Alignia for Business Applications Detailed Scope
The software described in this book is furnished under a license agreement and may be used only in
accordance with the terms of the agreement.
Copyright Notice
Copyright © 2017 Tango/04 - A Division of HelpSystems All rights reserved.
Document date: October 2017
Document version: 1.0
Product version: 5.0
No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language or computer language, in any form or by any means, electronic mechani-cal, magnetic, optical, chemical, manual, or otherwise, without the prior written permission of Tango/04.
Trademarks
Any references to trademarked product names are owned by their respective companies.
Technical Support
For technical support visit our web site at www.tango04.com.
Tango/04 Computing Group S.L. Avda. Meridiana 358, 5 A-B Barcelona, 08027 Spain
Tel: +34 93 274 0051
Table of Contents
Table of Contents
Table of Contents .............................................................................. iii
How to Use this Guide........................................................................vi
The New Offer – Overview on Alignia Product Line................................ 11.1. The Philosophy Behind it ................................................................................1
1.2. The Landscape ...............................................................................................1
1.3. The Solution: Best of Breed or Unique Monitoring Tool?................................1
1.4. The Tango/04 Approach .................................................................................2
1.5. Overview on the Different Modules.................................................................2
1.5.1. Alignia for Online Business Services (OBS) .............................................2
1.5.2. Alignia for Business Processes (BP).........................................................2
1.5.3. Alignia for Business Applications (BA) ......................................................3
1.5.4. Alignia for Business Security (BS) ............................................................3
Alignia for Business Applications Overview ........................................... 42.1. What is a Business Application?.....................................................................4
2.2. Business Application Components .................................................................5
2.2.1. Standalone Application Components ........................................................5
2.2.2. Connectivity Group Components ..............................................................5
2.2.3. Other Elements .........................................................................................6
2.3. Business Applications Architecture.................................................................6
What is Alignia for Business Applications?............................................ 73.1. What is a Business Application in Alignia? .....................................................7
3.2. What Does it Do?............................................................................................7
3.3. Main Benefits ..................................................................................................8
3.4. Main Features .................................................................................................8
3.5. Other Alignia Modules.....................................................................................9
3.5.1. Alignia for Online Business Services ........................................................9
3.5.2. Alignia for Business Processes.................................................................9
© 2017 Tango/04 Computing Group Page iii
Table of Contents
Templates ....................................................................................... 104.1. Types of Controls..........................................................................................10
4.2. What are Templates?....................................................................................10
4.2.1. How are Templates Used?......................................................................11
4.3. Standard Templates......................................................................................12
4.3.1. Standard Templates in Development......................................................13
Business Applications Controls........................................................... 145.1. Controls at the Business Application Layer ..................................................14
5.2. Controls at the Standalone Application Layer...............................................14
5.2.1. Configurable Controls .............................................................................15
5.3. Controls at the Server Layer .........................................................................15
5.4. Controls at the Element Layer ......................................................................15
Appendix A: Infrastructure Templates ................................................. 16A.1. Requirements by Credential .........................................................................17
A.2. Devices.........................................................................................................18
A.2.1. Servers ...................................................................................................18
A.2.2. Communication Devices .........................................................................34
A.2.3. End-Point Devices ..................................................................................36
A.3. Standalone Applications ...............................................................................41
A.3.1. Application Server...................................................................................41
A.3.2. Database Management System .............................................................41
A.3.3. Middleware .............................................................................................49
A.3.4. Web Server.............................................................................................56
A.3.5. Virtualization Server................................................................................61
Appendix B: Configurable Controls ..................................................... 63
Appendix C: Configuring an SSL Connection for IBM i .......................... 72C.1. Creating the Server Certificate on iSeries ....................................................72
C.2. Exporting the Server Certificate from iSeries ...............................................73
C.3. Importing the Server Certificate and exporting the Client Certificate ...........74
C.4. Importing the Client Certificate to iSeries .....................................................74
Appendix D: IBM WebSphere Application Server ................................. 75D.1. Requirements ..............................................................................................75
D.1.1. Activating PMI ........................................................................................75
D.1.2. Configuring security................................................................................80
Appendix E: Configuring IBM WebSphere MQ SSL Connections ............. 83E.1. Initial steps....................................................................................................83
E.2. IBM i Configuration .......................................................................................83
E.2.1. Authorizations .........................................................................................84
E.3. Connecting without SSL ...............................................................................85
E.3.1. Authorizations .........................................................................................85
© 2017 Tango/04 Computing Group Page iv
Table of Contents
E.3.2. Credentials in Orchestrator.....................................................................88
E.4. Connecting with SSL ....................................................................................89
E.4.1. Configuring SSL Certificates...................................................................89
Appendix F: Contacting Tango/04.................................................... 105
About Tango/04 Computing Group .................................................. 107
Legal Notice .................................................................................. 108
© 2017 Tango/04 Computing Group Page v
How to Use this Guide
© 2017 Tango/04 Computing Group Page vi
How to Use this Guide
This chapter explains how to use Tango/04 User Guides and understand the typographical conventions
used in all Tango/04 documentation.
Typographical Conventions
The following conventional terms, text formats, and symbols are used throughout Tango/04 printed
documentation:
Convention Description
Boldface Commands, on-screen buttons and menu options.
Blue Italic References and links to other sections in the manual or further documentation containing relevant information.
Italic Text displayed on screen, or variables where the user must substitute their own details.
Monospace Input commands such as System i commands or code, or text that users must type in.
UPPERCASEKeyboard keys, such as CTRL for the Control key and F5 for the function key that is labeled F5.
Notes and useful additional information.
Tips and hints that will improve the users experience of working with this product.
Important additional information that the user is strongly advised to note.
Warning information. Failure to take note of this information could potentially lead to serious problems.
The New Offer – Overview on Alignia Product Line
Chapter 11 The New Offer – Overview on Alignia Product Line
1.1 The Philosophy Behind itFor more than 20 years Tango/04 has been implementing monitoring projects all around the world that
are oriented towards helping IT departments manage their IT infrastructure with a view of the business
services they support.
1.2 The LandscapeAt the end the most important goal for IT is to ensure that the critical business of the company runs fine.
In order to do so it is not enough to monitor how the infrastructure works, but you also need to monitor
applications, user experience and business KPIs. Why? Because only in this way can IT be sure that the
business service is being delivered correctly to its internal and external customers.
Monitoring has to be done from the point of view of the business user, that is, by looking at his user
experience, and checking his business activity. If something is wrong there, no matter what the
infrastructure monitoring tells you, the business user is affected and they will complain.
1.3 The Solution: Best of Breed or Unique Monitoring Tool?Based on these needs, many companies decided to undertake enormous projects in order to improve
the quality of IT services, using ITIL or other best practice frameworks as a basis. Sometimes they
decided to adopt one of the Big-4 giant all-purpose frameworks (IBM, BMC, CA, HP), while others went
for a best-of-breed approach, integrating any type of monitoring tools for infrastructure monitoring: APM,
BSM, BAM…
In most cases such projects lasted months or years without producing tangible results for businesses.
In this context Tango/04 has decided to change the rules and proposes a pragmatic top-down approach:
1) identify the critical business services and processes, 2) analyze them together with the customer and
3) deliver a business-oriented monitoring solution in a very short time (within a month in most cases).
© 2017 Tango/04 Computing Group Page 1
The New Offer – Overview on Alignia Product Line
1.4 The Tango/04 ApproachTo make this real, we have decided to create a new product offer, called Alignia, based on three main
pillars: Embedded knowledge; Embedded How-to; Immediate Results.
• Embedded Knowledge: from the experience acquired in hundreds of BSM/BAM projects, we
have identified the key needs that an IT manager has when he wants to know if IT is doing its
job, that is, delivering satisfactory business services and processes to its company. We have
encapsulated a lot of best practices, insights and controls from world class companies,
embedding it in our product.
• Embedded How-to (Methodology): We speak in business language, not jargon. We use a
top-down path for monitoring the principal areas of every company. Dividing the service in 4 key
elements: service consumers, channels, functions and external services, using standard
dashboards. Then you can go more in depth for technical requirements. Using only one
relevant KPI to assess the service as a whole and monitoring all from different points of view.
• Immediate Results: The sum of Embedded Knowledge plus our Embedded Methodology
brings Immediate Results. In addition, we capture relevant data from disparate components or
technical platforms, giving you a new level of visibility.
1.5 Overview on the Different ModulesTango/04’s new offer is structured into four complete and encompassing modules.
1.5.1 Alignia for Online Business Services (OBS)Alignia for Online Business Services is a standard way of monitoring any type of business service that is
online, meaning that there are real users using such services and a problem in them causes
unavailability of the service and dissatisfaction in the users. The more critical these services are for the
company the more useful this module will be for them. For instance unavailability in an online shop,
internet banking, or insurance quotations makes the company lose money.
1.5.2 Alignia for Business Processes (BP)A business process is a set of activities that produce an outcome for the business.
The business processes we can monitor are supported by technology, these activities are executed on
systems and by applications. They are usually executed in an unattended manner, with or without user
participation.
The main difference between monitoring an online business service and a business process is as
follows: when monitoring online services we monitor real-time business transactions performed by
business users that are working now through every available channel. Any unavailability means that
there are critical users that are not able to interact, which definitely means a waste of productivity and in
many cases of money. However, in most cases when those transactions enter the business systems, a
series of activities (process), both automatic and manual, have to be done within the company. These
activities need to be monitored as well, to be sure they are executed in an appropriate time frame and
with no errors. A business process normally has different steps supported by multiple technologies and
applications, and each one of them has to start, end, and produce an output. When monitoring business
processes we monitor all phases of a complete process to see if they start on time, last as long as
expected, end on time and produce expected results. An example of such processes would be night
batch processes that need to complete correctly before the business opens in the morning, or processes
that continuously receive inputs and have to produce outputs.
© 2017 Tango/04 Computing Group Page 2
The New Offer – Overview on Alignia Product Line
1.5.3 Alignia for Business Applications (BA)All business services and processes rely on IT servers, applications, network devices etc. Business
Applications is the module that allows a customer to monitor such components (directly or by integrating
with third-party solutions) and model them according to the critical business applications that our
customer is using.
As a consequence, Alignia for Business Applications is the foundation needed for Online Business
Services and Processes to integrate information from the supporting IT components and applications.
1.5.4 Alignia for Business Security (BS)Business is also affected by security threats and a lot of regulations. Nowadays more and more systems
and applications have to comply with several compliance regulations or best practices from certification
authorities or governments such as PCI, SOX, Cobit, ISO etc. The compliance or noncompliance of
systems and applications with these regulations also has effects on business services. Maybe a
business service is available from the IT point of view but has security issues. The new Business
Security module allows companies to establish this relationship between the security compliance and
the business services and processes as well as gives an innovative tool for managing the projects to the
Information Security departments, for audits and key indicators.
© 2017 Tango/04 Computing Group Page 3
Alignia for Business Applications Overview
Chapter 22 Alignia for Business Applications Overview
Alignia for Business Applications is a module that is part of the Tango/04 Alignia product, whose main
objective is to help IT departments detect, understand and fix the problems that cause unavailability and
low performance of their business applications. Furthermore, it is the foundation for other Alignia
knowledge modules which provide visibility to the real-time impact of online services and processes on
the business.
More than 15 years of experience working with monitoring solutions has been embedded in Alignia for
Business Applications to create unique monitoring software that joins an application model together with
a set of best practices and procedures regarding standardized practices for monitoring applications.
Alignia for Business Applications also provides IT managers with a powerful tool for the continuous
improvement of their Service Levels. It delivers relevant information to IT departments concerning the
main IT components that have been the root cause of an application’s unavailability or that have been
responsible for breaking Service Level Agreements.
What’s more, Alignia for Business Applications has been designed to be configured, operated and
administered by the IT department in a simple and agile way, so that IT departments can concentrate
their efforts on fixing problems and improving the service, rather than thinking about which applications
to monitor and how to monitor them.
2.1 What is a Business Application?A business application is defined as a piece of software used by internal or external business users to
perform critical business functions for the company: enter orders, claims, billing, etc. Examples of
business applications are SAP Financials, Siebel, the core banking application, SWIFT, etc.
Applications are normally designed in a multi-layer (also known as multi-tier) architecture, where each
layer has specific functionality: presentation, application processing, data management, etc.
In the same way, Tango/04’s Alignia for Business Applications module provides a standard way of
modeling business applications based on layers, where business applications are composed of a
number of (one-tier) standalone applications or devices, one or more per layer.
The critical elements (assets) of the Alignia for Business Applications module are described here:
• Business applications: defined as a set of interrelated standalone applications. Examples of
business applications are Siebel, SAP, EDI, etc.
© 2017 Tango/04 Computing Group Page 4
Alignia for Business Applications Overview
• Standalone applications: are software applications that run on just one server. Examples of
standalone applications are SQL Server, IIS, Siebel application server, etc.
• Servers: in the module a server can support none, one, or more standalone applications. The
servers may have elements such as disks, processes, etc.
• Connectivity Groups: sets of communication devices or standalone applications that
interconnect standalone applications within a business application.
• Communication devices: routers, switches, etc.
• End-point devices: printers, storage.
2.2 Business Application ComponentsA business application can be comprised of:
• At least one standalone application (obligatory)
• Connectivity groups (optional)
• End-point devices (optional)
Figure 1 – Business application components
2.2.1 Standalone Application ComponentsA Standalone application is composed of one of the following components:
• One server, OR
• One end-point device
2.2.2 Connectivity Group ComponentsA Connectivity group connects some of the standalone applications of a business application. It can be
composed of several components:
• Standalone applications (none or N)
• Communication devices (none or N)
© 2017 Tango/04 Computing Group Page 5
Alignia for Business Applications Overview
2.2.3 Other ElementsAll the other elements that a business application may be composed of are not formed by other
components, they include:
• servers
• end-point devices
• communication devices
2.3 Business Applications ArchitectureThe Alignia monitoring solution has two different parts:
• Visualization Part: this is the front-end tool where end-users can view the information
collected by Alignia modules such as Alignia for Business Applications, including:
− an overview of all the assets being monitored
− the individual status of each business application
− the real-time status and performance metrics of standalone applications including
availability, performance and errors
− the real-time status and performance metrics of devices including availability, performance
and errors
• Configuration Part: for administrators of the Alignia monitoring solution. Orchestrator provides
all the tools needed to ensure the results displayed in the Alignia Visualization Engine are
exactly what the end-user needs to see. In Orchestrator we can configure:
− Assets (business applications, standalone applications, connectivity groups and devices)
− Templates
− Monitoring nodes
− Tenants
− Credentials
− and more ...
© 2017 Tango/04 Computing Group Page 6
What is Alignia for Business Applications?
Chapter 33 What is Alignia for Business Applications?
3.1 What is a Business Application in Alignia?As explained above we define a business application as an application such as an ERP, CRM, etc. that
in order to work correctly needs several other components to be available (servers, standalone
applications, network devices etc.).
In today’s complex organization in order to say that a complex application, such as SAP, is working we
cannot only check one Unix server: We will probably have to make sure that the Oracle database, the
Web server, some middleware and the network connectivity are also working. For this reason SAP is
defined as a business application.
If we have an application that in order to know if it is working we will only monitor information from one
server, then this application will be defined as a standalone application.
In this context a business application is an entity defined within Alignia that will be available or not based
on the IT components (servers, standalone applications etc.) that support it.
3.2 What Does it Do?Alignia for Business Applications allows for the monitoring of all servers, standalone applications, and
network devices that support business applications.
It comes with standard templates for monitoring most frequent technologies:
• Operating Systems: AIX, Solaris, Linux, Windows, IBM i, IBM HMC Server
• Network Devices: Cisco, Ports, Network interfaces
• Endpoint devices: Printers, Storage Area Networks (SANs)
• Application Servers: Apache, Tomcat
• Databases: SQL, Oracle, PostgreSQL
• Middleware: IBM WebSphere MQ, JBoss Application Server, Active MQ, Microsoft Exchange,
Microsoft Terminal Server
• Web Servers: IIS, Apache, JBoss, IBM Http
• Virtualization servers: VMware vCenter
© 2017 Tango/04 Computing Group Page 7
What is Alignia for Business Applications?
These templates provide standard and basic out-of-the-box monitoring for all these technologies, which
can be deployed very quickly. See Appendix A: Infrastructure Templates on page 10 for further details
reagarding the controls included with each template.
In case of technologies for which a standard template is not available, it is possible to configure it in a
standard way using the configurable standalone application that provides simple configuration wizards,
that will collect information from databases, SNMPs, log files etc.
3.3 Main BenefitsAlignia for Business Applications provides a simple and quick way of monitoring all IT infrastructure.
• Extremely quick to deploy, as most controls are standard it can be deployed in few hours
• Only relevant information: having too much information is as bad as having too little
information - Alignia for Business Applications provides only those key controls needed to
make sure that business applications are running fine.
• Integration with other monitoring tools: if some parts of the IT infrastructure are already
monitored by other more specialist tools, Alignia for Business Applications can integrate with
them and use their information to model the business applications
• Business focus, provides the IT backbone needed by Alignia for Online Business Services
and Alignia for Business Process to make sure that business is running. So every time a
business application or a component is degraded, it shows which online business services and/
or business processes are being impacted immediately.
3.4 Main FeaturesThese are the most important features of Alignia for Business Applications:
• The IT view: Alignia for Business Applications allows IT people to visualize in real time the
availability of their business applications (ERP, CRM, WMS, etc.) and the impacted online
business service and/or business process
• Root cause analysis, which is the root cause of a business application’s unavailability
• Impact analysis, is a critical business application being impacted by a problem in the
infrastructure?
• BSM: modeling of supporting infrastructure and standalone applications
• AutoDiscovery, automatically discovers all servers and devices
• Templates, templates are applied to the different servers, devices and standalone applications
automatically
• Large set of standard templates, for most common operating systems, databases, Web
servers, etc.
• Configurable controls for technologies where a standard template is not available
• Predefined dashboards built automatically to show application availability and historical
performance metrics
• SLA Reporting: % availability of today, last week, last month, etc. (in the current version of
Alignia BA 1.1 this functionality is only available through another module called Reports, but in
the future version 2.0 it will be integrated within Alignia natively.)
© 2017 Tango/04 Computing Group Page 8
What is Alignia for Business Applications?
− Availability SLAs for all elements created automatically out of the box:
− Availability SLAs for all business applications, systems, devices and standalone
applications
3.5 Other Alignia Modules
3.5.1 Alignia for Online Business ServicesAlignia for Business Applications is the foundation of the other Alignia modules, Online Business
Services and Business Processes.
It is a module that is mainly addressed to IT people, and when in connection with the other modules
gives the CIO the confidence that his team knows exactly which business services and processes are
being impacted by IT issues.
3.5.2 Alignia for Business ProcessesAs mentioned above Alignia for Business Applications is also the foundation needed by Alignia for
Business Processes to reflect IT availability problems impacting the execution of business processes.
An IT problem will impact the execution of a business process if it occurs during process execution.
For instance, if a batch process is being executed, and the system where it’s running goes unavailable,
the process won’t be able to finish.
© 2017 Tango/04 Computing Group Page 9
Templates
Chapter 44 Templates
The Business Applications module has been designed to monitor business applications and its
components in the most standard way and to be implemented as quickly as possible. This is made
possible by the use of templates.
4.1 Types of ControlsThere are two levels of monitoring depending on the level of customization needed:
• Standard templates, or out-of-the-box configuration. Standard templates are available for
standalone applications, servers and for communication devices.
• Configurable controls: a limited number of controls are available to be configured, and
include the industry standard recollection technologies that will allow the monitoring of most of
the applications. They are used when there is no standard or if the customer does not find the
provided standard useful. They are available for standalone applications, communication
devices and endpoint devices. For further details see Appendix B: Configurable Controls on
page 10.
4.2 What are Templates?Alignia for Business Applications templates are collections of plug-and-play pieces of software that
complement the Alignia for Business Applications module. They are designed with best monitoring
practices in mind, and embedded with our extensive knowledge and expertise, so that when they are
applied to your systems, the most common monitoring scenarios for those systems are produced.
© 2017 Tango/04 Computing Group Page 10
Templates
Figure 2 – Templates are available to monitor availability, performance, and errors of a wide range of devices and standalone applications that impact on Business Applications
4.2.1 How are Templates Used?Templates are used in Orchestrator (the Alignia configuration tool) when you create an asset in your
inventory. When the asset is created, Orchestrator applies the corresponding template, which creates
the monitors required to monitor the asset, and these monitors are then in turn modeled in Alignia for
Business Applications:
Step 1. Asset is created in the inventory
Step 2. Orchestrator assigns a template to the asset
Step 3. The template creates the monitors
Step 4. Alignia for Business Applications (and SmartConsole) models the monitors
Figure 3 – By applying templates to them in Orchestrator, we can model our applications, servers and devices in Business Applications
See the Alignia for Business Applications Configuration Guide for details regarding creating assets and
applying templates to them.
For example, you have 10 AIX servers that you want to monitor. Instead of creating 10 sets of monitors
for each machine, you just apply the appropriate template to the 10 AIX servers at once, and 10 sets of
monitors are created automatically. Plus you can visualize the 10 AIX servers instantaneously, without
having to model them manually.
© 2017 Tango/04 Computing Group Page 11
Templates
Figure 4 – Resulting modelization from various templates
4.3 Standard TemplatesThe following table lists the templates currently available with Alignia for Business Applications:
Category Type
Server AIX
Server IBM HMC Server
Server iSeries
Server Linux
Server Solaris
Server Windows
Communication device Cisco
Standalone application Active MQ
Standalone application Apache Web Server
Standalone application Exchange
Standalone application IBM Http Server
Standalone application IIS Web Server
Standalone application JBoss Application Server
Standalone application JBoss Web Server
Standalone application Oracle
© 2017 Tango/04 Computing Group Page 12
Templates
See Appendix A: Infrastructure Templates on page 10 for details of the controls provided by each
template.
4.3.1 Standard Templates in DevelopmentThe following is a table of the templates being developed within Alignia for Business Applications at the
time of writing this document:
Please contact Tango/04 to check the current development status.
For any other technologies or applications, not listed here, you can:
• Use configurable controls in order to monitor the host or standalone application. Configurable
controls are intended to cover most of the situations when you need to monitor a new
technology or application that has no standard template, easily, just by configuring industry
standard controls.
• If you need to monitor a technology which you consider an industry standard, you can suggest
the development of a new template. We will analyze your request and decide whether to create
a new template to be included in the product or not. We are willing to include new templates in
the case that they cover standard technologies available on the market, so that they can be
useful for most of our customers.
Standalone application PostgreSQL
Standalone application SQL Server
Standalone application Terminal Services
Standalone application VMware vCenter
Standalone application WebSphere Application Server (WAS)
Standalone application WebSphere MQ
End-point device Printer
End-point device EMC Clariion
End-point device IBM Storwize SAN
Category Type
Category Type
Standalone application Biztalk
Standalone application MySQL
Standalone application Tomcat
Standalone application WebLogic
Standalone application Microsoft SharePoint
© 2017 Tango/04 Computing Group Page 13
Business Applications Controls
Chapter 55 Business Applications Controls
Controls in Business Applications are achieved by the use of standard templates that are embedded
with monitoring knowledge accumulated over time in hundreds of projects.
5.1 Controls at the Business Application LayerWith the use ot templates, at the business application layer we will be able to control:
• Its health status: availability, performance and error status of the business application
• The impacted business elements (i.e. online service or business process) supported by the
business application
• The problem root cause in order to understand what element has to be fixed and where it is
located (at the standalone layer or at the server layer)
• The health statuses of all the standalone applications that form the business application,
organized by layer (i.e. presentation layer, business or logic layer, data processing layer, etc.)
• And the health status of all the servers and their elements that support the standalone
applications of the business application.
5.2 Controls at the Standalone Application LayerAt the standalone application layer we will be able to control:
• Its health status: availability, performance and error status of the standalone application
• The impacted business elements (i.e. online service or business process) supported by the
standalone application
• The problem root cause in order to understand what element has to be fixed and where it is
located (in a server or a device)
We will be able to see if the standalone application problem is occurring at the core layer and/or at the
context layer.
• Standalone core layer: it means that any problem at the core layer will affect all business
applications supported by this standalone application.
• Standalone context layer: it is used to represent that the stand-alone application has a specific
configuration for a particular business application. That is what we call the context of a
© 2017 Tango/04 Computing Group Page 14
Business Applications Controls
standalone application. Where a problem at the context layer will ONLY affect the
corresponding business application.
5.2.1 Configurable ControlsA limited number of controls are available to be configured for standalone applications, communication
devices and endpoint devices. For further details see Appendix B: Configurable Controls on page 10.
5.3 Controls at the Server LayerAt the Server layer we will be able to control:
• Its general health status: availability, performance and error status of the server
• The impacted business element (i.e. online service, business process, Business Application)
supported by the server
• The problem root cause in order to understand what element has to be fixed
We will be able to see if the server problem occurs at the core layer and/or at the context layer of the
server.
• Core layer: it means that any problem at this layer of the server will affect ALL standalone
applications and all business applications supported by that server.
• Context layer: it is used to represent that a standalone application has a specific configuration
on that server. When a problem occurs at the context layer it only affects the corresponding
standalone application of this context.
5.4 Controls at the Element LayerA server or a standalone application may have types of elements. Examples of element types are:
• At the sever level: disks, processes, services.
• At the standalone application level (for a SQL Server standalone application: database
instances).
At the element layer we will be able to control:
• The health status of the element
• The status of element controls
• The graphics of the metrics associated with each control
• The error messages of the controls of the elements
© 2017 Tango/04 Computing Group Page 15
Appendix A : Infrastructure Templates
Appendix AAppendix A: Infrastructure Templates
The templates needed by Alignia for Business Applications to cover common monitoring scenarios are
provided out-of-the box, meaning they are included with the product, ready to go, and requiring no set
up.
A business application is defined as a piece of software used by internal or external business users to
perform critical business functions for the company, such as entering orders, claims, billing, and so on.
Examples of business applications are SAP Financials, Siebel, the core banking application, SWIFT,
EDI, and more.
There are also common assets that impact on a business application (devices and standalone
applications) and by monitoring these assets we can understand why a business application fails.
Figure 5 – Business applications rely on several assets to function correctly
Alignia for Business Applications infrastructure templates are arranged into two categories to reflect the
assets to be monitored that commonly impact on business applications:
• Devices: are entities that business applications rely on in order to function. Device templates
are included for:
− servers
− communication devices
− end-point devices
• Standalone applications: are software applications that run on just one server, and are used
by business applications. Examples of standalone applications are SQL Server, IIS, Siebel
application server, etc.
© 2017 Tango/04 Computing Group Page 16
Appendix A : Infrastructure Templates
Standalone templates are included for:
− application servers
− database management systems
− Web servers
− virtualization servers
A.1 Requirements by CredentialThe following table describes the requirements needed for each type of credential used in the product.
Credential Name
Requirements Templates
Authenticated user/password
user, password, authentication method (*ANY, *ANYSAFE, Anonymous, Basic, Digest, GSS-Negotiate, Kerberos, NTLM)
Apache
IIS
IBM Http Server
JBoss Web Server
Active MQ
Database DSN
ODBC DSN connections iSeries PostgreSQL Microsoft SQL Server Oracle
iSeries
Ports 449, 8470, 8471, 8475, 8476, 4781, user QUSER must be enabled, *USE authority, Java 6.0, TCP/IP connections, i5/OS V5R2M0 or above, ODBC DSN connection
iSeries
JMX digital certificate
ThinkServer JMXServer WAS, ThinkServer JMXServer JSR, recommended software: jcon-sole
JBoss Application Server
Linux/UnixAuthorization to execute commands for Linux and Unix operations (top, df, vmstat)
AIX Linux Solaris
Oracle TNS
Oracle Client and OCI, TNS value in tns-names.ora, a user with rights to read the V$ tables, additional tables (CHAINED_ROWS, ALERT_LOG)
Oracle
PostgreSQLRead permission to execute queries through ODBC, Read access to pg_stat_database table
PostgreSQL
SNMP v1/v2Read-only community strings Cisco
Printer
SNMP v3Read-only community strings Cisco
Printer
SQLBased on WMI and ODBC technology. Read access to execute the query select * from @@version
Microsoft SQL Server
SSH (public key) or SSH
(user/password)
Access to SSH port (22), authorization to exe-cute the commands described as follows in the template descriptions per platform for SSH (public key) or SSH (user/password) credentials
AIX
Linux
Solaris
VMware vCenter
Telnet (user/password)
Port 23 AIX Linux Solaris
User/password
user, password EMC Clariion
© 2017 Tango/04 Computing Group Page 17
Appendix A : Infrastructure Templates
A.2 DevicesTemplates are available for servers, communication and end-point devices. You can use the Linux
template for your Linux servers, for example, creating all the monitors you need to be able to control
them automatically, such as monitors for CPU usage, network availability, physical and virtual memory,
file systems, and processes.
A.2.1 ServersTemplates are available for the following types of server:
• AIX
• iSeries
• Linux
• Solaris
• Windows
• IBM HMC Server
When you apply the corresponding template to them, you are granted controls over them. For example,
the iSeries template lets you control threads, jobs (and much more).
Figure 6 – Controlling an iSeries application in Business Applications
Windows User
LDAP (port 389), DCOM (port 445), user with Domain Admin privileges, a VPN connection, a local Event Log, shared files and folders on remote machines, user permission to access scheduled tasks on remote machines
Windows
WMIWMI access service (port 135), WMI classes used in Windows and SQL Server operations
Microsoft SQL Server Windows
WebSphere MQ
WebSphere MQ Client, MQ administrator user, a Server Connection MQI channel
IBM WebSphere MQ
Credential Name
Requirements Templates
© 2017 Tango/04 Computing Group Page 18
Appendix A : Infrastructure Templates
Substate Column Key
Availability
Performance
Errors
© 2017 Tango/04 Computing Group Page 19
Appe
ndix A : Infra
structure Tem
plates
© 20
17 Ta
ngo/04
Com
puting G
roup P
age 20
h ConditionsAdditional
InformationMinor health Success
e > N/A Host reachable
> N/A Port reachable
N/A Down Automatic discovery and creation of Net-work Interfaces for Network devices. All Interfaces are "No Core" and won't be monitored by default.
W
(IN BW > 100,000,000 or IN BW < 0) or (OUT BW > 100,000,000 or OUT BW < 0)
(IN BW ≤ 100,000,000 and IN BW ≥ 0) and (OUT BW ≤ 100,000,000 and OUT BW ≥ 0)
% Errors > 5% % Errors ≤ 5%
% Discards > 5% % Discards ≤ 5%
Generic controls for all server types
Credentials needed: none.
Pre-requirements: Network access to the device
Controls performed:
Element type Control name Substate Description Metrics
Healt
Critical health Warning health
GlobalNetwork Availability This control ensures
that a host computer is actually operating
- Ping Response Time
Host unreachable Ping response tim1000 milliseconds
Port
Port availability This control ensures that a port in a host computer is actually lis-tening to requests
- Port Response Time
Port unreachable Port response time50 milliseconds
Network interface
Network Interface Status
This control ensures that the interface is operating
Up N/A
Network Interface Bandwidth
This control ensures that the used band-width is operating within the proper limits
- Bandwidth Usage OUT - Bandwidth Usage IN
(IN BW > 100,000,000 or IN BW < 0) or (OUT BW > 100,000,000 or OUT BW < 0)
(IN BW > 100,000,000 or INBW < 0) or (OUT B> 100,000,000 or OUT BW < 0)
Network Interface Errors
This control ensures that the interface is operating with a proper error rate.
- Number of Errors
% Errors > 10% % Errors > 7%
Network Interface Discards
This control ensures that the interface is operating with a proper discard rate.
- Number of Discards
% Discards > 10% % Discards > 7%
Appe
ndix A : Infra
structure Tem
plates
© 20
17 Ta
ngo/04
Com
puting G
roup P
age 21
ions (top, df, vmstat), recommended software: Putty (http://
Health ConditionsAdditional
Informationealth Minor health Success
95% N/A CPU usage < 95%
rcent ≤ N/A Swap free percent > 10%
rrors > 5 N/A Number of Errors < 5
N/A Available
usage N/A Process CPU usage < 25%
ory N/A Process memory usage < 25%
AIX
Credentials needed: Linux/Unix and Telnet or SSH (Public Key) or SSH (User/Password).
Pre-requirements: Access to SSH port (22 by default), authorization to execute commands for Unix operat
www.putty.org/)
Controls performed:
Element type Control name Substate Description Metrics
Critical health Warning h
Global
CPU usage This control ensures that the host CPU is working within the proper limits
- CPU Usage Per-cent
CPU usage > 95% during more than 10 minutes
CPU usage >
Virtual Memory This control ensures that host virtual memory is working within the proper limits
- Swap free Per-cent- Swap free Mem-ory (Absolute)
Swap free percent ≤ 10% during more than 10 minutes
Swap free pe10%
System Errors Control
Detects errors appearing when executing errpt command
Number of Errors > 10
Number of E
Process
Process Avail-ability
This control ensures that a process is running on the host
Not available N/A
Process CPU Usage
This control ensures that the process CPU usage is within the correct limits
- Process CPU Usage Percent
Process CPU usage ≥ 25% during more than 10 minutes
Process CPU≥ 25%
Process Performance
This control ensures that a process is performing OK on the host
- Process Mem-ory Usage Per-cent
Process memory usage ≥ 25% during more than 10 min-utes
Process memusage ≥ 25%
Appe
ndix A : Infra
structure Tem
plates
© 20
17 Ta
ngo/04
Com
puting G
roup P
age 22
N/A Available Automatic discov-ery and creation of FileSystems. "/" is created as "Core" FileSys-tem by default; the rest as "No Core"
0 N/A % Usage < 90
Health ConditionsAdditional
Informationealth Minor health Success
FileSystem
FileSystem Availability
This control ensures that the filesystem is available
Not available or FreeMB < 100 MBs
N/A
FileSystem Usage
This control ensures that the filesystem usage is within the proper limits
- Filesystem Usage Percent- Free Space (Absolute)
% Usage ≥ 95 % Usage ≥ 9
Element type Control name Substate Description Metrics
Critical health Warning h
Appe
ndix A : Infra
structure Tem
plates
© 20
17 Ta
ngo/04
Com
puting G
roup P
age 23
6.0, TCP/IP connections, i5/OS V5R2M0 or above, 32-bit IBM
to IBM i are supported. See Appendix C on page 72
ditionsAdditional
InformationMinor health Success
N/A CPU usage < 95%
% N/A % Database capability ≤ 90%
00
>
N/A BASEdatabasePages ≤ 2,000 and INTERACTdatabasePages ≤ 2,000and MACHINEdatabasePages ≤ 2,000andSPOOLdatabasePages ≤ 2,000
0
N/A BASEdatabaseFaults + INTERACTdatabaseFaults + MACHINEdatabaseFaults + SPOOLdatabaseFaults ≤ 100
N/A INTERACTdatabaseFaults ≤ 100
iSeries
Credentials needed: iSeries user and database DSN.
Pre-requirements: ports 449, 8470, 8471, 8475, 8476, 4781, User QUSER must be enabled, *USE authority, Java
Client Access ODBC Driver, recommended software: IBM iSeries Access for Windows (Emulator). SSL connections
Controls performed:
Element type Control name Substate Description
Health Con
Critical health Warning health
Global
CPU usage This control ensures that the host CPU is working within the proper limits
CPU usage ≥ 95% during more than 10 minutes
CPU usage ≥ 95%
Database capability used
This control measures the storage used and helps guard against over-usage
% Database capability > 90% during more than 10 minutes
% Database capability > 90
Database page rate
This control ensures that database page rates do not exceed a safe number
BASEdatabasePages > 100,000 Or INTERACTdatabasePages > 100,000Or MACHINEdatabasePages > 100,000OrSPOOLdatabasePages > 100,000
BASEdatabasePages > 2,0Or INTERACTdatabasePages 2,000Or MACHINEdatabasePages >2,000OrSPOOLdatabasePages > 2,000
Database page faults
This control lets you know if there is an unstable num-ber of database page faults
BASEdatabaseFaults + INTERACTdatabaseFaults + MACHINEdatabaseFaults + SPOOLdatabaseFaults > 100 for more than 10 min
BASEdatabaseFaults + INTERACTdatabaseFaults +MACHINEdatabaseFaults +SPOOLdatabaseFaults > 10
Interactive Pool Data-base Page Faults
This control ensures that interactive pool database page faults are at a safe number
INTERACTdatabaseFaults > 100 for more than 10 min
INTERACTdatabaseFaults >100
Appe
ndix A : Infra
structure Tem
plates
© 20
17 Ta
ngo/04
Com
puting G
roup P
age 24
N/A INTERACTnondatabase-Faults ≤ 100
N/A MACHINEdatabaseFaults ≤ 10
ts N/A MACHINEnondatabase-Faults ≤ 10
N/A BASEdatabaseFaults ≤ 100
N/A BASEnondatabaseFaults ≤ 100
>
N/A BASEnondatabaseFaults + INTERACTnondatabase-Faults + MACHINEnondata-baseFaults + SPOOLnondatabaseFaults ≤ 100,000
20 -
da-
>
N/A BASEnondatabasePages ≤ 20 and INTERACTnondata-basePages ≤ 20 and MACHINEnondatabaseP-ages ≤ 20 and SPOOLnon-databasePages ≤ 20
N/A All Batch Jobs' CPU > 50%
N/A All Interactive Jobs' CPU > 50%
m N/A Number of Jobs in the sys-tem ≤ 1,000
ditionsAdditional
InformationMinor health Success
Global
Interactive Pool Non Database Page Faults
This control ensures that interactive pool non-data-base page faults are at a safe number
INTERACTnondatabaseFaults > 100 for more than 10 min
INTERACTnondatabase-Faults > 100
Machine Pool Database Page Faults
This control reports on the number of machine pool database page faults
MACHINEdatabaseFaults > 10 for more than 10 min
MACHINEdatabaseFaults >10
Machine Pool Non database Page Faults
This control ensures that machine pool non-data-base page faults are at a safe number
MACHINEnondatabaseFaults > 10 for more than 10 min
MACHINEnondatabaseFaul> 10
Base Pool Database Page Faults
This control reports on the number or base pool data-base page faults
BASEdatabaseFaults > 100 for more than 10 min
BASEdatabaseFaults > 100
Base Pool Non-database Page Faults
This control ensures that base pool non-database page faults are at a safe number
BASEnondatabaseFaults > 100 for more than 10 min
BASEnondatabaseFaults > 100
Non-database Page Faults
This control reports on the number of non-database page faults
BASEnondatabaseFaults + INTERACTnondatabaseFaults + MACHINEnondatabase-Faults + SPOOLnondatabase-Faults > 100,000 for more than 10 min
BASEnondatabaseFaults + INTERACTnondatabase-Faults + MACHINEnondata-baseFaults + SPOOLnondatabaseFaults 100,000
Non-database Pages Rate
This control lets you know if there is an unstable non-database pages rate
BASEnondatabasePages > 100,000 or INTERACTnonda-tabasePages > 100,000 or MACHINEnondatabasePages > 100,000 or SPOOLnondata-basePages > 100,000
BASEnondatabasePages > or INTERACTnondatabasePages > 20 or MACHINEnontabasePages > 20 or SPOOLnondatabasePages 20
Looping Batch Jobs
This control ensures that there are no Batch jobs locked consuming CPU
If any Batch Job CPU > 50% for more than 5 min
If any Batch Job CPU > 50%
Looping Inter-active jobs
This control ensures that there are no Interactive jobs locked consuming CPU
If any Interactive Job CPU > 50% for more than 5 min
If any Interactive Job CPU >50%
Total Jobs in System
Warns you if total jobs in system exceeds one thou-sand
Number of Jobs in the system > 100,000
Number of Jobs in the syste> 1,000
Element type Control name Substate Description
Health Con
Critical health Warning health
Appe
ndix A : Infra
structure Tem
plates
© 20
17 Ta
ngo/04
Com
puting G
roup P
age 25
s N/A Number of Active Batch Jobs in the system ≤ 100000
e N/A Number of Active Jobs in the system ≤ 100,000
N/A Number of active Threads in system ≤ 2,000
N/A Users signed on ≤ 500
se N/A Job Best Interactive Response Time ≤ 20 millisec-onds
c-N/A Worst Interactive Job
Response Time ≤ 20 Millisec-onds
N/A Number of Problems = 0
Depending on message Severity
Depending on message Severity
Depending on message Severity
Depending on message Severity
Depending on message Severity
Depending on message Severity
Depending on message Severity
Depending on message Severity
Depending on message Severity
Depending on message Severity
Depending on message Severity
Depending on message Severity
ditionsAdditional
InformationMinor health Success
Global
Batch Jobs This control ensures that active batch jobs are at a safe number.
Number of Active Batch Jobs in the system > 500000
Number of Active Batch Jobin the system > 100000
Active Jobs This control ensures that active jobs are at a safe number
Number of Active Jobs in the system > 500,000
Number of Active Jobs in thsystem > 100,000
Active Threads Helps ensure that the num-ber of active threads in a system does not exceed a predefined number
Number of active Threads in system > 10,000
Number of active Threads insystem > 2,000
Users signed on
Warns you if an atypically high number of users are signed on
Users signed on > 100,000 Users signed on > 500
Best Response Time
Warns you if the best response time exceeds the threshold
Job Best Interactive Response Time > 100 milliseconds
Job Best Interactive ResponTime > 20 milliseconds
Worst Response Time
Warns you if the worst response time exceeds the threshold
Worst Interactive Job Response Time > 100 Millisec-onds
Worst Interactive Job Response Time > 20 Milliseonds
Hardware Problems
Warns you of hardware down-time
Number of Critical Problems > 1
Number of Problems > 1
AIX Server Problems
Detects Problems related to AIX Server in HST
Depending on message Severity
Depending on message Severity
Battery Detects Problems related to Battery in HST
Depending on message Severity
Depending on message Severity
Communica-tions
Detects Problems related to Communications in HST
Depending on message Severity
Depending on message Severity
Disks Detects Problems related to Disks in HST
Depending on message Severity
Depending on message Severity
Hardware Detects Problems related to Hardware in HST
Depending on message Severity
Depending on message Severity
IPL Battery Detects Problems related to IPL Battery in HST
Depending on message Severity
Depending on message Severity
Element type Control name Substate Description
Health Con
Critical health Warning health
Appe
ndix A : Infra
structure Tem
plates
© 20
17 Ta
ngo/04
Com
puting G
roup P
age 26
Depending on message Severity
Depending on message Severity
Depending on message Severity
Depending on message Severity
Depending on message Severity
Depending on message Severity
Depending on message Severity
Depending on message Severity
Depending on message Severity
Depending on message Severity
d if minor message detected
if no message detected
N/A Subsystem not active
N/A Status not in (MSGW,LCKW,INEL,HLD)
N/A Number of Job instances ≤ 1 and Number of Job instances ≤ 1
Bs N/A Temporary Storage Used MBs ≤ 512
N/A Job duration ≤ 50,000 min
N/A CPU Usage ≤ 50
ditionsAdditional
InformationMinor health Success
Global
Tapes Detects Problems related to Tapes in HST
Depending on message Severity
Depending on message Severity
Technical Ser-vice
Detects Problems related to Technical Service in HST
Depending on message Severity
Depending on message Severity
Thresholds Detects Problems related to Thresholds in HST
Depending on message Severity
Depending on message Severity
UPS Detects Problems related to UPS in HST
Depending on message Severity
Depending on message Severity
Windows Server
Detects Problems related to Windows Server in HST
Depending on message Severity
Depending on message Severity
Message Queues
Critical mes-sages
This control warns against potential issues in mes-sages and jobs awaiting reply
if critical message detected if warning message detecte
SubsystemSubsystem Activity
This control gives you the operability and start/end events of each subsystem
Subsystem Active N/A
Job
Status Provides the number of jobs in critical statuses
Status in (MSGW,LCKW) Status in (HLD,INEL)
Activity Warns you in case of an abnormal number of jobs
Number of Job instances < 1 or Number of Job instances > 1
N/A
Temporary storage
Ensures that temporary storage used by jobs to run is safe
Temporary Storage Used MBs > 1024
Temporary Storage Used M> 512
Duration Captures the activity and duration of specific jobs
Job duration > 100,000 min Job duration > 50,000 min
CPU Usage Checks if the CPU Usage is within the correct limits
CPU Usage > 50 CPU Usage > 40
Element type Control name Substate Description
Health Con
Critical health Warning health
Appe
ndix A : Infra
structure Tem
plates
© 20
17 Ta
ngo/04
Com
puting G
roup P
age 27
" is
N/A Job Queue Status not in ("DAMAGED", "HELD")
N/A Released Jobs in Queue ≤ 4
N/A Status = OK
N/A Status = OK
N/A Status = OK
N/A LibrarySize ≤ 1,000 MBs
> N/A LibrarySizePercentIncrease ≤ 30%
N/A Library Group Size ≤ 1,000 MBs
Library Group Size Percent Increase > 30%
Library Group Size Percent Increase c 30%
N/A Available
N/A App Usage % ≤90%
ditionsAdditional
InformationMinor health Success
Job queue
Operability Tells you the number of jobs in queue in each sta-tus
Job Queue Status is "DAM-AGED"
Job Queue Status is "HELDor Queue Subsystem name" "
Overflow Safeguards against over-flow
Released Jobs in Queue > 4 for more than 10 min
Released Jobs in Queue > 4
ControllerStatus Controls the status of a
ControllerStatus = NOT OK N/A
LineStatus Controls the status of a
LineStatus = NOT OK N/A
DeviceStatus Controls the status of a
DeviceStatus = NOT OK N/A
Library
Library Size Warns you if library size grows too big
N/A LibrarySize > 1,000 MBs
Library Size Increase
This control measures the percent increase in library size
N/A LibrarySizePercentIncrease50%
Library Groups
Library Group Size
Helps ensure that library groups do not increase too much in size
N/ALibrary Group Size > 1,000 MBs
Library Group Size Increase
This control measures the percent increase in library group size
Library Group Size Percent Increase > 60%
Library Group Size Percent Increase >50%
ASPs
Availability This control ensures that ASP is available
Not Available or (Available and ASPutilization>96%)
N/A
Usage This control ensures that ASP usage is not too high
ASP Usage % >95% App Usage % >95%
Element type Control name Substate Description
Health Con
Critical health Warning health
Appe
ndix A : Infra
structure Tem
plates
© 20
17 Ta
ngo/04
Com
puting G
roup P
age 28
p, free, ps, df, vmstat), recommended software:
ealth ConditionsAdditional
Information health Minor health Success
≥ 95% N/A CPU usage < 95%
mory N/A Physical memory usage < 95%
ercent ≤ N/A Swap free percent > 10%
N/A Available
U usage ≥ N/A Process CPU usage < 25%
mory N/A Process memory usage < 25%
N/A Available Automatic discovery and creation of File-Systems. "/" is cre-ated as "Core" FileSystem by default; the rest as "No Core"
90 % N/A % Usage < 90 %
Linux
Credentials needed: Telnet or SSH (Public Key) or SSH (User/Password).
Pre-requirements: access to SSH port (22 by default), authorization to execute commands for Linux operations (to
Putty (http://www.putty.org/)
Controls performed:
Element type Control name Substate Description Metrics
H
Critical health Warning
Global
CPU usage This control ensures that the host CPU is working within the proper limits
- CPU Usage Percent
CPU usage ≥ 95% during more than 10 minutes
CPU usage
Physical memory This control ensures safe memory usage
Physical memory usage ≥ 95% during more than 10 minutes
Physical meusage ≥ 95%
Virtual Memory This control ensures that the host virtual memory is work-ing within the proper limits
- Swap free Per-cent- Swap free Memory (Abso-lute)
Swap free percent ≤ 10% during more than 10 minutes
Swap free p10%
Process
Process Availability This control ensures that a process is running on the host
Not available N/A
Process CPU usage
This control ensures that a process is performing OK on the host
- Process CPU Usage Percent
Process CPU usage ≥ 25% during more than 10 minutes
Process CP25%
Process Memory Usage
This control ensures that the process Memory usage is within the correct limits
- Process Mem-ory Usage Per-cent
Process memory usage ≥ 25% during more than 10 minutes
Process meusage ≥ 25%
File System
FileSystem Avail-ability
This control ensures that the filesystem is available
Not available or FreeMB < 100 MBs
N/A
FileSystemUsage
This control ensures that the filesystem usage is within the proper limits
% Usage ≥ 95 % % Usage ≥
Appe
ndix A : Infra
structure Tem
plates
© 20
17 Ta
ngo/04
Com
puting G
roup P
age 29
, df, vmstat), recommended software:
ealth ConditionsAdditional
Informationhealth Minor health Success
95% N/A CPU usage < 95%
ory usage N/A Physical memory usage < 95%
cent ≤ N/A Swap free percent > 10%
time > 50 N/A Port reachable
N/A Available
usage ≥ N/A Process CPU usage < 25%
ory usage N/A Process memory usage < 25%
Solaris
Credentials needed: Telnet or SSH (Public Key) or SSH (User/Password).
Pre-requirements: access to SSH port (22 by default), authorization to execute commands for Unix operations (top
Putty (http://www.putty.org/)
Controls performed:
Element type Control name Substate Description Metrics
H
Critical health Warning
Global
CPU usage This control ensures that the host CPU is working within the proper limits
CPU usage ≥ 95% dur-ing more than 10 min-utes
CPU usage ≥
Physical memory This control ensures safe memory usage
Physical memory usage ≥ 95% during more than 10 minutes
Physical mem≥ 95%
Virtual Memory This control ensures that the host virtual memory is working within the proper limits
Swap free percent ≤ 10% during more than 10 minutes
Swap free per10%
Port availability This control ensures that a port in a host computer is actually lis-tening to requests
Port unreachable Port responsemilliseconds
Process
Process Availability This control ensures that a process is run-ning on the host
Not available N/A
Process CPU usage
This control ensures that a process is per-forming OK on the host
- Process CPU Usage Percent
Process CPU usage ≥ 25% during more than 10 minutes
Process CPU25%
Process Memory Usage
This control ensures that the process Mem-ory usage is within the correct limits
- Process Mem-ory Usage Per-cent
Process memory usage ≥ 25% during more than 10 minutes
Process mem≥ 25%
Appe
ndix A : Infra
structure Tem
plates
© 20
17 Ta
ngo/04
Com
puting G
roup P
age 30
N/A Available Automatic dis-covery and cre-ation of FileSystems. "/" is created as "Core" FileSys-tem by default; the rest as "No Core"
N/A % Usage < 90
ealth ConditionsAdditional
Informationhealth Minor health Success
FileSystem
FileSystem Avail-ability
This control ensures that the filesystem is available
Not available or FreeMB < 100 MBs
N/A
FileSystemUsage
This control ensures that the filesystem usage is within the proper limits
% Usage ≥ 95 % Usage ≥ 90
Element type Control name Substate Description Metrics
H
Critical health Warning
Appe
ndix A : Infra
structure Tem
plates
© 20
17 Ta
ngo/04
Com
puting G
roup P
age 31
gSystem, Win32_PerfRawData_PerfOS_Memory,
isk_PhysicalDisk, Win32_LogicalDisk,
rfRawData_PerfNet_Server,
_Environment, Win32_PageFileUsage. Recommended
Health ConditionsAdditional
Informationrning health Minor health Success
sage ≥ 95% N/A CPU usage < 95%
al memory ≥ 95%
N/A Physical memory usage < 95%
memory usage or Page file ≥ 90%
N/A Virtual memory usage < 90% and Page file usage < 90%
N/A Number of Process instances ≥ 1 or num-ber of process instances ≤ 100,000
sage ≥ 15% N/A CPU usage < 15%
s memory ≥ 15%
N/A Process memory usage < 15%
<> 'OK' N/A Available
Windows
Credentials needed: Windows user, WMI
Pre-requirements: WMI access service (port 135), WMI user with permission to query the classes: Win32_Operatin
Win32_PerfRawData_PerfOS_Objects, Win32_PerfRawData_Tcpip_NetworkInterface, Win32_PerfRawData_PerfD
Win32_PerfRawData_PerfOS_System, Win32_ComputerSystem, Win32_NetworkAdapterConfiguration, Win32_Pe
Win32_PerfRawData_PerfOS_Processor, Win32_PerfRawData_PerfProc_Process, Win32_NTEventlogFile, Win32
software: WBEMTest.exe (included in every computer with WMI installed)
Controls performed:
Element type Control name Substate Description Metrics
Critical health Wa
Global
CPU usage This control ensures that the host CPU is working within the proper limits
- CPU Usage Percent CPU usage ≥ 95% dur-ing more than 10 min-utes
CPU u
Physical mem-ory
This control ensures safe memory usage
- Physical Memory Usage Percent
Physical memory usage ≥ 95% during more than 10 minutes
Physicusage
Virtual Memory This control ensures that the host virtual memory is working within the proper limits
- Virtual Memory Usage Percent- Pagefile usage per-cent
Virtual memory usage ≥ 90% or Page file usage ≥ 90% during more than 10 minutes
Virtual≥ 90%usage
Process
Process Avail-ability
This control ensures that a process is running on the host
Number of Process instances < 1 or num-ber of process instances > 100,000
N/A
Process CPU Performance
This control ensures that the process CPU is working within the proper limits
- Process CPU Usage Percent
CPU usage ≥ 15% dur-ing more than 10 min-utes
CPU u
Process CPU Memory
This control ensures that the process memory is working within the proper limits
- Process Memory Usage Percent
Process memory usage ≥ 15% during more than 10 minutes
Procesusage
ServiceService avail-ability
Ensures the availability of Windows services
(not Installed or not Started or State <> 'Running')
Status
Appe
ndix A : Infra
structure Tem
plates
© 20
17 Ta
ngo/04
Com
puting G
roup P
age 32
N/A Available
ge ≥ 90 N/A % Usage < 90
er rate ≥ 125 rs/s
N/A Transfer rate < 125 transfers/s
type is WARN- event type is FAILURE
Event type is MINOR
Event type is INFOR-MATION
Health ConditionsAdditional
Informationrning health Minor health Success
Logical Disk
Logical disk availability
This control ensures that the disk is available
Not available or FreeMB < 100 MBs
N/A
Logical disk usage
This control ensures that the logical disk usage is within the proper limits
- Disk Usage Percent- Free Space (Absolute)
% Usage ≥ 95 % Usa
Physical DiskDisk Transfer Rate
Ensures that the Disk Transfer rate is performing within the correct limits
- Disk Transfer Rate- Disk Queue Length
Transfer rate ≥ 125 transfers/s during more than 10 minutes
Transftransfe
Windows Event Log
Windows Event Log
Detects messages in Win-dows Event Logs
- Network Interface Usage- Received- Send- Total- Output Packet Queue Length
Event type is ERROR Event ING orAUDIT
Element type Control name Substate Description Metrics
Critical health Wa
Appe
ndix A : Infra
structure Tem
plates
© 20
17 Ta
ngo/04
Com
puting G
roup P
age 33
ed software: Putty (http://www.putty.org/)
alth ConditionsAdditional
Informationlth Minor health Success
ry N/A Physical memory usage < 95%
monhmc -r mem -n0
95% N/A Swap used % < 95% monhmc -r swap -n0
ses > N/A Zombie Processes < 15
monhmc -s hmcsvr -n0
ses > N/A Zombie Processes < 15
monhmc -s rmc -n0
5% N/A CPU usage < 95% monhmc -r proc -n0
N/A % Usage < 90 monhmc -r disk -n0
IBM HMC Server
Credentials needed: Telnet or SSH (Public Key) or SSH (User/Password).
Pre-requirements: Access to SSH port (22 by default), authorization to execute "monhmc" commands, recommend
Controls performed:
Element type Control name Substate Description Metrics
He
Critical health Warning hea
Global
Physical Memory Usage
This control ensures safe memory usage
- CPU Usage Per-cent
Physical memory usage ≥ 95% during more than 10 min-utes
Physical memousage ≥ 95%
Swap Memory Usage
This control ensures that host virtual memory is working within the proper limits
- Swap free Per-cent- Swap free Mem-ory (Absolute)
Swap used % ≥ 95% during more than 10 minutes
Swap used % ≥
Server Processes
This control ensures that the number of server zombie processes within the proper limits
Zombie Processes > 20
Zombie Proces15
RMC Processes
This control ensures that the number of RMC zom-bie processes within the proper limits
- Process CPU Usage Percent
Zombie Processes > 20
Zombie Proces15
CPU Usage This control ensures that the host CPU is working within the proper limits
- Process Mem-ory Usage Per-cent
CPU usage ≥ 95% during more than 10 minutes
CPU usage ≥ 9
FileSystem
FileSystem Usage
This control ensures that the filesystem usage is within the proper limits
- Filesystem Usage Percent- Free Space (Absolute)
% Usage ≥ 95 % Usage ≥ 90
Appendix A : Infrastructure Templates
A.2.2 Communication DevicesThree different templates can be applied to Cisco and other communication devices such as routers and
switches. All the necessary monitors are created automatically, giving you various controls over the
devices.
© 2017 Tango/04 Computing Group Page 34
Appe
ndix A : Infra
structure Tem
plates
© 20
17 Ta
ngo/04
Com
puting G
roup P
age 35
owser.shtml) or getif
Health ConditionsAdditional
Informationealth Minor health Success
5% N/A CPU usage < 95%
sage ≥ Memory Pool usage ≥ 85 %
Memory Pool usage < 85 %
shold < Degrees to thresh-old < 10
Degrees to threshold ≥ 10
Cisco
Credentials needed: SNMP v1/v2 and SNMP v3
Pre-requirements: read-only community strings, recommended software: MIBBrowser (http://ireasoning.com/mibbr
Controls performed:
Element type Control name Substate Description Cisco
Critical health Warning h
Global
CPU usage This control ensures that the host CPU is working within the proper limits
- CPU Usage Per-cent
CPU usage ≥ 95% during more than 10 minutes
CPU usage ≥ 9
Memory This control ensures safe memory usage
- Memory Usage Percent
Memory Pool usage ≥ 95 %
Memory Pool u90 %
Temperature This control ensures a safe working tempera-ture of devices
- Current Tempera-ture
Temperature > Device-TemperatureThreshold
Degrees to thre5
Appendix A : Infrastructure Templates
A.2.3 End-Point DevicesTemplates are available for the following types of end-point device:
• Printer
• EMC Clariion SAN
• IBM Storwize SAN
Printers can be monitored using the Printer template, which provides controls for not only checking
availability, but also detecting issues.
You can apply the template to all of your printers at the same time, saving you from having to create sets
of monitors for each printer.
© 2017 Tango/04 Computing Group Page 36
Appe
ndix A : Infra
structure Tem
plates
© 20
17 Ta
ngo/04
Com
puting G
roup P
age 37
owser.shtml) or getif
ditions
Additional Information
health Minor health Success
N/A No errors in the printer
Supplies type: 1.3.6.1.2.1.43.11.1.1.4.1.1Status: 1.3.6.1.2.1.25.3.5.1.2.1
Printer
Credentials needed: SNMP v1/v2 and SNMP v3
Pre-requirements: read-only community strings, recommended software: MIBBrowser (http://ireasoning.com/mibbr
Controls performed:
Element type Control name Substate Description Metrics
Health Con
Critical health Warning
Global
Problems This control warns of printer problems
Possible problems:128: 'Low Paper',64: 'No Paper', 32: 'Low Toner',16: 'No Toner',8: 'Door Open',4: 'Jammed',2: 'Offline',1: 'Service Requested',128: 'Input Tray Missing',64: 'Output Tray Missing',32: 'Marker Supply Missing',16: 'Output Near Full',8: 'Output Full',4: 'Input Tray Empty',2: 'Overdue Preventive Maintenance',
N/A
Appe
ndix A : Infra
structure Tem
plates
© 20
17 Ta
ngo/04
Com
puting G
roup P
age 38
(top, df, vmstat)
itions
Additional Information
Minor health Success
N/A No Faults detected NaviSECCli.exe - h Device-Name -User UserName - Pass-word Password - Scope GLOBAL faults -list
N/A % Invalid LUNs ≤ 10 NaviSECCli.exe - h Device-Name -User UserName - Pass-word Password - Scope GLOBAL getlun -type -state
N/A % Invalid RAIDs ≤ 10 NaviSECCli.exe - h Device-Name -User UserName - Pass-word Password - Scope GLOBAL getrg -type -state
N/A SP Read Cache State is enabled or SP Write Cache State is enabled
NaviSECCli.exe - h Device-Name -User UserName -Pass-word Password - Scope GLOBAL getall -cache
EMC Clariion
Credentials needed: User/Password.
Pre-requirements: EMC Navisphere CLI (NaviSECCli.exe), authorization to execute commands for Unix operations
Controls performed:
Element type Control name Substate Description Metrics
Health Cond
Critical health Warning health
Global
Faults List List of any faulty compo-nents on the storage system
Faults detected N/A
LUNs state List of states of LUNs % Invalid LUNs > 10 % Invalid LUNs > 1
Global
RAID Groups status
List of states of RAID groups
% Invalid RAIDs > 10 % Invalid RAIDs > 1
SP Cache state
List of states of read & write cache for both SPs
SP Read Cache State is not enabled or SP Write Cache State is not enabled
N/A
Appe
ndix A : Infra
structure Tem
plates
© 20
17 Ta
ngo/04
Com
puting G
roup P
age 39
tware: Putty (http://www.putty.org/)
Health ConditionsAdditional
Informationg health Minor health Success
ge ≥ 95% N/A CPU usage < 95% lssystemstats -delim :
ge ≥ 95% N/A CPU usage < 95% lssystemstats -delim :
usage ≥ s
N/A Interface usage < 500 MBps
lssystemstats -delim :
usage ≥ s
N/A Interface usage < 500 MBps
lssystemstats -delim :
usage ≥ s
N/A Interface usage < 500 MBps
lssystemstats -delim :
500 ms N/A Latency < 500 ms lssystemstats -delim :
ut ≥ 500 ms N/A Throughput < 500 ms lssystemstats -delim :
500 ms N/A Latency < 500 ms lssystemstats -delim :
ut ≥ 500 ms N/A Throughput < 500 ms lssystemstats -delim :
IBM Storwize SAN
Credentials needed: Telnet or SSH (Public Key) or SSH (User/Password).
Pre-requirements: Access to SSH port (22 by default), authorization to execute "lssystemstats", recommended sof
Controls performed:
Element type Control name Substate Description Metrics
Critical health Warnin
Global
Compression CPU Usage
- % Compression CPU Usage
CPU usage ≥ 95% during more than 10 minutes
CPU usa
System CPU Usage
- % System CPU Usage CPU usage ≥ 95% during more than 10 minutes
CPU usa
FC Interface usage
- FC Interface Throughput Interface usage ≥ 500 MBps during more than 10 minutes
Interface 500 MBp
iSCSI Interface usage
- iSCSI Interface Throughput Interface usage ≥ 500 MBps during more than 10 minutes
Interface 500 MBp
SAS Interface usage
- SAS Interface Throughput Interface usage ≥ 500 MBps during more than 10 minutes
Interface 500 MBp
MDisks Read Latency
- Read Latency Latency ≥ 500 ms during more than 10 minutes
Latency ≥
MDisks Read Throughput
- Read Throughput Throughput ≥ 500 MBps during more than 10 min-utes
Throughp
MDisks Write Latency
- Write Latency Latency ≥ 500 ms during more than 10 minutes
Latency ≥
MDisks Write Throughput
- Write Throughput Throughput ≥ 500 MBps during more than 10 min-utes
Throughp
Appe
ndix A : Infra
structure Tem
plates
© 20
17 Ta
ngo/04
Com
puting G
roup P
age 40
500 ms N/A Latency < 500 ms lssystemstats -delim :
ut ≥ 500 ms N/A Throughput < 500 ms lssystemstats -delim :
500 ms N/A Latency < 500 ms lssystemstats -delim :
ut ≥ 500 ms N/A Throughput < 500 ms lssystemstats -delim :
Global
VDisks Read Latency
- Read Latency Latency ≥ 500 ms during more than 10 minutes
Latency ≥
VDisks Read Throughput
- Read Throughput Throughput ≥ 500 MBps during more than 10 min-utes
Throughp
VDisks Write Latency
- Write Latency Latency ≥ 500 ms during more than 10 minutes
Latency ≥
VDisks Write Throughput
- Write Throughput Throughput ≥ 500 MBps during more than 10 min-utes
Throughp
Appendix A : Infrastructure Templates
A.3 Standalone ApplicationsTemplates for standalone applications ensure you can monitor them with best practices in as little time
as possible. Controlling standalone applications is crucial to the business, and templates make it easy,
as the controls are instant.
Standalone applications are categorized as follows:
• Application Servers
• Database Management Systems
• Middleware
• Web Servers
• Virtualization Servers
Different templates are available depending on which type of standalone application you want to control.
A.3.1 Application ServerTemplates are available for:
• IBM Websphere Application Server
It lets you control:
• JVM memory and uptime
• pool usage
• number of faults
• wait and response time
• sessions
• error and request statistics
• loaded servlets
A.3.2 Database Management SystemTemplates are available for:
• SQL Server
• Oracle
• Postgres
They let you control:
• locks
• sessions
• availability
• response time
• storage
© 2017 Tango/04 Computing Group Page 41
Appe
ndix A : Infra
structure Tem
plates
© 20
17 Ta
ngo/04
Com
puting G
roup P
age 42
structure (PMI) must be activated on WebSphere (Please refer
Release VersionAdditional
Information
ealth Success
Memory usage % ≤ 95%
4.02.30000
JVM up & running 4.02.30000
Average usage ≤ 5s
4.02.30000
Faults % ≤ 0,2 4.02.30000
Average Waiting Time ≤ 0,1s
4.02.30000
Active Sessions ≤ 600
4.02.30000
Created Sessions ≤ 12000
4.02.30000
Invalidated Sessions ≤ 1000
4.02.30000
IBM WebSphere Application Server
Credentials needed: WebSphere Application Server
Pre-requirements: WAS Client (32 bits) installed in the Monitoring node machne. The Performance Monitoring Infra
to the IBM WebSphere user guide).
Controls performed:
Element type
Control name Substate Description
Health Conditions
Critical health Warning health Minor h
Global
JVM Memory Used
Ensures that the JVM memory usage is within the correct limits
Memory usage % > 95% during more than 10 minutes
Memory usage % > 95%
N/A
JVM Uptime Ensures that the JVM uptime is within the correct limits
JVM is not up N/A N/A
Pool Usage Ensures that the JDBC connection pool usage is within the correct limits
Average usage >7s Average usage > 5s N/A
JDBC Datasource
Number of faults
Ensures that the number of faults is within tolerated limits
Faults % > 0,5 Faults % > 0,2 N/A
Wait Time Ensures that the amount of time required to obtain a connection is within the correct limits
Average Waiting Time > 0,25s
Average Waiting Time > 0,1s
N/A
Web Module
Active Sessions
Ensures that the number of sessions is within the correct limits
Active Sessions > 1000
Active Sessions > 600
N/A
Created Sessions
Ensures that the number of creared sessions is within the correct limits
Created Sessions > 15000
Created Sessions > 12000
N/A
Invalidated Sessions
Ensures that the number of invalidated sessions is within the correct limits
Invalidated Sessions > 2000
Invalidated Sessions >1000
N/A
Appe
ndix A : Infra
structure Tem
plates
© 20
17 Ta
ngo/04
Com
puting G
roup P
age 43
Release VersionAdditional
Information
ealth Success
No room for new sessions ≤ 1000
4.02.30000
Number of errors ≤ 100
4.02.30000
Invalidated Sessions ≤ 1000
4.02.30000
Number of requests ≤5
4.02.30000
Response Time ≤30s
4.02.30000
Element type
Control name Substate Description
Health Conditions
Critical health Warning health Minor h
Web Module
No room for new sessions
Ensures that the number of sessions that could not be created becuase the number of sessions had been exceeded is within the correct limits
No room for new sessions > 2000
No room for new sessions > 1000
N/A
Error Statistics Ensures that the number of errors is within the correct limits
Number of errors > 200
Number of errors > 100
N/A
Loaded Servlets
Ensures that the number of servlets is within the correct limits
Invalidated Sessions > 2000
Invalidated Sessions >1000
N/A
Requests Statistics
Ensures that the number of requests is within the cor-rect limits
Number of requests >10
Number of requests >5
N/A
Response Time Ensures that the response time is within the correct limits
Response Time >60s
Response Time >30s
N/A
Appe
ndix A : Infra
structure Tem
plates
© 20
17 Ta
ngo/04
Com
puting G
roup P
age 44
user with permissions to query the classes:
ServerBufferManager;
rLocks, recommended software: SQL Server Management
Health ConditionsAdditional
Information health Minor health Success
ctions > N/A UserConnections ≤ 1,000
e Hit N/A Buffer Cache Hit Ratio ≥ 90
ocks/s > N/A Lock Deadlocks/s = 0
uts/s > 2 N/A Lock Timeouts/s ≤ 2
N/A Available
> 80% N/A % Log used ≤ 90%
Microsoft SQL Server
Credentials needed: Database DSN, WMI
Pre-requirements: ODBC user with access to the database instance (execution of select @@version query), WMI
Win32_PerfRawData_MSSQLSERVER_SQLServerGeneralStatistics; Win32_PerfRawData_MSSQLSERVER_SQL
Win32_PerfRawData_MSSQLSERVER_SQLServerDatabases; Win32_PerfRawData_MSSQLSERVER_SQLServe
Studio
Controls performed:
Element type Control name Substate Description Metrics
Critical health Warning
Global
Active connec-tions
Ensures that the number of User connections of the SQL Server is within the correct limits
- Number of active con-nections
UserConnections > 2,000
UserConne1,000
Buffer Cache Hit Ratio
Ensures that the buffer cache hit ratio of the SQL Server is within the correct limits
- Buffer Cache hit ratio Buffer Cache Hit Ratio < 85
Buffer CachRatio < 90
Lock deadlocks Ensures that the lock dead-locks rate of the SQL Server is within the correct limits
- Number of Lock dead-locks
Lock Deadlocks/s > 2
Lock Deadl0
Lock timeouts Ensures that the lock time-outs rate of the SQL Server is within the correct limits
- Number of Lock Time-outs
Lock Timeouts/s > 4
Lock Timeo
Database
Database avail-ability
Ensures that the database is available
Not Available N/A
Transaction log usage
Ensures that the transac-tion log usage is within the correct limits
- Transaction Log usage percent
% Log used > 90% % Log used
Appe
ndix A : Infra
structure Tem
plates
© 20
17 Ta
ngo/04
Com
puting G
roup P
age 45
V$ tables (v$session, v$sysstat, v$parameter, v$instance),
ware: Oracle SQL Developer.
ns
Additional Information
inor health Success
ber of Sessions 0,000,000 or ber of Sessions
Number of Ses-sions ≤ 100,000,000 or Number of Ses-sions ≥ 0
select count(1) from v$session where type <>’BACKGROUND’ and status = ‘ACTIVE’
Buffer Cache Hit Ratio ≥ 70
SELECT trunc((1-(SUM(decode(name, ‘physical reads’, value,0))/(SUM(DECODE(name, ‘db block gets’, value,0))+(SUM(DECODE(name, ‘consistent gets’, value,0)))))) * 100) FROM V$SYSSTATSELECT value FROM V$PARAM-ETER WHERE name =’db_cache_size SELECT value FROM V$PARAMETER WHERE name=’db_block_buffers SELECT value FROM V$PARAMETER WHERE name=’db_block_size
ber of Locks > 00000 or Num-f Locks < 0
Number of Locks ≤ 100,000,000 or Number of Locks ≥ 0
select count(1) from v$session where username IS NOT NULL AND lockwait IS NOT NULL
Available select(1) from dual
Status is 'ACTIVE' select database_status from v$instance
Oracle database server
Credentials needed: Oracle TNS, database DSN.
Pre-requirements: 32-bit Oracle ODBC Client, TNS value in tnsnames.ora, ODBC user with rights to read the
additional tables (CHAINED_ROWS, ALERT_LOG, dba_data_files, dba_free_space, all_tables), recommended soft
Controls performed:
Element type
Control name
Substate Description Metrics
Health Conditio
Critical health Warning health M
Global
Active con-nections
Ensures that the num-ber of User connec-tions of the Oracle database instance is within the correct limits
- Number of active ses-sions
Number of Sessions > 100,000,000 or Number of Sessions < 0
Number of Sessions > 100,000,000 or Number of Sessions < 0
Num> 10Num< 0
Buffer Cache hit ratio
Ensures that the buffer cache hit ratio of the Oracle database instance is within the correct limits
- Buffer Cache hit ratio
Buffer Cache Hit Ratio < 70 for more than 10 min
Buffer Cache Hit Ratio < 70
N/A
lock dead-locks
Ensures that the lock deadlocks rate of the Oracle database instance is within the correct limits
- Number of lock dead-locks
Number of Locks > 100,000,000 or Number of Locks < 0
Number of Locks > 100,000,000 or Number of Locks < 0
Num1000ber o
Instance availability
Ensures Oracle Instance is available
Not Available N/A N/A
Database status
Ensures that Oracle database status is active
Status not 'ACTIVE' N/A N/A
Appe
ndix A : Infra
structure Tem
plates
© 20
17 Ta
ngo/04
Com
puting G
roup P
age 46
Available select tablespace_name from dba_tablespaces where tablespace_name = ‘TableSpace-Name’
% Usage ≤ 90% select a.tablespace_name
TableSpace,a.TotalAsigned/1024/
1024 Assigned_MB, b.Free/1024/
1024 free_MB, (a.TotalAsigned -
b.Free)/1024/1024 Used_MB,
((a.TotalAsigned - b.Free) * 100)/
a.TotalAsigned Used_Percent from
(select tablespace_name,
sum(bytes) TotalAsigned from
dba_data_files group by
tablespace_name) a, (select
tablespace_name , sum(bytes)
Free, max(bytes) Mayor_blk from
dba_free_space group by
tablespace_name) b where
a.tablespace_name =
b.tablespace_name and
a.tablespace_name = 'TableSpace
Name'
Status = ‘VALID’ select status from all_tables where
table_name = ‘TableName’
ns
Additional Information
inor health Success
Tablespace
Tablespace availability
Ensures that Oracle tablespace status is available
Not Available N/A N/A
Tablespace occupation
Ensures that Oracle tablespace usage is within the correct limits
- Tablespace usage per-cent- Tablespace free space
% Usage > 95% % Usage > 90% N/A
TableTable status Ensures that Oracle
table status is validStatus not ‘VALID’ N/A N/A
Element type
Control name
Substate Description Metrics
Health Conditio
Critical health Warning health M
Appe
ndix A : Infra
structure Tem
plates
© 20
17 Ta
ngo/04
Com
puting G
roup P
age 47
te and pg_class, recommended software: pgAdmin.
ions
Additional Information
Minor health Success
/A Users Connected ≤ 1000
SELECT numbackends as User-sConnected,xact_commit as Tx_Commit, xact_rollback as Tx_RolledBack, blks_read as Block-sRead,blks_hit as BlocksHit, con-flicts as Conflicts, CASE WHEN deadlocks_exists THEN dead-locks::text::BigInt ELSE '-1'::text::BigInt END AS Dead-LocksFROM pg_stat_databaseCROSS JOIN (SELECT EXISTS (SELECT 1 FROM pg_attribute WHERE attrelid = (SELECT oid FROM pg_class WHERE relname = 'pg_stat_database') AND att-name = 'deadlocks') AS deadlocks_exists) deadlocksWHERE datname = 'Database Name'
PostgreSQL
Credentials needed: Database DSN.
Pre-requirements: 32-bit PostgreSQL driver, ODBC User with rights to read the pg_stat_database table, pg_attribu
Controls performed:
Element type
Control name
Substate Description Metrics
Health Condit
Critical health Warning health
Database
Active Con-nections
Ensures that the num-ber of User connec-tions is within the correct limits
- Number of active connec-tions
User Connections > 2000
User Connections > 1000
N
Appe
ndix A : Infra
structure Tem
plates
© 20
17 Ta
ngo/04
Com
puting G
roup P
age 48
/A Buffer Cache hit ratio ≥ 90
SELECT numbackends as User-sConnected,xact_commit as Tx_Commit, xact_rollback as Tx_RolledBack, blks_read as Block-sRead,blks_hit as BlocksHit, con-flicts as Conflicts, CASE WHEN deadlocks_exists THEN dead-locks::text::BigInt ELSE '-1'::text::BigInt END AS Dead-LocksFROM pg_stat_databaseCROSS JOIN (SELECT EXISTS (SELECT 1 FROM pg_attribute WHERE attrelid = (SELECT oid FROM pg_class WHERE relname = 'pg_stat_database') AND att-name = 'deadlocks') AS deadlocks_exists) deadlocksWHERE datname = 'Database Name'
ock Deadlocks/ > 6
Number of Dead-locks ≤ 6
SELECT numbackends as User-sConnected,xact_commit as Tx_Commit, xact_rollback as Tx_RolledBack, blks_read as Block-sRead,blks_hit as BlocksHit, con-flicts as Conflicts, CASE WHEN deadlocks_exists THEN dead-locks::text::BigInt ELSE '-1'::text::BigInt END AS Dead-LocksFROM pg_stat_databaseCROSS JOIN (SELECT EXISTS (SELECT 1 FROM pg_attribute WHERE attrelid = (SELECT oid FROM pg_class WHERE relname = 'pg_stat_database') AND att-name = 'deadlocks') AS deadlocks_exists) deadlocksWHERE datname = 'Database Name'
/A Available SELECT version()
ions
Additional Information
Minor health Success
Database
Buffer Cache hit ratio
Ensures that the buf-fer cache hit ratio is within the correct lim-its
- Buffer cache hit ratio
Buffer Cache hit ratio < 85
Buffer Cache hit ratio < 90
N
Lock dead-locks
Ensures that the lock deadlocks rate is within the correct lim-its
- Number of Lock deadlocks
Lock Deadlocks/s > 10
Lock Deadlocks/s > 8 Ls
Database availability
Ensures that the data-base is available
Not Available N/A N
Element type
Control name
Substate Description Metrics
Health Condit
Critical health Warning health
Appe
ndix A : Infra
structure Tem
plates
© 20
17 Ta
ngo/04
Com
puting G
roup P
age 49
A.3.3
MiddlewareA template is available for WebSphere MQ that gives you control over:• channels and queues
• the Queue Manager
There are also templates for:
• JBoss Application Server
• Active MQ
• Microsoft Exchange
• Microsoft Terminal Server
Appe
ndix A : Infra
structure Tem
plates
© 20
17 Ta
ngo/04
Com
puting G
roup P
age 50
mended software: IBM MQ Explorer. SSL connections to IBM
Health ConditionsAdditional
Informationealth Minor health Success
N/A Connected
s is not N/A Channel Status is "RUNNING"
> 90 N/A Queue Depth ≤ 90
IBM WebSphere MQ
Credentials needed: WebSphere MQ
Pre-requirements: WebSphere MQ 32-bits Client (http://www-01.ibm.com/software/integration/wmq/clients/), recom
WebSphere MQ are supported. See Appendix E on page 83
Controls performed:
Element type Control name Substate Description Metrics
Critical health Warning h
GlobalQueue Manager Availability
Ensures that the Queue man-ager is working properly
Not Connected N/A
ChannelChannel status Ensures that the MQ Channel
is working properlyChannel Status is "STOPPED"
Channel Statu"RUNNING"
QueueQueue depth Ensures that the MQ Queue
depth is working within the proper limits
- Queue Depth Queue Depth > 100 Queue Depth
Appe
ndix A : Infra
structure Tem
plates
© 20
17 Ta
ngo/04
Com
puting G
roup P
age 51
alth ConditionsAdditional
Informationlth Minor health Success
s > N/A Number of threads ≤ 800,000
ory N/A % Non heap memory used ≤ 80%
used N/A % Heap memory used ≤ 80%
% N/A CPU usage < 80%
JBoss Application Server
Credentials needed: JMX digital certificate
Pre-requirements: ThinkServer JMXServer WAS, ThinkServer JMXServer JSR, recommended software: jconsole
Controls performed:
Element type
Control name
Substate Description Metrics
He
Critical health Warning hea
Global
Number of Threads
Ensures that the number of threads is within the correct limits
- Number of threads
Number of threads > 1,000,000
Number of thread800,000
Non Heap Memory Usage
Ensures that the non heap memory usage is within the correct limits
- Non heap mem-ory usage
% Non heap memory used > 90%
% Non heap memused > 80%
Heap Mem-ory Usage
Ensures that the heap memory usage is within the correct limits
- Heap memory usage
% Heap memory used > 90%
% Heap memory> 80%
CPU Usage Monitor
Ensures that CPU usage is within the correct limits
CPU usage ≥ 80% during more than 10 min
CPU usage ≥ 80
Appe
ndix A : Infra
structure Tem
plates
© 20
17 Ta
ngo/04
Com
puting G
roup P
age 52
Health ConditionsAdditional
Information health Minor health Success
N/A Available
N/A Available
10 Queue size > 5 Queue size ≤ 5
ory usage N/A Queue memory usage ≤ 95%
nsumers Number of consum-ers > 5
Number of consum-ers ≤ 5
N/A Available
10 Topic size > 5 Topic size ≤ 5
y usage > N/A Topic memory usage ≤ 95%
nsumers Number of consum-ers > 5
Number of consum-ers ≤ 5
Active MQ
Credentials needed: Authenticated user/password
Pre-requirements: Jolokia bridge setup in ActiveMQ (by default since version 5.9.1)
Controls performed:
Element type Control name Substate Description Metrics
Critical health Warning
GlobalBroker status Ensures that the Queue
Manager is working prop-erly
Not Available N/A
Queue
Queue availability Ensures that the Queue is available
Not Available N/A
Queue size Ensures that the Queue size is within the correct limits
- Queue Depth Queue size > 15 Queue size >
Queue memory usage Ensures that the Queue memory usage is within the correct limits
- Queue Memory usage percent
Queue memory usage > 95% during more than 10 min
Queue mem> 95%
Queue consumer count
Ensures that the Queue consumer count is within the correct limits
- Queue Con-sumer count
Number of consum-ers > 15
Number of co> 10
Topic
Topic availability Ensures that the Topic is available
Not Available N/A
Topic Queue size Ensures that the Topic size is within the correct limits
- Topic Queue Depth
Topic size > 15 Topic size >
Topic memory usage Ensures that the Topic memory usage is within the correct limits
- Topic Memory usage percent
Topic memory usage > 95% during more than 10 min
Topic memor95%
Topic consumer count Ensures that the Topic consumer count is within the correct limits
- Topic Con-sumer count
Number of consum-ers > 15
Number of co> 10
Appe
ndix A : Infra
structure Tem
plates
© 20
17 Ta
ngo/04
Com
puting G
roup P
age 53
l) protocol to communicate. A service must be installed on the
nted
Health ConditionsAdditional
Informationarning health Minor health Success
N/A OK
N/A OK
N/A OK
sageCountin-ue > 20
MessageCountin-Queue ≤ 20
N/A OK
N/A RequiredSer-vicesRunning = True
Microsoft Exchange
Credentials needed: Windows
Pre-requirements: When connecting to a remote Windows host the Agent uses the RPC (Remote Procedure Cal
remote computer through SMB (Server Message Block), and you must:
• provide an administrator account in order to automatically install this service,
• enable administrative share on the remote host, because access to the remote service manager has to be gra
Controls performed:
Element type Control name Substate Description Metrics
Critical health W
Global
IMAP Connectivity
This test executes the Test-ImapConnec-tivity cmdlet to verify that the IMAP4 ser-vice is running as expected.
- IMAP Test Latency
Not OK N/A
POP Connectivity
This test executes the Test-PopConnectiv-ity cmdlet to verify that the POP service is running as expected.
- POP Test Latency
Not OK N/A
SMTP Connectivity
Control that executes if the SMTP service is working properly.
Not OK N/A
Mail Queues Ensures that no messages are being queued in any Mail Queue
- Total mes-sages in all queues
MessageCountin-Queue > 30
MesQue
Mailflow The mailflow test executes the Test-Mail-flow cmdlet to diagnose whether mail can be successfully sent from and delivered to the system mailbox on a Mailbox server
Not OK N/A
Services Required
The Test-ServiceHealth cmdlet used by this control is used to test whether all the Microsoft Windows services that Exchange requires on a server have started. The Test-ServiceHealth cmdlet returns an error for any service required by a configured role when the service is set to start automatically and isn't cur-rently running.
RequiredServices-Running = False
N/A
Appe
ndix A : Infra
structure Tem
plates
© 20
17 Ta
ngo/04
Com
puting G
roup P
age 54
N/A (MountAtStartup = True and Mounted = False)
N/A OK
Health ConditionsAdditional
Informationarning health Minor health Success
Exchange Mailbox
Database
Mailbox Data-base
Ensures that a Mailbox database that should be mounted at startup is Mounted
- Size- Available Space
(MountAtStartup = True and Mounted = False)
N/A
MAPI Connec-tivity
This control uses the Test-MapiConnectiv-ity cmdlet to verify server functionality by logging on to the mailbox
Not OK N/A
Element type Control name Substate Description Metrics
Critical health W
Appe
ndix A : Infra
structure Tem
plates
© 20
17 Ta
ngo/04
Com
puting G
roup P
age 55
SessionManager_TerminalServices
Health ConditionsAdditional
Informationning health Minor health Success
ssions > 100) lSessions < 0
N/A 0 ≤ TotalSessions ≤ 100
essions > 100) veSessions < 0
N/A 0 ≤ ActiveSessions ≤ 100
tive Sessions > N/A % Inactive Sessions ≤ 90
Microsoft Terminal Services
Credentials needed: Windows
Pre-requirements: Permissions to execute the following WMI query: select * from Win32_PerfRawData_Local
Controls performed:
Element type Control name Substate Description Metrics
Critical health War
Global
Total number of sessions
Controls that the total num-ber of sessions is within the correct limits
- Total Number of Ses-sions
TotalSessions > 100) or (TotalSessions < 0
TotalSeor (Tota
Number of Active Sessions
Controls that the number of active sessions is within the correct limits
- Number Active Ses-sions
ActiveSessions > 100) or (ActiveSessions < 0
ActiveSor (Acti
Percentage of Inactive Ses-sions
Controls that the % of inac-tive sessions is within the correct limits
- Number Inactive Sessions- Percentage of Inac-tive Sessions
% Inactive Sessions > 90
% Inac80
Appe
ndix A : Infra
structure Tem
plates
© 20
17 Ta
ngo/04
Com
puting G
roup P
age 56
A.3.4
Web ServerYou can apply a Web Server template to your Web server in order to create controls for:• availability
• response times
Applying a template to a Web server is easy and the controls are immediate. You can apply it to:
• IIS Web Servers
• Apache Web Servers
• JBoss Web Servers
• IBM Http Servers
Appe
ndix A : Infra
structure Tem
plates
© 20
17 Ta
ngo/04
Com
puting G
roup P
age 57
ta_W3SVC_WebService.
WMI installed)
Health ConditionsAdditional
Informationalth Minor health Success
N/A ResponseCode < 400
> 10 s ResponseTime > 5 s ResponseTime ≤ 5 s
ectionberOf-)
(NumberOfConnec-tions > 300) or (Num-berOfConnections < 0)
(NumberOfConnections > 0) and (NumberOfCon-nections <300)
IIS Web Server
Credentials needed: Windows, Authenticated user/password
Pre-requirements: WMI access service (port 135), WMI user with permission to query the class: Win32_PerfRawDa
Recommended software: WBEMTest.exe (automatically included with every computer that has
Controls performed:
Element type Control name Substate Description Metrics
Critical health Warning he
Web site
Web site Avail-ability
Ensures that the Web site is up & running
ResponseCode ≥ 400 N/A
Web site Response Time
Ensures that the Web site response time is within the correct limits
- Website Response Time
Response time > 15 s ResponseTime
Global
Users con-nected
Ensures that the number of users connected to IIS is within the current limits
Number of users connected
(NumberOfConnec-tions >500) or (Num-berOfConnections <0)
(Number0fConns >400) or (NumConnections < 0
Appe
ndix A : Infra
structure Tem
plates
© 20
17 Ta
ngo/04
Com
puting G
roup P
age 58
ealth ConditionsAdditional
Informationlth Minor health Success
N/A ResponseCode < 400
10 s ResponseTime > 5 s ResponseTime ≤ 5 s
Apache Web Server
Credentials needed: Authenticated user/password
Pre-requirements: none
Controls performed:
Element type Control name Substate Description Metrics
H
Critical health Warning hea
Web site
Web site Avail-ability
Ensures that the Web site is up & running
ResponseCode ≥ 400 N/A
Web site Response Time
Ensures that the Web site response time is within the correct limits
- Website Response Time
Response time > 15 s ResponseTime >
Appe
ndix A : Infra
structure Tem
plates
© 20
17 Ta
ngo/04
Com
puting G
roup P
age 59
ealth ConditionsAdditional
Informationlth Minor health Success
N/A ResponseCode < 400
10 s ResponseTime > 5 s ResponseTime ≤ 5 s
JBoss Web Server
Credentials needed: Authenticated user/password
Pre-requirements: none
Controls performed:
Element type Control name Substate Description Metrics
H
Critical health Warning hea
Web site
Web site Avail-ability
Ensures that the Web site is up & running
ResponseCode ≥ 400 N/A
Web site Response Time
Ensures that the Web site response time is within the correct limits
Response time > 15 s ResponseTime >
Appe
ndix A : Infra
structure Tem
plates
© 20
17 Ta
ngo/04
Com
puting G
roup P
age 60
Health ConditionsAdditional
Informationalth Minor health Success
N/A Response Code < 400
> 10 s ResponseTime > 5 s ResponseTime ≤ 5 s
IBM Http Server
Credentials needed: Authenticated user/password
Pre-requirements: none
Controls performed:
Element type Control name Substate Description Metrics
Critical health Warning he
Web site
Web site Avail-ability
Ensures that the Web site is up & running
Response Code ≥ 400
N/A
Web site Response Time
Ensures that the Web site response time is within the correct limits
- Website Response Time
Response time > 15 s ResponseTime
Appendix A : Infrastructure Templates
A.3.5 Virtualization ServerYou can apply a template to your VMware vCenter server in order to control:
• network usage
• host memory
• host disk
• host CPU
• storage
© 2017 Tango/04 Computing Group Page 61
Appe
ndix A : Infra
structure Tem
plates
© 20
17 Ta
ngo/04
Com
puting G
roup P
age 62
ening on port 8080 so access from the ThinkServer host to the
alth ConditionsAdditional
InformationMinor health Success
768 Network usage > 49152 bps
Network usage ≤ 16384 bps
% Memory usage > 75% Memory usage ≤ 75%
Memory usage % > 75% Memory usage % ≤ 75%
Disk usage > 32768 bytes
Disk usage ≤ 32768 bytes
N/A Latency = 0
CPU usage > 75% CPU usage ≤ 75%
5% Datastore usage > 80% Datastore usage ≤ 80%
VMware vCenter
Credentials needed: Telnet or SSH (Public Key) or SSH (User/Password)
Pre-requirements: User with system.view permissions in the virtual environment, by default the Web service is list
IP and port being used by the Web service is needed, recommended software: vSphere Client.
Controls performed:
Element type Control name Substate Description Metrics
He
Critical health Warning health
Host
Host Network monitor
Ensures that the net-work interface usage is within the correct limits
- Network Usage (abso-lute)
Network usage > 49152 bps
Network usage > 32bps
Host Memory monitor
Ensures that the host memory is within the correct limits
- Memory usage percent
Memory usage > 85% Memory usage > 80
Host Swap Memory Monitor
Ensures that the host swap memory is within the correct limits
Memory usage % > 85% Memory usage % >80%
Host Disk monitor
Ensures that the host disk I/O rate is within the correct limits
- Disk Usage (aggregated disk I/O rate)
Disk usage > 131072 bytes
Disk usage > 65536bytes
Host Disk Latency
Ensures that the host disk Latency is within the correct limits
Latency > 0 N/A
Host CPU monitor
Ensures that the host CPU usage is within the correct limits
- CPU Usage percent
CPU usage > 85% CPU usage > 80%
DatastoreStorage monitor
Ensures that the datastore usage is within the correct limits
- Datastore usage percent
Datastore usage > 90% Datastore usage > 8
Appendix B : Configurable Controls
Appendix BAppendix B: Configurable Controls
Many of the controls you can have over standalone applications are configurable. The following table
lists the controls that can be configured for any generic standalone application.
© 2017 Tango/04 Computing Group Page 63
Appe
ndix B : C
onfigurab
le Con
trols
© 20
17 Ta
ngo/04
Com
puting G
roup P
age 64
Health Conditions
Release Version
Additional Information Warning
healthMinor health
Success
al N/A N/A Result ==True
1.1
-
oldt > t-
old
(Result < MinResult-Warn-ingThreshold) or (Result > MaxResult-Warn-ingThreshold)
(Result < MinResult-MinorThreshold) or (Result > MaxRe-sultMi-norThreshold)
(Result >= MinResult-MinorThreshold) and (Result <= MaxRe-sultMi-norThreshold)
1.1
-
-pC
sh-
Response-Time > Generic-Databas-eResponseTime_WarningThreshold
Response-Time <= Generic-Databas-eResponseTime_WarningThreshold
1.2 SP1
N/A N/A Expected
Result found
1.2
N/A N/A Expected
Result found
1.2
Control name Substate DescriptionConfigur-able Parameters
Credentials needed
Pre-requirements ExampleCriticalhealth
Generic Data-base Query (Availability Check)
Checks if queries can be per-formed
Query Database DSN
ODBC user with permis-sions to execute the query
Select * from TABLE WHERE Name=’Test’
Result==Fse
Generic Data-base Query (Performance Metric)
Checks the numerical result retrieved by a query and compares it against some thresholds
Query Database DSN
ODBC user with permis-sions to execute the query
Select NumItera-tions from TABLE WHERE Opera-tion=’Locks’
(Result < MinResultCriti-calThresh) or (ResulMaxResulCriti-calThresh)
Generic Data-base Query (Response Time Check)
Checks if a query can be per-formed with a correct response time.
Query Database DSN
ODBC user with permis-sions to execute the query
Select NumItera-tions from TABLE WHERE Operation=’ Locks’
ResponseTime > GenericDatabaseResonseTime_riticalThreold
Web Service Availability (no WSDL)
Checks if a Web ser-vice is avail-able
SOAP Enve-lope,SOAP Action, WebService URL, Regex to validate the expected result
none Access to the Web Service Expected Result notfound
Web Service Availability (WSDL)
Checks if a Web ser-vice is avail-able
SOAP Envelope or WS call parameters list,SOAP Method, WebService URL, Web Ser-vice WSDL path, Regex to validate the expected result
Authenti-cated user/password (optional)
Access to the Web service Expected Result notfound
Appe
ndix B : C
onfigurab
le Con
trols
© 20
17 Ta
ngo/04
Com
puting G
roup P
age 65
N/A N/A no Line 1.1
-
oldt > t-
old
(Result < MinResult-Warn-ingThreshold) or (Result > MaxResult-Warn-ingThreshold)
(Result < MinResult-MinorThreshold) or (Result > MaxRe-sultMi-norThreshold)
(Result >= MinResult-MinorThreshold) and (Result <= MaxRe-sultMi-norThreshold)
1.1
Health Conditions
Release Version
Additional Information Warning
healthMinor health
Success
Generic Log Reader (Errors in the last X min Check)
Searches for an error with a pattern inside a text file. If any line is found in the last X minutes, a critical mes-sage is sent. In any other case, suc-cess.
FolderPath, LogErrorPat-tern (regular expression), LogName, Min-utes
Windows: Windows userLinux/Unix: Telnet or SSH (public key) or SSH (user/pass-word)
Windows: When connect-ing to a remote Windows host (a file server, domain controller, workstation, etc.), File System ThinAgents use the SMB (Server Message Block) protocol to communi-cate with the host. In this case there are two options: Share the remote folder as a network resource, and then connect to it with a granted user; Use an administrator account and connect directly to the remote folder without the need to manually share the resource (the server must have administrative share enabled).Linux: access to SSH port (22 by default)
check for: “.*error.*” lines
Line
Generic Log Reader (Per-formance Met-ric)
Checks a number in a line match-ing a pattern
FolderPath, LogNumericRe-sultPattern (reg-ular expression), LogName
Windows: Windows userLinux/Unix: Telnet or SSH (public key) or SSH (user/pass-word)
Windows: When connect-ing to a remote Windows host (a file server, domain controller, workstation, etc.), File System ThinAgents use the SMB (Server Message Block) protocol to communi-cate with the host. In this case there are two options: Share the remote folder as a network resource, and then connect to it with a granted user; Use an administrator account and connect directly to the remote folder without the need to manually share the resource (the server must have administrative share enabled).Linux: access to SSH port (22 by default)
check for: “.*Number of files: (\d+) .*”
(Result < MinResultCriti-calThresh) or (ResulMaxResulCriti-calThresh)
Control name Substate DescriptionConfigur-able Parameters
Credentials needed
Pre-requirements ExampleCriticalhealth
Appe
ndix B : C
onfigurab
le Con
trols
© 20
17 Ta
ngo/04
Com
puting G
roup P
age 66
(ExitCode <> 0) and (not Com-mandOut-put)
ExitCode <> 0
True 1.1
N/A N/A String found in result
1.1
Health Conditions
Release Version
Additional Information Warning
healthMinor health
Success
Generic Cus-tom Com-mand (Execution Check)
Checks if a command can be remotely executed
Command to execute
Windows: Windows userLinux/Unix: Telnet or SSH (public key) or SSH (user/pass-word)
Windows: When connect-ing to a remote Windows host (a file server, domain controller, workstation, etc.), File System ThinAgents use the SMB (Server Message Block) protocol to communi-cate with the host. In this case there are two options: Share the remote folder as a network resource, and then connect to it with a granted user; Use an administrator account and connect directly to the remote folder without the need to manually share the resource (the server must have administrative share enabled).Linux: access to SSH port (22 by default)
netstat -ano | findstr /r ".*0.0.0.0:80[^0-9].*" | findstr LIS-TENING
(ExitCode<> 0) and (not Com-mandOut-put)
Generic Cus-tom Com-mand (Boolean Result Check)
Checks if a string is present in the com-mand output
Command to execute, String to find in result
Windows: Windows userLinux/Unix: Telnet or SSH (public key) or SSH (user/pass-word)
Windows: When connect-ing to a remote Windows host (a file server, domain controller, workstation, etc.), File System ThinAgents use the SMB (Server Message Block) protocol to communi-cate with the host. In this case there are two options: Share the remote folder as a network resource, and then connect to it with a granted user; Use an administrator account and connect directly to the remote folder without the need to manually share the resource (the server must have administrative share enabled).Linux: access to SSH port (22 by default)
netstat -ano | findstr /r ".*0.0.0.0:80[^0-9].*" | findstr LIS-TENING
String not found in result
Control name Substate DescriptionConfigur-able Parameters
Credentials needed
Pre-requirements ExampleCriticalhealth
Appe
ndix B : C
onfigurab
le Con
trols
© 20
17 Ta
ngo/04
Com
puting G
roup P
age 67
-
oldt > t-
old
(Result < MinResult-Warn-ingThreshold) or (Result > MaxRexult-Warn-ingThreshold)
(Result < MinResult-MinorThreshold) or (Result > MaxRe-sultMi-norThreshold)
(Result >= MinResult-MinorThreshold) and (Result <= MaxRe-sultMi-norThreshold)
1.1
-
oldt > t-
old
(Result < MinResult-Warn-ingThreshold) or (Result > MaxRexult-Warn-ingThreshold)
(Result < MinResult-MinorThreshold) or (Result > MaxRe-sultMi-norThreshold)
(Result ≥ MinResult-MinorThreshold) and (Result ≤ MaxRe-sultMi-norThreshold)
1.2 SP1
Health Conditions
Release Version
Additional Information Warning
healthMinor health
Success
Generic Cus-tom Com-mand (Performance Metric)
Checks a number in a command output matching a pattern
Command to execute, Numeric result pattern (regex matching the result)
Windows: Windows userLinux/Unix: Telnet or SSH (public key) or SSH (user/pass-word)
Windows: When connect-ing to a remote Windows host (a file server, domain controller, workstation, etc.), File System ThinAgents use the SMB (Server Message Block) protocol to communi-cate with the host. In this case there are two options: Share the remote folder as a network resource, and then connect to it with a granted user; Use an administrator account and connect directly to the remote folder without the need to manually share the resource (the server must have administrative share enabled).Linux: access to SSH port (22 by default)
"Command: netstat -sp tcpPattern: .*Active Opens\s+\=\s+(\d+).*"
(Result < MinResultCriti-calThresh) or (ResulMaxResulCriti-calThresh)
Generic iSeries Cus-tom Com-mand (Performance Metric)
Checks a number in a command output result
TableCreation-Commands, RetrievalState-ment, PostRe-trievalCommands
iSeries: iSeries ODBC
iSeries, Permissions to exe-cuted the desired command
TableCre-ationCom-mands: DSPOBJD OBJ(QGPL/*ALL) OBJ-TYPE(*ALL) OUT-PUT(*OUT-FILE) OUT-FILE(QTEMP/GRESULT)
Retrieval-Statement: SELECT * from QTEMP.GRESULT
PostRetriev-alCom-mands:
(Result < MinResultCriti-calThresh) or (ResulMaxResulCriti-calThresh)
Control name Substate DescriptionConfigur-able Parameters
Credentials needed
Pre-requirements ExampleCriticalhealth
Appe
ndix B : C
onfigurab
le Con
trols
© 20
17 Ta
ngo/04
Com
puting G
roup P
age 68
-
oldt > t-
old
(Result < MinResult-Warn-ingThreshold) or (Result > MaxResult-Warn-ingThreshold)
(Result < MinResult-MinorThreshold) or (Result > MaxRe-sultMi-norThreshold)
(Result >= MinResult-MinorThreshold) and (Result <= MaxRe-sultMi-norThreshold)
1.1
N/A N/A String found in result
1.4.0.30000
-
oldt > t-
old
(Result < MinResult-Warn-ingThreshold) or (Result > MaxResult-Warn-ingThreshold)
(Result < MinResult-MinorThreshold) or (Result > MaxRe-sultMi-norThreshold)
(Result >= MinResult-MinorThreshold) and (Result <= MaxRe-sultMi-norThreshold)
1.1
Health Conditions
Release Version
Additional Information Warning
healthMinor health
Success
Generic SNMP Check (Performance Metric)
Compares the retrieved result with some thresholds
OID SNMP v1/v2, SNMP v3
Read-only community strings, Recommended soft-ware: MIBBrowser (http://ireasoning.com/mib-browser.shtml) or getif
10.1024.01.2.3025: 451
(Result < MinResultCriti-calThresh) or (ResulMaxResulCriti-calThresh)
Generic SNMP Check (Boolean)
Checks if a string is present in the com-mand out-put.
OID,String to find in result
SNMP v1/v2, SNMP v3
Read-only community strings, Recommended Software: MIBBrowser (http://ireasoning.com/mib-browser.shtml) or getif
10.1024.01.2.3025: 'Ok'
String not found in result
Generic Folder Check (Number of Files in Folder)
Checks if the number of files in a folder is cor-rect
Folder path, Excluded files
Windows: Windows userLinux/Unix: Telnet or SSH (public key) or SSH (user/pass-word)
Windows: When connect-ing to a remote Windows host (a file server, domain controller, workstation, etc.), File System ThinAgents use the SMB (Server Message Block) protocol to communi-cate with the host. In this case there are two options: Share the remote folder as a network resource, and then connect to it with a granted user; Use an administrator account and connect directly to the remote folder without the need to manually share the resource (the server must have administrative share enabled).Linux: access to SSH port (22 by default)
C:\Sys-tem\path
(Result < MinResultCriti-calThresh) or (ResulMaxResulCriti-calThresh)
Control name Substate DescriptionConfigur-able Parameters
Credentials needed
Pre-requirements ExampleCriticalhealth
Appe
ndix B : C
onfigurab
le Con
trols
© 20
17 Ta
ngo/04
Com
puting G
roup P
age 69
ble N/A N/A Available 1.1
>
old
AgeOfFile > Max-Warn-ingThreshold
AgeOfFile > MaxMi-norThresh-old
AgeOfFile <= MaxMi-norThresh-old
1.1
Health Conditions
Release Version
Additional Information Warning
healthMinor health
Success
Generic Folder Check (Availability)
Checks if a folder is available
Folder path Windows: Windows userLinux/Unix: Telnet or SSH (public key) or SSH (user/pass-word)
Windows: When connect-ing to a remote Windows host (a file server, domain controller, workstation, etc.), File System ThinAgents use the SMB (Server Message Block) protocol to communi-cate with the host. In this case there are two options: Share the remote folder as a network resource, and then connect to it with a granted user; Use an administrator account and connect directly to the remote folder without the need to manually share the resource (the server must have administrative share enabled).Linux: access to SSH port (22 by default)
Not availa
Generic Folder Check (Old Files in Folder)
Checks if there are any files older than the thresh-old in the selected folder
Folder path, Excluded files, Included Files
Windows: Windows userLinux/Unix: Telnet or SSH (public key) or SSH (user/pass-word)
Windows: When connect-ing to a remote Windows host (a file server, domain controller, workstation, etc.), File System ThinAgents use the SMB (Server Message Block) protocol to communi-cate with the host. In this case there are two options: Share the remote folder as a network resource, and then connect to it with a granted user; Use an administrator account and connect directly to the remote folder without the need to manually share the resource (the server must have administrative share enabled).Linux: access to SSH port (22 by default)
C:\Sys-tem\path
AgeOfFileMaxCriti-calThresh
Control name Substate DescriptionConfigur-able Parameters
Credentials needed
Pre-requirements ExampleCriticalhealth
Appe
ndix B : C
onfigurab
le Con
trols
© 20
17 Ta
ngo/04
Com
puting G
roup P
age 70
>
old
<
old
SizeOfFile > Max-Warn-ingThresholdor SizeOfFile < Min-Warn-ingThreshold
SizeOfFile > MaxMi-norThresh-oldor SizeOfFile < MinMi-norThresh-old
SizeOfFile ≤ MaxMi-norThresh-oldand SizeOfFile ≥ MinCriti-calThresh-old
1.3
ble N/A N/A Available 1.1
N/A N/A No Trap 1.2 SP1
Health Conditions
Release Version
Additional Information Warning
healthMinor health
Success
Generic Folder Check (Size of Files in Folder)
Checks if there are any files with an incorrect size in the selected folder.
Folder path, Excluded files, Included Files
Windows: Windows userLinux/Unix: Telnet or SSH (public key) or SSH (user/pass-word)
Windows: When connect-ing to a remote Windows host (a file server, domain controller, workstation, etc.), File System ThinAgents use the SMB (Server Message Block) protocol to communi-cate with the host. In this case there are two options: Share the remote folder as a network resource, and then connect to it with a granted user; Use an administrator account and connect directly to the remote folder without the need to manually share the resource (the server must have administrative share enabled).Linux: access to SSH port (22 by default)
C:\Sys-tem\path
SizeOfFileMaxCriti-calThreshor SizeOfFileMinCriti-calThresh
Web Availabil-ity
Checks if a Web site is available
Web site URL Authenti-cated user/password (optional)
Access to the Web site http://www.tango04.com
Not availa
Generic SNMP Trap (Errors Collec-tor)
Searches for an error with a pattern inside an SNMP Trap. If any trap is received in the last X minutes, a critical mes-sage is sent. In any other case, suc-cess.
Enterprise-SpecificOID, MinutesWithou-tError, TrapEr-rorPattern
check for: “.*error.*” traps
Trap
Control name Substate DescriptionConfigur-able Parameters
Credentials needed
Pre-requirements ExampleCriticalhealth
Appe
ndix B : C
onfigurab
le Con
trols
© 20
17 Ta
ngo/04
Com
puting G
roup P
age 71
Health Conditions
Release Version
Additional Information Warning
healthMinor health
Success
-
oldt > t-
old
Result < MinResult-Criti-calThreshold) or (Result > MaxResult-Criti-calThreshold)
Result < MinResult-MinorThreshold) or (Result > MaxRe-sultMi-norThreshold)
Result ≥ MinResult-MinorThreshold) or (Result ≤ MaxRe-sultMi-norThreshold)
4
N/A N/A String not found in result
4
-
oldt > t-
old
Result < MinResult-Criti-calThreshold) or (Result > MaxResult-Criti-calThreshold)
Result < MinResult-MinorThreshold) or (Result > MaxRe-sultMi-norThreshold)
Result ≥ MinResult-MinorThreshold) or (Result ≤ MaxRe-sultMi-norThreshold)
4.0.2
N/A N/A String not found in result
4.0.2
Control name Substate DescriptionConfigur-able Parameters
Credentials needed
Pre-requirements ExampleCriticalhealth
Generic JMX Request (Numeric Check)
Compares the retrieved result with some thresholds
- Object Name- Attribute Name
JMX digital certificate
Object Name: jboss.ws:ser-vice=Server-ConfigAttribute Name: Web-ServicePort
Result: 8080
(Result < MinResultWarn-ingThresh) or (ResulMaxResulWarn-ingThresh)
Generic JMX Request (Boolean Check)
Checks if a string is present in the com-mand output
-Object Name-Attribute Name-String to find in result
JMX digital certificate
Object Name: java.lang:type=RuntimeAttribute Name: VMName
Result: Java Hot-Spot(TM) 64-Bit Server VM
String not found in result
Generic Web Adapter (Numeric Check)
Compares the retrieved result with some thresholds
-Website URL-Website Adapter Result Pattern
-Authenti-cated user/password (optional)
(Result < MinResultWarn-ingThresh) or (ResulMaxResulWarn-ingThresh)
Generic Web Adapter (Boolean Check)
Checks if a string is present in the com-mand output
-Website URL-String to find in result
-Authenti-cated user/password (optional)
String not found in result
Appendix C : Configuring an SSL Connection for IBM i
Appendix CAppendix C: Configuring an SSL Connection for IBM i
The latest version of Alignia Monitoring nodes for iSeries collectors are compatible with SSL
connections. By default, newer connections are connected through SSL> However, before we can
create secure connections, we must create a pair of certificates between systems.
C.1 Creating the Server Certificate on iSeriesTo create certificates on iSeries Systems you must run Digital Certificate Manager (DCM). You can
access DCM on the following url: http://[SYSTEMS_NAME]:2001/QIBM/ICSS/Cert/Admin/
qycucm1.ndm/main0. Once logged in, this page is visible:
Here, you Select a Certificate Store that you want to work on. For more information on creating a
Certificate Store, please follow this link:
http://www-01.ibm.com/support/docview.wss?uid=nas8N1010311.
Next, you have to create a new certificate if one does not already exist. Click on Create Certificate,
select Server or client certificate and then Local Certificate Authority (CA).
© 2017 Tango/04 Computing Group Page 72
Appendix C : Configuring an SSL Connection for IBM i
This form must be completed in order to create a certificate. There are some restrictions:
• Certificate label: This can be whatever you want, but it must be unique and different to any
other certificate.
• State or province: A 3 or more characters abbreviation for the state/province name.
• Country or region: A 2 characters abbreviation for the country/region.
You can ignore the Subject Alternative Name as it is not needed for SSL.
You should receive a confirmation message saying Your certificate was created and placed in the
certificate store listed below.
You now have to select which applications will use this certificate. For the monitors, you must select
Remote Command Server and Signon Server.
The certificate has now been created. You must now export the certificate.
C.2 Exporting the Server Certificate from iSeriesOn the left menu, select Manage Certificates > Export certificate. Then select Server or client.
Select the certificate that was just created and then select File, as it needs to be imported onto the other
system.
Enter the path to which the certificate should be exported. It is important to name the file with .pfx as the
extension. The password can be whatever you like.
Export the file using IBM Navigator or any FTP program.using binary mode. For more information on
how to export certificates, please follow this link:
http://www-01.ibm.com/support/docview.wss?uid=nas8N1011921
© 2017 Tango/04 Computing Group Page 73
Appendix C : Configuring an SSL Connection for IBM i
C.3 Importing the Server Certificate and exporting the Client Certificate You can install the Server certificate on the Windows system by directly importing it. However, some
systems may need additional steps in order to connect properly.
Use the Java keytool in the same directory in which Java is running. You need to create a keystore by
running the following command:
keytool -genkey -alias alias -keylag RSA -keypass pass -storepass pass -keystore keystore.jks
Change the red parameters with the ones you require. You must now complete the options. For first and
last name parameters, you must enter the server name, not your own name. It must be the same
system on which Java System i Server is running.
Now, to export the client certificate, run this command:
keytool -export -alias alias -storepass pass -file certificate.cer -keystore keystore.jks
For more information regarding this tool, please follow this link:
http://docs.oracle.com/javase/6/docs/technotes/tools/solaris/keytool.htm
You now have a .cer file that must be imported on the iSeries. This can be done with IBM Navigator or
any FTP program.
C.4 Importing the Client Certificate to iSeriesOn the Digital Certificate Manager, click on Manage Certificates > Import certificate.
Select Certificate Authority (CA) and enter the path and filename of the certificate file. Now specify a
label for the certificate, remembering that it must be unique. You should receive the message ‘The
certificate has been imported.’
Verify that the certificate is imported correctly by going to Manage Certificates > View Certificate >
Certificate Authority (CA).
© 2017 Tango/04 Computing Group Page 74
Appendix D : IBM WebSphere Application Server
Appendix DAppendix D: IBM WebSphere Application Server
D.1 Requirements In order for WebSphere Application Server Operations Alignia Collectors to retrieve data, WebSphere
Application Server must be configured to generate the necessary information:
• The Performance Monitoring Infrastructure (PMI) must be activated on WebSphere
• The appropriate service must be active.
These requirements are discussed in the sections below.
D.1.1 Activating PMI
To activate PMI complete the following steps:
Step 1. Start the WebSphere server to configure.
Step 2. Access the administration console with the administrator User ID and Password:
http://my _webSphere_host:my_port/ibm/console
By default the Administrative Console port is 9060.
© 2017 Tango/04 Computing Group Page 75
Appendix D : IBM WebSphere Application Server
Figure 7 – Profile Management Tool
Step 3. Activate PMI (the example used here is for WebSphere 6.0.2. The access route may
vary for other versions)
In the menu bar on the left, click Servers (1) and then select Application Servers (2)
Figure 8 – Selecting Application Servers
Click the server on which to configure PMI data collection (3)
Scroll to the Performance section.
Select Performance Management Infrastructure (PMI) (4)
© 2017 Tango/04 Computing Group Page 76
Appendix D : IBM WebSphere Application Server
Figure 9 – Performance Management Infrastructure
Open the Configuration tab. Select Enable Performance Monitoring Infrastructure
(PMI). In the section Currently monitored statistic set select the option All (5).
Figure 10 – Server Configuration
© 2017 Tango/04 Computing Group Page 77
Appendix D : IBM WebSphere Application Server
Using Garbage Collector
Garbage Collector uses a different method to activate JMX
To enable Garbage Collector:
Step 1. In the menu bar on the left, click Servers (1) and then select Application Servers (2)
Click the server on which to configure PMI data collection (3)
Figure 11 – Select Application Server
Step 2. Scroll to the Server Infrastructure section.
Select Process Definition (4)
Figure 12 – Java and Process Management: Process Definition
Step 3. In the Additional Properties section select Java Virtual Machine (5).
Note In order to keep performance up, Garbage Collector is disabled by default. Activating
Garbage Collector will downgrade performance because extra parameters are added to JVM
startup.
© 2017 Tango/04 Computing Group Page 78
Appendix D : IBM WebSphere Application Server
Figure 13 – Process Defintion Properties
Step 4. Use the Generic JVM arguments field to enable garbage collector. The value you must
enter depends on the WebSphere version and platform.
For example, for version 6.1 and distributed platforms (Windows, Linux) enter: -agentlib:pmiJvmtiProfiler
For version 6.1 and platform i5/OS enter: -agentlib:QWASJVMTI
For other versions and platforms search for "Enabling the Java virtual machine profiler
data" in the official documentation. Always make sure this value is entered in the
Executable arguments field before any previously included data, ensuring you do not
overwrite the existing data.
Important It is possible to encounter an error when saving, which requires the Initial Heap Size and
Maximum Heap Size to have valid values; therefore these fields can not be empty.
If this occurs then enter an Initial Heap Size (7) of 50 MB and a Maximum Heap Size (8) of
256 MB. These are the default values for a WebSphere 6.1 installation.
© 2017 Tango/04 Computing Group Page 79
Appendix D : IBM WebSphere Application Server
Figure 14 – General Properties
D.1.2 Configuring security
Securing the system
To secure the system:
Step 1. Enable security
Click Security and select Secure administration, applications, and infrastructure
(1).
Select the Enable administrative security check box (2).
© 2017 Tango/04 Computing Group Page 80
Appendix D : IBM WebSphere Application Server
Figure 15 – Secure administration, applications and infrastructure
Step 2. Create a new user with the necessary permissions to configure the system to ensure it
is correctly secured.
Click Users and Groups and then select Manage Users and click the Create… button.
Figure 16 – Manage Users
Step 3. Complete the fields with the required information.
Figure 17 – Create User
© 2017 Tango/04 Computing Group Page 81
Appendix D : IBM WebSphere Application Server
Step 4. Click Users and Groups and select Administrative User Role (5) and click the Add
button (6).
Figure 18 – Administrative User Roles: Add role
Step 5. Enter the new user in the User field.
Select Monitor from the Roles list box (7) and click Apply (8) and then save the
changes.
Figure 19 – Administrative User Roles: General Properties
Note Any changes made will take effect after restarting the server.
This product will match one WebSphere Node with one user and password, so when a
connection is cached, it is fixing a user to monitor. Once cached, it is not possible to change
to another valid user. you will be required to stop the service, monitors, and delete the cache
file if you wish to change to another user.
© 2017 Tango/04 Computing Group Page 82
Appendix E : Configuring IBM WebSphere MQ SSL Connections
Appendix EAppendix E: Configuring IBM WebSphere MQ SSL Connections
E.1 Initial stepsIBM WebSphere MQ Clients (latest supported/tested version is V7.5) must be installed in the Windows
server where Alignia monitoring node (ThinkServer) is running.
E.2 IBM i ConfigurationGo to the IBMi and find a Queue Manager to use for connections. Run command WRKMQM on IBMi to
return the following:
From this point onwards we will use MANAGER1.CONSOLE as Queue Manager
Return to WRKMQM and use option 27=Work with Listeners for MANAGER1.CONSOLE. There you
can find or create a Listener. The Listener must be active in a specific port. You should see a sreen
similar to:
© 2017 Tango/04 Computing Group Page 83
Appendix E : Configuring IBM WebSphere MQ SSL Connections
From this point onwards we will use LISTENERTCP as Listener.
E.2.1 AuthorizationsAs Alignia monitoring node (ThinkServer) runs as a Windows Service, IBMi receives as user SYSTEM
for connections. So first of all you must create a IBM *USRPRF named SYSTEM on the IBMi.
Then you must give the following authorizations:
MANAGER1.CONSOLE Queue Manager, *ALL access to user SYSTEM. To return to WRKMQM, use
option 24=Work with Authorities for MANAGER1.CONSOLE.
Find MANAGER1.CONSOLE *MQM, and use option 12=Work with profile.
© 2017 Tango/04 Computing Group Page 84
Appendix E : Configuring IBM WebSphere MQ SSL Connections
From here, use function F6=Create to set the authorizations.
E.3 Connecting without SSLFrom WRKQMQ use option 20=Work with Channels and find or create a Channel of type *SVRCN
without SSL enabled by setting the following parameters values:
From this point on we will use NOSSLCHANNEL as Channel.
E.3.1 AuthorizationsIf you do not create any MQ Channel or MQ Queue elements for the WebSphere MQ application to
monitor them specifically is not necessary to give more authorizations.
Even for the Channel NOSSLCHANNEL Channel, which we will use later in the credentials, it is not
necessary to give more authorizations.
© 2017 Tango/04 Computing Group Page 85
Appendix E : Configuring IBM WebSphere MQ SSL Connections
If you need to monitor any MQ Channel or MQ Queue, you need some specific authorizations.
To monitor a channel
From this point onwards we will use MONITOREDCHANNEL as the Channel we want to monitor
To ALL Channels, not only to the ones you are going to monitor, you need *ADMDSP and *ADMCRT
access to user SYSTEM. Run command:
GRTMQMAUT OBJ(*ALL) OBJTYPE(*CHL) USER(SYSTEM) AUT(*ADMDSP *ADMCRT)
If you only want to give access to the Channel you are going to monitor, follow these steps:
To MONITOREDCHANNEL Channel, *ADMDSP and *ADMCRT access to user SYSTEM. Return to
WRKMQM and use option 24=Work with Authorities for MANAGER1.CONSOLE
Find MONITOREDCHANNEL *CHL, and use option 12=Work with profile
Note This last step may not be necessary in all WebSphere MQ versions. It may appear to be an
error, because when monitoring Queues, you do not need this special step.
© 2017 Tango/04 Computing Group Page 86
Appendix E : Configuring IBM WebSphere MQ SSL Connections
At this point, you have to use function F6=Create to set the authorizations.
To monitor a queue
From this point onwards we will use MONITOREDQUEUE as the Queue we want to monitor
To grant MONITOREDQUEUE Queue, *ADMDSP and *ADMCRT access for user SYSTEM. Return to
WRKMQM and use option 24=Work with Authorities for MANAGER1.CONSOLE.
Find MONITOREDQUEUE *Q, and use option 12=Work with profile.
At this point you have to use function F6=Create to set the authorizations.
© 2017 Tango/04 Computing Group Page 87
Appendix E : Configuring IBM WebSphere MQ SSL Connections
E.3.2 Credentials in OrchestratorFinally, you have to create the following credential in Orchestrator to make the monitors work:
Create a WebSphere MQ type credential with parameters:
• Port: The port of the previously configured LISTENERTCP Listener
• Queue manager name: MANAGER1.CONSOLE
• SRVCONN name: NOSSLCHANNEL
The rest of parameters must be left empty:
© 2017 Tango/04 Computing Group Page 88
Appendix E : Configuring IBM WebSphere MQ SSL Connections
E.4 Connecting with SSLFrom WRKQMQ use option 20=Work with Channels and find/create a Channel of type *SVRCN
without SSL enabled by setting the following parameter values:
From this point onwards we will use SSLCHANNEL as Channel.
E.4.1 Configuring SSL Certificates Create IBMi Certificate
From this point onwards we will use IBMi as the IBM name/ip address,
Start DCM (Digitial Certificate Manager). Open http://IBMi:2001, and go to Digital Certificate Manager
At DCM you have to select/create a Certificate Store. Follow these example with a newly created
Certificate Store. More information about Stores creation can be found at: http://www-01.ibm.com/
support/docview.wss?uid=nas8N1010311.
Select option Create New Certificate Store in the left menu and select option Other System
Certificate Store.
© 2017 Tango/04 Computing Group Page 89
Appendix E : Configuring IBM WebSphere MQ SSL Connections
In the next screen select the option to Create a certificate in the certificate store.
On the next screen you should see that Certificate type is “Server or Client” and you should also be
able to select the Certificate Authority. Use Local Certificate Authority (CA), as you are using a self-
signed certificate. More information on certificate creation can be found at: http://www-01.ibm.com/
support/docview.wss?uid=nas8N1010321.
A form will be displayed to create a new Certificate Store with a Certificate.
© 2017 Tango/04 Computing Group Page 90
Appendix E : Configuring IBM WebSphere MQ SSL Connections
Complete the following fields:
• Certificate Label: You can complete this with any name, as long as it is unique in the entire
IBMi. We will use IBMiCertificate1 in this example.
• Certificate store path and filename: You should select a valid ifs path and any name not
previously used. We will use /QIBM/USERDATA/MQM/qmgrs/MANAGER1.CONSOLE/ssl/
IBMiCertificate1.kdb in this example
• Certificate store password
• Confirm password
• Common name: We will use IBMi.manager1.console (from our IBMi name and Queue
manager name)
• Organization name
• State or Province
• Country or Region.
© 2017 Tango/04 Computing Group Page 91
Appendix E : Configuring IBM WebSphere MQ SSL Connections
If everything completes successfully you should receive a message like this:
Export IBMi Certificate and add it to system where Alignia Monitoring node is installed
In the DCM left menu, select option Select a Certificate Store and Other System Certificate Store to
go to the Store that has just been created.
On next screen, select the Certificate Store path, file name and password
© 2017 Tango/04 Computing Group Page 92
Appendix E : Configuring IBM WebSphere MQ SSL Connections
Now go to Manage Certificates > Export certificate. Select Server or client.
On the next screen, select the certificate to export (IBMiCertificate1 in our example).
We will now export it to a file, which we will move to the Windows system where Alignia monitoring node
is installed.
© 2017 Tango/04 Computing Group Page 93
Appendix E : Configuring IBM WebSphere MQ SSL Connections
As the “Export to File name” use the same name as the certificate store (*.kdb) but with extension pfx.
In our example we select:
/QIBM/USERDATA/MQM/qmgrs/MANAGER1.CONSOLE/ssl/IBMiCertificate1.pfx
Finally, set authorizations to these files from use IBM Navigator for i:
© 2017 Tango/04 Computing Group Page 94
Appendix E : Configuring IBM WebSphere MQ SSL Connections
Here, the certificate store file (IBMiCertificate1.kdb) must have read and execution permissions for
QMQMADM user. Add them by using right-click > Permissions.
Note that the new kdb file generated (in this case iSeries2.kdb) must have read and execute
permissions for the Qmqmadm group. This is granted from IBM Navigator for i. Right-click on the file
and click Permissions. In the new window click on the corresponding boxes.
© 2017 Tango/04 Computing Group Page 95
Appendix E : Configuring IBM WebSphere MQ SSL Connections
Go to Windows System where Alignia monitoring node is installed.
Copy file IBMiCertificate1.pfx to the Windows system. This can be done from Windows Explorer and
also from FTP (if you use FTP, select BIN mode).
Open IBM WebSphere MQ > IBM Key Management on the Alignia Windows system.
Create a new key Database file to import the Certificate from IBMi (IBMiCertificate1.pfx). In this
example we will call it IBMiCertificateAlignia.kdb.
Click OK. You need to insert a password for the Key Database File and check option to Stash
password to a file.
© 2017 Tango/04 Computing Group Page 96
Appendix E : Configuring IBM WebSphere MQ SSL Connections
For the Key Database File created, select from the drop-down menu Personal Certificates option and
use the Import button to open the (IBMiCertificate1.pfx) file. On the Import dialog, set Key file type:
PKCS12 and use Browse to select IBMiCertificate1.pfx file.
Upon clicking OK you are prompted for the password selected when creating the Certificate on the DCM
for the IBMi.
A new screen with all the certificates contained in the .pfx file is displayed. Select the personal certificate
(it will have the label you selected when created it on the IBMi DCM ibmicertificate1), not the Certificate
Authority:
© 2017 Tango/04 Computing Group Page 97
Appendix E : Configuring IBM WebSphere MQ SSL Connections
The IBMi server certificate iis now contained in an IBMiCertificateAlignia.kdb file. Extract this
certificate to add it to the Certificate Store of the client (by client we refer to Alignia monitoring node. We
have not selected this store yet, but we will do it later).
Use Extract Certificate, from the just imported Personal Certificate ibmicertificate1.
Note When prompted, do not change the label.
© 2017 Tango/04 Computing Group Page 98
Appendix E : Configuring IBM WebSphere MQ SSL Connections
Create the client Certificate Store. We will call it AligniaMonitoringNodeCertificate1.kdb .
After clicking OK, specify a password and select option Stash password to a file.
© 2017 Tango/04 Computing Group Page 99
Appendix E : Configuring IBM WebSphere MQ SSL Connections
Select Signer Certificates, click Add to import ibmicertificate1.arm file extracted previously.
When requested for a label for the certificate use ibmicertificate1.
The import of IBMi certificate in the Alignia Windows system is now complete.
Export Alignia Monitoring node Certificate and add it to IBMi system
From IBM Key Management on Alignia windows system, open
AligniaMonitoringNodeCertificate1.kdb key database file.
Select Personal Certificates and click on New Self-Signed.
© 2017 Tango/04 Computing Group Page 100
Appendix E : Configuring IBM WebSphere MQ SSL Connections
It is mandatory to use label for the certificate ibmwebspheremqsystem. We must use always
ibmwebspheremq + [name of the user we will use for the connection, in other words “system”] all
lowercase.
ibmwebspheremqsystem is the client certificate to be sent to the IBMi. Select it and click on Export/
Import.
Select PKCS12 as Key File Type and AligniaMonitoringNodeCertificate1.p12.
Important Leave the "Common Name" attribute set at its default value, except if you are running IBM
Key Management in a different system from Alignia Monitoring Node. In this case you should
change Common Name to the system where Alignia Monitoring Node is.
© 2017 Tango/04 Computing Group Page 101
Appendix E : Configuring IBM WebSphere MQ SSL Connections
After clicking OK, specify a password and check option to Stash password to a file.
Now copy this file to an ifs folder. Use the same folder in which you created all the other certificates for
the iSeries. You can do it from Windows Explorer and also from FTP (if you use FTP, select BIN mode)
Return to DCM (Digital Certificate Manager) on http://IBMi:2001.
Go to the left menu Manage Certificates -> Import certificate. Select option Certificate Authority
(CA).
On the next screen, insert the path and file name of the client certificate to import. In our example this is
/QIBM/USERDATA/MQM/QMGRS/MANAGER1.CONSOLE/SSL/
AligniaMonitoringNodeCertificate1.p12
Note Review that you are working with the proper Certificate Store (IBMiCertificate1.kdb).
© 2017 Tango/04 Computing Group Page 102
Appendix E : Configuring IBM WebSphere MQ SSL Connections
You will be prompted for a password. You must specify the one you selected when you created the
AligniaMonitoringNodeCertificate1.p12 file.
You should receive a confirmation like this.
You can check that the certificate has been successfully imported from: Manage Certificate > View
Certificate, select option “Server or Client”.
Configuring WebSphere MQ on IBMi to use ssl
Run command WRKMQM and locate MANAGER1.CONSOLE Queue Manager. Use option 2=Change.
© 2017 Tango/04 Computing Group Page 103
Appendix E : Configuring IBM WebSphere MQ SSL Connections
Complete these parameters with the following values:
SSL Key Repository . . . . . . . SSLKEYR > The path and file name of the certificate store:
/QIBM/USERDATA/MQM/QMGRS/MANAGER1.CONSOLE/SSL/IBMICERTIFICATE1
Important: Omit the Extension (.kdb)
SSL Repository Password . . . . SSLKEYRPWD > The password we previously gave to the
Certificate store.
Certificate label . . . . . . . CERTLABEL> The label of the client certificate (ibmwebspheremqsystem
in our example).
Then return to WRKMQM and select option 20=Work with Channels.
Select the previously created Channel SSLCHANNEL and use option 2=Change.
Complete these parameters with the following values:
SSL CipherSpec . . . . . . . . . SSLCIPH > *TLS_RSA_WITH_3DES_EDE_CBC_SHA
SSL Client Authentication . . . SSLCAUTH> *REQUIRED
Finally run command
RFRMQMAUT MQMNAME(MANAGER1.CONSOLE) TYPE(*SSL)
Certificates are now ready.
© 2017 Tango/04 Computing Group Page 104
Appendix F : Contacting Tango/04
Appendix FAppendix F: Contacting Tango/04
EMEA (European, Middle-Eastern & African) Headquarters
Tango/04 Computing Group S.L.
Avda. Meridiana 358, 12 B-C
08027 Barcelona Spain
Phone: +34 93 274 0051
Fax: +34 93 345 1329
www.tango04.com
Latin American Headquarters
Barcelona/04 Computing Group SRL
Avda. Federico Lacroze 2252, Piso 6
1426 Buenos Aires Capital Federal
Argentina
Phone: +54 11 4774-0112
Fax: +54 11 4773-9163
www.barcelona04.com
North America (USA & Canada)
Tango/04 Computing Group USA
PO Box 3301
Peterborough, NH 03458 USA
Phone: 1-800-304-6872
Fax: 858-428-2864
www.tango04.com
Sales Office in Brazil
Tango/04 Computing Group Brasil
Rua Turiassú, 591 - 5º Andar
Perdizes
Cep: 05005-001 São Paulo
Brasil
Phone: +55 (11) 3675 6228
Fax: +51 1 211-2526
www.tango04.com.br
Sales Office in Chile
Barcelona/04 Computing Group Chile
Guardia Vieja 255, Of. 1601
Providencia
Santiago
Chile
Phone: +56 2 234 0898
Fax: +56 2 234 0865
www.barcelona04.com
Sales Office in Columbia
Barcelona/04 Computing Group Colombia
Calle 125 nº 19-89, Piso 5º
Bogotá, D.C.
Colombia
Phone: + 57(1) 658 2664
Fax: +51 1 211-2526
www.barcelona04.com
© 2017 Tango/04 Computing Group Page 105
Sales Office in Peru
Barcelona/04 Computing Group Perú
Calle Isaac Albeniz 555, Dpto 201 Urb
Las Magnolias
San Borja
L 27 Lima
Perú
Phone: +51 1 640-9168
Fax: +51 1 211-2526
www.barcelona04.com
Sales Office in Italy
Tango/04 Computing Group Italy
Viale Garibaldi 51
13100 Vercelli VC Italy
Phone: +39 0161 56922
Fax: +39 0161 259277
www.tango04.it
© 2017 Tango/04 Computing Group Page 106
About Tango/04 Computing Group
Tango/04 Computing Group is one of the leading developers of systems management and automation
software. Tango/04 software helps companies maintain the operating health of all their business
processes, improve service levels, increase productivity, and reduce costs through intelligent
management of their IT infrastructure.
Founded in 1991 in Barcelona, Spain, Tango/04 is an IBM Business Partner and a key member of IBM's
Autonomic Computing initiative. Tango/04 has more than a thousand customers who are served by over
35 authorized Business Partners around the world.
Alliances
Awards
Partnerships IBM Business Partner
IBM Autonomic Computing Business Partner
IBM PartnerWorld for Developers Advanced Membership
IBM ISV Advantage Agreement
IBM Early code release
IBM Direct Technical Liaison
Microsoft Developer Network
Microsoft Early Code Release
© 2017 Tango/04 Computing Group Page 107
Legal Notice
The information in this document was created using certain specific equipment and environments, and it is limited in
application to those specific hardware and software products and version and releases levels.
Any references in this document regarding Tango/04 Computing Group products, software or services do not mean
that Tango/04 Computing Group intends to make these available in all countries in which Tango/04 Computing Group
operates. Any reference to a Tango/04 Computing Group product, software, or service may be used. Any functionally
equivalent product that does not infringe any of Tango/04 Computing Group's intellectual property rights may be used
instead of the Tango/04 Computing Group product, software or service
Tango/04 Computing Group may have patents or pending patent applications covering subject matter in this
document. The furnishing of this document does not give you any license to these patents.
The information contained in this document has not been submitted to any formal Tango/04 Computing Group test
and is distributed AS IS. The use of this information or the implementation of any of these techniques is a customer
responsibility, and depends on the customer's ability to evaluate and integrate them into the customer's operational
environment. Despite the fact that Tango/04 Computing Group could have reviewed each item for accurateness in a
specific situation, there is no guarantee that the same or similar results will be obtained somewhere else. Customers
attempting to adapt these techniques to their own environments do so at their own risk. Tango/04 Computing Group
shall not be liable for any damages arising out of your use of the techniques depicted on this document, even if they
have been advised of the possibility of such damages. This document could contain technical inaccuracies or
typographical errors.
Any pointers in this publication to external web sites are provided for your convenience only and do not, in any
manner, serve as an endorsement of these web sites.
The following terms are trademarks of the International Business Machines Corporation in the United States and/or
other countries: iSeries, iSeriese, iSeries, i5, DB2, e (logo)®Server IBM ®, Operating System/400, OS/400, i5/OS.
Microsoft, SQL Server, Windows, Windows NT, Windows XP and the Windows logo are trademarks of Microsoft
Corporation in the United States and/or other countries. Java and all Java-based trademarks and logos are
trademarks or registered trademarks of Sun Microsystems, Inc. in the United States and/or other countries. UNIX is a
registered trademark in the United States and other countries licensed exclusively through The Open Group. Oracle
is a registered trade mark of Oracle Corporation.
Other company, product, and service names may be trademarks or service marks of other companies.
© 2017 Tango/04 Computing Group Page 108