EM Grid Control Base 12c now with extra useless!

C is for Cloud

I noticed EM 12c was available for download late last year, but didn’t look into it in earnest until recently.  Then I saw it prominently advertised in the January/February 2012 Oracle Magazine.  Who wouldn’t want EM 12c?

A is for Agent Upgrades

For those of you who are considering an upgrade to EM 12c, two things to know:

1. Per their own “Things to Know” section of Oracle® Enterprise Manager Cloud Control Upgrade Guide
12c Release 1 (12.1.0.1) Part Number E22625-05 : “Oracle Management Service 12c communicates only with Oracle Management Agent 12c. Therefore, it is important to upgrade your Management Agents before upgrading your OMS.”

2. There is no 12c agent available for Windows, confirmed by an SR today.

U is for Useless

Thanks 12c, guess I’ll be waiting. While I don’t like having Windows targets to monitor, my guess is they’re a reality in many, many datacenters.  What is this, like a beta release?  Seriously Oracle, you’re calling it enterprise manager, not database manager.

Security Patching EM 11g : I don’t have all day!

What’s in a Name?

I should begin by saying Enterprise manager is now Enterprise Manager Base Platform.  See ID 1361443.1 if you’re curious as to why they would take a good name and turn it into a terrible one.  If they thought they’d do this to avoid confusion, they failed.  I’ll continue to refer to it as EM 11g, except when necessary for greater clarity.

Oracle Critical Patch Update October 2011

Okay, so I didn’t get around to looking at the October security patch update until a few weeks back.  I still figure that’s better than those who don’t look at it at all.  I decided to start with a non-critical system, my EM 11g setup.  In the olden days, I seem to recall Enterprise Manager had its own category from the main page; maybe I’m mistaken.  Regardless, now you have to click through “Oracle Fusion Middleware 11g Release 1, versions 11.1.1.3.0, 11.1.1.4.0, 11.1.1.5.0” to find EM.  From there, scroll down for days until you get to section 3.3 and there’s Enterprise Manager.  Since I’m running 11g, I proceed to section 3.3.3 “Patch Availability for Oracle Enterprise Manager Base Platform 11.1.0.1“.

This consists of 5 distinct pieces, by Oracle classification

• Database home (CPU, DB PSU, GI PSU, or Exadata BP12)
• CPU = Critical Patch Update, incremental security patch
• PSU = Patch Set Update, cumulative patch which includes recommended + security
• GI PSU = Grid Infrastructure Patch Set Update, cumulative patch which includes recommended + security for rich people (Grid/Rac users)
• Exadata BP12 = Oracle Exadata Database Recommended Patch, cumulative patch which appears to include recommended + security for super rich people (Exadata/Rac users)
• 11.1.0.1 Enterprise manager Base Platform – OMS home: (OMS)
• 11.1.0.1 Enterprise manager Base Platform – OMS Fusion Middleware home (Weblogic Home)
• 11.1.0.1 Enterprise manager Base Platform – OMS Fusion Middleware Oracle HTTP Server home (OMS, I think)
• 11.1.0.1 Enterprise manager Base Platform – Agent home (Agent Home)

Getting on my soapbox

Dear Oracle,

I know you have lots of products, you buy new companies every week, and you are the 800 pound gorilla of the business software world.  Could you please simplify patching?  It’s gotten worse, not better, in the past couple of years.  Why isn’t there one place I can go within each application stack/entity, to see what patches have been applied?  Why are there 5 different methods of security patching (SQL Plus, opatch, adpatch, shell scripts and the wacky Weblogic GUI or CLI) for Oracle apps and Oracle EM11g (sorry, Enterprise Manager Base Platform)?  Also, I don’t have spare weeks to apply quarterly patches to all my systems.  Believe it or not, there’s other things I’m responsible for.  Thanks.

PS: If you want to see a good patch management architecture, check out the RedHat Network.  Systems, once configured, check in every couple of hours and see if there’s something to apply.  If there is, the patch can be released from the website, and either downloaded or applied.  It quite literally runs circles around Oracle’s Configuration Manager (OCM).

I can’t get that day back

There’s basically 4 environments in an EM 11g home: The RDBMS, the OMS, the Agent, and the WLS home.

• RDBMS
• Thankfully, patching the database hasn’t changed in years (Linux, non-RAC)
1. Pull the database PSU to your desktop (in my case, 12827726 PSU for 11.2.0.2)
2. sftp/scp the file to the RDBMS server/staging area
3. Shut down the database and listener
4. opatch apply
5. sqlplus / as sysdba and run catbundle.sql psu apply
6. Start the database and listener
• OMS (Enterprise Manager Base Platform – OMS home for those who prefer maximum verbosity)
1. opatch apply (12833678)
2. I think I hit a weird java exception applying this; you may need to apply patch 12620174 first.  I don’t mean to sound vague; I simply don’t remember.
• Agent Home
• opatch apply (9345921)
• WLS (Enterprise Manager Base Platform – OMS Fusion Middleware home for those who prefer maximum verbosity or want to impress their friends)
• I gotta tell you, this is where it got wacky: Oracle Smart Update (aka bsu.sh).  I never patched a WLS home before.  Shame on me.  Apparently, there are two choices: run their GUI or run their CLI
• I chose the GUI
• You might reference ID 1072763.1 regarding how to patch WLS… I thought I had a better example but that one will suffice.  It also covers command line patching.
• cd $ORACLE_OMS_HOME/../utils/bsu
• Land the following patches to my desktop.  sftp/scp them to the server under $ORACLE_OMS_HOME/../utils/bsu/cache_dir
• 12875001
• 12875006
• 12874981
• 10625613
• 10625676
• unzip the 5 patches above.  remove the .zip file, and the README file included with them all.
• ./bsu.sh
• Using the GUI, the patches appear at the bottom.
• Ensure you have the right Middleware home selected on the left (in my case, WLS runs on this server as the Discoverer server in a separate Oracle Home)
• Hit the arrow or some such nonsense to make them go to the top
• Here’s some screenshots to show you the general flow

Obviously, how you'd launch a patching utility

BSU Main Screen

Select from the list of patches in your cache directory, and hit the green up arrow

After clicking the green arrow, the patch is validated against... something

End state. Everything is installed. I think.

To Summarize

Just to patch EM 11g, the discrete steps involved for me were

• Read the CPU to determine applicability
• Determine which patches need to be applied
• Pull the patches from the world’s slowest support site
• Stage the patches to the EM server
• Apply the patches to the database using opatch and sqlplus
• Apply the patches to the OMS using opatch
• Apply the patches to the Agent Home using opatch
• Apply the patches to WLS using the wacky GUI

While this is somewhat of a detailed overview of how to apply the CPU to EM11g last month, I wanted to make two points.

• First, there are too many disparate ways of patching Oracle, in my opinion.  They range from the simplicity of a GUI for WebLogic patching to literally issuing unzip and cp commands on a Linux host to apply a patch to the 11i techstack home (don’t believe me?  check out patch 10410398).
• As a result of the above, patching (especially security patching) takes too long
• As a result of it taking too long, it’s very easy to see how one would choose to ignore security patching
• I wanted to show the “new” WLS patching method on the blog, as I hadn’t seen it before.  It’s surprisingly simple, yet it felt like Oracle took the ball to the opponents 4 yard line and fumbled.  Why not just automatically pull patches to the cache directory based on a checkin like RedHat (RHN)?  Apply them and report back in a web GUI somewhere?

RDBMS 11.2.0.3 is out

Discovery

So I’m reading the components to update for CPU 1011 which came out a few weeks ago, and I noticed that if I upgrade my RDBMS to 11.2.0.3 I don’t have to apply the RDBMS CPU patch.  Hmm, didn’t even know 11.2.0.3 was out, but there it is, 23-Sep-2011.

$&@!

Then I remembered Oracle’s awesome new plan about one-off patches.  They’re not patches anymore.  In fact, I don’t even understand why they call it 11.2.0.3 patch set for oracle database server.  It’s 5.1gb, a complete base install:

Ladies and Gentlemen, the world's largest patch, brought to you by the world's slowest support site!

HTTP transfers

Perhaps the issue is our corporate internet, but in my experience, http is an awful way to download files on a massively shared pipe.  I think it took me 4 weeks to download R12.  Basically, without error correction or the ability to resume, the http downloads just “die” silently in the browser. Oracle, if you’re going to make me download 5.1gb every time you come out with a one-off patch, how about an sftp site, java downloader, something more professional than http?  Do we have to go back to the days when I contact support and have them send me a bunch of physical media?

Enterprise Manager 12c

Just a Teaser..

For those of you (like me?) who didn’t get to Open World this year, you may not be aware that Enterprise Manager 12c has been released.  It promises to support cloud-based deployments of Oracle software in addition to all things which were previously managed by EM.  I admit I’m curious about it, but because I’m going to some training next week and will be out of town, I wasn’t in a hurry to upgrade a known entity (EM11g) with an unknown.  I did, however, begin the upgrade process by applying patch 1044087 to my EM 11g.  This makes the upgrade link show up under the deployments tab:

New content

When you click through, you get a whole screen full of upgrade steps to follow

More than an afternoon's work...

I’m running EM 11g, I’m not sure why it suggests I’m upgrading from 10.2.0.5 (underlined in red in screenshot above) but it’s likely this is just a typo.

Sorry for the teaser, that’s as far as my “upgrade” is going for a few weeks as I need EM to be reliable and stable…

Are you really, really, really, really sure?

Do you want to proceed? [y|n]
y
User Responded with: Y

Running prerequisite checks...
Patch 11724936: Optional component(s) missing : [ oracle.rdbms.dv.oc4j, 11.1.0.7.0 ] , [ oracle.rdbms.dv, 11.1.0.7.0 ] 

OPatch detected non-cluster Oracle Home from the inventory and will patch the local system only.

Please shutdown Oracle instances running out of this ORACLE_HOME on the local system.
(Oracle Home = '/u01/apptrain/oracle/traindb/11.1.0')

Is the local system ready for patching? [y|n]
y
User Responded with: Y

So… how many times does someone say they’re ready to proceed, but their local system is not ready for patching? I’m all about second chances to change your mind. Why not ask another a few more times?

Do you want to proceed? [y|n]
Is the local system ready for patching? [y|n]
Are you really sure you're ready for this patch? [y|n]
Are you really, really sure? [y|n]

To proceed with this patch, please verify the words above

SELinux & RedHat Reboots

PC Load letter

So I’m working a maintenance window yesterday which required a reboot of a RHEL5 production server which houses 4 non-11i Oracle databases.  It had been nearly a year since the last reboot (!) and I badly needed a kernel update.  After the reboot, I go to start the listener on my Kronos (timekeeping) database, and I get this:

$ lsnrctl start KRONOS
lsnrctl: error while loading shared libraries: /u01/kronos/kronosdb/11.1.0/lib/libnnz11.so: cannot restore segment prot after reloc: Permission denied

I have to confess, I’ve actually hit this before, but it had been a long time (at least a year) and I had to knock the cobwebs free to remember the solution. In short, SELinux doesn’t allow this shared library to be accessed, and this will stop your listener, sqlplus, webcache, or other executable from starting. The quick fix is rather simple: disable SELinux as follows:

# su -
# getenforce
Enforcing
# setenforce 0
# exit
$ lsnrctl start KRONOS
LSNRCTL for Linux: Version 11.1.0.7.0 - Production on 09-OCT-2011 10:23:19 Copyright (c) 1991, 2008, Oracle. All rights reserved.
Starting /u01/kronos/kronosdb/11.1.0/bin/tnslsnr: please wait...
...
The command completed successfully

The better answer?

If you check Doc ID 454196.1, you will see that Oracle has a few solutions for it, as even they recognize that disabling SELinux is bad policy. First, it appears there is a patch for RDBMS 11.2.0.1 (9215184) and that the issue is resolved in 11.2.0.2. For those of us who don’t consider an RDBMS upgrade a solution, apparently Red Hat has a bug filed for this. Interesting, as if you read it, you will see that Oracle built their shared library wrong, and RedHat had to essentially create a new SELinux rule for this in RHEL5.5:

Fixed in selinux-policy-2.4.6-256.el5
I believe this has missed RHEL5.4, so it will be in RHEL5.5

Note that this seems a little suspect, as I checked my release and it would appear to be fine:
# cat /etc/redhat-release
Red Hat Enterprise Linux Server release 5.7 (Tikanga)

Geek Arcana

My former colleague in Chicago Richard complains that I haven’t updated this blog in a while.  To help him steal ideas from me and tell his boss he thought them up, I figured I’d post a few miscellaneous new things.

Broken Record

I’ve been sounding like a broken record, in that whenever I went into My Oracle Support (you know, the slow version of what used to be Metalink?) I’d have to log out and log back into their non-flash site to upload files because it didn’t work with Chrome.  Well I don’t know whether it was an update to Chrome or MOS, but you can finally upload all the inane logs and output file your analyst asks you for while in Chrome!

Chrome is not a crime!

While we’re on that subject

Some evidence all my whining about Oracle’s lack of support for Chrome may have merit!  I noticed this on Slashdot today, and, in a nutshell, it says Chrome will overtake Firefox as the #2 browser within the next few months, and IE is taking huge losses to Chrome as well.  I despise IE, avoid it like the plague (virus?) that it is, and will not shed a tear when it finally falls from the top spot.  It all goes back to the way Micro$oft forced IE down our throats, and I will not browse with a known monopolist.

EM 11g from an iPhone

I found another reason my iPhone runs circles around my old Blackberry.  With it’s built-in VPN capabilities, I can actually get to my EM 11g web server and, well, work!  The only exception is, of course, the well publicized lack of flash support for iOS, noted in the screenshot of the performance tab in the database.  If anyone from Oracle is watching… any chance we can get off flash (HTML5?) in some future version so there’s full mobile functionality?  If not, how about an EM Grid Control App?

These are unedited screenshots from the iPhone, except where I had to hide IP addresses and the like.

Login Page

EM Starting Screen

Database Targets Screen

A specific database

The Performance Tab

The one thing which won't work - Flash for the performance graphs!

Scheduled Jobs

Making the Oracle 11gR2 client install on Ubuntu 10.04 LTS

A Fresh Start

I recently had to reload my work notebook so it would dual-boot Windows 7 or Ubuntu 10.04 (instead of the old configuration, where Windows 7 ran inside Ubuntu via Virtual Box). As a result, I lost my tried and true Oracle client install on Ubuntu, and had to go about it from scratch again. Officially, like so many things I post about, this is totally unsupported. Realistically, I’ve been using the 11gR2 client on Ubuntu for years without incident. It’s nice to be able to right click to open a terminal session, then sqlplus apps@prod to get into my database.

Just Get to the Good Stuff!

I think I hit every possible trap going through this install; I’m going to spell them all out (as opposed to just saying “Install this package, create these links, and edit your profile this way…”) so that if anyone Googles the error messages, they might find the solution here.

First Point of Failure: Packages

I knew it wasn’t going to work without some manipulation, but I wanted to see what the errors looked like. Of course, the installer says a bazillion packages are not right, and I checked ignore all. In most cases, Ubuntu 10.04 has advanced versions of these packages, so it’s not that they’re not there, it’s just that the installer isn’t seeing the version it wants. That’s not true in the case of AOI access libraries.

The failure looks like this:

The installer chokes...

The install log provides some detail

Ensure aio-dev libraries are installed via the Ubuntu Software Center

Second Point of Failure: Symbolic Links

Without a few symbolic links, you will a mysterious error similar to this in the next in the installer when it tries to link binaries:

Ah, the mysterious nnfyboot and libagtsh.so error!

If you see this, create the following symbolic links as root:

ln -s /usr/bin/basename /bin/basename
ln -s /usr/bin/awk /bin/awk
ln -s /lib/libgcc_s.so.1 /lib/libgcc_s.so

ln ­-s $ORACLE_HOME/lib/libagtsh.so.1.0 $ORACLE_HOME/lib/libagtsh.so

Third Point of Failure: Environment

This is a little murkier, as I’m not sure if I was fighting symbolic links and the environment, but ultimately you need this in your profile anyways.  So if you’re still having problems, use vi or append to /etc/profile the following lines and rerun the installer:

export ORACLE_HOME=/home/kkempf/Oracle/product/11.2.0/client_1
export LD_LIBRARY_PATH=$ORACLE_HOME/lib:/lib:/usr/lib:$LD_PIBRARY_PATH
export PATH=$PATH:$ORACLE_HOME/bin

Complete!

No install is complete without root.sh!

Finally!!

After (embarrassingly) realizing I forgot my tnsnames.ora file in $OH/network/admin, sqlplus fired up just fine:

sqlplus from the command line

When Discoverer stops starting

A Bad Day

Corrupt memory on a blade in our blade center crashed about 4 virtual machines and 9 Oracle databases on me a few weeks back.  As luck would have it, one of the machines was running Oracle Enterprise Manager, so I received no alerts.   When I finally got around to starting up Weblogic Server/Discoverer, I received a rather cryptic error and opmn was kind of hung up.   I’d honestly hoped to post the exact failure log, but it seems that I can’t find it anywhere in the logs I know about in WLS and opmn.  So I’ll post the symptoms here, and perhaps you can tuck it away as a warning for some future day.

Starting Discoverer

As you may know if you’ve read my other entries on Discoverer 11g, I created a script which seemed to work great for me, because apparently Oracle thinks people like to run 4 disparate commands to get Discoverer started.

startdisco.sh

#!/bin/bash

export MIDDLEWARE_HOME=/u01/discoverer/Middleware
export DOMAIN_HOME=$MIDDLEWARE_HOME/user_projects/domains/ClassicDomain
export WL_HOME=$MIDDLEWARE_HOME/wlserver_10.3
export ORACLE_HOME=/u01/discoverer/Middleware/as_1
export ORACLE_INSTANCE=/u01/discoverer/Middleware/asinst_1

rm -rf nohup.out

echo “Ensure NO processes related to disco 11g are running or this will fail”

nohup $DOMAIN_HOME/bin/startWebLogic.sh -Dweblogic.management.username=weblogic -Dweblogic.management.password=pw > /tmp/wls_start.log &

nohup $WL_HOME/server/bin/startNodeManager.sh > /tmp/start_nodemanager.log &

echo “sleeping”
sleep 60

nohup $DOMAIN_HOME/bin/startManagedWebLogic.sh WLS_DISCO t3://myhost.mydomain:7002 > /tmp/start_mgdwls.log &

echo “sleeping”
sleep 60

$ORACLE_INSTANCE/bin/opmnctl startall
$ORACLE_INSTANCE/bin/opmnctl status
echo “If Discoverer doesn’t start properly, login to http://myhost-01.mydomain.com:7002/console”
echo “From the home page, click servers (Under Environment), then the control tab.  Check WLS_DISCO then click the start button below the checkbox”

You can take my script, or leave it, but the bottom line is that the following things need to be started to get Discoverer working:

1. startWeblogic.sh
2. startNodeManager.sh
3. startManagedWeblogic.sh
4. opmnctl startall

When I ran this script after the server crash, some OS processes would start, some would not, and I remember opmnctl status showing “pending” or something like that, instead of “starting” or “alive”.   Somewhere in some log, something pointed me to an error which said “cannot find /usr/lib/jvm/java-1.6.0-sun-1.6.0.22.x86_64″ or the like.

The Nature of the Error

In short: the specific, hard coded JDK on the Linux host which WLS and Discoverer were looking for, was no longer there.  I don’t know why, but I suspect that through the course of normal RedHat updates, after a new version was installed either the sysadmin cleaned up the old version (i.e., deleted it) or it cleans up the old versions as part of the update manager process.  Either way, there’s no way Discoverer was going to start.   The reboot had, in fact, forced the issue; in theory it would have continued to run forever “in memory” despite the fact that the version it was using was no longer available on the disk.

The Quick Fix

As it turned out, I was at the airport when I got a call from our help desk, with users complaining that discoverer wasn’t available.   After finally figuring out what the issue really was (which is more confusing than it seems, since a bunch of processes start just fine without JDK), I did a ghetto-IT fix of creating a symbolic link as root:

/usr/lib/jvm/ln -s java-1.6.0-sun-1.6.0.22.x86_64 java-1.6.0-sun-1.6.0.26.x86_64

Basically, this puts a pointer on the disk saying, “if you’re looking for jdk 1.6.0.22, go look in 1.6.0.26 instead”.  It ain’t pretty, but I had a plane to catch.

Started Discoverer fine immediately afterwards.  Put this on my “to investigate” list.

The Better Fix

When I finally had time, I boiled down my investigation to two points:

• Where was the JDK version hard coded in the WLS startup scripts
• What versions of the JDK were certified with WLS/Disco

I got 1 out of 2.  The first one.  Turns out, I’m not the only one to see this problem.  Note 1058804.1 “How to Change Type of JDK (Sun/JRockit) for FMW 11g Domain” explains that the script $MIDDLEWARE_HOME/wlsserver_10.3/common/bin/commEnv.sh has a variable called JAVA_HOME in it which was hard coded to the path to /usr/lib/jvm/java-1.6.0-sun-1.6.0.22.x86_64.  I decided my best option here was to change it to /usr/lib/jvm/java-1.6.0-sun.x86_64 since it appears that the symbolic link in /usr/lib/jvm called java-1.6.0-sun.x86_64 would forever after point to whatever the latest version of the JDK was.  At least this way, I didn’t have to go monkey around in a WLS shell script every time the JDK changed versions.  Honestly, I don’t know if I pointed the WLS installer at a specific version of JDK, if it auto detected it, or installed it itself, but it was bad policy and needed correcting.

Addendum: After more confusion regarding this same issue, I found another file also contains a hard-coded reference to your JVM which apparently is created during installation.  In addition to commENV.sh, you must fix the SUN_JAVA_HOME reference in $MIDDLEWARE_HOME/user_projects/domains/ClassicDomain/bin/setDomainEnv.sh

 

The part I couldn’t discern was what version of Java was certified for my OS, WLS and Discoverer version.  The analyst was good and send me a bunch of spreadsheets which supposedly covered this, but it became apparent after a few minutes that it would take a higher power to discern what they meant.  I decided that if it’s running now, that’s what’s most important, and that if push ever came to shove, I’d downgrade to fix an issue at the insistence of an analyst.

How to make an iPhone work in a corporate environment

Can we make this relationship work?

Cellular tether

It’s just an accepted fact in IT that you’re going to be contacted after hours.  Recently, my Blackberry Tour started giving me grief during data (internet) tethering with my Ubuntu desktop.  The bluetooth connection would drop itermittently, or not even be recognized by Ubuntu.  This wasn’t really acceptable, and I’d seen how slick the interface was on a colleagues iPhone with regard to the ease of creating a personal wi-fi hotspot.  Since I’ve never had a problem connecting my notebook to a wi-fi network, I reluctantly bid my Blackberry adieu and got the iPhone 4.  

What Blackberry does well

The Blackberry is an awesome workhorse for the business place. 

• The battery lasts forever.  I could easily make a 3 day weekend without ever putting it on the charger.
• Filters.  No offense, Oracle, but I don’t want my phone to wake me up at 4am because some analyst updated my SR.  Basically, if the email wasn’t from my company’s domain, it didn’t get to my Blackberry.
• Sound Profiles.  I had an awesome little app for the Blackberry called profiler pro.  What this allowed me to do was set the phone to vibrate during the workday and loud at night.  In other words, alerts got to me when I needed them (and woke me up if necessary), and when I was at work, I assumed I’d already be aware of problems via email.
• Keyboard.  This is so easy to type on.  I’m not part of the texting generation, I need keys in the right place and a tactile feel to them.

So the iPhone had to stack up against all of these requirements. 

First Impressions of the iPhone4

• A few bumps with AD, but integrated to my work email via active sync
• Beautiful display
• Slick interface
• How can the battery be that low already?
• Why do I have to kill an application after I use it, shouldn’t it just shutdown?
• Lots of apps
• Will the email make a ding if the screen is locked?  Sleeping?  What about if the app isn’t running? 
• Where’s the volume/ringtone control for incoming email?  Oh.  There isn’t one?  Great.  That little ding is supposed to wake me up?
• Glad you put a rington control on texts.  I can choose 27 different rings for that. 
• Where’s the filter?   I got this phone right in the middle of the memory upgrade and the subsequent DRCP fix noted in my last posting.  So I had to keep a close watch on email/alerts
• I love your work, Steven Chan, but your updates are always at odd hours on the east coast
• Why is someone adding me as a friend on Facebook at 2am?  They live in the same timezone as me.  Wait.  Why is my phone dinging to tell me this?
• Oh look, Oracle closed my SR at 5:37am.   2 emails to tell me this.

Can I really be the only one in IT who needs an iPhone to be businesslike?

I’m beginning to see why this phone wasn’t immediately embraced by the corporate community.   It’s more geared toward consumer use, to be sure.  I don’t think I’ll be doing any face time with anyone.  Ever. 

I began looking at other options, such as buying apps to make up for what I think are pretty basic shortcomings.  I even read up on jailbreaking.  I was about to go that route when an old colleague illuminated a way to fix most of my grievances.  Hat tip to Rich for that. 

I should start out by explaining that my provider is Verizon wireless.  They create an email address for you which really sends a text to your phone.  So 1234567890@vtext.com would send a text to your phone if you had the number 123-456-7890.

So basically, to resolve the filter issue, I created exchange rules to forward messages from Enterprise manager and anyone in the IT department to my vtext.com email.  This, therefore, sends a text to my iPhone.  I set the text sound to an annoying tone which has a decent shot of waking me up.  Then I silenced the already nearly inaudible ding I used to get when I received an email by just turning it off in the settings.

This really killed 2 birds with one stone.  The only thing I don’t have resolved is how to silence the phone while I’m at work .  I mean, I remember to do it, once I get my first annoyingly loud message in the morning, but there should be an automatic way.  This is a computer, after all!  Suggestions would be welcomed.