alignia v5.0 business applications

Detailed Scope

5.0BAP-APP

Alignia for Business Applications Detailed Scope

The software described in this book is furnished under a license agreement and may be used only in

accordance with the terms of the agreement.

Copyright Notice

Copyright © 2017 Tango/04 - A Division of HelpSystems All rights reserved.

Document date: October 2017

Document version: 1.0

Product version: 5.0

No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language or computer language, in any form or by any means, electronic mechani-cal, magnetic, optical, chemical, manual, or otherwise, without the prior written permission of Tango/04.

Trademarks

Any references to trademarked product names are owned by their respective companies.

Technical Support

For technical support visit our web site at www.tango04.com.

Tango/04 Computing Group S.L. Avda. Meridiana 358, 5 A-B Barcelona, 08027 Spain

Tel: +34 93 274 0051

http:\\www.tango04.com

http:\\www.tango04.com

Table of Contents

Table of Contents

Table of Contents .............................................................................. iii

How to Use this Guide........................................................................vi

The New Offer – Overview on Alignia Product Line................................ 11.1. The Philosophy Behind it ................................................................................1

1.2. The Landscape ...............................................................................................1

1.3. The Solution: Best of Breed or Unique Monitoring Tool?................................1

1.4. The Tango/04 Approach .................................................................................2

1.5. Overview on the Different Modules.................................................................2

1.5.1. Alignia for Online Business Services (OBS) .............................................2

1.5.2. Alignia for Business Processes (BP).........................................................2

1.5.3. Alignia for Business Applications (BA) ......................................................3

1.5.4. Alignia for Business Security (BS) ............................................................3

Alignia for Business Applications Overview ........................................... 42.1. What is a Business Application?.....................................................................4

2.2. Business Application Components .................................................................5

2.2.1. Standalone Application Components ........................................................5

2.2.2. Connectivity Group Components ..............................................................5

2.2.3. Other Elements .........................................................................................6

2.3. Business Applications Architecture.................................................................6

What is Alignia for Business Applications?............................................ 73.1. What is a Business Application in Alignia? .....................................................7

3.2. What Does it Do?............................................................................................7

3.3. Main Benefits ..................................................................................................8

3.4. Main Features .................................................................................................8

3.5. Other Alignia Modules.....................................................................................9

3.5.1. Alignia for Online Business Services ........................................................9

3.5.2. Alignia for Business Processes.................................................................9

© 2017 Tango/04 Computing Group Page iii

Table of Contents

Templates ....................................................................................... 104.1. Types of Controls..........................................................................................10

4.2. What are Templates?....................................................................................10

4.2.1. How are Templates Used?......................................................................11

4.3. Standard Templates......................................................................................12

4.3.1. Standard Templates in Development......................................................13

Business Applications Controls........................................................... 145.1. Controls at the Business Application Layer ..................................................14

5.2. Controls at the Standalone Application Layer...............................................14

5.2.1. Configurable Controls .............................................................................15

5.3. Controls at the Server Layer .........................................................................15

5.4. Controls at the Element Layer ......................................................................15

Appendix A: Infrastructure Templates ................................................. 16A.1. Requirements by Credential .........................................................................17

A.2. Devices.........................................................................................................18

A.2.1. Servers ...................................................................................................18

A.2.2. Communication Devices .........................................................................34

A.2.3. End-Point Devices ..................................................................................36

A.3. Standalone Applications ...............................................................................41

A.3.1. Application Server...................................................................................41

A.3.2. Database Management System .............................................................41

A.3.3. Middleware .............................................................................................49

A.3.4. Web Server.............................................................................................56

A.3.5. Virtualization Server................................................................................61

Appendix B: Configurable Controls ..................................................... 63

Appendix C: Configuring an SSL Connection for IBM i .......................... 72C.1. Creating the Server Certificate on iSeries ....................................................72

C.2. Exporting the Server Certificate from iSeries ...............................................73

C.3. Importing the Server Certificate and exporting the Client Certificate ...........74

C.4. Importing the Client Certificate to iSeries .....................................................74

Appendix D: IBM WebSphere Application Server ................................. 75D.1. Requirements ..............................................................................................75

D.1.1. Activating PMI ........................................................................................75

D.1.2. Configuring security................................................................................80

Appendix E: Configuring IBM WebSphere MQ SSL Connections ............. 83E.1. Initial steps....................................................................................................83

E.2. IBM i Configuration .......................................................................................83

E.2.1. Authorizations .........................................................................................84

E.3. Connecting without SSL ...............................................................................85

E.3.1. Authorizations .........................................................................................85

© 2017 Tango/04 Computing Group Page iv

Table of Contents

E.3.2. Credentials in Orchestrator.....................................................................88

E.4. Connecting with SSL ....................................................................................89

E.4.1. Configuring SSL Certificates...................................................................89

Appendix F: Contacting Tango/04.................................................... 105

About Tango/04 Computing Group .................................................. 107

Legal Notice .................................................................................. 108

© 2017 Tango/04 Computing Group Page v

How to Use this Guide

© 2017 Tango/04 Computing Group Page vi

How to Use this Guide

This chapter explains how to use Tango/04 User Guides and understand the typographical conventions

used in all Tango/04 documentation.

Typographical Conventions

The following conventional terms, text formats, and symbols are used throughout Tango/04 printed

documentation:

Convention Description

Boldface Commands, on-screen buttons and menu options.

Blue Italic References and links to other sections in the manual or further documentation containing relevant information.

Italic Text displayed on screen, or variables where the user must substitute their own details.

Monospace Input commands such as System i commands or code, or text that users must type in.

UPPERCASEKeyboard keys, such as CTRL for the Control key and F5 for the function key that is labeled F5.

Notes and useful additional information.

Tips and hints that will improve the users experience of working with this product.

Important additional information that the user is strongly advised to note.

Warning information. Failure to take note of this information could potentially lead to serious problems.

The New Offer – Overview on Alignia Product Line

Chapter 11 The New Offer – Overview on Alignia Product Line

1.1 The Philosophy Behind itFor more than 20 years Tango/04 has been implementing monitoring projects all around the world that

are oriented towards helping IT departments manage their IT infrastructure with a view of the business

services they support.

1.2 The LandscapeAt the end the most important goal for IT is to ensure that the critical business of the company runs fine.

In order to do so it is not enough to monitor how the infrastructure works, but you also need to monitor

applications, user experience and business KPIs. Why? Because only in this way can IT be sure that the

business service is being delivered correctly to its internal and external customers.

Monitoring has to be done from the point of view of the business user, that is, by looking at his user

experience, and checking his business activity. If something is wrong there, no matter what the

infrastructure monitoring tells you, the business user is affected and they will complain.

1.3 The Solution: Best of Breed or Unique Monitoring Tool?Based on these needs, many companies decided to undertake enormous projects in order to improve

the quality of IT services, using ITIL or other best practice frameworks as a basis. Sometimes they

decided to adopt one of the Big-4 giant all-purpose frameworks (IBM, BMC, CA, HP), while others went

for a best-of-breed approach, integrating any type of monitoring tools for infrastructure monitoring: APM,

BSM, BAM…

In most cases such projects lasted months or years without producing tangible results for businesses.

In this context Tango/04 has decided to change the rules and proposes a pragmatic top-down approach:

1) identify the critical business services and processes, 2) analyze them together with the customer and

3) deliver a business-oriented monitoring solution in a very short time (within a month in most cases).

© 2017 Tango/04 Computing Group Page 1


1.4 The Tango/04 ApproachTo make this real, we have decided to create a new product offer, called Alignia, based on three main

pillars: Embedded knowledge; Embedded How-to; Immediate Results.

• Embedded Knowledge: from the experience acquired in hundreds of BSM/BAM projects, we

have identified the key needs that an IT manager has when he wants to know if IT is doing its

job, that is, delivering satisfactory business services and processes to its company. We have

encapsulated a lot of best practices, insights and controls from world class companies,

embedding it in our product.

• Embedded How-to (Methodology): We speak in business language, not jargon. We use a

top-down path for monitoring the principal areas of every company. Dividing the service in 4 key

elements: service consumers, channels, functions and external services, using standard

dashboards. Then you can go more in depth for technical requirements. Using only one

relevant KPI to assess the service as a whole and monitoring all from different points of view.

• Immediate Results: The sum of Embedded Knowledge plus our Embedded Methodology

brings Immediate Results. In addition, we capture relevant data from disparate components or

technical platforms, giving you a new level of visibility.

1.5 Overview on the Different ModulesTango/04’s new offer is structured into four complete and encompassing modules.

1.5.1 Alignia for Online Business Services (OBS)Alignia for Online Business Services is a standard way of monitoring any type of business service that is

online, meaning that there are real users using such services and a problem in them causes

unavailability of the service and dissatisfaction in the users. The more critical these services are for the

company the more useful this module will be for them. For instance unavailability in an online shop,

internet banking, or insurance quotations makes the company lose money.

1.5.2 Alignia for Business Processes (BP)A business process is a set of activities that produce an outcome for the business.

The business processes we can monitor are supported by technology, these activities are executed on

systems and by applications. They are usually executed in an unattended manner, with or without user

participation.

The main difference between monitoring an online business service and a business process is as

follows: when monitoring online services we monitor real-time business transactions performed by

business users that are working now through every available channel. Any unavailability means that

there are critical users that are not able to interact, which definitely means a waste of productivity and in

many cases of money. However, in most cases when those transactions enter the business systems, a

series of activities (process), both automatic and manual, have to be done within the company. These

activities need to be monitored as well, to be sure they are executed in an appropriate time frame and

with no errors. A business process normally has different steps supported by multiple technologies and

applications, and each one of them has to start, end, and produce an output. When monitoring business

processes we monitor all phases of a complete process to see if they start on time, last as long as

expected, end on time and produce expected results. An example of such processes would be night

batch processes that need to complete correctly before the business opens in the morning, or processes

that continuously receive inputs and have to produce outputs.



1.5.3 Alignia for Business Applications (BA)All business services and processes rely on IT servers, applications, network devices etc. Business

Applications is the module that allows a customer to monitor such components (directly or by integrating

with third-party solutions) and model them according to the critical business applications that our

customer is using.

As a consequence, Alignia for Business Applications is the foundation needed for Online Business

Services and Processes to integrate information from the supporting IT components and applications.

1.5.4 Alignia for Business Security (BS)Business is also affected by security threats and a lot of regulations. Nowadays more and more systems

and applications have to comply with several compliance regulations or best practices from certification

authorities or governments such as PCI, SOX, Cobit, ISO etc. The compliance or noncompliance of

systems and applications with these regulations also has effects on business services. Maybe a

business service is available from the IT point of view but has security issues. The new Business

Security module allows companies to establish this relationship between the security compliance and

the business services and processes as well as gives an innovative tool for managing the projects to the

Information Security departments, for audits and key indicators.


Alignia for Business Applications Overview

Chapter 22 Alignia for Business Applications Overview

Alignia for Business Applications is a module that is part of the Tango/04 Alignia product, whose main

objective is to help IT departments detect, understand and fix the problems that cause unavailability and

low performance of their business applications. Furthermore, it is the foundation for other Alignia

knowledge modules which provide visibility to the real-time impact of online services and processes on

the business.

More than 15 years of experience working with monitoring solutions has been embedded in Alignia for

Business Applications to create unique monitoring software that joins an application model together with

a set of best practices and procedures regarding standardized practices for monitoring applications.

Alignia for Business Applications also provides IT managers with a powerful tool for the continuous

improvement of their Service Levels. It delivers relevant information to IT departments concerning the

main IT components that have been the root cause of an application’s unavailability or that have been

responsible for breaking Service Level Agreements.

What’s more, Alignia for Business Applications has been designed to be configured, operated and

administered by the IT department in a simple and agile way, so that IT departments can concentrate

their efforts on fixing problems and improving the service, rather than thinking about which applications

to monitor and how to monitor them.

2.1 What is a Business Application?A business application is defined as a piece of software used by internal or external business users to

perform critical business functions for the company: enter orders, claims, billing, etc. Examples of

business applications are SAP Financials, Siebel, the core banking application, SWIFT, etc.

Applications are normally designed in a multi-layer (also known as multi-tier) architecture, where each

layer has specific functionality: presentation, application processing, data management, etc.

In the same way, Tango/04’s Alignia for Business Applications module provides a standard way of

modeling business applications based on layers, where business applications are composed of a

number of (one-tier) standalone applications or devices, one or more per layer.

The critical elements (assets) of the Alignia for Business Applications module are described here:

• Business applications: defined as a set of interrelated standalone applications. Examples of

business applications are Siebel, SAP, EDI, etc.



• Standalone applications: are software applications that run on just one server. Examples of

standalone applications are SQL Server, IIS, Siebel application server, etc.

• Servers: in the module a server can support none, one, or more standalone applications. The

servers may have elements such as disks, processes, etc.

• Connectivity Groups: sets of communication devices or standalone applications that

interconnect standalone applications within a business application.

• Communication devices: routers, switches, etc.

• End-point devices: printers, storage.

2.2 Business Application ComponentsA business application can be comprised of:

• At least one standalone application (obligatory)

• Connectivity groups (optional)

• End-point devices (optional)

Figure 1 – Business application components

2.2.1 Standalone Application ComponentsA Standalone application is composed of one of the following components:

• One server, OR

• One end-point device

2.2.2 Connectivity Group ComponentsA Connectivity group connects some of the standalone applications of a business application. It can be

composed of several components:

• Standalone applications (none or N)

• Communication devices (none or N)



2.2.3 Other ElementsAll the other elements that a business application may be composed of are not formed by other

components, they include:

• servers

• end-point devices

• communication devices

2.3 Business Applications ArchitectureThe Alignia monitoring solution has two different parts:

• Visualization Part: this is the front-end tool where end-users can view the information

collected by Alignia modules such as Alignia for Business Applications, including:

− an overview of all the assets being monitored

− the individual status of each business application

− the real-time status and performance metrics of standalone applications including

availability, performance and errors

− the real-time status and performance metrics of devices including availability, performance

and errors

• Configuration Part: for administrators of the Alignia monitoring solution. Orchestrator provides

all the tools needed to ensure the results displayed in the Alignia Visualization Engine are

exactly what the end-user needs to see. In Orchestrator we can configure:

− Assets (business applications, standalone applications, connectivity groups and devices)

− Templates

− Monitoring nodes

− Tenants

− Credentials

− and more ...


What is Alignia for Business Applications?

Chapter 33 What is Alignia for Business Applications?

3.1 What is a Business Application in Alignia?As explained above we define a business application as an application such as an ERP, CRM, etc. that

in order to work correctly needs several other components to be available (servers, standalone

applications, network devices etc.).

In today’s complex organization in order to say that a complex application, such as SAP, is working we

cannot only check one Unix server: We will probably have to make sure that the Oracle database, the

Web server, some middleware and the network connectivity are also working. For this reason SAP is

defined as a business application.

If we have an application that in order to know if it is working we will only monitor information from one

server, then this application will be defined as a standalone application.

In this context a business application is an entity defined within Alignia that will be available or not based

on the IT components (servers, standalone applications etc.) that support it.

3.2 What Does it Do?Alignia for Business Applications allows for the monitoring of all servers, standalone applications, and

network devices that support business applications.

It comes with standard templates for monitoring most frequent technologies:

• Operating Systems: AIX, Solaris, Linux, Windows, IBM i, IBM HMC Server

• Network Devices: Cisco, Ports, Network interfaces

• Endpoint devices: Printers, Storage Area Networks (SANs)

• Application Servers: Apache, Tomcat

• Databases: SQL, Oracle, PostgreSQL

• Middleware: IBM WebSphere MQ, JBoss Application Server, Active MQ, Microsoft Exchange,

Microsoft Terminal Server

• Web Servers: IIS, Apache, JBoss, IBM Http

• Virtualization servers: VMware vCenter



These templates provide standard and basic out-of-the-box monitoring for all these technologies, which

can be deployed very quickly. See Appendix A: Infrastructure Templates on page 10 for further details

reagarding the controls included with each template.

In case of technologies for which a standard template is not available, it is possible to configure it in a

standard way using the configurable standalone application that provides simple configuration wizards,

that will collect information from databases, SNMPs, log files etc.

3.3 Main BenefitsAlignia for Business Applications provides a simple and quick way of monitoring all IT infrastructure.

• Extremely quick to deploy, as most controls are standard it can be deployed in few hours

• Only relevant information: having too much information is as bad as having too little

information - Alignia for Business Applications provides only those key controls needed to

make sure that business applications are running fine.

• Integration with other monitoring tools: if some parts of the IT infrastructure are already

monitored by other more specialist tools, Alignia for Business Applications can integrate with

them and use their information to model the business applications

• Business focus, provides the IT backbone needed by Alignia for Online Business Services

and Alignia for Business Process to make sure that business is running. So every time a

business application or a component is degraded, it shows which online business services and/

or business processes are being impacted immediately.

3.4 Main FeaturesThese are the most important features of Alignia for Business Applications:

• The IT view: Alignia for Business Applications allows IT people to visualize in real time the

availability of their business applications (ERP, CRM, WMS, etc.) and the impacted online

business service and/or business process

• Root cause analysis, which is the root cause of a business application’s unavailability

• Impact analysis, is a critical business application being impacted by a problem in the

infrastructure?

• BSM: modeling of supporting infrastructure and standalone applications

• AutoDiscovery, automatically discovers all servers and devices

• Templates, templates are applied to the different servers, devices and standalone applications

automatically

• Large set of standard templates, for most common operating systems, databases, Web

servers, etc.

• Configurable controls for technologies where a standard template is not available

• Predefined dashboards built automatically to show application availability and historical

performance metrics

• SLA Reporting: % availability of today, last week, last month, etc. (in the current version of

Alignia BA 1.1 this functionality is only available through another module called Reports, but in

the future version 2.0 it will be integrated within Alignia natively.)



− Availability SLAs for all elements created automatically out of the box:

− Availability SLAs for all business applications, systems, devices and standalone

applications

3.5 Other Alignia Modules

3.5.1 Alignia for Online Business ServicesAlignia for Business Applications is the foundation of the other Alignia modules, Online Business

Services and Business Processes.

It is a module that is mainly addressed to IT people, and when in connection with the other modules

gives the CIO the confidence that his team knows exactly which business services and processes are

being impacted by IT issues.

3.5.2 Alignia for Business ProcessesAs mentioned above Alignia for Business Applications is also the foundation needed by Alignia for

Business Processes to reflect IT availability problems impacting the execution of business processes.

An IT problem will impact the execution of a business process if it occurs during process execution.

For instance, if a batch process is being executed, and the system where it’s running goes unavailable,

the process won’t be able to finish.


Templates

Chapter 44 Templates

The Business Applications module has been designed to monitor business applications and its

components in the most standard way and to be implemented as quickly as possible. This is made

possible by the use of templates.

4.1 Types of ControlsThere are two levels of monitoring depending on the level of customization needed:

• Standard templates, or out-of-the-box configuration. Standard templates are available for

standalone applications, servers and for communication devices.

• Configurable controls: a limited number of controls are available to be configured, and

include the industry standard recollection technologies that will allow the monitoring of most of

the applications. They are used when there is no standard or if the customer does not find the

provided standard useful. They are available for standalone applications, communication

devices and endpoint devices. For further details see Appendix B: Configurable Controls on

page 10.

4.2 What are Templates?Alignia for Business Applications templates are collections of plug-and-play pieces of software that

complement the Alignia for Business Applications module. They are designed with best monitoring

practices in mind, and embedded with our extensive knowledge and expertise, so that when they are

applied to your systems, the most common monitoring scenarios for those systems are produced.


Templates

Figure 2 – Templates are available to monitor availability, performance, and errors of a wide range of devices and standalone applications that impact on Business Applications

4.2.1 How are Templates Used?Templates are used in Orchestrator (the Alignia configuration tool) when you create an asset in your

inventory. When the asset is created, Orchestrator applies the corresponding template, which creates

the monitors required to monitor the asset, and these monitors are then in turn modeled in Alignia for

Business Applications:

Step 1. Asset is created in the inventory

Step 2. Orchestrator assigns a template to the asset

Step 3. The template creates the monitors

Step 4. Alignia for Business Applications (and SmartConsole) models the monitors

Figure 3 – By applying templates to them in Orchestrator, we can model our applications, servers and devices in Business Applications

See the Alignia for Business Applications Configuration Guide for details regarding creating assets and

applying templates to them.

For example, you have 10 AIX servers that you want to monitor. Instead of creating 10 sets of monitors

for each machine, you just apply the appropriate template to the 10 AIX servers at once, and 10 sets of

monitors are created automatically. Plus you can visualize the 10 AIX servers instantaneously, without

having to model them manually.


Templates

Figure 4 – Resulting modelization from various templates

4.3 Standard TemplatesThe following table lists the templates currently available with Alignia for Business Applications:

Category Type

Server AIX

Server IBM HMC Server

Server iSeries

Server Linux

Server Solaris

Server Windows

Communication device Cisco

Standalone application Active MQ

Standalone application Apache Web Server

Standalone application Exchange

Standalone application IBM Http Server

Standalone application IIS Web Server

Standalone application JBoss Application Server

Standalone application JBoss Web Server

Standalone application Oracle


Templates

See Appendix A: Infrastructure Templates on page 10 for details of the controls provided by each

template.

4.3.1 Standard Templates in DevelopmentThe following is a table of the templates being developed within Alignia for Business Applications at the

time of writing this document:

Please contact Tango/04 to check the current development status.

For any other technologies or applications, not listed here, you can:

• Use configurable controls in order to monitor the host or standalone application. Configurable

controls are intended to cover most of the situations when you need to monitor a new

technology or application that has no standard template, easily, just by configuring industry

standard controls.

• If you need to monitor a technology which you consider an industry standard, you can suggest

the development of a new template. We will analyze your request and decide whether to create

a new template to be included in the product or not. We are willing to include new templates in

the case that they cover standard technologies available on the market, so that they can be

useful for most of our customers.

Standalone application PostgreSQL

Standalone application SQL Server

Standalone application Terminal Services

Standalone application VMware vCenter

Standalone application WebSphere Application Server (WAS)

Standalone application WebSphere MQ

End-point device Printer

End-point device EMC Clariion

End-point device IBM Storwize SAN

Category Type

Category Type

Standalone application Biztalk

Standalone application MySQL

Standalone application Tomcat

Standalone application WebLogic

Standalone application Microsoft SharePoint


Business Applications Controls

Chapter 55 Business Applications Controls

Controls in Business Applications are achieved by the use of standard templates that are embedded

with monitoring knowledge accumulated over time in hundreds of projects.

5.1 Controls at the Business Application LayerWith the use ot templates, at the business application layer we will be able to control:

• Its health status: availability, performance and error status of the business application

• The impacted business elements (i.e. online service or business process) supported by the

business application

• The problem root cause in order to understand what element has to be fixed and where it is

located (at the standalone layer or at the server layer)

• The health statuses of all the standalone applications that form the business application,

organized by layer (i.e. presentation layer, business or logic layer, data processing layer, etc.)

• And the health status of all the servers and their elements that support the standalone

applications of the business application.

5.2 Controls at the Standalone Application LayerAt the standalone application layer we will be able to control:

• Its health status: availability, performance and error status of the standalone application

• The impacted business elements (i.e. online service or business process) supported by the

standalone application

• The problem root cause in order to understand what element has to be fixed and where it is

located (in a server or a device)

We will be able to see if the standalone application problem is occurring at the core layer and/or at the

context layer.

• Standalone core layer: it means that any problem at the core layer will affect all business

applications supported by this standalone application.

• Standalone context layer: it is used to represent that the stand-alone application has a specific

configuration for a particular business application. That is what we call the context of a


Business Applications Controls

standalone application. Where a problem at the context layer will ONLY affect the

corresponding business application.

5.2.1 Configurable ControlsA limited number of controls are available to be configured for standalone applications, communication

devices and endpoint devices. For further details see Appendix B: Configurable Controls on page 10.

5.3 Controls at the Server LayerAt the Server layer we will be able to control:

• Its general health status: availability, performance and error status of the server

• The impacted business element (i.e. online service, business process, Business Application)

supported by the server

• The problem root cause in order to understand what element has to be fixed

We will be able to see if the server problem occurs at the core layer and/or at the context layer of the

server.

• Core layer: it means that any problem at this layer of the server will affect ALL standalone

applications and all business applications supported by that server.

• Context layer: it is used to represent that a standalone application has a specific configuration

on that server. When a problem occurs at the context layer it only affects the corresponding

standalone application of this context.

5.4 Controls at the Element LayerA server or a standalone application may have types of elements. Examples of element types are:

• At the sever level: disks, processes, services.

• At the standalone application level (for a SQL Server standalone application: database

instances).

At the element layer we will be able to control:

• The health status of the element

• The status of element controls

• The graphics of the metrics associated with each control

• The error messages of the controls of the elements


Appendix A : Infrastructure Templates

Appendix AAppendix A: Infrastructure Templates

The templates needed by Alignia for Business Applications to cover common monitoring scenarios are

provided out-of-the box, meaning they are included with the product, ready to go, and requiring no set

up.

A business application is defined as a piece of software used by internal or external business users to

perform critical business functions for the company, such as entering orders, claims, billing, and so on.

Examples of business applications are SAP Financials, Siebel, the core banking application, SWIFT,

EDI, and more.

There are also common assets that impact on a business application (devices and standalone

applications) and by monitoring these assets we can understand why a business application fails.

Figure 5 – Business applications rely on several assets to function correctly

Alignia for Business Applications infrastructure templates are arranged into two categories to reflect the

assets to be monitored that commonly impact on business applications:

• Devices: are entities that business applications rely on in order to function. Device templates

are included for:

− servers

− communication devices

− end-point devices

• Standalone applications: are software applications that run on just one server, and are used

by business applications. Examples of standalone applications are SQL Server, IIS, Siebel

application server, etc.



Standalone templates are included for:

− application servers

− database management systems

− Web servers

− virtualization servers

A.1 Requirements by CredentialThe following table describes the requirements needed for each type of credential used in the product.

Credential Name

Requirements Templates

Authenticated user/password

user, password, authentication method (*ANY, *ANYSAFE, Anonymous, Basic, Digest, GSS-Negotiate, Kerberos, NTLM)

Apache

IIS

IBM Http Server

JBoss Web Server

Active MQ

Database DSN

ODBC DSN connections iSeries PostgreSQL Microsoft SQL Server Oracle

iSeries

Ports 449, 8470, 8471, 8475, 8476, 4781, user QUSER must be enabled, *USE authority, Java 6.0, TCP/IP connections, i5/OS V5R2M0 or above, ODBC DSN connection

iSeries

JMX digital certificate

ThinkServer JMXServer WAS, ThinkServer JMXServer JSR, recommended software: jcon-sole

JBoss Application Server

Linux/UnixAuthorization to execute commands for Linux and Unix operations (top, df, vmstat)

AIX Linux Solaris

Oracle TNS

Oracle Client and OCI, TNS value in tns-names.ora, a user with rights to read the V$ tables, additional tables (CHAINED_ROWS, ALERT_LOG)

Oracle

PostgreSQLRead permission to execute queries through ODBC, Read access to pg_stat_database table

PostgreSQL

SNMP v1/v2Read-only community strings Cisco

Printer

SNMP v3Read-only community strings Cisco

Printer

SQLBased on WMI and ODBC technology. Read access to execute the query select * from @@version

Microsoft SQL Server

SSH (public key) or SSH

(user/password)

Access to SSH port (22), authorization to exe-cute the commands described as follows in the template descriptions per platform for SSH (public key) or SSH (user/password) credentials

AIX

Linux

Solaris

VMware vCenter

Telnet (user/password)

Port 23 AIX Linux Solaris

User/password

user, password EMC Clariion



A.2 DevicesTemplates are available for servers, communication and end-point devices. You can use the Linux

template for your Linux servers, for example, creating all the monitors you need to be able to control

them automatically, such as monitors for CPU usage, network availability, physical and virtual memory,

file systems, and processes.

A.2.1 ServersTemplates are available for the following types of server:

• AIX

• iSeries

• Linux

• Solaris

• Windows

• IBM HMC Server

When you apply the corresponding template to them, you are granted controls over them. For example,

the iSeries template lets you control threads, jobs (and much more).

Figure 6 – Controlling an iSeries application in Business Applications

Windows User

LDAP (port 389), DCOM (port 445), user with Domain Admin privileges, a VPN connection, a local Event Log, shared files and folders on remote machines, user permission to access scheduled tasks on remote machines

Windows

WMIWMI access service (port 135), WMI classes used in Windows and SQL Server operations

Microsoft SQL Server Windows

WebSphere MQ

WebSphere MQ Client, MQ administrator user, a Server Connection MQI channel

IBM WebSphere MQ

Credential Name

Requirements Templates



Substate Column Key

Availability

Performance

Errors


Appe

ndix A : Infra

structure Tem

plates

© 20

17 Ta

ngo/04

Com

puting G

roup P

age 20

h ConditionsAdditional

InformationMinor health Success

e > N/A Host reachable

> N/A Port reachable

N/A Down Automatic discovery and creation of Net-work Interfaces for Network devices. All Interfaces are "No Core" and won't be monitored by default.

W

(IN BW > 100,000,000 or IN BW < 0) or (OUT BW > 100,000,000 or OUT BW < 0)

(IN BW ≤ 100,000,000 and IN BW ≥ 0) and (OUT BW ≤ 100,000,000 and OUT BW ≥ 0)

% Errors > 5% % Errors ≤ 5%

% Discards > 5% % Discards ≤ 5%

Generic controls for all server types

Credentials needed: none.

Pre-requirements: Network access to the device

Controls performed:

Element type Control name Substate Description Metrics

Healt

Critical health Warning health

GlobalNetwork Availability This control ensures

that a host computer is actually operating

- Ping Response Time

Host unreachable Ping response tim1000 milliseconds

Port

Port availability This control ensures that a port in a host computer is actually lis-tening to requests

- Port Response Time

Port unreachable Port response time50 milliseconds

Network interface

Network Interface Status

This control ensures that the interface is operating

Up N/A

Network Interface Bandwidth

This control ensures that the used band-width is operating within the proper limits

- Bandwidth Usage OUT - Bandwidth Usage IN

(IN BW > 100,000,000 or IN BW < 0) or (OUT BW > 100,000,000 or OUT BW < 0)

(IN BW > 100,000,000 or INBW < 0) or (OUT B> 100,000,000 or OUT BW < 0)

Network Interface Errors

This control ensures that the interface is operating with a proper error rate.

- Number of Errors

% Errors > 10% % Errors > 7%

Network Interface Discards

This control ensures that the interface is operating with a proper discard rate.

- Number of Discards

% Discards > 10% % Discards > 7%

Appe

ndix A : Infra

structure Tem

plates

© 20

17 Ta

ngo/04

Com

puting G

roup P

age 21

ions (top, df, vmstat), recommended software: Putty (http://

Health ConditionsAdditional

Informationealth Minor health Success

95% N/A CPU usage < 95%

rcent ≤ N/A Swap free percent > 10%

rrors > 5 N/A Number of Errors < 5

N/A Available

usage N/A Process CPU usage < 25%

ory N/A Process memory usage < 25%

AIX

Credentials needed: Linux/Unix and Telnet or SSH (Public Key) or SSH (User/Password).

Pre-requirements: Access to SSH port (22 by default), authorization to execute commands for Unix operat

www.putty.org/)

Controls performed:


Critical health Warning h

Global

CPU usage This control ensures that the host CPU is working within the proper limits

- CPU Usage Per-cent

CPU usage > 95% during more than 10 minutes

CPU usage >

Virtual Memory This control ensures that host virtual memory is working within the proper limits

- Swap free Per-cent- Swap free Mem-ory (Absolute)

Swap free percent ≤ 10% during more than 10 minutes

Swap free pe10%

System Errors Control

Detects errors appearing when executing errpt command

Number of Errors > 10

Number of E

Process

Process Avail-ability

This control ensures that a process is running on the host

Not available N/A

Process CPU Usage

This control ensures that the process CPU usage is within the correct limits

- Process CPU Usage Percent

Process CPU usage ≥ 25% during more than 10 minutes

Process CPU≥ 25%

Process Performance

This control ensures that a process is performing OK on the host

- Process Mem-ory Usage Per-cent

Process memory usage ≥ 25% during more than 10 min-utes

Process memusage ≥ 25%

http://www.putty.org/


Appe

ndix A : Infra

structure Tem

plates

© 20

17 Ta

ngo/04

Com

puting G

roup P

age 22

N/A Available Automatic discov-ery and creation of FileSystems. "/" is created as "Core" FileSys-tem by default; the rest as "No Core"

0 N/A % Usage < 90



FileSystem

FileSystem Availability

This control ensures that the filesystem is available

Not available or FreeMB < 100 MBs

N/A

FileSystem Usage

This control ensures that the filesystem usage is within the proper limits

- Filesystem Usage Percent- Free Space (Absolute)

% Usage ≥ 95 % Usage ≥ 9



Appe

ndix A : Infra

structure Tem

plates

© 20

17 Ta

ngo/04

Com

puting G

roup P

age 23

6.0, TCP/IP connections, i5/OS V5R2M0 or above, 32-bit IBM

to IBM i are supported. See Appendix C on page 72

ditionsAdditional


N/A CPU usage < 95%

% N/A % Database capability ≤ 90%

00

>

N/A BASEdatabasePages ≤ 2,000 and INTERACTdatabasePages ≤ 2,000and MACHINEdatabasePages ≤ 2,000andSPOOLdatabasePages ≤ 2,000

0

N/A BASEdatabaseFaults + INTERACTdatabaseFaults + MACHINEdatabaseFaults + SPOOLdatabaseFaults ≤ 100

N/A INTERACTdatabaseFaults ≤ 100

iSeries

Credentials needed: iSeries user and database DSN.

Pre-requirements: ports 449, 8470, 8471, 8475, 8476, 4781, User QUSER must be enabled, *USE authority, Java

Client Access ODBC Driver, recommended software: IBM iSeries Access for Windows (Emulator). SSL connections

Controls performed:

Element type Control name Substate Description

Health Con


Global


CPU usage ≥ 95% during more than 10 minutes

CPU usage ≥ 95%

Database capability used

This control measures the storage used and helps guard against over-usage

% Database capability > 90% during more than 10 minutes

% Database capability > 90

Database page rate

This control ensures that database page rates do not exceed a safe number

BASEdatabasePages > 100,000 Or INTERACTdatabasePages > 100,000Or MACHINEdatabasePages > 100,000OrSPOOLdatabasePages > 100,000

BASEdatabasePages > 2,0Or INTERACTdatabasePages 2,000Or MACHINEdatabasePages >2,000OrSPOOLdatabasePages > 2,000

Database page faults

This control lets you know if there is an unstable num-ber of database page faults

BASEdatabaseFaults + INTERACTdatabaseFaults + MACHINEdatabaseFaults + SPOOLdatabaseFaults > 100 for more than 10 min

BASEdatabaseFaults + INTERACTdatabaseFaults +MACHINEdatabaseFaults +SPOOLdatabaseFaults > 10

Interactive Pool Data-base Page Faults

This control ensures that interactive pool database page faults are at a safe number

INTERACTdatabaseFaults > 100 for more than 10 min

INTERACTdatabaseFaults >100

Appe

ndix A : Infra

structure Tem

plates

© 20

17 Ta

ngo/04

Com

puting G

roup P

age 24

N/A INTERACTnondatabase-Faults ≤ 100

N/A MACHINEdatabaseFaults ≤ 10

ts N/A MACHINEnondatabase-Faults ≤ 10

N/A BASEdatabaseFaults ≤ 100

N/A BASEnondatabaseFaults ≤ 100

>

N/A BASEnondatabaseFaults + INTERACTnondatabase-Faults + MACHINEnondata-baseFaults + SPOOLnondatabaseFaults ≤ 100,000

20 -

da-

>

N/A BASEnondatabasePages ≤ 20 and INTERACTnondata-basePages ≤ 20 and MACHINEnondatabaseP-ages ≤ 20 and SPOOLnon-databasePages ≤ 20

N/A All Batch Jobs' CPU > 50%

N/A All Interactive Jobs' CPU > 50%

m N/A Number of Jobs in the sys-tem ≤ 1,000

ditionsAdditional


Global

Interactive Pool Non Database Page Faults

This control ensures that interactive pool non-data-base page faults are at a safe number

INTERACTnondatabaseFaults > 100 for more than 10 min

INTERACTnondatabase-Faults > 100

Machine Pool Database Page Faults

This control reports on the number of machine pool database page faults

MACHINEdatabaseFaults > 10 for more than 10 min

MACHINEdatabaseFaults >10

Machine Pool Non database Page Faults

This control ensures that machine pool non-data-base page faults are at a safe number

MACHINEnondatabaseFaults > 10 for more than 10 min

MACHINEnondatabaseFaul> 10

Base Pool Database Page Faults

This control reports on the number or base pool data-base page faults

BASEdatabaseFaults > 100 for more than 10 min

BASEdatabaseFaults > 100

Base Pool Non-database Page Faults

This control ensures that base pool non-database page faults are at a safe number

BASEnondatabaseFaults > 100 for more than 10 min

BASEnondatabaseFaults > 100

Non-database Page Faults

This control reports on the number of non-database page faults

BASEnondatabaseFaults + INTERACTnondatabaseFaults + MACHINEnondatabase-Faults + SPOOLnondatabase-Faults > 100,000 for more than 10 min

BASEnondatabaseFaults + INTERACTnondatabase-Faults + MACHINEnondata-baseFaults + SPOOLnondatabaseFaults 100,000

Non-database Pages Rate

This control lets you know if there is an unstable non-database pages rate

BASEnondatabasePages > 100,000 or INTERACTnonda-tabasePages > 100,000 or MACHINEnondatabasePages > 100,000 or SPOOLnondata-basePages > 100,000

BASEnondatabasePages > or INTERACTnondatabasePages > 20 or MACHINEnontabasePages > 20 or SPOOLnondatabasePages 20

Looping Batch Jobs

This control ensures that there are no Batch jobs locked consuming CPU

If any Batch Job CPU > 50% for more than 5 min

If any Batch Job CPU > 50%

Looping Inter-active jobs

This control ensures that there are no Interactive jobs locked consuming CPU

If any Interactive Job CPU > 50% for more than 5 min

If any Interactive Job CPU >50%

Total Jobs in System

Warns you if total jobs in system exceeds one thou-sand

Number of Jobs in the system > 100,000

Number of Jobs in the syste> 1,000


Health Con


Appe

ndix A : Infra

structure Tem

plates

© 20

17 Ta

ngo/04

Com

puting G

roup P

age 25

s N/A Number of Active Batch Jobs in the system ≤ 100000

e N/A Number of Active Jobs in the system ≤ 100,000

N/A Number of active Threads in system ≤ 2,000

N/A Users signed on ≤ 500

se N/A Job Best Interactive Response Time ≤ 20 millisec-onds

c-N/A Worst Interactive Job

Response Time ≤ 20 Millisec-onds

N/A Number of Problems = 0

Depending on message Severity












ditionsAdditional


Global

Batch Jobs This control ensures that active batch jobs are at a safe number.

Number of Active Batch Jobs in the system > 500000

Number of Active Batch Jobin the system > 100000

Active Jobs This control ensures that active jobs are at a safe number

Number of Active Jobs in the system > 500,000

Number of Active Jobs in thsystem > 100,000

Active Threads Helps ensure that the num-ber of active threads in a system does not exceed a predefined number

Number of active Threads in system > 10,000

Number of active Threads insystem > 2,000

Users signed on

Warns you if an atypically high number of users are signed on

Users signed on > 100,000 Users signed on > 500

Best Response Time

Warns you if the best response time exceeds the threshold

Job Best Interactive Response Time > 100 milliseconds

Job Best Interactive ResponTime > 20 milliseconds

Worst Response Time

Warns you if the worst response time exceeds the threshold

Worst Interactive Job Response Time > 100 Millisec-onds

Worst Interactive Job Response Time > 20 Milliseonds

Hardware Problems

Warns you of hardware down-time

Number of Critical Problems > 1

Number of Problems > 1

AIX Server Problems

Detects Problems related to AIX Server in HST



Battery Detects Problems related to Battery in HST



Communica-tions

Detects Problems related to Communications in HST



Disks Detects Problems related to Disks in HST



Hardware Detects Problems related to Hardware in HST



IPL Battery Detects Problems related to IPL Battery in HST




Health Con


Appe

ndix A : Infra

structure Tem

plates

© 20

17 Ta

ngo/04

Com

puting G

roup P

age 26











d if minor message detected

if no message detected

N/A Subsystem not active

N/A Status not in (MSGW,LCKW,INEL,HLD)

N/A Number of Job instances ≤ 1 and Number of Job instances ≤ 1

Bs N/A Temporary Storage Used MBs ≤ 512

N/A Job duration ≤ 50,000 min

N/A CPU Usage ≤ 50

ditionsAdditional


Global

Tapes Detects Problems related to Tapes in HST



Technical Ser-vice

Detects Problems related to Technical Service in HST



Thresholds Detects Problems related to Thresholds in HST



UPS Detects Problems related to UPS in HST



Windows Server

Detects Problems related to Windows Server in HST



Message Queues

Critical mes-sages

This control warns against potential issues in mes-sages and jobs awaiting reply

if critical message detected if warning message detecte

SubsystemSubsystem Activity

This control gives you the operability and start/end events of each subsystem

Subsystem Active N/A

Job

Status Provides the number of jobs in critical statuses

Status in (MSGW,LCKW) Status in (HLD,INEL)

Activity Warns you in case of an abnormal number of jobs

Number of Job instances < 1 or Number of Job instances > 1

N/A

Temporary storage

Ensures that temporary storage used by jobs to run is safe

Temporary Storage Used MBs > 1024

Temporary Storage Used M> 512

Duration Captures the activity and duration of specific jobs

Job duration > 100,000 min Job duration > 50,000 min

CPU Usage Checks if the CPU Usage is within the correct limits

CPU Usage > 50 CPU Usage > 40


Health Con


Appe

ndix A : Infra

structure Tem

plates

© 20

17 Ta

ngo/04

Com

puting G

roup P

age 27

" is

N/A Job Queue Status not in ("DAMAGED", "HELD")

N/A Released Jobs in Queue ≤ 4

N/A Status = OK

N/A Status = OK

N/A Status = OK

N/A LibrarySize ≤ 1,000 MBs

> N/A LibrarySizePercentIncrease ≤ 30%

N/A Library Group Size ≤ 1,000 MBs

Library Group Size Percent Increase > 30%

Library Group Size Percent Increase c 30%

N/A Available

N/A App Usage % ≤90%

ditionsAdditional


Job queue

Operability Tells you the number of jobs in queue in each sta-tus

Job Queue Status is "DAM-AGED"

Job Queue Status is "HELDor Queue Subsystem name" "

Overflow Safeguards against over-flow

Released Jobs in Queue > 4 for more than 10 min

Released Jobs in Queue > 4

ControllerStatus Controls the status of a

ControllerStatus = NOT OK N/A

LineStatus Controls the status of a

LineStatus = NOT OK N/A

DeviceStatus Controls the status of a

DeviceStatus = NOT OK N/A

Library

Library Size Warns you if library size grows too big

N/A LibrarySize > 1,000 MBs

Library Size Increase

This control measures the percent increase in library size

N/A LibrarySizePercentIncrease50%

Library Groups

Library Group Size

Helps ensure that library groups do not increase too much in size

N/ALibrary Group Size > 1,000 MBs

Library Group Size Increase

This control measures the percent increase in library group size

Library Group Size Percent Increase > 60%

Library Group Size Percent Increase >50%

ASPs

Availability This control ensures that ASP is available

Not Available or (Available and ASPutilization>96%)

N/A

Usage This control ensures that ASP usage is not too high

ASP Usage % >95% App Usage % >95%


Health Con


Appe

ndix A : Infra

structure Tem

plates

© 20

17 Ta

ngo/04

Com

puting G

roup P

age 28

p, free, ps, df, vmstat), recommended software:

ealth ConditionsAdditional

Information health Minor health Success

≥ 95% N/A CPU usage < 95%

mory N/A Physical memory usage < 95%

ercent ≤ N/A Swap free percent > 10%

N/A Available

U usage ≥ N/A Process CPU usage < 25%

mory N/A Process memory usage < 25%

N/A Available Automatic discovery and creation of File-Systems. "/" is cre-ated as "Core" FileSystem by default; the rest as "No Core"

90 % N/A % Usage < 90 %

Linux

Credentials needed: Telnet or SSH (Public Key) or SSH (User/Password).

Pre-requirements: access to SSH port (22 by default), authorization to execute commands for Linux operations (to

Putty (http://www.putty.org/)

Controls performed:


H

Critical health Warning

Global


- CPU Usage Percent


CPU usage

Physical memory This control ensures safe memory usage

Physical memory usage ≥ 95% during more than 10 minutes

Physical meusage ≥ 95%

Virtual Memory This control ensures that the host virtual memory is work-ing within the proper limits

- Swap free Per-cent- Swap free Memory (Abso-lute)


Swap free p10%

Process

Process Availability This control ensures that a process is running on the host

Not available N/A

Process CPU usage

This control ensures that a process is performing OK on the host



Process CP25%

Process Memory Usage

This control ensures that the process Memory usage is within the correct limits


Process memory usage ≥ 25% during more than 10 minutes

Process meusage ≥ 25%

File System

FileSystem Avail-ability



N/A

FileSystemUsage


% Usage ≥ 95 % % Usage ≥





Appe

ndix A : Infra

structure Tem

plates

© 20

17 Ta

ngo/04

Com

puting G

roup P

age 29

, df, vmstat), recommended software:


Informationhealth Minor health Success


ory usage N/A Physical memory usage < 95%

cent ≤ N/A Swap free percent > 10%

time > 50 N/A Port reachable

N/A Available

usage ≥ N/A Process CPU usage < 25%

ory usage N/A Process memory usage < 25%

Solaris


Pre-requirements: access to SSH port (22 by default), authorization to execute commands for Unix operations (top

Putty (http://www.putty.org/)

Controls performed:


H


Global


CPU usage ≥ 95% dur-ing more than 10 min-utes

CPU usage ≥

Physical memory This control ensures safe memory usage


Physical mem≥ 95%

Virtual Memory This control ensures that the host virtual memory is working within the proper limits


Swap free per10%

Port availability This control ensures that a port in a host computer is actually lis-tening to requests

Port unreachable Port responsemilliseconds

Process

Process Availability This control ensures that a process is run-ning on the host

Not available N/A

Process CPU usage

This control ensures that a process is per-forming OK on the host



Process CPU25%

Process Memory Usage

This control ensures that the process Mem-ory usage is within the correct limits



Process mem≥ 25%



Appe

ndix A : Infra

structure Tem

plates

© 20

17 Ta

ngo/04

Com

puting G

roup P

age 30

N/A Available Automatic dis-covery and cre-ation of FileSystems. "/" is created as "Core" FileSys-tem by default; the rest as "No Core"

N/A % Usage < 90


Informationhealth Minor health Success

FileSystem

FileSystem Avail-ability



N/A

FileSystemUsage




H


Appe

ndix A : Infra

structure Tem

plates

© 20

17 Ta

ngo/04

Com

puting G

roup P

age 31

gSystem, Win32_PerfRawData_PerfOS_Memory,

isk_PhysicalDisk, Win32_LogicalDisk,

rfRawData_PerfNet_Server,

_Environment, Win32_PageFileUsage. Recommended


Informationrning health Minor health Success

sage ≥ 95% N/A CPU usage < 95%

al memory ≥ 95%

N/A Physical memory usage < 95%

memory usage or Page file ≥ 90%

N/A Virtual memory usage < 90% and Page file usage < 90%

N/A Number of Process instances ≥ 1 or num-ber of process instances ≤ 100,000

sage ≥ 15% N/A CPU usage < 15%

s memory ≥ 15%

N/A Process memory usage < 15%

<> 'OK' N/A Available

Windows

Credentials needed: Windows user, WMI

Pre-requirements: WMI access service (port 135), WMI user with permission to query the classes: Win32_Operatin

Win32_PerfRawData_PerfOS_Objects, Win32_PerfRawData_Tcpip_NetworkInterface, Win32_PerfRawData_PerfD

Win32_PerfRawData_PerfOS_System, Win32_ComputerSystem, Win32_NetworkAdapterConfiguration, Win32_Pe

Win32_PerfRawData_PerfOS_Processor, Win32_PerfRawData_PerfProc_Process, Win32_NTEventlogFile, Win32

software: WBEMTest.exe (included in every computer with WMI installed)

Controls performed:


Critical health Wa

Global


- CPU Usage Percent CPU usage ≥ 95% dur-ing more than 10 min-utes

CPU u

Physical mem-ory

This control ensures safe memory usage

- Physical Memory Usage Percent


Physicusage

Virtual Memory This control ensures that the host virtual memory is working within the proper limits

- Virtual Memory Usage Percent- Pagefile usage per-cent

Virtual memory usage ≥ 90% or Page file usage ≥ 90% during more than 10 minutes

Virtual≥ 90%usage

Process

Process Avail-ability

This control ensures that a process is running on the host

Number of Process instances < 1 or num-ber of process instances > 100,000

N/A

Process CPU Performance

This control ensures that the process CPU is working within the proper limits


CPU usage ≥ 15% dur-ing more than 10 min-utes

CPU u

Process CPU Memory

This control ensures that the process memory is working within the proper limits

- Process Memory Usage Percent


Procesusage

ServiceService avail-ability

Ensures the availability of Windows services

(not Installed or not Started or State <> 'Running')

Status

Appe

ndix A : Infra

structure Tem

plates

© 20

17 Ta

ngo/04

Com

puting G

roup P

age 32

N/A Available

ge ≥ 90 N/A % Usage < 90

er rate ≥ 125 rs/s

N/A Transfer rate < 125 transfers/s

type is WARN- event type is FAILURE

Event type is MINOR

Event type is INFOR-MATION


Informationrning health Minor health Success

Logical Disk

Logical disk availability

This control ensures that the disk is available


N/A

Logical disk usage

This control ensures that the logical disk usage is within the proper limits

- Disk Usage Percent- Free Space (Absolute)

% Usage ≥ 95 % Usa

Physical DiskDisk Transfer Rate

Ensures that the Disk Transfer rate is performing within the correct limits

- Disk Transfer Rate- Disk Queue Length

Transfer rate ≥ 125 transfers/s during more than 10 minutes

Transftransfe

Windows Event Log

Windows Event Log

Detects messages in Win-dows Event Logs

- Network Interface Usage- Received- Send- Total- Output Packet Queue Length

Event type is ERROR Event ING orAUDIT


Critical health Wa

Appe

ndix A : Infra

structure Tem

plates

© 20

17 Ta

ngo/04

Com

puting G

roup P

age 33

ed software: Putty (http://www.putty.org/)

alth ConditionsAdditional

Informationlth Minor health Success

ry N/A Physical memory usage < 95%

monhmc -r mem -n0

95% N/A Swap used % < 95% monhmc -r swap -n0

ses > N/A Zombie Processes < 15

monhmc -s hmcsvr -n0

ses > N/A Zombie Processes < 15

monhmc -s rmc -n0

5% N/A CPU usage < 95% monhmc -r proc -n0

N/A % Usage < 90 monhmc -r disk -n0

IBM HMC Server


Pre-requirements: Access to SSH port (22 by default), authorization to execute "monhmc" commands, recommend

Controls performed:


He

Critical health Warning hea

Global

Physical Memory Usage

This control ensures safe memory usage


Physical memory usage ≥ 95% during more than 10 min-utes

Physical memousage ≥ 95%

Swap Memory Usage

This control ensures that host virtual memory is working within the proper limits

- Swap free Per-cent- Swap free Mem-ory (Absolute)

Swap used % ≥ 95% during more than 10 minutes

Swap used % ≥

Server Processes

This control ensures that the number of server zombie processes within the proper limits

Zombie Processes > 20

Zombie Proces15

RMC Processes

This control ensures that the number of RMC zom-bie processes within the proper limits


Zombie Processes > 20

Zombie Proces15

CPU Usage This control ensures that the host CPU is working within the proper limits



CPU usage ≥ 9

FileSystem

FileSystem Usage


- Filesystem Usage Percent- Free Space (Absolute)




A.2.2 Communication DevicesThree different templates can be applied to Cisco and other communication devices such as routers and

switches. All the necessary monitors are created automatically, giving you various controls over the

devices.


Appe

ndix A : Infra

structure Tem

plates

© 20

17 Ta

ngo/04

Com

puting G

roup P

age 35

owser.shtml) or getif




sage ≥ Memory Pool usage ≥ 85 %

Memory Pool usage < 85 %

shold < Degrees to thresh-old < 10

Degrees to threshold ≥ 10

Cisco

Credentials needed: SNMP v1/v2 and SNMP v3

Pre-requirements: read-only community strings, recommended software: MIBBrowser (http://ireasoning.com/mibbr

Controls performed:

Element type Control name Substate Description Cisco


Global




CPU usage ≥ 9

Memory This control ensures safe memory usage

- Memory Usage Percent

Memory Pool usage ≥ 95 %

Memory Pool u90 %

Temperature This control ensures a safe working tempera-ture of devices

- Current Tempera-ture

Temperature > Device-TemperatureThreshold

Degrees to thre5

http://ireasoning.com/mibbrowser.shtml


A.2.3 End-Point DevicesTemplates are available for the following types of end-point device:

• Printer

• EMC Clariion SAN

• IBM Storwize SAN

Printers can be monitored using the Printer template, which provides controls for not only checking

availability, but also detecting issues.

You can apply the template to all of your printers at the same time, saving you from having to create sets

of monitors for each printer.


Appe

ndix A : Infra

structure Tem

plates

© 20

17 Ta

ngo/04

Com

puting G

roup P

age 37

owser.shtml) or getif

ditions

Additional Information

health Minor health Success

N/A No errors in the printer

Supplies type: 1.3.6.1.2.1.43.11.1.1.4.1.1Status: 1.3.6.1.2.1.25.3.5.1.2.1

Printer

Credentials needed: SNMP v1/v2 and SNMP v3

Pre-requirements: read-only community strings, recommended software: MIBBrowser (http://ireasoning.com/mibbr

Controls performed:


Health Con


Global

Problems This control warns of printer problems

Possible problems:128: 'Low Paper',64: 'No Paper', 32: 'Low Toner',16: 'No Toner',8: 'Door Open',4: 'Jammed',2: 'Offline',1: 'Service Requested',128: 'Input Tray Missing',64: 'Output Tray Missing',32: 'Marker Supply Missing',16: 'Output Near Full',8: 'Output Full',4: 'Input Tray Empty',2: 'Overdue Preventive Maintenance',

N/A


Appe

ndix A : Infra

structure Tem

plates

© 20

17 Ta

ngo/04

Com

puting G

roup P

age 38

(top, df, vmstat)

itions


Minor health Success

N/A No Faults detected NaviSECCli.exe - h Device-Name -User UserName - Pass-word Password - Scope GLOBAL faults -list

N/A % Invalid LUNs ≤ 10 NaviSECCli.exe - h Device-Name -User UserName - Pass-word Password - Scope GLOBAL getlun -type -state

N/A % Invalid RAIDs ≤ 10 NaviSECCli.exe - h Device-Name -User UserName - Pass-word Password - Scope GLOBAL getrg -type -state

N/A SP Read Cache State is enabled or SP Write Cache State is enabled

NaviSECCli.exe - h Device-Name -User UserName -Pass-word Password - Scope GLOBAL getall -cache

EMC Clariion

Credentials needed: User/Password.

Pre-requirements: EMC Navisphere CLI (NaviSECCli.exe), authorization to execute commands for Unix operations

Controls performed:


Health Cond


Global

Faults List List of any faulty compo-nents on the storage system

Faults detected N/A

LUNs state List of states of LUNs % Invalid LUNs > 10 % Invalid LUNs > 1

Global

RAID Groups status

List of states of RAID groups

% Invalid RAIDs > 10 % Invalid RAIDs > 1

SP Cache state

List of states of read & write cache for both SPs

SP Read Cache State is not enabled or SP Write Cache State is not enabled

N/A

Appe

ndix A : Infra

structure Tem

plates

© 20

17 Ta

ngo/04

Com

puting G

roup P

age 39

tware: Putty (http://www.putty.org/)


Informationg health Minor health Success

ge ≥ 95% N/A CPU usage < 95% lssystemstats -delim :

ge ≥ 95% N/A CPU usage < 95% lssystemstats -delim :

usage ≥ s

N/A Interface usage < 500 MBps

lssystemstats -delim :

usage ≥ s



usage ≥ s



500 ms N/A Latency < 500 ms lssystemstats -delim :

ut ≥ 500 ms N/A Throughput < 500 ms lssystemstats -delim :



IBM Storwize SAN


Pre-requirements: Access to SSH port (22 by default), authorization to execute "lssystemstats", recommended sof

Controls performed:


Critical health Warnin

Global

Compression CPU Usage

- % Compression CPU Usage


CPU usa

System CPU Usage

- % System CPU Usage CPU usage ≥ 95% during more than 10 minutes

CPU usa

FC Interface usage

- FC Interface Throughput Interface usage ≥ 500 MBps during more than 10 minutes

Interface 500 MBp

iSCSI Interface usage

- iSCSI Interface Throughput Interface usage ≥ 500 MBps during more than 10 minutes

Interface 500 MBp

SAS Interface usage

- SAS Interface Throughput Interface usage ≥ 500 MBps during more than 10 minutes

Interface 500 MBp

MDisks Read Latency

- Read Latency Latency ≥ 500 ms during more than 10 minutes

Latency ≥

MDisks Read Throughput

- Read Throughput Throughput ≥ 500 MBps during more than 10 min-utes

Throughp

MDisks Write Latency

- Write Latency Latency ≥ 500 ms during more than 10 minutes

Latency ≥

MDisks Write Throughput

- Write Throughput Throughput ≥ 500 MBps during more than 10 min-utes

Throughp


Appe

ndix A : Infra

structure Tem

plates

© 20

17 Ta

ngo/04

Com

puting G

roup P

age 40





Global

VDisks Read Latency

- Read Latency Latency ≥ 500 ms during more than 10 minutes

Latency ≥

VDisks Read Throughput

- Read Throughput Throughput ≥ 500 MBps during more than 10 min-utes

Throughp

VDisks Write Latency

- Write Latency Latency ≥ 500 ms during more than 10 minutes

Latency ≥

VDisks Write Throughput

- Write Throughput Throughput ≥ 500 MBps during more than 10 min-utes

Throughp


A.3 Standalone ApplicationsTemplates for standalone applications ensure you can monitor them with best practices in as little time

as possible. Controlling standalone applications is crucial to the business, and templates make it easy,

as the controls are instant.

Standalone applications are categorized as follows:

• Application Servers

• Database Management Systems

• Middleware

• Web Servers

• Virtualization Servers

Different templates are available depending on which type of standalone application you want to control.

A.3.1 Application ServerTemplates are available for:

• IBM Websphere Application Server

It lets you control:

• JVM memory and uptime

• pool usage

• number of faults

• wait and response time

• sessions

• error and request statistics

• loaded servlets

A.3.2 Database Management SystemTemplates are available for:

• SQL Server

• Oracle

• Postgres

They let you control:

• locks

• sessions

• availability

• response time

• storage


Appe

ndix A : Infra

structure Tem

plates

© 20

17 Ta

ngo/04

Com

puting G

roup P

age 42

structure (PMI) must be activated on WebSphere (Please refer

Release VersionAdditional

Information

ealth Success

Memory usage % ≤ 95%

4.02.30000

JVM up & running 4.02.30000

Average usage ≤ 5s

4.02.30000

Faults % ≤ 0,2 4.02.30000

Average Waiting Time ≤ 0,1s

4.02.30000

Active Sessions ≤ 600

4.02.30000

Created Sessions ≤ 12000

4.02.30000

Invalidated Sessions ≤ 1000

4.02.30000

IBM WebSphere Application Server

Credentials needed: WebSphere Application Server

Pre-requirements: WAS Client (32 bits) installed in the Monitoring node machne. The Performance Monitoring Infra

to the IBM WebSphere user guide).

Controls performed:

Element type

Control name Substate Description

Health Conditions

Critical health Warning health Minor h

Global

JVM Memory Used

Ensures that the JVM memory usage is within the correct limits

Memory usage % > 95% during more than 10 minutes

Memory usage % > 95%

N/A

JVM Uptime Ensures that the JVM uptime is within the correct limits

JVM is not up N/A N/A

Pool Usage Ensures that the JDBC connection pool usage is within the correct limits

Average usage >7s Average usage > 5s N/A

JDBC Datasource

Number of faults

Ensures that the number of faults is within tolerated limits

Faults % > 0,5 Faults % > 0,2 N/A

Wait Time Ensures that the amount of time required to obtain a connection is within the correct limits

Average Waiting Time > 0,25s

Average Waiting Time > 0,1s

N/A

Web Module

Active Sessions

Ensures that the number of sessions is within the correct limits

Active Sessions > 1000

Active Sessions > 600

N/A

Created Sessions

Ensures that the number of creared sessions is within the correct limits

Created Sessions > 15000

Created Sessions > 12000

N/A

Invalidated Sessions

Ensures that the number of invalidated sessions is within the correct limits

Invalidated Sessions > 2000

Invalidated Sessions >1000

N/A

Appe

ndix A : Infra

structure Tem

plates

© 20

17 Ta

ngo/04

Com

puting G

roup P

age 43

Release VersionAdditional

Information

ealth Success

No room for new sessions ≤ 1000

4.02.30000

Number of errors ≤ 100

4.02.30000

Invalidated Sessions ≤ 1000

4.02.30000

Number of requests ≤5

4.02.30000

Response Time ≤30s

4.02.30000

Element type

Control name Substate Description

Health Conditions

Critical health Warning health Minor h

Web Module

No room for new sessions

Ensures that the number of sessions that could not be created becuase the number of sessions had been exceeded is within the correct limits

No room for new sessions > 2000

No room for new sessions > 1000

N/A

Error Statistics Ensures that the number of errors is within the correct limits

Number of errors > 200

Number of errors > 100

N/A

Loaded Servlets

Ensures that the number of servlets is within the correct limits

Invalidated Sessions > 2000

Invalidated Sessions >1000

N/A

Requests Statistics

Ensures that the number of requests is within the cor-rect limits

Number of requests >10

Number of requests >5

N/A

Response Time Ensures that the response time is within the correct limits

Response Time >60s

Response Time >30s

N/A

Appe

ndix A : Infra

structure Tem

plates

© 20

17 Ta

ngo/04

Com

puting G

roup P

age 44

user with permissions to query the classes:

ServerBufferManager;

rLocks, recommended software: SQL Server Management



ctions > N/A UserConnections ≤ 1,000

e Hit N/A Buffer Cache Hit Ratio ≥ 90

ocks/s > N/A Lock Deadlocks/s = 0

uts/s > 2 N/A Lock Timeouts/s ≤ 2

N/A Available

> 80% N/A % Log used ≤ 90%

Microsoft SQL Server

Credentials needed: Database DSN, WMI

Pre-requirements: ODBC user with access to the database instance (execution of select @@version query), WMI

Win32_PerfRawData_MSSQLSERVER_SQLServerGeneralStatistics; Win32_PerfRawData_MSSQLSERVER_SQL

Win32_PerfRawData_MSSQLSERVER_SQLServerDatabases; Win32_PerfRawData_MSSQLSERVER_SQLServe

Studio

Controls performed:



Global

Active connec-tions

Ensures that the number of User connections of the SQL Server is within the correct limits

- Number of active con-nections

UserConnections > 2,000

UserConne1,000

Buffer Cache Hit Ratio

Ensures that the buffer cache hit ratio of the SQL Server is within the correct limits

- Buffer Cache hit ratio Buffer Cache Hit Ratio < 85

Buffer CachRatio < 90

Lock deadlocks Ensures that the lock dead-locks rate of the SQL Server is within the correct limits

- Number of Lock dead-locks

Lock Deadlocks/s > 2

Lock Deadl0

Lock timeouts Ensures that the lock time-outs rate of the SQL Server is within the correct limits

- Number of Lock Time-outs

Lock Timeouts/s > 4

Lock Timeo

Database

Database avail-ability

Ensures that the database is available

Not Available N/A

Transaction log usage

Ensures that the transac-tion log usage is within the correct limits

- Transaction Log usage percent

% Log used > 90% % Log used

Appe

ndix A : Infra

structure Tem

plates

© 20

17 Ta

ngo/04

Com

puting G

roup P

age 45

V$ tables (v$session, v$sysstat, v$parameter, v$instance),

ware: Oracle SQL Developer.

ns


inor health Success

ber of Sessions 0,000,000 or ber of Sessions

Number of Ses-sions ≤ 100,000,000 or Number of Ses-sions ≥ 0

select count(1) from v$session where type <>’BACKGROUND’ and status = ‘ACTIVE’

Buffer Cache Hit Ratio ≥ 70

SELECT trunc((1-(SUM(decode(name, ‘physical reads’, value,0))/(SUM(DECODE(name, ‘db block gets’, value,0))+(SUM(DECODE(name, ‘consistent gets’, value,0)))))) * 100) FROM V$SYSSTATSELECT value FROM V$PARAM-ETER WHERE name =’db_cache_size SELECT value FROM V$PARAMETER WHERE name=’db_block_buffers SELECT value FROM V$PARAMETER WHERE name=’db_block_size

ber of Locks > 00000 or Num-f Locks < 0

Number of Locks ≤ 100,000,000 or Number of Locks ≥ 0

select count(1) from v$session where username IS NOT NULL AND lockwait IS NOT NULL

Available select(1) from dual

Status is 'ACTIVE' select database_status from v$instance

Oracle database server

Credentials needed: Oracle TNS, database DSN.

Pre-requirements: 32-bit Oracle ODBC Client, TNS value in tnsnames.ora, ODBC user with rights to read the

additional tables (CHAINED_ROWS, ALERT_LOG, dba_data_files, dba_free_space, all_tables), recommended soft

Controls performed:

Element type

Control name

Substate Description Metrics

Health Conditio

Critical health Warning health M

Global

Active con-nections

Ensures that the num-ber of User connec-tions of the Oracle database instance is within the correct limits

- Number of active ses-sions

Number of Sessions > 100,000,000 or Number of Sessions < 0

Number of Sessions > 100,000,000 or Number of Sessions < 0

Num> 10Num< 0

Buffer Cache hit ratio

Ensures that the buffer cache hit ratio of the Oracle database instance is within the correct limits

- Buffer Cache hit ratio

Buffer Cache Hit Ratio < 70 for more than 10 min

Buffer Cache Hit Ratio < 70

N/A

lock dead-locks

Ensures that the lock deadlocks rate of the Oracle database instance is within the correct limits

- Number of lock dead-locks

Number of Locks > 100,000,000 or Number of Locks < 0

Number of Locks > 100,000,000 or Number of Locks < 0

Num1000ber o

Instance availability

Ensures Oracle Instance is available

Not Available N/A N/A

Database status

Ensures that Oracle database status is active

Status not 'ACTIVE' N/A N/A

Appe

ndix A : Infra

structure Tem

plates

© 20

17 Ta

ngo/04

Com

puting G

roup P

age 46

Available select tablespace_name from dba_tablespaces where tablespace_name = ‘TableSpace-Name’

% Usage ≤ 90% select a.tablespace_name

TableSpace,a.TotalAsigned/1024/

1024 Assigned_MB, b.Free/1024/

1024 free_MB, (a.TotalAsigned -

b.Free)/1024/1024 Used_MB,

((a.TotalAsigned - b.Free) * 100)/

a.TotalAsigned Used_Percent from

(select tablespace_name,

sum(bytes) TotalAsigned from

dba_data_files group by

tablespace_name) a, (select

tablespace_name , sum(bytes)

Free, max(bytes) Mayor_blk from

dba_free_space group by

tablespace_name) b where

a.tablespace_name =

b.tablespace_name and

a.tablespace_name = 'TableSpace

Name'

Status = ‘VALID’ select status from all_tables where

table_name = ‘TableName’

ns


inor health Success

Tablespace

Tablespace availability

Ensures that Oracle tablespace status is available

Not Available N/A N/A

Tablespace occupation

Ensures that Oracle tablespace usage is within the correct limits

- Tablespace usage per-cent- Tablespace free space

% Usage > 95% % Usage > 90% N/A

TableTable status Ensures that Oracle

table status is validStatus not ‘VALID’ N/A N/A

Element type

Control name


Health Conditio

Critical health Warning health M

Appe

ndix A : Infra

structure Tem

plates

© 20

17 Ta

ngo/04

Com

puting G

roup P

age 47

te and pg_class, recommended software: pgAdmin.

ions



/A Users Connected ≤ 1000

SELECT numbackends as User-sConnected,xact_commit as Tx_Commit, xact_rollback as Tx_RolledBack, blks_read as Block-sRead,blks_hit as BlocksHit, con-flicts as Conflicts, CASE WHEN deadlocks_exists THEN dead-locks::text::BigInt ELSE '-1'::text::BigInt END AS Dead-LocksFROM pg_stat_databaseCROSS JOIN (SELECT EXISTS (SELECT 1 FROM pg_attribute WHERE attrelid = (SELECT oid FROM pg_class WHERE relname = 'pg_stat_database') AND att-name = 'deadlocks') AS deadlocks_exists) deadlocksWHERE datname = 'Database Name'

PostgreSQL

Credentials needed: Database DSN.

Pre-requirements: 32-bit PostgreSQL driver, ODBC User with rights to read the pg_stat_database table, pg_attribu

Controls performed:

Element type

Control name


Health Condit


Database

Active Con-nections

Ensures that the num-ber of User connec-tions is within the correct limits

- Number of active connec-tions

User Connections > 2000

User Connections > 1000

N

Appe

ndix A : Infra

structure Tem

plates

© 20

17 Ta

ngo/04

Com

puting G

roup P

age 48

/A Buffer Cache hit ratio ≥ 90


ock Deadlocks/ > 6

Number of Dead-locks ≤ 6


/A Available SELECT version()

ions



Database

Buffer Cache hit ratio

Ensures that the buf-fer cache hit ratio is within the correct lim-its

- Buffer cache hit ratio

Buffer Cache hit ratio < 85

Buffer Cache hit ratio < 90

N

Lock dead-locks

Ensures that the lock deadlocks rate is within the correct lim-its

- Number of Lock deadlocks

Lock Deadlocks/s > 10

Lock Deadlocks/s > 8 Ls

Database availability

Ensures that the data-base is available

Not Available N/A N

Element type

Control name


Health Condit


Appe

ndix A : Infra

structure Tem

plates

© 20

17 Ta

ngo/04

Com

puting G

roup P

age 49

A.3.3
MiddlewareA template is available for WebSphere MQ that gives you control over:
• channels and queues

• the Queue Manager

There are also templates for:

• JBoss Application Server

• Active MQ

• Microsoft Exchange

• Microsoft Terminal Server

Appe

ndix A : Infra

structure Tem

plates

© 20

17 Ta

ngo/04

Com

puting G

roup P

age 50

mended software: IBM MQ Explorer. SSL connections to IBM



N/A Connected

s is not N/A Channel Status is "RUNNING"

> 90 N/A Queue Depth ≤ 90

IBM WebSphere MQ

Credentials needed: WebSphere MQ

Pre-requirements: WebSphere MQ 32-bits Client (http://www-01.ibm.com/software/integration/wmq/clients/), recom

WebSphere MQ are supported. See Appendix E on page 83

Controls performed:



GlobalQueue Manager Availability

Ensures that the Queue man-ager is working properly

Not Connected N/A

ChannelChannel status Ensures that the MQ Channel

is working properlyChannel Status is "STOPPED"

Channel Statu"RUNNING"

QueueQueue depth Ensures that the MQ Queue

depth is working within the proper limits

- Queue Depth Queue Depth > 100 Queue Depth

http://www-01.ibm.com/software/integration/wmq/clients/

http://www-01.ibm.com/software/integration/wmq/clients/

Appe

ndix A : Infra

structure Tem

plates

© 20

17 Ta

ngo/04

Com

puting G

roup P

age 51



s > N/A Number of threads ≤ 800,000

ory N/A % Non heap memory used ≤ 80%

used N/A % Heap memory used ≤ 80%

% N/A CPU usage < 80%

JBoss Application Server

Credentials needed: JMX digital certificate

Pre-requirements: ThinkServer JMXServer WAS, ThinkServer JMXServer JSR, recommended software: jconsole

Controls performed:

Element type

Control name


He


Global

Number of Threads

Ensures that the number of threads is within the correct limits

- Number of threads

Number of threads > 1,000,000

Number of thread800,000

Non Heap Memory Usage

Ensures that the non heap memory usage is within the correct limits

- Non heap mem-ory usage

% Non heap memory used > 90%

% Non heap memused > 80%

Heap Mem-ory Usage

Ensures that the heap memory usage is within the correct limits

- Heap memory usage

% Heap memory used > 90%

% Heap memory> 80%

CPU Usage Monitor

Ensures that CPU usage is within the correct limits

CPU usage ≥ 80% during more than 10 min

CPU usage ≥ 80

Appe

ndix A : Infra

structure Tem

plates

© 20

17 Ta

ngo/04

Com

puting G

roup P

age 52



N/A Available

N/A Available

10 Queue size > 5 Queue size ≤ 5

ory usage N/A Queue memory usage ≤ 95%

nsumers Number of consum-ers > 5

Number of consum-ers ≤ 5

N/A Available

10 Topic size > 5 Topic size ≤ 5

y usage > N/A Topic memory usage ≤ 95%

nsumers Number of consum-ers > 5

Number of consum-ers ≤ 5

Active MQ

Credentials needed: Authenticated user/password

Pre-requirements: Jolokia bridge setup in ActiveMQ (by default since version 5.9.1)

Controls performed:



GlobalBroker status Ensures that the Queue

Manager is working prop-erly

Not Available N/A

Queue

Queue availability Ensures that the Queue is available

Not Available N/A

Queue size Ensures that the Queue size is within the correct limits

- Queue Depth Queue size > 15 Queue size >

Queue memory usage Ensures that the Queue memory usage is within the correct limits

- Queue Memory usage percent

Queue memory usage > 95% during more than 10 min

Queue mem> 95%

Queue consumer count

Ensures that the Queue consumer count is within the correct limits

- Queue Con-sumer count

Number of consum-ers > 15

Number of co> 10

Topic

Topic availability Ensures that the Topic is available

Not Available N/A

Topic Queue size Ensures that the Topic size is within the correct limits

- Topic Queue Depth

Topic size > 15 Topic size >

Topic memory usage Ensures that the Topic memory usage is within the correct limits

- Topic Memory usage percent

Topic memory usage > 95% during more than 10 min

Topic memor95%

Topic consumer count Ensures that the Topic consumer count is within the correct limits

- Topic Con-sumer count

Number of consum-ers > 15

Number of co> 10

Appe

ndix A : Infra

structure Tem

plates

© 20

17 Ta

ngo/04

Com

puting G

roup P

age 53

l) protocol to communicate. A service must be installed on the

nted


Informationarning health Minor health Success

N/A OK

N/A OK

N/A OK

sageCountin-ue > 20

MessageCountin-Queue ≤ 20

N/A OK

N/A RequiredSer-vicesRunning = True

Microsoft Exchange

Credentials needed: Windows

Pre-requirements: When connecting to a remote Windows host the Agent uses the RPC (Remote Procedure Cal

remote computer through SMB (Server Message Block), and you must:

• provide an administrator account in order to automatically install this service,

• enable administrative share on the remote host, because access to the remote service manager has to be gra

Controls performed:


Critical health W

Global

IMAP Connectivity

This test executes the Test-ImapConnec-tivity cmdlet to verify that the IMAP4 ser-vice is running as expected.

- IMAP Test Latency

Not OK N/A

POP Connectivity

This test executes the Test-PopConnectiv-ity cmdlet to verify that the POP service is running as expected.

- POP Test Latency

Not OK N/A

SMTP Connectivity

Control that executes if the SMTP service is working properly.

Not OK N/A

Mail Queues Ensures that no messages are being queued in any Mail Queue

- Total mes-sages in all queues

MessageCountin-Queue > 30

MesQue

Mailflow The mailflow test executes the Test-Mail-flow cmdlet to diagnose whether mail can be successfully sent from and delivered to the system mailbox on a Mailbox server

Not OK N/A

Services Required

The Test-ServiceHealth cmdlet used by this control is used to test whether all the Microsoft Windows services that Exchange requires on a server have started. The Test-ServiceHealth cmdlet returns an error for any service required by a configured role when the service is set to start automatically and isn't cur-rently running.

RequiredServices-Running = False

N/A

Appe

ndix A : Infra

structure Tem

plates

© 20

17 Ta

ngo/04

Com

puting G

roup P

age 54

N/A (MountAtStartup = True and Mounted = False)

N/A OK


Informationarning health Minor health Success

Exchange Mailbox

Database

Mailbox Data-base

Ensures that a Mailbox database that should be mounted at startup is Mounted

- Size- Available Space

(MountAtStartup = True and Mounted = False)

N/A

MAPI Connec-tivity

This control uses the Test-MapiConnectiv-ity cmdlet to verify server functionality by logging on to the mailbox

Not OK N/A


Critical health W

Appe

ndix A : Infra

structure Tem

plates

© 20

17 Ta

ngo/04

Com

puting G

roup P

age 55

SessionManager_TerminalServices


Informationning health Minor health Success

ssions > 100) lSessions < 0

N/A 0 ≤ TotalSessions ≤ 100

essions > 100) veSessions < 0

N/A 0 ≤ ActiveSessions ≤ 100

tive Sessions > N/A % Inactive Sessions ≤ 90

Microsoft Terminal Services

Credentials needed: Windows

Pre-requirements: Permissions to execute the following WMI query: select * from Win32_PerfRawData_Local

Controls performed:


Critical health War

Global

Total number of sessions

Controls that the total num-ber of sessions is within the correct limits

- Total Number of Ses-sions

TotalSessions > 100) or (TotalSessions < 0

TotalSeor (Tota

Number of Active Sessions

Controls that the number of active sessions is within the correct limits

- Number Active Ses-sions

ActiveSessions > 100) or (ActiveSessions < 0

ActiveSor (Acti

Percentage of Inactive Ses-sions

Controls that the % of inac-tive sessions is within the correct limits

- Number Inactive Sessions- Percentage of Inac-tive Sessions

% Inactive Sessions > 90

% Inac80

Appe

ndix A : Infra

structure Tem

plates

© 20

17 Ta

ngo/04

Com

puting G

roup P

age 56

A.3.4
Web ServerYou can apply a Web Server template to your Web server in order to create controls for:
• availability

• response times

Applying a template to a Web server is easy and the controls are immediate. You can apply it to:

• IIS Web Servers

• Apache Web Servers

• JBoss Web Servers

• IBM Http Servers

Appe

ndix A : Infra

structure Tem

plates

© 20

17 Ta

ngo/04

Com

puting G

roup P

age 57

ta_W3SVC_WebService.

WMI installed)


Informationalth Minor health Success

N/A ResponseCode < 400

> 10 s ResponseTime > 5 s ResponseTime ≤ 5 s

ectionberOf-)

(NumberOfConnec-tions > 300) or (Num-berOfConnections < 0)

(NumberOfConnections > 0) and (NumberOfCon-nections <300)

IIS Web Server

Credentials needed: Windows, Authenticated user/password

Pre-requirements: WMI access service (port 135), WMI user with permission to query the class: Win32_PerfRawDa

Recommended software: WBEMTest.exe (automatically included with every computer that has

Controls performed:


Critical health Warning he

Web site

Web site Avail-ability

Ensures that the Web site is up & running

ResponseCode ≥ 400 N/A

Web site Response Time

Ensures that the Web site response time is within the correct limits

- Website Response Time

Response time > 15 s ResponseTime

Global

Users con-nected

Ensures that the number of users connected to IIS is within the current limits

Number of users connected

(NumberOfConnec-tions >500) or (Num-berOfConnections <0)

(Number0fConns >400) or (NumConnections < 0

Appe

ndix A : Infra

structure Tem

plates

© 20

17 Ta

ngo/04

Com

puting G

roup P

age 58




10 s ResponseTime > 5 s ResponseTime ≤ 5 s

Apache Web Server


Pre-requirements: none

Controls performed:


H


Web site







Response time > 15 s ResponseTime >

Appe

ndix A : Infra

structure Tem

plates

© 20

17 Ta

ngo/04

Com

puting G

roup P

age 59




10 s ResponseTime > 5 s ResponseTime ≤ 5 s

JBoss Web Server



Controls performed:


H


Web site






Response time > 15 s ResponseTime >

Appe

ndix A : Infra

structure Tem

plates

© 20

17 Ta

ngo/04

Com

puting G

roup P

age 60


Informationalth Minor health Success

N/A Response Code < 400

> 10 s ResponseTime > 5 s ResponseTime ≤ 5 s

IBM Http Server



Controls performed:


Critical health Warning he

Web site



Response Code ≥ 400

N/A




Response time > 15 s ResponseTime


A.3.5 Virtualization ServerYou can apply a template to your VMware vCenter server in order to control:

• network usage

• host memory

• host disk

• host CPU

• storage


Appe

ndix A : Infra

structure Tem

plates

© 20

17 Ta

ngo/04

Com

puting G

roup P

age 62

ening on port 8080 so access from the ThinkServer host to the



768 Network usage > 49152 bps

Network usage ≤ 16384 bps

% Memory usage > 75% Memory usage ≤ 75%

Memory usage % > 75% Memory usage % ≤ 75%

Disk usage > 32768 bytes

Disk usage ≤ 32768 bytes

N/A Latency = 0

CPU usage > 75% CPU usage ≤ 75%

5% Datastore usage > 80% Datastore usage ≤ 80%

VMware vCenter

Credentials needed: Telnet or SSH (Public Key) or SSH (User/Password)

Pre-requirements: User with system.view permissions in the virtual environment, by default the Web service is list

IP and port being used by the Web service is needed, recommended software: vSphere Client.

Controls performed:


He


Host

Host Network monitor

Ensures that the net-work interface usage is within the correct limits

- Network Usage (abso-lute)

Network usage > 49152 bps

Network usage > 32bps

Host Memory monitor

Ensures that the host memory is within the correct limits

- Memory usage percent

Memory usage > 85% Memory usage > 80

Host Swap Memory Monitor

Ensures that the host swap memory is within the correct limits

Memory usage % > 85% Memory usage % >80%

Host Disk monitor

Ensures that the host disk I/O rate is within the correct limits

- Disk Usage (aggregated disk I/O rate)

Disk usage > 131072 bytes

Disk usage > 65536bytes

Host Disk Latency

Ensures that the host disk Latency is within the correct limits

Latency > 0 N/A

Host CPU monitor

Ensures that the host CPU usage is within the correct limits

- CPU Usage percent

CPU usage > 85% CPU usage > 80%

DatastoreStorage monitor

Ensures that the datastore usage is within the correct limits

- Datastore usage percent

Datastore usage > 90% Datastore usage > 8

Appendix B : Configurable Controls

Appendix BAppendix B: Configurable Controls

Many of the controls you can have over standalone applications are configurable. The following table

lists the controls that can be configured for any generic standalone application.


Appe

ndix B : C

onfigurab

le Con

trols

© 20

17 Ta

ngo/04

Com

puting G

roup P

age 64

Health Conditions

Release Version

Additional Information Warning

healthMinor health

Success

al N/A N/A Result ==True

1.1

-

oldt > t-

old

(Result < MinResult-Warn-ingThreshold) or (Result > MaxResult-Warn-ingThreshold)

(Result < MinResult-MinorThreshold) or (Result > MaxRe-sultMi-norThreshold)

(Result >= MinResult-MinorThreshold) and (Result <= MaxRe-sultMi-norThreshold)

1.1

-

-pC

sh-

Response-Time > Generic-Databas-eResponseTime_WarningThreshold

Response-Time <= Generic-Databas-eResponseTime_WarningThreshold

1.2 SP1

N/A N/A Expected

Result found

1.2

N/A N/A Expected

Result found

1.2

Control name Substate DescriptionConfigur-able Parameters

Credentials needed

Pre-requirements ExampleCriticalhealth

Generic Data-base Query (Availability Check)

Checks if queries can be per-formed

Query Database DSN

ODBC user with permis-sions to execute the query

Select * from TABLE WHERE Name=’Test’

Result==Fse

Generic Data-base Query (Performance Metric)

Checks the numerical result retrieved by a query and compares it against some thresholds

Query Database DSN


Select NumItera-tions from TABLE WHERE Opera-tion=’Locks’

(Result < MinResultCriti-calThresh) or (ResulMaxResulCriti-calThresh)

Generic Data-base Query (Response Time Check)

Checks if a query can be per-formed with a correct response time.

Query Database DSN


Select NumItera-tions from TABLE WHERE Operation=’ Locks’

ResponseTime > GenericDatabaseResonseTime_riticalThreold

Web Service Availability (no WSDL)

Checks if a Web ser-vice is avail-able

SOAP Enve-lope,SOAP Action, WebService URL, Regex to validate the expected result

none Access to the Web Service Expected Result notfound

Web Service Availability (WSDL)

Checks if a Web ser-vice is avail-able

SOAP Envelope or WS call parameters list,SOAP Method, WebService URL, Web Ser-vice WSDL path, Regex to validate the expected result

Authenti-cated user/password (optional)

Access to the Web service Expected Result notfound

Appe

ndix B : C

onfigurab

le Con

trols

© 20

17 Ta

ngo/04

Com

puting G

roup P

age 65

N/A N/A no Line 1.1

-

oldt > t-

old




1.1

Health Conditions

Release Version


healthMinor health

Success

Generic Log Reader (Errors in the last X min Check)

Searches for an error with a pattern inside a text file. If any line is found in the last X minutes, a critical mes-sage is sent. In any other case, suc-cess.

FolderPath, LogErrorPat-tern (regular expression), LogName, Min-utes

Windows: Windows userLinux/Unix: Telnet or SSH (public key) or SSH (user/pass-word)

Windows: When connect-ing to a remote Windows host (a file server, domain controller, workstation, etc.), File System ThinAgents use the SMB (Server Message Block) protocol to communi-cate with the host. In this case there are two options: Share the remote folder as a network resource, and then connect to it with a granted user; Use an administrator account and connect directly to the remote folder without the need to manually share the resource (the server must have administrative share enabled).Linux: access to SSH port (22 by default)

check for: “.*error.*” lines

Line

Generic Log Reader (Per-formance Met-ric)

Checks a number in a line match-ing a pattern

FolderPath, LogNumericRe-sultPattern (reg-ular expression), LogName



check for: “.*Number of files: (\d+) .*”



Credentials needed


Appe

ndix B : C

onfigurab

le Con

trols

© 20

17 Ta

ngo/04

Com

puting G

roup P

age 66

(ExitCode <> 0) and (not Com-mandOut-put)

ExitCode <> 0

True 1.1

N/A N/A String found in result

1.1

Health Conditions

Release Version


healthMinor health

Success

Generic Cus-tom Com-mand (Execution Check)

Checks if a command can be remotely executed

Command to execute



netstat -ano | findstr /r ".*0.0.0.0:80[^0-9].*" | findstr LIS-TENING

(ExitCode<> 0) and (not Com-mandOut-put)

Generic Cus-tom Com-mand (Boolean Result Check)

Checks if a string is present in the com-mand output

Command to execute, String to find in result



netstat -ano | findstr /r ".*0.0.0.0:80[^0-9].*" | findstr LIS-TENING

String not found in result


Credentials needed


Appe

ndix B : C

onfigurab

le Con

trols

© 20

17 Ta

ngo/04

Com

puting G

roup P

age 67

-

oldt > t-

old

(Result < MinResult-Warn-ingThreshold) or (Result > MaxRexult-Warn-ingThreshold)



1.1

-

oldt > t-

old

(Result < MinResult-Warn-ingThreshold) or (Result > MaxRexult-Warn-ingThreshold)


(Result ≥ MinResult-MinorThreshold) and (Result ≤ MaxRe-sultMi-norThreshold)

1.2 SP1

Health Conditions

Release Version


healthMinor health

Success

Generic Cus-tom Com-mand (Performance Metric)

Checks a number in a command output matching a pattern

Command to execute, Numeric result pattern (regex matching the result)



"Command: netstat -sp tcpPattern: .*Active Opens\s+\=\s+(\d+).*"


Generic iSeries Cus-tom Com-mand (Performance Metric)

Checks a number in a command output result

TableCreation-Commands, RetrievalState-ment, PostRe-trievalCommands

iSeries: iSeries ODBC

iSeries, Permissions to exe-cuted the desired command

TableCre-ationCom-mands: DSPOBJD OBJ(QGPL/*ALL) OBJ-TYPE(*ALL) OUT-PUT(*OUT-FILE) OUT-FILE(QTEMP/GRESULT)

Retrieval-Statement: SELECT * from QTEMP.GRESULT

PostRetriev-alCom-mands:



Credentials needed


Appe

ndix B : C

onfigurab

le Con

trols

© 20

17 Ta

ngo/04

Com

puting G

roup P

age 68

-

oldt > t-

old




1.1

N/A N/A String found in result

1.4.0.30000

-

oldt > t-

old




1.1

Health Conditions

Release Version


healthMinor health

Success

Generic SNMP Check (Performance Metric)

Compares the retrieved result with some thresholds

OID SNMP v1/v2, SNMP v3

Read-only community strings, Recommended soft-ware: MIBBrowser (http://ireasoning.com/mib-browser.shtml) or getif

10.1024.01.2.3025: 451


Generic SNMP Check (Boolean)

Checks if a string is present in the com-mand out-put.

OID,String to find in result

SNMP v1/v2, SNMP v3

Read-only community strings, Recommended Software: MIBBrowser (http://ireasoning.com/mib-browser.shtml) or getif

10.1024.01.2.3025: 'Ok'


Generic Folder Check (Number of Files in Folder)

Checks if the number of files in a folder is cor-rect

Folder path, Excluded files



C:\Sys-tem\path



Credentials needed



Appe

ndix B : C

onfigurab

le Con

trols

© 20

17 Ta

ngo/04

Com

puting G

roup P

age 69

ble N/A N/A Available 1.1

>

old

AgeOfFile > Max-Warn-ingThreshold

AgeOfFile > MaxMi-norThresh-old

AgeOfFile <= MaxMi-norThresh-old

1.1

Health Conditions

Release Version


healthMinor health

Success

Generic Folder Check (Availability)

Checks if a folder is available

Folder path Windows: Windows userLinux/Unix: Telnet or SSH (public key) or SSH (user/pass-word)


Not availa

Generic Folder Check (Old Files in Folder)

Checks if there are any files older than the thresh-old in the selected folder

Folder path, Excluded files, Included Files



C:\Sys-tem\path

AgeOfFileMaxCriti-calThresh


Credentials needed


Appe

ndix B : C

onfigurab

le Con

trols

© 20

17 Ta

ngo/04

Com

puting G

roup P

age 70

>

old

<

old

SizeOfFile > Max-Warn-ingThresholdor SizeOfFile < Min-Warn-ingThreshold

SizeOfFile > MaxMi-norThresh-oldor SizeOfFile < MinMi-norThresh-old

SizeOfFile ≤ MaxMi-norThresh-oldand SizeOfFile ≥ MinCriti-calThresh-old

1.3

ble N/A N/A Available 1.1

N/A N/A No Trap 1.2 SP1

Health Conditions

Release Version


healthMinor health

Success

Generic Folder Check (Size of Files in Folder)

Checks if there are any files with an incorrect size in the selected folder.

Folder path, Excluded files, Included Files



C:\Sys-tem\path

SizeOfFileMaxCriti-calThreshor SizeOfFileMinCriti-calThresh

Web Availabil-ity

Checks if a Web site is available

Web site URL Authenti-cated user/password (optional)

Access to the Web site http://www.tango04.com

Not availa

Generic SNMP Trap (Errors Collec-tor)

Searches for an error with a pattern inside an SNMP Trap. If any trap is received in the last X minutes, a critical mes-sage is sent. In any other case, suc-cess.

Enterprise-SpecificOID, MinutesWithou-tError, TrapEr-rorPattern

check for: “.*error.*” traps

Trap


Credentials needed


Appe

ndix B : C

onfigurab

le Con

trols

© 20

17 Ta

ngo/04

Com

puting G

roup P

age 71

Health Conditions

Release Version


healthMinor health

Success

-

oldt > t-

old

Result < MinResult-Criti-calThreshold) or (Result > MaxResult-Criti-calThreshold)

Result < MinResult-MinorThreshold) or (Result > MaxRe-sultMi-norThreshold)

Result ≥ MinResult-MinorThreshold) or (Result ≤ MaxRe-sultMi-norThreshold)

4

N/A N/A String not found in result

4

-

oldt > t-

old

Result < MinResult-Criti-calThreshold) or (Result > MaxResult-Criti-calThreshold)

Result < MinResult-MinorThreshold) or (Result > MaxRe-sultMi-norThreshold)

Result ≥ MinResult-MinorThreshold) or (Result ≤ MaxRe-sultMi-norThreshold)

4.0.2

N/A N/A String not found in result

4.0.2


Credentials needed


Generic JMX Request (Numeric Check)


- Object Name- Attribute Name


Object Name: jboss.ws:ser-vice=Server-ConfigAttribute Name: Web-ServicePort

Result: 8080

(Result < MinResultWarn-ingThresh) or (ResulMaxResulWarn-ingThresh)

Generic JMX Request (Boolean Check)


-Object Name-Attribute Name-String to find in result


Object Name: java.lang:type=RuntimeAttribute Name: VMName

Result: Java Hot-Spot(TM) 64-Bit Server VM


Generic Web Adapter (Numeric Check)


-Website URL-Website Adapter Result Pattern

-Authenti-cated user/password (optional)

(Result < MinResultWarn-ingThresh) or (ResulMaxResulWarn-ingThresh)

Generic Web Adapter (Boolean Check)


-Website URL-String to find in result

-Authenti-cated user/password (optional)


Appendix C : Configuring an SSL Connection for IBM i

Appendix CAppendix C: Configuring an SSL Connection for IBM i

The latest version of Alignia Monitoring nodes for iSeries collectors are compatible with SSL

connections. By default, newer connections are connected through SSL> However, before we can

create secure connections, we must create a pair of certificates between systems.

C.1 Creating the Server Certificate on iSeriesTo create certificates on iSeries Systems you must run Digital Certificate Manager (DCM). You can

access DCM on the following url: http://[SYSTEMS_NAME]:2001/QIBM/ICSS/Cert/Admin/

qycucm1.ndm/main0. Once logged in, this page is visible:

Here, you Select a Certificate Store that you want to work on. For more information on creating a

Certificate Store, please follow this link:

http://www-01.ibm.com/support/docview.wss?uid=nas8N1010311.

Next, you have to create a new certificate if one does not already exist. Click on Create Certificate,

select Server or client certificate and then Local Certificate Authority (CA).


http://www-01.ibm.com/support/docview.wss?uid=nas8N1010311


This form must be completed in order to create a certificate. There are some restrictions:

• Certificate label: This can be whatever you want, but it must be unique and different to any

other certificate.

• State or province: A 3 or more characters abbreviation for the state/province name.

• Country or region: A 2 characters abbreviation for the country/region.

You can ignore the Subject Alternative Name as it is not needed for SSL.

You should receive a confirmation message saying Your certificate was created and placed in the

certificate store listed below.

You now have to select which applications will use this certificate. For the monitors, you must select

Remote Command Server and Signon Server.

The certificate has now been created. You must now export the certificate.

C.2 Exporting the Server Certificate from iSeriesOn the left menu, select Manage Certificates > Export certificate. Then select Server or client.

Select the certificate that was just created and then select File, as it needs to be imported onto the other

system.

Enter the path to which the certificate should be exported. It is important to name the file with .pfx as the

extension. The password can be whatever you like.

Export the file using IBM Navigator or any FTP program.using binary mode. For more information on

how to export certificates, please follow this link:





C.3 Importing the Server Certificate and exporting the Client Certificate You can install the Server certificate on the Windows system by directly importing it. However, some

systems may need additional steps in order to connect properly.

Use the Java keytool in the same directory in which Java is running. You need to create a keystore by

running the following command:

keytool -genkey -alias alias -keylag RSA -keypass pass -storepass pass -keystore keystore.jks

Change the red parameters with the ones you require. You must now complete the options. For first and

last name parameters, you must enter the server name, not your own name. It must be the same

system on which Java System i Server is running.

Now, to export the client certificate, run this command:

keytool -export -alias alias -storepass pass -file certificate.cer -keystore keystore.jks

For more information regarding this tool, please follow this link:

http://docs.oracle.com/javase/6/docs/technotes/tools/solaris/keytool.htm

You now have a .cer file that must be imported on the iSeries. This can be done with IBM Navigator or

any FTP program.

C.4 Importing the Client Certificate to iSeriesOn the Digital Certificate Manager, click on Manage Certificates > Import certificate.

Select Certificate Authority (CA) and enter the path and filename of the certificate file. Now specify a

label for the certificate, remembering that it must be unique. You should receive the message ‘The

certificate has been imported.’

Verify that the certificate is imported correctly by going to Manage Certificates > View Certificate >

Certificate Authority (CA).


http://docs.oracle.com/javase/6/docs/technotes/tools/solaris/keytool.html

Appendix D : IBM WebSphere Application Server

Appendix DAppendix D: IBM WebSphere Application Server

D.1 Requirements In order for WebSphere Application Server Operations Alignia Collectors to retrieve data, WebSphere

Application Server must be configured to generate the necessary information:

• The Performance Monitoring Infrastructure (PMI) must be activated on WebSphere

• The appropriate service must be active.

These requirements are discussed in the sections below.

D.1.1 Activating PMI

To activate PMI complete the following steps:

Step 1. Start the WebSphere server to configure.

Step 2. Access the administration console with the administrator User ID and Password:

http://my _webSphere_host:my_port/ibm/console

By default the Administrative Console port is 9060.



Figure 7 – Profile Management Tool

Step 3. Activate PMI (the example used here is for WebSphere 6.0.2. The access route may

vary for other versions)

In the menu bar on the left, click Servers (1) and then select Application Servers (2)

Figure 8 – Selecting Application Servers

Click the server on which to configure PMI data collection (3)

Scroll to the Performance section.

Select Performance Management Infrastructure (PMI) (4)



Figure 9 – Performance Management Infrastructure

Open the Configuration tab. Select Enable Performance Monitoring Infrastructure

(PMI). In the section Currently monitored statistic set select the option All (5).

Figure 10 – Server Configuration



Using Garbage Collector

Garbage Collector uses a different method to activate JMX

To enable Garbage Collector:

Step 1. In the menu bar on the left, click Servers (1) and then select Application Servers (2)

Click the server on which to configure PMI data collection (3)

Figure 11 – Select Application Server

Step 2. Scroll to the Server Infrastructure section.

Select Process Definition (4)

Figure 12 – Java and Process Management: Process Definition

Step 3. In the Additional Properties section select Java Virtual Machine (5).

Note In order to keep performance up, Garbage Collector is disabled by default. Activating

Garbage Collector will downgrade performance because extra parameters are added to JVM

startup.



Figure 13 – Process Defintion Properties

Step 4. Use the Generic JVM arguments field to enable garbage collector. The value you must

enter depends on the WebSphere version and platform.

For example, for version 6.1 and distributed platforms (Windows, Linux) enter: -agentlib:pmiJvmtiProfiler

For version 6.1 and platform i5/OS enter: -agentlib:QWASJVMTI

For other versions and platforms search for "Enabling the Java virtual machine profiler

data" in the official documentation. Always make sure this value is entered in the

Executable arguments field before any previously included data, ensuring you do not

overwrite the existing data.

Important It is possible to encounter an error when saving, which requires the Initial Heap Size and

Maximum Heap Size to have valid values; therefore these fields can not be empty.

If this occurs then enter an Initial Heap Size (7) of 50 MB and a Maximum Heap Size (8) of

256 MB. These are the default values for a WebSphere 6.1 installation.



Figure 14 – General Properties

D.1.2 Configuring security

Securing the system

To secure the system:

Step 1. Enable security

Click Security and select Secure administration, applications, and infrastructure

(1).

Select the Enable administrative security check box (2).



Figure 15 – Secure administration, applications and infrastructure

Step 2. Create a new user with the necessary permissions to configure the system to ensure it

is correctly secured.

Click Users and Groups and then select Manage Users and click the Create… button.

Figure 16 – Manage Users

Step 3. Complete the fields with the required information.

Figure 17 – Create User



Step 4. Click Users and Groups and select Administrative User Role (5) and click the Add

button (6).

Figure 18 – Administrative User Roles: Add role

Step 5. Enter the new user in the User field.

Select Monitor from the Roles list box (7) and click Apply (8) and then save the

changes.

Figure 19 – Administrative User Roles: General Properties

Note Any changes made will take effect after restarting the server.

This product will match one WebSphere Node with one user and password, so when a

connection is cached, it is fixing a user to monitor. Once cached, it is not possible to change

to another valid user. you will be required to stop the service, monitors, and delete the cache

file if you wish to change to another user.


Appendix E : Configuring IBM WebSphere MQ SSL Connections

Appendix EAppendix E: Configuring IBM WebSphere MQ SSL Connections

E.1 Initial stepsIBM WebSphere MQ Clients (latest supported/tested version is V7.5) must be installed in the Windows

server where Alignia monitoring node (ThinkServer) is running.

E.2 IBM i ConfigurationGo to the IBMi and find a Queue Manager to use for connections. Run command WRKMQM on IBMi to

return the following:

From this point onwards we will use MANAGER1.CONSOLE as Queue Manager

Return to WRKMQM and use option 27=Work with Listeners for MANAGER1.CONSOLE. There you

can find or create a Listener. The Listener must be active in a specific port. You should see a sreen

similar to:



From this point onwards we will use LISTENERTCP as Listener.

E.2.1 AuthorizationsAs Alignia monitoring node (ThinkServer) runs as a Windows Service, IBMi receives as user SYSTEM

for connections. So first of all you must create a IBM *USRPRF named SYSTEM on the IBMi.

Then you must give the following authorizations:

MANAGER1.CONSOLE Queue Manager, *ALL access to user SYSTEM. To return to WRKMQM, use

option 24=Work with Authorities for MANAGER1.CONSOLE.

Find MANAGER1.CONSOLE *MQM, and use option 12=Work with profile.



From here, use function F6=Create to set the authorizations.

E.3 Connecting without SSLFrom WRKQMQ use option 20=Work with Channels and find or create a Channel of type *SVRCN

without SSL enabled by setting the following parameters values:

From this point on we will use NOSSLCHANNEL as Channel.

E.3.1 AuthorizationsIf you do not create any MQ Channel or MQ Queue elements for the WebSphere MQ application to

monitor them specifically is not necessary to give more authorizations.

Even for the Channel NOSSLCHANNEL Channel, which we will use later in the credentials, it is not

necessary to give more authorizations.



If you need to monitor any MQ Channel or MQ Queue, you need some specific authorizations.

To monitor a channel

From this point onwards we will use MONITOREDCHANNEL as the Channel we want to monitor

To ALL Channels, not only to the ones you are going to monitor, you need *ADMDSP and *ADMCRT

access to user SYSTEM. Run command:

GRTMQMAUT OBJ(*ALL) OBJTYPE(*CHL) USER(SYSTEM) AUT(*ADMDSP *ADMCRT)

If you only want to give access to the Channel you are going to monitor, follow these steps:

To MONITOREDCHANNEL Channel, *ADMDSP and *ADMCRT access to user SYSTEM. Return to

WRKMQM and use option 24=Work with Authorities for MANAGER1.CONSOLE

Find MONITOREDCHANNEL *CHL, and use option 12=Work with profile

Note This last step may not be necessary in all WebSphere MQ versions. It may appear to be an

error, because when monitoring Queues, you do not need this special step.



At this point, you have to use function F6=Create to set the authorizations.

To monitor a queue

From this point onwards we will use MONITOREDQUEUE as the Queue we want to monitor

To grant MONITOREDQUEUE Queue, *ADMDSP and *ADMCRT access for user SYSTEM. Return to

WRKMQM and use option 24=Work with Authorities for MANAGER1.CONSOLE.

Find MONITOREDQUEUE *Q, and use option 12=Work with profile.

At this point you have to use function F6=Create to set the authorizations.



E.3.2 Credentials in OrchestratorFinally, you have to create the following credential in Orchestrator to make the monitors work:

Create a WebSphere MQ type credential with parameters:

• Port: The port of the previously configured LISTENERTCP Listener

• Queue manager name: MANAGER1.CONSOLE

• SRVCONN name: NOSSLCHANNEL

The rest of parameters must be left empty:



E.4 Connecting with SSLFrom WRKQMQ use option 20=Work with Channels and find/create a Channel of type *SVRCN

without SSL enabled by setting the following parameter values:

From this point onwards we will use SSLCHANNEL as Channel.

E.4.1 Configuring SSL Certificates Create IBMi Certificate

From this point onwards we will use IBMi as the IBM name/ip address,

Start DCM (Digitial Certificate Manager). Open http://IBMi:2001, and go to Digital Certificate Manager

At DCM you have to select/create a Certificate Store. Follow these example with a newly created

Certificate Store. More information about Stores creation can be found at: http://www-01.ibm.com/

support/docview.wss?uid=nas8N1010311.

Select option Create New Certificate Store in the left menu and select option Other System

Certificate Store.





In the next screen select the option to Create a certificate in the certificate store.

On the next screen you should see that Certificate type is “Server or Client” and you should also be

able to select the Certificate Authority. Use Local Certificate Authority (CA), as you are using a self-

signed certificate. More information on certificate creation can be found at: http://www-01.ibm.com/

support/docview.wss?uid=nas8N1010321.

A form will be displayed to create a new Certificate Store with a Certificate.





Complete the following fields:

• Certificate Label: You can complete this with any name, as long as it is unique in the entire

IBMi. We will use IBMiCertificate1 in this example.

• Certificate store path and filename: You should select a valid ifs path and any name not

previously used. We will use /QIBM/USERDATA/MQM/qmgrs/MANAGER1.CONSOLE/ssl/

IBMiCertificate1.kdb in this example

• Certificate store password

• Confirm password

• Common name: We will use IBMi.manager1.console (from our IBMi name and Queue

manager name)

• Organization name

• State or Province

• Country or Region.



If everything completes successfully you should receive a message like this:

Export IBMi Certificate and add it to system where Alignia Monitoring node is installed

In the DCM left menu, select option Select a Certificate Store and Other System Certificate Store to

go to the Store that has just been created.

On next screen, select the Certificate Store path, file name and password



Now go to Manage Certificates > Export certificate. Select Server or client.

On the next screen, select the certificate to export (IBMiCertificate1 in our example).

We will now export it to a file, which we will move to the Windows system where Alignia monitoring node

is installed.



As the “Export to File name” use the same name as the certificate store (*.kdb) but with extension pfx.

In our example we select:

/QIBM/USERDATA/MQM/qmgrs/MANAGER1.CONSOLE/ssl/IBMiCertificate1.pfx

Finally, set authorizations to these files from use IBM Navigator for i:



Here, the certificate store file (IBMiCertificate1.kdb) must have read and execution permissions for

QMQMADM user. Add them by using right-click > Permissions.

Note that the new kdb file generated (in this case iSeries2.kdb) must have read and execute

permissions for the Qmqmadm group. This is granted from IBM Navigator for i. Right-click on the file

and click Permissions. In the new window click on the corresponding boxes.



Go to Windows System where Alignia monitoring node is installed.

Copy file IBMiCertificate1.pfx to the Windows system. This can be done from Windows Explorer and

also from FTP (if you use FTP, select BIN mode).

Open IBM WebSphere MQ > IBM Key Management on the Alignia Windows system.

Create a new key Database file to import the Certificate from IBMi (IBMiCertificate1.pfx). In this

example we will call it IBMiCertificateAlignia.kdb.

Click OK. You need to insert a password for the Key Database File and check option to Stash

password to a file.



For the Key Database File created, select from the drop-down menu Personal Certificates option and

use the Import button to open the (IBMiCertificate1.pfx) file. On the Import dialog, set Key file type:

PKCS12 and use Browse to select IBMiCertificate1.pfx file.

Upon clicking OK you are prompted for the password selected when creating the Certificate on the DCM

for the IBMi.

A new screen with all the certificates contained in the .pfx file is displayed. Select the personal certificate

(it will have the label you selected when created it on the IBMi DCM ibmicertificate1), not the Certificate

Authority:



The IBMi server certificate iis now contained in an IBMiCertificateAlignia.kdb file. Extract this

certificate to add it to the Certificate Store of the client (by client we refer to Alignia monitoring node. We

have not selected this store yet, but we will do it later).

Use Extract Certificate, from the just imported Personal Certificate ibmicertificate1.

Note When prompted, do not change the label.



Create the client Certificate Store. We will call it AligniaMonitoringNodeCertificate1.kdb .

After clicking OK, specify a password and select option Stash password to a file.



Select Signer Certificates, click Add to import ibmicertificate1.arm file extracted previously.

When requested for a label for the certificate use ibmicertificate1.

The import of IBMi certificate in the Alignia Windows system is now complete.

Export Alignia Monitoring node Certificate and add it to IBMi system

From IBM Key Management on Alignia windows system, open

AligniaMonitoringNodeCertificate1.kdb key database file.

Select Personal Certificates and click on New Self-Signed.



It is mandatory to use label for the certificate ibmwebspheremqsystem. We must use always

ibmwebspheremq + [name of the user we will use for the connection, in other words “system”] all

lowercase.

ibmwebspheremqsystem is the client certificate to be sent to the IBMi. Select it and click on Export/

Import.

Select PKCS12 as Key File Type and AligniaMonitoringNodeCertificate1.p12.

Important Leave the "Common Name" attribute set at its default value, except if you are running IBM

Key Management in a different system from Alignia Monitoring Node. In this case you should

change Common Name to the system where Alignia Monitoring Node is.



After clicking OK, specify a password and check option to Stash password to a file.

Now copy this file to an ifs folder. Use the same folder in which you created all the other certificates for

the iSeries. You can do it from Windows Explorer and also from FTP (if you use FTP, select BIN mode)

Return to DCM (Digital Certificate Manager) on http://IBMi:2001.

Go to the left menu Manage Certificates -> Import certificate. Select option Certificate Authority

(CA).

On the next screen, insert the path and file name of the client certificate to import. In our example this is

/QIBM/USERDATA/MQM/QMGRS/MANAGER1.CONSOLE/SSL/

AligniaMonitoringNodeCertificate1.p12

Note Review that you are working with the proper Certificate Store (IBMiCertificate1.kdb).



You will be prompted for a password. You must specify the one you selected when you created the

AligniaMonitoringNodeCertificate1.p12 file.

You should receive a confirmation like this.

You can check that the certificate has been successfully imported from: Manage Certificate > View

Certificate, select option “Server or Client”.

Configuring WebSphere MQ on IBMi to use ssl

Run command WRKMQM and locate MANAGER1.CONSOLE Queue Manager. Use option 2=Change.



Complete these parameters with the following values:

SSL Key Repository . . . . . . . SSLKEYR > The path and file name of the certificate store:

/QIBM/USERDATA/MQM/QMGRS/MANAGER1.CONSOLE/SSL/IBMICERTIFICATE1

Important: Omit the Extension (.kdb)

SSL Repository Password . . . . SSLKEYRPWD > The password we previously gave to the

Certificate store.

Certificate label . . . . . . . CERTLABEL> The label of the client certificate (ibmwebspheremqsystem

in our example).

Then return to WRKMQM and select option 20=Work with Channels.

Select the previously created Channel SSLCHANNEL and use option 2=Change.

Complete these parameters with the following values:

SSL CipherSpec . . . . . . . . . SSLCIPH > *TLS_RSA_WITH_3DES_EDE_CBC_SHA

SSL Client Authentication . . . SSLCAUTH> *REQUIRED

Finally run command

RFRMQMAUT MQMNAME(MANAGER1.CONSOLE) TYPE(*SSL)

Certificates are now ready.


Appendix F : Contacting Tango/04

Appendix FAppendix F: Contacting Tango/04

EMEA (European, Middle-Eastern & African) Headquarters

Tango/04 Computing Group S.L.

Avda. Meridiana 358, 12 B-C

08027 Barcelona Spain

Phone: +34 93 274 0051

Fax: +34 93 345 1329

[email protected]

www.tango04.com

Latin American Headquarters

Barcelona/04 Computing Group SRL

Avda. Federico Lacroze 2252, Piso 6

1426 Buenos Aires Capital Federal

Argentina

Phone: +54 11 4774-0112

Fax: +54 11 4773-9163

[email protected]

www.barcelona04.com

North America (USA & Canada)

Tango/04 Computing Group USA

PO Box 3301

Peterborough, NH 03458 USA

Phone: 1-800-304-6872

Fax: 858-428-2864

[email protected]

www.tango04.com

Sales Office in Brazil

Tango/04 Computing Group Brasil

Rua Turiassú, 591 - 5º Andar

Perdizes

Cep: 05005-001 São Paulo

Brasil

Phone: +55 (11) 3675 6228

Fax: +51 1 211-2526

[email protected]

www.tango04.com.br

Sales Office in Chile

Barcelona/04 Computing Group Chile

Guardia Vieja 255, Of. 1601

Providencia

Santiago

Chile

Phone: +56 2 234 0898

Fax: +56 2 234 0865

[email protected]

www.barcelona04.com

Sales Office in Columbia

Barcelona/04 Computing Group Colombia

Calle 125 nº 19-89, Piso 5º

Bogotá, D.C.

Colombia

Phone: + 57(1) 658 2664

Fax: +51 1 211-2526

[email protected]

www.barcelona04.com


Mailto:[email protected]

www.tango04.com


www.barcelona04.com


www.barcelona04.com


www.tango04.com


www.barcelona04.com

www.tango04.com.br


www.barcelona04.com

www.barcelona04.com

Sales Office in Peru

Barcelona/04 Computing Group Perú

Calle Isaac Albeniz 555, Dpto 201 Urb

Las Magnolias

San Borja

L 27 Lima

Perú

Phone: +51 1 640-9168

Fax: +51 1 211-2526

[email protected]

www.barcelona04.com

Sales Office in Italy

Tango/04 Computing Group Italy

Viale Garibaldi 51

13100 Vercelli VC Italy

Phone: +39 0161 56922

Fax: +39 0161 259277

[email protected]

www.tango04.it



www.tango04.it


www.barcelona04.com

About Tango/04 Computing Group

Tango/04 Computing Group is one of the leading developers of systems management and automation

software. Tango/04 software helps companies maintain the operating health of all their business

processes, improve service levels, increase productivity, and reduce costs through intelligent

management of their IT infrastructure.

Founded in 1991 in Barcelona, Spain, Tango/04 is an IBM Business Partner and a key member of IBM's

Autonomic Computing initiative. Tango/04 has more than a thousand customers who are served by over

35 authorized Business Partners around the world.

Alliances

Awards

Partnerships IBM Business Partner

IBM Autonomic Computing Business Partner

IBM PartnerWorld for Developers Advanced Membership

IBM ISV Advantage Agreement

IBM Early code release

IBM Direct Technical Liaison

Microsoft Developer Network

Microsoft Early Code Release


Legal Notice

The information in this document was created using certain specific equipment and environments, and it is limited in

application to those specific hardware and software products and version and releases levels.

Any references in this document regarding Tango/04 Computing Group products, software or services do not mean

that Tango/04 Computing Group intends to make these available in all countries in which Tango/04 Computing Group

operates. Any reference to a Tango/04 Computing Group product, software, or service may be used. Any functionally

equivalent product that does not infringe any of Tango/04 Computing Group's intellectual property rights may be used

instead of the Tango/04 Computing Group product, software or service

Tango/04 Computing Group may have patents or pending patent applications covering subject matter in this

document. The furnishing of this document does not give you any license to these patents.

The information contained in this document has not been submitted to any formal Tango/04 Computing Group test

and is distributed AS IS. The use of this information or the implementation of any of these techniques is a customer

responsibility, and depends on the customer's ability to evaluate and integrate them into the customer's operational

environment. Despite the fact that Tango/04 Computing Group could have reviewed each item for accurateness in a

specific situation, there is no guarantee that the same or similar results will be obtained somewhere else. Customers

attempting to adapt these techniques to their own environments do so at their own risk. Tango/04 Computing Group

shall not be liable for any damages arising out of your use of the techniques depicted on this document, even if they

have been advised of the possibility of such damages. This document could contain technical inaccuracies or

typographical errors.

Any pointers in this publication to external web sites are provided for your convenience only and do not, in any

manner, serve as an endorsement of these web sites.

The following terms are trademarks of the International Business Machines Corporation in the United States and/or

other countries: iSeries, iSeriese, iSeries, i5, DB2, e (logo)®Server IBM ®, Operating System/400, OS/400, i5/OS.

Microsoft, SQL Server, Windows, Windows NT, Windows XP and the Windows logo are trademarks of Microsoft

Corporation in the United States and/or other countries. Java and all Java-based trademarks and logos are

trademarks or registered trademarks of Sun Microsystems, Inc. in the United States and/or other countries. UNIX is a

registered trademark in the United States and other countries licensed exclusively through The Open Group. Oracle

is a registered trade mark of Oracle Corporation.

Other company, product, and service names may be trademarks or service marks of other companies.


alignia v5.0 business applications

Documents