System monitoring with RMC/RSCT

zaxxon · November 12, 2014, 9:31am

Hi all,

is any of you using RMC for monitoring your LPARs? Is it viable?
I know the IBM Magazine article and the Redbooks about it but I would like to hear from first hand.

Thanks in advance for sharing your experience!

blackrageous · November 12, 2014, 1:35pm

I looked into using it but I was dissappointed with the age of the tool and support for other operating systems when used as a monitoring solution. I would use this if I did not have any other alternative. I prefer something that is snmp/smux-based because managing the agents in my opinion is easier. I think I tried to get the linux files for rsct and I think development may have ceased for linux...not sure.

bakunin · November 12, 2014, 2:06pm

You surely have a point here, but SNMP (which quite oftenly is referenced as being the abbreviation for "security's not my problem") gets regularly bellyached about by security/compliance auditors. I use to have regular run-ins with auditors telling me to shut down SNMP, once even in HACMP clusters (which is impossible without shutting down the cluster software first). Having it running without SNMP being a conditio sine qua non makes for troublesome discussions at best.

rsct is one of the APIs IBM developed only to have nobody use it, as it seems. I know of no monitoring product which uses it and AFAIK the only software building on it is HAMP. Most monitoring software i know (HP-OV, BMC Patrol) use their own agents.

I hope this helps.

bakunin

blackrageous · November 12, 2014, 4:01pm

You can use the AIX error subsystem and hook alerts or action routines; however, the downside of this method is that you have to modify all the lpars (note: the error log system does support central logging I think in the purescale environment...not sure).

What you is modify the errnotify odm in order to do this. You could create odm-add files and push this to each lpar.

Here is an example. You could of course have an action routine that sends a snmp trap to your event manager (most should support snmp traps).

ODM Error Notify Method - Mt Xia: Global System Administration: AIX

Note: the snmp dameon and smux peer for aix provide quite a bit of information. If your event monitor does support snmp you may want to startup the snmp daemon and smux to trap to your event monitor and setup it to query. To test this info, you can configure /etc/snmpd.conf and do an snmpinfo -m dump -c public from a machine or use a mib browser

Posted to the wrong thread. I meant to comment on Zaxon's message about the HMC and events. I agree with Baukin regarding snmp and RSCT. I think snmpv3 addresses security...not sure. I am currently taking a look. Traditionally community strings were transferred in clear text.

It seems the "value" of RSCT for ibm products now is that basic/cheap lowest level cluster communication it provides for products like the HMC, VIOS, CAA (cluster awareness built into AIX).

Security is Not My Problem....that's a good one!

zaxxon · November 13, 2014, 4:57am

Thanks for sharing. I am aware what can be done as alternative and did so already extensive in my former environment together with my former colleague -=xray=-.
I was just curious if anyone ever used it but it seems about no one does.

blackrageous · December 3, 2014, 1:42pm

I recently completed testing and re-introducing myself to snmp, in particular the new features provided by snmpv3. snmpv3 does address security. I would use the snmp features provided by aix and integrate them with something like nagios (if I didn't have another manager). The sub daemons seem to provide all the information you want from an aix system. The hard part is configuring it..it is not as simple and snmpv1. The key to configuring is--I think--is to start with an snmpdv3.conf file that works. I didn't like the one I found in the samples directory on AIX so I used one I found on the internet complete with query examples. I tested querying from different machines to insure the security was working. I prefer snmp because, unlike rsct, a lot of things use it. Still testing.

bakunin · December 4, 2014, 9:01am

Once you are done i would be very interested in the outcome. Probably the audience here is, too. How about writing about it for our board, hmm?

bakunin

blackrageous · December 4, 2014, 4:53pm

Funny you should mention that...I am trying to write it up from the perspective of people that are familiar with snmp version 1 and I wanted to take an opportunity to educate myself and see that it works (so I am doing things like tcpdump before and after i turn on encryption).

Originally, I thought I could just take...

/usr/samples/snmpdv3/snmpdv3.conf

and be up and running without having to learn the details of the version 3 protocol and implement whatever level of security I want. I suppose if you are an expert in SNMP and have been keeping up the RFC's the sample snmpdv3.conf file makes sense.

I saw a few samples on the web but most seem to still configure the snmpdv3.conf at the lowest level of security (community string).

I think it's time for administrators to re-consider snmp again since it addresses traditional security issues; more importantly, it can save money. The configuration is a small challenge. Administrators--including me--need to invest the time in learning and matching the protocol to the level of security they need.

I will post my results. Thanks for the interest.