® © 2006 ibm corporation usage of tpm for itm v6 agent install, upgrade and configuration mike...

®

© 2006 IBM Corporation

Usage of TPM for ITM V6 agent install, upgrade and configuration

Mike [email protected]

IBM Global Technology Services | Securities Industry Services

Agenda IBM Securities Industry Services (SIS)

SIS IBM Tivoli Monitoring (ITM) V6 Environment

SIS Tivoli Provisioning Manager (TPM) Environment

TPM Software Install and Upgrade Methods

ITM V6 Install, Upgrade with createNode, addSystem, updateAgent

Benefits from using TPM ITM V6 agent automation package

Demonstration Install of ITM agents on a server

Upgrade of ITM agents on multiple servers

Reporting of ITM agents versions

Uninstall for back out and server decommissioning

Stop, start and restart of ITM agents

ITM monitoring of TPM server


IBM Securities Industry Services (SIS)

SIS has been a division of IBM Global Services since 1967

Provides a comprehensive front and back office shared processing environment for Canadian banks and brokerage firms

Wealth management services used by about 60% of the Investment Dealers Association (IDA) of Canada member firms

Securities trade processing solutions

Client account positions and balances

Web based application can be used by investment advisors and investors for placing orders and viewing clients, accounts, orders, trades, transactions, securities and households

More information at http://www.ibm.com/services/ca/en/sis/


SIS ITM EnvironmentTEP –Tivoli Enterprise Portal (client)TEPS –Tivoli Enterprise Portal ServerTEMS –Tivoli Enterprise Monitoring ServerR-TEMS – Remote TEMSTEMA –Tivoli Enterprise Monitoring Agent

DB2

Hot Standby(Failover)

TEP Desktop Client

HTTP Browser

TEMAWindows / AIX / Linux on Intel / zSeries OS Agent v06.20.01.01ITM for DB2 Agent v06.20.01.01Omegamon XE for Messaging (MQ / WMB) v06.01.01.00ITM for Virtual Servers (VMWare ESX) v06.10.00.03Omegamon XE for z/VM & Linux 04.10.03.00

Host Escalation

Server

Auto Paging

Auto e-mail

Support

Teams

tcp 3660

tcp 1920

tcp 3660

R-TEMSz/OS

Remote TEMS Linux on z

Hub TEMS (Hot Standby)

Linux on zHUB TEMSLinux on z

TEPSLinux on z

tcp 3660

DB2 TEPS (Cold Standby)

Linux on z

tcp 3660

Omegamon XE Agents on z/OSOmegamon XE for z/OS (04.10.00.06)Omgeamon XE for Messaging (600)Omgeamon XE for DB2 PE and PM on z/OS (04.10.03.04)Omegamon XE for CICS on z/OS (04.10.00.04)Omgeamon XE for IMS on z/OS (04.10.00.04)Omegamon XE for Mainframe Network (04.10.03.00)Omegamon XE for Storage on z/OS (04.10.00.03)

DB2HADR


SIS ITM Environment Distributed operating systems of AIX, SLES Linux on z, RHAS Linux on Intel and Windows

Mainframe systems of z/OS and z/VM

ITM V6 OS Agents

m5 OMEGAMON XE on z/OS

lz Monitoring Agent for Linux OS

nt Monitoring Agent for Windows OS

qv Monitoring Agent for VMware ESX

um Universal Agent

ux Monitoring Agent for UNIX OS

vl OMEGAMON XE on z/VM and Linux

ITM V6 Middleware Agents

cp OMEGAMON XE for CICS on z/OS

dp OMEGAMON XE for DB2 PE and PM on z/OS

ip OMEGAMON XE for IMS on z/OS

s3 OMEGAMON XE for Storage on z/OS

mc WebSphere MQ Configuration Agent

mq WebSphere MQ Monitoring Agent

n3 OMEGAMON XE for Mainframe Networks

qi WebSphere Message Broker Monitoring Agent

ud Monitoring Agent for DB2

yn Monitoring Agent for WebSphere


SIS TPM Environment

Deployment of TPM started in January 2008

TPM 5.1.1 Fix Pack 1 Interim Fix IF00003 on SLES 9.0 Linux on z

TPM database on separate DB2 V8 SLES 9.0 Linux on z server with HADR to a standby DB2 server

SSH for Linux, UNIX and SMB/CIFS/DCE/RPC for Windows. TPM uses Remote Execution and Access (RXA) for agentless management of remote target computers using these protocols

sudo on Linux, UNIX used to permit a user, group to run certain commands as root or another user. /etc/sudoers entry for userid tpm to run all commands. Documented list of security controls approved by our security group and implemented

TPM workflow code of Device.ExecuteCommand will sudo sh for root or sudo su – userid if need to run script or command as another user

No Tivoli Common Agent (TCA) installed. TPM inventory scan supported for agentless


TPM Software Install and Upgrade Methods – Automation Packages

Usage of TPM automation packages to copy and execute scripts, commands

TPM executing script with product install, upgrade commands and response file. Script exits with non-zero return code if failure Installation code in sharable file system. No additional space requirements

for installation, patch tar files extracted on target computers. Prevent failures due to lack of filesystem free space and extra time copying, extracting tar file Installation code repository located in z/VM minidisks mounted read-write

on single Linux on z system for update. Mount read-only on other Linux on z systems for software install, upgrade deployments. Accessible on all networks

NFS server on a single Linux on z server in each network for AIX and Linux on Intel software install and upgrade deployments

Future possibility to use Samba on Linux on z server for Windows software install and upgrade deployments

Installation code tar, zip file in TPM file repository that is copied to target computers and extracted


TPM Software Install and Upgrade Methods – Software Package Block (SPB)

SPB from Tivoli Configuration Manager (TCM) can be installed with TPM and TPM for Software

SPB is created, updated with Software Package Editor and contains: Variables and conditions check. e.g. $(os_name) == AIX

System actions to check free disk space and restart computer

Program actions to install vendor package (Microsoft MSI, Linux rpm, etc.) or execute program, script

Software installable file. SPB is unzipped on target computer

Requires Tivoli Common Agent (TCA)

IBM products can include SPBs. ITM 6.2.1 create SPB package with: tacmd ExportBundles -t lz -o spb -p li6263 -e /myDir

Optional use of Scalable Distribution Infrastructure (SDI) with depot servers to reduce bandwidth usage, installation time when transferring data from SPBs over WAN


ITM createNode, addSystem, updateAgent

Populate ITM V6 agent installation code in ITM depot

Install Operating System (OS) agent with tacmd CreateNode Linux, UNIX computers require the usage of userid root and password.

Security policy can disallow remote root login

Install non-OS agents with tacmd addSystem

Upgrade a single agent product code with tacmd updateAgent Updating agents involves stopping any that are running, applying the

changes, and restarting them. With multiple agents on a server, extra time to stop and start agents

itmpatchagents can be downloaded from OPAL for instructions and script to scan and update group of agents with tacmd updateAgent


Benefits from TPM ITM V6 automation package Manual procedure to login to server, stop ITM agents, upgrade and start ITM

agents 15 minutes per server. For 30 servers is 450 minutes or 7.5 hours

TPM install of ITM V6 product with mode upgrade to group of servers 5 minutes per server with TPM default of executing 5 deployments at a time. For 30

servers is 30 minutes (Time saving per upgrade cycle is 44.5 hours) x (3 upgrade cycles per year) = 133.5

hours total times saving per year 136 hours for development of first automation package for ITM V6 agent. Return on

investment is 12 months after 3 upgrade cycles completed

Larger sized environments would experience greater time savings

TPM global variable default concurrency level or scheduled task property Concurrency Level could be raised higher depending on TPM database performance and amount of database update activity by workflows 5 minutes per server with TPM concurrency level changed to executing 10

deployments at a time. For 30 servers is 15 minutes

Consistent deployment method with different people executing deployment

Faster development for subsequent automation packages with reusing ITM workflow code

® © 2006 ibm corporation usage of tpm for itm v6 agent install, upgrade and configuration mike...

Documents