Preparing on-premises Operations Management
Prepare an on-premises Operations Management installation, in which Event Analytics is disabled.
Before you begin
The following requirements are met:
- The primary and backup ObjectServers in the on-premises Operations Management installation are running, and are listening on external IP addresses.
Note: Integration with on-premises IBM® Agile Service Manager is not supported for
hybrid deployments.
Procedure
- Install on-premises Operations Management. If Operations Management V1.6.11 is not already installed, then install it, or upgrade to it. For more information, see Installing Operations Management on premises.
- If an on-premises IBM Agile Service Manager is configured with
your on-premises Operations Management installation, then you must
remove it, or edit
$ASM_HOME/etc/nasm-ui.yml
and setDASHFEDERATION__ENABLED=false
to stop the on-premises IBM Agile Service Manager user interface repeatedly registering itself with DASH. Then, restart IBM Agile Service Manager with the command$ASM_HOME/bin/asm_start.sh
. - Disable Event Analytics. In a hybrid installation, the on-premises Event Analytics capability must be disabled before the cloud native components are installed.
- Remove the
ncw_analytics_admin
role from each of your users.- Select Console Settings->User Roles and select your user from the users who are listed in Available Users.
- Remove the role
ncw_analytics_admin
for your user and save the changes. - Repeat for each of your users, and then log out and back in again.
- Remove the ObjectServer source for cloud native analytics from the IBM
Tivoli®
Netcool/Impact data
model.
- Log in to the Netcool/Impact UI with a URL in the
following format
https://impact_host:impact_port/ibm/console
. - In the Netcool/Impact UI, from the list of available projects, select the NOI project.
- Select the Data Model tab, and then ObjectServerForNOI.
- Remove the value in the Password field, and then change the Host Name for the Primary Source and Backup Source so that they do not point to an ObjectServer.
Note: When you complete your hybrid installation, you must re-enable the on-premises Event Analytics capability. For more information, see Connecting on-premises Event Analytics. - Log in to the Netcool/Impact UI with a URL in the
following format
- Remove the
- Check available space on the ObjectServer. For more information, see Checking space on the ObjectServer in your hybrid deployment.
- Create an SQL file with the following content:
alter table alerts.status add RunbookID varchar(2048); alter table alerts.status add RunbookParameters varchar(2048); alter table alerts.status add RunbookURL varchar(2048); alter table alerts.status add RunbookStatus varchar(2048); alter table alerts.status add RunbookParametersB64 varchar(2048); alter table alerts.status add RunbookIDArray varchar(2048); go
By running the following command.
Where $NCHOME, servername and $OMNIBUS_ROOT_PWD need to be replaced with the appropriate values.$NCHOME/omnibus/bin/nco_sql -server ${servername} -username root -password "$OMNIBUS_ROOT_PWD" < created_sql_file.sql
- Ensure that the WebSphere® certificate is not
self-signed, and create a new certificate, if needed.
The on-premises DASH/WebGUI server cannot use the default self-signed WebSphere certificate in a hybrid deployment. It must use a certificate that is signed by a certificate authority (CA).
If your WebSphere certificate is self-signed, then you must create a new CA signed certificate. The CA signed certificate can be obtained from a well-known CA, or it can be generated by usingopenssl
or similar tools. The server certificate has the following attributes:- Not expired
- Not self-signed
- Has a
Common Name
orAlternative Name
that matches the hostname
If you are not using a well-known CA, then you must add the trusted certificate authority certificates to the cloud native components configmap. For more information, see Creation of configmap for access to on-premises WebSphere Application Server.. This step is for the cloud native components to trust the DASH or WebGUI server certificate.
These certificates must be in aPEM
format, which are identified by a section like this example:-----BEGIN CERTIFICATE----- MIIFgDCCA2igAwIBAgIJA... -----END CERTIFICATE-----
You might need to concatenate intermediate and root certificates in the same file for the chain of trust to be complete, as in this example.-----BEGIN CERTIFICATE----- MIIFgDCCA2igAwIBAgIJA... cert1 -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFcfCkf2igAwIFiglJ4... cert2 -----END CERTIFICATE-----
Note: The virtual machine (VM) and Red Hat® OpenShift® Container Platform components of IBM Netcool Operations Insight must be on the same top-level domain, for example, ibm.com. If these components are not on the same top-level domain, then the hybrid setup works only with theSameSite=None
attribute, which is less secure than theSameSite=Strict
attribute. Hence, it is preferred to use the same top-level domain for the VM and Red Hat OpenShift Container Platform components instead of changing theSameSite
attribute.