Overview of OS Management Hub
Oracle OS Management Hub is the next generation management solution for operating system environments. It provides a centralized management console to monitor and manage updates across your entire environment.
OS Management Hub monitors available Oracle Linux and Microsoft Windows Server environments at scale. From a single view, you gain control of updates over your entire environment, reducing administration and improving efficiency. OS Management Hub is delivered as an Oracle Cloud Infrastructure (OCI) service. It can manage instances in OCI, supported third-party clouds, or on premises in a customer data center (see Supported Environments).
To use OS Management Hub, an instance registers with the service using a profile which defines initial characteristics for the managed instance such as which software sources (repositories) the system uses, which group it's a member of, or whether it's part of a lifecycle environment. Once registered, you can modify the characteristics of the instance. Each instance has an agent that interacts with the OS content on the instance as directed by OS Management Hub. The agent reports data and results back to the service.
OCI instances communicate directly with the OS Management Hub service. On-premises or third-party cloud instances require a management station to act as a network proxy to communicate with the service and act as a local yum and DNF mirror of Oracle Linux software sources (repositories). Only the management station directly communicates with OS Management Hub using port tcp/443, eliminating the need for your managed instances to directly connect with OCI. Instances in your data center send and receive all requests and responses for OS Management Hub through the management station. When instances have a job to update packages or OS content, they receive the content locally from the management station, reducing the amount of bandwidth used for patching instances. All package transfers are local to the data center.
Within OS Management Hub, you control access to Oracle Linux packages and modules by adding only the software sources (repositories) you want to use with the service and defining which software sources an instance can use. You can create custom software sources and use lifecycle environments to further refine content. Creating a group of instances allows you to efficiently monitor and manage updates at scale by applying different update schedules for each group. You can automate updates by creating a scheduled update for a group, individual instance, or all instances in compartment.
For details about a specific component of OS Management Hub, see:
Getting Started
Complete the following to get started with the service:
- Define the user group, dynamic group, and IAM policy to enable OS Management Hub
- Create Management Agent Cloud Service (MACS) keys (non-OCI instances only)
- Verify instances use a supported environment
- Identify the compartment organization
- Understand requirements for using Ksplice (Oracle Linux instances only)
- Setup the required network components
- Perform next steps
Key Features
- Centralize operating system updates
-
Maintain the health of your mission critical systems by applying updates quickly and efficiently. OS Management Hub provides tools for tracking, applying, and monitoring critical updates across a fleet of systems. Keep your systems secure with scheduled update jobs and monitor their health by running reports.
- Control and customize content delivery
-
Deploy OS content with policies and schedules according to your lifecycles. Choose only the vendor software sources you want to use and define custom software sources to select specific content. Use groups to manage sets of systems, each with their own update schedule. Use lifecycle environments to control and customize updates with your own policies and schedules, delivering staged deployment of security errata and other content, with control points from development through production.
- Zero-downtime updates with Ksplice
-
Reduce the time spent shutting down and restarting your applications and systems for update deployment. OS Management Hub fully integrates with Ksplice to apply select security updates on Oracle Linux with no reboot, minimizing application disruptions. See Using Ksplice.
- Manage systems in multiple environments
-
Visualize all of your managed systems to access your entire operating system environment at a glance. OS Management Hub can manage instances in OCI, supported third-party clouds, or on premises. See Supported Environments.
Understanding the Agent
OS Management Hub uses an agent for managing and applying updates on an instance. The agent interacts with the OS content on an instance as directed by OS Management Hub and reports data and results back to the service. The agent differs between OCI and on-premises or third-party cloud.
- OCI instances (Oracle Cloud Agent)
-
OCI instances use the Oracle Cloud Agent to interact with OS Management Hub. You enable the OS Management Hub plugin for Oracle Cloud Agent to register it with the service. See Registering an OCI Instance.
Important
OS Management Hub requires minimum Oracle Cloud Agent version 1.40. For instances using platform images released before April 2024, upgrade the Oracle Cloud Agent to 1.40 or later.The OS Management Hub plugin provides the necessary permissions to apply updates on instances:
- For Oracle Linux instances, the plugin uses the standard Linux permissions for a sudo administrative account for applying updates.
- For Windows instances, the plugin creates a virtual service account
OCAOSMH
for applying updates. Don't remove this account.
- On-premises or supported third-party cloud (Management Agent)
-
On-premises and third-party cloud instances use the Management Agent to interact with OS Management Hub. You must install the Management Agent on the instance, activate the OS Management Hub plugin, and register the instance with the service. See Registering a Non-OCI Instance.
What data is collected from an instance?
The following information is collected by OS Management Hub:
- Managed instance information
-
- Hostname
- OS vendor, version, architecture
- Inventory of installed packages
- Module stream status and module stream profiles (Oracle Linux 8 and 9)
- Inventory of available updates
- Inventory of available errata
- Kernel version
- Ksplice effective kernel version
- Yum and DNF command output (in job history)
- Ksplice command output (in job history)
- System uptime
- Management station information
-
- Capacity (percentage free) of mirror storage
reposync
command output
Note
If the management station is also being managed and updated using OS Management Hub, its instance information is also collected.
Service Limits
OS Management Hub has default service limits on the maximum number of resources allowed per region.
Resource | Limit Name | Oracle Universal Credits | Pay as You Go or Trial |
---|---|---|---|
Lifecycle environments |
lifecycle-environment-count |
100 |
100 |
Managed instance groups |
managed-instance-group-count |
100 |
100 |
Management stations |
management-station-count |
100 |
100 |
Profiles |
profiles-count |
100 |
100 |
Scheduled jobs |
scheduled-job-count |
100 |
100 |
Additional limits include:
- The number of custom software sources is limited to 50.
- The number of versioned custom software sources is limited to 75.
Resource Identifiers
Most types of Oracle Cloud Infrastructure resources have a unique, Oracle-assigned identifier called an Oracle Cloud ID (OCID). For information about the OCID format and other ways to identify your resources, see Resource Identifiers.
Retention Policy
OS Management Hub periodically removes managed instances from the service that haven't communicated with OS Management Hub in the last 30 days.
Orphaned OS Management Hub resources in then tenancy are reclaimed after 90 days. For example:
- Recurring scheduled jobs assigned to a group with no instances for 90 days.
- Scheduled jobs assigned to an instance that's inactive for 90 days.
- Groups with no attached instances for 90 days.
- Custom software sources with no instances attached for 90 days.
Authorization and Authentication
Each service in Oracle Cloud Infrastructure integrates with IAM for authentication and authorization, for all interfaces (the Console, SDK or CLI, and REST API).
An administrator in your organization needs to set up compartments, user groups, dynamic groups, and policies in Identity and Access Management (IAM) that control which users can access which services, which resources, and the type of access. For example, the policies control who can create new users, create and manage the cloud network, create instances, create buckets, download objects, and so on. For more information, see Getting Started with Policies.
- For specific details about writing policies for OS Management Hub, see Enable OS Management Hub Using the Policy Advisor and OS Management Hub Policies.
- For details about writing policies for other services, see Policy Reference.
If you’re a regular user (not an administrator) who needs to use the Oracle Cloud Infrastructure resources that your company owns, contact your administrator to set up a user ID for you. The administrator can confirm which compartment or compartments you are permitted to use.
Tagging Resources
You can apply tags to your resources to help you organize them according to your business needs. You can apply tags at the time you create a resource, or you can update the resource later with the wanted tags. For general information about applying tags, see Resource Tags.
If you have permissions to create a resource, then you also have permissions to apply free-form tags to that resource. To apply a defined tag, you must have permissions to use the tag namespace. For more information about tagging, see Resource Tags. If you're not sure whether to apply tags, ask an administrator or skip this option. You can apply tags later.
Ways to Access Oracle Cloud Infrastructure
Learn the different ways you can access Oracle Cloud Infrastructure.
You can access Oracle Cloud Infrastructure using the Console (a browser-based interface) or the REST API. Instructions for the Console and API are included in topics throughout this guide. For a list of available SDKs, see Software Development Kits and Command Line Interface.
To access the Console, you must use a supported browser. To go to the Console sign-in page, open the navigation menu at the top of this page and click Infrastructure Console. You are prompted to enter your cloud tenant, your username, and your password.
For general information about using the API, see REST APIs.