Creating EM Users for Performance Tuning

One of the key features for Database administration in Enterprise Manager 12c is the Performance pages utilizing the Diagnostic and Tuning packs. The DBAs are very familiar with these. Many customers are starting to ask how to let their Developers access the performance data without allowing full access to production.

Database Authentication

Even if a user has Super Admin permissions in EM, it doesn’t grant them access to the database target at all. With View Target permission on a database target, a user can get to the main target screen, as seen below:

dbuser1

As soon as they try to dig further into the SQL or Schema, they will be presented with a login box.

dbuser2

The EM user must have Connect/Connect Target Read-only privilege to get a login prompt to a target.   You can either use a Named credential, or create a New credential.  If the EM user has access to Named credentials, they will be able to save the credential and set that as a Preferred credential for this target.  If the Preferred credential is set, the login will be automatic from now on.

From here, what the user can do is completely dependent on what that login was.   Do you have sys as sysdba logins?  If so, you can do just about everything.   Or do you have a restricted read-only database account that limits your actions?   Whatever database account permissions were set are still enforced through EM.   So the question is… what permissions do you need?

Database Authorization

As with any user account in an Oracle database, you have to specify explicit privileges or roles to be able to access certain pieces. Just as you would have to grant select on X table, you have to grant access to specific performance views and functions.

Performance Views

For basic view permissions on the Performance pages, the user needs at a minimum create session and select any dictionary.  If you were able to login, then you already have create session.   So let’s grant select any dictionary.

SQL> grant select any dictionary to scott;

Now when we go to the Performance Home page, we will see the data as below:

dbuser6

AWR

That works great for the Performance pages, but  let’s say you want to run an AWR report, can we do that?

dbuser3

Nope.  As you can see, we get an error that execute privilege on DBMS_WORKLOAD_REPOSITORY is required for this function.  So let’s grant that:

SQL> grant execute on dbms_workload_repository to scott;

dbuser4

Now you can successfully run ASH and AWR reports from EM.

SQL Access Advisor

SQL Access Advisor has additional permissions at the database level that are required.  SQL Access Advisor also submits a DBMS Scheduler job on the database, so we also need access to create jobs.  Without this persmision you’ll get an error as follows:

dbuser5

SQL> grant oem_advisor to scott;
SQL> grant create job to scott;

Now when we submit the SQL Access job, we get a Confirmation message that links to the Scheduler Job :

dbuser7

 

 SQL Tuning Advisor

For SQL Tuning Advisor, you’ll need to create a SQL Tuning Set and have permissions to dbms_workload_repository and administer the SQL Tuning sets.

SQL> grant execute on dbms_workload_repository to scott;
SQL> grant administer sql tuning set to scott;

Once you have these additional permissions, you’ll be able to successfully create a SQL Tuning Advisor job and receive the results.

dbuser9

 

These are some of the more common performance tuning privileges required to use the features through EM, however there are a lot of other features that could be accessed.   Depending on what functions the user requires, you may need additional permissions at the database level.    For additional privileges required, see Where to Find Information About Performance Related Features (Doc ID 1361401.1).

Hopefully this short blog will help you start to think about what roles and permissions your database users might need in order to make full use out of the Oracle Enterprise Manager Performance pages!

ECO 2014 – Zero to Manageability

I had the pleasure of presenting to the East Coast Oracle Users Group conference in Raleigh, NC on November 4th.  I had a great crowd with lots of interest and great discussions! Thanks to everyone who attended today! Slides can be downloaded here.

**Sorry for the delay, WordPress wouldn’t let me post links or images, and finally had time to sort it out! **

Notifications for Expiring DBSNMP Passwords

Most user accounts these days have a password profile on them that automatically expires the password after a set number of days.   Depending on your company’s security requirements, this may be as little as 30 days or as long as 365 days, although typically it falls between 60-90 days. For a normal user, this can cause a small interruption in your day as you have to go get your password reset by an admin. When this happens to privileged accounts, such as the DBSNMP account that is responsible for monitoring database availability, it can cause bigger problems.

In Oracle Enterprise Manager 12c you may notice the error message “ORA-28002: the password will expire within 5 days” when you connect to a target, or worse you may get “ORA-28001: the password has expired”. If you wait too long, your monitoring will fail because the password is locked out. Wouldn’t it be nice if we could get an alert 10 days before our DBSNMP password expired? Thanks to Oracle Enterprise Manager 12c Metric Extensions (ME), you can! See the Oracle Enterprise Manager Cloud Control Administrator’s Guide for more information on Metric Extensions.

Read more here

Getting Ready for OpenWorld 2014

This is going to be a busy month as I finish up presentations for multiple sessions at OpenWorld 2014.  It’s always such a great event, but a lot of work in September!

There’s a lot of valuable EM sessions that you can find here, but I’m going to highlight a few of the ones I’m working on with my team.

Zero to Manageability in One Hour: Build a Solid Foundation for Oracle Enterprise Manager 12c [CON8134]

Wednesday, Oct 1, 12:45 PM – 1:30 PM - Moscone South – 303
Speakers: Courtney Llamas (Oracle), Kellyn Pot’Vin (Oracle),  Dan Brint (SUNY)

We’re calling this our EM 101.  While we will have to skip a lot of the basic information due to the shorten sessions, this is geared towards those who are installing or upgrading to EM 12c and would like to learn from our experience with our “Fast Track” Methodology.   Even if you’ve already implemented or upgraded, you might learn a thing or two about organizing targets or managing your EM system.  We will also save some time for one of our customers (State University of New York) to share their experience in this process.

Abstract: Learn how to properly architect and deploy your Oracle Enterprise Manager 12c implementation, including designing for high availability and scalability. This session focuses on the essential tasks an implementation team must do to ensure Oracle Enterprise Manager 12c rollouts occur in a timely fashion and deliver a solid foundation for exploiting the marquee features of Oracle Enterprise Manager 12c. Topics such as users, roles, groups, templates, and incidents are discussed, plus key architectural decisions. The Strategic Customer Programs team in Oracle Enterprise Manager Development works with customers worldwide to guide them to success with their implementations and has compiled some essential techniques and tips for getting from zero to manageability in the shortest time possible. 

Under the Hood: Diagnosing and Troubleshooting Oracle Enterprise Manager 12c Release 4 [CON8225]

Monday, Sep 29, 1:30 PM – 2:15 PM - Moscone South – 302
Speakers:  Werner DeGruyter (Oracle), Andrew Bulloch (Oracle)

This is our “graduate level” class.  For the people responsible for EM day by day, who have to troubleshoot performance issues or agent issues, this session is for you!  Don’t miss out.

Abstract:  This session equips attendees with the knowledge they need in order to understand the health and status of Oracle Enterprise Manager. It covers essential background information on the Oracle Enterprise Manager infrastructure (such as the repository and the agent) and selected managed targets. Building on this knowledge, the session then looks a little deeper and discusses techniques and tips for monitoring the performance of Oracle Enterprise Manager and tuning any bottlenecks that are commonly identified in Oracle Enterprise Manager. It also explores the essential parts of the Oracle Enterprise Manager UI every Oracle Enterprise Manager administrator should be familiar with and discusses some techniques for logging and tracing to assist in diagnosing problems.

Wait, there’s more!

In addition to the sessions above, I’ll be co-presenting with a few customers on their sessions, so come see how real customers are using EM to manage and monitor their targets!

Advanced Diagnostics and Monitoring with Oracle Enterprise Manager 12c [CON4114]

Thursday, Oct 2, 10:45 AM – 11:30 AM - Moscone South – 301
Speakers:  Tyler Sharp (Cerner), Aaron Rimel (Cerner), Courtney Llamas

Abstract:  This session covers how Cerner Corporation, a leading healthcare IT company, leverages Oracle Enterprise Manager 12c for database-specific thresholds, creating proactive monitoring of 26,000+ targets. Learn how to scrape Automatic Workload Repository data combined with Oracle Enterprise Manager repository data, exploiting common script issues in a homogeneous environment or personalized thresholds with historical data to proactively alarm, hours or even days before a potential outage. Report on compliance to feed management data on complexity and compliance of your data centers. With metric extensions, Cerner realized a 40 percent reduction in patient hours affected. Increase returns on your Oracle Enterprise Manager investment, and move your organization to proactive smart alerting.

Using Oracle Enterprise Manager to Deliver Multitenant DBaaS on Oracle Exadata: Lessons Learned [CON5875]

Tuesday, Sep 30, 5:00 PM – 5:45 PM - Moscone South – 301
Speakers:  Manish Shah (Hartford), Brian Bennett (Hartford), Courtney Llamas

Abstract: Have you migrated to or are you planning to migrate to Oracle Enterprise Manager 12c? Want to know how to automate repetitive tasks and categorize and auto-assign targets to customized monitoring and alerting groups based on bronze, silver, and gold definitions in your DBaaS catalog? This session shows how to build an Oracle Enterprise Manager 12c framework aligned with your organizational model to manage targets on various platforms such as Oracle Database 12c pluggable and container databases. You’ll also learn how to optimize these targets on Oracle Exadata with a combination of administrative and privilege propagating groups, target properties, monitoring templates, and enterprise rule sets, resulting in a flexible yet scalable operational setup for your DBaaS offerings.

Full Visibility into Oracle WebLogic/Java Diagnostics with Oracle Enterprise Manager 12c [CON5983]

Monday, Sep 29, 5:15 PM – 6:00 PM - Moscone South – 200
Speakers:  Mark Consoles (Omgeo), Eldad Ganin (Omgeo), Avi Huber (Oracle)

Abstract: In this session, hear how Omgeo’s application team has leveraged Oracle Enterprise Manager Cloud Control 12c to streamline monitoring and management of its Oracle WebLogic Servers, JVMs, Oracle iPlanet Web Servers, and more to ensure that it can maximize the visibility and reliability of the company’s application systems built on Oracle technology to their fullest extent. By leveraging JVM Diagnostics and Oracle WebLogic monitoring to pinpoint and isolate problems in product environments without having to reproduce them in a test environment, Omgeo has been able to cut down its root cause analysis by orders of magnitude

 

Organizing Your Oracle Enterprise Manager Targets

If you’re monitoring more than a handful of servers or databases in your Enterprise Manager 12c (EM), you have probably started creating groups to manage many targets together.   If you haven’t, this is one of the most critical aspects of setting up your EM to properly monitor and manage targets.  There are several use cases where you will want to perform a single action on multiple targets.

  • Setting monitoring thresholds
  • Granting privileges
  • Sending notifications
  • Applying compliance rules
  • Viewing dashboards
  • Running jobs, upgrades, backups
  • Creating reports

Continue reading

EM12c Release 4: Using Repository Side Metric Extensions to Alert on Collected Metrics

A few weeks ago, someone asked on the OTN forums how to alert on some of the JVM metrics such as ‘JVM Threads – Threads Started (since startup)’ using Enterprise Manager 12c (EM).    This is one of those few metrics that EM collects, but does not allow custom thresholds.    Let’s take a look at the metrics that EM collects on the WebLogic Server target.

Select WebLogic Server / Monitoring / All Metrics

metric1

From here we can scroll down to the JVM Threads section and find the real-time data (by click on the category JVM Threads).  The real-time data is not stored in the EM repository.  Let’s continue to drill down by clicking on the specific metric, JVM Threads – Threads Started in this case.

metric3

This shows us the data as of the last collection, the chart shows the history, and if you click on the link Table Data you’ll get a nice chart with timestamps and values.

metric4

Now let’s take a look at the Metric & Collection Settings page to see what the thresholds are set at.

Select WebLogic Server / Monitoring / Metric & Collection Settings

On the Metrics tab, click the view drop down and select All Metrics, and scroll to the JVM Threads section.

metric2

As you can see there’s no threshold setting for JVM Threads – Threads Started (since startup).  In fact, you can not add a threshold to this particular metric.   Why not?  Who knows.   But that’s not going to stop us.

At the time I the only option was to create a Metric Extension to collect this data from the JVM and then store it as a metric and set your thresholds.  I referred to one of my previous blog posts showing how to create a Metric Extension on Fast Recovery Area.   With the release of EM 12.1.0.4 you can now create a Repository-side Metric Extension to alert on the already collected data!  This Metric Extension uses a query to pull data from the repository, and then you can manipulate that as needed.    No more re-collecting data just to trigger an alert!

Select Enterprise / Monitoring / Metric Extensions

metric5

On the Metric Extensions page, select Create / Repository-side Metric Extension.

metric6

Select the target type, in this case we select Oracle WebLogic Server. Enter a metric name, display name. and adjust collection schedule. Since our metric we’re going to use is collected every 30 minutes, we’ll use that schedule as well.   Click Next.

metric7

Next you will enter the SQL to obtain the metric.  This is where your EM Repository skills will be put to the test.   The following query will find the current (last collected) metric information for the WebLogic Server target type and the specific metric we are interested in.    Be sure to read the tips and examples on the right side for more detailed queries.

SELECT target_guid,value as JVMThreadsStarted
 FROM   mgmt$metric_current
 WHERE  target_type = 'weblogic_j2eeserver'
 and metric_name='jvm_threads'
 and metric_column='totalStartedThreadCount.value'

Click Validate SQL to verify, and click Next.   EM will pre-populate the required columns based on the query you provided.   If you select the row JVMThreadsStarted and click Edit, you can now set a category or set default thresholds.  This particular metric may not be a good example for default thresholds as it could be very target specific.   In this example, we will go ahead and set the defaults.   If you don’t set thresholds here, you can add them at the target level.  After editing click OK and then click Next.

Next we have the chance to Test our metric against a selected target. Click Add, select a WebLogic Server, and click OK.  Then click Run Test.  You will then see in the bottom pane, the results of your metric test.

metric10

Verify that your results are as expected, and click Next .  You’ll be presented with a Review screen before clicking Finish to complete your Metric Extension.

metric23

Once created, select your Metric and click Actions / Save as Deployable Draft.   Then select Actions / Deploy to Targets and select a test target or two that you can deploy to.   Once you’ve tested successfully, select Actions / Publish Metric Extension and start adding your metric to templates.

By going back to the Oracle WebLogic Server target I deployed to, and viewing Monitoring / All Metrics, I can now see my Metric Extension and that it’s already generated a Critical threshold violation.  Be patient, it may take a few minutes to update the status once metric is deployed.

metric24

If you’re not on 12.1.0.4 yet, you’ll need to create a Metric Extension and select target type Oracle WebLogic Server, and use a Mbean browser to find the metric you’re interested in.  In this case, the Metric = java.lang:type=Threading and the Column Order = TotalStartedThreadCount.

metric23

For more details on using Metric Extensions and their life cycle, see the Enterprise Manager Cloud Control Administration Guide section on Using Metric Extensions.

Network Ports Used in Oracle Enterprise Manager 12c

When planning and configuring your Oracle Enterprise Manager 12c implementation, you will have many infrastructure considerations. One of the most often discussed pieces is the network ports that are used and how to configure load balancers, firewalls and ACLs for communication.

This blog post will help identify the typical default port and range for each component, how to identify it and how to modify the port usage.

Read original post here.

Monitoring Archive Area % Used on Cluster Databases

One of the most critical events to monitor on an Oracle Database is your archive area. If the archive area fills up, your database will halt until it can continue to archive the redo logs. If your archive destination is set to a file system, then the Archive Area % Used metric is often the best way to go. This metric allows you to monitor a particular file system for the percentage space that has been used. However, there are a couple of things to be aware of for this critical metric.

Read original post here.

Fast Recovery Area for Archive Destination

If you are using Fast Recovery Area (FRA) for the archive destination and the destination is set to USE_DB_RECOVERY_FILE_DEST, you may notice that the Archive Area % Used metric does not trigger anymore. Instead you will see the Recovery Area % Used metric trigger when it hits a Warning threshold of 85% full, and Critical of 97% full. As this metric is controlled by the server side database thresholds it cannot be modified by Enterprise Manager (see MOS Note 428473.1 for more information). Thresholds of 85/97 are not sufficient for some of the larger, busier databases. This may not give you enough time to kickoff a backup and clear enough logs before the archiver hangs. If you need different thresholds, you can easily accomplish this by creating a Metric Extension (ME) and setting thresholds to your desired values.  This blog will walk through an example of creating an ME to monitor archive on FRA destinations, for more information on ME’s and how they can be used, refer to the Oracle Enterprise Manager Cloud Control Administrator’s Guide.  

 

Read original post here.

Enterprise Manager, Oracle and other bits of life.