1. Improve the performance of cloud database systems by finding inefficiencies
  2. Learn About Configuring Access and Communication

Learn About Configuring Access and Communication

Install a gateway and agents to collect data from entities that you want to manage and monitor from Oracle Management Cloud.

The following are some of the common terms used when configuring Oracle Management Cloud:

  • Cloud agent: Collects the entity data from the host where you deploy the cloud agent. For security reasons, many companies have a limited set of machines accessible on the Internet through a proxy. For these situations, installing a gateway helps route the data from a set of cloud agents to Oracle Management Cloud.

  • Entity: A technical asset, such as a database, whose properties, configuration, status, and performance are tracked and analyzed.

  • Gateway: An agent that acts as a channel between Oracle Management Cloud and all other Oracle Management Cloud agents.

    We recommend using a gateway when connecting to Oracle Cloud Infrastructure. Install the gateway on a host that has Internet access to Oracle Management Cloud and can be reached by all hosts where cloud agents are deployed. There is a special configuration required for all Oracle Cloud Infrastructure hosts to communicate.

  • Response file: A file that lists all of the parameters and values required to install a gateway or agent. When you download and extract the software, you get a response file (.rsp file) along with the installation script. The .rsp file is a template of the response file that you will edit with the values needed to perform the installation. At the time of installation, the AgentInstall.sh script reads the inputs from the gateway.rsp and agent.rsp files and performs the installation.

Perform the following tasks to configure your environment:

  1. Review the prerequisites and considerations.

  2. Download the software.

  3. Create or download a registration key.

  4. Prepare the gateway.rspresponse file and install the gateway software.

  5. Prepare the agent.rsp response file and install the agent software.

  6. Enable the Enterprise Edition license.

  7. Define the entities for monitoring.

Considerations for the Environment

Consider the following environment requirements before configuring access and communication between Oracle Management Cloud and your databases in the cloud.

As shown in the architecture diagram, the NAT Instance is set up in a Public subnet, the Gateway Instance is in a private subnet, and the other hosts are in private subnets. They must all be able to communicate with each other.

The following are things to consider for your environment:

  • You must be using a supported operating system, such as Oracle Linux 7 or later (64 bit).

  • The unzip utility is required to decompress the initial software bundle. Ensure you have it installed or download unzip to decompress the initial software package.

  • To download the Oracle Management Cloud agents install software bundle and perform other administration tasks from the Oracle Management Cloud interface, you must sign in as a user with the OMC Administrator role.

  • For UNIX environments, the file system where the agent will be installed needs to allow executable binaries to run. Ensure that the file system was not mounted with the noexec option. If this parameter is set, then the entire file system does not allow the execution. You can use the mount command or check the file system in the mount options (/etc/fstab) to verify if the noexec option has been set.

  • If you’re deploying the agents for using Oracle Log Analytics on UNIX-based hosts, ensure that the cloud agent has the correct privileges to read the log files from where data has to be collected.

    You can use either of the following ways (in order of best practice) to make the log files readable to the cloud agent:

    • Use Access Control Lists (ACLs) to enable the cloud agent user to read the log file path and log files. An ACL provides a flexible permission mechanism for file systems. Ensure that the full path to the log files is readable through the ACL.

      To set up an ACL in a UNIX-based host:

      1. Determine whether the system that contains the log files has the acl package: 

        rpm -q acl

        If the system contains the acl package, then the previous command should return:

        acl-2.2.39-8.el5

        If the system doesn’t have the acl package, then download and install the package.

      2. Grant the cloud agent user read access to the required log file:

        setfacl -m u:<agentuser>:r file <path to the log file/log file name>

        Grant the cloud agent user read access to the leading path or folders by running the following command:

        setfacl -d -m u:<agentuser>:r file <path to the parent folder of the log file>

    • Place the cloud agent and the product that generates the logs in the same user group, and make the files readable to the entire group.

    • Install the cloud agent as the user that also owns the logs. This is difficult to achieve if there are a lot of different logs owned by different users on same host.

    • Make the log files readable to all users. For example, chmod o+r <file>

Considerations for Permissions

Ensure that you have the correct permissions on the Agent Base Directory, which is the directory on the hosts where agents are installed.

  • The following permissions are required:

    • Ensure only the root user and agent installation user have write permission on the Agent Base Directory and its parent directory even after the agent installation, to make sure all agent life cycle operations such as update or delete complete successfully.

    • If the Agent Base Directory is created before the installation, ensure the directory is empty. The agent installation user must have write access to the directory.

    • If the Agent Base Directory is not created before installation, ensure the agent installation user has write access to the parent directory where the Agent Base Directory will be created.

Considerations for the Network

Network requirements to enable communication between Oracle Management Cloud and Oracle Cloud Infrastructure.

Consider the following network prerequisites:

  • Add the Oracle Management Cloud public IP address to the NAT instance routing table. The NAT instance must be able to route traffic through the Internet gateway to the Oracle Management Cloudaddress.

  • Allow ingress on the private security lists for TCP traffic on port 4459 (the default agent port). You also need to update the firewall on the gateway virtual machine.

  • Allow the agent to communicate with the gateway instance on port 4459 when the agent is configured to send traffic to the Gateway instance on a private subnet on port 4459.

  • The following ports must be open for communication:

    • Communication with Oracle Management Cloud services: Proxy server to external requires Port 443, HTTPS protocol.

    • Communication with gateway: Cloud agent node to gateway requires the Gateway host port, TCP protocol. The default agent port is 4459.

The following table lists the system and port requirements for a typical gateway installation.

RAM Kernel Parameters Port Number
8 GB Hard nofile 65536; Ulimit value for maximum user processes >=4000

4459 to 4479

About Customizing Response Files

Use the Oracle Management Cloud User Interface to download the agent software install bundle ZIP file onto your host. You can download the file from any tenant and use it to install and register agents against other tenants.

When you download and extract the agent ZIP file, you get a response file (.rsp file) along with the installation script. This .rsp file is a template of the response file and you will need to edit the file to perform the installation. It’s recommended that you create a copy of the original response file, and then edit the copy specifying the values of the installation parameters.

  • Use the Cloud Agent Response File to install a Cloud Agent.

  • Use the Gateway Response File to install a gateway.

The following is some useful information about a response file:

  • The response file should always be a plain text (UTF-8) character set file, so that the AgentInstall.sh script can parse it.

  • A response file is not platform-specific or release-specific. You can create or update the response file and keep using it for any platform and for any future installations unless a new parameter is added to the file.

  • You can save the response file in the same location where you’ve saved your AgentInstall.sh script, or you can save the response file in a shared or mounted location, which can be accessible from multiple hosts. This way you can have the response file in a single location and use the same response file for agent installation on multiple hosts.

  • The response file lists all the supported parameters.

  • If your environment details remain the same, you can use the same parameter values without editing the response file again.

Note:

Because the passwords that you specify in the response file are in plain text, you need to adequately protect the response file or delete the it as soon as the installation process completes.