Transcription
IMPORTANT: This guide has been archived. While the content in this guide is still valid for theproducts and version listed in the document, it is no longer being updated and mayrefer to F5 or 3rd party products or versions that have reached end-of-life orend-of-support. See https://support.f5.com/csp/article/K11163 for more information.What’s inside:2 Configuration example3 Configuring theBIG-IP system forOracle EnterpriseManager 12c8 Configuring EnterpriseManager for Use withF5 BIG-IP LTMWelcome to the F5 deployment guide for Oracle Enterprise Manager 12c with the BIG-IP system.This guide shows administrators how to configure the BIG-IP Local Traffic Manager (LTM) fordirecting traffic, ensuring application availability, improving performance and providing a flexiblelayer of security for Oracle Enterprise Manager 12c deployments.Oracle Enterprise Manager is Oracle’s integrated enterprise IT management product line andprovides the industry’s first complete cloud lifecycle management solution. Oracle EnterpriseManager’s Business-Driven IT Management capabilities allow you to quickly set up, manage andsupport enterprise clouds and traditional Oracle IT environments from applications to disk.This deployment guide has been jointly written by Oracle Corporation and F5 Networks andprovides the detailed steps for implementation of an Oracle MAA solution for Oracle EnterpriseManager Cloud Control using BIG-IP from F5 Networks as the front end for the Cloud Controlmid-tiers, known as the Oracle Management Service (OMS). The BIG-IP hardware platform canprovide load balancing, high availability, service monitoring, TCP/IP enhancements, and applicationpersistence for the Cloud Control environment as the front end for several Cloud Control services.Ar10 Document RevisionHistoryDeploying the BIG-IP LTM with OracleEnterprise Manager 12c Cloud Controlchived2 Prerequisites andconfiguration notesFor more information on Oracle Enterprise Manager, nager/index.htmlFor more information on the F5 BIG-IP system, see http://www.f5.com/products/big-ip/Products and versionsProductVersionBIG-IP LTM11.1, 11.2Oracle Enterprise ManagerCloud Control12.1.0.1.0Important: M ake sure you are using the most recent version of this deployment guide, availableat erprise-manager-12c-dg.pdf.
DEPLOYMENT GUIDEOracle Enterprise Manager 12cPrerequisites and configuration notesThe following are general prerequisites and configuration notes for this guide:hh You must have administrative access to the BIG-IP web-based Configuration utility.hh You must have administrative privileges on the Enterprise Manager system.hh Y ou must have both the Oracle OMS systems and the LTM configured to use an NTP serverfor time synchronization.hh Y ou must have both the Oracle OMS systems and LTM configured to use DNS for nameresolution.Configuration examplechivedCloud Control OMS Servers provide HTTP or HTTPS access to a set of Cloud Control services, listedbelow, to the Cloud Control clients, including the Cloud Control console and Management Agents.When more than one Cloud Control OMS Server is deployed, the F5 BIG-IP system can loadbalance requests for each service via virtual servers, with the Cloud Control clients making servicerequests using a virtual host name.Cloud ControlConsoleManagement AgentsArBIG-IPLocal Traffic ManagerOracle ManagementService (OMS)Oracle ManagementRepository (OMR)Figure 1: Logical Configuration ExampleThe Cloud Control services that can be served by the F5 BIG-IP in a multi-OMS setup are:2Cloud Control ServiceDescriptionSecure ConsoleHTTPS access to Cloud Control ConsoleUnsecure ConsoleHTTP access to Cloud Control ConsoleSecure UploadSecure Agent to OMS communicationAgent RegistrationUnsecure Agent to OMS communication
DEPLOYMENT GUIDEOracle Enterprise Manager 12cConfiguring the BIG-IP system for Oracle Enterprise Manager 12cUse the following table for guidance on configuring the BIG-IP system for Oracle Enterprise Manager. This table contains anynon-default setting you should configure as a part of this deployment. Settings not contained in the table can be configured asapplicable. For specific instructions on configuring individual objects, see the online help or product manuals.Health MonitorsNote: There are two entries for both the Secure Console and the Unsecure Console services. Configuration of these monitorsdiffers depending on whether SSO has been configured for Enterprise Manager authentication. Only one monitor needs to beconfigured for each service, choose the relevant one for your environment.To create a monitor, on the Main tab, expand Local Traffic, and then click Monitors. Click the Create button.After choosing the monitor type, from the Configuration list, select Advanced.Secure Consolewhen not using SSONameGive the monitor a unique name, such as mon ccsc7799TypeHTTPSInterval30Timeout91Send StringGET /em/console/home HTTP/1.1\r\nHost: \r\nConnection: Close \r\n\r\nReceive String/em/login.jspAlias Service Port7799NameGive the monitor a unique name, such as mon ccsc7799TypeHTTPSInterval30Timeout91Send StringGET /empbs/genwallet \r\nReceive StringGenWallet Servlet activatedAlias Service Port7799NameGive the monitor a unique name, such as mon ccuc7788TypeHTTPInterval30Timeout91Send StringGET /em/console/home HTTP/1.1\r\nHost: \r\nConnection: Close \r\n\r\nReceive String/em/login.jspAlias Service Port7788NameGive the monitor a unique name, such as mon ccuc7788TypeHTTPInterval30Timeout91Send StringGET /empbs/genwallet \r\nReceive StringGenWallet Servlet activatedAlias Service Port7788ArSecure Consolewhen using SSONon-default settings/NoteschivedCloud Control ServiceUnsecure Consolewhen not using SSOUnsecure Consolewhen using SSO3
DEPLOYMENT GUIDEOracle Enterprise Manager 12cCloud Control ServiceAgent RegistrationPoolsNameGive the monitor a unique name, such as mon ccsc7799TypeHTTPSInterval30Timeout91Send StringGET /empbs/upload \r\nReceive StringHttp Receiver Servlet active!Alias Service Port4900NameGive the monitor a unique name, such as mon ccsc7799TypeHTTPSInterval30Timeout91Send StringGET /empbs/genwallet \r\nReceive StringGenWallet Servlet activatedAlias Service Port4889chivedSecure UploadNon-default settings/NotesThe next task is to create the load balancing pools. You must create a pool for each of the Cloud Control services as describedin the following table.To create a pool, on the Main tab, expand Local Traffic, and then click Pools. Click the Create button.Cloud Control ServiceNon-default settings/NotesGive the pool a unique name, such as pool ccsc7799Health MonitorsActivate the monitor you created for the Secure ConsoleLoad Balancing MethodLeast Connections (member)New MembersIn the Address box, type the IP address an OMS host. In the Service Port box,type 7799. Repeat for each OMS host.NameGive the pool a unique name, such as pool ccuc7788Health MonitorsActivate the monitor you created for the Unsecure ConsoleLoad Balancing MethodLeast Connections (member)New MembersIn the Address box, type the IP address an OMS host. In the Service Port box,type 7788. Repeat for each OMS host.NameGive the pool a unique name, such as pool ccsu4900Health MonitorsActivate the monitor you created for Secure UploadLoad Balancing MethodLeast Connections (member)New MembersIn the Address box, type the IP address an OMS host. In the Service Port box,type 4900. Repeat for each OMS host.NameGive the pool a unique name, such as pool ccar4889Health MonitorsActivate the monitor you created for Agent RegistrationLoad Balancing MethodLeast Connections (member)New MembersIn the Address box, type the IP address an OMS host. In the Service Port box,type 4889. Repeat for each OMS host.ArNameSecure ConsoleUnsecure ConsoleSecure UploadAgent Registration4
DEPLOYMENT GUIDEOracle Enterprise Manager 12cProfilesThe next task is to create Profiles on the BIG-IP system. You must create profiles for each of the Cloud Control services asdescribed in the following table.To create a Profile, on the Main tab, expand Local Traffic, and then click Profiles. On the Menu bar, click the appropriateprofile type, and then click Create.Cloud Control ServiceNon-default settings/NotesTCP ProfileGive the profile a unique name, such as tcp ccsc7799Parent Profiletcp-lan-optimizedIdle Timeout3600 SecondsPersistence ProfilechivedSecure ConsoleNameNameGive the profile a unique name, such as sourceip ccsc7799Persistence TypeSource Address AffinityTimeoutCheck the Custom box, and then in the Seconds box, type 3600.TCP ProfileUnsecure ConsoleNameGive the profile a unique name, such as tcp ccuc7788Parent Profiletcp-lan-optimizedIdle Timeout3600 SecondsPersistence ProfileNameGive the profile a unique name, such as sourceip ccuc7788Persistence TypeSource Address AffinityTimeoutCheck the Custom box, and then in the Seconds box, type 3600.ArTCP ProfileSecure UploadNameGive the profile a unique name, such as tcp ccsu4900Parent Profiletcp-lan-optimizedIdle Timeout3600 SecondsPersistence ProfileNameGive the profile a unique name, such as sourceip ccsu4900Persistence TypeSource Address AffinityTimeoutCheck the Custom box, and then in the Seconds box, type 3600.TCP ProfileAgent Registration5NameGive the profile a unique name, such as tcp ccar4889Parent Profiletcp-lan-optimizedIdle Timeout3600 SecondsPersistence ProfileNameGive the profile a unique name, such as sourceip ccar4889Persistence TypeSource Address AffinityTimeoutCheck the Custom box, and then in the Seconds box, type 3600.
DEPLOYMENT GUIDEOracle Enterprise Manager 12cVirtual ServersThe final task is to create the BIG-IP virtual servers. You must create a virtual server for each of the Cloud Control services asdescribed in the table on the following page.To create a Virtual Server, on the Main tab, expand Local Traffic, and then click Virtual Servers. Click Create.Cloud Control ServiceNon-default settings/NotesNameGive the virtual server a unique name, such as vs ccsc443DestinationType the IP address you want to use for this virtual serverService PortUnsecure ConsoleProtocol Profile (Client)Select the TCP profile for Secure Console (tcp ccsc7799 in our example)SNAT PoolAutomapDefault PoolSelect the Pool for Secure Console (pool ccsc7799 in our example)Default Persistence ProfileSelect the Persistence Profile for Secure Console ( ccsc7799 in our example)NameGive the virtual server a unique name, such as vs ccuc7788DestinationType the IP address you want to use for this virtual serverService Port7788Protocol Profile (Client)1Select the TCP profile for Unsecure Console (tcp ccuc7788 in our example)SNAT PoolAutomapDefault PoolSelect the Pool for Unsecure Console (pool ccuc7788 in our example)Default Persistence ProfileSelect the Persistence Profile for Unsecure Console (sourceip ccuc7788 inour example)NameGive the virtual server a unique name, such as vs ccsu4900DestinationType the IP address you want to use for this virtual serverchivedSecure Console4431Service PortProtocol Profile (Client)Select the TCP profile for Secure Upload (tcp ccsu4900 in our example)SNAT PoolAutomapDefault PoolSelect the Pool for Secure Upload (pool ccsu4900 in our example)Default Persistence ProfileSelect the Persistence Profile for Secure Upload (sourceip ccsu4900 in ourexample)ArSecure Upload49001Agent Registration1NameGive the virtual server a unique name, such as vs ccar4889DestinationType the IP address you want to use for this virtual serverService Port4889Protocol Profile (Client)1Select the TCP profile for Agent Registration (tcp ccar4889 in our example)SNAT PoolAutomapDefault PoolSelect the Pool for Agent Registration (pool ccar4889 in our example)Default Persistence ProfileSelect the Persistence Profile for Agent Registration (sourceip ccar4889 inour example)You must select Advanced from the Configuration list for this option to appear6
DEPLOYMENT GUIDEOracle Enterprise Manager 12cConfiguring Enterprise Manager for Use with F5 BIG-IP LTMResecure Management ServiceThe management services must now be reconfigured so that the Management Service certificate uses the hostname associatedwith the F5 BIG-IP system. Steps 1 and 2 must be repeated for each configured OMS1.Resecure OMS2.chivedIn our example we issued the following command: emctl secure oms –sysman pwd xxxxxx –reg pwd xxxxxx –host slb.example.com –secureport 4900 –slb port 4900 –slb console port 443 –console –lock –lock consoleOracle Enterprise Manager Cloud Control 12c Release 12.1.0.1.0 Copyright (c) 1996, 2011Oracle Corporation. All rights reserved. Securing OMS. Started.Securing OMS. SuccessfulRestart OMSRestart the OMSAr ./emctl stop oms -allOracle Enterprise Manager Cloud Control 12c Release 12.1.0.1.0 Copyright (c) 1996, 2011Oracle Corporation. All rights reserved. Stopping WebTier.WebTier Successfully Stopped Stopping Oracle Management Server.Oracle Management Server Successfully StoppedAdminServer Successfully StoppedOracle Management Server is Down ./emctl start omsOracle Enterprise Manager Cloud Control 12c Release 12.1.0.1.0 Copyright (c) 1996, 2011Oracle Corporation. All rights reserved. Starting WebTier.WebTier Successfully StartedStarting Oracle Management Server.Oracle Management Server Successfully StartedOracle Management Server is Up3.Resecure all Management Agents ./emctl secure agent -emdWalletSrcUrl https://slb.example.com:4900/emOracle Enterprise Manager 12c Release 1 12.1.0.1.0Copyright (c) 1996, 2011 Oracle Corporation. All rights reserved.Agent successfully stopped. Done.Securing agent. Started.Enter Agent Registration Password :Agent successfully restarted. Done.EMD gensudoprops completed successfullySecuring agent. Successful.7
DEPLOYMENT GUIDEOracle Enterprise Manager 12cVerify Status of Management ServicechivedThe OMS configuration can be checked using the emctl status oms –details command.Following successful configuration this should show that the SLB or virtual hostname field has beenset. ./emctl status oms -detailsOracle Enterprise Manager Cloud Control 12c Release 12.1.0.1.0Copyright (c) 1996, 2011 Oracle Corporation. All rights reserved.Enter Enterprise Manager Root (SYSMAN) Password :Console Server Host : omsa.example.comHTTP Console Port : 7788HTTPS Console Port : 7799HTTP Upload Port : 4889HTTPS Upload Port : 4900SLB or virtual hostname: slb.example.comHTTPS SLB Upload Port : 4900HTTPS SLB Console Port : 443Agent Upload is locked.OMS Console is unlocked.Active CA ID: 1Console URL: https://slb.example.com:443/emUpload URL: https://slb.example.com:4900/empbs/uploadWLS Domain InformationDomain Name : GCDomainAdmin Server Host: omsa.xxx.xxx.xxxArManaged Server Information Managed Server Instance Name: EMGC OMS1Managed Server Instance Host: omsa.xxx.xxx.xxx8
9DEPLOYMENT GUIDEOracle Enterprise Manager 12cDocument Revision HistoryVersionNew documentDate05/01/2012Archived1.0DescriptionF5 Networks, Inc. 401 Elliott Avenue West, Seattle, WA 98119F5 Networks, Inc.Corporate Headquartersinfo@f5.comF5 NetworksAsia-Pacificapacinfo@f5.com888-882-4447F5 Networks .comF5 NetworksJapan K.K.f5j-info@f5.com 2012 F5 Networks, Inc. All rights reserved. F5, F5 Networks, the F5 logo, and IT agility. Your way., are trademarks of F5 Networks, Inc. in the U.S. and in certain other countries. Other F5 trademarks are identifiedat f5.com. Any other products, services, or company names referenced herein may be trademarks of their respective owners with no endorsement or affiliation, express or implied, claimed by F5.
layer of security for Oracle Enterprise Manager 12c deployments. Oracle Enterprise Manager is Oracle's integrated enterprise IT management product line and . provides the industry's first complete cloud lifecycle management solution. Oracle Enterprise Manager's Business-Driven IT Management capabilities allow you to quickly set up, manage and
