3 Installing and Preparing Oracle Site Guard

In this section, you learn how to install Oracle Site Guard and prepare it for operation in your Enterprise Manager Cloud Control environment.
This chapter includes the following sections:

3.1 Installing Oracle Site Guard

Learn how to install and manage Oracle Site Guard with Enterprise Manager Command-Line Interface (EMCLI) or Oracle Enterprise Manager Cloud Control.

Oracle Site Guard is included with Enterprise Manager Cloud Control 13cR3 Fusion Middleware Plugin 13.3.1.0.0.

You can manage an Oracle Site Guard configuration EMCLI, or with Oracle Enterprise Manager Cloud Control.

To install Oracle Site Guard:

  • Install Enterprise Manager Cloud Control 13c R3 Fusion Middleware Plugin 13.3.1.0.0 for your Oracle Fusion Middleware enterprise deployment. For information about installing Enterprise Manager Cloud Control 13cR3 Fusion Middleware Plugin 13.3.1.0.0, see Oracle Enterprise Manager Cloud Control Basic Installation Guide.

    Note:

    Ensure that you install Oracle Management Agent (Enterprise Manager Agent) on each of the hosts managed by Enterprise Manager, as described in Installing Oracle Management Agent in Oracle Enterprise Manager Cloud Control Basic Installation Guide.

  • Install EMCLI, as described in Oracle Enterprise Manager Command Line Interface Guide .

    Note:

    Oracle recommends that you install EM CLI in the same Oracle home where Oracle Management Service is installed. For example, OMS_HOME/bin/emcli.

3.2 Preparing Oracle Site Guard for Operation

Prepare Oracle Site Guard for operation.

After you have installed Oracle Site Guard, complete the following required tasks to prepare Oracle Site Guard for operation:

3.2.1 Discovering Targets on the Primary and the Standby Sites

To get started with Oracle Site Guard, you first discover all the targets at your primary and standby sites that Oracle Site Guard will protect.

To discover targets at the primary and standby site, complete the steps described in Discovering and Monitoring Targets in the Oracle Enterprise Manager Cloud Control Administrator's Guide.

Discover the following target types in Oracle Enterprise Manager:

  • Oracle Fusion Applications

  • Oracle Fusion Middleware farm/ WebLogic Domain

  • Oracle Fusion Middleware managed system components, such as Oracle HTTP Server and Oracle Internet Directory (part of the Oracle Fusion Middleware farm)

  • Real Application Cluster (RAC) databases

  • Single-instance database

A site should be up and running for its targets to be discovered. This means that the site would function as the production site. For a two-site deployment, the targets in the primary site should be discovered first, followed by the targets in the standby site. After you discover the targets in the primary site, you must manually perform a switchover operation, so that the standby site takes over the production role, as described in Performing a Switchover. Then you must discover the targets in the standby site, as you did for the primary site.

Note:

After discovering the targets for the standby site, you can use Oracle Site Guard to switch back operations to the primary site, so that the primary site takes over the production role, as described in Performing a Switchover in Oracle® Fusion Middleware Disaster Recovery Guide. You only need to switchover and switchback manually during the configuration process.

3.2.2 Creating Oracle Site Guard Administrator Users

Oracle recommends that you create Oracle Site Guard own users and administrators to manage disaster recovery operations.

Users who are not Enterprise Manager super users and who do not have EM_SG_ADMINISTRATOR role assigned, cannot access the Oracle Site Guard functionality.

Note the following privilege restrictions for Oracle Site Guard administrators and how it affects Enterprise Manager super users:

  • Oracle Site Guard administrators can only view, modify and execute operation plans owned by them. An administrator cannot view, modify, or execute operation plans owned by another Oracle Site Guard administrator or super user.

  • A super user can view, modify and execute operation plans owned by anyone, including all Oracle Site Guard administrators and other super users.

If these restrictions do not work in your deployment, skip the steps for creating Oracle Site Guard Administrator users and use the built-in super user roles to access Oracle Site Guard functionality.

To create one or more Oracle Site Guard Administrator users, use one of the following methods:

3.2.2.1 Creating an Oracle Site Guard Administrator User with Enterprise Manager Cloud Control Console

Learn how to create an Oracle Site Guard administrator with Enterprise Manager Cloud Control.

To create an Oracle Site Guard administrator user with Enterprise Manager Cloud Control, perform the following steps:

  1. Login to Enterprise Manager as a super user.

  2. From the Setup menu, select Security, then select Administrators.

  3. On the Administrators page, click Create.

  4. In the Create Administrator wizard, do the following:

    1. On the Properties page:

      1. Specify the name SG_ADMIN.

      2. Provide a password.

      3. Provide a password confirmation.

    2. Make changes to any other fields as appropriate, and then click Next.

    3. On the Roles page, select the EM_SG_ADMINISTRATOR role in the Available Roles pane on the left, and click Move to add the role to the Selected Roles pane on the right.

    4. If you discovered targets at the Primary and Standby sites as another user, assign target level privileges to the Oracle Site Guard Administrator user on the Target Privileges page.

      1. Assign Full any Target or View any Target privileges in the section Privileges applicable to all Targets.

      2. Alternately, assign view or full privileges for every target in the Primary and Standby sites by setting Target Privileges.

    5. On the Review page, review the information you have provided for the user account, and click Finish.

3.2.2.2 Creating an Oracle Site Guard Administrator User with Enterprise Manager Command-Line Interface

Learn how to create an Oracle Site Guard administrator with Enterprise Manager Command-Line Interface (EMCLI).

To create an Oracle Site Guard administrator, run the following EMCLI command (located at OMS_HOME/bin/emcli):

emcli create_user
       -name="SG_ADMIN"
       -password=password
       -roles="EM_SG_ADMINISTRATOR;EM_USER;PUBLIC"
Parameter Description

-name

Enter a name for the Oracle Site Guard Administrator user.

-password

Enter a password for the Oracle Site Guard Administrator user.

-roles

The list of roles assigned to this user.

Enter EM_SG_ADMINSTRATOR;EM_USER;PUBLIC.

For more information about the create_user command, see create_user.

3.2.3 Creating Primary and Standby Sites

Learn how to create a generic system and how to use it as a primary or secondary site.

A disaster recovery site managed by Oracle Site Guard is modeled as a Generic System target type in Oracle Enterprise Manager. You can create a generic system and then use it as a primary and standby site. Each generic system that you use, must include all targets and Oracle Fusion Middleware farms and Databases pertaining to the site that it represents.

To create a generic system, use one of the following methods:

3.2.3.1 Creating a Generic System with Enterprise Manager Cloud Control Console

Create a generic site with Enterprise Manager Cloud Control Console. You can use a generic site as a primary or secondary site.

To create a generic system with Enterprise Manager Cloud Control Console, perform the following steps:

  1. Login to Enterprise Manager as a super user.
  2. From the Targets menu, click Systems.
  3. Click Add and from the drop-down menu, select Generic System.
  4. In the General section, enter the name for your primary system or site.
  5. Select the time zone from the drop-down menu.
  6. In the Member section, click Add.
  7. Choose the targets that will be part of your primary system, and click Select. Following are examples of targets that are usually added:
    • Oracle Fusion Middleware Farm which includes:

      • Administration Server

      • Managed Servers

      • System components (for example, Oracle HTTP Server)

    • If you are using Oracle RAC Database then you must associate it with a Cluster Database target. For a single database instance, you must associate it with a Database Instance target.

    Note:

    Ensure that the following target types are not added to the generic system:

    • Database System

    • Individual RAC Database instances

  8. Click Next.

    The Define Associations page is displayed.

  9. Click Next.

    The Availability Criteria page is displayed.

  10. From Availability Criteria, select the Any Of The Key Members option, and double-click a target in the Members pane. The selected member is removed from the Members pane and added in the Key Members pane.
  11. Click Next.

    The Charts page is displayed.

  12. Click Next.

    The Review page is displayed.

  13. Review your settings, and click Finish.

3.2.3.2 Creating a Generic System with Enterprise Manager Command-Line Interface

Create a generic site with Enterprise Manager Command-Line Interface (EMCLI) and use it as a primary or secondary site.

To create a generic system, run the following EMCLI command (located at OMS_HOME/bin/emcli):

Note:

For information about setting up a new EMCLI client, see the Enterprise Manager Command-Line Interface Download page within the Cloud Control console. To access the page, in Cloud Control, from the Setup menu, click Command Line Interface.

emcli create_system
      -name="name"
      -type=generic_system
      -add_members="name1:type1;name2:type2;..."]...
      -timezone_region="actual_timezone_region"

Note:

To get status and alert information for targets, you can run emcli get_targets command. For more information on Enterprise Manager command line, see Verb Reference in the Oracle Enterprise Manager Command Line Interface Guide.

Parameter Description

-name

Enter a name for the system.

-type

Enter generic_system as the type.

-add_members

Add existing targets to the system. Each target is specified as a name-value pair target_name:target_type. You can specify this option more than once.

-timezone_region

Specify the time zone region. The time zone you specify here is used for scheduling operations such as jobs and blackouts, on the system.

See also create_system.

3.2.4 Creating Credentials

Credentials are required to access the targets (hosts, servers, and databases) associated with Oracle Site Guard.

You can create and delegate named credentials or preferred credentials for the following targets associated with Oracle Site Guard:

  • Host (for normal or non-root user)

  • Host (for user with root privileges)

  • Oracle Node Manager (use Oracle Weblogic Domain as the Target Type and Node Manager as the Credential Type)

  • Oracle Weblogic Server

  • Oracle Database (SYSDBA)

This section contains the following topics:

Note:

You must associate the credentials that you create with the Oracle Site Guard configuration. Oracle Site Guard supports specifying the same credentials for all targets of the same target type. For example, all databases in a system can have the same sysdba credentials. Oracle Site Guard also allows the targets of same type to have different credentials.

You need not create credentials for the targets running at the standby site if the credentials are the same across all targets on the primary and standby sites.

3.2.4.1 Creating Named Credentials

Learn how to create a named credential with with Enterprise Manager Cloud Control Console or EMCLI commands.

You can create named credentials using Enterprise Manager Cloud Control Console or EMCLI commands as explained in the following tasks.

To create named credentials with Enterprise Manager Cloud Control Console, perform the following steps:

  1. Login to Enterprise Manager, preferably as an EM_CLOUD_ADMINISTRATOR user.

  2. From the Setup menu, select Security, then select Named Credentials.

    The Named Credentials page is displayed.

  3. Click Create.

    The Create Credential page is displayed.

  4. In the General Properties section, specify the following:

    • Credential name: Enter a name for the credential.

    • Credential description: Enter the credential description.

    • Authenticating Target Type/ Credential type/ Scope: Enter the details as specified in the following table:

      Element Host Host (root-User Privileges) Oracle Node Manager Oracle WebLogic Server Database Instance

      Authenticating Target Type

      Host

      Host

      Oracle Weblogic Domain

      Oracle WebLogic Server

      Database Instance

      Credential type

      Host Credentials

      Host Credentials

      Node Manager Credentials

      Oracle WebLogic Credentials

      Database Credentials

      Scope

      Global

      Global

      Global

      Global

      Global

    • If these credentials are valid for all targets of the selected Authenticating Target Type, then set Scope to Global.

      If these credentials are only valid for a specific target, then set Scope to Target, and set the Target Type and Name fields to match the specific target.

  5. In the Credential Properties section, specify the following:

    • UserName: Enter the user name.

    • Password: Enter the password.

    • Confirm Password: Enter the password again.

    • Run Privilege: Enter the details as specified in the following table:

      Element Host Host (Users with root privileges) Oracle WebLogic Server Database Instance

      Run Privilege

      None

      Select Sudo and enter values in the Run As fields

      Oracle WebLogic Server Administration user credentials

      Oracle Database SYS user credential

      Note:

      When the credentials used by Oracle Site Guard are configured to use sudo privileges to run as root, the sudo privilege must be configured as PDP (Privilege Delegation Provider) on all the agents running on the respective hosts of the target.

      PDP (Privilege Delegation Provider) can be configured from Enterprise Manager Cloud Control console. To configure PDP, go to Setup -> Security -> Privilege Delegation in the Enterprise Manager Cloud Control console.

  6. If you are creating this credential as a user other than the Oracle Site Guard Administrator, you must grant view credential access to the Oracle Site Guard Administrator who will use the credential. To provide access, use the procedure in Granting Credential Privileges to Oracle Site Guard Administrator Users.

    To provide access, complete the following steps in the Access Control section.

    1. Click Add Grant. The Add Grant pop-up window appears.

    2. Select the rows for all the Oracle Site Guard Administrator users you created while creating Oracle Site Guard Administrator users. See Creating Oracle Site Guard Administrator Users.

    3. Click Select.

    4. Verify that the users you selected appear in the list of Grantees in the Access Control table.

  7. Click Test and Save. To test credentials, select the appropriate Test Target Type from the drop-down menu for which you want to test the credentials, and specify Test Target Name.

To create named credentials with EMCLI:

emcli create_named_credential
         -cred_name="cred_name"
         -auth_target_type="auth_target_type"
         -cred_type="cred_type"
         -attributes="p1:v1;p2:v2"
Parameter Description

cred_name

Set the name for this credential set.

auth_target_type

Set the authenticating target type.

cred_type

Set the credential type for the target/credential set.

attributes

Enter the following credential column values:

colname:colvalue;colname:colvalue

To change the value of the separator, use -separator=attributes=newvalue. To change the value of the sub-separator, use -subseparator=attributes=newvalue.

3.2.4.2 Creating Preferred Credentials

Learn how to create preferred credentials using Enterprise Manager Cloud Control Console or EMCLI commands.

You can create preferred credentials using Enterprise Manager Cloud Control Console and set them as target of a preferred credential with EMCLI Commands, as explained in the following tasks.

To create preferred credentials with the Enterprise Manager Cloud Control Console:

  1. Login to Enterprise Manager as a super user or EM_CLOUD_ADMINISTRATOR.
  2. From the Setup menu, select Security, then select Preferred Credentials.

    The Preferred Credentials page is displayed.

  3. Select a target type, and click Manage Preferred Credentials. The target specific Preferred Credentials page is displayed.
  4. Select the credential type from the Default Preferred Credentials table, and click Set. The Select Named Credential pop-up window is displayed.
  5. Select an existing named credential to be the Preferred Credential and click Save.
    1. Select New to create a new named credential to be set as Preferred Credential.

    2. Enter a user name and password for the credential.

    3. Enter a credential name, and select Save As. The credential will be saved with the name that you have provided.

    4. Click Test and Save.

To set a named credential as a target preferred credential with EMCLI, use the set_preferred_credential command.

Note:

Oracle recommends that you to create preferred credentials with the emcli commands.

emcli set_preferred_credential 
        -set_name="set_name"
        -target_name="target_name"
        -target_type="type"
        -credential_name="name"
        [-credential_owner ="owner"]

Note:

[ ] indicates that the parameter is optional.

Parameter Description

set_name

Set the preferred credential for this credential set.

target_name

Set the path for the software library location.

target_type

Target type for the target/credential set.

credential_name

Name of the credential.

credential_owner

Owner of the credential. This defaults to the currently logged-in user.

Example:

emcli set_preferred_credential 
        -set_name="HostCredsNormal"
        -target_name="test.example.com"
        -target_type="host"
        -credential_name="MyHostCredentials"
        -credential_owner="Admin"

3.2.5 Granting Credential Privileges to Oracle Site Guard Administrator Users

Named credentials are used to grant Oracle Site Guard administrators privileges to access and manage targets in disaster recovery operations.

The named credentials you created and configured as described in Creating Named Credentials, are used to grant access and manage targets during disaster recovery operations. The Oracle Site Guard administrators you created as described in Creating Oracle Site Guard Administrator Users, must be assigned privileges using those named credentials.

To grant privileges to Oracle Site Guard administrators, see Granting Credential Privileges with Enterprise Manager Cloud Control Console.

3.2.5.1 Granting Credential Privileges with Enterprise Manager Cloud Control Console

Learn how to grant privileges with Enterprise Manager Cloud Control Console.

To grant credential privileges with Enterprise Manager Cloud Control Console:

  1. Login to Enterprise Manager as a super user or EM_CLOUD_ADMINISTRATOR.
  2. From the Setup menu, select Security, then select Named Credentials.

    The Named Credentials page is displayed.

  3. Select the named credential to be granted, and click Manage Access. The Manage Access page for that credential is displayed.
  4. Click Add Grant.
  5. In the pop-up window, select the Oracle Site Guard administrator whom to grant privileges. Then click Select.
  6. Click Save to save the privilege granted to the selected administrator.

3.2.6 Configuring Software Library Storage Location

The Oracle Enterprise Manager Software Library (Software Library) is a repository that stores scripts and artifacts used by Oracle Enterprise Manager and its plug-ins.

This repository includes the scripts required to execute Site Guard operation plans. The storage location for the Software Library needs to be configured only once when you initially install and set up Oracle Enterprise Manager.

For information about the Software Library and how to determine whether a storage location for the Software Library is already configured, see section Configuring a Software Library.

To configure the Software Library storage location, use one of the following methods:

3.2.6.1 Configuring Software Library Storage Location with Enterprise Manager Cloud Control Console

Learn how to configure the Software Library storage location with Enterprise Manager Cloud Control Console.

To configure the storage location for the Oracle Software Library with Enterprise Manager Cloud Control Console:

Note:

Configuring Oracle Software Library is a one-time process. Enterprise Manager requires you to configure Oracle Software Library before proceeding with any deployment-procedure related tasks. Perform the steps listed in this section after confirming that Oracle Software Library is not already configured.

  1. Login to Enterprise Manager as an EM_CLOUD_ADMINISTRATOR user.

  2. From the Setup menu, select Provisioning and Patching, then select Software Library.

    The Software Library: Administration page is displayed.

  3. Select OMS Shared File System from the Storage Type drop-down box.

  4. Click Add.

  5. Specify a name and location that is accessible to all OMS users, and click OK.

    Note:

    As the storage location for the Software Library must be accessible to all OMS as local directories, in a multi-OMS scenario, you must set up a clustered file system using OCFS2 or NFS. For single OMS systems, any local directory is sufficient.

Oracle Enterprise Manager begins execution of a new job to upload Software Library content to the specified location.

Note:

For more information about Software Library, see Configuring Software Library.

3.2.6.2 Configuring Software Library Storage Location with Enterprise Manager Command-Line Interface

Learn how to configure the Software Library storage location with Enterprise Manager Command-Line Interface (EMCLI).

To configure storage location in the software library for the Oracle Software Library with EMCLI:

emcli add_swlib_storage_location 
       -name="name_of_software_library" 
       -path="path_to_the_software_library_location"
Parameter Description

name

The name for the software library.

path

The path to the software library location.

For example:

emcli add_swlib_storage_location 
       -name="Softlib" 
       -path="/u01/em/swlib"

3.2.7 Verifying Database and Data Guard Configurations

Oracle Site Guard uses Oracle Data Guard to perform database switchover and failover operations. Ensure that Oracle Site Guard can perform database operations during a disaster recovery operation.

To ensure that Oracle Site Guard can perform database operations during a disaster recovery operation:

  1. Ensure that Flashback Recovery is configured and enabled on both, the primary and the standby databases. If Flashback is not correctly configured, the standby database will have to be recreated after a failover operation. Whereas if Flashback is correctly configured the standby database can be easily reinstated after a failover operation with Data Guard Broker. Flashback need to be enabled only for failover operations and it is not required for switchovers.
  2. Verify the status and its configuration by ensuring that Oracle Data Guard is functional on the primary and standby databases (either single-instance or RAC).
  3. Ensure that you can perform Oracle Data Guard switchover and failover operations outside Site Guard (for example, with the DGMGRL utility).