by Porus Homi Havewala Oracle Enterprise Manager 12c Release 5 , released in June 2015, allows an on-premise Enterprise Manager OMS (Oracle Management Service) to install Hybrid Cloud Agents on your Oracle Cloud Database servers. In this article series, we are looking at the steps for setting up and using the Hybrid Cloud via Enterprise Manager. In the previous part of this article series, we have gone through the pre-steps and then installed a Hybrid Cloud Agent. We discovered the databases and started to monitor the hybrid cloud. We then looked at configuration comparisons and configuration management for the Hybrid Cloud. We will now look at compliance standards enforcement, and finally look at the cloning of PDBs back and forth from the cloud. Compliance S tandards and enforcement: Let us set up common compliance checks for our on-premise and Cloud databases. Select Enterprise.. Compliance.. Library from the Enterprise Manager console. On the Compliance Library screen that appears, move to the “Compliance Standards” tab. Select the out-of-box compliance standard “ Configuration Best Practices for Oracle Database ” (as an example), and click on “Associate Targets” as seen below. On the Association screen, add the cloud database as well as the on-premise databases by clicking on “Add” and then selecting these databases in a multi-select action. When you proceed to save the associations to this standard, the following informational screens appear: In the same way, we can associate other supplied or your own customized compliance standards to the on-premise and cloud databases. After a few minutes, to see the results of the compliance check, select Enterprise.. Compliance.. Results from the Enterprise Manager console. This shows the average score of each compliance standard that you have associated to the databases. You can see from the results that the basic security configuration has some critical violations , 11 in total. Drill down on these. Out of the 11 violations, three critical violations are for the cloud database. Drill down again to these. The three critical security violations for the cloud database are seen below. The first is easily understandable – excessive privileges have been granted, that can be revoked. What about the other violations? To understand or examine these violations in detail, select Enterprise.. Compliance.. Library from the Enterprise Manager console. On the Compliance Library screen that appears, move to the “Compliance Standard Rules” tab. Search for the rule you want to understand, such as the second one in the list above: “ Password Complexity Verification Function Usage ”. Drill down on it. The full description of the rule appears. After understanding the rule, you can now find the solution so as to satisfy this compliance check. In this way, you have enforced the same compliance standard checks on your on-premise as well as cloud databases. So you can apply your corporate compliance standards to all your enterprise databases for the first time, no matter where they are. Enterprise Manager has managed to achieve enforcement of the same compliance standards on the Oracle public cloud as well as on-premise. As the next step, we are now ready to test out the cloning of PDBs back and forth from the Oracle Public Cloud and on-premise databases - using Enterprise Manager Cloud Control. Cloning PDBs from On-Premise to Cloud, and back One of the main features of the Hybrid Cloud is that it is possible to easily move on-premise PDBs to an Oracle Cloud CDB. For example, you are moving a PDB to the cloud so that some development work can be completed. Before you start this procedure, please note a few things. There is a current restriction in the process that says that the Patch Set level of the PDBs being patched need to be the same. Suppose the on-premise 12c CDB “ahuprod” has been patched to the April Database PSU (Patch Set Update). This means all the PDBs in this CDB are also on this PSU. The Cloud database, on the other hand, may have a different patch set level depending on when you created it. Up to the first week of June 2015, all cloud databases were being created with the January PSU applied. After the first week, all new cloud databases had the April PSU applied. Cloud databases created later on, say in August, may have the July PSU. You can check this by going to your cloud service console, drilling down to your cloud database, and drilling down on “View Patch Information” in the Administration box on the screen. Say on June 2015, if it says “No patches available”, it means the cloud database is on the April PSU (latest at that time), which should be fine. If it shows the April PSU, then it means the cloud database is on the earlier PSU, so you should apply the April PSU first on the database. You can check the current PSU, of course, by moving to the OPatch directory under the Oracle Home on the Cloud server, and issuing the command “opatch lsinventory”. This will display the patches that have been applied on the Oracle Home. After you have completed the PSU patch application, you can proceed with the actual cloning, since the source and destination CDBs are now at the latest PSU. We will continue the Hybrid Cloud cloning using Enterprise Manager, in Part VI of this article series. Keep on reading.
↧