I'm at a new client who's interested in exploring automated configuration management. One of the UNIX admins here is advocating oracle enterprise management. I've done a bit of research on it and, while I'll still do more, I don't believe OEM is what we're looking for to satisfy this specific requirement. I thought I'd ask here amongst what will probably be even more ardent OEM advocates to find out if I'm missing something in my understanding of OEM.
From a host/security perspective, an automated configuration management tool will monitor systems' configurations and reset them if any unauthorized changes occur. For instance,if I have a CM tool managing root's and/or oracle's ssh keys, if a new admin comes in, I can simply update the appropriate file on the CM tool and have it send the update out to all appropriate systems. If an admin leaves, the key gets automatically removed just as easily. Another use would be (UNIX) cluster configuration files which tend to get out of sync on the member nodes as time goes on. Using a CM tool, that doesn't happen. More important/visible uses usually cover ensuring system security configuration files meet and are maintained in compliance with a company's security policy.
From what I've seen, OEM looks like a great monitoring tool; but, is it a configuration management tool as well? I haven't seen that yet in my research. If it can be used as a CM tool, are there any good links pointing out how that's done?
Appreciate your time and any hints/tips/suggestions you may have.
Senior UNIX/Security Admin
CISSP, CISA, RHCSA, CEH
O'Leary Computers Inc
You can find information on the configuration management feature in EM through the links below:
What you are wanting to do I assume you currently do this with some type of script. OEM you can configuration to run host scripts you can even trigger those scripts to execute based on some type of metric to monitor. With OEM you can do just about anything.
There is even an EMCLI Enterprise Manager Command Line Interface that allows you to create customs scripts.
As LocNhan stated review the documentation he posted.
Thanks very much for the replies and for the link. I'll be looking into that on Monday. So, it sounds like whatever can be scripted can be managed via OEM. It's good that I'm an excellent scripter, then
I may have other questions related to license counts; but, let's see where more reading takes me first.
Thanks again for the replies and the link. I appreciate it.