ca application performance management (apm) · with gliffy shapes converted 01/10/2018 1.0 lou...
TRANSCRIPT
Copyright © 2018 CA. All rights reserved. All trademarks, trade names, service marks, and logos referenced herein belong to their respective companies.
Reference Architecture Version 1.1
CA Application Performance Management (APM)
Copyright © 2018 CA. All rights reserved. All trademarks, trade names, service marks, and logos referenced herein belong to their respective companies.
Change History
Date Version Author Description of Change
08/31/2017 0.1 Lou Tedone Artifact creation
11/10/2017 0.2 Lou Tedone Added additional sections for
ATC, Universes, and other minor
changes based on team’s
feedback.
11/16/2017 0.3 Lou Tedone Updated for APM 10.7, added
additional verbiage for APM
Administrator role, split out
MOM-Collector port
assignments, HA explanation on
the architecture diagram, added
a brief section about HA, and
other minor changes based on
team’s feedback.
12/29/2017 0.4 Henrik Nissen Ravn Added REST AppMap/ATC API
HTTP communication for
federated queries.
Added description of REST API
security tokens.
Converted drawings to Visio
with Gliffy shapes converted
01/10/2018 1.0 Lou Tedone Format fixes, minor grammar
and spelling changes. Artifact
Baseline.
04/11/2018 1.1 Henrik Nissen Ravn Updating for 10.7: adjusting
diagrams, adding personas for
new features, updated sizing.
Distribution List
Date Version Name Company, Organizational Position
08/31/2017 0.1 Lou Tedone CA Architecture Team
11/10/2017 0.2 Lou Tedone CA Architecture Team
11/16/2017 0.3 Lou Tedone CA Architecture Team
12/29/2017 0.4 Henrik Nissen Ravn CA Architecture Team
01/10/2018 1.0 Lou Tedone CA Services, SWAT, APM
Product Management
04/11/2018 1.1 Henrik Nissen Ravn CA Architecture Team
Copyright © 2018 CA. All rights reserved. All trademarks, trade names, service marks, and logos referenced herein belong to their respective companies.
Copyright © 2018 CA. All rights reserved. All trademarks, trade names, service marks, and logos referenced herein belong to their respective companies.
Referenced Documents
Related Project Documentation
CA APM Product Documentation Bookshelf
https://docops.ca.com/ca-apm/10-7/en
CA Lead Practices for Application Performance Management / CA Support: APM Knowledge Center
https://support.ca.com/irj/portal/anonymous/newhome
CA APM Sizing and Performance Guide
https://docops.ca.com/ca-apm/10-7/en/installing/apm-sizing-and-performance-guide
5 Copyright © 2018 CA. All rights reserved. All trademarks, trade names, service marks, and logos referenced herein belong to their respective companies.
Contents
Planned End State ........................................................................................................................................................ 7
Solution Personas ......................................................................................................................................................... 9
Interaction of Personas .............................................................................................................................................. 11
Foundation Capability CA APM .................................................................................................................................. 15
Foundation Functional User Stories ........................................................................................................................... 17
Foundation Logical Architecture ................................................................................................................................ 20
Network Context ........................................................................................................................................................ 20
Network Diagram – Foundation Physical Architecture ....................................................................................... 21
Data Flows Explained .......................................................................................................................................... 22
Architecture Commentary .................................................................................................................................. 26
Foundation System Specification Requirements ....................................................................................................... 33
Foundation Physical Architecture ....................................................................................................................... 33
Base System Configuration Requirements ................................................................................................................. 33
Node Configuration ............................................................................................................................................. 35
Solution Component Ports .................................................................................................................................. 35
6 Copyright © 2018 CA. All rights reserved. All trademarks, trade names, service marks, and logos referenced herein belong to their respective companies.
Chapter 1: Executive Summary
The Reference Architecture provides information relating the baseline functional feature and technical architecture required to deliver the CA APM foundational solution.
This artifact is relevant only to the implementation of the foundational solution and will be superseded by more detailed design, implementation, test and operational artifacts as part of the following phases or iterations of the project to support the maturation of the solution both functionally and technically.
Planned End State
7 Copyright © 2018 CA. All rights reserved. All trademarks, trade names, service marks, and logos referenced herein belong to their respective companies.
Chapter 2: Foundation Functional Feature
This section contains the following topics:
Planned End State
Solution Personas
Interaction of Personas
Foundation Capability <Capability Name>
Foundation Functional User Stories
Planned End State The planned state is to provide a reference architecture to support the implementation of CA APM. It documents the actual Architecture (the adoption and adaptation of the recommended architecture) that will be implemented for Agile Operations. This document can be considered as the logical and physical design, illustrating how the technical solution will be implemented to meet the architecture (non-functional and environment constraints) requirements and how it will be configured or customized to support the requirements. The instantiation of the physical architecture can be found in the Build and Integration Handbook after the solution implementation.
All content contained in this document is based on CA Lead Practices and where necessary, it has been updated to reflect the corporate governance standards for architecture requirements. The following shows the APM logical system architecture. This graphic is a simple representation of an APM cluster.
Agents
Agents
EEM
Enterprise Manager
Collector
Enterprise Manager
Collector
Enterprise Manager
Collector
TIM
TIM
TIMAPM Database
Enterprise Manager
MoM
CEM Console
Team CenterWebView
APMSQLServer
Planned End State
8 Reference Architecture White Paper Template Copyright © 2018 CA. All rights reserved. All trademarks, trade names, service marks, and logos referenced herein belong to their respective companies.
This graphic is a simple representation of the UI interactions to the APM cluster.
This graphic is a simple representation of the Enterprise Team Center UI interactions to the APM cluster.
JVM
JVM
Agent
APM Database
Enterprise Manager
CEM Console
SmartStorWebView
Team Center
Workstation
Web Applications
InfrastructureAgent
OS
APIs
Scripts
Plug-ins
Agile OpsPlatform
Solution Personas
9 Copyright © 2018 CA. All rights reserved. All trademarks, trade names, service marks, and logos referenced herein belong to their respective companies.
Solution Personas The following table summarizes the solution personas and how they can use the CA APM solution. Where applicable, the personas are grouped by the capability in which they play a role:
Persona (Role) Description Expected Use of the new
Solution
APM Administrator Engage with IT teams to assure all the required instrumentation is in place to effectively monitor the business service.
Solution allows for collaboration of the monitoring initiative as a means of providing a consistent, manageable service.
Configure CA APM for applications Allows them to verify that the tool monitors the business services and is operating as designed.
Integrate CA APM with other CA products
Supports connector services that allow the automated routing of alerts, thereby speeding up resolution.
Provide at-a-glance visibility of all alerts for application performance components
Allows them to create dashboards and reports for Key Performance Metrics (KPMs).
Understand capacity and sizing requirements to ensure optimal availability, accessibility, and monitoring service
Understanding and using APM Supportability metrics to ensure that the APM monitoring services are available, accessible and usable.
Agent Health View ptovide at-a-glance overview of APM agents’ health
Monitors and visualizes APM infrastructure health
Application Developer Have at-a-glance and trace visibility application software code components for the application
Possess the ability to dynamically trace troublesome components to improve application performance.
Provide at-a-glance visibility and notification of all alerts for application performance components
Understand the nature of identified problems so that they address performance gaps in the software code.
Provide the ability to quickly isolate a code fault, performance delay, and/or error in application components
Quickly use the tool to determine where to isolate the problem, in order to correct the issue.
Solution Personas
10 Reference Architecture White Paper Template Copyright © 2018 CA. All rights reserved. All trademarks, trade names, service marks, and logos referenced herein belong to their respective companies.
Persona (Role) Description Expected Use of the new
Solution
Middleware Specialist Have at-a-glance and trace visibility to the application middleware stack that supports the application
Supporting the monitoring middleware and possess ability to assess, plan and address issues before impacting the business service.
Understand the details of issues by drilling down to specific middleware component areas
Analyze trending over time that will aid in identifying and preventing problems before they happen.
Performance Test
Engineer
Drill down to component level and see alert components that are affecting performance testing
Identify the root cause and to facilitate remediation.
Have at-a-glance visibility and access to all alerts during performance testing phase
Allow fast fault isolation of performance bottlenecks before the code is propagated into production.
Production Performance
Engineer
Drill down to component level and see alert components that are affecting application performance
Identify the root cause and to facilitate rapid remediation.
Have at-a-glance visibility and access to all alerts that affect application production performance
Allow fast fault isolation of performance bottlenecks to ensure minimal impact to delivering the business service.
Production Support
Analyst
Have at-a-glance visibility into the health (application performance and availability) for IT business services
Knowledge of issues with IT infrastructure that provides oversight that will help lead to faster resolution.
Have at-a-glance visibility into the health (application performance and availability) for the IT business services
Have real time view of performance and availability of application that supports the business.
Provide at-a-glance visibility and notification of all alerts for application performance components
Understand the nature of identified problems so that they can follow up with the responsible resolver teams.
Provide at-a-glance visibility and notification of all alerts for application performance components
Allow them to see which part of the application is experiencing issues, and the impact of the issue to the business service.
Utilizing layers allows briding technology boundaries: infrastructure context to applications and transactional context to infrastructure
Allow direct tying of infrastructure issues as root-cause for applications or transactions problems as well as to expereinces
Interaction of Personas
11 Copyright © 2018 CA. All rights reserved. All trademarks, trade names, service marks, and logos referenced herein belong to their respective companies.
Persona (Role) Description Expected Use of the new
Solution
Assisted Triage Resource Analyst provides infrastructure-sourced evidence to enrich root cause problem isolation
Microservices Architect,
Engineer, and Analyst
Provide full monitoring insights into containerized applications that you architect, deploy, scale, and manage: know health, issues, availability, and performance of your applications, processes, hosts and cloud instances
From health, status, and issues overview see if and which containerization object is experiencing issues. Understand and address issues correctly with assisted triage.
Obtain full visual overview of and insight into dependencies between objects of containerized environment like imaghes, cluster, hosts, instances, and applications in real time in highly dynamic containerized envisonments
Se how your microservices and containerization environment is architected, and connected and analyze scaling and performance utilizing dependency information.
Use the collected metrics data to know the health of your containers Use the collected metrics data to as well as to streamline the up- or down-scaling of your environment
Allow you to assess if your microservices and containerization is performing and scaling optimally.
Interaction of Personas
Role or Persona Name Definition
APM Administrator Individual that implements and maintains APM enterprise monitoring oversight across all Application or Business Services supported by the Enterprise Monitoring Team. Is responsible for the APM implementation, upgrades, and monitoring infrastructure capacity and health. Role has elevated server rights across the enterprise.
APM Architect Individual that provides APM enterprise monitoring oversight across all Application or Business Services support by the Enterprise Monitoring Team. Also responsible for automation, capability, standards, and process governance.
APM Consumer Individual that consumes the services in the APM product. This includes, but not limited to, UI access, metrics, reports, queries, and application performance metrics.
APM Engineer Please see APM Administrator.
CEM Administrator Individual that implements and maintains CEM enterprise monitoring oversight across all Application or Business Services supported by the Enterprise Monitoring Team. Role has elevated server rights for product installation, configuration, and maintenance.
Interaction of Personas
12 Reference Architecture White Paper Template Copyright © 2018 CA. All rights reserved. All trademarks, trade names, service marks, and logos referenced herein belong to their respective companies.
Role or Persona Name Definition
CEM Analyst Individual that implements and maintains CEM application recordings for the Enterprise Monitoring Team. Role is also responsible for establishing service levels for Business Services and Transactions.
CEM Consumer / User Individual that consumes the services in the APM CEM product. This includes, but not limited to, UI access, reports, queries, and SLA performance metrics.
Customer The individual or organization that is responsible for accepting the product and authorizing payment to the developing organization.
Developer An individual who designs, writes and tests computer programs
Development Lead An individual who direct the performance or activities a developer or set of developers.
Director or Vice President
A senior management role that strategically oversees the activities of various management teams. Role can enforce policy.
End-User The individual or group who will use the system for its intended operational use when it is deployed in its environment. In the context of Enterprise Monitoring, End-User implies the consumer of the Application or Business Service.
End-User Representatives
A selected sample of end users who represent the total population of end users.
Executive Leadership The role is the authority that maintains governance policies of the company. Role is associated with corporate officers.
Executive Stakeholder Executive Stakeholder is the authority that manages the governance policies of the company. Role is associated with Directors or Vice Presidents.
Manager A role that encompasses providing technical and administrative direction and control to individuals performing tasks or activities within the manager’s area of responsibility. The traditional functions of a manager include planning, resourcing, organizing, directing, and controlling work within an area of responsibility.
Point of Escalation The individual, usually a manager that is a point of escalation for Development.
Project Manager or PM
The role with total business responsibility for an entire project; the individual who directs, controls, administers, and regulates a project building a software or hardware/software system. The project manager is the individual ultimately responsible to the customer.
Requester The individual that requests monitoring services from the Enterprise Monitoring Team.
Software Configuration Control Board (SCCB)
A group responsible for evaluating and approving or disapproving proposed changes to configuration items, and for ensuring implementation of approved changes.
SME Subject Matter Expert. An individual that has undisputed experience of working in the application or Business Service infrastructure, or usability of all technological components.
Technical Writer Individual responsible for ensuring that a document follows technical writing standards.
Interaction of Personas
13 Copyright © 2018 CA. All rights reserved. All trademarks, trade names, service marks, and logos referenced herein belong to their respective companies.
Role or Persona Name Definition
Ticket Submitter Individual who enters a problem or issue into the Incident System.
15 Copyright © 2018 CA. All rights reserved. All trademarks, trade names, service marks, and logos referenced herein belong to their respective companies.
Foundation Capability CA APM The following table summarizes the capability, the technology, and the primary user stories.
Aspect Description
SR1:
Problem Identification
Real time status information is collected from CA APM Agents (e.g. System Agent); This component reports status changes and sends alarms to a third-party application
User experience can be monitored and alerted
APM monitors its own infrastructure and supports alert identification of a component fails
APM allows the extraction of metric data using APIs and web services and support alerting using SNMP trap forwarding
SR2:
Business Impact
IT to business alignment will be achieved through defining specific IT Services and the servers / services upon which they rely.
The business impact of an IT “event” is now determined through assignment of an importance level to the originating device or service
SR3:
Effective Prioritization of Events
APM determines what events to turn into alarms and what severity level is assigned.
APM determines the impact of events on particular services and generates alarms at designated severity levels
SR4:
Reduced Resource Requirements
Centralized and consolidated monitoring reduces the complexity and effort to manage the environment
Automated notification eliminates manual effort
Business impact information helps Operations staff focus on the most important events
SR5:
Reduction of APM Monitoring Environments
A single cluster will serve as a consolidated APM monitoring solution.
APM Solution is scalable to support additional growth. Additional agents can be added as business demands change to support future growth
SR6:
Centralized View of APM Application Performance Monitoring
A centralized instance provides one environment for alert management, application discovery, event gathering, single application root-cause deep dive, reporting, and notification services.
Foundation Capability CA APM
16 Copyright © 2018 CA. All rights reserved. All trademarks, trade names, service marks, and logos referenced herein belong to their respective companies.
Aspect Description
SR7:
Event Management
Defined thresholds are triggered to alert Operations staff to potential problems before they become critical
Metrics trending statistics are gathered for customer analysis; the aggregated data is analysed in order to reduce the number of alarms.
Probable cause information is provided with alarms to assist IT operation staff in troubleshooting and resolving issues.
SR8:
Automated Notification
IT support staff is automatically notified of high impact events through selected notification methods, including pager, email and (optional) CA APM integration.
SR9:
Reduced Mean Time to Repair
Managing multiple APM consoles is replaced with one, single cluster console
Metrics trending statistics are gathered for customer analysis; the aggregated data is analysed in order to reduce the number of alarms.
APM supports a deep dive of transactions end-to-end.
SR10:
High Availability
The APM solution can be deployed in a fault tolerant, highly available and/or disaster recovery environment to provide greater uptime and resiliency.
SR11:
User Management, Security, and Retention
The APM solution provides specific access based on user role and credentials.
APM supports Active Directory integration
CA APM software support configurable port assignments
Special APM components will mask any inbound packet data to protect exposure to sensitive or private data elements.
APM Supports configurable and user-defined records retention and off-loading for archival purposes.
SR12:
Usability
The APM solution provides end user management to determine user impact.
The APM solution supports encrypted and unencrypted packet traffic.
The APM solution provides deep-dive monitoring to determine probable root cause for application software behaviors; middleware, and backend calls
The APM solution provides meaningful and actionable patterns and will provide improved alert quality.
Foundation Functional User Stories
17 Copyright © 2018 CA. All rights reserved. All trademarks, trade names, service marks, and logos referenced herein belong to their respective companies.
Aspect Description
SR13:
Performance and Scalability
APM supports physical and virtual instances.
The APM agent provides a non-intrusive footprint on the application server layer and can be configured to have minimal impact on the application tier.
The APM solution can scale as the business needs grow.
Foundation Functional User Stories The following section summarizes the functional user stories and the personas that participate in them.
As a/an I want So that
APM Administrator Engage with IT teams to assure all the required instrumentation is in place to effectively monitor the business service.
Solution allows for collaboration of the monitoring initiative as a means of providing a consistent, manageable service.
Configure CA APM for applications Allows them to verify that the tool monitors the business services and is operating as designed.
Integrate CA APM with other CA products
Supports connector services that allow the automated routing of alerts, thereby speeding up resolution.
Provide at-a-glance visibility of all alerts for application performance components
Allows them to create dashboards and reports for Key Performance Metrics (KPMs).
Understand capacity and sizing requirements to ensure optimal availability, accessibility, and monitoring service
Understanding and using APM Supportability metrics to ensure that the APM monitoring services are available, accessible and usable.
Application Developer Have at-a-glance and trace visibility application software code components for the application
Possess the ability to dynamically trace troublesome components to improve application performance.
Provide at-a-glance visibility and notification of all alerts for application performance components
Understand the nature of identified problems so that they address performance gaps in the software code.
Foundation Functional User Stories
18 Copyright © 2018 CA. All rights reserved. All trademarks, trade names, service marks, and logos referenced herein belong to their respective companies.
As a/an I want So that
Provide the ability to quickly isolate a code fault, performance delay, and/or error in application components
Quickly use the tool to determine where to isolate the problem, in order to correct the issue.
Middleware Specialist Have at-a-glance and trace visibility to the application middleware stack that supports the application
Supporting the monitoring middleware and possess ability to assess, plan and address issues before impacting the business service.
Understand the details of issues by drilling down to specific middleware component areas
Analyze trending over time that will aid in identifying and preventing problems before they happen.
Performance Test
Engineer
Drill down to component level and see alert components that are affecting performance testing
Identify the root cause and to facilitate remediation.
Have at-a-glance visibility and access to all alerts during performance testing phase
Allow fast fault isolation of performance bottlenecks before the code is propagated into production.
Production Performance
Engineer
Drill down to component level and see alert components that are affecting application performance
Identify the root cause and to facilitate rapid remediation.
Have at-a-glance visibility and access to all alerts that affect application production performance
Allow fast fault isolation of performance bottlenecks to ensure minimal impact to delivering the business service.
Production Support
Analyst
Have at-a-glance visibility into the health (application performance and availability) for IT business services
Knowledge of issues with IT infrastructure that provides oversight that will help lead to faster resolution.
Have at-a-glance visibility into the health (application performance and availability) for the IT business services
Have real time view of performance and availability of application that supports the business.
Provide at-a-glance visibility and notification of all alerts for application performance components
Understand the nature of identified problems so that they can follow up with the responsible resolver teams.
Provide at-a-glance visibility and notification of all alerts for application performance components
Allow them to see which part of the application is experiencing issues, and the impact of the issue to the business service.
Foundation Functional User Stories
19 Copyright © 2018 CA. All rights reserved. All trademarks, trade names, service marks, and logos referenced herein belong to their respective companies.
Chapter 3: Foundation Physical Architecture
This section provides information relating to default configuration requirements that apply to the applications; for example, Port numbers for Web Services, Database Configuration, OS Configuration, and Supporting Services. The information provided must align with the associated baseline technical architecture and hence it focuses on specific platform requirements and component configurations for the CA APM solution.
This section contains the following topics:
Foundation Logical Architecture
Network Context
Foundation System Specification Requirements
Base System Configuration Requirements
Foundation Logical Architecture
20 Copyright © 2018 CA. All rights reserved. All trademarks, trade names, service marks, and logos referenced herein belong to their respective companies.
Foundation Logical Architecture The following architecture illustrates the required application component packaging for the CA APM foundation solution:
Network Context The following series of diagrams provide a reference implementation architecture design for the deployment of the CA APM solution.
Agents
Agents
EEM
Enterprise Manager
Collector
Enterprise Manager
Collector
Enterprise Manager
Collector
TIM
TIM
TIMAPM Database
Enterprise Manager
MoM
CEM Console
Team CenterWebView
APMSQLServer
Network Context
21 Copyright © 2018 CA. All rights reserved. All trademarks, trade names, service marks, and logos referenced herein belong to their respective companies.
Diagram Notes:
• Default Ports in Use: 80, 5001, 5250 (EEM), 5432, 5443 (if secure socket, where 5001 is used), 8080, 8081, 8088 or 8443 (when HTTPS, where 8088 is used), 8888, 51914
• For direct user connectivity to the MOM UIs, use port 8080 for WebView, and port 8081 for the APM and CEM UIs that reside on the MOM.
Network Diagram – Foundation Physical Architecture This section contains one or more views for the CA APM solution which shows the physical/virtual instantiation of the solution for the Foundation Physical Architecture environment. The unique network requirements placed on the CA APM solution is summarized in the following diagram:
TIMPort80
Port8081
Port5001
Port5001Port
8081
Port 5432
Port5432
Port5432
Port80
Port8888
Port8081
Port8081
Port8080
Port5001
Port5001
Port51914
Port80
Port5250
CA APM PORTS
EMWeb
Server
Enterprise ManagerMoM
{REST}Client
Port8081
Port5001
SPAN
Port8088
Command Center Configuration Server
Web Server
ActiveMQ Broker
Command CenterAgent Controller
EMWeb
Server
Collector
AgentAgentAgent
WebViewServer
WebView
Team Center
Port5001
Port8081
EMWeb
Server
TIMCollector
APM Database
Agent Command Center
Browser
Team CenterWebView
Browser
CEM Console
Browser
EEM Admin
Browser
Port5250
EEM Server
Workstation
APMSQLServer
ODBCPort 54320
JDBCPort 54321
JDBC/ODBCClient
Network Context
22 Copyright © 2018 CA. All rights reserved. All trademarks, trade names, service marks, and logos referenced herein belong to their respective companies.
Data Flows Explained
Data flow are detailed and explained in more detail below, including external components such as SNMP and DNS.
Thicker flow lines in the diagrams denote larger data volume.
CEM Data Flow CEM data flow is as depicted in this diagram:
UI Layers
APM 10 Reference Architecture
CEM Console Line Colors
Blue Lines (normal):CEM packet processing
Blue Lines (large): Application user TCP packets
Red Lines (large): APM agent processing
Red Lines (normal): APM processing
Orange Lines (normal):APM UI connections
Orange Lines (large):APM UI processing
Green Lines (normal): represent HA failover
Black Lines (normal)Federated REST data queries (pull) or Subscribed Isengard data queries (push)
HA achieved through DNS virtual
host entry or internal CA APM
configuration
ODBC
JDBC
RESTAPI
Webserver forTeam Center& WebView
APMSQL Server
TIM
SNMP GatewayFor Traps
- or -Destination Connector
Service
Workstations
Switch
Team CenterClients
DxCCollector MOM
Secondary
TIMCollector
Collectors
MOMPrimary
Agents (up to 400)
TIMDatabase
Network Context
23 Copyright © 2018 CA. All rights reserved. All trademarks, trade names, service marks, and logos referenced herein belong to their respective companies.
• TIM Server receives TCP/HTTP packets from switch SPANs and assembles into session data.
• TIM Collector Service on TIM-Collector fetches session data from TIM Server. DXC-
collector also fetches session data.
• If enabled, RTTM metrics are written to SmartStor and forwarded to MOM, when
subscribed, for custom domains, virtual agents, calculator and alert processing.
• TIM aggregation Service on TIM-Collector writes aggregated SLA-data to APM Database.
• Subscribed metrics and alerts are pushed to workstations’ graphic controls.
Agent Data Flow
Agent data flow is a depicted in this diagram:
• Agents send metrics and events data to Collectors
• Collectors store metrics and events locally
TIM
Web Server
TIMCollector
Web Server
Team Center
Enterprise ManagerMoM
SwitchSwitch
Switch
CA APM CEM FLOW
APM Database
DXC Collector
SNMPGateway
Workstation
Web Server
Collector
Agent
CA APM AGENT DATA FLOW
Web Server
Team Center
Enterprise ManagerMoM
APM Database
DXC Collector
SNMPGateway
Workstation
Network Context
24 Copyright © 2018 CA. All rights reserved. All trademarks, trade names, service marks, and logos referenced herein belong to their respective companies.
• Subscribed metrics for custom domains, virtual agents, calculators and alerts are sent to MOM
• Alert action SNMP traps are sent to SNMP server
• On the EM/Collectors, transaction traces are processed for correlation and
vertex and edge creation to produce partial Team Center maps forwarded to Team Center for joining and written to APM database.
• Subscribed metrics and alerts are pushed to workstations’ graphic controls.
UI Data Flow UI data flow is a depicted in this diagram:
• Team Center query data from MOM that spawns federated queries to collect data from all collectors and APM database
• UI graphic controls of Team Center and WebView query (REST) and WorkStation
subscribe (Isengard) to data from MOM that manages subscription queries (Isengard) and federated queries (REST) from all collectors
• APMSQL and REST Clients submit HTTP REST requests to the MOM’s Web server
that spawns federated HTTP REST queries to all collectors’ Web servers.
• APMSQL exposes ODBC and JDBC interfaces
• REST clients consume JSON documents
APMSQLServer
Web Server
Collector
Web
Server
TIMCollector
Team CenterWebView Workstation
CA APM UI DATA FLOW
Web Server
Team Center
Enterprise ManagerMoM
RESTClient
APM Database
Network Context
25 Copyright © 2018 CA. All rights reserved. All trademarks, trade names, service marks, and logos referenced herein belong to their respective companies.
Agent Connectivity Data Flow Agent Connectivity Flow is as depicted in this diagram:
• The MOM notes it’s configured collectors, connects to them and sends it’s Domail.XML to them so that agent cannot connect to an unallowed collector.
• In clusters agents initially try to connect to the MOM and the MOM sends an allowed
collectors list in response. If configured the agent caches the list for resilience.
• Agents try to connect to the first collector in the received allowed list. If it fails (collector
not available or not allowed) it will retry the MOM (next in list) to get a fresh allowed collectors list.
• If the MOM is not available agents will try collectors of their cashed lists (every second
entry), if available, if not (not cached or newly started) they will keep trying the MOM.
• If overloaded due to metric clamps, the Collectors will not accepts agent connections and
will report as overloaded to the MOM. The Collector is excluded from allowed lists.
• Agents may be configured for direct collector connection that is accepted if configured.
Should only be used for pre-9 agents.
• TIM collectors should be exempted from agent connections.
• With best practices configuration host names are used for MOM and Collectors. Hence,
the DNS server is queried by agents to resolve MOM and collector host names, and by the MOM to resolve collector host names (remember, collectors are not configured with MOM’s host name). Obviously, agents are using DNS through monitored applications’ VM.
Web Server
Collector
Agent
CA APM AGENT CONNECTIVITY FLOW
Web Server
Team Center
Enterprise ManagerMoM
DNSServer
Network Context
26 Copyright © 2018 CA. All rights reserved. All trademarks, trade names, service marks, and logos referenced herein belong to their respective companies.
Architecture Commentary The below covers User Roles and Functions, Authentication and Authorization, User Management, Data and Communications Security, and Data Retention for APM logs.
User Roles and Functions The below describes the User Role and Functions that are part of the APM solution. Solution Administrator – This is a full administrator role with access to all CA software.
• APM: Admin security group. Given APM administrator privileges
Solution Operator – This is an intermediary “super-user” role with read-write access to
specific software and functions.
• APM: Configuration Administrator security group. Role manages general configuration
Operator – This is the typical “operator” role with read-only access d Fault/Performance
information that are related to their business unit.
• APM: Incident Analyst has access to reports and views including information on defects.
Executive – This role will be used specifically to provide “consumer” access to Executive
Insight dashboards.
• APM: Does not assign users to any APM group
Authentication and Authorization APM integrates with Active Directory and can be configured to use Active Directory (single-domain) for authentication. When a user logs in to APM, their login credentials are passed from the web browser and authenticated via the integration with Active Directory. If the user passes authentication, the user is authorized to access the product based on their role.
User Management APM User access will be provided by LDAP authentication to Active Directory. The access verification method is configured through the realms.xml file on the APM MOM. Local accounts may also be configured for fallback in case LDAP is unavailable. The current realms.xml file will be reused for the new APM infrastructure.
Data and Communications Security All components of the CA Solution can use HTTP or HTTPS for Passwords user access. Per HTTP protocol standard, even simple HTTP using Basic authentication leverages user credentials encoding using the RFC2045-MIME variant of Base64, which ensures that the passwords cannot be extracted from the data. Monitored Traffic Business transaction packet payloads may be encrypted using Secure Socket Layer protocol carried by HTTPS. The SSL PEM key must be loaded in the TIM to enable these business transactions to be monitored or the data capture must be from a clear text source.
Network Context
27 Copyright © 2018 CA. All rights reserved. All trademarks, trade names, service marks, and logos referenced herein belong to their respective companies.
API REST calls use security tokens issued by Team Center for authentication and authorization. Tokens may be temporary or permanent and can be invalidated at any time. They can only be viewed (seen) on creation. For intra-component (ETC-ATC) system type tokens are used. A REST endpoint can also issue a 1 hour temporary token based on user id and password.
Data Retention for APM Logs APM logs will be retained for 6 months. These logs are typically not automatically removed and require manual intervention to purge.
Network Context
28 Copyright © 2018 CA. All rights reserved. All trademarks, trade names, service marks, and logos referenced herein belong to their respective companies.
High Availability (HA)
The Enterprise Manager failover works by designating multiple Enterprise Managers in a cluster as follows:
• One Enterprise Manager as a primary computer and the other as a secondary or backup.
• Both Enterprise Managers as primary computers.
The responsibility of the secondary is to take control when the primary fails and to relinquish control when the primary recovers. The responsibility of the primary is to take control from the secondary.
You can configure Enterprise Manager failover when a pair of Enterprise Managers shares a single Introscope installation. Typically, the two Enterprise Managers are on different computers. The Introscope installation must reside on a network file system because both Enterprise Managers need read access to the Introscope installation. However only one Enterprise Manager at a time needs write access. For example, the Introscope installation could be shared using a Network Attached Storage (NAS) protocol such as these protocols:
• Network File System (NFS)
• Server Message Block (SMB)
To provide a cluster stability, CA Technologies recommends that you configure failover for your MOM Enterprise Manager. In addition, you can configure failover for one or more Collectors and CDVs within a cluster or for a standalone Enterprise Manager. If you are configuring failover for the MOM, Collectors, and CDVs in a cluster, you configure each Enterprise Manager individually.
• Additional information on configuring Enterprise Manager HA can be found here: https://docops.ca.com/ca-apm/10-7/en/administrating/configure-enterprise-manager/configure-enterprise-managers-and-clusters/use-enterprise-manager-failover
Virtualization
In a virtual environment, you can share resources to maximize your return on hardware investment or provide higher availability. However, because most of the CA software (APM, Performance Manager, Spectrum, UIM, etc.) will need to react to changing environmental conditions in real-time.
The CA software requires CPU resources, memory resources, and disk speeds to be running at optimal capacity. If any one of these resources is impacted because of another virtual machine or the virtual infrastructure places false limits on the resources available to the CA software, the performance of software will negatively be affected. Therefore, we recommend that you run CA software with CPU and memory resources that are dedicated 100 percent of the time. If you are using a storage area network (SAN), it is important to match the SAN performance requirements to be equivalent or better than those recommended in our hardware specifications.
Network Context
29 Copyright © 2018 CA. All rights reserved. All trademarks, trade names, service marks, and logos referenced herein belong to their respective companies.
The best practice recommendation is to fully dedicate resources that are equivalent to what would be provided by a physical system, these are specified in the hardware specifications, for Virtual Machines (VMs) being used for the CA software. Specifically, for VMWare environments, we recommend:
• Dedicated (reserved) resource group(s) should be assigned to the CA software
virtual machines(s) to ensure required resources are always made available (e.g.
reserved) regardless of the state of any other VMs running on the same server. The
specific resource group allocations should be based on the sizing information from
provided by the CA.
• Specific RAID volumes or LUN should be created with dedicated disks/spindles for
the CA software to avoid disk I/O contention from other applications which may be
sharing the same RAID or storage array. The greater the volume of disks/spindles
allocated to the RAID volume or LUN will provide greater IO distribution and will
maximize read/write times for the processes.
• Ensure that the size the virtual machine memory leaves adequate space for the Java
heap, the other memory demands of the Java virtual machine code and stack, and
any other concurrently executing process that needs memory from the guest
operating system.
• Set the memory reservation value in the VMWare Infrastructure Client to the size of
memory for the virtual machine. As any type of Memory Swapping (physical or
virtual) is detrimental to performance of JVM heap especially for Garbage
Collection.
• If your ESX host is overcommitted, ensure that the Balloon Driver is running within
the virtual machine so that memory is optimally managed.
• There is no protection for the JAVA process memory. Therefore, it is recommended
that the following calculation is used:
Network Context
30 Copyright © 2018 CA. All rights reserved. All trademarks, trade names, service marks, and logos referenced herein belong to their respective companies.
VM Memory = Guest OS Memory + JVM Memory JVM Memory = JVM Max Heap [-Xmx value] + JVM Perm Gen [-xx: MaxPerSize] + Number of Concurrent Threads * Memory Per Thread [-Xss ] Note: ESX Server version 3.5 does not allow for I/O load balancing across HBA cards. By following the lead practices of dedicating necessary resources to the CA software, you will limit the issues that are caused by lack of resource availability.
Due to the nature of the CA software and how can be negatively affected by CPU, memory and disk resource constraints, great care should be taken to ensure that the software can effectively share resources based on the above requirements.
Introscope Domains and the APM UIs The implementation of Introscope domains propagate to all of the APM UIs. For federated access and security, a user is assigned to a domain using permissions granted through LDAP or standard APM security. When enforced, the user will only have access to their application as it will reside exclusively in an APM domain. For example, the APM Team Center (ATC) UI will allow the user to only view their specified domain.
For the implementation of ATC, there are circumstances where the user can cross domains (i.e. a Middleware Specialist). This type of user may be assigned at the highest level. The user is only permitted to view the content (read only) and domains may be flattened by assigning the user to a specific Universe. A Perspective would also be created in order for this persona to view all middleware metrics across multiple application servers, regardless of application. If a requirement exists where this persona can only view a subset of the middleware servers, the perspective can be set to allow a limited view based on ATC server filters.
Network Context
31 Copyright © 2018 CA. All rights reserved. All trademarks, trade names, service marks, and logos referenced herein belong to their respective companies.
ATC Universe permissions can be assigned to individual users or groups of users. Groups or users who are assigned to a universe have one of three levels of permission for that universe.
• Read: With read permission, users cannot edit any Team Center values.
• Edit: With edit permissions, users can create new custom attributes, and can edit and delete custom attribute values.
• Manage: With manage permissions, users can edit custom attribute values and change universe permissions
Define and Configure Introscope Domains
Introscope uses domains to partition agents and monitoring logic to define which CA APM users can see what information. You map Introscope agents to a domain using a Perl5 regular expression in the domains.xml file. This file is located in the <EM_Home>/config directory. You use domains.xml to define your domains regardless of which security realm you are using.
In addition to configuring domains, you also configure domain permissions when setting up Introscope security. For Local security, you configure domain permissions in the domains.xml file.
There are two types of domains in Introscope:
• SuperDomain – The SuperDomain is the superset domain that contains all user-defined domains in the system. All agents are visible in the SuperDomain, but might also appear in user-defined domains. The default Introscope configuration contains only the SuperDomain. If you do not configure any other domains, all agents are mapped to the SuperDomain.
• User-defined domain – You define new domains in the domains.xml file, which is located in the <EM_Home>/config directory. The domains.xml file provides mappings of domain names to regular expressions.
The rules for defining domains in the domains.xml file are:
• Domain defining must follow valid XML file rules.
• Domain names are case-sensitive.
• Any domain must be placed inside the root XML domain element.
More information about domain setup and configuration can be found here:
https://docops.ca.com/ca-apm/10-7/en/administrating/apm-security/define-and-configure-introscope-domains
Network Context
32 Copyright © 2018 CA. All rights reserved. All trademarks, trade names, service marks, and logos referenced herein belong to their respective companies.
Team Center Universes For Team Center, Universes let the administrator refine the number and types of components into easy to use groups. This refined group is a Universe. For security reasons, there is no default assignment to all users. Each user must be allocated to a Universe to view Application Performance Management. The user is warned if no Universe is associated with the user ID. As an administrator, create universes for users. Use the default universe that is created for every connected provider, or, create a custom universe. The administrator can create a universe by applying a Filter to remove unrequired component data from the data set leaving a Universe tailored to the needs of a particular user or group. The administrator can create numerous universes to create a series of manageable spaces that users can easily switch between to make navigation of the Environment easier for investigation. Alternatively, the administrator can use the same universe tool to ensure that specific user access is restricted as required by company security requirements. Note: You can quickly create universes based on existing domains. Create a filter based on the agentDomain attribute, select the domain required, and click Create Universe. As a Team Center Administrator, assign at least one universe to each user so they can access content. A universe consists of:
• A name – A unique identifier
• A filter – Defines the Team Center data set.
• A list of users – Users with access to this universe Some universes are pre-defined and created by default:
• A universe is created automatically that contains all components for a host. Host universes are named in a format “hostname components”.
• The ‘Enterprise’ Universe includes all components in the environment. Use this Universe as a starting point for creating universes.
Note: Predefined universes cannot be deleted or modified. You can use a predefined universe as the basis of a new universe. Click Edit and make modifications, click save as, and provide a new universe name. A transaction path filter identifies all components in all transaction paths that pass through a component with attribute values that are specified in the filter criteria. Example: Set the filter criteria Location = London and Owner = Steve. You see all components in all transactions that go through a component that is located in London and owned by Steve. Set Transaction Path Filters in the filter drop-down bar. More information about Universes in Team Center can be found here: https://docops.ca.com/ca-apm/10-7/en/administrating/configure-team-center/configure-universes.
Foundation System Specification Requirements
33 Copyright © 2018 CA. All rights reserved. All trademarks, trade names, service marks, and logos referenced herein belong to their respective companies.
Foundation System Specification Requirements The hardware requirements for the solution, for highest capacity, are defined in the following subsection.
The Sizing information is dependent on third party hardware vendor specifications which is subject to change at any time, and should be confirmed with the respective vendors that it represents the latest information.
Foundation Physical Architecture The hardware required for the Foundation Physical Architecture solution is given in the following table that is an extract from the sizing and performance quide1. For detailed sizing information please consult he APM sizing and performance guide2. Please note that the requirements are for either physical or virtual servers.
APM Component Qty RAM Max Heap Size
CPUs OS &SW
Disk Space Database OS Notes
Database 1 16 GB - 8 cores 150 GB
Postgres or Oracle - 1.5 TB
Logs - 100 GB
RHEL 7 or Win 2012 R2 64 Bit
One database instance per APM cluster.
APM Component Qty RAM Max Heap Size
CPUs OS &SW
Disk Space SmartStore (SS)
Traces OS Notes
MOM (Primary and Secondary)
2 32 GB 16 GB 8 cores 500 GB
SS - 150 GB
Traces - 50 GB
RHEL 7 or Win 2012 R2 64 Bit
JVM heap should not exceed 18 GB, remaining RAM is reserved for OS.
Collector for APM Agents
1 16 GB 8 GB 8 cores 150 GB
SS - 300 GB
Traces - 80 GB
RHEL 7 or Win 2012 R2 64 Bit
Up to 10 collectors per cluster (including 2 collectors for DxC and TIMs).
Collector for DxC (Browser Agent)
1 16 GB 8 GB 8 cores 200 GB SS - 800 GB RHEL 7 or Win 2012 R2 64 Bit
One instance per cluster.
Collector for Transaction Impact Monitor (TIM) Collection service
1 8 GB 6 GB 8 cores 40 GB
SS - 20 GB
Traces - 50 GB
RHEL 7 or CENT OS
One instance per cluster. Supports multiple TIM
1 https://docops.ca.com/ca-apm/10-7/en/ca-apm-sizing-and-performance/hardware-sizing-and-performance. 2 https://docops.ca.com/ca-apm/10-7/en/ca-apm-sizing-and-performance.
34 Copyright © 2018 CA. All rights reserved. All trademarks, trade names, service marks, and logos referenced herein belong to their respective companies.
instances, maximum of 8.
Enterprise Team Center (ETC)
1 40 GB 32 GB 8 cores 200 GB SS - 40 GB RHEL 7 or Win 2012 R2 64 Bit
We recommend that you use one ETC per up to 4 clusters.
WebView Server 1 6 GB 4 GB 2 cores 300 MB
One WebView per cluster. One WebView per Enterprise Team Center. Two or more WebViews are possible behind a load balancer.
Consolidated Data Viewer (Optional)
1 16 GB 8 GB 8 cores 200 GB SS - 40 GB RHEL 7 or Win 2012 R2 64 Bit
Aggregates data from up to 10 collectors across different clusters.
APM Component Qty RAM Max Heap Size
CPUs OS &SW
Disk Space Data Store OS Notes
APM Command Center (Optional)
1 8 GB 6 GB 4 cores 150 GB 100 GB Linux 64 bit
Supports multiple clusters and up to 20 000 agents. Only Java agents and Infrastructure agents are currently supported.
APM Team Center User Interface
1 16 GB Intel
Core i7
Win 7 or later
For the best performance, we recommend that you use Google Chrome browser, version 58 or later, for the Team Center UI.
Base System Configuration Requirements
Base System Configuration Requirements
35 Copyright © 2018 CA. All rights reserved. All trademarks, trade names, service marks, and logos referenced herein belong to their respective companies.
Node Configuration The following table summarizes the node configuration requirements:
Node Supporting Component
Configuration Requirements
MOM, Collectors,
ATC & ETC
Operating
System
RHEL7 or Windows 2012 R2 properly configured
Database Oracle Oracle Enterprise Edition, 11G R1 & R2, 12C
TIM Operating System
RHEL 7 or CentOS 6.9
Note: The information provided in this section is applicable to all nodes in all environments.
Solution Component Ports The following table summarizes the ports used by the Solution components:
From To Port (unidirectional unless stated)
Collectors MOM TCP 5001
MOM Collectors TCP 5001
Agents MOM TCP 5001
APM Users MOM TCP 5001, 8081
Admin Users MOM TCP 5001, 8081, 22
Team Center, WebView MOM TCP 5001
Agents Collectors, includes TCS and DxC TCP 5001
Admin Users All APM UIs TCP 5001, 8080,8081, 8082, 8088, 22
APM Users Team Center, WebView TCP 8080, 8082
MOM APMDB Postgres TCP 5432
Collectors APMDB Postgres TCP 5432
TIM APMDB Postgres TCP 5432
Admin Users APMDB Postgres TCP 5432
MOM SNMP Gateway TCP 162