Enterprise Content Management System Monitor · The JMX monitor application requires a user –...

Enterprise Content Management

System Monitor

How to deploy the JMX monitor application in WebSphere

ND clustered environments

Revision 1.3

CENIT AG Author: Juergen Poiger

25. August 2015

2

CENIT Field Guide „JMX monitor application on WebSphere ND cluster” © CENIT AG 2015

Content

Disclaimer ............................................................................................................................. 4

Overview ............................................................................................................................... 4

Preparation ............................................................................................................................ 6

Virtual Hosts ...................................................................................................................... 6

User account ..................................................................................................................... 8

Deploying the application .....................................................................................................10

Verification ...........................................................................................................................20

SSL certificates – HTTPS .....................................................................................................22

4


Disclaimer

The content of this document is based on ECM SM in version 5.2.0. The descriptions and

guidelines in this document are for informational purposes only. Up-to-dateness, content

completeness, appropriateness and validity for all possible scenarios cannot be guaranteed.

All information is provided on an as-is basis. The author is not liable for any errors or omissions

in this document or any losses, injuries and damages arising from its use.

If you are planning to setup or configure ECM SM or to adjust an existing installation, it is

absolutely necessary to take into account current security whitepapers, release notes and

announcements from the official IBM ECM System Monitor product documentation website.

If you want to notify us about mistakes or improvement suggestions send us a mail to

[email protected].

Overview

This guide provides a description how to deploy the ECM SM JMX monitor application in

WebSphere ND clustered environments. Screenshots are taken from a WAS ND 8.5.5.6

environment.

Goal of the JMX monitoring is to monitor MBeans provided by the JVMs. It provides detailed

information about the status of the backend of the applications without taking load balancing

and webservers into account. Rules and additional monitors can be set up to give a status of

the front end availability of the application. This guide focuses on the backend monitoring.

Below is an example of a possible topology. A WAS ND cell contains two WAS clusters,

each cluster has a cluster node (physical server). On each cluster is a productive application

and the JMX monitor application deployed. On each cluster nodes server (operating system)

is an ECM SM agent installed. The monitoring agent connects to the JMX monitoring

application using the application port.

mailto:[email protected]

5


The environment used for the screenshots contained only one physical node for the cluster

nodes. All cluster members were created on the same node.

The HTTP server farm and availability of the business service through the load balancer is

monitored by an ECM SM agent using the HTTP(S) monitors (WebStatus monitor, PingPage

monitor, …).

6


Preparation

Virtual Hosts

To simplify the deployment process depending on the way the web applications are set up,

creating a virtual host for the JMX monitor application is recommended unless the

“default_host “ is used for the applications.

The virtual host for the JMX monitor application should contain all application ports for all

nodes (secure and unsecure where applicable). For the shown example topology it would be

e.g.:

Virtual host “ECMSM_JMX_host”

Host aliases:

Host Name Port

* 9080

* 9081

7


8


User account

The JMX monitor application requires a user – role mapping to be able to access the

MBeans. The minimum role for this task is “Auditor”. Prepare a user using the WebSphere’s

“User and Groups” – “Administrative user roles” menu. Add the role “Auditor” or higher to the

user which will be mapped to the JMX monitor application. The user name and password is

used in the configuration for the JMX monitor inside ECM SM (using the Core Agent installer

or the Monitoring Manager).

9


Changes in virtual hosts and user mappings require application server restart.

10


Deploying the application

The JMX monitor application must be deployed to each cluster that will be monitored. The

monitor application must run in the same JVM as the applications which will be monitored.

The EAR and WAR file can be found on the ECM SM server in the directory

<install directory>/repos/install/webapps

The files are named applicationserver.jmx.monitor.ear and

applicationserver.jmx.monitor.war. The applicationserver.jmx.monitor.ear already contains

the property “context root = /jmxmonitor”, otherwise there is no difference between the files.

Copy the file to the computer where the WAS administrative console is running or to the

Deployment Manager node or any other node from the WAS cell.

Log on to the WAS console using an administrative account, open the “New Application”

menu and select “New Enterprise Application”.

Select the applicationserver.jmx.monitor.ear from the location where the file was stored.

11


Choose “Detailed” in the next step to show all installation options and parameters.

Select “Precompile JavaServer Pages files” and type in an application name (or use the

default) in Step 1:

12


In step 2 insert the check mark for the fsmtools.applicationserver.jmx.monitor web module

and select all WebSphere clusters where the module should be installed. The clusters should

be displayed in the table after “Apply” was clicked.

13


In step 3 verify the JDK Source Level, it needs to be 15 which is the default on WAS 8.5.

No changes are necessary in steps 4 to 6.

Select the virtual host created before for the JMX monitor module (or default_host if it

contains all application ports) in step 7.

Step 8 defines the context root of the module. Use the default “jmxmonitor” or type in your

own. The context root has to be used in the configuration of the JMX monitors inside ECM

SM.

14


With step 9 the security roles to user mapping is defined. Map the prepared user to the

jmx_monitoring role.

15


No changes required in steps 10 to 13. Click “Finish” to install the application.

16


If the installation completed successfully, save directly to the master configuration.

17


The JMX monitor application is installed. Synchronize the nodes, select all nodes for the

application clusters.

If the application servers haven’t been restarted after the creation of the virtual host and the

user – role mapping restart them now. Otherwise a restart is not necessary.

Switch to the “Applications” menu and start the JMX monitor application.

You should see the updated “started” status. To check the target specific application status

click on the JMX monitor application link.

18


The target specific application status shows you the state of the application on all deployed

clusters.

19


20


Verification

A quick check to test the application can be done by requesting all JMX MBeans in a web

browser.

Open a new browser session so the application requests the credentials instead of using the

running session credentials. Request the URL http(s)://<application server

hostname>:<application port>/jmxmonitor/configuration.jsp, e.g.

http://was8556.de.cenit-group.com:9080/jmxmonitor/configuration.jsp

The result page should show an xml page displaying all available MBeans, attributes and

values.

http://was8556.de.cenit-group.com:9080/jmxmonitor/configuration.jsp

21


Search within the page for e.g. “HeapSize” and check if values are shown.

If the values contain the error message "#Error: Exception: Error: An Invokation Exception

was thrown, when trying to invoke the request on the application server EC0005" most likely

the user to role mapping is wrong or not sufficient.

22


SSL certificates – HTTPS

If the applications are SSL secured and only reachable using https protocol, the SSL

certificate needs to be imported into a keystore that can be used by the ECM SM agent. The

keystore needs to be published to the ECM SM agent monitoring that specific server by

running the ECM SM configuration task “Configure Keystore Settings”.

One way to export the certificate is to use a browser to access the secured page

https://<application server hostname>:<application secure

port>/jmxmonitor/configuration.jsp. The certificate will be saved in the browser

certificate cache when the page is being accessed for first time. Using the export function in

the browser, e.g. Firefox “Options – Advanced – Certificates – View Certificates – Servers -

Export”. Save the exported certificate in “X.509 Certificate (PEM) .crt” format in a location

that can be accessed by the ECM SM agent.

The certificate needs to be imported into an existing or new keystore. The keytool command

to do this is:

<path to keytool>\keytool -import -file <path and file name to

certificate> -alias <description> -keystore <path and file name to

keystore>

e.g.

jre\bin\keytool -import -file svwap021ti.de.cenit-group.com.crt -

alias appserv1_certificate -keystore ECMSMagent_keystore

The path, file name and the password for the keystore is published to the ECM SM agent

using the task “Configure Keystore Settings”.

The procedure must be repeated for each ECM SM agent where JMX monitor will be

configured to run.

23


24


25


Date post:	10-Mar-2020
Category:	Documents
Upload:	others
View:	0 times
Download:	0 times

Enterprise Content Management System Monitor · The JMX monitor application requires a user –...

Documents