Database Reference
In-Depth Information
Chapter 17
Enterprise Manager 12C as a
Security Tool
Enterprise Manager (EM) is a three-tier application that is used by DBAs and their managers to centrally administrate
a large database estate using a widely accessible web interface. EM allows reporting, monitoring, and administration
on a large scale and can integrate application, DB, and OS tiers into a single system architecture. This makes EM a
very powerful tool, as it reduces costs and increases efficiency and availability and can
potentially
decrease security
risk. Database Control is a similar interface to EM but is limited to individual DB hosts, whereas EM grid/cloud
control can scale up to manage many databases.
EM is carefully guarded by DBA teams, so security and compliance folks often do not get their hands on this
software or even know that it exists. Chapters 17 and 18 will take some time to bring you up to speed with EM. Many
DBA managers will be familiar with the software but perhaps not so familiar with how to use it as a security tool.
Using EM12c correctly is the most important challenge for reducing Oracle security risk so we will spend the next few
chapters on this subject.
There are two main aspects to Enterprise Manager 12c (EM12c) security: how to use EM12c to secure the estate,
which is covered in this chapter, and how to secure EM12c itself, which is the subject of the following chapter.
This chapter on using EM12c as a security tool will describe how to compare DB configurations to each other or
to templates presenting standard policy. It will show how EM12c is both a DBA and an SA tool by using host
OS commands, and will also show how to audit those commands. We will build this theory into an example of
state-checking glogin.sql from EM using facets, and finally we will discuss patching with EM.
Let's start with a look at EM12c in general.
EM12c Introduction and General Usage
Enterprise Manager has been available since 8i. EM has gained massive usage within the DBA community partly due
to its ease of use but also due to its “show SQL,” which is a great learning tool, though you may find EM is largely used
for performance-monitoring graphs. Figure
17-1
shows the introductory summary page to EM.
