Administer > Administer the suite > Configurations
Click to learn more about the Compose phases Click to learn more about the Assessment phases Click to learn more about the Done (End) phases Click to learn more about the Done (End) phases Click to learn more about theValidation phases Click to learn more about the Fulfillment phases Click to learn more about the Approval phases Click to learn more about the Classification phases

Configurations

Configurations management enables you to configure the Service Management Automation suite settings.

Important The suite takes several minutes to restart after you change the configurations.

Security tab

Lightweight Single Sign-On (LW-SSO) is a Micro Focus solution that enables a user to log on to one Micro Focus application and gain access to other Micro Focus applications without being prompted for login credentials. The applications that participate in LW-SSO trust the initial authentication and require no re-authentication when the user is moving from one application to another. LW-SSO shares between the applications a token that is signed with the same encryption key that must be configured in each application. With LW-SSO, once users are logged in to the Service Management Automation suite, they can access their authorized suite capabilities without re-login.

To configure LW-SSO in suite, complete the following settings.

Field

Description

Domain

Enter the parent domain of your Service Management Automation installation, all applications in this domain can participate in LW-SSO.

For example, if the suite domain is subdomain.domain.com, the domain value should be domain.com; if the suite domain is sample.subdomain.domain.com, the domain value should be subdomain.domain.com.

Encryption key

A string used for encrypting single sign-on tokens. It must match the encryption string that is configured in other applications that participate in LW-SSO. For example, UCMDB systems.

The minimum length is 32 characters (letters and numbers).

You must modify the Encryption key if you are working on a production environment.

Token expiration period (minutes) Defines how long (in minutes) an LW-SSO token is valid for. When the specified time has elapsed, the LW-SSO token is no longer valid, and a re-login is required.

Email service tab

The email service enables the system to send email notifications to any mail server that supports Simple Mail Transfer Protocol (SMTP). Configuring the email service is mandatory before you can use email related features such as email notifications and survey.

To configure the suite level email service, complete the following settings.

Field

Description

SMTP server host

Enter the name of the SMTP server host that is used for sending email notifications. It can be the IP address, machine name, or DNS name of the SMTP server .

SMTP server port Enter the communications port that the SMTP server uses.
Mail from Enter the email address identified as email sender.
Authentication required
  • If the SMTP server requires authentication, turn on this switch and enter the user name and password.
  • If the SMTP server does not require authentication, turn off this switch and keep user name and password fields blank.
User name Enter the user name of the account used for SMTP server authentication.
Password Enter the password of the account used for SMTP server authentication.
Certificate

Select a certificate used by SMTP server.

  • Plain
  • Enable SSL
  • Enable TLS

If the certificate of your SMTP server is not in the trust store, you need to:

  1. On the NFS server, upload the certificate to the <ITSMA global NFS share directory>/certificate/source folder.

    For example: /var/vols/itom/itsma/itsma-itsmaglobal/certificate/source.

  2. On the master node, restart the itom-bo-config pod and itom-xruntime-platform pod.

    For example:

    kubectl get pods -n itsma1 | grep itom-xruntime-platform
    itom-xruntime-platform-755f55d699-rg7kk             2/2       Running   0          1h
    itom-xruntime-platform-offline-7859f49f78-5qn28     2/2       Running   0          1h
    kubectl delete pod -n itsma1 itom-xruntime-platform-755f55d699-rg7kk
    kubectl delete pod -n itsma1 itom-xruntime-platform-offline-7859f49f78-5qn28
  3. On the NFS server, open the itom-xservices-platform-online.yaml file under the<CDF core NFS volume>/suite-install/itsma/output/itom-xruntime-xxxxxxxx/yamls folder.
    For example: /var/vols/itom/core/suite-install/itsma/output/itom-xruntime-xxxxxxxx/yamls/itom-xservices-platform-online.yaml

  4. Add the following text under the env: section:
    - name: 'TRUSTSTORE_PATH'
    value: '/var/itsma-cert/itsma-truststore.jks'

    For Example:

    ==========================================================

    env:

    - name: 'DEBUG'

    valueFrom:

    configMapKeyRef:

    name: itom-xruntime-infra-config

    key: DEBUG

    - name: 'JAVA_DEBUG'

    valueFrom:

    configMapKeyRef:

    name: itom-xruntime-infra-config

    key: JAVA_DEBUG

    # JMX config

    - name: 'JAVA_JMX'

    valueFrom:

    configMapKeyRef:

    name: itom-xruntime-infra-config

    key: JAVA_JMX

    - name: PROPEL_BACKEND

    valueFrom:

    configMapKeyRef:

    name: itom-xruntime-infra-config

    key: PROPEL_BACKEND

    - name: 'ITOM_ITSMA_CERT_TRUSTSTORE_SECRET_KEY'

    value: itom_itsma_cert_truststore_secret_key

    - name: 'OFFLINE_SERVER'

    value: 'false'

    - name: 'TRUSTSTORE_PATH'

    value: '/var/itsma-cert/itsma-truststore.jks'

    - name: time_zone

    valueFrom:

    configMapKeyRef:

    name: itsma-common-configmap

    key: time_zone

    - name: TOMCAT_CONNECTOR_TIMEOUT

    valueFrom:

    configMapKeyRef:

    name: itom-xruntime-infra-config

    key: TOMCAT_TIMEOUT

    ==========================================================

  5. On the master node, run the following commands:
    kubectl delete -f itom-xservices-platform-online.yaml
    kubectl create -f itom-xservices-platform-online.yaml

Click Test connection to verify the server connectivity, if the SMTP server can be connected successfully, click Save.

Export configuration tab

This tab enables you to export the suite configuration data. You can only click Export again after the current export job is completed. For more information about how to use the exported data, see Clone an existing installation.

LDAP for UCMDB tab

This tab includes the LDAP settings that enable LDAP users to log in to UCMDB instance and Service Management without re-authentication. If you have configured the LDAP settings during suite installation, the settings are synced to this tab, click Save to enable the settings. You can also modify the settings.

Caution The external LDAP server must not contain the following internal users: sysadmin, admin, UISysadmin, and intgAdmin. The sysadmin user is a super administrator account, and the rest of the users are used by UCMDB to communicate with the data flow probe, UCMDB Browser, and Service Management, respectively.

LDAP server settings

Field Description OpenLDAP Example value
Hostname The fully-qualified domain name (server.domain.com) or IP address of the LDAP server.  
Port

The port used to connect to the LDAP server (by default, 389).

389
Base DN Base distinguished name. The Base DN is the top level of the LDAP directory that is used as the basis of a search. dc=Service Management Automation,dc=com
Group DN Base distinguished name for the Group object. The Group Base DN is the top level of the LDAP directory that is used as the basis of a search for the Group object. ou=groups,dc=Service Management Automation,dc=com
User ID (Full DN)

The fully distinguished name of any user with authentication rights to the LDAP server.

cn=admin,dc=Service Management Automation,dc=com
Password Password of the User ID. If the LDAP server does not require a User ID or password for authentication, this value can be omitted.  
Enable SSL

If your LDAP server is configured to require ldaps (LDAP over SSL), select the Enable SSL checkbox.

 
Search subtree When a user logs in, the LDAP directory is queried to find the user's account. The Search subtree setting controls the depth of the search under User search base. If you want to search for a matching user in the User search base and all subtrees under the User search base, make sure the Search subtree checkbox is selected. If you want to restrict the search for a matching user to only the User search base, excluding any subtrees, unselect the Search subtree checkbox.

 

LDAP user settings

Field Description OpenLDAP Example value
Email Email address of the user. mail
First name

First name of the user.

givenName
Last name Family name of the user.  
Phone Phone number of the user.  
User avatar The LDAP attribute whose value is the URL to a user avatar image that is displayed for the logged-in user. If no avatar is specified, a default avatar image is used. jpegPhoto
User base DN Base distinguished name for the User object. The User Base DN is the top level of the LDAP directory that is used as the basis of a search for the User object. ou=people,dc=itsma,dc=com
User class Value of objectClass that is used to identify the user. inetOrgPerson
User filter

Specifies the general form of the LDAP query used to identify users during login. It must include the pattern {0}, which represents the user name entered by the user when logging in.

The filter must use the following format: (&(objectclass=*)(cn=falcon))

(objectclass=inetOrgPerson)

User display name

The display name of the user.

cn
User manager ID The name of the attribute of a user object that identifies the manager of the user. manager
User manager ID value The name of the attribute of a user object that describes the value of the Manager Identifier's attribute. For example, if the value of the Manager Identifier attribute is a distinguished name (such as cn=John Smith, ou=People, o=xyz.com) then the value of this field could be dn (distinguished name). Or, if the Manager Identifier is an email address (such as admin@xyz.com) then the value of this field could be email. dn
User last modified The LDAP attribute that stores the timestamp when an object was last updated. modifyTimestamp (for OpenLDAP) whenChanged (for Active Directory)

LDAP group settings

Field Description OpenLDAP Example value
Group DN Base distinguished name for the Group object. The Group Base DN is the top level of the LDAP directory that is used as the basis of a search for the Group object. ou=groups,dc=Service Management Automation,dc=com
Group class Value of objectClass that is used to identify the Group object. groupOfUniqueNames
Group base filter

Specifies the general form of the LDAP query used to identify user groups during login. It must use a standard search filter syntax for your LDAP server.

(objectclass=groupOfUniqueNames)
Group name Base distinguished name. The Base DN is the top level of the LDAP directory that is used as the basis of a search.  
Group membership The name of the attribute(s) of a group object that identifies a user as belonging to the group. If multiple attributes convey group membership, the attribute names should be separated by a comma. If no name is entered, default values are used. member, uniqueMember
Admin group

A group which has admin privileges. This is a group which you could assign to some LDAP users and manage the LDAP.

cn=administrators,ou=groups,dc=itsma,dc=com
Group description Description of the group.  

Smart Analytics tab

Content Group Scaling

If the Smart Search performance is not good enough, you can easily add content for Smart Search to balance the search requests by using more content servers.

To add Smart Analytics content groups, follow these steps:

  1. Click Go to Smart Analytics.
  2. If you decide to add a new content group, click Add New Content Group.

    Caution

    When the system successfully adds a content group, the DIH, DAH, and proxy service will restart so that the Smart Search feature stops working until the process is finished. If the system fails to add a new content group, the DIH, DAH, and proxy service will not restart and you can continue to use Smart Search without any downtime.

Smart Analytics Assistant

Smart Analytics Assistant is a tool that enables administrators to perform IDOL administrative actions in Smart Analytics. This tool provides a command line on the user interface enables the administrator to send IDOL actions to Smart Analytics components. For example, you can use this tool for content server maintenance, to check the system status, and for troubleshooting.

To use Smart Analytics Assistant, follow these steps:

  1. Click Go to Smart Analytics.
  2. Double-click a Smart Analytics component in the Service Management Components list.

    Name Host Port Component description
    XService Content 1 smarta-saw-con-1-svc 10010 Stores indexed records latest 3 month for Service Management Automation X Smart Search
    XService Content 2 smarta-saw-con-2-svc 10010 Stores indexed records latest 3 month for Service Management Automation X Smart Search
    XService DAH smarta-saw-dah-svc 9060 Supports query records latest 3 month for Service Management Automation X Smart Search
    XService DIH smarta-saw-dih-svc 31370 Supports index record latest 3 month for Service Management Automation X Smart Search
    XService Archive Content 1 smarta-sawarc-con-1-svc 10010 Stores indexed records older than 3 month for Service Management Automation X Smart Search
    XService Archive Content 2 smarta-sawarc-con-2-svc 10010 Stores indexed records older than 3 month for Service Management Automation X Smart Search
    XService Archive DAH smarta-sawarc-dah-svc 9060 Supports query records older than 3 month for Service Management Automation X Smart Search
    XService Archive DIH smarta-sawarc-dih-svc 31370 Supports index records older than 3 month for Service Management Automation X Smart Search
    XService Metadata Content 1 smarta-sawmeta-con-1-svc 10010 Stores indexed metadata for Service Management Automation X Smart Search
    XService Metadata Content 2 smarta-sawmeta-con-2-svc 10010 Stores indexed metadata for Service Management Automation X Smart Search
    XService Metadata DAH smarta-sawmeta-dah-svc 9060 Supports query metadata records for Service Management Automation X Smart Search
    XService Metadata DIH smarta-sawmeta-dih-svc 31370 Supports index metadata records for Service Management Automation X Smart Search
    Smart Ticket Agentstore smarta-stx-agent-svc 9050 Store agents and profiles
    Smart Ticket Category smarta-stx-category-svc 9020 Support categorize action for Smart Ticket
    Smart Ticket DAH smarta-stx-dah-svc 9060 Support query action for Smart Ticket
    Smart Ticket Image Server smarta-stx-imgsvr-svc 18000 Analyzes and extracts content in image
  3. Select an action from the drop-down list. The system automatically populates the <Host> and <port> values in the action examples with the corresponding values that you can find from the Service Management Components list.

  4. Click Run.

Note that some action commands only work with certain Smart Analytics components in the suite. Refer to the following table for detailed descriptions.

Action name Action example Description Allowed component Allowed port
View Status http://<Host>:<port>/action=GetStatus Requests details of all components. Check whether all components are up and running; checks how many documents are in each database. all <Host>:<ACI_Port>
View Action History http://<Host>:<port>/action=GRL&format=xml Displays a log of requests, including the date and time that a request was made, the client IP address that made the request, and the internal thread that handled the action. all <Host>:<ACI_Port>
View Index Status http://<Host>:<port>/action=indexerGetStatus Checks the status of index actions in the Smart Analytics index queue. dih smarta-<*>-dih-svc:31370
content <CONTENT_SERVICE>:10010
View Root Category Detail http://<Host>:<port>/action=CategoryGetHierDetails Displays the root categories after training. category smarta-stx-category-svc:9020
Back up Component http://<Host>:<port>/action=BackupServer&path=/var/backup Creates a backup that can be used to restore the component’s state. You can use this action for the Content, Category, components. The backup file is stored in the path that you specified. content <CONTENT_SERVICE>:10010
category smarta-stx-category-svc:9020
Restore Content Server http://<Host>:<port>/action=RestoreServer&filename=/var/backup/***.zip Restores the content of a content server that was previously backed up. content <CONTENT_SERVICE>:10010
Synchronize Category http://<Host>:<MainProxyACIPort>/action=CategorySyncCatDRE Synchronize and build the category after you restore the Category component. category smarta-stx-category-svc:9020
Back up Database http://<Host>:<indexPort>/DREEXPORTIDX?filename=
c:/BackupFolderName/FilePrefix&DatabaseMatch=<Database_name>&HostDetails=true
Exports all the index documents for a database from the Smart Analytics content server to a series of compressed files in the defined backup directory. This action backs up individual databases. If you want to backup all databases on a content server, use the action Backup Component as mentioned above. dih smarta-<*>-dih-svc:31371
content <CONTENT_SERVICE>:10011
Restore Database http://<MainProxyHost>:<IndexPort>/DREADD?FileName=
/var/backup/***.idx&DREDbName=***&CreateDatabase=True
Restores the index IDX exported before. If no DREDbName is specified, use the dbname of the indexed file. dih smarta-<*>-dih-svc:31371
content <CONTENT_SERVICE>:10011

IDOL index tab

Service Management uses an IDOL (Intelligent Data Operating Layer) based search. IDOL indexes new information at regular intervals to ensure that new searches return up-to-date results. This tab enables you to set the intervals for Service Management to send updating index requests to the IDOL server, IDOL server processes the requests based on the IDOL system setting.

License expiration notification tab

This tab enables you to define when to send license expiration notification to tenant admin.

 

Related topics