Wednesday, March 12, 2008

"After Install" Policy for ITM 6.1

One of the great things about the Tivoli Management Framework is the degree to which operations can be automated to simplify management of large enterprises. Examples of these capabilities include the various endpoint policies that allow operations on endpoints after the initial login and at a normal login.

ITM 6.1 lacks this capability out of the box, but it is possible with SOAP and perl to retrieve this information and automatically perform operations when new Managed Systems log in for the first time to emulate a TMF after install policy. With this ability one can automatically add Managed Systems to Managed System Lists or even use the Take Action option to perhaps reconfigure the Managed System to point to a different RTEMs in approximation of a TMF select gateway policy.

Here is a how you can detect when a Managed System comes on line for the very first time.

When applications are added to ITM 6.1 built-in Managed Systems Lists (MSLs) are created, these MSLs begin with "*" and can not be modified. You can not add or remove Managed Systems from the MSLs. It is also forbidden to create a MSLs that begins with an "*". When a Managed System connects for the first time, it is automatically added to the appropriate built-in MSL. For example, a Linux OS agent would be added to *LINUX_SYTEMS. When a Managed System is added to an MSL, ITM writes an entry in the EIB change log. If you were to look at the EIB Change Log in the TEP you would see an Insert operation, on the IDDefNodeList table, by the user _FAGEN. The Object Name column would contain the MSL followed by white space and then the Managed System Name. It is possible to construct a situation to detect when an Insert operation is performed on the IDDefNodeList table but its usefulness is limited. You can not atomize the situation and you will still have to parse the Object Name to extract the two nuggets of information in any action you run. Also, you will not have additional information available about the new Managed System such as its IP address, OS version, which TEMS it is logged in to. All this data can be vital for intelligent automation in a large scale environment.

The additional information we need resides in the O4SRV.INODESTS table. So we are looking at a two stage process. First identify the new Managed Systems from entries in the EIB change log, and then get their detailed data from the INODESTS table. With a perl based SOAP client this is actually easy to do. Additionally, you can turn the perl script into a Universal Agent and create meaningful situations as well as collect the information in your data warehouse. A sample perl script is available here.

Here is he Universal Agent Metafile for the sample script:

//APPL NEWMANAGEDSYSTEMS @Newly created and logged-in Managed Sytems

//NAME \NMS_COLLECTOR E 86400 Interval=60

No comments: