© copyright 2009 sysgem ag, 8002 zurich, switzerland sysgem file synchronizer (sfis) manage...
TRANSCRIPT
© Copyright 2009 Sysgem AG, 8002 Zurich, Switzerland
Sysgem File Synchronizer(SFiS)
Manage configuration files on multiple target serversfrom definitions held in a central repository
A Sysgem Enterprise Manager (SEM) Module
© Copyright 2009 Sysgem AG, 8002 Zurich, Switzerland
Basic Principals…
Access & Audit
SFiS Source File Definitions
Target Configuration Files Target Configuration Files
Con
figur
atio
n M
gt.
Control Integrity
Monitor &
AlarmDistribute & Deploy
Construct S
ources
© Copyright 2009 Sysgem AG, 8002 Zurich, Switzerland
1. Source File Mgt.
• GUI to create and edit files
• ‘Source’ files plus ‘Include’ files
• Held in a central repository
• Control access (for security &
delegation)
• Full auditing
• Encrypted storage
Access & Audit
SFiS Source File Definitions
Target Configuration Files Target Configuration Files
Con
figur
atio
n M
gt.
Control Integrity
Monitor &
Alarm
1. Constru
ct Sources
Distribute & Deploy
What it does…
© Copyright 2009 Sysgem AG, 8002 Zurich, Switzerland
What it does…
2. File Distribution
• Display target server & file lists
• Show differences between
Source / target files
• ‘Drill down’ to see differences
• Indicate required updates
• Filter & select exceptions
• One-click updates
Access & Audit
SFiS Source File Definitions
Target Configuration Files Target Configuration Files
Con
figur
atio
n M
gt.
Control Integrity
Monitor &
Alarm
Construct S
ources
2. Distribute & Deploy
© Copyright 2009 Sysgem AG, 8002 Zurich, Switzerland
What it does…
3. Monitoring & Reporting
• Take HTML / spreadsheet
reports
• Automatically monitor target files
• Alarm inconsistencies
• Report changes via e-mail
• ‘Set & Forget’ Solution
• Monitor 100’s of servers
Access & Audit
SFiS Source File Definitions
Target Configuration Files Target Configuration Files
Con
figur
atio
n M
gt.
Control Integrity
3. Monitor &
Alarm
Construct S
ources
Distribute & Deploy
© Copyright 2009 Sysgem AG, 8002 Zurich, Switzerland
What it does…
4. Configuration Management
• Run pre / post Shell scripts
• One source file per target file for
100’s of servers
• Typical files:• /etc/crontab
• /etc/hosts
• /etc/sudoers …
• Or, use with any text file
• Use a simple Meta-language to
define variations between servers
Access & Audit
SFiS Source File Definitions
Target Configuration Files Target Configuration Files
4. C
onfig
urat
ion
Mgt
.
Control Integrity
Monitor &
Alarm
Construct S
ources
Distribute & Deploy
© Copyright 2009 Sysgem AG, 8002 Zurich, Switzerland
What it does…
5. Access Control & Audit Trail
• Control access to: – nominated servers
– Nominated files (target & source)
– Script commands
– Menu options
… for nominated administrators
• Full audit logging
• Browse / analyse / report on audit
logs
5. Access & Audit
SFiS Source File Definitions
Target Configuration Files Target Configuration Files
Con
figur
atio
n M
gt.
Control Integrity
Monitor &
Alarm
Construct S
ources
Distribute & Deploy
© Copyright 2009 Sysgem AG, 8002 Zurich, Switzerland
What it does…
6. Control Integrity
• Conform to central policies
• Log authentic changes
• Detect unauthorized changes
• Automated alarms
• Audit history browser
Access & Audit
SFiS Source File Definitions
Target Configuration Files Target Configuration Files
Con
figur
atio
n M
gt.
6. Control Integrity
Monitor &
Alarm
Construct S
ources
Distribute & Deploy
© Copyright 2009 Sysgem AG, 8002 Zurich, Switzerland
Central definition of configuration files
Simple meta-language statements
Delegation to Multiple Administrators
Report on and update configuration files on target
servers
How it works …
© Copyright 2009 Sysgem AG, 8002 Zurich, Switzerland
Compare contentsCentral File
Target Files
On Distributed Servers
Display Differences
Compare & report…
© Copyright 2009 Sysgem AG, 8002 Zurich, Switzerland
Synchronize contents
Central File
Show Update Results
Target Files
Distributed Servers
Update & Deploy…
© Copyright 2009 Sysgem AG, 8002 Zurich, Switzerland
Predictability …
View which data / shell commands
apply to individual servers and not
others
View which data & shell commands
apply to individual servers and not
others
© Copyright 2009 Sysgem AG, 8002 Zurich, Switzerland
Typical Configuration FilesManaged by Sysgem File Synchronizer:
/etc/sudoers
/etc/hosts
/usr/openv/netbackup/bp.conf
(Configuration file for netbackup)
/etc/crontab
/etc/sysctl.conf
/etc/group
/etc/shells
/etc/services
Scripts (with the “I” clause you can distribute
scripts --- shell, Perl, etc)
© Copyright 2009 Sysgem AG, 8002 Zurich, Switzerland
Key Benefits
Ease of Configuration Management:Control Configuration files from one central pointConvenient and easy distribution of updatesCheck status and look for exceptions for the entire
network in a single display window Increased Integrity & Increased Security :
Automatic monitoring resulting in alarms when corporate policies not being adhered to
Audit trail Reduced Effort:
Delegate with fine granularity of privileges Ease of Creating of Reports
© Copyright 2009 Sysgem AG, 8002 Zurich, Switzerland
Demonstration - target file content:
############################################ # This is a Demo File # # It is held on server: # # DemoLinux1 # # IP Address:# # 192.168.213.5 # # Port:# # 7251# # Color Code: # # Blue# ###########################################
############################################ # This is a Demo File # # It is held on server: # # DemoLinux2 # # IP Address:# # 192.168.213.7 # # Port:# # 7251# # Color Code: # # Red# ###########################################
DemoLinux2DemoLinux1
© Copyright 2009 Sysgem AG, 8002 Zurich, Switzerland
Demonstration - source file content:T FileSync Demo - B1
## Target Files:#
F DemoLinux1 /tmp/FileSync/FileSync-Demo-B.txtF DemoLinux2 /tmp/FileSync/FileSync-Demo-B.txt
A ++
D ###########################################D # D # This is a Demo File D # D # It is held on server: D # D # {{SRVNAME}} D # D # IP Address:D # D # {{IPADDRESS}} D # D # Port:D # D # {{PORT}}D # D # Color Code: D # D # {{COLOR}}D #D ###########################################
“T” = Title for source file
“F” = target “File” name(One central source file, target files on multiple
servers)
“A ++” = Apply the following data items to *all* connected agents
“D” = Data items
Variables for expansion at run
time.
© Copyright 2009 Sysgem AG, 8002 Zurich, Switzerland
Additional Optional Slides Follow
© Copyright 2009 Sysgem AG, 8002 Zurich, Switzerland
Management Console (Windows GUI)
Authorization Server
Managed Agents on Target Systems
SEM Installed Components
© Copyright 2009 Sysgem AG, 8002 Zurich, Switzerland
Additional Security with SEM Proxy Servers…
Proxy Server
Managed Servers
Authorization Server
GUI
SSHAdministrators &
Scripts Registered at Proxy Server