Oracle Cloud Database-related Prerequisite Tasks
Before you enable and use Database Management Diagnostics & Management for Oracle Cloud Databases, you must complete the prerequisite tasks listed in the following table.
Currently, you can use Diagnostics & Management to monitor and manage the Oracle Databases running on the following Oracle Database cloud solutions:
- Base Database Service
- ExaDB-D
- ExaDB-C@C
Task | Description | More Information |
---|---|---|
Grant a database user the privileges required to monitor and manage the Oracle Cloud Database and save the database user password in a secret | You must grant the database user the privileges required
to monitor and manage the Oracle Cloud Database using Diagnostics &
Management. You can use the available SQL scripts to create a new
database user with the required set of privileges to monitor the Oracle
Cloud Database or to perform advanced diagnostics and administrative
tasks.
Use the Oracle Cloud Infrastructure Vault service to save the database user password in a secret with an encryption key. The Vault service is a managed service that enables you to centrally manage the encryption keys that protect your data and the secret credentials that you use to securely access resources. Note that if you change the database user password, then you must also update the secret with the new password by creating a new version of the secret and updating the contents. Configure Gradual Password Rollover For Oracle Databases 19c and later, it's recommended that you define a gradual password rollover time, which allows you to connect to the database using both the old and new passwords during the gradual rollover time period. Since both the old and new passwords are valid for some time, downtime is minimized. Using a gradual password rollover, you can avoid any disruptions in the use of Diagnostics & Management features for your databases. |
For information on the required database user privileges,
see Database User Privileges Required for Diagnostics & Management.
For information on the SQL script to create a monitoring user with the privileges required to monitor the Oracle Cloud Database, see Creating the Oracle Database Monitoring Credentials for Database Management (Doc ID 2857604.1) in My Oracle Support. For information on the SQL script to create a user with the privileges required to perform advanced diagnostics and administrative tasks, see Creating the Oracle Database Management Advanced Diagnostics User and Administration User (Doc ID 2978493.1) in My Oracle Support. For information on the Vault service, its concepts, and how to create vaults, keys, and secrets, see Vault. For information on the Gradual Password Rollover feature, see Managing Gradual Database Password Rollover for Applications in Oracle Database Security Guide. |
Enable communication between Database Management and the Oracle Cloud Database |
For Oracle Cloud Databases in Base Database Service and ExaDB-D
For Oracle Cloud Databases in ExaDB-D and ExaDB-C@C Enable communication and data collection using a Management Agent. You must ensure that a Management Agent 210403.1349 or later is installed on one of the nodes in the Exadata cluster. The installed Management Agent requires:
Note that you can either use a private endpoint or a Management Agent to enable communication between Database Management and Oracle Cloud Databases in ExaDB-D. |
For information on how to create a Database Management private endpoint, see Create a Database Management Private Endpoint for Oracle Cloud Databases.
For information on how to enable communication between Database Management and the Oracle Cloud Database, see Enable Communication Between Database Management and Oracle Cloud Databases. For generic information on how to install a Management Agent, see Perform Prerequisites for Deploying Management Agents and Install Management Agents. For information on how to install a Management Agent on Exadata Cloud, see Observability & Management Support For Exadata Cloud (Doc ID 3015115.1) in My Oracle Support. |
Save the database wallet as a secret in the Vault service if you want to use the TCPS protocol when enabling Diagnostics & Management (Optional) | If you opt to use the TCP/IP with Transport Layer
Security (TCPS) protocol to securely connect to the Oracle Cloud
Database, then you're required to enter the port number and upload the
database wallet when enabling Diagnostics & Management.
The authentication and signing credentials, including the private keys, certificates, and trusted certificates used by Transport Layer Security (TLS) are stored in a wallet. This wallet must be saved as a secret with an encryption key in the Vault service. The supported database wallet formats are:
Note that the JKS and PKCS wallet formats are not supported in the US Gov realms and only the BCFKS wallet format is supported. |
For information on how to configure TLS authentication,
see Configuring Transport
Layer Security Authentication in Oracle
Database Security Guide.
For information on the Vault service, its concepts, and how to create vaults, keys, and secrets, see Vault. |