Deploy PeopleSoft Cloud Manager 17 on OCI for Environment Cloning

Overview: Streamlining PeopleSoft Environment Cloning with Cloud Manager 17 on OCI

In the dynamic landscape of enterprise applications, PeopleSoft continues to be a cornerstone for many organizations, managing critical business processes from Human Capital Management (HCM) to Financials and Supply Chain. The operational efficiency of a PeopleSoft estate heavily relies on the agility with which development, testing, and staging environments can be provisioned, refreshed, and managed. Traditional methods for cloning PeopleSoft environments are often manual, time-consuming, and error-prone, consuming valuable DBA and system administrator resources.

Enter Oracle PeopleSoft Cloud Manager (CM) 17, a purpose-built application designed to automate and simplify the lifecycle management of PeopleSoft environments on Oracle Cloud Infrastructure (OCI). Cloud Manager 17 represents a significant leap forward, offering robust capabilities for provisioning, patching, scaling, and, most notably, cloning PeopleSoft environments with unprecedented ease and speed. By leveraging OCI's scalable and resilient infrastructure, Cloud Manager transforms what was once a multi-day effort into an automated process, enabling organizations to achieve true DevOps agility for their PeopleSoft applications.

This article delves into the intricacies of deploying PeopleSoft Cloud Manager 17 on OCI and, more specifically, leveraging its powerful features for automated environment cloning. We'll explore the foundational steps, critical configurations, and best practices to ensure a secure, efficient, and repeatable cloning workflow. Our focus will be on practical implementation, complete with real-world OCI CLI commands and configuration examples, demonstrating how domain experts can harness this technology to drive significant operational improvements.

Prerequisites for a Seamless Deployment

Before embarking on the deployment and configuration of PeopleSoft Cloud Manager 17 on OCI, it's crucial to ensure all necessary prerequisites are met. A well-prepared OCI tenancy and a clear understanding of your PeopleSoft architecture will pave the way for a smooth implementation.

• OCI Account and Permissions

  • **Active OCI Tenancy:** You must have an active Oracle Cloud Infrastructure tenancy with administrative privileges or a user account granted the necessary IAM policies.
  • **IAM Policies:** Cloud Manager requires extensive permissions to interact with various OCI services. It's recommended to create a Dynamic Group for your Cloud Manager instance and define policies that grant it the "manage" verb for Compute, Virtual Network, Database, Object Storage, Block Volume, File Storage, and Vault services within specific compartments.
  • **Example IAM Policy Statements:**

    
    # Policy for the dynamic group 'dynamic-group-psft-cm'
    Allow dynamic-group dynamic-group-psft-cm to manage instance-family in compartment id ocid1.compartment.oc1..aaaaaaexamplecompartmentid
    Allow dynamic-group dynamic-group-psft-cm to manage vnics in compartment id ocid1.compartment.oc1..aaaaaaexamplecompartmentid
    Allow dynamic-group dynamic-group-psft-cm to manage virtual-network-family in compartment id ocid1.compartment.oc1..aaaaaaexamplecompartmentid
    Allow dynamic-group dynamic-group-psft-cm to manage volume-family in compartment id ocid1.compartment.oc1..aaaaaaexamplecompartmentid
    Allow dynamic-group dynamic-group-psft-cm to manage database-family in compartment id ocid1.compartment.oc1..aaaaaaexamplecompartmentid
    Allow dynamic-group dynamic-group-psft-cm to manage object-family in compartment id ocid1.compartment.oc1..aaaaaaexamplecompartmentid
    Allow dynamic-group dynamic-group-psft-cm to manage file-storage-family in compartment id ocid1.compartment.oc1..aaaaaaexamplecompartmentid
    Allow dynamic-group dynamic-group-psft-cm to manage functions-family in compartment id ocid1.compartment.oc1..aaaaaaexamplecompartmentid
    Allow dynamic-group dynamic-group-psft-cm to read secrets in compartment id ocid1.compartment.oc1..aaaaaaexamplecompartmentid
    Allow dynamic-group dynamic-group-psft-cm to use tag-namespaces in compartment id ocid1.compartment.oc1..aaaaaaexamplecompartmentid
    

• Network Configuration

  • **Virtual Cloud Network (VCN):** A pre-existing VCN is required. It's best practice to dedicate a VCN for PeopleSoft environments.
  • **Subnets:** At least two subnets (or more, depending on your security posture) within the VCN:
    • A public subnet for the Cloud Manager instance (for initial access, though it can be moved to private later with a Bastion/VPN).
    • Private subnets for database, application, and web servers.
  • **Security Lists/Network Security Groups (NSGs):** Proper security rules for ingress/egress traffic. Ensure necessary ports are open for SSH (22), HTTP/HTTPS (80/443), PeopleSoft application servers (e.g., 8000-8020), and database (1521 for Oracle DB).
  • **Route Tables:** Properly configured route tables to allow communication between subnets and to the internet (via NAT Gateway or Internet Gateway as appropriate).

• Cloud Manager Image Subscription

  • Subscribe to the "PeopleSoft Cloud Manager" listing (version 17 or higher) in the OCI Marketplace. This makes the image available for launching instances.

• SSH Key Pair

  • An existing SSH key pair (public and private key) is essential for securely accessing the Cloud Manager instance. The public key will be provided during instance launch.

  
  # Example of generating an SSH key pair
  ssh-keygen -t rsa -b 2048 -f ~/.ssh/id_rsa_psft_cm
  # This creates id_rsa_psft_cm (private) and id_rsa_psft_cm.pub (public)
  

• Source PeopleSoft Environment (Pillar)

  • To clone, you need a source. This can be an existing PeopleSoft environment already running on OCI (which Cloud Manager will "discover" and register as a Pillar), or you can provision a new base environment using CM first. For cloning, having an existing OCI-based PeopleSoft environment is ideal.

• OCI Object Storage

  • At least one OCI Object Storage bucket (standard tier) to store Cloud Manager backups, templates, and other configuration artifacts.

  
  # Example OCI CLI command to create a bucket
  oci os bucket create --compartment-id ocid1.compartment.oc1..aaaaaaexamplecompartmentid \
      --name psft-cm-backups --namespace mytenancynamespace
  

• Knowledge Base

  • Familiarity with OCI console and CLI, basic Linux administration, and PeopleSoft architecture is highly recommended.

Step-by-step Implementation: Deploying and Cloning with Cloud Manager 17

1. Deploying the PeopleSoft Cloud Manager 17 Instance

The first step is to provision the Cloud Manager instance itself. This is typically done through the OCI Marketplace, which streamlines the process significantly. We'll use the OCI CLI for a more automated and repeatable approach.

Before executing the CLI command, gather the following OCIDs:

• `compartment-id`: The OCID of the compartment where CM will reside.
• `subnet-id`: The OCID of the public subnet for the CM instance.
• `image-id`: The OCID of the PeopleSoft Cloud Manager 17 image from the Marketplace. You can find this by navigating to the Marketplace in the OCI Console, selecting the Cloud Manager listing, choosing your desired version and region, and clicking "Launch Instance". On the launch page, you'll see the Image OCID.

For this example, let's assume the following realistic values:

• `COMPARTMENT_OCID`: ocid1.compartment.oc1..aaaaaaexamplecmcompid
• `SUBNET_OCID`: ocid1.subnet.oc1.phx.aaaaaaexamplecmsubnetid
• `CM_IMAGE_OCID`: ocid1.image.oc1.phx.aaaaaaexamplecmimageid (This will vary by region and CM version)
• `SSH_PUBLIC_KEY_FILE`: ~/.ssh/id_rsa_psft_cm.pub
• `CM_ADMIN_PASSWORD`: MySecureCMAdminPass1!
• `CM_MASTER_PASSWORD`: MySecureCMMasterPass2@
• `CM_INSTANCE_SHAPE`: VM.Standard.E4.Flex (A minimum of 2 OCPU, 16GB RAM is recommended for CM)

The Cloud Manager instance requires user data (cloud-init) to perform its initial setup, including setting the admin and master passwords. This data is passed via the `--user-data-file` parameter or directly with `--user-data-base64`.

# Create a user_data.json file with Cloud Manager specific parameters
cat << EOF > user_data_cm.json
{
    "adminPassword": "MySecureCMAdminPass1!",
    "masterPassword": "MySecureCMMasterPass2@",
    "cloudManagerVersion": "17"
}
EOF

# Base64 encode the user data
USER_DATA_BASE64=$(base64 -w 0 user_data_cm.json)

# OCI CLI command to launch the Cloud Manager instance
oci compute instance launch \
    --compartment-id ocid1.compartment.oc1..aaaaaaexamplecmcompid \
    --display-name "PeopleSoft-Cloud-Manager-17" \
    --image-id ocid1.image.oc1.phx.aaaaaaexamplecmimageid \
    --shape VM.Standard.E4.Flex \
    --ssh-authorized-keys-file ~/.ssh/id_rsa_psft_cm.pub \
    --subnet-id ocid1.subnet.oc1.phx.aaaaaaexamplecmsubnetid \
    --assign-public-ip true \
    --metadata "{\"user_data\": \"$USER_DATA_BASE64\"}" \
    --wait-for-state RUNNING

Monitor the instance launch from the OCI Console. Once the instance is running, you can access the Cloud Manager UI via its public IP address (typically on HTTPS port 443). The URL will be `https://<CM_PUBLIC_IP>/psft/cm/`. Log in with `psadm` and the `CM_ADMIN_PASSWORD` you provided.

2. Initial Configuration of Cloud Manager

Upon initial login, you'll be prompted to complete some setup steps:

• **Change Default Passwords:** Immediately change the default `psadm` password and the Cloud Manager master password (if not already prompted).
• **Configure OCI Credentials:** Cloud Manager, when deployed from the Marketplace, usually configures its OCI connectivity using Instance Principals. Verify this under "Cloud Manager Settings" -> "OCI Configuration". Ensure the dynamic group policies are correctly applied.
• **Object Storage Configuration:** Navigate to "Cloud Manager Settings" -> "General Settings" -> "Object Storage". Configure the Object Storage bucket(s) for backups and templates.

  
  # Example Object Storage Bucket configuration in CM UI
  # Bucket Name: psft-cm-backups
  # Namespace: mytenancynamespace
  # Region: us-phoenix-1
  

• **SSH Keys Management:** Upload additional SSH public keys if different teams or individuals need SSH access to the provisioned PeopleSoft environments.
• **Register OCI Resources:** Go to "Cloud Manager Settings" -> "OCI Resources". Discover and register your VCNs and subnets that will be used for PeopleSoft deployments. Cloud Manager needs to know about these networks to provision instances into them.

It's vital to ensure all OCI resources that Cloud Manager will interact with (compartments, VCNs, subnets, etc.) are registered within the Cloud Manager UI. This allows CM to validate and utilize these resources during provisioning and cloning operations.

3. Registering the Source PeopleSoft Environment (Pillar)

To clone an environment, Cloud Manager first needs to understand its structure. This is done by registering an existing PeopleSoft environment as a "Pillar". A Pillar is a reference environment from which templates can be created.

1. From the Cloud Manager UI, navigate to "Environments" -> "Register Environment".
2. Select "Register Existing Environment".
3. Provide the following details:
   • **Environment Name:** E.g., `HCM92PROD-Pillar`
   • **Environment Type:** `Pillar`
   • **OCI Compartment:** Select the compartment where your source PeopleSoft environment resides.
   • **Database Type:** `Oracle`
   • **Database Shape:** Select the OCI DB System shape (e.g., `VM.Standard.E3.Flex` for an ADB, or the shape of your compute VM for a DB on Compute).
   • **Database Host/IP:** The IP address or hostname of your database server.
   • **Database Service Name/SID:** E.g., `PDB1.us-phoenix-1.oraclecloud.com` for ADB, or `PRODDB` for a VM DB.
   • **Database Admin User/Password:** `sys` or `system` user credentials.
   • **PeopleSoft User/Password:** `ps` user credentials.
   • **Application Server Host/IP:** IP address of your primary application server.
   • **Application Server Domain Name:** E.g., `HCM92DEV`.
   • **Web Server Host/IP:** IP address of your primary web server.
   • **Web Server Domain Name:** E.g., `HCM92DEV`.
   • **PeopleTools Version:** E.g., `8.60`.
   • **Application Version:** E.g., `HCM 9.2`.
   • **SSH Keys:** Select the SSH key pair that can access the source environment's compute instances.
4. Click "Register". Cloud Manager will then connect to the environment, discover its components, and register it. This process can take some time.

4. Creating an Environment Template from the Source

Once your source environment (Pillar) is registered, the next logical step for cloning is to create a reusable template from it. This template captures the configuration, binaries, and a database backup of the Pillar environment.

1. Navigate to "Templates" -> "Create Template from Environment".
2. Select your registered Pillar environment (e.g., `HCM92PROD-Pillar`) from the dropdown.
3. Provide a **Template Name** (e.g., `HCM92-Production-Clone-Template`) and a description.
4. Cloud Manager will display the components it found in your Pillar. Review and confirm.
5. Click "Create Template".

During template creation, Cloud Manager performs several critical actions:

• It takes a full backup of the source database using RMAN (for Oracle Database) and stores it in the configured Object Storage bucket.
• It captures the PeopleTools home, application home, and web server domain configurations.
• It packages these components into a template that can be used to provision new, identical environments.

Monitor the template creation status under "Activities". This process can be time-consuming, depending on the size of your database and environment.

5. Performing Environment Cloning/Provisioning

With a template in hand, cloning a new environment becomes a straightforward process.

1. Navigate to "Environments" -> "Provision Environment".
2. Select the "Template" option and choose your newly created template (e.g., `HCM92-Production-Clone-Template`).
3. **Environment Details:**
   • **Environment Name:** E.g., `HCM92DEV-Clone`.
   • **Environment Type:** `Target` (a cloned environment is typically a target).
   • **Description:** A clear description of the new environment.
   • **OCI Compartment:** Select the compartment where the *new* cloned environment will be provisioned. This can be the same or different from the source.
4. **Network Details:**
   • **VCN:** Select the VCN for the new environment.
   • **Database Subnet:** Select the private subnet for the database.
   • **Application Server Subnet:** Select the private subnet for the application servers.
   • **Web Server Subnet:** Select the private subnet for the web servers.
5. **Database Details:**
   • **Database Configuration:** Choose "New Database". Cloud Manager will use the database backup from the template to create a new database instance.
   • **Database Type:** Select `Oracle Database` or `Autonomous Database` as per your template.
   • **Database Shape:** Select the desired OCI DB System shape (e.g., `VM.Standard.E4.Flex` for DB on VM, or OCPU/Storage for ADB).
   • **Database Admin User/Password:** Provide new credentials for the cloned database.
   • **PeopleSoft User/Password:** Provide new credentials for the PeopleSoft schema.
6. **Application Server Details:**
   • **Application Server Shape:** Select the desired OCI Compute instance shape (e.g., `VM.Standard.E4.Flex`).
   • **Number of Instances:** Specify how many application servers you need (e.g., 2).
   • **Application Server Domain Name:** E.g., `HCM92DEV`.
7. **Web Server Details:**
   • **Web Server Shape:** Select the desired OCI Compute instance shape.
   • **Number of Instances:** Specify how many web servers you need (e.g., 2).
   • **Web Server Domain Name:** E.g., `HCM92DEV`.
8. **Review and Provision:** Review all the settings. Cloud Manager will display a summary of the resources it will create. Click "Provision".

Cloud Manager will now orchestrate the entire cloning process:

• Provisioning new OCI Compute instances for the application and web servers.
• Provisioning a new OCI Database System (or Autonomous Database).
• Restoring the database backup from Object Storage to the new database.
• Deploying PeopleTools and application binaries to the new compute instances.
• Configuring the new application and web server domains, updating database connection strings, and adjusting hostnames/IPs.
• Starting all PeopleSoft services.

Monitor the provisioning activity under "Activities". This process can take several hours, depending on the environment size and OCI resource provisioning times.

6. Post-Deployment Verification

Once the provisioning activity shows "Completed", perform thorough verification:

1. **Access the Cloned Environment:** Try accessing the PeopleSoft login page via the web server's public IP or load balancer URL.
2. **Login to PeopleSoft:** Log in with the standard PeopleSoft user (e.g., `PS` / `PS`).
3. **Verify Database Connection:** From the application server, connect to the database.

   
   # Example: SSH into an application server and check database connectivity
   ssh opc@<App_Server_IP> -i ~/.ssh/id_rsa_psft_cm
   
   # On the App Server:
   cd /opt/oracle/psft/pshome/bin/psadmin
   ./psadmin <domain_name>
   # Go to option 1 (App Server) then 2 (Boot App Server)
   # Check logs for successful DB connection
   
   # Alternatively, directly test DB connection using sqlplus if configured
   sqlplus ps/ps@<new_db_service_name>
   SELECT DB_NAME FROM V$DATABASE;
   SELECT DESCRLONG FROM PSOPTIONS;
   

4. **Check System Status:** Verify all application servers, web servers, and process schedulers are running and accessible.
5. **Environment-Specific Configuration:** Update any environment-specific configurations such as integration broker nodes, report repository paths, or external system integrations as required for the cloned environment.

Security Considerations

Security is paramount when deploying and managing PeopleSoft environments on OCI. Adhering to best practices ensures your critical data and applications are protected.

• **OCI IAM Policies:** Implement the principle of least privilege. The IAM policies for the Cloud Manager dynamic group should be as restrictive as possible, granting only the necessary permissions to manage resources within designated compartments. Regularly review and audit these policies.
• **Network Security Groups (NSGs) / Security Lists:** Configure NSGs and Security Lists meticulously. Restrict ingress traffic to only necessary ports and source IPs (e.g., SSH from your administration network, HTTPS from internet/load balancer, internal ports between App/Web/DB). Avoid exposing sensitive ports to the public internet.
• **Data Encryption:**
  • **Encryption at Rest:** OCI Block Storage, Object Storage, and Database services (including Autonomous Database and DB Systems) provide encryption at rest by default. Leverage Oracle Transparent Data Encryption (TDE) for your PeopleSoft databases.
  • **Encryption in Transit:** Enforce SSL/TLS for all communication, including access to the Cloud Manager UI, PeopleSoft application access, and internal communication between application tiers.
• **OCI Vault for Secrets Management:** Store sensitive credentials (database passwords, PeopleSoft user passwords, API keys) in OCI Vault. Cloud Manager 17 supports integration with OCI Vault to retrieve secrets securely during provisioning.
• **Regular Patching:** Keep the Cloud Manager instance's OS, PeopleTools, application, and database patched to the latest security updates. Cloud Manager itself facilitates automated patching of PeopleSoft environments.
• **Access Control:** Enforce strong, complex passwords for all user accounts (OCI Console, Cloud Manager UI, PeopleSoft application, OS users). Implement Multi-Factor Authentication (MFA) for OCI Console access.
• **Logging and Monitoring:** Enable OCI Logging and OCI Monitoring for the Cloud Manager instance and all PeopleSoft environments. Set up alerts for suspicious activities or critical security events.

Best Practices for PeopleSoft Cloud Manager on OCI

To maximize the benefits of PeopleSoft Cloud Manager 17 on OCI, consider these best practices:

• **Standardized Network Design:** Design a consistent VCN and subnet topology for all your PeopleSoft environments. This simplifies management, security, and future integrations. Use private subnets for all core PeopleSoft components (DB, App, Web) and expose web servers only via a Load Balancer in a public subnet.
• **Dedicated Compartments:** Utilize OCI compartments to logically separate environments (e.g., `psft-prod-compartment`, `psft-dev-compartment`). This helps with access control, cost tracking, and resource isolation.
• **Cost Management:**
  • Leverage Cloud Manager's scheduling capabilities to start and