As a first step towards getting started with Database Management for External Database Systems, you must perform the prerequisite tasks listed in the following table.
|Create Oracle Cloud Infrastructure IAM user groups
|The tenancy administrator must create IAM groups with
users who will discover External Database Systems and use Database Management to monitor the components.
It's recommended that you create separate user groups to perform the
|For information on how to create an IAM user group, see To create a group.
|Create policies to assign permissions to user groups
|The IAM user groups must be assigned the required permissions using policies to discover External Database Systems and monitor the components in Database Management. As mentioned in the preceding row, it's recommended that there's a separation of duties and you create policies to assign permissions to discover External Database Systems and monitor External Database System components to separate user groups.
|For information on how to create policies, see Managing
For information on Database Management permissions, see Obtain Required Permissions.
|Install Management Agents
|The Oracle Cloud Infrastructure
Management Agent service is required to establish a connection with an
External Database System during the discovery process and to enable
communication and data collection. You must install a Management Agent
on a node of the External Database to discover the associated External
Database System. To connect to and monitor clusters, the
mgmt_agent user must be available on all the nodes
in the cluster. You must ensure that the
user is included in the Oracle Inventory Group (typically,
oinstall) to be able to execute the
Note that a Management Agent 201215.1815 or later is required to add connections to the components in the External Database System.
|For information on how to install Management Agents, see Management Agent.
|Save the monitoring user password as a secret in the Vault service
|The monitoring user password required to connect to a components such as databases and ASM, should be saved in an Oracle Cloud Infrastructure Vault service secret with an encryption key. The Vault service is a managed service that enables you to centrally manage the encryption keys that protect your data and the secret credentials that you use to securely access resources. Note that if you change the monitoring user password, then you must also update the secret with the new password by creating a new version of the secret and updating the contents. If the secret is updated, then you must edit the connection credentials for the component to use the updated secret.
|For information on the Vault service, its concepts, and
how to create vaults, keys, and secrets, see Vault.
For information on the monitoring user for ASM, see Monitor ASM Instances.
For information on how to edit connection credentials for ASM, see View Connector Details.
|Save the Oracle wallet as a secret in the Vault service if you want to use the TCPS protocol to connect to External Database System components (Optional)
|If you opt to use the TCP/IP with Transport Layer
Security (TCPS) protocol to securely connect to External Database System
components, then you're required to enter the port number and upload the
The authentication and signing credentials, including the private keys, certificates, and trusted certificates used by Transport Layer Security (TLS) are stored in a wallet. This wallet must be saved as a secret with an encryption key in the Vault service.
The supported Oracle wallet formats are:
|For information on how to configure TLS authentication,
see Configuring Transport
Layer Security Authentication in Oracle
Database Security Guide.
For information on the Vault service, its concepts, and how to create vaults, keys, and secrets, see Vault.