How to Deploy PeopleSoft Cloud Manager 17 on OCI for Environment Cloning

Overview

In the dynamic landscape of enterprise applications, the ability to rapidly provision and replicate environments is not merely a convenience but a strategic imperative. For organizations leveraging Oracle PeopleSoft, this capability is profoundly enhanced by PeopleSoft Cloud Manager (PCM). Version 17 of PeopleSoft Cloud Manager, deployed on Oracle Cloud Infrastructure (OCI), stands as a testament to Oracle's commitment to delivering agile, automated, and governed management for PeopleSoft environments.

PeopleSoft Cloud Manager serves as a dedicated orchestration layer, residing within your OCI tenancy, designed specifically to manage the lifecycle of PeopleSoft applications. From provisioning new environments from scratch using Deployment Packages (DPKs) to applying patches, performing upgrades, and critically, cloning existing environments, PCM streamlines operations that were historically time-consuming and resource-intensive. Its deep integration with OCI services like Compute, Database, Networking, and Object Storage allows for a seamless, end-to-end automation experience.

The focus of this article is on leveraging PeopleSoft Cloud Manager 17 for environment cloning on OCI. Environment cloning is a critical activity across the PeopleSoft lifecycle. Developers need copies of production for bug fixes; QA teams require isolated environments for testing new features or patches; and project teams often need temporary sandboxes for proofs-of-concept or training. Manually replicating complex PeopleSoft environments, including application servers, web servers, process schedulers, and the underlying database, is prone to errors and consumes significant IT resources. PCM 17 transforms this into an automated, self-service operation, reducing provisioning times from days or weeks to mere hours, significantly accelerating development cycles and improving overall operational efficiency.

Prerequisites

Before embarking on the deployment of PeopleSoft Cloud Manager 17 and utilizing its cloning capabilities, several prerequisites must be met within your Oracle Cloud Infrastructure (OCI) tenancy and local environment. Adhering to these ensures a smooth and secure deployment.

• OCI Account and Administrator Access: You must have an active OCI tenancy with administrator privileges or an IAM user account with sufficient permissions to create and manage resources across various OCI services (Compute, Networking, Database, Object Storage, IAM).
• OCI Identity and Access Management (IAM) Policies: Granular IAM policies are crucial. Cloud Manager requires permissions to provision and manage OCI resources on your behalf. Specific policies for managing compute instances, virtual networks, databases (DB systems, Autonomous Database), object storage, and block volumes are essential. We will detail these in the implementation steps.
• Virtual Cloud Network (VCN) Setup: An existing Virtual Cloud Network (VCN) with at least one public subnet (for Cloud Manager instance's public IP or load balancer access) and one or more private subnets (for PeopleSoft application tiers and database tiers) is required. Ensure appropriate Security Lists or Network Security Groups (NSGs) are configured to allow necessary traffic (e.g., SSH port 22, PeopleSoft application ports, database listener ports).
• OCI Object Storage Buckets:
  • A dedicated bucket to store the PeopleSoft Cloud Manager Deployment Package (DPK).
  • Additional buckets for storing PeopleSoft environment DPKs, custom images, and database backups that Cloud Manager will utilize.
• PeopleSoft Cloud Manager DPK: Download the PeopleSoft Cloud Manager 17 Deployment Package (DPK) from My Oracle Support (MOS). This is typically a large ZIP file. Ensure you have the correct version.
• SSH Key Pair: An SSH key pair (public and private) is necessary. The public key will be uploaded to OCI and used for SSH access to the Cloud Manager instance and subsequent PeopleSoft environments provisioned by PCM. The private key will be used by Cloud Manager itself to manage instances.
• OCI CLI Installed and Configured: The OCI Command Line Interface (CLI) should be installed and configured on your local machine. This allows for programmatic interaction with OCI services, which is essential for deploying Cloud Manager and managing resources.
• Basic Linux and PeopleSoft Knowledge: A fundamental understanding of Linux command-line operations and PeopleSoft architecture (application servers, web servers, process schedulers, database tiers) will be beneficial.

Step-by-step implementation

1. Prepare OCI Infrastructure

This phase involves setting up the foundational OCI components required for Cloud Manager to operate effectively.

1.1. Configure IAM Policies

Cloud Manager operates by making API calls to OCI on your behalf. Therefore, the user or dynamic group associated with Cloud Manager must have comprehensive permissions. Create a dedicated compartment for Cloud Manager and its managed resources for better isolation and policy management. For example, let's assume your Cloud Manager instance will run in a compartment named psft_cloud_manager_comp with OCID ocid1.compartment.oc1..aaaaaaaarj4gfgd6c2x7j3j2t5h4g1y8d0s9f8e7a6b5c4d3e2f1g0h9i8j7k6l5m4n3o2p1q.

Here are example IAM policies to grant necessary permissions. These should be placed in the root compartment or a parent compartment, allowing Cloud Manager to manage resources in its own compartment and potentially other target compartments where PeopleSoft environments will reside (e.g., psft_environments_comp with OCID ocid1.compartment.oc1..aaaaaaaarj4gfgd6c2x7j3j2t5h4g1y8d0s9f8e7a6b5c4d3e2f1g0h9i8j7k6l5m4n3o2p1r).

# Policy for Cloud Manager to manage resources within its own compartment
Allow group CloudManagerAdmins to manage all resources in compartment id ocid1.compartment.oc1..aaaaaaaarj4gfgd6c2x7j3j2t5h4g1y8d0s9f8e7a6b5c4d3e2f1g0h9i8j7k6l5m4n3o2p1q

# Policy for Cloud Manager to manage PeopleSoft environments in a target compartment
Allow group CloudManagerAdmins to manage all resources in compartment id ocid1.compartment.oc1..aaaaaaaarj4gfgd6c2x7j3j2t5h4g1y8d0s9f8e7a6b5c4d3e2f1g0h9i8j7k6l5m4n3o2p1r

# More granular examples for a specific compartment (replace with your compartment OCID)
# Assuming a Dynamic Group 'CloudManagerDynamicGroup' for the Cloud Manager instance.
# Add rules to this Dynamic Group for the Cloud Manager instance:
# Rule 1: All instances in compartment 'psft_cloud_manager_comp'
# ALL {instance.id = 'ocid1.instance.oc1.phx.aaaaaaaaj7u...'}
# Or better: ALL {resource.type = 'instance', resource.compartment.id = 'ocid1.compartment.oc1..aaaaaaaarj4gfgd6c2x7j3j2t5h4g1y8d0s9f8e7a6b5c4d3e2f1g0h9i8j7k6l5m4n3o2p1q'}

Allow dynamic-group CloudManagerDynamicGroup to manage instance-family in compartment id ocid1.compartment.oc1..aaaaaaaarj4gfgd6c2x7j3j2t5h4g1y8d0s9f8e7a6b5c4d3e2f1g0h9i8j7k6l5m4n3o2p1r
Allow dynamic-group CloudManagerDynamicGroup to manage virtual-network-family in compartment id ocid1.compartment.oc1..aaaaaaaarj4gfgd6c2x7j3j2t5h4g1y8d0s9f8e7a6b5c4d3e2f1g0h9i8j7k6l5m4n3o2p1r
Allow dynamic-group CloudManagerDynamicGroup to manage volume-family in compartment id ocid1.compartment.oc1..aaaaaaaarj4gfgd6c2x7j3j2t5h4g1y8d0s9f8e7a6b5c4d3e2f1g0h9i8j7k6l5m4n3o2p1r
Allow dynamic-group CloudManagerDynamicGroup to manage database-family in compartment id ocid1.compartment.oc1..aaaaaaaarj4gfgd6c2x7j3j2t5h4g1y8d0s9f8e7a6b5c4d3e2f1g0h9i8j7k6l5m4n3o2p1r
Allow dynamic-group CloudManagerDynamicGroup to manage object-family in compartment id ocid1.compartment.oc1..aaaaaaaarj4gfgd6c2x7j3j2t5h4g1y8d0s9f8e7a6b5c4d3e2f1g0h9i8j7k6l5m4n3o2p1p # For boot volumes
Allow dynamic-group CloudManagerDynamicGroup to read secret-family in compartment id ocid1.compartment.oc1..aaaaaaaarj4gfgd6c2x7j3j2t5h4g1y8d0s9f8e7a6b5c4d3e2f1g0h9i8j7k6l5m4n3o2p1q # For Vault secrets

1.2. Network Setup

Ensure your VCN (e.g., psft-prod-vcn, OCID ocid1.vcn.oc1.phx.aaaaaaaadj...) has the following:

• A public subnet for the Cloud Manager instance (e.g., psft-cm-public-subnet, OCID ocid1.subnet.oc1.phx.aaaaaaab...) with internet access.
• One or more private subnets for PeopleSoft application and database tiers (e.g., psft-app-private-subnet, OCID ocid1.subnet.oc1.phx.aaaaaaac... and psft-db-private-subnet, OCID ocid1.subnet.oc1.phx.aaaaaaaad...).
• Security Lists or NSGs configured to allow SSH (port 22) from your IP to the public subnet, and necessary internal communication between subnets for PeopleSoft components (e.g., ports 8000-8040 for web, 7000-7050 for application, 1521 for database).

1.3. Object Storage Buckets

Create two buckets. One for the Cloud Manager DPK and another for PeopleSoft DPKs and custom images.

oci os bucket create --name "psft-cm-dpk-bucket" --compartment-id "ocid1.compartment.oc1..aaaaaaaarj4gfgd6c2x7j3j2t5h4g1y8d0s9f8e7a6b5c4d3e2f1g0h9i8j7k6l5m4n3o2p1q" --public-access-type NoPublicAccess
oci os bucket create --name "psft-env-assets-bucket" --compartment-id "ocid1.compartment.oc1..aaaaaaaarj4gfgd6c2x7j3j2t5h4g1y8d0s9f8e7a6b5c4d3e2f1g0h9i8j7k6l5m4n3o2p1r" --public-access-type NoPublicAccess

1.4. SSH Key Pair

If you don't have one, generate an SSH key pair:

ssh-keygen -t rsa -b 2048 -f ~/.ssh/psft_cm_key -N ""
chmod 400 ~/.ssh/psft_cm_key

You will use ~/.ssh/psft_cm_key.pub for OCI compute instances.

2. Deploy PeopleSoft Cloud Manager Instance

This is the core deployment of the Cloud Manager application itself.

2.1. Upload DPK to Object Storage

Upload the downloaded PeopleSoft Cloud Manager 17 DPK to the designated Object Storage bucket.

oci os object put \
    --bucket-name "psft-cm-dpk-bucket" \
    --name "PeopleSoft_Cloud_Manager_17_DPK.zip" \
    --file "./PeopleSoft_Cloud_Manager_17_DPK.zip" \
    --auth instance_principal # or api_key if running from local CLI

2.2. Launch Cloud Manager Instance via OCI CLI

The Cloud Manager instance is provisioned as an OCI Compute instance. We'll use a cloud-init script to automate the DPK extraction and installation upon instance launch.

First, identify a suitable Oracle Linux image OCID for your region. For example, Oracle Linux 8.

# Example: Find Oracle Linux 8 image in us-ashburn-1 region
oci compute image list \
    --compartment-id "ocid1.tenancy.oc1..aaaaaaaamj7..." \
    --operating-system "Oracle Linux" \
    --operating-system-version "8" \
    --query "data[?contains(\"display-name\", 'Oracle-Linux-8')].{\"display-name\": \"display-name\", id: id}" \
    --all

Let's assume the image OCID is ocid1.image.oc1.phx.aaaaaaaanj7s... and your public subnet OCID is ocid1.subnet.oc1.phx.aaaaaaab.... The compartment OCID is ocid1.compartment.oc1..aaaaaaaarj4gfgd6c....

Create a cloud-init.yaml file:

#cloud-config
runcmd:
  - echo "Downloading Cloud Manager DPK..."
  - oci os object get --bucket-name psft-cm-dpk-bucket --name PeopleSoft_Cloud_Manager_17_DPK.zip --file /tmp/PeopleSoft_Cloud_Manager_17_DPK.zip
  - echo "Extracting DPK..."
  - unzip /tmp/PeopleSoft_Cloud_Manager_17_DPK.zip -d /opt/oracle/psft/dpk
  - echo "Running DPK setup script..."
  - cd /opt/oracle/psft/dpk/CloudManager
  - export PS_INSTALL_TYPE=CM
  - export PS_INSTALL_DB_TYPE=NONE
  - export PS_BOOTSTRAP_PASSWORD="YourSecurePassword123#" # Replace with a strong password
  - export PS_INSTALL_LOC=/opt/oracle/psft
  - export PS_CM_CONFIG_FILE=/opt/oracle/psft/dpk/CloudManager/setup/psft_cm_config.txt # Optional, for advanced config
  - ./psft-dpk-setup.sh -u psadm2 -p "YourSecurePassword123#" -d /opt/oracle/psft/dpk/CloudManager
  - echo "Cloud Manager DPK setup complete."

Important: Replace "YourSecurePassword123#" with a strong, complex password. In a production scenario, consider using OCI Vault for secrets management and fetching this password during cloud-init.

Now, launch the instance:

oci compute instance launch \
    --availability-domain "PHX-AD-1" \
    --compartment-id "ocid1.compartment.oc1..aaaaaaaarj4gfgd6c2x7j3j2t5h4g1y8d0s9f8e7a6b5c4d3e2f1g0h9i8j7k6l5m4n3o2p1q" \
    --shape "VM.Standard2.4" \
    --image-id "ocid1.image.oc1.phx.aaaaaaaanj7s..." \
    --display-name "PeopleSoft-Cloud-Manager-17" \
    --subnet-id "ocid1.subnet.oc1.phx.aaaaaaab..." \
    --ssh-authorized-keys-file "~/.ssh/psft_cm_key.pub" \
    --user-data-file "cloud-init.yaml" \
    --assign-public-ip true \
    --is-pv-encryption-in-transit-enabled true \
    --metadata '{"user_data":"$(base64 -w0 cloud-init.yaml)"}'

Monitor the instance launch and the cloud-init script's progress via SSH (ssh -i ~/.ssh/psft_cm_key opc@<Public_IP_of_CM_Instance>) by checking logs like /var/log/cloud-init-output.log.

2.3. Initial Configuration of PCM

Once the DPK installation is complete, access the Cloud Manager UI (typically http://<Public_IP_of_CM_Instance>:8000/psft/cm/). The first login will prompt for initial setup:

1. OCI Tenancy Configuration: Provide your Tenancy OCID (ocid1.tenancy.oc1..aaaaaaaamj7...), the Region (e.g., us-ashburn-1), and API signing key details. This involves generating an API Key pair and uploading the public key to OCI IAM for the user associated with Cloud Manager.
2. SSH Keys: Upload the private part of the SSH key pair (~/.ssh/psft_cm_key) that Cloud Manager will use to communicate with and provision new OCI instances.
3. Compartment Registration: Register the target compartment(s) where PeopleSoft environments will be provisioned (e.g., psft_environments_comp).
4. DPK Registration: Register the psft-env-assets-bucket created earlier, which will hold your PeopleSoft environment DPKs (e.g., FSCM 9.2 DPK).

Ensure that the API Key uploaded to OCI for the Cloud Manager user is associated with the CloudManagerAdmins group or the specific IAM policies defined earlier.

3. Create a Cloud Manager Template from an Existing Environment

To clone an environment, you first need a source. This source is typically an existing PeopleSoft environment (e.g., your Development or Test environment) that has been either provisioned by Cloud Manager or imported into it.

3.1. Source Environment

Assume you have an existing PeopleSoft FSCM 9.2 environment named FSCMDEV running on OCI, managed by Cloud Manager. This environment includes a database on an Oracle DB System and several compute instances for the application, web, and process scheduler tiers.

3.2. Create Environment Template

In the PeopleSoft Cloud Manager UI:

1. Navigate to Environments and select your source environment (e.g., FSCMDEV).
2. Click on the Actions menu and choose Create Template.
3. You will be prompted to provide a Template Name (e.g., FSCM_DEV_Base_Template_17) and a description.
4. Cloud Manager will then initiate a process that involves:
   • Creating an OCI Custom Image from the application server compute instance.
   • Creating an OCI Custom Image from the web server compute instance.
   • Taking a PDB snapshot/clone of the database (if using a Container Database) or a full database backup (if using a non-CDB or DB System).
   • Packaging these components into a logical Cloud Manager template.
5. Monitor the progress in the Activity Guide. Once complete, the template will appear under Templates.

3.3. Export Template Definition (Optional but Recommended)

For version control and disaster recovery, you can export the template definition. While not a direct CLI command, this is done via the Cloud Manager UI, which generates a JSON file representing the template's structure and configuration. This can be re-imported if needed.

4. Clone an Environment using the Template

With the template ready, cloning is a straightforward process.

4.1. Initiate Provisioning Request

In the PeopleSoft Cloud Manager UI:

1. Navigate to Templates and select the template you just created (e.g., FSCM_DEV_Base_Template_17).
2. Click on the Actions menu and choose Provision Environment.
3. The Provision Environment wizard will guide you through the configuration.

4.2. Specify Parameters for the New Environment

You will need to provide details for the new cloned environment:

• Environment Name: A unique name for your new environment (e.g., FSCMQA01).
• Database Name: The new PDB name or database service name (e.g., FSCMQA).
• Compartment: Select the target compartment for the new environment (e.g., psft_environments_comp).
• Network Configuration:
  • VCN: Select your VCN (e.g., psft-prod-vcn).
  • Application Subnet: Choose the private subnet for application servers (e.g., psft-app-private-subnet).
  • Database Subnet: Choose the private subnet for the database (e.g., psft-db-private-subnet).
• Instance Shapes: You can choose different shapes (e.g., VM.Standard2.2 for web server, VM.Standard2.4 for application server, VM.Standard2.8 for database) to scale up or down from the source template.
• Storage: Adjust boot volume and block volume sizes as needed.
• Database Configuration:
  • Database Type: Select whether to provision a new DB System, use an existing one, or use Autonomous Database. For cloning, it will typically provision a new PDB within an existing CDB or a new DB System from the template's backup.
  • Database Admin Password: Set a new strong password for the database administrator.
• PeopleSoft User Passwords: Set new passwords for PeopleSoft users like PSADMIN, PSAPPS, etc.

Review all settings and click Provision.

4.3. Monitor Deployment

The Cloud Manager will now orchestrate the cloning process:

1. It will provision new compute instances using the custom images derived from your template.
2. It will provision a new database (or PDB) using the snapshot/backup from the template.
3. It will configure network resources, security rules, and attach storage.
4. Finally, it will perform PeopleSoft-specific configurations like updating database connection strings, server names, and bootstrapping the new environment.

You can monitor the detailed progress and logs in the Activity Guide within the Cloud Manager UI. This process can take several hours depending on the size and complexity of the environment and the underlying OCI resource provisioning times.

4.4. Access the Cloned Environment

Once the activity completes successfully, the new environment (e.g., FSCMQA01) will appear under Environments. You can then access the PeopleSoft application using the provisioned web server