Universal CMDB

For the Windows and Redhat Enterprise Linux operating systems

Software Version: 11.0

Customized output from:

Document Release Date: February 2018

Software Release Date: February 2018

Micro Focus logo

Legal Notices

Warranty

The only warranties for products and services of Micro Focus and its affiliates and licensors (“Micro Focus”) are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Micro Focus shall not be liable for technical or editorial errors or omissions contained herein. The information contained herein is subject to change without notice.

Restricted Rights Legend

Confidential computer software. Except as specifically indicated otherwise, a valid license from Micro Focus is required for possession, use or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor's standard commercial license.

Disclaimer

Certain versions of software and/or documents (“Material”) accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.

Copyright Notice

© 2011 - 2018 Micro Focus or one of its affiliates.

Trademark Notices

MICRO FOCUS and the Micro Focus logo, among others, are trademarks or registered trademarks of Micro Focus (IP) Limited or its subsidiaries in the United Kingdom, United States and other countries. All other marks are the property of their respective owners.

Adobe™ is a trademark of Adobe Systems Incorporated.

Microsoft® and Windows® are U.S. registered trademarks of Microsoft Corporation.

UNIX® is a registered trademark of The Open Group.

 
 
 
 

Welcome to the Universal CMDB Deployment Guide

How to Work with the Interactive Guide

The questions that follow will help you customize the information that will appear in your interactive Deployment Guide.

Carefully read the instructions to the right of each set of selections—this information will guide you as to which selections are mandatory and when.

Tip: If your customized document seems to be missing information, this might mean that you have not selected a mandatory selection. You can change your selections after viewing your generated document.

What product set do you want to deploy?

UCMDB with Universal Discovery and UCMDB Configuration Manager
UCMDB with Universal Discovery
UCMDB with UCMDB Configuration Manager
UCMDB only
UCMDB Configuration Manager only
Data Flow Probe (for Universal Discovery) only
Smart Software Analytics

Select a deployment option.

Note:  

  • If you are installing or upgrading UCMDB, you must select a platform and database below.

  • If you are upgrading UCMDB, and your system has Data Flow Probes defined, select also the relevant Data Flow Probe deployment (Windows/Linux/both). See below.

Do you want to install/upgrade/uninstall Universal CMDB?

Install UCMDB 11.0
Upgrade from UCMDB 10.xx to UCMDB 11.0
Uninstall UCMDB
Uninstall UCMDB and Data Flow Probes

Select a deployment option for the UCMDB Server.

Note: If you are installing or upgrading UCMDB, you must select a platform and database below.

Select a UCMDB Server platform

Windows platform
Red Hat Enterprise Linux platform

Select the platform for your UCMDB Server.

Select a UCMDB Server database

Oracle
MS-SQL
PostgreSQL

Select your database

Which Data Flow Probes do you want to install for Universal Discovery?

Install Data Flow Probe on Windows
Install Data Flow Probe on Linux

The Data Flow Probe is used to perform Universal Discovery and Integration. You can select one or more of these options.

Do you want to upgrade Data Flow Probes manually for Universal Discovery?

Upgrade Data Flow Probe on Windows

The Data Flow Probe is used to perform Universal Discovery and Integration. Select if you want to upgrade Data Flow Probe manually on Windows.

Do you want to install/upgrade/uninstall Universal CMDB Configuration Manager?

Install UCMDB Configuration Manager 11.0
Upgrade UCMDB Configuration Manager 10.xx to UCMDB Configuration Manager 11.0
Uninstall UCMDB Configuration Manager

Select a deployment option for Configuration Manager.

Note:  

  • You can only upgrade Configuration Manager if you are also upgrading UCMDB. If you are performing a clean installation of UCMDB, you must perform a clean installation of Configuration Manager as well (not an upgrade).

  • If you have any version of Configuration Manager earlier than 10.01 installed, you must upgrade to version 10.01, then to 10.10, then to 10.20, then to 10.22, and then apply 10.22 CUP6 (or a later CUP), then to 10.23, then to 11.0, and then to 2018.05 before upgrading to version 11.0. For details on upgrading Configuration Manager to version 10.01 and later, see the interactive Universal CMDB Deployment Guide for version 10.01 and later, available from the Micro Focus Support site (https://softwaresupport.softwaregrp.com).

Are you setting up a high-availability environment?

High availability environment
Non High-availability environment

High Availability is a mode of running UCMDB on a cluster of two or more servers to enable load balancing, and to ensure system availability. For more information, see UCMDB in a High Availability Environment.

Do you want to set up Smart Software Analytics?

Set up a Smart Software Analytics Server

Set up a Smart Software Analytics (SSA) server that automatically teaches unrecognized software by intelligently using Natural Language Processing (NLP) and machine learning technology.

Do you want to set up a Solr environment?

Standalone Solr environment
High-availability Solr cluster environment
Embedded Solr environment

Set up a Solr environment for UCMDB Browser, Service Discovery, or consumer-provider dependency adapters. If you select to use the embedded Solr environment, you do not need to take any action. The embedded Solr environment is installed and enabled by default with the Enable Search option in the UCMDB Server Configuration wizard.

View or print

You can view your customized document on the screen, or print it.

If you have a PDF print driver installed on your computer, click Print to create PDF documents that are customized according to your selections. PDF print drivers are available from several open source and third-party providers.

Check your selections

The following steps are customized according to your selections. Check that your selections are correct.

 

If any selections are not correct, click Change.

Welcome to the UCMDB Deployment Guide

This guide references the following sections in the UCMDB Online Help:

Before You Install UCMDB

Pre-deployment Planning

Deploying Universal CMDB in an enterprise network environment is a process that requires resource planning, system architecture design, and a well-planned deployment strategy. The following checklist describes some of the basic issues that should be considered prior to installation. For comprehensive best practices documentation on deployment planning, consult with Micro Focus Professional Services.

Use the following checklist to review the basic issues that your organization should consider when planning the Universal CMDB deployment.

UCMDB
 

Define what you want to do with Universal CMDB:

  • System component mapping
  • Root-cause analysis
  • Impact analysis
  • Data center relocation/consolidation
  Analyze the organization’s goals and identify the key IT-enabled business processes to achieve these goals.
  Analyze the IT processes, and organizational structure and culture that can affect, or be affected by, the deployment.
  Identify the target users (those with a vested interest in the business processes), such as executives, LOB managers, application owners, system administrators, and security auditors.
  Identify the appropriate Universal CMDB functionality.
Universal Discovery
  Define the protocols to be used for Universal Discovery and ensure that the protocols are available for use.
  Verify that you have access rights for the protocols to be used for Universal Discovery. Ask the system administrator for the user name and password for the relevant protocols.
  Define the speed and utilization of the network subnets to be discovered. You may find that you need to increase timeouts for some of the protocols.
 

Ensure that the applications you are planning to discover are running with default ports. If they are not, update the appropriate mappings in the discovery ports configuration file. For a list of supported applications and default ports, see the Universal CMDB Discovery and Integrations Content Help.

 

Identify the components to be discovered:

  • Server hardware platform
  • Server operating system and version
  • Network device types
 

Install the following tools and utilities to help analyze discovery processes:

  • SNMP tool
  • WMI tool
  • LDAP browser
  • Log file tailer (for example, BareTail for Windows or a UNIX tail utility)

Micro Focus provides the following recommendations for increasing the security of your overall infrastructure for informational purposes only. These are only recommendations and are not intended to be a guarantee of protection against all potential vulnerabilities and attacks. Please note that some security measures may impact the features and functionality of your overall system; so, it is recommended that every customer become aware of those impacts when implementing any changes to your environment.

Use of this Micro Focus Software Product [UCMDB] may require the pre-installation of certain third-party components that are not provided by Micro Focus ("Third Party Components"). It is recommended that its customers check frequently for the most current updates to the Third Party Components, which may include fixes or patches for security vulnerabilities.

Installation Workflow

The installation workflow contains the following main stages:

  1. Set up the CMDB database server.

    Set up the Microsoft SQL Server

    Set up the Oracle Server.

    Set up a remote PostgreSQL Server.

    Note: This step is necessary only if you are installing the PostgreSQL server remotely. If your intention is to install a PostgreSQL database locally, follow the instructions in the UCMDB Server installation procedure.

  2. Install the Universal CMDB Server.

    Install the UCMDB Server and configure the connection to the database.

    Install the Universal CMDB Servers.

    For High Availability, install two or more UCMDB Servers and configure their connection to the database and the load balancer.

  3. Install Universal CMDB Configuration Manager

    Install and configure Configuration Manager to analyze and control the data in UCMDB.

  4. Install one or more Data Flow Probes

    The Data Flow Probes are the components that enables the flow of data from the UCMDB to remote machines and back.

  5. Secure the UCMDB Server

    For details, see the Hardening section of the UCMDB online help.

  6. Secure the Data Flow Probe.

    For details, see the Hardening section of the UCMDB online help.

  7. Launch Universal CMDB.

Installing the UCMDB Server - Pre-Installation Considerations

Consider the following prior to installing Universal CMDB on Windows:

  • It is highly recommended that you plan your deployment properly before commencing installation. For details, see Before You Install UCMDB above.
  • Do not install Universal CMDB on a drive that is mapped to a network resource.
  • Have the following information ready before beginning installation:

    • Information for setting the CMDB database parameters.
    • Administrator’s email address. (Optional)
    • SMTP mail server name. (Optional)
    • SMTP sender name. This name appears on alerts sent from UCMDB. (Optional)
  • Universal CMDB must not be installed more than once on a server even if the instances are installed in different folders or are different versions.
  • Due to Web browser limitations, the name of machine running the Universal CMDB Server should consist only of alphanumeric characters (a-z, A-Z, 0-9), hyphens (-), and periods (.).

    If the names of the machine running the Universal CMDB Server contains underscores, it may not be possible to log in to Universal CMDB. In this case, you should use the machine’s IP address instead of the machine name.

  • Database user names and passwords can contain alphanumeric characters from the database character set as well as the underscore sign. Names must begin with an alphabetic character and should not exceed 30 characters.
  • Ensure that the network adapter on the machine on which you are installing Universal CMDB is configured with the desired IP interface (IPv4/IPv6).
  • For standard and enterprise level UCMDB deployments, it is recommended to disable the out-of-the-box (OOTB) enrichment scheduler SoftwareElementDisplayLabel for enrichment SoftwareElementDisplayLabelForExistingHost (or any scheduler that uses this enrichment). For such environments, if the enrichment runs triggered by the scheduler, it uses more memory when running and may trigger out-of-memory errors, or when these big objects are cleared from the memory heap by the garbage collection, it may trigger long FULL GC which may restart UCMDB if HIGH availability is configured.

    If there is a business need to populate node names to running software CIs container Name attribute then the enrichment SoftwareElementDisplayLabelPopulator can be used instead. Basically enrichments SoftwareElementDisplayLabelForExistingHost, SoftwareElementDisplayLabelForNewHost, and SoftwareElementDisplayLabelPopulator will all update the container Name of running software CIs. There is no need to run all of them.

  • When you perform a fresh install of UCMDB 11.0 or upgrade UCMDB to version 11.0, by default there are no composite indexes with the CMDB_ID as a key column in Oracle database (ROOT tables) or Microsoft SQL databases (ROOT and CDM tables). This is an optimization introduced in version 10.30. While it increases the speed of data-in, the data consumption becomes slower.
  • Database requirements

    • It is strongly recommended to host database server (Oracle, Microsoft SQL, or PostgreSQL) on a physical machine, and it should be an independent server without other applications (including the UCMDB server) running on it.

      Also, if the database server machine is a virtual machine, the resource MUST be dedicated for the database server.

    • Apart from the embedded PostgreSQL database server, installing UCMDB server and database server (Oracle, Microsoft SQL, or PostgreSQL) together on the same machine is not supported.

    • The hardware requirements could be the same as those for UCMDB server, but the DB SPACE depends on the data scale. For example, for a data scale of 30 millions CIs, we recommended 500 GB or more space for data files and 200 GB or more space for log files.
  • Embedded PostgreSQL is not supported on Enterprise deployments of UCMDB.
  • In High Availability environments,

    • the machines used for the UCMDB Servers should have similar hardware and the same amount of memory.
    • UCMDB Servers in a cluster must work on the same port number for HTTP, HTTPS, and so on. You cannot configure the two UCMDB Servers to work on different ports.

Note the following prior to installing Universal CMDB on Linux:

  • Make sure you can connect to Linux GUI remotely. For example, you have VNC connection.

  • It is highly recommended that you thoroughly read the introduction to this guide before commencing installation. For details, see Before You Install UCMDB.

  • Have the following information ready before beginning installation:

    • Information for setting the CMDB database parameters.

    • Administrator’s email address. (Optional)

    • SMTP mail server name. (Optional)

    • SMTP sender name. This name appears on alerts sent from UCMDB. (Optional)

  • Universal CMDB must not be installed more than once on a server even if the instances are installed in different folders or are different versions.

  • Due to Web browser limitations, the names of server machines running the Universal CMDB server should consist only of alphanumeric characters (a-z, A-Z, 0-9), hyphens (-), and periods (.).

    If the names of the machines running the Universal CMDB servers contain underscores, it may not be possible to log in to Universal CMDB. In this case, you should use the machine’s IP address instead of the machine name.

  • Database user and password names can contain alphanumeric characters from the database character set as well as the underscore sign. Names must begin with an alphabetic character and should not exceed 30 characters.

  • Ensure that the network adapter on the machine on which you are installing Universal CMDB is configured with the desired IP interface (IPv4/IPv6).

    Note: Configure these settings from the configuration file in /etc/sysconfig/network-scripts/ifcfg-eth0

  • For standard and enterprise levels UCMDB deployments, it is recommended to disable the out-of-the-box (OOTB) enrichment scheduler SoftwareElementDisplayLabel for enrichment SoftwareElementDisplayLabelForExistingHost (or any scheduler that uses this enrichment).

    For such environments, if the enrichment runs triggered by the scheduler, it uses more memory while running and may trigger out-of-memory exceptions, or when these big objects are cleared from the memory heap by the garbage collection (GC), it may trigger long FULL GC which may restart UCMDB if HIGH availability is configured.

    If there is a business need to populate node names to running software CIs container Name attribute then the enrichment SoftwareElementDisplayLabelPopulator can be used instead. Basically enrichments SoftwareElementDisplayLabelForExistingHost, SoftwareElementDisplayLabelForNewHost, and SoftwareElementDisplayLabelPopulator will all update the container Name of running software CIs. There is no need to run all of them.

  • When you perform a fresh install of UCMDB 11.0 or upgrade UCMDB to version 11.0, by default there are no composite indexes with the CMDB_ID as a key column in Oracle database (ROOT tables) or Microsoft SQL databases (ROOT and CDM tables). This is an optimization introduced in version 10.30. While it increases the speed of data-in, the data consumption becomes slower.

  • Database requirements

    • It is strongly recommended to host database server (Oracle, Microsoft SQL, or PostgreSQL) on a physical machine, and it should be an independent server without other applications (including the UCMDB server) running on it.

      Also, if the database server machine is a virtual machine, the resource MUST be dedicated for the database server.

    • Apart from the embedded PostgreSQL database server, installing UCMDB server and database server (Oracle, Microsoft SQL, or PostgreSQL) together on the same machine is not supported.
    • The hardware requirements could be the same as those for UCMDB server, but the DB SPACE depends on the data scale. For example, for a data scale of 30 million CIs, we recommended 500 GB or more space for data files and 200 GB or more space for log files.
  • Embedded PostgreSQL is only supported for small deployments of UCMDB.
  • (Embedded PostgreSQL database only) On Linux platform, if you plan to use the embedded PostgreSQL database, make sure you do the following:

    1. Uninstall the local PostgreSQL that comes with the Linux installation.

      Note: On Linux systems, there is a conflict between the embedded PostgreSQL that comes with UCMDB and the local PostgreSQL that comes with the Linux installation. If you don't uninstall the local PostgreSQL that comes with the Linux installation, you won't be able to log in to UCMDB server later due to the conflict.

    2. Install the UCMDB server, and on the Install Local PostgreSQL DB wizard page, select Yes to install the embedded PostgreSQL database that comes with UCMDB server. For detailed instructions, see the Installing the UCMDB Server - Installation section below.
    3. Configure UCMDB server to connect to the embedded PostgreSQL database. For detailed instructions, see the Installing UCMDB - Configure the Database section below.
  • In High Availability environments,

    • the machines used for the UCMDB Servers should have similar hardware and the same amount of memory.
    • UCMDB Servers in a cluster must work on the same port number for HTTP, HTTPS, and so on. You cannot configure the two UCMDB Servers to work on different ports.

Installing the UCMDB Server - Installation

The following procedure explains how to install a UCMDB Server on a Windows machine.

Note:  

  • Installation of the UCMDB Server from the InstallAnywhere console is not supported.

  • Before you perform a new installation of UCMDB Server, always check and uninstall any existing UCMDB instances.

    For detailed instructions about uninstalling an existing UCMDB instance, see Uninstalling UCMDB

  1. Extract the package for the Windows platform, and then double-click UCMDB_Server_11.0.xxx.exe.

    Note: If you get a message that the digital signature is not valid, you should not install UCMDB. In this case, contact Micro Focus Support.

  2. Choose the locale language and click OK.

  3. The Introduction page opens. Click Next.

  4. The License Agreement page opens. Accept the terms of the end-user license agreement and click Next.

  5. The Select Installation Folder page opens.

    Accept the default destination, C:\UCMDB\UCMDBServer\, or click Choose to select a different installation folder. The installation path must not contain non-English characters or spaces.

    Tip: To display the default installation folder again, click Restore Default Folder.

    Click Next.

  6. The Select Installation Type page opens. Select New Installation and click Next.

  7. The Install Local PostgreSQL DB page opens.

    • If you want the installer to install a local PostgreSQL database, select Yes.

    • If your PostgreSQL Server is installed on a remote machine, select No.

    Click Next.

    Select No and click Next.

  8. If you selected Yes in the previous step, you must provide the port and credentials of the local PostgreSQL database

    1. On the Set Up Local Database Port page that opens, enter the number of the port through which the local PostgreSQL database will communicate, and click Next.

    2. On the Set Up Local Database Account page that opens, enter the user name and password for the local PostgreSQL database. Enter the password a second time for confirmation, and click Next.

  9. The Master Key Configuration page opens. Enter a master key for password encryption.

    Note: The master key must contain exactly 32 characters and include at least one of each of the following four types of characters:

    • Uppercase alphabetic characters
    • Lowercase alphabetic characters
    • Numeric characters
    • Special characters: :/._+-[]
  10. The Password Configuration page opens. Specify the passwords to be used for default system accounts:

    • On the Set Up Keystore Password page, enter the password that you want to use for the keystore, and then enter the password again to validate it.
    • On the Set Up Truststore Password page, enter the password that you want to use for the truststore, and then enter the password again to validate it.

      Note:  

      • The keystore/truststore passwords setup will only be present if default passwords are used. If custom passwords are already in use, the installer wizard will not ask for them again.

      • The installer encrypts the above keystore/truststore passwords you provided in a newly generated file server-storepass.conf.
      • The keystore/truststore passwords must follow the password policy below:

        The password must contain 8 to 16 characters and include at least one of each of the following four types of characters:

        • Uppercase alphabetic characters
        • Lowercase alphabetic characters
        • Numeric characters
        • Special characters: :/._+-[]
    • On the Set Up Administrator Password page, enter the password that you want to use for the UCMDB administrator account (user name: admin), and then enter the password again to validate it.
    • On the Set Up System Administrator page, enter the password that you want to use for the system administrator who can log into the JMX console (user name: sysadmin), and then enter the password again to validate it.
    • On the Set Up UI System Administrator User Password page, enter the password that you want to use for the default UI system administration user account (user name: UISysadmin), and then enter the password again to validate it.

      Note: Password policy for admin, sysadmin, and UISysadmin:

      The password must contain 8 to 16 characters and include at least one of each of the following four types of characters:

      • Uppercase alphabetic characters
      • Lowercase alphabetic characters
      • Numeric characters
      • Special characters: :/._+-[]
  11. The Pre-Installation Summary page opens displaying the installation options you selected.

    If you are satisfied with the summary, click Install. A message is displayed indicating that the installation is currently being performed.

  12. When the installation is complete, the Configure Universal CMDB Server message is displayed.

    Click Yes to continue with the configuration.

  13. On the last page of the installation wizard, click Done to complete the installation.

The following procedure explains how to install the UCMDB Server on a Linux machine.

Note: Installation of the UCMDB Server from the InstallAnywhere console is not supported.

  1. Prerequisite: Apply one of the following configurations to the Linux machine:

    • Option 1:

      • In the /etc/sysctl.conffile, add or update the fs.file-max value to fs.file-max = 300000
      • At the end of the /etc/security/limits.conf file, add:

        * soft nofile 20480

        * hard nofile 20480

    • Option 2:

      Modify the /etc/profile file as follows (through terminal):

      • Old line:

        ulimit -S -c 0 > /dev/null 2>&1
      • New line:

        ulimit -n 200000 >/dev/null 2>&1

      Note: You probably need privileges to modify these files. You may need to restart the Linux machine for the changes to take effect.

  2. The Universal CMDB Linux installation works as a graphic-based installation. Before running the installer, configure the DISPLAY environment variable to point to a running instance of an X Windows Server.

  3. Extract the package for the Linux platform, and then execute the following command:

    sh <path to the installer>/UCMDB_Server_11.0.xxx.bin

    Caution: Console mode is not supported.

  4. The UCMDB installation opens. Choose the locale language and click OK.

  5. The Introduction page opens. Click Next.

  6. The License Agreement page opens. Accept the terms of the end-user license agreement and click Next.

  7. The Select Installation Folder page opens.

    Accept the default path, /opt/UCMDB/UCMDBServer/, or click Choose to select a different installation folder. The installation path must not contain non-English characters or spaces.

    Note: To display the default installation folder again, click Restore Default Folder.

    Click Next.

  8. The Select Installation Type page opens. Select New Installation, and click Next.

  9. The Install Local PostgreSQL DB page opens.

    • If you want the installer to install a local PostgreSQL database, select Yes.

    • If your PostgreSQL Server is installed on a remote machine, select No.

    Click Next.

    Select No and click Next.

  10. If you selected Yes in the previous step, you must provide the port and credentials of the local PostgreSQL database

    1. On the Set Up Local Database Port page that opens, enter the number of the port through which the local PostgreSQL database will communicate, and click Next.

    2. On the Set Up Local Database Account page that opens, enter the user name and password for the local PostgreSQL database. Enter the password a second time for confirmation, and click Next.

  11. The Master Key Configuration page opens. Specify the master key for password encryption.

    Note: The master key must contain exactly 32 characters and include at least one of each of the following four types of characters:

    • Uppercase alphabetic characters
    • Lowercase alphabetic characters
    • Numeric characters
    • Special characters: :/._+-[]
  12. The Password Configuration page opens. Specify the passwords to be used for default system accounts:

    • On the Set Up Keystore Password page, enter the password that you want to use for the keystore, and then enter the password again to validate it.
    • On the Set Up Truststore Password page, enter the password that you want to use for the truststore, and then enter the password again to validate it.

      Note:  

      • The keystore/truststore passwords setup will only be present if default passwords are used. If custom passwords are already in use, the installer wizard will not ask for them again.

      • The installer encrypts the above keystore/truststore passwords you provided in a newly generated file server-storepass.conf.
      • The keystore/truststore passwords must follow the password policy below:

        The password must contain 8 to 16 characters and include at least one of each of the following four types of characters:

        • Uppercase alphabetic characters
        • Lowercase alphabetic characters
        • Numeric characters
        • Special characters: :/._+-[]
    • On the Set Up Administrator Password page, enter the password that you want to use for the UCMDB administrator account (user name: admin), and then enter the password again to validate it.
    • On the Set Up System Administrator page, enter the password that you want to use for the system administrator who can log into the JMX console (user name: sysadmin), and then enter the password again to validate it.
    • On the Set Up UI System Administrator User Password page, enter the password that you want to use for the default UI system administration user account (user name: UISysadmin), and then enter the password again to validate it.

      Note: Password policy for admin, sysadmin, and UISysadmin:

      The password must contain 8 to 16 characters and include at least one of each of the following four types of characters:

      • Uppercase alphabetic characters
      • Lowercase alphabetic characters
      • Numeric characters
      • Special characters: :/._+-[]
  13. The Pre-Installation Summary page opens, and displays the installation options you selected.

    If you are satisfied with the summary, click Install. A message is displayed indicating that the installation is currently being performed.

  14. When the installation is complete, the Configure Universal CMDB Server message is displayed.

    Click Yes to continue with the configuration.

    Note: If you prefer, you can set up the database or schema later. In that case, run the configure.sh script located in /opt/UCMDB/UCMDBServer/bin.

  15. On the last page of the installation wizard, click Done to complete the installation.

Installing UCMDB - Configure the Database

This section includes:

 

Creating a Database or Connecting to an Existing One?

You need to decide whether to create the database users yourself or use predefined users:

  • Create a database or schema user in the following cases:

    • There are no existing database users.

    • There are existing database users, but you want to initialize the database default contents.

  • Connect to an existing database or schema user in the following cases:

    • You want to upgrade to a newer version of Universal CMDB, using the database contents you have from the previous version of Universal CMDB.

    • You do not want to change the database’s default contents, for example, because you have data in your database or schema from a previous installation of the same release. In this case, Setup updates the necessary server configuration files with the database details and updates the database scripts configuration file.

    • Your database administrator provides instructions for creating the database users in advance according to company policy.

 

Required Information for Setting Database Parameters

Before setting CMDB database parameters, prepare the following information, needed for creating a new database or connecting to existing ones:

  • Host name. The name of the machine on which Microsoft SQL Server is installed. If you are connecting to a non-default Microsoft SQL Server instance, enter the following: <host_name>\<instance_name>
  • Port. The Microsoft SQL Server TCP/IP port. Universal CMDB automatically displays the default port, 1433.
  • Database (schema) name. The name of the existing database, or the name that you will give your new database (for example, ucmdb_database).
  • User name and Password. (if you are using Microsoft SQL Server authentication) The user name and password of a user with administrative rights on Microsoft SQL Server. The default Microsoft SQL Server administrator user name is sa.

    Note: A password must be supplied.

You can create and connect to a database using Windows authentication instead of Microsoft SQL Server authentication. To do so, you must ensure that the Windows user running the Universal CMDB service has the necessary permissions to access the Microsoft SQL Server database.

  • For information on assigning a Windows user to run the Micro Focus Universal CMDB service, see the section about changing the UCMDB Server Services user, in the Hardening section of the UCMDB Help.
  • For information on adding a Windows user to Microsoft SQL Server, see the section describing using Windows authentication to access Microsoft SQL Server databases in the Database section of UCMDB Help.

Before setting CMDB database parameters, ensure that you have created at least one default tablespace for each user schema for data persistency purposes, and that at least one temporary tablespace is assigned to each user schema.

You need the following information for both creating a new user schema and connecting to an existing one:

  • Host name. The name of the host machine on which Oracle Server is installed.
  • Port. The Oracle listener port. Micro Focus Universal CMDB automatically displays the default port, 1521.
  • SID. The Oracle instance name that uniquely identifies the Oracle database instance being used by Universal CMDB.
  • Schema name and schema password. The name and password of the existing user schema, or the name that you are giving the new user schema (for example, UCMDB_schema).

If you are creating a new user schema, you need the following additional information:

  • Admin user name and admin password (to connect as an administrator). The name and password of a user with administrative permissions on the Oracle Server (for example, a System user).
  • Default tablespace. The name of the default tablespace you created for the user schema. For details on creating an CMDB tablespace, see the section describing how to manually create Oracle Server database schemas in the Database section of UCMDB Help.
  • Temporary tablespace. The name of the temporary tablespace you assigned to the user schema. The default Oracle temporary tablespace is temp.

Note:  

  • To create a new user schema, you must have user creation privileges.
  • For advanced Oracle connection, check the following sections if needed:

    1. "Configure Universal CMDB and Configuration Manager to Support Oracle Advanced Security Option (ASO)" in the Hardening section of the UCMDB Help
    2. "Real Application Cluster Support" in the Database section of UCMDB Help

Before setting CMDB database parameters, prepare the following information, needed for creating a new database or connecting to existing ones:

  • If you are installing a local PostgreSQL database, prepare a Schema name.
  • If you are connecting to a remote PostgreSQL Server, prepare the following:

    • Host name. The name of the remote machine on which PostgreSQL Server is installed: <host_name>\<instance_name>

    • Port. The PostgreSQL Server TCP/IP port.
    • Database (schema) name. The name of the existing database, or the name that you will give your new database (for example, ucmdb_database).

    • User name and Password. The user name and password of a user with administrative rights on PostgreSQL Server.

 

Set Up the Database

  1. On the first page of the UCMDB Server Configuration wizard, click Next.

  2. On the CMDB Schema page, select Create a new schema or Connect to an existing schema and click Next.

    Note: When connecting to an existing schema:

    • The CMDB schema version must match the server version. If the versions do not match, an error message is displayed and you must re-enter the schema settings.

    • The version of the UCMDB Discovery and Integrations Content Pack in the file system (installation folder) must be the same as the version in the schema.

  3. The CMDB Schema Settings page opens.

    In the DB Type list, select Oracle and click Next. Additional fields appear in the dialog box.

    In the DB Type list, select MS SQL Server and click Next.

    In the DB Type list, select PostgreSQL Server and click Next.

  4. Enter the details of the schema:

    • Schema name. The schema name should be unique.

    • Default tablespace. Update this field.

    • Temporary tablespace. If your database administrator created a non-default temporary tablespace, enter that name; otherwise, enter temp.

    Enter the host name and database name, and decide which authentication Universal CMDB should use to connect to the database server. For details on Windows authentication, see in the Universal CMDB Database Guide.

    Enter the details of the schema.

    • If you are installing a local PostgreSQL database, ensure that the details of the PostgreSQL database are defined correctly.

      • Host name. localhost
      • Port. 5431
      • Schema name. Provide a Schema name of your choice, for example, ucmdb_database.
      • Username and Password. Provide the credentials you configured during the UCMDB installation.
    • If you are connecting to a remote PostgreSQL Server, delete the default values, and provide the relevant information.

    Note: Ensure that the Schema name follows the PostgreSQL naming conventions:

    • The name can contain only lowercase letters, numbers, and underscores
    • The first character must be a lowercase letter.
    • Maximum allowed length is 63 characters

    Click Next.

  5. The Advanced Settings page opens:

    • Enable Multi Tenancy. Select this option if you are setting up UCMDB to work in a multi-tenancy environment.

      Note: After installation, the tenancy environment (single tenancy versus multi-tenancy) cannot be modified.

    • Enable Search. Select this option to enable UCMDB data indexing for efficient search capabilities.

      Note: Select this option if you will use any of the following:

      • UCMDB Browser
      • Service Discovery
      • Consumer-provider dependency adapters
  6. Click Finish to close the UCMDB Server Configuration wizard.

 

Configure Universal CMDB to Support Oracle Advanced Security Option (ASO)

  1. Add the following lines to the sqlnet.ora file:

    SQLNET.ENCRYPTION_SERVER = required
    SQLNET.ENCRYPTION_TYPES_SERVER= (AES256)
    SQLNET.CRYPTO_CHECKSUM_TYPES_SERVER= (SHA1)
    SQLNET.CRYPTO_SEED = '23456789'
    SQLNET.CRYPTO_CHECKSUM_SERVER = required
    

    Note:  

  2. On the UCMDB Server, perform the following:

    1. Open the directory <UCMDB_install_dir>\UCMDBServer\conf. Locate the jdbc.properties file and add the following lines:

      For Oracle drivers (which are OOTB drivers used by UCMDB Server):

      Oracle=orcl
      orcl.CONNECTION_PROPERTY_THIN_NET_ENCRYPTION_LEVEL=REQUIRED
      orcl.CONNECTION_PROPERTY_THIN_NET_ENCRYPTION_TYPES=AES256
      orcl.CONNECTION_PROPERTY_THIN_NET_CHECKSUM_LEVEL=REQUIRED
      orcl.CONNECTION_PROPERTY_THIN_NET_CHECKSUM_TYPES=SHA1

      For DataDirect drivers:

      Oracle=ddoracle
      ddoracle.EncryptionTypes=AES256
      ddoracle.EncryptionLevel=required
      ddoracle.DataIntegrityTypes=SHA1
      ddoracle.DataIntegrityLevel=required
      

      Note:  

      • If the file does not exist, create an empty jdbc.properties file under the above folder and add the above lines in it.
      • For instructions about how to switch between DataDirect drivers and native Oracle drivers, see Data Push.
    2. Open the directory <UCMDB_install_dir>\UCMDBServer\bin\jre\lib\security. Replace the local_policy.jar and US_export_policy.jar files with the similar jar files from the Zulu Cryptography Extension Kit provided by OpenJDK.
    3. Restart the UCMDB Server.

Note: If upgrading UCMDB to version 11.0, after the upgrade, open the <UCMDB_install_dir>\UCMDBServer\bin\jre\lib\security directory and replace the local_policy.jar and US_export_policy.jar files with the similar jar files from the Zulu Cryptography Extension Kit provided by OpenJDK.

Caution: It is strongly recommended not to perform any downgrade action if the UCMDB is configured to support Oracle ASO.

 

Configure UCMDB to Connect Securely to Microsoft SQL Server with TLS Enabled

This section describes how to configure UCMDB to connect securely to Microsoft SQL Server.

  1. Prerequisite

    The Microsoft SQL Server to which UCMDB will connect needs to accept encrypted connections (SSL). For instructions about how to enable this, see https://support.microsoft.com/en-us/kb/316898 or contact your DBA.

  2. Configure UCMDB's JDBC drivers

    1. Install the UCMDB Server, without configuring the UCMDB Schema. For detailed information about how to install the Universal CMDB server, see the interactive Universal CMDB Deployment Guide
    2. Check if the \conf\jdbc.properties file exists. If not, create it.

      Note: The jdbc.properties file must be encoded in ANSI. If the file is UFT-8 encoded, the properties will be ignored.

    3. Add the following settings into the jdbc.properties file:

      SQLServer = ddmssql
      ddmssql.EncryptionMethod=SSL
      ddmssql.ValidateServerCertificate=true
    4. Save the file.

    Note: In case the Microsoft SQL Server is using a certificate that is not signed by a recognized Certificate Authority (CA) like a self-signed certificate, you need to import the Microsoft SQL Server database's certificate into the UCMDB Server's cacerts keystore (located in the <INSTALL_FOLDER>\UCMDBServer\bin\jre\lib\security\cacerts directory).

    To import the Microsoft SQL Server's certificate, run the following command:

    "<INSTALL_FOLDER>\UCMDBServer\bin\jre\bin\keytool.exe" -import -noprompt -trustcacerts -alias SQL_Server_Cert -file "<PATH TO SQL SERVER CERTIFICATE>" -keystore 
    "<INSTALL_FOLDER>\UCMDBServer\bin\jre\lib\security\cacerts" -storepass changeit

    If the command line prompts "Trust this certificate?", enter yes.

    To verify that the certificate was successfully imported, run the following command:

    "<INSTALL_FOLDER>\UCMDBServer\bin\jre\bin\keytool.exe" -list -keystore "<INSTALL_FOLDER>\UCMDBServer\bin\jre\lib\security\cacerts" -storepass changeit -alias SQL_Server_Cert
    1. Run the Configuration Wizard.

      Windows: Start > All Programs > UCMDB > Start Universal CMDB Server Configuration Wizard

      Linux: Run the <UCMDB_Server_InstallDir>/bin/configure.sh script

    2. Follow the wizard steps, and connect the UCDMB Server to the Microsoft SQL Server Database with TLS enabled.

    3. Start the UCMDB Server.

Installing UCMDB - Complete the installation

  1. On the last page of the installation wizard, click Done to complete the installation.

  2. IMPORTANT! Before you start the UCMDB Server, copy the encryption key (key.bin) that you backed up before you started the upgrade procedure to the following folder on the new machine:

    C:\UCMDB\UCMDBServer\conf\discovery\

    /opt/UCMDB/UCMDBServer/conf/discovery/

  3. Configure the JVM startup parameter:

    1. Open C:\UCMDB\UCMDBServer\bin\wrapper.conf/opt/UCMDB/UCMDBServer/bin/wrapper.conf

    2. Locate the following line:

      wrapper.java.additional.<#>=-Djava.net.preferIPv4Stack=
      • In an IPv4 or IPv4-IPv6 environment:, ensure that the Djava.net.preferIPv4Stack=true

      • In an IPv6-only environment, configure the UCMDB Server machine for IPv6 only by commenting out this whole line.
  4. Start the UCMDB Server:

    Start > All Programs > UCMDB > Start Universal CMDB Server

    /opt/UCMDB/UCMDBServer/bin/server.sh start

    Note:  

    • If you ran the UCMDB Server Configuration Wizard as part of Universal CMDB Server installation, you must start Universal CMDB Server only after successfully setting the parameters for all the databases.

      If you ran the UCMDB Server Configuration Wizard to modify previously defined database types or connection parameters, restart the Universal CMDB Server and the Data Flow Probes after successfully completing the parameter modification process.

    • When you start the UCMDB Server, it may take several minutes for the process to finish and for the Server to be up and running. This period of time increases with the size of the database schema.

  5. (CyberArk integration only)

    Check if new hash value is the same as the one you configured in the CyberArk server. If different, re-generate the hash value using the following command:

    java -Xms500m -Xmx1200m -jar JavaAIMGetAppInfo.jar GetHash /AppExecutablesPattern="C:\hp\UCMDB\DataFlowProbe\lib" /OnlyExecutablesWithAIMAnnotation=yes /LogFileDirectory="c:\temp"

    And then fill the newly generated hash value into the CyberArk server.

Set Up High Availability Mode

Note: This section is relevant only if your upgraded environment is to be a high-availability environment.

A typical configuration for a high-availability environment is two or more UCMDB Servers connecting to the same database server. The server are configured to work behind a load balancer, that is, the load balancer serves as the entry point to the UCMDB Servers. All of the UCMDB Servers are active at any given time and can handle both read and write requests. Requests are distributed to the UCMDB Servers in the cluster by the load balancer. While read requests are shared evenly among all of the UCMDB Servers (Readers), only one UCMDB Server (Writer) is also responsible for write requests at one time. Any write requests received by a Reader are passed to the Writer. Moreover, any of the UCMDB Servers can take over the Writer role in the case that the Writer becomes unavailable.

Note:

  • The load balancer used for high availability must have the ability to insert cookies and must be able to do health checks ("keepalive").

  • The instructions defined below are certified over the load balancer, F5 BIG-IP version 10.x (and later).

    If you are using a different load balancer, the configuration should be performed by a network administrator who has a wide knowledge about how to configure your load balancer, and similar principles should be applied.

  • The set up procedure below assumes that you already have at least one UCMDB Server installed and configured.

To set up a high availability environment:

To set up a high availability environment after upgrading from UCMDB 10.xx to UCMDB 11.0:

  1. Install one or more additional UCMDB Servers to create a UCMDB Server cluster

    Install the UCMDB Servers as you did the first UCMDB Server with one difference: when running the Server Configuration wizard to configure the database on the additional UCMDB Server, select Connect to an existing schema, and provide the details of the schema you created for the first UCMDB Server.

    For details on installing UCMDB Servers, see Installing the UCMDB Server - Installation.

    Note:  

    • The machines used for all of the UCMDB Servers in the cluster should have similar hardware (and the same amount of memory) and should be running the same operating system.

    • UCMDB Servers in the cluster must work on the same port number for HTTP, HTTPS, and so on. You cannot configure the two UCMDB Servers to work on different ports.

    • If you are working in an IPv6-only environment, ensure that the UCMDB Server machines are configured for IPv6.

      1. In the wrapper.conf file, locate the following line:

        wrapper.java.additional.<#>=-Djava.net.preferIPv4Stack=true

      2. If it is not commented out, then comment it out.
  2. Complete the Server Startup

    1. If the first UCMDB Server (preferably the writer server) is not started, start the process. Wait until the startup process is complete.

    2. Copy the <UCMDBServer>/conf folder from the first server (the writer) to the other servers.

    3. Start the other UCMDB Servers.

  3. Configure the Load Balancer

    The load balancer is used to balance load sent to the UCMDB Servers in the cluster. Configure the load balancer as follows:

    1. Configure VIP addresses. On the load balancer:

      • Configure a Cluster VIP address to send requests to the whole UCMDB Server cluster.

      • Configure a Writer VIP address to send requests to the Writer only (for Universal Discovery only).

      Note: Keep a note of the defined VIP addresses.

      • When defining the communication settings between the UCMDB Server and the Data Flow Probes, always use the Writer VIP address when prompted for the UCMDB Server name.

      • When defining the communication settings between the UCMDB Server and other applications, always use the Cluster VIP address when prompted for the UCMDB Server name.

    2. Configure two identical pools of backend servers that represent all of the UCMDB Servers in the cluster. The two pools will be monitored by different health monitors. One pool will be sent requests that are intended solely for the Writer server (only for Universal Discovery), and the other pool will be sent requests that can be processed by any server in the cluster.

    3. Configure the health monitors (keepalive addresses). The health monitors check for the keepalive page of each of the UCMDB Servers.

      • Configure the following URL for the Cluster VIP address:

        /ping/

      • Configure the following URL for the Writer VIP address:

        /ping/?restrictToWriter=true

      • Possible responses from both of these URLs are Up or Down with http response codes 200 OK or 503 Service unavailable respectively.

        The expected response should be Up.

        For more details, see How to monitor High Availability cluster with endpoint /ping below.

    4. Connect the health monitors to the respective UCMDB Server pools configured above.

    5. Configure "session stickiness" on the load balancer:

      1. Configure the load balancer to insert cookies to the responses sent back to UCMDB clients.

        Using the Insert method, add a persistence profile of type cookie for each VIP address.

        Note: The cookie name and value are unimportant, as long as the load balancer knows how to maintain stickiness with the cookies it sends out.

      2. Important! Since F5 BIG-IP adds a session cookie only to the first request per connection to the server, you must do the following:

        1. Log into UCMDB.

        2. Go to Administration > Infrastructure Settings, and change the Force connection closing for SDK clients to true.

          When this setting is set to true, the UCMDB SDK clients add a Connection:close header to each authentication request and class download request sent to the server. This way the load balancer will think this is a first request in a connection and add the session cookie to the response.

        Note: This is relevant to load balancers which, like F5 BIG-IP version 10.x, add a session cookie to the first request per connection to the server only.

        If the load balancer you are using adds a session cookie to every response, Force connection closing for SDK clients should be set to false (as is the default). In this case, setting it to true can lead to a decline in system performance.

    6. If the VIP is configured to accept secure connections and the load balancer forwards the requests to the UCMDB servers over HTTP, you must configure redirect rewrites. In the F5 UI, configure the HTTP profile associated with the VIP to rewrite all redirects by enabling the following option: Redirect Rewrite select All.

    Note: If the load balancer is configured to forward requests to backend over HTTP, an extra setting is required to be done on the load balancer. The load balancer admin should configure the load balancer to rewrite the Location header to correctly point to the load balancer URL. This needs to be done for HTTP connections that go to the jmx-console. This can be achieved through a regular expression like the following:

    (https:\/\/(.*)):(\d*)(.*) \1\4

    where the yellow part is the matching part and the green part is the replacing part.

  4. Configure Data Flow Probes

    When you install a Data Flow Probe, use the load balancer's Writer VIP address when defining the Universal CMDB Server name.

    If you already have a Data Flow Probe installed:

    1. Stop the Probe.

    2. In the /opt/UCMDB/DataFlowProbe/conf/DataFlowProbe.propertiesc:\UCMDB\DataFlowProbe\conf\DataFlowProbe.properties file, change the serverName attribute to point to the Writer VIP address.

    3. Restart the Probe.

 

How to monitor High Availability cluster with endpoint /ping

The endpoint /ping allows monitoring of the High Availability cluster. So far the endpoint could be configured to ask for the status of:

  • entire cluster (writer + readers)
  • only writer

The restrictToReader parameter was added to the aforementioned endpoint that returns the status of only the readers in the cluster.

To configure this, the endpoint /ping should be called with the following parameter: restrictToReader=true

For example, /ping:8443?restrictToReader=true

Note: In case both restrictToWriter and restrictToReader parameters are present and have the value set to true, for example,

/ping:8443?restrictToReader=true&restrictToWriter=true

Only the parameter restrictToWriter will be taken into account.

As a best practice for deployments that rely heavily on UCMDB Browser, we recommend the use of a UCMDB HA Cluster with at least three nodes (one writer and two readers).

For this type of deployment, we recommend that two virtual IPs are created on the load balancer:

  • One that points only to the writer, the endpoint for health check is: <UCMDB_URL>/ping?restrictToWriter=true
  • In case that the cluster contains 2 or more reader servers, one endpoint that points to all the reader servers. The endpoint for health check is: <UCMDB_URL>/ping?restrictToReader=true

  • In case that the cluster contains 1 reader server, one endpoint that points to all the servers (reader and writer). The endpoint for health check is: <UCMDB_URL>/ping

The health check endpoint will return:

  • status code 200 and the payload "Up" if the application is started successfully.
  • status code 503 and the payload "Down" if the application is not yet fully started.

Note that other elements can affect the health check process, in this case the load balancer can get an error similar to "Connection refused".

Set up a high availability UCMDB Server and UCMDB Browser Environment with F5 BIG-IP Load Balancer and WebSEAL Reserve Proxy

This end-to-end use case describes how to set up a high-availability UCMDB and UCMDB Browser environment with F5 BIG-IP load balancer and WebSEAL reverse proxy.

Note: Product versions used in this end-to-end use case:

  • F5 BIG-IP version 13.00 Build 0.0.1645 Final
  • WebSEAL version 8.0.1.0
  • UCMDB version 11.0
  • UCMDB Browser Standalone version 11.0

The diagram below illustrates the overall architecture of the environment we will set up.

This case contains the following key tasks:

  1. UCMDB Server configuration
  2. F5 load balancer configuration
  3. WebSEAL reverse proxy configuration
  4. UCMDB Browser configuration

UCMDB Server configuration

  1. Prerequisites

    1. You have installed the UCMDB Server and UCMDB Browser.
    2. (Optional) You have set up high availability mode by following the instructions in the Deployment Guide: "Set Up High Availability Mode".

  2. Export the out-of-the-box UCMDB server keystore to a cert file

    If using the out-of-the-box (OOTB) UCMDB cert, export it for later use.

    To export the UCMDB server keystore (server.keystore) to a cert file (server.cert), do the following:

    1. Open the command prompt and run the following command:

      C:\UCMDB\UCMDBServer\bin\jre\bin\keytool.exe -export -alias <certificate alias> -keystore <Keystore file path> -file C:\UCMDB\UCMDBServer\conf\security\server.cert

      where:

      • certificate alias is the name given to the certificate.

      • Keystore file path is the full path of the location of the keystore file.

      For example, for the out-of-the-box server.keystore use the following command:

      C:\UCMDB\UCMDBServer\bin\jre\bin\keytool.exe -export -alias hpcert -keystore C:\ucmdb\ucmdbserver\conf\security\server.keystore -file C:\UCMDB\UCMDBServer\conf\security\server.cert

      Note: If self-signed certificate is not used, but a company generated certificate, use the following command to get the alias for this certificate:

      C:\UCMDB\UCMDBServer\bin\jre\bin\keytool.exe -list -keystore c:\ucmdb\ucmdbserver\conf\security\server.keystore

      Keystore type: JKS

      Keystore provider: SUN

      Your keystore contains 1 entry.

      <alias>, 14 Sept. 2012, PrivateKeyEntry.

      Certificate fingerprint (SHA1): 2A:52:DF:17:D9:A5:37:2D:1F:1D:BA:4B:41:46:33:A8:18:42:5B:D7

      The alias will look like: {45789-15478-1236-7895}

      Use this alias to export the certificate.

    2. Enter the keystore password.

    3. Verify that the certificate was created in the following directory: C:\UCMDB\UCMDBServer\conf\security\server.cert

    4. Convert the generated JKS file into PKCS12 format using UCMDB key tool keytool.exe (located in the <UCMDBServer>\bin\jre\bin directory). (WebSEAL requires PKCS12 format cert.)

      Run the following command:

      C:\UCMDB\UCMDBServer\bin\jre\bin\keytool.exe -importkeystore -srckeystore server.keystore -destkeystore server.p12 -srcalias <source serverkey> -destalias <target serverkey> -srcstoretype jks -deststoretype pkcs12 -srcstorepass <keystore password> -deststorepass <keystore password> -noprompt
      

      The server.p12 file is the resulting PKCS12 format cert.

  3. (Single Sign-On only) Set IDM User Name

    1. Go to UCMDB server JMX console.
    2. Locate the setUserName JMX operation under the UCMDB-UI:name=LW-SSO Configuration category.
    3. Provide the following parameter values for the setUserName JMX method:

      • Is inbound handler enabled: True
      • LW-SSO IDM User Name: <The real value for the IDM user name>. For example, iv-user (if you are using LDAP with user iv-user).
    4. Click Invoke.
  4. Set UCMDB Browser URL

    1. In UCMDB UI, go to Administration > Infrastructure Settings Manager.
    2. Locate the UCMDB Browser URL infrastructure setting, and set the value to your WebSEAL URL.

F5 load balancer configuration

  1. Make sure you have a working F5 BIG-IP load balancer environment.
  2. Log in to the F5 BIG-IP load balancer environment.
  3. Make sure you have created the following in the F5 BIG-IP load balancer environment (Local Traffic > Virtual Servers > Nodes|Pools):

    • A node for each of the virtual machines on which UCMDB server and/or UCMDB Browser are running.
    • A pool that contains all the above nodes.
  4. Import the UCMDB CA cert/key into F5.

    1. In the navigation pane, go to Main > System > Certificate Management.
    2. Click Import .
    3. In the SSL Certificate/Key Source page, select Import Type:

      • When selecting Certificate, do the following:

        • Certificate Name: Keep Create New selected and provide the certificate name.
        • Certificate Source: Keep Upload File selected, click Browse... to select the UCMDB server.cert file you exported earlier.
      • When selecting Key, do the following:

        • Key Name: Keep Create New selected and provide the key name.
        • Certificate Source: Keep Upload File selected, click Browse... to select the UCMDB key file.
    4. Click Import .
  5. Add UCMDB CA cert/key to Certificate Key Chain.

    1. In F5, go to Local Traffic > Virtual Servers > Profiles > SSL.

    2. Select and click an existing UCMDB cert profile.

      Note: Create a SSL profile for HTTPS by clicking Create if you do not have one.

    3. Go to the Certificate Key Chain configuration setting, click Add .

    4. In the Add SSL Certificate to Key Chain dialog, select or provide values for the following settings as appropriate and click Add :

      Certificate: Select the UCMDB certificate file.

      Key. Select the UCMDB key.

      Chain. Select the UCMDB chain.

      Passphrase. Provide a pass phrase.

  6. Create a cookie-based persistence profile.

    1. In F5, go to Local Traffic > Virtual Servers > Persistence, and click Create .
    2. Select Cookie for Persistence Type and provide a name for the persistence profile.
    3. Click Finished.
  7. Create a virtual server.

    1. In F5, go to Local Traffic > Virtual Servers, and click Create .
    2. Specify values the following settings:

      • Configuration > HTTP Profile: http
      • Configuration > SSL Profile (Client): Select the UCMDB cert you imported in step 5 from the Available column and add it into the Selected column.
      • Configuration > Source Address Translation: Auto Map (If you select SNAT, make sure you configure SNAT related settings properly)
      • Resources > Default Persistence Profile: Select the persistence profile you created in step 6.
    3. Provide values for other settings as appropriate.
    4. Click Finished.

WebSEAL reverse proxy configuration

  1. Configure WebSEAL reverse proxy by following IBM official documentation: IBM Security Access Manager (ISAM) Reverse Proxy Scenario.

    Important: During the configuration, in the Identity tab of the Edit a Standard Junction window, make sure you set the following settings as described below:

    • Junction Cookie: Leave the checkbox unselected
    • Include session cookie: Select the checkbox
    • HTTP Basic Authentication Header: For UCMDB Browser and RESTful API authentication to work properly, select Ignore from the dropdown list.

    • (Optional) HTTP Header Identity Information: Select IV-USER if you are using LDAP with user iv-user.

  2. Import UCMDB cert (OOTB or self-signed).

    1. In IBM Security Access Manager, go to Manage > Secure Settings > SSL Certificate.
    2. Go to Manage > Edit SSL certificate database menu option, and select pdsrv.
    3. Go to the Personal Certificates tab, check if the OOTB UCMDB cert (for example, ucmdbcert) is already listed in this tab.
    4. If no, select Manage > Import from the menu.

      Provide the self signed certificate from the UCMDB Browser/UCMDB Server or the OOTB UCMDB cert.

      Make sure the cert type is PKCS12. If not PKCS12, you may need to convert it to PKCS12 from JKS.

      Note: The OOTB UCMDB cert can be converted to PKCS12 using UCMDB key tool keytool.exe (located in the <UCMDBServer>\bin\jre\bin directory). For the conversion command, see step 2.d in UCMDB Server configuration.

UCMDB Browser configuration

  1. Configure the ucmdb_browser_config.xml file.

    1. Open the ucmdb_browser_config.xml file (located in the <UCMDB_Browser_install_dir>\conf folder) using a text editor.
    2. Set the <hostname> parameter value to the VIP that you set in F5.
    3. Set the <host_port> parameter to the Port that you set in F5.
    4. (Single Sign-on only) If you are using LDAP with user iv-user, locate the <webui> tags, then the <validation> tags, copy and paste the following into the file:

      <in-ui-identity-management>
          <identity-management> 
              <userNameHeaderName>iv-user</userNameHeaderName> 
          </identity-management>
      </in-ui-identity-management>
      
    5. Save the file.
  2. Create and configure a credentials file.

    1. Create a credentials.txt file and put it in the same directory as the ucmdb_browser_config.xml file.
    2. In the file credentials.txt, enter the following content:

      • user=UISysadmin
      • password=<your-password>
    3. Save the file.

Verify the configured environment works

To do so, log in to any of the following:

Environment Login URL Remarks
WebSEAL https://<WebSEAL URL>:<port><WebSEAL Junction> Including UCMDB Browser, UCMDB server, and API
F5 https://<VIP>:<port> Including UCMDB Browser and UCMDB server
UCMDB Browser https://<UCMDB Browser IP address>:<port>  
UCMDB Server https://<UCMDB Server IP address>:<port>  

Set Up a Standalone Solr Environment

  1. Download Apache Solr 6.2.1 (or a later version) from http://archive.apache.org/dist/lucene/solr/, and then extract the package to a local folder.
  2. Create and configure the Solr home. To do this, follow these steps:

    1. Create a directory that will be the Solr home.
    2. Copy the solr.xml file under the <UCMDB_Server_Home>\search\solr_dp folder to the Solr home.
    3. Create the following folder structure in the Solr home:

      configsets\ucmdb_configs\conf

    4. Copy the following files from the <UCMDB_Server_Home>\search\solr_dp\configsets\ucmdb_configs\conf folder to the <Solr_home>\configsets\ucmdb_configs\conf folder:

      • mappings.txt
      • protwords.txt
      • schema.xml
      • solrconfig.xml
      • stopwords.txt
      • stopwords_en.txt
      • synonyms.txt
  3. Start Solr.

    To do this, go to the <Solr_install_dir>\bin directory in a command prompt, and then run the following command:

    solr start -s <Solr_home>

    Note:  

    • <Solr_install_dir> is the directory where the Solr package is extracted. <Solr_home> is the full path to the Solr home you created in Step 2.a.
    • To check if Solr is started, go to http://localhost:8983/solr, which is the URL for Solr dashboard.
    • To stop Solr, run the solr stop -all command in the same directory.
  4. Add the following settings into <UCMDB_Server_Home>\conf\settings.override.properties.

    cmdb.search.solr.standalone=true

    cmdb.search.solr.standalone.url=http://localhost:8983/solr

    Note: The value for cmdb.search.solr.standalone.url should be the URL verified in Step 3.

  5. Increase Solr memory size.

    By default Solr allocates only 512MB RAM. You might need to increase this setting, depending on the server’s RAM and other processes that run on the same server.

    To increase Solr memory size,

    1. Open the following file using a text editor:

      Windows: <UCMDB_install_dir>\solr\bin\solr.in.cmd

      Linux: <UCMDB_install_dir>/solr/bin/solr.in.sh

    2. Locate the following setting and increase the setting to a desired value:

      • Windows:

        set SOLR_JAVA_MEM=-Xms512m -Xmx2048m

        where Xms is the initial amount, Xmx is the total amount of memory allocated.

      • Linux:

        SOLR_JAVA_MEM="-Xms512m -Xmx2048m"
    3. Save the file.
  6. Restart the UCMDB Server.

Note: In a High Availability environment, all the UCMDB servers have to be connected to the same standalone Solr.

Set Up a Solr HA Cluster Based on Zookeeper

To deploy Solr HA cluster based on Zookeeper, follow these steps:

  1. Install the Apache Zookeeper. To do this follow these steps:

    1. Download Apache zookeeper 3.4.6 (https://archive.apache.org/dist/zookeeper/zookeeper-3.4.6/).

    2. Unzip the downloaded package.

      The path where you unzip the package will be later referred as <zookeeper_install_dir>.

    3. Go to the <zookeeper_install_dir>\conf folder and rename the zoo_sample.cfg file to zoo.cfg.

    4. Open the zoo.cfg file using a text editor.

      1. Locate the dataDir property in line 12.
      2. Set its value to a folder of your choice.

        Example: dataDir=D:/zookeeper/dataDir

      3. At the end of the file, add the IP to which you want Zookeeper to listen.

        Example:

        clientPortAddress=192.168.168.68

        Otherwise Zookeeper will listen to 0.0.0.0:2181 by default.

      4. Save the file.
    5. Go to the <zookeeper_install_dir>\bin folder and start the zookeeper by executing the following from the command line:

      Windows:zkServer.cmd

      Linux:zkServer.sh start

      Now zookeeper is running at HTTP://<zookeeper_ip>:<zookeeper_port> (You can change the port in the zoo.cfg file).

  2. Install Solr in cloud mode. To do this follow these steps:

    1. Download Solr 6.2.1 distribution (http://archive.apache.org/dist/lucene/solr/6.2.1/) on a different machine from the zookeeper.

      Note: Solr 6.2.1 requires JAVA 8.

      JAVA_HOME needs to be set as a system path or environment variable.

    2. Unzip the downloaded package.

    3. Create a directory where Solr is to be located and used as a running directory. You can call this directory <Solr_installDir>. Example: D:\Solr\6.2.1

      1. Copy the contents of the Solr package into this directory.

      2. Go to the <UCMDB_Server>\search\solr_dp directory and copy the solr.xml file and the configsets directory file to <Solr_installDir>.

    4. Start Solr in cloud mode:

      1. To start Solr in cloud mode, execute the following command from the bin folder:

        bin/solr start -cloud -s <Solr_installDir> -p 8987 -z <zookeeper_ip>:<zookeeper_port>

        Examples:

        solr start -cloud -s "D:\Solr\6.2.1\index\solr -p 9999 -z myzookeeper:2181
        solr start -cloud -s "D:\Solr\6.2.1\index\solr -p 9999 -z 16.66.166.166:2181

        Now Solr is started in cloud mode and it is connected to the zookeeper.

    5. On a different machine, install another Solr and connect to the zookeeper in the same way.

      After this you have a Solr cloud cluster up and running with 1 zookeeper and 2 Solr nodes.

    6. You can extend Solr cloud culster by adding more Solr machines to the zookeeper.

  3. Configure UCMDB for Solr cloud. To do this follow these steps:

    1. Go to the UCMDB server JMX console > UCMDB:service=Topology Search Services.
    2. Locate the setupSolrCloudConfiguration operation.
    3. Provide values for the parameters and make sure that the setup meets both of the following requirements:

      • numberOfShards * replicationFactor) % numberOfNodes == 0
      • numberOfShards * replicationFactor) / numberOfNodes == maxShardsPerNode
    4. Click Invoke.
    5. Restart UCMDB server.

      UCMDB server will create the index in Solr based on the configurations you provided in the JMX console.

    Note:  

Example

Below is an example of how the index will look like for a UCMDB with 2 customers with the following Solr cloud configuration:

Solr Cloud Configuration:
Number of nodes: 2
Number of shards: 2
Replication Factor: 2
Zookeeper URL: 16.66.166.166:2181
Is Solr Cloud enabled: true

You can see that the there are 2 indexes, one for each customer, customer1 and customer2.

Each index is split into 2 shards, with shard 1 being on the Solr machine 16.66.66.66:9999 and replicated on Solr machine 16.66.66.66:8888. Shard 2 is also present on both machines. So if a Solr machine shuts down, the index will still be available from the other one, and the users can still perform searches.

Uninstalling UCMDB

  1. To uninstall Universal CMDB:

    Windows
    1. On the UCMDB Server machine, select Start > All Programs > UCMDB > Uninstall Universal CMDB Server.

      The Uninstall Universal CMDB Server wizard opens. Click Uninstall.

    2. The Remove Configuration Files dialog box opens. Select whether or not to remove the server configuration files.

    3. If UCMDB has an embedded PostgreSQL database, the Remove PostgreSQL Directory dialog box opens. Select whether or not to remove the embedded (local) PostgreSQL database file.

    4. When uninstall is complete, a confirmation message is displayed. Click Done to complete the uninstall process.

    Linux
    1. On the UCMDB Server machine, execute the Uninstall_UCMDBServer script from the UninstallerData subfolder of the Installation folder.

      From the same location, select Uninstall to uninstall the Universal CMDB Server.

    2. The Remove Configuration Files dialog box opens. Select whether or not to remove the server configuration files.

    3. If UCMDB has an embedded PostgreSQL database, the Remove PostgreSQL Directory dialog box opens. Select whether or not to remove the embedded (local) PostgreSQL database file.

    4. When uninstall is complete, a confirmation message is displayed. Click Done to complete the uninstall process.

  2. To uninstall a Data Flow Probe:

    Windows

    Note: The probe auto upgrade mechanism supports upgrading Data Flow Probes on Windows directly for versions 10.22 (with or without a CUP) and later (union and non-FIPS mode). Only for probes of unsupported versions, you need to uninstall the old version and then install the latest version manually.

    On the machine where the Probe is installed:

    1. Stop the Probe: Start > All Programs > HP UCMDB > Stop Data Flow Probe

    2. Uninstall the Probe: Start > All Programs > HP UCMDB > Uninstall Data Flow Probe. When the Probe has finished being uninstalled, delete the folder that contained the Probe:

      Version 10.33 or earlier: C:\hp\UCMDB\DataFlowProbe

      Version 11.0: C:\UCMDB\DataFlowProbe

    Linux

    On the machine where the Probe is installed:

    1. Stop the Probe:

      Version 10.33 or earlier: /opt/hp/UCMDB/DataFlowProbe/bin/ProbeGateway.sh stop

      Version 11.0: /opt/UCMDB/DataFlowProbe/bin/ProbeGateway.sh stop

    2. Uninstall the Probe. Do one of the following:

      • In shell, execute:

        Version 10.33 or earlier: sh /opt/hp/UCMDB/DataFlowProbe/UninstallerData/Uninstall_Discovery_Probe

        Version 11.0: sh /opt/UCMDB/DataFlowProbe/UninstallerData/Uninstall_Discovery_Probe

      • Double-click the Uninstall_Discovery_Probe file in the file system.

      • Delete the /opt/hp/UCMDB/DataFlowProbe/ folder (for version 10.33 or earlier) or /opt/UCMDB/DataFlowProbe/ (for version 11.0).

Upgrading UCMDB - Introduction

The instructions that follow explain how to upgrade UCMDB 10.xx to UCMDB 11.0.

The table below describes supported upgrade paths for the CMS products:

Supported Upgrade Paths

Supported Upgrade Paths

CMS product supporting upgrades
UCMDB
11.0
Data Flow Probe 11.0 Configuration Manager 11.0 [1] UCMDB Browser Standalone 11.0 [5]
10.20 (with or without a CUP) → 11.0 Yes No Yes [2] Yes
10.21 (with or without a CUP) → 11.0 Yes No Yes [2] Yes
10.22 (with or without a CUP) → 11.0 Yes Yes [3] Yes [2] Yes
10.2x FIPS → 11.0 FIPS [4] No No No No

10.3x → 11.0

Yes

Yes [3]

Yes

Yes

10.3x FIPS → 11.0 FIPS [4]

No

No

No

No

11.0 full installer

Yes

Yes Yes Yes

Note:  

  1. Version 11.0 of the Micro Focus Configuration Management System includes a new release for UCMDB Configuration Manager (CM) identified as version 11.0. However, this release contains no new features and is based on the prior CM 10.23 release. You can use CM 11.0 in tandem with UCMDB 11.0.

  2. If you have any version of Configuration Manager earlier than 10.01 installed, you must upgrade to version 10.01, then to 10.10, then to 10.20, then to 10.22, and then apply 10.22 CUP6 (or a later CUP), then to 10.23, then to 11.0, and then to 2018.05 before upgrading to version 11.0. For details on upgrading Configuration Manager to version 10.01 and later, see the interactive Universal CMDB Deployment Guide for version 10.01 and later, available from the Micro Focus Support site (https://softwaresupport.softwaregrp.com).

  3. Automatic upgrade of Data Flow Probe to version 11.0 is supported on Windows platform only. For details, see .

    Note that automatic upgrade of Data Flow Probe to version 11.0 is not applicable to the following:

    • FIPS mode probes
    • Separate mode probes
    • Probes on Linux machine
    • Integration service

    • Two probes installed on a same Windows machine
  4. Version 11.0 does not support FIPS mode. Do not upgrade if your environment is in FIPS mode.
  5. Before upgrading UCMDB Browser to version 11.0, make sure you have already upgraded UCMDB server to version 11.0.
  6. Downgrade of any of the above products is not supported.

Note:  

  • Please read through the entire procedure that follows before commencing the upgrade process.

  • Upgrading from UCMDB 10.xx to UCMDB 11.0 may take several hours.

    You can follow the progress of the upgrade in the following log files (located in the c:\hp\UCMDB\UCMDBServer\runtime\log/opt/hp/UCMDB/UCMDBServer/runtime/log folder):

    • servicepack.install.log
    • upgrade.short.log
    • upgrade.detailed.log
  • UCMDB 11.0 requires Content Pack version 26 to work properly.

Important:  

  • Before the upgrade, make sure that all Data Flow Probe related command line windows and probe related folders are closed. Otherwise when the probe auto upgrade agent backs up probe folders, backing up of those files may fail as they are occupied.
  • Version 11.0 does not support FIPS mode. Do not upgrade if your environment is in FIPS mode.
  • When you perform a fresh install of UCMDB 11.0 or upgrade UCMDB to version 11.0, by default there are no composite indexes with the CMDB_ID as a key column in Oracle database (ROOT tables) or Microsoft SQL databases (ROOT and CDM tables). This is an optimization introduced in version 10.30. While it increases the speed of data-in, the data consumption becomes slower.

Caution: If you have defined LDAP servers in your system, before upgrading from version 10.2x to version 11.0, make sure you mark the LDAP settings as sensitive, then change the master key, and then proceed with the upgrade.

For details, see "How to Mark Sensitive Settings and Enable Storing Encrypted Data in the Database Using JMX" and "How to Set Master Keys" in the Universal CMDB JMX Reference Guide.

Upgrading UCMDB - Best Practices

  • The following diagram may help you understand the overall UCMDB server and Data Flow Probes upgrade process:

  • It is recommended that you back up your original environment (UCMDB Server and database) prior to upgrading your environment.

  • If you enabled HTTP communication for UCMDB server before the upgrade, or you are upgrading UCMDB server from a version earlier than 10.30, after you have upgraded the UCMDB server to version 11.0 successfully, make sure you enable HTTP communication and change the master key before you restart the UCMDB server for the probe auto upgrade agent to perform probe auto upgrade.
  • It is recommended, prior to upgrading your environment, to clone your original environment (UCMDB Server and database) to a new environment and perform the upgrade on the cloned environment. This way, the original server can continue to be up and running during the upgrade procedure. Performing the upgrade on a cloned database also enables you to deal with upgrade issues while not affecting the down time of the original server.

    Once everything is up and running on the upgraded cloned environment, you can upgrade the original Server, and then connect it to the database on the upgraded cloned environment.

    In summary:

    1. Clone the original (current) environment.

      Note: It is strongly recommended, after the database schema has been cloned, not to make any changes on the original environment as those changes will not be migrated to the upgraded environment.

    2. Upgrade the cloned environment to 11.0.
    3. Once everything is up and running on the upgraded cloned environment, disconnect the original Server and database, and uninstall the UCMDB Server from the original machine.
    4. Disconnect the Server and the database on the upgraded cloned environment.
    5. Install UCMDB 11.0 on the original machine, connecting it to the cloned 11.0 database.

Upgrading UCMDB - Upgrade Duration Summary

This section provides estimated upgrade durations, based on tested environments. Upgrade durations will vary depending on your hardware configuration, UCMDB data set, and database performance.

DB Server Upgrade Path Upgrading Server
RAM
Upgrading Server OS # of CIs # of Links # of History Events # of TQLs Upgrade Time
(minutes)
Oracle 11G 10.11 CUP5 → 11.0 4GB Windows 2008 R2 Enterprise 20K 30K N/A 766 40
MSSQL 2016 EE 10.22 CUP2 → 11.0 8GB Windows 2012 SP1 Standard 556K 536K N/A 1835 70
Oracle 12C 10.31 → 11.0 12GB Windows 2012 R2 Standard 265K 432K N/A 4606 60

Upgrading UCMDB - Save Modified Integration (Federation) Adapters

For all out-of-the-box adapters: If you modified adapter configurations in your current version, it is strongly recommended that you save all adapter files before starting the upgrade. After the upgrade, you will need to make the same changes to the relevant adapters.

For example, if you have an adapter default template, copy aside the relevant part of the adapter XML (the tag “<adapterTemplates>”). After the upgrade, you will copy this tag back to the XML of the relevant adapter.

Note: All adapters must be compatible with the new Universal Data Model. If you made changes to existing out-of-the-box adapters, you must make the same changes to the adapter files in version 11.0.

Upgrading UCMDB - Save the Encryption Key

UCMDB uses the encryption key to encrypt credential information and to send sensitive credential information to the Data Flow Probes. For security reasons, this encryption key is stored on the file system, and not in the database.

Back up the encryption key that is on the UCMDB Server. The encryption key is located in:

C:\hp\UCMDB\UCMDBServer\conf\discovery\key.bin

/opt/hp/UCMDB/UCMDBServer/conf/discovery/key.bin

Note: When upgrading version 10.xx to 11.0 on the same machine, the original file remains on the machine, and the backup is necessary in case the file is lost during the process.

When upgrading version 10.xx to 11.0 on a clean machine, this file does not exist on the new machine and must be copied to the new machine after installing UCMDB on the clean machine.

Upgrading UCMDB - Back up the Secure Keystore

Back up the C:\hp\UCMDB\UCMDBServer\conf\security/opt/hp/UCMDB/UCMDBServer/conf/security folder.

Upgrading UCMDB - Save JMX Hardening Configuration

If the Java JMX access hardening was performed:

  1. Edit the file permissions for the following file, so that the user you are logged in with can edit it:

    C:\hp\UCMDB\UCMDBServer\bin\jre\lib\management\jmxremote.password

    /opt/UCMDB/UCMDBServer/bin/jre/lib/management/jmxremote.password

  2. Save the file outside of the UCMDB installation folder.

Upgrading UCMDB - Uninstall the Data Flow Probes

To uninstall a Data Flow Probe:

Windows

Note: The probe auto upgrade mechanism supports upgrading Data Flow Probes on Windows directly for versions 10.22 (with or without a CUP) and later (union and non-FIPS mode). Only for probes of unsupported versions, you need to uninstall the old version and then install the latest version manually.

On the machine where the Probe is installed:

  1. Stop the Probe: Start > All Programs > HP UCMDB > Stop Data Flow Probe

  2. Uninstall the Probe: Start > All Programs > HP UCMDB > Uninstall Data Flow Probe. When the Probe has finished being uninstalled, delete the folder that contained the Probe:

    Version 10.33 or earlier: C:\hp\UCMDB\DataFlowProbe

    Version 11.0: C:\UCMDB\DataFlowProbe

Linux

On the machine where the Probe is installed:

  1. Stop the Probe:

    Version 10.33 or earlier: /opt/hp/UCMDB/DataFlowProbe/bin/ProbeGateway.sh stop

    Version 11.0: /opt/UCMDB/DataFlowProbe/bin/ProbeGateway.sh stop

  2. Uninstall the Probe. Do one of the following:

    • In shell, execute:

      Version 10.33 or earlier: sh /opt/hp/UCMDB/DataFlowProbe/UninstallerData/Uninstall_Discovery_Probe

      Version 11.0: sh /opt/UCMDB/DataFlowProbe/UninstallerData/Uninstall_Discovery_Probe

    • Double-click the Uninstall_Discovery_Probe file in the file system.

    • Delete the /opt/hp/UCMDB/DataFlowProbe/ folder (for version 10.33 or earlier) or /opt/UCMDB/DataFlowProbe/ (for version 11.0).

Upgrading UCMDB - Upgrade the Server

Caution:  

  • Apart from the out-of-the-box (OOTB) files, DO NOT ADD any additional resources into the <UCMDB_Server_Home>\deploy directory. Because UCMDB will try to deploy every file from this location, which may cause the ucmdb-browser.war file not deployed completely, and as a result the UCMDB Browser will fail to start.

  • Close all UCMDB server folders and files before the upgrade, and DO NOT open or access any of those folders and files during the upgrade.

    During the upgrade, UCMDB server folders and files will be modified or overwritten by the installer wizard. Opening or accessing (for example, access through command) any of those folders or files during the upgrade may result in upgrade failure.

    In case of such upgrade failure, to restore the server, copy the entire content of the C:\hp\UCMDB\UCMDBServer\old folder into the C:\hp\UCMDB\UCMDBServer folder. Then you can continue to use the server or to perform another upgrade.

Note: The following settings are backed up during the server upgrade, and restored after the upgrade:

  • All customized settings, which are saved to the settings.override.properties file
  • Oracle Advanced Security Option (ASO) settings

In case you want to check those settings, you can go to the <UCMDBServer>\old\conf folder. Backup copy of the above settings are saved to this folder during the server upgrade.

  1. Stop the UCMDB 10.xx Server.

    Note:  

    • High-availability environment: If your current environment is a high-availability environment, stop all the UCMDB Servers in the UCMDB Server cluster.
    • Standalone environment: If the UCMDB Integration Service is running, stop the service.

  2. Run the UCMDB 11.0 installer.

    1. Locate the UCMDB executable file: UCMDB_Server_11.0.exe, and double-click it to open the splash screen.

      Note: If you get a message that the digital signature is not valid, you should not install UCMDB. In this case, contact Micro Focus Support.

      Locate the UCMDB executable file: UCMDB_Server_11.0.bin, and run the following executable:

      sh <the path to the installation file>/UCMDB_Server_11.0.bin

    2. Choose the locale language and click OK.

    3. The Introduction page opens. Click Next.

    4. The License Agreement page opens. Accept the terms of the end-user license agreement and click Next.

    5. On the Select Installation Folder page, make sure you select the existing UCMDB 10.xx installation folder and click Next.

    6. On the Select Installation Type page of the installer, select Update from 10.x or 10.x CUP and click Next.

      A message pops up, reminding you that upgrading UCMDB to version 11.0 requires migration of existing Universal Discovery licenses to units.

      Important: Before you can proceed with the upgrade, you must do the following: 

      • Access the Support Entitlement Portal to convert any MDR and ACM licenses you own to the format required by 11.0. This can be done by you and does not require any help from Micro Focus teams.
      • Contact the Software Sales Assist team (sw_ssa@microfocus.com) to begin the migration of your UD Full and UD Inventory OSI licenses to units.

      Click OK.

    7. On the Install Data Flow Probe page, select one of the following:

      • Automatically update Data Flow Probe with the new version

        Select this option if the existing probes that report to the UCMDB server are of version 10.22 or later (with or without a CUP, union and non-FIPS mode on Windows machine). For supported upgrade paths, see Upgrading UCMDB - Introduction. For more details about Data Flow Probe auto upgrade, see "Data Flow Probe Upgrade Overview" in the Data Flow Management section of the UCMDB Help.

        If you do not choose this option now, but still want to leverage the probe auto upgrade feature after the UCMDB server upgrade, then when you have finished upgrading the UCMDB server, you can go to <UCMDB_Server>\content\probe_patch and copy the probe-patch-11.0-windows.zip package to the <UCMDB_Server>\runtime\probe_upgrade directory. Then restart the UCMDB server. UCMDB server will then perform probe auto upgrade.

      • Update the Data Flow Probe manually

        Select this option if the probes that report to the UCMDB server in your environment are on Linux or of versions not supported for auto upgrade. When you have finished upgrading the UCMDB server to version 11.0, you can uninstall the old version probe first, and then install version 11.0 probe manually. For details, see Data Flow Probe - Upgrade Overview.

    8. On the Deploy Content Pack page, select to deploy Content Pack 26 and click Next.

    9. Specify the passwords to be used for keystore and truststore:

      • On the Set Up Keystore Password page, enter the password that you want to use for the keystore, and then enter the password again to validate it.
      • On the Set Up Truststore Password page, enter the password that you want to use for the truststore, and then enter the password again to validate it.

      Note:  

      • The keystore/truststore passwords setup will only be present if default passwords are used. If custom passwords are already in use, the wizard will not ask for them again.

      • The installer encrypts the above keystore/truststore passwords you provided in a newly generated file server-storepass.conf.
      • The keystore/truststore passwords must follow the password policy below:

        The password must contain 8 to 16 characters and include at least one of each of the following four types of characters:

        • Uppercase alphabetic characters
        • Lowercase alphabetic characters
        • Numeric characters
        • Special characters: :/._+-[]
    10. On the Summary page, click Install to start the installation.

    11. When the installation completes, click Done.

    Note: When upgrading from 10.xx to 11.0, it is not necessary to run the Server Configuration wizard because the system uses the schemas from the 10.xx installation.

  3. If you imported SSL certificates in UCMDB 10.xx, extract the certificates from

    C:\hp\UCMDB\UCMDBServer\old

    /opt/hp/UCMDB/UCMDBServer/old

    and import them into

    C:\hp\UCMDB\UCMDBServer\bin\jre\lib\security\cacerts

    /opt/hp/UCMDB/UCMDBServer/bin/jre/lib/security/cacerts

    For details, see the section describing enabling SSL on the Client SDK in the Hardening section of the UCMDB Help.

  4. Standalone environment: If you stopped the Integration Service above you must clear the Integration Service data:

    In C:\hp\UCMDB\UCMDBServer\integrations\tools run clearProbeData.bat

  5. IMPORTANT!

    Note: This step is relevant only if you are upgrading to 11.0 on a new machine, and if you customized the key.bin in your previous deployment.

    Before you start the UCMDB Server, you must copy the encryption key (key.bin) that you backed up before you started the upgrade procedure to the following folder on the new machine:

    C:\hp\UCMDB\UCMDBServer\conf\discovery\

    /opt/hp/UCMDB/UCMDBServer/conf/discovery/

  6. If UCMDB patches have been installed on top of your current UCMDB version, you need to remove any Probe patch archive (.zip) files that might be left over in the system:

    Note:  

    • This step is relevant only if you are upgrading UCMDB on top of your current version—that is, on the same machine.
    • In a high-availability environment, repeat this procedure on each machine that is being upgraded.

    In the C:\hp\UCMDB\UCMDBServer\runtime\probe_upgrade/opt/hp/UCMDB/UCMDBServer/runtime/probe_upgrade folder, delete all .zip files that have the probe-patch prefix.

  7. Start up the UCMDB 11.0 Server to complete the upgrade.

    Note: It may take several hours for the server to start up. You can follow the progress in the following log files (located in the ..\UCMDBServer\runtime\log folder):

    • servicepack.install.log
    • upgrade.short.log
    • upgrade.detailed.log
  8. Standalone environment: If you stopped the Integration Service, restart it.

  9. High-availability environment:

    If you are upgrading a high-availability environment, or your upgraded environment is to be a high-availability environment:

    1. Install UCMDB 11.0 on each of the machines that will be included in the UCMDB Server cluster:

      • If your current environment is a high availability environment , follow steps above to upgrade each UCMDB Server in the current the UCMDB 10.xx Server cluster to version 11.0.
      • To install new or additional servers, go back to the selection page of this interactive guide, and select Install UCMDB 11.0 and High Availability and following the generated instructions.
    2. Ensure that one of the UCMDB Servers in the cluster is up and running (has the Up status), and then start the other UCMDB Servers.

    Note: In UCMDB 11.0, all of the UCMDB Servers in a high-availability environment are active, while also providing high availability in case of server failure.

Upgrading UCMDB - Upgrade the PostgreSQL Server (Optional)

When you manually upgrade the PostgreSQL server, use the same account as you install the UCMDB Server.

Important: The commands in this section are only examples under the assumption that the existing PostgreSQL installation is installed and configured as follows:

  • The PostgreSQL installation folder is <UCMDBServer>\PostgreSQL.

    Starting with version 11.0, for new install, the default installation folder is C:\UCMDB\UCMDBServer\PostgreSQL; for upgrade, make sure you select the existing installation folder, which is C:\hp\UCMDB\UCMDBServer\PostgreSQL.

  • The port for the PostgreSQL server is 5431.
  • The username of the PostgreSQL server is admin. This username is specified during the UCMDB installation.
  • The CMDB schema name is ucmdb_database.

You must customize the commands if your PostgreSQL installation is different.

Do not copy and paste these commands into the command line. Otherwise, the commands may not be recognized correctly. Always type the commands into the command line.

  1. Download PostgreSQL 9.4.8 binaries (Win x86-64) from the PostgreSQL website:

    http://www.enterprisedb.com/products-services-training/pgbindownload

  2. Stop the UCMDB Server.
  3. On the UCMDB server, back up the dump file by executing the following commands:

    cd C:\hp\UCMDB\UCMDBServer\PostgreSQL\pgsql\bin
    pg_dumpall -h localhost -p 5431 -U admin > backup.dump

    Note: You need to type in the password of the admin user four times.

  4. Monitor the dump file size in the PostgreSQL\pgsql\bin folder. When the size remains unchanged for 10 minutes, press Enter in the command line.

    Note: Depending on the database size, the back-up can take five minutes or even longer.

  5. Stop the UCMDB_Server_DB service.
  6. Rename the PostgreSQL folder (for example, rename it to PostgreSQL.old), create a new folder named PostgreSQL, and then extract the downloaded PostgreSQL 9.4.8 binaries into the PostgreSQL folder.
  7. Copy the pgInitDB.bat, pgStart.bat, and pgStop.bat files from the PostgreSQL.old folder to the PostgreSQL folder.

  8. Initiate the new version of PostgreSQL database by using the command line.

    cd C:\hp\UCMDB\UCMDBServer\PostgreSQL\pgsql\bin
    initdb -D "C:\hp\UCMDB\UCMDBServer\PostgreSQL\pgsql\data"
  9. Restore the configuration file. To do this, copy the ucmdbpg.conf file from the PostgreSQL.old\pgsql\data\ folder to the PostgreSQL\pgsql\data folder.
  10. Register the new PostgreSQL as a UCMDB_Server_DB service by executing the following commands:

    pg_ctl.exe register -N UCMDB_Server_DB -D "C:\hp\UCMDB\UCMDBServer\PostgreSQL\pgsql\data"
    sc description UCMDB_Server_DB "UCMDB Database"
    net start UCMDB_Server_DB

    The UCMDB_Server_DB service is then started.

  11. Create the PostgreSQL database by executing the following command:

    createdb ucmdb_database
  12. Create a new account by executing the following command:

    createuser –s –P admin

    Note: Use the same credentials as used in the previous PostgreSQL server.

  13. Restore the dump data into the new version of PostgreSQL server by executing the following command:

    psql -U admin -d ucmdb_database -f "C:\hp\UCMDB\UCMDBServer\PostgreSQL.old\pgsql\bin\backup.dump"
  14. Start the UCMDB Server.

If any problem occurs or the upgrade fails and you wish to rollback to the previous PostgreSQL server installation, you can delete the newly created PostgreSQL folder and then rename the PostgreSQL.old folder to PostgreSQL. You can then follow the above steps to perform the upgrade again.

When you manually upgrade the PostgreSQL server, use the same account as you install the UCMDB Server.

Important:  

The commands in this section use the following variables:

  • $UCMDB_Home: UCMDB installation directory
  • $SupervisorUser: Username of the PostgreSQL server
  • $Password: Password of the PostgreSQL server user
  • $Port: Port of the PostgreSQL server
  • $DBName: UCMDB schema name

You must replace the variables with their actual values when you run the commands in this section.

  1. Download PostgreSQL 9.4.8 binaries (Linux x86-64) from the PostgreSQL website:

    http://www.enterprisedb.com/products-services-training/pgbindownload

  2. Stop the UCMDB Server.
  3. On the UCMDB server, back up the dump file by executing the following command under the $UCMDB_Home/PostgreSQL/pgsql/bin folder.

    su postgres_server -c "./pg_dumpall -h localhost -p $Port -U $SupervisorUser > backup.dump"

    Note: You need to type in the password of the PostgreSQL server user four times.

  4. Verify that the backup file is created in the $UCMDB_Home/PostgreSQL/pgsql/bin folder after the backup process is complete.
  5. Stop PostgreSQL.
  6. Rename the $UCMDB_Home/PostgreSQL folder to PostgreSQL.old, create a new folder named PostgreSQL, and then extract the downloaded PostgreSQL 9.4.8 binaries into the PostgreSQL folder.
  7. Copy the following files from the PostgreSQL.old folder to the same subfolders under the PostgreSQL folder:

    • pgStart.sh
    • pgStop.sh
    • pgInitDB.sh
    • postgresql.server
    • backup.dump
  8. Execute the following commands:

    chown -R postgres_server:postgres_server PostgreSQL
    find $UCMDB_Home/PostgreSQL -type f \( -name "*.sh" -or -name "*.sql" -or -name "*.conf" -or -name "*.cnf" \) -exec dos2unix {} \;
    chown -R postgres_server:postgres_server PostgreSQL"
    cd $UCMDB_Home/PostgreSQL
    chmod -R 770 .
    su postgres_server -c "$UCMDB_Home/PostgreSQL/pgInitDB.sh $SupervisorUser $Password $Port" 
    cd $UCMDB_Home/PostgreSQL/pgsql
    chmod a+rx ./postgresql.server 
    cp $UCMDB_Home/PostgreSQL/pgsql/postgresql.server /etc/init.d/ 
    chkconfig --add postgresql_server
    service postgresql_server start
    cd $UCMDB_Home/PostgreSQL/pgsql/bin
    su postgres_server -c "./createdb -U $SupervisorUser -h localhost -p $Port $DBName"
    su postgres_server -c "./psql -f backup.dump -U $SupervisorUser -d $DBName -p $Port"
    
  9. Start the UCMDB Server.

If any problem occurs or the upgrade fails and you wish to rollback to the previous PostgreSQL server installation, you can delete the newly created PostgreSQL folder and then rename the PostgreSQL.old folder to PostgreSQL. You can then follow the above steps to perform the upgrade again.

Upgrading UCMDB - Post-Upgrade Procedures

The following steps may be necessary after the upgrade.

  • Set Master Key. If the master key is not set in the previous version of UCMDB, you must set the master key after upgrading to 11.0. Otherwise, the UCMDB UI is inaccessible. For more information about how to do this, see "How to Set Master Keys" in the JMX Reference sectionJMX Reference section of the UCMDB Help.
  • UCMDB Browser. When upgrading to 11.0, the embedded UCMDB Browser 11.0 is automatically installed. If you are working with an earlier version of the UCMDB Browser, you must update it manually.

  • Reverse Proxy. If the upgraded system is not going to run on the same machine as the previous version, you need to reconfigure the reverse proxy after the upgrade. For configuration details, see "Using a Reverse Proxy" in the Hardening section of the UCMDB Help.

  • SSL.

    • Reinstall SSL configurations. For details, see "Enabling Secure Sockets Layer (SSL) Communication" in the Hardening section of the UCMDB Help.

    • If SSL was activated on the source system, restore the \conf\security folder that you backed up before the upgrade.

  • LW-SSO. Configure LW-SSO. For details, see "Lightweight Single Sign-On (LW‑SSO) Authentication" and "Enabling Login to Universal CMDB with LW-SSO" in the Hardening section of the UCMDB Help.

  • JMX Console. If you configured Java JMX access hardening, copy the file that you saved before the upgrade back into C:\hp\UCMDB\UCMDBServer\bin\jre\lib\management\jmxremote.password/opt/hp/UCMDB/UCMDBServer/bin/jre/lib/management/jmxremote.password, and edit the file's permissions so that:

    • the owner of the file is the same user that runs the UCMDB service

    • only the owner has permission to view the file (Reminder: This file has the JMX protocol password in clear text)

    For more details, see "Java JMX Access Hardening" in the Hardening section of the UCMDB Help.

  • Redo modifications on integration (federation) adapters. All adapters must be compatible with the new Universal Data Model. If you made changes to existing out-of-the-box adapters, you must make the same changes to the adapter files in version 11.0. Do not copy files from your previous version and overwrite the files in version 11.0.

  • Enable Aging. During the upgrade, aging is disabled to prevent CIs from being deleted because of the time during which the Probe is not collecting data (between the running of the upgrade process and until discovery starts reporting all CIs).

    It is very important to re-enable aging. However, it is recommended to wait until the system has stabilized before re-enabling aging. To verify that the system has stabilized, run discovery and monitor all CIs that are marked for deletion. For details, see "Universal Discovery " in the Data Flow Management section of the UCMDB Help.

    Re-enable aging from the Administration > CI Lifecycle module and restart the server. For details about aging, see "CI Lifecycle and the Aging Mechanism" in the Administer section of the UCMDB Help.

  • CyberArk Integration. Check if new hash value is the same as the one you configured in the CyberArk server. If different, re-generate the hash value using the following command:

    java -Xms500m -Xmx1200m -jar JavaAIMGetAppInfo.jar GetHash /AppExecutablesPattern="C:\hp\UCMDB\DataFlowProbe\lib" /OnlyExecutablesWithAIMAnnotation=yes /LogFileDirectory="c:\temp"

    And then fill the newly generated hash value into the CyberArk server.

Set Up High Availability Mode

Note: This section is relevant only if your upgraded environment is to be a high-availability environment.

A typical configuration for a high-availability environment is two or more UCMDB Servers connecting to the same database server. The server are configured to work behind a load balancer, that is, the load balancer serves as the entry point to the UCMDB Servers. All of the UCMDB Servers are active at any given time and can handle both read and write requests. Requests are distributed to the UCMDB Servers in the cluster by the load balancer. While read requests are shared evenly among all of the UCMDB Servers (Readers), only one UCMDB Server (Writer) is also responsible for write requests at one time. Any write requests received by a Reader are passed to the Writer. Moreover, any of the UCMDB Servers can take over the Writer role in the case that the Writer becomes unavailable.

Note:

  • The load balancer used for high availability must have the ability to insert cookies and must be able to do health checks ("keepalive").

  • The instructions defined below are certified over the load balancer, F5 BIG-IP version 10.x (and later).

    If you are using a different load balancer, the configuration should be performed by a network administrator who has a wide knowledge about how to configure your load balancer, and similar principles should be applied.

  • The set up procedure below assumes that you already have at least one UCMDB Server installed and configured.

To set up a high availability environment:

To set up a high availability environment after upgrading from UCMDB 10.xx to UCMDB 11.0:

  1. Install one or more additional UCMDB Servers to create a UCMDB Server cluster

    Install the UCMDB Servers as you did the first UCMDB Server with one difference: when running the Server Configuration wizard to configure the database on the additional UCMDB Server, select Connect to an existing schema, and provide the details of the schema you created for the first UCMDB Server.

    For details on installing UCMDB Servers, see Installing the UCMDB Server - Installation.

    Note:  

    • The machines used for all of the UCMDB Servers in the cluster should have similar hardware (and the same amount of memory) and should be running the same operating system.

    • UCMDB Servers in the cluster must work on the same port number for HTTP, HTTPS, and so on. You cannot configure the two UCMDB Servers to work on different ports.

    • If you are working in an IPv6-only environment, ensure that the UCMDB Server machines are configured for IPv6.

      1. In the wrapper.conf file, locate the following line:

        wrapper.java.additional.<#>=-Djava.net.preferIPv4Stack=true

      2. If it is not commented out, then comment it out.
  2. Complete the Server Startup

    1. If the first UCMDB Server (preferably the writer server) is not started, start the process. Wait until the startup process is complete.

    2. Copy the <UCMDBServer>/conf folder from the first server (the writer) to the other servers.

    3. Start the other UCMDB Servers.

  3. Configure the Load Balancer

    The load balancer is used to balance load sent to the UCMDB Servers in the cluster. Configure the load balancer as follows:

    1. Configure VIP addresses. On the load balancer:

      • Configure a Cluster VIP address to send requests to the whole UCMDB Server cluster.

      • Configure a Writer VIP address to send requests to the Writer only (for Universal Discovery only).

      Note: Keep a note of the defined VIP addresses.

      • When defining the communication settings between the UCMDB Server and the Data Flow Probes, always use the Writer VIP address when prompted for the UCMDB Server name.

      • When defining the communication settings between the UCMDB Server and other applications, always use the Cluster VIP address when prompted for the UCMDB Server name.

    2. Configure two identical pools of backend servers that represent all of the UCMDB Servers in the cluster. The two pools will be monitored by different health monitors. One pool will be sent requests that are intended solely for the Writer server (only for Universal Discovery), and the other pool will be sent requests that can be processed by any server in the cluster.

    3. Configure the health monitors (keepalive addresses). The health monitors check for the keepalive page of each of the UCMDB Servers.

      • Configure the following URL for the Cluster VIP address:

        /ping/

      • Configure the following URL for the Writer VIP address:

        /ping/?restrictToWriter=true

      • Possible responses from both of these URLs are Up or Down with http response codes 200 OK or 503 Service unavailable respectively.

        The expected response should be Up.

        For more details, see How to monitor High Availability cluster with endpoint /ping below.

    4. Connect the health monitors to the respective UCMDB Server pools configured above.

    5. Configure "session stickiness" on the load balancer:

      1. Configure the load balancer to insert cookies to the responses sent back to UCMDB clients.

        Using the Insert method, add a persistence profile of type cookie for each VIP address.

        Note: The cookie name and value are unimportant, as long as the load balancer knows how to maintain stickiness with the cookies it sends out.

      2. Important! Since F5 BIG-IP adds a session cookie only to the first request per connection to the server, you must do the following:

        1. Log into UCMDB.

        2. Go to Administration > Infrastructure Settings, and change the Force connection closing for SDK clients to true.

          When this setting is set to true, the UCMDB SDK clients add a Connection:close header to each authentication request and class download request sent to the server. This way the load balancer will think this is a first request in a connection and add the session cookie to the response.

        Note: This is relevant to load balancers which, like F5 BIG-IP version 10.x, add a session cookie to the first request per connection to the server only.

        If the load balancer you are using adds a session cookie to every response, Force connection closing for SDK clients should be set to false (as is the default). In this case, setting it to true can lead to a decline in system performance.

    6. If the VIP is configured to accept secure connections and the load balancer forwards the requests to the UCMDB servers over HTTP, you must configure redirect rewrites. In the F5 UI, configure the HTTP profile associated with the VIP to rewrite all redirects by enabling the following option: Redirect Rewrite select All.

    Note: If the load balancer is configured to forward requests to backend over HTTP, an extra setting is required to be done on the load balancer. The load balancer admin should configure the load balancer to rewrite the Location header to correctly point to the load balancer URL. This needs to be done for HTTP connections that go to the jmx-console. This can be achieved through a regular expression like the following:

    (https:\/\/(.*)):(\d*)(.*) \1\4

    where the yellow part is the matching part and the green part is the replacing part.

  4. Configure Data Flow Probes

    When you install a Data Flow Probe, use the load balancer's Writer VIP address when defining the Universal CMDB Server name.

    If you already have a Data Flow Probe installed:

    1. Stop the Probe.

    2. In the /opt/UCMDB/DataFlowProbe/conf/DataFlowProbe.propertiesc:\UCMDB\DataFlowProbe\conf\DataFlowProbe.properties file, change the serverName attribute to point to the Writer VIP address.

    3. Restart the Probe.

 

How to monitor High Availability cluster with endpoint /ping

The endpoint /ping allows monitoring of the High Availability cluster. So far the endpoint could be configured to ask for the status of:

  • entire cluster (writer + readers)
  • only writer

The restrictToReader parameter was added to the aforementioned endpoint that returns the status of only the readers in the cluster.

To configure this, the endpoint /ping should be called with the following parameter: restrictToReader=true

For example, /ping:8443?restrictToReader=true

Note: In case both restrictToWriter and restrictToReader parameters are present and have the value set to true, for example,

/ping:8443?restrictToReader=true&restrictToWriter=true

Only the parameter restrictToWriter will be taken into account.

As a best practice for deployments that rely heavily on UCMDB Browser, we recommend the use of a UCMDB HA Cluster with at least three nodes (one writer and two readers).

For this type of deployment, we recommend that two virtual IPs are created on the load balancer:

  • One that points only to the writer, the endpoint for health check is: <UCMDB_URL>/ping?restrictToWriter=true
  • In case that the cluster contains 2 or more reader servers, one endpoint that points to all the reader servers. The endpoint for health check is: <UCMDB_URL>/ping?restrictToReader=true

  • In case that the cluster contains 1 reader server, one endpoint that points to all the servers (reader and writer). The endpoint for health check is: <UCMDB_URL>/ping

The health check endpoint will return:

  • status code 200 and the payload "Up" if the application is started successfully.
  • status code 503 and the payload "Down" if the application is not yet fully started.

Note that other elements can affect the health check process, in this case the load balancer can get an error similar to "Connection refused".

Set up a high availability UCMDB Server and UCMDB Browser Environment with F5 BIG-IP Load Balancer and WebSEAL Reserve Proxy

This end-to-end use case describes how to set up a high-availability UCMDB and UCMDB Browser environment with F5 BIG-IP load balancer and WebSEAL reverse proxy.

Note: Product versions used in this end-to-end use case:

  • F5 BIG-IP version 13.00 Build 0.0.1645 Final
  • WebSEAL version 8.0.1.0
  • UCMDB version 11.0
  • UCMDB Browser Standalone version 11.0

The diagram below illustrates the overall architecture of the environment we will set up.

This case contains the following key tasks:

  1. UCMDB Server configuration
  2. F5 load balancer configuration
  3. WebSEAL reverse proxy configuration
  4. UCMDB Browser configuration

UCMDB Server configuration

  1. Prerequisites

    1. You have installed the UCMDB Server and UCMDB Browser.
    2. (Optional) You have set up high availability mode by following the instructions in the Deployment Guide: "Set Up High Availability Mode".

  2. Export the out-of-the-box UCMDB server keystore to a cert file

    If using the out-of-the-box (OOTB) UCMDB cert, export it for later use.

    To export the UCMDB server keystore (server.keystore) to a cert file (server.cert), do the following:

    1. Open the command prompt and run the following command:

      C:\UCMDB\UCMDBServer\bin\jre\bin\keytool.exe -export -alias <certificate alias> -keystore <Keystore file path> -file C:\UCMDB\UCMDBServer\conf\security\server.cert

      where:

      • certificate alias is the name given to the certificate.

      • Keystore file path is the full path of the location of the keystore file.

      For example, for the out-of-the-box server.keystore use the following command:

      C:\UCMDB\UCMDBServer\bin\jre\bin\keytool.exe -export -alias hpcert -keystore C:\ucmdb\ucmdbserver\conf\security\server.keystore -file C:\UCMDB\UCMDBServer\conf\security\server.cert

      Note: If self-signed certificate is not used, but a company generated certificate, use the following command to get the alias for this certificate:

      C:\UCMDB\UCMDBServer\bin\jre\bin\keytool.exe -list -keystore c:\ucmdb\ucmdbserver\conf\security\server.keystore

      Keystore type: JKS

      Keystore provider: SUN

      Your keystore contains 1 entry.

      <alias>, 14 Sept. 2012, PrivateKeyEntry.

      Certificate fingerprint (SHA1): 2A:52:DF:17:D9:A5:37:2D:1F:1D:BA:4B:41:46:33:A8:18:42:5B:D7

      The alias will look like: {45789-15478-1236-7895}

      Use this alias to export the certificate.

    2. Enter the keystore password.

    3. Verify that the certificate was created in the following directory: C:\UCMDB\UCMDBServer\conf\security\server.cert

    4. Convert the generated JKS file into PKCS12 format using UCMDB key tool keytool.exe (located in the <UCMDBServer>\bin\jre\bin directory). (WebSEAL requires PKCS12 format cert.)

      Run the following command:

      C:\UCMDB\UCMDBServer\bin\jre\bin\keytool.exe -importkeystore -srckeystore server.keystore -destkeystore server.p12 -srcalias <source serverkey> -destalias <target serverkey> -srcstoretype jks -deststoretype pkcs12 -srcstorepass <keystore password> -deststorepass <keystore password> -noprompt
      

      The server.p12 file is the resulting PKCS12 format cert.

  3. (Single Sign-On only) Set IDM User Name

    1. Go to UCMDB server JMX console.
    2. Locate the setUserName JMX operation under the UCMDB-UI:name=LW-SSO Configuration category.
    3. Provide the following parameter values for the setUserName JMX method:

      • Is inbound handler enabled: True
      • LW-SSO IDM User Name: <The real value for the IDM user name>. For example, iv-user (if you are using LDAP with user iv-user).
    4. Click Invoke.
  4. Set UCMDB Browser URL

    1. In UCMDB UI, go to Administration > Infrastructure Settings Manager.
    2. Locate the UCMDB Browser URL infrastructure setting, and set the value to your WebSEAL URL.

F5 load balancer configuration

  1. Make sure you have a working F5 BIG-IP load balancer environment.
  2. Log in to the F5 BIG-IP load balancer environment.
  3. Make sure you have created the following in the F5 BIG-IP load balancer environment (Local Traffic > Virtual Servers > Nodes|Pools):

    • A node for each of the virtual machines on which UCMDB server and/or UCMDB Browser are running.
    • A pool that contains all the above nodes.
  4. Import the UCMDB CA cert/key into F5.

    1. In the navigation pane, go to Main > System > Certificate Management.
    2. Click Import .
    3. In the SSL Certificate/Key Source page, select Import Type:

      • When selecting Certificate, do the following:

        • Certificate Name: Keep Create New selected and provide the certificate name.
        • Certificate Source: Keep Upload File selected, click Browse... to select the UCMDB server.cert file you exported earlier.
      • When selecting Key, do the following:

        • Key Name: Keep Create New selected and provide the key name.
        • Certificate Source: Keep Upload File selected, click Browse... to select the UCMDB key file.
    4. Click Import .
  5. Add UCMDB CA cert/key to Certificate Key Chain.

    1. In F5, go to Local Traffic > Virtual Servers > Profiles > SSL.

    2. Select and click an existing UCMDB cert profile.

      Note: Create a SSL profile for HTTPS by clicking Create if you do not have one.

    3. Go to the Certificate Key Chain configuration setting, click Add .

    4. In the Add SSL Certificate to Key Chain dialog, select or provide values for the following settings as appropriate and click Add :

      Certificate: Select the UCMDB certificate file.

      Key. Select the UCMDB key.

      Chain. Select the UCMDB chain.

      Passphrase. Provide a pass phrase.

  6. Create a cookie-based persistence profile.

    1. In F5, go to Local Traffic > Virtual Servers > Persistence, and click Create .
    2. Select Cookie for Persistence Type and provide a name for the persistence profile.
    3. Click Finished.
  7. Create a virtual server.

    1. In F5, go to Local Traffic > Virtual Servers, and click Create .
    2. Specify values the following settings:

      • Configuration > HTTP Profile: http
      • Configuration > SSL Profile (Client): Select the UCMDB cert you imported in step 5 from the Available column and add it into the Selected column.
      • Configuration > Source Address Translation: Auto Map (If you select SNAT, make sure you configure SNAT related settings properly)
      • Resources > Default Persistence Profile: Select the persistence profile you created in step 6.
    3. Provide values for other settings as appropriate.
    4. Click Finished.

WebSEAL reverse proxy configuration

  1. Configure WebSEAL reverse proxy by following IBM official documentation: IBM Security Access Manager (ISAM) Reverse Proxy Scenario.

    Important: During the configuration, in the Identity tab of the Edit a Standard Junction window, make sure you set the following settings as described below:

    • Junction Cookie: Leave the checkbox unselected
    • Include session cookie: Select the checkbox
    • HTTP Basic Authentication Header: For UCMDB Browser and RESTful API authentication to work properly, select Ignore from the dropdown list.

    • (Optional) HTTP Header Identity Information: Select IV-USER if you are using LDAP with user iv-user.

  2. Import UCMDB cert (OOTB or self-signed).

    1. In IBM Security Access Manager, go to Manage > Secure Settings > SSL Certificate.
    2. Go to Manage > Edit SSL certificate database menu option, and select pdsrv.
    3. Go to the Personal Certificates tab, check if the OOTB UCMDB cert (for example, ucmdbcert) is already listed in this tab.
    4. If no, select Manage > Import from the menu.

      Provide the self signed certificate from the UCMDB Browser/UCMDB Server or the OOTB UCMDB cert.

      Make sure the cert type is PKCS12. If not PKCS12, you may need to convert it to PKCS12 from JKS.

      Note: The OOTB UCMDB cert can be converted to PKCS12 using UCMDB key tool keytool.exe (located in the <UCMDBServer>\bin\jre\bin directory). For the conversion command, see step 2.d in UCMDB Server configuration.

UCMDB Browser configuration

  1. Configure the ucmdb_browser_config.xml file.

    1. Open the ucmdb_browser_config.xml file (located in the <UCMDB_Browser_install_dir>\conf folder) using a text editor.
    2. Set the <hostname> parameter value to the VIP that you set in F5.
    3. Set the <host_port> parameter to the Port that you set in F5.
    4. (Single Sign-on only) If you are using LDAP with user iv-user, locate the <webui> tags, then the <validation> tags, copy and paste the following into the file:

      <in-ui-identity-management>
          <identity-management> 
              <userNameHeaderName>iv-user</userNameHeaderName> 
          </identity-management>
      </in-ui-identity-management>
      
    5. Save the file.
  2. Create and configure a credentials file.

    1. Create a credentials.txt file and put it in the same directory as the ucmdb_browser_config.xml file.
    2. In the file credentials.txt, enter the following content:

      • user=UISysadmin
      • password=<your-password>
    3. Save the file.

Verify the configured environment works

To do so, log in to any of the following:

Environment Login URL Remarks
WebSEAL https://<WebSEAL URL>:<port><WebSEAL Junction> Including UCMDB Browser, UCMDB server, and API
F5 https://<VIP>:<port> Including UCMDB Browser and UCMDB server
UCMDB Browser https://<UCMDB Browser IP address>:<port>  
UCMDB Server https://<UCMDB Server IP address>:<port>  

Set Up a Standalone Solr Environment

  1. Download Apache Solr 6.2.1 (or a later version) from http://archive.apache.org/dist/lucene/solr/, and then extract the package to a local folder.
  2. Create and configure the Solr home. To do this, follow these steps:

    1. Create a directory that will be the Solr home.
    2. Copy the solr.xml file under the <UCMDB_Server_Home>\search\solr_dp folder to the Solr home.
    3. Create the following folder structure in the Solr home:

      configsets\ucmdb_configs\conf

    4. Copy the following files from the <UCMDB_Server_Home>\search\solr_dp\configsets\ucmdb_configs\conf folder to the <Solr_home>\configsets\ucmdb_configs\conf folder:

      • mappings.txt
      • protwords.txt
      • schema.xml
      • solrconfig.xml
      • stopwords.txt
      • stopwords_en.txt
      • synonyms.txt
  3. Start Solr.

    To do this, go to the <Solr_install_dir>\bin directory in a command prompt, and then run the following command:

    solr start -s <Solr_home>

    Note:  

    • <Solr_install_dir> is the directory where the Solr package is extracted. <Solr_home> is the full path to the Solr home you created in Step 2.a.
    • To check if Solr is started, go to http://<FQDN of Solr Hostname>:8983/solr, which is the URL for Solr dashboard.
    • To stop Solr, run the solr stop -all command in the same directory.
  4. Add the following settings into <UCMDB_Server_Home>\conf\settings.override.properties.

    cmdb.search.solr.standalone=true

    cmdb.search.solr.standalone.url=http://<FQDN of Solr Hostname>:8983/solr

    Note: The value for cmdb.search.solr.standalone.url should be the URL verified in Step 3.

  5. Increase Solr memory size.

    By default Solr allocates only 512MB RAM. You might need to increase this setting, depending on the server’s RAM and other processes that run on the same server.

    To increase Solr memory size,

    1. Open the following file using a text editor:

      Windows: <UCMDB_install_dir>\solr\bin\solr.in.cmd

      Linux: <UCMDB_install_dir>/solr/bin/solr.in.sh

    2. Locate the following setting and increase the setting to a desired value:

      • Windows:

        set SOLR_JAVA_MEM=-Xms512m -Xmx2048m

        where Xms is the initial amount, Xmx is the total amount of memory allocated.

      • Linux:

        SOLR_JAVA_MEM="-Xms512m -Xmx2048m"
    3. Save the file.
  6. Restart the UCMDB Server.

Note: In a High Availability environment, all the UCMDB servers have to be connected to the same standalone Solr.

Set Up a Solr HA Cluster Based on Zookeeper

To deploy Solr HA cluster based on Zookeeper, follow these steps:

  1. Install the Apache Zookeeper. To do this follow these steps:

    1. Download Apache zookeeper 3.4.6 (https://archive.apache.org/dist/zookeeper/zookeeper-3.4.6/).

    2. Unzip the downloaded package.

      The path where you unzip the package will be later referred as <zookeeper_install_dir>.

    3. Go to the <zookeeper_install_dir>\conf folder and rename the zoo_sample.cfg file to zoo.cfg.

    4. Open the zoo.cfg file using a text editor.

      1. Locate the dataDir property in line 12.
      2. Set its value to a folder of your choice.

        Example: dataDir=D:/zookeeper/dataDir

      3. At the end of the file, add the IP to which you want Zookeeper to listen.

        Example:

        clientPortAddress=192.168.168.68

        Otherwise Zookeeper will listen to 0.0.0.0:2181 by default.

      4. Save the file.
    5. Go to the <zookeeper_install_dir>\bin folder and start the zookeeper by executing the following from the command line:

      Windows:zkServer.cmd

      Linux:zkServer.sh start

      Now zookeeper is running at HTTP://<zookeeper_ip>:<zookeeper_port> (You can change the port in the zoo.cfg file).

  2. Install Solr in cloud mode. To do this follow these steps:

    1. Download Solr 6.2.1 distribution (http://archive.apache.org/dist/lucene/solr/6.2.1/) on a different machine from the zookeeper.

      Note: Solr 6.2.1 requires JAVA 8.

      JAVA_HOME needs to be set as a system path or environment variable.

    2. Unzip the downloaded package.

    3. Create a directory where Solr is to be located and used as a running directory. You can call this directory <Solr_installDir>. Example: D:\Solr\6.2.1

      1. Copy the contents of the Solr package into this directory.

      2. Go to the <UCMDB_Server>\search\solr_dp directory and copy the solr.xml file and the configsets directory file to <Solr_installDir>.

    4. Start Solr in cloud mode:

      1. To start Solr in cloud mode, execute the following command from the bin folder:

        bin/solr start -cloud -s <Solr_installDir> -p 8987 -z <zookeeper_ip>:<zookeeper_port>

        Examples:

        solr start -cloud -s "D:\Solr\6.2.1\index\solr -p 9999 -z myzookeeper:2181
        solr start -cloud -s "D:\Solr\6.2.1\index\solr -p 9999 -z 16.66.166.166:2181

        Now Solr is started in cloud mode and it is connected to the zookeeper.

    5. On a different machine, install another Solr and connect to the zookeeper in the same way.

      After this you have a Solr cloud cluster up and running with 1 zookeeper and 2 Solr nodes.

    6. You can extend Solr cloud culster by adding more Solr machines to the zookeeper.

  3. Configure UCMDB for Solr cloud. To do this follow these steps:

    1. Go to the UCMDB server JMX console > UCMDB:service=Topology Search Services.
    2. Locate the setupSolrCloudConfiguration operation.
    3. Provide values for the parameters and make sure that the setup meets both of the following requirements:

      • numberOfShards * replicationFactor) % numberOfNodes == 0
      • numberOfShards * replicationFactor) / numberOfNodes == maxShardsPerNode
    4. Click Invoke.
    5. Restart UCMDB server.

      UCMDB server will create the index in Solr based on the configurations you provided in the JMX console.

    Note:  

Example

Below is an example of how the index will look like for a UCMDB with 2 customers with the following Solr cloud configuration:

Solr Cloud Configuration:
Number of nodes: 2
Number of shards: 2
Replication Factor: 2
Zookeeper URL: 16.66.166.166:2181
Is Solr Cloud enabled: true

You can see that the there are 2 indexes, one for each customer, customer1 and customer2.

Each index is split into 2 shards, with shard 1 being on the Solr machine 16.66.66.66:9999 and replicated on Solr machine 16.66.66.66:8888. Shard 2 is also present on both machines. So if a Solr machine shuts down, the index will still be available from the other one, and the users can still perform searches.

Smart Software Analytics - Pre-Deployment Considerations

This section covers the pre-deployment requirements that your organization should meet when planning the SSA deployment.

 

System Requirements

  • Hardware

    Component Requirement
    Operating System 64-bit
    Memory 16G
    Number of Processors 8 or more processors

    Note: SSA would consume more resources on the UCMDB server and the Data Flow Probe server. It is strongly recommended to assign adequate hardware resources.

  • Operating System

    Hardware Platform OS Type OS Version and Edition Supported Recommended
    x86-64 Windows Server 2016 Datacenter and Standard, 64-bit (without the Nano Server installation option) Yes Yes
    x86-64 Windows Server 2012 R2 Standard/Datacenter editions, 64-bit Yes  
    x86-64 Windows Server 2012 Standard/Datacenter editions, 64-bit Yes  
    x86-64 Windows Server 2008
    • SP2, Standard/Enterprise editions, 64-bit
    • R2 and R2 SP1, Standard/Enterprise editions, 64-bit
    Yes
  • Additional Requirement

    • Microsoft Visual C++ 2010 x64 Redistributable Package

       

Get Installation Resources

Before deploying Smart Software Analytics, make sure that you have installed and configured the following:

  • UCMDB Server 11.0
  • UCMDB Browser 11.0

Also, get the following resources ready:

  • SSA installation package

 

Security Consideration

To enable SSA to work with UCMDB Browser and UCMDB Server, make sure you deploy SSA service on the same domain as UCMDB Browser's.

For example, if you can visit UCMDB Browser via https://<Browser_hostname>.microfocus.com:8090. Your SSA service should be deployed on https://<SSA_hostname>.microfocus.com as well.

Tip: It is recommended that you deploy these two products on the same machine.

Smart Software Analytics - Deployment

Before the installation, review the "Pre-deployment Considerations" section above and make sure that you meet all the requirements.

Note:  

  • It is recommended to create a user with Administrator privileges. SSA must be installed and started by a user with Administrator privileges.
  • SSA supports only Windows platforms.
  • (For upgrade only) It is recommended to uninstall SSA 2.0 before you install SSA 3.0. If you want to keep your customized configurations made in SSA 2.0, for example, the scheduler.cron parameter, keystore, and truststore, back up those configurations and copy them back to the corresponding folders in SSA 3.0 after the installation.

 

Installing SSA server

To install the SSA server, follow these steps:

  1. Extract the ZIP packages for Windows platform.

  2. Check if there is a newer version of master SAI files that have been released. If yes, download the latest master SAI files it and replace the older ones under the <SSA installation directory>\ssa-server\ssa\data\masterSAI folder.

  3. Execute the <SSA installation directory>\install_ssa_service.bat script to register SSA as the Windows service: CMS SSA Server.

  4. Execute the <SSA installation directory>\start_ssa_service.bat script to start the service.

Now you can launch and configure SSA from UCMDB Browser.

 

Post-Installation Setup

To ensure that Smart Software Analytics works in the best condition, it is recommended that you perform the following after installing Smart Software Analytics:

Monitor SSA

To monitor SSA, perform the following in a regular basis:

  • Confirm that the SSA service is running properly.
  • Check the log file for errors. In the log file, every change to the user SAI file and the autoteach.zsai file should be logged.
  • Check the <SSA installation directory>\ssa-server\ssa\data\scanFile folder. By checking the last modified time of each scanfile, you can have a clear understanding of the work done by SSA.

Back up User SAI Files

Always back up user SAI files timely in a regular basis to avoid potential data loss. All user SAI files are saved under the <SSA installation directory>\ssa-server\ssa\data\masterSAI folder.

Tip: As the SSA data is saved on the Windows file system, a backup system is used to prevent data loss due to file corruption. Whenever the SAI file is changed, a *.bak file would be saved in the same folder as backup.

Maintain the DK Package

The auto teach results would be more accurate with the latest DK package. Therefore, it is strongly recommended that you keep the DK package content on SSA up to date by downloading the latest package, which is released on ITOM Marketplace in a monthly base. Upload the master SAI files contained in the latest package when you finish downloading.

Smart Software Analytics - Security Configuration

Before starting SSA, to make sure that SSA could work with UCMDB Browser and UCMDB Server, configure SSA as follows:

  1. Go to <SSA_HOME>\ssa-server\config\ssa_lwsso_config.xml and then modify the following configuration:

    initString="This string should be replaced"
    <domain></domain>

    Note:  

    • The initstring should be the same as configured in UCMDB's LWSSO configuration. It can be retrieved by using the JMX method retrieveLWSSOConfiguration.
    • A value for the <domain></domain> element is required. Specify here the domain which can be visited by both the SSA service and the UCMDB Browser service.

    In the meantime, the LW-SSO configuration for UCMDB Browser should be modified in the same way. For details about configuring LW-SSO for UCMDB Browser, see "Configure LW-SSO" in the Universal CMDB Browser Online Help.

  2. Go to <SSA_HOME>\ssa-server\config\config.properties and modify the settings as shown below:

    UCMDB connection configuration:

    ucmdb.schema=https
    ucmdb.domain=FQDN or IP
    ucmdb.port=8443

    UCMDB Browser domain information:

    browser.schema=https
    browser.domain=FQDN Only
    browser.port=8090
    allowed.access.ip=*
    
  3. (Optional) Change the certificate.

    SSA could work with UCMDB and Data Flow Probe with the out-of-the-box certificate configuration.

    If you want to change the OOTB certificate in the ecosystem, follow the procedure as described below:

    1. When UCMDB's certificate is changed, make sure that you perform the following steps:

      1. Export UCMDB's public certificate.

        1. Open the command prompt and run the command:

          C:\UCMDB\UCMDBServer\bin\jre\bin\keytool.exe -export -alias <keystore alias> -keystore <Keystore file path> -file C:\UCMDB\UCMDBServer\conf\security\server.cert

          where:

          • keystore alias is the name given to the keystore.

          • Keystore file path is the full path of the location of the keystore file.

          For example, for the out-of-the-box server.keystore use the following command:

          C:\UCMDB\UCMDBServer\bin\jre\bin\keytool.exe -export -alias hpcert -keystore C:\ucmdb\ucmdbserver\conf\security\server.keystore -file C:\HP\UCMDB\UCMDBServer\conf\security\server.cert
        2. Enter the keystore password.

        3. Verify that the certificate was created in the following directory: C:\UCMDB\UCMDBServer\conf\security\server.cert

      2. Delete the old certificate in SSA server's Truststore by using the following command:

        <SSA_HOME>\jre\bin\keytool -delete -alias "ucmdb server" -keystore <SSA_HOME>\ssa-server\config\interface.truststore -storepass ssapass
      3. Import the new certificate which comes from UCMDB by using the following command:

        <SSA_HOME>\jre\bin\keytool -import -trustcacerts -keystore <SSA_HOME>\ssa-server\config\interface.truststore -storepass ssapass -alias "ucmdb server" -file <UCMDB CERT FILE>
    2. When SSA server's certificate is changed, make sure that you perform the following steps:

      1. Generate a new keystore (by using the command below to replace the ssa-server keystore under <SSA_HOME>\ssa-server\config\interface.keystore:

        <SSA_HOME>\jre\bin\keytool -keystore <temp folder>\interface.keystore -genkey -alias interface -keyalg RSA -keysize 2048 -storepass ssapass -keypass ssapass
      2. Export the public certificate from new keystore of ssa-server:

        <SSA_HOME>\jre\bin\keytool -export -alias interface -keystore <SSA_HOME>\ssa-server\config\interface.keystore -storepass ssapass -file <temp folder>\interface.crt
      3. Import interface.crt to the Data Flow Probe's Truststore.

        1. Open the command prompt and execute the following command:

          C:\UCMDB\DataFlowProbe\bin\jre\bin\keytool.exe -import -v -keystore C:\UCMDB\DataFlowProbe\conf\security\HPProbeTrustStore.jks -file C:\UCMDB\DataFlowProbe\conf\security\interface.crt -alias ssa
        2. Enter the keystore password: logomania

        3. When asked Trust this certificate?, press y and then Enter.

          The following message is displayed:

          Certificate was added to keystore.

    3. When Data Flow Probe's certificate is changed, make sure that you perform the following steps:

      1. Export Data Flow Probe's public certificate.

        1. Open the command prompt and run the command:

          C:\UCMDB\DataFlowProbe\bin\jre\bin\keytool.exe -export -alias <ProbeName> -keystore C:\UCMDB\DataFlowProbe\conf\security\client.keystore -file C:\UCMDB\DataFlowProbe\conf\security\<ProbeName>.cert
        2. When asked, enter the keystore password.

          The following message is displayed:

          Certificate stored in file <C:\UCMDB\DataFlowProbe\conf\security\<ProbeName>.cert>

      2. Replace the certificate in ssa-server using the following command:

        <SSA_HOME>\jre\bin\keytool -import -trustcacerts -keystore <SSA_HOME>\ssa-server\config\interface.truststore -storepass ssapass -alias <ProbeName> -file <PROBE CERT FILE>

Smart Software Analytics - Enable and Configure SSA

To enable and configure Smart Software Analytics, follow these steps:

  1. Access the Smart Software Analytics module.

    1. Access UCMDB Browser, using the following URL: https://<server_name or IP>:<port>/ucmdb-browser. Provide user name and password if required. Once you are logged in, you are on the UCMDB Home landing page.

      It is recommended that you access UCMDB Browser using Chrome.

    2. Click the UCMDB Modules menu icon in the upper left corner to expand the navigation bar, and then select Smart Software Analytics.
  2. On the top right of the Smart Software Analytics, click the SSA CONFIGURATION button. The Settings window is displayed.

  3. Enable and configure SSA settings as described in the following table.

    UI Element Description
    Enable SSA Switch to enable or disable SSA.
    SSA Server Domain

    Type the fully qualified domain name (FQDN) of your SSA server here, for example, ssa.microfocus.com. UCMDB Browser automatically checks whether the SSA server can be connected. If not, the following message is displayed: "SSA Server is not available."

    Note: For the first time to connect to an SSA server with self-signed certificate, you need to open another web browser window to accept the certificate by visiting the following URL:

    https://<SSA_domainname>:9554

    Define the schedule to send scanfile to SSA Select the Data Flow Probe for which you will define the schedule. You can define the schedule for all probes or a specific probe.
    <The frequency drop-down list>

    Define how frequently the selected probe or probes are scheduled to send scan files.

    Hour

    Define the exact hour when the selected probe or probes are scheduled to send scan files.

    Important: Before using SSA, check the Date and Time settings on the machines where SSA server, UCMDB server and UCMDB Browser are deployed. Make sure that these settings are consistent with each other. Otherwise, there might be overtime issues when SSA runs.

    SUBMIT Click this button to submit the SSA schedule configuration to the UCMDB server.

Smart Software Analytics - Troubleshooting SSA

This section includes:

 

Is My SSA Working

To check if SSA works properly, perform the following:

  1. Check if the SSA service is still running.
  2. Check the log files for errors.
  3. Monitor <SSA installation directory>\ssa-server\ssa\data\runtime\scanFile folder against accumulated files, which indicate that error occurs.
  4. If SSA does not work, restart the SSA service. Then, SSA will reload all SAI files.

    If SSA still fails to work normally after you restart the SSA service, it is possible that some SAI files are corrupted and a reset is needed.

 

How to Reset SSA

Restarting the SSA service could solve most problems. But if any SAI file is corrupted, you will need to reset SSA.

To reset SSA, follow these steps:

  1. Delete all runtime folders.
  2. Clean <SSA installation directory>\ssa-server\ssa\data\report if you do not need the report information.
  3. Back up the user SAI files and only leave Master SAI files under SSA installation directory\ssa-server\ssa\data\masterSAI.
  4. Restart the SSA service.
  5. Re-import all user SAI files. For details, see "How to Upload SAI Files to Through User Interface" in the Universal CMDB Browser Online Help.

    Note: In addition to uploading the SAI files to SSA server using SSA UI on UCMDB Home, you can also manually copy back the user SAI files into <SSA installation directory>\ssa-server\ssa\data\masterSAI. But you need to restart the SSA service after doing so.

 

Overtime Issues Occur When SSA Runs

Check the Date and Time settings on the machines where SSA server, UCMDB server and UCMDB Browser are deployed. Make sure that these settings are consistent with each other. Otherwise, there might be overtime issues when SSA runs.

Smart Software Analytics - Limitations

This version of SSA has the following limitations:

  • Multiple-session is not supported. Only one user has write permission on the SAI data via the SSA UI. Other users only have read rights.
  • As part of the security mechanism, a self-signed certificate is used for the communication between UCMDB Browser and UCMDB Server. When the UCMDB Browser is accessed for the first time on a machine, the web browser would pop up a warning message for the self-signed certificate. Users need to acknowledge that to continue with the log-in. You can refer to the Universal CMDB Hardening Guide for instructions about how to replace it with a more secure certificate.
  • Data Flow Probes that are upgraded to version 11.0 do not contain the out-of the-box certificate from SSA. Therefore, these Data Flow Probes cannot upload scan files to SSA server.

    Tip: Import SSA’s certificate into these Data Flow Probes. To do so, follow the instructions in step 3.b.iii. "Import interface.crt to the Data Flow Probe's Truststore" in Smart Software Analytics - Security Configuration.

Data Flow Probe - Notes Before you install

Note the following before installing the Data Flow Probe:

  • UCMDB and the Data Flow Probe should be installed within the company’s firewall and should not be deployed via the Internet.

  • The Probe can be installed before or after you install the Universal CMDB Server. However, during the installation of the Probe, you need to provide the UCMDB Server name, so it is preferable to install the UCMDB Server before installing the Probe.

  • Ensure that the network adapter on the machine on which you are installing Data Flow Probe is configured with the desired IP interface (IPv4/IPv6).

    Note: Configure these settings from the Windows Control Panel. DO NOT use the netsh interface install/uninstall <ip interface version> command. Configure these settings from the configuration file in /etc/sysconfig/network-scripts/ifcfg-eth0.

  • High-availability environment: Have your load balancer's Writer virtual IP address available. You will need this when defining the UCMDB Server name in the Data Flow Probe installation wizard.

  • Verify that you have enough hard disk space available before beginning installation. For details, see the section about Data Flow Probe requirements in the Support Matrix section of the UCMDB Help.

  • For details about licensing, contact Software Sales Assist team (sw_ssa@microfocus.com).

  • Before installing the Data Flow Probe, open the following file on the machine on which you are installing the Probe, and ensure that any lines containing "localhost" are commented out:

    %systemroot%\system32\drivers\etc\hosts

    /etc/hosts

  • If you are upgrading a Data Flow Probe, it is strongly recommended, before you start the upgrade procedure, to back up the following folder and restore it after performing the upgrade. This retains your manually imported customer certificates.

    C:\UCMDB\UCMDBServer\bin\jre\lib\security\cacerts

    /opt/UCMDB/UCMDBServer/bin/jre/lib/security/cacerts

Data Flow Probe on Windows

  • Before installing the Probe on a Windows machine, a user must have full control permissions on the file system. In addition, after installing the Probe, verify that the user who is running the Probe has full administration permissions on the file system where the Probe is installed.

  • (Second Probe only)

    • Supported combination: An existing Probe (of any version, separate or union mode) on Windows + a second Probe (of version 10.30 or later, union mode), reporting to two different UCMDB Servers

      That is to say, when installing a second Probe, you can

      • install it on Windows machine only
      • install a union mode Probe only
      • ignore the version of the existing Probe, as two Probes report to two different UCMDB servers
    • On the same Windows machine, you can have two Probes at most.

      Even if you run the Data Flow Probe installer once again in an attempt to install a third Probe, it just overrides the second Probe.

    • Multi network card is not supported
    • You can change the ports manually after the installation.

Data Flow Probe on Linux

  • Make sure you can connect to Linux GUI remotely. For example, you have VNC connection.
  • The Probe on Linux is intended for the CMS Sync integration only.
  • The Probe on Linux cannot be used for discovery.
  • An instance of PostgreSQL database must not be running on the machine on which you are installing the Probe. If an instance of PostgreSQL exists, you must disable it.
  • To install the Data Flow Probe on Linux, you must have root permissions to the Linux machine.
  • The PostgreSQL port, 5432, must be free.
  • If there is an operating system user called postgres, it must not have a password. It may be a local user though, without permissions to log in from remote machines.

Data Flow Probe - Ports

Before you install the Data Flow Probe, ensure that the relevant ports are open.

Note: During installation the default port is configured. To change the port number after the installation, see the section describing changing the Probe's port in the Universal CMDB Data Flow Management Guide.

 

Data Flow Probe Machine Ports

The following ports are used by the Data Flow Probe process on the Data Flow Probe machine:

Port Description
1977 Data Flow Probe’s web application port. Used for JMX console and other web services.
1978 If the Data Flow Probe is installed in separate mode (Probe Manager and Probe Gateway are running in separate processes), this port is used by the Probe Manager process for the web application port (Manager’s JMX console).
1979 Web application port for the second Data Flow Probe (if installed). Used for JMX console and other web services.
8453

Data Flow Probe’s secured web application port. Same as 1977, and is used for the JMX console and other web services if the Jetty HTTPS mode is enabled.

Also used to redirect Credential Manager requests when the Data Flow Probe is installed in separate mode.

8454

Data Flow Probe’s secured web application port. If the Data Flow Probe is installed in separate mode and Jetty HTTPS mode is enabled, this port is used by the Probe Manager process for the web application port (Manager’s JMX console).

8455

Secured web application port for the second Data Flow Probe (if installed). It is used to share the Incoming and Original directories via HTTPs.

1741 Port opened by the Probe Gateway to enable RMI (Remote Method Invocation) between Gateway and Managers.
1742 Port opened by the Probe Manager to enable RMI (Remote Method Invocation) between Gateway and Managers.
80 Opened by a CallHome service for Universal Discovery Agents.
81 Opened by a CallHome service for Universal Discovery Agents. This port is used by the second Data Flow Probe (if installed).
5432 Port used by the PostgreSQL database.
5433 Port used by the PostgreSQL database for the second Data Flow Probe (if installed).
1777 Port used by the Tanuki wrapper.
2055 Port opened when the Collect Network Data by Netflow job has been activated. Used for connecting netflow data reported by nProbe software.
34545

Port used by the XML Enricher.

Note: The port 34545 only listens on localhost if Data Flow Probe is newly installed. However, if Data Flow Probe is upgraded to the latest version, you need to add the following setting to the wrapperEnricher.conf file manually.

# Make rmi listen on localhost only
wrapper.java.additional.<the number>=-Djava.rmi.server.hostname=localhost
34645 Port used by the XML Enricher for the second Data Flow Probe (if installed).

 

Remote Machine Ports

The following ports are used by the Data Flow Probe process on remote machines:

Port Description
5672 Used for AMQP-based discovery.
5989 Used for CIM-based discovery.
8080 Data Flow Probe uses this port to communicate with the UCMDB server (if the communication is configured to HTTP).
8443 Data Flow Probe uses this port to communicate with the UCMDB server (if the communication is configured to HTTPS).
22 Used for SSH-based discovery.
23 Used for Telnet-based discovery.
80/81 Used for HTTP, NetApp SANscreen/OnCommand, NNM, PowerShell, UDDI, VMware VIM discoveries. If the second Data Flow Probe is installed, port 81 will be used.
135, 137, 138, 139, 445 + DCOM ports

Used for WMI and NTCMD discoveries.

Note: Note: It is recommended that you use port 445. This is because, by default, Windows 2000 and later versions use SMB over TCP/IP via port 445 rather than over NetBIOS whenever possible. If port 445 is disabled, it will fall back to NetBIOS using port 137, 138, or 139.

161 Used for SNMP discovery.
389 Used for LDAP discoveries.
1521, 1433, 6789, 3306, 2048, 5432 Used for SQL (Database)-based discoveries.
2738, 7738 Used for Universal Discovery Agent-based discoveries.
443 Used for UCS, UDDI, VMWare VIM, NetApp, PowerShell discoveries.
280 Used for HPE SIM discovery.
1099 Used for Micro Focus Network Automation Java, JBoss discoveries.
5985, 5986

Used for PowerCmd, PowerShell discoveries.

Note: Note: These ports depend on the Microsoft Windows operating system configuration.

3200, 3300-3303, 33xx, where xx is the SAP server instance number Used for SAP discovery.
50004, 50104, 50204, 50304, 50404, 5xx04 where xx is the SAP J2EE server instance number Used for SAP JMX discovery.
2320 Used for Siebel Gateway discovery.
7001, 7002 Used for WebLogic discovery.
8880 Used for WebSphere discovery.
50001 Used for HPE SIM discovery (secure communication).

Data Flow Probe - Windows Installation

Note: For instructions about how to perform unattended silent installation of Data Flow Probes, see Data Flow Probe - Unattended Silent Installation.

The following procedure explains how to install the Data Flow Probe on a Windows machine.

Note:  

  • Ensure that you have read the important notes and considerations above before you install the Data Flow Probe.
  • The passwords that you specify during the Data Flow Probe installation must meet the following requirements:

    The password must contain 8 to 16 characters and include at least one of each of the following four types of characters:

    • Uppercase alphabetic characters
    • Lowercase alphabetic characters
    • Numeric characters
    • Special characters: :/._+-[]

To install the Data Flow Probe:

  1. Extract the package for the Windows platform, and then double-click UCMDB_DataFlowProbe_11.0.exe.

  2. A progress bar is displayed. After the initial process is complete, the splash screen opens. Choose the locale language and click OK.

  3. The Introduction page opens. Click Next.

  4. The License Agreement page opens.

    Accept the terms of the end-user license agreement and click Next.

  5. The UCMDB Data Flow Probe Setup Type page opens.

    Select Full Data Flow Probe Installation. This installs the Data Flow Probe with all its components, including the Inventory Tools (Analysis Workbench, Viewer, SAI Editor, and MSI Scanner) required for application teaching.

    Note: The Inventory Tools option is used to install only the Inventory Tools. For details about application teaching, see the Data Flow Management section of the UCMDB Help.

    Click Next.

    Note: If an existing Data Flow Probe is detected, a prompt pops up asking you if you would like to install a second Data Flow Probe. Click OK to proceed, or click Cancel to exit the installation.

  6. The Select Installation Type page opens.

    Select New Installation if you are installing a new probe.

    Note: Select Upgrade when you upgrade an existing probe.

  7. The Select Installation Folder page opens.

    Accept the default installation folder, C:\UCMDB\DataFlowProbe, or click Choose to select a different installation folder.

    (Second Probe only) For the second Data Flow Probe on the same Windows machine, specify a different installation folder or click Choose to select a different installation folder for the second probe, instead of using the one for the existing probe.

    Note:  

    • The installation folder that you select must be empty.

    • To restore the default installation folder, after selecting a different folder, click Restore Default Folder.

  8. The UCMDB Data Flow Probe Configuration page opens, enabling you to configure the details of the application server to which the Data Flow Probe will report.

    • Under Application to report to select Universal CMDB and in the Application Server address box, enter the name or the IP address of the UCMDB server with which the Probe is to connect.

      Note:  

      • Two Data Flow Probes installed on the same Windows machine should report to two different UCMDB servers respectively. For the second Probe you install, in the Application Server address box, make sure you enter the name or the IP address of a different UCMDB server.
      • In a High Availability environment, use the Writer virtual IP address of the load balancer.
    • In the Data Flow Probe address box, enter the IP address or DNS name of the machine on which you are currently installing the Probe, or accept the default.

      Note: If the Data Flow Probe machine has more than one IP address, enter a specific IP address, and not the DNS name.

    Click Next.

    Note: If you do not enter the address of the application server, or if there is no TCP connection to the application server via default ports (8080,8443,80) (possibly because the application server has not fully started yet), a message is displayed. You can choose to continue to install the Probe without entering the address, or return to the previous page to add the address.

  9. A second Data Flow Probe Configuration page opens, enabling you to configure an identifier for the Probe.

    • In the Data Flow Probe identifier box, enter a name for the Probe that is used to identify it in your environment.

      Note:  

      • The Probe identifier is case sensitive, must be unique for each Probe in your deployment, and it must not exceed 50 characters.

      • (Second Probe only) Make sure you enter a unique identifier for the second Probe.
      • (Applicable for the first Probe only) When installing the Probe in separate mode, that is, the Probe Gateway and Probe Manager are installed on separate machines, you must give the same name to the Probe Gateway and all its Probe Managers. This name appears in UCMDB as a single Probe node. Failure to give the same name may prevent jobs from running.

    • To use the default UCMDB IP address or machine name, as defined in the UCMDB Server installation, select Use Default CMDB Domain.

      The Default UCMDB Domain is also configurable in UCMDB's Infrastructure Settings module (Administration > Infrastructure Settings > Class Model Settings > Default Domain Property Value). For details, see the Administer section of the UCMDB Help.

    Click Next.

  10. If you cleared the Use Default CMDB Domain box in the previous step, the Domain Configuration page opens.

    • Data Flow Probe domain type. Select the type of domain on which the Probe is to run:

      • Customer. Select if you are installing one or more Probes in your deployment.

        Note: Always use this option for new installations.

      • External. Select this option for upgraded 6.x systems.

    • Data Flow Probe domain. If you are not using the default domain defined in UCMDB enter the name of the domain here.

      Note: For external domains, this value must be identical to the Data Flow Probe identifier defined in the previous step.

    Click Next.

  11. The UCMDB Data Flow Probe Working Mode page opens.

    Note: When installing a second Probe, this step is skipped.

    You can run the Probe Gateway and Probe Manager as one Java process or as separate processes.

    Note: The Probe can be configured in separate mode in IPv4 environments, and in IPv4/IPv6 environments, but not in pure IPv6 environments.

    Click No to run the Probe Gateway and Probe Manager as one process.

    Click Yes to run the Probe Gateway and Probe Manager as two processes on separate machines.

    Note: When running the Probe Gateway and Probe Manager as two processes ensure the following:

    • At least one Probe Gateway component must be installed. The Probe Gateway is connected to the UCMDB Server. It receives tasks from the Server and communicates with the collectors (Probe Managers).

    • Several Probe Managers can be installed. The Probe Managers run jobs and gather information from networks.

    • The Probe Gateway should contain a list of attached Probe Managers.

    • The Probe Managers must know to which Probe Gateway they are attached.

    Click Next.

  12. The UCMDB Data Flow Probe Memory Size page opens.

    Define the minimum and maximum memory, in megabytes (MB), to be allocated to the Probe.

    Note: For information about changing the maximum heap size value at a later point in time, see the Data Flow Management section of the UCMDB Help.

    Click Next.

  13. The PostgreSQL Account Configuration page opens.

    The PostgreSQL Data Flow Probe account is used by the Data Flow Probe to connect to the PostgreSQL database. This account is less privileged compared to the PostgreSQL root account. Its password is encrypted in the DataFlowProbeOverride.properties configuration file.

    Enter the password for the PostgreSQL Data Flow Probe account and enter it a second time for confirmation.

    Click Next.

  14. A second PostgreSQL Account Configuration page opens where you configure the PostgreSQL root account. The PostgreSQL root account is the account used to administer the PostgreSQL database. When set, it may need to be provided while executing scripts under the Probe's installation.

    Enter the password for the PostgreSQL Data Flow Probe account, and enter it a second time for confirmation.

    Note: Changing the root account password does not affect operation of the Probe.

    Click Next.

  15. The Configuration for System Administrator Password page opens.

    Set the password for the system administrator (sysadmin), who has the ability to log into the JMX console.

    Click Next.

  16. The Account Configuration for Uploading Scan Files page opens. This is used for Manual Scanner Deployment mode. It enables uploading scan files directly to the XML Enricher's incoming directory on the Data Flow Probe using HTTP or HTTPS.

    Enter the user name and password for this account, and enter the password a second time for confirmation. The default user name is UploadScanFile.

    Click Next.

  17. The Pre-Installation Summary page opens.

    Review the selections you have made and click Install to complete the installation of the Probe.

  18. When the installation is complete, the Install Complete page opens.

    Note:  

    • Any errors occurring during installation are written to the following file:

      <DataFlowProbe_InstallDir>\UninstallerData\Logs\UCMDB_Data_Flow_Probe_Install_<install date and time>.log

      For example, C:\UCMDB\DataFlowProbe\UninstallerData\Logs\UCMDB_Data_Flow_Probe_Install_<install date and time>.log for the first Probe on the Windows machine.

    • Any database-related errors occurring during installation are written to the following log:

      <DataFlowProbe_InstallDir>\runtime\log\postgresql.log

      For example, C:\UCMDB\DataFlowProbe\runtime\log\postgresql.log for the first Probe on the Windows machine.

    Click Done.

  19. If you customized the key.bin file, copy the key.bin that you saved earlier to <DataFlowProbe_InstallDir>\conf\security.

  20. Start the Probe by using one of the following methods:

    Click Start > All Programs > UCMDB > Start Data Flow Probe.

    Note: To start the second Probe: Select Start > All Programs > UCMDB (2) > Start Data Flow Probe.

    To start the Probe from the console, at the command prompt execute the following script:

    <DataFlowProbe_InstallDir>\bin\gateway.bat console

    For example, C:\UCMDB\DataFlowProbe\bin\gateway.bat console for the first Probe on the Windows machine.

    Execute the following command:

    /opt/UCMDB/DataFlowProbe/bin/ProbeGateway.sh start

    To activate the Probe in a console, execute the following command:

    /opt/UCMDB/DataFlowProbe/bin/ProbeGateway.sh console

    Note:  

    • In order for the Probe to connect to the application server, the application server must be fully started.

    • On Linux, the user running the Probe service must be a member of the Administrators group.

    • The Probe installed on Windows is displayed in UCMDB in the Data Flow Management module, under Data Flow Probe Setup > <Domain> > Probes.

    • A Probe installed on Linux is displayed when creating a new integration point in the Data Flow Management Integration Studio. For details, see the section describing how to create integration points in the Data Flow Management section of the UCMDB Help.

    • A Probe installed on Linux does not appear in the list of Data Flow Probes in the Data Flow Probe Setup window.

  21. (Windows only, the first Probe only) If you selected to run the Probe Gateway and Probe Manager as two processes on separate machines, you must configure the Probe Gateway and Probe Manager components. For details, see Data Flow Probe - Configure the Database Scripts (Optional) below.

Data Flow Probe - Linux Installation

Note: For instructions about how to perform unattended silent installation of Data Flow Probes, see Data Flow Probe - Unattended Silent Installation.

The following procedure explains how to install the Data Flow Probe on a Linux platform.

Note:  

  • Ensure that you have read the important notes and considerations above before you install the Data Flow Probe.
  • The passwords that you specify during the Data Flow Probe installation must meet the following requirements:

    The password must contain 8 to 16 characters and include at least one of each of the following four types of characters:

    • Uppercase alphabetic characters
    • Lowercase alphabetic characters
    • Numeric characters
    • Special characters: :/._+-[]

To install the Data Flow Probe:

  1. Extract the package for the Linux platform, and then execute the following command:

    sh <path to the installer>/UCMDB_DataFlowProbe_11.0.xx.bin

    Caution: Console mode is not supported.

    The following commands are executed:

    Preparing to install...
    Extracting the JRE from the installer archive...
    Unpacking the JRE...
    Extracting the installation resources from the installer archive...
    Configuring the installer for this system's environment...
    Launching installer...
  2. When the initial process is complete, the splash screen opens. Choose the locale language and click OK.
  3. The Introduction page opens. Click Next.

  4. The License Agreement page opens.

    Accept the terms of the end-user license agreement and click Next.

  5. The Select Installation Folder page opens.

    Accept the default installation folder, opt/UCMDB/DataFlowProbe, or click Choose to select a different installation folder.

    Note:  

    • You can change the location of the installation, but the folder must be located under /opt/.
    • If you selected a different folder and you want to restore the default installation folder, click Restore Default Folder.
    • When installing the probe using a non-root account, the default installation folder is /home/<account_name>/UCMDB/DataFlowProbe.

    Click Next.

  6. The Data Flow Probe Configuration page opens, enabling you to configure the details of the application server to which the Data Flow Probe will report.

    • Under Application to report to select Universal CMDB and in the Application Server address box, enter the name or the IP address of the UCMDB server with which the Probe is to connect.

      Note: In a High Availability environment, use the Writer virtual IP address of the load balancer.

    • In the Data Flow Probe address box, enter the IP address or DNS name of the machine on which you are currently installing the Probe, or accept the default.

      Note: If the Data Flow Probe machine has more than one IP address, enter a specific IP address, and not the DNS name.

      Click Next.

      Note: If you do not enter the address of the application server, or if there is no TCP connection to the application server via default ports (8080,8443,80) (possibly because the application server has not fully started yet), a message is displayed. You can choose to continue to install the Probe without entering the address, or return to the previous page to add the address.

  7. A second Data Flow Probe Configuration page opens, enabling you to configure an identifier for the Probe.

    • In the Data Flow Probe Identifier box, enter a name for the Probe that is used to identify it in your environment.

      Note: The Probe identifier is case sensitive, must be unique for each Probe in your deployment, and it must not exceed 50 characters.

    • Select Use Default CMDB Domain to use the default UCMDB IP address or machine name, as defined in the UCMDB Server installation.

      The Default UCMDB Domain is also configurable in UCMDB's Infrastructure Settings module (Administration > Infrastructure Settings > Class Model Settings > Default Domain Property Value). For details, see the Administer section of the UCMDB Help.

    Click Next.

  8. If you cleared the Use Default CMDB Domain box in the previous step, the UCMDB Data Flow Probe Domain Configuration page opens.

    • Data Flow Probe domain type. Select the type of domain on which the Probe is to run:

      • Customer. Select this option if you are installing one or more Probes in your deployment.

        Note: Always use this option for new installations.

      • External. Select this option for upgraded systems.

    • Data Flow Probe domain. If you are not using the default domain defined in UCMDB enter the name of the domain here.

      Note: For external domains, this value must be identical to the Data Flow Probe Identifier defined in the previous step.

    Click Next.

  9. The UCMDB Data Flow Probe Memory Size page opens.

    Define the minimum and maximum memory, in megabytes, to be allocated to the Probe.

    Note: For information about changing the maximum heap size value at a later point in time, see the Data Flow Management section of the UCMDB Help.

    Click Next.

  10. The PostgreSQL Account Configuration page opens.

    The PostgreSQL Data Flow Probe account is used by the Data Flow Probe to connect to the PostgreSQL database. This account is less privileged compared to the PostgreSQL root account. Its password is encrypted in the DataFlowProbe.properties configuration file.

    Enter the password for the PostgreSQL Data Flow Probe account and enter it a second time for confirmation.

    Note: Changing this password requires an update to the DataFlowProbe.properties file.

    Click Next.

  11. A second PostgreSQL Account Configuration page opens where you configure the PostgreSQL root account. The PostgreSQL root account is the account used to administer the PostgreSQL database. When set, it may need to be provided while executing scripts under the Probe's installation.

    Enter the password for the PostgreSQL Data Flow Probe account, and enter it a second time for confirmation.

    Note: Changing the root account password does not affect operation of the Probe.

    Click Next.

  12. The Configuration for System Administrator Password page opens.

    Enter the password for the sysadmin account.

  13. The Account Configuration for Uploading Scan Files page opens.

    Enter the user name and password for this account, and enter the password a second time for confirmation. The default user name is UploadScanFile.

    Click Next.

  14. The Pre-Installation Summary page opens. Review the selections you have made and click Install to complete the installation of the Probe.

    Note: When installing the probe using a non-root account, you may see a popup message window indicating "Manual Probe Registration Required".

    Make sure you register the probe service manually using a root account after the installation by running the registerService.sh script from the /home/<account_name>/UCMDB/DataFlowProbe/tools directory.

  15. When installation is complete the Installation is Complete page opens.

    Note:  

    • Any errors occurring during installation are written to the following log:

      /opt/UCMDB/DataFlowProbe/UCMDB_Data_Flow_Probe_InstallLog.log. If you installed the Probe to another directory under /opt/, the log file is located there.

    • Any database-related errors occurring during installation are written to the following log:/opt/UCMDB/DataFlowProbe/runtime/log/postgresql.log
    • When installing the probe using a non-root user account, the default probe folder is /home/<account_name>/UCMDB/DataFlowProbe.

    Click Done.

    Note: After installing the Probe, we recommend disabling virus scanning on the main directory that is used to store your PostgreSQL table data. The default directory is /opt/UCMDB/DataFlowProbe/pgsql/data.

  16. (Non-root user account only) Register the probe manually using a root account.

    Log in to the Linux system using a root account, go to the /home/<account_name>/UCMDB/DataFlowProbe/tools directory and run the registerService.sh script:

    sh /home/<account_name>/UCMDB/DataFlowProbe/Tool/registerService.sh <your password>
  17. Activate the Probe.

    Note:  

    • The root user running the Probe service must be a member of the Administrators group.

    • In order for the Probe to connect to the application server, the application server must be fully started.

    • Root user can run the probe service for all probes; non-root user can only run the probe service for the probes installed using the non-root user account.

    Execute the following command:

    /opt/UCMDB/DataFlowProbe/bin/ProbeGateway.sh start

    Note: For non-root user account, execute the following command:

    /home/<account_name>/UCMDB/DataFlowProbe/bin/ProbeGateway.sh start

    To activate the Probe in a console, execute the following command:

    /opt/UCMDB/DataFlowProbe/bin/ProbeGateway.sh console

    Note: For non-root user, execute the following command:

    /home/<account_name>/UCMDB/DataFlowProbe/bin/ProbeGateway.sh console

    Tip:  

    • A Probe installed on a Linux machine is displayed when creating a new integration point in the Data Flow Management Integration Studio. For details, see the section describing how to create integration points in the Data Flow Management section of the UCMDB Help.
    • The Linux Probe does not appear in the list of Data Flow Probes in the Data Flow Probe Setup window.

Data Flow Probe - Unattended Silent Installation

The installer supports the product installation with no user interaction. This mode is useful for running the installation via automation tools or for running the installation on Linux when no GUI access is possible on the target server.

Install Data Flow Probe 11.0

  1. Download UCMDB_DataFlowProbe_11.0.xxx.bin, then run the following command:

    chmod a+x UCMDB_DataFlowProbe_11.0.xxx.bin
  2. Prepare the response file

    To produce the response file, execute the installer with the -r command line switch:

    <Probe installer file name> -r <Directory for response file> 

    Note: Instead of the directory name, you can also specify the complete file name for the response file, for example, C:\temp\ResponseFileForProbe.txt:

    UCMDB_DataFlowProbe_11.0.xxx.exe –r C:\temp\ResponseFileForProbe.txt 
    ./UCMDB_DataFlowProbe_11.0.xxx.bin –r /tmp/ResponseFileForProbe.txt

    Once executed, follow the user interface installation wizard to complete the installation, and the response file ResponseFileForProbe.txt will be stored in the directory specified in the -r switch.

    Note:  

    • The response file contains a number of NAME=VALUE pairs, one on each line of the file. The lines containing comments start with the # character. You can edit the content of the file to provide an alternative configuration that needs to be used for the unattended installation. For example, you can customize the target installation directory as well as other settings.

    • The file needs to be in the following character encoding:

      UTF-8 without BOM (Byte Order Mark) or UTF-16 little endian

      UTF-8 without BOM

    • If you have no GUI access, you can find a test machine with GUI access and produce the response file, then copy the generated response file to the Linux machine where you want to execute silent installation of Data Flow Probe.

  3. Execute the silent installation

    <Probe installer file name> -i silent –f <Response File path and name>

    For example:

    UCMDB_DataFlowProbe_11.0.xxx.exe –i silent –f C:\temp\ResponseFileForProbe.txt
    ./UCMDB_DataFlowProbe_11.0.xxx.bin –i silent –f /tmp/ResponseFileForProbe.txt
  4. Start the Data Flow Probe

Data Flow Probe - Configure the Database Scripts (Optional)

The table below lists the Data Flow Probe database scripts. These scripts can be modified for administration purposes, both in Windows and Linux environments.

Note:  

  • The scripts are located on the Data Flow Probe machine, in the following location:

    • C:\UCMDB\DataFlowProbe\tools\dbscripts
    • /opt/UCMDB/DataFlowProbe/tools/dbscripts
  • Data Flow Probe database scripts should be changed for specific administration purposes only.
Script Description
exportPostgresql [PostgreSQL root account password] Exports all data from the DataFlowProbe database schema to data_flow_probe_export.bin in the current directory
importPostgresql [Export file name] [PostgreSQL root account password Imports data from a file created by the exportPostgresql script into the DataFlowProbe schema
enable_remote_user_access Configures the PostgreSQL Data Flow Probe account to be accessible from remote machines
remove_remote_user_access Configures the PostgreSQL Data Flow Probe account to be accessible only from the local machine (default)
set_db_user_password [new PostgreSQL Data Flow Probe account password] [PostgreSQL root account password] Modifies the PostgreSQL Data Flow Probe account password
set_root_password [new PostgreSQL root account password] [Current PostgreSQL root account password] Modifies the PostgreSQL root account password

Data Flow Probe - Configure the Gateway and Manager Components

When the Probe Manager and Probe Gateway run as separate processes on two machines, set up the Data Flow Probe as follows:

Note:  

  • The instructions below are relevant for Probes installed on Windows machines only.
  • The Probe can be configured in separate mode on IPv4 environments, and in IPv4/IPv6 environments, but not in pure IPv6 environments.

  • The Probe Manager name in both the probeMgrList.xml and DataFlowProbe.properties files must be identical.
  1. Set up the Probe Gateway machine.

    1. Open the following file:

      C:\UCMDB\DataFlowProbe\conf\probeMgrList.xml

    2. Locate the line beginning <probeMgr ip= and add the Manager machine name or IP address, for example:

      <probeMgr ip="OLYMPICS08">
    3. Open the following file:

      C:\UCMDB\DataFlowProbe\conf\DataFlowProbe.properties

    4. Locate the lines beginning appilog.collectors.local.ip = and appilog.collectors.probe.ip = and enter the Gateway machine name or IP address, for example:

      appilog.collectors.local.ip = STARS01
      appilog.collectors.probe.ip = STARS01
  2. Set up the Probe Manager machine.

    In C:\UCMDB\DataFlowProbe\conf\DataFlowProbe.properties:

    1. Locate the line beginning appilog.collectors.local.ip = and enter the Manager machine name or IP address, for example:

      appilog.collectors.local.ip = OLYMPICS08
    2. Locate the line beginning appilog.collectors.probe.ip = and enter the Gateway machine name in uppercase, for example:

      appilog.collectors.probe.ip = STARS01
  3. Start the services.

    1. On the Probe Manager machine, start the Manager service:

      Start > All Programs > UCMDB > Start Data Flow Probe Manager

    2. On the Probe Gateway machine, start the Gateway service:

      Start > All Programs > UCMDB > Start Data Flow Probe Gateway

Data Flow Probe - Connect the Data Flow Probe to a Non-Default Customer (Optional)

You can connect a Data Flow Probe to a customer that is not the default customer. The default customer ID is 1.

  1. Open the following file in a text editor:

    • C:\UCMDB\DataFlowProbe\conf\DataFlowProbe.properties

    • ../DataFlowProbe/conf/DataFlowProbe.properties

  2. Locate the customerID entry.

  3. Update the value with the customer ID, for example, customerId = 2.

  4. Restart the Probe so that it is updated with your changes.

Data Flow Probe - Verify the Probe version

Note: This section is relevant for Probes installed on Windows machines only.

The Probe reports its version when connecting to the server. The Probe version is displayed in Data Flow Management, in the Details pane of the Data Flow Probe Setup module. If the Probe version is not compatible with the server version (and there is no supported upgrade), an error is generated and the Probe is forced to shut down.

When you apply a new Cumulative Update Patch (CUP) to the UCMDB Server, the Probes do not shut down automatically, and are able to report new data to the server. However, this is not recommended. Therefore, when you apply a CUP to the server, you must also apply it to the Probes—either manually or automatically.

Data Flow Probe - Troubleshooting and Limitations

Probe Downgrade or Rollback

Automatic downgrade or rollback of the probe version is not supported. To perform downgrade or to rollback a version upgrade, uninstall the probe and then install the required version.

 

Probe Restart

There are several situations where the Probe automatically restarts itself. For example, when deploying a new Content Pack or applying a CUP. In these cases, the Probe waits for 15 minutes to allow the running jobs to finish, and only then shuts down. Jobs that did not finish in that time (for example, long integrations) start running again when the Probe restarts.

 

How to Change the PostgreSQL Database Default Port

To change the port for the PostgreSQL database, that is defined by default in the Data Flow Probe installation:

  1. Stop the Probe (if already started).

  2. Stop the UCMDB Probe DB Service.

  3. Modify the port in the following file:

    • C:\UCMDB\DataFlowProbe\pgsql\data\postgresql.conf
    • /opt/UCMDB/DataFlowProbe/pgsql/data/postgresql.conf

    The following shows how to change the port from 5432 to 5433:

    Note: If two probes coexist on the same machine, plan the port usage carefully so that the ports used by the two probes do not conflict.

    #port = 5432 # (change requires restart) < Old line

    port = 5433 # (change requires restart) < New line

  4. Make the following changes in the DataFlowProbe.properties file (in C:\UCMDB\DataFlowProbe\conf on Windows, and /opt/UCMDB/DataFlowProbe/conf on Linux):

    • Change:

      jdbc:postgresql://localhost/dataflowprobe

      to

      jdbc:postgresql://localhost:5433/dataflowprobe
    • Change:

      appilog.agent.local.jdbc.uri = jdbc:postgresql://localhost/dataflowprobe

      to

      appilog.agent.local.jdbc.uri = jdbc:postgresql://localhost:5433/dataflowprobe
    • Change:

      appilog.agent.normalization.jdbc.uri = jdbc:postgresql://localhost/dataflowprobe

      to

      appilog.agent.normalization.jdbc.uri = jdbc:postgresql://localhost:5433/dataflowprobe
    • Change:

      appilog.agent.netflow.jdbc.uri = jdbc:postgresql://localhost/dataflowprobe

      to

      appilog.agent.netflow.jdbc.uri = jdbc:postgresql://localhost:5433/dataflowprobe

Data Flow Probe - Upgrade Overview

This section contains the following:

 

Data Flow Probe Upgrade Overview

When upgrading Data Flow Probes, you have the following options:

  • Data flow probe auto upgrade. For supported probes of version 10.22 or later (with or without a CUP, union and non-FIPS mode on Windows machine), you can select the Automatically update Data Flow Probe with the new version option in the Install Data Flow Probe wizard page when upgrading the UCMDB server to perform auto upgrade of connected probes. For more information, see Data Flow Probe - Unattended Silent Installation.

  • Data flow probe manual upgrade. In the following scenarios, you may need to perform manual upgrade of data flow probes:

    • You selected the Update the Data Flow Probe manually option in the Install Data Flow Probe page of the UCMDB server upgrade wizard while upgrading the UCMDB server.

    • For probes on Linux or probes of versions not supported for auto upgrade in your environment, you need to manually uninstall the old version probe first, and then install the latest version probe.

 

Data Flow Probe Auto Upgrade Overview

The Data Flow Probe auto upgrade mechanism is fully available since version 10.33. That is, once UCMDB server is upgraded to version 10.33 or later, the probe auto upgrade capability is in place. This capability enables you to upgrade all the connected probes of version 10.22 (or later, with or without a CUP) in your environments with just several clicks while upgrading UCMDB server, without having to access the probe servers anymore.

Compared to the traditional manual probe deployment approach (uninstall the old probe and then install the new probe), in general it takes 20-40 minutes to upgrade multiple probes in parallel with the probe auto upgrade mechanism.

The time required for upgrading all the connected probes equals to that of the probe that takes the longest duration to finish upgrade among all the connected probes. The network latency would be a impact factor, which has impact on the time the probe downloads resources from the UCMDB Server. Micro Focus lab testing shows the following results: A total of 60 connected probes finished upgrade in 40 minutes, while the majority of them finished around 20-30 minutes with network latency less than 1 millisecond.

Supported Probes

Data Flow Probes that satisfy the following criteria are supported for auto upgrade:

  • Supported probe versions. The probe auto upgrade and deployment mechanism supports upgrading probes from any of the following versions to version 11.0 automatically:

    • 10.22 (with or without a CUP)
    • 10.3x
  • Union and non-FIPS mode probes on Windows machine

The following probes are not supported for auto upgrade in version 11.0:

  • FIPS mode probes
  • Separate mode probes
  • Probes on Linux machine
  • Integration service

  • Two probes installed on a same Windows machine

 

Data Flow Probe Auto Upgrade Workflow

The Data Flow Probe Auto Upgrade workflow contains the following steps:

  1. The UCMDB Administrator upgrades UCMDB server from version 10.22 (or later, with or without a CUP) to version 11.0.

    During the upgrade, the Administrator selects the Automatically update Data Flow Probe with the new version option. As a result, the probe auto upgrader package is placed under the <UCMDB_Server>\content\probe_patch folder, and the Data Flow Probe installer package is placed under the <UCMDB_Server>\content\probe_installer folder.

  2. The probe auto upgrader performs the following operations:

    1. Performs pre-check to decide if the probe is ready for upgrade. For example, if there is enough disk space available or not, and if the probe is of a supported version.
    2. Generates the response file required for silent installation.
    3. Downloads the Data Flow Probe installer file for Windows platform (for example, UCMDB_DataFlowProbe_11.0.exe) from the UCMDB server.

    4. Stops the following services:

      • UCMDB_Probe
      • UCMDB_Probe_DB
      • UCMDB_Probe_XmlEnricher
    5. Performs silent installation with the Update option.

      During this step, the upgrader performs post-upgrade tasks, including merging customized settings, creating and adjusting database tables, such as splitting tables (version 10.22 to version 11.0), columns, indexes, and so on.

    6. Starts all three services after the installation is done: UCMDB_Probe, UCMDB_Probe_DB, and UCMDB_Probe_XmlEnricher.
    7. Reports probe upgrade status to the UCMDB server, and save probe auto upgrade logs to UCMDB Server. For example: <UCMDB_Server>\runtime\log\probeUpgradeLogs\10.22to11.0\success.

      Note: If the upgrade is successful, the log would be placed under the success folder; if failed, the logs would be placed under the failed folder.

 

Data Flow Probe Manual Upgrade Workflow

  • For probes that are supported by the probe auto upgrade mechanism, do either of the following:

    Important: There is no need to uninstall the old version probes first for probes supported by the probe auto upgrade mechanism.

    • Perform probe auto upgrade from UCMDB server.

      To leverage the probe auto upgrade feature after the UCMDB server upgrade, then when you have finished upgrading the UCMDB server,

      1. Go to the <UCMDB_Server>\content\probe_patch directory.
      2. Copy the probe-patch-11.0-windows.zip package to the <UCMDB_Server>\runtime\probe_upgrade directory.
      3. Restart the UCMDB server.

        UCMDB server will then perform auto upgrade of all supported and connected probes.

    • Perform manual upgrade of probes on the probe servers.

      1. Extract the package for the Windows platform, and then launch the probe installer UCMDB_DataFlowProbe_11.0.exe.

      2. On the UCMDB Data Flow Probe Setup Type wizard page, select Full Data Flow Probe Installation. This installs the Data Flow Probe with all its components, including the Inventory Tools (Analysis Workbench, Viewer, SAI Editor, and MSI Scanner) required for application teaching.
      3. On the Select Installation Type wizard page, select Upgrade.
      4. Follow wizard instructions to complete the probe upgrade.

      For details, see Data Flow Probe - Manual Windows Upgrade.

  • For probes on Linux or probes of versions not supported for auto upgrade in your environment, perform manual install of probes on the probe servers.

    This workflow contains the following steps:

    1. On the probe server, uninstall the old version probe.

      For details, see the "Upgrading UCMDB - Uninstall the Data Flow Probes" section in the Deployment Guide.

    2. Install the latest version Data Flow Probes manually.

      On Windows platform:

      1. Extract the package for the Windows platform, and then launch the probe installer UCMDB_DataFlowProbe_11.0.exe.
      2. On the UCMDB Data Flow Probe Setup Type wizard page, select Full Data Flow Probe Installation.

      3. On the Select Installation Type wizard page, select New Installation.
      4. Follow wizard instructions to complete the probe installation.

      For details, see Data Flow Probe - Windows Installation.

      On Linux platform:

      1. Extract the package for the Linux platform, and then execute command to launch the installation.

      2. Follow the on-screen instructions to complete the probe installation.

      For details, see the Data Flow Probe - Linux Installation.

Data Flow Probe - Pre-Check List for Upgrade

  1. Check permissions for the user account that starts the Data Flow Probe service.

    • Make sure you grant the user full control of the <DataFlowProbe> folder before the upgrade, and revert the control after the upgrade.
    • If the UCMDB_Probe and the UCMDB_Probe_DB services run under a custom account, make sure you grant the custom account full control of the <DataFlowProbe> folder before the probe auto upgrade starts, and revert the control after the upgrade.

    For details, see "Troubleshooting Probe Upgrade > Permission Check".

  2. Turn off Basic Authentication (BA) if it is enabled.

    Check if Basic Authentication (BA) is enabled. If yes, turn off Basic Authentication via the UCMDB UI:

    1. Log in to UCMDB as an administrator, and then go to Administration > Infrastructure Settings Manager.
    2. Locate the Enable Basic Authentication for HTTP connections from probe setting, and then set the value to False.

    3. Restart UCMDB server.

  3. Check communication port between UCMDB Server and Data Flow Probe.

    1. Launch the UCMDB server JMX console (default username: sysadmin).
    2. Locate the getComponentConfiguration JMX method from the UCMDB:service=Ports Management Services category.
    3. In the Value field for componentName, enter mam-collectors and click Invoke.
    4. Check the Current Mapped Ports value in the returned result.

      • HTTP. (For version 10.2x only) It means UCMDB Server and Data Flow Probe communicate via the HTTP protocol. You need to change the HTTPS protocol to HTTP protocol after upgrading UCMDB Server and Data Flow Probe. For details, see "How to Enable HTTP Communication for UCMDB Server" in the Administer section of the UCMDB Help (make sure you replace the HTTPS-related values with HTTP related values).
      • HTTPS. It means UCMDB Server and Data Flow Probe communicate via the HTTPS protocol. You do not need to change the Current Mapped Ports after the upgrade.
      • HTTPS_CLIENT_AUTH. It means UCMDB Server and Data Flow Probe communicate by mutual (two-way) certificate authentication. You do not need to change the Current Mapped Ports after the upgrade.
  4. Check available disk space.

    Check available disk space of the probe installation folder. At least 10 GB disk space is required to perform the probe auto upgrade.

  5. Check probe status.

    Log in to the UCMDB server UI, and navigate to Data Flow Management > Data Flow Probe Setup, check the Domains and Probes navigation pane. Only connected probes of supported versions can be upgraded automatically.

  6. Check probe versions to ensure the probes you plan to upgrade are supported.

    For probe versions supported by the auto upgrade mechanism, see "Supported probe versions" in Data Flow Probe - Upgrade Overview.

  7. Back up the <DataFlowProbe> folder.

  8. Also make sure that:

    • all Data Flow Probe related command line windows and probe related folders are closed. Otherwise automatic backing up of those folders and files may fail as they are occupied.
    • ports 5436 and 5437 are free, as these two ports will be used during the probe upgrade.
    • stop the UCMDB_Probe and UCMDB_Probe_DB services.
  9. And you are aware of the following:

    • For version 10.22 probes (with or without a CUP), the probe upgrade includes the PostgreSQL database , data, and the probe. (Probes of version 10.30 or later are already using the latest version of PostgreSQL).
    • For probe auto upgrade, the probe upgrader will merge the following configuration files:

      • DataFlowProbe.properties
      • DataFlowProbeOverride.properties (If exists)

      The result is that all the custom configuration settings will be written into the DataFlowProbeOverride.properties file.

      Note:  

      • The recommended value of the appilog.agent.probe.sendtouchResultsToServer.maxObjects setting in DataFlowProbe.properties for version 10.33 is 500. So if your value is greater than 500, it will be modified to 500.
      • During the upgrade, the probe installer backs up all your existing probe data and configuration to the <DataFlowProbe>\old folder. If you need to recover any old data, just go to <DataFlowProbe>\old folder.
      • During the upgrade, Micro Focus does not keep the configuration files for <DataFlowProbe>\pgsql\data\postgresql.conf, so make sure you reconfigure it after the upgrade (if necessary).

Data Flow Probe - Manual Windows Upgrade

To manually upgrade the Data Flow Probe on Windows:

  1. Extract the package for the Windows platform, and then double-click UCMDB_DataFlowProbe_11.0.exe.

  2. A progress bar is displayed. After the initial process is complete, the splash screen opens. Choose the locale language and click OK.

  3. The Introduction page opens. Click Next.

  4. The License Agreement page opens.

    Accept the terms of the end-user license agreement and click Next.

  5. The UCMDB Data Flow Probe Setup Type page opens.

    Select Full Data Flow Probe Installation. This installs the Data Flow Probe with all its components, including the Inventory Tools (Analysis Workbench, Viewer, SAI Editor, and MSI Scanner) required for application teaching.

    Note: The Inventory Tools option is used to install only the Inventory Tools. For details about application teaching, see the Data Flow Management section of the UCMDB Help.

    Click Next.

    Note: If an existing Data Flow Probe is detected, a prompt pops up asking you if you would like to install a second Data Flow Probe. Click OK to proceed, or click Cancel to exit the installation.

  6. The Select Installation Type page opens.

    Select Upgrade and click Next.

    Note: Select New Installation if you are installing a new probe.

  7. The Select Installation Folder page opens.

    Accept the default installation folder, C:\hp\UCMDB\DataFlowProbe, or click Choose to select a different installation folder for the existing probe.

    Note: To restore the default installation folder, after selecting a different folder, click Restore Default Folder.

  8. The Pre-Installation Summary page opens.

    Review the selections you have made and click Install to complete the probe upgrade.

  9. When the installation is complete, the Install Complete page opens.

    Click Done.

  10. Start the Probe by using one of the following methods:

    Click Start > All Programs > UCMDB > Start Data Flow Probe.

    To start the Probe from the console, at the command prompt execute the following script:

    <DataFlowProbe_InstallDir>\bin\gateway.bat console

    For example, C:\hp\UCMDB\DataFlowProbe\bin\gateway.bat console.

Data Flow Probe - Post-Upgrade Configuration

  • (Version 10.30 and earlier only) If UCMDB Server and Data Flow Probe communicate via the HTTP protocol before the upgrade, then after the upgrade, you need to enable HTTP communication on the UCMDB server.

    For details, see "How to Enable HTTP Communication for UCMDB Server""How to Enable HTTP Communication for UCMDB Server" in the Administer section of the UCMDB Help.

  • Enable Basic Authentication

    If you disabled the Basic Authentication as described in Data Flow Probe - Pre-Check List for Upgrade, you can enable it after all probes are upgraded successfully.

Data Flow Probe - Upgrade Success Checkpoints

  1. Probe version and status: Probe version has changed to the new version.

    1. Log in to the UCMDB server UI, and go to Data Flow Management > Data Flow Probe Setup.
    2. Check the details pane for each probe.

      If the probe has been successfully upgrade, the Status should display Connected, and the Version should show the new version information.

  2. Check the probe auto upgrade log file in UCMDB server's success folder

    To check if a probe has been upgraded successfully, you can:

    • Check the probe_auto_upgrade.log file (in the C:\UCMDB\DataFlowProbe\runtime\log\probeUpgradeLogs folder), if the probe is upgraded successfully, you should be able to see the following message in the log file:

      Finished probe upgrade. Probe has been upgraded to [version] [Build]. Probe auto upgrade agent will exit.
    • Check the success folder in UCMDB server.

      The log files shows as <domain_name>_<probename>_auto_upgrade.log in the <UCMDB_Server>\runtime\log\probeUpgradeLogs\<source_version>to<target_version>\success folder. For example, <UCMDB_Server>\runtime\log\probeUpgradeLogs\10.22to11.0\success. The log files in the success folder indicate the probes that have been successfully upgraded.

      For more details about the probe_auto_upgrade.log file, see "Data Flow Probe Log Files" in the Data Flow Management section of the UCMDB Help.

  3. Run some basic jobs.

    Run IPs by ICMP job via the connected probe, the job should run successfully.

Data Flow Probe - Upgrade Failure Checkpoints

  1. Probe version and status: Probe version remains the old version,

    • The Status shows Connected. This indicates the probes are not broken. In this case, if the upgrade fails, the probe upgrader will try to recover the probe to its old version.
    • The Status shows Disconnected. This indicates the probes are broken. If the upgrade fails, you need to perform troubleshooting by following the instructions in .
  2. Probe upgrade log file in the failed folder on UCMDB server.

    1. Go to <UCMDB_Server>\runtime\log\probeUpgradeLogs\<source_version>to<target_version>\failed folder. For example, <UCMDB_Server>\runtime\log\probeUpgradeLogs\10.22to11.0\failed.
    2. Check the <domain_name>_<probename>_auto_upgrade.log files.

      The log files in the failed folder indicate probes with upgrade failure. Open each upgrade log and check the error messages.

Data Flow Probe - Troubleshooting Probe Upgrade

Before You Install UCMDB Configuration Manager

The Configuration Manager deployment instruction provided takes into account special UCMDB deployments you may have in your environment (for example, high availability) and provides the necessary adjustments to the deployment procedure for those deployments.

Note: For scaling purposes in a production environment, we recommend that you install UCMDB and Configuration Manager on separate machines, though installing both of these components together on the same server is supported.

However, when installing Configuration Manager on a high-availability UCMDB environment Configuration Manager must be installed on a separate machine.

Using Configuration Manager requires that a new UCMDB state is created (Authorized state). This configuration is performed automatically by the deployment procedure.

Be aware that if you are deploying only Configuration Manager (that is, using an existing or upgraded installation of UCMDB), the UCMDB server must be running to complete the installation of Configuration Manager.

We provides the following recommendations for increasing the security of your overall infrastructure for informational purposes only. These are only recommendations and are not intended to be a guarantee of protection against all potential vulnerabilities and attacks. Please note that some security measures may impact the features and functionality of your overall system; so, it is recommended that every customer become aware of those impacts when implementing any changes to your environment.

Use of this Micro Focus Software Product [Micro Focus UCMDB Configuration Manager] may require the pre-installation of certain third-party components that are not provided by Micro Focus ("Third Party Components"). It is recommended that its customers check frequently for the most current updates to the Third Party Components, which may include fixes or patches for security vulnerabilities.

Installing Configuration Manager

Note: Configuration Manager can be installed on a Windows or a Linux system. If you are installing on a Linux system, you can either run the installer in GUI mode (using X11 protocol), or run a silent installation. For details, see Installing Configuration Manager - Silent Installation.

To install Configuration Manager:

  1. Prerequisites:

    • Ensure that Universal CMDB version 11.0 is installed with Content Pack 26.
    • Configuration Manager automatically creates the CM New Policy and CM KPI integration points during installation, using the UCMDB Integration Service.

      Since the UCMDB Integration Service is not supported in a high availability environment, these integration points will be created in an unsupported configuration. You must therefore recreate these integration points manually after installation, using a remote Data Flow Probe. For details, see the Data Flow Management section of the UCMDB Help.

    • To allow Configuration Manager to automatically create integration points (used for federating data to UCMDB) in UCMDB, ensure that the UCMDB Integration Service is started and fully running before installing Configuration Manager.

      If you are using a remote Data Flow Probe, or creation of the integration points fails during installation of Configuration Manager, you can create the integration points manually. For details, see the Data Flow Management section of the UCMDB Help.

    • If UCMDB is set up as a high-availability environment, Configuration Manager must not be installed on the same machine as any of the UCMDB Servers. When asked for the UCMDB connection details, use the Cluster virtual IP address of the load balancer.

  2. Launch the Configuration Manager installation: insert the UCMDB DVD into the machine. Do one of the following:

    • Windows: Locate the CM_11.0.xx.exe file and double-click it to run the Configuration Manager Installation wizard.
    • Linux: Locate the CM_11.0.xx.bin file and run it. You can either run the installer in GUI mode (using X11 protocol), or run a silent installation.
  3. Accept the terms of the End User License Agreement and click Next.

  4. On the Installation Configuration page, select the location for the installation:

    • Windows:

      Click Choose to select the directory where Configuration Manager will be installed. The default location is C:\hp\CM_10.2.1.0.

      Note: The installation directory must not contain spaces, and can use only English letters (a-z), digits (0-9), the hyphen sign ('-'), and the underscore sign (_).

      If a previous version of Configuration Manager is detected, you are given the option to perform a new installation or to upgrade the previously existing installation.

      Select New Installation and click Next.

    • Linux:

      Specify the folder where you want to install Configuration Manager.

      Note: To continue the installation, you must enter a path that:

      • Is a valid Linux path.
      • Does not contain any spaces.
  5. On the UCMDB Foundation Connection page, provide the following details for connecting to the UCMDB Foundation installation:

    Note: For details about changing the UCMDB server parameters after the installation is complete, see Reconfiguring Configuration Manager.

    Field

    Definition

    Host Name (FQDN)

    UCMDB deployment location address.

    • The UCMDB host name must be specified as the fully qualified domain name (FQDN) of the UCMDB server machine.

    • If UCMDB is configured in high-availability mode, use the load balancer's Cluster FQDN.

    Protocol HTTP or HTTPS (default) protocol.
    UCMDB Port The HTTP or HTTPS port default values are 8080 for HTTP and 8443 (default) for HTTPS.
    Server Certificate

    This field is available when the HTTPS protocol is selected. You must manually place the UCMDB server certificate file on the Configuration Manager target host, and specify the full file path including the file name in the adjacent input field.

    Note: Note: The path to the certificate file cannot contain spaces.

    If UCMDB uses HTTPS, then using a key exchange is required. The key exchange is not validated during the connection test.

    Note: The certificate file must be a *.cer file (other file formats are not supported).

    Customer Name The default UCMDB customer name is Default Client. The customer name value is used during the UCMDB and Configuration Manager integration configuration. The customer name must exist in UCMDB, and this value is not validated by the connection test. If you provide an incorrect value, the deployment will fail.
    UCMDB root context

    UCMDB root context, the default value is /.

    If this value is changed in UCMDB, this needs to be adjusted in CM as well. This way UCMDB-CM communication uses UCMDB root context.

    JMX Port The default value is 29601.
    System User (JMX) The UCMDB (JMX) system user is used for activating JMX functions such as creating a Configuration Manager integration user and deploying the Configuration Manager package. The out-of-the-box default value is sysadmin.
    System Password

    The UCMDB system user password.

  6. Click Test to test the connection settings and then click Next to continue to the Database Connection Configuration page.

    Note:  

    • A database connection must be configured and associated with a standard URL connection. If advanced features are required, such as an Oracle Real Application Cluster, set up a standard connection and then manually edit the database.properties file to configure the advanced features. You can either connect to an existing schema or create a new schema.

    • Configuration Manager uses native drivers for both the Oracle and Microsoft SQL Server databases. All native driver features are supported, provided that these features can be configured using the database URL. The URL is located in the database.properties file.

    Configuration Manager uses a different database schema from UCMDB.

    Two types of databases are available – Oracle and MSSQL. The input fields change according to the database type selected. During installation, you can either create a new schema or connect to an existing schema. For details about the schema requirements, see the Support Matrix section of the UCMDB Help.

    For additional details about connecting to different database schemas, see Installing Configuration Manager - Advanced Database Configuration.

    Caution: Repopulating an existing database removes all data from a database schema and recreates all tables.

    Note:  

    • Populating a database schema is performed automatically by the installation procedure when you create a new schema.
    • The Repopulate Database check box is disabled when you create a new database or schema. When you connect to an existing database or schema, the check box is enabled and you can choose whether or not to populate the database.
    • Provide the following details when creating a new Oracle schema:

      Field Definition
      Host Name/IP The database server location address.
      Port The default Oracle database port is 1521.
      SID The Oracle schema ID.
      Admin Username The username of the database administrator.
      Admin Password The password of the database administrator.
      Schema Username The username of the Oracle schema.
      Schema Password The password of the Oracle schema.
      Default Tablespace The default tablespace.
      Temporary Tablespace The temporary tablespace.
    • Provide the following details when connecting to an existing Oracle schema:

      Field Definition
      Host Name/IP The database server location address.
      Port The default Oracle database port is 1521.
      SID The Oracle schema ID.
      Schema Username The name of the existing Oracle schema.
      Schema Password The password of the existing Oracle schema.
    • Provide the following details when creating a new MSSQL database or connecting to an existing database:

      Field Definition
      Host Name/IP The database server location address.
      Port The default MSSQL database port is 1433.
      DB Name The MSSQL database name.
      DB Username The username of the MSSQL database.
      DB Password The password of the MSSQL database.

  7. Click Test to test the connection settings and then click Next to continue to the Server Ports Configuration page.
  8. Specify Configuration Manager settings on the Server Ports Configuration page. When finished, click Next to continue to the User Configuration page.

    Configuration Manager provides out-of-the-box default port settings. If a port number conflicts with an existing installation, consult with an IT manager before changing the port number.

    Field Definition
    Application HTTP Port 8180
    Application HTTPS Port 8143
    JMX HTTP Port 39900
    JMX Remote Port 39600
    Tomcat Port 8005

  9. Enter details for the UCMDB integration user on the User Configuration page. When finished, click Next to continue to the Advanced Content page.

    An integration user is created in UCMDB on demand by Configuration Manager to support the integration between these two products.

    If you previously installed Configuration Manager version 10 for this UCMDB instance, you can use the same integration user credentials that you used previously, instead of creating a new integration user.

  10. In the Advanced Content page, the option to enable advanced content (out-of-the-box views and policies) is available only if you are connected to a UCMDB server on which an advanced license has already been installed.

    If you have not previously purchased and activated an advanced license, you can use the JMX console to enable the advanced content after installation.

    For details, see the section about licensed content in the Configuration Manager section of the UCMDB Online Help.

    Click Next to continue to the Pre-Installation Summary page.

  11. Review your installation and configuration settings on the Pre-Installation Summary page. When finished, click Install to continue to the Installing page.

    The Summary page centralizes all of the configuration details and user input. You can revise the content of the summary, if necessary, by clicking Previous on the pages until you reach the desired page, and adjust the deployment settings. Return to the Summary page by clicking Next as required.

  12. The Installing page shows the progress of your installation. During the installation, the progress bar displays the progress of the installation. When the process finishes, the configuration settings are applied to Configuration Manager. This phase may take several minutes. You can press Cancel during the installation to stop the process and roll back the installation. During the configuration phase, the Cancel button is disabled.

    When the installation process finishes, a message appears indicating that Configuration Manager was successfully installed in the selected folder. In addition, error messages or warnings are displayed, as well as the path of the log file. To finish, press Done.

Upgrading Configuration Manager

The upgrade procedure assumes the following before beginning:

  • ensure that Universal CMDB is on version 10.22 CUP6 or a later version.
  • there is a working connection to the UCMDB server, which is up and running.
  • the Configuration Manager server is stopped.
  • the communication between Configuration Manager and UCMDB uses HTTP protocol and not HTTPS protocol. For instructions about changing the protocol settings, see Reconfiguring Configuration Manager.
  • If you manually created an integration point using the CM KPI adapter or the CM Policy adapter, remove these integration points before upgrading. Failure to do this may result in duplicate integration points being created during the upgrade procedure, which can cause data federation to fail.

Note:  

  • Configuration Manager version 11.0 is a re-branded version of CM 10.23, so it works with all versions of UCMDB from 10.22 CUP6 and up.
  • If you have any version of Configuration Manager earlier than 10.01 installed, you must upgrade to version 10.01, then to 10.10, then to 10.20, then to 10.22, and then apply 10.22 CUP6 (or a later CUP), then to 10.23, then to 11.0, and then to 2018.05 before upgrading to version 11.0. For details on upgrading Configuration Manager to version 10.01 and later, see the interactive Universal CMDB Deployment Guide for version 10.01 and later, available from the Micro Focus Support site (https://softwaresupport.softwaregrp.com).

To upgrade Configuration Manager:

  1. Back up the Configuration Manager installation folder.

  2. Back up the Configuration Manager database.
  3. Back up the following Windows registry entry:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Universal CMDB Configuration Manager 10.23  
  4. Remove the old Configuration Manager service name by running the following command:

    sc [<ServerName>] delete [<ServiceName>]

    For example, sc delete HPUCMDBCM1023

  5. To start the installation, insert the Configuration Manager installation media into the machine. Do one of the following:

    • On a Windows system, locate the CM_11.0.xx.exe file in the \Windows folder and double-click it.
    • On a Linux system, locate the CM_11.0.xx.bin file and run it. You can either run the installer in GUI mode (using X11 protocol), or run a silent installation.
  6. Click Next to open the End User License Agreement page.

  7. Accept the terms of the license and click Next.

  8. Select the folder where Configuration Manager will be installed. Make sure that you select a different location than the one that was used for the previous version.

    By default, Configuration Manager is installed in the following directory: C:\hp\CM_10.2.1.0 (on Windows systems) or /root/HP/CM_10.2.1.0 (on Linux systems). Click Next to accept the default location, or click Browse to select a different location and then click Next.

  9. Note: The installation directory must not contain spaces in its name.

  10. Click Next until you are asked whether to perform a new installation of Configuration Manager or to upgrade.

    Note:  

    • If you are upgrading on a Linux system, specify the new (target) installation folder, the folder that contains the previous installation folder, and the version number of the previous installation. For example, for the version number, enter 10.23.
    • The advanced content that is installed during the upgrade procedure requires the purchase of a license. If you plan to use advanced content features, contact your Micro Focus sales representative or Software Sales Assist team (sw_ssa@microfocus.com) to obtain the appropriate license.
  11. Select Upgrade and click Next to confirm and begin the installation.

  12. In the Advanced Content page, the option to enable advanced content (out-of-the-box views and policies) is available only if you are connected to a UCMDB server on which an advanced license has already been installed.

    If you have not previously purchased and activated an advanced license, you can use the JMX console to enable the advanced content after upgrading.

    For details, see the section about licensed content in the Configuration Manager section of the UCMDB Online Help.

  13. When the installation finishes, check the installation log file (located in the <Configuration_Manager_installation_directory>/_installation/logs folder) to ensure that the installation completed with no errors.

    If an error occurs during the upgrade process, a message is displayed. If this occurs, contact Micro Focus Software Support.

  14. On Windows machines, the Configuration Manager service starts automatically. Wait several minutes for the service to restart.

Note: After upgrading, you must perform the SSL configuration again. For details, see the Configuration Manager section of the UCMDB Online Help.

Installing Configuration Manager - Silent Installation

Note: Configuration Manager can be installed on a Windows or a Linux system.

To perform a silent installation of Configuration Manager:

Run the following command:

CM_11.0.xx.exe -i silent -f installvariables.properties

An example of the installvariables.properties file is displayed below:

# Enter 1 for a new installation or 0 to upgrade
CM_NEW_INSTALLATION=1
# Logging file
INSTALL_LOG_NAME=HP_Universal_CMDB_Configuration_Manager.log
# User installation directory
# Enter the full absolute path to be used for the installation
# Make sure to use double backslashes; for example, C:\\hp\\cm_10.23
USER_INSTALL_DIR=
# UCMDB connection config:
UCMDB_HOST_NAME=
UCMDB_PROTOCOL=
UCMDB_PORT=
# Enter the full path for the UCMDB Foundation certificate file # (.cer file only) # UCMDB_CLIENT_CERT_FILE should be defined only when connecting # to UCMDB with HTTPS protocol UCMDB_CLIENT_CERT_FILE=
UCMDB_CUSTOMER_NAME=
UCMDB_JMX_PORT=
UCMDB_SYSTEM_USER=
UCMDB_SYSTEM_PASSWORD= UCMDB_CMDB_ROOT_CONTEXT=
# Database config:
# Enter 1 to create a new schema; otherwise, enter 0
DB_CREATE_NEW_SCHEMA=
# Enter 1 to use an existing schema; otherwise, enter 0 DB_USE_EXISTING_SCHEMA=
# Enter 1 for an Oracle database; otherwise, enter 0 DB_VENDOR_ORACLE=
# Enter 1 for an MSSQL database; otherwise, enter 0 DB_VENDOR_MSSQL= # DB_HOST_NAME should be the fully qualified domain name (FQDN)
DB_HOST_NAME=
DB_PORT=
# For an Oracle database, enter the SID name; for an # MSSQL database, enter the database name ORACLE_SID_OR_MSSQL_DB_NAME=
ORACLE_SCHEMANAME_OR_MSSQL_DB_USERNAME=
ORACLE_SCHEMA_PASSWORD_OR_MSSQL_DB_USER_PASSWORD= # Enter 1 if you want to repopulate the database or when creating # a new schema, or 0 if you are connecting to an existing schema and # do not want to repopulate DB_REPOPULATE_DATABASE=
# Oracle only:
# These four values are required only for the creation of a new 
# Oracle schema
ORACLE_ADMIN_USERNAME=
ORACLE_ADMIN_PASSWORD=
DB_DEFAULT_TABLE_SPACE=
DB_TEMP_TABLE_SPACE=
# Tomcat Ports:
HTTP_PORT=
HTTPS_PORT=
TOMCAT_PORT=
AJP_PORT=
JMX_HTTP_PORT=
JMX_REMOTE_PORT=
# User config:
UCMDB_ADMIN_USERNAME=
UCMDB_ADMIN_PASSWORD=
# Advanced configuration manager content 
# Requires purchase of an ACM license 
# Enter 1 to install advanced content
#
INSTALL_CM_ADVANCED_CONTENT_BOOLEAN_1 =

For additional details about the various parameters that can be set, see Installing Configuration Manager.

Installing Configuration Manager - Advanced Database Configuration

Create a Configuration Manager Database On an Oracle RAC

  1. Configuring an Oracle Schema during installation

    During the installation procedure, you specify the database parameters for connecting to the desired Oracle RAC instance (Host Name, Port, and SID). After the installation is complete, you must configure jdbc.url in the database.properties file, as described in Configuring the database.properties file below.

  2. Configuring an Oracle Schema during upgrade

    During the upgrade procedure you enable Configuration Manager to connect directly to an Oracle RAC instance. For example:

    jdbc.url=jdbc:oracle:thin:@[instance_name]:1521:[instance_sid]

    After the upgrade is complete, you must configure jdbc.url in the database.properties file, as described in Configuring the database.properties file below.

  3. Configuring the database.properties file

    Change jdbc.url in the database.properties file in one of these ways:

    • by Single Client Access Name (SCAN)

      jdbc:mercury:oracle://<server_name>:1521;ServiceName=<service_name>

      where <server_name> is the scan listener hostname or address and <service_name> is the name of the Oracle RAC service.

    • by the tnsnames.ora file

      jdbc.url=jdbc:mercury:oracle:TNSNamesFile=<CM_HOME>\\conf\\tnsnames.ora;TNSServerName=<service_name>

      where <CM_HOME> is the Configuration Manager installation directory, and <service_name> is the name of the Oracle RAC service.

      You must create the tnsnames.ora file in the \conf subfolder of the Configuration Manager installation directory. Here is an example of the contents:

      RACQA = 
      (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST = labm3amdb17-vip)(PORT = 1521)) (ADDRESS = (PROTOCOL = TCP)(HOST = labm3amdb18-vip)(PORT = 1521)) (LOAD_BALANCE = yes) (CONNECT_DATA = (SERVER = DEDICATED) (SERVICE_NAME = RACQA) (failover_mode=(type=select)(method=basic)) ) )

      In this case, set jdbc.url to jdbc:mercury:oracle:TNSNamesFile=<CM_HOME>\\conf\\tnsnames.ora and the TNSServerName to RACQA.

      Note: For details about configuring the Oracle JDBC URL format, see http://www.datadirect.com/resources/jdbc/oracle-rac/connecting.html.

 

Enable support for Oracle ASO on Configuration Manager

To enable Oracle ASO support on CM,

  1. Stop Configuration Manager.
  2. Copy the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files for Java 8 to the java\windows\x86_64\lib\security folder.

    The JCE Unlimited Strength Jurisdiction Policy Files can be downloaded from http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html.

  3. Open the datamodelContext.xml file (in the servers\server-0\webapps\cnc\WEB-INF\classes\META-INF\spring folder) using a text editor, and then copy and add the following property tag to bean id="dataSource" class="com.mchange.v2.c3p0.ComboPooledDataSource":

    <property name="properties">
    <props>
    <prop key="EncryptionTypes">AES256</prop>
    <prop key="EncryptionLevel">required</prop>
    <prop key="DataIntegrityTypes">SHA1</prop>
    <prop key="DataIntegrityLevel">required</prop>
    </props>
    </property>
  4. Save the file.
  5. Start Configuration Manager.

Configure Windows Authentication (NTLM) On an MS-SQL Server

You can create and connect to a database using Windows authentication instead of Microsoft SQL Server authentication. To do so, you must ensure that the Windows user running the Universal CMDB Configuration Manager service has the necessary permissions to access the Microsoft SQL Server database.

  • For information on assigning a Windows user to run the Universal CMDB Configuration Manager service, see the section about changing the UCMDB Server Services user, in the Hardening section of the UCMDB Help.
  • For information on adding a Windows user to Microsoft SQL Server, see the section describing using Windows authentication to access Microsoft SQL Server databases in the Hardening section of the UCMDB Help.

Reconfiguring Configuration Manager

Reconfiguring Configuration Manager allows you to change the installation parameters (UCMDB properties, DB properties, and so on) of an existing installation.

To reconfigure an existing installation of Configuration Manager:

  1. In the <Configuration_Manager_installation_directory>/_installation folder, run CM_11.0.xx.exe (on Windows systems) or CM_11.0.xx.bin (on Linux systems), without repopulating the database. The End User License Agreement is displayed. Select the radio button and click Next to continue.

  2. The installation process checks if there is a previous installation of Configuration Manager, and displays the following message:

    A previous installation of the product has been detected. 
    This installation will not reinstall the product, but will 
    allow you to reconfigure the product parameters.

    Click Next to continue.

  3. Continue with the reconfiguration. You can update the following information:

    • UCMDB Foundation connection information

      Field

      Definition

      Host Name (FQDN)

      UCMDB deployment location address.

      • The UCMDB host name must be specified as the fully qualified domain name (FQDN) of the UCMDB server machine.

      • If UCMDB is configured in high-availability mode, use the load balancer's Cluster FQDN.

      Protocol HTTP or HTTPS (default) protocol.
      UCMDB Port The HTTP or HTTPS port default values are 8080 for HTTP and 8443 (default) for HTTPS.
      Server Certificate

      This field is available when the HTTPS protocol is selected. You must manually place the UCMDB server certificate file on the Configuration Manager target host, and specify the full file path including the file name in the adjacent input field.

      Note: Note: The path to the certificate file cannot contain spaces.

      If UCMDB uses HTTPS, then using a key exchange is required. The key exchange is not validated during the connection test.

      Note: The certificate file must be a *.cer file (other file formats are not supported).

      Customer Name The default UCMDB customer name is Default Client. The customer name value is used during the UCMDB and Configuration Manager integration configuration. The customer name must exist in UCMDB, and this value is not validated by the connection test. If you provide an incorrect value, the deployment will fail.
      UCMDB root context

      UCMDB root context, the default value is /.

      If this value is changed in UCMDB, this needs to be adjusted in CM as well. This way UCMDB-CM communication uses UCMDB root context.

      JMX Port The default value is 29601.
      System User (JMX) The UCMDB (JMX) system user is used for activating JMX functions such as creating a Configuration Manager integration user and deploying the Configuration Manager package. The out-of-the-box default value is sysadmin.
      System Password

      The UCMDB system user password.

    • Database configuration information

      Configuration Manager uses a different database schema from UCMDB.

      Two types of databases are available – Oracle and MSSQL. The input fields change according to the database type selected. During installation, you can either create a new schema or connect to an existing schema. For details about the schema requirements, see the Support Matrix section of the UCMDB Help.

      For additional details about connecting to different database schemas, see Installing Configuration Manager - Advanced Database Configuration.

      Caution: Repopulating an existing database removes all data from a database schema and recreates all tables.

      Note:  

      • Populating a database schema is performed automatically by the installation procedure when you create a new schema.
      • The Repopulate Database check box is disabled when you create a new database or schema. When you connect to an existing database or schema, the check box is enabled and you can choose whether or not to populate the database.
      • Provide the following details when creating a new Oracle schema:

        Field Definition
        Host Name/IP The database server location address.
        Port The default Oracle database port is 1521.
        SID The Oracle schema ID.
        Admin Username The username of the database administrator.
        Admin Password The password of the database administrator.
        Schema Username The username of the Oracle schema.
        Schema Password The password of the Oracle schema.
        Default Tablespace The default tablespace.
        Temporary Tablespace The temporary tablespace.
      • Provide the following details when connecting to an existing Oracle schema:

        Field Definition
        Host Name/IP The database server location address.
        Port The default Oracle database port is 1521.
        SID The Oracle schema ID.
        Schema Username The name of the existing Oracle schema.
        Schema Password The password of the existing Oracle schema.
      • Provide the following details when creating a new MSSQL database or connecting to an existing database:

        Field Definition
        Host Name/IP The database server location address.
        Port The default MSSQL database port is 1433.
        DB Name The MSSQL database name.
        DB Username The username of the MSSQL database.
        DB Password The password of the MSSQL database.

    • Tomcat ports

      Configuration Manager provides out-of-the-box default port settings. If a port number conflicts with an existing installation, consult with an IT manager before changing the port number.

      Field Definition
      Application HTTP Port 8180
      Application HTTPS Port 8143
      JMX HTTP Port 39900
      JMX Remote Port 39600
      Tomcat Port 8005

    • User configurations

      An integration user is created in UCMDB on demand by Configuration Manager to support the integration between these two products.

      If you previously installed Configuration Manager version 10 for this UCMDB instance, you can use the same integration user credentials that you used previously, instead of creating a new integration user.

Configuring Configuration Manager to Work with UCMDB Using SSL

Note: If your UCMDB server uses HTTPS, make sure you configure Configuration Manager so that it can work with UCMDB server using SSL.

You can configure Configuration Manager to work with UCMDB using Secure Sockets Layer (SSL). The SSL connector on port 8443 is enabled by default in UCMDB.

  1. Go to <UCMDB installation directory>\bin\jre\bin and run the following command:

    keytool -export -alias hpcert -keystore <UCMDB_server_directory>
    \conf\security\server.keystore -storepass <keystore password> -file <certificatefile>

  2. Copy the certificate file to a temporary location on the local Configuration Manager machine.

  3. Perform a new installation or reconfigure an existing installation of Configuration Manager. For instructions, see the relevant sections in the interactive Universal CMDB Deployment Guide.

    In the UCMDB configuration screen, set the protocol to HTTPS, and choose the certificate file that you copied in step 2.

  4. Copy hpcert.cer to the server machine in the <Configuration_Manager_installation_directory>\java\windows\x86_64\bin folder.
  5. On the server machine, import the certificate into the trust store (cacerts) using the keytool utility with the following command:

    <Configuration_Manager_installation_directory>\java\bin\keytool.exe ‑import -alias hp -file hpcert.cer -keystore <Configuration_Manager_installation_directory>\java\windows\x86_64\lib\security\cacerts

  6. Copy hpcert.cer to the server machine in the <Configuration_Manager_installation_directory>\java\ windows\x86_64\lib\security folder.
  7. Create a server keystore (JKS type) with a self-signed certificate and matching private key. From the <Configuration_Manager_installation_directory>\java\windows\x86_64\bin folder, run the following command:

    keytool –genkey –alias tomcat –keyalg RSA –keystore <Configuration_Manager_installation_directory>\java\windows\x86_64\lib\security\tomcat.keystore
    1. Enter a keystore password.
    2. For the question: What is your first and last name?, enter the Configuration Manager Web server name and enter the other parameters according to your organization.
    3. Enter a key password. The key password MUST be the same as the keystore password. A JKS keystore is created named tomcat.keystore, with a server certificate named hpcert.
  8. Modify the server.xml file as follows:

    1. Open the server.xml file, located in <Configuration_Manager_installation_directory>\servers\server-0\conf folder. Locate the section beginning with:

      Connector port="8143"

      which appears as a comment. Activate the script by removing the comment character and add the following lines:

      keystoreFile="<Configuration_Manager_installation_directory>\java\windows\x86_64\lib\security\tomcat.keystore"
      keystorePass="password"
      truststoreFile="<Configuration_Manager_installation_directory>\java\windows\x86_64\lib\security\cacerts"
      truststorePass="changeit" />
    2. Comment out the following line:

      <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
  9. Restart the server.

To configure Configuration Manager to work with other products (such as load balancers) using SSL, import the security certificate of the product to the Configuration Manager truststore (default JRE truststore) by running the following command:

<CM_JAVA_HOME>\bin\keytool -import -trustcacerts -alias <alias> -keystore
<CM_JAVA_HOME>\lib\security\cacerts -storepass changeit -file <certificatefile>

Customizing the Root Context

You can specify different root contexts on a single Configuration Manager server installation.

Note:  

  • Root contexts must take the format of http://<IP address>:<port>/<context>/cnc, and not http://<IP address>:<port>/cnc/<context> or any other format.
  • You must specify the same prefix for each of the /webapps subfolders that use the same root context.

To change the root context for Configuration Manager:

  1. Stop the Configuration Manager service.
  2. Open the <Configuration Manager installation directory>/servers/server-0/webapps/ folder.

    1. Rename the cnc.war file with the desired root context.

      Repeat this step for all .war files in the folder, except for the ds-console.war file.

    1. Delete the /cnc subfolder.

      Repeat this step for the corresponding subfolder of each .war file in the /webapps folder, except for the /ds-console folder.

    Caution: Do not change the name of the ds-console.war file and its corresponding subfolder.

  3. Open the <Configuration Manager installation directory>/servers/server-0/webapps/root/ folder.

    In the index.html file, change

    <meta http-equiv='refresh' content='0;url=http://quixy.deu.hp.com/cnc' />

    to

    <meta http-equiv='refresh' content='0;url=http://quixy.deu.hp.com/<context>/cnc' />

  4. Restart the Configuration Manager service.

  5. Verify that a folder with the new context name (for example, segment#cnc) has been created in the /webapps folder.

Start or Stop the Configuration Manager Application Server

To start the Configuration Manager server:

  • On a Linux system, use a command line prompt:

    $ cd /<Configuration_Manager_installation_directory> $ ./start-server-0.sh

    Running this script this way starts the server in a synchronous process, which means that the server is stopped as soon as you disconnect from the console.

    • To start the Configuration Manager server asynchronously, run the script as follows:

      $ ./start-server-0.sh &
    • To keep the Configuration Manager server running even if a user logs out, run the script as follows:

      nohup $ ./start-server-0.sh 

    You can create a script in the /etc/init.d directory to automatically start Configuration Manager on machine startup.

  • On a Windows system:

    Use the Universal CMDB Configuration Manager Windows service to start the server.

To stop the Configuration Manager server:

  • On a Linux system, use a command line prompt:

    $ cd /<Configuration_Manager_installation_directory> $ ./stop-server-0.sh

  • On a Windows system:

    Use the Universal CMDB Configuration Manager Windows service to stop the server.

Uninstalling Configuration Manager

To uninstall Configuration Manager, do one of the following:

On Windows systems

From the Start menu:

  • Click Start > All Programs > Universal CMDB Configuration Manager 11.0 > Uninstall Universal CMDB Configuration Manager 11.0.

From the Control Panel:

  • Click Control Panel > Programs and Features > Universal CMDB Configuration Manager 11.0, and then click Uninstall.

A notification is displayed that you are about to uninstall. Click Uninstall to continue or click Cancel to exit.

On Linux systems In the <Configuration_Manager_installation_directory>/_installation/ folder, execute CM-Uninstall.bin.

Access Commands for the UCMDB Server

Access Commands for Windows

During the installation of Universal CMDB, a start menu is added to the settings of the machine on which you installed UCMDB. You can start and stop the UCMDB Server and the UCMDB Integration Service, access the Server Configuration wizard and view Server service status, and you can uninstall the Server.

If there is a Data Flow Probe installed on the same machine as the UCMDB Server, you can start and stop the Data Flow Probe, as well as uninstall it, from this menu.

To access the Universal CMDB start menu, select Start > All Programs > UCMDB. The menu includes the following options:

Command Description
Start Universal CMDB Server

Starts the UCMDB Server service.

Note: Alternatively, you can access the Windows Services window and locate the UCMDB_Server service. Open the UCMDB_Server Properties (Local Computer) dialog box and start the service. If required, change the Startup Type to Automatic.

Stop Universal CMDB Server

Stops the UCMDB Server service.

Note: Alternatively, you can access the Windows Services window and locate the UCMDB_Server service. Open the UCMDB_Server Properties (Local Computer) dialog box and stop the service.

Universal CMDB Server Status Opens a Web page with information about the server. For details, see UCMDB Services below. To open a Web page with information about the UCMDB UI Server Status, enter the following URL:
https://<UCMDB Server Host Name or IP>:8443/ucmdb-ui/status.jsp

 

Note: The link to the Server Status page is only displayed if the Show Status Page link on first page infrastructure setting is set to True.

Start Universal CMDB Server Configuration Wizard Enables you to run the wizard to connect to an existing database or schema or to create a new database or schema. For details, see Creating a Database or Connecting to an Existing One? earlier in this document.
Uninstall Universal CMDB Server Uninstalls the UCMDB Server.

Start Universal CMDB Integration Service

Starts the UCMDB Integration Service which allows performance of non-Jython-based integration tasks without using a Data Flow Probe if your remote managed data repositories are accessible from the UCMDB Server machine.

Note: The UCMDB Integration Service and the Data Flow Probe (if installed on the UCMDB Server machine) cannot be running at the same time. To start the UCMDB Integration Service, you must first stop the Data Flow Probe.

Stop Universal CMDB Integration Service

Stops the UCMDB Integration Service.
Inventory Tools

Enables you to access the Inventory Tools (and supporting documentation) that are used for viewing and analyzing data discovered by Inventory Discovery.

Available: Only when a Data Flow Probe is installed on the UCMDB Server machine.

Start Data Flow Probe

Starts the Data Flow Probe on the UCMDB server.

If the Data Flow Probe is installed on the UCMDB Server machine: The Data Flow Probe and the UCMDB Integration Service cannot be running at the same time. To start the Data Flow Probe, you must first stop the UCMDB Integration Service. See Stop Universal CMDB Integration Service.

Available: Only when a Data Flow Probe is installed on the UCMDB Server machine.

Start Data Flow Probe (console)

Starts the Data Flow Probe on the console.

Available: Only when a Data Flow Probe is installed on the UCMDB Server machine.

Stop Data Flow Probe

Stops the Data Flow Probe.

Available: Only when a Data Flow Probe is installed on the UCMDB Server machine.

Uninstall Data Flow Probe

Uninstalls the Data Flow Probe.

Available: Only when a Data Flow Probe is installed on the UCMDB Server machine.

Access Commands for Linux

Run the following commands to start and stop the UCMDB Server, to access the Database Configuration wizard, to view the Server service status, and to uninstall the Server.

Note: The following commands assume that UCMDB is installed on the default path, that is, /opt. If the Server is installed elsewhere, substitute that path for /opt.

Command Path
To start the Universal CMDB server /opt/UCMDB/UCMDBServer/bin/server.sh start
To stop the Universal CMDB server /opt/UCMDB/UCMDBServer/bin/server.sh stop
To call the Universal CMDB Server Configuration wizard /opt/UCMDB/UCMDBServer/bin/configure.sh
To access the UCMDB Server Status Web pages
  • UCMDB Server Status Web Page: In your browser, enter the following URL:

    https://<UCMDB Server Host Name or IP>:8443/status

  • UCMDB UI Server Status Web page: In your browser, enter the following URL:

    https://<UCMDB Server Host Name or IP>:8443/ucmdb-ui/status.jsp

Note:  

  • You can access the Status pages from any machine, and not just from the Linux machine that is hosting the UCMDB Server.
  • The link to the Server Status page is only displayed if the Show Status Page link on first page infrastructure setting is set to True.
To start the Universal CMDB Integration Service

/opt/UCMDB/UCMDBServer/integrations/bin/service.sh start

The UCMDB Integration Service allows performance of non-Jython-based integration tasks without using a Data Flow Probe if your remote managed data repositories are accessible from the UCMDB Server machine.

Note: The UCMDB Integration Service and the Data Flow Probe (if installed on the UCMDB Server machine) cannot be running at the same time.To start the UCMDB Integration Service, you must first stop the Data Flow Probe. See Stop Data Flow Probe below.

To stop the Universal CMDB Integration Service /opt/UCMDB/UCMDBServer/integrations/bin/service.sh stop
To start the Data Flow Probe

/opt/UCMDB/DataFlowProbe/bin/probegateway.sh start

If the Data Flow Probe is installed on the UCMDB Server machine: The Data Flow Probe and the UCMDB Integration Service cannot be running at the same time. To start the Data Flow Probe, you must first stop the UCMDB Integration Service. See Stop UCMDB Integration Service above.

Available: Only when a Data Flow Probe is installed on the UCMDB Server machine.

To stop the Data Flow Probe

/opt/UCMDB/DataFlowProbe/bin/probegateway.sh stop

Available: Only when a Data Flow Probe is installed on the UCMDB Server machine.

To uninstall the UCMDB Server /opt/UCMDB/UCMDBServer/UninstallerData/Uninstall_UCMDBServer

UCMDB Services

This section includes:

 

View the Status of Universal CMDB Server Services

On the UCMDB Server machine, open your client browser and enter https://localhost:8443/status. The Status and Detailed Status of all services are displayed, indicating whether the Universal CMDB services are running (Up) or are down (Not Started).

Note: In case there are services that are not running, contact Micro Focus Support.

 

Check the Universal CMDB Integration Service Status

If your remote managed data repositories are accessible from the UCMDB server machine, you can use the UCMDB Integration Service for non-Jython-based integrations instead of a Data Flow Probe.

Note: The UCMDB Integration Service is supported in a standalone UCMDB environment only.

To ensure that the service is running:

  1. Check the status on the UCMDB Server machine:

    Windows Control Panel > Administration Tools > Services
    Linux /opt/UCMDB/UCMDBServer/integrations/bin/service.sh status
  2. If the service is not running:

    1. Check if there is a Data Flow Probe installed and running on the UCMDB Server machine. If so, you must first stop the Data Flow Probe before you can start the UCMDB Integration Service.

      To stop the Data Flow Probe:

      Windows Select Start > All Programs > UCMDB > Stop Data Flow Probe
      Linux Enter the following command: /opt/UCMDB/DataFlowProbe/bin/probegateway.sh stop
    2. Start the UCMDB Integration Service:

      Windows

      Use one of the following:

      • Select Start > All Programs > UCMDB > Start Universal CMDB Integration Service

      • Select Start > Control Panel > Administration Tools > Services, and start the UCMDB Integration Service

      Linux Enter the following command:

      /opt/UCMDB/UCMDBServer/integrations/bin/service.sh start

 

Universal CMDB Services

The Universal CMDB services are described in the following table:

Service Name Description of Service
authorization Responsible for the security model enforcement (users, roles, tenants, and so on).
autodiscovery Responsible for Data Flow Management-related services.
Browser_resources Responsible for managing UCMDB browser related resources like categories.
cla_queue Responsible for Client level authorization.
cla_statistics Responsible for Client level authorization.
classModel Responsible for maintaining the class model in the CMDB.
cmdb_mod_not Responsible for notifications of changes that occur in the CMDB.
cmdb_sys_tqls Responsible for the conditions applied to TQL nodes, and the condition results that are stored in the system TQL.
cmdb_view Responsible for calculating view definitions over TQL results (the transformation from graph to tree is given the view definition).
cmdb_widget_tracker Responsible for managing UCMDB browser widgets.
configuration Responsible for snapshots, CI change queries, and TQL/View History queries.
content-install Responsible for managing the content packs.
correlation Responsible for HPE Universal CMDB impact, root cause, and correlation subsystems.
data-acquisition Responsible for managing integrations.
enrichment Responsible for executing both ad hoc and active enrichments.
fcmdb-config A cache mechanism for federated data that allows basic FCMDB services before the FCMDB is fully loaded.
fcmdb-management Responsible for managing the adapters, federation, and the data push flow.
folders Responsible for managing the folder hierarchy for every type of resource.
framework Responsible for dispatching operations within the UCMDB server.
generic_adapter_manager Responsible for generic adapter related operations.
grouping Responsible for holding the different bundles that allow the classification of resources.
histDB Responsible for saving changes to CIs and relationships in the CMDB.
impact Responsible for Universal CMDB impact, root cause, and correlation subsystems.
licensing Responsible for license management.
mapping-engine Used by the integrations. Allows reconciliation during a federated TQL calculation.
model Responsible for mapping CIs from external data sources to local CMDB CIs.
model_statistics Allows running database optimization operations. These operations are run in various scenarios, such as history, upgrade, and JMX.
model_topology Responsible for loading the model topology graph (an internal data structure that contains all CIs and relationships without properties and often allows avoiding database queries).
model_update Responsible for managing updates to the class model in the CMDB.
msg_sync Messaging service for asynchronized history change messages.
offline_tql Responsible for managing and executing queries needed for CI tracking in UCMDB Browser.
packaging Responsible for packages. Packages are zip files containing resources that are structured in organized, predefined subdirectories.
reconciliation The CMDB’s data population reconciliation service. Responsible for the reconciliation engine of Universal CMDB.
reconciliation_conf Handles the reconciliation configuration such as identification rules and reconciliation priority configuration
report Responsible for Universal CMDB report services, such as adding, editing, and removing System reports, calculation of Asset reports, Node Dependency reports.
scheduler Responsible for scheduling offline tasks.
softwarelibrary Software library (Teaching server) service for SAI editor/Express Teaching operations
state_management Responsible for managing states.
system-health Responsible for gathering a storing server related statistics.
topology_search Responsible for search engine related services.
tql Responsible for TQL calculations.
tql_res_utils Responsible for TQL result maintenance (active) and layout retrieval.
tql_tracker Responsible for managing UCMDB browser CI tracking.
view Responsible for part of the business logic of the Modeling Studio, including "watch".
world A central repository for configuration information that is gathered from the various Universal CMDB and third-party applications and tools. This information is used to build Universal CMDB views.

Accessing and Logging In to Universal CMDB

This section includes:

 

Overview

You access Universal CMDB using a supported Web browser, from any computer with a network connection (intranet or Internet) to the Universal CMDB Server.

For details on Web browser requirements, as well as minimum requirements to successfully view Universal CMDB, see the Support Matrix section of the UCMDB Help.

The level of access granted a user depends on the user’s permissions. For details on granting user permissions, see the Administer section of the UCMDB Help.

For details on accessing Universal CMDB securely and login authentication strategies, see the Hardening section of the UCMDB Help.

 

Accessing the UCMDB Components

  1. In the Web browser, enter the URL of the Universal CMDB Server, for example:

    https://<server name or IP address>.<domain name>:8443

    where <server name or IP address>.<domain name> represents the fully qualified domain name (FQDN) of the Universal CMDB Server.

    If Universal CMDB is set up to work through a reverse proxy, enter https://<proxy_server_name>:443 where proxy_server_name is the name or IP address of the proxy server.

    If the correct Java version is not installed on your machine, you can choose to download the version from sun.com or from the UCMDB server. (If you log in without installing Java, you will not be able to view pages that need a Java applet to display correctly.)

  2. Click a link to work with Universal CMDB:

    • UCMDB. Opens the login page. After logging in, the module you had open at the end of your last session opens. If your user preferences are deleted, the IT Universe Manager is opened by default.

      Note: You can also access the login page by entering https://<server name or IP address>.<domain name>:8443/ucmdb.

    • UCMDB SAML Login. Opens to the default UCMDB module page directly if SAML authentication is enabled.

      Note: This option is available only when SAML authentication is enabled.

    • User Management. Opens the login page. After logging in, you are taken directly to the Users and Groups module where you can manage your UCMDB users.

    • UCMDB Configuration Manager. Opens the Configuration Manager application. For the link to be active, Configuration Manager must be running and the infrastructure setting Configuration Manager URL must contain the application’s URL.

    • UCMDB Browser. Opens the UCMDB Browser. The UCMDB Browser is a web-based UCMDB UI for displaying UCMDB information quickly and easily, and simplifying administrative and integration management of UCMDB with improved user experience and ease of use. For the link to be active, UCMDB Browser must be running and the infrastructure setting UCMDB Browser URL must contain the application’s URL.

    • UCMDB Class Model. Opens the UCMDB Class Model Reference, which contains information on all packages, CI types, and relationships in the class model.

    • Server Status. Opens the Server Status page.

    • JMX Console. Enables you to perform operations on the CMDB through the JMX console interface.

    • API Connection Test. Displays information about the Universal CMDB Server for you to use when running an API to the CMDB.

    • API Client Download. Downloads the UCMDB API jar file.

    • API Reference. Opens the UCMDB API Reference documentation.

    1. When you click UCMDB or User Management, the login page opens.

      Enter the default superuser login parameters:

      • User Login = admin, User Password = the password for admin.

      • If Universal CMDB is installed in a multiple customer or multiple state environment (for example, Universal CMDB Configuration Manager), a Customer field is displayed. Choose the Customer name from the list.

      • Remember me on this machine. Select for automatic login. That is, the next time you log in to UCMDB, you do not need to enter your user name and password.

  3. Click Login. After logging in, your user name appears at the top right of the screen.

    If you have problems logging in, see Troubleshooting Deployment - Logging In to UCMDB below.

    Note: Click the Help button on the Login page for complete help with logging in.

  4. (Recommended) Change the superuser password immediately to prevent unauthorized entry. For details on changing the password, see the Administer section of the UCMDB Help.

  5. (Recommended) Create additional administrative users to enable Universal CMDB administrators to access the system. For details on creating users in the Universal CMDB system, see the Administer section of the UCMDB Help.

 

Enabling Automatic Login

Advanced login options enables you to automate login, limit login access, and provide direct login capabilities to specific pages in Universal CMDB.

When automatic login is enabled from the login page, and when you close the browser tab without using the Logout button at the top of the Universal CMDB page, the next time you enter this URL to access Universal CMDB (https://<server name or IP address>.<domain name>:8443/ucmdb-ui) or access the URL of the Universal CMDB Server (https://<server name or IP address>.<domain name>:8443) to get to the splash screen and then click UCMDB, the login page does not open, the login name and password do not have to be entered, and the default page that is set to open opens automatically.

Caution: This option could be considered a security risk and should be used with caution.

To enable automatic login:

  1. In the Universal CMDB login page, select the option Remember me on this machine.

  2. When completing your session, do not click Logout at the top of the page, but close the browser tab.

    When you open a new browser tab and navigate to link https://<server name or IP address>.<domain name>:8443 and then click UCMDB, the login page should be skipped.

Guidelines for Using Automatic Login

Using the Logout option at the top of the Universal CMDB page, the Remember me on this machine option is still enabled with your user name remembered. If you log out using the Logout button, the next time you try to log in, the Login page opens with your login name pre-filled, you only need to enter your password manually.

The Remember me on this machine option can only be manually canceled by the user when he/she logs in next time.

 

Launch UCMDB UI from Chrome 43+, Firefox 48+, Microsoft Edge, or Safari 10+

It is possible to launch UCMDB UI application from web browsers without support for NPAPI plugins, including Chrome 43+, Firefox 48~51, Microsoft Edge, and Safari 10+.

The JNLP feature allows users who use web browsers without support for NPAPI plugins to launch the UCMDB UI application. Instead of running it in the internet web through the Java plug-in, a JNLP file is saved on the client machine. After launching the JNLP file, it runs in a separate Java process and loads the UCMDB UI as a desktop application.

The following web browsers are supported for accessing UCMDB UI using JNLP:

  • Chrome version 43 or later
  • Firefox versions 48 to 51
  • Microsoft Edge
  • Safari version 10 or later

The following scenarios are not supported:

  • Login through LW-SSO
  • CAC login
  • FIPS mode

How to launch UCMDB UI from web browsers without support for NPAPI plugins

Note: Most of the configurations here are one-time operation only.

To do so, perform the following:

Tip: To access the same Universal CMDB server from one of the above mentioned web browsers, simply launch the downloaded UCMDB.jnlp file.

Change Default Time Limit for User Inactivity Log Out

Universal CMDB includes an automatic logout feature which logs out when the system is inactive for a set time period. The default period is 1440 minutes (24 hours). After that time, a message appears with a 30-second countdown until logout.

This task describes how to adjust the time limit UCMDB stays open without any user input before automatically logging out.

To change the default logout time:

  1. Select Administration > Infrastructure Settings > General Settings category > Inactive allowed time setting.

  2. In the Value column, enter a new time interval in minutes. All values for inactive allowed time are located in the Properties window (right-click Inactive Allowed Time > Properties or double-click the Inactive Allowed Time setting).

Working with UCMDB in Non-English Locales

This section includes:

 

Installation and Deployment Issues

  • If you use the Japanese, Chinese, or Korean language in your browser, you must ensure that the Universal CMDB server has East Asian languages installed. On the machine on which the Universal CMDB server is installed, you must select Control Panel > Regional and Language Options > Languages > Install files for East Asian languages.

  • Universal CMDB in an I18N environment is supported for Universal CMDB installed on a Windows or Linux platform.

  • The installation path for all Universal CMDB components must not contain non-English language characters.

  • The Upgrade Wizard for version 10.30 does not support the non-English user interface. (The upgrade itself works properly.)

 

Database Environment Issues

  • To work in a non-English language Universal CMDB environment, you can use either an Oracle Server database, Microsoft SQL Server database, or PostgreSQL Server database. The OS Windows regional settings language of the database should be the same as that of the UCMDB Server. When using an Oracle Server database, the encoding of the database can also be UTF-8 or AL32UTF-8, which supports both non-English languages as well as multiple languages.

  • When you create a new Oracle instance in an Oracle database, you must specify the character set for the instance. All character data, including data in the data dictionary, is stored in the instance’s character set. For details, see the section describing the Oracle Summary Checklist in the Database section of the UCMDB Help.

  • The Database Query Monitor can connect to an Oracle database, but the Oracle user names and passwords must contain only English characters.

 

Multi-Lingual User (MLU) Interface Support

Use the language preference option in your browser to select how to view Universal CMDB. The language preference chosen affects only your local machine (the client machine) and not the Universal CMDB Server machine or any other user accessing the same Universal CMDB machine.

The Universal CMDB user interface can be viewed in the following languages in your Web browser:

English Korean
French Brazilian Portuguese
German Russian
Italian Simplified Chinese
Japanese Spanish

To set up and view Universal CMDB in a specific language:

  1. Install the appropriate language’s fonts on your local machine if they are not yet installed. If you choose a language in your Web browser whose fonts have not been installed, Universal CMDB displays the characters as squares.

  2. If you are logged in to Universal CMDB, you must log out. Click LOGOUT at the top of the Universal CMDB window.

    Close every open browser window or, alternatively, clear the cache.

  3. If Universal CMDB is running on Internet Explorer, configure the Web browser on your local machine to select the language in which you want to view Universal CMDB (Tools > Internet Options).

    1. Click the Languages button and in the Language Preference dialog box, highlight the language in which you want to view Universal CMDB.

    2. If the language you want is not listed in the dialog box, click Add to display the list of languages. Select the language you want to add and click OK.

    3. Click Move Up to move the selected language to the first row.

    4. Click OK to save the settings.

    5. Display the Universal CMDB login window.

    6. From the Internet Explorer menu, select View > Refresh. Universal CMDB immediately refreshes and the user interface is displayed in the selected language.

Note: For details on viewing Web pages in Internet Explorer that are written in a different language, see http://support.microsoft.com/kb/306872/en-us.

Configure the UCMDB Mail Server - Optional

Large Capacity Planning for UCMDB

This section includes:

 

Large Capacity Planning Overview

Using the default configuration, Universal CMDB can work with a deployment of more than 25 million CIs and relationships. To work with a larger deployment, you must implement the following configuration:

Depending in the number of CIs and relationships, increase the CMDB heap as follows:

# CIs and Relationships Heap Size
≤ 40 million 12 GB
40 million – 60 million 16 GB
60 million – 125 million 24 GB
> 125 million 55 GB

  • For capacity planning requirements, see the Support Matrix section of the UCMDB Help.
  • For details about the changes you must make to the system configuration to support this capacity, see "Configuring the UCMDB Server for Large Capacity" in the Deployment Guide.
  • For details on how to improve performance, see "Configuring the Oracle Database for Large Capacity" and "Configuring the Microsoft SQL Database for Large Capacity" in the Deployment Guide.
  • For details about the setup used for capacity testing and performance results, see "System Capacity Test" in the Deployment Guide.

 

Configuring the UCMDB Server for Large Capacity

For the system to support the desired number of CIs and relationships, update the following parameters on the UCMDB Server:

  Parameter Default CIs and Relationships (million)   Location
≤ 40
40 – 60
60 – 125 > 125
wrapper.java.
initmemory
1024 2048 8192
  • Windows: C:\UCMDB\UCMDBServer\bin\wrapper-platform.conf
  • Linux: /opt/UCMDB/UCMDBServer/bin/wrapper-platform.conf
wrapper.java.
maxmemory
4096 8192 16384 24576 56320
wrapper.java.
additional.31=
-XX:MaxMetas
paceSize
256 512 1024
dal.object.condi
tion.max.result.
size
2000000 50000000 50000000
  • Windows: C:\UCMDB\UCMDBServer\conf\
    settings.override.properties
  • Linux: /opt/UCMDB/UCMDBServer/conf/
    settings.override.properties
dal.use.memory.
instead.temp.tab
le.high.threshold.
oracle
600000 6000000 6000000 10000000
dal.joinf.max.res
ult.size
400000 4000000 4000000

 

Configuring the Oracle Database for Large Capacity

When working on a system containing more than 40 million objects and relationships, you can improve performance by increasing the Oracle SGA and PGA to the following suggested sizes:

CIs and Relationships SGA PGA
40 million – 60 million 22 GB 6 GB
60 million – 120 million 42 GB 14 GB
> 120 million 88 GB 24 GB

This improves the performance of both the TQL calculation for several types of TQL queries, as well as for data-in operations performed on the system.

 

Configuring the Microsoft SQL Database for Large Capacity

When working on a system containing more than 40 million objects and relationships, you can improve performance by increasing the Microsoft SQL Server Memory to the following suggested sizes:

CIs and Relationships Microsoft SQL Server Memory
40 million – 60 million 28 GB
> 60 million 56 GB

 

Configuring Configuration Manager for Large Capacity

Configuration Manager supports working with up to 20,000 composite CIs in a single managed view. To enable this functionality, do the following:

Note:

  • If you want to enable this functionality, it is recommended to install Configuration Manager on a server that has a minimum of 8 GB of memory (RAM).
  • Managed views that are based on dynamic TQL queries and result in more than 20,000 composite CIs are not supported.

  1. To access the JMX console, launch your Web browser and enter the following address: http://<server_name>:<port_number>/cnc/jmx-console, where <server_name> is the name of the machine on which Configuration Manager is installed.

  2. Enter the JMX console authentication credentials.

  3. Click Configuration Manager > View Service. Select supportLargeViews and click Invoke.

  4. In UCMDB, change the value of the TQL Group View Result Size setting to 500,000 (Administration > Infrastructure Settings Manager > TQL Settings).

  5. Do one of the following:

    • If you use the Universal CMDB Configuration Manager Windows service to start Configuration Manager, navigate to the <Configuration_Manager_installation_directory>/bin/ folder and double-click the edit-server-0.bat file. In the Java tab, increase the value of the Maximum memory pool parameter to 4096 or greater.
    • If you use the start-server-0.bat file to start Configuration Manager, edit the start-server-0.bat file and raise the value of the –Xmx parameter to 4096m or greater.

System Capacity Test

Setup

The system capacity test is conducted for Microsoft SQL Server (with 125 million CIs and relationships) and Oracle Database (with 200 million CIs and relationships) separately, by using the following hardware configurations.

Microsoft SQL Server
Role CPU Memory OS + 3rd Party SW
CMDB 2 x 4-cores @ 2.67 GHz 32 GB

Microsoft Windows Server 2008 R2 Enterprise Edition x64 SP1

Database 2 x 8-cores @ 2.93 GHz 64 GB
  • Microsoft Windows Server 2008 R2 Enterprise Edition x64 SP1
  • Microsoft SQL Server 2014 - 12.0.2000.8 (x64)

 

Oracle Database
Role CPU Memory OS + 3rd Party SW
CMDB 2 x E5-2630V3 @ 2.40GHz 32 GB

Red Hat Enterprise Linux 7.2

Database 2 x E5-2630V3 @ 2.40GHz 97 GB
  • Oracle Linux 7.2
  • Oracle Database 12c Enterprise Edition x64 - 12.1.0.2

The following business flows were tested as part of the system test:

  • TQL Calculation

    TQLs were divided into sub groups according to the result size (<100, <1000, and <10000), according to the data set that the TQL retrieves, and according to the TQL configuration:

    • Like Condition
    • Like Ignore case
    • Different number of hierarchies in the TQL results (2-5)
    • Compound
    • Sub-graph
  • Data-in

    The data-in scenario in the system test included insertion, updates, and deletion.

  • Enrichments

    Enrichment scenarios included insert, update, and delete.

Results

Following the load test in the scenario that includes query execution (2 days), data-in (7 days for Oracle and 10 days for MS SQL), and enrichment execution, the following results were achieved:

  • The system was stable throughout the run. No restarts, memory leaks, or any other degradation over time was observed.
  • System performance was acceptable.

Accessing Configuration Manager

Logging In to Configuration Manager

You access Configuration Manager using a supported Web browser, from any computer with a network connection (intranet or Internet) to the Configuration Manager server. The level of access granted a user depends on the user's permissions. For details on granting user permissions, see the section on users and roles in the Administer section of the UCMDB Help.

For details on Web browser requirements, as well as minimum requirements for successfully viewing Configuration Manager, see the Support Matrix section of the UCMDB Help.

For details about accessing Configuration Manager securely, see the Hardening section.

For troubleshooting information about accessing Configuration Manager, see Troubleshooting Deployment - Logging In to Configuration Manager.

  1. In the Web browser, enter the URL of the Configuration Manager Server, for example, http://<server name>.<domain name>:<port>/cnc, where <server name>.<domain name> represents the fully qualified domain name (FQDN) of the Configuration Manager server and <port> represents the port selected during installation.

  2. Click Log In. After logging in, the user name appears at the top right of the screen.

Logging Out

When you have completed your session, it is recommended that you log out of the website to prevent unauthorized entry.

To log out, click Logout at the top of the page.

Note: There is a default session expiration time of 30 minutes.

Accessing the JMX Console for Configuration Manager

For troubleshooting purposes or to modify certain configurations, you may need to access the JMX console.

To access the JMX console:

  1. Make sure that Server Administrator privileges have been assigned in UCMDB. For details, see the Administer section of the UCMDB Help.

  2. Open the JMX console at http://<server name>:<application_port>/cnc/jmx-console. The port is the port configured during the installation of Configuration Manager.

Additional Use Cases for Configuration Manager

Port a Configuration Manager Installation Between Machines

This procedure should be used when you want to transfer an installation of Configuration Manager from one machine to another while keeping the database schema intact and connecting to the same UCMDB server.

  1. Perform a new installation of Configuration Manager on the target machine.
  2. Stop the Configuration Manager servers on both the source and target machines.
  3. Copy the \conf and \security folders from the source machine into the relevant location on the target machine.

  4. Start the Configuration Manager server on the target machine.

Change Port Numbers After Installation

To change port numbers (or any other installation parameter), see Reconfiguring Configuration Manager.

Copy System Settings Between Systems

  1. On the source machine, open Configuration Manager. Go to Administration > Settings and click the Export configuration set to a zip file button.

    Before exporting, you can exclude specific parts of the configuration by unchecking the check box next to the relevant configuration items.

  2. Copy the exported configuration to the target machine.

  3. On the target machine, open Configuration Manager. Go to Administration > Settings and click the Import configuration set button.

Back Up and Restore

You can back up an installation of Configuration Manager in order to be able to recover from any type of failure that would otherwise require a complete new installation.

  • Back up

    Back up the following information:

    • the \conf and \security subfolders in the Configuration Manager installation directory. This can be done while the system is up and running, without interrupting operation.

    • the database schema

    • the registry entry at: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Universal CMDB Configuration Manager 11.0 (on Windows systems only)

  • Restore

    This procedure should be performed on a new system with that has no Configuration Manager installation on it.

    1. Install Configuration Manager on the target machine by running the CM_11.0.exe file (on Windows systems) or CM_11.0.bin file (on Linux systems).

    2. Stop the Configuration Manager server.
    3. Restore the \conf and \security directories. Use the matching method to restore that you used to back up. Overwrite the directories created by the installation that you performed in step 1.

    4. Restore the database schema. If you restore to a different database server, you must modify the url property in the database.properties file (located in the \conf directory) to match the new database server name.

    5. Start the Configuration Manager server.

Troubleshooting Deployment - Available Troubleshooting Resources for UCMDB

  • Installation troubleshooting. Use to troubleshoot common problems that you may encounter when installing Micro Focus Universal CMDB, and the solutions to those problems. See Troubleshooting Deployment - UCMDB Server and Troubleshooting Deployment - Keystore and Truststore below.
  • Login troubleshooting. Use to troubleshoot possible causes of failure to log in to Micro Focus Universal CMDB.
  • Micro Focus Software Self-solve knowledge base. Use to search for specific troubleshooting information on a wide variety of topics. Located on the Micro Focus Software Support site, the Micro Focus Software Self-solve knowledge base can be accessed by selecting Troubleshooting & Knowledge Base from the Micro Focus Universal CMDB Help menu.

    Note that only registered customers can access the resources on the Micro Focus Support site. Customers who have not yet registered can do so from this site.

  • Universal CMDB Log files. Use to troubleshoot CMDB runtime problems. For details, see the section about CMDB log files in the Universal CMDB Administration Guide.
  • Data Flow Management log files. Use to troubleshoot DFM problems. For details, see the section about Data Flow Management log files in the Universal CMDB Administration Guide.
  • Query log files. Use to view definitions for query parameter log files. For details, see the section about CMDB log files in the Universal CMDB Administration Guide.

Troubleshooting Deployment - UCMDB Server

Problem: The UCMDB Server does not start automatically upon system restart.

Solution:

  1. Open the Windows Services dialog box and select the UCMDB_Server service.
  2. Open the UCMDB_Server Properties (Local Computer) dialog box.
  3. In the General tab, ensure that:

    • The Path to executable field points to the correct executable location.
    • The service is configured to automatically start (Startup type is Automatic).
  4. In the Log On tab, ensure that the service uses the correct user for logon. For details on changing the service user, see the Hardening section of the UCMDB Help.
  5. In the Dependencies tab, ensure that the service is configured to have no dependencies (<No Dependencies>).

Troubleshooting Deployment - Keystore and Truststore

Troubleshooting Deployment - Logging In to UCMDB

This section includes the following:

   

Possible Causes for Failure to Log In to UCMDB

Use the following information to troubleshoot possible causes of failure to log into Universal CMDB.

Problem/Possible Causes Solutions

Universal CMDB is not started successfully.

Indication: The startup.log file does not include the following line:

**** All components started ****

Solution 1: Verify that the Universal CMDB Server is up and running by accessing the Web console https://<Server name>:8443/web-console where <server name> is the name of the Universal CMDB Server to which you are connecting.

Solution 2: Check the database connection:

To check that the database server is up and running:

  1. Launch the Web browser and navigate to: https://localhost:8443/jmx-console.

  2. Under UCMDB, click UCMDB:service=Dal Services to open the JMX MBean View.

  3. Invoke the function getDbContext with a customerID parameter value of 1.

  4. Check that the operation result shows no problems.

Solution 3: Check that the database connection parameters are correct. Ensure that you can log into the database server using the credentials you provided during the configuration procedure.

Solution 4: Use the cmdb.dal.log file to verify the database connections. The cmdb.dal.log file can be found in the following directory:

  • Windows: C:\UCMDB\UCMDBServer\runtime\log
  • Linux: /opt/UCMDB/UCMDBServer/runtime/log

Solution 5: To verify that the database connection is valid, in the Windows command interpreter (cmd.exe), type sqlplus cmdb/cmdb@skazal.

The CMDB is corrupted (for example, a user record may have been deleted accidentally from the CMDB).

Import a previously backed up database file. For details, see the Database section of UCMDB Help.

Important: The Universal CMDB server must be down while importing the database.

Note: When you import a previously backed up database file, you lose all data previously existing in the system.

The Universal CMDB login fails. This may be due to an incorrect login name/password combination.

Solution 1: Ensure that you enter a correct login user name/password combination.

Solution 2: Restore the default

Universal CMDB login fails due to unexpected errors.

Solution 1: Select Start > All Programs > UCMDB > Universal CMDB Server Status and ensure that the service is running.

Solution 2: Look for errors in the following log files:

  • C:\UCMDB\UCMDBServer\runtime\log\error.log

  • C:\UCMDB\UCMDBServer\runtime\log\ui-server.log

If you find errors that are unfamiliar to you, contact Micro Focus Software Support.

Universal CMDB fails to start, even though the password was successfully changed.

Restore the default passwords:

  1. Overwrite the existing file by copying the Basic_Authorization.zip file from the following folder:

    • Windows: C:\UCMDB\UCMDBServer\content\backup
    • Linux: /opt/UCMDB/UCMDBServer/content/backup

    to the following folder:

    • Windows: C:\UCMDB\UCMDBServer\content/basic_packages
    • Linux: /opt/UCMDB/UCMDBServer/content/basic_packages
  2. Log into the the JMX Console and locate the UCMDB-UI:name=UCMDB Integration service.

  3. Run setCMDBSuperIntegrationUser by using the credentials of UISysadmin.

  4. Stop the UCMDB Server.
  5. Create a new schema.
  6. Restart the UCMDB Server.
After upgrading UCMDB from version 10.30 (or earlier) to 10.31 (or later), LDAP authentication fails and users cannot log in to UCMDB. For more details about the problematic scenario, possible cause and solutions, see .

   

Java Not Installed on Client Machine

If Java is not installed on your machine or you have a version older than Java 8, during login a message is displayed asking you to install the correct Java Runtime Environment version. JRE is needed to view Universal CMDB applets.

Click the relevant button to allow Universal CMDB to install Java from either oracle.com or the Universal CMDB Server.

Troubleshooting Deployment - Configuration Manager Upgrade

Problem. The upgrade to version 11.0 fails.

Solution: To restore to the previous version, perform the following steps:

  • Uninstall Configuration Manager version 11.0.
  • Restore the installation folder for the previous version of Configuration Manager (that you backed up before upgrading) to its original location.
  • Restore the database (that you backed up before upgrading).
  • Import the Windows registry entry (that you backed up before upgrading).

Troubleshooting Deployment - Logging In to Configuration Manager

Problem. You have been assigned the appropriate permissions for Configuration Manager but you are not able to log in.

Solution. Verify that the following parameters are configured correctly in UCMDB:

  • LW-SSO init string: This string must not be empty.
  • LW-SSO domain: Must be set to the same domain as UCMDB.
  • LW-SSO trusted DNS domains: The Configuration Manager domain must be listed here, even if it is the same as the UCMDB domain.

Problem. There is an error in the UCMDB connection.

Solution. One of the following may be the cause:

  • The UCMDB server is down. Restart Configuration Manager after UCMDB is fully up (verify that the UCMDB server status is Up).

  • The UCMDB server is up but the Configuration Manager connection credentials or URL is wrong.

Problem. After changing UCMDB connection settings (such as changes to: host/port/protocol/SRP), the Configuration Manager server fails to start.

Solution. Reconfigure Configuration Manager and specify the UCMDB connection settings that reflect your latest changes. The reconfiguration wizard (CM_11.0.exe) is located in the <Configuration_Manager_installation_directory>\_installation folder.

Problem. Changes to the UCMDB class model are not detected in Configuration Manager.

Solution. Restart the Configuration Manager server.

Problem. The Configuration Manager log contains a UCMDBExecution timeout expired error.

Solution. This occurs when the UCMDB database is overloaded. To correct this, increase the connection timeout as follows:

  1. Create a jdbc.properties file in the UCMDBServer\conf folder.

  2. Enter the following text: QueryTimeout=<number in seconds>.

  3. Restart the UCMDB server.

Problem. Configuration Manager does not allow you to add a view to be managed.

Solution. When a view is added to be managed, a new TQL is created in UCMDB. If the maximum limit of active TQLs is reached, the view cannot be added. Increase the limit of active TQLs in UCMDB by changing the following settings in the Infrastructure Settings Manager:

  • Max Number Of Active TQLs In Server

  • Max Number Of Customer Active TQLs

Problem. The HTTPS Server certificate is not valid.

Solution. One of the following may be the cause:

  • The validation date of the certificate has passed. You need to get a new certificate.

  • The certification authority on the certificate is not a trusted authority. Add the certification authority to your Trusted Root Certification Authority list.

Problem. When logging in from the Configuration Manager login page, you get a login error or access denied page.

Solution. Check that the LW-SSO settings are correct. For details, see the general LW-SSO reference in the Hardening section of the UCMDB Help.

Problem. The Configuration Manager server does not start due to entering incorrect database credentials.

Solution. If you made a change to the database credentials and the server fails to start, the credentials may be wrong. You need to re-encrypt the database password and enter new credentials in the configuration file. Proceed as follows:

  1. From a command line, run the following command to encrypt the updated database password:

    <Configuration_Manager_installation_directory>\bin\encrypt-password.bat –p <password>

    which returns an encrypted password.

  2. Copy the encrypted password (including the {ENCRYPTED} prefix), into the db.password parameter in the <Configuration_Manager_installation_directory>\conf\database.properties file.

Problem. The Configuration Manager Tomcat server does not start due to a bind port issue.

Solution. Try one of the following:

  • Run the Post install wizard and replace the Configuration Manager server ports.

  • Abort the other process that occupies the Configuration Manager ports.

  • Manually change the ports in Configuration Manager configuration files by editing the following file: <Configuration Manager installation directory>\servers\server-0\conf\server.xml and updating the relevant ports:

    • HTTP (8180): line 69

    • HTTPS (8143): lines 71, 90

Problem. You receive an "out of memory" message.

Solution. Do the following to change the server startup parameters:

  1. Run the following batch file:

  2. <Configuration Manager installation directory>/bin/edit-server-0.bat

  3. Change the following settings:

  4. -Dapplication.ms=<inital memory pool size>
    -Dapplication.mx=<maximum memory pool size>

Problem. Changes in CIs in UCMDB are not reflected in Configuration Manager.

Solution. Configuration Manager runs an offline asynchronous analysis process. The process may not yet have processed the latest changes in UCMDB. To resolve this, try one of the following:

  • Wait a few minutes. The default interval between analysis process executions is 10 minutes. It is configurable in Administration > Settings.

  • Execute a JMX call to run the offline analysis calculation on the relevant view.

  • In Policies, click the Recalculate Policy Analysis button. This invokes the offline analysis process for all views (which may take some time). You may also need to make an artificial change to one policy and save it.

Troubleshooting Deployment - Configuration Manager General Limitations and Troubleshooting

Limitations

  • The time settings on the UCMDB and Configuration Manager servers must be synchronized, down to the seconds.

  • The time zone and time format on the UCMDB and Service Manager servers must be synchronized.

  • You will not see a new CI type that you created in UCMDB until you log out of Configuration Manager and then log on again.
  • Whenever the time is changed on the Configuration Manager Tomcat server, the server must be restarted to update the time on the server.

Troubleshooting

Problem. When you start the Configuration Manager service, you receive the following error message:

Windows could not start the Universal CMDB Configuration Manager on Local Computer. For more information, review the System Manager Event log. If this is a non-Microsoft service, contact the service vendor, and refer to service-specific error code 0.

Solution. Do the following:

  1. Go to the <Configuration_Manager_installation_directory>\cnc\bin folder and execute the following command:

    edit-server-0.bat

  2. Select the Startup tab. In the Mode drop-down list (at the bottom), select jvm instead of exe.
  3. Click OK.
  4. Run your service.

Troubleshooting Deployment - Configuration Manager Authentications

Problem. During authentication of Configuration Manager after redirection to the UCMDB login page, you are not redirected back to Configuration Manager but UCMDB opens instead.

Solution. The Configuration Manager authentication session cookie is blocked or denied when using Internet Explorer browser. Add the Configuration Manager server to the Intranet/Trusted zone in the Internet Explorer security zones on your computer (Tools > Internet Options > Security > Local Intranet > Sites > Advanced). This allows all cookies to be accepted.

Solution. Make sure that the LW-SSO configuration in UCMDB settings is correct. For details, see the section about LW-SSO in the Hardening section of the UCMDB Help.

Possible solution. Make sure that you access the application with the Fully Qualified Domain Name (FQDN) in the login URL (for example: http://myserver.companydomain.com/WebApp).

© 2011 - 2018 Micro Focus or one of its affiliates