Charles Joy Mark Gosson Kerrie Meyler with Pete Zerger, David Allen, and Marcus Oh
System Center Opalis Integration Server 6.3 UNLEASHED
800 East 96th Street, Indianapolis, Indiana 46240 USA
System Center Opalis Integration Server 6.3 Unleashed Copyright © 2012 by Sams Publishing All rights reserved. No part of this book shall be reproduced, stored in a retrieval system, or transmitted by any means, electronic, mechanical, photocopying, recording, or otherwise, without written permission from the publisher. No patent liability is assumed with respect to the use of the information contained herein. Although every precaution has been taken in the preparation of this book, the publisher and author assume no responsibility for errors or omissions. Nor is any liability assumed for damages resulting from the use of the information contained herein. ISBN-13: 978-0-6723-3561-7 ISBN-10: 0-672-33561-1 Library of Congress Cataloging-in-Publication data: Joy, Charles, 1979System center Opalis integration server 6.3 unleashed / Charles Joy, Mark Gosson, Kerrie Meyler ; with Pete Zerger, David Allen, and Marcus Oh. p. cm. Includes bibliographical references. ISBN 978-0-672-33561-7 1. Electronic data processing--Management. 2. Computer networks--Management. 3. Microsoft Windows server. 4. Computer systems. I. Gosson, Mark. II. Meyler, Kerrie. III. Title. QA76.9.M3J69 2012 004.6--dc23 2011027815 First Printing July 2011
Trademarks All terms mentioned in this book that are known to be trademarks or service marks have been appropriately capitalized. Pearson Education, Inc., cannot attest to the accuracy of this information. Use of a term in this book should not be regarded as affecting the validity of any trademark or service mark.
Warning and Disclaimer Every effort has been made to make this book as complete and as accurate as possible, but no warranty or fitness is implied. The information provided is on an “as is” basis. The author and the publisher shall have neither liability nor responsibility to any person or entity with respect to any loss or damages arising from the information contained in this book.
Bulk Sales Pearson offers excellent discounts on this book when ordered in quantity for bulk purchases or special sales. For more information, please contact: U.S. Corporate and Government Sales 1-800-382-3419
[email protected] For sales outside of the U.S., please contact: International Sales +1-317-581-3793
[email protected]
Editor-in-Chief Greg Wiegand Executive Editor Neil Rowe Development Editor Mark Renfrow Managing Editor Sandra Schroder Project Editor Seth Kerney Copy Editor Jovana Shirley Indexer Cheryl Lenser Proofreader Apostrophe Editing Services Technical Editor Jeff Fanjoy Publishing Coordinator Cindy Teeters Book Designer Gary Adair Compositor Mark Shirar
Contents at a Glance Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 Part I
Opalis Integration Server Overview and Concepts
1
Introducing Opalis Integration Server 6.3
2
Inside Opalis Integration Server 6.3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
3
Architectural Design . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
Part II
............................................5
Installation and Implementation
4
Installing Opalis Integration Server 6.3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
5
Policy Basics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115
6
Foundation Objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153
7
Implementation and Best Practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201
Part III
Integration Packs and the SDK
8
OIS Integration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237
9
Integration with System Center Operations Manager . . . . . . . . . . . . . . . . . . . . . . . . . . 299
10
Integration with System Center Service Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 313
11
Integration with System Center Configuration Manager. . . . . . . . . . . . . . . . . . . . . . 331
12
Integration with System Center Virtual Machine Manager . . . . . . . . . . . . . . . . . . . 347
13
Integration with System Center Data Protection Manager
14
Data Center Scenarios . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 381
15
The Quick Integration Kit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 397
. . . . . . . . . . . . . . . . . . . 367
Appendixes A
Support and Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 469
B
Reference URLs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 495
C
Available Online
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 503
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 505
iv
Table of Contents Introduction Part I 1
1
Opalis Integration Server Overview and Concepts Introducing Opalis Integration Server 6.3
5
What Is Opalis? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 Automation, Orchestration, and Integration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 Workflow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 OIS Connects the Data Center. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 Microsoft’s Automation Platform . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 Microsoft Before OIS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 Adding OIS to the Picture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 Making the Difference: The Data Bus . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 Flexibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 OIS in the Real World . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 Results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 Where OIS Fits Within the System Center Suite. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 Enhancing, Extending, and Enabling System Center . . . . . . . . . . . . . . . . . . . . 12 Transforming the Data Center . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 The History of Opalis Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 Rendezvous with Destiny. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 Do the Robot! . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 What Rhymes with OIS? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 Microsoft Acquires Opalis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 Product Challenges . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 OIS 6.3 and Beyond . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 SCO 2012 Differences . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 SCO 2012 Similarities. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 Unknowns . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 Understanding IT Process Automation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 A Brief History of IT Process Automation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 Old Processes and Unwanted Artifacts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 Not a Job Scheduler . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28 An ITPA Tool, Not a Connector. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28 2
Inside Opalis Integration Server 6.3
29
Component Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29 Optional Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31 Required Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
v
Contents
SQL Datastore. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32 Installation and Configuration Objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33 Policy Authoring Objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34 Policy Execution Objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36 Policy History and Log Objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38 Action Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39 The OpalisActionService . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39 Connectivity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40 PolicyModule.exe . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43 Redundancy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44 OIS Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45 OIS Client Connection to the OIS Datastore . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47 From XML to SQL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47 Management Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48 Primary Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48 Watchdog . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49 Additional Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50 Opalis Operator Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54 3
Architectural Design
55
Basic Architecture. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55 Policy Lifecycle and Mechanics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56 Check In . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56 Dormant Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57 Starting the Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57 Action Servers and Policy Instantiation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58 PolicyModule.exe . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58 Policy Limits and Queuing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60 Action Server Policy Throttle . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60 Maximum Number of Policies to Run . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60 Desktop Heap Limitations and Policies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61 Policy Maximums Based on Operating System. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63 Policy Size and Complexity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64 CPU and Memory Resources Also Affect Policy Limits. . . . . . . . . . . . . . . . . . . 64 Policy Queuing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64 Policy Spillover . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65 Policies Assigned to Specific Action Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66 Policy Failover . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66 Deployment Models . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67 Simple Deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
vi
Resilient Deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68 Cross-Network Deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69 Cross-Network Action Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70 Multisite Manual Policy Sync . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72 Multisite Invoke via Web Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73 Multisite Hybrid Solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74 Multisite Isolated Deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75 Security Models . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76 Single Domain Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76 Federated Domains . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76 Untrusted Security Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78 Part II 4
Installation and Implementation Installing Opalis Integration Server 6.3
79
Dependencies Explained. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79 OIS 6.2.2 Dependency . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80 Java and JBoss Dependency . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80 Installation Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80 Server Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80 User Account Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81 Trust But Verify . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83 Downloading the Installation Media. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83 Running the Installer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84 Installing the Management Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85 Database Creation and Population . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87 Licensing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90 Patching for 6.3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93 Deployment Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94 Action Server Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94 OIS Client Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97 Integration Pack Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99 Registering the IPs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100 Deploying the IPs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102 Manual Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105 The Opalis Operator Console. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106 Gathering Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107 Installing Java . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108 Setting Environment Variables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108 Extracting Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108 Using the PowerShell Script to Install the Opalis Operator Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110 Securing the Opalis Operator Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111
Contents
vii
Testing the Opalis Operator Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111 Configuring the Operator Console as a Service . . . . . . . . . . . . . . . . . . . . . . . . . . 113 Common Installation Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114 5
Policy Basics
115
Navigating the OIS Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115 Understanding the Connections Window . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116 Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116 Computer Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117 Action Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117 Global Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118 Using the Workspace Window . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120 Accessing the Objects Window . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120 Reviewing the Events Window. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121 Viewing Status in the Log Window . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122 The Log History Window: Looking Back . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 123 Audit History Window . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124 Configuring the Client Using the Options Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124 Show Link Labels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124 Show Tooltips . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125 Show Legacy Objects (Requires Client Restart) . . . . . . . . . . . . . . . . . . . . . . . . . . . 125 Automatic Check Out . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125 Prompt for Comment on Check In . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126 Allow Empty Comment on Check In . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126 Creating Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126 Objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126 Monitor Objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126 Link Handles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126 Links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127 Dragging and Dropping Objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127 Configuring Objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127 Linking Objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128 The Policy Testing Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129 Running a Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130 Examining the Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130 Stepping Through a Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 130 Setting Breakpoints . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131 Differences Between the PTC and the OIS Client . . . . . . . . . . . . . . . . . . . . . . . . 131 Policy Check In and Check Out . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132 Starting a Policy in the OIS Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132 Checking Logging in the OIS Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133
viii
Branching (Link Filters) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134 The Default Filter. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134 Adding Filters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 134 Include Filters and Exclude Filters. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135 Link Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136 The Published Data Bus . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136 Adding Data to the Bus. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137 Types of Published Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139 Subscribing to PD on the Bus . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139 The Opalis Operator Console. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140 Starting and Stopping Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141 Viewing Policy Execution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141 Searching for Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142 Action Server View . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142 Permissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142 Events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144 Triggering Policies from Within a Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145 The Custom Start Object . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145 The Trigger Policy Object . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146 Policies Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147 General Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147 Action Servers Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147 Logging Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148 Event Notifications Tab. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149 Run Behavior Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149 Policy Data Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149 Importing and Exporting Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150 Exporting a Group of Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151 Exporting a Single Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151 Importing Policies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152 6
Foundation Objects
153
Basic Object Anatomy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153 Extensibility Objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157 Run Program. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158 Query Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161 Run .Net Script . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163 Invoke Web Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167 Query WMI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169 Run SSH Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170 SNMP Objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172
Contents
ix
Other Important Object Categories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173 Email and Notification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174 Workflow Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177 Text and File Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181 Counters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184 Legacy Objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187 The Wait Object . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189 Read, Filter, and Process Email (POP3/SMTP or Exchange) . . . . . . . . . . . 190 Other Legacy Objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191 Remaining Objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191 Use Case Examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199 7
Implementation and Best Practices
201
The Policy Engine. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201 Policy Engine Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202 Multi-Value Data Handling. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206 Flattening Multi-Value Data. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207 The Junction Object . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 208 Pipeline Mode, Legacy Mode, and the Multiplication Effect . . . . . . . . . 209 Complex Link Logic. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210 Looping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212 Object-Level Looping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212 Policy-Level Looping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213 Scheduling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214 The Check Schedule Object . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214 Applying Schedules to a Policy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214 Data Manipulation and Parsing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 216 OIS Data Manipulation Functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217 Parsing with the Query Database Object . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 219 Parsing with the Run .Net Script Object . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 219 Dynamic Everything . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 221 Using Error Handling to Harden Your Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222 Securing Policies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225 Naming Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 226 Versioning, Backup, and Promotion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 227 Versioning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 228 Backing Up Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229 Promotion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 230 External Data Persistence . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 231 Challenge: Haltable/Restartable Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 232 Solution: Integration Pack for Standard OIS Logging . . . . . . . . . . . . . . . . . . . 234 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235
x
Part III 8
Integration Packs and the SDK OIS Integration
237
Integration Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237 The IP for BladeLogic Operations Manager. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 238 BladeLogic Operations Manager IP Typical Use Case . . . . . . . . . . . . . . . . . . . 238 BladeLogic Operations Manager IP Object List . . . . . . . . . . . . . . . . . . . . . . . . . . . 239 BladeLogic Operations Manager IP Installation Notes. . . . . . . . . . . . . . . . . . 239 BladeLogic Operations Manager IP Supported Versions. . . . . . . . . . . . . . . . 239 BladeLogic Operations Manager IP Configuration Settings . . . . . . . . . . . 239 The IPs for BMC Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 240 The IP for BMC Atrium CMDB . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 240 The IP for BMC Event Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243 The IP for BMC Patrol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245 The IP for BMC Remedy AR System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 247 The IPs for CA Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 250 The IP for CA AutoSys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 250 The IP for CA eHealth . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 252 The IP for CA Spectrum . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 254 The IP for CA Unicenter NSM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 256 The IP for CA Unicenter Service Desk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257 The IP for EMC Smarts InCharge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 260 EMC Smarts InCharge IP Typical Use Case . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 260 EMC Smarts InCharge IP Object List . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 260 EMC Smarts InCharge IP Installation Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261 EMC Smarts InCharge IP Supported Versions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261 EMC Smarts InCharge IP Configuration Settings . . . . . . . . . . . . . . . . . . . . . . . . 261 The IPs for HP Tools. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 262 The IP for HP Asset Manager. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 262 The IP for HP iLO and OA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 264 The IP for HP Network Node Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 266 The IP for HP OpenView Operations (Unix - HPUX) . . . . . . . . . . . . . . . . . . . 268 The IP for HP OpenView Operations (Unix - Solaris) . . . . . . . . . . . . . . . . . . . 270 The IP for HP OpenView Operations (Windows) . . . . . . . . . . . . . . . . . . . . . . . . 273 The IP for HP OpenView Service Desk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 275 The IP for HP Service Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 278 The IPs for IBM Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 280 The IP for IBM Tivoli Enterprise Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 280 The IP for IBM Tivoli Netcool Omnibus . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 282 The IP for IBM Tivoli Storage Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 284 The IP for Microsoft Active Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 286 Microsoft Active Directory 2 IP Typical Use Case . . . . . . . . . . . . . . . . . . . . . . . . 286 Microsoft Active Directory 2 IP Object List . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 287 Microsoft Active Directory IP 2 Installation Notes . . . . . . . . . . . . . . . . . . . . . . 288
Contents
xi
Microsoft Active Directory 2 IP Supported Versions . . . . . . . . . . . . . . . . . . . . 288 Microsoft Active Directory 2 IP Configuration Settings . . . . . . . . . . . . . . . . 289 The IP for Unix . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289 Unix IP Typical Use Case . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289 Unix IP Object List . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 290 Unix IP Installation Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 291 Unix IP Supported Versions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 291 Unix IP Configuration Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 292 The IP for Veritas NetBackup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 293 Veritas NetBackup IP Typical Use Case . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 293 Veritas NetBackup IP Object List. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 293 Veritas NetBackup IP Installation Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 293 Veritas NetBackup IP Supported Versions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 294 Veritas NetBackup IP Configuration Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 294 The IP for VMware vSphere . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 295 VMware vSphere IP Typical Use Case . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 295 VMware vSphere IP Object List . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 295 VMware vSphere IP Installation Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 297 VMware vSphere IP Supported Versions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 297 VMware vSphere IP Configuration Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 297 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 298 9
Integration with System Center Operations Manager
299
Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 299 Opalis Integration Server 6.3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 299 System Center Operations Manager 2007 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 299 Installing the SCOM IP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 300 Configuring the SCOM IP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 300 Connectivity Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 300 Granting Access to the Connection Account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 301 Configuring the Connection Account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 301 Objects at a Glance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 302 Objects in Depth . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 303 Use Case Scenarios. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 305 Incident Remediation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 305 Server Maintenance Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 307 Branch Office Maintenance Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 309 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 312 10
Integration with System Center Service Manager
313
Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 313 Opalis Integration Server 6.3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 313
xii
System Center Service Manager 2010 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 314 Locale Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 314 Installing the SCSM IP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 314 Configuring the SCSM IP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 314 Objects at a Glance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 315 Objects in Depth . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 316 Use Case Scenarios. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 317 Close Resolved Incidents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 318 Manage Incidents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 320 Automating Change . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 323 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 330 11
Integration with System Center Configuration Manager
331
Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 331 Opalis Integration Server 6.3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 331 System Center Configuration Manager 2007 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 332 Installing the SCCM IP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 332 Configuring the SCCM IP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 332 Creating the Connection Account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 332 Granting Access to the Connection Account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 333 Connectivity Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 335 Objects at a Glance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 335 Objects in Depth . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 335 Use Case Scenarios. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 338 Creating and Populating a Collection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 338 Checking Compliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 341 Advertising Software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 344 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 346 12
Integration with System Center Virtual Machine Manager
347
Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 347 Opalis Integration Server 6.3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 347 System Center Virtual Machine Manager 2008 . . . . . . . . . . . . . . . . . . . . . . . . . . . 348 Security Credentials . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 348 Installing the VMM IP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 348 Configuring the VMM IP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 348 Connectivity Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 348 Granting Access to the Connection Account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 349 Configuring the Connection Account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 349 Objects at a Glance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 351 Objects in Depth . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 352 Use Case Scenarios. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 355
Contents
xiii
Virtual Machine Provisioning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 356 VM Checkpoint and Recovery. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 360 Capacity and Lifecycle Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 363 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 366 13
Integration with System Center Data Protection Manager
367
Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 367 Opalis Integration Server 6.3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 367 System Center Data Protection Manager 2010 . . . . . . . . . . . . . . . . . . . . . . . . . . . 368 Windows Management Framework . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 368 Installing the DPM IP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 368 Configuring the DPM IP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 369 Objects at a Glance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 370 Objects in Depth . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 370 Use Case Scenarios. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 372 Creating a Recovery Point . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 372 Protecting a Data Source . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 375 Recovering a SQL Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 375 Checking DPM Server Storage Capacity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 378 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 379 14
Data Center Scenarios
381
Requirements in the Dynamic Data Center . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 382 Use Case Scenarios. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 383 Server Maintenance and Reboot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 383 Virtual Machine Provisioning and Configuration . . . . . . . . . . . . . . . . . . . . . . . 386 Bulk User Account Provisioning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 391 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 395 15
The Quick Integration Kit
397
Overview of QIK . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 397 Options and More Options. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 398 Planning Your QIK Project. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 400 Installing QIK . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 401 Installation Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 401 Running the Installer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 402 Actions Performed by the Installer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 406 Your IDE and the QIK Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 410 Installing the QIK Integration Packs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 415 QIK CLI Wizard. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 415 QIK SDK . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 432
xiv
SDK Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 433 SDK Features and Functionality . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 433 QIK API . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 434 QIK Programming Models . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 435 QIK Project Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 436 QIK Code Samples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 437 Creating Integration Packs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 445 The QIK Wizard. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 445 Using the QIK Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 445 Deploying QIK Objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 456 Test Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 456 Ready for Production. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 462 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 467 Appendixes A
Support and Troubleshooting
469
Product Footprint . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 469 File System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 469 Registry Structure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 473 Running Processes and Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 475 Start Menu Programs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 475 Background Executables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 476 Datastore. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 477 Basic Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 477 Common Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 482 OOC Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 485 Foundation Object Questions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 486 Versions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 488 Log History . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 489 Data Items Logged . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 490 Log Purging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 491 Logging Levels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 492 TraceLogger Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 493 Checking Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 493 B
Reference URLs
495
General Resources. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 495 Microsoft’s OIS Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 496
Contents
xv
Additional Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 498 Blogs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 500 The System Center Family . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 501 Public Forums . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 501 C
Available Online
503
PowerShell Resources for Maintenance Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 503 Live Links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 503 Index
505
xvi
About the Authors and Contributors Charles Joy, senior technology evangelist at Microsoft, began working at small start-up firms and moved on to companies such as Raytheon, Unisys, and later Opalis Software. Charles was responsible for implementing the world’s largest OIS deployments. Charles has been a frequent presenter on OIS at MMS, TechEd (U.S., AU, and NZ), and numerous internal Microsoft conferences. He is also a frequent contributor on TechNet with a blog at http://blogs.technet.com/b/charlesjoy/. Mark Gosson, senior technology evangelist at Microsoft, has worked in IT for more than 18 years. He worked at Opalis Software, Inc., from 2004 until its acquisition by Microsoft. At Opalis, he managed Field and Pre-Sales Engineering and was responsible for implementations at Opalis’s largest customers. Mark has been a frequent presenter on OIS at MMS, TechEd (U.S., ZA, and AE), and numerous internal Microsoft conferences. Kerrie Meyler, System Center MVP, is an independent consultant and trainer with more than 15 years of Information Technology experience, including work as a senior technical specialist at Microsoft. She has presented at TechEd, MMS, and Microsoft product launches. Kerrie is the lead author of a number of books in the Unleashed series, including Microsoft System Center Operations Manager 2007 Unleashed (Sams, 2008), System Center Operations Manager 2007 R2 Unleashed (Sams, 2010), System Center Configuration Manager 2007 Unleashed (Sams, 2009), and System Center Service Manager 2010 Unleashed (Sams, 2011). Pete Zerger, System Center MVP, focuses on System Center management and data center automation. He presents at Microsoft conferences such as MMS and TechEd and manages System Center Central (http://www.systemcentercentral.com). Pete was a contributing author to System Center Operations Manager 2007 R2 Unleashed and System Center Configuration Manager 2007 Unleashed. He also writes courseware for Microsoft Learning, including Course 50507A, “Designing and Automating Workflows with Microsoft System Center Opalis.” Marcus Oh, System Center MVP, has more than 15 years of IT industry experience and is a technical manager for a large telecommunications provider. He specializes in Configuration Manager and Operations Manager. Marcus has written numerous articles for technology websites and blogs on OIS and other System Center products at http://marcusoh.blogspot.com/. Marcus runs the Atlanta Systems Management User Group (http://www.atlsmug.org) and coauthored Professional SMS 2003, MOM 2005, and WSUS (Wrox, 2006). David Allen, System Center MVP, has more than 10 years of experience in the IT industry and is a systems management specialist. He has worked with OIS since the Microsoft acquisition, designing workflows and overseeing various levels of implementation. David presents at MMS, TechEd, and TechDays. He blogs at http://wmug.co.uk/blogs/aquilaweb/ default.aspx and is the founder of http://www.scdpmonline.org.
Contents
xvii
Dedication To IT professionals worldwide who use the System Center suite
Acknowledgments Writing a book is an all-encompassing and time-consuming project, and this book certainly meets that description. The authors and contributors would like to offer appreciation to those who helped with System Center Opalis Integration Server 6.3 Unleashed. Special thanks to Kaj Wierda, founding member and longtime Opalis employee, for his insight into the early years of ITPA. Thanks also to Akos Technology Services for lab assistance, to Scott Weisler of Akos for environment support, and to Michelle Cohen of Microsoft. Jeff Fanjoy, also of Microsoft, was invaluable as our technical editor. Thanks also go to the staff at Pearson, in particular to Neil Rowe, who has worked with us since Microsoft Operations Manager 2005 Unleashed (Sams, 2006).
xviii
We Want to Hear from You! As the reader of this book, you are our most important critic and commentator. We value your opinion and want to know what we’re doing right, what we could do better, what areas you’d like to see us publish in, and any other words of wisdom you’re willing to pass our way. As an associate publisher for Sams Publishing, I welcome your comments. You can email or write me directly to let me know what you did or didn’t like about this book—as well as what we can do to make our books better. Please note that I cannot help you with technical problems related to the topic of this book. We do have a User Services group, however, where I will forward specific technical questions related to the book. When you write, please be sure to include this book’s title and author as well as your name, email address, and phone number. I will carefully review your comments and share them with the author and editors who worked on the book. Email:
[email protected]
Mail:
Neil Rowe Executive Editor Sams Publishing 800 East 96th Street Indianapolis, IN 46240 USA
Reader Services Visit our website and register this book at informit.com/register for convenient access to any updates, downloads, or errata that might be available for this book.
Introduction
In December 2009, Opalis Software, Inc., became a wholly owned subsidiary of Microsoft Corporation. Opalis Software was best known for its IT Process Automation (ITPA)/Runbook Automation (RBA) offering Opalis Integration Server (OIS). ITPA is a powerful capability that can assist in streamlining Information Technology (IT) operations by removing much of the overhead associated with manual responses to IT problems. OIS enables you to capture and document processes that integrate across an entire IT organization. This is a core building block for the future of IT and is the foundation for the automation necessary to deliver cloud computing—self-adjusting tools of computing resources that can be tuned based on real-time events. Microsoft acquired Opalis Software to augment its System Center line of management software. The Opalis purchase enables Microsoft to integrate Opalis’s process automation into its vision of the data center of the future. Microsoft does not sell Opalis as a separately licensed product; those of you already licensed for System Center with SMSE/D have the licensing rights for Opalis—you simply have to learn how to integrate it into your environment. That is the purpose of this book. As part of the acquisition, Opalis Software released OIS 6.2.2, a remediated version of 6.2.1. Microsoft followed up with the release of OIS 6.3 in November 2010, which includes Windows Server 2008 support and Integration Packs (IPs) for products in the System Center suite. Because Microsoft chose to bring out a version of Opalis Integration Server without rebranding the software and while Opalis Software was still a subsidiary, it relies heavily on its 6.2.2
2
INTRODUCTION
roots, particularly during the installation process. Moving forward, OIS 6.3 will be the last version of OIS. In March 2011, Microsoft announced System Center Orchestrator 2012, which will be the next version of the software it obtained with the Opalis acquisition.
How This Book Is Organized This book is divided into four sections: Part I, “Opalis Integration Server Overview and Concepts,” includes an introduction to the product and discusses its history, architectural concepts, and design. These topics are discussed in Chapter 1, “Introducing Opalis Integration Server 6.3,” Chapter 2, “Inside Opalis Integration Server 6.3,” and Chapter 3, “Architectural Design.” Part II, “Installation and Implementation,” steps through the product installation. Because Microsoft released version 6.3 of OIS while Opalis Software was still a subsidiary of Microsoft, there are some inherent differences installing OIS 6.3 compared with the rest of the System Center suite. These are covered in Chapter 4, “Installing Opalis Integration Server 6.3.” Chapter 5, “Policy Basics,” begins the discussion of the different objects you can use to create your own policies. This goes into further depth in Chapter 6, “Foundation Objects,” and Chapter 7, “Implementation and Best Practices.” Part III, “Integration Packs and the SDK,” focuses on integrating OIS into the data center through IPs. IPs are software components that plug into the larger OIS framework and are designed around a series of atomic tasks targeted to a specific application. OIS 6.2.2 ships with 28 IPs on the installation media integrating third-party software with the OIS engine, and with the 6.3 update, Microsoft added six additional IPs for System Center integration. The OIS 6.2.2 IPs are discussed in Chapter 8, “OIS Integration.” The System Center IPs are discussed in the following chapters: . Chapter 9, “Integration with System Center Operations Manager” . Chapter 10, “Integration with System Center Service Manager” . Chapter 11, “Integration with System Center Configuration Manager” . Chapter 12, “Integration with System Center Virtual Machine Manager” . Chapter 13, “Integration with System Center Data Protection Manager”
3
Chapter 14, “Data Center Scenarios,” takes the System Center IPs to the next level by presenting examples that integrate objects from these IPs together in workflows and incorporate PowerShell to achieve true end-to-end automation. Just in case you still don’t have all the objects you need to accomplish your own integrations, Chapter 15, “The Quick Integration Kit,” gives you the tools to create your own IPs using the Quick Integration Kit (QIK). By this time, you should have all the tools at your disposal necessary to become an OIS expert. The last section of the book includes three appendixes. Appendix A, “Support and Troubleshooting,” includes resources to assist you with problem solving, Appendix B, “Reference URLs,” incorporates useful references you can use for further information, and Appendix C, “Available Online,” is a guide to supplementary resources offered with the book that you can download from http://www.informit.com/store/product.aspx?isbn=9780672335617. This book provides in-depth reference and technical information about Opalis Integration Server 6.3, as well as information on orchestrating with System Center and third party products through IPs. The material will be of interest for those shops using the System Center suite, Opalis Integration Server, and anyone interested in ITPA. Visit our website and register this book at informit.com/register for convenient access to any updates, downloads, or errata that might be available for this book.
This page intentionally left blank
CHAPTER
1
Introducing Opalis Integration Server 6.3
IN THIS CHAPTER . What Is Opalis? . Microsoft’s Automation Platform . Where OIS Fits Within the System Center Suite . The History of Opalis Software . OIS 6.3 and Beyond
Opalis Integration Server (OIS), a new member to Microsoft’s System Center Suite, automates end-to-end processes by traversing organizational boundaries, reducing operational costs, and improving Information Technology (IT) efficiency by delivering services faster and with fewer errors. It orchestrates and integrates management and infrastructure tools in support of best practices and standards initiatives such as the Information Technology Information Library (ITIL) and Microsoft Operations Framework (MOF). This chapter introduces OIS, its position as Microsoft’s automation platform, where it fits within the System Center family, and includes a discussion of what’s new for this, the “last OIS.” Microsoft made the decision to include OIS as part of the System Center suite; this chapter helps you begin to take a closer look at the product.
What Is Opalis? Microsoft acquired Opalis Software, Inc., (referred to as Opalis Software throughout this chapter) in December 2009. Previously privately owned, Opalis Software became a Microsoft subsidiary. For information on the history of Opalis Software, refer to the section, “The History of Opalis Software,” later in this chapter. At the time of the acquisition, Opalis Software was best known for the OIS product. At its core, OIS is software designed as a platform for automation, orchestration, and integration. In conversations discussing OIS, you are likely to hear at least one of these three expressions. The other things you can expect to
. Understanding IT Process Automation
6
CHAPTER 1
Introducing Opalis Integration Server 6.3
hear is the amount of time you are saving, how you are driving costs down, and how much more reliable your IT processes have become. These are significant themes, as OIS enables you and your IT organization to make best practices a reality, in an automated way. These best practices can but do not have to be based on MOF or ITIL; they can be as simple as lessons learned over the years. Either way, OIS can help facilitate automation of these best practices. OIS’s automation, orchestration, and integration capabilities enable you to coordinate all your data center management tools to perform the tasks prescribed by these best practices. Let’s begin looking at OIS by viewing Figure 1.1, which displays the OIS client user interface. This example shows a workflow monitoring Microsoft System Center Operations Manager and creating Microsoft System Center Service Manager incidents, escalating them as necessary; it is a nice illustration of integration, orchestration, and automation.
FIGURE 1.1 The OIS Client user interface
Automation, Orchestration, and Integration Consider OIS as the underlying platform enabling you to orchestrate everything else. Orchestration and automation usually go hand in hand. Where orchestration is the external management of an application or applications, automation is the programmed execution of tasks within and between those applications. All that is missing is how OIS connects to these applications to perform the orchestrated management and automation tasks. Without integration capabilities, the product’s benefit to the data center would be greatly decreased. Integration is the connection created between OIS and an integration surface on the application or applications to be orchestrated and automated.
What Is Opalis?
7
Workflow
FIGURE 1.2 An OIS policy
NOTE:
REFERRING TO POLICIES VERSUS WORKFLOWS
The OIS application utilizes the term policy, the term this book will use when referring to OIS components. Outside the application, when referring to groupings of policies or the process as a whole, the authors will use the term workflow.
After it is completely configured, a workflow becomes the best practice process. The process dictates those orchestrated management and automation tasks you need to perform, while each action in the process contains information about the integration to each device or system you will manage.
OIS Connects the Data Center Collecting these workflows (and the platform on which they are built) becomes the foundation for your time and cost savings and improved reliability in your data center. With the ease of building and maintaining this foundation, you will realize a swift return on
1
When OIS connects to these integration surfaces, you can link together a series of out-ofthe-box or extensibility actions to form a policy. A policy is an integrated action or collection of linked integrated actions, which is a part of a greater process. In these processes, individual policies are frequently linked together. Instead of calling them a series of linked policies, these have come to be known as workflows. In OIS, the terms process, workflow, and policy are often used interchangeably. Figure 1.2 is an example of a policy; this is a portion of the workflow previously depicted in Figure 1.1.
8
CHAPTER 1
Introducing Opalis Integration Server 6.3
investment and continual gains in operational efficiency and notice a stronger alignment between your business and IT services as best practices become an IT reality. Bringing your data center together using OIS can make you that IT hero you always wanted to be!
Microsoft’s Automation Platform Whether you work in a data center or manage one, you know the struggles and pain involved for it to run smoothly. For every device you manage and system you maintain, there seem to be at least that many other solutions available to do the job. You have a mix of legacy, old, new, and sometimes bleeding-edge technology, all in one place and demanding attention. Without automation, keeping up with it all is a challenging task. To assist with this endeavor, Microsoft offers a wide range of products, known as System Center. The System Center offering is considered by many as one of the most popular suites to create and manage an automated data center. With products such as Operations Manager, Service Manager, Configuration Manager, Virtual Machine Manager, Data Protection Manager, AVIcode, and now OIS, Microsoft has you covered. Indeed, the acquisition of Opalis Software and bringing OIS into System Center is what solidified Microsoft’s place in the automated data center. Using OIS lets you automate, orchestrate, and integrate. OIS not only integrates to each of the other System Center Suite products, but also just about any other technology in the data center. The capabilities of this fully integrated, heterogeneous platform are what caught the eye of the software giant. In the time since the acquisition, and especially since the release of OIS 6.3 and the System Center Integration Packs, it has become clear that OIS is Microsoft’s automation platform of choice.
Microsoft Before OIS This is not to say Microsoft did not have automation capability prior to the OIS acquisition. Whether you used batch files, scripting, PowerShell, workflows in SharePoint, or SQL Server Integration Services (SSIS), you were automating. These methods and others are still available. Many of the products are completely self-sufficient; some have robust integration and automation capabilities built in. As an example, Service Manager has out-of-thebox connectors to Active Directory, Operations Manager, and Configuration Manager; all which allow you to get a Configuration Management Database (CMDB) up and running in several hours.
Adding OIS to the Picture With OIS, you can bring it all together. With the products and scenario mentioned in the previous section, you can build a workflow to . Respond to alerts from Operations Manager. . Read data from the Service Manager CMDB. . Correlate the data from Operations Manager, the CMDB, and Configuration Manager.
Microsoft’s Automation Platform
9
. Take action on the impacted devices and remediate the root cause of the alert.
The remediation can be as easy as . Deploying software using the Configuration Manager Integration Pack, . Executing a PowerShell script, or . Calling a third-party tool to perform maintenance actions. OIS makes irrelevant whether the data center is a heterogeneous mix of technologies or how many IT silos exist, what time it is, or how many people are on call at the time of the alert. You will notice the data center is continually growing closer to when it will become self-sufficient.
Making the Difference: The Data Bus What OIS brings to the table is its data bus technology. This is a unique capability built into the OIS workflow engine used to integrate systems without code. It is not Windows Workflow Foundation nor is it like anything in the existing Microsoft stack. The technology came with the product during the acquisition, and it is what makes OIS so powerful yet easy to use. Rather than using the more common symbolic variable method for intra-workflow data transfer, the Data Bus contains all execution data from every object in a workflow. During workflow design, data from the first workflow object is available to all other downstream objects. This technology makes it possible to create fully dynamic workflows. Using the Data Bus removes hard coding and thus lowers maintenance costs; creating workflows is becomes as easy as creating rules in Outlook. In addition to ease of use, the power of the Data Bus becomes most apparent during workflow runtime. Execution of fully dynamic workflows means you can build in a certain amount of intelligence. Parallel processing, branching, execution time decision making, and context adaptive processing are possible because of the Data Bus.
Flexibility In the modern data center, there are as many integration points as devices. An automation platform must be able to handle workflows not only with System Center-only technologies but a mix of System Center, third-party and competitor products, and cross-platform devices and software. OIS’s flexibility is crucial for meeting the requirements of an automated data center. Here is a list of capabilities illustrating the flexibility of OIS: . Allows for multivendor integration to your existing tools . Does not require you to rip and replace any of your existing solutions . Does not necessitate lock-in to one vendor solution or stack
1
. Keep the incident and problem management systems up to date throughout the process.
10
CHAPTER 1
Introducing Opalis Integration Server 6.3
. Offers prebuilt activities and workflow processes, ready for your customization, to speed up time to value and illustrate sample best practices . Facilitates your best practice processes and does not corner you in with simplistic boilerplate offerings . Puts you in control of the Data Bus’s power—automation, orchestration, and integration at your fingertips, with easy-to-use workflow creation practices . Provides the choice during design time to use a forms-based configuration or create and utilize code and scripts . Supports dynamic workflow creation, which in turn enables workflow intelligence during execution time These features enabled OIS to become Microsoft’s automation platform for System Center. With an automation platform in place, System Center can facilitate more enhanced and end-to-end solutions, solving many common issues and pain points in the typical data center. With your pain points and issues addressed, you have more time for innovation, continual improvement, and transformation—the type of transformation that moves your data center from common to extraordinary (or “basic” to “dynamic” per Microsoft’s Infrastructure Optimization model).
OIS in the Real World With everything moving toward automation and ultimately the cloud, OIS can continue to fill all the right gaps in the system management space. Here are issues and pain points addressed by the System Center solution with OIS: . Mean time to response/repair takes too long . Too much reliance on subject matter experts, which increases costs and response time . No visibility from owner to owner during an alert/outage, resulting in non-repeatable remediation actions . No documented process . Processes not being followed . Processes that are too manual . Operational expenses are too high . Poor performance during alert/outage remediation . Extended downtime during alert/outage . No audit capabilities Many of these items relate to alert/outage downtime and remediation. Though just one area a solution using OIS can address, it is one of the most important and ubiquitous. OIS is best equipped for this type of solution as it was designed to interact with all the tools necessary to remediate impacted systems. It can also interact with all the tools required to
Where OIS Fits Within the System Center Suite
11
This type of end-to-end process management is often referred to as Information Technology Process Automation (ITPA), discussed in the “Understanding IT Process Automation” section of this chapter. Each feature of the OIS offering enables ITPA. With its addition to Microsoft’s family of products, OIS enables System Center with ITPA capabilities, solidifying its place in the automated data center and private cloud.
Results Imagine being able to simplify the most manual, error prone and time-intensive tasks down to several workflows. These workflows are powerful enough to interpret different types of data on the fly, flexible enough to be a reusable solution catalog as your automation needs grow, and easy enough to create and understand that even people new to the product can operate and maintain them with minimal overhead. Rather than being theoretical, you can experience this reality shortly after installing and deploying OIS. Adding the other System Center products into this equation makes the results even more impressive. Deploying the entire System Center suite enables you to provide end-to-end data center management. Alerts from your operations management tools will automatically flow into your service management tools; remediation of those alerts will be orchestrated through your configuration management and virtualization management tools, and an integrated combination of your backup and recovery tools ensures data integrity throughout the process. This is not magic; it is the first realization of the dynamic data center.
Where OIS Fits Within the System Center Suite By becoming part of the System Center suite, OIS joins the ranks of many longtime established products and solutions. Table 1.1 presents a listing of data center solution areas with their corresponding System Center product.
TABLE 1.1 System Center Suite Solution Areas Solution Area
System Center Product
Incident/Change Management
Service Manager
Virtual Workload Provisioning
Virtual Machine Manager
Operating System (OS)/Software Deploy, Patching
Configuration Manager
Performance and Health Monitoring
Operations Manager
Backup/Disaster Recovery
Data Protection Manager
As it was added through acquisition, there might be some functional overlap, but OIS does not replace the functionality of any existing System Center product. Rather, OIS enhances
1
track the alert/outage in the incident and problem management systems. This ensures ITIL or MOF best practices are followed, even during an emergency when some steps in a manual process might be shortcut to save time.
12
CHAPTER 1
Introducing Opalis Integration Server 6.3
and extends the existing capabilities, enabling System Center with ITPA. Its addition fills the few gaps that existed between these products by offering automation, orchestration, and integration. OIS also enables third-party application management. This enables System Center to grow into existing heterogeneous automated data centers or gives you the ability to build a new one. It’s not really about how OIS fits into System Center; the acquisition did not force an unwanted spoke into the System Center wheel. OIS strengthens all the existing spokes and thus the wheel itself. Here are the capabilities of the products in the System Center suite, as described at http://www.microsoft.com/systemcenter/en/us/products.aspx: . Configuration Manager—Assesses, deploys, and updates servers, client computers, and devices across physical, virtual, distributed, and mobile environments. . Operations Manager—End-to-end service management product that is the best choice for Windows because it works seamlessly with Microsoft software and applications, helping organizations increase efficiency while enabling greater control of the IT environment. . Data Protection Manager—Delivers enterprise-class data protection and scalability. Data Protection Manager provides unified data protection for Windows servers such as SQL Server, Exchange, SharePoint, virtualization, and file servers, in addition to Windows desktops and laptops. . Virtual Machine Manager—Provides a management solution for today’s virtualized data center, affording centralized management of the IT infrastructure, increased server utilization capability, and dynamic resource optimization across multiple virtualization and physical platforms. . Service Manager—Designed to meet the needs of the modern IT help desk. By providing powerful new capabilities for incident, problem, asset, and change management, Service Manager supports organizations as they seek to improve the service they provide to their users. . Opalis Integration Server—Provides IT process automation of incident response, provisioning, virtual lifecycle management, and change management. This is achieved through a workflow environment that orchestrates and integrates System Center tools with third-party management tools, enabling interoperability and process consistency across the data center. . AVIcode—Delivers .NET application performance monitoring capabilities to help ensure the availability of business-critical applications and services, regardless of where they are deployed.
Enhancing, Extending, and Enabling System Center Table 1.1 showed how the existing five System Center products fit in with the five solution areas. OIS integrates with and supplements the existing functionality of the existing System Center products. The next sections show how OIS enhances, extends, and enables ITPA for those solution areas.
Where OIS Fits Within the System Center Suite
13
. Automate the remediation of alerts . Orchestrate incident management through to resolution . Integrate Service Manager with third-party IT service management (ITSM) tools for service desk synchronization . Integrate across monitoring tools, service desks, and CMDBs . Facilitate ITIL or MOF best practice processes For a discussion of OIS’s integration with Service Manager, see Chapter 10, “Integration with System Center Service Manager.”
Solution Area 2: Virtual Workload Provisioning This next list illustrates some sample capabilities and how OIS fits in with the existing System Center virtualization solution. OIS adds the ability to . Automate provisioning, resource allocation, and retirement. . Orchestrate third-party virtualization tools for virtual machine life-cycle management. . Integrate Virtual Machine Manager or Hyper-V with third-party virtualization tools for multivendor virtualization solutions. . Extend virtual machine management to the cloud. Chapter 12, “Integration with System Center Virtual Machine Manager,” includes a discussion of the VMM Integration Pack.
Solution Area 3: OS/Software Deploy, Patching Here are some sample capabilities showing how OIS fits in with the existing System Center configuration management solution. OIS adds the capability to: . Automate cluster patching. . Orchestrate configuration across platforms and tools. . Triage end points where patching cannot proceed because of service or application issues. . Integrate Configuration Manager with third-party configuration management tools for end-to-end closed loop compliance. The Configuration Manager IP is discussed in Chapter 11, “Integration with System Center Configuration Manager.”
1
Solution Area 1: Incident/Change Management Here are some sample capabilities showing how OIS fits in with the existing System Center service management solution. OIS adds the ability to
14
CHAPTER 1
Introducing Opalis Integration Server 6.3
Solution Area 4: Performance and Health Monitoring This next list illustrates some sample capabilities and how OIS fits in with the existing System Center operations management solution. OIS adds the ability to . Automate alert monitoring across the data center to simplify event management. . Orchestrate third-party monitoring tools delivering important incident and problem data to Service Manager. . Integrate Operations Manager with third-party monitoring tools for event correlation and consolidation compliance. See Chapter 9, “Integration with System Center Operations Manager,” for a discussion of the Operations Manager IP.
Solution Area 5: Backup and Restore/Disaster Recovery The following list illustrates some sample capabilities and how OIS fits in with the existing System Center backup management solution. OIS adds the ability to . Automate virtual machine, SharePoint farm, and SQL Server protection and recovery. . Orchestrate third-party backup and recovery tools for end-to-end data protection. . Integrate Data Protection Manager with third-party tools to trigger data protection based on alerts, planned maintenance, or as part of a change management process. Chapter 13, “Integration with System Center Data Protection Manager,” discusses the Data Protection Manager IP.
Transforming the Data Center With all these tools and capabilities, System Center has the ability to transform data centers from hard to manage, slow moving entities into agile, responsive, and wellmanaged assets. Whether your end goal is to make your data center more dynamic or if you plan the full journey to the cloud, taking advantage of what System Center with OIS has to offer will make the transition more automated, orchestrated, and integrated. Here are desired results you can realize by taking advantage of System Center with OIS: . Lower costs . Improved operational efficiency . Increased responsiveness, flexibility, and control . Reliable services with optimized infrastructure OIS with System Center enables you to get this and more with a simple, familiar, and consistent platform. You can manage your applications, platforms, and infrastructure
The History of Opalis Software
15
The History of Opalis Software Opalis Software has its roots in France, where the first OpalisRobot automation utility was created in 1995 by a network administrator frustrated with the lack of automation capabilities for performing his day-to-day duties on Windows NT Server 3.5. The idea was then considerably ahead of its time. Even in its earliest versions, the product was more than a job scheduler, as OpalisRobot was capable of monitoring for certain conditions (file system, SQL query results, calendar) and triggering actions (run a program, file management, Service interaction, SQL query) in response to these conditions.
Rendezvous with Destiny As the Windows NT market matured, Opalis Software continued to add capabilities to OpalisRobot while also creating a new line of products dedicated to managed file-transfer— OpalisRendezVous. OpalisRendezVous had a simple graphical user interface (GUI), and made the tasks of transferring files to or from a FTP site, file shares, or databases extremely easy. Similar to OpalisRobot, OpalisRendezVous was extremely resilient and maintenancefree. There are still instances of OpalisRendezVous running today, although the code hasn’t been updated in over a decade. Figure 1.3 shows the OpalisRendezVous interface.
FIGURE 1.3 OpalisRendezVous Administrator interface
Though the interface was simplistic, the tasks it enabled and the way they were initiated revolutionized how IT organizations managed data distribution across the data center. Configuring what were referred to as flows was as easy as workflow configuration is today in OIS. Figure 1.4 illustrates a sample OpalisRendezVous flow configuration screen.
1
whether they are physical, virtual, or in the cloud with one set of tools, powered by OIS. Opalis Integration Server is Microsoft’s automation platform. It and System Center form the backbone of on-premise, private, and public cloud data centers.
16
CHAPTER 1
Introducing Opalis Integration Server 6.3
FIGURE 1.4 OpalisRendezVous flow configuration interface By filling out the When, What, and Where tabs in the flow configuration screen, an administrator could quickly transform a manual file distribution process into an automatic and scheduled flow. The After tab enabled specifying actions to perform based on the execution status of the flow. These conditions included If flow completes, If flow fails, and If nothing to do. Available actions were Trigger OpalisRobot Event/Task on local/remote server, Trigger OpalisRendezVous flows on local/remote server, and Send detailed flow report by email. The implementation of these concepts in an easy-to-use application paved the way for what Opalis Software would eventually deliver as OIS.
Do the Robot! In 1997, the marketing tagline for OpalisRobot was “Efficient Automation and Remote Administration.” Opalis Software then took the product beyond the Windows utility market, making their automation product line available worldwide. OpalisRobot 3.0 was released at the end of that year, combining a drag-and-drop workflow user interface with event-driven automation capabilities, the first seen in the industry. Most of the Foundation objects available today with OIS 6.3 were developed at this time. The release of the Add-on Software Development Kit (SDK) added to the value of the product, enabling third parties to extend OpalisRobot’s functionality by adding new types of automation objects. An RBA Tool for Your Department Admin While OpalisRobot was competing mostly with job schedulers, its functionality already defined what would later become Runbook Automation (RBA). Because the product possessed monitoring capabilities, it also was used as a departmental monitoring solution—sometimes competing with dedicated event management systems from vendors
The History of Opalis Software
17
The first series of Add-ons (now known as Integration Packs) were released in 1998. The Call Add-on provided Computer Telephony Integration (CTI) through dedicated hardware from Dialogic, and the Email Add-on added inbound email processing capabilities. By using CTI, OpalisRobot could call a network administrator to inform them of an application issue. The network administrator could then use the dial pad to control any of the NT 4.0 servers in the network to perform corrective actions or playback event log messages. A SNMP Add-on and updates to OpalisRendezVous soon followed. In 1999 the company created a North American sales office and consolidated the French development office and Sales and Marketing teams that had been in the Netherlands. Opalis Software became based in Toronto, Canada. Figure 1.5 shows an early company logo.
FIGURE 1.5 An early Opalis Software logo OpalisRobot 4.0 was released in 2002. It used a new codebase and included a fresh new user interface (UI) and automation objects. Some of these objects are still available in the Integration Server product in the legacy category. Figure 1.6 shows the OpalisRobot 4.12 user interface. Version 4 was also Opalis Software’s first (and only) attempt to make OpalisRobot available on multiple platforms; a Linux and Solaris version of OpalisRobot 4 shipped in 2003. This was also the first time Opalis Software used the term IT Process Automation. Opalis Software secured its first round of venture capital finance in 2004; this led to sunsetting the OpalisRendezVous product and OpalisRobot-based solutions as the company began to focus on the nascent IT Process Automation market and to align itself to automation initiatives from BMC, HP, CA, and Microsoft. The Idea of Data Center Integration and CAPs The term Data Center Integration was born with a new series of Add-ons released that supported this effort. Opalis Software’s focus was now on providing integration and orchestration capabilities for management systems in the data center. The company released the Connector Access Pack (CAP) for MOM in June 2004 and participated as a Microsoft System Center partner for the Operations Manager 2005 product launch. While Opalis Software released CAPs (later called Integration Packs) for
1
such as HP and BMC. Its unique capabilities are those now associated with RBA—the ability to perform corrective actions such as restarting services, purging log files, and so on. This effectively provided the tools needed to create self-healing systems and applications, a relatively unknown concept at the time. (As an example, Microsoft did not announce the Dynamic Systems Initiative until 2003.)
18
CHAPTER 1
Introducing Opalis Integration Server 6.3
FIGURE 1.6 OpalisRobot user interface Veritas Backup Exec, Remedy AR system, VMware Server, Microsoft SMS, and others, it was also busy creating the next generation of IT process automation software—to be called Opalis Integration Server.
What Rhymes with OIS? By 2004, as Robot sales continued, it was clear that the product had the right idea but needed a refresh and modernization. Was the underlying code base the correct one moving forward? The answer was no. While Robot was an incredibly robust product like RendezVous before it, it was mired in a workgroup, or departmental domain mindset. Its architectural limitations made it clear that Robot would not be the vehicle to take the company forward. OIS 5.0 was released in October 2005. This enterprise class automation platform, combined with Integration Packs for many common systems management products, enabled Opalis Software to dominate the ITPA/RBA market as an independent vendor until the Microsoft acquisition in December 2009. This gave Microsoft an immediate winning solution in a new market. Introducing OIS 5.0 The first version of OIS was certainly a version 1.0 product, but the 5.0 moniker signified it would carry on the RBA torch from Robot (and that Robot would never leave the 4.x version world). Opalis Software also labeled the product 5.0 to avoid the impression that it was a first release product with typical first release issues.
The History of Opalis Software
19
. Loosely indexed file replaced by a proper database . Scalable, multitier architecture using services that could run across multiple servers . Remote deployment and update . Load balancing across servers and object level failover (object level failover never worked properly and was quickly removed) . Logging and reporting with a dashboard . Active Directory integration An Enterprise RBA Tool Becomes ITPA With its improved architecture and design, OIS was ready to take the ideas of RBA and move past the single department administrator. After the tool was introduced to an enterprise, its value became clear; although the need for additional integration was also apparent. An enterprise has a large number of tools and departments. For the tool to see its full value, OIS had to incorporate the needs of all those departments. This stage of the OIS lifecycle while ITIL was becoming popular in the UK and Europe, where Opalis Software did about 50% of its sales, and as the seeds of ITIL started to take hold in North America. This perfect storm of opportunity gave rise to OIS’s popularity. Taking an RBA tool into the data center while the ITIL framework was being broadly adopted led to Opalis Software creating many more IPs and transforming OIS into the first ITPA tool in the market. With the tool built, next steps were to build awareness and sales. Figure 1.7 shows an old marketing slide. Given the number of moving parts in Figure 1.7, explaining how OIS enables ITPA and facilitates ITIL was not an easy task. After implementation the value of ITPA and ITIL are obvious; however, it was another story to convince IT organizations to change how they view their tools, uproot years of manual processes, and install a new product that would do it all. Opalis Software was paving the way for all ITPA tools to come. The transition to an ITPA tool was not without problems. The first versions of OIS struggled with a number of issues presented by the data center, but because the tool was so versatile, any problem could be worked around, even when it was a product limitation introduced by OIS! The early adopters and implementers understood the potential and deployed the product despite any shortcomings. They demanded more IPs, and Opalis Software delivered. At the time of the Microsoft acquisition, there were nearly 40 IPs, many written for a single customer. Two Types of Workflow Engines and 6.0 As the product continued to mature, the product version numbers rose as well. By the time OIS reached version 5.45 in early 2008, it had become clear that the workflow engine used by the product had several serious problems and needed to be corrected. This correction was the single largest change to the product since transitioning from Robot to OIS.
1
Architectural Changes OIS was clearly a different product from Robot. Although the most obvious architectural change was using a proper database as its backend, there were other changes as well:
20
CHAPTER 1
Introducing Opalis Integration Server 6.3
FIGURE 1.7 OIS marketing slide The change was composed of a new workflow engine called Pipeline mode, branching continuing support for the previous engine, now called Legacy mode. For more information about workflow engines see Chapter 7, “Implementation and Best Practices.” This change also meant that a number of existing objects would become Legacy objects (only usable in Legacy mode) and require rewriting for the new engine. Curiously, this major change was only a dot release to OIS 5.6. However, this would be the final 5.x version of OIS. What would have been OIS 5.7 was rebranded OIS 6.0 as part of a marketing effort. Despite the major version change, 5.6 and 6.0 were far more similar than 5.5 and 5.6. It was clear from the traction by analysts that the ITPA or RBA space was becoming popular and large software companies would be interested in acquiring the players in the space—such as Opalis Software, iConclude, and RealOps (all of which were eventually acquired). Opalis Software was the last to be acquired, possibly because the company struck up a number of OEM deals; first with BladeLogic (later acquired by BMC), and later with CA. These OEM partnerships probably helped discourage an outright purchase. Unfortunately, these OEM deals ended as the company’s investors found themselves in the 2008 economic downturn. The investors wanted to reclaim some of their investments, and Opalis Software was one of the few companies with a bright outlook, bright enough to seek a buyer. OIS 6.2.2: The Final Frontier As part of the acquisition process by Microsoft, Opalis Software was required to release a final version of OIS suitable for use by Microsoft and its customers. This version would be a modification of OIS 6.2 in which all the elements that contained open source would be remediated and ultimately removed, including the Opalis Operator Console. The resulting
The History of Opalis Software
21
Microsoft Acquires Opalis On December 10, 2009, Microsoft announced its acquisition of Opalis Software, making it a wholly owned subsidiary of Microsoft. Because OIS was the only software then sold by Opalis Software, this meant Microsoft was getting an ITPA tool. Microsoft decided to make OIS part of the System Center suite and chose not to sell the product standalone. This means that the only way for a customer to get OIS is by purchasing the System Center suite through System Center Server Management Suite Enterprise (SMSE) or Server Management Suite Datacenter (SMSD). At the time of writing, there are seven members of the suite with respect to SMSE/D: . System Center Operation Manager . System Center Configuration Manager . System Center Service Manager . System Center Data Protection Manager . System Center Virtual Machine Manager . Opalis Integration Server . AVIcode
Product Challenges There have been a number of challenges associated with the transition, from both Microsoft’s and the customer’s perspective: . The manual processes required to install the product—The final version of OIS by Opalis Software was version 6.2.2. This was a remediated version of 6.2.1 in which all components unacceptable to Microsoft were removed (mostly objects based on open source and the Opalis Operator Console). It was important Microsoft had a complete and suitable version of OIS to make available until they were ready to rebrand it. There were three main reasons for this: . Microsoft wanted to keep OIS available and in market after the acquisition, as they felt the product would bring value to their customers. Often software from an acquired company is pulled down while it is rebranded and reworked internally. . When Microsoft started to actively modify the code and make it available, the product would be subject to a number of legal hurdles the company wasn’t ready to address. Essentially, as soon as Microsoft released it, OIS would be a Microsoft product and not the product of a subsidiary.
1
product, OIS 6.2.2, is the last version of OIS to be released as a full product complete with an installer. All subsequent releases of OIS (OIS 6.2.2 Service Pack 1 and OIS 6.3) would be released as product patches, with the core OIS 6.2.2 installation source untouched.
22
CHAPTER 1
Introducing Opalis Integration Server 6.3
. The last reason accounts for the unusual installation and upgrade process. Because OIS is a product of Opalis Software, Microsoft could provide only an upgrade in the form of patches, rather than a full installer. Knowing this makes the upgrade process from 6.2 to 6.3 make a bit more sense. Think of it as upgrading an Oldsmobile. Although the manufacturer went out of business in 2004, you can still get new parts and bolt them on; but without an Oldsmobile dealer, you cannot buy a 2011 Oldsmobile Cutlass. . The challenges around installing the Opalis Operator Console—These came about in the same way as installing the product itself. Microsoft was left with two options with regard to the Opalis Operator Console when it acquired the product: Allow customers to use it or use nothing. Because the console provides a number of features and several large customers use it actively, instructions on how to obtain and install it were included with the product. However, the console is based on Sun’s Java, and Microsoft is not able to distribute the bits. This leaves you with a manual installation requiring 17 separate downloads.
OIS 6.3 and Beyond Barring the possibility of a minor release or service pack (SP), version 6.3 will be the last version in the OIS legacy. From here, the product takes on a new moniker, officially making it a Microsoft and System Center product. The new name, announced in March 2011, is System Center Orchestrator (SCO). Orchestrator will be part of the v.Next wave, scheduled to begin releasing late 2011. Anticipated changes include enhancements and bug fixes, but the majority of changes will be certification-related. In the overall structure of the product itself, its workflow engine, naming conventions, and best practices are anticipated to remain largely unchanged. What did Microsoft deem as the most important final updates to the OIS legacy? Here is a list of new major functionality additions for OIS 6.3: . Updated Integration Pack for System Center Operations Manager . New Integration Pack for System Center Service Manager . New Integration Pack for System Center Configuration Manager . New Integration Pack for System Center Virtual Machine Manager . New Integration Pack for System Center Data Protection Manager . Support for install and execution of OIS on Windows Server 2008 platforms, including Windows Server 2008 R2 (x64), Windows Server 2008 (x64), Windows Server 2008 (x86), and all previously supported platforms . Support for install and execution of the OIS Client on Windows 7 and all previously supported platforms For full documentation on the OIS 6.3 release, visit the online TechNet Library for OIS at http://technet.microsoft.com/en-us/library/ff630946.aspx.
OIS 6.3 and Beyond
23
SCO 2012 Differences
. New Operator Console—The existing Opalis Operator Console will be completely discarded and replaced with a Silverlight-based web console. This is no surprise to those familiar with the existing version. Considering the existing console is based on Java, requires numerous individual downloads, and has an onerous installation, it is clear change is needed. By using Microsoft’s Silverlight technology, the future console can be shipped with the core product and have a proper installer. . A Uniform Installation—As SCO will be a full Microsoft product, it will have an installer similar to the other System Center tools. Although it is too soon to know exactly what shape that will take, installing the product will not require manually copying files into deeply nested directories. . Standardization—One of the by-products of being a full Microsoft product is SCO will meet the high standards of excellence the company requires. As an example, OIS 6.3 is not supported on non-English version operating systems and likewise is supported only with English versions of SQL. This is anticipated to change with SCO. Microsoft’s significant engineering and testing resources will help make SCO a better, more standard product than OIS.
SCO 2012 Similarities There are several areas not expected to change between OIS and SCO 2012. . Look and feel—The overall look of the SCO UI is not expected to change much from that of OIS. Given the tight deadlines and the many other changes that will be made, the UI will probably look similar to OIS. That is important for companies and users who invest time and resources into learning OIS now, as these skills should port over to SCO without much difficulty. . Export compatibility and upgradability—Microsoft has announced publicly that policies built in OIS along with their data will be useable in SCO. There was a great deal of concern that SCO might be so radically different as to be incompatible and negate those investments customers have made in process automation. This will not be the case. Although it is not clear how much of the product’s internals will change, it is expected that the database structures will be upgraded significantly. Either way, there will be a path to get from OIS to SCO, which is not anticipated to be particularly difficult.
Unknowns Here are several questions not yet answered in relation to the features of SCO: . Integration Pack compatibility—Given that there are 30 IPs available today, it isn’t clear how many of those will work on SCO without modification. The anticipation is that if existing IPs are not fully compatible, Microsoft will upgrade the most
1
A full view into what Microsoft intends to change between OIS and SCO is not yet available, but there are several items officially acknowledged or firmly anticipated by the community.
24
CHAPTER 1
Introducing Opalis Integration Server 6.3
popular ones as quickly as possible. An automation platform is only as useful as the products it can automate! . Documentation detail improvement—Documentation is probably the most important deliverable for any software product. Whether for installation, troubleshooting, or general usage, you expect all the information to be available quickly and intuitively. The release of version 6.3 included the addition of OIS documentation to the TechNet Library for System Center (http://technet.microsoft.com/en-us/ library/ff630946.aspx). It is likely this is just a first step in getting all documentation online. The current IP documentation includes only content for System Center IPs. Content specifics aside, continued improvement in documentation detail is expected. . Quick Integration Kit (QIK) enhancement—The best way to extend the reach and power of OIS is by taking advantage of the SDK (QIK). Although current functionality is sufficient, enhancements could make it even better. Currently, there is no improvement roadmap or guidance on what changes might be necessary to enable QIK-based IPs to work in the upcoming version of the product. For the sake of all existing QIK-based IPs (some of which were created and shipped by Microsoft), expectations are that some framework enhancements are planned. . Multi-tenant and remote Action Server support—The ability to support multiple customers or geographies with a centralized OIS deployment has been a longstanding customer request. Although techniques exist to implement this architecture today, there is only documented guidance and suggestions. There is no wizard or walkthrough to expand a current single-tenant OIS deployment into a multitenant or cross-geo implementation. Although how this functionality is actually introduced into SCO is still unknown, the capability is highly anticipated.
Understanding IT Process Automation People who are new to OIS often are also new to ITPA. You might have also seen terms like Runbook Automation and Data Center Automation (DCA) used to describe OIS or tools offering similar services. The next sections discuss what these terms mean and what differentiates them.
A Brief History of IT Process Automation Fundamentally, ITPA is any automated process operating within the context of a data center. ITPA focuses on activities in a data center, those that are within the purview of the IT department, similar to how a Business Process Automation (BPA) or Business Process Management (BPM) tool focuses on processes from the perspective of the business. In fact, OIS, with its rich UI, is often mistaken for a BPA or BPM tool. The tools look similar initially, but there are two major differences: . OIS and other ITPA tools focus on processes that provide the underlying infrastructure to meet the business’s needs (such as server provisioning, incident management, or data refresh).
Understanding IT Process Automation
25
As these terms are not standardized, you might encounter situations where the two overlap, but generally the delineation is the divide between the front office and back office.
The Origins of ITPA Sometime in the early 2000s, Opalis Software began enhancing its job scheduling engine and adding functionality to start jobs not only based on a schedule but also as a reaction to other events. The addition of an event-driven job scheduler marked the beginnings of the shift to RBA and ITPA. The capability to trigger a simple job scheduling task sequence as a reaction to an external event meant automatic remediation of the situation causing the event might be possible. In the nascent stages of this approach, things were fairly simplistic. As an example, the application might monitor the Windows Event Log for specific messages and upon finding a matching message take some rudimentary corrective action like restarting a service or application, clearing log files, and so on. This approach met with early success and was expanded to add additional sources of information. SNMP messages were an obvious choice to add because they were ubiquitous and provided a listener to a number of software packages with relative simplicity. RBA was the first term used to describe this situation. Runbooks were still common at the time. Runbooks are the set of steps used to remediate problems in a data center. At one time, these were literally a bound set of instructions on how to address any conceivable error that might be encountered. These runbooks typically sat on a shelf in the computer room. RBA was concerned then with taking common errors and creating an automated set of tasks that would respond to them and either fully remediate those errors, or at least take most of the steps toward remediation. With this model, a new space would emerge several years later, where half a dozen small startups competed and ultimately were consumed by large software companies. The final step in the creation of RBA from Opalis Software was the inclusion of monitors for specific monitoring applications such as Microsoft Operations Manager, NetIQ, HP OpenView Operations, and others. This meant that users would not need to rely on SNMP or errors as the lowest common denominator and could instead get their information directly from the monitoring tool. These add-ons were first seen in OpalisRobot, the forerunner of OIS. As the idea of RBA grew, more companies adopted it. Each new installation found new challenges and saw the creation of new automated runbooks. Around this time, ITIL began to take a firm hold in the United States as its adoption was embraced even more strongly in the UK and Europe. The ripples caused by the sudden adoption of ITIL had a dramatic impact on RBA.
1
. BPA or BPM tools focus on processes that serve the direct needs of business units or other front office tasks (typically streamlining tasks performed by employees to maximize performance).
26
CHAPTER 1
Introducing Opalis Integration Server 6.3
ITIL Gives Rise to ITPA ITIL introduced a structured approach to data center management, one seen as a natural evolution of the industry. ITIL is a framework of best practices on how to handle situations within an IT organization. It provides an organizational framework, roles, and (in the latest versions) prescriptive advice on how to handle issues. ITIL separated incidents from problems and mandated tools to capture incidents, changes, assets, and even the relationships between them. These tools would increase the adoption of automation and give rise to ITPA. Until this point, Opalis Software was largely alone in the space of runbook automation and focused most of its sales and engineering efforts on the runbook. In an ITIL world, Opalis Software was dedicated to the idea of incident resolution, but without much consideration given to incident management or the lifecycle of an event beyond the event monitoring system. The adoption of ITIL convinced the company to focus on the full lifecycle of an event rather than the simple resolution of that event, although that clearly was the critical aspect. Organizations began to want the automation to reach into their service desks and create a trouble ticket for the event, rather than simply solving it. The reach of automation extended into other silos as well. CMDBs were also beginning to show their value and take hold. If you had a rich repository of data like a CMDB or even an asset manager, your automation could interrogate the repository and adjust the runbook as needed. It could also update the CMDB with information based on actions taken. Consider the value of having your system automatically check your CMDB when an alert is captured, to determine whether the affected asset was in a scheduled maintenance window: . If the system were having maintenance performed, the alert could be safely resolved. . If the system were not in maintenance but the outcome of the automated runbook would result in an outage, the CMDB and the event monitor could be updated to reflect this in a manner both human operators and systems could view. Reaching Across the Data Center Today these scenarios are the heart of what OIS does for customers. The terms ITPA and RBA (and to a lesser extent DCA) are now synonymous. Likewise, the idea of an automation platform that can integrate with any software component has become the norm. Events and incidents live in an ecosystem of tools, and to automate a process effectively, you must include all those tools in the process. It is not unusual to have a single automated process with service desks, event monitors, change management systems, configuration tools, virtualization tools, and more. The notion of providing a broad set of integration tools to use without coding or scripting is one pioneered by Opalis Software. Process Is King When discussing automation, companies are often asked whether they need to have a documented process to use OIS. Although not required, having a documented process greatly speeds the work of automation. You do however need to have a process. Oftentimes companies have processes, often fairly elaborate ones, but they are not properly documented. These processes live in the minds of the teams who are responsible; this
Understanding IT Process Automation
27
Consider you have a process. What does that process look like? How did you come up with it? What considerations were given? What you should keep in mind when considering these questions is process is king. To illustrate this, consider one of your own processes. Did you design the process with your tools in mind, regardless if your tools could service every step? Processes should be governed by their goals, not limited by the tools you own. If a tool does not provide a facility for a step desirable in the process, that normally becomes a manual step. This is how most organizations operate when designing process. The processes should provide step X at stage Y. If software package Z does not offer step X, the gap is manually dealt with, or occasionally the process is altered or deprecated. You should not need to alter processes because of shortcomings in your tools or lack of connectivity between them. OIS is a great example of letting the software you have work together in a way that was previously difficult, if not impossible, without an ITPA tool.
Old Processes and Unwanted Artifacts Having existing processes as you enter into the world of OIS is the most important prerequisite to effective IT process automation. However, you should consider the age of your processes. If more than two years old, revisit the logic for performing each step. (This is actually a good idea for any process). The review will limit the number of compromises and exceptions introduced into the new process. Often the reasons for compromise are no longer valid, or can be overcome using current tools. To illustrate, consider a nontechnical situation where a child is learning to cook a roast with her father. The father cuts off a full inch of the end of the roast before cooking it. The child asks why the portion of meat was removed. The father concedes he does not know why; it is how he was taught. As the child is unsatisfied with that answer and demands a better explanation, the father calls his mother to see why she cuts the end off the roast. The grandmother admits this is how it was always done. The child remains unmoved by this illogical explanation. Upon discussion, neither the father or grandmother has the answer, but they know the great-grandmother also prepares her roasts this way. When they question the elderly great-grandmother, she denies cutting a section of the roast off and wasting it. This upsets the grandmother as she followed her mother’s process perfectly. After much debate and discussion, the grandmother recalls the exact date she wrote down the recipe, which causes the great-grandmother to pause. She concedes she cut the end of a roast—once. The day a neighbor borrowed the big pan and the roast would not fit in the small pan; the very day the recipe was recorded. In this case, the process was captured while including a wasteful exception; that exception then became the standard practice for decades to come. Data centers are no different. This
1
is known as tribal knowledge. Whether in a formal document, a white board, a bar napkin, or only in someone’s head, if a process exists, an effort can be made to automate it. In the past, Opalis Software offered automation workshops to help companies capture these processes so they could automate. However, if a company has not matured to the stage where it has proper processes, be those formal or informal, no amount of automation will bring value.
28
CHAPTER 1
Introducing Opalis Integration Server 6.3
type of transmission of processes occurs regularly. After the people who designed the original process leave, the process is cemented and no longer reviewed properly. As you look at your own environment, be as curious as the child in the story; persist until you find the real reason the process exists in its current form. Question every step and prove each is necessary.
Not a Job Scheduler When first exposed to OIS, IT administrators often wonder if it is still a job scheduler. This is not the case. While OIS can schedule policies, it is by no means an enterprise job scheduler. Enterprise job schedulers do not see the world in the ITPA view. They expect to trigger at certain times, not as a reaction to events, and are not designed to operate with other management tools in your data canter. Products in this category typically can run thousands of jobs at a time and provide special views to help administrators see into what’s running in the next 5 minutes, 24 hours, or next week. One cannot imagine such a view in OIS. When would the next change request be logged? When would it be approved? When would the event monitor capture the next critical alert? However, OIS would be an excellent tool to manage job schedulers; toward that end, OIS 6.2.2 ships with an IP for CA Autosys.
An ITPA Tool, Not a Connector People tend to mistake OIS for a connector. This is understandable as OIS often competes with connector software. Connectors provide point solutions between two pieces of software and generally offer a dumb pipe between them. As an example, consider a point connector that takes alerts from an event management console and creates a corresponding incident in a trouble ticketing system. These tickets are created for every alert, and the connector cannot help with remediation or triage the event. You can use OIS to mimic the behavior of a connector, but doing so sells the value of the tool short. Moreover, as OIS is not designed for this approach, you would have to implement special policy structures to handle surges in throughput. Using an ITPA tool as a connector is not recommended— square pegs fit best into square holes.
Summary As Microsoft’s automation platform, OIS brings automation, orchestration, and integration to the data center. Enabling ITPA, it supplements the existing power of the System Center suite with end-to-end data center management. This enables your IT organization to quickly realize all the benefits of a heterogeneous, scalable, flexible, and dynamic infrastructure. For those taking the journey past the dynamic data center and to the cloud, public or private, System Center with OIS can supercharge your ride.
CHAPTER
2
Inside Opalis Integration Server 6.3
IN THIS CHAPTER . Component Overview . SQL Datastore . Action Servers . OIS Client . Management Server
The primary function of Opalis Integration Server (OIS) is to enable IT Process Automation (ITPA). Part of Microsoft’s System Center suite, OIS offers out-of-the-box automation, orchestration, and integration capabilities. These capabilities, along with an enterprise grade architecture and solid set of functional components, are why OIS is the leading solution for ITPA in the data center. Whatever your organization’s infrastructure, OIS offers a number of different deployment models to ensure a perfectly fitting solution. These deployment models take advantage of the OIS components in different ways; they utilize various architecture configurations and ensure each of the OIS capabilities is used to its fullest potential for all your data center’s ITPA needs. Although the OIS architecture is straightforward, it consists of many components. There are many dependencies between these components, and each component relies on another to function; no one component is standalone. Although some of the components are critical to design and runtime, others are used only occasionally during installation and configuration. This chapter peeks inside OIS to explore the various components, their importance, and a bit about their usage.
Component Overview Here is a high-level list of the OIS components, in order of runtime importance in a default implementation: . SQL Datastore . Action Servers
. Operator Console
30
CHAPTER 2
Inside Opalis Integration Server 6.3
. OIS Client (Authoring Console) . Management Server . Opalis Operator Console Although many other components exist, they serve as support services for these components. The additional components are covered in the “Management Server” section of this chapter. Throughout the chapter, you will see references to several component type categories: . Installation Time . Design Time . Run Time These categories are primarily to distinguish component usage, but also give you an idea of the components you will use, based on your role in the organization. Administrators are usually concerned with installation time components; policy authors are concerned with design time components; and operators are concerned with runtime components. The basic OIS architecture contains each of the high-level components listed and the Action Server Watchdog Service. Figure 2.1 illustrates how each of these components is related and whether they are required or optional.
FIGURE 2.1 Basic OIS architecture
Table 2.1 illustrates the component type category assignment. An “R” means the component is Required during this time for this category type assignment. An “O” means this component is Optional during this time for this category type assignment.
Component Overview
31
TABLE 2.1 Component Type Category Assignment Installation Time
Design Time Run Time
SQL Datastore
R
R
R
O
R O
Action Server(s) OIS Client (Authoring Console)
O
R
Management Server (Service)
O
R
Action Server Watchdog Service
R
Java/JBOSS Web Service
O
Opalis Operator Console
O
Optional Components Figure 2.1 identifies the Java/JBOSS Web Service and Opalis Operator Console as the two optional components in the basic OIS architecture. There are other optional components, but they are noncritical supporting services for these high-level elements. As defined in Table 2.1, if installed, these two components and their subcomponents would fall into the run time category for component type. This is because these components are used only to execute or monitor run time OIS usage. The Java/JBoss Web Service supports some of the optional components in OIS. Here is a list of the functionality and components that rely on Java/JBOSS: . Opalis Operator Console (OOC)—The OOC is built on Java/JBOSS, and its primary function is to act as a read-only user interface for operators. . OIS Web Service and Web Service Definition Language (WSDL)—This is built on Java/JBOSS; its primary function is to expose a WSDL for programmatic access to OIS for policy execution and monitoring. . URL Policy Trigger—The URL Policy Trigger built on Java/JBOSS, and its primary function is to enable simple OIS policy execution by URL launch. . OIS Remote Trigger—This is built on Java/JBOSS; its primary function is to enable OIS policy execution from an application or network remote to the OIS deployment. These are optional components. If you feel these components would be useful for your implementation, you will need to install the OOC. For more information on the OOC installation, refer to Chapter 4, “Installing Opalis Integration Server 6.3.” A video tutorial discussing installation of the console is available at http://blogs.technet.com/b/charlesjoy/ archive/2010/07/15/installing-opalis-integration-server-operator-console-video-tutorial.aspx.
2
Component
32
CHAPTER 2
Inside Opalis Integration Server 6.3
Required Components All other components depicted in Figure 2.1, other than the Java/JBOSS Web Service and OOC, are required for every OIS implementation. Table 2.1 defines these required components, described here: . SQL Datastore—This is the most important runtime component in OIS. The SQL datastore is the heart of the OIS product. All data, configuration, logic, credentials, and such is stored here. Without a SQL datastore, there would be no OIS. This is why the authors strongly recommend you configure the OIS datastore for high availability. For more information about highly available OIS deployments, see Chapter 3, “Architectural Design.” . Action Server(s)—This is the second most important run time component in OIS. Action Servers perform all the work. They interact directly with the SQL datastore and have various deployment options. For more information about the Action Server deployment options, refer to Chapter 3. . OIS Client (Authoring Console)—This is the most important design time component in OIS. The OIS Client is used to create all policies. From this console, you can view, create, modify, delete, start, stop, and so on. More information on the various windows and usage of the OIS Client is in the “OIS Client” section later in this chapter. . Management Server (Service)—This component is important during installation and design time; it is a noncritical component for run time. . Action Server Watchdog Service—This is a required component only because it is automatically deployed and started during installation of the Management Server. It is installed and runs on the Management Server and is one of the Management Server associated services. Each of these components is described in more detail in the next sections.
SQL Datastore The SQL datastore is a critical component in all three component type categories (refer to Table 2.1). This is the second major component deployed during the installation process. After it is deployed, all other components are installed—at least in part—into the SQL datastore. The OIS SQL datastore is required as an installation, design, and runtime component. The datastore is composed of a series of tables, views, and programmability objects, all specific to OIS. The OIS datastore schema is not published, and modifying its objects is not supported. Regarding supportability, the OIS 6.3 release notes state you can install OIS using Microsoft SQL Server or Oracle. Chapter 4 discusses information and considerations for installation; only SQL Server datastore usage and configuration is discussed in this book.
SQL Datastore
33
There are four main categories for the objects in the OIS SQL datastore: . Installation and Configuration . Policy Authoring . Policy Execution
As the schema is not publicly available and modification not supported, this chapter does not discuss the various objects in depth. Instead, it presents a summary of each object category.
Installation and Configuration Objects Many tables in the OIS datastore contain information about the OIS installation configuration. This information is input and accessed only through one of the OIS graphical user interfaces (GUI) or command line interfaces (CLI). Here are the GUIs and CLIs used for data input and data access during OIS installation and configuration: . Database Configuration Utility (GUI)—This utility allows you to configure the database server and database name for your OIS datastore. All information from this utility is directly tied to the OIS datastore. A secure DAT file is created on the Management Server to store these settings. You will find this file at %ProgramFiles(x86)%\Common Files\Opalis Software\Opalis Integration Server\Shared\ in a 64-bit environment (or %ProgramFiles%\Common Files\Opalis Software\Opalis Integration Server\Shared\ on 32-bit systems). . License Manager (GUI)—The License Manager allows you to view and import OIS component licenses. Using the License Manager, you can also view and remove consumed OIS Satellite (managed devices) licenses. All information from this utility is directly tied to the OIS datastore. The information is stored in the LICENSES and SATELLITES tables in the OIS datastore. . Deployment Manager (GUI)—The Deployment Manager utility allows you to deploy Action Servers, Clients, and Integration Packs (IPs) and also provides a view into your existing OIS deployment. Much of the information from this utility is directly tied to the OIS datastore; some information is stored and accessed within the registry for OIS Servers. You can find the rest stored within various tables such as CAPS, ACTIONSERVERS, and OBJECTS in the OIS datastore. . aspt.exe (CLI)—This utility allows you to configure the Action Server Policy Throttle settings. Usage directly influences the data in the MaxRunningPolicies column in the ACTIONSERVERS table in the OIS datastore. . atlc.exe (CLI)—This utility allows you to configure the Audit Trail Logging settings. Usage directly influences the data within the EnableAuditTrail column in the AUDIT_TRAIL_CONFIG table in the OIS datastore. . oedc.exe (CLI)—This utility allows you to configure the Self-Monitoring settings. Usage of this utility directly influences the data within the OE_DELIVERY_DESTINATIONS OE_DELIVERY_RULES and OIS_SNMP_TRAP_CONFIG tables in the OIS datastore.
2
. Policy History and Log
34
CHAPTER 2
Inside Opalis Integration Server 6.3
. pic.exe (CLI)—This utility is not intended for user execution. It is used by OIS to transform policy images from the OIS Client to data in the OIS datastore. When executed by OIS, this utility directly influences the data in the POLICY_IMAGES table inside the OIS datastore. This image is accessed from the OIS datastore and used by the OOC. Figure 2.2 is a sample image from the OIS datastore for the CAPS table. This table stores configuration information about the registered IPs. The information in this table corresponds to the registry keys in one of two locations, based on whether you are running 64-bit or 32-bit Windows Server: . HKLM\SOFTWARE\Wow6432Node\Opalis\Opalis Integration Server\IPs\ (x64 OS) . HKLM\SOFTWARE\Opalis\Opalis Integration Server\IPs\ (x86 OS)
FIGURE 2.2 CAPS table in the OIS datastore
Policy Authoring Objects The majority of the tables and some of the programmability objects in the OIS datastore are used in OIS policy authoring. This information is input and accessible only by using the OIS GUI for policy authoring—the OIS Client. The OIS Client is the central policy authoring utility. It is the primary interface where you can create, modify, delete, start, stop, and configure connections and permissions. Data resulting from this interaction is stored and updated in the OIS datastore. Although there are many tables in the datastore impacted and referenced by the OIS Client, here are the most common ones:
SQL Datastore
35
. FOLDERS . POLICIES . OBJECTS . CONFIGURATION
. COUNTERS . VARIABLES . SCHEDULES . EVENTS Figure 2.3 is a sample image from the OIS datastore for the POLICIES table. This table stores information about created policies.
FIGURE 2.3 POLICIES table in the OIS datastore There are four stored procedures used by the OIS Client for configuration, creation, and modification of the OIS datastore data: . sp_DeleteTreeData . sp_FindTreeInsertionPoint . sp_InsertTreeData . sp_MoveTreeBranch
2
. COMPUTERGROUPS
36
CHAPTER 2
Inside Opalis Integration Server 6.3
These stored procedures are specific object hierarchy (parent and child object relationships). Object hierarchy is critical to the organization of policies and identification of policy object usage by each policy created. Modifying these stored procedures is strongly discouraged and not supported. The only supported methodology for the policy authoring and configuration is the OIS Client.
Policy Execution Objects There are considerably fewer objects in the OIS datastore involved in the policy execution process than for policy authoring. Policy execution includes both publishing and unpublishing (or starting and stopping) policies. There are a number of tables and programmability objects in the OIS datastore used in this process. Here are the methods to initiate and/or stop the policy execution process: . Start/Stop buttons in the OIS Client . Start/Stop button in the OIS Operator Console . OIS5StartPolicy.exe CLI execution . OIS Web Service SOAP call . Policy Launch URL execution . Remote Trigger execution Each of these methods directly or indirectly interacts with the OIS datastore to initiate and stop the policy execution process. Although there are many tables in the datastore impacted and referenced during policy execution, here are the most common tables: . ACTIONSERVERS . POLICY_PUBLISH_QUEUE . POLICY_REQUEST_ACTION_SERVERS . POLICY_REQUEST_HISTORY . POLICIES . DESIGNATED_ACTION_SERVERS Figure 2.4 is a sample image from the OIS datastore for the POLICY_PUBLISH_QUEUE table. This table is used during the policy execution process when policies queue. Refer to Chapter 3 for more information on policy queuing. Here are the six stored procedures used in the policy execution process: . sp_PublishPolicy . sp_UnpublishPolicy
SQL Datastore
37
. sp_StopAllRequests . sp_StopAllRequestsForPolicy . sp_UnpublishPolicyRequest . sp_insertevent
2
FIGURE 2.4 POLICY_PUBLISH_QUEUE table in the OIS datastore The majority of these stored procedures are specific to publishing and unpublishing policies. The code within the procedures scripts the inserts and updates necessary to trigger policy execution. The last item in the list, sp_insertevent, is somewhat different from the others. It is used explicitly to insert events into the EVENTS table. This table captures OIS events from policy execution and the ActionServerWatchdog Service. For more information about the ActionServerWatchdog service, refer to the “Management Server” section of this chapter.
CAUTION:
DO NOT MODIFY THE STORED PROCEDURES
This listing and description is for information purposes only; modifying these stored procedures is strongly discouraged and not supported. The only supported methodology for the policy execution process is to use one of the policy execution methods listed in this section.
38
CHAPTER 2
Inside Opalis Integration Server 6.3
Policy History and Log Objects Once again, there are far fewer objects in the OIS datastore involved in the policy logging process. Policy logging is the process in which OIS stores current and historic information during and after policy execution. The amount of data stored in the OIS datastore during policy execution is user configurable within the OIS Client. Chapter 5, “Policy Basics,” contains additional information on policy logging. There are a number of tables and programmability objects in the OIS datastore used in this process, discussed in the next sections. Policy logging occurs by default during policy execution. Although there are different levels of logging, the location in the OIS datastore, where this logging data is stored, is the same. Many tables in the datastore are impacted and referenced during policy logging. Here are the most common tables: . POLICIES . OBJECTS . POLICYINSTANCES . POLICY_PUBLISH_QUEUE . POLICY_REQUEST_HISTORY . POLICYRETURNDATA . OBJECTINSTANCES . OBJECTINSTANCEDATA Figure 2.5 is a sample image from the OIS datastore for the OBJECTINSTANCE DATA table. This is one of the tables used to store policy and object log data during policy execution. There are four stored procedures used in log purging: . sp_CustomLogCleanup . sp_GetLogEntriesForDelete_FilterByDays . sp_GetLogEntriesForDelete_FilerByEntries . sp_GetLogEntriesForDelete_FilterByEntriesAndDays These stored procedures are specific to log purge. Log purging is an optional but important function within OIS. Policy execution logs are stored in the OIS datastore. As they grow, they take up an ever-increasing amount of space. If they are not purged occasionally, they can cause OIS Client performance issues and raise concerns for database storage limits. For more information about log history and purging, refer to Appendix A, “Support and Troubleshooting.”
Action Servers
39
2
FIGURE 2.5 OBJECTINSTANCEDATA table in the OIS datastore Remember this listing and description is for information purposes only, as Microsoft does not support modifying these stored procedures. Unless otherwise directed by Microsoft Customer Support, the only supported methodology for log purging is using the OIS Client.
Action Servers Action Servers are second only to the OIS datastore in terms of run time importance in an OIS deployment. The Action Server is listed as second only because although you can still author and test policies without an Action Server, you cannot do anything without an OIS datastore. Authoring and testing are just the initial part of the automation process. Sustained production execution requires at last one Action Server. To perform the tasks prescribed in a running policy, the OIS datastore and the Action Servers work together and are the OIS components responsible for the policy execution process. The Action Server is required as a run time component and is optional during design time.
The OpalisActionService What is commonly referred to as an Action Server is actually a Windows service, the OpalisActionService. Installed during deployment of an Action Server (Figure 2.6), Figure 2.7 shows the OpalisActionService in the Windows Services MMC window.
40
CHAPTER 2
Inside Opalis Integration Server 6.3
FIGURE 2.6 Opalis Action Server deployment
FIGURE 2.7 OpalisActionService displayed in the Windows Services MMC window Each Action Server deployment targets and installs one OpalisActionService per server, as there can be only one OpalisActionService installed on an individual server. However, you can deploy multiple Action Servers to multiple servers in a single OIS implementation. After these servers are deployed, you can view them in the Deployment Manager or the OIS Client. In the OIS Client, you can also set their priority or role. Figure 2.8 shows the Action Server list as seen in the OIS Client. It is strongly recommended you deploy multiple Action Servers, as it enables the capability for policy failover and spillover. Refer Chapter 3 for additional information about these capabilities and how to set Action Server priority.
Connectivity As previously displayed in Figure 2.1, Action Servers connect directly to the OIS datastore. They do not require the Management Server or any other OIS component other than the OIS datastore.
Action Servers
41
2
FIGURE 2.8 Action Servers as seen in the OIS Client Connectivity and Permissions Specifics By default, Action Server connectivity to the OIS datastore requires network traffic to be open over port TCP 1433. Connectivity requirements from the Action Server to the target managed devices vary by the object in the policy being executed. Here is a list of the various protocols used to connect to and from the Action Server: . SMB . RPC . WMI . COM/DCOM . ADO The permissions required by the Action Server service account vary by component connection. The Action Server must have connectivity to the OIS datastore to function properly. For this connection and others, here are the capabilities the Action Server service account must have: . Database Connectivity—Permissions for the service account(s) interacting directly to the database differ between installation and runtime. Sysadmin rights are recommended, although not required, for runtime execution of policies. . During run time execution, only read, write, and execute permissions are required by the service account. . Sysadmin rights are only required during installation time when the database schema objects (stored procedures, tables, triggers, and so on) are created or updated (for example, initial installation and IP registration).
42
CHAPTER 2
Inside Opalis Integration Server 6.3
. Component Install—The service account must run with the credentials of a local administrator. It can be directly assigned to the Administrators group or a member of a group with these permissions. . Component Connectivity—The service account must have sufficient permissions to perform the actions prescribed within the policy it is executing over the various protocols used. Impersonation Many objects offer the capability to be run under a different context utilizing impersonation. If configured to do so, the Action Server will use the credentials instead of the Service Account assigned to the OpalisActionService. This can be configured at the object level in the Security Credentials tab. Special “Run As” Object The Run Program object has this tab and an Advanced tab, which includes the capability to execute the command or program specified in this object using a different Run As account. Both these options change the way the Action Server authenticates to the target managed devices. When the Run Program object is used on a remote (or local) machine, you will notice a new Windows service (Figure 2.9). The Opalis Remote Execution Service is a wrapper for a special version of PSEXEC.exe, named OPEXECSVC.EXE, which allows OIS to execute commands and programs on remote (or local) machines. The Run Program object itself then becomes the wrapper for this version of PSEXEC.exe.
FIGURE 2.9 Opalis Remote Execution Service in the Windows Services MMC window
Deployment Models It is important to note there are many deployment models for Action Servers in an OIS implementation. Here are the available deployment models: . Simple . Resilient
Action Servers
43
. Cross-Network . Cross-Network Action Servers . Multi-Site Manual Policy Sync . Multi-Site Invoke via Web Services
. Multi-Site Isolated Each of these models was. designed to fit a specific connectivity need. More information and a detailed explanation of each of these models is available in Chapter 3. Uninterrupted connectivity between the OIS datastore and the deployed Action Servers is critical to the success of the policy execution process. A low latent and error free connection is highly recommended to ensure this level of uninterrupted connectivity. This requirement is why so many different deployment models exist to accommodate the various production deployment scenarios
PolicyModule.exe To say that the OpalisActionService does all the work is a bit inaccurate. The OpalisActionService actually controls the instantiation of PolicyModule.exe processes that do all the work. These processes are the subcomponents that run on an Action Server, consume the memory necessary, and perform the work as prescribed in the running policy. On a 64-bit server, these processes take on the name of PolicyModule.exe *32.
From SQL to Executable Regardless the OS type, this process can be summarized with the following steps: 1. The OpalisActionService continually queries the POLICY_PUBLISH_QUEUE for new records. 2. The OpalisActionService finds a new record in the POLICY_PUBLISH_QUEUE. 3. A new PolicyModule.exe process is created, based on the related data from the POLICY_PUBLISH_QUEUE data. This data includes, but is not limited to, row data from the following tables: POLICIES, OBJECTS, CONFIGURATION, and VARIABLES. As the PolicyModule.exe process executes, it continues to interact with the OIS datastore. As object execution completes in the running policy, these logging tables are updated with information: . POLICYINSTANCES . OBJECTINSTANCES
2
. Multi-Site Hybrid
44
CHAPTER 2
Inside Opalis Integration Server 6.3
. POLICYRETURNDATA . OBJECTINSTANCEDATA The ProcessID (PID) is one of the pieces of log data collected in these tables. (This is a column in the POLICYINSTANCES table.) This correlates to the PID for the PolicyModule.exe process in the Windows Task Manager. Figure 2.10 shows two PolicyModule.exe *32 processes (with associated PID) and some of the other OIS processes commonly seen in an OIS deployment. Chapter 3 includes additional information about the PolicyModule.exe process, its lifecycle, and mechanics.
FIGURE 2.10 PolicyModule.exe processes seen in the Task Manager on a 64-bit server
Policy Execution Default Configuration By default, an Action Server has a Policy Threshold Limit of 50 concurrently running PolicyModule.exe processes. If this threshold is met, the processes will queue unless there is more than one Action Server with available processing capacity. Chapter 3 discusses this topic in detail.
Redundancy It is anticipated you will deploy more than one Action Server in your OIS implementation. As you deploy these Action Servers, you will notice that each additional server deployed after the first (Primary) is labeled as Standby. The order in which the Standby Action Servers
OIS Client
45
are evaluated for availability can be seen and configured within the OIS Client (Figure 2.8). Action Server availability determines where the next PolicyModule.exe process will run. These priority or role assignments are used for both Action Server spillover and failover. If desired, you can this override this behavior at the policy level by designating Action Servers in a specified order, as displayed in Figure 2.11.
2
FIGURE 2.11 Policy level Action Server override
If the override is set for a policy, only the Action Servers in the override list are used during spillover and failover. If only one Action Server is listed (as shown in Figure 2.11), the policy will not have the capability to spillover or failover to another Action Server, even if there are more than one in the OIS implementation. For more information about spillover and failover, refer to Chapter 3.
OIS Client The OIS datastore is the center of the OIS implementation, while the Action Servers, with their PolicyModule.exe processes, perform all the work. This leaves only one additional critical component, the OIS Client (or Authoring Console). The OIS Client is primarily used to view, create, modify, delete, start, and stop policies. It is required as a design time component and is optional during run time. The OIS Client is often referred to as the Authoring Console, as the majority of the actions the client exposes are authoring-specific. However, the shortcuts to the GUI and the GUI itself will not reflect this common name. The shortcut to the GUI is named Opalis Integration Server Client. When you open the client, the name at the top of the window
46
CHAPTER 2
Inside Opalis Integration Server 6.3
is Opalis Integration Server (see Figure 2.12). Regardless of what you call it, this is your utility for policy authoring.
FIGURE 2.12 OIS Client or Authoring Console GUI
NOTE:
AUTHORING CONSOLE AS EXECUTION CONSOLE
In an absence of an OOC or other runtime interfaces, the OIS Client can be used as an execution console as well. It has all the necessary buttons and log views to execute policies and monitor their status.
Here are the operating systems on which you can install the OIS Client: . Windows Server 2008 (32-bit or 64-bit) . Windows Server 2008 R2 (64-bit) . Windows Server 2003 (32-bit) Service Pack 2 . Windows Server 2003 R2 (32-bit) Service Pack 2 . Windows 7 (32-bit or 64-bit) . Windows Vista (32-bit or 64-bit) . Windows XP Professional (32-bit)
OIS Client
47
OIS Client Connection to the OIS Datastore
After successfully connected to the OIS datastore via the Management Server, you will see the policies that already are created (if any). Out-of-the-box and after a clean installation, there are no policies in the OIS datastore, meaning none are displayed in the client. Another limiting factor to what you can see in the OIS Client is folder, policy, and global settings permissions. You will see only what you have permissions to see. Likewise, you will have the ability to only create, modify, start/stop, and such based on these same permissions. For more information on OIS Client security, read about security policies in Chapter 7, “Implementation and Best Practices.”
From XML to SQL You have the ability to create, edit, name, rename, and manipulate the policies, objects, folders, and such in the OIS Client in whatever way you like. However, in general, policy creation follows a consistent process. While you create a policy using the GUI, behind the scenes policy creation goes through the following steps: 1. A New Policy is created (and automatically checked in) within the OIS Client. 2. The New Policy is checked out for editing (and usually renamed). 3. The policy (renamed or not) is stored locally as an eXtended Markup Language (XML) file in a hidden folder. This file is located in the %AppData%\Opalis Software\Opalis Integration Server\ folder and has a name like {F4D7ED1B-9B334D19-8D8C-C3A2726D9E7A}.xml, where the {GUID} varies by policy and is directly related to the UniqueID field in the POLICIES table for the policy. 4. The policy is then created. Objects are added, links connect the objects, and data is configured within the objects and links. Before check-in, all this configuration data is stored locally in the {GUID}.xml file mentioned in step 3. 5. With policy creation complete, the policy is checked in. As it is checked in, a series of SQL insert and update statements are executed (via the OIS Client’s connection to the OIS datastore through the Management Server), and the necessary tables in the OIS datastore are populated with the appropriate data. The {GUID}.xml file mentioned in step 3 is deleted. After the first check-in, the policy is usually tested with the Testing Console. As testing a policy requires that that it is checked out, as soon as the Test button is clicked, the policy
2
The OIS Client does not have a Windows service of its own, and as depicted in Figure 2.1, it connects to the OIS datastore via the Management Server (Service). After installed and started, the OIS Client attempts to connect to an available Management Server. As long as all prerequisite software and permissions are satisfied, the OIS Client should have no issue connecting to a Management Server. This connection to the Management Server is the client’s only access to the OIS datastore.
48
CHAPTER 2
Inside Opalis Integration Server 6.3
is checked out. After check out, another {GUID}.xml file is generated in the %AppData%\Opalis Software\Opalis Integration Server\ folder. Refer to Chapter 5 for more information on the Testing Console and a detailed walkthrough of the OIS Client.
NOTE:
OIS DATASTORE UPDATES VIA THE OIS CLIENT
As testing and modifications continue within the OIS Client and Testing Console, the OIS datastore is updated only when the policy is actually checked in. Until the policy is checked in, changes are stored locally in the %AppData%\Opalis Software\Opalis Integration Server\{GUID}.xml file.
Management Server The Management Server is a collection of subcomponents. In addition to that, the Management Server does not manage anything. It is actually one of the worst named components in OIS. Because of its name, people often think that it is a critical run time component. This is quite the opposite. The Management Server has no significant run time value outside the existence of the OpalisActionServerWatchdog Service (installed on the Management Server by default). The Management Server is a required component for design time, as discussed in the “OIS Client” section earlier in this chapter and is useful during installation time. It is not a required installation time component because the components it is used to deploy can also be installed manually.
Primary Services Here are the three main services or subcomponents associated with the Management Server: . OpalisManagementService—This component is used during design time to broker the relationship between the OIS Client and the SQL datastore. It also serves as a connection point for other client applications used for OIS management activities (OISDeploymentManager.exe, OIS5StartPolicy.exe, and so on), providing the means to read and write to and from the datastore. . OpalisRemotingService—The Deployment Manager uses this service to deploy IPs, Action Servers, and Clients on remote (and local) machines. The OpalisRemotingService can also be used to query OIS implementation machines for installed components. . OpalisActionServerWatchdog—This service serves two purposes. As is, with no extra configuration, it monitors policy, object, and database connection status. Optionally, it can be used to leverage the Self-Monitoring functionality in OIS. In either case, OIS specific events are raised as needed, depending on OIS component status. When leveraging self-monitoring, Simple Network Management Protocol (SNMP) traps can optionally be sent based on these OIS specific events.
Management Server
49
Each of these services is installed automatically on the Management Server. Installing these services is neither optional nor configurable. Figure 2.13, Figure 2.14, and Figure 2.15 respectively illustrate these services in the Windows Services MMC window.
2
FIGURE 2.13 OpalisManagementService in the Windows Services MMC window
FIGURE 2.14 OpalisRemotingService in the Windows Services MMC window
FIGURE 2.15 OpalisActionServerWatchdog Service in the Windows Services MMC window
Watchdog The OpalisActionServerWatchdog (Figure 2.15) is one of components installed automatically on the Management Server. After installation, it will “watch” or “self-monitor” for certain behavior in your OIS implementation. Here is what it watches for: . Policies have started but are not running . Policies start, run, and do not restart
50
CHAPTER 2
Inside Opalis Integration Server 6.3
. A policy is published two or more times . An Action Server cannot connect to the datastore . Frequent errors connecting to or writing to the datastore . An Action Server has stopped running . Action Server is reaching the policy throttle limit . License expirations Out of the box, the OpalisActionServerWatchdog service simply logs events based on the behavior in this list, within the Opalis Event Log. The Opalis Event Log is your only view into the messages from the Watchdog. No further action is taken by the Watchdog. If you want more than simple logging to the Opalis Event Log, you can utilize the OIS SelfMonitoring feature. Self-Monitoring takes advantage of the Opalis Event Log notifications sent from the OpalisActionServerWatchdog service and is the optional functionality that allows SNMP traps to be sent from OIS to a specified target. After configured, all events normally logged within the Opalis Event Log are sent as SNMP traps (Information, Warning, and Failed). For more information on these SNMP traps, including how to configure them, refer to the TechNet Library article for Event Notifications at http://technet.microsoft.com/en-us/ library/gg440663.aspx.
Additional Components Outside the services discussed in the “Primary Services” section earlier in this chapter, here are the additional components automatically installed on the Management Server: . aspt.exe . atlc.exe . DBSetup.exe . DeploymentManager.exe . LicenseManager.exe . oedc.exe . OIS5StartPolicy.exe . pic.exe These components are installed into the %ProgramFiles(x86)%\Opalis Software\Opalis Integration Server\Management Service\ or %ProgramFiles%\Opalis Software\Opalis Integration Server\Management Service\ folder on 32-bit systems. With the exception of the OIS5StartPolicy.exe component, these components were discussed in the “Installation and Configuration Objects” section earlier in this chapter. The OIS5StartPolicy.exe component enables you to run policies from a command line. By default, this CLI for OIS is installed on the Management Server, but it can be copied
Management Server
51
(installed) to any machine in the domain that can access the Management Server. Here are some items to consider when executing policies with the CLI: . Policies executed from the CLI must begin with a Custom Start object. . Policies must be fully configured and checked in.
. Policies can be called by their GUID (/id) or Full Name and Path (in quotes) within the OIS folder structure (as seen in the OIS Client). . When searching for policies by name, the /search parameter is case-insensitive. To search, pass the name of the policy in quotes, followed by /search. The search feature returns partial matches. . If you want to wait for the policy to finish (as opposed to fire-and-forget), you can use a /wait parameter. . If executing the CLI from a machine that is not the Management Server or Action Server, /ms: and /as: parameters are required. Here is some sample syntax: OIS5StartPolicy.exe /id {F4D7ED1B-9B33-4D19-8D8C-C3A2726D9E7A} /wait /ms:FIREBALL /as:FIREBALL
In this example, the CLI is configured to execute a policy with the GUID of {F4D7ED1B9B33-4D19-8D8C-C3A2726D9E7A} from a machine other than the Management and Action Server (FIREBALL); before returning the command line back to the user, the CLI will wait for the completion of this policy’s execution. If you execute the command OIS5StartPolicy.exe /? (or OIS5StartPolicy.exe /help), you will get information on the usage for OIS5StartPolicy.exe, as displayed in Figure 2.16.
FIGURE 2.16 OIS5StartPolicy.exe usage instructions
2
. Execution with parameters is allowed, but parameters must be configured before attempting to use the CLI. In addition, the parameters must be in the same order as they appear in the Custom Start object (as seen in the OIS Client).
52
CHAPTER 2
NOTE:
Inside Opalis Integration Server 6.3
OIS5STARTPOLICY.EXE CONSIDERATIONS
The name of this CLI is not important to its execution. If you would like to shorten the name, you can do so without disrupting its functionality.
Opalis Operator Console The OOC is the last major component of an OIS deployment. This is an optional and noncritical component. It is a web-based GUI with limited functionality. Summary information about the OOC components and installation instructions was discussed in the “Optional Components” section of this chapter. The OOC is built on Java/JBOSS, and its primary function is to act as a read-only user interface for operators to perform the following tasks: . View Policies . Execute Policies . Execute Policies with Custom Parameters . Execute all monitor Policies . Stop Policies . Stop all running and queued Policies . Tag Policies . Search for Policies . Identify Policy execution by Action Server . View Opalis Platform Events After installation, the default URL for the OOC is http://<servername>:5314. If you chose to configure the OOC using SSL, the default URL is https://<servername>:8443. Figure 2.17 shows the login screen of the OOC.
FIGURE 2.17 Operator Console Login screen
Opalis Operator Console
53
As mentioned in the “Component Overview” section, a number of components are dependent on the OOC. Each of these components is optional, but might add value to your OIS implementation. One of these components is the OIS Web Service and WSDL. The URL for the OIS Web Service WSDL is http://<servername>:5314/OpConsoleApp-1.0OpConsoleServer-1.0/PolicyInfoServiceBean?wsdl. Figure 2.18 shows a portion of the WSDL for the OIS Web Service.
2
FIGURE 2.18 Partial WSDL for the OIS Web Service As seen in Figure 2.19 and discussed in Chapter 4, default installation of the OOC results in a continually running command window.
FIGURE 2.19 Command window of the Java/JBOSS Operator Console
54
CHAPTER 2
Inside Opalis Integration Server 6.3
If this is not desired behavior, you have the option to install the OOC as a service (Figure 2.20). For more information on installing the OOC as a Windows service, refer to Chapter 4.
FIGURE 2.20 Opalis Operator Console installed as a Windows Service Chapter 5 provides a detailed walkthrough of the OOC.
Summary There are a number of components within an OIS deployment. Some of them are critical at install, design, and runtime, whereas others are optional and “nice to have.” As the basic architecture (refer to Figure 2.1) showed, there are three primary required components of OIS: Datastore, Action Server(s), and Client (Authoring Console). These three components handle storage, execution, and design. There is one primary optional component: the Opalis Operator Console. This component handles high-level operational management of OIS policies. Finally, noncritical during runtime but required during installation and design, the Management Server handles deployment of OIS components and brokering the relationship between the client and the datastore. Each one of the components is connected in some way. In almost every case, this connection is through the OIS datastore, the heart of OIS.
CHAPTER
3
Architectural Design
IN THIS CHAPTER . Basic Architecture . Policy Lifecycle and Mechanics . Policy Limits and Queuing . Policy Spillover . Policy Failover
When determining the best approach to deploy Opalis Integration Server (OIS), there are several factors to consider as you design an OIS instance. Before designing your instance, you should answer a number of questions about your environment, including network, domain structure, and location of your automation targets. This chapter expands on the basic OIS architecture from Chapter 2, “Inside Opalis Integration Server 6.3,” and explains how the components interact with one another during policy execution. It also discusses the major deployment models and identifies where each model would be most beneficial. In addition to architecture, this chapter reviews how the various security models affect an OIS deployment. You can use OIS in a wide range of environments and security models, from small networks to managed service providers. Each presents different challenges and requires different solutions.
Basic Architecture Chapter 2 discussed the OIS components and explained their purpose. This chapter examines those same components as they work together to create, check-in, and execute policies. Because the policy is the core element of all automation, orchestration, and integration, this chapter looks into the lifecycle of a policy and examines how the OIS components support the phases of that lifecycle. Figure 3.1 shows the main components of OIS.
. Deployment Models . Security Models
56
CHAPTER 3
Architectural Design
FIGURE 3.1 OIS architecture
Policy Lifecycle and Mechanics The lifecycle of a policy begins with creating that policy in the OIS Client. For more information on how to create a policy, refer to Chapter 5, “Policy Basics.” As the policy is created, edited, or tested (within the Policy Testing Console), the policy data is stored locally by the OIS Client. The policy data remains in local storage until the policy is Checked In by the policy author.
NOTE:
USE A RELEASE PROCESS WHEN DEALING WITH AUTOMATION
Many organizations find it easiest if their policy authors test their policies and check them into a production server after the author is satisfied with the results. This is a hazardous practice and not recommended for a production environment. Because of the nature of automation, no single user should be trusted with design, testing, and promoting into production. The authors recommend, at a minimum, that someone other than the policy author perform testing and promoting a policy into production. Ideally, your organization already has a release process, with a testing or staging environment. In this case, include your OIS policies into these processes and environments. Refer to Chapter 7, “Implementation and Best Practices,” for more information regarding this topic. Policies without safeguards can be dangerous things.
Check In After the Check In button is pressed, the OIS Client contacts the Management Service so the policy can be written to the datastore. In this scenario, the Management Service acts as a proxy or broker so the OIS Client machines do not access the datastore directly—as doing so would mean every author would require write access to the various database tables.
Policy Lifecycle and Mechanics
57
The OIS Client transmits the policy in the form of object data and configuration data for those objects (based on the installed Foundation objects and the objects contained within any Integration Packs [IPs] deployed to the client). This policy data, which is loosely formatted eXtended Markup Language (XML) data, is taken by the Management Service and written into the datastore. The creation or update of a policy is a somewhat complex process and involves several tables. As an example, a new policy can easily create one or more new records in each of the following tables within the datastore: . POLICIES . OBJECTS
. LINKS . FOLDERS . SCHEDULES . VARIABLES . COUNTERS
CAUTION:
TABLE INFORMATION IS FOR REFERENCE-ONLY
The information provided in this chapter regarding the OIS datastore and its tables is for reference-only. This information is intended to help you better understand policy mechanics and OIS in general. You should never directly manipulate data in the OIS datastore.
Dormant Policy After the Management Service writes the policy to the datastore, nothing else happens as part of the transaction. The policy is now located within the datastore and visible to other OIS Clients should they look for it, but in terms of execution, the policy is now dormant. The policy has not yet been marked for execution and remains dormant until an OIS Client, Opalis Operator Console (OOC), Command Line executable, or Web Service invocation changes this state.
Starting the Policy To start a policy that is checked in, someone typically uses the OIS Client and presses the Start button or presses the Start button within the OOC (or through one of the other programmatic start options). Regardless of how the request is initiated, the result is the datastore is updated such that the policy is now marked to start. This happens by updating the record for the policy within several policy related tables via the PublishPolicy stored procedure (the affected tables are POLICY_PUBLISH_QUEUE, POLICY_REQUEST_ ACTION_SERVERS, POLICY REQUEST HISTORY, and POLICIES). The first two tables establish which Action Server the policy will run on (if more than one Action Server exists). The final update in the stored procedure alters the Published and Publishing Time
3
. (General object tables relating to each type of object used)
58
CHAPTER 3
Architectural Design
columns in the Policies table. This updates the Published column from False to True and adds the current time to the Publishing Time column. (The term Published used by the datastore in this context is now archaic. In early versions of OIS 5.x, the Start button was labeled Publish, and because the database structure has not been fundamentally altered since then, the term Published remains.)
Action Servers and Policy Instantiation Action Servers are designed to regularly update the datastore to report their heartbeat (every 15 seconds) and check if any new policies need to be executed (every 2 seconds). If there are no policies for the Action Server to run, it closes the connection and will retry in several seconds. However, if the Action Server finds a policy it can run, it gathers all the details about the policies from the related tables and then uses that information to instantiate an executable in memory. The name of the executable is always PolicyModule.exe (or PolicyModule.exe*32 on Windows 2008 systems as the PolicyModule.exe is a 32-bit application).
PolicyModule.exe The Action Server instantiates one PolicyModule.exe for every submitted request to execute a policy. If a policy does not start with a Monitor object and a Start request is issued more than once, multiple instances of that policy can potentially run concurrently. This means if a given Action Server is running 17 policies, as viewed from the Operator Console, there will be 17 instances of PolicyModule.exe in memory at that time. Both active and idle (or monitoring) policies are in memory as PolicyModule.exe. As policies start, the Process ID (PID) of the policy is recorded to the datastore and is viewable from clients. In this way, a client can use the PID reported through logging to determine which instance of PolicyModule.exe belongs to a given policy. There are two types of policies: . Ad hoc . Monitored The mechanism is identical to check-in and start either type of policy, although the two behave differently when they execute. These policies are discussed in the following sections. Policy Behavior (Ad hoc) An ad hoc policy is any policy that does not begin with a monitor object. Ad hoc policies will load into memory as PolicyModule.exe and execute each object within the policy in turn until the policy runs out of objects along its given execution path. After the policy reaches its conclusion, the PolicyModule.exe exits and the policy terminates. An ad hoc policy does not reinstantiate until someone starts the policy again. However, if the policy is not permitted to finish normally (meaning it ends prematurely while there are still more objects along its given execution path)—perhaps caused by a server abend—the Action Server will not report the policy as completed to the datastore. As long as the
Policy Lifecycle and Mechanics
59
policy is not reported as completed, the policy runs again (either by the same Action Server or by another if the first has failed or run out of capacity). This behavior is what most users expect when a policy fails. A policy runs until it is complete; if interrupted before finishing, it will start again. Every policy starts with the first object, regardless of whether it failed previously. It is possible to design a policy to check to see if it previously ended prematurely, reload the relevant data, and start again; however, this is not the default policy behavior. For more information on building restartable policies, see Chapter 7.
As an example, if the first object in a monitored policy is a File Monitor configured to wait for a file named datalog.xls to appear in C:\Drop, the policy loads and begins monitoring the C:\Drop folder for datalog.xls. Until that file appears, the remaining objects in the workflow will not run. This policy might stay in memory indefinitely waiting on the desired condition to occur. After the desired condition occurs, two things take place: . As soon as the monitor condition for the first object is satisfied, a new PolicyModule.exe instantiates to replace the monitoring activity. . The policy executes just as an ad hoc job would, following all the objects along its given execution path. By instantiating a new PolicyModule.exe as soon as the monitor condition is satisfied, the monitoring is constant and uninterrupted. If you are familiar with how a Transmission Control Protocol (TCP) port listener behaves, you can use this as an analogous behavior. As soon as the socket on port 3389 is filled by an incoming Remote Desktop Protocol (RDP) connection, a new socket on the same port is created. Monitored polices behave in a similar fashion. After a monitored policy is running, it will not stop on its own. The user or an external trigger will have to stop the policy. In both situations (monitored and ad hoc), the desired outcome of the policy is not the relevant measure. Regardless of whether the desired outcome is success or failure as long as the policy executes all of objects in its path, the Action Server reports the policy as successfully completed. In terms of policy management by the datastore and the Action Servers, this completion is the only one that matters.
3
Policy Behavior (Monitor) A monitored policy is any policy that begins with a monitor object. (These policies can only contain one monitor object.) Monitored policies are sometimes referred to as long running policies. A monitored policy begins like an ad hoc policy, started by a user or external trigger; but because the first object in the policy is a monitor, the conditions of that monitor will dictate when the rest of the policy will trigger.
60
CHAPTER 3
Architectural Design
Policy Limits and Queuing The total number of concurrent policies an Action Server will run by default is 50 (ad hoc and monitored combined). This is known as the Action Server Policy Throttle (ASPT), which is set as part of the installation of OIS 6.2.2 and not modified with the 6.3 upgrade. When an Action Server reaches the maximum number of concurrent policies set by the ASPT, it will no longer run additional policies. If there are no other Action Servers available, the policy will queue and wait for resources to become available. Consider an example using a single Action Server deployment. You have 49 policies running and your ASPT is set to the default of 50. You trigger two policies to start using the OOC. The first policy executes normally and becomes the 50th policy running on your Action Server. The second policy queues in the datastore and waits until one of the 50 running policies completes before it will run.
NOTE: MONITORED POLICIES COUNT AGAINST ASPT As monitored policies never stop on their own, they take away policy slots from your Action Servers permanently (as long as you choose to run them). In a default configuration, if you have an Action Server with 40 Monitored Policies running, this only leaves room for 10 ad hoc policies, assuming all 40 monitored policies were idle and had not created new policies to replace them.
Action Server Policy Throttle The throttle value of 50 is configurable by using aspt.exe found in %ProgramFiles(x86)%\Opalis Software\Opalis Integration Server\Management Service. The aspt executable allows you to change the value on all Action Servers or on a specific Action Server. The following is the usage for this executable: aspt (ActionServerName or *) (MaxRunningPolicies 1-1000)
To set the policy throttle limit for all Action Servers to 300, enter the following: aspt * 300
After you change the value for the ASPT, you must restart the Action Server service for any Action Server changed.
Maximum Number of Policies to Run With the default ASPT of 50, a common question is how many policies can actually be run. There are a number of factors dictating how many policies can be run safely on a single Action Server. These factors include the following:
Policy Limits and Queuing
61
. Desktop Heap . Operating System . Policy size and complexity . CPU and Memory resources Refer to Chapter 7 for information on sizing.
Desktop Heap Limitations and Policies 3 The first resource typically fully consumed by an Action Server (especially those running Windows 2003) is not memory or CPU but the desktop heap. There are several heaps on a server, but when dealing with OIS, the heap being referred to is the desktop heap for the non-interactive desktops (desktop heap). The default of 50 concurrent policies on a single Action Server is to help prevent exhaustion of the desktop heap. If a system runs out of desktop heap, it can experience unexpected runtime issues such as processes terminating and being unable to allocate proper resources to other processes.
NOTE:
SPOTTING DESKTOP HEAP ISSUES
There is no single sign the desktop heap has been exhausted, although there are common symptoms that you might encounter. When checking the Action Server logs or the Policy logs, you might see errors such as Out of Memory or Not Enough Storage. There might also be other messages that refer to problems allocating Named Pipes or Windows Sockets.
OIS policies all use desktop heap; although they might use different amounts. The amount consumed varies depending on which objects the policy uses and the total number of objects in the policy. The most reliable way to determine the actual consumption of desktop heap by policies is to monitor the resource as a policy runs. If your implementation reaches a steady state, this will give you the best possible estimation of your needs. Information Technology (IT) organizations often want to have estimates before reaching a steady state—generally when designing the OIS architecture. As a guideline, you can estimate that each policy (policymodule.exe) will consume 10KB of desktop heap. The desktop heap for the noninteractive desktops is the third parameter of the SharedSection= segment of the following registry value: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\ Session Manager\SubSystems\Windows
62
CHAPTER 3
Architectural Design
Figure 3.2 shows the registry location of the desktop heap, highlighting the Shared Windows Section. The value of the desktop heap for the noninteractive desktops is 768 in Windows Server 2008 (Figure 3.2) and 512 on Windows Server 2003.
FIGURE 3.2 The registry location of the desktop heap on Windows 2008
Estimating the Maximum Policy Count and Desktop Heap Size Before setting the desktop heap, estimate the maximum number of policies you expect an Action Server to run. The desktop heap for the noninteractive desktops can be estimated by (Maximum # of concurrent policies) * 10 = (Desktop Heaps)
As an example, if you want to run 100 concurrent policies, 100 * 10 = 1000, rounding that number to the next highest memory size gives you 1024. The new value for the desktop heap in the registry segment would look like this: SharedSection=1024,20480,1024
This example uses the estimate of 10K for a policy. After you have working examples of your policies, determine the actual value for your policies and revise the desktop heap size based on the actual value. You will also want to consider that because the Service Control Manager creates a new desktop in the noninteractive window station for each service process running under a user account, increasing the desktop heap for non-interactive desktops reduces the number of user account services that can run on the system.
Policy Limits and Queuing
CAUTION:
63
MAXIMUM TOTAL HEAP SIZE 48MB FOR WINDOWS 2003
On Windows 2003, the total desktop heap size must fit into the 48MB systemwide buffer. This means the total for all three heaps must be less that 48MB. On Windows 2008, the heap size is a dynamic kernel address range and not limited by the SessionViewSize.
Note that any command line interfaces (CLI) executed by the policies will consume desktop heap in the same Windows station as well. If you are a heavy user of Run Program objects or IPs that utilize CLI applications, consider increasing the 10KB value in your calculations to 15KB to ensure this is taken into account. Increasing the Action Server’s Desktop Heap To increase the number of policies an Action Server can run, perform the following steps: 1. Increase the size of the desktop heap for noninteractive window stations on your Action Servers. 2. Modify the value of the ASPT on your Action Servers. 3. Reboot the Action Servers. Increasing the desktop heap is a Windows systemwide change and requires a reboot. Altering the ASPT requires you restart the Action Server Service. You can find additional information about desktop heap in Knowledge Base (KB) article 184802, available at http://support.microsoft.com/kb/184802.
Policy Maximums Based on Operating System OIS 6.3 Action Servers can run on Windows Server 2003 or 2008; the total number of concurrent policies supported by each operating system (OS) will differ. As the maximum total heap size for a Windows 2003 server is limited to 48MB, Action Servers on Windows 2003 are not able to run as many policies as those on Windows 2008 (assuming the heap size is maximized for each). The exact number of policies you can run should be determined by testing; however, you can use the following guidelines when estimating the maximum number of concurrent policies per Action Server: . Windows 2003—250 concurrent policies . Windows 2008—500 concurrent policies These are only suggested maximums. Your Action Servers might not be able to run the maximums listed given other constraints. (As an example, if you have large policies, you might not be able to run 250 concurrent policies on a Windows 2003 Action Server.) You
3
Noninteractive sessions only have 20MB of the 48MB total available because Terminal Services are automatically enabled—which cuts the 48MB in half to 24MB. In addition, the System Interactive default allocation is 1024 (first value in the Shared attribute) and the Interactive Desktop is 3072 (second value in the Shared attribute), leaving only 20MB for all the noninteractive windows stations. SessionViewSize can be increased on a Windows Server 2003 computer; however, it has potentially significant impacts to other kernel memory resources and is not recommended.
64
CHAPTER 3
Architectural Design
might be able to run more policies than these maximums, but if you attempt to do so, be sure you understand the performance aspects and implications involved. Normally, you would want to add more Action Servers rather than risk over committing those Action Servers you have.
NOTE:
OIS 6.3 IS A 32-BIT APPLICATION
OIS 6.3 runs on Windows 2008; however, the applications, including policymodule.exe, are 32-bit applications. Because of this, the OIS resources will not be able to take full advantage of the 64-bit operating system.
Policy Size and Complexity The total number of objects and type of objects in a policy will change the memory footprint and resource consumption considerably. There are no good sizing guidelines, as policies can vary incredibly in size. A four-object policy that creates help desk incidents based on a SQL query easily consumes more resources than a user provisioning policy with 20 objects. Imagine if the SQL query produces 5,000 rows, which in turn creates 5,000 incidents in the help desk. That four-object policy is far more resource intensive than passing one set of user data through the 20-object policy.
CPU and Memory Resources Also Affect Policy Limits CPU and memory resources and other typical performance metrics are more likely to apply to Windows 2008 Action Servers rather than those running on Windows 2003. The reason for this is Windows 2003 servers are limited to about 250 concurrent policies, and modern server hardware can generally handle that load quite easily. As Windows 2008 can run about twice as many policies, it is possible that normal performance resources might become strained. All the performance aspects—heap size, operating system, policy size, and performance metrics—should be methodically tested using real-world data. This is the best and most reliable method to understand what impact your policies will have on your Action Servers. The estimates provided in this chapter are only the starting point for your calculations.
Policy Queuing The ASPT sets the total number of concurrent policies an Action Server can run. When the ASPT is reached, if there is only one Action Server and it is running the maximum number of policies, any additional policies that are started will be queued. Policies that are queued remain in the queue until a running policy completes its execution, freeing up a policy slot. After there is a free policy slot, the first policy in the queue is instantiated on the Action Server. Policies are taken from the policy queue in a first in, first out (FIFO) model. Unfortunately, there is no easy way to see how many policies are queued or which policies are queued. Queued policies are stored in the POLICY_PUBLISH_QUEUE table in the data-
Policy Spillover
65
base; to determine how many policies were queued, you can view the contents of that table. The OOC policy view totals include queued policies, but there is no way to filter on queued policies as you can with those that are running.
Policy Spillover
FIGURE 3.3 Action Server priority set by the OIS Client As an example, if your ASPT is set to 50 for all Action Servers and the PAS is running 50 policies, the next policies that start will run on the SAS. However, if at any point one or more of the PAS’s policies complete, the PAS would then be assigned policies again until it again reaches its ASPT. There is no consideration given to the fact that the SAS might be idle when assigning policies. The PAS must reach its ASPT before policies “spillover” onto the SAS. Should you have more than one SAS, policies begin loading on the PAS, then spillover to the first SAS, and only then to the second SAS. Policies always attempt to load on the highest-ranking Action Server. (You can change the ranking order and role of Action Servers using the OIS Client.) Regardless of how many Action Servers are available, policies will fill the PAS before spilling over to the SAS and will fill the first SAS before spilling over to the second SAS
3
When you have more than one Action Server, policies begin executing on the Primary Action Server (PAS), and continue to execute on the PAS until the ASPT for that server is reached. After the PAS reaches its ASPT (and only then), policies begin executing on the Standby Action Server (SAS). The SAS is used only when the PAS reaches its ASPT. As soon as there is at least one free policy slot on the PAS, new policies resume executing there. Figure 3.3 shows the list of Action Servers and their priority, which can be set in the OIS Client.
66
CHAPTER 3
Architectural Design
and so on. This is not a load balancing mechanism; it is much more helpful to think about the mechanism as spillover. After all the Action Servers have reached their ASPT, any additional policies that are started will be queued. These queued policies will run as soon as a policy slot frees up on any of the Action Servers, but will always prefer the highest-ranking Action Server if more than one become free.
Policies Assigned to Specific Action Servers The only time policy execution does not follow the standard spillover model is when a policy is set to Override Default Action Server Roles. This setting changes which Action Server acts as the PAS and SAS for the context of that specific policy. If a policy is configured to run only on one Action Server, the effect would be the same as running the policy in a single Action Server environment. Exercise caution when using Override Default Action Server Roles. If a policy is set to run on a specific Action Server and that server has reached its ASPT, the policy must wait for a free policy slot regardless of how many other Action Servers have availability. If more than one Action Server is set using Override Default Action Server Roles, you can configure the rankings between the servers (and those will spill over according to the normal spill over rules), but the policy will run only on Action Servers in that list, even if others are free. Figure 3.4 shows a policy using the Override Default Action Server Roles feature.
FIGURE 3.4 A Policy that is overriding the default Action Server settings
Policy Failover When a policy is running and the Action Server where it is running fails, the policy restarts on another Action Server if one exists. When a policy fails over from one Action Server to another, it always restarts at the beginning of the policy, regardless of how many objects might have already completed in the policy that was lost when the Action Server failed.
Deployment Models
NOTE:
67
HAVING A POLICY PICK UP WHERE IT LEFT OFF
When a policy starts or is restarted, it always begins with the first object in policy. In some situations, this can be quite problematic, especially when executing the same objects again will cause issues in the infrastructure. In these cases, you can build your policy to check to see if it was running previously and include logic to determine what step it was on and then jump to the appropriate step. This will require a good deal of customization, but it is certainly possible.
There are a number of ways to deploy OIS in your environment. However, most implementations of OIS will fit into a small set of deployment models. The following sections will list the most common models for deploying OIS, explain where each model is best suited, and present the relative advantages and disadvantages of each.
Simple Deployment The simple deployment model is the simplest and most basic deployment model for OIS. This model has all the OIS components installed on one server and can use either an existing SQL server or it might also have SQL running on the OIS server. Figure 3.5 shows a diagram of a simple OIS deployment.
FIGURE 3.5 Simple deployment model This model is best suited for a proof of concept, or a limited pilot, and you can use it in a testing environment. However, the simple deployment model is not recommended for a production environment, as it does not provide any fault tolerance for the OIS components. In this model, you normally install all the OIS components on a single server and use an existing SQL instance to host the OIS datastore. If the datastore is also installed on the OIS server, the entire system is at risk if there is a failure.
3
Deployment Models
68
CHAPTER 3
Architectural Design
Here are advantages of this model: . Simplest model to install and configure . Can run every component on a single server or virtual machine (VM) . Limits licensing required Here are the disadvantages: . Does not provide policy failover . All automation stops when server is offline . Becomes a single point of failure especially if SQL is installed on the same server
Resilient Deployment The resilient deployment model is most commonly used. This model is suitable from small businesses to large enterprises. The resilience is provided by having two or more Action Servers and clustering SQL Server. In this model the OIS components, the datastore, and automation targets are all on a centralized high-speed network. For the purposes of this book, a centralized high-speed network is one in which average communication takes place in less than 50ms, and there is little or no data loss. Figure 3.6 shows a diagram of a resilient deployment model.
FIGURE 3.6 Resilient deployment model
NOTE:
USE N+1 FOR ALL IMPLEMENTATION MODELS
This model, as with all those that follow, should use an N+1 formula to determine how many Action Servers are required (where N = the total number of Action Servers required to handle your maximum policy load). This provides an extra Action Server to take the policy load of any other Action Server that might fail.
This model is well suited for any implementation where the OIS components, datastore, and automation targets are all a centralized high-speed network.
Deployment Models
69
Here are advantages of this model: . Provides policy failover by having multiple Action Servers . Provides resilient SQL through SQL clustering . Provides a separate server to run the Action Server Watchdog service and provides alerting if an Action Server should fail . Offers greater flexibility with additional Action Servers Here are disadvantages:
. Additional resource demands from SQL clustering . Additional management burden
Cross-Network Deployment The cross-network deployment model is one in which Action Servers can reach across the network to perform automation on targets. This model is suitable for mid-size businesses or enterprises where remote sites have targets that require automation and are connected by a high-speed remote network, but these remote sites are ones in which it would be impractical or impossible to deploy an Action Server. Resilience is provided by having two or more Action Servers and by clustering SQL. In this model, the OIS components and the datastore are all on a centralized high-speed network and the automation targets are on high-speed remote networks. For the purposes of this book, a high-speed remote network is one in which average communication takes places in less than 200ms, and there is little or no data loss. Figure 3.7 shows a diagram of a cross-network deployment model.
FIGURE 3.7 Cross-network deployment model
3
. Additional resource demands because of extra Action Servers
70
CHAPTER 3
CAUTION:
Architectural Design
NOT ALL OBJECTS WILL PERFORM PROPERLY IN THIS MODEL
The cross-network model requires the remote automation target be within a 200ms latency bubble with the Action Server, but it is critical to note not every object within OIS will tolerate these connection latencies. If you want to implement this model, you will need to test the policies in your environment to confirm the objects do not timeout before they complete their primary functions.
This model is suited for any implementation where the OIS components and datastore are on a centralized high-speed network and where automation targets are on high-speed remote networks. Because not all objects will work over a remote network (see the “Caution” note in this section), this model might not be possible in every environment where it is desired. Here are advantages of this model: . Provides policy failover by having multiple Action Servers . Allows Action Servers to reach into other networks to perform automation, especially when the Action Server cannot be placed in the remote network . Provides resilient SQL through SQL clustering . Provides a separate server to run the Action Server Watchdog service and provides alerting if an Action Server should fail . Offers greater flexibility with additional Action Servers Here are disadvantages: . Additional resource demands because of extra Action Servers. . Additional resource demands from SQL clustering. . Not all policy objects can tolerate this model. . Requires additional configuration of firewalls to allow traffic from any of the objects used to pass between sites. . Additional management burden.
Cross-Network Action Servers The cross-network action server model is one in which Action Servers are placed on a remote network to perform automation on targets there. This model is suitable for midsize businesses or enterprises where remote sites have targets that require automation and they are connected by a high-speed remote network; these remote sites are ones in which it is possible deploy an Action Server. Resilience is provided by having two or more Action Servers and by clustering SQL. In this model, the Management Server, Action Server Watchdog, and the datastore are all on a centralized high-speed network, and the Action Servers are on high-speed remote networks with the automation targets. Figure 3.8 shows a diagram of a cross-network action server model.
Deployment Models
71
3
FIGURE 3.8 Deployment with Action Servers across networks
This model is suited for any implementation where the Management Server, Action Server Watchdog, and datastore are on a centralized high-speed network and where the Action Servers can be placed on the same high-speed remote network where the automation targets are located. This model requires that the remote network latency be less than 200ms. There must be little or no data loss; otherwise, this model will fail. Latency speeds in the 10-30ms range are recommended. Here are advantages of this model: . Provides policy failover by having multiple Action Servers . Allows Action Servers to reside on remote networks to perform automation, assuming the network performance allows this . Provides resilient SQL through SQL clustering . Provides a separate server to run the Action Server Watchdog service and provides alerting if an Action Server should fail . Can be used in some environments where the cross-network deployment model cannot Here are disadvantages: . Additional resource demands because of extra Action Servers . Additional resource demands from SQL clustering . Action Servers will tolerate only excellent network conditions in this model; without excellent conditions they will lose connectivity to the datastore . Requires additional configuration of firewalls to allow SQL traffic between the sites . Additional management burden
72
CHAPTER 3
Architectural Design
Multisite Manual Policy Sync In some environments, the network performance will not be suitable to separate Action Servers from the datastore. If this is the case, it will be necessary to have one installation of the OIS components, including the datastore, at each location that requires automation. OIS installations are always standalone, and they will not communicate natively or share any data between installations (even when on the same network). A multisite manual policy sync model is one where two or more installations of OIS are in use and there is a requirement or desire to use the policies on all installations. Because these installations will not be able to communicate with one another natively, policies that need to be shared must be exported manually and imported at the target OIS installation. This model provides a method to transfer policies but not policy data. Figure 3.9 shows a diagram of multisite manual policy synchronization.
FIGURE 3.9 Manual policy sync model
NOTE:
USE CARE WHEN IMPORTING POLICIES
There are a number of considerations when importing policies from other installations, just as when you promote a policy from testing to production. Refer to Chapter 7 for information.
This model is best suited for environments where network conditions require several installations of OIS and these installations need to transfer policies with one another. Using a manual process to transfer policies between is not a desirable solution given the effort involved, but if more than one installation is required, there is no other way to transfer the policies.
Deployment Models
73
Here are advantages of this model: . Provides a method for using the same policies on remote OIS installations . Can provide uniform automation to several remote sites . Has all the advantages of a resilient model . Offers flexibility in what policies are loaded to which installation Here are disadvantages: . No policy or state data is shared between installations.
. Installations have potential to become out of sync with one another.
Multisite Invoke via Web Services In some environments, the network performance will not be suitable for Action Servers to be separate from the datastore. In this case, it will be necessary to have one installation of the OIS components, including the datastore, at each location that requires automation. OIS installations are always standalone and will not communicate natively. A multisite invoke via Web Services model is one where the OIS installations communicate with one another over Web Services during custom policy execution. By installing the OOC, taking advantage of the Web Services, and building custom policies to use these components, you can have two standalone instances of OIS trade data or call actions on one another. Figure 3.10 shows a diagram of a multisite model using Web Services invocation.
FIGURE 3.10 Multisite invoke via Web Services
3
. Requires manual effort to import or export policies.
74
CHAPTER 3
Architectural Design
This model is best suited for environments where data needs to be shared between OIS installations or where one OIS installation provides a critical service to others (such as trouble ticket creation). Here are advantages of this model: . Allows policies to interact with remote installations and networks . Allows OIS data to be shared between remote installations . Has all the advantages of a resilient model . Allows any networked OIS instance to trigger a specific function on another OIS instance . Offers flexibility in having differing policies at different locations . Allows policy execution across untrusted environments by providing credentials at the connection point using the Invoke Web Services object Here are disadvantages: . Requires special development of all policies to accept or transfer data . Requires the Operator Console be installed on target OIS systems . At risk for failure if network connection is lost
Multisite Hybrid Solution The multisite hybrid solution is a combination of both the multisite manual sync and the invoked Web Services model. It provides a method to use the same policies in separate installations while also allowing those installations to communicate with one another at runtime and share data. Figure 3.11 shows a diagram of a multi-site hybrid solution.
FIGURE 3.11 Multisite hybrid solution
Deployment Models
75
This model is best suited for environments where data needs to be shared between OIS installations or where one OIS installation provides a critical service to others (such as trouble ticket creation) while also providing common policies to multiple installations. Here are advantages of this model: . Provides a method for using the same policies on remote OIS installations . Can provide uniform automation to several remote sites . Has all the advantages of a resilient model . Allows policies to interact with remote installations and networks . Offers flexibility in what policies are loaded to which installation Here are disadvantages: . Requires special development of all policies to accept or transfer data . Requires the OOC be installed on target OIS systems . Requires manual effort to import or export . At risk for failure if network connection is lost . Installations have potential to become out of sync with one another
Multisite Isolated Deployment If your environment’s network performance is not suitable to separate your Action Servers from the datastore or security limitations make this a necessity, but you still need automation on remote sites, you will use an isolated deployment. In this situation, you will need to use a multisite isolated deployment model. This model is simply several unrelated installations that share no information or policy imports. Figure 3.12 shows a diagram of an isolated multisite OIS deployment model. This model is used only when there is no desire or no way to share data or policies between installations. This model is rarely used. Here are advantages of this model: . Each installation is highly available . Provides resilient SQL through SQL clustering . Has all the advantages of a resilient model . Provides a separate server to run the Action Server Watchdog service and provides alerting if an Action Server should fail Here are disadvantages: . No data is shared between installations . All policies are designed and implemented separately
3
. Allows OIS data to be shared between remote installations
76
CHAPTER 3
Architectural Design
. Additional maintenance burden . No policies are shared between installations
FIGURE 3.12 Isolated multisite OIS model
Security Models There are a number of security models to use with your OIS implementation. The following sections list the most common security models for OIS implementations and explain the limitations of each model. The discussion does not list advantages or disadvantages, as the existing security infrastructure is not likely to change because of the addition of OIS.
Single Domain Security The single domain security model is where all OIS components are used within a single Active Directory domain. This is the normal model used by most installations and the one for which OIS was primarily designed. There are no special considerations for using this model; the account used by Action Server service is the default privilege for all policies and should not present any challenges because all the resources are within the same domain. Figure 3.13 shows a diagram of a single domain security model.
Federated Domains The federated domain security model is where all OIS components are used within a single Active Directory domain but the Action Servers act against automation targets in a second domain for which a trust relationship exists. This model is less common, although used by
Security Models
77
some organizations. The only considerations for using this model are that the account used by Action Server service has appropriate rights on the target systems by virtual of the trust relationship. Other than the trust itself, this model is essentially the same as the single domain Model. Figure 3.14 shows a diagram of a federated domain security model.
3
FIGURE 3.13 Single domain security
FIGURE 3.14 Federated domains
Untrusted Security Model The untrusted security model is where two domains exist but there is no trust between them. Both domains require automation and require their own installations of OIS. Generally, this is an undesirable configuration for OIS as the two installations are needed because of a lack of trust. It might be possible to carry out some limited automation across untrusted domains using impersonation or by specifying credentials from the other domain, but this is a challenging configuration. Figure 3.15 shows a diagram of an untrusted security model.
78
CHAPTER 3
Architectural Design
FIGURE 3.15 Untrusted security model
Summary This chapter covered various aspects of OIS architecture. You learned about the lifecycle of a policy and what happens when a policy is started for both monitored policies and ad hoc policies. In addition, this chapter described how the various aspects of Action Server spillover and policy throttling behavior. It also provided a number of architectural models used for deploying OIS and the security models that might be used. In Chapter 4, “Installing Opalis Integration Server 6.3,” you will learn all the steps necessary to install OIS and the OOC.
CHAPTER
4
Installing Opalis Integration Server 6.3 Installing Opalis Integration Server (OIS) 6.3 is a relatively straightforward and easy process. However, the installation process for OIS 6.3 is not similar to that of other System Center products. As OIS is an acquired product and not created by Microsoft, the installation process might differ from that which you are accustomed. Although the process itself is easy, you won’t encounter the standard one-click install that accompanies other Microsoft products. Several steps are somewhat unusual and initially seem unnecessarily challenging. This chapter explains in detail the steps necessary to install the current version of OIS. By following the steps laid out in this chapter, you will be able to successfully install OIS 6.3 and understand why the process is unusual.
Dependencies Explained The OIS 6.3 installation requires several manual steps. There are also a number of manual steps when installing the Opalis Operator Console (OOC), an optional component. These steps arise from prerequisite products required by the Opalis software. Although each installation has a slightly different rationale for this approach, essentially this occurs because Microsoft acquired Opalis Software, and then made the decision to keep the OIS product available after Opalis became a Microsoft subsidiary. The next sections discuss these dependencies.
IN THIS CHAPTER . Dependencies Explained . Installation Prerequisites . Running the Installer . Installing the Management Server . Database Creation and Population . Licensing . Patching for 6.3 . Deployment Manager . Action Server Installation . OIS Client Installation . Integration Pack Installation . Manual Installation . The Opalis Operator Console . Common Installation Problems
80
CHAPTER 4
Installing Opalis Integration Server 6.3
OIS 6.2.2 Dependency The OIS 6.3 installation is dependent on the installation media for OIS 6.2.2. This constraint occurs because 6.3 is fundamentally a patch to a set of files to enable OIS to run on Windows Server 2008 Release 2 (R2). Microsoft was unable to modify the code acquired from Opalis Software until they were prepared to rebrand the OIS product as a full Microsoft offering—rather than a product of the Opalis subsidiary. As they could not alter the original 6.2.2 content or its installers, Microsoft leveraged what existed with updated files for you to install OIS 6.3 on your own. For more information on other implications of the acquisition on the software both today and moving forward, see Chapter 1, “Introducing Opalis Integration Server 6.3.”
Java and JBoss Dependency Unlike Microsoft’s other System Center products that require console installation during the installation process, the OOC is not required to use OIS 6.3. The console exists as an add-on and provides a number of useful but completely optional features. If you will be installing the OOC, there are two prerequisites you must first install on one of your servers—Java and JBoss. Setting up the OOC is a manual process. Here’s why: . Microsoft does not have permission to distribute Sun’s Java or the JBoss elements. . Both Java and JBoss require an End-User License Agreement (EULA) from their respective developers. By definition, the end user must be the one to accept the EULA; this requirement necessitates you download and configure these items on your own. However, by following the instructions throughout this chapter, you will find the installation quite manageable.
Installation Prerequisites Before starting your OIS 6.3 installation, verify the target systems meet the minimum requirements and other prerequisites. These next sections discuss these requirements.
Server Requirements The OIS server components include the Action Server, Management Server, and OOC. These components have a number of requirements and prerequisites, listed in Table 4.1.
TABLE 4.1 Server Component Requirements and Prerequisites Item
Minimum Requirement or Prerequisite
Processor
2.1GHz dual-core Intel Xeon 3000 series or equivalent.
Memory
2GB.
Installation Prerequisites
81
TABLE 4.1 Server Component Requirements and Prerequisites Item
Minimum Requirement or Prerequisite
Disk Space
Management Server: 131MB. Operator Console: 131MB. Operator Console with JBoss requirement: 200MB. Action Server: 50MB. Policies might require additional space, especially when working with file transfer, data transformation, or other activities.
Operating System
One of the following: Windows Server 2008 Windows Server 2008 Windows Server 2003 Windows Server 2003
Additional Software
Windows Installer 3.1 to install OIS and its components, integration packs, and so on. (This is not required for the Operator console.) Microsoft .NET Framework 3.5 Service Pack 1. .NET Framework 3.5 is not enabled by default in Windows Server 2008; you enable it in the Internet Information Server (IIS) role. This software is not required for the Operator Console. All Microsoft Windows products must be English-localized editions. An Active Directory (AD) environment is recommended for OIS.
Data store
Microsoft SQL Server 2005 or SQL Server 2008.
SQL SERVER CONSIDERATIONS
OIS 6.3 currently supports SQL Server 2005 and 2008. Although the SQL Server Desktop and SQL Server Express editions might work for small installations of the product, Microsoft does not support them for OIS. To maximize performance, the authors recommend you use a dedicated instance of SQL Server for your OIS installation. You can use a 64-bit version of SQL Server on the system with your datastore, even if you install OIS on Windows 2003 32-bit.
User Account Requirements For an automation engine to be effective, it must have sufficient access to carry out the individual tasks that make up the automation. Generally, this means the Action Servers will run under a privileged account, typically an account with administrator access. The account(s) assigned to the Management Server and Action Server services must be assigned the Log on as a Service user right. Perform this task prior to installation for every standalone Action Server (those that do not exist on the same server as the Management Server); otherwise, the deployment will fail.
4
NOTE:
(32-bit or 64-bit). R2 (64-bit). (32-bit) Service Pack 2. R2 (32-bit) Service Pack 2.
82
CHAPTER 4
Installing Opalis Integration Server 6.3
Management Server Service Account The Management Server’s service account is used to provide a number of services to the Action Servers and clients using the product. The Management Server service account must be able to modify the structure of the Opalis database, as it adds and modifies tables during licensing and Integration Pack (IP) installation. The authors recommend this account have the sysadmin server role on the SQL Server instance, enabling it to create the Opalis database and become the database owner (dbo). Action Server Service Account The Action Server’s service account is the default account used to perform every action within a policy, although you can modify that behavior within certain objects. It is imperative this account have appropriate permissions for your policies to work properly. The Action Server service account should be a local Administrator on the Action Server host computer and is recommended to have administrative rights on computers that are targets of Foundation objects, as most operations require elevated privilege. In addition to verifying the Action Server service account has adequate privileges, you will also want to confirm the target devices (the remote machines your policies will target for automation) are configured to allow this account to access them remotely and perform read and write operations. As the Action Server service account will also read and update the Opalis SQL database tables for logging purposes, it will require permissions on the SQL Server. (This presumes you are using Windows Authentication with SQL Server.) As the Action Server service account is specified as part of the machine’s services controls, it is possible to specify a different Action Server service account for every Action Server, although this is not generally recommended—because most users want uniform behavior regardless of the Action Server the policy executes on. OIS includes a number of objects allowing you to define an account credential for that object that overwrites the default service account using impersonation. If an object has this function, it will be available within the object’s Properties dialog screen.
CAUTION:
MODIFIED IMPERSONATION SETTINGS MIGHT CAUSE ISSUES
If your target devices have been modified and are not using the default impersonation settings, these objects might not function properly.
For those systems that will have the Action Server or Management Server components installed, you will want to restrict permissions to login interactively to the Local Administrators group and restrict membership to that group. This book discusses Microsoft SQL Server installations only. If you choose to use Oracle as your OIS backend datastore, please refer to the Opalis Integration Server Administrator Guide, available online at http://technet.microsoft.com/en-us/library/gg464955.aspx.
Installation Prerequisites
83
Trust But Verify The requirement for the Action Servers to have a privileged account means that those individuals creating policies with the Designer Client also have this same privileged access, by virtue of the OIS architecture. When first designing your workflow processes, here are two important concepts to consider: . Do not give authoring rights to users whom you do not trust. . Always use a change control process with automation workflows.
CAUTION:
TEST BEFORE IMPLENTING POLICIES
For additional information on how to design your workflow promotion process, see Chapter 7, “Implementation and Best Practices.”
Downloading the Installation Media After meeting those prerequisites listed in the “Server Requirements” and “User Account Requirements” sections, download the installation media for OIS from http://www. microsoft.com/opalis, clicking the link to Download the 180 Day Trial Version. If you are a System Center Server Management Suite Enterprise (SMSE) or Server Management Suite Datacenter (SMSD) customer, you will also see a link for the fully licensed version at the bottom of the page—Download the Full Opalis 6.3 with 6.2.2 Package (for Customers with Qualifying SMSE and SMSD Licenses Only). The installation media is identical for both sets of bits—as only the license file is different—there are no feature limitations in the trial version. You can upgrade the trial license to a full license without impact. Download and run the installation executable Opalis_180_Day_Evaluation.exe, which will unpack its contents into the installation folder you specify. The exact location is not important, although C:\Install is typically used. After the executable is unpacked, you will have three new zipped folders: . 180 Day Eval Licenses . Opalis 6.2.2
4
Often organizations new to automation will simply change a policy in production, check it in, and move on to other duties. This is a dangerous way to handle policy authoring. There should always be a testing or staging environment for new or modified policies, tested by someone other than the author before the polices are promoted into production. You do not need to be an organization that uses the Information Technology Infrastructure Library (ITIL) to understand that automation without discretion is incredibly dangerous!
84
CHAPTER 4
Installing Opalis Integration Server 6.3
. Opalis 6.3 The 180 Day Eval Licenses.zip and the Opalis 6.3.zip files will unzip into folders with normal files in them. Opalis 6.2.2.zip will unzip into 32 other zipped files: . 28 OIS 6.2.2 Integration Packs . OIS Installation source media . Opalis 6.2.2 Service Pack (SP) 1 update (Opalis Integration Server 6.2.2 Service Pack 1_6.2.2.51310.zip unzips into another compressed executable called OpalisServicePack1.exe) . Operator Console Installer script . QIK installer Unzip those files you require for your installation.
Running the Installer After downloading Opalis_180_Day_Evaluation.exe and unpacking Opalis 6.2.2.zip, unzip Opalis Integration Server 6.22_6.2.2.5229.zip. You should have a directory structure similar to that shown in Figure 4.1.
FIGURE 4.1 Unpacked OIS 6.2.2 installation media
Now you are ready to run the Setup.exe file to load the installer and begin the installation process. The OIS Installer is a series of guided installation tasks, all launched from a single window.
Installing the Management Server
85
FIGURE 4.2 The OIS central installer window The process consists of four steps, as shown in Figure 4.2:
2. Configuring the Datastore 3. Importing a License 4. Installing the Client These processes are described in the next sections of this chapter.
Installing the Management Server Perform the following steps to install the Opalis Management Server: 1. It is recommended you log in using the same account you will use for the Management Server’s service account and verify the account has the sysadmin server role on the SQL Server instance, enabling it to create the Opalis database and become the dbo. Choose option 1 in the OIS installer window displayed in Figure 4.2—Install the Management Server. Click Next at the welcome screen. Verify the server you are running on is the one you want to act as a Management Server. After you begin the Management Server setup, you will be asked if you accept the license agreement. Choose I Accept the License Agreement and click Next. 2. Next, you will be asked to provide standard installation User Information. These details do not affect the installation. Select the option to install the application for anyone who uses this computer and click Next. 3. The next screen (Figure 4.3) allows you to either accept or change the default path. If you do not have internal requirements to move the default location, click Next. To change the location, browse to the path you want to use and click Next.
4
1. Installing the Management Server
86
CHAPTER 4
Installing Opalis Integration Server 6.3
FIGURE 4.3 The Management Service Destination Folder
4. Now, specify logon information for the Management Service. The credentials supplied in Figure 4.4 are used to run the Opalis Management Server Management Service. This account needs administrative rights on the local system of the target server, as it will need to logon as a service and perform various other activities that require local administrator rights. This account can be a domain user account, as long as it is also a member of the local Administrators group.
FIGURE 4.4 Management Service Logon Information
Use the Browse button in Figure 4.4 to locate the user account from your local machine or domain, or enter the user account manually and click Next. The installer verifies the account and password are correct before continuing. It will also make sure the account has appropriate permissions to start the service.
Database Creation and Population
87
5. Click Next to begin the installation. The installer will copy files and complete installing the Management Server on this machine. The process will run the OpalisIntegrationServer_ManagementService_622.msi from your installation path, which will install the Management Service, the Opalis Action Server Watchdog Service, the Deployment and License Managers, and other administrative tools. 6. Click Finish to complete the Management Server installation.
NOTE: THE DEFAULT LOCATION VARIES IF YOU ARE RUNNING 32-BIT OR 64-BIT WINDOWS
After completing the Management Server installation, verify the OpalisManagementService service installed properly and is in a started state using the credentials you supplied. You should also find the OpalisActionServerWatchdog service installed and started. Both services should have their startup type set as Automatic.
Database Creation and Population The OIS central installer window should now have a check mark next to step 1, as shown in Figure 4.5. To proceed with the installation and configuration of the Opalis database, select the second option—Configure the Datastore.
FIGURE 4.5 Configuring the datastore
4
Figure 4.3 shows a default location of Program Files (x86), as the software is being installed on a 64-bit Windows system. For 32-bit operating systems, the default location would be Program Files.
88
CHAPTER 4
Installing Opalis Integration Server 6.3
Perform the following steps to create and configure the datastore: 1. The first screen, displayed in Figure 4.6, asks if you are using a Microsoft SQL Server or an Oracle Server. It is highly recommended you select Microsoft SQL Server. Although Oracle is supported with OIS 6.3, it is unknown whether that support will continue after Microsoft rebrands the product. Make your selection and click Next.
FIGURE 4.6 Selecting a database type 2. After selecting the database type, the wizard requests you provide the server details. In the Server field displayed in Figure 4.7, type in the name of your SQL Server or browse to it using the ellipsis button.
FIGURE 4.7 Specifying SQL Server details You must also specify the type of authentication credentials you intend to use for the OIS installation, either Windows Authentication or SQL Authentication, and
Database Creation and Population
89
click Next. It is recommended you use Windows Authentication because of its enhanced features, although both options are supported.
TIP:
BEST PRACTICES FOR SQL INSTALLATIONS
For production implementations, always use a separate SQL installation for OIS; do not install SQL Server and OIS on the same server. This introduces a single point of failure and adds unnecessary overhead, potentially causing performance problems. The authors suggest you make your SQL instance highly available, generally through SQL Clustering. However, if you are only testing OIS and not using it in production, having SQL and OIS on the same server is an acceptable scenario.
FIGURE 4.8 Selecting a database details screen . For new installations, you will always elect to create a new database. The default database name is Opalis, although you can change it to any valid database name if you have specific requirements to modify the default. . When you select Finish, the installer connects to the SQL instance and runs the DBCreation.sql script found in the %Program Files (x86)%\Opalis Software\Opalis Integration Server\Management Service\ folder. This creates all necessary tables and populates them with the information needed for a clean installation. . If upgrading from an earlier version or reinstalling using a database already configured for OIS, select the option to use an existing database. The drop-
4
3. The final screen in the database configuration wizard is the Database Details screen shown in Figure 4.8. Here you can create a new database or use an existing database. Make your selection and click Next.
90
CHAPTER 4
Installing Opalis Integration Server 6.3
down will list all the databases on the selected SQL instance, and you can choose to use your previous OIS database. If you choose to use an existing database, the system will warn you of the possibility of a destructive overwrite—but if you have an OIS 6.2 or higher compatible database the process will not harm your data. . After selecting Finish, the installer connects to the SQL instance and runs the DBData.sql script found in the %Program Files (x86)%\Opalis Software\Opalis Integration Server\Management Service\ folder, which upgrades the existing database if necessary. When this process completes successfully, your OIS database is configured. The Database Configuration utility also creates an encrypted file, which dictates the connection settings for the Management Server (and any other deployed Action Servers or clients). The settings are stored in %Program Files (x86)%\Common Files\Opalis Software\Opalis Integration Server\Shared\settings.dat. If you change any database settings in the future (server, name, port, and so on), you must run the Database Configuration tool again on the Management Server and all Action Server systems to update this file.
Licensing As OIS is a product of Opalis Software, Inc., a subsidiary of Microsoft and not a Microsoft product, the licensing steps in OIS differ from the other members of the System Center suite. For this reason, the normal Microsoft licensing sites and channels (such as MSDN) do not have licenses for OIS. Instead, the licenses for OIS are bundled into the installation source for your convenience. Before beginning the process to import your license, you should locate your licenses. Unzip the 180 Day Eval Licenses.zip file if you have not already done so. From the unzipped location, select the \EVAL folder, which contains your license files and your license keys. (If you download the full license version—SMSE or SMSD—the process will be exactly the same except that your licenses will be inside Licenses.zip and will unzip into the \Licenses folder.) The license file you apply determines whether your license will expire. There should be 33 files in the \EVAL or \Licenses folder: . Two .docx files . 31 .lic files After locating these files, perform the following steps to import a license: 1. The third step of the installation process is Import a License. Select this step, as shown in Figure 4.9. 2. The import step starts the Opalis License Manager, which requires two separate items for each license you import. Licenses are required for the base OIS product and every IP included with the 6.2.2 installation media. (To simplify the installation process, the new IPs for System Center, which ship with 6.3, do not require licenses.) This
Licensing
91
FIGURE 4.9 Step 3 in the installation process: Import a license
4 means that if you need to install six v6.2.2 IPs on your OIS system, you will need to install seven licenses—one for each of the six IPs and the seventh for the base system itself.
TIP:
BE SURE TO IMPORT THE LICENSES BEFORE RUNNING POLICIES
You must import license files used by the IPs before you can run policies containing objects from those IPs.
. License files have a .lic extension. These files control the type of license you will install and what restrictions, if any, are placed on the product. The only restriction post-acquisition is the license expiration date. All the other aspects (client license, satellites, and so on) are reflections of the licensing model Opalis Software used prior to the Microsoft acquisition. These licensing elements either are now ignored by OIS or have been set to high values by Microsoft to avoid issues. The default evaluation license has 1,000 Action Servers and 1,000 User licenses (both of which are ignored) and 100,000 Satellite or Device licenses. . The Opalis License Manager requires a license key for each element of OIS you need to license. The license key is a Globally Unique Identifier (GUID) that includes the curly braces on either end. These license keys are fixed, as the GUID is directly correlated to the product within the Opalis database— meaning everyone’s license key for the OIS base product is identical. These license keys have not changed since the first version of OIS 5.0. The license keys are listed in \EVAL\Opalis Eval product Licenses.docx; this contains the license keys for every IP and the base product.
92
CHAPTER 4
CAUTION:
Installing Opalis Integration Server 6.3
LICENSE FILES MUST BE ON THE LOCAL SYSTEM
License files used by the Opalis License Manager must be local to the OIS Server from which you install them. You will not be able to import the licenses properly from a Universal Naming Convention (UNC) path or other network share. These files must not be flagged as read-only, or the license import will fail. 3. Click the Import button to open the Import License dialog box, as shown in Figure 4.10. Enter your license key and the name of your license file in the appropriate fields.
FIGURE 4.10 The Opalis License Manager . Key—Type or paste the license key. . Here is the standard license key for the base OIS: {B3DBAA89-0715-48E8-95AA-6DAF0C689944}
NOTE:
DON’T LEAVE OFF THE CURLY BRACES
Do not forget to include the curly braces when you copy and paste this value. It should look like the example in Figure 4.10.
. License file—Type or browse to the location of the license file. This will be in the location where you unzipped 180 Day Eval Licenses.zip. After the license is successfully imported, click OK. 4. After importing your license, you should see the license(s) listed in the License Manager window, as shown in Figure 4.11. If you used an evaluation license, you should see that it expires 180 days after you install it. A full license will not show an expiration date. Click Close to close License Manager, and then close the setup.exe installer window. There are no additional steps required from that component. Repeat these steps to import any additional licenses required for the IPs you want to use in your environment. Remember you can find all the license keys in \EVAL\Opalis Eval product Licenses.docx.
Patching for 6.3
93
Patching for 6.3 At this stage of an OIS 6.2.2 installation, you move to step 4 in the installer to import the Client. However, as you are installing OIS 6.3, you will need to break from the normal installation routine in accordance with the instructions in the Opalis 6.3 Release Notes included with the installation media. Perform the following steps: 1. You must patch the Foundation objects supplied by the Management Service to provide the newly updated objects for 6.3. Navigate to the folder where you unzipped Opalis 6.3.zip and open the \Opalis Integration Server subfolder. There should be three files in this subfolder: . OpalisIntegrationServer_FoundationObjects.msi . OpalisIntegrationServer_Client_630_PATCH.msp . OpalisIntegrationServer_ManagementService_630_PATCH.msp 2. Take the new OpalisIntegrationServer_FoundationObjects.msi (size: 11,332,096 bytes) and use it to replace the existing version of the file located in %Program Files (x86)%\Opalis Software\Opalis Integration Server\Management Service\Components\Objects. You do not need to stop or restart any services, as the Management Service only delivers this file when clients or servers are created or updated with the Deployment Manager. 3. Next, patch the Opalis Management Service. This patch is called OpalisIntegrationServer_ManagementService_630_PATCH.msp, and you can run it in the subfolder where it is located. When you run the patch, you see a welcome screen
4
FIGURE 4.11 Installed licenses
94
CHAPTER 4
Installing Opalis Integration Server 6.3
as shown in Figure 4.12. This patch does not include any user-configurable options; click Next for the patching to complete. When the patch is complete, the Installation Complete screen displays. Click Finish to close the window.
FIGURE 4.12 The 6.3 patch for Management Service
Deployment Manager After you patch the Management Server and update it with the 6.3 version of the foundation objects, resume the normal installation process. You will use the Opalis Deployment Manager to complete installation of the Action Server(s) and OIS Client(s). The Deployment Manager is the tool used to install or update clients and Action Servers and to register and deploy IPs. You can also use it to uninstall any of these components or to verify version numbers and installation details of components. It does not matter whether you install the Action Server or OIS Client first, as long as both components install correctly before you begin building new polices. The Action Server and the OIS Client do not need to be installed on the same computer.
Action Server Installation Perform the following steps to install an Action Server: 1. Open Deployment Manager found at Start -> All Program -> Opalis Software\Opalis Integration Server. From the Management Server pane on the left side, expand Management Server and right-click Action Server, and then select Deploy new Action Server, as shown in Figure 4.13. On a Windows Server 2008 system, elevated privileges are required and should be used (Run as Administrator). 2. This starts the Action Server Deployment Wizard. The first screen is only informational. Click Next to begin, or you can first check the box marked Skip This Welcome Page in the future.
Action Server Installation
95
4
FIGURE 4.13 The Deploy New Action Server selection 3. The next screen is the Action Server Selection dialog. . This dialog requires you provide the Action Server name or Internet Protocol address and the Account Information for the Action Server service account. See Figure 4.14 for an example.
FIGURE 4.14 Configuring your Action Server . In the Computer field, type in or browse for the server you want to configure as an Action Server. . In the Description field, you might add any comments you want about this Action Server. This field is optional.
96
CHAPTER 4
Installing Opalis Integration Server 6.3
. In the Account Information section, provide the user name and the password for the account. The username must be in the format domain\user, but you can use the ellipse button to start a standard Active Directory browser to locate the account.
CAUTION:
LOGON AS A SERVICE RIGHT
If the Action Server computer is remote from the Management Server, the user account specified in this dialog must have the User Right “Log on as a Service” and must not have the User Right “Deny Log on as a Service,” or deployment will fail. If the Action Server is deployed on the same computer as the Management Server this right was previously granted with the Management Server installation.
Click Next when you complete the dialogs.
CAUTION: ACTION SERVER INSTALLATION DOES NOT CHECK SERVICE ACCOUNT PASSWORD Unlike the Management Server setup, the Action Server installation wizard does not check to see if the password supplied for the service account is correct. Be sure you use the correct password and verify the service is started or will start normally after you finish the wizard.
4. The next dialog lists any hotfixes or IPs that will also be deployed to the server. During your initial installation, this screen should be blank. Click Next to proceed. 5. The final screen is a summary of the new Action Server’s details. See Figure 4.15 for an example.
FIGURE 4.15 Action Server summary screen
OIS Client Installation
97
6. Click Finish to begin the installation. The Action Server installation will connect to the target server, attempt to uninstall any existing Action Servers, and then install the new Action Server and any hotfixes or IPs. When the installation completes, verify that the Opalis Action Service is running with a startup type of Automatic using the Windows Services application. Start the service or modify the startup type as necessary. You can also check the Log Entries section of Deployment Manager to verify there were no other problems with the installation.
OIS Client Installation The Designer Client installation also uses the Deployment Manager. Perform the following steps to install the Designer Client:
FIGURE 4.16 The Deploy New Client selection 2. The Client Deployment Wizard starts. The first screen is informational; you can click Next to begin, or first check the box marked Skip This Welcome Page in the future. 3. The next screen is the Client Selection Details dialog. This requires you provide the Client name or Internet Protocol address, and then click Add. This adds the client’s
4
1. Open Deployment Manager found in Start -> All Programs -> Opalis Software -> Opalis Integration Server. From the Management Server pane on the left side, expand Management Server. Right-click Clients, and select Deploy new Client, as shown in Figure 4.16. On a Windows Server 2008 system, elevated privileges are required and should be used (Run as Administrator).
98
CHAPTER 4
Installing Opalis Integration Server 6.3
name to the install list, as shown in Figure 4.17. You can add several clients this way and install them at the same time. If you make a mistake in adding client names, highlight the incorrect name and click Remove to delete it from the list. Click Next when satisfied with the list.
FIGURE 4.17 Computer selection details 4. The next dialog lists any hotfixes or IPs that will also be deployed to the client. During your initial installation, this screen should be blank. Click Next. 5. The final screen is a summary of the details for the new Client. See Figure 4.18 for an example. 6. Click Finish to begin the installation.
FIGURE 4.18 Client summary screen
Integration Pack Installation
99
The Designer Client installation connects to the target computer and attempts to uninstall any existing Designer Clients, and then install the new Client, Foundation objects, and any hotfixes or IPs. After the installation completes, you have a fully installed OIS 6.2.2 Designer Client, which you will need to patch for 6.3. You can also check the Log Entries section of Deployment Manager to verify there were no other problems with the installation. To patch the Designer Client to version 6.3, copy the OpalisIntegrationServer_Client_630_PATCH.msp to the client machine and run it locally. You do not need to modify any of the options when the patch runs. Accept the defaults and patch your client.
NOTE:
BE SURE TO PATCH ALL CLIENTS FOR VERSION 6.3
After completing and patching the installation, open the Designer Client, and verify it can successfully connect to your Management Server.
Integration Pack Installation Installing and deploying IPs can create some confusion for new users because it is the only aspect of using Deployment Manager requiring two steps: . Registering the IP with the Management Server—This step registers the IP with the Management Server and creates the appropriate tables for the IP in the database. It also places the msi package for the IP into the appropriate folder for distribution and installation. This step does not actually install the IP anywhere. Remember the Management Server does not need to be an Action Server; and as such, it might never perform the role. Likewise, the Action Server controls the distribution of IPs. Not every IP is necessarily installed on every Action Server. . Deploying the IP to the Action Server—After the IP is registered, the next step is to deploy it to one or more Action Server and/or Clients. This is the actual process of installation on the target device. After completing this step, the Clients and Action Server will have the new objects installed and can execute policies containing objects from the new IP. (Assuming it is licensed, an IP can be installed and configured by the client without installing a license.)
4
Every client that you deploy (manually or via the Deployment Manager) will be using the 6.2.2 client image from the installation source and must be patched after installation.
100
CHAPTER 4
Installing Opalis Integration Server 6.3
Registration and deployment of all IPs follows this process, described in the next two sections. Occasionally, there will be IPs requiring special prerequisites before you can use the IP. Refer to the instructions included with those IPs you intend to use to see if this is applicable. The Integration Pack for System Center Operations Manager is an example of this, as you must install the System Center Operations Manager Operations console. See Chapter 9, “Integration with System Center Operations Manager,” for additional information on installing the System Center Operations Manager IP.
Registering the IPs When registering IPs, start by selecting the files for the IPs you want to deploy. IPs are single files ending in the extension .oip (Opalis Integration Pack); these are compressed and contain a number of other files. These files typically contain the following: . An .MSI file that installs the appropriate files required by the IP . A .CAP file that describes the object details and SQL updates . A EULA file, used to prompt the users to accept the terms of the End-User License Agreement. . An .XML configuration file, describing the EULA and other file locations and object details Contents of the .oip files are not user configurable; this information is only for reference. The installation media you download includes each IP in a .ZIP file. Unzip these files to extract the .oip file and the HTML help file included in each. To register the IPs, perform the following steps: 1. Open Deployment Manager, found in the Start -> All Programs -> Opalis Software -> Opalis Integration Server menu. On a Windows Server 2008 system, elevated privileges are required and should be used (Run as Administrator). 2. From the Management Server pane on the left side, expand Management Server and then Integration Packs. Right-click Integration Packs, then select Register IP with the Management Server, as shown in Figure 4.19. 3. This starts the Integration Pack Registration Wizard. The first screen is informational, click Next to begin or first check the box marked Skip This Welcome Page in the future. 4. The next screen is the Integration Pack or Hotfix Selection screen. Click Add to select the .oip files for your IP’s installation. You can add multiple IPs on this screen. As you add IPs, you will see their name, version number, and the path you selected, as shown in Figure 4.20. Click Next after adding all IPs you want to the list.
Integration Pack Installation
101
4
FIGURE 4.19 Register IP with Management Server
FIGURE 4.20 Selecting IPs to register 5. The final screen summarizes the details for the new IP. Click Finish to register the IP. If your IP contains an EULA, it displays at this time. Click Accept for the registration to finish successfully. This registers the IP into the database and uses the .msi file to produce those files needed to deploy the IP. You can also check the Log Entries section of Deployment Manager to verify there were no other problems with the installation.
102
CHAPTER 4
Installing Opalis Integration Server 6.3
Deploying the IPs After you have registered all IPs you plan to use, you will need to deploy them to the Action Servers and clients in your environment. Perform the following steps to deploy your IPs: 1. Open Deployment Manager found in Start -> All Programs -> Opalis Software -> Opalis Integration Server. On a Windows Server 2008 system, elevated privileges are required and should be used (Run as Administrator). From the Management Server pane on the left side, expand Management Server, and then Integration Packs. Right-click Integration Packs, and select Deploy IP to Action Server or Client, as shown in Figure 4.21.
FIGURE 4.21 Deploying IPs to your Action Server
2. This starts the Integration Pack Deployment Wizard. The first screen is informational, click Next to begin or first check the box marked Skip This Welcome Page in the future. 3. The following screen is the Deploy Integration Pack or Hotfixes screen. This lists every IP registered with your Management Server. (If the IP you are looking for is not in this list, verify you correctly completed the steps in the “Registering the IPs” section.) Check each IP you want to deploy; you can select all the IPs listed if you want. Figure 4.22 shows an example. 4. The next screen is the Computer Selection Details dialog. This requires you provide the Action Server’s or Client’s name or Internet Protocol address, and then click Add, which opens the server’s name to install list, as displayed in Figure 4.23. You can add several servers this way and install them at the same time. If you make a mistake in
Integration Pack Installation
103
adding client names, highlight the incorrect name, and click Remove to delete it from the list. Click Next when satisfied with the list.
4
FIGURE 4.22 The list of available IPs
FIGURE 4.23 Computer Selection details
5. Because this restart might be disruptive, you can either complete the deployment immediately or schedule it for another time. You have two options: . Carry out the deployment immediately and stop all running policies on the target servers. This is the default. . Schedule the installation for a later date and time within the next 7 days. Whether you choose to deploy immediately or later, you have the option to stop the policies at installation or manually restart the service/server later. If you choose the second option, a restart might be required if a file currently in use is
104
CHAPTER 4
Installing Opalis Integration Server 6.3
applied. In this case, the Windows Installer automatically schedules that file for replacement at system restart. See Figure 4.24 for an example. Click Next.
FIGURE 4.24 Installation Options 6. The final screen shows a summary of the IP deployment details. Click Finish to begin the installation. Check the Log Entries section of Deployment Manager to verify there were no other problems with the installation. You can also confirm the installation of the IP on a given Action Server or Client by selecting the computer under the Action Server or Client branches of the Deployment Manager and reviewing the details in the main window.
CAUTION:
OIS 6.2.2 IPS ARE SUPPORTED ONLY ON WINDOWS 2003
Pay special attention to whether the IP you are installing shipped with OIS 6.2.2 or OIS 6.3. IPs included in the OIS 6.2.2 installation media are not supported on Windows Server 2008 64-bit installations, while those IPs included in 6.3 (System Center Configuration Manager, Data Protection Manager, Virtual Machine Manager, Service Manager, and Operations Manager) are all supported on both Windows Server 2003 (32-bit) and Windows Server 2008 R2 (64-bit). Some of the older IPs will operate normally under a 64-bit OS, although this is not supported. Others, such as the IP for Active Directory, will not work at all. Depending on your configuration needs, you might need one Action Server running Windows 2003 32bit. Microsoft has committed to releasing newer versions of all the 6.2.2 IPs that will support Windows 2008 but the schedule is not available this time. It is possible these will be re-released with the next version, System Center Orchestrator 2012.
Manual Installation
105
Manual Installation If your environment is restricted and does not allow the traffic required by the Deployment Manager to cross your network, you can manually install all components. To deploy an Action Server manually, perform the following steps: 1. Copy OpalisIntegrationServer_ActionServer.msi located in %Program Files (x86)%\Opalis Software\Opalis Integration Server\Management Service\Components\Server to your target Action Server. 2. Copy OpalisIntegrationServer_FoundationObjects.msi, found in %Program Files (x86)%\Opalis Software\Opalis Integration Server\Management Service\Components\Objects, to your target Action Server. 3. Launch OpalisIntegrationServer_ActionServer.msi by issuing the following command:
4. Follow the installation process described earlier in the “Action Server Installation” section of this chapter, but do not change the default destination folder. 5. Launch OpalisIntegrationServer_FoundationObjects.msi by issuing the following command: msiexec.exe /i “< location>\OpalisIntegrationServer_FoundationObjects.msi” /qn ALLUSERS=1.
6. Enter your user information and click Next; do not change the default destination folder. Click Next and then Finish to complete the installation. 7. Configure the database information by launching the Database Configuration utility and filling it out as you did during the Management Server installation. 8. Manually start the Opalis Action Service using the Windows Services application. Perform the following steps to deploy the Designer Client manually: 1. Copy OpalisIntegrationServer_Client.msi, found in %Program Files (x86)%\Opalis Software\Opalis Integration Server\Management Service\Components\Client, to your target client. 2. Copy OpalisIntegrationServer_FoundationObjects.msi, located in %Program Files (x86)%\Opalis Software\Opalis Integration Server\Management Service\Components\Objects, to your target Action Server. 3. Launch OpalisIntegrationServer_FoundationObjects.msi by issuing the following command: msiexec.exe /i “
\OpalisIntegrationServer_FoundationObjects.msi” /qn ALLUSERS=1.
4
msiexec.exe /i “\OpalisIntegrationServer_ActionServer.msi” /qn ALLUSERS=1 AS_USERNAME=<domain\account> AS_PASSWORD=<password>
106
CHAPTER 4
Installing Opalis Integration Server 6.3
4. Enter your user information and click Next; do not change the default destination folder. Click Next and then Finish to complete the installation. 5. Launch OpalisIntegrationServer_Client.msi by issuing the following command: msiexec.exe /i “\OpalisIntegrationServer_Client.msi” /qn ALLUSERS=1
6. Follow the installation process described earlier in the “OIS Client Installation” section but do not change the default destination folder. 7. Copy OpalisIntegrationServer_Client_630_PATCH.msp from your Opalis 6.3 folder from the installation media and copy it to your target client. 8. Launch OpalisIntegrationServer_Client_630_PATCH.msp and install it using all the default options. 9. Start the Opalis Designer Client and choose Connect on the Actions menu, then enter your Management Server’s name or Internet Protocol address. Verify it connects successfully to the Management Server.
The Opalis Operator Console As discussed in Chapter 2, “Inside Opalis Integration Server 6.3,” the OOC is not a mandatory component of OIS. However, it does provide a number of useful features otherwise lacking in the product: . Monitoring Action Server health from a web page . Monitoring policies from a web page . Triggering policies from a web page . Triggering policies from a web page and having the operator pass parameters to that policy . Triggering a policy directly from a URL link without additional input . Restricting users from triggering policies while still giving them rights to view their status . Providing a robust Web Services Application Program Interface (API) for third-party integration usage If you require any of these features, you need to install the OOC. Here are the high-level steps required for installation: . Gathering files . Installing Java . Setting environment variables . Extracting and copying files
The Opalis Operator Console
107
. Copying and configuring files . Testing the Console . Configuring the OOC as a service The next sections discuss the required steps in detail.
Gathering Files To install the OOC, you must locate and download the 16 files listed in this section. It is important to use the versions of the files listed here, as later versions of these files might not work properly:
. JBoss Application Server 4.2.3.GA . Hibernate Validator 3.0.0.GA . Hibernate Commons Annotations 3.3.0.GA . Richfaces-API 3.3.1.GA . Richfaces-UI 3.3.1.GA . Richfaces-Implementation 3.3.1.GA . JBoss-EL 2.0.1.GA . JSF-Facelets 1.1.14 . Java Native Access 3.0.9 . JAX-WS RI . JBoss Seam-Core 2.0.2_SP1 . JBoss Seam-Remoting 2.0.2_SP1 . JBoss Seam-UI 2.0.2_SP1 . JBoss Seam-Debug 2.0.2_SP1 . JBoss Seam-Mail 2.0.2_SP1 The links to download these files are listed at http://technet.microsoft.com/en-us/library/ gg440750.aspx. The authors recommend downloading all the files into a single folder to locate them more easily. The suggested path is C:\Libraries.
4
. Java Development Kit 6 Update 4
108
CHAPTER 4
Installing Opalis Integration Server 6.3
Installing Java After downloading the files listed in Table 4.2, install the Java Development Kit 6 Update 4 with default settings. This is displayed in Figure 4.25.
FIGURE 4.25 Java installation
Setting Environment Variables With Java installed, the next step is setting the environment variable for JAVA_HOME. On the desktop, right-click on My Computer and select Properties, then select Advanced System Settings to open the System Properties dialog. Select Environment Variables. Click New in the System variables section and enter a new System Variable for JAVA_HOME, set the value (variable path) to the folder you installed the Java Development Kit (JDK) into, typically %Program Files (x86)%\Java\Jdk1.6.0_04 for 64-bit systems or %Program Files%\Java\Jdk1.6.0_04 on 32-bit systems. Figure 4.26 displays this configuration. Now add %JAVA_HOME%\bin to your system path. Highlight Path in the list of system variables and select Edit. In the Variable Name field, move your cursor to the end of the existing value and then add the text ;%JAVA_HOME%\bin to your existing path. Be sure to add a semicolon after the end the old path to separate it from the new variable. Click OK and then OK again to exit the system properties.
Extracting Files The next step in the installation is extracting the contents of the JBoss Application Server 4.2.3.GA to a folder for installation. To extract the file, select the file jobss-4.2.3.GA, rightclick, then select Extract All... and choose a path. The authors recommend extracting the contents to C:\JBoss. Next, extract the Jaxws-ri files. Perform the following steps: 1. Open a command prompt. Change directories until you are at the \Libraries folder (or whatever folder you used to store your OOC files). Run the following command: java -jar JAXWS2.1.2-20070917.jar
The Opalis Operator Console
109
4
FIGURE 4.26 Setting the JAVA_HOME variable 2. A License Agreement dialog box appears. Read the agreement and scroll to the bottom. Click Accept and the JAXWS2.1.220070917.jar file will unzip. 3. Verify a C:\\Jaxws-ri\Lib folder was created (where is the folder where you ran this command). Copy the contents of the \OperatorConsole folder to C:\ for it to be accessible by the installer script. The Operator Console folder is in C:\Install\Opalis Integration Server 6.22_6.2.2.5229\OperatorConsole (if you followed the installation location suggested in the “Downloading the Installation Media” section earlier in this chapter). Extract the OpalisOperatorConsoleInstaller script from the file Opalis Operator Console Installer Script 1.0_1.0.0.0001.zip. Run OpalisOperatorConsoleInstaller and select a path into which you will extract. Use the default C:\OpConsoleInstaller.
CAUTION:
SCRIPT LIMITATION WITH FOLDER PATHS
The installOpConsole.ps1 script does not support paths over 32 characters long. This greatly limits the paths the script can use. The authors recommend you select paths close to the root for those folders required by the script. As an example, the authors suggest using C:\Libraries for the main file repository, C:\JBoss for the JBoss path, and C:\Install\Operator Console for the Operator Console files. After the OOC is configured properly, all files will be in one folder. That folder can be copied to anywhere on the system.
110
CHAPTER 4
Installing Opalis Integration Server 6.3
Using the PowerShell Script to Install the Opalis Operator Console Perform the following steps to prepare and run the PowerShell script. 1. Click Start -> All Programs -> Accessories -> Windows PowerShell, and then click Windows PowerShell (x86). On Windows Server 2008 systems elevated privilege is required and should be included (run as administrator), as the Set-ExecutionPolicy command requires elevated privilege. At the Windows PowerShell prompt, type set-executionpolicy RemoteSigned
Type the letter Y to confirm you want to change the Execution Policy, and press Enter. 2. Type the full path to the location where you installed the InstallOpConsole.ps1 file, for example: C:\Install\Opalis Integration Server 6.22_6.2.2.5229\OperatorConsole\installOpConsole.ps1
If you extracted the OpalisOperatorConsoleInstaller file to a path containing spaces, use an ampersand, followed by a space, and then type the full path enclosed in single quotes when entering the command at the Windows PowerShell prompt. Here is an example: & ‘C:\Other Location\InstallOpConsole.ps1’
3. Follow the prompts to configure your OOC as shown in Figure 4.27. You will be asked to provide configuration information: . Type the JBoss folder—This is the location where you unzipped the file jobss-4.2.3.GA. If you followed the suggested path, this will be C:\JBoss\jboss4.2.3.GA. You can type this in or press Enter to browse for it. . Type the Operator Console folder—Enter the location where you extracted OIS 6.22_6.2.2.5229\OperatorConsole\. If you followed the suggested path, this will be C:\Operator Console. You can either type this in or press Enter and browse for it.
FIGURE 4.27 The PowerShell install helper
The Opalis Operator Console
111
. Look for the third-party libraries folder in the C:\OpConsoleInstaller\ Libraries folder—Choose N and press Enter. Either type C:\Libraries or press Enter and browse for it. . Database type (1 - Microsoft SQL Server, 2 - Oracle)—Type 1 and press Enter. . Type database server. Enter the name of your SQL Server—You can either type this in or if your SQL Server is on your localhost you can press Enter. . Type database authentication type (1 - Windows authentication, 2 SQL authentication)—It is recommended you use Windows authentication, which is the default. You can press Enter to accept Windows authentication. If you choose SQL authentication, you must supply the username and password of a SQL account.
. Type Jboss bind option—Press Enter to accept the default (1 - 0.0.0.0). . User authentication (1 - Standalone, 2 - Active Directory)—Select the option you want to use. If you select Active Directory, you need to enter the Active Directory root DN, Domain Controller, Port, and SAM account name for the administrator group. . The authors recommend you create a specific security group defined for OOC Administrators within your Active Directory. 4. Close the PowerShell window when the Operator Console installation complete message appears.
Securing the Opalis Operator Console If you want to secure your OOC using Secure Sockets Layer (SSL), refer to the “Securing the Operator Console Installation” section in the Opalis Integration Server Administrator Guide or TechNet at http://technet.microsoft.com/en-us/library/gg440648.aspx.
Testing the Opalis Operator Console To verify you configured the OOC correctly, navigate to C:\JBOSS\bin folder and execute the following command: run.bat -b 0.0.0.0
This starts the Java and JBoss web server and related services. You should see all the components load in the command window (see Figure 4.28) and in approximately a minute see a message saying JBoss (MX Microkernel) Started in 26s:22ms
4
. Type the Opalis database name—Press Enter to accept Opalis as the default.
112
CHAPTER 4
Installing Opalis Integration Server 6.3
FIGURE 4.28 The OOC command window The actual start time will vary. Leave the command prompt open while testing, as the JVM was instantiated in this window. Closing the command prompt window will terminate the OOC. Open Internet Explorer or another web browser (supported browsers for the OOC are Microsoft Internet Explorer 7, Microsoft Internet Explorer 8 [IE7 compatibility mode], or Mozilla Firefox 3), and navigate to http://localhost:5314. (This is the default port and should be used unless you altered the port using SSL.) You should see the Opalis Operator Console Login screen, as shown in Figure 4.29.
FIGURE 4.29 The Opalis Operator Console Login Enter the username and password you will use to test; the screen is identical for logging in to Active Directory or standalone. If you log in with a standalone account, you only need to enter the account name and the password. If you use Active Directory, use the format domain\user and password. After logged in successfully, leave the command prompt open and use the OOC normally. You can move the JBoss folder at this point to a more suitable location if desired. Because
Common Installation Problems
113
the OOC is completely Java-based, there are no dependencies on any files (other than Java itself) outside the JBoss folder.
Configuring the Operator Console as a Service Having access to a website by leaving a command prompt continually open is not ideal. To change this behavior, you can create a Windows service that automatically starts the OOC (through the JVM) when the computer starts. You can create this service using the Java Service Wrapper provided by Tanuki Software. For detailed instructions on how to configure the Tanuki Wrapper, see the video at http://blogs.technet.com/b/charlesjoy/ archive/2010/06/25/opalis-operator-console-as-a-windows-service-video-tutorial.aspx.
The overwhelming majority of problems encountered when installing OIS come from the OOC. Some common problems and their solutions include the following: . Issue—Something went wrong during the OOC Install. This can manifest in a number of ways. Usually, the run.bat file will give errors, not load, or not permit login. Resolution—Usually the only recourse is to start over (or use a known good copy of an existing JBoss folder). Verify you have the exact version of the files specified in Table 4.2 and that you have all these files. . Issue—You are not able to access the OOC. If you are not running the OOC as a service and you are not running run.bat -b 0.0.0.0 from a command (cmd) window in the background, you don’t have the OOC running. Resolution—Start –> Run –> cmd, navigate to your JBOSS_HOME\bin\ folder, execute run.bat -b 0.0.0.0, wait for the OOC to fully start, and then login. . Issue—The OOC starts but you cannot log into it. This may be a sign that your opalis-ds.xml file is misconfigured. Resolution—If you edited this file manually, check the configuration of the file and ensure the SQL connection string is accurate. If you used the PowerShell Install Script, run it again. . Issue—The OOC starts but you can never log into it. This might be a sign that your opalis-activedirectory-service.xml file is misconfigured. Resolution—If you edited this file manually, check the configuration of the file and ensure the LDAP Path is accurate as well as the fact that you are part of the Administrator group (sAMAccountName that is entered for this setting). If you used the PowerShell Install Script, run it again. . Issue—You are running the OOC installed as a service, but you are unable to login, although you were able to login properly without the service.
4
Common Installation Problems
114
CHAPTER 4
Installing Opalis Integration Server 6.3
Here is the resolution: . Ensure you are using wrapper.exe version 3.3.9 and your sqljdbc_auth.dll file is in the %JBOSS_HOME%\lib\ folder. . Review http://blogs.technet.com/b/charlesjoy/archive/2010/06/25/opalis-operator-console-as-a-windows-service-video-tutorial.aspx. . Review http://blogs.technet.com/b/charlesjoy/archive/2010/09/07/opalis-operator-console-as-a-windows-service-update.aspx. . Ensure that the service is using an actual Log On As account. If you are having other OOC issues not covered in this section, here are some additional items to check: . Authentication for your user account is not granted View rights for the Workflows. . Your account is in a domain other than the one authorized to use the OOC. . Your credentials were incorrectly entered. As an example, if domain\username is required, the domain\ part might have been missing, and so on. . The SQL Server that the OOC is configured to obtain Opalis data from is unavailable. . The authorized domain controller the OOC is configured to use is unavailable.
Summary This chapter covered the process required to install OIS 6.3 in a new environment, including the installation of OIS 6.2.2 and patching the 6.3 components. It also covered the installation and configuration of the OOC. The steps involved in setting up these components separate OIS from the rest of the System Center family. The next chapter discusses policy and workflow basics. It will help you use your new installation and begin to create useful automation.
CHAPTER
5
Policy Basics
IN THIS CHAPTER . Navigating the OIS Client . Understanding the Connections Window . Using the Workspace Window . Accessing the Objects Window . Reviewing the Events Window
This chapter discusses creating policies using the Opalis Integration Server (OIS) Client. It covers the major features of the OIS Client User Interface (UI) and describes the main components of policies. It also describes how to construct a policy, test a policy, and check it in for execution. Areas such as how to branch within a policy, use published data, and trigger other policies are explained as well. The chapter includes a discussion of how to use the Opalis Operator Console (OOC), policy properties, and the import and export functions.
. Viewing Status in the Log Window . The Log History Window: Looking Back . Audit History Window . Configuring the client using the Options Menu . Creating Policies . The Policy Testing Console . Policy Check In and Check Out
Navigating the OIS Client When you first start the OIS Client, it attempts to connect to the default Management Server—assuming you ran the Database Configuration Utility. If the utility was not run, you are prompted to provide the server name of the Management Server. After connecting to the Management Server, you see the OIS Client is composed of seven major UI components, with a command bar section at the top of the client. Here are those components: . Connections Window . Workspace Window . Objects Window . Events Window . Log Window
. Branching (Link Filters) . The Published Data Bus . The Opalis Operator Console . Triggering a Policy from Within a Policy . Policies Properties . Importing and Exporting Policies
116
CHAPTER 5
Policy Basics
. Log History Window . Audit History Window The first four components in this list have their own separate windows. The Log window contains the Log, Log History, Audit History, and Events tabs, which act as a single functional window. You can resize or undock these windows and move them to best utilize your desktop space. The next sections look at each of these windows individually.
Understanding the Connections Window In a default configuration, the Connections window is located in the upper-left corner of the OIS Client. This window displays the Management Server at the root of the view, the policy folder structures, Computer Groups, Action Servers, and Global Settings; these are discussed in the next sections. Figure 5.1 displays the Connections window.
FIGURE 5.1 The OIS Client Connections window
Policies The Policies section contains the hierarchical tree structure you used to define the folder structure of your policies, which are created by the policy author. Folders can contain policies or other folders. Policies appear as tabs in the Workspace window, not the Connections window. To create a new folder, right-click the desired parent folder, select New, and then choose Folder. Alternatively, you can select the desired parent folder and click the folder icon, which is the third icon from the left in the Connections window.
Understanding the Connections Window
117
You can browse the policy folder hierarchical tree structure, similar to a file system. If a folder contains subfolders, these are displayed when the user clicks on the plus sign to the left of the folder name. You should create a folder structure logically organized to meet your automation needs.
NOTE:
FOLDERS AND POLICIES ARE LISTED ALPHANUMERICALLY
The OIS Client lists folders and the policy tabs alphanumerically (0–9, A–Z). This sorting occurs when you first launch the OIS Client. If you change the name of folders or policies while working in the OIS Client, they do not sort until you click the Refresh icon in the top-left corner of the OIS Client toolbar or restart the client.
Computer Groups The Computer Groups section contains any computer groups created in your OIS Client. There are no items in this section by default. Computer groups allow you to target your policies against a particular set of computers rather than a single system. You can create computer groups from any or all three different sources:
. Active Directory—This source uses an Active Directory query to populate the group. . SMS Collection—You can use an existing SMS collection to populate the group. This option also works against a Configuration Manager target. Similar to policies, computer groups can use folders and subfolders, which you can use to organize them appropriately. The authors recommend taking advantage of this capability if you use computer groups and map out a similar tree structure to simplify navigation. A single computer group might contain entries from instances of all three sources within that computer group. This makes computer groups a robust solution for executing actions against multiple servers.
Action Servers The Action Server section displays the Action Servers currently installed and the role of each server. The first Action Server installed becomes the Primary Action Server (PAS) by default. Successive Action Servers take the role of Standby. For more information on Action Server roles, see Chapter 3, “Architectural Design.” Figure 5.2 shows the Action Servers view on the OIS Client.
FIGURE 5.2 The Action Servers view
5
. Computer—This is a list of computer names entered manually.
118
CHAPTER 5
Policy Basics
This section is where you can change the roles assigned to Action Servers. To change the role, select the desired server from the list and right-click. This displays a menu allowing you change the role by selecting Demote, Promote, or Promote to Primary. This section is only used to modify the role of the Action Servers and their descriptions; use the Deployment Manager to deploy additional Action Servers.
Global Settings The Global Settings section contains counters, variables, and schedules that are globally available by default to any policy within any folder. Similar to policies, all global settings can use folders and subfolders to improve organization. The authors suggest you utilize this capability when you use global settings and map out a similar tree structure to simplify navigation. Counters Counters are objects that allow you to keep track of a numeric value with the ability to return, set, increment, and decrement the values in addition to monitoring one or more counters watching for specified criteria to be true. You can monitor or modify counters by using counter-specific objects in your policies.
TIP:
USING COUNTERS AS A SEMAPHORE
As counters are global resources available to every policy, they are often employed as a semaphore within a policy to control the flow of that policy. Consider a policy that contains instructions to start a process that might not be run in parallel. The policy can use a counter to check to see if a process is already running and, if permitted, start the process—using the counter to mark the process is running. After the process ends, the counter can be reset so additional policy instances that check the counter can see it is safe to launch that process.
To create a new counter, right-click the desired parent folder in the Counters section, select New, and then choose Counter. You can also select the desired parent folder and click the Counter icon, which is the fourth icon from the left in the Connections window. Figure 5.3 shows the Counters section of the OIS Client.
FIGURE 5.3 The Counters section of the Global Settings
Understanding the Connections Window
119
Variables Variables are objects that enable you to use one value of data across multiple objects. Variables are not programmatic variables; they cannot be changed by objects during runtime. Rather, they are designed to store common elements of data (such as an Exchange server name) that can be used in any object requiring it. After the variable is used in the object, the object executes with the current value held by the variable. Using variables makes your objects easier to maintain; if you have 100 objects using the Exchange server name, it is only necessary to update the one variable if the name changes. To create a new variable, right-click the desired parent folder in the Variables section, select New, and then choose Variables. You can also select the desired parent folder and click the Variables icon, which is the fourth icon from the left in the Connections window. Figure 5.4 shows the Variables section of the OIS Client.
5
FIGURE 5.4 The Variables section of the Global Settings
There are two special variables: . NOW() returns the current time (on the datastore). You can also pass arguments to this function. NOW(year) will return the current year. NOW() supports these functions: day, dayofweek, dayofyear, month, year, hour, minute, second, millisecond. . %ENVVAR% returns the value of the environment variable named between the percent symbols. The environment variable must exist on the target Action Server.
TIP:
CREATE A VARIABLE CALLED “BLANK”
Many users find it helpful to create a variable called “Blank”, which has no value. This variable allows policy designers to insert a blank or null value anywhere within a policy, even in situations where a blank value is rejected by the OIS Client.
120
CHAPTER 5
Policy Basics
Schedules Schedules are objects allowing you to define a specific calendar schedule that you can use to define when to run a policy. Schedules can help you make better use of your Information Technology (IT) assets and infrastructure by performing automating tasks during off hours. You can also use schedules to create more complicated intervals—such as choosing specific days of the month or setting up exceptions days. For more information on scheduling, see Chapter 7, “Implementation and Best Practices.” To create a new schedule, right-click the desired parent folder in the Schedules section, select New, and then choose Schedule. You can also select the desired parent folder, and then click the Schedules icon, which is the fourth icon from the left in the Connections window. Figure 5.5 shows the Schedules section of the OIS Client.
FIGURE 5.5 The Schedules section of the Global Settings
Using the Workspace Window The Workspace window is the section of the OIS Client containing policies and is where policies are built and edited. This is the section of the UI where authors will spend the majority of their time. The Workspace window can be partitioned using tabs to show more than one policy. To create a new policy, right-click the desired parent folder in the Connections window, select New, and then choose Policy. You can also select the desired parent folder, and then click the policy icon—the fourth icon from the left in the Connections window. Policy tabs are ordered alphanumerically each time the client starts or when you click the Refresh icon in the top-left corner OIS Client toolbar, but they do not sort when you create new policies. Figure 5.6 shows the Workspace window.
Accessing the Objects Window The Objects window contains all objects known to the OIS Client, both Foundation objects and any installed Integration Packs (IPs). By default, the Objects window shows only the Foundation objects, listed in nine palettes.
Reviewing the Events Window
121
FIGURE 5.6 The OIS Client Workspace window You cannot change the order of the palettes or the order of the objects within the palettes; although, you can remove the palettes and view all the objects in a single list if desired. To show all objects in one group, right-click any of the palette titles and choose All Objects. This provides a single list of all objects on the OIS Client. You can also change the size of the objects from small to large. (The default is small.) To change the size, right-click inside any palette and select Large. Figure 5.7 shows the OIS Client Objects window using large objects.
5
FIGURE 5.7 The OIS Client Objects window
Reviewing the Events Window The Events window is accessed using a tab that is part of the common window shared by the Log, Log History, and Audit History tabs. This window displays events generated by OIS (for example, service messages, licensing messages, and so on) or the results of the Send Platform Event object. You want to monitor your Events window in production to be aware of any potential issues. Figure 5.8 shows the OIS Client Events window.
122
CHAPTER 5
Policy Basics
FIGURE 5.8 The OIS Client Events window If you configure the Opalis Watchdog Server Service to send Simple Network Management Protocol (SNMP) messages for events, it sends one SNMP message for any new event displayed in this window. This mitigates having to watch this particular window regularly. You can filter the events shown by selecting or deselecting the icons in the Events window for Information, Warning, or Critical. You can also delete events individually by selecting them and pressing the Delete key or clicking the Delete icon. Clicking the Recycle Bin icon in this window deletes all the events from the system.
Viewing Status in the Log Window The Log window is accessed using a tab that is part of the common window shared by the Log History, Audit History, and Events tabs. The Log window displays real-time logging results for running policies. The Log window is context-sensitive and shows only logs for the policy (tab) actively displayed in the Workspace window. The Log window records the details of an object’s execution only after it completes executing. If the object is still running, it displays its start time and the Process ID (PID) used by the policy itself. Figure 5.9 shows the OIS Client Log window.
FIGURE 5.9 The OIS Client Log window. After the policy completes executing, the Log window does not display any information. The OIS Client does not communicate synchronously with the datastore, so it might take
The Log History Window: Looking Back
123
some time before it refreshes. You can also click the Refresh icon to prompt a refresh. In general, it is easier to watch policy execution from the OOC.
NOTE:
GHOST ENTRIES IN THE LOG WINDOW
Occasionally, you have log entries in the Log window for policies that are not running. These entries can occur if the Action Server loses connectivity to the database during execution, and the policy does not receive a proper end time stamp in the database. You can safely delete these entries. To confirm the ghost entry is not associated with any running policies, correlate the PID to that of the running policymodule.exe on the appropriate Action Server.
The Log History Window: Looking Back
Each log entry correlates to a single execution of a policy. The icon displayed in the Log History window is a green check mark if all the objects in the policy completed successfully. It is a yellow exclamation point if one or more objects fails, and a red X if all the objects in the policy fail or the policy is interrupted. These icons do not necessarily tell you whether your policy accomplished what you expected, only the status of the object’s completion. This means your policy can show success if every object completed normally, even if a critical object returned erroneous data. You can double-click the policy instance log icon and expose the logging results in the Details dialog for each object that ran during execution. The Details dialog displays the Name, Type, Status, Start Time, and End Time for a given object. The Details dialog also enables you to browse the Published Data (PD) that was published by the object when it was executed. This is how you determine what object within a policy failed when a policy gives an error. Figure 5.10 shows the OIS Client Log History window.
FIGURE 5.10 The OIS Client Log History window
5
The Log History window is accessed using a tab that is part of the common window shared by the Log, Audit History, and Events tabs. This window displays historical logging results for policies that have run. It displays the time that the Policy started and ended at the top of each entry. The Log History window is context-sensitive and shows only historical logs for the policy (tab) displayed in the Workspace window.
124
CHAPTER 5
Policy Basics
Audit History Window The Audit History window is accessed using a tab that is part of the common window shared by the Log, Log History, and Events tabs. This window displays historical auditing information for policies that are checked in. The Audit History window is context sensitive and only shows auditing information for the policy (tab) displayed in the Workspace window. Each time a policy is checked in, an audit entry is added to the Audit History window. If you open any of these entries, you can see exactly what changes were made—however small—to the policy, who made those changes, and when the policy was updated. If the author wants, he can comment on the check in, or you can require comments. You cannot delete Audit History. Figure 5.11 shows the OIS Client Audit History window.
FIGURE 5.11 The OIS Client Audit window
NOTE:
THERE IS NO POLICY ROLLBACK
Although all the changes to a policy are recorded, there is no way to roll back to a previous policy state. Audit details are informational only.
Configuring the Client Using the Options Menu The OIS Client has a number of configuration items that can be set, which you might find useful in your policy authoring. To open the Options menu, click Options in the OIS Client menu bar, and then select Configure. Figure 5.12 shows the OIS Client Configuration menu.
Show Link Labels This option displays the name of the link above the link line in the Workspace window. This text comes from the Name field on the General tab of the link’s Properties dialog. Figure 5.13 shows the OIS Client with Link Labels and Tooltips enabled. If two objects are close together, you cannot see the link label, even if this setting is enabled.
Configuring the Client Using the Options Menu
125
FIGURE 5.12 The OIS Client Options menu window
5
FIGURE 5.13 The OIS Client using Link Labels and Tooltips
Show Tooltips This option displays tooltips when you hover your cursor over an object. The text comes from the Description field on the General tab of the object’s Properties dialog. Figure 5.13 shows an example of the OIS Client with Link Labels and Tooltips enabled.
Show Legacy Objects (Requires Client Restart) This option adds the Legacy Objects palette to the OIS Client. In general, Legacy objects should not be used, and most have been replaced with newer objects that work properly in Pipeline mode. You need to restart your client for the new palette to display.
Automatic Check Out This option automatically checks out a policy for the author, so she does not need to click the Check Out button when she begins to edit a policy.
126
CHAPTER 5
Policy Basics
Prompt for Comment on Check In This option displays the Comment dialog whenever an author checks in a policy.
Allow Empty Comment on Check In When used with the Prompt for comment on check in option, this either allows the author to leave a blank comment or requires entering some text in the Comment dialog.
Creating Policies Policies are the most basic units of automation. They are defined within the UI as a single tab within the Workspace window. A policy contains objects and links connected to perform an action. A policy typically consists of many objects and links, although a single object could also be a policy.
Objects Objects are atomic units of action connected together by links that form a policy. To use an object, drag it from the Objects window into the Workspace window, and then configure it. You might also want to link it to one or more other objects. The configuration of an object is specific to that object type. As an example, the Send Email object must be configured with the recipients, subject, message body, and the SMTP server, and the Delete File object only requires the name of the file to be deleted. You can copy objects from one policy to another, and they will retain their configuration details.
Monitor Objects Monitor objects are special objects that must be used to start a policy. Monitor objects are used to monitor for special conditions and then trigger, rather than just triggering when they start. Monitor objects are triggered by external applications or conditions and cannot be triggered by another object. You might only have one monitor object in a policy.
Link Handles Objects have one or two link handles. Link handles are used to drag or drop links between objects; they appear as triangles on either side of an object when you hover your cursor over the object. Most objects have two link handles indicating that they can accept and
Creating Policies
127
produce data, meaning they can be used anywhere in a policy. Monitor objects have only a link handle on the right side of the object; this is an indication that they must start the policy, as they cannot accept input from other objects.
Links Links are specialized objects that connect objects, create precedence between objects, and can filter execution data. Links appear as lines in the UI but have properties the author can configure.
NOTE:
POLICIES CAN ONLY HAVE ONE STARTING OBJECT
You can only have one object acting as the starting object. If you have more than one monitor object or unlinked objects, you receive a warning message asking you to correct the condition.
Dragging and Dropping Objects
FIGURE 5.14 An object being added to the workspace
Configuring Objects To configure an object, double-click the object or right-click and select Properties. Each type of object has different properties based on the task the object performs. Any property that can accept free text can also accept published policy data from the Data Bus or variables. Each object has fields that need to be configured; although, not every field is
5
Dragging objects from the Objects window to the Workspace window is simple. Dragging and dropping objects works the same as in any other Windows program. Select an object, and holding the left-mouse button down, move the object to its desired location in the policy. Then, release the left-mouse button. Figure 5.14 shows an object being added to the workspace.
128
CHAPTER 5
Policy Basics
necessarily mandatory. (Figure 5.15 shows an example of the properties for the Monitor Folder object.).
FIGURE 5.15 A typical object configuration
Linking Objects To create a link, click and drag the right arrow of the source object. Hold down the left (primary) mouse button until the line is on top of the desired target object, then release the button. This creates a link between the two objects and establishes precedence. You link to objects by dragging a line between them, as shown in Figure 5.16.
FIGURE 5.16 Linking two objects After a link is created between two objects, the objects can be moved anywhere within the Workspace window. The link auto routes and connects the two objects, and the precedence is retained.
The Policy Testing Console
129
The Policy Testing Console After you build your policy and configure the objects, you want to test the policy. You can run the policy from the OIS Client and review the logs, although this is not optimal. The OIS Client does not permit you to pause and review the automation while underway, nor does it allow you to stop it if necessary. For these reasons, most authors test within the Policy Testing Console (PTC). Using the PTC, you can execute an entire policy, step through it one object at a time, or add breakpoints to stop the execution at any object you select. To launch the PTC, click the Test button in the OIS Client. This starts the PTC using the current policy that is onscreen. If the policy is checked in, you are prompted to check it out. The PTC creates a local copy of the policy and runs the policy locally (not at the Action Server).
TIP: YOU CANNOT TEST A RUNNING POLICY
The PTC has five panes designed to mimic the look of the OIS Client. Figure 5.17 shows the PTC.
FIGURE 5.17 The PTC
5
You can only test policies that are checked out. Because running policies must be stopped before they can be checked out, the PTC cannot be used against running policies.
130
CHAPTER 5
Policy Basics
Here are the panes in the PTC: . Run Time Pane—This pane displays run-time information about the object currently being processed by the PTC. Information appears only in this pane if you execute the policy with breakpoints or in step-through mode. . Design Time Pane—The Design Time pane displays design-time information that was configured in the OIS Client. To view the design-time properties of an object, you must select the object. Although you can edit the information appearing in the fields within the Design Time pane, the PTC ignores it. . Workspace—This pane displays the policy being tested. You can move objects around the workspace without affecting the execution. . Log Pane—The Log pane displays information about the execution of each object in the policy after it has executed. . Resource Browser—The Resource Browser displays the counters, variables, computers groups, and schedules that the policy uses.
Running a Policy To run a policy within the PTC, click the Run button. The policy runs from beginning to end (assuming nothing fails) and terminates. You can then examine the logs for that execution.
Examining the Logs The PTC logs the details of the most recent policy execution. To view the details of a given object’s execution, click the plus sign below the object to expand its logs. The PTC captures all the PD from an object’s execution. This differs from the OIS Client, which only captures data if logging is explicitly enabled.
CAUTION:
PTC LOG DATA IS NOT PERSISTED
Although the PTC captures all logging data for policies it runs, it does not persist this data. The log results from the PTC are not stored in the OIS Client Log window. Likewise, if you run a policy through the PTC more than once, only the most recent execution’s logging data is stored.
Stepping Through a Policy The PTC enables you to execute a policy one object at a time. By stepping through a policy, you have control over when the policy advances to the next object. 1. To step through a policy within the PTC, click the Step Over button. This sets the execution to the first object in the policy and pauses, allowing you to review the object’s configuration before starting it. 2. To execute the object, click Next.
The Policy Testing Console
131
This executes the first object and loads the second object into the Run Time Properties pane so you can review its configuration. Continue in this manner by clicking Next and loading the next object until you have finished your policy or need to terminate it. 3. To stop a running or paused policy in the PTC, click Stop.
Setting Breakpoints The PTC enables you to set a breakpoint at any object in a policy. Using a breakpoint enables you to start the policy but have it pause before executing the object to which you applied the breakpoint. You can set more than one breakpoint if desired. Breakpoints allow you to run a policy in the PTC without stepping through every object, while still giving you the opportunity to pause a policy and end it if necessary. . Add a breakpoint to an object by selecting the object and clicking the Breakpoint button, or right-click the object and then select Set Breakpoint. . To remove a breakpoint from an object, select the object with the breakpoint, rightclick the object, and select Remove Breakpoint.
5
TIP:
BREAKPOINTS APPLY TO ALL INSTANCES OF AN OBJECT
If you apply a breakpoint to an object that executes more than once based on the policy execution, each instance of the object stops for the breakpoint.
Differences Between the PTC and the OIS Client There are a number of differences between the PTC and the OIS Client in terms of functionality. Here is a list of key differences: . Trigger Policy Object—The PTC does not support the Trigger Policy object because it only loads a single policy into memory. When using the PTC, the Trigger Policy object does not trigger another policy. If the Trigger Policy object is set with Wait for Completion, the object fails in the PTC. . Custom Start Object—If the Custom Start Object requires parameters, the PTC prompts the user to supply them. You must specify those parameters manually to run the policy in the PTC. The OIS Client does not provide this functionality. . Counters—If you run a policy using counters in the PTC, the PTC uses the current counter values that appear in the OIS Client. When the policy finishes in the PTC, the counter values are not saved. As a result, the original counters are unaffected. . Computer Groups—The PTC does not support using Computer Groups in policies. . Policy Scheduling—The PTC does not support using schedules to prevent execution of policies.
132
CHAPTER 5
Policy Basics
. Monitors—Monitor objects behavior differently in the Testing Console. Policies that begin with a monitor do not reinstantiate after the monitor object triggers. You must restart the policy within the Testing Console for monitoring to begin again.
CAUTION:
THE PTC USES YOUR CURRENT LOGON CREDENTIALS
When the PTC executes policies, it does not use the Action Server; the policies run on your OIS Client machine. These policies are loaded into memory on your OIS Client machine and executed with your current session’s logon credentials. This is a critical difference when using the PTC, as permissions can greatly affect the outcome of a policy. If you find that your policy is executing differently in the PTC than when you run it on the Action Server, the reason is usually related to a difference in permissions.
Policy Check In and Check Out After you create your policy, test it, and are satisfied it works properly, it is time to check the policy in. Checking a policy in writes the policy to the datastore, so it is stored permanently and runs from your Action Servers. Click the Check In button in the OIS Client to check your policy in. Figure 5.18 shows the policy check-in button.
FIGURE 5.18 The policy Check In button
After a policy is checked in, it cannot be edited until it is checked out again. Checking policies out also locks the policy for exclusive use for the author. This prevents unwanted overwrites in a multi-author environment. Click the Check Out button in the OIS Client to check your policy out. After you check your policy out, the icon on the policy tab changes to a pencil.
Starting a Policy in the OIS Client After your policy is checked in, you can start it from the OIS Client by pressing the Start button. This causes the Action Server to retrieve the policy from the datastore and execute it.
Policy Check In and Check Out
133
NOTE: THE OIS CLIENT CANNOT BE USED TO PASS PARAMETERS TO A POLICY You can start policies from the OIS Client, but if the policy begins with a Custom Start Object and requires parameters, you cannot use the OIS Client to enter them manually. This means you cannot start such policies by clicking Start on the OIS Client. It is possible to start these policies from another policy using the Trigger Policy object and hardcoding that object with the parameters. See the “The Trigger Policy Object” section of this chapter for more information.
Checking Logging in the OIS Client When a policy completes executing, you can check the results of the execution in the Log History window. Locate the appropriate logging instance in the Log History window, using the displayed start and end time of the policy to help you determine the correct instance, and double-click it. This opens the Policy Details window.
The Details window is the ultimate source of detailed information from the Log History window. All results regarding an object’s execution are stored in the Details window. By default, detailed policy logging is not enabled because in a steady-state production environment it would produce unnecessary logging information. However, you might want to enable Object-Specific PD and Common PD if you are interested in seeing detailed results about your policy. Figure 5.19 shows policy logging results.
FIGURE 5.19 Policy logging results
5
The Policy Details window lists all the objects that executed within the policy and their status. If you want more details about any of these objects, double-click the object name to open the Details window.
134
CHAPTER 5
Policy Basics
Branching (Link Filters) You can use links to filter policy execution; as a result, links can be used to create branches in the policies. If you add several links to an object and configure them differently, it is possible to have a policy with multiple branches. You can modify the behavior of links by double-clicking the link itself to open the Link Properties.
The Default Filter By default when you create a link, it is configured with one Include Link Filter. The default filter is a success-only filter. This means that as long as the link’s source object completes successfully, the next object triggers, which is the behavior most people expect when starting to work with the product. However, what often is not realized is that you can alter the link’s behavior by changing the filter conditions. Figure 5.20 shows a policy that uses branching.
FIGURE 5.20 A policy with branching
Adding Filters To add additional filters to a link, open the link and click the Add button. Each link filter you add is a success-only link. To change the filter criteria, you can either click on the criteria or change it from success to warning or failure. You can also base your link filter on PD from the object’s execution. If you chose this option, you have to provide three elements in your filter: . Source Object PD—Select one item of PD for this element. . Logical Operator—The options vary based on the data type selected, but this establishes the logic for this filter (contains, is less than, between, and so on). . Value—This is the string or integer value to be used by the logical operator.
Branching (Link Filters)
135
As the PD elements of each object are different, you need to review the options that are available to you for the objects you use. As an example, see Figure 5.21 for an object with multiple links configured based on source object PD.
If your object’s output satisfies any of the link filters in the Include tab, that data is passed to the next object (unless there are Exclude filters in use). As long as one link filter is satisfied, it is irrelevant how many of the other link filters are satisfied by the object’s data.
NOTE:
INCLUDE FILTERS ARE “OR” STATEMENTS
If you have more than one Include filter, they are all treated as OR statements. There is no way to change this behavior. If you need to use an AND statement, you can either use an Exclude filter with a double negative or link to a target object that can perform the AND statement; an example is the Run .Net Object.
Include Filters and Exclude Filters There are two types of filters in links: . Include filters are ones where policy execution continue along that link if any of the criteria are satisfied. . Exclude filters provide the opposite function from include filters; if your object’s output satisfies any of the link filters in the Exclude tab, that data is not passed to the next object regardless of how many include links it satisfies.
CAUTION:
EXCLUDE FILTERS TAKE PRIORITY OVER INCLUDE FILTERS
Remember that if any exclude filter is satisfied, the data being evaluated does not pass the link. This is always the case regardless of how many include filters are satisfied. Exclude filters take priority over include filters.
5
FIGURE 5.21 Link filters
136
CHAPTER 5
Policy Basics
Link Options In addition to providing filters, links have several other properties. These properties are configured by double-clicking the link and clicking the Options tab. Figure 5.22 shows an example of a Link Properties dialog.
FIGURE 5.22 Link options Here are the options: . Link Color—You can specify the link’s color within the workspace. Changing the color of a link is a best practice to provide a quick visual indication as to the purpose of the link. However, the link’s color has no impact on its execution. . Link Width—You can also specify the width of a link. Again, this is a cosmetic function and does not have any impact on its execution. . Trigger Delays—Links can also delay policy execution if configured to do so. It is generally not advisable to place delays in links, as links are not logged in any of the consoles. This means if you have a long delay in a link it might appear to an operator that the policy is completed or has hung. If you need to delay a policy’s execution, the authors recommend you add an object to the policy to handle the delay using a tool such as sleep.exe.
The Published Data Bus The concept of a Published Data Bus is fairly unique to OIS. Rather than using programmatic variables like most products today, OIS employs a bus model that automatically collects and publishes all the information created by an object’s execution. The information is collected, is placed on the Data Bus, and is available for use by other later objects within the policy.
The Published Data Bus
137
Because every object produces PD that is placed on the Data Bus, OIS natively provides an easy method for passing data from one object to another by using PD subscriptions. If the two objects that share data are connecting to different applications, OIS is providing an integration method to both applications by acting as an information broker. This is an powerful feature, which is at the heart of the product and every policy. Whether an object uses the PD that is on the Data Bus is a decision made by the policy author during the design phase.
Adding Data to the Bus There are no actions required for a policy author to place object information on the Data Bus. This publication happens automatically and cannot be disabled. Every object adds three kinds of data to the Data Bus—Basic PD, Common PD, and Object Specific PD. . Basic PD—These are items of PD that are stored by all objects regardless of their function and can never be disabled. These include start time, end time, object name, object type, and status.
TABLE 5.1 Common Published Data Items Name
Description
Loop: Delay between attempts
The number of seconds between loop attempts
Loop: Enabled
Whether looping is enabled for the object
Loop: Loop error message
Error message displayed if looping fails
Loop: Number of attempts
The total number of loop iterations completed
Loop: Total duration
The total time the object has looped in seconds
Object name
The name of the object displayed in the workspace
Object type
The default name for the object in the object palette
Object ID
The unique identifier for an object assigned by the datastore (for example, {1BD1A27A-1A1B-0E60-8000-A15469001AB1})
Object PID
The PID of the policymodule.exe as assigned by the operating system
Object Status
The resulting status of the objects’ execution (for example, Success, Failure)
Object Start Time
The time when the object began executing
Object End Time
The time when the object finished executing
5
. Common PD—These are items of PD that are stored by all objects regardless of their function but are only captured if specified. These items are related to the object’s state and execution, not its function. Table 5.1 lists Common PD items.
138
CHAPTER 5
Policy Basics
TABLE 5.1 Common Published Data Items Name
Description
Object End Time (Year)
The year when the object finished executing
Object End Time (Month)
The month when the object finished executing
Object End Time (Day)
The day when the object finished executing
Object End Time (Weekday)
The day of the week when the object finished executing
Object End Time (Hours)
The hour when the object finished executing
Object End Time (Minutes)
The minutes (past the hour) when the object finished executing
Object End Time (Seconds)
The seconds (past the minutes) when the object finished executing
Object Duration
The total execution time for the object
Policy Name
The name of the policy where the object executes
. Object-Specific PD—These are items of PD that are unique to each object type. This means that all Copy File objects produce the same Object-Specific PD, regardless of how they are configured. Likewise, all Query Database objects produce the same Object-Specific PD. These are the items shown by default when you subscribe to PD. As an example, a Send Email object produces Object-Specific PD of all items that relate to the fact that this object sends email as its function. .
Subject of the email
.
Recipient of the email
.
Body of the email
.
Name and path of the attached file
.
Email account
.
Outgoing mail server (SMTP)
.
Outgoing mail server port number
In some cases, not all the Object-Specific PD is produced or placed on the Data Bus. This happens if the object does not have data for that item. If the Send Email object did not have an attachment, it does not publish data to the item name and path of the attached file item. Likewise, if you query a SQL Server with the Query Database object, you do not have PD for items like ODBC DSN or Oracle service name, as the use of SQL makes them redundant.
The Published Data Bus
139
Because each object type has different Object-Specific PD, there is no effective way to describe them in this chapter. However, if you click Help within any object’s property screen, you can find the Object-Specific PD described in the object’s help.
Types of Published Data PD is categorized by type within the Data Bus to simplify subscription and to enable policies to apply different logical operators. This means that if a policy author subscribes to an item of PD that is numeric, the logical operators provided in the UI are mathematical (greater than, less than, and so on.). Similarly, if a policy author subscribes to an item of PD that is a string value, the logical operators are string functions (contains, starts with, matches pattern, and so on). Here are the four types of PD: . String Values . Date Values . Number Values
Subscribing to PD on the Bus Adding PD to an object is a straightforward process. To subscribe to PD, set the focus to a field in an object where you can enter text, then right-click, point to Subscribe, and select Published Data. This opens a dialog that shows the PD for the previous object. To subscribe to an element of PD, select it from the list. Although you are automatically taken to the previous object in the policy, you can use the Object drop-down list to select any object that occurs earlier in the workflow and select PD from that object. Figure 5.23 shows an example of subscribing to PD.
FIGURE 5.23 An example of PD in an object
5
. Boolean Values
140
CHAPTER 5
Policy Basics
The PD appears like a hyperlink in the object. It appears as bold blue-underlined text enclosed by curly braces as in the following example and specifies the referenced object and the PD item: {Line Number from Read Line}
The Opalis Operator Console The OIS Client is the primary client used by policy authors and testers. After a policy is ready for production, you might want to provide operators with the ability to manage policy execution or review status. It is possible to provide access to operators through the OIS Client by restricting their permissions; however, the OOC is designed to provide that service. The OOC does not allow you to add or modify policies; it is a read-only view into the OIS instance that lets you start or stop policies or pass parameters to them. The OOC is not a critical component and not installed as part of a typical OIS installation. See Chapter 4, “Installing Opalis Integration Server 6.3,” for information on installing the OOC. If you have the OOC installed, you can access it via a web browser by typing http://<servername>:5314 (where <servername> is replaced by the name or Internet Protocol address of the server hosting the OOC) into the address bar. You then need to log in to the OOC, using either domain or local account credentials, whichever you configured during install. After you log in, you are taken to the default OOC view, which lists the folder and policy structure for your OIS implementation. Figure 5.24 shows the OOC’s default view of the folder/policy structure. You can expand policy folders from this view and locate the policy you want to view or start.
FIGURE 5.24 The Opalis Operator Console
The Opalis Operator Console
141
Starting and Stopping Policies To start a policy from the OOC, navigate to the policy in the folder structure on the left pane, and click the Start icon to the left of the policy name in the right pane. If the policy requires input parameters, you are prompted for them on the next screen (Figure 5.25). You can also start all the monitor policies within a folder by clicking the Start icon (the green icon) at the top of the right pane in the OOC. To start every monitor policy in your OIS instance, click this Start button in the root folder.
5
FIGURE 5.25 Starting a policy with the Opalis Operator Console
If a policy is running and you need to stop it, click the Stop icon to the left of the policy name in the right pane. You can also choose to stop all policies for your folder and all its subfolders by clicking the Stop (red) icon at the top of the right pane in the OOC. Clicking the Stop icon from the root folder lets you stop all policies that are running.
Viewing Policy Execution The OOC provides a good approach to view policy execution in real time. Navigating to a policy and clicking the policy name takes you to the policy history pane. If the policy is running, you see a spinning icon on the uppermost entry in this list. Clicking that item takes you to the policy execution view, which shows you an image of the policy with icons appearing next to objects as they are running or after they finish running. For a long-running process, this is an excellent way to monitor the process of the policy. Those objects that have completed successfully have a green check icon next to them, and the
142
CHAPTER 5
Policy Basics
running object has a spinner icon next to it. Figure 5.26 shows an example of a policy running in the OOC.
FIGURE 5.26 Policy execution details in the Operator Console
Searching for Policies The left pane of the OOC also provides a link to Search and Action Servers. If you know the name of your policy and it resides several layers deep within the folder structure, it might be faster to search for the policy than browsing to it. To search for a policy, go to the Search tab in the left pane and enter your search criteria. All policies matching your search criteria are listed. Searches match to various elements such as policy name, folder name, and tags.
Action Server View If you have more than one Action Server installed, you might find the Action Server tab in the left pane helpful. This displays all policy logging for your Action Servers. You can filter this list by Action Server to see all the policies that ran on a given Action Server. You can also filter by policy Status (Running, Success, Warning, or Failed). This lets you find all the policies that failed on a given Action Server or those policies currently running on it. You can filter the view of policy statuses by Action Server (see Figure 5.27).
Permissions The OOC does not share its permissions with the OIS Client; they are independent of one another. Figure 5.28 shows an example of starting a policy from the OOC. When you installed the OOC, the group you configured as the default admin group is the only group with access to the OOC.
The Opalis Operator Console
143
FIGURE 5.27 The Operator Console’s Action Servers view
5
FIGURE 5.28 The Opalis Operator Console’s permissions view
TIP:
OOC DEFAULT SECURITY GROUP INFORMATION
The default admin group assigned to the OOC during installation is the only group with default access to the OOC. The OOC security is not able to read inherited permissions, meaning only users who are actually a member of that group have access. (Groups added to the default admin group do not have access.) As an example, the OOC default admin group is Domain Admins and User1 is a member of Opalis Group, which is a member of Domain Admins, but User1 has no access to the OOC. For User1 to have access, you must add it directly to the Domain Users group or give it explicit permission in the OOC.
144
CHAPTER 5
Policy Basics
Perform the following steps for additional users to access the OOC: 1. Click the Permission link in the upper right of the OOC, which takes you to the Permissions section. 2. Use the Search feature to locate the user or users for which you want to provide access. 3. Select the user, and then apply the appropriate permissions in the right pane by selecting the icon with the appropriate permission for the folder or folders to which you want to control access.
CAUTION:
OOC DEFAULT SECURITY GROUP PERMISSIONS
The members of the Operator Console Administration group have full administrator privileges in the OOC. They cannot be locked out of anything as they automatically have full rights to all folders, policies, and events without having them explicitly defined.
Events The OOC also displays the OIS Events found in the Events window of the OIS Client. Figure 5.29 shows an example of the events section of the Operator Console.
FIGURE 5.29 The Event section of the Operator Console
NOTE:
EXECUTIVE DASHBOARD AVAILABILITY
Opalis previously offered an Executive Dashboard containing real-time information about key metrics, such as success/failure statistics, duration, load distribution, and ROI of your policies. The dashboard is now called Insight Dashboard for Opalis and is available directly from Altosoft Software at http://www.altosoft.com/products/ opalis_dashboard.shtml.
Triggering Policies from Within a Policy
145
Triggering Policies from Within a Policy A single policy can be powerful and useful, but eventually you might find you want to connect more than one policy together and trigger one from the other. You might also find you have a policy that can act as common subroutines for many other policies. This is actually a best practice. To connect two policies so they execute one after the other, you need to use two special objects: the Custom Start object and the Trigger Policy Object. These objects are found in the Workflow Control palette in the OIS Client.
The Custom Start Object You can use the Custom Start object in any policy, even if it is not called by other policies. It provides two functions:
. You can also pair a Custom Start object with a Trigger Policy object in another policy. This lets you take the output of one policy and pass it into another policy. Figure 5.30 shows the Custom Start object.
FIGURE 5.30 The Custom Start object
5
. The Custom Start object can define the starting point of a policy and requires one or more parameters before it starts. This is a common method to ensure the parameters the policy requires are provided at start time. If you launch a policy with a Custom Start object—which requires parameters—from the PTC or the OOC, you are prompted to provide the parameters manually.
146
CHAPTER 5
NOTE:
Policy Basics
THE OIS CLIENT DOES NOT PROMPT FOR PARAMETERS
If you launch a policy with a Custom Start object (which requires parameters) from the OIS Client, the policy fails. The OIS Client is not designed to prompt the author for parameters. You can use the PTC or OOC to pass these parameters or configure a Trigger Policy object to trigger the policy using parameters you supply.
To add parameters to the Custom Start object, go to the Details tab and click Add. You can add as many parameters as you need. You can also rename the parameters to make them more meaningful. You can also change the data type from String to Integer; these are the only two types supported by this object.
The Trigger Policy Object The Trigger Policy object is designed to trigger another policy. The target policy can be any other policy, whether it starts with a Custom Start, monitor object, or any normal object. However, the real power of the Trigger Policy object is its ability to pair with a Custom Start object and pass parameters to it. To use the Trigger Policy Object, click the ellipses in the Policy field and navigate to the policy you want to target. If the policy begins with a Custom Start object that requires parameters, the Trigger Policy object loads those into the Parameters section. Figure 5.31 shows the Trigger Policy Object with loaded parameters. You can then use the Published Data Bus to pass information from previous objects through the Trigger Policy object into another policy.
FIGURE 5.31 The Trigger Policy object There are three other options within the Trigger Policy object: . Trigger by Path—The Trigger by Path check box triggers whatever policy is listed using the specific path and name. When selected, any policy with the same name in the same folder location is triggered.
Policies Properties
147
If you uncheck this box, you can trigger the originally referenced policy, even if it has been moved around in the environment. The Trigger Policy object automatically maps itself to the new location. . Wait for Completion—The Wait for Completion check box forces the Trigger Policy object to wait until the target policy it triggers is finished before the Trigger Policy object completes. This option effectively turns the object into a gosub command. If you uncheck the box, it is effectively a goto command. . Action Servers—The Action Server field allows you to specify Action Server(s) to run the policy. Separate each Action Server name with a semicolon. The order in which the Action Servers are listed is the order used to spillover the policy. The Action Server names must be valid, but you can use PD in this field. Leave this field blank to use the Policy or Global defaults for the Action Server assignment.
TIP:
MULTIPE EXECUTIONS AND WAIT FOR COMPLETION
The Trigger Policy object can also accept data returned by the Publish Policy Data object from a child policy. For more information about parent/child policies and the Publish Policy Data object, refer to Chapter 6, “Foundation Objects.”
Policies Properties All policies have properties that the author can configure; these are used to modify the default behavior of various aspects of the policy. The next sections describe these tabs.
General Tab The General tab is purely informational. You should always add a description to this tab for each policy. This helps other authors or testers understand the purpose of the policy, and the data can be used in reporting.
Action Servers Tab The Action Servers tab allows you to override the default Action Server roles and specify a PAS and Standby Action Servers for this particular policy. Be careful when you use this tab, as you are changing the spillover path for your policy but not for other policies. This can make for a confusing situation if you are trying to predict load across Action Servers. For
5
If your Trigger Policy object is executed multiple times, it causes the target policy to execute multiple times as well. However, if you selected the Wait for Completion check box, the triggered policies queue (ignoring any Policy Execution Settings in the target policy), and the Trigger Policy object does not complete until all the triggered policies complete.
148
CHAPTER 5
Policy Basics
more information, see Chapter 3. Figure 5.32 shows the Action Servers tab within the policy properties.
FIGURE 5.32 The Action Servers tab within a policy
Logging Tab The Logging tab is used to control how much data is logged by a policy. This is only the object status, start and end times, and PID by default. This is normally the desired configuration for running in production, but you might want to gather additional logging if you are testing from the OIS Client or have encountered errors and are trying to capture additional data about the policies execution. Figure 5.33 shows the Logging tab within the policy properties.
FIGURE 5.33 The Logging tab within a policy
Policies Properties
149
Event Notifications Tab The Events Notifications tab is used in conjunction with the Action Server Watchdog service. If you specify a time in the Report field, the Watchdog writes an event to the events log if this threshold is exceeded by the policy. The tab also contains a check box called Report if the Policy fails to run. Selecting this option causes the Watchdog to generate an event if the policy fails to start for some reason. Figure 5.34 shows the Event Notification tab within the policy properties.
5
FIGURE 5.34 The Event Notifications tab within a policy
Run Behavior Tab The Run Behavior tab controls how many instances of the policy an Action Server runs in parallel if there are simultaneous start requests. The default value is one. This means that if a policy is triggered by an operator once and by another policy twice, one instance of the policy loads, and the other two requests queue. If the value is set to 10, all three policy instances runs in parallel. This value is still restricted by the Action Server Policy Throttle value. Figure 5.35 shows the Run Behavior tab within the policy properties. You can also disable pipeline mode for a policy in this tab and use Legacy mode, although the authors do not advise doing so. The Legacy mode has a number of behaviors that can be highly problematic in production. Pipeline mode is far more predictable and thus more desirable.
Policy Data Tab The Policy Data tab lets you create special policy-level PD items. After you create the items, you can use the Publish Policy Data object to make this data available. This data is only available to the Trigger Policy object, assuming it has triggered the policy that has
150
CHAPTER 5
Policy Basics
FIGURE 5.35 The Run Behavior tab within a policy this data. For more information about how to take advantage of this feature, see Chapter 6. Figure 5.36 shows the Policy Data tab within the policy properties.
FIGURE 5.36 The Policy Data tab within a policy
Importing and Exporting Policies Policies can be exported to a file to import for use on other systems. This is helpful when moving policies from test to production if the two systems are isolated from one another. It is also a good way to share policies with forums and user groups. Policies are exported with the extension ois_export.
Importing and Exporting Policies
151
Exporting a Group of Policies To export a group of policies, select the folder containing the policies you are trying to export, then right-click, and select Export... This launches the Policy Export dialog shown in Figure 5.37. You can also export a policy by selecting Export from the Actions menu.
5
FIGURE 5.37 The Policy Export dialog You must provide a filename and location for the export. The Policy Folder is the folder you had highlighted, but you can change it here if desired. By default, the export contains the policies in subfolders. You can then select which global settings you want to export and whether you want to export the global configurations. If you choose to export global settings, the export contains all the global settings, not just those used by the policies you are exporting.
Exporting a Single Policy You can export a single policy by right-clicking the policy tab, selecting Export and providing the export filename. You are not prompted to include global settings, as a single policy export only exports the settings in use by the policy. However, it also exports all the folder structures in the global settings, although unused folders are empty.
Importing Policies To import a policy file, select the folder where you want to import the policies then rightclick and select Import... This launches the Policy Import dialog. You can also import a policy by selecting Import from the Actions menu or by dragging and dropping the export file on the Connections window on top of the policy where you want to import. The Import Policy Dialog is similar to the Export Policy dialog. You can choose whether you want to import policies, global settings, or global configurations.
152
CHAPTER 5
CAUTION:
Policy Basics
POLICY EXPORTS USUALLY CONTAIN UNWANTED DATA
If you export a group of policies, the export contains all the global settings from that OIS instance, even if the policies being imported do not use them. When you import policies, ensure that you do not import unwanted settings. There is no easy way to prevent this. The best way is to import the policies to a staging environment where the unwanted settings can be deleted. Then, export the policies again. This time the export does not contain unwanted data.
Summary This chapter discussed the basics of creating policies using the OIS Client. It covered the major features of the OIS Client UI and the OOC and described the main components of policies. It described how to construct a policy, test a policy, and check it in for execution. It covered the elements of a policy and the types of objects. It also discussed the Published Data Bus, which is one of the central ideas behind OIS. In Chapter 6, you learn about the most common Foundation objects used in implementations and how to use them. You also learn about the objects used to extend the reach of OIS.
CHAPTER
6
Foundation Objects
IN THIS CHAPTER . Basic Object Anatomy . Extensibility Objects . Other Important Object Categories . Legacy Objects . Remaining Objects
A product’s out-of-the-box functionality can determine its traction. If the product is difficult to use, does not have clear user interaction, or only offers highly customized and complex solutions, its adoption can be low, regardless of its usefulness. With Opalis Integration Server (OIS), out-of-thebox functionality is available through Foundation objects and Integration Packs (IPs). OIS 6.3 includes 97 Foundation objects, which are the only objects installed by default during an OIS deployment. These Foundation objects are automatically included whenever you deploy a new Action Server or Client. Foundation objects predate IPs; they form the foundation for powerful integrated policies connecting one or more target systems, and enable automated and orchestrated process execution. This chapter explores the Foundation objects in OIS 6.3. Although its primary focus is on those objects that enable OIS’s power and flexibility, the chapter discusses or references each object category. For information on IP objects, refer to Chapter 8, “OIS Integration.”
Basic Object Anatomy Foundation objects are just generic integration actions. Although they do have some specific configuration protocol in mind, they are not tied to any specific target system. Each object has a basic anatomy, which consists of a series of tabs that contain fields. This is why OIS is often referred to as having forms-based configuration capability. In addition to making the product easy to use, the approach offers a clear and consistent interface for policy authoring. As these
. Use Case Examples
154
CHAPTER 6
Foundation Objects
forms are available for each object, you can choose whether to simply fill in the fields, or to take the next step and include code or script within the objects.
NOTE:
CODE OR SCRIPT OBJECTS
Although each object has a forms-based configuration utilizing tabs and fields, some of the objects enable you to extend OIS with “code or script” as the configuration within these fields. Likewise, some of the objects allow you to call a preconfigured file or program containing code or script. These objects are described in the “Extensibility Objects” section of this chapter.
This section briefly describes the default anatomy of an object. The following sections will provide object-specific details, depending on the object described. Figure 6.1 displays an example of an object icon. This is the Run Program object, described in more detail in the “The Extensibility Objects” section of this chapter.
FIGURE 6.1 An object icon example
When you open an object, whether by double-clicking the object icon or right-clicking the object icon and choosing Properties, you are presented with the object properties. By default, you are presented with the Details tab of the object’s properties. As an example, Figure 6.2 displays the Details tab for the Run Program object.
FIGURE 6.2 A sample Details tab for an object
Basic Object Anatomy
NOTE:
155
DETAILS TABS
Details tabs vary by object. Specific information on the individual Details tabs are provided for each of the objects described in this chapter, in their respective sections.
Three tabs exist in the majority of the Foundation objects; these are the General, Security Credentials, and Run Behavior tabs. Here is a description of these object property tabs: . General—The General tab contains configuration information about the Name and Description of an object. The Description field is optional. Information stored here is visible when hovering over the object (if Tool Tips are enabled). Tool Tips are discussed in Chapter 5, “Policy Basics.” . Security Credentials—This tab contains configuration information about the service account to be used during object execution. Two options are available—use the Action Server service’s account credentials or manually specify credentials for an account (impersonation). Impersonation is discussed in Chapter 4, “Installing Opalis Integration Server 6.3.” This tab is implemented consistently wherever it exists.
NOTE:
GENERAL TAB CONSISTENCY
Although each object has a General tab, it is not always implemented consistently from object to object. For the vast majority of the objects, the General tab’s content is as described in the previous bullet list. Seven objects have a non-standard implementation of the General tab. These are Compare Values, Get Internet Application Status, Manage Text File, Monitor Internet Application, Process Email, Process Exchange Email, and Write Web Page. These objects use an additional drop-down field to determine the configuration of the other tabs.
Figures 6.3, 6.4, and 6.5 show examples for each of these respective tabs for the Run Program object. To keep with the theme of the Run Program object, this object contains an additional tab. You can find the Alternate Icon tab in three objects: . Run Program . Run SSH Command . Query Database
6
. Run Behavior—This tab contains configuration information about how multi-value data is handled as well as the object’s self-monitoring configuration. The Flatten object behavior is discussed in Chapter 7, “Implementation and Best Practices,” while Chapter 2, “Inside Opalis Integration Server 6.3,” discusses Self-Monitoring. The tab is consistently implemented and is part of every object’s configuration.
156
CHAPTER 6
Foundation Objects
FIGURE 6.3 An example General tab for an object
FIGURE 6.4 An example Security Credentials tab for an object Figure 6.6 displays an example Alternate Icon tab for the Run Program object. From this tab, you can choose an alternate icon that better suits the object’s intended use. You can choose Executable (.exe) or Icon (.ico) files as part of this configuration.
CAUTION:
ALTERNATE ICON USAGE
It is best to leave alternative icon functionality to those environments used for demonstration or documentation. Overusing alternate icons has been known to slow policy execution. This is because the file included as the alternate icon becomes part of the data stored in the database and accessed during policy execution. The more objects with an alternate icon configured, the larger the policy data and slower the policy execution.
Extensibility Objects
157
FIGURE 6.5 An example Run Behavior tab for an object
6
FIGURE 6.6 An example Alternate Icon tab for an object
Extensibility Objects The most powerful of the generic integration actions are those that extend OIS functionality out-of-the-box. These objects are known as extensibility objects; they are the objects most used during an OIS implementation. These objects give you the integration capabilities for the following: . Command line interfaces (CLI) . Databases
158
CHAPTER 6
Foundation Objects
. Web services . PowerShell . WMI . Simple Network Management Protocol (SNMP) . Anything accessible via .NET (C# or VB) The 10 extensibility objects are spread across two categories in the OIS client: System and Utilities. The next sections discuss each of the extensibility objects; they are listed here in order of popularity: . Run Program . Query Database . Run .Net Script . Invoke Web Services . Query WMI . Run SSH Command . Four SNMP Objects Figure 6.7 displays the extensibility objects in the OIS client workspace. This is just to show the object icons and their default object names.
FIGURE 6.7 The extensibility objects
Run Program Run Program is one of the most used objects and offers the capability to execute programs and commands with given parameters. This object is most often used to extend OIS to integrate, automate, and orchestrate target systems via their CLI. Whether the CLI is called directly from this object or the object executes a preconfigured script containing CLI commands, the Run Program object executes and captures output specific to the command or program executed. This output is automatically published to the OIS Data
Extensibility Objects
159
Bus and is available for parsing and/or usage by the objects that follow. For more information about the OIS Data Bus, refer to Chapter 5. Figure 6.8 shows an example configuration of the Details tab for the Run Program object. In this object-specific example, the object is configured to execute a dir command against the C:\Program Files (x86) folder on the FIREBALL server.
NOTE:
USAGE OF C:\PROGRAM FILES (X86) IN THIS CHAPTER
The location C:\Program Files (x86) is the location of the Program Files folder on 64-bit systems such as Windows Server 2008 R2. On 32-bit systems, such as Windows Server 2003, the location is C:\Program Files.
The options on the Details tab for the Run Program object are: . Mode—These radio buttons are used to configure the object for Program or Command execution. The primary difference is how the rest of the tab is configured. . If Program execution is selected, the Parameters field is enabled. . If Command execution is selected (Figure 6.8), the Parameters field is disabled. . The Program Path/Command field also changes based on this Mode selection. . Computer—The Computer field is used to configure the computer or server where the program or command is executed.
6
FIGURE 6.8 Run Program object example Details tab configuration
160
CHAPTER 6
Foundation Objects
. Program Path/Command—This field is used to configure the program or command that is executed. Depending on the Mode selected, the field is named either Program Path or Command (Figure 6.8). . Parameters—The Parameters field is used to configure the parameters to be used during program execution. . Working folder—This field is used to configure the directory where the program or command is executed on the computer specified in the Computer field.
NOTE:
PROGRAM VERSUS COMMAND EXECUTION
In Program mode, the application is executed directly. This is different from Command mode where the application is executed as an argument to a Command Prompt (cmd.exe /c ). The intent of Command mode is to execute commands that are built into the Windows Command Prompt shell.
The Run Program object has an additional object-specific tab. Figure 6.9 shows a sample configuration of the Advanced tab for the Run Program object.
FIGURE 6.9 Run Program object example Advanced tab configuration
Here are the options on the Advanced tab for the Run Program object: . Execution Mode—This drop-down selection allows you to choose from Interactive; Background, Normal Priority; and Background, Low Priority. . Wait/Do Not Wait—These radio buttons are used to configure the object’s execution duration. You can configure the object to either wait for the completion of the
Extensibility Objects
161
program or fire or forget (do not wait). If you choose to wait for the completion of the program, you can specify an optional termination timeout value (in minutes). . Run As—This field is used to configure the Run As credentials to be used for the command. This functionality is similar to choosing Run As Administrator or Run As Different User in the right-click menu for program execution.
NOTE:
RUN PROGRAM EXECUTION MODE
In most cases, you leave the program execution mode to the default of Background, Normal Priority. Interactive mode is functional on Windows Server 2003, but disabled by default on Windows Server 2008 at the operating system (OS) level. As policies are meant to be fully automated processes, there should not be that many instances where you would need the Run Program to actually present something to the screen interactively.
Although, like most objects, the Run Program object has a Security Credentials tab, there is often confusion around its usage, compared to the Run As fields on the Advanced tab.
. The Run As fields on the Advanced tab, as described in the bullet list discussing Figure 6.9, represent the user credentials that are utilized to execute the program/command on the target computer. For additional information about the Run Program object, refer to the OIS TechNet Library entry for Run Program at http://technet.microsoft.com/en-us/library/gg464958.aspx.
Query Database One of the most powerful objects is Query Database. This object offers the capability to execute database queries against a number of different database types. The object is most often used to extend OIS to integrate, automate, and orchestrate target systems via their database tables or stored procedures. Whether the query is called directly from this object or the object executes a preconfigured stored procedure containing the query, the Query Database object executes and captures output specific to the query executed. This output is published automatically to the OIS Data Bus and is available for parsing and/or usage by the objects that follow. For more information about the OIS Data Bus, refer to Chapter 5. Figure 6.10 shows an example of the Details tab for the Query Database object. In this example, the object is configured to execute an SELECT * FROM POLICIES query. The server and database configuration is on the Connection tab, displayed in Figure 6.11.
6
. For the Run Program object, the Security Credentials tab represents the context under which the object executes and interacts with the target computer (accessing \\\ADMIN$ and establishing a named pipe connection).
162
CHAPTER 6
Foundation Objects
FIGURE 6.10 Query Database object example in Details tab configuration
FIGURE 6.11 Query Database object example Connection tab configuration
In the example shown in Figure 6.11, the object is now configured to execute the SELECT query against a SQL Server named FIREBALL with an Initial catalog (database) of Opalis. Here are the options on the Details and Connection tabs for the Query Database object: . Query—The Query field, located on the Details tab, is used to configure the Query (MSSQL in Figure 6.10) to be executed. . Database Type—This drop-down allows you to choose from Microsoft Access (.mdb files only), Open Database Connectivity (ODBC), Oracle and SQL Server. Your selection from this drop-down determines how the rest of the tab is configured. . Authentication—These radio buttons are only enabled when SQL Server is selected from the Database type drop-down displayed in Figure 6.11. Although the name of
Extensibility Objects
163
these radio buttons might change based on database type, they are not configurable. The radio buttons determine the authentication method used to connect to the target SQL Server, either Windows Authentication or SQL Server Authentication. If SQL Server Authentication is selected, the User name and Password fields are enabled. . Server/File/DSN/Service Name—This field changes names depending on the Database type drop-down selection. A selection of SQL Server results in Server as displayed in Figure 6.11; Access results in File; ODBC results in Data Source Name (DSN); and Oracle results in Service Name. Regardless of selection, this field is used to configure the target Server, Database File, DSN, or Service Name where the query is executed. . Initial Catalog/Workgroup File—This field also changes names and enables/disables depending on the Database Type drop-down selection. A selection of SQL Server results in Initial Catalog; Access results in Workgroup File; the two other options (ODBC and Oracle) disable the field. Regardless of selection, this field is used to configure the target Database or File where the query is executed. . User Name—When enabled, this field is used to configure the user name used in the connection to the target Server, Database File, DSN, or Service Name where the query is executed.
. DB Password—This field is only enabled when Access is selected from the Database Type drop-down. It is used to configure the password used to open the Microsoft Access database.
TIP:
ADDITIONAL INFORMATION ON THE QUERY DATABASE OBJECT
Additional information about the Query Database object is in the OIS TechNet Library entry for Query Database, available at http://technet.microsoft.com/en-us/library/ gg440758.aspx. For a video tutorial on the Query Database object, refer to Charles Joy’s TechNet blog post for “8 Minute Demo - Query Database Object (SQL)” at http:/ /blogs.technet.com/b/charlesjoy/archive/2010/08/30/8-minute-demo-query-databaseobject-sql.aspx.
Run .Net Script Another of the most powerful objects, Run .Net Script offers the capability to execute scripts. There are four types of scripts supported: . C# . JScript . PowerShell
6
. Password—When enabled, this field is used to configure the password used in the connection to the target Server, Database File, DSN, or Service Name where the query is executed.
164
CHAPTER 6
Foundation Objects
. VB.NET This object is most often used to extend OIS to integrate, automate, and orchestrate target systems via their scripting API. Whether you call this script directly from this object or the object executes a preconfigured file containing the script, the Run .Net Script object executes and captures output specific to the script executed. This output is automatically published to the OIS Data Bus and available for parsing and/or usage by the objects that follow. Figure 6.12 shows a sample configuration of the Details tab for the Run .Net Script object. In this object-specific example, the object is configured to execute a PowerShell script. Here is the script: $processinfo = Get-Process $processcount = $processinfo.Count $processcount
The published data captured is Process Count and its configuration is on the Published Data tab, as shown in Figure 6.13. In this figure, you can see the object is configured to execute the PowerShell script against the local machine (as no remote machine was specified in the script), return the number of processes to the $processcount variable and present this Integer value as published data named Process Count. Here is a description of the options on the Details and Published Data tabs for the Run .Net Script object: . Type (Details)—This pick list is used to configure the type of script that is executed. The options are C#, JScript, PowerShell, or VB.NET. . Script (Details)—The Script field is used to configure the script that is executed. The script syntax depends on the Type selection. For C# and VB.NET, declaration of the Published Data specific variables is handled on the Published Data tab; other variables need to be declared as usual.
FIGURE 6.12 Run .Net Script object example in Details tab configuration
Extensibility Objects
165
FIGURE 6.13 Run .Net Script object example in Published Data tab configuration . Name (Published Data)—Added or Edited after the Add or Edit buttons are clicked, this field is used to configure the name of the Published Data item being added or edited. You can create multiple Published Data items with different names.
. Variable Name (Published Data)—Added or Edited after the corresponding buttons are clicked, this field is used to configure the name of the variable from the script to be referenced as Published Data for the Published Data item being added or edited. You can create multiple Published Data items with different variable names. For PowerShell, this field should not include the preceding $ character that exists in the PowerShell script on the Details tab, displayed in Figures 6.12 and 6.13. The Run .Net Script object has another object-specific tab, the Advanced tab. This tab is only used when the script types C# or VB.NET are selected from the Type field on the Details tab. Here are the options on the Advanced tab for this object: . Namespace(s)—Added or edited after the Add or Edit buttons are clicked, this field is used to configure the Namespace(s) required by the C# or VB.NET script configured on the Details tab. You must manually add each Namespace required by the script. As a default configuration, the System Namespace likely needs to be added as a reference for C# or VB.NET base functionality. . Assembly Reference(s)—Added or edited after clicking on the corresponding button, this field is used to configure the Assembly Reference(s) required by the script configured on the Details tab and the Namespace(s) configured on the Advanced tab. Each of the Assembly Reference(s) required by the script (non-common) and Namespace(s) must be manually added by selecting the assembly file from the appropriate location on the server.
6
. Type (Published Data)—Added or Edited after the corresponding buttons are clicked, the Type field is used to configure the data type of the Published Data item being added or edited. The options are Date/Time, String, and Integer. You can create multiple Published Data items with different data types.
166
CHAPTER 6
NOTE:
Foundation Objects
COMMON ASSEMBLIES
The .NET Framework automatically provides references to common assemblies (such as System.dll). In the example in Figure 6.14, there is no need to specify the reference to %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\System.dll; however, namespaces are required and should be identified as discussed in the bullet list describing Figure 6.14. The reason the example included the System.dll reference was to show how it looks with the Advanced tab configured with an Assembly Reference. Although not required, configuring the Assembly Reference for common assemblies does not hinder the object’s execution.
FIGURE 6.14 Run .Net Script object example Advanced Tab configuration Figure 6.14 shows an example of the Advanced tab for the Run .Net Script object. You might notice that the object is missing one of the standard tabs; it does not have a Security Credentials tab. This means that the object must execute under the context of the Opalis Action Server service account. This does not mean you cannot specify specific credentials within the configured scripts; it just means that the object itself runs under the service account context only.
TIP:
ADDITIONAL INFORMATION ON THE RUN .NET SCRIPT OBJECT
You can find more information about the Run .Net Script object in the OIS TechNet Library entry for Run .Net Script, located at http://technet.microsoft.com/en-us/ library/gg464918.aspx. For video tutorials on the Run .Net Script object for both C# and PowerShell, refer to these TechNet blog posts: . “8 Minute Demo - .NET Scripting Object – C#,” at http://blogs.technet.com/b/ charlesjoy/archive/2010/07/14/8-minute-demo-net-scripting-object-c.aspx . “8 Minute Demo - .NET Scripting Object – PowerShell!,” available at http://blogs. technet.com/b/charlesjoy/archive/2010/08/03/8-minute-demo-net-scripting-objectpowershell.aspx
Extensibility Objects
167
Invoke Web Services Great for quick integrations to web service interfaces, Invoke Web Services offers the capability to execute Simple Object Access Protocol (SOAP) calls by sending and receiving simple eXtensible Markup Language (XML). This object is most often used to extend OIS to integrate, automate, and orchestrate target systems via their web services Application Programming Interface (API). The Invoke Web Services object executes and captures output specific to the SOAP calls executed. This output is automatically published to the OIS Data Bus and is available for parsing and/or usage by the objects that follow. Figure 6.15 shows an example configuration of the Details tab for the Invoke Web Services object. In this example, the object is configured to execute a SOAP call against the OIS Operator Console (OOC). The Web Service Definition Language (WSDL) for this call is http://fireball:5314/OpConsoleApp-1.0-OpConsoleServer-1.0/PolicyInfoServiceBean?wsdl. The Method selected from the available for this web service is Authenticate. This particular method is used to receive a token from the OOC web service. The XML Request Payload for this method has to contain the appropriate username and password strings used to authenticate to the OOC web service. When you click on the Format Hint button for this particular web service and method, the hint partially displayed in the XML Request Payload field in Figure 6.15 is: <username>String<password> String
. WSDL—This field is used to configure the location of the WSDL for the target web service. The WSDL field can reference either a local file or URL for the WSDL.
FIGURE 6.15 Invoke Web Services object example in Details tab configuration
6
In this example, the strings between the XML tags for <username> and <password> are replaced with OIS variables. This obfuscates the credentials from the object and enables easy cascade updates and specific variable level permissions. There are two options on the Details tab for the Invoke Web Services object:
168
CHAPTER 6
Foundation Objects
. Method—This pick list is used to configure the method from the web service that is executed. The options are dynamically pulled from the web service WSDL when the ellipsis button for this field is clicked. . XML Request Payload—This field is used to configure the XML to be sent as the request payload (during the SOAP call). You do not have to memorize the structure or the syntax. Clicking on the Format Hint button provides you with the necessary XML syntax for the web service method chosen. You simply have to fill out the String information between the XML tags presented in the hint. The Invoke Web Services object has two more object-specific tabs: Advanced and Security. Figure 6.16 shows the default configuration of the Advanced Tab.
FIGURE 6.16 Invoke Web Services object example in Advanced tab configuration In this example, you can see the object is configured to execute using the SOAP 1.1 protocol, which is the default for the Invoke Web Services object. Here are the options on the Advanced tab for the Invoke Web Services object: . Response Folder—This check box and field are used to configure where the XML Response files are saved (if enabled). . Address—This check box and field are used to configure the URL location of the web service (if enabled). . Protocol—This drop-down is used to configure the protocol the web service uses during execution. There are two options: SOAP 1.1 and SOAP 1.2. SOAP 1.1 is the default. Figure 6.17 shows an example configuration of the Security tab for the Invoke Web Services object. This tab is used to enable HTTP Authentication used when the object connects to the target web service. This functionality is optional and disabled by default. To enable this functionality, check the Enable check box and enter the appropriate credentials for HTTP Authentication into the User Name and Password fields on this tab.
Extensibility Objects
169
FIGURE 6.17 Invoke Web Services object example in Security tab configuration
TIP:
ADDITIONAL INFORMATION ON THE INVOKE WEB SERVICES OBJECT
You can find additional information about the Invoke Web Services object in the OIS TechNet Library entry for Invoke Web Services at http://technet.microsoft.com/en-us/ library/gg440760.aspx. A video tutorial on the Invoke Web Services object is available at the TechNet blog post, “8 Minute Demo - Invoke Web Services Object,” located at http://blogs.technet.com/b/ charlesjoy/archive/2010/08/16/8-minute-demo-invoke-web-services-object.aspx).
Query WMI Less popular than the other extensibility objects, Query WMI offers the capability to quickly and easily execute Windows Management Instrumentation (WMI) queries against specified host computers. This object lost popularity after the Run .Net Script object was introduced to OIS. Although it successfully executes WMI queries against target computers, the output is difficult to use as parsing is required, and it is just not as flexible as a PowerShell script. You likely find it easier and more flexible to use the Run .Net Script object with PowerShell for the same WMI queries you execute with this object. The object is most often used to extend OIS to integrate, automate, and orchestrate target systems via their WMI interface. The Query WMI object executes and captures output specific to the WMI query executed. This output is automatically published to the OIS Data Bus and is available for parsing and/or usage by the objects that follow.
6
You might notice that Invoke Web Services object displayed in Figure 6.17 is missing one of the standard tabs; it does not have a Security Credentials tab. This means the object must execute under the context of the Opalis Action Server service account. This does not mean that you cannot specify specific credentials within the Security tab for HTTP Authentication; it just means that the object itself runs under the service account context only.
170
CHAPTER 6
Foundation Objects
The Query WMI object only has the standard tabs for all objects: General, Details, Security Credentials, and Run Behavior. Figure 6.18 shows a sample configuration of the Details tab for the Query WMI object. In this figure, the object is configured to execute a WMI query call against the root\cimv2 namespace on the FIREBALL server. The WMI query is: SELECT Name FROM Win32_Process
There are three options on the Details tab for the Query WMI object: . Computer—This field is used to configure the target computer where the WMI query is executed. . Namespace—The Namespace field is used to configure the namespace for the WMI query to be executed. The namespace entered must be available on the target computer. . WMI query—This field is used to configure the WMI query. The WMI query entered here must correspond with the namespace entered. You can find additional information about the Query WMI object at the OIS TechNet Library entry for Query WMI, located at http://technet.microsoft.com/en-us/library/ gg440787.aspx.
Run SSH Command Used exclusively for cross platform processes, Run SSH Command offers the capability to execute programs and commands with given parameters against non-Windows host computers. This object is most often used to extend OIS to integrate, automate, and orchestrate target systems via their non-Windows CLI. Whether the CLI is called directly from this object or the object executes a preconfigured script containing CLI commands, the Run SSH Command object executes and captures output specific to the command or program executed. This output is automatically published to the OIS Data Bus and is available for parsing and/or usage by the objects that follow.
FIGURE 6.18 Query WMI object example in Details tab configuration
Extensibility Objects
171
Figure 6.19 shows an example configuration of the Details tab for the Run SSH Command object. In this object-specific example, the object is configured to execute an ls command against the loopback IP address (127.0.0.1) on port 22. These values are default for this object. You can modify them as needed to fit your use case. If the target computer is visible by browsing, you can use the ellipsis to select; otherwise, this value should be keyed in or made dynamic by using a variable or published data.
Here are the options on the Details tab for the Run SSH Command object: . Computer—This field is used to configure the target non-Windows host computer where the command or program is executed. . Port—The Port field is used to configure the connection port for the target computer, where the SSH command is executed. . Run Command—If selected, this field is used to configure the command or series of commands (separated by a semicolon [;]) to be executed on the non-Windows target host computer. . Command Set File—If selected, this field is used to configure the file location for the file that contains the set of commands to be executed. This file should only contain commands native to the shell scripting language on the target nonWindows host computer. . Accept Host Key Change—This check box is used to configure the option to accept host key changes. . Connection Timeout—This field is used to configure the timeout threshold for the Run SSH Command object’s execution. Enter an integer value (in seconds) to configure the timeout. If no integer is entered or you enter 0, there is no timeout. (The object waits infinitely.)
6
FIGURE 6.19 Run SSH Command object example in Details tab configuration
172
CHAPTER 6
Foundation Objects
The Run SSH Command object has an additional object-specific tab. Figure 6.20 shows an example of the Advanced tab for the Run SSH Command object. The fields on this tab are required so the object can authenticate to the target non-Windows host computer.
FIGURE 6.20 Run SSH Command object example in Advanced Tab configuration
Here are the options on the Advanced tab for the Run SSH Command object: . Authentication Username—This field is used to configure the username for authentication to the target non-Windows host computer. . Password—If selected, this field is used to configure the password for authentication to the target non-Windows host computer. This is one of two options; the combination of Username and Key File is the other option. . Key File and Passphrase—If selected, these two fields are used to configure the location of the key file and associated passphrase for authentication to the target non-Windows host computer. This is one of two options; the combination of Username and Password is the other option. More information about the Run SSH Command object can be found in the OIS TechNet Library entry for Run SSH Command at http://technet.microsoft.com/en-us/library/ gg440664.aspx.
SNMP Objects There is a group of four SNMP objects available to extend the functionality of OIS. Although these objects are not used extensively, they allow for quick and easy integration with target systems that send or receive SNMP traps. Figure 6.21 shows the four objects in the OIS client workspace. This is just to show what each object icon looks like as well as what each of the object’s default object names are.
Other Important Object Categories
173
FIGURE 6.21 The SNMP objects
Here is a brief description of these SNMP objects: . Get SNMP Variable—Based on a specified Management Information Base (MIB), this object can be configured to query and return the variable value associated with that MIB. . Monitor SNMP Trap—You can configure this object to monitor for an event (SNMP trap) on a specified port or via the Microsoft SNMP Trap Service. You can filter the traps by Host, Enterprise Identifier, Generic Identifier, Specific Identifier, and/or Object Identifiers. . Send SNMP Trap—This object can be configured to send SNMP events to available monitoring applications listening for SNMP events. If an enterprise identifier for an existing network device is known, this object can send SNMP traps on behalf of that device.
The SNMP objects are compatible with SNMP versions SNMPv1, SNMPv2c, and SNMPv3. For additional information about the SNMP objects, refer to these OIS TechNet Library entries: . Get SNMP Variable—http://technet.microsoft.com/en-us/library/gg440800.aspx . Monitor SNMP Trap—http://technet.microsoft.com/en-us/library/gg440655.aspx . Send SNMP Trap—http://technet.microsoft.com/en-us/library/gg464968.aspx . Set SNMP Trap—http://technet.microsoft.com/en-us/library/gg464961.aspx
Other Important Object Categories Although the next 23 object categories are not as significant, they are still important to an OIS implementation. These objects, similar to the ones already covered earlier in this chapter (in the “Extensibility Objects” section), enable some of the advanced policy design and best practices discussed in Chapter 7. Email and Notification, Workflow Control, and Text and File Management object categories lead the remaining Foundation objects in importance to an OIS implementation.
6
. Set SNMP Variable—You can configure this object to update a SNMP variable for a specified MIB.
174
CHAPTER 6
Foundation Objects
Email and Notification Figure 6.22 shows three of the most used email and notification objects in the OIS client workspace. This is just to show what each object icon looks like and what each of the object’s default object names are. Although there are more objects in the Email and Notification object categories, these are the three discussed in this chapter.
FIGURE 6.22 Three email and notification objects
Send Email There are two objects in OIS that enable you to send email from within a policy: Send Email and Send Exchange Email. This section discusses the Send Email object. The object has three object-specific tabs: Details, Advanced, and Connect. Figures 6.23, 6.24, and 6.25 illustrate sample configurations for these tabs.
FIGURE 6.23 Send Email object example in Details tab configuration
Here is some information regarding the options on the Details, Advanced, and Connect tabs for the Send Email object: . Subject (Details)—This field is used to configure the email subject. . Recipients (Details)—This field is used to configure the email recipients. . Message (Details)—This field is used to configure the email message body. . Attachments (Details)—This field is used to configure the email attachments.
Other Important Object Categories
175
. Priority (Advanced)—This drop-down is used to configure the email priority; the options are Normal, Low, and High. . Format (Advanced)—This drop-down is used to configure the email format; the options are Rich Text, ASCII, and HTML. . SMTP Authentication (Advanced)—These two credential fields (User ID and Password) are used to configure the credentials this object uses to authenticate to the SMTP server (if applicable). . Email Address (Connect)—This field is used to configure the email account used to send the email via SMTP. This is also the reply-to address. . SMTP Connection Computer and Port (Connect)—These fields are used to configure the SMTP server and port used to send the email via SMTP.
6
FIGURE 6.24 Send Email object example in Advanced tab configuration
FIGURE 6.25 Send Email object example in Connect tab configuration
176
CHAPTER 6
Foundation Objects
More information about the Send Email and Send Exchange Email objects is available in the OIS TechNet Library entry for Email at http://technet.microsoft.com/en-us/library/ gg440668.aspx. Send Platform Event Although it is an OIS-specific object generating OIS-specific events, the Send Platform Event object is useful during development and test. If you enable OIS Self-Monitoring in production, each Send Platform Event execution generates an OIS event that is then passed along as a SNMP trap. For more information on Self-Monitoring, refer to Chapter 2. The Send Platform Event only has one object-specific tab, Details. Here are the options on the Details tab for the Send Platform Event object: . Type—This drop-down is used to configure the type of platform event to be created; the options are Information, Warning, and Error. . Summary—This field is used to configure the platform event summary. . Details—This field is used to configure the platform event details. Figure 6.26 shows a sample configuration of the Details tab for the Send Platform Event object. For additional about the Send Platform Event object, refer to the OIS TechNet Library entry for Send Platform Event at http://technet.microsoft.com/en-us/library/ gg440807.aspx.
FIGURE 6.26 Send Platform Event object example in Details tab configuration Send Event Log Message Somewhat more useful and broader reaching than the Send Platform Event object, the Send Event Log Message is useful during development, test, and production. It allows you to create a Windows event log message as part of a policy. The Send Event Log Message only has one object-specific tab, Details. Here are the options on the Details tab for the Send Event Log Message object: . Computer—This field is used to configure the target Windows host computer where the event log message is created.
Other Important Object Categories
177
. Message—This field is used to configure the Windows event log message details. . Severity—This set of radio buttons is used to configure the Windows event log message severity; the options are Information, Warning, and Error. Figure 6.27 shows an example configuration of the Details tab for the Send Event Log Message object.
You can find more information about the Send Event Log Message object in the OIS TechNet Library entry for Send Event Log Message at http://technet.microsoft.com/en-us/ library/gg440656.aspx.
NOTE:
OTHER NOTIFICATION OBJECTS
Other Notification object category objects are available, but are rarely used. Information regarding these objects is available in the OIS TechNet Library entry for Notification at http://technet.microsoft.com/en-us/library/gg440719.aspx.
Workflow Control Figure 6.28 shows the four workflow control objects in the OIS client workspace. This is to show what each object icon looks like and what each of the object’s default object names are.
FIGURE 6.28 The Workflow Control objects
6
FIGURE 6.27 Send Event Log Message object example in Details tab configuration
178
CHAPTER 6
Foundation Objects
These objects are used exclusively to control the flow of data through and between policies. In general, they are not used to integrate to target systems. The only object in the Workflow Control category used in integration is the Custom Start object. It is indirectly used during the initiation of a policy, remotely passing in parameters from a target system. Because of how these objects are used within OIS policies, individual descriptions prove less valuable than information about how each is used within basic and advanced policy design. Each of the following sub-sections provide an image of the Details tab for the respective objects and related-reference information. Custom Start Figure 6.29 shows a sample configuration of the Details tab for the Custom Start object. Here are the general uses for the Custom Start object: . Placed at the beginning of a policy to establish its starting point . Acting as an anchor between linked policies . Accepting input to initiate a policy with variable data . Ad-hoc policy initiation (with optional parameters) . Mechanism to allow data to pass between polices Refer to Chapter 5 for additional information about the Custom Start object and its usage. Trigger Policy Figure 6.30 displays an example configuration of the Details tab for the Trigger Policy object. The general uses for the Trigger Policy object are: . Placed at various points within a policy to trigger a related policy (to either link to that policy or call that policy as a subroutine) . Acting as an anchor between linked policies
FIGURE 6.29 Custom Start Object example in Details tab configuration
Other Important Object Categories
179
FIGURE 6.30 Trigger Policy object example in Details tab configuration . Sending input to trigger a policy with variable data . Ad-hoc policy initiation (with optional parameters) . Mechanism to pass between policies For more information about the Trigger Policy object and its usage, refer to Chapter 5.
. Placed at various points within a policy to allow two or more branches to join
FIGURE 6.31 Junction object example in Details tab configuration
6
Junction Figure 6.31 shows an example configuration of the Details tab for the Junction object. Here are the general uses for the Junction object:
180
CHAPTER 6
Foundation Objects
. Determines which of the incoming policy branches is able to republish its data to downstream objects . Truncate all incoming policy branch published data ( option as seen in Figure 6.31) . Timing mechanism (“wait” functionality) within a policy to allow multiple branches to converge and wait until all branch data has arrived For more information about the Junction object and its usage, refer to Chapter 7.
Publish Policy Data The Publish Policy Data object has a specialized usage. It is used exclusively to publish data from its policy to another policy. This type of configuration is often referred to as Nesting Workflows. The Publish Policy Data object’s configuration is highly dependent on the policy where it is used. For this reason, it has a two-step configuration: 1. Create Policy Data items in the Policy Data tab of the Policy Properties where the Publish Policy Data object is used. 2. Configure the Publish Policy Data object using the newly created Policy Data items (created in step 1). Figure 6.32 displays an example of the Policy Data tab in the Policy Properties for a policy named Workflow Control.
FIGURE 6.32 Policy Properties example in Policy Data tab configuration
Figure 6.33 shows an example of the Details tab for the Published Policy Data object as it is used in the Workflow Control policy.
Other Important Object Categories
181
FIGURE 6.33 Publish Policy Data object example in Details tab configuration
You can either hardcode values (My String Data) or use data from the Data Bus ({My Integer Value from “Previous Object”}) when configuring the object displayed in Figure 6.33. It is important to note that this object has another configuration dependency, the Trigger Policy object in another policy.
TIP:
ADDITIONAL INFORMATION ON THE WORKFLOW CONTROL OBJECTS
For more information about the Workflow Control objects, see the OIS TechNet Library entry for Workflow Control at http://technet.microsoft.com/en-us/library/gg440715. aspx. For a video tutorial on the usage of some of the Workflow Control objects in action (Custom Start, Trigger Policy, and Publish Policy Data), refer to the TechNet blog post for “8 Minute Demo – Nested Workflows” at http://blogs.technet.com/b/ charlesjoy/archive/2010/07/13/8-minute-demo-nested-workflows.aspx.
Text and File Management Figure 6.34 shows 12 of the most used text and file management objects in the OIS client workspace. This is just to show what each object icon looks like and what each of the object’s default object names are. Although there are additional objects in the Text File Management and File Management object categories, this section discusses these 12 objects.
6
Configuring the Publish Policy Data object means nothing unless it is used in a policy (Child) that is being called by a different policy (Parent). A Trigger Policy object (configured with the Wait for completion check box checked) of a Parent policy is able to access the data published from a Child policy via a Publish Policy Data object. When everything is configured properly, the data items from this object (as in the example shown in Figure 6.33) is published from the Child policy to the Parent policy during execution.
182
CHAPTER 6
Foundation Objects
FIGURE 6.34 12 Text and File Management objects
Here is a description of the six text file management object category objects displayed in Figure 6.34: . Append Line—You can configure this object to append lines to a new or existing file. Although the file does not need to exist for this object to function properly, the folder in which the file is to be created must previously exist. . Get Lines—You can configure this object to get single or multiple lines. Sets of single or multiple lines can also be retrieved using this object. Each set is a named range of lines. These named ranges are automatically published to the OIS Data Bus. . Insert Line—This object can be used to insert lines into an existing file. The file must exist for this object to function properly. This object allows the configured text to be inserted at any line number in an existing file. If the line number for the insert needs to be dynamic, it can be calculated with data from an associated object (Get Lines, Read Line, Find Text, and so on). . Delete Line—You can configure this object to delete lines from an existing file. The file must exist for this object to function properly. This object allows lines of text to be deleted at any specified line number(s) in an existing file. If the line number(s) for the insert needs to be dynamic, it can be calculated with data from an associated object (Get Lines, Read Line, Find Text, and so on). . Read Line—You can configure this object to read lines from an existing file. The file must exist for this object to function properly. Unlike the Get Lines object, this object is used to read and produce published data for a single specified range of lines. This range can be from one line to all lines. . Search And Replace Text—This object can be used to search and replace text from within an existing file. The file must exist for this object to function properly. This object finds and replaces all instances of the specified search text with the specified replacement text. Case-sensitive and regular expression searches are available. The six File Management object category objects from Figure 6.34 are . Copy File—You can use this object to copy existing files (and folder structures) to existing locations. Specification of a file or files (using wildcards such as *.* or *.txt) and the destination folder are required. Object-specific optional configurations for this object include duplicate file handling, file age filtering, and modified date attribute settings.
Other Important Object Categories
183
. Create Folder—This object can be configured to create a new folder in an existing location. You must specify the new folder name and path. There are no other objectspecific settings for this object. . Delete File—This object can be used to delete existing files from existing locations. Specification of a file or files (using wildcards such as *.* or *.txt) and their existing folder are required. File age filtering is the only object-specific optional configuration available for this object. . Delete Folder—This object can be configured to delete an existing folder from an existing location. You must specify the existing folder name and path. Here are the two object-specific optional configurations for this object: . Delete the Folder Only if It Is Empty . Delete All Files and Sub-Folders . Get File Status—You can use this object to get file information (including status) on an existing file in an existing location. Specification of a file or files (using wildcards such as *.* or *.txt) and their existing folder are required. Object-specific optional configurations for this object include recursive searching and file age filtering. The published data from this object includes useful file-specific data, including but not limited to existence, extension, flags for read only, archive and hidden, date/times for accessed, modified and created, path and name, encoding type, size, and count.
NOTE:
MONITOR FILE VERSUS MONITOR FOLDER OBJECTS
You will see there is an object for Monitor Folder in the File Management object category alongside the object for Monitor File. Although these objects have similar names and both perform monitoring against files and folders, the Monitor Folder object is focused at monitoring the metrics of a folder such as file count, file sizes, and so on, where Monitor File focuses on the files themselves.
More information about the Text File Management and File Management object categories can be found in the OIS TechNet Library entries: . Text File Management Objects—http://technet.microsoft.com/en-us/library/ gg440692.aspx
6
. Monitor File—This object can be used to monitor for file changes in existing folders and sub-folders. Specification of the existing folder name and path are required. There are a number of file attribute filters that can be applied: Accessed Date/Time, Archive Flag, Compressed Flag, Created Date/Time, File Name, Hidden Flag, Location, Modified Date/Time, Owner, Read-Only Flag, and Size. On top of these filters, there are a number of trigger filters for this file monitor: creation, change, rename, delete. The change trigger can be further filtered by file property change: attributes, security, creation time, last access time, and last write time. Object-specific optional configurations for this object include: recursive searching, filter options, and authentication.
184
CHAPTER 6
Foundation Objects
. File Management Objects—http://technet.microsoft.com/en-us/library/ gg464914.aspx
Counters Chapter 5 introduced counters. The chapter provided information about where they are created and are stored/organized (Global Settings). Creation of these counters is not enough; without manipulation or monitoring, they are just a collection of empty tables and fields in the OIS datastore. Three Foundation objects exist for just these functions. Figure 6.35 shows these three special and important objects.
FIGURE 6.35 The Counter objects Counters are Global Settings, meaning that they are available to all policies. Unlike variables (another Global Setting option), counters are actually built to be variable. Although default values are set up during the initial creation of a counter, this value can be modified and retrieved during policy execution. In general, there are two uses for counters: . Integer Variable—Updated and monitored within a policy, a counter can be used as a variable (a piece of data that changes during policy execution that is used to make filter decisions later in the policy or within other policies). In this case, a policy increments or decrements the counter value based on a specified configuration. Either that same policy or another policy is monitoring/checking the counter value to see if it has met or exceeded a specified threshold. As an example, if you want to configure a policy to count and then monitor the number of incidents created in a Service Management tool over a specified period, you could leverage a counter. The incident counter is monitored/checked to see if the value has met or exceeded a threshold. If the counter value meets or exceeds this threshold, a problem record could automatically be created (based on the specified number of incidents being monitored/checked). . Semaphore—Still used as a variable (because the value changes), using counters as semaphores is slightly different. In this case, a policy sets the counter value based on a specified configuration related to gating policy flow. As an example, in an effort to eliminate unwanted parallel execution, you could use a counter to limit policy execution based on its value being either a 1 or a 0. One policy could set the counter value to 1, based on its execution status, while a second policy could be configured to monitor/check that same counter and proceed only if the value equals 0. After the first policy is finished, it could set the counter to 0, allowing the second policy to proceed.
Other Important Object Categories
185
Each of the following sections shows the Details tab for the respective objects and includes related reference information.
Modify Counter Figure 6.36 shows a configuration of the Details tab for the Modify Counter object. Here are the general uses for this object: . Increment a specified counter each time the object is executed. . Decrement a specified counter each time the object is executed. . Set a specified counter to a specific value each time the object is executed. . Reset a specified counter to the default value each time the object is executed. In the example in Figure 6.36, after this Modify Counter object is executed, it increments the sample Counter by 1. If this Modify Counter object is executed 10 times, the counter value is incremented by 1, 10 times. More information about the Modify Counter object is in the OIS TechNet Library entry for Modify Counter at http://technet.microsoft.com/en-us/library/gg464937.aspx.
FIGURE 6.36 Modify Counter object example in Details tab configuration
6
Get Counter Value Figure 6.37 shows an example of the Details tab for the Get Counter object. The general use for the Get Counter object is to be placed at various points within a policy to monitor/check a counter value. The counter value is then used to determine policy flow (threshold or semaphore usage). In the example in Figure 6.37, after this Get Counter object is executed, it queries the current Sample Counter value. This value is automatically placed on the OIS Data Bus as published data. This published data can be used in Link filtering to determine the flow of the policy or as input data for downstream objects.
186
CHAPTER 6
Foundation Objects
FIGURE 6.37 Get Counter Data object example in Details tab configuration
You can find additional information about the Get Counter object in the OIS TechNet Library entry for Get Counter at http://technet.microsoft.com/en-us/library/gg440709.aspx.
Monitor Counter Figure 6.38 is an example of a configuration of the Details tab for the Monitor Counter object. The general use for the Monitor Counter object is to be placed at the beginning of a policy monitoring a counter or multiple counter values. After the counter value(s) have met the specified filter criteria, the monitor initiates the execution of the rest of the objects in the policy. In the example in Figure 6.38, this Monitor Counter object continually runs, monitoring the values of the Sample Counter and Semaphore counters. If both (as there is an “and” condition between the criterion) the Sample Counter value equals 10 and the Semaphore value equals 1, the Monitor Counter object initiates the execution of the policy where it is being used. The configuration of these criteria is the same as configuring link filter criteria. For more information on configuring filter criteria, refer to Chapter 5. The counter values for these two counters are automatically placed on the OIS Data Bus as published data. This published data can be used in Link filtering to determine the flow of the policy or as input data for downstream objects.
Legacy Objects
187
FIGURE 6.38 Monitor Counter object example in Details tab configuration
NOTE:
GLOBAL COUNTER USAGE
More information about the Monitor Counter object can be found in the OIS TechNet Library entry for Monitor Counter, available at http://technet.microsoft.com/en-us/library/ gg440676.aspx. General information on counters can be found in the OIS TechNet Library entry for Counters at http://technet.microsoft.com/en-us/library/gg464906.aspx.
Legacy Objects To ensure backward compatibility with policies authored in previous versions of OIS, 22 Legacy objects have been carried forward into OIS 6.3. So that policies containing these Legacy objects function, the legacy policy engine is also available in OIS version 6.3. Information about the differences between the legacy and pipeline engines is discussed in Chapter 7. Because Legacy objects are disabled by default, they must be enabled before they can be used in a legacy engine policy. Figure 6.39 shows how to enable the Legacy objects in the OIS client configuration options.
6
Because counters are Global Settings, they can be used by any policy at any time. While this might be desired functionality, it has potential to result in undesired counter value modification. To avoid this, the authors strongly recommend that you create and use counters for specific uses, within specific policies. This is not to say that each policy needs its own counter. It means that sets of policies for specific use cases can share counters, while other unrelated sets of policies should use different counters.
188
CHAPTER 6
Foundation Objects
FIGURE 6.39 Show Legacy Objects option in the OIS Client Configuration screen
NOTE:
LEGACY FUNCTIONALITY CONSIDERATIONS
By default, legacy functionality is disabled in OIS 6.3. All new policies default to the usage of the new pipeline policy engine and pipeline-enabled objects. Legacy objects are not compatible with the pipeline engine. Likewise, some Pipeline objects are not compatible with the legacy engine. It is strongly recommended you use the default functionality in OIS 6.3.
Unless you have a specific need to use the legacy engine and the Legacy objects, the authors strongly recommend that legacy functionality remain disabled. Although you might need to use a few of these Legacy objects, many have been replaced by like named objects that work in pipeline mode, and some even have no use case in a modern data center. Table 6.1 lists each of the Legacy objects and provides a comment on alternate usage.
TABLE 6.1 Legacy Object Alternate Usage Legacy Object Name
Alternate Usage
Connect/Disconnect Dial-up
None - No Use Case
Copy File (Legacy)
Copy File (File Management Category)
Create Folder (Legacy)
Create Folder (File Management Category)
Delete File (Legacy)
Delete File (File Management Category)
Filter Email
Use Legacy Object or Custom Solution (Quick Integration Kit)
Filter Exchange Email
Use Legacy Object or Custom Solution (Quick Integration Kit)
Get Dial-up Status
None - No Use Case
Legacy Objects
189
TABLE 6.1 Legacy Object Alternate Usage Legacy Object Name
Alternate Usage
Get File Status (Legacy)
Get File Status (File Management Category)
Manage Text File
Text File Management Category Objects
Monitor Event Log Capacity
Use Custom Solution or Existing Monitoring Solution (System Center Operations Manager)
Monitor File (Legacy)
Monitor File (File Management Category)
Monitor Folder (Legacy)
Monitor Folder (File Management Category)
Monitor Performance
Use Custom Solution or Existing Monitoring Solution (System Center Operations Manager)
Move File (Legacy)
Move File (File Management Category).
Process Email
Use Legacy Object or Custom Solution (Quick Integration Kit)
Process Exchange Email
Use Legacy Object or Custom Solution (Quick Integration Kit)
Read Email
Use Legacy Object or Custom Solution (Quick Integration Kit)
Rename File (Legacy)
Rename File (File Management Category)
Send Popup
Use Custom Solution (Quick Integration Kit with msg.exe)
Wait
Junction (Workflow Control Category)
The following sections discuss some of the objects you might need, in the case where no alternative exists. You cannot use these objects with the pipeline engine. If you need to use these or other Legacy objects, you must keep their usage to their own policy or policies. For these types of use cases, it is possible to trigger a pipeline policy from a legacy policy; this functionality exists to cover a few scenarios where usage of Legacy objects is unavoidable. Although Figure 6.40 shows all the Legacy objects, this chapter only discusses a subset.
The Wait Object Exclusive to the legacy engine, the Wait object was most often used as a workaround object in previous version of OIS. As its functionality has been replaced, the only reason it is discussed here is that many people believe it is something it is not. Its name is what confuses people. When you find this object, you might think that it offers the capability to pause or sleep the policy. Although under certain circumstances, the policy actually pauses while on the Wait object, it is not for a specified period; instead, it is waiting for one or more incoming branches to complete.
6
Ready Exchange Email Use Legacy Object or Custom Solution (Quick Integration Kit)
190
CHAPTER 6
Foundation Objects
FIGURE 6.40 The Legacy objects Because the reason it was used as a workaround object has been remediated in the pipeline engine and the wait for incoming branches to complete functionality has been replaced with the Junction object, there is no need to use this object. Chapter 7 has more information about these two topics; the differences between the legacy and pipeline engines and the Junction object are discussed.
Read, Filter, and Process Email (POP3/SMTP or Exchange) Unless you create your own email monitor or object to read, process, and filter email from a POP3 or Exchange server, you might need to leverage these Legacy objects. This is the one set of objects where using the Legacy objects might be unavoidable. The good news is these objects can be contained in small exclusive policies that call default pipeline policies. Figure 6.41 shows an example of a small legacy policy that contains all three legacy (SMTP) email objects.
FIGURE 6.41 Legacy email objects example policy In the example in Figure 6.41, every 60 seconds (Monitor Date/Time object) the Read Email object reads email from the POP3 Server, the emails are filtered and then processed before triggering a pipeline policy with the necessary email information as published data for the rest of the process. By configuring the policies in this way, legacy policy and legacy engine usage is kept to a minimum, while still leveraging the needed functionality. Here is a brief description of the three Legacy Email category objects from Figure 6.40: . Read Email (POP3 or Exchange)—These objects can be configured to retrieve email from POP3 or Exchange servers. Required configuration includes connection information (POP3 server and credentials or Exchange Profile). Optional configuration includes the capability to save the retrieved email messages and associated attachments (both objects), leave mail on the server (both objects), mark retrieved
Remaining Objects
191
mail as read (Exchange only), retrieve only unread mail (Exchange only), use sender email instead of friendly name (Exchange only), and existing attachment handling (Exchange only). . Filter Email (POP3 or Exchange)—These objects can be configured to filter email retrieved by their respective Read Email objects. You can add criteria to filter email based on these fields: From, To, Cc, Bcc, Subject, Attached File Name, Attached File Contents, and Message Body Text. Multiple filters per object are allowed with up to two conditions for each filter (“and” as well as “or” optional conditions are available). This object allows only email data to pass through as published data when the specified criteria are met. . Process Email (SMTP or Exchange)—These objects can be configured to process email. The available process actions are Reply, Forward, Redirect, and Delete. You can configure the Process Email objects to act on email retrieved by their respective Read Email or Filter Email objects. The Details tab for these objects depends on the selection specified in the Type field on the General tab.
Other Legacy Objects
Remaining Objects Objects not yet categorized in this chapter are found in this section. Because they are in this section does not mean that they are not important. Rather, they are used less frequently than the others are. Figure 6.42 displays each of the remaining 42 objects in the OIS client workspace. This is just to show what each object icon looks like as well as what each of the object’s default object names are. This section following briefly discusses the remaining 42 objects by category. For more information on each of these objects, or any of the objects discussed throughout this chapter, refer to the OIS TechNet Library for Foundation Objects at http://technet. microsoft.com/en-us/library/gg440735.aspx. Nine of the 42 remaining objects are more useful than the rest. Here is the list of these nine, ordered by usefulness where one is most useful: . Monitor Date/Time . Map Published Data . Query XML . Format Date/Time . Compare Values
6
You can avoid the remainder of the Legacy objects, as there are replacements for pipeline engine functionality or there is no longer a use case for them in the modern data center (as explained in Table 6.1). More information on all the Legacy objects (including the ones discussed in this section) is available in the OIS TechNet Library entry for Legacy Objects at http://technet.microsoft.com/en-us/library/gg464910.aspx.
192
CHAPTER 6
Foundation Objects
. Generate Random Text . Get Service Status . Start/Stop Service . End Process
FIGURE 6.42 The Remaining 42 objects Table 6.2 lists each of these 42 objects (including the nine listed previously), their respective category, and usage. Output from each of these objects is automatically published to the OIS Data Bus and is available for parsing and/or usage by the objects that follow.
TABLE 6.2 The Remaining 42 Foundation Objects Category
Object
Usage
System
End Process
Ends specified processes running on specified computers
Purge Event Log
Purges specified event logs on specified computers
Restart System
Restarts specified computers
Save Event Log
Saves specified event logs on specified computers with specified fields
Start/Stop Service Starts, Stops, Pauses, or Restarts specified services on specified computers with specified parameters Scheduling
Check Schedule
Evaluates whether the current time (object execution time) conforms to the specified schedule
Monitor Date/Time Initiates a policy based on specified execution time intervals
Remaining Objects
193
TABLE 6.2 The Remaining 42 Foundation Objects Category
Object
Usage
Monitoring
Get Computer/IP Status
Pings specified computers
Get Disk Space Status
Queries for disk space information on specified computers
Get Internet Application Status
Queries connectivity status for specified URLs
Get Process Status
Queries status for specified process on specified computers
Get Service Status Queries status for specified services on specified computers Pings specified computers at a specified polling interval
Monitor Disk Space
Queries for disk space information on specified computers at a specified polling interval
Monitor Event Log
Queries specified event logs on specified computers with specified field filters at a hardcoded polling interval
Monitor Internet Application
Queries connectivity status for specified URLs at a specified polling interval
Monitor Process
Queries status for specified process on specified computers at a specified polling interval
Monitor Service
Queries status for specified services on specified computers at a specified polling interval
Monitor WMI
Queries specified namespaces with specified WMI queries on specified computers at a hardcoded polling interval
File Compress File Management Decompress File
Compresses specified folders into specified ZIP files Decompresses specified ZIP files into specified folder paths
Monitor Folder
Monitors specified folders for file changes based on specified file filters and trigger conditions
Move File
Moves specified files to new specified folder paths
Move Folder
Moves specified folders to new specified folder paths
PGP Decrypt File
Decrypts specified encrypted files to specified decrypted files in specified destination folder paths
PGP Encrypt File
Encrypts specified decrypted files to specified encrypted files in specified destination folder paths
Print File
Prints specified files to specified printers
Rename File
Renames specified files in specified folders to new specified names with specified criteria
6
Monitor Computer/IP
194
CHAPTER 6
Foundation Objects
TABLE 6.2 The Remaining 42 Foundation Objects Category
Object
Usage
Notification
Send Page
Sends specified messages to specified target (that can accept pages)
Send Syslog Message
Sends specified Syslog messages to specified Syslog servers
Apply XSLT
Transforms specified XML files to specified HTML files based on specified XSLT files
Compare Values
Compares specified string or integer values with other specified string or integer values determining a true/false comparison result
Disconnect Network Path
Disconnects a specified network path previously mapped
Format Date/Time
Modifies formats and transforms (adding or subtracting time) specified date/time stamps to newly formatted specified date/time stamps
Generate Random Text
Creates specified random text values based on specified criteria for length and content
Map Network Path
Maps a specified network path
Map Published Data
Maps existing published data or variable data to new data based on specified rules
Query XML
Queries specified XML input (file or published data string) using XPath
Read Text Log
Reads specified structured text log files using specified line criteria
Write To Database
Writes specified data values to specified database fields in specified database tables
Write Web Page
Creates or updates specified data for specified HTML files
Utilities
Text File Find Text Management
NOTE:
Queries specified text within specified files to find specified lines
PGP ENCRYPT AND DECRYPT THIRD-PARTY DEPENDENCY
To use the PGP Encrypt and PGP Decrypt objects, you need to download and install a third-party open source product, gpg.exe. For more information on gpg.exe, refer to the TechNet Library entry for Install GnuPG at http://technet.microsoft.com/en-us/library/ gg440754.aspx.
Remaining Objects
195
Use Case Examples Foundation objects are only as good as the use cases into which they are built. This section presents ideas on how to use several of the objects you read about throughout this chapter. Figure 6.43 shows an example use case for password reset and service account synchronization.
FIGURE 6.43 Password Reset and Service Account Synchronization use case example Table 6.3 lists the objects used in the example use case in Figure 6.43. This use case is intended for demo purposes on a Windows Server 2003 server in a workgroup.
TABLE 6.3 Figure 6.43 Example Use Case Object Listing Object Name from Category
Category
Usage
Custom Start
Custom Start
Workflow Control
Starting point for policy
Generate Password
Generate Random Text
Utilities
Generate a random string to be used for the new password
Reset Password
Run Program (with Alternate Icon)
System
Execute a “net user” command to reset the password
Load Services Window
Run Program (with Alternate Icon and in Interactive Mode)
System
Interactively open the services.msc application so the user can test service restart
Reset Service Account
Run Program (with Alternate Icon)
System
Execute a “sc” command to reset the service account password
Add Current Pwd to List
Append Line
Text File Append the newly created and estabManagement lished password to a text file
Start/Stop Start/Stop Service Service
System
Restart the service that just had its password synced with the service account password recently reset
Figure 6.44 shows an example use case for ticketing system synchronization.
6
Object Name in Policy
196
CHAPTER 6
Foundation Objects
FIGURE 6.44 Ticket System Synchronization use case example
Table 6.4 lists the objects used in the example use case in Figure 6.44. This use case is intended for an environment with two ticketing systems that need to keep in sync. This example uses objects from the System Center Service Manager IP. For more information on this IP, refer to Chapter 10, “Integration with System Center Service Manager.”
TABLE 6.4 Figure 6.44 Example Use Case Object Listing Object Name in Policy
Object Name from Category
Category
Usage
Get ALL Active Tickets
Get Object
System Center Service Manager
Query for all Tickets in Active Status
Map Published Data
Map Published Data
Utilities
Map fields from the System Center Service Manager object to the fields in the home grown ticketing system
Create Record
Query Database
Utilities
Insert a record into the home grown ticketing system (MS SQL) to keep it in sync with System Center Service Manager
Update Object
Update Object System Center Service Manager
Close the loop on the sync between the home grown ticketing system and System Center Service Manager
Figure 6.45 shows an example use case for File Information Data Storage.
FIGURE 6.45 File Information Data Storage use case example
Table 6.5 lists the objects used in the example use case in Figure 6.45. This use case is intended for an environment where it is necessary to store file information in a Microsoft SQL Server database table.
Use Case Examples
197
TABLE 6.5 Figure 6.45 Example Use Case Object Listing Object Name in Policy
Object Name from Category
Category
Usage
Custom Start
Custom Start
Workflow Control
Starting point for policy
Get File Info Get File Info Insert File Info
File Queries the file system for specific files and Management returns the information to the OIS Data Bus
Query Database Utilities
Insert records into a custom table (MS SQL), which catalogs the file information
Figure 6.46 shows an example use case for Web Services TerraServer Querying.
FIGURE 6.46 Web Service TerraServer Querying use case example
TABLE 6.6 Figure 6.46 Example Use Case Object Listing Object Name in Policy
Object Name from Category
Category Usage
Custom Start
Custom Start (with Parameters)
Workflow Starting point for policy and ad-hoc execution point Control with parameters
Get Lat and Lon from Place
Invoke Web Services
Utilities
Connects to the terraserver-usa.com WSDL to query for latitude and longitude information based on City, State and Country (from Custom Start Object)
Get Lat
Query XML
Utilities
Executes an XPath query: //Lat to retrieve latitude information from the XML Response Payload from the Get Lat and Lon from Place object
Get Lon
Query XML
Utilities
Executes an XPath query: //lon to retrieve longitude information from the XML Response Payload from the Get Lat and Lon from Place object
Send Email
Send Email
Email
Send an email with the information based on the Custom Start parameters and latitude and longitude results
6
Table 6.6 lists the objects used in the example use case in Figure 6.46. This use case is intended for an environment where it is necessary to query the TerraServer for latitude and longitude information and send it via email.
198
CHAPTER 6
Foundation Objects
Figure 6.47 shows an example use case for Windows Event Scan with Query WMI.
FIGURE 6.47 Windows Event Scan with Query WMI use case example
Table 6.7 lists the objects used in the example use case in Figure 6.47. This use case is intended for an environment where it is necessary to query WMI to scan for specific events in the Windows Event Log.
TABLE 6.7 Figure 6.47 Example Use Case Object Listing Object Name in Policy
Object Name from Category
Category
Usage
Custom Start
Custom Start (with Parameters)
Workflow Control
Starting point for policy and ad-hoc execution point with parameters
Format to CIM_Datetime
Format Date/Time
Utilities
Formats the current date/time stamp to the format needed in the Query WMI object (yyyyMMddHHmmss)
Query WMI for Query WMI System Event
System
Executes WMI query: Select ComputerName, EventCode, EventIdentifier from Win32_NTLogEvent Where Logfile = ‘System’ ... The Where clause criteria for EventCode and TimeGenerated comes from the Custom Start and Format to CIM_Datetime objects respectively.
Verify Results
Compare Values Utilities
Checks to see if the output from the Query WMI for System Event is empty
Event(s) Found Link
N/A
Based on the data from the Verify Results object, this link allows data to pass based on the fact that events were found
No Event(s) Found
N/A
Based on the data from the Verify Results object, this link allows data to pass based on the fact that no events were found
Link
Use Case Examples
199
TABLE 6.7 Figure 6.47 Example Use Case Object Listing Object Name in Policy
Object Name from Category
Category
Usage
Log Event Data
Send Platform Event
Notification Creates an OIS Event (seen in the Events tab of the OIS client) with information from the previous objects in the policy only when Event(s) were found
Log Audit of Event Scan
Send Platform Event
Notification Creates an OIS Event (seen in the Events tab of the OIS client) with information from the previous objects in the policy only when Event(s) were not found
Summary When building automated data center processes in OIS, there are many options. Each one of these options likely includes Foundation objects. This category of generic integration actions provides significant flexibility and power to your existing processes. Remember, when the available IP objects are not enough, you can always look to the Foundation objects for an out-of-the-box solution able to fit any task. Many OIS implementations exclusively use Foundation objects.
6
This page intentionally left blank
CHAPTER
7
Implementation and Best Practices
IN THIS CHAPTER . The Policy Engine . Complex Link Logic . Looping . Scheduling . Data Manipulation and Parsing
There are many considerations when building policies for real world implementations. Chapter 5, “Policy Basics,” covered how to create policies; Chapter 6, “Foundation Objects,” discussed how to use the most common Foundation objects. This chapter builds upon those concepts, guiding you to create complex, resilient, realworld policies. Creating real-world policies is different from demonstrations you have seen or testing you have done. The complexity level rises when you want to ensure policies are resilient, dynamic, and well documented. This chapter gives you additional tools to help build the best real-world policies possible. The chapter explores the policy engine, including its rules, as well as complex link logic, looping, scheduling, and data manipulation. The chapter also discusses a number of best practices, taken from years of real-world implementations. Topics include naming conventions for your policies, how to version them, and how to back them up. Finally, you learn how to take advantage of external data stores to make Opalis Integration Server (OIS) the most resilient and versatile tool it can be.
The Policy Engine The policy engine is the term used to describe the policymodule.exe and the mechanics of how policies execute. Understanding how this works helps you author better policies and better predict the outcomes of objects. There are two policy engines: Pipeline and Legacy. Other than to
. Dynamic Everything . Using Error Handling to Harden Your Policies . Securing Policies . Naming Conventions . Versioning, Backup, and Promotion . External Data Persistence
202
CHAPTER 7
Implementation and Best Practices
explain functional differences between these engines, this chapter is only concerned with the Pipeline engine mode. By default, all policies created in OIS are created using the pipeline mode. Do not switch from the pipeline mode engine to the legacy mode engine unless you are certain you understand the full effects of doing so. The authors strongly recommend that you use only pipeline mode when you author policies. The next section discusses what the rules are that govern the behavior of a policy and how to create your policies to make best use of those rules.
Policy Engine Rules To understand how a policy behaves in pipeline mode and to create your policies so they perform the actions you need in exactly the right order, you need to understand the rules governing policy execution. Here are the rules that govern the execution of policies in pipeline mode: 1. Run as often as the object before you. 2. Run once for each item of multi-value Published Data (PD) from the object before you. 3. Link filter execution data. 4. The Junction object limits or truncates the PD stream. 5. Flattened objects do not produce multi-value data. Let’s look at these in detail. Rule 1: Run as Often as the Object Before You The first and most important rule of the policy engine is, “An object will run as often as the object before it ran.” This default behavior lays the foundation for all policy execution. As an example, if you have a Copy File object connected to a Send Email object and the Copy File runs once, the Send Email object will run once. Likewise, if the Copy File object runs 10 times, the Send Email object will also run 10 times as well.
NOTE:
THE EXCEPTIONS TO RULE 1
Rule 1 is universal and is always in effect; although, there are some other rules than can create exceptions to it. For example, a link can filter object executions and the existence of multi-value PD from the source object adds extra executions.
Figure 7.1 illustrates an example of policy where Rule 1 is in effect; because Run Program ran four times, Send Platform Event runs four times as well. The behavior should be obvious in the policy log because you see each object name appear more than once. The gray icons are added to Figure 7.1 to aid in illustrating the effect. When you start a policy, the first object always runs once. The only way to introduce multiple object execution is through the creation of multi-value PD, which is explained in Rule 2. This is why Run Program runs more than Read Line in this example. It makes no difference whether an object refers to the object before it; it runs as often as the previous object. Naturally, this is not always desirable; therefore, let’s look at the next few rules, which can help you manage your policy execution better.
The Policy Engine
203
FIGURE 7.1 Rule 1: Objects run as often the object before them. Rule 2: Run Once for Each Item of Multi-Value PD from the Object Before You The first exception to Rule 1 is that an object runs as often as the object before it, unless that object produced multi-value PD. If this is the case, the object runs once for each value of PD produced by the object before it. This rule governs the effects of Monitor and Get objects because both these objects can produce multi-value PD if they encounter multiple targets. Consider a Monitor File object that is monitoring for new files that match the name *.*. If someone copies five files to the monitored location, at the same time, the Monitor File object has five values for all of its PD (one set for each file), and so the next object in the policy must contend with the five items, not a single execution.
Figure 7.2 shows the example from Rule 1, except that it now visualizes the multi-value PD output for the Read Line object. Note that all these additions are illustrative and not part of the OIS Client view.
FIGURE 7.2 Rule 2: Run once for each multi-value item in the object before you.
7
Likewise, a Read Line object gets any lines in a text file that you specify. If you configure Read Line to get the contents of the entire file, you might have multi-value PD. Again, the next object in the policy executes once for each line read, not simply once for the Read Line object.
204
CHAPTER 7
Implementation and Best Practices
If you have multi-value PD produced by an object you can see that in the logs, as the object following the object introducing the multi-value PD appears several times. You can also use the logs to find more about the individual data items (assuming you have enabled logging for Object-Specific Common data) by looking into the Details dialog for the object that produced them. There you see all the execution data; if more than one instance occurred, the extra instances are appended with (2), (3), (4) and so on. You can see this in Figure 7.2 in the Details dialog. Managing multi-value data is covered in more detail in the “Multi-Value Data Handling” section of this chapter. Rule 3: Links Filter Execution Data Rule 3 is an exception to both Rules 1 and 2. Links are designed to filter execution data and only permit items that satisfy their filters to cross the link. This means that if a link filters all the execution data from its source object, the target object does not trigger at all. You might have already seen this happen when a link is in its default configuration and the source object fails. Because the default link only allows success items to pass, the target object does not receive any data or indication that it should trigger. Links can be setup to filter specific items from the PD of the source object to limit the data being allowed to pass beyond the link; they do not need to be limited to success, warning, or failure. Review Figure 7.3 for an example of this configuration. In this example, the link between Read Line and Run Program has been configured to permit only data items to proceed if the Line Text of the item contains the letter “e.” Based on the results of the Read Line in the example shown in Figure 7.3, only Line 2 “two” and Line 4 “four” have met the criteria and only those two are allowed to pass. Because of this, Run Program runs twice and not four times.
FIGURE 7.3 Rule 3: Links filter execution data. The example in this section is a relatively simple link configuration; there is more information on working with links in the “Complex Link Logic” section of this chapter. Rule 4: The Junction Object Will Limit or Truncate the PD Stream The fact that the policy engine always runs objects as often as the ones before them sometimes causes unwanted executions. Imagine you have a policy that copies a dozen files
The Policy Engine
205
and you want to report success via an email when the policy completes. If you use the email object in the same policy, by default you would send a dozen emails. This is hardly optimal! You might try limiting execution with links, but this only works on the data passed directly into the link and you would need to restrict the output to a single execution, which is difficult if you do not know anything about the triggering data. Rather, consider using the Junction object. The Junction object can join two branched execution streams and allow only one branch to pass forward. It can also truncate all the PD before the Junction object. The “Junction Object” section of this chapter provides additional information on working with links. If the Junction object is used in a single policy branch, it is used to truncate PD and restrict execution. By choosing to republish data from , the Junction object can stop unwanted executions from occurring after it.
CAUTION: PD TRUNCATED BY THE JUNCTION OBJECT CANNOT BE RECOVERED Use the Junction object with great care if you choose to republish data from because all the data in the bus is truncated and lost. It cannot be recovered by the policy. This might be counterproductive if you want to send an email about the situation in a policy but the Junction object has truncated the details you need. If you find yourself in this situation, consider persisting your data externally or using the flatten function. The “External Data Persistence” section covers storing data externally.
FIGURE 7.4 Rule 4: The Junction Object limits or truncates the PD stream.
Rule 5: Flattened Objects Do Not Produce Multi-Value Data There is one final rule you can use to alter a policy’s behavior. Rule 5 states that objects that flatten their output do not produce multi-value PD. As a result, flattened data does
7
Figure 7.4 shows the effect of the Junction object in the policy being used as an example. The Send Platform Event runs only once, but it cannot use any of the data before the Junction when it executes.
206
CHAPTER 7
Implementation and Best Practices
not cause the next object to run an additional time (although it might still run more than once if the object that produced flattened data also runs more than once). The flatten option is available on all objects but only takes effect if multi-value PD is present. In many situations the flatten option is a better approach than using a Junction object. Flattening does not add additional executions to later objects and it preserves the data in the PD stream. The PD might need to be “inflated” again before its use by adding it to an array, but this is a much simpler method than using a persistent data storage technique. For additional information on flattening, see the “Flattening Multi-Value Data” section of this chapter. Figure 7.5 shows the same policy example where the Read Line object has flattened its output. As a result, the Run Program object and the Send Platform Event only run once.
FIGURE 7.5 Rule 5: Flattened Objects do not produce multi-value data.
Multi-Value Data Handling When an object produces multi-value data, the policy engine automatically triggers later objects once for each item of PD. If you read five lines of text from a text file and want to pass each of those lines to a SQL Insert statement, you just need to subscribe to the PD from the Read Line object from within the Select statement in the Query Database object. By default the Query Database object runs five times, but unless it contains the PD from the Read Line object, you end up performing the same SQL action five times—rather than five unique actions. The OIS policy engine automatically aligns multi-value data from various objects so that you can correlate information. Imagine you have a Read Line object reading a list of server names followed by a Get Computer/IP Status object that pings these servers and then a Send Platform Event that logs the results. If you have the Send Platform Event subscribe to the Read Line’s Line Text to use in its Summary field and then subscribe to the Get Computer/IP Status’ Percentage of Packets Received to use in its Details field, the resulting output is still correctly correlated (even though the final event is drawing data from two separate objects). Every event would have a Summary that contained the server name and a Description that is the percentage of ping packets received for the server in the Summary field.
The Policy Engine
207
If you subscribe to multi-value PD from two objects and one of the objects produces an empty data set, the target object data still correlates correctly. If an object is subscribing to two PD arrays and one is empty, the object contains the known PD joined with a blank “slot” of placeholder data. Imagine a policy where an object is taking PD from two other objects in this form: ,,text. Assume when the policy executes that Object1’s PD produces multi-value data as an array that contains 10 items, and Object2’s PD produces multi-value data as an array where only three items have value. The target object has the three items aligned with their corresponding values in the list of 10; the other seven (7) slots will use blank placeholders to keep the correlation correct. Table 7.1 shows a visualization of the arrays in this example.
TABLE 7.1 An Example of Two PD Arrays Being Correlated Object1 PD
Object2 PD
Target Object
New York
67
New York,67,text
Boston Miami
Boston, , text 34
Miami,34, text
Detroit
Detroit, , text
Nashville
Nashville, , text
Dallas
Dallas, , text
Phoenix
Phoenix, , text
Fresno
121
Frenso,121, text Eugene, , text
Seattle
Seattle, , text
Flattening Multi-Value Data Every object has the capability to flatten its output. This is a global option although most objects do not have the capability to produce multi-value data, making the option unnecessary for many objects. To configure the flatten option, open an object’s Properties window and choose the Run Behavior tab, then check the Flatten check box. You can then select what kind of delimiter you want to use. The delimiter options are . Separate with line breaks—Each value appears on its own line. . Separate with:—You can specify any character or string of characters to use as a delimiter. . Use CSV format—Used a comma as a delimiter between values. The delimiter option you choose should be one that is both easy for you to parse and one that should not be encountered in the data that is passed through the object. Figure 7.6
7
Eugene
208
CHAPTER 7
Implementation and Best Practices
shows the flatten options within the object’s properties window. In many cases, you might find it a good practice to use an unusual string as your delimiter such as ##DELIM##.
FIGURE 7.6 The Flatten options in the object properties window
TIP:
USE THE .NET SCRIPT OBJECT TO TRANSFORM FLATTENED DATA
Although there is no Foundation object that automatically takes flattened data and returns it into an array, you can use the .Net Script object to perform this action. Returning flattened data into an array is generally faster to configure than storing your data outside of OIS in an external data persistence model.
The Junction Object The Junction object is a highly specialized object. It serves two primary purposes: . To allow two or more branches of a policy to join . To decide which branch of the policy is allowed to republish its data If the Junction is used to join two or more branches of a policy, the execution of the Junction waits until all the branches that are connected to it complete. If one or more paths of a policy arrive at the Junction but one stops before reaching the Junction, the Junction continues if the republished data branch is one of those that arrived. If the branch that is to be republished fails to reach the Junction, the Junction object does not proceed. If you choose to republish data from , all the information in the PD bus is truncated and lost. If you do not persist the data outside of OIS, you are not be able to recover the published data.
The Policy Engine
209
Figure 7.7 shows the Junction object and the Republish data from branch selector.
FIGURE 7.7 The Junction object and its options
Pipeline Mode, Legacy Mode, and the Multiplication Effect There are two policy engine modes: pipeline and legacy.
Legacy mode also allows you to create a loop within a policy, which is not permitted in pipeline mode. Pipeline mode, on the other hand, allows you to loop a single object while legacy mode does not. The single largest challenge to using legacy mode was the Multiplication Effect. This effect occurs in a policy when more than three objects subscribe to a single PD source that produces multi-value data (not simply one that executes multiple times). The resulting execution is quite strange. The first two objects that subscribe to the PD behave normally (executing once for each multi-value data item); the next two objects execute the number
7
Legacy mode was the only mode available until OIS 5.7 introduced the pipeline mode. Although legacy had worked well for many customers, it did expose some behaviors that customers found unpredictable. The engine rules mentioned at the beginning of this chapter (see the “Policy Engine Rules” section) are exclusive to pipeline mode; the legacy mode runs on a different set of rules. A main difference is that an object in legacy mode with only execute more than once if it subscribes to PD from an earlier object, and multivalue PD is present. This tremendous difference leads to different policy construction and means that different objects are needed to control execution.
210
CHAPTER 7
Implementation and Best Practices
of multi-value data items squared. The third set of two objects that subscribe to the PD execute the number of multi-value data items cubed and so on. The exponential factor increases once for every pair of objects (not every object); in mathematics, this is called a ceiling function. This adds understandable confusion to legacy mode policies. Consider the following two examples for clarification: . Imagine a policy with six objects. The first object produces three multi-value data items. All the other six objects refer to this PD. Objects 2 and 3 behave normally (they execute three times). Objects 4 and 5 then execute nine times (3 squared). Object 6 executes 27 times (3 cubed). . Now imagine a policy with seven objects. The first object produces four multi-value data items. All six of the other objects refer to this PD. Objects 2 and 3 behave normally (they execute four times). Objects 4 and 5 then execute 16 times (4 squared). Objects 6 and 7 execute 64 times (4 cubed). If there were an eight object that subscribed to this PD, it would execute 256 times! The effect is presumed to exist on the first two objects that only have a single subinstance; however, because any number one raised to the first power is the same number, no effect is observable. You can observe this effect anytime there are more than two objects that refer to a single object’s multi-value PD in legacy mode. Clearly, the multiplication effect is quite unwanted and can be dangerous. You can mitigate it by using the Wait object, which like the Junction object removes unwanted executions. However, the Wait object does not truncate the PD fully; it just restricts it to a single stream. (The Wait object also waits for two or more branches to complete.) The information provided here about the legacy mode is for reference only and is included as a caution against using it by showing the potential pitfalls. Figure 7.8 shows the same policy constructed in pipeline mode and in legacy mode.
FIGURE 7.8 The same policy built in pipeline and in legacy mode
Complex Link Logic Chapter 5 discussed that links are special objects used to filter data. However, they often are not used as well as they could be. By default, links are simply Success Only links; you should change their filtering conditions to make them meaningful. To take full advantage
Complex Link Logic
211
of links, be sure to use the PD items from the previous object, not simply the object’s status. You should also try to use multiple link conditions to govern the link’s behavior whenever possible. Chapter 5 also covered the four data types (String, Date, Number, and Boolean values). The data type of the PD item dictates what link conditions are available for the item. You will want to take advantage of this functionality within links to maximize the flexibility of your links and give yourself the best possible control. If an object has more than one link attached to it, the execution of the source object is tested against every link linked to it. Each link is evaluated independently against the execution; they have no bearing or impact upon one another. If an object is the source for 10 links, it is possible all 10 links are satisfied, and you then have 10 parallel branches within the policy. Likewise, if the source object produces multi-value data, every item of the multi-value data must be tested against every link. If the object is the source for 10 links and produces seven items of multi-value data, it is possible that four items might pass through the first link, all seven pass through the second, one item passes through the third, and all the others fail. Policies can become complex when large numbers of links exist, and they are evaluating multi-value data. Create them carefully and test them thoroughly. You might find another valuable use for links is to sort data and route it to its proper destination. Figure 7.9 shows what a policy would look like if it were acting as a routing mechanism. The policy does not actually perform any work; it contains a series of Trigger Policy objects that will take PD from the Custom Start and pass it into the appropriate policy or stage of a process. This is a common use for links in production.
7
FIGURE 7.9 A policy using complex links to sort data traffic
212
CHAPTER 7
Implementation and Best Practices
Looping You might find that it is desirable to create a loop in your policy if you are expecting a specific condition but you are not sure exactly when that condition will happen. You can create a loop on any object and then loop until the object’s PD returns a specific value or condition.
Object-Level Looping Every object that is not a monitor has the ability to loop (monitors have looping already built into them). To setup looping for an object, highlight the object, right-click, and then select Looping. This opens the Looping Properties Window. To enable Looping, check the Enable box in the General tab. Then specify the number of seconds you want the object to wait between loop attempts. Figure 7.10 shows a Read Line object with several Exit conditions enabled and the Looping Properties window.
FIGURE 7.10 The Looping Properties window
Exit The Exit tab contains the condition(s) that cause the loop to exit. By default, there is one condition that specifies when the object completes successfully the loop will exit. This is done for your protection, in case you forget to specify an exit condition. Exit condition can use any item from the object’s PD in the same way a link can. Every condition you add to the Exit list is added as an OR function. If any of the exit conditions
Looping
213
are met, the object exits (unless a Do Not Exit condition is met). Table 7.2 provides a list of the looping specific items within the common published data.
TABLE 7.2 Common Published Data Related to Looping Name
Description
Loop: Delay between attempts
The number of seconds between loop attempts
Loop: Enabled
Whether looping is enabled for the object
Loop: Loop error message
Error message displayed if looping fails
Loop: Number of attempts
The total number of loop iterations completed
Loop: Total duration
The total time the object has looped in seconds
Do Not Exit The Do Not Exit tab contains the condition(s) that prevents the loop from exiting. There are no conditions in this tab by default. If you use Do Not Exit conditions, be careful you do not create a situation where the object cannot exit the loop—as the Do Not Exit conditions supersede any of the Exit conditions. If any Do Not Exit condition is met, the object does not exit the loop regardless of how many Exit conditions are met. Every condition you add to the Do Not Exit list is an OR function. It is recommended that should you create a Do Not Exit condition, you only do so with items of data that change state, and that you pair the condition with an Exit condition based on number of loops or total duration.
7
NOTE:
PUBLISHED DATA CREATION DURING LOOPING
When looping is used, only the Published Data set created when the Exit condition is met is published to the link and subsequent objects. Any published data from the loops where the exit conditions were not met are discarded.
Policy-Level Looping Pipeline mode does not support looping within a policy. Although it is permitted in legacy mode, given the numerous issues with legacy mode, the value of an in-policy loop is generally not considered worth the risks. If you are running in pipeline mode and need to loop within a policy, you need to use the Trigger policy object to restart the policy. The Trigger Policy object can have a loop applied to it, like any other object. This allows you to control when the policy is restarted. If you use this method, do so with great caution so you do not accidentally create an endless loop.
214
CHAPTER 7
Implementation and Best Practices
Scheduling Chapter 5 described how to create schedules but did not discuss how to best use them. Schedules are created to define a certain range of times that can be used by policies. You can configure days of the week, days of the month, and specific hours in a schedule. You can also create exception days that take precedence over the rest of the schedule. Label your schedules as descriptively as possible.
NOTE:
THE SCHEDULING FUNCTIONS ARE LIMITED
The scheduling within OIS is somewhat limited. As an example, you can only have one schedule active at a time and cannot set the schedule window with any granularity finer than one hour. You also cannot import a calendar from another source; if you wanted to import all of the year’s public holidays from Outlook, there is no automatic way to do so—you would need to add them manually.
The Check Schedule Object You find the Check Schedule Object in the Scheduling palette of the Objects window. This object can be used within a policy to test whether the policy is currently within the timeframe defined by the schedule. The object’s only PD is Conforms to Schedule, which returns True/False. Ideally, this object is used within a policy to determine whether the policy is within a maintenance window (say to reboot a server). If this object is configured to loop and then recheck again in 5 minutes, the policy can wait until it has reached a safe time (as defined by the schedule) to take the corrective action.
Applying Schedules to a Policy Policies can be governed by schedules; however, many policy authors have trouble discovering how to do so. A schedule is applied to a policy in the policy’s Properties window in the General tab. Figure 7.11 shows a policy configured for the Weekdays schedule. To select a schedule, click the ellipsis to the right of the Schedule field and select the desired schedule. As there is no visual indication within the Workspace window that a policy is using a schedule, you must manually check the policy properties. Think of the schedule as an overlay that is only visible in the Properties window. Schedules and Ad Hoc Policies If you attempt to start an Ad Hoc policy that is using a schedule and is not currently within the scheduling window, the policy does not start. You can see an indication of this in the Events window. The event appears as a Warning Event. The Summary reads “Policy stopped: denied by schedule,” and the Details of the event read “Policy ‘<policyname>’ stopped: policy schedule does not permit the policy to run at this time.” There is no
Scheduling
215
FIGURE 7.11 A policy configured to use the Weekdays schedule evidence in the Log History window that the policy ever started or was even attempted. Figure 7.12 shows an example of an OIS Event with a warning about an Ad Hoc policy stopped by a schedule.
7
FIGURE 7.12 An Ad Hoc policy stopped by a schedule If you start an Ad Hoc policy outside of its schedule, it terminates. It is not placed into the policy queue and does not run later during the schedule. The request to start the policy is denied and logged in the Events window, but no other action is taken. If this policy was triggered by another policy, the triggered event is lost. For this reason, it makes more sense to use the Check Schedule object with a loop within an Ad Hoc policy rather than applying a schedule to the entire policy.
216
CHAPTER 7
Implementation and Best Practices
Schedules and Monitor Policies If you attempt to start a Monitor policy that is using a schedule and are not currently within the scheduling window, the policy starts; however, the policy is not able to trigger until it is in the scheduled window. A policymodule.exe loads into memory and the policy tab icon displays the green start icon; however, you do not see the policy in the Log window before the schedule begins. You can also see an indication that the policy is suspended in the Events window. The event appears as a Warning Event. The Summary reads “Policy suspended: denied by schedule,” and the Details of the event read “Policy ‘<policyname>’ suspended: policy schedule does not permit the policy to run at this time.” Figure 7.13 shows an example of a Monitor policy stopped by a schedule.
FIGURE 7.13 A Monitor policy stopped by a schedule If you start a monitor policy outside of its schedule, you can think of the policy as queued waiting to execute. However, because the policy is loaded into memory, it will count against the Action Server Policy Throttle count.
Data Manipulation and Parsing As you are dealing with different integration targets, each with different methods for data storage, presentation, and access, you run into situations where data manipulation and parsing is necessary. This is where experience with coding and scripting can come in handy, although it is not required. There are several different methods to manipulate and parse data within OIS. Here are the three most popular methods (in order by popularity): . Use the built-in OIS Data Manipulation functions to perform in-line data manipulation and parsing. . Use the Query Database Foundation object to perform SQL-based data manipulation and parsing.
Data Manipulation and Parsing
217
. Use the Run .Net Script Foundation object to perform .Net or PowerShell based data manipulation and parsing. The next sections discuss these three methods, including examples of usage and a realworld parsing example leveraging the Query Database Foundation object.
OIS Data Manipulation Functions OIS offers 15 built-in data manipulation functions, ready to be used in-line, in any of the available white space within the OIS client form fields. Each of these functions follows the same syntax rules. Here is an example of this syntax: [Function(‘Parameter 1’,’Parameter 2’,’Parameter N’)]
Essentially, an OIS data manipulation function consists of a series of parameters, enclosed by single quotes, separated by commas. These parameters are enclosed by parentheses, which is preceded by a named function. Finally, the entire string is enclosed by square brackets. Table 7.3 lists each of the available OIS data manipulation functions in order of popularity.
TABLE 7.3 OIS Data Manipulation Functions Function Description
Usage Example
String function used to return specific text from a [Field(‘Field1;Field2;FieldN’,’;’,2 delimited list (This is what is usually referred to as a )] Split function.) Returns ‘Field2’
Sum
Arithmetic function used to return the sum a set of numbers (can also be used to promote an number with a string format to integer format)
[Sum(1,10,100,1000)] Returns 1111
Mid
String function used to return specific subset text from a superset string of text
[Mid(‘Return subset from this string’,8,6)] Returns ‘subset’
Instr
String function used to return the position of the first occurrence of specific text from a superset string of text
[Instr(‘Find me’,‘me’)] Returns 6
Len
String function used to return the length of specific text
[Len(‘four’)] Returns 4
Upper
String function used to return text after it is converted to UPPER CASE
[Upper(‘upper me’)] Returns ‘UPPER ME’
Lower
String function used to return text after it is converted lower case
[Lower(‘LOWER ME’)] Returns ‘lower me’
Trim
String function used to return text after removing leading and trailing spaces
[Trim(‘Trim me’)] Returns ’Trim me’
7
Field
218
CHAPTER 7
Implementation and Best Practices
TABLE 7.3 OIS Data Manipulation Functions Function Description
Usage Example
RTrim
String function used to return text after removing trailing spaces
[RTrim(‘Trim right’)] Returns ‘Trim right’
LTrim
String function used to return text after removing leading spaces
[LTrim(‘Trim left’)] Returns ‘Trim left’
Left
String function used to return text of specified length from the left side of a superset string of text
[Left(‘Left to Right’,4)] Returns ‘Left’
Right
String function used to return text of specified [Right(‘Left to Right’,5)] length from the right side of a superset string of text Returns ‘Right’
Diff
Arithmetic function used to return the difference of two numbers
[Diff(100.23,95.65,2)] Returns 4.58
Div
Arithmetic function used to return the quotient of two numbers
[Div(22,7,2)] Returns 3.14
Mult
Arithmetic function used to return the product of a set of numbers
[Mult(8,16,32)] Returns 4096
NOTE:
NESTING DATA MANIPULATION FUNCTIONS
Nesting the data manipulation functions is allowed. Take care of how many levels of nesting you configure, as the syntax can get quite complex, increasing the error potential. The slightest syntax error results in an unexpected parsing result. That said, nesting could come in handy when you need to parse a string with mixed delimiters. For example, this syntax: [Field(Field(Field(‘Parse the;TEXT#MSG:out of this;string’,’;’,2),‘:’,1),‘#’,1)] returns ‘TEXT’. You can mix and match the nested functions as well. For example, this syntax: [Field(Field(Lower(‘LOWER, AND—EXTRACT, THE FIRST AND’),’,’,2),‘—’,1)] returns ‘and’.
The best way to test the data manipulation functions is using a Send Platform Event in the Policy Testing Console. Figure 7.14 shows a Send Platform Event with each of the previous usage examples (refer to Table 7.3) alongside the Run Time Properties window of the Policy Testing Console for this example object. You can see how the data manipulation functions are translated into the expected return values for each function.
TIP:
PUBLISHED DATA AND VARIABLES ALSO WORK
Each of the examples in Table 7.3 and Figure 7.14 showed static text being manipulated and parsed. This was only as an example. The use of Published Data and Variable data is not only permitted, it is encouraged. The power of these data manipulation functions is only leveraged if you are manipulating and parsing data coming from the OIS Data Bus or variable global setting store.
Data Manipulation and Parsing
219
FIGURE 7.14 OIS data manipulation function examples with results
Parsing with the Query Database Object If the 15 available data manipulation functions are sufficient, or if you want to use a coding/scripting language that you are familiar with, you can use SQL to do some or all of your parsing. The Query Database object enables you to perform table and stored procedure level SQL execution, as well as general SQL syntax execution without the dependency on a specific table. All that is necessary is an active connection to a SQL Server, and you can parse and manipulate data from the OIS Data Bus using SQL. Figure 7.15 shows an example of this usage as executed in the Policy Testing Console and displayed in the log details for the Query Database object. Chapter 6 includes information on general Query Database object usage.
7
TIP:
ADDITIONAL INFORMATION ON DATA MANIPULATION AND PARSING
For blog and video tutorials on Data Manipulation and Parsing, refer to Charles Joy’s TechNet blog posts: .“Invoke Web Services Object – Workaround for “Unexpected” XML Output,” available at http://blogs.technet.com/b/charlesjoy/archive/2010/12/17/invoke-web-servicesobject-workaround-for-unexpected-xml-output.aspx .“8 Minute Demo – Data Manipulation Functions within OIS,” available at http://blogs. technet.com/b/charlesjoy/archive/2011/04/06/8-minute-demo-data-manipulationfunctions-within-ois.aspx
Parsing with the Run .Net Script Object If SQL is not your forte, perhaps one of the scripting options enabled by the Run .Net Script object will assist you with some or all of your parsing. The Run .Net Script object enables you to parse and manipulate data from the OIS Data Bus using a number of script options (C#, PowerShell, JScript, and VB.NET). Figure 7.16 shows an example of this usage as executed in the Policy Testing Console and displayed in the log details for the Run .Net Script object. This example uses C# as the scripting language.
220
CHAPTER 7
Implementation and Best Practices
FIGURE 7.15 Example log details from a Query Database Object used to parse text
FIGURE 7.16 Example log details from a Run .Net Script object used to parse text
Dynamic Everything
221
Refer to Chapter 6 for information on general Run .Net Script object usage. For a real world example of this type of Run .Net Script object usage, see Charles Joy’s TechNet Blog Post for “8 Minute Demo - .NET Scripting Object – C#” at http://blogs.technet.com/b/ charlesjoy/archive/2010/07/14/8-minute-demo-net-scripting-object-c.aspx.
Dynamic Everything Unless you are testing, there is no reason to hardcode anything. You will notice significant gains in ease of maintenance the more dynamic your production policies and the field configurations within their objects. Perhaps the best way to explain why you should make everything dynamic is to provide an example. Figure 7.17 shows a sample policy where six Query Database objects are linked together performing a database-centric process. Each of the objects has the same exact configuration on the Connection tab. The process itself is not important for this example; it is just important that there are a number of like configured objects.
7
FIGURE 7.17 Example policy with hardcoded object fields Imagine you have many policies just like this, all with hardcoded configuration values. What happens when the SQL Server, Initial Catalog, User Name, or Password field values need to change? You will then have to make manual changes in every object for every field that needs to change! There is a better way. Figure 7.18 shows the same policy, but this time all the hardcoded values are replaced with Variable subscriptions. By using Variables instead of hardcoded
222
CHAPTER 7
Implementation and Best Practices
values, you now have the ability to change the Variable value once, thus automatically updating all fields subscribing to that Variable.
FIGURE 7.18 Example policy with dynamic object fields Variables are just one method for making everything dynamic. Any field you see as hardcoded text might be an opportunity to make that field dynamic. You can leverage Variable or Published Data subscriptions. In essence, the more “blue” text you see in your objects, the more dynamic they are. For more information on creation and usage of Variables, as well as how to leverage some dynamic “Special Variables” (NOW() and %ENVVAR%), refer to Chapter 5 as well as the OIS TechNet Library entry for Using Variables available at http://technet.microsoft.com/ en-us/library/gg440631.aspx.
Using Error Handling to Harden Your Policies Particularly in production, policies should have some amount of error handling built in. Error handling improves policy execution efficiency, accuracy, and overall ease of maintenance. Without error handling, your policies are susceptible to failure without your knowledge, without proper log information for triage, and without alternate execution options. By using error handling, you can build polices that alert upon failure, capture the necessary information for triage, and potentially include built-in retry and workaround execution. Figure 7.19 shows a policy that triggers other policies to perform subroutine triage actions without error handling. Although it looks simple, there is no indication whether the policy execution reaches the second, third, or fourth objects. There is no indication of
Using Error Handling to Harden Your Policies
223
what happens if something fails within the subpolicies. There is no indication of any logging or capability to retry. Overall, this policy is not production ready.
FIGURE 7.19 Parent policy with no error handling between trigger policy objects
Alternatively, Figure 7.20 shows this policy after adding error handling. The policy looks a bit more complicated, but it contains clear indications on what happens if any part of the policy experiences failure. There is even an indication for success at each step, allowing for an additional object at the end, which triggers a success notification. You could not predict or ensure such functionality in the example shown in Figure 7.19.
7
FIGURE 7.20 Parent policy with error handling between trigger policy objects
Each of the failure Trigger Policy objects (DNS Failure, Ping Failure, and RDP Port Failure) initiates a sub-policy designed to take the input from each trigger and perform specific error handling processes. These triggered error handling processes could include one or more of the following actions: . Send a failure email, text message, or page. . Create an incident in a service management tool. . Log all the failure details to a file, database, or other tool. . Attempt a retry of the failed action. . Query a problem management tool for and attempt a workaround. Error handling does not have to happen only between Child policy executions within a Parent policy. You want to implement error handling within Child policies as well. Figure 7.21 shows a real world example of a Connectivity Triage policy with error handling enabled.
224
CHAPTER 7
Implementation and Best Practices
FIGURE 7.21 Child policy with error handling at important object executions As Figure 7.21 shows, not every object needs a separate thread for error handling. As it is, a policy looks more complicated as you add more objects, particularly objects specific to error handling. Alternatively, you could enable object-level error handling. This functionality is built-in within OIS and referred to as Self-Monitoring. For more information about OIS Self-Monitoring, refer to Chapter 2, “Inside Opalis Integration Server 6.3.” Here are several rules you can use to ensure the hardening of your policies: . No Success Only Links—By default, every link is configured with Success as the only filter criteria. This means that unless the object before the link is successful, policy execution stops. It is important you know the execution plan for all your policies. Be sure all potential outcomes are known and have a path. This might initially seem a daunting task, but as you continue to harden your policies, more potential paths are found and handled. . Traverse Every Link—To ensure that you leave no link unturned, you should plan to traverse every possible path within all your policies. This task takes up the most time during an OIS implementation. However, the more time you spend testing all possible paths, the less time you spend trying to figure out why something failed. . Log As Needed—Due to its overhead, it is not realistic to leave verbose logging on at all times in production. It is an important tool during development, test, and even at times during emergency triage in production. You can enable logs at the policy level and at the process/application level. For more information on logging, refer to Appendix A, “Support and Troubleshooting.” . Perform Pre-Flight Whenever Possible—Though it might not always feasible or available, performing pre-flight checks on remote machines or applications can save you and your policies a lot of idle time. Without timeout enabled pre-flight checks against systems that have no built-in timeout mechanism, your policy could sit idly by, infinitely.
Securing Policies
225
. Create Error Handling Policies—Although you can implement error handling at an object level (Figure 7.21), more often than not you are able to create a set of error handling policies that can be triggered as needed throughout policy execution (Figure 7.20). By implementing error handling within and between your policies, you are not only hardening them, you are making them more dynamic. Making everything dynamic plus including error handling should be the top two goals for every production OIS implementation.
Securing Policies OIS enables you to assign access rights and permissions to Policies, Computer Groups, Action Servers, Counters, Variables, and Schedules using Windows Access Control Entries (ACE). You can set permissions for any Active Directory user in your environment. Table 7.4 lists the permissions that are available and the meaning of those permissions. Not all permissions are valid for all objects.
TABLE 7.4 OIS Security Permissions Explanation
Full Control
Allows full control of all permissions
Read Properties
Allows the user to read the configuration properties of an item
Write Properties
Allows the user to write to and update the configuration properties of an item
List Contents
Allows the user to list the contents of a folder
Delete
Allows the user to delete an item
Modify Permissions Allows the user to modify the security permissions of an item Publish
Allows the user to Start a Policy
Undo Check Out Override
Allows a user to override another user’s policy that is checked out so they can take control of it
Create All Child Objects
Allows the user to create child folders or policies
Delete All Child Objects
Allows the user to delete child folders or policies
Create Policy
Allows the user to create a new policy
Delete Policy
Allows the user to delete a policy
Create Folder
Allows the user to create a new folder
Delete Folder
Allows the user to delete a folder
7
Permission
226
CHAPTER 7
Implementation and Best Practices
To configure the security on a folder, right-click that folder, and then select Permissions... to open the ACE permissions window. To configure the security on any policy, select the policy tab, right-click, then select Permissions. This opens the ACE permissions window. Figure 7.22 shows the ACE permissions window for a folder (which looks similar to when you are securing objects throughout Windows).
FIGURE 7.22 The ACE window for a folder
TIP:
LOGICAL FOLDER ORGANIZATION CAN SIMPLIFY SECURITY
Many customers structure their folders by functional area to simplify implementation of security within OIS.
Naming Conventions The OIS Client structures folders and policies alphanumerically. You can take advantage of this by naming your policies and folders according to a standard naming convention. Generally, you create separate folders for each functional group that uses the OIS Client to author policies, and then use some standardized structure within the functional folders. Figure 7.23 shows an example of a standardized policy folder structure. The following list suggests a number of standardized naming conventions that you might find helpful when you implement: . Number and Name Folders (4.0—Weekly SQL Checks). . Number and Name Policies (4.0.1—Check SQL log size).
Versioning, Backup, and Promotion
227
FIGURE 7.23 A standardized policy folder structure . Name policies in a consistent manner—Consider a convention similar to that shown in the previous bullets (for example, - ). . Use the policy description field to document the function of the policy. . Name every object uniquely and descriptively. . Use the object description field to document the function of the object. . Color code all links consistently (red for failure, green for success, and so on) and label them descriptively.
. Enable Link labels. Using the conventions in this section or your own variations on them simplifies your logging and debugging and allows easier training of new authors or testers in your environment.
Versioning, Backup, and Promotion Versioning and backup are necessary in OIS. OIS does not have an automatic backup, rollback, or built-in versioning process. For this reason, it is important you either use your existing versioning and backup process or create one that fits with your OIS deployment. Each version and backup should go through a change management process. This change management process is part of the policy promotion process, as policies move from development through test to production. Whether this is a change management process you have already established or one that you have yet to create, no changes to the production OIS deployment should occur without an approved change request.
7
. Use the link description field to document the function of the link.
228
CHAPTER 7
Implementation and Best Practices
Versioning Versioning in OIS is two-fold: . It is strongly recommended to version your policies (at the policy tab level). . The sets or groups of policies you create should be versioned and treated as managed code. This should occur after sound versioning practices have been established. Logical groupings of polices should be exported to the available OIS_EXPORT file type (semi-formatted eXtensible Markup Language [XML]). You can then treat these files as managed code as well, taking on a version and date/time stamp as prescribed by your process. It might be useful to export some policies individually; it depends on the use case for the policy and the reason for versioning that policy. The primary reasons to version any policy or group of policies is because they need to be revised or were just successfully tested and implemented (to ensure a copy of steady state is stored). Having before and after versions of a policy ensures you can manually rollback if necessary. Following the naming conventions discussed in the “Naming Conventions” section, policies should be named in a consistent manner. Consider a convention such as - . Figure 7.24 shows this naming convention for a policy in the OIS client.
FIGURE 7.24 Policy with recommended versioning in name As you continue creating policies with different numbers, names, and version, this naming convention ensures you do not overwrite a policy during import from one system to the next or even within the same system. As an example, if an earlier version of this policy was imported (that existed in the same folder) because it has a name such as “3.08.01 - Prioritize Incident per CTC - v3.0,” it imports as a different tab within the same folder. You are not prompted to overwrite the existing policy.
Versioning, Backup, and Promotion
229
Versioning also allows you to track each policy or group of policies as configuration items (CIs) within a configuration management database (CMDB) or other asset management system. As these policies, after exported, are tangible and add value, you should treat them as such. It is recommended that they are tracked as CIs and stored in a source control system as well. As mentioned at the beginning of this section, you should manage all changes to the policies through a change process. This is in addition to the CMDB tracking and source control process.
Backing Up Policies As part of the versioning process is to export a policy or group of policies, backup is a necessary part of OIS maintenance. There are two primary methods for policy backup: . Policy XML (as with exports) . Database Although your established backup processes should already handle OIS database backups, policy XML exports might still be a foreign concept. Policy XML Export and import are the primary methods to create tangible collections of polices that can be stored and managed externally. For more information on these processes, refer to Chapter 5. Figure 7.25 shows a folder full of OIS policy export files from a real-world OIS implementation.
7
FIGURE 7.25 OIS Policy export file examples The process for policy backup and naming in this environment follows these rules: . For changes made within any one day, an OIS export should be created (one export per day). . All exports should include policies exported at the ROOT level (Policies folder in the OIS client). . All exports should include all Global Settings and Global Configurations. . Name the OIS export files with the following convention: <Environment Name>_<Environment Type>_.ois_export . If there are major changes planned for any one day, multiple OIS exports might be necessary.
230
CHAPTER 7
Implementation and Best Practices
. If multiple OIS exports are expected in one day, use the following naming convention for the files: <Environment Name>_<Environment Type>_.ois_export These rules enable the environment to have the latest copy of what is in production, plus previous copies are available at any time. This means you could import previous copies into development or test environments for version inspection and verification if needed. Although there is no rule to store these export files outside a backed up network share, it is recommended that you follow your established best practices for managed code backup and versioning. Database As discussed in Chapter 2 and Chapter 3, “Architectural Design,” it is critical to have redundancy for your OIS SQL datastore. Follow your established process and best practices for keeping SQL redundant (with clustering recommended). If the data in the OIS SQL datastore remains available, the current stored version of the policies is safe. In addition to keeping your datastore redundant, you could also implement a timed backup plan for the OIS database itself. The best times to back up the OIS database would be is before a major policy release update and after a successful policy release update. This way you could rollback between major policy revisions.
Promotion The policy promotion process leverages the export/import functionality within OIS and is similar to any other managed code release; it should include a change control and approval process. Here are the steps for this policy promotion process: . Authoring and development of policies is performed in a sandboxed development environment. . Development complete policies are checked into the development environment OIS datastore. . An export of the development complete policies is created with a specified naming convention. . The development complete export is optionally stored in a source control system, where it can be versioned, checked-in, checked-out, and so on. . A change request is created to promote the development complete policy export to the test environment. . Upon approval, the development complete policy export is imported into the test environment. . The development complete policies are tested in the test environment. . If all tests pass, the policies become production ready and the change request status is updated.
External Data Persistence
231
. If any of the tests fail, feedback is provided to the development team, the change request status is updated, and the process begins again, which cycles until all tests pass. . The production ready export is optionally stored in a source control system, where it can be versioned, checked-in, checked-out, and so on. . A change request is created to promote the production ready policy export to the production environment. . Upon approval, the production ready policy export is imported into the production environment. . The production ready policies become production policies and the change request is closed. . The production policies remain in production, as is, until updates are required or requested; at which point, the process begins again until all new updates are in production. Sanitize Your Policies Only sanitized policies should make it through the development, test, and production policy promotion process. Sanitized refers to the need for development-complete policies to be cleaned of extraneous Global Settings and Global Configuration Data from the development environment. This extraneous data should not even make it to the test environment, meaning that the development-complete export should be cleaned before it is considered for testing.
1. Export the policies you want to transfer/promote. 2. Import the policies into a clean/buffer OIS datastore (one used only for purging unwanted Global Settings and Global Configuration Data). 3. Delete all the Global Settings and Global Configuration Data not related to the policies you want to transfer/promote. 4. Export the policies once again; this new file contains only the Global Settings and Global Configuration Data you want to transfer/promote. 5. Delete everything from the buffer OIS datastore to use it the next time.
External Data Persistence There is no such thing as “state” in an executing OIS policy. After the policymodule.exe has completed working through all the objects in a policy, all state information is dropped. Although there is some persistence at the policy level with logging turned on, it is not the appropriate place to query and update policy state information. Your best bet is
7
Sanitation Steps for a Clean Policy Promotion If you are following the best practices for naming and folder structure, you are able to quickly and easily sanitize your polices. Here is a recommended process for sanitizing your policies when sharing them between people or systems:
232
CHAPTER 7
Implementation and Best Practices
to create an external mechanism to store the important data. (A database table is recommended.) After you have this external data persistence store, you can add objects to your policies that insert the important policy state data, based on the status of the policy. Figure 7.26 shows a policy without any data persistence. This policy performs a series of important actions, from executing command-line interface (CLI) commands and Simple Object Access Protocol (SOAP) calls to restarting Windows services. However, if the policy fails during the SOAP call, it just stops and all information about the CLI command’s execution is lost, along with the initiation of the potentially dependent service restart. Besides lacking data persistence, this policy also lacks simple error handling.
FIGURE 7.26 Policy example without data persistence (or error handling) Alternatively, Figure 7.27 shows this same policy, this time with data persistence. In fact, with data persistence automatically comes some error handling. You can configure the three Update External DB objects to write execution information regardless of object execution status. By writing all object execution status (success, warning, or failure) to the external data persistence store, the information is available for post processing, immediate use within notifications, and even policy restart ability.
FIGURE 7.27 Policy example with data persistence (and error handling) Figure 7.28 shows a policy that is monitoring for changes in the External DB data persistence store. This data is then parsed and used to send a report, send a failure notification, and/or attempt a policy restart. Without external data persistence, none of this is possible and certainly not easily. The following sections cover the common use case of Haltable/Restartable Policies and highlight an available solution you can leverage for your external data persistence, the Standard OIS Logging IP.
Challenge: Haltable/Restartable Policies Out-of-the-box, policies start at the first object and work their way through to the last object without stopping. If a failure occurs in the middle, by default (with Success Only Links) policy execution stops, never reaching the remaining objects after the failure. This means that by default, if you have a 15-object policy and an error occurs on object 11,
External Data Persistence
233
FIGURE 7.28 Policy example using data persistence data objects 12 through 15 do not execute. Default behavior dictates that the policy has to start over at object one. The capability to stop and/or restart at a specified point is not allowed by default. This behavior might be acceptable for development or test environments, but there are use case scenarios where you want to be able to halt running policies, as well as restart failed policies, at specific points. Using customized external data persistence is the recommended method to accomplish both of these tasks. Figure 7.27 and Figure 7.28 show the benefit of including external data persistence in a policy. Building on that concept, Figure 7.29 shows a sample policy built with the capability to be both halted and restarted at specific points. In this policy example, the state data capture for external data persistence occurs within the triggered policies (Step 1, Step 2, Step 3, and Step 4). Restart initiation occurs in another policy as well. This example shows what it takes to configure a policy with halt and restart options. Here is a list of supported scenarios given this policy’s configuration:
FIGURE 7.29 Haltable/restartable policy example
7
. Default Behavior—The policy is initiated without errors or halt request. Object execution in this scenario is Initiate, Trigger Step 1, Trigger Step 2, Trigger Step 3, and Trigger Step 4. (Policy completion is captured in data persistence store.)
234
CHAPTER 7
Implementation and Best Practices
. Halt Request After Step 2—The policy is initiated without errors, but with a halt request after Step 2. Object execution in this scenario is Initiate, Trigger Step 1, Trigger Step 2, Halt Policy. (Halt is captured in data persistence store.) . Restart Initiated After Halt Request After Step 2—The policy is initiated after a halt request by a restart process with no new halt request. Object execution in this scenario is Initiate, Trigger Step 3, Trigger Step 4. (Restart initiated by data persistence store while completion is captured in data persistence store.) . Failure At Step 3—The policy is initiated with no halt request, but encounters an error in Step 3. Object execution in this scenario is Initiate, Trigger Step 1, Trigger Step 2, Trigger Step 3. (Within Step 3 policy, the error is captured in data persistence store.) . Restart Initiated After Failure At Step 3—The policy is initiated after an error by a restart process with no halt request. Object execution in this scenario is Initiate, Trigger Step 3, and Trigger Step 4. (Restart initiated by data persistence store while completion is captured in data persistence store.)
Solution: Integration Pack for Standard OIS Logging Creation and maintenance of your own data persistence store might not be something you want on your “To Do” list. This is particularly true if you are unfamiliar with database table creation and SQL statement development. For this reason, the Integration Pack (IP) for Standard OIS Logging was created. Available at CodePlex (http://opalis.codeplex.com/releases/view/46978), this IP provides packaged functionality for external data persistence creation and maintenance. It has been used by customers for many years prior to Microsoft’s acquisition of Opalis Software. Figure 7.30 shows the available objects in the Standard OIS Logging IP.
FIGURE 7.30 Standard OIS Logging IP objects
As part of the ongoing example started with Figure 7.29, Figure 7.31 shows its usage in one of the triggered policy steps in Figure 7.29, Trigger Step 2. Figure 7.32 shows what the policy responsible for the restart initiation in this example looks like. This policy can be used for both error and halt request restarts. For more information about this IP, it is fully documented with a User Guide at http:/ /opalis.codeplex.com/releases/46978/download/126591 and a Usage Guide, located at http://opalis.codeplex.com/releases/46978/download/141994.
External Data Persistence
235
FIGURE 7.31 Standard OIS Logging IP general usage
FIGURE 7.32 Standard OIS Logging IP restart usage
TIP:
ADDITIONAL INFORMATION ON THE STANDARD OIS LOGGING IP
Summary This chapter built upon the ideas introduced in Chapters 5 and 6 and showed you how to create complex, real-world policies. The chapter explored the policy engine and the rules of that engine as well as complex link logic, looping, scheduling, and data manipulation. Remember to use the topics (like a standard naming convention, versioning, and backup) covered in this chapter when you build your policies. You also learned strategies for resisting policy data outside of OIS and for turning OIS into the most resilient and versatile tool possible. Next in Chapter 8, “OIS Integration,” you learn about the IPs available for OIS used to connect to third-party systems. This is how you can extend the value of OIS without any additional coding or scripting on your part.
7
For a video tutorial on the Standard OIS Logging IP, refer to Charles Joy’s TechNet blog post for “8 Minute Demo – Integration Pack for Standard OIS Logging” available at http://blogs.technet.com/b/charlesjoy/archive/2011/04/13/8-minute-demo-integration-pack-for-standard-ois-logging.aspx.
This page intentionally left blank
CHAPTER
8
OIS Integration
IN THIS CHAPTER . Integration Overview . The IP for BladeLogic Operations Manager . The IPs for BMC Tools . The IPs for CA Tools . The IP for EMC Smarts InCharge
Opalis Integration Server (OIS) is all about integration;
. The IPs for HP Tools
without it, OIS is only a simple automation engine. To accomplish this integration, the product ships with 28 Integration Packs (IPs) on the 6.2.2 media and an additional five with the 6.3 media. This means that without any additional work on your part, you can quickly integrate today’s most popular applications in your data center with OIS. In the same way that OIS takes advantage of the Data Bus to transfer information from object to object, it can use the Data Bus to integrate between the objects in IPs and other systems. This method lets you integrate systems without any coding or scripting.
. The IPs for IBM Tools
Although this chapter discusses all the third-party IPs included with OIS 6.2.2, it does not deal with those specific applications in any detail, as they are explicitly beyond the scope of this book. The IPs listed in this chapter are for reference and to provide examples of how they might be used in your environment, and each includes installation notes discussing elements related to those systems at a high level. The chapter does not provide detailed information regarding installation or usage of these third-party IPs. However, that additional level of detail is provided in the following five chapters, which discuss the System Center IPs.
Integration Overview IPs are software components that plug into the larger OIS framework. They are designed around a series of atomic tasks that are targeted to a specific application. IPs are delivered as a single file with the extension oip. They are regis-
. The IP for Microsoft Active Directory . The IP for Unix . The IP for Veritas NetBackup . The IP for VMware vSphere
238
CHAPTER 8
OIS Integration
tered and installed using Deployment Manager; this process is described in Chapter 4, “Installing Opalis Integration Server 6.3.” As you install IPs, new palettes are added to the OIS Client Objects window. Each object added has the capability to write its published data to the Data Bus and subscribe to published data (PD). This gives you the ability to incorporate new systems into your policies quickly using the objects available in the IPs. This chapter lists and briefly discusses each of the IPs that ship with 6.2.2, how to configure them, and details the capabilities of their objects. Because all the IPs described in this chapter are from OIS 6.2.2, they are only supported on Windows Server 2003 (32-bit)—as this is the only operating system (OS) supported by OIS 6.2.2. Although some IPs in this chapter might work on Windows Server 2008, others are known to be completely incompatible. In all cases, Microsoft does not support any of the OIS 6.2.2 IPs on OIS Windows Server 2008 installations. Although you can use these IPs with OIS 6.3, they must be restricted to Windows Server 2003 systems. This chapter describes each of the objects in the IPs and the primary use of the object. Keep in mind that if you deploy these IPs, you might find that the objects’ details are populated only after establishing a global connection to the target. If you do not have a global connection (or an appropriate target), many of the objects appear as blank.
NOTE:
OIS 6.2.2 IPS REQUIRE LICENSES
All 28 of IPs included with OIS 6.2.2 must be licensed to operate properly. You can deploy and build policies with unlicensed IPs but they do not execute until you install a license. These licenses are all included with the installation source. The five IPs shipped with OIS 6.3 do not require licenses. Chapters 9 through 13 discuss those IPs that ship with OIS 6.3 and are part of System Center.
The IP for BladeLogic Operations Manager The IP for BladeLogic Operations Manager provides one object that allows you to launch commands in the BladeLogic command line interface (CLI) from your OIS policies.
BladeLogic Operations Manager IP Typical Use Case Here are several examples of how you can use the BladeLogic Operations Manager IP in policies: . Software provisioning through an automated process . Desired state management and correction . Auditing servers for compliance . Automated server patching
The IP for BladeLogic Operations Manager
239
BladeLogic Operations Manager IP Object List The BladeLogic Operations Manager IP has only one object, displayed in Figure 8.1. This object is Call BLCI, and it is a generic wrapper for all the BL CLI functions. The properties of the object change depending on which function is configured.
FIGURE 8.1 The object from the BladeLogic Operations Manager IP
BladeLogic Operations Manager IP Installation Notes You must install and configure BladeLogic Configuration Manager or Provisioning Manager 7.4.2 or 7.5.0 on each Action Server and OIS Client where you deploy the IP. When you install the BladeLogic Configuration Manager or Provisioning Manager components, the process also installs the Java Runtime Environment (JRE) 8.5 (if it is not already installed). If the installer cannot find the JRE, you must manually add the following path to the PATH environment variable: \\bin\client
BladeLogic Operations Manager IP Supported Versions The IP supports BladeLogic Configuration Manager or Provisioning Manager versions 7.4.2 and 7.5.0. This IP is only supported on OIS 6.2.2 or 6.3 running on Windows Server 2003.
TIP:
SUPPORTED VERSIONS OF BLADELOGIC OPERATIONS MANAGER
BladeLogic Operations Manager IP Configuration Settings The BladeLogic Operations Manager IP settings are configured in the OIS Client Options menu, under BladeLogic Operations Manager. Figure 8.2 shows details of the BLCLI options. Here is a brief description of the options: . Name—User configurable name for the connection. . Service Profile—Using the ellipsis button, select a service profile from the list. This list is enumerated from the local BladeLogic Configuration Manager or Provisioning Manager installation.
8
Prior to its acquisition by BMC, BladeLogic had a history of making significant structural changes with their CLI and application program interface (API) sets even with revision level releases. (For example, 7.4.2, 7.4.4, and 7.5 are each completely different from one another in terms of API; while 7.4.2 and 7.5 are each supported, 7.4.4 is not compatible at all.)
240
CHAPTER 8
OIS Integration
FIGURE 8.2 Configuration Menu for the BladeLogic Operations Manager IP . Authentication Type—Select either SRP (Secure Remote Password) or ADK (Active Directory using Kerberos). . Role—Enter the name of the role you want to use. . Credential—Supply the BladeLogic username and password (for SRP) or your login.conf file information (for ADK).
The IPs for BMC Tools There are a number of IPs for BMC products. These include IPs for BMC Atrium CMDB, BMC Event Manager, BMC Patrol, and the BMC Remedy AR System. These IPs are discussed in the next sections.
The IP for BMC Atrium CMDB The IP for BMC Atrium CMDB provides 11 objects that allow you to incorporate configuration management database (CMDB) information and updates from your OIS policies. BMC Atrium CMDB IP Typical Use Case Here are some examples of ways the BMC Atrium CMDB IP can be used in policies: . Creating new configuration items (CIs) in your CMDB based on new provisioning or asset discovery . Creating relationships between CIs in your CMDB based on new provisioning or audits . Monitoring CIs for changes to instances or relationships and triggering other activities based on this . Removing or rectifying your CMDB based on decommissioning or audits
The IPs for BMC Tools
241
BMC Atrium CMDB IP Object List The BMC Atrium CMDB IP has 11 objects. Figure 8.3 displays the objects in the BMC Atrium CMDB IP, and Table 8.1 lists these objects and describes their functions.
FIGURE 8.3 Object Icons from the BMC Atrium CMDB IP TABLE 8.1 Objects and Their Descriptions in the BMC Atrium CMDB IP Description
Create CI Instance
Creates a new CI within your Atrium database
Create Relationship
Creates a relationship between two CIs within your Atrium database
Delete CI Instance
Deletes a CI from your Atrium database
Delete Relationship
Deletes a relationship between two CIs within your Atrium database
Get CI Instance
Retrieves specific information about a CI from your Atrium database that matches a filter
Get Relationship Retrieves a group of relationships between CIs from your Atrium database that matches a filter Monitor CI Instance
Monitors for new CIs or changes to existing CIs that match a filter
Monitor Relationship
Monitors for new relationships or changes to existing relationships that match a filter
Reconcile Database
Reconciles the instances and relationships in your Atrium database
Update CI Instance
Makes changes to existing CI items
Update Relationship
Makes changes to existing relationships
8
Object
242
CHAPTER 8
OIS Integration
BMC Atrium CMDB IP Installation Notes Locate the following files from your BMC Atrium CMDB Client installation folder and copy them to %Program Files%\Common Files\Opalis Software\Opalis Integration Server\Extensions\Support\bin on any Opalis Action Servers and OIS Clients that use the IP: . Arapi71.dll . Arrpc71.dll . Arutl71.dll . Icuinbmc32.dll . Icuucbmc32.dll . Icudt32.dll
NOTE:
IP LOOKS FOR SPECIFIC VERSIONS OF THESE DLLS
These versions of these files are the only versions the IP look for in the install. Other versions do not work properly. In addition, the ar*71.dll files listed are from Remedy ARS 7.1, although the officially supported version of ARS is 7.0. BMC Atrium CMDB IP Supported Versions The IP supports BMC Remedy 7.0 and BMC Atrium CMDB 2.0. This IP is supported only on OIS 6.2.2 or 6.3 running on Windows Server 2003. BMC Atrium CMDB IP Configuration Settings The BMC Atrium CMDB IP settings are configured in the OIS Client Options menu, under BMC Atrium CMDB. See Figure 8.4 for details of the BMC Atrium CMDB options. Here is a brief description of the options: . Name—User configurable name for the connection . Login—Computer, User Name, and Password for the Atrium user . Portmapper—Select either portmapper or manually configure Transmission Control Protocol (TCP) port and Remote Procedure Call (RPC) information for your connection. . Connection—Enter the retry count, Interval, and Monitor Interval. These values specify the polling interval that the monitoring objects within the IP use when looking for new instances. . Mode—Select whether Display Only fields are used and which Remedy Application is used for this connection. Only one application is supported per connection, but multiple connections can be made. Filter forms by application allows the connection to be configured so that only forms for a specific application is displayed when selecting the desired form for an object. If this option is left unchecked, then all
The IPs for BMC Tools
243
FIGURE 8.4 Configuration menu for the BMC Atrium CMDB IP forms are displayed when selecting the desired form for an object. This is a designtime specific element intended to make it easier for the user to find the desired form when configuring the object. . Application—Lets you choose which Remedy Application you want to use. If the drop-down does not provide any results, you might have entered your connection information incorrectly.
The IP for BMC Event Manager The IP for BMC Event Manager (BEM) provides five objects that allow you to monitor and manage incoming events or create new BEM events from your OIS policies.
BMC Event Manager IP Typical Use Case Here are some examples of ways you can use the BEM IP in policies: . Monitor for new BEM events and then triage the source of the event. . Create new BEM events based on monitoring done by OIS. . Connect BEM to a trouble ticketing system. . Use BEM event data to populate a Monitor of Monitors.
8
. Attachments—Specify the folder where attachments are saved.
244
CHAPTER 8
OIS Integration
BMC Event Manager IP Object List The BEM IP has five objects. Figure 8.5 displays all the objects in the BEM IP, and Table 8.2 lists these objects and describes their functions.
FIGURE 8.5 Object icons from the BEM IP
TABLE 8.2 BEM IP Objects and Their Descriptions Object
Description
Create Event
Sends a new event to the BEM server
Get Event
Retrieves one or more events from the BEM server that match a filter
Update Event
Updates an event on the BEM Server
Monitor Event
Monitors for events or changes to the BEM server that match a filter
Set Event Status
Changes the status of an existing event
BMC Event Manager IP Installation Notes Download and install the BMC Impact Integration Developer’s Kit 7.1 from http://developer.bmc.com/legal/iidk/download.htm. Locate the following files: . bmciiapi.dll—BMC Software\MasterCell\bmciiapi_7_1\lib\Win32 . locale (folder)—BMC Software\MasterCell\bmciiapi_7_1\config Copy bmciiapi.dll to %Program Files%\Common Files\Opalis Software\Opalis Integration Server\Extensions\ and copy the locale folder to %Program Files%\Common Files\Opalis Software\Opalis Integration Server\Extensions\Support\bem. Copy these files to these destinations on any Opalis Action Servers and OIS Clients that use the IP. BMC Event Manager IP Supported Versions The IP supports BEM 7.0, 7.1, and 7.2. This IP is supported only on OIS 6.2.2 or 6.3 running on Windows Server 2003. BMC Event Manager IP Configuration Settings The BEM IP settings are configured in the OIS Client Options menu, under BEM. See Figure 8.6 for details of the BEM options. Here is a brief description of the options:
The IPs for BMC Tools
245
FIGURE 8.6 Configuration Menu for the BEM IP
. Name—User configurable name for the connection. . Primary Cell—Enter the Host and Port of your Primary BEM cell. . Secondary Cell—Enter the Host and Port of your Secondary BEM cell (if present). . Password—Enter and confirm the password you want to use. . BEM Event List—You need to discover event class types, and then add them to your available event slots. . Timeout (milliseconds)—Enter the value for the timeout period when performing an action against the BEM server.
The IP for BMC Patrol The IP for BMC Patrol provides seven objects that allow you to monitor incoming events or create and manage events from your OIS policies.
BMC Patrol IP Typical Use Case Here are several examples of ways you can use the BMC Patrol IP in policies: . Monitor for new BMC Patrol events and then triage the source of the event. . Create new BMC Patrol events based on monitoring done by OIS. . Connect BMC Patrol to a trouble ticketing system. . Use BMC Patrol data to populate a Monitor of Monitors.
8
. Import mcell dir...—Allows you to import existing mcell configuration files into your BEM server listing.
246
CHAPTER 8
OIS Integration
BMC Patrol IP Object List The BMC Patrol IP has seven objects. Figure 8.7 displays all the objects in the BMC Patrol IP, and Table 8.3 lists all the objects and a description of their functions.
FIGURE 8.7 Object icons in the BMC Patrol IP
TABLE 8.3 BMC Patrol IPObjects and Their Descriptions Object
Description
Acknowledge Event
Marks an event as acknowledged
Close Event
Closes events within Patrol using filters
Create Event
Creates a new event on the Patrol Agent
Get Event
Retrieves a list of Patrol Events that match a filter
Monitor Event
Monitors for events or changes to on the Patrol Agent that match a filter
Resume Application Instance
Allows Patrol to receive events from an application instance that was suspended
Suspend Application Instance
Suspends an application instance and suppresses all events from it
BMC Patrol IP Installation Notes Locate the acmmls32_v2.dll file from your BMC Patrol Client media or installation, and then copy acmmls32_v2.dll to %Program Files%\Common Files\Opalis Software\Opalis Integration Server\Extensions\Support\bin. Do this on any Opalis Action Servers and OIS Clients that use the IP.
BMC Patrol IP Supported Versions The IP supports BMC Patrol 7 agent 3.5.50 to 3.5.60. This IP is supported only on OIS 6.2.2 or 6.3 running on Windows Server 2003.
The IPs for BMC Tools
247
BMC Patrol IP Configuration Settings The BMC Patrol IP settings are configured in the OIS Client Options menu, under BMC Patrol. Figure 8.8 shows details of the BMC Patrol options. You can create groups of Patrol agents to be monitored.
FIGURE 8.8 Agents configuration menu for the BMC Patrol IP
Here is a brief description of the options: . Name—User configurable name for the connection. . Computer—Enter the name of the Patrol Agent or click the ellipsis (...) to browse for one. . Port—Specify a TCP port to use when connecting to the Patrol Agent. . Default—Click this button to use the default TCP port of 3181 when connecting to the Patrol Agent.
. User Name—Enter the username of the credentials you want to use when connecting to the BMC Patrol Agent. . Password—Enter the password of the credentials you want to use when connecting to the BMC Patrol Agent. . Test Connection—This button uses the setting you provide and attempts to connect to the target system. You should use this button before you click OK to verify you have properly configured the IP.
The IP for BMC Remedy AR System The IP for BMC Remedy ARS provides four objects that allow you to monitor, create, or manage requests, or incidents on your AR System from your OIS policies.
8
. Use Default Credentials—Check this box if you want to use the default credentials; otherwise specify credentials using the username and password fields.
248
CHAPTER 8
OIS Integration
BMC Remedy AR System IP Typical Use Case Here are examples of ways you can use the BMC Remedy ARS IP in policies: . To create incidents in response to monitored events on other systems . To create incidents duplicating those in another help desk . To monitor for approved change request before fulfilling those requests . To create requests that need to be approved before automation can continue BMC Remedy AR System IP Object List The BMC Remedy ARS IP has four objects. Figure 8.9 displays all the objects in the BMC Remedy ARS IP, and Table 8.4 lists the objects and a description of their functions. Although there are only four objects, they are all highly configurable and can change their properties based on the application and form referenced with ARS.
FIGURE 8.9 Object icons from the BMC Remedy ARS IP TABLE 8.4 BMC Remedy ARS IP Objects and Their Descriptions Object
Description
Create Request
Creates a new request or incident on the AR System
Get Request
Retrieves one or more requests from the AR System that match a filter
Update Request
Updates information in a request on the AR System
Monitor Request
Monitors for new requests or for changes to existing requests to on the AR System that match a filter
BMC Remedy AR System IP Installation Notes Locate the following files from your BMC AR System Client installation folder: . Arapi71.dll . Arrpc71.dll . Arutl71.dll . Icuinbmc32.dll . Icuucbmc32.dll . Icudt32.dll
The IPs for BMC Tools
249
Copy these files to %Program Files%\Common Files\Opalis Software\Opalis Integration Server\Extensions\Support\bin on any Opalis Action Servers and OIS Clients that uses the IP.
CAUTION:
IP LOOKS FOR SPECIFIC VERSIONS OF THESE DLLS
As with the BMC Atrium IP, these versions of these files are the only versions the IP looks for in the install. Other versions do not work properly. In addition, the ar*71.dll files listed are from Remedy ARS 7.1, although the officially supported version of ARS is 7.0. BMC Remedy AR System IP Supported Versions This IP supports BMC Remedy AR System 5.1, 6.0, 6.3, 7.0, and 7.1. The IP is only supported on OIS 6.2.2 or 6.3 running on Windows Server 2003. BMC Remedy AR System IP Configuration Settings The BMC Remedy ARS IP settings are configured in the OIS Client Options menu, under BMC Remedy AR System. See Figure 8.10 for details of the BMC Remedy AR System options. Here is a brief description of the options: . Name—User configurable name for the connection. . Login—Computer, User Name, and Password for the ARS user.
8
FIGURE 8.10 Configuration Menu for the BMC Remedy ARS IP
250
CHAPTER 8
OIS Integration
. Portmapper—Select either portmapper or manually configure TCP port and RPC information for your connection. . Connection—Enter the retry count, Interval, and Monitor Interval. These values specify the polling interval that the monitoring objects within the IP use when looking for new instances. . Mode—Select whether Display Only fields are used and which Remedy Application is used for this connection. Only one application is supported per connection although multiple connections can be made. Filter forms by application allows the connection to be configured so only forms for a specific application are displayed when selecting the desired form for an object. If this option is left unchecked, all forms are displayed when selecting the desired form for an object. This is a designtime specific element intended to make it easier for the user to find the desired form when configuring the object. . Application—Lets you choose the Remedy Application you want to use. If the drop-down does not provide any results, you might have entered your connection information incorrectly. . Attachments—Specify the folder where attachments are saved.
The IPs for CA Tools There are a number of IPs for CA products—CA AutoSys, CA eHealth, CA Spectrum, CA Unicenter NSM, and CA Unicenter Service Desk. These are discussed in the next sections.
The IP for CA AutoSys The IP for CA AutoSys Workload Automation (AutoSys WA) provides 12 objects that allow you to query, start, or automate the management of AutoSys jobs from your OIS policies. CA AutoSys IP Typical Use Case Here are some ways you can use the CA AutoSys IP in policies: . Triggering AutoSys WA jobs based on change requests from other systems . Triggering AutoSys WA jobs in response to events on other systems . Monitoring the status of AutoSys WA jobs and taking corrective action if they fail CA AutoSys IP Object List The CA AutoSys IP has 12 objects. Figure 8.11 displays all the objects in the CA AutoSys IP, and Table 8.5 lists all the objects and a description of their functions. CA AutoSys IP Installation Notes The OIS Action Server service account must be granted super EXEC right on AutoSys WA. Use the autosys-secure CLI command to grant this right. Install CA AutoSys Client 4.51 (or AutoSys Client r11) on any Opalis Action Servers and OIS Clients that use the IP.
The IPs for CA Tools
251
FIGURE 8.11 Object icons from the CA AutoSys IP TABLE 8.5 CA AutoSys IP Objects and Their Descriptions Description
Change Job Status
Changes the Status of an AutoSys job
Force Start Job
Starts a job that your specify and allows you to populate its fields
Get Job Query Report
Generates a job query report
Get Job Status
Retrieves the status of a job you specify
Get Global Variable
Retrieves the value of a global variable
Take Job Off Hold
Takes a job that you specify off hold
Put Job On Hold
Puts a job that you specify on hold
Kill Job
Enables you to kill an AutoSys job
Monitor Job Status
Monitors for the status of jobs that match a filter
Run AutoSys Command
Runs a specific AutoSys command
Set Global Variable
Creates or updates the value of a global variable
Start Job
Starts an AutoSys job you specify
CA AutoSys IP Supported Versions The IP supports CA AutoSys 4.51 or CA AutoSys r11. This IP is supported only on OIS 6.2.2 or 6.3 running on Windows Server 2003. CA AutoSys IP Configuration Settings The CA AutoSys IP settings are configured in the OIS Client Options menu, under CA AutoSys. See Figure 8.12 for details of the CA AutoSys options.
8
Object
252
CHAPTER 8
OIS Integration
FIGURE 8.12 Configuration menu for the CA AutoSys IP
Here is a brief description of the options: . Name—User configurable name for the connection. . Use Credentials—Choose whether to use explicit credentials; if so, specify those credentials. If you leave this box unchecked, the account assigned to the Action Server Service is used. . User name—Enter the username that you use to connect to your CA Autosys server. . Domain—Enter the domain in which the user resides. . Password—Enter the password for the username you entered. . Environment Variables—Specify the environment variables for AUTOSERV, AUTOROOT, AUTOSYS, AUTOUSER, and Path.
The IP for CA eHealth The IP for CA eHealth provides five objects that allow you to discover eHealth elements or get and modify eHealth elements from your OIS policies.
CA eHealth IP Typical Use Case Here are several examples of ways you can use the CA eHealth IP in policies: . Monitor eHealth elements and then remediate issues with the element.
The IPs for CA Tools
253
. Update elements in a help desk based on eHealth element data. . Connect eHealth to a trouble ticketing system. . Use eHealth data element data to populate a Monitor of Monitors. CA eHealth IP Object List The CA eHealth IP has five objects. Figure 8.13 displays all the objects in the CA eHealth IP, and Table 8.6 lists these objects and a description of their functions.
FIGURE 8.13 Object icons from the CA eHealth IP TABLE 8.6 CA eHealth IP Objects and Their Descriptions Object
Description
Discover Element
Allows you to discover elements on a particular Internet Protocol address you specify
Generate Report Generates a report for the element you specify Retrieves current information about the element you specify that matches a filter
Retire Element
Removes an element so it is no longer pinged by eHealth
Ping Element
Tests to verify there is an element at the Internet Protocol address you specify
CA eHealth IP Installation Notes There are no special installation requirements for this IP as it uses an SSH (Secure Shell) connection. CA eHealth IP Supported Versions The IP supports CA eHealth 5.7 or 6.0. This IP is only supported on OIS 6.2.2 or 6.3 running on Windows Server 2003. CA eHealth IP Configuration Settings The CA eHealth IP settings are configured in the OIS Client Options menu, under CA eHealth. Figure 8.14 shows details of the CA eHealth options.
8
Get Element
254
CHAPTER 8
OIS Integration
FIGURE 8.14 Configuration menu for the CA eHealth IP Here is a brief description of the options: . Name—User configurable name for the connection. . Server—Enter your CA eHealth server name . SSH Port—Enter the port used to connect your CA eHealth server. . User Name—Enter the username for your CA eHealth server. . Password—Enter the password for your CA eHealth server. . Version—Select either version 6.0 or 5.x. . Test Connection—This button uses the setting you provide and attempts to connect to the target system. You should use this button before you click OK to verify you have properly configured the IP.
The IP for CA Spectrum The IP for CA Spectrum provides nine objects that allow you to create, modify, and monitor CA Spectrum alarms and events from your OIS policies.
CA Spectrum IP Typical Use Case Here are examples of ways you can use the CA Spectrum IP in policies: . Monitor for new alarms and then triage the source of the alarm. . Create new alarms based on monitoring done by OIS. . Connect CA Spectrum to a trouble ticketing system. . Use CA Spectrum alarm or device data to populate a Monitor of Monitors. CA Spectrum IP Object List The CA Spectrum IP has nine objects. Figure 8.15 displays all the objects in the CA Spectrum IP, and Table 8.7 lists all the objects and a description of their functions.
The IPs for CA Tools
255
FIGURE 8.15 Object icons from the CA Spectrum IP TABLE 8.7 CA Spectrum IP Objects and Their Descriptions Description
Acknowledge Alarm
Acknowledges or unacknowledges an alarm
Clear Alarm
Clears an alarm that you specify that matches a filter
Create Event
Creates an event in CA Spectrum
Discover IP
Allows you to discover the Internet Protocol addresses of devices and add them to CA Spectrum
Get Alarm
Retrieves current information about alarms that match a filter
Get Device
Retrieves current information about devices that match a filter
Monitor Alarm
Monitors for new or updated alarms that match a filter
Remove Device
Removes a device from CA Spectrum
Update Device
Updates information that your specify for a device in CA Spectrum
CA Spectrum IP Installation Notes Install JRE 5.0 (1.5) or higher on any Opalis Action Servers and OIS Clients that use the IP. Here are the environment variables that must be included: . The environment variable JAVA_HOME, which needs to contain the path to the Java client (for example, JAVA_HOME=C:\Program Files\Java\jre1.5.0_11\bin\client) . The environment variable PATH, which needs to contain the path to the Java client (for example, PATH=C:\Program Files\Java\jre1.5.0_11\bin\client) CA Spectrum IP Supported Versions The IP supports CA Spectrum version 8.1. This IP is supported only on OIS 6.2.2 or 6.3 running on Windows Server 2003.
8
Object
256
CHAPTER 8
OIS Integration
CA Spectrum IP Configuration Settings The CA Spectrum IP settings are configured in the OIS Client Options menu, under CA Spectrum. Figure 8.16 shows details of the CA Spectrum options.
FIGURE 8.16 Configuration menu for the CA Spectrum IP
Here is a brief description of the options: . Name—User configurable name for the connection. . Server—Enter your CA Spectrum server name or click the ellipsis (...) button to browse for one. . Port—Enter the port used to connect your CA Spectrum server. . User—Enter the username for your CA Spectrum server. . Password—Enter the password for your CA Spectrum server. . Test Connection—This button uses the setting you provide and attempts to connect to the target system. You should use this button before you click OK to verify you have properly configured the IP.
The IP for CA Unicenter NSM The IP for CA Unicenter NSM (Network Systems Management) provides three objects that allow you to monitor and manage the health of your systems from your OIS policies.
CA Unicenter NSM IP Typical Use Case Here are examples of how the CA Unicenter NSM IP can be used in policies: . Automate the management of physical or virtual systems using NSM. . Monitor for new NSM messages and then triage the source of the alarm. . Create new NSM messages based on monitoring done by OIS. . Connect NSM to a trouble ticketing system. . Use NSM message data or device data to populate a Monitor of Monitors.
The IPs for CA Tools
257
CA Unicenter NSM IP Object List The CA Unicenter NSM IP has three objects. Figure 8.17 displays all the objects in the CA Unicenter NSM IP, and Table 8.8 lists all the objects and a description of their functions.
FIGURE 8.17 Object icons from the CA Unicenter NSM IP TABLE 8.8 CA Unicenter NSM IPObjects and Their Descriptions Object
Description
Acknowledge Message
Acknowledges messages on NSM
Create Message
Creates a new message on NSM
Monitor Message
Monitors for new or modified messages to on NSM that match a filter
CA Unicenter NSM IP Installation Notes There are no special installation requirements for this IP. CA Unicenter NSM IP Supported Versions The IP supports CA Unicenter NSM r3 or r11. This IP is supported only on OIS 6.2.2 or 6.3 running on Windows Server 2003.
The IP for CA Unicenter Service Desk The IP for CA Unicenter Service Desk (Unicenter SD) provides five objects that allow you to monitor, create, or update units on your CA Unicenter SD from your OIS policies. CA Unicenter Service Desk IP Typical Use Case Here are some examples of how the CA Unicenter SD IP can be used in policies: . To create Unicenter SD units in response to monitored events on other systems . To create Unicenter SD units that duplicate those in another help desk . To monitor for changes to Unicenter SD requests before taking automated actions against them
8
CA Unicenter NSM IP Configuration Settings The CA Unicenter NSM IP settings are configured in the individual objects. It does not have a global configuration. To configure a connection, open the object, select the NSM server, and then choose which fields you want to modify. Because these fields are hardcoded, you do not need a global connection to refresh this data. Figure 8.18 shows a sample object detail.
258
CHAPTER 8
OIS Integration
FIGURE 8.18 Sample configuration for the CA Unicenter NSM Create Message object . Incorporate automation into existing Unicenter SD incident or problem management processes CA Unicenter Service Desk IP Object List Figure 8.19 displays the five objects in the CA Unicenter SD IP, and Table 8.9 lists all the objects and a description of their functions.
FIGURE 8.19 Object icons from the CA Unicenter SD IP TABLE 8.9 CA Unicenter SD IP Objects and Their Descriptions Object
Description
Close/Delete Unit
Updates the status of an issue, change, or request unit to Closed and deletes related items from the database
Create Unit
Creates a new unit of support in Unicenter SD
Get Unit
Retrieves a list of Unicenter SD units of support that matches a filter
Monitor Unit
Monitors for new or updated units of support that match a filter
Update Unit
Updates information in a unit of support in Unicenter SD
CA Unicenter Service Desk IP Installation Notes There are no special installation requirements for this IP.
The IPs for CA Tools
259
CA Unicenter Service Desk IP Supported Versions The IP supports CA Unicenter ServicePlus Service Desk 6.0 or 11.0. This IP is supported only on OIS 6.2.2 or 6.3 running on Windows Server 2003. CA Unicenter Service Desk IP Configuration Settings The CA Unicenter SD IP settings are configured in the OIS Client Options menu, under CA Unicenter SD. Figure 8.20 displays details of the CA Unicenter SD options.
FIGURE 8.20 Configuration menu for the CA Unicenter SD IP Here is a brief description of the options: . Name—User configurable name for the connection.
. Port—If the port used by the server has been changed from 80, update this field. . User name/Password—Enter the username and password to connect to Unicenter SD. This user must have sufficient access to perform the actions in the IP. . Path—If you are accessing a path other than the default, enter it here. . Use a secure connection—Check this box if you want to enable SSL connections. . Monitoring—Update the polling interval if required. . Apply customizations—By default, the IP uses the default set of field names from Unicenter SD. If you have modified your CAServiceDeskSchema_v6.xml (or ...v11.xml), this button retrieves the new fields and populates the IP objects with them. . Revoke Customizations—If you need to remove the customization within the IP and return the fields to their default values, use this button.
8
. Server—Enter the server name for your Unicenter SD server (do not include the http:// prefix).
260
CHAPTER 8
OIS Integration
The IP for EMC Smarts InCharge The IP for EMC Smarts InCharge (Smarts) provides 11 objects that allow you to monitor incoming notifications or create and manage notifications from your OIS policies.
EMC Smarts InCharge IP Typical Use Case Some examples of ways the EMC Smarts InCharge IP can be used in policies are . Monitor for new Smarts notifications and then triage the source of the event. . Create new Smarts notifications based on monitoring done by OIS. . Connect Smarts to a trouble ticketing system. . Use Smarts notification data to populate a Monitor of Monitors.
EMC Smarts InCharge IP Object List The EMC Smarts InCharge IP has 11 objects. Figure 8.21 displays all the objects in the EMC Smarts InCharge IP, and Table 8.10 lists the objects and describes their functions.
FIGURE 8.21 Object icons from the EMC Smarts InCharge IP TABLE 8.10 EMC Smarts InCharge IP Objects and Their Descriptions Object
Description
Acknowledge Notification
Acknowledges or removes the acknowledgement from a Smarts notification
Add Host
Adds a host to the Smarts topology
Add Audit Log
Appends a message to the audit log of a notification
Close Notification
Closes notifications created by the Create Notification object
Create Notification
Creates a new notification on the Smarts server
Get Host
Retrieves a list of hosts from Smarts that match a filter
The IP for EMC Smarts InCharge
261
TABLE 8.10 EMC Smarts InCharge IP Objects and Their Descriptions Object
Description
Get Notification
Retrieves notifications from Smarts that match a filter
Monitor Notification
Monitors for notifications on the Smarts server that match a filter
Own/Disown Notification
Applies or removes ownership from a notification
Remove Host
Removes a host to the Smarts topology
Update Notification
Updates information in a notification on the Smarts server
EMC Smarts InCharge IP Installation Notes The Smarts SAM Adapter Platform and the JRE 1.4 must be installed and configured on each Action Server and OIS Client where the IP is deployed.
EMC Smarts InCharge IP Supported Versions The IP supports EMC Smarts InCharge 6.2. This IP is supported only on OIS 6.2.2 or 6.3 running on Windows Server 2003.
EMC Smarts InCharge IP Configuration Settings The EMC Smarts InCharge IP settings are configured in the OIS Client Options menu, under EMC Smarts. Figure 8.22 displays details of the EMC Smarts InCharge options.
8
FIGURE 8.22 Configuration menu for the EMC Smarts InCharge IP Here is a brief description of the options: . Name—User configurable name for the connection.
262
CHAPTER 8
OIS Integration
. Computer—Enter the computer name or Internet Protocol address of the InCharge Broker or click the ellipsis (...) button to browse for one. . Port—Enter the port that the InCharge Broker uses for Smarts connections. . Manager—Enter the name of the Smarts Manager that you use. . Type—Select whether this connection uses IP Availability Manager or Service Assurance Manager. . User—Enter the user that accesses Smarts. . Password—Enter the password for the user that accesses Smarts.
The IPs for HP Tools There are a number of IPs for HP products. These include IPs for HP Asset Manager, HP iLO and OA, HP Network Mode Manager, HP OpenView Operations (Unix - HPUX), HP OpenView Operations (HP - Solaris), HP OpenView Operations (Windows), HP OpenView Service Desk, and HP Service Manager. These IPs are discussed in the next sections.
The IP for HP Asset Manager The IP for HP Asset Manager (HPAM) provides six objects that allow you to create, monitor, and manage assets in HPAM from your OIS policies. HP Asset Manager IP Typical Use Case Here are some examples of ways the HPAM IP can be used in policies: . Create and retrieve software as a Fundamental Asset in HPAM. . Create new assets in HPAM automatically based on data from other IT systems and processes. . Automate creation of procurement requests based on data from other IT systems and processes. . Use HPAM message data or device data to populate a CMDB. HP Asset Manager IP Object List The HPAM IP has six objects. Figure 8.23 displays the objects in the HPAM IP, and Table 8.11 lists all these objects and describes their functions.
TABLE 8.11 HPAM IP Objects and Their Descriptions Object
Description
Create Fundamental Asset
Creates a new asset on HPAM
Get Fundamental Asset
Retrieves a list of HPAM assets that matches a filter
Create Procurement Request
Creates a new procurement request on HPAM
The IPs for HP Tools
263
FIGURE 8.23 Object icons from the HPAM IP TABLE 8.11 HPAM IP Objects and Their Descriptions Object
Description
Get Procurement Request
Retrieves a list of HPAM procurement requests that matches a filter
Create Software Model
Creates a new software model on HPAM
Get Software Model
Retrieves a list of HPAM software models that matches a filter
HP Asset Manager IP Installation Notes Microsoft .NET Framework 3.5 must be installed and configured on each Action Server and OIS Client where the IP is deployed. HP Asset Manager IP Supported Versions Although the IP is called the IP for HPAM, the IP actually supports HP AssetCenter 5.01. This IP is only supported on OIS 6.2.2 or 6.3 running on Windows Server 2003.
FIGURE 8.24 Configuration menu for the HPAM IP
8
HP Asset Manager IP Configuration Settings The HPAM IP settings are configured in the OIS Client Options menu, under HPAM. Figure 8.24 shows details of the HPAM options.
264
CHAPTER 8
OIS Integration
Here is a brief description of the options: . Name—User configurable name for the connection. . User Name—Enter the name of the user on the SPAM server. . Password—Enter the password of the HPAM user. . Address—Enter the Internet Protocol Address of the HPAM server.
NOTE:
SELECT A TYPE TO ENABLE THE PROPERTIES
You must select a type using the ellipsis (...) button before any of the properties in Figure 8.24 are displayed. If you do not select a type, the properties section of the window is completely blank.
The IP for HP iLO and OA The IP for HP Integrated Lights-Out (iLO) and Onboard Administrator (OA) provides two objects that allow you to use iLO and OA functions from your OIS policies. HP iLO and OA IP Typical Use Case Some examples of ways you can use the HP iLO and OA IP in policies are . Incorporate iLO Management into automated processes. . Enable Green Data Centers by managing power to blades and racks. . Allow provisioning of new assets from OA or iLO. . Allow other systems to control iLO or OA functions via automation. HP iLO and OA IP Object List The HP iLO and OA IP has two objects. Figure 8.25 displays all the objects in the HP iLO and OA IP, and Table 8.12 lists these objects and describes their functions.
FIGURE 8.25 Object icons from the HP iLO and OA IP TABLE 8.12 HP iLO and OA IP Objects and Their Descriptions Object
Description
Run iLO Command
Runs 15 iLO commands over SSH
Run OA Command
Runs 89 OA commands over SSH
The IPs for HP Tools
265
HP iLO and OA IP Installation Notes iLO and OA must have SSH access enabled, and the ports must be accessible to any Opalis Action Servers and OIS Clients that use the IP. HP iLO and OA IP Supported Versions The IP supports HP iLO 2 HP BladeSystem c3000 OA (firmware 2.13), HP-C 3000, OA Firmware: 2.13, and iLO 2 Firmware: 1.70. This IP is supported only on OIS 6.2.2 or 6.3 running on Windows Server 2003. HP iLO and OA IP Configuration Settings The HP iLO and OA IP settings are configured in the OIS Client Options menu, under HP iLO and OA. Figure 8.26 shows details of the HP iLO and OA options. Here is a brief description: . Name—User configurable name for the connection. . Address—The name or Internet Protocol address of the iLO (or OA target) and port used. . User/Password—Enter the username and password for the connection. . Private key—If you require a private key to log in, enter the path to it here or click the ellipsis (...) button to browse for one. . Connection—Specify the number of attempts and the time between attempts. iLO and OA only allow two connections to a blade server or enclosure at one time. If you use more than two of the objects in this IP at once, you need to configure this entry.
TIP:
DESIGN POLICIES FOR THIS IP CAREFULLY
FIGURE 8.26 Configuration menu for the HP iLO and OA IP
8
If you need to use more than two connections on your iLO or OA at the same time, remember to build your policies with proper retry logic. If you do not provide this logic, objects in this IP might fail simply because both connections are in use.
266
CHAPTER 8
OIS Integration
The IP for HP Network Node Manager The IP for HP Network Node Manager (NNM) provides eight objects allowing you to create, monitor, and manage events in NNM from your OIS policies. HP Network Node Manager IP Typical Use Case Here are examples of ways you can use the HP NNM in policies: . Monitor for new events and then triage the source of the event. . Create new events based on monitoring done by OIS. . Connect HP NNM to a trouble ticketing system. . Use HP NNM event data to populate a Monitor of Monitors. HP Network Node Manager IP Object List Figure 8.27 displays the eight objects in the HP NNM IP, and Table 8.13 lists these objects describe their functions.
FIGURE 8.27 Object icons from the HP NNM IP TABLE 8.13 HP NNM IP Objects and Their Descriptions Object
Description
Acknowledge Event
Marks an event as acknowledged in NNM
Create Event
Creates a new event on NNM
Delete Event
Deletes an existing event on NNM that matches a filter
Get Correlated Event
Retrieves correlated events that match a filter
Monitor Correlated Event
Monitors for correlated events or updates to events on NNM that match a filter
Unacknowledge Event
Marks an event as unacknowledged in NNM
Update Event Category
Updates event category information in an event
Update Event Severity
Updates event security information in an event
The IPs for HP Tools
267
HP Network Node Manager IP Installation Notes HP NNM Remote Components 7.0 or 7.5 must be installed and configured on each Action Server and OIS Client where the IP is deployed. Locate the HP OpenView folder on your NNM server and create a file share named OpenView. Make this share accessible to the user account assigned to the Action Server service. If you are using firewalls between the two systems, verify that the file share is accessible.
HP Network Node Manager IP Supported Versions The IP supports HP NNM 7.0 and 7.5. This IP is supported only on OIS 6.2.2 or 6.3 running on Windows Server 2003.
HP Network Node Manager IP Configuration Settings The HP NNM IP settings are configured in the OIS Client Options menu, under HP NNM. Figure 8.28 shows details of the HP NNM options.
Here is a brief description of the options: . Name—User configurable name for the connection. . Bin Path—Enter the bin path on your NNM server. . Log Path—Enter the log path on your NNM server. . Stream Name—Enter the stream name for your NNM server. . Server—Enter the name or Internet Protocol address of your NNM server. . Domain—Enter the domain of the user account you use to connect to NNM. . Username—Enter the name of the user account you use to connect to NNM. . Password—Enter the password for the user account.
8
FIGURE 8.28 Configuration menu for the HP NNM IP
268
TIP:
CHAPTER 8
OIS Integration
SELECT A TYPE TO ENABLE THE PROPERTIES
You must select a type using the ellipsis (...) button before any of the properties in Figure 8.28 is displayed. If you do not select a type, the properties section of the window is completely blank.
The IP for HP OpenView Operations (Unix - HPUX) The IP for HP OpenView Operation (OVO) HPUX (Hewlett-Packard Unix) provides nine objects that allow you to monitor incoming messages or create new messages from your OIS policies. HP OpenView Operations HPUX IP Typical Use Case Here are some examples of using the HP OVO HPUX IP in policies: . Monitor for new OVO messages and then triage the source of the event. . Create new OVO messages based on monitoring done by OIS. . Connect OVO to a trouble ticketing system. . Use OVO message data to populate a Monitor of Monitors. HP OpenView Operations HPUX IP Object List The HP OVO HPUX IP has nine objects. Figure 8.29 displays all the objects in the HP OVO HPUX IP, and Table 8.14 lists all the objects and a description of their functions.
FIGURE 8.29 Object icons from the HP OVO HPUX IP
TABLE 8.14 HP OVO HPUX IP Objects and Their Descriptions Object
Description
Acknowledge Message
Acknowledges a message that you specify
Add Annotation
Updates an existing message with an annotation you specify
Create Message
Creates a new message on your OVO Server
Get Message
Retrieves current information about messages that matches a filter
The IPs for HP Tools
269
TABLE 8.14 HP OVO HPUX IP Objects and Their Descriptions Object
Description
Monitor Message
Monitors for new or updated messages that match a filter
Own/Disown Message
Allows you to set or clear the ownership of a message
Set Policy Template
Allows you to enable or disable a policy template on your OVO server
Set Scheduled Outage
Causes the OVO server to ignore messages that match rules you specify
Update Message
Updates severity and/or text of an existing message
HP OpenView Operations HPUX IP Installation Notes The Opalis daemon for HP OVO must be installed on your HP OVO server. Consult the product documentation for details on installing this daemon. The Oracle 10 client (with OCI [Oracle Call Interface]) must be installed on any Action Servers that uses this IP. The location of the OCI dlls must be added to your PATH environment variable. Your Oracle service name must be configured to the OVO database. If you plan to use the Set Schedule Outage object, you need an outage file. This file must be created in the /etc/opt/OV/share/conf/OpC/mgmt_sv/respmgrs folder of the HP OVO server. To use the Monitor Message Object, you must configure the Message Stream Interface on your OVO server. Verify that Enable Output within the Message Stream Interface is selected and is using Send All Messages to Server MSI. Also, verify that Copy Messages is selected.
HP OpenView Operations HPUX IP Configuration Settings Configure the HP OVO HPUX IP settings in the OIS Client Options menu, under HP OVO (HPUX). Figure 8.30 shows details of the HP OVO HPUX options. Here is a brief description of the options: . Computer—Enter the name of the OVO server running the Opalis daemon. . Port—Enter the port used to communicate to the Opalis daemon; 5000 is the default. . Connection—Specify the number of retry attempts the objects perform. . Monitor—Specify the number of minutes for your reconnection window. . User Name—Enter the name of your OVO Operator user. (This is done on the Operator Tab, not shown in Figure 8.30.)
8
HP OpenView Operations HPUX IP Supported Versions The IP supports HP OVOs for Unix version A. 08.10.160 using Oracle 10.2, HP OpenView NNM 7.53 running on HP-UX B.11.11. This IP is supported only on OIS 6.2.2 or 6.3 running on Windows Server 2003.
270
CHAPTER 8
OIS Integration
FIGURE 8.30 Configuration menu for the HP OVO HPUX IP . Password—Enter the password for your OVO Operator user. (This is done on the Operator Tab, not shown in Figure 8.30.) . Service Name—Enter Oracle service name for OVO. (This is done on the Database Tab, not shown in Figure 8.30.) . User Name—Enter a username that has read access to the Oracle database. (This is done on the Database Tab, not shown in Figure 8.30.) . Password—Enter the password for your database username. (This is done on the Database Tab, not shown in Figure 8.30.)
The IP for HP OpenView Operations (Unix - Solaris) The IP for HP OVO Solaris provides nine objects that allow you to monitor incoming messages or create new messages from your OIS policies.
HP OpenView Operations Solaris IP Typical Use Case Here are some ways to use the HP OVO Solaris IP in policies: . Monitor for new OVO messages and then triage the source of the event. . Create new OVO messages based on monitoring done by OIS. . Connect OVO to a trouble ticketing system. . Use OVO message data to populate a Monitor of Monitors. HP OpenView Operations Solaris IP Object List Figure 8.31 displays the nine objects in the HP OVO Solaris IP, and Table 8.15 lists all the objects and describes their functions.
The IPs for HP Tools
271
FIGURE 8.31 Object icons from the HP OVO Solaris IP
TABLE 8.15 HP OVO Solaris IP Objects and Their Descriptions Description
Acknowledge Message
Acknowledges a message that you specify
Add Annotation
Updates an existing message with an annotation you specify
Create Message
Creates a new message on your OVO Server
Get Message
Retrieves current information about messages matching a filter
Monitor Message
Monitors for new or updated messages that match a filter
Own/Disown Message
Allows you to set or clear the ownership of a message
Set Policy Template
Allows you to enable or disable a policy template on the OVO server
Set Scheduled Outage
Causes the OVO server to ignore messages that match rules you specify
Update Message
Updates severity and/or text of an existing message
8
Object
HP OpenView Operations Solaris IP Installation Notes The Opalis daemon for HP OVO must be installed on your HP OVO server. Consult the product documentation for details on installing this daemon. The Oracle 9 or 10 client (with OCI) must be installed on any Action Servers that use this IP. The location of the OCI dlls must be added to your PATH environment variable. Your Oracle service name must be configured to the OVO database. If you plan to use the Set Schedule Outage object, you will an outage file. This file must be created in the /etc/opt/OV/share/conf/OpC/mgmt_sv/respmgrs folder of the HP OVO server.
272
CHAPTER 8
OIS Integration
If you plan to use the Monitor Message Object, you must configure the Message Stream Interface (MSI) on your OVO server. Verify that Enable Output within the Message Stream Interface is selected and that it is using Send All Messages to Server MSI. Also verify that Copy Messages is selected. Patches TOSOL_00403 and ITOSOL_00438 patches must be applied to your HP OVO server.
HP OpenView Operations Solaris IP Supported Versions The IP supports HP OVOs 8 for Sparc Solaris Version 9 on Solaris 9. This IP is only supported on OIS 6.2.2 or 6.3 running on Windows Server 2003.
HP OpenView Operations Solaris IP Configuration Settings The HP OVO Solaris IP settings are configured in the OIS Client Options menu, under HP OVO (Solaris). See Figure 8.32 for details of the HP OVO Solaris options. Here is a brief description of the options: . Computer—Enter the name of the OVO server running the Opalis daemon. . Port—Enter the port used to communicate to the Opalis daemon; 5000 is the default. . Connection—Specify the number of retry attempts the objects performs. . Monitor—Specify the number of minutes for your reconnection window. . User Name—Enter the name of your OVO Operator user. (This is done on the Operator Tab, not shown in Figure 8.32.) . Password—Enter the password for your OVO Operator user. (This is done on the Operator Tab, not shown in Figure 8.32.)
FIGURE 8.32 Configuration menu for the HP OVO Solaris IP
The IPs for HP Tools
273
. Service Name—Enter Oracle service name for OVO. (This is done on the Database Tab, not shown in Figure 8.32.) . User Name—Enter a username that has read access to the Oracle database. (This is done on the Database Tab, not shown in Figure 8.32.) . Password—Enter the password for your database username. (This is done on the Database Tab, not shown in Figure 8.32.)
The IP for HP OpenView Operations (Windows) The IP for HP OVO Windows includes nine objects that allow you to monitor incoming messages or create new messages from your OIS policies.
HP OpenView Operations Windows IP Typical Use Case Here are several examples of ways to use the HP OVO Windows IP in policies: . Monitor for new OVO messages and then triage the source of the event. . Create new OVO messages based on monitoring done by OIS. . Connect OVO to a trouble ticketing system. . Use OVO message data to populate a Monitor of Monitors. HP OpenView Operations Windows IP Object List Figure 8.33 displays all nine objects in the HP OVO Windows IP, and Table 8.16 lists these objects and a description of their functions.
8
FIGURE 8.33 Object icons from the HP OVO Windows IP
274
CHAPTER 8
OIS Integration
TABLE 8.16 HP OVO Windows IP Objects and Their Descriptions Object
Description
Acknowledge Message
Acknowledges a message that you specify
Add Annotation
Updates an existing message with an annotation you specify
Create Message
Creates a new message on your OVO Server
Get Message
Retrieves current information about messages that match a filter
Monitor Message
Monitors for new or updated messages that match a filter
Own/Disown Message
Allows you to set or clear the ownership of a message
Set Policy Template
Allows you to enable or disable a policy template on your OVO server
Set Scheduled Outage
Causes the OVO server to ignore messages that match rules you specify
Update Message
Updates severity and/or text of an existing message
HP OpenView Operations Windows IP Installation Notes You must install the Opalis Web Services for HP OVO in order for Opalis to communicate with OVO Windows server. Install OPRHPOVO-WWebService200.exe on your OVO Management Server. During the installation, you need to assign ports for Create, Modify, Get, and Monitor Message objects.
TIP:
MAKE A NOTE OF THE WEB SERVICES PORTS
Make a note of the ports you select when you install the Opalis Web Services for HP OVO. You need these ports for the IP’s configuration settings.
HP OpenView Operations Windows IP Supported Versions The IP supports HP OVO 7.5 or 8.0 for Windows. HP OpenView Interconnect 3.3, 3.4, or 3.5 is installed on the OVO Management Server. This IP is supported only on OIS 6.2.2 or 6.3 running on Windows Server 2003.
HP OpenView Operations Windows IP Configuration Settings The HP OVO Windows IP settings are configured in the OIS Client Options menu, under HP OVO (Windows). Figure 8.34 shows details of the HP OVO Windows options. Here is a brief description of the options: . Computer—Enter the name of the OVO server running the Opalis Web Services. . Ports—Enter the port used by each object. Each object must use its own port. These ports are not specific to HP OVO for Windows but were introduced when Opalis
The IPs for HP Tools
275
FIGURE 8.34 Configuration menu for the HP OVO Windows IP Web Services were installed. Use the ports you selected when you installed the Opalis Web Service on your OVO Management Server. . Username—Enter the name that connects to your OVO server database. . Password—Enter the password for the username shown in Figure 8.34.
The IP for HP OpenView Service Desk The IP for HP OpenView Service Desk (OVO-SD) provides 20 objects allowing you to monitor, create, or manage requests or incidents on OVO-SD from your OIS policies.
HP OpenView Service Desk IP Typical Use Case Here are examples of how you can use the HP OVO-SD IP in policies:
. To create incidents, service calls, or work orders that duplicate those in another help desk . To monitor for approved change request before fulfilling those requests . To create requests that must be approved before automation can continue HP OpenView Service Desk IP Object List The HP OVO-SD IP has 20 objects. Figure 8.35 displays all the objects in the HP OVO-SD IP, and Table 8.17 lists the objects and describes their functions.
8
. To create incidents, service calls, or work orders in response to monitored events on other systems
276
CHAPTER 8
OIS Integration
FIGURE 8.35 Object icons from the HP OVO-SD IP TABLE 8.17 HP OVO-SD IP Objects and Their Descriptions Object
Description
Close Change
Closes an open change item using filters
Close Incident
Closes an open incident using filters
Close Service Call
Closes an open service call using filters
Close Work Order
Closes an open work order using filters
Create Change
Creates a new change item in OVO-SD
Create Incident
Creates a new incident in OVO-SD
Get Service Call
Retrieves information about a service call from OVO-SD
Get Work Order
Retrieves information about a work order from OVO-SD
Get Change
Retrieves information about a change item from OVO-SD
Get Incident
Retrieves information about an incident from OVO-SD
Get Service Call
Retrieves information about a service call from OVO-SD
Get Work Order
Retrieves information about a work order from OVO-SD
Monitor Change
Monitors OVOP-SD for new or updated change items that match a filter
Monitor Incident
Monitors OVOP-SD for new or updated incidents that match a filter
Monitor Service Call
Monitors OVOP-SD for new or updated service calls that match a filter
Monitor Work Order
Monitors OVOP-SD for new or updated work orders that match a filter
Update Change
Updates information in a change item or closes it
The IPs for HP Tools
277
TABLE 8.17 HP OVO-SD IP Objects and Their Descriptions Object
Description
Update Incident
Updates information in an incident or closes it
Update Service Call
Updates information in a service call or closes it
Update Work Order
Updates information in a work item or closes it
HP OpenView Service Desk IP Installation Notes Download and apply the HP OVO-SD patch for your current version at http://support. openview.hp.com/selfsolve/patches. Locate web-api.jar inside the patch and move it to %Program Files%\Common Files\Opalis Software\Opalis Integration Server\Extensions\Support\HP Service Desk on each Action Server and OIS Client where the IP is deployed. Install JRE 5.0 (1.5) on any Opalis Action Servers and OIS Clients that uses the IP. If you have multiple JREs installed, you might need to specify the location of the specific JRE that you want to use. HP OpenView Service Desk IP Supported Versions The IP supports HP OVO-SD 4.5 Service Pack (SP) 1. This IP is supported only on OIS 6.2.2 or 6.3 running on Windows Server 2003. HP OpenView Service Desk IP Configuration Settings The HP OVO-SD IP settings are configured in the OIS Client Options menu, under HP Service Desk. See Figure 8.36 for details of the HP OVO-SD options. Here is a brief description of the options: . Computer—Enter the name of the OVO-SD server. . Port—Enter the port used to communicate with the OVO-SD server.
8
FIGURE 8.36 Configuration menu for the HP OVO-SD IP
278
CHAPTER 8
OIS Integration
. User name—Enter the user that logs into OVO-SD. . Password—Enter the password for the user that logs into OVO-SD. . JRE Home—Use the default or enter the path to your JRE 5 install. . Refresh Field Cache—This button refreshes the field cache for this IP. This step must be performed to establish the field information to be utilized by the objects when designing policies. (If this is not done, then the objects are not able to identify what fields are available.) . Test Connection—This button uses the setting you provide and attempts to connect to the target system. You should use this button before you click OK to verify you have properly configured the IP.
The IP for HP Service Manager The IP for HP Service Manager (HPSM) provides five objects that allow you to monitor, create, and manage entries in your HPSM system from your OIS policies. HP Service Manager IP Typical Use Case Here are some examples of ways the HPSM IP can be used in policies: . Monitor for new entries and then triage the source of the event. . Create new entries based on monitoring done by OIS. . Connect HPSM to a trouble ticketing system. . Use HPSM entry data to populate a Monitor of Monitors. HP Service Manager IP Object List The HPSM IP has five objects. Figure 8.37 displays the objects in the HPSM IP, and Table 8.18 lists these objects and describes their functions.
FIGURE 8.37 Object icons from the HPSM IP TABLE 8.18 HPSM IP Objects and Their Descriptions Object
Description
Close Entry
Closes an existing entry in HPSM
Create Entry
Creates a new entry in HPSM
Get Entry
Retrieves a list of HPSM entries that matches a filter
The IPs for HP Tools
279
TABLE 8.18 HPSM IP Objects and Their Descriptions Object
Description
Monitor Entry
Monitors for entries or changes to existing entries that match a filter
Update Entry
Updates an existing entry in HPSM
HP Service Manager IP Installation Notes To use this IP, you need a separate license to use the web services required for connectivity. You also need the SOAP(Simple Object Access Protocol)-API Capability Word right assigned to the user account associated with the IP. A SQL Server Native ODBC (Open Database Connectivity) (System DSN (Database Source Name)) connection must be configured any OIS Client where the IP is deployed. A SQL connection is required to populate only selection boxes at design time. If populating selection boxes is not required, this can be safely ignored.
HP Service Manager IP Supported Versions The IP supports HP ServiceCenter 6.2 (formerly Peregrine ServiceCenter) and HPSM 7.0. (Although the product name changed between the versions, the IP supports both.) This IP is supported only on OIS 6.2.2 or 6.3 running on Windows Server 2003.
HP Service Manager IP Configuration Settings The HPSM IP settings are configured in the OIS Client Options menu, under HPSM. Figure 8.38 provides details of the HPSM options.
8
FIGURE 8.38 Configuration menu for the HPSM IP
280
CHAPTER 8
OIS Integration
Here is a brief description of the options: . Version—Select version HP ServiceCenter 6.2 or HPSM 7.0. . Name—User configurable name for the connection. . Server—Enter the name of the server that hosts the HPSM instance. . Port—Enter the port used to connect to the HPSM system. . Polling Interval—If required, alter the polling interval (seconds). . ODBC Driver—Enter the DSN of the ODBC connection that you created. . DB (database) User Name—Enter the username to connect to the HPSM database. . DB password—Enter the password for the database user account. . User Name—Enter the username that connects to HPSM. . Password—Enter the password for the user account.
The IPs for IBM Tools There are a number of IPs for IBM products. These IPs include the IP for IBM Tivoli Enterprise Console, the IP for Tivoli Netcool Omnibus, and the IP for IBM Tivoli Storage Manager. These IPs are discussed in the next sections.
The IP for IBM Tivoli Enterprise Console The IP for IBM Tivoli Enterprise Console (TEC) provides seven objects that allow you to monitor, create, and manage TEC events from your OIS policies. IBM Tivoli Enterprise Console IP Typical Use Case Here are examples of ways to use the IBM TEC IP in policies: . Monitor for new TEC events and then triage the source of the event. . Create new TEC events based on monitoring done by OIS. . Connect TEC to a trouble ticketing system. . Use TEC event data to populate a Monitor of Monitors. IBM Tivoli Enterprise Console IP Object List The IBM TEC IP has seven objects. Figure 8.39 displays all the objects in the IBM TEC IP, and Table 8.19 lists these objects and a description of their functions.
The IPs for IBM Tools
281
FIGURE 8.39 Object icons from the IBM TEC IP TABLE 8.19 IBM TEC IP Objects and Their Descriptions Object
Description
Acknowledge Event
Modifies the status of an existing TEC event to ACK and assigns it to an operator
Change Event Severity
Modifies the severity level of an event in TEC
Close Event
Closes an event in TEC
Create Event
Creates a new event in TEC
Get Event
Retrieves a list of TEC events that match a filter
Monitor Event
Monitors for events or changes to events on TEC that match a filter
Update Event
Updates the attributes of an event that you specify
Oracle 9i clients (if Oracle is used) and postzmsg.exe must be installed and configured on each Action Server and OIS Client where the IP is deployed. Postzmsg.exe must be installed in %Program Files%\Common Files\Opalis Software\Opalis Integration Server\Extensions\Support\TEC.
IBM Tivoli Enterprise Console IP Supported Versions The IP supports IBM TEC 3.9.0 with Fix Pack 3. This IP is supported only on OIS 6.2.2 or 6.3 running on Windows Server 2003.
IBM Tivoli Enterprise Console IP Configuration Settings The IBM TEC IP settings are configured in the OIS Client Options menu, under TEC. Figure 8.40 displays the IBM TEC options. This figure shows a SQL Server connection (OD-SQL), but an Oracle connection might also be created.
8
IBM Tivoli Enterprise Console IP Installation Notes Tivoli Management Framework 4.1.1 and the Opalis Rule Base must be installed on TEC Server. For information on how to get the Opalis Rule Base installed on the TEC server, reference Microsoft Knowledge Base article 2491953 (http://support.microsoft.com/kb/2491953).
282
CHAPTER 8
OIS Integration
FIGURE 8.40 Configuration menu for the IBM TEC IP (SQL shown) Here is a brief description of the SQL options: . Computer—Enter the name of the server that hosts the TEC instance. . Port—Enter the port used to connect to the TEC system. . Server—Enter the name of the SQL server. . Owner—Enter the name of the user that is assigned as the TEC dbo. . Name—Enter the name of the TEC database catalog. . Windows Authentication—Select this option to use Windows Authentication when connecting to the database. . SQL Server Authentication—Select this option to specify a SQL username and password when connecting to the database. . User name—Enter the name of the user to be used with SQL Server Authentication. . Password—Enter the password of the user to be used with SQL Server Authentication.
The IP for IBM Tivoli Netcool Omnibus The IP for IBM Tivoli Netcool Omnibus (Netcool) provides five objects allowing you to monitor, create, and manage alerts from your OIS policies. IBM Tivoli Netcool Omnibus IP Typical Use Case Here are examples of how you can use the Netcool policies: . Monitor for new Netcool alerts and then triage the source of the event. . Create new Netcool alerts based on monitoring done by OIS.
The IPs for IBM Tools
283
. Connect Netcool to a trouble ticketing system. . Use Netcool alert data to populate a Monitor of Monitors. IBM Tivoli Netcool Omnibus IP Object List Figure 8.41 displays the five objects in the Netcool IP, and Table 8.20 lists all objects and a description of their functions.
FIGURE 8.41 Object icons from the Netcool IP
TABLE 8.20 Netcool IP Objects and Their Descriptions Object
Description
Create Alert
Creates a new alert on the Netcool server
Delete Alert
Deletes alerts on the Netcool server that match a filter
Get Alerts
Retrieves alerts from the Netcool server that match a filter
Monitor Alerts
Monitors for new alerts or changes to alerts on the Netcool server that match a filter
Update Alert
Updates information in an alert that matches a filter
8 IBM Tivoli Netcool Installation Notes Java Standard Edition (JSE) 5 or 6 and the jconnect 6 library (jconn3.jar) must be installed and configured on each Action Server and OIS Client where the IP is deployed. JSE should be installed before the IP is installed or you need to manually add the location of the JVM.DLL file to the PATH environment variable. Copy the jconn3.jar file to the %Program Files%\Common Files\Opalis Software\Opalis Integration Server\Extensions\Support\NetcoolOmnibus.
IBM Tivoli Netcool Supported Versions The IP supports Netcool 7.1. This IP is supported only on OIS 6.2.2 or 6.3 running on Windows Server 2003.
284
CHAPTER 8
OIS Integration
IBM Tivoli Netcool Configuration Settings The Netcool IP settings are configured in the OIS Client Options menu, under Netcool/OMNIbus. Figure 8.42 shows details of the Netcool options.
FIGURE 8.42 Configuration menu for the Netcool IP
Here is a brief description of the options: . Name—User configurable name for the connection. . Host name—Enter or browse for the name of the IBM Tivoli Netcool/OMNIbus ObjectServer. . Port number—Enter the port number that you want to use to connect to the ObjectServer. . User ID—Enter the username required to connect to Netcool. . Password—Enter the password for the User ID.
The IP for IBM Tivoli Storage Manager The IP for IBM Tivoli Storage Manager (TSM) provides seven objects that allow you to backup and restore data from your OIS policies.
IBM Tivoli Storage Manager IP Typical Use Case Examples of ways the IBM TSM IP can be used in policies include . Incorporate backup and restore as part of an IT Process. . Allow other systems to trigger backup and restore on demand. . Improve recovery posture by increasing backup frequency. . Test disaster recovery options through an automated process.
The IPs for IBM Tools
285
Figure 8.43 displays the seven objects in the IBM TSM IP, and Table 8.21 lists all the objects and a description of their functions.
FIGURE 8.43 Object icons from the IBM TSM IP
TABLE 8.21 IBM TSM IP Objects and Their Descriptions Object
Description
Get Actlog
Retrieves information from an IBM TSM act log
Archive
Stores permanent versions of data for long periods
Incremental Backup
Performs an incremental backup for a file system or specific files
Monitor Backup
Monitors a specific backup job and triggers when status changes match a filter
Restore Backup
Restores backed up files and folders
Retrieve
Retrieves archived files and folders from a TSM
Selective Backup
Backs up a specific set of files or folders regardless of whether they have changed
8 IBM Tivoli Storage Manager IP Installation Notes The TSM Client and the Administrative Command Line must be installed and configured on each Action Server and OIS Client where the IP is deployed.
CAUTION:
TSM USER PERMISSIONS
You must assign a user permission to access the TSM Administrative Consoles to be able to use this IP.
IBM Tivoli Storage Manager IP Supported Versions The HP supports IBM TSM 5.5. This IP is supported only on OIS 6.2.2 or 6.3 running on Windows Server 2003.
286
CHAPTER 8
OIS Integration
IBM Tivoli Storage Manager IP Configuration Settings The IBM TSM IP settings are configured in the OIS Client Options menu, under IBM TSM. Figure 8.44 shows details of the IBM TSM options.
FIGURE 8.44 Configuration menu for the IBM TSM IP
Here is a brief description of the options: . Name—User configurable name for the connection. . Computer—Enter the name of the server that hosts the IBM TSM Administrative Console. . Port—Enter the Port used to communicate with TSM. . User Name—Enter the username that is used to access the TSM Administrative Console. . Password—Enter the password for the username you specified.
The IP for Microsoft Active Directory The IP for Microsoft Active Directory (AD) provides 20 objects that allow you to create and manage computers and users in the AD from your OIS policies.
Microsoft Active Directory 2 IP Typical Use Case Here are some the Microsoft AD IP can be used in policies: . Provision new user accounts or machine accounts. . De-provision user or machine accounts.
The IP for Microsoft Active Directory
287
. Automate user password reset functions via a portal. . Change passwords on service accounts automatically.
Microsoft Active Directory 2 IP Object List Figure 8.45 displays the 20 objects in this IP, and Table 8.22 lists these objects and describes their functions.
FIGURE 8.45 Object icons from the Microsoft AD IP
TABLE 8.22 Microsoft AD IP Objects and Their Descriptions Object
Description
8
Add Computer to Group Adds a computer to a group in a domain Add User to Group
Adds a user to a group in a domain
Create Computer
Adds a computer to a domain
Create User
Adds a user to a domain
Delete Computer
Removes a computer from a domain
Delete User
Removes a user from a domain
Disable User
Disables a user account
Enable User
Enables a user account that was disabled
Get Computer
Retrieves a list of computers from a domain that matches a filter
288
CHAPTER 8
OIS Integration
TABLE 8.22 Microsoft AD IP Objects and Their Descriptions Object
Description
Get Group
Retrieves a list of groups from a domain that matches a filter
Get User
Retrieves a list of users from a domain that matches a filter
Move Computer
Moves a computer to a different parent container
Move User
Moves a user to a different parent container
Remove Computer from Removes an existing computer from a specific group Group Remove User from Group
Removes an existing user from a specific group
Reset User Password
Resets the password for an existing user
Run Command
Invokes the Active Roles PowerShell commands and allows you to run custom commands against AD
Unlock User
Unlocks a user account that was locked
Update Computer
Updates properties for a computer in AD
Update User
Updates properties for a user in AD
Microsoft Active Directory IP 2 Installation Notes Microsoft .NET 3.5 Framework, Windows PowerShell 1.0, and the Quest PowerShell Commands for AD (32-bit) must be installed and configured on each Action Server where the IP is deployed. You can find information about the Quest PowerShell commands at http://www.quest.com/QuestWebPowershellCmdletDwnldARS. The following PowerShell commands can be run only against a Windows Server 2008 AD target: . New-QADPasswordSettingsObject . Get-QADPasswordSettingsObject . Add-QADPasswordSettingsObjectAppliesTo . Remove-QADPasswordSettingsObjectAppliesTo
Microsoft Active Directory 2 IP Supported Versions The IP supports Microsoft Windows Server AD domains 2003 and 2008. This IP is supported only on OIS 6.2.2 or 6.3 running on Windows Server 2003.
The IP for Unix
289
Microsoft Active Directory 2 IP Configuration Settings The Microsoft AD IP settings are configured in the OIS Client Options menu, under MS AD 2. See Figure 8.46 for details of the Microsoft AD options.
FIGURE 8.46 Configuration menu for the Microsoft AD IP Here is a brief description of the options: . Name—User configurable name for the connection. . Server—Enter the name of the domain controller. . Domain—Enter the name of the domain that is managed. . User—Enter the user credentials that connects to the domain (note this user needs to have permissions to perform the actions in the objects used). . Password—Enter the password for your user account.
8
The IP for Unix The IP for Unix provides 17 objects that allow you to interact with and manage Unix hosts from your OIS policies.
Unix IP Typical Use Case Here are some examples of ways you can use the Unix IP in policies: . Incorporate Unix hosts into a change process. . Trigger automation based on changes to Unix files or file system.
290
CHAPTER 8
OIS Integration
. Update files on a Unix host as part of an automated process. . Run commands on a Unix host as part of an automated process.
Unix IP Object List Figure 8.47 displays the 17 objects in the Unix IP, and Table 8.23 lists all the objects and a description of their functions.
FIGURE 8.47 Object icons from the Unix IP TABLE 8.23 Unix IPObjects and Their Descriptions Object
Description
Add Line
Adds one or more lines of text to a text file
Copy File
Copies one or more files to another destination
Create Folder
Created a folder (directory) on the file system
Delete File
Deletes one or more files
Delete Folder
Deletes a folder (directory) from the file system
Delete Line
Deletes one or more lines from a text file
Get File Status
Retrieves file system information about a file
Get Line
Reads a line or ranges of lines from a text file
Insert Line
Inserts a line into a text file at a specific position
Monitor File
Monitors the file system looking for changes in particular files
The IP for Unix
291
TABLE 8.23 Unix IPObjects and Their Descriptions Object
Description
Monitor Folder
Monitors the file system looking for changes in particular folders (directories)
Move File
Moves one or more files to another destination
Rename File
Renames a file
Replace Text
Replaces one text string with another when found within a file
Restart System Restarts the Unix host where the object is running Run Program
Executes a command or program on the Unix host where the object is running
Search Text
Searches for specific text with a file that you specify
Unix IP Installation Notes The Opalis Unix agent must be installed and configured on any Unix host requiring the following objects: . Run Program . Get File Status . Monitor File . Monitor Folder The Opalis Unix agents are included with the IP but you must install the correct agent for the type of Unix host you plan to manage.
Unix IP Supported Versions The Opalis Unix agents are provided for Advanced Interactive eXecutive AIX 5.3, HPUX 11.11, and Solaris 8, 9 and 10. The SSH functionality should work on a large number of Unix host OSs and versions. Any objects within the Unix IP that do not require the Opalis Unix agent to be installed function by executing commands via SSH and thus are generally compatible to most Unix environments, although they are officially supported only against the identified versions. This IP is supported only on OIS 6.2.2 or 6.3 running on Windows Server 2003.
8
If you intend to use SSH tunneling, you need to configure the Opalis Port Manager service that is installed by the IP. Opalis Port Manager is installed as a Component Object Model (COM) + service; you can configure the settings in the Component Services MMC snap-in found in the Administrative Tools category of the Control Panel.
292
CHAPTER 8
OIS Integration
Unix IP Configuration Settings The Unix IP settings are configured in the OIS Client Options menu, under UNIX. See Figure 8.48 for details of the Unix options.
FIGURE 8.48 Configuration menu for the Unix IP Here is a brief description of the options: . Connection name—User configurable name for the connection. . Platform—Select the Unix platform that you intend to target. . Computer—Enter the name or Internet Protocol address of the Unix host. . SSH Port—Enter the SSH port number. . User Name—Enter the username for the Unix host. . Password—Enter the password for the Unix host (unless a keyfile is used). . Keyfile and Passphrase—Enter the path and name of the OpenSSH SSH-2 private key and enter the passphrase in the Passphrase field. . Double Authentication—If you want to use double authentication, select which type and specify the account information. . Agent Port—Enter the port for the Opalis Unix Agent. . Use SSH Tunneling—Configure the SSH Tunneling options if you want to use them.
The IP for Veritas NetBackup
293
. Test Connection—This button uses the setting you provide and attempts to connect to the target system. You should use this button before you click OK to verify you have properly configured the IP.
The IP for Veritas NetBackup The IP for Veritas NetBackup provides three objects that allow you to backup and restore data from your OIS policies.
Veritas NetBackup IP Typical Use Case Some examples of ways that the Veritas NetBackup IP can be used in policies are . Incorporate backup and restore as part of an IT Process. . Allow other systems to trigger backup and restore on demand. . Improve recovery posture by increasing backup frequency. . Test disaster recovery options through an automated process.
Veritas NetBackup IP Object List Figure 8.49 displays the three objects in the Veritas NetBackup IP, and Table 8.24 lists the objects and describes their functions.
FIGURE 8.49 Object icons from the Veritas NetBackup IP
8
TABLE 8.24 Veritas NetBackup IP Objects and Their Descriptions Object
Description
Restore Backup
Initiates a backup restore job on the NetBackup server
Start Policy Backup
Starts a policy backup job on the NetBackup server
Start User Backup
Starts a user backup job on the NetBackup server
Veritas NetBackup IP Installation Notes The Veritas NetBackup Client and SSH daemon must be installed on all target client systems. The NetBackup server must be running an SSH daemon to use Start Policy Backup. The credentials used by the IP must specify an administrator who can SSH into the NetBackup server and issue Veritas NetBackup commands.
294
CHAPTER 8
OIS Integration
Microsoft .NET 2.0 Framework must be installed and configured on each Action Server and OIS Client where the IP is deployed.
Veritas NetBackup IP Supported Versions The IP supports Veritas NetBackup Server 6.5 on Sun Solaris 10 or Microsoft Windows Server 2003 SP 2 x86 editions. This IP is supported only on OIS 6.2.2 or 6.3 running on Windows Server 2003.
Veritas NetBackup IP Configuration Settings The Veritas NetBackup IP settings are configured in the OIS Client Options menu, under Veritas NetBackup. Figure 8.50 shows details of the Veritas NetBackup options.
FIGURE 8.50 Configuration menu for the Veritas NetBackup IP Here is a brief description of the options: . Name—User configurable name for the connection. . Type—Select Policy Backup Configuration or User Backup Configuration. . Server—Enter the name or Internet Protocol Address of your Veritas NetBackup Server. . Target Operating System—Select the OS of the backup target. . Path to Remote NetBackup/bin folder—Enter the path to the NetBackup/bin folder on the remote system. . User Name—Enter the username of the account that connects to the Veritas NetBackup Server. . Password—Enter the password of the account that connects to the Veritas NetBackup Server. . SSH Port—Enter the SSH Port to use. . Private Key—If you use a private key, enter it here.
The IP for VMware vSphere
295
The IP for VMware vSphere The IP for VMware vSphere provides 27 objects that allow you to create, modify, and manage virtual machines (VMs) from your OIS policies.
VMware vSphere IP Typical Use Case Some examples of ways that the VMware vSphere IP can be used in policies are . Provision new virtual machines based on system demand or load. . Provision new machines based on a change request from another system. . Alter the locations of running virtual machines in response to events or resource issues. . Deprovision unused virtual machines to save resources.
VMware vSphere IP Object List The VMware vSphere IP has 27 objects. Figure 8.51 displays the objects in the VMware vSphere IP, and Table 8.25 lists the objects and describes their functions.
8
FIGURE 8.51 Object icons from the VMware vSphere IP
296
CHAPTER 8
OIS Integration
TABLE 8.25 VMware vSphere IP Objects and Their Descriptions Object
Description
Add Network Adapter
Adds a network adapter to a VM
Add VM Disk
Adds a disk to a VM
Clone Linux VM
Clones a Linux VM based on a template allowing you to configure the VM
Close Windows VM
Clones a Windows VM based on a template allowing you to configure the VM
Create VM
Creates a new VM
Customized VM
Applies customization to a VM
Delete VM
Deletes a VM
Get Cluster Properties
Retrieves information about a cluster
Get Datastore Capacity
Retrieves the capacity of a datastore
Get Hosts
Retrieves a list of hosts based using filters
Get Resource Pool Runtime Retrieves runtime information about a resource pool using filters Info Get Resource Pools
Retrieves a list of resource pools using filters
Get VM List
Retrieves a list of VMs using filters
Get VM Properties
Retrieves information about the properties of a VM based on filters
Get VM Status
Retrieves the status of a VM based on filters
Migrate VM
Moves a running VM from one host or resource pool to another
Move VM
Moves a stopped VM from one host or resource pool to another
Reconfigure VM
Changes the configuration settings of a VM
Reset VM
Resets a running VM
Revert VM Snapshot
Reverts a VM to a previous state captured by a snapshot
Set Guest Info Variables
Configures information about the Guest OS
Set VM CD/DVD to ISO image
Configures a VM’s CD/DVD to ISO image information
Set VM Networks
Specifies which network adapters are used by the VM
Start VM
Starts a VM
Stop VM
Stops a VM
Suspend VM
Suspends a VM
Take VM Snapshot
Takes a snapshot of a VM capturing state information
The IP for VMware vSphere
297
VMware vSphere IP Installation Notes There are no special installation requirements for this IP.
VMware vSphere IP Supported Versions The IP supports VMware vSphere 4.0 or VMware VI 3.5. This IP is supported only on OIS 6.2.2 or 6.3 running on Windows Server 2003.
VMware vSphere IP Configuration Settings The VMware vSphere IP settings are configured in the OIS Client Options menu, under VMware vSphere. Figure 8.52 shows the VMware vSphere options. The following is a brief description of the options: . Name—User configurable name for the connection. . User—Enter the user that connects to your vSphere system. . Password—Enter the user’s password. . SSL—Select whether SSL is enabled on your vSphere system.
8
FIGURE 8.52 Configuration menu for the VMware vSphere IPm
298
CHAPTER 8
OIS Integration
Summary This chapter explored the IPs shipped with OIS 6.2.2. It examined what some typical use cases for each IP might be and provided basic information about each object. Any special installation instructions were explained, in addition to a clear list of which product versions are supported by each IP. The chapter also listed target system configuration details for each IP. The lists of IPs provided by OIS make the job of connecting the most common data center applications easy; easy enough that it can be done without needing to code or script anything. Additionally, by taking advantage of the OIS data bus, these IPs can accept or provide information to any of other system involved in your IT process automation. The next chapters take a much deeper look at the IPs provided with OIS 6.3 that connect to the other members of the System Center suite.
CHAPTER
9
Integration with System Center Operations Manager With the release of Opalis Integration Server (OIS) 6.3 came bundled a set of important Integration Packs (IPs) to tie OIS to the System Center Suite. This chapter covers the IP for Microsoft System Center Operations Manager (SCOM). The chapter describes the requirements for using the SCOM IP along with the installation procedure and configuration steps. It explains each object, providing some sample policies to show you how to take advantage of the SCOM IP.
Requirements Before getting started, note that the SCOM IP is included in OIS 6.3 installation files and not available as a separate download. Specific requirements are discussed in the following sections.
Opalis Integration Server 6.3 You cannot get this IP without the 6.3 installation files as it comes bundled together. Specifically, this IP is located in the <Extraction Path>\Opalis 6.3\Integration Packs for System Center folder of the 6.3 ZIP file.
System Center Operations Manager 2007 As you will be using objects from the IP to automate specific components of SCOM, you must have Operations Manager 2007 also installed. The current version of the SCOM IP was written for SCOM 2007 R2. Although the objects in this IP might work with SCOM 2007 RTM or
IN THIS CHAPTER . Requirements . Installing the SCOM IP . Configuring the SCOM IP . Objects at a Glance . Objects in Depth . Use Case Scenarios
300
CHAPTER 9
Integration with System Center Operations Manager
Service Pack (SP) 1, the IP was not designed or tested with these previous versions in mind, and thus is not supported by Microsoft.
Installing the SCOM IP Different operations within require different levels of permissions. Some operations require membership in the SCOM Operators role; other operations require administrative access in SCOM. You can create multiple accounts with differing levels of permissions with SCOM for performing different operations. However, this level of granularity is probably not required in all environments. Microsoft recommends using a connection account with membership in the Operations Manager Administrators user role to ensure the account has the necessary permissions for all SCOM-related activities.
TIP:
INSTALLING INTEGRATION PACKS
For information on the installation steps to register and deploy an IP, see Chapter 4, “Installing Opalis Integration Server 6.3.”
Configuring the SCOM IP All the objects in the SCOM IP use the credentials supplied by the Connection account to perform various activities on the Root Management Server (RMS). Before configuring the Connection Account in OIS, you should first grant the necessary permissions for the user account in SCOM.
Connectivity Requirements The IP for SCOM connects to the Operations Manager RMS on port 5724 through the System Center Data Access (OMSDK) service. Before configuring the connection between Operations Manager and Opalis, verify the following is in place: . Verify the SCOM console is installed on each computer where an Opalis Action Server or OIS Client is installed, if that Action Server or OIS Client will interact with Operations Manager. . Verify network connectivity on TCP port 5724 is available between the SCOM RMS, and each computer that will interact with SCOM. Detailed information on the required components for communication between OIS and Operations Manager can be found at http://technet.microsoft.com/en-us/library/ gg440623.aspx.
Configuring the SCOM IP
301
Granting Access to the Connection Account Before you configure the connection to SCOM, you should grant access in SCOM to the account OIS will use when connecting to the RMS. Perform the following steps to add a user to the Operations Manager Administrators role: 1. Launch the System Center Operations Manager Operations console. In the Navigation pane, select the Administration workspace. 2. In the Administration workspace, select the User Roles node. 3. Double-click the Operations Manager Administrators user role, and take note of the Active Directory (AD) groups that have membership in this SCOM user role. 4. Open Active Directory Users and Computers, and locate the group that has membership in the Operations Manager Administrators user role. 5. In the Operations console, double-click the group you identified. On the Members tab, click Add. Enter the name of the account OIS will use to access this SCOM RMS. 6. Click OK twice to save your changes and exit.
Configuring the Connection Account For the account to perform the actions in the sample policies area, you will need to grant rights to the Connection account in SCOM. Begin by configuring connectivity to SCOM in the OIS Client. Perform the following steps: 1. Configure connectivity with SCOM in the OIS Client: . In the OIS Client, from the top menu, select Options -> Microsoft Operations Manager 2007. . In the Microsoft Operations Manager 2007 dialog box, click Add and enter the following information: . Name—Name of the Operations Manager 2007 RMS . Domain—Domain of the Operations Manager 2007 RMS
. Password—Password for the AD account . Use the Test Connection button shown in Figure 9.1 to verify connectivity. . Click OK to create the connection. . When complete, the newly created connection in the Microsoft Operations Manager 2007 dialog box should be similar to Figure 9.2. . Click Finish to save the connection settings.
9
. User name—AD account with administrator privileges in Operations Manager 2007
302
CHAPTER 9
Integration with System Center Operations Manager
FIGURE 9.1 Configuring and testing the SCOM connection account
FIGURE 9.2 Configuring the SCOM connection
Objects at a Glance For reference, here are the objects included in the SCOM IP: . Create Alert . Get Alert . Get Monitor . Monitor Alert . Monitor State . Start Maintenance Mode . Stop Maintenance Mode . Update Alert
Objects in Depth
303
Objects in Depth This part of the chapter examines all the objects that compose the SCOM IP to illustrate what they do and how they can be used. Most of the objects can be used on their own, but as with Foundation objects, combining the objects into more detailed sequences of activities is what makes OIS so powerful as a platform for process automation. This section includes a description of the objects contained in the SCOM IP and some of the more common use case scenarios associated with each. The SCOM IP consists of eight objects: . Create Alert—The Create Alert object is used in a policy to create a new alert in SCOM that originated from another system monitor product. . In that respect, Create Alert can be used as an alert forwarding mechanism to consolidate alerts from multiple monitoring systems into a “single pane of glass”—the SCOM Operations console. . The first time you run this object in a policy, it installs the Opalis Integration Library management pack in Operations Manager. The Create Alert object creates an event in Operations Manager, which the Opalis Integration Library management pack then translates into an Operations Manager alert. More information on this object is available at http://technet.microsoft.com/en-us/ library/gg464911.aspx.
CAUTION: CREATE ALERT OBJECT DOES NOT PROPERLY WORK THE FIRST TIME On the first connection to a new RMS where the Opalis Integration Library Management Pack (MP) is not installed, an alert is not created in SCOM. The workaround is to run it again. The new alert is created after the object is run a second time. The failure occurs because the MP is imported, rather than having the SDK event recognized by the MP being written.
. Get Monitor—The Get Monitor object is used in a policy to retrieve monitoring objects from Operations Manager that match the criteria that you specify. You can use the Get Monitor object to retrieve a message and replicate the information to a
9
. Get Alert—The Get Alert object is used in a policy to retrieve alerts from Operations Manager that match the criteria that you specify. You can use the Get Alert object to retrieve an alert and replicate the information to a ticketing system for troubleshooting. Additional information on this object is available at http://technet.microsoft. com/en-us/library/gg464905.aspx.
304
CHAPTER 9
Integration with System Center Operations Manager
trouble ticketing system. See http://technet.microsoft.com/en-us/library/gg440698. aspx for additional information. . Monitor Alert—The Monitor Alert object uses filters to determine which properties of an alert will trigger the policy. Each part of the alert is compared to the values of the filter to determine if they meet the criteria before triggering the policy. More information on this object can be found at http://technet.microsoft.com/en-us/ library/gg440704.aspx. . Monitor State—The Monitor State object monitors the state of an Operations Manager object that you specify. You can use the Monitor State object to trigger a corrective policy when an object with a Warning state is detected. This object can be useful in specific monitoring scenarios to trigger corrective actions or maintenance mode operations. More information on this object is available at http://technet.microsoft.com/en-us/library/gg440610.aspx. . Start Maintenance Mode—The Start Maintenance Mode object puts an object in Operations Manager into maintenance mode. All alerts generated for the object while the object is in maintenance mode will be ignored. You can use the Start Maintenance Mode object at the start of maintenance policies to prevent false alerts from being generated. You could use Start Maintenance Mode to place any monitored object into maintenance mode. When placing a computer object in maintenance mode, the health service and health service watcher objects will not be placed automatically into maintenance mode as they would be when initiating maintenance mode through the Operations console or through the Command Shell. How to put a computer into maintenance mode is demonstrated in the “Server Maintenance Mode” section later in this chapter. See http://technet.microsoft.com/en-us/library/gg440688.aspx for more information on this object. . Stop Maintenance Mode—The Stop Maintenance Mode object takes a monitor out of maintenance mode. If you put a monitor into maintenance mode using the Configuring the Start Maintenance Mode Object, you can use the Stop Maintenance Mode object to put that monitor back in service before the configured duration has elapsed. For additional information on this object, refer to http://technet.microsoft.com/en-us/ library/gg464948.aspx. . Update Alert—The Update Alert object updates the information in an Operations Manager alert. You can use the Update Alert object in a policy to update an alert based on the results from automated diagnostic or recovery actions performed by that policy. This object is commonly used in policies that perform automated remediation of an error condition to update the alert with information regarding the results of the attempt to correct the error. More information on the Update Alert object is available at http://technet.microsoft.com/en-us/library/gg440814.aspx.
Use Case Scenarios
TIP:
305
INDICATING THE ALERT WAS UPDATED BY OIS
Even though the Last Modified By property of the alert will reflect the name of the SCOM Connection Account, you might want to leave a clear indicator that the alert was updated from OIS. You can easily do this by updating the Owner field or one of the 10 custom properties present on an alert with a value such as “Updated by OIS at {Object Start Time from “Update Alert”}”.
Use Case Scenarios Each policy illustrated in this section uses objects from the SCOM IP to demonstrate automation of a common SCOM-related activity. By using the information from the Data Bus, you can create workflows that respond to the state of components at runtime, such as when the health of object transitions to an error state in SCOM. This practice makes Opalis an incredibly flexible platform for bringing in information, even as that information changes at runtime, and using it like you would variables in a script. The following three scenarios are presented to demonstrate how to utilize objects from the SCOM IP: . Incident Remediation . Server Maintenance Mode . Branch Office Maintenance Mode
Incident Remediation The Incident Remediation policy, displayed in Figure 9.3, illustrates how to use OIS with the SCOM IP to automate remediation of common server and application failures.
9
FIGURE 9.3 Incident remediation Because OIS features, such as looping, make it easy to double-check the state of an object (for example, whether a service is started or a website is online), OIS is an excellent tool for automating even complex recovery tasks in a more reliable manner than would be possible with script or command-based remediation alone. Here are the activities performed by this policy: 1. Monitor Alert—This object, displayed in Figure 9.4, is configured to monitor for alerts with a Name property of DNS Service Stopped.
306
CHAPTER 9
Integration with System Center Operations Manager
FIGURE 9.4 Monitor Alert Properties 2. Start DNS Service—When an alert matching the configured criteria is detected, this renamed Start/Stop Windows Service object is triggered to restart the service. . Action—Start Service . Service—DNS Client 3. Update Alert—When the service has been restarted successfully, the Update Alert object is triggered to update the alert with the values shown here and in Figure 9.5.
FIGURE 9.5 Update Alert Properties . Alert ID—{Id from “Monitor Alert”} . CustomField10—Updated by Opalis Upon successful restart of the service, the health state of the DNS Service Stopped unit monitor returns to healthy and the alert is closed automatically by SCOM.
Use Case Scenarios
307
Although true in this case and with most monitor-generated alerts, some other monitorgenerated alerts might not be closed automatically, in which case updating the alert resolution state to Closed would be appropriate. You will need to verify monitor settings on a case-by-case basis to ensure the alert will be closed automatically without the need for manual intervention or a resolution state update from OIS.
Server Maintenance Mode Maintenance mode in SCOM is used to prevent alerts from being sent when a server or application is offline for planned activities. With the capability to easily pause for fixed periods of time and reattempt activities, OIS is an excellent tool for executing server maintenance in a predictable and reliable manner. Because the Computer, Health Service and Health Service Watcher objects for a computer must be placed into maintenance mode to stop all alerts from a computer, a Start Maintenance Mode object is necessary for each of these three objects. The policy displayed in Figure 9.6 is intended to be called externally from another policy as part a larger maintenance workflow.
FIGURE 9.6 Server maintenance mode
To complete the request of getting of getting Software Update status information, six objects are used to enumerate the computers, get their information, and send the results. The steps are detailed here:
2. Query Database to get ID—This renamed Query Database object queries the OperationsManager database to retrieve the ID (GUID) of the agent for the computer name provided in Target Server. Configure this information on the Details tab, displayed in Figure 9.7.
9
1. Target Server—This renamed Custom Start object contains one parameter (Targetname) used to capture the name of the server that should be placed into maintenance mode. This allows the policy to be triggered externally using a Trigger Policy object, OIS5StartPolicy, or other external policy execution method.
308
CHAPTER 9
Integration with System Center Operations Manager
FIGURE 9.7 Query Database to Get ID Properties . Query—Select BME.DisplayName, MTH.BaseManagedEntityId From BaseManagedEntity BME Inner Join MT_HealthService MTH on BME.BaseManagedEntityId=MTH.BaseManagedEntityId where BME.DisplayName like ‘{Targetname from “Target Server”}.odyssey.com%’ Configure the Connection tab with the following information: . Database type—SQL Server . Authentication—Windows Authentication (authenticates as Opalis Action Account unless you provide alternate credentials on the Alternate Credentials tab) . Server—<SCOM database server name> . Initial Catalog—<SCOM Operational DB name> 3. HealthService—This Start Maintenance Mode object starts maintenance mode for the Health Service object for the computer named in Target Server. The configuration is shown in Figure 9.8. . Monitor—Microsoft.SystemCenter.HealthService:{Targetname from “Target Server”} . Reason—PlannedApplicationMaintenance . Duration—15 . Comment—Opalis Reboot 4. Windows Computer—This Start Maintenance Mode object starts maintenance mode for the Windows Computer object for the computer named in Target Server.
Use Case Scenarios
309
This object is configured with the same values shown for the HealthService object (object number 3), with the exception of the Monitor field, which should be configured as Microsoft.Windows.Computer—{Targetname from “Target Server”}.odyssey.com.
FIGURE 9.8 HealthService Properties
5. HealthServiceWatcher—This Start Maintenance Mode object starts maintenance mode for the Health Service Watcher object for the computer named in Target Server. This object is configured with the same values shown for the HealthService object (object number 3), with the exception of the Monitor field, which should be configured as Microsoft.SystemCenter.HealthServiceWatcher:Microsoft.SystemCenter. AgentWatchersGroup;[Mid(Field(‘{Full line as a string with fields separated by ‘;’ from “Query Database to get ID”}’,’;’,2),2,36)]. 6. Junction—The Junction object is used to stop further processing until all branches of the workflow have been completed.
Branch Office Maintenance Mode
This sample policy (shown in Figure 9.9) provides a workaround for this limitation by monitoring the health state of a network device in SCOM and then triggers a group maintenance mode script to put all the servers in the affected branch into maintenance mode
9
A common concern in distributed enterprises that utilize SCOM for monitoring are the alert floods that result from failures in branch office connectivity. This is because the current version of the product does not have an awareness of the relative location of one monitored node versus another. (This will be rectified in SCOM 2012.) Therefore, when a branch office router is unreachable, SCOM not only raises an alert for the router itself, but about 3 minutes later, raises heartbeat failure alerts for all the servers and other monitored devices hosted at the affected branch office.
310
CHAPTER 9
Integration with System Center Operations Manager
before the alert flood begins. Although this could probably be handled entirely with OIS objects, the policy would be substantially more complex. With that in mind, this policy leverages simple PowerShell maintenance mode scripts to begin or end maintenance mode for a group of servers based on the health state of the branch office router.
FIGURE 9.9 Branch office maintenance mode
CAUTION:
RUNNING OPERATIONS MANAGER CMDLETS REQUIRES 32 BITS
This policy uses the Operations Manager PowerShell cmdlets to put a group into maintenance mode. The 32-bit Operations Manager PowerShell snapin does not load on a 64-bit Windows installation. For this policy to succeed, you must execute it on a 32-bit server (Windows 2003). Otherwise, you will need to use PowerShell remoting to connect to the Operations Manager RMS. For detailed steps on how to run PowerShell scripts on 64-bit operating systems with Opalis, see http://blogs.technet.com/b/opalis/archive/2010/11/29/opalis-6-3running-powershell-scripts-on-64-bit-operating-systems.aspx.
Here are the activities performed by this policy: 1. Monitor State—This object is configured to watch for changes in the state of an availability monitor for a network device. By default, SCOM performs a simple SNMP GET through a unit monitor named Network Device Status. However, you can substitute a custom availability monitor of your own design if you want. . Object— . State—Critical 1.1 Conditional Link (Branch Router Down)—The filtering logic in this link registers a match when the health state published by the Monitor State object equals Critical. 1.2 Conditional Link (Branch Router Up)—The filtering logic in this link registers a match when the health state published by the Monitor State object equals Healthy.
Use Case Scenarios
311
2. Start Maintenance Mode—If the unit monitor that monitors the availability of the branch router goes into a critical state, this renamed Run .Net Script object is triggered, which runs a simple group maintenance mode script to place a group containing branch office servers into maintenance mode for one hour. . Language—PowerShell . Script—<paste contents of StartMaint.ps1>, available as online content for this book.
CAUTION: WHY NOT USE THE START AND STOP MAINTENANCE MODE OBJECTS FROM THE SCOM IP? When you use the Start Maintenance Mode object to put an Operations Manager group into maintenance mode, only the group object itself will enter maintenance mode. On the other hand, when you use the Operations Manager Command Shell to put a group into maintenance mode (which makes the request through the Operations Manager SDK) all the objects contained in the group enter maintenance mode as well. In either case, a script will likely be required. This route minimizes the overall complexity of the policy. An excellent group maintenance mode script, written by Steve Rachui, is available at http://blogs.msdn.com/b/steverac/archive/2010/08/09/place-a-group-inmaintenance-mode-with-powershell.aspx.
3. Stop Maintenance Mode—When the unit monitor returns to a healthy state, this renamed Run .Net Script object is triggered, which runs a simple PowerShell script to end maintenance mode for the same group of computers. . Language—PowerShell . Script—<paste contents of StopMaint.ps1>, available as online content for this book.
EXTENDING OPALIS INTEGRATION WITH SCOM
The SCOM Extensibility Kit 2.0, released as open source on CodePlex, provides functionality not included in the SCOM IP. This Extensibility Kit provides a .DLL that adds the following object capability to OIS: . Create SCOM Notification Subscription . Delete SCOM Notification Subscription . List Pending Agent Installs . Approve Pending Agent Installs You can test this functionality using the Invoke .Net Object from the QIK 3.0 IP. This DLL (and appropriate dependencies) can be used to create an Opalis IP by using the QIK Wizard.
9
NOTE:
312
CHAPTER 9
Integration with System Center Operations Manager
Download the SCOM Extensibility Kit 2.0 from CodePlex at http://opalis.codeplex.com/ releases/view/50751.
Summary This chapter covered the configuration requirements of the SCOM IP and details on each of the eight objects contained within it. It also covered a number of use case scenarios that demonstrated how many of the objects can be used in live workflows to automate incident remediation and maintenance-related tasks. The next chapter will delve into the IP for another System Center product—Service Manager 2010.
CHAPTER
10
Integration with System Center Service Manager
IN THIS CHAPTER . Requirements . Installing the SCSM IP . Configuring the SCSM IP . Objects at a Glance . Objects in Depth
One of the System Center Integration Packs (IPs) bundled with Opalis Integration Server (OIS) 6.3, the Microsoft System Center Service Manager (SCSM) IP allows administrators to automate Hyper-V and VMware virtualization activities from OIS via Service Manager 2010. This chapter discusses the functionality of the Microsoft SCSM IP. The chapter describes the requirements for using the SCSM IP. It covers the installation procedure and configuration steps, followed by an explanation of how each object functions, along with common use case scenarios. The chapter also presents several sample policies to show you how to leverage the SCSM IP fully to automate common processes.
Requirements Before getting started, note that the SCSM IP is only included in the OIS 6.3 installation files and not available as a separate download. The following sections discuss specific requirements.
Opalis Integration Server 6.3 It is not possible to get this IP without the OIS 6.3 installation files as it comes bundled together. Specifically, this IP is located in the folder <Extraction Path>\Opalis 6.3\Integration Packs for System Center of the OIS 6.3 ZIP file.
. Use Cases Scenarios
314
CHAPTER 10
Integration with System Center Service Manager
System Center Service Manager 2010 This IP is used to orchestrate specific components of Service Manager; because of this, Service Manager 2010 must be installed.
Locale Settings The objects in the SCSM IP are only supported for use on computers that use the ENU locale and the U.S. English date format. The U.S. English date format is month/day/year.
Installing the SCSM IP Installing the IPs is discussed in Chapter 4, “Installing Opalis Integration Server 6.3.” Please refer to this chapter for more information.
Configuring the SCSM IP All objects in the Service Manager IP use the connection details specified in the Connection account to execute functions on the Service Manager server. If you have more than one Service Manager implementation, you can create connection accounts for each Service Manager server. You can also create multiple connections for each Service Manager server to allow for differing permissions in the accounts used to access Service Manager. Connection accounts are critical to be able to use the SCSM IP. Perform the following steps to configure a Connection account for Service Manager. 1. In the top menu of the OIS Client, select Options -> System Center Service Manager. 2. In the SCSM dialog box that opens, click Add and supply the relevant connection details. The following information is required, as shown in Figure 10.1:
FIGURE 10.1 Configuring the SCSM connection
Objects at a Glance
315
. Name—Name you are giving the connection . Server—Name of the Service Manager 2010 server . Domain—Domain of the Active Directory (AD) user account to be used . User Name—AD account used to connect to Service Manager 2010 . Password—Password for the AD account . Polling—Interval at which the SCSM connection is polled by any Monitor Object objects that use the connection . Reconnect—Interval at which the SCSM connection is retried when disconnected The SCSM Connection dialog box also provides a Test Connection button to test the connection details provided. 3. Click OK to create the connection. Further details on how to create a connection can be found on TechNet at http://technet. microsoft.com/en-gb/library/gg464964.aspx.
Objects at a Glance For reference, here are the objects included in the SCSM IP: . Create Change with Template . Create Object . Create Incident with Template . Create Related Object . Create Relationship . Get Activity . Get Object . Get Relationship . Monitor Object
. Create Change with Template . Upload Attachment . Update Object
10
. Update Activity
316
CHAPTER 10
Integration with System Center Service Manager
Objects in Depth This section describes each of the 13 objects contained within this IP to provide an understanding of what each object does. Each of the following objects has a link to its corresponding TechNet article, where there is more information on the object and tables listing the properties and published data. . Create Change with Template—This object is used to use an existing template to create a new change record. Information on the elements in the object is available at http://technet.microsoft.com/en-gb/library/gg464938.aspx. . Create Object—Use the Create Object object to create any new objects against any class that exists in Service Manager. As an example, creating a new incident record uses this object. Information on the elements in the object is available at http://technet.microsoft.com/en-gb/library/gg440625.aspx. . Create Incident with Template—Within Service Manager, it is common to create templates for new incident records. This object creates a new incident from one of these templates. Although a template is used, values provided by the template for the record can be overwritten. See http://technet.microsoft.com/en-gb/library/ gg440725.aspx for information on the elements in the object.
NOTE: MANDATORY FIELDS WITH CREATE CHANGE WITH TEMPLATE AND CREATE INCIDENT WITH TEMPLATE OBJECTS Mandatory fields in child objects that are created by the Create Change with Template and Create Incident with Template objects are not supported. If there are any mandatory fields in child objects being created, the activity fails in Service Manager, as there is no way a user can provide the mandatory properties.
. Create Related Object—This object creates a new object in SCSM that is related to another object that already exists. For information on the elements in this object, see http://technet.microsoft.com/en-gb/library/gg440740.aspx. . Create Relationship—When no relationship exists between two entities, this object can be used to create a relationship. This can be used, for example, in a scenario where a configuration management database (CMDB) is automatically updated with configuration items (CIs) that belong to a parent CI. See http://technet.microsoft. com/en-gb/library/gg464943.aspx for information on the elements in this object. . Delete Relationship—When a relationship exists between two entities, this object can be used to delete that relationship. For example, in a CMDB where configuration item data is changing frequently, relationships between certain CIs might no longer be required and can therefore be removed. Information on the elements in the object is available at http://technet.microsoft.com/en-gb/library/gg440784.aspx.
Use Case Scenarios
317
. Get Activity—The Get Activity object is used to return an activity object for a selected activity class. This object is specific to activities; however, you could also use the Get Object object to achieve the same result, as it is a more generic object. Information on the elements in the object is available at http://technet.microsoft. com/en-gb/library/gg440745.aspx. . Get Object—This object uses filter criteria to return objects for any class that exists in Service Manager. See http://technet.microsoft.com/en-gb/library/gg464939.aspx for additional information on the elements in the object. . Get Relationship—This object is used to return a list of objects from two different classes that are related based on specified criteria. This object can be used to find all the related objects in one class from a parent object in another. As an example, using this object it is possible to discover all the activities that are related to an incident. For more information on the elements in the object, refer to http://technet. microsoft.com/en-gb/library/gg440722.aspx. . Monitor Object—This object monitors for new or updated objects in SCSM that match a specified criteria. Any object from any class in SCSM can be monitored, which makes this a useful object to trigger the start of a policy. Information on the elements in the object is available at http://technet.microsoft.com/en-gb/library/ gg440792.aspx. . Update Activity—The Update Activity object is used to make changes to activity records for a selected activity class. For additional information on the elements in the object, see http://technet.microsoft.com/en-gb/library/gg440608.aspx. . Upload Attachment—The Upload Attachment object uploads file attachments to File Attachment objects. To use this object, the Create Related Object object is required first to create a File Attachment object that is related to the object that is to encompass the attached file. After the File Attachment object is created, the Upload Attachment object is used to upload the file. Information on the elements in the object is available at http://technet.microsoft.com/en-gb/library/gg440728.aspx. . Update Object—This object is used to update a single or multiple properties on an object within SCSM. This object can be used after any object has been created to update the object to reflect the appropriate status or add additional information. Further information on the elements in the object is available at http://technet. microsoft.com/en-gb/library/gg440815.aspx.
The following sections present some typical use cases for the SCSM IP. Each example policy uses at least two objects from the SCSM IP and demonstrates a common use. The policies are explained in depth to demonstrate how objects can be used to automate common SCSM processes.
10
Use Case Scenarios
318
CHAPTER 10
Integration with System Center Service Manager
The following three scenarios are presented to demonstrate how to effectively utilize objects from the SCSM IP: . Close Resolved Incidents . Manage Incident . Automating Change
Close Resolved Incidents A common request in many businesses is to close incidents automatically after they have been in a resolved state for a predefined amount of time. This would typically be a manual process that can consume a significant amount of time. The policy shown in Figure 10.2 runs once per day and closes all incidents that have been in a resolved state for 5 days. This is achieved by using four objects: . The Monitor Date/Time object triggers the workflow on a daily basis. . The Format Date/Time object publishes the date minus 5 days. . The Get Object object gets all incidents in the resolved state that have been in the resolved state since the date from the Format Date/Time object. . The Update Object object closes the incidents and update the description. Here are the steps required to create this policy: 1. Monitor Date/Time—To ensure that this policy is run automatically once a day, it starts with the Monitor Date/Time object. Using this object you can control how often the policy is run, whether that be on a minute, hourly, or daily basis. 2. Format Date/Time—This object is required to format the date/time so a date/time is returned that matches the requirements. As an example, this policy is closing incidents after they have been in the resolved state for 5 days, so a date/time is required that is minus 5 days from the current date/time. Figure 10.3 displays how to configure the Format Date/Time object to adjust the output date by minus 5 days. For this object to work, the current Date/Time is required; this is achieved by creating and using a new variable with the value Now(). 3. Get Object—This object retrieves the Globally Unique Identifier (GUID) of an object that has been in a resolved state for a period longer than the date and time provided by the Format Date/Time object. Figure 10.4 shows how the object is configured.
FIGURE 10.2 Close resolved incidents
Use Case Scenarios
319
FIGURE 10.3 Format date/time
FIGURE 10.4 Get resolved incident objects Two properties are required for this object, which provides the Service Manager connection and the class of the object that needs to be retrieved. In this scenario, there is a connection to the Service Manager server, and the class is set to Incident.
4. Update Object—This object subscribes to the GUID published by the Get Object object and updates the object properties as required. The three properties required for this object are connection, class, and object GUID. The same connection and
10
With only the connection and class information, all incidents from Service Manager are returned. To ensure only the incidents that are required are returned, filters are used to filter out the objects that are not required. The filter displayed in Figure 10.4 is Resolved Date, it has a relation of Before, and the value is the published Format Result data from the Format Date/Time object. With this configuration, only incident objects that have been in a resolved state for over 5 days are returned.
320
CHAPTER 10
Integration with System Center Service Manager
class are used as for the Get Object object, and as the Object GUID has been published by Get Object, the published data can be subscribed to as the value for the property. After the property data is provided, the fields can be selected that require updating. Using the Select optional fields button, all available fields for the object are returned and can be selected so they can be updated. As is the case in this policy, incidents require closing after 5 days, the Status field is selected, and the value updated to Closed. Figure 10.5 shows the configuration of the Update Object object.
FIGURE 10.5 Close resolved incidents
Manage Incidents The policy displayed in Figure 10.6 illustrates one way incidents can be managed in Service Manager. In this use case, specific incidents are being monitored, a resolution performed, a Manual Activity for the resolution created and linked to the incident, and finally, the object updated to indicate the Manual Activity was successfully completed. To simplify this use case to focus on the Service Manager objects, the Restart System object is used to restart a computer as a resolution, but you could replace this with a Trigger Policy object to trigger another policy to attain the resolution.
FIGURE 10.6 Managing an incident
Use Case Scenarios
321
Here are the steps of this policy: 1. Monitor Object—This object is used to monitor for new incidents created in Service Manager that match a specified criteria. In this case, new incidents are being monitored that contain text in the description that a computer requires restarting; this is displayed in Figure 10.7.
FIGURE 10.7 Monitor object
NOTE: ADDING FILTERS TO MONITOR OBJECT FOR A CUSTOM INCIDENT FORM If a custom Incident form is being used in Service Manager for specific issues, the customized fields could be added as filters to Monitor Object. This is another way to make sure that only the incidents that need to trigger this policy actually do so.
2. Create Related Object—The Create Related Object object is used to create a Manual Activity that is linked to the incident. This object has five required properties: . Connection . Source Class
. Relationship Type . Source Object Guid All these properties are configured as displayed in Figure 10.8.
10
. Target Class
322
CHAPTER 10
Integration with System Center Service Manager
FIGURE 10.8 Create Related Object
After the required properties are completed, the informational fields within the Manual Activity can be updated by selecting Select optional fields. In this scenario the Status, Property, and Title fields of the Activity are updated, as shown in Figure 10.8. However, any field within the Activity can be updated as required. 3. Restart System—The Restart System object is used to restart the affected computer. This object is part of the foundation objects within OIS 6.3 and requires only the name of the computer that needs to be restarted. In this policy, the computer name is being subscribed to from the Notes field of the original incident. This object is used in this example to demonstrate how a policy can be created to both resolve the issue and update Service Manager appropriately. In many scenarios, you would replace this object with a trigger policy object to start a separate policy to resolve the issue. 4. Update Activity—After the restart computer activity completes, the Manual Activity status requires updating to Complete. This object requires three properties, Connection, Activity Class, and Object Guid. After the Connection account is set, the Activity Class should be set to Manual Activity, and the Object Guid value should be subscribed from the Create Related Object object. Within this object, the fields need to be selected that require updating. In this case, the Status field has been selected and a value set to Completed. Also selected is the Description field where details of the work completed can be updated, as shown in Figure 10.9. 5. Update Object—This object is used to update properties of an object. Figure 10.10 displays how the incident can be updated into a resolved state. The required properties are Connection, Class, and Object Guid and are configured as in Figure 10.10. As with Update Activity, any field within the incident object can be selected and updated.
Use Case Scenarios
323
FIGURE 10.9 Update activity
FIGURE 10.10 Update object
Automating Change
10
Most organizations today have some level of change process control. This process control enables companies to control and track all changes made in their environment. Many change requests require a full review and authorization from a change advisory board (CAB); however, frequent changes that are low risk can be preapproved and performed when required providing a change request is logged.
324
CHAPTER 10
Integration with System Center Service Manager
This scenario shows how to orchestrate a change request from creation through to completion. Figure 10.11 displays a policy to automate the change process and resolve a disk space issue on a server. This policy starts with the Monitor Object object to monitor for new incidents that have a title of “Low Disk Space - Generated from Template.” In this scenario, an incident template is used to generate an incident with a Manual Activity already associated with it. After the change request is logged using a Change template in Service Manager, the Create Relationship object links it with the Manual Activity within the incident record. The Change record created is based on a standard change template and only includes one Manual Activity.
FIGURE 10.11 Automating change After the Change record is created and associated with the Manual Activity, a PowerShell script is run to increase the available space on the affected drive, using the Run .Net Script object, and the free space on the drive is published to the Data Bus as FreeSpace. The Get Relationship object is then used to retrieve the Activity that is associated with the Change record, and this is updated into a Completed state using the Update Activity object. Finally, the Update Object object is used to also update the Change record into a completed state. Here are the steps of this policy: 1. Monitor Object—This object monitors for new incidents that have been created and have the Title “Low Disk Space - Generated from Template,” as displayed in Figure 10.12. The incident is created using a template within Service Manager that has a Manual Activity associated with it and has the computer and disk drive name of the affected computer in the Description field. 2. Create Change with Template—This object connects to Service Manager and creates a change request from a template. The connection, class, and template properties are required properties for this object. The connection property requires one of the predefined connection accounts. For the class property, the Change Request class is selected, and for Template, select the relevant change item template in Service Manager. Figure 10.13 displays the details for the Create Change with Template object. When using this object, it is also possible to update fields in the change request, if required. By clicking the Select optional fields button, all the fields for the change
Use Case Scenarios
325
FIGURE 10.12 Monitor Object
FIGURE 10.13 Create Change with Template object are returned and new values can be assigned. In this scenario, all the data provided in the standard change is sufficient so no fields require updating.
3. Create Relationship—The Create Relationship object creates a relationship between two objects in Service Manager. As a Change record has been created to perform actions to possibly resolve the incident, the Change record needs to be linked to the Manual Activity within the incident. As displayed in Figure 10.14, the
10
For this scenario, a standard change request template has been created in Service Manager that has only one Manual Activity to resolve the issue and no review activities. As this is a standard change, it already has preapproval, so no approval activity is required.
326
CHAPTER 10
Integration with System Center Service Manager
relevant Connection needs to be provided: a Source Class of Manual Activity, a Target Class of Change Request, and a Relationship Type of Is Related to Work Item. Also required is the Source Object Guid, which can be subscribed to from the Monitor Object object, and the Target Object Guid, which can be subscribed to from the Create Change with Template object.
FIGURE 10.14 Create Relationship 4. Run .Net Script—This object is from the foundation objects provided with OIS 6.3 and can run four different script types: . JScript . C# . PowerShell . VB.NET Using one of these types, a script can be inserted into the object, which is triggered after the Create Change with Template object. The script runs several cleanup actions on the affected drive in an attempt to free some disk space, after which the free space on the drive is reassessed and published to the Data Bus. The details of the computer and drive that have space issues are obtained by subscribing to the Description of the Monitor Object object. 5. Get Relationship—This object is used to get the relationship between the change object and its Manual Activity. As the Object GUID of the Manual Activity is required later in this policy, this object is required as it will publish this data to the Data Bus. To publish the relationship data, the Get Relationship object has four property fields: . Connection—Select the Connection to the required Service Manager computer. . Object Class—Select the class of the object being used.
Use Case Scenarios
327
. Object Guid—Enter the Object Guid to limit the retrieval activity to only records that are related to a single item in the object class. The value for this property can be subscribed to from the Data Bus. . Related Class—Select the Related Class from which you want to retrieve the records that are related to the Object Class. After the relevant Connection property is selected, the Object Class property is set to Change Request and the Related Class is set to Manual Activity. This is so the Object GUID of the Manual Activity related to the change request can be retrieved. The value for the Object GUID can be subscribed to from the Create Change with Template object. The configuration of the Get Relationship object is displayed in Figure 10.15.
FIGURE 10.15 Get Relationship
NOTE:
FILTERING MANUAL ACTIVITIES
In this scenario, only one Manual Activity exists. If, however, more than one Manual Activity exists that is related to the change request, they are all returned. Link conditions should be utilized in this case to filter out all but the desired Manual Activity.
10
5.1.
Filter Relationship Link—This link object is used to filter the results of the Get Relationship object. The Get Relationship object returns two manual activities related to the change request so the two items need to be filtered for the one that is required. Using the link, the relationship class is filtered for where the Relationship Class equals Contains Activity, as displayed in Figure 10.16. This ensures that only the manual activity for the change request is passed to the next object in the policy.
328
CHAPTER 10
Integration with System Center Service Manager
FIGURE 10.16 Filter Relationship link
6. Update Activity—This object updates the Manual Activity that is related to the change request. As the script in the Run .Net Script object ran successfully, the status of the Manual Activity is updated to Completed. The Update Object is configured with the relevant Connection, Class, and Object Guid details, as displayed in Figure 10.17. The Select optional fields button can be clicked to provide a list of all the available fields that can be updated. In this case, select the Status field and update the value to Completed, and then select the Notes field and provide the Free Space value from the Run .Net Script object.
FIGURE 10.17 Update Activity
7. Update Object—After the Manual Activity is updated, the Update Object object is used to update the original change request. As displayed in Figure 10.18, the prop-
Use Case Scenarios
329
erty information needs to be provided, and once again, the Status field is selected and the Closed value selected. The Implementation Results field is updated to Successfully Implemented, even if the disk space issue is not resolved. This is because the activity to clear the disk space ran.
FIGURE 10.18 Update Object
8. Update Activity—After the change request has been updated, the Update Activity object is used again to update the manual activity associated with the incident. As the change request was completed successfully, the status of the manual activity can also be updated to Completed and notes added. The Update Object is configured as in step 6, with the Object Guid changed to update the activity associated with the incident, as displayed in Figure 10.19.
10
FIGURE 10.19 Update Activity
330
CHAPTER 10
Integration with System Center Service Manager
This scenario has shown how to create a change request automatically based on a specific incident, run an action in an attempt to resolve the issue, update the change request with the outcome, and then go back to the original incident to update the associated activity. Although this is a complete policy, it could be further extended to provide a notification that the change request took place, or it could trigger another policy to perform some activities to check the issue is resolved and update the incident appropriately.
Summary This chapter covered the installation and configuration requirements of the SCSM IP and details on each of the 13 objects contained within it. This chapter also discussed the practical application of the SCSM IP with some common use scenarios. The objects within this IP can be used in many ways to automate business processes. When used in conjunction with the other IPs available in OIS 6.3, a large percentage of common activities can be automated to provide many business efficiencies. For more information on using the System Center IPs together, visit Chapter 14, “Data Center Scenarios.”
CHAPTER
11
Integration with System Center Configuration Manager Opalis Integration Server (OIS) 6.3 includes a set of Integration Packs (IPs) to tie OIS to Microsoft’s System Center Suite. This chapter specifically covers the IP for Microsoft System Center Configuration Manager (SCCM). OIS version 6.2.2 can also integrate with Configuration Manager. However, it uses objects specifically written for System Management Server (SMS) 2003 and does not incorporate the newer, richer features of Configuration Manager 2007. This chapter describes the requirements for using the SCCM IP along with the installation procedure and configuration steps. It explains each object, providing some sample policies and use case scenarios to show you how to take advantage of the SCCM IP.
Requirements Before getting started, note that the SCCM IP is included in OIS 6.3 installation files and not available as a separate download. Specific requirements are discussed in the following sections.
Opalis Integration Server 6.3 You cannot get this IP without the 6.3 installation files because it comes bundled together. Specifically, this IP is located in the <Extraction Path>\Opalis 6.3\Integration Packs for System Center folder of the 6.3 ZIP file.
IN THIS CHAPTER . Requirements . Installing the SCCM IP . Configuring the SCCM IP . Objects at a Glance . Objects in Depth . Use Case Scenarios
332
CHAPTER 11
Integration with System Center Configuration Manager
System Center Configuration Manager 2007 As you are using objects from the IP to automate specific components of Configuration Manager, it makes sense that one of the requirements of using this IP is SCCM itself. This IP requires SCCM 2007 RTM or later. Although some objects might work with SMS 2003, the IP was not designed for 2003, and therefore its use is not supported by Microsoft.
Installing the SCCM IP Installing the SCCM IP is identical to that of other IPs. Follow the instructions in Chapter 4, “Installing Opalis Integration Server 6.3,” for more information.
Configuring the SCCM IP All objects in the SCCM IP use the credentials supplied by the Connection account to execute various functions on the SCCM site server. If you have multiple site servers to manage, you can utilize additional connection accounts for each site server. Whether you use multiple accounts to provide OIS deployments for multiple site servers or a single account depends on the security requirements of your organization, your site server topology, and the team(s) responsible for managing SCCM. Another reason to use multiple connections is to leverage accounts with varying sets of permissions. This can be useful if there are requirements around the type of security permissions granted. As an example, you might have one set of credentials for workstations and another for servers.
Creating the Connection Account You must install the IP before creating the connection. After the IP is installed, open the OIS Client and navigate to Options and then to System Center Configuration Manager in the menu bar. In the Connections window, add a new connection and supply the following information, as shown in Figure 11.1: . Name—Supply a name for the connection. This is simply the name of the connection and should be descriptive enough to allow policy authors to understand how the connection is used. Figure 11.1 shows SCCM Server entered.
FIGURE 11.1 Connection Entry
Configuring the SCCM IP
333
. Server—Name of the Configuration Manager server.
. Password—Password for the account. Use the Test Connection button, as shown in Figure 11.1, to verify the SCCM user account has the appropriate privileges to connect to the Configuration Manager server. If you are assigning the privileges later, you can always come back to the Connection Entry window and verify that the connection succeeds.
CAUTION: TEST CONNECTION DOES NOT VERIFY IN-DEPTH PERMISSIONS When you perform the Test Connection action, the permissions required to use all the objects in the IP are not verified. Test Connection verifies that the connection account can access the Configuration Manager server. This is the equivalent of getting access to a building but not to every office or floor. Specifically, if Test Connection works, it indicates the account can access the Configuration Manager Windows Management Instrumentation (WMI) namespace correctly.
Granting Access to the Connection Account You must manage the permissions for the accounts in the SCCM console. The easiest way to provide access to the connection account is to grant the account full administrative access to the SCCM server. To grant full SCCM access, perform the following steps: 1. Launch the SCCM Console. 2. Navigate to Site Database and then to Security Rights. 3. Right-click Security Rights and choose Manage ConfigMgr Users. 4. In the ConfigMgr User Wizard, click Next through the Welcome screen and enter the username in the Add a New User field. 5. Choose Copy rights from an existing ConfigMgr user or user group. Click. Next. 6. At the Copy Right step, in the Source User field, choose NT AUTHORITY\SYSTEM and click Next. 7. At the next step, all the copied permissions are listed. Ensure that The Listed Rights Are Sufficient is selected, and click Next. 8. On the Summary screen, click Next. At the Confirmation screen, click Close.
NOTE: WMI AND DCOM PERMISSIONS When granting access to SCCM, as outlined in this section, the Connection Account is added to the local security group (SMS Admins) on the SCCM site server. Inclusion in this group automatically provides access to the Distributed Component Object Model (DCOM) and the Configuration Manager namespace in WMI. In fact, the SCCM console connects to the site server through WMI as well.
11
. Username—Active Directory (AD) account of a user with privileges to the SCCM environment. Ensure this name is specified in domain\username format.
334
CHAPTER 11
Integration with System Center Configuration Manager
For additional information on configuring DCOM and WMI, read the article on securing a remote WMI connection at http://msdn.microsoft.com/en-us/library/aa393266.aspx.
If your organization requires specific delegation, SCCM supports that. Table 11.1 lists all the objects and the related permissions required in SCCM to help you plan and assign the right level of permissions.
TABLE 11.1 Configuration Manager Permissions SCCM IP Object
SCCM Class
Permissions
Advertise Task Sequence
Advertisement
Read, Create
Collection
Read, Advertise
Task Sequence Package
Read
Refresh Collection
Collection
Read
Add Computer to Collection
Collection
Read, Modify
Create Advertisement
Advertisement
Read, Create
Collection
Read, Advertise
Package
Read, Distribute
Create Collection
Collection
Read, Create
Delete Collection
Collection
Read, Delete
Deploy Software Update
Deployment
Read, Modify, Delete, Create
Get Advertisement Status
Advertisement
Read
Get Collection Member
Collection
Read
Get Software Update Compliance
Configuration Items
Read
Collection
Read
Note that the objects in Table 11.1 are sorted as they are shown in the OIS Client.
NOTE: REFRESH CLIENT OBJECT You might have noticed that Refresh Client is missing from the permissions table. This is because Refresh Client is a process that actually performs on the SCCM client and does not require any permission to the SCCM server. Keep in mind the Refresh Client object does not use the SCCM connection account. Instead, it uses the OIS Action Server service account.
Objects in Depth
335
Connectivity Requirements
Here are port requirements to consider: . DCOM uses TCP 135 as the DCE endpoint resolution. . DCOM dynamically assigns TCP ports in the range of 1024 to 65535.
Objects at a Glance The following objects are included in the SCCM IP: . Add Computer to Collection . Advertise Task Sequence . Create Advertisement . Create Collection . Delete Collection . Deploy Software Update . Get Advertisement Status . Get Collection Member . Get Software Update Compliance . Refresh Client . Refresh Collection
Objects in Depth Although you can use many of the objects listed in the “Objects at a Glance” section on their own, the power is in how you can combine them to automate even complex provisioning, migration, and maintenance tasks related to SCCM. This section describes the objects in the SCCM IP in detail to clarify their intended function, the other objects with which they are commonly used, and common use case scenarios where appropriate. The SCCM IP consists of 11 objects: . Add Computer to Collection—This object is used to add a computer or a group of computers to a collection. This occurs by adding a direct membership rule pointing to the specified computer in the target collection. Because these are not query-based
11
Many production environments use firewalls between systems. Often times, OIS might be positioned on the other end of a firewall, making the use of certain objects such as those in this IP rather difficult. All the objects use a remote WMI connection to access the SCCM server. It is important to understand that when a WMI connection is established, the computer is connecting through DCOM.
336
CHAPTER 11
Integration with System Center Configuration Manager
rules, the collection requires one rule per computer. More information on this object is available at http://technet.microsoft.com/en-us/library/gg440772.aspx. . Advertise Task Sequence—Task sequences are a series of instructions a Configuration Manager client executes. Although primarily used for deploying operating systems, they are not limited to deployment. You can use OIS to create an advertisement to send an existing task sequence to a Configuration Manager collection. More details on the properties and published data can be found at http://technet.microsoft.com/en-us/library/gg440810.aspx.
NOTE: WATCH FOR DUPLICATE ADVERTISEMENTS Advertise Task Sequence object creates objects based on the name provided to it. Because this is not an Advertisement ID, the value is duplicated if the object runs more than once successfully. Though the Advertisement IDs are unique, the other values look identical, as shown in Figure 11.2.
FIGURE 11.2 Identically named advertised task sequences . Create Advertisement—The Create Advertisement object is used to deploy software to computers in a target collection. The schedule for the advertisement can be set just as you would in the SCCM console (assigned only, a specified time, or as soon as possible). Check out http://technet.microsoft.com/en-us/library/gg440772.aspx for more information. . Create Collection—Using this object creates an empty collection in Configuration Manager. Although at first glance this object might not seem to have much substance, using it in conjunction with an object, such as Add Computer to Collection, exposes just how powerful this object can be. Computer names can be provided to the object from any of the other available objects in OIS. More detail about Create Collection is available at http://technet.microsoft.com/en-us/library/ gg464967.aspx. . Delete Collection—Use the Delete Collection object to remove an existing collection from Configuration Manager. This object also deletes all information associated with the collection such as advertisements, collection variables, maintenance windows, power saver settings, and anything else that pertains to collection properties. Any subcollections of the target collection are also removed by default. A number of safeguards are included with this object to prevent the accidental deletion of an active collection. Although the default behavior is to ignore a request to delete a collection when these safeguards are applied, you can change this behavior by overriding the advanced properties. Additional details about this object are available at http://technet.microsoft.com/en-us/library/gg440781.aspx.
Objects in Depth
337
. Get Advertisement Status—To retrieve status messages about an advertisement for a computer, use the Get Advertisement Status object. Status information is extremely useful to use as an intermediary step to validate an action executed successfully before moving on to another part of the policy. Examine the TechNet article at http://technet.microsoft.com/en-us/library/gg440650.aspx for more information about Get Advertisement Status. As an example, if you deployed software to a computer by using Create Advertisement, you could link to this object as the next step to check the status of the advertisement. Depending on the status, an email could be sent out with differing messages. . Get Collection Member—This object is used to retrieve the membership of a SCCM collection. The membership is captured in the Data Bus, thus making it available to other objects later in the policy. Additional details about this object are available at http://technet.microsoft.com/en-us/library/gg440624.aspx. . Get Software Update Compliance—This object might sound similar to Get Advertisement Status. However, instead of looking at the status of an advertisement in SCCM, it queries SCCM for the compliance status of a computer. For more information about this object, check out the link at http://technet.microsoft.com/en-us/ library/gg464957.aspx. . Refresh Client—The function of this object should not be uncommon to SCCM administrators. The act of refreshing a client starts an action on the SCCM agent to retrieve its policies immediately. Refresh Client lets you specify the computer name and action to refresh. More details are available at http://technet.microsoft.com/enus/library/gg440765.aspx. This action occurs on the Configuration Manager client by connecting remotely to the computer and triggering the policy retrieval cycle. Be sure the OIS Action Server service account has administrative privileges to the computer.
NOTE: USE CAUTION WHEN USING WITH A LARGE NUMBER OF COMPUTERS Be careful when using this process to initiate Configuration Manager policy retrieval on a large number of clients because the OIS Action Server instructs all of the clients to retrieve their policies all at once. When triggered this way, the SCCM client does not respect its interval settings and retrieves the policy immediately. This is effectively the same as initiating the Policy Retrieval action in the Configuration Manager control panel applet.
11
. Deploy Software Update—The Deploy Software Update object is similar to the Advertise Task Sequence and Create Advertisement objects. However, this object is used specifically to control the delivery and installation of Software Updates. To use this object, ensure that at least one update list, deployment template, and deployment package are available. Find out more information at http://technet.microsoft. com/en-us/library/gg440766.aspx.
338
CHAPTER 11
Integration with System Center Configuration Manager
. Refresh Collection—Another common task for SCCM administrators is to refresh collections. By using the Refresh Collection object, an administrator can trigger the process that reevaluates and updates the membership of a collection. As collections are refreshed on a schedule, typically once a day (making it possible that the collection membership might be stale), consider using this object prior to any action—such as Create Advertisement—to ensure all eligible computers are targeted. Additional information about the Refresh Collection object can be found at http://technet.microsoft.com/en-us/library/gg464963.aspx.
Use Case Scenarios Each policy illustrated in this section uses two or more objects from the SCCM IP. It is always advantageous to use the information from the Data Bus because the information is not a static value. This practice makes OIS an incredibly flexible platform for bringing in information, even as it changes, and using it as you would variables in a script. The three core scenarios shown here are covered to demonstrate how to effectively tie the objects together: . Creating and populating a collection . Checking compliance . Advertising software
Creating and Populating a Collection The Creating and Populating a Collection policy, displayed in Figure 11.3, illustrates how to create a SCCM collection and fill it with computers. Because collections are one of the fundamental elements for doing many things (advertisements, task sequences, software updates, and so on) in SCCM, this has the potential to end up as a nested policy in many of your workflows.
FIGURE 11.3 Creating and populating a collection
Use Case Scenarios
339
CAUTION: IMPORTANCE OF OBJECT ORDER When using OIS, be careful about the order of objects in a policy. Whenever an object passes multiple items (a list of computers as an example), the next object executes for each item it receives. To illustrate this, if Get Computer came before Create Collection, there is a chance that more than one computer would be retrieved. If Get Computer were to find 10 computers, the next object, Create Collection, tries to create a collection for every computer. This means that OIS would run the Create Collection object 10 times!
Here are the activities performed by this policy: 1. Custom Start—This object is configured with a single parameter, CollName. This is supplied as a parameter in a Trigger Policy object, an external call to trigger this policy, or manually supplied during testing with the Policy Testing Console. The value supplied for the CollName parameter should be the name of the new collection to create and populate. 2. Create Collection—The Create Collection object generates a new collection using the CollName variable from the Custom Start object as the name and fills the optional Comment field, if provided. If the value of Parent Collection is modified from the default value of Root Collection, the new collection is created under the specified Parent Collection. When modifying the Parent Collection value, it is possible to introduce errors. You can use the ellipses button to retrieve a list from the SCCM server, which should reduce typing errors when specifying a collection. However, this does not prevent the accidental deletion or inadvertent name change that might cause the step to fail because the collection can no longer be found.
NOTE: A LITTLE DETAIL ABOUT THE ROOT COLLECTION Even though the Collection node in the SCCM console doesn’t look like any other collection, it is still a collection known as the Root Collection. Hence, all collections under the root are actually child collections. Any collections created under the Root Collection show up in the console directly under Collections. The ID of Root Collection is COLLROOT.
3. Get Computer—In the Get Computer step, a connection is made to AD and a query is performed to retrieve a list of computers that matches a specified name and wildcard. This object is not from the SCCM IP but rather comes from the Microsoft AD IP.
11
There are many ways to populate the new collection. The method used in this policy is to query AD for computers that match a specified filter. Of course, this doesn’t have to be AD; it could be a text file, a list of machines from Operations Manager (SCOM), or the name of a machine provided by Service Manager (SCSM).
340
CHAPTER 11
Integration with System Center Configuration Manager
3.1
Conditional Link (Matched Names)—As long as the computer name does not match the specified Exclude Filter, the object passes to the Add Computer to Collection object.
3.2
Conditional Link (Excluded Names)—In a production environment, rather than the excluded names, it might be more useful to log the output as is done here. If the computer name matches the specified Include Filter, the object is passed down to the Append Line object.
The filter is specified as Name with a matching criterion of Computer*. This should match the name you are looking for. In these filters, using an asterisk is the accepted wildcard. Figure 11.4 shows an example.
FIGURE 11.4 Get Computer
4. Add Computer to Collection—The Add Computer to Collection object retrieves the values from the Data Bus and uses them to create the direct membership rules that populates the collection properties. The number of computers passed to this object dictates the number of iterations that this object performs. As shown in the Collection field in Figure 11.5, the value is supplied as {Collection ID from “Create Collection”}. This retrieves the Collection ID that is published to the Data Bus when the collection is created by the Create Collection object. In the Computer field, the value is supplied by {ComputerName from “Get Computer”}. The ComputerName value is retrieved from the Data Bus from information published earlier by Get Computer. Because computer names retrieved from AD has a $ at the end of it (such as Computername$), the Field function is used to strip the trailing character.
Use Case Scenarios
341
11
FIGURE 11.5 Add Computer to Collection 5. Append Line—Objects passed down the Data Bus matching the Include Filter in the Excluded Names Conditional Link are written to a text file which can be emailed or collected to ensure that filtered computers are not added to the collection.
Checking Compliance In this policy, OIS is using a specified Configuration Manager collection, retrieving the members of the collection, getting Software Update compliance information, and emailing the results. The Checking Compliance sample policy (see Figure 11.6) uses Get Collection Member as a starting point; although as described in the earlier policy sample, anything could be used that supplies a list of computer names. This interchangeability is what makes OIS invaluable.
FIGURE 11.6 Checking compliance Because this policy ends with sending an email, the Junction object is used to flatten the number of iterations coming down the Pipeline so that only one email is sent instead of an email per iteration.
342
CHAPTER 11
Integration with System Center Configuration Manager
To complete the request of getting Software Update status information, objects are used to enumerate the computers, get their information, and send the results by email. Here are the steps for this policy: 1. Custom Start—This object is configured with a single parameter, CollName. This is supplied as a parameter in a Trigger Policy object, an external call to trigger this policy, or manually supplied during testing with the Policy Testing Console. The value supplied for the CollName parameter is the name of the new collection to create and populate. 2. Get Collection Member—Get Collection Member is provided the name of the collection from the CollName variable in the Custom Start object. 3. Get Software Update Compliance—The computer names from Get Collection Member are published to the Data Bus prior to this step. By providing Get Software Update Compliance the Published Data item {Collection Member from “Get Collection Member”} as the computer name, this object retrieves the compliance status for each computer name in the Pipeline. The Update ID is statically assigned but could have a value provided by the Data Bus if preferred. In this case, it is set to 185352. 3.1
Conditional Link (Write Status)—If the Result Count value from Get Software Update Compliance is not 0, it is presumed that at least one value is present. This is an easy way to determine a status is returned. Matching this result, the policy continues down to the Append Line object in step 4, writing the computer name and status to a text file.
3.2
Conditional Link (Write Unknown)—A Result Count with a value of 0 indicates that Get Software Update Compliance failed as no results are returned. Matching this result, the policy activity branches to the Append Line object in step 5, which writes the computer name and a statically assigned value of Unknown.
NOTE: RETRIEVING UPDATE ID VALUES There is no object in the SCCM IP that provides functionality to retrieve Update IDs. Leveraging Run .NET Script to execute a PowerShell script could be used to retrieve this information, however.
4. Append Line—By using the Append Line object, the information coming down the Data Bus can be captured for use later. The ComputerName and Status fields are written to a text file in the following form: {Computer Name from “Get Software Update Compliance”} : {Status from “Get Software Update Compliance”}
The actual text body would then look like the following: ComputerName : Installed
Use Case Scenarios
343
To get something more intelligent, this Append Line object uses a different ComputerName value and a static status in the following form: {Collection Member from “Get Collection Member”} : Unknown
The actual text body would then look like the following: ComputerName : Unknown
6. Junction—Junction provides the useful functionality of flattening the iterations down to one execution. This is necessary to prevent the Send Email object later in the policy from sending more than one email. For this to occur, leave the Junction object at its default setting, which is to not republish data. As shown in Figure 11.7, the setting specified is Republish data from .
FIGURE 11.7 Junction
7. Get Lines—After the Junction, the Pipeline Data Bus does not contain any information from the previous objects. This means at the next object, the expected number of iterations should be one time. Get Lines is called to grab the data in the text file created in step 4 or step 5. Keep in mind that because of the way Junction is used, no previous information on the Data Bus is available. This means you must specify the File and File encoding fields manually. By setting Line numbers to 1-END (Figure 11.8), the object grabs all the lines in the text file, publishing it to the Data Bus.
11
5. Append Line—If the computer in a collection cannot be queried successfully by the Get Software Update Compliance object, the resulting information written to text is a blank entry separated by a colon.
344
CHAPTER 11
Integration with System Center Configuration Manager
FIGURE 11.8 Get lines
8. Send Email—At the last step, Send Email sends the data to the specified recipient. When {‘All Lines’ line text from “Get Lines”} is provided in the Message field, the content of the Get Lines object is inserted into the email body.
Advertising Software In Figure 11.9, the sample policy Advertise Software is distributing a package to a group of computers. It begins by creating an advertisement. After the advertisement is created, the members of the targeted collection are triggered to refresh their policies. This simple policy illustrates how easy (and powerful) OIS can be at automating tasks.
FIGURE 11.9 Advertise software
In this policy, members of a collection are first refreshed. Afterward, a package is sent to the computers in the collection. Examining each object, here is each step in detail: 1. Custom Start—This object is configured with a single parameter, CollName. This is supplied as a parameter in a Trigger Policy object, an external call to trigger this policy, or manually supplied during testing with the Policy Testing Console. The value supplied for the CollName parameter should be the name of the new collection to create and populate.
Use Case Scenarios
345
Refresh Collection updates the collection membership of the target collection, ensuring that the collection has the freshest membership available. 3. Create Advertisement—At the Create Advertisement step, the policy creates a new advertisement on the Configuration Manager server. The package to send, program to use, and schedule to adhere to can all be set with this object.
TIP: CREATING A MANDATORY SCHEDULE If you do not set a mandatory schedule, the Create Advertisement step operates as requested, but the advertisement might not actually run on the SCCM client. This is because the Start Time field of the Details tab only specifies when the advertisement should be made available to the client. The mandatory assignment in the Schedule tab (Figure 11.10) is what indicates when the client is instructed to run the advertisement.
FIGURE 11.10 Mandatory schedule
4. Get Collection Member—After setting up the advertisement, the Get Collection Member object is used to retrieve all the computer names from the collection specified in the Refresh Collection object earlier. After retrieving the collection members, they are sent to the next object. 5. Refresh Client—The Refresh Client object loops through all the computers it receives from the Data Bus. Each client computer is contacted and instructed to run the Machine Policy Retrieval & Evaluation Cycle action, resulting in faster retrieval of the advertisement policy constructed in step 3.
11
2. Refresh Collection—Before beginning any advertisement, it is a good practice to refresh the membership of a collection. This ensures that the collection contains the most up-to-date list of computers that match the collection criteria.
346
CHAPTER 11
Integration with System Center Configuration Manager
Summary This chapter discussed the installation and configuration of the SCCM IP. Since with SCCM, delegation of permissions can be granular thereby encouraging the least privilege model, a table was provided illustrating the rights required to execute the objects in this IP. Some common use cases for SCCM administrators were described with object-specific instructions.
CHAPTER
12
Integration with System Center Virtual Machine Manager One of the System Center Integration Packs (IPs) bundled with Opalis Integration Server (OIS) 6.3, the Microsoft System Center Virtual Machine Manager (VMM) IP allows administrators to automate Hyper-V and VMware virtualization activities from OIS via Virtual Machine Manager 2008 Release 2 (R2). This chapter discusses the functionality of the Microsoft System Center VMM IP. The chapter describes the requirements for using the VMM IP. It covers the installation procedure and configuration steps, followed by an explanation of how each object functions, along with common use case scenarios. The chapter also presents several sample policies to show you how to leverage the VMM IP fully to automate your organization’s server virtualization management processes.
Requirements Before getting started, note that the VMM IP is included in OIS 6.3 installation files and not available as a separate download. The following sections discuss specific requirements.
Opalis Integration Server 6.3 You cannot get this IP without the 6.3 installation files as it comes bundled together. Specifically, this IP is located in the <Extraction Path>\Opalis 6.3\Integration Packs folder for System Center of the 6.3 zip file.
IN THIS CHAPTER . Requirements . Installing the VMM IP . Configuring the VMM IP . Objects at a Glance . Objects in Depth . Use Case Scenarios
348
CHAPTER 12
Integration with System Center Virtual Machine Manager
System Center Virtual Machine Manager 2008 As you are using objects from the IP to automate specific components of VMM, you must also install VMM 2008. Specifically, this IP requires VMM 2008 R2. Although some objects might work with the Released to Manufacturing (RTM) version, the IP was not designed or tested other than with VMM 2008 R2, and Microsoft does not support using the IP with earlier versions of VMM.
Security Credentials To implement the VMM IP, grant administrator access in VMM to a dedicated user account or the OIS Action Server service account; this account ultimately is used to contact the server to initiate VMM-related activities. Giving administrator access to the OIS Action Server service account is actually one way to resolve a known issue related to authentication from OIS to VMM. The sidebar “Real World: Troubleshooting VMM Authentication Failures in OIS” discusses this in more detail.
Installing the VMM IP For information on the installation steps to register and deploy an IP, see Chapter 4, “Installing Opalis Integration Server 6.3.”
Configuring the VMM IP All objects in the VMM IP use the credentials supplied by the Connection account to execute various functions on the VMM server. If you have multiple VMM servers to manage, you can utilize additional connection accounts for each VMM server. Whether you use a single common account to provide OIS permissions in multiple VMM deployments or a separate account for each deployment depends on the security requirements of your organization and the team responsible for managing the virtualization infrastructure. Configuration steps include verifying connectivity requirements, granting access to the connection account, and then configuring that account; these are discussed in the next sections.
Connectivity Requirements The Opalis Action Server requires connectivity to the System Center Operations Manager (SCOM) Root Management Server (RMS) on port 5724 (the System Center Data Access Service). You must install the SCOM Operations console on each computer where an Opalis Action Server or Client is installed that will interact with the SCOM RMS.
Configuring the VMM IP
349
Granting Access to the Connection Account Before configuring the connection to VMM, grant administrator access in VMM to the account OIS uses when connecting to the VMM server, as discussed in the “Security Credentials” section. Perform the following steps:
2. In the Administration space, select the User Roles node. 3. Double-click the Administrator user role, and then click Add. 4. Enter the name of the account OIS uses to access this VMM server. 5. Click OK twice to save your changes and exit.
Configuring the Connection Account In order for the account to perform the actions in the sample policies area, you must grant rights to the Connection account in VMM. Begin by configuring connectivity to VMM in the OIS Client. Perform the following steps: 1. In the top menu of the OIS Client, select Options -> System Center Virtual Machine Manager. 2. In the System Center VMM dialog box, click Add, and then supply the following information, as shown in Figure 12.1: . Name—Supply a name for the connection, SVCMM in Figure 12.1. . Type—Select System Center Virtual Machine Manager Connection. . Computer name—Enter the name of System Center VMM server.
FIGURE 12.1 Configuring the VMM connection - Edit Configuration window
12
1. Launch the VMM Administrator console. In the Navigation pane, select the Administration workspace.
350
CHAPTER 12
Integration with System Center Virtual Machine Manager
. User—This is the Active Directory (AD) account of a user with administrator privileges in System Center VMM; enter a user ID with administrator privileges in VMM here. . Domain—This is the AD domain in which the System Center VMM server resides; enter the NetBIOS domain name of the user account provided in the User field. . Password—This is the password for the AD user account; enter the user’s password here. . Authentication Type—Leave as Default. . Port (Remote Only)—Leave default of 5985. . Use SSL (Remote Only)—Leave default of False. . Cache Session Timeout (Min.)—Leave default of 10. . VMM Server—Name of System Center VMM server.
REAL WORLD: TROUBLESHOOTING VMM AUTHENTICATION FAILURES IN OIS When configuring the VMM IP connection and clicking the Test button, you might have authentication fail—even when the credentials you provide have administrator privileges in VMM. OIS communicates with VMM via PowerShell, using the cmdlets in the VMM Command Shell. The issue here is that authentication to the “Computer name” is achieved via Windows Remote Management, which can authenticate in several ways, where authentication from “Computer name” to “VMM Server” is strictly Kerberos (NT LAN Manager [NTLM] if using an Internet Protocol address). This authentication request sometimes results in a Kerberos Ticket Modified error. Alternatively, if you use blank credentials, a PowerShell credential object is not explicitly utilized; the implicit credentials of the Action Server are used instead. If the credentials for the Action Server have sufficient privilege, leaving the credentials blank works; otherwise leaving the credentials blank fails.
Most commonly if a 1604 error is returned, recycling the WS-Management service on the “Computer name” host computer will resolve the issue. Another workaround is to use the Internet Protocol address in the connection with “Negotiate” authentication to allow fallback to NTLM. However, it should be noted that NTLM is less secure than Kerberos. 3. Click OK to create the connection. When complete, the newly created connection in the System Center Virtual Machine Manager dialog box should be similar to Figure 12.2. 4. Click Finish to save the connection settings.
Objects at a Glance
351
12
FIGURE 12.2 Configuring the VMM connection
Objects at a Glance For reference, here are the objects included in the VMM IP: . Create Checkpoint . Create Disk from VHD . Create Network Adapter . Create New Disk . Create VM from Template . Create VM from VHD . Create VM from VM . Get Checkpoint . Get Disk . Get Network Adapter . Get VM . Manage Checkpoint . Move VM . Remove VM . Repair VM . Resume VM . Shut Down VM
352
CHAPTER 12
Integration with System Center Virtual Machine Manager
. Start VM . Stop VM . Pause VM . Update Disk . Update Network Adapter . Update VM
Objects in Depth Although you can use many of the objects listed in the “Objects at a Glance” section on their own, the power is in how you can combine them to automate even complex provisioning, migration, and maintenance tasks related to the virtualization infrastructure managed with VMM. This section describes the objects in the VMM IP in detail to clarify their intended function, the other objects with which they are commonly used, and common use case scenarios where appropriate. The VMM IP consists of 23 objects: . Create Checkpoint—This object is used to save the state of a virtual hard disk that is attached to a virtual machine (VM) and all the disk content, including application data. This also saves the hardware configuration information for VMs on Hyper-V and VMware hosts. This object is commonly used as a part of workflows involving software updates or upgrades to provide a known good point for rollback, should issues result from the update. More details on the properties and published data of this object can be found at http://technet.microsoft.com/en-us/library/gg440679.aspx. . Create Disk from VHD—This object is used to create a new disk from a Virtual Hard Disk (VHD), and then add the disk to an existing VM. Any time you intend to add a new disk to a VM, this object is likely to be involved. For additional information on this object, see http://technet.microsoft.com/en-us/ library/gg464924.aspx. . Create Network Adapter—The Create Network Adapter object is used to create a new network adapter and attach it to a specific VM. This object is often used in policies involving the Create VM from VM and Get Network Adapter objects to facilitate creating a network adapter in the new VM that mirrors settings found in an existing VM. More detail about the Create Network Adapter object is available at http://technet.microsoft.com/en-us/library/ gg440733.aspx. . Create New Disk—This object is used to create a new disk and add it to a VM. Properties of this object allow you to control disk size, filename, disk type (Small Computer System Interface [SCSI] or Integrated Drive Electronics [IDE], Boot, or
Objects in Depth
353
System volume), and the VM ID to which the disk will be attached. Additional details about this object are available at http://technet.microsoft.com/en-us/library/ gg440615.aspx.
The Create VM from Template object makes easy work of deploying a VM and configuring basic OS properties so it is ready for software deployment. More details on the properties and published data of this object is at http://technet.microsoft. com/en-us/library/gg464916.aspx. . Create VM from VHD—The Create VM from VHD object is used to create a new VM from an existing VHD in the VMM library. Like the VM from Template object, Create VM from VHD includes several optional properties for configuring VM hardware, network, and startup settings. For more information on this object, refer to http://technet.microsoft.com/en-us/library/ gg440783.aspx. . Create VM from VM—This object is used to create a VM from existing VM. This object essentially creates a clone of the source VM. Take into consideration when using Create VM from VM that the source VM must be stopped prior to initiating the cloning operation. You see the Create VM from VM object preceded by a Stop VM or Shut Down VM object to power down the source VM if it is not already stopped. Additional detail about Create VM from VM is available at http://technet.microsoft.com/en-us/library/gg464962.aspx. . Get Checkpoint—The Get Checkpoint object is used to retrieve an existing checkpoint associated to a VM to take action. This object is typically used as part of a maintenance or recovery sequence to retrieve a specific checkpoint so it can then be applied or deleted. It is typically placed before the Manage Checkpoint object in a policy. Additional information about this object is available at http://technet.microsoft.com/en-us/library/ gg440780.aspx. . Get Disk—The Get Disk object retrieves the properties of a VHD in the VMM library. More details on the properties and published data of this object can be found at http://technet.microsoft.com/en-us/library/gg440796.aspx. . Get Network Adapter—This object is used to retrieve network adapters and adapter properties from an existing VM. The Get Network Adapter object is often used in VM provisioning policies (using Create VM from VM) to retrieve the settings of a network adapter on an existing VM
12
. Create VM from Template—This object is used to create a new VM from an existing VM template in VMM. In addition to the default object properties (Host, Path, VM Name, Source Template Name), this object includes nearly 30 optional properties corresponding to template properties in VMM, such as hardware and software profile, virtual network settings, answer file, and administrator password.
354
CHAPTER 12
Integration with System Center Virtual Machine Manager
so the settings can be matched on the newly provisioned VM. More information on this object is at http://technet.microsoft.com/en-us/library/gg464923.aspx. . Get VM—This object attempts to retrieve a VM by name or ID provided in the object properties. You do not want to create VMs with duplicate names; incorporating this object is useful to verify a VM with a specific name does not already exist, making this object a necessary element of any VM provisioning policy. Additional information about Get VM can be found at http://technet.microsoft.com/en-us/library/gg440691.aspx. . Manage Checkpoint—The Manage Checkpoint object is used to either apply or remove an existing checkpoint. You can use this object in policies involving update management or software deployment to roll back a VM to a previous state when update or deployment activities fail. It is typically placed after the Get Checkpoint object. Additional details about this object are available at http://technet.microsoft.com/en-us/library/gg440797.aspx. . Move VM—The Move VM object is used to move the selected VM from one network location to another. More information on the properties and published data of this object can be found at http://technet.microsoft.com/en-us/library/gg440673.aspx. . Remove VM—Whether you want to remove and redeploy a problematic web server or to retire a VM that is no longer needed, automating the deprovisioning process is often desirable. Removing a VM requires that the VM first by stopped, which can be accomplished with the Stop VM or Shut Down VM objects. For additional information on this object, see http://technet.microsoft.com/en-us/library/gg440762.aspx. . Repair VM—The Repair VM object is used to run a retry, undo, or dismiss action on a VM that is not functioning correctly. More detail about Repair VM is available at http://technet.microsoft.com/en-us/library/gg440732.aspx. . Resume VM—The Resume VM object is used to start a VM currently in the paused state. Additional information about this object is available at http://technet. microsoft.com/en-us/library/gg464908.aspx. . Shut Down VM—The Shut Down VM object is used to shut down a stopped VM. This object takes the VM offline, which is required before VM cloning or removal. More details on the properties and published data of this object can be found at http://technet.microsoft.com/en-us/library/gg440641.aspx. . Start VM—The Start VM object is used to start a VM that has been paused, shut down, or stopped. More information on this object is available at http://technet. microsoft.com/en-us/library/gg440681.aspx. . Stop VM—The Stop VM object is used to stop a VM that is in a paused or running state. More information about Stop VM is available at http://technet.microsoft.com/ en-us/library/gg440618.aspx.
Use Case Scenarios
355
. Pause VM—This object is used to pause a VM that is currently running. A VM in a paused state can be started, stopped, or resumed. Additional details about this object are available at http://technet.microsoft.com/en-us/library/gg440767.aspx. . Update Disk—The Update Disk object can be used to increase the size of an existing VHD or to update disk properties, such as bus or bus type.
. Update Network Adapter—The Update Network Adapter object is used to make changes to an existing network adapter. This object is often used after a Get Network Adapter to configure adapter settings on a new VM to match those of the existing VM. Additional information about this is available at http://technet.microsoft.com/en-us/library/gg440791.aspx. . Update VM—This object is used to change a variety of properties of an existing VM, such as Performance Resource Optimization (PRO) settings, install Virtualization Guest Services, or changes VM quota points used in self-service quota calculations. The Update VM object can be used after initial VM provisioning to update VM settings specific to its intended service role. More details on the properties and published data of this object can be found at http://technet.microsoft.com/en-us/library/ gg464952.aspx.
Use Case Scenarios Each policy illustrated in this section uses two or more objects from the VMM IP. It is generally advantageous to use the information from the Data Bus to retrieve data values present at runtime based on actual conditions. This practice makes OIS an incredibly flexible platform for consuming information as it exists at runtime and using it as you do variables in a script. The three scenarios shown here are explained at length to demonstrate how to effectively tie the objects together to automate common processes related to virtualization management in OIS: . Virtual Machine Provisioning . VM Checkpoint and Recovery . Capacity and Lifecycle Management
12
This object can be useful in incident remediation policies to increase the size of virtual disks that are running out of space when OpsMgr raises an alert. See http:/ /technet.microsoft.com/en-us/library/gg440611.aspx for additional information on the Update Disk object.
356
CHAPTER 12
Integration with System Center Virtual Machine Manager
Virtual Machine Provisioning The VM Provisioning policy, displayed in Figure 12.3, illustrates one way to provision a new VM from an existing VM template in VMM. You can provision new VMs in OIS by using a VM template as a model, by using a VHD (using Get VHD), or even from an existing VM (using Create VM from VM). The method used in this policy is from an existing VM template.
FIGURE 12.3 Provision a new VM policy
Here are the activities performed by this policy: 1. Custom Start—This policy begins with a Custom Start object, allowing this policy to be initiated from outside OIS or from other policies as part of a larger workflow.
NOTE: DEFINING A PROCESS FOR AUTOMATED VM PROVISIONING Although a valid option for seeding the provisioning process with data is using a text file, other methods of doing this might provide a greater degree of automation and documentation of the change process. As an example, using the VMM IP in conjunction with the Service Manager IP to automate VM provisioning based on incoming change requests (CR) is a common use case scenario. Chapter 14, “Data Center Scenarios,” presents an example of this scenario.
2. Get VM Name—Get VM Name in this case is a renamed Read Line object from the Text File Management category. This object retrieves the string from line 1 of the vmrequest.txt, which is used as the VM name later in the policy. To configure Get VM Name, double-click the object and enter the following values on the Details tab: . File—c:\requests\vmrequest.txt . Encoding—ASCII . Line Number—1 3. Get VM—The Get VM object from the VMM IP is used in this case to ensure no attempt is made to provision a VM with the same name as an existing VM. The Get
Use Case Scenarios
357
VM Name object pictured in Figure 12.4 is configured to query VMM for a VM with a name that matches the string retrieved from the vmrequest.txt file.
12
FIGURE 12.4 Get VM Properties 4. Compare Values—The Compare Values object in this policy compares the CPU Count of the VM retrieved by the Get VM object in the previous step. If the Get VM object in step 3 one locates a VM with the same name as included in the vmrequest.txt file, the Compare Values object detects a CPU count of greater than 0 and return success, directing activity to the failure branch of the policy, which logs an error to a text log indicating the VM already exists. If no VM exists, Compare Values returns a failure result, which then triggers the Create VM from Template object. 4.1.
Conditional Link (No VM)—Although the color of the link is green (because this is the success path of the policy), the filter on this link is configured to register a match when the Compare Values object reports failure. This is because you only want the policy to continue with the VM provisioning process if a VM by this name does not already exist.
4.2.
Conditional Link (VM Already Exists)—Although the color of the link is red (because this is the failure path of the policy), the filter on this link is configured to register a match when the Compare Values object reports success. This is because you do not want the policy to continue with the VM provisioning process if a VM by this name already exists.
4.3
VM Already Exists—This Append Line object writes an entry to the error log indicating a VM by the name contained in vmrequest.txt already exists, and the policy terminates.
5. Create VM from Template—The Create VM from Template object creates a VM from a VM template specified in the properties of the object. Double-click Create VM from Template; on the Properties tab, configure the following values as shown in Figure 12.5.
358
CHAPTER 12
Integration with System Center Virtual Machine Manager
FIGURE 12.5 Create VM from Template Properties . Host Name—HOST1 . Path—d:\VMs . VM Name—{Line text from “Get VM Name”} . Source Template Name—W2K8R2_EE Be sure to Enter (Hyper-V) Host, VM name, path, and Source Template Name applicable to your environment in the properties of this object. The values shown here are for purposes of illustration only. 5.1.
Conditional Link (VM Created)—This link connects the Create VM from Template and Create New Disk objects. If the Create VM from Template object returns success, configuration of the new VM continues.
5.2.
Conditional Link (Create VM Failed)—This link connects the Create VM from Template and Create VM Failed objects. If the Create VM from Template object returns failure, the logic on this link registers a match and triggers the next object in this failure branch of the policy.
5.3.
Create VM Failed—This is a renamed Append Line object that logs an event to the same error log mentioned earlier and writes an event indicating that creation of the VM failed.
6. Create New Disk—The Create New Disk object is used in this policy to create an additional VHD and attach it to the new VM. Double-click the Create New Disk object and on the Properties tab (as shown in Figure 12.6), enter the following values: . File Name—Auto . Size (GB)—5 . Logical Unit Number (LUN)—Auto
Use Case Scenarios
359
12
FIGURE 12.6 Create New Disk Properties . Bus—Auto . VM ID—{Get VM ID from “Create VM from Template”} . Bus Type—SCSI . Disk Type—Dynamic 7. Update VM—The last object in this branch of the policy is Update VM object. Figure 12.7 displays the following settings: . VM ID—VM ID from “Create VM from Template”} . Quota Point—4 . Cost Center—ACCTING . Start Action—Always turn on
FIGURE 12.7 Define Properties used by the object
360
CHAPTER 12
Integration with System Center Virtual Machine Manager
REAL WORLD: IDENTIFYING TARGET HOST FOR VM DEPLOYMENT One feature the VMM IP does not support is Intelligent Placement, which is a capacity planning technology that helps administrators manage VM guest placement to maintain optimal resource utilization. You can manage guest placement after deployment with OIS policies or use workarounds to manage this from within OIS deployment policies. One way to manage this is by using custom PowerShell scripts launched from a Run .Net Script object. Another option is to incorporate objects from the VMM Extension IP, a community-sourced IP that builds on the Microsoft VMM IP to include support for enterprise features including Intelligent Placement and Rapid VM Provisioning. The VMM Extension IP is available on CodePlex at http://opalisvmmextended.codeplex.com/.
VM Checkpoint and Recovery In the workflow shown in Figure 12.8, OIS creates a checkpoint for an existing VM to provide a rollback point in the event software updates cause a problem. If the Apply Updates workflow fails, the failure branch of the policy restores the checkpoint to return the VM to its previously healthy state.
FIGURE 12.8 VM checkpoint and recovery If updates are applied successfully, the checkpoint should be deleted to eliminate the performance impact of the differencing disk created by a checkpoint. Here are the steps of this policy: 1. Custom Start—This object is configured with a single parameter called VMID. This is supplied as a parameter in a Trigger Policy object or other external call to trigger this policy. The value supplied for the VMID parameter is the VM ID of the VM to which updates are applied. 2. Create Checkpoint—The Create Checkpoint object creates a checkpoint (snapshot in Hype-V) for the target VM, as configured in Figure 12.9 with the following values: . VM ID—{VMID from Custom Start} . Name—{Object Start Time from “Custom Start”} This checkpoint can be used to return the VM to a known good configuration in the event the application of updates results in an error condition.
Use Case Scenarios
361
12
FIGURE 12.9 Create Checkpoint Properties
2.1
Conditional Link (Apply Updates)—If the checkpoint is successful, the link triggers the next object in the workflow.
3. Apply Updates—This renamed Trigger Policy object calls a separate update management workflow to apply the latest hotfixes to the targeted VM. The Trigger policy object is configured to publish data from the child policy indicating whether updates were applied to the VM successfully. For a refresher on how to configure data publishing between policies, refer to Chapter 5, “Policy Basics.” 3.1
Conditional Link (Update Success)—If the Trigger Policy object returns published data from the Apply Updates child policy indicating updates were applied to the VM successfully, the policy activity continues down this branch of the policy to log an event indicating a successful result.
3.2
Conditional Link (Update Failed)—If the Trigger Policy object returns published data from the Apply Updates child policy indicating updates were applied to the VM successfully, the policy activity continues down this failure branch and attempts to return the VM to a known good state.
4. Log Success Event—This renamed Send Event Log Message object logs an informational event to the Windows Application Event Log indicating updates were successfully applied to the VM. This policy includes a failure branch to account for the possibility that the application of update failures or otherwise results in an error condition requiring rollback to the checkpoint created at the beginning of the policy with Create Checkpoint. 5. Get Checkpoint—The Get Checkpoint object retrieves a specific checkpoint for a VM. In this case, Get Checkpoint is configured to retrieve the checkpoint by the ID
362
CHAPTER 12
Integration with System Center Virtual Machine Manager
retrieved at runtime; this is shown in Figure 12.10. Get Checkpoint should be configured with the value {Checkpoint ID from “Create Checkpoint”}.
FIGURE 12.10 Get Checkpoint Properties 6. Apply Checkpoint—After the checkpoint been retrieved, this renamed Manage Checkpoint object is configured to apply the checkpoint to the VM, returning it to the known good state captured before the application of updates to the VM was attempted. As shown in Figure 12.11, the properties should be configured as listed here: . Action—Remove . VM Checkpoint ID—{Checkpoint ID from “Create Checkpoint”}
FIGURE 12.11 Apply Checkpoint Properties
Use Case Scenarios
363
7. Log Recovery Event—This renamed Send Event Log Message object logs a warning event to the Windows Application Event Log indicating the application of updates to the VM failed, along with the result of the attempt to rollback to the previous checkpoint.
In the real world, this workflow would normally be extended with additional activities to remove the snapshot taken at the beginning of the workflow, complying with Microsoft best practices related to checkpoint management.
Capacity and Lifecycle Management In a private cloud infrastructure, unhealthy VMs might not be repaired or patched, but rather de-provisioned and replaced by fully patched, healthy replacements. The sample policy shown in Figure 12.12 attempts to perform a clean shut down, remove the unhealthy VM, and then launch a provisioning workflow (similar to the example shown earlier in the “Virtual Machine Provisioning” section) to replace the unhealthy guest with a new VM.
FIGURE 12.12 Replacing an Unhealthy VM
If a clean shut down of the VM is not possible, the failure branch of the policy is invoked, which attempts to stop the VM (a dirty shut down), remove, and then launch the Replace VM policy to replace the VM. 1. Custom Start—This policy begins with a Custom Start object, allowing the policy to be initiated from outside OIS or from other policies as part of a larger workflow. This custom start object is configured with a single parameter called VMName,
12
NOTE: CLEANING UP SNAPSHOTS
364
CHAPTER 12
Integration with System Center Virtual Machine Manager
which is supplied when the policy is started through a Trigger Policy object or other external call. 2. Get VM ID—This renamed Get VM object retrieves the VM properties of the VM matching the name passed to the VMName parameter in Custom Start. The GET VM ID object should be configured, as shown in Figure 12.13 and documented here as VM Name: {VMName from “Custom Start”}.
FIGURE 12.13 Get VM ID
3. Shut Down VM—This object attempts to perform a clean shut down of the VM specified in the VM ID retrieved by Get VM ID, as shown in Figure 12.14 and documented here as VM ID: {VM ID from “Get VM ID”}. 3.1
Conditional Link (Shut Down Successful)—If Shut Down VM completes successfully, policy activity continues down this branch.
3.2. Conditional Link (Clean Shut Down Failed)—If Shut Down VM returns failure, policy activity continues down this failure branch. 4. Remove VM—When Shut Down VM returns success, the Remove VM object attempts to remove the VM using the VM ID from the Shut Down VM object, as shown in Figure 12.15 and documented here as VM ID: {VM ID from “Shut Down VM”}. 5. Replace VM—If Remove VM is successful, this renamed Trigger Policy object calls a VM provisioning workflow (similar to that presented in the VM Provisioning sample policy in the “Virtual Machine Provisioning” section) to replace the failed VM. The policy triggered begins with a Custom Start object that accepts the VM name as a parameter. The workflow ends when the trigger policy object is has been triggered.
Use Case Scenarios
365
12
FIGURE 12.14 Shut Down VM Properties
FIGURE 12.15 Remove VM Properties Because that VM provisioning policy is generally configured with its own error reporting, there is no reason to wait for the VM provisioning policy result to duplicate error reporting here. If Shut Down VM (object 3 in Figure 12.14) fails, policy activity follows the failure branch and attempts to perform these activities. 6. Stop VM—Because the attempt to perform a clean shut down of the unhealthy VM failed, the Stop VM object simply stops the VM using the VM ID from the Get VM ID object, as shown in Figure 12.16 and documented here as VM ID: {VM ID from “Get VM ID”}.
366
CHAPTER 12
Integration with System Center Virtual Machine Manager
FIGURE 12.16 Stop VM 7. Remove VM (2)—With the VM offline, the Remove VM object is triggered to remove the unhealthy VM so a new VM with the same name can be provisioned. The Remove VM object expects a VM ID value as documented here as VM ID: {VM ID from “Stop VM”}. 8. Replace VM (2)—If Remove VM is successful, this renamed Trigger Policy object calls a VM provisioning workflow to replace the failed VM, just as the Replace VM object in the success branch of the policy would do.
REAL WORLD: ERROR HANDLING AND REPORTING IN OIS POLICIES In a production-ready version of this policy, branching and conditional links would exist to capture and report error and failure conditions. For more information on how to build error reporting into your policies, see Chapter 7, “Implementation and Best Practices.”
Summary This chapter discussed the installation, configuration, and practical application of the System Center VMM IP. This is one of the more robust System Center IPs, and you can leverage it in a variety of production scenarios to support provisioning, maintenance, and capacity management in pure Microsoft or hybrid (Hyper-V and VMware) virtualization infrastructures. When used in conjunction with the System Center Service Manager IP, OIS can be leveraged to support an organization’s change management procedures through automation. For information on integrated System Center workflows, see Chapter 14 for a detailed discussion.
CHAPTER
13
Integration with System Center Data Protection Manager With the release of Opalis Integration Server (OIS) 6.3, Microsoft included System Center Integration Packs (IPs) to tie OIS to Microsoft’s System Center Suite. This chapter specifically covers the IP for Microsoft System Data Protection Manager (DPM). The chapter describes the requirements for using the DPM IP. It covers the installation procedure and configuration steps, followed by an explanation of how each object functions, along with common use case scenarios. The chapter also presents several sample policies to show you how to leverage the DPM IP fully to automate your organization’s server protection requirements.
Requirements Before getting started, note that the DPM IP is included only in the OIS 6.3 installation files and not available as a separate download. The following sections discuss specific requirements.
Opalis Integration Server 6.3 It is not possible to get this IP without the OIS 6.3 installation files as it comes bundled together. Specifically, this IP is located in the <Extraction Path>\Opalis 6.3\Integration Packs for System Center folder of the OIS 6.3 ZIP file.
IN THIS CHAPTER . Requirements . Installing the DPM IP . Configuring the DPM IP . Objects at a Glance . Objects in Depth . Use Case Scenarios
368
CHAPTER 13
Integration with System Center Data Protection Manager
System Center Data Protection Manager 2010 This IP is used to orchestrate specific components of DPM; because of this, DPM 2010 must be installed. Some objects within this IP might work with System Center DPM 2007; however, this is not supported. This IP has been specifically designed to work with System Center DPM 2010.
Windows Management Framework The DPM IP has a requirement on both Windows PowerShell 2.0 and Windows Remote Management (WinRM) 2.0, which make up the Windows Management Framework, as all the objects within this IP utilize PowerShell remoting. Without the Windows Management Framework, none of the objects function. The Windows Management Framework is included with Windows Server 2008 Release 2 (R2). If running an older operating system, you can download the Windows Management Framework from http://support.microsoft.com/kb/968930. Windows PowerShell 2.0 To confirm that Windows PowerShell 2.0 is installed, expand the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell\1\PowerShellEngine registry key and confirm the value of the Runtime Version entry begins with v2.0.
After installation, you must configure PowerShell to allow remote connections and allow signed scripts to be run. . To enable remote connections, open an elevated PowerShell prompt and run Set-ExecutionPolicy RemoteSigned
. From within the same PowerShell prompt, to allow remote commands to run, run this command: Enable-PsRemoting
PowerShell 2.0 installation and configuration is required on all computers that receive remote commands, which includes the DPM server. WinRM 2.0 To confirm the correct version of WinRM is installed, run the following command from within an elevated command prompt: winrm id
The value following the term Stack provides the version of WinRM, which needs to be 2.0.
Installing the DPM IP Installing the IPs is discussed in Chapter 4, “Installing Opalis Integration Server 6.3.” Refer to this chapter for more information.
Configuring the DPM IP
369
Configuring the DPM IP Configuring the DPM IP is similar to configuration of the other System Center IPs. After installing the IP, you must create connections for each DPM server that is used with defined policies. The objects within this IP cannot do anything until at least one connection is created, as each object needs to utilize the connection details stored within it. As DPM does not have role-based access control, a connection needs to include account details of a Windows account with administrator privileges on the DPM server. Because of this requirement, only one connection profile is required for each DPM server. Each object within this IP can use any connection that has been configured, and the Action Server uses the details in the profile to perform the actions of the object. Connection accounts are critical to be able to use the DPM IP. Perform the following steps to configure a Connection account for DPM: 1. In the top menu of the OIS Client, select Options -> System Center Data Protection Manager. 2. In the System Center DPM dialog box that opens, click Add and supply the relevant connection details. The following information is required, as shown in Figure 13.1: . Name—Name you are giving the connection. . Type—The type of connection to use. Only PowerShell Remoting is available. . Computer Name—Name of the DPM server being connected to. . User—Active Directory (AD) account used to connect to Data Protection Manager 2010. . Domain—Name of the domain for the connecting user account. . Password—Password for the AD account . . Authentication Type—The type of authentication that is to be used. Using Default results in Kerberos authentication being used.
FIGURE 13.1 Configuring the DPM connection
370
CHAPTER 13
Integration with System Center Data Protection Manager
. Port—Port used for remote connection. The default HTTP port for WinRM 2.0 is 5985, and the default HTTPS port is 5986. . Use SSL—Boolean value for selecting whether to use Secure Sockets Layer (SSL).
NOTE: AUTHENTICATION TYPE When selecting an authentication type other than Kerberos and HTTPS is not the transport method, the Opalis Action Server computer must be configured in the list of trusted computers in WinRM on the DPM server.
3. Click OK to create the connection. Additional information on creating a connection is available on TechNet at http://technet. microsoft.com/en-gb/library/gg464929.aspx.
NOTE: IT IS NOT POSSIBLE TO TEST THE CONNECTION When creating a new DPM connection, there is no option available to test the connection. To confirm the correct connection information has been provided, you must create and test a basic workflow containing one object. If data is returned from the test workflow, then the data in the connection is correct.
Objects at a Glance The following objects are included in the System Center DPM IP: . Create Recovery Point . Get Data Source . Get DPM Server Capacity . Get Recovery Point . Protect Data Source . Recover SharePoint . Recover SQL . Recover VM
Objects in Depth This section provides an overview of the eight objects contained within the DPM IP to provide an understanding of what each object does. Each object discussed has a link to its corresponding TechNet article, where there is more information on the object and tables listing the properties and published data.
Objects in Depth
371
. Create Recovery Point—This object is used to take a backup of a protected data source that can be used to restore from. By using this object, a backup can be taken outside the recovery point schedule, which is defined in the protection group to which the data source belongs. Information on the elements in the object is available at http://technet.microsoft.com/en-gb/library/gg440707.aspx. . Get Data Source—Data sources within DPM are workloads that DPM can protect or is currently protecting. Every data source object in DPM has a large number of properties, and the data in these properties provides information on current configuration to current state. This object queries data sources and publishes all property data for use in the workflow. You can select data sources from a DPM production server or a specific protection group. When using this object, data sources can only be selected from a production server when you are configuring data protection, whereas data sources can be selected from a production server or a protection group when configuring a recovery. This object is important in this IP as it publishes the data source ID. The data source ID is important, as nearly all other objects within this IP require it to function. This object works with all DPM data sources other than folder and share data sources. Only high-level singular data sources, such as System State, are returned; as the published data is generated by returning every share, folder and file that could be protected is unmanageable. Information on the elements in the object is available at http://technet.microsoft. com/en-gb/library/gg440727.aspx. . Get DPM Server Capacity—Retrieving the capacity of a DPM server is a key task when configuring protection, as no protection is provided if there is not enough space to store the backups. By querying DPM, this object publishes the storage capacity available. This object should be used in every workflow where protection is being configured. If not used, it is easy to consume all the available storage on a DPM server, which causes protection to stop on all data sources that are being protected. For information on the elements in the object, see http://technet.microsoft.com/en-gb/library/ gg440725.aspx. . Get Recovery Point—This object queries a data source for a required recovery point. Using the Get Recovery Point object provides the ability to query for any retained recovery point and for the latest recovery point. For information on the elements in this object, see http://technet.microsoft.com/en-gb/library/gg440723. aspx. . Protect Data Source—To configure and enable protection of a data source in DPM, use the Protect Data Source object. Any workload that DPM can protect might be added to a protection group to provide protection. As this object cannot create a protection group, the protection group must already exist. For information on the
372
CHAPTER 13
Integration with System Center Data Protection Manager
elements in this object, see http://technet.microsoft.com/en-gb/library/gg464973. aspx. . Recover SharePoint—The Recover SharePoint object provides the functionality to recover a SharePoint farm when defining a recovery workflow. Information on the elements in the object is available at http://technet.microsoft.com/en-gb/library/ gg440675.aspx. . Recover SQL—Use the Recover SQL object in a workflow to recover a SQL database from DPM. This object can restore to the original SQL instance or to a network folder, but it cannot recover to a different SQL instance. Information on the elements in the object is available at http://technet.microsoft.com/en-gb/library/ gg440684.aspx. . Recover VM—DPM can provide virtual machine protection when the VM is hosted on Hyper-V, and this object can recover any VM from a specific point in time. Information on the elements in the object is available at http://technet.microsoft. com/en-gb/library/gg464966.aspx.
Use Case Scenarios The DPM IP enables you to automate protection of virtual machine hosts and guests, as well as protecting common Microsoft workloads. You can use the objects in the IP to automate virtual machine protection and recovery, SharePoint farm, SQL protection and recovery, and system state protection. You can also use the IP with ad-hoc backups. The following sections present some typical use cases for the DPM IP.
Creating a Recovery Point Creating recovery points for protected workloads in DPM is vital to ensuring there is a recent backup available from which you can restore. A recovery point is a point-in-time copy of the data that is being protected, and it is possible to restore from any recovery point that exists on the DPM server. Without recovery points, it is possible to restore from express full backups, which are commonly only taken once a day. The workflow displayed in Figure 13.2 illustrates how to get a specific data source and then create a recovery point. The Create a Recovery Point workflow uses the Get Data Source object, which is a key object and is used in the majority of workflows containing DPM IP objects.
FIGURE 13.2 Create a recovery point
Use Case Scenarios
373
The workflow represented in Figure 13.2 is a simple workflow but provides a useful example. In most Information Technology (IT) environments, a change request is usually required before any change can take place on a computer or application. As part of the change request, a backup is normally performed on the affected application or computer before the change commences, which is typically done manually. Implementing this workflow in a larger policy enables a backup to be taken whenever a change request is submitted. The Get Data Source object in Figure 13.2 is important as it publishes the ID of the data source being queried, and all other objects in this IP require a data source ID as an input (with the exception of the Get DPM Server Capacity object). The Get Data Source object only has two required properties: . Data Source Location . Name However, this information alone is not enough if you want to work with one specific data source. To retrieve a single data source, you want to use filters within this object. The filters enable you to compare the value of any data source property against a set value. As it is possible to create as many filters as is required and create a filter on any data source property, this makes filtering for the correct data source easy. Figure 13.3 displays the required properties of the Get Data Source object. The Data Source Location property only has two possible inputs: . Production Server . Protection Group If you are configuring protection, you must select Production Server, as this is the only option that works; if configuring a recovery, you can use either Production Server or Protection Group. The Name property in Figure 13.3 is where the target for this object is specified. As an example, if you were protecting a SQL Server database on a computer named SQL01, the
FIGURE 13.3 Get Data Source Properties
374
CHAPTER 13
Integration with System Center Data Protection Manager
value for the name field would be SQL01. As the value for the Name property is likely to be different every time the workflow runs, you can subscribe to data that has already been published. Figure 13.4 displays a filter that has been added to the object, in this scenario data sources that have a Name Equal to DB1 are returned. There are 80 different properties available to be filtered on, and published data can be used as the Value data for each filter. It is recommended you use filters to ensure only the data source that is needed is returned and to reduce the performance impact on the DPM server when the query is run.
FIGURE 13.4 Get Data Source filters After the Get Data Source object has a data source, it is now possible to create a recovery point using the Create Recovery Point object. The only property this object requires is Data Source ID, and this information is published from the Get Data Source object and can be subscribed to as the value for the Data Source ID property, as shown in Figure 13.5.
FIGURE 13.5 Create Recovery Point Properties
Use Case Scenarios
375
When this workflow is started, a recovery point is created for the selected data source. As stated earlier in this section, this can used to automate a backup before a change request commences, but it can also be used to create backups based on any other criteria. As an example, Operations Manager (SCOM) alerts might be monitored for a specific alert that starts the workflow to create a backup.
Protecting a Data Source The Protect Data Source object is used to protect a data source by allocating it to the required protection group on the DPM server. A protection group contains backup policies, such as retention range and frequency of backup, so a data source has to belong to a protection group to provide protection. When protecting data sources in DPM, there are three options for creating the initial replica: . Now . Later . Manual You can only use the Later or Manual options in this object. Using this object involves a similar workflow to the previous Use Case (Figure 13.2), as displayed in Figure 13.6.
FIGURE 13.6 Protect Data Source To provide protection of a data source, the ID for that data source is required; this can be published using the Get Data Source object, as explained in the previous workflow. The Protect Data Source object subscribes to the published data source ID and requires values for the Replica Creation Method and Protection Group properties. The Create Recovery Point object is required at the end of this workflow to create the initial replica. Using the Protect Data Source, you cannot select an option to create a replica now, so the Create Recovery Point object is required to generate the first backup.
Recovering a SQL Database The Recover SQL object is one of three recovery objects contained within this IP. There are objects for recovering SQL, SharePoint, and Virtual Machines; each of which can be used in a workflow in a similar way. The workflow in Figure 13.7 provides an example of a recovery workflow using the Recover SQL object; however, you could replace the Recover SQL object with the Recover SharePoint or Recover VM object as necessary.
376
CHAPTER 13
Integration with System Center Data Protection Manager
FIGURE 13.7 Recover SQL There are three objects required from the DPM IP to perform a recovery. As with most DPM IP objects, the Get Data Source object is required so the data source ID can be published to the Data Bus. The Get Recovery Object can then be used to get the recovery source ID of the recovery point that needs to be restored. Then finally, the Recover SQL object can recover the SQL database using the data source ID and recovery source ID that has been published to the Data Bus by the previous two objects. As the usage of the Get Data Source object has already been covered in the “Creating a Recovery Point” section of this chapter, configuration of this object is not covered again. After the Get Data Source object has published the data source ID to the Data Bus, the Get Recovery Point object is used to select the required recovery point for recovery. This object only has two required properties: . Selection . Data Source ID The Data Source ID property has to contain a valid ID, and this is populated using the ID on the Data Bus from the Get Data Source object. You can also populate the data source ID manually; however, the number of scenarios in which the workflow can be used is significantly reduced if it is focused on a single data source. The Selection property has only two possible values: Latest or All. The default value for this object is Latest, which means the most recent recovery point is selected. If all recovery points associated with the data source are required so a specific recovery point can be selected, change the Selection property value to All. Using the All value for the Selection property can result in multiple recoveries taking place. This is because a recovery takes place for every recovery point associated with the data source. To prevent this from occurring, you can utilize the Filters on the object to select the recovery point required. The most useful filter to use in this scenario is RepresentedPointInTime, as this filter provides the ability to select a recovery point within a specific time range. For a list of all the filters and their descriptions, visit http://technet. microsoft.com/en-gb/library/gg440723.aspx. Figure 13.8 displays the properties of the Get Recovery point object with the most typical values populated for Selection and Data Source ID. With the Get Recovery Point object publishing the recovery point ID of the recovery point required for recovery, it is now possible to use the Recover SQL object to perform the recovery.
Use Case Scenarios
377
FIGURE 13.8 Get Recovery Point Properties The Recover SQL object has a number of properties, but not all the properties require a value. The properties that require values change depending on the type of recovery being attempted. There are only three properties that must have a value: . Recovery Type . Recovery Source ID . Data Source ID As the Data Source ID and Recovery Point ID have already been published to the Data Bus, the Recovery Point ID and Data Source ID values can be provided using this data. The Recovery Type property has options to select from that are relevant for the type of data being recovered. In a SQL recovery scenario, there are two recovery type options to select from: . Recover to Original Instance—This restores the database to the original SQL instance of the database. . Recover to Network Folder—This option restores the database files to a different location, which enables a DBA to control the recovery of the database as required, and is the most common type of recovery. To recover to a network folder instead of the original SQL instance, two of the optional properties for the Recover SQL object and three properties are required. As the database files are being restored to an alternate location, you must specify that location. Both the server name and server path for recovery are required for recovery, and these values are specified in the following two properties: . Target Server Name . Target Location The Target Server Name requires the name of the server where the recovery takes place, and the Target Location is the path on the server to which the files is restored. Figure 13.9
378
CHAPTER 13
Integration with System Center Data Protection Manager
shows completed property values that would enable a SQL database recovery to an alternative network location.
FIGURE 13.9 Define the properties for the Recover SQL object Now all the objects for the recovery have been configured, and an orchestrated SQL database recovery has been achieved.
Checking DPM Server Storage Capacity This final use case scenario demonstrates how to use OIS and the DPM IP to query a DPM server for its available free storage. As the majority of backups taken by DPM are stored on disk, it is critical to make sure there is enough storage space available in the DPM storage pool before configuring a backup. Without enough storage, it is not possible to take a successful backup, which could cause key workloads and servers to not be protected. The Get DPM Server Capacity object is the only object in the DPM IP that does not require the use of the Get Data Source object. This is because there are no required properties for this object. Using the Get DPM Server Capacity object returns capacity information of the DPM storage pool. This object provides raw capacity information from the storage pool, which includes . TotalCapacityBytes . TotalCapacityGB . UnallocatedSpaceBytes . UnallocatedSpaceGB . UsedSpaceBytes . UsedSpaceGB
Use Case Scenarios
379
This data is useful; however, further manipulation of the data is required to perform a real capacity check. Figure 13.10 shows a workflow where a foundation object, Compare Values, is used to perform a calculation on the published capacity data from the Get DPM Server Capacity object.
FIGURE 13.10 Get DPM Server capacity Using the Compare Values object, a simple numeric comparison can be performed to check that the amount of unallocated space in the storage pool is greater than a fixed minimal value. This is a basic check, but it could still prevent a backup from failing due to insufficient storage being available. It is also possible to perform a more specific capacity check to confirm that there is definitely enough storage available to create a backup. To do this the workflow needs to be extended to include the storage space used by the workload requiring protection, and this enables a comparison to be performed between the storage space available in DPM and the storage that is required to protect the workload. As DPM typically needs two to three times the storage space used by the protected workload, this calculation could also be performed in the workflow, using a basic script in the Run .NET Script object. The result is that DPM storage data and storage required data is published to the Data Bus, and these two pieces of data could be compared to confirm there is sufficient storage available.
Summary This chapter covered the configuration requirements of the DPM IP and details on each of the eight objects contained within it. It also covered a number of use case scenarios that demonstrated how many of the objects can be used in real workflows. This is the last of five chapters that discuss individual System Center IPs. The next chapter demonstrates how the System Center IPs can work together to provide data center automation.
This page intentionally left blank
CHAPTER
14
Data Center Scenarios
IN THIS CHAPTER . Requirements in the Dynamic Data Center . Use Case Scenarios
The previous five chapters presented examples of how you can leverage each of the System Center Integration Packs (IPs) to automate common processes. In reality, process automation can be far more complex. As Information Technology (IT) organizations advance their processes to support dynamic data center and private cloud initiatives, the need to develop end-to-end automation scenarios to support zero-touch automation continues to grow. In production scenarios, policies often involve objects from multiple System Center IPs. Occasionally, specific limitations might require the use of PowerShell script or .NET code to augment workflows. Fortunately, the objects in the System Center IPs can be used together, along with Foundation objects, to develop automation scenarios that address organizations’ needs to extend process automation to a level of light touch or even zero touch as appropriate. This chapter describes some of the common requirements and considerations that go into creating Opalis Integration Server (OIS) workflows in the real world. It includes several sample workflows illustrating how objects from System Center IPs can be used together in the same workflows and with PowerShell to achieve true end-to-end automation.
382
CHAPTER 14
Data Center Scenarios
Requirements in the Dynamic Data Center When developing policies for production use, several common considerations go into the development of workflows. These include but are not limited to the following: . Change Management—In accordance with guidance defined in the Microsoft Operations Framework (MOF) and Information Technology Infrastructure Library (ITIL), managing change is an important part of IT operations. Changes must be documented, and in some cases require approval from one or more individuals within the organization to ensure the change is sufficiently planned and tested before implementing it into production. Using the System Center Service Manager (SCSM) IP lets you incorporate change management into any workflow by adding a small number of simple objects. . Error Handling and Escalation—Sometimes even well-planned changes might fail, in which case the workflow should incorporate logic to notify someone to the error condition. Adding logging and error reporting, whether to text, event logs, or even directly to SCSM, enables issues encountered in the automation process to be documented and then escalated to the appropriate IT support personnel. . Bulk Processing—The need to perform administrative tasks in bulk, such as in provisioning a large number of user accounts, can present special challenges that might present the need to extend OIS to perform activities not possible or easily achievable with off-the-shelf IPs. Using PowerShell and the Run .Net Script object, administrators can bridge gaps to facilitate reliable automation of repetitive and timeconsuming administrative tasks, such as provisioning large numbers of user accounts. Designing for the dynamic data center is about designing automation with people, process, and technology in mind. This certainly comes into play with OIS—as you design automated workflows, do not focus exclusively on the technology involved in a process, but consider the human effort and communication required to complete it. Some processes might actually require manual steps and thus are not suitable for completely hands-free automation, and this is to be expected. With SCSM (and potentially other helpdesk/ticketing systems), OIS workflows can be extended to monitor for requests coming directly from the service consumers via the tools they use every day to make requests and report problems. By designing workflows with the objective of maintaining this layer of abstraction between service consumers and technology, you can achieve new levels of efficiency in IT service delivery. Typically, the ticketing system utilized by IT for incident, problem, change management, and asset tracking ties together the activities of IT service delivery with those of the business processes (and the people supporting them) relying on these services. By presenting the OIS workflows as high-level processes in the ticketing system and processes such as “provision new user account” as a change management activity, service consumers can make requests in a familiar user interface (UI) without concern for the underlying technology. The child policies within the user provisioning workflow, such as the policies that provision the user, setup departmental shares, and the user’s virtual desktop infrastructure
Use Case Scenarios
383
(VDI), are simply check boxes on a form representing procedures within the onboarding process for a new user. When IT process automation is integrated with business process in this manner, the underlying technology fades into the background, allowing other business units to focus on driving productivity rather than worrying about how to navigate unfamiliar technology and difficult processes.
Use Case Scenarios Each policy illustrated in this section uses objects from multiple System Center IPs or incorporates PowerShell to achieve a level of process automation common to real-world scenarios.
. Server Maintenance and Reboot (Opalis, System Center Configuration Manager [SCCM], System Center Operations Manager [SCOM], and SCSM) . Virtual Machine (VM) Provisioning and Configuration (Opalis, Virtual Machine Manager [VMM], SCCM, and SCSM) . Bulk User Account Provisioning (Opalis, SCSM, and PowerShell)
Server Maintenance and Reboot The integration between SCOM and SCCM to facilitate server maintenance is limited. The Stop Operations Manager Alerts check box in SCCM simply pauses the SCOM agent. Although this does stop alerts coming from the SCOM agent, it also masks any problems during the maintenance process for which SCOM might raise alerts. With OIS, you can work around this off-the-shelf limitation using a workflow that implements server maintenance mode in a coordinated fashion, minimizing false alerts without masking real issues. The workflow shown in Figure 14.1 coordinates a server reboot only after ensuring SCCM advertisements are complete and SCOM maintenance mode is enabled for the server.
FIGURE 14.1 Server maintenance and reboot
14
The three scenarios shown here are explained at length, demonstrating how to automate common repetitive tasks encountered in day-to-day IT operations related to resource management and provisioning OIS, in a manner that addresses the following:
384
CHAPTER 14
Data Center Scenarios
This policy is an enhanced version of the Server Maintenance Mode policy presented as a use case scenario in Chapter 9, “Integration with System Center Operations Manager.” Here are the activities performed by this policy: 1. Custom Start—This policy begins with a Custom Start object, allowing the policy to be initiated from outside OIS or from other policies as part of a larger workflow. The Custom Start object in this workflow is configured with one value— Targetname—which is the name of the computer that will be rebooted. 2. Query Database to Get ID—This renamed Query Database object queries the OperationsManager database to retrieve the ID Globally Unique Identifier (GUID) of the agent for the computer name provided in the Targetname parameter of Custom Start. Configure this information on the Details tab: . Query—Select BME.DisplayName, MTH.BaseManagedEntityId From BaseManagedEntity BME Inner Join MT_HealthService MTH on BME.BaseManagedEntityId=MTH.BaseManagedEntityId where BME.DisplayName like ‘{Targetname from “Custom Start”}.odyssey.com%’ Configure the Connection tab with the following information: . Database type—SQL Server . Authentication—Windows Authentication (authenticates as Opalis Action Account unless you provide alternate credentials on the Alternate Credentials tab) . Server— . Initial Catalog— 3. HealthService—This Start Maintenance Mode object starts maintenance mode for the Health Service object for the computer named in Target Server. . Monitor—Microsoft.SystemCenter.HealthService:{Targetname from “Custom Start”} . Reason—PlannedApplicationMaintenance . Duration—15 . Comment—Opalis Reboot 4. Windows Computer—This Start Maintenance Mode object starts maintenance mode for the Windows Computer object for the computer named in Target Server in
Use Case Scenarios
385
step 1. This object is configured with the same values shown for the HealthService object (object number 3 in Figure 14.1), with the exception of the Monitor field, which should be configured as Microsoft.Windows.Computer—{Targetname from “Custom Start”}.odyssey.com 5. HealthServiceWatcher—This Start Maintenance Mode object starts maintenance mode for the Health Service Watcher object for the computer named in Target Server. This object is configured with the same values shown for the HealthService object, with the exception of the Monitor field, which should be configured as Microsoft.SystemCenter.HealthServiceWatcher:Microsoft.SystemCenter.AgentWatcher sGroup;[Mid(Field(‘{Full line as a string with fields separated by ‘;’ from “Query Database to get ID”}’,’;’,2),2,36)] 6. Junction—The Junction object is used to stop further processing until all branches of the workflow have been completed.
8. Advertisement Is Running—The Advertisement Is Running object (displayed in Figure 14.2) from the SCCM Client Center IP double-checks to verify no Configuration Manager advertisements are still running on the computer after the Install Updates policy has completed before proceeding with maintenance mode and reboot. SCCM Client Center IP is an open source IP available on CodePlex at http://sccmclictropalis.codeplex.com/.
FIGURE 14.2 Advertisement Is Running Properties
This ensures a software or update installation in progress is not interrupted. You could implement this type of error checking in the Install Updates policy itself, or
14
7. Install Updates—This renamed Trigger Policy object kicks off a separate policy that triggers the application of updates in Configuration Manager.
386
CHAPTER 14
Data Center Scenarios
even configure looping on this object to give the updates additional time to finish if necessary.
REAL WORLD: UTILIZING OPEN SOURCE IPS Although the Foundation objects and System Center IPs deliver a great deal of functionality, they cannot address all the myriad automation scenarios you might encounter. To augment the off-the-shelf functionality of OIS, many authors of custom IPs have shared their work on CodePlex.
The object referenced in step 6 of this procedure is used to introduce community IPs as a source you can utilize to expand the functionality available in the System Center IPs. To see a complete listing of community-developed OIS IPs, visit http://www.codeplex.com/site/search?query=opalis&ac=8. 9. Restart System—The Restart System object (from the System category of the Foundation objects) reboots the server specified in the Custom Start object (step 1).
Virtual Machine Provisioning and Configuration Provisioning a new VM is seldom as simple as just provisioning an empty VM. Servers often have roles that require role-specific configuration and software. By combining the capabilities of the VMM, SCCM, and SCSM IPs, you can build an integrated workflow that automates the VM provisioning and configuration process from the initial change request (CR) to the final reboot. The workflow displayed in Figure 14.3 performs the following high-level steps to deliver virtual server configured to serve in a pre-defined role, such as web server or database server. This workflow is an extended version of the VM Provisioning policy sample in Chapter 12, “Integration with System Center Virtual Machine Manager.”
FIGURE 14.3 VM provisioning and configuration
Use Case Scenarios
387
REAL WORLD: LOGGING POLICY PROGRESS For a policy you are implementing in production, you would add additional logging and error checking to document the results throughout the process, providing easy identification of which activities complete and where in the policy the automation failed. As an example, just as failure branches with “Update CR with Error” objects have been used in Figure 14.3 to log a failure result at each step of the process, you could also add parallel branches from the same objects with “Update CR with Success” objects to log a successful result at each step. 1. Monitor for CR—This renamed Monitor Object object from the SCSM IP is configured to monitor for new CRs that contain “Provision New Virtual Machine” in the Title field of the CR and “In Progress” in the Status field (indicating the approval workflow in SCSM has been completed), as shown in Figure 14.4.
14
FIGURE 14.4 Monitor for CR 2. Get VM—The Get VM object from the VMM IP is used in this case to ensure no attempt is made to provision a VM with the same name as an existing VM. The Get VM Name object, shown in Figure 14.5, is configured to query VMM for a VM with a name that matches the string retrieved from the Description field of the CR. 2.1
Conditional Link (No VM)—Although the color of the link is green (as this is the success path of the policy), the filter on this link is configured to register a match when the Get VM object returns Number of Objects equal to zero. This is because you want the policy to continue with the VM provisioning process only if a VM by this name does not already exist.
2.2
Conditional Link (VM Already Exists)—If the Get VM object returns “Number of Objects” greater than zero, then the VM already exists, so the policy follows this failure branch, updates the CR with a status of Failed, and the policy terminates.
388
2.3
CHAPTER 14
Data Center Scenarios
Update CR with Error—As shown in Figure 14.6, this renamed Update Object object updates the CR to reflect a status of Failed.
FIGURE 14.5 Get VM object properties
FIGURE 14.6 Update CR with Error Properties 3. Create VM from Template—The Create VM from Template object creates a VM from a VM template specified in the properties of the object. Double-click Create VM from Template. On the Properties tab, configure the following values, as shown in Figure 14.7: . Host Name—HOST1 . Path—d:\VMs . VM Name—{Line text from “Get VM Name”} . Source Template Name—W2K8R2_EE
Use Case Scenarios
389
Conditional Link (VM Created)—This link connects the Create VM from Template and Create New Disk objects. If the Create VM from Template object returns success, configuration of the new VM continues.
3.2
Conditional Link (Create VM Failed)—This link connects the Create VM from Template and Update CR with Error objects. If the Create VM from Template object returns failure, the logic on this link registers a match and triggers the next object in this failure branch of the policy.
3.3
Update CR with Error—This is a renamed Update Object object that updates the CR to reflect a status of Failed.
3.4
Conditional Link (VM Created)—This link connects the Create VM from Template and Update CR with Success objects. If the Create VM from Template object returns success, the default link logic registers a match and triggers the Update CR with Success object.
3.5
Update CR with Success—This is a renamed Update Object object that updates the CR with a note indicating this step of the policy has completed successfully.
FIGURE 14.7 Create VM from Template Properties
REAL WORLD: VM GUEST PLACEMENT In an actual production scenario, the policy displayed in Figure 14.3 could be extended in several areas. . As an example, in SCSM 2010, a custom activity and change template is created to collect the parameters shown in Figure 14.7 from the user in a simple form, rather than relying on generic fields in the standard change template.
14
3.1
390
CHAPTER 14
Data Center Scenarios
. Additional properties might be collected to facilitate further configuration of the VM within the policy. For example, a Destination Computer Name object could be added to capture the desired computer name in Windows, as opposed to the record for the VM added in Hyper-V / SCVMM. A parameter to collect the name of the target Hyper-V host might be desired, or even a Location and/or Department parameter added to allow dynamic determination of the appropriate Hyper-V host based on the physical location or business unit of the user making the request. Any information related to the VM provisioning process that needs to be collected from the user can be gathered in a custom activity and change template in SCSM. It takes only several minutes to create the custom activity and form using the SCSM Authoring tool and does not require any special programming skills.
4. Create New Disk—The Create New Disk object is used in this policy to create an additional virtual hard drive (VHD) and attach it to the new VM. Double-click the Create New Disk object and on the Properties tab configure the following values: . File Name—Auto . Size (GB)—5 . Logical Unit Number (LUN)—Auto . Bus—Auto . VM ID—{Get VM ID from “Create VM from Template”} . Bus Type—SCSI . Disk Type—Dynamic 5. Update VM—The last object in this branch of the policy is Update VM object, as shown here. . VM ID—VM ID from “Create VM from Template”} . Quota Point—4 . Cost Center—ACCTING . Start Action—Always turn on
TIP: USING SCSM TO COLLECT ADDITIONAL INFORMATION You can create a custom activity and change the template in SCSM 2010 to collect the information used in this workflow. See http://systemcentercentral.com/BlogDetails/ tabid/143/IndexID/86705/Default.aspx for a post describing how to do so.
6. Add Computer to Collection—The Add Computer to Collection object adds the computer object to a collection in SCCM. In this case, the computer object is added to a collection to which role-specific server software is advertised.
Use Case Scenarios
391
7. Close CR—This is a renamed Update Object object that updates the CR to reflect a status of Complete.
TIP: UPDATING CRS In the real world, this workflow might also be extended with additional details to update the CR with specific failure result of the activity, providing more detail to IT support personnel reviewing the CR after the failure.
Bulk User Account Provisioning
Using PowerShell and the Run .Net Script object, you can easily automate this task. By incorporating System Center into the workflow, you can achieve a light-touch or zerotouch, self-documenting, end-to-end process automation. The workflow shown in Figure 14.8 performs the following high-level steps:
FIGURE 14.8 Bulk user account provisioning . Monitors SCSM for a CR for user account provisioning request . Retrieves a list of csv files (retrieved from the CR) containing a list of users first and last names and the department in which they work . Verifies the user account does not already exist . Creates the user account in Active Directory, moves the user to the appropriate departmental organizational unit (OU) and adds the user to a departmental security group . Verifies the user account was successfully created . Logs the result to the CR in SCSM and closes the request as either Failed or Complete
14
Windows Server 2008 Release 2 (R2) includes a PowerShell module containing cmdlets to facilitate rich administration on Server Core and automation of repetitive tasks. In some organizations, requests for bulk user account provisioning are commonplace, such as for new groups of trainees hired for a call center.
392
CHAPTER 14
Data Center Scenarios
1. Monitor SCSM for New User Requests—This renamed Monitor Object object from the Service Manager IP watches for a CR with “Bulk User Account Request” in the title of the CR with a status of “In Progress,” as shown in Figure 14.9.
FIGURE 14.9 Monitor SCSM for new user request properties 2. Get User Info—This renamed Read Link object retrieves the contents of the csv file name and path indicated in the Description field of the CR, one at a time, and triggers the next object once for each line retrieved. Notice the object is configured to begin on line 2, as line 1 of the file is a header with the names of fields. Get User Info configuration is shown in Figure 14.10.
FIGURE 14.10 Get User Info Properties
Use Case Scenarios
393
3. User Already Exists?—After importing the Windows 2008 R2 Active Directory PowerShell module, this Run .Net Script object (displayed in Figure 14.11) runs a 3.1
Conditional Link (User Exists)—If the value returned in OPD_Exists in object 3 (refer to Figure 14.8) equals true (indicating a user by this name already exists), activity is directed down this failure branch, the CR updates as Failed, and the workflow terminates.
14
FIGURE 14.11 PowerShell script in User Already Exists? object PowerShell script to determine if a user account with the name retrieved from the file already exists.
NOTE: USING DATA MANIPULATION FUNCTIONS FOR PARSING STRINGS The Field() data manipulation function in Figure 14.11 and Figure 14.12 retrieves the relevant field from the csv file. To ensure both OIS and PowerShell treat the data as a string, it is always encapsulated in quotes outside the square brackets. Here is the format of the data retrieved from the csv file: First, Last, Department. To capture each value needed to provision the accounts, based on the file format, use the following; values in the curly brackets{} are published data from Get User Info: . First: [Field(‘{Line text from “Get User Info”}’,’,’,1)] . Last: [Field(‘{Line text from “Get User Info”}’,’,’,2)] . Department: [Field(‘{Line text from “Get User Info”}’,’,’,3)] The field function is used in all the PowerShell scripts of this policy to pass in the appropriate value to complete the provisioning process. For more information on data manipulation functions in OIS and how to use them, see Chapter 7, “Implementation and Best Practices.”
394
CHAPTER 14
Data Center Scenarios
FIGURE 14.12 PowerShell script in Create New User object
4. Create New User—If User Already Exists returns a value of false, policy activity continues down this branch, and this renamed Run .Net Script object (refer to Figure 14.12) imports the Windows 2008 R2 Active Directory PowerShell module. It also creates the user account, adds the user to the departmental security group, and finally, moves the user to Active Directory OU for the department. 4.1
Conditional Link (Acct Create Failed)—If the Create New User object returns failure for any reason, activity is directed down this failure branch, the CR updates as Failed, and the workflow terminates.
5. User Exists—This step is intended to confirm that the Create New User object achieved the desired result. This Run .Net Script object runs the same PowerShell script as object 3 to determine if a user account with the name retrieved from the file already exists in Active Directory. There is one value published from this object, which is OPD_Exists. The value of OPD_Exists is either true (if the account already exists) or false if it does not. 5.1
Conditional Link (Failure - Escalate)—If the value returned in OPD_Exists in object 3 equals false (indicating the user account does not exist), activity is directed down this failure branch, the CR updates as Failed, and the workflow terminates. If the checkpoint is successful, the link triggers the next object in the workflow.
6. Update CR—This renamed Update Object object from the Service Manager IP is the end of the failure branch for each Run .Net Script object, and marks the CR as Failed if any of scripts triggers the failure branch based on the conditional links In this sample, after the accounts are created, a tier 1 support analyst would need to verify the accounts had in fact been created and to manually mark the CR as complete. Optionally, the workflow could be fully automated to notify the user requesting the new user accounts and then close the CR.
Use Case Scenarios
395
Summary Although process automation is itself an important part of service delivery, extending process automation to automate activities in a way that is comfortable for service consumers and lower-level IT support groups can provide even greater efficiencies. This chapter presented some examples of how you can use the System Center IPs and PowerShell to create more sophisticated process automation scenarios to deliver end-toend automation scenarios to support your organization’s service delivery improvement initiatives, dynamic data center, and private cloud initiatives. Cloud computing and IT-asservice might not be a destination on every IT department’s roadmap, but every organization can benefit from process automation designed with the end-to-end workflow (including both the technology and the people involved) in mind.
The next chapter shows you how to use the OIS Quick Integration Kit to create your own custom objects and publish an IP.
14
Process automation should not be limited to only the time-consuming and expensive tasks or issues, but to any process where speed, consistent results, and a well-documented record of changes are desired. In the end, this approach opens the door to enabling responsive service delivery of high value to the other business units within the organization.
This page intentionally left blank
CHAPTER
15
The Quick Integration Kit
IN THIS CHAPTER . Overview of QIK . Installing QIK . QIK CLI Wizard . QIK SDK . Creating Integration Packs
One of the most powerful aspects of Opalis Integration Server (OIS) is its capability to integrate with practically everything in the data center. OIS ships with hundreds of out-of-the-box activities able to integrate with numerous end points for automation and orchestration. As no software company can develop integrations to all possible end points, software development kits (SDKs) are created that you can use for your own customizations. The Quick Integration Kit (QIK) is the SDK for OIS. By using this kit with other third-party end point SDKs, you can quickly develop integrations and drop them into your existing OIS deployment.
Overview of QIK It seems that every OIS implementation includes the question “Does OIS have an integration pack for _______?” Given that integration capability is one of the main reasons organizations consider OIS in the first place, this is to be expected. Based on current integration pack (IP) availability, there is a good chance OIS has an IP to fill in that blank. As of the release of version 6.3, 32 IPs ship with the OIS product. Seven of the IPs are for Microsoft products; the others are for various third-party vendor software products and devices. With the existence of far more than 32 different products available for the data center, there is an opportunity for further extensibility. In many cases, OIS enables integration to just about any product without an IP—simply by utilizing one of the available extensibility objects. These objects exist within the
. Deploying QIK Objects
398
CHAPTER 15
The Quick Integration Kit
base offering for OIS and are included in the Foundation objects, discussed in detail in Chapter 6, “Foundation Objects.” You can use each of the Foundation objects to connect to a system generically. After connected, different actions are available, depending on the integration surface you are connecting to and the method in which you are connecting. If the Foundation objects do not satisfy the requirements of your integration, QIK might offer an answer. The QIK SDK lets you develop your own objects.
Options and More Options Flexibility is the key to extensibility. OIS and QIK provide many options for the development method, programming language support, and deployment style for the objects you create. For those who are not programmers, QIK is still an option. With the level of flexibility offered with QIK, even those individuals new to integration and automation can build powerful, time-saving objects quickly and easily. Development Method Here are the two methods for developing QIK objects: . Using the Command Line Interface (CLI)—This option can be used with nearly any CLI or PowerShell command and can be used by anyone needing to build a QIK object or set of objects. The CLI method is recommended for individuals with little to no programming experience, providing a guided wizard and instructions. . Using the SDK—This option is best left to programmers. Although many examples come with the QIK SDK, someone with no programming background might get overwhelmed. Because there are so many examples and the QIK SDK is easy to understand and implement, this is a great place to learn programming if you are interested in doing so. Using the SDK gives you the most flexibility and power when it comes to QIK object creation. These approaches are not exclusive. You can mix and match the development methods as necessary for the QIK projects you manage. Your comfort level with programming and the requirements of your project determines how often you utilize each method. The “QIK CLI Wizard” and “QIK SDK” sections of this chapter discuss these methods in detail. Programming Language Support When using the two development methods discussed in the previous section, the following programming languages are supported: . .NET—This is the most common option with Visual Basic (VB).NET and C#.NET being the most popular selections, but you can use any language that can compile a .NET 2.0 assembly. The .NET examples and documentation that ship with QIK are C#, but all the concepts translate to VB. Compiling the finished OIS and third-party SDK code for your .NET QIK project results in a Dynamic-link Library (DLL) resource file you can immediately use with OIS.
Overview of QIK
399
. Java—Continuing with the heterogeneous theme into the extensibility options for QIK, Java support is available. The same examples that ship with QIK for .NET also exist for Java. In addition to the example code, Javadoc-generated documentation is included. Compiling the finished OIS and third-party SDK code for your Java QIK project results in a JAR resource file you can immediately use with OIS. . CLI Supported Scripting—When you walk through the steps in the wizard for the CLI method, you can create objects based on Windows commands and programs, Secure Shell (SSH) commands, and PowerShell scripts. This gives you the capability to incorporate just about any command or program across platforms. The flexibility enables object creation for homegrown programs, third-party scripts, and batch executions. As long as you can call the target by command line or PowerShell, it can be used with the CLI method. The wizard for the CLI method results in a .NET DLL resource file that you can immediately use with OIS.
Deployment Style There are two styles for deploying QIK objects: . Invoke the Compiled Resource—This option enables you to quickly and cleanly test your compiled resource (DLL or JAR) in OIS. QIK includes four objects you can use to test your compiled resource: Invoke .NET, Monitor .NET, Invoke Java, and Monitor Java. Utilizing these objects enables you to test both the design and execution experience for the objects you create. These objects look and feel like the other objects included in OIS. . Full Opalis IP (OIP) Deployment—This option is reserved for production-ready OIS implementations. This deployment style results in an OIP that can be easily distributed, making it an excellent delivery method for production-ready code. This style also enables you to re-version your OIP files with version numbering and tracking. Similar to the IPs created by Microsoft engineering, the OIS Deployment Manager is used to register and deploy these OIP files. This means your QIK objects and IPs are with all the other production IPs in your OIS implementation. In most cases (but not all), the first style is only used for testing purposes and the second for production implementations. These styles also are not exclusive. Because you can use the first style for testing or production deployment, it is possible to have a combination of resource invocation and full OIP deployment in production. The “Deploying QIK Objects” section discusses these two styles in further detail.
15
These options are not exclusive; you can mix and match the programming languages within the QIK projects you manage. In fact, there might be situations where part of the project has to be coded in Java, another part in .NET, and yet another utilizing the CLI method. Even in this situation, your project can result in a single QIK-based IP if you choose. The “QIK CLI Wizard” and “QIK SDK” sections of this chapter discuss the C#.NET and CLI methods.
400
CHAPTER 15
The Quick Integration Kit
Planning Your QIK Project With so many options available, it can feel overwhelming to build QIK objects. Remember that you decided to build a QIK object to better enable the policies and thus your automated processes. Building QIK objects is really no more than advanced object configuration. You are the one to determine the configuration decisions about inputs, actions, and the outputs. You get to configure the OIS Data Bus!
Getting Started Similar to when you build OIS policies, you must have a target, process, and a plan. Here are several questions to consider at the beginning of your QIK project: . When considering the interactions between OIS and the target system, what functions are desired? . How many QIK objects might be needed to enable those functions? . How many and what inputs and outputs are required for each QIK object to enable the desired functionality? . Which versions of the target system are the QIK objects expected to work against? . What kind of Application Programming Interface (API) is available for the target system? . Does the API require any special licensing or functionality to be enabled on the target system? . Is the target system available to test the QIK objects after developed? . Is the CLI method be an option for this project? . If using the SDK method, does the code need to be complex? . Is existing code available for the desired functionality, or does it need to be created from scratch? These questions give you a starting point to start your project. Treat your QIK projects just as you treat any other software development project.
Next Steps With a plan in place, it is time to execute. Keeping your project milestones in mind, create a development and testing environment where you can start coding against APIs, executing CLI commands, and testing your work. It is highly recommended to use nonproduction resources during testing. You are automating; everything happens faster, for better or worse.
Installing QIK
401
Installing QIK One of the first steps in building out your QIK development environment is to install QIK. The following sections walk you through installing the various QIK components, what each of the components are and where they are installed, and prepping your Integrated Development Environment (IDE) to use the QIK resource files.
Installation Prerequisites QIK has a number of components included in the install. Some are installed during execution of the Microsoft Installer (MSI) file. Many components are files, documents, or optional, so installation is up to you. Here is a listing of the basic QIK components: . QIK SDK resource files (.NET DLL or Java JAR) . QIK CLI Wizard . QIK Wizard
. Documentation and Examples (code samples for both C#.NET and Java) Before attempting to install QIK, verify the target system meets the minimum requirements and other prerequisites. Table 15.1 lists the QIK components’ basic requirements and prerequisites.
TABLE 15.1 QIK Component Requirements and Prerequisite Listing Components Item
Minimum Requirement or Prerequisite
Processor
2.1 GHz dual-core Intel Xeon 3000 series or equivalent.
Memory
2GB.
Disk Space
50MB.
Operating System
One of the following: Windows Server 2008 (32-bit or 64-bit). Windows Server 2008 R2 (64-bit). Windows Server 2003 (32-bit) Service Pack 2. Windows Server 2003 R2 (32-bit) Service Pack 2. Only the version of QIK shipping with OIS 6.3 is supported on Windows Server 2008. (It is also supported on Windows Server 2003.) Previous versions of QIK (such as the version that shipped with OIS 6.2.2) are not supported on Windows Server 2008, but are supported on Windows Server 2003.
15
. QIK IPs (Invoke .NET and Invoke Java IPs)
402
CHAPTER 15
The Quick Integration Kit
TABLE 15.1 QIK Component Requirements and Prerequisite Listing Components Item
Minimum Requirement or Prerequisite
Additional Software
.NET objects—Microsoft .NET Framework 2.0 or 3.0. Java objects—Java Standard Edition 5 or higher. Compiler—NET or Java-based IDE that can compile projects with code referencing the versions listed here. Opalis Integration Server—6.2.2, 6.3.
NOTE: IDE CONSIDERATIONS For the QIK SDK method, you need an IDE that can compile the code you create. For .NET, the authors recommended you use Visual Studio. Express versions of Visual Studio work just fine to compile QIK code into valid QIK resource DLLs. There are a number of free Java IDEs available as well. If you are planning to create QIK projects in Java, choose an IDE that best meets your needs. The only IDE requirement is that it can perform the proper compilation of QIK code into valid QIK resource JARs.
Running the Installer The installation instructions in this section are based on the installation media contained in the version 6.3 release. After downloading Opalis_180_Day_Evaluation.exe and unpacking Opalis 6.3.zip, your folder contents look similar to that shown in Figure 15.1.
FIGURE 15.1 Unpackaged OIS 6.3 installation media Within the Opalis 6.3 folder is a folder labeled Quick Integration Kit. Inside this folder, you find the QIK30.msi. Do not let that name discourage you. Within this MSI is the latest copy of QIK (version 3.1.1). Figure 15.2 shows the contents of the Quick Integration Kit folder.
FIGURE 15.2 Folder contents for the Quick Integration Kit folder
Installing QIK
403
You are now ready to execute the QIK30.msi and start the QIK installation process. The QIK installer is a basic installation wizard with standard click-through functionality. Perform the following steps: 1. The wizard begins with an initial splash screen (Figure 15.3). Read the recommendations and warnings, and then click Next to continue.
15
FIGURE 15.3 Initial splash screen for the QIK installer
2. On the next screen (Figure 15.4), you are presented with an End User License Agreement (EULA). Read the EULA; if you agree to the terms and want to continue, accept the EULA and then click Next.
FIGURE 15.4 EULA screen for the QIK installer
404
CHAPTER 15
The Quick Integration Kit
3. The screen (Figure 15.5) directly after the EULA is the User Information screen. This screen and its fields are standard, but you must enter a Product Key to continue.
FIGURE 15.5 User Information screen for the QIK installer 4. The product key for QIK is located in the 180 Day Eval Licenses.zip file included in the Opalis_180_Day_Evaluation.exe. After it is expanded, the 180 Day Eval License.zip contains an EVAL folder. Within this EVAL folder, you find a series of folders and files. The QIK Product Key is in the Opalis Eval Product Licenses.docx file. Figure 15.6 shows the EVAL folder with the Opalis Eval Product Licenses.docx highlighted.
FIGURE 15.6 EVAL folder of the unpackaged 180 Day Eval License.zip To locate the QIK Product Key, open the Eval Product Licenses.docx file, scroll to the bottom of the document, and look for the line item in the table for Opalis Quick Integration Kit. Note that there is no associated License (LIC) file like the other items in this table. This is because you do not have to use the Opalis License Manager for QIK as you do the other OIS components. The license for QIK is only required during the installation, on the third screen of the installer (refer to Figure 15.5). Enter your information on the User Information screen, including the Product Key as found in the Eval Product Licenses.docx. You are only able to proceed if the Product Key is entered correctly. Click Next.
Installing QIK
405
NOTE: QUICK INTEGRATION KIT PRODUCT KEY Figure 15.5 shows the Quick Integration Kit Product Key. This is the same key existing in the “Opalis Eval Product Licenses.docx” referenced in step 4 and in Figure 15.6. The key is publicly available in the download and for clarity included here: JKJPK-KPHIJ-KE8MR-XPY6V-W4IUW-IQIK3.
5. There is one more screen in the installer before files are actually written to the hard drive. Figure 15.7 shows the Ready to Install the Application screen. If you are satisfied with the User Information entered on Figure 15.5, click Next.
15
FIGURE 15.7 Ready to Install the Application screen for the QIK installer 6. When you click Next, QIK is quickly installed. After it is installed, the wizard displays the Finish screen (Figure 15.8), which notifies you the Opalis Quick Integration Kit 3 is successfully installed. Click Finish to exit the wizard.
FIGURE 15.8 Finish screen for the QIK installer
406
CHAPTER 15
The Quick Integration Kit
The installer is extremely simplistic, but its only real function was to unpackage the files within the QIK30.msi file. The next section discusses the actions the installer performed and where it placed the files for the QIK components you use.
Actions Performed by the Installer The installer does not let you specify where to install the QIK files; you are not even notified of the location of the default install folder. The files unpackaged from the QIK installer are located in the %ProgramFiles(x86)%\Opalis Software\Quick Integration Kit 3\ folder. Figure 15.9 shows the folder contents of this folder.
FIGURE 15.9 Quick Integration Kit 3 folder contents Each of the folders in the Quick Integration Kit 3 folder contains a different component of QIK. The following sections discuss these in more detail. SDK Resources The SDK resources for both .NET and Java can be found in the %ProgramFiles(x86)%\Opalis Software\Quick Integration Kit 3\Lib\ folder. Figure 15.10 shows the folder contents of the Quick Integration Kit 3 Lib folder.
FIGURE 15.10 Quick Integration Kit 3 Lib folder contents These files should be referenced from your IDE, as they contain all the class information necessary to build out your QIK objects using the SDK method. This is discussed in more detail in the “Your IDE and the QIK Resources” section of this chapter. QIK Executables The QIK executables can be found in the %ProgramFiles(x86)%\Opalis Software\Quick Integration Kit 3\Bin\ folder. Figure 15.11 shows the folder contents of the Quick Integration Kit 3 Bin folder with the two QIK executables highlighted.
Installing QIK
407
FIGURE 15.11 Quick Integration Kit 3 Bin folder contents and QIK executables
Within this folder, there are the two QIK executables and 34 other files. Here are these executables, as highlighted in Figure 15.11: . QIKCLI.exe . QIKWizard.exe
NOTE: DESKTOP AND START MENU FILE SHORTCUTS Whether the shortcuts for the QIK CLI and QIK Wizard are installed for all users or just your user profile is dependent on the choice you made on the User Information screen (Figure 15.5) during the installation process.
Figure 15.12 shows the newly installed QIK CLI and QIK Wizard shortcuts in the Start Menu. You can see the QIK installer also created file references here for the documentation. Here is how to navigate to the Quick Integration Kit 3 folder in the Start Menu: Start -> All Programs -> Opalis Software -> Quick Integration Kit 3. The “QIK CLI Wizard” and “Creating Integration Packs” sections discuss usage of these QIK executables in more detail.
Integration Packs The QIK Integration Packs for both .NET and Java are located in the %ProgramFiles(x86)%\Opalis Software\Quick Integration Kit 3\Integration Packs\ folder. Figure 15.13 shows the folder contents of the Quick Integration Kit 3 Program Files folder. You can deploy these files to your OIS implementation using the OIS Deployment Manager. After these are deployed, the IPs can be used to invoke the compiled resources you create for both .NET and Java. The IPs enable the Invoke the Compiled Resource option referenced in the “Deployment Style” section of this chapter. Installing the IPs is discussed in the “Installing QIK Integration Packs” section.
15
The remaining files in this Bin folder are the supporting resource files for the two executables. It is not necessary to navigate to this directory when you want to execute these programs, as the QIK installer created shortcut files on your desktop and in the Start Menu.
408
CHAPTER 15
The Quick Integration Kit
FIGURE 15.12 Start Menu shortcuts for the QIK CLI and QIK Wizard executables
FIGURE 15.13 Quick Integration Kit 3 Integration Packs folder contents Documentation QIK documentation for both .NET and Java is available in the %ProgramFiles(x86)%\Opalis Software\Quick Integration Kit 3\Docs\ folder. Figure 15.14 shows the folder contents of the Quick Integration Kit 3\Docs folder.
FIGURE 15.14 Quick Integration Kit 3\Docs folder contents
Here is a list of the various documents and their respective file paths: . Microsoft.NET Developer’s Guide—%ProgramFiles(x86)%\Opalis Software\Quick Integration Kit 3\Docs\C#\Index.html
Installing QIK
409
. Java Developer’s Guide—%ProgramFiles(x86)%\Opalis Software\Quick Integration Kit 3\Docs\Java\Index.html . QIK Wizard Help—%ProgramFiles(x86)%\Opalis Software\Quick Integration Kit 3\Docs\Help\OISIP024.chm . QIK CLI Help—%ProgramFiles(x86)%\Opalis Software\Quick Integration Kit 3\Docs\Help\OISIP035.chm These files are quite helpful after you start creating your QIK objects. Detailed class information for both .NET and Java is available, along with help files to assist with usage of the QIK executables. For .NET and Java class information, open the folder of interest, find the respective Index.html file, and start browsing through the HyperText Markup Language (HTML)-based help. The Help folder contains the Compiled HTML (CHM) files for the QIK CLI and QIK Wizard executables. Although this chapter goes into some “how to” information for these items, you should refer to this documentation for more detail.
FIGURE 15.15 Quick Integration Kit 3\Examples folder contents
Here is a list of the various examples and their respective file paths: . Microsoft .NET Examples—%ProgramFiles(x86)%\Opalis Software\Quick Integration Kit 3\Examples\C#\ . Java Examples—%ProgramFiles(x86)%\Opalis Software\Quick Integration Kit 3\Examples\Java\ . QIK SDK Example Resource Files—%ProgramFiles(x86)%\Opalis Software\Quick Integration Kit 3\Examples\Libs\ These example files are significant for learning how to create QIK objects using the SDK method. Working code samples and fully compiled resources are available. The compiled Opalis.QuickIntegrationKit.Examples.* (DLL and JAR) files in the %ProgramFiles(x86)%\Opalis Software\Quick Integration Kit 3\Examples\Libs folder can
15
Examples QIK examples for both .NET and Java can be found in the %ProgramFiles(x86)%\Opalis Software\Quick Integration Kit 3\Examples\ folder. Figure 15.15 shows the folder contents of the Quick Integration Kit 3\Examples folder.
410
CHAPTER 15
The Quick Integration Kit
be used immediately within OIS. These give you an idea of how your compiled QIK object code appears in OIS.
NOTE: EXAMPLE QIK DLL AND JAR FILE USAGE To look at and use the example DLL and JAR files in OIS, you must utilize the QIK IPs discussed earlier in the “Integration Packs” section in this chapter.
In addition to viewing the DLL and JAR files in OIS using their respective QIK IP and Invoke object, the authors suggest you examine the example project code samples. With these loaded in your IDE, you are able to see how the various QIK classes are used in real world scenarios. From here, you can start your own projects based on the sample code or modify the samples to see how changes in the code are reflected in OIS. To be used in OIS, both your new or modified code must be compiled into valid QIK resource DLLs or JARs by your IDE.
Your IDE and the QIK Resources If you are using the SDK method for QIK object creation, you need an IDE. As mentioned in the “Installing QIK” section, there are several IDE choices. This chapter discusses how to program with examples and images provided using Visual C# 2010 Express. This section steps through opening the IDE, adding the example QIK code files, and compiling the example C# code that ships with QIK. Perform the following steps:
NOTE: INSTALLING QIK ON YOUR IDE The QIK example code files should be on the same machine as your IDE. If you installed QIK on the same machine as your IDE, everything is in place. If you do not want to install QIK on the same server as your IDE, you must copy the files. Ensure you copy the appropriate QIK example code files from %ProgramFiles(x86)%\Opalis Software\Quick Integration Kit 3\Examples\ to where you installed QIK to your IDE machine. 1. Open the IDE where you are creating QIK objects. Figure 15.16 shows the Start Page of Visual C# 2010 Express. If you choose to use a different IDE, follow the instructions for opening and using that IDE as required. 2. You are now ready to open the example C# QIK project. You can do this by clicking on Open Project on the Start Page, which brings up a file chooser dialog. Navigate to the %ProgramFiles(x86)%\Opalis Software\Quick Integration Kit 3\Examples\C#\ folder. In this folder, select the QuickIntegrationKit.Examples.csproj (Figure 15.17), and click Open.
Installing QIK
411
15
FIGURE 15.16 Start Page of Visual C# 2010 Express
FIGURE 15.17 Open Project dialog with file selected
412
CHAPTER 15
The Quick Integration Kit
NOTE: EXAMPLE C# QIK PROJECT CONVERSION The example C# QIK project was originally created in an older version of Visual Studio. Depending on the Visual Studio version you are using, you might be prompted to run through the Visual Studio Conversion Wizard. If this is the case, it is recommended you use the default settings in the wizard.
3. After the project is open, you see the project files and folders in the Solution Explorer. Expand all the folders to browse the example code available. Take particular note of the Opalis.QuickIntegrationKit item in the References folder (Figure 15.18). As stated in the “SDK Resources” section, this file is installed by default in the %ProgramFiles(x86)%\Opalis Software\Quick Integration Kit 3\Lib\ folder and is required for all QIK projects you create. The file contains all the necessary class information you need to code against the OIS SDK. Each example makes explicit reference to it. Without this file, the project does not compile into a valid QIK resource DLL.
FIGURE 15.18 Visual C# 2010 Express Solution Explorer with QuickIntegrationKit.Examples project expanded and Opalis.QuickIntegrationKit Reference highlighted
4. After browsing through the various code samples, you are ready to compile the example code and build the solution. Building the solution creates a valid QIK
Installing QIK
413
resource DLL. Before building the solution, verify the target framework used by the IDE meets the QIK requirements.
NOTE: FRAMEWORK CONSIDERATIONS For this example, and as mentioned in the “Installation Prerequisites” section earlier, the framework is limited to .NET Framework 2.0 or 3.0. The requirement for your Java IDE is different. If you are using Java, ensure those specific requirements are met and explore how to change them in the IDE if necessary.
. To change the framework the project uses, right-click the project name and select Properties to bring up the Properties dialog for the QuickIntegrationKit.Examples project (Figure 15.19). By default in this version of Visual C#, the Target framework is set to .NET Framework.
15
FIGURE 15.19 Properties dialog for the QuickIntegrationKit.Examples project . Click the Target framework drop-down list. Choose either .NET Framework 3.0 or 2.0. As version 3.0 has more features, the authors recommend you choose .NET Framework 3.0. After selecting .NET Framework 3.0 from the drop-down list, you see a Target Framework Change dialog box (Figure 15.20). This is merely a warning that the project needs to be closed and reopened because of
414
CHAPTER 15
The Quick Integration Kit
this change. If you have made changes to the example code, be sure to save your changes before proceeding.
FIGURE 15.20 Target Framework Change warning dialog . Click Yes to continue. After the project closes and reopens, you can verify the target framework saved by inspecting the project properties once again. You are now ready to build the solution for this example C# QIK project. 5. Select Build Solution from the Debug menu. This takes the example code and any modifications you made and attempts to compile it into a valid QIK resource DLL. If everything builds properly, you see a Build Succeeded message in the lower left corner of the screen, as shown in Figure 15.21.
FIGURE 15.21 Build Succeeded message from Visual C# 2010 Express The output path for the compiled QIK resource DLL depends on your project properties, but the default is \Bin\Release\ within the project folder. Figure 15.22 shows the content of this folder.
FIGURE 15.22 Output folder for the QIK resource DLL This QIK resource DLL file you just compiled, along with the pre-compiled file that shipped with QIK that was installed to the %ProgramFiles(x86)%\Opalis Software\Quick Integration
QIK CLI Wizard
415
Kit 3\Examples\Libs folder, is ready to be used in OIS. The “Deploying QIK Objects” section provides details on how to use this QIK resource DLL and others similar to it.
Installing the QIK Integration Packs Before you can use the QIK resource DLL or JARs you create or those provided in OIS, you must install the QIK IPs. As discussed earlier in the “Integration Packs” section, the OIP files for these IPs are installed to the %ProgramFiles(x86)%\Opalis Software\Quick Integration Kit 3\Integration Packs\ folder. Though the IPs are specific to QIK, they are no different from any other IP that ships with OIS. Everything you know about registering, deploying, and using IPs applies to the QIK IPs. For more information on how to register and deploy OIS IPs, refer to Chapter 4, “Installing Opalis Integration Server 6.3,” For details on how to use the QIK IPs (specifically the one for .NET), please refer to the “Deploying QIK Objects” section later in this chapter.
The easiest method for creating a QIK project is the CLI Method. Not all products have a CLI, but if they do, this option enables you to quickly and easily wrap up the various commands of that CLI into a .NET resource DLL file. You then have several options for deploying the object(s) to OIS, covered in detail in the “Deploying QIK Objects” section. The following list describes the features and functionality of the QIK Wizard. The QIK CLI Wizard enables the ability to . Package CLI commands into deployable objects or OIPs, . Transform commands and their parameters into OIS forms-based objects, . Organize CLI commands into a single or multiple objects, . Package CLI commands into .NET 2.0 Framework assemblies, and . Revise QIK CLI DLLs for upgrading and bug fixes. The authors strongly recommend you use the QIK CLI Wizard only after testing the CLI commands you intend to package as objects. Testing the CLI commands before packaging them ensures an easier and more successful deployment experience. The next procedure guides you through the QIK CLI Wizard screens. Both new CLI builds and revised CLI builds are covered. Perform the following steps: 1. Open the QIK CLI Wizard by using the shortcut on your desktop or selecting it from the Start menu. Upon opening the QIK CLI Wizard, you see the QIK CLI Wizard Welcome screen (Figure 15.23).
15
QIK CLI Wizard
416
CHAPTER 15
The Quick Integration Kit
FIGURE 15.23 Welcome screen for the QIK CLI Wizard 2. As you are building a new .NET resource DLL file this time, click Next. In the “Revising OIP Builds” section later in this chapter, you click the Load from QIK CLI Assembly button to import the DLL file you create in this section. For now, click Next. 3. Figure 15.24 shows the next screen in the QIK CLI Wizard before it is configured. This is the Assembly Details screen, where you enter required assembly specific information such as name, assembly file path, and file name. Here is a list and description for each of these fields: . Name—This is the name of the assembly being created. This must be a single word (no spaces). . Assembly File—This is the path and filename for the assembly being created. . License Key—This is a legacy field used in previous versions of the QIK CLI Wizard. It should remain blank. If populated, it causes the objects created with the QIK CLI Wizard to attempt license validation at run time. As there are no longer means for you to generate corresponding licenses to be imported, populating this field results in unusable objects.
FIGURE 15.24 Assembly Details screen for the QIK CLI Wizard before configuration
QIK CLI Wizard
417
In the Name field, type the name of the assembly. This example uses QIKCLIWizardExample. Click the ellipsis next to the Assembly file field. You are prompted with a Save As file dialog (Figure 15.25). Navigate to the folder where you are saving the assembly file. In the Save As dialog, type the filename for your assembly. (The .dll portion of the file is not necessary, as it is the default in the Save as type field on this same dialog.)
15 FIGURE 15.25 Save As dialog for the Assembly file field of the Assembly Details screen of the QIK CLI Wizard with configuration
For this example, the path and filename are: %ProgramFiles(x86)%\Opalis Software\Quick Integration Kit 3\Examples\QIKCLIWizardExample.dll.
NOTE: ASSEMBLY FILE FIELD CONSIDERATIONS Although there is an ellipsis button, it is only for choosing the folder where the assembly is created. After you have selected the folder in the Save As dialog, you can type the name of the assembly in the File name field of the Save As dialog.
Although the Name and Assembly file fields are required, a number of optional fields are also available. On the main Assembly Details screen, there is only one, the License Key field, but clicking the Assembly Information button brings up an entire dialog of additional optional fields (Figure 15.26). As discussed in step 3, do not use the License Key field. Leave it blank.
418
CHAPTER 15
The Quick Integration Kit
FIGURE 15.26 Assembly Information dialog of the QIK CLI Wizard with required fields prepopulated
Although not flagged as required, three required fields on this dialog are prepopulated for you. Here is a description of each of these fields: . Title—This is a prepopulated required field for this dialog. This is the Title for the assembly being created. It is used as the default name when using the QIK Wizard to generate an OIP from this assembly. . Description—This is an optional field used to describe the assembly. . Product—This is a prepopulated required field for this dialog. This text is used to identify the Product Name for the assembly. . Company—This is an optional field used to identify the Company Name for the assembly. . Copyright—This is an optional field used to identify the Copyright for the assembly. . Trademark—This is an optional field used to identify the Trademark for the assembly. . Version—This is a pre-populated required field for this dialog. This defaults to 1.0.0.0 but might be different as it can be changed during the revision process. Version is important for redeployment to an existing OIS implementation.
NOTE: ASSEMBLY INFORMATION DIALOG CONSIDERATIONS The information configured in the Assembly Information dialog is used in the file details for the assembly file. The details for the assembly file can be found by right-clicking on the DLL file in Windows Explorer, selecting Properties, and then choosing the Version or Details tab from the Properties dialog. From this tab, you see the Assembly Information data you configured within the QIK CLI Assembly.
QIK CLI Wizard
419
Figure 15.27 shows a completed Assembly Information dialog with most of the optional fields configured.
FIGURE 15.27 Assembly Information dialog of the QIK CLI Wizard after configuration
Figure 15.28 shows a completed Assembly Details screen without a License Key configured.
FIGURE 15.28 Assembly Details screen for the QIK CLI Wizard after configuration
4. With the two required fields configured and optional fields complete (on the Assembly Information dialog), you are ready to proceed to the next screen of the QIK CLI Wizard. Click Next.
15
With all required fields configured and any optional fields you specify complete, click OK to return to the Assembly Details screen.
420
CHAPTER 15
The Quick Integration Kit
Figure 15.29 shows the Commands screen before any QIK CLI commands have been added. This is the next screen in the QIK CLI Wizard after the Assembly Details screen.
FIGURE 15.29 Commands screen for the QIK CLI Wizard before configuration
You can add one or more commands to the list on this screen. The more commands in this list, the more objects are available to add when creating the OIP file with the QIK Wizard. In addition, the more commands in this list, the more object classes appear in the class chooser in the Invoke .NET object. Click Add to configure a command. Figure 15.30 shows the Add/Edit Command dialog with the General tab selected. The Name and Mode fields are required and must be configured.
FIGURE 15.30 Add/Edit Command dialog’s General tab for the QIK CLI Wizard before configuration
QIK CLI Wizard
421
Here are the fields on the General tab: . Name—This is a required field for the name of the Command being created. This is also the name of the class that shows the QIK Wizard and Invoke .NET object. This must be a single word (no spaces). . Mode—This is a required field with a drop-down, which contains the four execution modes: Run Command, Run Windows PowerShell, Run Program, and Run SSH Command. . Program—This is an optional field depending on which Mode is selected. If Run Program is selected, this field becomes required and should be configured with the intended program path and name. . Description—This is an optional field; if configured, this text appears as the default description when using the QIK Wizard to generate an OIP from this assembly.
. Name—ipconfig . Mode—Run Command . Description—QIK CLI Example Command - ipconfig 5. Now, you are ready to proceed to the next tab of the Add/Edit Command dialog. Select the Arguments tab. Figure 15.32 shows the Add/Edit Command dialog with the Arguments tab selected. You must configure the Command Line field and Parameters list.
FIGURE 15.31 Add/Edit Command dialog’s General tab for the QIK CLI Wizard after configuration
15
Figure 15.31 shows the Add/Edit Command dialog with the General tab selected, with the fields configured. In this example, the following configuration has been completed:
422
CHAPTER 15
The Quick Integration Kit
FIGURE 15.32 Add/Edit Command dialog’s Arguments tab for the QIK CLI Wizard before configuration Here are the fields on the Arguments tab: . Command Line—This is a required field for the command syntax to be executed. The entire command can be hard coded or portions of it can be parameterized. . Parameters—This is an optional field depending on what is configured in the Command Line field. If everything in the Command Line field is hard-coded, no Parameters are required. If portions of the Command Line field are to be parameterized, Parameters are required. As this is a list, you can use the Add, Edit, and Remove buttons to configure the necessary information. Although Parameters are optional, they are the input properties for the object after it is in the OIS client. Without Parameters, the policy author cannot customize the object during design time. If you want the policy author to enter data and customize the object’s execution, create Parameters and use them within the Command Line. . Include Working Directory Parameter—This is an optional check box. If checked, this object includes an input property at policy design time that allows the policy author to specify the working directory for the command execution. If the command execution includes activities such as saving or loading data then this is the default path where that data is processed (if no explicit path is included). As the Command Line is usually parameterized, the authors recommend you configure the Parameter information before the Command Line information. To configure the Parameter information, click Add. Figure 15.33 shows the Add/Edit Parameter dialog. The Name, Usage Mode, and Display Style fields must be configured. Parameters display as fields after the object is deployed to OIS.
QIK CLI Wizard
423
FIGURE 15.33 Add/Edit Parameter dialog for the QIK CLI Wizard before configuration
Here are the fields on the Add/Edit Parameter dialog:
. Usage Mode—This is a required field with a drop-down, which contains the two usage modes: Command Argument and Environment Variable. Command Argument is used as an argument within the Command Line. Environment Variable is used as an environment variable that is set before the Command Line executes. . Display Style—This is a required field with a drop-down, which contains the six field display types: Text, Encrypted Text, True/False, Text with Selection, Date/Time, and File. This selection determines what type of field is displayed after this command is deployed as an object within OIS. If Text is selected, the field in the object is a simple text field. If you select Encrypted Text, the field in the object is a text field that is hashed from the policy author’s view. The Encrypted Text field should be used for password fields, as the data is not only obfuscated, but also encrypted within the OIS datastore. The other styles offer fields that contain an ellipsis, which prompts the policy author with a dialog. The dialog type depends on the style selected. . Default Value—This is an optional field which determines the default value for this Parameter after this command is deployed as an object within OIS. If “my value” is entered in this field, the field in the object has a default value of “my value.” . Options—This is an optional field depending on which Display Style is selected. If you select Text with Selection, this field becomes required and should be configured with the intended options to be presented to the policy author. The Ellipsis button next to this field opens a dialog where you can
15
. Name—This is a required field for the name of the Parameter being created. It is referenced when entering a parameter in the Command Line field on the Add/Edit Command dialog.
424
CHAPTER 15
The Quick Integration Kit
enter the options. You can enter one or more options in this dialog, separated by a hard return. (Press the enter key between option entries.) . Echo as Published Data—This is an optional check box. If checked, the value entered for the Parameter is written to the OIS Data Bus as Published Data to be used by other objects in the Policy. For more information on subscribing to published data, see Chapter 5, “Policy Basics.” Figure 15.34 shows the Add/Edit Parameter dialog with the fields configured.
FIGURE 15.34 Add/Edit Parameter dialog for the QIK CLI Wizard after configuration
Here, the following configuration has been completed: . Name—Options . Usage Mode—Command Argument . Display Style—Text with Selection . Default Value—/all . Options—/all|/release|/renew|/flushdns|/registerdns|/displaydns . Echo as Published Data—Unchecked The example in Figure 15.34 shows a Parameter that provides the policy author with a pick list of options (switches for the ipconfig command), with a default selection of /all. This Parameter appears as a field named options after the object is deployed to OIS. 6. Next, proceed with the completion of the Command Line syntax on the Arguments tab of the Add/Edit Command dialog. Figure 15.35 shows the Add/Edit Command dialog with the Arguments tab selected. The Parameters list has the entry that was just configured, and the Command Line field still needs to be configured. With the Parameters list configured with an item, the Command Line syntax can now be completed. Leaving space for the Parameter(s), enter the Command Line syntax for the desired command. Figure 15.36 shows the Add/Edit Command dialog
QIK CLI Wizard
425
with the Arguments tab selected. The Parameters list and Command Line field has been configured.
configuration
FIGURE 15.36 Add/Edit Parameter dialog for the QIK CLI Wizard after configuration
NOTE: COMMAND LINE SYNTAX CONFIGURATION CONSIDERATIONS The Parameters created to be used by the Command Line syntax should not be typed into the Command Line field. There are two options to insert the Parameter into the Command Line field’s syntax. . The first is to place the cursor where the Parameter is placed within the Command Line syntax, click the Insert button, and then select the desired Parameter.
15
FIGURE 15.35 Add/Edit Command dialog’s Arguments tab for the QIK CLI Wizard during
426
CHAPTER 15
The Quick Integration Kit
. The second is similar but involves using right-click instead of the Insert button. Regardless, the desired Parameter should be inserted and not manually typed within the Command.
In this example, the following configuration has been completed: . Command Line—ipconfig $(options) . Parameters List Item 1—options | CommandArgument | Selection (refer to Figure 15.34 for specifics) . Include working directory parameter—Unchecked 7. With the fields configured on the Arguments Tab, you are ready to proceed to the next tab of the Add/Edit Command dialog. Select the Published Data tab. Figure 15.37 shows the Add/Edit Command dialog with the Published Data tab selected.
FIGURE 15.37 Add/Edit Command dialog’s Published Data tab for the QIK CLI Wizard before configuration
Although this tab is optional, its configuration is discussed here. If you do not want to complete this tab, you can skip this portion of the instructions. The Published Data list now needs to be configured.
NOTE: DEFAULT PUBLISHED DATA TAB CONFIGURATION By default, two Published Data items automatically are created for all objects: Standard Output and Standard Error. Any output that the command line application, command, SSH command, or PowerShell pipe returns to the standard output stream (what would normally be displayed if running in a Windows Command Prompt) is written to the Standard Output Published Data. Likewise, error data is written to the Standard Error Published Data.
QIK CLI Wizard
427
All other Published Data items you create are optional, as the generic standard output and error information is already being written to the Data Bus through these two Published Data items. The optional Published Data items you create are used to extract specific contents from these two data streams and is written as separate Published Data items.
The Published Data list is the only item that must be configured on the Published Data tab. As this is a list, use of the Add, Edit, and Remove buttons can be used to configure the necessary information. To configure the Published Data information, click Add. Figure 15.38 shows the Add/Edit Published Data dialog. The Name, Source, Mode, Pattern, and Description fields must be configured. After this object is deployed to OIS, the Published Data items display as output after execution.
15
FIGURE 15.38 Add/Edit Published Data dialog for the QIK CLI Wizard before configuration
Here is a description for each of the fields on the Add/Edit Published Data dialog: . Name—This is a required field for the name of the Published Data item being created. . Source—This is a required field with a drop-down, which contains the two usage sources: Standard Output Stream and Standard Error Stream. You can parse the output from either of these two sources. The type of data (standard or error) you are parsing depends on your choice. . Mode—This is a required field with a drop-down, which contains the two usage modes: Match Pattern and Extract Group. Both of these options evaluate the Source stream. Match Pattern returns a True/False value based on whether the pattern match exists, while Extract Group actually retrieves each item of data that matches the pattern specified. . Pattern—This is a required field for the Regular Expression (RegEx) pattern to be used by the Mode specified on the Source selected.
428
CHAPTER 15
The Quick Integration Kit
NOTE: REGEX EVALUATOR The .NET Regular Expression evaluator is used to evaluate the RegEx patterns for the Published Data fields in objects created using the QIK CLI Wizard. A number of .NET Regular Expression evaluators are available online.
. Description—This is an optional field; if configured, this text appears as the description for this Published Data item in the object after it has been deployed to OIS.
NOTE: PUBLISHED DATA FIELD CONSIDERATIONS The list and description for the Add/Edit Published Data dialog assumes the Run Command has been selected as the Mode from the General tab of the Add/Edit Command dialog. The Run Program and Run SSH Command Modes have these same fields. The only one with different fields is Run Windows PowerShell. For the Run Windows PowerShell Mode, there are only three fields: Name, Property, and Description. Name and Description have the same definition as the preceding description, but Property is defined as the name of the Windows PowerShell property with which you want to populate the new Published Data item.
Figure 15.39 shows the Add/Edit Published Data dialog with the fields configured for the Match Pattern Mode. Here is the configuration that is completed: . Name—IP Addresses Exist . Source—Standard Output Stream . Mode—Match Pattern . Pattern—\b(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4] [0-9]|[01]?[0-9][0-9]?)\b . Description—Example Description - IP Addresses Exist
FIGURE 15.39 Add/Edit Published Data dialog for the QIK CLI Wizard after configuration for Match Pattern Mode
QIK CLI Wizard
429
Figure 15.40 shows the Add/Edit Published Data dialog with the fields configured for the Extract Group Mode. Here is the configuration that is completed: . Name—IP Address List . Source—Standard Output Stream . Mode—Extract Group . Pattern—(\b(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4] [0-9]|[01]?[0-9][0-9]?)\b) . Description—Example Description - IP Address List
NOTE: PATTERN DIFFERENCES BASED ON MODE SELECTION
The examples here result in two Object-Specific Published Data items for this example ipconfig Command. These Published Data items appear as IP Addresses Exist and IP Address List after the object is deployed to OIS. . IP Addresses Exist results in a True/False value based on whether the Standard Output Stream contains the Pattern Match on the Pattern specified. . IP Address List results in a value retrieved for each item of data that Exactly Matches the Pattern specified.
FIGURE 15.40 Add/Edit Published Data dialog for the QIK CLI Wizard after configuration for Extract Group Mode
15
You might note that the example from Figure 15.39 (which illustrates the usage of Match Pattern) does not have the text in the Pattern field encapsulated by parentheses; although, the example from Figure 15.40 (which illustrates the usage of Exact Group) does have the text in the Pattern field encapsulated by parentheses. This is because using RegEx for group extraction requires the use of parentheses, although RegEx pattern matching does not.
430
CHAPTER 15
The Quick Integration Kit
With the Published Data list configured with two items, configuring this example ipconfig Command is complete. Figure 15.41 shows the Add/Edit Command dialog with the Published Data tab selected. The Published Data list has been configured.
FIGURE 15.41 Add/Edit Command dialog’s Published Data tab for the QIK CLI Wizard after configuration
In this example, the following configuration has been completed: . Published Data List Item 1—IP Addresses Exist | Example Description - IP Addresses Exist (refer to Figure 15.39 for specifics) . Published Data List Item 2—IP Address List | Example Description - IP Address List (refer to Figure 15.40 for specifics) 8. With the Published Data list configured with two items, the Add/Edit Command dialog can now be completed. Click OK on the Add/Edit Command dialog to continue. Figure 15.42 shows the Commands screen with a Command completely configured. 9. With the Command list configured with one example command, you are ready to proceed to the next screen of the QIK CLI Wizard. Click Next, and you are taken to the Building Assembly screen (Figure 15.43). The process time is dependent on the number of commands and the size of programs you referenced during the configuration; it usually is only several seconds. 10. After building the assembly is complete, the Finish screen appears (Figure 15.44). If there were no errors, the screen has light green text stating The Wizard Completed Successfully. If there were errors when creating the Assembly (DLL), they display on this screen. The Finish screen does not display the path and file name. However, you can click the Build Integration Pack button, which takes the Assembly you just built into the QIK Wizard to start creating an IP. If this is the case, you see a screen similar to
QIK CLI Wizard
431
FIGURE 15.42 Commands screen for the QIK CLI Wizard after configuration
15
FIGURE 15.43 Building Assembly screen for the QIK CLI Wizard
FIGURE 15.44 Finish screen with success note for the QIK CLI Wizard
432
CHAPTER 15
The Quick Integration Kit
Figure 15.46 (the Welcome screen for the QIK Wizard) in the “QIK CLI Wizard” section earlier in this chapter.
FIGURE 15.46 Welcome screen for the QIK Wizard
To complete the QIK CLI Wizard without building an IP, click Finish. The resulting Assembly (DLL) file is now ready for OIP packaging or OIS deployment. You find information on packaging and deploying this file in the “Creating Integration Packs” and “Deploying QIK Objects” sections of this chapter. For more information on the QIK CLI Wizard and a guided video tutorial walkthrough, refer to the “1 of 3: QIK CLI” video in the Quick Integration Kit - Video Tutorial Series blog post at http://blogs.technet.com/b/charlesjoy/archive/2010/06/09/quick-integrationkit-video-tutorial-series.aspx.
QIK SDK Using the QIK SDK is the most powerful method for creating a QIK project. Although the CLI method limits you to those selections available with a wizard, the QIK SDK method offers complete control. The QIK SDK method also allows for greater flexibility with the CLI. As an example, this method allows you to integrate to a target product—whether it has a CLI. Several surfaces are enabled by the QIK SDK to integrate between OIS and the target product. Here are the four most common integration surfaces: . Native API of the target product (.NET or Java) . Web Services . Database . Command Line Interface
QIK SDK
433
SDK Prerequisites As discussed in the “Your IDE and the QIK Resources” section, this method has several more prerequisites than the QIK CLI method. Here are those prerequisites: . IDE Requirement—Visual Studio or Java IDE. . Integration Requirement—Based on the integration target, determine the integration surface exposed by that target. . OIS QIK Resource File—DLL or JAR. This chapter discusses the .NET classes containing the Opalis SDK. . Programming Experience—To take full advantage of the SDK method, a basic knowledge of any .NET language or Java is required. After meeting the prerequisites, you can start to code, compile, and test your integration projects. You have several options for deploying the object(s) to OIS, covered later in the “Deploying QIK Objects” section in this chapter.
Here are the features of the QIK SDK: . Simple APIs that are easy to learn and implement. . Flexible API options for multiple programming platforms. . Seamless experience for the end user because QIK-based IPs “look and feel” the same as all other IPs. . Target system API and QIK API are encapsulated into one project for easier management, compilation, packaging, and deployment. The functionality benefits of the QIK SDK are . Monitoring—The capability to add a polling interval to your objects enables continuous monitoring capabilities. . Event Reporting and Trace Logging—Create full verbose error reporting and trace logging for your objects. This gives you the ability to track exactly what happened, where it happened, and then take appropriate action. . Optional Inputs—Not all input fields you create are required during design or run time. You can hide optional fields until you want to use them. . Published Data Filtering—The capability to enable filtering for any published data item enables you to perform pre-processing of the data before it is published to the Data Bus.
15
SDK Features and Functionality
434
CHAPTER 15
The Quick Integration Kit
QIK API Integration projects using the SDK method are typically broken up into two main parts. . First is the programming necessary to create the look and feel of the OIS object. Here you spend the majority of the time interacting with the OIS-specific API for creating the inputs, filtering, data correlation, and data publishing the objects themselves. . Second is the programming necessary to get information from, submit information to, and execute the behavior desired against the target system. This is referred to as programming the domain code for the target system. At a high level, OIS is just a series of coordinated inputs, outputs, and actions. As you work more closely with the product, all the way to the API, this does not change. You are still dealing with the same questions: . What inputs does the object/class require? . What behavior does the object/class provide? . What outputs does the object/class publish? Figure 15.45 illustrates the interaction between OIS and a target system (an Operations Manager Root Management Server [RMS] in this example) as it relates to the QIK API.
FIGURE 15.45 OIS and Target System API Interaction
QIK SDK
435
QIK Programming Models The SDK method supports two programming models: . Declarative model . Imperative model These models are different in their implementation, flexibility, power, and ease of use. You can use both models at the same time in the same project. Moreover, the classes you code and build for the QIK objects you create can contain inputs, outputs, and methods from both models.
Declarative Model The Declarative model is the easier of the two and the starting point when learning the QIK SDK. If you have previously created a simple .NET project with classes, properties, methods, and attributes, you have the foundation necessary to build a QIK object. The Declarative model features the following:
. Object properties, filters, and published data created using .NET attributes based on a static class element definition; this increases the ease of use but is a tradeoff for flexibility. . Class element definitions are determined by the QIK integration framework’s interpretation of the .NET attributes used. Table 15.2 lists the .NET attributes which the class elements might be decorated as for QIK functionality identification.
TABLE 15.2 QIK .NET Attributes Attribute
Description
OpalisObject
Class Element identifying that the class represents an OIS object.
OpalisData
Class Element identifying the class represents a correlated data set of properties and published data for an OIS object.
OpalisInput
Property Element identifying that the property represents and OIS object Property (input field).
OpalisOutput
Property Element identifying that the property represents and OIS object Published Data item (output data item).
OpalisFilter
Property Element identifying that the property represents an OIS object filter.
OpalisMethod Method Element identifying identifies that the method be executed when the OIS object is started.
15
. Declaration of object properties, filters, and published data using .NET attributes.
436
CHAPTER 15
The Quick Integration Kit
Imperative Model This model should be utilized by more experienced programmers. The Imperative model is appropriate if you are comfortable using classes to implement interfaces. Using this model gives you flexibility and power when creating QIK objects. Given that there are many examples available, even if you are new to these more advanced concepts, you can ramp up quickly. Either way, the authors suggest you start by creating QIK objects using the Declarative model. After you have a solid foundation for how classes, properties, methods, and attributes are implemented within the QIK SDK and subsequently OIS, you can take the next step and start using the Imperative model. Here are features of the Imperative model: . Statements rather than class element declarations of .NET attributes define implementation of object properties, filters, and published data. . Object properties, filters, and published data are determined dynamically at run time. . Significant increase in flexibility and power as compared to the Declarative model.
QIK Project Process Every project has a process. There is a recommended process for creating QIK objects. The steps are rather basic, but executing this process ensures project success. Perhaps the best way to describe this process is by referencing an example project scenario. The following steps describe the process to create a QIK integration project where objects are built against a standard web service: 1. Determine Integration—Integrate OIS with a standard web service. 2. Determine Integration Surface—Create a web services .NET proxy from the online Web Service Definition Language (WSDL) for the target system’s web services API. 3. Implement Target System API—Use the web services .NET proxy in a QIK integration project (Visual C#) to create target system domain integration code. 4. Implement QIK API—Create configuration, input, method, and output code using the QIK API. 5. Compile Code—Successfully compile the QIK integration project (encapsulating both QIK and target system domain code). 6. Test Code—Test the QIK integration project’s DLL using the Invoke .NET object. (For more information on this and other QIK object deployment methods, refer to the “Deploying QIK Objects” section later in the chapter.) 7. Revise Code—Revise the newly created DLL by updating, fixing, enhancing the code (both QIK and target system domain code), and retesting as necessary. 8. Package Code—Create an OIP from the DLL using the QIK Wizard. (For more information on creating OIPs and using the QIK Wizard, refer to the “Creating Integration Packs” section.) 9. Deploy Code—Deploy the newly created OIP to OIS. (For more information on OIP deployment methods, refer to the “Deploying QIK Objects” section.)
QIK SDK
437
QIK Code Samples One of the best ways to learn QIK is by looking through the available sample code. QIK ships with an example project for both .NET (C#) and Java. Within these projects are numerous code samples for many different kinds of QIK objects. As discussed in the “Your IDE and the QIK Resources” section, the example projects can be added to your IDE, compiled, and deployed to OIS out-of-the-box. The next sections discuss several of the available code samples that ship with QIK. Two are from the Declarative model (Listing 15.1 and 15.2) and one from the Imperative model (Listing 15.3). Following each code listing, a breakdown of the major class elements is discussed along with the associated code snippet for that element. Declarative Samples Although you see the SMTP Send Mail QIK object referenced in the “Deploying QIK Objects” section later in the chapter, you see its source code here. The Declarative model samples (Listing 15.1 and 15.2) in this section comprise the source code for the SmtpMailSettings and SmtpMailSend classes.
using System; using System.Net.Mail; namespace Opalis.QuickIntegrationKit.Examples.Email { /// <summary> /// An OpaliData class used to provide SMTP configuration settings. /// [OpalisData(“SMTP Mail Settings”)] public class SmtpMailSettings { private String host = string.Empty; private String userName = string.Empty; private String password = string.Empty; [OpalisInput, OpalisOutput] public String MailServer { get { return host; } set { host = value; } } [OpalisInput] public String UserName { get { return userName; }
15
LISTING 15.1 Declarative Code Sample - SMTP Mail Settings
438
CHAPTER 15
The Quick Integration Kit
set { userName = value; } } [OpalisInput(PasswordProtected=true)] public String Password { get { return password; } set { password = value; } } } }
LISTING 15.2 Declarative Code Sample - SMTP Send Mail using using using using
System; System.Net; System.Net.Mail; Opalis.QuickIntegrationKit;
namespace Opalis.QuickIntegrationKit.Examples.Email { /// <summary> /// An OpalisObject that sends email using an SMTP server for delivery /// [OpalisObject(“SMTP Send Mail”, Description=”QIK Example for SMTP Mail”)] public class SmtpMailSend { private private private private private
SmtpMailSettings settings; MailAddress to; MailAddress from; string subject; string body;
[OpalisConfiguration, OpalisOutput] public SmtpMailSettings Settings { set { settings = value; } get { return settings; } } [OpalisInput] public MailAddress To { set { to = value; } }
QIK SDK
439
[OpalisInput] public MailAddress From { set { from = value; } } [OpalisInput] public string Subject { set { subject = value; } } [OpalisInput] public string Body { set { body = value; } }
15
[OpalisMethod] public void Send() { MailMessage email = new MailMessage(from, to); email.Subject = subject; email.Body = body; SmtpClient smtpClient = new SmtpClient( settings.MailServer ); smtpClient.Credentials = new NetworkCredential(settings.UserName, settings.Password); smtpClient.Send(email); } } }
Listings 15.1 and 15.2 represent both classes required for the SMTP Send Mail QIK object (SmtpMailSettings and SmtpMailSend classes). The following code snippets break these code listings down into the various class element declarations. OpalisData Declaration The following code snippet identifies the portion that represents the QIK data declaration. This type of declaration can be used to create “setting” type information. It is often used to collect and store connection and credentials information. As seen in this snippet, host, username, and password information is collected:
440
CHAPTER 15
The Quick Integration Kit
[OpalisData(“SMTP Mail Settings”)] public class SmtpMailSettings { private String host = string.Empty; private String userName = string.Empty; private String password = string.Empty; [OpalisInput, OpalisOutput] public String MailServer { get { return host; } set { host = value; } } ...
OpalisObject Declaration The code snippet in this section identifies the portion that represents the QIK object declaration. In this example, the OpalisObject includes two .NET attributes, a friendly name, and description for the object. These are used during creation of the QIK object using the QIK Wizard and is seen in the “Creating Integration Packs” section later in this chapter (Figure 15.53): [OpalisObject(“SMTP Send Mail”, Description=”QIK Example for SMTP Mail”)] public class SmtpMailSend { private SmtpMailSettings settings; private MailAddress to; ...
OpalisConfiguration and OpalisOutput Declaration The OpalisData information (from the code snippet in the “OpalisData Declaration” section) can be accessed by the QIK object during the OpalisObject declaration. The following code snippet indentifies the portion that represents the QIK configuration (access of the settings created in the OpalisData declaration) and output declaration: [OpalisConfiguration, OpalisOutput] public SmtpMailSettings Settings { set { settings = value; } get { return settings; } }
QIK SDK
441
This snippet is just one example (the most basic) for an OpalisConfiguration and OpalisOutput declaration. The next code snippet example illustrates another OpalisOutput declaration, this time with some of the optional .NET attributes that can be applied. Examples here include more descriptive and friendly field name and a description; both of which show up in the Published Data dialog for this object during design time): [OpalisOutput(“Recipients”, Description=”Recipients of the Email Sent”)] public string SentTo { get { return = to.Address; } }
OpalisInput Declaration This next code snippet indentifies the portion that represents a QIK input declaration:
The previous snippet is just one example (the most basic) for an OpalisInput declaration. The following code snippet example illustrates this same OpalisInput declaration, this time with some of the optional .NET attributes that can be applied. The example includes a more descriptive and friendly field name, default field text, and listing the field as optional, so it shows up in the optional fields listing: [OpalisInput(“Email Subject”, Default=”Default Subject”, Optional=true)] public string Subject { set { subject = value; } }
OpalisMethod Declaration The following code snippet identifies the portion that represents a QIK method declaration: [OpalisMethod] public void Send() { MailMessage email = new MailMessage(from, to);
15
[OpalisInput] public string Subject { set { subject = value; } }
442
CHAPTER 15
The Quick Integration Kit
email.Subject = subject; email.Body = body; SmtpClient smtpClient = new SmtpClient( settings.MailServer ); smtpClient.Credentials = new NetworkCredential(settings.UserName, settings.Password); smtpClient.Send(email); }
NOTE: USE OF FUNCTION NAME The name of the function (“Send” in the code snippet in this section) does not matter to the execution of the object. The OpalisMethod attribute identifies the function as the execution method for the OpalisObject.
Imperative Sample For the Imperative model sample in Listing 15.3, you see the source code for the FileList class. This sample code is also available within the example projects that ship with QIK.
LISTING 15.3 Imperative Code Sample - FileList using using using using using
System; System.Collections; System.IO; System.Collections.Generic; Opalis.QuickIntegrationKit;
namespace Opalis.QuickIntegrationKit.Examples.File { /// <summary> /// An OpalisObject that returns information about the files in a specified /// directory. /// [OpalisObject] public class FileList : IOpalisObject { private readonly static string PATH = “Path”; private readonly static string PATTERN = “Pattern”; private readonly static string NUM_FILES = “Number of Files”; public void Design(IOpalisDesigner designer) { designer.AddInput(PATH).WithFolderBrowser(); designer.AddInput(PATTERN).WithDefaultValue(“*.*”);
QIK SDK
443
designer.AddOutput(NUM_FILES).AsNumber(); designer.AddCorellatedData(typeof (FileInfoAdapter)); } public void Execute(IOpalisRequest request, IOpalisResponse response) { DirectoryInfo path = request.Inputs[PATH].As(); string pattern = request.Inputs[PATTERN].AsString(); IEnumerable files = FindFiles(path, pattern); int numFiles = response.WithFiltering().PublishRange(files); response.Publish(NUM_FILES, numFiles); }
} }
The code listing in this section represents the entire class for the FileList QIK object (FileList class). The code snippets in the next sections break this code listing down into the various class elements. OpalisObject Implementation This code snippet indentifies the portion that represents the QIK object implementation. [OpalisObject] public class FileList : IOpalisObject { private readonly static string PATH = “Path”; private readonly static string PATTERN = “Pattern”; ...
IOpalisDesigner Implementation The code snippet in this section indentifies the portion that represents the QIK input and output implementation for the IOpalisDesigner. public void Design(IOpalisDesigner designer) { designer.AddInput(PATH).WithFolderBrowser(); designer.AddInput(PATTERN).WithDefaultValue(“*.*”); designer.AddOutput(NUM_FILES).AsNumber(); designer.AddCorellatedData(typeof (FileInfoAdapter)); }
15
private IEnumerable FindFiles(DirectoryInfo path, string pattern) { foreach(FileInfo info in path.GetFiles(pattern)) yield return new FileInfoAdapter(info); }
444
CHAPTER 15
The Quick Integration Kit
IOpalisRequest and IOpalisResponse Implementation This code snippet indentifies the portion that represents the QIK request and response implementation for the IOpalisRequest and IOpalisResponse. public void Execute(IOpalisRequest request, IOpalisResponse response) { DirectoryInfo path = request.Inputs[PATH].As(); string pattern = request.Inputs[PATTERN].AsString(); IEnumerable files = FindFiles(path, pattern); int numFiles = response.WithFiltering().PublishRange(files); response.Publish(NUM_FILES, numFiles); }
OpalisData Reference The following code snippet indentifies the portion that represents the QIK correlated data implementation. This is accomplished by referencing an OpalisData implementation (in this example, the OpalisData implementation is named FileInfoAdapter): private IEnumerable FindFiles(DirectoryInfo path, string pattern) { foreach(FileInfo info in path.GetFiles(pattern)) yield return new FileInfoAdapter(info); }
OpalisData and OpalisFilter Implementation This next code snippet indentifies the portion that represents the QIK OpalisData and OpalisFilter implementations. The FileInfoAdapter OpalisData reference from the “OpalisData Reference” section uses this OpalisData implementation: [OpalisData] public class FileInfoAdapter { private readonly FileInfo info; public FileInfoAdapter(FileInfo info) { this.info = info; } [OpalisOutput(Description=”The date/time the file was created”)] [OpalisFilter] public DateTime Created
Creating Integration Packs
445
{ get { return info.CreationTime; } } ...
It is important to note the code snippet in this section is from a different class than in Listing 15.3. This code snippet was taken from an OpalisData class that represented the implementation of FileInfoAdapter. Within this code snippet, you also see the implementation of OpalisFilter. Detailed information on each of the interfaces, class elements, .NET attributes, and so on is available in the QIK documentation. The location of the documentation for QIK was referenced earlier in the “Actions Performed by the Installer” section. To see how the code from these listings and snippets translate to forms and published data in the OIS client, refer to the “Deploying QIK Objects” section of this chapter. For more information on the QIK SDK and a guided video tutorial walkthrough, refer to the “2 of 3: QIK SDK” video in Quick Integration Kit - Video Tutorial Series blog post at http://blogs. technet.com/b/charlesjoy/archive/2010/06/09/quick-integration-kit-video-tutorial-series. aspx.
15
Creating Integration Packs Creating OIP files is simple. The QIK Wizard executable has been created for just this purpose. You can use the executable to both create new OIP files and revise existing OIP files. It also has the capability to create OIP files that include a mix of all the various QIK resource file types.
The QIK Wizard The following list describes the features and functionality of the QIK Wizard. The QIK Wizard enables the capability to . Package QIK resource files into deployable OIPs. . Deploy QIK OIPs the same as all other OIPs. . Organize QIK objects into a single or multiple object palettes. . Package both QIK framework and third-party dependency files. . Revise QIK OIPs for upgrading and bug fixes.
Using the QIK Wizard Only use the QIK Wizard after testing your QIK resource files. You can test these files using the Invoke Compiled Resource deployment style. Confirming a well-tested QIK resource file ensures success after that resource file is packaged and deployed as an OIP. For additional information on testing QIK resource files in OIS before packaging them as OIPs, refer to the “Deploying QIK Objects” section of this chapter.
446
CHAPTER 15
The Quick Integration Kit
The instructions in the next sections guide you through the QIK Wizard screens. Both new OIP builds and revised OIP builds are covered. New OIP Builds Here are the instructions for a new OIP build. Perform the following steps: 1. Open the QIK Wizard. You can accomplish this either by using the shortcut on your desktop or by selecting it from the Start Menu. Upon opening the QIK Wizard, you see the QIK Wizard Welcome screen (Figure 15.46). 2. As you are building a new OIP, click Next. (When revising OIP builds in the “Revising OIP Builds” section, you click the Import Integration Pack button to import the OIP file created in this section.) For now, click Next. 3. Figure 15.47 shows the next screen in the QIK Wizard before it is configured. The Product Details screen is where you enter required product-specific information such as name, category, manufacturer, and version. Here is a description of each of these required fields: . Product Name—This is the text that appears in the OIS Deployment Manager and is the name of the QIK OIP stored in the OIS data store. . Category Name—This is the text that appears in the OIS Client and is the name of the category of QIK objects. . Manufacturer—This text is used to identify the Manufacturer of the OIP. . Version—This defaults to 1.0, but might be different as it can be changed during the revision process. Version is important for redeployment to an existing OIS implementation.
FIGURE 15.47 Product Details screen for the QIK Wizard before configuration The Resource file field is also required, but has a default value. This field is used to identify the path and file name for the file that QIK uses as the image repository and defaults to %ProgramFiles(x86)%\Opalis Software\Quick Integration Kit 3\Bin\Opalis.QIK.Wizard.Images.dll. This file and ones that are created just like it
Creating Integration Packs
447
are the only resource files the QIK Wizard accepts. For more information on QIK images and icons as well as a guided video tutorial walkthrough with example code, refer to the “3 of 3: QIK Icons” video in the Quick Integration Kit - Video Tutorial Series blog post at http://blogs.technet.com/b/charlesjoy/archive/2010/06/ 09/quick-integration-kit-video-tutorial-series.aspx. Figure 15.48 shows the file chooser dialog for the Resource file field.
An optional but important configuration item is the Customize Appearance button and subsequent icon. By default, the category icon is the standard yellow toolbox, but if you click the Customize Appearance button, you see a Custom Appearance dialog with a number of available icon images. Figure 15.49 shows the Custom Appearance dialog with the first set of visible icon images.
FIGURE 15.49 Custom Appearance dialog with icon images
By choosing an icon image from the Custom Appearance dialog, you configure what the deployed IP’s object pallet looks like.
15
FIGURE 15.48 Open Resource field file chooser dialog with default file selected
448
CHAPTER 15
The Quick Integration Kit
You might optionally include a product description and a EULA. The EULA should be a rich-text file (RTF) with the license agreement information you want the end user to agree to during deployment. The RTF file contents appear as a click-through popup dialog during the deployment of the OIP. The Upgrade from version check box and subsequent fields are also optional for new OIP builds and are discussed in the “Revising OIP Builds” section of this chapter. Figure 15.50 shows a completed Product Details screen with an alternate icon image.
FIGURE 15.50 Product Details screen for the QIK Wizard after configuration 4. With the required fields configured and whichever optional fields and configuration completed, you are ready to proceed to the next screen of the QIK Wizard. Click Next. Figure 15.51 shows the Objects screen before any QIK objects are added. This is the next screen in the QIK Wizard after the Product Details screen.
FIGURE 15.51 Objects screen for the QIK Wizard before configuration You can add one or more objects to the list on this screen. The more objects in this list, the more appear in the object palette in the OIS Client. Click Add to configure an object. Figure 15.52 shows the Object Type dialog. The Library, Class, and Name fields are required and must be configured.
Creating Integration Packs
449
FIGURE 15.52 Object Type dialog for the QIK Wizard before configuration Here is a list and description for each of these required fields: . Library—This is the path and file name of the QIK resource file where the QIK object has been created. The file chooser dialog accepts both DLL and JAR file types.
. Name—This is the name of the QIK object as coded in the QIK resource file selected in the Library field and selected in the Class field. This field defaults to the name in the code for the class chosen but can be modified as needed. The optional field on this screen, Description, also defaults to the name of the description in the code for the class chosen. You can modify the text within this field as needed. The Custom Appearance button and subsequent icon image chooser dialog is an optional configuration item. By default, a red, blue, and yellow icon image is selected. If you prefer, you can change the icon image by choosing an alternate image in the Custom Appearance dialog. This is the same process used for selecting the OIP’s category icon image. In fact, the same resource file is used as configured on the Product Details screen. Figure 15.53 shows a completed Object Type dialog with an alternate icon image.
FIGURE 15.53 Object Type dialog for the QIK Wizard after configuration
15
. Class—This is the class name of the QIK object within the QIK resource file selected in the Library field.
450
CHAPTER 15
The Quick Integration Kit
The Library field in this example is configured with the following file: %ProgramFiles(x86)%\Opalis Software\Quick Integration Kit 3\Examples\C#\Bin\Release\OpalisQuickIntegrationKit.Examples.dll. This is the same file from the “Your IDE and the QIK Resources” section of the chapter. With the required fields configured and any optional fields and configuration complete, you are ready to proceed and add another object. To add an additional object, repeat the steps in this section. Figure 15.54 shows the Objects screen after adding two QIK objects.
FIGURE 15.54 Objects screen for the QIK Wizard after configuration 5. With one or more objects in the Objects screen, you can proceed to the next screen of the QIK Wizard. Figure 15.55 shows the Dependencies screen before adding any dependent files. This is the next screen in the QIK Wizard after the Objects screen.
FIGURE 15.55 Dependencies screen for the QIK Wizard default configuration The Dependencies screen is optional. This screen is used to select the files your QIK project and code are dependent upon for successful execution. This particular example does not require dependency files. Click Next to proceed to the final screen of the QIK Wizard.
Creating Integration Packs
451
NOTE: DEPENDENCIES SCREEN CONSIDERATIONS If you created a QIK project that utilized the CLI for uptime.exe in one of the QIK objects, the uptime.exe file is then required for successful object execution after the QIK OIP is deployed to your OIS implementation. You will need to add uptime.exe to the list on the Dependencies screen. You can accomplish this by using the Add button on the Dependencies screen of the QIK Wizard. The Add button presents a file chooser dialog, which you can use to choose the necessary dependent files for your QIK project.
6. Figure 15.56 shows the Opalis Integration Pack File screen. On this screen, you configure the path and file name for your OIP.
15
FIGURE 15.56 Opalis Integration Pack File screen for the QIK Wizard You must specify a path and file name in Figure 15.56. Click on the ellipsis button and then the file chooser dialog to create the path and file as desired. For this example, the following path and file name are used: %ProgramFiles(x86)%\Opalis Software\Quick Integration Kit 3\Examples\QIKExamples.v1.0.oip. This file is referenced in the “Ready for Production” section.
NOTE: OIP NAMING CONVENTION CONSIDERATION The authors recommend that when you choose a name for your OIP file you include its current version in some format. The example in this section is the first version of the QIK Examples OIP, so the naming convention used for the file was Name.v<Major Version Number>.<Minor Version Number>.oip.
Click Next to proceed to the Processing screen (Figure 15.57). The process time is dependent on the number and size of files you referenced during the configuration; this typically is several seconds.
452
CHAPTER 15
The Quick Integration Kit
FIGURE 15.57 Processing screen for the QIK Wizard After processing is complete, you are automatically taken to the Finish screen (Figure 15.58). If there are no errors when creating the OIP, you are presented with a screen with light green text stating “The QIK Wizard Succeeded.” If there are errors while creating the OIP, they display on this screen.
FIGURE 15.58 Finish screen with success note for the QIK Wizard The path and filename configured on the Opalis Integration Pack Name screen are also displayed on the Finish screen. To complete the QIK Wizard, click Finish. The resulting OIP file is now ready for OIS deployment. More detail on deploying this file is in the “Deploying OIPs” section of this chapter.
Revising OIP Builds Whether you are updating, upgrading, modifying, or making enhancements, the QIK Wizard has the capability to support changes to those OIP files it originally created. The
Creating Integration Packs
453
revision build process is essentially the same as the new build process with several minor adjustments. The following steps walk through a simple change to the OIP file created in the “New OIP Builds” section: 1. Open the QIK Wizard. You can accomplish this either by using the shortcut on your desktop or by selecting it from the Start menu. You saw earlier in the “New OIP Builds” section that when you opened the QIK Wizard, you are presented with the QIK Wizard Welcome screen. Figure 15.46 showed this Welcome screen. It is the same for both build processes. 2. Click on the Import Integration Pack button from the Welcome screen to open a file chooser dialog. Navigate to the OIP file previously created in the “New OIP Builds” section. This file is located at %ProgramFiles(x86)%\Opalis Software\Quick Integration Kit 3\Examples\, and the filename you are looking for is QIKExamples.v1.0.oip. Figure 15.59 shows the contents of the Examples folder with the QIKExamples.v1.0.oip selected.
15
FIGURE 15.59 QIKExamples.v1.0.oip file in Examples folder 3. Selecting the file opens the Product Details screen. Because this is a revised build, all the information previously filled out is repopulated for you. If you want to change any of this information, you can do so now. It is strongly recommended you increase the version number in the required Version field on this screen. After you enter a new version, you should also check the Upgrade from version box and enter the appropriate information. Figure 15.60 shows the completed Product Details screen with updated Version and Upgrade from version fields.
NOTE: UPGRADE FROM VERSION CHECK OPTION It is required that the Upgrade From Version check box is selected and the appropriate version information is entered when revising or upgrading an OIP. If this configuration is not completed, any user with an older deployment of the OIP is unable to deploy the new version successfully. QIK does not recognize the previous version, and instead tries to perform a new installation rather than an upgrade.
4. After all revisions are made (Figure 15.60), click Next to see what the previous version of the OIP file had for objects on the Objects screen. For this example, add a new object, following the same instructions as in the “New OIP Builds” section.
454
CHAPTER 15
The Quick Integration Kit
FIGURE 15.60 Product Details screen for the QIK Wizard after revisions Figure 15.61 shows the Objects screen after three QIK objects are added (one more than the previous version).
FIGURE 15.61 Objects screen for the QIK Wizard after revisions 5. With the revisions made on the Objects screen, you are ready to proceed to the next screen of the QIK Wizard for this build. Click Next to go to the Dependencies screen. No changes are necessary here, so click Next to continue. Now on the Opalis Integration Pack File screen, you need to generate a new file. This can be created in the same folder as the first version, but the filename should be changed. Follow the same instructions as you did in the “New OIP Builds” section for naming the Example OIP file. This example uses %ProgramFiles(x86)%\Opalis Software\Quick
Creating Integration Packs
455
Integration Kit 3\Examples\QIKExamples.v1.1.oip for the path and filename. Figure 15.62 shows the Opalis Integration Pack File screen with the new filename created and highlighted.
After processing completes, you are automatically taken to the Finish screen (Figure 15.63). If everything works properly, the screen has light green text stating “The QIK Wizard Succeeded.” If there were errors during the creation of the OIP, they display on this screen.
FIGURE 15.63 Finish screen with success note for the QIK Wizard after revisions The path and filename configured on the Opalis Integration Pack Name screen are also displayed on the Finish screen. To complete the QIK Wizard, click Finish. The resulting revised OIP file is now ready for OIS deployment. More information on deploying this file is in the “Deploying OIPs” section of this chapter.
15
FIGURE 15.62 Opalis Integration Pack File screen for the QIK Wizard after revisions
456
CHAPTER 15
The Quick Integration Kit
Deploying QIK Objects After you create your objects, you can bring them directly into the OIS Client interface. As discussed in the “Deployment Style” section, there are two methods to deploy your objects to OIS. Whether it is during testing or production implementation, the QIK objects you create look and feel just like the other objects included in OIS. There are subtle object form differences, but the forms-based concept, usage of published data, filtering, and design/run time experience is the same.
Test Mode These methods follow suit with a standard software development lifecycle. After development is complete and the objects ready for testing, OIS has a mechanism to cleanly test your object before you decide to package it for production. As discussed in the “Installing QIK” section, the QIK installer makes the QIK IPs available. The next sections discuss the QIK IP used for .NET resource DLLs.
QIK IP Objects There are four objects in the QIK IPs. Two objects are for .NET resource DLL files and two are for Java resources JAR files. Here is a list of the objects: . Invoke .NET . Monitor .NET . Invoke Java . Monitor Java Although this chapter covers only the .NET objects, the functionality differences are negligible. The only real difference from the OIS interface is the reference file you choose.
QIK Object Global Configuration Like all other OIS IPs, the Options menu is used for the .NET object configuration. Creating a configuration for the .NET objects is simple. Click the Options menu and select Invoke .NET 3.0 from the list to bring up a standard OIS configuration dialog (Figure 15.64), and then click Add. You are now presented with the Add Configuration dialog. Figure 15.65 shows this configuration partially completed based on the example QIK DLL resource file previously compiled in the “Your IDE and the QIK Resources” section. Click the ellipsis button next to the Assembly field, and then navigate to and select the example QIK DLL resource file. In this case, this is Opalis.QuickIntegrationKit.Examples.dll file from the %ProgramFiles(x86)%\Opalis Software\Quick Integration Kit 3\Examples\C#\Bin\Release\ folder. Complete the remaining fields. Figure 15.65 shows the Class field already completed with Email.SmtpMailSettings selected. This is accomplished by clicking the Ellipses button next to the Class field and choosing an available class.
Deploying QIK Objects
457
FIGURE 15.64 Invoke .NET 3.0 main Configuration dialog
15
FIGURE 15.65 Invoke .NET 3.0 Add Configuration dialog
NOTE: GLOBAL CONFIGURATION OPTIONS FOR QIK Not all QIK objects require or use global configuration from the OIS Options menu. The Options menu global configuration is optional in the QIK SDK. Though optional, it is recommended as it allows the capability to abstract information that is best suited for global configuration, such as connection information, credentials, and so on. Because global configuration information is optional for the QIK code you create for your QIK objects, the onus is on you to create the association between QIK global configuration code and QIK object code. Only the QIK objects that have this association show up in the Class picker in the Options menu Add Configuration dialog. This is why you only see two available Classes in the Add Configuration dialog, although all classes are listed Class picker at the QIK object level.
458
CHAPTER 15
The Quick Integration Kit
Though there are two objects in the QIK IP for .NET, only the Invoke .NET object is discussed in detail with examples in this section. Here is the difference between the Monitor and Invoke .NET objects: . Monitor .NET object—This object is functionally the same to the Invoke .NET object in all respects except for the following: . Similar to all other monitor objects in OIS, after an instance of this object has executed, a new instance of itself is created and continues to run. . Because it continually runs, it has a configurable polling interval. You can choose to expose this configuration to the policy author or hardcode it within the source code. . It can only be associated to classes that have a monitor configured within the code. . Invoke .NET object—This is the most frequently used object for testing compiled .NET QIK DLL resource files. This object, like the others in the QIK IPs, can be found in the Quick Integration Kit 3.0 object palette. Figure 15.66 shows the contents of the Quick Integration Kit 3.0 object palette.
FIGURE 15.66 Quick Integration Kit 3.0 object palette
Configuring QIK Objects This section walks you through configuring an Invoke .NET object. The example uses the Email.SmtpMailSettings class from the compiled .NET QIK DLL resource file. Perform the following steps: 1. From the Quick Integration Kit 3.0 object palette, select and drag an Invoke .NET object to the OIS workspace. Figure 15.67 shows an Invoke .NET object in the OIS workspace.
FIGURE 15.67 Invoke .NET object in the OIS workspace
Deploying QIK Objects
459
2. Double-click the Invoke .NET object; this opens the object properties dialog. Figure 15.68 shows the Class Information tab of the Invoke .NET object before any information is configured.
15
FIGURE 15.68 Class Information tab before configuration
The process to configure the Invoke .NET object is the same as any other OIS object. The Invoke .NET object consists of a form of fields you can configure by typing information directly into the fields or by populating from pick lists. Pick lists are not always available; when they are, an ellipsis button appears in the field after it has focus. To access the pick list, click on the Ellipsis button to bring up a dialog. The dialog type varies based on the type of information the field contains. Figure 15.69 shows the Class Information tab of the Invoke .NET object after it is configured.
FIGURE 15.69 Class Information tab after configuration
460
CHAPTER 15
The Quick Integration Kit
The Invoke .NET object’s configuration used the Email.SmtpMailSettings class from the Opalis.QuickIntegrationKit.Examples.dll file. Because this class was associated to global configuration information, the Setup field was configured to use the associated Example QIK .NET Configuration settings. This configuration information was previously created in the “QIK Object Global Configuration” section. 3. Remember, the global configuration information for QIK objects is optional: . If you start to configure an object that is not associated with global configuration information, the Setup dialog box is blank. In that instance, the Setup field can remain blank. . In this example, the Setup field for this Invoke .NET object is configured with its associated global configuration information. After the Class Information is complete, you can click the Properties tab for this Invoke .NET object. If everything was configured properly on the Class Information tab, you are taken to the Properties tab with no errors. Figure 15.70 shows the Properties tab of the Invoke .NET object before it has been configured. You notice that the field attributes match the code snippet from the more advanced example in the “OpalisInput Declaration” section earlier in the chapter. The Email Subject field is selected from the Optional Properties dialog because it is listed as “Optional=true” in the code snippet.
FIGURE 15.70 Properties tab before configuration
4. Fill out the field information on the Properties tab to complete this Invoke .NET object’s configuration. Much like the Setup field on the Class Information tab is optional, so too are Filters and Optional Properties for the Invoke .NET object. If you create a QIK object with Optional Properties, the Optional Properties button on the Properties tab in the Invoke .NET object are visible. Figure 15.71 shows the Properties tab with the Optional Properties button visible for this Invoke .NET
Deploying QIK Objects
461
object. As Optional Properties are not built into the Email.SmtpMailSettings class, an alternate example class (Network.PingComputer) was chosen.
5. If you create a QIK object with filter capabilities, the Add button on the Filters tab in the Invoke .NET object is enabled. Figure 15.72 shows the Filters tab for this Invoke .NET object. As filter capabilities have not been built into the Email.SmtpMailSettings class, the Add button in Figure 15.72 is disabled.
FIGURE 15.72 Filters tab with disabled Add button 6. If everything is configured properly, you are able to click the Finish button. Clicking the Finish button completes the configuration of this Invoke .NET object. You can now test the execution of this object by either using the Testing Console or checking in its policy and clicking Start.
15
FIGURE 15.71 Properties tab with the Optional Properties button visible
462
CHAPTER 15
The Quick Integration Kit
NOTE: PROCESS REUSE You can repeat the process described in this section for any QIK resource DLL or JAR you create in your IDE. Remember, this process is most often used to test a QIK resource DLL or JAR file before it is packaged up into an IP. It is perfectly acceptable to use the QIK IPs with QIK resource DLL or JAR files as your final solution. The deployment decision is up to you, although for ease of distribution and versioning, the authors recommend you create and deploy an IP for wide scale use.
Ready for Production Unlike invoking a compiled resource, the Full OIP Deployment style is reserved for production implementations. It is strongly recommended that OIP creation and deployment of OIP files only occur after the compiled resources they utilize are fully tested. Although OIP files can be managed with version numbering and tracking, it is best to keep production releases to major revisions. When possible, roll up all minor revisions into a less frequent major release. Between major releases, take advantage of the QIK IP Invoke objects.
Packaged Objects Whether the resource file is a .NET DLL created by the SDK method, .NET DLL created by the CLI method, or a Java JAR created by the SDK method, each of these files can be packaged and coexist within one OIP file. This makes the OIP files you create powerful and flexible, although the creation and deployment process remains simple. Detailed information on how to create IPs was discussed previously in the “Creating Integration Packs” section. The “QIK CLI Wizard” section included instructions on how to create a QIK OIP file. The example in that section resulted in the creation of an OIP file named QIKExamples.v1.0.oip located at %ProgramFiles(x86)%\Opalis Software\Quick Integration Kit 3\Examples\ (Figure 15.73).
FIGURE 15.73 QIKExamples.v1.0.oip file in Examples folder
Deploying QIK Objects
463
This example OIP contains only one QIK resource file (%ProgramFiles(x86)%\Opalis Software\Quick Integration Kit 3\Examples\C#\Bin\Release\Opalis.QuickIntegrationKit.Examples.dll) and two objects from the following classes: . Email.SmtpMailSettings . Network.PingComputer During configuration with the QIK Wizard, the Category Name field for this example OIP file is set to QIK Examples. Because of this configuration and the classes chosen, when this OIP is deployed it is visible in the OIS Client with an object category name of QIK Examples. It contains two objects: . SMTP Send Mail . PingComputer
NOTE: QIK EXAMPLES OBJECT LISTING
Deploying OIPs Remember that everything you know about registering, deploying, and using IPs applies to QIK IPs that you create and package as OIPs. For more information on how to register and deploy OIS IPs, refer to Chapter 4. Figure 15.74 shows the QIK Examples IP as it is deployed to the OIS Action Server FIREBALL. This figure shows the Action Server tab of the FIREBALL Action Server as displayed from the OIS Deployment Manager.
FIGURE 15.74 Example IP Deployed to the FIREBALL Action Server
15
The names of the objects in the QIK Examples OIP are as listed in this section only because this is what their configuration is set to during the creation of the OIP file. You can see this configuration in Figure 15.54 earlier in this chapter.
464
CHAPTER 15
The Quick Integration Kit
Figure 15.75 shows the QIK Examples IP as it is deployed to the OIS Client. In the image, the IP is highlighted to make it stand out in the list of object palettes. It also is the only object palette that is expanded to show its available objects.
FIGURE 15.75 Example IP Deployed to the FIREBALL Client You can use the objects from the QIK Example IP like all other available OIS objects. Figure 15.76 shows the two objects in the OIS Client workspace linked together. Take note of their default names. They are exactly as they are configured and as can be seen in Figure 15.76.
FIGURE 15.76 Example IP Objects in the OIS Client workspace Using the OIS Client workspace, you could not even tell that you created these objects. The capability for objects you create to blend in and work like all other OIS objects is one of the
Deploying QIK Objects
465
best features of QIK. The only indication that they are QIK-created objects can be seen during their individual object configuration. Figure 15.77 shows the PingComputer object’s properties. By its form style, it is clearly a QIK-based object. This difference is purely cosmetic as all standard functionality is carried through all OIS objects, QIK or otherwise.
15
FIGURE 15.77 Example IP Object properties You have now seen how the code listings and snippets translate to forms. The following illustrates what some of the Published Data looks like as it is translated by the OIS client from the code listings and snippets. Figure 15.78 shows the Published Data from the PingComputer object (as seen throughout the previous code and object examples).
FIGURE 15.78 Example Published Data from the PingComputer object Figure 15.79 shows the Published Data from an Invoke .NET object calling the example .NET DLL containing SmtpMailSend as seen in the code snippet from the more advanced
466
CHAPTER 15
The Quick Integration Kit
example in the “OpalisConfiguration and OpalisOutput Declaration” section earlier (a Recipients field with description is visible).
FIGURE 15.79 Example Published Data from the Invoke .NET (SmtpMailSend) object Figure 15.80 shows the Published Data from an Invoke .NET object calling the example .NET DLL containing FileList as previously seen in Listing 15.3.
FIGURE 15.80 Example Published Data from the Invoke .NET (FileList) object There are a number of different Published Data items with various data types and many with descriptions. Each of these attributes is determined within the code (Listing 15.3). Up until now, each of the figures for these examples has been an illustration of the design time experience for the policy author. Figure 15.81 shows the execution results of the
Summary
467
Invoke .NET (FileList) object (Figure 15.80) as seen from the Policy Testing Console Published Data Browser. The object is configured to list all the files in the %ProgramFiles(x86)%\Opalis Software\Quick Integration Kit 3\Lib\ folder (as seen earlier in Figure 15.10).
FIGURE 15.81 Example Execution Results from the Invoke .NET (FileList) object
Summary Whether you thought you were a developer at the beginning of this chapter, you now have the tools and examples to improve your technical toolbox. The OIS QIK SDK is so simple and powerful you can quickly transform from fearing development work to controlling it. This chapter guided you through the basics of what QIK has to offer, how to develop with it, and how to use it in your existing OIS implementation. You might have already explored a bit of QIK work, as evident from the ever-growing community contributions on CodePlex (http://opalis.codeplex.com/). Don’t miss this opportunity to fine tune or ramp your development skills. For more information on QIK as well as a guided video tutorial walkthrough, refer to the TechNet blog post “Quick Integration Kit - Video Tutorial Series” at http://blogs.technet. com/b/charlesjoy/archive/2010/06/09/quick-integration-kit-video-tutorial-series.aspx.
15
This correlated list of Published Data is generated during object execution because the FileList Class (Listing 15.3) utilized an OpalisData class (code snippet for the FileInfoAdapter Class discussed in the “OpalisData and OpalisFilter Implementation” section). Each of these examples illustrated the power and flexibility offered by the OIS QIK SDK. This is why many of the available OIS IPs have been built on QIK (including the System Center VMM and DPM IPs to name just two).
This page intentionally left blank
APPENDIX
A
Support and Troubleshooting
IN THIS APPENDIX . Product Footprint . Basic Troubleshooting . Common Questions . Versions . Log History
Opalis Integration Server (OIS) is fully supported through Microsoft’s normal support channels. This appendix walks you through troubleshooting basics. For those items not covered here, major issues, or complex questions, the authors recommend you contact Microsoft support. The appendix will assist you with product footprint familiarity, problem identification, product version discovery, and basic troubleshooting steps including how to set log levels, where to look for logs, and what to expect within the logs. It also answers some frequently asked common questions.
Product Footprint The OIS’s footprint spans the file system, registry, running processes, services, and numerous tables in the datastore. Most of this product footprint is located on the servers where you install the OIS components and the managed devices (also known as satellite machines). The extent of the product footprint depends on the number of components installed and their roles. The following sections discuss the different product footprint areas.
File System There are two primary folders for the OIS files: . Product files exist in the %ProgramFiles(x86)%\Opalis Software\Opalis Integration Server\ folder and subfolders.
. Logging Levels
470
APPENDIX A
Support and Troubleshooting
. Product extensions and dependencies exist in the %ProgramFiles(x86)%\Common Files\Opalis Software\Opalis Integration Server folder and subfolders. Figure A.1 and Figure A.2 show the placement of the OIS software on the file system.
FIGURE A.1 Folder structure for the OIS software files
FIGURE A.2 Common files used by OIS
NOTE: %PROGRAMFILES(X86)% DESIGNATES A LOCATION ON 64-BIT SYSTEMS You can install OIS 6.3 on Windows 2008 64-bit or 32-bit systems and Windows 2003 32-bit (with Service Pack 2). The references in this appendix to %ProgramFiles(x86)% denote a Windows 2008 64-bit installation. The location on 32-bit systems would be %ProgramFiles%.
Some of the files and folders in these locations grow as you install additional components. Others grow with the daily usage of the OIS. When you install new components for the OIS, you will add files to a number of folders. Here is the list of files and folders: . Install Package MSI Repository—%ProgramFiles(x86)%\Opalis Software\Opalis Integration Server\Management Service\Components\Objects\ . Install Package OIP Repository—%ProgramFiles(x86)%\Opalis Software\Opalis Integration Server\Management Service\Components\Packs . Product Specific Dependency Files—%ProgramFiles(x86)%\Common Files\Opalis Software\Opalis Integration Server\Extensions\Support
Product Footprint
471
. Product Specific Shared Resource Files—%ProgramFiles(x86)%\Common Files\Opalis Software\Opalis Integration Server\Shared . Product Specific Resource and Dependency Files— %ProgramFiles(x86)%\Common Files\Opalis Software\Opalis Integration Server\Strings Daily usage of the OIS and execution of policies adds files to the following folders: . Action Server, Policy Module and Database Connection Log Files— %ProgramFiles(x86)%\Opalis Software\Opalis Integration Server\Action Server\Logs . Designer Client Log Files—%Program-Files(x86)%\Opalis Software\Opalis Integration Server\Client\Logs . Component Log Files—%ProgramFiles(x86)%\Opalis Software\Opalis Integration Server\Management Service\Components\Logs . Deployment Manager Log Files—%Program-Files(x86)%\Opalis Software\Opalis Integration Server\Management Service\Console\Logs . Management Service, Action Server Watchdog Service, and Database Connection Log Files—%ProgramFiles(x86)%\Opalis Software\Opalis Integration Server\Management Service\Logs . Action Server Execution Output Files—%ProgramFiles(x86)%\Opalis Software\Opalis Integration Server\Action Server\Output In addition, a Start Menu folder and desktop shortcut are added to the All Users profile during a default install of the OIS: . C:\Documents and Settings\All Users\Start Menu\Programs\Opalis Software\Opalis Integration Server . C:\Documents and Settings\All Users\Desktop The footprint information described to this point is based on installation defaults. Here is information based on optional components: . Quick Integration Kit—The Quick Integration Kit (QIK) is the optional component that contains the necessary files to learn and utilize the OIS Software Development Kit (SDK). . The default installation location is at %ProgramFiles(x86)%\Opalis Software\Quick Integration Kit 3. A Start Menu folder is added to the All Users folder during a default install of QIK at C:\Documents and Settings\All Users\Start Menu\Programs\Opalis Software\Quick Integration Kit 3. . The bulk of the files within the resulting folder are tutorial in nature: . Help Documentation for both .NET and Java SDK options is located at %ProgramFiles(x86)%\Opalis Software\Quick Integration Kit 3\Docs. . Example Code projects for both .NET and Java SDK options is at %ProgramFiles(x86)%\Opalis Software\Quick Integration Kit 3\Examples.
472
APPENDIX A
Support and Troubleshooting
. The QIK folder is static. In addition to the tutorials, the folders include resource files for using QIK, including . Optional Opalis Integration Packs (IP) for .NET and Java Invoke objects—%ProgramFiles(x86)%\Opalis Software\Quick Integration Kit 3\Integration Packs . .NET and Java Resource files to be included in the SDK projects built using QIK—%ProgramFiles(x86)%\Opalis Software\Quick Integration Kit 3\Lib . Required files for the usage of the QIK Command Line Interface (CLI) Wizard and QIK Wizard—%ProgramFiles(x86)%\Opalis Software\Quick Integration Kit 3\Bin. Both the QIK CLI and QIK Wizard create desktop shortcuts to the executable in this folder. Chapter 15, “The Quick Integration Kit (SDK),” discusses using QIK. . Opalis Operator Console (OOC)—The footprint for the optional OOC includes many different folders and files. The console is a Java-based application. The exact location for these folders and files is user configurable. In many cases, the folder itself is named JBOSS or Operator Console, but can be named anything. When installing the OOC, there is an optional step to set up an environment variable named %JBOSS_HOME%. (Chapter 4, “Installing Opalis Integration Server 6.3,” provides installation information.) Depending on the user configurable options specified when installing the OOC, the folders and subfolders might differ. The main differences are with the options given during installation: . Database Configuration—This option impacts only the contents of the opalis-ds.xml file in the %JBOSS_HOME%\server\default\deploy folder. . Authentication Method—This option determines whether the opalisactivedirectory-service.xml file (Active Directory authentication) or the OpConsoleAuthStandalone-1.0.sar folder and related subfolders (standalone authentication) are created in the %JBOSS_HOME%\server\default\deploy folder. . OOC Installed as a Service—The suggested method from the provided documentation adds the required wrapper files and folders to the following folders: . %JBOSS_HOME%\bin . %JBOSS_HOME%\lib . %JBOSS_HOME%\server\default Other methods to install the OOC as a service might be available; although that footprint information is not included in this appendix. . Remote Trigger—This optional component is installed by default in %ProgramFiles(x86)%\Opalis Software\RemoteTrigger. Similar to the OOC, Remote
Product Footprint
473
Trigger is a Java-based application, and the folder location will be based on the user’s configuration. The information stored within this folder and related subfolders grows based on installation configuration and usage. The %ProgramFiles(x86)%\Opalis Software\RemoteTrigger\logs folder contains the log files generated during execution. Because this optional component enables store-and-forward functionality for the OIS, the %ProgramFiles(x86)%\Opalis Software\RemoteTrigger\store folder contains files used during normal operation. The other folders contain configuration and help documentation for this optional component. . Audit Trail—The Audit Trail optional component adds audit folders to the existing OIS’s footprint: . %ProgramFiles(x86)%\Opalis Software\Opalis Integration Server\Action Server\Audit . %ProgramFiles(x86)%\Opalis Software\Opalis Integration Server\Management Service\Audit These folders will be the home to the Audit Trail text files generated during daily execution of OIS policies.
TIP: WATCH FOR FILE GROWTH Be aware that any folder that is in the usage growth category can consume a considerable amount of space over time. Be sure to take necessary steps to archive, purge, or augment disk space as necessary.
Registry Structure Although searching the Registry for Opalis yields many individual results, the majority of the Opalis Registry information is contained in HKLM\SOFTWARE\Opalis (Windows Server 2003 x86) or HKLM\SOFTWARE\Wow6432Node\Opalis (Windows Server 2008 x64), as displayed in Figure A.3.
FIGURE A.3 Registry Path used by OIS
474
APPENDIX A
Support and Troubleshooting
Here is the main subfolder structure under the Opalis\Opalis Integration Server key: . Action Server—This key contains details about the installed Action Servers, including ActionServerID, which corresponds to the UniqueID field in the ACTIONSERVERS table in the OIS datastore. . IPs—This key contains details about the IPs registered on the Management Server. The respective Globally Unique Identifier (GUID) values for this list correspond to the ProductID field in the CAPS table in the OIS datastore. . Management Server—This key contains details about the Management Server. The value data for this key includes InstallLocation, which is the path to the OIS software folder chosen during installation. By default this value is %ProgramFiles(x86)%\Opalis Software\. . TraceLogger—This key contains a set of subkeys that identify the trace logging configuration. By default, each of the values in these keys is set at the lowest log level. Log level is user configurable from this Registry location. Details about log level are covered in the “Logging Levels” section later in this appendix. In addition to the log level configuration for the various OIS components, the default logging directories for these components can be seen and set from this Registry location. Other OIS Registry keys might be created during the registration and deployment of some IPs to the HKLM\SOFTWARE\Opalis or HKLM\SOFTWARE\ Registry key locations. Figure A.3 illustrates all the OIS registry key paths for a system where all the OIS components have been installed. Table A.1 lists the breakout for these registry key paths by major OIS component.
TABLE A.1 Registry Keys by Major OIS Component Registry Key Path
Action Server
..\Action Server
X
..\IPs
X
Client Management Server
X
..\Management Server
X
..\TraceLogger\ActionServerWatchdog
X
..\TraceLogger\DBSetup
X
X X
..\TraceLogger\LicenseManager
X
..\TraceLogger\OISClient ..\TraceLogger\OpalisActionService
X X
..\TraceLogger\OpalisManagementService
X
..\TraceLogger\pic ..\TraceLogger\PolicyModule
X
X
Product Footprint
475
TABLE A.1 Registry Keys by Major OIS Component Registry Key Path
Action Server
Client Management Server X
..\TraceLogger\Setup ..\TraceLogger\TestingConsole
X
Running Processes and Services OIS utilizes a combination of running processes and Windows services to perform all its actions and general usage. Here is a list of the default processes (does not include optional components): . OpalisActionService.exe (%ProgramFiles(x86)%\Opalis Software\Opalis Integration Server\Action Server\OpalisActionService.exe)—Executable for the OIS Action Server service. . OpalisManagementService.exe (%ProgramFiles(x86)%\Opalis Software\Opalis Integration Server\Management Service\OpalisManagementService.exe)— Brokers relationship between the OIS Client and Deployment Manager to the datastore. Also used by Deployment Manager to deploy OIS components. . OpalisActionServerWatchDog (%ProgramFiles(x86)%\Opalis Software\Opalis Integration Server\Management Service\ActionServerWatchDog.exe)—Monitors Action Server status to report on any failures. . OpalisRemotingService.exe (%ProgramFiles(x86)%\Opalis Software\Opalis Integration Server\Management Service\Console\OpalisRemotingService.exe)— Executable that performs actions and executions on remote managed devices. This is installed on all systems where an OIS Client and/or OIS Action Server are deployed. . OPEXESVC.exe (%windir%\System32\OPEXESVC.exe)—OIS Remote Execution Service (on local and target managed devices). This is installed through the execution of the Run Program Foundation object on any target device.
Start Menu Programs Here are the OIS-related programs found in the Windows Start Menu: . OIS Client (%ProgramFiles(x86)%\Opalis Software\Opalis Integration Server\Client\OISClient.exe)—Executable for the OIS Client. A shortcut is added to the Start Menu on all systems where an OIS Client is deployed. . Deployment Manager (%ProgramFiles(x86)%\Opalis Software\Opalis Integration Server\Management Service\Console\OISDeployment Manager.exe)—Executable for the OIS Deployment Manager. This is added to the Start Menu on all systems where an OIS Management Server has been installed. . License Manager (%ProgramFiles(x86)%\Opalis Software\Opalis Integration Server\Management Service\LicenseManager.exe)—Used to import licenses for
476
APPENDIX A
Support and Troubleshooting
OIS IPs and OIS itself. A shortcut is added to the Start Menu on all systems where an OIS Management Server has been installed. . Database Configuration (%ProgramFiles(x86)%\Opalis Software\Opalis Integration Server\Management Service\DBSetup.exe)—Used during installation, upgrade, or configuration to configure the database settings for OIS. This is added to the Start Menu on all systems where an OIS Management Server and/or OIS Action Server have been installed or deployed. . OOC (http://localhost:5314/)—A shortcut created for the default URL address to the OOC. It is not an installed program, but the shortcut is added to the Start Menu during install. This is added to the Start Menu on all systems where an OIS Management Server has been installed.
Background Executables A number of background executables are associated with the OIS. Here’s a list: . %ProgramFiles(x86)%\Opalis Software\Opalis Integration Server\Management Service\oedc.exe—Command Line Utility for Administration of OIS Event delivery. . %ProgramFiles(x86)%\Opalis Software\Opalis Integration Server\Management Service\OIS5StartPolicy.exe—Command Line Utility for Policy execution. . %ProgramFiles(x86)%\Opalis Software\Opalis Integration Server\Management Service\ASPT.exe—Command Line Utility for altering the Policy Throttle Limit for the deployed Action Servers. . %ProgramFiles(x86)%\Opalis Software\Opalis Integration Server\Action Server\PolicyModule.exe—Executable for the Policy execution engine instantiated by the OpalisActionService. . %ProgramFiles(x86)%\Opalis Software\Opalis Integration Server\Client\pic.exe— Executable used to create an image of a policy. This image is stored to the database in the POLICY_IMAGES table and most often utilized by the OOC. . %ProgramFiles(x86)%\Opalis Software\Quick Integration Kit 3\Bin\QIKCLI.exe (default path, user configurable)—Executable for the QIK CLI Wizard, which allows creation of .NET Resource DLLs based on a series of user configured CLI commands. . %ProgramFiles(x86)%\Opalis Software\Quick Integration Kit 3\Bin\QIKWizard.exe (default path, user configurable)—Executable for the QIK Wizard, which allows for creation of OIS IP (OIP) files based on user configured .NET DLL or Java JAR files. . %JBOSS_HOME%\bin\wrapper.exe (user configurable)—Allows the OOC to run as a Windows service, named “Opalis Operator Console” by default.
Basic Troubleshooting
477
Alternatively, you can use this to allow the OIS Remote Trigger Component to run as a Windows service with the service name user configurable. . %ProgramFiles(x86)%\Opalis Software\Opalis Integration Server\Management Service\atlc.exe—Command Line Utility for altering the activation of the Audit Trail component.
Datastore Because the OIS is a database-centric application, its product footprint extends into the database. During installation, the target database is configured and populated with the necessary OIS tables. This includes data from the install and configuration of OIS, as well as policy configuration and execution data. . Here is a sampling of the install and configuration data: . Action Server count and configuration . Client machine deployment count and configuration . IP installation and deployment count and configuration . License information . Policy configuration and execution data includes items such as the following: . Global settings (computer group, variable, counter, and schedule information) . Global configuration (IP and foundation object connection information) . Folder and policy names and hierarchy . Policy logic and configuration . Object data and configuration . Policy and object execution log data Data is never purged from these tables unless explicitly requested or scheduled by the user; even then, only policy and object execution log data can be purged. All other data items remain untouched. You can purge the data using the OIS Client, as Microsoft does not support direct manipulation of the objects within the OIS database.
Basic Troubleshooting The following list comprises a number of basic troubleshooting steps to follow when you have trouble with policies starting or executing properly. . Unable to start a policy—The inability to start an OIS policy is a fairly common symptom. Generally, the reason for this is the OpalisActionService has failed to start for some reason. Try restarting the service and starting your policy again. If the
478
APPENDIX A
Support and Troubleshooting
OpalisActionService is running, but you don’t find the policy actually running, check the Event tab in the OIS Client for possible reasons. . Unable to start the Action Server—The OIS Action Server is an instance of the Windows service called OpalisActionService. This service is responsible for running policies. Here are some things you can check if unable to start the OpalisActionService service: . Verify the service account listed in the Log On tab in the services dialog, highlighted in Figure A.4. Make sure this is the account you intend to use for the OIS Action Server. Also, verify that the account has the Log On Locally right and is a member of the local machine’s Administrators group.
FIGURE A.4 OpalisActionService in the services.msc window . Verify the service account has SQL Server sysadmin rights to the OIS database. Because the Action Server is writing to the SQL database frequently, the service account will need to have rights to the OIS tables. If you installed OIS using the service account, you should not have this issue. . Verify the OIS Action Server can access the SQL instance normally. This can also prevent an OIS Action Server from starting properly. . Policy is not running—The quickest way to see if your policy is running is checking the Log tab of the OIS Client. When you press the Start button, you should see a new entry in the Log tab within several seconds. Verify the time listed for the new entry is correct. (Remember that this will be the time of the SQL instance, not necessarily your local time.) You can also use the Refresh icon in the client to get the most current view. However, the best way to tell if your policy is running is by checking the Windows Task Manager to see if there is a PolicyModule.exe *32 running for your policy. Each policy that runs has a PolicyModule.exe, so you might see more than one in the task list. It is best to check before you start your policy to see how many, if any, PolicyModule.exe(s) are running. Figure A.5 shows the Task Manager. Opalis events will also indicate if there was a reason why a deployed policy is not
Basic Troubleshooting
479
running (policy limit has been reached, no available Action Servers, policy execution outside the schedule, and so on).
FIGURE A.5 PolicyModule.exe *32 process in the Task Manager
. Orphaned log entries—In some situations, the OIS Client produces so-called ghost entries. Ghost entries are entries in the OIS Client Log tab that appear to be active policies but are not in memory. These events can appear if there is trouble communicating with the database and the log entries become orphaned. Although the entries are harmless, they can cause confusion. If you notice orphaned log entries, you can delete them from within the client. This most commonly occurs if one of the following three events occurs: . A policymodule.exe terminates unexpectedly. . An Action Server service terminates unexpectedly. . An Action Server is not shut down gracefully. . Verifying your policy actually did...—As OIS is a general purpose automation platform, you can construct policies to do just about anything. How do you check the policy actually did what you asked? The best method for checking the results of a policy is to run the policy through the Policy Testing Console. The Testing Console gives you the ability to step through your policy object by object as well as presenting all the log details available by default. You can also use the OIS Client to verify the outcome, but remember to turn on Store Object-specific Published Data and
480
APPENDIX A
Support and Troubleshooting
Store Common Published Data so the logs retain the runtime Published Data. Figure A.6 displays these options.
FIGURE A.6 Policy Property window’s Logging tab with verbose logging checked
. Unable to execute objects from an IP—If you are running a policy using objects from one of the IPs (say the IP for BMC Remedy AR System) and find the policy executes normally except for the objects included in the IP, check your logs and the Events tab. If you do not have a valid license for the IP, you will see an error indicating this. OIS does not require a valid license to install IPs or create policies with them. It does require a valid license to run them however. If this is the case, you will not receive any error messages during policy creation or check in. You will see only the error displayed in Figure A.7 at runtime.
FIGURE A.7 Opalis Platform Event Message with a License warning
Basic Troubleshooting
481
Although you do need to have licenses installed for most of the OIS-provided IPs (all IPs except for those released with version 6.3), they do not have a cost associated with them. Microsoft provides all the licenses necessary to satisfy the OIS licensing requirements. For information about why these requirements remain, see Chapter 1, “Introducing Opalis Integration Server 6.3.” . Trace logging—In some circumstances, the object-level logs will not provide enough information to identify a problem with your policy, or the policy module is the cause of the issues (rather than the objects). In these situations, or whenever requested by technical support, enable trace logging on the components in question. Remember that trace logging is available on each component individually (PolicyModule, OISClient, OpalisActionServer, and so on), so ensure you have enabled it on the components you are investigating. Figure A.8 shows the registry path for the ActionServerWatchdog TraceLogger key, HKLM\Software\Wow6432Node\Opalis\Opalis Integration Server\TraceLogger\ActionServerWatchdog.
FIGURE A.8 TraceLogger registry key path and values The maximum log level is 7 and should be used only during your debugging measures. The maximum logging level is quite verbose and generates large amounts of logging data. If you leave this setting on inadvertently, it can consume large amounts of disk space and impact performance. For these reasons, trace logging at level 7 should be used only for short periods unless otherwise directed by Microsoft Support. Trace logging levels apply to all instances of the processes being traced. When tracing policy execution in a production environment, it is recommended to have the policy (or policies, if tracing multiple policies as part of an overall process) running
482
APPENDIX A
Support and Troubleshooting
on a dedicated Action Server. This ensures the trace does not affect the performance of other policies. It also minimizes the logging from other policies that might confuse troubleshooting efforts.
Common Questions There are a number of questions new users ask when they begin working with OIS. This section covers some of the more common questions. Why are you unable to add a license to the OIS License Manager? Error messages might include, “The license for Opalis Integration Server is missing or invalid, or Invalid key or license.” There might be several possible causes for this situation; check the following: . The license file itself might be corrupt. This can happen during file transfers. . The file is not stored locally. The License Manager cannot properly read files from Universal Naming Convention (UNC) paths. . The license key was not entered correctly, or the curly braces {} were not included. . The license has already been added to the product. . You do not have proper permissions to access the license file.
NOTE: LICENSE MANAGER TROUBLESHOOTING License import issues are the number one troubleshooting topic in OIS. A Microsoft KB article has been created to support this issue, available at http://support.microsoft. com/kb/2022625.
Why did the OIS Testing Console produce a result different from the OIS Client? The OIS Client displays the results of the policies executed by the OIS Action Server. The Action Server runs under whatever user content is associated with the service (service account). The Testing Console actually runs the policy on your client system using your current login credentials. If you see a difference in the outcomes of these two methods, the discrepancy is generally because the Action Server service account has different permissions than the account you are using. Does OIS have an IP for ______? (Where the blank may be whatever product you might encounter.) The full list of IPs is covered in Chapter 8, “OIS Integration,” but there are certainly more products in the data center than the IPs that exist.
Common Questions
483
Although a product is not on the list, it does not mean that OIS cannot integrate, automate, or orchestrate to that product. In many cases, OIS can integrate to just about any product (including the ones on the list) without an IP. Instead, OIS would utilize one of its various Extensibility Foundation objects. Here are some examples of Extensibility Foundation objects: . Run Program . Query Database . Run SSH Command . Query WMI . Invoke Web Services . Run .Net Script . Get/Monitor/Create SNMP Trap . Monitor File/Monitor Folder Each of these can be used to generically connect to a system. After connecting, you can take different actions, depending on the integration surface you are connecting to and the method in which you are connecting. If these objects cannot satisfy the requirements of the integration, OIS ships with a fully functional and powerful SDK. This portion of the product is called QIK. See Chapter 15, “The Quick Integration Kit,” for more information. What types of databases can OIS integrate with? The Query Database object can integrate with SQL, Access, Oracle (the Oracle client must be installed on the Action Server), or any other Open Database Connectivity (ODBC) compatible database using ODBC Data Source Names (DSNs) installed on the Action Server. This list differs from the list of databases where OIS can be installed. Refer to those sections of Chapter 4, “Installing Opalis Integration Server 6.3,” that discuss installation prerequisites and database creation for more information on suggested installation database types. You can also refer to the “Opalis Integration Server 6.3 Release Notes” on TechNet that discuss database system requirements (http://technet.microsoft.com/en-us/ library/gg440700.aspx). You have an older version of OIS. Is it possible to upgrade to the newer version or export your older workflows into OIS 6.3? Yes. You can update all versions of OIS (5.3–6.2.2) to 6.3, and any export from earlier versions can be imported into 6.3. You import an existing ois_export file and notice some of the objects are named “Unknown Object” and have a “?” icon which is disabled from configuration (Figure A.9), what happened?
484
APPENDIX A
Support and Troubleshooting
FIGURE A.9 Unknown Object image as seen within the OIS Client GUI As all Foundation objects from previous versions are still included in OIS 6.3 (though some are hidden from the object palette view and exist only in the Legacy object palette); this “Unknown Object” is most likely not a Foundation object. The “Unknown Object” icon issue most commonly occurs when viewing a policy from an OIS Client that does not have the appropriate IP for the problem object installed. Because the IP is not installed, the OIS Client does not have the resource binary, which includes the icon image. Resolution of this issue involves deleting the impacted policy or policies, installing the necessary IPs, and then reimporting the policy or policies. You have an older version of Opalis Robot. Is it possible to upgrade to the newer version or export your older workflows into OIS 6.3? No. Opalis Robot and OIS are two separate products. Although the final versions of Opalis Robot were version 4.x and the first version of OIS was version 5.0, the two are unrelated. They look similar and provide similar functions but are built differently. Opalis Software provided a utility with the earlier versions of OIS to try to ease the transition by allowing Robot exports to be ported to OIS, but it was removed because it did not provide good results. If you have Opalis Robot and are transitioning to OIS, you must manually rebuild your policies on the new installation. Although that might seem a time-consuming step, it is worth the time invested to make sure your processes that are automated are still current and valid. How many Action Servers do you need? The number of Action Servers you need depends on a number of parameters. The default Policy Throttle limit is set to 50 by default regardless of your installed OS, so everyone can run 50 policies concurrently without issue. The throttle value can usually be raised considerably without resource constraint. See Chapter 7, “Implementation and Best Practices,” for more information. Is it possible to automatically import/export policies from one OIS instance to another or to a source control system? Not at this time. You must manually export and import on OIS 6.3. What is the Data Bus? The Data Bus is an internal transport system that provides object details from one object to another within the product. For more details, see Chapter 5, “Policy Basics.” Should you cluster OIS Action Servers?
Common Questions
485
No. Action Servers are meant to be installed redundantly where all the redundant servers are running actively. Action Servers should not be clustered. If they are clustered in an active/passive model, the information in the database will not be in sync with the information of the passive server, and this will cause issues. You will definitely want to cluster the OIS database to increase availability and redundancy.
OOC Questions The following common questions address the installation and usage of the OOC. The OOC seems like a real challenge to get installed and working, do you actually need it? No. The OOC is an optional component and is not required by OIS. It does however provide a few features that are not otherwise available (such as providing an inbound web service interface and the ability to trigger policies from a webpage). If you want to use any of these features, you will need to install the OOC. The OOC will not start properly or at all. What should be checked first? In a default configuration, the OOC runs inside a command prompt window. Start the OOC using the run.bat -b 0.0.0.0 command and leave that window open while you test. After you are sure the OOC is working properly, follow the instructions in Chapter 4 to run it as a service. If you are not able to get the OOC to start normally in a command prompt window, it is usually the case that one of the files required to run the console is missing, corrupt, or misplaced. The OOC starts properly but you cannot log into the site no matter what credentials you use (see Figure A.10). What should you check?
FIGURE A.10 OOC failed login screen Verify you are using the correct security model, either Active Directory or standalone; also verify that you are using the correct SQL settings in the opalis-ds.xml found in %JBOSS_HOME%/server\default\deploy.
486
APPENDIX A
Support and Troubleshooting
Why can my domain administrator log in to the OOC but other administrators cannot? If the user account is not explicitly a member of the OOC AdministratorGroup (as defined in the opalis-activedirectory-service.xml found in %JBOSS_HOME%/server\default\deploy; the default group is Domain Admins), the user has no effective permissions on the OOC and sees an empty default view. To access the console properly, the user must be an explicit member of the defined group; implicit user group rights are not enough. This is to say if UserA is a member of GroupX and GroupX is a member of Domain Admins, UserA will not have access to the console. It is best to create a specific OOC security group and manually add administrators specifically to that group. Why do new policies created within existing folders not inherit the permissions of the parent folder in the OOC? The OOC uses a separate security table from the main OIS client. Because the OOC is an add-on and not directly integrated into the product, it does not automatically add special permissions to new folders or policies. As user rights assignments for the OOC are static, new policies are never granted to anyone other than the OOC Administrator Group, regardless of the folder path or previous recursive settings.
Foundation Object Questions The following are common questions addressing the use of the OIS Foundation objects. How can you use OIS to telnet to a network device or system? OIS 6.3 does not ship with an object that will connect using telnet. If possible, enable SSHv1 on the target device and use the Run SSH Command object to accomplish your task. Which object(s) can be used to run PowerShell scripts? You can run PowerShell scripts from the Run Program object, just as you would from the command line, or you can use the Run .Net Script object. The Run .Net Script object is generally preferable because you can embed the script within the object itself and any changes to it are audited. In addition, the Run .Net Script allows the publication of specific variables to the Published Data Bus as strings, integers, or date/time formats, which greatly increases its usefulness in a policy. If you need to access a Unix host, do you need the Unix IP? Probably not. The Unix IP provides a daemon for specific versions of Solaris, Linux, AIX, and HPUX. This daemon gives OIS the capability to monitor the Unix file system and execute specific file system related tasks or text file tasks. See Figure A.11 for the Unix IP Objects. If you need to simply access a host to issue one or more commands but are not actively monitoring file system events or managing files, you should consider the Run SSH Command object. Does OIS provide objects to work with SNMP traps? Yes. In the System category, you will find the Get SNMP Variable, Monitor SNMP Trap, Send SNMP Trap, and Set SNMP Variable objects.
Common Questions
487
FIGURE A.11 Collection of Unix IP objects Can you restrict a policy (or part of one) from running at specific times? Yes. Policies all have a schedule function in the properties tab. You can apply a schedule to a policy so the policy only executes during the scheduled time. The Check Schedule object also allows you to configure scheduling logic into a policy. It can be used within a policy to determine whether to continue policy execution based on a defined schedule. What other simple outputs can be used to test a policy, other than watching the logs within the Policy Testing Console? Consider using Send Email or Send Exchange Email to send output to your inbox. You can also use the Send Platform Event to send information into the Events tab within the OIS Client. If you are using Windows 2003 as your platform, you can use Net Send as well. Can I schedule policies to execute based on a schedule? Yes. You have the ability to create and set a schedule at the policy level in the General tab of the policy’s properties (see Figure A.12). Similarly, you can use the Check Schedule object within a policy to restrict the objects that follow the Check Schedule from running, unless the schedule that is checked by the object returns True—meaning that the runtime of the policy has fallen within the schedule. This is commonly used when the policy includes a remediation step that will reboot a server or restart a service and such a restart is only desirable during off hours. By looping the Check Schedule object until the execution result is True, you can ensure the restart happens only at a desired time regardless of when the issue is detected (see Figure A.13). How can OIS call a web service on another system? Use the Invoke Web Service object. Point the object at the target system’s Web Service Definition Language (WSDL) file. This provides the object all the necessary information to
488
APPENDIX A
Support and Troubleshooting
FIGURE A.12 Policy Property window’s General tab with a Schedule configured
FIGURE A.13 Check Schedule object configured within a workflow enumerate the methods provided by the service and a sample of the Simple Object Access Protocol (SOAP) payload.
Versions OIS 6.3 is a mix of different components. Some of these components have different versions than others. The easiest way to find the version of an OIS component is to use the Programs and Features applet in Windows Server 2008. You can access this applet (or Add/Remove Programs for Windows Server 2003) by running appwiz.cpl from the Run command. Table A.2 shows other places to find the version of each component you have installed.
Log History
489
TABLE A.2 OIS Component Version Identification Component
Where It Is Found
What You Can Find
OIS Client
Help -> About, Deployment Manager
Lists version for Client, Management Server, and Libraries.
Action Servers
Deployment Manager
Lists Action Server versions and roles.
Management Server
Deployment Manager
Identifies Management Server version, database server, and catalog.
Deployment Manager
Deployment Manager
Identifies Deployment Manager version.
Datastore
SQL Query within the OIS Datastore: SELECT * FROM VERSION
Identifies database schema version.
OOC
%JBOSS_HOME%\
Various versions for the Java and Jboss components.
IPs
Deployment Manager
Lists versions of the various IPs.
Supporting Components, Processes, and Services
File System/File Versioning Details
Individual versions and file detail for the supporting components. Many can be found in the following directory: %ProgramFiles(x86)%\Opalis Software\Opalis Integration Server\Management Service.
Log History The log history for policies is captured during execution and is stored within the OIS’s datastore. Here are the three primary tables where the data is stored: . POLICYINSTANCES . OBJECTINSTANCES . OBJECTINSTANCEDATA The amount of data stored in these tables is determined by settings at the policy level. By default, each policy is set to have a minimal amount of log history stored. There is no global setting for verbose logging on/off. If you want a policy to have verbose logging, you will need to check the policy out, go to the Logging tab in the policy’s properties, and check both of the available checkboxes. Figure A.6 provides an illustration of this. The maximum amount of log history will be stored for policies with this configuration. This means that both common and object specific published data for each of the policy’s objects will be logged for every execution instance of that policy.
490
APPENDIX A
Support and Troubleshooting
Data Items Logged Here is the basic data that is logged by default: . Name . Type . Status . Start Time . End Time . Object Process ID . Object start time . Object end time . Object status . Error Summary Text (if applicable) If the Store Common Published Data check box is checked, here are the data items that are logged: . Loop: Enabled . Loop: Number of attempts . Loop: Total duration . Object duration . Object end time (day) . Object end time (hours) . Object end time (minutes) . Object end time (month) . Object end time (seconds) . Object end time (weekday) . Object end time (year) . Object ID . Object name . Object type . Policy name . Policy Process ID . Server name
Log History
491
If the Store Object-Specific Published Data check box is checked, a varying number of data items are logged, depending on the object. As its name suggests, the amount and variety of published data stored for each object depends on that object’s specific purpose. For example, the Append Line object’s object-specific data items are: . File encoding . File path . Line number . Line text If both the Store Common Published Data and Store Object-Specific Published Data check boxes are enabled for a policy containing an Append Line object, all the data items are logged each time the object is executed. You can imagine what kind of data would be stored if this example policy executed every 5 seconds, all day, every day. Even if the data appended to the file were not significant, the amount of logging data stored in the OIS datastore would be, due to the logging frequency and number of data items, stored with each execution.
Log Purging As the data required to store log history can grow to be quite large, you can configure log purging within the OIS Client. You can schedule this to run at a specific date and time or at a defined frequency with a start time. There are a number of log purge options. Figure A.14 illustrates available log purge configuration options.
FIGURE A.14 Log purge configuration This configuration screen is available by navigating to the Connections pane of the OIS Client, selecting and right-clicking the Management Server’s name, and choosing Log Purge. Refer to http://technet.microsoft.com/en-us/library/gg440801.aspx for additional information on purging logs.
492
APPENDIX A
Support and Troubleshooting
NOTE: LOG PURGE TIMEOUT CONSIDERATIONS Depending on how many logs are stored, the log purge may not function as expected. In fact, if there are too many logs, the log purge may time out. If the log purge times out when you choose “Purge Now” or the purge does not appear to work when scheduled, you may need to TRUNCATE each of the log tables to “start fresh.” Once cleared, the log purge will function as expected. The log tables are listed at the start of this “Log History” section.
Between the log purge utility and the truncate options, there is a middle ground—manually executing the SQL stored procedure used by the log purge utility. The stored procedure used by the log purge utility is sp_CustomLogCleanup.
CAUTION: LOG PURGE OPTIONS SUPPORTABILITY NOTICE Direct interaction with the OIS datastore is never recommended, this information is provided for informational purposes only. Unless specifically directed by Microsoft Support, table truncation and manual execution of the sp_CustomLogCleanup stored procedure are not recommended nor supported. Using the log purge utility is the only supported option for log purging.
When the sp_CustomLogCleanup stored procedure is executed, it identifies 200 policy instances to purge and returns either a 0 or a 1 upon completion. The stored procedure identifies the 200 policy instances that are to be purged by executing one of three additional stored procedures based on the log purging option selected: . sp_GetLogEntriesForDelete_FilterByEntries . sp_GetLogEntriesForDelete_FilterByDays . sp_GetLogEntriesForDelete_FilterByEntriesAndDays The log purge utility has a hard-coded time out value for the execution of the stored procedure. While not recommended, you can change this value within the stored procedure to accommodate extremely large log counts. If you choose to truncate, truncating the OBJECTINSTANCEDATA and OBJECTINSTANCES tables should be enough, as these two tables contain the bulk of log data. You may not be able to truncate the POLICYINSTANCES table due to foreign key constraints.
Logging Levels Valid logging levels range from 1–7. You can configure logging levels in the registry at HKLM\SOFTWARE\Opalis\Opalis Integration Server\TraceLogger\. By adding the different available log levels (Table A.3), you can trace different amounts of information. For example, log level 3 is 1 (Errors) + 2 (Warnings); this will write all Errors and Warnings in
Logging Levels
493
the trace logs. Likewise, log level 7 is 1 (Errors) + 2 (Warnings) + 4 (Information), resulting in a full trace of activities. The recommended log levels are: 1, 3, and 7.
TABLE A.3 TraceLogger Logging Levels Log Level
What Will Be Logged?
1
Errors
2
Warnings
4
Information
TraceLogger Options There are 10 OIS components you can configure for trace logging. Each has a key at HKLM\SOFTWARE\Opalis\Opalis Integration Server\TraceLogger\. Here are the key names: . \ActionServerWatchdog . \DBSetup . \LicenseManager . \OISClient . \OpalisActionService . \OpalisManagementService . \pic . \PolicyModule . \Setup . \TestingConsole Based on the issue, increase the logging level from the default (1) to 3 or 7 until the information you are looking for is available. The locations of the log files and their prefix are listed as values within each of the previously mentioned keys. The LogFolder value contains the path of the log files being generated, whereas the LogPrefix value contains the name of the log files being generated. The logs generated here capture errors and warnings that usually are hidden in the GUI.
Checking Logs It is common to look at these logs when errors or warnings are generated during normal operation of the OIS components. As an example, if you are being prompted with database connectivity, licensing, or application failure messages, it is a good idea to review the available logs. You will want to look for the log with a date and time near the time you experienced the error. As the logs can grow to be quite large, depending on the log level identified, be sure to find the corresponding date and time stamp within the log file. If
494
APPENDIX A
Support and Troubleshooting
the information about the error appears to be missing from the log, it might be that the log level is set too low. If it is at all possible, increment the log level and attempt to reproduce the error again. At log level 7, the logs might appear unreadable to the untrained eye. Do not get discouraged; Microsoft support has resources that can analyze these logs and assist you in determining the root cause of the error. Capture and collection of these logs is advised either before or during the call to support.
APPENDIX
B
Reference URLs
IN THIS CHAPTER . General Resources . Microsoft’s OIS Resources . Additional Resources . Blogs . The System Center Family
This appendix includes a number of reference URLs associated with System Center Opalis Integration Server (OIS). URLs do change—although the authors have made every effort to verify the references here as working links, there is no guarantee they will remain current. It is entirely possible some will change or be “dead” by the time you read this book. Sometimes the Wayback Machine (http://www. archive.org/index.php) can rescue you from dead or broken links. This site is an Internet archive, and it will take you back to an archived version of a site—sometimes.
General Resources A number of websites provide excellent resources for OIS. . Installing the product is covered in Chapter 4, “Installing Opalis Integration Server 6.3.” Daniel Grandini, a System Center MVP, writes of his own experiences on installing 6.3 on Windows 2008 Release 2 (R2) at http://nocentdocent.wordpress.com/ 2010/12/29/installing-opalis-6-3-on-windows-2008-r2/. . CodePlex offers community software for OIS, including sample workflows, objects, and code, at http:/ /opalis.codeplex.com/. . To see a complete listing of community-developed Opalis Integration Packs (IPs), visit http://www. codeplex.com/ site/search?query=opalis&ac=8. . See an “Opalis Survival Guide” at Microsoft’s TechNet Wiki at http://social.technet.microsoft.com/wiki/ contents/articles/opalis-survival-guide.aspx.
. Public Forums
496
APPENDIX B
Reference URLs
. The System Center Central Opalis forum is at http://www.systemcentercentral.com/tabid/60/tag/Forums+Opalis/Default.aspx. . System Center Central also maintains an IP Catalog, available at http://www.systemcentercentral.com/PackCatalog/tabid/63/Default.aspx?tag=Pack_C atalog+Opalis_IP_Catalog. . To Bing for Opalis-related information, try http://www.bing.com/search?q=Opalis.
Microsoft’s OIS Resources The following list includes some general Microsoft resources available for OIS 6.3: . A general guide to OIS-related resources is available at http://blogs.technet.com/b/ opalis/p/opalis_resources.aspx. . Visit Microsoft’s Opalis website at http://www.microsoft.com/systemcenter/en/us/ opalis.aspx. . Visit Microsoft’s System Center website at http://www.microsoft.com/systemcenter/. . Visit Microsoft’s Opalis Engineering Team blog at http://technet.microsoft.com/enus/systemcenter/ff426909.aspx. . Visit The Opalis Team blog on TechNet at http://blogs.technet.com/b/opalis/. . The System Center Team Blog (NEXUS SC) includes articles on OIS at http://blogs. technet.com/b/systemcenter/. . Find resources on Opalis products at http://blogs.technet.com/b/opalis/p/ opalis_resources.aspx. . Documentation on the 6.3 release is available at http://technet.microsoft.com/en-us/ library/ff630946.aspx. . Opalis 6.3 Release Notes are at http://technet.microsoft.com/en-us/library/gg440700.aspx. . Download the “Opalis Integration Server Administration Guide” at http://technet. microsoft.com/en-us/library/gg464955.aspx. . The “OIS Client User Guide” is available at http://technet.microsoft.com/en-us/ library/gg464921.aspx. . For technical notes on OIS Workflow, see http://download.microsoft.com/download/ 2/4/7/2476F85B-F6ED-4066-9AFC-4A341A7A996F/Opalis_Workflow_final.pdf. . The “Opalis Integration Guide” (a whitepaper) is at http://download.microsoft.com/ download/2/8/9/289DDDAC-2378-471C-8736-768DF3D76E5E/ WP_Opalis_Integration_Guide.docx. . For the “Deployment Guide,” see http://download.microsoft.com/download/1/9/E/ 19EC7076-19E5-4841-82CF-1858AAF76DB6/Opalis_Deploy_final.pdf.
Microsoft’s OIS Resources
497
. Microsoft provides documentation for the System Center IPs at TechNet: . Configuration Manager—http://technet.microsoft.com/en-us/library/gg440753.aspx. . Data Protection Manager—http://technet.microsoft.com/en-us/library/ gg464929.aspx. . Operations Manager—http://technet.microsoft.com/en-us/library/gg440623.aspx. . Service Manager—http://technet.microsoft.com/en-us/library/gg464964.aspx. . Virtual Machine Manager—http://technet.microsoft.com/en-us/library/ gg440741.aspx. . Here are some individual blogs: . Adam Hall—http://blogs.technet.com/b/adhall/. . Charles Joy—http://blogs.technet.com/b/charlesjoy/. . Stefan Stranger—http://blogs.technet.com/b/stefan_stranger/. . Kevin Sullivan—http://blogs.technet.com/b/kevinsul_blog/. . You will also want to look at http://blogs.technet.com/b/yasc/. . Charles Joy’s YouTube videos are at http://www.youtube.com/user/charlesjoyMS. . Microsoft Pathways for Opalis is at http://www.microsoft.com/pathways/opalis/. Pathways aims to assist Opalis customers and partners during the product’s transition to the Microsoft System Center family. . To download a 180-day evaluation version of OIS 6.3, see http://download.microsoft. com/download/D/F/C/DFC9F061-65A9-44C0-9012-450A7B8697CC/ Opalis_180_Day_Evaluation.exe. . Microsoft customers with qualifying SMSE/D licenses can download a non-eval copy at http://download.microsoft.com/download/C/2/B/C2BBA2D3-C2D5-4733-9603DA22BBCA2842/opalis_full.exe. . License import issues are the number one troubleshooting topic in OIS. A Microsoft KB article discussing this issue is available at http://support.microsoft.com/kb/2022625. . http://blogs.technet.com/b/opalis/archive/2010/05/07/workflow-authoring-examplesand-samples.aspx includes workflows and samples written for OIS 6.2.2. . Importable workflows from CodePlex are at http://blogs.technet.com/b/opalis/ archive/2010/05/07/workflow-authoring-examples-and-samples.aspx. . Documentation on Foundation objects is available on TechNet at http://technet. microsoft.com/en-us/library/gg440735.aspx. . Legacy objects are documented at http://technet.microsoft.com/en-us/library/ gg464910.aspx. . Information on using global settings with policies is available at http://technet. microsoft.com/en-us/library/gg464956.aspx. . Do you need to move your Opalis SQL database to a different database server? Find information at http://support.microsoft.com/kb/2023122.
498
APPENDIX B
Reference URLs
. System Center Tech Center—Links to System Center products and technologies are at http://technet.microsoft.com/en-us/systemcenter/bb980621. . Virtual Hands On Labs—Includes virtual labs for System Center products including Operations Manager, Essentials, Configuration Manager, and Opalis at http:/ /technet.microsoft.com/en-us/bb539977.aspx. . XML Notepad 2007 is an intuitive tool for browsing and editing XML documents. Read about it at http://msdn2.microsoft.com/en-us/library/aa905339.aspx and download the tool from http://www.microsoft.com/downloads/details.aspx?familyid= 72d6aa49-787d-4118-ba5f-4f30fe913628&displaylang=en. . Interested in learning more about the Microsoft Operations Framework? Check out version of 4.0 of the MOF at http://go.microsoft.com/fwlink/?LinkId=50015. . Details about the Microsoft Solutions Framework (MSF) are located at http://www.microsoft.com/downloads/details.aspx?familyid=50DBFFFE-3A65-434AA1DD-29652AB4600F&displaylang=en and http://www.microsoft.com/downloads/ details.aspx?familyid=a71ac896-1d28-45a4-880c-8b0cc8265c63&displaylang=en.
Additional Resources Here are some additional resources for your use: . Installing the OOC, an additional component, is discussed at http://blogs.technet. com/b/charlesjoy/archive/2010/07/15/installing-opalis-integration-server-operatorconsole-video-tutorial.aspx. . The OOC installation requires a considerable amount of supporting software prior to installation. The list of the required files and download links is available at http:/ /technet.microsoft.com/en-us/library/gg440750.aspx.
TIP: COMMUNITY RESOURCE FOR THE FILES REQUIRED TO INSTALL THE CONSOLE As this book was going to press, some of the links at http://technet.microsoft.com/enus/library/gg440750.aspx no longer appear to be valid. Marcus Oh, one of the contributors to this book, has the download files captured on Windows Live SkyDrive. For information on obtaining the necessary files, see http://marcusoh.blogspot.com/ 2011/06/opalis-operator-console-installation.html.
. Microsoft provides documentation on securing the OOC at http://technet.microsoft. com/en-us/library/gg440648.aspx. . You can configure the OOC to start as a service using the Java Service Wrapper provided by Tanuki Software. Charles Joy provides instructions on configuring the Tanuki wrapper at http://blogs.technet.com/b/charlesjoy/archive/2010/06/25/
Additional Resources
499
opalis-operator-console-as-a-windows-service-video-tutorial.aspx. You might also want to view http://blogs.technet.com/b/charlesjoy/archive/2010/09/07/opalis-operator-console-as-a-windows-service-update.aspx. . Altosoft provides a dashboard for Opalis that you can download from http://www. altosoft.com/products/opalis_dashboard.shtml. . The Integration Pack for Standard OIS Logging provides packaged functionality for external data persistence creation and maintenance. You can get it at CodePlex, http://opalis.codeplex.com/releases/view/46978. A user guide is available at http://opalis.codeplex.com/releases/46978/download/126591 with a usage guide at http://opalis.codeplex.com/releases/46978/download/141994. . Marcel Zehner at SCSMFAQ.ch has built and made available a new Opalis integration pack for Service Manager. For details, see http://blog.scsmfaq.ch/2011/04/02/ opalis-integration-pack-extension-for-service-manager//. Marcel plans to upload the IP to CodePlex and the TechNet gallery (http://gallery.technet.microsoft.com). . The TechNet Gallery for System Center is located at http://gallery.technet.microsoft.com/site/search?f%5B0%5D.Type=RootCategory&f% 5B0%5D.Value=SystemCenter&f%5B0%5D.Text=System%20Center. The gallery includes community-written tools and utilities. . Other IPs are also available at CodePlex. As an example, the VMM Extended Integration Pack is at http://opalisvmmextended.codeplex.com/. . Download the OIS SCOM Extensibility Kit 2.0 from CodePlex at http://opalis.codeplex.com/releases/view/50751. . The SCCM Client Center IP is an open source IP available on CodePlex at http://sccmclictropalis.codeplex.com/ . Interested in monitoring OIS from Operations Manager and don’t want to wait for an official Microsoft management pack? Here’s an approach at http://www.scomguy.com/blog/?p=117. Find related articles by “SCOMGUY” at http://www.scomguy.com/blog/?category_name=opalis. . Microsoft discusses how to set up SMTP traps to monitor for OIS platform events. These can be passed to the Simple Network Management Protocol (SNMP) monitoring agent of your choice, such as Operations Manager 2007. http://support. microsoft.com/kb/2269622 provides details. . For an article on extending Opalis Automation with Service Manager 2010, see http://www.systemcentercentral.com/BlogDetails/tabid/143/indexId/86705/Default.aspx. . See Cameron Fuller’s posting on how to create an all-in-one Opalis environment at http://blogs.catapultsystems.com/cfuller/archive/2010/09/07/creating-an-all-in-oneopalis-environment.aspx.
500
APPENDIX B
Reference URLs
. Charles Joy has compiled several videos posts on using the QIK. See http://blogs. technet.com/b/charlesjoy/archive/2010/06/09/quick-integration-kit-video-tutorialseries.aspx for additional information.
Blogs Here are some blogs the authors have used. Some are more active than others, and new blogs seem to spring up overnight! . A great source of information is System Center Central (http://www. systemcentercentral.com); managed by MVPs Pete Zerger, Rory McCaw, and Maarten Goet. . If you’re interested in keeping up with VMM, the VMM team has a blog at http:// blogs.technet.com/scvmm/. . Anders Bengtsson, former System Center MVP and now a Microsoft PFE, blogs on OIS at http://contoso.se/blog/. . An Opalis Community blog is at http://opalis.wordpress.com/. . The System Center Belgium Users Group Opalis blog is at http://scug.be/blogs/opalis/. . See a blog by Stephan Stranger (former MVP and now at Microsoft) at http://blogs. technet.com/stefan_stranger/. . http://systemscentre.blogspot.com/ is a blog by Steve Beaumont. . http://itservicemngmt.blogspot.com/ is a blog discussing basic IT service management (ITSM) knowledge points for people new to in Information Technology Information Library (ITIL). . Kevin Sullivan’s Management blog is at https://blogs.technet.com/kevinsul_blog/. (Kevin is a technology specialist at Microsoft focusing on management products.) . http://www.techlog.org/ is all about everything Microsoft, by Maarten Goet (MVP), Kenneth van Surksum, Steven van Loef, and Sander Klaassen in the Netherlands. . www.systemcenterguide.com is a System Center blog by Duncan McAlynn. . Walter Chomak’s blog on System Center is at http://blogs.technet.com/wchomak/. Walter is a senior consultant with Microsoft MCS and a great technical resource. . Ian Blyth, previously a Lead Technical Specialist in Microsoft UK, blogs at http://ianblythmanagement.wordpress.com/ on System Center Technologies. . http://www.networkworld.com/community/meyler is a blog by Kerrie Meyler with general discussion topics, concentrating on Microsoft management.
Public Forums
501
The System Center Family Here are some references and articles regarding other components of Microsoft’s System Center family: . For an overview of the different products of the suite, see http://www.microsoft.com/ systemcenter/en/us/products.aspx. . Microsoft’s Service Manager page is at http://www.microsoft.com/systemcenter/en/ us/service-manager.aspx. Webcasts are available at http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?culture=enUS&EventID=1032416974 and http://msevents.microsoft.com/CUI/WebCastEventDetails.aspx?culture=enUS&EventID=1032424297&CountryCode=US. . The Operations Manager page is at http://www.microsoft.com/systemcenter/en/us/ operations-manager.aspx. . Virtual Machine Manager is located at http://www.microsoft.com/systemcenter/en/ us/virtual-machine-manager.aspx. . Information regarding Data Protection Manager is located at http://www.microsoft. com/systemcenter/en/us/data-protection-manager.aspx. . The Configuration Manager website is at http://www.microsoft.com/systemcenter/ en/us/configuration-manager.aspx.
Public Forums If you need an answer to a question, the first place to check is the Microsoft public forums. Here is a list of the current Opalis forums: . Opalis v4 General—http://social.technet.microsoft.com/Forums/en-US/opalisv4/ threads/. . Opalis v5/v6 General—http://social.technet.microsoft.com/Forums/en-US/opalisv5v6/ threads. . Opalis Integrations—http://social.technet.microsoft.com/Forums/en-US/opalisint/threads. . Opalis Quick Integration Kit—http://social.technet.microsoft.com/Forums/en-US/ opalisqik/threads.
This page intentionally left blank
APPENDIX
C
Available Online
IN THIS CHAPTER . PowerShell Resources for Maintenance Mode . Live Links
Online content is available to provide add-on value to readers of System Center Opalis Integration Server 6.3 Unleashed. This material, organized by chapter, can be downloaded from http://www.informit.com/store/product.aspx?isbn=9780672 335617. This content is not available elsewhere. Note that the authors and publisher do not guarantee or provide technical support for the material.
PowerShell Resources for Maintenance Mode Chapter 9, “Integration with System Center Operations Manager,” uses two PowerShell scripts that are available as online resources for this book. . StartMaint.ps1—Used to start maintenance mode for a group of servers for one hour . StopMaint.ps1—Used to stop maintenance mode for the same group of computers
Live Links Reference URLs (see Appendix B, “Reference URLs”) are provided as Live Links. These include more than 100 (clickable) hypertext links and references to materials and sites related to Opalis Integration Server. A disclaimer and unpleasant fact regarding Live Links: URLs change! Companies are subject to mergers and acquisitions,
504
APPENDIX C
Available Online
pages move and change on websites, and so on. Although these links were accurate at the time of this writing, it is possible some will change or be “dead” by the time you read this book. Sometimes the Wayback Machine (http://www.archive.org/index.php) can rescue you from dead or broken links. This site is an Internet archive, and it will take you back to an archived version of a site—sometimes.
Index
A accessing OOC (Opalis Operator Console), 140 Action Server Policy Throttle (ASPT), 60 Action Server section (OIS Client Connections window), 117-118 Action Server view (OOC), 142 Action Server Watchdog Service, as required component, 32. See also OpalisActionServerWatchdog Action Servers, 39-45 clustering, 484-485 connectivity, 40-43 cross-network Action Servers deployment model, 70-71 installation, 94-97 number needed, 484 OpalisActionService, 39-40 policy failover, 66-67 policy lifecycle policy instantiation, 58 PolicyModule.exe, 58-59 policy limits desktop heap limitations, 61-63 operating system limitations, 63-64 policy spillover, 65-66 PolicyModule.exe, 43-44 redundancy, 44-45 as required components, 32 service account, 82
506
Action Servers tab (policy properties)
Action Servers tab (policy properties), 147-148 ad hoc policies, 58-59, 214-215 Add Computer to Collection object, 335
PolicyModule.exe, 58-59 starting policy, 57-58 policy limits, 60-64
Add/Edit Parameter dialog, CLI Wizard (QIK), 422-424
ASPT (Action Server Policy Throttle), 60
adding
desktop heap limitations, 61-63
CPU and memory resource limitations, 64
link filters, 134-135
maximum running policies, 60-61
Published Data (PD) to Data Bus, 137-139
operating system limitations, 63-64
Advanced tab (object properties)
policy size and complexity, 64
Invoke Web Services object, 168
policy queueing, 64-65
Run .Net Script object, 165-166
policy spillover, 65-66
Run Program object, 160-161
security models, 76-77
Run SSH Command object, 172
federated domains, 76-77
Send Email object, 174-176
single domain security, 76
Advertise Task Sequence object, 336
untrusted security, 77
advertising software use case, SCCM IP, 344-345
Arguments tab (Add/Edit Command dialog), CLI Wizard (QIK), 421-422
Allow Empty Comment on Check In option (OIS Client), 126
ASPT (Action Server Policy Throttle), 60
Alternate Icon tab (object properties), 155-156 API for QIK SDK, 434
aspt.exe utility, 33 Assembly Details screen, CLI Wizard (QIK), 416
Append Line object, 182
Assembly Information screen, CLI Wizard (QIK), 417-419
Apply XSLT object, 194
atlc.exe utility, 33
architecture design. See also components of OIS (Opalis Integration Server)
Audit History window (OIS Client), 124
deployment models, 67-76 cross-network Action Servers, 70-71 cross-network deployment, 69-70 multisite hybrid solution, 74-75 multisite invoke via Web Services, 73-74 multisite isolated deployment, 75-76 multisite manual policy sync, 72-73 resilient deployment, 68-69 simple deployment, 67-68
Audit Trail, file system locations, 473 Authoring Console. See OIS Client Automatic Check Out option (OIS Client), 125 automating change use case, SCSM IP, 323-330 automation Microsoft automation platform, 8-11 Data Bus, 9 flexibility of, 9-10 ITPA (Information Technology Process Automation), 10-11
policy failover, 66-67
after OIS acquisition, 8-9
policy lifecycle, 56-59
prior to OIS acquisition, 8
check in, 56-57 dormant policy, 57 policy instantiation, 58
results of, 11 in OIS (Opalis Integration Server), 6 AVIcode, product description, 12
CLI Wizard (QIK)
B
507
branching policies, 134-136 adding filters, 134-135
background executables, in product footprint (OIS), 476-477 backing up policies, 229-230
default filter, 134 include/exclude filters, 135 breakpoints, setting, 131
backup management, OIS (Opalis Integration Server) integration with, 14
bulk processing in dynamic data center, 382
Basic PD, 137
bulk user account provisioning use case, 391-394
best practices backing up policies, 229-230
Business Process Automation (BPA), 24-25 Business Process Management (BPM), 24-25
complex link logic, 210-211 data manipulation and parsing, 216-221 data manipulation functions, 217-218 Query Database object, 219 Run .Net Script object, 219-221 error handling, 222-225 external data persistence, 231-235 hardcoded versus dynamic data, 221-222 looping, 212-213 object-level looping, 212-213 policy-level looping, 213
C CA AutoSys IP, 250-252 CA eHealth IP, 252-254 CA Spectrum IP, 254-256 CA Unicenter NSM IP, 256-257 CA Unicenter Service Desk IP, 257-259 CAP (Connector Access Pack), 18
naming conventions, 226-227
capacity and lifecycle management use case, VMM IP, 363-366
permissions, 225-226
categories of OIS components, 30-31
promotion, 230-231
change management
scheduling, 214-216 applying to policies, 214-216 Check Schedule object, 214 versioning, 228-229
in dynamic data center, 382 OIS (Opalis Integration Server) integration with, 13 check in, in policy lifecycle, 56-57
BladeLogic Operations Manager IP, 238-240
Check Schedule object, 192, 214
“Blank” variable, 119
checking compliance use case, SCCM IP, 341-344
blogs for information, 500 BMC Atrium CMDB IP, 240-243 BMC Event Manager IP, 243-244 BMC Patrol IP, 245-247
checking DPM server storage capacity use case, DPM IP, 378-379 checking policies in/out, 132
BMC Remedy AR System IP, 247-249
CLI scripting support, in QIK (Quick Integration Kit), 399
BPA (Business Process Automation), 24-25
CLI Wizard (QIK), 415-432
BPM (Business Process Management), 24-25
Add/Edit Parameter dialog, 422-424
branch office maintenance mode use case, SCOM IP, 309-312
Arguments tab (Add/Edit Command dialog), 421-422
How can we make this index more useful? Email us at [email protected]
508
CLI Wizard (QIK)
Assembly Details screen, 416 Assembly Information screen, 417-419
product description, 12 as SCCM IP requirement, 332
Command Line syntax, 424-426
configuration objects in SQL Datastore, 33-34
Commands screen, 419-421
configuration settings
Published Data tab (Add/Edit Command dialog), 426-430 client user interface for OIS (Opalis Integration Server), 6. See also OIS Client close resolved incidents use case, SCSM IP, 318-320
BladeLogic Operations Manager IP, 239-240 BMC Atrium CMDB IP, 242-243 BMC Event Manager IP, 244 BMC Patrol IP, 247 BMC Remedy AR System IP, 249
clustering Action Servers, 484-485
CA AutoSys IP, 251-252
CMDBs, 26
CA eHealth IP, 253-254
“code or script” objects, 154
CA Spectrum IP, 256
Command Line syntax, CLI Wizard (QIK), 424-426
CA Unicenter NSM IP, 257
Command mode, Program mode versus, 160
EMC Smarts InCharge IP, 261-262
Commands screen, CLI Wizard (QIK), 419-421
HP Asset Manager IP, 263-264
Common PD, 137-138
HP iLO and OA IP, 265
Compare Values object, 194
HP Network Node Manager IP, 267-268
complex link logic, 210-211
HP OpenView Operations HPUX IP, 269-270
components of OIS (Opalis Integration Server), 29-32, 55. See also architecture design
HP OpenView Operations Solaris IP, 272
CA Unicenter Service Desk IP, 259
Action Servers, 39-45
HP OpenView Operations Windows IP, 274-275
categories of, 30-31
HP OpenView Service Desk IP, 277
Management Server, 48-52
HP Service Manager IP, 279-280
OIS Client, 45-48
IBM Tivoli Enterprise Console IP, 281-282
Opalis Operator Console (OOC), 52-54
IBM Tivoli Netcool Omnibus IP, 284
optional components, 31, 471-473
IBM Tivoli Storage Manager IP, 286
required components, 32, 470-471
Microsoft Active Directory 2 IP, 289
SQL Datastore, 32-39
Unix IP, 292-293
trace logging, 493
Veritas NetBackup IP, 294
versions of, 488-489
VMware vSphere IP, 297
Compress File object, 193
configuring
Computer Groups section (OIS Client Connections window), 117
DPM IP, 369-370
configuration management, OIS (Opalis Integration Server) integration with, 13
QIK objects, 458-461
Configuration Manager. See also SCCM IP OIS (Opalis Integration Server) integration with, 13
objects, 127-128 SCCM IP, 332-335 SCOM IP, 300-301 SCSM IP, 314-315 VMM IP, 348-350
data centers
Connect tab (object properties), Send Email object, 174-176
Create Collection object, 336
Connection account
Create Folder object, 183
SCCM IP
Create Disk from VHD object, 352 Create Incident with Template object, 316
creating, 332-333
Create Network Adapter object, 352
granting access to, 333-334
Create New Disk object, 352
SCOM IP
Create Object object, 316
configuring, 301
Create Recovery Point object, 371
granting access to, 301
Create Related Object object, 316
VMM IP
Create Relationship object, 316
configuring, 349-350
Create VM from Template object, 353
granting access to, 349
Create VM from VHD object, 353
Connection tab (object properties), Query Database object, 161-163
Create VM from VM object, 353
Connections window (OIS Client), 116-120
creating a recovery point use case, DPM IP, 372-375
Action Server section, 117-118 Computer Groups section, 117 Global Settings section, 118-120 Policies section, 116-117
creating and populating a collection use case, SCCM IP, 338-341 cross-network Action Servers deployment model, 70-71 cross-network deployment model, 69-70
connectivity of Action Servers, 40-43
Custom Start object, 145, 178
SCCM IP requirements, 335 SCOM IP requirements, 300 VMM IP requirements, 348
D
Connector Access Pack (CAP), 18 connectors, ITPA (Information Technology Process Automation) versus, 28
Data Bus, 9, 484 Published Data (PD) on, 136-140
Copy File object, 182
adding, 137-139
counters, 118, 184-187
subscribing to, 139-140
Get Counter Value object, 185-186
types of, 139
Modify Counter object, 185
Data Center Integration, 17
Monitor Counter object, 186-187
data centers
as semaphores, 118 CPU limitations, policy limits, 64
dynamic data center
Create Advertisement object, 336
bulk user account provisioning use case, 391-394
Create Alert object, 303
requirements, 382-383
Create Change with Template object, 316
server maintenance and reboot use case, 383-386
Create Checkpoint object, 352
How can we make this index more useful? Email us at [email protected]
509
510
data centers
virtual machine provisioning and configuration use case, 386-391 transformation with System Center Suite, 14-15 data manipulation and parsing, 216-221 data manipulation functions, 217-218 Query Database object, 219 Run .Net Script object, 219-221 data persistence, 231-235 Data Protection Manager. See also DPM IP
multisite hybrid solution, 74-75 multisite invoke via Web Services, 73-74 multisite isolated deployment, 75-76 multisite manual policy sync, 72-73 resilient deployment, 68-69 simple deployment, 67-68 deployment styles in QIK (Quick Integration Kit), 399, 456-467 production mode deployment, 462-467 test mode deployment, 456-461
as DPM IP requirement, 368
desktop heap limitations, 61-63
OIS (Opalis Integration Server) integration with, 14
Details tab (object properties), 154-155
product description, 12 Database Configuration Utility, 33 database integration, troubleshooting, 483 datastore. See SQL Datastore Declarative model (QIK SDK), 435, 437-442 Decompress File object, 193 default filter, 134 Delete Collection object, 336 Delete File object, 183 Delete Folder object, 183 Delete Line object, 182 Delete Relationship object, 316 dependencies, OIS 6.3 installation, 79-80 Dependencies screen (QIK Wizard), 450-451 Deploy Software Update object, 337 deploying IPs (Integration Packs), 102-104 Deployment Manager, 33 Action Server installation, 94-97
Custom Start object, 178 Get Counter Value object, 185-186 Invoke Web Services object, 167-168 Junction object, 179-180 Modify Counter object, 185 Monitor Counter object, 186-187 Publish Policy Data object, 180 Query Database object, 161-163 Query WMI object, 170 Run .Net Script object, 164-165 Run Program object, 159-160 Run SSH Command object, 171 Send Email object, 174-176 Send Event Log Message object, 176-177 Send Platform Event object, 176 Trigger Policy object, 178-179 development methods in QIK (Quick Integration Kit), 398
IP (integration pack) installation, 99-104
disaster recovery, OIS (Opalis Integration Server) integration with, 14
OIS 6.3 installation, 94
Disconnect Network Path object, 194
OIS Client installation, 97-99
Do Not Exit tab (object-level looping), 213
deployment models, 67-76
documentation
for Action Servers, 42-43
folder location in QIK installation, 408-409
cross-network Action Servers, 70-71
of processes, 26-27
cross-network deployment, 69-70
dormant policy, 57
flexibility of OIS (Opalis Integration Server)
downloading OIS 6.3 installation media, 83-84 OOC installation files, 107
511
Events window (OIS Client), 121-122 examples, folder location in QIK installation, 409-410 exclude filters, 135
DPM IP configuring, 369-370 objects, 370-372 requirements, 367-368 use cases, 372-379
executables, folder location in QIK installation, 406-407 Execution mode, Run Program object, 161 Exit tab (object-level looping), 212-213 exporting
checking DPM server storage capacity, 378-379
policies, 151
creating a recovery point, 372-375
policy groups, 151 policy XML exports, 229-230
protecting a data source, 375 recovering a SQL database, 375-378
extensibility objects, 157-173
dragging and dropping objects, 127
Invoke Web Services object, 167-168
dynamic data center
Query Database object, 161-163
requirements, 382-383
Query WMI object, 169-170
use cases
Run .Net Script object, 163-166
bulk user account provisioning, 391-394
Run Program object, 158-161
server maintenance and reboot, 383-386
Run SSH Command object, 170-172
virtual machine provisioning and configuration, 386-391
SNMP objects, 172-173 external data persistence, 231-235 extracting files, OOC installation, 108-109
dynamic versus hardcoded data, 221-222
F
E
federated domains security model, 76-77 email and notification objects, 174-177 Send Email object, 174-176
File Information Data Storage, Foundation objects use case, 196-197
Send Event Log Message object, 176-177
file management objects, 181-184, 193
Send Platform Event object, 176
file system for OIS files, 469-473
EMC Smarts InCharge IP, 260-262
Filter Email object, 191
End Process object, 192
filters. See link filters
environment variable setup, OOC installation, 108
Find Text object, 194
%ENVVAR% variable, 119 error handling, 222-225, 382
“flattened objects do not produce multi-value data” policy engine rule, 205-206
Event Notifications tab (policy properties), 149
flattening multi-value PD items, 207-208
events in OOC (Opalis Operator Console), 144
flexibility of OIS (Opalis Integration Server), 9-10
How can we make this index more useful? Email us at [email protected]
512
folder locations, QIK (Quick Integration Kit) installation
folder locations, QIK (Quick Integration Kit) installation, 406-410
text and file management objects, 181-184
footprint (OIS). See product footprint (OIS)
use cases, 195-199
troubleshooting, 486-488
Format Date/Time object, 194
File Information Data Storage, 196-197
Foundation objects, 153. See also objects
password reset and service account synchronization, 195
anatomy of, 153-156 counters, 184-187 Get Counter Value object, 185-186
ticketing system synchronization, 195-196
Modify Counter object, 185
Web Services TerraServer Querying, 197
Monitor Counter object, 186-187
Windows Event Scan with Query WMI, 198-199
email and notification objects, 174-177
workflow control objects, 177-181
Send Email object, 174-176
Custom Start object, 178
Send Event Log Message object, 176-177
Junction object, 179-180
Send Platform Event object, 176
Publish Policy Data object, 180-181 Trigger Policy object, 178-179
extensibility objects, 157-173 Invoke Web Services object, 167-168
functions, data manipulation, 217-218
Query Database object, 161-163 Query WMI object, 169-170 Run .Net Script object, 163-166
G
Run Program object, 158-161 Run SSH Command object, 170-172 SNMP objects, 172-173 Legacy objects, 187-191
General tab object properties, 155 policy properties, 147
alternate usage, 188-189
Generate Random Text object, 194
Filter Email object, 191
Get Activity object, 317
Process Email object, 191
Get Advertisement Status object, 337
Read Email object, 190
Get Alert object, 303
Wait object, 189-190
Get Checkpoint object, 353
miscellaneous objects, 191-194
Get Collection Member object, 337
file management objects, 193
Get Computer/IP Status object, 193
monitoring objects, 193
Get Counter Value object, 185-186
notification objects, 194
Get Data Source object, 371
scheduling objects, 192
Get Disk object, 353
system objects, 192
Get Disk Space Status object, 193
text file management objects, 194
Get DPM Server Capacity object, 371
utilities, 194
Get File Status object, 183
properties, 154
Get Internet Application Status object, 193 Get Lines object, 182
installation
Get Monitor object, 303-304
I
Get Network Adapter object, 353-354 Get Object object, 317
IBM Tivoli Enterprise Console IP, 280-282
Get Process Status object, 193
IBM Tivoli Netcool Omnibus IP, 282-284
Get Recovery Point object, 371
IBM Tivoli Storage Manager IP, 284-286
Get Relationship object, 317
IDE, QIK (Quick Integration Kit) installation, 410-415
Get Service Status object, 193 Get SNMP Variable object, 173 Get Software Update Compliance object, 337 Get VM object, 354 global configuration, QIK objects, 456-458 Global Settings section (OIS Client Connections window), 118-120 groups of policies, exporting, 151
Imperative model (QIK SDK), 436, 442-445 impersonation, Action Servers and, 42 importing policies, 151-152 incident remediation use case, SCOM IP, 305-307 incident/change management, OIS (Opalis Integration Server) integration with, 13 include filters, 135 Information Technology Process Automation (ITPA), 10-11
H
connectors versus, 28
haltable/restartable policies, 232-235
process review, 27-28
history of, 24-27
hardcoded versus dynamic data, 221-222
transition to, 19 Insert Line object, 182
history of ITPA (Information Technology Process Automation), 24-27 of Opalis Software, 15-22 challenges in transition to Microsoft, 21-22 introduction of OIS, 18-21 Microsoft acquisition of, 21 OpalisRendezVous, 15-16 OpalisRobot, 15, 16-18 HP Asset Manager IP, 262-264 HP iLO and OA IP, 264-265 HP Network Node Manager IP, 266-268 HP OpenView Operations HPUX IP, 268-270 HP OpenView Operations Solaris IP, 272 HP OpenView Operations Windows IP, 273-275 HP OpenView Service Desk IP, 275-277 HP Service Manager IP, 278-280
installation BladeLogic Operations Manager IP, 239 BMC Atrium CMDB IP, 242 BMC Event Manager IP, 244 BMC Patrol IP, 246 BMC Remedy AR System IP, 248-249 CA AutoSys IP, 250 CA eHealth IP, 253 CA Spectrum IP, 255 CA Unicenter NSM IP, 257 CA Unicenter Service Desk IP, 258 EMC Smarts InCharge IP, 261 HP Asset Manager IP, 263 HP iLO and OA IP, 265 HP Network Node Manager IP, 267 HP OpenView Operations HPUX IP, 269
How can we make this index more useful? Email us at [email protected]
513
514
installation
HP OpenView Operations Solaris IP, 271-272
integration
HP OpenView Operations Windows IP, 274
in OIS (Opalis Integration Server), 6
HP OpenView Service Desk IP, 277
options for, 397-398
HP Service Manager IP, 279 IBM Tivoli Enterprise Console IP, 281
Integration Packs (IPs). See IPs (Integration Packs)
IBM Tivoli Netcool Omnibus IP, 283
Invoke .NET object,
IBM Tivoli Storage Manager IP, 285
Invoke Web Services object, 167-168
Microsoft Active Directory 2 IP, 288
IPs (Integration Packs)
OIS 6.3
BladeLogic Operations Manager IP, 238-240
Action Server installation, 94-97
BMC Atrium CMDB IP, 240-243
database creation and population, 87-90
BMC Event Manager IP, 243-244
dependencies, 79-80
BMC Patrol IP, 245-247
Deployment Manager, 94
BMC Remedy AR System IP, 247-249
downloading installation media, 83-84
CA AutoSys IP, 250-252
IP (integration pack) installation, 99-104
CA eHealth IP, 252-254
licensing, 90-92
CA Spectrum IP, 254-256
Management Server installation, 85-87
CA Unicenter NSM IP, 256-257
manual installation, 105-106
CA Unicenter Service Desk IP, 257-259
OIS Client installation, 97-99
creating, with QIK (Quick Integration Kit), 445-455
OOC installation, 106-113 patching, 93-94 requirements, 80-83 running installer, 84-85 troubleshooting, 113-114 QIK (Quick Integration Kit), 401-415 folder locations, 406-410 IDE, 410-415 IPs (Integration Packs), 415 requirements, 401-402 running installer, 402-405 SCOM IP, 300 Unix IP, 291 Veritas NetBackup IP, 293-294 VMware vSphere IP, 297
described, 237-238 DPM IP configuring, 369-370 objects, 370-372 requirements, 367-368 use cases, 372-379 EMC Smarts InCharge IP, 260-262 folder location in QIK installation, 407 HP Asset Manager IP, 262-264 HP iLO and OA IP, 264-265 HP Network Node Manager IP, 266-268 HP OpenView Operations HPUX IP, 268-270 HP OpenView Operations Solaris IP-272 HP OpenView Operations Windows IP, 273-275
installation objects in SQL Datastore, 33-34
HP OpenView Service Desk IP, 275-277
integer variables, counters as, 184
HP Service Manager IP, 278-280 IBM Tivoli Enterprise Console IP, 280-282
limits
IBM Tivoli Netcool Omnibus IP, 282-284
process review, 27-28
IBM Tivoli Storage Manager IP, 284-286
transition to, 19
515
installation, 99-104 licensing, 238 Microsoft Active Directory 2 IP, 286-289 QIK (Quick Integration Kit) installation, 415 SCCM IP
J Java
configuring, 332-335
installation, 108
objects, 335-338
OOC installation dependency, 80
requirements, 331-332
support in QIK (Quick Integration Kit), 399
use cases, 338-345 SCOM IP configuring, 300-301 installation, 300 objects, 302-305
JAVA_HOME environment variable, OOC installation, 108 Java/JBOSS Web Service, as optional component, 31 JBoss, OOC installation dependency, 80
requirements, 299-300
job schedulers, OIS (Opalis Integration Server) versus, 28
use cases, 305-312
Junction object, 179-180, 204-205, 208-209
SCSM IP configuring, 314-315
“Junction object limits or truncates PD stream” policy engine rule, 204-205
objects, 315-317 requirements, 313-314 use cases, 317-330 Standard OIS Logging IP, 234-235
L
troubleshooting, 482-483
legacy mode, pipeline mode versus, 209-210
Unix IP, 289-293
Legacy objects, 187-191
Veritas NetBackup IP, 293-294
alternate usage, 188-189
VMM IP
Filter Email object, 191
configuring, 348-350
Process Email object, 191
objects, 351-355
Read Email object, 190
requirements, 347-348
Wait object, 189-190
use cases, 355-366 VMware vSphere IP, 295-297 ITIL (Information Technology Infrastructure Library), 26 ITPA (Information Technology Process Automation), 10-11 connectors versus, 28
License Manager, 33 licensing IPs (Integration Packs), 238 OIS 6.3 installation, 90-92 troubleshooting, 482 limits. See policy limits
history of, 24-27
How can we make this index more useful? Email us at [email protected]
516
link filters
link filters, 134-136
OpalisActionServerWatchdog, 49-50
adding, 134-135
policy lifecycle, check in, 56-57
default filter, 134
primary services, 48-49
include/exclude filters, 135
as required component, 32
link handles, 126-127 links
service account, 82 manual OIS 6.3 installation, 105-106
complex link logic, 210-211
Map Network Path object, 194
creating, 128
Map Published Data object, 194
defined, 127
maximum running policies, 60-61
“links filter execution data” policy engine rule, 204
memory resource limitations, policy limits, 64
properties, 136
Microsoft
“links filter execution data” policy engine rule, 204 Live Links, 503-504 locale settings, as SCSM IP requirement, 314 log history, 489-492
methods for policy execution process, 36 acquisition of Opalis Software, 5, 21-22 automation platform, 8-11 Data Bus, 9 flexibility of, 9-10
Log History window (OIS Client), 123
ITPA (Information Technology Process Automation), 10-11
log purging, 491-492
after OIS acquisition, 8-9
Log window (OIS Client), 122-123
prior to OIS acquisition, 8
logging levels, 492-494
results of, 11
Logging tab (policy properties), 148
OIS resources for information, 496-498
logs, viewing
Opalis forums, 501
in OIS Client, 133
Microsoft Active Directory 2 IP, 286-289
in PTC, 130
Modify Counter object, 185
looping, 212-213
Monitor Alert object, 304
object-level looping, 212-213
Monitor Computer/IP object, 193
policy-level looping, 213
Monitor Counter object, 186-187 Monitor Date/Time object, 192 Monitor Disk Space object, 193
M
Monitor Event Log object, 193 Monitor File object, 183
maintenance mode, PowerShell scripts for, 503
Monitor Folder object, 183, 193
Manage Checkpoint object, 354
Monitor Internet Application object, 193
manage incidents use case, SCSM IP, 320-322
Monitor .NET object, 458
Management Server, 48-52
Monitor Object object, 317
additional components, 50-52
Monitor Process object, 193
installation, 85-87
Monitor Service object, 193
objects
517
Monitor SNMP Trap object, 173
nesting data manipulation functions, 218
Monitor State object, 304
.NET attributes in QIK (Quick Integration Kit), 435
Monitor WMI object, 193
.NET support in QIK (Quick Integration Kit), 398
monitored policies, 59, 60, 216
notification objects, 174-177, 194
monitoring objects, 126, 193
Send Email object, 174-176
Move File object, 193
Send Event Log Message object, 176-177
Move Folder object, 193
Send Platform Event object, 176
Move VM object, 354
NOW() variable, 119
multiplication effect (policy engine), 209-210 multisite hybrid solution deployment model, 74-75 multisite invoke via Web Services deployment model, 73-74
O
multisite isolated deployment model, 75-76
OBJECTINSTANCEDATA table (OIS datastore), 38
multisite manual policy sync deployment model, 72-73
object-level looping, 212-213
multi-value PD items “flattened objects do not produce multi-value data” policy engine rule, 205-206 flattening, 207-208 handling, 206-207 “run once for each multi-value PD item” policy engine rule, 203-204
objects. See also Foundation objects in BladeLogic Operations Manager IP, 239 in BMC Atrium CMDB IP, 241 in BMC Event Manager IP, 244 in BMC Patrol IP, 246 in BMC Remedy AR System IP, 248 in CA AutoSys IP, 250-251 in CA eHealth IP, 253 in CA Spectrum IP, 254-255 in CA Unicenter NSM IP, 257 in CA Unicenter Service Desk IP, 258
N
configuring, 127-128
naming conventions, 226-227
defined, 126
navigating OIS Client, 115-116
in DPM IP, 370-372
Audit History window, 124
dragging and dropping, 127
Connections window, 116-120
in EMC Smarts InCharge IP, 260-261
Events window, 121-122
in HP Asset Manager IP, 262-263
Log History window, 123
in HP iLO and OA IP, 264
Log window, 122-123
in HP Network Node Manager IP, 266
Objects window, 120-121
in HP OpenView Operations HPUX IP, 268-269
Options menu, 124-126
in HP OpenView Operations Solaris IP, 270-271
Workspace window, 120
in HP OpenView Operations Windows IP, 273-274
How can we make this index more useful? Email us at [email protected]
518
objects
in HP OpenView Service Desk IP, 275-277
components, 29-32, 55
in HP Service Manager IP, 278-279
Action Servers, 39-45
in IBM Tivoli Enterprise Console IP, 280-281
categories of, 30-31
in IBM Tivoli Netcool Omnibus IP, 283
Management Server, 48-52
in IBM Tivoli Storage Manager IP, 285
OIS Client, 45-48
link handles, 126-127
Opalis Operator Console (OOC), 52-54
links
optional components, 31, 471-473
creating, 128
required components, 32, 470-471
defined, 127
SQL Datastore, 32-39
properties, 136
trace logging, 493
in Microsoft Active Directory 2 IP, 287-288 monitor objects, 126 QIK object deployment, 456-467
versions of, 488-489 history of Opalis Software, 15-22
production mode deployment, 462-467
challenges in transition to Microsoft, 21-22
test mode deployment, 456-461
introduction of OIS, 18-21
QIK project process, 436
Microsoft acquisition of, 21
“run as often as object before you” policy engine rule, 202
OpalisRendezVous, 15-16 OpalisRobot, 15, 16-18
“run once for each multi-value PD item” policy engine rule, 203-204
job schedulers versus, 28
in SCCM IP, 335-338
product footprint, 469-477
product description, 12
in SCOM IP, 302-305
background executables, 476-477
in SCSM IP, 315-317
in datastore, 477
in Unix IP, 290-291
file system, 469-473
in Veritas NetBackup IP, 293
Registry structure, 473-475
in VMM IP, 351-355
running processes/services, 475
in VMware vSphere IP, 295-296
Start Menu programs, 475-476
Objects window
purpose of, 5-8
OIS Client, 120-121
resources for information, 495-501
QIK Wizard, 448-450 Object-Specific PD, 138-139
SCO (System Center Orchestrator) versus, 23-24
oedc.exe utility, 33
in System Center Suite, 11-12
OIP files. See IPs (Integration Packs)
troubleshooting
OIS (Opalis Integration Server) advantages of, 7-8 automation, orchestration, integration in, 6 client user interface, 6
common questions, 482-488 policy troubleshooting, 477-482 workflows versus policies, 7 OIS 5.0, 18
OOC (Opalis Operator Console)
OIS 6.0, 19-20
policies
OIS 6.2.2, 20-21, 80
checking in/out, 132
OIS 6.3, 22
creating, 126-128
as DPM IP requirement, 367 installation
starting, 132-133 viewing logs, 133
Action Server installation, 94-97
as policy authoring utility, 34-36
database creation and population, 87-90
policy creation process, 47-48
dependencies, 79-80
policy lifecycle
Deployment Manager, 94 downloading installation media, 83-84 IP (integration pack) installation, 99-104 licensing, 90-92
check in, 56-57 starting policy, 57-58 PTC (Policy Testing Console) versus, 131-132 as required component, 32
Management Server installation, 85-87
OIS datastore. See SQL Datastore
manual installation, 105-106
OIS Testing Console, troubleshooting, 482
OIS Client installation, 97-99
online content available, 503-504
OOC installation, 106-113
OOC (Opalis Operator Console), 52-54, 140
patching, 93-94
accessing, 140
requirements, 80-83
Action Server view, 142
running installer, 84-85
events, 144
troubleshooting, 113-114
file system locations, 472
as SCCM IP requirement, 331
installation, 106-113
as SCOM IP requirement, 299
configuring as service, 113
as SCSM IP requirement, 313
downloading files, 107
as VMM IP requirement, 347
environment variable setup, 108
OIS Client, 45-48
extracting files, 108-109
connection to OIS datastore, 47
Java installation, 108
installation, 97-99
PowerShell script, 110-111
navigating, 115-116
securing, 111
Audit History window, 124 Connections window, 116-120 Events window, 121-122 Log History window, 123 Log window, 122-123 Objects window, 120-121 Options menu, 124-126 Workspace window, 120 operating system support, 46
testing, 111-113 troubleshooting, 113-114 Java and JBoss dependency, 80 as optional component, 31 permissions, 142-144 policies searching for, 142 starting/stopping, 141 viewing execution of, 141-142 troubleshooting, 485-486
How can we make this index more useful? Email us at [email protected]
519
520
Opalis forums
Opalis forums, 501 Opalis Integration Pack File screen (QIK Wizard), 451-452
P parsing data, 216-221
Opalis Integration Server. See OIS (Opalis Integration Server)
data manipulation functions, 217-218
Opalis Operator Console (OOC). See OOC (Opalis Operator Console)
Run .Net Script object, 219-221
Opalis Software, history of, 15-22 challenges in transition to Microsoft, 21-22
Query Database object, 219 PAS (Primary Action Server), policy spillover, 65-66
introduction of OIS, 18-21
password reset and service account synchronization, Foundation objects use case, 195
Microsoft acquisition of, 5, 21
patching
OpalisRendezVous, 15-16 OpalisRobot, 15, 16-18 OpalisActionServerWatchdog, 48, 49-50. See also Action Server Watchdog Service OpalisActionService, 39-40. See also Action Servers OpalisManagementService, 48, 49. See also Management Server OpalisRemotingService, 48, 49 OpalisRendezVous, 15-16 OpalisRobot, 15, 16-18, 484
OIS (Opalis Integration Server) integration with, 13 OIS 6.3 installation, 93-94 Pause VM object, 355 PD. See Published Data (PD) performance monitoring, OIS (Opalis Integration Server) integration with, 14 permissions for Action Servers, 41-42 list of, 225-226 for OOC (Opalis Operator Console), 142-144
operating system limitations, policy limits, 63-64
persistence, 231-235
operating system support for OIS Client, 46
PGP Decrypt File object, 193
Operations Manager. See also SCOM IP
PGP Encrypt File object, 193
OIS (Opalis Integration Server) integration with, 14
pic.exe utility, 34
product description, 12
planning QIK (Quick Integration Kit) projects, 400
as SCOM IP requirement, 299 optional components, 31, 471-473
pipeline mode, legacy mode versus, 209-210
policies
Options menu (OIS Client), 124-126
applying schedules to, 214-216
orchestration in OIS (Opalis Integration Server), 6
automatic import/export, 484
Orchestrator. See SCO (System Center Orchestrator)
best practices backing up policies, 229-230 complex link logic, 210-211 data manipulation and parsing, 216-221 error handling, 222-225 external data persistence, 231-235
policy engine
hardcoded versus dynamic data, 221-222
searching for, 142
looping, 212-213
stepping through, 130-131
naming conventions, 226-227
stopping, 141
permissions, 225-226
testing, 129-132
promotion, 230-231
triggering, 145-147
scheduling, 214-216 versioning, 228-229 branching, 134-136
starting, 132-133, 141
Custom Start object, 145 Trigger Policy object, 146-147 troubleshooting, 477-482
adding filters, 134-135
use cases. See use cases
default filter, 134
viewing execution of, 141-142
include/exclude filters, 135
viewing logs, 133
checking in/out, 132 creating, 126-128
workflows versus, 7
configuring objects, 127-128
Policies section (OIS Client Connections window), 116-117
dragging and dropping objects, 127
POLICIES table (OIS datastore), 35
link handles, 126-127 linking objects, 128
policy authoring objects in SQL Datastore, 34-36
links, 127
policy complexity, 64
monitor objects, 126
policy creation process in OIS Client, 47-48
objects, 126
Policy Data tab (policy properties), 149-150
execution. See policy engine
policy engine, 201-202
exporting, 151
Junction object, 208-209
exporting groups of, 151
multiplication effect, 209-210
importing, 151-152
multi-value PD items
log history, 489-492
flattening, 207-208
log purging, 491-492
handling, 206-207
properties, 147-150 Action Servers tab (policy properties), 147-148
521
pipeline mode, legacy mode versus, 209-210 rules, 202-206
Event Notifications tab (policy properties), 149
“flattened objects do not produce multi-value data”205-206
General tab (policy properties), 147
“Junction object limits or truncates PD stream”204-205
Logging tab (policy properties), 148
“links filter execution data”204
Policy Data tab (policy properties), 149-150
“run as often as object before you”202
Run Behavior tab (policy properties), 149
“run once for each multi-value PD item”203-204
running in PTC, 130
How can we make this index more useful? Email us at [email protected]
522
policy execution objects in SQL Datastore
policy execution objects in SQL Datastore, 36-37 policy failover, 66-67
prerequisites. See requirements Primary Action Server (PAS), policy spillover, 65-66
policy history and log objects in SQL Datastore, 38-39
Print File object, 193
policy instantiation, 58
processes
policy lifecycle, 56-59
Process Email object, 191 documentation of, 26-27
check in, 56-57
reviewing, 27-28
dormant policy, 57
running processes/services, in product footprint (OIS), 475
policy instantiation, 58 PolicyModule.exe, 58-59
Product Details screen (QIK Wizard), 446-448
release processes, importance of, 56, 83
product footprint (OIS), 469-477
starting policy, 57-58 policy limits, 60-64
background executables, 476-477 in datastore, 477
ASPT (Action Server Policy Throttle), 60
file system, 469-473
CPU and memory resource limitations, 64
Registry structure, 473-475
desktop heap limitations, 61-63
running processes/services, 475
maximum running policies, 60-61 operating system limitations, 63-64 policy size and complexity, 64
Start Menu programs, 475-476 production mode deployment, QIK objects, 462-467
policy queueing, 64-65
Program mode, Command mode versus, 160
policy size, 64
programming language support in QIK (Quick Integration Kit), 398-399
policy spillover, 65-66 Policy Testing Console (PTC), 129-132 OIS Client versus, 131-132
programming models for QIK SDK, 435-436 promoting policies, 230-231
running policies, 130
Prompt for Comment on Check In option (OIS Client), 126
setting breakpoints, 131
properties
stepping through policies, 130-131
Foundation objects, 154
viewing logs, 130
of links, 136
policy XML exports, 229-230
of policies, 147-150
POLICY_PUBLISH_QUEUE table (OIS datastore), 36
Action Servers tab (policy properties), 147-148
policy-level looping, 213
Event Notifications tab (policy properties), 149
PolicyModule.exe, 43-44, 58-59. See also policy engine PowerShell script for maintenance mode, 503 OOC installation, 110-111
General tab (policy properties), 147 Logging tab (policy properties), 148 Policy Data tab (policy properties), 149-150 Run Behavior tab (policy properties), 149
Query XML object
523
Protect Data Source object, 371
Assembly Details screen, 416
protecting a data source use case, DPM IP, 375
Assembly Information screen, 417-419
PTC (Policy Testing Console), 129-132
Command Line syntax, 424-426
OIS Client versus, 131-132
Commands screen, 419-421
running policies, 130
Published Data tab (Add/Edit Command dialog), 426-430
setting breakpoints, 131 stepping through policies, 130-131
deployment styles, 399
viewing logs, 130
development methods, 398
public forums, 501
file system locations, 471-472
Publish Policy Data object, 180-181
installation, 401-415
Published Data (PD) on Data Bus, 136-140
folder locations, 406-410 IDE, 410-415
adding, 137-139
IPs (Integration Packs), 415
subscribing to, 139-140
requirements, 401-402
types of, 139
running installer, 402-405
“Junction object limits or truncates PD stream” policy engine rule, 204-205 multi-value PD items “flattened objects do not produce multi-value data” policy engine rule, 205-206 flattening, 207-208 handling, 206-207 “run once for each multi-value PD item” policy engine rule, 203-204 Published Data tab Add/Edit Command dialog, CLI Wizard (QIK), 426-430 object properties, Run.Net Script object, 164-165 Purge Event Log object, 192
IPs (Integration Packs), creating, 445-455 object deployment, 456-467 production mode deployment, 462-467 test mode deployment, 456-461 planning projects, 400 programming language support, 398-399 SDK, 432-445 API, 434 code samples, 437-445 features and functionality, 433 programming models, 435-436 project process, 436 requirements, 433 QIK Wizard, 445-455 Dependencies screen, 450-451 Objects screen, 448-450 Opalis Integration Pack File screen, 451-452
Q
Product Details screen, 446-448
QIK (Quick Integration Kit) CLI Wizard, 415-432 Add/Edit Parameter dialog, 422-424
Query Database object, 161-163, 219 Query WMI object, 169-170 Query XML object, 194
Arguments tab (Add/Edit Command dialog), 421-422 How can we make this index more useful? Email us at [email protected]
524
queuing policies
queuing policies, 64-65 Quick Integration Kit (QIK). See QIK (Quick Integration Kit)
OIS Client, 45-48 connection to OIS datastore, 47 operating system support, 46 policy creation process, 47-48 Opalis Operator Console (OOC), 52-54
R
SQL Datastore, 32-39
RBA (Runbook Automation), 16-17, 25
installation and configuration objects, 33-34
Read Email object, 190
policy authoring objects, 34-36
Read Line object, 182
policy execution objects, 36-37
Read Text Log object, 194
policy history and log objects, 38-39
Recover SharePoint object, 372
requirements. See also required components
Recover SQL object, 372
DPM IP, 367-368
Recover VM object, 372
dynamic data center, 382-383
recovering a SQL database use case, DPM IP, 375-378
OIS 6.3 installation, 80-83
redundancy of Action Servers, 44-45 SQL Datastore, 230
server requirements, 80-81 trusted accounts, 83 user account requirements, 81-82
Refresh Client object, 337
QIK (Quick Integration Kit) installation, 401-402
Refresh Collection object, 338
QIK SDK, 433
registering IPs (Integration Packs), 100-101
SCCM IP, 331-332, 335
Registry structure, 473-475
SCOM IP, 299-300
release processes, importance of, 56, 83
SCSM IP, 313-314
Remote Trigger, file system locations, 472-473
VMM IP, 347-348
Remove VM object, 354
resilient deployment model, 68-69
Rename File object, 193
resources for information, 495-501, 503-504
Repair VM object, 354
Restart System object, 192
required components, 32
restartable policies, 232-235
Action Servers, 39-45
Resume VM object, 354
connectivity, 40-43
reviewing processes, 27-28
OpalisActionService, 39-40
rules, policy engine, 202-206
PolicyModule.exe, 43-44 redundancy, 44-45
“flattened objects do not produce multi-value data”205-206
file system locations, 470-471
“Junction object limits or truncates PD stream”204-205
Management Server, 48-52
“links filter execution data”204
additional components, 50-52
“run as often as object before you”202
OpalisActionServerWatchdog, 49-50
“run once for each multi-value PD item” 203-204
primary services, 48-49
security credentials, as VMM IP requirement
“run as often as object before you” policy engine rule, 202 Run Behavior tab
scheduling objects, 192 SCO (System Center Orchestrator), OIS (Opalis Integration Server) versus, 23-24
object properties, 155
SCOM 2007, as SCOM IP requirement, 299
policy properties, 149
SCOM IP
Run .Net Script object, 163-166, 219-221
configuring, 300-301
“run once for each multi-value PD item” policy engine rule, 203-204
installation, 300
Run Program object, 42, 158-161
requirements, 299-300
Run SSH Command object, 170-172
use cases, 305-312
Runbook Automation (RBA), 16-17, 25 running
objects, 302-305
branch office maintenance mode, 309-312
OIS 6.3 installer, 84-85
incident remediation, 305-307
policies in PTC, 130
server maintenance mode, 307-309, 383-386
QIK (Quick Integration Kit) installer, 402-405 running processes/services, in product footprint (OIS), 475
525
SCSM IP configuring, 314-315 objects, 315-317 requirements, 313-314 use cases, 317-330
S
automating change, 323-330
sanitized policies defined, 231 steps in, 231
close resolved incidents, 318-320 manage incidents, 320-322 SDK for QIK (Quick Integration Kit), 432-445
SAS (Standby Action Server), policy spillover, 65-66
API, 434
Save Event Log object, 192
features and functionality, 433
SCCM IP
folder location in QIK installation, 406
code samples, 437-445
configuring, 332-335
programming models, 435-436
objects, 335-338
project process, 436
requirements, 331-332
requirements, 433
use cases, 338-345
Search and Replace Text object, 182
advertising software, 344-345
searching for policies, 142
checking compliance, 341-344
security
creating and populating a collection, 338-341 schedules, 120, 214-216 applying to policies, 214-216
OOC installation, 111 release processes, importance of, 56, 83 security credentials, as VMM IP requirement, 348
Check Schedule object, 214 How can we make this index more useful? Email us at [email protected]
526
Security Credentials tab (object properties)
Security Credentials tab (object properties), 155, 161
software deployment, OIS (Opalis Integration Server) integration with, 13
security models, 76-77
solution areas
federated domains, 76-77 single domain security, 76 untrusted security, 77 Security tab (object properties), Invoke Web Services object, 168 semaphores, counters as, 118, 184
backup management, OIS integration with, 14 configuration management, OIS integration with, 13 incident/change management, OIS integration with, 13
Send Email object, 174-176
performance monitoring, OIS integration with, 14
Send Event Log Message object, 176-177
in System Center Suite, 11-12
Send Page object, 194
virtualization, OIS integration with, 13
Send Platform Event object, 176
SQL Datastore, 32-39
Send SNMP Trap object, 173
database creation and population, 87-90
Send Syslog Message object, 194
installation and configuration objects, 33-34
server maintenance mode use case, SCOM IP, 307-309, 383-386
OIS Client connection to, 47
server requirements, OIS 6.3 installation, 80-81 service accounts Action Servers, 82 Management Server, 82 password reset and service account synchronization use case, 195 Service Manager. See also SCSM IP
policy authoring objects, 34-36 policy execution objects, 36-37 policy history and log objects, 38-39 product footprint (OIS) in, 477 redundancy, 230 as required component, 32 Standard OIS Logging IP, 234-235
OIS (Opalis Integration Server) integration with, 13
Standby Action Server (SAS), policy spillover, 65-66
product description, 12
Start Maintenance Mode object, 304
as SCSM IP requirement, 314
Start Menu programs, in product footprint (OIS), 475-476
services configuring OOC as, 113 running processes/services, in product footprint (OIS), 475
Start VM object, 354 starting policies, 57-58, 132-133, 141 Start/Stop Service object, 192
Set SNMP Variable object, 173
state information, maintaining, 231-235
Show Legacy Objects option (OIS Client), 125
stepping through policies, 130-131
Show Link Labels option (OIS Client), 124
Stop Maintenance Mode object, 304
Show Tooltips option (OIS Client), 125
Stop VM object, 354
Shut Down VM object, 354
stopping policies, 141
simple deployment model, 67-68
stored procedures
single domain security model, 76
for log purging, 38-39
SNMP objects, 172-173
for OIS datastore data modification, 35-36 for policy execution process, 36-37
use cases
subscribing to Published Data on Data Bus, 139-140
Trigger Policy object, 146-147, 178-179 triggering policies, 145-147
System Center Configuration Manager IP. See SCCM IP System Center Data Protection Manager IP. See DPM IP
Custom Start object, 145 Trigger Policy object, 146-147 troubleshooting Foundation objects, 486-488
System Center Operations Manager IP. See SCOM IP
OIS (Opalis Integration Server)
System Center Orchestrator. See SCO (System Center Orchestrator)
common questions, 482-488 policy troubleshooting, 477-482
System Center Service Manager. See SCSM IP
OIS 6.3 installation, 113-114
System Center Suite
OOC (Opalis Operator Console), 485-486
data center transformation with, 14-15 products in, 11-12
resources for information, 495-501 trusted accounts, OIS 6.3 installation, 83
resources for information, 501 System Center Virtual Machine Manager IP. See VMM IP system objects, 192
U Unix IP, 289-293 “Unknown Object” error, troubleshooting, 483-484
T
untrusted security model, 77 tables
Update Activity object, 317
for policy authoring process, 34-35 for policy execution process, 36 for policy logging process, 38
Update Alert object, 304 Update Disk object, 355 Update Network Adapter object, 355
technical support. See resources for information; troubleshooting
Update Object object, 317
test mode deployment, QIK objects, 456-461
Update VM object, 355
configuring, 458-461
Upload Attachment object, 317
global configuration, 456-458
URLs for information, 495-501
testing. See also release processes
527
use cases
OOC installation, 111-113
BladeLogic Operations Manager IP, 238
policies, 129-132
BMC Atrium CMDB IP, 240
troubleshooting, 482
BMC Event Manager IP, 243
text file management objects, 181-184, 194
BMC Patrol IP, 245
ticketing system synchronization, Foundation objects use case, 195-196
BMC Remedy AR System IP, 248
trace logging, logging levels, 492-494
CA eHealth IP, 252-253
CA AutoSys IP, 250
How can we make this index more useful? Email us at [email protected]
528
use cases
CA Spectrum IP, 254
incident remediation, 305-307
CA Unicenter NSM IP, 256
server maintenance mode, 307-309, 383-386
CA Unicenter Service Desk IP, 257-258
SCSM IP, 317-330
DPM IP, 372-379 checking DPM server storage capacity, 378-379
automating change, 323-330
creating a recovery point, 372-375
manage incidents, 320-322
close resolved incidents, 318-320
protecting a data source, 375
Unix IP, 289-290
recovering a SQL database, 375-378
Veritas NetBackup IP, 293
EMC Smarts InCharge IP, 260
VMM IP, 355-366
Foundation objects, 195-199 File Information Data Storage, 196-197
capacity and lifecycle management, 363-366
password reset and service account synchronization, 195
virtual machine provisioning, 356-359, 386-391
ticketing system synchronization, 195-196
VM checkpoint and recovery, 360-363
Web Services TerraServer Querying, 197 Windows Event Scan with Query WMI, 198-199
VMware vSphere IP, 295 user account requirements, OIS 6.3 installation, 81-82
HP Asset Manager IP, 262
user interface for OIS (Opalis Integration Server), 6. See also OIS Client
HP iLO and OA IP, 264
utilities, 194
HP Network Node Manager IP, 266 HP OpenView Operations HPUX IP, 268 HP OpenView Operations Solaris IP, 270
V
HP OpenView Operations Windows IP, 273 HP OpenView Service Desk IP, 275
variables, 119, 221-222
HP Service Manager IP, 278
Veritas NetBackup IP, 293-294
IBM Tivoli Enterprise Console IP, 280
version compatibility, 483
IBM Tivoli Netcool Omnibus IP, 282-283
versioning policies, 228-229
IBM Tivoli Storage Manager IP, 284
versions
Microsoft Active Directory 2 IP, 286-287
BladeLogic Operations Manager IP, 239
SCCM IP, 338-345
BMC Atrium CMDB IP, 242
advertising software, 344-345
BMC Event Manager IP, 244
checking compliance, 341-344
BMC Patrol IP, 246
creating and populating a collection, 338-341
BMC Remedy AR System IP, 249
SCOM IP, 305-312 branch office maintenance mode, 309-312
CA AutoSys IP, 251 CA eHealth IP, 253 CA Spectrum IP, 255
Write Web Page object
CA Unicenter NSM IP, 257
use cases, 355-366
CA Unicenter Service Desk IP, 259
capacity and lifecycle management, 363-366
EMC Smarts InCharge IP, 261
virtual machine provisioning, 356-359, 386-391
HP Asset Manager IP, 263 HP iLO and OA IP, 265 HP Network Node Manager IP, 267
529
VM checkpoint and recovery, 360-363 VMware vSphere IP, 295-297
HP OpenView Operations HPUX IP, 269 HP OpenView Operations Solaris IP, 272 HP OpenView Operations Windows IP, 274 HP OpenView Service Desk IP, 277
W
HP Service Manager IP, 279 IBM Tivoli Enterprise Console IP, 281 IBM Tivoli Netcool Omnibus IP, 283 IBM Tivoli Storage Manager IP, 285 Microsoft Active Directory 2 IP, 288 OIS components, 488-489
Wait object, 189-190 watchdog services. See OpalisActionServerWatchdog Web Services, multisite invoke via Web Services deployment model, 73-74
Unix IP, 291
Web Services TerraServer Querying, Foundation objects use case, 197
Veritas NetBackup IP, 294
websites for information, 495-501
VMware vSphere IP, 297
Windows Event Scan with Query WMI, Foundation objects use case, 198-199
viewing policy execution, 141-142 policy logs, 133 PTC logs, 130 Virtual Machine Manager. See also VMM IP OIS (Opalis Integration Server) integration with, 13
Windows Management Framework, as DPM IP requirement, 368 Windows PowerShell 2.0, as DPM IP requirement, 368 WinRM 2.0, as DPM IP requirement, 368 workflow control objects, 177-181 Custom Start object, 178
product description, 12
Junction object, 179-180
as VMM IP requirement, 348
Publish Policy Data object, 180-181
virtual machine provisioning use case, VMM IP, 356-359, 386-391 virtualization, OIS (Opalis Integration Server) integration with, 13
Trigger Policy object, 178-179 workflow engines, OIS 5.0 to OIS 6.0, 19-20 workflows
VM checkpoint and recovery use case, VMM IP, 360-363
in dynamic data center, 382-383
VMM IP
use cases. See use cases
policies versus, 7
configuring, 348-350
Workspace window (OIS Client), 120
objects, 351-355
Write To Database object, 194
requirements, 347-348
Write Web Page object, 194
How can we make this index more useful? Email us at [email protected]
This page intentionally left blank