IBM Tivoli Monitoring: Administrator's Guide Synchronizing Situation Events
Total Page:16
File Type:pdf, Size:1020Kb
IBM Tivoli Monitoring Version 6.3 Administrator's Guide SC22-5446-00 IBM Tivoli Monitoring Version 6.3 Administrator's Guide SC22-5446-00 Note Before using this information and the product it supports, read the information in “Notices” on page 571. This edition applies to version 6, release 3 of IBM Tivoli Monitoring (product number 5724-C04) and to all subsequent releases and modifications until otherwise indicated in new editions. © Copyright IBM Corporation 2005, 2013. US Government Users Restricted Rights – Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp. Contents Figures ...............ix Creating custom dashboard pages that display monitoring data .............51 Tables ...............xi Controlling UISolutions imports .......53 About this information........xiii Chapter 4. Editing your environment configuration settings ........55 Chapter 1. Introduction ........1 Tivoli Enterprise Portal client configuration settings 55 Editing the client parameters .......55 New in this release ............1 Portal client parameter list ........56 New in Version 6.3 ...........1 Enabling the HTTP proxy server ......62 IBM Tivoli Monitoring family of products ....4 Setting application properties for Linux and Tivoli Management Services components .....5 UNIX systems ............63 Tivoli Enterprise Portal client .........7 Setting the environment variable when the hub is Desktop, Browser, and Java Web Start clients . 7 on a z/OS system ...........64 Historical data collection .........8 Tivoli Enterprise Portal Server configuration settings 65 System administrator tasks ........9 Editing the portal server environment file . 65 Performance Monitoring service provider.....9 Portal server environment variables .....66 Pruning events on the portal server database . 67 Chapter 2. Preparing your Tivoli Controlling the size of event attachments . 68 Enterprise Portal environment ....13 Controlling the number of logon attempts . 69 Browser client .............13 Tivoli Enterprise Monitoring Server configuration Java runtime environment (JRE) versions . 13 settings ................70 First time logon ............13 Editing the monitoring server environment file 70 Internet Explorer security settings ......14 Duper process for optimizing situations ....71 Windows write and delete privileges .....14 Tivoli Enterprise Monitoring Automation Server Adding your company logo and URL ....15 configuration settings ...........73 Starting the Tivoli Enterprise Portal client ....15 Editing the Tivoli Enterprise Monitoring Using Web Start to download and run the desktop Automation Server ...........73 client ................16 Installing the IBM JRE ..........17 Chapter 5. Enabling user authentication 75 Enabling tracing for the JRE ........18 User authentication through the hub monitoring Downloading and running the desktop client . 19 server ................78 Manually creating a shortcut for the Web Start Prerequisites for configuring authentication on client ...............20 the hub monitoring server ........78 Starting the desktop client on another portal server 21 Configuration procedure .........80 Starting the browser client on another portal server 22 Ldapsearch for LDAP information ......82 Specifying the browser used for Launch Application LDAP user authentication through the portal server 85 and for online help ............23 Prerequisites for configuring LDAP Add operating platforms to the Navigator view . 25 authentication on the portal server .....85 About single sign-on ..........88 Chapter 3. Preparing your dashboard Roadmap for setting up the portal server to use environment ............27 an LDAP user registry and single sign-on . 90 Roadmaps ...............27 Using Manage Tivoli Enterprise Monitoring Setting up a basic monitoring environment Services to configure the portal server for LDAP without single sign-on and without per user authentication ............93 authorization controls ..........27 Using the Linux or UNIX command line to Setting up a monitoring dashboard environment configure the portal server for LDAP with single sign-on and with per user authentication ............97 authorization controls ..........31 Using the TEPS/e administration console . 99 Migrating a basic monitoring dashboard Mapping Tivoli Enterprise Portal user IDs to environment to a dashboard environment with LDAP distinguished names........106 single sign-on and per user authorization Reconfiguring the browser client for SSO . 108 controls...............42 Importing and exporting LTPA keys .....108 Creating a connection to the IBM Tivoli Monitoring Managing new LDAP users .......110 dashboard data provider ..........48 © Copyright IBM Corp. 2005, 2013 iii Disabling LDAP authentication on the portal Deployment scenarios .........186 server ...............111 Creating policies for specific IBM Tivoli Migrating LDAP authentication from the Monitoring domains ..........188 monitoring server to the portal server .....112 Authentication through the Tivoli Enterprise Chapter 8. Securing communications 193 Monitoring Automation Server .......113 Configuring TLS/SSL communication between the LDAP user authentication using Microsoft Active hub monitoring server and the LDAP server . 196 Directory ...............114 Configuring TLS/SSL communication between Before you begin ...........115 Dashboard Application Services Hub and the Roadmap overview ..........119 dashboard data provider .........196 Plan and create monitoring server and portal Using third party certificate authority signed server users within Active Directory.....120 certificates for the portal server ......197 Create and configure the portal server user Configuring TLS/SSL communication for the accounts and permissions, if desired.....120 Dashboard Application Services Hub server . 199 Enable and configure LDAP user authentication Configuring TLS/SSL communication with the for the portal server, if desired ......121 Authorization Policy Server ........200 Configure TEPS/e for TLS/SSL, if necessary 128 Using the WebSphere generated certificates to Enable and configure LDAP user authentication configure TLS/SSL for the Authorization Policy for the monitoring server, if desired .....128 Server ...............201 Active Directory LDAP verification tools . 130 Using third party certificates to configure User scenarios ............132 TLS/SSL for the Authorization Policy Server . 202 Configuring the tivcmd CLI for TLS/SSL . 204 Chapter 6. Using Tivoli Enterprise Configuring TLS/SSL communication between Portal user authorization ......147 the portal server and the Authorization Policy Administer Users ............148 Server ...............206 Users and User Groups .........149 Enabling FIPS for IBM Tivoli Monitoring ....206 Permissions .............149 Importing the TEPS/e certificates into the portal Applications.............152 server keyfile database ..........212 Navigator views ...........153 Using the GSKit command-line interface to work Member Of and Members ........153 with key databases and certificates ......213 Managing user IDs ...........153 Using the GSKit iKeyman utility to work with key Adding a user ID ...........154 databases and certificates .........214 Viewing and editing a user ID.......155 Setting the JRE for GSKit and starting Key Removing a user ID ..........156 Manager ..............214 Default user .............157 Creating a new key database .......215 Managing user groups ..........157 Creating a new public-private key pair and Viewing user group memberships .....157 certificate request ...........215 Adding a user group ..........158 Using a temporary self-signed certificate . 216 Reviewing and editing a user group.....159 Receiving the CA-signed certificate .....216 Removing a user group .........159 Saving the password to a stash file .....217 Notes on user administration ........160 Troubleshooting logon error messages .....163 Chapter 9. Audit logging ......219 Audit log XML elements mapped to the ITM Audit Chapter 7. Using role-based attribute group .............220 authorization policies ........165 Audit log XML example ..........223 Authorization policy concepts ........166 Audit environment variables ........225 Predefined roles and permissions.......168 Take Action and command execution audit logging 227 Preparing to enable authorization policies ....170 Policy management scenarios ........171 Chapter 10. Situation event integration Best practices for creating authorization policies 171 with Tivoli Enterprise Console ....229 Creating and assigning administrator roles . 173 Default mapping of situation events to IBM Tivoli Creating and assigning policy distributor roles 174 Enterprise Console events .........229 Policy management examples .......175 Expanding a generic event message situation Enabling authorization policies in the portal server 178 description .............231 Authorization policy auditing ........182 Generic mapping for agent specific slots . 231 Changing the Authorization Policy Server Assigning severity for Tivoli Enterprise Console configuration properties after installation and events ...............233 configuration .............183 Localizing message slots.........233 Managing the authorization policy store ....185 Situation event statuses and IBM Tivoli Working with multiple domains .......185 Enterprise Console event generation.....234 iv IBM Tivoli Monitoring: Administrator's Guide Synchronizing situation events .......236 Enabling or disabling the self-describing Checking the IBM Tivoli Enterprise