Preparing on-premises Operations Management

Prepare an on-premises Operations Management installation, in which Event Analytics is disabled.

Before you begin

The following requirements are met:
  • The primary and backup ObjectServers in the on-premises Operations Management installation are running, and are listening on external IP addresses.
Note: Integration with on-premises IBM® Agile Service Manager is not supported for hybrid deployments.

Procedure

  1. Install on-premises Operations Management.
    If Operations Management V1.6.11 is not already installed, then install it, or upgrade to it. For more information, see Installing Operations Management on premises.
  2. If an on-premises IBM Agile Service Manager is configured with your on-premises Operations Management installation, then you must remove it, or edit $ASM_HOME/etc/nasm-ui.yml and set DASHFEDERATION__ENABLED=false to stop the on-premises IBM Agile Service Manager user interface repeatedly registering itself with DASH. Then, restart IBM Agile Service Manager with the command $ASM_HOME/bin/asm_start.sh.
  3. Disable Event Analytics.
    In a hybrid installation, the on-premises Event Analytics capability must be disabled before the cloud native components are installed.
    1. Remove the ncw_analytics_admin role from each of your users.
      1. Select Console Settings->User Roles and select your user from the users who are listed in Available Users.
      2. Remove the role ncw_analytics_admin for your user and save the changes.
      3. Repeat for each of your users, and then log out and back in again.
    2. Remove the ObjectServer source for cloud native analytics from the IBM Tivoli® Netcool/Impact data model.
      1. Log in to the Netcool/Impact UI with a URL in the following format https://impact_host:impact_port/ibm/console.
      2. In the Netcool/Impact UI, from the list of available projects, select the NOI project.
      3. Select the Data Model tab, and then ObjectServerForNOI.
      4. Remove the value in the Password field, and then change the Host Name for the Primary Source and Backup Source so that they do not point to an ObjectServer.
      Note: When you complete your hybrid installation, you must re-enable the on-premises Event Analytics capability. For more information, see Connecting on-premises Event Analytics.
  4. Check available space on the ObjectServer. For more information, see Checking space on the ObjectServer in your hybrid deployment.
  5. Create an SQL file with the following content:
    alter table alerts.status add RunbookID varchar(2048);
    alter table alerts.status add RunbookParameters varchar(2048);
    alter table alerts.status add RunbookURL varchar(2048);
    alter table alerts.status add RunbookStatus varchar(2048);
    alter table alerts.status add RunbookParametersB64 varchar(2048);
    alter table alerts.status add RunbookIDArray varchar(2048);
    go
    By running the following command.
    $NCHOME/omnibus/bin/nco_sql -server ${servername} -username root -password "$OMNIBUS_ROOT_PWD" < created_sql_file.sql
    Where $NCHOME, servername and $OMNIBUS_ROOT_PWD need to be replaced with the appropriate values.
  6. Ensure that the WebSphere® certificate is not self-signed, and create a new certificate, if needed.

    The on-premises DASH/WebGUI server cannot use the default self-signed WebSphere certificate in a hybrid deployment. It must use a certificate that is signed by a certificate authority (CA).

    If your WebSphere certificate is self-signed, then you must create a new CA signed certificate. The CA signed certificate can be obtained from a well-known CA, or it can be generated by using openssl or similar tools. The server certificate has the following attributes:
    • Not expired
    • Not self-signed
    • Has a Common Name or Alternative Name that matches the hostname

    If you are not using a well-known CA, then you must add the trusted certificate authority certificates to the cloud native components configmap. For more information, see Creation of configmap for access to on-premises WebSphere Application Server.. This step is for the cloud native components to trust the DASH or WebGUI server certificate.

    These certificates must be in a PEM format, which are identified by a section like this example:
    -----BEGIN CERTIFICATE-----
    MIIFgDCCA2igAwIBAgIJA...
    -----END CERTIFICATE-----
    You might need to concatenate intermediate and root certificates in the same file for the chain of trust to be complete, as in this example.
    -----BEGIN CERTIFICATE-----
    MIIFgDCCA2igAwIBAgIJA... cert1
    -----END CERTIFICATE-----
    -----BEGIN CERTIFICATE-----
    MIIFcfCkf2igAwIFiglJ4... cert2
    -----END CERTIFICATE-----
    Note: The virtual machine (VM) and Red Hat® OpenShift® Container Platform components of IBM Netcool Operations Insight must be on the same top-level domain, for example, ibm.com. If these components are not on the same top-level domain, then the hybrid setup works only with the SameSite=None attribute, which is less secure than the SameSite=Strict attribute. Hence, it is preferred to use the same top-level domain for the VM and Red Hat OpenShift Container Platform components instead of changing the SameSite attribute.