Running the State Based Correlation Engine from ITM

The ITM TEC integration provides the ability for situation events and ITM status events to be forwarded to TEC or Omnibus. Enabling the integration is fairly straight forward, but what is lacking is the ability to manipulate events as they are emitted from ITM. Some control over events can be achieved using the XML map files located in the TECLIB directory, but this level of control does not allow events to be manipulated programmatically. Any enrichment or correlation of events that could not be accomplished in a map file had to be done in TEC.
Until now.
The State based Correlation Engine (SCE) can be run from any of the recent TEC EEIF adapters and in reality the ITM TEC integration is simply a C based event adapter. Using the SCE will allow ITM events to me manipulated and correlated before they are sent to TEC.
Running the SCE from ITM requires a little work. In this example I will use a Linux TEMS and implement the Gulfsoft SCEJavascript custom action to manipulate ITM events using Javascript programs.

First, acquire the JAR files required to run the State based Correlation Engine from a TEC installation. The files needed are:
zce.jar
log.jar
xerces-3.2.1.jar
evd.jar

Also required is the DTD file for your XML rules file. In this case I will use and modify the default XML rules file.
tecroot.xml
tecsce.dtd

Create a directory such as /opt/IBM/ITM/sce and copy the files listed above to this directory.

Since we will be implementing the SCEJavascript custom action we will also need scejavascript.jar and js.jar (included in the Gulfsoft package) both files will also be copied to this directory.

Next we will have to modify the TEMS configuration file to successfully run the SCE. The file is named (on Linux) $CANDLEHOME/config/${HOSTNAME}_ms_${HUB_NAME}.config and contains environment variable settings for the TEMS.

Find the entry for LD_LIBRARY_PATH and add
/opt/IBM/ITM/JRE/li6243/bin:/opt/IBM/ITM/JRE/li6243/bin/classic
to the existing entry. Depending on where ITM is installed and the version of Linux, the path may be different. As you can guess, I will be using the ITM provided Java for this example so there will be no need to download and install another JRE unless you really want to. Also in this file we will setup the initial CLASSPATH environment variable and point it to the minimum required JAR files:
CLASSPATH='/opt/IBM/ITM/sce/zce.jar:/opt/IBM/ITM/sce/log.jar:/opt/IBM/ITM/sce/xerces-3.2.1.jar:/opt/IBM/ITM/sce/evd.jar'

Be sure to add CLASSPATH to the export list.

The next step is to modify the $CANDLEHOME/tables/$HTEMS_NAME/TECLIB/om_tec.config file to enable the SCE:
UseStateCorrelation=YES
StateCorrelationConfigURL=file:///opt/IBM/ITM/sce/tecroot.xml
PREPEND_JVMPATH=/opt/IBM/ITM/JRE/li6243/bin
APPEND_CLASSPATH=/opt/IBM/ITM/sce/js.jar:/opt/IBM/ITM/sce/scejavascript.jar
#TraceFileName=/tmp/eif_sc.trace
#TraceLevel=ALL

Note that we are indicating the location of the ITM provided Java and we are adding the JARs needed to run our custom action.

The next steps are to configure our Javascript code and modify the tecroot.xml file to run the custom action. The Javascript we will use will be a simple change to the msg attribute:
function processEvents(events)
{
for(i=0;i<events.length;i++)
{
var foo="FOO:";
events[i].putItem("msg",foo.concat(events[i].getString("msg")));
}
}

We will call this file test.js and save it in /opt/IBM/ITM/sce.

Finally we will modify the tecroot.xml file to run the custom action:
<?xml version="1.0"?>
<!DOCTYPE rules SYSTEM "tecsce.dtd">

<rules predicateLib="ZCE">

<predicateLib name="ZCE"
class="com.tivoli.zce.predicates.zce.parser.ZCEPredicateBuilder">
<parameter>
<field>defaultType</field>
<value>String</value>
</parameter>

</predicateLib>

<rule id="itm61.test">
<match>
<predicate>true</predicate>
</match>
<action function="SCEJavascript" singleInstance="false">
<parameters><![CDATA[/opt/IBM/ITM/sce/test.js]]></parameters>
</action>
</rule>
</rules>

Once all of the changes have been implemented, stop and start the TEMS.

All of the event that come out of ITM will now have messages starting with "FOO:", check back for more useful examples...

Using TPM for patching Windows

TPM (and TPMfSW) provides the ability to patch Windows computers through a couple different methods. In this blog, I will summarize the various methods.

There are 2 ways of doing Windows patching in TPM
1. Using the Deployment Engine
2. Using Scalable Distribution (SOA)

So the first thing is to determine the method you are using.

The Deployment Engine is better designed for a data center environment where the network is not a concern. This is because using the DE does not provide any bandwidth control or checkpoint restart. It does not use the depots for fan out distributions. It is a straight file copy. With the DE there are actually two methods that can be used. The first (and best) is to have the Windows Update Agents (WUA) talk to an internal WSUS server. The second (would not recommend) is to have the WUA talk directly to Microsoft.

SOA is used for the distributed environment. If you have many computers to distribute to and there are targets on the other end of a slow link you will want to use this method. This requires that the TCA (Tivoli Common Agent) is installed on all target computers and that the SOA-SAP has been enabled. You will also require at least one depot server (CDS).

If you are using SOA, the TPM server will have to discover and download the patches directly from Microsoft (there is a proxy config you can set too).

Ok so now you have the method you want to use. How to implement it?

DE
In order to use the DE method the following tasks need to be completed (I am going to assume that you are using the WSUS server method)
1. Install and Configure the WSUS server (approve and download desired patches)
2. Set the global variable WSUS server
After this the steps between DE and SOA are the same so I will list them after listing the SOA tasks

SOA
1. Configure the Windows Updates Discovery discovery configuration.
2. Execute the Windows Updates Discovery. This will populate the DCM with all patches available according to the filters you set (much like WSUS). Remember, this is only the definitions for the patches not the binaries required to install them.
3. Approve patches
4. Execute the MS_SOA_DownloadWindowsUpdates to download the files from Microsoft.

Common Steps
Now that the desired repository is setup you need to complete the following.
1. Install the WUA on all targets
2. create a patching group. Under the compliance tab, add a security compliance check called Operating System Patches and Updates.
3. Execute the Microsoft WUA Scan discovery configuration
4. In the Compliance tab, select Run -> Run Compliance Check. Once the task is complete, the Compliance tab will show if there are computers out of compliance.
5. Click on the number under the Compliant header (something like 0/1)
6. Select the desired patches and computers and press the Approve button.
7. Select the desired patches and computers and press the Run/Schedule button (Note: the Run button does not work for SOA distributions)
8. Once the distributions are complete, run the Microsoft WUA Scan again and then the Run Compliance Check.

Done!

Let me know if you have any comments/questions. Complaints > /dev/nul ;)

Thanks to Venkat for all his help!

Martin Carnegie
martin dot carnegie at gulfsoft dot com

ITM 6.1 FP05 - NEW - What's a widget?

If you have started looking at Fix Pack 5 for ITM 6.1, you may have noticed (on the Windows version fix pack) that there is a directory called Widget.

This directory has the Tivoli Widget Engine, these "widgets" are very similar to the widgets you would use with the Google Desktop or Mac OS X. The widgets are little graphical JAD programs that execute a SOAP call to your hub tems via the Tivoli Widget Engine. You can set transparency and opacity so you can see thru the widgets. Each one of these widgets must be configured and you need to understand the formatting of the SOAP requests to get them properly configured. Each widget engine must be installed locally on each workstation, configuration must be performed locally too.

So, my final comment is this - I would have rather have seen improvements in security and a lightweight web interface to the my agents than this workstation based solution. Maybe this is the direction of the"web mash" - but until the basics solid (INCLUDING SCALE) - I think more effort should be put into the core product.

TTUC Presentation

Many of you did not get the hand outs at my presentation during last weeks Tivoli Technical Users Conference.

Here is the URL to download it in PDF format:



TTUC Presentation

ITM Fixpack 05 is available now!

As expected, IBM released Fixpack 05 for ITM V6.1 today. The fixpack readme is available at http://www3.software.ibm.com/ibmdl/pub/software/tivoli_support/patches/patches_6.1.0/6.1.0-TIV-ITM-FP0005/itmfp5_add.pdf

Stay tuned for more updates about Fixpack 05 in our future articles.

Introduction to ITM 6.1 Policies

Policies are the "grey area" of ITM. Everyone knows what they are, but only a few really implement them. While there are reasons for not implementing them as your primary event handling mechanism, there are enough reasons for relying on ITM policy automation for some of your simple needs. This articles lists some example scenarios to implement ITM policies.

Policies - A quick look

ITM 6.1 policies provide a simple if-then-else automation and they can be used to take actions based on situations. For example, if most of your event handling involves running a script to take some actions such as sending an email, running a recovery script, etc, you could easily implement it in ITM policies.

When to use them?

Here are some scenarios where you will need to rely on policies.

1) If you don't have framework or planning on moving away from it, then ITM policies might be the way to go.
2) For small environments where the volume of events happening is very low.
3) You could write your scripts to provide necessary logging but policies don't provide explicit event tracking mechanism as such.
4) You have only a small number of situations to manage.
5) All your response actions are very simple and doesn't involve complex event correlations.

Example 1: Sending emails for alerts

To send an email alert for a situation, use the "Wait Until a situation becomes true" activity and "Take Action" activity and connect them using "Situation is true" connector. In the take action, choose "Run a system command" and specify the script that will send email alerts. Make sure that you execute this action at the TEMS or at a specific node where the script will be available by clicking "More options" button.


Example 2: Restarting Windows Services when they go down.

To restart a Windows Service when it goes down, setup a situation to monitor the service and when it goes down and use a similar mechanism like the above except that in the "Take Action" field, use "net start &NT_Services.Service_Name". You can enter the service name by using Attribute substitution button.

Policy Distribution

Once the policy has been created, it need to be distributed to manage systems or managed system lists on whose situations it will have effect on. Click on the distribute check box against the policy name and it will bring up Policy distribution window. This process is similar to situation distribution selection.

Start Policy

The policy will not be effective unless you start the policy. On the other hand, if you would like to disable a policy for a while, you could stop the policy. Make sure that AutoStart attribute is set appropriately so that your policy will take effect during server startups.

There are few more interesting combinations possible with policies, start playing with them and you will never know when they will become handy. Good luck.

Windows XP and Vmware Tips

I have had few issues related to Vmware, slow hard disk in Windows XP and long boot time in Windows XP. Thought of sharing the solutions for these issues with everyone of you.

Slow Hard disk in Windows XP

You don't think your brand new computer could be running much more inefficiently than a 20 year old PC, do you? Mine did for some time, I didn't even realize it. My computer was taking lot of CPU even for mundane tasks such as copying files and the performance was getting worse. ProcExplorer showed hardware interrupts taking 70-80% of CPU.

The reason? The hard disk was running in Programmed IO mode (PIO mode) in which CPU was responsible for data transfer instead of DMA (Direct Memory Access) Controller. Right click My Computer -> properties -> Hardware -> Device Manager. Expand IDE ATA/ATAPI controllers and right click Primary IDE Channel and choose properties. Goto advanced settings and see the Current Transfer Mode. It should be Ultra DMA or NOT PIO.

If it is PIO, just goto Driver tab and click "Uninstall Driver" and reboot twice. If you would like to learn this in depth here are two good sources.

http://support.microsoft.com/kb/817472
http://winhlp.com/WxDMA.htm

Slow Boot time in Windows XP

Does your system stays long time in Windows XP Logo screen? It could be due to a corrupt program in Windows Prefetch directory, where Windows stores frequently used programs for faster fetching. Delete C:\windows\prefetch\*.pf files and reboot your computer.

Virtual machine fails to boot

I have some of my vms running on a NTFS filesystem mounted on a linux box using a ntfs-3g driver. The net effect is that the disk performance is relatively slow. Same could be said of USB 1.1 hard drives and network mounted drives. If you are running your VMs from any of these and your virtual machine fails to boot, try adding the following line to your *.vmx configuration file.

mainMem.useNamedFile = "False"

Hope you find these tips useful.