Customized output from:
Document Release Date: February 2018 Software Release Date: February 2018 |
|
The only warranties for products and services of Micro Focus and its affiliates and licensors (“Micro Focus”) are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Micro Focus shall not be liable for technical or editorial errors or omissions contained herein. The information contained herein is subject to change without notice.
Confidential computer software. Except as specifically indicated otherwise, a valid license from Micro Focus is required for possession, use or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor's standard commercial license.
Certain versions of software and/or documents (“Material”) accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.
© 2011 - 2018 Micro Focus or one of its affiliates.
MICRO FOCUS and the Micro Focus logo, among others, are trademarks or registered trademarks of Micro Focus (IP) Limited or its subsidiaries in the United Kingdom, United States and other countries. All other marks are the property of their respective owners.
Adobe™ is a trademark of Adobe Systems Incorporated.
Microsoft® and Windows® are U.S. registered trademarks of Microsoft Corporation.
UNIX® is a registered trademark of The Open Group.
The questions that follow will help you customize the information that will appear in your interactive Deployment Guide.
Carefully read the instructions to the right of each set of selections—this information will guide you as to which selections are mandatory and when.
Tip: If your customized document seems to be missing information, this might mean that you have not selected a mandatory selection. You can change your selections after viewing your generated document.
Select a deployment option.
Note:
If you are installing or upgrading UCMDB, you must select a platform and database below.
If you are upgrading UCMDB, and your system has Data Flow Probes defined, select also the relevant Data Flow Probe deployment (Windows/Linux/both). See below.
Select a deployment option for the UCMDB Server.
Note: If you are installing or upgrading UCMDB, you must select a platform and database below.
Select the platform for your UCMDB Server.
The Data Flow Probe is used to perform Universal Discovery and Integration. You can select one or more of these options.
The Data Flow Probe is used to perform Universal Discovery and Integration. Select if you want to upgrade Data Flow Probe manually on Windows.
Select a deployment option for Configuration Manager.
Note:
You can only upgrade Configuration Manager if you are also upgrading UCMDB. If you are performing a clean installation of UCMDB, you must perform a clean installation of Configuration Manager as well (not an upgrade).
If you have any version of Configuration Manager earlier than 10.01 installed, you must upgrade to version 10.01, then to 10.10, then to 10.20, then to 10.22, and then apply 10.22 CUP6 (or a later CUP), then to 10.23, then to 11.0, and then to 2018.05 before upgrading to version 11.0. For details on upgrading Configuration Manager to version 10.01 and later, see the interactive Universal CMDB Deployment Guide for version 10.01 and later, available from the Micro Focus Support site (https://softwaresupport.softwaregrp.com).
High Availability is a mode of running UCMDB on a cluster of two or more servers to enable load balancing, and to ensure system availability. For more information, see UCMDB in a High Availability Environment.
Set up a Smart Software Analytics (SSA) server that automatically teaches unrecognized software by intelligently using Natural Language Processing (NLP) and machine learning technology.
Set up a Solr environment for UCMDB Browser, Service Discovery, or consumer-provider dependency adapters. If you select to use the embedded Solr environment, you do not need to take any action. The embedded Solr environment is installed and enabled by default with the Enable Search option in the UCMDB Server Configuration wizard.
You can view your customized document on the screen, or print it.
If you have a PDF print driver installed on your computer, click Print to create PDF documents that are customized according to your selections. PDF print drivers are available from several open source and third-party providers.
The following steps are customized according to your selections. Check that your selections are correct.
If any selections are not correct, click Change.
This guide references the following sections in the UCMDB Online Help:
Deploying Universal CMDB in an enterprise network environment is a process that requires resource planning, system architecture design, and a well-planned deployment strategy. The following checklist describes some of the basic issues that should be considered prior to installation. For comprehensive best practices documentation on deployment planning, consult with Micro Focus Professional Services.
Use the following checklist to review the basic issues that your organization should consider when planning the Universal CMDB deployment.
✓ | UCMDB |
---|---|
Define what you want to do with Universal CMDB:
|
|
Analyze the organization’s goals and identify the key IT-enabled business processes to achieve these goals. | |
Analyze the IT processes, and organizational structure and culture that can affect, or be affected by, the deployment. | |
Identify the target users (those with a vested interest in the business processes), such as executives, LOB managers, application owners, system administrators, and security auditors. | |
Identify the appropriate Universal CMDB functionality. | |
✓ | Universal Discovery |
Define the protocols to be used for Universal Discovery and ensure that the protocols are available for use. | |
Verify that you have access rights for the protocols to be used for Universal Discovery. Ask the system administrator for the user name and password for the relevant protocols. | |
Define the speed and utilization of the network subnets to be discovered. You may find that you need to increase timeouts for some of the protocols. | |
Ensure that the applications you are planning to discover are running with default ports. If they are not, update the appropriate mappings in the discovery ports configuration file. For a list of supported applications and default ports, see the Universal CMDB Discovery and Integrations Content Help. |
|
Identify the components to be discovered:
|
|
Install the following tools and utilities to help analyze discovery processes:
|
Micro Focus provides the following recommendations for increasing the security of your overall infrastructure for informational purposes only. These are only recommendations and are not intended to be a guarantee of protection against all potential vulnerabilities and attacks. Please note that some security measures may impact the features and functionality of your overall system; so, it is recommended that every customer become aware of those impacts when implementing any changes to your environment.
Use of this Micro Focus Software Product [UCMDB] may require the pre-installation of certain third-party components that are not provided by Micro Focus ("Third Party Components"). It is recommended that its customers check frequently for the most current updates to the Third Party Components, which may include fixes or patches for security vulnerabilities.
The installation workflow contains the following main stages:
Set up the CMDB database server.
Set up the Microsoft SQL Server
Set up the Oracle Server.
Set up a remote PostgreSQL Server.
Note: This step is necessary only if you are installing the PostgreSQL server remotely. If your intention is to install a PostgreSQL database locally, follow the instructions in the UCMDB Server installation procedure.
Install the Universal CMDB Server.
Install the UCMDB Server and configure the connection to the database.
Install the Universal CMDB Servers.
For High Availability, install two or more UCMDB Servers and configure their connection to the database and the load balancer.
Install Universal CMDB Configuration Manager
Install and configure Configuration Manager to analyze and control the data in UCMDB.
Install one or more Data Flow Probes
The Data Flow Probes are the components that enables the flow of data from the UCMDB to remote machines and back.
Secure the UCMDB Server
For details, see the Hardening section of the UCMDB online help.
Secure the Data Flow Probe.
For details, see the Hardening section of the UCMDB online help.
Launch Universal CMDB.
Consider the following prior to installing Universal CMDB on Windows:
Have the following information ready before beginning installation:
Due to Web browser limitations, the name of machine running the Universal CMDB Server should consist only of alphanumeric characters (a-z, A-Z, 0-9), hyphens (-), and periods (.).
If the names of the machine running the Universal CMDB Server contains underscores, it may not be possible to log in to Universal CMDB. In this case, you should use the machine’s IP address instead of the machine name.
For standard and enterprise level UCMDB deployments, it is recommended to disable the out-of-the-box (OOTB) enrichment scheduler SoftwareElementDisplayLabel for enrichment SoftwareElementDisplayLabelForExistingHost (or any scheduler that uses this enrichment). For such environments, if the enrichment runs triggered by the scheduler, it uses more memory when running and may trigger out-of-memory errors, or when these big objects are cleared from the memory heap by the garbage collection, it may trigger long FULL GC which may restart UCMDB if HIGH availability is configured.
If there is a business need to populate node names to running software CIs container Name attribute then the enrichment SoftwareElementDisplayLabelPopulator can be used instead. Basically enrichments SoftwareElementDisplayLabelForExistingHost, SoftwareElementDisplayLabelForNewHost, and SoftwareElementDisplayLabelPopulator will all update the container Name of running software CIs. There is no need to run all of them.
Database requirements
It is strongly recommended to host database server (Oracle, Microsoft SQL, or PostgreSQL) on a physical machine, and it should be an independent server without other applications (including the UCMDB server) running on it.
Also, if the database server machine is a virtual machine, the resource MUST be dedicated for the database server.
Apart from the embedded PostgreSQL database server, installing UCMDB server and database server (Oracle, Microsoft SQL, or PostgreSQL) together on the same machine is not supported.
In High Availability environments,
Note the following prior to installing Universal CMDB on Linux:
Make sure you can connect to Linux GUI remotely. For example, you have VNC connection.
It is highly recommended that you thoroughly read the introduction to this guide before commencing installation. For details, see Before You Install UCMDB.
Have the following information ready before beginning installation:
Information for setting the CMDB database parameters.
Administrator’s email address. (Optional)
SMTP mail server name. (Optional)
SMTP sender name. This name appears on alerts sent from UCMDB. (Optional)
Universal CMDB must not be installed more than once on a server even if the instances are installed in different folders or are different versions.
Due to Web browser limitations, the names of server machines running the Universal CMDB server should consist only of alphanumeric characters (a-z, A-Z, 0-9), hyphens (-), and periods (.).
If the names of the machines running the Universal CMDB servers contain underscores, it may not be possible to log in to Universal CMDB. In this case, you should use the machine’s IP address instead of the machine name.
Database user and password names can contain alphanumeric characters from the database character set as well as the underscore sign. Names must begin with an alphabetic character and should not exceed 30 characters.
Ensure that the network adapter on the machine on which you are installing Universal CMDB is configured with the desired IP interface (IPv4/IPv6).
Note: Configure these settings from the configuration file in /etc/sysconfig/network-scripts/ifcfg-eth0
For standard and enterprise levels UCMDB deployments, it is recommended to disable the out-of-the-box (OOTB) enrichment scheduler SoftwareElementDisplayLabel for enrichment SoftwareElementDisplayLabelForExistingHost (or any scheduler that uses this enrichment).
For such environments, if the enrichment runs triggered by the scheduler, it uses more memory while running and may trigger out-of-memory exceptions, or when these big objects are cleared from the memory heap by the garbage collection (GC), it may trigger long FULL GC which may restart UCMDB if HIGH availability is configured.
If there is a business need to populate node names to running software CIs container Name attribute then the enrichment SoftwareElementDisplayLabelPopulator can be used instead. Basically enrichments SoftwareElementDisplayLabelForExistingHost, SoftwareElementDisplayLabelForNewHost, and SoftwareElementDisplayLabelPopulator will all update the container Name of running software CIs. There is no need to run all of them.
When you perform a fresh install of UCMDB 11.0 or upgrade UCMDB to version 11.0, by default there are no composite indexes with the CMDB_ID as a key column in Oracle database (ROOT tables) or Microsoft SQL databases (ROOT and CDM tables). This is an optimization introduced in version 10.30. While it increases the speed of data-in, the data consumption becomes slower.
Database requirements
It is strongly recommended to host database server (Oracle, Microsoft SQL, or PostgreSQL) on a physical machine, and it should be an independent server without other applications (including the UCMDB server) running on it.
Also, if the database server machine is a virtual machine, the resource MUST be dedicated for the database server.
(Embedded PostgreSQL database only) On Linux platform, if you plan to use the embedded PostgreSQL database, make sure you do the following:
Uninstall the local PostgreSQL that comes with the Linux installation.
Note: On Linux systems, there is a conflict between the embedded PostgreSQL that comes with UCMDB and the local PostgreSQL that comes with the Linux installation. If you don't uninstall the local PostgreSQL that comes with the Linux installation, you won't be able to log in to UCMDB server later due to the conflict.
In High Availability environments,
UCMDB Servers in a cluster must work on the same port number for HTTP, HTTPS, and so on. You cannot configure the two UCMDB Servers to work on different ports.
The following procedure explains how to install a UCMDB Server on a Windows machine.
Note:
Installation of the UCMDB Server from the InstallAnywhere console is not supported.
Before you perform a new installation of UCMDB Server, always check and uninstall any existing UCMDB instances.
For detailed instructions about uninstalling an existing UCMDB instance, see Uninstalling UCMDB
Extract the package for the Windows platform, and then double-click UCMDB_Server_11.0.xxx.exe.
Note: If you get a message that the digital signature is not valid, you should not install UCMDB. In this case, contact Micro Focus Support.
Choose the locale language and click OK.
The Introduction page opens. Click Next.
The License Agreement page opens. Accept the terms of the end-user license agreement and click Next.
The Select Installation Folder page opens.
Accept the default destination, C:\UCMDB\UCMDBServer\, or click Choose to select a different installation folder. The installation path must not contain non-English characters or spaces.
Tip: To display the default installation folder again, click Restore Default Folder.
Click Next.
The Select Installation Type page opens. Select New Installation and click Next.
The Install Local PostgreSQL DB page opens.
If you want the installer to install a local PostgreSQL database, select Yes.
Click Next.
Select No and click Next.
If you selected Yes in the previous step, you must provide the port and credentials of the local PostgreSQL database
On the Set Up Local Database Port page that opens, enter the number of the port through which the local PostgreSQL database will communicate, and click Next.
On the Set Up Local Database Account page that opens, enter the user name and password for the local PostgreSQL database. Enter the password a second time for confirmation, and click Next.
The Master Key Configuration page opens. Enter a master key for password encryption.
Note: The master key must contain exactly 32 characters and include at least one of each of the following four types of characters:
:/._+-[]
The Password Configuration page opens. Specify the passwords to be used for default system accounts:
On the Set Up Truststore Password page, enter the password that you want to use for the truststore, and then enter the password again to validate it.
Note:
The keystore/truststore passwords setup will only be present if default passwords are used. If custom passwords are already in use, the installer wizard will not ask for them again.
The keystore/truststore passwords must follow the password policy below:
The password must contain 8 to 16 characters and include at least one of each of the following four types of characters:
:/._+-[]
On the Set Up UI System Administrator User Password page, enter the password that you want to use for the default UI system administration user account (user name: UISysadmin), and then enter the password again to validate it.
Note: Password policy for admin, sysadmin, and UISysadmin:
The password must contain 8 to 16 characters and include at least one of each of the following four types of characters:
:/._+-[]
The Pre-Installation Summary page opens displaying the installation options you selected.
If you are satisfied with the summary, click Install. A message is displayed indicating that the installation is currently being performed.
When the installation is complete, the Configure Universal CMDB Server message is displayed.
Click Yes to continue with the configuration.
On the last page of the installation wizard, click Done to complete the installation.
The following procedure explains how to install the UCMDB Server on a Linux machine.
Note: Installation of the UCMDB Server from the InstallAnywhere console is not supported.
Prerequisite: Apply one of the following configurations to the Linux machine:
Option 1:
At the end of the /etc/security/limits.conf file, add:
* soft nofile 20480
* hard nofile 20480
Option 2:
Modify the /etc/profile file as follows (through terminal):
Old line:
ulimit -S -c 0 > /dev/null 2>&1
New line:
ulimit -n 200000 >/dev/null 2>&1
Note: You probably need privileges to modify these files. You may need to restart the Linux machine for the changes to take effect.
The Universal CMDB Linux installation works as a graphic-based installation. Before running the installer, configure the DISPLAY environment variable to point to a running instance of an X Windows Server.
Extract the package for the Linux platform, and then execute the following command:
sh <path to the installer>/UCMDB_Server_11.0.xxx.bin
Caution: Console mode is not supported.
The UCMDB installation opens. Choose the locale language and click OK.
The Introduction page opens. Click Next.
The License Agreement page opens. Accept the terms of the end-user license agreement and click Next.
The Select Installation Folder page opens.
Accept the default path, /opt/UCMDB/UCMDBServer/, or click Choose to select a different installation folder. The installation path must not contain non-English characters or spaces.
Note: To display the default installation folder again, click Restore Default Folder.
Click Next.
The Select Installation Type page opens. Select New Installation, and click Next.
The Install Local PostgreSQL DB page opens.
If you want the installer to install a local PostgreSQL database, select Yes.
Click Next.
Select No and click Next.
If you selected Yes in the previous step, you must provide the port and credentials of the local PostgreSQL database
On the Set Up Local Database Port page that opens, enter the number of the port through which the local PostgreSQL database will communicate, and click Next.
On the Set Up Local Database Account page that opens, enter the user name and password for the local PostgreSQL database. Enter the password a second time for confirmation, and click Next.
The Master Key Configuration page opens. Specify the master key for password encryption.
Note: The master key must contain exactly 32 characters and include at least one of each of the following four types of characters:
:/._+-[]
The Password Configuration page opens. Specify the passwords to be used for default system accounts:
On the Set Up Truststore Password page, enter the password that you want to use for the truststore, and then enter the password again to validate it.
Note:
The keystore/truststore passwords setup will only be present if default passwords are used. If custom passwords are already in use, the installer wizard will not ask for them again.
The keystore/truststore passwords must follow the password policy below:
The password must contain 8 to 16 characters and include at least one of each of the following four types of characters:
:/._+-[]
On the Set Up UI System Administrator User Password page, enter the password that you want to use for the default UI system administration user account (user name: UISysadmin), and then enter the password again to validate it.
Note: Password policy for admin, sysadmin, and UISysadmin:
The password must contain 8 to 16 characters and include at least one of each of the following four types of characters:
:/._+-[]
The Pre-Installation Summary page opens, and displays the installation options you selected.
If you are satisfied with the summary, click Install. A message is displayed indicating that the installation is currently being performed.
When the installation is complete, the Configure Universal CMDB Server message is displayed.
Click Yes to continue with the configuration.
Note: If you prefer, you can set up the database or schema later. In that case, run the configure.sh script located in /opt/UCMDB/UCMDBServer/bin.
On the last page of the installation wizard, click Done to complete the installation.
This section includes:
Creating a Database or Connecting to an Existing One?
You need to decide whether to create the database users yourself or use predefined users:
Create a database or schema user in the following cases:
There are no existing database users.
There are existing database users, but you want to initialize the database default contents.
Connect to an existing database or schema user in the following cases:
You want to upgrade to a newer version of Universal CMDB, using the database contents you have from the previous version of Universal CMDB.
You do not want to change the database’s default contents, for example, because you have data in your database or schema from a previous installation of the same release. In this case, Setup updates the necessary server configuration files with the database details and updates the database scripts configuration file.
Your database administrator provides instructions for creating the database users in advance according to company policy.
Required Information for Setting Database Parameters
Before setting CMDB database parameters, prepare the following information, needed for creating a new database or connecting to existing ones:
User name and Password. (if you are using Microsoft SQL Server authentication) The user name and password of a user with administrative rights on Microsoft SQL Server. The default Microsoft SQL Server administrator user name is sa.
Note: A password must be supplied.
You can create and connect to a database using Windows authentication instead of Microsoft SQL Server authentication. To do so, you must ensure that the Windows user running the Universal CMDB service has the necessary permissions to access the Microsoft SQL Server database.
Before setting CMDB database parameters, ensure that you have created at least one default tablespace for each user schema for data persistency purposes, and that at least one temporary tablespace is assigned to each user schema.
You need the following information for both creating a new user schema and connecting to an existing one:
If you are creating a new user schema, you need the following additional information:
Note:
For advanced Oracle connection, check the following sections if needed:
Before setting CMDB database parameters, prepare the following information, needed for creating a new database or connecting to existing ones:
If you are connecting to a remote PostgreSQL Server, prepare the following:
Host name. The name of the remote machine on which PostgreSQL Server is installed: <host_name>\<instance_name>
Database (schema) name. The name of the existing database, or the name that you will give your new database (for example, ucmdb_database).
User name and Password. The user name and password of a user with administrative rights on PostgreSQL Server.
On the first page of the UCMDB Server Configuration wizard, click Next.
On the CMDB Schema page, select Create a new schema or Connect to an existing schema and click Next.
Note: When connecting to an existing schema:
The CMDB schema version must match the server version. If the versions do not match, an error message is displayed and you must re-enter the schema settings.
The version of the UCMDB Discovery and Integrations Content Pack in the file system (installation folder) must be the same as the version in the schema.
The CMDB Schema Settings page opens.
In the DB Type list, select Oracle and click Next. Additional fields appear in the dialog box.
In the DB Type list, select MS SQL Server and click Next.
In the DB Type list, select PostgreSQL Server and click Next.
Enter the details of the schema:
Schema name. The schema name should be unique.
Default tablespace. Update this field.
Temporary tablespace. If your database administrator created a non-default temporary tablespace, enter that name; otherwise, enter temp.
Enter the host name and database name, and decide which authentication Universal CMDB should use to connect to the database server. For details on Windows authentication, see in the Universal CMDB Database Guide.
Enter the details of the schema.
If you are installing a local PostgreSQL database, ensure that the details of the PostgreSQL database are defined correctly.
Note: Ensure that the Schema name follows the PostgreSQL naming conventions:
Click Next.
The Advanced Settings page opens:
Enable Multi Tenancy. Select this option if you are setting up UCMDB to work in a multi-tenancy environment.
Note: After installation, the tenancy environment (single tenancy versus multi-tenancy) cannot be modified.
Enable Search. Select this option to enable UCMDB data indexing for efficient search capabilities.
Note: Select this option if you will use any of the following:
Configure Universal CMDB to Support Oracle Advanced Security Option (ASO)
Add the following lines to the sqlnet.ora file:
SQLNET.ENCRYPTION_SERVER = required SQLNET.ENCRYPTION_TYPES_SERVER= (AES256) SQLNET.CRYPTO_CHECKSUM_TYPES_SERVER= (SHA1) SQLNET.CRYPTO_SEED = '23456789' SQLNET.CRYPTO_CHECKSUM_SERVER = required
Note:
DataDirect Drivers 5.1.4 support SHA-2 hashing. For details, see the following:
Types of Oracle Advanced Security Data Integrity Algorithms supported by DataDirect:
DataDirect supplies the JDBC drivers that the UCMDB installation is using to connect to the Oracle database.
Types of Oracle Advanced Security Data Integrity Algorithms supported by Oracle, see chapter 1.2.1.2 Data Integrity:
https://docs.oracle.com/cd/E11882_01/network.112/e40393/asointro.htm#ASOAG010
For information about SSL (ASO) properties, see https://docs.oracle.com/cd/B28359_01/java.111/b31224/clntsec.htm.
On the UCMDB Server, perform the following:
Open the directory <UCMDB_install_dir>\UCMDBServer\conf. Locate the jdbc.properties file and add the following lines:
For Oracle drivers (which are OOTB drivers used by UCMDB Server):
Oracle=orcl orcl.CONNECTION_PROPERTY_THIN_NET_ENCRYPTION_LEVEL=REQUIRED orcl.CONNECTION_PROPERTY_THIN_NET_ENCRYPTION_TYPES=AES256 orcl.CONNECTION_PROPERTY_THIN_NET_CHECKSUM_LEVEL=REQUIRED orcl.CONNECTION_PROPERTY_THIN_NET_CHECKSUM_TYPES=SHA1
For DataDirect drivers:
Oracle=ddoracle ddoracle.EncryptionTypes=AES256 ddoracle.EncryptionLevel=required ddoracle.DataIntegrityTypes=SHA1 ddoracle.DataIntegrityLevel=required
Note:
Note: If upgrading UCMDB to version 11.0, after the upgrade, open the <UCMDB_install_dir>\UCMDBServer\bin\jre\lib\security directory and replace the local_policy.jar and US_export_policy.jar files with the similar jar files from the Zulu Cryptography Extension Kit provided by OpenJDK.
Caution: It is strongly recommended not to perform any downgrade action if the UCMDB is configured to support Oracle ASO.
Configure UCMDB to Connect Securely to Microsoft SQL Server with TLS Enabled
This section describes how to configure UCMDB to connect securely to Microsoft SQL Server.
Prerequisite
The Microsoft SQL Server to which UCMDB will connect needs to accept encrypted connections (SSL). For instructions about how to enable this, see https://support.microsoft.com/en-us/kb/316898 or contact your DBA.
Configure UCMDB's JDBC drivers
Check if the \conf\jdbc.properties file exists. If not, create it.
Note: The jdbc.properties file must be encoded in ANSI. If the file is UFT-8 encoded, the properties will be ignored.
Add the following settings into the jdbc.properties file:
SQLServer = ddmssql ddmssql.EncryptionMethod=SSL ddmssql.ValidateServerCertificate=true
Save the file.
Note: In case the Microsoft SQL Server is using a certificate that is not signed by a recognized Certificate Authority (CA) like a self-signed certificate, you need to import the Microsoft SQL Server database's certificate into the UCMDB Server's cacerts keystore (located in the <INSTALL_FOLDER>\UCMDBServer\bin\jre\lib\security\cacerts directory).
To import the Microsoft SQL Server's certificate, run the following command:
"<INSTALL_FOLDER>\UCMDBServer\bin\jre\bin\keytool.exe" -import -noprompt -trustcacerts -alias SQL_Server_Cert -file "<PATH TO SQL SERVER CERTIFICATE>" -keystore "<INSTALL_FOLDER>\UCMDBServer\bin\jre\lib\security\cacerts" -storepass changeit
If the command line prompts "Trust this certificate?", enter yes.
To verify that the certificate was successfully imported, run the following command:
"<INSTALL_FOLDER>\UCMDBServer\bin\jre\bin\keytool.exe" -list -keystore "<INSTALL_FOLDER>\UCMDBServer\bin\jre\lib\security\cacerts" -storepass changeit -alias SQL_Server_Cert
Run the Configuration Wizard.
Windows: Start > All Programs > UCMDB > Start Universal CMDB Server Configuration Wizard
Linux: Run the <UCMDB_Server_InstallDir>/bin/configure.sh script
Follow the wizard steps, and connect the UCDMB Server to the Microsoft SQL Server Database with TLS enabled.
On the last page of the installation wizard, click Done to complete the installation.
IMPORTANT! Before you start the UCMDB Server, copy the encryption key (key.bin) that you backed up before you started the upgrade procedure to the following folder on the new machine:
C:\UCMDB\UCMDBServer\conf\discovery\
/opt/UCMDB/UCMDBServer/conf/discovery/
Configure the JVM startup parameter:
Open C:\UCMDB\UCMDBServer\bin\wrapper.conf/opt/UCMDB/UCMDBServer/bin/wrapper.conf
Locate the following line:
wrapper.java.additional.<#>=-Djava.net.preferIPv4Stack=
In an IPv4 or IPv4-IPv6 environment:, ensure that the Djava.net.preferIPv4Stack=true
Start the UCMDB Server:
Start > All Programs > UCMDB > Start Universal CMDB Server
/opt/UCMDB/UCMDBServer/bin/server.sh start
Note:
If you ran the UCMDB Server Configuration Wizard as part of Universal CMDB Server installation, you must start Universal CMDB Server only after successfully setting the parameters for all the databases.
If you ran the UCMDB Server Configuration Wizard to modify previously defined database types or connection parameters, restart the Universal CMDB Server and the Data Flow Probes after successfully completing the parameter modification process.
When you start the UCMDB Server, it may take several minutes for the process to finish and for the Server to be up and running. This period of time increases with the size of the database schema.
(CyberArk integration only)
Check if new hash value is the same as the one you configured in the CyberArk server. If different, re-generate the hash value using the following command:
java -Xms500m -Xmx1200m -jar JavaAIMGetAppInfo.jar GetHash /AppExecutablesPattern="C:\hp\UCMDB\DataFlowProbe\lib" /OnlyExecutablesWithAIMAnnotation=yes /LogFileDirectory="c:\temp"
And then fill the newly generated hash value into the CyberArk server.
Note: This section is relevant only if your upgraded environment is to be a high-availability environment.
A typical configuration for a high-availability environment is two or more UCMDB Servers connecting to the same database server. The server are configured to work behind a load balancer, that is, the load balancer serves as the entry point to the UCMDB Servers. All of the UCMDB Servers are active at any given time and can handle both read and write requests. Requests are distributed to the UCMDB Servers in the cluster by the load balancer. While read requests are shared evenly among all of the UCMDB Servers (Readers), only one UCMDB Server (Writer) is also responsible for write requests at one time. Any write requests received by a Reader are passed to the Writer. Moreover, any of the UCMDB Servers can take over the Writer role in the case that the Writer becomes unavailable.
The load balancer used for high availability must have the ability to insert cookies and must be able to do health checks ("keepalive").
The instructions defined below are certified over the load balancer, F5 BIG-IP version 10.x (and later).
If you are using a different load balancer, the configuration should be performed by a network administrator who has a wide knowledge about how to configure your load balancer, and similar principles should be applied.
The set up procedure below assumes that you already have at least one UCMDB Server installed and configured.
To set up a high availability environment:
To set up a high availability environment after upgrading from UCMDB 10.xx to UCMDB 11.0:
Install one or more additional UCMDB Servers to create a UCMDB Server cluster
Install the UCMDB Servers as you did the first UCMDB Server with one difference: when running the Server Configuration wizard to configure the database on the additional UCMDB Server, select Connect to an existing schema, and provide the details of the schema you created for the first UCMDB Server.
For details on installing UCMDB Servers, see Installing the UCMDB Server - Installation.
Note:
The machines used for all of the UCMDB Servers in the cluster should have similar hardware (and the same amount of memory) and should be running the same operating system.
UCMDB Servers in the cluster must work on the same port number for HTTP, HTTPS, and so on. You cannot configure the two UCMDB Servers to work on different ports.
If you are working in an IPv6-only environment, ensure that the UCMDB Server machines are configured for IPv6.
In the wrapper.conf file, locate the following line:
wrapper.java.additional.<#>=-Djava.net.preferIPv4Stack=true
Complete the Server Startup
If the first UCMDB Server (preferably the writer server) is not started, start the process. Wait until the startup process is complete.
Copy the <UCMDBServer>/conf folder from the first server (the writer) to the other servers.
Start the other UCMDB Servers.
Configure the Load Balancer
The load balancer is used to balance load sent to the UCMDB Servers in the cluster. Configure the load balancer as follows:
Configure VIP addresses. On the load balancer:
Configure a Cluster VIP address to send requests to the whole UCMDB Server cluster.
Configure a Writer VIP address to send requests to the Writer only (for Universal Discovery only).
Note: Keep a note of the defined VIP addresses.
When defining the communication settings between the UCMDB Server and the Data Flow Probes, always use the Writer VIP address when prompted for the UCMDB Server name.
When defining the communication settings between the UCMDB Server and other applications, always use the Cluster VIP address when prompted for the UCMDB Server name.
Configure two identical pools of backend servers that represent all of the UCMDB Servers in the cluster. The two pools will be monitored by different health monitors. One pool will be sent requests that are intended solely for the Writer server (only for Universal Discovery), and the other pool will be sent requests that can be processed by any server in the cluster.
Configure the health monitors (keepalive addresses). The health monitors check for the keepalive page of each of the UCMDB Servers.
Configure the following URL for the Cluster VIP address:
/ping/
Configure the following URL for the Writer VIP address:
/ping/?restrictToWriter=true
Possible responses from both of these URLs are Up or Down with http response codes 200 OK or 503 Service unavailable respectively.
The expected response should be Up.
For more details, see How to monitor High Availability cluster with endpoint /ping below.
Connect the health monitors to the respective UCMDB Server pools configured above.
Configure "session stickiness" on the load balancer:
Configure the load balancer to insert cookies to the responses sent back to UCMDB clients.
Using the Insert method, add a persistence profile of type cookie for each VIP address.
Note: The cookie name and value are unimportant, as long as the load balancer knows how to maintain stickiness with the cookies it sends out.
Important! Since F5 BIG-IP adds a session cookie only to the first request per connection to the server, you must do the following:
Log into UCMDB.
Go to Administration > Infrastructure Settings, and change the Force connection closing for SDK clients to true.
When this setting is set to true, the UCMDB SDK clients add a Connection:close header to each authentication request and class download request sent to the server. This way the load balancer will think this is a first request in a connection and add the session cookie to the response.
Note: This is relevant to load balancers which, like F5 BIG-IP version 10.x, add a session cookie to the first request per connection to the server only.
If the load balancer you are using adds a session cookie to every response, Force connection closing for SDK clients should be set to false (as is the default). In this case, setting it to true can lead to a decline in system performance.
If the VIP is configured to accept secure connections and the load balancer forwards the requests to the UCMDB servers over HTTP, you must configure redirect rewrites. In the F5 UI, configure the HTTP profile associated with the VIP to rewrite all redirects by enabling the following option: Redirect Rewrite select All.
Note: If the load balancer is configured to forward requests to backend over HTTP, an extra setting is required to be done on the load balancer. The load balancer admin should configure the load balancer to rewrite the Location header to correctly point to the load balancer URL. This needs to be done for HTTP connections that go to the jmx-console. This can be achieved through a regular expression like the following:
(https:\/\/(.*)):(\d*)(.*) \1\4
where the yellow part is the matching part and the green part is the replacing part.
Configure Data Flow Probes
When you install a Data Flow Probe, use the load balancer's Writer VIP address when defining the Universal CMDB Server name.
If you already have a Data Flow Probe installed:
Stop the Probe.
In the /opt/UCMDB/DataFlowProbe/conf/DataFlowProbe.propertiesc:\UCMDB\DataFlowProbe\conf\DataFlowProbe.properties file, change the serverName attribute to point to the Writer VIP address.
Restart the Probe.
How to monitor High Availability cluster with endpoint /ping
The endpoint /ping allows monitoring of the High Availability cluster. So far the endpoint could be configured to ask for the status of:
The restrictToReader parameter was added to the aforementioned endpoint that returns the status of only the readers in the cluster.
To configure this, the endpoint /ping should be called with the following parameter: restrictToReader=true
For example, /ping:8443?restrictToReader=true
Note: In case both restrictToWriter and restrictToReader parameters are present and have the value set to true, for example,
/ping:8443?restrictToReader=true&restrictToWriter=true
Only the parameter restrictToWriter will be taken into account.
As a best practice for deployments that rely heavily on UCMDB Browser, we recommend the use of a UCMDB HA Cluster with at least three nodes (one writer and two readers).
For this type of deployment, we recommend that two virtual IPs are created on the load balancer:
In case that the cluster contains 2 or more reader servers, one endpoint that points to all the reader servers. The endpoint for health check is: <UCMDB_URL>/ping?restrictToReader=true
In case that the cluster contains 1 reader server, one endpoint that points to all the servers (reader and writer). The endpoint for health check is: <UCMDB_URL>/ping
The health check endpoint will return:
Note that other elements can affect the health check process, in this case the load balancer can get an error similar to "Connection refused".
This end-to-end use case describes how to set up a high-availability UCMDB and UCMDB Browser environment with F5 BIG-IP load balancer and WebSEAL reverse proxy.
Note: Product versions used in this end-to-end use case:
The diagram below illustrates the overall architecture of the environment we will set up.
This case contains the following key tasks:
Prerequisites
(Optional) You have set up high availability mode by following the instructions in the Deployment Guide: "Set Up High Availability Mode".
Export the out-of-the-box UCMDB server keystore to a cert file
If using the out-of-the-box (OOTB) UCMDB cert, export it for later use.
To export the UCMDB server keystore (server.keystore) to a cert file (server.cert), do the following:
Open the command prompt and run the following command:
C:\UCMDB\UCMDBServer\bin\jre\bin\keytool.exe -export -alias <certificate alias> -keystore <Keystore file path> -file C:\UCMDB\UCMDBServer\conf\security\server.cert
where:
certificate alias is the name given to the certificate.
Keystore file path is the full path of the location of the keystore file.
For example, for the out-of-the-box server.keystore use the following command:
C:\UCMDB\UCMDBServer\bin\jre\bin\keytool.exe -export -alias hpcert -keystore C:\ucmdb\ucmdbserver\conf\security\server.keystore -file C:\UCMDB\UCMDBServer\conf\security\server.cert
Note: If self-signed certificate is not used, but a company generated certificate, use the following command to get the alias for this certificate:
C:\UCMDB\UCMDBServer\bin\jre\bin\keytool.exe -list -keystore c:\ucmdb\ucmdbserver\conf\security\server.keystore
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 1 entry.
<alias>, 14 Sept. 2012, PrivateKeyEntry.
Certificate fingerprint (SHA1): 2A:52:DF:17:D9:A5:37:2D:1F:1D:BA:4B:41:46:33:A8:18:42:5B:D7
The alias will look like: {45789-15478-1236-7895}
Use this alias to export the certificate.
Enter the keystore password.
Verify that the certificate was created in the following directory: C:\UCMDB\UCMDBServer\conf\security\server.cert
Convert the generated JKS file into PKCS12 format using UCMDB key tool keytool.exe (located in the <UCMDBServer>\bin\jre\bin directory). (WebSEAL requires PKCS12 format cert.)
Run the following command:
C:\UCMDB\UCMDBServer\bin\jre\bin\keytool.exe -importkeystore -srckeystore server.keystore -destkeystore server.p12 -srcalias <source serverkey> -destalias <target serverkey> -srcstoretype jks -deststoretype pkcs12 -srcstorepass <keystore password> -deststorepass <keystore password> -noprompt
The server.p12
file is the resulting PKCS12 format cert.
(Single Sign-On only) Set IDM User Name
Provide the following parameter values for the setUserName JMX method:
Set UCMDB Browser URL
Make sure you have created the following in the F5 BIG-IP load balancer environment (Local Traffic > Virtual Servers > Nodes|Pools):
Import the UCMDB CA cert/key into F5.
In the SSL Certificate/Key Source page, select Import Type:
When selecting Certificate, do the following:
When selecting Key, do the following:
Add UCMDB CA cert/key to Certificate Key Chain.
In F5, go to Local Traffic > Virtual Servers > Profiles > SSL.
Select and click an existing UCMDB cert profile.
Note: Create a SSL profile for HTTPS by clicking Create if you do not have one.
Go to the Certificate Key Chain configuration setting, click Add .
In the Add SSL Certificate to Key Chain dialog, select or provide values for the following settings as appropriate and click Add :
Certificate: Select the UCMDB certificate file.
Key. Select the UCMDB key.
Chain. Select the UCMDB chain.
Passphrase. Provide a pass phrase.
Create a cookie-based persistence profile.
Create a virtual server.
Specify values the following settings:
Configure WebSEAL reverse proxy by following IBM official documentation: IBM Security Access Manager (ISAM) Reverse Proxy Scenario.
Important: During the configuration, in the Identity tab of the Edit a Standard Junction window, make sure you set the following settings as described below:
HTTP Basic Authentication Header: For UCMDB Browser and RESTful API authentication to work properly, select Ignore from the dropdown list.
(Optional) HTTP Header Identity Information: Select IV-USER if you are using LDAP with user iv-user.
Import UCMDB cert (OOTB or self-signed).
If no, select Manage > Import from the menu.
Provide the self signed certificate from the UCMDB Browser/UCMDB Server or the OOTB UCMDB cert.
Make sure the cert type is PKCS12. If not PKCS12, you may need to convert it to PKCS12 from JKS.
Note: The OOTB UCMDB cert can be converted to PKCS12 using UCMDB key tool keytool.exe (located in the <UCMDBServer>\bin\jre\bin directory). For the conversion command, see step 2.d in UCMDB Server configuration.
Configure the ucmdb_browser_config.xml file.
<hostname>
parameter value to the VIP that you set in F5. <host_port>
parameter to the Port that you set in F5.(Single Sign-on only) If you are using LDAP with user iv-user, locate the <webui>
tags, then the <validation>
tags, copy and paste the following into the file:
<in-ui-identity-management> <identity-management> <userNameHeaderName>iv-user</userNameHeaderName> </identity-management> </in-ui-identity-management>
Create and configure a credentials file.
In the file credentials.txt, enter the following content:
To do so, log in to any of the following:
Environment | Login URL | Remarks |
---|---|---|
WebSEAL | https://<WebSEAL URL>:<port><WebSEAL Junction> | Including UCMDB Browser, UCMDB server, and API |
F5 | https://<VIP>:<port> | Including UCMDB Browser and UCMDB server |
UCMDB Browser | https://<UCMDB Browser IP address>:<port> | |
UCMDB Server | https://<UCMDB Server IP address>:<port> |
Create and configure the Solr home. To do this, follow these steps:
Create the following folder structure in the Solr home:
configsets\ucmdb_configs\conf
Copy the following files from the <UCMDB_Server_Home>\search\solr_dp\configsets\ucmdb_configs\conf folder to the <Solr_home>\configsets\ucmdb_configs\conf folder:
Start Solr.
To do this, go to the <Solr_install_dir>\bin directory in a command prompt, and then run the following command:
solr start -s <Solr_home>
Note:
solr stop -all
command in the same directory.Add the following settings into <UCMDB_Server_Home>\conf\settings.override.properties.
cmdb.search.solr.standalone=true
cmdb.search.solr.standalone.url=http://localhost:8983/solr
Note: The value for cmdb.search.solr.standalone.url
should be the URL verified in Step 3.
Increase Solr memory size.
By default Solr allocates only 512MB RAM. You might need to increase this setting, depending on the server’s RAM and other processes that run on the same server.
To increase Solr memory size,
Open the following file using a text editor:
Windows: <UCMDB_install_dir>\solr\bin\solr.in.cmd
Linux: <UCMDB_install_dir>/solr/bin/solr.in.sh
Locate the following setting and increase the setting to a desired value:
Windows:
set SOLR_JAVA_MEM=-Xms512m -Xmx2048m
where Xms
is the initial amount, Xmx
is the total amount of memory allocated.
Linux:
SOLR_JAVA_MEM="-Xms512m -Xmx2048m"
Restart the UCMDB Server.
Note: In a High Availability environment, all the UCMDB servers have to be connected to the same standalone Solr.
To deploy Solr HA cluster based on Zookeeper, follow these steps:
Install the Apache Zookeeper. To do this follow these steps:
Download Apache zookeeper 3.4.6 (https://archive.apache.org/dist/zookeeper/zookeeper-3.4.6/).
Unzip the downloaded package.
The path where you unzip the package will be later referred as <zookeeper_install_dir>.
Go to the <zookeeper_install_dir>\conf folder and rename the zoo_sample.cfg file to zoo.cfg.
Open the zoo.cfg file using a text editor.
Set its value to a folder of your choice.
Example: dataDir=D:/zookeeper/dataDir
At the end of the file, add the IP to which you want Zookeeper to listen.
Example:
clientPortAddress=192.168.168.68
Otherwise Zookeeper will listen to 0.0.0.0:2181 by default.
Go to the <zookeeper_install_dir>\bin folder and start the zookeeper by executing the following from the command line:
Windows:zkServer.cmd
Linux:zkServer.sh start
Now zookeeper is running at HTTP://<zookeeper_ip>:<zookeeper_port> (You can change the port in the zoo.cfg file).
Install Solr in cloud mode. To do this follow these steps:
Download Solr 6.2.1 distribution (http://archive.apache.org/dist/lucene/solr/6.2.1/) on a different machine from the zookeeper.
Note: Solr 6.2.1 requires JAVA 8.
JAVA_HOME needs to be set as a system path or environment variable.
Unzip the downloaded package.
Create a directory where Solr is to be located and used as a running directory. You can call this directory <Solr_installDir>. Example: D:\Solr\6.2.1
Copy the contents of the Solr package into this directory.
Go to the <UCMDB_Server>\search\solr_dp directory and copy the solr.xml file and the configsets directory file to <Solr_installDir>.
Start Solr in cloud mode:
To start Solr in cloud mode, execute the following command from the bin folder:
bin/solr start -cloud -s <Solr_installDir> -p 8987 -z <zookeeper_ip>:<zookeeper_port>
Examples:
solr start -cloud -s "D:\Solr\6.2.1\index\solr -p 9999 -z myzookeeper:2181
solr start -cloud -s "D:\Solr\6.2.1\index\solr -p 9999 -z 16.66.166.166:2181
Now Solr is started in cloud mode and it is connected to the zookeeper.
On a different machine, install another Solr and connect to the zookeeper in the same way.
After this you have a Solr cloud cluster up and running with 1 zookeeper and 2 Solr nodes.
You can extend Solr cloud culster by adding more Solr machines to the zookeeper.
Configure UCMDB for Solr cloud. To do this follow these steps:
Provide values for the parameters and make sure that the setup meets both of the following requirements:
Restart UCMDB server.
UCMDB server will create the index in Solr based on the configurations you provided in the JMX console.
Note:
To view the configurations, invoke the viewSolrCloudConfigurations JMX method.
To revert the configurations, and also clean the Solr cluster, invoke the cleanupSolrCluster JMX method.
To view the Zookeeper configuration details, go to https://zookeeper.apache.org/doc/r3.4.6/zookeeperAdmin.html#sc_configuration
Below is an example of how the index will look like for a UCMDB with 2 customers with the following Solr cloud configuration:
Solr Cloud Configuration: Number of nodes: 2 Number of shards: 2 Replication Factor: 2 Zookeeper URL: 16.66.166.166:2181 Is Solr Cloud enabled: true
You can see that the there are 2 indexes, one for each customer, customer1 and customer2.
Each index is split into 2 shards, with shard 1 being on the Solr machine 16.66.66.66:9999 and replicated on Solr machine 16.66.66.66:8888. Shard 2 is also present on both machines. So if a Solr machine shuts down, the index will still be available from the other one, and the users can still perform searches.
To uninstall Universal CMDB:
Windows |
|
Linux |
|
To uninstall a Data Flow Probe:
Windows |
Note: The probe auto upgrade mechanism supports upgrading Data Flow Probes on Windows directly for versions 10.22 (with or without a CUP) and later (union and non-FIPS mode). Only for probes of unsupported versions, you need to uninstall the old version and then install the latest version manually. On the machine where the Probe is installed:
|
Linux |
On the machine where the Probe is installed:
|
The instructions that follow explain how to upgrade UCMDB 10.xx to UCMDB 11.0.
The table below describes supported upgrade paths for the CMS products:
Supported Upgrade Paths |
CMS product supporting upgrades | |||
---|---|---|---|---|
UCMDB 11.0 |
Data Flow Probe 11.0 | Configuration Manager 11.0 [1] | UCMDB Browser Standalone 11.0 [5] | |
10.20 (with or without a CUP) → 11.0 | Yes | No | Yes [2] | Yes |
10.21 (with or without a CUP) → 11.0 | Yes | No | Yes [2] | Yes |
10.22 (with or without a CUP) → 11.0 | Yes | Yes [3] | Yes [2] | Yes |
10.2x FIPS → 11.0 FIPS [4] | No | No | No | No |
10.3x → 11.0 |
Yes |
Yes [3] |
Yes |
Yes |
10.3x FIPS → 11.0 FIPS [4] |
No |
No |
No |
No |
11.0 full installer |
Yes |
Yes | Yes | Yes |
Note:
Version 11.0 of the Micro Focus Configuration Management System includes a new release for UCMDB Configuration Manager (CM) identified as version 11.0. However, this release contains no new features and is based on the prior CM 10.23 release. You can use CM 11.0 in tandem with UCMDB 11.0.
If you have any version of Configuration Manager earlier than 10.01 installed, you must upgrade to version 10.01, then to 10.10, then to 10.20, then to 10.22, and then apply 10.22 CUP6 (or a later CUP), then to 10.23, then to 11.0, and then to 2018.05 before upgrading to version 11.0. For details on upgrading Configuration Manager to version 10.01 and later, see the interactive Universal CMDB Deployment Guide for version 10.01 and later, available from the Micro Focus Support site (https://softwaresupport.softwaregrp.com).
Automatic upgrade of Data Flow Probe to version 11.0 is supported on Windows platform only. For details, see .
Note that automatic upgrade of Data Flow Probe to version 11.0 is not applicable to the following:
Integration service
Downgrade of any of the above products is not supported.
Note:
Please read through the entire procedure that follows before commencing the upgrade process.
Upgrading from UCMDB 10.xx to UCMDB 11.0 may take several hours.
You can follow the progress of the upgrade in the following log files (located in the c:\hp\UCMDB\UCMDBServer\runtime\log/opt/hp/UCMDB/UCMDBServer/runtime/log folder):
Important:
When you perform a fresh install of UCMDB 11.0 or upgrade UCMDB to version 11.0, by default there are no composite indexes with the CMDB_ID as a key column in Oracle database (ROOT tables) or Microsoft SQL databases (ROOT and CDM tables). This is an optimization introduced in version 10.30. While it increases the speed of data-in, the data consumption becomes slower.
Caution: If you have defined LDAP servers in your system, before upgrading from version 10.2x to version 11.0, make sure you mark the LDAP settings as sensitive, then change the master key, and then proceed with the upgrade.
For details, see "How to Mark Sensitive Settings and Enable Storing Encrypted Data in the Database Using JMX" and "How to Set Master Keys" in the Universal CMDB JMX Reference Guide.
The following diagram may help you understand the overall UCMDB server and Data Flow Probes upgrade process:
It is recommended that you back up your original environment (UCMDB Server and database) prior to upgrading your environment.
It is recommended, prior to upgrading your environment, to clone your original environment (UCMDB Server and database) to a new environment and perform the upgrade on the cloned environment. This way, the original server can continue to be up and running during the upgrade procedure. Performing the upgrade on a cloned database also enables you to deal with upgrade issues while not affecting the down time of the original server.
Once everything is up and running on the upgraded cloned environment, you can upgrade the original Server, and then connect it to the database on the upgraded cloned environment.
In summary:
Clone the original (current) environment.
Note: It is strongly recommended, after the database schema has been cloned, not to make any changes on the original environment as those changes will not be migrated to the upgraded environment.
This section provides estimated upgrade durations, based on tested environments. Upgrade durations will vary depending on your hardware configuration, UCMDB data set, and database performance.
DB Server | Upgrade Path | Upgrading Server RAM |
Upgrading Server OS | # of CIs | # of Links | # of History Events | # of TQLs | Upgrade Time (minutes) |
---|---|---|---|---|---|---|---|---|
Oracle 11G | 10.11 CUP5 → 11.0 | 4GB | Windows 2008 R2 Enterprise | 20K | 30K | N/A | 766 | 40 |
MSSQL 2016 EE | 10.22 CUP2 → 11.0 | 8GB | Windows 2012 SP1 Standard | 556K | 536K | N/A | 1835 | 70 |
Oracle 12C | 10.31 → 11.0 | 12GB | Windows 2012 R2 Standard | 265K | 432K | N/A | 4606 | 60 |
For all out-of-the-box adapters: If you modified adapter configurations in your current version, it is strongly recommended that you save all adapter files before starting the upgrade. After the upgrade, you will need to make the same changes to the relevant adapters.
For example, if you have an adapter default template, copy aside the relevant part of the adapter XML (the tag “<adapterTemplates>”). After the upgrade, you will copy this tag back to the XML of the relevant adapter.
Note: All adapters must be compatible with the new Universal Data Model. If you made changes to existing out-of-the-box adapters, you must make the same changes to the adapter files in version 11.0.
UCMDB uses the encryption key to encrypt credential information and to send sensitive credential information to the Data Flow Probes. For security reasons, this encryption key is stored on the file system, and not in the database.
Back up the encryption key that is on the UCMDB Server. The encryption key is located in:
C:\hp\UCMDB\UCMDBServer\conf\discovery\key.bin
/opt/hp/UCMDB/UCMDBServer/conf/discovery/key.bin
Note: When upgrading version 10.xx to 11.0 on the same machine, the original file remains on the machine, and the backup is necessary in case the file is lost during the process.
When upgrading version 10.xx to 11.0 on a clean machine, this file does not exist on the new machine and must be copied to the new machine after installing UCMDB on the clean machine.
Back up the C:\hp\UCMDB\UCMDBServer\conf\security/opt/hp/UCMDB/UCMDBServer/conf/security folder.
If the Java JMX access hardening was performed:
Edit the file permissions for the following file, so that the user you are logged in with can edit it:
C:\hp\UCMDB\UCMDBServer\bin\jre\lib\management\jmxremote.password
/opt/UCMDB/UCMDBServer/bin/jre/lib/management/jmxremote.password
To uninstall a Data Flow Probe:
Windows |
Note: The probe auto upgrade mechanism supports upgrading Data Flow Probes on Windows directly for versions 10.22 (with or without a CUP) and later (union and non-FIPS mode). Only for probes of unsupported versions, you need to uninstall the old version and then install the latest version manually. On the machine where the Probe is installed:
|
Linux |
On the machine where the Probe is installed:
|
Caution:
Apart from the out-of-the-box (OOTB) files, DO NOT ADD any additional resources into the <UCMDB_Server_Home>\deploy directory. Because UCMDB will try to deploy every file from this location, which may cause the ucmdb-browser.war file not deployed completely, and as a result the UCMDB Browser will fail to start.
Close all UCMDB server folders and files before the upgrade, and DO NOT open or access any of those folders and files during the upgrade.
During the upgrade, UCMDB server folders and files will be modified or overwritten by the installer wizard. Opening or accessing (for example, access through command) any of those folders or files during the upgrade may result in upgrade failure.
In case of such upgrade failure, to restore the server, copy the entire content of the C:\hp\UCMDB\UCMDBServer\old folder into the C:\hp\UCMDB\UCMDBServer folder. Then you can continue to use the server or to perform another upgrade.
Note: The following settings are backed up during the server upgrade, and restored after the upgrade:
In case you want to check those settings, you can go to the <UCMDBServer>\old\conf folder. Backup copy of the above settings are saved to this folder during the server upgrade.
Stop the UCMDB 10.xx Server.
Note:
Standalone environment: If the UCMDB Integration Service is running, stop the service.
Locate the UCMDB executable file: UCMDB_Server_11.0.exe, and double-click it to open the splash screen.
Note: If you get a message that the digital signature is not valid, you should not install UCMDB. In this case, contact Micro Focus Support.
Locate the UCMDB executable file: UCMDB_Server_11.0.bin, and run the following executable:
sh <the path to the installation file>/UCMDB_Server_11.0.bin
Choose the locale language and click OK.
The Introduction page opens. Click Next.
The License Agreement page opens. Accept the terms of the end-user license agreement and click Next.
On the Select Installation Folder page, make sure you select the existing UCMDB 10.xx installation folder and click Next.
On the Select Installation Type page of the installer, select Update from 10.x or 10.x CUP and click Next.
A message pops up, reminding you that upgrading UCMDB to version 11.0 requires migration of existing Universal Discovery licenses to units.
Important: Before you can proceed with the upgrade, you must do the following:
Contact the Software Sales Assist team (sw_ssa@microfocus.com) to begin the migration of your UD Full and UD Inventory OSI licenses to units.
Click OK.
On the Install Data Flow Probe page, select one of the following:
Automatically update Data Flow Probe with the new version
Select this option if the existing probes that report to the UCMDB server are of version 10.22 or later (with or without a CUP, union and non-FIPS mode on Windows machine). For supported upgrade paths, see Upgrading UCMDB - Introduction. For more details about Data Flow Probe auto upgrade, see "Data Flow Probe Upgrade Overview" in the Data Flow Management section of the UCMDB Help.
If you do not choose this option now, but still want to leverage the probe auto upgrade feature after the UCMDB server upgrade, then when you have finished upgrading the UCMDB server, you can go to <UCMDB_Server>\content\probe_patch and copy the probe-patch-11.0-windows.zip package to the <UCMDB_Server>\runtime\probe_upgrade directory. Then restart the UCMDB server. UCMDB server will then perform probe auto upgrade.
Update the Data Flow Probe manually
Select this option if the probes that report to the UCMDB server in your environment are on Linux or of versions not supported for auto upgrade. When you have finished upgrading the UCMDB server to version 11.0, you can uninstall the old version probe first, and then install version 11.0 probe manually. For details, see Data Flow Probe - Upgrade Overview.
On the Deploy Content Pack page, select to deploy Content Pack 26 and click Next.
Specify the passwords to be used for keystore and truststore:
On the Set Up Truststore Password page, enter the password that you want to use for the truststore, and then enter the password again to validate it.
Note:
The keystore/truststore passwords setup will only be present if default passwords are used. If custom passwords are already in use, the wizard will not ask for them again.
The keystore/truststore passwords must follow the password policy below:
The password must contain 8 to 16 characters and include at least one of each of the following four types of characters:
:/._+-[]
On the Summary page, click Install to start the installation.
When the installation completes, click Done.
Note: When upgrading from 10.xx to 11.0, it is not necessary to run the Server Configuration wizard because the system uses the schemas from the 10.xx installation.
If you imported SSL certificates in UCMDB 10.xx, extract the certificates from
C:\hp\UCMDB\UCMDBServer\old
/opt/hp/UCMDB/UCMDBServer/old
and import them into
C:\hp\UCMDB\UCMDBServer\bin\jre\lib\security\cacerts
/opt/hp/UCMDB/UCMDBServer/bin/jre/lib/security/cacerts
For details, see the section describing enabling SSL on the Client SDK in the Hardening section of the UCMDB Help.
Standalone environment: If you stopped the Integration Service above you must clear the Integration Service data:
In C:\hp\UCMDB\UCMDBServer\integrations\tools run clearProbeData.bat
IMPORTANT!
Note: This step is relevant only if you are upgrading to 11.0 on a new machine, and if you customized the key.bin in your previous deployment.
Before you start the UCMDB Server, you must copy the encryption key (key.bin) that you backed up before you started the upgrade procedure to the following folder on the new machine:
C:\hp\UCMDB\UCMDBServer\conf\discovery\
/opt/hp/UCMDB/UCMDBServer/conf/discovery/
If UCMDB patches have been installed on top of your current UCMDB version, you need to remove any Probe patch archive (.zip) files that might be left over in the system:
Note:
In the C:\hp\UCMDB\UCMDBServer\runtime\probe_upgrade/opt/hp/UCMDB/UCMDBServer/runtime/probe_upgrade folder, delete all .zip files that have the probe-patch prefix.
Start up the UCMDB 11.0 Server to complete the upgrade.
Note: It may take several hours for the server to start up. You can follow the progress in the following log files (located in the ..\UCMDBServer\runtime\log folder):
Standalone environment: If you stopped the Integration Service, restart it.
High-availability environment:
If you are upgrading a high-availability environment, or your upgraded environment is to be a high-availability environment:
Install UCMDB 11.0 on each of the machines that will be included in the UCMDB Server cluster:
Note: In UCMDB 11.0, all of the UCMDB Servers in a high-availability environment are active, while also providing high availability in case of server failure.
When you manually upgrade the PostgreSQL server, use the same account as you install the UCMDB Server.
Important: The commands in this section are only examples under the assumption that the existing PostgreSQL installation is installed and configured as follows:
The PostgreSQL installation folder is <UCMDBServer>\PostgreSQL.
Starting with version 11.0, for new install, the default installation folder is C:\UCMDB\UCMDBServer\PostgreSQL; for upgrade, make sure you select the existing installation folder, which is C:\hp\UCMDB\UCMDBServer\PostgreSQL.
You must customize the commands if your PostgreSQL installation is different.
Do not copy and paste these commands into the command line. Otherwise, the commands may not be recognized correctly. Always type the commands into the command line.
Download PostgreSQL 9.4.8 binaries (Win x86-64) from the PostgreSQL website:
http://www.enterprisedb.com/products-services-training/pgbindownload
On the UCMDB server, back up the dump file by executing the following commands:
cd C:\hp\UCMDB\UCMDBServer\PostgreSQL\pgsql\bin
pg_dumpall -h localhost -p 5431 -U admin > backup.dump
Note: You need to type in the password of the admin user four times.
Monitor the dump file size in the PostgreSQL\pgsql\bin folder. When the size remains unchanged for 10 minutes, press Enter in the command line.
Note: Depending on the database size, the back-up can take five minutes or even longer.
Copy the pgInitDB.bat, pgStart.bat, and pgStop.bat files from the PostgreSQL.old folder to the PostgreSQL folder.
Initiate the new version of PostgreSQL database by using the command line.
cd C:\hp\UCMDB\UCMDBServer\PostgreSQL\pgsql\bin
initdb -D "C:\hp\UCMDB\UCMDBServer\PostgreSQL\pgsql\data"
Register the new PostgreSQL as a UCMDB_Server_DB service by executing the following commands:
pg_ctl.exe register -N UCMDB_Server_DB -D "C:\hp\UCMDB\UCMDBServer\PostgreSQL\pgsql\data"
sc description UCMDB_Server_DB "UCMDB Database"
net start UCMDB_Server_DB
The UCMDB_Server_DB service is then started.
Create the PostgreSQL database by executing the following command:
createdb ucmdb_database
Create a new account by executing the following command:
createuser –s –P admin
Note: Use the same credentials as used in the previous PostgreSQL server.
Restore the dump data into the new version of PostgreSQL server by executing the following command:
psql -U admin -d ucmdb_database -f "C:\hp\UCMDB\UCMDBServer\PostgreSQL.old\pgsql\bin\backup.dump"
If any problem occurs or the upgrade fails and you wish to rollback to the previous PostgreSQL server installation, you can delete the newly created PostgreSQL folder and then rename the PostgreSQL.old folder to PostgreSQL. You can then follow the above steps to perform the upgrade again.
When you manually upgrade the PostgreSQL server, use the same account as you install the UCMDB Server.
Important:
The commands in this section use the following variables:
You must replace the variables with their actual values when you run the commands in this section.
Download PostgreSQL 9.4.8 binaries (Linux x86-64) from the PostgreSQL website:
http://www.enterprisedb.com/products-services-training/pgbindownload
On the UCMDB server, back up the dump file by executing the following command under the $UCMDB_Home/PostgreSQL/pgsql/bin folder.
su postgres_server -c "./pg_dumpall -h localhost -p $Port -U $SupervisorUser > backup.dump"
Note: You need to type in the password of the PostgreSQL server user four times.
Copy the following files from the PostgreSQL.old folder to the same subfolders under the PostgreSQL folder:
Execute the following commands:
chown -R postgres_server:postgres_server PostgreSQL find $UCMDB_Home/PostgreSQL -type f \( -name "*.sh" -or -name "*.sql" -or -name "*.conf" -or -name "*.cnf" \) -exec dos2unix {} \; chown -R postgres_server:postgres_server PostgreSQL" cd $UCMDB_Home/PostgreSQL chmod -R 770 . su postgres_server -c "$UCMDB_Home/PostgreSQL/pgInitDB.sh $SupervisorUser $Password $Port" cd $UCMDB_Home/PostgreSQL/pgsql chmod a+rx ./postgresql.server cp $UCMDB_Home/PostgreSQL/pgsql/postgresql.server /etc/init.d/ chkconfig --add postgresql_server service postgresql_server start cd $UCMDB_Home/PostgreSQL/pgsql/bin su postgres_server -c "./createdb -U $SupervisorUser -h localhost -p $Port $DBName" su postgres_server -c "./psql -f backup.dump -U $SupervisorUser -d $DBName -p $Port"
If any problem occurs or the upgrade fails and you wish to rollback to the previous PostgreSQL server installation, you can delete the newly created PostgreSQL folder and then rename the PostgreSQL.old folder to PostgreSQL. You can then follow the above steps to perform the upgrade again.
The following steps may be necessary after the upgrade.
UCMDB Browser. When upgrading to 11.0, the embedded UCMDB Browser 11.0 is automatically installed. If you are working with an earlier version of the UCMDB Browser, you must update it manually.
Reverse Proxy. If the upgraded system is not going to run on the same machine as the previous version, you need to reconfigure the reverse proxy after the upgrade. For configuration details, see "Using a Reverse Proxy" in the Hardening section of the UCMDB Help.
SSL.
Reinstall SSL configurations. For details, see "Enabling Secure Sockets Layer (SSL) Communication" in the Hardening section of the UCMDB Help.
If SSL was activated on the source system, restore the \conf\security folder that you backed up before the upgrade.
LW-SSO. Configure LW-SSO. For details, see "Lightweight Single Sign-On (LW‑SSO) Authentication" and "Enabling Login to Universal CMDB with LW-SSO" in the Hardening section of the UCMDB Help.
JMX Console. If you configured Java JMX access hardening, copy the file that you saved before the upgrade back into C:\hp\UCMDB\UCMDBServer\bin\jre\lib\management\jmxremote.password/opt/hp/UCMDB/UCMDBServer/bin/jre/lib/management/jmxremote.password, and edit the file's permissions so that:
the owner of the file is the same user that runs the UCMDB service
only the owner has permission to view the file (Reminder: This file has the JMX protocol password in clear text)
For more details, see "Java JMX Access Hardening" in the Hardening section of the UCMDB Help.
Redo modifications on integration (federation) adapters. All adapters must be compatible with the new Universal Data Model. If you made changes to existing out-of-the-box adapters, you must make the same changes to the adapter files in version 11.0. Do not copy files from your previous version and overwrite the files in version 11.0.
Enable Aging. During the upgrade, aging is disabled to prevent CIs from being deleted because of the time during which the Probe is not collecting data (between the running of the upgrade process and until discovery starts reporting all CIs).
It is very important to re-enable aging. However, it is recommended to wait until the system has stabilized before re-enabling aging. To verify that the system has stabilized, run discovery and monitor all CIs that are marked for deletion. For details, see "Universal Discovery " in the Data Flow Management section of the UCMDB Help.
Re-enable aging from the Administration > CI Lifecycle module and restart the server. For details about aging, see "CI Lifecycle and the Aging Mechanism" in the Administer section of the UCMDB Help.
CyberArk Integration. Check if new hash value is the same as the one you configured in the CyberArk server. If different, re-generate the hash value using the following command:
java -Xms500m -Xmx1200m -jar JavaAIMGetAppInfo.jar GetHash /AppExecutablesPattern="C:\hp\UCMDB\DataFlowProbe\lib" /OnlyExecutablesWithAIMAnnotation=yes /LogFileDirectory="c:\temp"
And then fill the newly generated hash value into the CyberArk server.
Note: This section is relevant only if your upgraded environment is to be a high-availability environment.
A typical configuration for a high-availability environment is two or more UCMDB Servers connecting to the same database server. The server are configured to work behind a load balancer, that is, the load balancer serves as the entry point to the UCMDB Servers. All of the UCMDB Servers are active at any given time and can handle both read and write requests. Requests are distributed to the UCMDB Servers in the cluster by the load balancer. While read requests are shared evenly among all of the UCMDB Servers (Readers), only one UCMDB Server (Writer) is also responsible for write requests at one time. Any write requests received by a Reader are passed to the Writer. Moreover, any of the UCMDB Servers can take over the Writer role in the case that the Writer becomes unavailable.
The load balancer used for high availability must have the ability to insert cookies and must be able to do health checks ("keepalive").
The instructions defined below are certified over the load balancer, F5 BIG-IP version 10.x (and later).
If you are using a different load balancer, the configuration should be performed by a network administrator who has a wide knowledge about how to configure your load balancer, and similar principles should be applied.
The set up procedure below assumes that you already have at least one UCMDB Server installed and configured.
To set up a high availability environment:
To set up a high availability environment after upgrading from UCMDB 10.xx to UCMDB 11.0:
Install one or more additional UCMDB Servers to create a UCMDB Server cluster
Install the UCMDB Servers as you did the first UCMDB Server with one difference: when running the Server Configuration wizard to configure the database on the additional UCMDB Server, select Connect to an existing schema, and provide the details of the schema you created for the first UCMDB Server.
For details on installing UCMDB Servers, see Installing the UCMDB Server - Installation.
Note:
The machines used for all of the UCMDB Servers in the cluster should have similar hardware (and the same amount of memory) and should be running the same operating system.
UCMDB Servers in the cluster must work on the same port number for HTTP, HTTPS, and so on. You cannot configure the two UCMDB Servers to work on different ports.
If you are working in an IPv6-only environment, ensure that the UCMDB Server machines are configured for IPv6.
In the wrapper.conf file, locate the following line:
wrapper.java.additional.<#>=-Djava.net.preferIPv4Stack=true
Complete the Server Startup
If the first UCMDB Server (preferably the writer server) is not started, start the process. Wait until the startup process is complete.
Copy the <UCMDBServer>/conf folder from the first server (the writer) to the other servers.
Start the other UCMDB Servers.
Configure the Load Balancer
The load balancer is used to balance load sent to the UCMDB Servers in the cluster. Configure the load balancer as follows:
Configure VIP addresses. On the load balancer:
Configure a Cluster VIP address to send requests to the whole UCMDB Server cluster.
Configure a Writer VIP address to send requests to the Writer only (for Universal Discovery only).
Note: Keep a note of the defined VIP addresses.
When defining the communication settings between the UCMDB Server and the Data Flow Probes, always use the Writer VIP address when prompted for the UCMDB Server name.
When defining the communication settings between the UCMDB Server and other applications, always use the Cluster VIP address when prompted for the UCMDB Server name.
Configure two identical pools of backend servers that represent all of the UCMDB Servers in the cluster. The two pools will be monitored by different health monitors. One pool will be sent requests that are intended solely for the Writer server (only for Universal Discovery), and the other pool will be sent requests that can be processed by any server in the cluster.
Configure the health monitors (keepalive addresses). The health monitors check for the keepalive page of each of the UCMDB Servers.
Configure the following URL for the Cluster VIP address:
/ping/
Configure the following URL for the Writer VIP address:
/ping/?restrictToWriter=true
Possible responses from both of these URLs are Up or Down with http response codes 200 OK or 503 Service unavailable respectively.
The expected response should be Up.
For more details, see How to monitor High Availability cluster with endpoint /ping below.
Connect the health monitors to the respective UCMDB Server pools configured above.
Configure "session stickiness" on the load balancer:
Configure the load balancer to insert cookies to the responses sent back to UCMDB clients.
Using the Insert method, add a persistence profile of type cookie for each VIP address.
Note: The cookie name and value are unimportant, as long as the load balancer knows how to maintain stickiness with the cookies it sends out.
Important! Since F5 BIG-IP adds a session cookie only to the first request per connection to the server, you must do the following:
Log into UCMDB.
Go to Administration > Infrastructure Settings, and change the Force connection closing for SDK clients to true.
When this setting is set to true, the UCMDB SDK clients add a Connection:close header to each authentication request and class download request sent to the server. This way the load balancer will think this is a first request in a connection and add the session cookie to the response.
Note: This is relevant to load balancers which, like F5 BIG-IP version 10.x, add a session cookie to the first request per connection to the server only.
If the load balancer you are using adds a session cookie to every response, Force connection closing for SDK clients should be set to false (as is the default). In this case, setting it to true can lead to a decline in system performance.
If the VIP is configured to accept secure connections and the load balancer forwards the requests to the UCMDB servers over HTTP, you must configure redirect rewrites. In the F5 UI, configure the HTTP profile associated with the VIP to rewrite all redirects by enabling the following option: Redirect Rewrite select All.
Note: If the load balancer is configured to forward requests to backend over HTTP, an extra setting is required to be done on the load balancer. The load balancer admin should configure the load balancer to rewrite the Location header to correctly point to the load balancer URL. This needs to be done for HTTP connections that go to the jmx-console. This can be achieved through a regular expression like the following:
(https:\/\/(.*)):(\d*)(.*) \1\4
where the yellow part is the matching part and the green part is the replacing part.
Configure Data Flow Probes
When you install a Data Flow Probe, use the load balancer's Writer VIP address when defining the Universal CMDB Server name.
If you already have a Data Flow Probe installed:
Stop the Probe.
In the /opt/UCMDB/DataFlowProbe/conf/DataFlowProbe.propertiesc:\UCMDB\DataFlowProbe\conf\DataFlowProbe.properties file, change the serverName attribute to point to the Writer VIP address.
Restart the Probe.
How to monitor High Availability cluster with endpoint /ping
The endpoint /ping allows monitoring of the High Availability cluster. So far the endpoint could be configured to ask for the status of:
The restrictToReader parameter was added to the aforementioned endpoint that returns the status of only the readers in the cluster.
To configure this, the endpoint /ping should be called with the following parameter: restrictToReader=true
For example, /ping:8443?restrictToReader=true
Note: In case both restrictToWriter and restrictToReader parameters are present and have the value set to true, for example,
/ping:8443?restrictToReader=true&restrictToWriter=true
Only the parameter restrictToWriter will be taken into account.
As a best practice for deployments that rely heavily on UCMDB Browser, we recommend the use of a UCMDB HA Cluster with at least three nodes (one writer and two readers).
For this type of deployment, we recommend that two virtual IPs are created on the load balancer:
In case that the cluster contains 2 or more reader servers, one endpoint that points to all the reader servers. The endpoint for health check is: <UCMDB_URL>/ping?restrictToReader=true
In case that the cluster contains 1 reader server, one endpoint that points to all the servers (reader and writer). The endpoint for health check is: <UCMDB_URL>/ping
The health check endpoint will return:
Note that other elements can affect the health check process, in this case the load balancer can get an error similar to "Connection refused".
This end-to-end use case describes how to set up a high-availability UCMDB and UCMDB Browser environment with F5 BIG-IP load balancer and WebSEAL reverse proxy.
Note: Product versions used in this end-to-end use case:
The diagram below illustrates the overall architecture of the environment we will set up.
This case contains the following key tasks:
Prerequisites
(Optional) You have set up high availability mode by following the instructions in the Deployment Guide: "Set Up High Availability Mode".
Export the out-of-the-box UCMDB server keystore to a cert file
If using the out-of-the-box (OOTB) UCMDB cert, export it for later use.
To export the UCMDB server keystore (server.keystore) to a cert file (server.cert), do the following:
Open the command prompt and run the following command:
C:\UCMDB\UCMDBServer\bin\jre\bin\keytool.exe -export -alias <certificate alias> -keystore <Keystore file path> -file C:\UCMDB\UCMDBServer\conf\security\server.cert
where:
certificate alias is the name given to the certificate.
Keystore file path is the full path of the location of the keystore file.
For example, for the out-of-the-box server.keystore use the following command:
C:\UCMDB\UCMDBServer\bin\jre\bin\keytool.exe -export -alias hpcert -keystore C:\ucmdb\ucmdbserver\conf\security\server.keystore -file C:\UCMDB\UCMDBServer\conf\security\server.cert
Note: If self-signed certificate is not used, but a company generated certificate, use the following command to get the alias for this certificate:
C:\UCMDB\UCMDBServer\bin\jre\bin\keytool.exe -list -keystore c:\ucmdb\ucmdbserver\conf\security\server.keystore
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 1 entry.
<alias>, 14 Sept. 2012, PrivateKeyEntry.
Certificate fingerprint (SHA1): 2A:52:DF:17:D9:A5:37:2D:1F:1D:BA:4B:41:46:33:A8:18:42:5B:D7
The alias will look like: {45789-15478-1236-7895}
Use this alias to export the certificate.
Enter the keystore password.
Verify that the certificate was created in the following directory: C:\UCMDB\UCMDBServer\conf\security\server.cert
Convert the generated JKS file into PKCS12 format using UCMDB key tool keytool.exe (located in the <UCMDBServer>\bin\jre\bin directory). (WebSEAL requires PKCS12 format cert.)
Run the following command:
C:\UCMDB\UCMDBServer\bin\jre\bin\keytool.exe -importkeystore -srckeystore server.keystore -destkeystore server.p12 -srcalias <source serverkey> -destalias <target serverkey> -srcstoretype jks -deststoretype pkcs12 -srcstorepass <keystore password> -deststorepass <keystore password> -noprompt
The server.p12
file is the resulting PKCS12 format cert.
(Single Sign-On only) Set IDM User Name
Provide the following parameter values for the setUserName JMX method:
Set UCMDB Browser URL
Make sure you have created the following in the F5 BIG-IP load balancer environment (Local Traffic > Virtual Servers > Nodes|Pools):
Import the UCMDB CA cert/key into F5.
In the SSL Certificate/Key Source page, select Import Type:
When selecting Certificate, do the following:
When selecting Key, do the following:
Add UCMDB CA cert/key to Certificate Key Chain.
In F5, go to Local Traffic > Virtual Servers > Profiles > SSL.
Select and click an existing UCMDB cert profile.
Note: Create a SSL profile for HTTPS by clicking Create if you do not have one.
Go to the Certificate Key Chain configuration setting, click Add .
In the Add SSL Certificate to Key Chain dialog, select or provide values for the following settings as appropriate and click Add :
Certificate: Select the UCMDB certificate file.
Key. Select the UCMDB key.
Chain. Select the UCMDB chain.
Passphrase. Provide a pass phrase.
Create a cookie-based persistence profile.
Create a virtual server.
Specify values the following settings:
Configure WebSEAL reverse proxy by following IBM official documentation: IBM Security Access Manager (ISAM) Reverse Proxy Scenario.
Important: During the configuration, in the Identity tab of the Edit a Standard Junction window, make sure you set the following settings as described below:
HTTP Basic Authentication Header: For UCMDB Browser and RESTful API authentication to work properly, select Ignore from the dropdown list.
(Optional) HTTP Header Identity Information: Select IV-USER if you are using LDAP with user iv-user.
Import UCMDB cert (OOTB or self-signed).
If no, select Manage > Import from the menu.
Provide the self signed certificate from the UCMDB Browser/UCMDB Server or the OOTB UCMDB cert.
Make sure the cert type is PKCS12. If not PKCS12, you may need to convert it to PKCS12 from JKS.
Note: The OOTB UCMDB cert can be converted to PKCS12 using UCMDB key tool keytool.exe (located in the <UCMDBServer>\bin\jre\bin directory). For the conversion command, see step 2.d in UCMDB Server configuration.
Configure the ucmdb_browser_config.xml file.
<hostname>
parameter value to the VIP that you set in F5. <host_port>
parameter to the Port that you set in F5.(Single Sign-on only) If you are using LDAP with user iv-user, locate the <webui>
tags, then the <validation>
tags, copy and paste the following into the file:
<in-ui-identity-management> <identity-management> <userNameHeaderName>iv-user</userNameHeaderName> </identity-management> </in-ui-identity-management>
Create and configure a credentials file.
In the file credentials.txt, enter the following content:
To do so, log in to any of the following:
Environment | Login URL | Remarks |
---|---|---|
WebSEAL | https://<WebSEAL URL>:<port><WebSEAL Junction> | Including UCMDB Browser, UCMDB server, and API |
F5 | https://<VIP>:<port> | Including UCMDB Browser and UCMDB server |
UCMDB Browser | https://<UCMDB Browser IP address>:<port> | |
UCMDB Server | https://<UCMDB Server IP address>:<port> |
Create and configure the Solr home. To do this, follow these steps:
Create the following folder structure in the Solr home:
configsets\ucmdb_configs\conf
Copy the following files from the <UCMDB_Server_Home>\search\solr_dp\configsets\ucmdb_configs\conf folder to the <Solr_home>\configsets\ucmdb_configs\conf folder:
Start Solr.
To do this, go to the <Solr_install_dir>\bin directory in a command prompt, and then run the following command:
solr start -s <Solr_home>
Note:
solr stop -all
command in the same directory.Add the following settings into <UCMDB_Server_Home>\conf\settings.override.properties.
cmdb.search.solr.standalone=true
cmdb.search.solr.standalone.url=http://<FQDN of Solr Hostname>:8983/solr
Note: The value for cmdb.search.solr.standalone.url
should be the URL verified in Step 3.
Increase Solr memory size.
By default Solr allocates only 512MB RAM. You might need to increase this setting, depending on the server’s RAM and other processes that run on the same server.
To increase Solr memory size,
Open the following file using a text editor:
Windows: <UCMDB_install_dir>\solr\bin\solr.in.cmd
Linux: <UCMDB_install_dir>/solr/bin/solr.in.sh
Locate the following setting and increase the setting to a desired value:
Windows:
set SOLR_JAVA_MEM=-Xms512m -Xmx2048m
where Xms
is the initial amount, Xmx
is the total amount of memory allocated.
Linux:
SOLR_JAVA_MEM="-Xms512m -Xmx2048m"
Restart the UCMDB Server.
Note: In a High Availability environment, all the UCMDB servers have to be connected to the same standalone Solr.
To deploy Solr HA cluster based on Zookeeper, follow these steps:
Install the Apache Zookeeper. To do this follow these steps:
Download Apache zookeeper 3.4.6 (https://archive.apache.org/dist/zookeeper/zookeeper-3.4.6/).
Unzip the downloaded package.
The path where you unzip the package will be later referred as <zookeeper_install_dir>.
Go to the <zookeeper_install_dir>\conf folder and rename the zoo_sample.cfg file to zoo.cfg.
Open the zoo.cfg file using a text editor.
Set its value to a folder of your choice.
Example: dataDir=D:/zookeeper/dataDir
At the end of the file, add the IP to which you want Zookeeper to listen.
Example:
clientPortAddress=192.168.168.68
Otherwise Zookeeper will listen to 0.0.0.0:2181 by default.
Go to the <zookeeper_install_dir>\bin folder and start the zookeeper by executing the following from the command line:
Windows:zkServer.cmd
Linux:zkServer.sh start
Now zookeeper is running at HTTP://<zookeeper_ip>:<zookeeper_port> (You can change the port in the zoo.cfg file).
Install Solr in cloud mode. To do this follow these steps:
Download Solr 6.2.1 distribution (http://archive.apache.org/dist/lucene/solr/6.2.1/) on a different machine from the zookeeper.
Note: Solr 6.2.1 requires JAVA 8.
JAVA_HOME needs to be set as a system path or environment variable.
Unzip the downloaded package.
Create a directory where Solr is to be located and used as a running directory. You can call this directory <Solr_installDir>. Example: D:\Solr\6.2.1
Copy the contents of the Solr package into this directory.
Go to the <UCMDB_Server>\search\solr_dp directory and copy the solr.xml file and the configsets directory file to <Solr_installDir>.
Start Solr in cloud mode:
To start Solr in cloud mode, execute the following command from the bin folder:
bin/solr start -cloud -s <Solr_installDir> -p 8987 -z <zookeeper_ip>:<zookeeper_port>
Examples:
solr start -cloud -s "D:\Solr\6.2.1\index\solr -p 9999 -z myzookeeper:2181
solr start -cloud -s "D:\Solr\6.2.1\index\solr -p 9999 -z 16.66.166.166:2181
Now Solr is started in cloud mode and it is connected to the zookeeper.
On a different machine, install another Solr and connect to the zookeeper in the same way.
After this you have a Solr cloud cluster up and running with 1 zookeeper and 2 Solr nodes.
You can extend Solr cloud culster by adding more Solr machines to the zookeeper.
Configure UCMDB for Solr cloud. To do this follow these steps:
Provide values for the parameters and make sure that the setup meets both of the following requirements:
Restart UCMDB server.
UCMDB server will create the index in Solr based on the configurations you provided in the JMX console.
Note:
To view the configurations, invoke the viewSolrCloudConfigurations JMX method.
To revert the configurations, and also clean the Solr cluster, invoke the cleanupSolrCluster JMX method.
To view the Zookeeper configuration details, go to https://zookeeper.apache.org/doc/r3.4.6/zookeeperAdmin.html#sc_configuration
Below is an example of how the index will look like for a UCMDB with 2 customers with the following Solr cloud configuration:
Solr Cloud Configuration: Number of nodes: 2 Number of shards: 2 Replication Factor: 2 Zookeeper URL: 16.66.166.166:2181 Is Solr Cloud enabled: true
You can see that the there are 2 indexes, one for each customer, customer1 and customer2.
Each index is split into 2 shards, with shard 1 being on the Solr machine 16.66.66.66:9999 and replicated on Solr machine 16.66.66.66:8888. Shard 2 is also present on both machines. So if a Solr machine shuts down, the index will still be available from the other one, and the users can still perform searches.
This section covers the pre-deployment requirements that your organization should meet when planning the SSA deployment.
Hardware
Component | Requirement |
---|---|
Operating System | 64-bit |
Memory | 16G |
Number of Processors | 8 or more processors |
Note: SSA would consume more resources on the UCMDB server and the Data Flow Probe server. It is strongly recommended to assign adequate hardware resources.
Operating System
Hardware Platform | OS Type | OS Version and Edition | Supported | Recommended |
---|---|---|---|---|
x86-64 | Windows Server 2016 | Datacenter and Standard, 64-bit (without the Nano Server installation option) | Yes | Yes |
x86-64 | Windows Server 2012 R2 | Standard/Datacenter editions, 64-bit | Yes | |
x86-64 | Windows Server 2012 | Standard/Datacenter editions, 64-bit | Yes | |
x86-64 | Windows Server 2008 |
|
Yes |
Additional Requirement
Microsoft Visual C++ 2010 x64 Redistributable Package
Before deploying Smart Software Analytics, make sure that you have installed and configured the following:
Also, get the following resources ready:
To enable SSA to work with UCMDB Browser and UCMDB Server, make sure you deploy SSA service on the same domain as UCMDB Browser's.
For example, if you can visit UCMDB Browser via https://<Browser_hostname>.microfocus.com:8090. Your SSA service should be deployed on https://<SSA_hostname>.microfocus.com as well.
Tip: It is recommended that you deploy these two products on the same machine.
Before the installation, review
Note:
(For upgrade only) It is recommended to uninstall SSA 2.0 before you install SSA 3.0. If you want to keep your customized configurations made in SSA 2.0, for example, the scheduler.cron parameter, keystore, and truststore, back up those configurations and copy them back to the corresponding folders in SSA 3.0 after the installation.
Installing SSA server
To install the SSA server, follow these steps:
Extract the ZIP packages for Windows platform.
Check if there is a newer version of master SAI files that have been released. If yes, download the latest master SAI files it and replace the older ones under the <SSA installation directory>\ssa-server\ssa\data\masterSAI folder.
Execute the <SSA installation directory>\install_ssa_service.bat script to register SSA as the Windows service: CMS SSA Server
.
Execute the <SSA installation directory>\start_ssa_service.bat script to start the service.
Now you can launch and configure SSA from UCMDB Browser.
Post-Installation Setup
To ensure that Smart Software Analytics works in the best condition, it is recommended that you perform the following after installing Smart Software Analytics:
To monitor SSA, perform the following in a regular basis:
Check the <SSA installation directory>\ssa-server\ssa\data\scanFile folder. By checking the last modified time of each scanfile, you can have a clear understanding of the work done by SSA.
Always back up user SAI files timely in a regular basis to avoid potential data loss. All user SAI files are saved under the <SSA installation directory>\ssa-server\ssa\data\masterSAI folder.
Tip: As the SSA data is saved on the Windows file system, a backup system is used to prevent data loss due to file corruption. Whenever the SAI file is changed, a *.bak file would be saved in the same folder as backup.
The auto teach results would be more accurate with the latest DK package. Therefore, it is strongly recommended that you keep the DK package content on SSA up to date by downloading the latest package, which is released on ITOM Marketplace in a monthly base. Upload the master SAI files contained in the latest package when you finish downloading.
Before starting SSA, to make sure that SSA could work with UCMDB Browser and UCMDB Server, configure SSA as follows:
Go to <SSA_HOME>\ssa-server\config\ssa_lwsso_config.xml and then modify the following configuration:
initString="This string should be replaced" <domain></domain>
Note:
initstring
should be the same as configured in UCMDB's LWSSO configuration. It can be retrieved by using the JMX method retrieveLWSSOConfiguration
. <domain></domain>
element is required. Specify here the domain which can be visited by both the SSA service and the UCMDB Browser service.In the meantime, the LW-SSO configuration for UCMDB Browser should be modified in the same way. For details about configuring LW-SSO for UCMDB Browser, see
Go to <SSA_HOME>\ssa-server\config\config.properties and modify the settings as shown below:
UCMDB connection configuration:
ucmdb.schema=https ucmdb.domain=FQDN or IP ucmdb.port=8443
UCMDB Browser domain information:
browser.schema=https browser.domain=FQDN Only browser.port=8090 allowed.access.ip=*
(Optional) Change the certificate.
SSA could work with UCMDB and Data Flow Probe with the out-of-the-box certificate configuration.
If you want to change the OOTB certificate in the ecosystem, follow the procedure as described below:
When UCMDB's certificate is changed, make sure that you perform the following steps:
Export UCMDB's public certificate.
Open the command prompt and run the command:
C:\UCMDB\UCMDBServer\bin\jre\bin\keytool.exe -export -alias <keystore alias> -keystore <Keystore file path> -file C:\UCMDB\UCMDBServer\conf\security\server.cert
where:
keystore alias is the name given to the keystore.
Keystore file path is the full path of the location of the keystore file.
For example, for the out-of-the-box server.keystore use the following command:
C:\UCMDB\UCMDBServer\bin\jre\bin\keytool.exe -export -alias hpcert -keystore C:\ucmdb\ucmdbserver\conf\security\server.keystore -file C:\HP\UCMDB\UCMDBServer\conf\security\server.cert
Enter the keystore password.
Verify that the certificate was created in the following directory: C:\UCMDB\UCMDBServer\conf\security\server.cert
Delete the old certificate in SSA server's Truststore by using the following command:
<SSA_HOME>\jre\bin\keytool -delete -alias "ucmdb server" -keystore <SSA_HOME>\ssa-server\config\interface.truststore -storepass ssapass
Import the new certificate which comes from UCMDB by using the following command:
<SSA_HOME>\jre\bin\keytool -import -trustcacerts -keystore <SSA_HOME>\ssa-server\config\interface.truststore -storepass ssapass -alias "ucmdb server" -file <UCMDB CERT FILE>
When SSA server's certificate is changed, make sure that you perform the following steps:
Generate a new keystore (by using the command below to replace the ssa-server keystore
under <SSA_HOME>\ssa-server\config\interface.keystore
:
<SSA_HOME>\jre\bin\keytool -keystore <temp folder>\interface.keystore -genkey -alias interface -keyalg RSA -keysize 2048 -storepass ssapass -keypass ssapass
Export the public certificate from new keystore of ssa-server
:
<SSA_HOME>\jre\bin\keytool -export -alias interface -keystore <SSA_HOME>\ssa-server\config\interface.keystore -storepass ssapass -file <temp folder>\interface.crt
Import interface.crt to the Data Flow Probe's Truststore.
Open the command prompt and execute the following command:
C:\UCMDB\DataFlowProbe\bin\jre\bin\keytool.exe -import -v -keystore C:\UCMDB\DataFlowProbe\conf\security\HPProbeTrustStore.jks -file C:\UCMDB\DataFlowProbe\conf\security\interface.crt -alias ssa
Enter the keystore password: logomania
When asked Trust this certificate?, press y and then Enter.
The following message is displayed:
Certificate was added to keystore.
When Data Flow Probe's certificate is changed, make sure that you perform the following steps:
Export Data Flow Probe's public certificate.
Open the command prompt and run the command:
C:\UCMDB\DataFlowProbe\bin\jre\bin\keytool.exe -export -alias <ProbeName> -keystore C:\UCMDB\DataFlowProbe\conf\security\client.keystore -file C:\UCMDB\DataFlowProbe\conf\security\<ProbeName>.cert
When asked, enter the keystore password.
The following message is displayed:
Certificate stored in file <C:\UCMDB\DataFlowProbe\conf\security\<ProbeName>.cert>
Replace the certificate in ssa-server using the following command:
<SSA_HOME>\jre\bin\keytool -import -trustcacerts -keystore <SSA_HOME>\ssa-server\config\interface.truststore -storepass ssapass -alias <ProbeName> -file <PROBE CERT FILE>
To enable and configure Smart Software Analytics, follow these steps:
Access the Smart Software Analytics module.
Access UCMDB Browser, using the following URL: https://<server_name or IP>:<port>/ucmdb-browser. Provide user name and password if required. Once you are logged in, you are on the UCMDB Home landing page.
It is recommended that you access UCMDB Browser using Chrome.
On the top right of the Smart Software Analytics, click the SSA CONFIGURATION button. The Settings window is displayed.
Enable and configure SSA settings as described in the following table.
UI Element | Description |
---|---|
Enable SSA | Switch to enable or disable SSA. |
SSA Server Domain |
Type the fully qualified domain name (FQDN) of your SSA server here, for example, ssa.microfocus.com. UCMDB Browser automatically checks whether the SSA server can be connected. If not, the following message is displayed: "SSA Server is not available." Note: For the first time to connect to an SSA server with self-signed certificate, you need to open another web browser window to accept the certificate by visiting the following URL: https://<SSA_domainname>:9554 |
Define the schedule to send scanfile to SSA | Select the Data Flow Probe for which you will define the schedule. You can define the schedule for all probes or a specific probe. |
<The frequency drop-down list> |
Define how frequently the selected probe or probes are scheduled to send scan files. |
Hour |
Define the exact hour when the selected probe or probes are scheduled to send scan files. Important: Before using SSA, check the Date and Time settings on the machines where SSA server, UCMDB server and UCMDB Browser are deployed. Make sure that these settings are consistent with each other. Otherwise, there might be overtime issues when SSA runs. |
SUBMIT | Click this button to submit the SSA schedule configuration to the UCMDB server. |
This section includes:
To check if SSA works properly, perform the following:
If SSA does not work, restart the SSA service. Then, SSA will reload all SAI files.
If SSA still fails to work normally after you restart the SSA service, it is possible that some SAI files are corrupted and a reset is needed.
Restarting the SSA service could solve most problems. But if any SAI file is corrupted, you will need to reset SSA.
To reset SSA, follow these steps:
Re-import all user SAI files. For details, see
Note: In addition to uploading the SAI files to SSA server using SSA UI on UCMDB Home, you can also manually copy back the user SAI files into <SSA installation directory>\ssa-server\ssa\data\masterSAI. But you need to restart the SSA service after doing so.
Overtime Issues Occur When SSA Runs
Check the Date and Time settings on the machines where SSA server, UCMDB server and UCMDB Browser are deployed. Make sure that these settings are consistent with each other. Otherwise, there might be overtime issues when SSA runs.
This version of SSA has the following limitations:
Data Flow Probes that are upgraded to version 11.0 do not contain the out-of the-box certificate from SSA. Therefore, these Data Flow Probes cannot upload scan files to SSA server.
Tip: Import SSA’s certificate into these Data Flow Probes. To do so, follow the instructions in step 3.b.iii. "Import interface.crt to the Data Flow Probe's Truststore" in
Note the following before installing the Data Flow Probe:
UCMDB and the Data Flow Probe should be installed within the company’s firewall and should not be deployed via the Internet.
The Probe can be installed before or after you install the Universal CMDB Server. However, during the installation of the Probe, you need to provide the UCMDB Server name, so it is preferable to install the UCMDB Server before installing the Probe.
Ensure that the network adapter on the machine on which you are installing Data Flow Probe is configured with the desired IP interface (IPv4/IPv6).
Note:
High-availability environment: Have your load balancer's Writer virtual IP address available. You will need this when defining the UCMDB Server name in the Data Flow Probe installation wizard.
Verify that you have enough hard disk space available before beginning installation. For details, see the section about Data Flow Probe requirements in the Support Matrix section of the UCMDB Help.
For details about licensing, contact Software Sales Assist team (sw_ssa@microfocus.com).
Before installing the Data Flow Probe, open the following file on the machine on which you are installing the Probe, and ensure that any lines containing "localhost" are commented out:
%systemroot%\system32\drivers\etc\hosts
/etc/hosts
If you are upgrading a Data Flow Probe, it is strongly recommended, before you start the upgrade procedure, to back up the following folder and restore it after performing the upgrade. This retains your manually imported customer certificates.
C:\UCMDB\UCMDBServer\bin\jre\lib\security\cacerts
/opt/UCMDB/UCMDBServer/bin/jre/lib/security/cacerts
Data Flow Probe on Windows
Before installing the Probe on a Windows machine, a user must have full control permissions on the file system. In addition, after installing the Probe, verify that the user who is running the Probe has full administration permissions on the file system where the Probe is installed.
(Second Probe only)
Supported combination: An existing Probe (of any version, separate or union mode) on Windows + a second Probe (of version 10.30 or later, union mode), reporting to two different UCMDB Servers
That is to say, when installing a second Probe, you can
On the same Windows machine, you can have two Probes at most.
Even if you run the Data Flow Probe installer once again in an attempt to install a third Probe, it just overrides the second Probe.
Data Flow Probe on Linux
Before you install the Data Flow Probe, ensure that the relevant ports are open.
Note: During installation the default port is configured. To change the port number after the installation, see the section describing changing the Probe's port in the Universal CMDB Data Flow Management Guide.
The following ports are used by the Data Flow Probe process on the Data Flow Probe machine:
Port | Description |
---|---|
1977 | Data Flow Probe’s web application port. Used for JMX console and other web services. |
1978 | If the Data Flow Probe is installed in separate mode (Probe Manager and Probe Gateway are running in separate processes), this port is used by the Probe Manager process for the web application port (Manager’s JMX console). |
1979 | Web application port for the second Data Flow Probe (if installed). Used for JMX console and other web services. |
8453 |
Data Flow Probe’s secured web application port. Same as 1977, and is used for the JMX console and other web services if the Jetty HTTPS mode is enabled. Also used to redirect Credential Manager requests when the Data Flow Probe is installed in separate mode. |
8454 |
Data Flow Probe’s secured web application port. If the Data Flow Probe is installed in separate mode and Jetty HTTPS mode is enabled, this port is used by the Probe Manager process for the web application port (Manager’s JMX console). |
8455 |
Secured web application port for the second Data Flow Probe (if installed). It is used to share the Incoming and Original directories via HTTPs. |
1741 | Port opened by the Probe Gateway to enable RMI (Remote Method Invocation) between Gateway and Managers. |
1742 | Port opened by the Probe Manager to enable RMI (Remote Method Invocation) between Gateway and Managers. |
80 | Opened by a CallHome service for Universal Discovery Agents. |
81 | Opened by a CallHome service for Universal Discovery Agents. This port is used by the second Data Flow Probe (if installed). |
5432 | Port used by the PostgreSQL database. |
5433 | Port used by the PostgreSQL database for the second Data Flow Probe (if installed). |
1777 | Port used by the Tanuki wrapper. |
2055 | Port opened when the Collect Network Data by Netflow job has been activated. Used for connecting netflow data reported by nProbe software. |
34545 |
Port used by the XML Enricher. Note: The port 34545 only listens on localhost if Data Flow Probe is newly installed. However, if Data Flow Probe is upgraded to the latest version, you need to add the following setting to the wrapperEnricher.conf file manually. # Make rmi listen on localhost only wrapper.java.additional.<the number>=-Djava.rmi.server.hostname=localhost |
34645 | Port used by the XML Enricher for the second Data Flow Probe (if installed). |
The following ports are used by the Data Flow Probe process on remote machines:
Port | Description |
---|---|
5672 | Used for AMQP-based discovery. |
5989 | Used for CIM-based discovery. |
8080 | Data Flow Probe uses this port to communicate with the UCMDB server (if the communication is configured to HTTP). |
8443 | Data Flow Probe uses this port to communicate with the UCMDB server (if the communication is configured to HTTPS). |
22 | Used for SSH-based discovery. |
23 | Used for Telnet-based discovery. |
80/81 | Used for HTTP, NetApp SANscreen/OnCommand, NNM, PowerShell, UDDI, VMware VIM discoveries. If the second Data Flow Probe is installed, port 81 will be used. |
135, 137, 138, 139, 445 + DCOM ports |
Used for WMI and NTCMD discoveries. Note: Note: It is recommended that you use port 445. This is because, by default, Windows 2000 and later versions use SMB over TCP/IP via port 445 rather than over NetBIOS whenever possible. If port 445 is disabled, it will fall back to NetBIOS using port 137, 138, or 139. |
161 | Used for SNMP discovery. |
389 | Used for LDAP discoveries. |
1521, 1433, 6789, 3306, 2048, 5432 | Used for SQL (Database)-based discoveries. |
2738, 7738 | Used for Universal Discovery Agent-based discoveries. |
443 | Used for UCS, UDDI, VMWare VIM, NetApp, PowerShell discoveries. |
280 | Used for HPE SIM discovery. |
1099 | Used for Micro Focus Network Automation Java, JBoss discoveries. |
5985, 5986 |
Used for PowerCmd, PowerShell discoveries. Note: Note: These ports depend on the Microsoft Windows operating system configuration. |
3200, 3300-3303, 33xx, where xx is the SAP server instance number | Used for SAP discovery. |
50004, 50104, 50204, 50304, 50404, 5xx04 where xx is the SAP J2EE server instance number | Used for SAP JMX discovery. |
2320 | Used for Siebel Gateway discovery. |
7001, 7002 | Used for WebLogic discovery. |
8880 | Used for WebSphere discovery. |
50001 | Used for HPE SIM discovery (secure communication). |
Note: For instructions about how to perform unattended silent installation of Data Flow Probes, see Data Flow Probe - Unattended Silent Installation.
The following procedure explains how to install the Data Flow Probe on a Windows machine.
Note:
The passwords that you specify during the Data Flow Probe installation must meet the following requirements:
The password must contain 8 to 16 characters and include at least one of each of the following four types of characters:
:/._+-[]
To install the Data Flow Probe:
Extract the package for the Windows platform, and then double-click UCMDB_DataFlowProbe_11.0.exe.
A progress bar is displayed. After the initial process is complete, the splash screen opens. Choose the locale language and click OK.
The Introduction page opens. Click Next.
The License Agreement page opens.
Accept the terms of the end-user license agreement and click Next.
The UCMDB Data Flow Probe Setup Type page opens.
Select Full Data Flow Probe Installation. This installs the Data Flow Probe with all its components, including the Inventory Tools (Analysis Workbench, Viewer, SAI Editor, and MSI Scanner) required for application teaching.
Note: The Inventory Tools option is used to install only the Inventory Tools. For details about application teaching, see the Data Flow Management section of the UCMDB Help.
Click Next.
Note: If an existing Data Flow Probe is detected, a prompt pops up asking you if you would like to install a second Data Flow Probe. Click OK to proceed, or click Cancel to exit the installation.
The Select Installation Type page opens.
Select New Installation if you are installing a new probe.
Note: Select Upgrade when you upgrade an existing probe.
The Select Installation Folder page opens.
Accept the default installation folder, C:\UCMDB\DataFlowProbe, or click Choose to select a different installation folder.
(Second Probe only) For the second Data Flow Probe on the same Windows machine, specify a different installation folder or click Choose to select a different installation folder for the second probe, instead of using the one for the existing probe.
Note:
The installation folder that you select must be empty.
To restore the default installation folder, after selecting a different folder, click Restore Default Folder.
The UCMDB Data Flow Probe Configuration page opens, enabling you to configure the details of the application server to which the Data Flow Probe will report.
Under Application to report to select Universal CMDB and in the Application Server address box, enter the name or the IP address of the UCMDB server with which the Probe is to connect.
Note:
In the Data Flow Probe address box, enter the IP address or DNS name of the machine on which you are currently installing the Probe, or accept the default.
Note: If the Data Flow Probe machine has more than one IP address, enter a specific IP address, and not the DNS name.
Click Next.
Note: If you do not enter the address of the application server, or if there is no TCP connection to the application server via default ports (8080,8443,80) (possibly because the application server has not fully started yet), a message is displayed. You can choose to continue to install the Probe without entering the address, or return to the previous page to add the address.
A second Data Flow Probe Configuration page opens, enabling you to configure an identifier for the Probe.
In the Data Flow Probe identifier box, enter a name for the Probe that is used to identify it in your environment.
Note:
The Probe identifier is case sensitive, must be unique for each Probe in your deployment, and it must not exceed 50 characters.
(Applicable for the first Probe only) When installing the Probe in separate mode, that is, the Probe Gateway and Probe Manager are installed on separate machines, you must give the same name to the Probe Gateway and all its Probe Managers. This name appears in
To use the default
The Default UCMDB Domain is also configurable in UCMDB's Infrastructure Settings module (Administration > Infrastructure Settings > Class Model Settings > Default Domain Property Value). For details, see the Administer section of the UCMDB Help.
Click Next.
If you cleared the Use Default CMDB Domain box in the previous step, the Domain Configuration page opens.
Data Flow Probe domain type. Select the type of domain on which the Probe is to run:
Customer. Select if you are installing one or more Probes in your deployment.
Note: Always use this option for new installations.
External. Select this option for upgraded 6.x systems.
Data Flow Probe domain. If you are not using the default domain defined in
Note: For external domains, this value must be identical to the Data Flow Probe identifier defined in the previous step.
Click Next.
The UCMDB Data Flow Probe Working Mode page opens.
Note: When installing a second Probe, this step is skipped.
You can run the Probe Gateway and Probe Manager as one Java process or as separate processes.
Note: The Probe can be configured in separate mode in IPv4 environments, and in IPv4/IPv6 environments, but not in pure IPv6 environments.
Click No to run the Probe Gateway and Probe Manager as one process.
Click Yes to run the Probe Gateway and Probe Manager as two processes on separate machines.
Note: When running the Probe Gateway and Probe Manager as two processes ensure the following:
At least one Probe Gateway component must be installed. The Probe Gateway is connected to the UCMDB Server. It receives tasks from the Server and communicates with the collectors (Probe Managers).
Several Probe Managers can be installed. The Probe Managers run jobs and gather information from networks.
The Probe Gateway should contain a list of attached Probe Managers.
The Probe Managers must know to which Probe Gateway they are attached.
Click Next.
The UCMDB Data Flow Probe Memory Size page opens.
Define the minimum and maximum memory, in megabytes (MB), to be allocated to the Probe.
Note: For information about changing the maximum heap size value at a later point in time, see the Data Flow Management section of the UCMDB Help.
Click Next.
The PostgreSQL Account Configuration page opens.
The PostgreSQL Data Flow Probe account is used by the Data Flow Probe to connect to the PostgreSQL database. This account is less privileged compared to the PostgreSQL root account. Its password is encrypted in the DataFlowProbeOverride.properties configuration file.
Enter the password for the PostgreSQL Data Flow Probe account and enter it a second time for confirmation.
Click Next.
A second PostgreSQL Account Configuration page opens where you configure the PostgreSQL root account. The PostgreSQL root account is the account used to administer the PostgreSQL database. When set, it may need to be provided while executing scripts under the Probe's installation.
Enter the password for the PostgreSQL Data Flow Probe account, and enter it a second time for confirmation.
Note: Changing the root account password does not affect operation of the Probe.
Click Next.
The Configuration for System Administrator Password page opens.
Set the password for the system administrator (sysadmin), who has the ability to log into the JMX console.
Click Next.
The Account Configuration for Uploading Scan Files page opens. This is used for Manual Scanner Deployment mode. It enables uploading scan files directly to the XML Enricher's incoming directory on the Data Flow Probe using HTTP or HTTPS.
Enter the user name and password for this account, and enter the password a second time for confirmation. The default user name is UploadScanFile.
Click Next.
The Pre-Installation Summary page opens.
Review the selections you have made and click Install to complete the installation of the Probe.
When the installation is complete, the Install Complete page opens.
Note:
Any errors occurring during installation are written to the following file:
<DataFlowProbe_InstallDir>\UninstallerData\Logs\UCMDB_Data_Flow_Probe_Install_<install date and time>.log
For example, C:\UCMDB\DataFlowProbe\UninstallerData\Logs\UCMDB_Data_Flow_Probe_Install_<install date and time>.log for the first Probe on the Windows machine.
Any database-related errors occurring during installation are written to the following log:
<DataFlowProbe_InstallDir>\runtime\log\postgresql.log
For example, C:\UCMDB\DataFlowProbe\runtime\log\postgresql.log for the first Probe on the Windows machine.
Click Done.
If you customized the key.bin file, copy the key.bin that you saved earlier to <DataFlowProbe_InstallDir>\conf\security.
Start the Probe by using one of the following methods:
Click Start > All Programs > UCMDB > Start Data Flow Probe.
Note: To start the second Probe: Select Start > All Programs > UCMDB (2) > Start Data Flow Probe.
To start the Probe from the console, at the command prompt execute the following script:
<DataFlowProbe_InstallDir>\bin\gateway.bat console
For example, C:\UCMDB\DataFlowProbe\bin\gateway.bat console
for the first Probe on the Windows machine.
Execute the following command:
/opt/UCMDB/DataFlowProbe/bin/ProbeGateway.sh start
To activate the Probe in a console, execute the following command:
/opt/UCMDB/DataFlowProbe/bin/ProbeGateway.sh console
Note:
In order for the Probe to connect to the application server, the application server must be fully started.
On Linux, the user running the Probe service must be a member of the Administrators group.
The Probe installed on Windows is displayed in
A Probe installed on Linux is displayed when creating a new integration point in the Data Flow Management Integration Studio. For details, see the section describing how to create integration points in the Data Flow Management section of the UCMDB Help.
A Probe installed on Linux does not appear in the list of Data Flow Probes in the Data Flow Probe Setup window.
(Windows only, the first Probe only) If you selected to run the Probe Gateway and Probe Manager as two processes on separate machines, you must configure the Probe Gateway and Probe Manager components. For details, see Data Flow Probe - Configure the Database Scripts (Optional) below.
Note: For instructions about how to perform unattended silent installation of Data Flow Probes, see Data Flow Probe - Unattended Silent Installation.
The following procedure explains how to install the Data Flow Probe on a Linux platform.
Note:
The passwords that you specify during the Data Flow Probe installation must meet the following requirements:
The password must contain 8 to 16 characters and include at least one of each of the following four types of characters:
:/._+-[]
To install the Data Flow Probe:
Extract the package for the Linux platform, and then execute the following command:
sh <path to the installer>/UCMDB_DataFlowProbe_11.0.xx.bin
Caution: Console mode is not supported.
The following commands are executed:
Preparing to install... Extracting the JRE from the installer archive... Unpacking the JRE... Extracting the installation resources from the installer archive... Configuring the installer for this system's environment...
Launching installer...
The Introduction page opens. Click Next.
The License Agreement page opens.
Accept the terms of the end-user license agreement and click Next.
The Select Installation Folder page opens.
Accept the default installation folder, opt/UCMDB/DataFlowProbe, or click Choose to select a different installation folder.
Note:
Click Next.
The Data Flow Probe Configuration page opens, enabling you to configure the details of the application server to which the Data Flow Probe will report.
Under Application to report to select Universal CMDB and in the Application Server address box, enter the name or the IP address of the UCMDB server with which the Probe is to connect.
Note: In a High Availability environment, use the Writer virtual IP address of the load balancer.
In the Data Flow Probe address box, enter the IP address or DNS name of the machine on which you are currently installing the Probe, or accept the default.
Note: If the Data Flow Probe machine has more than one IP address, enter a specific IP address, and not the DNS name.
Click Next.
Note: If you do not enter the address of the application server, or if there is no TCP connection to the application server via default ports (8080,8443,80) (possibly because the application server has not fully started yet), a message is displayed. You can choose to continue to install the Probe without entering the address, or return to the previous page to add the address.
A second Data Flow Probe Configuration page opens, enabling you to configure an identifier for the Probe.
In the Data Flow Probe Identifier box, enter a name for the Probe that is used to identify it in your environment.
Note: The Probe identifier is case sensitive, must be unique for each Probe in your deployment, and it must not exceed 50 characters.
Select Use Default CMDB Domain to use the default UCMDB IP address or machine name, as defined in the UCMDB Server installation.
The Default UCMDB Domain is also configurable in UCMDB's Infrastructure Settings module (Administration > Infrastructure Settings > Class Model Settings > Default Domain Property Value). For details, see the Administer section of the UCMDB Help.
Click Next.
If you cleared the Use Default CMDB Domain box in the previous step, the UCMDB Data Flow Probe Domain Configuration page opens.
Data Flow Probe domain type. Select the type of domain on which the Probe is to run:
Customer. Select this option if you are installing one or more Probes in your deployment.
Note: Always use this option for new installations.
External. Select this option for upgraded systems.
Data Flow Probe domain. If you are not using the default domain defined in UCMDB enter the name of the domain here.
Note: For external domains, this value must be identical to the Data Flow Probe Identifier defined in the previous step.
Click Next.
The UCMDB Data Flow Probe Memory Size page opens.
Define the minimum and maximum memory, in megabytes, to be allocated to the Probe.
Note: For information about changing the maximum heap size value at a later point in time, see the Data Flow Management section of the UCMDB Help.
Click Next.
The PostgreSQL Account Configuration page opens.
The PostgreSQL Data Flow Probe account is used by the Data Flow Probe to connect to the PostgreSQL database. This account is less privileged compared to the PostgreSQL root account. Its password is encrypted in the DataFlowProbe.properties configuration file.
Enter the password for the PostgreSQL Data Flow Probe account and enter it a second time for confirmation.
Note: Changing this password requires an update to the DataFlowProbe.properties file.
Click Next.
A second PostgreSQL Account Configuration page opens where you configure the PostgreSQL root account. The PostgreSQL root account is the account used to administer the PostgreSQL database. When set, it may need to be provided while executing scripts under the Probe's installation.
Enter the password for the PostgreSQL Data Flow Probe account, and enter it a second time for confirmation.
Note: Changing the root account password does not affect operation of the Probe.
Click Next.
The Configuration for System Administrator Password page opens.
Enter the password for the sysadmin account.
The Account Configuration for Uploading Scan Files page opens.
Enter the user name and password for this account, and enter the password a second time for confirmation. The default user name is UploadScanFile.
Click Next.
The Pre-Installation Summary page opens. Review the selections you have made and click Install to complete the installation of the Probe.
Note: When installing the probe using a non-root account, you may see a popup message window indicating "Manual Probe Registration Required".
Make sure you register the probe service manually using a root account after the installation by running the registerService.sh script from the /home/<account_name>/UCMDB/DataFlowProbe/tools directory.
When installation is complete the Installation is Complete page opens.
Note:
Any errors occurring during installation are written to the following log:
/opt/UCMDB/DataFlowProbe/UCMDB_Data_Flow_Probe_InstallLog.log. If you installed the Probe to another directory under /opt/, the log file is located there.
Click Done.
Note: After installing the Probe, we recommend disabling virus scanning on the main directory that is used to store your PostgreSQL table data. The default directory is /opt/UCMDB/DataFlowProbe/pgsql/data.
(Non-root user account only) Register the probe manually using a root account.
Log in to the Linux system using a root account, go to the /home/<account_name>/UCMDB/DataFlowProbe/tools directory and run the registerService.sh script:
sh /home/<account_name>/UCMDB/DataFlowProbe/Tool/registerService.sh <your password>
Activate the Probe.
Note:
The root user running the Probe service must be a member of the Administrators group.
In order for the Probe to connect to the application server, the application server must be fully started.
Execute the following command:
/opt/UCMDB/DataFlowProbe/bin/ProbeGateway.sh start
Note: For non-root user account, execute the following command:
/home/<account_name>/UCMDB/DataFlowProbe/bin/ProbeGateway.sh start
To activate the Probe in a console, execute the following command:
/opt/UCMDB/DataFlowProbe/bin/ProbeGateway.sh console
Note: For non-root user, execute the following command:
/home/<account_name>/UCMDB/DataFlowProbe/bin/ProbeGateway.sh console
Tip:
The installer supports the product installation with no user interaction. This mode is useful for running the installation via automation tools or for running the installation on Linux when no GUI access is possible on the target server.
Install Data Flow Probe 11.0
Download UCMDB_DataFlowProbe_11.0.xxx.bin, then run the following command:
chmod a+x UCMDB_DataFlowProbe_11.0.xxx.bin
Prepare the response file
To produce the response file, execute the installer with the -r command line switch:
<Probe installer file name> -r <Directory for response file>
Note: Instead of the directory name, you can also specify the complete file name for the response file, for example, C:\temp\ResponseFileForProbe.txt:
UCMDB_DataFlowProbe_11.0.xxx.exe –r C:\temp\ResponseFileForProbe.txt
./UCMDB_DataFlowProbe_11.0.xxx.bin –r /tmp/ResponseFileForProbe.txt
Once executed, follow the user interface installation wizard to complete the installation, and the response file ResponseFileForProbe.txt will be stored in the directory specified in the -r switch.
Note:
The response file contains a number of NAME=VALUE pairs, one on each line of the file. The lines containing comments start with the # character. You can edit the content of the file to provide an alternative configuration that needs to be used for the unattended installation. For example, you can customize the target installation directory as well as other settings.
The file needs to be in the following character encoding:
UTF-8 without BOM (Byte Order Mark) or UTF-16 little endian
UTF-8 without BOM
If you have no GUI access, you can find a test machine with GUI access and produce the response file, then copy the generated response file to the Linux machine where you want to execute silent installation of Data Flow Probe.
Execute the silent installation
<Probe installer file name> -i silent –f <Response File path and name>
For example:
UCMDB_DataFlowProbe_11.0.xxx.exe –i silent –f C:\temp\ResponseFileForProbe.txt
./UCMDB_DataFlowProbe_11.0.xxx.bin –i silent –f /tmp/ResponseFileForProbe.txt
Start the Data Flow Probe
The table below lists the Data Flow Probe database scripts. These scripts can be modified for administration purposes, both in Windows and Linux environments.
Note:
The scripts are located on the Data Flow Probe machine, in the following location:
Script | Description |
---|---|
exportPostgresql [PostgreSQL root account password] | Exports all data from the DataFlowProbe database schema to data_flow_probe_export.bin in the current directory |
importPostgresql [Export file name] [PostgreSQL root account password | Imports data from a file created by the exportPostgresql script into the DataFlowProbe schema |
enable_remote_user_access | Configures the PostgreSQL Data Flow Probe account to be accessible from remote machines |
remove_remote_user_access | Configures the PostgreSQL Data Flow Probe account to be accessible only from the local machine (default) |
set_db_user_password [new PostgreSQL Data Flow Probe account password] [PostgreSQL root account password] | Modifies the PostgreSQL Data Flow Probe account password |
set_root_password [new PostgreSQL root account password] [Current PostgreSQL root account password] | Modifies the PostgreSQL root account password |
When the Probe Manager and Probe Gateway run as separate processes on two machines, set up the Data Flow Probe as follows:
Note:
The Probe can be configured in separate mode on IPv4 environments, and in IPv4/IPv6 environments, but not in pure IPv6 environments.
Set up the Probe Gateway machine.
Open the following file:
C:\UCMDB\DataFlowProbe\conf\probeMgrList.xml
Locate the line beginning <probeMgr ip=
and add the Manager machine name or IP address, for example:
<probeMgr ip="OLYMPICS08">
Open the following file:
C:\UCMDB\DataFlowProbe\conf\DataFlowProbe.properties
Locate the lines beginning appilog.collectors.local.ip =
and appilog.collectors.probe.ip =
and enter the Gateway machine name or IP address, for example:
appilog.collectors.local.ip = STARS01 appilog.collectors.probe.ip = STARS01
Set up the Probe Manager machine.
In C:\UCMDB\DataFlowProbe\conf\DataFlowProbe.properties:
Locate the line beginning appilog.collectors.local.ip =
and enter the Manager machine name or IP address, for example:
appilog.collectors.local.ip = OLYMPICS08
Locate the line beginning appilog.collectors.probe.ip =
and enter the Gateway machine name in uppercase, for example:
appilog.collectors.probe.ip = STARS01
Start the services.
On the Probe Manager machine, start the Manager service:
Start > All Programs > UCMDB > Start Data Flow Probe Manager
On the Probe Gateway machine, start the Gateway service:
Start > All Programs > UCMDB > Start Data Flow Probe Gateway
You can connect a Data Flow Probe to a customer that is not the default customer. The default customer ID is 1.
Open the following file in a text editor:
C:\UCMDB\DataFlowProbe\conf\DataFlowProbe.properties
../DataFlowProbe/conf/DataFlowProbe.properties
Locate the customerID
entry.
Update the value with the customer ID, for example, customerId = 2
.
Restart the Probe so that it is updated with your changes.
Note: This section is relevant for Probes installed on Windows machines only.
The Probe reports its version when connecting to the server. The Probe version is displayed in Data Flow Management, in the Details pane of the Data Flow Probe Setup module. If the Probe version is not compatible with the server version (and there is no supported upgrade), an error is generated and the Probe is forced to shut down.
When you apply a new Cumulative Update Patch (CUP) to the UCMDB Server, the Probes do not shut down automatically, and are able to report new data to the server. However, this is not recommended. Therefore, when you apply a CUP to the server, you must also apply it to the Probes—either manually or automatically.
Probe Downgrade or Rollback
Automatic downgrade or rollback of the probe version is not supported. To perform downgrade or to rollback a version upgrade, uninstall the probe and then install the required version.
Probe Restart
There are several situations where the Probe automatically restarts itself. For example, when deploying a new Content Pack or applying a CUP. In these cases, the Probe waits for 15 minutes to allow the running jobs to finish, and only then shuts down. Jobs that did not finish in that time (for example, long integrations) start running again when the Probe restarts.
How to Change the PostgreSQL Database Default Port
To change the port for the PostgreSQL database, that is defined by default in the Data Flow Probe installation:
Stop the Probe (if already started).
Stop the UCMDB Probe DB Service.
Modify the port in the following file:
The following shows how to change the port from 5432 to 5433:
Note: If two probes coexist on the same machine, plan the port usage carefully so that the ports used by the two probes do not conflict.
#port = 5432 # (change requires restart) < Old line
port = 5433 # (change requires restart) < New line
Make the following changes in the DataFlowProbe.properties file (in C:\UCMDB\DataFlowProbe\conf on Windows, and /opt/UCMDB/DataFlowProbe/conf on Linux):
Change:
jdbc:postgresql://localhost/dataflowprobe
to
jdbc:postgresql://localhost:5433/dataflowprobe
Change:
appilog.agent.local.jdbc.uri = jdbc:postgresql://localhost/dataflowprobe
to
appilog.agent.local.jdbc.uri = jdbc:postgresql://localhost:5433/dataflowprobe
Change:
appilog.agent.normalization.jdbc.uri = jdbc:postgresql://localhost/dataflowprobe
to
appilog.agent.normalization.jdbc.uri = jdbc:postgresql://localhost:5433/dataflowprobe
Change:
appilog.agent.netflow.jdbc.uri = jdbc:postgresql://localhost/dataflowprobe
to
appilog.agent.netflow.jdbc.uri = jdbc:postgresql://localhost:5433/dataflowprobe
This section contains the following:
Data Flow Probe Upgrade Overview
When upgrading Data Flow Probes, you have the following options:
Data flow probe auto upgrade. For supported probes of version 10.22 or later (with or without a CUP, union and non-FIPS mode on Windows machine), you can select the Automatically update Data Flow Probe with the new version option in the Install Data Flow Probe wizard page when upgrading the UCMDB server to perform auto upgrade of connected probes. For more information, see Data Flow Probe - Unattended Silent Installation.
Data flow probe manual upgrade. In the following scenarios, you may need to perform manual upgrade of data flow probes:
You selected the Update the Data Flow Probe manually option in the Install Data Flow Probe page of the UCMDB server upgrade wizard while upgrading the UCMDB server.
Data Flow Probe Auto Upgrade Overview
The Data Flow Probe auto upgrade mechanism is fully available since version 10.33. That is, once UCMDB server is upgraded to version 10.33 or later, the probe auto upgrade capability is in place. This capability enables you to upgrade all the connected probes of version 10.22 (or later, with or without a CUP) in your environments with just several clicks while upgrading UCMDB server, without having to access the probe servers anymore.
Compared to the traditional manual probe deployment approach (uninstall the old probe and then install the new probe), in general it takes 20-40 minutes to upgrade multiple probes in parallel with the probe auto upgrade mechanism.
The time required for upgrading all the connected probes equals to that of the probe that takes the longest duration to finish upgrade among all the connected probes. The network latency would be a impact factor, which has impact on the time the probe downloads resources from the UCMDB Server. Micro Focus lab testing shows the following results: A total of 60 connected probes finished upgrade in 40 minutes, while the majority of them finished around 20-30 minutes with network latency less than 1 millisecond.
Supported Probes
Data Flow Probes that satisfy the following criteria are supported for auto upgrade:
Supported probe versions. The probe auto upgrade and deployment mechanism supports upgrading probes from any of the following versions to version 11.0 automatically:
The following probes are not supported for auto upgrade in version 11.0:
Integration service
Data Flow Probe Auto Upgrade Workflow
The Data Flow Probe Auto Upgrade workflow contains the following steps:
The UCMDB Administrator upgrades UCMDB server from version 10.22 (or later, with or without a CUP) to version 11.0.
During the upgrade, the Administrator selects the Automatically update Data Flow Probe with the new version option. As a result, the probe auto upgrader package is placed under the <UCMDB_Server>\content\probe_patch folder, and the Data Flow Probe installer package is placed under the <UCMDB_Server>\content\probe_installer folder.
The probe auto upgrader performs the following operations:
Downloads the Data Flow Probe installer file for Windows platform (for example, UCMDB_DataFlowProbe_11.0.exe) from the UCMDB server.
Stops the following services:
Performs silent installation with the Update option.
During this step, the upgrader performs post-upgrade tasks, including merging customized settings, creating and adjusting database tables, such as splitting tables (version 10.22 to version 11.0), columns, indexes, and so on.
Reports probe upgrade status to the UCMDB server, and save probe auto upgrade logs to UCMDB Server. For example: <UCMDB_Server>\runtime\log\probeUpgradeLogs\10.22to11.0\success.
Note: If the upgrade is successful, the log would be placed under the success folder; if failed, the logs would be placed under the failed folder.
Data Flow Probe Manual Upgrade Workflow
For probes that are supported by the probe auto upgrade mechanism, do either of the following:
Important: There is no need to uninstall the old version probes first for probes supported by the probe auto upgrade mechanism.
Perform probe auto upgrade from UCMDB server.
To leverage the probe auto upgrade feature after the UCMDB server upgrade, then when you have finished upgrading the UCMDB server,
Restart the UCMDB server.
UCMDB server will then perform auto upgrade of all supported and connected probes.
Perform manual upgrade of probes on the probe servers.
Extract the package for the Windows platform, and then launch the probe installer UCMDB_DataFlowProbe_11.0.exe.
For details, see Data Flow Probe - Manual Windows Upgrade.
For probes on Linux or probes of versions not supported for auto upgrade in your environment, perform manual install of probes on the probe servers.
This workflow contains the following steps:
On the probe server, uninstall the old version probe.
For details, see the "Upgrading UCMDB - Uninstall the Data Flow Probes" section in the Deployment Guide.
Install the latest version Data Flow Probes manually.
On Windows platform:
On the UCMDB Data Flow Probe Setup Type wizard page, select Full Data Flow Probe Installation.
For details, see Data Flow Probe - Windows Installation.
On Linux platform:
Extract the package for the Linux platform, and then execute command to launch the installation.
For details, see the Data Flow Probe - Linux Installation.
Check permissions for the user account that starts the Data Flow Probe service.
For details, see
Turn off Basic Authentication (BA) if it is enabled.
Check if Basic Authentication (BA) is enabled. If yes, turn off Basic Authentication via the UCMDB UI:
Locate the Enable Basic Authentication for HTTP connections from probe setting, and then set the value to False.
Restart UCMDB server.
Check communication port between UCMDB Server and Data Flow Probe.
Check the Current Mapped Ports value in the returned result.
Check available disk space.
Check available disk space of the probe installation folder. At least 10 GB disk space is required to perform the probe auto upgrade.
Check probe status.
Log in to the UCMDB server UI, and navigate to Data Flow Management > Data Flow Probe Setup, check the Domains and Probes navigation pane. Only connected probes of supported versions can be upgraded automatically.
Check probe versions to ensure the probes you plan to upgrade are supported.
For probe versions supported by the auto upgrade mechanism, see
Back up the <DataFlowProbe> folder.
Also make sure that:
And you are aware of the following:
For probe auto upgrade, the probe upgrader will merge the following configuration files:
The result is that all the custom configuration settings will be written into the DataFlowProbeOverride.properties file.
Note:
During the upgrade, Micro Focus does not keep the configuration files for <DataFlowProbe>\pgsql\data\postgresql.conf, so make sure you reconfigure it after the upgrade (if necessary).
To manually upgrade the Data Flow Probe on Windows:
Extract the package for the Windows platform, and then double-click UCMDB_DataFlowProbe_11.0.exe.
A progress bar is displayed. After the initial process is complete, the splash screen opens. Choose the locale language and click OK.
The Introduction page opens. Click Next.
The License Agreement page opens.
Accept the terms of the end-user license agreement and click Next.
The UCMDB Data Flow Probe Setup Type page opens.
Select Full Data Flow Probe Installation. This installs the Data Flow Probe with all its components, including the Inventory Tools (Analysis Workbench, Viewer, SAI Editor, and MSI Scanner) required for application teaching.
Note: The Inventory Tools option is used to install only the Inventory Tools. For details about application teaching, see the Data Flow Management section of the UCMDB Help.
Click Next.
Note: If an existing Data Flow Probe is detected, a prompt pops up asking you if you would like to install a second Data Flow Probe. Click OK to proceed, or click Cancel to exit the installation.
The Select Installation Type page opens.
Select Upgrade and click Next.
Note: Select New Installation if you are installing a new probe.
The Select Installation Folder page opens.
Accept the default installation folder, C:\hp\UCMDB\DataFlowProbe, or click Choose to select a different installation folder for the existing probe.
Note: To restore the default installation folder, after selecting a different folder, click Restore Default Folder.
The Pre-Installation Summary page opens.
Review the selections you have made and click Install to complete the probe upgrade.
When the installation is complete, the Install Complete page opens.
Click Done.
Start the Probe by using one of the following methods:
Click Start > All Programs > UCMDB > Start Data Flow Probe.
To start the Probe from the console, at the command prompt execute the following script:
<DataFlowProbe_InstallDir>\bin\gateway.bat console
For example, C:\hp\UCMDB\DataFlowProbe\bin\gateway.bat console
.
(Version 10.30 and earlier only) If UCMDB Server and Data Flow Probe communicate via the HTTP protocol before the upgrade, then after the upgrade, you need to enable HTTP communication on the UCMDB server.
For details, see "How to Enable HTTP Communication for UCMDB Server"
Enable Basic Authentication
If you disabled the Basic Authentication as described in Data Flow Probe - Pre-Check List for Upgrade, you can enable it after all probes are upgraded successfully.
Probe version and status: Probe version has changed to the new version.
Check the details pane for each probe.
If the probe has been successfully upgrade, the Status should display Connected, and the Version should show the new version information.
Check the probe auto upgrade log file in UCMDB server's success folder
To check if a probe has been upgraded successfully, you can:
Check the probe_auto_upgrade.log file (in the C:\UCMDB\DataFlowProbe\runtime\log\probeUpgradeLogs folder), if the probe is upgraded successfully, you should be able to see the following message in the log file:
Finished probe upgrade. Probe has been upgraded to [version] [Build]. Probe auto upgrade agent will exit.
Check the success folder in UCMDB server.
The log files shows as <domain_name>_<probename>_auto_upgrade.log in the <UCMDB_Server>\runtime\log\probeUpgradeLogs\<source_version>to<target_version>\success folder. For example, <UCMDB_Server>\runtime\log\probeUpgradeLogs\10.22to11.0\success. The log files in the success folder indicate the probes that have been successfully upgraded.
For more details about the probe_auto_upgrade.log file, see "Data Flow Probe Log Files" in the Data Flow Management section of the UCMDB Help.
Run some basic jobs.
Run IPs by ICMP job via the connected probe, the job should run successfully.
Probe version and status: Probe version remains the old version,
Probe upgrade log file in the failed folder on UCMDB server.
Check the <domain_name>_<probename>_auto_upgrade.log files.
The log files in the failed folder indicate probes with upgrade failure. Open each upgrade log and check the error messages.
The Configuration Manager deployment instruction provided takes into account special UCMDB deployments you may have in your environment (for example, high availability) and provides the necessary adjustments to the deployment procedure for those deployments.
Note: For scaling purposes in a production environment, we recommend that you install UCMDB and Configuration Manager on separate machines, though installing both of these components together on the same server is supported.
However, when installing Configuration Manager on a high-availability UCMDB environment Configuration Manager must be installed on a separate machine.
Using Configuration Manager requires that a new UCMDB state is created (Authorized state). This configuration is performed automatically by the deployment procedure.
Be aware that if you are deploying only Configuration Manager (that is, using an existing or upgraded installation of UCMDB), the UCMDB server must be running to complete the installation of Configuration Manager.
We provides the following recommendations for increasing the security of your overall infrastructure for informational purposes only. These are only recommendations and are not intended to be a guarantee of protection against all potential vulnerabilities and attacks. Please note that some security measures may impact the features and functionality of your overall system; so, it is recommended that every customer become aware of those impacts when implementing any changes to your environment.
Use of this Micro Focus Software Product [Micro Focus UCMDB Configuration Manager] may require the pre-installation of certain third-party components that are not provided by Micro Focus ("Third Party Components"). It is recommended that its customers check frequently for the most current updates to the Third Party Components, which may include fixes or patches for security vulnerabilities.
Note: Configuration Manager can be installed on a Windows or a Linux system. If you are installing on a Linux system, you can either run the installer in GUI mode (using X11 protocol), or run a silent installation. For details, see Installing Configuration Manager - Silent Installation.
To install Configuration Manager:
Prerequisites:
Configuration Manager automatically creates the CM New Policy and CM KPI integration points during installation, using the UCMDB Integration Service.
Since the UCMDB Integration Service is not supported in a high availability environment, these integration points will be created in an unsupported configuration. You must therefore recreate these integration points manually after installation, using a remote Data Flow Probe. For details, see the Data Flow Management section of the UCMDB Help.
To allow Configuration Manager to automatically create integration points (used for federating data to UCMDB) in UCMDB, ensure that the UCMDB Integration Service is started and fully running before installing Configuration Manager.
If you are using a remote Data Flow Probe, or creation of the integration points fails during installation of Configuration Manager, you can create the integration points manually. For details, see the Data Flow Management section of the UCMDB Help.
If UCMDB is set up as a high-availability environment, Configuration Manager must not be installed on the same machine as any of the UCMDB Servers. When asked for the UCMDB connection details, use the Cluster virtual IP address of the load balancer.
Launch the Configuration Manager installation: insert the UCMDB DVD into the machine. Do one of the following:
Accept the terms of the End User License Agreement and click Next.
On the Installation Configuration page, select the location for the installation:
Windows:
Click Choose to select the directory where Configuration Manager will be installed. The default location is C:\hp\CM_10.2.1.0.
Note: The installation directory must not contain spaces, and can use only English letters (a-z), digits (0-9), the hyphen sign ('-'), and the underscore sign (_).
If a previous version of Configuration Manager is detected, you are given the option to perform a new installation or to upgrade the previously existing installation.
Select New Installation and click Next.
Linux:
Specify the folder where you want to install Configuration Manager.
Note: To continue the installation, you must enter a path that:
On the UCMDB Foundation Connection page, provide the following details for connecting to the UCMDB Foundation installation:
Note: For details about changing the UCMDB server parameters after the installation is complete, see Reconfiguring Configuration Manager.
Field |
Definition |
---|---|
Host Name (FQDN) |
UCMDB deployment location address.
|
Protocol | HTTP or HTTPS (default) protocol. |
UCMDB Port | The HTTP or HTTPS port default values are 8080 for HTTP and 8443 (default) for HTTPS. |
Server Certificate |
This field is available when the HTTPS protocol is selected. You must manually place the UCMDB server certificate file on the Configuration Manager target host, and specify the full file path including the file name in the adjacent input field. Note: Note: The path to the certificate file cannot contain spaces. If UCMDB uses HTTPS, then using a key exchange is required. The key exchange is not validated during the connection test. Note: The certificate file must be a *.cer file (other file formats are not supported). |
Customer Name | The default UCMDB customer name is Default Client. The customer name value is used during the UCMDB and Configuration Manager integration configuration. The customer name must exist in UCMDB, and this value is not validated by the connection test. If you provide an incorrect value, the deployment will fail. |
UCMDB root context |
UCMDB root context, the default value is /. If this value is changed in UCMDB, this needs to be adjusted in CM as well. This way UCMDB-CM communication uses UCMDB root context. |
JMX Port | The default value is 29601. |
System User (JMX) | The UCMDB (JMX) system user is used for activating JMX functions such as creating a Configuration Manager integration user and deploying the Configuration Manager package. The out-of-the-box default value is sysadmin. |
System Password |
The UCMDB system user password. |
Click Test to test the connection settings and then click Next to continue to the Database Connection Configuration page.
Note:
A database connection must be configured and associated with a standard URL connection. If advanced features are required, such as an Oracle Real Application Cluster, set up a standard connection and then manually edit the database.properties file to configure the advanced features. You can either connect to an existing schema or create a new schema.
Configuration Manager uses native drivers for both the Oracle and Microsoft SQL Server databases. All native driver features are supported, provided that these features can be configured using the database URL. The URL is located in the database.properties file.
Configuration Manager uses a different database schema from UCMDB.
Two types of databases are available – Oracle and MSSQL. The input fields change according to the database type selected. During installation, you can either create a new schema or connect to an existing schema. For details about the schema requirements, see the Support Matrix section of the UCMDB Help.
For additional details about connecting to different database schemas, see Installing Configuration Manager - Advanced Database Configuration.
Caution: Repopulating an existing database removes all data from a database schema and recreates all tables.
Note:
Provide the following details when creating a new Oracle schema:
Field | Definition |
---|---|
Host Name/IP | The database server location address. |
Port | The default Oracle database port is 1521. |
SID | The Oracle schema ID. |
Admin Username | The username of the database administrator. |
Admin Password | The password of the database administrator. |
Schema Username | The username of the Oracle schema. |
Schema Password | The password of the Oracle schema. |
Default Tablespace | The default tablespace. |
Temporary Tablespace | The temporary tablespace. |
Provide the following details when connecting to an existing Oracle schema:
Field | Definition |
---|---|
Host Name/IP | The database server location address. |
Port | The default Oracle database port is 1521. |
SID | The Oracle schema ID. |
Schema Username | The name of the existing Oracle schema. |
Schema Password | The password of the existing Oracle schema. |
Provide the following details when creating a new MSSQL database or connecting to an existing database:
Field | Definition |
---|---|
Host Name/IP | The database server location address. |
Port | The default MSSQL database port is 1433. |
DB Name | The MSSQL database name. |
DB Username | The username of the MSSQL database. |
DB Password | The password of the MSSQL database. |
Specify Configuration Manager settings on the Server Ports Configuration page. When finished, click Next to continue to the User Configuration page.
Configuration Manager provides out-of-the-box default port settings. If a port number conflicts with an existing installation, consult with an IT manager before changing the port number.
Field | Definition |
---|---|
Application HTTP Port | 8180 |
Application HTTPS Port | 8143 |
JMX HTTP Port | 39900 |
JMX Remote Port | 39600 |
Tomcat Port | 8005 |
Enter details for the UCMDB integration user on the User Configuration page. When finished, click Next to continue to the Advanced Content page.
An integration user is created in UCMDB on demand by Configuration Manager to support the integration between these two products.
If you previously installed Configuration Manager version 10 for this UCMDB instance, you can use the same integration user credentials that you used previously, instead of creating a new integration user.
In the Advanced Content page, the option to enable advanced content (out-of-the-box views and policies) is available only if you are connected to a UCMDB server on which an advanced license has already been installed.
If you have not previously purchased and activated an advanced license, you can use the JMX console to enable the advanced content after installation.
For details, see the section about licensed content in the Configuration Manager section of the UCMDB Online Help.
Click Next to continue to the Pre-Installation Summary page.
Review your installation and configuration settings on the Pre-Installation Summary page. When finished, click Install to continue to the Installing page.
The Summary page centralizes all of the configuration details and user input. You can revise the content of the summary, if necessary, by clicking Previous on the pages until you reach the desired page, and adjust the deployment settings. Return to the Summary page by clicking Next as required.
The Installing page shows the progress of your installation. During the installation, the progress bar displays the progress of the installation. When the process finishes, the configuration settings are applied to Configuration Manager. This phase may take several minutes. You can press Cancel during the installation to stop the process and roll back the installation. During the configuration phase, the Cancel button is disabled.
When the installation process finishes, a message appears indicating that Configuration Manager was successfully installed in the selected folder. In addition, error messages or warnings are displayed, as well as the path of the log file. To finish, press Done.
The upgrade procedure assumes the following before beginning:
Note:
To upgrade Configuration Manager:
Back up the Configuration Manager installation folder.
Back up the following Windows registry entry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Universal CMDB Configuration Manager 10.23
Remove the old Configuration Manager service name by running the following command:
sc [<ServerName>] delete [<ServiceName>]
For example, sc delete HPUCMDBCM1023
To start the installation, insert the Configuration Manager installation media into the machine. Do one of the following:
Click Next to open the End User License Agreement page.
Accept the terms of the license and click Next.
Select the folder where Configuration Manager will be installed. Make sure that you select a different location than the one that was used for the previous version.
By default, Configuration Manager is installed in the following directory: C:\hp\CM_10.2.1.0 (on Windows systems) or /root/HP/CM_10.2.1.0 (on Linux systems). Click Next to accept the default location, or click Browse to select a different location and then click Next.
Note: The installation directory must not contain spaces in its name.
Click Next until you are asked whether to perform a new installation of Configuration Manager or to upgrade.
Note:
Select Upgrade and click Next to confirm and begin the installation.
In the Advanced Content page, the option to enable advanced content (out-of-the-box views and policies) is available only if you are connected to a UCMDB server on which an advanced license has already been installed.
If you have not previously purchased and activated an advanced license, you can use the JMX console to enable the advanced content after upgrading.
For details, see the section about licensed content in the Configuration Manager section of the UCMDB Online Help.
When the installation finishes, check the installation log file (located in the <Configuration_Manager_installation_directory>/_installation/logs folder) to ensure that the installation completed with no errors.
If an error occurs during the upgrade process, a message is displayed. If this occurs, contact Micro Focus Software Support.
On Windows machines, the Configuration Manager service starts automatically. Wait several minutes for the service to restart.
Note: After upgrading, you must perform the SSL configuration again. For details, see the Configuration Manager section of the UCMDB Online Help.
Note: Configuration Manager can be installed on a Windows or a Linux system.
To perform a silent installation of Configuration Manager:
Run the following command:
CM_11.0.xx.exe -i silent -f installvariables.properties
An example of the installvariables.properties file is displayed below:
# Enter 1 for a new installation or 0 to upgrade CM_NEW_INSTALLATION=1
# Logging file
INSTALL_LOG_NAME=HP_Universal_CMDB_Configuration_Manager.log
# User installation directory # Enter the full absolute path to be used for the installation # Make sure to use double backslashes; for example, C:\\hp\\cm_10.23
USER_INSTALL_DIR=
# UCMDB connection config:
UCMDB_HOST_NAME=
UCMDB_PROTOCOL=
UCMDB_PORT=
# Enter the full path for the UCMDB Foundation certificate file # (.cer file only) # UCMDB_CLIENT_CERT_FILE should be defined only when connecting # to UCMDB with HTTPS protocol UCMDB_CLIENT_CERT_FILE=
UCMDB_CUSTOMER_NAME=
UCMDB_JMX_PORT=
UCMDB_SYSTEM_USER=
UCMDB_SYSTEM_PASSWORD= UCMDB_CMDB_ROOT_CONTEXT=
# Database config: # Enter 1 to create a new schema; otherwise, enter 0
DB_CREATE_NEW_SCHEMA=
# Enter 1 to use an existing schema; otherwise, enter 0 DB_USE_EXISTING_SCHEMA=
# Enter 1 for an Oracle database; otherwise, enter 0 DB_VENDOR_ORACLE=
# Enter 1 for an MSSQL database; otherwise, enter 0 DB_VENDOR_MSSQL= # DB_HOST_NAME should be the fully qualified domain name (FQDN)
DB_HOST_NAME=
DB_PORT=
# For an Oracle database, enter the SID name; for an # MSSQL database, enter the database name ORACLE_SID_OR_MSSQL_DB_NAME=
ORACLE_SCHEMANAME_OR_MSSQL_DB_USERNAME=
ORACLE_SCHEMA_PASSWORD_OR_MSSQL_DB_USER_PASSWORD= # Enter 1 if you want to repopulate the database or when creating # a new schema, or 0 if you are connecting to an existing schema and # do not want to repopulate DB_REPOPULATE_DATABASE=
# Oracle only: # These four values are required only for the creation of a new # Oracle schema
ORACLE_ADMIN_USERNAME=
ORACLE_ADMIN_PASSWORD=
DB_DEFAULT_TABLE_SPACE=
DB_TEMP_TABLE_SPACE=
# Tomcat Ports:
HTTP_PORT=
HTTPS_PORT=
TOMCAT_PORT=
AJP_PORT=
JMX_HTTP_PORT=
JMX_REMOTE_PORT=
# User config:
UCMDB_ADMIN_USERNAME=
UCMDB_ADMIN_PASSWORD=
# Advanced configuration manager content # Requires purchase of an ACM license
# Enter 1 to install advanced content
#INSTALL_CM_ADVANCED_CONTENT_BOOLEAN_1 =
For additional details about the various parameters that can be set, see Installing Configuration Manager.
Create a Configuration Manager Database On an Oracle RAC
Configuring an Oracle Schema during installation
During the installation procedure, you specify the database parameters for connecting to the desired Oracle RAC instance (Host Name, Port, and SID). After the installation is complete, you must configure jdbc.url in the database.properties file, as described in Configuring the database.properties file below.
Configuring an Oracle Schema during upgrade
During the upgrade procedure you enable Configuration Manager to connect directly to an Oracle RAC instance. For example:
jdbc.url=jdbc:oracle:thin:@[instance_name]:1521:[instance_sid]
After the upgrade is complete, you must configure jdbc.url in the database.properties file, as described in Configuring the database.properties file below.
Configuring the database.properties file
Change jdbc.url in the database.properties file in one of these ways:
by Single Client Access Name (SCAN)
jdbc:mercury:oracle://<server_name>:1521;ServiceName=<service_name>
where <server_name> is the scan listener hostname or address and <service_name> is the name of the Oracle RAC service.
by the tnsnames.ora file
jdbc.url=jdbc:mercury:oracle:TNSNamesFile=<CM_HOME>\\conf\\tnsnames.ora;TNSServerName=<service_name>
where <CM_HOME> is the Configuration Manager installation directory, and <service_name> is the name of the Oracle RAC service.
You must create the tnsnames.ora file in the \conf subfolder of the Configuration Manager installation directory. Here is an example of the contents:
RACQA =
(DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST = labm3amdb17-vip)(PORT = 1521)) (ADDRESS = (PROTOCOL = TCP)(HOST = labm3amdb18-vip)(PORT = 1521)) (LOAD_BALANCE = yes) (CONNECT_DATA = (SERVER = DEDICATED) (SERVICE_NAME = RACQA) (failover_mode=(type=select)(method=basic)) ) )
In this case, set jdbc.url to jdbc:mercury:oracle:TNSNamesFile=<CM_HOME>\\conf\\tnsnames.ora and the TNSServerName to RACQA.
Note: For details about configuring the Oracle JDBC URL format, see http://www.datadirect.com/resources/jdbc/oracle-rac/connecting.html.
Enable support for Oracle ASO on Configuration Manager
To enable Oracle ASO support on CM,
Copy the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files for Java 8 to the java\windows\x86_64\lib\security folder.
The JCE Unlimited Strength Jurisdiction Policy Files can be downloaded from http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html.
Open the datamodelContext.xml file (in the servers\server-0\webapps\cnc\WEB-INF\classes\META-INF\spring folder) using a text editor, and then copy and add the following property tag to bean id="dataSource" class="com.mchange.v2.c3p0.ComboPooledDataSource":
<property name="properties">
<props>
<prop key="EncryptionTypes">AES256</prop>
<prop key="EncryptionLevel">required</prop>
<prop key="DataIntegrityTypes">SHA1</prop>
<prop key="DataIntegrityLevel">required</prop>
</props>
</property>
Start Configuration Manager.
Configure Windows Authentication (NTLM) On an MS-SQL Server
You can create and connect to a database using Windows authentication instead of Microsoft SQL Server authentication. To do so, you must ensure that the Windows user running the Universal CMDB Configuration Manager service has the necessary permissions to access the Microsoft SQL Server database.
Reconfiguring Configuration Manager allows you to change the installation parameters (UCMDB properties, DB properties, and so on) of an existing installation.
To reconfigure an existing installation of Configuration Manager:
In the <Configuration_Manager_installation_directory>/_installation folder, run CM_11.0.xx.exe (on Windows systems) or CM_11.0.xx.bin (on Linux systems), without repopulating the database. The End User License Agreement is displayed. Select the radio button and click Next to continue.
The installation process checks if there is a previous installation of Configuration Manager, and displays the following message:
A previous installation of the product has been detected. This installation will not reinstall the product, but will allow you to reconfigure the product parameters.
Click Next to continue.
Continue with the reconfiguration. You can update the following information:
UCMDB Foundation connection information
Field |
Definition |
---|---|
Host Name (FQDN) |
UCMDB deployment location address.
|
Protocol | HTTP or HTTPS (default) protocol. |
UCMDB Port | The HTTP or HTTPS port default values are 8080 for HTTP and 8443 (default) for HTTPS. |
Server Certificate |
This field is available when the HTTPS protocol is selected. You must manually place the UCMDB server certificate file on the Configuration Manager target host, and specify the full file path including the file name in the adjacent input field. Note: Note: The path to the certificate file cannot contain spaces. If UCMDB uses HTTPS, then using a key exchange is required. The key exchange is not validated during the connection test. Note: The certificate file must be a *.cer file (other file formats are not supported). |
Customer Name | The default UCMDB customer name is Default Client. The customer name value is used during the UCMDB and Configuration Manager integration configuration. The customer name must exist in UCMDB, and this value is not validated by the connection test. If you provide an incorrect value, the deployment will fail. |
UCMDB root context |
UCMDB root context, the default value is /. If this value is changed in UCMDB, this needs to be adjusted in CM as well. This way UCMDB-CM communication uses UCMDB root context. |
JMX Port | The default value is 29601. |
System User (JMX) | The UCMDB (JMX) system user is used for activating JMX functions such as creating a Configuration Manager integration user and deploying the Configuration Manager package. The out-of-the-box default value is sysadmin. |
System Password |
The UCMDB system user password. |
Database configuration information
Configuration Manager uses a different database schema from UCMDB.
Two types of databases are available – Oracle and MSSQL. The input fields change according to the database type selected. During installation, you can either create a new schema or connect to an existing schema. For details about the schema requirements, see the Support Matrix section of the UCMDB Help.
For additional details about connecting to different database schemas, see Installing Configuration Manager - Advanced Database Configuration.
Caution: Repopulating an existing database removes all data from a database schema and recreates all tables.
Note:
Provide the following details when creating a new Oracle schema:
Field | Definition |
---|---|
Host Name/IP | The database server location address. |
Port | The default Oracle database port is 1521. |
SID | The Oracle schema ID. |
Admin Username | The username of the database administrator. |
Admin Password | The password of the database administrator. |
Schema Username | The username of the Oracle schema. |
Schema Password | The password of the Oracle schema. |
Default Tablespace | The default tablespace. |
Temporary Tablespace | The temporary tablespace. |
Provide the following details when connecting to an existing Oracle schema:
Field | Definition |
---|---|
Host Name/IP | The database server location address. |
Port | The default Oracle database port is 1521. |
SID | The Oracle schema ID. |
Schema Username | The name of the existing Oracle schema. |
Schema Password | The password of the existing Oracle schema. |
Provide the following details when creating a new MSSQL database or connecting to an existing database:
Field | Definition |
---|---|
Host Name/IP | The database server location address. |
Port | The default MSSQL database port is 1433. |
DB Name | The MSSQL database name. |
DB Username | The username of the MSSQL database. |
DB Password | The password of the MSSQL database. |
Tomcat ports
Configuration Manager provides out-of-the-box default port settings. If a port number conflicts with an existing installation, consult with an IT manager before changing the port number.
Field | Definition |
---|---|
Application HTTP Port | 8180 |
Application HTTPS Port | 8143 |
JMX HTTP Port | 39900 |
JMX Remote Port | 39600 |
Tomcat Port | 8005 |
User configurations
An integration user is created in UCMDB on demand by Configuration Manager to support the integration between these two products.
If you previously installed Configuration Manager version 10 for this UCMDB instance, you can use the same integration user credentials that you used previously, instead of creating a new integration user.
Note: If your UCMDB server uses HTTPS, make sure you configure Configuration Manager so that it can work with UCMDB server using SSL.
You can configure Configuration Manager to work with UCMDB using Secure Sockets Layer (SSL). The SSL connector on port 8443 is enabled by default in UCMDB.
Go to <UCMDB installation directory>\bin\jre\bin and run the following command:
keytool -export -alias hpcert -keystore <UCMDB_server_directory>
\conf\security\server.keystore -storepass <keystore password> -file <certificatefile>
Copy the certificate file to a temporary location on the local Configuration Manager machine.
Perform a new installation or reconfigure an existing installation of Configuration Manager. For instructions, see the relevant sections in the interactive Universal CMDB Deployment Guide.
In the UCMDB configuration screen, set the protocol to HTTPS, and choose the certificate file that you copied in step 2.
On the server machine, import the certificate into the trust store (cacerts) using the keytool utility with the following command:
<Configuration_Manager_installation_directory>\java\bin\keytool.exe ‑import -alias hp -file hpcert.cer -keystore <Configuration_Manager_installation_directory>\java\windows\x86_64\lib\security\cacerts
Create a server keystore (JKS type) with a self-signed certificate and matching private key. From the <Configuration_Manager_installation_directory>\java\windows\x86_64\bin folder, run the following command:
keytool –genkey –alias tomcat –keyalg RSA –keystore <Configuration_Manager_installation_directory>\java\windows\x86_64\lib\security\tomcat.keystore
What is your first and last name?
, enter the Configuration Manager Web server name and enter the other parameters according to your organization.Modify the server.xml file as follows:
Open the server.xml file, located in <Configuration_Manager_installation_directory>\servers\server-0\conf folder. Locate the section beginning with:
Connector port="8143"
which appears as a comment. Activate the script by removing the comment character and add the following lines:
keystoreFile="<Configuration_Manager_installation_directory>\java\windows\x86_64\lib\security\tomcat.keystore"
keystorePass="password"
truststoreFile="<Configuration_Manager_installation_directory>\java\windows\x86_64\lib\security\cacerts"
truststorePass="changeit" />
Comment out the following line:
<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
To configure Configuration Manager to work with other products (such as load balancers) using SSL, import the security certificate of the product to the Configuration Manager truststore (default JRE truststore) by running the following command:
<CM_JAVA_HOME>\bin\keytool -import -trustcacerts -alias <alias> -keystore
<CM_JAVA_HOME>\lib\security\cacerts -storepass changeit -file <certificatefile>
You can specify different root contexts on a single Configuration Manager server installation.
Note:
To change the root context for Configuration Manager:
Open the <Configuration Manager installation directory>/servers/server-0/webapps/ folder.
Rename the cnc.war file with the desired root context.
Repeat this step for all .war files in the folder, except for the ds-console.war file.
Delete the /cnc subfolder.
Repeat this step for the corresponding subfolder of each .war file in the /webapps folder, except for the /ds-console folder.
Caution: Do not change the name of the ds-console.war file and its corresponding subfolder.
Open the <Configuration Manager installation directory>/servers/server-0/webapps/root/ folder.
In the index.html file, change
<meta http-equiv='refresh' content='0;url=http://quixy.deu.hp.com/cnc' />
to
<meta http-equiv='refresh' content='0;url=http://quixy.deu.hp.com/<context>/cnc' />
Restart the Configuration Manager service.
Verify that a folder with the new context name (for example, segment#cnc) has been created in the /webapps folder.
To start the Configuration Manager server:
On a Linux system, use a command line prompt:
$ cd /<Configuration_Manager_installation_directory> $ ./start-server-0.sh
Running this script this way starts the server in a synchronous process, which means that the server is stopped as soon as you disconnect from the console.
To start the Configuration Manager server asynchronously, run the script as follows:
$ ./start-server-0.sh &
To keep the Configuration Manager server running even if a user logs out, run the script as follows:
nohup $ ./start-server-0.sh
You can create a script in the /etc/init.d directory to automatically start Configuration Manager on machine startup.
On a Windows system:
Use the Universal CMDB Configuration Manager Windows service to start the server.
To stop the Configuration Manager server:
On a Linux system, use a command line prompt:
$ cd /<Configuration_Manager_installation_directory> $ ./stop-server-0.sh
On a Windows system:
Use the Universal CMDB Configuration Manager Windows service to stop the server.
To uninstall Configuration Manager, do one of the following:
On Windows systems |
From the Start menu:
From the Control Panel:
A notification is displayed that you are about to uninstall. Click Uninstall to continue or click Cancel to exit. |
On Linux systems | In the <Configuration_Manager_installation_directory>/_installation/ folder, execute CM-Uninstall.bin. |
Access Commands for Windows
During the installation of Universal CMDB, a start menu is added to the settings of the machine on which you installed UCMDB. You can start and stop the UCMDB Server and the UCMDB Integration Service, access the Server Configuration wizard and view Server service status, and you can uninstall the Server.
If there is a Data Flow Probe installed on the same machine as the UCMDB Server, you can start and stop the Data Flow Probe, as well as uninstall it, from this menu.
To access the Universal CMDB start menu, select Start > All Programs > UCMDB. The menu includes the following options:
Command | Description |
---|---|
Start Universal CMDB Server |
Starts the UCMDB Server service. Note: Alternatively, you can access the Windows Services window and locate the UCMDB_Server service. Open the UCMDB_Server Properties (Local Computer) dialog box and start the service. If required, change the Startup Type to Automatic. |
Stop Universal CMDB Server |
Stops the UCMDB Server service. Note: Alternatively, you can access the Windows Services window and locate the UCMDB_Server service. Open the UCMDB_Server Properties (Local Computer) dialog box and stop the service. |
Universal CMDB Server Status | Opens a Web page with information about the server. For details, see UCMDB Services below. To open a Web page with information about the UCMDB UI Server Status, enter the following URL: https://<UCMDB Server Host Name or IP>:8443/ucmdb-ui/status.jsp
Note: The link to the Server Status page is only displayed if the Show Status Page link on first page infrastructure setting is set to True. |
Start Universal CMDB Server Configuration Wizard | Enables you to run the wizard to connect to an existing database or schema or to create a new database or schema. For details, see Creating a Database or Connecting to an Existing One? earlier in this document. |
Uninstall Universal CMDB Server | Uninstalls the UCMDB Server. |
Start Universal CMDB Integration Service |
Starts the UCMDB Integration Service which allows performance of non-Jython-based integration tasks without using a Data Flow Probe if your remote managed data repositories are accessible from the UCMDB Server machine. Note: The UCMDB Integration Service and the Data Flow Probe (if installed on the UCMDB Server machine) cannot be running at the same time. To start the UCMDB Integration Service, you must first stop the Data Flow Probe. |
Stops the UCMDB Integration Service. | |
Inventory Tools |
Enables you to access the Inventory Tools (and supporting documentation) that are used for viewing and analyzing data discovered by Inventory Discovery. Available: Only when a Data Flow Probe is installed on the UCMDB Server machine. |
Start Data Flow Probe |
Starts the Data Flow Probe on the UCMDB server. If the Data Flow Probe is installed on the UCMDB Server machine: The Data Flow Probe and the UCMDB Integration Service cannot be running at the same time. To start the Data Flow Probe, you must first stop the UCMDB Integration Service. See Stop Universal CMDB Integration Service. Available: Only when a Data Flow Probe is installed on the UCMDB Server machine. |
Start Data Flow Probe (console) |
Starts the Data Flow Probe on the console. Available: Only when a Data Flow Probe is installed on the UCMDB Server machine. |
Stop Data Flow Probe |
Stops the Data Flow Probe. Available: Only when a Data Flow Probe is installed on the UCMDB Server machine. |
Uninstall Data Flow Probe |
Uninstalls the Data Flow Probe. Available: Only when a Data Flow Probe is installed on the UCMDB Server machine. |
Access Commands for Linux
Run the following commands to start and stop the UCMDB Server, to access the Database Configuration wizard, to view the Server service status, and to uninstall the Server.
Note: The following commands assume that UCMDB is installed on the default path, that is, /opt. If the Server is installed elsewhere, substitute that path for /opt.
Command | Path |
---|---|
To start the Universal CMDB server | /opt/UCMDB/UCMDBServer/bin/server.sh start |
To stop the Universal CMDB server | /opt/UCMDB/UCMDBServer/bin/server.sh stop |
To call the Universal CMDB Server Configuration wizard | /opt/UCMDB/UCMDBServer/bin/configure.sh |
To access the UCMDB Server Status Web pages |
Note:
|
To start the Universal CMDB Integration Service |
/opt/UCMDB/UCMDBServer/integrations/bin/service.sh start The UCMDB Integration Service allows performance of non-Jython-based integration tasks without using a Data Flow Probe if your remote managed data repositories are accessible from the UCMDB Server machine. Note: The UCMDB Integration Service and the Data Flow Probe (if installed on the UCMDB Server machine) cannot be running at the same time.To start the UCMDB Integration Service, you must first stop the Data Flow Probe. See Stop Data Flow Probe below. |
To stop the Universal CMDB Integration Service | /opt/UCMDB/UCMDBServer/integrations/bin/service.sh stop |
To start the Data Flow Probe |
/opt/UCMDB/DataFlowProbe/bin/probegateway.sh start If the Data Flow Probe is installed on the UCMDB Server machine: The Data Flow Probe and the UCMDB Integration Service cannot be running at the same time. To start the Data Flow Probe, you must first stop the UCMDB Integration Service. See Stop UCMDB Integration Service above. Available: Only when a Data Flow Probe is installed on the UCMDB Server machine. |
To stop the Data Flow Probe |
/opt/UCMDB/DataFlowProbe/bin/probegateway.sh stop Available: Only when a Data Flow Probe is installed on the UCMDB Server machine. |
To uninstall the UCMDB Server | /opt/UCMDB/UCMDBServer/UninstallerData/Uninstall_UCMDBServer |
This section includes:
View the Status of Universal CMDB Server Services
On the UCMDB Server machine, open your client browser and enter https://localhost:8443/status. The Status and Detailed Status of all services are displayed, indicating whether the Universal CMDB services are running (Up) or are down (Not Started).
Note: In case there are services that are not running, contact Micro Focus Support.
Check the Universal CMDB Integration Service Status
If your remote managed data repositories are accessible from the UCMDB server machine, you can use the UCMDB Integration Service for non-Jython-based integrations instead of a Data Flow Probe.
Note: The UCMDB Integration Service is supported in a standalone UCMDB environment only.
To ensure that the service is running:
Check the status on the UCMDB Server machine:
Windows | Control Panel > Administration Tools > Services |
Linux | /opt/UCMDB/UCMDBServer/integrations/bin/service.sh status |
If the service is not running:
Check if there is a Data Flow Probe installed and running on the UCMDB Server machine. If so, you must first stop the Data Flow Probe before you can start the UCMDB Integration Service.
To stop the Data Flow Probe:
Windows | Select Start > All Programs > UCMDB > Stop Data Flow Probe |
Linux | Enter the following command: /opt/UCMDB/DataFlowProbe/bin/probegateway.sh stop |
Start the UCMDB Integration Service:
Windows |
Use one of the following:
|
Linux | Enter the following command: /opt/UCMDB/UCMDBServer/integrations/bin/service.sh start |
The Universal CMDB services are described in the following table:
Service Name | Description of Service |
---|---|
authorization | Responsible for the security model enforcement (users, roles, tenants, and so on). |
autodiscovery | Responsible for Data Flow Management-related services. |
Browser_resources | Responsible for managing UCMDB browser related resources like categories. |
cla_queue | Responsible for Client level authorization. |
cla_statistics | Responsible for Client level authorization. |
classModel | Responsible for maintaining the class model in the CMDB. |
cmdb_mod_not | Responsible for notifications of changes that occur in the CMDB. |
cmdb_sys_tqls | Responsible for the conditions applied to TQL nodes, and the condition results that are stored in the system TQL. |
cmdb_view | Responsible for calculating view definitions over TQL results (the transformation from graph to tree is given the view definition). |
cmdb_widget_tracker | Responsible for managing UCMDB browser widgets. |
configuration | Responsible for snapshots, CI change queries, and TQL/View History queries. |
content-install | Responsible for managing the content packs. |
correlation | Responsible for HPE Universal CMDB impact, root cause, and correlation subsystems. |
data-acquisition | Responsible for managing integrations. |
enrichment | Responsible for executing both ad hoc and active enrichments. |
fcmdb-config | A cache mechanism for federated data that allows basic FCMDB services before the FCMDB is fully loaded. |
fcmdb-management | Responsible for managing the adapters, federation, and the data push flow. |
folders | Responsible for managing the folder hierarchy for every type of resource. |
framework | Responsible for dispatching operations within the UCMDB server. |
generic_adapter_manager | Responsible for generic adapter related operations. |
grouping | Responsible for holding the different bundles that allow the classification of resources. |
histDB | Responsible for saving changes to CIs and relationships in the CMDB. |
impact | Responsible for Universal CMDB impact, root cause, and correlation subsystems. |
licensing | Responsible for license management. |
mapping-engine | Used by the integrations. Allows reconciliation during a federated TQL calculation. |
model | Responsible for mapping CIs from external data sources to local CMDB CIs. |
model_statistics | Allows running database optimization operations. These operations are run in various scenarios, such as history, upgrade, and JMX. |
model_topology | Responsible for loading the model topology graph (an internal data structure that contains all CIs and relationships without properties and often allows avoiding database queries). |
model_update | Responsible for managing updates to the class model in the CMDB. |
msg_sync | Messaging service for asynchronized history change messages. |
offline_tql | Responsible for managing and executing queries needed for CI tracking in UCMDB Browser. |
packaging | Responsible for packages. Packages are zip files containing resources that are structured in organized, predefined subdirectories. |
reconciliation | The CMDB’s data population reconciliation service. Responsible for the reconciliation engine of Universal CMDB. |
reconciliation_conf | Handles the reconciliation configuration such as identification rules and reconciliation priority configuration |
report | Responsible for Universal CMDB report services, such as adding, editing, and removing System reports, calculation of Asset reports, Node Dependency reports. |
scheduler | Responsible for scheduling offline tasks. |
softwarelibrary | Software library (Teaching server) service for SAI editor/Express Teaching operations |
state_management | Responsible for managing states. |
system-health | Responsible for gathering a storing server related statistics. |
topology_search | Responsible for search engine related services. |
tql | Responsible for TQL calculations. |
tql_res_utils | Responsible for TQL result maintenance (active) and layout retrieval. |
tql_tracker | Responsible for managing UCMDB browser CI tracking. |
view | Responsible for part of the business logic of the Modeling Studio, including "watch". |
world | A central repository for configuration information that is gathered from the various Universal CMDB and third-party applications and tools. This information is used to build Universal CMDB views. |
This section includes:
Launch UCMDB UI from Chrome 43+, Firefox 48+, Microsoft Edge, or Safari 10+
You access Universal CMDB using a supported Web browser, from any computer with a network connection (intranet or Internet) to the Universal CMDB Server.
For details on Web browser requirements, as well as minimum requirements to successfully view Universal CMDB, see the Support Matrix section of the UCMDB Help.
The level of access granted a user depends on the user’s permissions. For details on granting user permissions, see the Administer section of the UCMDB Help.
For details on accessing Universal CMDB securely and login authentication strategies, see the Hardening section of the UCMDB Help.
Accessing the UCMDB Components
In the Web browser, enter the URL of the Universal CMDB Server, for example:
https://<server name or IP address>.<domain name>:8443
where <server name or IP address>.<domain name> represents the fully qualified domain name (FQDN) of the Universal CMDB Server.
If Universal CMDB is set up to work through a reverse proxy, enter https://<proxy_server_name>:443 where proxy_server_name is the name or IP address of the proxy server.
If the correct Java version is not installed on your machine, you can choose to download the version from sun.com or from the UCMDB server. (If you log in without installing Java, you will not be able to view pages that need a Java applet to display correctly.)
Click a link to work with Universal CMDB:
UCMDB. Opens the login page. After logging in, the module you had open at the end of your last session opens. If your user preferences are deleted, the IT Universe Manager is opened by default.
Note: You can also access the login page by entering https://<server name or IP address>.<domain name>:8443/ucmdb.
UCMDB SAML Login. Opens to the default UCMDB module page directly if SAML authentication is enabled.
Note: This option is available only when SAML authentication is enabled.
User Management. Opens the login page. After logging in, you are taken directly to the Users and Groups module where you can manage your UCMDB users.
UCMDB Configuration Manager. Opens the Configuration Manager application. For the link to be active, Configuration Manager must be running and the infrastructure setting Configuration Manager URL must contain the application’s URL.
UCMDB Browser. Opens the UCMDB Browser. The UCMDB Browser is a web-based UCMDB UI for displaying UCMDB information quickly and easily, and simplifying administrative and integration management of UCMDB with improved user experience and ease of use. For the link to be active, UCMDB Browser must be running and the infrastructure setting UCMDB Browser URL must contain the application’s URL.
UCMDB Class Model. Opens the UCMDB Class Model Reference, which contains information on all packages, CI types, and relationships in the class model.
Server Status. Opens the Server Status page.
JMX Console. Enables you to perform operations on the CMDB through the JMX console interface.
API Connection Test. Displays information about the Universal CMDB Server for you to use when running an API to the CMDB.
API Client Download. Downloads the UCMDB API jar file.
API Reference. Opens the UCMDB API Reference documentation.
When you click UCMDB or User Management, the login page opens.
Enter the default superuser login parameters:
User Login = admin, User Password = the password for admin.
If Universal CMDB is installed in a multiple customer or multiple state environment (for example, Universal CMDB Configuration Manager), a Customer field is displayed. Choose the Customer name from the list.
Remember me on this machine. Select for automatic login. That is, the next time you log in to UCMDB, you do not need to enter your user name and password.
Click Login. After logging in, your user name appears at the top right of the screen.
If you have problems logging in, see Troubleshooting Deployment - Logging In to UCMDB below.
Note: Click the Help button on the Login page for complete help with logging in.
(Recommended) Change the superuser password immediately to prevent unauthorized entry. For details on changing the password, see the Administer section of the UCMDB Help.
(Recommended) Create additional administrative users to enable Universal CMDB administrators to access the system. For details on creating users in the Universal CMDB system, see the Administer section of the UCMDB Help.
Advanced login options enables you to automate login, limit login access, and provide direct login capabilities to specific pages in Universal CMDB.
When automatic login is enabled from the login page, and when you close the browser tab without using the Logout button at the top of the Universal CMDB page, the next time you enter this URL to access Universal CMDB (https://<server name or IP address>.<domain name>:8443/ucmdb-ui) or access the URL of the Universal CMDB Server (https://<server name or IP address>.<domain name>:8443) to get to the splash screen and then click UCMDB, the login page does not open, the login name and password do not have to be entered, and the default page that is set to open opens automatically.
Caution: This option could be considered a security risk and should be used with caution.
To enable automatic login:
In the Universal CMDB login page, select the option Remember me on this machine.
When completing your session, do not click Logout at the top of the page, but close the browser tab.
When you open a new browser tab and navigate to link https://<server name or IP address>.<domain name>:8443 and then click UCMDB, the login page should be skipped.
Guidelines for Using Automatic Login
Using the Logout option at the top of the Universal CMDB page, the Remember me on this machine option is still enabled with your user name remembered. If you log out using the Logout button, the next time you try to log in, the Login page opens with your login name pre-filled, you only need to enter your password manually.
The Remember me on this machine option can only be manually canceled by the user when he/she logs in next time.
Launch UCMDB UI from Chrome 43+, Firefox 48+, Microsoft Edge, or Safari 10+
It is possible to launch UCMDB UI application from web browsers without support for NPAPI plugins, including Chrome 43+, Firefox 48~51, Microsoft Edge, and Safari 10+.
The JNLP feature allows users who use web browsers without support for NPAPI plugins to launch the UCMDB UI application. Instead of running it in the internet web through the Java plug-in, a JNLP file is saved on the client machine. After launching the JNLP file, it runs in a separate Java process and loads the UCMDB UI as a desktop application.
The following web browsers are supported for accessing UCMDB UI using JNLP:
The following scenarios are not supported:
How to launch UCMDB UI from web browsers without support for NPAPI plugins
Note: Most of the configurations here are one-time operation only.
To do so, perform the following:
Tip: To access the same Universal CMDB server from one of the above mentioned web browsers, simply launch the downloaded UCMDB.jnlp file.
Change Default Time Limit for User Inactivity Log Out
Universal CMDB includes an automatic logout feature which logs out when the system is inactive for a set time period. The default period is 1440 minutes (24 hours). After that time, a message appears with a 30-second countdown until logout.
This task describes how to adjust the time limit UCMDB stays open without any user input before automatically logging out.
To change the default logout time:
Select Administration > Infrastructure Settings > General Settings category > Inactive allowed time setting.
In the Value column, enter a new time interval in minutes. All values for inactive allowed time are located in the Properties window (right-click Inactive Allowed Time > Properties or double-click the Inactive Allowed Time setting).
This section includes:
Installation and Deployment Issues
If you use the Japanese, Chinese, or Korean language in your browser, you must ensure that the Universal CMDB server has East Asian languages installed. On the machine on which the Universal CMDB server is installed, you must select Control Panel > Regional and Language Options > Languages > Install files for East Asian languages.
Universal CMDB in an I18N environment is supported for Universal CMDB installed on a Windows or Linux platform.
The installation path for all Universal CMDB components must not contain non-English language characters.
The Upgrade Wizard for version 10.30 does not support the non-English user interface. (The upgrade itself works properly.)
To work in a non-English language Universal CMDB environment, you can use either an Oracle Server database, Microsoft SQL Server database, or PostgreSQL Server database. The OS Windows regional settings language of the database should be the same as that of the UCMDB Server. When using an Oracle Server database, the encoding of the database can also be UTF-8 or AL32UTF-8, which supports both non-English languages as well as multiple languages.
When you create a new Oracle instance in an Oracle database, you must specify the character set for the instance. All character data, including data in the data dictionary, is stored in the instance’s character set. For details, see the section describing the Oracle Summary Checklist in the Database section of the UCMDB Help.
The Database Query Monitor can connect to an Oracle database, but the Oracle user names and passwords must contain only English characters.
Multi-Lingual User (MLU) Interface Support
Use the language preference option in your browser to select how to view Universal CMDB. The language preference chosen affects only your local machine (the client machine) and not the Universal CMDB Server machine or any other user accessing the same Universal CMDB machine.
The Universal CMDB user interface can be viewed in the following languages in your Web browser:
✓ | English | ✓ | Korean |
✓ | French | ✓ | Brazilian Portuguese |
✓ | German | ✓ | Russian |
✓ | Italian | ✓ | Simplified Chinese |
✓ | Japanese | ✓ | Spanish |
To set up and view Universal CMDB in a specific language:
Install the appropriate language’s fonts on your local machine if they are not yet installed. If you choose a language in your Web browser whose fonts have not been installed, Universal CMDB displays the characters as squares.
If you are logged in to Universal CMDB, you must log out. Click LOGOUT at the top of the Universal CMDB window.
Close every open browser window or, alternatively, clear the cache.
If Universal CMDB is running on Internet Explorer, configure the Web browser on your local machine to select the language in which you want to view Universal CMDB (Tools > Internet Options).
Click the Languages button and in the Language Preference dialog box, highlight the language in which you want to view Universal CMDB.
If the language you want is not listed in the dialog box, click Add to display the list of languages. Select the language you want to add and click OK.
Click Move Up to move the selected language to the first row.
Click OK to save the settings.
Display the Universal CMDB login window.
From the Internet Explorer menu, select View > Refresh. Universal CMDB immediately refreshes and the user interface is displayed in the selected language.
Note: For details on viewing Web pages in Internet Explorer that are written in a different language, see http://support.microsoft.com/kb/306872/en-us.
This section includes:
Large Capacity Planning Overview
Using the default configuration, Universal CMDB can work with a deployment of more than 25 million CIs and relationships. To work with a larger deployment, you must implement the following configuration:
Depending in the number of CIs and relationships, increase the CMDB heap as follows:
# CIs and Relationships | Heap Size |
---|---|
≤ 40 million | 12 GB |
40 million – 60 million | 16 GB |
60 million – 125 million | 24 GB |
> 125 million | 55 GB |
Configuring the UCMDB Server for Large Capacity
For the system to support the desired number of CIs and relationships, update the following parameters on the UCMDB Server:
Parameter | Default | CIs and Relationships (million) | Location | |||
---|---|---|---|---|---|---|
≤ 40 |
40 – 60 |
60 – 125 | > 125 | |||
wrapper.java. initmemory |
1024 | 2048 | 8192 |
|
||
wrapper.java. maxmemory |
4096 | 8192 | 16384 | 24576 | 56320 | |
wrapper.java. additional.31= -XX:MaxMetas paceSize |
256 | 512 | 1024 | |||
dal.object.condi tion.max.result. size |
2000000 | 50000000 | 50000000 |
|
||
dal.use.memory. instead.temp.tab le.high.threshold. oracle |
600000 | 6000000 | 6000000 | 10000000 | ||
dal.joinf.max.res ult.size |
400000 | 4000000 | 4000000 |
Configuring the Oracle Database for Large Capacity
When working on a system containing more than 40 million objects and relationships, you can improve performance by increasing the Oracle SGA and PGA to the following suggested sizes:
CIs and Relationships | SGA | PGA |
---|---|---|
40 million – 60 million | 22 GB | 6 GB |
60 million – 120 million | 42 GB | 14 GB |
> 120 million | 88 GB | 24 GB |
This improves the performance of both the TQL calculation for several types of TQL queries, as well as for data-in operations performed on the system.
Configuring the Microsoft SQL Database for Large Capacity
When working on a system containing more than 40 million objects and relationships, you can improve performance by increasing the Microsoft SQL Server Memory to the following suggested sizes:
CIs and Relationships | Microsoft SQL Server Memory |
---|---|
40 million – 60 million | 28 GB |
> 60 million | 56 GB |
Configuring Configuration Manager for Large Capacity
Configuration Manager supports working with up to 20,000 composite CIs in a single managed view. To enable this functionality, do the following:
Note:
Managed views that are based on dynamic TQL queries and result in more than 20,000 composite CIs are not supported.
To access the JMX console, launch your Web browser and enter the following address: http://<server_name>:<port_number>/cnc/jmx-console, where <server_name> is the name of the machine on which Configuration Manager is installed.
Enter the JMX console authentication credentials.
Click Configuration Manager > View Service. Select supportLargeViews and click Invoke.
In UCMDB, change the value of the TQL Group View Result Size setting to 500,000 (Administration > Infrastructure Settings Manager > TQL Settings).
Do one of the following:
Setup
The system capacity test is conducted for Microsoft SQL Server (with 125 million CIs and relationships) and Oracle Database (with 200 million CIs and relationships) separately, by using the following hardware configurations.
Role | CPU | Memory | OS + 3rd Party SW |
---|---|---|---|
CMDB | 2 x 4-cores @ 2.67 GHz | 32 GB |
Microsoft Windows Server 2008 R2 Enterprise Edition x64 SP1 |
Database | 2 x 8-cores @ 2.93 GHz | 64 GB |
|
Role | CPU | Memory | OS + 3rd Party SW |
---|---|---|---|
CMDB | 2 x E5-2630V3 @ 2.40GHz | 32 GB |
Red Hat Enterprise Linux 7.2 |
Database | 2 x E5-2630V3 @ 2.40GHz | 97 GB |
|
The following business flows were tested as part of the system test:
TQL Calculation
TQLs were divided into sub groups according to the result size (<100, <1000, and <10000), according to the data set that the TQL retrieves, and according to the TQL configuration:
Data-in
The data-in scenario in the system test included insertion, updates, and deletion.
Enrichments
Enrichment scenarios included insert, update, and delete.
Results
Following the load test in the scenario that includes query execution (2 days), data-in (7 days for Oracle and 10 days for MS SQL), and enrichment execution, the following results were achieved:
Logging In to Configuration Manager
You access Configuration Manager using a supported Web browser, from any computer with a network connection (intranet or Internet) to the Configuration Manager server. The level of access granted a user depends on the user's permissions. For details on granting user permissions, see the section on users and roles in the Administer section of the UCMDB Help.
For details on Web browser requirements, as well as minimum requirements for successfully viewing Configuration Manager, see the Support Matrix section of the UCMDB Help.
For details about accessing Configuration Manager securely, see the Hardening section.
For troubleshooting information about accessing Configuration Manager, see Troubleshooting Deployment - Logging In to Configuration Manager.
In the Web browser, enter the URL of the Configuration Manager Server, for example, http://<server name>.<domain name>:<port>/cnc, where <server name>.<domain name> represents the fully qualified domain name (FQDN) of the Configuration Manager server and <port> represents the port selected during installation.
Click Log In. After logging in, the user name appears at the top right of the screen.
Logging Out
When you have completed your session, it is recommended that you log out of the website to prevent unauthorized entry.
To log out, click Logout at the top of the page.
Note: There is a default session expiration time of 30 minutes.
Accessing the JMX Console for Configuration Manager
For troubleshooting purposes or to modify certain configurations, you may need to access the JMX console.
To access the JMX console:
Make sure that Server Administrator privileges have been assigned in UCMDB. For details, see the Administer section of the UCMDB Help.
Port a Configuration Manager Installation Between Machines
This procedure should be used when you want to transfer an installation of Configuration Manager from one machine to another while keeping the database schema intact and connecting to the same UCMDB server.
Copy the \conf and \security folders from the source machine into the relevant location on the target machine.
Start the Configuration Manager server on the target machine.
Change Port Numbers After Installation
To change port numbers (or any other installation parameter), see Reconfiguring Configuration Manager.
Copy System Settings Between Systems
On the source machine, open Configuration Manager. Go to Administration > Settings and click the Export configuration set to a zip file button.
Before exporting, you can exclude specific parts of the configuration by unchecking the check box next to the relevant configuration items.
Copy the exported configuration to the target machine.
On the target machine, open Configuration Manager. Go to Administration > Settings and click the Import configuration set button.
Back Up and Restore
You can back up an installation of Configuration Manager in order to be able to recover from any type of failure that would otherwise require a complete new installation.
Back up
Back up the following information:
the \conf and \security subfolders in the Configuration Manager installation directory. This can be done while the system is up and running, without interrupting operation.
the database schema
the registry entry at: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Universal CMDB Configuration Manager 11.0 (on Windows systems only)
Restore
This procedure should be performed on a new system with that has no Configuration Manager installation on it.
Install Configuration Manager on the target machine by running the CM_11.0.exe file (on Windows systems) or CM_11.0.bin file (on Linux systems).
Restore the \conf and \security directories. Use the matching method to restore that you used to back up. Overwrite the directories created by the installation that you performed in step 1.
Restore the database schema. If you restore to a different database server, you must modify the url property in the database.properties file (located in the \conf directory) to match the new database server name.
Start the Configuration Manager server.
Micro Focus Software Self-solve knowledge base. Use to search for specific troubleshooting information on a wide variety of topics. Located on the Micro Focus Software Support site, the Micro Focus Software Self-solve knowledge base can be accessed by selecting Troubleshooting & Knowledge Base from the Micro Focus Universal CMDB Help menu.
Note that only registered customers can access the resources on the Micro Focus Support site. Customers who have not yet registered can do so from this site.
Problem: The UCMDB Server does not start automatically upon system restart.
Solution:
In the General tab, ensure that:
This section includes the following:
Possible Causes for Failure to Log In to UCMDB
Use the following information to troubleshoot possible causes of failure to log into Universal CMDB.
Problem/Possible Causes | Solutions |
---|---|
Universal CMDB is not started successfully. Indication: The startup.log file does not include the following line: **** All components started **** |
Solution 1: Verify that the Universal CMDB Server is up and running by accessing the Web console https://<Server name>:8443/web-console where <server name> is the name of the Universal CMDB Server to which you are connecting. Solution 2: Check the database connection: To check that the database server is up and running:
Solution 3: Check that the database connection parameters are correct. Ensure that you can log into the database server using the credentials you provided during the configuration procedure. Solution 4: Use the cmdb.dal.log file to verify the database connections. The cmdb.dal.log file can be found in the following directory:
Solution 5: To verify that the database connection is valid, in the Windows command interpreter (cmd.exe), type |
The CMDB is corrupted (for example, a user record may have been deleted accidentally from the CMDB). |
Import a previously backed up database file. For details, see the Database section of UCMDB Help. Important: The Universal CMDB server must be down while importing the database. Note: When you import a previously backed up database file, you lose all data previously existing in the system. |
The Universal CMDB login fails. This may be due to an incorrect login name/password combination. |
Solution 1: Ensure that you enter a correct login user name/password combination. Solution 2: Restore the default |
Universal CMDB login fails due to unexpected errors. |
Solution 1: Select Start > All Programs > UCMDB > Universal CMDB Server Status and ensure that the service is running. Solution 2: Look for errors in the following log files:
If you find errors that are unfamiliar to you, contact Micro Focus Software Support. |
Universal CMDB fails to start, even though the password was successfully changed. |
Restore the default passwords:
|
After upgrading UCMDB from version 10.30 (or earlier) to 10.31 (or later), LDAP authentication fails and users cannot log in to UCMDB. | For more details about the problematic scenario, possible cause and solutions, see . |
Java Not Installed on Client Machine
If Java is not installed on your machine or you have a version older than Java 8, during login a message is displayed asking you to install the correct Java Runtime Environment version. JRE is needed to view Universal CMDB applets.
Click the relevant button to allow Universal CMDB to install Java from either oracle.com or the Universal CMDB Server.
Problem. The upgrade to version 11.0 fails.
Solution: To restore to the previous version, perform the following steps:
Problem. You have been assigned the appropriate permissions for Configuration Manager but you are not able to log in.
Solution. Verify that the following parameters are configured correctly in UCMDB:
Problem. There is an error in the UCMDB connection.
Solution. One of the following may be the cause:
The UCMDB server is down. Restart Configuration Manager after UCMDB is fully up (verify that the UCMDB server status is Up).
The UCMDB server is up but the Configuration Manager connection credentials or URL is wrong.
Problem. After changing UCMDB connection settings (such as changes to: host/port/protocol/SRP), the Configuration Manager server fails to start.
Solution. Reconfigure Configuration Manager and specify the UCMDB connection settings that reflect your latest changes. The reconfiguration wizard (CM_11.0.exe) is located in the <Configuration_Manager_installation_directory>\_installation folder.
Problem. Changes to the UCMDB class model are not detected in Configuration Manager.
Solution. Restart the Configuration Manager server.
Problem. The Configuration Manager log contains a UCMDBExecution timeout expired error.
Solution. This occurs when the UCMDB database is overloaded. To correct this, increase the connection timeout as follows:
Create a jdbc.properties file in the UCMDBServer\conf folder.
Enter the following text: QueryTimeout=<number in seconds>
.
Restart the UCMDB server.
Problem. Configuration Manager does not allow you to add a view to be managed.
Solution. When a view is added to be managed, a new TQL is created in UCMDB. If the maximum limit of active TQLs is reached, the view cannot be added. Increase the limit of active TQLs in UCMDB by changing the following settings in the Infrastructure Settings Manager:
Max Number Of Active TQLs In Server
Max Number Of Customer Active TQLs
Problem. The HTTPS Server certificate is not valid.
Solution. One of the following may be the cause:
The validation date of the certificate has passed. You need to get a new certificate.
The certification authority on the certificate is not a trusted authority. Add the certification authority to your Trusted Root Certification Authority list.
Problem. When logging in from the Configuration Manager login page, you get a login error or access denied page.
Solution. Check that the LW-SSO settings are correct. For details, see the general LW-SSO reference in the Hardening section of the UCMDB Help.
Problem. The Configuration Manager server does not start due to entering incorrect database credentials.
Solution. If you made a change to the database credentials and the server fails to start, the credentials may be wrong. You need to re-encrypt the database password and enter new credentials in the configuration file. Proceed as follows:
From a command line, run the following command to encrypt the updated database password:
<Configuration_Manager_installation_directory>\bin\encrypt-password.bat –p <password>
which returns an encrypted password.
Copy the encrypted password (including the {ENCRYPTED}
prefix), into the db.password parameter in the <Configuration_Manager_installation_directory>\conf\database.properties file.
Problem. The Configuration Manager Tomcat server does not start due to a bind port issue.
Solution. Try one of the following:
Run the Post install wizard and replace the Configuration Manager server ports.
Abort the other process that occupies the Configuration Manager ports.
Manually change the ports in Configuration Manager configuration files by editing the following file: <Configuration Manager installation directory>\servers\server-0\conf\server.xml and updating the relevant ports:
HTTP (8180): line 69
HTTPS (8143): lines 71, 90
Problem. You receive an "out of memory" message.
Solution. Do the following to change the server startup parameters:
Run the following batch file:
<Configuration Manager installation directory>/bin/edit-server-0.bat
Change the following settings:
-Dapplication.ms=<inital memory pool size>
-Dapplication.mx=<maximum memory pool size>
Problem. Changes in CIs in UCMDB are not reflected in Configuration Manager.
Solution. Configuration Manager runs an offline asynchronous analysis process. The process may not yet have processed the latest changes in UCMDB. To resolve this, try one of the following:
Wait a few minutes. The default interval between analysis process executions is 10 minutes. It is configurable in Administration > Settings.
Execute a JMX call to run the offline analysis calculation on the relevant view.
In Policies, click the Recalculate Policy Analysis button. This invokes the offline analysis process for all views (which may take some time). You may also need to make an artificial change to one policy and save it.
Limitations
The time settings on the UCMDB and Configuration Manager servers must be synchronized, down to the seconds.
The time zone and time format on the UCMDB and Service Manager servers must be synchronized.
Whenever the time is changed on the Configuration Manager Tomcat server, the server must be restarted to update the time on the server.
Troubleshooting
Problem. When you start the Configuration Manager service, you receive the following error message:
Windows could not start the Universal CMDB Configuration Manager on Local Computer. For more information, review the System Manager Event log. If this is a non-Microsoft service, contact the service vendor, and refer to service-specific error code 0.
Solution. Do the following:
Go to the <Configuration_Manager_installation_directory>\cnc\bin folder and execute the following command:
edit-server-0.bat
Problem. During authentication of Configuration Manager after redirection to the UCMDB login page, you are not redirected back to Configuration Manager but UCMDB opens instead.
Solution. The Configuration Manager authentication session cookie is blocked or denied when using Internet Explorer browser. Add the Configuration Manager server to the Intranet/Trusted zone in the Internet Explorer security zones on your computer (Tools > Internet Options > Security > Local Intranet > Sites > Advanced). This allows all cookies to be accepted.
Solution. Make sure that the LW-SSO configuration in UCMDB settings is correct. For details, see the section about LW-SSO in the Hardening section of the UCMDB Help.
Possible solution. Make sure that you access the application with the Fully Qualified Domain Name (FQDN) in the login URL (for example: http://myserver.companydomain.com/WebApp).
© 2011 - 2018 Micro Focus or one of its affiliates