Oracle^® MiniCluster S7-2 Administration Guide

DB VM Group Parameters

This section describes the parameters you define when you create a DB VM group profile. Use this information in conjunction with these activities:

• When planning DB VMs, described in DB VM Planning Worksheets (Optional).

• While creating the DB VM group profile with the MCMU BUI, as described in Create a DB VM Group Profile (BUI) or Create a DB VM Group Profile (CLI).

VM Group Name

The VMs are logically grouped (see MiniCluster VM Groups and VMs Overview. During the configuration process, you specify a group profile name of your choice. The name can be up to 12 characters, and can contain lowercase letters, numbers, and the - (hyphen) symbol. Later, the VM group name is automatically used as a prefix in the VM hostnames, so specifying a short name can lead to shorter VM names.

Shared Storage

All DB VMs are allocated with storage space (the amount of storage depends on the type of instances configured in the VM). The shared storage provides additional storage, if enabled.

6 HDDs on each storage array are set aside for additional storage space (see MiniCluster Storage Overview).

• If enabled – All the VMs in the group have access to the shared storage.

• If disabled – The VMs will not have access to the shared storage space in the 6 HDDs.

Note - After the creation of VMs, you can enable or disable access to the shared storage at any time. See Enable or Disable NFS (BUI).

Security Profile

You define a security profile that is applied to the VMs in the group. The security profile automatically configures the system with over 225 security controls. Choose on of these profiles:

• CIS Equivalent Profile – Satisfies requirements comparable and equivalent to benchmarks set forth by the Center for Internet Security (CIS) and Security Technical Implementation Guidelines (STIG) assessments.

• PCI-DSS Profile – Complies with the Payment Card Industry Data Security Standard (PCI DSS) standard defined by the Payment Card Industry Security Standards Council.

• DISA STIG Profile – Includes all the security features of the CIS equivalent Security profile and provides 75 additional security controls. This profile also includes FIPS-140-2 cryptography.

  ---

  Note -  If the system is configured with the DISA STIG profile (performed during the installation), all VMs that are subsequently created should also be configured with the DISA STIG profile.

  ---

IP Pool

An IP pool is a range of IP addresses. Each IP pool is a separate subnet. As of v1.2.4, you can create multiple IP pools, then assign different VM groups to different IP pools. You can also assign a VLAN ID to an IP pool.

Create the IP pools before creating the DB VM group. See View and Update Network Parameters in v1.2.4 and Later (BUI).

Number of VMs on Each Node

You choose between one to four VMs on each node for a maximum of eight DB VMs. For Oracle RAC configurations, ensure that you specify VMs on each node.

You can always change the number of VMs later. See Add a DB VM to a Group (BUI).

Role Separation

This feature enables you to create a single administrative user, or to create two separate DB administrative users with separate roles (separating ASM administration from RDBMS administration). Separate roles might be required by certain third-party applications.

If you choose to create one administrative user, that user is the Oracle DB Installation user for all Oracle DB software and is a member of the groups needed to perform administration of the grid infrastructure and to administer the DB.

If you choose role separation, two users are created, each a member of different groups so that each user is only able to administer either the ASM grid infrastructure, or the DB.

Based on your selection, the utility automatically provides industry standard values for user and group names, IDs, and file system base.

• No – Configures one DB administrative user (oracle) with privileges to administer the ASM and RDBMS. These pre-assigned fields are displayed:

  ---

  Note -  Even when no role separate is selected, the user can choose to provide a new user ID for the oracle user. For example, when the Use default Oracle User ID is selected.

  ---

  User Name and Base

  • Name – oracle

  • ID – 1001

  • Base – /u01/app/oracle

  DBA Group

  • Name – dba

  • ID – 1002

  OINSTALL Group

  • Name – oinstall

  • ID – 1001

• Yes – Enables role separation, and configures these pre-assigned DB administrator users and roles.

  Grid ASM Home OS User and Base

  • Name – oracle

  • ID – 1001

  • Base – /u01/app/oracle

  ASM DBA Group

  Membership in this group enables access to the files managed by Oracle ASM.

  • Name – asmdba

  • ID – 1004

  ASM Home Oper Group

  This group of operating system users has a limited set of Oracle instance administrative privileges including starting up and stopping the Oracle ASM instance.

  • Name – asmoper

  • ID – 1005

  ASM Home Admin Group

  This group uses SQL to connect to an Oracle ASM instance as SYSASM using operating system authentication. The SYSASM privileges permit mounting and dismounting of disk groups, and other storage administration tasks. SYSASM privileges provide no access privileges on an Oracle Database instance. The SYSASM privileges permit mounting and dismounting of disk groups, and other storage administration tasks. SYSASM privileges provide no access privileges on an Oracle Database instance.

  • Name – asmadmin

  • ID – 1006

  RDBMS Home OS User and Base

  • Name – oracle

  • ID – 1000

  • Base – /u01/app/oracle

  RDBMS DBA Group

  • Name – dba

  • ID – 1002

  RDBMS Home Oper Group

  • Name – oper

  • ID – 1003

  ASM Home Admin Group

  • Name – oinstall

  • ID – 1001

Group Description

You can leave the field blank, or add a description that briefly describes the DB VM group.