E End-to-End Use Case: Patching Your Data Center
This appendix demonstrates how Enterprise Manager can be used to enable administrators to roll out patches across their data center.
The appendix contains the following sections:
E.1 The Challenge of Patching Your Data Center
In any enterprise, a data center plays a critical role in keeping the IT functions alive and the business going. The data center may vary in size from one enterprise to another, but the fact that the data center is critical to the success of the business is clearly unquestionable.
The administrators in a data center carry out several data maintenance, data backup, and lifecycle management operations every day, and the challenges they face in carrying out these system management activities are sometimes immeasurable. These paint points become even more profound when the data centers span multiple geographical locations across multiple time zones.
One of the lifecycle management challenges that administrators regularly face is patching their entire ecosystem and keeping their data center secure and up to date. The requirement becomes even more complex when there are several types of patches, when it is difficult to identify the ones relevant to your data center, and when the entire patching operation is manual, error prone, and time consuming.
E.2 The Enterprise Manager Solution
The following sections provide a solution to the previously noted challenges that leverages the features of Enterprise Manager. The goal is to use a single, integrated patching workflow that not only helps you identify the patches relevant to your data center but also helps you download and roll them out in an unattended manner, and thereby ensure 100% compliance to your policies and standards.
The following is the basic flow of this use case:
E.2.1 Identify the Patches Relevant to Your Data Center
Use the patch recommendations offered by Enterprise Manager to identify the patches that are relevant to your data center. Patch recommendations are proactive notifications of potential system issues and recommendations that help you improve system performance and avert outages. The patches recommended for you are security patches and other patches based on your enterprise configuration.
E.2.2 Prepare, Test, and Certify the Patch Rollout Plan
Analyze your environment and verify if the targets in your data center can be patched. Once you are sure they can be patched, create a patch plan with the recommended patches, test the patches using the patch plan, diagnose and resolve all patch conflicts beforehand. Once the patch plan is deployable, certify the patch plan by converting it to a template.
E.2.3 Create a Change Activity Plan to Roll Out the Patches
Create a change activity plan to associate target types; create a series of tasks to carry out, including prepatching and postpatching tasks; select the patch plan template to use; prioritize the patching steps; and schedule the change activity plan for a formal rollout in your data center.
E.3 Executing the Example Scenario
The following table lists the tasks that will be performed in this example scenario, and the user roles that can perform the task.
| Task | User Role |
|---|---|
|
EM Super Administrator |
|
|
EM_PATCH_DESIGNER |
|
|
Analyze the Environment and Identify Whether Your Targets Can Be Patched |
EM_PATCH_DESIGNER |
|
EM_PATCH_DESIGNER |
|
|
Create a Patch Plan, Test the Patches, and Certify the Patches |
EM_PATCH_DESIGNER |
|
EM_CAP_ADMINISTRATOR |
|
|
EM_CAP_USER |
|
|
EM_CAP_ADMINISTRATOR |
|
|
EM_CAP_ADMINISTRATOR |
E.3.1 Create Administrators with the Required Roles
Role: EM Super Administrator
Table E-1 lists the roles based on which you can create administrators for the scenario described in this chapter.
Table E-1 Creating Administrators with the Required Roles
| Enterprise Manager Role | Privileges |
|---|---|
|
EM_PATCH_DESIGNER |
CREATE_PATCH_PLAN, VIEW_ANY_PLAN_TEMPLATE |
|
EM_CAP_ADMINISTRATOR |
CREATE_JOB, CREATE_CAP_PLAN, BASIC_CAP_ACCESS |
|
EM_CAP_USER |
BASIC_CAP_ACCESS |
For instructions to create administrators with these roles, see Creating Enterprise Manager User Accounts.
E.3.2 Set Up the Infrastructure
Role: EM_PATCH_DESIGNER
Oracle recommends that you use the online patching mode for deployment of patches. Online patching mode is the default mode for patching in Enterprise Manager, and therefore, you do not have to manually set this up the first time. However, if you have set it to offline mode for a particular reason, and if you want to reset it to online mode, or if you want to verify that the online mode is indeed set, see Setting Up the Infrastructure for Patching in Online Mode (Connected to MOS).
In online mode, Enterprise Manager connects to My Oracle Support to download patches, patch sets, ARU seed data such as products, platforms, releases, components, certification details, and patch recommendations. For this purpose, Enterprise Manager uses the Internet connectivity you have on the OMS host to connect to My Oracle Support. However, if you have a proxy server set up in your environment, then you must register the proxy details. To register the proxy server details with Enterprise Manager, see Setting Up the Infrastructure for Patching in Online Mode (Connected to MOS).
E.3.3 Analyze the Environment and Identify Whether Your Targets Can Be Patched
Role: EM_PATCH_DESIGNER
Before creating a patch plan to patch your targets, Oracle recommends that you view the patchability reports to analyze the environment and identify whether the targets you want to patch are suitable for a patching operation. These reports provide a summary of your patchable and non patchable targets, and help you create deployable patch plans. They identify the problems with the targets that cannot be patched in your setup and provide recommendations for them.
Patchability reports are available for Oracle Database, Oracle WebLogic Server, and Oracle SOA Infrastructure targets.
To view the patchability reports, see Analyze the Environment and Identify Whether Your Targets Can Be Patched.
E.3.4 Identify the Relevant Patches
Role: EM_PATCH_DESIGNER
View the Patch Recommendations region to identify the recommended and the relevant patches to be rolled out in your data center. Patches mentioned in the Patch Recommendation section are a collection of patches offered within MOS which can be applied as a group to one or more targets.
Using the Patch Recommendations region, you can drill down to a list of recommended patches, view their details, download them, or add them to a patch plan.
To view the recommended patches, see About Patch Recommendations
E.3.5 Create a Patch Plan, Test the Patches, and Certify the Patches
Role: EM_PATCH_DESIGNER
Create a patch plan with the recommended patches, test the patches using the patch plan, diagnose and resolve all patch conflicts beforehand. Once the patch plan is deployable, certify the patch plan by converting it to a template.
To create a patch plan, see Creating a Patch Plan.
To access the newly created patch plan, see Accessing the Patch Plan.
To add patches to the patch plan, to analyze and test the patches, and to save the patch plan as a patch template, follow Step (1) to Step (5) as outlined in the following URL, and then for Step (6), on the Review & Deploy page, click Save as Template. In the Create New Plan Template dialog, enter a unique name for the patch template, and click Create Template. For more information, see Patching Software Deployments.
E.3.6 Create a Change Activity Plan to Roll Out the Patches
Role: EM_CAP_ADMINISTRATOR
Create a change activity plan identify the change activities, assign owners to activities, associate target types, create a series of tasks to carry out, including prepatching and postpatching tasks, select the patch plan template to use, prioritize the patching steps, and schedule the change activity plan for a formal rollout in your data center.
To do so, see Creating a Change Activity Plan
E.3.7 Roll Out the Patches
Role: EM_CAP_USER
Review the tasks assigned to you, monitor the task due date, complete any prepatching tasks, roll out the patch plan, complete all postpatching tasks, and update the task status.
To do so, see Viewing My Tasks
E.3.8 Check and Report the Status of the Change Activities
Role: EM_CAP_ADMINISTRATOR
Track the status of the tasks that are part of the change activity plan you created, and report the overall status to you higher management.
To do so, see Managing a Change Activity Plan
E.3.9 Verify If the Targets Have Been Patched
Role: EM_CAP_ADMINISTRATOR
Verify if the targets identified for patching have indeed been patched successfully with the selected patches.
To do so, run the Oracle-supplied configuration search titled Search Patches Applied on Oracle Products from the Configuration Search Library, as described in the following URL. Search for the patch ID that you applied to the targets. The search result lists all the targets with that patch ID. Verify if the targets on your list appear in the search result. To do so, see Managing Configuration Searches.