This blog post describes how to use an on-prem Oracle Enterprise Manager 13c to monitor Oracle Cloud Infrastructure Autonomous Databases without internet traffic. In this case, a VPN connection from the data center Mohnweg/Jurasüdfuss/Switzerland to the OCI data center in Zurich is up and running. This method works with a Fast Connect too.
From the Oracle Enterprise Manager 13.5 Administrator Guide:
Oracle Enterprise Manager supports the following Autonomous Databases and the term “Autonomous Databases” in this guide collectively refers to them:
- Autonomous Data Warehouse – Dedicated
- Autonomous Transaction Processing – Dedicated
- Autonomous Data Warehouse – Shared
- Autonomous Transaction Processing – Shared
Architecture
- On-Prem: Oracle Enterprise Manager 13.5 RU2 – OL 7
- Oracle Cloud Infrastructure: Autonomous Transaction Processing – Shared
Requirements
- VPN connection up and running
- EM 13c up and running
- Routing and security list from on-prem to OCI and vice-versa in place
- An OCI Network Security Group NSG created – required for the ADB private endpoint connection
Network Security Group NSG
Allow ingress traffic for port 443 (Oracle Database Actions) and 1522 (Oracle Net).
Create and Autonomous Transaction Processing Database
Choose workload type, version, OCPU count and license type. Configure the section network access for private access only. Take care, the optional Host name prefix is later used for the connection as hostname. Choose it wisely. With a private endpoint, all network traffic moves in the private subnet within a VCN. It keeps all traffic to and from your Autonomous Database off of the public internet.
ATP – Database Actions – Access
In the ATP page of the new created Autonomous Database, a click on Database Access shows you the URL to the web console. This URL cannot be resolved from your local workstation, the hostname is unknown. The hostname has to be resolved first by your DNS (quick and dirty: local hosts file) or you use the IP address instead which is provided in the Autonomous Database Details page.
The private endpoint IP 192.168.201.11 is in our OCI private subnet. I have added it temporarily to my local workstation hosts file.
192.168.201.11 ocieuzurich1adbtp.adb.eu-zurich-1.oraclecloudapps.com ocieuzurich1adbtp
ATP – Database Actions – User ADBSNMP
Login into Database Actions with the provided URL to enable the already existing user ADBSNMP for monitoring.
- User: ADMIN
- Password: Your ADB password
In the Database Actions Launchpad, select DATABASE USERS.
Edit user ADBSNMP, unlock the account and set a password. This password is later used in Oracle Enterprise Manager 13c.
ATP – Download Wallet
On the Autonomous Database Details page, download the DB Connection wallet. The wallet and the wallet password are later used in Oracle Enterprise Manager 13c.
Oracle Enterprise Manager 13c – ATP Host Name Resolution
Oracle uses FQDN in the ADB wallet tnsnames.ora file. Verify if the hostname which is listed above on the details page as Private Endpoint can be resolved by the on-prem OEM host. Alternative: Add this line to the /etc/hosts file. Attention: this is not the same domain as used for the Database Actions console (oraclecloudapps.com vs. oraclecloud.com). Tip for troubleshooting: Test the database connection with your local SQL Developer and user ADBSNMP, for a local SQL*Plus connect you have to extract the wallet file and configure Oracle Net.
192.168.201.11 ocieuzurich1adbtp.adb.eu-zurich-1.oraclecloud.com ocieuzurich1adbtp
Connectivity check firewall and routing with Telnet:
oracle@rainstrasse:~/ [rdbms21] telnet ocieuzurich1adbtp.adb.eu-zurich-1.oraclecloud.com 1522 Trying 192.168.201.11... Connected to ocieuzurich1adbtp.adb.eu-zurich-1.oraclecloud.com. Escape character is '^]'.
Oracle Enterprise Manager 13c – Add Targets Manually
Login as SYSMAN – Setup – Add Target – Add Targets Manually.
Add Non-Host Targets Manually.
As Agent Host, you can choose your local agent which is running on the OEM host. Select target type for Autonomus Data Warehouse or Autonomus Transaction Processing.
- Set Target Name, choose the OCI Client Credential Wallet and set Monitoring Password.
- Test the connection.
- Next and Submit.
The target will be added in the next minutes.
Oracle Enterprise Manager 13c – ADB Detail Page
The Autonomous Database is added as new database target and can be monitored on the same way as the on-prem databases. As it is a service, the metrics are limited. For example: when the ADB is stopped, the Oracle Enterprise Manager shows an Availability Evaluation Error.
Summary
Adding an Oracle Cloud Infrastructure Autonomous Database in an on-prem Oracle Enterprise Manager EM13c by using a private endpoint is a great thing. Take care about the routing and the firewall rules, verify all connections before you add an ADB as a new target. Even when the metrics are limited, for a basic monitoring (+) is it ok.
Next step: I want to deploy an EM13c agent on a DBCS system. The MOS note DBCS: How to Deploy EM Agent on Cloud / DBCS Instance (Doc ID 2400965.1) shows the old OCI classic way, a SR to ask if this is allowed in OCI Gen. 2 too is already raised.
This was the last blog post of the year 2021 – see you in 2022! #happynewyear