GitHubContribute in GitHub: Edit online

Support

Case Severity Levels and Response Time

Support for MAS SaaS can be obtained by submitting a support case through the IBM support portal. You must have an IBMid and be registered for support before you can create a case. Cases are reviewed based on the severity level assigned. Please see table below for further details.

Before submitting a case, check to see if your issue can be addressed using the Self Service Portal (SSP). If a case/ticket is submitted to execute a request that is available on the Self Service Portal, the case will be rejected and closed. Customers can open a case if their job fails in the Self Service Portal. Be sure to include detail of failed job in the case. Please note as more Self Service features are added to Self Service Portal, the expectation is that customers will use this functionality in lieu of submitting individual support cases.

Case Severity Level Description Response Time Objective Response Time Coverage
1 Critical Business Impact/Service Down: Business critical functionality is inoperable or critical interface has failed. This should be used for Production environments only and indicates an inability to access services resulting in a critical impact on operations. Within 1 hour 24x7
2 Significant business impact: A service, business feature, or function of the service is severely restricted in its use, or you are in jeopardy of missing business deadlines. Within 2 business hours Monday – Friday business hours
3 Minor business impact: The service or functionality is usable and the issue does not represent a critical impact on operations. Within 4 business hours Monday – Friday business hours
4 Minimal business impact: An inquiry or non-technical request. Within 1 business day Monday – Friday business hours

Off Shift Weekend/Holiday Support (Severity 1 Only)

If you require support between the hours of Friday 8pm to Sunday 6pm US Eastern Time (and Christmas Day and New Years Day) for a Severity 1 case, the following steps are required:

  1. Log a new case using the IBM Support Community and set the Severity to 1 (only if not related to an existing Sev1). Provide as much detail as possible, including the business impact and confirm it is a production system issue.
  2. Call your local IBM Support Center (click here for IBM Directory of worldwide contacts) and request to speak to the duty engineer.

Failure to follow this process results in no support during off-shift hours.

Response Time Objective describes IBM's goals only and do not represent a guarantee of performance.

Business Hours reflect normal country business hours in your time zone. For example, 8:00 AM to 5:00 PM in North America or 9:00 AM to 6:00 PM in some parts of Asia and Europe, Monday through Friday, excluding weekends and national or statutory holidays.

For further details, please refer to the IBM Support Guide

MAS-SaaS Environment Route URLs

MAS Application Suite Instance:

https://main.home.INSTANCE_NAME.suite.maximo.com/

Admin:

https://maxinst.manage.INSTANCE_NAME.suite.maximo.com/toolsapi

INSTANCE_NAME = Your environment instance identifier found in your Welcome Letter.

Best Practices for Configuring Maximo Databases and Migrating Changes

The Maximo Database Configuration Application should be used for making database configuration changes. For further details, please see link below:

https://www.ibm.com/support/pages/best-practice-configuring-your-maximo-database

Migration Manager should be used for migrating changes from one environment to another (for example from DEV to TEST). For further details, please see link below:

https://www.ibm.com/docs/en/mas-cd/maximo-manage/continuous-delivery?topic=content-migration

The above processes have all validation built in, which reduces the chances of failure.

How to Access AWS S3 (Cloud Object Storage) Buckets

  • To access AWS S3 buckets you have to configure Rclone. Rclone is the utility via which you can access AWS S3 COS bucket(s) and upload/download the content.

  • To configure Rclone please use steps below. You will need this information while configuring Rclone.

  • A separate Rclone config is needed for each bucket as the access credentials for each bucket are unique.

  • Some buckets are read-only which means you can only download data from that bucket while some are read/write meaning you can upload and download data.

All Custfile bucket data will be purged automatically by IBM SRE when it is 15 days old. All Log bucket data will be purged automatically when it is 30 days old.

You need to have reveived a Welcome Letter from IBM before you can complete any of the steps below.

AWS Command Line Interface (CLI)

The AWS Command Line Interface (CLI) is a powerful tool for managing AWS services from the command line. This section provides instructions for configuring and using the AWS CLI specifically for Amazon S3 (Simple Storage Service).

This section provides guidance for configuring and using AWS CLI with Amazon S3. It is intended for informational purposes only. Users are responsible for ensuring that they have the necessary permissions and adhere to best practices when working with AWS resources. Troubleshooting and support related to AWS services should be carried out by the user or by contacting the official AWS support team.

Installation: Please review the steps on installation on the offical AWS website here: https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html

Configuring AWS CLI for S3 There are two ways to do this, you can specify the profile if you are going to have multiple connections (or buckets) or you can configure it for one-off use which is more for a customer if they have one S3 bucket. The latter will not be the norm. Use the command below:

aws configure --profile <profile_name>

Steps:

  1. Enter the name of the profile you would like to use for the S3 bucket
  2. Enter the Access Key
  3. Enter the Secret Access Key
  4. The default region can be left blank (if you know the region, enter it)
  5. Default output = text

Example:

-> aws configure --profile massaas-cos-sretest-dev-as-n-04-vir-custfiles                                                                               
AWS Access Key ID [None]: AWSACCESSKEYID
AWS Secret Access Key [None]: *****************************
Default region name [None]:
Default output format [None]:

Viewing profiles:

To list all profiles, you need to view the AWS configuration file.

cat ~/.aws/config

File: /Users/username1/.aws/config
   1   │ [default]
   2   │ region = ap-southeast-2
   3   │ output = text
   4   │ [profile massaas-cos-sretest-dev-as-n-04-vir-custfiles]

Once you have the profile name, we can move on to some use cases.

Using AWS CLI for S3

Action Command Description
List Objects in Bucket aws s3 ls s3://<bucket_name> --profile <profile_name> Lists objects within a specific S3 bucket
Copy File to Bucket aws s3 cp <local_file_path> s3://<bucket_name>/<destination_file_path> --profile <profile_name> Copies a file to an S3 bucket
Copy Directory to Bucket aws s3 cp <local_directory_path> s3://<bucket_name>/<destination_directory_path> --recursive --profile <profile_name> Copies a directory to an S3 bucket
Sync Local Directory aws s3 sync <local_directory_path> s3://<bucket_name>/<destination_directory_path> --profile <profile_name> Syncs a local directory with an S3 bucket
Delete Object from Bucket aws s3 rm s3://<bucket_name>/<object_key> --profile <profile_name> Deletes an object from a bucket
Delete Multiple Objects aws s3 rm s3://<bucket_name>/ --recursive --profile <profile_name> Deletes multiple objects matching a prefix

Examples:

# Listing files
~ > aws s3 ls s3://massaas-cos-sretest-dev-as-n-04-vir-custfiles --profile massaas-cos-sretest-dev-as-n-04-vir-custfiles
 
2024-02-22 10:15:35         16 test.txt
2024-02-14 19:40:20          0 test_file
2024-02-15 05:48:58          0 testing.txt
~ >

# Copying files from local to S3 destination
~ > aws s3 cp sre_test_files.txt s3://massaas-cos-sretest-dev-as-n-04-vir-custfiles/sre_test_files.txt --profile massaas-cos-sretest-dev-as-n-04-vir-custfiles
upload: ./sre_test_files.txt to s3://massaas-cos-scgov-dev-as-n-04-vir-custfiles/sre_test_files.txt

~ > aws s3 ls s3://massaas-cos-sretest-dev-as-n-04-vir-custfiles/sre_test_files.txt --profile massaas-cos-sretest-dev-as-n-04-vir-custfiles
2024-03-01 07:59:57          0 sre_test_files.txt

# Deleting files from S3
~ > aws s3 rm s3://massaas-cos-sretest-dev-as-n-04-vir-custfiles/sre_test_files.txt --profile massaas-cos-sretest-dev-as-n-04-vir-custfiles
delete: s3://massaas-cos-sretest-dev-as-n-04-vir-custfiles/sre_test_files.txt

Official Documentation:

Install or update to the latest version of the AWS CLI - AWS Command Line Interface (amazon.com): https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html

Use high-level (s3) commands with the AWS CLI - AWS Command Line Interface (amazon.com): https://docs.aws.amazon.com/cli/latest/userguide/cli-services-s3-commands.html

Rclone Configuration - Step-by-Step Guide

Pre-requisite Steps:

  1. Install the Rclone Tool:

    https://cloud.ibm.com/docs/cloud-object-storage?topic=cloud-object-storage-rclone

  2. Review your Welcome Letter from the IBM MAS-SaaS Provision Team. It should contain the following details:

  • Public Endpoint

    For example:

    s3.us-east.cloud-object-storage.appdomain.cloud ==> us-east

    or

    s3.eu-de.cloud-object-storage.appdomain.cloud ==> eu-de

  • Access_key_id

  • Secret_access_key

  • Bucket Name

Terminal Steps:

Step-by-step guide:

  1. Open your terminal.
  2. Run rclone config and select n for a new remote.
  3. Enter a name for the configuration.
  4. Enter 5 for Storage (AWS S3)
  5. Enter 1 for Provider (AWS S3)
  6. Press Enter for env_auth (false)
  7. Enter the access_key_id provided in your Welcome Letter.
  8. Enter the secret_access_key provided in your Welcome Letter.
  9. Press Enter for region.
  10. Choose a number for the region defined in your Welcome Letter: Example: Enter 1 for US East (N. Virginia) / us-east-1
  11. Choose a number for the location constraint defined in your Welcome Letter: Example: Enter 1 for US East (N. Virginia)/ us-east-1
  12. Choose private for option acl. Choose AES256 for server_side_encryption.
  13. Press Enter for none for sse_kms_key_id. Choose Default for the storage_class.
  14. Enter No for "Edit advanced config?".
  15. Enter Yes for y/e/d: You will see your Current Remotes configuration list.
  16. Enter q for e/n/d/r/c/s/q to Quit config.

Common Commands

Use these common commands to upload/download data to and from COS

Table 1. Common IBM COS (Cloud Object Storage) Commands
Description Command Example
List contents of a bucket rclone ls RemoteName:newbucket
Copy a file from local to remote (COS) rclone copy /Users/file.txt RemoteName:bucketname
Copy a file from remote (COS) to local rclone copy RemoteName:bucketname /Users/Documents/
rclone sync rclone sync source:path dest:path

Accessing Server Logs for Maximo Manage

Below are the steps required to upload server bundle logs from your log location on WebSphere Application Server Liberty.

Make the following API request:

The API request creates an entry in the LOGREQUEST table of the Maximo Manage database for each server bundle. A continuously running cron task uploads the compressed log files to your S3 storage location when the table is updated. The name of each file contains the source location and the timestamp of when the command started to run. You will have a Bucket for Logs. This bucket name will be defined in your Welcome Letter.

ODBC Connectivity

Connecting to the MAS Manage database using a DB2 ODBC Driver

  • Download the ODBC driver for your DB2 Version using the link below. The ODBC driver should match with the DB2 database version on Cloud. If you do not know your DB2 version, please submit a case asking for this information.

https://www.ibm.com/support/pages/db2-odbc-cli-driver-download-and-installation-information

  • After you download the correct driver follow the steps in the applicable Installation section

Lastly open the ODBC data source administration and select the above installed driver. Enter the username and password in the Data Source section and add below parameters in the Advance Setting:

  • Database
  • Hostname
  • Port
  • Security - SSL
  • SSLServerCertificate <- Path of the your database certificate which we have provided to make the ssl connection

Please note ODBC driver setup and configuration with your specific tool is not support by IBM. The above information is provided for reference purposes only.

Integration

Maximo Manage Queues

The MAS Manage environments use Kafka queues for event stream processing. The Kafka setup will be completed by the IBM MAS-SaaS SRE provisioning team.

Exporting and Importing File-based data in Maximo Manage

See link below for further information on Exporting and Importing File-based data in Maximo Manage:

https://www.ibm.com/docs/en/mas-cd/maximo-manage/continuous-delivery?topic=applications-exporting-importing-file-based-data

Administrative Utilities (API Calls)

You can run script commands for several key utilities by using API requests. The script commands can run the integrity checker utilities, start and stop the Maximo® Manage pods, download log files or a list of log files, and upload logs to Simple Storage Service (S3) Cloud Object Storage.

Table 1. Sample API Calls
Description API Call Example
Generate the integrity checker log POST https://Adminurl/toolsapi/toolservice/icheckerreport
Get an integrity checker log GET https://Adminurl/toolsapi/toolservice/toolslog?logfile=name of report from icheckerreport request
Get a list of all tools logs GET https://Adminurl/toolsapi/toolservice/toolslog
Run the integrity checker utility POST https://Adminurl/toolsapi/toolservice/icheckerrepair
Upload logs from Maximo Manage pods to S3 Cloud Object Storage POST https://ManageInstanceHostname/maximo/api/service/logging?action=wsmethod:submitUploadLogRequest
Stop the Maximo Manage pods POST http://Adminurl/toolsapi/toolservice/managestop
Start the Maximo Manage pods POST http://Adminurl/toolsapi/toolservice/managestart

The Adminurl will be defined in the Welcome Letter.

The above API calls are only available in the non-production environments. The only call which is available for Prod environment is Upload logs from Maximo Manage pods to S3 Cloud Object Storage.

SAML SSO Configuration

The first step of the configuration is for the MAS SRE team to create the SAML Service Provider Information metadata file. For this setup the customer will need to provide the the User Identifier (Name ID) format. Below are the possible options for Name ID's.

  • email: 'urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress',
  • customize: formatMessage(messages.nameIDFormatCustomize),
  • encrypted: 'urn:oasis:names:tc:SAML:2.0:nameid-format:encrypted',
  • entity: 'urn:oasis:names:tc:SAML:2.0:nameid-format:entity',
  • kerberos: 'urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos',
  • persistent: 'urn:oasis:names:tc:SAML:1.1:nameid-format:persistent',
  • unspecified: 'urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified',
  • windowsDomainQualifiedName:'urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName',
  • x509SubjectName: 'urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName',

When creating a case requesting your SAML SSO setup please include one of the above User Identifiers in the case details.

MAS User and Identity Details: https://www.ibm.com/docs/en/mas-cd/continuous-delivery?topic=configuring-users-identity

MAS SAML Authentication: https://www.ibm.com/docs/en/mas-cd/continuous-delivery?topic=authentication-methods#configuring-authentication__saml-authentication__title__1

LDAP user registry synchronization

User registry synchronization simplifies Maximo Application Suite user management by synchronizing users and groups between an LDAP server and your local Maximo Application Suite user registry. To initiate the LDAP Authentication setup you will need to submit a case to the IBM Support Community with the following details.

Configuration parameters

LDAP domain attributes:

  • URL – ldaps://hostname:port
  • Bind DN
  • Bind Password
  • Base DN
  • User ID map

User synchronization:

  • User Base DN
  • User ID map
  • User filter

Group synchronization:

  • Group Base DN
  • Group filter
  • Group ID map
  • Group member ID map

Other:

  • Synchronization schedule
  • Identity provider
  • Default permissions

Typically a site-to-site VPN is required to make a connection from the MAS-SaaS environment to your LDAP server.

Additional details on LDAP user registry synchronization can be found here: https://www.ibm.com/docs/en/mas-cd/continuous-delivery?topic=identity-ldap-user-registry-synchronization

SMTP Setup

MAS SMTP Configuration

To enable outbound emails from your Maximo Application Suite SaaS environment from the provided SMTP relay, you must raise an IBM Support case to configure SMTP Domain Authentication. Completing this configuration will allow you to send email from hosted Manage environment as your %CUSTOMERNAME% domain email addresses. If you plan to use your own SMTP host, this process will not apply.

In the case, please include:

  • Case title: SMTP / outbound email activation
  • Case description: Please initiate domain authentication for customerdomain.com. This domain should align with the email addresses used in Manage. Please provide contact details / email address of a person who has access to add DNS records for the domain(s) you specify. With these details the IBM SRE Team can generate the DKIM / Domain Authentication records which will be sent to the contact you specify (which has access to add DNS records). Once said contact adds the DNS records, the IBM SRE team will then need to perform a lookup / validation to ensure these records are intact. Once validated, customer will be able to send email as email addresses from the domain(s) specified.

If SendGrid DKIM records already exist in the DNS server in question, please let the IBM SRE team know so they can generate a unique DKIM selector.

Customer Managed SMTP Configuration

If you plan to use your own SMTP server instead of the provided MAS SMTP relay, you must raise an IBM Support case.

In the case, please include:

  1. Case title: SMTP / outbound email activation
  2. Case description: Please configure our MAS-SaaS environment to use the following SMTP server:
  • SMTP hostname
  • SMTP Port
  • SMTP user
  • SMTP password
  • SMTP SSL Certificate (if using SMTP over SSL / port 465)
  • Sender Address (the email address that MAS should send FROM / as)

Once this case and details are received, we generate and send 3 DNS records for you to add to your DNS server to complete the outbound email configuration.

Site-to-Site IPsec VPN

A Site-to-Site IPsec VPN can be configured between the AWS Cloud environment and a customer site or third party location. This type of VPN establishes a persistent tunnel between the two sites. Site-to-Site VPNs are not configured by default. The setup and configuration of a Site-to-Site VPN can be complex and will require both IBM and the customer's network SMEs to work together. Initial VPN settings and shared parameters must first be agreed upon by both parties. Source and destination IPs must then be determined along with the type and direction of traffic. The tunnel must be stood up, along with routing, IP Address NATing, and applicable firewall rules on both sides. VPNs can take 2-4 weeks to design, setup, test and validate (from start to finish). Proper time should be allowed for a VPN build when planning integrations or services will that depend on it for connectivity. MAS-SaaS customers must specifically request a VPN by submitting a case to the IBM Support Community.

Only one case is needed for VPN setup and can cover configuration for multiple environments (DEV, TEST, PROD, etc).

It is important to bear in mind a VPN may not necessarily be needed to establish certain types of connectivity. Some integration types can run over HTTPS and/or Cloud Object Storage (AWS S3) and may not require a VPN.

Currently MAS on AWS does not support NAT on the MAS side in Site-to-Site VPN configurations.

Maximo Mobile

For questions related to use of Maximo Mobile in MAS-SaaS Manage, please refer to the links below: