Preparing on-premises Operations Management
Prepare an on-premises Operations Management installation, in which Event Analytics is disabled.
Before you begin
The following requirements are met:
- The primary and backup ObjectServers in the on-premises Operations Management installation are running, and are listening on external IP addresses.
Note: Integration with on-premises IBM® Agile Service Manager is not supported for
hybrid deployments.
Procedure
- Install on-premises Operations Management. If Operations Management V1.6.9 is not already installed, then install it, or upgrade to it. For more information, see Installing Operations Management on premises.
- If an on-premises IBM Agile Service Manager is configured with
your on-premises Operations Management installation, then you must
remove it, or edit
$ASM_HOME/etc/nasm-ui.yml
and setDASHFEDERATION__ENABLED=false
to stop the on-premises IBM Agile Service Manager user interface repeatedly registering itself with DASH. Then, restart IBM Agile Service Manager with the command$ASM_HOME/bin/asm_start.sh
. - Disable Event Analytics. In a hybrid installation, the on-premises Event Analytics capability must be disabled before the cloud native components are installed.
- Remove the
ncw_analytics_admin
role from each of your users.- Select Console Settings->User Roles and select your user from the users who are listed in Available Users.
- Remove the role
ncw_analytics_admin
for your user and save the changes. - Repeat for each of your users, and then log out and back in again.
- Remove the ObjectServer source for cloud native analytics from the IBM
Tivoli®
Netcool/Impact data
model.
- Log in to the Netcool/Impact UI with a URL in the
following format
https://impact_host:impact_port/ibm/console
. - In the Netcool/Impact UI, from the list of available projects, select the NOI project.
- Select the Data Model tab, and then ObjectServerForNOI.
- Remove the value in the Password field, and then change the Host Name for the Primary Source and Backup Source so that they do not point to an ObjectServer.
Note: When you have completed your hybrid installation, you must re-enable the on-premises Event Analytics capability. For more information, see Connecting on-premises Event Analytics. - Log in to the Netcool/Impact UI with a URL in the
following format
- Remove the
- Check available space on the ObjectServer. For more information, see Checking space on the ObjectServer in your hybrid deployment.
- Create an SQL file with the following content:
alter table alerts.status add RunbookID varchar(2048); alter table alerts.status add RunbookParameters varchar(2048); alter table alerts.status add RunbookURL varchar(2048); alter table alerts.status add RunbookStatus varchar(2048); alter table alerts.status add RunbookParametersB64 varchar(2048); alter table alerts.status add RunbookIDArray varchar(2048); go
By running the command:
Where $NCHOME, servername and $OMNIBUS_ROOT_PWD need to be replaced with the appropriate values.$NCHOME/omnibus/bin/nco_sql -server ${servername} -username root -password "$OMNIBUS_ROOT_PWD" < created_sql_file.sql
- Ensure that the WebSphere® certificate is not self-signed, and create a new certificate if required.
The on-premises DASH/WebGUI server cannot use the default self-signed WebSphere certificate in a hybrid deployment. It must use a certificate that is signed by a certificate authority (CA).
If your WebSphere certificate is self-signed, then you must create a new CA signed certificate. The CA signed certificate can be obtained from a well-known CA, or it can be generated by usingopenssl
or similar tools. The server certificate must:- not have expired
- not be self-signed
- have a
Common Name
orAlternative Name
that matches the hostname
If you are not using a well-known CA, then you must add the trusted certificate authority certificates to the cloud native components configmap. For more information, see Creation of configmap for access to on-premises WebSphere Application Server. This is so that the cloud native components trust the DASH/WebGUI server certificate.
These certificates must be in aPEM
format, which can be identified by a section like this:-----BEGIN CERTIFICATE----- MIIFgDCCA2igAwIBAgIJA... -----END CERTIFICATE-----
You might need to concatenate intermediate and root certificates in the same file for the chain of trust to be complete, as in this example.-----BEGIN CERTIFICATE----- MIIFgDCCA2igAwIBAgIJA... cert1 -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIFcfCkf2igAwIFiglJ4... cert2 -----END CERTIFICATE-----
Note: The virtual machine (VM) and Red Hat® OpenShift® Container Platform components of IBM Netcool Operations Insight must be on the same top-level domain, for example, ibm.com. If these components are not on the same top-level domain, then the hybrid setup works only with theSameSite=None
attribute, which is less secure than theSameSite=Strict
attribute. Hence it is preferred to use the same top-level domain for the VM and Red Hat OpenShift Container Platform components instead of changing theSameSite
attribute.