Front cover Large-Scale Implementation of IBM Tivoli Composite Application Manager for WebSphere and Response Time Tracking Planning for performance of management infrastructure Implementing with multiple servers Performing mass update of agents Budi Darmawan Aleem Subhedar Celena Tan Howard Anglin Huang Chuan Rohit Dhall ibm.com/redbooks Redpaper International Technical Support Organization Large-Scale Implementation of IBM Tivoli Composite Application Manager for WebSphere and Response Time Tracking December 2007 Note: Before using this information and the product it supports, read the information in “Notices” on page vii. Second Edition (December 2007) This edition applies to Version V6.0 of ITCAM for Response Time Tracking (product number 5698-A75) and Version 6.0 of ITCAM for WebSphere (product number 5698-A71). © Copyright International Business Machines Corporation 2006, 2007. All rights reserved. Note to U.S. Government Users Restricted Rights -- Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp. Contents Notices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vii Trademarks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . viii Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ix The team that wrote this Redpaper . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ix Become a published author . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi Comments welcome. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi Chapter 1. Overview of IBM Tivoli Composite Application Manager implementation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 1.1 Application management with IBM Tivoli. . . . . . . . . . . . . . . . . . . . . . . . . . . 2 1.1.1 IBM Tivoli systems management portfolio . . . . . . . . . . . . . . . . . . . . . 3 1.1.2 IBM Tivoli Composite Application Manager solution . . . . . . . . . . . . . . 5 1.2 Scope of and concerns relating to large-scale implementation . . . . . . . . . . 6 1.2.1 Defining large-scale implementation . . . . . . . . . . . . . . . . . . . . . . . . . . 6 1.2.2 Concerns and considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 1.3 Overview of IBM Tivoli Composite Application Manager. . . . . . . . . . . . . . . 8 1.3.1 Understanding ITCAM for WebSphere . . . . . . . . . . . . . . . . . . . . . . . . 8 1.3.2 Understanding IBM Tivoli Composite Application Manager for Response Time Tracking. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 1.4 Document organization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 Chapter 2. Planning for ITCAM for WebSphere . . . . . . . . . . . . . . . . . . . . . 17 2.1 Planning considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18 2.2 Product architecture of ITCAM for WebSphere . . . . . . . . . . . . . . . . . . . . . 18 2.3 Deciding on the size of the servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 2.3.1 Sizing parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 2.3.2 Sizing estimation for ITCAM for WebSphere managing server. . . . . 22 2.3.3 Data collector overhead . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 2.4 Implementation options for ITCAM for WebSphere. . . . . . . . . . . . . . . . . . 25 2.4.1 Designing the managing server . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 2.4.2 Deploying a large number of data collectors . . . . . . . . . . . . . . . . . . . 28 2.5 Communication and security considerations . . . . . . . . . . . . . . . . . . . . . . . 29 2.5.1 Communication security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29 2.5.2 Firewall and port consideration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30 2.6 Reliability and high availability. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32 2.6.1 Failover and fault tolerance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32 2.6.2 Disaster recovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32 © Copyright IBM Corp. 2006, 2007. All rights reserved. iii Chapter 3. Installing ITCAM for WebSphere . . . . . . . . . . . . . . . . . . . . . . . . 33 3.1 Installing ITCAM for WebSphere managing server . . . . . . . . . . . . . . . . . . 34 3.1.1 Installation configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34 3.1.2 Database installation and configuration . . . . . . . . . . . . . . . . . . . . . . 35 3.1.3 WebSphere Application Server considerations . . . . . . . . . . . . . . . . . 41 3.1.4 Configuring the split server of the managing server . . . . . . . . . . . . . 42 3.1.5 Installation and setup of split server . . . . . . . . . . . . . . . . . . . . . . . . . 43 3.1.6 Verifying the installed components in a split environment . . . . . . . . 47 3.1.7 Adding additional publish servers and archive agents . . . . . . . . . . . 48 3.2 Deploying data collectors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50 3.2.1 Setting up the silent installation process . . . . . . . . . . . . . . . . . . . . . . 50 3.2.2 Installing the data collector . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53 3.2.3 Installing and configuring the data collector together . . . . . . . . . . . . 54 3.2.4 Configuring data collectors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56 3.2.5 Automatically discovering the installation parameters . . . . . . . . . . . 61 3.3 Configuring and setting up SSL communication . . . . . . . . . . . . . . . . . . . . 64 3.3.1 Managing server Secure Socket Layer setup . . . . . . . . . . . . . . . . . . 64 3.3.2 Data collector Secure Socket Layer setup . . . . . . . . . . . . . . . . . . . . 65 3.3.3 Working with custom certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67 Chapter 4. Maintenance of ITCAM for WebSphere . . . . . . . . . . . . . . . . . . . 75 4.1 Operating ITCAM for WebSphere . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76 4.2 Performance and availability of the managing server . . . . . . . . . . . . . . . . 76 4.2.1 Performance of the WebSphere Application Server . . . . . . . . . . . . . 76 4.2.2 Database maintenance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77 4.2.3 Data trimming . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78 4.3 Backup and recovery configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83 4.3.1 ITCAM for WebSphere backup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83 4.3.2 WebSphere configuration backup . . . . . . . . . . . . . . . . . . . . . . . . . . . 83 4.3.3 Database backup and restore . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84 4.4 Log files and configuration files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85 4.4.1 Managing log files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85 4.4.2 Managing the configuration files . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86 4.5 Performing product maintenance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87 4.5.1 Getting software updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87 4.5.2 Updating ITCAM for WebSphere managing server. . . . . . . . . . . . . . 87 4.5.3 Updating ITCAM for WebSphere data collectors . . . . . . . . . . . . . . . 90 Chapter 5. Planning for ITCAM for Response Time Tracking . . . . . . . . . . 93 5.1 Planning considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94 5.2 Product architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94 5.3 Sizing the servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96 5.3.1 Sizing parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96 iv Large-Scale Implementation of IBM Tivoli Composite Application Manager for WebSphere and Response Time Tracking 5.3.2 Sizing estimation for ITCAM for Response Time Tracking . . . . . . . . 97 5.4 Deployment of ITCAM for Response Time Tracking . . . . . . . . . . . . . . . . . 98 5.4.1 Designing the management server . . . . . . . . . . . . . . . . . . . . . . . . . . 98 5.4.2 Deploying the management agent . . . . . . . . . . . . . . . . . . . . . . . . . . 99 5.5 Communication and security considerations . . . . . . . . . . . . . . . . . . . . . . 100 5.5.1 Communication security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100 5.5.2 Firewall and port considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . 101 5.6 Reliability and high availability. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102 5.6.1 Failover and fault tolerance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102 5.6.2 Disaster recovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102 Chapter 6. Installing ITCAM for Response Time Tracking. . . . . . . . . . . . 105 6.1 Clustering the management server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106 6.1.1 Preparing the operating system . . . . . . . . . . . . . . . . . . . . . . . . . . . 106 6.1.2 Installing the database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107 6.1.3 Installing WebSphere Application Server . . . . . . . . . . . . . . . . . . . . 109 6.1.4 Installing WebSphere Load Balancer . . . . . . . . . . . . . . . . . . . . . . . 118 6.1.5 Installing the management server . . . . . . . . . . . . . . . . . . . . . . . . . . 124 6.1.6 Checking the configuration of the RTT cluster application . . . . . . . 128 6.2 Deploying the management resources . . . . . . . . . . . . . . . . . . . . . . . . . . 129 6.2.1 Silent installation of the management agent . . . . . . . . . . . . . . . . . . 129 6.2.2 Command-line interface for management components . . . . . . . . . 130 6.2.3 Defining management resources . . . . . . . . . . . . . . . . . . . . . . . . . . 131 6.3 Setting up Secure Sockets Layer certificates . . . . . . . . . . . . . . . . . . . . . 133 6.3.1 Secure Sockets Layer for ITCAM for Response Time Tracking . . . 133 6.3.2 Working with custom certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . 134 Chapter 7. Maintenance of ITCAM for Response Time Tracking . . . . . . 137 7.1 Operational issues pertaining to a large environment . . . . . . . . . . . . . . . 138 7.2 Performance and availability of management server . . . . . . . . . . . . . . . 138 7.2.1 Performance of WebSphere Application Server . . . . . . . . . . . . . . . 138 7.2.2 Database maintenance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139 7.3 ITCAM for Response Time Tracking files . . . . . . . . . . . . . . . . . . . . . . . . 140 7.3.1 Backup and recovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140 7.3.2 Managing the log files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141 7.4 Performing product maintenance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142 7.4.1 Getting software updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142 7.4.2 Updating ITCAM for Response Time Tracking management server142 7.4.3 Updating ITCAM for Response Time Tracking management agents143 Abbreviations and acronyms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145 Related publications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147 IBM Redbooks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147 Contents v Other publications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147 Online resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148 How to get IBM Redbooks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149 Help from IBM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149 Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151 vi Large-Scale Implementation of IBM Tivoli Composite Application Manager for WebSphere and Response Time Tracking Notices This information was developed for products and services offered in the U.S.A. IBM may not offer the products, services, or features discussed in this document in other countries. Consult your local IBM representative for information on the products and services currently available in your area. Any reference to an IBM product, program, or service is not intended to state or imply that only that IBM product, program, or service may be used. Any functionally equivalent product, program, or service that does not infringe any IBM intellectual property right may be used instead. However, it is the user's responsibility to evaluate and verify the operation of any non-IBM product, program, or service. IBM may have patents or pending patent applications covering subject matter described in this document. The furnishing of this document does not give you any license to these patents. You can send license inquiries, in writing, to: IBM Director of Licensing, IBM Corporation, North Castle Drive Armonk, NY 10504-1785 U.S.A. The following paragraph does not apply to the United Kingdom or any other country where such provisions are inconsistent with local law: INTERNATIONAL BUSINESS MACHINES CORPORATION PROVIDES THIS PUBLICATION "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Some states do not allow disclaimer of express or implied warranties in certain transactions, therefore, this statement may not apply to you. This information could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein; these changes will be incorporated in new editions of the publication. IBM may make improvements and/or changes in the product(s) and/or the program(s) described in this publication at any time without notice. Any references in this information to non-IBM Web sites are provided for convenience only and do not in any manner serve as an endorsement of those Web sites. The materials at those Web sites are not part of the materials for this IBM product and use of those Web sites is at your own risk. IBM may use or distribute any of the information you supply in any way it believes appropriate without incurring any obligation to you. Information concerning non-IBM products was obtained from the suppliers of those products, their published announcements or other publicly available sources. IBM has not tested those products and cannot confirm the accuracy of performance, compatibility or any other claims related to non-IBM products. Questions on the capabilities of non-IBM products should be addressed to the suppliers of those products. This information contains examples of data and reports used in daily business operations. To illustrate them as completely as possible, the examples include the names of individuals, companies, brands, and products. All of these names are fictitious and any similarity to the names and addresses used by an actual business enterprise is entirely coincidental. COPYRIGHT LICENSE: This information contains sample application programs in source language, which illustrates programming techniques on various operating platforms. You may copy, modify, and distribute these sample programs in any form without payment to IBM, for the purposes of developing, using, marketing or distributing application programs conforming to the application programming interface for the operating platform for which the sample programs are written. These examples have not been thoroughly tested under all conditions. IBM, therefore, cannot guarantee or imply reliability, serviceability, or function of these programs. You may copy, modify, and distribute these sample programs in any form without payment to IBM for the purposes of developing, using, marketing, or distributing application programs conforming to IBM application programming interfaces. © Copyright IBM Corp. 2006, 2007. All rights reserved. vii Trademarks The following terms are trademarks of the International Business Machines Corporation in the United States, other countries, or both: Redbooks (logo) ® pSeries® z/OS® AIX® CICS® Database 2™ DB2 Universal Database™ DB2® ETE™ ETEWatch® IBM® IMS™ Lotus Notes® Lotus® Monitoring On Demand® MVS™ Notes® Operating System/400® OMEGAMON® OS/400® Rational® Redbooks® Tivoli® WebSphere® Workplace™ The following terms are trademarks of other companies: Oracle, JD Edwards, PeopleSoft, Siebel, and TopLink are registered trademarks of Oracle Corporation and/or its affiliates. Snapshot, and the Network Appliance logo are trademarks or registered trademarks of Network Appliance, Inc. in the U.S. and other countries. ITIL is a registered trademark, and a registered community trademark of the Office of Government Commerce, and is registered in the U.S. Patent and Trademark Office. Enterprise JavaBeans, EJB, Java, JavaBeans, JDBC, JMX, JNI, JRE, JVM, J2EE, Solaris, and all Java-based trademarks are trademarks of Sun Microsystems, Inc. in the United States, other countries, or both. Microsoft, Outlook, Windows, and the Windows logo are trademarks of Microsoft Corporation in the United States, other countries, or both. UNIX is a registered trademark of The Open Group in the United States and other countries. Linux is a trademark of Linus Torvalds in the United States, other countries, or both. Other company, product, or service names may be trademarks or service marks of others. viii Large-Scale Implementation of IBM Tivoli Composite Application Manager for WebSphere and Response Time Tracking Preface This IBM® Redpaper discusses large-scale implementation of IBM Tivoli® Composite Application Manager for WebSphere® and IBM Tivoli Composite Application Manager for Response Time Tracking. Large-scale implementation is typically characterized by the number of monitoring agents deployed and the number of transactions load-managed. A typical large-scale implementation of a monitoring product contains the following challenges: Keeping up the performance of the monitoring tools to accommodate the processing load from the agents. Automation of installation, update, and maintenance of monitoring agents based on silent installation and automated update. Specific day-to-day maintenance actions to ensure performance and availability of the monitoring solution. This IBM Redpaper addresses these issues with regard to the implementation of ITCAM for WebSphere and ITCAM for Response Time Tracking on distributed platforms. The discussion is divided into planning issues, implementation guides, and maintenance considerations. The team that wrote this Redpaper This Redpaper was produced by a team of specialists from around the world working at the IBM International Technical Support Organization (ITSO), Austin Center. Budi Darmawan is a Consulting IT Specialist at the IBM ITSO, Austin Center. He writes extensively and teaches IBM classes worldwide on all areas of Tivoli systems management products. Before joining the ITSO in 1999, Budi worked as Solution Architect and Implementer in Integrated Technical Services, IBM Indonesia. His current interests include availability management, z/OS® systems management, and Java™ programming. Aleem Subhedar is a Staff Software Engineer with India Software Labs in Pune, India. He has seven years of experience in AIX® and Middleware System Administration. He holds a degree in Chemistry from Pune University. His areas of expertise include AIX, pSeries®, and related system technologies. He is an IBM Certified System Expert. His areas of interest include pSeries virtualization and high availability. © Copyright IBM Corp. 2006, 2007. All rights reserved. ix Celena Tan is a Managing Consultant with IBM Software Group Services in Australia. She has 14 years of experience in the IT field. She holds a Masters of Technology from National University of Singapore and a Bachelor of Electrical Engineering (Hons) from the University of Tasmania. Her areas of expertise include ITCAM family products and rational testing, and change and configuration management products. Howard Anglin is a Deployment Expert for ITCAM for WebSphere, Response Time Tracking, IBM Tivoli Monitoring in the United States. He has worked with various large customers, and in his role as an IT Specialist he has resolved deployment, integration, and performance issues. He has nine years of experience in the software test and development field with emphasis on the WebSphere Application Server. He holds a Bachelor of Science in Electrical Engineering from Manhattan College, Riverdale, New York. Howard began his career at IBM in the pSeries Hardware Group as a Test Engineer developing automation solutions for the production line. He then transferred to the software group. Huang Chuan is a Senior Test Lead of IBM China CSDL lab. He has five years of experience in software developing and over six years of experience in software product testing. He has led the ITCAM for Response Time Tracking test project for several releases. He holds a degree in Computer Science from the University of Electronic Science and Technology of China. Rohit Dhall is an IT Architect with GBS, IBM India. He has 10 years of IT experience in technologies like client-server computing, Web-based transactional systems, data warehousing, and data mining. His major expertise is in designing, implementing, and tuning large-scale Internet banking, eMortgage, and anti-money laundering solutions for the banking and financial sector. He is EXIN ITIL® certified and also holds certification in Java and EJB™ from Brainbench. His current interests include SOA and IBM Virtualization offerings. Thanks to the following people for their contributions to this project: Donna Martin, Noel Lewis, Tony Williams, Marco De Gregorio, Sushanto Pandit IBM Software Group, Tivoli Software John Horton Author of the first edition of Large-Scale Implementation of IBM Tivoli Composite Application Manager for WebSphere and Response Time TrackingLarge-Scale Implementation of IBM Tivoli Composite Application Manager, REDP-4162 Julie Czubik International Technical Support Organization, Poughkeepsie Center x Large-Scale Implementation of IBM Tivoli Composite Application Manager for WebSphere and Response Time Tracking Become a published author Join us for a two-week to six-week residency program! Help write an IBM Redbook dealing with specific products or solutions, while getting hands-on experience with leading-edge technologies. You will team with IBM technical professionals, Business Partners, or customers. Your efforts will help increase product acceptance and customer satisfaction. As a bonus, you will develop a network of contacts in IBM development labs, and increase your productivity and marketability. Find out more about the residency program, browse the residency index, and apply online at: ibm.com/redbooks/residencies.html Comments welcome Your comments are important to us! We want our papers to be as helpful as possible. Send us your comments about this Redpaper or other Redbooks® in one of the following ways: Use the online Contact us review book form found at: ibm.com/redbooks Send your comments in an e-mail to: redbook@us.ibm.com Mail your comments to: IBM Corporation, International Technical Support Organization Dept. HYTD Mail Station P099 2455 South Road Poughkeepsie, NY 12601-5400 Preface xi xii Large-Scale Implementation of IBM Tivoli Composite Application Manager for WebSphere and Response Time Tracking 1 Chapter 1. Overview of IBM Tivoli Composite Application Manager implementation This chapter provides an overview of the large-scale implementation issues for IBM Tivoli Composite Application Manager. This chapter covers the following topics: 1.1, “Application management with IBM Tivoli” on page 2 1.2, “Scope of and concerns relating to large-scale implementation” on page 6 1.3, “Overview of IBM Tivoli Composite Application Manager” on page 8 1.4, “Document organization” on page 15 © Copyright IBM Corp. 2006, 2007. All rights reserved. 1 1.1 Application management with IBM Tivoli Computer-based applications are the lifeblood of modern enterprises. Most business processes are driven by the so-called computer application that promotes productivity, automates processing, and minimizes human errors. These applications enable business persons to focus on what must be done, instead of how to do it. However, as business processes rely more on these applications, the applications become critical to the business. The applications must be available for the execution of the business processes. Most applications evolved from centralized applications typically managed by the information technology (IT) department or mainframe-based applications, where all the application layers are maintained from the central mainframe. Today, applications tend to have multiple layers, often distributed across different servers, different platforms, and different components. These applications are called composite applications. This complicates the management of applications on matters such as operational settings, problem determination, and performance management. Applications as a business-critical entity must be available with adequate response time for users to perform their tasks. With application components spread throughout the enterprise, problem determination and performance management are typically complicated. There is no clear path for finding which component faces the problem. Is it the database? A network problem? The application server experiencing a bottleneck? A user machine stall? Sometimes, these components even belong to different organizations. Figure 1-1 shows a typical composite application. This is used by multiple users through the Internet and intranet. It consists of multiple application layers, each with its own abstraction level. Some of the applications have the original back end in the mainframe transactions. Figure 1-1 Composite application 2 Large-Scale Implementation of IBM Tivoli Composite Application Manager for WebSphere and Response Time Tracking Composite applications are regarded as the ultimate application management challenge, as they span different application servers that communicate with each other. This architecture enables modular application development, where changes in a layer may not affect other layers, but introduces the complexity of multiple components. This paper demonstrates how to implement the IBM Tivoli Composite Application Manager family of products in a large-scale environment. This chapter introduces IBM Tivoli product portfolio and how IBM Tivoli Composite Application Manager product fits. 1.1.1 IBM Tivoli systems management portfolio IBM Tivoli product solutions are aligned towards an overall IBM IT Service Management approach. Figure 1-2 shows the IBM IT Service Management portfolio structure. IT CRM & Business Management Service Delivery & Support Service Deployment Information Management Business Resilience IT Process Management Products Change and Configuration Management Database IT Service Management Platform IT Operational Management Products Best Practices Business Application Management Server, Network & Device Management Storage Management Security Management Figure 1-2 IBM IT Service Management This approach provides Information Technology Infrastructure Library-aligned automation work flows. Future offerings will provide an open standard-based and configuration management database-based solution, as well as a workflow engine. Chapter 1. Overview of IBM Tivoli Composite Application Manager implementation 3 The operational management pillar shown in Figure 1-2 on page 3 is divided into software families. The availability solution addressed in business application management and server, network, and device management can be viewed as an integrated offering, as shown in Figure 1-3. Business Service Management Orchestration and Provisioning Security Event Correlation and Automation Storage Composite Application Management Resource Monitoring Figure 1-3 IBM Tivoli software portfolio As shown in Figure 1-3, the Tivoli software portfolio is divided into the following components: Resource monitoring Measures and manages IT resource performance, including servers, databases, and middleware. Composite application management Monitors and manages an application and its components, and understands applications from the availability standpoint. Event correlation and automation Correlates and automates events or faults that are generated by resource monitoring, application monitoring, or both to provide a concise root-cause analysis of failure in the environment. Orchestration and provisioning Provides the ability to deploy or redeploy servers or components as requested on demand to fulfill processing requirements, if the necessity arises as indicated by the correlation engine. 4 Large-Scale Implementation of IBM Tivoli Composite Application Manager for WebSphere and Response Time Tracking Business service management Provides a high-level view of business status as reflected by its underlying monitoring components. The view is either in real time or based on a service-level agreement. 1.1.2 IBM Tivoli Composite Application Manager solution The IBM Tivoli Composite Application Manager family resides in the application management pillar of the Tivoli software portfolio. The current application management portfolio consists of the following products: ITCAM for Response Time Tracking V6.1 ITCAM for Response Time V6.2 IBM Tivoli Composite Application Manager for service-oriented architecture (SOA) V6.1 ITCAM for WebSphere V6.1 ITCAM for J2EE™ V6.1 ITCAM for Web Resources V6.2 ITCAM for CICS Transactions V6.1 ITCAM for IMS Transactions V6.1 IBM Tivoli OMEGAMON® XE for Messaging V6.0 Figure 1-4 shows the scope of composite application management. Response Time Tracking WebSphere performance Web Services calls CICS/IMS transaction WBI messaging Figure 1-4 Composite application management Chapter 1. Overview of IBM Tivoli Composite Application Manager implementation 5 Manage the overall composite application from the following sides: Get the user side of response time and availability with ITCAM for Response Time Tracking. Get IBM WebSphere middleware performance and analyze in-depth resource usage through ITCAM for WebSphere. Manage messaging from IBM WebSphere Business Integration MQ Series using IBM Tivoli OMEGAMON XE for IBM WebSphere Business Integration. For more details, refer to Implementing IBM Tivoli OMEGAMON XE for WebSphere Business Integration V1.1, SG24-6768. Manage message flow in an SOA environment and collect metrics for Web service calls using IBM Tivoli Composite Application Manager for service-oriented architecture (SOA). Provide the integration view with a mainframe-based, back-end application such as Information Management System (IMS™) or Customer Information Control System (CICS®) using ITCAM for IMS Transactions or ITCAM for CICS Transactions. 1.2 Scope of and concerns relating to large-scale implementation This paper discusses large-scale implementation of IBM Tivoli Composite Application Manager. It specifically provides information about the implementation of ITCAM for WebSphere and ITCAM for Response Time Tracking in large-scale environments. The discussion is about large-scale implementation in distributed and mainframe environments, and includes the following topics: 1.2.1, “Defining large-scale implementation” on page 6 1.2.2, “Concerns and considerations” on page 7 1.2.1 Defining large-scale implementation There are several indications relating to large-scale implementation. These indications are based on the following factors: The number of application servers to be monitored Each application server must have an agent installed to be monitored and managed. With the number of application servers ranging from hundreds to thousands, additional care must be taken to manage the deployment, maintenance, and processing of the managing server. 6 Large-Scale Implementation of IBM Tivoli Composite Application Manager for WebSphere and Response Time Tracking The transaction rates on application servers The transaction rates contribute to the overhead of the monitoring system. A balance of data collection and system health must be achieved. A large number of transactions potentially require larger management server processing. The number of network sites The number of network sites typically corresponds to the potential bottlenecks between the sites. The bottlenecks may be from production data, monitoring data, or a security requirement such as a firewall. The requirement for high availability or fail over This additional requirement, although not directly related to the scale, is typically a must for a large-scale implementation. The existence of multiple managed spaces that a site must handle Managed space is defined as a group of environments with a single management database and a set of management server processes. Different managed spaces are usually used to separate the production and development environments. They are also used to prepare and test the changes to the management environment. 1.2.2 Concerns and considerations Following is a list of concerns and considerations that are specific to a large-scale environment: Server size As this is a large-scale implementation, sizing the servers to manage the environments is critical. The placement, configuration, and specification of a single server or multiple servers must be predetermined in order to avoid bottlenecks in processing. This sizing must also take into consideration special processing requirements such as debugging and troubleshooting and data collection and recovery. Deploying agents The number of agents that must be deployed are enormous and prohibitive to being performed manually. Automated efforts must be included in the ability to deploy and implement the agents automatically with minimal manual intervention. This must cover initial deployment, fix pack implementation, and maintenance action. Chapter 1. Overview of IBM Tivoli Composite Application Manager implementation 7 Security This includes confidentiality support and firewall support. – Confidentiality support secures information transfer between the agents and the servers. – Firewall support allows the sites to be secured, with management action still flowing through in order to effectively manage the environment. Reliability Fail over and fault tolerance are critical to maintain while monitoring business-critical applications. The reliability factor must be promptly addressed and ensured. Maintenance Changes do happen, as with deployment. These changes must be applied to both the servers and the agents. Special consideration must be provided for a large-scale implementation with changes on both the servers and the agents. While server consideration applies to preserving, monitoring, and data collection with minimal downtime, agent consideration relates to automating the deployment process with minimal manual intervention and outage. This paper deals with and addresses these concerns for ITCAM for Response Time Tracking and ITCAM for WebSphere implementations. 1.3 Overview of IBM Tivoli Composite Application Manager This section explains the following topics: 1.3.1, “Understanding ITCAM for WebSphere” on page 8 1.3.2, “Understanding IBM Tivoli Composite Application Manager for Response Time Tracking” on page 11 1.3.1 Understanding ITCAM for WebSphere This section provides an overview of ITCAM for WebSphere. The discussion includes the following topics: “Features and functions” on page 9 “Components” on page 9 “Platforms supported” on page 10 8 Large-Scale Implementation of IBM Tivoli Composite Application Manager for WebSphere and Response Time Tracking For more information about ITCAM for WebSphere, visit the following Web site: http://www.ibm.com/software/tivoli/products/composite-application-mgrwebsphere/ Features and functions ITCAM for WebSphere helps increase the performance and availability of business-critical applications by providing facilities for real-time problem detection, analysis, and repair. Correlation spanning Java 2 Platform, Enterprise Edition (J2EE), Customer Information Control System, and Information Management System, and diagnostics at the method level pinpoint code problems to help resolve problems quickly and reduce support and operations costs. Today’s business processes often depend on a number of complex applications. Although most businesses have traditional monitoring tools to manage individual resources at a high level, many lack an integrated solution to automatically monitor, analyze, and resolve problems at the service, transaction, application, and resource levels. As a result, operations and development may take a long time to identify, isolate, and fix composite application problems. ITCAM for WebSphere is an application management tool that helps maintain the availability and performance of on demand applications. It helps you to quickly pinpoint, in real time, the source of bottlenecks in application code, server resources, and external system dependencies. This product also provides detailed reports that you can use to enhance the performance of your applications. ITCAM for WebSphere provides in-depth, WebSphere-based application performance analysis and a tracing facility. ITCAM for WebSphere enables multiple levels of analysis to get a complete view of the application, depending on the requirement. From production-level monitoring to detailed heap and method debugging, it digs into Structured Query Language (SQL) performance analysis without the need for database monitors. It provides SQL information and information about calls that were made through Java Database Connectivity (JDBC™). ITCAM for WebSphere provides a composite status correlation for transactions that use Customer Information Control System and Information Management System as the back end. Components ITCAM for WebSphere contains the following components: Managing server This acts as the central component that manages and administers the data collectors. It stores that data in a relational database repository. A Web-based Chapter 1. Overview of IBM Tivoli Composite Application Manager implementation 9 application is provided to show monitoring results. This interface is also called the visualization engine. Data collector This runs on the application server and collects performance information for the managing server. Tivoli Enterprise Monitoring Agent This collects information that shows the status of the WebSphere Application Server and sends it to the Tivoli Enterprise Monitoring Server for display on the Tivoli Enterprise Portal. The Tivoli Enterprise Monitoring Agent is installed on individual machines where data collectors reside. This component is moved to IBM Tivoli Composite Application Manager for Web Resources in Version 6.2. Platforms supported For a complete platform coverage list, refer to the following Web site: http://publib.boulder.ibm.com/tividd/td/ITCAMWAS/prereq60/en_US/HTML/itc am6.html Table 1-1 provides an overview of the platforms supported for ITCAM for WebSphere V6. Table 1-1 Platforms supported for ITCAM for WebSphere Component Software Managing server operating system IBM AIX V5.2 and V5.3 Solaris™ 8 and Solaris 9 (SPARC) Hewlett-Packard UNIX® (HP-UX) 11i 1 Windows® 200 Server or Advanced Server with Service Pack 4 (SP4) Windows 2003 Server Standard Edition/Enterprise Edition (SE/EE) Red Hat Enterprise Linux® (RHEL) 3.0 and 4.0 SUSE Linux Enterprise Server (SLES) 8 and 9 Managing server database IBM DB2® V8.1 Fix Pack 6 (FP6) or IBM DB2 V8.2 Oracle® 8i SE R3 8.1.7, Oracle 9i SE R2 9.2, Oracle 10g Managing server WebSphere WebSphere Application Server V5.1.x or WebSphere Application Server V6.x 10 Large-Scale Implementation of IBM Tivoli Composite Application Manager for WebSphere and Response Time Tracking Component Software Data collector platform Customer Information Control System V2.2, V2.3, and V3.1 Information Management System V7.1, V8.1, and V9.1 AIX V5.2 and V5.3 Solaris 8 and 9 SPARC HP-UX 11i 1 Windows 200 Server or Advanced Server with SP4 Windows 2003 Server SE/EE RHEL 3.0 and 4.0 SLES 8 and 9 Red Flag Advanced Server (RFAS) 4.0 and 4.1(xLinux) IBM Operating System/400® (OS/400®) V5.2 and V5.3 IBM z/OS V1.4, V1.5, or V1.6 1.3.2 Understanding IBM Tivoli Composite Application Manager for Response Time Tracking This section provides an overview of ITCAM for Response Time Tracking. It discusses the following topics: “Features and functions” on page 9 “Components” on page 12 “Platforms supported” on page 14 For more information about ITCAM for Response Time Tracking, visit the following Web site: http://www.ibm.com/software/tivoli/products/composite-application-mgr-rtt/ Features and functions ITCAM for Response Time Tracking proactively recognizes, isolates, and resolves transaction performance problems by using robotic and real-time techniques. It is an end-to-end transaction management solution that monitors user response time and helps you to visualize the transaction’s path through your application systems, including the response time contributions of each step. ITCAM for Response Time Tracking uses Application Response Measurement (ARM) technology to track the response time of a distributed application. Chapter 1. Overview of IBM Tivoli Composite Application Manager implementation 11 Today’s business processes often depend on composite applications that span Web servers, J2EE application servers, integration middleware, and mainframe systems. Although most businesses have traditional monitoring tools to manage individual resources, many lack an integrated solution to automatically monitor, analyze, and resolve user response time problems. As a result, it may take a long time to identify, isolate, and fix distributed transaction performance problems. ITCAM for Response Time Tracking enables you to follow the path of a user transaction end-to-end across your business infrastructure. You can drill down to each step the transaction takes as it travels across multiple systems, and measure how each component of a transaction contributes to the overall response time. The entire transaction analysis process is transparent to customers and application developers. It collects transaction performance through robot and browser simulation, in-depth J2EE server instrumentation, and feedback from Customer Information Control System and Information Management System. ITCAM for Response Time Tracking feeds the Tivoli Enterprise Monitoring Server to provide a comprehensive performance management solution on Tivoli Enterprise Portal. This enables the development of custom monitoring workspaces for managing enterprise applications. Components ITCAM for Response Time Tracking consists of the following components: Management server This acts as the central point of contact for ITCAM for Response Time Tracking. It consists of a WebSphere-based J2EE application that performs the management and administrative functions. The management server stores data in a central database repository. Store and Forward Agent This relays traffic to and from the management agents. Typically, the Store and Forward agent is used in a firewall environment. It consolidates the port requirements for the connectivity. Management agent This performs the monitoring function. Typically, it investigates the performance of the distributed application, depending on the management components deployed on it. The components that you can deploy are: – Generic Windows workstation This allows deployment of IBM Rational® Robot to measure transaction performance. 12 Large-Scale Implementation of IBM Tivoli Composite Application Manager for WebSphere and Response Time Tracking – Client Application Tracker This uses IBM ETEWatch® scripts to collect performance information. Default monitoring is available for measuring IBM Lotus® Notes® and Microsoft® Outlook® performance. – Synthetic Transaction Investigator (STI) This performs Web-based transactions and measures the resulting response time. – Quality of Service monitoring agent This collects information about user performance by acting as reverse proxy between the user and the Web server. – JavaTM 2 Platform, Enterprise Edition (J2EE) monitoring agent This instruments and collects performance information about J2EE-based application servers such as WebSphere or WebLogic. – Web Response Monitor component – Rational Performance Tester – Tomcat and JBoss monitoring component – Generic Application Response Measurement (ARM) agent This collects ARM events from a custom-instrumented application. Tivoli Enterprise Monitoring Agent for Tivoli Enterprise Monitoring Server This feeds data from the ITCAM for Response Time Tracking server to display on the Tivoli Enterprise Portal. Chapter 1. Overview of IBM Tivoli Composite Application Manager implementation 13 Platforms supported For a complete platform coverage list, visit the following Web site: http://publib.boulder.ibm.com/tividd/td/ITCAMRTT/prereq60/en_US/HTML/ Version60.html Table 1-2 provides an overview of the platforms supported for ITCAM for Response Time Tracking V6.0. Table 1-2 Platforms supported for ITCAM for Response Time Tracking Component Software level Management server operating system Microsoft Windows 2000 Server with SP4 Windows 2000 Advanced with SP4 Windows 2003 Server SE or EE IBM AIX V5.2 or V5.3 Solaris 9 or 10 HP-UX 11i 1 RHEL 3.0 or 4.0 SLES 8 or 9 Management server database Oracle 9i SE 9.2 IBM DB2 V8.1 ESE with FP3+ (required for WebSphere Application Server V5.1.x) IBM DB2 V8.1 ESE with FP6a+ (required for WebSphere Application Server V6.x) IBM DB2 V8.2 Management server WebSphere WebSphere Application Server V5.1.x or later versions WebSphere Application Server V6.0.1.x or later versions Management agent platform Windows 2000 Professional, Server or Advanced Server with SP4 Windows 2003 Server SE or EE Windows XP Professional with SP1 IBM AIX V5.2 or V5.3 Solaris 9 or 10 HP-UX 11i RHEL 3.0 or 4.0 SLES 8 or 9 RFAS 4.0 or 4.1 (xLinux) z/OS V1.4, V1.5, or V1.6 OS/400 V5.2 or V5.3 14 Large-Scale Implementation of IBM Tivoli Composite Application Manager for WebSphere and Response Time Tracking 1.4 Document organization This paper discusses the following topics: Before the implementation Chapter 2, “Planning for ITCAM for WebSphere” on page 17, and Chapter 5, “Planning for ITCAM for Response Time Tracking” on page 93, discuss the planning and sizing considerations. The implementation Chapter 3, “Installing ITCAM for WebSphere” on page 33, and Chapter 6, “Installing ITCAM for Response Time Tracking” on page 105, discuss additional steps that are required, such as reliability and automation considerations. After the implementation Chapter 4, “Maintenance of ITCAM for WebSphere” on page 75, and Chapter 7, “Maintenance of ITCAM for Response Time Tracking” on page 137, discuss maintenance considerations and operational concerns relating to a large-scale implementation. Chapter 1. Overview of IBM Tivoli Composite Application Manager implementation 15 16 Large-Scale Implementation of IBM Tivoli Composite Application Manager for WebSphere and Response Time Tracking 2 Chapter 2. Planning for ITCAM for WebSphere This chapter provides information about areas that must be considered during the planning phase of IBM Tivoli Composite Application Manager implementation in a large environment. This chapter discusses the following topics: 2.1, “Planning considerations” on page 18 2.2, “Product architecture of ITCAM for WebSphere” on page 18 2.3, “Deciding on the size of the servers” on page 21 2.4, “Implementation options for ITCAM for WebSphere” on page 25 2.5, “Communication and security considerations” on page 29 2.6, “Reliability and high availability” on page 32 © Copyright IBM Corp. 2006, 2007. All rights reserved. 17 2.1 Planning considerations This section discusses the following aspects pertaining to large-scale implementations (see also 1.2.2, “Concerns and considerations” on page 7): Understanding the product architecture This allows you to make the correct decisions. Section 2.2, “Product architecture of ITCAM for WebSphere” on page 18, describes the architecture for ITCAM for WebSphere. Sizing the servers This is important to correctly acquire adequate servers and choose a sound software configuration option. Section 2.3, “Deciding on the size of the servers” on page 21, describes one approach. Understanding the servers’ configuration options and agent deployment This is discussed for ITCAM for WebSphere in 2.4, “Implementation options for ITCAM for WebSphere” on page 25. Planning for communication security This is a mandatory step for an enterprise with business-critical and sensitive information in a transaction environment. Section 2.5, “Communication and security considerations” on page 29, discusses confidentiality and firewall requirements. Discussing reliability, failover, and disaster recovery issues These are the other mandatory aspects pertaining to a critical business process on a large enterprise. Section 2.6, “Reliability and high availability” on page 32 discusses this. 2.2 Product architecture of ITCAM for WebSphere This section discusses the product architecture of ITCAM for WebSphere. This understanding is critical to plan and decide about the server configuration and other implementation issues. See also IBM Tivoli Composite Application Manager V6.1 Family Installation, Configuration, and Basic Usage, SG24-7151. ITCAM for WebSphere V6.0 evolved from WebSphere Studio Application Monitor (WSAM) and IBM Tivoli OMEGAMON XE for WebSphere. ITCAM for WebSphere observes and reports on the health of Java 2 Platform, Enterprise Edition-based applications. It tracks the progress of applications as they traverse through Java 2 Platform, Enterprise Edition (J2EE) application servers, 18 Large-Scale Implementation of IBM Tivoli Composite Application Manager for WebSphere and Response Time Tracking middleware adapters and transports, and database calls, to back-end systems such as Customer Information Control System (CICS) or Information Management System (IMS) to extract business data or to invoke mainframe business processes. The tracking of applications produces request traces, where the events in a request’s life are recorded and stored in a monitoring repository database. ITCAM for WebSphere captures the CPU and the elapsed internal times when events are called and exited, measuring as far down as the CPU consumed and the elapsed internal times charged to individual methods in J2EE classes. The methods or events taking the most time are marked as an application’s parts that deserve attention for runtime improvement studies and code optimizations. ITCAM for WebSphere does not require modification of any J2EE or mainframe application code. Java Virtual Machine Tool Interface (JVMTI) interfaces and primitives, along with WebSphere Performance Management Interface (PMI) and z/OS System Measurement Facility (SMF) 120 records, are ITCAM for WebSphere’s principal data sources. The monitoring data is collected and analyzed to offer a wealth of information about the health of J2EE applications and their servers. Many system-level performance metrics are collected and reported about J2EE application servers. The status of the servers and their resources, particularly at vital checkpoints such as CPU utilization, memory usage, and the status of internal components such as database connection pools, Java Virtual Machine (JVM™) thread pools, Enterprise JavaBeans™ (EJB) usage, and request processing statistics, are very important in locating real-time problems with J2EE applications. ITCAM for WebSphere brings attention to these critical indicators with real-time, graphical displays of their values and their trends over a span of time. ITCAM for WebSphere is a distributed performance monitoring application for application servers. Its components are connected through IP network communication. The central component of ITCAM for WebSphere, the managing server, is its heart and brain. It collects and displays various performance information from application servers. The application servers run a component of ITCAM for WebSphere called data collector, which is a collecting agent that runs in the application server and sends monitoring information to the management server. These data collectors operate independently of each other. Chapter 2. Planning for ITCAM for WebSphere 19 Figure 2-1 shows the overall architecture of ITCAM for WebSphere. Browser interface ITCAM for WebSphere Managing Server I Web Server Application servers with ITCAM for WebSphere Data collectors Tivoli Enterprise Monitoring Server and Tivoli Enterprise Portal Server Figure 2-1 ITCAM for WebSphere architecture The application monitor comprises the following main parts: Managing server A managing server comprises several Java-based components that provide the environment to collect and present management data. Data collector agent A data collector agent runs on each monitored application server, whether J2EE, Customer Information Control System (CICS), or Information Management System (IMS), and communicates essential operational data to the managing server. Unique sampling algorithms maintain low CPU and network overhead, while providing application-specific performance information. 20 Large-Scale Implementation of IBM Tivoli Composite Application Manager for WebSphere and Response Time Tracking 2.3 Deciding on the size of the servers The scale of the implementation must decide the size of the servers to be used. Sizing determines the hardware configuration and implementation consideration of the servers. This section discusses the following topics: 2.3.1, “Sizing parameters” on page 21 2.3.2, “Sizing estimation for ITCAM for WebSphere managing server” on page 22 2.3.1 Sizing parameters The following parameters must be considered before deciding on the size of the servers: The number of data collectors for ITCAM for WebSphere This value assumes that the application servers run a similar load profile. If the application servers have several load profiles, consider them in different groups. The transaction rate for application servers The number of transactions executed for each minute, when multiplied with the number of data collectors or monitoring agents, gives the total amount of transaction information captured for a given period. The complexity of a transaction It is not easy to understand the complexity of a transaction. This requires a more subjective approach than transaction rate counting, which can be retrieved from the transaction data or the application log. The relative complexity of transactions is determined by the number of method calls per transaction. Typically, the number of methods a complex transaction invokes is around four to six times that of a simple transaction. There are some product-specific parameters that affect sizing considerations. These parameters are built to filter out unimportant or insignificant information from the data that is collected. These parameters are: – – – – – Data collection filter Sampling rate Monitoring level Listening policy mask Instrumentation level Chapter 2. Planning for ITCAM for WebSphere 21 2.3.2 Sizing estimation for ITCAM for WebSphere managing server Specific to ITCAM for WebSphere, consider the following parameters for sizing: Communication bandwidth Memory size Processing requirement Database size Important: Sizing estimation for ITCAM for WebSphere managing server must be estimated for a worst-case scenario, that is, in the state that level 3 monitoring is run for the highest number of data collectors concurrently. Communication bandwidth Several communication traffic flows exist between the managing server and the data collector. The communication traffic flows are: Initial communication with the kernel to collect configuration information This only happens in the initial connection when the data collector is started. This configuration information consists of sending the configuration and managing server Java archives. Management information to modify data collection level, sampling interval, or logging level from the kernel This happens by request or when scheduled by Monitoring On Demand®. The size of this communication is small and negligible. Visualization engine requests for current active transactions The impact of these requests depends on the following factors: – The transaction rate and the average transaction response time that make up the average number of in-flight transactions – The number of concurrent Web console users who may request the in-flight transaction information Transaction information is streamed to the publish server as it happens This is the largest contributor to network load. It uses up the largest amount of network bandwidth. The formula is as follows: – Monitoring in level 1: transaction rate x 353 – Monitoring in level 3: (transaction rate x 353) + (transaction rate x method call x 172) 22 Large-Scale Implementation of IBM Tivoli Composite Application Manager for WebSphere and Response Time Tracking As an illustration, we use a sample environment with a transaction rate of 3,000 requests per minute on level 1 and 300 requests per minute on level 3 monitoring. The average method calls is 500 methods per requests. The transaction bandwidth required is: – Level 1 transaction load: (3000 transaction / 60 seconds) x 353 = 17,650 bytes/sec – Level 3 transaction load: (30 transaction / 60 seconds) x 353 + (30 / 60) x 5,000 x 172 = 430,176 bytes/sec As shown in this example, the majority of network usage is spent on level 3 analysis. In a real production environment, for the majority of time, ITCAM for WebSphere runs on level 1. Therefore, the communication requirement is low. However, prepare an installation to occasionally increase monitoring in level 3 for problem determination purposes. Memory size Memory requirement is typically important for the following components: Kernel The memory size of the kernel is directly related to the number of data collectors. The typical size of 64 MB in the setenv.sh may have to be increased for more than 50 data collectors. Publish server The memory size is related to the number of transactions the publish server has to process, with some consideration to the transaction complexity factor, that is, the number of methods invoked. The publish server’s memory must be adequate to handle the data size between garbage collector intervals. For garbage collection per minute, you must accommodate a minute’s worth of data. In the example provided in “Communication bandwidth” on page 22, the total size of publish server memory for processing the load must be around 4.3 x 60 x (1.5) = 387 MB. Note that the base publish server was already using around 100 MB of storage. Archive agent This requires memory as a subset to the publish server and is masked by the sampling percentage from the publish server. The archive agent uses more memory than the sampling rate percentage, as it performs Java Database Connectivity (JDBC) database calls. Chapter 2. Planning for ITCAM for WebSphere 23 Visualization engine memory size This depends on the number of users who are connected and the activities that they perform. Users are categorized into the following groups: – Users monitoring the availability screens – Users collecting performance reports – Users monitoring in-flight threads Modify the visualization engine’s memory size by using the WebSphere Application Server administration console. Memory sizes for ITCAM for WebSphere components are defined in the setenv.sh file that is sourced by all overseer components. Processing requirement The processor requirement for ITCAM for WebSphere is directly related to the transaction rate. The largest processor usage is for the following components: Publish server: to process transaction data Database engine: for interface to the database Archive agent: to perform SQL calls WebSphere Application Server: to process user requests Database size The typical database size requirement depends on: The number of application server statistics The transaction volume to be stored The complexity of transaction The duration to keep the data Database table information that increases in size during ITCAM for WebSphere execution is: requests: number of requests x 353 bytes methods: number of methods x # requests in L3 x 172 bytes pmidata: number of data collectors x (3600/polling interval) x 73 bytes serverstats: number of data collectors x (3600/polling interval) x 107 bytes volumestats: number of data collectors x (3600/polling interval) x 74 bytes memorydata: number of data collectors x (3600/polling interval) x 115 bytes gcdata: number of data collectors x (3600/garbage collection interval) x104 bytes 24 Large-Scale Implementation of IBM Tivoli Composite Application Manager for WebSphere and Response Time Tracking 2.3.3 Data collector overhead Monitoring with ITCAM for WebSphere has overhead related to data collectors running on a production WebSphere Application Server. The overhead is minimal for data collectors running on level 1 monitoring. This is typically around a 2–3% increase of CPU time with no notable memory or disk input/output (I/O) requirement. When the monitoring level is increased, the processing overhead of ITCAM for WebSphere data collectors also increases. This increase is due to the fact that ITCAM for WebSphere collects more data from more sources. A typical level 2 monitoring generates around a 10% increase in processing usage, while a level 3 monitoring generates around 25–30% overhead. This means that level 2 or level 3 monitoring must be used sparingly in your production environment. To change the monitoring level for purposes of problem determination, schedule it to start and then step back to level 1 automatically in order to reduce the impact on users. 2.4 Implementation options for ITCAM for WebSphere Depending on the size of your implementation, there are some considerations for implementing ITCAM for WebSphere. This section discusses the following topics: 2.4.1, “Designing the managing server” on page 25 2.4.2, “Deploying a large number of data collectors” on page 28 2.4.1 Designing the managing server The ITCAM for WebSphere managing server consists of the following products: IBM DB2 Universal Database™ Enterprise Server or Oracle database server WebSphere Application Server ITCAM for WebSphere managing server Chapter 2. Planning for ITCAM for WebSphere 25 Publish traffic Snapshot traffic Figure 2-2 shows the conceptual relationship between the components. Global Publish Server (SAM) Publish Server (PS) Message Dispatcher (MD) Archive Agent (AA) Kernel (KL) Provide services on: - Lookup - Registration - Recovery - Configuration Visualization Engine Provide services on: -Administration -Availability -Problem Determination -Performance Management Polling Agent (PA) OCTIGATE database Figure 2-2 ITCAM for WebSphere components The following ITCAM for WebSphere components are displayed in Figure 2-2: Kernels These control the managing server. There are always two copies of kernels running on an ITCAM for WebSphere managing server for redundancy and failover. The kernels register components as they join the managing server, periodically renew connections and registrations with components and data collectors, and collect server and component availability information. Publish servers These receive application and system event data from the data collectors, gather and compute request-level information about performance metrics such as response times, and implement the trap monitoring and alerts features. Archive agents These receive monitoring data from the publish servers and store the monitoring data in ITCAM for WebSphere’s repository. Global publishing server This collects information from the publish servers and correlates all parts and pieces of multi-server requests, such as requests from J2EE servers to execute Customer Information Control System (CICS) or Information Management System (IMS) programs. 26 Large-Scale Implementation of IBM Tivoli Composite Application Manager for WebSphere and Response Time Tracking Message dispatcher This is a conduit for messages from ITCAM for WebSphere using e-mail and Simple Network Management Protocol (SNMP) facilities. Polling agent This collects data from Web servers for Apache 2.0 and later versions. Visualization engine This is a Web-based graphical user interface (GUI) with access to graphics, ITCAM for WebSphere performance reports, real-time views of different slices of monitoring data, ITCAM for WebSphere internal commands, and event-driven functions. The visualization engine runs on a J2EE server such as WebSphere Application Server. Although ITCAM for WebSphere provides the facility to install all the components in a single wizard, which is called embedded installation, individually installing each component allows more flexibility in terms of verifying each component and configuring them to suit your requirements. The considerations that you must keep in mind when installing the components are: Database You can install the database locally on the managing server or on a separate database server. ITCAM for WebSphere provides database configuration scripts to assist with the configuration of a remote database. Utilizing a remote database, regardless of whether it is a DB2 Universal Database or an Oracle database, relieves the processing load on the managing server. An environment with hundreds of data collectors generates a large amount of data flowing into the database. This amount increases considerably if the data collectors are set to run monitoring at level 2 or level 3, even for a short period of time. A remote database allows database query processing and recording to be processed using dedicated hardware, instead of sharing with the main managing server that is already busy with processing the transaction information. WebSphere Application Server The visualization engine of the managing server acts as the administration console for ITCAM for WebSphere. The visualization engine is deployed on a WebSphere Application Server JVM that resides in a standalone application server or an application server that is a part of a network deployment environment. We recommend that you install the visualization engine on a separate application server JVM that is not monitored by ITCAM for WebSphere data collectors, especially in a network deployment environment. This reduces any Chapter 2. Planning for ITCAM for WebSphere 27 possible conflicts that may arise with respect to ITCAM for WebSphere. In addition, if an issue does arise, problem determination will be somewhat easier due to the separation. ITCAM for WebSphere components Configure the managing server to handle large amounts of data by adding additional components, such as the publish servers and the archive agents. When adding the publish servers and the archive agents, the distribution of data is handled by the managing server. The amount of data being written to the database is handled more efficiently as well. Another major consideration for the managing server is the split server installation. This option provides the managing server with the overseer processes that exist on separate machines, including the kernel, which provides load balancing and failover capabilities. There are benefits to this type of configuration when there are hundreds of data collectors providing data to the managing server. This type of setup not only allows the managing server to handle more memory and disk space usage, but also provides a failover capability. For more information about split server installation, refer to 3.1, “Installing ITCAM for WebSphere managing server” on page 34. 2.4.2 Deploying a large number of data collectors Installation of a small amount of ITCAM for WebSphere data collectors is performed by using the graphical-based installation and configuration wizard provided by the product. When presented with the task of deploying hundreds of data collectors into an environment, the graphical interface is no longer a good option. This non-interactive automated installation method is commonly known as silent installation. The use of silent installation provides a means to deploy a larger number of data collectors in a more efficient manner. When performing the silent installation, information about the WebSphere environment must be known ahead of time. A response file will be used during the installation, and if incorrect information is used, may result in a failed install. When performing the silent installation of data collectors, the WebSphere Application Server version must be taken into account, as V6 introduced the usage of profiles. The response files for silent installation are different for various versions of the WebSphere Application Server. In some cases, when two versions of WebSphere Application Server are present, it is better to have two separate master response files. 28 Large-Scale Implementation of IBM Tivoli Composite Application Manager for WebSphere and Response Time Tracking Installing the Tivoli Enterprise Monitoring Agent (TEMA) is also an option of the silent installation. Although Tivoli Enterprise Monitoring Agent can be installed using silent installation, more configuration must be performed to connect to IBM Tivoli Monitoring V6.1 Tivoli Enterprise Monitoring Server. Mass automated installation is also possible by using a software distribution or provisioning solution such as the IBM Tivoli Configuration Manager. There is an additional consideration for deploying data collectors on a machine that has multiple application servers installed. Consider installing a separate data collector directory set for each application server, because applying a fix pack for data collectors requires you to stop the application server. You have a more flexible scheduling option with separate data collector installation for each application server. 2.5 Communication and security considerations Communication and security issues are vital to the inter-networked world that we live in. Applications and their management infrastructure must be secured in order to protect resources from unauthorized sources. This section discusses the following planning considerations: 2.5.1, “Communication security” on page 29 2.5.2, “Firewall and port consideration” on page 30 2.5.1 Communication security Communication security relates to the confidentiality of the information transmitted over a network. Management information that is used by IBM Tivoli Composite Application Manager products may contain details about application processing internals. This requires the content of the management information to be secured from being accessed by unauthorized sources. WebSphere security WebSphere security plays a significant role in a large-scale implementation. In some cases, WebSphere security is not enabled during the test phase of an implementation, but in a production environment. This requires certain additional considerations. The WebSphere user must have the appropriate permissions to, for instance, issue a wsadmin command. The configuration of data collectors involves the use of Java Command Language (JACL) scripts, and can fail when there is a permission problem. Chapter 2. Planning for ITCAM for WebSphere 29 If any of the application servers on which the data collector is installed has WebSphere security enabled on it, the entire ITCAM for WebSphere environment must have it enabled as well. This includes WebSphere security being enabled on the ITCAM for WebSphere managing server. Secure Sockets Layer communication Secure communication between the managing server and the data collector is a viable option if there is a requirement for data to be encrypted during transmission. Using Secure Sockets Layer (SSL) provides secure data transmission from the data collector to the managing server and must appease corporate security requirements, if necessary. Additional configuration must take place on the managing server and the data collector when enabling SSL. A certificate key generator is included with the product. This key generator provides the facility to use custom-generated keys. A best practice is to complete the default installation of the managing server and the data collector and then enable SSL for both. This isolates problems (that is, whether the problem is caused by the basic installation or the SSL configuration). 2.5.2 Firewall and port consideration Firewall and port issues arise when the data collectors are on a different site, location, or subnet from the managing server. Problems such as name resolution occur if the Domain Name System (DNS) is not set up correctly on either the managing server or the data collectors. Routing problems occur if the Internet Protocol (IP) addresses used belong to different subnets. The entire network environment must be looked into in order to determine where a firewall, router, or bridge may exist. 30 Large-Scale Implementation of IBM Tivoli Composite Application Manager for WebSphere and Response Time Tracking Figure 2-3 shows the communication port requirement for ITCAM for WebSphere. DC Command Agent KL1 DC Event Agent DC Command Agent KL2 Port Consolidator DC Event Agent PS1 DC Command Agent PS2 DC Event Agent Figure 2-3 Communication port requirements The managing server requires open ports for each kernel and publish server. The data collector requires open ports for the command agent and the event agent. The port consolidator requires a port to communicate to the managing server. Use a single port consolidator to consolidate communication from multiple data collectors. A port consolidator is useful to limit the number of ports required for communication between the data collector and the managing server. Port consolidation is a viable option if there is a limit to the number of ports that can be opened on the firewall. Additional configuration must be carried out on the data collector, including the configuration of the data collector to go through the port consolidator, and starting the port consolidator process. Chapter 2. Planning for ITCAM for WebSphere 31 2.6 Reliability and high availability This section discusses reliability issues that relate to failover and disaster recovery. 2.6.1 Failover and fault tolerance Split server configuration for ITCAM for WebSphere or the clustering server for ITCAM for Response Time Tracking consists of having two or more management servers running on separate physical machines. Hardware or software errors do occur on a machine and cause the server to cease functioning. Using the separate server configuration, the secondary server can handle the entire load until the failing machine is recovered. The switchover to the secondary managing server is not automatic. Manual intervention must take place for the failover to be successful. There are specific ITCAM for WebSphere components that can only be run on one managing server. They must therefore be started on a secondary server, such as the global publish server or the message dispatcher, if the primary server goes down. 2.6.2 Disaster recovery There are three areas where a backup is necessary for disaster recovery with respect to the IBM Tivoli Composite Application Manager server: Database Perform database backup regularly to collect the most up-to-date information. Use the database utility function to perform the backup function. WebSphere Application Server configuration for the server and agent or data collectors Perform a backup for these for them to be restored in a disaster recovery scenario. IBM Tivoli Composite Application Manager servers These servers must be physically considered for recovery in the disaster recovery site. 32 Large-Scale Implementation of IBM Tivoli Composite Application Manager for WebSphere and Response Time Tracking 3 Chapter 3. Installing ITCAM for WebSphere This chapter discusses the installation and deployment procedure for ITCAM for WebSphere. This chapter provides information about the following topics: 3.1, “Installing ITCAM for WebSphere managing server” on page 34 3.2, “Deploying data collectors” on page 50 3.3, “Configuring and setting up SSL communication” on page 64 © Copyright IBM Corp. 2006, 2007. All rights reserved. 33 3.1 Installing ITCAM for WebSphere managing server This section discusses some of the considerations for installing the ITCAM for WebSphere managing server and provides information pertaining to the following topics: 3.1.1, “Installation configuration” on page 34 3.1.2, “Database installation and configuration” on page 35 3.1.3, “WebSphere Application Server considerations” on page 41 3.1.4, “Configuring the split server of the managing server” on page 42 3.1.5, “Installation and setup of split server” on page 43 3.1.7, “Adding additional publish servers and archive agents” on page 48 3.1.1 Installation configuration The installation configuration for IBM Tivoli Composite Application Manager for WebSphere managing server in a large-scale environment is shown in Figure 3-1. OCTIGATE Managing Server machines Database Server Figure 3-1 Installation configuration for ITCAM for WebSphere managing server Depending on the scale of your implementation, choose to implement one or more of the following structures: Remote database, so that the database processing overhead does not hinder the processing of the managing server, although the database server must be connected through a local network to the managing server to minimize the networking overhead for storing the data over the network. 34 Large-Scale Implementation of IBM Tivoli Composite Application Manager for WebSphere and Response Time Tracking The managing server split-server configuration facilitates the load to be spread into several machines, besides allowing fault tolerance of the managing server components. The configuration that is discussed here covers the database, application server, and the managing server overseer components. 3.1.2 Database installation and configuration As mentioned in 2.4, “Implementation options for ITCAM for WebSphere” on page 25, utilizing a remote database for the managing server helps reduce memory consumption and processing load in a large-scale implementation. This section discusses how to deploy the database on a remote server using IBM Database 2™ (DB2) Universal Database (UDB), Enterprise Server Edition. Instructions about how to set up and configure a remote database are available in Chapter 13 of IBM Tivoli Composite Application Manager for WebSphere Installation and Customization Guide, GC32-9506. Implementing ITCAM for WebSphere with a remote database involves the following steps: 1. Installing the DB2 UDB, Enterprise Server Edition on the database server machine. 2. Installing DB2 Client Application Enabler on the managing server machines and visualization engine machines. These clients are necessary for communicating with the remote database server. 3. Cataloging database information about the DB2 clients. 4. Defining the OCTIGATE database structure on the remote database server machine. The software installation is not discussed here, as this must be performed in accordance with the database documentation. DB2 Universal Database server considerations The DB2 UDB installation includes defining the distribution files and file systems for the database itself. In a large environment where performance is critical, follow these recommendations: Store the database files in a separate physical disk rather than the operating system paging and DB2 UDB system files. This allows you to minimize disk contention for accessing the database files. Chapter 3. Installing ITCAM for WebSphere 35 Allocate adequate memory for DB2 UDB application pools to ensure performance. The most important pool is the DB2 bufferpool, which is used to buffer the database data for quick and efficient access. Use a faster disk for database storage, possibly separating the file systems for recovery log and data. Database installation scripts ITCAM for WebSphere provides remote database creation scripts in the tar file supplied in the managing installation image: <ms-installation-image-directory>/base/scripts/db2-remote-scripts.tar The scripts in the tar file are aimed at a UNIX-based environment installation or a Windows-based environment with Microsoft Windows Services for UNIX (SFU) installed. On untarring the db2-remote-scripts.tar file, you will be presented with various installation scripts in the bin directory that is created. The primary executable is db2install. Depending on the platform, different syntax exist for executing the db2install command. The following example uses amuser as the owner ID and admin as the default user from the visualization engine. For Windows, the syntax is: db2install.bat jdbc_user jdbc_password adminVEuser instance_user instance_password For example: db2install.bat amuser ampasswd admin db2inst1 dbpasswd For UNIX, the syntax is: db2install.sh db2username db_user absolute_path_of_install_directory adminVEUser For example: ./db2install.sh db2inst1 amuser /tmp/db2/ admin The script uses the su command several times to switch the user as the DB2 instance owner. We recommend that you log in as the root user, so that you are not prompted for the DB2 user password multiple times. If you log in as the root user, add the root user to the DB2 administrator group, typically called db2grp1. You must also define the installation owner user in the operating system of the database machine. This user is typically called amuser and requires administrative access. 36 Large-Scale Implementation of IBM Tivoli Composite Application Manager for WebSphere and Response Time Tracking Cataloging the database on the DB2 Universal Database client The DB2 client must be able to connect to the actual DB2 OCTIGATE database. This connection is defined using the following definitions: Node definition This indicates where the DB2 UDB server resides. Database definition This indicates the database selection in the node. Start the DB2 UDB command-line interface using the db2cmd command in a Windows-based platform or by sourcing the db2profile on a UNIX-based platform. To catalog the node, issue the following command: db2 catalog tcpip node <ipnode> remote <ipaddr> server <ipport> Following is a description of the parameters in this command: ipnode: the database node name. ipaddr: the TCP/IP host name or address the client addresses the server by. ipport: the port number on which the DB2 server listens. The default port number is 50000. To catalog the database, issue the following command: db2 catalog database OCTIGATE at node <ipnode> In this command, ipnode is the database node name as defined by the catalog tcpip node command. Chapter 3. Installing ITCAM for WebSphere 37 The actual OCTIGATE database must exist to connect to the database. The connection is performed using the db2 connect command to OCTIGATE. Figure 3-2 shows a successful connection. # . /home/db2inst1/db2profile # db2 connect to OCTIGATE user db2inst1 using db2passw Database Connection Information Database server SQL authorization ID Local database alias = DB2/AIX 8.2.0 = DB2INST1 = OCTIGATE Figure 3-2 Successful connection to OCTIGATE We recommend that you create the database first and then catalog it. This is to help you to test the connection to the database from the DB2 client immediately. Although you can catalog the database without testing the connection, testing it ensures connectivity. Changing database name from OCTIGATE Note: Although we do not recommend changing the database name of the ITCAM for WebSphere managing server from OCTIGATE, some installations may have strict naming conventions for the database name. To change the database name OCTIGATE to another name, there are some modifications required on: Installation and configuration scripts Runtime database connection Example 3-1 illustrates the changes required in db2configuration.sh to modify the database name from OCTIGATE to CAMFWAS. Example 3-1 Modification to db2configuration.sh # Drop the octigate database first echo "$DBUSER> db2 drop database camfwas" db2 drop database camfwas #Fix SQL1005N problem. #One of the causes is that octigate database may be created by other DB2 instance #so it still exists in system catalog. echo "$DBUSER> db2 catalog database camfwas" 38 Large-Scale Implementation of IBM Tivoli Composite Application Manager for WebSphere and Response Time Tracking db2 catalog database camfwas echo "$DBUSER> db2 drop database camfwas" db2 drop database camfwas echo "$DBUSER> db2 uncatalog database camfwas" db2 uncatalog database camfwas # Create the octigate database echo "$DBUSER> db2 create database camfwas using codeset UTF-8 territory US" db2 create database camfwas using codeset UTF-8 territory US status="$?" echo "$DBUSER> db2empfa camfwas" db2empfa camfwas # Configure DB2 and the Octigate Database echo "$DBUSER> db2 -tf $2" db2 -tf $2 # echo "Change IBMDEFAULTBP size to -1 so BUFFPAGE setting will be used" db2 connect to camfwas ... Example 3-2 illustrates the changes required in db2createschema.sh to modify the database name to CAMFWAS. Example 3-2 Modification to db2createschema.sh # Connect to DB2 echo "$DBUSER> db2 connect to camfwas" echo "$DBUSER> db2 -tf $DBSCRIPT" su - $DBUSER -c "db2 connect to camfwas; db2 -tf $DBSCRIPT; db2 terminate" #Change the database table to update the user "admin" echo "$DBUSER> db2 connect to camfwas" status="$?" echo "$DBUSER> db2 update users set username = '$ADMINUSER', ext_user = '$ADMINUSER' where username = 'admin' and ext_user = 'admin'" su - $DBUSER -c "db2 connect to camfwas; db2 \"update users set username = '$ADMINUSER', ext_user = '$ADMINUSER' where username = 'admin' and ext_user = 'admin'\" ; db2 terminate" Example 3-3 illustrates a successful database connection and creation. Start the DB2 UDB command-line interface using the db2cmd command. Then connect to the database as the schema user (for example, amuser) and list the table. Example 3-3 Checking database db2 => connect to camfwas user amuser using ampasswd Database Connection Information Database server = DB2/LINUX 8.2.4 SQL authorization ID = AMUSER Local database alias = CAMFWAS db2 => list tables Chapter 3. Installing ITCAM for WebSphere 39 Table/View ------------------------------CONFIG CTG_SR_GATEWAY ... 2007-06-07-11.25.22.927237 VOLUMESTAT WBI_BO_VIEW WBI_REQUEST_OVERVIEW WEBSERVERCHARTDATA Schema --------------AMUSER AMUSER Type ----T T Creation time -------------2007-06-07-11.25.24.284983 2007-06-07-11.25.25.150959 AMUSER AMUSER AMUSER AMUSER T V T T 2007-06-07-11.25.23.838550 2007-06-07-11.25.25.555333 2007-06-07-11.25.25.435186 2007-06-07-11.25.24.772717 65 record(s) selected. Two further modifications are required in the managing server to reference the database: $ITCAM_HOME/bin/setenv.sh To change the database name from OCTIGATE to CAMFWAS, change the definition of JDBC_DRIVER_URL to point to CAMFWAS. For example: JDBC_DRIVER_URL=jdbc:db2://lima.itsc.austin.ibm.com:50000/camfwas Set the JDBC properties in the WebSphere Application Server where visualization engine is running: a. Log on to the WebSphere Application Server administrative console. b. Go to Resources → JDBC → Data Sources. c. Select ITCAMDataSource. 40 Large-Scale Implementation of IBM Tivoli Composite Application Manager for WebSphere and Response Time Tracking d. Modify the database name in the DB2 Universal Database Property to reflect the name of the ITCAM Database. For example, Figure 3-3 illustrates the change to the database CAMFWAS. Figure 3-3 Configuration for ITCAMDataSource 3.1.3 WebSphere Application Server considerations ITCAM for WebSphere requires the WebSphere Application Server V5 or V6 to run the visualization engine. The WebSphere Application Server runs the visualization engine Web application that acts as the ITCAM for WebSphere Web console. The WebSphere Application Server can be a standalone server or a part of a network deployment environment. Considerations for operating the Web console In case of a visualization engine error, minimize the load of the non-managing server application and ensure access to the WebSphere administration console. This is not a problem for a network deployment environment because the administration console runs independently of the application server. For a Chapter 3. Installing ITCAM for WebSphere 41 standalone server with WebSphere Application Server V5, do not use the default server1, as it runs the administration console application. The reasons why you must not do this are: There will be some overhead from the administration console. If ITCAM for WebSphere stops functioning, you are left without an administration console and have to update the eXtensible Markup Language (XML) files manually. 3.1.4 Configuring the split server of the managing server The split server configuration of the managing server consists of running two kernels on separate physical machines. Implementing the ITCAM for WebSphere managing server in this manner provides failover capabilities for reporting data collectors. Figure 3-4 shows the split-server configuration in a two-system environment. Note that this figure shows only the managing server components. Kernel 1 Kernel 2 Publish Server 1 Publish Server 2 Publish Server 3 Publish Server 4 Archive Agent 1 Archive Agent 2 Archive Agent 3 Archive Agent 4 Visualization Engine Message Dispatcher Global Publish Server Managing server - 1 Managing server - 2 Figure 3-4 Split server configuration Note: Currently, the alerts and traps setting requires the publish server to contact a local message dispatcher process. We recommend that you have a message dispatcher on server1. 42 Large-Scale Implementation of IBM Tivoli Composite Application Manager for WebSphere and Response Time Tracking As Figure 3-4 on page 42 shows, there are two managing servers: Managing server 1 This acts as the main server. In a split server configuration for ITCAM for WebSphere, the following components can reside only on one of the managing servers, particular the primary server: – Visualization engine – Message dispatcher – Global publish server Managing server 2 This acts as a backup server and offloads the processing of the primary server. 3.1.5 Installation and setup of split server Both of the managing servers have the following requirements: For a Windows-based server, install Microsoft Services for UNIX. Access to the OCTIGATE database, either locally or using the database client software. Our example sets the DB2 client similarly for both of the managing server machines. Java environment, which is typically acquired from the WebSphere Application Server installation on the machine. Even though you do not install WebSphere Application Server, you still have to adjust JAVA_HOME to a suitable Java Runtime Environment (JRE™). The WebSphere’s j2ee.jar must also be present. Copy $WAS_HOME/java and $WAS_HOME/lib/j2ee.jar from the primary managing server to the secondary server. For ease of maintenance, we recommend that both servers run the same level of software. One approach is to tar the primary managing server directory and restore it on the secondary managing server. Alternatively, you can also install the managing server software on both the machines. Chapter 3. Installing ITCAM for WebSphere 43 Perform the following changes to the configuration files on one or both the servers: $ITCAM_HOME/bin/setenv.sh This file determines the configuration information for the managing server. a. To allow a split server, change the definition for KERNEL_HOST01 and KERNEL_HOST02 to point to each managing server, assuming that you use the same port definitions for both the servers. Each kernel requires three ports for operation. Perform this activity on both the servers, as shown in Example 3-4. Example 3-4 Modification of setenv.sh KERNEL_HOST01=srv152.itsc.austin.ibm.com PORT_KERNEL_CODEBASE01=9122 PORT_KERNEL_RFS01=9120 PORT_KERNEL_RMI01=9178 KERNEL_HOST02=srv153.itsc.austin.ibm.com PORT_KERNEL_CODEBASE02=9123 PORT_KERNEL_RFS02=9121 PORT_KERNEL_RMI02=9119 b. Edit the $ITCAM/etc/ms.properties file and set the kernel.hosts property, as shown in Example 3-5. Example 3-5 Example of ms.properties kernel.hosts=srv152.itsc.austin.ibm.com:9122:9120:9178:9178,srv15 3.itsc.austin.ibm.com:9123:9121:9119 c. Adjust the setting for JAVA_HOME accordingly. This must refer to the same Java Virtual Machine (JVM) environment that is similar to the WebSphere Application Server. To check the Java version, use the java -version command to make sure that you are using the same JVM as your WebSphere Application Server. 44 Large-Scale Implementation of IBM Tivoli Composite Application Manager for WebSphere and Response Time Tracking $ITCAM_HOME/etc/ve.properties This is the configuration for the visualization engine. Reflect the correct kernel codebase and rfs addresses that are stored in the value of kernel.codebase and kernel.rfs.address, as shown in Example 3-6. Perform this activity for both the managing servers. Example 3-6 Modification of ve.properties kernel.codebase=http://srv152.itsc.austin.ibm.com:9122/kernel.core.j ar http://srv153.itsc.austin.ibm.com:9123/kernel.core.jar kernel.rfs.address=srv152.itsc.austin.ibm.com:9120 srv153.itsc.austin.ibm.com:9121 For all the components that have been started in Managing server 2, edit the corresponding control files for these components. Make sure that the entries pointing to kernel codebase and ports like RMI and RFS are pointing to the correct location. We edited the aactl.sh and psctl.sh files. These were the components running on managing server 2, as shown in Figure 3-4 on page 42. Example 3-7 Modification of aactl.sh CODEBASE_ADDRESS02=$KERNEL_HOST02:$PORT_KERNEL_CODEBASE02 KERNEL_CODEBASE=”http://$CODEBASE_ADDRESS02/kernel.core.jar” RFS_ADDRESS=”KERNEL_HOST02:$PORT_KERNEL_RFS02” RMI_CODEBASE=”http://$CODEBASE_ADDRESS02/archiveagent-intf.jar http://$CODEBASE_ADDRESS02/archiveagent.jar” Chapter 3. Installing ITCAM for WebSphere 45 $ITCAM_HOME/bin/am-start.sh This is the startup script for ITCAM for WebSphere. Modify this script to indicate which components must be started on which machine. Refer to Figure 3-4 on page 42 to comment out the appropriate component. The secondary managing server must suppress the kernel 1 and kernel 1 watch dog. The primary managing server must suppress the kernel 2 and kernel 2 watch dog. Similarly, you have to add appropriate commands to start the individual components on each server. Our sample am-start.sh for managing server 1 is shown in Example 3-8. You must also shorten the wait time for the watch dog, as there is only one kernel to start in each machine. Example 3-8 Sample content of am-start.sh for managing server 1 ${CYANEA_HOME}/bin/amctl.sh ${CYANEA_HOME}/bin/amctl.sh ${CYANEA_HOME}/bin/amctl.sh ${CYANEA_HOME}/bin/amctl.sh ${CYANEA_HOME}/bin/amctl.sh ${CYANEA_HOME}/bin/amctl.sh ${CYANEA_HOME}/bin/amctl.sh wd1 start aa1 start aa2 start ps1 start ps2 start md start sam1 start $ITCAM_HOME/bin/am-stop.sh Perform the similar modification in the am-stop.sh script as well, in order to eliminate errors when stopping the components. Note: For am-start.sh and am-stop.sh, start the primary managing server first. Use an automation mechanism to coordinate this process. One such automation mechanism is the use of a remote execution shell. 46 Large-Scale Implementation of IBM Tivoli Composite Application Manager for WebSphere and Response Time Tracking 3.1.6 Verifying the installed components in a split environment Start ITCAM for WebSphere on both the managing servers using the am-start.sh command. Once all the components are started on both the machines, verify the split server configuration using the Web console. Select Administration → Managing server → Self Diagnosis. In the component window, the running components and their Internet Protocol (IP) addresses are displayed, as shown in Figure 3-5. Figure 3-5 Self-diagnostic window that shows the managing server components Note: The polling agent has been removed from this version of ITCAM for WebSphere. You cannot add or configure the polling agent, even though an empty node for the polling agent is displayed in the application monitor component tree in the Web console. Chapter 3. Installing ITCAM for WebSphere 47 3.1.7 Adding additional publish servers and archive agents The basic configuration has only two publish servers and two archive agents. To further distribute the load, add publish servers or archive agents. Typically, in a split-server environment (shown in Figure 3-4 on page 42), two publish servers and two archive agents per machine are defined. Restriction: You can add only publish servers and archive agents. There are only two instances of kernels and a single instance of global publish server, message dispatcher. The instructions for adding additional publish servers and archive agents are derived from IBM Tivoli Composite Application Manager for WebSphere Installation and Customization Guide, GC32-9506. Defining new components includes the following modifications: 1. Run the following command from the $ITCAM_HOME/bin/ folder: ./add-ps.sh publish_server_port_number This adds a new publish server. The output of the command is shown in Example 3-9 Example 3-9 Output of executing add-ps.sh [root@srv153 bin]# ./add-ps.sh 9105 Current number of ps = 2 New number of ps = 3 Creating a new /opt/IBM/itcam/WebSphere/MS/etc/ps3.properties, using ps1.properties as a template testing UUID=f0039d70-0f1b-dc01-c4dc-000c293bdac6 Use UUID=f0039d70-0f1b-dc01-c4dc-000c293bdac6 Creating a new /opt/IBM/itcam/WebSphere/MS/etc/log-ps3.properties by copying log-ps1.properties Done modifying setenv.sh Done modifying am-start.sh Done modifying am-stop.sh Done modifying am-forcestop.sh 2. Run the following command from the $ITCAM_HOME/bin/ folder: ./add-aa.sh archive_agent_port_number 48 Large-Scale Implementation of IBM Tivoli Composite Application Manager for WebSphere and Response Time Tracking This adds a new archive agent. The output of the command is shown in Example 3-10. Example 3-10 Output of executing add-aa.sh [root@srv153 bin]# ./add-as.sh 9031 Current number of AA = 2 New number of AA = 3 Creating a new /opt/IBM/itcam/WebSphere/MS/etc/aa3.properties, using aa1.properties as a template testing UUID=d078edc1-0e1b-dc01-2da7-000c293bdac6 Use UUID=d078edc1-0e1b-dc01-2da7-000c293bdac6 Creating a new /opt/IBM/itcam/WebSphere/MS/etc/log-aa3.properties by copying log-aa1.properties Done modifying setenv.sh Done modifying am-start.sh Done modifying am-stop.sh Done modifying am-forcestop.sh 3. Modify the am-start.sh and am-stop.sh scripts to add the new components for both servers: a. For am-start.sh, if you have added two more archive agent aa3 and aa4, respectively, and published server ps3 and ps4, the following entries must be made (Example 3-11). Example 3-11 Addition to am-start.sh MS_home/bin/amctl.sh MS_home/bin/amctl.sh MS_home/bin/amctl.sh MS_home/bin/amctl.sh ps3 ps4 aa3 aa4 start start start start b. For am-stop.sh, use the commands shown in Example 3-12. Example 3-12 Addition to am-stop.sh MS_home/bin/amctl.sh MS_home/bin/amctl.sh MS_home/bin/amctl.sh MS_home/bin/amctl.sh ps3 ps4 aa3 aa4 stop stop stop stop Chapter 3. Installing ITCAM for WebSphere 49 3.2 Deploying data collectors This section lists the configuration options for installing the data collector. You modify the configuration options either in the response file or at the command line to run the silent installation. You have the option to only install the data collector, both install and configure the data collector, or only configure the data collector using this procedure. If you only want to configure the data collector, perform this the configuration after the data collector has been installed. Data collector deployment for a large installation requires a custom-automated silent installation and configuration of ITCAM for WebSphere data collectors on the target application servers. This section discusses the following topics: 3.2.1, “Setting up the silent installation process” on page 50 3.2.2, “Installing the data collector” on page 53 3.2.3, “Installing and configuring the data collector together” on page 54 3.2.4, “Configuring data collectors” on page 56 3.2.5, “Automatically discovering the installation parameters” on page 61 3.2.1 Setting up the silent installation process The silent installation process is supported by the install-DC command, with the following syntax: install-DC -silent -options inputfile The input file can either be modified from a supplied sample or generated using the installation wizard. In Version 6.1, the installation wizard and the configuration tool wizard both have the ability to generate the silent installation option file. Table 3-1 lists the available sample option files for the wizard. These options files are supplied in the silent sub-directory of the installation image. Table 3-1 Options files list 50 Application server type Sample option file name WebSphere Application Server V6 DC6.opt WebSphere Application Server V5 DC.opt WebSphere Application Server DC_was.opt WebSphere Portal Server DC_portal.opt Large-Scale Implementation of IBM Tivoli Composite Application Manager for WebSphere and Response Time Tracking Application server type Sample option file name WebSphere Process Server DC_ps.opt WebSphere Enterprise Service Bus DC_esb.opt DC_esb.opt Workplace™ Collaboration Service Mail Server DC_wcsmail.opt Option for upgrading WebSphere V5 or V6 data collector V6.0 into V6.1 migrate_DC.opt The install settings in the option files are commented using leading number characters (###). If you enable an option, you must supply a value. A blank or a null value is not acceptable. The silent installation option requires advance knowledge of the target machine, including the target WebSphere environment. A prefilled response file may not be efficient in a large environment. An external mechanism is required to collect the information and populate the silent installation control files beforehand. Some of this information requires the use of naming conventions. See 3.2.5, “Automatically discovering the installation parameters” on page 61. Table 3-2 lists the parameters for installation. Table 3-2 Installation parameters Option string Description -V disableOSPrereqChecking=true | false Whether to check the operating system level before the installation. -V LICENSE_REJECT_BUTTON=true | false Must be false. -P installLocation=value Specifies the path of the installation directory for the data collector. -V LOG_DIR=value This specifies the writable directory to which the installation and configuration programs will write log files. -W LogSetting.consoleOut=true | false Specifies whether to display messages issued by the installation and configuration program on the console. -V DC_WD_JAVAHOME=value Path of the Java home directory. -V DC_CC_TEMA=true | false Whether to install Tivoli Enterprise Monitoring Agent collector interface. -V LAUNCH_CONFIG=true | false Specifies whether to launch or defer the data collector Configuration Tool after installation. -V DEFER_CONFIG=true | false Chapter 3. Installing ITCAM for WebSphere 51 -V GC_LOG_PATH=value If Tivoli Enterprise Monitoring Agent is true, specifies the path for the garbage collector log. -W LogSetting.logLevel=level Level: FATAL, ERROR, WARNING, INFO, DEBUG_MIN, DEBUG_MID, DEBUG_MAX, ALL. Table 3-3 lists the parameters for configuration. Table 3-3 Configuration parameters Option String Description -V LOG_DIR=value Writable directory to which the installation and configuration programs write log files. -V LAUNCH_CONFIG=true | false Specifies whether to launch or defer the data collector configuration tool after installation. -V DEFER_CONFIG=true | false -V DC_CCUC_CONFIG=true | false -V DC_CCUC_UNCONFIG=true | false Specifies whether to configure or unconfigure a data collector. -V DC_RECONFIG_ALLOW=true | false Indicates whether reconfiguring the data collector is allowed. -V DC_MSKS_SERVERNAME=value Fully qualified host name of the managing server. -V DC_MSKS_CODEBASEPORT=value Remote file system port for the managing server. -V DC_MS_AMHOME=value Installation directory of the managing server. -V DC_CC_ITCAMFWAS=true | false Whether the application monitor interface support will be installed. -V DC_CAS_WAS=true | false Specifies which type of data collector to configure, WebSphere Application Server, Enterprise Service Bus, Process Server, or WebSphere Portal Server. -V DC_CAS_ESB=true | false -V DC_CAS_PS=true | false -V DC_CAS_WPS=true |false -V APP_SERVER_NAMES=value Path to the application server. -V WS_NODE_NAME=value Application server node name. -V DC_WD_JAVAHOME=value Location of the Java home directory. -V DC_WD_PROFILENAME=value Applies only to Version 6 application servers. -V DC_WD_WASBASEDIR=value Location of the application server base directory. -V DC_WD_WASVER=value Version of the application server. 52 Large-Scale Implementation of IBM Tivoli Composite Application Manager for WebSphere and Response Time Tracking -V DC_ASL_HOSTNAME=value Administrative application host name where the data collector will be installed. -V DC_ASL_SOAPPORT=value SOAP interface port for the administrative application. -V WAS_BASEDIR=value Only for ESB, portal server, and process server, indicates path and version of the base WebSphere Application Server. -V WAS_BASE_VERSION=value -V DC_CC_TEMA=true | false Whether to run secondary collector for Tivoli Enterprise Monitoring Agent. -V GC_LOG_PATH=value If Tivoli Enterprise Monitoring Agent is true, specifies path for the Garbage Collector log. -V TEMA_OFFLINE_ALLOW=true | false Allows Tivoli Enterprise Monitoring Agent to be off line. -V FIREWALL_ENABLED=true | false Whether the data collector machine is behind a firewall. -V PROBE_RMI_PORT=value If the firewall is enabled, define RMI port for probe agent. -V PROBE_CONTROLLER_RMI_PORT=value If the firewall is enabled, define RMI port for controller. -W LogSetting.logLevel=level Level: FATAL, ERROR, WARNING, INFO, DEBUG_MIN, DEBUG_MID, DEBUG_MAX, ALL. 3.2.2 Installing the data collector A sample option file for our WebSphere Application Server V6.1 is shown in Example 3-13. This installation is on the Linux-based server. Example 3-13 Sample option file for WebSphere Application Server V6.1 # Log Parameters -V LOG_DIR="/var/ibm/tivoli/common" -V disableOSPrereqChecking="true" -W LogSetting.logLevel="ALL" -W LogSetting.consoleOut="false" -P installLocation="/opt/IBM/itcam/WebSphere/DC" -V DC_WD_JAVAHOME=/opt/IBM/WebSphere/AppServer/java -V LICENSE_ACCEPT_BUTTON="true" -V LICENSE_REJECT_BUTTON="false" -V LAUNCH_CONFIG="false" -V DEFER_CONFIG="true" -V DC_CC_TEMA="true" -V GC_LOG_PATH="/var/ibm/tivoli/common/CYN/logs/gc.log" Chapter 3. Installing ITCAM for WebSphere 53 Run the following silent installation command to silently install the data collector: ./setup_DC_<platform>.bin -silent -options <PATH>/DC6.opt The option file in Example 3-13 on page 53 does not launch the configuration tool. You can check the installation result in the /var/ibm/tivoli/common/CYN/logs/trace-install.log file. When the installation is successful, the end of trace-install.log contains the message in Example 3-14. Example 3-14 Sample trace-install.log for a successful data collector installation <LogText><![CDATA[Exit, return value = The InstallShield Wizard has successfully installed ITCAM for WebSphere Data Collector 6.1. Choose Finish to exit the wizard.]]></LogText> 3.2.3 Installing and configuring the data collector together A sample option file for our WebSphere Application Server V6.1 is shown in Example 3-15. This installation is on the Linux-based network deployment server called srv107 with the managing server on srv152. Notice that the option -V LAUNCH_CONFIG="true" since we are both installing and configuring the data collector. Example 3-15 Sample option file for WebSphere Application Server V6.1 # Install Parameters -V LOG_DIR="/var/ibm/tivoli/common" -V disableOSPrereqChecking="true" -W LogSetting.logLevel="ALL" -P installLocation="/opt/IBM/itcam/WebSphere/DC" -V DC_WD_JAVAHOME=/opt/IBM/WebSphere/AppServer/java -V LICENSE_ACCEPT_BUTTON="true" -V LICENSE_REJECT_BUTTON="false" -V LAUNCH_CONFIG="true" -V DEFER_CONFIG="true" -V DC_CC_TEMA="true" -V GC_LOG_PATH="/var/ibm/tivoli/common/CYN/logs/gc.log" # Configuration Parameters -V -V -V -V -V -V 54 DC_CCUC_CONFIG="true" DC_CCUC_UNCONFIG="false" DC_RECONFIG_ALLOW="true" DC_OFFLINE_ALLOW="false" DC_MSKS_SERVERNAME="srv152.itsc.austin.ibm.com" DC_MSKS_CODEBASEPORT="9122" Large-Scale Implementation of IBM Tivoli Composite Application Manager for WebSphere and Response Time Tracking -V DC_MS_AMHOME="/opt/IBM/itcam/WebSphere/MS" -V DC_CC_ITCAMFWAS="true" -V DC_CC_TEMA="true" -V DC_CAS_WAS="true" -V DC_CAS_ESB="false" -V DC_CAS_PS="false" -V DC_CAS_WPS="false" -V DC_CAS_WCSMAIL="false" -V APP_SERVER_NAMES="cells/srv107Node01Cell/nodes/srv107Node02/servers/ser ver1" -V WS_NODE_NAME="cells/srv107Node01Cell/nodes/srv107Node02" -V DC_WD_PROFILEHOME="/opt/IBM/WebSphere/AppServer/profiles/ProcSrv01" -V DC_WD_PROFILENAME="ProcSrv01" -V DC_WD_WASBASEDIR="/opt/IBM/WebSphere/AppServer" -V DC_WD_WASVER="60" -V DC_ASL_HOSTNAME="srv107.itsc.austin.ibm.com" -V DC_ASL_SOAPPORT="8880" -V DC_ASL_USERNAME="NULL" -V DC_ASL_PASSWD="NULL" -V WAS_BASEDIR="/opt/IBM/WebSphere/AppServer" ## # TEMA Parameters ## -V DC_CC_TEMA="true" -V GC_LOG_PATH="/var/ibm/tivoli/common/CYN/logs/GC" -V TEMA_OFFLINE_ALLOW="false" ## # DC Host Parameters ## -V AM_SOCKET_BINDIP="srv107.itsc.austin.ibm.com" -V FIREWALL_ENABLED="false" For additional flexibility and the reuse of response files, you can manually type some configuration options on the command line, instead of including them in the response file. This is useful for providing: Unique options: to reuse the response file in multiple installations and configurations, but some of the options are unique to each. Password protection: to safeguard the password by manually entering it during each installation and configuration. If you record the password in the option (.opt) file, the password is unencrypted and visible to anyone who opens the file. Chapter 3. Installing ITCAM for WebSphere 55 The following command sets administrative server passwords on the command line and relies on a response file to provide all other configuration details: ./setup_DC_lin.bin -silent -V DC_ASL_PASSWD="tivoli" -options /<PATH>/DC6.opt Note: Configuration options specified in the response file take precedence over those entered in the command line. 3.2.4 Configuring data collectors As a machine may have more than one application server, we can now configure additional application servers on that machine. This is typically performed using the config_DC utility that is installed in the ITCAM_HOME/config_DC directory. You may also need to run the configuration if you defer launching the configuration tool, as in 3.2.2, “Installing the data collector” on page 53. There are two ways of configuring the data collectors without interaction: Using the config_dc -silent utility and modifying the dcInpouts.txt The drawback of this is that all the error messages require a graphical user interface (Windows or X11) to be available and responded upon. Using the Java Command Language (JACL) script configDataCollector.jacl Running config_dc Example 3-16 shows the options file that allows multiple data collector configurations to be performed in a single run. Example 3-16 Sample properties for configuring two servers in the same node # Configuration Parameters -V -V -V -V -V -V -V -V -V -V -V -V -V 56 DC_CCUC_CONFIG="true" DC_CCUC_UNCONFIG="false" DC_RECONFIG_ALLOW="true" DC_OFFLINE_ALLOW="false" DC_MSKS_SERVERNAME="srv152.itsc.austin.ibm.com" DC_MSKS_CODEBASEPORT="9122" DC_MS_AMHOME="/opt/IBM/itcam/WebSphere/MS" DC_CC_ITCAMFWAS="true" DC_CC_TEMA="false" DC_CAS_WAS="true" DC_CAS_ESB="false" DC_CAS_PS="false" DC_CAS_WPS="false" Large-Scale Implementation of IBM Tivoli Composite Application Manager for WebSphere and Response Time Tracking -V DC_CAS_WCSMAIL="false" -V APP_SERVER_NAMES="cells/khartoumCell01/nodes/khartoumNode01/servers/Cli entSvc" -V WS_NODE_NAME="cells/khartoumCell01/nodes/khartoumNode01" -V DC_WD_PROFILEHOME="/opt/IBM/WebSphere/AppServer/profiles/AppSrv01" -V DC_WD_PROFILENAME="AppSrv01" -V DC_WD_WASBASEDIR="/opt/IBM/WebSphere/AppServer" -V DC_WD_WASVER="61" -V DC_ASL_HOSTNAME="khartoum.itsc.austin.ibm.com" -V DC_ASL_SOAPPORT="8879" -V DC_ASL_USERNAME="NULL" -V DC_ASL_PASSWD="NULL" -V WAS_BASEDIR="/opt/IBM/WebSphere/AppServer" ## # TEMA Parameters ## -V DC_CC_TEMA="false" -V GC_LOG_PATH="NULL" -V TEMA_OFFLINE_ALLOW="false" ## # DC Host Parameters ## -V AM_SOCKET_BINDIP="khartoum.itsc.austin.ibm.com" -V FIREWALL_ENABLED="false" ## # Configuration Parameters ## -V DC_CCUC_CONFIG="true" -V DC_CCUC_UNCONFIG="false" -V DC_RECONFIG_ALLOW="true" -V DC_OFFLINE_ALLOW="false" -V DC_MSKS_SERVERNAME="srv152.itsc.austin.ibm.com" -V DC_MSKS_CODEBASEPORT="9122" -V DC_MS_AMHOME="/opt/IBM/itcam/WebSphere/MS" -V DC_CC_ITCAMFWAS="true" -V DC_CC_TEMA="false" -V DC_CAS_WAS="true" -V DC_CAS_ESB="false" -V DC_CAS_PS="false" -V DC_CAS_WPS="false" -V DC_CAS_WCSMAIL="false" -V APP_SERVER_NAMES="cells/khartoumCell01/nodes/khartoumNode01/servers/Ser verSvc" Chapter 3. Installing ITCAM for WebSphere 57 -V WS_NODE_NAME="cells/khartoumCell01/nodes/khartoumNode01" -V DC_WD_PROFILEHOME="/opt/IBM/WebSphere/AppServer/profiles/AppSrv01" -V DC_WD_PROFILENAME="AppSrv01" -V DC_WD_WASBASEDIR="/opt/IBM/WebSphere/AppServer" -V DC_WD_WASVER="NULL" -V DC_ASL_HOSTNAME="khartoum.itsc.austin.ibm.com" -V DC_ASL_SOAPPORT="8879" -V DC_ASL_USERNAME="NULL" -V DC_ASL_PASSWD="NULL" -V WAS_BASEDIR="/opt/IBM/WebSphere/AppServer" ## # TEMA Parameters ## -V DC_CC_TEMA="false" -V GC_LOG_PATH="NULL" -V TEMA_OFFLINE_ALLOW="false" ## # DC Host Parameters ## -V AM_SOCKET_BINDIP="khartoum.itsc.austin.ibm.com" -V FIREWALL_ENABLED="false" Run the following silent configuration command: /opt/IBM/itcam/WebSphere/DC/config_dc/config_dc.sh -silent -options itcam_dc_config.opt The file dcInputs.txt gets created during the install process of the data collector and is later used by the data collecter configuration wizard, along with an options file (.opt). During the configuration process the dcInputs.txt file (see Example 3-17) gets further updated and is used by the remainder of the configuration process. Example 3-17 Sample dcInputs.txt file TEMP_DIR=/tmp/ibm_am_installer_dc/ TOOLKITHOME=/opt/IBM/itcam/WebSphere/DC/toolkit JAVA_HOME=/opt/IBM/itcam/WebSphere/DC/_jvm/jre AM_HOME_CONFIG_DC=/opt/IBM/itcam/WebSphere/DC/config_dc OS=linux FILESEP=/ DCHOME=/opt/IBM/itcam/WebSphere/DC/itcamdc ITCAM61HOME=/opt/IBM/itcam/WebSphere/DC UNCONFIGURE_SUCCESSFUL=true 58 Large-Scale Implementation of IBM Tivoli Composite Application Manager for WebSphere and Response Time Tracking DMGR_RMI= TIVOLI_COMMON_DIR=/var/ibm/tivoli/common OS_VERSION=2.6.9-42.ELsmp CONNECTION=SOAP JDK_VERSION= WS_RMI_PORT= CONFIGURE=true JDK_TYPE= COBRAND=ITCAM REPLACE_JAVA_SECURITY_POLICY=true LOG_COMMON_DIR=/var/ibm/tivoli/common OS_NAME=RedHatEnterpriseLinux AM_HOME=/opt/IBM/itcam/WebSphere/DC/itcamdc LICENSE=true Note: The <PATH>/DC/dc_config/dcInputs.txt file must exist in order for the data collector configuration to succeed. Example 3-18 shows a successful silent configuration entry in trace-install.log. Example 3-18 Sample trace-install.log for a successful data collector configuration <LogText><![CDATA[DATA: Configure Finish: Successfully configured the application server cells/khartoumCell01/nodes/khartoumNode01/servers/ClientSvc cells/khartoumCell01/nodes/khartoumNode01/servers/ServerSvc.]]> </LogText> Running configDataCollector.jacl Use a JACL script called configDataCollector.jacl that exists in the config_DC directory. The input file for this script is found in the temporary directory that is created from the installation. To install the data collector into a secondary application server in the node laredoNode02 with profile vbdpro01, we use the parameter file shown in Example 3-19. Example 3-19 Sample properties for configuring data collector server=server1(cells/laredoNode02Cell/nodes/laredoNode02/servers/server 1|server.xml#Server_1144783086875) server.genericJvmArguments=-Xbootclasspath/p:${AM_HOME}/lib/bcm-bootstr ap.jar;${AM_HOME}/lib/ppe.probe-bootstrap.jar -Xrunam Chapter 3. Installing ITCAM for WebSphere 59 -Djlog.propertyFileDir.CYN=${AM_HOME}/etc -Djlog.qualDir=laredoNode02.server1 server.systemproperty0=com.ibm.websphere.classloader.plugin=com.cyanea. bcm.websphere.BcmPlugin server.systemproperty1=java.rmi.server.codebase=file://${MS_AM_HOME}/li b6.0/ppe.probe.jar file://${MS_AM_HOME}/lib/ppe.probe-intf.jar file://${MS_AM_HOME}/lib6.0/ppe.was_6.jar file://${MS_AM_HOME}/lib6.0/ppe.probe-bootstrap.jar server.systemproperty2=appserver.platform=was6010 server.systemproperty3=am.appserver=server1 server.systemproperty4=java.security.policy=C:\\ITCAM\\DC/etc/datacolle ctor.policy server.systemproperty5=deploymentmgr.rmi.connection= server.systemproperty6=am.profilename=vbdpro01 server.systemproperty7=am.nodename=laredoNode02 server.systemproperty8=am.home=C:\\ITCAM\\DC server.environment0=PATH=C:\\ITCAM\\DC/lib; server.environment1=QUALDIR=laredoNode02.server1 server.environment2=_JVM_THREAD_DUMP_BUFFER_SIZE=25000000 server.customservice0.displayName=am server.customservice0.classpath= server.customservice0.enable=true server.customservice0.description=Custom Service for ITCAMfWAS DC server.customservice0.classname=com.cyanea.ws6.ProbeService server.pmiservice.initialSpecLevel=connectionPoolModule=H:wsgwModule=N: orbPerfModule=H:cacheModule=N:webAppModule=H:threadPoolModule=H:wlmModu le=M:webServicesModule=N:beanModule=X:jvmRuntimeModule=H:systemModule=M :servletSessionsModule=H:transactionModule=M:j2cModule=H server.am.install.root=C:\\ITCAM\\DC server.am.ms.home=/C:/IBM/itcam/WebSphere/MS Apart from the apparent configuration values, the first line indicates the server ID. Retrieve this from the appropriate server.xml file by finding the xmi:id=”Server_ string. The command we use to activate this property is: . $WAS_HOME/bin/setupCmdLine.bat $WAS_HOME/bin/wsadmin.bat -conntype SOAP -hostname laredo -port 8881 -f $ITCAM_HOME/config_DC/configDataCollector.jacl attr.properties 60 Large-Scale Implementation of IBM Tivoli Composite Application Manager for WebSphere and Response Time Tracking 3.2.5 Automatically discovering the installation parameters To analyze the installed WebSphere software in a machine, use the vpd.properties file. Depending on your platform, the vpd.properties file resides on the following directories: On AIX: /usr/lib/objrepos/vpd.properties On Windows: %WINDIR%\vpd.properties or %HOMEPATH%\WINDOWS On Linux, Solaris, HP-UX: /vpd.properties or /root/vpd.properties The entries in the vpd.properties file are delimited by a long | character field similar to that shown in Example 3-20. Example 3-20 vpd.properties file entries WSBAA60|6|0|0|0|6.0.0.0|1=WebSphere Application Server|IBM WebSphere Application Server| |IBM| |6.0.0.0|C:\IBM\WebSphere\AppServer|0|1|WSBAA60CoreRuntime|6|0|0|0|6.0. 0.0|1|0|2|ref_33390|1|WSBAA60|6|0|0|0|6.0.0.0|1|0|false|"_uninst" "uninstall.jar" "uninstall.dat" ""|true|3|WSBAA60|6|0|0|0|6.0.0.0|1 The following list is aimed at helping you identify the information: The first identifier is the product ID. WSB* identifies the base WebSphere Application Server. The second field provides the version number. The twelfth field helps retrieve the WebSphere Application Server installation directory. Chapter 3. Installing ITCAM for WebSphere 61 Retrieve the WebSphere Application Server instances by analyzing the directory structure of the installation. The profiles for WebSphere Application Server V6 are in the profiles directory. From the WebSphere home path, get the application server from the config subdirectory. Figure 3-6 shows a sample directory structure. Figure 3-6 Configuration directory structure In the cell level, the application server type is seen. In Figure 3-6, the file is profiles/default/config/cells/laredoNode01Cell/cell.xml. Example 3-21 shows our sample cell.xml. Example 3-21 Sample cell.xml <?xml version="1.0" encoding="UTF-8"?> <xmi:XMI xmi:version="2.0" xmlns:xmi="http://www.omg.org/XMI" xmlns:topology.cell="http://www.ibm.com/websphere/appserver/schemas/5.0 /topology.cell.xmi" xmlns:ipc="http://www.ibm.com/websphere/appserver/schemas/5.0/ipc.xmi"> <xmi:Documentation> <contact>WebSphere Application Server v5.0 Default Configuration Files v1.7 7/31/02</contact> </xmi:Documentation> <topology.cell:Cell xmi:id="Cell_1" name="laredoNode02Cell" cellDiscoveryProtocol="TCP" cellType="STANDALONE"> </topology.cell:Cell> </xmi:XMI> 62 Large-Scale Implementation of IBM Tivoli Composite Application Manager for WebSphere and Response Time Tracking In Example 3-21 on page 62, the bold type indicates the cell type — a STANDALONE cell or a DISTRIBUTED network deployment-based cell. For a standalone cell, retrieve the port information from serverindex.xml under the node name folder, for example, config/cells/laredoNode02Cell/nodes/laredoNode02/serverindex.xml. Example 3-22 shows parts of the server index. Example 3-22 Sample serverindex.xml <?xml version="1.0" encoding="UTF-8"?> <serverindex:ServerIndex xmi:version="2.0" xmlns:xmi="http://www.omg.org/XMI" xmlns:serverindex="http://www.ibm.com/websphere/appserver/schemas/5. 0/serverindex.xmi" xmi:id="ServerIndex_1" hostName="laredo.itsc.austin.ibm.com"> . . . <specialEndpoints xmi:id="NamedEndPoint_1144783085594" endPointName="SOAP_CONNECTOR_ADDRESS"> <endPoint xmi:id="EndPoint_1144783085594" host="laredo.itsc.austin.ibm.com" port="8881"/> </specialEndpoints> . . . </serverindex:ServerIndex> For a distributed cell, first select the core group information to retrieve the node name of the deployment manager. The core group information is stored in a sub-directory under the cell called coregroups\DefaultCoreGroup\coregroup.xml. Get the association between the node and the dmgr server, as shown in Example 3-23. Example 3-23 Excerpt from coregroup.xml . . . <coreGroupServers xmi:id="CoreGroupServer_1130943100094" nodeName="laredoCellManager01" serverName="dmgr"/> . . . The serverindex.xml is found under the appropriate node, for example, cells/laredoCell01/nodes/laredoCellManager01. The SOAP_CONNECTOR_ADDRESS is similar to that shown in Example 3-22. Chapter 3. Installing ITCAM for WebSphere 63 Based on the above consideration, a shell script can be written to retrieve all the available application servers on a machine and build the response files individually to perform the installation. Another option is to use an automated software distribution solution such as IBM Tivoli Configuration Manager or IBM Tivoli Provisioning Manager. 3.3 Configuring and setting up SSL communication ITCAM for WebSphere provides the facility to communicate with data collectors securely over TCP/IP networks using Secure Socket Layer (SSL). Default certificates and keystores are set up during initial installation. SSL is not enabled by default. Therefore, manual configuration is necessary in order to have the managing server and data collectors communicate over a secure connection. This section discusses the following topics: 3.3.1, “Managing server Secure Socket Layer setup” on page 64 3.3.2, “Data collector Secure Socket Layer setup” on page 65 3.3.3, “Working with custom certificates” on page 67 3.3.1 Managing server Secure Socket Layer setup Enabling SSL and using the default certificate information to verify SSL communication works must be your first step. This is to rule out any possible errors while attempting to generate and use your own certificates and keystores. 1. Go to the ITCAM _HOME/etc directory. The kl1.properties and kl2.properties kernel configuration files contain the following parameters that must be activated for Secure Sockets Layer: security.enabled=true codebase.security.enabled=true 2. Set the system properties on the WebSphere Application Server where the visualization engine is running. Add the system properties using the WebSphere administration console. Where you set the properties depends on the version of the WebSphere Application Server. – – – – – 64 certificate.path: MS_home/etc/mgmttomgmt.cer keystore.location: MS_home/etc/CyaneaMgmtStore keystore.storepass: cyanea94612 keystore.keypass: cyanea94612 nodeauth.userid: cyaneamgmt Large-Scale Implementation of IBM Tivoli Composite Application Manager for WebSphere and Response Time Tracking Figure 3-7 shows these settings in the administration console. Figure 3-7 New SSL-related settings 3. Restart the kernel components and the visualization engine application server to activate the new settings. 3.3.2 Data collector Secure Socket Layer setup The SSL setup is stored in the datacollector.properties file. This file is located in the etc subdirectory of the data collector installation directory. Activate the definition shown in Example 3-24. Example 3-24 SSL settings for datacollector.properties file security.enabled=true certificate.path=/opt/IBM/itcam/WebSphere/DC/etc/dctomgmt.cer;/opt/IBM/ itcam/WebSphere/DC/etc/dctoproxy.cer keystore.location=/opt/IBM/itcam/WebSphere/DC/etc/CyaneaDCStore keystore.storepass=oakland94612 keystore.keypass=oakland94612 nodeauth.userid=cyaneadc comm.use.ssl.dc=true Chapter 3. Installing ITCAM for WebSphere 65 Remove the system-generated datacollector.properties file and restart the data collector. The system-generated property file name is similar to <nodename>.<servername>.datacollector.properties. On restarting the data collector, the message shown in Example 3-25 is generated in msg-dc.log, which is located in the Tivoli common log directory. Once you receive the message, communication between the managing server and the data collector is encrypted. Example 3-25 SSL active information <Message Id="CYND5237I" Severity="INFO"> <Time Millis="1143583253402"> 2006-03-28 17:00:53.402-05:00</Time> <Server Format="IP">wsamaix1.tivlab.raleigh.ibm.com</Server> <ProductId>CYN</ProductId> <Component>CYN.msg.datacollector</Component> <ProductInstance>6</ProductInstance> <LogText><![CDATA[CYND5237I Using SSL server socket for component: CommandAgent. All clients connecting to this component MUST connect via SSL, else the client socket may hang till the timeout expires. No user action is required.]]></LogText> <Source FileName="com.cyanea.command.CommandAgent" Method="start"/> <TranslationInfo Type="JAVA" Catalog="com.ibm.tivoli.probe.resource.LogMessages" MsgKey="CYND5237I"></TranslationInfo> <Principal>wsamaix1.tivlab.raleigh.ibm.com/9.42.153.102</Principal> </Message> Note: Only the CommandAgent port uses SSL. Other communications opened by the data collector, such as the ProbeController port and the data collector - Publish Server port, do not use SSL. Therefore, when SSL is enabled, only the data in the channels connected to the CommandAgent port is encrypted. 66 Large-Scale Implementation of IBM Tivoli Composite Application Manager for WebSphere and Response Time Tracking All the data processed in the CommandAgent channel is encrypted when SSL is enabled. Table 3-4 shows the data classification. Table 3-4 Data content classification Classification Data Command and control data Configuring and unconfiguring data collector User actions related to threads Starting and stopping JVM threads Changing thread priorities Getting thread priorities and thread status Requesting drill information to see cookies, and so on Generating thread dumps Getting thread stack traces System information Application server information Operating system platform information JVM information Application information All the applications installed on the monitored application server Application binaries and location information Thread pool information related to Java Message Service (JMS), Java 2 Enterprise Edition (J2EE) Connector Architecture (JCA), Java Transaction API (JTA), Servlet, Enterprise JavaBeans (EJB), and so on Data source information Performance data All performance monitor interface (PMI) data Transport data Object Request Broker (ORB) data SOAP ports Memory information Obtaining JVM Heap Snapshot™ data Performing memory leak analysis Performing heap dump 3.3.3 Working with custom certificates This section discusses one approach to using custom certificates. There are different ways of configuring the certificates. The approach that we use categorizes the machines into three types: the managing server, the port consolidator, and the data collector. Each type can communicate with the other type and understand one another. Chapter 3. Installing ITCAM for WebSphere 67 Three keystores must be generated for custom certificates. The three keystores for a distributed environment implementation are: MSStore This contains the following managing server certificates: – mgmttomgmt.cer (cn=cyaneamgmt) – dctomgmt.cer (cn=cyaneadc) – proxytomgmt.cer (cn=cyaneaproxy) DCStore This contains the following data collector certificates: – proxytodc.cer (cn=cyaneaproxy) – mgmttodc.cer (cyaneamgmt) ProxyStore This contains the following port consolidator certificates: – mgmttoproxy.cer (cn=cyaneamgmt) – dctoproxy.cer (cn=cyaneadc) The keystore files are generated using the keytool command, which comes with Java Runtime Environment (JRE). In order to run the keytool command, you must be in the JAVA_HOME/bin directory or have it specified in the PATH. Perform a quick check by entering the keytool command. A help list showing the syntax must be visible on the console. In order to better manage the keystores, we create a directory called keyfiles in ITCAM_HOME/etc and run the keytool command from this directory. 68 Large-Scale Implementation of IBM Tivoli Composite Application Manager for WebSphere and Response Time Tracking Creating MSStore The first keystore that must be created is for the managing server. The name of the keystore can be customized to fit your environment. In the examples provided here, NEWMSStore is used as the keystore name. Because three aliases must be added to this keystore, the command must be run three times, once for each alias. For communication between the managing servers, create the alias mgmttomgmt for the keystore NEWMSStore with the command shown in Example 3-26. Example 3-26 Command to create the alias mgmttomgmt keytool -genkey -alias mgmttomgmt -keyalg RSA -keysize 1024 -sigalg MD5withRSA -validity 2000 -keypass raleigh1 -keystore ./NEWMSStore -storepass raleigh2 -dname "cn=cyaneamgmt, OU=Tivoli, O=IBM, L=Raleigh, ST=NC, C=US" This command creates the NEWMSStore file and the mgmttomgmt key in it. The password, keypass, and storepass can be anything you want them to be. For communication from the managing server to the data collector, create the alias dctomgmt using the command shown in Example 3-27. Example 3-27 Command to create the alias dctomgmt keytool -genkey -alias dctomgmt -keyalg RSA -keysize 1024 -sigalg MD5withRSA -validity 2000 -keypass raleigh1 -keystore ./NEWMSStore -storepass raleigh2 -dname "cn=cyaneamgmt, OU=Tivoli, O=IBM, L=Raleigh, ST=NC, C=US" This command adds the dctomgmt alias into the NEWMSStore file. For communication from the managing server to the port consolidator, create the alias proxytomgmt to the keystore using the command shown in Example 3-28. Example 3-28 Command to create the alias proxytomgmt keytool -genkey -alias proxytomgmt -keyalg RSA -keysize 1024 -sigalg MD5withRSA -validity 2000 -keypass raleigh1 -keystore ./NEWMSStore -storepass raleigh2 -dname "cn=cyaneamgmt, OU=Tivoli, O=IBM, L=Raleigh, ST=NC, C=US" Chapter 3. Installing ITCAM for WebSphere 69 Creating DCStore The second set of keystores that must be created is for the data collector. As with the managing server keystore, customize the data collector keystore name to your environment. In this example, we use NEWDCStore. Create the alias proxytodc for keystore NEWDCStore using the command shown in Example 3-29. Example 3-29 Command to create the alias proxytodc keytool -genkey -alias proxytodc -keyalg RSA -keysize 1024 -sigalg MD5withRSA -validity 2000 -keypass raleigh1 -keystore ./NEWDCStore -storepass raleigh2 -dname "cn=cyaneaproxy, OU=Tivoli, O=IBM, L=Raleigh, ST=NC, C=US" Create the alias mgmttodc for the NEWDCStore file using the command shown in Example 3-30. Example 3-30 Command to create the alias mgmttodc keytool -genkey -alias mgmttodc -keyalg RSA -keysize 1024 -sigalg MD5withRSA -validity 2000 -keypass raleigh1 -keystore ./NEWDCStore -storepass raleigh2 -dname "cn=cyaneaproxy, OU=Tivoli, O=IBM, L=Raleigh, ST=NC, C=US" Creating ProxyStore ProxyStore is the last keystore that must be created before extracting the certificates. This is used by the port consolidator in a distributed environment. We use the file NEWProxyStore for this purpose. Create the alias mgmttoproxy for the keystore NEWProxyStore using the command shown in Example 3-31. Example 3-31 Command to create the alias mgmttoproxy keytool -genkey -alias mgmttoproxy -keyalg RSA -keysize 1024 -sigalg MD5withRSA -validity 2000 -keypass raleigh1 -keystore ./NEWProxyStore -storepass raleigh2 -dname "cn=cyaneaproxy, OU=Tivoli, O=IBM, L=Raleigh, ST=NC, C=US" 70 Large-Scale Implementation of IBM Tivoli Composite Application Manager for WebSphere and Response Time Tracking Create the alias dctoproxy using the command shown in Example 3-32. Example 3-32 Command to create the alias dctoproxy keytool -genkey -alias dctoproxy -keyalg RSA -keysize 1024 -sigalg MD5withRSA -validity 2000 -keypass raleigh1 -keystore ./NEWProxyStore -storepass raleigh2 -dname "cn=cyaneaproxy, OU=Tivoli, O=IBM, L=Raleigh, ST=NC, C=US" Extracting certificates from the keystores Once all the three keystores are created, extract the certificates from each keystore and give them to their communication partners. These certificates are used to validate the SSL connection between the components. Figure 3-8 shows the keystores and certificate exchanges. Managing Server Port Consolidator Data Collector MSStore ProxyStore DCStore mgmttomgmt mgmttoproxy mgmttodc proxytomgmt dctoproxy proxytodc key mgmttoproxy proxytodc dctoproxy certificates mgmttodc proxytomgmt dctomgmt dctomgmt mgmttomgmt Figure 3-8 Keystores and certificate exchanges Chapter 3. Installing ITCAM for WebSphere 71 Do the following: Extract all the certificates from the managing server keystore NEWMSStore. The export commands are shown in Example 3-33. Example 3-33 Commands to extract certificates from the managing server keystore keytool -export -alias mgmttomgmt -keypass raleigh1 -keystore ./NEWMSStore -storepass raleigh2 -file mgmttomgmt.cer keytool -export -alias dctomgmt -keypass raleigh1 -keystore ./NEWMSStore -storepass raleigh 2 -file dctomgmt.cer keytool -export -alias proxytomgmt -keypass raleigh1 -keystore ./NEWMSStore -storepass raleigh2 -file proxytomgmt.cer Extract all the certificates from NEWDCStore by using the commands shown in Example 3-34. Example 3-34 Commands to extract all the certificates from NEWDCStore keytool -export -alias proxytodc -keypass raleigh1 -keystore ./NEWDCStore -storepass raleigh2 -file proxytodc.cer keytool -export -alias mgmttodc -keypass raleigh1 -keystore ./NEWDCStore -storepass raleigh2 -file mgmttodc.cer Extract all the certificates from NEWProxyStore by using the commands shown in Example 3-35. Example 3-35 Commands to extract all the certificates from NEWProxyStore keytool -export ./NEWProxyStore keytool -export ./NEWProxyStore -alias mgmttoproxy -keypass raleigh1 -keystore -storepass raleigh2 -file mgmttoproxy.cer -alias dctoproxy -keypass raleigh1 -keystore -storepass raleigh2 -file dctoproxy.cer After completing the extraction of all the certificates, the directory must have seven .cer files. Import these certificates to their appropriate partners using these commands: For NEWMSStore, use the commands shown in Example 3-36. Example 3-36 Commands to import certificates: NEWMSStore keytool -import -alias mgmttomgmt -file mgmttomgmt.cer -keypass raleigh1 -keystore ./NEWMSStore -storepass raleigh2 keytool -import -alias mgmttoproxy -file mgmttoproxy.cer -keypass raleigh1 -keystore ./NEWMSStore -storepass raleigh2 keytool -import -alias mgmttodc -file mgmttodc.cer -keypass raleigh1 -keystore ./NEWMSStore -storepass raleigh2 72 Large-Scale Implementation of IBM Tivoli Composite Application Manager for WebSphere and Response Time Tracking For NEWDCStore, use the commands shown in Example 3-37. Example 3-37 Commands to import certificates: NEWDCStore keytool -import -alias dctomgmt -file dctomgmt.cer -keypass raleigh1 -keystore ./NEWDCStore -storepass raleigh2 keytool -import -alias dctoproxy -file dctoproxy.cer -keypass raleigh1 -keystore ./NEWDCStore -storepass raleigh2 For NEWProxyStore, use the commands shown in Example 3-38. Example 3-38 Commands to import certificates: NEWProxyStore keytool -import -alias proxytomgmt -file proxytomgmt.cer -keypass raleigh1 -keystore ./NEWProxyStore -storepass raleigh2 keytool -import -alias proxytodc -file proxytodc.cer -keypass raleigh1 -keystore ./NEWProxyStore -storepass raleigh2 Deploy these newly generated keystores to the appropriate machines. Store NEWMSStore on the managing servers, NEWProxyStore on the port consolidator machines, and NEWDCStore on the data collector machines. Copy the certificate files to the respective machines, too. Update the appropriate configuration entries specified in 3.3.1, “Managing server Secure Socket Layer setup” on page 64, and 3.3.2, “Data collector Secure Socket Layer setup” on page 65. Restart all the components to activate the SSL with the custom certificates. Chapter 3. Installing ITCAM for WebSphere 73 74 Large-Scale Implementation of IBM Tivoli Composite Application Manager for WebSphere and Response Time Tracking 4 Chapter 4. Maintenance of ITCAM for WebSphere This chapter discusses the issues relating to maintenance of ITCAM for WebSphere in a large-scale environment. This chapter discusses the following topics: 4.2, “Performance and availability of the managing server” on page 76 4.2, “Performance and availability of the managing server” on page 76 4.3, “Backup and recovery configuration” on page 83 4.4, “Log files and configuration files” on page 85 4.5, “Performing product maintenance” on page 87 © Copyright IBM Corp. 2006, 2007. All rights reserved. 75 4.1 Operating ITCAM for WebSphere This chapter discusses some operational issues regarding a large ITCAM for WebSphere environment. The focus is on the issues that arise largely because of environment size. Following is a list of these issues along with details about the sections that describe them: Section 4.2, “Performance and availability of the managing server” on page 76, shows that as the size of the environment grows, even a slight inefficiency can cause a major problem. A large-scale environment requires the performance and availability of the managing server to be soundly maintained. Section 4.3, “Backup and recovery configuration” on page 83, shows that backup and recovery of configuration is a necessity. The ability to quickly identify and recover system configuration is critical. The large size of the environment prohibits ad hoc backup and recovery. Section 4.4, “Log files and configuration files” on page 85, shows that log and configuration files must be maintained. There are two aspects of file maintenance: keeping the size of the log files under control and ensuring that the correct property files are used. Section 4.5, “Performing product maintenance” on page 87, discusses implementation of WebSphere, Database 2 (DB2), and ITCAM for WebSphere patches. Typically, with the number of data collectors involved, this can be a huge task. 4.2 Performance and availability of the managing server Performance and availability of the ITCAM for WebSphere managing server are mainly related to the IBM WebSphere Application Server that hosts the visualization engine and the OCTIGATE database. This section discusses the following topics: 4.2.1, “Performance of the WebSphere Application Server” on page 76 4.2.2, “Database maintenance” on page 77 4.2.3, “Data trimming” on page 78 4.2.1 Performance of the WebSphere Application Server There are several critical tuning factors for the visualization engine. The sole use of the visualization engine is to provide users with information regarding the enterprise activity, not collecting and analyzing the activity. This eases the role of the visualization engine to not being completely critical. 76 Large-Scale Implementation of IBM Tivoli Composite Application Manager for WebSphere and Response Time Tracking Tuning of the visualization engine is mainly to ensure that the WebSphere Application Server has adequate memory. This also relates to the fact that the visualization engine has to run on one of the managing servers that runs other Java-based kernel components. Each logged-in user and the activity of each user requires additional storage to be acquired by the visualization engine. The Java garbage collection process also plays an integral part in providing adequate memory resource. 4.2.2 Database maintenance Database performance is largely related to how the data is stored physically and how well the database manager understands the nature of the data. This section primarily discusses the use of DB2 as the database manager. The primary tools to ensure this are the REORG and RUNSTAT tools. You can run both of these utilities from the DB2 utilities from the DB2 command line. The REORGCHK utility reads the table information and analyzes the necessity of running reorg. REORGCHK uses the current statistics or generates its own statistics. The REORG utility reorganizes the database structure to ensure that data is allocated coherently and in a typical access sequence requested by most queries. The syntax for running REORG is: DB2 REORG TABLE creator.table_name INDEX primary_index_name The RUNSTATS utility collects the statistics of the tables and indexes to ensure that the database manager chooses the most optimized method to get the data requested by an Structured Query Language (SQL) request. The syntax for running RUNSTATS is: DB2 RUNSTATS ON TABLE creator.table_name WITH <runstat_options> Typically, you must run REORGCHK for frequently modified tables and then determine whether you want to run REORG on those tables. After all the modifications have been performed, run RUNSTATS to ensure that the statistics are current and that DB2 obtains the most optimal path to the data an Structured Query Language (SQL) requested. Chapter 4. Maintenance of ITCAM for WebSphere 77 ITCAM for WebSphere supplies a script to run the RUNSTATS utility. This script is called run-stat-cmds and resides in the bin directory. This command selects specific tables that are necessary to perform RUNSTATS on. The syntax of this command depends on the platform you execute. It can be either one of the following: run-stat-cmds.bat OCTIGATE amuser export JDBC_USER=amuser export JDBC_PASSWORD=ampasswd run-stat-cmds.sh OCTIGATE The table that ITCAM for WebSphere constantly modifies is the REQUEST table. This table must be checked frequently. The run-stat-cmds automatically checks this table and stores its output in the logs/reorg.log file. If the cluster ratio of the REQUEST table is lower than 90, run REORG on this table and rerun RUNSTATS on the REQUEST table. This REORG command is as follows: db2 "REORG TABLE AMUSER.REQUEST INDEX R_TIME " We recommend a regular, maybe monthly, maintenance window to REORG all the tables for ITCAM for WebSphere and perform a complete RUNSTATS. 4.2.3 Data trimming Another aspect of database performance is processing the data size. Because monitoring information is accumulated, access to current information may be degraded, as the database has to process more information than it must. Old data must be trimmed to allow more efficient processing. This process is application-specific, as the database manager does not know the relationship between the data. This also minimizes the disk space usage for ITCAM for WebSphere. There are two methods of pruning the tables. Run both of them, as they address different sets of tables. The pruning methods are: Automatic pruning by the archive agent This prunes data every two hours and keeps data for 48 hours. See “Archive agent trimming” on page 79. Manual pruning using the datatrim.sh command We recommend that you run this regularly. A daily run to minimize the amount of data to be pruned may be appropriate. See “Running datatrim.sh” on page 80. 78 Large-Scale Implementation of IBM Tivoli Composite Application Manager for WebSphere and Response Time Tracking Note: You may see a datatrimmer.sh script in the <MS_HOME>/bin directory. This script is not recommended and is not discussed in this paper. Archive agent trimming Once enabled, the managing server archive agent automatically prunes the following tables: MEMORY_DATA GC_DATA MQI_QUEUEMGR_SR_OVERVIEW MQI_QUEUE_SR_OVERVIEW CTG_SR_OVERVIEW WEBSERVERCHARTDATA IMSTHREADS VOLUMESTAT PORTALSTATS When data trimming is enabled, pruning occurs every two hours, keeping 48 hours worth of data in each table. These tables, and the criteria for trimming the tables, are hard-coded in ITCAM for WebSphere, and cannot be changed. Automatic data trimming using the archive agent is enabled by setting the ENABLE_DATATRIMMER property to true in the etc/aa1.properties file or the etc/aa2.properties file, or both. If both the properties files have data trimming enabled, there is a built-in delay for the second archive agent in order to prevent the occurrence of database deadlocks. Note: If you are using more than two archive agents, do not enable the data trimmer for the other archive agents. Only aa1 and aa2 must have the ENABLE_DATATRIMMER=true property. Stop and start the archive agents to pick up the changes made to the ENABLE_DATATRIMMER property using the following commands: <MS_HOME>/bin/aactl.sh stop aa1 <MS_HOME>/bin/aactl.sh start aa2 Chapter 4. Maintenance of ITCAM for WebSphere 79 Running datatrim.sh The datatrim.sh script is a command-line utility that can be scheduled or run manually to trim data that is no longer required from the database. As it is shipped with ITCAM for WebSphere, this script prunes data from the following tables: REQUEST METHOD SERVERSTATS PMISTATS VOLUMESTAT APAR PK17797 allows additional tables to be trimmed, including the following: MEMORY_DATA IMSEVENTS The datatrim.sh script carries out two major processes, marking and trimming: Mark deleting process. This process updates the rows for the REQUEST and METHOD tables that will be deleted in the data trim process. This method is controlled by the etc/deleterelatedtables.xml control file shown in Example 4-1. Example 4-1 Deleterelatedtables.xml control file <?xml version="1.0" encoding="UTF-8"?> <tableinfo> <!-- elements work for all tables --> <commitcount>2000</commitcount> <useoracle>false</useoracle> <table> <name>request</name> <daystokeep>7</daystokeep> <!-- timestamp column name --> <columnname>end_time</columnname> <!-- The format of startdate and enddate is mm/dd/yy hh:mm:ss. --> <startdate></startdate> <enddate></enddate> <!-- If a user would like to trim data based on appserver, then use adminserver and appserver elements --> <adminserver></adminserver> <appserver></appserver> <idcolumn>request_id</idcolumn> <delayinterval>15</delayinterval> <relatedtables> <name>method</name> 80 Large-Scale Implementation of IBM Tivoli Composite Application Manager for WebSphere and Response Time Tracking <columnname>start_time</columnname> </relatedtables> </table> </tableinfo> Data trim process This process deletes the data marked in the REQUEST and METHOD tables as a result of the marking process. This process is controlled by the etc/deletesingletable.xml control file shown in Example 4-2. Example 4-2 Deletesingletable.xml control file <?xml version="1.0" encoding="UTF-8"?> <tableinfo> <commitcount>2000</commitcount> <useoracle>true</useoracle> <table> <name>serverstats</name> <daystokeep>7</daystokeep> <!-- timestamp column name --> <columnname>current_time</columnname> <!-- The format of startdate and enddate is <startdate></startdate> <enddate></enddate> <!-- If a user would like to trim data based adminserver and appserver elements --> <adminserver></adminserver> <appserver></appserver> <serverid>probe_id</serverid> <delayinterval>5</delayinterval> </table> <table> <name>pmistats</name> <daystokeep>7</daystokeep> <!-- timestamp column name --> <columnname>current_time</columnname> <!-- The format of startdate and enddate is <startdate></startdate> <enddate></enddate> <!-- If a user would like to trim data based adminserver and appserver elements --> mm/dd/yy hh:mm:ss. --> on appserver, then use mm/dd/yy hh:mm:ss. --> on appserver, then use Chapter 4. Maintenance of ITCAM for WebSphere 81 <adminserver></adminserver> <appserver></appserver> <serverid>probe_id</serverid> <delayinterval>5</delayinterval> </table> </tableinfo> For both the eXtensible Markup Language (XML) files in Example 4-1 on page 80 and Example 4-2 on page 81, the following apply: The parameter commitcount controls the number of records to be committed to a database in a transaction. Change the commitcount setting from a default value of 2000 to something higher if you have large numbers of records to be deleted. This speeds up the trimming process. The commitcount number applies to all the tables specified in the XML files. The useoracle setting is no longer used. Instead, the datatrim.sh script uses the Java Database Connectivity (JDBC) driver to determine the type of database (DB2 or Oracle) being used. For each individual table, set either daystokeep or the startdate and enddate pair settings. If daystokeep is set, it overrides the startdate and enddate values. To invoke datatrim.sh, log in using the ITCAM for WebSphere owner, typically called amuser. Run the utility from the managing server. It will write its output in the log/datatrim.log file. The syntax of the command is: $MS_HOME/bin/datatrim.sh octigate amuser ampasswd The result and status of the datatrim.sh command can be analyzed in the logs/datatrim.log file. The datatrim.sh command prunes the tables, but does not optimize or reclaim free space. Perform these actions by using the REORG utility in DB2 or by exporting and reimporting the tables in Oracle. We recommend that you change the daystokeep value to the number of days of data that you want to keep, and then run the datatrim.sh script every night. Running the script every night facilitates the removal of fewer records from the database more often. Running the command less frequently can result in the script running for extended periods of time. 82 Large-Scale Implementation of IBM Tivoli Composite Application Manager for WebSphere and Response Time Tracking While it is not necessary to stop the archive agents (<MS_HOME>/bin/aactl.sh stop) prior to running the datatrim.sh script, stop the archive agents to avoid database deadlocks. Note: Stopping the archive agents leads to loss of performance data. 4.3 Backup and recovery configuration The backup and recovery procedure covers both WebSphere backup and database backup. The aim of a backup policy is to quickly restore the operation. Another objective is to minimize the backup’s impact on the operation. This section discusses the following topics: 4.3.1, “ITCAM for WebSphere backup” on page 83 4.3.2, “WebSphere configuration backup” on page 83 4.3.3, “Database backup and restore” on page 84 4.3.1 ITCAM for WebSphere backup Back up the installation directory structure of ITCAM for WebSphere using any backup utility. The restore of the file system of ITCAM for WebSphere must be owned by the ITCAM for WebSphere user ID, which is typically amuser. 4.3.2 WebSphere configuration backup WebSphere configuration backup must be considered for both the managing server and the data collector. Depending on whether you want to reinstall or restore the backup, initiate a backup. As WebSphere configuration is not a dynamic entity, taking a backup of the initial implementation and a backup procedure to be implemented before and after a configuration change must be sufficient. To dump the WebSphere Application Server configuration, use the backupConfig command. The syntax for the backupConfig command is: backupConfig <file> -nostop -logfile <filename> -user <name> -password <pswd> To restore the WebSphere configuration, use the restoreConfig command. The syntax for restoreConfig command is: restoreConfig <file> -nostop -logfile <filename> -user <name> -password <pswd> Chapter 4. Maintenance of ITCAM for WebSphere 83 4.3.3 Database backup and restore For backing up the DB2 UDB, use the DB2 UDB backup utility that is launched by using the DB2 command-line processor. The syntax for the DB2 backup utility is: db2 backup database <dbname> user <username> using <password> to <file> Note: A directory path for the target file must exist. Manually create the path before executing the backup command. If not, you will get an exception similar to: SQL2036N. valid. The path for the file or device "/tmp/octigate" is not A successful backup returns a message that is similar to: Backup successful. The timestamp for this backup image is : 20041116104855 You must either keep the timestamp or rename the file according to the timestamp. The timestamp is required to restore the database. To restore the database, execute the following command: db2 restore database <dbname> user <user> using <password> from <file> taken at <timestamp> <option> An example of running the restore with an option to prohibit rolling forward is shown in Example 4-3. Rolling forward is a feature that allows the post-backup changes to the database to be applied from the transaction redo log. A typical distributed DB2 installation does not activate this feature. Example 4-3 Restoring DB2 database > db2 restore database octigate user itcamusr using passwd from /tmp/octigate taken at 20041116104855 without rolling forward SQL2539W Warning! Restoring to an existing database that is the same as the backup image database. The database files will be deleted. Do you want to continue ? (y/n) y DB20000I The RESTORE DATABASE command completed successfully. 84 Large-Scale Implementation of IBM Tivoli Composite Application Manager for WebSphere and Response Time Tracking 4.4 Log files and configuration files Perform the file maintenance process regularly to reduce the amount of disk space used and to manage monitoring configuration. Log files maintenance applies to both managing servers and data collectors, with configuration file maintenance applying more to data collectors. This section discusses the following topics: 4.4.1, “Managing log files” on page 85 4.4.2, “Managing the configuration files” on page 86 4.4.1 Managing log files Log files in ITCAM for WebSphere are used for problem determination of the product’s working mechanism. There are several locations for log files, depending on the components that generate them. These locations are: Tivoli common directory This is where most of the log files are stored. Some typical directory names are: – %ProgramFiles%\ibm\tivoli\common (Windows) – /var/ibm/tivoli/common (UNIX) The directory under the common directory is typically identified by a three-character product code such as CYN for ITCAM for WebSphere. In the product directory, there are sub-directories: – First-failure data capture (FFDC) for first-failure data capture application The FFDC directory contains diagnostic information pertaining to the program exceptions that are captured. – Logs subdirectory of Tivoli common directory The logs subdirectory is typically filled with log files and must be maintained. The logs subdirectory of the installation path These are the logs that are typically initiated either before the product is active, such as standard output and standard error redirection, or from a leftover log file from a previous release. Some utility commands such as datatrim.sh also use this directory to store their output. Because the log files in the common directory have a maximum size and predefined number of generations, they cannot exceed a certain size. This path must be maintained and checked for ad hoc logging that may use up the space. Chapter 4. Maintenance of ITCAM for WebSphere 85 We recommend that you use a separate file system to contain the common directory. The contents of the logs subdirectory of the installation path must be regularly cleaned up manually to prune the content. 4.4.2 Managing the configuration files Figure 4-1 shows the configuration files for data collectors inter-relation. In Version 6.1, there is a significant change in the structure of the configuration files. This is due to the changes of the byte code instrumentation mechanism. $DC_home custom_requests.xml lock_analysis.xml memory_leak_diagnosis.xml method_entry_exit.xml toolkit_config_ctg.xml toolkit_config_ims.xml toolkit_config_jdo.xml toolkit_config_kwj.xml toolkit_config_mqi.xml toolkit_config_ra.xml itcamdc/etc runtime <wasver>.<wasnode>,<server> custom/toolkit_custom.properties cyn-cclog.properties cynlogging.properties jiti.properties *.datacollector.properties *.datacollector.policy *.kwjdc.properties *.toolkit.properties *.toolkit.xml Figure 4-1 Configuration file structure From time to time, you may have to modify some XML configuration files to enable certain product features. There is currently no mechanism in the product to make this switch. Employ an external automation mechanism to switch these configurations back and forth. Configuration change is typically performed by changing the toolkit_custom.properties and several related xml files under the itcamdc/etc directory. This is to add or remove the classes to be used for testing with memory allocation probe or locking probe. 86 Large-Scale Implementation of IBM Tivoli Composite Application Manager for WebSphere and Response Time Tracking 4.5 Performing product maintenance Various considerations must be taken into account when dealing with the application of product maintenance, fixes, and fix packs. In a large environment this must be performed remotely and automated with minimal impact to the production system. This section discusses the following topics: 4.5.1, “Getting software updates” on page 87 4.5.2, “Updating ITCAM for WebSphere managing server” on page 87 4.5.3, “Updating ITCAM for WebSphere data collectors” on page 90 4.5.1 Getting software updates Software updates are available at the following IBM Web sites: For ITCAM for WebSphere: http://www-306.ibm.com/software/sysmgmt/products/support/IBMTivoli CompositeApplicationManagerforWebSphere.html For DB2 Universal Database: http://www-1.ibm.com/support/docview.wss?rs=71&uid=swg27007053 For WebSphere Application Server: http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27006899 Typically, you do not have to get updates for DB2 or WebSphere on the managing server. ITCAM for WebSphere only supports a certain level of these products. However, you may sometimes have to fix an impending problem with a certain software level. 4.5.2 Updating ITCAM for WebSphere managing server The ITCAM for WebSphere managing server updates must be performed as a scheduled maintenance. This means that: You must have a backup of the management server system. You must perform an orderly shutdown of the management server. Users must be notified of the system’s unavailability. The managing server updates for ITCAM for WebSphere software are typically performed using a silent installer. The ITCAM for WebSphere fix packs consist of two sets of files that are distributed as tar files: 6.1.0-TIV-ITCAMfWAS_SVR-FP000n.tar ITCAMfWAS_V6_UpdateInstaller.tar Chapter 4. Maintenance of ITCAM for WebSphere 87 Fix packs and interim fixes are distributed as tar files, which are installed using the silent command-line update installer. Multiple fixes may be applied by combing all *.update files found in the <fix-dir>/update directory to a common update directory. The procedure to apply the updates is derived from the readme for the update installer V6.1.0.pdf. 1. Modify the silentUpdate.properties file to reflect your environment. Example 4-4 illustrates the changes required for our managing server, srv152. Example 4-4 The silentUpdate.properties # product location product.location=/opt/IBM/itcam/WebSphere/MS # updates location updates.location=./updates ####################################################################### # Managing Server properties # These properties apply only for the MS update installation, ####################################################################### # change to false if database should not be updated updateDb=true # change to false if VisualEngine should not be updated updateVe=true # TODO: uncomment this property and specify correct WAS_HOME updateVe.wasHome=/opt/IBM/WebSphere/AppServer/profiles/AppSrv01 updateVe.was.soap.host=srv152.itsc.austin.ibm.com updateVe.was.soap.port=8880 updateVe.was.node=srv152Node01 updateVe.was.server=server1 updateVe.was.user=root updateVe.was.password=rpasswd #ms.oracle.driver.jar=${ORACLE_JDBC_DRIVER_PATH}/ojdbc14.jar #ms.oracle.driver.path= # Set this property to reconfigure MS processes to bind to the specified address. #ms.bind.host.name=172.17.11.82 ####################################################################### # Uninstall properties ####################################################################### # the updates to be uninstalled uninstall.updates=last 88 Large-Scale Implementation of IBM Tivoli Composite Application Manager for WebSphere and Response Time Tracking 2. Ensure that the following environment is set prior to running the silent updater: export JAVA_HOME=/opt/IBM/WebSphere/AppServer/java export PATH=$JAVA_HOME/bin:$PATH export CLASSPATH=JAVA_HOME:$CLASSPATH 3. Prepare the installation by executing: ./silentUpdate.sh -prepareInstall 4. Do not proceed with the installation. Clean the results of the previous command by executing: ./silentUpdate.sh -cleanPrepared 5. Install by executing: ./silentUpdate.sh -install 6. If the install failed, rollback is achieved by: ./silentUpdate.sh -rollback 7. Display updates that have been installed by executing: ./silentUpdate.sh -displayInstalledUpdates Example 4-5 shows an example of the output after running the command. Example 4-5 Output from silentUpdate.sh -displayInstalledUpdates # ./silentUpdate.sh -displayInstalledUpdates Update installer version 6.1.0, build 20070513145421 Logging details into /opt/IBM/itcam/WebSphere/MS/logs/update/update_20070616101145.log Action: display installed updates Updates installed 5/31/07 2:51 PM 6.1.0.1.1 Interim Fix 1 after Fix Pack 1 Updates installed 5/31/07 2:09 PM 6.1.0.1.5 Interim Fix 5 after Fix Pack 1 Updates installed 5/31/07 2:08 PM 6.1.0.1.4 Interim Fix 4 after Fix Pack 1 Updates installed 5/31/07 12:20 PM 6.1.0.1.3 Interim Fix 3 Updates installed 5/31/07 11:56 AM 6.1.0.1 Fix Pack 1 Finished successfully Chapter 4. Maintenance of ITCAM for WebSphere 89 4.5.3 Updating ITCAM for WebSphere data collectors Data collectors are typically run in a production environment. Updating these machines requires strict change control. Because data collectors run as an integral part of the WebSphere Application Server, updating the data collectors typically involves restarting the application server. When dealing with a clustered environment, alternately restarting the members of a cluster does not affect application availability, while a standalone application server means that the application is unavailable. The primary prerequisite of this fix pack is generally to have the managing server updated before installing the fix pack to the data collectors. Installation of data collectors can be performed in stages. All the data collectors do not have to be updated together. As with the managing server updates, the data collector updates, too, come as two tar files: 6.1.0-TIV-ITCAMfWAS_MP-FP00nn.tar. ITCAMfWAS_V6_UpdateInstaller.tar The following discussion is derived from our experience in installing fix pack 1 of ITCAM for WebSphere V6.1. This fix pack is distributed as 6.1.0-TIV-ITCAMfWAS_MP-FP0001. Note: Use the following steps following the DataCollector Fixpack1 update or after multiple fix updates that includes Fixpack 1 6.1.0.1-TIV-ITCAMfWAS_MP-IF0001. 1. Download and untar the update installer tar file ITCAM_V61_UpdateInstaller.tar. 2. Download and untar the fixes tar files. You may untar all available updates to the same updates directory. Both fix packs and interem fixes are may be applied together. Example 4-6 lists the fixes that we apply. Example 4-6 A list of update files to be applied 6.1.0-TIV-ITCAMfWAS_MP-FP0001.update 6.1.0.0-TIV-ITCAMfWAS_MP-IF0003.update 6.1.0.0-TIV-ITCAMfWAS_MP-IF0004.update 6.1.0.0-TIV-ITCAMfWAS_MP-IF0005.update 6.1.0.0-TIV-ITCAMfWAS_MP-IF0006.update 6.1.0.1-TIV-ITCAMfWAS_MP-IF0001.update 90 Large-Scale Implementation of IBM Tivoli Composite Application Manager for WebSphere and Response Time Tracking 3. The update installer requires the Java Runtime Environment Version 1.3.1 or later. Either include the java command into PATH or define the JAVA_HOME environment variable to point to the Java Runtime Environment home directory. In UNIX or Linux, run: export JAVA_HOME=/opt/WebSphere/AppServer/java 4. The update installer is a non-interactive silent installer that works based on the response file. The default name of the response file is silentUpdate.properties, and it is supplied with the update installer. Update the response file, as in Example 4-7. Example 4-7 The silentUpdate.properties for applying fixes to the data collector product.location=/opt/IBM/itcam/WebSphere/DC updates.location=./updates updates.gclog=/tmp/gclog.log uninstall.updates=last 5. Stop the WebSphere Application Servers that have the data collector installed. 6. In order to prepare for installation, change to the directory where the update installer scripts are stored. The preparation is recommended for checking the environment. Run the command ./silentUpdate.sh -prepareInstall. A typical output of the prepareInstall is shown in Example 4-8. Example 4-8 The prepare for installation # ./silentUpdate.sh -prepareInstall Update installer version 6.1.0, build 20070513145421 Logging details into /opt/IBM/itcam/WebSphere/DC/logs/update/update_20070608170706.log Action: prepare install Finished successfully 7. To update the data collector with all the update files in the updates sub-directory, run the command ./silentUpdate.sh -install. A typical output of the install command is shown in Example 4-9. Example 4-9 Running the patch installation # ./silentUpdate.sh -install Update installer version 6.1.0, build 20070513145421 Logging details into /opt/IBM/itcam/WebSphere/DC/logs/update/update_20070608171205.log . . . Chapter 4. Maintenance of ITCAM for WebSphere 91 8. When the installation has completed, you can verify the data collector version using the command. ./silentUpdate.sh -displayInstalledUpdates. The status in our environment is shown in Example 4-10. Example 4-10 Patch installation result # ./silentUpdate.sh -displayInstalledUpdates Update installer version 6.1.0, build 20070513145421 Logging details into /opt/IBM/itcam/WebSphere/DC/logs/update/update_20070608172553.log Action: display installed updates Updates installed 6/8/07 5:13 PM 6.1.0.1.1 Interim Fix 1 6.1.0.1 Fix Pack 1 6.1.0.0.6 Interim Fix 6 6.1.0.0.5 Interim Fix 5 6.1.0.0.4 High CPU usage for TEMA PMI collection 6.1.0.0.3 JITI support Finished successfully Note: At least one server must first be configured before updating the version level of the data collecter. 9. In a WebSphere Application Server V6.1 environment, activate the OSGI configuration initialization. From the WebSphere /profiles/<profile-name>/bin directory, run the osgiCfgInit.sh script. You should expect no messages from this script. 10.Restart the application server to activate the data collectors. Some patches may have to be updated manually through the WebSphere administration console. This is typically to add certain options on WebSphere. To perform the updates silently, build a Java Command Language (JACL) script. 92 Large-Scale Implementation of IBM Tivoli Composite Application Manager for WebSphere and Response Time Tracking 5 Chapter 5. Planning for ITCAM for Response Time Tracking This chapter discusses areas that must be considered during the planning phase of IBM Tivoli Composite Application Manager implementation in a large environment. The topics discussed in this chapter are: 5.1, “Planning considerations” on page 94 5.2, “Product architecture” on page 94 5.3, “Sizing the servers” on page 96 5.4, “Deployment of ITCAM for Response Time Tracking” on page 98 5.5, “Communication and security considerations” on page 100 5.6, “Reliability and high availability” on page 102 © Copyright IBM Corp. 2006, 2007. All rights reserved. 93 5.1 Planning considerations As discussed in 1.2.2, “Concerns and considerations” on page 7, the following aspects of a large-scale implementation are discussed in this section, too: Understanding the product architecture This allows you to make the correct choices. Section 5.2, “Product architecture” on page 94, describes the architecture for ITCAM for Response Time Tracking. Sizing the servers This is important to correctly acquire adequate servers and choose a sound software configuration option. Section 5.3, “Sizing the servers” on page 96, describes an approach that can be used. Understanding the servers’ configuration options and agent deployment This is discussed for ITCAM for Response Time Tracking in 5.4, “Deployment of ITCAM for Response Time Tracking” on page 98. Planning for communication security This is a mandatory step for an enterprise with business-critical and sensitive information in a transaction environment. Section 5.5, “Communication and security considerations” on page 100, discusses confidentiality and firewall requirements. Reliability discussion, failover, and disaster recovery These, too, are mandatory aspects of a business-critical process in a large enterprise. Section 5.6, “Reliability and high availability” on page 102, discusses this issue. 5.2 Product architecture This section discusses the product architecture of ITCAM for Response Time Tracking. This understanding is critical for planning and deciding about server configuration and other implementation issues. See also IBM Tivoli Composite Application Manager V6.1 Family Installation, Configuration, and Basic Usage, SG24-7151. ITCAM for Response Time Tracking V6.0 has evolved from IBM Tivoli Monitoring for Transaction Performance V5.3 and inherits the major components and functions of IBM Tivoli Monitoring for Transaction Performance V5.3. 94 Large-Scale Implementation of IBM Tivoli Composite Application Manager for WebSphere and Response Time Tracking Tivoli Enterprise Monitoring Agent RTT Store and forward agent RTT management agent RTT management agent FIREWALL RTT Management server FIREWALL Figure 5-1 shows the components of ITCAM for Response Time Tracking. RTT Store and forward agent RTT management agent RTT management agent RTT management agent Figure 5-1 Components of ITCAM for Response Time Tracking Basically, ITCAM for Response Time Tracking is controlled from the management server, which provides a centralized repository of policy, configuration, and data for the ITCAM for Response Time Tracking environment. The rest of ITCAM for Response Time Tracking is the management agent. The management agent performs response time data collection and performance functions on behalf of the management server. The management agent is a single agent that can have different components deployed on it to perform different functions. The management server and management agent typically operate in an unrestricted port environment. When there is a firewall between them, they restrict the port usage to communicate. The firewall typically requests that they use a single communication port to talk back and forth. This is where the Store and Forward agent comes in. It bundles the communication between the management server and the management agent to use a single port to pass through the firewall. Because the Store and Forward agent can be cascaded, in this sense, there can be a chain of Store and Forward agents passing through multiple layers of firewalls. Chapter 5. Planning for ITCAM for Response Time Tracking 95 A special management agent resides on z/OS machines. The management agent on z/OS machines has the transaction server component activated to receive performance information from the Customer Information Control System (CICS) and Information Management System (IMS) data collector. In ITCAM for Response Time Tracking V6.0, information from the management server can be forwarded to the Tivoli Enterprise Monitoring Server for display in the Tivoli Enterprise Portal. This is achieved using the Tivoli Enterprise Monitoring Agent for ITCAM for Response Time Tracking. 5.3 Sizing the servers Due to the large scale of the implementation, the size of the servers assumes importance. Sizing determines the hardware configuration and implementation consideration of the servers. This section discusses the following topics: 5.3.1, “Sizing parameters” on page 96 5.3.2, “Sizing estimation for ITCAM for Response Time Tracking” on page 97 5.3.1 Sizing parameters To evaluate the size of the management server, you must understand the data collection mechanism for ITCAM for Response Time Tracking. Overall, the load for the management server in a steady state environment mainly relates to the collection of response time information and serving the Web console for operators. Additional work may be required to perform the following functions: Running a discovery policy Performing administrative tasks from the Web console or the command-line interface (CLI) Filing the uploading activities from the Synthetic Transaction Investigator or the Rational Robot Fulfilling an ad hoc request to reload data from the Web console The other additional tasks are not addressed in this Redpaper as these are not significant in a steady-state production environment. Reporting load parameters Reporting load is mainly local access to Database 2 (DB2) Universal Database. This does not have a significant network overhead. The processing overhead is the processor requirement to serve the users and DB2 buffering concerns. 96 Large-Scale Implementation of IBM Tivoli Composite Application Manager for WebSphere and Response Time Tracking This load is typically proportional to the number of operators with direct access to ITCAM for Response Time Tracking. However, in ITCAM for Response Time Tracking V6.0, the majority of view-only access for response time information can be consolidated into the Tivoli Enterprise Portal, which allows a single Tivoli Enterprise Monitoring Agent to collect information from the ITCAM for Response Time Tracking management server. With the Tivoli Enterprise Portal solution in place, typical Web console users must be limited to administrative staff, because they can be easily contained. Response time measurement The response time information is recorded by the Application Response Measurement (ARM) agent process from various components that perform monitoring policies, such as listening and playback. This information is uploaded to the management server using the eXtensible Markup Language (XML) data structure in a predefined and scheduled interval. The size of the data transferred is dependent on the number of response time data collected: For playback policies, you have a fixed amount of response time information based on the playback occurences on the time interval. For listening policies, the response time depends on the number of transactions actually invoked, the sampling rate, and the number of monitored components invoked by the transactions. 5.3.2 Sizing estimation for ITCAM for Response Time Tracking Specific to ITCAM for Response Time Tracking, consider the following parameters for sizing: “Communication bandwidth” on page 97 “Management server processing” on page 98 “Database size” on page 98 Communication bandwidth Communication between the management server and the management agent primarily consists of: Initial loading of policies and schedules This happens when the management agent is started. The size depends on how many policies are deployed to the management agent. Data retrieval for response time data Data retrieval is typically performed every hour. You can also request an ad hoc retrieval from the Web console when data is retrieved. Chapter 5. Planning for ITCAM for Response Time Tracking 97 Additional actions such as deploying a monitoring component or assigning a new monitoring policy to an agent do not contribute to a large workload in a production environment. Management server processing The management server is constructed in a single, large enterprise application. The processing of the management server application is affected by the following parameters: The number of connected management agents The size of data retrieved for each interval The number of connected Web console users Database size The size of the database depends on the amount of response time information loaded from the management agents. The response time information is collected from policies such as: Discovery policies Listening policies Playback policies 5.4 Deployment of ITCAM for Response Time Tracking The considerations for installing and configuring ITCAM for Response Time Tracking are covered in this section. The topics discussed here are: 5.4.1, “Designing the management server” on page 98 5.4.2, “Deploying the management agent” on page 99 5.4.1 Designing the management server The ITCAM for Response Time Tracking management server consists of the following products: DB2 Universal Database Enterprise Server or Oracle database server WebSphere Application Server ITCAM for Response Time Tracking management server application The ITCAM for Response Time Tracking management server is a single contact point for all the management agents and the user Web console. This in turn leads to the ITCAM for Response Time Tracking management server being a single point of failure for response time monitoring. 98 Large-Scale Implementation of IBM Tivoli Composite Application Manager for WebSphere and Response Time Tracking In a large environment, we recommend that you separate the management server into a multiple-server implementation in a clustered environment. Figure 5-2 shows a clustered environment. WebSphere Node Deployment Cluster WebSphere Application Server WebSphere Edge Server DB2 WebSphere Application Server Figure 5-2 Clustered environment The environment shown in Figure 5-2 introduces the following: Load balancing using the WebSphere Edge Server for access to the management servers Separation of load for database access, as the database server is now a separate, shared machine Better reliability because if one of the management servers fails, the other must still be able to process management request 5.4.2 Deploying the management agent Management agent deployment for a large environment requires the following planning: Naming convention Each agent must be easily identifiable by using a program to understand its role. Silent installation Automated, non-interactive installation is a better option to deploy the agent to hundreds or thousands of agents. Chapter 5. Planning for ITCAM for Response Time Tracking 99 Communication requirement Each agent must communicate to the management server. If there is a firewall, create a Store and Forward agent to minimize the holes in the firewall rule. Mass automated installation Perform this by using a software distribution or provisioning solution such as IBM Tivoli Configuration Manager. Perform management agent configuration and component deployment by using a command-line interface. Scripting the deployment facilitates efficient, automated, consistent, and a less error-prone deployment. 5.5 Communication and security considerations Communication and security issues are vital in the inter-networked world we live in. Applications and their management infrastructure must be secured to protect resources from unauthorized sources. This section discusses some of the planning considerations pertinent to this area: 5.5.1, “Communication security” on page 100 5.5.2, “Firewall and port considerations” on page 101 5.5.1 Communication security Communication security relates to the confidentiality of the information transmitted over the network. Management information that is used by IBM Tivoli Composite Application Manager products may contain details about the application processing internals. This requires that the content of the management information be secured from unauthorized access. WebSphere security WebSphere security plays a significant role in a large-scale implementation. In some cases, WebSphere security is not enabled during the test phase of an implementation, but during the production environment. This requires additional considerations such as the WebSphere user having the appropriate permissions to, for example, issue wsadmin commands. The configuration of data collectors involves the use of Java Command Language (JACL) scripts, and can fail when there is a permission or rights problem. 100 Large-Scale Implementation of IBM Tivoli Composite Application Manager for WebSphere and Response Time Tracking If any of the application servers on which the data collectors are installed has WebSphere security enabled, the entire ITCAM for WebSphere environment must have it enabled as well. This includes WebSphere security being enabled on the ITCAM for WebSphere managing server. Secure Sockets Layer communication Secure communication between the managing server and the data collector is a viable option if there is a requirement for data to be encrypted during transmission. Using Secure Sockets Layer (SSL) facilitates secure data transmission from the data collector to the managing server, and must appease corporate security requirements, if necessary. Additional configuration must be carried out on the managing server and the data collector when enabling the SSL setup. A certificate key generator is included with the product. This key generator provides the facility to use custom-generated keys. A best practice is to complete the default installation of the managing server and the data collector and then enable SSL for both. This isolates problems (that is, whether the problem is caused by the basic installation or the SSL configuration). 5.5.2 Firewall and port considerations Firewall and port issues can arise when the data collectors are on a different site, location, or subnet from the managing server. Problems such as name resolution can occur if the Domain Name System (DNS) is not set up correctly on either the managing server or the data collector. Routing problems may occur if the IP addresses used belong to different subnets. The entire network environment must be looked at to determine where a firewall, router, or bridge can exist. Figure 5-3 shows the communication port requirements for ITCAM for Response Time Tracking. Management server HTTP port Store and Forward Agent SnF port Store and Forward Agent SnF port Management agent Figure 5-3 Communication port requirements The management server running WebSphere Application Server listens at the listening port for a Hypertext Transfer Protocol (HTTP) request and for a Simple Object Access Protocol (SOAP) request. The management agent talks either directly to these ports or in a consolidated manner through the Store and Forward agent. The Store and Forward agent acts as the proxy agent to Chapter 5. Planning for ITCAM for Response Time Tracking 101 consolidate communication from the management agent to the management server. The Store and Forward agent can be cascaded to facilitate communication through multiple firewalls. This facility is provided, as some agents may be located across the Internet to monitor the response time from a remote agent. 5.6 Reliability and high availability This section discusses reliability issues such as those relating to failover and disaster recovery. 5.6.1 Failover and fault tolerance Clustering implementation for the ITCAM for Response Time Tracking management server facilitates a more reliable management of the management servers to allow one of the servers to take care of the entire management load when the other server fails. The clustering implementation uses WebSphere Edge Server load balancing to ensure that both the management servers are used. The WebSphere Edge Server component automatically redirects traffic to the available machine. In the ITCAM for Response Time Tracking management server, there is no indication of the primary server and the secondary server. They all perform an equal role in a WebSphere cluster. 5.6.2 Disaster recovery There are three areas where backup is necessary for disaster recovery, with regard to the IBM Tivoli Composite Application Manager server: Database Database backup must be performed regularly in order to collect the most up-to-date information. Use the database utility function to perform the backup function. WebSphere Application Server configuration for the server and the agent or the data collector This must be backed up so that it can be restored in a disaster recovery scenario. 102 Large-Scale Implementation of IBM Tivoli Composite Application Manager for WebSphere and Response Time Tracking IBM Tivoli Composite Application Manager servers These must also be physically considered to facilitate recovery at the disaster recovery site. Chapter 5. Planning for ITCAM for Response Time Tracking 103 104 Large-Scale Implementation of IBM Tivoli Composite Application Manager for WebSphere and Response Time Tracking 6 Chapter 6. Installing ITCAM for Response Time Tracking This chapter provides information about the installation and deployment procedure for ITCAM for Response Time Tracking. This chapter discusses the following topics: 6.1, “Clustering the management server” on page 106 6.2, “Deploying the management resources” on page 129 6.3, “Setting up Secure Sockets Layer certificates” on page 133 © Copyright IBM Corp. 2006, 2007. All rights reserved. 105 6.1 Clustering the management server The clustering action of installing the ITCAM for Response Time Tracking management server is performed using a WebSphere Network Deployment cluster. The database must be located in a remote machine to overload the processing and eliminate dependency on either of the machines. This database may also run on a database 2 (DB2) cluster solution. The overall installation requirement is described in Figure 6-1. Edge server Management server Database server WebSphere Edge Component Load balancer WebSphere Application Server Node Deployment ITCAM for RTT clustering server DB2 Universal Database server Figure 6-1 Installation requirement Communication from the management agents and the Web console must take place through the WebSphere Edge Server, which distributes the load for all the management servers. This section discusses the following topics: 6.1.1, “Preparing the operating system” on page 106 6.1.2, “Installing the database” on page 107 6.1.3, “Installing WebSphere Application Server” on page 109 6.1.4, “Installing WebSphere Load Balancer” on page 118 6.1.5, “Installing the management server” on page 124 6.1.1 Preparing the operating system Operating system preparation includes the following tasks: Creating a user ID to own the ITCAM for Response Time Tracking server. We create a user called itcamusr. Modifying the following operating system (OS) parameters: – Kernel parameters for Hewlett-Packard UNIX (HP-UX) or Solaris See IBM Tivoli Composite Application Manager for Response Time Tracking Installation and Configuration Guide, GC32-9482. – User right assignment for Windows The ITCAM for Response Time Tracking user requires Act as part of the operating system and Log on as service rights. 106 Large-Scale Implementation of IBM Tivoli Composite Application Manager for WebSphere and Response Time Tracking Allocating the file systems that are required for: – DB2 product /usr/lpp/db2 or C:\Program Files\IBM\SQLLIB – DB2 instance /home/db2inst1 or C:\DB2 – WebSphere Application Server: /opt/IBM/WebSphere or C:\Program Files\IBM\WebSphere – Tivoli shared path /var/IBM/tivoli/common or C:\Program Files\IBM\tivoli\common – Product path /opt/IBM/itcam or C:\Program Files\IBM\itcam 6.1.2 Installing the database This section discusses the preparations for using a DB2 database. We use IBM DB2 Universal Database Enterprise Server Edition V8.2 with Fix Pack Level 5. The DB2 database takes up space on the current installed drive. Make that sure you have enough space to accommodate the ITCAM for Response Time Tracking database. Chapter 6. Installing ITCAM for Response Time Tracking 107 The databse installation steps are: 1. Launch the DB2 installation launch pad and select Install Product. In the DB2 Setup Wizard window that appears (Figure 6-2), we install the base DB2 server without data warehousing by selecting Typical. Figure 6-2 DB2 options 2. We install with mostly default options. The instance user ID that we create is db2admin. 3. ITCAM for Response Time Tracking comes with a script to create the database schema. Use this script to preinstall the database. Optionally, you can also have the wizard create the database. This script is in the installation compact-disc read-only memory (CD-ROM) in the disk1/utilities/<dbversion> directory. The DB2 creation script is called crtdb_db2. The format for running the script is as follows: crtdb_db2 version dbname dbuser dbpasswd country_code create_db was_user In this syntax: – version specifies the DB2 version, such as 8.1 or 8.2. – dbname is the name of the database being created, such as ITCAMRTT. 108 Large-Scale Implementation of IBM Tivoli Composite Application Manager for WebSphere and Response Time Tracking Note: DB2 supports only eight characters for the database name. – dbuser specifies the user name for the DB2 instance owner. – dbpasswd specifies the password for dbuser. – country_code is the locale name as understood by DB2. – create_db indicates whether to create a new database, Y or N. – was_user is the user that the WebSphere Application Server is running under. In our environment, we issue the following command: crtdb_db2 8.2 ITCAMRTT db2admin xxxxxxxx US Y itcamusr Important: You must have the proper DB2 environment to issue this command. On Windows, run this under the DB2 command window. On UNIX platforms, source the db2profile under the DB2 instance owner home directory. 4. ITCAM for Response Time Tracking management server connects directly to the database using Java Database Connectivity (JDBC) type 4. Cataloging the database locally on the ITCAM for Response Time Tracking management server is not required if the database is installed remotely. 6.1.3 Installing WebSphere Application Server We use WebSphere Application Server V6.0.2 and install the network deployment configuration. The installation first creates the network deployment manager, dmgr instance. Individual application servers are then installed using the application server profile. We use the default AppSrv01 profile to connect to the deployment manager. Any of the machines can be the deployment manager, which is used mainly to administer the cluster and not an operational runtime tool. Chapter 6. Installing ITCAM for Response Time Tracking 109 The WebSphere Application Server installation process is: 1. Launch the WebSphere Application Server Version 6.0 Network Deployment edition installation wizard, which installs the base WebSphere code. We install WebSphere Application Server in C:\IBM\WebSphere\AppServer (Figure 6-3). Figure 6-3 Installation path for WebSphere Application Server 110 Large-Scale Implementation of IBM Tivoli Composite Application Manager for WebSphere and Response Time Tracking 2. As can be seen in Figure 6-4, we do not install the sample applications. The Javadocs are optional because they do not create additional processing requirements. Click Next. Figure 6-4 WebSphere Application Server components Chapter 6. Installing ITCAM for Response Time Tracking 111 3. The WebSphere Application Server installation wizard shown in Figure 6-4 on page 111 facilitates the launch of the profile creation wizard. Select Create an Application Server profile, as shown in Figure 6-5, and click Next. Note: We use default values for ports and other options. Figure 6-5 Profile creation Note: The deployment manager profile must only be created in the deployment manager node. 4. After the installation concludes, launch the profile creation wizard again. On Windows, start this by using the following command: $WAS_HOME\bin\ProfileCreator\pctWindows Alternately, use the wasprofile command to create a deployment manager profile to host the deployment manager. 112 Large-Scale Implementation of IBM Tivoli Composite Application Manager for WebSphere and Response Time Tracking 5. We create a standard deployment manager profile Dmgr01 from the Profile creation wizard (Figure 6-6). Figure 6-6 Application server profile 6. Install any necessary WebSphere Application Server fix packs. In our environment, we install Refresh Pack 2 for WebSphere Application Server V6.0.2. Copy the updateinstaller directory into the WebSphere directory. The refresh pack must be uncompressed into the WebSphere home directory and launched from there. Note: Download the WebSphere fix packs or refresh packs from the following URL: ftp://ftp.software.ibm.com/software/websphere/appserv/support/fix packs/<was_version>/<refreshpack or fixpack>/<Platform> Our code is downloaded from the following URL: ftp://ftp.software.ibm.com/software/websphere/appserv/support/fix packs/was60/refreshpack2/Windows When applying WebSphere fix packs on Windows servers, Java may not be found even after sourcing the WebSphere Application Server environment with setupCmdLine.bat. In this case, Java Virtual Machine (JVM) must be indicated manually using the following command: update -is:javahome %JAVA_HOME% Chapter 6. Installing ITCAM for Response Time Tracking 113 You may have to enclose JAVA_HOME within quotes if you have a space in the installation path, such as program files (Figure 6-7). C:\Program Files\ibm\WebSphere\AppServer\updateinstaller>echo %JAVA_HOME% C:\Program Files\ibm\WebSphere\AppServer\java C:\Program Files\ibm\WebSphere\AppServer\updateinstaller>update -is:javahome "%JAVA_HOME%" Figure 6-7 Updating WebSphere Application Server 7. Start federating the application servers to the deployment manager cluster. Perform this from the deployment manager administrative console: http://dmgr_host:9061/ibm/console 8. In the administrative console, select System Administration → Nodes. Click Add Node, as shown in Figure 6-8. Figure 6-8 Federating application server 114 Large-Scale Implementation of IBM Tivoli Composite Application Manager for WebSphere and Response Time Tracking 9. The add node wizard guides you to connect to the appropriate node, as shown in Figure 6-9. The node wizard connects to the administration server to collect information and create the node agent instance. The node agent talks with the deployment manager to perform administrative tasks for the deployment manager. It also includes the server1 instance into the deployment manager cluster. Figure 6-9 Add node wizard Chapter 6. Installing ITCAM for Response Time Tracking 115 10.Federate all the application server instances that you want to include in the ITCAM for Response Time Tracking clustering server. After the nodes have been federated, create a cluster. Outage from a single application server results in the load being forwarded to other members of the cluster. A cluster is created from the Administrative Console → System Administration → Servers → Cluster menu. Click New, as shown in Figure 6-10. Figure 6-10 Cluster list 116 Large-Scale Implementation of IBM Tivoli Composite Application Manager for WebSphere and Response Time Tracking 11.Create the cluster, as shown in Figure 6-11, for defining the name and its members. At the completion of each step, click Next. Click Finish when done. Save the WebSphere configuration. Figure 6-11 Cluster creation 12.The WebSphere cluster must be authenticated uniformly. To perform this action, activate global security and use an external Lightweight Directory Access Protocol (LDAP) server for authentication. This paper does not discuss this, as implementation of different LDAP servers differs considerably. Note: LDAP is required, as local OS authentication cannot span a server for a UNIX or a Linux machine. If you are using a Windows domain user authentication, you can use the Windows domain users for the cluster security. Chapter 6. Installing ITCAM for Response Time Tracking 117 13.Install the IBM Hypertext Transfer Protocol (HTTP) server. Install this server from the installation media of the WebSphere Application Server in the IHS subdirectory. Install the IBM HTTP Server using the default options in the C:\IHS directory. You must also install the IBM HTTP Server plug-in to the IBM HTTP Server system. 14.Generate the IBM HTTP Server plug-in. The plug-in generates the configuration file from the connected WebSphere server. To recreate the plug-in configuration file, run the configurewebserver1 command from the bin subdirectory of the plug-in installation directory. 15.Modify the IBM HTTP Server configuration file (httpd.conf) for additional ports to receive communication from the management agent, typically 9082. Add the following directive to the httpd.conf file: Listen 9082 The WebSphere Application Server is ready. 6.1.4 Installing WebSphere Load Balancer The WebSphere Load Balancer is a component of the WebSphere Edge Component. The WebSphere Load Balancer is installed using the WebSphere Edge Component installation media. This is the same media that you used for installing the WebSphere Caching Proxy for the Store and Forward agent. We use the dispatcher component of the Load Balancer. Conceptually, the dispatcher component works as shown in Figure 6-12. request srv150 srv105 (non forwarding) rtt srv151 Figure 6-12 Load Balancer diagram The Load Balancer requires two Internet Protocol (IP) addresses. The physical address, called the non-forwarding address, is used to access the box directly. 118 Large-Scale Implementation of IBM Tivoli Composite Application Manager for WebSphere and Response Time Tracking However, the Load Balancer uses a second address that is an alias to the physical IP address. Any request to this address is forwarded to either of the backend servers. Perform the following tasks to install the WebSphere Load Balancer: 1. The WebSphere Load Balancer requires a loopback address to be defined as a forwarding address. – In AIX, issue the following command: ifconfig lo0 alias address netmask mask – In the Windows environment, add the Microsoft loopback adapter device and assign the cluster IP address. 2. On the welcome panel (Figure 6-13), click Next. Figure 6-13 Welcome dialog Chapter 6. Installing ITCAM for Response Time Tracking 119 3. In the license agreement dialog (Figure 6-14), accept the license agreement by clicking Yes. Figure 6-14 License agreement 4. The installer then checks the prerequisites. If the check is successful, it then displays the language selection panel (Figure 6-15). Figure 6-15 Language selection 120 Large-Scale Implementation of IBM Tivoli Composite Application Manager for WebSphere and Response Time Tracking 5. Figure 6-16 shows type of installation. We use a custom installation and click Next. Note that we use content-based routing. Figure 6-16 Select the installation components Chapter 6. Installing ITCAM for Response Time Tracking 121 6. The next panel (Figure 6-17) shows the summary of selections made and starts the installation upon clicking Next. Figure 6-17 Installation summary dialog 7. Finally, the installation result is shown Figure 6-18. Click Finish to complete the installation and exit the installation wizard. Figure 6-18 Installation summary and result 122 Large-Scale Implementation of IBM Tivoli Composite Application Manager for WebSphere and Response Time Tracking Note: WebSphere Load Balancer assumes that you have the Java Runtime Environment (JRE) javaw executable in the system path. If you do not have the javaw in the system path, add this before proceeding. 8. Start our content-based routing server. We are running a Linux server. Run the cbrserver command to start the server. 9. The interaction for defining the load balancer is using a command line interface. This is performed using the cbrcontrol command. a. Start the executor: cbrcontrol executor start b. Define the cluster: cbrcontrol cluster add rtt.itsc.austin.ibm.com c. Define the ports that the cluster listens to: cbrcontrol port add rtt.itsc.austin.ibm.com:9081 d. Select the backend servers that the Load Balancer will try to balance. Add all the WebSphere cluster members into this definition: cbrcontrol server add rtt.itsc.austin.ibm.com:9081:srv150.itsc.austin.ibm.com cbrcontrol server add rtt.itsc.austin.ibm.com:9081:srv150.itsc.austin.ibm.com e. Add the rule based on which content base routing would route/load balance the requests. Right-click the port name and select Add Rule Content: cbrcontrol rule add rtt.itsc.austin.ibm.com:9081:defRule type content pattern uri=*/tmtpUI/* Note: You can choose the type of rule depending on your need. For this illustration we use content type as the type of rule. f. Associate the servers in the cluster to the rule defined in previous step e: cbrcontrol rule useserver rtt.itsc.austin.ibm.com:9081:defRule srv150.itsc.austin.ibm.com cbrcontrol rule useserver rtt.itsc.austin.ibm.com:9081:defRule srv151.itsc.austin.ibm.com g. Start the manager: cbrcontrol manager start Chapter 6. Installing ITCAM for Response Time Tracking 123 h. Start the advisor on the port configured in step c on page 123: cbrcontrol advisor start http 9081 Note: The above-mentioned steps can also be performed by GUI. Run lbadmin to start the content-based routing GUI. For more information about Load Balancer and various configuration commands refer to Load Balancer Administration Guide, GC31-6858. 10.The result of the configuration is illustrated in Example 6-1. Example 6-1 Checking result of configuration [root@srv105 logs]# cbrcontrol server report rtt.itsc.austin.ibm.com:9081 Cluster: rtt.itsc.austin.ibm.com Port: 9081 ------------------------------------------------------------| Server | Map port | Total | CPS | ------------------------------------------------------------| srv151.itsc.austin.ibm.com | | | 9081 | 0 | 0 | | srv150.itsc.austin.ibm.com | | | 9081 | 0 | 0 | ------------------------------------------------------------Your WebSphere Load Balancer is now ready. 6.1.5 Installing the management server In a clustering environment, the management server is installed using a command-line script. In WebSphere, the installation process requires access to the DB2 Java Database Connectivity (JDBC) driver. Copy the Java subdirectory of the DB2 installation or install the DB2 client locally for this. Before starting the installation process, get all the following installation parameters: WebSphere Application Server information: – Installation path – Administrator user and password – Profile name, cell name, node name, and server name – Admin console port – Simple Object Access Protocol (SOAP) connector port 124 Large-Scale Implementation of IBM Tivoli Composite Application Manager for WebSphere and Response Time Tracking – (Optional) Lightweight Directory Access Protocol (LDAP) user name and password – (Optional) Secure Sockets Layer (SSL) information • • Client Key file name and password Client Trust file name and password Database information: – – – – – Database server host name Database server port number Database name for DB2 or system ID for Oracle Database user ID and password (DB2 only) JDBC driver path The installation of the ITCAM for Response Time Tracking clustering management server uses a special CD-ROM image. It does not include the installation wizard. Installation is performed interactively using an installation script. The installation must have both the cluster CD-ROM and the common CD-ROM images copied to the same installation directory. Example 6-2 shows a sample copy command for UNIX platforms. Example 6-2 Sample copy command for UNIX platforms cp -r RTTMSclustr/shareddir/* <shared dir> cp -r RTTMScommon/disk2/shareddir/* <shared dir> Example 6-3 shows a sample copy command for Windows. Example 6-3 Sample copy command for Windows xcopy /S/I RTTMSclustr\shareddir <shared dir> xcopy /S/I RTTMScommon\disk2\shareddir <shared dir> The installation script is a Java Command Language (JACL) script that configures and installs tmtpCluster.ear into your cluster. Invoke the JACL script using the wsadmin command from the network deployment server. The installation command is: wsadmin –username <userid> -password <password> –f itcamfrtt.jacl all The existing options for itcamfrtt.jacl are: all: This performs all the installation procedures such as install and configure. configure: This configures the ear application only. install: This installs the ear application only. unconfigure: This unconfigures the ear application. uninstall: This uninstalls the ear application. Chapter 6. Installing ITCAM for Response Time Tracking 125 removeall: This removes ear application and configuration. Detailed instructions for running the JACL script are provided in ITCAM for RTT: Installing a Management Server in a WebSphere Cluster Environment, SC32-1804. Example 6-4 shows our installation result. Example 6-4 Running itcamfrtt.jacl -----------------------------------------------ITCAMfRTT Install/Configuration Script Operation: all Silent: false -----------------------------------------------Have the JVM heap settings been verified? (yes|no) [yes]: Is global security enabled? (yes|no) [yes]: Have all nodes been federated and network connectivity verified? (yes|no) [yes] Please enter the cluster name [ITCAMfRTTCluster]: Available Nodes: srv150Node01 srv151Node01 Select the desired node [srv150Node01]: Please enter the cluster member name [ITCAMfRTTServer1]: Please enter the path to the shared directory [/mnt/clustershare]:/rttshare Is this a Windows node (yes|no) [no]: Current Cluster Nodes and Members: srv150Node01 - ITCAMfRTTServer1 Add more cluster members (yes|no) [yes]: Available Nodes: srv150Node01 srv151Node01 Select the desired node [srv150Node01]: srv151Node01 Please enter the cluster member name [ITCAMfRTTServer2]: Please enter the path to the shared directory [/rttshare]: Is this a Windows node (yes|no) [no]: Current Cluster Nodes and Members: srv150Node01 - ITCAMfRTTServer1 srv151Node01 - ITCAMfRTTServer2 Add more cluster members (yes|no) [yes]: no -------------------------------------------------Cluster information obtained... -------------------------------------------------Please enter the WebServer/LoadBalancer port [81]: 126 Large-Scale Implementation of IBM Tivoli Composite Application Manager for WebSphere and Response Time Tracking Please enter the HTTP transport port for ITCAMfRTTServer1 [9081]: Please enter the HTTP transport port for ITCAMfRTTServer2 [9081]: Collecting Database/Datasource Information -----------------------------------------------Select the backend database type (db2|oracle|oracle10G) [db2]: Please enter the database driver path for ITCAMfRTTServer1 [c:/sqllib/java]: /home/db2inst1/sqllib/java Please enter the database driver path for ITCAMfRTTServer2 [/home/db2inst1/sqllib/java]: Please enter the database name (location) [ITCAMRTT]: tmtpdb Please enter the DB2 database hostname [localhost]: lima.itsc.austin.ibm.com Please enter the DB2 database port number [50000]: Please enter the database username [db2admin]: db2inst1 Please enter the database password [password]: XXXXXXXX ------------------------------------------------Collecting Security Information for JMS ------------------------------------------------Please enter the system username [LocalOSUserID]: wasadmin Please enter the system password [password]: XXXXXXXX ------------------------------------------------Collecting Information for Install ------------------------------------------------Please enter the full path name of the EAR file [tmtpCluster.ear]: /rttclust/RTTMSclustr/ear/DB2UDB_V81/tmtpCluster.ear -----------------------------------------------Configuring Cluster and Cluster Members Scope: srv150Cell01(cells/srv150Cell01|cell.xml#Cell_1) -----------------------------------------------Creating Cluster ITCAMfRTTCluster... ITCAMfRTTCluster created successfully! Creating Cluster Member ITCAMfRTTServer1... ITCAMfRTTServer1 created successfully! Enabling SIB Service on ITCAMfRTTServer1... SIB Service enabled successfully! Creating Cluster Member ITCAMfRTTServer2... ITCAMfRTTServer2 created successfully! Enabling SIB Service on ITCAMfRTTServer2... SIB Service enabled successfully! -----------------------------------------------Cluster Configuration Completed!!! ----------------------------------------------------------------------------------------------Installing ITMTP-Cluster ------------------------------------------------- Chapter 6. Installing ITCAM for Response Time Tracking 127 Installing application {ITMTP-Cluster}... Application Name: ITMTP-Cluster Ear file: /rttclust/RTTMSclustr/ear/DB2UDB_V81/tmtpCluster.ear Target Cluster: ITCAMfRTTCluster Authentication Alias: TMTPDataSourceAuthData Starting application install... -----------------------------------------------ITMTP-Cluster Installation Completed!!! -----------------------------------------------Do you wish to restart the cluster (yes|no) [yes]: Starting ITCAMfRTTCluster... Ripple start of ITCAMfRTTCluster initiated. 6.1.6 Checking the configuration of the RTT cluster application After the installation completes, log on to the WebSphere server administration console and check the Map virtual hosts for Web modules setting of RTT cluster application. See whether they have been mapped to the itcamfrtt_host correctly. Change the virtual host to itcamfrtt_host if they are not currently mapped to it. Select OK and restart the application. See Figure 6-19. Figure 6-19 Virtual hosts definition of RTT cluster application 128 Large-Scale Implementation of IBM Tivoli Composite Application Manager for WebSphere and Response Time Tracking 6.2 Deploying the management resources The management agent in ITCAM for Response Time Tracking is a neutral component. Management components are deployed after the installation is complete, using either the Web interface or the command-line interface (CLI). This section discusses the following topics: 6.2.1, “Silent installation of the management agent” on page 129 6.2.2, “Command-line interface for management components” on page 130 6.2.1 Silent installation of the management agent Installing the management agent by using the silent installation method allows unattended installation of a large number of agents to be performed. The silent installation of the ITCAM for Response Time Tracking management agent is performed using the following command: setup_MA -silent -options <responsefile> The response file sample is provided in the responsefiles subdirectory of the installation media. The options in the response file are divided into: License agreement setting for management agents -G licenseAccepted=true Installation directory for management agents -P ma.installLocation="C:\IBM\itcam\RTT\MA” Installation settings -W -W -W -W -W -W -W -W -W -W -W msConnection.offline="true" msConnection.hostName="fully_qualified_host_name" msConnection.userName="tmtpuser" msConnection.password="tmtppassword" msConnection.sslValue="[true | false]" msConnection.portNumber="9446" msConnection.maPort="1976" (This is the default value.) msConnection.epKeyStore="c:/tmtp/agent.jks" msConnection.epKeyPass="changeit" serviceUser.user="TMTPAgent" (Windows only) serviceUser.password="tivoli" (Windows only) Global response settings -G replaceExistingResponse="yesToAll | yes | noToAll | no" -G replaceNewerResponse="yesToAll | yes | noToAll | no" -G removeExistingResponse="yesToAll | yes | noToAll | no" Chapter 6. Installing ITCAM for Response Time Tracking 129 -G removeModifiedResponse="yesToAll | yes | noToAll | no" Log settings [-W logSettings.level="trace_level"] [-W logSettings.consoleOut="true | false"] A sample response file MA.opt is under the management agent installation file directory. You can use it to proceed the silent installation by modifying the default setting in the sample response file. 6.2.2 Command-line interface for management components To deploy the management agent, use the CLI. The CLI for ITCAM for Response Time Tracking is provided in the MS_Home/downloads/cli directory. This directory, which can be copied to any machine, provides the functionality from a command line. The CLI is useful for providing a scripted deployment of ITCAM for Response Time Tracking. Copy the entire directory from MS_Home/downloads/cli. If you are running a Windows system, copy w32util.dll to %WINSYSDIR%\w32util.dll. Modify tmtpcli.bat or tmtpcli.sh to define CLI_HOME to the path where you put the directory. In our environment, we run the CLI from the management server, which is installed in C:\IBM\itcam\RTT\MS. Therefore, CLI_HOME is set to: CLI_HOME=C:\IBM\itcam\RTT\MS\downloads\cli You must have JAVA_HOME defined to the JRE 1.4 environment. With the WebSphere Application Server, you can run setupCmdLine.bat or setupCmdLine.sh to establish your environment. Initially, generate the tmtpcli.properties file using the CreateCliProperties command. Depending on whether you activate global security, you may have to use Hypertext Transfer Protocol Secure (HTTPS) protocol and specify the KeyStore file and its password. The Universal Resource Locator (URL) for the management server is the primary URL for the application server, and not the Web console URL. In our environment we issue the following command: tmtpcli -CreateCliProperties –MsUrl http://khartoum:9081/ –UserName itcamrtt –Password xxxxxxx See IBM Tivoli Composite Application Manager for Transaction Tracking Reference Guide, SC32-9485. 130 Large-Scale Implementation of IBM Tivoli Composite Application Manager for WebSphere and Response Time Tracking Deploy the monitoring components using the CLI. Each management component type requires different invocation parameters. Deploying quality of service component: tmtpcli -DeployQoS –AgentName laredo –ProxyHostname laredo.itsc.austin.ibm.com –ProxyPort 7081 –OriginHostname laredo.itsc.austin.ibm.com –OriginPort 9081 -Wait Deploying synthetic transaction investigator component: tmtpcli -DeploySti –AgentName geneva –Wait Deploying generic Windows component: tmtpcli –DeployGenWin –AgentName ser1 –ProjectName trader001 –ProjectPassword pwd –ProjectUserId Administrator –Wait Deploying Application Resource Measurement (ARM) custom application component: tmtpcli –DeployCustomApp –AgentName laredo –ArmAppName Trader Deploying Java 2 Platform, Enterprise Edition (J2EE) component: tmtpcli –DeployJ2ee –AgentName laredo –ServerType WebSphere –Version 6.0 –ServerHome C:\IBM\WebSphere\AppServer –ServerName laredo1 –ProfileName AppSrv01 –AutoRestart –NetworkDeploy –DeployManagerName laredo.itsc.austin.ibm.com –AdminPort 9060 –Wait 6.2.3 Defining management resources Management resource definition for a large-scale implementation is cumbersome if performed using the Web console. Define these management resources, such as agent groups, policy groups, operators, and schedules, by using the command-line, too: Defining policy groups: tmtpcli -CreatePolicyGroup <policy group name> Defining agent groups: tmtpcli -CreateAgentGroup <agent group name> -Agents <comma separated agent list> Defining users: tmtpcli -CreateUser <user> Defining schedules: tmtpcli -CreateSchedule <xml filename> Chapter 6. Installing ITCAM for Response Time Tracking 131 The schedule itself must be defined in an eXtensible Markup Language (XML) file. Example 6-5 shows the schedule XML file definition. Example 6-5 Schedule XML file <?xml version="1.0" encoding="UTF-8"?> <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <soapenv:Body> <ns1:ScheduleData xmlns:ns1="urn:TMTP"> <arg0 href="#every5min"/> </ns1:ScheduleData> <multiRef id="every5min" soapenc:root="0" soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" xsi:type="ns2:com.ibm.tivoli.transperf.core.ejb.common.ScheduleData" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:ns2="typeNS"> <created xsi:type="xsd:dateTime">1970-01-01T00:00:00.000Z</created> <creator xsi:type="xsd:string"></creator> <deleted xsi:type="xsd:dateTime">1970-01-01T00:00:00.000Z</deleted> <deletor xsi:type="xsd:string"></deletor> <description xsi:type="xsd:string">Changed temporally by Danilo</description> <end xsi:type="xsd:int">0</end> <endDateTime xsi:type="xsd:dateTime">1970-01-01T00:00:00.000Z</endDateTime> <endTime xsi:type="xsd:string">00:00</endTime> <isDeleted xsi:type="xsd:boolean">false</isDeleted> <iteration xsi:type="xsd:int">5</iteration> <iterationType xsi:type="xsd:int">0</iterationType> <iterationUnit xsi:type="xsd:string">MINUTES</iterationUnit> <lastUpdated xsi:type="xsd:dateTime">2005-10-14T15:37:07.672Z</lastUpdated> <lastUpdator xsi:type="xsd:string"></lastUpdator> <name xsi:type="xsd:string">Every_5_5min</name> <objectVersion xsi:type="xsd:int">1</objectVersion> <run xsi:type="xsd:int">1</run> <runFri xsi:type="xsd:boolean">false</runFri> <runMon xsi:type="xsd:boolean">false</runMon> <runSat xsi:type="xsd:boolean">false</runSat> <runSun xsi:type="xsd:boolean">false</runSun> <runThu xsi:type="xsd:boolean">false</runThu> <runTues xsi:type="xsd:boolean">false</runTues> 132 Large-Scale Implementation of IBM Tivoli Composite Application Manager for WebSphere and Response Time Tracking <runWed xsi:type="xsd:boolean">false</runWed> <start xsi:type="xsd:int">0</start> <startDateTime xsi:type="xsd:dateTime">2005-10-14T21:36:00.656Z</startDateTime> <startTime xsi:type="xsd:string">00:00</startTime> <timeZone xsi:type="xsd:string">US/Central</timeZone> <type xsi:type="xsd:string">PLAYBACK_SCHEDULE</type> <useDST xsi:type="xsd:boolean">true</useDST> <uuid xsi:type="xsd:int">221</uuid> </multiRef> 6.3 Setting up Secure Sockets Layer certificates To secure communication between various components of ITCAM for Response Time Tracking, activate SSL. ITCAM for Response Time Tracking provides a default set of certificates to let you implement SSL encryption using the default setting. The default setting has the communication encrypted, and provides the quickest way to implement SSL. It also lets you test the function with the SSL enabled, but without the risk of potential authentication problems with custom certificates. Anybody with the installation image can extract the certificate and unscramble the information. This section discusses the following topics: 6.3.1, “Secure Sockets Layer for ITCAM for Response Time Tracking” on page 133 6.3.2, “Working with custom certificates” on page 134 6.3.1 Secure Sockets Layer for ITCAM for Response Time Tracking Secure Sockets Layer in ITCAM for Response Time Tracking is handled using the Java Secure Socket Extension (JSSE). In this configuration, SSL certificates and keys are stored in a jks (Java key store) file. Management of these jks files is performed using the IBM GSKIT. Note: The IBM GSKIT is different from the keytool command that is supplied in the Java environment. Chapter 6. Installing ITCAM for Response Time Tracking 133 Perform Secure Sockets Layer activation directly with the installation wizard or the silent installation options when you install ITCAM for Response Time Tracking. The default port assignments for SSL communication are: Management server port: 9446 Store and Forward Agent port: 443 for the management agent or downstream Store and Forward Agent, and 1976 for the management server or upstream Store and Forward Agent To activate SSL communication after you have ITCAM for Response Time Tracking running without SSL, perform the following tasks: 1. Activate SSL on the management server. The SSL setting on the management server is stored in the WebSphere Application Server settings. Changing to SSL requires modification in the following paths: – Select Security → SSL and modify host/TMTPSettings_Without_ClientAuth and host/TMTPSettings_With_ClientAuth to specify the jks file and its password. – Select Environment → Manage WebSphere Variables and modify the TMTP_KEYSTORE and TMTP_KEYPASS variables. The TMTP_KEYPASS password contains an encrypted password that can be created by using pass_util.jar. 2. Activate SSL on the Store and Forward agent. The Store and Forward agent uses WebSphere Caching Proxy. SSL modification requires changes in ITCAM for Response Time Tracking and WebSphere Caching Proxy. – Modify the SnF/config/endpoint.properties file and the change endpoint.keystore and endpoint.keypass parameters. – Modify etc/cp/en_US/ibmProxy.conf and the KeyRing and KeyRingStash variables. 3. Activate SSL on the management agent. Modify the config/endpoint.properties file and change the endpoint.keystore and endpoint.keypass parameters. 6.3.2 Working with custom certificates You may want to implement your own set of custom certificates. The basic operation of certificates lets you define your identity certificate to encrypt the 134 Large-Scale Implementation of IBM Tivoli Composite Application Manager for WebSphere and Response Time Tracking information that you send and lets everyone you trust have a public key to decrypt your information. Although it is possible to define a separate certificate identity for every machine that communicates, the sheer number of machines and operation changes involved in managing them are prohibitive, especially in a large environment. We implemented the following set of certificates: Management server certificate Store and Forward agent certificate Management agent certificate that communicates directly to the management server Management agent certificate that communicates through the Store and Forward agent Configuration involves the following steps: 1. The jks files are built and managed using the iKeyMan command. The command resides in the WebSphere Application Server’s bin directory. Create the following jks files: – For the management server: jks file for the management server. We call this file prodms.jks. – For the Store and Forward agent: jks file for the Store and Forward agent. We call this file prodsnf.jks. – For the management agent: jks file for the management agent. We call this file prodma.jks. Besides these files, the iKeyMan tool also generates a password key file with the same name and extension of arm. 2. Run the gsk7ikm command from the WebSphere Application Server’s gskit7install directory. This is used to create a key database (kdb file) for the Store and Forward agent, and possibly the quality of service proxy. The quality of service SSL is not discussed in this paper as it relates to the application requirement. This task produces a kdb file, a stash file (sth) (where the kdb password is stored), and an arm file. 3. The jks and kdb file sets must be installed and activated on the ITCAM for Response Time Tracking, as discussed in 6.3.1, “Secure Sockets Layer for ITCAM for Response Time Tracking” on page 133. Chapter 6. Installing ITCAM for Response Time Tracking 135 136 Large-Scale Implementation of IBM Tivoli Composite Application Manager for WebSphere and Response Time Tracking 7 Chapter 7. Maintenance of ITCAM for Response Time Tracking This chapter discusses the issues relating to the maintenance of ITCAM for Response Time Tracking in a large-scale environment. This chapter discusses the following topics: 7.1, “Operational issues pertaining to a large environment” on page 138 7.2, “Performance and availability of management server” on page 138 7.3, “ITCAM for Response Time Tracking files” on page 140 7.4, “Performing product maintenance” on page 142 © Copyright IBM Corp. 2006, 2007. All rights reserved. 137 7.1 Operational issues pertaining to a large environment This chapter discusses operational issues regarding a large-scale ITCAM for Response Time Tracking environment, and focuses on the issues that arise largely because of the environment size. The topics discussed in this chapter are: 7.2, “Performance and availability of management server” on page 138 As the size of the environment grows, even a slight inefficiency can cause a major problem. A large-scale environment requires the performance and availability of the managing server to be soundly maintained. 7.3, “ITCAM for Response Time Tracking files” on page 140 This is a necessity. This section discusses specific backup and recovery considerations and maintenance of files. 7.4, “Performing product maintenance” on page 142 This discusses the implementation of WebSphere, Database 2 (DB2), and ITCAM for Response Time Tracking patches. Typically, with the number of data collectors involved, this can be a huge task. 7.2 Performance and availability of management server Performance and availability of the ITCAM for Response Time Tracking management server is related mainly to the IBM WebSphere Application Server that hosts it and the availability of its database. This section discusses the following topics: 7.2.1, “Performance of WebSphere Application Server” on page 138 7.2.2, “Database maintenance” on page 139 7.2.1 Performance of WebSphere Application Server In ITCAM for Response Time Tracking, the management server runs entirely on the WebSphere Application Server process. The performance of the management server and the Web interface are greatly dependent on the performance of the WebSphere Application Server. This makes the performance tuning of the WebSphere Application Server critical. 138 Large-Scale Implementation of IBM Tivoli Composite Application Manager for WebSphere and Response Time Tracking The WebSphere Application Server basically runs on a Java Virtual Machine (JVM). The typical performance indicators for a JVM are: Adequate processing power from the original machine The clustering environment ensures that you can distribute the processing power across enough server machines. These machines must be dedicated and must not be running any unnecessary tasks. Class loading disk performance WebSphere boot classes and other jar files from ITCAM for Response Time Tracking must be stored in a contiguous and fast disk. If possible, separate the system paging area with the jar files. Adequate memory size for processing As JVMs use a lot of memory, provide adequate memory for the server. You may want to specify the minimum JVM size from the WebSphere Application Server configuration. You must be able to find the size after running the server for a while. Allocating memory on the fly is expensive. Another aspect of JVM memory tuning is the garbage collection. The frequency, as well as the garbage collection options, must be tuned to not interfere with the processing and waste critical memory space. Network connection to the database engine and from the WebSphere Edge Server Primary network connection considerations are request and uploading data to the management server, and data to be put into the database. If possible, the cluster and the WebSphere Edge Server must be running, using a separate local network to minimize packet collision with other applications on the Ethernet bus. 7.2.2 Database maintenance The performance of the management server is also related to database performance, which is in turn related to how the data is stored physically and how well the database manager understands the nature of data. This section is primarily aimed at discussing the use of DB2 as the database manager. The primary tools to ensure this are the REORG and RUNSTAT tools. Run both of these utilities from the DB2 utilities from the DB2 command line. Following is a description of these tools: The REORGCHK utility reads the table information and analyzes the necessity of running reorg. REORGCHK used current statistics or generates its own statistics. Chapter 7. Maintenance of ITCAM for Response Time Tracking 139 The REORG utility reorganizes the database structure to ensure that data is allocated coherently and in a typical access sequence requested by most queries. The syntax for running REORG is: DB2 REORG TABLE creator.table_name INDEX primary_index_name The RUNSTATS utility collects the statistics of the tables and indexes to ensure that the database manager chooses the most optimized method to get the data requested by a Structured Query Language (SQL) request. The syntax for running RUNSTATS is: DB2 RUNSTATS ON TABLE creator.table_name WITH <runstat_options> Typically, you should run REORGCHK for frequently modified tables, and then determine whether you want to run REORG on those tables. After all the modifications are performed, run RUNSTATS to ensure that the statistics are current and the DB2 obtains the most optimal path to the data that an SQL requested. We also recommend a regular, maybe monthly, maintenance window to REORG all the tables for ITCAM for Response Time Tracking and perform a complete RUNSTATS. Database performance also relates to the size of the data itself. Regular pruning of the collected data must be performed to ensure database performance. This pruning action must be carried out before any REORG or RUNSTATS utilities are performed. 7.3 ITCAM for Response Time Tracking files This section discusses the file considerations for ITCAM for Response Time Tracking and provides information about the following topics: 7.3.1, “Backup and recovery” on page 140 7.3.2, “Managing the log files” on page 141 7.3.1 Backup and recovery The backup and recovery procedure for ITCAM for Response Time Tracking is similar to the backup and recovery procedure for ITCAM for WebSphere discussed in 4.3, “Backup and recovery configuration” on page 83. It consists of server backup, WebSphere Application Server configuration, and DB2 database backup. 140 Large-Scale Implementation of IBM Tivoli Composite Application Manager for WebSphere and Response Time Tracking Note: WebSphere Application Server backup must be performed on the network deployment engine instead of on individual application servers. An additional requirement for backup may arise from the WebSphere Edge Server. Typical backup of the product installation directories must be adequate. 7.3.2 Managing the log files Log files in ITCAM for Response Time Tracking are used for problem determination of the product’s working mechanism. Several locations exist for the log files, depending on the components that generate them. The locations are: Tivoli common directory This is where most of the log files are stored. The typical directory names are: – %ProgramFiles%\ibm\tivoli\common (Windows) – /var/ibm/tivoli/common (UNIX) The directory under the common directory is typically identified by a three-character product code, such as BWM for ITCAM for Response Time Tracking. In the product directory, the following sub-directories exist: – First-failure data capture (FFDC) for first failure data capture application The FFDC directory contains diagnostic information pertaining to the program exceptions that are captured. – The logs subdirectory of Tivoli common directory This is typically filled with log files and must be maintained. WebSphere log files WebSphere log files are located on each WebSphere Application Server instance under the path $WAS_HOME/profiles/<profile>/logs/<server>. As these log files have a maximum size and a predefined number of generations, they cannot exceed a certain size. This path must be maintained and checked for ad hoc logging that may use up the space. We recommend that you use a separate file system to contain the common directory. Chapter 7. Maintenance of ITCAM for Response Time Tracking 141 7.4 Performing product maintenance Various considerations must be taken into account when dealing with the application of product maintenance, fixes, and fix packs in a large environment, as this must be performed remotely, and automated with minimal impact to the production system. This section discusses the following topics: 7.4.1, “Getting software updates” on page 142 7.4.2, “Updating ITCAM for Response Time Tracking management server” on page 142 7.4.3, “Updating ITCAM for Response Time Tracking management agents” on page 143 7.4.1 Getting software updates Obtain the software updates from the following IBM Web sites: For ITCAM for Response Time Tracking: http://www-306.ibm.com/software/sysmgmt/products/support/IBMTivoliCo mpositeApplicationManagerforResponseTimeTracking.html For DB2 Universal Database: http://www-1.ibm.com/support/docview.wss?rs=71&uid=swg27007053 For WebSphere Application Server: http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27006899 Typically, you do not have to obtain updates for DB2 or WebSphere on the managing server. ITCAM for Response Time Tracking only supports a certain level of these products. However, you may sometimes require a certain software level to fix a problem. 7.4.2 Updating ITCAM for Response Time Tracking management server The ITCAM for Response Time Tracking management server updates must be performed as a scheduled maintenance. This means that: You must have a backup of the management server system. You must perform an orderly shutdown of the management server. Users must be notified of the system’s unavailability. The patch for ITCAM for Response Time Tracking is distributed as a self-extracting executable called 6.0.0.0-TIV-RTT-FP000n_<platform> with the 142 Large-Scale Implementation of IBM Tivoli Composite Application Manager for WebSphere and Response Time Tracking bin or exe extensions for each supported management server platform. It also provides zip files for cluster-based installation. Non-cluster installation is performed by launching the executable and following the prompt, while cluster-based implementation is performed by extracting the zip file and running the supplied Java Command Language (JACL) scripts with the wsadmin command. You may have to update the ITCAM for Response Time Tracking database using the supplied script programs. See the corresponding readme files for more information. Restart the WebSphere Application Server after applying the update. 7.4.3 Updating ITCAM for Response Time Tracking management agents Perform management agent updates in ITCAM for Response Time Tracking directly from the management server process. Use the automatic agent through the Web console. Select System Administration → Agent Updates. Install the agents manually using the following command: <MA_BASEDIR>\jre142\jre\bin\java -Dtmtp.user.dir=<MA_BASEDIR> -jar ma_fixpack.jar -silent Restriction: Manually install the management agent for z/OS and OS/400 using a platform interface such as System Modification Program/Extended (SMP/E). Reinstall the Java 2, Enterprise Edition (J2EE) component after updating the agent. Use the Web interface or the command line for this. For a large installation, perform both the steps using the command-line interface, as shown in Example 7-1. Example 7-1 Updating J2EE components using the command line tmtpcli -RemoveComponent -AgentName <agent> -ComponentType J2EE_WAS tmtpcli -DeployJ2ee –AgentName <agent> –ServerType WebSphere –Version 6.0 –ServerHome serverHome –ServerName serverName –ProfileName profileName [–AutoRestart] [–IsSecure –AdminUserName <adminUserName> –AdminPassword <adminPassword>] [–NetworkDeploy –DeployManagerName <deployManagerName> –AdminPort <adminPort>] [–Wait] Chapter 7. Maintenance of ITCAM for Response Time Tracking 143 144 Large-Scale Implementation of IBM Tivoli Composite Application Manager for WebSphere and Response Time Tracking Abbreviations and acronyms AIX Advanced Interactive eXecutive JMX™ Java Management Extensions API Application programming interface JNI™ Java Native Interface JRE Java Runtime Environment ARM Application Response Measurement JVM Java virtual machine JVMPI Java Virtual Machine Profiler Interface BCM Byte Code Modification CD-ROM Compact-disc read-only memory JVMTI Java Virtual Machine Tool Interface CLI Command-line interface LDAP CPU Central processing unit Lightweight Directory Access Protocol DB2 Database 2 MSC Multiple Systems Coupling EJB Enterprise JavaBeans MVS™ Multiple Virtual Storage ETE™ End-to-end PCB Program control block FFDC First-failure data capture PDF Portable Document Format FMID Function modification identifier PMI Performance monitor interface GUI Graphical user interface RMI Remote Method Invocation HTML Hypertext Markup Language RTE runtime environment HTTP Hypertext Transfer Protocol SNMP HTTPS HTTP Secure Simple Network Management Protocol IBM International Business Machine Corp. SOAP Simple Object Access Protocol ITIL Information Technology Infrastructure Library SQL Structured Query Language SSH Secure SHell ITM IBM Tivoli Monitoring SSL Secure Sockets Layer ITSO International Technical Support Organization STI Synthetic Transaction Investigator J2C Java2 Connectivity TCP/IP J2EE Java 2 Platform, Enterprise Edition Transmission Control Protocol/Internet Protocol TEMA Tivoli Enterprise Monitoring Agent TEMS Tivoli Enterprise Monitoring Server TEP Tivoli Enterprise Portal JAR Java archive JDBC Java Database Connectivity © Copyright IBM Corp. 2006, 2007. All rights reserved. 145 TEPS Tivoli Enterprise Portal Server UDB Universal Database UML Universal Markup Language URI Universal Resource Identifier URL Universal Resource Locator WSDL Web Services Definition Language XML eXtensible Markup Language 146 Large-Scale Implementation of IBM Tivoli Composite Application Manager for WebSphere and Response Time Tracking Related publications The publications listed in this section are considered particularly suitable for a more detailed discussion of the topics covered in this Redpaper. IBM Redbooks For information about ordering these publications, see “How to get IBM Redbooks” on page 149. Note that some of the documents referenced here may be available in softcopy only. Installing WebSphere Studio Application Monitor V3.1, SG24-6491 Unveil Your e-business Transaction Performance with IBM TMTP 5.1, SG24-6912 WebSphere Studio Application Monitor V3.2 Advanced Usage Guide, SG24-6764 Other publications These publications are also relevant as further information sources: ITCAM for Response Time Tracking publications – IBM Tivoli Composite Application Manager for Response Time Tracking Administrator’s Guide, SC32-9483 – IBM Tivoli Composite Application Manager for Response Time Tracking Checking Performance and Availability, SC32-9484 – IBM Tivoli Composite Application Manager for Response Time Tracking Installation and Configuration Guide, GC32-9482 – IBM Tivoli Composite Application Manager for Response Time Tracking: Installing a Management Server in a WebSphere Cluster Environment, SC32-1804 – IBM Tivoli Composite Application Manager for Response Time Tracking Prerequisites, SC32-9486 – IBM Tivoli Composite Application Manager for Response Time Tracking Problem Determination Guide, SC32-9513 © Copyright IBM Corp. 2006, 2007. All rights reserved. 147 – IBM Tivoli Composite Application Manager for Response Time Tracking Reference Guide, SC32-9485 – IBM Tivoli Composite Application Manager for Response Time Tracking V6.0 Program Directory, GI11-4099 ITCAM for WebSphere publications – IBM Tivoli Composite Application Manager for WebSphere Installation and Customization Guide, GC32-9506 – IBM Tivoli Composite Application Manager for WebSphere: Installing and Configuring the Tivoli Enterprise Monitoring Agent, SC32-1801 – IBM Tivoli Composite Application Manager for WebSphere Operator’s Guide, SC32-9508 – IBM Tivoli Composite Application Manager for WebSphere Problem Determination Guide, SC32-9509 – IBM Tivoli Composite Application Manager for WebSphere: Tivoli Enterprise Monitoring Agent Problem Determination Guide, SC32-1800 – IBM Tivoli Composite Application Manager for WebSphere User’s Guide, SC32-9507 Online resources These Web sites and URLs are also relevant as further information sources: Microsoft link for InstallShield error http://support.microsoft.com/default.aspx?scid=kb;en-us;295278 Microsoft Windows Services for UNIX http://www.microsoft.com/windows/sfu/default.asp Open group Web site for Application Response Time Management http://www.opengroup.org/arm Product prerequisites information http://publib.boulder.ibm.com/tividd/td/ITCAMRTT/prereq60/en_US/HTML /Version60.html http://publib.boulder.ibm.com/tividd/td/ITCAMWAS/prereq60/en_US/HTML /itcam6.html 148 Large-Scale Implementation of IBM Tivoli Composite Application Manager for WebSphere and Response Time Tracking Product Web pages http://www-306.ibm.com/software/tivoli/products/composite-applicatio n-mgr-rtt/ http://www-306.ibm.com/software/tivoli/products/composite-applicatio n-mgr-websphere/ WebSphere fix pack links ftp://ftp.software.ibm.com/software/websphere/appserv/support/fixpac ks/was60/refreshpack1/Windows ftp://ftp.software.ibm.com/software/websphere/appserv/support/fixpac ks/was60/refreshpack1/Linux How to get IBM Redbooks You can search for, view, or download Redbooks, Redpapers, Hints and Tips, draft publications and Additional materials, as well as order hardcopy Redbooks or CD-ROMs, at this Web site: ibm.com/redbooks Help from IBM IBM Support and downloads ibm.com/support IBM Global Services ibm.com/services Related publications 149 150 Large-Scale Implementation of IBM Tivoli Composite Application Manager for WebSphere and Response Time Tracking Index A application management 2 pillar 5 application monitor 20 data collector agent 20 managing server 20 Application Response Measurement ARM 97 Application Response Measurement, See ARM application server 19 archive agent 23, 26, 48 trimming 79 ARM 11 Application Response Measurement 97 B backup database 84 ITCAM for WebSphere 83 backupConfig command 83 C certificate key generator 30 CICS 6 Customer Information Control System 96 CLI command-line interface 96 Client Application Tracker 13 cluster 106 environment 99 CMDB 3 command-line interface 130 CLI 96 commands backupConfig 83 config_DC 56 configurewebserver1 118 CreateCliProperties 130 crtdb_db2 108 datatrim.sh 80 db2cmd 37, 39 db2install 36 © Copyright IBM Corp. 2006, 2007. All rights reserved. gsk7ikm 135 iKeyMan 135 install-DC 50 java 44 keytool 68 restoreConfig 83 run-stat-cmds 78 SetupCmdLine.bat 113 setupCmdLine.bat 130 su 36 tmtpcli 130 update 113 wasprofile 112 wsadmin 29 communication port requirement 31 security 100 communication security 29 composite application 2 confidentiality support 8 config_DC command 56 configuration files 44, 86 configuration management database, See CMDB configurewebserver1 command 118 CreateCliProperties command 130 crtdb_db2 command 108 custom certificate 67 custom certificates 134 Customer Information Control System CICS 96 Customer Information Control System, See CICS D data collection mechanism 96 data collector 19, 96 additional 56 deploying 28 deployment 50 data retrieval 97 data trimming 78 database cataloging 37 connection pools 19 151 engine 139 installation 107 installation scripts 36 maintenance 139 table information 24 gcdata 24 memorydata 24 methods 24 pmidata 24 requests 24 volumestats 24 database maintenance 77 datatrim.sh command 80 DB2 Client Application Enabler 35 database 107 Universal Database Enterprise Server 25, 98 installation 35 db2cmd command 37, 39 db2install command 36 designing managing server 25 disaster recovery 32, 102 E EJB 19 usage 19 embedded installation 27 Enterprise JavaBeans, See EJB ETEWatch 13 F failover 102 fault tolerance 102 file system 107 firewall 101 considerations 30 support 8 G global publish server 43 gsk7ikm command 135 I IBM GSKIT 133 IBM IT Service Management approach 3 IBM Tivoli Composite Application Manager for Re- 152 sponse Time Tracking backup, recovery 140 components 12 management agent 12 management server 12 Store and Forward Agent 12 deployment 98 features 11 file systems 107 functions 11 installation, deployment 105 maintenance 137 management agents, update 143 management server, processing 98 management server, update 142 overview 11 platforms supported 14 server sizing communication bandwidth 97 IBM Tivoli Composite Application Manager for WebSphere 19 architecture 19–20 availability 6 backup, recovery configuration 83 component Tivoli Enterprise Monitoring Agent 10 components 9 archive agent 26, 28 data collector 10 global publishing server 26 kernels 26 managing server 9 message dispatcher 27 polling agent 27 publish server 26, 28 visualization engine 27 data sources 19 features 9 functions 9 implementation 25 managing server 20, 25 communication bandwidth 22 database size 24 sizing 22 overview 8 platforms supported 10 product architecture 18 IBM Tivoli Composite Application Manager for WebSphere managing server Large-Scale Implementation of IBM Tivoli Composite Application Manager for WebSphere and Response Time Tracking processing requirement 24 IBM Tivoli Composite Application Manager portfolio 5 for IBM CICS Transactions 5 for IBM IMS Transactions 5 for Response Time Tracking 5 for SOA 5 for WebSphere 5 IBM Tivoli OMEGAMON® XE for IBM WebSphere Business Integration 5 IBM Tivoli Composite Application Manager Response Time Tracking designing management server 98 IBM Tivoli software portfolio 4 business service management 5 composite application management 4 event correlation and automation 4 orchestration and provisioning 4 resource monitoring 4 iKeyMan command 135 IMS 6, 19 Information Management System 96 in-depth resource usage 6 Information Management System IMS 96 Information Management System, See IMS installation parameters 61 install-DC command 50 IT Infrastructure Library, See ITIL ITCAM for Response Time Tracking planning considerations 94 product architecture 94 sizing parameters 96 sizing servers 96 ITCAM for WebSphere components 26 database installation, configuration 35 features 9 installation of managing server 34 configuration 34 maintenance 75 operational issues 76 ITCAM for WebSphere managing server sizing memory size 23 ITIL 3 J J2EE application server 19 monitoring agent 13 JACL scripts 29 java command 44 Java Database Connectivity, See JDBC Java Runtime Environment, See JRE Java Virtual Machine Tool Interface, See JVMTI JDBC 9 JRE 43 JVM thread pools 19 JVMTI 19 K kernel 23, 26 parameters 106 keystore 68 extraction of certificates 71 keytool command 68 L large-scale environment 3 definition 6 large-scale implementation concerns, considerations 7 deploying agents 7 maintenance 8 reliability 8 security 8 sizing servers 7 listening policies 97 load balancing 99 log files 85, 141 M management agent 95, 135 deployment 99 management resources definition 131 deployment 129 management server 95 installation 124 parameters 124 performance, availability of 138 managing server 19 global publishing server 26 Index 153 managing server split server 35 mass automated installation 29, 100 message dispatcher 27, 43 Microsoft Windows Services for UNIX, See SFU modular application development 3 monitoring components 131 Monitoring On Demand 22 monitoring policies 97 N name resolution 30 naming convention 99 O OCTIGATE database 35 OMEGAMON XE 18 operating system preparation 106 operational management pillar 4 Oracle database server 25, 98 overhead data collector 25 overseer components 24 P Performance Management Interface, See PMI planning considerations 18 playback policies 97 PMI 19 policy discovery 98 listening 98 playback 98 polling agent 27, 43 port 101 consolidation 31 issues 30 product maintenance 87, 142 pruning tables 78 publish server 23, 26, 48 Q Quality of Service monitoring agent 13 R Rational Robot 12, 96 Redbooks Web site 149 Contact us xi 154 reliability 102 remote database 34 reporting load 96 request table 78 response time 6 data 97 response time measurement 97 restoreConfig command 83 run-stat-cmds command 78 S Secure Sockets Layer communication 30 Secure Sockets Layer, See SSL security communication, firewall, port usage 29 service level agreement 5 setenv.sh 23 SetupCmdLine.bat 113 setupCmdLine.bat 130 SFU 36 silent installation 28, 50, 99, 129 Simple Network Management Protocol, See SNMP sizing servers 21 parameters 21 complexity of transaction 21 data collection filter 21 instrumentation level 21 listening policy mask 21 monitoring level 21 number of data collectors 21 sampling rate 21 transaction rate 21 SNMP 27 software updates 87, 142 split server configuration 42 installation, setup 43 SSL 30, 64 certificates 133 communication 101 data collector setup 65 managing server setup 64 SSL communication 30 STI 13 Store and Forward Agent 95, 135 su command 36 Synthetic Transaction Investigator 96 Synthetic Transaction Investigator, See STI Large-Scale Implementation of IBM Tivoli Composite Application Manager for WebSphere and Response Time Tracking T Tivoli common directory 141 Tivoli Enterprise Monitoring Agent 13 Tivoli Enterprise Monitoring Server 96 Tivoli Enterprise Portal 10, 96 tmtpcli command 130 tmtpcli.properties 130 U update managing server 87 update command 113 user right assignment 106 utilities REORGCHK 139 RUNSTATS 140 utility REORGCHK 77 RUNSTATS 77 V visualization engine 24, 27, 41, 43, 76 W wasprofile command 112 WebSphere log files 141 security 100 WebSphere Application Server 25, 98, 109 installation 109 performance 76, 138 WebSphere Edge Component installation 118 WebSphere Edge Server 106 WebSphere security 29 WebSphere Studio Application Monitor 18 WebSphere Studio Application Monitor, See WSAM Windows workstation 12 wsadmin command 29 WSAM 18 Index 155 156 Large-Scale Implementation of IBM Tivoli Composite Application Manager for WebSphere and Response Time Tracking Back cover Large-Scale Implementation of IBM Tivoli Composite Application Manager for WebSphere and Response Time Tracking Planning for performance of management infrastructure Implementing with multiple servers Performing mass update of agents This IBM® Redpaper discusses large-scale implementation of IBM Tivoli® Composite Application Manager for WebSphere® and IBM Tivoli Composite Application Manager for Response Time Tracking. Large-scale implementation is typically characterized by the number of monitoring agents deployed and the number of transactions load-managed. A typical large-scale implementation of a monitoring product contains the following challenges: Keeping up the performance of the monitoring tools to accommodate the processing load from the agents. Automation of installation, update, and maintenance of monitoring agents based on silent installation and automated update. Specific day-to-day maintenance actions to ensure performance and availability of the monitoring solution. This IBM Redpaper addresses these issues with regard to the implementation of ITCAM for WebSphere and ITCAM for Response Time Tracking on distributed platforms. The discussion is divided into planning issues, implementation guides, and maintenance considerations. ® Redpaper INTERNATIONAL TECHNICAL SUPPORT ORGANIZATION BUILDING TECHNICAL INFORMATION BASED ON PRACTICAL EXPERIENCE IBM Redbooks are developed by the IBM International Technical Support Organization. Experts from IBM, Customers and Partners from around the world create timely technical information based on realistic scenarios. Specific recommendations are provided to help you implement IT solutions more effectively in your environment. For more information: ibm.com/redbooks