© 2012 SEI 1

ContentsASM Team Actions

· Validate Active Directory Application Group· CMA (Central Monitoring Administration) Tasks

o GroupTag Policieso Monitoring Policieso Base Infrastructure Monitoring Policieso Base OS Monitoring Policies

· Admin Console Thick Client Tasks· TSPS (TrueSight Presentation Server) Tasks

o Creating Authorization Profiles§ TSPS Objects§ TSIM Objects

· TSIM (TrueSight Infrastructure Management Server) Taskso Event Rule Creation (Email notifications)

Application Service Monitoring

TrueSight: ApplicationOnboarding Process

© 2015 SEI 2

ASM Team Actions

Validate Active Directory Application Security Group

Based on the Application Name in the ticket, open Active Directory Users and Computers pointing to theDomain.

1. Right-click the top-level of the domain and select Find.i. All security groups with access to TrueSight are prefixed with TSU ASM.

2. Enter <group name> in the search field and press enter.3. Scan the list for the application name.

i. It is important to use the standard ASM naming convention.

Central Monitoring Administration (CMA) Tasks

The CMA is where monitoring happens. Leveraging powerful policies, we can control everything that will bemonitored by the agent along with any thresholds that will trigger events and alerts.

There are two primary types of CMA policies that are created for new applications:

GroupTag PoliciesThis policy has three configurations: Tagging the agent, Creating the group and setting objectpermissions.

All GroupTag policies will have a precedence of 10

All GroupTag policy’s agent selection will list the hostnames of the agents. You cannot havemultiple agents applied to multiple GroupTag policies.

· Configuration Selection: Agent Configuration and Server Configuration:

· Name Field: Using the following format: GroupTag: TSU <business_unit><application_name> <infrastructure_type>.

o Example 1: GroupTag: TSU eDelivery Domain Prodo Example 2: GroupTag: TSU Corp IT Exchange Pilot

· Description Field: The description will contain key information that will make the contentsof these policies more searchable. This also allows you to cut/paste to the appropriateconfiguration fields:

o Tags Applied: All tags will have the format: <tag>:<tag>. There will also be at leasttwo tags: One for the general application name and one specific to the infrastructuretype (Prod, Pilot, Dev). Using the format in the example allows you to easily cut /past to the Agent configuration. There is no length limitation but make it humanreadable:

© 2015 SEI 3

§ Example 1: eDelDomain:eDelDomain,eDelDomainProd:eDelDomainProd§ Example 2:

CorpITExchange:CorpITExchange,CorpITExchangePilot:CorpITExchangePilot.o Group Name: All groups will have the format: <Application Name>

<Infrastructure Type>. This name will group all of the application objects andmonitors and is essential to all future configurations as groups are heavily leveraged.

§ Note: If this is a shared infrastructure (such as SQL) prefix the group namewith the business unit:

§ Example 1: eDelivery Domain Prod§ Example 2: Corp SQL Pilot§ Example 3: CRM Dev

o Group Permissions: This is the Active Directory security group that willautomatically be granted full control of the devices and monitors of the group.

· Precedence: Set to 10.

© 2015 SEI 4

Monitoring PoliciesThis policy has two configurations: Monitor and Server Thresholds. You might not always configurea Server Threshold but that is infrequent.

All Application Monitoring policies will have a precedence of 100

Agent Thresholds are never used. This is an old methodology and is deprecated.

· Configuration Selection: Monitor Configuration and Server Threshold Configuration:

· Name Field: Using the following format: Monitoring: TSU <business_unit><application_name>. Optional: Add <infrastructure_type> for specific scenarios.

Note: Most monitoring configurations will be the similar across Prod and Pilot. For one offmonitoring, you will have to leverage the individual server(s) for agent selection.

o Example 1: Monitoring: TSU eDelivery Domaino Example 2: Monitoring: TSU Corp IT Exchange

· Description Field: Not required but can provide useful information if needed.· Predence: Set to 100· Agent Selection: Because of the limitations in agent selection criteria there are two options:

o Leverage the Tag from the GroupTag Policy: If the monitoring configurationapplies to most of the servers, using the Tag is the most efficient way to enablemonitoring and thresholds across the board.

o Leverage the host name: For this monitoring configurations that will only apply to1 or 2 servers, use the host name instead of tag.

· Monitor Configuration: See KM specific documentation.· Server Threshold Configuration: Set thresholds based on application team requirements.

© 2015 SEI 5

Base Infrastructure Monitoring Policies

Besides the Base OS monitoring policies that are established the moment a monitoring agent isinstalled, there are also infrastructure monitoring policies that currently cover:

· Domain Controllers· SQL Servers· IIS Web Servers· Citrix Servers

Because of the limitations to agent selection criteria, you will need to add the host name to the agentlist for those settings to take effect.

NOTE: Besides adding agents, these policies should rarely be modified and only after a discussionwith the ASM Team.

Base OS Monitoring Policies

This is listed for informational purposes. You will NEVER need to add agents to this policies as thetags leveraged are established when an agent is installed and is OS specific.

These policies are ONLY modified with full ASM Team approval.

© 2015 SEI 6

Admin Console Thick Client Tasks

NOTE: If the application owner has not installed any agents, you can’t proceed with any of the steps belowthis point as a group needs to exist.

The current version of TrueSight’s CMA Policies does not add the Device object to the Groups created throughthe GroupTag policies.

If you do not add the device to the group, the event alerts will NOT send email notifications for: agentdisconnects, event log or log file monitoring events.

There also will not be a Device tab in the TSIM Operations Console:

NOTE: This is being fixed in v10.5 of TrueSight but for now, we have to perform the following tasks.

1. Open the Admin Console Thick Client. If you have not installed it, you will need to get the installerfrom the CMA:

2. Expand the Group Tree. You will see a list of all groups created and should include the group that wasjust created through the GroupTag policy. If you don’t see the group, check the policy to ensure agentsare selected correctly.

© 2015 SEI 7

3. Right-click the new application group and select Edit Group:

4. Check the box for Auto-add child instances of each Managed Object member then click Next:

5. This is the tedious part especially if you have a lot of servers:a. In the Search for Devices field, enter a portion of the host name(s) and click GO. Hopefully most

of your servers have a similar name so you can just use bobsserver and it will bring up server 1-10:

b. You can Shift-Click (for all) or CTRL-Click (for individual) to select hosts then click Add. Thisadds the device to the list that wasn’t there previously.

© 2015 SEI 8

c. Click Next then Finish and the admin console work is complete.

© 2015 SEI 9

TSPS (TrueSight Presentation Server) Tasks

The primary tasks performed in the Presentation Server are granting access to objects. With each newversion there will be more tasks that move to the front-end but for now it is just access.

There are two parts to granted access:

· Roles: Roles are essentially “Where can I go to see my stuff and what can I do with that stuff ?”o These are already set up administratively and there should rarely be a need to add more and

requires full ASM Team discussion to add or modify more roles.· Authorization Profiles: These profiles are essentially “The Stuff” you are allowed to see such as

Servers, Groups, Applications and Dashboards.o This is where all administrative access work happens .

Creating Authorization ProfilesFor new application on-boarding, click Authorization Profiles in the left-hand navigation. Click the Triple-Ds and select Create. Use the following steps to grant access to an application team:

1. Authorization Profile Name: For tracking purposes, it is very important to name your AuthorizationProfile the same as the Active Directory Security Group. This will help avoid hiding nested securitygroups.

2. Click Add and search for / select the group from the list returned from Atrium SSO. The search field canuse partial names and dynamically filters as you type.

a. IMPORTANT: Never add multiple security groups to an Authorization Profile or it will beincredibly difficult to track where groups are applied. It is always 1 group to 1 authorizationprofile.

b. Check the box next to the one group and select OK. The single security group now appears underthe BmcRealm area.

3. Click the Roles tab then click Add. Because there is still functionality crucial to application owners onthe TrueSight Infrastructure Management (TSIM) server, we have to grant them access.

a. Select: SEI Application Owner Basic TSPS and TSIM (NOT Advanced) then click OK:

© 2015 SEI 10

4. The Role will appear underneath the Add button.5. Click the Objects tab.

Because Application Owners still need access to the TSIM, we have to explicitly grant access to objects for thePresentation Server and the Infrastructure Management Server.

They also overdid the RBAC so you not only grant permissions on the Groups and Applications but the objectscontained within the groups and applications. Hopefully they make it much less granular down the road as itis an administrative burden to grant individual server access for 200 servers.

TSPS Objects – Applications, Groups, Servers and CIs

We will start with granting access to Presentation Server objects. We don’t delegate permissions to PatrolAgent ACLs, Event Groups, Monitoring Policy Types or Patrol Solutions. We have decided that these arecurrently Administrative-Only Tasks so this document does not cover them.

Technically, the GroupTag policy should grant permissions to groups and devices but there is currently a bugthat does it.

An Authorization Profile can grant permissions to multiple groups, servers and CIs if one group supportsmultiple applications.

1. Click -> Objects Tab -> TrueSight Presentation Tab -> Groups Tab and click Add.a. Enter search criteria for the application group(s), select applicable groups then click OK. The

selected groups will appear below the Add button:

© 2015 SEI 11

2. Click the Devices tab and click Add.a. Unfortunately, the selected groups from above does not cascade the permissions to the devices

AND the list of devices doesn’t automatically filter to the selected group.b. Click the Search button or enter all or part of a server name. The Search button will show all

devices. Select all devices for that group and click OK.i. NOTE: The list is NOT alphabetized so eye-balling the objects will not be fun.

c. The added devices show up below the Add button:

3. Click the Applications tab.a. Note: There are two types of Applications:

i. Auto-Created Applications: These are made from traffic the AppVisibility APM agentdiscovers.

ii. Manually-Created Applications: These are quick service models or “applicationcontext” models created by the ASM Team with input from the Application Owners.

b. If either of the above application-types exist specific to this Authorization profile, click Add.c. Enter search criteria for the application and select it from the list clicking OK when finished.d. The added applications will who up below the Add button:

© 2015 SEI 12

4. We now proceed to grant similar permissions to the TSIM Groups and Devices the TSPS permissionsdon’t propagate back to the TSIM server in its current form.

TSIM Objects – Monitor Groups and CIs.

For viewing objects and data on the Infrastructure Management server, you will need to grant access to theMonitor Groups and CIs. These are essentially the same as Groups and Devices that you assigned on theTSPS side, but they have different names.

Technically, the GroupTag policy should grant permissions to groups and devices but there is currently a bugthat does it.

1. Click Objects -> TrueSight Infrastructure -> CIs .a. You first have to know what TSIM server your objects exist on (hopefully this changes in the

future).i. For eDelivery select TSIM01.CORP.SEIC.COM.

ii. For GTC / SWP / DEV select TSIM10.CORP.SEIC.COM .b. Click Add and using the search functionality, locate all of the CIs / servers for this profile:

i. Click the Search button or enter all or part of a server name. The Search button willshow all devices. Select all devices for that group and click OK.

1. NOTE: The list is NOT alphabetized so eye-balling the objects will not be fun.c. The list of CIs will be populated under the applicable TSIM host:

© 2015 SEI 13

2. Click Monitor Groups and under the same TSIM host from step 1, click Add.a. Use Search or select from the list of Monitor Groups. Click OK and the list will be populated

under the appropriate TSIM Host:

3. The TrueSight Presentation Server tasks are complete. The last step is on the TSIM server to set theemail notifications.

© 2015 SEI 14

TSIM (TrueSight Infrastructure Management Server) Tasks

Event Rule CreationFinally, we establish the email notifications to alert Application Owners when something breaks.

SEI only uses Event Rules as defined through:

TSIM Operations Console -> Options -> Administration -> Event Rules

All event rules leverage the ASM Team Event Rule Templates that define the format for all email notificationsthat come out of TrueSight. The Event Rule Template document can be found here.

Because TrueSight doesn’t have a robust alerting system with Templates, we have to create individual eventrules for when a critical even occurs and when it is resolved.

Each application requires 4 event rules minimum:

· Outage Event Opened: When TrueSight has a disconnection from the monitoring agent, it generatesa critical event in the console.

· Outage Event Closed: When the agent reconnects, the disconnect event closes and the event ruletext reflects that.

· Performance Event Opened: When a critical threshold is crossed for performance data such as CPU,memory, Disk, etc, a notification is sent out.

© 2015 SEI 15

· Performance Event Closed: When the performance threshold is no longer critical, an closure eventis sent.

To create an event rule:

1. Connect to the TSIM Server configured in the Authorization Profile through the CMA:

2. Click Options -> Administration Tab -> Event Rules Edit then click Add:

a. The naming convention follows the format TSU <business_unit> <application_name><event_rule_type> <status>.

i. Example1 : TSU eDelivery Domain Outage Event Opened.ii. Example 2: TSU eDelivery Domain Performance Event Closed.

b. Select Schedule. If one for the support team doesn’t exist, create a New schedule.i. Set the Name of the schedule using the format: TSU <business unit>

<application_name> Support Schedule.1. Example: TSU eDelivery Domain Support Schedule.

ii. If the Application Team did not provide a Maintenance Window check the box for SelectAll Days and click Add. It will appear in the schedule entries at the bottom of thewindow:

© 2015 SEI 16

iii. If you do have a Maintenace Window, the schedule is basically going to Include all of thetimes for the notifications with no inclusion during the maintenance window.

1. NOTE: Because of the limitations on the Exclusions, we cannot use those.2. Example: For a maintenance window on Sunday from 7-9AM:

a. Check the boxes for Monday – Saturday then click Add.b. Check the box for Sunday set the start time to 12AM (default) and the

end-time for 7AM. Click Add.c. Check the box for Sunday again and set the start time to 9AM and the

end-time to 12AM (default). Click Add.

iv. When complete, click Done at the bottom of the Add New Schedule window.v. The Schedule field will now be populated with the new schedule.

c. Select the Event Rule Type.i. Based on the Event Rule Template Document:

1. Basic Rule for Outage, Log File, Event Log and Web Site Rules.2. Advanced Rule for: Performance, Disk or App-Specific Metrics (WebLogic).

d. Select Include Selected Groups in the Group Filter. Select the Application Group that ownersrequested notficiations for and click the Right-Arrow button.

i. Note: If you turn Hierarchy Off in the list, a search field appears. Otherwise you have touse the check-boxes:

© 2015 SEI 17

e. With appropriate fields populated, click Next:

f. Depending on your selection for Basic or Advanced, the screens will look different.i. Basic Rules

1. Select External Events Only (deselect Intelligent).2. Depending on the event rule set the Severity (outages are critical, log file

Warning, Event Log Minor).3. Check only the Open or Closed deselecting the other depending on the status

you want a rule for.4. Click Next:

© 2015 SEI 18

ii. Advanced Rule1. Click Add next to the Monitor Type and Attribute. The Monitor Instance is

too granular for our needs.2. Based on the Event Rule Template Doc add the appropriate monitor attributes

to the list and set the appropriate severity level for the notfication:3. Check only the Open or Closed deselecting the other depending on the status

you want a rule for.4. Click Next:

g. The last screen is where we set the SMTP address and email notification format.i. In the From: field enter: asm_contact_SMTP

ii. Select the E-Mail Group radio button. If an email group doesn’t exist click New.1. For the Create E-Mail Group name enter the format:

a. TSU <business_unit> <application_name> Supportb. TSU <business_unit> <application_name> OnCall Support

2. Enter the SMTP email address in the E-Mail List.3. Change the Email Type Drop-down to Full-page HTML/GIF then click Add

then Done:

© 2015 SEI 19

4. The new group will be in the Email Group list. Click Add and the name willappear in the Actions to Perform window:

5. Click Event Text Customization and based on the Event Rule Template Doccopy / past the Subject and Body variable text under the Email Message Type:Full Page HTML/GIF and click Apply:

6. At the bottom of the Event Rule Action Information Page, click Done.7. Repeat the process until you have at least the 4 base event rules.

The Application Is Officially Onboarded.