Real-world journey to your own private cloud, Part 3: Use the cloud

Discover how cloud provisioning works with the system

In this article series, the author outlines the process, from conception to deployment, that his team used to build a private, on-premise cloud environment that incorporates structures found in Infrastructure as a Service (IaaS) and Platform as a Service (PaaS) cloud service models. The cloud environment is constructed with software and hardware components chosen by the team; however, the article contains knowledge and instruction that can be used regardless of technologies you choose. Part 3 defines IBM® Tivoli® System Automation Manager (TSAM) user roles, provides an example of the cloud provisioning process and a list of sample exercises the user can do to test the implementation, and shows you some general tricks and tips we learned in implementing the project.


Joydipto Banerjee, Application Modernization Consultant, IBM  

Joydipto BanerjeeJoydipto Banerjee is a Senior IT Specialist with the Business Application Modernization group of IBM. He was a key member of the team that developed a cloud dynamic infrastructure solution as a first step towards enabling IBM India Global Delivery with a cloud computing environment. Joydipto holds a Bachelor of Engineering degree in Computer Science and was a recipient of the 2010 IBM Global Technical Achievement Award.

developerWorks Contributing author

11 July 2011

Also available in Chinese Japanese

This article details an actual pilot implementation project of a private cloud deployment model recently completed by the IBM® Global Delivery team. The initiative was accomplished by leveraging an IBM hardware and software stack, the software in this case is Tivoli®, as part of the strategic roadmap. The goal of this article (designed for IT specialists, architects, and technical team leaders) is to provide a reference guild for any cloud-related engagement; I think you'll find information in this article that is useful to all levels of experience — from beginners to advanced professionals.

This article assumes you have knowledge of basic cloud computing concepts and operations; you should also be familiar with AIX®, Power®VM, and virtualization concepts. You do not need extensive knowledge of WebSphere®, DB2®, or Tivoli products, but I do mention the use of those products in this article.

Topics covered include:

  • Tivoli Service Automation Manager and Tivoli Directory Server user roles.
  • An example of the cloud provisioning process.
  • General tricks and tips learned in the project, including DB2 heap workarounds, various URLs that make it easy to test your installations, verification tests, alternative ways to start Tivoli Service Automation Manager, sendmail issue workaround, and browser usage recommendations.
  • A list of sample exercises the user can do to test the implementation.

Using the Tivoli Service Automation Manager private cloud

Let's start with a note about Tivoli Service Automation Manager's userid management.

User roles

During the installation of Tivoli Service Automation Manager, it also automatically installs an instance of Tivoli Directory Server (TSAM-TDS). The Web 2.0 self service user interface of Tivoli Service Automation Manager allows cloud administrators to add and remove cloud users. Tivoli Service Automation Manager is built on top of Tivoli Process Automation Engine (TPAE); when a cloud administrator uses the Web 2.0 user interface to add a user, the user's ID is added into TSAM-TDS. In addition, the user's information is also stored several Tivoli Process Automation Engine database tables, including MAXIMO.maxuser, MAXIMO.person, and

In other words, adding a user involves changing data in both TSAM-TDS and Tivoli Process Automation Engine. When a user logs on, the user is authenticated with TSAM-TDS.

Tivoli Service Automation Manager provides four types of user roles and any user has to be mapped into one of these:

  • Cloud admin: Can see and do everything. Create, modify, remove a team; create, modify, remove a user.
  • Cloud manager: Has read-only abilities of the cloud admin; can see everything but do nothing.
  • Team admin: Can see everything in his team area; can do all admin tasks for his team area.
  • Team user: Can see everything in his team area; can do no admin tasks for his team area.

Remember, a user can only have one of these roles. And a user can be in zero or more teams.

Cloud provisioning process

The Tivoli Service Automation Manager Web 2.0 GUI is self-explanatory. The goal of this user interface is to provide an easy-to-use interface that requires no training. Figure 1 shows the simple provisioning process.

Figure 1. Cloud provisioning process
Cloud provisioning process

Before you can provision, you should have completed a registration process to gain access to the cloud self-service portal. This means that only authorized users can gain access to the portal and place a request for provisioning.

Once the cloud user requests a service, a workflow is triggered whereby email notification is sent to the cloud administrators who can validate the request. If approved, the provisioning takes place automatically.

You will receive two email notifications regarding your provisioning. The first indicates that your service request has been accepted. The second contains your virtual hostname and connection information (sample below).

Sample notification of provisioning request details
Dear Joydipto Banerjee

You have started a new Project WAS_L2SOA with the following topology:

The server vioclient26ftp has been added with the following parameters:
    Hostname of Server: vioclient26ftp
    Number of CPU(s): 2
    Number of tenths of physical CPUs: 2
    Amount of Memory: 4096 MB
    Swap Size: 0 MB
    Disk Space Size: 20
    Admin Password:XXXXXX
    Link to the Server: http://vioclient26ftp:80

The user of group GBS USER has been notifed.

Your Service Automation Team

Use those details to connect to the new server via SSH.

Further details on how to use the various offerings in the self service portal are in the Tivoli Service Automation Manager user guide.

Tricks and tests you can use

Here are some tips, tricks, and workarounds learned in the progress of this project; you may find these useful.

Workaround DB2 heap problems

There seems to be an issue where DB2 does not get enough heap space. You may get errors like this:

9/7/09 3:13:01:956 EDT 0000002c SystemOut O 2009.09.07 03:13:01.955 com.tivoli.dms.common.DBOperation executeUpdate Tivoli Web Gateway Device_Manager_Server tsam72mgmt DB2 SQL Error: SQLCODE=-956, SQLSTATE=57011, SQLERRMC=null, DRIVER=3.53.70


SQL0956C Not enough storage is available in the database heap to process the statement.

You can workaround using the following procedure:

  1. Stop Tivoli Provisioning Manager (./ stop).
  2. Run the following commands:
    db2 connect to maxdb71
    db2 update db cfg using dbheap 6144
    db2 connect reset
    db2stop force

URLs to help you test your installation setup

It is advisable to test the setup periodically during the installation phase. Depending on which stage of the installation process you are currently on, some of these links may not be activated. However, all these links should work after the entire installation is complete.

Note: Here *hostname* refers to the management server hostname/IP address.

12 useful verification tests to check the sanity of the installation

You can execute these at the end of each segment during the installation phase to verify middleware and Tivoli Provisioning Manager status, the WebSphere Application Server Console and Agent Manager URLs, and more.

Verify Middleware status
Location: Management server

/images/install_images/TSAMBASE7200/install/tools/ status
            User Name / Password Details: tioadmin/<your password>
WAS: wasadmin/<your password>
Database (MAXDB71):  maximo/<your password>

Verify Tivoli Provisioning Manager status
Location: Management server


Scripts used for TPM start/stop -
Location: Management server

/opt/IBM/tivoli/tpm/tools/ <start/stop>    
/opt/IBM/tivoli/tpm/tools/ <start/stop> -t  - TPM 
/opt/IBM/tivoli/tpm/tools/ <start/stop> -w  - WAS

Verify WebSphere Application Server Console URL

Username: wasadmin
Password: <your password>

Verify Agent Manager URL


Verify HMC Console

https://<your HMC server hostname>/hmc/connect
Username: hscroot
Password: <your password>

Verify Maximo URL

https:// *hostname*:9443/maximo/ui/login
Username: maxadmin
Password: <your password>

Verify Maximo Help URL

https:// *hostname*:9443/maximohelp/en/

Verify Device Manager Trace Servlet

http:// *hostname*:9080/dmserver/TraceServlet?trace=set

Verify Dynamic Content delivery URL

http:// *hostname*:9080/admin/
Username: maxadmin
Password: <your password>

Login to verify management server after starting Tivoli Provisioning Manager.


Login to verify admin server


How to check your Service Request Manager (SRM) installation version

Your SRM installation is fine if you can see the installed version through Help > System Information in the Maximo GUI (Figure 2).

Figure 2. Checking SRM installation version
Checking SRM installation version

A better way to start the Tivoli Service Automation Manager middleware

Instead of using the supplied middleware start script,, it is better to start the middleware and Tivoli Provisioning Manager using the following procedure (the manual way of starting it):

Start DB as ctginst1, db2inst1,and idsccmdb: su - ctginst1 -c "db2start";su - db2inst1 -c "db2start";su - idsccmdb -c "db2start";

Starting LDAP as idsccmdb: /opt/IBM/ldap/V6.2/bin/idsdirctl -D cn=root -w <your password> start

Starting WebSphere Application Server and Tivoli Provisioning Manager as tioadmin:

su - tioadmin
cd $TIO_HOME/tools
./   start

Minimum Firefox recommended

Older versions of Firefox are unable to launch the Tivoli Service Automation Manager Install launchpad. Use version for best results.

An issue with sendmail

If you find that the mail functionality is not working on the management server, be sure to check to see if the sendmail daemon is running; if not, manually start sendmail.

Some sample cloud test cases

Finally, I offer a checklist of sample use cases which can be executed through the self-service GUI once the private cloud setup is complete. The list covers most areas you'll want to test functionality in. Again, the instructions on how to execute these tasks are provided in the Tivoli Service Automation Manager user guide.

  1. Managing users
    1. Creating new teams
    2. Modifying team information
    3. Removing a team
    4. Modifying user information
    5. Removing a user
  2. Creating a project and adding virtual servers
  3. Request approval process
  4. Adding virtual servers to an existing project
  5. Modifying reservation dates
  6. Canceling a project
  7. Modifying server
    1. Resetting a server password
    2. Restarting a server
    3. Removing a virtual server
    4. Starting a server
    5. Stopping a server
  8. Backing up and restoring server images
    1. Creating server image
    2. Removing a virtual server image
    3. Restoring a server from image
  9. Managing Image Library
    1. Registering an image in the Image Library
    2. Unregistering an image in the Image Library

In conclusion

In this final article, I provided the background planning concepts for a real-world project implementation to build an on-premise IaaS/PaaS cloud, including:

  • What the user roles are and the permissions assigned to each.
  • The basics of how the cloud provisioning process works.
  • The knowledge (tips and tricks) that the team gathered from its real-world experience building the cloud system.
  • A checklist of exercises you can perform once you're up and running to thoroughly test your private cloud.

In Part 2, I explained:

  • The overall steps in the installation and configuration processes (the individual details are to be found in the installation/configuration guides of the software components you choose). This includes preparing the management and administration servers, configuring the cloud software, and attending to post-installation activities.
  • Integrating Tivoli Service Automation Manager with other Tivoli products to increase productivity (such as ITUAM to provide monitoring/billing services).

In Part 1, I explained:

  • The five development phases: Requirements ID, infrastructure setup, architecture/deployment models, the infrastructure build, deployment.
  • Some details on the unique solutions designed for this project: A service view to separate consumer and provider, how to assess and build the service definition, and how components were chosen.
  • The typical cloud structure and how components interact.
  • The software/hardware requirements list for this project.

With this series as a guide, you have a good start to planning and implementing your own on-premise IaaS/PaaS cloud.


I would like to express my gratitude to the following members of my team who were involved in this engagement and directly or indirectly provided inputs to this article: Biswajit Mohapatra, Debasis R. Choudhuri, Santhosh Vandyil, Birla P. Raj.

I would also like to thank the India Cloud Lab team and the IBM Software Group, Poland and Germany, for their valuable guidance during this engagement.



Get products and technologies



developerWorks: Sign in

Required fields are indicated with an asterisk (*).

Need an IBM ID?
Forgot your IBM ID?

Forgot your password?
Change your password

By clicking Submit, you agree to the developerWorks terms of use.


The first time you sign into developerWorks, a profile is created for you. Information in your profile (your name, country/region, and company name) is displayed to the public and will accompany any content you post, unless you opt to hide your company name. You may update your IBM account at any time.

All information submitted is secure.

Choose your display name

The first time you sign in to developerWorks, a profile is created for you, so you need to choose a display name. Your display name accompanies the content you post on developerWorks.

Please choose a display name between 3-31 characters. Your display name must be unique in the developerWorks community and should not be your email address for privacy reasons.

Required fields are indicated with an asterisk (*).

(Must be between 3 – 31 characters.)

By clicking Submit, you agree to the developerWorks terms of use.


All information submitted is secure.

Dig deeper into Cloud computing on developerWorks

  • developerWorks Premium

    Exclusive tools to build your next great app. Learn more.

  • Cloud newsletter

    Crazy about Cloud? Sign up for our monthly newsletter and the latest cloud news.

  • Try SoftLayer Cloud

    Deploy public cloud instances in as few as 5 minutes. Try the SoftLayer public cloud instance for one month.

Zone=Cloud computing, Tivoli
ArticleTitle=Real-world journey to your own private cloud, Part 3: Use the cloud