© 2009 IBM Corporation
Support Technical Exchange
Support Technical ExchangeTivoli Asset Discovery for Distributed 7.2IBM License Metric Tool 7.2
Configuration, Agent and SecuritySupport Technical Exchange Presentation 3/5
2
Support Technical Exchange
TAD4D 7.2 / ILMT 7.2 – Configuration, Agent and Security © 2009 IBM Corporation
Series OverviewTopics Covered in this Support Technical Exchange Series
Overview, Architecture, Integration, and Scalability
Server Installation
Configuration, Agent and Security
Product Functionality
Upgrade
3
Support Technical Exchange
TAD4D 7.2 / ILMT 7.2 – Configuration, Agent and Security © 2009 IBM Corporation
Topic AgendaConfiguration, Agent and Security
Presentation Information Users and Security
– Enabling Security
– Setting User Roles
Sever Configuration– VM Managers
– Scan Group Management
– Command Line Interface for WAS Deployment
– Software Knowledge Base Toolkit Launch in Context
– Use Data Collection and Multi Instance Support
– Tivoli Common Reporting
– DB2 Transaction Logs
– System.Properties File Parameters
Agent Installation Agent New Features Agent Configuration
– Mobility File
– tlmagent.ini File Parameters
Presentation Review FAQ Sheet Acknowledgments
4
Support Technical Exchange
TAD4D 7.2 / ILMT 7.2 – Configuration, Agent and Security © 2009 IBM Corporation
Presentation InformationPurpose, Structure, and General Information
Purpose:– Point of reference for IBM Tivoli Asset Discovery for Distributed 7.2 and IBM License Metric Tool
7.2 products
Structure:– Each section covers a different topic
– At the end of each section, a “Where to find more information” section directs users to further materials which aide in the understanding of the topic
– Notes sections may also contain additional valuable information
Important Acronyms: (For Presentation Slides Only)– CIT - Common Inventory Technology
– CLI – Command Line Interface
– ILMT – IBM License Metric Tool
– ISC – Integrated Solutions Console
– TAD4D – Tivoli Asset Discovery for Distributed
– TAMIT – Tivoli Asset Management for IT
– TCR - Tivoli Common Reporting
– TLCM – Tivoli License Compliance Manager
– VM - Virtual Machine
5
Support Technical Exchange
TAD4D 7.2 / ILMT 7.2 – Configuration, Agent and Security © 2009 IBM Corporation
Users and Security - Enabling SecuritySetting Up Security in TAD4D 7.2 and ILMT 7.2
Security in TAD4D 7.2 and ILMT 7.2– CLI requires that security is enabled
– Setting security allows the designation of users with specific roles
Select Secure Administration, Applications, and Infrastructure from the Navigation
Enter the Security Configuration Wizard
6
Support Technical Exchange
TAD4D 7.2 / ILMT 7.2 – Configuration, Agent and Security © 2009 IBM Corporation
Users and Security - Enabling SecurityWalking through the Security Configuration Wizard
7
Support Technical Exchange
TAD4D 7.2 / ILMT 7.2 – Configuration, Agent and Security © 2009 IBM Corporation
Users and Security - Setting User RolesAdding Users and Selecting User Roles
8
Support Technical Exchange
TAD4D 7.2 / ILMT 7.2 – Configuration, Agent and Security © 2009 IBM Corporation
Where to Find More InformationTopic Resources for TAD4D 7.2 and ILMT 7.2 Information
TAD4D 7.2 InfoCentero Controlling access
o Security
ILMT 7.2 InfoCentero Controlling access
o Security
9
Support Technical Exchange
TAD4D 7.2 / ILMT 7.2 – Configuration, Agent and Security © 2009 IBM Corporation
Server Configuration - Virtual Machine ManagersHandling Virtual Machines in TAD4D 7.2 and ILMT 7.2
Virtual Machine Managers– Manages and monitors virtual machines installed in the IT infrastructure
Configuring VM Managers– Before configuring a VM manager, the status of agents in their respective VMs is shown as
‘Incomplete’. This simply means that the server does not have all the information about a given agent’s underlying topology. ‘Incomplete’ status appears after the connection determined by the polling frequency
– After VM configuration, the status of the agent is shown as ‘OK’
– TAD4D 7.2 and ILMT 7.2 collect information from the VM managers and agents installed in their respective VMs to resolve the underlying topology of the physical host system
Tip: agents managed within a VM manager do not need to have CIT enabler configured
10
Support Technical Exchange
TAD4D 7.2 / ILMT 7.2 – Configuration, Agent and Security © 2009 IBM Corporation
Server Configuration - Virtual Machine ManagersAdding and Configuring the Virtual Manager in TAD4D 7.2 and ILMT 7.2
Adding a VM Manager Configuring the VM Manager
http://9.156.64.64
joeuser
11
Support Technical Exchange
TAD4D 7.2 / ILMT 7.2 – Configuration, Agent and Security © 2009 IBM Corporation
Server Configuration - Virtual Machine ManagersManaging the Connection Time for the Virtual Manager
Polling Interval in the Web UI
Polling Interval in the system.properties File
12
Support Technical Exchange
TAD4D 7.2 / ILMT 7.2 – Configuration, Agent and Security © 2009 IBM Corporation
Server Configuration - Virtual Machine ManagersImportant Information about Virtual Manager Configuration
VM configuration appears in the system as mobility– Manual exclusion for one of the VMs is necessary to avoid being charged twice via the ‘Classify
Relocation’ panel. Users should be mindful of whether they are entitled to exclude a VM for maintenance reasons.
– Not every mobility event needs to be classified.
13
Support Technical Exchange
TAD4D 7.2 / ILMT 7.2 – Configuration, Agent and Security © 2009 IBM Corporation
Server Configuration - Scan Group ManagementNew Features for Scan Group Management in TAD4D 7.2 and ILMT 7.2
TAD4D 7.2 Full Hardware Scan– Hardware inventory collection feature that
provides an addition scan to collect more detailed hardware information such as; printers, USB cards, hard drives, video cards, etc.
– Data is imported and consumed by TAMIT 7.2
– Enabled by default
Run Once Software Scan Selection– TAD4D 7.2
– ILMT 7.2
Tip: Scan Groups in TAD4D 7.2 are representative of Divisions in TLCM 2.3 and TAMIT 7.2
14
Support Technical Exchange
TAD4D 7.2 / ILMT 7.2 – Configuration, Agent and Security © 2009 IBM Corporation
Server Configuration - Enabling the CLIInstallation and Configuration of the CLI following WAS Deployment
The Command Line Interface must be configured manually only when TAD4D 7.2 or ILMT 7.2 is deployed on WAS
– Locate the CLI directory where the WAS deployment files were unpacked
– Supply the following information in the cli.properties file in the /conf directory
– secureAdminPort=– trustStorePath=
– Supply the following information if WAS was installed in a location other than the default in the lmtcli.sh or lmtcli.bat file.
– WAS_HOME=
15
Support Technical Exchange
TAD4D 7.2 / ILMT 7.2 – Configuration, Agent and Security © 2009 IBM Corporation
Server Configuration - SwKBT Launch in ContextTAD4D 7.2 Configuration of SwKBT Launch in Context Feature
Software Knowledge Base Toolkit– IBM Tivoli Software Knowledge Base Toolkit helps you maintain an up-to-date repository of
knowledge about software products, their components, and the means to discover them as installed and running on computer systems. It also allows you to enhance the software discovery processes in your environment by supporting data collection and its analysis for new software signatures.*
Launch in Context– Jump directly to detailed information in the SwKBT by clicking on a software component name in
the TAD4D 7.2 Web UI
Configure Connection in system.properties File– SwKBToolURL=protocol_name://hostname:port/
TAD4D 7.2 Panels with Launch in Context Capability– Software -> Software Products -> Instances
– Software -> Unrecognized Software -> Software Instances
– Administration -> Import Software Catalog
*InfoCenter Description
16
Support Technical Exchange
TAD4D 7.2 / ILMT 7.2 – Configuration, Agent and Security © 2009 IBM Corporation
Server Configuration - Use Data CollectionTAD4D 7.2 Use Data Collection and Multi-Instance Support
Three Levels Software Use Data Collection are Available in TAD4D 7.2
– Basic - Date and time the product was last used
– Summary and Trend - Average use and concurrent user data collection for a product
– Detailed - Full software use collection
Multi-Instance Support– Discover multiple instances of a software
product discovered by a single agent
Tip: When configuring use collection, the ‘storeUser’ property could also be set using the setServerConf CLI command (more info on the following slides)
17
Support Technical Exchange
TAD4D 7.2 / ILMT 7.2 – Configuration, Agent and Security © 2009 IBM Corporation
Server Configuration - Tivoli Common ReportingUsing TAD4D 7.2 Data with Tivoli Common Reporting
Product Use Data Collected by TAD4D 7.2 is not Available through the TAD4D 7.2 Web UI.
– Use data reports avaiable through
– Tivoli Asset Management for IT 7.2 (Last Used information)– Tivoli Common Reporting– Custom reports using Custom Database Views
After Setting up Tivoli Common Reporting User Can:– Access Two Custom TAD4D 7.2 Software Use Reports
– Product Use Summary - shows the information about the average use, the maximum number of concurrent uses, and the time at which the maximum concurrent use of a given product occurred
– Product Use Trend - shows the data about the maximum concurrent uses of the selected product
– Create Custom Reports using Custom Database Views
18
Support Technical Exchange
TAD4D 7.2 / ILMT 7.2 – Configuration, Agent and Security © 2009 IBM Corporation
Server Configuration - Tivoli Common ReportingSetting up Tivoli Common Reporting
Right Click on Report Sets and Select ‘Import Report Package’
Execute the Following Actions:• Find the report zip package • Check the Overwrite option • Specify a security set
Note: Tivoli Common Reporting Reports are demonstrated in the STE presentation entitled Product Functionality and will be covered in more detail at that time.
19
Support Technical Exchange
TAD4D 7.2 / ILMT 7.2 – Configuration, Agent and Security © 2009 IBM Corporation
Server Configuration - DB2 Transaction Log SizeConfiguring the Optimal DB2 Transaction Log Sizes
Configure the DB2 Transaction Log Size (Suggested Values)– for small environments (up to 50 PVU-based products and up to 10,000 agents): 400 MB, which is
the default system configuration after installation
– for medium environments (up to 150 PVU-based products and up to 20,000 agents): 1 GB. You can set this by changing the value of the LOGFILSIZ DB2 configuration parameter to 2500
– for large environments (up to 500 PVU-based products and up to 45,000 agents): 2 GB. You can set this by changing the value of the LOGFILSIZ DB2 configuration parameter to 5000
20
Support Technical Exchange
TAD4D 7.2 / ILMT 7.2 – Configuration, Agent and Security © 2009 IBM Corporation
Server Configuration - System.properties File ParametersNew Additions to TAD4D 7.2 and ILMT 7.2 system.properties file
Name Description
vmManagerPollingIntervalThe interval of time between consecutive data retrievals from VM managers (minutes)
agentVmManagerDetachmentPeriodThe maximum idle time before an agent managed by a VM manager is considered detached. From that point in time the data sent by an agent will not be augmented by data retrieved from the VM manager.
maxSubsequentCredentialFailuresThe maximum number of failed attempts to log in to the VM manager. After the set number of failed connection attempts, the account is locked.
maxPdfRows Report PDF row limit
SwKBToolURL The URL of the SwKBTool
reportPathThe path to the directory where the report will be generated prior to signing. If there is not enough space in the default directory, the signing will fail.
showAgentStatusAllows to disable showing agent status on the server UI, thus improving performance of the “Agents” and “Software Catalog Versions” panels
storeUserUsed to implement the privacy policy. Indicates whether user name should be collected when gathering product usage information. This pertains to the user who was using the product. (true | false)
21
Support Technical Exchange
TAD4D 7.2 / ILMT 7.2 – Configuration, Agent and Security © 2009 IBM Corporation
Where to Find More InformationTopic Resources for TAD4D 7.2 and ILMT 7.2 Information
TAD4D 7.2 InfoCentero VM managers
o Agents
o Scan groups
o Enabling the CLI
o Software product management
o Use data collection
o Generating use reports in TCR
o System.properties file parameters
o Tutorial: Connecting to new VM managers
o Tutorial: Managing unrecognized software
ILMT 7.2 InfoCentero VM managers
o Agents
o Scan Groups
o Enabling the CLI
o System properties file parameters
o Tutorial: Connecting to new VM managers
22
Support Technical Exchange
TAD4D 7.2 / ILMT 7.2 – Configuration, Agent and Security © 2009 IBM Corporation
Deployment methods– Native installers (new):
installp(AIX), swinstall(HP-UX), rpm(Linux), pkgadd(Solaris), installation wizard(Windows), RSTLICPGM(i5/OS)
– Remote build distribution using Tivoli Configuration Manager– Deployment using Windows logon scripts
Deployment methods no longer supported– Individual local installation using a wizard (running on Java)– Remote bulk distribution using Remote Execution and Access (RXA)
New deployment environments – VMWare and MS Virtual Server virtualization environments (present in 7.1FP1)– x86 platforms (present in 7.1FP1)– AIX 6.1 WPARs
Upgrade– Configuration settings get migrated but agent cache gets removed– Manual procedure for certificate migration required when migrating from a secure TLCM 2.3
runtime server
Agent Installation and UpgradeBrief Notes Concering TAD4D 7.2 and ILMT 7.2 Agents
23
Support Technical Exchange
TAD4D 7.2 / ILMT 7.2 – Configuration, Agent and Security © 2009 IBM Corporation
Agent New FunctionalityNew Functions and Features Performed by Agents
New virtualization support– Power6 virtual shared pools for i5/OS
– AIX and i5/OS shared dedicated processors
– AIX 6.1 system WPARs
– AIX and pLinux partition (aka LPAR) mobility
– AIX 6.1 application (aka WPAR) mobility
Use monitoring and multi-instance support for TAD4D Full hardware scan for TAD4D Native registry scan for TAD4D
24
Support Technical Exchange
TAD4D 7.2 / ILMT 7.2 – Configuration, Agent and Security © 2009 IBM Corporation
Agent Configuration - Mobility FileManaging Agent Movement Among VMs
Excluding the Source or Target Machine– There exists the possibility to exclude the source or
target machine from PVU calculations
– You can only exclude a partition for mobility if you are entitled to do so by your license agreement.
– Maintenance is the only allowed exclusion reason
Modification in tlmagent.ini File
Format:– <reason>:<configuration>
– reason = maintenance– configuration = source | target
VM with agent relocatedVM1 VM2VM1=VM2
25
Support Technical Exchange
TAD4D 7.2 / ILMT 7.2 – Configuration, Agent and Security © 2009 IBM Corporation
Agent Configuration - tlmagent.ini FileNew Configuration Items in tlmagent.ini File
Name Description
agentVersionVersion of the agent. Should already be filled in after installation.
scan_group Formerly “division”
unknown_files_enabled REMOVED
communication_type REMOVED
Ad ‘unknown_files_enabled’ removal– No longer supported (if usage was found for an unmatched product, information was sent to the
server that this is an unknown file)
Ad ‘communication_type’ removal– this was the file communication type and was related with TCM integration
26
Support Technical Exchange
TAD4D 7.2 / ILMT 7.2 – Configuration, Agent and Security © 2009 IBM Corporation
Where to Find More InformationTopic Resources for TAD4D 7.2 and ILMT 7.2 Information
TAD4D 7.2 InfoCentero Classifying relocated partitions
o Agent Installation
o Software and Hardware Requirements for Agents
o Upgrading Agents
o Tutorial: Classifying relocated partitions
ILMT 7.2 InfoCentero Classifying relocated partitions
o Agent Installation
o Software and Hardware Requirements
o Upgrading Agents
o Tutorial: Classifying relocated partitions
27
Support Technical Exchange
TAD4D 7.2 / ILMT 7.2 – Configuration, Agent and Security © 2009 IBM Corporation
Presentation ReviewSummary of Material Covered in this Presentation
Enabling Security and Setting User Roles
Server Configurations Tasks– Virtual Machine Management
– Software Knowledge Base Toolkit Launch in Context Configuration
– Tivoli Common Reporting Configuration
Agent Configuration Tasks
28
Support Technical Exchange
TAD4D 7.2 / ILMT 7.2 – Configuration, Agent and Security © 2009 IBM Corporation
FAQ SheetSummary of Frequently Asked Questions
Q: How is it determined which agents need to have a VM Manager? Which ones will not get info from the agent?
– A: The agents which have INCOMPLETE status and are under the control of one of the following virtualization technologies
– - VMware ESX
– - VMware ESXi
– - VMware VirtualCenter
– need to have the VM manager configured.
– Virtualization technologies outside of ESX and ESXi still require the use of CIT enabler
Q: So it is one VM manager setup per agent? one per node? all agents on a physical box? How many share a VM Manager?
– A: By VM manager we mean an ESX/ESXi server or a Virtual Center. So you configure one VM manager for all the agents in the VMs on a given server (or cluster in case of Virtual Center).
Q: No install snapshots out-of-box? That's a standard report in TLCM 2.3. Install snapshot lists the software available or the software found.
– A: The software installed in the infrastructure can be viewed using the "Software Products" panel on the Integrated Solutions Console-based UI.
29
Support Technical Exchange
TAD4D 7.2 / ILMT 7.2 – Configuration, Agent and Security © 2009 IBM Corporation
FAQ SheetSummary of Frequently Asked Questions
Q: Why is the db2log important to TAD4D?– A: Because TAD4D processes a lot of information (especially use data can take a lot of space in
the database). Because of this, for larger infrastructures, a log larger than the default is needed.
Q: Is it configurable how often the agent collects information used for audit reports?
– A: Yes - the "Manage Scan Groups" panel can be used to schedule software scans or change their frequency.
Q: Does scan_group equal divisions in TLCM 2.3?– A: In TAD4D 7.2 scan groups are analogus to divisions in TLCM 2.3 with the following
understanding. Scan groups are a logical set of agents sharing the same configuration without any relationship to the actual physical organization of the infrastructure.
Q: Is it possible to change an agent's scan_group without going to the agent?
– A: Yes, it can be done using the administration server UI ("Agents" panel - "Change Scan Group" option).
Q: Does the agent installation still require java?– A: No, the native agent installers don't require Java. They are also much faster than the
previousJava-based one.
30
Support Technical Exchange
TAD4D 7.2 / ILMT 7.2 – Configuration, Agent and Security © 2009 IBM Corporation
Acknowledgments
Piotr Machner – Training TAD4D 7.2 and ILMT 7.2 Elzbieta Pacan - Information Development Entire STE Team