USER GUIDE

Product Snow Inventory Oracle Scanner

Version 2.3

Release date 2016-05-26

Document date 2016-10-31

Page 2 of 16

CONTENT ABOUT THIS DOCUMENT ......................................................................................................................................... 3

OVERVIEW ............................................................................................................................................................... 3

OPERATING SYSTEMS SUPPORTED ............................................................................................................................... 3 DEPENDENCY ON OTHER SNOW PRODUCTS ................................................................................................................... 3 PREREQUISITES ........................................................................................................................................................ 3

Windows ......................................................................................................................................................... 3 Linux and Unix ................................................................................................................................................ 3

FILES ..................................................................................................................................................................... 4 INSTALLATION ......................................................................................................................................................... 5

AUTOMATIC ORACLE INVENTORY ............................................................................................................................ 6

ORACLE INVENTORY WITH SPECIFIC USER AND PERMISSIONS ............................................................................................. 6 ORACLE PERMISSIONS REQUIRED ................................................................................................................................. 7

CONFIGURATION AND RUNNING ............................................................................................................................. 9

CONFIGURATION XML FILE ........................................................................................................................................ 9 OUTPUT ............................................................................................................................................................... 11 ENCRYPTION OF PASSWORDS.................................................................................................................................... 11 SCHEDULING ......................................................................................................................................................... 11

KNOWN ISSUES ...................................................................................................................................................... 11

APPENDIX ............................................................................................................................................................... 12

CONFIGURATION EXAMPLES ..................................................................................................................................... 12 Example 1: Minimal configuration file ......................................................................................................... 12 Example 2: Advanced Oracle configuration ................................................................................................. 13 Example 3: Advanced Oracle configuration ................................................................................................. 14 Example 4: Advanced Oracle configuration ................................................................................................. 15 Example 5: Advanced Oracle configuration ................................................................................................. 16

Page 3 of 16

ABOUT THIS DOCUMENT This document describes how to configure the Snow Inventory Oracle Scanner.

OVERVIEW From version 2.0 the Snow Inventory Oracle Scanner is a Java program. This makes the scanner platform independent and it can be run on a variety of platforms.

OPERATING SYSTEMS SUPPORTED For information on supported operating systems, see the document System Requirements for all Snow products, which is available for download at www.snowsoftware.com/int/download.

DEPENDENCY ON OTHER SNOW PRODUCTS The Snow Inventory Oracle Scanner is started from a Snow Inventory Client. This version of the Snow Inventory Oracle Scanner requires Snow Inventory Data Provider version 4.6 or higher to be installed on the Snow system platform.

PREREQUISITES To run the Snow Inventory Oracle Scanner, the target computer is required to have Java Runtime Environment 6.0 (1.6) or later installed.

NOTE: Due to an internal defect in Java, Java Runtime Environment 1.7.0_7 must not be used. See section Known issues for more information.

WINDOWS In Windows the Oracle Scanner is run with an administrative user account (Local Admin on the server).

LINUX AND UNIX In Linux and Unix there are two privilege options for running the Oracle Scanner, and each option is described in the sections below.

FULL PRIVILEGES

A user with root privileges or a user with privileges to run the Java runtime with the sudo program is required.

Page 4 of 16

PRINCIPLE OF LEAST PRIVILEGES

A user is required that has sudo rights to specific operating system commands depending on operating system, see table below. The sudoers file also need to have the NOPASSWD option set.

An Oracle database user is required for each database that is to be inventoried.

The user can be the same for all databases and then configured in the configuration file with the <DefaultInstanceCredentials>. The user can also be unique and configured with the <InstancesWithConfiguration>, see section

below.

Example from sudoers file for Solaris.

User snow has the rights to execute the commands with sudo and no password:

## ## User privilege specification ## root ALL=(ALL) ALL snow ALL=NOPASSWD: /usr/bin/pwdx

Following commands are used for determining OracleHome.

Operating system Command

Solaris pwdx

AIX and Linux ls

HP-UX pfiles

FILES

File Description

sios.jar This is the only required file for the Snow Inventory Oracle Scanner. It is an executable Java archive that performs inventory of Oracle databases on the current server that it is executed on.

sios.jar is started from a Snow Inventory Client.

sios.xml Configuration file used for advanced configuration when using the Inventory clients for Windows and Linux (optional).

When using the Inventory client for Unix, configuration of the Snow Inventory Oracle Scanner is done in the configuration file of the Unix client.

sios.log Log file

sios.properties Properties file containing information about installation date, last run date, Java version, output filename, and version.

<resultfile>.xml The result file from the Snow Inventory Oracle Scanner

Page 5 of 16

INSTALLATION The Snow Inventory Oracle Scanner is integrated into all Snow Inventory Clients. When requesting a Snow Inventory Client for the desired operating systems the customer needs to specify that the Oracle Management Option needs to be included.

Page 6 of 16

AUTOMATIC ORACLE INVENTORY The Snow Inventory Oracle Scanner is designed to perform automatic Oracle inventory without the need of providing or creating a specific user account within the Oracle databases. It automatically discovers all running Oracle instances on the current server, detects what user is running each database instance, and switches to that specific user when inventorying the databases. No specific permissions or no specific user is needed for the databases that are to be inventoried.

The Oracle Scanner is designed to be lightweight and scalable regarding size and number of objects in database. Resource consumption is mainly CPU bound since metadata is often available in memory.

The Snow Inventory Oracle Scanner is non-invasive and read-only, meaning that only read operations are performed when querying the database(s). It performs only SELECT queries based on PL/SQL blocks to extract necessary inventory data that is used for analyzing needs of a license.

Snow Software recommends the use of Automatic Oracle Inventory rather than setting up specific user accounts or permission for each Oracle database

ORACLE INVENTORY WITH SPECIFIC USER AND PERMISSIONS If specific credentials are required for the Oracle inventory, a user account needs to be created with SELECT permissions on ALL TABLES and DICTIONARY in all databases. The account also needs to be able to CREATE SESSION. This is done by granting the user “SELECT ANY” privileges on “TABLE” and “DICTIONARY”, see the example below.

The user needs to be created and permissions need to be granted on each database that is to be inventoried.

Example: Create the user <Oracle Scanner User> and grant SELECT ANY privileges in earlier versions than Oracle 12:

For Oracle 12, the user needs to be created as a common user, which is done by typing “c##” before the username. Also, CONTAINER=ALL must be added to each line, see example below.

Example: Create the user <Oracle Scanner User> and grant SELECT ANY privileges in Oracle 12:

CREATE USER <Oracle Scanner User> identified by <Password>;

GRANT CREATE SESSION TO <Oracle Scanner User>;

GRANT SELECT ANY TABLE to <Oracle Scanner User>;

GRANT SELECT ANY DICTIONARY to <Oracle Scanner User>;

CREATE USER c##<Oracle Scanner User> identified by <Password> CONTAINER=ALL;

GRANT CREATE SESSION TO c##<Oracle Scanner User> CONTAINER=ALL;

GRANT SELECT ANY TABLE to c##<Oracle Scanner User> CONTAINER=ALL;

GRANT SELECT ANY DICTIONARY to c##<Oracle Scanner User> CONTAINER=ALL;

Page 7 of 16

ORACLE PERMISSIONS REQUIRED When performing automatic Oracle inventory via the user that runs the database instance, the required permissions are already granted to the user. When performing Oracle inventory using a specific Oracle user, the user needs to be granted the permissions required as illustrated in the section above (Oracle Inventory with specific user and permissions).

In both cases the following objects are accessed and the user needs to be able to run SELECT queries towards these tables/views.

Owner Table

APPS FND_PRODUCT_GROUPS

CONTENT ODM_DOCUMENT

CONTENT ODM_RECORD

DMSYS DM$MODEL

DMSYS DM$OBJECT

DVSYS DBA_DV_REALM

LBACSYS LBAC$POLT

MDSYS SDO_GEOM_METADATA_TABLE

ODM ODM_MINING_MODEL

OLAPSYS DBA$OLAP_CUBES

Owner Table

SYS ALL_VIEWS

SYS CDB_PDB_HISTORY

SYS DBA_ADVISOR_TASKS

SYS DBA_AWS

SYS DBA_CPU_USAGE_STATISTICS

SYS DBA_CUBES

SYS DBA_ENCRYPTED_COLUMNS

SYS DBA_FEATURE_USAGE_STATISTICS

SYS DBA_FLASHBACK_ARCHIVE

SYS DBA_FLASHBACK_ARCHIVE_TABLES

SYS DBA_LOB_PARTITIONS

SYS DBA_LOB_SUBPARTITIONS

SYS DBA_LOBS

SYS DBA_MINING_MODELS

SYS DBA_OBJECTS

SYS DBA_REGISTRY

SYS DBA_SEGMENTS

SYS DBA_SQL_PROFILES

SYS DBA_SQLSET

SYS DBA_SQLSET_REFERENCES

SYS DBA_TAB_PARTITIONS

SYS DBA_TAB_SUBPARTITIONS

Page 8 of 16

Owner Table

SYS DBA_TABLES

SYS DBA_TABLESPACES

SYS DBA_USERS

SYS DBA_WORKLOAD_CAPTURES

SYS DBA_WORKLOAD_FILTERS

SYS DBA_WORKLOAD_REPLAYS

SYS GV_$INSTANCE

SYS GV_$PARAMETER

SYS MODEL$

SYS V_$ARCHIVE_DEST_STATUS

SYS V_$BLOCK_CHANGE_TRACKING

SYS V_$CONTAINERS

SYS V_$DATABASE

SYS V_$INSTANCE

SYS V_$LICENSE

SYS V_$OPTION

SYS V_$PARAMETER

SYS V_$PDBS

SYS V_$SESSION

SYS V_$SESSION_CONNECT_INFO

Owner Table

SYSMAN MGMT_ADMIN_LICENSES

SYSMAN MGMT_FU_REGISTRATIONS

SYSMAN MGMT_FU_STATISTICS

SYSMAN MGMT_LICENSE_CONFIRMATION

SYSMAN MGMT_LICENSE_DEFINITIONS

SYSMAN MGMT_LICENSED_TARGETS

SYSMAN MGMT_LICENSES

SYSMAN MGMT_TARGET_TYPES

SYSMAN MGMT_TARGETS

If Database Vault is enabled, then SYS or the specific Oracle user must have PARTICIPANT or OWNER

authorization on 'Oracle Database Vault' realm and DV_SECANALYST role for querying Oracle

Database Vault-supplied views.

Page 9 of 16

CONFIGURATION AND RUNNING The Snow Inventory Oracle Scanner can be configured by using a configuration file.

CONFIGURATION XML FILE The configuration file is XML-based and contains the elements described in the table.

NOTE: If the string $ORACLE_HOME in specified in the value attribute of an <Environment><Item> element, it will be replaced by the determined OracleHome for the current instance. Example:

<Item variable="LD_LIBRARY_PATH" value="$ORACLE_HOME/lib:$ORACLE_HOME/lib64:$ORACLE_HOME/lib32"/>

NOTE: When enabling TNS (Transparent Network Substrate), make sure to configure the Oracle database accordingly.

For example, place TNSNAMES first in the order of the naming methods used for client name resolution, i.e. NAMES.DIRECTORY_PATH=(TNSNAMES) in the $ORACLE_HOME/network/admin/sqlnet.ora file.

Also, the $ORACLE_HOME/network/admin/tnsnames.ora file must contain the corresponding entries.

Parameter Description

<SiteName> Snow site name. i.e. MyCorp

<OutputPath> Path to where output and log files will be placed

<StoragePath> Path to where properties files will be placed

<OracleScan> true/false Default = true

<OracleConfig> Main element of all Oracle specific options Can be left out, for automatic inventory, if left out none of the configuration below applies.

<DiscoverAllInstances> true/false Must be present if OracleConfig is used

<IncludeInstances> Only scan specified instances instead of all instances (DiscoverAllInstances must then be set to false). Can be left out.

<SID> Database instance SID. Can be repeated.

<ExcludeInstances> Exclude database instances from being scanned. Can be left out.

<SID> Database instance SID. Can be repeated.

<Environment> Optional element for specifying environment variables for all instances.

Page 10 of 16

Parameter Description

<Item variable=”NAME” value=”VALUE”/> Specifies a single environment variable. Use multiple Item elements to specify multiple environment variables. If variables are specified for specific instances, any variables set here will not be used.

<Oratab> Specifies the path to the Oratab file. When OracleHome is not set for an instance, the application will read the specified Oratab file and try to determine the OracleHome for that specific instance. If this fails, the normal procedure will be used for determining OracleHome.

<DefaultInstanceCredentials> Default credentials to use when logging into a database instance if no specific credentials are specified for the specific instance. Can be left out.

<User>

- or –

<User UseTNS=”VALUE”>

Element for specifying default Oracle credentials. If no User element is present, OS Authentication will be used.

VALUE = true/false If set to true, TNS login will be used. If set to false or if the UseTNS attribute is left out, DB authentication will be used.

<Username> Username

<Password> Password, encrypted (see section Encryption of passwords)

<InstancesWithConfiguration> Credentials for specific database instances. Can be left out.

<Instance> Database instance. Can be repeated.

<SID> Database instance SID.

<User>

- or –

<User UseTNS=”VALUE”>

Element for specifying default Oracle credentials. If no User element is present for this instance, the user defined for the default instance will be used instead.

VALUE = true/false If set to true, TNS login will be used. If set to false or if the UseTNS attribute is left out, DB authentication will be used.

<Username> Username

<Password> Password, encrypted (see section Encryption of passwords)

<OracleHome> Path to the Oracle home for the instance. If the OracleHome path is set, no automatic scanning for determining this path is performed.

<Environment> Optional element for specifying environment variables for the specific instance. If the Environment element is used, but no Item element is specified, no variables will be used, not even from the Environment element used to specify variables for all instances.

Page 11 of 16

Parameter Description

<Item variable=”NAME” value=”VALUE”/> Optional element. Specifies a single environment variable. Use multiple Item elements to specify multiple environment variables.

OUTPUT The information from Snow Inventory Oracle Scanner will be integrated with the information collected by the Snow Inventory Client.

ENCRYPTION OF PASSWORDS Encryption of passwords used in the configuration file and on the command line can be achieved by using a support program called snowcrypt which is available from Snow Support. It is a Windows only program which is run from a command prompt.

The program is used in the following way, and the result is displayed on the next line of the command prompt:

C:\Snowutils> snowcrypt encryptpass2 MyPassword 145f737f4f357d0ef01ffcc6ee8bd8576ebafcf8e36dfc5ed3c109bae2b24e6f5

SCHEDULING Scheduling is described in the document of the specific Snow Inventory Client that is used.

KNOWN ISSUES The Java Runtime Environment (JRE) 1.7.0_07 contains a defect with the consequence that the Oracle inventory does not work. Any server running JRE 1.7.0_07 must upgrade to a later version for the Snow Inventory Oracle scanner to work properly.

There is a validation on the configuration XML file. This means that some items must be in a specific order in the XML file. In case that a failure occurs related to the configuration file, check the order of the XML tags.

Page 12 of 16

APPENDIX CONFIGURATION EXAMPLES

EXAMPLE 1: MINIMAL CONFIGURATION FILE All active database instances on the server will be scanned. The result and log file will be placed in the same directory as the Oracle scanner.

<?xml version="1.0" encoding="UTF-8"?> <SnowConfig> <SiteName>MyCorp</SiteName> </SnowConfig>

Page 13 of 16

EXAMPLE 2: ADVANCED ORACLE CONFIGURATION All active database instances on server will be scanned, except for DbInstance1.

All instances will be scanned with the user Username 1 and corresponding password, except for DbInstance2 that will be scanned with the user Username 2 and corresponding password. In addition, TNS will be used for DbInstance2.

The result and log file will be placed in the sub directory files.

<?xml version="1.0" encoding="UTF-8"?> <SnowConfig> <SiteName>MyCorp</SiteName> <OutputPath>files</OutputPath> <OracleConfig> <DiscoverAllInstances>true</DiscoverAllInstances> <ExcludeInstances> <SID>DbInstance1</SID> </ExcludeInstances> <DefaultInstanceCredentials> <User> <Username>Username 1</Username> <Password>Password 2</Password> </User> </DefaultInstanceCredentials> <InstancesWithConfiguration> <Instance> <SID>DbInstance2</SID> <User UseTNS="true"> <Username>Username 2</Username> <Password>Password 2</Password> </User> </Instance> </InstancesWithConfiguration> </OracleConfig> </SnowConfig>

Page 14 of 16

EXAMPLE 3: ADVANCED ORACLE CONFIGURATION Only the database instances DbInstance1 and DbInstance2 on the server will be scanned. Both instances have their own credentials configured.

The result and log file will be placed in the directory /var/log/sios.

<?xml version="1.0" encoding="UTF-8"?> <SnowConfig> <SiteName>MyCorp</SiteName> <OutputPath>/var/log/sios</OutputPath> <OracleConfig> <DiscoverAllInstances>false</DiscoverAllInstances> <IncludeInstances> <SID>DbInstance1</SID> <SID>DbInstance2</SID> </IncludeInstances> <InstancesWithConfiguration> <Instance> <SID>DbInstance1</SID> <User> <Username>Username 1</Username> <Password>Password 1</Password> </User> </Instance> <Instance> <SID>DbInstance2</SID> <User> <Username>Username 2</Username> <Password>Password 2</Password> </User> </Instance> </InstancesWithConfiguration> </OracleConfig> </SnowConfig>

Page 15 of 16

EXAMPLE 4: ADVANCED ORACLE CONFIGURATION Inventory of an Oracle database instance (MySid1) with the OracleHome parameter specified instead of using automatic detection of Oracle Home.

The second instance (MySid2) will have its OracleHome read from the specified Oratab file since it has no OracleHome specified and the <Oratab> element exists.

<?xml version="1.0" encoding="UTF-8"?> < SnowConfig > <SiteName>MyCorp</SiteName> <OracleConfig> <DiscoverAllInstances>true</DiscoverAllInstances> <Oratab>/etc/oratab</Oratab> <InstancesWithConfiguration> <Instance> <SID>MySid1</SID> <OracleHome>/opt/oracle/current</OracleHome> </Instance> <Instance> <SID>MySid2</SID> </Instance> </InstancesWithConfiguration> </OracleConfig> </SnowConfig>

Page 16 of 16

EXAMPLE 5: ADVANCED ORACLE CONFIGURATION Inventory of an Oracle database instance with an extra environment variable that specifies the location of the shared objects used by Oracle. Notice the use of the special string $ORACLE_HOME which is replaced at runtime with the determined OrcaleHome for that particular instance.

<?xml version="1.0" encoding="UTF-8"?> < SnowConfig > <SiteName>MyCorp</SiteName> <OracleConfig> <DiscoverAllInstances>true</DiscoverAllInstances> <InstancesWithConfiguration> <Instance> <SID>MySid</SID> <Environment> <Item variable="LD_LIBRARY_PATH" value="$ORACLE_HOME/lib:$ORACLE_HOME/lib64:$ORACLE_HOME/lib32"/> <Environment> </Instance> </InstancesWithConfiguration> </OracleConfig> </SnowConfig>