Friday, April 22, 2011

Interesting information on Tivoli's Cloud initiatives

https://www.ibm.com/developerworks/mydeveloperworks/blogs/9e696bfa-94af-4f5a-ab50-c955cca76fd0/entry/csp_technical_integration_note_managing_the_core_system9?lang=en

If you're new to Tivoli's Cloud movement, I think the best way to get use out of this paper is to just read about the products that are involved in the total solution. If your company is moving toward the cloud, knowledge of those components will definitely help you.

Tuesday, March 29, 2011

Passing TCR UserID in BIRT Reports

Many times, you might want to display/determine the TCR user name that is invoking the reports. While there is no GUI way of doing this within BIRT, a simple Javascript is all you need. Here is how to do it in BIRT

  1. Select a blank area in the report. This should display report properties in the Property Editior.

  2. Now click on the "Script" tab for the report displayed at the bottom of the main work area. (where Preview/Layout tabs are).

  3. In the script drop down, select "Before Factory" and paste the javascript code below.


    TCR_IUSER = "com.ibm.tivoli.reporting.api.reportEngine.IUserInfo";

    userInfo = reportContext.getAppContext().get(TCR_IUSER);

    userName = "unknown";

    if (userInfo != null) {

    userName = userInfo.getUserPrincipal();

    }



  4. Now you can use the userName javascript variable in your reports to identify/display the TCR User.

  5. For example, to display the UserName, insert a "Dynamic Text" item anywhere in your report and enter the following value. "User name = " + userName
Hope this helps.

Thursday, March 17, 2011

IBM Service Management YouTube channel

This is great - a channel containing lots of fairly technical videos of Tivoli products and integrations:

http://www.youtube.com/user/ismconnect?feature=mhum#p/c/5C4BC71AD2C77801

A great tutorial on ITCAMfT integration with TBSM

TBSM is able to read Discovery Library Adapter (DLA) books from a number of products, including ITM, TADDM, and ITCAM for Transactions (there are others, but I don't know of a comprehensive list). Sometimes the specifics about the integration are dependent upon what other products you have installed, but that is a larger discussion also. This piece from IBM contains extremely useful information on how you can filter the data in the ITCAM for Transactions DLA so that it can be processed more quickly by TBSM and increase the quality of the data in TBSM (by eliminating services that are not important):


The information is great, but you definitely have to do some work before you can just follow along. In the example, they exclude all of the .gif, .css and .jpg components. In many shops, this would work great. However, I've been in some companies that have had problems specifically with .css files being moved/renamed/locked/etc., and those companies would definitely not want to exclude those entities. So before you can just dive in, you need to analyze your business needs and the current state of your components. This could be done in a DEV/QA environment, or possibly in a temporary portion of your TBSM implementation.

Wednesday, March 9, 2011

BitLocker on Windows 7

What is BitLocker?

Windows Vista and 7 included the BitLocker functionality to allow for encryption of the drive.

Deployment Problem:

According to the Info Center documentation, OSD is BitLocker ready. Well, not really. The idea is that OSD has the capability of creating a partition that will allow BitLocker to be activated. The problem is that when OSD creates the partition it assigns a driver letter to the partition and this is not something that can be there for BitLocker to function.

Solution:

As of Windows 7 (and Vista SP1(?), but who cares), Microsoft included a tools called bdehdcfg.exe that allows for the ability to take any partition, shrink it by a certain amount and prepare it for BitLocker. In order for BitLocker to work, it requires a minimum of 100MB or 300MB if you also want the recovery console (For Vista this is 1.5 GB). In order to do this, just use a software module that is deployed with the image to execute the bdehdcfg command.

One thing to note with this solution, when the image is deployed, you will end up with a larger partition than expected. The reason for this is that when the bdehdcfg command is executed, the partition ends up being created at the end of the drive and when OSD is completed, it takes the cache partition (about 500MB) and adds it to the last partition on the drive. So if you are defining bdehdcfg to create a 300MB partition, you will end up with a 800MB partition (approx). Currently the only way around this is to have the bdehdcfg execute after the OSD deployment is completed.

BitLocker sounds simple enough to implement, but there are some things to think about that will impact the business

  1. The PIN is used to provide an additional level of security to the BitLocker process. This PIN is set to the computer not to the user(s) of the computer, so if there are multiple users of the system, then they all share the same PIN.
  2. The PIN can only be set with someone with Administrative access. (I have not personally confirmed this, but I was informed of this by an engineering group, so if this is incorrect, please let me know and I will remove)
  3. There is no native method to enforce a password expiry of the PIN
  4. BitLocker can be disabled/paused by anyone with administrative access, thus leaving the system unprotected.
  5. Will require processes to be put in place when users forget their PIN (you know it will happen) and provide the recovery password. This is possibly the hardest part depending on the users and the number of users.

On the plus side:

  1. It is free so you are able implement encryption without additional software expense
  2. When protected, the encryption seems to be as good as any
  3. Encrypting a drive is relatively quick compared to other vendors
  4. Recovering a drive is simple as you just need the recovery password from Active Directory
  5. Did I mention it was free?

Hope this helps you out :)

If you have any other topics you would like covered, send me a note at martin dot carnegie at gulfsoft dot com.