Perform Prerequisite Tasks
You must perform certain prerequisite tasks to set up Oracle Enterprise Manager to work with Oracle Cloud Infrastructure and discover Autonomous Databases.
You can deploy Oracle Enterprise Manager on Oracle Cloud Infrastructure Marketplace or on-premises and discover Autonomous Databases. The following topics provide an overview of the deployment scenarios and list the prerequisite tasks that must be performed in each scenario, before you discover Autonomous Databases.
Note:
Oracle Enterprise Manager currently only supports the Autonomous Transaction Processing – Dedicated database, and the information in the following topics can only be used to discover Autonomous Transaction Processing – Dedicated databases.Oracle Enterprise Manager Deployed on Oracle Cloud Infrastructure Marketplace
You can use Oracle Enterprise Manager deployed on Oracle Cloud Infrastructure Marketplace and discover Autonomous Transaction Processing – Dedicated databases.
Before you do so, you must:
- Create an Autonomous Transaction Processing – Dedicated database in
Oracle Cloud Infrastructure. After you create the database, you must
download the Client Credentials (Wallet) and save the client credentials wallet .zip
file to provide client access to the Autonomous Transaction Processing – Dedicated
database.
For information, see:
- Provision Autonomous Transaction Processing in Using Oracle Autonomous Transaction Processing Dedicated Deployments.
- Download Client Credentials in Using Oracle Autonomous Transaction Processing Dedicated Deployments.
- Configure and deploy Oracle Enterprise Manager on Oracle Cloud
Infrastructure Marketplace. You must deploy Oracle Enterprise Manager 13.3
and apply the EM DB Plug-in Bundle Patch 13.3.2.0.190731. The Enterprise Manager
Oracle Management Server (OMS) includes a central Oracle Management Agent to
discover Autonomous Databases, which are treated as non-host targets. The central
agent is installed by default on the OMS host and must have SQL*Net access to the
Autonomous Transaction Processing – Dedicated database. Although, it is recommended
that you use the central agent, you also have the option of using any other agent
that is deployed on an existing Oracle Cloud Infrastructure Database system.
For information, see:
- Installing the Enterprise Manager Cloud Control 13c Release 3 Software Binaries in Graphical Mode Along with Plug-ins in Oracle Enterprise Manager Cloud Control Upgrade Guide.
- Overview of the Directories Created for an Enterprise Manager System in Oracle Enterprise Manager Cloud Control Basic Installation Guide.
- Setting Up Oracle Enterprise Manager 13.3 on Oracle Cloud Infrastructure tutorial.
- Review and use the specified connectivity option to connect Oracle
Enterprise Manager on Oracle Cloud Infrastructure Marketplace with the
Autonomous Transaction Processing – Dedicated database. The network path to
an Autonomous Transaction Processing – Dedicated database is through a Virtual Cloud
Network (VCN) and subnet defined by the dedicated infrastructure hosting the
database. Usually, the subnet is defined as Private, meaning that there is no Public
Internet access to the database. Oracle Enterprise Manager should be available in a
Public or Private subnet in the same VCN as the Autonomous Transaction Processing –
Dedicated database. Private IP addresses are used to connect Oracle Enterprise
Manager with the Autonomous Transaction Processing – Dedicated database in the VCN.
For information, see:
- About Connecting to an Autonomous Transaction Processing Instance in Using Oracle Autonomous Transaction Processing Dedicated Deployments.
- Private IP Addresses in Oracle Cloud Infrastructure documentation.
The following diagram provides an overview of how Oracle Enterprise Manager deployed on Oracle Cloud Infrastructure Marketplace connects with Autonomous Transaction Processing – Dedicated databases.
In the diagram:
- Oracle Enterprise Manager is deployed using a Marketplace image in a
Public subnet in a VCN.
Note that in the diagram, the other Web Servers in the Public subnet are not a part of the Oracle Enterprise Manager deployment, but a part of a sample scenario that depicts a typical Oracle Cloud Infrastructure application deployment that connects with the Autonomous Transaction Processing – Dedicated databases.
- Autonomous Transaction Processing – Dedicated databases are created in a Private subnet in the same VCN.
- Oracle Enterprise Manager connects with the Autonomous Transaction Processing – Dedicated databases using a Private IP address.
Other Prerequisite Tasks
After the major components are in place, you must perform the following prerequisite tasks to discover an Autonomous Transaction Processing – Dedicated database.
- Create the following groups:
- An Oracle Cloud Infrastructure Identity and Access Management (IAM) group named EMGroup, and add the DBA who will be managing and monitoring the Autonomous Transaction Processing – Dedicated database using Oracle Enterprise Manager to this group. Note that this DBA user must have an account in Oracle Cloud Infrastructure.
- A dynamic group named EM_Group, which will be used to configure and set up Oracle Enterprise Manager on Oracle Cloud Infrastructure Marketplace.
See To create a group and To create a dynamic group in Oracle Cloud Infrastructure documentation.
- Create the following policies for the groups created in the previous
step to enforce user access and control:
- The following policies allow the DBA in EMGroup to
manage and monitor the Autonomous Transaction Processing – Dedicated
database using Oracle Enterprise Manager:
Allow group EMGroup to manage autonomous-transaction-processing-family in <compartment in which the Autonomous Transaction Processing – Dedicated database resides>
Allow group EMGroup to manage instance-family in <compartment where Oracle Enterprise Manager is set up>
Allow group EMGroup to manage virtual-network-family in <compartment in which the Autonomous Transaction Processing – Dedicated database resides>
Allow group EMGroup to manage volume-family in <compartment where Oracle Enterprise Manager is set up>
Allow group EMGroup to manage app-catalog-listing in <compartment where Oracle Enterprise Manager is set up>
- The following policies for EM_Group configure Oracle
Enterprise Manager from the Oracle Cloud Infrastructure Marketplace in
the desired compartment:
Allow dynamic-group EM_Group to manage instance-family in <compartment where Oracle Enterprise Manager is set up>
Allow dynamic-group EM_Group to manage volume-family in <compartment where Oracle Enterprise Manager is set up>
The dynamic group policies are required for the Oracle Enterprise Manager compute instance, which uses IAM Instance Principals, to use and mount a block storage volume where the Oracle Enterprise Manager OMS or Oracle Management Repository (OMR) data exists. For information on IAM Instance Principals, see Calling Services from an Instance in Oracle Cloud Infrastructure documentation.
See To create a policy in Oracle Cloud Infrastructure documentation.
- The following policies allow the DBA in EMGroup to
manage and monitor the Autonomous Transaction Processing – Dedicated
database using Oracle Enterprise Manager:
- Create a security list and add the following ingress rules to
ensure secure access:
- Rule for accessing Oracle Enterprise Manager from the public
network, allow Transmission Control Protocol (TCP) traffic for port
7803
. - Rule for accessing Autonomous Transaction Processing –
Dedicated database from Oracle Enterprise Manager subnet and VCN, allow
TCP traffic for port
1521
.
See Security Lists in Oracle Cloud Infrastructure documentation.
- Rule for accessing Oracle Enterprise Manager from the public
network, allow Transmission Control Protocol (TCP) traffic for port
- Unlock the adbsnmp user, which is created out-of-the-box when the Autonomous Transaction Processing – Dedicated database is created in Oracle Cloud Infrastructure. This account is locked by default and you can reset the password and unlock it using Oracle Enterprise Manager or any SQL client.
Oracle Enterprise Manager Deployed On-premises
You can use Oracle Enterprise Manager deployed on-premises to discover Autonomous Transaction Processing – Dedicated databases.
Before you do so, you must:
- Create an Autonomous Transaction Processing – Dedicated database in
Oracle Cloud Infrastructure. After you create the database, you must
download the Client Credentials (Wallet) and save the client credentials wallet .zip
file to provide client access to the Autonomous Transaction Processing – Dedicated
database.
For information, see:
- Provision Autonomous Transaction Processing in Using Oracle Autonomous Transaction Processing Dedicated Deployments.
- Download Client Credentials in Using Oracle Autonomous Transaction Processing Dedicated Deployments.
- Deploy Oracle Enterprise Manager in your on-premises network.
You must deploy Oracle Enterprise Manager 13.3 and apply the EM DB Plug-in Bundle
Patch 13.3.2.0.190731. The Oracle Enterprise Manager OMS includes a central Oracle
Management Agent that can be used to discover Autonomous Databases, which are
treated as non-host targets. The central agent is installed by default on the OMS
host and must have SQL*Net access to the Autonomous Transaction Processing –
Dedicated database. Note that if you have an existing on-premises database or an
Oracle Cloud Infrastructure Database system in the same VCN where the Autonomous
Transaction Processing – Dedicated database resides, you have the option of using
the agent that monitors them, instead of the central agent.
For information, see:
- Installing the Enterprise Manager Cloud Control 13c Release 3 Software Binaries in Graphical Mode Along with Plug-ins in Oracle Enterprise Manager Cloud Control Upgrade Guide.
- Overview of the Directories Created for an Enterprise Manager System in Oracle Enterprise Manager Cloud Control Basic Installation Guide.
- Review and use the specified connectivity options to connect Oracle
Enterprise Manager deployed on-premises with the Autonomous Transaction
Processing – Dedicated database. Oracle Enterprise Manager on-premises
connects with the Autonomous Transaction Processing – Dedicated database using a
Private IP address, and you can use one of the following options to connect Oracle
Enterprise Manager deployed in your on-premises network to the Autonomous
Transaction Processing – Dedicated database in your VCN.
- VPN Connect, which is an Internet Protocol Security (IPSec) VPN. IPSec VPN provides standards-based IPSec encryption over public internet. See VPN Connect in Oracle Cloud Infrastructure documentation.
- FastConnect, which provides an easy way to create a dedicated, private connection between the on-premises network and the VCN in Oracle Cloud Infrastructure. See FastConnect in Oracle Cloud Infrastructure documentation.
Note that you do not have host access to Autonomous Transaction Processing – Dedicated database in Oracle Cloud Infrastructure. If required, web server instances in the Private subnet can initiate connections to the internet by way of a NAT gateway. See NAT Gateway in Oracle Cloud Infrastructure documentation.
The following diagram provides an overview of how Oracle Enterprise Manager deployed on-premises connects and interacts with Autonomous Transaction Processing – Dedicated databases in Oracle Cloud Infrastructure.
In the diagram:
- Oracle Enterprise Manager is deployed in an on-premises network.
- The Autonomous Transaction Processing – Dedicated databases are created in Private subnets in a VCN in Oracle Cloud Infrastructure.
- The two connectivity options, VPN Connect and FastConnect, are displayed to demonstrate how Oracle Enterprise Manager deployed on-premises connects with the Autonomous Transaction Processing – Dedicated databases using these options.
Other Prerequisite Tasks
After the major components are in place, you must perform the following prerequisite tasks to discover an Autonomous Transaction Processing – Dedicated database.
- Create an Oracle Cloud Infrastructure IAM group named
EMGroup, and add the DBA who will be managing and monitoring the
Autonomous Transaction Processing – Dedicated database using Oracle Enterprise
Manager to this group. Note that this DBA user must have an account in Oracle
Cloud Infrastructure.
See To create a group in Oracle Cloud Infrastructure documentation.
- Create the following policy to allow the DBA in EMGroup to
manage and monitor the Autonomous Transaction Processing – Dedicated database
using Oracle Enterprise Manager:
Allow group EMGroup to manage autonomous-transaction-processing-family in <compartment in which the Autonomous Transaction Processing – Dedicated database resides>
See To create a policy in Oracle Cloud Infrastructure documentation.
- Create a security list and add the following ingress rule to ensure
secure access:
Rule for accessing Autonomous Transaction Processing – Dedicated database in the Oracle Cloud Infrastructure VCN from Oracle Enterprise Manager deployed on-premises, allow TCP traffic for port
1521
.See Security Lists in Oracle Cloud Infrastructure documentation.
- Unlock the adbsnmp user, which is created out-of-the-box when the Autonomous Transaction Processing – Dedicated database is created in Oracle Cloud Infrastructure. This account is locked by default and you can reset the password and unlock it using Oracle Enterprise Manager or any SQL client.