IBM Software Group
Managing TechnologyTivoli Architecture and Solutions
German Unix User GroupFebruary 2002
Michael BrokmannTivoli Lead Architect EMEA Central [email protected]
2 | IBM Confidential | © Copyright IBM Corporation 2001. All Rights Reserved
IBM e-business Infrastructure Software
LeveragingKnow-How
LeveragingInformation
Transformation& Integration
ManagingTechnology
Integrated Enterprise
Management
Integrated Enterprise
Management
Messaging and
Collaboration
Messaging and
Collaboration
Relational DatabaseRelational Database
Online Transaction
Systems
Online Transaction
Systems
Enabling Integrated e-business
Enabling Integrated e-business
Integrated Information
Infrastructure
Integrated Information
Infrastructure
Enabling the Minds of
e-business
Enabling the Minds of
e-business
End-to-End e-business
Infrastructure Management
End-to-End e-business
Infrastructure Management
3 | IBM Confidential | © Copyright IBM Corporation 2001. All Rights Reserved
Tivoli Areas of Focus
Partner Middleware and ApplicationsPartner Middleware and Applications
SecurityConfiguration& Operations
Performance & Availability Storage
Infrastructure Services
Change and Configuration Management
Change and Configuration Management
Data and Resource Management
Data and Resource Management
Threat Management
Threat Management
Identity, Access and Privacy Management
Identity, Access and Privacy Management
Event, Correlation,
Automation and Monitoring
Event, Correlation,
Automation and Monitoring
Business Impact Management
Business Impact Management
Job SchedulingJob Scheduling Data Management
Data Management
4 | IBM Confidential | © Copyright IBM Corporation 2001. All Rights Reserved
High Level Architecture
Common Application ServicesCommon Application Services
Framework Architecture (CORBA)Framework Architecture (CORBA)Component ServicesComponent Services
(J2EE)(J2EE)
NetWorkNetWork ApplicationApplication DatabasesDatabases SystemsSystems
Agent Agent
Config &OperationConfigConfig &&
OperationOperation
Performance&
Availability
Performance&
AvailabilitySecuritySecurity StorageStorage
5 | IBM Confidential | © Copyright IBM Corporation 2001. All Rights Reserved
Physical Architecture
Tivoli Management Region (TMR)
Tivoli Management Agents
TMR
TMG
TMA
TMR
TMG
TMA
Tivoli Management Gateway
Tivoli Management Server Inter-RegionCommunication
Organisation - Scalability - Geography - Security - NetworkingCentral and/or Distributed Management Design
6 | IBM Confidential | © Copyright IBM Corporation 2001. All Rights Reserved
Platform Strategy
•Based on Market Direction – Customers / Analysts•Reducing ‚Managing Platforms‘ towards
•UNIX (AIX, HP-UX, Solaris)•LINUX (including /390)•Windows
•Keep Broad Support for ‚Managed Platforms‘•Strong IBM Focus on Linux•Tivoli Support
•‚Managing & Managed‘ Platform Support•Strong Demand for Linux on zSeries (/390) •Red Hat, SuSE, TurboLinux
7 | IBM Confidential | © Copyright IBM Corporation 2001. All Rights Reserved
Configurations & Operations
Partner Middleware and ApplicationsPartner Middleware and Applications
SecurityConfiguration& Operations
Performance & Availability Storage
Infrastructure Services
Change and Configuration Management
Change and Configuration Management
Data and Resource Management
Data and Resource Management
Threat Management
Threat Management
Identity, Access and Privacy Management
Identity, Access and Privacy Management
Event, Correlation,
Automation and Monitoring
Event, Correlation,
Automation and Monitoring
Business Impact Management
Business Impact Management
Job SchedulingJob Scheduling Data Management
Data Management
8 | IBM Confidential | © Copyright IBM Corporation 2001. All Rights Reserved
Configurations Management
Preparation Site
Source Host
Package &
Test
TMR Server
ServerComponent
Gateway
Repeater/DepotDelivery
Agent(Web)
Agent(Web)
Reference Modelling –
Activity Planning
(WEB)
Depot
(Mobile)
Operations
DataMoving
Planning &Administration
PerformSoftware Distribution Operations
Devices (PalmOs, WinCE, Nokia Communicator, NetVista IAD (Neutrino + Linux OS)
9 | IBM Confidential | © Copyright IBM Corporation 2001. All Rights Reserved
Configurations Management
Common OpenRelational Repository
Cross Platform Scanning Technology•Server and Desktops (Mobile)•Hardware and Software •DMI Scanner•User Info•Custom Scanner
Scalable Collection Service•Define when to return data•Staged data transport•Asynchronous •Adjust to Bandwitdh
Integration of Network Data•Element Manager Device Information
•Router, Hubs, Switches•CISCO Works•IBM Nways•Nortel Optivity•3Com Transcend
•Leverage NetView•Interfaces•Segments•Nodes
Data Analysis & Reporting•Predefined Queries & Reports
Integration with other Disciplines•Software Management•Change, Asset, Problem
10 | IBM Confidential | © Copyright IBM Corporation 2001. All Rights Reserved
Performance & Availability
Partner Middleware and ApplicationsPartner Middleware and Applications
SecurityConfiguration& Operations
Performance & Availability Storage
Infrastructure Services
Change and Configuration Management
Change and Configuration Management
Data and Resource Management
Data and Resource Management
Threat Management
Threat Management
Identity, Access and Privacy Management
Identity, Access and Privacy Management
Event, Correlation,
Automation and Monitoring
Event, Correlation,
Automation and Monitoring
Business Impact Management
Business Impact Management
Job SchedulingJob Scheduling Data Management
Data Management
11 | IBM Confidential | © Copyright IBM Corporation 2001. All Rights Reserved
Performance & Availability
Business Impact ManagementLine of business views, cross discipline analysis,
predict, optimize, analyze, account, report
Event Correlation and AutomationCross system & domain root cause analysis
Monitor Networks, Systems, Applications, Transactions and User Experience
Collect metrics, local analysis, persistence, automation, root cause, filter,
concentrate, probes, user simulation
Rap
id ti
me-
to-v
alue
thro
ugh
a ti
ghtly
in
tegr
ated
man
agem
ent s
yste
m
12 | IBM Confidential | © Copyright IBM Corporation 2001. All Rights Reserved
Monitoring Focuses on One Server at a Time
• Combined monitoring of:– Hardware– Operating System– Middleware– Applications
• Local correlation and diagnosis at the server level
• Take action to cure problems when possible
• Notify other systems or administrators
BrowsersApplication
ServersWeb/Edge
Servers
DumbTerminals
HostSystems
Host Databases
Clients
Servers
DistributedDatabases
Business Impact Management
Event Correlation and Automation
Monitor Systems and Applications
13 | IBM Confidential | © Copyright IBM Corporation 2001. All Rights Reserved
Monitoring Architecture
Analyzer
CIMOM Repository
Provider
Managed Obj
MemoryManagement
Process
Memory Paging
Private BytesWorking Set
Available MemoryTotal MemoryQueue Length
Available CapacityTotal SwapSpace
Queue Length
Metric analysisCritical path
Recovery
14 | IBM Confidential | © Copyright IBM Corporation 2001. All Rights Reserved
Monitoring Architecture
Resource Model
If transaction time > w,DB response time > xOS Memory in use > y, andBandwidth utilization > z, thenInitiate single server cure or Forward to TEC
TEC
ETL
LogFile
Real-timeReporting
HistoricalReporting
(TDW)
Provider Layer
Single Server (Example Metric)
Hardware (% CPU Utilization)Network (Bandwidth Utilization)
OS (Memory in use)Middleware (DB call response time)
Applications (Transaction time)
Java (JMX)
webMethods (OMI)
Windows (WMI)
WebSphere (PMI)
JSR
Custom
CIM …
Monitoring EngineResource ModelResource ModelResource ModelResource Model
Work Bench
15 | IBM Confidential | © Copyright IBM Corporation 2001. All Rights Reserved
Transaction Monitoring
• Problems to be solved – Transaction Measurement in Web and Enterprise Applications– Focus on the Enduser Experience– What is my customers response time?– Are my key transactions available?– What is my backend service time?– How long did the page take to render?– How fast is my site traffic growing?
• Monitoring for Transaction Performance• Enterprise Application Performance Monitor• Quality of Service Monitor • Synthetic Transaction Investigator (Simulation)
arm_getid
arm_start
arm_stop
arm_end
App
licat
ion
Tran
sact
ion
do user's work
arm_init
T1
T2
response time
Application Code TAPM Agent
ARM API
16 | IBM Confidential | © Copyright IBM Corporation 2001. All Rights Reserved
Transaction Monitoring –Quality of Service in Web Environments
TS 2
Enterprise•Reports•Events
Internet DMZ
TS 1TS 3
TS 5
TS 4
Web Server
Fir
ewal
l
Fir
ewal
l APPServer
AccountingServer
Server Component
QoSMonitor
1. User initiates a transaction from a browser2. Transaction flows through backend (TS2 – TS1)3. Client time measured via Javascript (TS4 – TS3)
4. Results sent to QoS/Server Component where T5 is observed :TS5 – TS1 = Round Trip Time
17 | IBM Confidential | © Copyright IBM Corporation 2001. All Rights Reserved
Event Correlation Focuses on Multiple Resources
• Receive and correlate events from multiple networks and systems
• Problem signatures are used to determine root cause
• Automate corrective actions • Notify other systems or
administrators when necessary
• Delivery of Event Adapters
BrowsersApplication
ServersWeb/Edge
Servers
DumbTerminals
HostSystems
Host Databases
Clients
Servers
DistributedDatabases
TEC
Business Impact Management
Event Correlation and Automation
Monitor Systems and Applications
18 | IBM Confidential | © Copyright IBM Corporation 2001. All Rights Reserved
Event Correlation Example
Disk D fullSAP
MQ
DB2
RM forMQ
RM forSAP
RM forDB2
RM forOS
RM forOS
RM forOS
Order Capture
Order Fulfillment
EventMgr
Can’t w
rite re
cord
Can’t Write Record
Monitoring
WASRM forWAS
RM forOS
OC App
RM forOC App
Root Cause of order capture & order fulfillment
failure is out of spaceon DB2 server
Root Cause of order capture & order fulfillment
failure is out of spaceon DB2 server
DiskFull
19 | IBM Confidential | © Copyright IBM Corporation 2001. All Rights Reserved
Business Impact Management
• Proactively determine the impact of events on the business
• View how business processes span the physical environment
• Verify end user service levels • Analyze historical data and
predict future service levels
BrowsersApplication
ServersWeb/Edge
Servers
DumbTerminals
HostSystems
Host Databases
Clients
Servers
DistributedDatabases
Business Impact Management
Event Correlation and Automation
Monitor Systems and Applications
20 | IBM Confidential | © Copyright IBM Corporation 2001. All Rights Reserved
Reporting - Tivoli Warehouse
Customers / Partners Business Intelligence Front End
Service Level Management
Standard Reports
TWH 3rd Party Applications
Net View
TWSM
TWSA
DB
FrameworkTAPM DM (monitors) INVTEC
INV
DBSAP Lotus Xchg
DB MGR Etc...
Storage
TEC
OS390 data
CICS, IMS,
DB2, MVS,
21 | IBM Confidential | © Copyright IBM Corporation 2001. All Rights Reserved
Performance & Availability –Getting the ‘Big Picture’
IBM Tivoli Business Systems Manager IBM Tivoli Service Level Management
IBM TivoliWeb Analyst
Tivoli EnterpriseData
Warehouse
Reporting andBusiness Intelligence Integration
IBM Tivoli NetView (for z/OS)IBM Tivoli NetView Performance
IBM Tivoli Enterprise Console
IBM Tivoli Monitoring for…-Transaction Performance- etc
IBM Tivoli Monitoring
Even
ts &
Inte
grat
ion
Daily Operations Historical Operations
Common Components
22 | IBM Confidential | © Copyright IBM Corporation 2001. All Rights Reserved
Storage
Partner Middleware and ApplicationsPartner Middleware and Applications
SecurityConfiguration& Operations
Performance & Availability Storage
Infrastructure Services
Change and Configuration Management
Change and Configuration Management
Data and Resource Management
Data and Resource Management
Threat Management
Threat Management
Identity, Access and Privacy Management
Identity, Access and Privacy Management
Event, Correlation,
Automation and Monitoring
Event, Correlation,
Automation and Monitoring
Business Impact Management
Business Impact Management
Job SchedulingJob Scheduling Data Management
Data Management
23 | IBM Confidential | © Copyright IBM Corporation 2001. All Rights Reserved
Storage Management Solutions
•Storage Management•Backup, Archive, Space Management, Disaster Recovery
•Storage Resource Management•Systems Management of Storage Networks•Capacity, Asset, Availability, Event, Performance Management
•Network Discovery•LUN Management (Host to LUN Mapping)•Policy Based File System Automation
•SAN File Sharing•Moving Big Files Fast over the SAN•Sharing SAN Storage Devices in SAN Environments
24 | IBM Confidential | © Copyright IBM Corporation 2001. All Rights Reserved
Security
Partner Middleware and ApplicationsPartner Middleware and Applications
SecurityConfiguration& Operations
Performance & Availability Storage
Infrastructure Services
Change and Configuration Management
Change and Configuration Management
Data and Resource Management
Data and Resource Management
Threat Management
Threat Management
Identity, Access and Privacy Management
Identity, Access and Privacy Management
Event, Correlation,
Automation and Monitoring
Event, Correlation,
Automation and Monitoring
Business Impact Management
Business Impact Management
Job SchedulingJob Scheduling Data Management
Data Management
25 | IBM Confidential | © Copyright IBM Corporation 2001. All Rights Reserved
Threat Management
Tivoli Risk ManagerTivoli Risk Manager
Network IDS
Firewall
Network IDS
Web ServerwithWebIDS
Web ServerwithWebIDS
Web ServerwithWebIDS
Multiple diverse,yet complimentaryIDS Sensors
Host IDS
Host IDS
Host IDS
Console
CentralDB
Tivoli Enterprise Console
Router
26 | IBM Confidential | © Copyright IBM Corporation 2001. All Rights Reserved
Threat Management in Action
WEB Server
FireWallNetwork IDS
Monitoring
Risk ManagerRisk ManagerFireWall
27 | IBM Confidential | © Copyright IBM Corporation 2001. All Rights Reserved
Access Management - Common Permission Framework
ClientClient Security Layer
Security Layer
Protected ResourceProtected Resource
PD ServerPD Server
BrowserBrowser WebSEALWebSEAL Web Resource
Web Resource
Java Appl.Java Appl.
JAASJAAS Protected ResourceProtected Resource
MQ Appl.MQ
Appl.MQI API
InterceptorMQI API
InterceptorQueued MessageQueued Message
UserUser PD for OSPD for OS UNIX Resources
UNIX Resources
ClientClient CORBA InterceptorCORBA
InterceptorServerServer
Object/ ACL DBObject/ ACL DB
User Registry
User Registry
Tivoli Policy DirectorTivoli Policy Director
28 | IBM Confidential | © Copyright IBM Corporation 2001. All Rights Reserved
Tivoli Policy Director – Secure Web Access
WebSEALWebSEAL
Browser
HTTP(s)
PolicyManagerPolicy
Manager
Object/ACL Database
Object/ACL Database
User Registry(LDAP)
User Registry(LDAP)
HTTP(s)
iPlanet
WebLogic
MS IIS
WebSphere Application
Server
WebSEAL passes to application:ØNothingØCredentials from Lock BoxØUser & group info (iv_user/iv_groups)
ØEPAC (iv_creds “Dossier”)
ØLTPA Cookie (WebSphere/Domino)
ØSupplemental user information (Tag-value)
ØEntitlements information (PD_Portal)
WebSEAL passes to application:ØNothingØCredentials from Lock BoxØUser & group info (iv_user/iv_groups)
ØEPAC (iv_creds “Dossier”)
ØLTPA Cookie (WebSphere/Domino)
ØSupplemental user information (Tag-value)
ØEntitlements information (PD_Portal)
29 | IBM Confidential | © Copyright IBM Corporation 2001. All Rights Reserved
Securing UNIX Operating Systems
PDOS Kernel Interception
UNIX native services
PDOSProcesses Replicated
Policy DB
CredentialCache
Cache
UserRequest
Policy Director
Policy DB
User RegTivoli Tivoli
Policy DirectorPolicy Directorfor Operatingfor Operating
SystemsSystems
30 | IBM Confidential | © Copyright IBM Corporation 2001. All Rights Reserved
Business Business LogicLogic
System/Application System/Application DefinitionsDefinitions
Applications,Applications,DatabasesDatabases
OS/OS/NOS’sNOS’s,,DirectoriesDirectories
OS/390OS/390(RACF, ACF2**, (RACF, ACF2**,
Top Secret**)Top Secret**)UNIX / Linux UNIX / Linux
Security EngineSecurity EngineWeb / Java/Web / Java/
OtherOtherResourcesResources
ResourcesResourcesLDAP
Reporting Reporting & Auditing& Auditing
ResourceResourceProvisioningProvisioning
** through services
UsersUsers
UsersUsers&&
AccessAccessControlControlPoliciesPolicies
TivoliTivoliIdentityIdentityDirectorDirector
TivoliTivoliPolicyPolicy
DirectorDirector
TivoliTivoliPD PD
for OSfor OS
HR/HR/AdminsAdmins
EmployeesEmployees
CustomersCustomersPartnersPartnersSuppliersSuppliers
Create, Delete, & Create, Delete, & Modify User InfoModify User Info
WebWebDelegatedDelegated
AdminAdmin
WebWebPasswordPassword
ResetReset
Web SelfWeb Self--ServiceService
HRHRSystemsSystems
WorkflowWorkflow
Identity Management
31 | IBM Confidential | © Copyright IBM Corporation 2001. All Rights Reserved
Summary
•Tivoli is Systems Management Software•Config & Operations / Performance & Availability / Security / Storage•Highly Integrated but Modular Approach
•Enterprise Customers (Market Leader)•Small-and-Medium Business
•Cross-Platform vs. Multi-Platform Approach•Proven Scalability