by Ken Kutzer and Larry McIntosh
This article explains how to use Oracle Enterprise Manager Cloud Control 13c, a robust full-featured management tool, to administer Oracle Database deployed in public cloud environments. In the article, a detailed example shows how to use a local, on-premises Oracle Management Service to manage Oracle Database.
Note: Readers are invited to review the companion article; "Architecture Matters: Managing Databases on a Private Cloud with Oracle Enterprise Manager Cloud Control 13c," to learn more about the configuration and management of private cloud databases.
One of the primary challenges of moving IT resources to a public cloud is the transition to a different management model for monitoring, administration, planning, maintenance, performance management, and so on. In many cases, the tools used for these day-to-day functions will change as you move resources from local, onsite resources to a paid, public cloud service environment. Unfortunately, these operational changes and differences burden staff, increase the risk of human error, and can lead to reduced availability, reliability, and security while also slowing the pace of cloud adoption, particularly when organizations plan to use both local and public cloud resources simultaneously.
With Hybrid Cloud Management, Oracle Enterprise Manager Cloud Control 13c provides you with a single pane of glass for monitoring and managing both your on-premises and Oracle Cloud deployments, all from the same management console.
Oracle Management Service is a core on-premises component of Oracle Enterprise Manager Cloud Control that orchestrates with Oracle Management Agents (another core component of Oracle Enterprise Manager Cloud Control) and plugins to discover targets, monitor and manage them, and store the collected information in a repository for future reference and analysis. By deploying the Hybrid Cloud Agent type of Oracle Management Agent on the Oracle Cloud virtual hosts that are serving your Oracle Cloud services, you can manage Oracle Cloud targets just as you would any other target.
The communication between Oracle Management Service instances and Hybrid Cloud Agents is secure from external interference. In addition to a hardened architecture of its own, Oracle Enterprise Manager Cloud Control supports the use of additional external HTTP proxies that support tunneling, which you can configure for the gateway agents to connect to Oracle Cloud.
This article provides a detailed example for setting up administration of public cloud databases from a local management console.
Secure Connections for Cloud Management
Performing administrative tasks, monitoring, and using many of the functionalities of Oracle Enterprise Manager 13c are common whether you are administering local on-premises databases or databases on Oracle Cloud. However, there are some configuration differences to enable secure connections when managing Oracle Cloud resources from Oracle Enterprise Manager from a private network.
Understanding the Remote Management Communication Architecture
An Oracle Management Agent enables you to convert an unmanaged host to a managed host. In a private network, Oracle Enterprise Manager connects directly to the Oracle Management Agents for administration. To manage resources in a public cloud, Hybrid Cloud Agents are used for the Oracle Cloud virtual hosts, while Hybrid Cloud Gateway Agents and Hybrid Cloud Gateway Proxies are used to establish communication channels between Oracle Enterprise Manager on a private network and resources on Oracle Cloud. Figure 1 shows this architecture.
Figure 1: Architecture for communication between an Oracle Management Service and Oracle Cloud resources.
The setup for managing Oracle Cloud resources includes the following:
- Designating one or more private cloud management agents as Hybrid Cloud Gateway Agents, which also includes setting up the Hybrid Cloud Gateway Proxy
- Configuring SSH keys to enable secure authentication and communication between the private and public cloud environments (summarized below)
- Deploying Hybrid Cloud Agents on the public cloud targets to be managed
For greater detail and information on other connectivity variations for hybrid cloud management, please see "Overview of Hybrid Cloud Architecture and Communication" in the Enterprise Manager Cloud Control Administrator's Guide.
Public and Private Key Exchange for Secure Communications
Because access to Oracle Cloud is expected to be over a public network, it is necessary to establish authentication and secure communications between the private cloud Oracle Management Service and the resources to be managed on Oracle Cloud. Oracle Enterprise Manager uses SSH to enable authentication and secure communications. Configuration for secure communications is a prerequisite for installing Hybrid Cloud Agents and is shown in Figure 2.
Figure 2: Configuration of a secure management connection.
Configuration Prerequisites and Assumptions
- An Oracle Enterprise Manager 13c Oracle Management Service is available in the private cloud.
- One or more Oracle Management Agents are deployed on the private cloud network.
- (Optional) Local databases are being managed by the Oracle Management Service (for information on managing Oracle Database in a private cloud, please see "Architecture Matters: Managing Databases on a Private Cloud with Oracle Enterprise Manager Cloud Control 13c").
- The user has an Oracle Cloud account.
This summary provides a quick overview of the setup process for configuring a private cloud's Oracle Enterprise Manager 13c Oracle Management Service to manage Oracle Cloud resources. The result is a single management station for administering assets deployed to a hybrid cloud. The process describes the setup for a single Oracle Cloud database. However; the process is similar for configuring multiple databases.
- On the private cloud, use the Oracle Enterprise Manager command-line interface (CLI) to register one or more local Oracle Management Agents to function as Hybrid Cloud Gateway Agents. To learn more about using multiple Hybrid Cloud Gateway Agents for high availability and load balancing, please see the "Configuration Process Detailed Example" section.
- From the Oracle Cloud user interface, create a new database that you plan to administer remotely using Oracle Enterprise Manager 13c.
- From the Oracle Cloud user interface, log in to the Oracle Cloud virtual host that is running the database, and then generate and store SSH keys to be used for secure authentication and encrypted communications with the Oracle Management Service. From the Oracle Management Service, upload the keys that were generated on the Oracle Cloud virtual host.
- Use Oracle Enterprise Manager 13c to install a Hybrid Cloud Agent on the Oracle Cloud virtual host.
- Use Oracle Enterprise Manager 13c to discover the new database through the new Hybrid Cloud Agent.
- Use Oracle Enterprise Manager 13c to promote the discovered Oracle Cloud database to enable it to be managed from the Oracle Management Service.
At this point, the Oracle Enterprise Manager Cloud Control can be used to administer both public and private cloud databases providing true hybrid cloud management.
This detailed example provides a more-complete walkthrough of the setup process. While screenshots are used to illustrate key steps in the process, screenshots are not shown for all steps for brevity.
1. Register the Hybrid Cloud Gateway Agent(s).
Any Oracle Management Agent that is accessible by the Oracle Management Service and is running on a supported Oracle Management Agent platform can be designated as a Hybrid Cloud Gateway Agent. In this example, two Oracle Management Agents hosted on SPARC S7-2 servers from Oracle are configured as Hybrid Cloud Gateway Agents.
Note: Oracle recommends selecting Oracle Management Agents that are monitoring only a few targets to ensure that the performance of the Hybrid Cloud Gateway Agents is not affected by high activity.
Note: Oracle recommends configuring two or more Hybrid Cloud Gateway Agents for Oracle Cloud targets to provide high availability for the connection to Oracle Cloud.
Configuring Hybrid Cloud Gateway Agents must be done through the Oracle Enterprise Manager CLI. As the SYSMAN user, log in to the Oracle Management Service using the following CLI command:
-bash-4.1$ /u01/software/em13.2/middleware/bin/emcli login -username=sysman
Use the CLI to designate the selected Oracle Management Agents to act as Hybrid Cloud Gateway Agents by registering them with the Oracle Management Service:
-bash-4.1$ /u01/software/em13.2/middleware/bin/emcli register_hybridgateway_agent -hybridgateway_agent_list="oos-sn1-01.us.oracle.com:3872"
Successfully registered list of agents as hybridgateways.
-bash-4.1$ /u01/software/em13.2/middleware/bin/emcli register_hybridgateway_agent -hybridgateway_agent_list="oos-sn1-02.us.oracle.com:3872"
Successfully registered list of agents as hybridgateways.
Two Oracle Management Agents have now been registered as Hybrid Cloud Gateway Agents. Later in the process during the Hybrid Cloud Agent deployment, the deployed Hybrid Cloud Agent will be associated with a Hybrid Cloud Gateway Agent. Additionally, each Hybrid Cloud Agent can be associated with secondary Hybrid Cloud Gateway Agents to provide a redundant Oracle Management Service communication channel with the Oracle Cloud resource.
2. Provision a new database on Oracle Cloud.
This step walks through provisioning a new Oracle Database via an Oracle Cloud account. If databases have already been provisioned on Oracle Cloud, proceed to Step 3. Otherwise, initiate the process by opening the Oracle Database Cloud Service console and then clicking Create Service, as shown in Figure 3.
Figure 3: Oracle Database Cloud Service screen.
Next, complete the new service's details—including the service name, service type, software release, software edition, and the billing frequency—based on your needs, as shown in Figure 4.
Figure 4: Selecting the database's service name, type, software release, edition, and billing frequency.
On the details screen (Figure 5), configure the hardware sizing, administrative passwords, backup and recovery, and availability options.
Figure 5: Setup of key database service characteristics including resource sizing and availability options.
Figure 6 shows the confirmation screen that provides the full details for review prior to creation.
Figure 6: Confirmation screen with summary of all the new service's details.
After the database is created, it will appear in the main account screen, as shown in Figure 7.
Figure 7: Oracle Database Cloud Service summary screen.
3. Generate and load the SSH Keys.
To enable a secure connection, you need to generate keys on the Oracle Cloud virtual host and upload them to Oracle Enterprise Manager Cloud Control in your private cloud. Full details for the prerequisites and the process are covered in "Prerequisites for Installing Hybrid Cloud Agents."
4. Deploy an Oracle Hybrid Cloud Agent.
The installation of Hybrid Cloud Agents is very similar to the installation of standard Oracle Management Agents and is accomplished through the Oracle Enterprise Manager Cloud Control. The Add Target screen (Figure 8) walks you through the process of deploying the Hybrid Cloud Agent. The first step, as shown in Figure 8, is to select the Oracle Cloud virtual host where the agent will be installed.
Figure 8: Specify the host to receive the Hybrid Cloud Agent.
Complete the process to install the Hybrid Cloud Agent on the new database host to allow for the administration of the database on Oracle Cloud. After you finish filling in the required screens, a confirmation screen (Figure 9) will show the configuration details prior to installing the agent.
Figure 9: Agent deployment confirmation screen.
Note: When you deploy a Hybrid Cloud Agent, it is associated with a single Hybrid Cloud Gateway Agent by default. To ensure a connection between the Oracle Management Service and the Hybrid Cloud Agent in the event that a Hybrid Cloud Gateway Agent is down or is not reachable, Oracle recommends that you enable every Hybrid Cloud Agent to use multiple Hybrid Cloud Gateway Agents. To learn more, please see "Configuring Hybrid Cloud Agents for High Availability."
5. Discover Oracle Database.
After the new database has been created and the Hybrid Cloud Agent has been deployed, auto-discovery is used to find the targets that can be monitored and managed on the newly added host, as shown in Figure 10. To initiate this process, select the new host from the list of targets shown in the Host column and click Discover Now.
Figure 10: Setup Discovery screen.
6. Promote targets.
After discovery is complete, the resulting targets need to be promoted to enable management from Oracle Enterprise Manager (Figure 11). This extra step enables you to choose only those items on a particular target that you desire to manage. Note that the screenshot in Figure 11 displays a variety of managed target types (as shown in the Target Type column), including an Oracle Database listener, home, and database instance.
Figure 11: Promoting targets to be managed.
At this stage, the new Oracle Cloud database is now manageable through Oracle Enterprise Manager 13c. Figure 12 shows the Databases screen with both private and public cloud databases including the newly promoted Oracle Multitenant container database and pluggable database.
Figure 12: Single-pane-of-glass for managing private and public cloud databases.
With a single pane of glass for monitoring private and public cloud database environments, Oracle is in a unique position to assist organizations with their hybrid cloud deployments. With a single tool set, it is possible to manage key characteristics, perform typical administrative tasks, and easily migrate databases between locations as needs dictate. For more information on common management tasks as well as cloning databases on a private cloud, please see "Architecture Matters: Managing Databases on a Private Cloud with Oracle Enterprise Manager Cloud Control 13c." Additionally, stay tuned for editions of this "Architecture Matters" series to learn more about using Oracle technologies.
- "Enabling Hybrid Cloud Management" (Chapter 17 of Enterprise Manager Cloud Control Administrator's Guide)
- "Getting Started with Oracle Cloud"
- "Architecture Matters: Managing Databases on a Private Cloud with Oracle Enterprise Manager Cloud Control 13c"
- Oracle Optimized Solutions web page, which provides links to the full "Architecture Matters" series
About the Authors
Ken Kutzer is a team lead for Oracle Optimized Solution for Secure Oracle Database and Oracle Optimized Solution for Oracle Database as a Service. He is responsible for driving the strategy and efforts to help raise customer and market awareness for Oracle Optimized Solutions in these areas. Kutzer holds a Bachelor of Science degree in electrical engineering and has over 20 years in the computer and storage industries.
Larry McIntosh is the chief architect within the Oracle Optimized Solutions team. He has designed and implemented highly optimized computing, networking, and storage technologies for both Sun Microsystems and Oracle. McIntosh has over 40 years of experience in the computer, network, and storage industries and has been a software developer and consultant in the commercial, government, education, and research sectors and an information systems professor. He has directly contributed to the product development phases of Oracle Exadata Database Machine and various Oracle Optimized Solution architectures. His most recent contribution has been in the design, development, testing, and deployment of Oracle Optimized Solution for Secure Oracle Database.