Get Started with Operations Insights

Explore Operations Insights Using Demo Mode

Use Demo Mode to explore Operations Insights functionality immediately without having to configure a monitored environment. When Demo Mode is enabled, Operations Insights is populated with curated data that lets you explore its various resource monitoring and analysis capabilities without having to create a comprehensive, resource-rich environment.

Note

Demo Mode uses a dedicated read-only tenancy and requires your tenancy administrator to set up the requisite demo policy and region subscription. Operations Insights provides an easy-to-use UI to implement these prerequisites if they have not been met.

When first creating the policies, it may take approximately 1 minute for the policies to take effect. So when exiting the dialog you may see an error banner the first time.

To enable Demo Mode, navigate to the Operations Insights Overview page and click Enable Demo Mode.
Graphic shows the Enable Demo Mode button highlighted on the Overview page.

When Demo Mode data is enabled, specific control functionality, such as the ability to add database/host resources or select compartments is deactivated.

To disable Demo Mode, navigate to the Overview page and click Disable Demo Mode. You will be returned to your original tenancy, and all Operations Insights control functions will be reactivated. Alternatively, you can click the Disable button in the red banner that appears at the top-right of any page while Demo Mode is enabled

Set Up Groups, Users and Policies

Before you can start using Operations Insights, your tenancy administrator has to create Oracle Cloud Infrastructure user accounts, create a group for these users to belong to, and then assign these user accounts to that group.

Note

For detailed information about policies used to control access to Operations Insights, see Details for Operations Insights.

There are two types of Operations Insights users, each with different operational profiles: Administrators and Non-administrators.

If you already have an existing group, you may use that group to control access to Operations Insights and skip the group creation procedure. Simply grant Operations Insights resource permissions to this pre-existing group. There is no requirement to create a separate group exclusively for Operations Insights.

For example, you may already have a DB administrator (DBAdmin) group that has USE permission on the opsi-family. In this case, skip the group and user creation topic and proceed directly to policy creation and just grant the requisite permissions to the DBAdmin group.

Using Dashboards

A separate set of policies are required to use dashboards. For more information about these policies, see Prerequisites in Create Dashboards.

This section covers the following topics:

Create an Administrator Group, User and Policy

Define policies to give the group and the administrator accounts that belong to it the ability to enable Operations Insights on OCI resources.

In the following procedures, you will create a new group called opsi-admins, add the user opsiadmin to this group, and create a new policy called opsi-admin-policy that grants administrators Operations Insights enable/disable permissions on their full fleet of resources.

Create an Administrator Group and User
  1. Log into the Console as a tenancy administrator and open the navigation menu.
  2. Under Governance and Administration, go to Identity and click Groups.

    A list of the groups in your tenancy displays.

  3. Click Create Group and create a new group.
  4. Enter a meaningful name. For example, opsi-admins.
  5. (Optional) Enter a description. Avoid entering confidential information.
  6. Click Create Group.
  7. Go back to Governance and Administration, select Identity and click Users. A list of the users in your tenancy displays.
  8. Click Create User and create one or more new users. Create a user named opsiadmin.
  9. Add the user opsiadmin to the opsi-admin group.
    1. Go back to Governance and Administration, select Identity, and then click Users.

      A list of the users in your tenancy displays.

    2. Select one or more users and add them to the group authorized to use Operations Insights.
Create an Administrator Policy

Users can only use Operations Insights if their group has been granted the requisite permissions. To allow the opsiadmin administrator to enable/disable Operations Insights on their full fleet of resources and access to all analytics data, you must create an identity policy to grant the opsi-admin user group permissions.

  1. Log into the Console as your tenancy administrator.
  2. Open the navigation menu.
  3. Under Governance and Administration, go to Identity and click Policies.
  4. Use the To create a policy instructions and give the policy a meaningful name. For example, opsi-admin-policy.
  5. Add the following policy statements to allow the group to enable/disable Operations Insights. For example, for the opsi-admin group, add the following:
    allow group opsi-admins to manage opsi-family in tenancy

    For Autonomous and Cloud Databases:

    allow group opsi-admins to use database-family in tenancy

    For External Databases:

    allow group opsi-admins to use external-database-family in tenancy
  6. To allow the group to create/enable/disable a Management Agent Host, Enterprise Manager database, and update or add tags to all Operations Insights resources, also add the following:
     allow group opsi-admins to manage opsi-family in tenancy

    For information about the opsi-users group, see Create a Non-administrator Group, User and Policy.

  7. Click Create.

Create a Non-administrator Group, User and Policy

To control access to Operations Insights resources, you want to limit the permissions and privileges of non-administrator users. To do this, you should use a separate group for regular users.

Use the following procedures to create a regular user for Operations Insights:

Create a Non-administrator Group and User

In the following procedures, you will create a new group called opsi-users, add the user opsiuser to this group, create a new policy called opsi-user-policy, and add the user opsiuser to this group.

  1. Log in to the Console as your tenancy administrator and navigate to Governance and Administration > Identity and click Groups.

    A list of the groups in your tenancy displays.

  2. Click Create Group and create a new group.
  3. Enter a meaningful name. For example, opsi-users.
  4. (Optional) Enter a description. Avoid entering confidential information.
  5. Click Create Group.
  6. Go back to Governance and Administration, select Identity and click Users. A list of the users in your tenancy displays.
  7. Click Create User and create one or more new users. Create a user named opsiuser.
  8. Add opsiuser to the opsi-users group.
    1. Go back to Governance and Administration, select Identity, and then click Users.

      A list of the users in your tenancy displays.

    2. Select one or more users and add them to the group authorized to use Operations Insights.
Create a Non-administrator Policy

Users can only use Operations Insights if their group has been granted the requisite permissions. To allow the opsiuser user to enable/disable Operations Insights on only Autonomous Databases within their tenancy, you must create an identity policy to grant the opsi-users user appropriate group permissions.

  1. Log in to the Console as your tenancy administrator and navigate to Governance and Administration > Identity and click Policies.
  2. Use the To create a policy instructions and give the policy a meaningful name. For example, opsi-user-policy.
  3. Add a policy statement to allow the group to enable/disable Operations Insights. For example, for the opsi-users group, add the following:
    allow group opsi-users to use opsi-family in tenancy
  4. Click Create.

Access Operations Insights

There are two ways to access the Operations Insights Console: Through the Oracle Cloud Infrastructure Console or from the Oracle Database Service details page in Oracle Cloud Infrastructure.

Oracle Cloud Infrastructure Console

To access Operations Insights, you can first sign in to the Oracle Cloud Infrastructure Console, and then access Operations Insights via the Oracle Cloud Infrastructure Console main menu.

Open the navigation menu, click Observability & Management. Under Operations Insights, click Overview.

Database Service Details

For a database managed within OCI (External and Autonomous databases only), you can access Operations Insights directly from the database's details page. Operations Insights options appear in the lower-left corner of the page. These options vary depending on whether or not a database has been enabled for Operations Insights.

  • Database is already enabled.

    If Operations Insights has been enabled for a database, Disable and View links appear. Click Disable to disable Operations Insights for the database directly without accessing the Console. Click View to access the Operations Insights Overview page.

  • Database is not enabled.

    If Operations Insights is not currently enabled for the database, an Enable link appears,which allows you to enable Operations Insights for the database without having to access the Operations Insights Overview page.

Application Menu and Scope

When you select either Databases or Hosts from the Capacity Planning menu, a Resources sub-menu is presented.

  • Databases: Summary, CPU, Storage, Memory, and I/O.

  • Hosts: Summary, CPU, and Memory

These pages comprise the Capacity Planning application of Operations Insights Service.

Below the sub-menu are Scope and Filters sections that define the global time and target scope shared across the Capacity Planning application.

For Databases

  • Compartment: Capacity Planning is scoped to all databases enabled for Operations Insights and belonging to a specific compartment.
  • Database Type: The database scope can be further narrowed by filtering on database type.
  • Database: This option allows you to narrow the scope to a single database. To limit the number of databases that appear in the drop-down menu, you can type in a partial name to filter out unwanted databases.
  • Time Range: This is the historical time period on which Capacity Planning trends and forecasts will be based, ranging from previous day up to last 25 months.

For Hosts

  • Compartment: Capacity Planning is scoped to all hosts enabled for Operations Insights and belonging to a specific compartment.
  • Platform Type: The host operating system type.
    Note

    Solaris is only available as a platform type when the host is a target monitored by Enterprise Manager and has been added to the Enterprise Manager group containing targets uploading data to OCI. For more information about uploading target data from Enterprise Manager to OCI, see:
  • Host: This option allows you to narrow the scope to a single host. To limit the number of hosts that appear in the drop-down menu, you can type in a partial name to filter out unwanted hosts.
  • Time Range: This is the historical time period on which Capacity Planning trends and forecasts will be based, ranging from previous day up to last 25 months.

Filtering Databases and Hosts Across Applications

To restrict Capacity Planning (databases or hosts) and Oracle SQL Warehouse insight/analysis to a subset of enabled databases/hosts, use the Database Name/Host or Host filter.


The graphic shows the Filter sub-menu with the Database Name/Host filter highlighted

  1. Click Select to display the Select by Names/Hosts dialog.
  2. Choose how you want to select databases. Under Select Databases By, choose whether you want to select databases by name or host name (all databases that reside on the selected host). Similarly, you can select from a list of enabled hosts if you are working with Hosts insight/analysis.
  3. Depending on the option you chose in step 2, select a database or host from the drop-down list. Repeat this step until you've added all databases/hosts of interest.
  4. Click Apply.

To remove the filter, click Clear.

Filtering Databases and Hosts Using Tags

You can filter host and database resources by namespaces, tags, and tag values. Tag filtering lets you display only those resources for which a specific tag has been assigned. This can greatly simplify resource management. For example, you want to perform Capacity Planning on your production databases only. By tagging your production databases with a Lifecycle State of Production, you can easily isolate only the production databases in Operations Insights.


Graphic shows the Tag filter menu option.

For more information about tags and how to use them for filtering, see To filter a list of resources by a tag.

  1. Click Add to display the Apply a Tag Filter dialog.
    Graphic shows the Apply Tag dialog.

  2. Select a Tag Namespace (optional) and enter a Tag Key.
  3. To narrow tag filtering, you can define supplementary patterns on which to filter. By default, Match any value is selected. To define additional Tag Key pattern filtering criteria, click Match any of the following and enter the text to be used for filtering. You can define additional text filtering criteria by clicking Add (+) and entering the desired text.
  4. Click Apply Filter.

    To remove the filter, click Clear.

Viewing Resources Across Compartments

Operations Insights allows you to analyze database and host resources across an entire compartment hierarchy, letting you perform comprehensive fleet-wide analysis.

Cross-compartment data access allows you to gather insights at the root or parent compartment level: Resources residing at all sub-levels can be aggregated for more meaningful fleet analysis. For example, a corporate parent compartment contains two primary sub-compartments (Finance and Human Resources), each with its own database. Additionally, both Finance and Human Resources compartments have sub-compartments with their own databases. You're interested in all databases belonging to the Finance department due to excessive CPU usage. You can select the top-level Finance compartment and then use Capacity Planning to compare CPU utilization between databases residing within the Finance compartment hierarchy.

Cross-compartment resource access lets you:

  • Analyze all resources within a given region for the entire tenancy
  • Respect current authorization policies by authorizing the highest compartment as part of the authorization decision
  • Analyze all resources within a given compartment subtree

Select the desired compartment under Scope and click the Include child compartments option to activate cross-compartment access.


Graphic shows the child compartment scope option.

Note

Cross-compartment data access is not supported for Exadata Insights.

Accessing Related Services

Operations Insights provides direct access to the Oracle Cloud Infrastructure Database Management service which provides real-time monitoring, performance management, tuning, and database administration. Database Management features include:

  • Fleet Monitoring and Management: Monitor multiple Oracle Database services deployed within OCI compartments, proactively detect and identify the root cause of performance issues across a fleet of databases, and respond to performance and configuration-related alerts.
  • Database Groups: Automate database fleet management and define routine database jobs scheduled to run against a set of databases.
  • Database Summary: Monitor key usage and performance metrics in real-time for a specific database.
  • Jobs: Create and run jobs using your own custom SQL, PL/SQL, and SQL scripts.

You can access Database Management via the Related Features menu on the left menu pane, the Related Services tile on the Overview page, or the Database Fleet Administration page.

Prerequisites for Enabling Resources

Operations Insights pulls in resource data from multiple sources. Depending on the telemetry, adding resources may require specific prerequisites be met before enabling them for Operations Insights.

There are three telemetries where target data can be pulled from:

The following list prerequisites for each.

Cloud Infrastructure

Enterprise Manager

  • Targets must be part of a group (defined in Enterprise Manager).
  • An Object Storage bucket must exist. The visibility of this bucket MUST be private.
  • An OCI bridge must exist.
  • An EM bridge must exist.
  • The EM Bridge requires a policy:
    allow dynamic-group <group_name> to read object-family in compartment <bucket_compartment_name> where ANY{target.bucket.name='embridge-bucket'}

    For instructions on defining policies, see Set Up Groups, Users and Policies.

See Adding Enterprise Manager Targets for more information.

Agent Service

  • Database or Host must be monitored by an OCI Management Agent Service. For more information, see Management Agent.
  • The database needs to have been created and a connector created in the external database handle. For more information, see Creating External Database Handles.

Enabling Database Cloud Service Databases

Operations Insights allows you to use the Capacity Planning and SQL Warehouse functionality to gain insight into Oracle Databases deployed in Oracle Cloud (Bare Metal, Virtual Machine VM, and Exadata Cloud Service).

Note

Exadata Cloud at Customer support is available via the Enterprise Manager telemetry.

Using Operations Insights on Oracle Cloud Databases allows you to:

  • Analyze resource usage of databases across cloud databases
  • Forecast future demand for database resources such as CPU, memory, and storage based on historical trends
  • Compare SQL performance across databases and identify common patterns
Note

Exadata Insights is not supported for Exadata Cloud Service.

The following topics are covered:

  1. Prerequisites

  2. Create a Private Endpoint

  3. Add a Cloud Service Database

Prerequisites

Permissions

The following Oracle Cloud Infrastructure service permissions are required to enable Operations Insights for Oracle Cloud Databases.

  • Bare Metal and Virtual Machine DB systems and Exadata Cloud service permission: To enable Operations Insights for Oracle Cloud Databases, you must have the required Bare Metal and Virtual Machine DB systems and Exadata Cloud service permissions.

    Here's an example of a policy that grants the opsi-admins user group the permission to enable Operations Insights for the Oracle Cloud Databases in the tenancy:

    Allow group opsi-admins to use database-family in tenancy

    For more information on specific Bare Metal and Virtual Machine DB systems and Exadata Cloud service resource-types and permissions, see Details for Bare Metal and Virtual Machine DB Systems and Details for Exadata Cloud Service Instances.

  • Networking service permissions: To work with the Operations Insights private endpoint and enable communication between Operations Insights and the Oracle Cloud Database, you must have the manage permission on the vnics resource-type and the use permission on the subnets resource-type and either the network-security-groups or security-lists resource-type (You can either open up network access via a network security group (the database should have been configured to use the same), or the subnet needs to have the appropriate security lists (the subnet the database resides in)).

    Here are examples of the individual policies that grant the opsi-admins user group the required permissions:

    Allow group opsi-admins to manage vnics in tenancy
    Allow group opsi-admins to use subnets in tenancy
    Allow group opsi-admins to use network-security-groups in tenancy
    
    Allow group opsi-admins to use security-lists in tenancy

    Or a single policy using the Networking service aggregate resource-type grants the opsi-admins user group the same permissions detailed in the preceding paragraph:

    Allow group opsi-admins to manage virtual-network-family in tenancy

    For more information on the Networking service resource-types and permissions, see the Networking section in Details for the Core Services.

  • Vault service permissions:

    Cloud database credentials are added to the OCI Vault service, so you will have to write a policy to allow Operations Insights to read them for metric data collections. To create new secrets or use existing secrets when specifying the database credentials to enable Operations Insights for Oracle Cloud Databases, you must have the manage permission on the secret-family aggregate resource-type.

    Here's an example of the policy that grants the opsi-admins user group the permission to create and use secrets in the tenancy:

    Allow group opsi-admins to manage secret-family in tenancy

    In addition to the user group policy for the Vault service, the following service policy is required to grant Operations Insights the permission to read database password secrets in a specific vault:

    Allow service operations-insights to read secret-family in compartment ABC where target.vault.id = 'Vault OCID' 
    Note

    Compartment ABC is the compartment of the vault. This compartment is not required to match the compartment of the database.

    For more information on the Vault service resource-types and permissions, see Details for the Vault Service.

Oracle Cloud Database-related Prerequisite

To enable and use Operations Insights for Oracle Cloud Databases, you must grant a database user, such as DBSNMP, the privileges required to access and monitor the Oracle Cloud Database. Important: When selecting a CDB, the database user must be a common user for all PDBs within the CDB.

SQL> GRANT SELECT ANY DICTIONARY, SELECT_CATALOG_ROLE TO DBSNMP;
For instructions on how to set up Oracle Database monitoring credentials, see Creating the Oracle Database Monitoring Credentials for Oracle Cloud Infrastructure Database Management and Operations Insights (Doc ID 2857604.1).

Enabling Network Communication

Specific network settings are required to enable communication between Operation Insights and Oracle Cloud Databases.

You must enable communication between Operations Insights and the Oracle Cloud Database by adding the ingress and egress security rules to an NSG or a Security List in the VCN in which the Oracle Cloud Database can be accessed.

Before you enable communication between Operations Insights and the Oracle Cloud Database, you must:

  • Ensure that you're familiar with security rules. For information, see Security Rules.
  • Depending on whether you want to use NSGs or Security Lists to add the ingress and egress rules, you must have the required permissions and be familiar with how to add security rules.
    Note

    • An NSG must be available to create an Operations Insights private endpoint. For more information, see Network Security Groups.
    • A security list rule that allows access over the database port <number> is applied to the NSG for access within the VCN or subnet CIDR block. For more information, see Security Lists.
  • Make a note of the Oracle Cloud Database private IP addresses and port details and the Operations Insights private IP addresses. These are details that you may have to enter when you add security rules, and here's information on where you can find them:
    • For Oracle Cloud Database port details, see the DB System Information section on the Database System Details page for Oracle Databases on Bare Metal and Virtual Machine DB systems. For Oracle Databases on Exadata Cloud service, see Network details on the Exadata VM Cluster Details page.
    • For Oracle Cloud Database private IP addresses, see the Nodes section on the Database System Details page for single instance databases on Bare Metal and Virtual Machine DB systems. For RAC databases, use the Scan IP Address, which is available on the DB System Details page for the Virtual Machine DB system and on the Exadata VM Cluster Details page for the Exadata Cloud service.

    Note that an Operations Insights private endpoint for single instance Oracle Cloud Databases in the Bare Metal and Virtual Machine DB systems has only one private IP address and an Operations Insights private endpoint for RAC Oracle Cloud Databases in the Virtual Machine DB system and Exadata Cloud service has two private IP addresses.

For Operations Insights to communicate with the Oracle Cloud Database, you must add ingress and egress security rules using either Network Security Groups (NSG) or Security Lists. The following examples illustrate how to enable communication between an Operations Insights private endpoint and the Oracle Databases on a Virtual Machine DB system using NSGs and Security Lists.

Create an NSG to enable communication between the Operations Insights private endpoint and a Virtual Machine DB system

In the following example, an NSG is created and added to:

  • A Virtual Machine DB system
  • An Operations Insights private endpoint for single instance Oracle Cloud Databases (which is already created)

On completing the tasks listed in this example, the Operations Insights private endpoint will have access to all the single instance databases in the Virtual Machine DB system's VCN without impacting the VCN's subnet architecture.

For information on creating an NSG in the Virtual Machine DB system's VCN, see To create an NSG.

When creating the NSG, add the following stateful security rules. These security rules will then be added to the Virtual Machine DB system's VCN:

  • Ingress rule for the Virtual Machine DB system's VCN: The Virtual Machine DB system's VCN (on port 1521) can receive incoming traffic from the Operations Insights private endpoint's subnet (10.0.0.0/24) from any port.
  • Egress rule for the Operations Insights private endpoint: The Operations Insights private endpoint's subnet (from any port) can send requests to the Virtual Machine DB system's VCN (10.0.0.0/16) on port 1521.

Security rules in an NSG

After you create the NSG, you must add it to the Virtual Machine DB system and the Operations Insights private endpoint.

For information on how to add the NSG to the Virtual Machine DB system, see To edit the Network Security Groups (NSGs) for your DB System.

To add the NSG to the Operations Insights private endpoint, go to the Operations Insights Private Endpoint Administration page (Administration > Private Endpoints) and click the private endpoint to which you want to add the NSG. On the Private Endpoint Details page, click Edit against Network Security Groups and add the newly created NSG.

Add security rules to a Security List to enable communication between an Operations Insights private endpoint and a Virtual Machine DB system

In the following example, stateful security rules are added to an existing Security List in the Virtual Machine DB system's VCN to enable communication between an Operations Insights private endpoint for single instance Oracle Cloud Databases and all the subnets in the VCN. This ensures that the Operations Insights private endpoint can access all the single instance databases in the VCN.

For information on updating an existing Security List, see To update rules in an existing security list.

Add the following stateful security rules to the Security List:

  • Ingress rule for the Virtual Machine DB system's VCN: The Virtual Machine DB system's VCN (on port 1521) can receive incoming traffic from the Operations Insights private IP address (10.0.0.6/32) from any port.
  • Egress rule for the Operations Insights private endpoint: The Operations Insights private IP address (from any port) can send requests to the Virtual Machine DB system's VCN (10.0.0.0/16) on port 1521.

Security rules in a security list.

Obtaining CIDR Block Values

The CIDR block values used to define rules will be specific to your environment and not those shown in the above examples. You can obtain the correct CIDR ingress/egress rule values for your Operations Insights environment as follows:

  • Ingress Rules

    The ingress rule you need to create depends on the subnet specified when creating the private endpoint. You can find the CIDR block on the VCN/Subnet page. Operations Insights also provides a convenient link to the VCN/Subnet page directly from the Private Endpoint Details page.


    Graphic shows the the VCN/Subnet page link from the Private Endpoint Details page.

  • Egress Rules

    The egress rule you need to create depends on the VCN in which your Oracle Cloud Database(s) reside. You can find the CIDR block by navigating to the database details page where you'll find a link to the associated VCN.


    Graphic shows the DB details page.


    Graphic shows the VCN details page.

    Note

    You should write your rule using the entire CIDR block so that the private endpoint can be used for all databases in the VCN.

Create a Private Endpoint

A private endpoint is a private IP address within your Virtual Cloud Network (VCN) that you can use to access a given service within Oracle Cloud Infrastructure.

Operations Insights communicates with Oracle Cloud Databases via private endpoints defined within a Virtual Cloud Network (VCN). For more information about private access and endpoints to OCI services, see Private Endpoints

Note

Before you create a private endpoint in Operations Insights, you must have the following details:

  • The name of the VCN used to access your database.
  • The name of the subnet in the VCN.
  • The name of the network security group (optional).

The private endpoint is a representation of Operations Insights in the VCN in which the Oracle Cloud Database can be accessed, and acts as a VNIC with private IP addresses in a subnet of your choice. The private endpoint does not have to be on the same subnet as the Oracle Cloud Database, but it must be on a subnet that can communicate with the Oracle Cloud Database.

Operations Insights lets you create the following types of private endpoints:

  • Private endpoint for single instance Oracle Cloud Databases: You can create a maximum of five Operations Insights private endpoints in your tenancy (per region) to connect to single instance Oracle Cloud Databases in the Bare Metal and Virtual Machine DB systems. There is no restriction on the number of single instance databases for which you can enable Operations Insights using a single private endpoint. The private endpoint for single instance Oracle Cloud Databases has only one private IP address.
  • Private endpoint for RAC Oracle Cloud Databases: You can create only one Operations Insights private endpoint in your tenancy (per region) to connect to RAC Oracle Cloud Databases in the Virtual Machine DB system and Exadata Cloud service. One private endpoint for RAC Oracle Cloud Databases can support up to 15 single client access network listeners (SCANs). In the case of Virtual Machine DB systems, a SCAN is equal to one RAC Virtual Machine DB system. In the case of Exadata Cloud service, it is equal to one Exadata Cloud service VM cluster, regardless of the number of individual RAC databases hosted on the Exadata Cloud service VM cluster. The private endpoint for RAC Oracle Cloud Databases has two private IP addresses.
Note

You can create one private endpoint of each type in a VCN, which means that you can create one private endpoint for single instance databases and one for RAC databases.

Creating a Private Endpoint

To create a private endpoint:

  1. From the Operations Insights main menu, click Administration and then Private Endpoints to access the Private Endpoint Administration page for the currently selected compartment. If endpoints for the compartment were previously defined, they will appear in the table where you can perform administrative functions.
  2. Click Create Private Endpoint. The Create Private Endpoint dialog displays.
    Private Endpoint dialog

  3. Enter the required parameters to define the endpoint:
    • Name: An easily identifiable name for the endpoint.
    • Description: Optional
    • Compartment: Select a compartment in which to create the private endpoint from the drop-down list. By default, the compartment that was selected prior to clicking Create Private Endpoint is chosen. Note that this does not have to match the database compartment.

    Configuration

    The private endpoint will be created in the VCN and subnet selected here. Select a subnet that has connectivity to the subnet which contains the database that will be added to Operations Insights.

    • Use this private endpoint for RAC databases. You should select this when connecting to an ExaCS/VM RAC database. It can only be set during private endpoint creation and cannot be changed later.
    • Virtual Cloud Network in <compartment>: Select the VCN within the current compartment that will be used to access the Cloud database. If desired, use the drop-down list to choose another VCN in that compartment.
    • Subnet in <compartment>: Select a subnet within the chosen VCN. By default, the first subnet in the drop-down list is selected.

    Network Security Group (optional)

    A network security group lets you add additional fine-grained security access to any resources that will be using the private endpoint. A security group acts as a virtual firewall that allows you to separate your VCN's subnet architecture from your security requirements.

    To add a network security group to the private endpoint,

    1. Click +Another Network Security Group.
    2. Select an existing network security group from the drop-down selector.
    3. If no security groups exist, click Add new to display the VCN details page where you can define a new Network Security Group for that VCN.
    4. From the Network Security Group region of the Create Private Endpoint dialog, click the refresh icon. The newly defined security group will be available in the drop-down selector.
  4. Click Create Private Endpoint. The Private Endpoint Details page displays where you can view private endpoint information including direct links to the details pages for the endpoint’s VCN, subnet, and network security groups.

For more information about security groups, see Network Security Groups

From the Private Endpoints Details page, you can perform the following operations:

  • View existing or define new resource tags
  • Edit the private endpoint (name, description, add/delete network security groups)
  • Move the private endpoint to a different compartment
  • Add resource tags
  • Delete the private endpoint
  • Register Oracle Cloud Databases with the private endpoint
  • View work requests associated with the private endpoint. Note: By default, the details page displays database resources. To display work resources, click Work Requests in the Resources menu. For more information about work requests, see Work Resources.

The above operations can also be performed from the Private Endpoint Administration page via the context menu (vertical ellipsis) for each private endpoint.

Deleting a Private Endpoint

You can delete a private endpoint from the Private Endpoint Administration page. Important: All databases accessing the private endpoint must first be disabled.

Add a Cloud Service Database

With a private endpoint defined, you’re ready to add a database that uses that endpoint. You can add databases from the Private Endpoint Details page or from the Database Fleet Administration page.

  1. From the Operations Insights main menu, click Administration and then Database Fleet. Alternatively, navigate to a Private Endpoint Details page.
  2. Click Add Databases. The Add Databases to Operations Insights dialog displays.
    Add DB dialog with Bare Metal selected

  3. Under Choose a cloud database type, select Bare metal, VM and Exadata. The Select Database region displays.
  4. Enter the required database selection information:
    1. Database Type: Choose either Bare Metal, Virtual Machine and Exadata . For each database type, there are different resources that can be specified:
      1. For Bare metal, VM you can only add database systems
      2. For ExaCS, you can only add VM Clusters
    2. Database System: Select a database system (Bare Metal, VM Clusters for ExaCS) from the current compartment. If needed, you can change compartments.
    3. Database Home: Select a database home (system or cluster). All database homes in the database system are available in the drop-down selector.
    4. Database: Select a database from the database home. Databases are identified as either container or non-container. If you select a container database, you’ll be provided with the option of selecting all PDBs in the container or a single PDB.
      Note

      When PDBs are added or removed from the DB System or VM Cluster, they will automatically be enabled or disabled:
      • When performing disable, you should simply select the CDB and disable that target alone. That will disable all the PDBs as well.
      • When performing a delete, you should simply select the CDB and disable that target alone. That will disable all the PDBs as well.
      • If you previously disabled the CDB (and thus all the PDBs) and you want to re-enable Operations Insights, you should do so just on the CDB resource.
    5. Pluggable Database (optional): When a container database is selected, you can select all PDBs or a single PDB.
    6. Service Name: If no pluggable database was specified above, enter the service name corresponding to the container database (CDB). If one was specified, enter the service name corresponding to the specified pluggable database.
  5. Specify credentials for the connection: If no pluggable database (PDB) was specified above, enter the common user name for the CDB and all the PDBs and choose the secret corresponding to the password for the container database (CDB) user. If an individual PDB was specified, enter the user name and choose the corresponding secret for the specified pluggable database.

    For the database user monitoring the Oracle Cloud Database, the password must meet the following Federal Information Processing Standards (FIPS) requirements:

    • Password length must be between 14 to 127 characters.
    • Password must have at least two lowercase, two uppercase, two digits, and two special characters.

    To create a new secret, click Create New Secret.

    Note

    To change the monitoring user or secret reference, you need to disable the database and then re-enable it (upon re-enable a pop-up displays to allow you to make changes).

    For more information, see Overview of Vault .

  6. Select a private endpoint that has network access to this database via a VCN.
    Note

    Make sure to select a private endpoint that is RAC Enabled if the database being enabled is a cluster database

    To create a new private endpoint, click Create New Endpoint to access the Private Endpoint Administration page. For more information about creating private endpoints, see Create a Private Endpoint.

  7. Click Add Databases. The newly added database will appear in the Database Fleet Administration page as well as the Private Endpoint Details page.

Adding Enterprise Manager Targets

You can use Operations Insights to perform resource analysis against databases and hosts managed by Enterprise Manager.

Enterprise Manager lets you transfer data from Enterprise Manager targets and Oracle Management Repository (OMR) to an OCI Object Storage bucket, where it is easily accessed by Operations Insights.

System Prerequisites

  • Oracle Enterprise Manager 13c Release 5 Update 8 (13.5.0.8) or above
  • DB Plugin version 13.5.1.0.0 or above

Data transfer from Enterprise Manager to Operations Insights is configured in two steps:

  1. Set up target-level data transfer from Enterprise Manager to OCI Object Storage.
  2. Set up data transfer from OCI Object Storage to Operations Insights.

Each step involves setting up a data transfer bridge. There are two bridges involved in Enterprise Manager-Operations Insights communication:

  • An Enterprise Manager OCI Bridge to move target-level data from Enterprise Manager to OCI Object Storage bucket.

  • An Operations Insights EM Bridge to move data from the OCI Object Storage bucket to Operations Insights for analysis.

Note

Enterprise Manager Release 5 Update 7 (13.5.0.7) and Earlier Oracle Management Agents: There is an issue that is applicable to databases monitored by 13.5.0.7 (or earlier) Oracle Management Agents that are using the OCI Bridge. This does not apply to Autonomous Databases or databases managed by Management Agent Cloud Service agents. See OCI : SQL Insights Collected for SQLs but SQL Text is not listed (Doc ID 2864085.1) for more information.

This issue has been fixed in Oracle Enterprise Manager 13c Release 5 Update 8 (13.5.0.8). Oracle recommends updating Oracle Management Agents to the latest version.

EM Bridge Prerequisites

Before setting up the EM Bridge, you need to create Identity and Access Management (IAM) policies in order to read from the configured Object Storage Bucket. Create a dynamic group and provide permissions for the dynamic group to access the data in the above Object Storage compartment. Additionally, add policies to use the opsi-enterprise-manager-bridge resource, which is part of opsi-family aggregate resource-type. The following examples illustrate the policy creation process.

  • Example rule for bridge dynamic group where the resource can be in any compartment in tenancy:

    ALL {resource.type='opsienterprisemanagerbridge'}
  • Example rule for bridge dynamic group with specific resource compartment OCID:

    ALL {resource.type='opsienterprisemanagerbridge', resource.compartment.id = <opsienterprisemanagerbridge_resource_compartment_OCID>}
  • Example policy to allow the dynamic group READ access to the Object Storage bucket:

    allow dynamic-group <group_name> to read object-family in compartment <bucket_compartment_name> where ANY{target.bucket.name=<embridge-bucket>}

Data Flow

Once Enterprise Manager to Operations Insights connectivity is set up, your target data is automatically uploaded at frequent intervals to the Object Storage bucket so that Operations Insights is always working with the most recent target data.

The following graphic illustrates how target data flows from Enterprise Manager to an OCI service once the configuration process has been completed. Highlighted in red is the portion of the setup you will perform for Operations Insights.

Note

The Object Storage bucket must already exist before creating an EM Bridge.

Graphic illustrates the data flow from Enterprise Manager to Operations Insights

For instructions on setting up Enterprise Manager target-level data transfer to the Object Storage bucket and setting up the OCI Bridge for Operations Insights, see Integrating Enterprise Manager with OCI Services in the Enterprise Manager Cloud Control Administrator's Guide.

Create an EM Bridge

You create an EM bridge to move target-level data from an OCI Object Storage bucket to Operations Insights.

To create an EM bridge:

  1. Open the navigation menu and click Observability and Management. Under Operations Insights, click Administration. The Database Fleet option is selected by default in the Operation Insights navigation menu.
  2. Click EM Bridges. The EM Bridge Administration page displays.
  3. Click Create Bridge. The Create Enterprise Manager Bridge dialog displays.
  4. Enter the following:
    • EM Bridge Name: A user-friendly name that lets you easily identify the source.
    • Compartment: The compartment where the EM bridge will be located.
    • Bridge Description: A meaningful description detailing specifics about the bridge.
    • Bucket Name: The name of the Object Storage bucket where Enterprise Manager target-level data is being uploaded. For more information about buckets, see Managing Buckets.
  5. Click Create Bridge.

The newly created bridge will appear in the EM Bridge Administration page table. Once your bridge is created, you can click on the bridge name in the table to access the bridge's detail page where you can edit the bridge description, move the bridge to a different compartment, add tags, or add/enable/disable databases.

Delete an EM Bridge

You can delete an EM bridge to remove a connection between Operations Insights and the OCI Object Storage bucket.

Important: Before you can delete an EM bridge, you must first disable AND delete all Enterprise Manager resources associated with the EM bridge.

To delete an EM bridge:

  1. Open the navigation menu and click Observability and Management. Under Operations Insights, click Administration. The Database Fleet option is selected by default in the Operation Insights navigation menu.
  2. Click EM Bridges. The EM Bridge Administration page displays.
  3. In the EM Bridge table, click on the EM bridge you want to delete. The details page for the EM bridge displays.
  4. For each enabled resource in the table, choose Disable Operations Insights from the Actions menu. All resources must be disabled.
    Note

    Any Exadata Systems should be disabled and deleted first (this will also disable and delete the child databases and hosts).
  5. For each disabled database in the table, click the vertical ellipses to display the pop-up menu and choose Delete Operations Insights.
  6. Once all databases have been disabled and deleted, click Delete at the top of the EM Bridge details page to start the bridge deletion process.

Working with Operations Insights Resources

The first step to using Operation Insights is to enable resources for the service. This allows you to use Operation Insights' powerful analysis and forecasting tools to optimize performance of your IT assets. Operations Insights resources can be disabled and re-enabled as required.

You can:

Enable Databases for the Service

Once a database is enabled, you'll be able to use Operations Insights Capacity Planning and Oracle SQL Warehouse features to optimize performance and resource usage.

Note

The data may take up to 24 hours to appear.

If you want to view more granular data (7 days or less), you can select a smaller time range.

Monitoring Credentials

Before adding a database, ensure that you have proper monitoring credentials set up. For instructions on how to set up Oracle Database monitoring credentials, see Creating the Oracle Database Monitoring Credentials for Oracle Cloud Infrastructure Database Management and Operations Insights (Doc ID 2857604.1). This applies to all databases except Autonomous Databases.

To enable one or more databases for Operations Insights, log in to OCI and do the following:

  1. Open the navigation menu and click Observability and Management. Under Operations Insights, click Administration and then Database Fleet..The Database Fleet Administration page displays.
  2. Click Add Databases. The Add Databases to Operations Insights dialog displays.
  3. Click on the desired Telemetry. Available telemetries are:
    • Cloud Infrastructure: Autonomous databases running in OCI
    • Enterprise Manager: Databases monitored and managed via Enterprise Manager. You'll need to select the EM Bridge. In addition, you'll also need to select the destination compartment as shown in the next step.
    • Agent Service: Databases monitored by the OCI Management Agent Service. You'll need to select the destination compartment as shown in the next step. In addition, you'll also need to select an external connector.
  4. Select the Compartment that contains the database that you want to enable for Operations Insights.
    Note

    This is not needed for Enterprise Manager databases (you select the EM bridge instead) and you choose the destination compartment.

    For Management Agent databases you must also select the connector after selecting the database to enable.

    Optionally, if there are many databases and you know which ones you want to enable, you can filter the returned results based on database type.
  5. Select a database to enable.
    Note

    Autonomous Databases and Enterprise Manager databases allow you to multi-select databases for enablement. The multi-select feature is not available for databases monitored by Management Agents.
  6. Click Enable. The enable request is submitted for processing. Depending on amount of data that needs to be uploaded, it may take a few minutes for the process to complete. Data may take up to 24 hours to appear in Operations Insights for newly enabled database.

Available Actions

Once you've added a database to Operations Insights, in addition to enabling and disabling the database, you can also add tags and move these resources to different compartments (only Enterprise Manager databases can be moved). These actions can be accessed by clicking the vertical ellipses for any database in the Database Fleet table.

Note

Autonomous Databases and databases monitored by Management Agents follow the DBaaS resource compartment.

Disable Databases for the Service

If you no longer want a database covered by Operations Insights capacity planning and SQL analytics functionality, you need to disable the enabled database for Operations Insights. When you disable a database, billing stops and the resource will not be available for analytics. The operation is not terminal—the data that was previously collected will not be removed.

To disable a database for Operations Insights, log in to OCI and do the following:

  1. Open the navigation menu and click Observability and Management. Under Operations Insights, click Administration and then Database Fleet..

    The Database Fleet Administration page displays.

  2. Choose the Compartment that contains the database that you want to disable for Operations Insights. Optionally, if there are many databases and you know which ones you want to disable, you can filter the returned results based on database type.

    The Operations Insights State column indicates whether or not a database is currently enabled or disabled.

  3. Select one or more databases to disable.
  4. From the Actions menu, select Disable Operations Insights. Operations Insights asks whether you want to enable the selected database.
  5. Click Disable. The disable request is submitted for processing.

Enable Hosts for the Service

Once a host is enabled, you'll be able to use Operations Insights Capacity Planning features to optimize performance and resource usage.

To enable one or more hosts from a compartment for Operations Insights, log in to OCI and do the following:

  1. Open the navigation menu and click Observability and Management. Under Operations Insights, click Administration and then Host Fleet.

    The Host Fleet Administration page displays.

  2. Click Add Hosts. The Add Hosts to Operations Insights dialog displays with the Agent Service telemetry selected.
  3. Click on the desired Telemetry. Available telemetries are:
    • Cloud Infrastructure: Hosts in Oracle Cloud Infrastructure (OCI Compute).
    • Enterprise Manager: Hosts monitored and managed via Enterprise Manager. You'll need to select the EM Bridge. In addition, you'll also need to select the destination compartment as shown in the next step.
    • Agent Service: Hosts monitored by the OCI Management Agent Service. You'll need to select the destination compartment as shown in the next step.
  4. Select the Management Agent Compartment (Compute Instance Compartment if Cloud Infrastructure telemetry has been selected) that contains the host that you want to enable for Operations Insights. Optionally, if there are many hosts and you know which ones you want to enable, you can filter the returned results based on Host Display Name.
    Note

    This does not apply to Enterprise Manager hosts.
  5. Select one or more hosts to enable.
  6. Click Add Hosts. The add hosts request is submitted for processing. Depending on amount of data that needs to be uploaded, it may take a few minutes for the process to complete. Data may take up to 24 hours to appear in Operations Insights for newly enabled hosts.

Available Actions

Once you've added a host to Operations Insights, in addition to enabling and disabling the host, you can also add tags and move these resources to different compartments. These actions can be accessed by clicking the vertical ellipses for any host in the Host Fleet table.

Disable Hosts for the Service

If you no longer want a host covered by Operations Insights capacity planning functionality, you need to disable the enabled host for Operations Insight

To disable a database for Operations Insights, log in to OCI and do the following:

  1. Open the navigation menu and click Observability and Management. Under Operations Insights, click Administration and then Host Fleet.

    The Host Fleet Administration page displays.

  2. Choose the Compartment that contains the host that you want to disable for Operations Insights. Optionally, if there are many hosts and you know which ones you want to disable, you can filter the returned results based on Host Display Name.

    The Operations Insights State column indicates whether a host is currently enabled or not.

  3. Select one or more hosts to disable.
  4. From the Actions menu, select Disable Operations Insights. Operations Insights asks whether you want to enable the selected host.
  5. Click Disable. The disable request is submitted for processing.

Enable Exadata Systems for the Service

Once an Exadata System is enabled, you'll be able to use Exadata Insights capacity planning features to optimize performance and resource usage.

To enable one or more Exadata Systems from a compartment for Exadata Insights, log in to OCI and do the following:

  1. Open the navigation menu and click Observability and Management. Under Operations Insights, click Administration.
  2. From the Operations Insights menu, click Exadata Fleet.
  3. Click Add Exadata System. The Add Exadata System to Operations Insights dialog displays.
  4. Select the EM Bridge that contains the Exadata System(s) you want to add from the drop-down menu. If necessary, you can change the compartment where the bridge is located.
  5. Select the Exadata System you want to add from the drop-down menu. Members of the Exadata System are displayed in the Members table.
    Note

    The database and host targets are shown in this table are the only ones which will be created as first-class OCI resources.
  6. Select the Destination Compartment from the drop-down menu.
  7. All Exadata System members shown in the table will be enabled for Operations Insights. Optionally, you can change the Destination Compartment.
  8. By default, the list of Exadata System members will be automatically synchronized to match the member resources in Enterprise Manager. If desired, you can turn off this feature, however, you will have to manually add members via the Exadata Details administration page if new members are added to the Exadata System.
    Note

    Members will not be automatically disabled or deleted.
  9. Click Add Exadata System. The Exadata details page displays.

Available Actions

Once you've added an Exadata System to Operations Insights, in addition to enabling and disabling the system, you can also add tags and move these resources to different compartments (only Enterprise Manager databases can be moved), change the auto-synchronization settings, and add new members.

Disable Exadata Systems for the Service

To disable an Exadata System for Operations Insights, log in to OCI and do the following:

  1. Open the navigation menu and click Observability and Management. Under Operations Insights, click Administration and then Exadata Fleet.

    The Exadata Fleet Administration page displays.

  2. Choose the Compartment that contains the Exadata System that you want to disable for Operations Insights. Optionally, if there are many hosts and you know which ones you want to disable, you can filter the returned results based on Exadata System Name.

    The Operations Insights State column indicates whether an Exadata System is currently enabled or not.

  3. Select one or more Exadata Systems to disable.
  4. From the Actions menu, select Disable Operations Insights. Operations Insights asks whether you want to disable the selected system.
  5. Click Disable. The disable request is submitted for processing.