1. Cloud Control Oracle Compliance Standards Reference
  2. AHF EXAchk Compliance Standards

25 AHF EXAchk Compliance Standards

This chapter explains AHF EXAchk Compliance Standards for Exadata Engineered Systems managed by Enterprise Manager utilizing Autonomous Health Framework (AHF).

About AHF EXAchk Compliance Standards

Oracle AHF EXAchk is a lightweight and non-intrusive health check framework for stack of software and hardware components in Exadata. Enterprise Manager provides a set of compliance standards and associated controls for overall health monitoring, automated risk identifications and proactive notification of issues for each Exadata System component and database instances.

  • Oracle Enterprise Manager 13c Release 5 Update 3 (13.5.0.3) integrates Oracle Autonomous Health Framework (AHF) EXAchk for Exadata Engineered Systems.
  • Oracle Enterprise Manager 13c Release 5 Update 6 (13.5.0.6) integrates Oracle Autonomous Health Framework (AHF) EXAchk for Virtual Exadata Engineered Systems.
  • Oracle Enterprise Manager 13c Release 5 Update 12 (13.5.0.12) integrates Oracle Autonomous Health Framework (AHF) EXAchk for Exadata Cloud@Customer (ExaCC) targets.

AHF EXAchk standards are available out-of-box. When you update AHF, the associated EXAchk compliance standards are automatically updated to the corresponding version.

Note:

Exachk HTML reports contains rule severity values that differ from Enterprise Manager Compliance rules report violations. Given these changes the Engineered Systems tab works differently that other Compliance tabs. With Engineered Systems, even if there is one Critical violation it reports the target as non compliant. This differs from other compliance standards that use a graded system to generate the compliance report.

For more information on AHF EXAchk see: Autonomous Health Framework

Prerequisites for AHF EXAchk Compliance Standards

In order to utilize AHF EXAchk Compliance Standards, the following prerequisites must be met:
  1. The latest version of Autonomous Health Framework (AHF) needs to be installed in the target to be monitored. For more information on installing AHF EXAchk see: Installing and Upgrading Oracle Autonomous Health Framework in Oracle Autonomous Health Framework Checks and Diagnostics User's Guide.
  2. Ensure the latest version of the Enterprise Manager agent is installed on the compute nodes.
    1. For on-premises Exadata, Enterprise Manager agent must be version 13.5.0.3 or later.
    2. For virtual Exadata, Enterprise Manager agent must be version 13.5.0.6 or later.
    3. For Exadata Cloud@Customer (ExaCC), Enterprise Manager agent must be version 13.5.0.12 or later.
  3. Ensure the latest version of Enterprise Manager is installed.
    1. For on-premises Exadata, Enterprise Manager must be version 13.5.0.3 or later.
    2. For virtual Exadata, Enterprise Manager must be version 13.5.0.6 or later.
    3. For Exadata Cloud @Customer (ExaCC), Enterprise Manager must be version 13.5.0.12 or later.
  4. Configure the Privileged Credentials that are used to access AHF EXAchk results, to configure these credentials in Enterprise Manager follow these steps:
    1. Go to Setup, then select Security and click on Monitoring Credentials.
    2. In the new screen under Target select Cluster, and then click on Manage Monitoring Credentials.
    3. In the Cluster Monitoring Credentials page, select Privileged Host Monitoring Credentials and click on Set Credentials.
    .

Note:

AHF EXAchk Compliance Standards will not work on Enterprise Manager deployments with the ORAchk Healthchecks Plug-in installed. Ensure the following for AHF EXAchk Compliance Standards to properly work:
  1. Disassociate any Exadata systems and/or components using the ORAchk Healthchecks plug-in.
  2. Remove the ORAchk Healthchecks plug-in entirely. For more information on removing the plug-in see: Undeploying Plug-Ins in Oracle Enterprise Manager Cloud Control Administrator's Guide
For more information on the ORAchk Health checks Plug-in see: Oracle Enterprise Manager ORAchk Healthchecks Plug-in User's Guide

Oracle Exadata infrastructure for Oracle Engineered systems

Oracle Exadata Database Machine

To associate, follow the instructions in: Associate Exadata Components to AHF EXAchk Standards and filter your targets by Oracle Exadata Database Machine select the standard AHF EXAchk System Best Practices for Oracle Engineered System and click Associate. Once associated the rest of the standards will be associated automatically to all linked targets.

AHF EXAchk (Exadata Health Check) standard provides a comprehensive diagnostic scan, identifying potential issues within the Oracle Exadata Database Machine and its components, thus ensuring peak performance and reliability. By leveraging deep insights into system configurations, performance metrics, and best practice recommendations, AHF EXAchk enables administrators to proactively manage and optimize their Exadata environments.

With its ability to automatically detect and report critical vulnerabilities, AHF EXAchk significantly enhances the security posture of Oracle Exadata Database Machines. Administrators are empowered with actionable intelligence to swiftly address security concerns, safeguarding sensitive data and maintaining compliance with stringent regulatory standards.

Oracle Exadata Database Infrastructure

It is highly recommended to associate your ExaCC and ExaCS Exadata infrastructure systems targets with AHF EXAchk Exadata Infrastructure Best Practices for Oracle Engineered System compliance standards. This standard encompasses all Oracle Exadata infrastructure components with their compliance standards, ensuring that every component within Exadata Infrastructure is properly managed per compliance management.

It is also highly recommended to associate your on-premises physical and virtual Oracle Exadata Database Machine systems targets with the AHF EXAchk system best practices for Oracle Engineered System compliance standards. This standard encompasses all Oracle Exadata physical, and virtual systems within the engineered system and is properly managed per compliance management.

AHF EXAchk standard provides deep diagnostics and proactive health checks across your Oracle Exadata Cloud at Customer (EXACC) and Exadata Cloud Service (EXaCS), preemptively identifying and mitigating potential system vulnerabilities and performance bottlenecks. It ensures seamless integration and optimal performance of Oracle Exadata database infrastructure, including EXACC and EXaCS, by leveraging comprehensive checks and best practices, thereby enhancing reliability, scalability, and security in cloud and on-premises environments.

AHF EXAchk Component Standards

The following are the list of Exadata component standards:

Component/Target Name Exadata Component Standard Name Description
Oracle Exadata Database Machine AHF EXAchk System Best Practices for Oracle Engineered System System Best Practices for configuration check, overall health monitoring, automatic risk identification and proactive notification of issues in an Oracle Engineered System.
Oracle Exadata Database Machine Exadata Infrastructure Component Compatibility (Version) Assessment This compliance standard checks version uniformity among all exadata components.
  • All database nodes (hosts) must have the same software version
  • All storage cells must have the same software version
  • All network switches must have the same software version
Oracle Exadata Infrastructure AHF EXAchk Exadata Infrastructure Best Practices for Oracle Engineered System Exadata Infrastructure (ExaCC and ExaCS) Best Practices for configuration check, overall health monitoring, automated risk identification and proactive notification of issues in an Oracle Engineered System.
Database Instance AHF EXAchk Database Instance Best Practices for Oracle Engineered System Single Instance Database Best Practices for configuration check, overall health monitoring, automated risk identification and proactive notification of issues in an Oracle Engineered System.
Cluster Database AHF EXAchk Cluster Database Best Practices for Oracle Engineered System Cluster Database Best Practices for configuration check, overall health monitoring, automated risk identification and proactive notification of issues in an Oracle Engineered System.
Oracle Home AHF EXAchk Oracle Home Best Practices for Oracle Engineered System Oracle Home Best Practices for configuration check, overall health monitoring, automated risk identification and proactive notification of issues in an Oracle Engineered System.
Host AHF EXAchk Host Best Practices for Oracle Engineered System Host Best Practices for configuration check, overall health monitoring, automated risk identification and proactive notification of issues in an Oracle Engineered System.
Cluster AHF EXAchk Cluster Best Practices for Oracle Engineered System Cluster Best Practices for configuration check, overall health monitoring, automated risk identification and proactive notification of issues in an Oracle Engineered System.
Cluster ASM AHF EXAchk ASM Cluster Best Practices for Oracle Engineered System Cluster ASM Best Practices for configuration check, overall health monitoring, automated risk identification and proactive notification of issues in an Oracle Engineered System.
Oracle Exadata Storage Server AHF EXAchk Storage Server Best Practices for Oracle Engineered System Storage Server Best Practices for configuration check, overall health monitoring, automated risk identification and proactive notification of issues in an Oracle Engineered System.
Oracle Infiniband Switch AHF EXAchk Infiniband Switch Best Practices for Oracle Engineered System Infiniband Switch Best Practices for configuration check, overall health monitoring, automated risk identification and proactive notification of issues in an Oracle Engineered System.
Automatic Storage Management AHF EXAchk Automatic Storage Management Best Practices for Oracle Engineered System Automatic Storage Management Best Practices for configuration check, overall health monitoring, automated risk identification and proactive notification of issues in an Oracle Engineered System.
Oracle High Availability Service AHF EXAchk High Availability Service Best Practices for Oracle Engineered System High Availability Service Best Practices for configuration check, overall health monitoring, automated risk identification and proactive notification of issues in an Oracle Engineered System.
System Infrastructure Switch / RoCE AHF EXAchk Systems Infrastructure Switch Best Practices for Oracle Engineered System Systems Infrastructure Switch Best Practices for configuration check, overall health monitoring, automated risk identification and proactive notification of issues in an Oracle Engineered System.

Oracle VM Instance

 AHF EXAchk Virtual Server Best Practices for Oracle Engineered System Virtual Server Best Practices for configuration check, overall health monitoring, automated risk identification and proactive notification of issues in an Oracle Engineered System.

Oracle Virtual Platform

 AHF EXAchk Virtual Platform Best Practices for Oracle Engineered System Virtual Platform Best Practices for configuration check, overall health monitoring, automated risk identification and proactive notification of issues in an Oracle Engineered System.

Associate Exadata Components to AHF EXAchk Standards

  1. From the Enterprise menu, select Compliance, then select Library.
  2. Select the Compliance Standards tab and select the EXAchk standard.
  3. Select the Exadata component target to be monitored and click Associate Targets.
  4. Click Add and select the targets you want to monitor. The targets will appear in the table after you close the selector dialog.
  5. Click OK to confirm that you want to save the EXAchk association.
  6. After deployment and subsequent configuration collection occurs, you can view the results from the EXAchk Standards in one of three ways:
    • Navigate from the Enterprise menu, select Compliance, then select Dashboard. The compliance dashboard has a dedicated Engineered Systems tab. For more information on the Compliance Dashboard see: About the Compliance Dashboard in Oracle Enterprise Manager Cloud Control Database Lifecycle Management Administrator's Guide.
    • Navigate from the Enterprise menu, select Compliance, then select Results. In the Compliance Results page select the Compliance standard you wish to review and click Show Details.
    • Within each Exadata target home page the compliance results are available. To view navigate to Targets then select Systems and click on the target you wish to view. The results will be under the Compliance Summary section.
    In the Compliance Dashboard scroll down to the Compliance Summary and select either the Standards or Targets tab. Click on either the number below Compliant Targets or Non-Compliant Targets, and in the pop up select Report for the Compliance Standard HTML report or select AHF EXAchk Report for the raw HTML AHF EXAchk report.

AHF EXAchk Compliance Standards Known Issues

First Time or Initial Compliance Score States 100% For All Targets

There are several ways to verify that your AHF EXAchk Compliance Standards are configured correctly:
  1. Go to the Targets drop down menu, then select Exadata. In the list of available targets locate the primary DB Machine to trouble shoot and click More. Locate your primary compute node Host target and select it. Go to Host, then Configuration and select Latest. Click AHF EXAchk Metadata Config-Metadata, this shows the AHF version installed in the host target, this version should be same or lower than that of the one in the Compliance Library.
  2. Go to the Targets drop down menu, then select Exadata. In the list of available targets locate the primary DB Machine to trouble shoot and click More. Locate your primary compute node Host target and select it. Go to Host, then Configuration and select Latest. Click on AHF EXAchk Result Configuration, click Location.
    • If you see an error for no credentials, configure the Monitoring Credentials.
    • Errors are shown and described in this window allowing for easy troubleshooting.
    • If results are blank, AHF EXAchk data is sent by each Exadata target every 24 hours. This data is collected in a central store by the management server as and when it arrives from each target. The Compliance Evaluation is performed every 4 hours by referring to the latest AHF EXAchk data available in the central store at that time.
  3. AHF EXAchk Compliance Evaluation is performed every 4 hours, to verify that the jobs are running properly go to Enterprise, then Job and click on Activity. Search for and click on COMPLIANCE_RE_EVAL_EXACHK. A new window will open showing what targets are associated to what standards. If there are none or missing, re-associate targets to standards.

EXAchk Compliance Is Not Being Displaying After Onboarding

EXAchk has several underlying jobs that run at different refresh intervals throughout the day, this may cause a lag in an Exadata apearing under EXAchk Compliance. The following jobs need to happen for data collection:
  • The EXAchk Compliance tool has its own job run schedule separate from the rest at a determined time.
  • The EM Config Extension job runs once every 24 hour refresh interval, during which it consumes the EXAchk results.
  • The EM Agent Compliance Collection job runs once every 24 hours. This service sends the results processed by the Config Extension to the repository.
  • OMS jobs run every 4 hours looking for new results, once found they are converted into EXAchk rule results.

Figure 25-1 EXAchk Process Calendar

EXAchk process calendar details the job schedule for all components of EXAchk