Running Oracle Enterprise Manager 13c in Oracle Cloud

8 min readMar 15, 2019

Just recently a new image was posted on the OCI Marketplace called Oracle Enterprise Manager 13.3 that would make life a lot easier for many of us trying to manage their cloud (and on premise) databases using OEM.

The cool thing about this image is that it offers you a prepackaged installation of OEM so you don’t have to spend days installing and configuring it on Oracle Cloud.

Getting it up an running is quite easy but you will have to follow some guidelines to configure the environment correctly.

First we need to create some policies and dynamic groups before creating the instance, these are needed to attach a network disk and opening some ports in the cloud firewall.

1. Create a Dynamic Group with your compartment OCID

Click on the burger button on the top of the main page after logging to Oracle Cloud, and go to Identity and Compartments:

Click on your root compartment and copy the OCID:

Now we are going to create a Dynamic Group to group the instances of the Compartment. Click on the Identity link on the same page :

Then Dynamic Groups and Create Dynamic Group :

Give a name and a description to the Group and paste the following code replacing your own Compartement OCID from before with what I have:

ALL {instance.compartment.id = 'ocid1.compartment.oc1..aaaaaaaa24qo6imwe3alhqqg44taorogkxxxkdp6jykuyixxxiuwxqxxx5q'}

2. Create a Policy

After the group is created click on the Policies link and then Create Policy. Again keep in mind that you are in the ROOT compartment before creating the policy and not in any sub-compartments.

Again give a name, description to the Policy and add the two following policy statements then save it:

Allow dynamic-group OEM_Group to manage instance-family in tenancyAllow dynamic-group OEM_Group to manage volume-family in tenancy

In case you have issues with creating the policy above getting an error message like :

InvalidParameter — The tenancy id ocid1.tenancy.oc1..aaaaaaaadeoj3n5gq7dp5haw4smiepeld7q doesn’t exists or not authorized within compartment ocid1.compartment.oc1..aaaaaaaa37w3nd7qo52hgwhtltjffvumeny6ywga.

Then a workaround would be to create the policy in a sub compartment and then change the policy accordingly :

2. Create a VCN (optional)

If this is your first time creating a VCN then go ahead and do this step. If you already have a VCN created and other instances like databases and compute on this VCN network then you can skip it.

Go on the Menu then Networking and Virtual Cloud Networks :

Create a new VCN :

Put the new VCN in your own (root) compartment, give it a name and the most important step is to select the second radio button “CREATE VIRTUAL CLOUD NETWORK PLUS RELATED RESOURCES” and click Create at the end of the page.

3. Open ports on the Oracle Cloud firewall

The last step before actually spinning up the Enteprise Manager instance is to open a few ports on the VCN . Still on the VCN page click on the newly created VCN (or the one you have already)

Then go to Security Lists on the left hand menu, then click on the Default Security List for Virtual Cloud Network :

Click on Edit All Rules :

Scroll down the list until you find this button with “+Anothe Ingress Rule” and click on it:

You will need to add 4 rules to open ports for, add the Source CIDR as 0.0.0.0/0 and paste the following ports for each Destination Port Range:

7803 — Console4903 — Agent Upload7301 — JVMD9851 — BIP

Then click on Save Security List Rules:

4. Creating the Enterprise Manager instance

Where do you find it? You have two options, you either find it directly in the Oracle Marketplace (and I will show you how) or by going through the Compute menu and changing the image source to Oracle Images. So to find the Marketplace you start by clicking on the hamburger button on top-left of OCI default page and it should appear down the list like here:

In the list you need to find OEM13 and click on it:

The following page is very useful as you can the official User Guide down the bottom as well as other useful links. Click on the Launch Instance button:

Agree to the Term of Use and select the compartment where you want to deploy the instance (usually root compartment or the same where you have your other databases deployed)

Next give a name to your instance and select the shape you want for it. I chose VM.Standard2.2 with 2 Core OCPUs and 30GB of memory to have a decent performance. We recommend Bare Metal for best performance but that isn’t available on the free trials. You can go to a bigger shape instance to have more OCPUs or lower it even to 1 if you want. The Availability Domain of your OEM is also important, you want it to be the same you have your Oracle Cloud databases on so you get better network performance and less complexity managing it.

Next would be the default boot volume — this you can leave as it is. SSH key - you won’t be using username/password to connect to the instance but public/private keys using SSH. If you do not have a public/private key and don’t know how to generate one using PuttyGen you can have look at my Database on OCI guide and I explain in detail how to do it there, it’s a long article so just search PuttyGen and you will find it quickly.

The last step is to select the VCN we made earlier and attach it to the instance so that it can have a public IP and communicate with other cloud or on premise databases.

Accessing the Oracle Enterprise Manager Console

The instance will take a few minutes to be ready, I would actually recommend waiting for around a half an hour or so to give time to all the installation scripts to finish up and have the database and middleware up and running.

Then get the Public IP of the OEM instance by going to the burger menu, click on Compute and then Instances:

Click on the name of the instance and you will find the Public IP like here:

We are going to use this IP to connect using Putty, please use user opc and add your private key to the connection. If you are new to Putty, you can find a easy post with all the details to configure Puty HERE.

Change to ‘oracle’ user by executing below in the command line

[opc@oem ~]$ sudo su - oracle

If you want to check if Enterprise Manager is up and running you can type this as user oracle :

[opc@oem ~]$ /u01/app/em13c/middleware/bin/emctl status oms

Find the password for SYSMAN so we connect to the web console by switching back to root user and typing:

[oracle@oem ~]$exit
[opc@oem ~]$  sudo su - 
[root@oem ~]# cat /root/.oem/.sysman.pwd

To change the password for SYSMAN you need to use the following command :

/u01/app/em13c/middleware/bin/emctl config oms -change_repos_pwd

Let’s finally login to EM13.3 Console now, it’s been a long journey but you made it :)

Type in your browser the following (add you own OEM IP) :

https://<public ip address>:7803/em

For me it would be https://190.61.110.231:7803/em

If you get a warning it’s due to the fact that the SSL certificate is self-signed so you will need to click Advanced and add it to the exception lists like :