SlideShare a Scribd company logo

CSD-2881 - Achieving System Production Readiness for IBM PureApplication System

H
Hendrik van Run

The document outlines best practices for achieving system production readiness with IBM PureApplication System, detailing aspects such as cloud environment configurations, security controls, monitoring, backup and restore processes, and update management. It emphasizes the importance of network isolation, resource allocation, and environment profiles to separate production from development resources effectively, while also addressing user authentication and authorization. Additionally, it provides guidance on managing deployments and ensuring high availability through resource reservation and operational monitoring.

Technology
1 of 54
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
© 2014 IBM Corporation Achieving System Production Readiness for IBM PureApplication System Session CSD-2881 Hendrik van Run hvanrun@uk.ibm.com Bobby Woolf bwoolf@us.ibm.com
2 Please Note IBM’s statements regarding its plans, directions, and intent are subject to change or withdrawal without notice at IBM’s sole discretion. Information regarding potential future products is intended to outline our general product direction and it should not be relied on in making a purchasing decision. The information mentioned regarding potential future products is not a commitment, promise, or legal obligation to deliver any material, code or functionality. Information about potential future products may not be incorporated into any contract. The development, release, and timing of any future features or functionality described for our products remains at our sole discretion. Performance is based on measurements and projections using standard IBM benchmarks in a controlled environment. The actual throughput or performance that any user will experience will vary depending upon many factors, including considerations such as the amount of multiprogramming in the user’s job stream, the I/O configuration, the storage configuration, and the workload processed. Therefore, no assurance can be given that an individual user will achieve results similar to those stated here.
Agenda
4 Agenda System production readiness • Cloud environment • Authentication and authorization • Monitoring • Backup and restore • Update management Pattern production readiness Go-live checklist
Cloud Environment
6 Cloud Environment Features Types of system resources • Compute node – Computer hardware with CPU and memory • IP group – A set of IP addresses, their VLAN ID, and other network settings • Cloud group – One or more compute nodes bundled with one or more IP groups • Environment profile – Policy for deploying patterns into cloud groups – Allocates resources for logical isolation of pattern instances • User group – A list of users in the same role
7 Network Isolation Each application data network is a VLAN inside the system • Layer-2 • VLAN provides network segregation/isolation • The top of rack switches map the VLANs onto network ports An IP group represents a network with a pool of IP addresses • Layer-3 • Provides networking resources for VMs • Associated with application data network (VLAN) • All IP addresses have to be registered in DNS – Forward and Reverse lookups! – If multiple DNS servers, mappings must match
Computational Isolation A cloud group contains one or more compute nodes • Provides CPU and memory resources for VMs • Multiple compute nodes required for HA capabilities of VMs • One or more IP groups required in each cloud group • Cloud groups provide all resources for VMs to be deployed – CPU and memory resources – Networking resources An environment profiles provide fine-grained control • Controls deployment to a cloud group • Allows resource limits to be set
9 Cloud Groups and High Availability Each cloud group should contain multiple compute nodes • Provides HA: VMs can failover from one compute node to another • More details on next slide Select compute nodes distributed amongst chassis • Distributes cloud group across chassis • Select – Different chassis (42u PureApp) – Different sides (W1500 Intel)
Cloud Groups and High Availability HA can be enabled for a cloud group that consists of two or more compute nodes • Enable “reserve resources for availability” on the cloud group • Ensures sufficient space is available for failover of all VMs • Also provides benefit when applying maintenance (planned failover) Reserving resources reduces available capacity • Reserves space in the cloud group equivalent to one compute node – Reserves 1/n of the resources on each compute node – In a cloud group with two compute nodes, capacity is reduced 50% 10 8 physical cores 128 GB memory (reserved) 8 physical cores 128 GB memory (reserved) Compute Node with total capacity of 16 physical cores and 256 GB of memory Cloud Group with HA enabled, total capacity is 16 cores and 256 GB of memory
Cloud Groups and Capacity Cloud groups determine mapping of virtual onto physical resources • A virtual machine uses vCPUs and memory • Cloud group type determines CPU overcommit ratio (vCPUs:pCore) – Dedicated – 1:1 ratio – Average – 8:1 ratio (W1500 Intel); 10:1 ratio (W1700 Power) Example: Cloud group with two compute nodes on W1500 (Intel) • Note: A single VM runs within a single compute node • Compute nodes’ capacity depends on cloud group’s HA setting • Note: The table below does not take into account ESXi Hypervisor overhead – 10% of the cores and 6 GB of memory are reserved on each compute node – There is also a small memory footprint that ESXi allocates for each VM 11 Cloud Group Type HA enabled Virtual CPUs Physical cores Memory (GB) Maximum resources single VM Dedicated Yes 16 16 256 8 vCPUs/128 GB Dedicated No 32 32 512 16 vCPUs/256 GB Average Yes 128 16 256 64 vCPUs/128 GB Average No 256 32 512 128 vCPUs/256 GB
12 Isolate Production from Dev/Test/Acceptance Separate the environment for production applications • Separate cloud group for production – Separate from dev, test, etc. – Consider cloud group type “Dedicated” to avoid resource contention • Separate VLANs – Its IP groups should use VLANs not used for other cloud groups Allocate resources • Use environment profile limits to subdivide a cloud group • Limit CPU, memory, and storage • Limit product licenses by product • Limit IP addresses – Use separate IP groups on the same VLAN – Limit which environment profiles can use which IP groups
13 Isolate Applications’ Network Traffic Consider using VLANs to separate applications’ network traffic • Isolates the network traffic for each set of applications • If two applications need to communicate – Put them on the same VLAN for communication inside the system – Put them on different VLANs and bridge those outside the system • To separate them, deploy them using separate IP groups – The IP groups should use separate VLANs Consider physically isolate VLANs • Good examples include – High-volumes online applications – Network for backups • Top of Rack switches (ToRs) provide physical network connection – One or more VLANs are assigned to each aggregated link – Each aggregated link uses its own set of ports on the TORs – Total of 16 ports on each TOR (ports 41-56) at up to 10 Gbps – Example: aggregated link using ports 41-42 on both TORs
Environment Profiles - Limits Limit the resources available for deployments • Virtual CPU • Memory • Disk 14
15 Environment Profiles - Authorization Use separate environment profiles just for production • An environment profile’s deploy to cloud groups setting – Should only specify the Prod cloud group – Shouldn’t specify the Prod cloud group and other cloud groups Use separate user group just for deploying into production • Create a user group: ProdDeployers • Only add users who should deploy production applications Limit other users and user groups • Any with write or all access also have read access • Any with read access can deploy into production
16 Use priorities to handle contention Priorities break ties when contention occurs • Order to failover VMs between compute nodes • How to ration overcommitted CPU – Average type cloud group only • Order of concurrent pattern deployments Priority set in two parts • Environment profile deployment priority – Platinum-Bronze • Deployer deployment priority – High-Low • Weights – Shown in env. profile – 16-1
Authentication and Authorization
Security and Permissions Configure an external LDAP server for user authentication • Use user groups in external LDAP server for group membership • Configure group permissions in IBM PureApplication System Protect system from attacks on the well-known default account • The default account is granted all the security roles • The default account cannot be disabled! Best practice: change the name and password of the default account • Change the default account name using CLI • Change the default account password to a strong password 18
19 External LDAP User Registry Use an external user registry • LDAP protocol • Existing one in data center External user registry • Defines users • Defines groups • Defines membership Superior to internal one • Better authentication • Better password mgmt • Separately administered Internal one defines authorization • Maps groups to security roles
20 Security Roles Hardware administration Auditing Cloud group administration Security administration Workload resources administration Create new environment profiles Create new catalog content Create new patterns IBM License Metric Tool (ILMT) Deploy patterns in the cloud Administrators Workload Management
21 Workload Component Access Control Access granted to • Component grants access to one or more users • Creator is automatically owner, gets All access • Other users are granted a level of access Access levels • Read – Read only • Write – Read + change • All – Write + delete + grant access Read • View in lists • Pattern: Clone, deploy • Environment profile: Deploy Write • Pattern instance: manage its lifecycle – Start, stop, store Any user can deploy a pattern • No security role for deployment • Deploy patterns in the cloud is an implied role • Need read access to the pattern • Need read access to the environment profile
22 Catalog Content Access Control Managing Patterns Clone, edit, and lock a pattern • Requires role Workload Management > Create new patterns • Requires write permissions on the pattern Delete a pattern • Requires role Workload Management > Create new patterns • Requires all permissions on the pattern Managing Other Catalog Content Environment profile • Requires role Workload Management > Create new environment profiles Catalog content • Requires Workload Management > Create new catalog content Managing Deployed Pattern Instances User who deployed the instance is the owner and has all permissions Other users or groups can be assigned instance permissions (read, write or all) The following roles provide permissions across all instances • Workload resources administration > View all workload resources (Read-only) • Workload resources administration > Manager workload resources(Full permission)
23 External Audit Logging Audit log • Tracks administrator actions • Tracks user directory changes Use external audit logging • Log files copied to external server (SCP) • Keeps logs from filling up • Keeps logs secure on separate server
Monitoring
25 Events and Problems Logs Events • System Console > System > Events • ITM situations that are significant • Type: Different kinds of components like compute node and virtual machine • Severity: Fatal, Critical, Major, Minor, Warning, etc. • Category: Alert, Resolution, Call support, and Customer serviceable Problems • System Console > System > Problems • Events with the “Call support” category • Additional details suitable for adding to a PMR
26 Event Forwarding SNMP traps can be set to forward events for external monitoring • System Console > System > Settings > Event Forwarding • System Identification describes the source of the events • Trap Destinations specify SNMP listener clients • Each trap can filter events by severity • Events (from the event log) are forwarded to the traps External PureApplication System Agent • Can be installed in existing ITM server Additional support for IBM Tivoli Monitoring • MIB and OMNIbus rules
27 TEM AgentTEM AgentTEM Agent Workload Monitoring Shared Services Shared services must be deployed to enable workload monitoring • Enables the monitor link on the VM listed in the workload console Four workload monitoring shared services 1. System Monitoring (ITM-Hub-TEMS and OS-level monitoring) 2. System Monitoring for HTTP Servers (ITCAM for HTTP) 3. System Monitoring for WebSphere Application Server (ITCAM for WAS) 4. Database Performance Monitoring (InfoSphere Optim) Workload monitoring shared services • Patterns included as part of PureApp • Instances need to be deployed to each cloud group PureApplication System Monitoring Portal • A.k.a. Tivoli Enterprise Portal (TEP) • Part of Smart Cloud Monitoring, f.n.a. IBM Tivoli Monitoring (ITM) • Java GUI that connects to the System Monitoring shared service • Opened by the various “endpoint” and “monitoring” links Hub-TEMS (Tivoli Enterprise Monitoring Server) TEPS (Tivoli Enterprise Portal Server) TEP (Tivoli Enterprise Portal)
28 Monitoring Best Practices Watch (monitor!) the Events Log and Problems Log • Check it/them daily for new high-severity events • External monitoring is even better Configure external monitoring • Connect PureApp to your enterprise monitoring • Use SNMP traps to forward PureApp events • MIB and OMNIbus rules are even better Configure middleware monitoring • Deploy monitoring shared services • System Monitoring service can be internal or external – Internal: Service runs ITM-Hub-TEMS, ITM-Remote, and ITM-Data- Warehouse – External: Service runs ITM-Remote connected to your external ITM- Hub-TEMS
Backup and Restore
30 Categories of Data Management • Setup and configuration data Cloud Environment • IP groups and cloud groups Workload Catalog • Images, patterns, components Workload • Pattern instances Application • State of running applications
31 Backup Tasks System backup • Product feature, creates a monolithic snapshot – Backup of: Management, cloud environment, and workload catalog – But not of: Virtual images, workloads, or application data • Optional component backup exports workload catalog Configuration scripts • Custom CLI scripts to create sys config and cloud environment Component export • CLI scripts to write workload components to disk • Corresponding CLI scripts to read them in again Application data backup • Captures the state of an application, such as databases • Backup software (like Tivoli Storage Manager) • Same as applications on traditional hardware
32 Backup Best Practices Run system backup and include component backup • Schedule it to automatically run daily Implement CLI scripts to create the cloud environment • Keep the scripts and properties files in SCM Export all workload components • When developers edit a component, export it • Or export all components daily or weekly • Keep exported files in SCM Backup application data • Perform on a regular basis, such as daily or weekly • Needed when you redeploy a pattern – Ex: Migrating to a new version of a production application
33 Recovery Scenarios Scenario #1: Restore application data • Use backup program to restore the backup Scenario #2: Restore workloads selectively • Redeploy the pattern and restore its application data backup Scenario #3: Restore system or workload components selectively • Use the CLI to delete the components and import their backup • Import workload components from the system backup Scenario #4: Recover when one PSM fails • IBM CE will restore the non-functional PSM from its peer Scenario #5: Recover when both PureSystems Managers fail • IBM CE will restore both PSMs using the system backup
Update Management
35 Types of Updates System update • New version of component firmware and PSM software Group fix • New version of patterns for shared services Virtual image and pattern update • New versions of middleware patterns and parts • New versions of Base OS images • New versions of virtual application pattern types and plug-ins Emergency fix • Middleware fix packs, applied to pattern instances Updates available from PureSystems Centre
36 System Update New version or fixpack of the system software • Updates v1.0 to v1.1, or v1.1.0.1 to v1.1.0.2, etc. • Update performed by IBM CE • Updates firmware in all hardware components (as necessary) • Updates the system management software running in the PSM Details • Schedule during light usage • No overall outage – All workloads remain available – PSM (Console, CLI, REST) is periodically unavailable • Best practice: Reserve resources for availability – Make sure High availability is active • Make sure system HA is active – System Console > System > Troubleshooting > High Availability
37 Group Fix New version of pattern types for virtual applications • Shared services are virtual application patterns • Upgrades the version of selected patterns Roles • Load and update performed by Workload administrator • Deploy performed by Cloud administrator Dependencies – Before deploying/upgrading shared services • Install System Update • Load Base OS updates • Load pattern types and plug-ins Deploy updated service • Use Check for upgrades to update each service instance
38 Virtual image and pattern update New versions of entitled workload catalog components What’s included • Includes updates of middleware patterns and parts – Base OS images (RHEL, AIX) – Virtual system patterns (WAS, DB2, etc.) and parts – Virtual application pattern types (Web App Pattern Type) and plug-ins • Updates to non-entitled patterns (BPM, Portal, etc.) are separate Roles • Load and update performed by Workload administrator Dependencies • These updates are independent of system updates and group fixes Deployment • Update your patterns to use the new components
39 Update Services RedHat OS Update Service (W1500 only) • Implements a YUM repository of packages from Red Hat – Implements Red Hat Update Infrastructure (RHUI) – Repository of Red Hat Package Manager (RPM) packages – Enables running YUM commands (Yellowdog Updater, Modified) • Use YUM commands to update RHEL in the VMs – Autowiring - Automatically connects all VMs to the repository IBM Endpoint Manager Service • Proxy for IBM Endpoint Manager server in your data center – Includes license for IBM Endpoint Manager for Patch Management • Autowiring - Automatically connects all VMs to your server • IEM scripts run shell commands on a VM’s OS – An easy way to run a script on lots of VMs – Script can contain YUM commands
40 Pattern instance: Updating the OS RedHat OS Update Service (W1500 only) • Makes it easy to run YUM commands • YUM repository contains latest package versions from Red Hat • Run it in a RHEL VM to update the OS Issues • How do you run YUM commands on 100’s of VMs? • How do you run other RHEL or AIX shell commands? IBM Endpoint Manager Service • Write a library of scripts to run on installed OS’s – Scripts can include YUM commands – Run the scripts with IEM server • Use IEM service to find pattern instances’ VMs – Run scripts on those
41 Pattern instance: Updating the middleware Emergency fix • Feature in PureApp, based on script packages • Makes it easy to consistently apply fixes to pattern instances – Fixes to middleware, but can also be OS or application Obtaining • Download from PureSystems Centre • Download fix pack, etc. and package as an emergency fix Using • Add emergency fix to a virtual image • Apply to virtual system or application pattern • Apply to virtual system or application instance
Workload Production Readiness
Pattern Development Deploy, deploy, deploy! • Frequent deployments drive pattern maturity • Daily or weekly deployments • If redeploying the pattern is not easy, your pattern could be improved Versioning is strongly recommended • Lock components and parameters in the patterns • Use version numbers Simplify and lock your assets • Lock as many parameters as you can • Minimize the configuration parameters that your Script Packages • Where possible avoid ordering requirements of Script Packages 43
Virtual System Pattern “Some Pattern v1.0” Add-on “Some Add-on v1.0” Script Package “Some Script Package v1.0” Virtual System Image “IBM OS Image for Red Hat Linux Systems” 1..N 1..N 0..N1 0..N 1..N Pattern Development A virtual system pattern has three sub- components • Script packages • Add-ons • Virtual images (a.k.a. parts) You need a strategy around the lifecycle of script packages and add-ons • PureApp does not provide versioning • Naming is arbitrary, nothing is enforced Recommendation: Use a strict naming policy • Pattern naming – <Project>-<Function>-<major>.<minor>.<patch> – Example : Apollo_SplunkServer_1.0.0 • Script package naming – <TAG>-<PackageName>-<major>.<minor>.<patch> – Example: LOG_SplunkClientInstall_1.0.0 44
Script Packages and Environment Variables Use environment variables instead of arguments for script packages • Environment variables are available from /etc/virtualimage.properties • Source the variables from a shell script #!/bin/sh . /etc/virtualimage.properties • Use fully qualified names for Environment Variables – Ensures that parameters are recognisable and logically grouped at deployment time! 45 { "name": "SiteMinder Configuration", "version": "1.0.0", "description": "This scripts configures SiteMinder and register with Policy Server", "command": "/tmp/siteminder_configuration/configure.sh", "log": "/tmp/siteminder_configuration/logs", "location": "/tmp/siteminder_configuration", "timeout": "0", "commandargs": "", "keys": [ { "scriptkey": "SM.COUNTRY", "scriptvalue": "", "scriptdefaultvalue": "us" }, { "scriptkey": "SM.ENV", "scriptvalue": "", "scriptdefaultvalue": "test" } ] }
Don’t forget… Go-Live Checklist
Go-Live Checklist OS hardened to your enterprise standards External load balancer configured to route traffic Firewall rules in place Enterprise security standards met and known list of IDs VMs sized and resources allocated with enough headroom Monitoring setup and tested Database backup scheduled and in HA mode Patterns locked and stored outside PureApplication System DR and outage procedures in place and tested 47
Questions?
49 We Value Your Feedback Don’t forget to submit your Impact session and speaker feedback! Your feedback is very important to us – we use it to continually improve the conference. • Session number is CSD-2881 Use the Conference Mobile App or the online Agenda Builder to quickly submit your survey • Navigate to “Surveys” to see a view of surveys for sessions you’ve attended 49
Software Services and Support Zone 50 Visit us in the Solution EXPO ibm.com/software/expertise Site features: ü Client successes ü Specialized practices ü Services catalog ü Solution brochures ü Practitioner stories ü Video library ü Social connections ü Consultant profiles ü and more Technology to propel you Expertise to help you Resources to educate you Successes to assure you People to guide you Tuesday, April 29 2:30 PM - 3:45 PM
Other sessions you might be interested in Session # Title Schedule CSD-2039 Organization Structure, Roles, & Responsibilities for IBM PureApplication System Tuesday, Apr 29, 5:00-6:00 PM Venetian-Delfino 4001 A CSD-1803 IBM PureApplication System: Advanced Pattern Troubleshooting, Debugging, & Best Practices Wednesday, Apr 30, 5:00-6:00 PM Venetian-Delfino 4001 A ACU-1445 Moving Workloads into Production on IBM PureApplication System at Dutch Tax & Customs Administration Wednesday, Apr 30, 5:00-6:00 PM Venetian-Delfino 4005 CSD-1410 Multi-product Pattern Creation & Deployment Lab Thursday, May 1, 9:00-11:30 AM Venetian-Murano 3303 CSD-2764 Achieving High Availability & Disaster Recovery in IBM PureApplication System Is Easy Thursday, May 1, 1:00-2:00 PM Venetian-Palazzo K CIF-2073 IBM PureApplication System Backup & Restore Thursday, May 1, 1:00-2:00 PM Venetian-Marcello 4401 A
‚‚ www.ibm.com/support www.ibm.com/developerworks/puresystems www.ibm.com/software/br andcatalog/puresystems/c entre/ Where can I find out about patterns? I can find patterns & updates here! PureSystems Centre www.ibm.com/support/knowled gecenter I can learn to use patterns here! IBM Knowledge Center ‚ I need advice & best practices! www.youtube.com/user/expertintegratedsys/custom ‚ I can watch a pattern video here! YouTube developerWorks ‚ I’ve got a problem with my pattern! Support Portal ibm.com/software/info/pureapplication/community/index.html ‚ I’ve got a question for an expert! Community ‚Or high availability? Or system maintenance? Or…? Join the conversation! Pure info: Find the PureApplication System content you need
Thank You
54 Legal Disclaimer • © IBM Corporation 2014. All Rights Reserved. • The information contained in this publication is provided for informational purposes only. While efforts were made to verify the completeness and accuracy of the information contained in this publication, it is provided AS IS without warranty of any kind, express or implied. In addition, this information is based on IBM’s current product plans and strategy, which are subject to change by IBM without notice. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, this publication or any other materials. Nothing contained in this publication is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. • References in this presentation to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in this presentation may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. Nothing contained in these materials is intended to, nor shall have the effect of, stating or implying that any activities undertaken by you will result in any specific sales, revenue growth or other results. • If the text contains performance statistics or references to benchmarks, insert the following language; otherwise delete: Performance is based on measurements and projections using standard IBM benchmarks in a controlled environment. The actual throughput or performance that any user will experience will vary depending upon many factors, including considerations such as the amount of multiprogramming in the user's job stream, the I/O configuration, the storage configuration, and the workload processed. Therefore, no assurance can be given that an individual user will achieve results similar to those stated here. • If the text includes any customer examples, please confirm we have prior written approval from such customer and insert the following language; otherwise delete: All customer examples described are presented as illustrations of how those customers have used IBM products and the results they may have achieved. Actual environmental costs and performance characteristics may vary by customer. • Please review text for proper trademark attribution of IBM products. At first use, each product name must be the full name and include appropriate trademark symbols (e.g., IBM Lotus® Sametime® Unyte™). Subsequent references can drop “IBM” but should include the proper branding (e.g., Lotus Sametime Gateway, or WebSphere Application Server). Please refer to http://www.ibm.com/legal/copytrade.shtml for guidance on which trademarks require the ® or ™ symbol. Do not use abbreviations for IBM product names in your presentation. All product names must be used as adjectives rather than nouns. Please list all of the trademarks that you use in your presentation as follows; delete any not included in your presentation. IBM, the IBM logo, Lotus, Lotus Notes, Notes, Domino, Quickr, Sametime, WebSphere, UC2, PartnerWorld and Lotusphere are trademarks of International Business Machines Corporation in the United States, other countries, or both. Unyte is a trademark of WebDialogs, Inc., in the United States, other countries, or both. • If you reference Adobe® in the text, please mark the first use and include the following; otherwise delete: Adobe, the Adobe logo, PostScript, and the PostScript logo are either registered trademarks or trademarks of Adobe Systems Incorporated in the United States, and/or other countries. • If you reference Java™ in the text, please mark the first use and include the following; otherwise delete: Java and all Java-based trademarks are trademarks of Sun Microsystems, Inc. in the United States, other countries, or both. • If you reference Microsoft® and/or Windows® in the text, please mark the first use and include the following, as applicable; otherwise delete: Microsoft and Windows are trademarks of Microsoft Corporation in the United States, other countries, or both. • If you reference Intel® and/or any of the following Intel products in the text, please mark the first use and include those that you use as follows; otherwise delete: Intel, Intel Centrino, Celeron, Intel Xeon, Intel SpeedStep, Itanium, and Pentium are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries. • If you reference UNIX® in the text, please mark the first use and include the following; otherwise delete: UNIX is a registered trademark of The Open Group in the United States and other countries. • If you reference Linux® in your presentation, please mark the first use and include the following; otherwise delete: Linux is a registered trademark of Linus Torvalds in the United States, other countries, or both. Other company, product, or service names may be trademarks or service marks of others. • If the text/graphics include screenshots, no actual IBM employee names may be used (even your own), if your screenshots include fictitious company names (e.g., Renovations, Zeta Bank, Acme) please update and insert the following; otherwise delete: All references to [insert fictitious company name] refer to a fictitious company and are used for illustration purposes only.

More Related Content

PPTX
MCSA 70-412 Chapter 11
Computer Networking
 
PPTX
MCSA 70-412 Chapter 10
Computer Networking
 
PPTX
Ibm spectrum scale fundamentals workshop for americas part 1 components archi...
xKinAnx
 
PPTX
Microsoft Offical Course 20410C_12
gameaxt
 
PDF
2689 - Exploring IBM PureApplication System and IBM Workload Deployer Best Pr...
Hendrik van Run
 
PPTX
MCSA 70-412 Chapter 12
Computer Networking
 
PPTX
MCSA Installing & Configuring Windows Server 2012 70-410
omardabbas
 
PPTX
IBM Spectrum Scale Authentication for File Access - Deep Dive
Shradha Nayak Thakare
 
MCSA 70-412 Chapter 11
Computer Networking
 
MCSA 70-412 Chapter 10
Computer Networking
 
Ibm spectrum scale fundamentals workshop for americas part 1 components archi...
xKinAnx
 
Microsoft Offical Course 20410C_12
gameaxt
 
2689 - Exploring IBM PureApplication System and IBM Workload Deployer Best Pr...
Hendrik van Run
 
MCSA 70-412 Chapter 12
Computer Networking
 
MCSA Installing & Configuring Windows Server 2012 70-410
omardabbas
 
IBM Spectrum Scale Authentication for File Access - Deep Dive
Shradha Nayak Thakare
 

What's hot (20)

PPTX
MCSA 70-412 Chapter 02
Computer Networking
 
PPT
Ibm spectrum scale fundamentals workshop for americas part 8 spectrumscale ba...
xKinAnx
 
PPTX
MCSA 70-412 Chapter 09
Computer Networking
 
PPTX
Hyper-V’s Virtualization Enhancements - EPC Group
EPC Group
 
PPTX
Ibm spectrum scale fundamentals workshop for americas part 3 Information Life...
xKinAnx
 
PPTX
Microsoft Offical Course 20410C_11
gameaxt
 
PPTX
MCSA 70-412 Chapter 01
Computer Networking
 
PDF
IBM Spectrum Scale for File and Object Storage
Tony Pearson
 
PDF
My experience with embedding PostgreSQL
Jignesh Shah
 
PPTX
Teradata Partners 2011 - Utilizing Teradata Express For Development And Sandb...
monsonc
 
PPTX
MCSA 70-412 Chapter 07
Computer Networking
 
PPTX
MCSA 70-412 Chapter 04
Computer Networking
 
PPTX
Ibm spectrum scale_backup_n_archive_v03_ash
Ashutosh Mate
 
PPTX
MCSA 70-412 Chapter 05
Computer Networking
 
PPTX
MCSA 70-412 Chapter 06
Computer Networking
 
PPTX
MCSA 70-412 Chapter 03
Computer Networking
 
PPTX
Microsoft Offical Course 20410C_13
gameaxt
 
PDF
PostgreSQL and Benchmarks
Jignesh Shah
 
PDF
Blue Medora Oracle Enterprise Manager (EM12c) Plug-in for PostgreSQL
Blue Medora
 
PDF
Big Lab Problems Solved with Spectrum Scale: Innovations for the Coral Program
inside-BigData.com
 
MCSA 70-412 Chapter 02
Computer Networking
 
Ibm spectrum scale fundamentals workshop for americas part 8 spectrumscale ba...
xKinAnx
 
MCSA 70-412 Chapter 09
Computer Networking
 
Hyper-V’s Virtualization Enhancements - EPC Group
EPC Group
 
Ibm spectrum scale fundamentals workshop for americas part 3 Information Life...
xKinAnx
 
Microsoft Offical Course 20410C_11
gameaxt
 
MCSA 70-412 Chapter 01
Computer Networking
 
IBM Spectrum Scale for File and Object Storage
Tony Pearson
 
My experience with embedding PostgreSQL
Jignesh Shah
 
Teradata Partners 2011 - Utilizing Teradata Express For Development And Sandb...
monsonc
 
MCSA 70-412 Chapter 07
Computer Networking
 
MCSA 70-412 Chapter 04
Computer Networking
 
Ibm spectrum scale_backup_n_archive_v03_ash
Ashutosh Mate
 
MCSA 70-412 Chapter 05
Computer Networking
 
MCSA 70-412 Chapter 06
Computer Networking
 
MCSA 70-412 Chapter 03
Computer Networking
 
Microsoft Offical Course 20410C_13
gameaxt
 
PostgreSQL and Benchmarks
Jignesh Shah
 
Blue Medora Oracle Enterprise Manager (EM12c) Plug-in for PostgreSQL
Blue Medora
 
Big Lab Problems Solved with Spectrum Scale: Innovations for the Coral Program
inside-BigData.com
 
Ad

Similar to CSD-2881 - Achieving System Production Readiness for IBM PureApplication System (20)

PPTX
Hybrid Cloud Tutorial Linkedin 2
David Rilett
 
PPTX
HPC and cloud distributed computing, as a journey
Peter Clapham
 
PPTX
Scaling out Driverless AI with IBM Spectrum Conductor - Kevin Doyle - H2O AI ...
Sri Ambati
 
PDF
SCALE 16x on-prem container orchestrator deployment
Steve Wong
 
PPTX
New Ceph capabilities and Reference Architectures
Kamesh Pemmaraju
 
PPTX
Software Defined Storage, Big Data and Ceph - What Is all the Fuss About?
Red_Hat_Storage
 
PPTX
2014-09-15 cloud platform master class
Citrix
 
PDF
IBM MQ - High Availability and Disaster Recovery
MarkTaylorIBM
 
PDF
CloudStack - LinuxFest NorthWest
ke4qqq
 
PPTX
BITIC-27 Proyecto 3 BITIC 3 2021 Andres Labera Failover-Cluster.pptx
RodrigoOrtz4
 
PPTX
virtualization-vs-containerization-paas
rajdeep
 
PDF
OpenStack Infrastructure at any Scale - Simple is BEST!? - - OpenStack最新情報セミ...
VirtualTech Japan Inc.
 
PDF
Oracle Cloud DBaaS
Arush Jain
 
PDF
Cloud stack for_beginners
Radhika Puthiyetath
 
PDF
Latest (storage IO) patterns for cloud-native applications
OpenEBS
 
PPTX
Ceph Day New York 2014: Best Practices for Ceph-Powered Implementations of St...
Ceph Community
 
PDF
12-Factor Apps
Siva Rama Krishna Chunduru
 
PDF
MySQL Day Paris 2018 - MySQL InnoDB Cluster; A complete High Availability sol...
Olivier DASINI
 
PDF
TechEvent 2019: Create a Private Database Cloud in the Public Cloud using the...
Trivadis
 
PPT
Deploying Big-Data-as-a-Service (BDaaS) in the Enterprise
Big-Data-as-a-Service (BDaaS) Meetup
 
Hybrid Cloud Tutorial Linkedin 2
David Rilett
 
HPC and cloud distributed computing, as a journey
Peter Clapham
 
Scaling out Driverless AI with IBM Spectrum Conductor - Kevin Doyle - H2O AI ...
Sri Ambati
 
SCALE 16x on-prem container orchestrator deployment
Steve Wong
 
New Ceph capabilities and Reference Architectures
Kamesh Pemmaraju
 
Software Defined Storage, Big Data and Ceph - What Is all the Fuss About?
Red_Hat_Storage
 
2014-09-15 cloud platform master class
Citrix
 
IBM MQ - High Availability and Disaster Recovery
MarkTaylorIBM
 
CloudStack - LinuxFest NorthWest
ke4qqq
 
BITIC-27 Proyecto 3 BITIC 3 2021 Andres Labera Failover-Cluster.pptx
RodrigoOrtz4
 
virtualization-vs-containerization-paas
rajdeep
 
OpenStack Infrastructure at any Scale - Simple is BEST!? - - OpenStack最新情報セミ...
VirtualTech Japan Inc.
 
Oracle Cloud DBaaS
Arush Jain
 
Cloud stack for_beginners
Radhika Puthiyetath
 
Latest (storage IO) patterns for cloud-native applications
OpenEBS
 
Ceph Day New York 2014: Best Practices for Ceph-Powered Implementations of St...
Ceph Community
 
12-Factor Apps
Siva Rama Krishna Chunduru
 
MySQL Day Paris 2018 - MySQL InnoDB Cluster; A complete High Availability sol...
Olivier DASINI
 
TechEvent 2019: Create a Private Database Cloud in the Public Cloud using the...
Trivadis
 
Deploying Big-Data-as-a-Service (BDaaS) in the Enterprise
Big-Data-as-a-Service (BDaaS) Meetup
 
Ad

More from Hendrik van Run (18)

PDF
Open shift deployment review getting ready for day 2 operations
Hendrik van Run
 
PDF
WSI35 - WebSphere Extreme Scale Customer Scenarios and Use Cases
Hendrik van Run
 
PDF
WSI33 - Advanced Performance Tactics for IBM WebSphere Application Server
Hendrik van Run
 
PDF
WSI32 - IBM WebSphere Performance Fundamentals
Hendrik van Run
 
PDF
W23 - Advanced Performance Tactics for WebSphere Performance
Hendrik van Run
 
PDF
W22 - WebSphere Performance for Multicore and Virtualised Platforms
Hendrik van Run
 
PDF
2596 - Integrating PureApplication System Into Your Network
Hendrik van Run
 
PDF
1457 - Reviewing Experiences from the PureExperience Program
Hendrik van Run
 
PDF
ACU-1445 - Bringing workloads into production on PureApplication System
Hendrik van Run
 
PDF
CIT-2697 - Customer Success Stories with IBM PureApplication System
Hendrik van Run
 
PDF
CIN-2650 - Cloud adoption! Enforcer to transform your organization around peo...
Hendrik van Run
 
PDF
IC6284A - The Art of Choosing the Best Cloud Solution
Hendrik van Run
 
PDF
C219 - Docker and PureApplication Patterns: Better Together
Hendrik van Run
 
PDF
PAD-3126 - Evolving the DevOps Organization around IBM PureApplication System...
Hendrik van Run
 
PDF
C418 - Build, Deploy and Manage Your First Open Pattern with PureApplication ...
Hendrik van Run
 
PDF
7450A - CRONOS helping ENGIE adopting Private Cloud with Bluemix Local System
Hendrik van Run
 
PDF
IBM Cloud University 2017 session BLUE010 - How Dutch Tax Built Their Core Bu...
Hendrik van Run
 
PDF
IBM Think 2019 session 2116 - Best practices for operating and managing a pro...
Hendrik van Run
 
Open shift deployment review getting ready for day 2 operations
Hendrik van Run
 
WSI35 - WebSphere Extreme Scale Customer Scenarios and Use Cases
Hendrik van Run
 
WSI33 - Advanced Performance Tactics for IBM WebSphere Application Server
Hendrik van Run
 
WSI32 - IBM WebSphere Performance Fundamentals
Hendrik van Run
 
W23 - Advanced Performance Tactics for WebSphere Performance
Hendrik van Run
 
W22 - WebSphere Performance for Multicore and Virtualised Platforms
Hendrik van Run
 
2596 - Integrating PureApplication System Into Your Network
Hendrik van Run
 
1457 - Reviewing Experiences from the PureExperience Program
Hendrik van Run
 
ACU-1445 - Bringing workloads into production on PureApplication System
Hendrik van Run
 
CIT-2697 - Customer Success Stories with IBM PureApplication System
Hendrik van Run
 
CIN-2650 - Cloud adoption! Enforcer to transform your organization around peo...
Hendrik van Run
 
IC6284A - The Art of Choosing the Best Cloud Solution
Hendrik van Run
 
C219 - Docker and PureApplication Patterns: Better Together
Hendrik van Run
 
PAD-3126 - Evolving the DevOps Organization around IBM PureApplication System...
Hendrik van Run
 
C418 - Build, Deploy and Manage Your First Open Pattern with PureApplication ...
Hendrik van Run
 
7450A - CRONOS helping ENGIE adopting Private Cloud with Bluemix Local System
Hendrik van Run
 
IBM Cloud University 2017 session BLUE010 - How Dutch Tax Built Their Core Bu...
Hendrik van Run
 
IBM Think 2019 session 2116 - Best practices for operating and managing a pro...
Hendrik van Run
 

Recently uploaded (20)

PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
PPTX
Machine Learning_overview_presentation.pptx
kondavamsidharreddy2
 
PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
PPTX
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
PPTX
ACSFv1EN-58255 AWS Academy Cloud Security Foundations.pptx
23bcla24
 
PDF
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
DOCX
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
PDF
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
PPTX
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
PDF
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
PPTX
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
PDF
Encapsulation theory and applications.pdf
gurumoop
 
PDF
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
PDF
A comparative analysis of optical character recognition models for extracting...
IAESIJAI
 
PDF
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
PPT
Teaching material agriculture food technology
LiaRayya
 
PDF
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
PPT
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
PDF
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
PDF
Assigned Numbers - 2025 - Bluetooth® Document
Bloombase
 
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
Machine Learning_overview_presentation.pptx
kondavamsidharreddy2
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
ACSFv1EN-58255 AWS Academy Cloud Security Foundations.pptx
23bcla24
 
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
20250228 LYD VKU AI Blended-Learning.pptx
DatVoNgoc
 
Encapsulation theory and applications.pdf
gurumoop
 
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
A comparative analysis of optical character recognition models for extracting...
IAESIJAI
 
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
Teaching material agriculture food technology
LiaRayya
 
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
Assigned Numbers - 2025 - Bluetooth® Document
Bloombase
 

CSD-2881 - Achieving System Production Readiness for IBM PureApplication System

  • 1. © 2014 IBM Corporation Achieving System Production Readiness for IBM PureApplication System Session CSD-2881 Hendrik van Run hvanrun@uk.ibm.com Bobby Woolf bwoolf@us.ibm.com
  • 2. 2 Please Note IBM’s statements regarding its plans, directions, and intent are subject to change or withdrawal without notice at IBM’s sole discretion. Information regarding potential future products is intended to outline our general product direction and it should not be relied on in making a purchasing decision. The information mentioned regarding potential future products is not a commitment, promise, or legal obligation to deliver any material, code or functionality. Information about potential future products may not be incorporated into any contract. The development, release, and timing of any future features or functionality described for our products remains at our sole discretion. Performance is based on measurements and projections using standard IBM benchmarks in a controlled environment. The actual throughput or performance that any user will experience will vary depending upon many factors, including considerations such as the amount of multiprogramming in the user’s job stream, the I/O configuration, the storage configuration, and the workload processed. Therefore, no assurance can be given that an individual user will achieve results similar to those stated here.
  • 4. 4 Agenda System production readiness • Cloud environment • Authentication and authorization • Monitoring • Backup and restore • Update management Pattern production readiness Go-live checklist
  • 6. 6 Cloud Environment Features Types of system resources • Compute node – Computer hardware with CPU and memory • IP group – A set of IP addresses, their VLAN ID, and other network settings • Cloud group – One or more compute nodes bundled with one or more IP groups • Environment profile – Policy for deploying patterns into cloud groups – Allocates resources for logical isolation of pattern instances • User group – A list of users in the same role
  • 7. 7 Network Isolation Each application data network is a VLAN inside the system • Layer-2 • VLAN provides network segregation/isolation • The top of rack switches map the VLANs onto network ports An IP group represents a network with a pool of IP addresses • Layer-3 • Provides networking resources for VMs • Associated with application data network (VLAN) • All IP addresses have to be registered in DNS – Forward and Reverse lookups! – If multiple DNS servers, mappings must match
  • 8. Computational Isolation A cloud group contains one or more compute nodes • Provides CPU and memory resources for VMs • Multiple compute nodes required for HA capabilities of VMs • One or more IP groups required in each cloud group • Cloud groups provide all resources for VMs to be deployed – CPU and memory resources – Networking resources An environment profiles provide fine-grained control • Controls deployment to a cloud group • Allows resource limits to be set
  • 9. 9 Cloud Groups and High Availability Each cloud group should contain multiple compute nodes • Provides HA: VMs can failover from one compute node to another • More details on next slide Select compute nodes distributed amongst chassis • Distributes cloud group across chassis • Select – Different chassis (42u PureApp) – Different sides (W1500 Intel)
  • 10. Cloud Groups and High Availability HA can be enabled for a cloud group that consists of two or more compute nodes • Enable “reserve resources for availability” on the cloud group • Ensures sufficient space is available for failover of all VMs • Also provides benefit when applying maintenance (planned failover) Reserving resources reduces available capacity • Reserves space in the cloud group equivalent to one compute node – Reserves 1/n of the resources on each compute node – In a cloud group with two compute nodes, capacity is reduced 50% 10 8 physical cores 128 GB memory (reserved) 8 physical cores 128 GB memory (reserved) Compute Node with total capacity of 16 physical cores and 256 GB of memory Cloud Group with HA enabled, total capacity is 16 cores and 256 GB of memory
  • 11. Cloud Groups and Capacity Cloud groups determine mapping of virtual onto physical resources • A virtual machine uses vCPUs and memory • Cloud group type determines CPU overcommit ratio (vCPUs:pCore) – Dedicated – 1:1 ratio – Average – 8:1 ratio (W1500 Intel); 10:1 ratio (W1700 Power) Example: Cloud group with two compute nodes on W1500 (Intel) • Note: A single VM runs within a single compute node • Compute nodes’ capacity depends on cloud group’s HA setting • Note: The table below does not take into account ESXi Hypervisor overhead – 10% of the cores and 6 GB of memory are reserved on each compute node – There is also a small memory footprint that ESXi allocates for each VM 11 Cloud Group Type HA enabled Virtual CPUs Physical cores Memory (GB) Maximum resources single VM Dedicated Yes 16 16 256 8 vCPUs/128 GB Dedicated No 32 32 512 16 vCPUs/256 GB Average Yes 128 16 256 64 vCPUs/128 GB Average No 256 32 512 128 vCPUs/256 GB
  • 12. 12 Isolate Production from Dev/Test/Acceptance Separate the environment for production applications • Separate cloud group for production – Separate from dev, test, etc. – Consider cloud group type “Dedicated” to avoid resource contention • Separate VLANs – Its IP groups should use VLANs not used for other cloud groups Allocate resources • Use environment profile limits to subdivide a cloud group • Limit CPU, memory, and storage • Limit product licenses by product • Limit IP addresses – Use separate IP groups on the same VLAN – Limit which environment profiles can use which IP groups
  • 13. 13 Isolate Applications’ Network Traffic Consider using VLANs to separate applications’ network traffic • Isolates the network traffic for each set of applications • If two applications need to communicate – Put them on the same VLAN for communication inside the system – Put them on different VLANs and bridge those outside the system • To separate them, deploy them using separate IP groups – The IP groups should use separate VLANs Consider physically isolate VLANs • Good examples include – High-volumes online applications – Network for backups • Top of Rack switches (ToRs) provide physical network connection – One or more VLANs are assigned to each aggregated link – Each aggregated link uses its own set of ports on the TORs – Total of 16 ports on each TOR (ports 41-56) at up to 10 Gbps – Example: aggregated link using ports 41-42 on both TORs
  • 14. Environment Profiles - Limits Limit the resources available for deployments • Virtual CPU • Memory • Disk 14
  • 15. 15 Environment Profiles - Authorization Use separate environment profiles just for production • An environment profile’s deploy to cloud groups setting – Should only specify the Prod cloud group – Shouldn’t specify the Prod cloud group and other cloud groups Use separate user group just for deploying into production • Create a user group: ProdDeployers • Only add users who should deploy production applications Limit other users and user groups • Any with write or all access also have read access • Any with read access can deploy into production
  • 16. 16 Use priorities to handle contention Priorities break ties when contention occurs • Order to failover VMs between compute nodes • How to ration overcommitted CPU – Average type cloud group only • Order of concurrent pattern deployments Priority set in two parts • Environment profile deployment priority – Platinum-Bronze • Deployer deployment priority – High-Low • Weights – Shown in env. profile – 16-1
  • 18. Security and Permissions Configure an external LDAP server for user authentication • Use user groups in external LDAP server for group membership • Configure group permissions in IBM PureApplication System Protect system from attacks on the well-known default account • The default account is granted all the security roles • The default account cannot be disabled! Best practice: change the name and password of the default account • Change the default account name using CLI • Change the default account password to a strong password 18
  • 19. 19 External LDAP User Registry Use an external user registry • LDAP protocol • Existing one in data center External user registry • Defines users • Defines groups • Defines membership Superior to internal one • Better authentication • Better password mgmt • Separately administered Internal one defines authorization • Maps groups to security roles
  • 20. 20 Security Roles Hardware administration Auditing Cloud group administration Security administration Workload resources administration Create new environment profiles Create new catalog content Create new patterns IBM License Metric Tool (ILMT) Deploy patterns in the cloud Administrators Workload Management
  • 21. 21 Workload Component Access Control Access granted to • Component grants access to one or more users • Creator is automatically owner, gets All access • Other users are granted a level of access Access levels • Read – Read only • Write – Read + change • All – Write + delete + grant access Read • View in lists • Pattern: Clone, deploy • Environment profile: Deploy Write • Pattern instance: manage its lifecycle – Start, stop, store Any user can deploy a pattern • No security role for deployment • Deploy patterns in the cloud is an implied role • Need read access to the pattern • Need read access to the environment profile
  • 22. 22 Catalog Content Access Control Managing Patterns Clone, edit, and lock a pattern • Requires role Workload Management > Create new patterns • Requires write permissions on the pattern Delete a pattern • Requires role Workload Management > Create new patterns • Requires all permissions on the pattern Managing Other Catalog Content Environment profile • Requires role Workload Management > Create new environment profiles Catalog content • Requires Workload Management > Create new catalog content Managing Deployed Pattern Instances User who deployed the instance is the owner and has all permissions Other users or groups can be assigned instance permissions (read, write or all) The following roles provide permissions across all instances • Workload resources administration > View all workload resources (Read-only) • Workload resources administration > Manager workload resources(Full permission)
  • 23. 23 External Audit Logging Audit log • Tracks administrator actions • Tracks user directory changes Use external audit logging • Log files copied to external server (SCP) • Keeps logs from filling up • Keeps logs secure on separate server
  • 25. 25 Events and Problems Logs Events • System Console > System > Events • ITM situations that are significant • Type: Different kinds of components like compute node and virtual machine • Severity: Fatal, Critical, Major, Minor, Warning, etc. • Category: Alert, Resolution, Call support, and Customer serviceable Problems • System Console > System > Problems • Events with the “Call support” category • Additional details suitable for adding to a PMR
  • 26. 26 Event Forwarding SNMP traps can be set to forward events for external monitoring • System Console > System > Settings > Event Forwarding • System Identification describes the source of the events • Trap Destinations specify SNMP listener clients • Each trap can filter events by severity • Events (from the event log) are forwarded to the traps External PureApplication System Agent • Can be installed in existing ITM server Additional support for IBM Tivoli Monitoring • MIB and OMNIbus rules
  • 27. 27 TEM AgentTEM AgentTEM Agent Workload Monitoring Shared Services Shared services must be deployed to enable workload monitoring • Enables the monitor link on the VM listed in the workload console Four workload monitoring shared services 1. System Monitoring (ITM-Hub-TEMS and OS-level monitoring) 2. System Monitoring for HTTP Servers (ITCAM for HTTP) 3. System Monitoring for WebSphere Application Server (ITCAM for WAS) 4. Database Performance Monitoring (InfoSphere Optim) Workload monitoring shared services • Patterns included as part of PureApp • Instances need to be deployed to each cloud group PureApplication System Monitoring Portal • A.k.a. Tivoli Enterprise Portal (TEP) • Part of Smart Cloud Monitoring, f.n.a. IBM Tivoli Monitoring (ITM) • Java GUI that connects to the System Monitoring shared service • Opened by the various “endpoint” and “monitoring” links Hub-TEMS (Tivoli Enterprise Monitoring Server) TEPS (Tivoli Enterprise Portal Server) TEP (Tivoli Enterprise Portal)
  • 28. 28 Monitoring Best Practices Watch (monitor!) the Events Log and Problems Log • Check it/them daily for new high-severity events • External monitoring is even better Configure external monitoring • Connect PureApp to your enterprise monitoring • Use SNMP traps to forward PureApp events • MIB and OMNIbus rules are even better Configure middleware monitoring • Deploy monitoring shared services • System Monitoring service can be internal or external – Internal: Service runs ITM-Hub-TEMS, ITM-Remote, and ITM-Data- Warehouse – External: Service runs ITM-Remote connected to your external ITM- Hub-TEMS
  • 30. 30 Categories of Data Management • Setup and configuration data Cloud Environment • IP groups and cloud groups Workload Catalog • Images, patterns, components Workload • Pattern instances Application • State of running applications
  • 31. 31 Backup Tasks System backup • Product feature, creates a monolithic snapshot – Backup of: Management, cloud environment, and workload catalog – But not of: Virtual images, workloads, or application data • Optional component backup exports workload catalog Configuration scripts • Custom CLI scripts to create sys config and cloud environment Component export • CLI scripts to write workload components to disk • Corresponding CLI scripts to read them in again Application data backup • Captures the state of an application, such as databases • Backup software (like Tivoli Storage Manager) • Same as applications on traditional hardware
  • 32. 32 Backup Best Practices Run system backup and include component backup • Schedule it to automatically run daily Implement CLI scripts to create the cloud environment • Keep the scripts and properties files in SCM Export all workload components • When developers edit a component, export it • Or export all components daily or weekly • Keep exported files in SCM Backup application data • Perform on a regular basis, such as daily or weekly • Needed when you redeploy a pattern – Ex: Migrating to a new version of a production application
  • 33. 33 Recovery Scenarios Scenario #1: Restore application data • Use backup program to restore the backup Scenario #2: Restore workloads selectively • Redeploy the pattern and restore its application data backup Scenario #3: Restore system or workload components selectively • Use the CLI to delete the components and import their backup • Import workload components from the system backup Scenario #4: Recover when one PSM fails • IBM CE will restore the non-functional PSM from its peer Scenario #5: Recover when both PureSystems Managers fail • IBM CE will restore both PSMs using the system backup
  • 35. 35 Types of Updates System update • New version of component firmware and PSM software Group fix • New version of patterns for shared services Virtual image and pattern update • New versions of middleware patterns and parts • New versions of Base OS images • New versions of virtual application pattern types and plug-ins Emergency fix • Middleware fix packs, applied to pattern instances Updates available from PureSystems Centre
  • 36. 36 System Update New version or fixpack of the system software • Updates v1.0 to v1.1, or v1.1.0.1 to v1.1.0.2, etc. • Update performed by IBM CE • Updates firmware in all hardware components (as necessary) • Updates the system management software running in the PSM Details • Schedule during light usage • No overall outage – All workloads remain available – PSM (Console, CLI, REST) is periodically unavailable • Best practice: Reserve resources for availability – Make sure High availability is active • Make sure system HA is active – System Console > System > Troubleshooting > High Availability
  • 37. 37 Group Fix New version of pattern types for virtual applications • Shared services are virtual application patterns • Upgrades the version of selected patterns Roles • Load and update performed by Workload administrator • Deploy performed by Cloud administrator Dependencies – Before deploying/upgrading shared services • Install System Update • Load Base OS updates • Load pattern types and plug-ins Deploy updated service • Use Check for upgrades to update each service instance
  • 38. 38 Virtual image and pattern update New versions of entitled workload catalog components What’s included • Includes updates of middleware patterns and parts – Base OS images (RHEL, AIX) – Virtual system patterns (WAS, DB2, etc.) and parts – Virtual application pattern types (Web App Pattern Type) and plug-ins • Updates to non-entitled patterns (BPM, Portal, etc.) are separate Roles • Load and update performed by Workload administrator Dependencies • These updates are independent of system updates and group fixes Deployment • Update your patterns to use the new components
  • 39. 39 Update Services RedHat OS Update Service (W1500 only) • Implements a YUM repository of packages from Red Hat – Implements Red Hat Update Infrastructure (RHUI) – Repository of Red Hat Package Manager (RPM) packages – Enables running YUM commands (Yellowdog Updater, Modified) • Use YUM commands to update RHEL in the VMs – Autowiring - Automatically connects all VMs to the repository IBM Endpoint Manager Service • Proxy for IBM Endpoint Manager server in your data center – Includes license for IBM Endpoint Manager for Patch Management • Autowiring - Automatically connects all VMs to your server • IEM scripts run shell commands on a VM’s OS – An easy way to run a script on lots of VMs – Script can contain YUM commands
  • 40. 40 Pattern instance: Updating the OS RedHat OS Update Service (W1500 only) • Makes it easy to run YUM commands • YUM repository contains latest package versions from Red Hat • Run it in a RHEL VM to update the OS Issues • How do you run YUM commands on 100’s of VMs? • How do you run other RHEL or AIX shell commands? IBM Endpoint Manager Service • Write a library of scripts to run on installed OS’s – Scripts can include YUM commands – Run the scripts with IEM server • Use IEM service to find pattern instances’ VMs – Run scripts on those
  • 41. 41 Pattern instance: Updating the middleware Emergency fix • Feature in PureApp, based on script packages • Makes it easy to consistently apply fixes to pattern instances – Fixes to middleware, but can also be OS or application Obtaining • Download from PureSystems Centre • Download fix pack, etc. and package as an emergency fix Using • Add emergency fix to a virtual image • Apply to virtual system or application pattern • Apply to virtual system or application instance
  • 43. Pattern Development Deploy, deploy, deploy! • Frequent deployments drive pattern maturity • Daily or weekly deployments • If redeploying the pattern is not easy, your pattern could be improved Versioning is strongly recommended • Lock components and parameters in the patterns • Use version numbers Simplify and lock your assets • Lock as many parameters as you can • Minimize the configuration parameters that your Script Packages • Where possible avoid ordering requirements of Script Packages 43
  • 44. Virtual System Pattern “Some Pattern v1.0” Add-on “Some Add-on v1.0” Script Package “Some Script Package v1.0” Virtual System Image “IBM OS Image for Red Hat Linux Systems” 1..N 1..N 0..N1 0..N 1..N Pattern Development A virtual system pattern has three sub- components • Script packages • Add-ons • Virtual images (a.k.a. parts) You need a strategy around the lifecycle of script packages and add-ons • PureApp does not provide versioning • Naming is arbitrary, nothing is enforced Recommendation: Use a strict naming policy • Pattern naming – <Project>-<Function>-<major>.<minor>.<patch> – Example : Apollo_SplunkServer_1.0.0 • Script package naming – <TAG>-<PackageName>-<major>.<minor>.<patch> – Example: LOG_SplunkClientInstall_1.0.0 44
  • 45. Script Packages and Environment Variables Use environment variables instead of arguments for script packages • Environment variables are available from /etc/virtualimage.properties • Source the variables from a shell script #!/bin/sh . /etc/virtualimage.properties • Use fully qualified names for Environment Variables – Ensures that parameters are recognisable and logically grouped at deployment time! 45 { "name": "SiteMinder Configuration", "version": "1.0.0", "description": "This scripts configures SiteMinder and register with Policy Server", "command": "/tmp/siteminder_configuration/configure.sh", "log": "/tmp/siteminder_configuration/logs", "location": "/tmp/siteminder_configuration", "timeout": "0", "commandargs": "", "keys": [ { "scriptkey": "SM.COUNTRY", "scriptvalue": "", "scriptdefaultvalue": "us" }, { "scriptkey": "SM.ENV", "scriptvalue": "", "scriptdefaultvalue": "test" } ] }
  • 47. Go-Live Checklist OS hardened to your enterprise standards External load balancer configured to route traffic Firewall rules in place Enterprise security standards met and known list of IDs VMs sized and resources allocated with enough headroom Monitoring setup and tested Database backup scheduled and in HA mode Patterns locked and stored outside PureApplication System DR and outage procedures in place and tested 47
  • 49. 49 We Value Your Feedback Don’t forget to submit your Impact session and speaker feedback! Your feedback is very important to us – we use it to continually improve the conference. • Session number is CSD-2881 Use the Conference Mobile App or the online Agenda Builder to quickly submit your survey • Navigate to “Surveys” to see a view of surveys for sessions you’ve attended 49
  • 50. Software Services and Support Zone 50 Visit us in the Solution EXPO ibm.com/software/expertise Site features: ü Client successes ü Specialized practices ü Services catalog ü Solution brochures ü Practitioner stories ü Video library ü Social connections ü Consultant profiles ü and more Technology to propel you Expertise to help you Resources to educate you Successes to assure you People to guide you Tuesday, April 29 2:30 PM - 3:45 PM
  • 51. Other sessions you might be interested in Session # Title Schedule CSD-2039 Organization Structure, Roles, & Responsibilities for IBM PureApplication System Tuesday, Apr 29, 5:00-6:00 PM Venetian-Delfino 4001 A CSD-1803 IBM PureApplication System: Advanced Pattern Troubleshooting, Debugging, & Best Practices Wednesday, Apr 30, 5:00-6:00 PM Venetian-Delfino 4001 A ACU-1445 Moving Workloads into Production on IBM PureApplication System at Dutch Tax & Customs Administration Wednesday, Apr 30, 5:00-6:00 PM Venetian-Delfino 4005 CSD-1410 Multi-product Pattern Creation & Deployment Lab Thursday, May 1, 9:00-11:30 AM Venetian-Murano 3303 CSD-2764 Achieving High Availability & Disaster Recovery in IBM PureApplication System Is Easy Thursday, May 1, 1:00-2:00 PM Venetian-Palazzo K CIF-2073 IBM PureApplication System Backup & Restore Thursday, May 1, 1:00-2:00 PM Venetian-Marcello 4401 A
  • 52. ‚‚ www.ibm.com/support www.ibm.com/developerworks/puresystems www.ibm.com/software/br andcatalog/puresystems/c entre/ Where can I find out about patterns? I can find patterns & updates here! PureSystems Centre www.ibm.com/support/knowled gecenter I can learn to use patterns here! IBM Knowledge Center ‚ I need advice & best practices! www.youtube.com/user/expertintegratedsys/custom ‚ I can watch a pattern video here! YouTube developerWorks ‚ I’ve got a problem with my pattern! Support Portal ibm.com/software/info/pureapplication/community/index.html ‚ I’ve got a question for an expert! Community ‚Or high availability? Or system maintenance? Or…? Join the conversation! Pure info: Find the PureApplication System content you need
  • 54. 54 Legal Disclaimer • © IBM Corporation 2014. All Rights Reserved. • The information contained in this publication is provided for informational purposes only. While efforts were made to verify the completeness and accuracy of the information contained in this publication, it is provided AS IS without warranty of any kind, express or implied. In addition, this information is based on IBM’s current product plans and strategy, which are subject to change by IBM without notice. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, this publication or any other materials. Nothing contained in this publication is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. • References in this presentation to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in this presentation may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. Nothing contained in these materials is intended to, nor shall have the effect of, stating or implying that any activities undertaken by you will result in any specific sales, revenue growth or other results. • If the text contains performance statistics or references to benchmarks, insert the following language; otherwise delete: Performance is based on measurements and projections using standard IBM benchmarks in a controlled environment. The actual throughput or performance that any user will experience will vary depending upon many factors, including considerations such as the amount of multiprogramming in the user's job stream, the I/O configuration, the storage configuration, and the workload processed. Therefore, no assurance can be given that an individual user will achieve results similar to those stated here. • If the text includes any customer examples, please confirm we have prior written approval from such customer and insert the following language; otherwise delete: All customer examples described are presented as illustrations of how those customers have used IBM products and the results they may have achieved. Actual environmental costs and performance characteristics may vary by customer. • Please review text for proper trademark attribution of IBM products. At first use, each product name must be the full name and include appropriate trademark symbols (e.g., IBM Lotus® Sametime® Unyte™). Subsequent references can drop “IBM” but should include the proper branding (e.g., Lotus Sametime Gateway, or WebSphere Application Server). Please refer to http://www.ibm.com/legal/copytrade.shtml for guidance on which trademarks require the ® or ™ symbol. Do not use abbreviations for IBM product names in your presentation. All product names must be used as adjectives rather than nouns. Please list all of the trademarks that you use in your presentation as follows; delete any not included in your presentation. IBM, the IBM logo, Lotus, Lotus Notes, Notes, Domino, Quickr, Sametime, WebSphere, UC2, PartnerWorld and Lotusphere are trademarks of International Business Machines Corporation in the United States, other countries, or both. Unyte is a trademark of WebDialogs, Inc., in the United States, other countries, or both. • If you reference Adobe® in the text, please mark the first use and include the following; otherwise delete: Adobe, the Adobe logo, PostScript, and the PostScript logo are either registered trademarks or trademarks of Adobe Systems Incorporated in the United States, and/or other countries. • If you reference Java™ in the text, please mark the first use and include the following; otherwise delete: Java and all Java-based trademarks are trademarks of Sun Microsystems, Inc. in the United States, other countries, or both. • If you reference Microsoft® and/or Windows® in the text, please mark the first use and include the following, as applicable; otherwise delete: Microsoft and Windows are trademarks of Microsoft Corporation in the United States, other countries, or both. • If you reference Intel® and/or any of the following Intel products in the text, please mark the first use and include those that you use as follows; otherwise delete: Intel, Intel Centrino, Celeron, Intel Xeon, Intel SpeedStep, Itanium, and Pentium are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries. • If you reference UNIX® in the text, please mark the first use and include the following; otherwise delete: UNIX is a registered trademark of The Open Group in the United States and other countries. • If you reference Linux® in your presentation, please mark the first use and include the following; otherwise delete: Linux is a registered trademark of Linus Torvalds in the United States, other countries, or both. Other company, product, or service names may be trademarks or service marks of others. • If the text/graphics include screenshots, no actual IBM employee names may be used (even your own), if your screenshots include fictitious company names (e.g., Renovations, Zeta Bank, Acme) please update and insert the following; otherwise delete: All references to [insert fictitious company name] refer to a fictitious company and are used for illustration purposes only.