to the Infrastructure - Oracle Compute service family in the left panel.
Click Role Mappings. In the Role Mappings page, from the drop down list, select the Oracle Compute Site in which the role mappings are to be defined.
Click Create. In the Create Role Mapping window, select the Enterprise Manager role and the Oracle Compute role with which it should be associated and click Add to create the role mapping.
Note:
You must match your Tenant administrator EM role with the Tenant Administrator Compute role, and your Tenant User EM role with your Tenant User Compute role.