TAD4D_ILMT_STE_Presentation_3of5

© 2009 IBM Corporation

Support Technical Exchange

Support Technical ExchangeTivoli Asset Discovery for Distributed 7.2IBM License Metric Tool 7.2

Configuration, Agent and SecuritySupport Technical Exchange Presentation 3/5

2


TAD4D 7.2 / ILMT 7.2 – Configuration, Agent and Security © 2009 IBM Corporation

Series OverviewTopics Covered in this Support Technical Exchange Series

Overview, Architecture, Integration, and Scalability

Server Installation

Configuration, Agent and Security

Product Functionality

Upgrade

3



Topic AgendaConfiguration, Agent and Security

Presentation Information Users and Security

– Enabling Security

– Setting User Roles

Sever Configuration– VM Managers

– Scan Group Management

– Command Line Interface for WAS Deployment

– Software Knowledge Base Toolkit Launch in Context

– Use Data Collection and Multi Instance Support

– Tivoli Common Reporting

– DB2 Transaction Logs

– System.Properties File Parameters

Agent Installation Agent New Features Agent Configuration

– Mobility File

– tlmagent.ini File Parameters

Presentation Review FAQ Sheet Acknowledgments

4



Presentation InformationPurpose, Structure, and General Information

Purpose:– Point of reference for IBM Tivoli Asset Discovery for Distributed 7.2 and IBM License Metric Tool

7.2 products

Structure:– Each section covers a different topic

– At the end of each section, a “Where to find more information” section directs users to further materials which aide in the understanding of the topic

– Notes sections may also contain additional valuable information

Important Acronyms: (For Presentation Slides Only)– CIT - Common Inventory Technology

– CLI – Command Line Interface

– ILMT – IBM License Metric Tool

– ISC – Integrated Solutions Console

– TAD4D – Tivoli Asset Discovery for Distributed

– TAMIT – Tivoli Asset Management for IT

– TCR - Tivoli Common Reporting

– TLCM – Tivoli License Compliance Manager

– VM - Virtual Machine

5



Users and Security - Enabling SecuritySetting Up Security in TAD4D 7.2 and ILMT 7.2

Security in TAD4D 7.2 and ILMT 7.2– CLI requires that security is enabled

– Setting security allows the designation of users with specific roles

Select Secure Administration, Applications, and Infrastructure from the Navigation

Enter the Security Configuration Wizard

6



Users and Security - Enabling SecurityWalking through the Security Configuration Wizard

7



Users and Security - Setting User RolesAdding Users and Selecting User Roles

8



Where to Find More InformationTopic Resources for TAD4D 7.2 and ILMT 7.2 Information

TAD4D 7.2 InfoCentero Controlling access

o Security

ILMT 7.2 InfoCentero Controlling access

o Security

9



Server Configuration - Virtual Machine ManagersHandling Virtual Machines in TAD4D 7.2 and ILMT 7.2

Virtual Machine Managers– Manages and monitors virtual machines installed in the IT infrastructure

Configuring VM Managers– Before configuring a VM manager, the status of agents in their respective VMs is shown as

‘Incomplete’. This simply means that the server does not have all the information about a given agent’s underlying topology. ‘Incomplete’ status appears after the connection determined by the polling frequency

– After VM configuration, the status of the agent is shown as ‘OK’

– TAD4D 7.2 and ILMT 7.2 collect information from the VM managers and agents installed in their respective VMs to resolve the underlying topology of the physical host system

Tip: agents managed within a VM manager do not need to have CIT enabler configured

10



Server Configuration - Virtual Machine ManagersAdding and Configuring the Virtual Manager in TAD4D 7.2 and ILMT 7.2

Adding a VM Manager Configuring the VM Manager

http://9.156.64.64

joeuser

11



Server Configuration - Virtual Machine ManagersManaging the Connection Time for the Virtual Manager

Polling Interval in the Web UI

Polling Interval in the system.properties File

12



Server Configuration - Virtual Machine ManagersImportant Information about Virtual Manager Configuration

VM configuration appears in the system as mobility– Manual exclusion for one of the VMs is necessary to avoid being charged twice via the ‘Classify

Relocation’ panel. Users should be mindful of whether they are entitled to exclude a VM for maintenance reasons.

– Not every mobility event needs to be classified.

13



Server Configuration - Scan Group ManagementNew Features for Scan Group Management in TAD4D 7.2 and ILMT 7.2

TAD4D 7.2 Full Hardware Scan– Hardware inventory collection feature that

provides an addition scan to collect more detailed hardware information such as; printers, USB cards, hard drives, video cards, etc.

– Data is imported and consumed by TAMIT 7.2

– Enabled by default

Run Once Software Scan Selection– TAD4D 7.2

– ILMT 7.2

Tip: Scan Groups in TAD4D 7.2 are representative of Divisions in TLCM 2.3 and TAMIT 7.2

14



Server Configuration - Enabling the CLIInstallation and Configuration of the CLI following WAS Deployment

The Command Line Interface must be configured manually only when TAD4D 7.2 or ILMT 7.2 is deployed on WAS

– Locate the CLI directory where the WAS deployment files were unpacked

– Supply the following information in the cli.properties file in the /conf directory

– secureAdminPort=– trustStorePath=

– Supply the following information if WAS was installed in a location other than the default in the lmtcli.sh or lmtcli.bat file.

– WAS_HOME=

15



Server Configuration - SwKBT Launch in ContextTAD4D 7.2 Configuration of SwKBT Launch in Context Feature

Software Knowledge Base Toolkit– IBM Tivoli Software Knowledge Base Toolkit helps you maintain an up-to-date repository of

knowledge about software products, their components, and the means to discover them as installed and running on computer systems. It also allows you to enhance the software discovery processes in your environment by supporting data collection and its analysis for new software signatures.*

Launch in Context– Jump directly to detailed information in the SwKBT by clicking on a software component name in

the TAD4D 7.2 Web UI

Configure Connection in system.properties File– SwKBToolURL=protocol_name://hostname:port/

TAD4D 7.2 Panels with Launch in Context Capability– Software -> Software Products -> Instances

– Software -> Unrecognized Software -> Software Instances

– Administration -> Import Software Catalog

*InfoCenter Description

16



Server Configuration - Use Data CollectionTAD4D 7.2 Use Data Collection and Multi-Instance Support

Three Levels Software Use Data Collection are Available in TAD4D 7.2

– Basic - Date and time the product was last used

– Summary and Trend - Average use and concurrent user data collection for a product

– Detailed - Full software use collection

Multi-Instance Support– Discover multiple instances of a software

product discovered by a single agent

Tip: When configuring use collection, the ‘storeUser’ property could also be set using the setServerConf CLI command (more info on the following slides)

17



Server Configuration - Tivoli Common ReportingUsing TAD4D 7.2 Data with Tivoli Common Reporting

Product Use Data Collected by TAD4D 7.2 is not Available through the TAD4D 7.2 Web UI.

– Use data reports avaiable through

– Tivoli Asset Management for IT 7.2 (Last Used information)– Tivoli Common Reporting– Custom reports using Custom Database Views

After Setting up Tivoli Common Reporting User Can:– Access Two Custom TAD4D 7.2 Software Use Reports

– Product Use Summary - shows the information about the average use, the maximum number of concurrent uses, and the time at which the maximum concurrent use of a given product occurred

– Product Use Trend - shows the data about the maximum concurrent uses of the selected product

– Create Custom Reports using Custom Database Views

18



Server Configuration - Tivoli Common ReportingSetting up Tivoli Common Reporting

Right Click on Report Sets and Select ‘Import Report Package’

Execute the Following Actions:• Find the report zip package • Check the Overwrite option • Specify a security set

Note: Tivoli Common Reporting Reports are demonstrated in the STE presentation entitled Product Functionality and will be covered in more detail at that time.

19



Server Configuration - DB2 Transaction Log SizeConfiguring the Optimal DB2 Transaction Log Sizes

Configure the DB2 Transaction Log Size (Suggested Values)– for small environments (up to 50 PVU-based products and up to 10,000 agents): 400 MB, which is

the default system configuration after installation

– for medium environments (up to 150 PVU-based products and up to 20,000 agents): 1 GB. You can set this by changing the value of the LOGFILSIZ DB2 configuration parameter to 2500

– for large environments (up to 500 PVU-based products and up to 45,000 agents): 2 GB. You can set this by changing the value of the LOGFILSIZ DB2 configuration parameter to 5000

20



Server Configuration - System.properties File ParametersNew Additions to TAD4D 7.2 and ILMT 7.2 system.properties file

Name Description

vmManagerPollingIntervalThe interval of time between consecutive data retrievals from VM managers (minutes)

agentVmManagerDetachmentPeriodThe maximum idle time before an agent managed by a VM manager is considered detached. From that point in time the data sent by an agent will not be augmented by data retrieved from the VM manager.

maxSubsequentCredentialFailuresThe maximum number of failed attempts to log in to the VM manager. After the set number of failed connection attempts, the account is locked.

maxPdfRows Report PDF row limit

SwKBToolURL The URL of the SwKBTool

reportPathThe path to the directory where the report will be generated prior to signing. If there is not enough space in the default directory, the signing will fail.

showAgentStatusAllows to disable showing agent status on the server UI, thus improving performance of the “Agents” and “Software Catalog Versions” panels

storeUserUsed to implement the privacy policy. Indicates whether user name should be collected when gathering product usage information. This pertains to the user who was using the product. (true | false)

21




TAD4D 7.2 InfoCentero VM managers

o Agents

o Scan groups

o Enabling the CLI

o Software product management

o Use data collection

o Generating use reports in TCR

o System.properties file parameters

o Tutorial: Connecting to new VM managers

o Tutorial: Managing unrecognized software

ILMT 7.2 InfoCentero VM managers

o Agents

o Scan Groups

o Enabling the CLI

o System properties file parameters

o Tutorial: Connecting to new VM managers

22



Deployment methods– Native installers (new):

installp(AIX), swinstall(HP-UX), rpm(Linux), pkgadd(Solaris), installation wizard(Windows), RSTLICPGM(i5/OS)

– Remote build distribution using Tivoli Configuration Manager– Deployment using Windows logon scripts

Deployment methods no longer supported– Individual local installation using a wizard (running on Java)– Remote bulk distribution using Remote Execution and Access (RXA)

New deployment environments – VMWare and MS Virtual Server virtualization environments (present in 7.1FP1)– x86 platforms (present in 7.1FP1)– AIX 6.1 WPARs

Upgrade– Configuration settings get migrated but agent cache gets removed– Manual procedure for certificate migration required when migrating from a secure TLCM 2.3

runtime server

Agent Installation and UpgradeBrief Notes Concering TAD4D 7.2 and ILMT 7.2 Agents

23



Agent New FunctionalityNew Functions and Features Performed by Agents

New virtualization support– Power6 virtual shared pools for i5/OS

– AIX and i5/OS shared dedicated processors

– AIX 6.1 system WPARs

– AIX and pLinux partition (aka LPAR) mobility

– AIX 6.1 application (aka WPAR) mobility

Use monitoring and multi-instance support for TAD4D Full hardware scan for TAD4D Native registry scan for TAD4D

24



Agent Configuration - Mobility FileManaging Agent Movement Among VMs

Excluding the Source or Target Machine– There exists the possibility to exclude the source or

target machine from PVU calculations

– You can only exclude a partition for mobility if you are entitled to do so by your license agreement.

– Maintenance is the only allowed exclusion reason

Modification in tlmagent.ini File

Format:– <reason>:<configuration>

– reason = maintenance– configuration = source | target

VM with agent relocatedVM1 VM2VM1=VM2

25



Agent Configuration - tlmagent.ini FileNew Configuration Items in tlmagent.ini File

Name Description

agentVersionVersion of the agent. Should already be filled in after installation.

scan_group Formerly “division”

unknown_files_enabled REMOVED

communication_type REMOVED

Ad ‘unknown_files_enabled’ removal– No longer supported (if usage was found for an unmatched product, information was sent to the

server that this is an unknown file)

Ad ‘communication_type’ removal– this was the file communication type and was related with TCM integration

26




TAD4D 7.2 InfoCentero Classifying relocated partitions

o Agent Installation

o Software and Hardware Requirements for Agents

o Upgrading Agents

o Tutorial: Classifying relocated partitions

ILMT 7.2 InfoCentero Classifying relocated partitions

o Agent Installation

o Software and Hardware Requirements

o Upgrading Agents

o Tutorial: Classifying relocated partitions

27



Presentation ReviewSummary of Material Covered in this Presentation

Enabling Security and Setting User Roles

Server Configurations Tasks– Virtual Machine Management

– Software Knowledge Base Toolkit Launch in Context Configuration

– Tivoli Common Reporting Configuration

Agent Configuration Tasks

28



FAQ SheetSummary of Frequently Asked Questions

Q: How is it determined which agents need to have a VM Manager? Which ones will not get info from the agent?

– A: The agents which have INCOMPLETE status and are under the control of one of the following virtualization technologies

– - VMware ESX

– - VMware ESXi

– - VMware VirtualCenter

– need to have the VM manager configured.

– Virtualization technologies outside of ESX and ESXi still require the use of CIT enabler

Q: So it is one VM manager setup per agent? one per node? all agents on a physical box? How many share a VM Manager?

– A: By VM manager we mean an ESX/ESXi server or a Virtual Center. So you configure one VM manager for all the agents in the VMs on a given server (or cluster in case of Virtual Center).

Q: No install snapshots out-of-box? That's a standard report in TLCM 2.3. Install snapshot lists the software available or the software found.

– A: The software installed in the infrastructure can be viewed using the "Software Products" panel on the Integrated Solutions Console-based UI.

29



FAQ SheetSummary of Frequently Asked Questions

Q: Why is the db2log important to TAD4D?– A: Because TAD4D processes a lot of information (especially use data can take a lot of space in

the database). Because of this, for larger infrastructures, a log larger than the default is needed.

Q: Is it configurable how often the agent collects information used for audit reports?

– A: Yes - the "Manage Scan Groups" panel can be used to schedule software scans or change their frequency.

Q: Does scan_group equal divisions in TLCM 2.3?– A: In TAD4D 7.2 scan groups are analogus to divisions in TLCM 2.3 with the following

understanding. Scan groups are a logical set of agents sharing the same configuration without any relationship to the actual physical organization of the infrastructure.

Q: Is it possible to change an agent's scan_group without going to the agent?

– A: Yes, it can be done using the administration server UI ("Agents" panel - "Change Scan Group" option).

Q: Does the agent installation still require java?– A: No, the native agent installers don't require Java. They are also much faster than the

previousJava-based one.

30



Acknowledgments

Piotr Machner – Training TAD4D 7.2 and ILMT 7.2 Elzbieta Pacan - Information Development Entire STE Team

Date post:	24-Nov-2014
Category:	Documents
Upload:	sean-hay
View:	106 times
Download:	0 times

TAD4D_ILMT_STE_Presentation_3of5

Documents