Category — IBM

Looks like I’ll put off talking about a more pleasing subject of the importance of events for TBSM v4.2 to talk about something I’ve been thinking, playing, struggling with this past week. More details will have to wait until we’re GA here in a few weeks, sorry.

I can’t stress enough that you begin to create a thorough design and implementation plan for how you’ll establish access, authorization and authentication (AAA) within your TBSM v4.2 solution. Things have SIGNIFICANTLY changed in TBSM v4.2. There are many different options and settings throughout the product that must be set to implemented in a typical production environment. Many of them are easy to overlook, trust me!

I recommend starting with a systematic assessment of your existing environment (or strawman of what you think your requirements will be). If my end solution is a TBSM v4.2 layout with numerous views, pages and portlets, navigation and launch in context attributes, you must think through all of these components and document what users, roles or groups can access, see and do things. Are these users authenticated in an external source? What group are they assigned at login? Do they have the correct roles assigned to perform your expected tasks?

From an administrators perspective, you’ll need to think through things in the same manner, ensuring that you can perform the administrative tasks - and have the proper configurations to perform work as if you were a member of the end user group. This is a CRITICAL component, especially when implementing custom canvas dashboard solutions for users/groups.

I have this visual in my head of what this may look like to capture how things may be designed:

At each level, I envision documenting all of the critical configurations and settings with heavy focus on who can access, what can they do/see/click-on, etc. Trust me, there are configuration options at every level that you need to think through. This is especially true if you’re implementing solutions where one user/group can see some things and can’t see others.

Some random thoughts to consider as you work through this stuff:

• Are you using an external source such as LDAP, Active Directory or Netcool/OMNIbus for authentication and authorization? How will you integrate? What will the information exchange be? Do you know what your LDAP/AD group needs from you for configuration?
• Will you take advantage of the new Single Sign On (SSO) capability? How? What products will you want SSO access to from TBSMv4.2 / TIP?
• If you’re using legacy TBSM v3.1, Netcool/RAD or TBSM v4.1.x today, start to really look at what you’re doing and how your end user audiences access and work within this environment.
• What types of users do you have? Read only, have some privileges, superusers, etc.? What PSML, pages, tabs, view points can they see/access?
• What roles do they have today in each respective product? What can they do? What can they see? What menus, options, dialog boxes, check boxes, etc. can they interact with?
• Are you assigning roles to users or roles to groups or both? How should you be assigning roles for effective management? How would you audit this if asked?
• What groups do you have? What roles are assigned to groups?
• What NGF security models have you implemented? Are you controlling access to certain PSMLs, viewpoints, etc?
• Will you allow users to manage events from within TBSM? What permissions will you require from an event management perspective from Netcool/OMNIbus or Netcool/Webtop?
• What Tivoli Common Reporting (TCR) reports or charts will you incorporate into your solution? Will your users be able to design/upload their own?
• If launching out into other products, what AAA is required to allow that user to perform expected tasks, actions, etc. in the remote product (TEPS, ITM, TADDM, TSRM, etc.)
• Do you have additional security requirements such as SSL? Do you use CA Signed Certs or Self Signed Certs? Where do you require communications to be encrypted? (User to GUI, TBSM–>LDAP/AD, TBSM–>Other Product) There’s a GUI for this stuff now so hopefully no more command line and file hacking is required.
• You’ll want to learn as much as possible on this repository concept. (standalone, federated, etc.) More than likely you’ll be digging into WebSphere manuals if you have any significant security requirements. It appears as if you’ll always be in this federated repository mode using a local file and other source.

Shameless plug

IBM Tivoli Services and our TBSM AAA Accredited Business Partners are always available to help advise and consult with you in these areas. Please do not hesitate to contact me at anytime and I can help arrange further discussions.

Information available here.

Presenter(s): Joy Hawkins

Time: 12 Sep 2008, 11:00 EDT (Eastern Us), 17:00 UK (London), 19:00 CET (Rome)

This STE will cover TBSM BSM Agent (review both MOSWOS and Historical reporting pieces) overview and troubleshooting.

Two new IF’s have been released for TBSM v4.1.1.

IF008 requires IF001 includes IF004, IF005, IF006 and IF007 fixes in addition to the following new fixes.

*READ THE FINE PRINT IN THE READ ME!!!*

When published, it will be available in this directory structure.

IZ23415 DB CLICK ON EVENT IN SERVICE DETAIL NOTHING HAPPENS

When you double click on an event listed on the Event tab of the Service Details viewpoint, nothing happens. Doing the double click on the event, should launch a separate browser window containing
the details associated with the event.

IZ24957 UNABLE TO IMPORT RADSHELL EXPORT OF CONFIG

When the customer first exports their configuration from one system, and then tries to import into another system, they get this error for the import of a data fetcher:
“radshell> // Error: Error parsing input: bsh.TokenMgrError:
Lexical error at line 65, column 133. Encountered: “\r” (13), after :
“\”SELECT JOB_SCH_ST_ID, PCSG_DT, CAL_PCSG_WNDW_CD, BCH_NME, JOB_DESC,
BCH_ID, RUN_NO, JOB_SEQ_NO, AUTO_SYS_STRT_TM, AUTO_SYS_END_TM, ” ”

IZ25602 THINCLIENT IN IE, THE SERVICE DEPENDENCY PAGE HANGS

Thin Client doesn’t show up with IE.

IZ26785 VALUE AND AREA FOR PIE CHART IN TBSM 4.1 IS NOT REPRESENTED

When a user wants to show the annotations on a custom chart, the annotations line up with the incorrect plots on the chart. For example, if the user has a pie chart which displays Test 1 = 1000, Test2 = 2000, Test3 = 3000, and Test4 = 4000; The annotation on each slice showing the value would be like the following: Test1 - annotation is 2000, Test2 - annotation 3000, Test3 - annotation 1000,
Test4 - annotation 4000

IZ26795 POSSIBLE MISSING CLASSES FROM ALL3P.JAR

Unable to save Custom Canvas.

IZ29147 SERVICES VIEWABLE IN VIEWER, BUT NOT SERVICE TREE

When trying to expand a node in the tree to display the children, the plus sign stays a plus sign and no children are displayed. If the parent node is viewed in the service viewer, the children are displayed,
however, one of the children has a display name of “…” The issue only happens when retrieving nodes using an ESDA rule.

171333 CT-3174: 2nd launch of TEP opens separate IE7 browser

On Windows 2008, it was found that the launchtotep.vbs script is failing to work the same way it does in all of the other versions of Windows. Where the script is not able to re-use the same open browser
window already open to TEP.

IF009 is a TBSM-TADDM Discovery Library Toolkit integration IF. This supersedes IF003.

Available here.

INCORRECT REPRESENTATION OF TADDM FUNCTIONAL GROUPS (IZ12647)

After editing a TADDM business application, and removing members of a functional group, a delta import does not removed the objects from the TBSM service.

TADDM will send an update for a functional group the first time that a resource is added to the functional group. If the resource is removed from a functional group, and then later added again, an
update is not sent. This results in the functional group not being added back into the service in TBSM.

LOOPING CONDITION IN IMPORTED BUSINESS SERVICE TREE (IZ05790)

TBSM loses the knowledge that a resource was built from an ESDA; after which, when the service component repository informs the base TBSM server that a resource no longer exists, the base server
ignores the information and leaves the resource as is. This only applies to customers that have upgraded from TBSM 4.1.

LOOP IN THE SERVICE TREE WITH AN NFSSERVICE (IZ12344)

Business services containing an NFSService object contain a loop between the computer system and the NFSService.

MSVCR71.dll NOT FOUND ON WINDOWS SYSTEM (IZ26000)

The Discovery Library toolkit will not start on Windows. Running the command “xmltoolkitsvc.exe -d -t” reveals that the system cannot find msvcr71.dll.

DUPLICATE ROUTERS AND SWITCHES IN THE COMPONENT REGISTRY (IZ26267)

Business applications built in TADDM that include routers and switches show two instances of each device when the business application is imported into TBSM.

FILTER ON TADDM BUSINESS APPLICATION LIFECYCLESTATE (168719)

The ability to import a subset of the TADDM business applications.

The long awaited Tivoli Common Reporting (TCR) (based on BIRT) historical event reports are finally available. The documents and included files assumes that you’ll be archiving your events to the Tivoli Data Warehouse (TDW) using the new TDW Gateway and Reporter schema and these reports will pull from there.

It also looks like this is a MUCH smaller library of reports than the lists of reports I’d seen floating around. Not sure what the deal is there other than maybe it’s a way to justify keeping Netcool/Reporter around??

These should be easy to modify and point to your existing historical event database if you don’t plan to use TDW. Drop them in to TCR associated with TBSM v4.1.1 or upcoming 4.2 and incorporate some very basic event reports into your solution.

Download from OPAL here.

With Tivoli Business Service Manager (TBSM) v4.2 planned for general availability within the next few months, I feel that it’s very important that I provide some insight into things that all of our current (any version) and prospective TBSM clients begin to consider in advance of their migration/upgrade to or initial deployment of TBSM v4.2 in the near future.

The next generation of Tivoli Business Service Manager (TBSM) is different and offers opportunities for reevaluating the past to succeed in the future. The architectural options, operating scenarios, product features and capabilities are likely significantly different than those you may be currently using today. To fully exploit the new release, I will be sharing some thoughts and ideas for you to consider as you plan for your upgrade/migration or initial deployment.

First off, I strongly encourage you to not treat your migration and upgrade as just another routine step in the TBSM maintenance lifecycle. I strongly recommend that you reevaluate how you’ve used TBSM in the past. You may not need to do everything you’ve done previously – and probably shouldn’t anyway. There may be many more efficient alternative approaches you should consider.

I’d start be brainstorming some fairly simple and straightforward questions.

• Are you getting the expected value from your previous TBSM deployment?
• Does it provide measurable benefit to the business?
• Is it a critical application, used daily or something that’s occasionally referenced?
• Does it make peoples jobs easier?
• Do you know exactly why something is in there, what causes it to turn red, yellow or green?
• Is it kept up to date and accurate?
• Do you enjoy using TBSM within your operating environments?
• Does it make peoples jobs easier?
• Do your operations and support teams “trust” what you’re showing them?

If it’s hard for you to answer these questions or your answers are less than positive, it’s really important that you think deeply about how you’ll adopt TBSM v4.2 within your environment. I strongly believe that with the right strategy, roadmap, design and plans, you can significantly improve your implementation of TBSM and its acceptance within your organization.

Furthermore, I’ve seen far too many operating environments over the past few years that have yet to adopt a true consolidated operations environment. Are you operating in a silo with your current TBSM deployment? Is TBSM only used for the network, distributed or mainframe group within your organization? Why? Why not consider leveraging the industry leading capabilities of the Netcool/OMNIbus dependency and deploy a consolidated TBSM architecture? Work the organizational problems; establish the vision for consolidated operations and true end-to-end service management within TBSM. You have the technology and product capability, why not use it? Your chances of realizing true value oriented Business Service Management are very poor if you can’t work towards this consolidated model.

The more effort and time you place in architecture, design and planning, the more successful you will be. Your tactical efforts will ultimately fail without a strategic direction and purpose. TBSM v4.2 and the Tivoli Integrated Portal (TIP) platform offers many new architectural options to consider. Become familiar with these and the plans for broader based TIP adoption across the Tivoli portfolio. If you have a goal of a consolidated TIP architecture servicing the needs of numerous core products, the typical enterprise tools groups will need to ramp up skill sets in this new area quickly. Capacity planning, performance, large scale high availability and failover are all areas worthy of significant investigation and testing.

If you own other soon to be TIP enabled products such as Netcool/WebTop or Tivoli Network Manager (ITNM), how will you design and implement a consolidated platform for multiple TIP enabled products? Will you take advantage of the Tivoli Common Reporting (TCR) capability? How will you plan for broad based TCR usage? Will you use a batch oriented reporting mode to avoid potential performance impacts on the core products? What will your access, authentication and authorization schema be? How will you leverage the new Single Sign On (SSO) capability?

I’ll try and cover as many areas as I can without getting into any confidential areas while products are not in a GA state. I think there are a lot of things that should be done now and even more as the products are GA and available for you to explore within your lab or development environments.

Next up - the importance of events.

Shameless plug

IBM Tivoli Services and our TBSM AAA Accredited Business Partners are always available to help advise and consult with you in these areas. Please do not hesitate to contact me at anytime and I can help arrange further discussions.

Hopefully this OPAL whitepaper from one of our ATG folks makes our crazy TSRM - Netcool/OMNIbus integration a bit easier to understand and configure.

I still really have no idea why we’ve taken the concept of ticketing integration and made it so difficult. As an alternative to this approach, if you own Netcool/Impact you can look at this OPAL paper which uses WebServices. This approach needs to be validated against TSRM v7.x.

Mark this up as another Big4 vendor opening up “a bit” and making some really useful content available now via their BMC Developers Network (BMCDN).

While they haven’t opened up access to all of their product resources and documentation, there’s some really good stuff up there now, especially related to the ITSM platform and Atrium CMDB.

In addition to IBM’s complete transparency and openness, this makes the second vendor to show “a bit” of what’s under the covers to the broader community. What’s up with HP, CA, Compuware, Quest Software, Digital Fuel, Oblicore, Managed Objects, etc.?

A new IF is available for TBSM v4.1.1 addressing a few new areas (don’t see mine in there!). This depends on IF 001 and supersedes IF 004, 005 and 006. IF 007 can be downloaded here.

These are the new issues addressed:

IZ15914 INCONSISTENT SERVICE NAME TRUNCATIONS IN SERVICE TREE
Service name truncation is not consistent when using the static sizing tool. Many of the service names will truncate, but some do not.

IZ19833(NGF) NEED THE TBSM LOGON SCREEN TO BE ABLE TO ACCEPT MORE THAN 16 CHARACTERS
Integrated authentication works only if the password is short and when a longer password is used it causes the account in Active Directory to be locked.

This APAR increases the allowable length of the password to 127 characters - which is the Active Directory limit.

IZ20375 CREATING CUSTOM CANVASSES USING IE CAUSES HANG WHEN USING DE
When trying to either create a new custom canvas or edit an existing custom canvas, the canvas would fail during loading and the console would show the following error:

[Fatal Error] ServInst.xml:2:64: White spaces are required between
publicId and systemId. Exception in thread “Thread-12″
java.lang.NoSuchMethodError:

IZ24515 UNABLE TO SAVE SERVICE INSTANCES
The customer edits a service and clicks on the dependencies tab when the customer adds or removes dependent services, the change cannot be saved. The save screen will show up when the save button
is pressed, however, it will never go away and changes made are not saved.

IZ26602 PERSISTENT ESDA INSTANCE HAS A PARENT RULE FAILS TO SHOW UP IN
When there are persistent ESDA instances that belong to a template with a parent rule, they will not be displayed at the root of the tree even if they have no actual parents. Thus there will be no way
to see them.

This fix only applies to persistent ESDA instances that has no parents. If you want to enable the old behavior to not show the instances in the root of the tree set the following:

In RAD_sla.props
impact.sla.showesdainstanceswithparentrules=false

The default for this property is true, which will show these instances at the root of the tree.