Perform Prerequisite Tasks

You must perform certain prerequisite tasks to set up Oracle Enterprise Manager to work with Oracle Cloud Infrastructure and discover Autonomous Databases.

You can deploy Oracle Enterprise Manager on Oracle Cloud Infrastructure Marketplace or on-premises and discover Autonomous Databases. The following topics provide an overview of the deployment scenarios and list the prerequisite tasks that must be performed in each scenario, before you discover Autonomous Databases.

Note:

Oracle Enterprise Manager currently only supports the Autonomous Transaction Processing – Dedicated database, and the information in the following topics can only be used to discover Autonomous Transaction Processing – Dedicated databases.

Topics:

• Oracle Enterprise Manager Deployed on Oracle Cloud Infrastructure Marketplace
• Oracle Enterprise Manager Deployed On-premises

Oracle Enterprise Manager Deployed on Oracle Cloud Infrastructure Marketplace

You can use Oracle Enterprise Manager deployed on Oracle Cloud Infrastructure Marketplace and discover Autonomous Transaction Processing – Dedicated databases.

Before you do so, you must:

• Create an Autonomous Transaction Processing – Dedicated database in Oracle Cloud Infrastructure. After you create the database, you must download the Client Credentials (Wallet) and save the client credentials wallet .zip file to provide client access to the Autonomous Transaction Processing – Dedicated database.

  For information, see:

  • Provision Autonomous Transaction Processing in Using Oracle Autonomous Transaction Processing Dedicated Deployments.
  • Download Client Credentials in Using Oracle Autonomous Transaction Processing Dedicated Deployments.
• Configure and deploy Oracle Enterprise Manager on Oracle Cloud Infrastructure Marketplace. You must deploy Oracle Enterprise Manager 13.3 and apply the EM DB Plug-in Bundle Patch 13.3.2.0.190731. The Enterprise Manager Oracle Management Server (OMS) includes a central Oracle Management Agent to discover Autonomous Databases, which are treated as non-host targets. The central agent is installed by default on the OMS host and must have SQL*Net access to the Autonomous Transaction Processing – Dedicated database. Although, it is recommended that you use the central agent, you also have the option of using any other agent that is deployed on an existing Oracle Cloud Infrastructure Database system.

  For information, see:

  • Installing the Enterprise Manager Cloud Control 13c Release 3 Software Binaries in Graphical Mode Along with Plug-ins in Oracle Enterprise Manager Cloud Control Upgrade Guide.
  • Overview of the Directories Created for an Enterprise Manager System in Oracle Enterprise Manager Cloud Control Basic Installation Guide.
  • Setting Up Oracle Enterprise Manager 13.3 on Oracle Cloud Infrastructure tutorial.
• Review and use the specified connectivity option to connect Oracle Enterprise Manager on Oracle Cloud Infrastructure Marketplace with the Autonomous Transaction Processing – Dedicated database. The network path to an Autonomous Transaction Processing – Dedicated database is through a Virtual Cloud Network (VCN) and subnet defined by the dedicated infrastructure hosting the database. Usually, the subnet is defined as Private, meaning that there is no Public Internet access to the database. Oracle Enterprise Manager should be available in a Public or Private subnet in the same VCN as the Autonomous Transaction Processing – Dedicated database. Private IP addresses are used to connect Oracle Enterprise Manager with the Autonomous Transaction Processing – Dedicated database in the VCN.

  For information, see:

  • About Connecting to an Autonomous Transaction Processing Instance in Using Oracle Autonomous Transaction Processing Dedicated Deployments.
  • Private IP Addresses in Oracle Cloud Infrastructure documentation.

The following diagram provides an overview of how Oracle Enterprise Manager deployed on Oracle Cloud Infrastructure Marketplace connects with Autonomous Transaction Processing – Dedicated databases.

Description of the illustration em_oci_deployment_overview.png

In the diagram:

• Oracle Enterprise Manager is deployed using a Marketplace image in a Public subnet in a VCN.

  Note that in the diagram, the other Web Servers in the Public subnet are not a part of the Oracle Enterprise Manager deployment, but a part of a sample scenario that depicts a typical Oracle Cloud Infrastructure application deployment that connects with the Autonomous Transaction Processing – Dedicated databases.

• Autonomous Transaction Processing – Dedicated databases are created in a Private subnet in the same VCN.
• Oracle Enterprise Manager connects with the Autonomous Transaction Processing – Dedicated databases using a Private IP address.

Other Prerequisite Tasks

After the major components are in place, you must perform the following prerequisite tasks to discover an Autonomous Transaction Processing – Dedicated database.

1. Create the following groups:
   • An Oracle Cloud Infrastructure Identity and Access Management (IAM) group named EMGroup, and add the DBA who will be managing and monitoring the Autonomous Transaction Processing – Dedicated database using Oracle Enterprise Manager to this group. Note that this DBA user must have an account in Oracle Cloud Infrastructure.
   • A dynamic group named EM_Group, which will be used to configure and set up Oracle Enterprise Manager on Oracle Cloud Infrastructure Marketplace.

   See To create a group and To create a dynamic group in Oracle Cloud Infrastructure documentation.

2. Create the following policies for the groups created in the previous step to enforce user access and control:
   • The following policies allow the DBA in EMGroup to manage and monitor the Autonomous Transaction Processing – Dedicated database using Oracle Enterprise Manager:

     Allow group EMGroup to manage autonomous-transaction-processing-family in <compartment in which the Autonomous Transaction Processing – Dedicated database resides>

     Allow group EMGroup to manage instance-family in <compartment where Oracle Enterprise Manager is set up>

     Allow group EMGroup to manage virtual-network-family in <compartment in which the Autonomous Transaction Processing – Dedicated database resides>

     Allow group EMGroup to manage volume-family in <compartment where Oracle Enterprise Manager is set up>

     Allow group EMGroup to manage app-catalog-listing in <compartment where Oracle Enterprise Manager is set up>

   • The following policies for EM_Group configure Oracle Enterprise Manager from the Oracle Cloud Infrastructure Marketplace in the desired compartment:

     Allow dynamic-group EM_Group to manage instance-family in <compartment where Oracle Enterprise Manager is set up>

     Allow dynamic-group EM_Group to manage volume-family in <compartment where Oracle Enterprise Manager is set up>

     The dynamic group policies are required for the Oracle Enterprise Manager compute instance, which uses IAM Instance Principals, to use and mount a block storage volume where the Oracle Enterprise Manager OMS or Oracle Management Repository (OMR) data exists. For information on IAM Instance Principals, see Calling Services from an Instance in Oracle Cloud Infrastructure documentation.

   See To create a policy in Oracle Cloud Infrastructure documentation.

3. Create a security list and add the following ingress rules to ensure secure access:
   • Rule for accessing Oracle Enterprise Manager from the public network, allow Transmission Control Protocol (TCP) traffic for port 7803.
   • Rule for accessing Autonomous Transaction Processing – Dedicated database from Oracle Enterprise Manager subnet and VCN, allow TCP traffic for port 1521.

   See Security Lists in Oracle Cloud Infrastructure documentation.

4. Unlock the adbsnmp user, which is created out-of-the-box when the Autonomous Transaction Processing – Dedicated database is created in Oracle Cloud Infrastructure. This account is locked by default and you can reset the password and unlock it using Oracle Enterprise Manager or any SQL client.

Oracle Enterprise Manager Deployed On-premises

You can use Oracle Enterprise Manager deployed on-premises to discover Autonomous Transaction Processing – Dedicated databases.

Before you do so, you must:

• Create an Autonomous Transaction Processing – Dedicated database in Oracle Cloud Infrastructure. After you create the database, you must download the Client Credentials (Wallet) and save the client credentials wallet .zip file to provide client access to the Autonomous Transaction Processing – Dedicated database.

  For information, see:

  • Provision Autonomous Transaction Processing in Using Oracle Autonomous Transaction Processing Dedicated Deployments.
  • Download Client Credentials in Using Oracle Autonomous Transaction Processing Dedicated Deployments.
• Deploy Oracle Enterprise Manager in your on-premises network. You must deploy Oracle Enterprise Manager 13.3 and apply the EM DB Plug-in Bundle Patch 13.3.2.0.190731. The Oracle Enterprise Manager OMS includes a central Oracle Management Agent that can be used to discover Autonomous Databases, which are treated as non-host targets. The central agent is installed by default on the OMS host and must have SQL*Net access to the Autonomous Transaction Processing – Dedicated database. Note that if you have an existing on-premises database or an Oracle Cloud Infrastructure Database system in the same VCN where the Autonomous Transaction Processing – Dedicated database resides, you have the option of using the agent that monitors them, instead of the central agent.

  For information, see:

  • Installing the Enterprise Manager Cloud Control 13c Release 3 Software Binaries in Graphical Mode Along with Plug-ins in Oracle Enterprise Manager Cloud Control Upgrade Guide.
  • Overview of the Directories Created for an Enterprise Manager System in Oracle Enterprise Manager Cloud Control Basic Installation Guide.
• Review and use the specified connectivity options to connect Oracle Enterprise Manager deployed on-premises with the Autonomous Transaction Processing – Dedicated database. Oracle Enterprise Manager on-premises connects with the Autonomous Transaction Processing – Dedicated database using a Private IP address, and you can use one of the following options to connect Oracle Enterprise Manager deployed in your on-premises network to the Autonomous Transaction Processing – Dedicated database in your VCN.
  • VPN Connect, which is an Internet Protocol Security (IPSec) VPN. IPSec VPN provides standards-based IPSec encryption over public internet. See VPN Connect in Oracle Cloud Infrastructure documentation.
  • FastConnect, which provides an easy way to create a dedicated, private connection between the on-premises network and the VCN in Oracle Cloud Infrastructure. See FastConnect in Oracle Cloud Infrastructure documentation.

  Note that you do not have host access to Autonomous Transaction Processing – Dedicated database in Oracle Cloud Infrastructure. If required, web server instances in the Private subnet can initiate connections to the internet by way of a NAT gateway. See NAT Gateway in Oracle Cloud Infrastructure documentation.

The following diagram provides an overview of how Oracle Enterprise Manager deployed on-premises connects and interacts with Autonomous Transaction Processing – Dedicated databases in Oracle Cloud Infrastructure.

Description of the illustration em_onprem_deployment_overview.png

In the diagram:

• Oracle Enterprise Manager is deployed in an on-premises network.
• The Autonomous Transaction Processing – Dedicated databases are created in Private subnets in a VCN in Oracle Cloud Infrastructure.
• The two connectivity options, VPN Connect and FastConnect, are displayed to demonstrate how Oracle Enterprise Manager deployed on-premises connects with the Autonomous Transaction Processing – Dedicated databases using these options.

Other Prerequisite Tasks

After the major components are in place, you must perform the following prerequisite tasks to discover an Autonomous Transaction Processing – Dedicated database.

1. Create an Oracle Cloud Infrastructure IAM group named EMGroup, and add the DBA who will be managing and monitoring the Autonomous Transaction Processing – Dedicated database using Oracle Enterprise Manager to this group. Note that this DBA user must have an account in Oracle Cloud Infrastructure.

   See To create a group in Oracle Cloud Infrastructure documentation.

2. Create the following policy to allow the DBA in EMGroup to manage and monitor the Autonomous Transaction Processing – Dedicated database using Oracle Enterprise Manager:

   Allow group EMGroup to manage autonomous-transaction-processing-family in <compartment in which the Autonomous Transaction Processing – Dedicated database resides>

   See To create a policy in Oracle Cloud Infrastructure documentation.

3. Create a security list and add the following ingress rule to ensure secure access:

   Rule for accessing Autonomous Transaction Processing – Dedicated database in the Oracle Cloud Infrastructure VCN from Oracle Enterprise Manager deployed on-premises, allow TCP traffic for port 1521.

   See Security Lists in Oracle Cloud Infrastructure documentation.

4. Unlock the adbsnmp user, which is created out-of-the-box when the Autonomous Transaction Processing – Dedicated database is created in Oracle Cloud Infrastructure. This account is locked by default and you can reset the password and unlock it using Oracle Enterprise Manager or any SQL client.