13.1 What Is the OEM? The Oracle Enterprise Manager lets DBAs manage one or more databases on one or more platforms in one or more locations all from the same console. You can easily view all of the objects associated with a particular database or group of databases, and you can perform day-to-day tasks from the central console screen. In the following sections, we'll first examine the general composition of the OEM, then we'll discuss how the OEM can assist you in performing the tasks which will help secure the database. 13.1.1 The OEM Components The OEM is made up of the following components: -
A set of console screens from which you can manage databases and software distribution -
A database repository in which information for the tool's use is stored -
A set of database tools for performing DBA tasks -
A job scheduler -
An event management system -
A graphical interface to the Recovery Manager tools (not available in Oracle7) -
One intelligent agent per node to support communication between the databases on that node and the OEM From the console, you can: -
View the makeup of, and administer to, several databases on one or more nodes at once -
Access the various database administration tool manager options -
Schedule jobs to run on one or more nodes against one or more databases -
Monitor one or more databases for various events and notify designated people by displaying a message back to the OEM console, sending email, and/or paging a specific person or group of people Along with the tasks listed above, you can also customize your view of the network using the graphical maps provided by Oracle with the tool, or you can create personalized representations of meaningful backgrounds on which to place icons of the databases being managed in a specific group. For example, you might take an organizational chart drawn as a bitmap and place icons of the databases that belong to each of your departments in that department's area of the chart. Using the OEM, you can also distribute Oracle software to multiple servers in a coordinated manner. You can even configure the tool to launch other Oracle "cartridges" or third-party tools. 13.1.2 The DBA Toolkit The database administration toolkit provided with the OEM consists of several different components you can access in any of the following ways: -
From the pull-down menu at the top of the OEM console screen -
From the manager icons just below the pull-down menu -
From the navigator object display by clicking the right mouse button -
From the Start  Program Oracle Enterprise Manager  Administrator Toolbar Window menu -
From the stand-alone Database Administrator Toolbar which you can configure to be displayed at system boot time Figure 13.1 shows the "floating" Database Administrator Toolbar for OEM release 1.5.0. Figure 13.1. The Database Administrator Toolbar for release 1.5.0  The icons shown in this figure represent the following pieces of manager software (we'll describe each manager below): -
Lock icon the Security Manager -
Tree icon the Schema Manager -
Disk icon the Storage Manager -
SQL icon the Work Sheet -
Flags icon the Instance Manager -
PC icon the Net8 Assistant  | Not all of the managers in the OEM are accessible from the Administrator Toolbar. | | In later sections, we'll show you the ways you can use each manager to help make your database more secure. For Oracle's version 8.0.4 with OEM release 1.5.0, the available components are: - Backup Manager
-
Used to back up, recover, and restore a database. In Oracle8, the Enterprise Manager uses the new Recovery Manager to provide these utilities. - Data Manager
-
Used to export, import, and load data. - Instance Manager
-
Provides the ability to start up and shut down the database, modify initialization file ( INIT.ORA ) parameters, and manage in-doubt transactions and user sessions. - Replication Manager
-
Enables you to create and manage both simple and complex database replication. - Schema Manager
-
Used to create, edit, and examine schema objects like tables, indexes, triggers, procedures, packages, etc. - Security Manger
-
Used to administer users, privileges, and profiles. - SQL Worksheet
-
Used to create and run your SQL statements and PL/SQL code, and "canned" Oracle-provided scripts for environment establishment (e.g., the CATALOG.SQL and CATPROC.SQL scripts). - Storage Manager
-
Used to administer tablespaces, rollback segments, and datafiles. - Software Manager
-
Enables you to distribute Oracle software from one central place. | | In Oracle8, the Backup Manager uses the Recovery Manager utility to perform any backup or recovery work from the OEM. See Chapter 12, for more information on the Recovery Manager. | | For an additional fee, the Oracle Performance Packs are available to assist you with database performance tuning. In the Oracle7 versions of the OEM, there is only one performance pack. For Oracle8, the product has been divided and is being marketed as several separate packs . 13.1.3 Specifying the Database Repository There are several considerations and decisions you need to resolve before you start the OEM for the first time. As you configure and run the OEM, the information is gathered and the configuration work you do is stored within a central repository. Each time you log on to the OEM, you are prompted with the name , password, and network location of the database in which the OEM has stored or will store repository data. Therefore, you need to decide what database you will use to house the console repository and what user/schema area you will create for the name and password for the repository. Since the repository can reside in a database by itself or in a database on one of the servers that will be administered from the console, be sure to choose an easily recognized and meaningful name. For example, you might decide to use a name like OEM_REP for the repository schema. Once you've decided on a meaningful name, you need to take the following steps: -
Create the account for the user/schema area. -
Grant the Oracle-supplied DBA default role to this account. -
Create a tablespace with enough space to support the repository. -
Assign the tablespace to the repository user/schema area as the "default tablespace." -
Decide what form of backup(s) you will use to ensure that you can recover your OEM console repository. -
Determine where your backups will be stored and how often you will back up the repository. 13.1.4 A Potential Security Problem Because the OEM gives you the ability to perform major database administration tasks like starting up and shutting down a database from a remote console, the machine from which the OEM console is run must be protected from casual user access. From almost every DBA toolkit option, the OEM provides the person using the utilities the ability to "change roles." If the console is not protected and the console screen is available to casual users, a user could potentially access the "change role" option, enable a privileged role like SYSDBA, and access the database with much greater privileges than he or she would normally be entitled to. Remember that the curious user can do as much or more damage accidentally than a person who is bent on sabotaging a system. For example, a curious user could access the system tables and modify either the structure or data within a privileged area without realizing the damage he or she is actually doing. 13.1.5 Running the Oracle Enterprise Manager When you start the OEM, the first thing you see is the tool's splash screen. Once the splash screen has been displayed, you see the normal Oracle logon screen superimposed on the logo (see Figure 13.2). You are prompted for the username, password, and platform on which the repository is located. If you are using the default database on your Windows NT or Windows 95 machine as the site for the repository and are logging on from that machine, you do not have to enter a value in the Service area. Figure 13.2. The Oracle Enterprise Manager logon screen with logo  The window displayed when you first connect to the OEM consists of four sections (see Figure 13.3). The Navigator section (top left) enables you to: -
Connect to various databases -
Determine what is in a database -
Perform DBA duties -
Copy information from one database to another -
Perform quick edits of anything The Map section (top right) enables you to: -
Create, delete, and modify locations of databases on a visual map -
Start up or shut down a database -
View and administer to the databases of interest as one group The Job Scheduler section (bottom left) is a multi-threaded communications daemon that enables you to: The Event Scheduler section (bottom right) enables you to: Figure 13.3. The Oracle Enterprise Manager control panel  After you have begun to interact with the OEM console, if you leave the console screen with, say, only the navigation section visible, when you restart the OEM, the tool will remember and redisplay the last configuration of the console's appearance. However, if you resize a display from one of the utilities, the resized configuration will not be retained and you will either have to resize it each time you access that particular display or live with the default display. |
