Sunday, September 1, 2013

Using a Single SSL/TLS Certificate in IHS for Multiple Virtual Hosts

IBM HTTP Server does allow a single SSL/TLS certificate to be presented for multiple virtual hosts. It allows this capability by supporting Server Alternate Names (SANs) on certificates rather than by supporting TLS Server Name Indication (SNI). (Just to be clear - no versions of IHS support SNI as of IHS version 8.5).

This article defines this capability: IP-Based Virtual Hosting must be used if configuring multiple SSL Virtual Hosts, but it does it in a VERY confusing way, with an even MORE confusing title. The meat of the solution is in the following text from the above article:

Exception Note: If the Keyfile uses a SAN Certificate (support for multiple domain names) 
Name-Based virtual hosting can be used instead. When using a SAN Certificate the first SSL VirtualHost will be used for the SSL handshake. After the handshake completes the SSL Virtualhost used for the HTTP request processing is determined by the ServerName directive that matches the host header supplied in the client request

NameVirtualHost 1.2.3.4:80
NameVirtualHost 1.2.3.4:443

<VirtualHost 1.2.3.4:80>
ServerName www.CompanyA.com
ServerAdmin webmaster@CompanyA.com
DocumentRoot /www/html/CompanyA
ErrorLog /www/logs/CompanyA/error_log
TransferLog /www/logs/CompanyA/access_log
</VirtualHost>

<VirtualHost 1.2.3.4:80>
ServerName www.CompanyB.com
ServerAdmin webmaster@CompanyB.com
DocumentRoot /www/html/CompanyB
ErrorLog /www/logs/CompanyB/error_log
TransferLog /www/logs/CompanyB/access_log
</VirtualHost>

<VirtualHost 1.2.3.4:443>
SSLEnable
SSLClientAuth none
ServerName www.CompanyA.com
ServerAdmin webmaster@CompanyA.com
DocumentRoot /www/html/CompanyA
ErrorLog /www/logs/CompanyA/error_log
TransferLog /www/logs/CompanyA/access_log
</VirtualHost>

<VirtualHost 1.2.3.4:443>
SSLEnable
SSLClientAuth none
ServerName www.CompanyB.com
ServerAdmin webmaster@CompanyB.com
DocumentRoot /www/html/CompanyB
ErrorLog /www/logs/CompanyB/error_log
TransferLog /www/logs/CompanyB/access_log
</VirtualHost>

SSLDisable
Keyfile /usr/lpp/HTTPServer/keys/Keyfile.kdb
SSLV2Timeout 100
SSLV3Timeout 1000


In this case, your keyfile (Keyfile.kdb) would only contain one server certificate.

You can view information on SAN Certificates here: http://www-01.ibm.com/support/docview.wss?uid=swg21444027

And in case you were wondering, I'm pretty certain the above will NOT work for the Tivoli Enterprise Portal Server (TEPS) because of multiple specifications of the host name and/or IP address that must all match correctly.

Wednesday, August 28, 2013

APM UI - Part 2 - Thresholds and Propagation

As a continuation of my previous post, we'll expand upon our GBS Supermarket Agent Builder data in the APM UI to incorporate thresholds and status propagation.

If you looked closely at the end of part 1, you'll notice that the "Resources" icon next to GBS Supermarket contained a grey question mark.


To resolve this with most APM UI widgets, you simply click on Resources, click on Edit at the upper-right, then click the gear icon on the widget you wish to adjust.


Next click on the [Thresholds] tab.


Unfortunately, our Thresholds tab is blank.  That's because we never defined thresholds within our custom JSON files.

Let's fix that and import a new version of the GBS Supermarket into APM UI.

Click the title or here to read more.

Wednesday, August 7, 2013

Netcool Omnibus Event Integration Facility


 Event Integration Facility (EIF) events date back to the days of the Tivoli Enterprise Console.  This event mechanism is robust and reliable, and still used today as a means to transport event information between ITM (and many other Tivoli products) and the EIF Probe for Omnibus.

The Netcool Omnibus Event Integration Facility is a software toolkit or SDK that can be used to send and receive EIF formatted events from within an application.  These EIF based applications are referred to as adapters.  The EIF toolkit provides many services to the adapter – some of these services include adapter configuration, event transport, event caching, automatic failover, and encryption via SSL or FIPS 140-2, to name a few.

You may be saying to yourself about now, well that’s cool, but with all the monitoring solutions out there and command line capabilities, why would I need to write my own adaptor?  That is a good question, and while the Omnibus EIF reference says:

The Event Integration Facility is a toolkit that expands the types of events and system information that you can monitor. You can use it to develop your own adapters, tailored to your network environment and to your specific needs.

I have found a useful feature to be receiving events rather than generating them. 

It’s not uncommon to find a company looking to replace both a legacy monitoring tool, and it’s event management system with IBM Tivoli Monitoring and Netcool Omnibus.   Many times the deployment of the ITM monitoring solution can be delayed while work is being done to implement automation and new processes within the new event management system – Netcool Omnibus.  This is usually a people/process delay not a technical one, but still delays the time to value of the overall solution.  

In some of these cases, use the EIF toolkit to develop an EIF receiver adapter, to “catch” ITM EIF events and then forward appropriate events on to the legacy event management system, can allow the ITM deployment to move forward.   Later, as the teams and processes are ready to begin transitioning the event management system, the adapter can be updated to forward only certain events to the legacy system and others to Omnibus, or perhaps to both for a period of time.  Ultimately the entire event flow is transition to Omnibus and the adapter eliminated from the environment.

I’ve used the Event Integration Facility toolkit a number of times in scenarios similar to this and for other things, and it can be a great tool to have in your tool belt.

For more information, see the Event Integration Facility Reference Manual, part of the Omnibus documentation set.  You can also find sample code shipped with the SDK, which is available for download with your Omnibus license.

Tuesday, July 23, 2013

APM UI - Customizing with Agent Builder data - "the Basics"

The IBM SmartCloud Application Performance Management UI (APM UI) provides a fast and simple interface into data provided by IBM Tivoli Monitoring (ITM).  It can be rendered on anything from a web browser to a smart phone.  As expected, it also provides customization capabilities.  In this post, we'll walk through end-to-end the process of introducing data/metrics from a custom ITM Agent Builder agent into the APM UI.

You're encouraged to take a look at this presentation by Cheng Quan Li of IBM Development which provides a nice overview of Dashboard Customization in APM UI.

Additionally, the documentation for APM UI customization (v.7.6.0.1 was the current version at the time of writing) can be found here.

For the purposes of this customization "basics", we're going to keep things very simple.  No fancy charts or graphs - we will simply display tabular data.  Our intent is to get comfortable with the process of customizing APM UI.  In later articles we may dig deeper into making your presentation more flashy.

We have a custom-built ITM Agent Builder agent (GBS Supermarket) for this exercise.  The data coming from this agent represents the check-out lanes at a typical supermarket.  Each lane has a name as well as performance data such as how many customers are waiting in line and the average customer wait time.

Here's what our agent looks like within the Tivoli Enterprise Portal Server (TEPS):


Click the title to read more.

Tuesday, July 9, 2013

Launchpad - Unable to find supported browser

Recently while trying to install Netcool Omnibus 7.4 on CentOS 6.4, I ran into this problem:

I launched the Omnibus launchpad.sh script only to be told that the browser I was using was not supported:

"An error occurred while starting the launchpad. This error typically occurs when the launchpad is unable to find a supported browser. Check your product's documentation for a list of supported browsers."


But, the HTML file (noBrowser.html) was actually displayed by Firefox.  It turns out that the version of Launchpad only supports older versions of Firefox, namely ESR10.

There is a very simple fix to this issue:

1) Download an ESR10 version of Firefox, for example:

# cd /tmp
# wget https://ftp.mozilla.org/pub/mozilla.org/firefox/releases/10.0.2/linux-x86_64/en-US/firefox-10.0.2.tar.bz2

2) Extract it:

# cd /tmp
# tar -jxf firefox-10.0.2.tar.bz2

3) Tell Launchpad to use it

# export BROWSER=/tmp/firefox/firefox

4) Relaunch launchpad.sh

# /tmp/omni-install/launchpad.sh

and now it works:




Monday, May 6, 2013

What is new in TCR 3.1?

As you know, IBM released a new version of Tivoli Common Reporting as part of Jazz for Service Management 1.1 offering.   This article discusses some of the new features of Tivoli Common Reporting 3.1 release.   Read on to learn more.

Cognos 10 Business Intelligence

TCR 3.1 comes with a major version upgrade to Cognos Business Intelligence. It comes with Cognos 10.2 as opposed to Cognos 8.4 in TCR 2.1.1. This major version upgrade brings lot of newer functionality to reporting. Some of them are,

New Report Design Tools

Cognos 10 BI bundles  the new Workspace Advanced design tool that is much more powerful than Query Studio but less complex than Report Studio.

This tool can be used to build quick reports, end-user analytics and even for "reasonably complex" professional looking reports. However, to include advanced reporting features such as prompts, formulas, etc, you will have to rely on Report Studio.   Good news is that report designs can be opened both in Report Studio and Workspace Advanced without loss of information. So when you need the advanced features you can "insert" them in Report Studio and come back to Workspace advanced and continue the design.

Active Reports for offline interactive reports

Active Reports are HTML only reports that can be used for offline-viewing and interactive reports. With Active Reports, the output file will be in mutli-part HTML format (.mht) with the data is self-contained in the .mht file.

Mobile Support

Cognos 10 includes improved support mobile devices specifically iPad, Android and Blackberry.   There is a IBM Cognos mobile app available for iPad as well. The app can connect to your TCR server (over wireless network of course) and run the reports.   Dan Krissel of IBM showed a great example of this app back in Pulse.

64 Bit Java based reporting engine with JDBC Support

The default C++ based 32-bit Cognos engine doesn't support JDBC drivers.  Cognos 10 now also includes a 64-bit Java based engine (in addition to the 32-bit one) that supports JDBC.  Remember that the Java based engine is still new and you need to specifically enable this engine to use its features.

More powerful multi-datasource Workspace designer

You can easily design a dashboard (NOTE: this is different from reports)  by dragging-dropping elements such as charts, tables from various reports into a single workspace.  These data sources can be fetched from different Cognos packages.  E.g. You can fetch information from ITM OS agents reports, Netcool Omnibus reports and TBSM reports and present them in a single workspace. Very powerful and works great.

Event Studio for event-driven report delivery

The Event Studio tool is now bundled as part of TCR.  Even though this tool was available in older Cognos as well, it was not shipped with TCR 2.1.1. Using this tool, you can specify rules for report delivery.

WebSphere 8.5

TCR 3.1 ships with WebSphere 8.5 that provides tons of new features including support for Java 7, new serviceability tools and better mobile support.  For in-depth look at new features, please take a link below.

http://www.ibm.com/developerworks/websphere/techjournal/1206_alcott/1206_alcott.html

Jazz for Service Management Integration

TCR 3.1 is also one of the very first products that features Jazz for Service Management 1.1 integration.  This integration brings several features for interaction. We will discuss about Jazz for Service Management in a separate article, but some of the benefits of this offering are listed below.

  • OSLC Specification compliant - Now application data can be consumed in a standard based way rather than having to rely on application specific API calls/database queries.
  • Easier integration with other Tivoli and non-Tivoli products.
  • Linked data - meaning data can be fetched from the source instead of storing it in intermediate repository.   This eliminates problems such as data being out-of-date.

There are tons of other features including UI changes that I didn't mention here. Let us know if you have any questions related to all this features, we will be happy to help. 

Thursday, March 28, 2013

Video: Creating Omnibus Event List Report using Cognos Workspace Advanced

One of the new features in Tivoli Common Reporting 3.1 is the Cognos Workspace Advanced design tool.    The following video shows how to create a simple Netcool Omnibus Event List report using the Cognos Workspace Advanced tool. 

Sorry. No audio included.  It was prepared as part of another presentation. 

http://www.youtube.com/watch?v=ukTQOV72PT4

Feel free to check out other videos in our Gulf Breeze Youtube channel as well.