What can happen if you just install IBM Tivoli Application Dependency Discovery Manager (TADDM) and don’t make any other adjustments? The answer is, nothing in general, and you might be quite happy with what you have. But what if you knew that spending some time playing with your configuration could boost your TADDM experience? Wouldn’t you like to squeeze every bit from your environment in order to save time? If so, let me describe five areas where you can look to make improvements.
###################################################################
1. Sensor timeouts:
When checking discovery results, you can encounter sensors timing out on some target systems. A default sensor timeout is set to 10 minutes, but for some cases this is not enough time. The rule of thumb is: if a sensor times out you should increase timeout settings for the sensor. There are various reasons why some sensors run longer than others. For example, there might be a slow network connection or a huge amount of data to discover on a particular endpoint. The second example can be observed where you have large network devices with a lot of ports and connections. Increasing timeout can increase discovery length for sensors that were failing before and makes it possible for the sensor to finish a discovery and store discovered data.
########################################################################
2. Target systems’ configuration:
The other thing you might see in your environment is sensors that end with warnings due to a target system configuration. Do not ignore these warnings unless you are sure what they mean. Some warnings show up when there are some prerequisites missing. Others may pop up because of a Simple Network Management Protocol (SNMP) timeout. In general, you can live with these warnings, but you might not be getting all the information that is available on the target system if you don’t take care of them. Taking care of these warnings is another way that you can improve your discovery depth and ensure that you discover all you can.
######################################################################
3. Database maintenance:
The next area to look at is the TADDM database. Updating the database statistics is a very important activity. Without doing this, you may experience dramatic performance degradation. The database statistics should be updated after any major data change in the database, like after adding or deleting a lot of objects. The database should also be reorganized regularly. Further details can be found in the “Database Maintenance” section of TADDM documentation.
The next thing to look for, after making sure the database is not a bottleneck, is TADDM scalability. You can improve storage rate by adding another storage server and you can improve discovery rate by adding another discovery server. Though, the first thing to do is to make sure the current servers are fully utilized.
#############################################################################
4. Storage server configuration:
If you notice that the number of sensors running is much greater than the “dwcount” property (com.collation.discover.dwcount), then TADDM is waiting to store sensor data. But before adding another storage server, you may want to increase the “topopumpcount” property (com.collation.discover.observer.topopumpcount). This property controls the number of concurrent threads that store data to TADDM database on a discovery server. The default value is 16 but can be safely increased to 24. Keep in mind that this will increase memory and CPU utilization on the storage server, as well as database load. If the overhead is too high, you can try a lower value like 8 or 10. In some environments, this is a better solution.
#########################################################################
5. Discovery server configuration :
If you notice that the number of sensors running is almost the same as “dwcount” property (com.collation.discover.dwcount), then it means that TADDM is waiting for new sensors to run. To fully utilize a discovery server in this case, you need to increase “dwcount” property. The default value is 32, but it can be safely increased two- to threefold depending on the discovery server capacity. Powerful systems can run more than 96 sensors at the same time. A good practice is to increase the value step-by-step and to monitor discovery performance as you do.
Having these five areas reviewed and configured properly should improve your TADDM experience in various ways. Sensors should no longer be timing out as much and should be able to discover as much as possible. Discovery time is shortened thanks to utilizing the discovery and storage servers up to their full capacity.
Do you know of other useful settings in IBM Tivoli Application Dependency Discovery Manager?
Please share your insights - email to ravi.netcool@gmail.com to add to this blog
#############################################################################
Wednesday, June 4, 2014
Friday, April 11, 2014
Security vulnerability (CVE-2014-0160) impacting IBM Endpoint Manager 9.1
DESCRIPTION:
There is an OpenSSL vulnerability that could allow an attacker to compromise the IBM Endpoint Manager root server signing key. Both Windows and Linux server deployments are affected. Note that the site admin key cannot be compromised using this vulnerability.
AFFECTED PRODUCTS AND VERSIONS:
IBM Endpoint Manager 9.1, previous versions are not affected
IMMEDIATE ACTIONS: If you are using Endpoint Manager 9.0 or earlier, you are unaffected. You should delay upgrading to 9.1 until a patch is released. We have removed the 9.1 upgrade fixlets from BES Support. If you are using Endpoint Manager 9.1, you can mitigate your exposure to this vulnerability by taking the following steps until a 9.1 patch is released:
There is an OpenSSL vulnerability that could allow an attacker to compromise the IBM Endpoint Manager root server signing key. Both Windows and Linux server deployments are affected. Note that the site admin key cannot be compromised using this vulnerability.
AFFECTED PRODUCTS AND VERSIONS:
IBM Endpoint Manager 9.1, previous versions are not affected
IMMEDIATE ACTIONS: If you are using Endpoint Manager 9.0 or earlier, you are unaffected. You should delay upgrading to 9.1 until a patch is released. We have removed the 9.1 upgrade fixlets from BES Support. If you are using Endpoint Manager 9.1, you can mitigate your exposure to this vulnerability by taking the following steps until a 9.1 patch is released:
- Limit network access to the root server to only trusted hosts.
- Rotate the server signing key on the root server on a regular basis.
- If any custom HTTPS keys are being used in the root server or web reports, those keys should also be rotated.
- Avoid sending any sensitive data via mailboxes or secure parameters to relays or the root server.
- Consider temporarily disconnecting any internet-facing relays.
- REFERENCE - http://www-01.ibm.com/support/docview.wss?uid=swg21669587
BACKGROUND:
An OpenSSL vulnerability was announced today in versions 1.0.1 and 1.0.2 of OpenSSL. This vulnerability is officially named "TLS heartbeat read overrun (CVE-2014-0160)" and has come to be colloquially named "The Heartbleed Bug".
Official advisory: http://www.openssl.org/news/secadv_20140407.txt
More details: http://heartbleed.com
Any software that uses an affected version of OpenSSL and is a TLS server is vulnerable.
This vulnerability affects IBM Endpoint Manager version 9.1. Other versions of Endpoint Manager (9.0.* and earlier) are not affected by this vulnerability because they use an earlier version of OpenSSL..
IMPACT:
This vulnerability impacts IBM Endpoint Manager in several ways. An attacker that can send network requests to the root server can read the root server's memory and obtain the server signing private key. This key could be used, as part of a man-in-the-middle attack, to impersonate the root server and obtain console login credentials. It can also be used to forge actions that agents will accept as authentic.
An attacker that can send network requests to a 9.1 relay can read the relay's memory and obtain the private key of the agent on the relay machine. This key can be used to read the contents of mailboxes and secure parameters sent to the target agent. It can also be used to impersonate reports from the agent that the server will accept as genuine.
If you are using any custom SSL certificates for a 9.1 root server or web reports server, the private keys for those certificates could be compromised. If you are using these keys on any other systems, you should rotate them immediately.
REMEDIATION:
The IBM Endpoint Manager team is working on a patch release that will fix this
vulnerability. We will make this patch available as soon as possible, and we
recommend that you make plans to upgrade from 9.1 to the patch release as soon
as it is available.
Thursday, April 3, 2014
ILMT 9.0 - How to order and download the tool from PA
#############################################################
Today I'm going to present in several steps how to order and download IBM License Metric Tool 9.0 from IBM Passport Advantage site. Login to Passport Advantage site. Provide IBM ID and Password, and click Sign in.
https://www-304.ibm.com/software/howtobuy/softwareandservices/authenticate/Registration?caller=PAC
#############################################################
You should be transferred to Software and services online page. By the way, if PA page after login (or even before) does not work and strange error appears - close all tabs in your browser, open about:blank page, clear the whole browser's cache, close the browser itself, open it again and once more login to PA. I assure you that this short and simple procedure will solve about 95% of all problems with accessing Passport Advantage site. On the Navigation help tab click Purchase & renewal link. Purchase & renewal page should open.
#Click on Product catalogs link.
#Product catalogs page should open.
#Click on Passport Advantage Popular Offering Catalog link.
#Catalog search page should open. Ignore Product categories* and License types lists. Scroll down to Product description* field where type 'license metric tool' and click arrow next to the field.
Search results page should open with the following row in the table: Select: Establishment Part number: D561HLL
Description: IBM License Metric Tool Per Establishment License + SW Subscription & Support 12 Months Item price: 0.00 Check Establishment option and click Add to cart button. Shopping cart page should open with the following row in the table: Quantity: 1 Establishment Description: IBM License Metric Tool Per Establishment License + SW Subscription & Support 12 Months (D561HLL) Item price: 0.00 Line total (USD): 0.00 Click Check out button. Checkout - Billing and shipping page should open. Make sure all the data is appropriate, accept the terms by choosing I agree radio button and click Continue button. Review and submit order page should open.
Once again double check all the data and click Submit button. Order confirmation page should open. Just confirm and this ends your shopping. Order status page should open with Order date and Order reference number columns filled in with data and Actions and documents column (empty). Within couple of hours you should receive a mail from ibmpa@us.ibm.com with title 'Thank you for your IBM order' and appropriate information, e.g.: Thank you for purchasing IBM® software; your order reference number is 12345678.
Click the "Your options" button to download your software, review your Technical Support Welcome Letter, and request CDs & DVDs. There should be also a link: Find your options concerning your new IBM software on your Order status page. that will drive you to Order status page again (by the way, you can travel there from left-hand side menu of PA site: Shopping cart > Order status), but this time Actions and documents column will have 3 links: Download now Documents: Technical Support Welcome Letter, and Proof of Entitlement Request media (CD-ROMs & DVDs)
Click on Download now link. You may also go to main page - Software and services online using breadcrumbs on the top of the page and click Software download & media access link or click this link directly from left-hand side menu. Software download & media access page should open.
Download all the forms, read them and keep them safe: 1. IBM International Passport Advantage Express Agreement (One PDF) 2. IBM International Program License Agreement (Four base license agreements) - International Program License Agreement (IPLA) - applies to warranted IBM programs - International License Agreement for Non-Warranted Programs (ILAN) - International License Agreement for Evaluation of Programs (ILAE) - International License Agreement for Early Release of Programs (ILAR) 3. License Information documents (ILMT 9.0 available after providing ILMT program number to the form: 5724-T40) Choose I agree radio button and click Continue button. Find downloads & media page should open or Download: Step 1 of 2 - depends on the link you use to come here. It doesn't really matter, the content is similar. What you should do is ot click 'Continue' button.
On the new page you will see 'IBM License Metric Tool V9.0.0 Multiplatform Multilingual eAssembly(CRQG7ML)' package (Size: 4 files (3427mb), Date posted: 14-Mar-2014). Click + sign next to it to expand its content. IBM License Metric Tool V9.0.0 Quick Start Multiplatform Multilingual(CIV4SML) - View details Size: 1mb, Date posted: 14-Mar-2014 IBM Endpoint Manager Platform Install V9.1.0 Multiplatform Multilingual(CITM5ML) - View details Size: 650mb, Date posted: 14-Mar-2014 IBM Endpoint Manager Platform Install V9.1.0 for Linux and DB2 Multilingual(CITM6ML) - View details Size: 1454mb, Date posted: 14-Mar-2014 IBM DB2 Workgroup Server Edition - Restricted Use V10.5 for Linux on AMD64 and Intel EM64T systems (x64) Multilingual(CIKF2ML) - View details Size: 1322mb, Date posted: 14-Jun-2013 Choose first three packages, choose I agree radio button and click Download now button. Choose where the files should be written on your local disk and confirm the downloading.
Within several minutes you should have the packages locally: ILMT_V900_QS.zip IEM_Pltfrm_Install_V91_Lnx_DB2.tgz IEM_Pltfrm_Install_V91.zip With such content: lmt_qsg_de.pdf lmt_qsg_en.pdf lmt_qsg_es.pdf lmt_qsg_fr.pdf lmt_qsg_jp.pdf lmt_qsg_kor.pdf lmt_qsg_pt_BR.pdf lmt_qsg_zh_CN.pdf lmt_qsg_zh_TW.pdf ServerInstaller_9.1.1065.0-rhe6.x86_64 v10.5fp2_linuxx64_server_r ServerInstaller_9.1.1065.0-rhe6.x86_64 setup.exe agents What means that in the first package you have a set of PDF documents.
In second package you have DB2 v10.5 Fix Pack 2 for Linux on x86 64bit architecture as well as IEM installer for Red Hat Enterprise Linux v6 on x86 64bit architecture.
In third package you have again IEM installer for Red Hat Enterprise Linux v6 on x86 64bit architecture together with IEM installer for Windows and IEM clients binaries.
########### How to use the packages to install ILMT 9.0, I will show in the coming posts############
Today I'm going to present in several steps how to order and download IBM License Metric Tool 9.0 from IBM Passport Advantage site. Login to Passport Advantage site. Provide IBM ID and Password, and click Sign in.
https://www-304.ibm.com/software/howtobuy/softwareandservices/authenticate/Registration?caller=PAC
#############################################################
You should be transferred to Software and services online page. By the way, if PA page after login (or even before) does not work and strange error appears - close all tabs in your browser, open about:blank page, clear the whole browser's cache, close the browser itself, open it again and once more login to PA. I assure you that this short and simple procedure will solve about 95% of all problems with accessing Passport Advantage site. On the Navigation help tab click Purchase & renewal link. Purchase & renewal page should open.
#Click on Product catalogs link.
#Product catalogs page should open.
#Click on Passport Advantage Popular Offering Catalog link.
#Catalog search page should open. Ignore Product categories* and License types lists. Scroll down to Product description* field where type 'license metric tool' and click arrow next to the field.
Search results page should open with the following row in the table: Select: Establishment Part number: D561HLL
Description: IBM License Metric Tool Per Establishment License + SW Subscription & Support 12 Months Item price: 0.00 Check Establishment option and click Add to cart button. Shopping cart page should open with the following row in the table: Quantity: 1 Establishment Description: IBM License Metric Tool Per Establishment License + SW Subscription & Support 12 Months (D561HLL) Item price: 0.00 Line total (USD): 0.00 Click Check out button. Checkout - Billing and shipping page should open. Make sure all the data is appropriate, accept the terms by choosing I agree radio button and click Continue button. Review and submit order page should open.
Once again double check all the data and click Submit button. Order confirmation page should open. Just confirm and this ends your shopping. Order status page should open with Order date and Order reference number columns filled in with data and Actions and documents column (empty). Within couple of hours you should receive a mail from ibmpa@us.ibm.com with title 'Thank you for your IBM order' and appropriate information, e.g.: Thank you for purchasing IBM® software; your order reference number is 12345678.
Click the "Your options" button to download your software, review your Technical Support Welcome Letter, and request CDs & DVDs. There should be also a link: Find your options concerning your new IBM software on your Order status page. that will drive you to Order status page again (by the way, you can travel there from left-hand side menu of PA site: Shopping cart > Order status), but this time Actions and documents column will have 3 links: Download now Documents: Technical Support Welcome Letter, and Proof of Entitlement Request media (CD-ROMs & DVDs)
Click on Download now link. You may also go to main page - Software and services online using breadcrumbs on the top of the page and click Software download & media access link or click this link directly from left-hand side menu. Software download & media access page should open.
Download all the forms, read them and keep them safe: 1. IBM International Passport Advantage Express Agreement (One PDF) 2. IBM International Program License Agreement (Four base license agreements) - International Program License Agreement (IPLA) - applies to warranted IBM programs - International License Agreement for Non-Warranted Programs (ILAN) - International License Agreement for Evaluation of Programs (ILAE) - International License Agreement for Early Release of Programs (ILAR) 3. License Information documents (ILMT 9.0 available after providing ILMT program number to the form: 5724-T40) Choose I agree radio button and click Continue button. Find downloads & media page should open or Download: Step 1 of 2 - depends on the link you use to come here. It doesn't really matter, the content is similar. What you should do is ot click 'Continue' button.
On the new page you will see 'IBM License Metric Tool V9.0.0 Multiplatform Multilingual eAssembly(CRQG7ML)' package (Size: 4 files (3427mb), Date posted: 14-Mar-2014). Click + sign next to it to expand its content. IBM License Metric Tool V9.0.0 Quick Start Multiplatform Multilingual(CIV4SML) - View details Size: 1mb, Date posted: 14-Mar-2014 IBM Endpoint Manager Platform Install V9.1.0 Multiplatform Multilingual(CITM5ML) - View details Size: 650mb, Date posted: 14-Mar-2014 IBM Endpoint Manager Platform Install V9.1.0 for Linux and DB2 Multilingual(CITM6ML) - View details Size: 1454mb, Date posted: 14-Mar-2014 IBM DB2 Workgroup Server Edition - Restricted Use V10.5 for Linux on AMD64 and Intel EM64T systems (x64) Multilingual(CIKF2ML) - View details Size: 1322mb, Date posted: 14-Jun-2013 Choose first three packages, choose I agree radio button and click Download now button. Choose where the files should be written on your local disk and confirm the downloading.
Within several minutes you should have the packages locally: ILMT_V900_QS.zip IEM_Pltfrm_Install_V91_Lnx_DB2.tgz IEM_Pltfrm_Install_V91.zip With such content: lmt_qsg_de.pdf lmt_qsg_en.pdf lmt_qsg_es.pdf lmt_qsg_fr.pdf lmt_qsg_jp.pdf lmt_qsg_kor.pdf lmt_qsg_pt_BR.pdf lmt_qsg_zh_CN.pdf lmt_qsg_zh_TW.pdf ServerInstaller_9.1.1065.0-rhe6.x86_64 v10.5fp2_linuxx64_server_r ServerInstaller_9.1.1065.0-rhe6.x86_64 setup.exe agents What means that in the first package you have a set of PDF documents.
In second package you have DB2 v10.5 Fix Pack 2 for Linux on x86 64bit architecture as well as IEM installer for Red Hat Enterprise Linux v6 on x86 64bit architecture.
In third package you have again IEM installer for Red Hat Enterprise Linux v6 on x86 64bit architecture together with IEM installer for Windows and IEM clients binaries.
########### How to use the packages to install ILMT 9.0, I will show in the coming posts############
Monday, March 31, 2014
Configure HADR on 10.5
For steps to setup HADR in v10.5:
1. Take online or offline database backup from v10.5 primary server
2. Restore online or offline database onto the v10.5 standby server
3. Update db cfg related to the HADR config parameters
4. Start hadr on standby
5. start hadr on primary
The exact detail steps for configuring HADR on v10.5 is documented here:
http://pic.dhe.ibm.com/infocenter/db2luw/v10r5/topic/com.ibm.db2.luw.admin.ha.doc/doc/t0011725.html
DB2 : For steps to migrate from v9.7 server to v10.5 server using Backup and restore commands
1. Take offline backup all of the databases on v9.7(Offline back is must)
v9.7 backup database command:
http://publib.boulder.ibm.com/infocenter/db2luw/v9r7/topic/com.ibm.db2.luw.admin.cmd.doc/doc/r0001933.html
2. Restore the v9.7 offline backup of the databases to the DB2 v10.5 primary server
The below link has all the detail steps for upgrading pre v10.5 databases to v10.5 including the restore command.
Please reference to the below link:
http://pic.dhe.ibm.com/infocenter/db2luw/v10r5/topic/com.ibm.db2.luw.qb.upgrade.doc/doc/t0011368.html
DB2 issues on restore with rollforward
recently had a few problem trying to restore a DB2 online compressed backup from one AIX machine to another.
I thought it would have been a simple process as saying
Shell
db2 restore db MYDB from /home/user/backup
1 db2 restore db MYDB from /home/user/backup
which worked fine, Untill i tried to connect to the database. That is when i got the error
[code]
db2 => connect to MYDB
SQL1117N A connection to or activation of database "AM2" cannot be made
because of ROLL-FORWARD PENDING. SQLSTATE=57019
[/code]
So i tried searching for a solution and tried everything i could.
[code]
db2 => rollforward db MYDB to end of logs and stop
SQL4970N Roll-forward recovery on database "MYDB" cannot reach the specifiedstop point (end-of-log or point-in-time) because of missing or corrupted log
file(s) on database partition(s) "0". Roll-forward recovery processing has
halted on log file "S0001797.LOG".
db2 => rollforward db MYDB complete
SQL1276N Database "MYDB" cannot be brought out of rollforward pending state
until roll-forward has passed a point in time greater than or equal to
"2009-09-25-06.39.04.000000 UTC", because node "0" contains information later
than the specified time.
db2 => rollforward db MYDB to 2009-09-25-06.39.04.000000 and stop
SQL1274N The database "MYDB" requires roll-forward recovery and the
point-in-time must be to the end of logs.
db2 => rollforward db MYDB query status
Rollforward Status
Input database alias = MYDB
Number of nodes have returned status = 1
Node number = 0
Rollforward status = DB working
Next log file to be read = S0001797.LOG
Log files processed = S0001795.LOG - S0001796.LOG
Last committed transaction = 2009-09-25-06.39.04.000000 UTC
[/code]
To cut it short this is what i did to fix it.
[code]
db2 => restore db MYDB from /home/db2inst1/OSOL logtarget /tmp
DB20000I The RESTORE DATABASE command completed successfully.
db2 => rollforward db MYDB to end of logs and stop overflow log path (/tmp) noretrieve
Rollforward Status
Input database alias = MYDB
Number of nodes have returned status = 1
Node number = 0
Rollforward status = not pending
Next log file to be read =
Log files processed = S0001795.LOG - S0001799.LOG
Last committed transaction = 2009-09-25-06.39.04.000000 UTC
DB20000I The ROLLFORWARD command completed successfully.
db2 => connect to MYDB
Database Connection Information
Database server = DB2/AIX64 9.1.4
SQL authorization ID = DB2INST1
Local database alias = MYDB
Subscribe to:
Posts (Atom)