Go to main content
1/7
Contents
Title and Copyright Information
Preface
Audience
Related Documents
Conventions
1
Overview
1.1
Overview of the Architecture
1.1.1
About the Knowledge Base (KB) and Package Repository
1.1.2
About the Enterprise Controller
1.1.3
About the Proxy Controller
1.1.4
About the Agent Controllers
1.1.5
About the Database
1.1.6
Security of the Architecture
1.1.7
About Authentication Between the Proxy Controller and Agents
1.1.7.1
About Authentication of Agent-Managed Asset
1.1.7.1.1
Overview of the Authentication of the Agent
1.1.7.1.2
Overview of the Authentication of the Proxy Controller
1.1.7.2
About Authenticated Transactions
1.2
General Principles of Security
1.2.1
About Keeping Software Up To Date
1.2.2
About Restricting Network Access
1.2.3
About the Principle of Least Privilege
1.2.3.1
Role Requirement for Tasks
1.2.3.2
Assigning Roles and Privileges to a User
1.2.4
About Monitoring System Activity
1.2.4.1
About Audit Logs for Performance and Security
1.2.4.1.1
Syntax of an Audit Log Entry
1.2.4.1.2
Changing the Date and Time Format of the Audit Log
1.2.4.1.3
Example of an Audit Log
1.2.4.2
Activity Log Files for Components
1.2.4.3
High Availability
1.2.4.4
Software Updates
1.2.4.5
Agents
1.2.4.6
Local Database
2
Secure Installation and Configuration
2.1
Planning the Deployment
2.1.1
About High Availability
2.1.1.1
Requirements for Enterprise Controller High Availability
2.1.1.2
Limitations of High Availability
2.1.2
Overview of Network Configuration
2.1.3
About Infrastructure and Operating Systems
2.1.4
About Storage Configuration
2.1.5
About a Remote Database
2.1.6
Typical Deployment
2.2
Installing Oracle Enterprise Manager Ops Center
2.2.1
About Controlling Access
2.2.2
About Substituting CA Certificates for the Default Certificates
2.2.3
Obtaining a Certificate Authority's Certificate
2.2.4
Viewing the Enterprise Controller's Truststore and Keystore
2.2.5
About CA Certificate Expiration
2.2.6
Verify a Certificate's Expiration Date
2.2.7
Replace the Certificate for the Enterprise Controller
2.2.8
Replace the Certificate for the Proxy Controller
2.2.9
Substituting Certificates for the Glassfish Web Container
2.2.10
Replace the Certificate for the Apache UCE Container
2.2.11
About Installing a Remote Proxy Controller Securely
2.3
Configuring
Oracle Enterprise Manager Ops Center
2.3.1
About the Connection Mode
2.3.2
Disable Multiple Logins
2.3.3
About Securing the Log Files
2.3.4
About Database Credentials
2.3.4.1
About Securing the Local Database
2.3.4.2
About Securing a Remote Database
2.3.4.3
Using the refactorOCPrivs_12.1.x.0.sql Script
2.3.4.4
Changing the Database Credentials for the Ops Center User
2.3.4.5
Changing the Database Credentials for the Read-Only User
2.3.5
Disable the Domain Model Navigator
2.3.6
Enable the Domain Model Navigator on the Enterprise Controller
2.3.7
Using the Domain Model Navigator
2.3.7.1
Logging Into the Domain Model
2.3.7.2
Searching the Domain Model
2.3.7.3
Changing the Domain Model
2.3.7.4
Logging Out of the Domain Model Navigator
2.3.8
Secure the Agents
2.3.9
About Securing the Browsers
2.3.10
About Strong Cipher Encryption
2.3.10.1
Verifying the Encryption Type
2.3.10.2
Configuring Proxy Controllers to Use a Strong Cipher Suite
2.3.11
Transport Layer Security (TLS)
2.3.11.1
About TLS Versions
2.3.11.2
Changing the TLS Version for Apache UCE Container
2.3.11.3
Changing the TLS Version for Glassfish Web Container
2.4
Viewing the Enterprise Controller's Configuration
2.5
About Editing the Configuration
2.6
Access to Database Data
2.6.1
Viewing Core Product Data Using Oracle SQL Developer
2.6.1.1
Modifying Oracle*Net Listener
2.6.1.2
Opening Oracle*Net to External Access
2.6.1.3
Creating the Connection to the Database
2.6.1.4
Viewing Data From the Database Using Oracle SQL Developer
2.6.2
Viewing Core Product Data Using SQL*Plus
3
Security Features
3.1
Configuring and Using Authentication
3.1.1
About Identity Management for Users
3.1.1.1
About Configuring an LDAP Server
3.1.1.1.1
To Configure the Directory Structure
3.1.1.1.2
To Add a Directory Server
3.1.1.2
About PAM Authentication
3.1.1.2.1
Verifying PAM Authentication
3.1.1.2.2
Changing the PAM Authentication
3.1.2
Credentials for My Oracle Support
3.1.3
Credentials for IAAS and Cloud Deployments
3.2
About Authorization
3.2.1
About Credentials for Assets
3.2.1.1
Using SSH Key-Based Authentication
3.2.1.2
Creating Credentials for Access to the Serial Console or SSH Tunnel
3.2.1.2.1
Defining the system property for console access
3.2.1.2.2
Creating the account using
Enterprise Manager Ops Center
3.2.1.2.3
Creating the account using the useradd command
3.2.1.3
About Managing Assets Using the agentadm Command
3.2.1.3.1
Before You Install an Agent Controller
3.2.1.3.2
Using User Credentials to Install and Configure an Agent Controller Manually
3.2.1.3.3
Using a Token to Install and Configure an Agent Controller Manually
3.2.1.4
Changing Credentials of Managed Assets
3.2.1.4.1
Preparing to Use
sudo
3.2.1.4.2
Upgrading Management Credentials From a Previous Version
3.2.1.4.3
Updating Management Credentials
3.2.1.4.4
Creating Management Credentials
3.2.1.4.5
Editing Management Credentials
3.2.1.4.6
Copying Management Credentials
3.2.1.4.7
Deleting Management Credentials
3.2.1.5
Creating a Credential Plan
3.2.1.6
Applying the Credential Plan
3.2.2
About Certificates
3.3
Configuring and Using Access Control
3.3.1
Verifying Security of Session Cookies
3.3.2
Setting the Expiration Time for Sessions
3.3.3
Removing Code Examples
3.4
Configuring and Using Data Protection
3.4.1
Using an NFS Server
3.4.2
About Backing Up and Restoring the Enterprise Controller
3.4.2.1
Backing Up an Enterprise Controller
3.4.2.2
Restoring an Enterprise Controller
3.4.2.2.1
Example: Restoring an Enterprise Controller With an Embedded Database
3.4.2.2.2
Example: Restoring an Enterprise Controller With a Customer-Managed Database
3.4.2.2.3
Example: Restoring an Enterprise Controller With a Customer-Managed Database Without Restoring the Database Schema
Index
Scripting on this page enhances content navigation, but does not change the content in any way.