Oracle Enterprise Manager 10g:Making the Grid a Reality

Jay Rossiter

Vice President, System Management Products

Oracle Corporation

Session id: 40029

Agenda

Enterprise Manager 10G Introduction Grid Management Proof Points

Agenda

Enterprise Manager 10G Introduction Grid Management Proof Points

Complete

Integrated

Scaleable

Low Cost

Enterprise Manager 10G

2x-10x lower cost to manageIncreased availability, reliability & performance

Automating the Data Center

Complete Management of the Oracle Grid

End Users

Integrated Management of Oracle Products

Oracle Collab Suite

3

Oracle eBus Suite

Oracle

Oracle9iASOC4J

Exhaustive individualcomponent

management:Admin

MonitoringProvisioning

1

Integrated SuiteManagement

Web Services Top Link

Integration

Portal

Web Cache

SSOWireless

Oracle9iASJ2EE

2

Management forOracle Eco-System

4

OtherApplications

Host and Hardware

Integrated

Database

Oracle9iAS

Storage

Network and Load Balancer

Applications

AdministrationMonitoring

ProvisioningSecurity

EnterpriseManager

Group Management

Hardware/Software Inventory

Configuration Performance

TopologyCentral

Repository

SDK

Policy Manager Task Automation

Scaleable

Automated management of sets of systems

Managing Groups

Managed from a single-view– Monitoring and automated

operations

Logical modeling of sets of systems

– Applications, Clusters, other sets

– Leveraged by all services – Jobs, Policies, …

Membership-based inheritance

Applications

Sets of Systems

Task Automation

Execute simple or complex tasks across 100’s of systems

Easy to use and scalable Pre-packaged jobs

– Backup, startup/shutdown, patch, clone…

Generic job types– SQL, OS command

Ad hoc job creation – Custom scripts

Cooperative job sharing Job Library

EM 4.x

Job System

Easy to Deploy

Fir

ewal

l

Mobile Device

HTML Console

Portals

HTTP/S

HTTP/S

HTTP/S

HTTP/S

Open Repository

Manage from Anywhere

Out-of-box Ready

Grid Control– Management of all the

Oracle Grid components– Centrally manage entire

enterprise– Out-of-box management for

all Oracle products

Product Controls– Fully functional standalone

management– Out-of-box with each

product

Agenda

Enterprise Manager 10G Introduction Grid Management Proof Points

Grid Management

Application Service Level Management– End-to-end performance, availability & diagnostics

Standardization– Policy-based best practices

– Security Assurance

Automated Provisioning and Administration– Software, storage, application provisioning

– Change management and configuration

TokyoSales Office

ParisSales Office

New YorkSales Office

Any

Application

User

Monitor key business

transactions Availability Performance

Click-to-SQL Drilldowns

Click-to-EJB and J2EE Activity

External network Internal network Application Content App Server Database

End to End

Tracing

Web Application

All

Your

Users

All

Your

URLs

All

the

Time

Application Service Level ManagementEnd-to-End Performance, Availability & Diagnostics

System Component ManagementRich monitoring and diagnostics

Availability Real time monitoring and thresholds Event notifications Historical Data Analysis and Trending Performance diagnostics Cluster monitoring

Oracle

Database

10G

Oracle

Collaboration

Suite 10G

Oracle

EBusiness

Suite 11i

Oracle

Application

Server 10G

Application Service Level Management

End-user performance– All interactions– Javascript attached to

cookie– Response time is

captured in web server log

– Log data is loaded into the repository

– Require Oracle AS Webcache in the middle-tier

Business Transaction performance and availability

– Record transaction– Deploy to beacons

across the network– Transaction replayed– Metrics recorded in

repository– Works for any web

application

End-2-End tracing– Component level time

tracking– Click to EJB– Click to SQL

Standardization

Policy Management– Rule definitions– Violation detection– Corrective action

Security policies– Software installation

hardening– Excess services/ports– Excess user privileges

Configuration policies– Best practices– Base images

Performance polices– Thresholds

Policy Based Best Practices

Policy

Automated Security Checks

All Oracle Software1. Security alerts2. Critical patches

Host1. Detect open ports2. Detect insecure services

Application Server1. HTTPD has minimal privileges2. Use HTTP/S3. Apache logging should be on4. Demo applications disabled5. Disable default banner page6. Disable access to unused directories7. Disable directory indexing8. Forbid access to certain packages9. Disable packages not used by DAD owner10. Remove unused DAD configurations11. Redirect _pages directory12. Password complexity enabled13. Use HTTP/S

Database Services1. Enable listener logging2. Password-protect listeners3. Disable direct listener administration4. Disallow remote OS roles and authentication5. Disallow use of remote password file6. Restrict access to external procedure service

Database User Privileges1. Disable install and demo accounts2. Disallow default user/password3. PUBLIC has execute System privilege4. PUBLIC has execute Object privilege5. PUBLIC has execute UTL_FILE privilege6. PUBLIC has execute UTL_SMTP privilege7. PUBLIC has execute UTL_HTTP privilege8. PUBLIC has execute UTL_TCP privilege9. PUBLIC has execute DBMS_RANDOM10. Password complexity11. Restrict number of failed login attempts12. Authentication protocol fallback13. Connect and Resource grants

Automated Best Practices for Database

1. Insufficient Number of Control Files

2. Insufficient Redo Log Size

3. Insufficient Number of Redo Logs

4. Use of Unlimited Autoextension

5. Use of Non-Standard Init. Parameters

6. Recovery Area Location Not Set    

7. Autobackup of Control File is not Enabled

8. SYSTEM TS Used as User Default TS

9. Segment with Extent Growth Policy Violation

10.Tablespace Containing Mixed Segment Types

11. Not Using Locally Managed Tablespaces   

12. SYSTEM TS Contains Non-System Data Seg

13. Users with Permanent TS as Temporary TS

14. Insufficient Recovery Area Size

15. Force Logging Disabled  

16. Not Using Spfile    

17. Rollback in SYSTEM Tablespace    

18. Not Using Undo Space Management   

19. Non-uniform Default Extent Size

Certified Software Images

Base Image Library

“Certified” Systems• Test/Dev system• Production system

Agent

Agent

Agent

View/Search

Compare/Diff

Change Tracking

ReferenceConfigurations

Analyze

Install/Clone

Configure

Patch

Secure

LiveLink

Oracle.com

Product Updates

Patches

ProductConfiguration

OracleInventory

SoftwareConfigurations

HardwareConfigurations

Discover

Automated Provisioning

EnterpriseManager

Provision

Over 20% of downtime attributable to human configuration errors

Configuration Analysis

Complete inventory of all Oracle software

– Versions– Patch levels

Configuration details for all Oracle products

Related software and hardware configuration details

“How many DB instances need to have a given patch applied? – Is my O/S at the right patch level?”

Configuration Analysis

Tracking changes Comparing and

validating configurations Searching across

enterprise Understanding product

and feature usage

“When things stop working, the first thing we do is try to figure out what has changed”

CalISO DBA

Automated Patch Management

Real-time discovery of new patches Security patch rapid deployment dramatically reduces

vulnerabilities Automatic staging and application

– From hours to minutes Rolling RAC upgrade

Update

Inventory

Determine

Applicability2

Apply Patch3

4Patch Published1

Slammer virus exploited known security flaw to which patch was available 6 months prior to attack

Automated Software Cloning Operations

Reduce manual labor in software life-cycle– From hours to minutes

Automate mass provisioning of reference systems

Update

Inventory

Clone to

Selected Targets

2

3

Select Software (and Instances) to Clone

1

“Our DBAs spend about 25% of their time on database installs and cloning”

-Verizon Information Services DBA

Capacity-on-Demand

Load increase identified --

additional resources required

1

Systems chosen for deployment from

available hardware

2

New Hardware RAC DB

Production Application

Application Servers

New servers added to application

3

Image/Clone ASImage/Clone DBAssociate AS with InfrastructureAdd AS to clusterAdd DB server to RAC clusterConfigure DB server to get AS requestsConfigure SLB to include new AS

Automated Administration

Simplify complex tasks Automate tasks across

systems Single-button cluster

operations

Automated OperationsAll Target Types• System and application

availability• Set up of target-specific

metrics/thresholds• Configuration data collection• Performance data collection• Comprehensive monitoring• Alerts• Email and Paging notifications• Blackouts• User-defined jobs• System and application

response time measurements• Policy violation reporting• Clone Oracle Home• Patch search/download

ASM• Disk group admin (rebalance)• Startup/Shutdown• Disk group usage/status• I/O performance• Add/Remove disks

DB• General health assessment• Bad SQL identification• Top SQL identification• SQL recommendations• Tuning advisories• Performance trending• Backup• Restore• Security vulnerability ID• Create/remove

Physical/Logical Standby• Standby health assessment• Standby switchover/failover

RAC• Cluster cache coherency

monitoring• Failover events• Discovery of RAC topology• Startup/shutdown• Relocate services• Failover jobs

iAS• Config changes across cluster

(OC4J, Apache)• Create/Manage cluster• Deploy app to cluster• Reconfigure a farm• Add/Remove node from cluster• Clone (mid-tiers)• Patch

OCS• IMAP, SMTP End-2-end service

monitoring• Files End-2-end service

monitoring• Files document analysis: count,

size, format• Files user analysis: number,

quota consumed

Host/Host Clusters• Top processes identification

Automated Group OperationsAll Target Types• Config. change tracking• Configuration inventory• Diff configurations• Search configurations• Behavior inheritance (Jobs)• Create/manage groups• OS command jobs• SQL Script jobs• Aggregate Metrics• Alert Rollups• Set blackouts• Set monitoring levels• Set target properties• Set thresholds• Installation hardening• Security alerts and patches• Discovery

Host/Host Clusters• Add/Remove node from OS

cluster

ASM• Disk group admin (rebalance)• Startup/Shutdown• Disk group usage/status• I/O performance• Add/Remove disks

DB• Analyze• Backup• Export• Startup/Shutdown• Configuration Advise• Clone, Patch

RAC• Spfile changes across

instances• Start/Stop/Relocate services• Startup/Shutdown• Cluster cache coherency• Monitoring rollups• Add/Remove Instance

iAS• Config changes across cluster

(OC4J, Apache)• Create/Manage cluster• Deploy app to cluster• Reconfigure a farm• Add/Remove node from cluster• Clone (mid-tiers)• Patch

OCS• Custom grouping• Home pages for EMAIL and IM

WebApp• End-2-End availability• End-2-End monitoring• End-2-End tracing

EM• Agent deployment

What’s New in EM 10G

Area EM 9i EM 10G

Oracle Database

Oracle9iAS

Oracle Collab Suite

Oracle eBus Suite

Operating System

Storage

Network

SLB (Nortel, F5)

Hardware (Dell, Compaq)

Admin and Monitoring

Application Performance Management

– Real performance for All Your Users, All Your Pages, All the Time

– Application Availability– Synthetic transactions– End-to-end tracing

Enterprise Configuration Management

– Rapid installation– Deployment– Provisioning– Upgrade– Automated patching

Key new EM10G functionality

Agenda

Enterprise Manager 10G Introduction Grid Management Proof Points

EM 10G Early Adopter Customers

EM 10G Early Adopter: Merck

Uses EM to manage 1200+ systems worldwide Key v4 features driving rapid rollout:

- Enterprise-wide - performance and availability reports

- Automation- event thresholds via baselines

- Configuration management- compare/diff host hardware and software

Enterprise Manager 10G

2x to 10x lower cost to manage Oracle

Complete– Managing all the components of the Oracle grid

Integrated– Administration, Monitoring, Provisioning and Security

Scaleable– Minimal incremental cost for managing sets of systems

Low cost to implement and maintain– Pre-tested, certified works out of box