This article details an actual pilot implementation project of a private cloud deployment model recently completed by the IBM® Global Delivery team. The initiative was accomplished by leveraging an IBM hardware and software stack, the software in this case is Tivoli®, as part of the strategic roadmap. The goal of this article (designed for IT specialists, architects, and technical team leaders) is to provide a reference guild for any cloud-related engagement; I think you'll find information in this article that is useful to all levels of experience — from beginners to advanced professionals.
This article assumes you have knowledge of basic cloud computing concepts and operations; you should also be familiar with AIX®, Power®VM, and virtualization concepts. You do not need extensive knowledge of WebSphere®, DB2®, or Tivoli products, but I do mention the use of those products in this article.
Topics covered include:
- Tivoli Service Automation Manager and Tivoli Directory Server user roles.
- An example of the cloud provisioning process.
- General tricks and tips learned in the project, including DB2 heap workarounds, various URLs that make it easy to test your installations, verification tests, alternative ways to start Tivoli Service Automation Manager, sendmail issue workaround, and browser usage recommendations.
- A list of sample exercises the user can do to test the implementation.
Using the Tivoli Service Automation Manager private cloud
Let's start with a note about Tivoli Service Automation Manager's userid management.
During the installation of Tivoli Service Automation Manager, it also automatically installs an instance of Tivoli Directory Server (TSAM-TDS). The Web 2.0 self service user interface of Tivoli Service Automation Manager allows cloud administrators to add and remove cloud users. Tivoli Service Automation Manager is built on top of Tivoli Process Automation Engine (TPAE); when a cloud administrator uses the Web 2.0 user interface to add a user, the user's ID is added into TSAM-TDS. In addition, the user's information is also stored several Tivoli Process Automation Engine database tables, including MAXIMO.maxuser, MAXIMO.person, and MAXIMO.email.
In other words, adding a user involves changing data in both TSAM-TDS and Tivoli Process Automation Engine. When a user logs on, the user is authenticated with TSAM-TDS.
Tivoli Service Automation Manager provides four types of user roles and any user has to be mapped into one of these:
- Cloud admin: Can see and do everything. Create, modify, remove a team; create, modify, remove a user.
- Cloud manager: Has read-only abilities of the cloud admin; can see everything but do nothing.
- Team admin: Can see everything in his team area; can do all admin tasks for his team area.
- Team user: Can see everything in his team area; can do no admin tasks for his team area.
Remember, a user can only have one of these roles. And a user can be in zero or more teams.
Cloud provisioning process
The Tivoli Service Automation Manager Web 2.0 GUI is self-explanatory. The goal of this user interface is to provide an easy-to-use interface that requires no training. Figure 1 shows the simple provisioning process.
Figure 1. Cloud provisioning process
Before you can provision, you should have completed a registration process to gain access to the cloud self-service portal. This means that only authorized users can gain access to the portal and place a request for provisioning.
Once the cloud user requests a service, a workflow is triggered whereby email notification is sent to the cloud administrators who can validate the request. If approved, the provisioning takes place automatically.
You will receive two email notifications regarding your provisioning. The first indicates that your service request has been accepted. The second contains your virtual hostname and connection information (sample below).
Sample notification of provisioning request details
Dear Joydipto Banerjee You have started a new Project WAS_L2SOA with the following topology: The server vioclient26ftp has been added with the following parameters: Hostname of Server: vioclient26ftp Number of CPU(s): 2 Number of tenths of physical CPUs: 2 Amount of Memory: 4096 MB Swap Size: 0 MB Disk Space Size: 20 Admin Password:XXXXXX Link to the Server: http://vioclient26ftp:80 The user of group GBS USER has been notifed. Regards, Your Service Automation Team
Use those details to connect to the new server via SSH.
Further details on how to use the various offerings in the self service portal are in the Tivoli Service Automation Manager user guide.
Tricks and tests you can use
Here are some tips, tricks, and workarounds learned in the progress of this project; you may find these useful.
Workaround DB2 heap problems
There seems to be an issue where DB2 does not get enough heap space. You may get errors like this:
9/7/09 3:13:01:956 EDT 0000002c SystemOut O 2009.09.07 03:13:01.955 com.tivoli.dms.common.DBOperation executeUpdate Tivoli Web Gateway Device_Manager_Server tsam72mgmt com.ibm.db2.jcc.b.SqlException: DB2 SQL Error: SQLCODE=-956, SQLSTATE=57011, SQLERRMC=null, DRIVER=3.53.70
SQL0956C Not enough storage is available in the database heap to process the statement.
You can workaround using the following procedure:
- Stop Tivoli Provisioning Manager (
- Run the following commands:
db2 connect to maxdb71
db2 update db cfg using dbheap 6144
db2 connect reset
URLs to help you test your installation setup
It is advisable to test the setup periodically during the installation phase. Depending on which stage of the installation process you are currently on, some of these links may not be activated. However, all these links should work after the entire installation is complete.
- Cloud.ear: https://*hostname*:9443/cloud/rest/templates/
- TSAM REST: https://*hostname*:9443/maxrest/rest/mbo/PO
- IL REST: https://*hostname*:9443/ilrest/rest/os/TPV01IMGLIBENTRYMSTR
- MEAWeb UI: http://*hostname*:80/meaweb/verify
- Web2.0 UI: https://*hostname*:9443/SimpleSRM
Note: Here *hostname* refers to the management server hostname/IP address.
12 useful verification tests to check the sanity of the installation
You can execute these at the end of each segment during the installation phase to verify middleware and Tivoli Provisioning Manager status, the WebSphere Application Server Console and Agent Manager URLs, and more.
Verify Middleware status
Location: Management server
/images/install_images/TSAMBASE7200/install/tools/tsam_middleware.sh status User Name / Password Details: tioadmin/<your password> WAS: wasadmin/<your password> Database (MAXDB71): maximo/<your password>
Verify Tivoli Provisioning Manager status
Location: Management server
Scripts used for TPM start/stop -
Location: Management server
/opt/IBM/tivoli/tpm/tools/tio.sh <start/stop> /opt/IBM/tivoli/tpm/tools/tio.sh <start/stop> -t - TPM /opt/IBM/tivoli/tpm/tools/tio.sh <start/stop> -w - WAS
Verify WebSphere Application Server Console URL
https://*hostname*:9043/ibm/console/logon.jsp Username: wasadmin Password: <your password>
Verify Agent Manager URL
Verify HMC Console
https://<your HMC server hostname>/hmc/connect Username: hscroot Password: <your password>
Verify Maximo URL
https:// *hostname*:9443/maximo/ui/login Username: maxadmin Password: <your password>
Verify Maximo Help URL
Verify Device Manager Trace Servlet
Verify Dynamic Content delivery URL
http:// *hostname*:9080/admin/ Username: maxadmin Password: <your password>
Login to verify management server after starting Tivoli Provisioning Manager.
/usr/ibm/tivoli/common/COP/logs/tio_start.log /usr/ibm/tivoli/common/COP/logs/tio_start_service.log /opt/IBM/tivoli/tpm/lwi/logs /usr/IBM/WebSphere/AppServer/profiles/ctgDmgr01/logs/dmgr /usr/IBM/WebSphere/AppServer/profiles/ctgAppSrv01/logs/nodeagent /usr/IBM/WebSphere/AppServer/profiles/ctgAppSrv01/logs/MXServer /usr/IBM/WebSphere/AppServer/profiles/casprofile/logs/server1
Login to verify admin server
How to check your Service Request Manager (SRM) installation version
Your SRM installation is fine if you can see the installed version through Help > System Information in the Maximo GUI (Figure 2).
Figure 2. Checking SRM installation version
A better way to start the Tivoli Service Automation Manager middleware
Instead of using the supplied middleware start script, tsm_middleware.sh, it is better to start the middleware and Tivoli Provisioning Manager using the following procedure (the manual way of starting it):
Start DB as ctginst1, db2inst1,and idsccmdb:
su - ctginst1 -c "db2start";su - db2inst1 -c "db2start";su - idsccmdb -c "db2start";
Starting LDAP as idsccmdb:
/opt/IBM/ldap/V6.2/bin/idsdirctl -D cn=root -w <your password> start
Starting WebSphere Application Server and Tivoli Provisioning Manager as tioadmin:
su - tioadmin cd $TIO_HOME/tools ./tio.sh start
Minimum Firefox 184.108.40.206 recommended
Older versions of Firefox are unable to launch the Tivoli Service Automation Manager Install launchpad. Use version 220.127.116.11 for best results.
An issue with sendmail
If you find that the mail functionality is not working on the management server, be sure to check to see if the sendmail daemon is running; if not, manually start sendmail.
Some sample cloud test cases
Finally, I offer a checklist of sample use cases which can be executed through the self-service GUI once the private cloud setup is complete. The list covers most areas you'll want to test functionality in. Again, the instructions on how to execute these tasks are provided in the Tivoli Service Automation Manager user guide.
- Managing users
- Creating new teams
- Modifying team information
- Removing a team
- Modifying user information
- Removing a user
- Creating a project and adding virtual servers
- Request approval process
- Adding virtual servers to an existing project
- Modifying reservation dates
- Canceling a project
- Modifying server
- Resetting a server password
- Restarting a server
- Removing a virtual server
- Starting a server
- Stopping a server
- Backing up and restoring server images
- Creating server image
- Removing a virtual server image
- Restoring a server from image
- Managing Image Library
- Registering an image in the Image Library
- Unregistering an image in the Image Library
In this final article, I provided the background planning concepts for a real-world project implementation to build an on-premise IaaS/PaaS cloud, including:
- What the user roles are and the permissions assigned to each.
- The basics of how the cloud provisioning process works.
- The knowledge (tips and tricks) that the team gathered from its real-world experience building the cloud system.
- A checklist of exercises you can perform once you're up and running to thoroughly test your private cloud.
In Part 2, I explained:
- The overall steps in the installation and configuration processes (the individual details are to be found in the installation/configuration guides of the software components you choose). This includes preparing the management and administration servers, configuring the cloud software, and attending to post-installation activities.
- Integrating Tivoli Service Automation Manager with other Tivoli products to increase productivity (such as ITUAM to provide monitoring/billing services).
In Part 1, I explained:
- The five development phases: Requirements ID, infrastructure setup, architecture/deployment models, the infrastructure build, deployment.
- Some details on the unique solutions designed for this project: A service view to separate consumer and provider, how to assess and build the service definition, and how components were chosen.
- The typical cloud structure and how components interact.
- The software/hardware requirements list for this project.
With this series as a guide, you have a good start to planning and implementing your own on-premise IaaS/PaaS cloud.
I would like to express my gratitude to the following members of my team who were involved in this engagement and directly or indirectly provided inputs to this article: Biswajit Mohapatra, Debasis R. Choudhuri, Santhosh Vandyil, Birla P. Raj.
I would also like to thank the India Cloud Lab team and the IBM Software Group, Poland and Germany, for their valuable guidance during this engagement.
- For Tivoli Service Automation Manager, product manuals, installation guides, and other documentation are available in the IBM Tivoli Service Automation Manager Documentation Center.
- In the developerWorks cloud developer resources, discover and share knowledge and experience of application and services developers building their projects for cloud deployment.
- The next steps: Find out how to access IBM SmartCloud Enterprise.
- For technical developer content and resources for cloud computing, see Cloud computing: Fundamentals.
- Follow developerWorks on Twitter.
Get products and technologies
- See the product images available for IBM SmartCloud Enterprise.
- Join a cloud computing group on developerWorks.
- Read all the great cloud blogs on developerWorks.
- Join the developerWorks community, a professional network and unified set of community tools for connecting, sharing, and collaborating.
Dig deeper into Cloud computing on developerWorks
Exclusive tools to build your next great app. Learn more.
Crazy about Cloud? Sign up for our monthly newsletter and the latest cloud news.
Deploy public cloud instances in as few as 5 minutes. Try the SoftLayer public cloud instance for one month.