IBM HTTP Server does allow a single SSL/TLS certificate to be presented for multiple virtual hosts. It allows this capability by supporting Server Alternate Names (SANs) on certificates rather than by supporting TLS Server Name Indication (SNI). (Just to be clear - no versions of IHS support SNI as of IHS version 8.5).
This article defines this capability:
IP-Based Virtual Hosting must be used if configuring multiple SSL Virtual Hosts,
but it does it in a VERY confusing way, with an even MORE confusing title. The meat of the solution is in the following text from the above article:
Exception Note: If the Keyfile uses a SAN Certificate (support for multiple domain names)
Name-Based virtual hosting can be used instead. When using a SAN Certificate the first SSL VirtualHost will be used for the SSL handshake. After the handshake completes the SSL Virtualhost used for the HTTP request processing is determined by the ServerName directive that matches the host header supplied in the client request
NameVirtualHost 1.2.3.4:80
NameVirtualHost 1.2.3.4:443
<VirtualHost 1.2.3.4:80>
ServerName www.CompanyA.com
ServerAdmin webmaster@CompanyA.com
DocumentRoot /www/html/CompanyA
ErrorLog /www/logs/CompanyA/error_log
TransferLog /www/logs/CompanyA/access_log
</VirtualHost>
<VirtualHost 1.2.3.4:80>
ServerName www.CompanyB.com
ServerAdmin webmaster@CompanyB.com
DocumentRoot /www/html/CompanyB
ErrorLog /www/logs/CompanyB/error_log
TransferLog /www/logs/CompanyB/access_log
</VirtualHost>
<VirtualHost 1.2.3.4:443>
SSLEnable
SSLClientAuth none
ServerName www.CompanyA.com
ServerAdmin webmaster@CompanyA.com
DocumentRoot /www/html/CompanyA
ErrorLog /www/logs/CompanyA/error_log
TransferLog /www/logs/CompanyA/access_log
</VirtualHost>
<VirtualHost 1.2.3.4:443>
SSLEnable
SSLClientAuth none
ServerName www.CompanyB.com
ServerAdmin webmaster@CompanyB.com
DocumentRoot /www/html/CompanyB
ErrorLog /www/logs/CompanyB/error_log
TransferLog /www/logs/CompanyB/access_log
</VirtualHost>
SSLDisable
Keyfile /usr/lpp/HTTPServer/keys/Keyfile.kdb
SSLV2Timeout 100
SSLV3Timeout 1000
In this case, your keyfile (Keyfile.kdb) would only contain one server certificate.
You can view information on SAN Certificates here: http://www-01.ibm.com/support/docview.wss?uid=swg21444027
And in case you were wondering, I'm pretty certain the above will NOT work for the Tivoli Enterprise Portal Server (TEPS) because of multiple specifications of the host name and/or IP address that must all match correctly.
Sunday, September 1, 2013
Wednesday, August 28, 2013
APM UI - Part 2 - Thresholds and Propagation
As a continuation of my previous post, we'll expand upon our GBS Supermarket Agent Builder data in the APM UI to incorporate thresholds and status propagation.
If you looked closely at the end of part 1, you'll notice that the "Resources" icon next to GBS Supermarket contained a grey question mark.
To resolve this with most APM UI widgets, you simply click on Resources, click on Edit at the upper-right, then click the gear icon on the widget you wish to adjust.
Next click on the [Thresholds] tab.
Unfortunately, our Thresholds tab is blank. That's because we never defined thresholds within our custom JSON files.
Let's fix that and import a new version of the GBS Supermarket into APM UI.
Click the title or here to read more.
If you looked closely at the end of part 1, you'll notice that the "Resources" icon next to GBS Supermarket contained a grey question mark.
To resolve this with most APM UI widgets, you simply click on Resources, click on Edit at the upper-right, then click the gear icon on the widget you wish to adjust.
Next click on the [Thresholds] tab.
Unfortunately, our Thresholds tab is blank. That's because we never defined thresholds within our custom JSON files.
Let's fix that and import a new version of the GBS Supermarket into APM UI.
Click the title or here to read more.
Wednesday, August 7, 2013
Netcool Omnibus Event Integration Facility
The Netcool Omnibus Event Integration Facility is a software
toolkit or SDK that can be used to send and receive EIF formatted events from
within an application. These EIF based applications
are referred to as adapters. The EIF
toolkit provides many services to the adapter – some of these services include adapter
configuration, event transport, event caching, automatic failover, and encryption
via SSL or FIPS 140-2, to name a few.
You may be saying to yourself about now, well that’s cool,
but with all the monitoring solutions out there and command line capabilities, why
would I need to write my own adaptor? That
is a good question, and while the Omnibus EIF reference says:
The
Event Integration Facility is a toolkit that expands the types of events and
system information that you can monitor. You can use it to develop your own
adapters, tailored to your network environment and to your specific needs.
I have found a useful feature to be receiving events rather
than generating them.
It’s not uncommon to find a company looking to replace both
a legacy monitoring tool, and it’s event management system with IBM Tivoli Monitoring
and Netcool Omnibus. Many times the deployment
of the ITM monitoring solution can be delayed while work is being done to
implement automation and new processes within the new event management system –
Netcool Omnibus. This is usually a
people/process delay not a technical one, but still delays the time to value of
the overall solution.
In some of these cases, use the EIF toolkit to develop an
EIF receiver adapter, to “catch” ITM EIF events and then forward appropriate
events on to the legacy event management system, can allow the ITM deployment
to move forward. Later, as the teams and
processes are ready to begin transitioning the event management system, the
adapter can be updated to forward only certain events to the legacy system and
others to Omnibus, or perhaps to both for a period of time. Ultimately the entire event flow is
transition to Omnibus and the adapter eliminated from the environment.
I’ve used the Event Integration Facility toolkit a number of
times in scenarios similar to this and for other things, and it can be a great
tool to have in your tool belt.
For more information, see the Event Integration Facility Reference
Manual, part of the Omnibus documentation set.
You can also find sample code shipped with the SDK, which is available for
download with your Omnibus license.
Tuesday, July 23, 2013
APM UI - Customizing with Agent Builder data - "the Basics"
The IBM SmartCloud Application Performance Management UI (APM UI) provides a fast and simple interface into data provided by IBM Tivoli Monitoring (ITM). It can be rendered on anything from a web browser to a smart phone. As expected, it also provides customization capabilities. In this post, we'll walk through end-to-end the process of introducing data/metrics from a custom ITM Agent Builder agent into the APM UI.
You're encouraged to take a look at this presentation by Cheng Quan Li of IBM Development which provides a nice overview of Dashboard Customization in APM UI.
Additionally, the documentation for APM UI customization (v.7.6.0.1 was the current version at the time of writing) can be found here.
For the purposes of this customization "basics", we're going to keep things very simple. No fancy charts or graphs - we will simply display tabular data. Our intent is to get comfortable with the process of customizing APM UI. In later articles we may dig deeper into making your presentation more flashy.
We have a custom-built ITM Agent Builder agent (GBS Supermarket) for this exercise. The data coming from this agent represents the check-out lanes at a typical supermarket. Each lane has a name as well as performance data such as how many customers are waiting in line and the average customer wait time.
Here's what our agent looks like within the Tivoli Enterprise Portal Server (TEPS):
Click the title to read more.
You're encouraged to take a look at this presentation by Cheng Quan Li of IBM Development which provides a nice overview of Dashboard Customization in APM UI.
Additionally, the documentation for APM UI customization (v.7.6.0.1 was the current version at the time of writing) can be found here.
For the purposes of this customization "basics", we're going to keep things very simple. No fancy charts or graphs - we will simply display tabular data. Our intent is to get comfortable with the process of customizing APM UI. In later articles we may dig deeper into making your presentation more flashy.
We have a custom-built ITM Agent Builder agent (GBS Supermarket) for this exercise. The data coming from this agent represents the check-out lanes at a typical supermarket. Each lane has a name as well as performance data such as how many customers are waiting in line and the average customer wait time.
Here's what our agent looks like within the Tivoli Enterprise Portal Server (TEPS):
Click the title to read more.
Tuesday, July 9, 2013
Launchpad - Unable to find supported browser
Recently while trying to install Netcool Omnibus 7.4 on CentOS 6.4, I ran into this problem:
I launched the Omnibus launchpad.sh script only to be told that the browser I was using was not supported:
"An error occurred while starting the launchpad. This error typically occurs when the launchpad is unable to find a supported browser. Check your product's documentation for a list of supported browsers."
2) Extract it:
# cd /tmp
# tar -jxf firefox-10.0.2.tar.bz2
3) Tell Launchpad to use it
# export BROWSER=/tmp/firefox/firefox
4) Relaunch launchpad.sh
# /tmp/omni-install/launchpad.sh
and now it works:
I launched the Omnibus launchpad.sh script only to be told that the browser I was using was not supported:
"An error occurred while starting the launchpad. This error typically occurs when the launchpad is unable to find a supported browser. Check your product's documentation for a list of supported browsers."
But, the HTML file (noBrowser.html) was actually displayed by Firefox. It turns out that the version of Launchpad only supports older versions of Firefox, namely ESR10.
There is a very simple fix to this issue:
1) Download an ESR10 version of Firefox, for example:
# cd /tmp
# wget https://ftp.mozilla.org/pub/mozilla.org/firefox/releases/10.0.2/linux-x86_64/en-US/firefox-10.0.2.tar.bz2
2) Extract it:
# cd /tmp
# tar -jxf firefox-10.0.2.tar.bz2
3) Tell Launchpad to use it
# export BROWSER=/tmp/firefox/firefox
4) Relaunch launchpad.sh
# /tmp/omni-install/launchpad.sh
and now it works:
Monday, May 6, 2013
What is new in TCR 3.1?
As you know, IBM released a new version of Tivoli Common Reporting as part of Jazz for Service Management 1.1 offering. This article discusses some of the new features of Tivoli Common Reporting 3.1 release. Read on to learn more.
Cognos 10 Business Intelligence
TCR 3.1 comes with a major version upgrade to Cognos Business Intelligence. It comes with Cognos 10.2 as opposed to Cognos 8.4 in TCR 2.1.1. This major version upgrade brings lot of newer functionality to reporting. Some of them are,
New Report Design Tools
Cognos 10 BI bundles the new Workspace Advanced design tool that is much more powerful than Query Studio but less complex than Report Studio.
This tool can be used to build quick reports, end-user analytics and even for "reasonably complex" professional looking reports. However, to include advanced reporting features such as prompts, formulas, etc, you will have to rely on Report Studio. Good news is that report designs can be opened both in Report Studio and Workspace Advanced without loss of information. So when you need the advanced features you can "insert" them in Report Studio and come back to Workspace advanced and continue the design.
Active Reports for offline interactive reports
Active Reports are HTML only reports that can be used for offline-viewing and interactive reports. With Active Reports, the output file will be in mutli-part HTML format (.mht) with the data is self-contained in the .mht file.
Mobile Support
Cognos 10 includes improved support mobile devices specifically iPad, Android and Blackberry. There is a IBM Cognos mobile app available for iPad as well. The app can connect to your TCR server (over wireless network of course) and run the reports. Dan Krissel of IBM showed a great example of this app back in Pulse.
64 Bit Java based reporting engine with JDBC Support
The default C++ based 32-bit Cognos engine doesn't support JDBC drivers. Cognos 10 now also includes a 64-bit Java based engine (in addition to the 32-bit one) that supports JDBC. Remember that the Java based engine is still new and you need to specifically enable this engine to use its features.
More powerful multi-datasource Workspace designer
You can easily design a dashboard (NOTE: this is different from reports) by dragging-dropping elements such as charts, tables from various reports into a single workspace. These data sources can be fetched from different Cognos packages. E.g. You can fetch information from ITM OS agents reports, Netcool Omnibus reports and TBSM reports and present them in a single workspace. Very powerful and works great.
Event Studio for event-driven report delivery
The Event Studio tool is now bundled as part of TCR. Even though this tool was available in older Cognos as well, it was not shipped with TCR 2.1.1. Using this tool, you can specify rules for report delivery.
WebSphere 8.5
TCR 3.1 ships with WebSphere 8.5 that provides tons of new features including support for Java 7, new serviceability tools and better mobile support. For in-depth look at new features, please take a link below.
http://www.ibm.com/developerworks/websphere/techjournal/1206_alcott/1206_alcott.html
Jazz for Service Management Integration
TCR 3.1 is also one of the very first products that features Jazz for Service Management 1.1 integration. This integration brings several features for interaction. We will discuss about Jazz for Service Management in a separate article, but some of the benefits of this offering are listed below.
Cognos 10 Business Intelligence
TCR 3.1 comes with a major version upgrade to Cognos Business Intelligence. It comes with Cognos 10.2 as opposed to Cognos 8.4 in TCR 2.1.1. This major version upgrade brings lot of newer functionality to reporting. Some of them are,
New Report Design Tools
Cognos 10 BI bundles the new Workspace Advanced design tool that is much more powerful than Query Studio but less complex than Report Studio.
This tool can be used to build quick reports, end-user analytics and even for "reasonably complex" professional looking reports. However, to include advanced reporting features such as prompts, formulas, etc, you will have to rely on Report Studio. Good news is that report designs can be opened both in Report Studio and Workspace Advanced without loss of information. So when you need the advanced features you can "insert" them in Report Studio and come back to Workspace advanced and continue the design.
Active Reports for offline interactive reports
Active Reports are HTML only reports that can be used for offline-viewing and interactive reports. With Active Reports, the output file will be in mutli-part HTML format (.mht) with the data is self-contained in the .mht file.
Mobile Support
Cognos 10 includes improved support mobile devices specifically iPad, Android and Blackberry. There is a IBM Cognos mobile app available for iPad as well. The app can connect to your TCR server (over wireless network of course) and run the reports. Dan Krissel of IBM showed a great example of this app back in Pulse.
64 Bit Java based reporting engine with JDBC Support
The default C++ based 32-bit Cognos engine doesn't support JDBC drivers. Cognos 10 now also includes a 64-bit Java based engine (in addition to the 32-bit one) that supports JDBC. Remember that the Java based engine is still new and you need to specifically enable this engine to use its features.
More powerful multi-datasource Workspace designer
You can easily design a dashboard (NOTE: this is different from reports) by dragging-dropping elements such as charts, tables from various reports into a single workspace. These data sources can be fetched from different Cognos packages. E.g. You can fetch information from ITM OS agents reports, Netcool Omnibus reports and TBSM reports and present them in a single workspace. Very powerful and works great.
Event Studio for event-driven report delivery
The Event Studio tool is now bundled as part of TCR. Even though this tool was available in older Cognos as well, it was not shipped with TCR 2.1.1. Using this tool, you can specify rules for report delivery.
WebSphere 8.5
TCR 3.1 ships with WebSphere 8.5 that provides tons of new features including support for Java 7, new serviceability tools and better mobile support. For in-depth look at new features, please take a link below.
http://www.ibm.com/developerworks/websphere/techjournal/1206_alcott/1206_alcott.html
Jazz for Service Management Integration
TCR 3.1 is also one of the very first products that features Jazz for Service Management 1.1 integration. This integration brings several features for interaction. We will discuss about Jazz for Service Management in a separate article, but some of the benefits of this offering are listed below.
- OSLC Specification compliant - Now application data can be consumed in a standard based way rather than having to rely on application specific API calls/database queries.
- Easier integration with other Tivoli and non-Tivoli products.
- Linked data - meaning data can be fetched from the source instead of storing it in intermediate repository. This eliminates problems such as data being out-of-date.
Thursday, March 28, 2013
Video: Creating Omnibus Event List Report using Cognos Workspace Advanced
One of the new features in Tivoli Common Reporting 3.1 is the Cognos Workspace Advanced design tool. The following video shows how to create a simple Netcool Omnibus Event List report using the Cognos Workspace Advanced tool.
Sorry. No audio included. It was prepared as part of another presentation.
http://www.youtube.com/watch?v=ukTQOV72PT4
Feel free to check out other videos in our Gulf Breeze Youtube channel as well.
Sorry. No audio included. It was prepared as part of another presentation.
http://www.youtube.com/watch?v=ukTQOV72PT4
Feel free to check out other videos in our Gulf Breeze Youtube channel as well.
Subscribe to:
Posts (Atom)