Database Reference
In-Depth Information
Chapter 18
Defending Enterprise Manager 12C
EM12c is a great tool for automating general administration to large estates and also for coordinating the different layers
within an application architecture. It is also the natural tool to use for deploying secure configurations and reporting on
their effectiveness, but centralizing all of this power in one place raises the obvious question of how to secure EM12c
itself. That is the subject of this chapter. First we will look at securing availability and then network communications.
We'll also look at how users are affected and, finally, at the repository which represents the potential weak link.
Securing Availability
In terms of securing availability of EM12c, a common issue is that the database account used for the agent becomes
either locked or expired due to the profile which is attached to the EM target DB account.
If this happens in EM you will see that the DB is termed as being “DOWN,” and the error message will say that
the agent account is locked and/or expired. For a novice DBA this is not a helpful error message, as the name of the
account is missing as shown in Figure
18-1
, and the DB is not actually “DOWN” as such - just not contactable.
Figure 18-1.
Error message for agent disconnection is for DBSNMP
The agent DB account is called “DBSNMP,” and the way to fix this issue is to log on to the target DB and
unlock/unexpire DBSNMP.
Alter user dbsnmp account unlock;
