Alan Baugher

Monitoring the Identity Suite components with CA UIM

Discussion created by Alan Baugher Employee on Apr 5, 2018
Latest reply on Dec 14, 2018 by Alan Baugher

Team,

 

Paul konpa01 and I were testing the CA UIM solution with CA Identity Suite.

 

There are quite a few monitoring processes we can leverage, to promote the health of the CA Identity Suite solution and assist our clients to be proactive.   

 

Here is a view of the selective "monitoring probes" we have selected for CA Identity Suite.

 

 

While the UIM Linux Agent typically requires root access, we can run select monitoring using the vApp config/ec2-user ID.    To avoid installation, we have extracted the installation for Linux x64, and will be building instructions how to update the configuration files for the agent.   The local agent is aka a "robot".    The primary agent "nimbus" will call three (3) other sub-services: nimbus-controller, nimbus-spooler, nimbus-hdb.   Upon startup, the nimbus agent will call out to the management server and register itself.  The other sub-services will then listen on TCP 48000, 48001, 48007 for updates or configuration changes from the UIM Management UI.

-  After deploying/extracting the agent.   We are updating the robot.cfg file with sed commands to search/replace.

- Example:   

sed -i 's|robotip = 1.1.1.1|robotip = 172.31.56.159 |g' robot.cfg
sed -i 's|robotname =|robotname = IdentitySuite_Node1|g' robot.cfg
sed -i 's|hub_dns_name = UIM_HUB_HOSTNAME|hub_dns_name = 34.204.69.11|g' robot.cfg

 

 

 

One of the "monitoring probes" that have value for the CA Identity Suite, is the jboss probe.   This can be used for all three (3) wildfly installation.

More information about this feature is at:

https://docops.ca.com/ca-unified-infrastructure-management-probes/ga/en/alphabetical-probe-articles/jboss-jboss-monitoring/jboss-im-configuration

 

Other probes of interest:   url_response, jboss, jvm_monitor, apache, jdbc_response, processes, ldap_response

 

 

We are building a table to assist where the value will be for each monitoring probe we have selected.

- We expect to add others, include standard system monitoring, e.g. CPU, Disk, Memory, Network.

Paul will be collecting his notes to share.

 

 

 

 

 

 

Cheers,

 

Alan & Paul konpa01

 

Edit:  4/12/2018

 

View of the running UIM (nimbus) processes.

 

View of the network ports that UIM (nimbus) processes are listening on:

 

Ensure that incoming TCP/UDP ports from UIM agent/robot to the UIM management server is open.  

Suggest range of TCP/UDP 48000-48500.

 

Example from AWS Security Groups (Inbound Services)

 

 

Example from MS Windows Server

 

 

Avoid this error message:

Outcomes