To resolve most of the issues just described, Oracle Enterprise Manager Cloud Control 12c offers excellent functionality for configuration management and security compliance as part of the Database Lifecycle Management Pack, in the case of database servers and the databases on these servers. For other targets such as application servers or applications, different packs may be required—for example, the WebLogic Server Management Pack Enterprise Edition is required for configuration management of WebLogic servers, and the Application Management Suite for Oracle E-Business Suite (EBS) is required for configuration management of EBS, and so on.

In general, this configuration management functionality includes the ability to automatically discover your servers, then do a deep discovery and collect the configuration of all the components on the servers. The configuration is stored inside the centralized Enterprise Manager repository, and it is possible to do comparisons between...

The new Auto Discovery feature in Enterprise Manager Cloud Control 12c uses IP Scan (NMAP) to discover host and non-host Targets without the need for an Agent, scanning your network and discovering all the hosts thereon. Certain information about which software is running on the hosts comes from smart guesses. This goes into a list of discovered unmanaged Targets in Enterprise Manager.

The DBA can then select any Target host from this list and promote it as a managed Target; this then pushes the Enterprise Manager Agent to the server. The Agent then performs deep discovery of all Targets on the server and collects the detailed configuration.

Setup | Add Target | Configure Auto Discovery brings up the screen shown in the following screenshot, where you can initially perform an Agent-less Hosts and Virtual Server Discovery Using IP Scan:

This page also allows different types of Agent-based discovery. A guided workflow is shown in the Instruction section for your reference.

The...

On the home page (Enterprise | Summary) of Enterprise Manager, there is an Inventory and Usage region at the top of the screen. This can be used to display the Inventory summary as shown in the screenshot we will soon see.

You can select either Hosts, Database Installations, Fusion Middleware Installations, or Fusion Applications Installations from the drop-down menu/drop-down box in this region. This then correspondingly displays the inventory summary in the table.

As an example, if you select Hosts, it will display all the different types of hosts installed. Everything in your Enterprise will be seen, provided Agents have been placed on every host and the administrator who has logged into Enterprise Manager has the right to see these hosts. This is shown in the following screenshot:

Click on the See Details link to drill down further to examine an elaborate listing of the inventory and usage details. By default, the details are rolled up on Platform. You can select other options...

From the main Enterprise Manager Cloud Control 12c console menu, go to Targets | Hosts. This brings up a list of hosts. When you select the host you want, it brings up the host's home page as shown in the following screenshot:

Right on the host's home page itself, there is a Configuration section, which shows certain basic information collected about the host. This includes IP Address, Operating System version, CPU Cores, File System size, Memory Size, and so on.

Under the Compliance Standard Summary section on the same page, it also tells you if there are any security or compliance violations for this Target.

Note that some of the sections on this page have been collapsed to give you a better view; in this version of Enterprise Manager Cloud Control 12c it is possible to collapse or expand sections at will or move them around on the page.

To view the detailed configuration of this host, go to Host | Configuration | Last Collected in the Host menu (not the Enterprise...

Suppose you want to find out which Oracle software is installed on this host. If you have to do this manually, it will be a lengthy process as you have to search through the whole box using Unix commands such as find, and have root privileges, since Oracle software can be installed under different Unix usernames. Even if the /etc/oratab file is present, it may not have been maintained by the DBA and may not contain all the Oracle homes. And in many cases this file is not even present.

But you are now using Enterprise Manager and the Agent has already collected this information and put it in the repository. All you need to do is to invoke the configuration search capabilities, which you can do from the latest configuration page:

If the Search button is not visible on this page, remember to drag the regions apart.

Instead of filling in anything on this page, click on the Back button at the top. This moves us to the Configuration Search Library page as shown in the following...

Back on the latest configurations page, select havipori.sainath.com in the left-hand side pane, and then go to Actions | Refresh. Enterprise Manager reports that the Target collection has succeeded and the refreshed configuration data is displayed. This is how you would manually refresh the configuration if you wanted to be sure that the information stored in the Enterprise Manager repository was up-to-date.

Now go to Actions | History. We want to see which operating system property has changed in the current state of the host.

Click on the Clear button next to Configuration Item, and then click on the magnifying glass icon and select Operating System Properties (from the Type of Change drop-down menu) to be used in the search. Then click on the Search button.

The results that come up, as shown in the following screenshot, tell us that one of the important operating system properties has changed recently—this is fs.file-max, and the exact change is also shown:

This demonstrates...

Topology mapping is also an important feature of configuration management in Enterprise Manager. You can best see this in a database system. A system is a collection of components that can be managed together, rather than managing each component separately.

Go to Targets | Systems and then select emrepos.sainath.com_sys, which is the name automatically given by Enterprise Manager to a system that has been created for this database. The system home page appears as shown in the following screenshot:

Now, go to Database System | Database System Topology. This displays all the interconnected components in a graphical format. Click on the components to expand them. The relationship between the components are shown.

In a complex system, such a map would be useful to find out the interdependencies. You can search for individual components and you can also change the annotations that appear on the topology view, such as the status, metrics (with names or values), and incidents:

Component...

Enterprise Manager collects a rich set of configuration information for different types of Targets, such as databases, hosts, middleware, and many Oracle applications: E-Business Suite, Siebel, PeopleSoft, JD Edwards, and Fusion Applications. The blueprints for collection are updated regularly by Oracle, and are downloadable using the self-update facility in Enterprise Manager Cloud Control 12c.

There is also a close integration with MOS. The Target configuration information that is collected by the Agent and stored in the Configuration Management Database (CMDB) within the repository is collated regularly by the Enterprise Manager Harvester process and pushed to MOS. The Harvester is actually a part of the Enterprise Manager's Base Framework, and replaces Oracle Configuration Manager (OCM) in the case of most Enterprise Manager Targets for this critical upload of configuration information to MOS. However, at the time of writing, except for Fusion Applications, Oracle...

The latest version of Enterprise Manager Cloud Control 12c allows collection of client configurations. This is accessible when we navigate to Enterprise | Configuration | Client Configurations.

In this context, a client means an end-user system that is external to your company's IT systems. Configuration data can also be collected from such an end-user system.

The collection is performed by an application called Client System Analyzer (CSA). This application is preinstalled with Enterprise Manager Cloud Control 12c and can be accessed by going to Enterprise | Configuration | Client System Analyzer, which brings up the page shown in the following screenshot:

This allows you to activate or deactivate the CSA application page. If the end-user system can access the URL shown in the screenshot, which is on the OMS web servers, then it can use the CSA application to collect the client information. No login credentials to Enterprise Manager are needed.

If the OMS web servers...

Configuration and security compliance is monitored by Enterprise Manager Cloud Control 12c. Right on the enterprise's summary page, Enterprise Manager displays the compliance information for each of the Targets. In our case, there are four critical violations for the havipori.sainath.com target:

The average compliance score of this target has been calculated as 51 percent. To view the violations in detail, you have to drill down by clicking on the target name in this table. This brings up the Compliance Results page as shown in the following screenshot. This page can also be displayed by going to Enterprise | Compliance | Results:

To view the actual violations, click on the Show Details button and then select Security Recommendations on the left-hand side pane. This brings up the list on the Violation Events tab. If you select any of the violations in this list, the detailed information will be displayed in the section that is underneath:

You may have noticed the Incident Attributes...

You can view the centralized compliance library in Enterprise Manager Cloud Control 12c by going to Enterprise | Compliance | Library. This brings up the view shown in the following screenshot:

Enterprise Manager Cloud Control 12c now uses a new hierarchy for the compliance capability. This replaces the compliance policies and policy groups of the previous version. The new hierarchy has three levels – at the bottom, there are compliance rules, which are checks or tests performed against specific Target types, such as a check to see if a database or OS parameter is set as per best practices.

On the second level, we have compliance standards. These are a collection of one or more rules for a certain Target type. Compliance standards can be associated with multiple targets. When the various compliance standards for different Target types are combined together, they form compliance frameworks, which are at the topmost level.

The frameworks are conceptual folder-like structures...

Compliance rules and standards are created by technical administrators, DBAs, and IT managers—and these would normally map to industry-wide compliance frameworks.

Once these have been set up and are working in a day-to-day scenario, they need to be reported. These compliance reports will be used by the security and compliance officers of the company, as well as the auditors. As such, the compliance reports assume an important role.

A number of these compliance reports are provided by Enterprise Manager Cloud Control 12c, which you can access by going to Enterprise | Reports | Information Publisher Reports. Search for Compliance as the title. You can also create your own reports by using the Create Like button on the page shown in the following screenshot:

Configuration reports are available on the same page. Simply search for Configuration as the Title field's value. The following list appears:

In this chapter we have seen the configuration management and compliance capabilities of Enterprise Manager Cloud Control 12c, and how they combine together to enable your company to have standardized configurations throughout the IT infrastructure. Standardization enables ease of deployment and troubleshooting besides a number of other benefits.

You can have an automated configuration drift check between different systems, which may be across the lifecycle, for example, between staging and production, or between a primary site and a disaster-recovery (standby) site. Any configuration violations can be instantly reported in the incident console of Enterprise Manager.

In the new release, configuration management enjoys a scalability suitable for the largest IT environments. Only changed configuration data is loaded, and rules are evaluated at the point when a change has taken place in the related data. Notifications are sent only when a drift in the configuration data has been detected...