From 3f2e1765d8b7e3db9a524437b10606bcb0f49948 Mon Sep 17 00:00:00 2001 From: weishen Date: Sat, 18 Apr 2026 17:09:43 +0800 Subject: [PATCH] Auto-sync: 2026-04-18 17:09 --- .../cloud-readiness-infographic-prompts.md | 574 ++++++++++++ Pasted image 20260418164759.png | Bin 0 -> 10253 bytes ...-Application-Cloud-Readiness-Check-List.md | 21 + .../AC-24.4-Post-Upgrade-Steps_688983025.md | 24 + ...ed-Vulnerabilities-and-Issues_696523815.md | 13 + .../csd-wiki/ICSD/APM-Monitoring_686073667.md | 15 + .../AWS-Cognito-User-Creation_708224408.md | 70 ++ ...S-Infrastructure-Naming-Rules_688988195.md | 68 ++ ...--Helm-Fedramp-simulation-ENV_688983269.md | 2 + ...e-update--Helm-Simulation-env_686088156.md | 9 + ...new-SCP-OU-hierarchy-tracking_691155056.md | 36 + ...uth-Authentication---Ops-Only_686065206.md | 134 +++ ...-Runbooks-based-on-monitoring_686083866.md | 884 ++++++++++++++++++ .../Alerting-Response-Process_686073639.md | 2 + ...le-SMAX-Attachment-Extensions_686065217.md | 20 + ...-Resource-Bundle-Cache-Config_688983031.md | 74 ++ ...icense-to-ESM-customer-tenant_688996779.md | 17 + ...ce-Request-to-Cloud-Ops-Group_684946781.md | 32 + .../ICSD/Audit-Compliance_686073912.md | 5 + .../ICSD/Auto-healing-1.0_686083903.md | 33 + .../ICSD/Auto-healing-2.0_686083907.md | 122 +++ .../Automation-of-auto-healing_686083910.md | 19 + ...et-on-boarding-tasks-for-OpsB_686073595.md | 159 ++++ ...t-on-boarding-tasks-for-UCMDB_688982982.md | 89 ++ ...ustomer-setup-flow-with-NSACM_688983312.md | 192 ++++ ...RnD-and-Ops-discussion-topics_713175513.md | 73 ++ .../ICSD/Cambly-English-Training_706823155.md | 22 + .../ICSD/Change-Management_686070198.md | 2 + ...Interval-via-JMX-or-configmap_686074596.md | 56 ++ ...ains-search-for-entity-picker_688983279.md | 15 + ...y-for-EFS-file-system-and-RDS_688982917.md | 150 +++ ...the-indices-can-properly-work_688983295.md | 34 + ...eck-isolated-tenants-per-farm_686073691.md | 24 + .../ICSD/Clean-up-CMS-log-files_686073699.md | 33 + ...oud-Change-Management-Process_686087713.md | 79 ++ ...-information-and-check-status_686073768.md | 45 + .../Configuration-Management_686074098.md | 2 + ...through-network-load-balancer_688996474.md | 275 ++++++ ...hentication-for-SaaS-Customer_686065288.md | 51 + .../csd-wiki/ICSD/Configure-UIS_688987644.md | 39 + ...nfigure-custom-SMTP-for-UCMDB_688983358.md | 56 ++ ...x-and-OpsB-using-same-Vertica_688987648.md | 254 +++++ ...t-Pack-cleanup-for-SaaS-farms_692438713.md | 68 ++ .../Convert-EPUB-to-audiobooks_686070564.md | 27 + ...License-to-Concurrent-License_711830360.md | 11 + .../Create-Integration-Users_686065319.md | 41 + ...tomer-Cloud-Service-Offerings_684947005.md | 18 + .../ICSD/Customer-Onboarding_686069933.md | 2 + .../Customer-Order-Fulfillment_686064518.md | 2 + ...ze-the-login-and-logout-pages_686065324.md | 12 + ...monitoring-toolkit-deployment_686083872.md | 18 + .../ICSD/Deactive-ITOM-Aviator_686073804.md | 18 + ...-enhance-CI-lifecycle-in-SaaS_688987700.md | 62 ++ .../Disable-Native-SACM-manually_686073918.md | 48 + ...ce-log-for-farm-stabilization_686074613.md | 36 + ...on-EU8-for-farm-stabilization_686074621.md | 52 ++ ...itor-if-it-is-already-enabled_708226541.md | 27 + .../ICSD/Disaster-and-Recovery_686074258.md | 2 + ...ade-from-version-1.29-to-1.30_709421239.md | 32 + ...ade-from-version-1.30-to-1.31_706832607.md | 148 +++ .../ICSD/ESM-25.1-Issue-List_689011325.md | 9 + .../ICSD/ESM-25.2-Issue-List_696536531.md | 19 + ...M-Cloud-Customer-Exit-Process_686070016.md | 61 ++ ...d-Disaster-and-Recovery-Guide_686087723.md | 255 +++++ .../ESM-Cloud-Farm-Construction_688988187.md | 17 + ...M-Cloud-Farm-Version-Tracking_684925423.md | 40 + ...-Cloud-Incident-Tracking-List_686083932.md | 19 + .../ESM-Cloud-Infra-Cost-Review_686065545.md | 289 ++++++ ...SM-Cloud-Ops---New-User-Guide_686088242.md | 73 ++ ...ESM-Cloud-Ops-Change-Calendar_686069653.md | 35 + ...Cloud-Unified-Monitoring-v1.1_686083891.md | 26 + .../ESM-Cloud-Unified-Monitoring_686074338.md | 26 + ...omer-Configuration-Deviations_713163911.md | 38 + ...-Customer-Tenant-Decommission_688996785.md | 44 + .../ESM-Emergency-Change-Process_718140336.md | 38 + ...-Deployment-Naming-Convention_686065579.md | 91 ++ .../ICSD/ESM-Monthly-SLA-Result_686070050.md | 57 ++ .../ICSD/ESM-ODL-Integration_693613201.md | 151 +++ ...-Tenant-Provisioning-Strategy_688987756.md | 15 + ...-Rollback-Capability-Tracking_692429849.md | 27 + .../ESM-SaaS-CSD-Ops-Coverage_718139964.md | 25 + ...-Configuration-Management-Log_686074216.md | 4 + ...-Order-Fulfillment-Procedures_686069896.md | 44 + ...aaS-Order-Fulfillment-Process_686069900.md | 19 + ...illment-Tracking-List-FY24-Q4_686069919.md | 4 + ...ision-Automation-API-Document_686070458.md | 453 +++++++++ ...to-version-25.1.1-from-24.4.2_688992593.md | 4 + ...to-version-25.1.2-from-25.1.1_692438948.md | 8 + ...-SaaS-Upgrade-to-version-25.1_688988231.md | 4 + ...e-to-version-25.2-from-25.1.2_693604994.md | 4 + ...e-to-version-25.2.2-from-25.2_705001241.md | 8 + ...e-to-version-25.3.1-from-25.3_713194452.md | 8 + ...to-version-25.3.2-from-25.3.1_716275145.md | 8 + .../ESM-SaaS-Upgrade-to-version_708227751.md | 8 + .../ICSD/ESM-Service-Health-Page_688996271.md | 19 + ...enant-Provisioning-Automation_686079418.md | 220 +++++ .../ESM-WAF-Enablement-Tracking_688996216.md | 40 + ...ESM-license-generation-detail_686070325.md | 96 ++ .../ICSD/EU-managed-farm_686065589.md | 77 ++ ...ry-module-on-UCMDB-UI-on-SaaS_688987735.md | 34 + ...e-ITOM-Aviator-for-ESM-tenant_688996800.md | 19 + ...-for-SMAX-on-premise-customer_688996802.md | 19 + ...e-Optic-Data-Lake-Preparation_688996348.md | 79 ++ .../ICSD/Enable-Optic-Data-Lake_688996343.md | 27 + .../Enable-TLS-1.3-in-AWS-ALB_688996484.md | 40 + ...X-aviator-capability-on-BO-UI_688988251.md | 37 + .../ICSD/FQDN-Naming-Convention_688988212.md | 54 ++ ...ata-when-you-select-offerings_688988239.md | 32 + ...-when-adding-request-comments_688988255.md | 51 + ...process-of-deploying-licenses_688988271.md | 42 + ...--increase-backlog-quota-size_706806534.md | 59 ++ knowledgebase/csd-wiki/ICSD/GCP_686070215.md | 2 + ...neric-Solutions-and-Practices_686083900.md | 6 + ...iator-with-IDOL-web-connector_686073963.md | 123 +++ ...-APM-Monitoring-Business-Flow_686073715.md | 10 + ...ate-Shared-Service-Agent-User_693607221.md | 30 + ...-Enable-Enhanced-CI-LIfecycle_688988308.md | 49 + ...w-to-apply-ILR-license-for-OP_691159135.md | 19 + ...-SLT-logs-for-troubleshooting_688988287.md | 33 + ...-SACM-Notification-Throttling_686074009.md | 32 + ...-vertica-server-instance-type_686065564.md | 90 ++ ...nt-Product-License-Expiration_686079367.md | 36 + ...CM-notificaiton-queue-in-SaaS_686074669.md | 75 ++ ...reate-a-change-request-in-SM9_693603362.md | 82 ++ .../ICSD/How-to-debug-in-Milvus_686074149.md | 38 + .../How-to-deploy-and-enable-AC_693613103.md | 40 + ...monitor-postgres-custom-query_704971984.md | 172 ++++ .../ICSD/How-to-disable-Aviator_686073812.md | 36 + ...-WAF-logs-for-troubleshooting_688988324.md | 32 + ...uite-logs-for-troubleshooting_686074297.md | 12 + ...n-error-after-upgrade-to-24.3_688988344.md | 51 + .../How-to-fix-Dev2Prod-failure_688988351.md | 293 ++++++ ...en-SLT-data-via-Python-script_686074161.md | 79 ++ ...ility-to-add-new-Data-Domains_716270786.md | 132 +++ ...-graph-for-specific-container_686074188.md | 48 + ...n-Opentext-Confluence-account_688987796.md | 58 ++ ...latest-AWS-Savings-Plan-rates_688988366.md | 393 ++++++++ ...rafana-login-with-AWS-Cognito_690087085.md | 92 ++ .../ICSD/How-to-provision-a-farm_693608295.md | 84 ++ ...ative-SACM-data-migration-job_686074234.md | 29 + ...ilvus-collections-for-Aviator_686074224.md | 27 + ...ic-license-key-for-SaaS-UCMDB_688996303.md | 120 +++ ...lace-bastion-with-Rocky-Linux_688996309.md | 85 ++ ...-a-temporary-BO-admin-account_692439033.md | 30 + ...sement-of-Education-Allowance_686070542.md | 57 ++ .../ICSD/How-to-setup-a-new-farm_688988216.md | 13 + ...pPluse-Cloud-Farm-Information_691150242.md | 4 + .../csd-wiki/ICSD/ITOM-APM_686070432.md | 2 + .../csd-wiki/ICSD/ITOM-Aviator_688982192.md | 12 + .../ICSD/ITOM-Change-Calendars_710796342.md | 2 + ...OM-Cloud-AWS-Account-Overview_686070784.md | 73 ++ ...tion-SaaS-Service-Description_686069698.md | 17 + ...Applications-Version-Tracking_686069647.md | 14 + ...oud-Project-Progress-Tracking_686074397.md | 50 + ...Backup-Integrity-Testing-Plan_686074315.md | 51 + .../ITOM-Cloud-Service-Catalog_688996225.md | 14 + ...oval-Process-for-New-Services_688996646.md | 103 ++ .../ITOM-Cloud-Service-Delivery_681555087.md | 111 +++ ...d-Service-Ops-Change-Calendar_686069645.md | 4 + ...ce-Ops-Doc-Management-Process_686069689.md | 77 ++ .../ICSD/ITOM-Cloud-Service-Team_688992849.md | 79 ++ ...OM-ESM-Cloud-Farm-Information_686079377.md | 20 + ...TOM-ESM-Cloud-Service-Catalog_688996649.md | 55 ++ ...OM-ESM-Farm-Capacity-planning_706818364.md | 62 ++ ...-ESM-License-Units-conversion_688996323.md | 47 + .../ICSD/ITOM-Operation-Platform_688996761.md | 12 + ...psB-NOM-Cloud-Service-Catalog_688996652.md | 37 + .../ITOM-RnD-Interlock-Meetings_686070427.md | 2 + .../ICSD/ITOM-SaaS-Pain-Points_686083998.md | 68 ++ ...es-for-DND-resource-providers_688996312.md | 46 + .../ICSD/Incident-Management_686083927.md | 16 + .../Innovation-and-incubation_686083965.md | 22 + ...Instrumenting-and-diagnostics_686083884.md | 8 + ...r-BI-to-create-FinOps-reports_686065345.md | 124 +++ ...ods-in-different-worker-nodes_688996319.md | 84 ++ .../ICSD/Issues-list-per-release_696536522.md | 12 + ...probe-sending-results-on-SaaS_688996331.md | 35 + .../ICSD/List-of-Runbooks_700163214.md | 52 ++ ...stomer-Communication-Template_686083948.md | 36 + .../Major-Incident-Definition_691167040.md | 112 +++ ...r-Incident-Management-Process_686083938.md | 125 +++ .../ICSD/Major-Incident-Training_686070569.md | 15 + ...ices-for-Multi-Cloud-Platform_686070220.md | 14 + .../ICSD/Mega-Audit-Preparation_689012718.md | 33 + ...rate-roles-newly-added-in-CMS_688996336.md | 56 ++ ...ng-Alert-Serverity-Definition_686073660.md | 14 + .../ICSD/Monitoring-Database_686083870.md | 72 ++ ...nitoring-reference-for-newbie_686070588.md | 12 + .../csd-wiki/ICSD/Monthly-SLA_686070031.md | 4 + .../ICSD/Multi-cloud-deployment_686070213.md | 2 + ...OM---Private-Cloud-Onboarding_704548762.md | 8 + .../New-Farm-OPS-Requirments_688988220.md | 36 + .../ICSD/Newbie-training_686070534.md | 2 + ...-APM-Monitoring-Business-Flow_686073823.md | 168 ++++ ...P-tenant-decommission-process_690087778.md | 322 +++++++ .../ICSD/OpenText-Mega-Audit_686073965.md | 31 + ...ration-excellence-improvement_686083916.md | 27 + .../ICSD/Operational-Runbook_686073475.md | 6 + ...ions-Platform-24.4-deployment_693612997.md | 21 + ...ns-Platform-tenant-enablement_688996278.md | 19 + .../OpsB-Deployment-Features_696546923.md | 2 + .../OpsB-Service-Health-Page_686084003.md | 35 + ...-Deployments-Version-Tracking_686069604.md | 93 ++ ...he-IDOL-archive-queue-for-EU8_686074695.md | 141 +++ ...r-a-specific-customer-on-SaaS_686074263.md | 16 + ...atch-Cloud-Deployment-Process_686087749.md | 48 + ...US7-Salesforce-sandbox-tenant_688996352.md | 61 ++ ...hen-upgrade-from-24.2-to-24.3_688996364.md | 129 +++ .../ICSD/Prepare-Document_688996354.md | 42 + ...resses-from-accessing-tenants_688996491.md | 253 +++++ .../ICSD/Process-for-license_709426883.md | 168 ++++ ...y-Issues-found-by-Qualys-Scan_688996390.md | 60 ++ .../Product-License-Management_686070229.md | 21 + .../Product-Provision-Automation_686070431.md | 14 + .../ICSD/Product-Version-Upgrade_686083990.md | 16 + ...SMAX-license-buffer-in-tenant_688996392.md | 47 + ...or-existing-UD-SaaS-customers_688996394.md | 45 + ...ustomer-certificates-in-Nginx_688996480.md | 73 ++ ...SM-Products-Internal-Licenses_686070421.md | 131 +++ ...roduction-Environment-Process_686070239.md | 85 ++ ...o-AWS-account-from-IGA-portal_686074273.md | 14 + .../csd-wiki/ICSD/Retrospective_686083994.md | 2 + .../Runbooks-based-on-monitoring_686083879.md | 363 +++++++ ...-Enable-Pendo-for-SMAX-tenant_688982184.md | 70 ++ ...-APM-Monitoring-Business-Flow_686087711.md | 90 ++ ...aintain-custom-language-packs_688996787.md | 19 + ...dify-maximum-attachement-size_688996790.md | 19 + ...lication-of-PK-in-URM-History_686074742.md | 36 + ...aaS-Change-UPN-Script-Runbook_686074283.md | 470 ++++++++++ .../SaaS-Farm-specific-settings_686074238.md | 36 + ...-blocked-due-to-fuse-exceeded_686074726.md | 70 ++ .../ICSD/Scheduled-scaling_686083970.md | 47 + ...ion-to-SaaS-customers-via-PCS_686069617.md | 72 ++ .../csd-wiki/ICSD/September-2025_718113214.md | 12 + .../ICSD/Service-Health-Page_686084001.md | 5 + .../Set-up-Native-SACM-for-SaaS_688996404.md | 218 +++++ .../csd-wiki/ICSD/SocGen_686069980.md | 52 ++ .../ICSD/Standard-Ops-Runbook_686073477.md | 36 + ...ertica-used-by-Classic-FinOps_687151665.md | 40 + knowledgebase/csd-wiki/ICSD/Test_686070814.md | 2 + ...as-broken-during-the-upgrade._688996417.md | 22 + ...rm-offline-NG-for-Native-SACM_686073929.md | 32 + ...a-Helm-deployment-on-24.2.FP1_688996419.md | 39 + ...o-a-Helm-deployment-on-24.3.2_688996421.md | 29 + .../Troubleshooting-as-a-Service_693602624.md | 67 ++ ...CMS-UI-report-scheduler-issue_688996426.md | 53 ++ .../ICSD/Troubleshooting_688996268.md | 13 + ...-APM-Monitoring-Business-Flow_686073690.md | 58 ++ ...DB-Server-Master-key-rotation_688996428.md | 116 +++ ...ator-semantic-search-accuracy_686074753.md | 20 + ...ator-semantic-search-accuracy_686074767.md | 23 + ...Upgrade-CMS-from-24.3-to-24.4_688996436.md | 120 +++ .../ICSD/Upgrade-CMS-to-24.4.2_688996438.md | 28 + .../ICSD/Upgrade-EKS-of-SMAX_706832577.md | 13 + .../csd-wiki/ICSD/Upgrade-ESM_706819674.md | 19 + ...dated-after-NFS-volume-change_688996444.md | 45 + .../ICSD/Workaround-Solutions_686074552.md | 16 + ...pgrading-SaaS-UCMDB-to-24.3.2_688996457.md | 25 + ...curity-configuration-for-ACME_688996466.md | 46 + knowledgebase/csd-wiki/ICSD/index.md | 436 +++++++++ .../csd-wiki/ICSD/mitigation_710799110.md | 13 + ...etUpgradeStep-upgrade-failure_688996408.md | 25 + wiki/concepts/AWS-Backup.md | 32 + wiki/concepts/Docker-容器化.md | 47 + wiki/concepts/EFS-vs-EBS.md | 60 ++ wiki/concepts/Packer.md | 42 + wiki/concepts/TerraGrunt.md | 48 + wiki/concepts/VPC-Transit-Gateway.md | 41 + wiki/entities/CTP.md | 22 + wiki/entities/Holger-Rode.md | 27 + wiki/entities/Octane-Hub.md | 33 + wiki/index.md | 5 + wiki/log.md | 26 +- ...-From-Traditional-IT-to-Advanced-DevOps.md | 59 +- ...-octane-hub-on-aws-real-life-experience.md | 74 ++ .../ctp-topic-44-aws-backup-in-micro-focus.md | 52 ++ 276 files changed, 17241 insertions(+), 20 deletions(-) create mode 100644 Hermes/xingzhi/cloud-readiness-infographic-prompts.md create mode 100644 Pasted image 20260418164759.png create mode 100644 ishenwei/Cloud-Application-Cloud-Readiness-Check-List.md create mode 100644 knowledgebase/csd-wiki/ICSD/AC-24.4-Post-Upgrade-Steps_688983025.md create mode 100644 knowledgebase/csd-wiki/ICSD/APM---CITI---Reported-Vulnerabilities-and-Issues_696523815.md create mode 100644 knowledgebase/csd-wiki/ICSD/APM-Monitoring_686073667.md create mode 100644 knowledgebase/csd-wiki/ICSD/AWS-Cognito-User-Creation_708224408.md create mode 100644 knowledgebase/csd-wiki/ICSD/AWS-Infrastructure-Naming-Rules_688988195.md create mode 100644 knowledgebase/csd-wiki/ICSD/AWS-RDS-certificate-update--Helm-Fedramp-simulation-ENV_688983269.md create mode 100644 knowledgebase/csd-wiki/ICSD/AWS-RDS-certificate-update--Helm-Simulation-env_686088156.md create mode 100644 knowledgebase/csd-wiki/ICSD/AWS-account-migrate-to-new-SCP-OU-hierarchy-tracking_691155056.md create mode 100644 knowledgebase/csd-wiki/ICSD/Add-OAuth-Authentication---Ops-Only_686065206.md create mode 100644 knowledgebase/csd-wiki/ICSD/Alert-Runbooks-based-on-monitoring_686083866.md create mode 100644 knowledgebase/csd-wiki/ICSD/Alerting-Response-Process_686073639.md create mode 100644 knowledgebase/csd-wiki/ICSD/Allowable-SMAX-Attachment-Extensions_686065217.md create mode 100644 knowledgebase/csd-wiki/ICSD/Apply-Resource-Bundle-Cache-Config_688983031.md create mode 100644 knowledgebase/csd-wiki/ICSD/Apply-license-to-ESM-customer-tenant_688996779.md create mode 100644 knowledgebase/csd-wiki/ICSD/Assign-PCS-Cloud-Service-Request-to-Cloud-Ops-Group_684946781.md create mode 100644 knowledgebase/csd-wiki/ICSD/Audit-Compliance_686073912.md create mode 100644 knowledgebase/csd-wiki/ICSD/Auto-healing-1.0_686083903.md create mode 100644 knowledgebase/csd-wiki/ICSD/Auto-healing-2.0_686083907.md create mode 100644 knowledgebase/csd-wiki/ICSD/Automation-of-auto-healing_686083910.md create mode 100644 knowledgebase/csd-wiki/ICSD/Aviator-widget-on-boarding-tasks-for-OpsB_686073595.md create mode 100644 knowledgebase/csd-wiki/ICSD/Aviator-widget-on-boarding-tasks-for-UCMDB_688982982.md create mode 100644 knowledgebase/csd-wiki/ICSD/CMS-Customer-setup-flow-with-NSACM_688983312.md create mode 100644 knowledgebase/csd-wiki/ICSD/CSD-RnD-and-Ops-discussion-topics_713175513.md create mode 100644 knowledgebase/csd-wiki/ICSD/Cambly-English-Training_706823155.md create mode 100644 knowledgebase/csd-wiki/ICSD/Change-Management_686070198.md create mode 100644 knowledgebase/csd-wiki/ICSD/Change-TimeWindow-Interval-via-JMX-or-configmap_686074596.md create mode 100644 knowledgebase/csd-wiki/ICSD/Change-tenant-setting-to-off-to-disbale-contains-search-for-entity-picker_688983279.md create mode 100644 knowledgebase/csd-wiki/ICSD/Change-the-OO-customer-managed-key-for-EFS-file-system-and-RDS_688982917.md create mode 100644 knowledgebase/csd-wiki/ICSD/Check-existing-DB-indices-on-globalid-for-Native-SACM-per-farm-and-add-missing-condition-to-ensure-the-indices-can-properly-work_688983295.md create mode 100644 knowledgebase/csd-wiki/ICSD/Check-isolated-tenants-per-farm_686073691.md create mode 100644 knowledgebase/csd-wiki/ICSD/Clean-up-CMS-log-files_686073699.md create mode 100644 knowledgebase/csd-wiki/ICSD/Cloud-Change-Management-Process_686087713.md create mode 100644 knowledgebase/csd-wiki/ICSD/Collect-customer-owned-SMAX-OPB-Agent-information-and-check-status_686073768.md create mode 100644 knowledgebase/csd-wiki/ICSD/Configuration-Management_686074098.md create mode 100644 knowledgebase/csd-wiki/ICSD/Configure-Nginx-through-network-load-balancer_688996474.md create mode 100644 knowledgebase/csd-wiki/ICSD/Configure-SAML-authentication-for-SaaS-Customer_686065288.md create mode 100644 knowledgebase/csd-wiki/ICSD/Configure-UIS_688987644.md create mode 100644 knowledgebase/csd-wiki/ICSD/Configure-custom-SMTP-for-UCMDB_688983358.md create mode 100644 knowledgebase/csd-wiki/ICSD/Configuring-HCMx-and-OpsB-using-same-Vertica_688987648.md create mode 100644 knowledgebase/csd-wiki/ICSD/Content-Pack-cleanup-for-SaaS-farms_692438713.md create mode 100644 knowledgebase/csd-wiki/ICSD/Convert-EPUB-to-audiobooks_686070564.md create mode 100644 knowledgebase/csd-wiki/ICSD/Converting-the-Named-License-to-Concurrent-License_711830360.md create mode 100644 knowledgebase/csd-wiki/ICSD/Create-Integration-Users_686065319.md create mode 100644 knowledgebase/csd-wiki/ICSD/Customer-Cloud-Service-Offerings_684947005.md create mode 100644 knowledgebase/csd-wiki/ICSD/Customer-Onboarding_686069933.md create mode 100644 knowledgebase/csd-wiki/ICSD/Customer-Order-Fulfillment_686064518.md create mode 100644 knowledgebase/csd-wiki/ICSD/Customize-the-login-and-logout-pages_686065324.md create mode 100644 knowledgebase/csd-wiki/ICSD/Database-monitoring-toolkit-deployment_686083872.md create mode 100644 knowledgebase/csd-wiki/ICSD/Deactive-ITOM-Aviator_686073804.md create mode 100644 knowledgebase/csd-wiki/ICSD/Disable-NSACM-and-enhance-CI-lifecycle-in-SaaS_688987700.md create mode 100644 knowledgebase/csd-wiki/ICSD/Disable-Native-SACM-manually_686073918.md create mode 100644 knowledgebase/csd-wiki/ICSD/Disable-the-gateway-service-log-for-farm-stabilization_686074613.md create mode 100644 knowledgebase/csd-wiki/ICSD/Disable-the-platform-access-logs-and-most-of-service-logs-on-EU8-for-farm-stabilization_686074621.md create mode 100644 knowledgebase/csd-wiki/ICSD/Disabling-new-rich-text-editor-if-it-is-already-enabled_708226541.md create mode 100644 knowledgebase/csd-wiki/ICSD/Disaster-and-Recovery_686074258.md create mode 100644 knowledgebase/csd-wiki/ICSD/EKS-upgrade-from-version-1.29-to-1.30_709421239.md create mode 100644 knowledgebase/csd-wiki/ICSD/EKS-upgrade-from-version-1.30-to-1.31_706832607.md create mode 100644 knowledgebase/csd-wiki/ICSD/ESM-25.1-Issue-List_689011325.md create mode 100644 knowledgebase/csd-wiki/ICSD/ESM-25.2-Issue-List_696536531.md create mode 100644 knowledgebase/csd-wiki/ICSD/ESM-Cloud-Customer-Exit-Process_686070016.md create mode 100644 knowledgebase/csd-wiki/ICSD/ESM-Cloud-Disaster-and-Recovery-Guide_686087723.md create mode 100644 knowledgebase/csd-wiki/ICSD/ESM-Cloud-Farm-Construction_688988187.md create mode 100644 knowledgebase/csd-wiki/ICSD/ESM-Cloud-Farm-Version-Tracking_684925423.md create mode 100644 knowledgebase/csd-wiki/ICSD/ESM-Cloud-Incident-Tracking-List_686083932.md create mode 100644 knowledgebase/csd-wiki/ICSD/ESM-Cloud-Infra-Cost-Review_686065545.md create mode 100644 knowledgebase/csd-wiki/ICSD/ESM-Cloud-Ops---New-User-Guide_686088242.md create mode 100644 knowledgebase/csd-wiki/ICSD/ESM-Cloud-Ops-Change-Calendar_686069653.md create mode 100644 knowledgebase/csd-wiki/ICSD/ESM-Cloud-Unified-Monitoring-v1.1_686083891.md create mode 100644 knowledgebase/csd-wiki/ICSD/ESM-Cloud-Unified-Monitoring_686074338.md create mode 100644 knowledgebase/csd-wiki/ICSD/ESM-Customer-Configuration-Deviations_713163911.md create mode 100644 knowledgebase/csd-wiki/ICSD/ESM-Customer-Tenant-Decommission_688996785.md create mode 100644 knowledgebase/csd-wiki/ICSD/ESM-Emergency-Change-Process_718140336.md create mode 100644 knowledgebase/csd-wiki/ICSD/ESM-Farm-Cloud-Deployment-Naming-Convention_686065579.md create mode 100644 knowledgebase/csd-wiki/ICSD/ESM-Monthly-SLA-Result_686070050.md create mode 100644 knowledgebase/csd-wiki/ICSD/ESM-ODL-Integration_693613201.md create mode 100644 knowledgebase/csd-wiki/ICSD/ESM-Order-Fulfillment-and-Tenant-Provisioning-Strategy_688987756.md create mode 100644 knowledgebase/csd-wiki/ICSD/ESM-Patch-Version-Rollback-Capability-Tracking_692429849.md create mode 100644 knowledgebase/csd-wiki/ICSD/ESM-SaaS-CSD-Ops-Coverage_718139964.md create mode 100644 knowledgebase/csd-wiki/ICSD/ESM-SaaS-Farm-Configuration-Management-Log_686074216.md create mode 100644 knowledgebase/csd-wiki/ICSD/ESM-SaaS-Order-Fulfillment-Procedures_686069896.md create mode 100644 knowledgebase/csd-wiki/ICSD/ESM-SaaS-Order-Fulfillment-Process_686069900.md create mode 100644 knowledgebase/csd-wiki/ICSD/ESM-SaaS-Order-Fulfillment-Tracking-List-FY24-Q4_686069919.md create mode 100644 knowledgebase/csd-wiki/ICSD/ESM-SaaS-Tenant-Provision-Automation-API-Document_686070458.md create mode 100644 knowledgebase/csd-wiki/ICSD/ESM-SaaS-Upgrade-to-version-25.1.1-from-24.4.2_688992593.md create mode 100644 knowledgebase/csd-wiki/ICSD/ESM-SaaS-Upgrade-to-version-25.1.2-from-25.1.1_692438948.md create mode 100644 knowledgebase/csd-wiki/ICSD/ESM-SaaS-Upgrade-to-version-25.1_688988231.md create mode 100644 knowledgebase/csd-wiki/ICSD/ESM-SaaS-Upgrade-to-version-25.2-from-25.1.2_693604994.md create mode 100644 knowledgebase/csd-wiki/ICSD/ESM-SaaS-Upgrade-to-version-25.2.2-from-25.2_705001241.md create mode 100644 knowledgebase/csd-wiki/ICSD/ESM-SaaS-Upgrade-to-version-25.3.1-from-25.3_713194452.md create mode 100644 knowledgebase/csd-wiki/ICSD/ESM-SaaS-Upgrade-to-version-25.3.2-from-25.3.1_716275145.md create mode 100644 knowledgebase/csd-wiki/ICSD/ESM-SaaS-Upgrade-to-version_708227751.md create mode 100644 knowledgebase/csd-wiki/ICSD/ESM-Service-Health-Page_688996271.md create mode 100644 knowledgebase/csd-wiki/ICSD/ESM-Tenant-Provisioning-Automation_686079418.md create mode 100644 knowledgebase/csd-wiki/ICSD/ESM-WAF-Enablement-Tracking_688996216.md create mode 100644 knowledgebase/csd-wiki/ICSD/ESM-license-generation-detail_686070325.md create mode 100644 knowledgebase/csd-wiki/ICSD/EU-managed-farm_686065589.md create mode 100644 knowledgebase/csd-wiki/ICSD/Enable-Discovery-module-on-UCMDB-UI-on-SaaS_688987735.md create mode 100644 knowledgebase/csd-wiki/ICSD/Enable-ITOM-Aviator-for-ESM-tenant_688996800.md create mode 100644 knowledgebase/csd-wiki/ICSD/Enable-ITOM-Aviator-for-SMAX-on-premise-customer_688996802.md create mode 100644 knowledgebase/csd-wiki/ICSD/Enable-Optic-Data-Lake-Preparation_688996348.md create mode 100644 knowledgebase/csd-wiki/ICSD/Enable-Optic-Data-Lake_688996343.md create mode 100644 knowledgebase/csd-wiki/ICSD/Enable-TLS-1.3-in-AWS-ALB_688996484.md create mode 100644 knowledgebase/csd-wiki/ICSD/FIX-aviator-capability-on-BO-UI_688988251.md create mode 100644 knowledgebase/csd-wiki/ICSD/FQDN-Naming-Convention_688988212.md create mode 100644 knowledgebase/csd-wiki/ICSD/Failed-to-load-data-when-you-select-offerings_688988239.md create mode 100644 knowledgebase/csd-wiki/ICSD/Fix-problematic-indexes-of-long_text_xxxxxxxxx-to-avoid-the-performance-issue-when-adding-request-comments_688988255.md create mode 100644 knowledgebase/csd-wiki/ICSD/Full-process-of-deploying-licenses_688988271.md create mode 100644 knowledgebase/csd-wiki/ICSD/GCP-FinOps-flow---increase-backlog-quota-size_706806534.md create mode 100644 knowledgebase/csd-wiki/ICSD/GCP_686070215.md create mode 100644 knowledgebase/csd-wiki/ICSD/Generic-Solutions-and-Practices_686083900.md create mode 100644 knowledgebase/csd-wiki/ICSD/Guide-for-index-external-websites-into-Aviator-with-IDOL-web-connector_686073963.md create mode 100644 knowledgebase/csd-wiki/ICSD/HCMX-APM-Monitoring-Business-Flow_686073715.md create mode 100644 knowledgebase/csd-wiki/ICSD/How-to-Create-Shared-Service-Agent-User_693607221.md create mode 100644 knowledgebase/csd-wiki/ICSD/How-to-Enable-Enhanced-CI-LIfecycle_688988308.md create mode 100644 knowledgebase/csd-wiki/ICSD/How-to-apply-ILR-license-for-OP_691159135.md create mode 100644 knowledgebase/csd-wiki/ICSD/How-to-automatically-collect-SLT-logs-for-troubleshooting_688988287.md create mode 100644 knowledgebase/csd-wiki/ICSD/How-to-change-Native-SACM-Notification-Throttling_686074009.md create mode 100644 knowledgebase/csd-wiki/ICSD/How-to-change-the-vertica-server-instance-type_686065564.md create mode 100644 knowledgebase/csd-wiki/ICSD/How-to-check-ESM-Tenant-Product-License-Expiration_686079367.md create mode 100644 knowledgebase/csd-wiki/ICSD/How-to-check-native-SACM-notificaiton-queue-in-SaaS_686074669.md create mode 100644 knowledgebase/csd-wiki/ICSD/How-to-create-a-change-request-in-SM9_693603362.md create mode 100644 knowledgebase/csd-wiki/ICSD/How-to-debug-in-Milvus_686074149.md create mode 100644 knowledgebase/csd-wiki/ICSD/How-to-deploy-and-enable-AC_693613103.md create mode 100644 knowledgebase/csd-wiki/ICSD/How-to-deploy-postgres-exporter-on-SaaS-to-monitor-postgres-custom-query_704971984.md create mode 100644 knowledgebase/csd-wiki/ICSD/How-to-disable-Aviator_686073812.md create mode 100644 knowledgebase/csd-wiki/ICSD/How-to-export-WAF-logs-for-troubleshooting_688988324.md create mode 100644 knowledgebase/csd-wiki/ICSD/How-to-find-the-suite-logs-for-troubleshooting_686074297.md create mode 100644 knowledgebase/csd-wiki/ICSD/How-to-fix-400-login-error-after-upgrade-to-24.3_688988344.md create mode 100644 knowledgebase/csd-wiki/ICSD/How-to-fix-Dev2Prod-failure_688988351.md create mode 100644 knowledgebase/csd-wiki/ICSD/How-to-fix-broken-SLT-data-via-Python-script_686074161.md create mode 100644 knowledgebase/csd-wiki/ICSD/How-to-fix-inability-to-add-new-Data-Domains_716270786.md create mode 100644 knowledgebase/csd-wiki/ICSD/How-to-generate-flame-graph-for-specific-container_686074188.md create mode 100644 knowledgebase/csd-wiki/ICSD/How-to-get-an-Opentext-Confluence-account_688987796.md create mode 100644 knowledgebase/csd-wiki/ICSD/How-to-get-the-latest-AWS-Savings-Plan-rates_688988366.md create mode 100644 knowledgebase/csd-wiki/ICSD/How-to-integrate-Grafana-login-with-AWS-Cognito_690087085.md create mode 100644 knowledgebase/csd-wiki/ICSD/How-to-provision-a-farm_693608295.md create mode 100644 knowledgebase/csd-wiki/ICSD/How-to-re-trigger-Native-SACM-data-migration-job_686074234.md create mode 100644 knowledgebase/csd-wiki/ICSD/How-to-reload-Milvus-collections-for-Aviator_686074224.md create mode 100644 knowledgebase/csd-wiki/ICSD/How-to-remove-specific-license-key-for-SaaS-UCMDB_688996303.md create mode 100644 knowledgebase/csd-wiki/ICSD/How-to-replace-bastion-with-Rocky-Linux_688996309.md create mode 100644 knowledgebase/csd-wiki/ICSD/How-to-request-a-temporary-BO-admin-account_692439033.md create mode 100644 knowledgebase/csd-wiki/ICSD/How-to-request-for-reimbursement-of-Education-Allowance_686070542.md create mode 100644 knowledgebase/csd-wiki/ICSD/How-to-setup-a-new-farm_688988216.md create mode 100644 knowledgebase/csd-wiki/ICSD/ITOM-APM-AppPluse-Cloud-Farm-Information_691150242.md create mode 100644 knowledgebase/csd-wiki/ICSD/ITOM-APM_686070432.md create mode 100644 knowledgebase/csd-wiki/ICSD/ITOM-Aviator_688982192.md create mode 100644 knowledgebase/csd-wiki/ICSD/ITOM-Change-Calendars_710796342.md create mode 100644 knowledgebase/csd-wiki/ICSD/ITOM-Cloud-AWS-Account-Overview_686070784.md create mode 100644 knowledgebase/csd-wiki/ICSD/ITOM-Cloud-Application-SaaS-Service-Description_686069698.md create mode 100644 knowledgebase/csd-wiki/ICSD/ITOM-Cloud-Applications-Version-Tracking_686069647.md create mode 100644 knowledgebase/csd-wiki/ICSD/ITOM-Cloud-Project-Progress-Tracking_686074397.md create mode 100644 knowledgebase/csd-wiki/ICSD/ITOM-Cloud-Service-Backup-Integrity-Testing-Plan_686074315.md create mode 100644 knowledgebase/csd-wiki/ICSD/ITOM-Cloud-Service-Catalog_688996225.md create mode 100644 knowledgebase/csd-wiki/ICSD/ITOM-Cloud-Service-Delivery-Approval-Process-for-New-Services_688996646.md create mode 100644 knowledgebase/csd-wiki/ICSD/ITOM-Cloud-Service-Delivery_681555087.md create mode 100644 knowledgebase/csd-wiki/ICSD/ITOM-Cloud-Service-Ops-Change-Calendar_686069645.md create mode 100644 knowledgebase/csd-wiki/ICSD/ITOM-Cloud-Service-Ops-Doc-Management-Process_686069689.md create mode 100644 knowledgebase/csd-wiki/ICSD/ITOM-Cloud-Service-Team_688992849.md create mode 100644 knowledgebase/csd-wiki/ICSD/ITOM-ESM-Cloud-Farm-Information_686079377.md create mode 100644 knowledgebase/csd-wiki/ICSD/ITOM-ESM-Cloud-Service-Catalog_688996649.md create mode 100644 knowledgebase/csd-wiki/ICSD/ITOM-ESM-Farm-Capacity-planning_706818364.md create mode 100644 knowledgebase/csd-wiki/ICSD/ITOM-ESM-License-Units-conversion_688996323.md create mode 100644 knowledgebase/csd-wiki/ICSD/ITOM-Operation-Platform_688996761.md create mode 100644 knowledgebase/csd-wiki/ICSD/ITOM-OpsB-NOM-Cloud-Service-Catalog_688996652.md create mode 100644 knowledgebase/csd-wiki/ICSD/ITOM-RnD-Interlock-Meetings_686070427.md create mode 100644 knowledgebase/csd-wiki/ICSD/ITOM-SaaS-Pain-Points_686083998.md create mode 100644 knowledgebase/csd-wiki/ICSD/Import-certificates-for-DND-resource-providers_688996312.md create mode 100644 knowledgebase/csd-wiki/ICSD/Incident-Management_686083927.md create mode 100644 knowledgebase/csd-wiki/ICSD/Innovation-and-incubation_686083965.md create mode 100644 knowledgebase/csd-wiki/ICSD/Instrumenting-and-diagnostics_686083884.md create mode 100644 knowledgebase/csd-wiki/ICSD/Integrate-with-Power-BI-to-create-FinOps-reports_686065345.md create mode 100644 knowledgebase/csd-wiki/ICSD/Isolate-ucmdbserver-and-ucmdbbrowser-pods-in-different-worker-nodes_688996319.md create mode 100644 knowledgebase/csd-wiki/ICSD/Issues-list-per-release_696536522.md create mode 100644 knowledgebase/csd-wiki/ICSD/Limit-data-in-thread-to-1-for-probe-sending-results-on-SaaS_688996331.md create mode 100644 knowledgebase/csd-wiki/ICSD/List-of-Runbooks_700163214.md create mode 100644 knowledgebase/csd-wiki/ICSD/Major-Incident-Customer-Communication-Template_686083948.md create mode 100644 knowledgebase/csd-wiki/ICSD/Major-Incident-Definition_691167040.md create mode 100644 knowledgebase/csd-wiki/ICSD/Major-Incident-Management-Process_686083938.md create mode 100644 knowledgebase/csd-wiki/ICSD/Major-Incident-Training_686070569.md create mode 100644 knowledgebase/csd-wiki/ICSD/Managed-Services-for-Multi-Cloud-Platform_686070220.md create mode 100644 knowledgebase/csd-wiki/ICSD/Mega-Audit-Preparation_689012718.md create mode 100644 knowledgebase/csd-wiki/ICSD/Migrate-roles-newly-added-in-CMS_688996336.md create mode 100644 knowledgebase/csd-wiki/ICSD/Monitoring-Alert-Serverity-Definition_686073660.md create mode 100644 knowledgebase/csd-wiki/ICSD/Monitoring-Database_686083870.md create mode 100644 knowledgebase/csd-wiki/ICSD/Monitoring-reference-for-newbie_686070588.md create mode 100644 knowledgebase/csd-wiki/ICSD/Monthly-SLA_686070031.md create mode 100644 knowledgebase/csd-wiki/ICSD/Multi-cloud-deployment_686070213.md create mode 100644 knowledgebase/csd-wiki/ICSD/NOM---Private-Cloud-Onboarding_704548762.md create mode 100644 knowledgebase/csd-wiki/ICSD/New-Farm-OPS-Requirments_688988220.md create mode 100644 knowledgebase/csd-wiki/ICSD/Newbie-training_686070534.md create mode 100644 knowledgebase/csd-wiki/ICSD/OO-APM-Monitoring-Business-Flow_686073823.md create mode 100644 knowledgebase/csd-wiki/ICSD/OP-tenant-decommission-process_690087778.md create mode 100644 knowledgebase/csd-wiki/ICSD/OpenText-Mega-Audit_686073965.md create mode 100644 knowledgebase/csd-wiki/ICSD/Operation-excellence-improvement_686083916.md create mode 100644 knowledgebase/csd-wiki/ICSD/Operational-Runbook_686073475.md create mode 100644 knowledgebase/csd-wiki/ICSD/Operations-Platform-24.4-deployment_693612997.md create mode 100644 knowledgebase/csd-wiki/ICSD/Operations-Platform-tenant-enablement_688996278.md create mode 100644 knowledgebase/csd-wiki/ICSD/OpsB-Deployment-Features_696546923.md create mode 100644 knowledgebase/csd-wiki/ICSD/OpsB-Service-Health-Page_686084003.md create mode 100644 knowledgebase/csd-wiki/ICSD/OpsB-and-NOM-Cloud-Deployments-Version-Tracking_686069604.md create mode 100644 knowledgebase/csd-wiki/ICSD/Optimize-the-IDOL-archive-queue-for-EU8_686074695.md create mode 100644 knowledgebase/csd-wiki/ICSD/Override-UCMDB-max-probe-number-for-a-specific-customer-on-SaaS_686074263.md create mode 100644 knowledgebase/csd-wiki/ICSD/Patch-Cloud-Deployment-Process_686087749.md create mode 100644 knowledgebase/csd-wiki/ICSD/Post-upgrade-task-for-UCMDB-24.3.2-for-US7-Salesforce-sandbox-tenant_688996352.md create mode 100644 knowledgebase/csd-wiki/ICSD/Pre-upgrade-task-of-AC-when-upgrade-from-24.2-to-24.3_688996364.md create mode 100644 knowledgebase/csd-wiki/ICSD/Prepare-Document_688996354.md create mode 100644 knowledgebase/csd-wiki/ICSD/Prevent-unverified-IP-addresses-from-accessing-tenants_688996491.md create mode 100644 knowledgebase/csd-wiki/ICSD/Process-for-license_709426883.md create mode 100644 knowledgebase/csd-wiki/ICSD/Process-on-how-to-handle-Security-Issues-found-by-Qualys-Scan_688996390.md create mode 100644 knowledgebase/csd-wiki/ICSD/Product-License-Management_686070229.md create mode 100644 knowledgebase/csd-wiki/ICSD/Product-Provision-Automation_686070431.md create mode 100644 knowledgebase/csd-wiki/ICSD/Product-Version-Upgrade_686083990.md create mode 100644 knowledgebase/csd-wiki/ICSD/Reduce-SMAX-license-buffer-in-tenant_688996392.md create mode 100644 knowledgebase/csd-wiki/ICSD/Remove-50-freemium-UD-Premium-license-for-existing-UD-SaaS-customers_688996394.md create mode 100644 knowledgebase/csd-wiki/ICSD/Renew-customer-certificates-in-Nginx_688996480.md create mode 100644 knowledgebase/csd-wiki/ICSD/Request-ESM-Products-Internal-Licenses_686070421.md create mode 100644 knowledgebase/csd-wiki/ICSD/Request-Unplanned-Change-in-Cloud-Production-Environment-Process_686070239.md create mode 100644 knowledgebase/csd-wiki/ICSD/Request-access-to-AWS-account-from-IGA-portal_686074273.md create mode 100644 knowledgebase/csd-wiki/ICSD/Retrospective_686083994.md create mode 100644 knowledgebase/csd-wiki/ICSD/Runbooks-based-on-monitoring_686083879.md create mode 100644 knowledgebase/csd-wiki/ICSD/SMAX---Enable-Pendo-for-SMAX-tenant_688982184.md create mode 100644 knowledgebase/csd-wiki/ICSD/SMAX-APM-Monitoring-Business-Flow_686087711.md create mode 100644 knowledgebase/csd-wiki/ICSD/SMAX-maintain-custom-language-packs_688996787.md create mode 100644 knowledgebase/csd-wiki/ICSD/SMAX-modify-maximum-attachement-size_688996790.md create mode 100644 knowledgebase/csd-wiki/ICSD/SQL-commands-request-for-Issue-2126361---Reconciliation-Issue-due-to-duplication-of-PK-in-URM-History_686074742.md create mode 100644 knowledgebase/csd-wiki/ICSD/SaaS-Change-UPN-Script-Runbook_686074283.md create mode 100644 knowledgebase/csd-wiki/ICSD/SaaS-Farm-specific-settings_686074238.md create mode 100644 knowledgebase/csd-wiki/ICSD/Satellite-table-related-feature-blocked-due-to-fuse-exceeded_686074726.md create mode 100644 knowledgebase/csd-wiki/ICSD/Scheduled-scaling_686083970.md create mode 100644 knowledgebase/csd-wiki/ICSD/Send-email-notification-to-SaaS-customers-via-PCS_686069617.md create mode 100644 knowledgebase/csd-wiki/ICSD/September-2025_718113214.md create mode 100644 knowledgebase/csd-wiki/ICSD/Service-Health-Page_686084001.md create mode 100644 knowledgebase/csd-wiki/ICSD/Set-up-Native-SACM-for-SaaS_688996404.md create mode 100644 knowledgebase/csd-wiki/ICSD/SocGen_686069980.md create mode 100644 knowledgebase/csd-wiki/ICSD/Standard-Ops-Runbook_686073477.md create mode 100644 knowledgebase/csd-wiki/ICSD/Steps-to-decomission-Vertica-used-by-Classic-FinOps_687151665.md create mode 100644 knowledgebase/csd-wiki/ICSD/Test_686070814.md create mode 100644 knowledgebase/csd-wiki/ICSD/The-sarmat-saw-con-0-pod-cannot-start-due-to-the-pod-data-was-broken-during-the-upgrade._688996417.md create mode 100644 knowledgebase/csd-wiki/ICSD/Toggle-plaftform-offline-NG-for-Native-SACM_686073929.md create mode 100644 knowledgebase/csd-wiki/ICSD/Transform-the-suite-to-a-Helm-deployment-on-24.2.FP1_688996419.md create mode 100644 knowledgebase/csd-wiki/ICSD/Transform-the-suite-to-a-Helm-deployment-on-24.3.2_688996421.md create mode 100644 knowledgebase/csd-wiki/ICSD/Troubleshooting-as-a-Service_693602624.md create mode 100644 knowledgebase/csd-wiki/ICSD/Troubleshooting-guide-for-CMS-UI-report-scheduler-issue_688996426.md create mode 100644 knowledgebase/csd-wiki/ICSD/Troubleshooting_688996268.md create mode 100644 knowledgebase/csd-wiki/ICSD/UCMDB-APM-Monitoring-Business-Flow_686073690.md create mode 100644 knowledgebase/csd-wiki/ICSD/UCMDB-Server-Master-key-rotation_688996428.md create mode 100644 knowledgebase/csd-wiki/ICSD/Update-HNSW-parameters-for-enhanced-Aviator-semantic-search-accuracy_686074753.md create mode 100644 knowledgebase/csd-wiki/ICSD/Update-VA-configurations-for-enhanced-Aviator-semantic-search-accuracy_686074767.md create mode 100644 knowledgebase/csd-wiki/ICSD/Upgrade-CMS-from-24.3-to-24.4_688996436.md create mode 100644 knowledgebase/csd-wiki/ICSD/Upgrade-CMS-to-24.4.2_688996438.md create mode 100644 knowledgebase/csd-wiki/ICSD/Upgrade-EKS-of-SMAX_706832577.md create mode 100644 knowledgebase/csd-wiki/ICSD/Upgrade-ESM_706819674.md create mode 100644 knowledgebase/csd-wiki/ICSD/Utilities-need-to-be-updated-after-NFS-volume-change_688996444.md create mode 100644 knowledgebase/csd-wiki/ICSD/Workaround-Solutions_686074552.md create mode 100644 knowledgebase/csd-wiki/ICSD/Workaround-to-avoid-EFS-credits-used-up-after-upgrading-SaaS-UCMDB-to-24.3.2_688996457.md create mode 100644 knowledgebase/csd-wiki/ICSD/Zero-trust-security-configuration-for-ACME_688996466.md create mode 100644 knowledgebase/csd-wiki/ICSD/index.md create mode 100644 knowledgebase/csd-wiki/ICSD/mitigation_710799110.md create mode 100644 knowledgebase/csd-wiki/ICSD/steps-essBackTenantSettingResetUpgradeStep-upgrade-failure_688996408.md create mode 100644 wiki/concepts/AWS-Backup.md create mode 100644 wiki/concepts/Docker-容器化.md create mode 100644 wiki/concepts/EFS-vs-EBS.md create mode 100644 wiki/concepts/Packer.md create mode 100644 wiki/concepts/TerraGrunt.md create mode 100644 wiki/concepts/VPC-Transit-Gateway.md create mode 100644 wiki/entities/CTP.md create mode 100644 wiki/entities/Holger-Rode.md create mode 100644 wiki/entities/Octane-Hub.md create mode 100644 wiki/sources/ctp-topic-14-octane-hub-on-aws-real-life-experience.md create mode 100644 wiki/sources/ctp-topic-44-aws-backup-in-micro-focus.md diff --git a/Hermes/xingzhi/cloud-readiness-infographic-prompts.md b/Hermes/xingzhi/cloud-readiness-infographic-prompts.md new file mode 100644 index 00000000..935d2444 --- /dev/null +++ b/Hermes/xingzhi/cloud-readiness-infographic-prompts.md @@ -0,0 +1,574 @@ +# Cloud Readiness Infographic — 6 Prompts (Chalkboard Style, Style-Locked) + +> **Layout:** grid-cards (bento-grid) | **Style:** chalkboard | **Aspect:** 16:9 | **Language:** en +> **Output:** 6 image files, one per card, style must be identical across all cards. + +--- + +## SYSTEM PROMPT (Set this once at the start of the Gemini session) + +``` +You are an infographic generation assistant. Your job is to create 6 chalkboard-style +infographic cards that form a complete visual guide. + +== GLOBAL STYLE RULES (apply to EVERY card, no exceptions) == + +Background: +- Dark green-black chalkboard: #1C2B1C +- Realistic chalkboard texture with subtle scratches, dust particles, faint eraser smudge marks +- Wooden frame border on all cards (hand-drawn wood grain lines in chalk brown/tan) +- NO gradients, NO perfect geometric shapes, NO photorealistic elements + +Chalk Lines & Quality: +- ALL lines must be hand-drawn, imperfect, sketchy — slight wobble and variation +- Lines should look like real white/colored chalk on a blackboard +- NO clean digital vectors, NO sharp vector paths + +Color Palette (strict — use ONLY these exact hex values): +- Chalk White: #F5F5F5 (main text, outlines) +- Chalk Yellow: #FFE566 (highlights, emphasis, underlines) +- Chalk Pink: #FF9999 (secondary highlights, icons) +- Chalk Blue: #66B3FF (diagrams, technical elements) +- Chalk Green: #90EE90 (success, nature, positive) +- Chalk Orange: #FFB366 (warnings, energy) +- Frame Brown: #8B6914 (wooden frame, hand-drawn) + +Doodles & Decorative Elements: +- Small hand-drawn stars (5-7 points, imperfect) +- Hand-drawn underlines (slightly wavy) +- Hand-drawn arrows (sketchy shaft + arrowhead) +- Hand-drawn circles/ovals around key terms +- Hand-drawn checkmarks +- Scattered chalk dust particles near bottom/sides + +Typography: +- All text hand-drawn chalk lettering style +- Imperfect baseline (letters slightly off horizontal) +- Mix of uppercase headers and lowercase body text for authenticity +- Visible chalk texture on letters + +== CARD STRUCTURE (identical for all 6 cards) == + +Each card follows this layout: +┌──────────────────────────────────────────┐ +│ [WOODEN FRAME BORDER] │ +│ ┌────────────────────────────────────┐ │ +│ │ CARD TITLE (large, chalk white) │ │ +│ │ ~~underlined with accent color~~ │ │ +│ ├────────────────────────────────────┤ │ +│ │ [SECTION 1] │ [SECTION 2 if any] │ │ +│ │ Header color │ │ │ +│ │ Bullets │ │ │ +│ │ Icon │ │ │ +│ ├────────────────────────────────────┤ │ +│ │ [Additional sections as needed] │ │ +│ │ [Decorative doodles in corners] │ │ +│ └────────────────────────────────────┘ │ +└──────────────────────────────────────────┘ + +== CONSISTENCY RULES == + +1. Generate Card 1 first, send it to me +2. For Card 2–6, EXPLICITLY include this instruction: + "Follow the exact same chalkboard style as the previous card — + same background #1C2B1C, same chalk dust texture, same hand-drawn + line quality, same color hex values (#F5F5F5, #FFE566, #FF9999, + #66B3FF, #90EE90, #FFB366), same wooden frame border, same doodle + elements. Do NOT deviate from this style." +3. Aspect ratio: 16:9 for all cards +4. Each card should visually "belong" to the same set + +== HOW TO USE THESE PROMPTS == + +1. Copy the SYSTEM PROMPT above and paste it at the start of your Gemini session +2. Then copy Prompt 1 and send it to Gemini Image Gen (Card 1) +3. Once Card 1 is generated, copy Prompt 2 but FIRST include the STYLE LOCK BLOCK +4. Repeat for all 6 cards, always referencing the previous card's style +5. Review each generated image: if chalk line quality or colors deviate, + regenerate with stronger style enforcement +``` + +--- + +## STYLE LOCK BLOCK (Prepend this to Prompts 2–6) + +``` +== STYLE LOCK — MANDATORY == + +This card MUST follow the EXACT same chalkboard style as the previously +generated card. Do not deviate. + +Checklist — verify these match the previous card BEFORE generating: +□ Background color: #1C2B1C (dark green-black chalkboard) +□ Chalk texture: subtle scratches, dust, eraser smudges +□ Line quality: hand-drawn, imperfect, sketchy wobble — NO perfect vectors +□ Color hex values: #F5F5F5 (white), #FFE566 (yellow), #FF9999 (pink), + #66B3FF (blue), #90EE90 (green), #FFB366 (orange) +□ Frame: wooden border with hand-drawn wood grain +□ Doodles: stars, underlines, arrows, circles — all chalk-drawn +□ Typography: chalk lettering, imperfect baseline, chalk texture on letters + +If ANY element does not match, regenerate with corrections. +``` + +--- + +## CARD 1 — Saleable & Security + +``` +== STYLE LOCK — MANDATORY == + +This card MUST follow the EXACT same chalkboard style as the previously +generated card. Do not deviate. + +Checklist — verify these match the previous card BEFORE generating: +□ Background color: #1C2B1C (dark green-black chalkboard) +□ Chalk texture: subtle scratches, dust, eraser smudges +□ Line quality: hand-drawn, imperfect, sketchy wobble — NO perfect vectors +□ Color hex values: #F5F5F5 (white), #FFE566 (yellow), #FF9999 (pink), + #66B3FF (blue), #90EE90 (green), #FFB366 (orange) +□ Frame: wooden border with hand-drawn wood grain +□ Doodles: stars, underlines, arrows, circles — all chalk-drawn +□ Typography: chalk lettering, imperfect baseline, chalk texture on letters + +If ANY element does not match, regenerate with corrections. + +--- + +INFOGRAPHIC CARD 1: Saleable & Security + +Create a single infographic card in chalkboard style with a dark green-black +background (#1C2B1C), realistic chalk dust texture, subtle eraser smudge marks, +and a wooden frame border with hand-drawn wood grain lines. + +Card is 16:9 aspect ratio. All elements must look hand-drawn with real chalk — +imperfect sketchy lines, slight wobble, no clean vectors. + +TITLE SECTION: +- "Saleable & Security" in large hand-drawn chalk white (#F5F5F5) uppercase + lettering, centered at top +- Double underline in chalk yellow (#FFE566), slightly wavy hand-drawn lines +- Small hand-drawn star doodles on each side of the title + +TWO-COLUMN LAYOUT below title: + +LEFT COLUMN — "Saleable" (header in chalk pink #FF9999, hand-drawn rectangle bar): + • Complete product definition in Control Tower + • SKUs clearly defined + • License generation strategy complete + Bullet markers: small chalk pink circles + Icon: hand-drawn chalk sketch of a product box with a small price tag label, + in chalk yellow on white outline + +RIGHT COLUMN — "Security" (header in chalk blue #66B3FF, hand-drawn rectangle bar): + • Application self-defensibility capability + • WAF rules to protect cloud apps + • Defend against incorrect usage (accidental & purposeful) + Bullet markers: small chalk blue circles + Icon: hand-drawn chalk shield with a simple checkmark inside, outline in + chalk white, fill in semi-transparent chalk blue + +FOOTER DECORATION: +- A hand-drawn chalk dividing line across the card width +- Two small doodle checkmarks at bottom right in chalk green (#90EE90) +- Scattered chalk dust particles along the bottom edge + +NO gradients, NO sharp geometric shapes, NO flat digital icons. +``` + +--- + +## CARD 2 — Cloud Deployment & Configuration + +``` +== STYLE LOCK — MANDATORY == + +This card MUST follow the EXACT same chalkboard style as the previously +generated card. Do not deviate. + +Checklist — verify these match the previous card BEFORE generating: +□ Background color: #1C2B1C (dark green-black chalkboard) +□ Chalk texture: subtle scratches, dust, eraser smudges +□ Line quality: hand-drawn, imperfect, sketchy wobble — NO perfect vectors +□ Color hex values: #F5F5F5 (white), #FFE566 (yellow), #FF9999 (pink), + #66B3FF (blue), #90EE90 (green), #FFB366 (orange) +□ Frame: wooden border with hand-drawn wood grain +□ Doodles: stars, underlines, arrows, circles — all chalk-drawn +□ Typography: chalk lettering, imperfect baseline, chalk texture on letters + +If ANY element does not match, regenerate with corrections. + +--- + +INFOGRAPHIC CARD 2: Cloud Deployment & Configuration + +Create a single infographic card in chalkboard style with a dark green-black +background (#1A1A1A), realistic chalk dust texture, subtle eraser smudge marks, +and a wooden frame border with hand-drawn wood grain lines. + +Card is 16:9 aspect ratio. All elements must look hand-drawn with real chalk — +imperfect sketchy lines, slight wobble, no clean vectors. + +TITLE SECTION: +- "Cloud Deployment & Configuration" in large hand-drawn chalk white (#F5F5F5) + uppercase lettering, centered at top +- Underline in chalk green (#90EE90), hand-drawn wavy line +- Small star doodle on left side of title + +MAIN CONTENT AREA: +Header bar: "Deployment Requirements" in chalk blue (#66B3FF) hand-drawn +rectangle + +Bullet list (chalk white text, chalk yellow bullet markers): + ✔ Fully automated cloud platform deployment + ✔ Web / API enabled configuration management + ✔ All feature & functional configs through API interface + ✔ Tenant capability enablement + +Sub-section header: "Configuration Management" in chalk pink (#FF9999) + +HAND-DRAWN FLOWCHART (center of card): +Three chalk blue boxes connected by sketchy chalk arrows: + + [Cloud Platform] --arrow--> [API Gateway] --arrow--> [Tenant Config] + +Each box: hand-drawn rectangle with slightly wavy edges, white #F5F5F5 outline +Text inside boxes: chalk white +Arrows: hand-drawn with slight wobble, chalk blue + +ADDITIONAL ELEMENT: +Hand-drawn stick figure engineer icon (simple, chalk white) on the right side +holding a small chalk-drawn tablet/device + +CORNER DOODLES: +- Top right: small hand-drawn cloud shape labeled "SaaS" in chalk orange (#FFB366) +- Bottom left: chalk pink circle with "API" text inside +- Scattered chalk dust particles near the wooden frame + +NO gradients, NO sharp geometry, NO digital-looking elements. +``` + +--- + +## CARD 3 — HA & Self Recovery + +``` +== STYLE LOCK — MANDATORY == + +This card MUST follow the EXACT same chalkboard style as the previously +generated card. Do not deviate. + +Checklist — verify these match the previous card BEFORE generating: +□ Background color: #1C2B1C (dark green-black chalkboard) +□ Chalk texture: subtle scratches, dust, eraser smudges +□ Line quality: hand-drawn, imperfect, sketchy wobble — NO perfect vectors +□ Color hex values: #F5F5F5 (white), #FFE566 (yellow), #FF9999 (pink), + #66B3FF (blue), #90EE90 (green), #FFB366 (orange) +□ Frame: wooden border with hand-drawn wood grain +□ Doodles: stars, underlines, arrows, circles — all chalk-drawn +□ Typography: chalk lettering, imperfect baseline, chalk texture on letters + +If ANY element does not match, regenerate with corrections. + +--- + +INFOGRAPHIC CARD 3: HA & Self Recovery + +Create a single infographic card in chalkboard style with a dark green-black +background (#1C2B1C), realistic chalk dust texture, subtle eraser smudge marks, +and a wooden frame border with hand-drawn wood grain lines. + +Card is 16:9 aspect ratio. All elements must look hand-drawn with real chalk — +imperfect sketchy lines, slight wobble, no clean vectors. + +TITLE SECTION: +- "HA & Self Recovery" in large hand-drawn chalk white (#F5F5F5) uppercase + lettering +- Double underline in chalk yellow (#FFE566), wavy hand-drawn lines +- Small chalk yellow star doodles flanking the title + +THREE-COLUMN GRID LAYOUT: + +COLUMN 1 — "HA" (header: chalk blue #66B3FF in hand-drawn rectangle): + Icon: Three small chalk white server boxes connected by hand-drawn + chalk blue lines (triangle topology) + Bullet: High Availability architecture + Bullet: Load Balancing configured + +COLUMN 2 — "Fault Tolerance" (header: chalk pink #FF9999 in hand-drawn rectangle): + Icon: Hand-drawn chalk shield with a bold chalk checkmark in chalk green + Bullet: App survives machine restart + Bullet: Node functionality auto-restores + +COLUMN 3 — "Self Recovery" (header: chalk green #90EE90 in hand-drawn rectangle): + Icon: Circular arrow (hand-drawn) in chalk yellow showing recovery cycle + Bullet: DB / File System auto-restores + Bullet: No app restart needed after connectivity issue + Bullet: Problem documented in logs + +BOTTOM RECOVERY CYCLE DIAGRAM: +Hand-drawn circular flowchart in the lower half: + + FAULT --> DETECT --> AUTO-RECOVER --> MONITOR + +Chalk white boxes with #66B3FF outlines connected by sketchy #FFE566 arrows. +Each arrow has a small hand-drawn arrowhead. +Cycle arrows connecting back from MONITOR to FAULT in chalk pink. + +DECORATIVE: +- Chalk orange (#FFB366) wavy underline under "Self Recovery" +- Small doodle lightning bolt near the cycle diagram +- Chalk dust particles near the wooden frame border + +NO gradients, NO sharp geometry, NO perfect circles. All hand-drawn chalk style. +``` + +--- + +## CARD 4 — Upgrade & Patch + +``` +== STYLE LOCK — MANDATORY == + +This card MUST follow the EXACT same chalkboard style as the previously +generated card. Do not deviate. + +Checklist — verify these match the previous card BEFORE generating: +□ Background color: #1C2B1C (dark green-black chalkboard) +□ Chalk texture: subtle scratches, dust, eraser smudges +□ Line quality: hand-drawn, imperfect, sketchy wobble — NO perfect vectors +□ Color hex values: #F5F5F5 (white), #FFE566 (yellow), #FF9999 (pink), + #66B3FF (blue), #90EE90 (green), #FFB366 (orange) +□ Frame: wooden border with hand-drawn wood grain +□ Doodles: stars, underlines, arrows, circles — all chalk-drawn +□ Typography: chalk lettering, imperfect baseline, chalk texture on letters + +If ANY element does not match, regenerate with corrections. + +--- + +INFOGRAPHIC CARD 4: Upgrade & Patch + +Create a single infographic card in chalkboard style with a dark green-black +background (#1A1A1A), realistic chalk dust texture, subtle eraser smudge marks, +and a wooden frame border with hand-drawn wood grain lines. + +Card is 16:9 aspect ratio. All elements must look hand-drawn with real chalk — +imperfect sketchy lines, slight wobble, no clean vectors. + +TITLE SECTION: +- "Upgrade & Patch" in large hand-drawn chalk white (#F5F5F5) uppercase + lettering, centered +- Underline in chalk blue (#66B3FF), wavy hand-drawn line +- Small chalk yellow star doodles flanking the title + +LEFT SIDE — Key Principles (larger section, 60% width): + +Header bar: "Maintainability" in chalk pink (#FF9999) hand-drawn rectangle + +Numbered list with hand-drawn chalk numbers (1, 2, 3, 4) in chalk yellow: + 1. Standard & predictable upgrade process + 2. Backward compatibility across 2+ releases + 3. Maintenance activities occur online + 4. Functions changed in a standard, predictable manner + +Side annotation in chalk orange (#FFB366): + "⚠ Keep backward compatible!" + with a hand-drawn wavy underline + +RIGHT SIDE — Visual Element (40% width): + +VERTICAL STEP DIAGRAM showing upgrade staircase: + [v1.0] --> [v2.0] --> [v3.0] --> [vN] +Each version box: chalk white #F5F5F5 hand-drawn rectangle with slight wobble +Upward chalk green (#90EE90) arrow pointing from each step to the next +Small label below each box: "release N" in chalk white + +Small hand-drawn tool icon at the bottom right: + A chalk wrench (imperfect lines) in chalk yellow + +BOTTOM DECORATIVE ELEMENTS: +- A hand-drawn chalk horizontal dividing line +- Two doodle checkmarks in chalk green (#90EE90) +- Chalk dust particles scattered at the bottom frame edge +- A small doodle arrow circling back (representing backward compatibility) + +NO gradients, NO sharp geometric shapes, NO flat digital icons. +All elements chalk-drawn with authentic imperfect sketch quality. +``` + +--- + +## CARD 5 — Backup & Restore + Documentation + +``` +== STYLE LOCK — MANDATORY == + +This card MUST follow the EXACT same chalkboard style as the previously +generated card. Do not deviate. + +Checklist — verify these match the previous card BEFORE generating: +□ Background color: #1C2B1C (dark green-black chalkboard) +□ Chalk texture: subtle scratches, dust, eraser smudges +□ Line quality: hand-drawn, imperfect, sketchy wobble — NO perfect vectors +□ Color hex values: #F5F5F5 (white), #FFE566 (yellow), #FF9999 (pink), + #66B3FF (blue), #90EE90 (green), #FFB366 (orange) +□ Frame: wooden border with hand-drawn wood grain +□ Doodles: stars, underlines, arrows, circles — all chalk-drawn +□ Typography: chalk lettering, imperfect baseline, chalk texture on letters + +If ANY element does not match, regenerate with corrections. + +--- + +INFOGRAPHIC CARD 5: Backup & Restore + Documentation + +Create a single infographic card in chalkboard style with a dark green-black +background (#1C2B1C), realistic chalk dust texture, subtle eraser smudge marks, +and a wooden frame border with hand-drawn wood grain lines. + +Card is 16:9 aspect ratio. All elements must look hand-drawn with real chalk — +imperfect sketchy lines, slight wobble, no clean vectors. + +TITLE SECTION: +- "Backup & Documentation" in large hand-drawn chalk white (#F5F5F5) + uppercase lettering, centered +- Underline in chalk yellow (#FFE566), wavy hand-drawn double line +- Chalk pink star doodles on both sides of the title + +TWO-SECTION VERTICAL LAYOUT: + +SECTION 1 — TOP HALF: "Backup & Restore" +Header bar: chalk yellow (#FFE566) hand-drawn rectangle with text in chalk white + Icon on right: Hand-drawn chalk bucket pouring data streams into a + chalk blue shield (representing backup protection) +Bullets (chalk white text, chalk yellow bullet markers): + ✔ Complete data backup & recovery solution + ✔ Well-documented backup procedures + ✔ Recovery procedures validated and tested + ✔ Backup validated through testing cycles + +SECTION 2 — BOTTOM HALF: "Documentation" +Header bar: chalk pink (#FF9999) hand-drawn rectangle with text in chalk white + Icon on right: Hand-drawn open book with visible pages, chalk white outline +Bullets (chalk white text, chalk pink bullet markers): + ✔ Customer-facing documentation portal + ✔ Internal docs: deployment, upgrade, sizing guides + ✔ Backend integration & API documentation + ✔ Troubleshooting guide & affected functionality docs + +CENTER DIVIDER: +Thin hand-drawn chalk white horizontal line separating the two sections +with a small hand-drawn circle doodle at the center of the line + +CORNER DECORATIONS: +- Top right: small doodle document/page icon in chalk blue +- Bottom left: small doodle lock icon (representing backup security) + in chalk orange +- Chalk dust particles along the bottom wooden frame + +NO gradients, NO perfect shapes, NO digital icons. All chalk-drawn. +``` + +--- + +## CARD 6 — Observability & Service Management + +``` +== STYLE LOCK — MANDATORY == + +This card MUST follow the EXACT same chalkboard style as the previously +generated card. Do not deviate. + +Checklist — verify these match the previous card BEFORE generating: +□ Background color: #1C2B1C (dark green-black chalkboard) +□ Chalk texture: subtle scratches, dust, eraser smudges +□ Line quality: hand-drawn, imperfect, sketchy wobble — NO perfect vectors +□ Color hex values: #F5F5F5 (white), #FFE566 (yellow), #FF9999 (pink), + #66B3FF (blue), #90EE90 (green), #FFB366 (orange) +□ Frame: wooden border with hand-drawn wood grain +□ Doodles: stars, underlines, arrows, circles — all chalk-drawn +□ Typography: chalk lettering, imperfect baseline, chalk texture on letters + +If ANY element does not match, regenerate with corrections. + +--- + +INFOGRAPHIC CARD 6: Observability & Service Management + +Create a single infographic card in chalkboard style with a dark green-black +background (#1A1A1A), realistic chalk dust texture, subtle eraser smudge marks, +and a wooden frame border with hand-drawn wood grain lines. + +Card is 16:9 aspect ratio. All elements must look hand-drawn with real chalk — +imperfect sketchy lines, slight wobble, no clean vectors. + +TITLE SECTION: +- "Observability & Service Management" in large hand-drawn chalk white + (#F5F5F5) uppercase lettering, centered +- Underline in chalk blue (#66B3FF), wavy hand-drawn double line +- Chalk yellow star doodles flanking the title + +THREE-ROW VERTICAL LAYOUT: + +ROW 1 — "Monitoring" (header bar: chalk blue #66B3FF, hand-drawn rectangle): + Left side bullets (chalk white text): + • App health exposed: node / component / farm / tenant / integration + • APM / BPM for SLA calculation + • Runbooks for NOC / Ops resolution + Right side icon: Hand-drawn chalk dashboard panel with three + sketchy chart lines in chalk yellow, chalk blue, chalk pink + Bullet markers: small chalk blue circles + +ROW 2 — "Performance & Capacity" (header bar: chalk green #90EE90, hand-drawn rectangle): + Left side bullets (chalk white text): + • Metrics: users / transactions / requests per farm + • Tenant capacity & footprint measured + • Tableau / Power BI usage reporting + Right side icon: Hand-drawn chalk bar chart with 3 vertical bars + (yellow, pink, green) with sketchy axis lines + Bullet markers: small chalk green circles + +ROW 3 — "Service Management" (header bar: chalk pink #FF9999, hand-drawn rectangle): + Left side bullets (chalk white text): + • Service catalog for SaaS Ops team + • Customer-oriented service offerings defined + • Complete service scope documentation + Right side icon: Hand-drawn chalk checklist with 3 checked boxes + Bullet markers: small chalk pink circles + +ROW DIVIDERS: +Thin sketchy chalk white horizontal lines between each row +Small hand-drawn doodle dots at the intersection of divider lines + +BOTTOM DECORATIVE ELEMENTS: +- Three small doodle checkmarks in chalk green (#90EE90) near the bottom +- A chalk orange wavy underline below the final row +- Chalk dust particles along the bottom frame +- Small star doodles in top corners + +NO gradients, NO sharp geometry, NO flat digital icons. +All chalk-drawn with authentic imperfect sketch quality. +``` + +--- + +## How to Use This File + +``` +SEQUENCE: +1. Gemini session start → paste the SYSTEM PROMPT +2. Send CARD 1 prompt → receive Card 1 image +3. Paste CARD 2 prompt (it includes STYLE LOCK BLOCK) → receive Card 2 +4. Repeat for Cards 3–6 + +VERIFICATION after each card: +- Does background look like #1C2B1C dark green-black chalkboard? ✓/✗ +- Do all lines look hand-drawn/sketchy? ✓/✗ +- Are colors using the exact hex values? ✓/✗ +- Is there a wooden frame border? ✓/✗ +- Are doodles (stars, underlines, arrows) hand-drawn? ✓/✗ +- Does it match the previous card visually? ✓/✗ + +If any check fails → regenerate with stronger style enforcement. +``` diff --git a/Pasted image 20260418164759.png b/Pasted image 20260418164759.png new file mode 100644 index 0000000000000000000000000000000000000000..60f966436bca335788f9ea4d21f4ee4c8cfbdba9 GIT binary patch literal 10253 zcmeAS@N?(olHy`uVBq!ia0y~yU;#3j^f}mo)GPCqQ9z2ZILO_JVcj{Imq3n7YJ_K+ zuP=iZkj=rs*q#a2zzF0?0Wkvu^8!W&W+2T7gbWLqV6rR>3z%VSCVh}XH_?q(85q>d zJzX3_Dj45hKgii^Ai)-JTTaFyr~lnUF1?F>4^!SfJg6GAw?a^)Ws<0i%SmpQqLbgB zS8rG8bZuZ@WMbhEP;eM!j0VDJN*K)rqq$%-7mVhD(OfW^3r2InXf7Dd1*5rOG#8A3 zT<}e}Lj36S=+ONe4p;6^@q~1V4+Ju8U(7bs8IlKL!WC-%d^S1j+*~*Bclc$S^|z0m z<^&}UhdE5&EwZzHQM1Y;p^77+;n9$=OXxnZLC1M!>eDUjg721=TKB!3CR0Az?H(O_ z7#(*R%>|>mU^Ewu=7P~&Fq#WSbHQjX7|jKvxnMLGjOK#TTripoMsvYvE*Q-Pqq$%- j7mVhD!IujT++_W?X^X6N@QY$W&{8~4S3j3^P6- Complete license generation strategy | +| Deployability Configurability | Cloud Deployment & Configuration | - Cloud Applications can be deployed on a given Cloud platform in a fully or partially automated manner.
- All required feature and functional configuration management should be provided through a Web/API enabled interface. Like enable tenant capabilities | +| Availability | HA & Self Recovery | - HA, Load Balancing and Fault Tolerance testing
- App recover automatically after machine restart in order to maintain stability - Restarting App service will restore all node functionality and integrations
- DB/File System connection should restore automatically after an issue (ex, network connectivity) without restarting the App service and should document the problem in the logs. | +| Maintainability | Upgrade/Patch | - Cloud application component to be upgraded, patched or functions changed in a standard and predictable manner. Maintainability requires backward compatibility through 2 or more releases to enable maintenance activities to occur online. | +| Recoverability | Backup & Restore | - Cloud Application has a complete data backup and recovery solution with well-documented backup and recovery procedures that have been validated and tested | +| Observability | Monitoring | - Expose application health for monitoring - node\\component\\farm\\tenant\\integration - Implement application monitoring and thresholds based on best practices - Major functionality monitoring (APM/BPM) for SLA calculation - Implement usage\\load\\performance monitoring on farm\\components based on best practices - Runbooks – resolutions for each alert that will be handled by the NOC/Ops | +| | Documentation | - SaaS Customer facing documentation portal - Internal documentations for Ops like deployment guide, upgrade, sizing guide, backend integration, APIs, affected functionality in case of a component failure, troubleshooting guide etc. | +| Observability | Performance & Capacity | - Measure performance and load and share metrics - number of users\\transactions\\requests the farm can handle - Measure and determine farm capacity in term of number of tenants and their footprint - Provide runbook in case farm limit reached its threshold (Example - Add another Server) - Expose metrics of customer product usage - Can be implemented with the help of Tableau\\Power BI reporting based on what expose. Like License usage, tenant information etc. | +| Securability Defensibility | Security | - Capability and awareness of the application to defend itself against incorrect usage. Both accidental and purposeful. Like develop WAF rules to protect Cloud Applications | +| | Service Management | - Define what services from the customer's perspective will need to be fulfilled by the SaaS Ops team when the product goes live. A detailed service catalog needs to be listed as well as an instruction document of the services to be completed - Customer-oriented service catalogs need to be defined as corresponding service offerings and made available to customers through support tooling. The service offering requires a complete definition of the scope of the service and the information, documentation, etc. that needs to be provided. | diff --git a/knowledgebase/csd-wiki/ICSD/AC-24.4-Post-Upgrade-Steps_688983025.md b/knowledgebase/csd-wiki/ICSD/AC-24.4-Post-Upgrade-Steps_688983025.md new file mode 100644 index 00000000..6848855c --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/AC-24.4-Post-Upgrade-Steps_688983025.md @@ -0,0 +1,24 @@ +# AC-24.4-Post-Upgrade-Steps_688983025 +**1\. AC Data Maintenance Jobs - Remove the older Postgres Procedue for purge of the AC services** + +As part of ' [Issue 2348102 - \[AC\]: The tasks records for AC services (DataSync & VPS) are not purged, as part of daily maintenance jobs.](https://internal.almoctane.com/ui/entity-navigation?p=97002/32001&entityType=work_item&id=2348102)' we've some changes to the database procedures. Hence we need to delete the existing 'create\_procedues.dlm' file from the below location to have the Data-Maintenance cronjob working as expected. +Steps: + +1\. Login the bastion host where the K8s is running. + +2\. Goto File Loation: /efs/var/vols/itom/itsma/logging-volume/ac/data-maintenance/logs/itsma-eks/maintenance + +(i.e. the NFS mounted patch for data-minaternance\] +3\. Remove the file 'create\_procedures.dlm +rm -r create\_procedures.dlm + +File Name: create\_procedures.dlm +Note: Here after the deletion, the file get created newly with the latest changes, once the cron job is scheduled to run next time. + +Sample of file path and file name (highlighted) + +![](attachments/688983025/688983024.png) + +## Attachments: + +[image2024-9-20\_17-4-41.png](attachments/688983025/688983024.png) (image/png) diff --git a/knowledgebase/csd-wiki/ICSD/APM---CITI---Reported-Vulnerabilities-and-Issues_696523815.md b/knowledgebase/csd-wiki/ICSD/APM---CITI---Reported-Vulnerabilities-and-Issues_696523815.md new file mode 100644 index 00000000..fe8ada73 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/APM---CITI---Reported-Vulnerabilities-and-Issues_696523815.md @@ -0,0 +1,13 @@ +# APM---CITI---Reported-Vulnerabilities-and-Issues_696523815 +| Ticket UT | Vulnerabilities Reported in APM 960 version in March 2025 | Owner | Priority | CPE Cases | Comments | Status | Apply on Staging | Deadline to implement on prod | +| --- | --- | --- | --- | --- | --- | --- | --- | --- | +| SD00496396/IM00495939 | Cross-site Scripting - DOM Based. Issue Discovered from Vulnerability Assessment | SubbaReddy | H1 | OCTIM19G2471704 | - Fix applied on 33F staging farm, positive feedback from customer. | **Closed** | Completed | Completed | +| SD00496831/IM00496084 | Cross-site Scripting (Pre-Authentication) Issue Discovered from Vulnerability Assessment | SubbaReddy | H1 | OCTIM19G2472007 | - Retest successful - Deployed on production environment on the 25th of May | **Closed** | 02 May 2025 | 18 May 2025 | +| SD00496835/IM00496087 | Unauthorized Write Access (Post-authentication) Issue Discovered from Vulnerability Assessment | SubbaReddy | H2 | OCTIM19G2472008 | - H2 issue retest successful - Applied on the Production HF on 20 th July. | **Closed** | 22 Jun 2025 | 20 Jul 2025 | +| IM00496092/SD00496846 | Weak Password Complexity Issue Discovered from Vulnerability Assessment | SubbaReddy | H3 | OCTIM19G2472009 | - No password complexity to be implemented, the customer confirmed retest was successful. | **Closed** | | | +| IM00496093/SD00496849 | No Account Lockout After Multiple Failed Attempts Issue Discovered from Vulnerability Assessment | SubbaReddy | H5 | OCTIM19G2472010 | - No password complexity to be implemented, the customer confirmed retest was successful. | **Closed** | | | +| IM00496100/SD00496860 | Sensitive Information Passed in Cleartext in GET URL Issue Discovered from Vulnerability Assessment | SubbaReddy | M2 | OCTIM19G2473081 | - Fix deployed on staging, awaiting customer feedback - Confirmation received from customer that pretest is successful. - To be applied this weekend to prod | **Closed** | 02 May 2025 | 08 Jun 2025 | +| IM00496099/SD00496859 | Suspicious Files Found in Recursive Directory Issue Discovered from Vulnerability Assessment | SubbaReddy | M1 | OCTIM19G2473082 | - Validated with RnD Team that the files are required for APM, justification provided to the customer. The customer confirmed this can be closed | **Closed** | | | +| IM00496101/SD00496861 | Session Remains Active After Logout Issue Discovered from Vulnerability Assessment | SubbaReddy | M3 | OCTIM19G2472092 | - **New fix applied, still not working** - **RnD investigation required.** | Under investigation | 28 Aug 2025 | | +| IM00496102/SD00496863 | Server-Side Request Forgery Issue Discovered from Vulnerability Assessment | SubbaReddy | M4 | OCTIM19G2473083 | **Closed** | 01 Jun 2025 | 22 Jun 2025 | +| IM00495787/SD00496057 | BPM Agents Tab Error | SubbaReddy | H4 | OCTIM19G2471324 | - This was blocked by Vulnerability was detected in 2022, provided the details to customer, pending with VA retest. | **Closed** | Completed | | diff --git a/knowledgebase/csd-wiki/ICSD/APM-Monitoring_686073667.md b/knowledgebase/csd-wiki/ICSD/APM-Monitoring_686073667.md new file mode 100644 index 00000000..142e812d --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/APM-Monitoring_686073667.md @@ -0,0 +1,15 @@ +# APM-Monitoring_686073667 +1. [ITOM Cloud Service Delivery](index.html) +2. [ITOM Cloud Service Delivery](ITOM-Cloud-Service-Delivery_681555087.html) +3. [💠3 - Operation & Maintenance](682933064.html) + +Created by, last modified by Wei Shen on Feb 08, 2025 EST + +- [HCMX APM Monitoring Business Flow](HCMX-APM-Monitoring-Business-Flow_686073715.html) +- [OO APM Monitoring Business Flow](OO-APM-Monitoring-Business-Flow_686073823.html) +- [SMAX APM Monitoring Business Flow](SMAX-APM-Monitoring-Business-Flow_686087711.html) +- [UCMDB APM Monitoring Business Flow](UCMDB-APM-Monitoring-Business-Flow_686073690.html) + +Document generated by Confluence on Sep 15, 2025 22:25 EDT + +[Atlassian](https://www.atlassian.com/) diff --git a/knowledgebase/csd-wiki/ICSD/AWS-Cognito-User-Creation_708224408.md b/knowledgebase/csd-wiki/ICSD/AWS-Cognito-User-Creation_708224408.md new file mode 100644 index 00000000..fbfd8615 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/AWS-Cognito-User-Creation_708224408.md @@ -0,0 +1,70 @@ +# AWS-Cognito-User-Creation_708224408 +## AWS Cognito users are used for authentication to login to the following Ops tools: + +- **SaaS Ops Jenkins Tool** - [https://saas-ops.itsma-ng.net/](https://saas-ops.itsma-ng.net/) +- **ESM SaaS System Health Page Ops Console** - [https://smax-health.saas.microfocus.com/ops](https://smax-health.saas.microfocus.com/ops) (Use this permission to support SaaS 911 case to publish the incident report for customer communication) +- **ESM Saas ELK Log Analysis (OpenSearch)** - Contains 14 days of logs. Currently available only for the following farms: US2, US6/EU8, EU30 (aviator) +- **Grafana Monitors for ESM SaaS Farms** + +CSD Ops team have the permission needed to create users in AWS Cognito. Currently, there are 3 user persona's: + +- CSD Ops team - admins +- CSD Ops team - team member +- Core CPE Team limited access + +To streamline the user creation process, follow the process below to create new users based on their persona. + +This process eliminates the need for back and forth and simplifies the new user onboarding. Basically, the Ops team will pre-create the user, login the first time, set the roles and also configure the account so the enduser performs a single step of reset password to gain access. + +## Create and Configure User - jenkins admin access needed + +1. Login to AWS console using your personal Ops team account. Access account: 361684190412 and set region to United States (Oregon). +2. Access AWS Cognito / User Pools - you should see the existing user pool: "notes-user-pool" Click on notes-user-pool, then click on Users on left menu. +3. Click "Create user" button: use any value for the password but write it down since you will need it in the next step. +4. ![](attachments/708224408/708224302.png) +5. Note down the new user id. You may need to do a search using the email address to get this. +6. Access Jenkins using the new user + 1. [https://saas-ops.itsma-ng.net/](https://saas-ops.itsma-ng.net/) + 2. Make sure you are logged out of your own account. + 3. Login with the new user account using the password you pre-set. + 4. You will be forced to set a new password. This one is not important, because we will tell the new user to reset their password on first access. + 5. Will get Access Denied message in the screen - at this point, the user has been created in Jenkins and will allow us to setup their profile in the following steps. + 6. Logout of new user account. +7. Login to jenkins with your admin account + 1. From Jenkins main Dashboard, use the global search at the top to find the new user id like: 333a6473-6b8a-4b16-bbcb-4bd8512e158e + 2. Click Configure menu item on left - **NOTE**: you must have jenkins Administrator role. If not, contact one of the team who has the admin role. + 3. Set the user Full Name - change it from the id to the first/last name of the user + 4. Set the appropriate roles depending if this is a Ops or CPE team member (see section below). +8. Tell the user to access Jenkins URL and have them use the Forgot Password option + +## Role Assignment in Jenkins + +Ops team should set the role based on the user persona - Ops Admin OR CPE Team member. + +1. Login to Jenkins with your Admin user account +2. Click on Manage Jenkins in left menu +3. Scroll down to Security section and click on Manage and Assign Roles +4. Click on Assign Roles in left menu. +5. There are 2 sections and you need to add the user in both: Global roles + Item roles +6. At the bottom of each list, click the Add User button +7. Use the cognito user id like: 333a6473-6b8a-4b16-bbcb-4bd8512e158e +8. ![](attachments/708224408/708224395.png) +9. ![](attachments/708224408/708224406.png) +10. After you add to both lists, make sure to press the Save button + +**Related pages** + +- Page: + [ESM Cloud Farm Version Tracking](/display/ICSD/ESM+Cloud+Farm+Version+Tracking) +- Page: + [How to get an Opentext Confluence account](/display/ICSD/How+to+get+an+Opentext+Confluence+account) +- Page: + [ITOM APM AppPluse Cloud Farm Information](/display/ICSD/ITOM+APM+AppPluse+Cloud+Farm+Information) +- Page: + [ITOM Cloud Service Ops Doc Management Process](/display/ICSD/ITOM+Cloud+Service+Ops+Doc+Management+Process) +- Page: + [ITOM ESM Cloud Service Catalog](/display/ICSD/ITOM+ESM+Cloud+Service+Catalog) +- Page: + [ITOM OpsB NOM Cloud Service Catalog](/display/ICSD/ITOM+OpsB+NOM+Cloud+Service+Catalog) +- Page: + [OpsB and NOM Cloud Deployments Version Tracking](/display/ICSD/OpsB+and+NOM+Cloud+Deployments+Version+Tracking) diff --git a/knowledgebase/csd-wiki/ICSD/AWS-Infrastructure-Naming-Rules_688988195.md b/knowledgebase/csd-wiki/ICSD/AWS-Infrastructure-Naming-Rules_688988195.md new file mode 100644 index 00000000..24c9bae0 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/AWS-Infrastructure-Naming-Rules_688988195.md @@ -0,0 +1,68 @@ +# AWS-Infrastructure-Naming-Rules_688988195 +**EC2 Instance** + +- eu8-prod-smax-worker +- eu8-prod-cms-worker +- eu8-prod-cms-probe-windows +- eu8-prod-oo-worker +- eu8-prod-monitor-worker +- eu8-prod-logging-worker +- eu8-prod-logging-logstash-linux +- eu8-prod-bastion-server-linux +- eu8-prod-bastion-server-windows +- eu8-prod-vertica-node-linux +- eu8-prod-vertica-mc-linux +- eu8-prod-opb-agent-server-windows +- eu8-prod-sm-server-windows +- eu8-prod-idol-server-windows +- eu8-prod-jenkins-server-linux + +**RDS** + +**EFS** + +- us1-prod-smax-efs +- us1-prod-cms-efs +- us1-prod-oo-efs +- us2-dev-smax-efs +- us2-dev-oo-efs + +**Subnets** + +- us24-prod-public-subnet-1 +- us24-prod-public-subnet-2 +- us24-prod-public-subnet-3 +- us24-prod-private-subnet-1 +- us24-prod-private-subnet-2 +- us24-prod-private-subnet-3 +- us24-prod-database-subnet-1 +- us24-prod-database-subnet-2 + +**SecurityGroup**: + +- us24-prod-bastion-securitygroup + +**Backup Plan** + +- - us1-prod-aws-backup-plan + - us2-prod-aws-backup-plan + - jp12-stg-aws-backup-plan + +Backup Rules + +- - us1-prod-6h-backup-rule + - us2-prod-6h-backup-rule + +**Resource Assignment** + +**S3 bucket for Vertica** + +- us2-prod-vertica-data + +**S3 bucket for Velero** + +**AWS CloudWatch Naming Rules** + +Monitoring SMAX Tenant + +Carnaries diff --git a/knowledgebase/csd-wiki/ICSD/AWS-RDS-certificate-update--Helm-Fedramp-simulation-ENV_688983269.md b/knowledgebase/csd-wiki/ICSD/AWS-RDS-certificate-update--Helm-Fedramp-simulation-ENV_688983269.md new file mode 100644 index 00000000..13a57c20 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/AWS-RDS-certificate-update--Helm-Fedramp-simulation-ENV_688983269.md @@ -0,0 +1,2 @@ +# AWS-RDS-certificate-update--Helm-Fedramp-simulation-ENV_688983269 +

Tasks

Products

Steps

Duration

Downtime

Prepare:

Certificate File Preparation

Download the new AWS RDS certificate bundle PEM file

Download the new AWS RDS certificate bundles for specific AWS region from the Certificate bundles for specific AWS Regions.

For region of us-gov-west-1, download the below certificate:

Upload the certificate bundle to the bastion.

Prepare:

Update certificate configuration in application side

OMT

1. Acquire database info before running the script:

You may get the db user, db name and PASSWORD_KEY values from database configmap with below commands:

kubectl get cm default-database-configmap -n -o yaml

The result is like:

DEFAULT_DB_CDFIDM_PASSWORD_KEY: defaultdb_cdfidm_user_password

DEFAULT_DB_CDFIDM_USERNAME: cdfidm

DEFAULT_DB_HOST: xxxxxyyyyy.us-west-2.rds.amazonaws.com

DEFAULT_DB_NAME: itom-cdf-idm

2. Get the cdfidm db password:

kubectl get pod -n $CDF_NAMESPACE | grep "itom-idm" | head -1 | awk '{print $1}'

kubectl exec -it -n $CDF_NAMESPACE -c idm -- get_secret

For example:

kubectl exec -it $(kubectl get pod -n $CDF_NAMESPACE | grep "itom-idm" | head -1 | awk '{print $1}') -n $CDF_NAMESPACE -c idm -- get_secret defaultdb_cdfidm_user_password

Note: Record the database info and password, they will be used in execute command

https://docs.microfocus.com/doc/SMAX/24.2/ModifyExternalDBConfig

SMAX & HCMX

  1. [Optional] If you don't remember the path of your custom my-values.yaml file, run the following command to get your yaml file.
    helm get values -n >
  2. Confirm if tlsEnabled is set to true and replace the caCertificates under "database" with the new PEM content directly or base64 all the content (e.g cat | base 64)
    Example:
    global:
    database:
    tlsEnabled: true
    tlsMode: verify-full # or use verify-ca
    ......
    database:
    caCertificates:
    pg_ca.crt: or PEM

    Note:

    If you are using base64 encoded content, make sure the encoded content is formatted in one line, as below: If you are not using base64 encoded content, please refer to below format:
  4. Run the command to check if job exist in ENV. It should return nothing. If job exist, make sure it's in Completed status and delete it.
    kubectl get job -n |grep -v NAME | awk '{print $1}'
    Run below command to get the pod status - if they are "Completed", it means the jobs are done and you may delete the jobs with 'delete job' command:
    kubectl get pods -n |grep job
    If above pods are all completed status, delete related jobs:
    kubectl delete job -n

NOTE: The yaml file with new pem content replaced will be used in RDS certificate replacement.Reference: https://staging.docs.microfocus.com/doc/SMAX/Main/ChangeCertForPostgreSQL

https://docs.microfocus.com/doc/SMAX/24.2/ModifyExternalDBConfig

CMS

  1. Get the CMS values.yaml from current running deployment by running below command

helm get values -n > values.yaml

2. Replace the content of caCertificates.postgresql.crt in values.yaml with the content of AWS RDS certificate bundle got at above step.

Note:every line of certificate content starts with 4 indentations in values.yaml, for example:

Audit

  1. Get the Audit values.yaml

helm get values -n > values.yaml

2. Replace the content of caCertificates.RE_ca_dbcrt in values.yaml with the content of AWS RDS certificate bundle got at above step.

Note: every line of certificate content starts with 4 indentations in values.yaml, for example:

Execute certificate update in application side

Note: There is no dependency on each application.

OMT

Navigate to the $CDF_HOME/bin directory, run the updateExternalDbInfo.sh script with below parameters:

./updateExternalDbInfo.sh -H -p -d -u --dbpassword --component itom-idm --cacert

For example:

./updateExternalDbInfo.sh -H xxxxyyyy.us-west-2.rds.amazonaws.com -p 5432 -d cdfidmdb -u cdfidm --dbpassword --component itom-idm --cacert /home/ssm-user/us-gov-west-1-bundle.pem

Reference: https://docs.microfocus.com/doc/OMT/24.2/ModifyExternalDatabaseConfiguration

1min

0

SMAX & HCMX

  1. Run the following commands to apply DB setting change. The yaml file is the one with new pem content replaced in preparation steps.
    helm upgrade -n -f my-values.yaml
    For example:
    helm upgrade itsma ESM_Helm_Chart-2x.x/charts/esm-1.0.0+2x.x-xxx.tgz -n itsma-xxyy -f values.yaml

  2. Run the following command to make sure that all SMAX pods are ready before next step.
    kubectl get pod -n < ESM_NAMESPACE > |grep -v 1/1|grep -v 2/2|grep -v 3/3|grep -v 4/4|grep -v Completed

  3. Restart the suite (Another option is to do the restart later via one command along with other products)
    $CDF_HOME/bin/cdfctl runlevel set -l DOWN -n
    Wait till all pods are down, then run below command to bring the application up
    $CDF_HOME/bin/cdfctl runlevel set -l UP -n

4mins

0

CMS

  1. Update the deployment by running helm upgrade command. The yaml file is the one with new pem content replaced in preparation steps.
    helm upgrade -n -f values.yaml
  2. Restart CMS (Another option is to do the restart later via one command along with other products)
    $CDF_HOME/bin/cdfctl runlevel set -l DOWN -n
    wait till all pods are shut down
    $CDF_HOME/bin/cdfctl runlevel set -l UP -n

NOTE: You may do this in parallel with SMAX restart

1min

0

Audit

  1. Update the deployment by running helm upgrade command. The yaml file is the one with new pem content replaced in preparation steps.
    helm upgrade -n -f values.yaml
  2. Restart Audit (Another option is to do the restart later via one command along with other products)

$CDF_HOME/bin/cdfctl runlevel set -l DOWN -n
wait till all pods are shut down
$CDF_HOME/bin/cdfctl runlevel set -l UP -n

NOTE: You may do this in parallel with SMAX restart

1min

0

Restart pods (Alternative)

You may also do the helm upgrade for all products in parallel without restarting.

Then do the restart against all products whose RDS certificates were changed

For example:

$CDF_HOME/bin/cdfctl runlevel set -l DOWN -n ,,,
wait till all pods are shut down and start the pods
$CDF_HOME/bin/cdfctl runlevel set -l UP -n ,,,

14mins

14mins

Monitor the restart till all pods are started

kubectl get pod -n < ESM_NAMESPACE > |grep -v 1/1|grep -v 2/2|grep -v 3/3|grep -v 4/4|grep -v Completed

Update the certificates of AWS RDS DB instances.

Update the certificate on AWS RDS DB instances.

1.Login AWS console, go to the RDS instances that you want to update the certificates.

2.Select the RDS instance, click modify button

3.Change the Certificate authority.

If your primary certificate CA is rds-ca-2019, it's recommended to select the rds-ca-rsa4096-g1 CA as new value

4.Save the change and select immediate effect.

5.Repeat the steps for all your RDS instances

2mins

0

diff --git a/knowledgebase/csd-wiki/ICSD/AWS-RDS-certificate-update--Helm-Simulation-env_686088156.md b/knowledgebase/csd-wiki/ICSD/AWS-RDS-certificate-update--Helm-Simulation-env_686088156.md new file mode 100644 index 00000000..6b23fe5b --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/AWS-RDS-certificate-update--Helm-Simulation-env_686088156.md @@ -0,0 +1,9 @@ +# AWS-RDS-certificate-update--Helm-Simulation-env_686088156 +
TasksProductsDurationSteps

Preparation

Download the new AWS RDS certificate bundle PEM file5 mins

Download the new AWS RDS certificate bundles for specific AWS region from the Certificate bundles for specific AWS Regions.

for example, for region of us-west-2, download the below certificate:

Upload the certificate bundle to the bastion.

Note

  1. There is no dependency on below operations for each product. You may prepare the yaml files (this can be done before the maintain window) and run the steps in parallel to reduce the ESM level downtime.
  2. During the restart the applications (OMT/Suite/CMS/OO/Audit) are not able to access, which is considered as the downtime of this whole process.
OMT5 mins

1. Acquire database info before running the script:

Note: Above are OOB values, if you are not using OOB values, you may get the values with below commands:

kubectl get cm default-database-configmap -n -o yaml

The result is like:

DEFAULT_DB_CDFIDM_PASSWORD_KEY: defaultdb_cdfidm_user_password
DEFAULT_DB_CDFIDM_USERNAME: cdfidm
DEFAULT_DB_HOST:xxxxxyyyyy.us-west-2.rds.amazonaws.com
DEFAULT_DB_NAME: cdfidmdb

You may find the db user, db name and PASSWORD_KEY value from database configmap.

2. Get the cmfidm db password.
kubectl get pod -n $CDF_NAMESPACE | grep "itom-idm" | head -1 | awk '{print $1}'
kubectl exec -n $CDF_NAMESPACE -c idm -- get_secret

For example:
kubectl exec $(kubectl get pod -n $CDF_NAMESPACE | grep "itom-idm" | head -1 | awk '{print $1}') -n $CDF_NAMESPACE -c idm -- get_secret defaultdb_cdfidm_user_password

Take the note of your which you will be using in OMT certificate replacement.

Reference: https://docs.microfocus.com/doc/OMT/24.2/ModifyExternalDatabaseConfiguration

SMAX & HCMX10 mins

  1. [Optional] If you don't remember the path of your custom my-values.yaml file, run the following command to get your yaml file.

    helm get values -n > my-values.yaml

  2. Confirm if tlsEnabled is set to true and replace the caCertificates under "database" with the new PEM content directly or base64 all the content (e.g cat | base 64).

    Example:

    global:
+  database:
+    tlsEnabled: true
+    tlsMode: verify-full    # or use verify-ca
+... ...
+database:
+  caCertificates: 
+    pg_ca.crt:  or PEM

    Note:

    If you are using base64 encoded content, make sure the encoded content is formatted in one line, as below:If you are not using base64 encoded content, please refer to below format:

  3. Run the command to check if job exist in ENV. It should return nothing. If job exist, make sure it's in Completed status and delete it.
    kubectl get job -n |grep -v NAME | awk '{print $1}'
    Run below command to get the pod status - if they are "Completed", it means the jobs are done and you may delete the jobs with 'delete job' command:
    kubectl get pods -n |grep job
    If above pods are all completed status, delete related jobs:
    kubectl delete job -n

NOTE: The yaml file with new pem content replaced will be used in RDS certificate replacement.

Reference: https://staging.docs.microfocus.com/doc/SMAX/Main/ChangeCertForPostgreSQL

CMS5 mins

1.Get the CMS values.yaml from current running deployment by running below command

helm get values -n >values.yaml

2.Replace the content of caCertificates.postgresql.crt in values.yaml with the content of AWS RDS certificate bundle got at above step.

Note: every line of certificate content starts with 4 indentation in values.yaml

OO5 mins

1.Get the OO values.yaml

helm get values -n > values.yaml

2.Replace the content of caCertificates.postgresql.crt in values.yaml with the content of AWS RDS certificate bundle got at above step.

Note: every line of certificate content starts with 4 indentation in values.yaml

Audit5 mins
  1. Get the Audit values.yaml
    helm get values -n > values.yaml
  2. Replace the content of caCertificates.RE_ca_dbcrt in values.yaml with the content of AWS RDS certificate bundle got at above step.

    Note: every line of certificate content starts with 4 indentation in values.yaml

Maintain Window

Update the certificate in application side

OMT5 mins

Navigate to the $CDF_HOME/bin directory, run the updateExternalDbInfo.sh script with below parameters:

NOTE: you may find the DB parameters in preparation steps.

./updateExternalDbInfo.sh -H -p -d -u --dbpassword --component itom-idm --cacert
For example:
./updateExternalDbInfo.sh -H xxxxyyyy.us-west-2.rds.amazonaws.com -p 5432 -d cdfidmdb -u cdfidm --dbpassword --component itom-idm --cacert /home/centos/ us-west-2-bundle.pem

SMAX/HCMX

30 mins

  1. Run the following commands to apply DB setting change. The yaml file is the one with new pem content replaced in preparation steps.
    helm upgrade -n -f my-values.yaml
    For example:
    helm upgrade itsma ESM_Helm_Chart-2x.x/charts/esm-1.0.0+2x.x-xxx.tgz -n itsma-xxyy -f values.yaml

  2. Run the following command to make sure that all SMAX pods are ready before next step.
    kubectl get pod -n < ESM_NAMESPACE > |grep -v 1/1|grep -v 2/2|grep -v 3/3|grep -v 4/4|grep -v Completed

  3. Restart the suite
    $CDF_HOME/bin/cdfctl runlevel set -l DOWN -n
    Wait till all pods are down, then run below command to bring the application up
    $CDF_HOME/bin/cdfctl runlevel set -l UP -n

CMS

20 mins

1. Update the deployment by running helm upgrade command. The yaml file is the one with new pem content replaced in preparation steps.

helm upgrade -n -f values.yaml

2. Restart CMS

$CDF_HOME/bin/cdfctl runlevel set -l DOWN -n

wait till all pods are shut down

$CDF_HOME/bin/cdfctl runlevel set -l UP -n

3. Monitor pod status:

kubectl get pod -n NAMESPACE > |grep -v 1/1|grep -v 2/2|grep -v 3/3|grep -v 4/4|grep -v Completed

NOTE: You may do this in parallel with SMAX restart

OO20 mins

1.Update the deployment by running helm upgrade command. The yaml file is the one with new pem content replaced in preparation steps.

helm upgrade -n -f values.yaml

2. Restart OO

$CDF_HOME/bin/cdfctl runlevel set -l DOWN -n
wait till all pods are shut down
$CDF_HOME/bin/cdfctl runlevel set -l UP -n

3. Monitor pod status:

kubectl get pod -n NAMESPACE > |grep -v 1/1|grep -v 2/2|grep -v 3/3|grep -v 4/4|grep -v Completed

NOTE: You may do this in parallel with SMAX restart

Audit5 mins
  1. Update the deployment by running helm upgrade command. The yaml file is the one with new pem content replaced in preparation steps.
    helm upgrade -n -f values.yaml
  2. Restart Audit

$CDF_HOME/bin/cdfctl runlevel set -l DOWN -n
wait till all pods are shut down
$CDF_HOME/bin/cdfctl runlevel set -l UP -n

3. Monitor pod status:

kubectl get pod -n NAMESPACE > |grep -v 1/1|grep -v 2/2|grep -v 3/3|grep -v 4/4|grep -v Completed

NOTE: You may do this in parallel with SMAX restart

Update the certificates of AWS RDS DB instances.

Update the certificate on AWS RDS DB instances.10 mins

1.Login AWS console, go to the RDS instances that you want to update the certificates.

2.Select the RDS instance, click modify button

3.Change the Certificate authority.

If your primary certificate CA is rds-ca-2019, it's recommended to select the rds-ca-rsa2048-g1 CA as new value

4.Save the change, and select immediate effect.

Repeat the steps for all your RDS instances

diff --git a/knowledgebase/csd-wiki/ICSD/AWS-account-migrate-to-new-SCP-OU-hierarchy-tracking_691155056.md b/knowledgebase/csd-wiki/ICSD/AWS-account-migrate-to-new-SCP-OU-hierarchy-tracking_691155056.md new file mode 100644 index 00000000..a27b000f --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/AWS-account-migrate-to-new-SCP-OU-hierarchy-tracking_691155056.md @@ -0,0 +1,36 @@ +# AWS-account-migrate-to-new-SCP-OU-hierarchy-tracking_691155056 +Note: The change is totally executed by SRE team and CSD team is responsible only for validation after the change is done + +| **AWS account #** | **AWS account name** | **Planned Date** | **Execution Date** | **Executed By** | | +| --- | --- | --- | --- | --- | --- | +| 877314495298 | itom-dcasaasdev-ext-stg | Loganathan G | No customer, already applied | +| 756681444987 | itom-dca2-ext-stg | **Feb 16 th** | **Mar 2 nd** | Loganathan G | | +| 824517076529 | itom-aviator0-ext-stg | **Feb 16 th** | **Mar 2 nd** | Saisumanth Kanumuri | | +| 551360491749 | itom-esm0-ext-stg | **Feb 16 th** | **Mar 2 nd** | Mahendra Reddy K | | +| 685481450608 | itom-esm1-ext-stg | **Feb 16 th** | **Mar 2 nd** | Loganathan G | No customer, backup account | +| 945679946888 | itom-esm2-ext-stg | **Feb 16 th** | **Mar 2 nd** | Bhargava Lekkala | | +| 752576076998 | itom-dca2-ext-prod | **Feb 23 th** | **Mar 16 th** | Rejoy MR | | +| 521526956341 | itom-aviator0-ext-prod | **Feb 23 th** | **Mar 16 th** | Vinod Kumar Keshava Rao | | +| 361684190412 | itom-esm0-ext-trial | **Feb 23 th** | **Mar 16 th** | Pradeep Acharya | | +| 609729173090 | itom-esm0-ext-prod | **Mar 16 th** | **Apr 6 th** | Vinod Kumar Keshava Rao | Internal customer | +| 439259180524 | itom-esm3-ext-prod | **Mar 16 th** | **Apr 6 th** | Rajaram H K | External customers | +| 616654404631 | itom-esm1-ext-prod | **Apr 6 th** | **Apr 27 th** | Anant Panchal | Key External customers | +| 772889804459 | itom-esm2-ext-prod | **Apr 6 th** | **Apr 27 th** | Anant Panchal | Key External customers | +| 402637475238 | itom-esm4-ext-prod | **Apr 6 th** | **Apr 27 th** | Loganathan G | EU managed customers | + +**Related pages** + +- Page: + [ESM Cloud Farm Version Tracking](/display/ICSD/ESM+Cloud+Farm+Version+Tracking) +- Page: + [How to get an Opentext Confluence account](/display/ICSD/How+to+get+an+Opentext+Confluence+account) +- Page: + [ITOM APM AppPluse Cloud Farm Information](/display/ICSD/ITOM+APM+AppPluse+Cloud+Farm+Information) +- Page: + [ITOM Cloud Service Ops Doc Management Process](/display/ICSD/ITOM+Cloud+Service+Ops+Doc+Management+Process) +- Page: + [ITOM ESM Cloud Service Catalog](/display/ICSD/ITOM+ESM+Cloud+Service+Catalog) +- Page: + [ITOM OpsB NOM Cloud Service Catalog](/display/ICSD/ITOM+OpsB+NOM+Cloud+Service+Catalog) +- Page: + [OpsB and NOM Cloud Deployments Version Tracking](/display/ICSD/OpsB+and+NOM+Cloud+Deployments+Version+Tracking) diff --git a/knowledgebase/csd-wiki/ICSD/Add-OAuth-Authentication---Ops-Only_686065206.md b/knowledgebase/csd-wiki/ICSD/Add-OAuth-Authentication---Ops-Only_686065206.md new file mode 100644 index 00000000..db956361 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/Add-OAuth-Authentication---Ops-Only_686065206.md @@ -0,0 +1,134 @@ +# Add-OAuth-Authentication---Ops-Only_686065206 +## Introduction + +OAuth is an open protocol to allow secure authorization. Setting up the OAuth authentication enables the suite to verify the identity of users and access users' private resources in the identity provider such as OpenID Connect. Users don't need to share their credentials. + +OAuth users can access the tenant after the configurations are completed. The user profile is synced to Suite Administration after the user logs in to the tenant for the first time. + +**Limitations:** + +OAuth user can't be used for the following integration use cases: + +- Publishing Operations Orchestration (OO) flows from OO Designer to OO Central +- SMAX and Design and Deploy (DND) integration +- DND and OO integration via DND integration user + +## Collect required info from customer + +Before setting up OAuth authentication, collect the following information from the customer: + +| Field | Description | +| --- | --- | +| Client ID | The value of the Client ID that you get from the OpenID identity provider. | +| Client Secret | The value of the Client Secret that you get from the OpenID identity provider. | +| HTTP Method | The HTTP method of getting a user's information from the endpoint. The supported values are "GET" and "POST". **Caution:** By selecting The GET option, you are disabling or bypassing security features, thereby exposing the system to increased security risks. By using this option, you understand and agree to assume all associated risks and hold OpenText harmless for the same. | +| IDP URL | The endpoint or URL path provided by the OpenID Identity Provider. If **User Info Endpoint**, **Token Endpoint**, **Authentication Endpoint**, and **Logout Endpoint** are defined as relative paths, the IDP URL will be used as the base URL to construct the endpoint URLs. | +| Username Attribute | The attribute to define a username. | +| User Info Endpoint | An OAuth 2.0 Protected Resource that returns Claims about the authenticated end user. For example, **/userinfo**. | +| Token Endpoint | The token endpoint of the OpenID identity provider. The Token Endpoint is used to obtain a Token Response. For example, **/token**. | +| Authentication Endpoint | The Authorization Endpoint performs authentication of an end user. This is done by sending the user agent to the authorization server's endpoint for authentication and authorization, using request parameters defined by OAuth 2.0 and additional parameters and parameter values defined by OpenID Connect. For example, **/authorize**. | +| Logout Endpoint | The token endpoint where you can end a session. | +| Proxy | The corporate proxy used to connect IdM pods to the OAuth authentication server. | + +Besides the above information, customer also needs to provide the claim attribute names for the following user attributes. + +| Setting | Required | Description | +| --- | --- | --- | +| First Name | Yes | First name of the user. | +| Family Name | Yes | Family name of the user. | +| Middle Name | No | Middle name of the user. | +| Office Phone Number | No | Office phone number of the user. | +| Home Phone Number | No | Home phone number of the user. | +| Mobile Phone Number | No | Mobile phone number of the user. | +| Zip Code | No | Zip code of the user. | +| Language | No | Language of the user. | +| Customer UID | No | Unique ID. | +| Location | No | Location of the user. | + +## Configure proxy + +Before adding an OAuth authentication, check if your network is working. + +To check if the endpoint is accessible in container: + +1. Go to the container by running this command: kubectl exec -ti -n -c idm -- bash +2. Run a curl command to check if the token or userinfo is returned. + +For example, for keycloak: curl -k https://:/auth/realms//protocol/openid-connect/userinfo + +A sample successful connection looks like below: {"error":"invalid\_request","error\_description":"Token not provided"} + +A failed connection looks like below: curl: (7) Failed to connect to : Connection refused + +If the connection fails, add your company's proxy settings to the deployment: + +1. Log in to a bastion node as root or a sudo user, and run the following command to update the IdM deployment: + `kubectl edit deployment idm -n  ` +2. Press i and add the following to the env section: + `- name: HTTPS_PROXY   value: - name: HTTP_PROXY   value: ` +3. Press:wq to save the file and quit. Wait until the idm pod is running. You can run the following command to check the idm pod status: + `kubectl get pods -n | grep idm` + +To add the OAuth authentication, create a configuration for OAuth, and then create a configuration group for the OAuth configuration. + +### Create an OAuth configuration + +To create an OAuth configuration, follow these steps: + +1. In Suite Administration, click the **IdM settings** tab in the tenant detail page. The system opens the **Authentication** page for the corresponding organization in the IdM Admin Portal of the suite. +2. From the **CONFIGURATIONS** section, click to add one authentication. +3. Select **OAUTH** as the authentication type from the drop-down list, and then click **CREATE**. +4. Enter the related OAuth configuration settings. You can get the information from your OpenID identity provider. See OMT doc [Set up OAuth 2.0 authentication - OPTIC Management Toolkit (microfocus.com)](https://staging.docs.microfocus.com/doc/OMT/Main/SetUpOAuth) for more information. +
FieldRequiredDescription
Display NameYesThe display name of this configuration.
Shared in same familyNoShare the authentication settings within the same family. The supported values are "false" and "true''. See OMT doc.
Client IDYesThe value of Client ID that you get from the OpenID identity provider.
Client SecretYesThe value of Client Secret that you get from the OpenID identity provider.
HTTP MethodYesThe HTTP method of getting a user's information from the endpoint. The supported values are "GET" and "POST".
Caution: By selecting The GET option, you are disabling or bypassing security features, thereby exposing the system to increased security risks. By using this option, you understand and agree to assume all associated risks and hold OpenText harmless for the same.
IDP URLYesThe endpoint or URL path provided by the OpenID Identity Provider. The URL set for "Redirect URL" will be directed to the IDP URL.
Redirect URIYesThe value of redirect URI of the IDM URL for login. See OMT doc.
ScopeYesThe value of scope. For example, "openid email". See OMT doc.
State SupportedNoWhether support the State Supported feature. The supported values are "false" and "true''. See OMT doc.
Username AttributeYesThe attribute to define a username.
User Info EndpointNoAn OAuth 2.0 Protected Resource that returns Claims about the authenticated end user. For example, /userinfo.
Token EndpointYesThe token endpoint of the OpenID identity provider. The Token Endpoint is used to obtain a Token Response. For example, /token.
Authentication EndpointYesThe Authorization Endpoint performs authentication of an end user. This is done by sending the user agent to the authorization server's endpoint for authentication and authorization, using request parameters defined by OAuth 2.0 and additional parameters and parameter values defined by OpenID Connect. For example, /authorize.
Logout EndpointNoThe token endpoint where you can end a session.
Additional ParameterNoThe additional parameter for authentication. See OMT doc.
+5. Click **SAVE**. + +### Create a configuration group for OAuth + +To create a configuration group for OAuth, follow these steps: + +1. After you create an OAuth configuration, from the **CONFIGURATION GROUPS** section, click to add an authentication group. +2. In the **Name** field, enter **oauth**. +3. In the **Display Name** field, enter a display name for the authentication group. +4. In **Authentication Group Type**, select the authentication group type (or types). + If you select **WEB Default**, IdM will use this authentication group by default when a user logs in through the UI. Changing the authentication method for UI logins using this option won't sync with Suite Administration. To effect this change, use the **default login type** field on the tenant's General tab within Suite Administration. + Don't select the **API Default** option. +5. In the **Configurations** field, select the OAuth authentication configuration that you just created. You can add only one OAuth authentication configuration to the OAuth configuration group. +6. Click **SAVE**. + +### Example: configure OAuth authentication with Google accounts + +To enable OAuth-based Google Sign-In on a SMAX tenant: + +1. Log in to Suite Administration, go to **Tenants**, and select the tenant that you want to enable OAuth-based Google Sign-In. +2. Click the **IdM settings** tab in the tenant detail page, from the **CONFIGURATIONS** section, click to add one authentication. +3. Select **OAUTH** as the authentication type, and then click **CREATE**. +4. Enter the following OAuth configuration settings. +
FieldDescription
Display NameThe display name of this configuration.
Client IDThe value of Client ID that you get from step 5 above.
Client SecretThe value of Client Secret that you get from step 5 above.
IDP URLhttps://accounts.google.com
Scopeopenid profile email
User Info Endpointhttps://openidconnect.googleapis.com/v1/userinfo
Token Endpointhttps://oauth2.googleapis.com/token
Authorization Endpointhttps://accounts.google.com/o/oauth2/v2/auth
Logout Endpointhttps://accounts.google.com/Logout
Additional ParameterThe additional parameter for authentication.
+5. Click **SAVE**. + +### Example: configure OAuth authentication with Azure accounts + +1. Go to IdM admin portal. +2. Click **Authentication** and click **Add**. In the dialog box that appears, select **OAUTH** and click **Create**.![](attachments/686065206/686065196.png) + +After clicking **Create**, the following page will appear. + +![](attachments/686065206/686065199.png) + +**Check the information provided by the customer at the top of this page and use those info when configuring the fields here.** + +- **Client Id**: the application (client) ID. +- **Client secret**: the secret value. +- **Http Method**: Use the info provided by the customer +- **Idp URIs**: choose any endpoint URL in step 1.5, fragment the url and end with **"/v2.0"**. + Example: endpoint url: [https://login.microsoftonline.com/856b813c-16e5-49a5-85ec-6f081e13b527/oauth2/v2.0/authorize](https://login.microsoftonline.com/856b813c-16e5-49a5-85ec-6f081e13b527/oauth2/v2.0/authorize) + fragment: [https://login.microsoftonline.com/856b813c-16e5-49a5-85ec-6f081e13b527/oauth2/v2.0](https://login.microsoftonline.com/856b813c-16e5-49a5-85ec-6f081e13b527/oauth2/v2.0/authorize) +- **Username Attribute:** Use the info provided by the customer +- **Userinfo Endpoint**: [https://graph.microsoft.com/oidc/userinfo](https://graph.microsoft.com/oidc/userinfo) (in Azure, the userinfo endpoint is special, the way to get the URL will be introduced in the following document.) +- **Token Endpoint**: [/token](https://oauth2.googleapis.com/token) +- **Authentication Endpoint**: [/](https://oauth2.googleapis.com/token) authorize +- **Logout Endpoint**: Suggested: /logout. If you want to redirect to another place, you can attach the URL at the end, such as: /logout?post\_logout\_redirect\_uri= [https://://](https://sgdlitvm0172.hpeswlab.net:8888/idm-admin/) (**the URL structure should be corresponding with the vendor's reguirements, some vendor may not following the standardized protocol, please refer to the offical documents**) + +#### Related topic + +Microsoft identity platform and OpenID Connect protocol \[[https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-protocols-oidc#send-a-sign-out-request](https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-protocols-oidc#send-a-sign-out-request)\] diff --git a/knowledgebase/csd-wiki/ICSD/Alert-Runbooks-based-on-monitoring_686083866.md b/knowledgebase/csd-wiki/ICSD/Alert-Runbooks-based-on-monitoring_686083866.md new file mode 100644 index 00000000..5cb023a4 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/Alert-Runbooks-based-on-monitoring_686083866.md @@ -0,0 +1,884 @@ +# Alert-Runbooks-based-on-monitoring_686083866 +## Alerts, Description and Actions + +Alerts comes with monitoring and experience. + +Here is a reference list of items to be sent as alerts. [A grafana monitoring dashboards](https://github.houston.softwaregrp.net/smax-saas-ops/ESM-Saas-Monitoring) are developed based on below list. + +### Alert Runbook: \[ S0 - Urgent \] \[ farm-name \] ALB HTTP 5XX Count alert + +**Alert Description:** This alert is triggered when there are more than 34 5xx errors triggered on frontend in 3mins. Multiple end user may experience a production issue on their side. + +**Alert Severity:** S0 - Urgent + +**Alert Trigger Conditions:** + +- Metric: ALB HTTP 5XX Count +- Threshold: 34 +- Duration: 3 minutes + +**Actions:** + +1. Check whether there is any other time-correlated alerts reporting. + +### Alert Runbook: \[ S3 - Warning \] \[ farm-name \] EBS Disk Queue Depth alert + +**Alert Description:** This alert is triggered when EBS disk queue depth more than 5 for more than 10 mins. The tasks on the storage is being queued. + +**Alert Severity:** S3 - Warning + +**Alert Trigger Conditions:** + +- Metric: EBS disk queue depth +- Threshold: 5 +- Duration: 10 minutes + +**Actions:** + +1. Check + 1. whether EBS is running out of credits via EBS burst balance dashboard (Same Dashboard in the infrastructure page). + 2. whether there is a big load against EBS storage. +2. Todo + 1. No action is required. Usually if it's node level issue, AWS autoscaling group will replace the node after a while. + +### Alert Runbook: \[ S2 - Error \] \[ farm-name \] EBS Burst Balance Average alert + +**Alert Description:** This alert is triggered when EBS burst balance below 40% for more than 30 mins. The load on EBS is high and the burst balance may not fulfill the request in the following quarter/hour. + +**Alert Severity:** S2 - Error + +**Alert Trigger Conditions:** + +- Metric: EBS burst balance +- Threshold: 40% +- Duration: 30 minutes + +**Actions:** + +1. Check + 1. keep monitoring whether EBS is running out of credits via EBS burst balance dashboard soon (Same Dashboard in the infrastructure page). + 2. whether there is a big load against EBS storage. +2. Todo + 1. Usually there is no action required, if the alert persists, then it's a critical issue. Please follow the todo when Burst Balance is 0. + +### Alert Runbook: \[ S0 - Urgent \] \[ farm-name \] EBS Burst Balance Average alert + +**Alert Description:** This alert is triggered when EBS burst balance EBS burst balance is 0. The tasks on the storage is being queued. Everything via EBS IO will be slowed down. + +**Alert Severity:** S0 - Urgent + +**Alert Trigger Conditions:** + +- Metric: EBS burst balance +- Threshold: 0 +- Duration: immediately + +**Actions:** + +1. Check + 1. whether EBS is running out of credits via EBS burst balance dashboard (Same Dashboard in the infrastructure page). + 2. whether there is a big load against EBS storage. +2. Todo + 1. Manually login to the system to check whether it's slowing down the system, if it has been slowed down dramatically, choose one of below options to fix + 1. Switch the EBS to GP3 with a specified IOPS (in general default 3000/12000 should be enough, if not you may enlarge it to 18000, need to switch back to 3000/12000 once the issue is fixed) + +### Alert Runbook: \[ S2 - Error \] \[ farm-name \] EFS Burst Credit Balance alert + +**Alert Description:** This alert is triggered when Burst credit below 40% for more than 30 mins. The tasks on the storage will be queued soon. + +**Alert Severity:** S2 - Error + +**Alert Trigger Conditions:** + +- Metric: EFS Burst Credit Balance +- Threshold: 40% +- Duration: 30 minutes + +**Actions:** + +1. Check + 1. whether EFS is running out of credits via EFS burst credit dashboard (Same Dashboard in the infrastructure page). + 2. whether there is a big load against EBS storage. +2. Todo + 1. Manually login to the system to check whether it's slowing down the system, if it has been slowed down dramatically, choose one of below options to fix + 1. Usually there is no action required, if the alert persists, then it's a critical issue. + +### Alert Runbook: \[ S0 - Urgent \] \[ farm-name \] EFS Burst Credit Balance alert + +**Alert Description:** This alert is triggered when EFS Burst credit is 0. The tasks on the storage is being queued. Everything via EFS IO will be slowed down. + +**Alert Severity:** S0 - Urgent + +**Alert Trigger Conditions:** + +- Metric: EFS Burst credit +- Threshold: 0 +- Duration: immdediatey + +**Actions:** + +1. Check + 1. whether EFS is running out of credits via EFS burst credit dashboard (Same Dashboard in the infrastructure page). + 2. whether there is a big load against EBS storage. +2. Todo + 1. Manually login to the system to check whether it's slowing down the system, if it has been slowed down dramatically, choose one of below options to fix + 1. Switch the EFS to throughput mode (for example: 60 - 100 MB/s, need to switch back once the issue is fixed) + +### Alert Runbook: \[ S2 - Error \] \[ farm-name \] RDS CPU Utilization alert + +**Alert Description:** This alert is triggered when RDS CPU more than 97% for more than 60 mins. The overall CPU usage is more than 97% for more than one hour. + +**Alert Severity:** S2 - Error + +**Alert Trigger Conditions:** + +- Metric: RDS CPU Utilization +- Threshold: 97% +- Duration: 60mins + +**Actions:** + +1. Check + 1. performance insight for top queries for anything taking more CPU +2. Todo + 1. Keep monitoring and check whether other metrics on Database is abnormal. + 2. Get top 10 query information. + +### Alert Runbook: \[ S2 - Error \] \[ farm-name \] RDS cpuUtilization System alert + +**Alert Description:** This alert is triggered when RDS sy: system >70% for more than 60 mins. The CPU is spending more time on system level processing instead of handling the business flow. + +**Alert Severity:** S2 - Error + +**Alert Trigger Conditions:** + +- Metric: RDS cpuUtilization System +- Threshold: 70% +- Duration: 60mins + +**Actions:** + +1. Check + 1. performance insight for top queries for anything taking more CPU +2. Todo + 1. Keep monitoring and check whether other metrics on Database is abnormal. + +### Alert Runbook: \[ S2 - Error \] \[ farm-name \] RDS CPU Soft Interrupts alert + +**Alert Description:** This alert is triggered when RDS si: soft interrupts > 15% for more than 60 mins. The CPU is spending more time on system level processing instead of handling the business flow. + +**Alert Severity:** S2 - Error + +**Alert Trigger Conditions:** + +- Metric: RDS CPU Soft Interrupts +- Threshold: 15% +- Duration: 60mins + +**Actions:** + +1. Check + 1. performance insight for top queries for anything taking more CPU +2. Todo + 1. Keep monitoring and check whether other metrics on Database is abnormal. + +### Alert Runbook: \[ S3 - Warning \] \[ farm-name \] RDS Disk queue depth alert + +**Alert Description:** This alert is triggered when RDS EBS disk queue depth more than 5 for more than 10 mins. The tasks on the storage is being queued. + +**Alert Severity:** S3 - Warning + +**Alert Trigger Conditions:** + +- Metric: RDS Disk queue depth +- Threshold: 5 +- Duration: 10mins + +**Actions:** + +1. Check + 1. whether EBS is running out of credits via EBS burst balance dashboard (Same Dashboard in the infrastructure page). + 2. whether there is a big load against EBS storage. + +### Alert Runbook: \[ S2 - Error \] \[ farm-name \] RDS Disk Free Storage Space alert + +**Alert Description:** This alert is triggered when RDS disk Free Storage Space is below 500 MB. The instance is running out of storage. + +**Alert Severity:** S2 - Error + +**Alert Trigger Conditions:** + +- Metric: RDS Disk Free Storage Space +- Threshold: 500 +- Duration: immdediatey + +**Actions:** + +1. Todo + a. Add more storage to EBS + b. Enable storage auto-scaling + +### Alert Runbook: RDS storage auto-scaling quota is not enough + +**Alert Description:** This alert is triggered when Storage don't has enough space to auto-scale, (Free Space + Max Autoscaling Storage - Allocated Storage) / Allocated Storage < 0.2. The instance is running out of storage. + +**Alert Severity:** S2 - Error + +**Alert Trigger Conditions:** + +- Metric: Free Space + Max Autoscaling Storage - Allocated Storage) / Allocated Storage +- Threshold: 0.2 +- Duration: TBD + +**Actions:** + +1. Todo + 1. Increase the max auto-scaling storage size. + +### Alert Runbook: \[ S2 - Error \] \[ farm-name \] RDS Free Memory Percentage alert + +**Alert Description:** This alert is triggered when RDS free memory less than 5% for more than 5 mins. The instance will running out of memory soon. + +**Alert Severity:** S2 - Error + +**Alert Trigger Conditions:** + +- Metric: RDS Free Memory Percentage +- Threshold: 5% +- Duration: 5mins + +**Actions:** + +1. Check + Login to AWS console → RDS → Monitoring to check whether swap usage is increasing +2. Todo + a. Keep monitoring + b. considering rolling restart current deployment, for example, gateway/platform/serviceportal + +### Alert Runbook: \[ S0 - Urgent \] \[ farm-name \] RDS Free Memory Percentage alert + +**Alert Description:** This alert is triggered when free memory less than 2% for more than 5 mins. The instance will running out of memory soon. + +**Alert Severity:** S0 - Urgent + +**Alert Trigger Conditions:** + +- Metric: RDS Free Memory Percentage +- Threshold: 2% +- Duration: 5mins + +**Actions:** + +1. Check + 1. Login to AWS console → RDS → Monitoring to check whether swap usage is increasing +2. Todo + 1. considering rolling restart current deployment, for example, gateway/platform/serviceportal + 2. If it's happening for 2-3 times a day and the swap usage is higher. Need to + 1. consider scaling up RDS. Usually double the memory size. + 2. Do DB tuning based on the query which is identified as memory consuming + +### Alert Runbook: \[ S2 - Error \] \[ farm-name \] RDS Burst Balance alert + +**Alert Description:** This alert is triggered when RDS Burst Balance below 40% for more than 30 mins. The load on EBS is high and the burst balance may not fulfill the request in the following quarter/hour. + +**Alert Severity:** S2 - Error + +**Alert Trigger Conditions:** + +- Metric: RDS Burst Balance +- Threshold: 40% +- Duration: 30mins + +**Actions:** + +1. Check + 1. keep monitoring whether EBS is running out of credits via EBS burst balance dashboard soon (Same Dashboard in the infrastructure page). + 2. whether there is a big load against EBS storage. +2. Todo + 1. Usually there is no action required, if the alert persists, then it's a critical issue. Please follow the todo when Burst Balance is 0. + +### Alert Runbook: \[ S0 - Urgent \] \[ farm-name \] RDS Burst Balance alert + +**Alert Description:** This alert is triggered when RDS Burst Balance is 0. The tasks on the storage is being queued. Everything via EBS IO will be slowed down. + +**Alert Severity:** S0 - Urgent + +**Alert Trigger Conditions:** + +- Metric:RDS Burst credit +- Threshold: 0 +- Duration: immediately + +**Actions:** + +1. Check + 1. whether EBS is running out of credits via EBS burst balance dashboard (Same Dashboard in the infrastructure page). + 2. whether there is a big load against EBS storage. +2. Todo + 1. Manually login to the system to check whether it's slowing down the system, if it has been slowed down dramatically, choose one of below options to fix + 1. Switch the EBS to GP3 with a specified IOPS (in general default 12000 should be enough, if not you may enlarge it to 18000, need to switch back to 12000 once the issue is fixed) + 2. Add more storage to the EBS + +### Alert Runbook: \[ S2 - Error \] \[ farm-name \] SMA/CMS RDS DBLoad alert + +**Alert Description:** This alert is triggered when DBLoad is more than 2 times of CPU number for more than one hour(AWS Specific, via performance insight). The database is overloaded. + +**Alert Severity:** S2 - Error + +**Alert Trigger Conditions:** + +- Metric:RDS DBLoad +- Threshold: 2 times of CPU number +- Duration: 1 hour + +**Actions:** + +1. Check + 1. AWS console → RDS → Performance Insight to check which kind of operation is taking the most of time + +### Alert Runbook: \[ S1 - Critical \] \[ farm-name \] SMA/CMS RDS DBLoad alert + +**Alert Description:** This alert is triggered when DBLoad is more than 4 times of CPU number for more than one hour. The database is mostly overloaded on CPU. + +**Alert Severity:** S1 - Critical + +**Alert Trigger Conditions:** + +- Metric:RDS DBLoad +- Threshold: 4 times of CPU number +- Duration: one hour + +**Actions:** + +1. Check + 1. AWS console → RDS → Performance Insight to check which kind of operation is taking the most of time + +### Alert Runbook: \[ S3 - Warning \] \[ farm-name \] SMA/CMS RDS DBLoadNonCPU alert + +**Alert Description:** This alert is triggered when DBLoadNonCPU is more than 1 times of CPU number more than one hour. The database is blocked on some areas other than CPU, it can be blocked by DB locks, read/write IO and other reasons. + +**Alert Severity:** S3 - Warning + +**Alert Trigger Conditions:** + +- Metric:RDS DBLoadNonCPU +- Threshold: 1 times of CPU number +- Duration: 1 hour + +**Actions:** + +1. Check + 1. AWS console → RDS → Performance Insight to check which operation is taking the most of time + +### Alert Runbook: \[ S2 - Error \] \[ farm-name\] Node CPU Usage alert + +**Alert Description:** This alert is triggered when node CPU more than 97% for more than 60 mins. The instance is almost running out of CPU for more than 60 mins. + +**Alert Severity:** S2 - Error + +**Alert Trigger Conditions:** + +- Metric:Node CPU Usage +- Threshold: 97% +- Duration: 60mins + +**Actions:** + +1. Todo + 1. Keep monitoring + +### Alert Runbook: \[ S2 - Error \] \[ farm-name \] Node CPU System alert + +**Alert Description:** This alert is triggered when node sy: system >70% for more than 60 mins. The instance too busy on its own system operation to handle the tasks for normal business. + +**Alert Severity:** S2 - Error + +**Alert Trigger Conditions:** + +- Metric:Node CPU System +- Threshold: 70% +- Duration: 60mins + +**Actions:** + +1. Todo + 1. Keep monitoring + +### Alert Runbook: \[ S2 - Error \] \[ farm-name \] Node CPU Soft Interrupts alert + +**Alert Description:** This alert is triggered when node si: soft interrupts > 15% for more than 60 mins. The instance is almost running out of CPU for more than 60 mins. + +**Alert Severity:** S2 - Error + +**Alert Trigger Conditions:** + +- Metric:Node CPU Soft Interrupts +- Threshold: 15% +- Duration: 60mins + +**Actions:** + +1. Todo + 1. Keep monitoring + +### Alert Runbook: \[ S3 - Warning \] \[ farm-name \] Node Mem Usage alert + +**Alert Description:** This alert is triggered when node memory more than 95% for more than 10 mins. The instance is almost running out of Mem for more than 60 mins. + +**Alert Severity:** S3 - Warning + +**Alert Trigger Conditions:** + +- Metric:Node Mem Usage +- Threshold: 95% +- Duration: 10mins + +**Actions:** + +1. Todo + 1. Keep monitoring + +### Alert Runbook: \[ S3 - Warning \] \[ farm-name \] Node Disk Usage alert + +**Alert Description:** This alert is triggered when node disk usage more than 95%. The instance is almost running out of disk. + +**Alert Severity:** S3 - Warning + +**Alert Trigger Conditions:** + +- Metric:Node Disk Usage +- Threshold: 95% +- Duration: immdediatey + +**Actions:** + +1. Todo + 1. Add more storage to the disk + +### Alert Runbook: \[ S3 - Warning \] \[ farm-name \] Disk Inode Usage alert + +**Alert Description:** This alert is triggered when disk inode usage is more than 97%. The instance will be blocked by the soft limit on OS level (Inode) very soon. + +**Alert Severity:** S3 - Warning + +**Alert Trigger Conditions:** + +- Metric:Disk Inode Usage +- Threshold: 97% +- Duration: immdediatey + +**Actions:** + +1. Todo + 1. Restart pods on the instance to release inode usage + 2. If above step cannot help, need to open an incident for further analysis. + +### Alert Runbook: \[ S3 - Warning \] \[ farm-name \] Node Load Avg 15m/core + +**Alert Description:** This alert is triggered when node Load Avg 15m/core number > 200% for 35 mins. The instance is overloaded for more than 35 mins. + +**Alert Severity:** S3 - Warning + +**Alert Trigger Conditions:** + +- Metric:Node Load Avg 15m/core +- Threshold: 2 +- Duration: 35mins + +**Actions:** + +1. Todo + 1. Keep monitoring + 2. If it happens multiple times in a day, run the rebalancing pod script. + +### Alert Runbook: \[ S2 - Error \] \[ farm-name \] Pod CPU usage alert + +**Alert Description:** This alert is triggered when CPU more than 97% for more than 60 mins. The instance is almost running out of CPU for more than 60 mins. + +**Alert Severity:** S2 - Error + +**Alert Trigger Conditions:** + +- Metric:Pod CPU usage +- Threshold: 97% +- Duration: 60mins + +**Actions:** + +1. Todo + 1. Keep monitoring + +### Alert Runbook: \[ S3 - Warning \] \[ farm-name \] Pod Inode Usage alert + +**Alert Description:** This alert is triggered when pod Inode usage(free/total) is more than 97%. The instance will be blocked by the soft limit on OS level (Inode) very soon. + +**Alert Severity:** S3 - Warning + +**Alert Trigger Conditions:** + +- Metric:Pod Inode Usage +- Threshold: 97% +- Duration: immdediatey + +**Actions:** + +1. Todo + 1. Restart pods on the instance to release inode usage + 2. If above step cannot help, need to open an incident for further analysis. + +### Alert Runbook: \[ S0 - Urgent \] \[ farm-name \] SMA Unavailable k8s resource alert + +**Alert Description:** This alert is triggered when these services (portal / runtime ui/ gateway/ platform / redis / rabbitmq / bo-login / idm / bo-ats / ingress-nginx / sma-ui / bo-farcade) are not available now. + +**Alert Severity:** S0 - Urgent + +**Alert Trigger Conditions:** + +- Metric:services not available +- Threshold: 0 +- Duration: immdediatey + +**Actions:** + +1. Todo + 1. Run 'kubectl describe -n ' and 'kubectl logs -n ' to understand the reason of the failure + 2. Try to fix based on the results from step 1. + +### Alert Runbook: \[ S2 - Error \] \[ farm-name \] SMA Unavailable k8s resource alert + +**Alert Description:** This alert is triggered when these services (others not in S0, search related (content, DIH, DAH, search, proxy) / auto pass / bo-ui / bo-user) are not available now. + +**Alert Severity:** S2 - Error + +**Alert Trigger Conditions:** + +- Metric:services not available +- Threshold: 0 +- Duration: immdediatey + +**Actions:** + +1. Todo + 1. Run 'kubectl describe -n ' and 'kubectl logs -n ' to understand the reason of the failure + 2. Try to fix based on the results from step 1. + +### Alert Runbook: \[ S3 - Warning \] \[ farm-name \] SMA Unavailable k8s resource alert + +**Alert Description:** This alert is triggered when these services (XMPP / XIE / Smart Ticket / stx / virtual agent / ppo / web socket gateway / smart-ui / ocr / smarta-installer ) are not available now. + +**Alert Severity:** S3 - Warning + +**Alert Trigger Conditions:** + +- Metric:services not available +- Threshold: 0 +- Duration: immdediatey + +**Actions:** + +1. Todo + 1. Run 'kubectl describe -n ' and 'kubectl logs -n ' to understand the reason of the failure + 2. Try to fix based on the results from step 1. + +### Alert Runbook: \[ S4 - Info \] \[ farm-name \] SMA Unavailable k8s resource alert + +**Alert Description:** This alert is triggered when services out side of ESM / toolkit are not available now. + +**Alert Severity:** S4 - Info + +**Alert Trigger Conditions:** + +- Metric:services not available +- Threshold: 0 +- Duration: immdediatey + +**Actions:** + +1. Todo + 1. Run 'kubectl describe -n ' and 'kubectl logs -n ' to understand the reason of the failure + 2. Try to fix based on the results from step 1. + +### Alert Runbook: \[ S0 - Urgent \] \[ farm-name \] CMS Unavailable k8s resource alert + +**Alert Description:** This alert is triggered when these services (itom-cms-gateway, itom-idm, itom-ingress-controller, itom-ucmdb-browser, tom-ucmdb-solr, itom-ucmdb) are not available now. + +**Alert Severity:** S0 - Urgent + +**Alert Trigger Conditions:** + +- Metric:services not available +- Threshold: 0 +- Duration: immdediatey + +**Actions:** + +1. Todo + 1. Run 'kubectl describe -n ' and 'kubectl logs -n ' to understand the reason of the failure + 2. Try to fix based on the results from step 1. + +### Alert Runbook: \[ S2 - Error \] \[ farm-name \] CMS Unavailable k8s resource alert + +**Alert Description:** This alert is triggered when these services ( itom-autopass-lms, itom-vault) are not available now. + +**Alert Severity:** S2 - Error + +**Alert Trigger Conditions:** + +- Metric:services not available +- Threshold: 0 +- Duration: immdediatey + +**Actions:** + +1. Todo + 1. Run 'kubectl describe -n ' and 'kubectl logs -n ' to understand the reason of the failure + 2. Try to fix based on the results from step 1. + +### Alert Runbook: \[ S4 - Info \] \[ farm-name \] CMS Unavailable k8s resource alert + +**Alert Description:** This alert is triggered when these services ( itom-ucmdb-probe, itom-ucmdb-dfp-lunux-installer, itom-ucmdb-dfp-windows-installer, itom-ucmdb-localclient-installers ) are not available now. + +**Alert Severity:** S4 - Info + +**Alert Trigger Conditions:** + +- Metric:services not available +- Threshold: 0 +- Duration: immdediatey + +**Actions:** + +1. Todo + 1. Run 'kubectl describe -n ' and 'kubectl logs -n ' to understand the reason of the failure + 2. Try to fix based on the results from step 1. + +### Alert Runbook: Pod Load Avg 10s + +**Alert Description:** This alert is triggered when Pod Load Avg 10s is more than 200% for 35mins. + +**Alert Severity:** S3 - Warning + +**Alert Trigger Conditions:** + +- Metric:Pod Load Avg 10s +- Threshold: 200% +- Duration: 35mins + +**Actions:** + +1. Todo + 1. Keep monitoring + 2. If it happens multiple times in a day, run the rebalancing pod script. + +### Alert Runbook: \[ S3 - Warning \] \[ farm-name \] SmartA Data Compact Ration alert + +**Alert Description:** This alert is triggered when content data ratio(total doc/committed doc) is more than 1.20. All the query against the IDOL will take more time and get slowed down. + +**Alert Severity:** S3 - Warning + +**Alert Trigger Conditions:** + +- Metric:SmartA Data Compact Ration +- Threshold: 1.20 +- Duration: immdediatey + +**Actions:** + +1. Todo + 1. Run the jenkins job of IDOL compact. + 2. Or follow the steps in the guide below + [https://docs.microfocus.com/doc/SMAX/23.4/Searchslow](https://docs.microfocus.com/doc/SMAX/23.4/Searchslow) + +### Alert Runbook: \[ S3 - Warning \] \[ farm-name \] Rabbitmq Queue alert + +**Alert Description:** This alert is triggered when each rabbitmq node queue > 200 / 250 for more than 30 mins (200 for medium profile or lower, 250 for large profile). The rabbitmq queues are in a higher than normal. + +**Alert Severity:** S3 - Warning + +**Alert Trigger Conditions:** + +- Metric:Rabbitmq Queue +- Threshold: 200/250 +- Duration: 30mins + +**Actions:** + +1. Todo + 1. Keep monitoring + 2. If it is getting higher continuously, consider performing the same steps mentioned here. + [https://docs.microfocus.com/doc/SMAX/23.4/RabbitMQNotStart#Solution](https://docs.microfocus.com/doc/SMAX/23.4/RabbitMQNotStart#Solution) + +### Alert Runbook: \[ S3 - Warning \] \[ farm-name \] Rabbitmq Messages/Minute alert + +**Alert Description:** This alert is triggered when Pending Messages/Minute > 500 for more than 30 mins. The pending messages in rabbitmq are getting accumulated. + +**Alert Severity:** S3 - Warning + +**Alert Trigger Conditions:** + +- Metric:Rabbitmq Messages/Minute +- Threshold: 500 +- Duration: 30mins + +**Actions:** + +1. Todo + 1. Keep monitoring + 2. If it is getting higher continuously, consider performing the same steps mentioned here. + [https://docs.microfocus.com/doc/SMAX/23.4/RabbitMQNotStart#Solution](https://docs.microfocus.com/doc/SMAX/23.4/RabbitMQNotStart#Solution) + +### Alert Runbook: Message queue not equally distributed to different cluster nodes + +**Alert Description:** This alert is triggered when Message queue not equally distributed to different cluster nodes. Rabbitmq nodes are not working in a cluster. This can cause rabbitmq working not in a stable way. + +**Alert Severity:** S1 - Critical + +**Alert Trigger Conditions:** + +- Metric:Rabbitmq Message queue +- Threshold: TBD +- Duration: TBD + +**Actions:** + +1. Todo + 1. Scale down the rabbitmq node which is not in the cluster. + 2. Remove the `/data/xservices/rabbitmq/x.x.x.xx/mnesia` folders on the NFS server or the bastion node + 3. Wait until the rabbitmq nodes to be ready + +### Alert Runbook: \[ S4 - Info \] \[ farm-name \] IDM active users alert + +**Alert Description:** This alert is triggered when per profile, medium profile > 1100 for more than 30 mins, large profile > 3000 for more than 30 mins. The active user number is more than the target size. + +**Alert Severity:** S4 - Info + +**Alert Trigger Conditions:** + +- Metric:IDM active users +- Threshold: 1100/3000 +- Duration: 30mins + +**Actions:** + +1. Todo + 1. Keep monitoring + +### Alert Runbook: \[ S2 - Error \] \[ farm-name \] Gateway Tomcat https connector currentThreadsBusy alert + +**Alert Description:** This alert is triggered when Tomcat https connector currentThreadsBusy > 30 for 30 mins. The active user number is more than the target size. + +**Alert Severity:** S2 - Error + +**Alert Trigger Conditions:** + +- Metric:Gateway Tomcat https connector currentThreadsBusy +- Threshold: 30 +- Duration: 30mins + +**Actions:** + +1. Todo + 1. If the number do not drop, considering rolling restart current deployment, for example, gateway/platform/serviceportal + 2. If the number cannot drop after above steps, do rollong restart xmpp. + 3. If the number cannot drop after above steps, take thread dump for the pod with issue. + [How to generate thread dump and memory dumps for java applications](https://rndwiki.houston.softwaregrp.net/confluence/display/SMA/How+to+generate+thread+dump+and+memory+dumps+for+java+applications) + +### Alert Runbook: \[ S2 - Error \] \[ farm-name \] Gateway Httpclient InUse alert + +**Alert Description:** This alert is triggered when Httpclient InUse > 20 for 30 mins. The active user number is more than the target size. + +**Alert Severity:** S2 - Error + +**Alert Trigger Conditions:** + +- Metric:Gateway Httpclient InUse +- Threshold: 20 +- Duration: 30mins + +**Actions:** + +1. Todo + 1. If the number do not drop, considering rolling restart current deployment, for example, gateway/platform/serviceportal + 2. If the number cannot drop after above steps, do rollong restart xmpp. + 3. If the number cannot drop after above steps, take thread dump for the pod with issue. + [How to generate thread dump and memory dumps for java applications](https://rndwiki.houston.softwaregrp.net/confluence/display/SMA/How+to+generate+thread+dump+and+memory+dumps+for+java+applications) + +### Alert Runbook: \[ S2 - Error \] \[ farm-name \] Platform Tomcat https connector currentThreadsBusy alert + +**Alert Description:** This alert is triggered when Tomcat https connector currentThreadsBusy > 30 for 30 mins. The active user number is more than the target size. + +**Alert Severity:** S2 - Error + +**Alert Trigger Conditions:** + +- Metric:Platform Tomcat https connector currentThreadsBusy +- Threshold: 30 +- Duration: 30mins + +**Actions:** + +1. Todo + 1. If the number do not drop, considering rolling restart current deployment, for example, gateway/platform/serviceportal + 2. If the number cannot drop after above steps, do rollong restart xmpp. + 3. If the number cannot drop after above steps, take thread dump for the pod with issue. + [How to generate thread dump and memory dumps for java applications](https://rndwiki.houston.softwaregrp.net/confluence/display/SMA/How+to+generate+thread+dump+and+memory+dumps+for+java+applications) + +### Alert Runbook: \[ S2 - Error \] \[ farm-name \] Platform Httpclient InUse alert + +**Alert Description:** This alert is triggered when Httpclient InUse > 20 for 30 mins. The active user number is more than the target size. + +**Alert Severity:** S2 - Error + +**Alert Trigger Conditions:** + +- Metric:Platform Httpclient InUse +- Threshold: 20 +- Duration: 30mins + +**Actions:** + +1. Todo + 1. If the number do not drop, considering rolling restart current deployment, for example, gateway/platform/serviceportal + 2. If the number cannot drop after above steps, do rollong restart xmpp. + 3. If the number cannot drop after above steps, take thread dump for the pod with issue. + [How to generate thread dump and memory dumps for java applications](https://rndwiki.houston.softwaregrp.net/confluence/display/SMA/How+to+generate+thread+dump+and+memory+dumps+for+java+applications) + +### Alert Runbook: \[ S2 - Error \] \[ farm-name \] Serviceportal Tomcat https connector currentThreadsBusy alert + +**Alert Description:** This alert is triggered when Tomcat https connector currentThreadsBusy > 30 for 30 mins. The active user number is more than the target size. + +**Alert Severity:** S2 - Error + +**Alert Trigger Conditions:** + +- Metric:Serviceportal Tomcat https connector currentThreadsBusy +- Threshold: 30 +- Duration: 30mins + +**Actions:** + +1. Todo + 1. If the number do not drop, considering rolling restart current deployment, for example, gateway/platform/serviceportal + 2. If the number cannot drop after above steps, do rollong restart xmpp. + 3. If the number cannot drop after above steps, take thread dump for the pod with issue. + [How to generate thread dump and memory dumps for java applications](https://rndwiki.houston.softwaregrp.net/confluence/display/SMA/How+to+generate+thread+dump+and+memory+dumps+for+java+applications) + +### Alert Runbook: \[ S2 - Error \] \[ farm-name \] Serviceportal Httpclient InUse alert + +**Alert Description:** This alert is triggered when Httpclient InUse > 20 for 30 mins. The active user number is more than the target size. + +**Alert Severity:** S2 - Error + +**Alert Trigger Conditions:** + +- Metric:Serviceportal Httpclient InUse +- Threshold: 20 +- Duration: 30mins + +**Actions:** + +1. Todo + 1. If the number do not drop, considering rolling restart current deployment, for example, gateway/platform/serviceportal + 2. If the number cannot drop after above steps, do rollong restart xmpp. + 3. If the number cannot drop after above steps, take thread dump for the pod with issue. + [How to generate thread dump and memory dumps for java applications](https://rndwiki.houston.softwaregrp.net/confluence/display/SMA/How+to+generate+thread+dump+and+memory+dumps+for+java+applications) diff --git a/knowledgebase/csd-wiki/ICSD/Alerting-Response-Process_686073639.md b/knowledgebase/csd-wiki/ICSD/Alerting-Response-Process_686073639.md new file mode 100644 index 00000000..843caaa8 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/Alerting-Response-Process_686073639.md @@ -0,0 +1,2 @@ +# Alerting-Response-Process_686073639 +Created by on Jan 21, 2025 EST diff --git a/knowledgebase/csd-wiki/ICSD/Allowable-SMAX-Attachment-Extensions_686065217.md b/knowledgebase/csd-wiki/ICSD/Allowable-SMAX-Attachment-Extensions_686065217.md new file mode 100644 index 00000000..e6339608 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/Allowable-SMAX-Attachment-Extensions_686065217.md @@ -0,0 +1,20 @@ +# Allowable-SMAX-Attachment-Extensions_686065217 +## Introduction + +In SaaS, customers may request changes to allow different attachment types in their tenant. The default list CAN be customized, but only with attachment externsions which have already been approved by the PM team. + +The following screen print shows the default list (out of the box) of allowable extensions. It is common that customers will request changes to this list: + +![](attachments/686065217/686065216.png) + +## Approved Attachment Extensions + +The following PCS article shows the approved list of attachment extensions:[https://us2-smax.saas.microfocus.com/saw/Article/107708/general?TENANTID=488503157](https://us2-smax.saas.microfocus.com/saw/Article/107708/general?TENANTID=488503157) + +If a customer is requesting to add an extension which is not on this list, you must first get approval from PM team (Dean Clayton). + +Either way if the extension is approved or denied add an entry on the article for future reference + +## Attachments: + +[image2024-1-9\_10-37-24.png](attachments/686065217/686065216.png) (image/png) diff --git a/knowledgebase/csd-wiki/ICSD/Apply-Resource-Bundle-Cache-Config_688983031.md b/knowledgebase/csd-wiki/ICSD/Apply-Resource-Bundle-Cache-Config_688983031.md new file mode 100644 index 00000000..2695cb20 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/Apply-Resource-Bundle-Cache-Config_688983031.md @@ -0,0 +1,74 @@ +# Apply-Resource-Bundle-Cache-Config_688983031 +## Purpose + +The RDS CPU usage rate for resource bundle exceeds 5%. It is recommended to execute the runbook when the total RDS CPU rate is high. + +## Introduction + +There are 3 configmap keys added for Resource Bundle Local Cache in SMAX 24.3 version, this doc is used to provide scripts to apply this change. + +## Add Configmap Keys + +Run following cmd: + +``` +kubectl patch configmap itom-xruntime-infra-config -n --type merge -p '{"data":{"RESOURCE_BUNDLE_HEAVY_TENANT": "", "RESOURCE_BUNDLE_MAX_SLIGHT_TENANT_SIZE": "10", "RESOURCE_BUNDLE_MAX_LOCALE_SIZE": "2"}}' +``` + +Replace and with corresponding values. If there are multi heavy tenants, split them with space. + +Here is a example: + +``` +kubectl patch configmap itom-xruntime-infra-config -n itsma-byqde --type merge -p '{"data":{"RESOURCE_BUNDLE_HEAVY_TENANT": "555500000", "RESOURCE_BUNDLE_MAX_SLIGHT_TENANT_SIZE": "10", "RESOURCE_BUNDLE_MAX_LOCALE_SIZE": "2"}}' +``` + +## Add env to platform pods + +a.Create a patched yaml file and add env + +``` +spec: + template: + spec: + containers: + - name: itom-xruntime-platform + env: + - name: RESOURCE_BUNDLE_HEAVY_TENANT + valueFrom: + configMapKeyRef: + name: itom-xruntime-infra-config + key: RESOURCE_BUNDLE_HEAVY_TENANT + - name: RESOURCE_BUNDLE_MAX_SLIGHT_TENANT_SIZE + valueFrom: + configMapKeyRef: + name: itom-xruntime-infra-config + key: RESOURCE_BUNDLE_MAX_SLIGHT_TENANT_SIZE + - name: RESOURCE_BUNDLE_MAX_LOCALE_SIZE + valueFrom: + configMapKeyRef: + name: itom-xruntime-infra-config + key: RESOURCE_BUNDLE_MAX_LOCALE_SIZE +``` + +b.Apply patch-platform.yaml file for all platform pods + +``` +kubectl patch deployment itom-xruntime-platform -n --patch-file patch-platform.yaml +``` + +All the platform pods(itom-xruntime-platform,itom-xruntime-platform-offline,itom-xruntime-platform-offline-ng,itom-xruntime-platform-readonly) need to apply this change. + +## Validation + +Go into platform pod, print env + +``` +echo $RESOURCE_BUNDLE_HEAVY_TENANT +``` + +Check the result is not empty. + +## Verification + +The RDS CPU usage rate for the resource bundle decreases compared to the value before applying the resolution after 1 working day. diff --git a/knowledgebase/csd-wiki/ICSD/Apply-license-to-ESM-customer-tenant_688996779.md b/knowledgebase/csd-wiki/ICSD/Apply-license-to-ESM-customer-tenant_688996779.md new file mode 100644 index 00000000..b9b6ef56 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/Apply-license-to-ESM-customer-tenant_688996779.md @@ -0,0 +1,17 @@ +# Apply-license-to-ESM-customer-tenant_688996779 +**Related pages** + +- Page: + [ESM Cloud Farm Version Tracking](/display/ICSD/ESM+Cloud+Farm+Version+Tracking) +- Page: + [How to get an Opentext Confluence account](/display/ICSD/How+to+get+an+Opentext+Confluence+account) +- Page: + [ITOM APM AppPluse Cloud Farm Information](/display/ICSD/ITOM+APM+AppPluse+Cloud+Farm+Information) +- Page: + [ITOM Cloud Service Ops Doc Management Process](/display/ICSD/ITOM+Cloud+Service+Ops+Doc+Management+Process) +- Page: + [ITOM ESM Cloud Service Catalog](/display/ICSD/ITOM+ESM+Cloud+Service+Catalog) +- Page: + [ITOM OpsB NOM Cloud Service Catalog](/display/ICSD/ITOM+OpsB+NOM+Cloud+Service+Catalog) +- Page: + [OpsB and NOM Cloud Deployments Version Tracking](/display/ICSD/OpsB+and+NOM+Cloud+Deployments+Version+Tracking) diff --git a/knowledgebase/csd-wiki/ICSD/Assign-PCS-Cloud-Service-Request-to-Cloud-Ops-Group_684946781.md b/knowledgebase/csd-wiki/ICSD/Assign-PCS-Cloud-Service-Request-to-Cloud-Ops-Group_684946781.md new file mode 100644 index 00000000..dde393bb --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/Assign-PCS-Cloud-Service-Request-to-Cloud-Ops-Group_684946781.md @@ -0,0 +1,32 @@ +# Assign-PCS-Cloud-Service-Request-to-Cloud-Ops-Group_684946781 +## Introduction + +## Assign Cloud Service Request in PCS + +As you know our SaaS customer will submit both Service Request and Support Request to request all kinds of Cloud Service. Normally such Cloud Service request will be handled by Cloud Ops team with pre-defined Ops runbook. + +When you assign the PCS ticket to “ **SD:ESM SaaS Ops** ” group please ensure such request are related with pre-defined Cloud Service list. + +![](attachments/684946781/684946790.png) + +You need also to change the field “ **Classification -> Service** ” to select the appropriate service to clarify the purpose of the service request. + +![](attachments/684946781/684946789.png) + +If the customer request is not that clear, please ensure all clarification is done before assign the case to Cloud Ops group. This will help to improve the efficiency of case handling. + +If the customer request service is not in the list, please contact [Wei Shen](https://rndwiki.houston.softwaregrp.net/confluence/display/~wei.shen2@microfocus.com) [Brindusa Kevorkian](https://rndwiki.houston.softwaregrp.net/confluence/display/~brindusa.kevorkian@microfocus.com) for further clarification. + +## PCS Cloud Service Dashboard + +[https://app.powerbi.com/groups/fac06a69-6340-4715-b8fe-4bdc0ca9af14/reports/7a59b943-4ea1-42db-ad28-ad588614c918/ReportSectionb16be4fb47c90e542096?experience=power-bi](https://app.powerbi.com/groups/fac06a69-6340-4715-b8fe-4bdc0ca9af14/reports/7a59b943-4ea1-42db-ad28-ad588614c918/ReportSectionb16be4fb47c90e542096?experience=power-bi) + +![](attachments/684946781/684946791.png) + +## Introduction + +## Attachments: + +[image2023-11-20\_13-29-5.png](attachments/684946781/684946789.png) (image/png) +[image2023-11-20\_13-29-32.png](attachments/684946781/684946790.png) (image/png) +[image2023-11-22\_21-16-19.png](attachments/684946781/684946791.png) (image/png) diff --git a/knowledgebase/csd-wiki/ICSD/Audit-Compliance_686073912.md b/knowledgebase/csd-wiki/ICSD/Audit-Compliance_686073912.md new file mode 100644 index 00000000..ac3878cf --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/Audit-Compliance_686073912.md @@ -0,0 +1,5 @@ +# Audit-Compliance_686073912 +Created by, last modified by Wei Shen on Feb 13, 2025 EST + +- [Mega Audit Preparation](Mega-Audit-Preparation_689012718.html) +- [OpenText Mega Audit](OpenText-Mega-Audit_686073965.html) diff --git a/knowledgebase/csd-wiki/ICSD/Auto-healing-1.0_686083903.md b/knowledgebase/csd-wiki/ICSD/Auto-healing-1.0_686083903.md new file mode 100644 index 00000000..1990d57a --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/Auto-healing-1.0_686083903.md @@ -0,0 +1,33 @@ +# Auto-healing-1.0_686083903 +## Introduction + +This page presents all the specifications for fixing or healing. + +## Types of healing + +#### Scheduled healing + +- Weekly - Rolling restart key deployments +- Weekly - Smart Analytics Content Compact + +#### Event triggered healing + +- ALB 5xx alert - Rolling restart key deployments +- Database free memory alert - Rolling restart key deployments +- Smart Analytics Content data ratio(total doc/committed doc) alert - Smart Analytics Content Compact +- Tomcat https connector threads/MAX threads alert - Rolling restart specific deployments +- Httpclient InUse/Max alert - Rolling restart specific deployments + +## Mechanism to survive between false alarms + +The auto healing steps may caused by false alarms. In order to protect the farm from those auto healing steps, it's always required to use the actions with no availability and performance impact. + +For example, even the auto healing steps are triggered by accident, it should not impact the availability and performance of the farm. The mechanism can be in but not limited to below list: + +- The jobs can only be triggered once an hour +- Once restart is required, rolling restart should be used +- If the job is not executed successfully, notifications will be sent to administrators + +## Threshold + +For the thresholds, please consider the numbers from the guide in [monitoring](https://rndwiki.houston.softwaregrp.net/confluence/display/SMA/Monitoring). diff --git a/knowledgebase/csd-wiki/ICSD/Auto-healing-2.0_686083907.md b/knowledgebase/csd-wiki/ICSD/Auto-healing-2.0_686083907.md new file mode 100644 index 00000000..d57571f7 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/Auto-healing-2.0_686083907.md @@ -0,0 +1,122 @@ +# Auto-healing-2.0_686083907 +This page presents all the specifications for auto-fixing or auto-healing. It's a newer version based [v1.0](https://rndwiki.houston.softwaregrp.net/confluence/display/ICS/Auto+healing+1.0?src=contextnavpagetreemode) + +## Requirement + +Nowadays, customers have very strict requirements on SLA. In order to get the earliest alert on the availability issue, they even run Application Performance Monitoring probe three times every minute to detect the health of the target application they are using, in order to get the earliest alert on the availability issue. + +An SLA of 99.99% is becoming a standard for most of the business critical applications. + +In order to meet above requirements, once a critical application issue happens, which is impacting the SLA, it need to be resolved or recovered within minutes, otherwise customer escalations will arrive. + +However, it's not possible for a human to react to any critical issues within a few minutes. Thus, the auto healing idea is born, which leverages the auto healing applications to resolve the issues without human intervention. + +## Architecture Diagram + +#### Overall workflow + +![](https://rndwiki.houston.softwaregrp.net/confluence/download/attachments/1294436735/image2024-2-22_17-6-4.png?version=1&modificationDate=1708593982000&api=v2) + +- The auto healing can be triggerred by schdule / alert / manual input trigger +- Analysis process decides the workflow and triggers actions +- An example of actions can be collecting logs / rolling restart / compact storage. + +#### An example of auto healing + +![](https://rndwiki.houston.softwaregrp.net/confluence/download/attachments/1294436735/image2024-2-22_17-14-42.png?version=1&modificationDate=1708593986000&api=v2) + +1. The monitoring system keep monitoring the SMAX App IDOL Content data ratio (total doc/committed doc), when it's reaching to more than 1.2, grafana sends the request to API gateway. +2. A healing action is then triggered, since there is only one action, analysis process is not triggered. +3. The app doing the action fetches the configuration and credentials from AWS Parameter Store. (In this case, DynamoDB is not used. It will be used when there are lots of data to be collected and consolidated.) +4. The app sends the request to the farm to resolve the issue. +5. All the audit or logs will be kept in s3. + +## Scope + +For Auto healing 1.0, it's mainly to roll out a quick recovery option to PoC the capability of the solution. + +For Auto healing 2.0, the scope is changed to below + +1. Expanding to more farms with an easy way. + 1. Todo: add tasks in basecamp +2. Expanding to collection actions. + 1. Define the runbooks + 2. Rollout the collection actions - POC +3. Expanding the trigger and actions. + 1. Define the trigger + 2. Define the action + 3. Rollout the new triggers and actions +4. Exploring the Analysis process if possible. +5. Exploring the possibility of leveraging OpsB + +## Concepts + +#### Trigger + +The entrance of the auto-healing. + +- Scheduler: e.g.: 2:00 AM Daily +- User input +- Event: e.g.: + - ALB HTTP 5XX Count (More than 34 in a 3 mins time frame) + - Database Memory (Free memory less than 2% for more than 5 mins) + - SMAX App IDOL Content data ratio(total doc/committed doc) > 1.20 + - SMAX App Tomcat https connector currentThreadsBusy > 30 for 30 mins + - SMAX App Httpclient InUse > 20 for 30 mins + +#### Analysis Process (Optional) + +This process does the analysis and also decides the procedure of different actions like collections and healing actions. If there is only one action, analysis process is optional. + +#### Collection Actions + +The group of actions to do collection jobs. + +- Collect application logs +- Collect application dumps (thread dump, memory dump, etc) +- Collect application traces +- Add information to an incident + +#### Healing Actions + +The group of actions to do healing jobs. + +- Rolling restart key deployments +- SMAX App Smart Analytics Content Compact + +#### Target environment + +The farms with specific issue. + +#### Farm + +A deployment of suite product. + +## Combined triggers and healings + +#### Scheduled healing + +- Weekly - Rolling restart key deployments +- Weekly - Smart Analytics Content Compact + +#### Event triggered healing + +- ALB 5xx alert - Rolling restart key deployments +- Database free memory alert - Rolling restart key deployments +- Smart Analytics Content data ratio(total doc/committed doc) alert - Smart Analytics Content Compact +- Tomcat https connector threads/MAX threads alert - Rolling restart specific deployments +- Httpclient InUse/Max alert - Rolling restart specific deployments + +## Mechanism to survive with false alarms + +The auto healing steps may caused by false alarms. In order to protect the farm from those auto healing steps, it's always required to use the actions with no availability and performance impact. + +For example, even the auto healing steps are triggered by accident, it should not impact the availability and performance of the farm. The mechanism can be in but not limited to below list: + +- The jobs can only be triggered once an hour +- Once restart is required, rolling restart should be used +- If the job is not executed successfully, notifications will be sent to administrators + +## Reference + +1. [ESM Cloud Unified Monitoring](https://rndwiki.houston.softwaregrp.net/confluence/display/ICS/ESM+Cloud+Unified+Monitoring) diff --git a/knowledgebase/csd-wiki/ICSD/Automation-of-auto-healing_686083910.md b/knowledgebase/csd-wiki/ICSD/Automation-of-auto-healing_686083910.md new file mode 100644 index 00000000..a4bccfab --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/Automation-of-auto-healing_686083910.md @@ -0,0 +1,19 @@ +# Automation-of-auto-healing_686083910 +Created by on Jan 23, 2025 EST + +## Introduction + +This page presents all the activities required for automation of auto-healing. + +## Auto Deployment + +1. Basic infra deployment (supports auto-healing) + 1. API gateway + 2. DynamoDB (Optional) + 3. Parameter Store + 4. S3 +2. Auto-application deployment + 1. Analysis App + 2. Collecting Actions App + 3. Healing Actions App +3. Notification / Audit / Logging configurations diff --git a/knowledgebase/csd-wiki/ICSD/Aviator-widget-on-boarding-tasks-for-OpsB_686073595.md b/knowledgebase/csd-wiki/ICSD/Aviator-widget-on-boarding-tasks-for-OpsB_686073595.md new file mode 100644 index 00000000..2bdf9d02 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/Aviator-widget-on-boarding-tasks-for-OpsB_686073595.md @@ -0,0 +1,159 @@ +# Aviator-widget-on-boarding-tasks-for-OpsB_686073595 +## Introduction + +This documents provides a sequence of tasks required for Aviator widget on-boarding on OpsB as a reference for operations team. Follow the tasks one by one. + +**Assumptions** + +- The ESM SMAX tenant and ITOM Aviator services mentioned in this document refer to ITOM ESM Cloud Offering and ITOM Aviator Cloud Offering. +- The ITOM Aviator service mentioned in this document serves OpsB Cloud Offering and OpsB On-Premise. +- ITOM Cloud Service Team: ESM/ITOM Aviator Cloud Service, OpsB Cloud Service; +- The ESM tenant admin user is created for OpsB customer who own the OpsB instance; +- The OpsB instance admin is the OpsB customer admin user; + +###### Training + +[KT\_ How to configure ITOM Aviator Widget for OpsB-20240521\_093308-Meeting Recording.mp4](https://opentextcorporation.sharepoint.com/:v:/s/ITOMSmartObservabilityCloudService/EY2k70siNgxGgwRfQSMuu_sB9iRudgIorKwF_yGgNG_3HA?e=v45MXS) + +## Compatibility + +| OpsB | ESM SMAX | ITOM Aviator | +| --- | --- | --- | +| 24.4 | 24.4 | 24.4 | + +## Prepare Aviator server + +### Task 1: Apply for a ESM tenant + +**Performed by: OpsB/NOM Cloud Service Team +** + +Contact ESM Cloud Service Team to apply for a ESM tenant (SMAX Only). + +Provide the following information: + +- FQDN of OpsB server (for task 4), e.g. [https://obm.internal.customer.com](https://obm.internal.customer.com/) + +### Task 2: Enable the Aviator capability for ESM SMAX tenant + +**Performed by: ESM Cloud Service team +** + +Refer to the following document to add the Aviator capability for a specific tenant. + +[https://staging.docs.microfocus.com/itom/ITOM\_Aviator:Main/AddAviatorSaaS](https://staging.docs.microfocus.com/itom/ITOM_Aviator:Main/AddAviatorSaaS) + +### Task 3: Import OpsB AI content + +**Performed by: ESM Cloud Service team +** + +A pre-defined dataset, crawled from external websites, is ready to prepare the OpsB tenant. The dataset includes: + +- PostgreSQL +- Kubernetes +- OBM +- OpsBridge +- Vertica + +**Pre-requisites:** +python 3 installed +pip3 install requests + +**Steps:** + +1. Download the **GoldenTenant-25.2.zip** file: + [GoldenTenant-25.2.zip](https://opentextcorporation.sharepoint.com/:u:/s/ITOMSmartObservabilityCloudService/EfBIA67Rb-dGpppRuVTxobwBK3UpuIbpslrz5UbGWglflw?e=Iwue0q) +2. Go to the bastion server of the farm and create a workspaces diectory and cd to there. +3. Unzip the files to your directory, which include the **GoldenTenant** folder and the **ImportGoldenTenant.py** file. +4. Use the following command to run the **ImportGoldenTenant.py** file to import the data to the target ESM tenant. + + Replace and with the host name and tenant id of the target tenant. + Replace with the credential of the system integration account + Replace with the import path of the Golden tenant data + ``` + python ImportGoldenTenant.py --host --tenant_id --integration_usr bo-integration@dummy.com --integration_pwd --input_dir + ``` +5. Validate the import in the **import\_process\_log.txt** log file. If the import process is triggered successfully, in the last line in the log file, the "total failed" number should be zero: + ``` + *********Total x split file, y split files success, 0 split files failed, total success x doc, total failed 0 doc.****** + ``` +6. Validate remote article in Smart Analytics: + After about 8 minutes (Delay sync interval), open Smart Analytics (**Suite administration >CONFIGURATIONS >Smart analytics >XService DAH 0**), and then enter the following query: + ``` + https://smarta-saw-dah-0:1443/action=query&text=*&FieldText=(MATCH{RemoteArticle}:ESS-DOCUMENT-TYPE)&print=all&DatabaseMatch=xservices_idol_ + ``` + Click the **RUN** button. + ![](attachments/686073595/686073577.png) + +## Prepare cross site configuration between OpsB and Aviator server + +### Task 4: Set CORS allow domain for OpsB + +**Performed by: ESM operations team** + +1. Log in SMAX agent page, go to "Administration -> AI Studio -> Configurations". +2. Set the base URL of OpsB server to " **Allowed origins for Aviator service** ", e.g. [https://obm.internal.customer.com:1234](https://obm.internal.customer.com:1234/ "https://obm.internal.customer.com:1234/")) + +![](attachments/686073595/686073580.png) + +## (Optional) Set SSO authentication + +### (Optional) Task 5: Apply to setup SSO for OpsB and ESM + +**Performed by: Customer / OpsB/NOM cloud service team / ESM operations team +** + +Configure SAML authentication and setup SSO for OpsB and ESM. Both are following the this guide: [https://docs.microfocus.com/doc/ESM/SaaS/ConfigureSAML](https://docs.microfocus.com/doc/ESM/SaaS/ConfigureSAML "https://docs.microfocus.com/doc/esm/saas/configuresaml") + +If you skip this task, then the end users will get a popup window to enter the credentials when accessing the Aviator widget. + +## Configure Aviator server in OpsB + +### Task 6: Provide Aviator config data + +**Performed by: ESM Cloud Service team** + +ESM Cloud Service team provides required information to OpsB/NOM cloud service team: + +- Aviator service host name of SMAX, e.g.: [https://eu3-smax-saas.microfocus.com](https://eu3-smax-saas.microfocus.com/) +- ![](attachments/686073595/686073584.png) +- Tenant ID, e.g. 1000003 +- ESM tenant admin user credential, which is used for task 8 + +### Task 7: Aviator server integration + +**Performed by: OpsB/NOM cloud service team (Customer for on-prem) +** + +After the Aviator capability has been successfully configured, ESM Cloud Service team will provide the SMAX server information to OpsB instance admin, so that OpsB instance admin can configure the Aviator integration into OBM. This requires a restart of all OBM omi servers. + +- OBM URL: **https:///obm/?tenant=Provider** + - Administration → Infrastructure Settings → Integrations → Aviator +- Aviator URL: Acutually this is SMAX FQDN which configured tenant to connect Aviator. e.g. [https://eu3-smax-saas.microfocus.com](https://eu3-smax-saas.microfocus.com/) +- Aviator Tenant: SMAX tenant ID +- Enble Aviator: true +- Aviator Authentication Group + - If you didn't configure SSO in task 5, then the value will be "db" + - If you configured SSO in task 5, then the value will be the CONGIGURATION GROUP name for above SMAX tenant. See Aviator Authentication Group value provided in task 6. + +![](attachments/686073595/686073587.png) + +![](attachments/686073595/686073589.png) + +### (Optional) Task 8: Configure AI models + +**Performed by: OpsB/NOM cloud service team (24.2 only, as not supported to be done by customer yet) +** + +Perform this step if you have to add new AI models. + +Index external knowledge using IDOL connectors. See [Index external knowledge using IDOL connectors](https://staging.docs.microfocus.com/itom/SMAX:Main/IndexKnowledgeFromIDOL "Index external knowledge using IDOL connectors"). + +### Validate Aviator Widget in OBM + +**Performed by**: OpsB/NOM cloud service team + +Please go to OpsB home page and launch the Aviator by clicking the icon in the masthead. The widget should be launched successfully as below: + +![](attachments/686073595/686073592.png) diff --git a/knowledgebase/csd-wiki/ICSD/Aviator-widget-on-boarding-tasks-for-UCMDB_688982982.md b/knowledgebase/csd-wiki/ICSD/Aviator-widget-on-boarding-tasks-for-UCMDB_688982982.md new file mode 100644 index 00000000..d6d6165f --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/Aviator-widget-on-boarding-tasks-for-UCMDB_688982982.md @@ -0,0 +1,89 @@ +# Aviator-widget-on-boarding-tasks-for-UCMDB_688982982 +## Introduction + +This documents provides a sequence of tasks required for Aviator widget on-boarding on UCMDB as a reference for SaaS operations team. Follow the tasks one by one. + +## Compatibility + +| UCMDB | ESM SMAX | ITOM Aviator | +| --- | --- | --- | +| 25.1 | 25.1 | 25.1 | + +## Task 1: Prepare ESM tenant + +#### Scenario 1: Onboarding a New ESM Tenant + +Steps: + +1. Apply for an ESM Tenant: +- Contact the ESM Cloud Service Team to apply for an ESM tenant, which includes both SMAX and UCMDB. +3. Enable the Aviator Capability for the SMAX Tenant: +- Follow the instructions in the documentation to add the Aviator capability to the tenant([https://docs.microfocus.com/doc/SMAX/24.4/AddAviator](https://docs.microfocus.com/doc/SMAX/24.4/AddAviator)) + +#### Scenario 2: Existing ESM Tenant Without Aviator Capability Enabled + +Steps: + +1. Enable the Aviator Capability for the SMAX Tenant: +- Follow the instructions in the documentation to add the Aviator capability to the tenant([https://docs.microfocus.com/doc/SMAX/24.4/AddAviator](https://docs.microfocus.com/doc/SMAX/24.4/AddAviator)) + +#### Scenario 3: Existing ESM Tenant With Aviator Already Enabled, go to Task 2 directly + +## Task 2: Add UCMDB AI content with SMAX Tenant Admin user (only required for 25.1) + +Steps: + +1. Log in SMAX agent page, go to "Administration -> Studio +2. In Dropdown list select “Aviator Models". +3. Select Tab “Import Data”, click “Browse” upload CSV file “AviatorModel\_UCMDB.csv”, import it. + +[AviatorModel\_UCMDB.csv](attachments/688982982/688982971.csv) + +## Task 3: Set CORS allow domain for UCMDB + +Steps: + +1. Log in SMAX agent page, go to "Administration -> AI Studio -> Configurations". +2. Set the base URL of UCMDB server to "Allowed origins for Aviator service", e.g. [https://cms.esmupg.itsma-ng.org](https://cms.esmupg.itsma-ng.org/)) + +## (Optional) Task 4: Apply to setup SSO for UCMDB and ESM + +Refer to the following document to configure SAML authentication and setup SSO for UCMDB and SMAX. + +[Associate SMAX tenants with UCMDB customers for Single Sign-On - Service Management Automation X](https://docs.microfocus.com/doc/SMAX/23.4/AssociateTenantCustomer) + +If you skip this task, then the end users will get a popup window to enter the credentials when accessing the Aviator widget. + +## Task 5: Aviator server integration with UCMDB + +Add below settings for Aviator, they are all customer specific. And will take effect after re-login. Below are descriptions of settings added for Aviator. + +- Mandatory: + - aviator.host (Aviator Host Name or IP address) + - aviator.tenant (Aviator Tenant ID) +- Optional: + - aviator.port (Aviator Server Port, Default 443) + - aviator.root.context (Aviator Server URL Root Context, Default ‘/’) + - aviator.idm.auth.group (Aviator Authentication Configuration Group Name, it is required when using + +Steps: + +1. Use UCMDB sysadmin user login UCMDB URL: https:///jmx-console/ +2. Use method setSettingValue to set "Aviator Host Name or IP address" + 1. customerID: (example: 100000002) + 2. name: aviator.host + 3. value: (example: [eu3-smax-saas.microfocus.com](https://eu3-smax-saas.microfocus.com/)) +3. Use method setSettingValue to set "Aviator Tenant ID" + 1. customerID: (example: 100000002) + 2. name: aviator.tenant + 3. value: (example: 1000002) + +## Task6: Validate Aviator Widget in UCMDB + +- The Aviator widget is shown after login to UCMDB web UI. +- User can login to Aviator widget. +- When drill down into CI detail from Inventory, CI explorer, Global Search, the CI Summary button is shown. Can summarize individual CI and its related CI + - E.g. Go to CI explorer search for CI of node, Right click one CI and click properties, go to CI detail page. "Summarize this CI" button show and can summarize individual CI and its related CI +- User can ask ci related question using chat box, e.g. list this ci disk information + +![](attachments/688982982/688982977.png) diff --git a/knowledgebase/csd-wiki/ICSD/CMS-Customer-setup-flow-with-NSACM_688983312.md b/knowledgebase/csd-wiki/ICSD/CMS-Customer-setup-flow-with-NSACM_688983312.md new file mode 100644 index 00000000..65aec888 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/CMS-Customer-setup-flow-with-NSACM_688983312.md @@ -0,0 +1,192 @@ +# CMS-Customer-setup-flow-with-NSACM_688983312 +## Prerequisite for New SaaS fram + +### Step 1: Configure CMS Multi-tenancy + +1. **Enable CMS multi-tenant mode in a new SaaS farm** + By default CMS multi-tenant mode is **disabled**. This is a one-time job, when a new SaaS farm is set up, perform the following steps to enable CMS multi-tenant mode, if the SaaS farm has enabled CMS MT before, skip it. + - Open the UCMDB Server JMX Console of the Provider Customer, and search for **enableTenant**. + - In the enableTenant section, enter the value ‘ **All Tenants** ’ for tenantName. This is the name of the default UCMDB tenant of the first customer. + - Click Invoke. + - Restart the UCMDB server pod by the command: + ``` + kubectl rollout restart sts itom-ucmdb -n + ``` + - After the UCMDB default tenant is created, the multi-tenancy mode is enabled and all available UCMDB customers will have the default tenant ‘ **All Tenants** ’ created. +2. **Disable SaaS CMS ‘Owner tenant’** + Follow these steps to disable CI owner tenant so that owner tenant and consumer tenants won't mix up. + - Open the UCMDB Server JMX Console of the Provider Customer, and search for **setGlobalSettingValue**. + - Enter **[multi.tenancy.ci](http://multi.tenancy.ci/).ownerTenant.disabled** for name and set value to true. + - Click **Invoke** + ![](https://staging.docs.microfocus.com/mediawiki/images/a/ad/disable-owner-tenantpng.png) + +## Scenario 1 - Brand new CMS customer + +### Step 1: Provison a CMS customer via X4X (all tasks are automated) + +Auto creates a new CMS customer with the same tenantID as the SMAX tenant via X4X, including: + +- Create a customer via JMX +- Bind customer to IdM Org and create an admin group with SuperAdmin\[CMDB\] role, and bind tenant admin user to this group +- Allocate license +- NSACM needed post tasks: + - Set specific Identification rules as 'No Identification' for BusinessApplication, BusinessService, and InfrastructureService + - Add unknown in OsFamily + - Enable enhanced CI lifecycle + - **Configure metaphase default value as 'Inherited from the parent node' for node elements (Cpu, DiskDevice, FileSystem, and Interface in UCMDB** +- Enable NSACM + +### Step 2: Configure Remote CMS + +See details: [Config Remote CMS](https://docs.microfocus.com/doc/SMAX/24.3/SsoUcmdb). + +### Step 3: Enable enrichment rules in UCMDB (no need after 23.4) + +When a CI of a federated CI type is created or discovered in UCMDB, enrichment rules are implemented for mapping Subtypes of SMA. The SMAX folder contains preset enrichment rules for the federated CI types. By default, these enrichment rules are inactive, we recommend that you activate them all and don't make any changes unless you have customized Subtypes. To do this, open Enrichment Manager in UCMDB and activate all enrichment rules in the SMAX folder as below screenshot, this may take hours based on the customer’s data volume. + +![](https://staging.docs.microfocus.com/mediawiki/images/d/d7/smax-enrichmentrules.png) + +## Scenario 2 - On-premises UCMDB customer migrates to SaaS CMS + +### Step 1: Provison a CMS customer via X4X + +Auto creates a new CMS customer with the same tenantID as the SMAX tenant via X4X, including: + +- Create a customer via JMX +- Bind customer to IdM Org and create an admin group with SuperAdmin\[CMDB\] role, and bind tenant admin user to this group +- Allocate license + +### Step 2: Migrate On-prem UCMDB data to SaaS CMS (TS team) + +- Remove the CMS customer-provisioned in step one and keep the other settings. +- TS team will use DB move script to help the customer do the data migration from On-prem UMCBD to SaaS CMS, including: + - pg\_restore the database into the intermediate Database + - Export a pgb file from the intermediate database + - import the pgb file into the target database + - Disable aging + - Set On-Prem UCMDB consumer tenant as "All Tenants", set owner tenant as "All Tenants" via script + - Create a new CMS customer with the same ID as the SMAX tenant +- Restart the customer +- Apply content pack: + - Run rebuildModelDBSchemaAndViews JMX call and then Upgrade CP +- Align the history: + - Run alignHistoryForType JMX call + +### Step 3: Map the CMS Consumer customer to the IdM organization + +To define the mapping between the CMS Consumer customer and the IdM organization, follow these steps as **suite-admin**: + +1. Log in to the JMX Console of the CMS Provider customer: **https://:/jmx-console** +2. Search for the **assignIDMInfo** JMX method in the **UCMDB:service=Customer and States Services** category. +3. Provide values for the following parameters: + View Fullscreen + | Parameter | Required | Description | Example | + | --- | --- | --- | --- | + | customerID | Yes | Enter the CMS Consumer customer ID that you created in "Step 2: Create a CMS Consumer customer". This should be the same as the SMAX tenant ID created in step 1. | 654596672 | + | tenantName | Yes | Enter the IdM organization ID. This is the same as the SMAX tenant ID created in step 1. This will then map the CMS customer ID to the IdM organization. | 654596672 | + | defaultGroup | No | This sets the Default UCMDB group used by IdM users. Users in that group will inherit all the roles assigned to that default group. Make sure the default group is assigned with proper permissions for accessing CMS UI and if relevant the UCMDB Admin UI. | | +4. Click **Invoke**. + +After you invoke the  **assignIDMInfo** operation in JMX, the system automatically triggers a process to seed the CMS OOTB roles to the mapped IdM organization. + +To check the seeding status, follow these steps as **suite-admin**: + +1. Log in to the JMX Console of the CMS Provider customer: **https://:/jmx-console** +2. Search for the **showAllCustomers** JMX method in the **UCMDB:service=Customer and States Services** category. +3. Make sure that the value of column **Seeding role status** is **SUCCESS**. + +### Step 4: Assign the CMS license (SaaS Ops team) + +1. Sanity check CMS Customer +2. In case the CI update fails with the following error, run the jmx call alignHistoryForType for this customer + +![](https://staging.docs.microfocus.com/mediawiki/images/b/b7/java_n47PobNjfb.png) + +### Step 5: Set specific Identification rules as 'No Identification' + +Log in to UCMDB Admin UI via the Local client of the **new created CMS customer**, locate to **BusinessApplication**, **BusinessService,** and **InfrastructureService,** and set the **Identification** as ‘ **No Identification’** for all of them, like the below screenshot: + +![](https://staging.docs.microfocus.com/mediawiki/images/8/8d/no-indentification.png) + +### Step 6: Extra configuration for Native SACM enablement + +1. **Add unknown in OsFamily** + Log in to UCMDB Admin UI via the Local client of the **newly created CMS customer**, click **CI Types** at the top, select **System Type Manager**, search **OsFamily** and edit, add unknown then click **OK** and **Apply**. + ![](https://staging.docs.microfocus.com/mediawiki/images/8/83/OsFamaily.png) + +### Step 7: Enable Native SACM + +See details: [Enable Native SACM](https://staging.docs.microfocus.com/itom/ESM:Main/NativeSacmSaas). + +### Step 8: Populate the metaphase name (no need after 23.4) + +**TODO, add more details** + +**sap/rest-client** + +**PUT../rest/531307643/cmsx/metaphaseName/reUpgrade** + +2\. due to **OCTCR19U1736320,** needs to clean up the license management [CleanUpLicenseTag](https://staging.docs.microfocus.com/itom/ESMSaaSOps:Main/CleanUpLicenseTag) once the metaphase name population is done + +3\. after the metaphase name is populated, need to run the full reindex of Solr to prevent potential OutOfMemory issue caused by incremental index: + +![](https://staging.docs.microfocus.com/mediawiki/images/5/5b/ApplicationFrameHost_hKeyZEwzj2.png) + +### Step 9: Configure Remote CMS + +See details: [Config Remote CMS](https://docs.microfocus.com/doc/SMAX/24.3/SsoUcmdb). + +### Step 10: Enable enrichment rules in UCMDB (Communicate with the customer) (no need after 23.4) + +When a CI of a federated CI type is created or discovered in UCMDB, enrichment rules are implemented for mapping Subtypes of SMA. The SMAX folder contains preset enrichment rules for the federated CI types. By default, these enrichment rules are inactive, we recommend that you activate them all and don't make any changes unless you have customized Subtypes. To do this, open Enrichment Manager in UCMDB and activate all enrichment rules in the SMAX folder as below screenshot, this may spend hours based on the customer’s data volume. + +![](https://staging.docs.microfocus.com/mediawiki/images/d/d7/smax-enrichmentrules.png) + +### Step 11: Enable enhanced CI lifecycle (Optional) + +It's recommended to enable the enhanced CI lifecycle. + +If the customer has the aging enabled on-prem, perform the following steps; if the customer doesn't have the aging enabled on-prem and does not agree to use the enhanced CI lifecycle solution, skip this step; if the customer doesn't have the aging enabled on-prem, and they agree to use the enhanced CI lifecycle solution, perform the following steps + +1. #### Enable the setting of enhanced CI lifecycle in CMS + See details: [Enable enhanced CI lifecycle in CMS UI](https://staging.docs.microfocus.com/itom/ESM:Main/CILifecycleAging#Enable_enhanced_CI_lifecycle_in_CMS_UI). +2. #### Configure metaphase for node elements in UCMDB + This is an additional step for the following NodeElement CI types in UCMDB: **Cpu**, **DiskDevice**, **FileSystem**, and **Interface**. + These NodeElement CI types correspond to CI attributes in SMAX. You need to manually configure metaphase for them so that they are included in the enhanced CI aging solution. + ![](https://staging.docs.microfocus.com/mediawiki/images/3/37/SMA202205_ci_aging_NodeElement.png) + To enable aging for a NodeElement CI type: + 1. Log in to the UCMDB Server. + 2. Go to **CI Type Manager** > **CI Type**, and select a node element CI type. + 3. Go to **Attributes**, select **Meta Phase** and thenclick the Edit icon. + 4. Select **Enable default value**, enter **Inherited from the parent node** or any other non-empty value in the **Default value** field and then click **OK**. + +Now, all newly created/detected NodeElement CIs will have a default value for metaphase. Then, you need to run enrichment rules to make sure all existing NodeElement CIs have a metaphase value. To do this, follow these steps: + +1. Log in to the UCMDB Server. +2. Go to **CI Type Manager** > **CI Type**, and then select **ConfigurationItem**. +3. Click the **Attributes** tab, select **Meta Phase**, then click **Edit**. +4. On the **Advanced** tab, check the **Editable** checkbox, then click **OK**. +5. Go to **Enrichment Manager** and create a new rule under the **SMAX** node. +6. In the **New Enrichment Rule** wizard, name the new rule and click **Next** till the end. +7. From the **CI Type Selector** on the right, find **ConfigurationItem** > **InfrastructureElement** > **NodeElement** > **CPU** and drag it to the main window in the center. +8. In **Query Mode**, double-click the CPU icon. +9. On the **Attributes** tab, create a new condition and click **OK**: + - **Attribute Name** = **Meta Phase - (string)** + - **Operator** = **Is null** +10. In **Enrichment Mode**, double-click the CPU icon. +11. Select **Meta Phase**, then enter **Inherited from the parent node** in the **Value** box. Click **OK**. +12. Right-click the rule you just created, then click **Activate Rule**. +13. Now, the rule for **CPU** is running. Repeat the same steps for **DiskDevice**, **FileSystem**, and **Interface**. +14. Wait till there are no node elements with the null meta phase. You can make sure of this using a query in **IT Universe Manager**. +15. Right-click each rule and click **Deactivate Rule**. +16. Remove all these four rules + +### Step 12: Validate CIs are consistent between SMAX and CMS + +There is a Jenkins job for this purpose + +### Step 13: Customer actions + +1. SMAX post-upgrade actions +2. Reconfigure Probes and credentials +3. [Enable aging in CMS](https://staging.docs.microfocus.com/itom/ESMSaaSOps:Main/CmsAging#Enable_agingging#Enable_aging). diff --git a/knowledgebase/csd-wiki/ICSD/CSD-RnD-and-Ops-discussion-topics_713175513.md b/knowledgebase/csd-wiki/ICSD/CSD-RnD-and-Ops-discussion-topics_713175513.md new file mode 100644 index 00000000..9c40ab1f --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/CSD-RnD-and-Ops-discussion-topics_713175513.md @@ -0,0 +1,73 @@ +# CSD-RnD-and-Ops-discussion-topics_713175513 +## Introduction + +This document tracks down the requests from one side to the other, on SMAX, Aviator and DCA farms: upgrades, improvements, infrastructure changes etc. + +## Roles + +| Role | Label | +| --- | --- | +| Cloud Service PMO | CLOUD PMO | +| Cloud DevOps Engineer | CLOUD OPS | +| Core CPE Brindusa K. | CORE CPE | +| PPM Dean Clayton | PPM | +| Aviator PMO | AV. PMO | +| Aviator RnD Engineer | AV. RND | +| SMAX PMO | SMAX PMO | +| ESM PM/RnD | ESM PRND | +| UCMDB PM/RnD | UCMDB PRND | +| OO PM/RnD | OO PRND | +| OP PM/RnD | OP PRND | +| DCA PM/RnD | | +| Automation Center RnD | | + +## SMAX, Aviator and DCA farms here + +## Questions, requests, opportunities, micro-projects between SMAX, Aviator and DCA Ops and RnD teams + +## Format (The rules of the game) + +# +Topic title: Title of the topic +Details: As many tracking details as possible including at least: what is the current status, what is the next step, what are dependencies, who is the owner of this thread +Requested by: What team initiated it +Requested to: Who is the final answer being awaited from +Pending: Who is this topic pending on at the moment + +Aviator + +| | Status | Topic title | Details | Requested by | Requested to | Pending | Replies | +| --- | --- | --- | --- | --- | --- | --- | --- | +| 1 | ONGOING | Staging documentation on Aviator upgrade | Asked via email thread "Aviator 25.3 post-upgrade discussion", [Adina Lehene](https://confluence.opentext.com/display/~alehene) | CLOUD OPS | AV. RND | AV. PMO or AV. RND | | +| 2 | ONGOING | Aviator on EKS 1.32 compatibility and upgrade | Asked via email thread "AWS EKS 1.32 on Aviator", [Adina Lehene](https://confluence.opentext.com/display/~alehene) | CLOUD OPS | AV. RND | AV. PMO or AV. RND | Ops to start planning along with AL2023 AMI | +| 3 | ONGOING | Amazon Linux 2023 CCOE AMI compatibility and upgrade | Asked via email thread "Aviator change AMI to Amazon Linux 2023 (AL2023) by November 26, 2025", [Adina Lehene](https://confluence.opentext.com/display/~alehene) | CLOUD OPS | AV. RND | AV. PMO or AV. RND~~ 19 Sep 2025 | R&D certified AL2023 CCoE AMI. Ops need to adopt along with EKS 1.32 upgrade and start testing in September | +| 4 | ONGOING | Switch gp2 to gp3 on Aviator farm(s) | Asked via email thread "EU30-PROD Aviator farm needs more disk space and more nodes (additional costs)" [Adina Lehene](https://confluence.opentext.com/display/~alehene) | CLOUD OPS | PPM | CORE CPE or PPM | R&D is testing on their Staging environment. Saravanan will update soon. | +| 5 | ONGOING | New upcoming Aviator farms requests | Asked via email thread "Aviator farms of OSM", [Adina Lehene](https://confluence.opentext.com/display/~alehene) Follow-up: Tuesday 05 Aug 2025 | CLOUD OPS | PPM | AV. PMO or AV. RND and PPM | Still in discussion with management level for CSR | +| 6 | ONGOING | EU30 farm disk size issue | Asked via email thread "EU30-PROD Aviator farm needs more disk space and more nodes (additional costs)" [Adina Lehene](https://confluence.opentext.com/display/~alehene) | CLOUD OPS | PPM | CORE CPE or PPM | This can be executed along with gp2 to gp3 conversion | +| 7 | ONGOING | EU32-PROD replicated env. into RnD env. | Driving the email thread "EU30 and EU32 Aviator farm CI's" Asked verbally in a CSD team meeting via Sajith Kumar. CLOUD OPS to prepare a comparison between EU30 and EU32, [DILIP BEHERA](https://confluence.opentext.com/display/~dbehera2) and [Adina Lehene](https://confluence.opentext.com/display/~alehene) | AV. RND | CLOUD OPS | CLOUD OPS | Comparison document is ready and shared with R&D | +| 8 | ANSWERED | Aviator 25.3.1 and 25.3.2 compatibility with SMAX inquires | Asked via email thread "EU30-Aviator upgrade to 25.3 - Language Models issue 22/07/2025", [DILIP BEHERA](https://confluence.opentext.com/display/~dbehera2) and [Adina Lehene](https://confluence.opentext.com/display/~alehene) | CLOUD OPS | AV. RND | AV. RND | 1\. If Aviator-SMAX will work if: SMAX on 25.2.2 and some\* HF’s, while Aviator on 25.3.1? **Tanuj: Yes, it should work this combination and also SMAX+ Aviator on 25.3.1 should work.** 2\. If Aviator-SMAX will work if: SMAX on 25.2.2 and some\* HF’s, while Aviator on 25.3.2? **Tanuj: Yes, it should work this combination as this is a patch.** 3\. For an Aviator farm on version 25.3, in order to upgrade it to 25.3.2, is the 25.3.1 patch strictly necessary to get applied on it or 25.3.1 may be skipped? **Tanuj: NO, We have GEMINI feature introduced on 25.3.1,so please upgrade to 25.3.1 then to 25.3.2 and that's the plan we agree upon for all the farms as 25.3.2 will still take time.** | +| 9 | ONGOING | All Aviator farms | Asked via email thread "Identifying relevant logs for Aviator module investigation workflow", [Adina Lehene](https://confluence.opentext.com/display/~alehene) and [DILIP BEHERA](https://confluence.opentext.com/display/~dbehera2) | AV. RND | CLOUD OPS | AV. RND | | + + +SMAX + +| | Status | Topic title | Details | Requested by | Requested to | Pending | Replies | +| --- | --- | --- | --- | --- | --- | --- | --- | +| 1 | ONGOING | X4X not provisioning trial tenants after ESM upgrade on US2-PROD | Email thread: "ESM Trial requests - US2-PROD", [Adina Lehene](https://confluence.opentext.com/display/~alehene) | CLOUD OPS | CLOUD OPS Shanghai | CLOUD OPS Shanghai | | +| 2 | | | | | | | | + + +DCA + +| | Status | Topic title | Details | Requested by | Requested to | Pending | Replies | +| --- | --- | --- | --- | --- | --- | --- | --- | +| 1 | ONGOING | DCA farms upgrading ITOM and EKS vers. | Asked via email thread "DCA SaaS", [Adina Lehene](https://confluence.opentext.com/display/~alehene) | CLOUD OPS | | | | +| 2 | DONE | One DCA farm decommissioning | Discussed in the meeting "SA Reporting SaaS account - Migration to Operations Platform Multitenant", [Sajith Kumar A R](https://confluence.opentext.com/display/~ssajith) and [Adina Lehene](https://confluence.opentext.com/display/~alehene) | CLOUD OPS | | | Thread closed. | +| 3 | | | | | | | | + +Automation Center (AC) + +| | Status | Topic title | Details | Requested by | Requested to | Pending | Replies | +| --- | --- | --- | --- | --- | --- | --- | --- | +| 1 | ONGOING | Enabling AC on a SMAX tenant on EU28 | Email thread: "Automation Center on SMAX farms", [Adina Lehene](https://confluence.opentext.com/display/~alehene) | CLOUD OPS | | [Vunnava Tanujaraja](https://confluence.opentext.com/display/~tvunnava) | | +| 2 | | | | | | | | diff --git a/knowledgebase/csd-wiki/ICSD/Cambly-English-Training_706823155.md b/knowledgebase/csd-wiki/ICSD/Cambly-English-Training_706823155.md new file mode 100644 index 00000000..758fc613 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/Cambly-English-Training_706823155.md @@ -0,0 +1,22 @@ +# Cambly-English-Training_706823155 +1. [ITOM Cloud Service Delivery](index.html) +2. [ITOM Cloud Service Delivery](ITOM-Cloud-Service-Delivery_681555087.html) +3. [💠6 - Training Materials](686070469.html) +4. [Newbie training](Newbie-training_686070534.html) +5. [How to request for reimbursement of Education Allowance](How-to-request-for-reimbursement-of-Education-Allowance_686070542.html) + +Created by on Jun 11, 2025 EDT + +![](attachments/706823155/706823154.png) + +![](attachments/706823155/706823150.png) + +## Attachments: + +[image-2025-6-11\_15-50-45.png](attachments/706823155/706823150.png) (image/png) +[image-2025-6-11\_15-51-13.png](attachments/706823155/706823152.png) (image/png) +[image-2025-6-11\_15-51-35.png](attachments/706823155/706823154.png) (image/png) + +Document generated by Confluence on Sep 15, 2025 22:27 EDT + +[Atlassian](https://www.atlassian.com/) diff --git a/knowledgebase/csd-wiki/ICSD/Change-Management_686070198.md b/knowledgebase/csd-wiki/ICSD/Change-Management_686070198.md new file mode 100644 index 00000000..1beb8958 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/Change-Management_686070198.md @@ -0,0 +1,2 @@ +# Change-Management_686070198 +Created by on Jan 20, 2025 EST diff --git a/knowledgebase/csd-wiki/ICSD/Change-TimeWindow-Interval-via-JMX-or-configmap_686074596.md b/knowledgebase/csd-wiki/ICSD/Change-TimeWindow-Interval-via-JMX-or-configmap_686074596.md new file mode 100644 index 00000000..eeb4601a --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/Change-TimeWindow-Interval-via-JMX-or-configmap_686074596.md @@ -0,0 +1,56 @@ +# Change-TimeWindow-Interval-via-JMX-or-configmap_686074596 +## Introduction + +With Native SACM enabled, the system collects GraphQL queries from different threads at the TimeWindow interval to generate a batch query for cms-gateway. The default interval of TimeWindow is 100 ms, and you can change it to a larger value via JMX or configmap. A larger interval allows the system to collect more queries in the batch query, but it also causes a side effect that it takes a longer time to finish the processing of a single CI. + +## Procedure + +You can use either JMX or configmap to achieve this. + +## Using JMX + +For versions earlier than 23.4.P2, you can change the TimeWindow interval via JMX. To do this, follow these steps: + +1. Make sure JDK 8 is installed. +2. Download the JMX widget from [https://github.com/jiaqi/jmxterm/releases/download/v1.0.2/jmxterm-1.0.2-uber.jar](https://github.com/jiaqi/jmxterm/releases/download/v1.0.2/jmxterm-1.0.2-uber.jar "https://github.com/jiaqi/jmxterm/releases/download/v1.0.2/jmxterm-1.0.2-uber.jar") to a directory on the bastion node. +3. Copy the [changeTWInterval.sh](attachments/686074596/686074599.sh) shell script to the same directory that stores jmxterm-1.0.2-uber.jar. +4. Run the “sh changeTWInterval.sh” command to set the interval to 500 ms. Or, change the interval to another value (for example, 600) with “sh changeTWInterval.sh 600”. + +**Note: This method doesn't need a pod restart, however, when a pod restart does take place, the change will be rolled back.** **The Cloud Ops team needs to take care of this.** + +## Using configmap + +For version 24.1 and 24.2, you can change the OOTB value of GraphqlTimeWindow by modifying the configmap and deployment. + +For 24.1, follow these steps: + +1. Run the following command on the control plane node to create a configmap key: + ``` + kubectl patch configmap itom-xruntime-infra-config --patch '{"data": {"CMSX_TIME_WINDOW_TIME_INTERVAL": ""}}' -n + ``` + **Note:** Replace ** and ** with the expected time interval (ms) and the suite namespace. The minimum value of CMSX\_TIME\_WINDOW\_TIME\_INTERVAL is 100 and the maximum value is 60000000 (1 hour). If you set a value larger than this, 60000000 would be used as this interval. A suitable ***Interval*** improves the performance. For example, setting it to 200 increases the number of query batches. +2. Run the following command on the control plane node to add an environment variable in the lookup container for the platform offline deployment: + ``` + kubectl patch deployment itom-xruntime-platform-offline -n --patch '{"spec": {"template": {"spec": {"initContainers": [{"name": "lookup-install","env": [{"name":"CMSX_TIME_WINDOW_TIME_INTERVAL", "valueFrom":{"configMapKeyRef":{"name":"itom-xruntime-infra-config", "key": "CMSX_TIME_WINDOW_TIME_INTERVAL", "optional": true}}}]}]}}}}' + ``` + **Note:** Replace ****** with the actual suite namespace. +3. If the platform offline pod doesn't restart automatically, manually restart it by running the following command on the control plane node: + ``` + kubectl rollout restart deployment itom-xruntime-platform-offline -n + ``` + **Note:** Replace ****** with the actual suite namespace. + +For 24.2, follow these steps: + +1. Run the following command on the control plane node to change a configmap key: + ``` + kubectl patch configmap itom-xruntime-infra-config --patch '{"data": {"CMSX_TIME_WINDOW_TIME_INTERVAL": ""}}' -n + ``` + **Note:** Replace ** and ** with the expected time interval (ms) and the suite namespace. The minimum value of CMSX\_TIME\_WINDOW\_TIME\_INTERVAL is 100 and the maximum value is 60000000 (1 hour). If you set a value larger than this, 60000000 would be used as this interval. A suitable ***Interval*** improves the performance. For example, setting it to 200 increases the number of query batches. +2. Manually restart the platform offline pod by running the following command on the control plane node: + ``` + kubectl rollout restart deployment itom-xruntime-platform-offline -n + ``` + **Note:** Replace ****** with the actual suite namespace. + +**Note: This method needs a pod restart and the changes will be saved.** diff --git a/knowledgebase/csd-wiki/ICSD/Change-tenant-setting-to-off-to-disbale-contains-search-for-entity-picker_688983279.md b/knowledgebase/csd-wiki/ICSD/Change-tenant-setting-to-off-to-disbale-contains-search-for-entity-picker_688983279.md new file mode 100644 index 00000000..a8f86276 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/Change-tenant-setting-to-off-to-disbale-contains-search-for-entity-picker_688983279.md @@ -0,0 +1,15 @@ +# Change-tenant-setting-to-off-to-disbale-contains-search-for-entity-picker_688983279 +## Introduction + +It is for customer testing the behavior when the tenant settings " **Enable the “Contains” search for entity pickers and text filters** " is off. When set to On, the “Contains” search will be the default setting for dropdown lists of entity links/Many2Many associations, text filters in grids/reports, and the "Find" widget for filtering the People/Groups list. When set to Off, the “Starts with” search will be used by default. + +## Steps + +1. Login to https:///saw/admin/tenantSettings?TENANTID= +2. Find the toggle " **Enable the “Contains” search for entity pickers and text filters** " +3. Set it to off and save. + +## Test Setps + +1. Refresh page https:///saw/Requests?TENANTID= to make sure the latest tenant settings have been loaded. +2. Click new button and select the Offering then input 2 characters like "ウェ" to the search box then you should not see the message " **Please enter at least 3 characters to start the "Contains" search** ". diff --git a/knowledgebase/csd-wiki/ICSD/Change-the-OO-customer-managed-key-for-EFS-file-system-and-RDS_688982917.md b/knowledgebase/csd-wiki/ICSD/Change-the-OO-customer-managed-key-for-EFS-file-system-and-RDS_688982917.md new file mode 100644 index 00000000..9058a6dd --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/Change-the-OO-customer-managed-key-for-EFS-file-system-and-RDS_688982917.md @@ -0,0 +1,150 @@ +# Change-the-OO-customer-managed-key-for-EFS-file-system-and-RDS_688982917 +### Note: This wiki is only used for OO + +### Prerequisite + +1. Create 2 KMS customer-managed keys, one for EFS, and the other one for RDS. + > Please refer to [https://docs.aws.amazon.com/kms/latest/developerguide/create-symmetric-cmk.html](https://docs.aws.amazon.com/kms/latest/developerguide/create-symmetric-cmk.html) + > + > 1. Sign in to the AWS Management Console and open the AWS Key Management Service (AWS KMS) console at [https://console.aws.amazon.com/kms](https://console.aws.amazon.com/kms). + > 2. To change the AWS Region, use the Region selector in the upper-right corner of the page. + > 3. In the navigation pane, choose **Customer managed keys**. + > 4. Choose **Create key**. + > 5. To create a symmetric encryption KMS key, for **Key type** choose **Symmetric**. + > 6. In **Key usage**, the **Encrypt and decrypt** option is selected for you. + > 7. In **Advanced options,** you can import key material from you key management infratructure into AWS KMS. In **Regionality,** please choose **Multi-Region key. [https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys-conceptual.html](https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys-conceptual.html)** + > 8. Choose **Next**. + > 9. Type an alias for the KMS key,like "saas-efs-key". The alias name cannot begin with `aws/`. The `aws/` prefix is reserved by Amazon Web Services to represent AWS managed keys in your account. + > + > Repeat the above steps to create a key for rds, like "saas-rds-key". + 2. Create the EFS replication + > Please refer to [https://docs.aws.amazon.com/efs/latest/ug/create-replication.html#create-replication-new](https://docs.aws.amazon.com/efs/latest/ug/create-replication.html#create-replication-new) + > + > ![](attachments/688982917/688982914.png) + > + > 1. Sign in to the AWS Management Console and open the Amazon EFS console at [https://console.aws.amazon.com/efs/](https://console.aws.amazon.com/efs/). + > 2. Open the file system that you want to replicate: + > 1. In the left navigation pane, choose **File systems**. + > 2. In the **File systems** list, choose the file system that you want to replicate. The file system that you choose cannot be a source or destination file system in an existing replication configuration. + > 3. Choose the **Replication** tab. + > 4. In the **Replication** section, choose **Create replication**. + > 5. In the **Replication settings** section, define the replication settings: + > 1. For **Replication configuration**, choose **Replicate to a new file system**. + > 2. For **Destination AWS Region**, choose the AWS Region in which to replicate the file system. + > 6. In the **Destination file system settings** section, define the destination file system settings. + > 1. For **File system type**, choose choose **Regional**. + > 2. For **Encryption**,choose the KMS key like "saas-efs-key". + 3. Mount the destination file system:[https://docs.aws.amazon.com/efs/latest/ug/accessing-fs.html](https://docs.aws.amazon.com/efs/latest/ug/accessing-fs.html). + 1. Sign in to the AWS Management Console and open the Amazon EFS console at [https://console.aws.amazon.com/efs/](https://console.aws.amazon.com/efs/). + 2. In the left navigation pane, choose **File systems**. The **File systems** page displays the EFS file systems in your account. + 3. Choose the file system that you want to manage mount targets for by choosing its **Name** or the **File system ID** to display the file system details page. + 4. Choose **Network,** click **Create mount target.** + 5. In **Network**, select your VPC. + 6. In **Mount targets**, select the private subnet id and the EFS Security groups one by on + 4. Deploy the Amazon EFS CSI driver to your Amazon EKS cluster. [https://docs.aws.amazon.com/eks/latest/userguide/efs-csi.html](https://docs.aws.amazon.com/eks/latest/userguide/efs-csi.html) +1. Configure the bastion node. If you already have a bastion node, skip this step. + ```shell + # Access to the bastion node. such as 'i-0da6195baed41d3d8'. + # Optional. Make the EC2 as a real bastion node. You have to install OMT capabilities named 'Tools'. + ./install --capabilities ClusterManagement=false,DeploymentManagement=false,LogCollection=false,Monitoring=false,MonitoringContent=false,NfsProvisioner=false,Tools=true,K8sBackup=false + source ~/.bashrc + # Make sure $CDF_HOME printing '/root/cdf'. + echo $CDF_HOME + # Install binary kubectl. + curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" + chmod +x kubectl + cp kubectl /usr/bin/ + # update kubeconfig + export AWS_ACCESS_KEY_ID= xxx + export AWS_SECRET_ACCESS_KEY= xxx + export AWS_SESSION_TOKEN= xxx + export AWS_DEFAULT_REGION="us-west-2" + curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" + unzip awscliv2.zip + sudo ./aws/install --update + export PATH=/usr/local/bin:$PATH + aws sts get-caller-identity + aws eks update-kubeconfig --name encrypt-0-cluster + # Verify that we can access to the k8s cluster. + kubectl get ns + # Download OMT_External_K8s_24.4-270.zip on the bastion node. + wget https://orgartifactory.swinfra.net/artifactory/itom-buildoutput/cdf-daily-build/24.4-byok/OMT_External_K8s_24.4-270.zip + unzip 24.4-byok/OMT_External_K8s_24.4-270.zip + ``` + +### Maintain Window + +1. On the bastion node, run the following command to stop OO. ( SMAX can either be stopped or running ) + ```shell + cd ${CDF_HOME}/scripts + ./cdfctl.sh runlevel set -l DOWN -n ${OO_NAMESPACE} + # Make sure there is no Running pods under the namespaces. + ``` +2. Create a DB snapshot + > Please refer to [https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER\_ManagingManualBackups.html](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_ManagingManualBackups.html) + > + > ![](attachments/688982917/688982915.png) +3. Copy the DB snapshot (from step 2) for Amazon RDS + > Please refer to [https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER\_CopySnapshot.html](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_CopySnapshot.html) + > + > **Master key: select your created customer key for RDS** +4. Rename the source DB instance to a new one. Please refer to [https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER\_RenameInstance.html](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_RenameInstance.html) +5. Restore to a new DB instance using the same instance name as source DB + > Please refer to [https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER\_RestoreFromSnapshot.html](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_RestoreFromSnapshot.html) + > + > **Make sure that only the kms key is diffent, other configurations are the same. For example, option group,size, multi az and so on.** +6. Ensure all the data has been synced from the source EFS to the target EFS. Then delete the EFS Replication. + 1. Create a marker file on the source EFS. + 2. Wait for the marker file to appear on the target EFS. + 3. Delete the EFS Replication. +7. Recreate PVs and PVCs using the new EFS + ```shell + # Recreate PV according to yaml files generated during Prerequisite + # Make sure there is no Running pods under the namespaces. # get modifyEFS.sh script, please check attachment. + chmod +x modifyEFS + .sh./modifyEFS.sh --help # to get all the available options for this script + # The result will look like this: + #Options: + # modify Change the EFS ID and recreate PersistentVolumes (PV) and PersistentVolumeClaims (PVC). + # restore Restore the PersistentVolumes (PV) and PersistentVolumeClaims (PVC) from backups. + #Examples: + # ./modifyEFS.sh modify + # ./modifyEFS.sh restore + ./modifyEFS.sh modify# Once you run this, a menu will appear for all the required values to be filled in#for example:Please enter the namespace: oo-helmPlease enter the new EFS name/id: fs-07a0b7d3308a0dbdf + ``` + [modifyEFS.sh](attachments/688982917/688982913.sh) + +Running this script will do the following: + +1. 1. stop the OO pods ( if running ) + 2. recreate PVs and PVCs with the new EFS id/DNS name + Note + If the current env is **NOT** encrypted in transit (NOT using the csi driver) then, for "new efs id" please insert the DNS name (like: [fs-06d7d8ae861f5xxxx.efs.us-west-2.amazonaws.com](http://fs-06d7d8ae861f5xxxx.efs.us-west-2.amazonaws.com/)) + If the current env **IS** encrypted in transit (using the csi driver) then, for "new efs id" please insert only the EFS ID (like: fs-06d7d8ae861f5xxxx) + 3. start the OO pods + +The script returns these messages upon completion: + +\[INFO\] OO started successfully with the original replica counts. + +\[INFO\] EFS has been modified successfully. + +8\. Verify the k8s cluster is running. + +1. 1. Check all the pods are in a Running state. + ```shell + kubectl get pods -n ${OO_NAMESPACE} + ``` + 2. Login to SMAX and access OO through the portal. + +9\. Modify all the ec2 instances/bastion mounts(/etc/fstab) which mount source EFS to the new one ( if not already done as part of SMAX PV/PVC recreation ) + +10\. Wait a couple of days to make sure that the transition to customer managed key is working smoothly, and then delete AWS old EFS and old RDS. + +### Rollback + +If you meet any issues during step '7. Recreate PVs and PVCs using the new EFS', you can rollback to the original EFS. + +1. ```shell + ./modifyEFS.sh restore + ``` diff --git a/knowledgebase/csd-wiki/ICSD/Check-existing-DB-indices-on-globalid-for-Native-SACM-per-farm-and-add-missing-condition-to-ensure-the-indices-can-properly-work_688983295.md b/knowledgebase/csd-wiki/ICSD/Check-existing-DB-indices-on-globalid-for-Native-SACM-per-farm-and-add-missing-condition-to-ensure-the-indices-can-properly-work_688983295.md new file mode 100644 index 00000000..f9ca9fc8 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/Check-existing-DB-indices-on-globalid-for-Native-SACM-per-farm-and-add-missing-condition-to-ensure-the-indices-can-properly-work_688983295.md @@ -0,0 +1,34 @@ +# Check-existing-DB-indices-on-globalid-for-Native-SACM-per-farm-and-add-missing-condition-to-ensure-the-indices-can-properly-work_688983295 +## Background + +The Native SACM feature will cause tons of the following SQL **when CMS notification load is heavy**: + +``` +SELECT SystemElement.entity_id AS "Id", SystemElement.schar0 AS "DisplayLabel", CAST(SystemElement.ssmallint0 AS SMALLINT ) AS "SubType", SystemElement.schar4 AS "GlobalId", SystemElement.data_domains AS "DataDomains", CAST(SystemElement.sint1 AS INTEGER) AS "BitPosition", CAST(SystemElement.sint2 AS INTEGER) AS "BitmapId", SystemElement.last_update_time AS "LastUpdateTime" FROM entities_xxxxxxxxx SystemElement WHERE ( (upper(SystemElement.schar4) = upper($1)) AND SystemElement.is_deleted = $2 ) AND SystemElement.entity_type_id = $3 ORDER BY SystemElement.entity_id ASC LIMIT $4 +``` + +Due to historical reasons, some existing DB indices on globalid were created without the accurate condition ("is\_deleted=false") for the four Native SACM entities (Device, Actual Service, Service Component, and System Element), **similar SQLs including the above one will cause high CPU load on the DB server**. + +## Reason + +Due to historical reasons, the index on some old tenants doesn't have “is\_deleted=false” in the WHERE condition. On some newer tenants, the index's WHERE condition is fine. + +## Solution + +If the index is not created as expected, we would drop them and create the new ones. Please run the following steps for the whole farm. + +1. Get the create INDEX SQLs by running the following SQL. If you get empty result, then you can ignore the next steps. If not, keep the CREATE INDEX SQLs, but don’t run the CREATE INDEX SQL at this step. + ``` + select indexdef||' AND is_deleted = false;'from pg_indexes where INDEXDEF LIKE '%WHERE%' AND indexdef not like '%WHERE%is_deleted%' AND tablename like 'entitie%' AND indexname like '%upper%globalid%'; + ``` +2. Get the ANALYZE SQLs. + ``` + select 'ANALYZE '||tablename||';' from pg_indexes where INDEXDEF LIKE '%WHERE%' AND indexdef not like '%WHERE%is_deleted%' AND tablename like 'entitie%' AND indexname like '%upper%device_globalid%'; + ``` +3. Run the following SQL to generate the DROP indexes SQL. + ``` + select 'DROP INDEX '||indexname||';'from pg_indexes where INDEXDEF LIKE '%WHERE%' AND indexdef not like '%WHERE%is_deleted%' AND tablename like 'entitie%' and indexname like '%upper%globalid%'; + ``` +4. Run the DROP INDEX SQLs you get from step3. +5. Run the CREATE INDEX SQLs you get from step1. +6. Run the ANALYZE TABLE SQLs you get from step2. diff --git a/knowledgebase/csd-wiki/ICSD/Check-isolated-tenants-per-farm_686073691.md b/knowledgebase/csd-wiki/ICSD/Check-isolated-tenants-per-farm_686073691.md new file mode 100644 index 00000000..ef002c0f --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/Check-isolated-tenants-per-farm_686073691.md @@ -0,0 +1,24 @@ +# Check-isolated-tenants-per-farm_686073691 +## Introduction + +This document is to introduce how to use Jenkins job to check isolated tenants per farm before upgrade. + +## Use Jenkins job to check isolated tenants + +1. Open Jenkins job. [https://saas-ops.itsma-ng.net/job/ESM-SaaS-Check-Isolated-Tenants/](https://saas-ops.itsma-ng.net/job/ESM-SaaS-Check-Isolated-Tenants/) + + ![](attachments/686073691/686073675.png) +2. Click "Build with Parameters", choose "farm\_name" and Click "Build" +3. After the job is completed,check job's status. + 1. If job is green(Success),it means that there is no isolated tenants on this farm. Open the build, and Click "Console Output", at the end of the output, it looks like this. + ![](attachments/686073691/686073676.png) + 2. If job is red(Failed),it means that there is isolated tenants on this farm. Open the build, and Click "Console Output", scroll down to the ending of the output, check the detailed check results. + The job checks SMAX tenant status firstly, if some tenant's status isn't ACTIVE or INACTIVE, the SMAX check result will show tenant ID like below. + ![](attachments/686073691/686073679.png) ![](attachments/686073691/686073681.png) + +## Attachments: + +[image2023-11-14\_16-41-3.png](attachments/686073691/686073675.png) (image/png) +[image2023-11-14\_16-52-26.png](attachments/686073691/686073676.png) (image/png) +[image2023-11-14\_16-55-32.png](attachments/686073691/686073679.png) (image/png) +[image2023-11-14\_16-57-24.png](attachments/686073691/686073681.png) (image/png) diff --git a/knowledgebase/csd-wiki/ICSD/Clean-up-CMS-log-files_686073699.md b/knowledgebase/csd-wiki/ICSD/Clean-up-CMS-log-files_686073699.md new file mode 100644 index 00000000..e7978d05 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/Clean-up-CMS-log-files_686073699.md @@ -0,0 +1,33 @@ +# Clean-up-CMS-log-files_686073699 +You may find that the size of logs on your file storage, especially the folder, keeps growing. For example, the size of the folder may reach 120 GB after CMS has been running for a few months. To reduce the log size, you can safely remove or archive old log files in the log folders while the CMS is running. + +### How to delete log files from a log folder + +You can delete log files that are older than certain days ( for example, 60 days) from your file storage. To do this, run the following command on the file storage server: + +nohup find {log folder} -type f -atime +{day} -mtime +{day} -ctime +{day} -exec stat '{}' \\+, -type f -atime +{day} -mtime +{day} -ctime +{day} -exec rm -f '{}' \\+ > {output.log} & + +Where: + +- {log folder}: is the folder from which you want to delete the log files that meet the specified condition +- {day}: specify the same value (in days) for the atime, mtime, and ctime parameters: + - **mtime**: modification time, the time when the file was last modified. When the content of a file changes, its mtime changes. + - **ctime**: change time, the time when the file's property changes. It always changes when the mtime changes, and also changes when the file's permissions, name or location changes. + - **atime**: access time, which is updated when the file is read by an application or a command such as grep or cat +- {output.log} is the log file to which you want to write the output log message + +Log folders to clean up + +Normally, you only need to clean up the following log folders on the NFS server: + +| **Log folder** | **Example 1** | **Example 2** | **Note** | +| --- | --- | --- | --- | +| /logs | /var/vols/itom/cms/log\_volume | /mnt/cms/var/vols/itom/cms/log\_volume | is the CMS log NFS volume | + +The following example commands will delete all the files in the specified folders when all of their atime, mtime, and ctime values are older than 60 days. + +**nohup find /mnt/cms/var/vols/itom/cms/log\_volume -type f -atime +60 -mtime +60 -ctime +60 -exec stat '{}' \\+, -type f -atime +60 -mtime +60 -ctime +60 -exec rm -f '{}' \\+ > /tmp/cleanupCMS.log &** + +Note:if you meet 'permission deny' error when running the command, you can add sudo: + +**nohup find /mnt/cms/var/vols/itom/cms/log\_volume -type f -atime +60 -mtime +60 -ctime +60 -exec stat '{}' \\+, -type f -atime +60 -mtime +60 -ctime +60 -exec sudo rm -f '{}' \\+ > /tmp/cleanupCMS.log &** diff --git a/knowledgebase/csd-wiki/ICSD/Cloud-Change-Management-Process_686087713.md b/knowledgebase/csd-wiki/ICSD/Cloud-Change-Management-Process_686087713.md new file mode 100644 index 00000000..74f77661 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/Cloud-Change-Management-Process_686087713.md @@ -0,0 +1,79 @@ +# Cloud-Change-Management-Process_686087713 +## Introduction + +This document describes how to manage changes in an Opentext Cloud environment. + +## Change Type + +### Planned Change + +Change is defined as anything - hardware, software, system components, services or processes that is deliberately introduced into the production environment and which may affect a service level agreement (SLA) or otherwise affect the functioning of the environment or one of its components. + + +Changes may be required for many reasons, including, but not limited to: + +- User requests +- Vendor recommended/required changes +- Changes in regulations +- Hardware and/or software upgrades +- Hardware or software failures +- Changes or modifications to the infrastructure +- Unforeseen events +- Periodic Changes + +All changes falling under this definition should be governed by a change management policy, and implemented by a change management methodology and change management process. + +Planned Changes will be scheduled at least two (2) weeks in advance when Customer action is required, or at least four (4) days in advance otherwise. + +### Emergency Changes + +Critical change to prevent service functionality or availability. + +Emergency Changes require approval of Cloud Delivery Manager, TO Manager or CS Manager. + +Emergency Change will be scheduled at least one (1) day in advance unless it is critical to resolve a major incident immediately. + +## Customer Notification + +Opentext Cloud Service will use a centralized notification system to deliver proactive communications about service changes, outages, and scheduled maintenance. +Details can be found on the relevant Service Health portal for your service which includes: + +- Current availability of the SMAX environment that their tenants are part of +- Details of any upcoming planned maintenance +- Outage reports for any incidents that have been identified by our support teams +- Historical SLO data + +For example: [https://smax-health.saas.microfocus.com/](https://smax-health.saas.microfocus.com/) + +## Change Approval + +![](attachments/686087713/686087714.png) + +## Change Record + +For any changes, need to submit change record in the [Essentials](https://essentials.saas.microfocus.com/itg/dashboard/app/portal/PageView.jsp) system. + +For details, please refer to document How to submit Change Record in Essentials System. + +## CAB Review + +### No CAB Required + +Such change will not be discussed in the CAB meeting. List of changes that are mostly routine and were pre approved by an executive. +The likelihood of those changes to disrupt service is very slim and those changes are executed frequently. +e.g.: + +- Monthly Patch Upgrade +- Routine EKS upgrade +- etc. + +### CAB Required: + +All non exempt changes, mostly changes that will occur during maintenance window, and involves more than one executer. + +e.g.: + +- Product major version upgrade +- AWS Infrastructure Change +- Landing zone migration +- etc. diff --git a/knowledgebase/csd-wiki/ICSD/Collect-customer-owned-SMAX-OPB-Agent-information-and-check-status_686073768.md b/knowledgebase/csd-wiki/ICSD/Collect-customer-owned-SMAX-OPB-Agent-information-and-check-status_686073768.md new file mode 100644 index 00000000..a9762cf2 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/Collect-customer-owned-SMAX-OPB-Agent-information-and-check-status_686073768.md @@ -0,0 +1,45 @@ +# Collect-customer-owned-SMAX-OPB-Agent-information-and-check-status_686073768 +## Introduction + +This document describes how to utilize an existing automation job to gather information and current status of all user-configured SMAX OPB agents on an ESM farm. + +## Collect SaaS Farm SMAX OPB agent status + +- Login to [ESM SaaS Operation Automation System (Jenkins)](https://saas-ops.itsma-ng.net/) +- Click " [ESM-SaaS-SMAX-OPB-Agent-Info-Collection](https://saas-ops.itsma-ng.net/job/ESM-SaaS-SMAX-OPB-Agent-Info-Collection/) " job +- Click "Build Now" to trigger the job, this job will start to collect all SaaS customer's OPB agent status for each farm + +![](attachments/686073768/686073717.png) + +- Once the job finished, an email will be sent to Cloud DevOps PDL **** with the attachement of OPB agent status report + +![](attachments/686073768/686073718.png) + +## Check SMAX OPB agent status report + +- Extract the zip file, you will find the report file "smax\_opb\_agents.csv" +- Check the report you will get following information: + - OPB agent belongs to the customer farm, tenant id + - OPB agent name + - OPB agent ID + - OPB agent version + - OPB agent last seen timestamp + - OPB agent status + +## How to use this report + +- We can use this report to check the status of the OPB agent in the early and late stages of the farm upgrade to determine whether the OPB agent is automatically upgraded successfully. +- A successful upgrade of the OPB agent is marked by the version number being updated to the latest, the **last seen timestamp** being updated to the most recent time, and the status being ready. + +## Check SMAX OPB Agent Status in BI Report + +[https://app.powerbi.com/groups/fac06a69-6340-4715-b8fe-4bdc0ca9af14/reports/cf509ffe-325f-4c1b-a507-44b93e6d85ca/ReportSection79d51b9702cdd9e9f366?experience=power-bi](https://app.powerbi.com/groups/fac06a69-6340-4715-b8fe-4bdc0ca9af14/reports/cf509ffe-325f-4c1b-a507-44b93e6d85ca/ReportSection79d51b9702cdd9e9f366?experience=power-bi) + +![](attachments/686073768/686073721.png) + +## Attachments: + +[downloadyWfgg054641.zip](attachments/686073768/686073714.zip) (application/zip) +[image2023-11-3\_13-50-29.png](attachments/686073768/686073717.png) (image/png) +[image2023-11-3\_13-55-27.png](attachments/686073768/686073718.png) (image/png) +[image2023-11-3\_13-58-44.png](attachments/686073768/686073721.png) (image/png) diff --git a/knowledgebase/csd-wiki/ICSD/Configuration-Management_686074098.md b/knowledgebase/csd-wiki/ICSD/Configuration-Management_686074098.md new file mode 100644 index 00000000..9cf1afb3 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/Configuration-Management_686074098.md @@ -0,0 +1,2 @@ +# Configuration-Management_686074098 +Created by on Jan 21, 2025 EST diff --git a/knowledgebase/csd-wiki/ICSD/Configure-Nginx-through-network-load-balancer_688996474.md b/knowledgebase/csd-wiki/ICSD/Configure-Nginx-through-network-load-balancer_688996474.md new file mode 100644 index 00000000..5e7cdbcb --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/Configure-Nginx-through-network-load-balancer_688996474.md @@ -0,0 +1,275 @@ +# Configure-Nginx-through-network-load-balancer_688996474 +## Create customer managed SMAX/CMS/OO FQDNs and corresponding certificates + +Note + +**Please follow the SaaS Ops procedure to work with the customer to create the customer-managed FQDNs and generate publicly signed certificates.** + +Typically for each customer tenant a set of 3 FQDNs will be required, which need to be DNS-mapped (CNAME) to 3 intermediate FQDNs (managed by SaaS), such as (just an example): + +| DNS name (customer) | CNAME (SaaS-managed) | Certificate/key | +| --- | --- | --- | +| [smax.esm-api.acme.com](http://smax.esm-api.acme.com/) | smax.api..[esm-saas.com](http://esm-saas.com/) | smax-acme.crt, smax-acme.key | +| [cms.esm-api.acme.com](http://cms.esm-api.acme.com/) | cms.api..[esm-saas.com](http://esm-saas.com/) | cms-acme.crt, cms-acme.key | +| [oo.esm-api.acme.com](http://oo.esm-api.acme.com/) | oo.api..[esm-saas.com](http://esm-saas.com/) | oo-acme.crt, oo-acme.key | + +The 3 CNAMEs will need to be created under the [esm-saas.com](http://esm-saas.com/) domain (managed under Route53 by SaaS team) and provided to the customer for DNS mapping. As a convention, the is the ID of the Customer entity in PCS for that particular customer. + +If a customer has multiple tenants that need to be enabled for zero trust, use a prefix for the DNS name. For example for a test tenant: + +| DNS name (customer) | CNAME (SaaS-managed) | Certificate/key | +| --- | --- | --- | +| [tst.smax.esm-api.acme.com](http://tst.smax.esm-api.acme.com/) | tst.smax.api..[esm-saas.com](http://esm-saas.com/) | tst-smax-acme.crt, tst-smax-acme.key | +| [tst.cms.esm-api.acme.com](http://tst.cms.esm-api.acme.com/) | tst.cms.api..[esm-saas.com](http://esm-saas.com/) | tst-cms-acme.crt, tst-cms-acme.key | +| [tst.oo.esm-api.acme.com](http://tst.oo.esm-api.acme.com/) | tst.oo.api..[esm-saas.com](http://esm-saas.com/) | tst-oo-acme.crt, tst-oo-acme.key | + +The customer will also need to provide the SaaS team with publicly signed certificates for their FQDNs - these will be required by nginx as described below. + +Note + +Public certificates have to be generated by the customer. We cannot use AWS-generated certificates in this case. + +## Create and configure Nginx service machine + +You'll need to create two Nginx service machines to achieve high availability. This section provides detailed steps on how to create and configure the Nginx service machines. + +### Create and Deploy EC2 instance + +1. Sign in to AWS, and then navigate to **EC2 >** **Instance**. +2. Click **Launch instances** in the right corner. +3. Enter a name. For example, `nginx-1`. +4. For Application and OS Images (Amazon Machine Image), choose an Amazon Machine Image (CCOE AMI for SaaS Operation), and then select the **64-bit(x86)** Architecture. See [Nginx on AWS](https://docs.nginx.com/nginx/deployment-guides/amazon-web-services/ec2-instances-for-nginx/) for more information. +5. Select **t3.medium** as the Instance type. +6. In Name and tags section at top of page enter tags necessary for SaaS deployment. Copy the tags similar to another instance in the same farm. **If you don't do this the deployment will fail.** +7. Select one key pair name in the **Key pair** section. +8. For Network settings, click the **Edit** button + - Select the **existing VPC** of current farm where smax/cms/oo are running, and select one **existing private subnet**. + - Select **Disable** for the Auto-assign public IP filed. + - Select **Create security group** and then enter a name and description. + - For Inbound Security Group Rules, add **SSH** and **HTTPS** rules. + Note + Set the source type of the **HTTPS** rule to the security group of the NLB created below (you will have to come back here to add this rule after you create the NLB and its security group). + Set the source type of the **SSH** rule to the bastion security group to limit SSH access to nginx server from the bastion node only. +9. Set the **Configure storage section** to **100 GiB gp3**. +10. Click the **Launch instance** button. + +### Install Nginx service + +1. Use SSH to access the nginx server machine from the resource defined in the above SSH rule. +2. Install the Nginx service by running the following command. + ``` + sudo yum -y install nginx + ``` + +### Configure the nginx.conf file + +1. Go to nginx configuration file folder via running `cd /etc/nginx` command. Back up the original `nginx.conf` file +2. Create a `/etc/nginx/ssl ` folder and copy the customer-issued public certificates and keys into it +3. Create a file `albCA.crt` in `/etc/nginx/ssl ` containing the root CA and any intermediate CAs used to sign the SaaS farm certificate on ALB (e.g. `eu18-smax.saas.microfocus.com`) +4. Run the following command to modify the `nginx.conf` file. + ``` + sudo vim nginx.conf + ``` +5. Edit the file as below. + ``` + user nginx; + worker_processes auto; + error_log /var/log/nginx/error.log notice; + pid /run/nginx.pid; + # Load dynamic modules. See /usr/share/doc/nginx/README.dynamic. + include /usr/share/nginx/modules/*.conf; + events { + worker_connections 1024; + } + http { + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + access_log /var/log/nginx/access.log main; + sendfile on; + tcp_nopush on; + keepalive_timeout 60; + types_hash_max_size 4096; + client_body_timeout 60s; # maximum time for reading the body of a client request. This value can be set globally or in each server. You may use the same value as customer's client request body timeout; + client_max_body_size 50m; # maximum allowed size of the client request body. This value can be set globally or in each server. You may use the same value as customer's client request body size; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + underscores_in_headers on; + include /etc/nginx/mime.types; + default_type application/octet-stream; + # Load modular configuration files from the /etc/nginx/conf.d directory. + # See http://nginx.org/en/docs/ngx_core_module.html#include + # for more information. + include /etc/nginx/conf.d/*.conf; + # Used to resolve DNS name of the proxy_pass server + # 169.254.169.253 is the well known DNS server in AWS VPC + resolver 169.254.169.253; + # Repeat the 3 server sections below for each tenant that has zero trust enabled. + # For each tenant/product combination, set the proper server_name, ssl_certificate and ssl_certificate_key + server { + listen 443 ssl; # listen on port 443 and enable SSL/TLS secure connections, 443 is an example, you may use other port; + server_name smax.esm-api.acme.com; # specify the server name, the value should be SMAX FQDN allocated for the customer, for example smax.esm-api.acme.com; + ssl_certificate ssl/smax-acme.crt; # the location of the server certificate generated for the server specified in server_name; + ssl_certificate_key ssl/smax-acme.key; # the location of the private key of the generated for the server specified in server_name; + + client_body_timeout 60s; # maximum time for reading the body of a client request sent to SMAX + client_max_body_size 50m; # maximum allowed size of the client request body sent to SMAX + + ssl_session_cache shared:SSL:1m; + ssl_session_timeout 5m; + ssl_ciphers 'TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256:TLS_AES_128_CCM_8_SHA256:TLS_AES_128_CCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384'; + ssl_prefer_server_ciphers on; + location / { + set $backend_server eu18-smax.saas.microfocus.com; # The SMAX FQDN of current farm, take eu18 as an example + proxy_pass https://$backend_server; # Use a variable so that DNS lookup is forced every time + proxy_set_header Host $backend_server; # Sets the request header Host to the specified backend server + proxy_ssl_verify on; # Enable SSL authentication for proxy requests + proxy_ssl_trusted_certificate ssl/albCA.crt; # Specifies the location of CA certificate from which the proxy requests SSL security authentication, in this case, the CA cert of SMAX application load balancer. + } + } + server { + listen 443 ssl; # listen on port 443 and enable SSL/TLS secure connections, 443 is an example, you may use other port + server_name cms.esm-api.acme.com; # specify the server name, the value should be CMS FQDN allocated for the customer, for example cms.esm-api.acme.com; + ssl_certificate ssl/cms-acme.crt; # the location of the server certificate generated for the server specified in server_name + ssl_certificate_key ssl/cms-acme.key; # the location of server key generated for the server specified in server_name + client_body_timeout 60s; # maximum time for reading the body of a client request sent to CMS + client_max_body_size 50m; # maximum allowed size of the client request body sent to CMS + ssl_session_cache shared:SSL:1m; + ssl_session_timeout 5m; + ssl_ciphers 'TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256:TLS_AES_128_CCM_8_SHA256:TLS_AES_128_CCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384'; + ssl_prefer_server_ciphers on; + location / { + set $backend_server cms.eu18-smax.saas.microfocus.com; # The CMS FQDN of current farm, take eu18 as an example + proxy_pass https://$backend_server; # Use a variable so that DNS lookup is forced every time + proxy_set_header Host $backend_server; # Sets the request header Host to the specified backend server + proxy_ssl_verify on; # Enable SSL authentication for proxy requests + proxy_ssl_trusted_certificate ssl/albCA.crt; # Specifies the location of CA certificate from which the proxy requests SSL security authentication, in this case, the CA cert of CMS application load balancer. + } + } + server { + listen 443 ssl; # listen on port 443 and enable SSL/TLS secure connections, 443 is an example, you may use other port + server_name oo.esm-api.acme.com; # specify the server name, the value should be OO FQDN allocated for the customer, for example oo.esm-api.acme.com; + ssl_certificate ssl/oo-acme.crt; # the location of the server certificate generated for the server specified in server_name + ssl_certificate_key ssl/oo-acme.key; # the location of server key generated for the server specified in server_name + client_body_timeout 60s; # maximum time for reading the body of a client request sent to OO + client_max_body_size 50m; # maximum allowed size of the client request body sent to OO + ssl_session_cache shared:SSL:1m; + ssl_session_timeout 5m; + ssl_ciphers 'TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256:TLS_AES_128_CCM_8_SHA256:TLS_AES_128_CCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384'; + ssl_prefer_server_ciphers on; + location / { + set $backend_server oo.eu18-smax.saas.microfocus.com; # The OO FQDN of current farm, take eu18 as an example + proxy_pass https://$backend_server; # Use a variable so that DNS lookup is forced every time + proxy_set_header Host $backend_server; # Sets the request header Host to the specified backend server + proxy_ssl_verify on; # Enable SSL authentication for proxy requests + proxy_ssl_trusted_certificate ssl/albCA.crt; # Specifies the location of CA certificate from which the proxy requests SSL security authentication, in this case, the CA cert of OO application load balancer. + } + } + } + ``` +6. Enable and start the nginx service by running the following command. + ``` + sudo systemctl enable nginx + sudo systemctl start nginx + ``` + +### Create the second nginx service machine + +Create the second nginx service machine with the same steps as above. However, it should be in a different availability zone of current VPC for high availability. For example, nginx-2. + +Note + +The certificates applied to NLB will need to be publicly signed by a public CA, so normally the customer gateway will accept them. + +## Create a target group + +1. Navigate to **EC2** > **Target groups**. +2. Click the **Create target group** button in the right corner. +3. Select **Instance** as the target type. +4. Enter a name for the target group. For example, `nlb-tg`. +5. Select **TCP** as the protocol, and then enter `443` as Port. +6. Select the existing **VPC** of your current farm where smax/cms/oo are running. +7. Select **TCP** as the Health check protocol. +8. Click **Next**. +9. From the Register target page, select the instance ID whose Name is displayed as the **two nginx service machines** that you created in previous steps. +10. Click the **Include as pending below** button. The two Nginx instances will be listed in the **Targets** section. +11. Click the **Create target group** button. + The target group has been created successfully. + +## Create a Network Load Balancer + +1. Sign in to AWS, and then navigate to **EC2** > **Load Balancers**. +2. Click the **Create load balancer** button on the right corner. +3. Select the **Network Load Balancer** the balancer type, and then click the **Create** button. +4. Enter a proper name for **Load balancer name**. For example, NLB-Acme. +5. Use the default value `Internet-facing` for the **Scheme** section. +6. Use the default value `IPv4` for the **IP address type** section. +7. In the **Network mapping** section, select the **existing VPC** of current farm where SMAX/CMS/OO are running, then map to the **3 public subnets** of the VPC, use default values for others. +8. In **Security groups** section, click create a new security group. Give a security group name, description, select the same VPC in step 7, add one inboud rule whose type is **HTTPS**, source IP is the **IP range for customer's API gateway**. Delete the default security group. Refresh and select the newly created security group. For troubleshooting purpose you may add some additional IP ranges. For SaaS enter the tag: Owner: ESM +9. In the **Listeners and routing** section, select **TCP** as the protocol, and then set the Port to `443`. +10. Select the target group you created above. For example, select **nlb-tg**. +11. For Saas, enter Tags by copying them from another sample LB. +12. Click the **Create load balancer** button. +13. Select this NLB and go to the detail page, you will see the listeners of target groups. +14. Go back to the security group of the EC2 instance(s) of nginx and set the HTTPS rule source type to the security group of the NLB (as described above). + +## Edit a Network Load Balancer Security Group + +For the step #7 above, in the section **Create a Network Load Balancer**, operate, when requested, the change: + +1. Sign in to AWS, and then navigate to **EC2** > **Security Groups**. +2. Choose the right ZeroTrust Security group, e.g. sg-0e4a9f16dadd46485 - zerotrust-nlb-sg on EU18. +3. Check the **Inbound Rules** section and choose **Edit inbound rules**. +4. Remove and/or add the requested IP/IP range in a new rule. Save the changes. + +## Map CNAMEs to the NLB + +Map the 3 CNAMEs created under Route53 to the NLB (use Alias to NLB DNS name), for example: + +| DNS CNAME | Alias | +| --- | --- | +| smax.api..[esm-saas.com](http://esm-saas.com/) | | +| cms.api..[esm-saas.com](http://esm-saas.com/) | | +| oo.api..[esm-saas.com](http://esm-saas.com/) | | + +## Testing + +### Validate certificates on the customer managed FQDN's + +From within the Zero Trust Nginx instance, you can use a curl command like this to confirm the certificate from customer is valid: + +``` +curl -v --resolve tst.smax.esm-api.acme.com:443:127.0.0.1 https://tst.smax.esm-api.achmea.nl +``` + +![](attachments/688996474/688996473.png) + +### Use Postman to check network connectivity + +You can perform a REST call on the customer FQDN to validate connectivity. For example: + +POST: https://tst.smax.esm-api.acme.com/auth/authentication-endpoint/authenticate/token?TENANTID= + +Note + +This requires that your proxy ip address is part of the IP allowlist. + +If you don't configure mTLS, you will get an error: 400 No required SSL certificate was sent But at least this verifies network connectivity. + +This requires that your proxy ip address is part of the IP allowlist + +**Related pages** + +- Page: + [ESM Cloud Farm Version Tracking](/display/ICSD/ESM+Cloud+Farm+Version+Tracking) +- Page: + [How to get an Opentext Confluence account](/display/ICSD/How+to+get+an+Opentext+Confluence+account) +- Page: + [ITOM APM AppPluse Cloud Farm Information](/display/ICSD/ITOM+APM+AppPluse+Cloud+Farm+Information) +- Page: + [ITOM Cloud Service Ops Doc Management Process](/display/ICSD/ITOM+Cloud+Service+Ops+Doc+Management+Process) +- Page: + [ITOM ESM Cloud Service Catalog](/display/ICSD/ITOM+ESM+Cloud+Service+Catalog) +- Page: + [ITOM OpsB NOM Cloud Service Catalog](/display/ICSD/ITOM+OpsB+NOM+Cloud+Service+Catalog) +- Page: + [OpsB and NOM Cloud Deployments Version Tracking](/display/ICSD/OpsB+and+NOM+Cloud+Deployments+Version+Tracking) diff --git a/knowledgebase/csd-wiki/ICSD/Configure-SAML-authentication-for-SaaS-Customer_686065288.md b/knowledgebase/csd-wiki/ICSD/Configure-SAML-authentication-for-SaaS-Customer_686065288.md new file mode 100644 index 00000000..179e60b9 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/Configure-SAML-authentication-for-SaaS-Customer_686065288.md @@ -0,0 +1,51 @@ +# Configure-SAML-authentication-for-SaaS-Customer_686065288 +## Introduction + +This document describe how to configre SAML authentication for SaaS customer. Before this, the SaaS customer should follow the [online doc](https://docs.microfocus.com/doc/ESM/SaaS/ConfigureSAML) to finish the IDP configuration and submit service request in PCS to share IDP meta data to Cloud team. The Cloud Ops engineer can follow this document to conitnue the rest part of configration in IdM. + +## Create a SAML configuration in IdM + +To create a SAML configuration, follow these steps: + +1. In Suite Administration, click the **IdM settings** tab in the tenant detail page. The system opens the **Authentication** page for the corresponding organization in the IdM Admin Portal of the suite. +2. From the **CONFIGURATIONS** section, click "+" to add one authentication. +3. Select **SAML** as the authentication type from the drop-down list, and then click **CREATE**. +4. Enter the related SAML configuration settings: + 1. Enter the display name. Naming Rules: --saml + 2. Do one of the following: + - Select **IDP Metadata URL**, enter the following IdP metadata URL, and then upload the certificate of the IdP. + - ADFS: `https://**/FederationMetadata/2007-06/FederationMetadata.xml` + - Azure AD: The App Federation Metadata URL you noted during SAML configuration in Azure + - Select **IDP Metadata**, and then upload the IdP metadata file. + - ADFS: You can download the metadata file from this URL: `https://**/FederationMetadata/2007-06/FederationMetadata.xml` + - Azure AD: The Federation Metadata XML you downloaded during SAML configuration in Azure +5. Click **SAVE**. + +## Create a SAML configuration group in IdM + +To create a configuration group for SAML, follow these steps: + +1. After you create a SAML configuration, from the **CONFIGURATION GROUPS** section, click "+" to add an authentication group. +2. In the **Name** field, enter **saml**. + Note: You must use **saml** as the name for the SAML configuration group. Otherwise, the default login type feature in Suite Administration doesn't work. +3. In the **Display Name** field, enter a display name for the authentication group. +4. In **Authentication Group Type**, select **Normal**. +5. In the **Configurations** field, select the SAML authentication configuration that you just created. + Note: You can add only one SAML authentication configuration to the SAML configuration group. +6. Click **SAVE**. + +Now, you have completed the SAML configurations. SAML users can access the tenant. After the user logs in to the tenant for the first time, the system automatically synchronizes their user profiles to Suite Administration. + +## Verify the SAML SSO configuration + +To verify that the SAML SSO configuration works, check the following: + +- Users added in the IdP can log in to Service Management using their IdP user credentials. +- After such a user logs in to Service Management, you can see the user record for the user created in Suite Administration, and various user-related fields that correspond to the outgoing claim types or claims you added in the IdP have the IdP value populated. +- Once above change is completed, the SaaS Ops engineer should schedule a call with customer to validate the SSO login and user record information in IDM/BO/SMAX tenant + 1. Ask an existing user to login via SSO + 2. check the claims updated in IDM + 3. check the fields in BO and SMAX tenant is correct, like "First Name", "Last Name", "Email", "User Prinsiple Name" + 4. Check user sync - Force the sync between IDM and BO, on the Account page > Users tab ( **don't touch** the "Hard sync user" button the the Tenant form) + 5. Check user sync - Go into the tenant and force the Sync button on the Person grid (BO -> SMAX tenant) + 6. The testing should cover both new user (create new a user in IDM) and existing user (mapping to existing user in IDM) diff --git a/knowledgebase/csd-wiki/ICSD/Configure-UIS_688987644.md b/knowledgebase/csd-wiki/ICSD/Configure-UIS_688987644.md new file mode 100644 index 00000000..cb08ee9b --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/Configure-UIS_688987644.md @@ -0,0 +1,39 @@ +# Configure-UIS_688987644 +## Configure Optic Switcher with single sign on (Azure IDP solution) + +Refer to: [Configure Optic Switcher with single sign on (Azure IDP solution)](https://rndwiki.houston.softwaregrp.net/confluence/pages/viewpage.action?pageId=1290634151) + +## How to enable Feature Toggle for UIS Data clean up on time series bar chart + +1) Enable Feature Toggle in bvd helm configure map, on the Kubernetes master machine: + +``` +kubectl -n edit configmap bvd-config +``` + +Search **featureToggles,** and add **"ENABLE\_DATA\_CLEAN\_UP": true** inside {}. The result should be like below, if previous value is empty: + +featureToggles: {"ENABLE\_DATA\_CLEAN\_UP": true} + +![](attachments/688987644/688987643.png) + +## How to enable Feature Toggle for UIS Caching + +The feature toggle " **QueryCaching** " controls whether caching is enabled or disabled at the system level. By default, it is set to **false** (disabled). If it is set to **false**, all frontend and backend UIS data collector caching-related features will no longer have any effect. + +- Run the following commands: + **Configure feature toggle** + `# Get namespace of UIS` + `kubectl get ns` + + `# Edit config map` + `kubectl edit configmap bvd-config -n {namespace}` +- Search " **featureToggles".** Set the value of " **QueryCaching** " to **true** or **false**. If " **QueryCaching** " does not exist, please add it to {}, for example: + **Set QueryCaching** + `bvd.featureToggles: ``'{"QueryCaching":true}'` +- Save the change. +- Wait for about tens of seconds and refresh the browser page. + +## Attachments: + +[image2024-5-9\_16-12-0.png](attachments/688987644/688987643.png) (image/png) diff --git a/knowledgebase/csd-wiki/ICSD/Configure-custom-SMTP-for-UCMDB_688983358.md b/knowledgebase/csd-wiki/ICSD/Configure-custom-SMTP-for-UCMDB_688983358.md new file mode 100644 index 00000000..0b969a74 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/Configure-custom-SMTP-for-UCMDB_688983358.md @@ -0,0 +1,56 @@ +# Configure-custom-SMTP-for-UCMDB_688983358 +## Introduction + +## Step 1. Get AWS SMTP server host + +The smtp server host is dedicated for each region of AWS. Please refer to SMTP Endpoints of [Amazon Simple Email Service endpoints and quotas](https://docs.aws.amazon.com/general/latest/gr/ses.html) for details. + +## Step 2. Create email credentials for the UCMDB - Optional + +This step to create a custom sender SES identity is OPTIONAL. This is only needed if the customer requires a "custom sender" email address. + +You can use the Farm AWS SES identity details instead. This is actually the preferred method. + +Note: for the below steps you need to login to AWS Console using the ESM user, or ask someone from PSEC (MFI-Product Security Operations ) to create this IAM user. + +1. Open the **“Amazon Simple Email Service”** on the AWS console +2. Go to select the **“SMTP Settings”** on left pane, click **“Create SMTP credentials”** in the **“Simple Mail Transfer Protocol (SMTP) settings”** + +![](https://staging.docs.microfocus.com/mediawiki/images/8/86/esmemailsetting1.png) + +1. Give the new IAM user name as **“ses-smtp-user.{farm alias}-{tenantId}”**, for example: + +![](https://staging.docs.microfocus.com/mediawiki/images/5/5a/esmemailsetting2.png) + +1. Click **Create**. +2. **Due to a limitation in UCMDB,the SMTP User password doesn't support special character like(/ \* -),so you have to repeat the IAM user creation until you got a Secret Key contains only alphabetic character.** +3. Save the access key, username, and access secret key into parameter store. The parameter path format: +- /{farm}/tenant/{tenantId}/iam/ses/key: Access key +- /{farm}/tenant/{tenantId}/iam/ses/name: Username +- /{farm}/tenant/{tenantId}/iam/ses/secret: Access Secret Key + +## Step 3. Verify customer’s email address in AWS SES identity + +Refer to [Configure custom mail sender, dedicated AWS SES users](https://rndwiki.houston.softwaregrp.net/confluence/display/ICS/Configure+custom+mail+sender%2C+dedicated+AWS+SES+users) to verify customer’s email address in AWS SES identity + +## Step 4. Configure SMTP via JMX + +1. Log into JMX Console and for **setSettingValue** ![](attachments/688983358/688983336.png) +2. Search JMX method **listResourceTypes**, input tenantid and click invoke. + Click **Settings\_STATE\_CUSTOMER\_SETTING** + Click **email.send.from + **Manually input the email sender in if the value is not correct,click 'save resource'. + You may see a value like: sma\_noreply&#x40;[microfocus.com](http://microfocus.com/) with hex code for the "@" character. Change it to the visible "@" character on your keyboard.** + + ![](attachments/688983358/688983341.png) + + ** +3. Search JMX method **showSettingsByCategory**, input customerID, **Mail Settings** as category and click invoke. Review all the values you input. + ![](attachments/688983358/688983343.png) +4. example + +## Step 5. Test to send report + +1. log into CMS UI https://cms.-smax.saas.microfocus.com/ucmdb-browser/ui/reports?customerID=123456789 +2. Go to ![](attachments/688983358/688983346.png) +3. ![](attachments/688983358/688983351.png) diff --git a/knowledgebase/csd-wiki/ICSD/Configuring-HCMx-and-OpsB-using-same-Vertica_688987648.md b/knowledgebase/csd-wiki/ICSD/Configuring-HCMx-and-OpsB-using-same-Vertica_688987648.md new file mode 100644 index 00000000..853c8085 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/Configuring-HCMx-and-OpsB-using-same-Vertica_688987648.md @@ -0,0 +1,254 @@ +# Configuring-HCMx-and-OpsB-using-same-Vertica_688987648 +## Introduction + +This page describes how to configure OpsB to use Vertica which is installed through HCMx. Here the main challenge is how to do cross communication between SMAX SaaS account and OpsB SaaS account. + +## Deployment Diagram + +![](attachments/688987648/688987652.png) + +## Install HCMx + +Follow the regular SaaS steps to install HCMx + +Refer official doc link: [Install on AWS (EKS) - Service Management Automation X (microfocus.com)](https://docs.microfocus.com/doc/SMAX/24.2/EKS) + +## Configuration for cross AWS account communication (uses AWS Privatelink) + +***Ports used from HCMx side:*** + +- From OpsB to HCMx: 5433 + +***Ports used from OpsB side:*** + +- From HCMx to OpsB: 31051 or 6651 (based on property: global.di.externalDNS.enabled), by default its 6651 +- From HCMx to OpsB: 18443 (ODL administration API) +- From HCMx to OpsB: 5050 (ODL receiver API) + +For the above cross account communications, AWS Private Link configured. This includes Endpoint Service which connects to private NLB of required service on source and Endpoint on client side which connects to Endpoint Service created on Source. + +Note: Make sure the exposed port through Endpoint Service opened using Security Group of Endpoint on client side. + +Once all private links configured, need to edit Scheduler Config map to overwrite pulsar datasource value to Interface Endpoint on UDX plugin which connects with port 6651. + +Edit ConfigMap "itom-di-udx-scheduler-scheduler" in OpsB namespace and replace the Interface Endpoint for property "pulsar.datasource.host" + +### Create Network Load Balancer for Vertica + +**Go to AWS console to create a Target Group for Vertica** + +

Section

Item

Value

Basic configuration

Target type

IP addresses

Target group name

NLB-for-Vertica-TG

Protocol: Port

TCP: 5433

IP address type

IPv4

VPC

VPC of the Vertica DB server

Others

/

Leave default

+ +**Go to AWS console to create a Network load balancer for Vertica** + +

Section

Item

Value

Basic configuration

Load balancer name

NLB-for-Vertica

Scheme

Internal

IP address type

IPv4

Network mapping

VPC

VPC of the Vertica DB server

Mappings

us-west-2a: private subnet1

us-west-2b: private subnet2

us-west-2c: private subnet3

Security groups

Security groups

The security group of the Vertica DB server

Listeners and routing

Protocol

TCP

Port

5433

Forward to

NLB-for-Vertica-TG

+ +### Create Endpoint Service for Vertica + +**Go to AWS console to create an Endpoint Service for Vertica** + +

Section

Item

Value

Endpoint service settings

Name

Vertica-endpoint-service

Load balancer type

Network

Available load balancers

Select the load balancers

NLB-for-Vertica

Additional settings

Acceptance required

Checked

Supported IP address types

IPv4

+ +### Create Endpoints for Vertica connect to OpsB + +**Go to AWS console to create an Endpoint for Pulsar** + +

Section

Item

Value

Endpoint settings

Name tag

Vertica-Pulsar-endpoint

Service category

Other endpoint services

Service settings

Service name

The pulsar service name shared from OpsB

VPC

VPC

The VPC of Vertica

Additional settings

Leave as default

+ +**Go to AWS console to create an Endpoint for DI Admin** + +

Section

Item

Value

Endpoint settings

Name tag

Vertica-DI-Admin-endpoint

Service category

Other endpoint services

Service settings

Service name

The DI Admin service name shared from OpsB

VPC

VPC

The VPC of Vertica

Additional settings

Leave as default

+ +**Go to AWS console to create an Endpoint for DI receiver** + +

Section

Item

Value

Endpoint settings

Name tag

Vertica-DI-Receiver-endpoint

Service category

Other endpoint services

Service settings

Service name

The DI receiver service name shared from OpsB

VPC

VPC

The VPC of Vertica

Additional settings

Leave as default

+ +### Create inbound rules in the security group of Vertica + +1. **Go to AWS Console to find the security group of the Vertica** +2. **Click “Actions” to edit inbound rules** +3. **Add three rules as** + +| Type | Protocol | Port range | Source | Description | +| --- | --- | --- | --- | --- | +| Custom TCP | TCP | 6651 | Custom: 0.0.0.0/0 | itom-pulsar | +| Custom TCP | TCP | 18443 | Custom: 0.0.0.0/0 | itom-di-administration | +| Custom TCP | TCP | 5050 | Custom: 0.0.0.0/0 | itom-di-receiver | + +## Vertica Customisation on HCMx Vertica Instance + +## Configure Vertica for ODL communication + +Get the pulsarudx packge + +[https://orgartifactory.swinfra.net/artifactory/itom-opsbridge-helm-release/opsbridge-suite-chart/24.2/opsbridge-suite-chart-2.8.1+24.2.1-35.zip](https://orgartifactory.swinfra.net/artifactory/itom-opsbridge-helm-release/opsbridge-suite-chart/24.2/opsbridge-suite-chart-2.8.1+24.2.1-35.zip) + +Extract the package, get the opsbridge-suite-chart/tools/itom-di-pulsarudx-.x86\_64.rpm + +In Bastion host + +from the unzipped opsb chart copy pulsarudx plugin to vertica (use the command below) + +scp -r -i ~/id\_tmp opsbridge-suite-chart/tools/itom-di-pulsarudx-.x86\_64.rpm [vertica@](mailto:vertica@10.0.1.247) [<](mailto:centos@3.137.215.72) [verticaIP>](mailto:vertica@10.0.1.247):/home/vertica + +In vertica VM + +- vsql --version ( make sure it compatible vertica version for opsb) +- sudo su + rpm -iv itom-di-pulsarudx-.x86\_64.rpm + +### Create tenant in vertica (Use HCMx tenant ID with "t" prefix for tenant name) + +- cd /usr/local/itom-di-pulsarudx/bin + ./dbinit.sh genconfig +- mv /usr/local/itom-di-pulsarudx/conf/dbinit\_conf.yaml /usr/local/itom-di-pulsarudx/conf/dbinit\_conf.yaml-bkp +- sed -i s/t123456789/t/g /home/vertica/dbinit\_conf.yaml +- cp -f /home/vertica/dbinit\_conf.yaml /usr/local/itom-di-pulsarudx/conf/dbinit\_conf.yaml + ./dbinit.sh -g + Provide Admin\_1234 as all prompts of password +- ./dbinit.sh list + Tenant |Deployment |Read Only User |Read Write User | + txxxxxxx |default |txxxxxxx\_rouser |txxxxxxx\_rwuser +- Please find the sample file attached + +[dbinit\_conf\_sample\_saas.yaml](attachments/688987648/688987655.yaml) + +## Install OpsB + +**(Use HCMx tenant ID with "t" prefix for tenant name)** + +Follow regular SaaS steps to install OpsB with following changes, + +Refer official doc link: [Install Operations Bridge - Operations Bridge - Containerized (microfocus.com)](https://docs.microfocus.com/doc/Containerized_Operations_Bridge/24.2/Install) + +- Install ODL Message Bus (Pulsar) in different namespace (example: optic-shared). Create tenant in ODL message bus +- In OpsB values yaml, provide HCMx Vertica details such as hostname, port, RO user, RW user and TLS enabled. (Using helm install command, Vertica certificate will be passed) + +## Config the OPTIC Data Lake Capability on ESM BO + +### Download OPTIC Data Lake certificates + +Take `https://:443/` as an example. + +Follow the below steps to get certificates: + +1. Visit `https://:443/`, click **Not secure** and **Certificate is not valid**. +2. Go to the **Details** tab and select the root certificate, then click **Export**. + +Get Administration and Data receiver URLs: + +- Get the DNS Name of the data-ingestion-administration endpoint as the DI-Admin-FQDN +- https://:18443/itom-data-ingestion-administration +- Get the DNS Name of the data-ingestion-receiver endpoint as the DI-Receiver-FQDN +- https://:5050/itom-data-ingestion-receiver + +Follow the below steps to get certificates: + +1. Visit https://:18443/, click **Not secure** and **Certificate is not valid**. +2. Go to the **Details** tab and select the root certificate, then click **Export**. +3. Visit https://:5050/, click **Not secure** and **Certificate is not valid**. +4. Go to the **Details** tab and select the root certificate, then click **Export**. + +### Import OPTIC Data Lake certificates + +Copy the certificates to the following directory on the NFS server of SMAX: < `global-volume>/certificate/source`. For example, `/var/vols/itom/itsma/global-volume/certificate/source` + +`Or /certificate/source (Helm transformed). For example, /var/vols/itom/itsma/config-volume/certificate/source` + +Notice: In this step, please assure the owner of certificates is 1999:1999. For command, chown -R 1999:1999 + +### Restart pods + +Restart SMAX pods by running commands on a control plane node or the bastion node: + +1. Run the following commands to restart the SMAX platform pods. + kubectl rollout restart deployment -n itsma-xxxx itom-xruntime-platform + kubectl rollout restart deployment -n itsma-xxxx itom-xruntime-platform-offline +2. Run the following command to restart the bo-ats pod. + kubectl rollout restart deployment -n itsma-xxxx itom-bo-ats-deployment + +## Create a credential for OPTIC Data Lake + +To create a credential for OPTIC Data Lake, follow these steps: + +1. Log in to Suite Administration as the suite admin: https:///bo. +2. Click **Configurations**. +3. On the **Credential Store** tab, click **New**. +4. In the **Credential** dialog box, specify these fields: + View Fullscreen + | Field | Description | + | --- | --- | + | Name | The display name of the required credential you want to create for the OPTIC DL IdM. | + | Tenant | The tenant ID, which is required when you add capabilities after installing the suite. The tenant you select must be active. | + | IdM endpoint | The endpoint of the OPTIC DL IdM that you want to connect. For example, `https://:`. | + | Organization | The organization of the OPTIC DL IdM. | + | User name | The name of the IdM user with the DI ADMIN role and/or DI INGESTION role. If you use one single IdM user for both the **DI ADMIN** role and the **DI INGESTION** role, you only need to create one credential. If you use two different users for the **DI ADMIN** role and the **DI INGESTION** role, make sure you create two credentials for each of them. You can only create or delete one credential at a time. | + | Security type | The security type. You can select either **PASSWORD** or **VAULT**. | + | Password | The password of the user. Enter the password if you selected **PASSWORD** as the security type. | + | Vault | The vault key. Enter the vault key if you selected **VAULT** as the security type. | +5. Click **Test connection**. If the action fails, check if the field values are correct. +6. Click **Save**. It will generate a UUID for this credential. You can use this UUID to connect to the OPTIC DL IdM. +7. Notice the Opsbridge team to grant the DI\_ADMIN, DI\_DATAACCESS, DI\_INGESTION roles to the new created users. + +## Deploy the OPTIC Data Lake capability + +Follow these steps to deploy the OPTIC Data Lake capability for the tenant: + +1. Log in to Suite Administration as the suite admin: https:///bo. +2. Click **Tenants**. +3. Click and open the tenant for which you just created the credential. +4. On the **Capability settings** tab, click **Deploy new capability**. +5. In the **Pre-check** step, in the **Capability** dropdown box, select **OPTIC Data Lake**. + Only when a Premium license has been added to the selected tenant, the OPTIC Data Lake option will appear in the dropdown box. +6. In **Administration URL**, enter `https://:18443/itom-data-ingestion-administration`. +7. In **Credential for** **administration**,select the credential you just created. +8. Click **Next**. +9. In the **Config and deploy** step, in **Data receiver URL**, enter `https://:5050/itom-data-ingestion-receiver`. +10. In **Credential for data receiver**, select the credential you just created. +11. Check the acknowledge box. +12. Click **Deploy**. +13. The deployment is now completed. Note that the OPTIC Data Lake capability can only be deployed once, however, you can change the configurations through the **Capability settings** tab later. + +## Configure the integration + +Once the OPTIC Data Lake capability is deployed, the SMAX tenant admin or the Integration admin (**People** > **Roles** > **On-Premise Bridge/Integration** > **Administrator**) needs to configure the integration: + +1. Go to the agent interface. +2. In **Integration Management**, select **Integration configuration**. +3. Click and expand the **OPTIC Data Lake** node. +4. You can enable OPTIC Data Lake either for specific record types or for all supported record types. You can enable OPTIC Data Lake for specific record types. To do this, click **Add**, select the desired record type, and then click **Save**. Click **Save** in the main window**,** then click **Apply**. Once the record type is added, it will appear in the left-side pane. Alternatively, you can enable OPTIC Data Lake for all supported record types. To do this, check the **Apply for all record types** box, click **Save**, then click **Apply**. However, by enabling it for all supported record types, the data throughput might surge and impact the system's performance. +5. Now, the SMAX metadata will be synchronized and the database structure will be created in OPTIC Data Lake. + **Note:** The COMPLEX\_TYPE, IMAGE, LARGE\_TEXT, and RICH\_TEXT metadata is not supported and won't be synchronized. + +## Data synchronization + +After the OPTIC Data Lake integration has been configured: + +- Any changes to the SMAX metadata will be synchronized to OPTIC Data Lake instantly. +- Any changes to the SMAX record data will be synchronized to OPTIC Data Lake every 15 minutes. Note that the maximum number of database transactions per job is 1000. + +## Configure UIS + +## Enable Feature Toggle for UIS Data clean up on time series bar chart + +1) Enable Feature Toggle in bvd helm configure map, on the Kubernetes master machine: + +``` +kubectl -n edit configmap bvd-config +``` + +Search **featureToggles,** and add **"ENABLE\_DATA\_CLEAN\_UP": true** inside {}. The result should be like below, if previous value is empty: + +featureToggles: {"ENABLE\_DATA\_CLEAN\_UP": true} + +![](attachments/688987648/688987656.png) + +## Configure Optic Switcher with single sign on (Azure IDP solution) + +Refer to: [Configure Optic Switcher with single sign on (Azure IDP solution)](https://rndwiki.houston.softwaregrp.net/confluence/pages/viewpage.action?pageId=1290634151) + +## Validating Setup + +- Open UIS reports and check the data getting populated +- Open DBLog on Vertica to look for any errors, there should not be any errors in that log. This shows if any error on UDx plugin to pulsar proxy communication. +- Configure entity push in BO and see entities are getting into Vertica. This confirms ODL functionality correctly works or not. diff --git a/knowledgebase/csd-wiki/ICSD/Content-Pack-cleanup-for-SaaS-farms_692438713.md b/knowledgebase/csd-wiki/ICSD/Content-Pack-cleanup-for-SaaS-farms_692438713.md new file mode 100644 index 00000000..88a6b449 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/Content-Pack-cleanup-for-SaaS-farms_692438713.md @@ -0,0 +1,68 @@ +# Content-Pack-cleanup-for-SaaS-farms_692438713 +### Context + +Over time we see a lot of older CP versions pilling up on our SaaS farms. Each CP zip file is around 350-400MB and it's stored in the DB and on the disk. This can become a problem over time. + +Also, the UCMDB server has some scheduled tasks to check the DB and the disk for newer CP files, calculate their checksums, and decide if the DB and disk storage need to be synched for newer CP zip files. This takes time and resources and has a performance impact. The UCMDB server does not do a CP zip file cleanup OOTB. + +### A. Identify what we have before the cleanup + +1. Get the list of used CPs from UCMDB server JMX using the method *viewSystemInformation* +2. Get the current list of CP versions from the DB. From JMX invoke *executeQuery* with the SQL query *select version from content\_packs* +3. Example of output for the query +4. *select version from content\_packs* + ![](attachments/692438713/692438700.png) +5. Get the list of CPs from the disk. The path is /mnt/cms/var/vols/itom/cms/data-volume/ucmdb/server/content/content\_packs +6. Example of the available CPs on the disk + + ![](attachments/692438713/692438701.png) + +### B. Evaluate what we have + +1. Check that the DB list is the same as the disk list. They should be the same +2. Compare the list from the DB and the one from *viewSystemInformation* to find the CP versions that are not used. In the DB list, CP versions are not present in *viewSystemInformation* . These are the CP versions to be deleted + 1. On the disk we may have directories with the same version as some of the CP zip files like CP-24.4.zip and directory 24.4.89. Both of them refer to CP 24.4 and can be deleted if they are not in the Support Matrix and if no customer is using that CP version. +3. Be careful about CP version and build number. We can have versions 24.4 build 116 and 24.4 build 117 and they are considered distinct CP versions. None, one or both can be used by a customer(s). +4. The current supported CP versions for the deployed UCMDB version need to be kept even if they are not used by any customer as any customer can upgrade to it and we support these versions. The CP Support Matrix is found at [https://docs.microfocus.com/doc/Universal\_Discovery\_Content\_Pack/24.4/CPSupportMatrix](https://docs.microfocus.com/doc/Universal_Discovery_Content_Pack/24.4/CPSupportMatrix) + 1. Example: for UCMDB 24.4 we support CP 23.4 but we need to keep this version even if no customer is using it. +5. Do a backup of content\_packs folder which can be removed after 1 week if there is no issue + +### C. Cleanup + +1. When the UCMDB servers are stopped we can delete from the DB and disk the CP versions from above that were not found in *viewSystemInformation* + 1. *set replicas to 0 for itom-ucmdb sts ( kubectl scale sts itom-ucmdb --replicas=0 -n cms )* + 2. *check both ucmdb pods are stopped* +2. Selective deletion of the unused/useless CP versions from the DB and disk. Once you identify a CP version(and build!) that is not used by any customer from *viewSystemInformation,* it can be deleted from the disk and from the DB one by one. This will take more time but it's safer and the server startup is not affected. +3. Keep supported versions as mentioned in step **B.4** +4. Query to delete from UCMDB DB a specific CP version from DB delete from CONTENT\_PACKS where version = '2022.11.99' + 1. Execute the query from UCMDB RDS, at this time, the UCMDB server is stopped, so can't delete it from JMX console + 2. use instead of 2022.11.99 any CP version that is no longer needed +5. Set replicas back to 2 for itom-ucmdb-sts ( kubectl scale sts itom-ucmdb --replicas=2 -n cms ) + +### D. Validate the results + +1. Check the output of *viewSystemInformation* +2. List the available CP version in DB with the SQL query *select version from content\_packs* +3. List the files in */mnt/cms/var/vols/itom/cms/data-volume/ucmdb/server/content/content\_packs* +4. We should have the same count of CPs and the same CP versions in all 3 sources from above + +In the past we had an unofficial cleanup procedure for the on-premise UCMDB + +[https://community.microfocus.com/it\_ops\_mgt/ucmdb/f/discussions/140155/maintenance-tip-cleanup-of-the-old-content-packs](https://community.microfocus.com/it_ops_mgt/ucmdb/f/discussions/140155/maintenance-tip-cleanup-of-the-old-content-packs "https://community.microfocus.com/it_ops_mgt/ucmdb/f/discussions/140155/maintenance-tip-cleanup-of-the-old-content-packs") + +**Related pages** + +- Page: + [ESM Cloud Farm Version Tracking](/display/ICSD/ESM+Cloud+Farm+Version+Tracking) +- Page: + [How to get an Opentext Confluence account](/display/ICSD/How+to+get+an+Opentext+Confluence+account) +- Page: + [ITOM APM AppPluse Cloud Farm Information](/display/ICSD/ITOM+APM+AppPluse+Cloud+Farm+Information) +- Page: + [ITOM Cloud Service Ops Doc Management Process](/display/ICSD/ITOM+Cloud+Service+Ops+Doc+Management+Process) +- Page: + [ITOM ESM Cloud Service Catalog](/display/ICSD/ITOM+ESM+Cloud+Service+Catalog) +- Page: + [ITOM OpsB NOM Cloud Service Catalog](/display/ICSD/ITOM+OpsB+NOM+Cloud+Service+Catalog) +- Page: + [OpsB and NOM Cloud Deployments Version Tracking](/display/ICSD/OpsB+and+NOM+Cloud+Deployments+Version+Tracking) diff --git a/knowledgebase/csd-wiki/ICSD/Convert-EPUB-to-audiobooks_686070564.md b/knowledgebase/csd-wiki/ICSD/Convert-EPUB-to-audiobooks_686070564.md new file mode 100644 index 00000000..4d153bd0 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/Convert-EPUB-to-audiobooks_686070564.md @@ -0,0 +1,27 @@ +# Convert-EPUB-to-audiobooks_686070564 +AI and relevant technologies are increasing everyone's processing speed on information. + +In order to process more, it's a good idea to convert EPUB books to audiobooks. So that you can listen to the books when walking, jogging or doing some sports. + +Here is the project to do the conversion. + +[https://github.com/p0n1/epub\_to\_audiobook](https://github.com/p0n1/epub_to_audiobook "https://github.com/p0n1/epub_to_audiobook") + +For windows users, check this link for more detailed setup + +[https://gist.github.com/p0n1/cba98859cdb6331cc1aab835d62e4fba](https://gist.github.com/p0n1/cba98859cdb6331cc1aab835d62e4fba "https://gist.github.com/p0n1/cba98859cdb6331cc1aab835d62e4fba") + +For Audio examples, Azure TTS / OpenAI TTS / Edge TTS can be used. You can start with Edge TTS as it's free. Other two options comes with better voice quality and emotion. + +List of voices available in Edge TTS.txt +[https://gist.github.com/BettyJJ/17cbaa1de96235a7f5773b8690a20462](https://gist.github.com/BettyJJ/17cbaa1de96235a7f5773b8690a20462 "https://gist.github.com/bettyjj/17cbaa1de96235a7f5773b8690a20462") + +Some examples of commands to do the conversion. + +``` +# English Book +python main.py "input\bookname.epub" "output_path" --tts edge --language en-US --voice_name en-US-MichelleNeural +python main.py "input\bookname.epub" "output_path" --tts edge --language en-US --voice_name fr-FR-VivienneMultilingualNeural +# Chinese Book +python main.py "input\bookname.epub" "output_path" --tts edge --language zh-CN --voice_name zh-CN-XiaoxiaoNeural +``` diff --git a/knowledgebase/csd-wiki/ICSD/Converting-the-Named-License-to-Concurrent-License_711830360.md b/knowledgebase/csd-wiki/ICSD/Converting-the-Named-License-to-Concurrent-License_711830360.md new file mode 100644 index 00000000..2e720ded --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/Converting-the-Named-License-to-Concurrent-License_711830360.md @@ -0,0 +1,11 @@ +# Converting-the-Named-License-to-Concurrent-License_711830360 +1. Identify the correct Tenant, License Pool and License ID. Please refer to the "Process for license" guide. +2. Select the License -> Revoke +3. Open the License Pool -> Open the License Allocation. +4. In License Allocation, please change the set up of Named or Concurrent Users accordingly. +5. Apply the license to the customer pool +6. Allocate the license to the customer tenant. + +**These steps can be applied to convert from Concurrent to Named Licenses too.** + +In case there are no licenses remaining in the License Pool, the Sales team should generate a new license and to be applied and follow the steps from "Process for license" guide. diff --git a/knowledgebase/csd-wiki/ICSD/Create-Integration-Users_686065319.md b/knowledgebase/csd-wiki/ICSD/Create-Integration-Users_686065319.md new file mode 100644 index 00000000..ea7dae14 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/Create-Integration-Users_686065319.md @@ -0,0 +1,41 @@ +# Create-Integration-Users_686065319 +## Introduction + +This document is to introduce how to create an integration user via Jenkins when PCS ticket is to request to add an integration user. + +## Use Jenkins job to create integration user + +1. Sample PCS Service Request for integration user creation + ![](attachments/686065319/686065312.png) +2. Open the Jenkins job. [https://saas-ops.itsma-ng.net/job/ESM-SaaS-Create-Integration-User/](https://saas-ops.itsma-ng.net/job/ESM-SaaS-Create-Integration-User/) +3. Input all parameters, and click "Build" + +The *customer\_alias*, *Integration\_app*,*customer\_receiver\_email* can be get from PCS ticket **Catalog Offering** Part. + +The common *Integration\_app* may cover: + +- - rest + - sap + - opbagent + - oo + - oocon + - obm + - idm + - ldap + - cms + - cit + - datalake + +![](attachments/686065319/686065314.png) + +![](attachments/686065319/686065315.png) + +4\. After the Jenkins job is completed, the user will be created, and the initial password set link will be sent to the "customer\_receiver\_email" email address. + +5\. Update this information to customer in PCS ticket. All are done. + +## Attachments: + +[image2023-11-1\_16-42-30.png](attachments/686065319/686065312.png) (image/png) +[image2023-11-1\_16-51-22.png](attachments/686065319/686065314.png) (image/png) +[image2023-11-1\_16-50-1.png](attachments/686065319/686065315.png) (image/png) diff --git a/knowledgebase/csd-wiki/ICSD/Customer-Cloud-Service-Offerings_684947005.md b/knowledgebase/csd-wiki/ICSD/Customer-Cloud-Service-Offerings_684947005.md new file mode 100644 index 00000000..0feba7b6 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/Customer-Cloud-Service-Offerings_684947005.md @@ -0,0 +1,18 @@ +# Customer-Cloud-Service-Offerings_684947005 +- [Add OAuth authentication - Ops+Customer tasks](684947018.html) +- [Allowable SMAX Attachment Extensions](Allowable-SMAX-Attachment-Extensions_686065217.html) +- [Apply license to ESM customer tenant](Apply-license-to-ESM-customer-tenant_688996779.html) +- [Configure custom mail sender, dedicated AWS SES users](686065263.html) +- [Configure SAML authentication for SaaS Customer](Configure-SAML-authentication-for-SaaS-Customer_686065288.html) +- [Configure SMAX custom domain (New Landing Zone)](686065305.html) +- [Create Integration Users](Create-Integration-Users_686065319.html) +- [Customize the login and logout pages](Customize-the-login-and-logout-pages_686065324.html) +- [Enable ESM capabilities (UCMDB/OO/FinOps/AC/OP/ODL)](688996783.html) +- [Enable ITOM Aviator for ESM tenant](Enable-ITOM-Aviator-for-ESM-tenant_688996800.html) +- [Enable ITOM Aviator for SMAX on-premise customer](Enable-ITOM-Aviator-for-SMAX-on-premise-customer_688996802.html) +- [ESM Customer Tenant Decommission](ESM-Customer-Tenant-Decommission_688996785.html) +- [How to enable legacy Discovery UI of UCMDB/Revert back to the UCMDB UI-based discovery](690081009.html) +- [Integrate with Power BI to create FinOps reports](Integrate-with-Power-BI-to-create-FinOps-reports_686065345.html) +- [SMAX maintain custom language packs](SMAX-maintain-custom-language-packs_688996787.html) +- [SMAX modify maximum attachement size](SMAX-modify-maximum-attachement-size_688996790.html) +- [Zero trust security configuration for ACME](Zero-trust-security-configuration-for-ACME_688996466.html) diff --git a/knowledgebase/csd-wiki/ICSD/Customer-Onboarding_686069933.md b/knowledgebase/csd-wiki/ICSD/Customer-Onboarding_686069933.md new file mode 100644 index 00000000..44edb54d --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/Customer-Onboarding_686069933.md @@ -0,0 +1,2 @@ +# Customer-Onboarding_686069933 +Created by on Jan 20, 2025 EST diff --git a/knowledgebase/csd-wiki/ICSD/Customer-Order-Fulfillment_686064518.md b/knowledgebase/csd-wiki/ICSD/Customer-Order-Fulfillment_686064518.md new file mode 100644 index 00000000..c6bb2a3c --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/Customer-Order-Fulfillment_686064518.md @@ -0,0 +1,2 @@ +# Customer-Order-Fulfillment_686064518 +Created by on Jan 16, 2025 EST diff --git a/knowledgebase/csd-wiki/ICSD/Customize-the-login-and-logout-pages_686065324.md b/knowledgebase/csd-wiki/ICSD/Customize-the-login-and-logout-pages_686065324.md new file mode 100644 index 00000000..21fb2adb --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/Customize-the-login-and-logout-pages_686065324.md @@ -0,0 +1,12 @@ +# Customize-the-login-and-logout-pages_686065324 +## Introduction + +As a suite administrator, you can configure the theme settings of the login and logout pages for each tenant to suit your company's look and feel. To do this, go to the IdM Admin Portal by clicking the **IdM settings** tab on the tenant details page from Suite Administration. + +## Document + +Please refer to official published document: + +SMAX 25.2: [https://docs.microfocus.com/doc/423/25.2/customizeloginlogoutpages](https://docs.microfocus.com/doc/423/25.2/customizeloginlogoutpages) + +SMAX 23.4: [https://docs.microfocus.com/doc/SMAX/23.4/CustomizeLoginLogoutPages](https://docs.microfocus.com/doc/SMAX/23.4/CustomizeLoginLogoutPages) diff --git a/knowledgebase/csd-wiki/ICSD/Database-monitoring-toolkit-deployment_686083872.md b/knowledgebase/csd-wiki/ICSD/Database-monitoring-toolkit-deployment_686083872.md new file mode 100644 index 00000000..91a96951 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/Database-monitoring-toolkit-deployment_686083872.md @@ -0,0 +1,18 @@ +# Database-monitoring-toolkit-deployment_686083872 +Created by on Jan 23, 2025 EST + +## Introduction + +This page presents all the steps to deploy SMAX database monitoring toolkit + +## Sections + +1. PG stored procedure +2. Prometheus & Grafana related setup +3. Tuning based on the toolkit + +**Related pages** + +**Content by label** + +There is no content with the specified labels diff --git a/knowledgebase/csd-wiki/ICSD/Deactive-ITOM-Aviator_686073804.md b/knowledgebase/csd-wiki/ICSD/Deactive-ITOM-Aviator_686073804.md new file mode 100644 index 00000000..4601ff92 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/Deactive-ITOM-Aviator_686073804.md @@ -0,0 +1,18 @@ +# Deactive-ITOM-Aviator_686073804 +1. [ITOM Cloud Service Delivery](index.html) +2. [ITOM Cloud Service Delivery](ITOM-Cloud-Service-Delivery_681555087.html) +3. [💠3 - Operation & Maintenance](682933064.html) +4. [Operational Runbook](Operational-Runbook_686073475.html) +5. [Standard Ops Runbook](Standard-Ops-Runbook_686073477.html) +6. [ITOM Aviator](ITOM-Aviator_688982192.html) + +Created by, last modified by Wei Shen on Feb 04, 2025 EST + +This chapter will includes: + +- [How to disable Aviator](https://confluence.opentext.com/display/ICSD/How+to+disable+Aviator) +- Decommission and Remove Data + +Document generated by Confluence on Sep 15, 2025 22:26 EDT + +[Atlassian](https://www.atlassian.com/) diff --git a/knowledgebase/csd-wiki/ICSD/Disable-NSACM-and-enhance-CI-lifecycle-in-SaaS_688987700.md b/knowledgebase/csd-wiki/ICSD/Disable-NSACM-and-enhance-CI-lifecycle-in-SaaS_688987700.md new file mode 100644 index 00000000..dc72c36a --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/Disable-NSACM-and-enhance-CI-lifecycle-in-SaaS_688987700.md @@ -0,0 +1,62 @@ +# Disable-NSACM-and-enhance-CI-lifecycle-in-SaaS_688987700 +Salesforce is a CMS standalone customer, previously OpenText want Salesforce to show interest on AMX, so at the beginning of Salesforce tenant provisioning, we use current ESM SaaS automation to set up SMAX + CMS + NSACM, with enhanced CI lifecycle enabled, after CMS 24.1 upgrade, we enhanced the CI lifecycle solution that CI deletion from all sources can't be physically deleted but set discovered state as 'purgeable', this is not applicable to Salesforce standalone CMS use case, so we need to disable NSACM and enhance CI lifecycle for Salesforce by performing below steps. + +### Disable NSACM + +Step 1: Disable NSACM flag manually by following: [Disable Native SACM manually](https://confluence.opentext.com/display/ICSD/Disable+Native+SACM+manually). + +Step 2: Clean up SMAX existing CIs, choose **one of the ways**: + +**For small data volume via SMAX UI:** + +1. From the main menu, select **Build > Service Asset & Configuration**. +2. From **SACM Home**, select **Devices**. +3. Drill down the grid for device, system element, service component, actual service respectively, select all CIs in the list, and click ‘Delete’ to mass delete them, ignore the warning like “maximum 500 records are allowed in one batch..” + +**For large data volume via database:** + +In the xservices\_ems database for SMAX + +1) Run the following SQL command to count CI number for each entity type, replace to the real SMAX tenant ID: + +***select [d.name](http://d.name/),count(1) from maas\_admin.entities\_ e inner join (select distinct id,name from maas\_admin.entity\_descriptor where name in ('Device','ActualService','SystemElement','ServiceComponent')) d on e.entity\_type\_id= [d.id](http://d.id/) where e.is\_deleted=false group by 1*** + +Get the results like + +![](attachments/688987700/688987689.png) + +2) Run the following SQL to soft delete all CIs of each entity type, replace to the real SMAX tenant ID: + +***update maas\_admin.entities\_ set is\_deleted=true where entity\_type\_id in (select distinct id from maas\_admin.entity\_descriptor where name in ('Device','ActualService','SystemElement','ServiceComponent')) and is\_deleted=false*** + +3) Re-run SQL in #1 and make sure all CIs are gone. + +![](attachments/688987700/688987690.png) + +4) You can also go to SMAX agent interface UI, double check all devices, system elements, service components, actual services are gone. + +### Disable enhanced CI lifecycle + +1. Go to JMX-console – URM Services - use listResourceTypes – iterate this for each customer ID +- - Settings\_STATE\_CUSTOMER\_SETTING – and select **[enable.enhanced.ci](http://enable.enhanced.ci/).lifecycle** – open it and set it as false instead of **true**: + +2\. To clean up the cache from UCMDB, you can perform **one of the ways** to make this change effective: + +- Restart this customer: Go to JMX, search for 'stopCustomer', input the related customerID, wait for few mins, go back to JMX, search for 'startCustomer', input the related customerID +- Restart server just to make sure the setting is reset + +3\. Validate the enhanced Ci lifecycle is disabled: go to CMS UI → Home → Administration → Infrastructure Settings Management → search for enhanced Ci lifecycle, check the value is false. + +![](attachments/688987700/688987693.png) + +### Post-operation tasks owned by customer + +After SaaS Ops disabled NSACM and enhanced CI lifecycle, there are some tasks need CMS customer to handle with existing CMS CIs. Customers can review these tasks and choose whether they need to do it or not based on their business. + +1. Clean up useless attributes in existing Cis: **metaphase, discovery\_state,** **sd\_type.** These 3 attributes are used for enhanced CI lifecycle and NSACM, it’s useless now, customer can create an enrichment rule to set the value of these 3 attributes to empty +2. Multi-tenancy is enabled by default in SaaS farm, the default tenant is ‘All Tenants’ so it will not impact single tenant use case. With MT enabled, under NSACM solution, there are some additional steps performed in SaaS CMS customer, please check whether you need to revert the changes: + 1. Disable OwnerTenant attribute, do you need to enable it? + 2. ![](attachments/688987700/688987694.png) + 3. Change Identification rule to ‘No identification’ for 3 CI types, do you need to set it to default value? + 4. ![](attachments/688987700/688987696.png) +3. For enhanced CI lifecycle solution, there is a step to assign the attribute ‘metaphase’ for node element CI type with default value: **Inherited from the parent node**. You may need to set the default value to empty if you have done this step before, see the setting details: [https://docs.microfocus.com/doc/SMAX/23.4/EnableEnhancedCiAging#Configure\_metaphase\_for\_node\_elements\_in\_UCMDB](https://docs.microfocus.com/doc/SMAX/23.4/EnableEnhancedCiAging#Configure_metaphase_for_node_elements_in_UCMDB). diff --git a/knowledgebase/csd-wiki/ICSD/Disable-Native-SACM-manually_686073918.md b/knowledgebase/csd-wiki/ICSD/Disable-Native-SACM-manually_686073918.md new file mode 100644 index 00000000..3970fbcc --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/Disable-Native-SACM-manually_686073918.md @@ -0,0 +1,48 @@ +# Disable-Native-SACM-manually_686073918 +## Introduction + +When moving tenants, if the source tenant has Native SACM enabled and the target tenant only needs the data from the source tenant and doesn't want Native SACM. This topic describes how to disable Native SACM manually. + +## Instructions + +To disable Native SACM manually, follow these steps: + +1. In the database, run the following SQL command: + ``` + UPDATE maas_admin."TenantSettings_" set body = body || '{"value": "false"}' where body->>'key'='ENABLE_CMSX' + ``` +2. In a web browser, go to https:///sap/rest-client?TENANTID=. + **NOTE**: Replace and with the FQDN of the SaaS farm and the tenant ID, respectively. +3. ![](attachments/686073918/686073898.png) +4. Select **POST** as the request method and click **Send**. +5. In the bo\_ats database, run the following SQL command: + ``` + UPDATE bo_db_user.tenant_entity set native_sacm_enabled='false' where id='' + ``` + + Replace with the actual tenant ID. +6. Restart platform offline pod to shutdown the websocket client. + +**(In SMAX version 24.2 and later where the offline ng pod is adopted by default, the following actions are also required to finish disabling Native SACM)** + +## Restart the offline NG pod + +Restart the pod to release the task listener: + +`kubectl rollout restart deployment itom-xruntime-platform-offline-ng -n $(kubectl get namespace |grep itsma | cut -f1 -d " ")` + +## Delete the Native SACM rabbitmq queue for for the tenant + +1. Enter the rabbitmq pod: + `kubectl exec infra-rabbitmq-0 -c itom-xruntime-rabbitmq -n $(kubectl get namespace |grep itsma | cut -f1 -d " ")` ` -it bash` +2. Check if the queues exist: + `rabbitmqctl list_queues --vhost xservices4|grep WorkerTask_CMSX|awk -F' ' '{print $1}' |grep ` +3. Delete the queues for the specified tenant: + `rabbitmqctl delete_queue WorkerTask_CMSXSystemElementQueue_ --vhost xservices4` + `rabbitmqctl delete_queue WorkerTask_CMSXServiceComponentQueue_  --vhost xservices4` + `rabbitmqctl delete_queue WorkerTask_CMSXDeviceQueue_ --vhost xservices4` + `rabbitmqctl delete_queue WorkerTask_CMSXActualServiceQueue_ --vhost xservices4` + +## Attachments: + +[image-2025-1-21\_14-13-22.png](attachments/686073918/686073898.png) (image/png) diff --git a/knowledgebase/csd-wiki/ICSD/Disable-the-gateway-service-log-for-farm-stabilization_686074613.md b/knowledgebase/csd-wiki/ICSD/Disable-the-gateway-service-log-for-farm-stabilization_686074613.md new file mode 100644 index 00000000..5b7b4378 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/Disable-the-gateway-service-log-for-farm-stabilization_686074613.md @@ -0,0 +1,36 @@ +# Disable-the-gateway-service-log-for-farm-stabilization_686074613 +## Introduction + +The farm is down due to high I/O activity on gateway workers. To work around this issue, disable the gateway log file. + +The scenario to be covered is platform high threads issue caused by too many log writes, it will not restart platform, it will cause the farm down as gateway will be hanging there due to pending threads. + +This is a farm-level task. + +## Required steps + +1. Create a patch file named **gateway-disable-log-patch.yaml** with the following content. + ``` + spec: + template: + spec: + containers: + - name: gateway + env: + - name: GATEWAY_LOG_LEVEL + value: 'OFF' + command: + - sh + - -c + - | + cat /opt/apache-tomcat/conf/server.xml + sed -i "s//OUTGOING_ITEM_COUNT}r \"\/> -->/" /opt/apache-tomcat/conf/server*.xml + ls /opt/apache-tomcat/conf + cat /opt/apache-tomcat/conf/server.xml + /entrypoint.sh + ``` +2. Apply the patch file on the bastion. + ``` + kubectl patch deployment -n itom-xruntime-gateway --patch-file gateway-disable-log-patch.yaml + ``` diff --git a/knowledgebase/csd-wiki/ICSD/Disable-the-platform-access-logs-and-most-of-service-logs-on-EU8-for-farm-stabilization_686074621.md b/knowledgebase/csd-wiki/ICSD/Disable-the-platform-access-logs-and-most-of-service-logs-on-EU8-for-farm-stabilization_686074621.md new file mode 100644 index 00000000..05e10526 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/Disable-the-platform-access-logs-and-most-of-service-logs-on-EU8-for-farm-stabilization_686074621.md @@ -0,0 +1,52 @@ +# Disable-the-platform-access-logs-and-most-of-service-logs-on-EU8-for-farm-stabilization_686074621 +## Introduction + +The farm is down due to high I/O activity. To work around this issue, disable the platform access and service logs on EU8. + +The scenario to be addressed involves a platform high thread issue caused by excessive log writes. This situation will not trigger a platform restart but has the potential to bring down the entire farm as the platform becomes unresponsive due to an accumulation of pending threads. +This is a farm-level task. + +It will keep the log level of the following packages as **INFO**: + +**com.hp.maas.platform.services.workflow** + +**com.hp.maas.platform.ems** + +**com.hp.maas.platform.services.notification** + +**com.hp.maas.platform.services.notificationhistory** + +**com.hp.maas.platform.services.mail** + +## Required steps + +1. Create a patch file named **platform-patch.yaml** with the following content. + ``` + spec: + template: + spec: + containers: + - name: itom-xruntime-platform + startupProbe: + periodSeconds: 30 + timeoutSeconds: 60 + failureThreshold: 60 + initialDelaySeconds: 120 + exec: + command: + - sh + - -c + - | + sed -i "5s/value=\"INFO\"/value=\"OFF\"/" /opt/apache-tomcat/webapps/platform-webapp/WEB-INF/classes/logback.xml && + sed -i "s//OUTGOING_ITEM_COUNT}r \"\/> -->/" /opt/apache-tomcat/conf/server*.xml && + sed -i "s///g" /opt/apache-tomcat/webapps/platform-webapp/WEB-INF/classes/sync/log-platform-base.xml && + sed -i "s///g" /opt/apache-tomcat/webapps/platform-webapp/WEB-INF/classes/sync/log-platform-base.xml && + sed -i "s///g" /opt/apache-tomcat/webapps/platform-webapp/WEB-INF/classes/sync/log-platform-base.xml && + sed -i "s///g" /opt/apache-tomcat/webapps/platform-webapp/WEB-INF/classes/sync/log-platform-base.xml && + sed -i "s///g" /opt/apache-tomcat/webapps/platform-webapp/WEB-INF/classes/sync/log-platform-base.xml + ``` +2. Apply the patch file on the control plane node. + `kubectl patch deploy itom-xruntime-platform -n --patch-file platform-patch.yaml` +3. (Optional) If you want to disable the logging file of the **platform-offline** pod, run this command: + `kubectl patch deploy itom-xruntime-platform-offline -n --patch-file platform-patch.yaml` diff --git a/knowledgebase/csd-wiki/ICSD/Disabling-new-rich-text-editor-if-it-is-already-enabled_708226541.md b/knowledgebase/csd-wiki/ICSD/Disabling-new-rich-text-editor-if-it-is-already-enabled_708226541.md new file mode 100644 index 00000000..6a082b2b --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/Disabling-new-rich-text-editor-if-it-is-already-enabled_708226541.md @@ -0,0 +1,27 @@ +# Disabling-new-rich-text-editor-if-it-is-already-enabled_708226541 +**Introduction** + +This topic describes how to disable new rich text editor if it is already enabled. This is applicable to 25.2 release. + +**Steps to be followed** + +1. Log in as a tenant admin, and in the same browser of the tenant, open a new tab and navigate to the rest client: https://{smax\_fqdn}/sap/rest-client?TENANTID={tenant\_id} +2. Set PUT mode for the rest call and enter common-settings/setting/ENABLE\_FROALA as the endpoint and use this as the payload to disable it: {"value":"false"} + +![](attachments/708226541/708226528.png) + +3\. Switch to GET mode for the same endpoint to verify the value set. + +![](attachments/708226541/708226529.png) + +**Note:** + +- If there are few changes already done using the new rich text editor, then moving back to classic might lead to few formatting issues for pre-existing data. +- This workaround is applicable to Japanese customer and the issue will be fixed with [https://kmviewer.saas.microfocus.com/#/OCTCR19XW2503055](https://kmviewer.saas.microfocus.com/#/OCTCR19XW2503055) and [https://kmviewer.saas.microfocus.com/#/OCTCR19XW2501549](https://kmviewer.saas.microfocus.com/#/OCTCR19XW2501549). + +## Attachments: + +[image-2025-6-19\_11-40-26.png](attachments/708226541/708226531.png) (image/png) +[image-2025-6-19\_11-40-26-1.png](attachments/708226541/708226533.png) (image/png) +[image-2025-6-19\_11-40-26.png](attachments/708226541/708226528.png) (image/png) +[image-2025-6-19\_11-40-26-1.png](attachments/708226541/708226529.png) (image/png) diff --git a/knowledgebase/csd-wiki/ICSD/Disaster-and-Recovery_686074258.md b/knowledgebase/csd-wiki/ICSD/Disaster-and-Recovery_686074258.md new file mode 100644 index 00000000..0eb1f690 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/Disaster-and-Recovery_686074258.md @@ -0,0 +1,2 @@ +# Disaster-and-Recovery_686074258 +Created by on Jan 21, 2025 EST diff --git a/knowledgebase/csd-wiki/ICSD/EKS-upgrade-from-version-1.29-to-1.30_709421239.md b/knowledgebase/csd-wiki/ICSD/EKS-upgrade-from-version-1.29-to-1.30_709421239.md new file mode 100644 index 00000000..ac8ce94e --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/EKS-upgrade-from-version-1.29-to-1.30_709421239.md @@ -0,0 +1,32 @@ +# EKS-upgrade-from-version-1.29-to-1.30_709421239 +1. Upgrade coredns,kube-proxy,aws-node add-ons before EKS upgrade. + + [https://docs.aws.amazon.com/eks/latest/userguide/managing-coredns.html](https://docs.aws.amazon.com/eks/latest/userguide/managing-coredns.html "https://docs.aws.amazon.com/eks/latest/userguide/managing-coredns.html") + [https://docs.aws.amazon.com/eks/latest/userguide/managing-vpc-cni.html](https://docs.aws.amazon.com/eks/latest/userguide/managing-vpc-cni.html "https://docs.aws.amazon.com/eks/latest/userguide/managing-vpc-cni.html") + [https://docs.aws.amazon.com/eks/latest/userguide/managing-kube-proxy.html](https://docs.aws.amazon.com/eks/latest/userguide/managing-kube-proxy.html "https://docs.aws.amazon.com/eks/latest/userguide/managing-kube-proxy.html") + + **If custom networking(non-routable CIDR) is enabled on this farm, please re-enable it after updating VPC CNI plugin.** + `kubectl set env daemonset aws-node -n kube-system AWS_VPC_K8S_CNI_CUSTOM_NETWORK_CFG=` `true` +2. Upgrade EKS Cluster from 1.30 to 1.31,you may refer to [How to upgrade EKS in SaaS](https://rndwiki.houston.softwaregrp.net/confluence/display/SMA/How+to+upgrade+EKS+in+SaaS) +3. Run attached script,it will automatically create New Worker nodes and add tags. + `nohup sh create-eks-worker.sh &` +4. Taint all the 1.30 worker nodes + `nodes=$(kubectl get nodes | grep -i v1.``30` `| awk ` `'{print $1}'``)` + `for` `node in $nodes` + `do` + `kubectl taint nodes ${node} podReScheduler=value:NoSchedule` + + `done` +5. Upgrade ESM 25.2.2 for OMT,SMAX,CMS,OOMT and Audit. +6. Check if there is any pods still on 1.30 worker nodes,if so,manually restart it. + `nodes=$(kubectl get nodes | grep -i v1.``30` `| awk ` `'{print $1}'``)` + `for` `node in $nodes` + `do` + `kubectl get po -o wide -A | grep -i $node | grep -v ` `'aws-node-\|kube-proxy-\|ebs-csi-node\|twistlock-defender\|itom-prometheus-node-exporter-\|itom-throttling-controller\|Completed'` `| awk ` `'{print $1,$2}'` + `done` + Or you can use attached script to rolling restart the pods by namespace + `Usage: ./rollingMigratePodsByNamespace.sh namespace1 namespace2 . .` + `nohup sh rollingMigratePodsByNamespace.sh audit core kube-system &` +7. **Terminate old 1.29 worker nodes** +8. After all old worknodes not displayed in the output of: kubectl get no, install qualys agents on the new worknodes, you can achieve this by copying the attached shell script to bastion and run it with(except for us24-prod): sh install\_qualys\_agent.sh **** +9. SSH to one of the new worknode, check the qualys is installed by typing: **service qualys-cloud-agent status** diff --git a/knowledgebase/csd-wiki/ICSD/EKS-upgrade-from-version-1.30-to-1.31_706832607.md b/knowledgebase/csd-wiki/ICSD/EKS-upgrade-from-version-1.30-to-1.31_706832607.md new file mode 100644 index 00000000..9f5a8a60 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/EKS-upgrade-from-version-1.30-to-1.31_706832607.md @@ -0,0 +1,148 @@ +# EKS-upgrade-from-version-1.30-to-1.31_706832607 +## Introduction + +This page describes the steps for upgrading the EKS cluster of ESM in SaaS environment, from version 1.30 to 1.31. + +Reference resources: [https://rndwiki.houston.softwaregrp.net/confluence/pages/viewpage.action?spaceKey=SMA&title=How%20to%20upgrade%20EKS%20in%20SaaS](https://rndwiki.houston.softwaregrp.net/confluence/pages/viewpage.action?spaceKey=SMA&title=How%20to%20upgrade%20EKS%20in%20SaaS) + +The process has 3 main parts: 1. Upgrading the add-ons; 2. Upgrading the EKS cluster; 3. Upgrading the EKS worker node groups. + +## 1\. Upgrading the add-ons + +The add-ons **coredns**, **vpc-cni** and **kube-proxy** need to be upgraded before driving the EKS upgrade. Here are the referenced instructions: +[https://docs.aws.amazon.com/eks/latest/userguide/managing-coredns.html](https://docs.aws.amazon.com/eks/latest/userguide/managing-coredns.html "https://docs.aws.amazon.com/eks/latest/userguide/managing-coredns.html") +[https://docs.aws.amazon.com/eks/latest/userguide/managing-vpc-cni.html](https://docs.aws.amazon.com/eks/latest/userguide/managing-vpc-cni.html "https://docs.aws.amazon.com/eks/latest/userguide/managing-vpc-cni.html") +[https://docs.aws.amazon.com/eks/latest/userguide/managing-kube-proxy.html](https://docs.aws.amazon.com/eks/latest/userguide/managing-kube-proxy.html "https://docs.aws.amazon.com/eks/latest/userguide/managing-kube-proxy.html") + +**1.1. Upgrading the *coredns* add-on** + +Open the subsequent referenced Amazon page: [https://docs.aws.amazon.com/eks/latest/userguide/coredns-add-on-self-managed-update.html](https://docs.aws.amazon.com/eks/latest/userguide/coredns-add-on-self-managed-update.html). +1.1.1 **Confirm**, in the bastion's cli, that you have the self-managed type of the add-on installed on your cluster. Replace my-cluster with the name of your cluster. +aws eks describe-addon --cluster-name my-cluster --addon-name coredns --query addon.addonVersion --output text +e.g. aws eks describe-addon --cluster-name us2-dev-eks-cluster --addon-name coredns --query addon.addonVersion --output text +If an error message is returned, you have the self-managed type of the add-on installed on your cluster. +1.1.2. **Check** the version of the container image that is currently installed on the cluster. +kubectl describe deployment coredns -n kube-system | grep Image | cut -d ":" -f 3 +1.1.3. **Check** the current CoreDNS image version: +kubectl describe deployment coredns -n kube-system | grep Image +1.1.4. Since the upgrade is made to CoreDNS v1.11.4-eksbuild.14, **add** the endpointslices permission to the system:coredns Kubernetes clusterrole. +kubectl edit clusterrole system:coredns -n kube-system +Add the following lines under the existing permissions lines in the rules section of the file. +\[...\] +\- apiGroups: +\- [discovery.k8s.io](http://discovery.k8s.io/) +resources: +\- endpointslices +verbs: +\- list +\- watch +\[...\] +1.1.5. **Update** the CoreDNS - replace just the region and the image version: +kubectl set image deployment.apps/coredns -n kube-system coredns= [602401143452.dkr.ecr.us-west-2.amazonaws.com/eks/coredns:v1.11.4-eksbuild.14](http://602401143452.dkr.ecr.us-west-2.amazonaws.com/eks/coredns:v1.11.4-eksbuild.14) +1.1.5. **Check** the pods in the kube-system namespace and the add-on version now installed: +kubectl get pods -n kube-system +kubectl describe deployment coredns -n kube-system | grep Image | cut -d ":" -f 3 + +**1.2. Upgrading the *vpc-cni* add-on** + +Open the subsequent referenced Amazon page: [https://docs.aws.amazon.com/eks/latest/userguide/vpc-add-on-self-managed-update.html](https://docs.aws.amazon.com/eks/latest/userguide/vpc-add-on-self-managed-update.html) +1.2.1. **Confirm** that the Amazon EKS type of the add-on is not installed on the cluster. Replace my-cluster with the name of your cluster. +aws eks describe-addon --cluster-name my-cluster --addon-name vpc-cni --query addon.addonVersion --output text +If an error message is returned, the Amazon EKS type of the add-on is not installed on the cluster. +e.g. aws eks describe-addon --cluster-name us2-dev-eks-cluster --addon-name vpc-cni --query addon.addonVersion --output text +1.2.2. **Check** the version of the container image that is currently installed on the cluster. +kubectl describe daemonset aws-node --namespace kube-system | grep amazon-k8s-cni: | cut -d: -f 3 +1.2.3. Navigate to /opt/25/2 and **backup** the current settings so to configure the same settings once the version is updated: +cd /opt/25.2/ +kubectl get daemonset aws-node -n kube-system -o yaml > aws-k8s-cni-old.yaml +cat aws-k8s-cni-old.yaml +1.2.4. **Check** the latest available version table on the page: [https://docs.aws.amazon.com/eks/latest/userguide/managing-vpc-cni.html#vpc-cni-latest-available-version](https://docs.aws.amazon.com/eks/latest/userguide/managing-vpc-cni.html#vpc-cni-latest-available-version) => v1.19.5-eksbuild.3 +1.2.5. Create a folder for the EKS upgrade and **download** the vpc-cni manifest file in it: +mkdir eks\_upgrade\_1.31 +cd eks\_upgrade\_1.31/ +curl -O [https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/v1.19.5/config/master/aws-k8s-cni.yaml](https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/v1.19.5/config/master/aws-k8s-cni.yaml) +1.2.6. **Apply** the modified manifest to the cluster: +kubectl apply -f aws-k8s-cni.yaml +1.2.7. **Check** the pods in the kube-system namespace and the add-on version now installed: +watch 'kubectl get pods -n kube-system ' +kubectl describe daemonset aws-node --namespace kube-system | grep amazon-k8s-cni: | cut -d: -f 3 +1.2.8. Since custom networking (non-routable CIDR) is enabled on this farm, **re-enable** it after updating VPC CNI plugin. +kubectl set env daemonset aws-node -n kube-system AWS\_VPC\_K8S\_CNI\_CUSTOM\_NETWORK\_CFG=true +and **check** again the pods: +watch 'kubectl get pods -n kube-system ' + +**1.3. Upgrading the *kube-proxy* add-on** + +Open the following in the AWS content tree page: [https://docs.aws.amazon.com/eks/latest/userguide/kube-proxy-add-on-self-managed-update.html](https://docs.aws.amazon.com/eks/latest/userguide/kube-proxy-add-on-self-managed-update.html) +1.3.1. **Check** that the self-managed type of the add-on is installed on the cluster. Replace my-cluster with the name of your cluster. +aws eks describe-addon --cluster-name my-cluster --addon-name kube-proxy --query addon.addonVersion --output text +e.g. aws eks describe-addon --cluster-name us2-dev-eks-cluster --addon-name kube-proxy --query addon.addonVersion --output text +If an error message is returned, then the self-managed type of the add-on is installed on your cluster. +1.3.2. **Check** the version of the container image that is currently installed on the cluster. +kubectl describe daemonset kube-proxy -n kube-system | grep Image +1.3.3. **Update** the kube-proxy add-on using the minimal version: +kubectl set image daemonset.apps/kube-proxy -n kube-system kube-proxy= [602401143452.dkr.ecr.us-west-2.amazonaws.com/eks/kube-proxy:v1.31.9-minimal-eksbuild.2](http://602401143452.dkr.ecr.us-west-2.amazonaws.com/eks/kube-proxy:v1.31.9-minimal-eksbuild.2) +1.3.4. **Check** that the new version is now installed on the cluster. +watch 'kubectl get pods -n kube-system' +kubectl get pods -n kube-system | grep kube-proxy +kubectl describe daemonset kube-proxy -n kube-system | grep Image | cut -d ":" -f 3 + +## 2\. Upgrading the EKS cluster + +Login AWS console, go to the EKS service, click "Update now" and choose the targeted version, 1.31 in this case. Click "Update" and wait until the upgrade is completed, 15~45 minutes. + +![](attachments/706832607/706832864.png) + +![](attachments/706832607/706832865.png) + +Once the EKS cluster is upgraded to the new version, upgrade the worker nodes to the new version accordingly. + +## 3\. Upgrading the EKS worker node groups + +Open the subsequent referenced Amazon page: [https://docs.aws.amazon.com/eks/latest/userguide/update-workers.html](https://docs.aws.amazon.com/eks/latest/userguide/update-workers.html) +3.1. **Create** a dedicated location on the Linux bastion for the EKS node groups upgrade +3.2. **Download** the scripts from this location: [https://rndwiki.houston.softwaregrp.net/confluence/pages/viewpageattachments.action?pageId=1309586390&metadataLink=true](https://rndwiki.houston.softwaregrp.net/confluence/pages/viewpageattachments.action?pageId=1309586390&metadataLink=true) +3.3. If the preparation of the new node groups is being done in a different day than the one when the node groups are being actually upgraded, make sure that new node groups are created with 0 desired size, by **commenting** the last line in the script: +\# aws eks update-nodegroup-config --cluster-name $eks\_name --nodegroup-name $old\_nodegroup\_name-workernodes-1-$eks\_version --scaling-config minSize=$min\_size,maxSize=$max\_size,desiredSize=$desired\_size 2>&1 >/dev/null +3.4. **Run** the creation node group creation script [create-eks-worker.sh](attachments/706832607/709421232.sh): +sh./create-eks-worker.sh +If the script is not formatted properly, use the below command to **format** it correctly and re-run the script: +dos2unix create-eks-worker.sh +3.5. If not all the labels are created on each node group, use the script [tag\_ASG.sh](attachments/706832607/709421233.sh) here to **tag** them: +sh./tag\_ASG.sh +3.6. If one node is overloaded with pods, **evaluate** the pods on a certain node: +kubectl taint nodes ${currentNodeName} podReScheduler=value:NoExecute +3.7. **Scale** up the new node group to the desired size +AWS UI > EKS > > Compute > > Edit > +3.8. **Taint** the old worker nodes by running the in-line script lines: +nodes=$(kubectl get nodes | grep -i v1.30 | awk '{print $1}') +for node in $nodes +do +kubectl taint nodes ${node} podReScheduler=value:NoSchedule +done +3.9. **Check** if there are any pods still on the previous version, e.g. 1.30, worker nodes, by running these in-line script lines: +nodes=$(kubectl get nodes | grep -i v1.30 | awk '{print $1}') +for node in $nodes +do +kubectl get po -o wide -A | grep -i $node | grep -v 'aws-node-\\|kube-proxy-\\|ebs-csi-node\\|twistlock-defender\\|itom-prometheus-node-exporter-\\|itom-throttling-controller\\|Completed' | awk '{print $1,$2}' +done +3.10. If there are pods running on 1.30, only on small namespaces like: audit, core, kube-system, cert-manager, velero, manually **restart** them with the script [rollingMigratePodsByNamespace.sh](attachments/706832607/709421199.sh): +./rollingMigratePodsByNamespace.sh .. +nohup sh rollingMigratePodsByNamespace.sh audit core kube-system & +e.g. +./rollingMigratePodsByNamespace.sh cert-manager kube-system monitoring velero +**Note:** It is not safe to run the script on big namespaces like itsma, core or monitoring. +3.11. Manually **restart** the pods on the itsma, core, monitoring namespaces: +kubectl delete pod itom-toolkit-6c5f5745b-cfzqx -n itsma-ohs8f +kubectl delete pod filebeat-drxl5 -n logging +kubectl delete pod suite-conf-pod-itsma-6854dd8f74-5c9dm -n core +3.12. **Check** again as on step #3.9 above. +3.13. Terminate and **delete** old version, e.g. 1.30, worker nodes. +AWS UI > EKS > > Compute > > Delete. +3.14. Once all the old worknodes are terminated, **install** the Qualys agents on the new worknodes, except for US24-PROD, by using the install\_qualys\_agent.sh script install\_qualys\_agent.sh: +sh install\_qualys\_agent.sh +e.g. sh install\_qualys\_agent.sh us6-prod +3.15. **SSH** to one of the new worknode, check that Qualys is installed by typing: service qualys-cloud-agent status +ssh -i worknodes.pem [ec2-user@ip-10-210-96-76.us-west-2.compute.intern](mailto:ec2-user@ip-10-210-96-76.us-west-2.compute.intern) al +service qualys-cloud-agent status +exit diff --git a/knowledgebase/csd-wiki/ICSD/ESM-25.1-Issue-List_689011325.md b/knowledgebase/csd-wiki/ICSD/ESM-25.1-Issue-List_689011325.md new file mode 100644 index 00000000..7357e578 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/ESM-25.1-Issue-List_689011325.md @@ -0,0 +1,9 @@ +# ESM-25.1-Issue-List_689011325 +## Hot Issues + +| No. | Product | Priority | Issue Title | PCS Reference | Customer Encountered (Y/N) | Customer Name | Regression (Y/N) | Defect | CPE Owner | Cloud Ops Owner | R&D Owner | Status/Comments | +| --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | +| 1. | SMAX | | Unable to access Agent UI - Context Filtering Error | Request 1454802, 1457845, 1452840, 1455119 Incident 1454828 | Y | US Steel (US6) Centra Health (US6) Seguros (US6) Envirosuite (AP10) | Y | OCTCR19XW2460218 | [Wenying Zhu](https://confluence.opentext.com/display/~wzhu3) | [Sunny Xia](https://confluence.opentext.com/display/~sxia2) | [Xiaoning Li](https://confluence.opentext.com/display/~xli7) | - SAML users with Upn/login name capitalization differing in the Person record vs BO/IDM cannot access agent UI - Regression introduced by the Pendo support feature - Feb 10: Hotfix deployed on EU3/US7/US2/US6/AP10/US24/CA16/US26 | +| 2. | SMAX | HIGH | Unable to create new contacts | Request 1454868, 1461969 Incident 1455854 | Y | Catholic Education Parramatta (AP10) Estafeta (US6) | Y | OCTCR19XW2462519 | [Pooja B](https://confluence.opentext.com/display/~poojab) | | @Quanguo Yang | - When trying to create a contact record from Person grid, nothing happens - Feb 11: Workaround provided: explicitly assign (Role-View, Authorization Principal Resource-Create) to user | +| 3 | SMAX | HIGH | The Date/time of response submission format of the survey report is wrong | Request 1478318, Incident 1478567 | Y | Terpel (US6) | Y | | [Laurent Juvigny](https://confluence.opentext.com/display/~ljuvigny) | | | - When exporting the survey data, the date format contains "Uhr UTC" - Feb 17: reproduced on upgraded farms. | +| 4 | SMAX | HIGH | Endless loop detection of integration studio has some issues and does not work | | ?? | | Y | OCTCR19XW2465259 | [Ming-Yan Li](https://confluence.opentext.com/display/~mli3) | | @Ding-Jun Chen | - Can have a significant impact on farm resource utilization, if scenarios don't have the relevant safety checks in place - Feb 20: Preparing hotfix to deploy with 25.1.1 farm upgrade on Dec 23 + another hotfix on 25.1.0 for already upgraded farms. | diff --git a/knowledgebase/csd-wiki/ICSD/ESM-25.2-Issue-List_696536531.md b/knowledgebase/csd-wiki/ICSD/ESM-25.2-Issue-List_696536531.md new file mode 100644 index 00000000..df22d455 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/ESM-25.2-Issue-List_696536531.md @@ -0,0 +1,19 @@ +# ESM-25.2-Issue-List_696536531 +## 1.1. Hot Issues + +| No. | Product | Priority | Issue Title | PCS Reference | Customer Encountered (Y/N) | Customer Name | Regression (Y/N) | Defect | CPE Owner | Cloud Ops Owner | R&D Owner | Status/Comments | +| --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | +| 1. | SMAX | MEDIUM | Multiple occurrences of "internal key" display rather than multi-lingual label | Request 1601106 Incident 1601397 | Y | Achmea (EU3) PCS (US2) | Y (if previously reported issue was supposed to be fixed) | OCTCR19XW2495434 | Steve Hirschfeld | | Ramesh Mandala | - Not a new behavior, observed in previous releases but was supposed to be fixed (OCTCR19M2135574) with logic to invalidate the cache during an upgrade. - Observed on lists (Achmea), Request "Accept" phase (PCS), new CSM-related fields in Request (PCS) - Workaround: use incognito, will eventually disappear on its own after a few days. Supposed to also work if clear cache - User impact, individual users may not know how to address it and can trigger increase ticket load on the customer admin team. | +| 2. | UCMDB | HIGH | Not able to "Edit" integrations in Integration Studio | Request 1641808 Incident OCTIM19XW2496420 | Y | OT Corp IT (US24) Salesforce (US26) | Y | OCTCR19XW2495657 | Brad Baughman | | Bianca Voina | - 12MAY25 - UPDATE - Defect found with new 25.2 adapters not handling filters used by API calls resulting in 500 ERROR. - Edit & Create actions not working in UCMDB UI Integration Studio after upgrading Probes and deploying CP 25.2. - NOTE – Edit & Create worked after UCMDB upgrade to 25.2 but stopped after Probe and CP upgrades to 25.2 - Fix released in 25.2.1 | +| 3 | SMAX | HIGH | Not able to save a new field when given a "reference to" | Request 1668974 Incident 1671526 | Y | OpenText IT (US24) | Y | OCTCR19XW2495601 | Mei Chen | | Vijay Kumar | - Regression, we added a validation to the workflow by mistake, which caused the problem: if a hidden field is referenced in the workflow, then the configuration can't be saved until we remove the related rules or uncheck the hidden attributes. - Fixed in 25.2.2 | +| 4 | SMAX | HIGH | Microsoft365EmailIntegration - Endpoint Token Expiry Issue after product release 25.2 | Request 1647123 Incident 1651831 | Y | OpenText IT (US24) | ?? | OCTCR19XW2499311 | Carl Vankoughnett | | Shirisha Kandhagatla | - Newly added integration endpoints have token expiring after several hours - Fix planned for 25.3 | +| 5 | SMAX | HIGH | Unable to retrieve Survey Result Analytic table from Odata connection in PowerBI When trying to retrieve survey results in Survey, getting an error message | Request 1704060 Request 1704073 Request 1735086 Incident 1703985 | Y | Centra Health (US6) US Steel (US6) World Vision (AP10) | Y | OCTCR19XW2501653 | Carl Vankoughnett | | | - Confirmed regression - Hotfix request submitted - Applies to existing tenants, new field added in 25.2 for reporting SLA info but no upgrader added to support the modification for existing tenants | +| 6 | SMAX | MEDIUM | Japanese double-byte characters entered in the Description field cannot be saved when new rich text editor is enabled | [1710300 \| Request](https://us2-smax.saas.microfocus.com/saw/Request/1710300/general?TENANTID=488503157) | N | US7 Pre Sales | Y | OCTCR19XW2501549 | Ming-Yan Li | | Chhaya Singh | - Issue can only be reproduced when new rich-text editor is enabled in application settings - workaround is provided: To work around the isuse, you can add one new line in the end of rich text field such as Description field by clicking Enter in keyboard. | +| 7 | SMAX | | Portal users are unable to view details of requests via my requests and via approval screens | Request 1872021 Incident 1876677 | Y | Linde (EU18) | Y | OCTCR19XW2518492 | Alin Zirbo | | Ram Kiran Koka | - Caused by the number of ENTITY\_LINK fields on Request, due to the addition of CSM -related fields combined with customer using all custom fields - Reaches a PG limit on number of column in a query (32767) - Fixed in 25.2.2 HF4 and HF6 | +| 8 | SMAX | HIGH | SMAX offerings with audiences cannot be displayed/opened | Request 66328 (EU) Request 1883116 | Y | Evonik (EU28) TJSP (BR14) | Y | OCTCR19XW2520674 | Alin Zirbo | | Gowtham S | - The upgrader updating the EntitlementRuleDefinition table in 25.2 handles up to 250 records only - Workaround at DB level - Fixed in 25.2.2 HF7 | +| 9 | SMAX | HIGH | Strange behaviors with Integration Studio scenarios | Request 1882933 Request 1856402 Request 1894100 Request 1891258 | Y | Migros (EU8) BV (EU8) TJSP (BR14) OT IT (US24) | Y | OCTCR19XW2519775 | Carl Vankoughnett Waleed Mohamed | | Mohit Joshi | - Caused by caching of the integration user used across various Integration Studio scenarios | +| 10 | SMAX | MEDIUM | Unable to use the "Export to PDF" function | Request 1883526 | Y | Linde (EU18) | Y | OCTCR19XW2519775 | Brindusa | | Gowtham S | - Caused by the number of ENTITY\_LINK fields on Request, due to the addition of CSM -related fields combined with customer using all custom fields - Reaches a PG limit on number of column in a query (32767) - Fixed in 25.2.2 HF7 | +| 11 | SMAX | HIGH | Unable to navigate to the next page in the Package module | Request1882270 Request 1882265 | Y | | Y | OCTCR19XW2518615 | Sabithra | | Chhaya Singh | - Regression - If all the modules are selected, the 'Next' button is hidden. However, it may become visible when you zoom out the page - Fixed in 25.4 | +| 12. | SMAX | HIGH | 'Suggested Solutions' and 'Possibly Related Requests' Buttons Overlapping with 'Solution' Field on Incident Record | Request 1913843 | Y | | Y | OCTCR19XW2522185 | Sabithra | | Chhaya Singh | - Regression - Caused by new rich text editor - When we press the "Suggested solutions " button on an incident record, it overlap with the "Solution" field, making them unusable. Also, We can't select the "X" button on the right, so we can't go back. | +| 13. | SMAX | MEDIUM | Switching the menu clears changes in previous menu | Request 1892798 | Y | | Y | OCTCR19XW2518919 | Sabithra | | Chhaya singh | - Regression - when in a request we make changes for example under the "general" tab,switch to the involved ci's and add one,then save. The changes made under general do not get saved. - Fixed in 25.4 | +| 14. | SMAX | MEDIUM | Self service portal users get an error message when they press the buttons 'Join Discussion' and 'View request' in the email notification | Request 1919136 Request 1913762 Incident 1917928 | Y | | Y | OCTCR19XW2526048 | Sabithra | | Chhaya singh | - Regression - Self service portal users get an error message when they press the buttons 'Join Discussion' and 'View request' in the email notification - It is working as expected in version 25.1. - Fixed in 25.4 | diff --git a/knowledgebase/csd-wiki/ICSD/ESM-Cloud-Customer-Exit-Process_686070016.md b/knowledgebase/csd-wiki/ICSD/ESM-Cloud-Customer-Exit-Process_686070016.md new file mode 100644 index 00000000..ad3bb70c --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/ESM-Cloud-Customer-Exit-Process_686070016.md @@ -0,0 +1,61 @@ +# ESM-Cloud-Customer-Exit-Process_686070016 +## Introduction + +When a SaaS customer decides to leave, it's crucial to handle the transition smoothly and professionally to ensure a positive experience, which can impact future business opportunities and the company’s reputation. This document describes the main processes and actions regarding customer exits. + +## Service Description about Service Decomission + +Service Decommissioning +Upon expiration or termination of the SaaS Order Term, Micro Focus may disable all Customer access to +SaaS, and Customer shall promptly return to Micro Focus (or at Micro Focus’s request destroy) any +Micro Focus materials. +Micro Focus will make available to Customer any SaaS Data in Micro Focus’ possession in the format +generally provided by Micro Focus. The target timeframe is set forth below in Termination Data +Retrieval Period SLO. After such time, Micro Focus shall have no obligation to maintain or provide any +such data, which will be deleted in the ordinary course. + +### Communication and Coordination + +- **Notify Relevant Teams**: Inform all relevant internal teams (support, billing, account management, cloud service etc.) about the customer's decision. +- **Designate a Point of Contact**: Assign a single point of contact to manage the transition and ensure all queries are addressed promptly. Usually it's the CSM. + +### Data Management + +- **Data Backup and Export**: Ensure the customer can export their data easily. Provide assistance if necessary. +- **Data Deletion**: Plan for secure deletion of the customer’s data from your servers after a certain period, in compliance with data protection regulations and your data retention policy. +- **Data Access Period**: Provide a clear timeline for how long their data will remain accessible after service termination. + +### Security and Compliance + +- **Revoke Access**: Ensure all user accounts associated with the customer are disabled and access to the system is revoked. +- **Compliance Check**: Ensure that the termination process complies with all relevant legal and regulatory requirements, such as GDPR or CCPA. + +## Detailed Steps for customer exit + +### Customer to submit service request to trigger customer exit project + +The customer needs to submit a service request in PCS to start the customer exit process. All related communication will be still handled in PCS until all the tasks are done and close the user account in PCS. + +- In the request, the customer needs to clarify the following specific needs: + Whether they wish to export existing ESM/SMAX transaction data? + What's the expected date customer want all tenant data to be emptied out completely? + What's the exact date Opentext to commit all relevant date (including backup data) will be cleaned out completely? + What's the exact data to close PCS support channel? + +### Assist with data export + +- What’s the suggestion to customer to export data? + - SMAX + - SMAX Offer customer to use OData export to export data + - Cloud Ops team can help to use existing OOTB OData export script to export SMAX transaction data per tenant + - CMS/HCMX/OO + - Not support by now + - PCS data + - No Support by now + +### Plan data deletion + +- Notification to customer to notify when we will terminate the tenant and delete all data + - Cloud Ops will handle such notification from PCS. +- Scope of data deletion +- Data retention- farm level data retention is only 7 days. After 7 days customer data will permanently removed from Cloud environment diff --git a/knowledgebase/csd-wiki/ICSD/ESM-Cloud-Disaster-and-Recovery-Guide_686087723.md b/knowledgebase/csd-wiki/ICSD/ESM-Cloud-Disaster-and-Recovery-Guide_686087723.md new file mode 100644 index 00000000..41d029e0 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/ESM-Cloud-Disaster-and-Recovery-Guide_686087723.md @@ -0,0 +1,255 @@ +# ESM-Cloud-Disaster-and-Recovery-Guide_686087723 +## Introduction + +The guide based on the latest ESM disaster and recovery solution, backing up data from source farm and restoring it to a new target farm + +Which means you will discard current farm and restore on it on the new farm(cross AWS account, cross region). + +## Backup all the data from the source farm + +- Backup Data + - Backup efs server for cms, smax, oomt, prometheus + - Backup RDS server for cms, smax, oomt, audit service + - Backup vertica db if CGRO is enabled in the source farm(optional) + - Backup all the k8s configuration files using velero + - Backup all cert files in **target** farm(smax, cdf, cms, oomt, audit) - /mnt/efs/var/vols/itom/itsma/global-volume/certificate/ +- Transfer Data + - Transfer all the snapshots to target farm(maybe takes time, depends on the size of data) +- Push all images + - Push all images to target farm + - To make sure data is consistent, the creation time for all the backups should not be too far way, better to sit within 2 hours. +- Tips + - Using backup vault to transer efs backups. + - Copy and share rds snapshots with **customer key** + - Refer to the link: How to share an RDS snapshot + +## Prepare new EKS cluster in the new target farm + +- Shutdown the farm that is running in target farm(optional, if available ip is enough you can skip it) +- Build new vpc & subnet from CloudFormation(Make sure you are **not** using **saml** login into AWS console, instead you should login with your or service account) - in this case, we don't do this but just reuse the existing resources +- Build new EKS cluster from CloudFormation(**add or update tag for 3 private subnets**: [kubernetes.io/cluster/ ** =shared](http://kubernetes.io/cluster/); [kubernetes.io/role/internal-elb=1](http://kubernetes.io/role/internal-elb=1)) +- Build new EKS worker nodes: smax, cms, oomt, prometheus(NodeInstanceRole: value from Outputs tab when you create EKS cluster) +- Check the node groups are exactly the same as source farm(instance type, instance number, kubernetes labels) +- Build new EKS bastion(kubectl get nodes returns the correct output) +- Security group inbound rule check(Add sg of bastion server to EKS control panel SG inbound rule; Add EKS control panel SG to new EFS SG inbound rule) + +Refer to the link: [https://docs.microfocus.com/doc/SMAX/23.4/TasksOnAWS](https://docs.microfocus.com/doc/SMAX/23.4/TasksOnAWS) + +## Setting up velero + +- Download velero binary and copy into $PATH(wget [https://github.com/vmware-tanzu/velero/releases/download/v1.4.2/velero-v1.4.2-linux-amd64.tar.gz](https://github.com/vmware-tanzu/velero/releases/download/v1.4.2/velero-v1.4.2-linux-amd64.tar.gz) && tar -zxvf velero-v1.4.2-linux-amd64.tar.gz && cd velero-\* && chmod a+x velero && mv velero /usr/local/bin/) +- Create bucket in S3 for velero +- Setup velero deployment(velero install --provider aws --plugins velero/velero-plugin-for-aws:v1.1.0 --bucket $BUCKET --backup-location-config region=$REGION --snapshot-location-config region=$REGION --secret-file./credentials-velero +- Check velero functions by running: velero backup create test1 + +Refer to the link to install velero: [https://github.com/vmware-tanzu/velero-plugin-for-aws](https://github.com/vmware-tanzu/velero-plugin-for-aws) + +You can also refer to the link to config velero backups automatically: [https://github.houston.softwaregrp.net/smax-saas-ops/saas-devops-tools/blob/master/velero\_backup.sh](https://github.houston.softwaregrp.net/smax-saas-ops/saas-devops-tools/blob/master/velero_backup.sh) + +Velero should be installed on both source farm and target farm, in saas farm we have setup one user for DR in each farm, please install velero using that account + +## Restore infra in target farm + +- Restore new smax rds server from snapshot - pay attention to the RDS type, storage type & size +- Restore new cms rds server from snapshot +- Restore new oomt rds server from snapshot(if has) +- Restore new audit rds server from snapshot(if has) +- Restore vetical db for CGRO(optional, if CGRO is enabled in the farm) +- Restore new smax efs server from snapshot(you should **Add mount target** after restore so that IPs will be assigned, same for cms & prometheus efs servers) - T **ime consume task** +- Restore new cms efs server from snapshot +- Restore new oomt efs server from snapshot +- Restore new prometheus efs server from snapshot(optional, if you care about promehteus data) + +To save time, these tasks in the section can be done **parallely** + +## Update K8S resources + +- Download current CDF installtion bundel in new bastion and run:./install --capabilities Tools=true,Monitoring=false,LogCollection=false,DeploymentManagement=false,ClusterManagement=false +- Download velero backups and shell script, which is used to batch update the parameters in K8S resources(put shell script under the directory of **backups** so that we have **9** files in total) +- Replace all images from velero backups, e.g.: sh replaceVeleroConf.sh " [*551360491748*.dkr.ecr.*us-west-2*.amazonaws.com](http://551360491748.dkr.ecr.us-west-2.amazonaws.com/) \\/ *hpeswitom* " " [*551360491750*.dkr.ecr.*us-west-1*.amazonaws.com](http://551360491750.dkr.ecr.us-west-2.amazonaws.com/) \\/ *hpeswitomsandbox* " false +- Replace aws account(if changed): sh replaceVeleroConf.sh *source\_aws\_account* *target\_aws\_account* false +- Replace region(if changed): sh replaceVeleroConf.sh *us-west-2* *us-west-1* false +- Replace org name(if changed): sh replaceVeleroConf.sh "\\" *hpeswitom* \\"" "\\" *hpeswitomsandbox* \\"" false +- Replace fqdn(if changed): sh replaceVeleroConf.sh " *[us2-smax.saas.microfocus.com](http://us2-smax.saas.microfocus.com/)* " " *[us2-smax-testing.saas.microfocus.com](http://us2-smax-testing.saas.microfocus.com/)* " false - use change fqdn script is another appraoch. take care of the certificate and saml +- Replace efs server from velero backups(if you are restoring on the same farm and restoring to the same efs, you can skip this step since efs server endpoints never changed) + +``` +sh replaceVeleroConf.sh source_smax_efs target_smax_efs false +sh replaceVeleroConf.sh source_cms_efs target_cms_efs false +sh replaceVeleroConf.sh source_oomt_efs target_oomt_efs false +sh replaceVeleroConf.sh source_prometheus_efs target_prometheus_efs false +``` + +- Replace vertica server from velero backups(optional) - sh replaceVeleroConf.sh *source\_vertica\_ip* *target\_vertica\_ip* false (if you are restoring on the same farm, you can skip this step if vertica ip not changed) +- Replace rds server from velero backups(if you are restoring on the same farm, you can skip this step if rds endpoints not changed) + +``` +sh replaceVeleroConf.sh source_smax_rds target_smax_rds false +sh replaceVeleroConf.sh source_cms_rds target_cms_rds false +sh replaceVeleroConf.sh source_oomt_rds target_oomt_rds false +sh replaceVeleroConf.sh source_audit_rds target_audit_rds true +``` + +- Upload the updated backup files to target S3 bucket(rm -rf replaceVeleroConf.sh && cd.. && aws s3 cp --recursive *backup\_Name* / s3://target\_bucket/backups/backup\_Name/) +- Check you have get the correct backups(velero backup get - should return the backup from source farm now) + +## Perform restore in target farm + +- Disable smtp in target farm(optional) - doing this by adding outbound rule for Network ACLs(id:99 Port 25, Deny all) +- Mount new efs server for smax, cms, oomt, prometheus in new bastion(mount -t nfs4 -o nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2 *:/* */mnt/efs*) - You can skip this step if efs endpoints not changed +- Also add efs in /etc/fstab, otherwise mount point lost after a VM restart - You can skip this step if efs endpoints not changed +- Delete pv in case pv is already created +- Delete ns of itsma- *xxxxx*, cms, core, oomt, audit, prometheus if the namespaces is still there +- Perform full restore: velero restore create --from-backup --wait +- Only restore one namespace(optional): velero restore create --from-backup --wait --include-namespaces= *cms* +- Update credentials of itom-vault container in case the pod can not up + +PASSPHRASE=$(kubectl get secret vault-passphrase -n core -o json 2>/dev/null | jq -r '.data.passphrase') +VAULT\_CREDENTIAL\_SECRET=$(kubectl get secret vault-credential -n core -o json 2>/dev/null ) +ENCRYPTED\_ROOT\_TOKEN=$(echo ${VAULT\_CREDENTIAL\_SECRET} | jq -r '.data."root.token"') +VAULT\_TOKEN=$(echo ${ENCRYPTED\_ROOT\_TOKEN} | openssl aes-256-cbc -md sha256 -a -d -pass pass:"${PASSPHRASE}") +echo ${VAULT\_TOKEN} + +kubectl exec -it $(kubectl get pod -ncore -ocustom-columns=NAME:.[metadata.name](http://metadata.name/) |grep itom-vault| head -1) -ncore -- bash +export VAULT\_ADDR= [https://itom-vault.core:8200](https://itom-vault.core:8200/) +export VAULT\_TOKEN= +vault write -tls-skip-verify auth/kubernetes/config kubernetes\_host=" [https://kubernetes.default](https://kubernetes.default/) " kubernetes\_ca\_cert=@/var/run/secrets/ [kubernetes.io/serviceaccount/ca.crt](http://kubernetes.io/serviceaccount/ca.crt) + +- Helm upgrade apphub for cdf - All helm releases should update, this includes core, cms and maybe oomt in the future + +/root/cdf/bin/helm get values apphub -n core > apphub.yaml +update apphub.yaml with new values(dburl, host,registry,orgName,externalAccessHost) +/root/cdf/bin/helm upgrade apphub /root/cdf/charts/apphub-1.20.0+20211100.219.tgz -f apphub.yaml -n core + +- Helm upgrade cms releases - update smax.crt,database.host,smax.host,orgName,registry,externalAccessHost,idmAuthUrl,idmServiceUrl(pay attention to host and idmServiceUrl, we have different values between saas farms) +- Helm upgrade apphub for prometheus - update orgName,registry,externalAccessHost +- Helm upgrade oomt releases(optional, if you have enabled oomt) +- Helm upgrade audit service releases(optional, if you have enabled audit service) +- Wait until all the pods are up(kubectl get pod --all-namespaces|grep -vE '1/1|2/2|3/3|4/4|Completed') +- There is a known issue if smax transformed to helm, you will have to do the **helm upgrade** for itsma since most DND pods are waiting for the jobs +- Sometimes dnd-upgrade-jobs failed, just deleted the pods and related pods that are in Init states + +## Certificates + +- Update SMAX cert by:./replaceExternalAccessHost.sh -c ** -k ** -t ** -n ** +- Update CMS and SAM cert by: + +Get current cms cert from **source** farm: + +``` +helm ls -n cms && helm get values cms-release -n cms > /tmp/cms.yaml +``` + + +Put cms cert files under the directory of: /mnt/efs/var/vols/itom/itsma/global-volume/certificate/source/, the cert files will be imported automatically(make sure 1999:1999 is set) +Restart platfrom and platform-offline pods + +- You can also update cert files for DND and OO: [https://docs.microfocus.com/doc/SMAX/23.4/SMAXChangeFQDN](https://docs.microfocus.com/doc/SMAX/23.4/SMAXChangeFQDN) +- Update cert files for OOMT if OOMT is enabled +- Update cert files for Audit service if audit is enabled + +## Application load balancer + +- Configure Load balancer for smax - refer to: [https://docs.microfocus.com/doc/SMAX/23.4/EKSDeploySuite](https://docs.microfocus.com/doc/SMAX/23.4/EKSDeploySuite) +- Configure Load balancer for management portal: 5443 +- Configure Load balancer for prometheus(optional) +- Rebuild ALB controller in kube-system(delete the deployment of aws-load-balancer-controller, under the namespace of kube-system, and recreate it, pay attention to the values of cluster-name, region) +- Delete and rebuild 3 ingress for cms - Please be noted that ALB name will be changed +- Delete and rebuild 3 ingress for oomt(optional) +- Delete and rebuild 3 ingress for audit(optional) +- Bind DNS records in Route53 for smax, cms, oomt and audit service + +You can config ALB controller following the guide: [https://docs.aws.amazon.com/eks/latest/userguide/aws-load-balancer-controller.html](https://docs.aws.amazon.com/eks/latest/userguide/aws-load-balancer-controller.html) + +Also note that all nodePort will be changed, register ALB with new nodePort, so that we will have healthy status + +And the ALB for cms also changed(append random string to DNS name, so you have to update route53 with correct values) + +## Manual updates after restore + +- Sensitive data update, depends on your business(update smtp server, update integration password, delete some customer tenants, update bo password for some tenant) +- Update CMS integration url in BO page(Select tenant → Application settings → Configuration Management settings, update CMS gateway service) +- Update SAM integration url in BO page(Select tenant → Capability settings → Software Asset Management, update CMS gateway url) +- Update DND integration url in Agent portal(Open tenant agent page → Administration → Providers → Aggregation providers) +- Update csa\_access\_point in DB(e.g. update dnd\_ *339803511*.csa\_access\_point set uri=' *[https://us2-smax-testing.saas.microfocus.com/339803511/oo](https://us2-smax-testing.saas.microfocus.com/339803511/oo)* ' where uuid=' *8a50b56d7406291f01740629c9f9013a* ';) +- Update OOMT Integration URL in BO page(Select tenant → Capability settings, update OO integration URL and OO login URL) +- Update OPB agent and endpoints in Agent portal +- Update topology in OO Deployment Operations(ras server has to be reconfigured) +- Update settings in prometheus and granfa - Optional + +Update cm of itom-granfa(append below values to data.grafana.ini.root\_url) +root\_url = [https://us2-smax-testing.saas.microfocus.com/grafana](https://us2-smax-testing.saas.microfocus.com:9000/grafana) +\[smtp\] +enabled = true +host = *[email-smtp.us-west-2.amazonaws.com](http://email-smtp.us-west-2.amazonaws.com/)*:25 +user = *aws\_access\_key\_id* +password = *aws\_secret\_access\_key* +skip\_verify = true +from\_address = *[sma\_noreply@microfocus.com](mailto:sma_noreply@microfocus.com)* +from\_name = *US2Dev\_Grafana* +\[rendering\] +server\_url = [http://bitnami-grafana-image-renderer:8080/render](http://bitnami-grafana-image-renderer:8080/render) +callback\_url = [https://itom-grafana:80/](https://itom-grafana:80/) + + +**Restart pod of** **itom-grafana-xxxxx** +Open granfa and update the user of datasource, make sure you are using correct key in the right farm + +- Update yamls\_outputs in SMAX efs server(better to change all yaml files to readonly) +- Please note we have different **cms integration url for different farm**: e.g. [https://int.cms.fqdn:445/cms-gateway](https://int.cms.fqdn:445/cms-gateway) in us2-dev and [https://int.fqdn:445/cms-gateway](https://int.fqdn:445/cms-gateway) in us2-prod + +We have updated yamls for currently deployments, but values are still not changed in /mnt/efs/var/vols/itom/itsma/global-volume/yamls\_output/, so if we execute the command: + +``` +kubectl delete -f xxxx.deployment.yaml & kubectl create -f xxxx.deployment.yaml +``` + +, pods can not up + +## Validation + +- Source farm not impacted +- Disable or enable smtp in restored farm(optional, depends on your business) +- Check the status of all the pods +- Smax testing in restored farm(bo, ess page, agent page, idol search) +- DND integration testing, try to execute one OO flow +- CMS integration testing, try to open jmx-console, ucmdb-browser, and CI sync with smax +- CGRO integration testing - Optional +- Audit Service testing - Optional +- Premetheus testing - All data is shown correctly in granfa, alertmanager works + +## Issues you may meet + +- kubectl get svc return none due to Fedrate login +- pv not bound while restoring eks farm(add sg of EKS control panel to efs inbound rule) +- cms can not up(only restore cms from velero backups solves it) +- smartA pods failed to start up due to some files are not copyed from source farm(take smarta-saw-con for example, but you may meet other) + +``` +kubectl scale sts smarta-saw-con --replicas=0 -n itsma-xxxxx +delete all files under the directory of: /mnt/efs/var/vols/itom/itsma/itsma-smarta-saw-con-0/smarta-saw-con-0/data +kubectl scale sts smarta-saw-con --replicas=2 -n itsma-xxxxx +``` + +- pods not up due to image not pushed to ECR(minor version difference between source & target farm) +- ingress not created(reconfig ALB controller in kube-system) +- Integration not work between cms & smax (manually update integration url in bo) +- Integration not work between oo & smax (manually update integration url in agent & db) +- Grafana alerts are sent as us2-prod but actually are from us2-dev(reconfig grafana) +- SAML login not works(till now) +- CMS integration not works due to different gateway url format(int.**cms**.fqdn in us2-dev but int.fqdn in us2-prod) +- Not all rabbitmq nodes are added into cluster, in my case only infra-rabbitmq-0 is there + +kubectl scale sts infra-rabbitmq -n *itsma-ohs8f* --replicas=1 +delete all files under the directory of /mnt/efs/var/vols/itom/itsma/ *rabbitmq-infra-rabbitmq-1(2)* /data/xservices/rabbitmq/ *3.7.1.14* /mnesia +kubectl scale sts infra-rabbitmq -n *itsma-ohs8f* --replicas=3 + +## Leftover + +- Not switched to spot instance yet +- Old EFS server still there(other resources in AWS should have been deleted) +- Backup plan should be changed to save cost +- Contents of yaml\_outputs in EFS server are from source farm, should be changed manually +- Some records in parameter store are not updated and there are many invalid record +- API call not stable according to wenjun(solved by infra rabbitmq) +- Saml login still failed diff --git a/knowledgebase/csd-wiki/ICSD/ESM-Cloud-Farm-Construction_688988187.md b/knowledgebase/csd-wiki/ICSD/ESM-Cloud-Farm-Construction_688988187.md new file mode 100644 index 00000000..0a034d41 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/ESM-Cloud-Farm-Construction_688988187.md @@ -0,0 +1,17 @@ +# ESM-Cloud-Farm-Construction_688988187 +1. [ITOM Cloud Service Delivery](index.html) +2. [ITOM Cloud Service Delivery](ITOM-Cloud-Service-Delivery_681555087.html) +3. [🔷Document Candidates](686065504.html) + +Created by, last modified by Wei Shen on Feb 08, 2025 EST + +- [AWS Infrastructure Naming Rules](AWS-Infrastructure-Naming-Rules_688988195.html) +- [Default key/value in Parameter Store](688988203.html) +- [FQDN Naming Convention](FQDN-Naming-Convention_688988212.html) +- [How to setup a new farm](How-to-setup-a-new-farm_688988216.html) +- [New Farm OPS Requirments](New-Farm-OPS-Requirments_688988220.html) +- [Operations Platform key/value in Parameter Store](688988228.html) + +Document generated by Confluence on Sep 15, 2025 22:28 EDT + +[Atlassian](https://www.atlassian.com/) diff --git a/knowledgebase/csd-wiki/ICSD/ESM-Cloud-Farm-Version-Tracking_684925423.md b/knowledgebase/csd-wiki/ICSD/ESM-Cloud-Farm-Version-Tracking_684925423.md new file mode 100644 index 00000000..734805a7 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/ESM-Cloud-Farm-Version-Tracking_684925423.md @@ -0,0 +1,40 @@ +# ESM-Cloud-Farm-Version-Tracking_684925423 +## ESM Cloud Farms + +| Farm | ###### SMAX/HCMX | ###### SMAX/HCMX ###### PATCH/HOTFIX | ###### UD/UCMDB | ###### UD/UCMDB ###### PATCH/HOTFIX | ###### OO | ###### OO ###### PATCH/HOTFIX | ###### AUDIT | ###### AUDIT ###### PATCH/HOTFIX | ###### AUTOMATION ###### CENTER | ###### OPERATIONPLATFORM | ###### OPERATIONPLATFORMPATCH/HOTFIX | ###### OMT | ###### FINOPS(Classic) | ###### EKS VERSION | +| --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | +| ###### US2-DEV | 25.3 | 25.3.2 | 25.3 | 25.3.2 | 25.3 | 25.3.2 | 25.3 | 25.3.2 | N/A | N/A | | N/A | N/A | 1.31 | +| ###### JP12-STG | 25.3 | 25.3.1 | 25.3 | 25.3.1 | 25.3 | 25.3.1 | 25.3 | 25.3.1 | N/A | N/A | N/A | 25.3.1 | N/A | 1.31 | +| ###### AP10-PROD | 25.3 | 25.3.1 | 25.3 | 25.3.1 | 25.3 | 25.3.1 | 25.3 | 25.3.1 | N/A | N/A | N/A | 25.3.1 | N/A | 1.31 | +| ###### BR14-PROD | 25.2 | 25.2.2 25.2.2 HF1 25.2.2 HF2 | 25.2 | 25.2.2.HF1 | 25.2 | 25.2.2 | 25.2 | 25.2.2 | N/A | N/A | N/A | 25.2.2 | N/A | 1.31 | +| ###### CA16-PROD | 25.3 | 25.3.1 | 25.3 | 25.3.1 | 25.3 | 25.3.1 | 25.3 | 25.3.1 | N/A | N/A | N/A | 25.3.1 | N/A | 1.31 | +| ###### EU3-PROD | 25.3.1 | 25.3 LP HF | 25.3 | 25.3.1 | 25.3 | 25.3.1 | 25.3 | 25.3.1 | 25.3.1 | 25.3 | 25.3.1 | 25.3.1 | ![(tick)](images/icons/emoticons/check.svg) | 1.31 | +| ###### EU8-PROD | 25.2 | 25.2.2 25.2.2 HF10 25.2 LP HF | 25.2 | 25.2.2.HF2 | 25.2 | 25.2.2 | 25.2 | 25.2.2 | N/A | N/A | N/A | 25.2.2 | N/A | 1.31 | +| ###### EU18-PROD | 25.2 | 25.2.2 25.2.2 HF1 25.2.2 HF2 25.2.2 HF10 25.2.2 HF14 | 25.2 | 25.2.2.HF1 | 25.2 | 25.2.2 | 25.2 | 25.2.2 | N/A | 25.2 | | 25.2 | ![(tick)](images/icons/emoticons/check.svg) | 1.31 | +| ###### EU28-PROD | 25.2 | 25.2.2 25.2.2 HF1 25.2.2 HF225.2.2 HF7 | 25.2 | 25.2.2.HF1 | 25.2 | 25.2.2 | 25.2 | 25.2.2 | N/A | N/A | N/A | N/A | N/A | 1.31 | +| ###### EU38-PROD | 25.3 | 25.3.1 | 25.3 | 25.3.1 | N/A | N/A | 25.3 | 25.3.1 | N/A | N/A | N/A | N/A | N/A | 1.31 | +| ###### JP12-PROD | 25.2 | 25.2.2 25.2.2 HF2 25.2.2 HF2 | 25.2 | 25.2.2.HF1 | 25.2 | 25.2.2 | 25.2 | 25.2.2 | N/A | N/A | N/A | 25.2 | N/A | 1.31 | +| ###### SA34-PROD | 25.3 | 25.3.1 | 25.3 | 25.3.1 | 25.3 | N25.3.1 | 25.3 | 25.3.1 | N/A | N/A | N/A | N/A | N/A | 1.31 | +| ###### US2-PROD | 25.2 | 25.2.2 25.2.2 HF1 25.2.2 HF2 | 25.2 | 25.2.2.HF1 | 25.2 | 25.2.2 | 25.2 | 25.2.2 | N/A | N/A | N/A | 25.2.2 | ![(tick)](images/icons/emoticons/check.svg) | 1.31 | +| ###### US6-PROD | 25.2 | 25.2.0.HF225.2.2 HF1 25.2.2.HF1 | 25.2 | 25.2.2.HF1 | 25.2 | 25.2.2 | 25.2 | 25.2.2 | N/A | N/A | N/A | 25.2.2 | N/A | 1.31 | +| ###### US7-PROD | 25.3 | 25.3.1 | 25.3 | 25.3.1 | 25.3 | 25.3.1 | 25.3 | 25.3.1 | | N/A | N/A | 25.3.1 | ![(tick)](images/icons/emoticons/check.svg) | 1.31 | +| ###### US24-PROD | 25.2 | 25.2.2 25.2.2 HF1 25.2.2 HF2 25.2.2 HF5 25.2.2 HF8 25.2.2 HF10 25.2.2 HF11 25.2.2 HF12 25.2.2 HF13 | 25.2 | 25.2.2.HF1 | 25.2 | 25.2.2 | 25.2 | 25.2.2 | 25.2 | 25.2 | N/A | 25.2.2 | ![(minus)](images/icons/emoticons/forbidden.svg) | 1.31 | +| ###### US26-PROD | 25.2 | 25.2.2 25.2.2 HF1 25.2.2 HF2 | 25.2 | 25.2.2.HF1 | N/A | N/A | 25.2 | 25.2.2 | N/A | N/A | N/A | 25.2.2 | N/A | 1.31 | + +## AIS Cloud Aviator Farms + +| Farm | ###### AVIATOR | ###### AVIATOR ###### PATCH/HOTFIX | ###### EKS VERSION | +| --- | --- | --- | --- | +| ###### US30-STG-ITOMAVIATOR | 25.3 | 25.3.2 | 1.31 | +| ###### EU30-PROD-ITOMAVIATOR | 25.3 | 25.3.1 25.3.1.HF1 | 1.31 | +| ###### EU32-PROD-ITOMAVIATOR | 25.3 | 25.3.0 | 1.31 | + +## DCA Cloud Farms + +| | ###### SERVICE TYPE | ###### ITOM DCA | ###### EKS VERSION | ###### STATUS | +| --- | --- | --- | --- | --- | +| ###### EU3-TRIAL-DCA | ~~DCA Premium~~ | 23.4 GA | 1.30 | | +| ###### EU4-STG-DCA | DCA Premium | 23.4 GA | | IN USE | +| ###### EU2-PROD-DCA | DCA Premium | 23.4 GA | | IN USE | +| ###### US8-STG-REPORTING | SA Reporting | 23.4 GA | | IN USE | +| ###### US6-PROD-REPORTING | SA Reporting | 23.4 GA | | IN USE | diff --git a/knowledgebase/csd-wiki/ICSD/ESM-Cloud-Incident-Tracking-List_686083932.md b/knowledgebase/csd-wiki/ICSD/ESM-Cloud-Incident-Tracking-List_686083932.md new file mode 100644 index 00000000..f9ae47bd --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/ESM-Cloud-Incident-Tracking-List_686083932.md @@ -0,0 +1,19 @@ +# ESM-Cloud-Incident-Tracking-List_686083932 +| Incident Date | Time (UTC) | Farm | Product | Version | Incident ID (PPM) | Incident ID (PCS) | CPE Owner | RnD RCA Owner | CS Incident Owner | @RCA Provided | +| --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | +| | 13:07 - 17.46 | BR14 | SMAX | 24.3.1.HF1 | | | [Scott Deyarmond](https://rndwiki.houston.softwaregrp.net/confluence/display/~scott.deyarmond@microfocus.com) | [De-Yong 'Chris' Tu](https://rndwiki.houston.softwaregrp.net/confluence/display/~deyong.tu@microfocus.com) | [Ling-yan Meng](https://rndwiki.houston.softwaregrp.net/confluence/display/~lingyan.meng@microfocus.com) | | +| | 10:59-11:09 | EU8 | CMS | 24.2.1 | 152451 | : | [Fang Liu](https://rndwiki.houston.softwaregrp.net/confluence/display/~fang.liu@microfocus.com) | | | | +| | 12:26-17:00 | Multiple Farms | | | 152372 Multi Customer Availability issues for ESM - CMS on Multiple Regions | | | [Ling-yan Meng](https://rndwiki.houston.softwaregrp.net/confluence/display/~lingyan.meng@microfocus.com) | [Wei Shen](https://rndwiki.houston.softwaregrp.net/confluence/display/~wei.shen2@microfocus.com) | | +| 17 Jun 2024 | | EU8 | CMS | 24.2.1 | 152066 - Multi customer availability issue for SMAX EU8 CMS Major Functionality in AWS Frankfurt | | | | | [Xiaofang 'Monica' Huang](https://rndwiki.houston.softwaregrp.net/confluence/display/~xiaofang.huang@microfocus.com) | +| 16 Jun 2024 | | EU8 | CMS | 24.2.1 | 152029 - Multi Customer Major Functionality issues for SMAX EU8 CMS in AWS Frankfurt | | | [Jun-Wu 'Thomas' Pan](https://rndwiki.houston.softwaregrp.net/confluence/display/~jun-wu.pan@microfocus.com) | [Ling-yan Meng](https://rndwiki.houston.softwaregrp.net/confluence/display/~lingyan.meng@microfocus.com) | [Xiaofang 'Monica' Huang](https://rndwiki.houston.softwaregrp.net/confluence/display/~xiaofang.huang@microfocus.com) | +| 06 Jun 2024 | | EU8 | CMS | 24.2.1 | | | | | | | +| 04 Jun 2024 | | EU8 | CMS | 24.2.1 | | | | | | | +| 26 Apr 2024 | | EU8 | CMS | 23.4.P2 | 151606 - Multiple Customer Availability Issues for SMAX EU8 CMS in AWS Frankfurt | | | | | | +| 17 Apr 2024 | | EU8 | CMS | 23.4.P2 | \- Multiple Customer Availability Issues SMAX EU8 CMS Major Functionality APM in Frankfurt | PCS 700915 | [Fang Liu](https://rndwiki.houston.softwaregrp.net/confluence/display/~fang.liu@microfocus.com) | | [Sunny Xia](https://rndwiki.houston.softwaregrp.net/confluence/display/~sunny.xia@microfocus.com) | | +| 23 Mar 2024 | 3:00 - 3:30 | EU8 | CMS | 23.4.P2 | 151418 - Multi Customer Major Functionality Issues for SMAX EU8 in AWS Frankfurt | | [Wenying Zhu](https://rndwiki.houston.softwaregrp.net/confluence/display/~wenying.zhu@microfocus.com) | [Jun-Wu 'Thomas' Pan](https://rndwiki.houston.softwaregrp.net/confluence/display/~jun-wu.pan@microfocus.com) | [Yu Liu](https://rndwiki.houston.softwaregrp.net/confluence/display/~liu.yu@microfocus.com) | [Xiaofang 'Monica' Huang](https://rndwiki.houston.softwaregrp.net/confluence/display/~xiaofang.huang@microfocus.com) | +| 22 Mar 2024 | 10:30 - 10:36 | EU8 | CMS | 23.4.P2 | [151385 - Multiple Customer Availability Issues for SMAX EU8 in AWS Canada](https://essentials.saas.microfocus.com/itg/web/knta/crt/RequestDetail.jsp?REQUEST_ID=151385) | PCS 641280 | [Ling-yan Meng](https://rndwiki.houston.softwaregrp.net/confluence/display/~lingyan.meng@microfocus.com) | [Xiaofang 'Monica' Huang](https://rndwiki.houston.softwaregrp.net/confluence/display/~xiaofang.huang@microfocus.com) | [Ionut-Alexandru Bacalu](https://rndwiki.houston.softwaregrp.net/confluence/display/~ionut.bacalu@microfocus.com) | [Xiaofang 'Monica' Huang](https://rndwiki.houston.softwaregrp.net/confluence/display/~xiaofang.huang@microfocus.com) | +| 19 Feb 2024 | 12:00 - 12:50 | EU18 | SMAX | 23.4.P2 | [151140 - Multi Customer Availability issue for SMAX Major Functionality EU18 in Oregon](https://essentials.saas.microfocus.com/itg/web/knta/crt/RequestDetail.jsp?REQUEST_ID=151140) | [PCS 566815](https://us2-smax.saas.microfocus.com/saw/Incident/566815/general?TENANTID=488503157) | [Ling-yan Meng](https://rndwiki.houston.softwaregrp.net/confluence/display/~lingyan.meng@microfocus.com) | [De-Yong 'Chris' Tu](https://rndwiki.houston.softwaregrp.net/confluence/display/~deyong.tu@microfocus.com) | [Ionut-Alexandru Bacalu](https://rndwiki.houston.softwaregrp.net/confluence/display/~ionut.bacalu@microfocus.com) | [De-Yong 'Chris' Tu](https://rndwiki.houston.softwaregrp.net/confluence/display/~deyong.tu@microfocus.com) | +| 05 Jan 2024 | 13:30 - 13:43 | EU8 | SMAX | 23.4.P2 | [150723 - Multi Customer Availability issues for SMAX EU8 in Frankfurt](https://essentials.saas.microfocus.com/itg/web/knta/crt/RequestDetail.jsp?REQUEST_ID=150723) | [PCS 488691](https://us2-smax.saas.microfocus.com/saw/Incident/488691/general?TENANTID=488503157) | [Ling-yan Meng](https://rndwiki.houston.softwaregrp.net/confluence/display/~lingyan.meng@microfocus.com) | [De-Yong 'Chris' Tu](https://rndwiki.houston.softwaregrp.net/confluence/display/~deyong.tu@microfocus.com) | [Ionut-Alexandru Bacalu](https://rndwiki.houston.softwaregrp.net/confluence/display/~ionut.bacalu@microfocus.com) | [De-Yong 'Chris' Tu](https://rndwiki.houston.softwaregrp.net/confluence/display/~deyong.tu@microfocus.com) | +| 05 Dec 2023 | 17:40 - 17:53 | EU8 | CMS | 23.4.P1 | [150487 - Multi Customer Major Functionality issues for SMAX EU8 CMS in Frankfurt](https://essentials.saas.microfocus.com/itg/web/knta/crt/RequestDetail.jsp?REQUEST_ID=150487) | [PCS 438686](https://us2-smax.saas.microfocus.com/saw/Incident/438686/general?TENANTID=488503157) | [Fang Liu](https://rndwiki.houston.softwaregrp.net/confluence/display/~fang.liu@microfocus.com) | [Xiaofang 'Monica' Huang](https://rndwiki.houston.softwaregrp.net/confluence/display/~xiaofang.huang@microfocus.com) | [Sunny Xia](https://rndwiki.houston.softwaregrp.net/confluence/display/~sunny.xia@microfocus.com) | [Sheng-Yu Chen](https://rndwiki.houston.softwaregrp.net/confluence/display/~sheng-yu.chen@microfocus.com) | +| | | | | | | | | | | | +| | | | | | | | | | | | diff --git a/knowledgebase/csd-wiki/ICSD/ESM-Cloud-Infra-Cost-Review_686065545.md b/knowledgebase/csd-wiki/ICSD/ESM-Cloud-Infra-Cost-Review_686065545.md new file mode 100644 index 00000000..68edcc91 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/ESM-Cloud-Infra-Cost-Review_686065545.md @@ -0,0 +1,289 @@ +# ESM-Cloud-Infra-Cost-Review_686065545 +## Introduction + +This page presents all the ESM SaaS related cost review results. + +## 2025-07-15 + +eu8+18: 18 unsued ebs reduce 250$ monthly +140 ebs's on gp2 which need to go on gp3=250$monthly REVIEWING + +## 2025-05-13 + +1. \[EU-Managed eu28-eu32\] Change EBS from gp2 to gp3, save $64.00 per month REVIEWING +2. \[EU-Managed eu28-eu32\] Remove unused EBS, save $10 per month REVIEWING +3. \[EU-Managed eu28-eu32\] Upgrade the EKS version to 1.32 before 2025-07-23 for eu28 and eu32, to prevent $1000/mo extra cost on extend support REVIEWING Owner: Maricel EU28 upgrade planned on 2002-07-20, EU32 upgrade planned on 2025-07-17 + +4\. \[EU-Managed eu28-eu32\] Remove SageMaker, save $240/mo REVIEWING + +## 2025-05-07 + +1. Remove SageMaker, save REVIEWING Owner: Ting + +## 2025-04-07 + +1. Set remove policy for EBS snapshots, save around $100/mo, the problem is that this cost is keep growing. NO PLAN Owner: Ting Checked that it's managed by velero. + example: us24-prod-eks-cluster-dynamic-pvc-29b4c73e-edb7-49e1-9ca9-ce653f04ed57, +2. Upgrade the EKS version to 1.32 before 2025-07-23, to prevent $6000/mo extra cost on extend support REVIEWING Owner: Ting, change together with CCoE new image, after 25.2 upgrade. +3. US2-DEV + 1. Change the op RDS from t3.xlarge > t4g.large, as the cpu usage is less than 5%, save around $100/mo depends on the usage REVIEWING Owner: Ting ask Sunny for a change. + 2. Change the op RDS disk from io2 to gp3, as gp3 is cheaper and provide more IOPS, save around $ **500** /mo REVIEWING Owner: Ting + 1. make sure the future op database start with t4g.large and gp3 + 2. may be we can remove few instances, as there are 3 OP related RDS. NO PLAN + 3. turn off the RDS if the system is not in use. save around $100~500/mo NO PLAN + 4. remove manual RDS snapshot keep recent 30 days: $300+ REVIEWING Owner: Ting +4. Apply the ecr storage cleanup solution: $ **500DONE** owner: [Ting Ye](https://rndwiki.houston.softwaregrp.net/confluence/display/~ting.ye@microfocus.com) + +## 2025-03-28 + +Reorganize the FinOps related tasks: + +1. EU18 + 1. Migrate "Tech Mahindra - YIT Prod-1947697" to new FinOps and then remove the old vertica, save around **$1300/m** REVIEWING owner: shenwei to check with PM +2. US24 + 1. Remove the old vertica, save around $ **1500** /m It's stopped for a month, owner: Ting DONE 11 Apr 2025 +3. EU3 + 1. Migrate 4 remaining tenants from FinOps\_Classic to new FinOps and then remove the old vertica, save around **$1300/mo** REVIEWING owner: shenwei to check with presales +4. US2 + 1. Decommission 920775298 and 263660258 which are using FinOps\_Classic, then remove the vertica, save around $ **500** /mo REVIEWING Lingyan has confirmed with Alex Dominic Savio William. Owner: shenwei + +## 2025-03-25 + +1. Add RI and SP on EU28, saved around **$1300/mo** DONE 25 Mar 2025 +2. Add RI for OpenSearch on US2-PROD (Covering US2/US6), save 339$/mo DONE 25 Mar 2025 +3. Add RI for OpenSearch on EU8, save 339$/mo. DONE 25 Mar 2025 +4. Based on the system usage, resize us2 smax RDS m6g.4xlarge → r6g.2xlarge, cms RDS r6g.2xlarge → r6g.xlarge, save around $ **1100** /mo DONE + +## 2025-02-27 + +1. Change all the EC2 instances from m5/r5 to m6i/r6i with better performance REVIEWING + 1. Asked RnD to test the new instance type. if we choose m6a/r6a can save around $3000+/m without performance improvements [Feature 2481012 - \[Cost saving\] \[SaaS\] Suppor AMD EC2 servers which can save up to $3000/month on SaaS](https://internal.almoctane.com/ui/entity-navigation?p=97002/32001&entityType=work_item&id=2481012) + 2. And m6g/r6g can save even more like 9000$, but most likely it's not working, pending RnD for testing. NO PLAN Danny: Arm-Based EC2 cannot be used for worker node, because our applications are not built for ARM processors! + +## 2025-01-08 + +1. Cleanup SMAX EFS, save around $ **1500/m**, owner: [Ting Ye](https://rndwiki.houston.softwaregrp.net/confluence/display/~ting.ye@microfocus.com) + JP12-STG,EU3,US7,US2-Prod,US6,EU8,AP10 DONE 28 Mar 2025 +2. US6 + 1. After decommission Ford, resize the farm, save around $400/mo DONE + Also Dick's Sporting good just onboard, we may not change the sizing, but make sure to remove files on efs. +3. EU3 + 1. Decommission legacy Carbon server and ALBs, save around $200/m DONE + +## 2024-12-11 + +1. EU18 + 1. Change the op RDS from t3.xlarge > t3.large, as the cpu usage is less than 5%, save around $120/m DONE + 2. Change the RDS disk from io2 to gp3, as gp3 is cheaper and provide more IOPS, save around $350/m DONE +2. EU3 + 1. Change the op RDS from t3.xlarge > t3.large, as the cpu usage is less than 5%, save around $120/m DONE + 2. Change the RDS disk from io2 to gp3, as gp3 is cheaper and provide more IOPS, save around $350/m DONE +3. us24 + 1. Change the op RDS from t3.xlarge > t3.large, as the cpu usage is less than 5%, save around $120/m DONE +4. RI for OP RDS save around $100/m DONE + +## 2024-09-20 + +1. Terminate the old bastion node. Save around $300/m. DONE + +## 2024-08-28 + +1. Turn off the auto RDS backup, as we have the "AWS Backup service". Save around $300/m. DONE + 1. us2-prod oomt, eu18-prod oo/cms/smax, ap10 oomt, ca16 oo/cms/smax, jp12-stg cms/oo/smax. +2. Finish the Helm Post-transformation tasks, save more than $100/m. REVIEWING +3. Remove the OMT ingress (16.43$ \* 12 = $197). Reviewing the situation with RnD, RnD may provide a step to do it. REVIEWING + [https://docs.microfocus.com/doc/SMAX/24.2/TransformSmaxToHelmBased#Clean\_up\_OMT\_resources\_in\_the\_OMT\_namespace](https://docs.microfocus.com/doc/SMAX/24.2/TransformSmaxToHelmBased#Clean_up_OMT_resources_in_the_OMT_namespace) + [Issue 2323030 - \[Doc\] \[SaaS\] Remove unnessary OMT resoruces after helm transformation.](https://internal.almoctane.com/ui/entity-navigation?p=97002/32001&entityType=work_item&id=2323030) + +## 2024-07-08 + +1. Clean up the RDS backup tables in the database (not saving money but preventing the cost to increase) REVIEWING + 1. Audit (rnd review) + 2. revinfo (rnd confirmed to truncate) need a change + 3. bak tables (ops review) + +## 2024-05-14 + +1. Change all workers volume type from gp2 to gp3. Save around $ **1000/m**. Plan with CCoE ami change PLANNED +2. OpenSearch on US2-Dev Around 800$ Plan to decommission DONE owner: Ting +3. EU18 + 1. Reduce the vertica data node size from m4.4xlarge to r5.2xlarge: Save $600/m NO PLAN owner: Scott +4. Review the backup procedure for potential issues on cost + 1. Change the kms key os RDS, so that we can enable incremental backup. Can save around $ **2000** +/m REVIEWING Solution is ready, requires a downtime +5. Need to check the saving plan usage 80%~90%, need to check with Vinay. List the number DONE 25 Mar 2025 by lingyan, coverage 99% by the company +6. Remove the us2-dev EKS [smax-cluster-us2dev](https://us-west-2.console.aws.amazon.com/eks/home?region=us-west-2#/clusters/smax-cluster-us2dev) in 551360491749: $300/m DONE By Ting +7. Review the saving plan for us26 Owner:Lingyan DONE 25 Mar 2025 by lingyan, coverage 99% by the company + +## 2024-05-08 + +1. Change cross-region retention from 14 days to 7 days DONE [Yu Liu](https://rndwiki.houston.softwaregrp.net/confluence/display/~liu.yu@microfocus.com) +2. Remove the local backup generated by cross-region backup owner: DONE [Yu Liu](https://rndwiki.houston.softwaregrp.net/confluence/display/~liu.yu@microfocus.com) +3. Cleanup SMAX EFS to reduce the cost: $ **2000**, owner: [Ting Ye](https://rndwiki.houston.softwaregrp.net/confluence/display/~ting.ye@microfocus.com) + ,JP12-STG,EU3,US7,US2-Prod,US6,EU8,AP10 DONE +4. Checking if we can change the backup type to cold backup for efs owner: NO PLAN [Yu Liu](https://rndwiki.houston.softwaregrp.net/confluence/display/~liu.yu@microfocus.com) +5. Remove the us1 EKS in 361684190412, as it cost $400 for eks extended support owner: [Ting Ye](https://rndwiki.houston.softwaregrp.net/confluence/display/~ting.ye@microfocus.com) DONE +6. check the ecr storage cleanup solution: $ **800** owner: [Ting Ye](https://rndwiki.houston.softwaregrp.net/confluence/display/~ting.ye@microfocus.com) + \--US2-dev,EU3-Prod,US7-Prod DONE +7. Check the CMS efs cleanup solution with rnd owner: [Ling-yan Meng](https://rndwiki.houston.softwaregrp.net/confluence/display/~lingyan.meng@microfocus.com) DONE [Clean up CMS log files](https://rndwiki.houston.softwaregrp.net/confluence/display/ICS/Clean+up+CMS+log+files) + 1. Cleanup CMS EFS to reduce the cost: $ **500** owner: [Ting Ye](https://rndwiki.houston.softwaregrp.net/confluence/display/~ting.ye@microfocus.com) DONE + 2. US2-dev,US2-Prod,EU3,US7,US24 Done + 3. JP12,BR14,CA16,US26 Done + +## 2024-04-28 + +1. US6/EU8/AP10/EU18 + 1. EU8 + 1. remove not used tenant-export/tenant-import 400GB packages: 200$ DONE + +## 2024-03-25 + +1. US6/EU8/AP10/EU18 + 1. AP10 + 1. remove manual RDS snapshot keep recent 30 days: $85 DONE + 2. remove unused ALB (save 16.43$ \* 7 = 115$ ) Check FQDN and traffic, peer review before removal REVIEWING + 1. [acd2b58c6b3fc40a3a911c79dd0f8105-7bb8644d3ea49e82.elb.ap-southeast-2.amazonaws.com](http://acd2b58c6b3fc40a3a911c79dd0f8105-7bb8644d3ea49e82.elb.ap-southeast-2.amazonaws.com/) (k8s-itsmatbx-itomngin-1af9765940) + 2. [internal-SMAX-EKS-ALB-832470617.ap-southeast-2.elb.amazonaws.com](http://internal-smax-eks-alb-832470617.ap-southeast-2.elb.amazonaws.com/) + 3. [internal-CMS-ALB-1420616780.ap-southeast-2.elb.amazonaws.com](http://internal-cms-alb-1420616780.ap-southeast-2.elb.amazonaws.com/) + 4. [internal-cms-smax-integration-605090270.ap-southeast-2.elb.amazonaws.com](http://internal-cms-smax-integration-605090270.ap-southeast-2.elb.amazonaws.com/) (should be the legacy integration) + 5. [internal-k8s-ap10prodcmsalb-99eed8dbd4-1596301489.ap-southeast-2.elb.amazonaws.com](http://internal-k8s-ap10prodcmsalb-99eed8dbd4-1596301489.ap-southeast-2.elb.amazonaws.com/) + 6. [internal-k8s-oopublic-e2b012afab-1414584707.ap-southeast-2.elb.amazonaws.com](http://internal-k8s-oopublic-e2b012afab-1414584707.ap-southeast-2.elb.amazonaws.com/) + 7. [internal-k8s-ap10auditalb-f2e1f6a5de-476511256.ap-southeast-2.elb.amazonaws.com](http://internal-k8s-ap10auditalb-f2e1f6a5de-476511256.ap-southeast-2.elb.amazonaws.com/) + 2. US6 + 1. remove manual RDS snapshot keep recent 30 days: $ **300** + DONE + 2. remove unused ALB (save 16.43$ \* 8 = 131$ ) Check FQDN and traffic, peer review before removal REVIEWING + 1. [ad2b5ab2128d842a4ab7a8479b91d6ca-5f7aeea4304fc4ab.elb.us-west-2.amazonaws.com](http://ad2b5ab2128d842a4ab7a8479b91d6ca-5f7aeea4304fc4ab.elb.us-west-2.amazonaws.com/) (k8s-itsmaohs-itomngin-b928fd8ff6) + 2. [internal-SMAX-ALB-1780068998.us-west-2.elb.amazonaws.com](http://internal-smax-alb-1780068998.us-west-2.elb.amazonaws.com/) + 3. [internal-subdomain-testing-1383237556.us-west-2.elb.amazonaws.com](http://internal-subdomain-testing-1383237556.us-west-2.elb.amazonaws.com/) + 4. [internal-CMS-ALB-103193064.us-west-2.elb.amazonaws.com](http://internal-cms-alb-103193064.us-west-2.elb.amazonaws.com/) + 5. [internal-ALB-For-Integration-1506362286.us-west-2.elb.amazonaws.com](http://internal-alb-for-integration-1506362286.us-west-2.elb.amazonaws.com/) + 6. [internal-k8s-us6prodcmsalb-05d13e29f6-1782663167.us-west-2.elb.amazonaws.com](http://internal-k8s-us6prodcmsalb-05d13e29f6-1782663167.us-west-2.elb.amazonaws.com/) + 7. [internal-k8s-oomtpublic-8b587340e7-989485052.us-west-2.elb.amazonaws.com](http://internal-k8s-oomtpublic-8b587340e7-989485052.us-west-2.elb.amazonaws.com/) + 8. [internal-k8s-us6auditalb-b4c1ac47bd-1257080049.us-west-2.elb.amazonaws.com](http://internal-k8s-us6auditalb-b4c1ac47bd-1257080049.us-west-2.elb.amazonaws.com/) + 3. EU8 + 1. remove manual RDS snapshot keep recent 30 days: $ **400** + DONE + 2. remove unused ALB (save 16.43$ \* 8 = 131$ ) Check FQDN and traffic, peer review before removal REVIEWING + 1. [internal-CMS-ALB-EU8-50066461.eu-central-1.elb.amazonaws.com](http://internal-cms-alb-eu8-50066461.eu-central-1.elb.amazonaws.com/) + 2. [internal-k8s-eu8cmsext-09c603805a-1635150560.eu-central-1.elb.amazonaws.com](http://internal-k8s-eu8cmsext-09c603805a-1635150560.eu-central-1.elb.amazonaws.com/) + 3. [internal-EU8-ALB-For-Integration-1099466715.eu-central-1.elb.amazonaws.com](http://internal-eu8-alb-for-integration-1099466715.eu-central-1.elb.amazonaws.com/) + 4. [af67eb4c5555d47aab1230aaeafbfcfd-82a881994f2d96b7.elb.eu-central-1.amazonaws.com](http://af67eb4c5555d47aab1230aaeafbfcfd-82a881994f2d96b7.elb.eu-central-1.amazonaws.com/) (k8s-itsmah3c-itomngin-c4e78faf0f) + 5. [internal-SMAX-ALB-582960966.eu-central-1.elb.amazonaws.com](http://internal-smax-alb-582960966.eu-central-1.elb.amazonaws.com/) + 6. [internal-EU8-ALB-For-Integration-1099466715.eu-central-1.elb.amazonaws.com](http://internal-eu8-alb-for-integration-1099466715.eu-central-1.elb.amazonaws.com/) + 7. [aff85e03390924d0c9a6eae56cf2b525-6a24d3a3cd2ad390.elb.eu-central-1.amazonaws.com](http://aff85e03390924d0c9a6eae56cf2b525-6a24d3a3cd2ad390.elb.eu-central-1.amazonaws.com/) (this one has traffic on 80, k8s-itsmah3c-itomngin-21d82011c2) + 8. [internal-k8s-oomtpublic-8f26407304-488986183.eu-central-1.elb.amazonaws.com](http://internal-k8s-oomtpublic-8f26407304-488986183.eu-central-1.elb.amazonaws.com/) + 4. EU18 + 5. US6-STG + 1. (us-east-1) remove manual RDS snapshot keep recent 30 days: $40+ DONE + 2. (us-west-2) remove manual RDS snapshot keep recent 30 days: $100+ DONE +2. JP12/BR14/CA16 + 1. JP12 + 1. remove manual RDS snapshot keep recent 30 days: $70 DONE + 2. BR14 + 3. CA16 + 4. jp12-stg + 1. remove manual RDS snapshot keep recent 30 days: $40 DONE +3. US2/US2-DEV/US24 + 1. US2 + 1. remove manual RDS snapshot keep recent 30 days: $ **1000** + DONE + 2. US2-DEV + 1. remove manual RDS snapshot keep recent 30 days: $200+ DONE + 2. (us-east-1) remove manual RDS snapshot keep recent 30 days: $20+ DONE + 3. US24 + 1. remove manual RDS snapshot keep recent 30 days: $20 DONE +4. EU3/US7 + 1. EU3 + 1. remove manual RDS snapshot keep recent 30 days: $ **500** + DONE + 2. US7 + 1. remove manual RDS snapshot keep recent 30 days: $ **500** + DONE +5. EU22/US26 + 1. EU22 + 2. US26 + 1. remove manual RDS snapshot keep recent 30 days DONE + 2. CMS RDS r6g.4xlarge -> r6g.2xlarge (save $800) last 4 weeks peak CPU 10% DONE + +## 2023-12-19 + +Make sure to **check and keep the max\_connections** + +1. US6/EU8/AP10/EU18 + 1. AP10 + 1. OO RDS: m6g.2xlarge → r6g.xlarge (save $150) last 4 weeks peak CPU 12% DONE + 2. US6 + 1. OO RDS: m6g.2xlarge → r6g.xlarge (save $150) last 4 weeks peak CPU 6% DONE + 3. EU8 + 1. OO RDS + 1. m6g.2xlarge -> r6g.xlarge (save $150) last 4 weeks peak CPU 15% DONE + 2. IO1 3000 -> GP3 IOPS 12000 (save $300) DONE + 4. EU18 + 1. SMAX RDS m6g.4xlarge -> r6g.2xlarge (save $300) last 4 weeks peak CPU 18% DONE + 2. OO RDS: m6g.2xlarge → r6g.xlarge (save $150) last 4 weeks peak CPU 9% DONE +2. JP12/BR14/CA16 + 1. JP12 + 1. SMAX RDS m6g.2xlarge -> r6g.xlarge (save $150) last 4 weeks peak CPU 13% DONE + 2. CMS RDS m6g.2xlarge -> r6g.xlarge (save $150) last 4 weeks peak CPU 6% DONE + 3. OO RDS: m6g.2xlarge → r6g.xlarge (save $150) last 4 weeks peak CPU 14% DONE + 2. BR14 + 1. CMS RDS m6g.2xlarge -> r6g.xlarge (save $150) last 4 weeks peak CPU 9% DONE + 2. OO RDS: m6g.2xlarge → r6g.xlarge (save $150) last 4 weeks peak CPU 5% DONE + 3. CA16 + 1. SMAX RDS m6g.2xlarge -> r6g.xlarge (save $150) last 4 weeks peak CPU 5% DONE + 2. OO RDS: m6g.2xlarge → r6g.xlarge (save $150) last 4 weeks peak CPU 4% DONE + 4. jp12-stg + 1. OO RDS: m5.2xlarge → r6g.xlarge DONE +3. US2/US24 + 1. US2 + 1. OO RDS: m6g.2xlarge → r6g.xlarge (save $150) last 4 weeks peak CPU 19% DONE +4. EU3/US7 + 1. EU3 + 1. CMS RDS m6g.2xlarge -> r6g.xlarge (save $150) last 4 weeks peak CPU 15% DONE + 2. OO RDS: m6g.2xlarge → r6g.xlarge (save $150) last 4 weeks peak CPU 17% DONE + 2. US7 + 1. OO RDS: m6g.2xlarge → r6g.xlarge (save $150) last 4 weeks peak CPU 10% DONE + +## 2023-11-30 + +1. US6/EU8/AP10/EU18 + 1. US6 + 1. CMS RDS: IO1 10000 IOPS → GP3 IOPS ($1093.5 → $86.25) DONE + 2. SMA RDS: + 1. r6g.4xlarge → r6g.2xlarge (save $1312) Last 4 week free memory more than 80G, CPU less than 30%. **Check and keep the max\_connections** DONE + 2. GP2 → GP3 DONE + 3. ~~CMS RDS: m6g.4xlarge → r6g.2xlarge ($823 -> $741 → $463) Need to wait till **Dec 18th** for RI expiration for $463 Last 4 weeks CPU < 30%, Min Free memory 31G + ~~As the load on 7th Dec is higher than 60%. + 4. Remove manual & backup snapshots, keep recent 30 days: $400+ DONE + 2. EU8 + 1. SMA RDS: GP2 4500G → GP3 4500G 18000 IOPS 1000 MBPS ($1229 → $1616 ) Last 4 week IOPS peak time: 17000-18000, MBPS peak time: 450 MBPS DONE As the us6 worked, we can plan the eu8 change + 1. We can only switch to 18000 IOPS 500 MBPS at first and keep monitoring, if required, increase to 1000 MBPS, it will require less than $100 per month. Based on the monitoring, we need to change the MBPS from 500 MBPS to 1000 MBPS. DONE + 2. Remove manual & backup snapshots keep recent 30 days: $1000+DONE + 3. Disable EFS throughput mode for monitoring: $350 DONE + 3. AP10 + 1. Remove manual & backup snapshots keep recent 30 days: $100+ DONE +2. JP12/BR14/CA16 + 1. JP12 + 1. Remove manual & backup snapshots keep recent 30 days: $50+DONE + 2. BR14 + 1. Remove manual & backup snapshots keep recent 30 days: $150+DONE + 3. CA16 + 1. Remove manual & backup snapshots keep recent 30 days: $50+DONE +3. US2/US24 + 1. US2 + 1. SMA RDS: IO1 2000G 3000 IOPS → GP3 2000G 12000 IOPS ($1100→ $460) Last 4 week IOPS peak time: 2500-4000, MBPS peak time: 70-150 MBPS DONE + 2. CMS RDS: IO1 500G 3000 IOPS → GP3 500G 12000 IOPS ($1100→ $460) Last 4 week IOPS peak time: 2500-4000, MBPS peak time: 70-150 MBPSDONE + 2. US24 + 1. SMA RDS: + 1. m6g.2xlarge → r6g.xlarge ($998→ $726) DONE + 2. disable multi-AZ: save $363 DONE + 2. OO RDS: m6g.2xlarge → r6g.xlarge ($499 →$363) **Check and keep the max\_connections** DONE + 3. Vertica + 1. ~~Reduce the vertica data node number from 3 to 1~~ + 2. Reduce the vertica data node size from r5.8xlarge to r5.4xlarge: $1600 DONE + +**Need to request RI before Dec 18th. [Wei Shen](https://rndwiki.houston.softwaregrp.net/confluence/display/~wei.shen2@microfocus.com)** + +**Improve the instance type to newer version. RnD** + +**Backup policy: keep only one month.** + +Check us2 tenant FinOps usage, may be it's been moved to us24? + +[https://us2-smax.saas.microfocus.com:443/saw/ess?TENANTID=920775298](https://us2-smax.saas.microfocus.com/saw/ess?TENANTID=920775298) + +Posted by lmeng2 at Mar 28, 2025 02:39 EDT diff --git a/knowledgebase/csd-wiki/ICSD/ESM-Cloud-Ops---New-User-Guide_686088242.md b/knowledgebase/csd-wiki/ICSD/ESM-Cloud-Ops---New-User-Guide_686088242.md new file mode 100644 index 00000000..09e32ed4 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/ESM-Cloud-Ops---New-User-Guide_686088242.md @@ -0,0 +1,73 @@ +# ESM-Cloud-Ops---New-User-Guide_686088242 +## Overview + +This page provides a guidance for new member in ESM Cloud Ops team. + +## System Access + +| # | | Links | Admin | Comments | +| --- | --- | --- | --- | --- | +| 1. | AWS Console login | [AWS Console Login](http://awslogin.publiccloud.microfocus.net/) [Request access to AWS account from IGA portal](Request-access-to-AWS-account-from-IGA-portal_686074273.html) for the ESM, Aviator and DCA AWS accounts listed [here](https://confluence.opentext.com/display/ICSD/ITOM+Cloud+AWS+Account+Overview). IGA link [here](https://stackc.iga.cyberresprod.com/). For ESM Cloud Ops Engineer please request access with role " **Fed\_Account\_ESM\_SaaS\_Ops** " | [Sajith Kumar A R](https://confluence.opentext.com/display/~ssajith) | AWS Account Owner will approve the access request MF account to login | +| 2. | ITOM Cloud Service Delivery Wiki | [ITOM Cloud Service Delivery](https://confluence.opentext.com/display/ICSD) [How to get an Opentext Confluence account](How-to-get-an-Opentext-Confluence-account_688987796.html) | [Sajith Kumar A R](https://confluence.opentext.com/display/~ssajith) | ITOM CSD Wiki Space OT Confluence account to login | +| 3. | Cloud DevOps Sharepoint | [https://opentextcorporation.sharepoint.com/sites/MFI-SMAXSaaSDevOps/SitePages/Home.aspx](https://opentextcorporation.sharepoint.com/sites/MFI-SMAXSaaSDevOps/SitePages/Home.aspx) | [Sajith Kumar A R](https://confluence.opentext.com/display/~ssajith) [Boglarka Ronai](https://confluence.opentext.com/display/~bronai) | Team's SharePoint OT account to login | +| 4. | Add New User to PDL | - ITOM Cloud Service Team - ITOM Cloud Service ESM Team - ITOM Cloud Service SO Team - ITOM Cloud Services APM Team | [Boglarka Ronai](https://confluence.opentext.com/display/~bronai) | Team PDL | +| 5.1. | PCS (Proactive Customer Support) - SMAX | [https://pcs.saas.microfocus.com/](https://pcs.saas.microfocus.com/) | [Brindusa Kevorkian](https://confluence.opentext.com/display/~bkevorkian) [Sajith Kumar A R](https://confluence.opentext.com/display/~ssajith) | To handle customer service request OT account to login | +| 5.2. | PCS EU SMAX | [https://pcs-eu.saas.microfocus.com/saw/Requests](https://pcs-eu.saas.microfocus.com/saw/Requests) | [Alin-Bogdan Zirbo](https://confluence.opentext.com/display/~azirbo) | To handle EU customer service request OT account to login | +| 6. | X4X (Internal Cloud Service) - SMAX | [https://us2-smax.saas.microfocus.com/saw/ess?TENANTID=202385354](https://us2-smax.saas.microfocus.com/saw/ess?TENANTID=202385354) | [Sajith Kumar A R](https://confluence.opentext.com/display/~ssajith) | Tenant Provision, Unplanned change requests OT account to login | +| 7. | ESM SaaS RnD Basecamp | [https://3.basecamp.com/4227251/projects/19597039](https://3.basecamp.com/4227251/projects/19597039) | [Sajith Kumar A R](https://confluence.opentext.com/display/~ssajith) | Tasks assignment & tracking Basecamp account to login | +| 8. | ESM Cloud Ops Tooling | Jenkins: [https://saas-ops.itsma-ng.net/](https://saas-ops.itsma-ng.net/) System health Page Ops Console: [http://smax-health.saas.microfocus.com/ops](http://smax-health.saas.microfocus.com/ops) Logging farm: | [Maricel Plesuvu](https://confluence.opentext.com/display/~mplesuvu) | AWS Cognito user account to login For Jenkins, System Health Page Logging farm, etc | +| 9. | ESM Cloud Ops Favorites | [SaaS Favorites](https://rndwiki.houston.softwaregrp.net/confluence/display/SMAXaaS/SaaS+Favorites) (To be updated) | N/A | All in one link page for SaaS | +| 10. | INFRA account | Steps: 1\. Request your manager's approval, e.g. Shen Wei, Florin Pavel, via email and have it saved as.msg. 2\. Log a ticket in Self Service using the offering "Domain Management": [https://us2-smax.saas.microfocus.com/saw/ess/requestTracking/9465777?TENANTID=734262997](https://us2-smax.saas.microfocus.com/saw/ess/requestTracking/9465777?TENANTID=734262997) Inside the ticket add: 2.1. the approval from step #1 2.2. the attached [OpenText SaaS disclaimer.pdf](attachments/686088242/702037978.pdf) filled in 2.3. the attached [Infra Access Request.docx](attachments/686088242/702037980.docx) properly filled in. 3\. The password will expire every 3 months. For that, use the instructions in the attached [INFRA account password reset.txt](attachments/686088242/702038073.txt). | [Florin Pavel](https://confluence.opentext.com/display/~fpavel) [Sajith Kumar A R](https://confluence.opentext.com/display/~ssajith) | Use this [offering](https://us2-smax.saas.microfocus.com/saw/ess/offeringPage/17746?query=domain%20management&TENANTID=734262997) on this SMAX. E.g. #9465777. | +| 11. | SaaS Unified Tool | [https://ut.ct-us2.saas.microfocus.com/sm/index.do](https://ut.ct-us2.saas.microfocus.com/sm/index.do) Once the INFRA account created, the access to UT may be requested. For that, log a ticket in Self Service using the offering "Domain Management": [https://us2-smax.saas.microfocus.com/saw/ess/requestTracking/9465777?TENANTID=734262997](https://us2-smax.saas.microfocus.com/saw/ess/requestTracking/9465777?TENANTID=734262997) and specify that the INFRA account too. E.g. "Kindly grant me access to SaaS Unified Tool: [https://ut.ct-us2.saas.microfocus.com/sm/index.do](https://ut.ct-us2.saas.microfocus.com/sm/index.do) with the same rights like wei.shen2. I already have an INFRA account enabled with the ID: Username: Adina.Lehene" Note: Every 3 months the password expires. In order to reset it, follow A) or B): A) Use this link to change your password: [Password Reset Tool](https://10.208.15.14/RDWeb/Pages/en-US/password.aspx), while using **CheckPoint VPN. **B) Contact: [MFI-PSDC-Service-Center@opentext.com](mailto:MFI-PSDC-Service-Center@opentext.com) or [sbiswal@opentext.com](mailto:sbiswal@opentext.com). | @MFI-PSDC-Service-Center@opentext.com [Saswati Biswal](https://confluence.opentext.com/display/~sbiswal) | Use this offering on this SMAX. E.g. #9498890. | +| 12. | BO (BackOffice) | https://- [smax.saas.microfocus.com/bo](http://smax.saas.microfocus.com/bo) In order to log into BO, use the suite-admin generic or the suite-admin-personal account. The suite-admin generic account's credentials are found in the proper AWS Parameter Store account, according to this table [Suite-admin generic accounts credentials.xlsx](attachments/686088242/703392717.xlsx) (see column K). Steps to create a suite-admin-personal accounts: 0\. Log into the proper [AWS account](https://authenticate.microfocus.net/nidp/app/login?id=MultiGenericAA&sid=0&option=credential&sid=0&target=https%3A%2F%2Fauthenticate.microfocus.net%2Fnidp%2Fsaml2%2Fidpsend%3FPID%3Dawslogin.publiccloud.microfocus.net) in order to retrieve the correspondent farm's suite-admin credentials according to the table mentioned above. 1\. Log into the target farm's BO as suite-admin with the credentials retrieved from the Parameter store of the AWS correspondent farm. 2\. Go to Users. 2.1. Create a new user with the role of suite-admin and the format *suite-admin-john* 2.2. Open any tenant. 2.3. Go to IDM. Press once again "Organizations". 2.4. Filter the categories by "sysbo" and choose it. 2.5. Go to "Groups". 2.6. Select and open the "Administrators" group. 2.7. Add the newly created suite-admin-user into the *Administrators* group. | | AWS access is a prerequisite. | +| 13. | IRL (Software Entitlements Management System) | [https://sld.prod.corpcloud.opentext.com/semsui/ilr](https://sld.prod.corpcloud.opentext.com/semsui/ilr) | | MF main credentials | +| 14.1. | SLD (Software Licenses and Downloads) | [https://sld.microfocus.com](https://sld.microfocus.com/) (web browser private mode) In order to create an account: 1\. Use the @ [microfocus.com](http://microfocus.com/) email address 2\. In order to confirm the account and receive its password, log a service request on the tenant: [https://us2-smax.saas.microfocus.com/saw/ess/requestTracking/36283818?TENANTID=973580388](https://us2-smax.saas.microfocus.com/saw/ess/requestTracking/36283818?TENANTID=973580388) or contact the team: [SLD\_SUP\_TEAM@opentext.com](mailto:SLD_SUP_TEAM@opentext.com); contact people: [halla2@opentext.com](mailto:halla2@opentext.com), [apalakuru@opentext.com](mailto:apalakuru@opentext.com) 3\. Once the registered account confirmed and the initial password received, reset the password. | [SLD\_SUP\_TEAM@opentext.com](mailto:SLD_SUP_TEAM@opentext.com) @Hari Kishan Naidu Alla @Akhilesh Palakuru | MF email and dedicated pwd | +| 14.2. | Software Licensing and Download | [https://sld.microfocus.com](https://sld.microfocus.com/) | | Use this [offering](https://us2-smax.saas.microfocus.com/saw/ess/offeringPage/1239784?TENANTID=973580388) on this SMAX, via incognito browser. | +| 15. | PHT GitLab repo | Older ref. Confl. art.: [Build Hub Contact#RequestGitLabSupport](https://confluence.opentext.com/display/UBMT/Build+Hub+Contact#BuildHubContact-RequestGitLabSupport) SaaS: [https://gitlab.otxlab.net/csd/esm-cloud/smax-saas-ops/esm-waf](https://gitlab.otxlab.net/csd/esm-cloud/smax-saas-ops/esm-waf) RnD: [https://gitlab.otxlab.net/itom/itsma-x/esm-waf](https://gitlab.otxlab.net/itom/itsma-x/esm-waf) | RnD PHT: [Raluca Prodan](https://confluence.opentext.com/display/~rprodan) RnD CSD: [Raluca Prodan](https://confluence.opentext.com/display/~rprodan) | | +| 16. | Prisma | Prisma link: [https://app.prismacloud.io/home/runtime](https://app.prismacloud.io/home/runtime) In order to create an account: 1. Go to [Commercial Systems Access Workflow (opentext.com)](https://intranet.opentext.com/intranet/llisapi.dll/displayform/2001/18828385/3077721/141992044/20740378/110054872/214218608/214203932/?viewid=220171445&readonly=true&sedit=false&objId=214220329&objAction=EditForm&nexturl=https%3A%2F%2Fintranet%2Eopentext%2Ecom%2Fintranet%2Fllisapi%2Edll) 2. Under "Department", select "Network Operations" 3. Under "Access Type", "Select Individual Systems" 4. Under Access Information, select "Info Sec" 5. Under "Security Tools", type "PrismaCloud - please copy the access from..." 6. Under "Reason", type "Provide the justification for your request". | | | + +## Product related knowledge + +| Index | Status | Issues | Comments | +| --- | --- | --- | --- | +| What is SMA? | ![(tick)](images/icons/emoticons/check.svg) | | - [GO through the videos of our product](https://rndwiki.houston.softwaregrp.net/confluence/display/SMA/Generic+Product+Knowledge) - [Youtube Introduction](https://www.youtube.com/watch?v=EY00wNqDkso) - [Youtube In-depth Overview](https://www.youtube.com/watch?v=aOzzhy7izX8) | +| What is ESM? (Enterprise Service Management) | ![(tick)](images/icons/emoticons/check.svg) | | - [Youtube Introduction](https://www.youtube.com/watch?v=2lhczXokuy8) - [Microfocus Official description](https://www.microfocus.com/en-us/what-is/enterprise-service-management) | +| AWS 10 minutes tutorial series | ![(tick)](images/icons/emoticons/check.svg) | | - [Link](https://aws.amazon.com/getting-started/tutorials/) | +| Get familiar with AWS | ![(tick)](images/icons/emoticons/check.svg) | | - [Safari](https://www.safaribooksonline.com/learning-paths/learning-path-amazon/9780135116548/) course (First 8 Chapter) (No longer available after Nov 17th, 2023) - [LiveSession 2nd Edition](https://learning.oreilly.com/videos/amazon-web-services/9780135581247/) Use [this link](https://opentextcorporation.sharepoint.com/:f:/s/MFI-SMAXSaaSDevOps/EpzYHAhEhoFDkx_D_ykzgNMBjBu2S4PC-HiQchaJHpoyxA?e=ULSxUf) if previous one is not working. | +| Get familiar with Kubernetes and docker | ![(tick)](images/icons/emoticons/check.svg) | | - [Learning Docker](https://www.linkedin.com/learning/learning-docker-2/why-create-containers-using-docker?u=16620580) (No longer available after Nov 17th, 2023) [Learning Kubernetes](https://www.linkedin.com/learning/learning-kubernetes/how-to-use-the-exercise-files?u=16620580) (No longer available after Nov 17th, 2023) | +| Get familiar with SMA | ![(tick)](images/icons/emoticons/check.svg) | | - [Overview](https://docs.microfocus.com/itom/ITOM:Service_Management_Automation/Home) - [List of products](https://docs.microfocus.com/?ITSMA) | +| Setup a production level environment on AWS | ![(tick)](images/icons/emoticons/check.svg) | | - [Link](https://docs.microfocus.com/doc/SMAX/24.4/EKS) | +| Maintain an EKS solution | | | | + +## ESM SaaS Specific knowledge + +| Index | Status | Issues | Comments | +| --- | --- | --- | --- | +| ESM SaaS Architecture (Legacy Landing Zone) | ![(tick)](images/icons/emoticons/check.svg) | | 1. [Recording](https://web.microsoftstream.com/video/7a02725a-9d73-4552-81f7-07fc89dc2237) | +| ESM SaaS session to ESM teams which are relatively new to SaaS operation model | ![(tick)](images/icons/emoticons/check.svg) | | 1. [Session 1](https://microfocusinternational-my.sharepoint.com/:v:/g/personal/deepak-kalathil_perazhi_microfocus_com/ERhV3ddNmhVBjg-BR-SAhIsBPon0Qfs030KqXU4Al8msBA?e=voDI7d) 2. [Session 2](https://microfocusinternational-my.sharepoint.com/:v:/g/personal/deepak-kalathil_perazhi_microfocus_com/EeqXCCh51lVIuVXMGgh78R4Bp93xXTWl2zqc-dX71SO1Dg?e=AmnAt6) 3. [Slides](https://microfocusinternational.sharepoint.com/:p:/s/SMAXSaaSDevOps/EYQJYJEMUThFir1YGzHB5m0BgxEF_RQUXSWVZHhUw-XYhg?e=cZe5UQ) | +| SaaS Collaborations with ADM Group | | | 1. Session 1 2. Session 2 | + +## Advanced knowledge + +| Index | Status | Issues | Comments | +| --- | --- | --- | --- | +| Kubernetes Internals 1. Node / Pod 2. Kubectl (Client) 3. Kubelet 4. API Server 5. Ingress 6. Daemonset/Statefulset/Pod/Deployment/ReplicationController 7. Configmap 8. ETCD 9. Service/Load balancing /Network 10. PV (Storage) | | | 1. [https://kubernetes.io/docs/home/](https://kubernetes.io/docs/home/) 2. [Kubernetes in action](https://www.safaribooksonline.com/library/view/kubernetes-in-action/9781617293726/) | +| Partner Training | | | [Partner Training(Chinese)](https://rndwiki.houston.softwaregrp.net/confluence/pages/viewpage.action?title=Partner+Training&spaceKey=SMA) | +| | | | [How to generate short term key for programmatic access to AWS account or role](https://rndwiki.houston.softwaregrp.net/confluence/display/SMA/How+to+generate+short+term+key+for+programmatic+access+to+AWS+account+or+role) | +| How to solve CDF/Suite issues in real world? | | | | +| Docker | | | [Latest Docker doc](https://docs.docker.com/get-started/overview/) [Docker 1.13 doc](https://docs.docker.com/v1.13/) | +| Cloud related knowledge | | | [AWS in Action](https://learning.oreilly.com/library/view/amazon-web-services/9781617295119/) | +| Master Cloud-Native Infrastructure with Kubernetes | | | Training materials from [LinkedIn Learning](https://www.linkedin.com/learning/paths/master-cloud-native-infrastructure-with-kubernetes?u=16620580) (No longer available after Nov 17th, 2023) | +| Business domain knowledge - ITIL | | | ITIL docs | +| CDF APIs | | | 1. https://:5443/suiteInstaller/swagger-ui.html 2. [Sample](https://docs.microfocus.com/itom/ITOM_Container_Deployment_Foundation:2018.08/Administer/Change_the_external_access_hostname) to connect to swagger ui. (From Step 2) | +| CDF documentation | | | [doc](https://rndwiki.houston.softwaregrp.net/confluence/display/sharedservices/Documentation+v2018.08) | +| Point Product APIs | | | 1. xservice: [https:///v10/help/en/full/Content/8000\_DeveloperGuide/ApiRESTIntro.htm](https://jh-test7.itsma-ng.net/v10/help/en/full/Content/8000_DeveloperGuide/ApiRESTIntro.htm) 2. IDOL: | +| Product Knowledge - SM | | | [Service Manager 9.61](https://docs.microfocus.com/SM/9.61/Codeless/Content/Home.htm) [Service](https://www.youtube.com/watch?v=tdm1njlFCLU) [Manager 9.40 Capability Overview](https://www.youtube.com/watch?v=tdm1njlFCLU) (Video) | +| Product Knowledge - X | | | [Old Saw document](https://saw.saas.hpe.com/help/en/full/Content/Home/ServiceAnywhereHomePage.htm) X document: [https:///v10/help/en/full/Content/8000\_DeveloperGuide/ApiRESTIntro.htm](https://jh-test7.itsma-ng.net/v10/help/en/full/Content/8000_DeveloperGuide/ApiRESTIntro.htm) | +| Product Knowledge - IDOL | | | [Get Start](https://www.microfocus.com/documentation/idol/IDOL/Servers/IDOLServer/11.0/Guides/pdf/English/IDOL_11.0_GettingStarted_en.pdf) [IDOL Expert](https://www.microfocus.com/documentation/idol/IDOL/Servers/IDOLServer/11.0/Guides/html/English/expert/index.html) [Other IDOL documents](https://www.microfocus.com/documentation/idol/IDOL_11_0/) IDOL introduction on 2018.08 by Sean Blanchflower [Video](https://web.microsoftstream.com/video/1b3f943a-9231-4912-993e-63c53831a3a0) [Slides](https://microfocusinternational-my.sharepoint.com/:b:/g/personal/sean_blanchflower_microfocus_com/EYso5J-VMZ5Dju5Og4Tk_vUBaCES0RHZOqGhyVc7g0EBwg?e=i3uo0Y) | +| AWS OpenSearch based ELK | | | 1. [Recording](https://microfocusinternational-my.sharepoint.com/:v:/g/personal/wei_shen2_microfocus_com/EfPtYTQyvkFJldhgoGk4cVMBnM_xmzCpX7k8C9I4ey8mwg) 2. [Slides](https://microfocusinternational.sharepoint.com/:p:/t/ITSMA/EUZtcs8d9MNFr8NnMX_qLR8BD_BmpLCSGlaIbfMWvaW1AA) 3. [Provisioning](https://rndwiki.houston.softwaregrp.net/confluence/display/SMA/Provision+AWS+OpenSearch+based+ELK) 4. [How to support ELK log analytics](https://rndwiki.houston.softwaregrp.net/confluence/display/SMA/How+to+support+ELK) | +| Request Infra MMS account to access SiteScope | | | [https://us2-smax.saas.microfocus.com/saw/ess/offeringPage/17746?TENANTID=734262997](https://us2-smax.saas.microfocus.com/saw/ess/offeringPage/17746?TENANTID=734262997) Domain Services Options: Active Directory/Account Services; Domain Name: Infra.mms; Request Service On: Personal Account; Select Action: Create | + +## Much Further knowledge + +
IndexStatusIssuesComments
Micro Focus Reference ArchitectureVideo
Slides
diff --git a/knowledgebase/csd-wiki/ICSD/ESM-Cloud-Ops-Change-Calendar_686069653.md b/knowledgebase/csd-wiki/ICSD/ESM-Cloud-Ops-Change-Calendar_686069653.md new file mode 100644 index 00000000..02af2469 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/ESM-Cloud-Ops-Change-Calendar_686069653.md @@ -0,0 +1,35 @@ +# ESM-Cloud-Ops-Change-Calendar_686069653 +[https://opentextcorporation.sharepoint.com/sites/MFI-SMAXSaaSDevOps/Lists/ESM%20Cloud%20Calendar/calendar.aspx](https://opentextcorporation.sharepoint.com/sites/MFI-SMAXSaaSDevOps/Lists/ESM%20Cloud%20Calendar/calendar.aspx) + +## ESM 25.4 Upgrade Plan (Oct 2025 ~ Dec 2025) + +## ESM 25.3 Upgrade Plan (Jul 2025 ~ Sep 2025) + +![](attachments/686069653/716244536.png) + +## ESM 25.2 Upgrade Plan (Mar 2025 ~ Jun 2025) + +## Attachments: + +[image-2025-1-20\_11-1-8.png](attachments/686069653/686069650.png) (image/png) +[image-2025-1-20\_11-1-43.png](attachments/686069653/686069652.png) (image/png) +[image-2025-2-17\_15-17-57.png](attachments/686069653/690071325.png) (image/png) +[image-2025-3-21\_12-15-13.png](attachments/686069653/693621083.png) (image/png) +[image-2025-3-21\_12-23-19.png](attachments/686069653/693621092.png) (image/png) +[image-2025-3-21\_12-25-3.png](attachments/686069653/693621098.png) (image/png) +[image-2025-3-25\_10-14-29.png](attachments/686069653/694621603.png) (image/png) +[image-2025-5-19\_9-55-39.png](attachments/686069653/703387765.png) (image/png) +[image-2025-6-23\_9-47-59.png](attachments/686069653/708233750.png) (image/png) +[image-2025-6-23\_9-48-22.png](attachments/686069653/708233751.png) (image/png) +[image-2025-7-2\_13-3-2.png](attachments/686069653/709410415.png) (image/png) +[image-2025-7-2\_13-5-12.png](attachments/686069653/709410427.png) (image/png) +[image-2025-7-9\_10-37-27.png](attachments/686069653/710773365.png) (image/png) +[image-2025-7-16\_10-54-52.png](attachments/686069653/710796236.png) (image/png) +[image-2025-7-16\_11-5-41.png](attachments/686069653/710796261.png) (image/png) +[image-2025-7-28\_14-17-57.png](attachments/686069653/711848853.png) (image/png) +[image-2025-8-1\_15-36-21.png](attachments/686069653/713178370.png) (image/png) +[image-2025-8-20\_17-12-6.png](attachments/686069653/715595499.png) (image/png) +[image-2025-8-21\_11-53-19.png](attachments/686069653/715598386.png) (image/png) +[image-2025-8-22\_10-3-46.png](attachments/686069653/715603437.png) (image/png) +[image-2025-8-25\_9-57-2.png](attachments/686069653/716244536.png) (image/png) +[image-2025-9-3\_13-50-1.png](attachments/686069653/716274533.png) (image/png) diff --git a/knowledgebase/csd-wiki/ICSD/ESM-Cloud-Unified-Monitoring-v1.1_686083891.md b/knowledgebase/csd-wiki/ICSD/ESM-Cloud-Unified-Monitoring-v1.1_686083891.md new file mode 100644 index 00000000..4aa42876 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/ESM-Cloud-Unified-Monitoring-v1.1_686083891.md @@ -0,0 +1,26 @@ +# ESM-Cloud-Unified-Monitoring-v1.1_686083891 +## Legends + +S2 + +S3 + +S4 + +NEW + +Check here for the [severity definitions](https://rndwiki.houston.softwaregrp.net/confluence/display/ICS/Monitoring+Alert+Serverity+Definition). + +## Introduction + +This guide presents all the items related to monitoring the ESM product on SaaS. + +## Levels of monitoring + +## Alerts + +Alerts comes with monitoring and experience. + +Here is a reference list of items to be sent as alerts. [A grafana monitoring dashboards](https://github.houston.softwaregrp.net/smax-saas-ops/ESM-Saas-Monitoring) are developed based on below list. + +
Monitoring LevelCategorySeverityCodeAlert Description AWSAlert Description GCPSample ChartAlert MessageRunbook AWSRunbook GCP
Infrastructure

Compute

ALB HTTP 5XX Count (More than 34 in a 3 mins time frame)N/A
Link[ S0 - Urgent ] [ farm-name ] ALB HTTP 5XX Count alertRunbook

S2

ALB Target 5xx CountN/ALink
Storage

S3

EBS Disk Queue Depth (EBS disk queue depth more than 5 for more than 10 mins)Disk queue length avg (disk queue length is more than 5 for more than 10 mins)
Link[ S3 - Warning ] [ farm-name ] EBS Disk Queue Depth alertRunbook

S2

EBS Burst Balance Average (EBS burst balance below 40% for more than 30 mins )N/ALink[ S2 - Error ] [ farm-name ] EBS Burst Balance Average alertRunbook
EBS Burst Balance Average (EBS burst balance is below 0)N/ALink[ S0 - Urgent ] [ farm-name ] EBS Burst Balance Average alertRunbook

S2

EFS Burst Credit Balance (Burst credit below 40% for more than 15 mins )N/ALink[ S2 - Error ] [ farm-name ] EFS Burst Credit Balance alertRunbook
EFS Burst Credit Balance (Burst credit is 0)N/ALink[ S0 - Urgent ] [ farm-name ] EFS Burst Credit Balance alertRunbook
Disk average latency (?)
Filestore: Average read latency (?)
Filestore: Average write latency (?)
Filestore: Used space percent (?)

Virtualization

Database

S2

RDS CPU Utilization (CPU more than 97% for more than 30 mins)CPU utilization (CPU more than 97% for more than 30 mins)
Link[ S2 - Error ] [ farm-name ] RDS CPU Utilization alertRunbook

S2

CPU (sy: system >70% for more than 60 mins )N/ALink[ S2 - Error ] [ farm-name ] RDS cpuUtilization System alertRunbook

S2

CPU (si: soft interrupts > 15% for more than 60 mins )N/ALink[ S2 - Error ] [ farm-name ] RDS CPU Soft Interrupts alertRunbook

S3

Disk queue depth (EBS disk queue depth more than 5 for more than 10 mins)IO wait (Total of IO_time,?)Link[ S3 - Warning ] [ farm-name ] RDS Disk queue depth alertRunbook

S2

Disk (Free Storage Space is below 500 MB)Disk (Free Storage Space= (1-Disk Utilization)* Disk allocation / Disk Utilization is below 500 MB)Link[ S2 - Error ] [ farm-name ] RDS Disk Free Storage Space alertRunbook

S2

Disk (Storage has enough space to auto-scale, (Free Space + Max Autoscaling Storage - Allocated Storage) / Allocated Storage < 0.2 )Disk (Storage has enough space to auto-scale, (Free Space + Max Autoscaling Storage - Allocated Storage) / Allocated Storage < 0.2 )Runbook

S2

Memory (Free memory less than 5% for more than 5 mins)Memory components(sum of all components) (Free memory less than 5% for more than 5 mins)Link[ S2 - Error ] [ farm-name ] RDS Free Memory Percentage alertRunbook
Memory (Free memory less than 2% for more than 5 mins)Memory components(sum of all components) (Free memory less than 2% for more than 5 mins)Link[ S0 - Urgent ] [ farm-name ] RDS Free Memory Percentage alertRunbook

S2

Storage (Burst Balance below 40% for more than 30 mins )N/ALink[ S2 - Error ] [ farm-name ] RDS Burst Balance alertRunbook
RDS Burst Balance (Burst Balance is 0)N/ALink[ S0 - Urgent ] [ farm-name ] RDS Burst Balance alertRunbook

S2

RDS DBLoad (AWS Specific, via performance insight, more than 2 times of CPU number for more than one hour)Database load (via query insight, execution_time, more than 2 times of CPU capacity)

Link

Link

[ S2 - Error ] [ farm-name ] SMA RDS DBLoad alert

[ S2 - Error ] [ farm-name ] CMS RDS DBLoad alert

Runbook
RDS DBLoad (AWS Specific, via performance insight, more than 4 times of CPU number for more than one hour)Database load (via query insight, execution_time, more than 4 times of CPU capacity)

Link

Link

[ S1 - Critical ] [ farm-name ] SMA RDS DBLoad alert

[ S1 - Critical ] [ farm-name ] CMS RDS DBLoad alert

Runbook

S3

RDS DBLoadNonCPU (AWS Specific, via performance insight, more than 1 times of CPU number more than one hour)IO wait time+Lock wait time (via query insight,, more than 1 times of CPU capacity)

Link

Link

[ S3 - Warning ] [ farm-name ] SMA RDS DBLoadNonCPU alert

[ S3 - Warning ] [ farm-name ] CMS RDS DBLoadNonCPU alert

Runbook

Wait events (Total of all events,?)

Query latency (Total of all the latencies,?)

Locks (TBD)

LinkBlock Session Count

Long active queries (TBD)

Linklong active query duration

Capture RDS top 10 query (TBD)

    1. Clean stat_statement daily
    2. capture during runtime if CPU is more than 97% for 60 mins

Link

RDS top 10 query

Dead tuple (TBD)

Link

Link

Link

dead tuple ems

dead tuple rms

dead tuple idm

OS (Node level)

CPU

S2

CPU more than 97% for more than 60 minsSame as AWSLink[ S2 - Error ] [ farm-name ] Node CPU Usage alertRunbook

S2

CPU (sy: system >70% for more than 60 mins )(mark for review)Same as AWSLink[ S2 - Error ] [ farm-name ] Node CPU System alertRunbook

S2

CPU (si: soft interrupts > 15% for more than 60 mins )(mark for review)Same as AWSLink[ S2 - Error ] [ farm-name ] Node CPU Soft Interrupts alertRunbook

Memory

S3

Memory more than 95% for more than 10 minsSame as AWSLink[ S3 - Warning ] [ farm-name ] Node Mem Usage alertRunbook

Disk

S3

Disk usage more than 95%Same as AWSLink[ S3 - Warning ] [ farm-name ] Node Disk Usage alertRunbook

Disk read/write latency (TBD)

Same as AWS

Link

Link

Disk Read Latency

Disk Write Latency

S3

Inode usage > 97%

Same as AWS

Link[ S3 - Warning ] [ farm-name ] Disk Inode Usage alertRunbook

Node disk IO load (TBD)

Same as AWS

LinkDisk IOPS

Network

network operation latency(TBD)

Same as AWS

network transit error rate(TBD)

Same as AWS

LinkNetwork Transit Error Rate

network transit drop rate(TBD)

Same as AWS

LinkNetwork Transit Drop Rate

network transit queue length(TBD)

Same as AWS

Throughput / bandwidth (TBD)

Same as AWS

S3

Load (Load Avg 15m/core number > 200% for 35 mins )Same as AWSLink[ S3 - Warning ] [ farm-name ] Node Load Avg 15m/coreRunbook
Container

CPU

S2

CPU (CPU more than 97% for more than 60 mins)Same as AWSLink[ S2 - Error ] [ farm-name ] Pod CPU usage alertRunbook

Memory

swap usage

Same as AWS

LinkPod Swap Usage

Disk

Disk read/write latency (TBD)

Same as AWS

Link

Link

Pod Disk Read Latency

Pod Disk Write Latency

S3

Inode usage(free/total) > 97%

Same as AWS

Link[ S3 - Warning ] [ farm-name ] Pod Inode Usage alertRunbook

Network

network transit error rate(TBD)

Same as AWS

LinkPod Network Transit Error Rate

network transit drop rate(TBD)

Same as AWS

LinkPod Network Transit Drop Rate

Unavailable service

SMAXcritical path unavailable: svc portal / runtime ui/ gateway/ platform / redis / rabbitmq / bo-login / idm / bo-ats / ingress-nginx / sma-ui / bo-farcade

Same as AWS

Link[ S0 - Urgent ] [ farm-name ] SMA Unavailable k8s resource alertRunbook

S2

SMAXimpact partial of business: others not in S0, search related (content, DIH, DAH, search, proxy) / auto pass / bo-ui / bo-user

Same as AWS

Link[ S2 - Error ] [ farm-name ] SMA Unavailable k8s resource alertRunbook

S3

SMAXno obvious impact on business: XMPP / XIE / Smart Ticket / stx / virtual agent / ppo / web socket gateway / smart-ui / ocr / smarta-installer

Same as AWS

Link[ S3 - Warning ] [ farm-name ] SMA Unavailable k8s resource alertRunbook

S4

SMAXservices out side of ESM / toolkit

Same as AWS

Link[ S4 - Info ] [ farm-name ] SMA Unavailable k8s resource alertRunbook

CMScritical path unavailable: itom-cms-gateway, itom-idm, itom-ingress-controller, itom-ucmdb-browser, tom-ucmdb-solr, itom-ucmdb (both are down)

Same as AWS

Link[ S0 - Urgent ] [ farm-name ] CMS Unavailable k8s resource alertRunbook

S2

CMSimpact partial of business: itom-autopass-lms, itom-vault, itom-ucmdb (either is down)

Same as AWS

Link[ S2 - Error ] [ farm-name ] CMS Unavailable k8s resource alertRunbook

S3

CMS no obvious impact on business:

Same as AWS

S4

CMSservices out side of ESM / toolkit: itom-ucmdb-probe, itom-ucmdb-dfp-lunux-installer, itom-ucmdb-dfp-windows-installer, itom-ucmdb-localclient-installers

Same as AWS

Link[ S4 - Info ] [ farm-name ] CMS Unavailable k8s resource alertRunbook

Load

S3

Load Avg 15m/core number > 200% for 35 mins (TBD, because it's not observable via current metrics)

Same as AWS

LinkPod Load Avg 10sRunbook

Threads

container_threads on process (TBD)

Same as AWS

LinkThreads

Pod balancing (TBD)

App metrics

Thread

Connections

Limits

Smart Analytics

S3

SMAXContent data ratio(total doc/committed doc) > 1.20

Same as AWS

Link[ S3 - Warning ] [ farm-name ] SmartA Data Compact Ration alertRunbook

Rabbitmq (each node)

S3

SMAXqueue > 200 / 250 for more than 30 mins (200 for medium profile or lower, 250 for large profile)

Same as AWS

Link[ S3 - Warning ] [ farm-name ] Rabbitmq Queue alertRunbook

S3

SMAXPending Messages/Minute > 500 for more than 30 mins (Mark for review)

Same as AWS

Link[ S3 - Warning ] [ farm-name ] Rabbitmq Messages/Minute alertRunbook

SMAXMessage queue not equally distributed to different cluster nodes(TBD)

Same as AWS

Runbook

IDM

S4

SMAXActive user (per profile, medium profile > 1100 for more than 30 mins, large profile > 3000 for more than 30 mins )

Same as AWS

Link[ S4 - Info ] [ farm-name ] IDM active users alertRunbook

Gateway

S2

SMAXTomcat https connector currentThreadsBusy > 30 for 30 mins

(EU8-Prod) Tomcat https connector currentThreadsBusy > 30 for 30 mins or Tomcat https connector currentThreadsBusy > 60 for 15 mins or Tomcat https connector currentThreadsBusy > 90 for 5 mins

Same as AWS

Link[ S2 - Error ] [ farm-name ] Gateway Tomcat https connector currentThreadsBusy alertRunbook

S2

SMAXHttpclient InUse > 20 for 30 mins

(EU8-Prod) Httpclient InUse > 20 for 30 mins or Httpclient InUse > 30 for 15 mins or Httpclient InUse > 80 for 5 mins

Same as AWS

Link[ S2 - Error ] [ farm-name ] Gateway Httpclient InUse alertRunbook

Platform

S2

SMAXTomcat https connector currentThreadsBusy > 30 for 30 mins

(EU8-Prod) Tomcat https connector currentThreadsBusy > 30 for 30 mins or Tomcat https connector currentThreadsBusy > 60 for 15 mins or Tomcat https connector currentThreadsBusy > 90 for 5 mins

Same as AWS

Link[ S2 - Error ] [ farm-name ] Platform Tomcat https connector currentThreadsBusy alertRunbook

S2

SMAXHttpclient InUse > 20 for 30 mins

(EU8-Prod) Httpclient InUse > 20 for 30 mins or Httpclient InUse > 30 for 15 mins or Httpclient InUse > 80 for 5 mins

Same as AWS

Link[ S2 - Error ] [ farm-name ] Platform Httpclient InUse alertRunbook

Serviceportal

S2

SMAXTomcat https connector currentThreadsBusy > 30 for 30 mins

(EU8-Prod) Tomcat https connector currentThreadsBusy > 30 for 30 mins or Tomcat https connector currentThreadsBusy > 60 for 15 mins or Tomcat https connector currentThreadsBusy > 90 for 5 mins

Same as AWS

Link[ S2 - Error ] [ farm-name ] Serviceportal Tomcat https connector currentThreadsBusy alertRunbook

S2

SMAXHttpclient InUse > 20 for 30 mins

(EU8-Prod) Httpclient InUse > 20 for 30 mins or Httpclient InUse > 30 for 15 mins or Httpclient InUse > 80 for 5 mins

Same as AWS

Link[ S2 - Error ] [ farm-name ] Serviceportal Httpclient InUse alertRunbook

OpenSearch based Monitoring (TBD)

Access 5xx

Access Response time

Database level customer metrics

NativeSACM Transaction Context Queue

Same as AWS

LinkNativeSACM Transaction Context Queue

NativeSACM Transaction Context Queue retries

Same as AWS

LinkNativeSACM Transaction Context Queue retries

NativeSACM Transaction Context Queue stuck?

Same as AWS

SLT Job queue

Same as AWS

Link

TextDetection Job queue

Same as AWS

Link

IndexEntities Job queue

Same as AWS

Link

EntitiesHandler Job queue

Same as AWS

Link

SLT Job Delay time[mins]

Same as AWS

Link

TextDetection Job Delay time[mins]

Same as AWS

Link

IndexEntities Job Delay time[mins]

Same as AWS

Link

EntitiesHandler Job Delay time[mins]

Same as AWS

Link
Instrumental

Method

Query

Others

When to scale out (overloaded)

diff --git a/knowledgebase/csd-wiki/ICSD/ESM-Cloud-Unified-Monitoring_686074338.md b/knowledgebase/csd-wiki/ICSD/ESM-Cloud-Unified-Monitoring_686074338.md new file mode 100644 index 00000000..c1bd2625 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/ESM-Cloud-Unified-Monitoring_686074338.md @@ -0,0 +1,26 @@ +# ESM-Cloud-Unified-Monitoring_686074338 +## Legends + +S2 + +S3 + +S4 + +NEW + +Check here for the [severity definitions](https://rndwiki.houston.softwaregrp.net/confluence/display/ICS/Monitoring+Alert+Serverity+Definition). + +## Introduction + +This guide presents all the items related to monitoring the ESM product on SaaS. + +## Levels of monitoring + +## Alerts + +Alerts comes with monitoring and experience. + +Here is a reference list of items to be sent as alerts. [A grafana monitoring dashboards](https://github.houston.softwaregrp.net/smax-saas-ops/ESM-Saas-Monitoring) are developed based on below list. + +
Monitoring LevelCategorySeverityCodeAlert DescriptionSample ChartAlert MessageRunbook
Infrastructure

Compute

ALB HTTP 5XX Count (More than 34 in a 3 mins time frame)Link[ S0 - Urgent ] [ farm-name ] ALB HTTP 5XX Count alertRunbook

S2

ALB Target 5xx CountLink
Storage

S3

EBS Disk Queue Depth (EBS disk queue depth more than 5 for more than 10 mins)Link[ S3 - Warning ] [ farm-name ] EBS Disk Queue Depth alertRunbook

S2

EBS Burst Balance Average (EBS burst balance below 40% for more than 30 mins )Link[ S2 - Error ] [ farm-name ] EBS Burst Balance Average alertRunbook
EBS Burst Balance Average (EBS burst balance is below 0)Link[ S0 - Urgent ] [ farm-name ] EBS Burst Balance Average alertRunbook

S2

EFS Burst Credit Balance (Burst credit below 40% for more than 15 mins )Link[ S2 - Error ] [ farm-name ] EFS Burst Credit Balance alertRunbook
EFS Burst Credit Balance (Burst credit is 0)Link[ S0 - Urgent ] [ farm-name ] EFS Burst Credit Balance alertRunbook

Virtualization

Database

S2

RDS CPU Utilization (CPU more than 97% for more than 30 mins)Link[ S2 - Error ] [ farm-name ] RDS CPU Utilization alertRunbook

S2

CPU (sy: system >70% for more than 60 mins )Link[ S2 - Error ] [ farm-name ] RDS cpuUtilization System alertRunbook

S2

CPU (si: soft interrupts > 15% for more than 60 mins )Link[ S2 - Error ] [ farm-name ] RDS CPU Soft Interrupts alertRunbook

S3

Disk queue depth (EBS disk queue depth more than 5 for more than 10 mins)Link[ S3 - Warning ] [ farm-name ] RDS Disk queue depth alertRunbook

S2

Disk (Free Storage Space is below 500 MB)Link[ S2 - Error ] [ farm-name ] RDS Disk Free Storage Space alertRunbook

S2

Disk (Storage has enough space to auto-scale, (Free Space + Max Autoscaling Storage - Allocated Storage) / Allocated Storage < 0.2 )Runbook

S2

Memory (Free memory less than 5% for more than 5 mins)Link[ S2 - Error ] [ farm-name ] RDS Free Memory Percentage alertRunbook
Memory (Free memory less than 2% for more than 5 mins)Link[ S0 - Urgent ] [ farm-name ] RDS Free Memory Percentage alertRunbook

S2

Storage (Burst Balance below 40% for more than 30 mins )Link[ S2 - Error ] [ farm-name ] RDS Burst Balance alertRunbook
RDS Burst Balance (Burst Balance is 0)Link[ S0 - Urgent ] [ farm-name ] RDS Burst Balance alertRunbook

S2

RDS DBLoad (AWS Specific, via performance insight, more than 2 times of CPU number for more than one hour)

Link

Link

[ S2 - Error ] [ farm-name ] SMA RDS DBLoad alert

[ S2 - Error ] [ farm-name ] CMS RDS DBLoad alert

Runbook
RDS DBLoad (AWS Specific, via performance insight, more than 4 times of CPU number for more than one hour)

Link

Link

[ S1 - Critical ] [ farm-name ] SMA RDS DBLoad alert

[ S1 - Critical ] [ farm-name ] CMS RDS DBLoad alert

Runbook

S3

RDS DBLoadNonCPU (AWS Specific, via performance insight, more than 1 times of CPU number more than one hour)

Link

Link

[ S3 - Warning ] [ farm-name ] SMA RDS DBLoadNonCPU alert

[ S3 - Warning ] [ farm-name ] CMS RDS DBLoadNonCPU alert

Runbook

Locks (TBD)

LinkBlock Session Count

Long active queries (TBD)

Linklong active query duration

Capture RDS top 10 query (TBD)

    1. Clean stat_statement daily
    2. capture during runtime if CPU is more than 97% for 60 mins

Link

RDS top 10 query

Dead tuple (TBD)

Link

Link

Link

dead tuple ems

dead tuple rms

dead tuple idm

OS (Node level)

CPU

S2

CPU more than 97% for more than 60 minsLink[ S2 - Error ] [ farm-name ] Node CPU Usage alertRunbook

S2

CPU (sy: system >70% for more than 60 mins )(mark for review)Link[ S2 - Error ] [ farm-name ] Node CPU System alertRunbook

S2

CPU (si: soft interrupts > 15% for more than 60 mins )(mark for review)Link[ S2 - Error ] [ farm-name ] Node CPU Soft Interrupts alertRunbook

Memory

S3

Memory more than 95% for more than 10 minsLink[ S3 - Warning ] [ farm-name ] Node Mem Usage alertRunbook

Disk

S3

Disk usage more than 95%Link[ S3 - Warning ] [ farm-name ] Node Disk Usage alertRunbook

Disk read/write latency (TBD)

Link

Link

Disk Read Latency

Disk Write Latency

S3

Inode usage > 97%

Link[ S3 - Warning ] [ farm-name ] Disk Inode Usage alertRunbook

Node disk IO load (TBD)

LinkDisk IOPS

Network

network operation latency(TBD)

network transit error rate(TBD)

LinkNetwork Transit Error Rate

network transit drop rate(TBD)

LinkNetwork Transit Drop Rate

network transit queue length(TBD)

Throughput / bandwidth (TBD)

S3

Load (Load Avg 15m/core number > 200% for 35 mins )Link[ S3 - Warning ] [ farm-name ] Node Load Avg 15m/coreRunbook
Container

CPU

S2

CPU (CPU more than 97% for more than 60 mins)Link[ S2 - Error ] [ farm-name ] Pod CPU usage alertRunbook

Memory

swap usage

LinkPod Swap Usage

Disk

Disk read/write latency (TBD)

Link

Link

Pod Disk Read Latency

Pod Disk Write Latency

S3

Inode usage(free/total) > 97%

Link[ S3 - Warning ] [ farm-name ] Pod Inode Usage alertRunbook

Network

network transit error rate(TBD)

LinkPod Network Transit Error Rate

network transit drop rate(TBD)

LinkPod Network Transit Drop Rate

Unavailable service

SMAXcritical path unavailable: svc portal / runtime ui/ gateway/ platform / redis / rabbitmq / bo-login / idm / bo-ats / ingress-nginx / sma-ui / bo-farcade

Link[ S0 - Urgent ] [ farm-name ] SMA Unavailable k8s resource alertRunbook

S2

SMAXimpact partial of business: others not in S0, search related (content, DIH, DAH, search, proxy) / auto pass / bo-ui / bo-user

Link[ S2 - Error ] [ farm-name ] SMA Unavailable k8s resource alertRunbook

S3

SMAXno obvious impact on business: XMPP / XIE / Smart Ticket / stx / virtual agent / ppo / web socket gateway / smart-ui / ocr / smarta-installer

Link[ S3 - Warning ] [ farm-name ] SMA Unavailable k8s resource alertRunbook

S4

SMAXservices out side of ESM / toolkit

Link[ S4 - Info ] [ farm-name ] SMA Unavailable k8s resource alertRunbook

CMScritical path unavailable: itom-cms-gateway, itom-idm, itom-ingress-controller, itom-ucmdb-browser, tom-ucmdb-solr, itom-ucmdb (both are down)

Link[ S0 - Urgent ] [ farm-name ] CMS Unavailable k8s resource alertRunbook

S2

CMSimpact partial of business: itom-autopass-lms, itom-vault, itom-ucmdb (either is down)

Link[ S2 - Error ] [ farm-name ] CMS Unavailable k8s resource alertRunbook

S3

CMS no obvious impact on business:

S4

CMSservices out side of ESM / toolkit: itom-ucmdb-probe, itom-ucmdb-dfp-lunux-installer, itom-ucmdb-dfp-windows-installer, itom-ucmdb-localclient-installers

Link[ S4 - Info ] [ farm-name ] CMS Unavailable k8s resource alertRunbook

Load

S3

Load Avg 15m/core number > 200% for 35 mins (TBD, because it's not observable via current metrics)

LinkPod Load Avg 10sRunbook

Threads

container_threads on process (TBD)

LinkThreads

Pod balancing (TBD)

App metrics

Thread

Connections

Limits

Smart Analytics

S3

SMAXContent data ratio(total doc/committed doc) > 1.20

Link[ S3 - Warning ] [ farm-name ] SmartA Data Compact Ration alertRunbook

Rabbitmq (each node)

S3

SMAXqueue > 200 / 250 for more than 30 mins (200 for medium profile or lower, 250 for large profile)

Link[ S3 - Warning ] [ farm-name ] Rabbitmq Queue alertRunbook

S3

SMAXPending Messages/Minute > 500 for more than 30 mins (Mark for review)

Link[ S3 - Warning ] [ farm-name ] Rabbitmq Messages/Minute alertRunbook

SMAXMessage queue not equally distributed to different cluster nodes(TBD)

Runbook

IDM

S4

SMAXActive user (per profile, medium profile > 1100 for more than 30 mins, large profile > 3000 for more than 30 mins )

Link[ S4 - Info ] [ farm-name ] IDM active users alertRunbook

Gateway

S2

SMAXTomcat https connector currentThreadsBusy > 30 for 30 mins

(EU8-Prod) Tomcat https connector currentThreadsBusy > 30 for 30 mins or Tomcat https connector currentThreadsBusy > 60 for 15 mins or Tomcat https connector currentThreadsBusy > 90 for 5 mins

Link[ S2 - Error ] [ farm-name ] Gateway Tomcat https connector currentThreadsBusy alertRunbook

S2

SMAXHttpclient InUse > 20 for 30 mins

(EU8-Prod) Httpclient InUse > 20 for 30 mins or Httpclient InUse > 30 for 15 mins or Httpclient InUse > 80 for 5 mins

Link[ S2 - Error ] [ farm-name ] Gateway Httpclient InUse alertRunbook

Platform

S2

SMAXTomcat https connector currentThreadsBusy > 30 for 30 mins

(EU8-Prod) Tomcat https connector currentThreadsBusy > 30 for 30 mins or Tomcat https connector currentThreadsBusy > 60 for 15 mins or Tomcat https connector currentThreadsBusy > 90 for 5 mins

Link[ S2 - Error ] [ farm-name ] Platform Tomcat https connector currentThreadsBusy alertRunbook

S2

SMAXHttpclient InUse > 20 for 30 mins

(EU8-Prod) Httpclient InUse > 20 for 30 mins or Httpclient InUse > 30 for 15 mins or Httpclient InUse > 80 for 5 mins

Link[ S2 - Error ] [ farm-name ] Platform Httpclient InUse alertRunbook

Serviceportal

S2

SMAXTomcat https connector currentThreadsBusy > 30 for 30 mins

(EU8-Prod) Tomcat https connector currentThreadsBusy > 30 for 30 mins or Tomcat https connector currentThreadsBusy > 60 for 15 mins or Tomcat https connector currentThreadsBusy > 90 for 5 mins

Link[ S2 - Error ] [ farm-name ] Serviceportal Tomcat https connector currentThreadsBusy alertRunbook

S2

SMAXHttpclient InUse > 20 for 30 mins

(EU8-Prod) Httpclient InUse > 20 for 30 mins or Httpclient InUse > 30 for 15 mins or Httpclient InUse > 80 for 5 mins

Link[ S2 - Error ] [ farm-name ] Serviceportal Httpclient InUse alertRunbook

OpenSearch based Monitoring (TBD)

Access 5xx

Access Response time

Database level customer metrics

NativeSACM Transaction Context Queue

LinkNativeSACM Transaction Context Queue

NativeSACM Transaction Context Queue retries

LinkNativeSACM Transaction Context Queue retries

NativeSACM Transaction Context Queue stuck?

SLT Job queue

Link

TextDetection Job queue

Link

IndexEntities Job queue

Link

EntitiesHandler Job queue

Link

SLT Job Delay time[mins]

Link

TextDetection Job Delay time[mins]

Link

IndexEntities Job Delay time[mins]

Link

EntitiesHandler Job Delay time[mins]

Link
Instrumental

Method

Query

Others

When to scale out (overloaded)

diff --git a/knowledgebase/csd-wiki/ICSD/ESM-Customer-Configuration-Deviations_713163911.md b/knowledgebase/csd-wiki/ICSD/ESM-Customer-Configuration-Deviations_713163911.md new file mode 100644 index 00000000..925464b7 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/ESM-Customer-Configuration-Deviations_713163911.md @@ -0,0 +1,38 @@ +# ESM-Customer-Configuration-Deviations_713163911 +1. [ITOM Cloud Service Delivery](index.html) +2. [ITOM Cloud Service Delivery](ITOM-Cloud-Service-Delivery_681555087.html) +3. [ITOM Cloud Applications Version Tracking](ITOM-Cloud-Applications-Version-Tracking_686069647.html) +4. [ESM Cloud Farm Version Tracking](ESM-Cloud-Farm-Version-Tracking_684925423.html) + +Created by on Jul 29, 2025 EDT + +## ESM Cloud Farms + +| Farm | Region | Configuration Deviations | Notes | +| --- | --- | --- | --- | +| AP10-Prod | Sydney | | | +| BR14-Prod | Sao Paulo | | | +| CA16-Prod | Canada | | | +| EU3-Prod | Frankfurt | | | +| EU8-Prod | Frankfurt | | | +| EU28-Prod | Frankfurt | | | +| EU38-Prod | Frankfurt | | | +| JP12-Prod | Seoul | | | +| SA34-Prod | Africa (Cape Town) | | | +| US2-Prod | Oregon | | | +| US7-Prod | Oregon | | | +| US24-Prod | Oregon | | | +| US26-Prod | Oregon | | | + +## AIS Cloud Farms + +| Farm | Region | Configuration Deviations | Notes | +| --- | --- | --- | --- | +| US30-Prod | Oregon | | | +| EU32-Prod | Frankfurt | | | +| | | | | +| | | | | + +Document generated by Confluence on Sep 15, 2025 22:24 EDT + +[Atlassian](https://www.atlassian.com/) diff --git a/knowledgebase/csd-wiki/ICSD/ESM-Customer-Tenant-Decommission_688996785.md b/knowledgebase/csd-wiki/ICSD/ESM-Customer-Tenant-Decommission_688996785.md new file mode 100644 index 00000000..9fb39a8f --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/ESM-Customer-Tenant-Decommission_688996785.md @@ -0,0 +1,44 @@ +# ESM-Customer-Tenant-Decommission_688996785 +## Introduction + +This guide help user to use X4X service offering to request a ESM customer tenant decommission. + +## Service Offering for ordinary user + +1. Go to X4X tenant: [https://us2-smax.saas.microfocus.com/saw/ess?TENANTID=202385354](https://us2-smax.saas.microfocus.com/saw/ess?TENANTID=202385354) +2. Check Service Catalog: Trial +3. Check service offering: Request Tenant Decommission +4. Input the justification for the request, which farm the tenant located in and tenant ID, submit. +5. The Ops team will receive the notification of the request. + +## Service offering for Ops team member + +1. Go to X4X tenant: [https://us2-smax.saas.microfocus.com/saw/ess?TENANTID=202385354](https://us2-smax.saas.microfocus.com/saw/ess?TENANTID=202385354) +2. Check Service Catalog: ESM Provisioning +3. Check service offering: Set Tenant Decommission +4. Input the justification for the request, which farm the tenant located in +5. and Select the SMAX tenant which hostname is tenant ID, same as CMS, OO and DND, leave it if empty, submit. +6. Click "Delete Immediately" if tenant could be decommissioned right now. +7. Input the source request id if there have the relevent request from x4x or PCS. +8. The request will be approved by ShenWei and Wenjun to go to the decommission process. + +Resources: + +1. KT on ESM tenant decommissioning: [Open Text Intranet](https://intranet.opentext.com/intranet/llisapi.dll/app/nodes/263386543?tab=1) + +**Related pages** + +- Page: + [ESM Cloud Farm Version Tracking](/display/ICSD/ESM+Cloud+Farm+Version+Tracking) +- Page: + [How to get an Opentext Confluence account](/display/ICSD/How+to+get+an+Opentext+Confluence+account) +- Page: + [ITOM APM AppPluse Cloud Farm Information](/display/ICSD/ITOM+APM+AppPluse+Cloud+Farm+Information) +- Page: + [ITOM Cloud Service Ops Doc Management Process](/display/ICSD/ITOM+Cloud+Service+Ops+Doc+Management+Process) +- Page: + [ITOM ESM Cloud Service Catalog](/display/ICSD/ITOM+ESM+Cloud+Service+Catalog) +- Page: + [ITOM OpsB NOM Cloud Service Catalog](/display/ICSD/ITOM+OpsB+NOM+Cloud+Service+Catalog) +- Page: + [OpsB and NOM Cloud Deployments Version Tracking](/display/ICSD/OpsB+and+NOM+Cloud+Deployments+Version+Tracking) diff --git a/knowledgebase/csd-wiki/ICSD/ESM-Emergency-Change-Process_718140336.md b/knowledgebase/csd-wiki/ICSD/ESM-Emergency-Change-Process_718140336.md new file mode 100644 index 00000000..0cad7d95 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/ESM-Emergency-Change-Process_718140336.md @@ -0,0 +1,38 @@ +# ESM-Emergency-Change-Process_718140336 +## Introduction + +This is the process for a CSD ESM Operations engineer to operate an emergency change logged by any of the teams: Core CPE, Support, RnD, QA. The process is subject to change. + +**!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Note: Please mark this page as "Liked" that means that you have acknowledged it!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!** + +## Process + +Here is the summary of the process: + +1\. The customer logs a support request or a service request for an issue impacting their productivity. + +2\. Any non-Ops team engineer receives the request on #1 and concludes that an emergency change is needed to fix the issue. + +3\. The non-Ops engineer logs an incident in PCS and asks for the emergency intervention from SaaS Ops team. Make sure to be clear about what and how needs to be operated. Also the non-Ops engineer logs an Unplanned Change in X4X that will follow the flow: the Ops engineer will update it with the emergency intervention, it will be approved by the management, it will be picked up by an Ops engineer and it will be closed (since it had been already operated). + +4\. The non-Ops engineer requests the intervention of the Ops engineer team via the **ESM Cloud Team (CORE CPE & Cloud Service)** chat. If there is no feedback within 15 minutes, the non-Ops engineer calls the on-call Ops engineer in order to operate the emergency change logged on #3. + +5\. The Ops engineer answers the phone call made on #4 and operates the emergency change according to the details specified in the incident logged on #3. + +6\. At the end of the emergency change operated by the Ops engineer, he/she updates the incident logged on #3 and also leaves a comment in the Unplanned Change logged on point #3, to document the intervention. He/She also reassigns the PCS incident back to its requester's team and name. + +## The visual summary of the process + +## Conclusions + +In case of an emergency change that requires the ESM CSD Ops team intervention, if there is no feedback in the Teams channel **ESM Cloud Team (CORE CPE & Cloud Service)** within 15 minutes, please check who is the on-call Operations engineer at the moment of the incident on the [EverBridge portal](https://member.everbridge.net/manage/453003085617753/1956345255324613#/scheduling/my-schedule) and contact him/her by phone, according the the Confluence page [here](https://confluence.opentext.com/display/ICSD/ESM+SaaS+RnD+Coverage). + +**!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Note: Please mark this page as "Liked" that means that you have acknowledged it!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!** + +## Useful links + +On-call schedule of the CSD ESM Operations team: [EverBridge portal](https://member.everbridge.net/manage/453003085617753/1956345255324613#/scheduling/my-schedule). + +Work phone no. of the CSD ESM Operations team: [Confluence page](https://confluence.opentext.com/display/ICSD/ESM+SaaS+CSD+Ops+Coverage). + +X4X link: [X4X Self Service Portal](https://us2-smax.saas.microfocus.com/saw/ess?TENANTID=202385354) diff --git a/knowledgebase/csd-wiki/ICSD/ESM-Farm-Cloud-Deployment-Naming-Convention_686065579.md b/knowledgebase/csd-wiki/ICSD/ESM-Farm-Cloud-Deployment-Naming-Convention_686065579.md new file mode 100644 index 00000000..d46f5637 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/ESM-Farm-Cloud-Deployment-Naming-Convention_686065579.md @@ -0,0 +1,91 @@ +# ESM-Farm-Cloud-Deployment-Naming-Convention_686065579 +## Introduction + +## New Farm FQDN Naming Convention + +### ESM SaaS Farm: + +- SMAX: https://- [smax.saas.microfocus.com](http://smax.saas.microfocus.com/) +- CMS: https://cms.-smax.saas.microfocus.com +- OO: https://oo.- [smax.saas.microfocus.com](http://smax.saas.microfocus.com/) +- Audit: https://audit.-smax.saas.microfocus.com + +### DCA Instance + +https://.[saas.microfocus.com](http://saas.microfocus.com/) + +DCA Alias: -- + +For example: [https://us6-prod-dca.saas.microfocus.com](https://us6-prod-dca.saas.microfocus.com/) + +## AWS Infrastructure Naming Convention + +### EC2 Instance + +- eu8-prod-smax-worker +- eu8-prod-cms-worker +- eu8-prod-cms-probe-windows +- eu8-prod-oo-worker +- eu8-prod-monitor-worker +- eu8-prod-logging-worker +- eu8-prod-logging-logstash-linux +- eu8-prod-bastion-server-linux +- eu8-prod-bastion-server-windows +- eu8-prod-vertica-node-linux +- eu8-prod-vertica-mc-linux +- eu8-prod-opb-agent-server-windows +- eu8-prod-sm-server-windows +- eu8-prod-idol-server-windows +- eu8-prod-jenkins-server-linux + +### RDS + +- us1-prod-smax-rds +- us1-prod-cms-rds +- us1-prod-oo-rds +- us2-dev-smax-rds + +### EFS + +- us1-prod-smax-efs +- us1-prod-cms-efs +- us1-prod-oo-efs +- us2-dev-smax-efs +- us2-dev-oo-efs + +### Subnets + +- us24-prod-public-subnet-1 +- us24-prod-public-subnet-2 +- us24-prod-public-subnet-3 +- us24-prod-private-subnet-1 +- us24-prod-private-subnet-2 +- us24-prod-private-subnet-3 +- us24-prod-database-subnet-1 +- us24-prod-database-subnet-2 + +### SecurityGroup: + +- us24-prod-bastion-securitygroup + +### Backup Plan + +- - us1-prod-aws-backup-plan + - us2-prod-aws-backup-plan + - jp12-stg-aws-backup-plan + +#### Backup Rules + +- - us1-prod-6h-backup-rule + - us2-prod-6h-backup-rule + +#### Resource Assignment + +### S3 bucket for Vertica + +- us2-prod-vertica-data + +### S3 bucket for Velero + +- us2-prod-velero-backup-file +- us1-prod-velero-backup-file diff --git a/knowledgebase/csd-wiki/ICSD/ESM-Monthly-SLA-Result_686070050.md b/knowledgebase/csd-wiki/ICSD/ESM-Monthly-SLA-Result_686070050.md new file mode 100644 index 00000000..6ebb6b11 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/ESM-Monthly-SLA-Result_686070050.md @@ -0,0 +1,57 @@ +# ESM-Monthly-SLA-Result_686070050 +## SMAX SLA + +| | Aug 2025 | July 2025 | June 2025 | May 2025 | Apr 2025 | Mar 2025 | Feb 2025 | Dec 2024 | Nov 2024 | Oct 2024 | Sept 2024 | Jul 2024 | Jun 2024 | May 2024 | Apr 2024 | Mar 2024 | Feb 2024 | Jan 2024 | +| --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | +| ###### EU3-PROD | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | +| ###### US7-PROD | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | +| ###### US2-PROD | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | +| ###### US6-PROD | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | +| ###### EU8-PROD | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 99.975% | +| ###### AP10-PROD | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | +| ###### JP12-PROD | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | +| ###### BR14-PROD | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 99,836% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | +| ###### US24-PROD | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | +| ###### CA16-PROD | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | +| ###### EU18-PROD | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 99,884% | 100% | +| ###### US26-PROD | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | +| ###### US28-PROD | 100% | 100% | 100% | 99.993% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | | | | | | | +| ###### SA34-PROD | 100% | 100% | 100% | | | | | | | | | | | | | | | | | | + +## CMS SLA + +| | Aug 2025 | July 2025 | June 2025 | May 2025 | Apr 2025 | Mar 2025 | Feb 2025 | Sep 2024 | Apr 2024 | +| --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | +| ###### EU3-PROD | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | +| ###### US7-PROD | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 99.481% | 100% | 100% | 100% | 100% | 100% | 100% | +| ###### US2-PROD | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 99.497% | 100% | 100% | 100% | 100% | 100% | 100% | +| ###### US6-PROD | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 99.372% | 100% | 100% | 100% | 100% | 100% | 100% | +| ###### EU8-PROD | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 99.959% | 99.975% | 100% | 99.922% | 99.921% | 99.920% | 99.977% | +| ###### AP10-PROD | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | +| ###### JP12-PROD | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | +| ###### BR14-PROD | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 99.447% | 100% | 100% | 100% | 100% | 100% | 100% | +| ###### US24-PROD | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 99.523% | 100% | 100% | 100% | 100% | 100% | 100% | +| ###### CA16-PROD | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 99.422% | 100% | 100% | 100% | 100% | 100% | 100% | +| ###### EU18-PROD | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | +| ###### US26-PROD | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 99.413% | 100% | 100% | 100% | 100% | 100% | 100% | +| ###### US28-PROD | 100% | 100% | 100% | 99.926% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | | | | | | | +| ###### SA34-PROD | 100% | 100% | 100% | | | | | | | | | | | | | | | | | | + +## Introduction + +**Related pages** + +- Page: + [ESM Cloud Farm Version Tracking](/display/ICSD/ESM+Cloud+Farm+Version+Tracking) +- Page: + [How to get an Opentext Confluence account](/display/ICSD/How+to+get+an+Opentext+Confluence+account) +- Page: + [ITOM APM AppPluse Cloud Farm Information](/display/ICSD/ITOM+APM+AppPluse+Cloud+Farm+Information) +- Page: + [ITOM Cloud Service Ops Doc Management Process](/display/ICSD/ITOM+Cloud+Service+Ops+Doc+Management+Process) +- Page: + [ITOM ESM Cloud Service Catalog](/display/ICSD/ITOM+ESM+Cloud+Service+Catalog) +- Page: + [ITOM OpsB NOM Cloud Service Catalog](/display/ICSD/ITOM+OpsB+NOM+Cloud+Service+Catalog) +- Page: + [OpsB and NOM Cloud Deployments Version Tracking](/display/ICSD/OpsB+and+NOM+Cloud+Deployments+Version+Tracking) diff --git a/knowledgebase/csd-wiki/ICSD/ESM-ODL-Integration_693613201.md b/knowledgebase/csd-wiki/ICSD/ESM-ODL-Integration_693613201.md new file mode 100644 index 00000000..45cdcc46 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/ESM-ODL-Integration_693613201.md @@ -0,0 +1,151 @@ +# ESM-ODL-Integration_693613201 +## This is wiki helps the R&D team for the successfully integration of ESM and Operation Platform Integration for a tenant. + +## Pre-requisites: + +###### ESM and OP charts are deployed on the same cluster on different name spaces. + +###### ESM tenat is created and Automation Center capabilty is enabled + +###### ESM tenant, the Operation Platform tenant and users are created + +## 1\. Configure OPTIC Data Lake certificates + +## Download OPTIC Data Lake certificates + +[https://docs.microfocus.com/doc/SMAX/24.3/IntegrateODL](https://docs.microfocus.com/doc/SMAX/24.3/IntegrateODL) + +Follow the below steps to get Opeation Platform certificates: + +1. 1. Invoke `https://:443/ browser`, click **Not secure** and **Certificate is not valid**. + 2. Go to the **Details** tab and select the root certificate, then click **Export**. + +(Optional) If you want to use ports different from 443, you also need to import different certificates for them. For example, you have the following Administration and Data receiver URLs: + +- - https://< `OpsbServerName` >:30004/itom-data-ingestion-administration + - https://< `OpsbServerName` >:30001/itom-data-ingestion-receiver + +\* Follow the aove steps to get the Administrator (or) Receiver certificates + +## Import ODL certificate into SMAX + +Export the certificates and copy into path: /var/vols/itom/itsma//certificate/source + +Eg: /var/vols/itom/itsma/config-volume/certificate/source + +On SaaS envrioment: /efs/var/vols/itom/itsma/config-volume/certificate/source + +## 2\. Restart SMAX pods by running commands on a control plane node or the bastion node: + +## Connect to the basion node of the SMAX cluster to run the K8 commands: + +1\. Run the following commands to restart the SMAX platform pods. + +``` +kubectl rollout restart deployment -n itsma-xxxx itom-xruntime-platform +kubectl rollout restart deployment -n itsma-xxxx itom-xruntime-platform-offline +``` + +2\. Run the following command to restart the bo-ats pod. + +``` +kubectl rollout restart deployment -n itsma-xxxx itom-bo-ats-deployment + +3. Run the following command to restart the ac-vulnerability-patching + kubectl rollout restart deployment -n itsma-xxxx itom-ac-vulnerability-and-patching + +* Wait until all the pods are deleted pods are started and running successfully +``` + +## 3\. Login to BO to Deploy the OP capability for tenant. + +## Create ODL IDM organization for the tenant. + +1\. Login to BO and click on specific tenant, goto "Configurations=>Credentials store" +2\. Add IDM user credentials (with di-admin and di-ingestion role) in SMAX BO interface=>Configurations=>Credentials store + +Here the Organization name should be name of OperationPlattform + +![](attachments/693613201/693613167.png) + +## Deploy OPTIC Data Lake Capability for the tenant + +1\. In the Tenant → Application Settings, click on 'Deploy new Capability and follow the below steps: + +a. Select OPTIC Data Lake + +b. Provide the Administrator URL: [https://dawn120.dev.opsware.com:30443/itom-data-ingestion-administration](https://dawn120.dev.opsware.com:30443/itom-data-ingestion-administration) + +c. Select the credentail user and click 'OK' + +2\. Repeat the setting for 'Receiver UR: + +b. Provide the Receiver URL: [https://dawn120.dev.opsware.com:30443/itom-data-ingestion-receiver](https://dawn120.dev.opsware.com:30443/itom-data-ingestion-receiver) + +c. Select the credentail user and click 'OK' + +![](attachments/693613201/693613177.png) + +![](attachments/693613201/693613181.png) + +![](attachments/693613201/693613182.png) + +## 4\. Enable ODL Integration in Agent Interface for the tenant + +## Login to Agent Interface => Integration Management=>Integration Configuration: + +1\. Click 'Add' and select the AC entity types and saved. + +a. Device + +b. Actual Sevice + +c. CVE + +d. Vulnerability + +e. Patch + +f. Policy + +g. Policy Implementations + +2\. Click on 'OPTIC Data Lake' and select 'Appy' button to create OP tables + +3\. Click on 'OPTIC Data Lake' and select 'Active' and Save. + +![](attachments/693613201/693613187.png) + +Select the required record type or all record types for data ingestion into ODL + +![](attachments/693613201/693613189.png) + +Add all the required record types, check "Active" to ingest data and click on Apply to create required tables in ODL Vertica + +![](attachments/693613201/693613193.png) + +**Note:** Without enabling ODL capability, data will not sync in the Vertica DB. + +**Known Limitation:** + +- The data sync is successful only for those AC existing entites which are sucessfully sycned in ESM database +- The data ingeration for AC entities is sucessful only from the point of integration to Operation Platform is done (i.e Full Sync support to push data created before integration is not supproted) + +( i.e. for any existing data available before the Operation Platform integration, the data ingestion wil not work, we need to re-ingest the data to sync in OP) + +**Related pages** + +- Page: + [ESM Cloud Farm Version Tracking](/display/ICSD/ESM+Cloud+Farm+Version+Tracking) +- Page: + [How to get an Opentext Confluence account](/display/ICSD/How+to+get+an+Opentext+Confluence+account) +- Page: + [ITOM APM AppPluse Cloud Farm Information](/display/ICSD/ITOM+APM+AppPluse+Cloud+Farm+Information) +- Page: + [ITOM Cloud Service Ops Doc Management Process](/display/ICSD/ITOM+Cloud+Service+Ops+Doc+Management+Process) +- Page: + [ITOM ESM Cloud Service Catalog](/display/ICSD/ITOM+ESM+Cloud+Service+Catalog) +- Page: + [ITOM OpsB NOM Cloud Service Catalog](/display/ICSD/ITOM+OpsB+NOM+Cloud+Service+Catalog) +- Page: + [OpsB and NOM Cloud Deployments Version Tracking](/display/ICSD/OpsB+and+NOM+Cloud+Deployments+Version+Tracking) diff --git a/knowledgebase/csd-wiki/ICSD/ESM-Order-Fulfillment-and-Tenant-Provisioning-Strategy_688987756.md b/knowledgebase/csd-wiki/ICSD/ESM-Order-Fulfillment-and-Tenant-Provisioning-Strategy_688987756.md new file mode 100644 index 00000000..93b9156f --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/ESM-Order-Fulfillment-and-Tenant-Provisioning-Strategy_688987756.md @@ -0,0 +1,15 @@ +# ESM-Order-Fulfillment-and-Tenant-Provisioning-Strategy_688987756 +## Introduction + +This document describes how to perform proper order fulfillment and generate a tenant license when CSM receives a SaaS Order from an ESM customer. It also gives the Cloud Ops team a reference on how to perform proper tenant provisioning. + +## Order License Strategy + +| Product | License Type | | | | | | +| --- | --- | --- | --- | --- | --- | --- | +| SMAX | SMAX Express License | | | | | | +| | SMAX Premium License | | | | | | +| | | | | | | | +| | | | | | | | +| | | | | | | | +| | | | | | | | diff --git a/knowledgebase/csd-wiki/ICSD/ESM-Patch-Version-Rollback-Capability-Tracking_692429849.md b/knowledgebase/csd-wiki/ICSD/ESM-Patch-Version-Rollback-Capability-Tracking_692429849.md new file mode 100644 index 00000000..6f75d908 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/ESM-Patch-Version-Rollback-Capability-Tracking_692429849.md @@ -0,0 +1,27 @@ +# ESM-Patch-Version-Rollback-Capability-Tracking_692429849 +If a patch has DB schema change or not + +| | Service Management & Cloud Management & Asset Management | Comments | +| --- | --- | --- | +| 25.1.2 | No | | +| 25.2.1 | Yes | XIE liquibase change added for a new feature in this patch 25.2.1 | +| 25.2.2 | No | | +| 25.3.1 | No | | +| 25.3.2 | No | | + +**Related pages** + +- Page: + [ESM Cloud Farm Version Tracking](/display/ICSD/ESM+Cloud+Farm+Version+Tracking) +- Page: + [How to get an Opentext Confluence account](/display/ICSD/How+to+get+an+Opentext+Confluence+account) +- Page: + [ITOM APM AppPluse Cloud Farm Information](/display/ICSD/ITOM+APM+AppPluse+Cloud+Farm+Information) +- Page: + [ITOM Cloud Service Ops Doc Management Process](/display/ICSD/ITOM+Cloud+Service+Ops+Doc+Management+Process) +- Page: + [ITOM ESM Cloud Service Catalog](/display/ICSD/ITOM+ESM+Cloud+Service+Catalog) +- Page: + [ITOM OpsB NOM Cloud Service Catalog](/display/ICSD/ITOM+OpsB+NOM+Cloud+Service+Catalog) +- Page: + [OpsB and NOM Cloud Deployments Version Tracking](/display/ICSD/OpsB+and+NOM+Cloud+Deployments+Version+Tracking) diff --git a/knowledgebase/csd-wiki/ICSD/ESM-SaaS-CSD-Ops-Coverage_718139964.md b/knowledgebase/csd-wiki/ICSD/ESM-SaaS-CSD-Ops-Coverage_718139964.md new file mode 100644 index 00000000..df3913a3 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/ESM-SaaS-CSD-Ops-Coverage_718139964.md @@ -0,0 +1,25 @@ +# ESM-SaaS-CSD-Ops-Coverage_718139964 +## Introduction + +Here is the current list of CSD ESM Operations engineers. This is subject to changes. + +## Contact list + +| Role | Name | Phone no. | Location | Timezone | On-call ROTA | +| --- | --- | --- | --- | --- | --- | +| Sr. Mgr. CSD | Sajith Kumar | +919900239972 | Bangalore, India | UTC+5.5 | yes | +| Sr. Mgr. CSD | Ernie Riedelbach | +1720 842 3843 | Provo, UT, USA | UTC-6 | yes | +| Sr. Ops. Eng. | Adina Lehene | +40731819699 | Cluj-Napoca, RO | UTC+3 | yes | +| Sr. Ops. Eng. | Maricel Plesuvu | +40731822607 | Cluj-Napoca, RO | UTC+3 | yes | +| Sr. Ops. Eng. | Paul Badiu | | Cluj-Napoca, RO | UTC+3 | not yet | +| Sr. Ops. Eng. | Miroslav Shindarov | +359888810500 | Sofia, BG | UTC+3 | yes | +| Sr. Ops. Eng. | Dilip Behera | +919902721855 | Bangalore, India | UTC+5.5 | yes | +| Sr. Ops. Eng. | Vibin Thadathil Krishnan | +918550024462 | Bangalore, India | UTC+5.5 | yes | +| Sr. Ops. Eng. | M R Rejoy | | Bangalore, India | UTC+5.5 | yes | +| Sr. Ops. Eng. | Heiner Fernandez | +50688260989 | Cost Rica | UTC-6 | yes | +| Sr. Ops. Eng. | Manmohan Parmar | | Waterloo, ON, CAN | UTC-4 | not yet | +| Sr. Ops. Eng. | Sainath Goriparthi | | Mississauga, ON, CAN | UTC-4 | not yet | + +## Conclusions + +In case of an emergency, please check who is the on-call Operations engineer at the moment of the incident on the [EverBridge portal](https://member.everbridge.net/manage/453003085617753/1956345255324613#/scheduling/my-schedule) and contact them by phone. diff --git a/knowledgebase/csd-wiki/ICSD/ESM-SaaS-Farm-Configuration-Management-Log_686074216.md b/knowledgebase/csd-wiki/ICSD/ESM-SaaS-Farm-Configuration-Management-Log_686074216.md new file mode 100644 index 00000000..5e581c83 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/ESM-SaaS-Farm-Configuration-Management-Log_686074216.md @@ -0,0 +1,4 @@ +# ESM-SaaS-Farm-Configuration-Management-Log_686074216 +| US2-DEV | US2-PROD | EU3-PROD | US6-PROD | US7-PROD | EU8-PROD | AP10-PROD | JP12-PROD | JP12-STG | BR14-PROD | CA16-PROD | EU18-PROD | US24-PROD | US26-PROD | EU28 | +| --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | +| | Change Native SACM throttling control 100->500 | Zero-trust | Changed sawarc-con: MaxSyncDelay from 480 to 1200 | | - [Change TimeWindow Interval via JMX or configmap](https://rndwiki.houston.softwaregrp.net/confluence/display/ICS/Change+TimeWindow+Interval+via+JMX+or+configmap) 100->500 - [Optimize the IDOL archive queue for EU8](https://rndwiki.houston.softwaregrp.net/confluence/display/ICS/Optimize+the+IDOL+archive+queue+for+EU8) - Allocate OLP to a specific worker node m5.2xlarge - Change farm level NSACM throttling control → 1000 - Change OLP CPU 4 →7 - Allocate dedicate node group for IDOL servers. - : | | [Japanese search accuracy enhancement](https://rndwiki.houston.softwaregrp.net/confluence/display/ICS/ESM+23.4.P1+Cloud+Deployment#ESM23.4.P1CloudDeployment-JP12Only!!!AdditionaltasksforJapanesesearchaccuracyenhancement) | | - 3886288: | | Zero-trust | | | Change Native SACM throttling control 500 | diff --git a/knowledgebase/csd-wiki/ICSD/ESM-SaaS-Order-Fulfillment-Procedures_686069896.md b/knowledgebase/csd-wiki/ICSD/ESM-SaaS-Order-Fulfillment-Procedures_686069896.md new file mode 100644 index 00000000..f64f5059 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/ESM-SaaS-Order-Fulfillment-Procedures_686069896.md @@ -0,0 +1,44 @@ +# ESM-SaaS-Order-Fulfillment-Procedures_686069896 +## Introduction + +This document details how to fulfill SMAX/AMX/HCMX SaaS orders in Control Tower. It contains the licenses for generating customer orders through Control Tower. + +## Receive ESM SaaS Orders + +- When a new SaaS order comes in, PDL " [smax\_saas\_orders@](mailto:smax_saas_orders@microfocus.com) [microfocus.com](http://microfocus.com/) " receives an email notification that the new order has been generated in Control Tower and requires team to perform order provisioning actions + +![](attachments/686069896/686069892.png) + +- According to customer's purchase, the SaaS order may include different products and different number of license units. To understand the structure of ESM products, please refer to +- In the notification email, there is a specific Control Tower SaaS order ID, next we need to provision the order in Control Tower based on this ID + +## Order Fulfillment Procedures + +- Please refer to document to get detail order fulfillment procedures: [SMAX\_Provisioning\_Flow.docx](#) +- Please noticed the above document is using SMAX as example to describe the order fulfillment procedures, there are following products in ESM should be follow the same procedures if it included in customer's order + - Asset Management X + - Hybrid Cloud Management X + - Hybrid Cloud Management X FinOps Express + - Hybrid Cloud Management X Premium + - Operations Orchestration + - Service Management Automation X + - Service Management Automation X Express + - Universal Discovery + +## Best Practices + +### Customer Order License Management + +- Once the licenses for the relevant products have been generated and downloaded via the UT ticket attachment, in order to facilitate the organization of these licenses, the best practice is to upload these source excel file to [SharePoint folder](https://opentextcorporation.sharepoint.com/sites/MFI-SMAXSaaSDevOps/Shared%20Documents/Forms/AllItems.aspx?id=%2Fsites%2FMFI%2DSMAXSaaSDevOps%2FShared%20Documents%2F2%2DESM%20SaaS%20Customer%2FLicense&viewid=250c668f%2D9c3b%2D4ad9%2Db164%2D3d6ac18e50c3) with specific naming rules like: + + **\_\_\_.xls** + + For example: + ![](attachments/686069896/686069894.png) +- After then, the Cloud engineer can extract the license key from the source excel file and save as real product license file. The new product license file name can keep as same naming rules. + - For SMAX its XML format + - For CMS it's text format + +For example: + +- With this practice, it will be easy for Cloud Ops engineer to apply correct license to customer's prod/dev tenants. diff --git a/knowledgebase/csd-wiki/ICSD/ESM-SaaS-Order-Fulfillment-Process_686069900.md b/knowledgebase/csd-wiki/ICSD/ESM-SaaS-Order-Fulfillment-Process_686069900.md new file mode 100644 index 00000000..8f12b75f --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/ESM-SaaS-Order-Fulfillment-Process_686069900.md @@ -0,0 +1,19 @@ +# ESM-SaaS-Order-Fulfillment-Process_686069900 +## Introduction + +This document is to introduce the ESM SaaS Order Fulfillment Process and the flow how to manage the E2E customer tenant provision and license assignment. + +## Process + +1. Receive new order ID and create new record in SharePoint Excel File: [ESM SaaS Order Fulfillment Tracking List.xls](https://opentextcorporation.sharepoint.com/:x:/s/MFI-SMAXSaaSDevOps/Eb_O7Hm-OzNNoB0NwWbdb1EBtl4dPZBQPctsdGhL9QTfGA?e=YXMJnc) and assign owner [Boglarka Ronai](https://rndwiki.houston.softwaregrp.net/confluence/display/~boglarka.ronai@microfocus.com) + (Old method was not working because of permissions on wiki page: [https://rndwiki.houston.softwaregrp.net/confluence/display/ICS/ESM+SaaS+Order+Fulfillment+Tracking+List](https://rndwiki.houston.softwaregrp.net/confluence/display/ICS/ESM+SaaS+Order+Fulfillment+Tracking+List) ) + 1. CT Order Provision & License File Generation [@Waldo Machado](mailto:wmachado@opentext.com) or [@Hasan Ahmed Shaik](mailto:hshaik@opentext.com) + 2. X4X Tenant Provision (NEW BUSINESS ONLY) [@Miroslav Shindarov](mailto:mshindarov@opentext.com) [@Wenjun Sun](mailto:wsun2@opentext.com) + 3. Assign License to Tenant [@Miroslav Shindarov](mailto:mshindarov@opentext.com) [@Wenjun Sun](mailto:wsun2@opentext.com) + 4. PCS – Create New Entitlement [@Brindusa Kevorkian](mailto:bkevorkian@opentext.com) [@Wei Shen](mailto:wshen@opentext.com) + 5. PCS - Create New Tenant Record and Link to Entitlement [@Miroslav Shindarov](mailto:mshindarov@opentext.com) [@Wenjun Sun](mailto:wsun2@opentext.com) +2. Communication + 1. Using Teams Channel “ESM SaaS Order Provision Working Group” to communicate all order provisioning & license # questions +3. Update Status + 1. Once task is done, the owner update the status in the wiki page and Teams channel + 2. [@Boglarka Ronai](mailto:bronai@opentext.com) to check overall progress and status diff --git a/knowledgebase/csd-wiki/ICSD/ESM-SaaS-Order-Fulfillment-Tracking-List-FY24-Q4_686069919.md b/knowledgebase/csd-wiki/ICSD/ESM-SaaS-Order-Fulfillment-Tracking-List-FY24-Q4_686069919.md new file mode 100644 index 00000000..9d168427 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/ESM-SaaS-Order-Fulfillment-Tracking-List-FY24-Q4_686069919.md @@ -0,0 +1,4 @@ +# ESM-SaaS-Order-Fulfillment-Tracking-List-FY24-Q4_686069919 +| Date | Order ID | Customer Account | Product | Order Detail | New Business/Amendment | CT Order Provision | CT Order Provisioning Date | CT License File Generated | X4X Tenant Provision | SMAX Assign License To Tenant | PCS Create New Entitlement | PCS Create Tenant Record | PCS Customer Welcome Call | PCS Create first PCS users | +| --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | +| | SOPTL00010000174 & SB\_707092 | [Caixa Economica Montepio Geral](https://backoffice.saas.microfocus.com/home/bl/desktop.html?TENANTID=1#/customers/784102255/tab/accountInfo) | Service Management Automation X | 50 - Service Management Automation X Premium By 1 Unit SaaS | | | | | | | | | | | diff --git a/knowledgebase/csd-wiki/ICSD/ESM-SaaS-Tenant-Provision-Automation-API-Document_686070458.md b/knowledgebase/csd-wiki/ICSD/ESM-SaaS-Tenant-Provision-Automation-API-Document_686070458.md new file mode 100644 index 00000000..2d2fa6d0 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/ESM-SaaS-Tenant-Provision-Automation-API-Document_686070458.md @@ -0,0 +1,453 @@ +# ESM-SaaS-Tenant-Provision-Automation-API-Document_686070458 +## Introduction + +ESM SaaS products include SMAX, CMS, OO, HCMX, etc. All these products are automatically deployed on AWS through a set of AWS lambda functions. + +These functions are triggered by calling the API interface of each function. They will execute the internal APIs of ESM SaaS one by one to complete the configuration work. + +This is a detailed description of the steps to perform. + +## SMAX tenant provisioning + +### Customer creation + +This function is for creating a Customer in the BO. + +- **URI****:** https://{SMAX\_FQDN}/x4x/lambda/customerCreation +- **Execution APIs:** + | No | Function | Method | URL Path | + | --- | --- | --- | --- | + | 1 | Get the BO auth token | POST | {SMAX\_FQDN}/bo/rest/auth/token | + | 2 | Create a **Customer** | POST | {SMAX\_FQDN}/bo/rest/entities/customer | + +### Tenant creation + +This function is for deploying a tenant in the BO and creating associated admin users and SMAX licenses. + +- **URI:** https://{SMAX\_FQDN}/x4x/lambda/tenantCreation +- **Execution APIs:** + | No | Function | Method | URL Path | + | --- | --- | --- | --- | + | 1 | Get the BO auth token | POST | {SMAX\_FQDN}/bo/rest/auth/token | + | 2 | Greate an **Account** | POST | {SMAX\_FQDN}/bo/rest/entities/account | + | 3 | Create a tenant | POST | {SMAX\_FQDN}/bo/rest/entities/tenant | + | 4 | Create an admin user | POST | {SMAX\_FQDN}/bo/rest/entities/user | + | 5 | Create a customer user | POST | {SMAX\_FQDN}/bo/rest/entities/user | + | 6 | Attach the users to the tenant | PUT | {SMAX\_FQDN}/bo/rest/entities/user/attachOrRemove | + | 7 | Set the admin user as the tenant owner | PUT | {SMAX\_FQDN}/bo/rest/entities/tenant/{ESM\_TENANT\_ID} | + | 8 | Create a license | POST | {SMAX\_FQDN}/bo/rest/entities/license | + | 9 | Assign license to the tenant | POST | {SMAX\_FQDN}/bo/rest/license activities/assign | + | 10 | Deploy the tenant | POST | {SMAX\_FQDN}/bo/rest/entities/tenant/deploy | + +### Tenant status + +This function is for checking or editing the status of a tenant. + +- **URI:** https://{SMAX\_FQDN}/x4x/lambda/tenantStatus +- **Execution APIs:** + | No | Function | Method | URL Path | + | --- | --- | --- | --- | + | 1 | Get the BO auth token | POST | {SMAX\_FQDN}/bo/rest/auth/token | + | 2 | Get the tenant status | GET | {SMAX\_FQDN}/bo/rest/entities/tenant/{ESM\_TENANT\_ID} | + | 3 | Update the tenant status | PUT | {SMAX\_FQDN}/bo/rest/entities/tenant/{ESM\_TENANT\_ID} | + +### Tenant Google Analytics switch + +This function is for enable/disable the google analytics for the tenant. + +- **URI:** https://{SMAX\_FQDN}/x4x/lambda/tenantConfig/GATrackingId +- **Execution APIs:** + | No | Function | Method | URL Path | + | --- | --- | --- | --- | + | 1 | Get the SMAX auth token | POST | {SMAX\_FQDN}/auth/authentication-endpoint/authenticate/token?tenantId={ESM\_TENANT\_ID} | + | 2 | Set Google Analytics tracking ID | PUT | {SMAX\_FQDN}/rest/{ESM\_TENANT\_ID}/common-settings/setting/GA\_TRACKING\_ID | + | 3 | Enable or Disable Google Analytics | PUT | {SMAX\_FQDN}/rest/{ESM\_TENANT\_ID}/common-settings/setting/ENABLE\_GA | + +### Put authorization principal to the customer user + +This function is for grant a SMAX role on a customer user. + +- **URI:** https://{SMAX\_FQDN}/x4x/lambda/tenantConfig/setPermission +- **Execution APIs:** + | No | Function | Method | URL Path | + | --- | --- | --- | --- | + | 1 | Get the SMAX auth token | POST | {SMAX\_FQDN}/auth/authentication-endpoint/authenticate/token?tenantId={ESM\_TENANT\_ID} | + | 2 | Get the current authorization principal | GET | {SMAX\_FQDN}/rest/{ESM\_TENANT\_ID}/rms/AuthorizationPrincipalResourceJSON?filter=UserId+=+'{customerEmail}' | + | 3 | Put the new authorization principal | PUT | {SMAX\_FQDN}/rest/{ESM\_TENANT\_ID}/rms/AuthorizationPrincipalResourceJSON/{resourceId} | + +### Deploy SMAX demo data + +This function is for deploying the SMAX demo data. + +- **URI:** https://{SMAX\_FQDN}/x4x/lambda/tenantConfig/smaxDemoData +- **Execution APIs:** + | No | Function | Method | URL Path | + | --- | --- | --- | --- | + | 1 | Get the SMAX auth token | POST | {SMAX\_FQDN}/auth/authentication-endpoint/authenticate/token?tenantId={ESM\_TENANT\_ID} | + | 2 | Validate SMAX Demo Data | GET | {SMAX\_FQDN}/rest/{ESM\_TENANT\_ID}/ess/deployment/validateDemoDataNotDeployed | + | 3 | Deploy SMAX Demo Data | GET | {SMAX\_FQDN}/rest/{ESM\_TENANT\_ID}/ess/deployment/deployBetaData | + +### Enable self-password reset + +This function is for enable self-password reset function. + +- **URI:** https://{SMAX\_FQDN}/x4x/lambda/tenantConfig/selfPasswordReset +- **Execution APIs:** + | No | Function | Method | URL Path | + | --- | --- | --- | --- | + | 1 | Get the IDM auth token | POST | {SMAX\_FQDN}/idm-service/v3.0/tokens | + | 2 | PUT self-password reset metadata | PUT | {SMAX\_FQDN}/idm-service/api/scim/organizations/{ESM\_TENANT\_ID}/metadata | + +### Disable notification service + +This function is for disable the notification service of a tenant. + +- **URI:** https://{SMAX\_FQDN}/x4x/lambda/tenantConfig/emailService +- **Execution APIs:** + | No | Function | Method | URL Path | + | --- | --- | --- | --- | + | 1 | Get the SMAX auth token | POST | {SMAX\_FQDN}/auth/authentication-endpoint/authenticate/token?tenantId={ESM\_TENANT\_ID} | + | 2 | Disable notification service | PUT | {SMAX\_FQDN}/rest/{ESM\_TENANT\_ID}/common-settings/setting/NOTIFICATION\_SERVICE\_ENABLED | + +### Set CMS client download link + +This function is for set CMS download link in the integration configuration page + +- **URI:** https://{SMAX\_FQDN}/x4x/lambda/tenantConfig/cmsDownloadLink +- **Execution APIs:** + | No | Function | Method | URL Path | + | --- | --- | --- | --- | + | 1 | Get the integration user's auth token | POST | {SMAX\_FQDN}/auth/authentication-endpoint/authenticate/token?tenantId={ESM\_TENANT\_ID} | + | 2 | Set CMS client's download link | PUT | {SMAX\_FQDN}/rest/{ESM\_TENANT\_ID}/TenantSettings/settings/CMS\_DOWNLOAD\_SERVICE | + +### Set OO client download link + +This function is for set OO download link in the integration configuration page + +- **URI:** https://{SMAX\_FQDN}/x4x/lambda/tenantConfig/ooDownloadLink +- **Execution APIs:** + | No | Function | Method | URL Path | + | --- | --- | --- | --- | + | 1 | Get the integration user's auth token | POST | {SMAX\_FQDN}/auth/authentication-endpoint/authenticate/token?tenantId={ESM\_TENANT\_ID} | + | 2 | Set OO client's download link | PUT | {SMAX\_FQDN}/rest/{ESM\_TENANT\_ID}/TenantSettings/settings/OO\_DOWNLOAD\_SERVICE | + +### Update navigation trusted domain + +This function is for update navigation trusted domain of the tenant + +- **URI:** https://{SMAX\_FQDN}/x4x/lambda/tenantConfig/navigationTrustedDomain +- **Execution APIs:** + | No | Function | Method | URL Path | + | --- | --- | --- | --- | + | 1 | Get the SMAX auth token | POST | {SMAX\_FQDN}/auth/authentication-endpoint/authenticate/token?tenantId={ESM\_TENANT\_ID} | + | 2 | Update the navigation trusted domain | PUT | {SMAX\_FQDN}/rest/{ESM\_TENANT\_ID}/common-settings/setting/NavigationTrustedDomains | + +### Tenant deletion + +This function is for delete tenant + +- **URI:** https://{SMAX\_FQDN}/x4x/lambda/tenantDeletion +- **Execution APIs:** + | No | Function | Method | URL Path | + | --- | --- | --- | --- | + | 1 | Get the BO auth token | POST | {SMAX\_FQDN}/bo/rest/auth/token | + | 2 | Get the tenant | GET | {SMAX\_FQDN}/bo/rest/entities/tenant/{ESM\_TENANT\_ID} | + | 3 | Update tenant to inactive | PUT | {SMAX\_FQDN}/bo/rest/entities/tenant/{ESM\_TENANT\_ID} | + | 4 | Delete the tenant | DELETE | {SMAX\_FQDN}/bo/rest/entities/tenant | + +### Account deletion + +This function is for delete account + +- **URI:** https://{SMAX\_FQDN}/x4x/lambda/accountDeletion +- **Execution APIs:** + | No | Function | Method | URL Path | + | --- | --- | --- | --- | + | 1 | Get the BO auth token | POST | {SMAX\_FQDN}/bo/rest/auth/token | + | 2 | Get the users of the account | GET | {SMAX\_FQDN}/bo/rest/entities/user?timeStamp={{NOW}}&filter=((account+eq+"{{accountId}}")+and+((name+nin+"bo-integration@ [dummy.com](http://dummy.com/),saw-integration-internal@ [dummy.com](http://dummy.com/),saw-integration-external@ [dummy.com](http://dummy.com/) ")+or+(idmOrganization+neq+"sysbo")))&offset=0&limit=100 | + | 3 | Delete the users | DELETE | {SMAX\_FQDN}/bo/rest/entities/user | + | 4 | Delete the tenant | DELETE | {SMAX\_FQDN}/bo/rest/entities/account | + +## CMS Tenant provisioning + +### CMS tenant creation + +This function is for creating a CMS tenant + +- **URI:** https://{SMAX\_FQDN}/x4x/lambda/cmsCustomerCreation +- **Execution APIs:** + | No | Function | Method | URL Path | + | --- | --- | --- | --- | + | 1 | Get the CMS auth token | POST | {CMS\_FQDN}/cms-gateway/urest/v1/1/authentication?target=cms | + | 2 | Create a CMS tenant | POST | {CMS\_FQDN}/cms-gateway/urest/v1/tenants | + +### CMS tenant post-configuration + +This function is for post-config after the CMS tenant creation + +- **URI:** https://{SMAX\_FQDN}/x4x/lambda/cmsGroupCreation +- **Execution APIs:** + | No | Function | Method | URL Path | + | --- | --- | --- | --- | + | 1 | Get the ucmdb auth token | POST | {CMS\_FQDN}/ucmdb-server/rest-api/authenticate | + | 2 | Get CMS internal license | GET | {CMS\_FQDN}/ucmdb-server/rest-api/uiserver/license/capacity | + | 3 | Allocate license to the CMS tenant | PATCH | {CMS\_FQDN}/ucmdb-server/rest-api/uiserver/license/customers/{ESM\_TENANT\_ID}/capacity | + | 4 | Get the BO auth token | POST | {SMAX\_FQDN}/bo/rest/auth/token | + | 5 | Create the CMS admin user | POST | {SMAX\_FQDN}/bo/rest/entities/user | + | 6 | Create the CMS integration user | POST | {SMAX\_FQDN}/bo/rest/entities/user | + | 7 | Attach the CMS users to the tenant | PUT | {SMAX\_FQDN}/bo/rest/entities/user/attachOrRemove | + | 8 | Get the IDM auth token | POST | {SMAX\_FQDN}/idm-service/v3.0/tokens | + | 9 | Create an IDM Group for CMS | POST | {SMAX\_FQDN}/idm-service/api/scim/organizations/{ESM\_TENANT\_ID}/groups | + | 10 | Bind the CMS admin role to the IDM group | PUT | {SMAX\_FQDN}/idm-service/api/scim/organizations/{ESM\_TENANT\_ID}/roles/SuperAdmin/groups/{groupName} | + | 11 | Bind the CMS admin user to the IDM group | POST | {SMAX\_FQDN}/idm-service/api/scim/organizations/{ESM\_TENANT\_ID}/groups/{groupName}/members | + | 12 | Bind the CMS integration user to the IDM group | POST | {SMAX\_FQDN}/idm-service/api/scim/organizations/{ESM\_TENANT\_ID}/groups/{groupName}/members | + | 13 | Bind the customer user to the IDM group | POST | {SMAX\_FQDN}/idm-service/api/scim/organizations/{ESM\_TENANT\_ID}/groups/{groupName}/members | + +### CMS tenant status + +This function is for checking or stopping a CMS tenant + +- **URI:** https://{SMAX\_FQDN}/x4x/lambda/cmsCustomerStatus +- **Execution APIs:** + | No | Function | Method | URL Path | + | --- | --- | --- | --- | + | 1 | Get the CMS auth token | POST | {CMS\_FQDN}/cms-gateway/urest/v1/1/authentication?target=cms | + | 2 | Get the CMS tenant | GET | {CMS\_FQDN}/cms-gateway/urest/v1/tenants/{cmsCustomerId} | + | 3 | Get the ucmdb auth token to stop tenant | POST | {CMS\_FQDN}/ucmdb-server/rest-api/authenticate | + | 4 | Stop the CMS tenant | PUT | {CMS\_FQDN}/ucmdb-server/rest-api/customers/{cmsCustomerId} | + +### CMS tenant deletion + +This function is for delete a CMS tenant + +- **URI:** https://{SMAX\_FQDN}/x4x/lambda/cmsCustomerDeletion +- **Execution APIs:** + | No | Function | Method | URL Path | + | --- | --- | --- | --- | + | 1 | Get the ucmdb auth token | POST | {CMS\_FQDN}/ucmdb-server/rest-api/authenticate | + | 2 | Delete the CMS tenant | DELETE | {CMS\_FQDN}/ucmdb-server/rest-api/customers/{cmsCustomerId} | + +### Native SACM enablement + +This function is for enable Native SACM + +- **URI:** https://{SMAX\_FQDN}/x4x/lambda/sacmEnablement +- **Execution APIs:** + | No | Function | Method | URL Path | + | --- | --- | --- | --- | + | 1 | Get the BO auth token | POST | {SMAX\_FQDN}/bo/rest/auth/token | + | 2 | Deploy the Native SACM | POST | {SMAX\_FQDN}/bo/rest/entities/tenant/{ESM\_TENANT\_ID}/sam | + | 3 | Enable the Native SACM | POST | {SMAX\_FQDN}/bo/rest/entities/tenant/{ESM\_TENANT\_ID}/forceEnable | + +### SAM enablement + +This function is for enable SAM + +- **URI:** https://{SMAX\_FQDN}/x4x/lambda/samEnablement +- **Execution APIs:** + | No | Function | Method | URL Path | + | --- | --- | --- | --- | + | 1 | Get the BO auth token | POST | {SMAX\_FQDN}/bo/rest/auth/token | + | 2 | Pre-check the SAM capability deployment | POST | {SMAX\_FQDN}/bo/rest/entities/tenant/{ESM\_TENANT\_ID}/capabilities/readiness | + | 3 | Deploy the SAM capability | POST | {SMAX\_FQDN}/bo/rest/entities/tenant/{ESM\_TENANT\_ID}/capabilities | + | 4 | Enable the SAM capability | PUT | {SMAX\_FQDN}/bo/rest/entities/tenant/{ESM\_TENANT\_ID}/capabilities | + +## OO enablement + +### OO capability creation + +This function is for creating OO capability + +- **URI:** https://{SMAX\_FQDN}/x4x/lambda/ooEnablement/createOO +- **Execution APIs:** + | No | Function | Method | URL Path | + | --- | --- | --- | --- | + | 1 | Get the BO auth token | POST | {SMAX\_FQDN}/bo/rest/auth/token | + | 2 | Pre-check the OO capability deployment | POST | {SMAX\_FQDN}/bo/rest/entities/tenant/{ESM\_TENANT\_ID}/capabilities/readiness | + | 3 | Deploy the OO capability | POST | {SMAX\_FQDN}/bo/rest/entities/tenant/{ESM\_TENANT\_ID}/capabilities | + | 4 | Create the OO integration user | POST | {SMAX\_FQDN}/bo/rest/entities/user | + | 5 | Attach the integration user to the tenant | PUT | {SMAX\_FQDN}/bo/rest/entities/user/attachOrRemove | + +### OO capability enablement + +This function is for enable OO capability + +- **URI:** https://{SMAX\_FQDN}/x4x/lambda/ooEnablement/enableOO +- **Execution APIs:** + | No | Function | Method | URL Path | + | --- | --- | --- | --- | + | 1 | Get the BO auth token | POST | {SMAX\_FQDN}/bo/rest/auth/token | + | 2 | Get the OO deployment status | GET | {SMAX\_FQDN}/bo/rest/entities/tenant/{ESM\_TENANT\_ID}/capabilities | + | 3 | Enable the OO capability | PUT | {SMAX\_FQDN}/bo/rest/entities/tenant/{ESM\_TENANT\_ID}/capabilities | + | 4 | Get the IDM auth token | POST | {SMAX\_FQDN}/idm-service/v3.0/tokens | + | 5 | Bing the customer user to the OO admin group | POST | {SMAX\_FQDN}/idm-service/api/scim/organizations/{ESM\_TENANT\_ID}/groups/OO\_ADMINISTRATORS/members | + | 6 | Bing the integration user to the OO admin group | POST | {SMAX\_FQDN}/idm-service/api/scim/organizations/{ESM\_TENANT\_ID}/groups/OO\_ADMINISTRATORS/members | + | 7 | Get the OO internal license | POST | {OO\_FQDN}/autopass/wsservices/v11/license/view | + | 8 | Assign the OO license to the tenant | POST | {OO\_FQDN}/autopass/services/v12/tenant/license/assign | + | 9 | Change the min/max pool size | PATCH | {OO\_FQDN}/oocontroller/rest/v1/tenants/{ESM\_TENANT\_ID} | + +## DND enablement + +### DND capability creation + +This function is for creating DND capability + +- **URI:** https://{SMAX\_FQDN}/x4x/lambda/dndEnablement/createDND +- **Execution APIs:** + | No | Function | Method | URL Path | + | --- | --- | --- | --- | + | 1 | Get the BO auth token | POST | {SMAX\_FQDN}/bo/rest/auth/token | + | 2 | Pre-check the DND capability deployment | POST | {SMAX\_FQDN}/bo/rest/entities/tenant/{ESM\_TENANT\_ID}/capabilities/readiness | + | 3 | Create the DND admin user | POST | {SMAX\_FQDN}/bo/rest/entities/user | + | 4 | Create the DND transport user | POST | {SMAX\_FQDN}/bo/rest/entities/user | + | 5 | Attach the users to the tenant | PUT | {SMAX\_FQDN}/bo/rest/entities/user/attachOrRemove | + | 6 | Deploy the DND capability | POST | {SMAX\_FQDN}/bo/rest/entities/tenant/{ESM\_TENANT\_ID}/capabilities | + +### DND capability enablement + +This function is for enable DND capability + +- **URI:** https://{SMAX\_FQDN}/x4x/lambda/dndEnablement/enableDND +- **Execution APIs:** + | No | Function | Method | URL Path | + | --- | --- | --- | --- | + | 1 | Get the BO auth token | POST | {SMAX\_FQDN}/bo/rest/auth/token | + | 2 | Get the DND deployment status | GET | {SMAX\_FQDN}/bo/rest/entities/tenant/{ESM\_TENANT\_ID}/capabilities | + | 3 | Enable the DND capability | PUT | {SMAX\_FQDN}/bo/rest/entities/tenant/{ESM\_TENANT\_ID}/capabilities | + | 4 | Assign the DND license to the tenant | POST | {SMAX\_FQDN}/bo/rest/licenseActivities/assign | + | 5 | Get the IDM auth token | POST | {SMAX\_FQDN}/idm-service/v3.0/tokens | + | 6 | Bing the SMAX admin user to the CS admin group | POST | {SMAX\_FQDN}/idm-service/api/scim/organizations/{ESM\_TENANT\_ID}/groups/CS\_ADMINISTRATORS/members | + | 7 | Bing the customer user to the CS admin group | POST | {SMAX\_FQDN}/idm-service/api/scim/organizations/{ESM\_TENANT\_ID}/groups/CS\_ADMINISTRATORS/members | + | 8 | Bing the customer user to the DND admin group | POST | {SMAX\_FQDN}/idm-service/api/scim/organizations/{ESM\_TENANT\_ID}/groups/DND\_ADMINISTRATORS/members | + +## CGRO enablement + +### CGRO capability creation + +This function is for creating CGRO capability + +- **URI:** https://{SMAX\_FQDN}/x4x/lambda/cgroEnablement/createCGRO +- **Execution APIs:** + | No | Function | Method | URL Path | + | --- | --- | --- | --- | + | 1 | Get the BO auth token | POST | {SMAX\_FQDN}/bo/rest/auth/token | + | 2 | Pre-check the CGRO capability deployment | POST | {SMAX\_FQDN}/bo/rest/entities/tenant/{ESM\_TENANT\_ID}/capabilities/readiness | + | 3 | Create the CGRO admin user | POST | {SMAX\_FQDN}/bo/rest/entities/user | + | 5 | Attach the user to the tenant | PUT | {SMAX\_FQDN}/bo/rest/entities/user/attachOrRemove | + | 6 | Deploy the CGRO capability | POST | {SMAX\_FQDN}/bo/rest/entities/tenant/{ESM\_TENANT\_ID}/capabilities | + +### CGRO capability enablement + +This function is for enable CGRO capability + +- **URI:** https://{SMAX\_FQDN}/x4x/lambda/cgroEnablement/enableCGRO +- **Execution APIs:** + | No | Function | Method | URL Path | + | --- | --- | --- | --- | + | 1 | Get the BO auth token | POST | {SMAX\_FQDN}/bo/rest/auth/token | + | 2 | Get CGRO deployment status | GET | {SMAX\_FQDN}/bo/rest/entities/tenant/{ESM\_TENANT\_ID}/capabilities | + | 3 | Enable CGRO capability | PUT | {SMAX\_FQDN}/bo/rest/entities/tenant/{ESM\_TENANT\_ID}/capabilities | + | 4 | Get the IDM auth token | POST | {SMAX\_FQDN}/idm-service/v3.0/tokens | + | 5 | Bing the SMAX admin user to the CGRO admin group | POST | {SMAX\_FQDN}/idm-service/api/scim/organizations/{ESM\_TENANT\_ID}/groups/CGRO\_ADMINISTRATORS/members | + | 6 | Bing the customer user to the CGRO admin group | POST | {SMAX\_FQDN}/idm-service/api/scim/organizations/{ESM\_TENANT\_ID}/groups/CGRO\_ADMINISTRATORS/members | + +## ITOM Aviator enablement + +### ITOM Aviator enablement + +This function is for enable ITOM Aviator capability + +- **URI:** https://{SMAX\_FQDN}/x4x/lambda/aviatorEnablement +- **Execution APIs:** + | No | Function | Method | URL Path | + | --- | --- | --- | --- | + | 1 | Get the BO auth token | POST | {SMAX\_FQDN}/bo/rest/auth/token | + | 2 | Pre-check the ITOM Aviator capability deployment | POST | {SMAX\_FQDN}/bo/rest/entities/tenant/{ESM\_TENANT\_ID}/capabilities/readiness | + | 3 | Deploy the ITOM Aviator capability | POST | {SMAX\_FQDN}/bo/rest/entities/tenant/{ESM\_TENANT\_ID}/capabilities | + | 4 | Enable the ITOM Aviator capability | PUT | {SMAX\_FQDN}/bo/rest/entities/tenant/{ESM\_TENANT\_ID}/capabilities | + +## HCMX FinOps + +### Tenant key chain generation + +This function is for the key chain for the HCMX FinOps + +- **URI:** https://{SMAX\_FQDN}/x4x/lambda/hcmxPostConfig/keychain +- **Execution APIs:** + | No | Function | Method | URL Path | + | --- | --- | --- | --- | + | 1 | Get the SMAX auth token | POST | {SMAX\_FQDN}/auth/authentication-endpoint/authenticate/token?TENANTID={ESM\_TENANT\_ID} | + | 2 | Generate tenant key chain | POST | {SMAX\_FQDN}/rest/{ESM\_TENANT\_ID}/encryption/tenant\_key\_chain | + | 3 | Get tenant key chain for the validation | GET | {SMAX\_FQDN}/rest/{ESM\_TENANT\_ID}/encryption/tenant\_key\_chain/{ESM\_TENANT\_ID}/status | + +### Application settings + +This function is for updating the application settings of the HCMX FinOps + +- **URI:** https://{SMAX\_FQDN}/x4x/lambda/hcmxPostConfig/appsettings +- **Execution APIs:** + | No | Function | Method | URL Path | + | --- | --- | --- | --- | + | 1 | Get the SMAX auth token | POST | {SMAX\_FQDN}/auth/authentication-endpoint/authenticate/token?TENANTID={ESM\_TENANT\_ID} | + | 2 | Update the customization restriction policy | PUT | {SMAX\_FQDN}/rest/{ESM\_TENANT\_ID}/common-settings/setting/CustomizationRestrictionPolicy | + | 3 | Update the experience mode | PUT | {SMAX\_FQDN}/rest/{ESM\_TENANT\_ID}/common-settings/setting/ENABLE\_SMAXMENU\_MODE | + | 4 | Enable the CGRO integration | PUT | {SMAX\_FQDN}/rest/{ESM\_TENANT\_ID}/common-settings/setting/ENABLE\_CGRO\_INTEGRATION | + | 5 | Enable the Service Design and Deployment | PUT | {SMAX\_FQDN}/rest/{ESM\_TENANT\_ID}/common-settings/setting/ENABLE\_SERVICE\_DESIGNS | + | 6 | Enable the Operations Orchestration | PUT | {SMAX\_FQDN}/rest/{ESM\_TENANT\_ID}/common-settings/setting/ENABLE\_MT\_OO\_INTEGRATION | + | 7 | Enable the Aggregation | PUT | {SMAX\_FQDN}/rest/{ESM\_TENANT\_ID}/common-settings/setting/ENABLE\_AGGREGATION\_NORTH\_STAR | + +### Microsoft Azure capsules installation + +This function is for installing the Microsoft Azure capsules + +- **URI:** https://{SMAX\_FQDN}/x4x/lambda/hcmxPostConfig/capsule\_azure +- **Execution APIs:** + | No | Function | Method | URL Path | + | --- | --- | --- | --- | + | 1 | Get the SMAX auth token | POST | {SMAX\_FQDN}/auth/authentication-endpoint/authenticate/token?TENANTID={ESM\_TENANT\_ID} | + | 2 | Install Microsoft Azure 3.2.0 capsule | POST | {SMAX\_FQDN}/content-store-gateway/v1/{ESM\_TENANT\_ID}/content-packages/ | + | 3 | Install Microsoft Azure 3.2.0 installation status | GET | {SMAX\_FQDN}/content-store-gateway/v1/{ESM\_TENANT\_ID}/content-packages/46501b17-6264-4698-97bb-cedca4d8a4e0/3.2.0 | + | 4 | Install Microsoft Azure 3.3.1 capsule | POST | {SMAX\_FQDN}/content-store-gateway/v1/{ESM\_TENANT\_ID}/content-packages/ | + | 5 | Install Microsoft Azure 3.3.1 installation status | GET | {SMAX\_FQDN}/content-store-gateway/v1/{ESM\_TENANT\_ID}/content-packages/46501b17-6264-4698-97bb-cedca4d8a4e0/3.3.1 | + | 6 | Install Microsoft Azure 3.4.0 capsule | POST | {SMAX\_FQDN}/content-store-gateway/v1/{ESM\_TENANT\_ID}/content-packages/ | + | 7 | Install Microsoft Azure 3.4.0 installation status | GET | {SMAX\_FQDN}/content-store-gateway/v1/{ESM\_TENANT\_ID}/content-packages/46501b17-6264-4698-97bb-cedca4d8a4e0/3.4.0 | + +### Microsoft AWS capsules installation + +This function is for installing the AWS capsules + +- **URI:** https://{SMAX\_FQDN}/x4x/lambda/hcmxPostConfig/capsule\_aws +- **Execution APIs:** + | No | Function | Method | URL Path | + | --- | --- | --- | --- | + | 1 | Get the SMAX auth token | POST | {SMAX\_FQDN}/auth/authentication-endpoint/authenticate/token?TENANTID={ESM\_TENANT\_ID} | + | 2 | Install AWS 3.1.0 capsule | POST | {SMAX\_FQDN}/content-store-gateway/v1/{ESM\_TENANT\_ID}/content-packages/ | + | 3 | Install AWS 3.1.0 installation status | GET | {SMAX\_FQDN}/content-store-gateway/v1/{ESM\_TENANT\_ID}/content-packages/cd27f32e-fddb-4d3f-baae-c2ac91b476ec/3.1.0 | + | 4 | Install AWS 3.2.1 capsule | POST | {SMAX\_FQDN}/content-store-gateway/v1/{ESM\_TENANT\_ID}/content-packages/ | + | 5 | Install AWS 3.2.1 installation status | GET | {SMAX\_FQDN}/content-store-gateway/v1/{ESM\_TENANT\_ID}/content-packages/cd27f32e-fddb-4d3f-baae-c2ac91b476ec/3.2.1 | + +### Microsoft GCP capsules installation + +This function is for installing the GCP capsules + +- **URI:** https://{SMAX\_FQDN}/x4x/lambda/hcmxPostConfig/capsule\_gcp +- **Execution APIs:** + | No | Function | Method | URL Path | + | --- | --- | --- | --- | + | 1 | Get the SMAX auth token | POST | {SMAX\_FQDN}/auth/authentication-endpoint/authenticate/token?TENANTID={ESM\_TENANT\_ID} | + | 2 | Install GCP 2.0.0 capsule | POST | {SMAX\_FQDN}/content-store-gateway/v1/{ESM\_TENANT\_ID}/content-packages/ | + | 3 | Install GCP 2.0.0 installation status | GET | {SMAX\_FQDN}/content-store-gateway/v1/{ESM\_TENANT\_ID}/content-packages/4ffd2627-11e8-4194-ba35-92415fcc98b0/2.0.0 | + +### Microsoft VMware capsules installation + +This function is for installing the VMware capsules + +- **URI:** https://{SMAX\_FQDN}/x4x/lambda/hcmxPostConfig/capsule\_vmware +- **Execution APIs:** + | No | Function | Method | URL Path | + | --- | --- | --- | --- | + | 1 | Get the SMAX auth token | POST | {SMAX\_FQDN}/auth/authentication-endpoint/authenticate/token?TENANTID={ESM\_TENANT\_ID} | + | 2 | Install VMware vCenter 19.0.0 capsule | POST | {SMAX\_FQDN}/content-store-gateway/v1/{ESM\_TENANT\_ID}/content-packages/ | + | 3 | Install VMware vCenter 19.0.0 installation status | GET | {SMAX\_FQDN}/content-store-gateway/v1/{{ESM\_TENANT\_ID}}/content-packages/a88dd597-cea0-24a7-1921-e60066394a3e/19.0.0 | + | 4 | Install VMware vCenter 3.1.0 capsule | POST | {SMAX\_FQDN}/content-store-gateway/v1/{ESM\_TENANT\_ID}/content-packages/ | + | 5 | Install VMware vCenter 3.1.0 installation status | GET | {SMAX\_FQDN}/content-store-gateway/v1/{{ESM\_TENANT\_ID}}/content-packages/a9ea8c81-c3e8-4bd3-a3d4-146ea00c8be2/3.1.0 | diff --git a/knowledgebase/csd-wiki/ICSD/ESM-SaaS-Upgrade-to-version-25.1.1-from-24.4.2_688992593.md b/knowledgebase/csd-wiki/ICSD/ESM-SaaS-Upgrade-to-version-25.1.1-from-24.4.2_688992593.md new file mode 100644 index 00000000..d85ad538 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/ESM-SaaS-Upgrade-to-version-25.1.1-from-24.4.2_688992593.md @@ -0,0 +1,4 @@ +# ESM-SaaS-Upgrade-to-version-25.1.1-from-24.4.2_688992593 +## Upgrade Procedures + +

No

Phase

Upgrade Tasks

Upgrade Duration

Downtime (min)

Doc Link

0

Get release package

Check ESM release package

  • OMT: 25.1-14
  • OP: 1.1.0+25.1.1-4
  • SMAX/HCMX: 2.1.100+25.1.1
  • UCMDB: 2.1.100+25.1.1-53
  • OO: 1.6.100+25.1.1
  • Audit Service: 1.7.100-67+25.1.1
  • Aviator installer: 25.1.1-2
  • OO CP content pack: please download the content package and tool from market place after release

1

Upgrade Preparation

SMAX/HCMX:

  • Run Content Pack Deployer Tool

  • Perform suite version update precheck
  • OPB agent status check
  • Run Content Pack Deployer Tool: 7 mins/8 tenants
  • Perform Pre upgrade check: 5mins

UCMDB:

/

Audit Service:

Update values yaml file: 1minUpdate Values.yaml file

Screenshot for reference

Add the parameter in the audit yaml file:

cluster:

k8sProvider: aws

OO:

/

Aviator:

/

OP:

/

Backup SaaS Farm including Aviator

2

Upgrade Aviator

  • Deploy Translate model
  • Upgrade Aviator
  • Upgrade llama3
  • Stop SageMaker Translation Model
  • Deploy Translate model: 40mins
  • Upgrade Aviator:1mins
  • Upgrade llama3:15mins

  • Stop SageMaker translation model: 5mins
025.1.1 Aviator Upgrade

3

Upgrade Maintenance Window

Upgrade OMT

13mins

(including Prometheus)

SMAX: 0

CMS: 0

Upgrade OMT to 25.1

Upgrade OP

OP can be upgrade post upgrade of OMT

8 mins

0

Upgrade Operations Platform to 25.1.1

Upgrade SMAX/HCMX, UCMDB, Audit in parallel

  • Upgrade SMAX/HCMX
  • Upgrade UCMDB
  • Upgrade Audit service
  • SMAX/HCMX: 21 mins
    (    xie: 10mins)

  • UCMDB: 15 mins
  • Audit Service: 18mins

SMAX: 0

UCMDB: 0

Audit Services: 0

Upgrade SMAX/HCMX to 25.1.1

Upgrade UCMDB to 25.1.1

Upgrade Audit to 25.1.1

Upgrade OO

Upgrade OO when SMAX/HCMX upgrade finish

(watch the pod of dnd-upgrade-job-xxx and cgro-deploy-controller, until they become to Completed, then you can start to upgrade OO)

22mins

0

Upgrade Containerized OO to 25.1

4

Post-Upgrade

OP

Vertica DB stop & start: 5mins

Upgrade UDX plugin: 10mins

Verify upgrade:

2mins

Post upgrade tasks of OP 25.1

Verify post upgrade

If this plugin was already upgraded to 24.4.1 then you can ignore in this upgrade

SMAX/HCMX post upgrade task:

  • Upgrade EKS cluster
  • Database Support matrix:
    PostgreSQL 15.x, 14.x, 13.x, 12.x
  • Managed Kubernetes clusters:
    Amazon Elastic Kubernetes Service (EKS) v 1.30.x

SMAX OPB agent status check

25.1.1 include OPB agent upgrade.

Compare the OPB agent status check before the upgrade and ensure all live OPB agent are upgrades successfully with new version and connection keep live

Upgrade external OO RAS

20 minutes for one external rasUpgrade External OO RAS - Service Management

Need to upgrade OO RAS or internal owned tenants:

  • X4X Prod
  • X4X Dev OpsB
  • X4X Dev DCA

5

Rollback

ESM Disaster & Recovery Solution

diff --git a/knowledgebase/csd-wiki/ICSD/ESM-SaaS-Upgrade-to-version-25.1.2-from-25.1.1_692438948.md b/knowledgebase/csd-wiki/ICSD/ESM-SaaS-Upgrade-to-version-25.1.2-from-25.1.1_692438948.md new file mode 100644 index 00000000..2622d944 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/ESM-SaaS-Upgrade-to-version-25.1.2-from-25.1.1_692438948.md @@ -0,0 +1,8 @@ +# ESM-SaaS-Upgrade-to-version-25.1.2-from-25.1.1_692438948 +## Upgrade Procedures + +

No

Phase

Upgrade Tasks

Upgrade Duration

Downtime (min)

Doc Link

0

Get release package

Check ESM release package

1

Upgrade Preparation

SMAX/HCMX:

  • Perform Pre upgrade check: 5mins

UCMDB:

  • UD probe connectivity check
/

Audit Service:

/

OO:

  • RAS Node connectivity check
2mins

Aviator:

Existing integration in BO portal status & results from agent & service portal

2mins

OP:

N/AN/A

Backup SaaS Farm including Aviator

2

Upgrade Aviator

  • Deploy Translate model
  • Upgrade Aviator
  • Upgrade llama3
  • Stop SageMaker Translation Model
  • Deploy Translate model: 40mins
  • Upgrade Aviator:1mins
  • Upgrade llama3:15mins

  • Stop SageMaker translation model: 5mins
025.1.2 Aviator Upgrade

3

Upgrade Maintenance Window

Upgrade OMT

15mins

(including Prometheus)

SMAX: 0

CMS: 0

Upgrade OMT to 25.1.1

Upgrade OP

N/A

0N/A

Upgrade SMAX/HCMX, UCMDB, Audit in parallel

  • Upgrade SMAX/HCMX
  • Upgrade UCMDB
  • Upgrade Audit service
  • SMAX/HCMX: 19mins
  • UCMDB: 15 mins
  • Audit Service: 17mins

SMAX: 6mins

UCMDB: 1mins

Audit Services: 0

Install ESM 25.1.2 Patch
Install UD/UCMDB 25.1.2 Patch
Install Audit 25.1.2 patch

Upgrade OO

Upgrade OO when SMAX/HCMX upgrade finish

(watch the pod of dnd-upgrade-job-xxx and cgro-deploy-controller, until they become to Completed, then you can start to upgrade OO)

17mins

0

Install OO 25.1.2 patch

Upgrade OO external RAS

4

Post-Upgrade

OP

N/AN/AN/AN/A

SMAX/HCMX post upgrade task:

  • Upgrade EKS cluster
  • Database Support matrix:
    PostgreSQL 15.x, 14.x, 13.x, 12.x
  • Managed Kubernetes clusters:
    Amazon Elastic Kubernetes Service (EKS) v 1.30.x

SMAX OPB agent status check

25.1.2 include OPB agent upgrade.

Compare the OPB agent status check before the upgrade and ensure all live OPB agent are upgrades successfully with new version and connection keep live

Upgrade external OO RAS

20 minutes for one external ras (Download & upgrade)Upgrade External OO RAS - Service Management

Need to upgrade OO RAS or internal owned tenants:

  • X4X Prod
  • X4X Dev OpsB
  • X4X Dev DCA

5

Rollback

ESM Disaster & Recovery Solution

+ +## Attachments: + +[image2024-12-16\_10-55-45.png](attachments/692438948/692438909.png) (image/png) diff --git a/knowledgebase/csd-wiki/ICSD/ESM-SaaS-Upgrade-to-version-25.1_688988231.md b/knowledgebase/csd-wiki/ICSD/ESM-SaaS-Upgrade-to-version-25.1_688988231.md new file mode 100644 index 00000000..7038f2a9 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/ESM-SaaS-Upgrade-to-version-25.1_688988231.md @@ -0,0 +1,4 @@ +# ESM-SaaS-Upgrade-to-version-25.1_688988231 +## Upgrade Procedures + +

No

Phase

Upgrade Tasks

Upgrade Duration

Downtime (min)

Doc Link

0

Get release package

Check ESM release package

  • OMT: 25.1-14
  • SMAX/HCMX: 2.1.0+25.1.0
  • UCMDB: 2.1.0-45+25.1.0
  • OO: 1.6.0+25.1.0
  • Audit Service: 1.7.0-59+25.1.0
  • OP: 1.1.0+25.1.0-70
  • Aviator installer: 25.1.0-8
  • Aviator add-on: 25.1.0-5
  • OO CP content pack: please download the content package and tool from market place after release

1

Upgrade Preparation

SMAX/HCMX:

  • Run Content Pack Deployer Tool

  • Perform suite version update precheck
  • OPB agent status check
  • Run Content Pack Deployer Tool: 6 mins/8 tenants
  • Perform Pre upgrade check: 5mins

UCMDB:

/

Audit Service:

Update values yaml file: 1minUpdate Values.yaml file

Screenshot for reference

Add the parameter in the audit yaml file:

cluster:

k8sProvider: aws

OO:

/

Aviator:

/

OP:

/

Backup SaaS Farm including Aviator

2

Upgrade Aviator

  • Disable linkerd
  • Upgrade Aviator
  • Upgrade ingress-nginx
  • Upgrade llama3
  • Upgrade Monitoring
  • Upgrade linkerd
  • Enable linkerd
  • Disable linkerd:1min

  • Upgrade Aviator:1mins

  • Upgrade ingress-nginx:1min

  • Upgrade llama3:15mins

  • Upgrade Monitoring:3mins

  • Upgrade linkerd:1min

  • Enable linkerd, rolling restart the pods:15mins
025.1 Aviator Upgrade

3

Upgrade Maintenance Window

Upgrade OMT

10mins

(including Prometheus)

SMAX: 0

CMS: 0

Upgrade OMT to 25.1

Upgrade SMAX/HCMX, UCMDB, Audit in parallel

  • Upgrade SMAX/HCMX
  • Upgrade UCMDB
  • Upgrade Audit service
  • SMAX/HCMX: 21 mins
    (    xie: 10mins)

  • UCMDB: 15 mins
  • Audit Service: 18mins

SMAX: 0

UCMDB: 0

Audit Services: 0

Upgrade SMAX/HCMX to 25.1

Upgrade UCMDB to 25.1

Upgrade Audit to 25.1

Upgrade OO

Upgrade OO when SMAX/HCMX upgrade finish

(watch the pod of dnd-upgrade-job-xxx and cgro-deploy-controller, until they become to Completed, then you can start to upgrade OO)

22mins

0

Upgrade Containerized OO to 25.1

Upgrade OP

OP can be upgrade post upgrade of OMT

10 mins

10 mins

Upgrade Operations Platform to 25.1

4

Post-Upgrade

SMAX/HCMX post upgrade task:

  • Upgrade EKS cluster
  • Database Support matrix:
    PostgreSQL 15.x, 14.x, 13.x, 12.x
  • Managed Kubernetes clusters:
    Amazon Elastic Kubernetes Service (EKS) v 1.28.x, 1.29.x, 1.30.x

SMAX OPB agent status check

25.1 include OPB agent upgrade.

Compare the OPB agent status check before the upgrade and ensure all live OPB agent are upgrades successfully with new version and connection keep live

Upgrade external OO RAS

20 minutes for one external rasUpgrade External OO RAS - Service Management

Need to upgrade OO RAS or internal owned tenants:

  • X4X Prod
  • X4X Dev OpsB
  • X4X Dev DCA

OP

Vertica DB stop & start: 5mins

Upgrade UDX plugin: 10mins

Verify upgrade:

2mins

Post upgrade tasks of OP 25.1

Verify post upgrade

If this plugin was already upgraded to 24.4.1 then you can ignore in this upgrade

5

Rollback

ESM Disaster & Recovery Solution

diff --git a/knowledgebase/csd-wiki/ICSD/ESM-SaaS-Upgrade-to-version-25.2-from-25.1.2_693604994.md b/knowledgebase/csd-wiki/ICSD/ESM-SaaS-Upgrade-to-version-25.2-from-25.1.2_693604994.md new file mode 100644 index 00000000..6bef946f --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/ESM-SaaS-Upgrade-to-version-25.2-from-25.1.2_693604994.md @@ -0,0 +1,4 @@ +# ESM-SaaS-Upgrade-to-version-25.2-from-25.1.2_693604994 +## Upgrade Procedures + +

No

Phase

Upgrade Tasks

Upgrade Duration

Downtime (min)

Doc Link

0

Get release package

Check ESM release package

  • OMT: 25.2.0-144
  • SMAX/HCMX: 2.2.0-142+25.2.0
  • UCMDB: 2.2.0+25.2.0-255
  • OO: 1.7.1+25.2.0
  • Audit Service: 2.2.0-84+25.2.0
  • Audit collector: 2.2.0-39+25.2.0
  • OP: 1.2.0+25.2.0-448
  • Aviator installer: 25.2.0-5
  • Aviator add-on: 25.2.0-6
  • OO CP content pack: please download the content package and tool from market place after release

1

Upgrade Preparation

SMAX/HCMX:

  • Run Content Pack Deployer Tool

  • Perform content validation for tenants
  • OPB agent status check
  • RAS node status check
  • Run Content Pack Deployer Tool: 6 mins/8 tenants
  • Perform suite version update precheck- 92mins
  • OPB agent status check- 2mins

Before this above link settings has to be performed to make sure SMAX content check go smooth refer below link.

UCMDB:

Back up UD/UCMDB (managed Kubernetes)

Audit Service:

/Back up Audit service

OO:

/Back up the OO deployment before upgrade

Aviator:

/

OP:

/

Backup SaaS Farm including Aviator

2

Upgrade Aviator

  • Upgrade embedding model
  • Upgrading models
  • Disable linkerd
  • Upgrade Aviator
  • Upgrade Milvus
  • Upgrade Monitoring
  • Upgrade Internal TLS
  • Upgrade Logging
  • Upgrade Embedding model: 10mins
  • Upgrade llama3 & translator models: 5mins
  • Disable Linkerd: 4mins
  • Upgrade aviator:1min
  • Upgrade milvus: 6mins
  • Upgrade monitoring: 2mins
  • Upgrade internal TLS: 2mins
  • upgrade Linkerd-crds: 1min
  • Enable Linkerd: 15mins (4 min downtime when rollout restart milvus)
  • Upgrade Logging: 1mins
4 mins25.2 Aviator Upgrade

3

Upgrade Maintenance Window

Upgrade OMT

12mins

(including Prometheus)

SMAX: 0

CMS: 0

Upgrade OMT to 25.2

Upgrade OP

OP can be upgraded post upgrade of OMT

Upgrade Optic Data lake plugin

Upgrade Vertica to 25.x

9 mins

0

Upgrade Operations Platform to 25.2

Upgrade SMAX/HCMX, UCMDB, Audit in parallel

  • Upgrade SMAX/HCMX
  • Upgrade UCMDB
  • Upgrade Audit service

  • 112mins (1hr 52 mins)

    35mins all pods up & running

    Tenant Upgrade: 1hr 17mins

  • UCMDB: 13 mins
  • Audit Service: 12mins

SMAX: 9 mins

UCMDB: 0

Audit Services: 0

Upgrade SMAX/HCMX to 25.2

Upgrade UCMDB to 25.2

Upgrade Audit to 25.2

Upgrade OO

Upgrade OO when SMAX/HCMX upgrade finish

(watch the pod of dnd-upgrade-job-xxx and cgro-deploy-controller, until they become to Completed, then you can start to upgrade OO)

22mins

0

Upgrade Containerized OO to 25.2

4

Post-Upgrade

SMAX/HCMX post upgrade task:

  • Upgrade EKS cluster

Crawling upgrade

5mins

Perform post-upgrade tasks as the tenant admin - Service Management

Perform post-upgrade tasks as the suite admin - Service Management
  • Database Support matrix:
    PostgreSQL 15.x, 14.x, 13.x, 12.x
  • Managed Kubernetes clusters:
    Amazon Elastic Kubernetes Service (EKS) v 1.28.x, 1.29.x, 1.30.x

SMAX OPB agent status check

2mins

25.2 include OPB agent upgrade.

Compare the OPB agent status check before the upgrade and ensure all live OPB agent are upgrades successfully with new version and connection keep live

OP

Vertica DB stop & start: 5mins

UDX plugin- 5mins

bvd-quexserv pod restart- 2mins

Verify upgrade:

2mins

Post upgrade tasks of OP 25.2

Verify post upgrade

Aviator

--Remove unused SageMaker endpoint of the Embedding model

--Perform a full reindex - 5mins

Perform post-upgrade tasks - Aviator

5

Rollback

ESM Disaster & Recovery Solution

diff --git a/knowledgebase/csd-wiki/ICSD/ESM-SaaS-Upgrade-to-version-25.2.2-from-25.2_705001241.md b/knowledgebase/csd-wiki/ICSD/ESM-SaaS-Upgrade-to-version-25.2.2-from-25.2_705001241.md new file mode 100644 index 00000000..94dbeda8 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/ESM-SaaS-Upgrade-to-version-25.2.2-from-25.2_705001241.md @@ -0,0 +1,8 @@ +# ESM-SaaS-Upgrade-to-version-25.2.2-from-25.2_705001241 +## Upgrade Procedures + +

No

Phase

Upgrade Tasks

Upgrade Duration

Downtime (min)

Doc Link

0

Get release package

Check ESM release package

1

Upgrade Preparation

SMAX/HCMX:

  • Perform Pre upgrade check: 5mins

UCMDB:

  • UD probe connectivity check
/

Audit Service:

/

OO:

  • RAS Node connectivity check
2mins

Aviator:

Existing integration in BO portal status & results from agent & service portal

2mins

OP:

N/AN/A

Backup SaaS Farm including Aviator

2

Upgrade Aviator

  • Upgrade Aviator
  • 2mins
025.2.2 Aviator Upgrade

Aviator was upgraded through pipeline this time as maple owned setup had some problem.

3

Upgrade Maintenance Window

Upgrade OMT

13mins

(including Prometheus)

SMAX: 0

CMS: 0

Apply OMT Patch

Upgrade OP

N/A

0N/A

Upgrade SMAX/HCMX, UCMDB, Audit in parallel

  • Upgrade SMAX/HCMX
  • Upgrade UCMDB
  • Upgrade Audit service
  • SMAX/HCMX: 29mins
  • UCMDB: 12 mins
  • Audit Service: 12mins

SMAX: 2mins

UCMDB: 1mins

Audit Services: 0

Install ESM 25.2.2 Patch
Install UD/UCMDB 25.2.2 Patch
Install Audit 25.2.2 patch

Upgrade OO

Upgrade OO when SMAX/HCMX upgrade finish

(watch the pod of dnd-upgrade-job-xxx and cgro-deploy-controller, until they become to Completed, then you can start to upgrade OO)

22mins

0

Install OO 25.2.2 patch

Upgrade OO external RAS

4

Post-Upgrade

Aviator

/N/A//

SMAX/HCMX post upgrade task:

  • Upgrade EKS cluster

Upgrade yet to do in US7 simulation time.

Perform post-upgrade tasks as the suite admin

  • Database Support matrix:
    PostgreSQL 16.x, 15.x, 14.x, 13.x
  • Managed Kubernetes clusters:
    Amazon Elastic Kubernetes Service (EKS) 1.32.x, 1.31.x, 1.30.x

SMAX OPB agent status check

25.2.2 include OPB agent upgrade.

Compare the OPB agent status check before the upgrade and ensure all live OPB agent are upgrades successfully with new version and connection keep live

Upgrade external OO RAS

5 minutes for one external ras (Download & upgrade)Upgrade External OO RAS - Service Management

Need to upgrade OO RAS or internal owned tenants:

  • X4X Prod
  • X4X Dev OpsB
  • X4X Dev DCA

5

Rollback

ESM Disaster & Recovery Solution

+ +## Attachments: + +[image2024-12-16\_10-55-45.png](attachments/705001241/705001110.png) (image/png) diff --git a/knowledgebase/csd-wiki/ICSD/ESM-SaaS-Upgrade-to-version-25.3.1-from-25.3_713194452.md b/knowledgebase/csd-wiki/ICSD/ESM-SaaS-Upgrade-to-version-25.3.1-from-25.3_713194452.md new file mode 100644 index 00000000..ba74b4fe --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/ESM-SaaS-Upgrade-to-version-25.3.1-from-25.3_713194452.md @@ -0,0 +1,8 @@ +# ESM-SaaS-Upgrade-to-version-25.3.1-from-25.3_713194452 +## Upgrade Procedures + +

No

Phase

Upgrade Tasks

Upgrade Duration

Downtime (min)

Doc Link

0

Get release package

Check ESM release package

  • OMT: 25.3.1-51
  • OP: Not Applicable for 25.3.1
  • SMAX/HCMX: 2.3.100-15+25.3.1
  • UCMDB: 2.3.100-58+25.3.1
  • OO: 1.8.101+25.3.1
  • Audit Service: 2.3.100-79+25.3.1
  • Audit Collector: 2.3.100-48+25.3.1
  • Aviator installer: 25.3.1-17
  • Aviator Addon: 25.3.1-17

1

Upgrade Preparation

SMAX/HCMX:

  • OPB agent status check
  • Check node status
  • Check all pod status
  • Perform Pre upgrade check: 5mins

UCMDB:

  • UD probe connectivity check
/

Audit Service:

/

OO:

  • RAS Node connectivity check
2mins

Aviator:

Existing integration in BO portal status & results from agent & service portal

2mins

OP:

N/AN/A

Backup SaaS Farm including Aviator

2

Upgrade Aviator

  • Upgrade Aviator
  • 2mins
025.3.1 Aviator Upgrade

Aviator was upgraded through pipeline this time as maple owned setup had some problem.

3

Upgrade Maintenance Window

Upgrade OMT

13mins

(including Prometheus)

SMAX: 0

CMS: 0

Apply OMT Patch

Upgrade OP

N/A

0N/A

Upgrade SMAX/HCMX, UCMDB, Audit in parallel

  • Upgrade SMAX/HCMX
  • Upgrade UCMDB
  • Upgrade Audit service
  • SMAX/HCMX: 29mins
  • UCMDB: 12 mins
  • Audit Service: 12mins

SMAX: 2mins

UCMDB: 1mins

Audit Services: 0

Install ESM 25.3.1 Patch
Install UD/UCMDB 25.3.1 Patch
Install Audit 25.3.1 patch

Upgrade OO

Upgrade OO when SMAX/HCMX upgrade finish

(watch the pod of dnd-upgrade-job-xxx and cgro-deploy-controller, until they become to Completed, then you can start to upgrade OO)

22mins

0

Install OO 25.3.1 patch

Upgrade OO external RAS

4

Post-Upgrade

Aviator

/N/A//

SMAX/HCMX post upgrade task:

  • Upgrade EKS cluster

Upgrade yet to do in US7 simulation time.

Perform post-upgrade tasks as the suite admin

  • Database Support matrix:
    PostgreSQL 16.x, 15.x, 14.x, 13.x
  • Managed Kubernetes clusters:
    Amazon Elastic Kubernetes Service (EKS) 1.32.x, 1.31.x, 1.30.x

SMAX OPB agent status check

25.3.1 include OPB agent upgrade.

Compare the OPB agent status check before the upgrade and ensure all live OPB agent are upgrades successfully with new version and connection keep live

Upgrade external OO RAS

5 minutes for one external ras (Download & upgrade)Upgrade External OO RAS - Service Management

Need to upgrade OO RAS or internal owned tenants:

  • X4X Prod
  • X4X Dev OpsB
  • X4X Dev DCA

5

Rollback

ESM Disaster & Recovery Solution

+ +## Attachments: + +[image2024-12-16\_10-55-45.png](attachments/713194452/713194421.png) (image/png) diff --git a/knowledgebase/csd-wiki/ICSD/ESM-SaaS-Upgrade-to-version-25.3.2-from-25.3.1_716275145.md b/knowledgebase/csd-wiki/ICSD/ESM-SaaS-Upgrade-to-version-25.3.2-from-25.3.1_716275145.md new file mode 100644 index 00000000..57251dd2 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/ESM-SaaS-Upgrade-to-version-25.3.2-from-25.3.1_716275145.md @@ -0,0 +1,8 @@ +# ESM-SaaS-Upgrade-to-version-25.3.2-from-25.3.1_716275145 +## Upgrade Procedures + +

No

Phase

Upgrade Tasks

Upgrade Duration

Downtime (min)

Doc Link

0

Get release package

Check ESM release package

  • OMT: 25.3.2-54
  • OP: op-1.3.1+25.3.2-39
  • SMAX/HCMX: esm-2.3.200+25.3.2
  • UCMDB: ucmdb-2.3.200+25.3.2-63
  • OO: 1.8.200+25.3.2
  • Audit Service: 2.3.200-100+25.3.2
  • Audit Collector: 2.3.200-60+25.3.2
  • Aviator installer: 25.3.2-2
  • Aviator Addon: 25.3.2-2

1

Upgrade Preparation

SMAX/HCMX:

  • OPB agent status check
  • Check node status
  • Check all pod status
  • Perform Pre upgrade check: 5mins

UCMDB:

  • UD probe connectivity check
/

Audit Service:

/

OO:

  • RAS Node connectivity check
2mins

Aviator:

Existing integration in BO portal status & results from agent & service portal

2mins

OP:

N/AN/A

Backup SaaS Farm including Aviator

2

Upgrade Aviator

  • Upgrade Aviator
  • 2mins
025.3.2 Aviator Upgrade

3

Upgrade Maintenance Window

Upgrade OMT

14mins

(including Prometheus)

SMAX: 0

CMS: 0

Apply OMT Patch

Upgrade OP

11 mins

0Apply OP Patch

Upgrade SMAX/HCMX, UCMDB, Audit in parallel

  • Upgrade SMAX/HCMX
  • Upgrade UCMDB
  • Upgrade Audit service
  • SMAX/HCMX: 30mins
  • UCMDB: 13 mins
  • Audit Service: 14 mins

SMAX: 2mins

UCMDB: 1mins

Audit Services: 0

Install ESM 25.3.2 Patch
Install UD/UCMDB 25.3.2 Patch
Install Audit 25.3.2 patch

Upgrade OO

Upgrade OO when SMAX/HCMX upgrade finish

(watch the pod of dnd-upgrade-job-xxx and cgro-deploy-controller, until they become to Completed, then you can start to upgrade OO)

26 mins

0

Install OO 25.3.2 patch

Upgrade OO external RAS

4

Post-Upgrade

Aviator

5mins0Verify post upgrade of aviator patch, if existing tenants search works as expected./

UCMDB post upgrade task:

SMAX OPB agent status check

25.3.2 include OPB agent upgrade.

Compare the OPB agent status check before the upgrade and ensure all live OPB agent are upgrades successfully with new version and connection keep live

Upgrade external OO RAS

5 minutes for one external ras (Download & upgrade)Upgrade External OO RAS - Service Management

Need to upgrade OO RAS or internal owned tenants:

  • X4X Prod
  • X4X Dev OpsB
  • X4X Dev DCA

5

Rollback

ESM Disaster & Recovery Solution

+ +## Attachments: + +[image2024-12-16\_10-55-45.png](attachments/716275145/716275136.png) (image/png) diff --git a/knowledgebase/csd-wiki/ICSD/ESM-SaaS-Upgrade-to-version_708227751.md b/knowledgebase/csd-wiki/ICSD/ESM-SaaS-Upgrade-to-version_708227751.md new file mode 100644 index 00000000..062c1311 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/ESM-SaaS-Upgrade-to-version_708227751.md @@ -0,0 +1,8 @@ +# ESM-SaaS-Upgrade-to-version_708227751 +## Upgrade Procedures + +

No

Phase

Upgrade Tasks

Upgrade Duration

Downtime (min)

Doc Link

0

Get release package

Check ESM release package

1

Upgrade Preparation

SMAX/HCMX:

  • Perform Pre upgrade check: 5mins

UCMDB:

  • UD probe connectivity check
/

Audit Service:

/

OO:

  • RAS Node connectivity check
mins

Aviator:

Existing integration in BO portal status & results from agent & service portal

mins

OP:

N/AN/A

Backup SaaS Farm including Aviator

2

Upgrade Aviator

  • Upgrade Aviator

mins

025.2.2 Aviator Upgrade

Aviator was upgraded through pipeline this time as maple owned setup had some problem.

3

Upgrade Maintenance Window

Upgrade OMT

mins

(including Prometheus)

SMAX: 0

CMS: 0

Upgrade OMT to 25.2.2

Upgrade OP

N/A

0N/A

Upgrade SMAX/HCMX, UCMDB, Audit in parallel

  • Upgrade SMAX/HCMX
  • Upgrade UCMDB
  • Upgrade Audit service
  • SMAX/HCMX: 29mins
  • UCMDB: 12 mins
  • Audit Service: 12mins

SMAX: 2mins

UCMDB: 1mins

Audit Services: 0

Install ESM 25.2.2 Patch
Install UD/UCMDB 25.2.2 Patch
Install Audit 25.2.2 patch

Upgrade OO

Upgrade OO when SMAX/HCMX upgrade finish

(watch the pod of dnd-upgrade-job-xxx and cgro-deploy-controller, until they become to Completed, then you can start to upgrade OO)

mins

0

Install OO 25.2.2 patch

Upgrade OO external RAS

4

Post-Upgrade

Reindex for Aviator tenants

minsN/ADocsMicrofocusThis duration is based on US7 simulation setup for one tenant

SMAX/HCMX post upgrade task:

  • Upgrade EKS cluster

Upgrade yet to do in US7 simulation time.

Perform post-upgrade tasks as the suite admin

  • Database Support matrix:
    PostgreSQL 16.x, 15.x, 14.x, 13.x
  • Managed Kubernetes clusters:
    Amazon Elastic Kubernetes Service (EKS) 1.32.x, 1.31.x, 1.30.x

SMAX OPB agent status check

25.2.2 include OPB agent upgrade.

Compare the OPB agent status check before the upgrade and ensure all live OPB agent are upgrades successfully with new version and connection keep live

Upgrade external OO RAS

minutes for one external ras (Download & upgrade)Upgrade External OO RAS - Service Management

Need to upgrade OO RAS or internal owned tenants:

  • X4X Prod
  • X4X Dev OpsB
  • X4X Dev DCA

5

Rollback

ESM Disaster & Recovery Solution

+ +## Attachments: + +[image2024-12-16\_10-55-45.png](attachments/708227751/708227750.png) (image/png) diff --git a/knowledgebase/csd-wiki/ICSD/ESM-Service-Health-Page_688996271.md b/knowledgebase/csd-wiki/ICSD/ESM-Service-Health-Page_688996271.md new file mode 100644 index 00000000..023b7e53 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/ESM-Service-Health-Page_688996271.md @@ -0,0 +1,19 @@ +# ESM-Service-Health-Page_688996271 +## Introduction + +**Related pages** + +- Page: + [ESM Cloud Farm Version Tracking](/display/ICSD/ESM+Cloud+Farm+Version+Tracking) +- Page: + [How to get an Opentext Confluence account](/display/ICSD/How+to+get+an+Opentext+Confluence+account) +- Page: + [ITOM APM AppPluse Cloud Farm Information](/display/ICSD/ITOM+APM+AppPluse+Cloud+Farm+Information) +- Page: + [ITOM Cloud Service Ops Doc Management Process](/display/ICSD/ITOM+Cloud+Service+Ops+Doc+Management+Process) +- Page: + [ITOM ESM Cloud Service Catalog](/display/ICSD/ITOM+ESM+Cloud+Service+Catalog) +- Page: + [ITOM OpsB NOM Cloud Service Catalog](/display/ICSD/ITOM+OpsB+NOM+Cloud+Service+Catalog) +- Page: + [OpsB and NOM Cloud Deployments Version Tracking](/display/ICSD/OpsB+and+NOM+Cloud+Deployments+Version+Tracking) diff --git a/knowledgebase/csd-wiki/ICSD/ESM-Tenant-Provisioning-Automation_686079418.md b/knowledgebase/csd-wiki/ICSD/ESM-Tenant-Provisioning-Automation_686079418.md new file mode 100644 index 00000000..52352983 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/ESM-Tenant-Provisioning-Automation_686079418.md @@ -0,0 +1,220 @@ +# ESM-Tenant-Provisioning-Automation_686079418 +## Introduction + +This guide introduces how to leverage the SMAX4SMAX tenant to deploy an ESM tenant, including all ESM capabilities (SMAX/HCMX/CMS/OO/SAM/ITOM Aviator). + +Here is the diagram to describe the X4X(SMAX4SMAX) tenant provision automation architecture: + +![](https://staging.docs.microfocus.com/mediawiki/images/8/8f/Snipaste_2022-05-10_10-06-52.jpg) + +## ESM Tenant Provision Strategy for SaaS Customers + +Based on the discussion with PM, the following is the strategy for ESM tenant provisioning for different SaaS customer types: + +- CMS + Native SACM should be deployed as default for all new customers in SaaS, (SMAX Premium, HCMX, AMX) and only SMAX Express will be limited unless a customer purchases discovery licenses or asks after deployment +- Important + If this is an existing SMAX customer who is adding on ucmdb, NSACM, UD or SAM: an onboarding checklist and pre-check must be done BEFORE the automated deployment of NSACM. Please check with CSM, Ops leaders and SaaS leaders before deployments to coordinate the NSACM onboarding process for this customer. Failure to follow can result in impacts to the customer. +- HCMX needs UCMDB by default after we introduce IaC Gateway, so we can deploy CMS for HCMX orders +- During X4X tenant provision automation is just using the SMAX internal production license, once the SaaS Ops team receives the official licenses be sure to follow the below table: + - Changing the license type according to the SaaS order + - Revoking internal production licenses + - Manually update the experience mode inside the tenant +- Except for tenant provision please double-check the number of assigned license units to ensure it is aligned with customer-purchased license units +- Please ensure to configure the correct experience mode in the SMAX tenant according to the license type +- If the customer didn’t specify the # of concurrent licenses or named license, let’s by default allocate license units as the concurrent user license + +![](https://staging.docs.microfocus.com/mediawiki/images/f/f9/Snipaste_2022-09-24_09-06-08.jpg) + +## Login to the SMAX4SMAX (X4X) tenant + +Please login to the SMAX4SMAX tenant by your Micro Focus account: + +[https://smax4smax.saas.microfocus.com](https://smax4smax.saas.microfocus.com/) or + +[https://us2-smax.saas.microfocus.com/saw/ess?TENANTID=202385354](https://us2-smax.saas.microfocus.com/saw/ess?TENANTID=202385354) + +## 1\. Service Offering Instruction + +### 1.1 Create a new ESM SaaS Customer + +Before the tenant provisioning, we may create a **Customer** first. One Customer can correspond to multiple tenants, and one tenant can only correspond to one Customer. If the **Customer** corresponding to the tenant you want to create already exists, you can skip this step. + +After logging into your X4X tenant, select the " **Create New ESM SaaS Customer** " service on the service portal to create a new **Customer**. Enter the Customer name and select the farm where the Customer will be deployed. + +![](attachments/686079418/686079394.png) + +![](https://staging.docs.microfocus.com/mediawiki/images/4/4e/20220510001.png) + +Once you submit the form, it will create a new request. + +Enter the agent interface to find the request, and a task plan will be run to call BO's API and create a " **Customer** " in BO. + +At the same time, a new record for the **Vendor** with company type "Customer" will be created in SMAX. + +![](https://staging.docs.microfocus.com/mediawiki/images/3/38/20220510002.png) + +![](https://staging.docs.microfocus.com/mediawiki/images/7/7c/20220510003.png) + +### 1.2 Provision a new ESM tenant (optional CMS, OO, DND, Aviator, FinOps) + +Now we could apply the service offering “ **Provision a new ESM tenant (optional CMS, OO, DND, Aviator, FinOps)** ” to create a new ESM tenant. + +![](attachments/686079418/686079398.png) + +#### Request Form Description + +##### SaaS Farm + +This is the farm on which the tenant will be located. + +This list will show the customer related to the "SaaS Farm". Please create a new one with step 1.1 if yours does not exist. + +##### Tenant Name + +Enter the tenant’s name. + +##### Tenant Type + +there are two choices for the tenant type. The “Production” tenant is for the paid customer and will be assigned an **internal production license**. The "Dev" tenant will be assigned an **internal non-production license**. + +##### Source Request + +If pre-sales or PM needs an ESM tenant for a demo or POC, they can only request it by raising a trial request in X4X. When the Ops team receives the trial request, they will start provisioning the tenant according to the trial request. As a source request, entering it in this field will help us track the status of the entire trial tenant workflow. + +##### License Expiration Time + +If this is a trial or temporary tenant, provide the tenant expiration date. For paying tenants, please skip. + +##### Are you the Primary contact for this SMAX Tenant? + +If so, the workflow sets the current requester as the tenant owner and creates an administrator account for the requester during tenant configuration. Otherwise, you must provide the **Customer First Name**, **Customer Last Name**, and **Customer Contact Email** from later steps to create an administrator account as the primary contact. + +##### Source Requestor + +If there is a source request, enter the requester of the source request, otherwise, enter the current requester. + +##### SMAX Demo Data + +Check it will deploy the SMAX demo data automatically after the ESM tenant deployment. + +##### SaaS Product + +Select the SaaS product type you are going to provision. + +##### CMS Required? (with SAM enabled) + +Check this if you need the CMS, the workflow will also enable the Native SACM and SAM. + +##### OO Required? + +Check this if the OO is going to be deployed. + +##### DND Required? + +Check this if the DND is going to be deployed. + +##### FinOps Required? + +Check this if the CGRO is going to be deployed. + +##### ITOM Aviator Required? + +Check this if the ITOM Aviator is needed. Currently, it is only available on the EU3. + +#### Workflow Description + +After the form is submitted, a new request will be generated, and the request's task plan will start executing and call BO's API to create and deploy a new tenant. + +![](https://staging.docs.microfocus.com/mediawiki/images/8/87/20220510005.png) + +### 1.3 Provision add-on capabilities to an existing tenant + +You can now use "Provision add-on capabilities to an existing tenant" to enable capabilities on existing tenants you own. + +![](attachments/686079418/686079400.png) + +Please refer to **1.2** for all form instructions. + +## Email Notification + +Once the tenant deployment is successful, the primary contact will receive a notification email indicating that SMAX is ready. + +![](attachments/686079418/686079407.png) + +## ESM Tenant System Account Owned by SaaS Ops + +During the tenant creation, some system user accounts owned by the OPS team will be created. + +![](https://staging.docs.microfocus.com/mediawiki/images/6/6b/Snipaste_2022-05-10_14-00-33.jpg) + +The username and password will be stored in the AWS parameter store. To get them, we need to install AWS CLI first. + +The installation media: [https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2-windows.html](https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2-windows.html) + +The installation guide: [https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2-windows.html](https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2-windows.html) + +We can execute the command to get the username and password: + +**For SMAX:** +aws ssm get-parameter –name /{farm}/tenant/{tenantId}/smax/admin/name +aws ssm get-parameter –name /{farm}/tenant/{tenantId}/smax/admin/password –with-decryption + +**For CMS:** +aws ssm get-parameter –name /{farm}/tenant/{tenantId}/cms/admin/name +aws ssm get-parameter –name /{farm}/tenant/{tenantId}/cms/admin/password –with-decryption + +**For DND:** +aws ssm get-parameter –name /{farm}/tenant/{tenantId}/dnd/admin/name +aws ssm get-parameter –name /{farm}/tenant/{tenantId}/dnd/admin/password –with-decryption +aws ssm get-parameter –name /{farm}/tenant/{tenantId}/dnd/integration/name +aws ssm get-parameter –name /{farm}/tenant/{tenantId}/dnd/integration/password –with-decryption + +Please replace the {farm} as the farm on which the tenant is located. + +## 2\. Tenant Configuration in BO + +### 2.1. Forget password + +The SMAX tenant is turned on the forget password feature by default. We also could customize the configuration in BO. For example, it’s [https://us1-smax.saas.microfocus.com/bo](https://us1-smax.saas.microfocus.com/bo) for the US1 farm. We could log on to BO with suite-admin credentials and select the tenant needs to change. And go to the **“IdM settings”**. + +![](https://staging.docs.microfocus.com/mediawiki/images/c/cc/P1.png) + +Select **“Customization”** and update the settings in **“FORGOTTEN PASSWORDS”**. + +![](https://staging.docs.microfocus.com/mediawiki/images/2/21/P2.png) + +### 2.2. Internal Production License + +The tenant has installed an internal production license by default. We could check it in the **“Licenses”** tab from BO for SMAX and HCMX. + +![](https://staging.docs.microfocus.com/mediawiki/images/4/4b/P3.png) + +For OO, we could check it in the “Autopass” UI like [https://oo.us1-smax.saas.microfocus.com/autopass](https://oo.us1-smax.saas.microfocus.com/autopass) ” for the US1 farm with suite-admin credentials. + +![](https://staging.docs.microfocus.com/mediawiki/images/4/48/P4.png) + +### 2.3. CMS/HCMX/OO Admin Permission Assignment + +The tenant will create a default admin account with admin permission. If we need to add more accounts as admin, go to the **“IDM settings”** of BO and the **“Groups”** tab. + +![](https://staging.docs.microfocus.com/mediawiki/images/c/cc/P1.png) + +We could find a group name the same as the tenant ID, which is the CMS admin group. + +![](https://staging.docs.microfocus.com/mediawiki/images/8/85/P6x3.png) + +We could add associate people to the **“Associated Users”** and the people have been grant the admin role for CMS. + +![](https://staging.docs.microfocus.com/mediawiki/images/6/64/P7.png) + +For the HCMX Content Store, we could add users to **“Content Store Tenant Administrators”** to grant the content store admin role. + +![](https://staging.docs.microfocus.com/mediawiki/images/d/d0/P8.png) + +For DND, we could add users to **“DND Administrators”** to grant DND admin role. + +![](https://staging.docs.microfocus.com/mediawiki/images/4/49/P9.png) + +For OO, we could add users to **“OO Administrators”** to grant OO admin role. + +![](https://staging.docs.microfocus.com/mediawiki/images/a/a4/P10.png) diff --git a/knowledgebase/csd-wiki/ICSD/ESM-WAF-Enablement-Tracking_688996216.md b/knowledgebase/csd-wiki/ICSD/ESM-WAF-Enablement-Tracking_688996216.md new file mode 100644 index 00000000..0ad2b00f --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/ESM-WAF-Enablement-Tracking_688996216.md @@ -0,0 +1,40 @@ +# ESM-WAF-Enablement-Tracking_688996216 +ESM Cloud Farms + +| | ###### SMAX | ###### UCMDB | ###### AUDIT | ###### AVIATOR | +| --- | --- | --- | --- | --- | +| ###### JP12-STG | DENY | DENY | DENY | N/A | +| ###### US2-DEV | DENY | DENY | DENY | N/A | +| ###### AP10-PROD | OBSERVE | NO | NO | N/A | +| ###### BR14-PROD | NO | NO | NO | N/A | +| ###### CA16-PROD | DENY | NO | NO | N/A | +| ###### EU3-PROD | DENY | OBSERVE | OBSERVE | N/A | +| ###### EU8-PROD | NO | NO | NO | N/A | +| ###### EU18-PROD | NO | NO | NO | N/A | +| ###### EU28-PROD | NO | NO | NO | N/A | +| ###### EU30-AVIATOR | N/A | N/A | N/A | DENY | +| ###### EU32-AVIATOR | N/A | N/A | N/A | NO | +| ###### JP12-PROD | NO | NO | NO | N/A | +| ###### SA34-PROD | DENY | NO | NO | N/A | +| ###### US2-PROD | DENY | NO | NO | N/A | +| ###### US6-PROD | OBSERVE | NO | NO | N/A | +| ###### US7-PROD | DENY | OBSERVE | OBSERVE | N/A | +| ###### US24-PROD | DENY | NO | NO | N/A | +| ###### US26-PROD | DENY | NO | NO | N/A | + +**Related pages** + +- Page: + [ESM Cloud Farm Version Tracking](/display/ICSD/ESM+Cloud+Farm+Version+Tracking) +- Page: + [How to get an Opentext Confluence account](/display/ICSD/How+to+get+an+Opentext+Confluence+account) +- Page: + [ITOM APM AppPluse Cloud Farm Information](/display/ICSD/ITOM+APM+AppPluse+Cloud+Farm+Information) +- Page: + [ITOM Cloud Service Ops Doc Management Process](/display/ICSD/ITOM+Cloud+Service+Ops+Doc+Management+Process) +- Page: + [ITOM ESM Cloud Service Catalog](/display/ICSD/ITOM+ESM+Cloud+Service+Catalog) +- Page: + [ITOM OpsB NOM Cloud Service Catalog](/display/ICSD/ITOM+OpsB+NOM+Cloud+Service+Catalog) +- Page: + [OpsB and NOM Cloud Deployments Version Tracking](/display/ICSD/OpsB+and+NOM+Cloud+Deployments+Version+Tracking) diff --git a/knowledgebase/csd-wiki/ICSD/ESM-license-generation-detail_686070325.md b/knowledgebase/csd-wiki/ICSD/ESM-license-generation-detail_686070325.md new file mode 100644 index 00000000..7a7e17b1 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/ESM-license-generation-detail_686070325.md @@ -0,0 +1,96 @@ +# ESM-license-generation-detail_686070325 +## SMAX + +For SMAX we sell the licenses based on a number of “user units”. + +- Every customer will purchase 1 foundation license + a quantity of the add on 1 unit license +- for each foundation there is a matching 1 unit sku +- We then have 2 different license types “Express” And “Premium”. +- A customer cannot mix license types on the same tenant +- Premium licenses include 1 prod and 1 dev tenant +- Express licenses only include 1 prod. There is no dev tenant included +- There is 1 exception to this and that is the “powered by” Express foundation SKU – a special sku that includes the dev tenant ( its limited to only certain partners) +- 1 st Dev tenant for a customer must always be provisioned on the same farm as their production tenant. + +In the tables below I have listed the quantity of units included with each license type. + +When it comes to licenses being applied to dev instances the general rule of thumb is 25% of the total number of “user units” is applied to the dev tenant + +- So for example if a customer purchased 1x SA-AB918 + 10x SA-AB919 ( providing a total of 60 units), 15 units would be applied to the dev tenant. +- We are ok with rounding up on dev tenants, so for example if a customer just bought the SA-AB918 license ( 50 units) then you can deploy 13 units on dev. +- In general we are “ok” if we apply a few extra on dev. +- I guess if we want to make sure control tower does this properly and generates the license files, we should assume the foundation includes that 25% quantity ( 13 for a 50 unit foundation and 5 for a 20 unit foundation) + +**complicated bit** + +- There is a non-production tenant SKU that allows a customer to purchase a “dev” ( customer can purchase as many additional non production tenants as they like). +- Each non production tenant follows the above plan and gets 25% of production units applied to the tenant +- We typically see express customers purchase this ( to get a “dev” tenant) and in those cases the tenant would be deployed on the same farm +- but we also see many customers use this to purchase a 2 nd non production tenant + - We allow the customer to choose the deployment location of this tenant. Some choose to have it on the same farm as the others, but some will ask for this to go on the EU3 / US7 farms that get upgraded earlier, so that they can get early access to play with the new release +- For non-production tenant SKU, CS Ops will follow the same strategy to generate license for a "dev" tenant. + +| **SKU** | **Name** | **units included for prod** | **Dev included as standard?** | +| --- | --- | --- | --- | +| **SA-AC055** | MSP SMAX Express 1 unit | 1 | N | +| **SA-AC054** | MSP Express Foundation | 20 | N | +| **SA-AC190** | Fedramp SMAX express 1 unit | 1 | N | +| **SA-AC189** | Fedramp SMAX express foundation | 20 | N | +| **SA-AB923** | SMAX Express 1 unit | 1 | N | +| **SA-AB922** | SMAX Express Foundation | 20 | N | +| **SA-AB998** | Express Powered By Foundation | 20 | Y | +| **SA-AB999** | Express Powered By 1 Unit | 1 | Y | + +| **SKU** | **Name** | **units included for prod** | **Dev included as standard?** | +| --- | --- | --- | --- | +| **SA-AC053** | MSP SMAX Premium 1 unit | 1 | Y | +| **SA-AC052** | MSP SMAX Premium foundation | 20 | Y | +| **SA-AC188** | Fedramp Premium 1 unit | 1 | Y | +| **SA-AC187** | Fedramp Premium Foundation | 50 | Y | +| **SA-AB919** | SMAX Premium 1 unit | 1 | Y | +| **SA-AB918** | SMAX premium Foundation | 50 | Y | +| **SA-AB921** | Premium Powered By 1 unit | 1 | Y | +| **SA-AB920** | Premium Powered By Foundation | 20 | Y | + +## UCMDB + +There are 2 deployment modes for Universal Discovery and CMDB in SaaS. Customers may purchase Universal Discovery capability as part of their SMAX/AMX/HCMX purchase which then includes the UCMDB Foundation license as part of the SMAX/AMX/HCMX Foundation product. Or they can purchase a UCMDB Foundation license separately and use Universal Discovery and CMDB outside the scope of SMAX/AMX/HCMX. + +UCMDB Foundation licenses would typically be sold when the customer has another ITSM tool they use instead of SMAX (i.e. ServiceNow, JiraSM, BMC, or their own ITSM software). + +- Standalone UCMDB Foundation (SA-AC098) provides 1 UCMDB Foundation license + 500 Premium Discovery licenses. This deployment is based on the standard ESM SaaS deployment and can be shared with other customers. +- Dedicated UCMDB Foundation (SA-AC236) provides 1 UCMDB Foundation license + 20,000 Premium Discovery licenses. This deployment is based on the standard ESM SaaS deployment but does not have any other customer assigned to this farm. + +Universal Discovery licenses work in either deployment mode. + +- Premium Discovery licenses (SA-AB820) provide for full discovery of 1 server and include capacity for 1,000 CIs and relationships +- Asset Discovery licenses (SA-AB882) provide inventory discovery for 1 server or desktop, and includes the ability to run any discovery job necessary to fully meet the SAM requirement of AMX. Asset Discovery license also provide for 1,000 CIs and relationships per license. +- CI Management licenses are the same SKU as the Asset Discovery license (SA-AB882) and can be used to import 20 devices (servers or desktops/laptops), or can simply be used to provide additional storage capacity (1,000 CIs and relationships per license). +- In all cases, each license, regardless of the type (except for Probe Connection licenses), provides storage capacity for 1,000 CIs and relationships. +- Probe connection licenses (SA-AC238) are available for every 1,000 licenses (regardless of type) +- 1 – 1,999 licenses = 1 probe + - 2,000 – 2,999 licenses = 2 probes + - 3,000 – 3,999 licenses = 3 probes + - etc +- Universal Discovery Foundation licenses provide for 1 prod tenant and 1 dev tenant. Universal Discovery licenses purchased as part of a SMAX/AMX/HCMX deal will follow whatever tenant rules apply for the SMAX purchase. +- 1 st Dev tenant for a customer must always be provisioned on the same farm as their production tenant. + +In the tables below I have listed the quantity of units included with each license type. + +Dev license rule of thumb + +When it comes to licenses being applied to dev instances the general rule of thumb is 25% of the total number of Universal Discovery licenses (Premium or Asset or CI Management) is applied to the dev tenant + +- So for example if a customer purchased 1,000 x SA-AB882 + 1000 x SA-AB820 (providing a total of 2,000 licenses), 250 x SA-AB882 and 250 x SA-AB820 would be deployed to DEV +- We are ok with rounding up on dev tenants. +- If a customer requests more than 25% license on their DEV, contact the Universal Discovery and CMDB Product Managers. + +| **SKU** | **Name** | **units included for prod** | **Dev included as standard?** | +| --- | --- | --- | --- | +| **SA-AC098** | Universal Discovery and CMDB Foundation 500 Unit SaaS | 1 | Y | +| **SA-AC236** | Universal Discovery Dedicated Foundation 20000 Unit SaaS | 1 | Y | +| **SA-AB882** | Universal Discover (UD) Asset Discovery and CI Management 1 Unit SaaS | 1 | N | +| **SA-AB820** | Universal Discovery 1 Premium SaaS | 1 | N | +| **SA-AC238** | Universal Discovery Additional DFP Connection 1 Unit SaaS | 1 | N | +| **SA-AC194** | Universal Discovery Asset Discovery and CI Management FedRAMP 1 Unit SaaS | 1 | N | +| **SA-AC193** | Universal Discovery 1 Premium FedRAMP SaaS | 1 | N | diff --git a/knowledgebase/csd-wiki/ICSD/EU-managed-farm_686065589.md b/knowledgebase/csd-wiki/ICSD/EU-managed-farm_686065589.md new file mode 100644 index 00000000..b7d39381 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/EU-managed-farm_686065589.md @@ -0,0 +1,77 @@ +# EU-managed-farm_686065589 +## Introduction + +This page presents all the information for the EU (European Union) managed farm. It's also called DPZ (Data Protection Zone) in OpenText. + +## Background + +Customers like government, insurance and banking in Europe usually have requirements to have a dedicated farm which is isolated on multiple areas. + +1. The support engineers need to live in EU +2. The support engineers need to be EU citizen +3. The data need to stay within EU +4. Combined requirement which is one of below + 1. 1+3 (Preferred by ITOM SaaS PMs) + 2. 2+3 + 3. 1+2+3 (Similar to FedRAMP) + +## Isolation considerations + +1. Supporting engineer isolation + 1. App Ops - EU engineers + 2. SRE / Network / Infra Ops - EU engineers? + 3. Cloud Vendor - N/A +2. Account & Credentials isolation + 1. Only allow EU engineers to connect to the infra during operation + 2. Isolation of authentication (Like SAML, OKTA, those data can be kept outside of EU as long as it's OpenText employee data.) + 3. Dedicated LZ? + 4. Dedicated AWS Account +3. Domain isolation (optional for EU) + 1. Dedicated FQDN +4. Supporting pipelines (optional for EU) +5. Supporting system like PCS (Proactive Customer System) + 1. Dedicated PCS (The LDAP/SAML need to be in EU as it will keep the customer data.) + +## Required services in Landing Zone + +1. Central Services required for the 1st phase\* + (\*1st phase means once it's ready, App Ops can start the work) + 1. Dedicated AWS Accounts with SAML & OU setup + 1. LZ Accounts + 2. App Accounts + 2. Landing Zone functions + 1. GW (Shared Account for AMI purpose, Security Account, Central Infra Logging like CloudTrail and AWS Config) + 2. Core (Network including firewall and TGW) +2. Central Services required for the 2nd phase + 1. Landing Zone functions + 1. Core (AD/DNS) + 2. EPO + 3. Qualys + 4. ArcSight +3. Central Services not required for the 1st & 2nd phase + 1. Central Monitoring like sitescope + 2. Central Log analytics + 3. Artifactory + +## Questionnaire for different functions as data processors + +| **Function** | **Process Customer Data?** | **Access Requirement** | **Compliance Status** | **Gaps to comply** | **Remediation Measures** | +| --- | --- | --- | --- | --- | --- | +| **AWS Services** | - Yes (depends on the service) | - Supporting function with customer data processing need to be located within EU-boundaries. | - No (AWS support personnel is worldwide) | - AWS doesn’t have an offering to process customer data within EU that meets ECB timeline | - Enable encryption at rest and encryption in transit. | +| **Infrastructure - Foundations** | - Yes | - Access control need to restrict the ability to access customer data | - Yes (Infrastructure – Foundations engineers can be worldwide) | - Shared Landing Zone will have | - Choose one of below - Build Dedicated Landing Zone - Define boundaries in those infra accounts and have isolated role for EU and other access. | +| **Infrastructure – Backing Services - DBA** | - Yes | - Supporting function with customer data processing need to be located within EU-boundaries. | - Yes (Normally the DBA role is played by Application Operations, who works in EU.) | - Since only EU personnel is allowed to work on this, they can only work 8x5, not 7x24. | - Further agreement need to be aligned with customer or additional support is required. | +| **Infrastructure – Storage** | - Yes | - Supporting function with customer data processing need to be located within EU-boundaries. | - Yes (Normally the Infrastructure - Storage role is played by Application Operations, who works in EU.) | - Since only EU personnel is allowed to work on this, they can only work 8x5, not 7x24. | - Further agreement need to be aligned with customer or additional support is required. | +| **Cloud Operations and Level 2 Support** | - Yes | - Supporting function with customer data processing need to be located within EU-boundaries. Access control need to restrict the ability to access customer data if not required. | - Yes | - Since only EU personnel is allowed to work on this, they can only work 8x5, not 7x24. | - Further agreement need to be aligned with customer or additional support is required. | +| **PAAS /SRE** | - Yes | - Supporting function with customer data processing need to be located within EU-boundaries. | - No (PAAS /SRE engineers can be worldwide) | - OpenText doesn’t have an offering to process customer data within EU that meets ECB timeline | - Enable encryption at rest and encryption in transit. | +| **Customer Support - Level 1 Support** | - Yes | - Supporting function need to be located within EU-boundaries. | - Yes | - Since only EU personnel is allowed to work on this, they can only work 8x5, not 7x24. | - Further agreement need to be aligned with customer or additional support is required. | +| **Engineering Support - Level 3 Support** | - No | - OT personnel access: non-restricted assignment to EU persons located in EU. Shared Logs with non-EU staff needs exclude PII. Sharing screen will require customer approval. | - Yes | | | + +## Certifications + +1. Currently it's not expected to cover any Europe certifications. +2. Several certifications can be considered in the future. + +## Further considerations + +1. As AWS European Sovereign Cloud is built in progress, which will provide isolation similar to GovCloud. It will be considered as a future phase of migration to provide better service to customers. + [https://aws.amazon.com/blogs/aws/in-the-works-aws-european-sovereign-cloud/](https://aws.amazon.com/blogs/aws/in-the-works-aws-european-sovereign-cloud/) diff --git a/knowledgebase/csd-wiki/ICSD/Enable-Discovery-module-on-UCMDB-UI-on-SaaS_688987735.md b/knowledgebase/csd-wiki/ICSD/Enable-Discovery-module-on-UCMDB-UI-on-SaaS_688987735.md new file mode 100644 index 00000000..380be1bb --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/Enable-Discovery-module-on-UCMDB-UI-on-SaaS_688987735.md @@ -0,0 +1,34 @@ +# Enable-Discovery-module-on-UCMDB-UI-on-SaaS_688987735 +## Introduction + +By default, on SaaS, users could only run discovery/integration on UCMDB Web UI. + +In order to enable discovery module on Applet UI, you could invoke the JMX method **setSettingValue** with the parameter **appilog.collectors.enableZoneBasedDiscovery** and set it to **false**. + +![](attachments/688987735/688987734.png) + +Then in UCMDB UI, the following modules will be displayed (If you already opened Local Client, please close the old window, and open a new window): + +\-Integration Studio + +\-Universal Discovery + +\-Service Discovery + +\-Discovery job in Reconciliation Priority + +\-Data Flow Probe Setup + +\-Data Flow Probe Status + +**Note the following if you decide to switch from UCMDB Web UI-based discovery solution to UCMDB UI-based discovery solution:** + +- You CANNOT run discovery from both UCMDB Web UI and UCMDB UI at the same time. You can use either the UCMDB Web UI-based discovery solution, or the UCMDB UI-based discovery solution. +- DO NOT switch to UCMDB UI-based discovery solution if you already started using UCMDB Web UI for discovery. Otherwise the configuraitons you made in UCMDB Web UI will get lost. +- This setting takes effect immediately, no reboot required. +- This setting is controlled by the SaaS Ops team. +- After disabling this setting, users cannot run discovery/integration on UCMDB Web UI. + +## Attachments: + +[image2024-8-5\_15-21-7.png](attachments/688987735/688987734.png) (image/png) diff --git a/knowledgebase/csd-wiki/ICSD/Enable-ITOM-Aviator-for-ESM-tenant_688996800.md b/knowledgebase/csd-wiki/ICSD/Enable-ITOM-Aviator-for-ESM-tenant_688996800.md new file mode 100644 index 00000000..046268be --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/Enable-ITOM-Aviator-for-ESM-tenant_688996800.md @@ -0,0 +1,19 @@ +# Enable-ITOM-Aviator-for-ESM-tenant_688996800 +## Introduction + +**Related pages** + +- Page: + [ESM Cloud Farm Version Tracking](/display/ICSD/ESM+Cloud+Farm+Version+Tracking) +- Page: + [How to get an Opentext Confluence account](/display/ICSD/How+to+get+an+Opentext+Confluence+account) +- Page: + [ITOM APM AppPluse Cloud Farm Information](/display/ICSD/ITOM+APM+AppPluse+Cloud+Farm+Information) +- Page: + [ITOM Cloud Service Ops Doc Management Process](/display/ICSD/ITOM+Cloud+Service+Ops+Doc+Management+Process) +- Page: + [ITOM ESM Cloud Service Catalog](/display/ICSD/ITOM+ESM+Cloud+Service+Catalog) +- Page: + [ITOM OpsB NOM Cloud Service Catalog](/display/ICSD/ITOM+OpsB+NOM+Cloud+Service+Catalog) +- Page: + [OpsB and NOM Cloud Deployments Version Tracking](/display/ICSD/OpsB+and+NOM+Cloud+Deployments+Version+Tracking) diff --git a/knowledgebase/csd-wiki/ICSD/Enable-ITOM-Aviator-for-SMAX-on-premise-customer_688996802.md b/knowledgebase/csd-wiki/ICSD/Enable-ITOM-Aviator-for-SMAX-on-premise-customer_688996802.md new file mode 100644 index 00000000..5256169d --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/Enable-ITOM-Aviator-for-SMAX-on-premise-customer_688996802.md @@ -0,0 +1,19 @@ +# Enable-ITOM-Aviator-for-SMAX-on-premise-customer_688996802 +## Introduction + +**Related pages** + +- Page: + [ESM Cloud Farm Version Tracking](/display/ICSD/ESM+Cloud+Farm+Version+Tracking) +- Page: + [How to get an Opentext Confluence account](/display/ICSD/How+to+get+an+Opentext+Confluence+account) +- Page: + [ITOM APM AppPluse Cloud Farm Information](/display/ICSD/ITOM+APM+AppPluse+Cloud+Farm+Information) +- Page: + [ITOM Cloud Service Ops Doc Management Process](/display/ICSD/ITOM+Cloud+Service+Ops+Doc+Management+Process) +- Page: + [ITOM ESM Cloud Service Catalog](/display/ICSD/ITOM+ESM+Cloud+Service+Catalog) +- Page: + [ITOM OpsB NOM Cloud Service Catalog](/display/ICSD/ITOM+OpsB+NOM+Cloud+Service+Catalog) +- Page: + [OpsB and NOM Cloud Deployments Version Tracking](/display/ICSD/OpsB+and+NOM+Cloud+Deployments+Version+Tracking) diff --git a/knowledgebase/csd-wiki/ICSD/Enable-Optic-Data-Lake-Preparation_688996348.md b/knowledgebase/csd-wiki/ICSD/Enable-Optic-Data-Lake-Preparation_688996348.md new file mode 100644 index 00000000..c0e21dca --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/Enable-Optic-Data-Lake-Preparation_688996348.md @@ -0,0 +1,79 @@ +# Enable-Optic-Data-Lake-Preparation_688996348 +This is wiki helps the R&D team for the preparation of ESM and Operation Platform Integration for a tenant. + +Pre-condition: + +ESM is deployed in a namsapce + +Operation Platfrom is deployed a diferent namepsace + +Automation Center capabilty is enabled for a Tenant + +## 1\. Configure OPTIC Data Lake certificates + +### Download OPTIC Data Lake certificates + +[https://docs.microfocus.com/doc/SMAX/24.3/IntegrateODL](https://docs.microfocus.com/doc/SMAX/24.3/IntegrateODL) + +Take `https://:30443/` as an example. + +Follow the below steps to get certificates: + +1. Invoke Visit `https://:30443/ browser`, click **Not secure** and **Certificate is not valid**. +2. Go to the **Details** tab and select the root certificate, then click **Export**. + +If you want to use ports different from 443, you also need to import different certificates for them. For example, you have the following Administration and Data receiver URLs: + +- https://< `OpsbServerName` >:30004/itom-data-ingestion-administration +- https://< `OpsbServerName` >:30001/itom-data-ingestion-receiver + +Follow the below steps to get certificates: + +1. `Invoke https://:30004/`, click **Not secure** and **Certificate is not valid**. +2. Go to the **Details** tab and select the root certificate, then click **Export**. +3. Visit `https://:30001/`, click **Not secure** and **Certificate is not valid**. +4. Go to the **Details** tab and select the root certificate, then click **Export**. + +### Import ODL certificate into SMAX + +Export the crt and copy into /var/vols/itom/itsma//certificate/source Eg: /var/vols/itom/itsma/config-volume/certificate/source + +On AWS: /efs/var/vols/itom/itsma/config-volume/certificate/source + +## 2\. Restart SMAX pods by running commands on a control plane node or the bastion node: + +Connect to the master node of the SMAX cluster deployed and running. + +1. Run the following commands to restart the SMAX platform pods. +``` +kubectl rollout restart deployment -n itsma-xxxx itom-xruntime-platform +kubectl rollout restart deployment -n itsma-xxxx itom-xruntime-platform-offline +``` + +2\. Run the following command to restart the bo-ats pod. + +``` +kubectl rollout restart deployment -n itsma-xxxx itom-bo-ats-deployment + + 3. Run the following command to restart the ac-vulnerability-patching + kubectl rollout restart deployment -n itsma-xxxx itom-ac-vulnerability-and-patching + +[Wait until all the pods are deleted pods are started and running successfully] +``` + +**Related pages** + +- Page: + [ESM Cloud Farm Version Tracking](/display/ICSD/ESM+Cloud+Farm+Version+Tracking) +- Page: + [How to get an Opentext Confluence account](/display/ICSD/How+to+get+an+Opentext+Confluence+account) +- Page: + [ITOM APM AppPluse Cloud Farm Information](/display/ICSD/ITOM+APM+AppPluse+Cloud+Farm+Information) +- Page: + [ITOM Cloud Service Ops Doc Management Process](/display/ICSD/ITOM+Cloud+Service+Ops+Doc+Management+Process) +- Page: + [ITOM ESM Cloud Service Catalog](/display/ICSD/ITOM+ESM+Cloud+Service+Catalog) +- Page: + [ITOM OpsB NOM Cloud Service Catalog](/display/ICSD/ITOM+OpsB+NOM+Cloud+Service+Catalog) +- Page: + [OpsB and NOM Cloud Deployments Version Tracking](/display/ICSD/OpsB+and+NOM+Cloud+Deployments+Version+Tracking) diff --git a/knowledgebase/csd-wiki/ICSD/Enable-Optic-Data-Lake_688996343.md b/knowledgebase/csd-wiki/ICSD/Enable-Optic-Data-Lake_688996343.md new file mode 100644 index 00000000..d6d779aa --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/Enable-Optic-Data-Lake_688996343.md @@ -0,0 +1,27 @@ +# Enable-Optic-Data-Lake_688996343 +**Related pages** + +- Page: + [ESM Cloud Farm Version Tracking](/display/ICSD/ESM+Cloud+Farm+Version+Tracking) +- Page: + [How to get an Opentext Confluence account](/display/ICSD/How+to+get+an+Opentext+Confluence+account) +- Page: + [ITOM APM AppPluse Cloud Farm Information](/display/ICSD/ITOM+APM+AppPluse+Cloud+Farm+Information) +- Page: + [ITOM Cloud Service Ops Doc Management Process](/display/ICSD/ITOM+Cloud+Service+Ops+Doc+Management+Process) +- Page: + [ITOM ESM Cloud Service Catalog](/display/ICSD/ITOM+ESM+Cloud+Service+Catalog) +- Page: + [ITOM OpsB NOM Cloud Service Catalog](/display/ICSD/ITOM+OpsB+NOM+Cloud+Service+Catalog) +- Page: + [OpsB and NOM Cloud Deployments Version Tracking](/display/ICSD/OpsB+and+NOM+Cloud+Deployments+Version+Tracking) + +## Attachments: + +[image2024-7-31\_15-47-3.png](attachments/688996343/688996337.png) (image/png) +[image2024-7-9\_12-43-29.png](attachments/688996343/688996338.png) (image/png) +[image2024-7-9\_12-44-14.png](attachments/688996343/688996339.png) (image/png) +[image2024-7-9\_12-45-12.png](attachments/688996343/688996340.png) (image/png) +[image2024-7-9\_12-51-55.png](attachments/688996343/703391776.png) (image/png) +[image2024-7-9\_12-55-28.png](attachments/688996343/703391777.png) (image/png) +[image2024-7-9\_12-59-19.png](attachments/688996343/703391782.png) (image/png) diff --git a/knowledgebase/csd-wiki/ICSD/Enable-TLS-1.3-in-AWS-ALB_688996484.md b/knowledgebase/csd-wiki/ICSD/Enable-TLS-1.3-in-AWS-ALB_688996484.md new file mode 100644 index 00000000..722f27f0 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/Enable-TLS-1.3-in-AWS-ALB_688996484.md @@ -0,0 +1,40 @@ +# Enable-TLS-1.3-in-AWS-ALB_688996484 +To enable TLS 1.3 in AWS Application Load Balancer, you will need to modify the following Ingress files to include the TLS 1.3 annotations. + +| Product | File Name | Helpful Links | +| --- | --- | --- | +| SMAX | suite-ingress.yaml | [Deploy the suite](https://staging.docs.microfocus.com/itom/SMAX:23.4/EKSDeploySuite) | +| OMT | management-portal-ingress.yaml | [Deploy the infrastructure services](https://staging.docs.microfocus.com/itom/SMAX:23.4/EKSDeployInfra) | +| Containerized OO | oo-ingress.yaml oo-internal-ingress.yaml smax-integration-ingress.yaml | [Configure load balancers for OO](https://staging.docs.microfocus.com/itom/SMAX:23.4/ConfigureALBEKSOOC) | +| Containerized CMS | cms-ingress.yaml cms-integration-ingress.yaml smax-integration-ingress.yaml | [Configure load balancers for CMS](https://staging.docs.microfocus.com/itom/SMAX:23.4/ConfigureALBEksCms) and [Create Application Load Balancer for integration](https://staging.docs.microfocus.com/itom/SMAX:23.4/IntegrationALBCms) | +| Audit | audit-service-internal-ingress.yaml audit-service-public-ingress.yaml | [Configure load balancer for Audit service](https://staging.docs.microfocus.com/itom/SMAX:23.4/ConfigureALBEksAudit) and [Create application load balancer for Audit service](https://staging.docs.microfocus.com/itom/SMAX:23.4/IntegrationALBAudit) | + +Perform the following steps in each Ingress file: + +1. Add the `ssl-policy` command under annotations. + ``` + alb.ingress.kubernetes.io/ssl-policy: ELBSecurityPolicy-TLS13-1-2-Res-2021-06 + ``` + If the file already contains an `ssl-policy`, confirm its value is the same as above. +2. Run the following command to apply the updated Ingress file. + ``` + kubectl apply -f xxx-ingress.yaml + ``` + Replace `xxx-ingress.yaml` with the appropriate name of the Ingress file. + +**Related pages** + +- Page: + [ESM Cloud Farm Version Tracking](/display/ICSD/ESM+Cloud+Farm+Version+Tracking) +- Page: + [How to get an Opentext Confluence account](/display/ICSD/How+to+get+an+Opentext+Confluence+account) +- Page: + [ITOM APM AppPluse Cloud Farm Information](/display/ICSD/ITOM+APM+AppPluse+Cloud+Farm+Information) +- Page: + [ITOM Cloud Service Ops Doc Management Process](/display/ICSD/ITOM+Cloud+Service+Ops+Doc+Management+Process) +- Page: + [ITOM ESM Cloud Service Catalog](/display/ICSD/ITOM+ESM+Cloud+Service+Catalog) +- Page: + [ITOM OpsB NOM Cloud Service Catalog](/display/ICSD/ITOM+OpsB+NOM+Cloud+Service+Catalog) +- Page: + [OpsB and NOM Cloud Deployments Version Tracking](/display/ICSD/OpsB+and+NOM+Cloud+Deployments+Version+Tracking) diff --git a/knowledgebase/csd-wiki/ICSD/FIX-aviator-capability-on-BO-UI_688988251.md b/knowledgebase/csd-wiki/ICSD/FIX-aviator-capability-on-BO-UI_688988251.md new file mode 100644 index 00000000..0232abcf --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/FIX-aviator-capability-on-BO-UI_688988251.md @@ -0,0 +1,37 @@ +# FIX-aviator-capability-on-BO-UI_688988251 +## Introduction + +When the deploy status of Aviator capability is not done, the enable requset has been sent, it will cause the BO UI is not correct display. It is all OK except the BO UI. We will prevent the issue in our code in Release 24.4. + +This document explains how to correct the data in this issue tenant. + +![](attachments/688988251/688988250.png) + +### Steps + +1. Login in the issue tenant with the tenant admin, switch to https:///sap/rest-client?TENANTID=804874389 +2. Send the **GET** request with URL **common-settings/setting/OT\_AI\_CONFIG.** +3. You will get the result as bellow: + { + "OT\_AI\_CONFIG": "{\\"llmEndpoint\\":\\"[....\\",\\"tenantId\\":\\"XXXXXXX\\"}"](https://1zwpwwuoe7.execute-api.eu-central-1.amazonaws.com/eu30-prod/%22,/%22llmApikey/%22:/%22tenant_int_804874389_llm_api_gateway_apikey_secret_key/%22,/%22cognitoEndPoint/%22:/%22https://eu30-aviator.auth.eu-central-1.amazoncognito.com/oauth2/token/%22,/%22cognitoClientId/%22:/%227pdkdfvp7ho40g3circmraju3o/%22,/%22cognitoClientSecret/%22:/%22tenant_int_804874389_llm_cognito_client_secret_key/%22,/%22tenantId/%22:/%222daf7c41ee5c497db7bedeed6d5e0b25/%22%7D%22 "https://1zwpwwuoe7.execute-api.eu-central-1.amazonaws.com/eu30-prod/%22,/%22llmapikey/%22:/%22tenant_int_804874389_llm_api_gateway_apikey_secret_key/%22,/%22cognitoendpoint/%22:/%22https://eu30-aviator.auth.eu-central-1.amazoncognito.com/oauth2/token/%22,/%22cognitoclientid/%22:/%227pdkdfvp7ho40g3circmraju3o/%22,/%22cognitoclientsecret/%22:/%22tenant_int_804874389_llm_cognito_client_secret_key/%22,/%22tenantid/%22:/%222daf7c41ee5c497db7bedeed6d5e0b25/%22%7d%22") + } + The tenantId will be used in the steps 7. +4. Go to the SMAX bastion server, then execute the command to login in the itom-bo-ats-deployment-xxx-xxx + +kubectl exec -it itom-bo-ats-deployment-xxxxxx -c itom-bo-ats -n bash + +1. 1. Get the dba password by "get\_secret itom\_itsma\_dba\_password\_secret\_key" + 2. Login in to the pg in bo-ats db with psql. + 3. execute the sql as bellow: + 1. Get 1 record with no **llmTenantId** in **properties** and **status=0**: **SELECT \* FROM "bo\_db\_user".tenant\_capability WHERE tenant\_id = AND type = 6;** + 2. Update the LLM capability status to DONE: **UPDATE "bo\_db\_user".tenant\_capability SET status = 2 WHERE tenant\_id = AND type = 6;** + 3. Update set the LLM capability tenant id: **UPDATE "bo\_db\_user".tenant\_capability SET properties = jsonb\_set(properties, '{llmTenantId}', '""') WHERE tenant\_id = AND type = 6;** + 4. Double check the **llmTenantId** in **properties** and **status=2**: **SELECT \* FROM "bo\_db\_user".tenant\_capability WHERE tenant\_id = AND type = 6;** + +#### Check in the BO UI + +Login to the BO UI with suite-admin, you can see the data is back to normal. + +## Attachments: + +[image2024-7-16\_16-21-2.png](attachments/688988251/688988250.png) (image/png) diff --git a/knowledgebase/csd-wiki/ICSD/FQDN-Naming-Convention_688988212.md b/knowledgebase/csd-wiki/ICSD/FQDN-Naming-Convention_688988212.md new file mode 100644 index 00000000..f142b6d7 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/FQDN-Naming-Convention_688988212.md @@ -0,0 +1,54 @@ +# FQDN-Naming-Convention_688988212 +## New naming rule for OpenText Domains + +## ESM SaaS Farm: + +Service Management + +https://.[esm.saas.opentext.com](http://esm.saas.opentext.com/) + +e.g.: **eu32**.[esm.saas.opentext.com](http://esm.saas.opentext.com/) + +UCMDB: + +https://ucmdb..esm.saas.opentext.com + +OO: + +https://oo..[esm.saas.opentext.com](http://esm.saas.opentext.com/) + +INT (Integration/Internal): + +https://int..esm.saas.opentext.com + +Audit: + +https://audit..esm.saas.opentext.com + +## hMF naming rule + +## ESM SaaS Farm: + +SMAX: + +https://- [smax.saas.microfocus.com](http://smax.saas.microfocus.com/) + +CMS: + +https://cms.- [smax.saas.microfocus.com](http://smax.saas.microfocus.com/) + +OO: + +https://oo.- [smax.saas.microfocus.com](http://smax.saas.microfocus.com/) + +Audit: + +https://audit.- [smax.saas.microfocus.com](http://smax.saas.microfocus.com/) + +## DCA Instance + +https://.[saas.microfocus.com](http://saas.microfocus.com/) + +DCA Alias: -- + +For example: [https://us6-prod-dca.saas.microfocus.com](https://us6-prod-dca.saas.microfocus.com/) diff --git a/knowledgebase/csd-wiki/ICSD/Failed-to-load-data-when-you-select-offerings_688988239.md b/knowledgebase/csd-wiki/ICSD/Failed-to-load-data-when-you-select-offerings_688988239.md new file mode 100644 index 00000000..11c4928b --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/Failed-to-load-data-when-you-select-offerings_688988239.md @@ -0,0 +1,32 @@ +# Failed-to-load-data-when-you-select-offerings_688988239 +## Problem + +[OCTCR19M1740103](https://kmviewer.saas.microfocus.com/#/OCTCR19M1740103 " ") + +If you've created more than 2,000 service definitions and there's no offering defined under most of them, when you click the Offering button in the Request or Live Support page, the data load fails. + +## Cause + +This error occurs because when there are too many service definitions with no associated offering, the system performance will be impacted. + +## Solution + +To improve the system performance, you may exclude such service definitions from content filtering. + +For example, if there are many service definitions with the "Application" subtype, and there is no offering defined under them, you may follow below steps to exclude these service definitions from content filtering. + +1. In Postman, send a `POST` request with the following settings: + **URL**: `https://:/auth/authentication-endpoint/authenticate/token?TENANTID=` + Select format as **JSON** and add the user name and password under the **Body** tab. + Here is an example: + `{"login":"demoUser@dummy.com","password":"Password1"}` + **Note:** Be sure to use the user name of tenant admin in the **Body**. +2. Click **Send**, you will find that your request now received the authentication token under the **response** body. +3. Next, send a `PUT` request in Postman with the following settings: + **URL**: `https://:/rest//common-settings/setting/SERVICE_DEFINITION_TYPES_WITH_OFFERING` + Headers: + Add a Cookie header and set the value as `**SMAX_AUTH_TOKEN=%token%**` + Be sure to replace ` **%token%**` with the authentication token you received in step 2. + Add a Content-Type header and set the value as `**application/json**`. +4. Body:`**{"value": "BusinessService,InfrastructureService"}   //"Application" is excluded**` +5. Click **Send**. diff --git a/knowledgebase/csd-wiki/ICSD/Fix-problematic-indexes-of-long_text_xxxxxxxxx-to-avoid-the-performance-issue-when-adding-request-comments_688988255.md b/knowledgebase/csd-wiki/ICSD/Fix-problematic-indexes-of-long_text_xxxxxxxxx-to-avoid-the-performance-issue-when-adding-request-comments_688988255.md new file mode 100644 index 00000000..46c91903 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/Fix-problematic-indexes-of-long_text_xxxxxxxxx-to-avoid-the-performance-issue-when-adding-request-comments_688988255.md @@ -0,0 +1,51 @@ +# Fix-problematic-indexes-of-long_text_xxxxxxxxx-to-avoid-the-performance-issue-when-adding-request-comments_688988255 +## Problem + +Adding request comments takes 10~40 seconds with millions of records. Can also cause high database load and/or high database CPU. + +## Cause + +This issue may be caused by incorrect indexes. This topic gives steps to fix this type of indexes. + +## Solution + +Follow these steps to remove the fix the index: + +1. Navigate to database xservices\_ems, set search\_path to the right schema. +2. Check if there are indexes that are built on fields (entity\_id, field\_id), but have no benefit on the SQL query mentioned here as it has is\_deleted=false in the index WHERE condition. If the results are empty, then you can ignore the next steps. + ``` + select indexname, indexdef from pg_indexes where tablename ~ 'long_text_\d{9}' and indexdef like '%UNIQUE%USING btree (entity_id, field_id)%is_deleted = false%' and schemaname = 'maas_admin'; + ``` +3. Check the indexes before the operation. + ``` + select indexdef from pg_indexes where tablename ~ 'long_text_\d{9}' and indexdef like '%UNIQUE%' and schemaname = 'maas_admin'; + ``` +4. Rename the index with is\_deleted=false. + ``` + select 'ALTER INDEX '||indexname||' RENAME TO '||indexname||'0;' from pg_indexes where tablename ~ 'long_text_\d{9}' and indexdef like '%UNIQUE%' AND indexdef like '%USING btree (entity_id, field_id)%' and indexdef like '%is_deleted = false%' and schemaname = 'maas_admin'; + ``` + Run the generated "Alter index" commands. +5. Rename the index with the wrong name but correct indexdef to the right name. + ``` + select 'ALTER INDEX '||indexname||' RENAME TO '||tablename||'_entity_id_field_id_idx;' FROM pg_indexes where tablename ~ 'long_text_\d{9}' and indexdef like '%UNIQUE%' AND indexdef like '%USING btree (entity_id, field_id)' AND indexname !~ '^long_text_\d{9}_entity_id_field_id_idx$' and tablename ~ 'long_text_\d{9}'; + ``` + Run the generated "Alter index" commands. +6. Build the CREATE UNIQUE INDEX sql. + ``` + select 'CREATE UNIQUE INDEX IF NOT EXISTS '||tablename||'_entity_id_field_id_idx'||' on '||tablename||' USING btree (entity_id, field_id);' from pg_indexes where tablename ~ 'long_text_\d{9}' and indexdef like '%UNIQUE%' AND indexdef like '%USING btree (entity_id, field_id)%' and indexdef like '%is_deleted = false%' and schemaname = 'maas_admin'; + ``` + Run the generated "CREATE UNIQUE INDEX" commands. +7. DROP the index with the wrong name. + ``` + select 'DROP INDEX '||indexname||';' from pg_indexes where tablename ~ 'long_text_\d{9}' and indexname !~ '^long_text_\d{9}_entity_id_field_id_idx$' and indexdef like '%UNIQUE%' AND indexdef like '%USING btree (entity_id, field_id)%' and schemaname = 'maas_admin'; + ``` + Run the generated "DROP INDEX" commands. +8. Check the index. + ``` + select indexdef from pg_indexes where tablename ~ 'long_text_\d{9}' and indexdef like '%UNIQUE%' and schemaname = 'maas_admin'; + ``` +9. Analyze the table. + ``` + select 'ANALYZE '||tablename||';' from pg_indexes where tablename ~ 'long_text_\d{9}' and indexdef like '%UNIQUE%' and schemaname = 'maas_admin'; + Run the generated "ANALYZE" commands. + ``` diff --git a/knowledgebase/csd-wiki/ICSD/Full-process-of-deploying-licenses_688988271.md b/knowledgebase/csd-wiki/ICSD/Full-process-of-deploying-licenses_688988271.md new file mode 100644 index 00000000..28c739df --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/Full-process-of-deploying-licenses_688988271.md @@ -0,0 +1,42 @@ +# Full-process-of-deploying-licenses_688988271 +## Introduction + +To make it easier to understand the entire process of licenses deployment. This paper is divided into three parts, starting with a section on the correlation between CSM and ops, followed by a section on CS ops and ops, and concluding with a section on ops. + +### 1.On what ops has done for the CSM team + +1. **When to alert the CSM team** + We need to monitor the power bi reports to check the expiration of licenses for the three products, and if there are any customers that are about to expire within a month, we need to write an email to the CSM team to alert them that the customer's licenses are about to expire. + **The power-bi link** : [https://app.powerbi.com/groups/fac06a69-6340-4715-b8fe-4bdc0ca9af14/reports/cf509ffe-325f-4c1b-a507-44b93e6d85ca/ReportSection83e2db59c3f5174e72d9?experience=power-bi](https://app.powerbi.com/groups/fac06a69-6340-4715-b8fe-4bdc0ca9af14/reports/cf509ffe-325f-4c1b-a507-44b93e6d85ca/ReportSection83e2db59c3f5174e72d9?experience=power-bi) +2. **Remind the CSM team which one** + Regarding this question, we can go to PCS, there is an Entitlement under the plan list, you can select company, and then there will be a CSM team of students responsible for it. Send a email to CSM team member better to copy [MFI-saascsmops@opentext.com](mailto:MFI-saascsmops@opentext.com), Bill and Dean(PM). + **The PCS link**:[https://us2-smax.saas.microfocus.com/saw/custom/Entitlement\_c?TENANTID=488503157](https://us2-smax.saas.microfocus.com/saw/custom/Entitlement_c?TENANTID=488503157) + +### 2.CS ops and ops need to do the work + +1. **What CS Ops need to do** + Based on the customer's order, the CS ops will create the ticket on the UT platform and then need to inform the ops students about the details of how many licenses need to be adjusted, which need to be updated in the tacking list + **Tracking List Link**: [https://opentextcorporation.sharepoint.com/:x:/r/sites/MFI-SMAXSaaSDevOps/\_layouts/15/Doc.aspx?sourcedoc=%7B79ECCEBF-3BBE-4D33-A01D-0DC166DD6F51%7D&file=ESM%20SaaS%20Order%20Fulfillment%20Tracking%20List.xlsx&action=default&mobileredirect=true&DefaultItemOpen=1](https://opentextcorporation.sharepoint.com/:x:/r/sites/MFI-SMAXSaaSDevOps/_layouts/15/Doc.aspx?sourcedoc=%7B79ECCEBF-3BBE-4D33-A01D-0DC166DD6F51%7D&file=ESM%20SaaS%20Order%20Fulfillment%20Tracking%20List.xlsx&action=default&mobileredirect=true&DefaultItemOpen=1) +2. **What Ops needs to do** + +Ops students need to be clear about the customer's order requirements, first of all, whether it is a regular customer or flex order customers, regular customers in accordance with the description of the ticket, add licenses, if the old licenses expired need to revoke off, otherwise it will affect the accuracy of the bi report. If it is a flex customer, you need to confirm with CS ops students whether it is part of the type of licenses replacement or part of the increase in licenses. +**UT Link** : [https://ut.ct-us2.saas.microfocus.com/sm/index.do](https://ut.ct-us2.saas.microfocus.com/sm/index.do) + +### 3.Work on the OPS side + +1. Download the licenses file inside the ticket,and upload the file to share point to record it. + **Share point Link** : [https://opentextcorporation.sharepoint.com/sites/MFI-SMAXSaaSDevOps/Shared%20Documents/Forms/AllItems.aspx?isAscending=false&id=%2Fsites%2FMFI%2DSMAXSaaSDevOps%2FShared%20Documents%2F2%2DESM%20SaaS%20Customer%2FLicense&sortField=Modified&viewid=250c668f%2D9c3b%2D4ad9%2Db164%2D3d6ac18e50c3](https://opentextcorporation.sharepoint.com/sites/MFI-SMAXSaaSDevOps/Shared%20Documents/Forms/AllItems.aspx?isAscending=false&id=%2Fsites%2FMFI%2DSMAXSaaSDevOps%2FShared%20Documents%2F2%2DESM%20SaaS%20Customer%2FLicense&sortField=Modified&viewid=250c668f%2D9c3b%2D4ad9%2Db164%2D3d6ac18e50c3) + ![](attachments/688988271/688988263.png) + ![](attachments/688988271/688988264.png) +2. when you start deploy the licenses to customer, **Screenshot of image before modification** and save it, Capture the modified image and save it **after the modification is complete** and upload them to the attachment. + ![](attachments/688988271/688988265.png) +3. Finally reconfirm with the CS ops by clicking **need more info** on ticket, Close the ticket after cs ops confirming that there are no errors. + ![](attachments/688988271/688988270.png) + +##### Note: + +For information on how to deploy licenses to customers see this link: [Apply license to ESM Products](/pages/createpage.action?spaceKey=ICSD&title=Apply+license+to+ESM+Products&linkCreation=true&fromPageId=688988271) + +For licenses generate detail & policy you can check out this link: [ESM license generation detail](ESM-license-generation-detail_686070325.html) + +For how to remove ucmdb licenses you can check this link: [How to remove specific license key for SaaS UCMDB](How-to-remove-specific-license-key-for-SaaS-UCMDB_688996303.html) (After 24.4.1 version) diff --git a/knowledgebase/csd-wiki/ICSD/GCP-FinOps-flow---increase-backlog-quota-size_706806534.md b/knowledgebase/csd-wiki/ICSD/GCP-FinOps-flow---increase-backlog-quota-size_706806534.md new file mode 100644 index 00000000..b6af2429 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/GCP-FinOps-flow---increase-backlog-quota-size_706806534.md @@ -0,0 +1,59 @@ +# GCP-FinOps-flow---increase-backlog-quota-size_706806534 +## This document provides instructions on how to increase backlog quota size in Vertica. + +1. Follow below steps to get IDM token + +curl -X POST https://:/idm-service/v3.0/tokens -d @/tmp/idm.json -k -H "Content-type: Application/json" + +idm.json + +{ + +"passwordCredentials": { + +"username": "diadmin", + +"password": "1ISO\*help" + +}, + +"tenantName": "181783837" + +} + +2\. Run below command to increase backlog quota to 100Mb. + +Note: cloud\_google\_cm\_billing\_raw\_flowControl is the dataset id used for GCP finops flow. + +curl -X POST https://:/itom-data-ingestion-administration/urest/v3/dataSetFlowControl -d @/tmp/d.json -k -H "Content-type: Application/json" -H "X-Auth-Token:" + +d.json + +{ + +"id": "cloud\_google\_cm\_billing\_raw\_flowControl", + +"configurationId": "cloud\_google\_cm\_billing\_raw", + +"type":"dataSetConfiguration", + +"backlogQuotaInMB": 100 + +} + +**Related pages** + +- Page: + [ESM Cloud Farm Version Tracking](/display/ICSD/ESM+Cloud+Farm+Version+Tracking) +- Page: + [How to get an Opentext Confluence account](/display/ICSD/How+to+get+an+Opentext+Confluence+account) +- Page: + [ITOM APM AppPluse Cloud Farm Information](/display/ICSD/ITOM+APM+AppPluse+Cloud+Farm+Information) +- Page: + [ITOM Cloud Service Ops Doc Management Process](/display/ICSD/ITOM+Cloud+Service+Ops+Doc+Management+Process) +- Page: + [ITOM ESM Cloud Service Catalog](/display/ICSD/ITOM+ESM+Cloud+Service+Catalog) +- Page: + [ITOM OpsB NOM Cloud Service Catalog](/display/ICSD/ITOM+OpsB+NOM+Cloud+Service+Catalog) +- Page: + [OpsB and NOM Cloud Deployments Version Tracking](/display/ICSD/OpsB+and+NOM+Cloud+Deployments+Version+Tracking) diff --git a/knowledgebase/csd-wiki/ICSD/GCP_686070215.md b/knowledgebase/csd-wiki/ICSD/GCP_686070215.md new file mode 100644 index 00000000..5959f54c --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/GCP_686070215.md @@ -0,0 +1,2 @@ +# GCP_686070215 +Created by on Jan 20, 2025 EST diff --git a/knowledgebase/csd-wiki/ICSD/Generic-Solutions-and-Practices_686083900.md b/knowledgebase/csd-wiki/ICSD/Generic-Solutions-and-Practices_686083900.md new file mode 100644 index 00000000..3d56b7a8 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/Generic-Solutions-and-Practices_686083900.md @@ -0,0 +1,6 @@ +# Generic-Solutions-and-Practices_686083900 +Created by on Jan 23, 2025 EST + +## Introduction + +This is to conclude all the solutions and practices used in ITOM SaaS and prepare the related docs based on them. One of the major purpose is to leverage to other deployments within ITOM and even other BUs. diff --git a/knowledgebase/csd-wiki/ICSD/Guide-for-index-external-websites-into-Aviator-with-IDOL-web-connector_686073963.md b/knowledgebase/csd-wiki/ICSD/Guide-for-index-external-websites-into-Aviator-with-IDOL-web-connector_686073963.md new file mode 100644 index 00000000..94f61c14 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/Guide-for-index-external-websites-into-Aviator-with-IDOL-web-connector_686073963.md @@ -0,0 +1,123 @@ +# Guide-for-index-external-websites-into-Aviator-with-IDOL-web-connector_686073963 +Created by on Jan 21, 2025 EST + +## 1 - Enable Virtual Agent with Aviator mode(SMAX) + +### Prerequisite + +- Deploy ITOM Aviator capability for the SMAX tenant. + +![](attachments/686073963/686073943.png) + +You can deploy the ITOM Aviator manually following the [Aviator Deploy ITOM Aviator on AWS | OpenText Documentation (microfocus.com)](https://staging.docs.microfocus.com/itom/ITOM_Aviator:Main/AISOnAWSAviator), + +Or use the “ [Provision add-on capabilities to an existing tenant](https://rndwiki.houston.softwaregrp.net/confluence/display/ICS/ESM+Tenant+Provisioning+Automation) ” service offering from X4X. + +### Settings + +- Enable Aviator Mode in Virtual Agent Settings + +![](attachments/686073963/686073945.png) + +- Enable smart virtual agent in Application Settings + +![](attachments/686073963/686073948.png) + +## 2 – Install a OPB Agent (External Server) + +### OPB installation + +- Please follow the [instructions](https://docs.microfocus.com/doc/SMAX/2021.02/OnPremiseBridge) for more information + +### Endpoint Settings + +- Create a new folder on the OPB Agent Server, for example, “C:\\External\_Doc” +- Create a new OPB endpoint for the SMAX tenant ![](attachments/686073963/686073950.png) + +## 4 - Download & Install IDOL web connector and CFS(External server) + +### Download Link + +- [Windows](https://opentextcorporation.sharepoint.com/:u:/s/MFI-OMEGA/EYPHDjM26CpPo7dBgdnNyqcBLcFhidMLTPAuMOrvNWulnA?e=T4nNMM) +- [Linux](https://opentextcorporation.sharepoint.com/:u:/s/MFI-OMEGA/EQ4d4kho3RJMlySWs7HWRXsBxrBBukU7i6vssMgbmqjtaw?e=RuS7iD) + +### Install IDOL web connector and CFS + +- Follow the default options to install the web connector and CFS. Skip to perform advanced connector configuration.![](attachments/686073963/686073952.png) + +## 5 - Download Lua Script package and deploy(External server) + +### Download lua script: Link + +### Copy below scripts into web connector installation folder + +- > insertSourceField.lua + +### Copy below scripts into CFS installation folder + +- > addDoc.lua +- > deleteDoc.lua +- > util.lua + +## 6 - Configure IDOL web connector and CFS + +### Configure license + +- Download OEM [Link](https://opentextcorporation.sharepoint.com/:u:/s/MFI-OMEGA/ERxTpA3HxlhIoHZSIlUFNHIBGAI2NQwdX_Oo0oxYUL_yiQ?e=cb0YzE) +- Copy 2 files into both web connector and CFS installation folders. + +### Configure web connector and CFS + +- Download configuration example file [ESM Help](https://opentextcorporation.sharepoint.com/:u:/s/MFI-OMEGA/ER6_eD_P92RJk7yqPwGWVZMBhlSwIkIADvKb7IhPRdGsTA?e=gOdwBc) +- Edit webconnector.cfg (**you can modified Line 52, 54 and 95 to define the index content**) +- - > **Line 52**: SitemapUrl= [https://docs.microfocus.com/sitemap.xml](https://docs.microfocus.com/sitemap.xml) **(SitemapUrl is the main entry point for spiders to start working)** + - > **Line 54**: SpiderUrlMustHaveRegex=.\* [docs.microfocus.com/doc/ESM/SaaS/.\*](http://docs.microfocus.com/doc/ESM/SaaS/.*) **(This option restricts content to a specific path )** + - > **Line 95**: ClipPageUsingCssSelect=app-content.contentcomponent ***(This option restricts content to be contained within an app-content element with the contentcomponent class name)*** + - > **Line 117**: ProxyHost= + - > **Line 118**: ProxyPort= + - > **Line 128**: KMSourceIdentityName=ESMDOC +- Edit OpenText-CFS.cfg + - > **Line 70**: //Post0=IdxWriter:./hrdoc.idx + - > **Line 71**: Post0=Lua:C:\\OpenText\\webconnector-24.1.0\\cfs\\addDoc.lua + +### Steps to apply configuration file + +- Copy content webconnector.cfg to webconnector.cfg(Web connector installation folder) +- Copy config.ini(CFS installation folder) +- Copy content of OpenText-CFS.cfg to OpenText-CFS.cfg(CFS installation folder) + +### Startup CFS and Web connector from the service + +- ![](attachments/686073963/686073956.png) +- ![](attachments/686073963/686073957.png) + +### Validate it works + +- Check web connector synchronize.log(Web connector is working) +- Check the folder configured in config.ini(CFS is working) + +## 7 - Configure OPB Agent and trigger index job(SMAX/External server) + +### Trigger index job SMAX Agent portal + +- Manually + +https:///rest/ess/tests/syncNow (**Open this link on the same browser on which already logged in SMAX**) + +- Automatically every 30 minutes + +**Related pages** + +**Content by label** + +There is no content with the specified labels + +## Attachments: + +[image2024-3-8\_16-34-41.png](attachments/686073963/686073943.png) (image/png) +[image2024-3-8\_16-38-56.png](attachments/686073963/686073945.png) (image/png) +[image2024-3-8\_16-35-38.png](attachments/686073963/686073948.png) (image/png) +[image2024-3-8\_16-39-26.png](attachments/686073963/686073950.png) (image/png) +[image2024-3-8\_16-40-48.png](attachments/686073963/686073952.png) (image/png) +[image2024-3-8\_16-44-40.png](attachments/686073963/686073956.png) (image/png) +[image2024-3-8\_16-44-56.png](attachments/686073963/686073957.png) (image/png) diff --git a/knowledgebase/csd-wiki/ICSD/HCMX-APM-Monitoring-Business-Flow_686073715.md b/knowledgebase/csd-wiki/ICSD/HCMX-APM-Monitoring-Business-Flow_686073715.md new file mode 100644 index 00000000..01a0d83e --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/HCMX-APM-Monitoring-Business-Flow_686073715.md @@ -0,0 +1,10 @@ +# HCMX-APM-Monitoring-Business-Flow_686073715 +Created by on Jan 21, 2025 EST + +## Introduction + +**Related pages** + +**Content by label** + +There is no content with the specified labels diff --git a/knowledgebase/csd-wiki/ICSD/How-to-Create-Shared-Service-Agent-User_693607221.md b/knowledgebase/csd-wiki/ICSD/How-to-Create-Shared-Service-Agent-User_693607221.md new file mode 100644 index 00000000..15ecc39e --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/How-to-Create-Shared-Service-Agent-User_693607221.md @@ -0,0 +1,30 @@ +# How-to-Create-Shared-Service-Agent-User_693607221 +## Introduction + +1. Create Shared Service Agent User from provider tenant + when create user, select **shared service agent** icon and fill other selections from PCS tickets (customer provided) + ![](attachments/693607221/693607215.png) +2. ![](attachments/693607221/693607217.png) + +**Related pages** + +- Page: + [ESM Cloud Farm Version Tracking](/display/ICSD/ESM+Cloud+Farm+Version+Tracking) +- Page: + [How to get an Opentext Confluence account](/display/ICSD/How+to+get+an+Opentext+Confluence+account) +- Page: + [ITOM APM AppPluse Cloud Farm Information](/display/ICSD/ITOM+APM+AppPluse+Cloud+Farm+Information) +- Page: + [ITOM Cloud Service Ops Doc Management Process](/display/ICSD/ITOM+Cloud+Service+Ops+Doc+Management+Process) +- Page: + [ITOM ESM Cloud Service Catalog](/display/ICSD/ITOM+ESM+Cloud+Service+Catalog) +- Page: + [ITOM OpsB NOM Cloud Service Catalog](/display/ICSD/ITOM+OpsB+NOM+Cloud+Service+Catalog) +- Page: + [OpsB and NOM Cloud Deployments Version Tracking](/display/ICSD/OpsB+and+NOM+Cloud+Deployments+Version+Tracking) + +## Attachments: + +[image-2025-3-18\_9-54-9.png](attachments/693607221/693607215.png) (image/png) +[image-2025-3-18\_9-56-44.png](attachments/693607221/693607217.png) (image/png) +[image-2025-3-18\_9-57-39.png](attachments/693607221/693607219.png) (image/png) diff --git a/knowledgebase/csd-wiki/ICSD/How-to-Enable-Enhanced-CI-LIfecycle_688988308.md b/knowledgebase/csd-wiki/ICSD/How-to-Enable-Enhanced-CI-LIfecycle_688988308.md new file mode 100644 index 00000000..904ffaf2 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/How-to-Enable-Enhanced-CI-LIfecycle_688988308.md @@ -0,0 +1,49 @@ +# How-to-Enable-Enhanced-CI-LIfecycle_688988308 +### 1\. Enable the Enhanced CI Lifecycle mode from JMX Console + +- On UCMDB server, go to **JMX Console > UCMDB:service=Settings Services > setSettingValue** +- **customerID**: Enter your Customer ID +- In the **name** field, enter **[enable.enhanced.ci](http://enable.enhanced.ci/).lifecycle** +- In the **value** field, enter **true.** +- Click **Invoke.** + +After you enable the Enhanced CI Lifecycle mode, you also have to enable the CI aging. + +### 2\. Enabling aging + +First please check if the aging is already enabled by following the next steps: + +- On UCMDB server, go to **JMX Console > UCMDB:service=Settings Services > showSettingsByCategory.** +- **customerID**: Enter your Customer ID +- **category**: leave it empty +- check the **value** of setting: **[model.aging.is](http://model.aging.is/).aging.enabled** + +If aging is already enabled, then you can skip this step and go directly to step 3. + +Otherwise, please proceed with enabling aging, either from Local Client: + +- Log into Local Client with the specific customer +- Access the Aging Status tab on the CI Lifecycle page (**Managers** **\> Administration > CI Lifecycle**). Select the **Enable Aging** check box. + +Or from jmx-console: + +- On UCMDB server, go to **JMX Console > UCMDB:service=Settings Services > setSettingValue** +- **customerID**: Enter your Customer ID +- In the **name** field, enter **[model.aging.is](http://model.aging.is/).aging.enabled** +- In the **value** field, enter **true.** +- Click **Invoke.** + +Restart the customer for the changed setting to take effect. Start/Stop customer should be enough, without having to restart the entire server. + +> **Please be aware that enabling aging might trigger data deletion!** +> +> **If you use the option to enable it from Local Client, it should show a summary of the no of CIs to be deleted (in case the number of CIs to be deleted is greater than 10,000, a confirmation message is displayed)** + +### 3\. Calculate CILifecycleState attribute for the existing CIs: + +Once Enhanced CI Lifecycle is enabled, you need to manually calculate the value of the **CI Lifecycle State** attribute for all the existing CIs by invoking the **calculateCILifecycleStateAttribute** from jmx: + +- On UCMDB server, go to **JMX Console > UCMDB:service=Model Services > calculateCILifecycleStateAttribute** +- **customerID**: Enter your Customer ID +- In the **className** field, leave it empty +- Click **Invoke.** diff --git a/knowledgebase/csd-wiki/ICSD/How-to-apply-ILR-license-for-OP_691159135.md b/knowledgebase/csd-wiki/ICSD/How-to-apply-ILR-license-for-OP_691159135.md new file mode 100644 index 00000000..0dc56365 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/How-to-apply-ILR-license-for-OP_691159135.md @@ -0,0 +1,19 @@ +# How-to-apply-ILR-license-for-OP_691159135 +## Introduction + +**Related pages** + +- Page: + [ESM Cloud Farm Version Tracking](/display/ICSD/ESM+Cloud+Farm+Version+Tracking) +- Page: + [How to get an Opentext Confluence account](/display/ICSD/How+to+get+an+Opentext+Confluence+account) +- Page: + [ITOM APM AppPluse Cloud Farm Information](/display/ICSD/ITOM+APM+AppPluse+Cloud+Farm+Information) +- Page: + [ITOM Cloud Service Ops Doc Management Process](/display/ICSD/ITOM+Cloud+Service+Ops+Doc+Management+Process) +- Page: + [ITOM ESM Cloud Service Catalog](/display/ICSD/ITOM+ESM+Cloud+Service+Catalog) +- Page: + [ITOM OpsB NOM Cloud Service Catalog](/display/ICSD/ITOM+OpsB+NOM+Cloud+Service+Catalog) +- Page: + [OpsB and NOM Cloud Deployments Version Tracking](/display/ICSD/OpsB+and+NOM+Cloud+Deployments+Version+Tracking) diff --git a/knowledgebase/csd-wiki/ICSD/How-to-automatically-collect-SLT-logs-for-troubleshooting_688988287.md b/knowledgebase/csd-wiki/ICSD/How-to-automatically-collect-SLT-logs-for-troubleshooting_688988287.md new file mode 100644 index 00000000..69eede14 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/How-to-automatically-collect-SLT-logs-for-troubleshooting_688988287.md @@ -0,0 +1,33 @@ +# How-to-automatically-collect-SLT-logs-for-troubleshooting_688988287 +## Problem + +When running into an SLT issue, customers may not be able to consistently reproduce it, and by the time it reoccurs, relevant information has been rolled back. Therefore, troubleshooting becomes difficult. These steps can be used to collect data and logs when the issue occurs. + +## Solution + +1\. Run the following command to enable the tenant setting: +./set\_tenant\_settings.sh -T -A enable -S ESS\_BACKUP\_FLAG8 + +2\. Create a temporary log path /tmp/slt in the NFS path. + +3\. In backup\_log.sh, change the SOURCE\_FOLDER parameter to the current offline pod NFS log path. +For example: /mnt/nfs/var/vols/itom/itsma/global-volume/logs/xservices/platform/itom-xruntime-platform-offline-7b76665769-gvlz2-2024-02-08/maas + +4\. Create an out.txt file in the same directory as backup\_log.sh. Then, execute the script with the following command: +nohup sh backup\_log.sh>out.txt &. + +5\. If the offline pod is restarted during step 4, repeat step 3 and 4. + +6\. The issue should be reproduced within one month. + +7\. Execute the following commands to stop backup\_log.sh. +Find process: ps -ef | grep 'sh backup\_log.sh' +Kill process: kill -9 + +8\. Run the following command to disable the tenant setting: +./set\_tenant\_settings.sh -T -A disable -S ESS\_BACKUP\_FLAG8 + +9\. Collect logs in the log path created in step 2. + +10\. Run the following command to collect all SLT transaction\_context data: +COPY (SELECT transaction\_id, correlation\_id, locking\_time, merged\_entity, relation, transaction\_type, operation, transaction\_data, transaction\_timestamp, flag0, flag1, flag3, flag4 FROM transaction\_context\_ WHERE flag0 & 1 = 1) TO '' CSV HEADER; diff --git a/knowledgebase/csd-wiki/ICSD/How-to-change-Native-SACM-Notification-Throttling_686074009.md b/knowledgebase/csd-wiki/ICSD/How-to-change-Native-SACM-Notification-Throttling_686074009.md new file mode 100644 index 00000000..a12d8c9b --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/How-to-change-Native-SACM-Notification-Throttling_686074009.md @@ -0,0 +1,32 @@ +# How-to-change-Native-SACM-Notification-Throttling_686074009 +## Introduction + +Starting from 2022.11 release, there is a throttling setting built in SMAX. It’s in the CMS notification processor to controls the number of notifications (from CMS gateway) to handle per minute. It’s a farm level setting. + +Please notice, customer may feel the delay of CI sync if the throttling value is set too small. It’s not recommended to share this information with customer, which may cause unexpected issue. + +## Change the EMS throttling for notifications + +1. Change the parameter of throttling in configmap with command below: + ``` + kubectl edit cm itom-xruntime-infra-config -n + ``` + ![](attachments/686074009/686074005.png) + + Change the default values to the following: + + CMSX\_NOTIFICATION\_EMS\_THROTTLING\_ENABLED: " **true** " + CMSX\_NOTIFICATION\_EMS\_THROTTLING\_THRESHOLD\_PER\_MIN: " **500** " + + If it works fine, we can change to a bigger value. +2. Restart the platform-offline pod. + + After restarted offline pod, you can find the throttling logs in maas\_native\_federation.log + + Log format: "request the {}/{} permit with key {}" "permit is out with key {}, wait next time window to continue..." + +Please be aware that the throttling will impact the whole farm. + +## Attachments: + +[image-2025-1-21\_14-26-48.png](attachments/686074009/686074005.png) (image/png) diff --git a/knowledgebase/csd-wiki/ICSD/How-to-change-the-vertica-server-instance-type_686065564.md b/knowledgebase/csd-wiki/ICSD/How-to-change-the-vertica-server-instance-type_686065564.md new file mode 100644 index 00000000..e0a66ec3 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/How-to-change-the-vertica-server-instance-type_686065564.md @@ -0,0 +1,90 @@ +# How-to-change-the-vertica-server-instance-type_686065564 +To change the instance type, we need to create another subcluster with the new instance type, change the new subcluster as primary and remove the old subcluster. + +### Before the change window + +#### Contact MFI-ProductSecOps@opentext.com to disable scp + +#### Add another subscluter + +![](attachments/686065564/686065556.png) + +#### tag the instances like below, change the parameters accordingly + +``` +profile='609729173090_Fed_Account_ESM_SaaS_OPS' +name='SMA-Worker' +role='sma' +accountno='609729173090' +uppername='us24-prod-vertica-node-linux' +resource='i-0cc3ffd574d36c2b0' +owner='i-0e722ecadc153ef16' +aws ec2 create-tags --profile $profile --resources $resource --tags Key=Stack,Value=production +aws ec2 create-tags --profile $profile --resources $resource --tags Key=name,Value=$name +aws ec2 create-tags --profile $profile --resources $resource --tags Key=owner,Value=smaxaasops@microfocus.com +aws ec2 create-tags --profile $profile --resources $resource --tags Key=environment,Value=production +aws ec2 create-tags --profile $profile --resources $resource --tags Key=role,Value=$role +aws ec2 create-tags --profile $profile --resources $resource --tags Key=acc-no,Value=$accountno +aws ec2 create-tags --profile $profile --resources $resource --tags Key=bu,Value=itom +aws ec2 create-tags --profile $profile --resources $resource --tags Key=product,Value=esm +aws ec2 create-tags --profile $profile --resources $resource --tags Key=type,Value=trade +aws ec2 create-tags --profile $profile --resources $resource --tags Key=app-id,Value=SMAX +aws ec2 create-tags --profile $profile --resources $resource --tags Key=cust-name,Value=multi-tenant +aws ec2 create-tags --profile $profile --resources $resource --tags 'Key="data label",Value=pii' +aws ec2 create-tags --profile $profile --resources $resource --tags 'Key="Name"',Value=$uppername +aws ec2 create-tags --profile $profile --resources $resource --tags 'Key="Owner"',Value=$owner + +do the same for all the worker nodes +``` + +![](attachments/686065564/686065557.png) + +### During the change window + +#### change the new subcluster to primary cluster: + +``` +https://www.vertica.com/docs/9.3.x/HTML/Content/Authoring/Eon/Subclusters/AlteringSubclusters.htm + +In vertica SQL command line like vsql: + + SELECT DISTINCT subcluster_name, is_primary from subclusters; + SELECT PROMOTE_SUBCLUSTER_TO_PRIMARY('subcluster_a'); + +add the new instances to the NLB + +-- set subcluster_a as default cluster: +ALTER SUBCLUSTER subcluster_a SET DEFAULT; + +Remove the old instances from the NLB +``` + +![](attachments/686065564/686065558.png) + +``` +-- demote the old subcluster +SELECT DEMOTE_SUBCLUSTER_TO_SECONDARY('default_subcluster'); + +-- remove the old subcluster +``` + +![](attachments/686065564/686065559.png) + +![](attachments/686065564/686065560.png) + +#### scale down new cluster from 4 to 3 + +![](attachments/686065564/686065561.png) + +``` +Remove the old instance from the NLB +``` + +## Attachments: + +[image2024-3-20\_17-31-3.png](attachments/686065564/686065556.png) (image/png) +[image2024-3-20\_17-31-43.png](attachments/686065564/686065557.png) (image/png) +[image2024-3-20\_17-33-2.png](attachments/686065564/686065558.png) (image/png) +[image2024-3-20\_17-33-16.png](attachments/686065564/686065559.png) (image/png) +[image2024-3-20\_17-33-24.png](attachments/686065564/686065560.png) (image/png) +[image2024-3-20\_17-33-56.png](attachments/686065564/686065561.png) (image/png) diff --git a/knowledgebase/csd-wiki/ICSD/How-to-check-ESM-Tenant-Product-License-Expiration_686079367.md b/knowledgebase/csd-wiki/ICSD/How-to-check-ESM-Tenant-Product-License-Expiration_686079367.md new file mode 100644 index 00000000..0706c809 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/How-to-check-ESM-Tenant-Product-License-Expiration_686079367.md @@ -0,0 +1,36 @@ +# How-to-check-ESM-Tenant-Product-License-Expiration_686079367 +## Introduction + +This document describes how to check for expiring licenses for different tenants, different products in ESM Farm. + +## Check License Expiration + +If you want to check SMAX, CMS, OO licenses alreday expired or going to be expired with 90 days, you can check this BI report: + +[https://app.powerbi.com/groups/fac06a69-6340-4715-b8fe-4bdc0ca9af14/reports/cf509ffe-325f-4c1b-a507-44b93e6d85ca/ReportSection83e2db59c3f5174e72d9?experience=power-bi](https://app.powerbi.com/groups/fac06a69-6340-4715-b8fe-4bdc0ca9af14/reports/cf509ffe-325f-4c1b-a507-44b93e6d85ca/ReportSection83e2db59c3f5174e72d9?experience=power-bi) + +![](attachments/686079367/686079356.png) + +To drill down look at all tenants curren license duration (start data and end date) you can further check below BI reports: + +**SMAX License Date** + +[https://app.powerbi.com/groups/fac06a69-6340-4715-b8fe-4bdc0ca9af14/reports/cf509ffe-325f-4c1b-a507-44b93e6d85ca/ReportSectionf2d85675c8566ddd38df?experience=power-bi](https://app.powerbi.com/groups/fac06a69-6340-4715-b8fe-4bdc0ca9af14/reports/cf509ffe-325f-4c1b-a507-44b93e6d85ca/ReportSectionf2d85675c8566ddd38df?experience=power-bi) + +![](attachments/686079367/686079358.png) + +**CMS License Date** + +[https://app.powerbi.com/groups/fac06a69-6340-4715-b8fe-4bdc0ca9af14/reports/cf509ffe-325f-4c1b-a507-44b93e6d85ca/ReportSection2c5432140f03e99da520?experience=power-bi](https://app.powerbi.com/groups/fac06a69-6340-4715-b8fe-4bdc0ca9af14/reports/cf509ffe-325f-4c1b-a507-44b93e6d85ca/ReportSection2c5432140f03e99da520?experience=power-bi) + +![](attachments/686079367/686079359.png) + +**OO License Date** + +[https://app.powerbi.com/groups/fac06a69-6340-4715-b8fe-4bdc0ca9af14/reports/cf509ffe-325f-4c1b-a507-44b93e6d85ca/ReportSection19c7fd420a8a0690070e?experience=power-bi](https://app.powerbi.com/groups/fac06a69-6340-4715-b8fe-4bdc0ca9af14/reports/cf509ffe-325f-4c1b-a507-44b93e6d85ca/ReportSection19c7fd420a8a0690070e?experience=power-bi) + +## Attachments: + +[image2023-11-11\_13-19-15.png](attachments/686079367/686079356.png) (image/png) +[image2023-11-11\_13-21-47.png](attachments/686079367/686079358.png) (image/png) +[image2023-11-11\_13-23-5.png](attachments/686079367/686079359.png) (image/png) diff --git a/knowledgebase/csd-wiki/ICSD/How-to-check-native-SACM-notificaiton-queue-in-SaaS_686074669.md b/knowledgebase/csd-wiki/ICSD/How-to-check-native-SACM-notificaiton-queue-in-SaaS_686074669.md new file mode 100644 index 00000000..0082a2c6 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/How-to-check-native-SACM-notificaiton-queue-in-SaaS_686074669.md @@ -0,0 +1,75 @@ +# How-to-check-native-SACM-notificaiton-queue-in-SaaS_686074669 +## Description + +This is a guide to query the CI notification queue depth of native SACM. + +The queue is built in offline platform pod memory, and program prints relevant information in logs. Given that said, we will leverage log analysis, such as OpenSearch, to find required information. Also, the information will be reset, after the offline platform pod restarts. + +A few key metrics since offline platform pod started: + +1. Total incoming notifications +2. Proceeded CI create notifications +3. Dropped CI udpate notifications +4. Proceeded CI update notifications +5. Dropped CI remove notifications +6. Proceeded CI remove notifications + +**Current Q depth = Total incoming notificaitons - Proceeded CI create notifications - Dropped CI update notifications - Proceed CI update notifications - Dropped CI remove notofications - Proceeded CI remove notifications** + +\*: Let's take EU8 as a sample, and we can do the similar check for other farms + +--- + +## Total incoming notifications + +Query key word - "The current batch of notifications:" By default, the first log is the latest log, It will be printed every time a notification is received.(ActualEnqueueSize) + +The total number of notifications received after starting from the offline pod,Abbreviated as A for later use in calculations. Value is 3812985 + +https://eu8-logs.itsma-ng.com/\_plugin/kibana/app/discover#/?\_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now%2Fd,to:now%2Fd))&\_a=(columns:!(\_source),filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:cc7f93d0-59ad-11ec-b5a7-9dc618af91ac,key:service.keyword,negate:!f,params:(query:xService-platform-offline),type:phrase),query:(match\_phrase:(service.keyword:xService-platform-offline)))),index:cc7f93d0-59ad-11ec-b5a7-9dc618af91ac,interval:auto,query:(language:kuery,query:'%22The%20current%20batch%20of%20notifications:%22'),sort:!()) + +![](attachments/686074669/686074635.png) + +## Proceeded CI create notifications + +Query key word - "Start running in ems, global id" AddCount Processed ADD Notification. Abbreviated as B,Value is 12165 + +https://eu8-logs.itsma-ng.com/\_plugin/kibana/app/discover#/?\_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now%2Fd,to:now%2Fd))&\_a=(columns:!(\_source),filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:cc7f93d0-59ad-11ec-b5a7-9dc618af91ac,key:service.keyword,negate:!f,params:(query:xService-platform-offline),type:phrase),query:(match\_phrase:(service.keyword:xService-platform-offline)))),index:cc7f93d0-59ad-11ec-b5a7-9dc618af91ac,interval:auto,query:(language:kuery,query:'%22Start%20running%20in%20ems,%20global%20id%22'),sort:!()) + +![](attachments/686074669/686074636.png) + +## Dropped CI update notifications + +Query key word - "Intercepted UPDATE notification total count:" Intercepted Update Notification Abbreviated as C,Value is 34879 + +https://eu8-logs.itsma-ng.com/\_plugin/kibana/app/discover#/?\_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now%2Fd,to:now%2Fd))&\_a=(columns:!(\_source),filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:cc7f93d0-59ad-11ec-b5a7-9dc618af91ac,key:service.keyword,negate:!f,params:(query:xService-platform-offline),type:phrase),query:(match\_phrase:(service.keyword:xService-platform-offline)))),index:cc7f93d0-59ad-11ec-b5a7-9dc618af91ac,interval:auto,query:(language:kuery,query:'%22Intercepted%20UPDATE%20notification%20total%20count%20:%22'),sort:!()) + +![](attachments/686074669/686074640.png) + +## Proceed CI udpate notifications + +Query key word - "in ems. UpdateCount:" Processed UPDATE Notification Abbreviated as D,Value is 3557709 + +https://eu8-logs.itsma-ng.com/\_plugin/kibana/app/discover#/?\_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now%2Fd,to:now%2Fd))&\_a=(columns:!(\_source),filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:cc7f93d0-59ad-11ec-b5a7-9dc618af91ac,key:service.keyword,negate:!f,params:(query:xService-platform-offline),type:phrase),query:(match\_phrase:(service.keyword:xService-platform-offline)))),index:cc7f93d0-59ad-11ec-b5a7-9dc618af91ac,interval:auto,query:(language:kuery,query:'%22in%20ems.%20UpdateCount%20:%22'),sort:!()) + +![](attachments/686074669/686074645.png) + +## Dropped CI remove notifications + +Query key word - "Intercepted REMOVE notification total count:" Intercepted Remove Notification. Abbreviated as E, Value is 6661 + +https://eu8-logs.itsma-ng.com/\_plugin/kibana/app/discover#/?\_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now%2Fd,to:now%2Fd))&\_a=(columns:!(\_source),filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:cc7f93d0-59ad-11ec-b5a7-9dc618af91ac,key:service.keyword,negate:!f,params:(query:xService-platform-offline),type:phrase),query:(match\_phrase:(service.keyword:xService-platform-offline)))),index:cc7f93d0-59ad-11ec-b5a7-9dc618af91ac,interval:auto,query:(language:kuery,query:'%22Intercepted%20REMOVE%20notification%20total%20count%20:%22'),sort:!()) + +![](attachments/686074669/686074647.png) + +## Proceeded CI remove notifications + +Query key word - "in ems. RemoveCount:" Processed REMOVE Notification Abbreviated as F, Value is 11423 + +https://eu8-logs.itsma-ng.com/\_plugin/kibana/app/discover#/?\_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now%2Fd,to:now%2Fd))&\_a=(columns:!(\_source),filters:!(('$state':(store:appState),meta:(alias:!n,disabled:!f,index:cc7f93d0-59ad-11ec-b5a7-9dc618af91ac,key:service.keyword,negate:!f,params:(query:xService-platform-offline),type:phrase),query:(match\_phrase:(service.keyword:xService-platform-offline)))),index:cc7f93d0-59ad-11ec-b5a7-9dc618af91ac,interval:auto,query:(language:kuery,query:'%22in%20ems.%20RemoveCount%20:%22'),sort:!()) + +![](attachments/686074669/686074649.png) + +## Summary + +According to the formula described in the beginning of this doc, the total number of unprocessed notifications in the Q is A-B-C-D-E-F. As of 2:36 Nov-9th, there are 3812985-12165-34879-3557709-6661-11423=190148 notifications. diff --git a/knowledgebase/csd-wiki/ICSD/How-to-create-a-change-request-in-SM9_693603362.md b/knowledgebase/csd-wiki/ICSD/How-to-create-a-change-request-in-SM9_693603362.md new file mode 100644 index 00000000..a09edac6 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/How-to-create-a-change-request-in-SM9_693603362.md @@ -0,0 +1,82 @@ +# How-to-create-a-change-request-in-SM9_693603362 +This guide introduce how to create a change request in SM9. + +#### Step 1: Log into SM9 + +1. Log into SM9 with your OT credential( short name for login name) + [https://sm.opentext.com/sm/index.do](https://sm.opentext.com/sm/index.do) + +#### Step 2: Copy a change + +1. Search an existing change(e.g. C2144659 EU3/US7 25.1.2 Upgrade). + + ![](attachments/693603362/693603384.png) + +2\. In the details page of above change,click 'Copy Record'. + +![](attachments/693603362/693603398.png) + +#### Step 3: Fill out the details of new change + +1. New change is now in "Change Logging" phase,fill in all the fields marked with and asterish(\*). Please also input the required entities which is highlighted in red box. + + ![](attachments/693603362/693603814.png) + + ![](attachments/693603362/693603838.png) +2. Under Change Details,fill out 'Technical Plans and Concurrences', 'Testing', 'Risk Calcualtor'. + + ![](attachments/693603362/693603902.png) + + You can put the change ID for Trail farm in the pre-prod CR number. + + ![](attachments/693603362/693603944.png) + + After you fill out the Risk Calculator,click "Click Here to Calculate Before Saving". + + ![](attachments/693603362/693603930.png) +3. Save the change +4. In the Activities, fill 'Update Type' and "Update Comments" and click 'Close Phase'. This will move change to "Change Assessment & Planning" Phase. + + ![](attachments/693603362/693603960.png) +5. Again,In the Activities, fill 'Update Type' and "Update Comments" and click 'Close Phase'. This will move change to "Change Review" Phase. + + ![](attachments/693603362/693603976.png) +6. In "Change Review" Phase, Under "Technical Plans and Concurrences",check the box "Expert Review Concurrence". + + ![](attachments/693603362/693604015.png) + + In the Activities, fill 'Update Type' and "Update Comments" and click 'Save'. This will move change to "Prepare for Change Approval" Phase. + + ![](attachments/693603362/693604011.png) + + 7\. Inform Management team to approve this change. + +#### Step 4: Close change + +After the upgrade has been implemented, close the change in SM9 after change is successfully implemented. + +Click 'Closing info' and input closing detail. Click 'Close Phase' to close the change. + +![](attachments/693603362/703391650.png) + +## Attachments: + +[image-2025-3-17\_13-35-28.png](attachments/693603362/693603384.png) (image/png) +[image-2025-3-17\_13-40-12.png](attachments/693603362/693603398.png) (image/png) +[image-2025-3-17\_15-15-7.png](attachments/693603362/693603805.png) (image/png) +[image-2025-3-17\_15-16-15.png](attachments/693603362/693603814.png) (image/png) +[image-2025-3-17\_15-19-28.png](attachments/693603362/693603838.png) (image/png) +[image-2025-3-17\_15-37-29.png](attachments/693603362/693603902.png) (image/png) +[image-2025-3-17\_15-40-39.png](attachments/693603362/693603916.png) (image/png) +[image-2025-3-17\_15-45-1.png](attachments/693603362/693603930.png) (image/png) +[image-2025-3-17\_15-49-25.png](attachments/693603362/693603944.png) (image/png) +[image-2025-3-17\_15-51-15.png](attachments/693603362/693603950.png) (image/png) +[image-2025-3-17\_15-53-58.png](attachments/693603362/693603960.png) (image/png) +[image-2025-3-17\_15-58-47.png](attachments/693603362/693603968.png) (image/png) +[image-2025-3-17\_16-0-41.png](attachments/693603362/693603976.png) (image/png) +[image-2025-3-17\_16-3-18.png](attachments/693603362/693603982.png) (image/png) +[image-2025-3-17\_16-6-35.png](attachments/693603362/693604011.png) (image/png) +[image-2025-3-17\_16-7-37.png](attachments/693603362/693604015.png) (image/png) +[image-2025-5-20\_16-43-1.png](attachments/693603362/703391633.png) (image/png) +[image-2025-5-20\_16-44-49.png](attachments/693603362/703391642.png) (image/png) +[image-2025-5-20\_16-46-0.png](attachments/693603362/703391650.png) (image/png) diff --git a/knowledgebase/csd-wiki/ICSD/How-to-debug-in-Milvus_686074149.md b/knowledgebase/csd-wiki/ICSD/How-to-debug-in-Milvus_686074149.md new file mode 100644 index 00000000..2c772a2d --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/How-to-debug-in-Milvus_686074149.md @@ -0,0 +1,38 @@ +# How-to-debug-in-Milvus_686074149 +Milvus is a cloud-native **Vector** database, also be treated as search engineer in Aviator. + +A lot of difference compared to structured database like postgres and even non-structured database like vertica + +## prerequisites + +1. Open ticket in PSDC portal to request access for 2 aviator accounts + itom-aviator0-ext-stg: 824517076529 + itom-aviator0-ext-prod: 521526956341 +2. For emergency case you can reset password for ESM, AK/SK can be picked up from parameter store in US2-Prod + +## Steps + +1. Check if the pod of attu is enabled, enable it by + ``` + kubectl scale deploy milvus-attu -n milvus --replicas=1 + ``` +2. Login to the windows bastion of aviator +3. Get the right ip of milvus ingress and map the ip to the host file + ``` + ping internal-k8s-eu30milvusattualb-94bd0407df-29282387.eu-central-1.elb.amazonaws.com + ``` +4. Access your fqdn for milvus, e.g. [https://eu30-prod-itomaviator-attu.itsma-ng.com/](https://eu30-prod-itomaviator-attu.itsma-ng.com/), login with your credentials(default is: root/Admin\_1234) +5. Check for all the collections in milvus, there should be two records for each tenant that has enabled Aviator in smax: + ![](attachments/686074149/686074143.png) +6. Vector search for all documents, first select the entity\_ *tenantid*, and set search by docId > 0 in Advanced Filter +7. Vector search for individual document, first select the entity\_tenantid, and then get the vector from dev + ![](attachments/686074149/686074146.png) +8. Aviator logs are mainly from code block(not mounted to EFS yet): + ``` + kubectl logs itom-aviator-core-776c74c57d-h92qc -n aviator -c itom-aviator-core -f + ``` + +## Attachments: + +[image2023-12-1\_13-10-40.png](attachments/686074149/686074143.png) (image/png) +[image2023-12-1\_13-19-11.png](attachments/686074149/686074146.png) (image/png) diff --git a/knowledgebase/csd-wiki/ICSD/How-to-deploy-and-enable-AC_693613103.md b/knowledgebase/csd-wiki/ICSD/How-to-deploy-and-enable-AC_693613103.md new file mode 100644 index 00000000..bfcf8d7e --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/How-to-deploy-and-enable-AC_693613103.md @@ -0,0 +1,40 @@ +# How-to-deploy-and-enable-AC_693613103 +## Steps: + +
Deploy AC

1.Make sure the SMAX/HCMX is helm environment

2.Deploy AC

Please firstly deploy the AC as the document on the right before you enable it.

https://staging.docs.microfocus.com/itom/Automation_Center:Main/DeployAC

Enable AC
  1. Enable tenant temporary flag for AC


2. Generate tenant key chain

3. Enable Vulnerability & Remediation tenant settings

4. Create tenant schemas for AC backend service
  1. Download the script attachment on the right
  2. Copy it to the bastion
  3. Grant the permission for the script: chmod 755 configure_ac_tenant.sh
  4. Run the following two commands, if it responds 202, it means success
    e.g.

    sh configure_ac_tenant.sh -a create -n itsma-7o5kn -d itom-ac-vulnerability-and-patching -i 791371430 -u bo-integration@dummy.com -p xxxx

    sh configure_ac_tenant.sh -a create -n itsma-7o5kn -d itom-ac-data-sync -i 791371430 -u bo-integration@dummy.com -p xxxx


  5. Then go to database to check the schema:

configure_ac_tenant.sh

+ +**Related pages** + +- Page: + [ESM Cloud Farm Version Tracking](/display/ICSD/ESM+Cloud+Farm+Version+Tracking) +- Page: + [How to get an Opentext Confluence account](/display/ICSD/How+to+get+an+Opentext+Confluence+account) +- Page: + [ITOM APM AppPluse Cloud Farm Information](/display/ICSD/ITOM+APM+AppPluse+Cloud+Farm+Information) +- Page: + [ITOM Cloud Service Ops Doc Management Process](/display/ICSD/ITOM+Cloud+Service+Ops+Doc+Management+Process) +- Page: + [ITOM ESM Cloud Service Catalog](/display/ICSD/ITOM+ESM+Cloud+Service+Catalog) +- Page: + [ITOM OpsB NOM Cloud Service Catalog](/display/ICSD/ITOM+OpsB+NOM+Cloud+Service+Catalog) +- Page: + [OpsB and NOM Cloud Deployments Version Tracking](/display/ICSD/OpsB+and+NOM+Cloud+Deployments+Version+Tracking) + +## Attachments: + +[image2024-8-9\_11-2-46.png](attachments/693613103/693613022.png) (image/png) +[image2024-8-9\_11-3-51.png](attachments/693613103/693613025.png) (image/png) +[image2024-8-9\_11-4-5.png](attachments/693613103/693613031.png) (image/png) +[image2024-8-9\_11-4-5.png](attachments/693613103/693613028.png) (image/png) +[image2024-8-9\_11-4-49.png](attachments/693613103/693613036.png) (image/png) +[image2024-8-9\_11-5-43.png](attachments/693613103/693613040.png) (image/png) +[image2024-8-9\_11-5-54.png](attachments/693613103/693613043.png) (image/png) +[image2024-11-15\_14-53-12.png](attachments/693613103/693613046.png) (image/png) +[image2024-8-9\_11-6-48.png](attachments/693613103/693613050.png) (image/png) +[image2024-8-9\_11-18-45.png](attachments/693613103/693613053.png) (image/png) +[image2024-8-9\_11-12-22.png](attachments/693613103/693613059.png) (image/png) +[image2024-8-9\_11-13-50.png](attachments/693613103/693613065.png) (image/png) +[image2024-8-9\_10-59-19.png](attachments/693613103/693613073.png) (image/png) +[configure\_ac\_tenant.sh](attachments/693613103/693613087.sh) (text/x-sh) +[configure\_ac\_tenant.sh](attachments/693613103/693613093.sh) (application/x-sh) +[configure\_ac\_tenant.sh](attachments/693613103/693613083.sh) (text/x-sh) diff --git a/knowledgebase/csd-wiki/ICSD/How-to-deploy-postgres-exporter-on-SaaS-to-monitor-postgres-custom-query_704971984.md b/knowledgebase/csd-wiki/ICSD/How-to-deploy-postgres-exporter-on-SaaS-to-monitor-postgres-custom-query_704971984.md new file mode 100644 index 00000000..5a5557d9 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/How-to-deploy-postgres-exporter-on-SaaS-to-monitor-postgres-custom-query_704971984.md @@ -0,0 +1,172 @@ +# How-to-deploy-postgres-exporter-on-SaaS-to-monitor-postgres-custom-query_704971984 +The community repo of postgres-exporter is [https://github.com/prometheus-community/helm-charts/tree/main/charts/prometheus-postgres-exporter](https://github.com/prometheus-community/helm-charts/tree/main/charts/prometheus-postgres-exporter) + +The image verison of postgres-expoter we used is v0.12.0. we have scaned the image security. + +![](attachments/704971984/704971891.png) + +**Preparation steps:** + +Create a dedicated postgres read user to access database. + +CREATE USER grafana\_reader WITH PASSWORD '\*\*\*\*\*'; + +GRANT CONNECT ON DATABASE xservices\_ems TO grafana\_reader; +GRANT CONNECT ON DATABASE xservices\_rms TO grafana\_reader; +GRANT CONNECT ON DATABASE idm TO grafana\_reader; + +GRANT CONNECT ON DATABASE bo\_ats TO grafana\_reader; + +\\c xservices\_ems +GRANT USAGE ON SCHEMA maas\_admin TO grafana\_reader; +GRANT SELECT ON ALL TABLES IN SCHEMA maas\_admin TO grafana\_reader; + +\\c xservices\_rms +GRANT USAGE ON SCHEMA maas\_admin TO grafana\_reader; +GRANT SELECT ON ALL TABLES IN SCHEMA maas\_admin TO grafana\_reader; + +\\c idm +GRANT USAGE ON SCHEMA idm TO grafana\_reader; +GRANT SELECT ON ALL TABLES IN SCHEMA idm TO grafana\_reader; + +\\c postgres +GRANT USAGE ON SCHEMA public TO grafana\_reader; +GRANT SELECT ON ALL TABLES IN SCHEMA public TO grafana\_reader; + +\\c bo\_ats +GRANT USAGE ON SCHEMA bo\_db\_user TO grafana\_reader; +GRANT SELECT ON ALL TABLES IN SCHEMA bo\_db\_user TO grafana\_reader; + +GRANT pg\_read\_all\_stats TO grafana\_reader; + +**Create function based on the basic SQL query:** + +1. To query the tenantID cross-database, use the dblink extension. The SELECT statement from dblink will return a table. Check if the extension has been created. + +SELECT \* FROM pg\_extension WHERE extname = 'dblink'; + +CREATE EXTENSION dblink; + +2\. use maas\_admin to login xservices\_ems,and run below alert default command to let feature newly created table with select permission. + +ALTER DEFAULT PRIVILEGES IN SCHEMA maas\_admin GRANT SELECT ON TABLES TO grafana\_reader; + +3\. Create functions in xservice\_ems with postgres user. Here is the query definition. + +For xservices\_ems database: [database\_monitoring\_functions\_definition.txt](attachments/704971984/704971933.txt) + +For xservices\_rms database: [database\_monitoring\_functions\_definition\_xservices\_rms.txt](attachments/704971984/711822858.txt) + +4\. Create index for the query, **this step is very important, please confirm this with expert.** + +create index "ops\_transaction\_context\_\_timestamp" on transaction\_context\_ (transaction\_timestamp); + +create index ops\_transaction\_context\_\_entity\_type on transaction\_context\_ ((entity::jsonb ->> 'entity\_type')); + +This needs to be scripted and performed for every tenant in the farm. + +**Installation steps:** + +1. Download the helm chart [prometheus-postgres-exporter.zip](attachments/704971984/704972022.zip) +2. Replace the and with actual value in the values\_database\_level.yaml,values\_dead\_tuple.yaml and values\_instance\_level.yaml. +3. Add User query in values\_database\_level.yaml file. + ``` + userQueries: |- + nascm_transaction_context_queue_alltenants: + query: "select tid,row_count from get_transaction_context_counts();" + master: true + cache_seconds: 1200 + metrics: + - row_count: + description: context queue count + usage: GAUGE + - tid: + description: tenant id + usage: LABEL + nascm_transaction_context_queue_retries_alltenants: + query: "select tid,row_count from get_transaction_context_queue_retries();" + master: true + cache_seconds: 1200 + metrics: + - row_count: + description: context queue count + usage: GAUGE + - tid: + description: tenant id + usage: LABEL + etl_job_queue_alltenants: + query: "select tid,etl_job_name,row_count from get_transaction_etl_job_queue();" + master: true + cache_seconds: 1200 + metrics: + - row_count: + description: job queue count + usage: GAUGE + - tid: + description: tenant id + usage: LABEL + - etl_job_name: + description: job name + usage: LABEL + etl_job_delay_time_alltenants: + query: "select tid,etl_job_name,delay_time from get_transaction_etl_job_delay_time();" + master: true + cache_seconds: 1200 + metrics: + - delay_time: + description: delay time + usage: GAUGE + - tid: + description: tenant id + usage: LABEL + - etl_job_name: + description: job name + usage: LABEL + ``` +4. run helm install command to deploy postgres exporter + +helm install prometheus-postgres-exporter-instance-level. -f values\_instance\_level.yaml --namespace=monitoring + +helm install prometheus-postgres-exporter-database-level. -f values\_database\_level.yaml --namespace=monitoring + +helm install prometheus-postgres-exporter-for-dtuple. -f values\_dead\_tuple.yaml --namespace=monitoring + +**Configure Grafana to show metrics:** + +The metrics name is consist of \_. eg: + +![](attachments/704971984/704971980.png) + +**Import Dashboard to Grafana:** + +Download the [PostgresSQL RDS Monitoring Dashboard](attachments/704971984/709413468.json) and import to Grafana. + +**Related pages** + +- Page: + [ESM Cloud Farm Version Tracking](/display/ICSD/ESM+Cloud+Farm+Version+Tracking) +- Page: + [How to get an Opentext Confluence account](/display/ICSD/How+to+get+an+Opentext+Confluence+account) +- Page: + [ITOM APM AppPluse Cloud Farm Information](/display/ICSD/ITOM+APM+AppPluse+Cloud+Farm+Information) +- Page: + [ITOM Cloud Service Ops Doc Management Process](/display/ICSD/ITOM+Cloud+Service+Ops+Doc+Management+Process) +- Page: + [ITOM ESM Cloud Service Catalog](/display/ICSD/ITOM+ESM+Cloud+Service+Catalog) +- Page: + [ITOM OpsB NOM Cloud Service Catalog](/display/ICSD/ITOM+OpsB+NOM+Cloud+Service+Catalog) +- Page: + [OpsB and NOM Cloud Deployments Version Tracking](/display/ICSD/OpsB+and+NOM+Cloud+Deployments+Version+Tracking) + +## Attachments: + +[image-2025-5-26\_14-53-21.png](attachments/704971984/704971891.png) (image/png) +[database\_monitoring\_functions\_definition.txt](attachments/704971984/709409438.txt) (text/plain) +[image-2025-5-26\_15-15-4.png](attachments/704971984/704971980.png) (image/png) +[prometheus-postgres-exporter.zip](attachments/704971984/704972022.zip) (application/zip) +[database\_monitoring\_functions\_definition.txt](attachments/704971984/709409852.txt) (text/plain) +[database\_monitoring\_functions\_definition.txt](attachments/704971984/704971933.txt) (text/plain) +[7\. PostgreSQL RDS Monitoring-1751508520632.json](attachments/704971984/709413471.json) (application/json) +[7\. PostgreSQL RDS Monitoring-1751508520632.json](attachments/704971984/709413468.json) (application/json) +[database\_monitoring\_functions\_definition\_xservices\_rms.txt](attachments/704971984/711822860.txt) (text/plain) +[database\_monitoring\_functions\_definition\_xservices\_rms.txt](attachments/704971984/711822858.txt) (text/plain) diff --git a/knowledgebase/csd-wiki/ICSD/How-to-disable-Aviator_686073812.md b/knowledgebase/csd-wiki/ICSD/How-to-disable-Aviator_686073812.md new file mode 100644 index 00000000..c0a14650 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/How-to-disable-Aviator_686073812.md @@ -0,0 +1,36 @@ +# How-to-disable-Aviator_686073812 +## When to use + +Trial tenant finishes trial or customer unsubscribes Aviator service. + +**Note: Data in Aviator will not be removed.** + +## Steps + +1. Login into SMAX as Tenant admin +2. Changes **Mode** in **AI Studio→Virtual Agent-->Configurations** to **Classic** and click **Save**, refer to: [https://docs.microfocus.com/doc/ESM/SaaS/EnableAviator#Enable\_the\_Aviator\_mode](https://docs.microfocus.com/doc/ESM/SaaS/EnableAviator#Enable_the_Aviator_mode) +3. (Optional) Click **Train** in **AI Studio→ Virtual Agent→Intents** if there are any intents +4. Call API to turn off Aviator + ``` + SMAX_HOST= + TENANT_ID= + BO_INT_ADMIN=bo-integration@dummy.com + BO_INT_ADMIN_PWD= + SMAX_AUTH_TOKEN=$(curl -ks "https://${SMAX_HOST}/auth/authentication-endpoint/authenticate/token" -H 'Content-Type: application/json' -d '{ + "login": "'"${BO_INT_ADMIN}"'", + "password": "'"${BO_INT_ADMIN_PWD}"'" + }') + echo "SMAX_AUTH_TOKEN=${SMAX_AUTH_TOKEN}" + SMAX_TENANT_URL=https://${SMAX_HOST}/rest/${TENANT_ID}/ + curl -sk -X PUT "${SMAX_TENANT_URL}common-settings/setting/OT_AI_ENABLED" --cookie "SMAX_AUTH_TOKEN=${SMAX_AUTH_TOKEN};" -H 'Content-Type: application/json' -d '{"value": false}' + SAVED_TOGGLE=$(curl -sk "${SMAX_TENANT_URL}common-settings/setting/OT_AI_ENABLED" --cookie "SMAX_AUTH_TOKEN=${SMAX_AUTH_TOKEN};") + echo " " + echo "OT_AI_ENABLED=${SAVED_TOGGLE}" + ``` +5. Tenant admin validates the change + +Click **AI Studio→ Aviator Models**, there should be a message: Aviator is not activated in your tenant.![](attachments/686073812/686073818.png) + +## Attachments: + +[image-2025-1-21\_14-2-54.png](attachments/686073812/686073818.png) (image/png) diff --git a/knowledgebase/csd-wiki/ICSD/How-to-export-WAF-logs-for-troubleshooting_688988324.md b/knowledgebase/csd-wiki/ICSD/How-to-export-WAF-logs-for-troubleshooting_688988324.md new file mode 100644 index 00000000..0f4df22b --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/How-to-export-WAF-logs-for-troubleshooting_688988324.md @@ -0,0 +1,32 @@ +# How-to-export-WAF-logs-for-troubleshooting_688988324 +``` +Introduction +``` + +AWS waf is a service that associated with your primary load balancer, which can provide the access control, traffic control, and even you can block the access from specific countries or IP. Since WAF rule is not that mature in ESM, we have to export the logs and send it to RnD for analyze, which is a keep refactoring project + +Here is the steps that you can refer to: + +- Make sure you have enabled logging metrics for WAF, and logs saved in S3 bucket +- Navigator to cloudwatch → Logs → Logs insight +- Select time range in the top right corner, e.g. Last 1 week +- Select the S3 bucket which you have enabled in Step 1 +- Input the search query like(you can customize filter here) and click Run Query: + +``` +fields @timestamp, httpRequest.uri as URI, action, @message +| sort @timestamp desc +| filter (action = "BLOCK" or action = "COUNT") +``` + +- Wait for completion of the query and click Export Results → Download table(XLSX) +- Zip the downloaded files and send to RnD + +``` +Note that you can only export with a maximum of 10 thousand records at a time, so when there are more records, please narrow you time range or adjust your filters +``` + +## Attachments: + +[enable\_waf.png](attachments/688988324/688988328.png) (image/png) +[log\_insight.png](attachments/688988324/688988332.png) (image/png) diff --git a/knowledgebase/csd-wiki/ICSD/How-to-find-the-suite-logs-for-troubleshooting_686074297.md b/knowledgebase/csd-wiki/ICSD/How-to-find-the-suite-logs-for-troubleshooting_686074297.md new file mode 100644 index 00000000..f8b8956e --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/How-to-find-the-suite-logs-for-troubleshooting_686074297.md @@ -0,0 +1,12 @@ +# How-to-find-the-suite-logs-for-troubleshooting_686074297 +Created by, last modified by Wei Shen on Feb 08, 2025 EST + +The following document provides information about where to find the suite logs for troubleshooting or administration purposes based on your actual scenarios. + +[https://staging.docs.microfocus.com/itom/SMAX:Main/SuiteLogs](https://staging.docs.microfocus.com/itom/SMAX:Main/SuiteLogs) + +**Related pages** + +**Content by label** + +There is no content with the specified labels diff --git a/knowledgebase/csd-wiki/ICSD/How-to-fix-400-login-error-after-upgrade-to-24.3_688988344.md b/knowledgebase/csd-wiki/ICSD/How-to-fix-400-login-error-after-upgrade-to-24.3_688988344.md new file mode 100644 index 00000000..9b1e2606 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/How-to-fix-400-login-error-after-upgrade-to-24.3_688988344.md @@ -0,0 +1,51 @@ +# How-to-fix-400-login-error-after-upgrade-to-24.3_688988344 +## Problem: + +After upgrading to 24.3, you may encounter a "400" error when attempting to log in to the system. + +## Root cause: + +1. In default, the server http header max size of bo-login be stetted to 65536 using the setting "server.max-http-header-size". +2. Spring Boot 3.2 remove "server.max-http-header-size" and replace with "server.max-http-request-header-size". +3. "server.max-http-request-header-size" default size is 8192. +4. after 24.3, the bo-login will be using the default "server.max-http-request-header-size" max size = 8192. +5. So, if additional cookie appended in SMAX header, the header size will max than 8192. User can’t login to SMAX + +## Solution: + +Following these steps to add max-http-request-header-size parameter with correct header size: + +- Login to master or bastion node. +- Run the command to check the JAVA\_OPTS for itom-bo-login-deployment + +***kubectl get deploy itom-bo-login-deployment -n -o json | grep JAVA\_OPTS -A 3 -B 1*** + +***Results:*** + +{ + +"name": "JAVA\_OPTS", + +"value": "-Djava.security.egd= [file:/dev/./urandom](http://file/dev/urandom) " + +} + +- Run the command to update the JAVA\_OPTS env + +***kubectl set env deploy/itom-bo-login-deployment JAVA\_OPTS="-Djava.security.egd= [file:/dev/./urandom](http://file/dev/urandom) -Dserver.max-http-request-header-size=65536" -c itom-bo-login -n *** + +- Run the command to check the JAVA\_OPTS for itom-bo-login deployment again + +***kubectl get deploy itom-bo-login-deployment -n -o json | grep JAVA\_OPTS -A 3 -B 1*** + +***Results:*** + +  { + +"name": "JAVA\_OPTS", + +"value": "-Djava.security.egd= [file:/dev/./urandom](http://file/dev/urandom) -Dserver.max-http-request-header-size=65536" + +} + +- Then Waiting for itom-bo-login pod to start diff --git a/knowledgebase/csd-wiki/ICSD/How-to-fix-Dev2Prod-failure_688988351.md b/knowledgebase/csd-wiki/ICSD/How-to-fix-Dev2Prod-failure_688988351.md new file mode 100644 index 00000000..7fd527f8 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/How-to-fix-Dev2Prod-failure_688988351.md @@ -0,0 +1,293 @@ +# How-to-fix-Dev2Prod-failure_688988351 +## Symptom + +If you have created two identical custom actions for the same record type in both source and target tenants, the Dev2Prod process fails. The error messages are as follows: + +``` +> Customization1 Metadata element .CustomActionName_c.Localized Label Key is invalid. +> Update of existing element descriptor's attributes is not available through customization. Refer to: Customization1. +> +> Customization1 Metadata element .CustomActionName_c.Tooltip Localized Label Key is invalid. +Update of existing element descriptor's attributes is not available through customization. Refer to: Customization1. +> +> Customization1 Metadata element .CustomActionName_c.Placeholder Localized Label Key is invalid. +> Update of existing element descriptor's attributes is not available through customization. Refer to: Customization1. +> +> Customization1 Metadata element EntityType.CustomActionCount_c.Localized Label Key is invalid. +> Update of existing element descriptor's attributes is not available through customization. Refer to: Customization1. +> +> Customization1 Metadata element .CustomActionCount_c.Tooltip Localized Label Key is invalid. +> Update of existing element descriptor's attributes is not available through customization. Refer to: Customization1. +> +> Customization1 Metadata element EntityType.CustomActionCount_c.Placeholder Localized Label Key is invalid. +> Update of existing element descriptor's attributes is not available through customization. Refer to: Customization1. +``` + +## Resolution + +This resolution applies to SMAX versions from 2023.05 to 24.1. + +**Note:** For example, the verion number is \*\*\\\*\*, export from \*\*\\\*\* and import into \*\*\\\*\*, the related entities are \*\*\\\*\* and \*\*\\\*\*. + +Step 1. Choose \*\*xservices-ems\*\*, execute the following queries on both and , and keep the results for later steps. + +Step 1.1. Run the following command: + +``` +\`\`\`SQL +SELECT + ed.tenant_id AS "version", + pd.tenant_id, + pd.parent_descriptor_id AS entity_type_id, + ed."name" AS entity_name, + pd."name" AS field_name, + pd.localization_key, + ed."name" || '.' || pd."name" || '.localized-label-key' as localization_key_new +FROM + property_descriptor pd + LEFT JOIN entity_descriptor ed ON pd.parent_descriptor_id = ed.id +WHERE + pd."name" IN ('CustomActionName_c', 'CustomActionCount_c') + AND ed.tenant_id = '' + AND pd.tenant_id IN ('', '') + AND ed."name" IN ('', ''); +\`\`\` +``` + +For example, in the following case, \\ is "v26", is "100000001", is "100000002", is "Request", is "Incident". The script would be: + +``` +\`\`\`SQL +SELECT + ed.tenant_id AS "version", + pd.tenant_id, + pd.parent_descriptor_id AS entity_type_id, + ed."name" AS entity_name, + pd."name" AS field_name, + pd.localization_key, + ed."name" || '.' || pd."name" || '.localized-label-key' as localization_key_new +FROM + property_descriptor pd + LEFT JOIN entity_descriptor ed ON pd.parent_descriptor_id = ed.id +WHERE + pd."name" IN ('CustomActionName_c', 'CustomActionCount_c') + AND ed.tenant_id = 'v26' + AND pd.tenant_id IN ('100000001', '100000002') + AND ed."name" IN ('Request', 'Incident'); +\`\`\` +``` + +The output would be: + +``` +table1 +| version | tenant_id | entity_type_id | entity_name | field_name | localization_key | localization_key_new | +| ------- | --------- | -------------- | ----------- | ------------------- | ----------------------------------- | ------------------------------------------------ | +| v26 | 100000001 | 247 | Incident | CustomActionCount_c | CustomActionCount_c_1710482969177_c | Incident.CustomActionCount_c.localized-label-key | +| v26 | 100000001 | 247 | Incident | CustomActionName_c | CustomActionName_c_1710482969053_c | Incident.CustomActionName_c.localized-label-key | +| v26 | 100000001 | 375 | Request | CustomActionCount_c | CustomActionCount_c_1710482749123_c | Request.CustomActionCount_c.localized-label-key | +| v26 | 100000001 | 375 | Request | CustomActionName_c | CustomActionName_c_1710482749001_c | Request.CustomActionName_c.localized-label-key | +| v26 | 100000002 | 247 | Incident | CustomActionCount_c | CustomActionCount_c_1710482925908_c | Incident.CustomActionCount_c.localized-label-key | +| v26 | 100000002 | 247 | Incident | CustomActionName_c | CustomActionName_c_1710482925779_c | Incident.CustomActionName_c.localized-label-key | +| v26 | 100000002 | 375 | Request | CustomActionCount_c | CustomActionCount_c_1710482721555_c | Request.CustomActionCount_c.localized-label-key | +| v26 | 100000002 | 375 | Request | CustomActionName_c | CustomActionName_c_1710482721392_c | Request.CustomActionName_c.localized-label-key | +``` + +Step 1.2. Run the following command: + +``` +\`\`\`SQL +SELECT + tenant_id, + property_descriptor_name, + entity_descriptor_name, + placeholder_key, + entity_descriptor_name || '.' || property_descriptor_name || '.placeholder' AS placeholder_key_new, + tooltip_key, + entity_descriptor_name || '.' || property_descriptor_name || '.tooltip' AS tooltip_key_new +FROM + property_descriptor_ui +WHERE + property_descriptor_name IN ('CustomActionName_c', 'CustomActionCount_c') + AND tenant_id IN ('', '') + AND entity_descriptor_name IN ('', ''); +\`\`\` +``` + +In our case, the script would be: + +``` +\`\`\`SQL +SELECT + tenant_id, + property_descriptor_name, + entity_descriptor_name, + placeholder_key, + entity_descriptor_name || '.' || property_descriptor_name || '.placeholder' AS placeholder_key_new, + tooltip_key, + entity_descriptor_name || '.' || property_descriptor_name || '.tooltip' AS tooltip_key_new +FROM + property_descriptor_ui +WHERE + property_descriptor_name IN ('CustomActionName_c', 'CustomActionCount_c') + AND tenant_id IN ('100000001', '100000002') + AND entity_descriptor_name IN ('Request', 'Incident'); +\`\`\` +table2 +| tenant_id | property_descriptor_name | entity_descriptor_name | placeholder_key | placeholder_key_new | tooltip_key | tooltip_key_new | +| --------- | ------------------------ | ---------------------- | ----------------------------------------------- | ---------------------------------------- | ------------------------------------------- | ------------------------------------ | +| 100000001 | CustomActionCount_c | Incident | CustomActionCount_c_PLACEHOLDER_1710482969177_c | Incident.CustomActionCount_c.placeholder | CustomActionCount_c_TOOLTIP_1710482969177_c | Incident.CustomActionCount_c.tooltip | +| 100000001 | CustomActionCount_c | Request | CustomActionCount_c_PLACEHOLDER_1710482749123_c | Request.CustomActionCount_c.placeholder | CustomActionCount_c_TOOLTIP_1710482749123_c | Request.CustomActionCount_c.tooltip | +| 100000001 | CustomActionName_c | Incident | CustomActionName_c_PLACEHOLDER_1710482969053_c | Incident.CustomActionName_c.placeholder | CustomActionName_c_TOOLTIP_1710482969053_c | Incident.CustomActionName_c.tooltip | +| 100000001 | CustomActionName_c | Request | CustomActionName_c_PLACEHOLDER_1710482749001_c | Request.CustomActionName_c.placeholder | CustomActionName_c_TOOLTIP_1710482749001_c | Request.CustomActionName_c.tooltip | +| 100000002 | CustomActionCount_c | Incident | CustomActionCount_c_PLACEHOLDER_1710482925908_c | Incident.CustomActionCount_c.placeholder | CustomActionCount_c_TOOLTIP_1710482925908_c | Incident.CustomActionCount_c.tooltip | +| 100000002 | CustomActionCount_c | Request | CustomActionCount_c_PLACEHOLDER_1710482721555_c | Request.CustomActionCount_c.placeholder | CustomActionCount_c_TOOLTIP_1710482721555_c | Request.CustomActionCount_c.tooltip | +| 100000002 | CustomActionName_c | Incident | CustomActionName_c_PLACEHOLDER_1710482925779_c | Incident.CustomActionName_c.placeholder | CustomActionName_c_TOOLTIP_1710482925779_c | Incident.CustomActionName_c.tooltip | +| 100000002 | CustomActionName_c | Request | CustomActionName_c_PLACEHOLDER_1710482721392_c | Request.CustomActionName_c.placeholder | CustomActionName_c_TOOLTIP_1710482721392_c | Request.CustomActionName_c.tooltip | +``` + +Step 2. Choose \*\*xservices-rms\*\*, update all with , all with and all with both on and based on \*\*"table1"\*\* and \*\*"table2"\*\*. + +``` +\`\`\`SQL +UPDATE + "ResourceBundle_" +SET + body = jsonb_set(body, '{Key}', '""') +WHERE + body->>'Key' = ''; + +UPDATE + "ResourceBundle_" +SET + body = jsonb_set(body, '{Key}', '""') +WHERE + body->>'Key' = ''; + +UPDATE + "ResourceBundle_" +SET + body = jsonb_set(body, '{Key}', '""') +WHERE + body->>'Key' = ''; +\`\`\` +``` + +In our case, it would be: + +``` +\`\`\`SQL +UPDATE + "ResourceBundle_100000001" +SET + body = jsonb_set(body, '{Key}', '"Incident.CustomActionCount_c.localized-label-key"') +WHERE + body->>'Key' = 'CustomActionCount_c_1710482969177_c'; +...... +UPDATE + "ResourceBundle_100000002" +SET + body = jsonb_set(body, '{Key}', '"Request.CustomActionName_c.localized-label-key"') +WHERE + body->>'Key' = 'CustomActionName_c_1710482721392_c'; + +UPDATE + "ResourceBundle_100000001" +SET + body = jsonb_set(body, '{Key}', '"Incident.CustomActionCount_c.placeholder"') +WHERE + body->>'Key' = 'CustomActionCount_c_PLACEHOLDER_1710482969177_c'; + +UPDATE + "ResourceBundle_100000001" +SET + body = jsonb_set(body, '{Key}', '"Incident.CustomActionCount_c.tooltip"') +WHERE + body->>'Key' = 'CustomActionCount_c_TOOLTIP_1710482969177_c'; +...... + +UPDATE + "ResourceBundle_100000002" +SET + body = jsonb_set(body, '{Key}', '"Request.CustomActionName_c.placeholder"') +WHERE + body->>'Key' = 'CustomActionName_c_PLACEHOLDER_1710482721392_c'; + +UPDATE + "ResourceBundle_100000002" +SET + body = jsonb_set(body, '{Key}', '"Request.CustomActionName_c.tooltip"') +WHERE + body->>'Key' = 'CustomActionName_c_TOOLTIP_1710482721392_c'; +\`\`\` +``` + +Step 3. Choose \*\*xservices-ems\*\*, execute the following updates on both and . + +``` +\`\`\`SQL +UPDATE + property_descriptor pd +SET + localization_key = ed."name" || '.' || pd."name" || '.localized-label-key', + flavors = 'EMS' +FROM + entity_descriptor ed +WHERE + pd.parent_descriptor_id = ed.id + AND pd."name" IN ('CustomActionCount_c', 'CustomActionName_c') + AND ed.tenant_id = '' + AND pd.tenant_id IN ('', '') + AND ed."name" IN ('', ''); + +UPDATE + property_descriptor_ui +SET + placeholder_key = entity_descriptor_name || '.' || property_descriptor_name || '.placeholder', + tooltip_key = entity_descriptor_name || '.' || property_descriptor_name || '.tooltip' +WHERE + property_descriptor_name IN ('CustomActionCount_c', 'CustomActionName_c') + AND tenant_id IN ('', '') + AND entity_descriptor_name IN ('', ''); +\`\`\` +``` + +In our case, it would be: + +``` +\`\`\`SQL +UPDATE + property_descriptor pd +SET + localization_key = ed."name" || '.' || pd."name" || '.localized-label-key', + flavors = 'EMS' +FROM + entity_descriptor ed +WHERE + pd.parent_descriptor_id = ed.id + AND pd."name" IN ('CustomActionCount_c', 'CustomActionName_c') + AND ed.tenant_id = 'v26' + AND pd.tenant_id IN ('100000001', '100000002') + AND ed."name" IN ('Request', 'Incident'); + +UPDATE + property_descriptor_ui +SET + placeholder_key = entity_descriptor_name || '.' || property_descriptor_name || '.placeholder', + tooltip_key = entity_descriptor_name || '.' || property_descriptor_name || '.tooltip' +WHERE + property_descriptor_name IN ('CustomActionCount_c', 'CustomActionName_c') + AND tenant_id IN ('100000001', '100000002') + AND entity_descriptor_name IN ('Request', 'Incident'); +\`\`\` +``` + +Step 4. It is recommended to restart the platform where the modified tenant is located: + +``` +\`\`\`sh +kubectl rollout restart deployment itom-xruntime-platform -n itsma-xxxxx +\`\`\` +``` + +Step 5. Redo the export and import operations. diff --git a/knowledgebase/csd-wiki/ICSD/How-to-fix-broken-SLT-data-via-Python-script_686074161.md b/knowledgebase/csd-wiki/ICSD/How-to-fix-broken-SLT-data-via-Python-script_686074161.md new file mode 100644 index 00000000..2cc2065b --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/How-to-fix-broken-SLT-data-via-Python-script_686074161.md @@ -0,0 +1,79 @@ +# How-to-fix-broken-SLT-data-via-Python-script_686074161 +## Introduction + +This script will fix SLT issues for **Request** & **Incident** in the following 4 scenarios: + +- Tickets have empty SLT information. +- Tickets have super large or negative SLT values. +- Tickets have been suspended but the SLT is still being calculated. +- Tickets have wrong/empty values for their SLA status. + +**Note: This script applies to SMAX versions from 2022.05 to 25.2. Back up your data before running this script.** + +## Resolution + +1. Install python v3.8 ([https://www.python.org/downloads/source/](https://www.python.org/downloads/source/)) or above on the control plane node. +2. Run the following DB query in the xservices\_ems database to collect any customized Enum Items in the customer’s environment. + SELECT \* FROM enum\_value\_ WHERE enumeration\_descriptor\_name in ('ImpactScopeEnum','SawPriority','SLTStatus','TargetType','AgreementUsage', 'DefinitionCalculationPolicy', 'RequestStatusEnum', 'IncidentStatusEnum'); +3. Based on the result of step 2, update the script from Line 108 to 148. Pick up the customized content, then add them into the last line of each class. Here is the template script.[fixslt2\_20231129.zip](attachments/686074161/686074162.zip) + For example, in the following case, you can insert “P1\_c=20129” into the last line of the SawPriority class. + ![](attachments/686074161/686074160.png) +4. Based on the result of step 2, check the result of 'RequestStatusEnum' & 'IncidentStatusEnum', go to web > Studio > Request/Incident > Process and Rules, use the response as a keyword and search them in the rules. If they are used in the rule related to suspend status, then they need to be added to Line 181 & 182 for each record type. +5. Prepare the following parameters for the environment, they will be used for input when you execute the script. + SMAX web information. + Hostname; + Port; + Username; + Password; + DB Credential information. + DB username; + DB password; + DB host; + DB port; + Entity type(currently we only support Request & Incident); + Start time; + Tenant ID; +6. Prepare the ticket IDs to be fixed by executing the following DB query in xservices\_ems. + Use the “copy to” command to save the result into the target folder. + For example: copy (**#1 SELECT COMMAND**) to ‘/tmp/request\_ids.txt + (**Note: Fill in the record type and update the creation time value before execution.**) + 1. The following query is to filter out all tickets without SLT target data. + SELECT entity\_id FROM entities\_ where entity\_type\_id = (select distinct id from entity\_descriptor where localization\_key = '') and creation\_time >= 1675180800000 + + EXCEPT + + SELECT parent\_id FROM slt\_targets\_ WHERE parent\_id IN (SELECT entity\_id FROM entities\_ where entity\_type\_id = (SELECT distinct id FROM entity\_descriptor WHERE localization\_key = '') and creation\_time >= 1675180800000) GROUP BY parent\_id; + 2. The following query is to filter out all tickets whose SLT calculations with super large values. + SELECT parent\_id from + + (SELECT \* from slt\_targets\_ where parent\_id in (SELECT entity\_id FROM entities\_ where entity\_type\_id = (select distinct id from entity\_descriptor where localization\_key = '') and creation\_time >= 1680278400000)) s + + WHERE (elapsed\_duration > 31536000 or elapsed\_duration\_min > 525600) group by parent\_id; + **Note: The value of elapsed\_duration is in seconds and elapsed\_duration\_min is in minutes. The example above filters out a duration that is longer than 365 days. You may set different values according to your business needs.** + + The following query is to filter out all tickets whose SLT calculations with negative values. + SELECT parent\_id from + + (SELECT \* from slt\_targets\_ WHERE parent\_id in (SELECT entity\_id FROM entities\_ WHERE entity\_type\_id = (select distinct id from entity\_descriptor WHERE localization\_key = '') and creation\_time >= 1675180800000)) s + + WHERE (elapsed\_duration < 0 or elapsed\_duration\_min < 0) group by parent\_id; + 3. The following query is to filter out all closed tickets but their SLT is still being calculated. + SELECT distinct physical\_type\_name as close\_time\_field FROM entitydescriptor\_mapping WHERE entity\_type='' and logical\_type\_name='CloseTime'; + + note: query field name of 'CloseTime', and the query result will be applied to the + + SELECT parent\_id FROM slt\_record\_status\_ WHERE parent\_id IN (SELECT entity\_id FROM entities\_ where entity\_type\_id = (select distinct id from entity\_descriptor where localization\_key = '') and creation\_time >= 1675180800000 and is not NUll) and status not in (100, 400); + 4. The following query is to filter out all tickets whose SLA Overall status value is NULL. + SELECT parent\_id FROM slt\_record\_status\_ WHERE parent\_id IN (SELECT entity\_id FROM entities\_ where entity\_type\_id = (select distinct id from entity\_descriptor where localization\_key = '') and creation\_time >= 1675180800000) and sla\_status is null; +7. Copy the updated fixSlt script and the attached [triageslt.py](attachments/686074161/704987186.py) into the same folder with request\_ids.txt and give the folder full permission via the following command: + chmod 777 -R +8. Run the following command to execute the triageslt script to collect the SLT related tables data before the fixSlt script is run for the problematic request IDs given in the request\_ids.txt and the results of the script execution is written into the **triageslt.log** file. + python3 triageslt.py + + **NOTE**: On script run with the above command, it prompt the user to enter the required details. If we want to avoid entering the values each time, then we can hardcode the required parameter values in the script and then run which will then read the hardcoded values. +9. Run the following command to start the fix script and input the parameter in step 5. + python3 fixslt2.py +10. After the fixing work is finished, save the log file “fix\_slt.log” in the same level directory, it will record the operation with all tickets fixed by the script. +11. Run the following command to execute the triageslt script to collect the SLT related tables data after the fixSlt script is run for the problematic request IDs given in the request\_ids.txt and the results of the script execution is appended into the **triageslt.log** file created in the step 8 above. + python3 triageslt.py +12. Share the triageslt.log and fix\_slt.log files to RnD via CPE engineer for the further troubleshooting of the SLT problem reported. diff --git a/knowledgebase/csd-wiki/ICSD/How-to-fix-inability-to-add-new-Data-Domains_716270786.md b/knowledgebase/csd-wiki/ICSD/How-to-fix-inability-to-add-new-Data-Domains_716270786.md new file mode 100644 index 00000000..c2543f13 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/How-to-fix-inability-to-add-new-Data-Domains_716270786.md @@ -0,0 +1,132 @@ +# How-to-fix-inability-to-add-new-Data-Domains_716270786 +## Introduction + +This runbook will fix a customer's inability to add new Data Domains if they are receiving the following error "Metadata element DataDomains. is invalid. Enumeration descriptor is invalid, since the orders defined for its values are not greater than or equal to 1. Refer to customization" + +The problem occurred due to a defect for Dev2Prod process in RangeEnumerationValueOrdersPreProcessorForImport. In SMAX versions priori to 25.2, when importing DataDomains fields, the code would assign sequential order\_key values starting at 1 to newly imported DataDomains. It would persist any existing order\_keys, so generally if all newly imported DataDomains appeared at the end of the list, all was well. However, if Dev and Prod environments were out of sync, i.e. manually added domains to both environments in a different order, then the new DataDomain would be assigned an existing order\_key. This was handled later by the function "mergePreValidatedEnumerations()" and would assign a random order\_key between 10000-32767. This worked fine, although the DataDomains may be imported out of order, until 25.2 changed the logic. + +In 25.2 the DataDomains no longer got sequential IDs starting at 1, but from the highest order\_key already present. This meant they would no longer be duplicate keys to generate random ones. However, some unlucky customers that had existing order\_keys that were generated significantly high were now limited by the SQL/Java limits on "smallInt", maxing out at 32767. If a customer's DataDomains max order key reached 32767, the next DataDomain would try to be added with 32767+1, which would overflow and become -32768 and no longer be valid. + +No new customers will get random order\_keys anymore, so this will not be a problem for any customer whose max order\_key for DataDomains is below 31767, since the max number of enum items is 1000. However, to be safe from future changes, we should fix any customer whose max order\_key is over 30000. We must remap the DataDomains order\_keys in enumeration\_value, enum\_value\_ and entities\_ via SQL. + +**Note: This script applies to SMAX versions from 25.2 and higher. Back up your data in the following EMS tables before running this script: enumeration\_value, enum\_value\_ and entities\_** + +## Resolution + +Pre-requisites: + +- EMS database access +- RabbitMQ Management console or REST API access + +Steps: + +1. Download the SQL scripts and update throughout each of them. + 1. [find\_data\_domains.sql](attachments/716270786/716270787.sql) + 2. [update\_data\_domains.sql](attachments/716270786/716270788.sql) +2. Run find\_data\_domains.sql and record the output. You will get: + 1. A helper SQL to find all entities that will need updating that can be used in pre- and post-validation, for example: + ``` + NOTICE: + --- HELPER SQL TO BE RUN INDEPENDENTLY TO VIEW ALL ENTITIES NEEDING UPDATE --- + select DISTINCT entity_id, entity_type_id, ed.name as entity_type, schar0, data_domains, e.usmallint0 as Company_dd, e.usmallint1 as Idea_dd, last_update_time from entities_100000002 e + join entity_descriptor ed on e.entity_type_id = ed.id WHERE + EXISTS ( + SELECT 1 + FROM unnest(e.data_domains) AS dd + WHERE dd > 10000 + ) OR + (e.entity_type_id = 498 AND e.usmallint0 >= 10000) OR + (e.entity_type_id = 435 AND e.usmallint1 >= 10000); + ``` + 2. If Data Domains has been used in custom fields on any entities: + 1. A SELECT statement to copy into update\_data\_domains.sql for pre-validation + ``` + NOTICE: + --- SELECT STATEMENT TO ADD TO update_data_domains.sql for COUNT --- + SELECT COUNT(*) INTO row_count FROM entities_100000002 e WHERE + (e.entity_type_id = 498 AND e.usmallint0 = ANY(old_keys)) OR + (e.entity_type_id = 435 AND e.usmallint1 = ANY(old_keys)); + ``` + 2. A series of UPDATE statements to copy into update\_data\_domains.sql for updating data domains on custom fields + ``` + NOTICE: + --- UPDATE STATEMENTS TO ADD TO update_data_domains.sql for mapping new order_keys --- + UPDATE entities_100000002 e SET usmallint0 = t.new_key FROM temp_new_keys t WHERE usmallint0 = t.old_key AND e.entity_type_id = 498; + UPDATE entities_100000002 e SET usmallint1 = t.new_key FROM temp_new_keys t WHERE usmallint1 = t.old_key AND e.entity_type_id = 435; + ``` + 3. If the Data Domains have not been used in any custom fields, then you will get a simple notice and simply remove the RAISE EXCEPTION in the SELECT and UPDATE locations in the update\_data\_domains.sql + ``` + NOTICE: No relevant entity-property mappings found. You may remove the SELECT AND UPDATE RAISE EXCEPTIONS in update_data_domains. + ``` +3. Run update\_data\_domains.sql with doUpdate=false (the default) and SAVE and review the output. + 1. You will observe the list of enums that will be updated, for example: + ``` + NOTICE: 2025-09-02 16:52:49.399163+00 - ℹ️ Detected DataDomains that require updating: + NOTICE: No key conflicts detected. + NOTICE: Name: NickTest3_c, OldKey: 30009, NewKey: 1009 + NOTICE: Name: NickTest4_c, OldKey: 30010, NewKey: 1010 + NOTICE: Name: NickTest5_c, OldKey: 30011, NewKey: 1011 + ``` + 2. And you will observe information about how many entities will need to be updated: + ``` + NOTICE: 2025-09-02 16:52:49.612168+00 - ℹ️ data_domains system field on 2 entities requires updating. + NOTICE: 2025-09-02 16:52:49.614872+00 - ℹ️ data_domains custom field on 3 entities requires updating. + NOTICE: 2025-09-02 16:52:49.614958+00 - ℹ️ Have you saved the above output? Have you taken a DB backup? If you are ready to proceed with the update, change doUpdate to true and re-run the SQL. + ``` +4. Ensure you have taken back-ups of **enumeration\_value, enum\_value\_ and entities\_** +5. Modify the update\_data\_domains.sql with doUpdate=true and run the script + 1. You will observe the same output as the previous execution, along with some additional update results. For example: + ``` + NOTICE: 2025-09-02 17:18:45.558558+00 - ✅ Enum update completed: 409 enum rows updated, 409 tenant rows updated. + NOTICE: 2025-09-02 17:18:45.903909+00 - ✅ Entities data_domain system field update completed: 5 updated. + NOTICE: 2025-09-02 17:18:45.907732+00 - ✅ Entities update completed: 1 updated. + ``` +6. You can validate the success execution with the following queries: + 1. Validate enumeration\_values table returns no results with the following SQL (updated for your tenant): + ``` + SELECT * FROM enumeration_value + WHERE enumeration_descriptor_name LIKE '%DataDomain%' + AND tenant_id = '' + AND order_key > 10000 + ``` + 2. Validate the enum\_value\_ table returns no results with the following SQL (updated for your tenant): + ``` + SELECT * FROM enum_value_ + WHERE enumeration_descriptor_name LIKE '%DataDomain%' + AND order_key > 10000 + ``` + 3. Validate the entities\_ table returns no results by executing the HELPER SQL generated in Step 2.a +7. Refresh the Data Domains cache in RabbitMQ: + 1. If you have access to the RabbitMQ Management Console, navigate to the PLATFORM\_EVENT\_EXCHANGE and publish the following message, with the payload updated to your tenantId. + ![](attachments/716270786/716271687.png) + 2. If you do not have access to the RabbitMQ Management UI, you can trigger this over REST API. + 1. Login to the RabbitMQ pods and execute the following, updating the username, password, host and tenantId + ``` + curl -u : -H "content-type:application/json" \ + -X POST http://:15672/api/exchanges/xservices4/PLATFORM_EVENT_EXCHANGE/publish \ + -d '{ "vhost": "xservices4", + "name": "PLATFORM_EVENT_EXCHANGE", + "properties": { + "delivery_mode": 2, + "headers": { + "__TypeId__": "java.lang.String" + }, + "type": "Metadata.Update" + }, + "routing_key": "Metadata.Update", + "delivery_mode": "2", + "payload": "", + "payload_encoding": "string", + "headers": { + "__TypeId__": "java.lang.String" + }, + "props": { + "type": "Metadata.Update" + } + }' + ``` +8. Validate the cache has been refreshed by monitoring the gateway logs for the following log line: + ``` + 2025-08-29T12:04:26.623-0400|INFO |java-client-amqp-consumers-5-thread-13|||||||| Metadata: 100000002 cache is invalidated + 2025-08-29T12:04:26.623-0400|INFO |java-client-amqp-consumers-5-thread-13|||||||| Metadata: invalidateCache was called for tenant id 100000002 + ``` diff --git a/knowledgebase/csd-wiki/ICSD/How-to-generate-flame-graph-for-specific-container_686074188.md b/knowledgebase/csd-wiki/ICSD/How-to-generate-flame-graph-for-specific-container_686074188.md new file mode 100644 index 00000000..3b6615d9 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/How-to-generate-flame-graph-for-specific-container_686074188.md @@ -0,0 +1,48 @@ +# How-to-generate-flame-graph-for-specific-container_686074188 +## Introduction + +This guide presents the steps to generate flamegraph for specific container + +## When to use this guide? + +Usually when the issue happens on specific deployment and basic monitoring metrics cannot help on the troubleshooting. + +## Deployment + +1. Deploy [Krew](https://github.com/kubernetes-sigs/krew) on bastion + 1. Make sure that `git` is installed. + 2. Run this command to download and install `krew`: + ``` + ( + set -x; cd "$(mktemp -d)" && + OS="$(uname | tr '[:upper:]' '[:lower:]')" && + ARCH="$(uname -m | sed -e 's/x86_64/amd64/' -e 's/\(arm\)\(64\)\?.*/\1\2/' -e 's/aarch64$/arm64/')" && + KREW="krew-${OS}_${ARCH}" && + curl -fsSLO "https://github.com/kubernetes-sigs/krew/releases/latest/download/${KREW}.tar.gz" && + tar zxvf "${KREW}.tar.gz" && + ./"${KREW}" install krew + ) + ``` + 3. Add the `$HOME/.krew/bin` directory to your PATH environment variable. To do this, update your `.bashrc` or `.zshrc` file and append the following line: + ``` + export PATH="${KREW_ROOT:-$HOME/.krew}/bin:$PATH" + ``` + 4. Run `kubectl krew` to check the installation. +2. Install kubectl-prof + ``` + kubectl krew index add kubectl-prof https://github.com/josepdcs/kubectl-prof + kubectl krew search kubectl-prof + kubectl krew install kubectl-prof/prof + kubectl prof --help + ``` + +## Take the flame graph + +1. Find the pod / container with issue +2. Take the flame graph + ``` + kubectl prof itom-xruntime-platform-offline-xxxxxxxxxx-xxxxx -n itsma-xxxxx -t 1m -l java -o flamegraph --local-path=/temp itom-xruntime-platform + ``` +3. Analyze on the flamegraph + +Reference diff --git a/knowledgebase/csd-wiki/ICSD/How-to-get-an-Opentext-Confluence-account_688987796.md b/knowledgebase/csd-wiki/ICSD/How-to-get-an-Opentext-Confluence-account_688987796.md new file mode 100644 index 00000000..490ccd09 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/How-to-get-an-Opentext-Confluence-account_688987796.md @@ -0,0 +1,58 @@ +# How-to-get-an-Opentext-Confluence-account_688987796 +### How do I get an Opentext Confluence account? + +To Request an account please use the [Tools Access Workflow](http://intranet.opentext.com/intranet/livelink.exe/Open/54139112) to request an account. You can also request an account for other tools in the same workflow. After it has been created you will be able to log into Confluence with your Opentext credentials. + +Click the "Attributes" link to input your information to request an account. + +![](attachments/688987796/688987792.png) ![](attachments/688987796/688987793.png) + +Please follow the field descriptions below to submit your request. + +**Title or Area of Responsibility:** +Indicate your Title, Area of Responsibility or the Role you need for these tools. +Ex: Developer, Manager, Quality Analyst. **This is a required field** + +**Access Needed For?:** +Indicate the employee(s) who need access. **This is a required field.** + +**New User Email:** +Indicate the email(s) for the employee(s)who need access. **This is a required field.** + +**Reporting Manager:** +Indicate your reporting manager. They will verify your access request and provide additional details as needed. **This is a required field.** + +**TOOLS Access** Select one or more tools that you need access for. + +**JIRA:** +Select the checkbox if you would like to have access to JIRA: R&D’s requirement and bug tracking system + +**Confluence:** +Select the checkbox if you would like to have access to Confluence: R&D’s project team dashboard. **Please check this option to facilitate the creation of an Opentext Confluence account.** + +**Notes:** +Fill in any additional information that would help the Tools team to understand your requirements more precisely. + +Please wait for the end of the review process and receive a confirmation email to open your Opentext Confluence account. + +**Related pages** + +- Page: + [ESM Cloud Farm Version Tracking](/display/ICSD/ESM+Cloud+Farm+Version+Tracking) +- Page: + [How to get an Opentext Confluence account](/display/ICSD/How+to+get+an+Opentext+Confluence+account) +- Page: + [ITOM APM AppPluse Cloud Farm Information](/display/ICSD/ITOM+APM+AppPluse+Cloud+Farm+Information) +- Page: + [ITOM Cloud Service Ops Doc Management Process](/display/ICSD/ITOM+Cloud+Service+Ops+Doc+Management+Process) +- Page: + [ITOM ESM Cloud Service Catalog](/display/ICSD/ITOM+ESM+Cloud+Service+Catalog) +- Page: + [ITOM OpsB NOM Cloud Service Catalog](/display/ICSD/ITOM+OpsB+NOM+Cloud+Service+Catalog) +- Page: + [OpsB and NOM Cloud Deployments Version Tracking](/display/ICSD/OpsB+and+NOM+Cloud+Deployments+Version+Tracking) + +## Attachments: + +[image-2025-2-6\_12-5-9.png](attachments/688987796/688987792.png) (image/png) +[image-2025-2-6\_12-6-1.png](attachments/688987796/688987793.png) (image/png) diff --git a/knowledgebase/csd-wiki/ICSD/How-to-get-the-latest-AWS-Savings-Plan-rates_688988366.md b/knowledgebase/csd-wiki/ICSD/How-to-get-the-latest-AWS-Savings-Plan-rates_688988366.md new file mode 100644 index 00000000..7b896e87 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/How-to-get-the-latest-AWS-Savings-Plan-rates_688988366.md @@ -0,0 +1,393 @@ +# How-to-get-the-latest-AWS-Savings-Plan-rates_688988366 +## Introduction + +This guide presents the steps to get the latest AWS Savings Plan rates in a batch for all the regions and instance types. + +## Detailed steps + +#### Prerequisite + +1. Download the project to your local folder + [https://github.com/longhorn09/aws\_prices](https://github.com/longhorn09/aws_prices) + ``` + git clone https://github.com/longhorn09/aws_prices.git + ``` +2. Prepare a "sp\_prices\_no\_up.xlsx" file + 1. Download "index.json" from [https://pricing.us-east-1.amazonaws.com/offers/v1.0/aws/AmazonEC2/current/index.json](https://pricing.us-east-1.amazonaws.com/offers/v1.0/aws/AmazonEC2/current/index.json) (Can be more than 5 GB and it will take some time, better to use a download tool.) + 2. Copy under aws\_prices + 3. Rename it to "sp\_prices\_no\_up.xlsx" + +#### Do the calculation + +1. Due to the policy of OpenText, NoUpfront Savings Plans are prefered. + Save a python script under the aws\_prices folder, it will help to extract the NoUpfront Savings Plan rates. The file name is "index\_no\_up.py" + ``` + import re # for regular expression, to parse out instance size from instanceType attribute + import json # need this library to interact with JSON data structures + import urllib.request # need this library to open up remote website + import xlsxwriter # pip3 install xlsxwriter , xlwt doesn't support .xlsx + import sys + from operator import itemgetter, attrgetter # https://docs.python.org/3/howto/sorting.html + class SKUClass: + def __init__(self,pFam,pSize, pRegionCode, pSKU, pOS,pUsageType): + self.instanceFamily = pFam + self.instanceSize = pSize + self.regionCode = pRegionCode + self.sku = pSKU + self.os = pOS + self.rateCode = '' + self.price = 0.0 + self.usageType = pUsageType + self.price1yrNoUpfront = 0.0 + self.rateCode2 = '' + + ######################################################################################### + # offer index file: https://pricing.us-east-1.amazonaws.com/offers/v1.0/aws/index.json + ######################################################################################### + class AWSPricing: + ROOT_URL = 'https://pricing.us-east-1.amazonaws.com' + region_map={ + # Americas + "CMH": ("us-east-2", "US East (Ohio)"), + "IAD": ("us-east-1","US East (N. Virginia)"), + "PDX": ("us-west-2","US West (Oregon)"), + "SFO": ("us-west-1","US West (N. California)"), + ##### us-west-2-lax-1a, us-west-2-lax-1b + # doesn't seem to work + #"LAX": ("us-west-2-lax-1a","US West (Los Angeles)"), # https://aws.amazon.com/blogs/aws/announcing-a-second-local-zone-in-los-angeles/ + # Canada + "YYZ": ("ca-central-1","Canada (Central)"), # Toronto Pearson International + # LATAM + "GRU": ("sa-east-1","South America (Sao Paulo)"), + # ME / Africa + "BAH": ("me-south-1","Middle East (Bahrain)"), + "CPT": ("af-south-1","Africa (Cape Town)"), + # APAC + "HKG": ("ap-east-1","Asia Pacific (Hong Kong)"), + "BOM": ("ap-south-1","Asia Pacific (Mumbai)"), + "ITM": ("ap-northeast-3","Asia Pacific (Osaka-Local)"), + "ICN": ("ap-northeast-2","Asia Pacific (Seoul)"), + "SIN": ("ap-southeast-1","Asia Pacific (Singapore)"), + "SYD": ("ap-southeast-2","Asia Pacific (Sydney)"), + "NRT": ("ap-northeast-1","Asia Pacific (Tokyo)"), + # EU + "FRA": ("eu-central-1","EU (Frankfurt)"), + "DUB": ("eu-west-1", "EU (Ireland)"), + "LHR": ("eu-west-2","EU (London)"), + "MXP": ("eu-south-1","EU (Milan)"), + "CDG": ("eu-west-3","EU (Paris)"), + "ARN": ("eu-north-1","EU (Stockholm)") + + } + def __init__(self): + super().__init__() + + def getSavingsPlanURL(self): + return "ok" + ####################################################################### + # first check the offer index file to get the paths to the savings plan index Url + ####################################################################### + def getOfferIndexURL(self): + retvalue = None + url = None + contents = None + myJSON = None + ## end of variable declaration + url = 'https://pricing.us-east-1.amazonaws.com/offers/v1.0/aws/index.json' # simply lookup "AmazonEC2" , then "currentSavingsPlanIndexUrl" + contents = urllib.request.urlopen(url).read() + myJSON = json.loads(contents) + retvalue = (myJSON["offers"]["AmazonEC2"]["currentSavingsPlanIndexUrl"]).strip() #ie. https://pricing.us-east-1.amazonaws.com/savingsPlan/v1.0/aws/AWSComputeSavingsPlan/current/region_index.json + return retvalue + # ie. for IAD this returns "us-east-1" + def getAWSRegionFromCode(self, pRegionCode): + return self.region_map.get(pRegionCode,(None,None))[0] + + # ie. for IAD this returns "US East (N. Virginia)" + def getAWSLocationFromCode(self,pRegionCode): + return self.region_map.get(pRegionCode,(None,None))[1] + ####################################################################### + # URL lookup for region SP version Url + # @pArg1 - the 3 letter region to lookup (ie. the airport code) + # @pArg2 - URL to fetch savings plan JSON + ####################################################################### + def getSavingsPlanPriceListUrlForRegion(self, pArg1, pArg2): + url = None + contents = None + myJSON = None + retvalue = None + versionUrlPath = None + regionId = self.getAWSRegionFromCode(pArg1) # convert 3 letter airport code IAD to 'us-east-1' + url = self.ROOT_URL + pArg2 + contents = urllib.request.urlopen(url).read() + myJSON = json.loads(contents) + for x in range(len(myJSON["regions"])): + if ((myJSON["regions"][x]["regionCode"]).strip() == regionId): + versionUrlPath = myJSON["regions"][x]["versionUrl"] + break # get outta the for loop + + url = self.ROOT_URL + versionUrlPath + retvalue = url + + return retvalue + + ####################################################################### + # URL lookup for region SP version Url + ####################################################################### + def getSKUListLocal(self, pRegionCodeCSV): + myJSON = None + counter = None + instanceType = None + my_list = [] + url = None + doLocal = None + ############################################ + # [FASTER, stale ] Toggle doLocal to True if JSON already saved locally as index_aws_ec2.json, can use doSaveJSONLocal() for initial save + # [SLOWER, fresher] Toggle doLocal to False to pull from AWS site - this is a 1GB+ sized read + ############################################ + #doLocal = False # True for Dev , false for Prod + doLocal = True # already have a 1.6GB+ JSON saved locally as index_aws_ec2.json + if (doLocal): + # this is a 1.3 GB file - may take time + with open('index_aws_ec2.json') as json_file: + myJSON = json.load(json_file) # note: json.load() for local file instead of json.loads() + elif (doLocal == False): + url = 'https://pricing.us-east-1.amazonaws.com/offers/v1.0/aws/index.json' + contents = urllib.request.urlopen(url).read() + myJSON = json.loads(contents) + + url = self.ROOT_URL + myJSON["offers"]["AmazonEC2"]["currentVersionUrl"] + contents = urllib.request.urlopen(url).read() + myJSON = json.loads(contents) + + regionArr = pRegionCodeCSV.split(",") + for x in range(len(regionArr)): + #print(regionArr[x] + ': ' + self.getAWSLocationFromCode(regionArr[x])) + for key,value in myJSON["products"].items(): + # regex pattern for ["attributes"]["usagetype"] can be: + # EU-EC2SP:r4.1yrAllUpfront + # EU-BoxUsage:m5.8xlarge + # EUW2-BoxUsage:m5d.xlarge + # BoxUsage:m5d.xlarge + pattern = "^([A-Z0-9\-]+)?BoxUsage:.+$" # make sure BoxUsage, not UnusedBox etc + try: + if (value["productFamily"] == "Compute Instance" and value["attributes"]["servicecode"] == "AmazonEC2" + and (value["attributes"]["operatingSystem"] == "Linux" or value["attributes"]["operatingSystem"] == "RHEL" or value["attributes"]["operatingSystem"] == "Windows") + and value["attributes"]["preInstalledSw"] == "NA" + #and value["attributes"]["instanceFamily"] == "General purpose" + and value["attributes"]["locationType"] == "AWS Region" + and value["attributes"]["tenancy"] == "Shared" + and value["attributes"]["location"] == self.getAWSLocationFromCode(regionArr[x]) + and re.match(pattern,value["attributes"]["usagetype"])): + #print("yCount: " + self.getAWSLocationFromCode(regionArr[x]) + ", sku: " + value["sku"] + ", usageType:" + value["attributes"]["usagetype"]) + pattern = "^(.+)\.([0-9A-Za-z]+)$" + if ("instanceType" in value["attributes"] and re.match(pattern,value["attributes"]["instanceType"])): + m = re.search(pattern, value["attributes"]["instanceType"]) + #if (m.group(2) == "small"): #not all instanceFamily have size small + #print (key + ": " + m.group(0)) + #print(m.group(1) + " " + regionArr[x] + " " + key + " " + value["attributes"]["operatingSystem"]) + my_list.append( SKUClass(m.group(1) + , m.group(2) + , regionArr[x] #pRegionCode + , key + , value["attributes"]["operatingSystem"] + , value["attributes"]["usagetype"]) + ) + except: + print(key + ': no productFamily') + my_list = sorted(my_list, key=attrgetter('regionCode','instanceFamily','instanceSize')) + return my_list + ############################################################################ + # Description: can handle multiple regions based on provided CSV list + # @pArg1 - this is a CSV list of regions by 3 letter airport code + # @pArg2 - this is the list Array of SKUClass objects + ############################################################################ + # JSON structure - https://jsoneditoronline.org/ + # -products + # -terms + # └savingsPlan + # └ sku + # └ rates + # └ rateCode "RQRC4CUNT9HUG9WC.TBV6C3VKSXKFHHSC" + # └ discountedRate + # └ price "0.0679" + ############################################################################ + def getSavingsPlanPrices2(self,pArg1, pArg2): + contents = None + myJSON = None + doLocal = None + spURL = None + regionURL = None + productSku = None + productSku1yrNoUpfront = None + # END VARIABLE DECLARATION + spURL = self.getOfferIndexURL() # gets the current savings plan URL, which is an index of all the regions' savings plan URLs + doLocal = False # set to false for production + for regionSplitLoop in range(len(pArg1.strip().split(","))): + productSku = None + productSku1yrNoUpfront = None + regionURL = self.getSavingsPlanPriceListUrlForRegion(pArg1.strip().split(",")[regionSplitLoop], spURL) + + if (doLocal == False): + print('[' + pArg1.strip().split(",")[regionSplitLoop] + '] ' + regionURL) + contents = urllib.request.urlopen(regionURL).read() + myJSON = json.loads(contents) # for production - use actual web url (slower) + elif (doLocal == True): + with open('CMH.json') as json_file: + myJSON = json.load(json_file) + + # this loop to get the sku that corresponds with 3yr All Upfront ComputeSavingsPlan + # later also look for 1yr No upfront Compute Savings plan + for item in myJSON["products"]: + if (item["usageType"] == "ComputeSP:3yrNoUpfront" and item["productFamily"] == "ComputeSavingsPlans"): + productSku = item["sku"] + elif (item["usageType"] == "ComputeSP:1yrNoUpfront" and item["productFamily"] == "ComputeSavingsPlans"): + productSku1yrNoUpfront = item["sku"] + if (productSku is not None and productSku1yrNoUpfront is not None ): + #print ('productSku1yrNoUpfront: ' + productSku1yrNoUpfront) + break + # now get the actual rates in the "terms" section of the JSON + for item in myJSON["terms"]["savingsPlan"]: + if (item["sku"] == productSku): + foundRateList = item["rates"] + break + # find the price by rateCode - ie. "RQRC4CUNT9HUG9WC.TBV6C3VKSXKFHHSC" + for x in range(len(pArg2)): + #print("getSavingsPlanPrices2: [" + pArg2[x].regionCode + "]: " + pArg2[x].sku + ", os: " + pArg2[x].os + ", " + pArg2[x].instanceFamily + "." + pArg2[x].instanceSize) + for item in foundRateList: + if (item['rateCode'] == productSku + '.' + pArg2[x].sku): + pArg2[x].price = item['discountedRate']['price'] + pArg2[x].rateCode = item['rateCode'] + #print(item['rateCode'] + ": " + pArg2[x].price + ", " + pArg2[x].instanceFamily + ", " + pArg2[x].instanceSize+ ", " + pArg2[x].os) + break + + ### repeat same loops but for 1yrNoUpfront savings plan + for item in myJSON["terms"]["savingsPlan"]: + if (item["sku"] == productSku1yrNoUpfront): + foundRateList = item["rates"] + break + # find the price by rateCode - ie. "RQRC4CUNT9HUG9WC.TBV6C3VKSXKFHHSC" + for x in range(len(pArg2)): + for item in foundRateList: + if (item['rateCode'] == productSku1yrNoUpfront + '.' + pArg2[x].sku): + pArg2[x].price1yrNoUpfront = item['discountedRate']['price'] + pArg2[x].rateCode2 = item['rateCode'] + break + return pArg2 + ############################################################## + # @pArg1 the list of SKUClass objects + ############################################################## + def doWriteExcel(self,pArg1): + counter = 2 + blankCount = 0 + try: + book = xlsxwriter.Workbook('sp_prices.xlsx') + sheet1 = book.add_worksheet('prices') + + money = book.add_format({'num_format': '#,##0.0000'}) # https://xlsxwriter.readthedocs.io/tutorial02.html + ##################################### + # write headers in row 1 + ##################################### + sheet1.write_string('A1','RegionCode') + sheet1.write_string('B1','Region') + sheet1.write_string('C1','Location') + sheet1.write_string('D1','OS') + sheet1.write_string('E1','InstanceFamily') + sheet1.write_string('F1','Size') + sheet1.write_string('G1','rateCode') + sheet1.write_string('H1','usageType') + sheet1.write_string('I1','3yrNoUpfront') + sheet1.write_string('J1','1yrNoUpfront') + sheet1.write_string('K1','rateCode1yrNoUpfront') + sheet1.set_column('B:C',14) + sheet1.set_column('G:G',43) + #print("len(pArg1): " + len(pArg1)) + for x in range(len(pArg1)): + if (float(pArg1[x].price) > 0): + sheet1.write_string('A' + str(counter), pArg1[x].regionCode) + sheet1.write_string('B' + str(counter), self.getAWSRegionFromCode(pArg1[x].regionCode)) + sheet1.write_string('C' + str(counter), self.getAWSLocationFromCode(pArg1[x].regionCode)) + sheet1.write_string('D' + str(counter), pArg1[x].os) + sheet1.write_string('E' + str(counter), pArg1[x].instanceFamily) + sheet1.write_string('F' + str(counter), pArg1[x].instanceSize) + sheet1.write_string('G' + str(counter), pArg1[x].rateCode) + sheet1.write_string('H' + str(counter), pArg1[x].usageType) + sheet1.write_number('I' + str(counter), float(pArg1[x].price),money) + sheet1.write_number('J' + str(counter), float(pArg1[x].price1yrNoUpfront),money) #float(pArg1[x].price1yrNoUpfront),money) + sheet1.write_string('K' + str(counter), pArg1[x].rateCode2) + #print(pArg1[x].regionCode + ', ' + pArg1[x].os + ', ' + pArg1[x].instanceFamily + ', ' + pArg1[x].instanceSize + ', 3yr: ' + pArg1[x].price + ', 1yr: ' + pArg1[x].price1yrNoUpfront) + counter += 1 # this increments the Excel output row + else: + blankCount += 1 + print('blankCount (https://github.com/longhorn09/aws_prices/issues/1): ' + str(blankCount)) + book.close() # close the excel file + except: + print("doWriteExcel(): Error trying to write to Excel",sys.exc_info()[0],"occurred.") + ####################################################### + # Run this once to create a local copy of large 1.3GB JSON file for local development and testing purposes + ####################################################### + def doSaveJSONLocal(self): + url = 'https://pricing.us-east-1.amazonaws.com/offers/v1.0/aws/index.json' + try: + contents = urllib.request.urlopen(url).read() + myJSON = json.loads(contents) + url = self.ROOT_URL + myJSON["offers"]["AmazonEC2"]["currentVersionUrl"] + #print(url) + contents = urllib.request.urlopen(url).read() + myJSON = json.loads(contents) + except: + print("doSaveJSONLocal(): Error reading JSON From AWS",sys.exc_info()[0],"occurred.") + try: + with open('index_aws_ec2.json','w') as outfile: + json.dump(myJSON, outfile) + outfile.close() + except: + print("doSaveJSONLocal(): Error trying to write Excel file",sys.exc_info()[0],"occurred.") + ############################################ + # MAIN CODE EXECUTION BEGIN + ############################################ + if __name__ == '__main__': + listArr = [] + regionURL = None + # regionsArg expects a CSV list of 3 letter airport region codes + # tweak as necessary for the regions of interest + # issues with ITM and BOM? + #regionsArg = "CMH,LHR,FRA,IAD,PDX,SIN,GRU,NRT,DUB,SYD,CDG,ICN,SFO" + regionsArg = "" + regionsArg = regionsArg + "CMH" # US East (Ohio) + regionsArg = regionsArg + ",LHR" # EU (London) + regionsArg = regionsArg + ",FRA" # EU (Frankfurt) + regionsArg = regionsArg + ",IAD" # US East (N. Virginia) + regionsArg = regionsArg + ",PDX" # US West (Oregon) + regionsArg = regionsArg + ",SIN" # Asia Pacific (Singapore) + regionsArg = regionsArg + ",GRU" # South America (Sao Paulo) + regionsArg = regionsArg + ",NRT" # Asia Pacific (Tokyo) + regionsArg = regionsArg + ",DUB" # EU (Ireland) + regionsArg = regionsArg + ",SYD" # Asia Pacific (Sydney) + regionsArg = regionsArg + ",CDG" # EU (Paris) + regionsArg = regionsArg + ",ICN" # Asia Pacific (Seoul) + regionsArg = regionsArg + ",SFO" # US West (N. California) + regionsArg = regionsArg + ",CPT" # Africa (Cape Town) + regionsArg = regionsArg + ",MXP" # EU (Milan) + regionsArg = regionsArg + ",BAH" # Middle East (Bahrain) + regionsArg = regionsArg + ",ARN" # EU (Stockholm) + regionsArg = regionsArg + ",HKG" # Asia Pacific (Hong Kong) + regionsArg = regionsArg + ",YYZ" # Canada (Central) + #issues with LAX & ITM , ie. Local regions + myObj = AWSPricing() # object instantiation + # do this once to save a 1GB+ JSON locally for local development, and comment all lines of code after myObj.doSaveJSONLocal() + # for faster performance, just copy/paste the appropriate URL into your browser and save off/rename the JSON retrieved to index_aws_ec2.json + # myObj.doSaveJSONLocal() + + listArr = myObj.getSKUListLocal(regionsArg) # loops thru the big 1GB+ JSON, to get the appropriate product SKUs for a region + + listArr = myObj.getSavingsPlanPrices2(regionsArg, listArr) + myObj.doWriteExcel(listArr) + ``` +2. Execute the python script to generate the rates. + ``` + python index_no_up.py + ``` + +## Reference + +1. An [example](attachments/688988366/688988360.xlsx) of the output, generated on Oct 10th 2024. diff --git a/knowledgebase/csd-wiki/ICSD/How-to-integrate-Grafana-login-with-AWS-Cognito_690087085.md b/knowledgebase/csd-wiki/ICSD/How-to-integrate-Grafana-login-with-AWS-Cognito_690087085.md new file mode 100644 index 00000000..1f797486 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/How-to-integrate-Grafana-login-with-AWS-Cognito_690087085.md @@ -0,0 +1,92 @@ +# How-to-integrate-Grafana-login-with-AWS-Cognito_690087085 +This guide introduce how to integrate Grafana with AWS Cognito for authentication, allowing users to log in using their AWS Cognito credentials. + +#### Step 1: Set Up AWS Cognito User Pool + +1. Login AWS account 361684190412 and locate in Oregon region. +2. In the **AWS Console**, navigate to **Amazon Cognito**. We have created a user pool called "notes-user-pool", click this user pool and go to **App clients** and choose **esm-saas-grafana** client and click it. + ![](attachments/690087085/690087974.png) +3. Take note of the App client ID and App client secret which will be used in the following steps. + ![](attachments/690087085/690087978.png) +4. Still under this app client, go to **Login pages** and click **Edit**, add the farm's callback url [https:///grafana/login/generic\_oauth](https://us2-testing-monitoring.itsma-ng.com/grafana/login/generic_oauth),eg:[https://us2-testing-monitoring.itsma-ng.com/grafana/login/generic\_oauth](https://us2-testing-monitoring.itsma-ng.com/grafana/login/generic_oauth) to the **Allowed callback URLs** like below. + ![](attachments/690087085/690088004.png) ![](attachments/690087085/690087992.png) + +#### Step 2: Configure Grafana + +1. Backup the itom-prometheus-grafana configmap firstly. + +``` +kubectl get cm itom-prometheus-grafana -n monitoring -o yaml > /tmp/itom-prometheus-grafana_cm_bak.yaml +``` + +2\. Edit the itom-prometheus-grafana configmap and add \[auth.generic\_oauth\] section at the end of data.grafana.ini like below, configure the settings for AWS Cognito authentication. + +``` +kubectl edit cm itom-prometheus-grafana -n monitoring +``` + +``` +[auth.generic_oauth] +enabled = true +name = AWS Cognito +client_id = +client_secret = +scopes = openid email +auth_url = https://saas-ops-jenkins.auth.us-west-2.amazoncognito.com/oauth2/authorize +token_url = https://saas-ops-jenkins.auth.us-west-2.amazoncognito.com/oauth2/token +api_url = https://saas-ops-jenkins.auth.us-west-2.amazoncognito.com/oauth2/userInfo +``` + +eg: + +![](attachments/690087085/690087371.png) + +3\. Check if the root\_url is right in the itom-prometheus-grafana configmap. The root url is the url which we use to login grafana. If not right, also need to update it. + +![](attachments/690087085/690087381.png) + +4\. Still in itom-prometheus-grafana configmap, check if we have configued with anonymous enabled. If yes, we need to **remove** these two lines to disable it. + +![](attachments/690087085/690088046.png) + +5\. Rolling restart grafana pod and wait for the new pod running up. + +``` +kubectl rollout restart deploy itom-prometheus-grafana -n monitoring +``` + +#### Step 3: Verification + +Try to login with Grafana using your cognito account. If login is successful, the congiuration is fine. +![](attachments/690087085/690087388.png) + +**\[Optional\] Assign Admin Role to your cognito account** + +If you need Admin Role for you Cognito account,logged in grafana with super admin user. You can retrieve the user name and password from parameter store ( //grafana/admin/name) & //grafana/admin/password). + +Go to ![](attachments/690087085/690091405.png) and click users. Chane the Role from 'Viewer' to 'Admin' for your account. + +![](attachments/690087085/690091406.png) + +## Attachments: + +[image-2025-2-20\_11-50-0.png](attachments/690087085/690087079.png) (image/png) +[image-2025-2-20\_13-17-42.png](attachments/690087085/690087277.png) (image/png) +[image-2025-2-20\_13-24-19.png](attachments/690087085/690087286.png) (image/png) +[image-2025-2-20\_13-30-16.png](attachments/690087085/690087313.png) (image/png) +[image-2025-2-20\_13-32-43.png](attachments/690087085/690087322.png) (image/png) +[image-2025-2-20\_13-48-24.png](attachments/690087085/690087361.png) (image/png) +[image-2025-2-20\_13-51-37.png](attachments/690087085/690087371.png) (image/png) +[image-2025-2-20\_13-55-35.png](attachments/690087085/690087381.png) (image/png) +[image-2025-2-20\_13-58-32.png](attachments/690087085/690087388.png) (image/png) +[image-2025-2-20\_14-8-6.png](attachments/690087085/690087415.png) (image/png) +[image-2025-2-20\_16-34-19.png](attachments/690087085/690087974.png) (image/png) +[image-2025-2-20\_16-35-23.png](attachments/690087085/690087978.png) (image/png) +[image-2025-2-20\_16-38-12.png](attachments/690087085/690087987.png) (image/png) +[image-2025-2-20\_16-38-59.png](attachments/690087085/690087990.png) (image/png) +[image-2025-2-20\_16-39-27.png](attachments/690087085/690087992.png) (image/png) +[image-2025-2-20\_16-42-3.png](attachments/690087085/690088004.png) (image/png) +[image-2025-2-20\_16-45-2.png](attachments/690087085/690088018.png) (image/png) +[image-2025-2-20\_16-49-11.png](attachments/690087085/690088046.png) (image/png) +[image-2025-2-21\_11-49-45.png](attachments/690087085/690091405.png) (image/png) +[image-2025-2-21\_11-50-54.png](attachments/690087085/690091406.png) (image/png) diff --git a/knowledgebase/csd-wiki/ICSD/How-to-provision-a-farm_693608295.md b/knowledgebase/csd-wiki/ICSD/How-to-provision-a-farm_693608295.md new file mode 100644 index 00000000..56412472 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/How-to-provision-a-farm_693608295.md @@ -0,0 +1,84 @@ +# How-to-provision-a-farm_693608295 +## Introduction + +This page describes all the specifications required to build a farm in ITOM. Each step need to be revertible and reconfigurable. + +## Day 0 + +This phase is mainly about the planning and designing. The items in this phase are mainly listed as below + +1. What components are required for the farm? +2. What is the size of each component on the farm? +3. Documents of the required components are ready +4. How many license need to be applied? +5. Is there any special requirement for the farm? + 1. Special DR (e.g.: non-standard RTO/RPO) + 2. Special encryption requirements + 3. Special security requirement (e.g.: Zero-trust) +6. What's the budget and approval on the budget? (Cloud Service Request) +7. Credentials required to build the farm + +## Day 1 + +This phase is mainly about initial setup, configuration, and deployment of the software and infrastructure. + +1. Accounts and Credentials +2. Network + 1. Terragrunt (VPC, Subnets, Routing, TGW, etc) + 1. [Request for a VPC](https://rndwiki.houston.softwaregrp.net/confluence/display/SMAXaaS/Request+for+a+VPC?src=contextnavpagetreemode) + 2. Security Group, etc +3. Computing + 1. EKS + 2. Worker + 3. Bastion +4. Storage + 1. EBS + 2. EFS +5. Secret Management + 1. Parameter Store +6. Database + 1. RDS + 1. Instance Type, Storage Type, Maintenance, Parameter group + 2. Vertica +7. WAF +8. Tagging + 1. Company level tagging standard + 1. [OpenText Tagging Standard](https://confluence.opentext.com/display/otarch/OpenText+Tagging+Standard) + 2. NLZ specific tags + 1. [ITOM tagging.xlsx](https://opentextcorporation-my.sharepoint.com/:x:/g/personal/jhuang4_opentext_com/Eb3bD7I-w0VMnowtCLWekqIBWE8qTKEU_iP7OLXimnZcCg?e=M54Pkl) + 3. FinOps tags + 1. Farm: us2-dev + 2. team: xxxxx + 4. The name of the resource need to be easily identified + 1. [ESM Farm Cloud Deployment Naming Convention](https://confluence.opentext.com/display/ICSD/ESM+Farm+Cloud+Deployment+Naming+Convention?src=contextnavpagetreemode) +9. SES +10. CloudWatch +11. Product deployment + 1. ESM + 1. SMAX + 2. UCMDB + 3. OO + 4. AC + 5. HCMX + 2. Aviator + 3. OP + +## Day 2 + +This phase is mainly about ongoing maintenance, monitoring, optimization, and scaling of the deployed application and infrastructure. + +1. App post deployment configuration +2. Provisioning support + 1. x4x & lambda +3. Monitoring & Observation +4. Optimization + 1. Tuning +5. Logging +6. Backup and disaster recovery +7. Reporting - Power BI +8. Vulnerability scanning +9. PCS supporting the new farm + +## Day 3 to forever + +1. Hotfix & Patch & Upgrade diff --git a/knowledgebase/csd-wiki/ICSD/How-to-re-trigger-Native-SACM-data-migration-job_686074234.md b/knowledgebase/csd-wiki/ICSD/How-to-re-trigger-Native-SACM-data-migration-job_686074234.md new file mode 100644 index 00000000..23f3d861 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/How-to-re-trigger-Native-SACM-data-migration-job_686074234.md @@ -0,0 +1,29 @@ +# How-to-re-trigger-Native-SACM-data-migration-job_686074234 +## Introduction + +How to re-run the Native SACM data migration job if the status is still in process. + +### Call migration API in rest-client, details as follows. + +1) Login the tenant which need to be trigger Native SACM data migration and using a tenant admin account + +2) You copy the URL. Login using a tenant admin account + +![](https://staging.docs.microfocus.com/mediawiki/images/3/3b/20220508001.png) + +3)Open a new tab. And pasted the URL. And replace the tenant id with your tenant id. + +![](https://staging.docs.microfocus.com/mediawiki/images/a/a3/20220508002.png) + +4) Change the URL as follows to rest client page. And go to the page. + +![](https://staging.docs.microfocus.com/mediawiki/images/4/4f/20220508003.png) + +5) Input the API, and don’t need change the payload. Press Send button. + +If the response status is 200, the migration works fine. +cmsx/ci/model/action/migration + +![](https://staging.docs.microfocus.com/mediawiki/images/4/40/20220508004.png) + +**3.** **Now you can go to BO, to check Native SACM data migration status.** diff --git a/knowledgebase/csd-wiki/ICSD/How-to-reload-Milvus-collections-for-Aviator_686074224.md b/knowledgebase/csd-wiki/ICSD/How-to-reload-Milvus-collections-for-Aviator_686074224.md new file mode 100644 index 00000000..b3066b55 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/How-to-reload-Milvus-collections-for-Aviator_686074224.md @@ -0,0 +1,27 @@ +# How-to-reload-Milvus-collections-for-Aviator_686074224 +## Introduction + +This topic describes how to reload Milvus collections for the Aviator capability. + +## Procedure + +This task is per tenant. + +To reload a Milvus collection: + +1. Log in to **https:///?#/connect**. +2. From the navigation pane on the left, select **Collection**. +3. Hover over the required collection and click the highlighted **release** button that appears at the end of this row. +4. Release the specified Vector DB collection. The collection status will change to **Unloaded**. The Aviator capability will be unavailable until you complete all the steps in this task. During this period, the incoming index data will not be stored in this collection. +5. Hover over the collection, and click the **load** button that appears at the end. +6. Load the specified Vector DB collection. The collection status will change to **Loaded**. + +To verify that you have successfully reloaded the collection, click the **Vector Search** icon on the left-side pane and complete the steps below: + +1. Select the collection from the drop-down list. +2. Click **Generate random vector**. +3. ![](attachments/686074224/686074215.png) + +## Attachments: + +[image-2025-1-21\_15-18-37.png](attachments/686074224/686074215.png) (image/png) diff --git a/knowledgebase/csd-wiki/ICSD/How-to-remove-specific-license-key-for-SaaS-UCMDB_688996303.md b/knowledgebase/csd-wiki/ICSD/How-to-remove-specific-license-key-for-SaaS-UCMDB_688996303.md new file mode 100644 index 00000000..925821fb --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/How-to-remove-specific-license-key-for-SaaS-UCMDB_688996303.md @@ -0,0 +1,120 @@ +# How-to-remove-specific-license-key-for-SaaS-UCMDB_688996303 +## Background & Design + +Previously when removing UD licenses, it can only remove all the license keys for the whole SaaS UCMDB instance, we don't have the way to remove specific license key. This brings problem for managing SaaS UD licenses, like when a license is expired, SaaS Ops cannot remove the expired license key only. + +Since UCMDB 24.4.1 release, we provide a new capability to remove specific license key for SaaS UCMDB. There are 2 methods in total: + +- Remove specific license key, which has one required param: license key. + +![](attachments/688996303/688996301.png) + +- 200pxRemove allocated license capacity from specific license key for a customer, which has two params: customer id (required), license key (optional) + +![](attachments/688996303/688996302.png) + +Note + +When removing the allocated license capacity, there is no check for license consumption. SaaS Ops need to double check customer's license usage before removing allocated capacity. + +And there are 2 ways: JMX & Rest API, please find details as below for each. + +--- + +## JMX + +Please refer to the online help directly [OpenText Documentation Portal](https://staging.docs.microfocus.com/doc/UCMDB_Containerized/Main/MCLicenseMgmt) + +## Rest API + +Considering all the license related Rest APIs are private APIs (hidden for customers), we don't have the official document for them, so please refer to below for the guidance. + +### Authentication + +- **XSRF Token**: Every request requires an `xsrftoken` header for security purposes. +- **Authentication**: Ensure that you are authenticated via a valid session before making requests. The `xsrftoken` can typically be obtained after logging into the system. + +### API Endpoints + +#### 1\. Delete specific license by inputting licenseKey + +- **Description**: This endpoint deletes a specific license from the UCMDB server using the provided license key. +- **HTTP Method**: `DELETE` +- **URL**: + https://{server}:{port}/ucmdb-server/rest-api/uiserver/license/key +- **Request Headers**: + - `accept: */*` + - `Content-Type: text/plain` + - `xsrftoken: {xsrftoken}` - Replace `{xsrftoken}` with a valid token. +- **Request Body**: + +`{licensekey}` + +Replace `{licensekey}` with the actual license key you want to delete. + +- **Example Request**: + curl -X 'DELETE' \\ + 'https://{server}:{port}/ucmdb-server/rest-api/uiserver/license/key' \\ + \-H 'accept: \*/\*' \\ + \-H 'Content-Type: text/plain' \\ + \-H 'xsrftoken: 94e22c20-2c16-44b0-b753-e55921ac25d3' \\ + \-d '{licensekey}' +- **Response**: + - **Success**: `200 OK` + - **Error**: Appropriate HTTP error code with a message (e.g., `404 Not Found`, `500 Internal Server Error`). + +#### 2\. Delete allocated license capacity from specific license key for a customer + +- **Description**: This endpoint deletes the allocated license capacity from specific license key for a specific customer identified by the customer ID. +- **HTTP Method**: `DELETE` +- **URL**: + https://{server}:{port}/ucmdb-server/rest-api/uiserver/license/customers/{customerId}/capacity + Replace `{customerId}` with the ID of the customer whose license capacity you want to delete. Note that customerId is required. +- **Request Headers**: + - `accept: */*` + - `Content-Type: text/plain` + - `xsrftoken: {xsrftoken}` - Replace `{xsrftoken}` with a valid token. +- **Request Body**: + {licensekey} + Replace `{licensekey}` with the actual license key you want to delete for the specified customer. +- **Example Request**: + curl -X 'DELETE' \\ + 'https://{server}:{port}/ucmdb-server/rest-api/uiserver/license/customers/1/capacity' \\ + \-H 'accept: \*/\*' \\ + \-H 'Content-Type: text/plain' \\ + \-H 'xsrftoken: 94e22c20-2c16-44b0-b753-e55921ac25d3' \\ + \-d '{licensekey}' +- **Response**: + - **Success**: `200 OK` + - **Error**: Appropriate HTTP error code with a message (e.g., `404 Not Found`, `500 Internal Server Error`). + +### Response Codes + +- **200 OK**: The request was successful, and the license or capacity was deleted. +- **400 Bad Request**: The request was malformed (e.g., missing required parameters or invalid data). +- **401 Unauthorized**: Authentication failed or the `xsrftoken` is invalid. +- **403 Forbidden**: You do not have the required permissions to perform this action. +- **404 Not Found**: The specified license key or customer ID was not found. +- **500 Internal Server Error**: The server encountered an error processing the request. + +### Example Scenarios + +1. **Deleting a License by Key**: To delete a license with the key `ABC-123-XYZ`, you can use the following command: + curl -X 'DELETE' \\ + ' [https://ucmdb.example.com:8443/ucmdb-server/rest-api/uiserver/license/key](https://ucmdb.example.com:8443/ucmdb-server/rest-api/uiserver/license/key) ' \\ + \-H 'accept: \*/\*' \\ + \-H 'Content-Type: text/plain' \\ + \-H 'xsrftoken: 94e22c20-2c16-44b0-b753-e55921ac25d3' \\ + \-d 'ABC-123-XYZ' +2. **Deleting a Customer’s License Capacity**: To delete the license capacity for customer with ID `1`, using license key `ABC-123-XYZ`: + curl -X 'DELETE' \\ + ' [https://ucmdb.example.com:8443/ucmdb-server/rest-api/uiserver/license/customers/1/capacity](https://ucmdb.example.com:8443/ucmdb-server/rest-api/uiserver/license/customers/1/capacity) ' \\ + \-H 'accept: \*/\*' \\ + \-H 'Content-Type: text/plain' \\ + \-H 'xsrftoken: 94e22c20-2c16-44b0-b753-e55921ac25d3' \\ + \-d 'ABC-123-XYZ' + +### Notes + +- Make sure to replace `{server}`, `{port}`, `{licensekey}`, `{customerId}`, and `{xsrftoken}` with actual values when using the API. +- Always ensure you are using secure connections (e.g., HTTPS) when interacting with the UCMDB API. diff --git a/knowledgebase/csd-wiki/ICSD/How-to-replace-bastion-with-Rocky-Linux_688996309.md b/knowledgebase/csd-wiki/ICSD/How-to-replace-bastion-with-Rocky-Linux_688996309.md new file mode 100644 index 00000000..e4cf1e3c --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/How-to-replace-bastion-with-Rocky-Linux_688996309.md @@ -0,0 +1,85 @@ +# How-to-replace-bastion-with-Rocky-Linux_688996309 +##### Most of current linux bastion are EOL(end of life), security team is pushing to use new ones seriously, here is the steps that you can refer to + +Please replace texts that is Italic and wrapped with <> to your own + +- **Launch EC2 & configure SSM connect** + - Create a new CCoE-Rocky bastion node by coping the settings from the previous bastion node: + - Navigate to EC2 → select the previous bastion node instance → Actions → Image and templates → Launch more like this + - "Browse more AMIs" and select *CCoE-RockyLinux9-x64-2024-07-24* in "My AMIs" → "Shared with me"; Confirm changes. + - Make sure the settings are the same like previous bastion (especially for the Key pair, SG, instance type, Subnets, tags). Change the storage to 100GB gp3. + - For some farms, there are 2 disks on bastion, in most case the second one is for special case but forgot to delete, you can keep only the primary disk for the new bastion + - Update IAM role(Action → Security → Modify IAM role) to the same one as old bastion, stop then start EC2 + - Now try to access the new bastion - ssh user changed to rocky(compared to centos before) + - If you can not connect to new bastion, upgrade your terminal (putty or mremoteNG or...) +- **yum install required software(for the first time to yum install, it takes time, after that it's much faster)** + - sudo su - + - yum-config-manager --add-repo [https://rpm.releases.hashicorp.com/RHEL/hashicorp.repo](https://rpm.releases.hashicorp.com/RHEL/hashicorp.repo) + - yum install zip postgresql docker openssl bash-completion nfs-utils yum-utils terraform -y + yum update -y + - yum install other software used by you +- **pip install required software** + - python -m pip install boto3 XlsxWriter kubernetes psycopg2-binary + - other python module used by you +- **aws/kubectl/eksctl** + - curl -O [https://s3.us-west-2.amazonaws.com/amazon-eks/1.29.3/2024-04-19/bin/linux/amd64/kubectl](https://s3.us-west-2.amazonaws.com/amazon-eks/1.29.3/2024-04-19/bin/linux/amd64/kubectl) && cp kubectl /usr/local/bin/ && cp kubectl /usr/bin/ && chmod a+x kubectl /usr/local/bin/kubectl /usr/bin/kubectl + - curl --silent --location " [https://github.com/weaveworks/eksctl/releases/latest/download/eksctl\_$](https://github.com/weaveworks/eksctl/releases/latest/download/eksctl_$) (uname -s)\_amd64.tar.gz" | tar xz -C /tmp && echo y | cp /tmp/eksctl /usr/local/bin/ && echo y | cp /tmp/eksctl /usr/bin/ && chmod a+x /usr/local/bin/eksctl /usr/bin/eksctl && echo -e "\\n"$(eksctl version) + - Copy files from ~/.aws/ to new bastion(same folder structure & same permissions otherwise chmod), then test using aws s3 ls --profile us2-prod (some jenkins job will reach to us2-prod) - better to do for both root & rocky user(you can sudo su - to the root user first and then **su rocky**) + - Copy file: ~/.kube/config to new bastion(same folder structure & same permissions otherwise chmod), then test using kubectl get no - should return same output as old bastion - better to do for both root & rocky user(you can sudo su - to the root user first and then **su rocky**) +- **jq/yq/helm - can be from OMT installtion package** + - Download current OMT package to new bastion(under /opt/, since some jenkins jobs search for that path), unzip and change directory to the folder + - Check current OMT version by running helm commands on old bastion: helm ls -n core | awk '{print $10}' + - ./install --capabilities Tools=true,Monitoring=false,LogCollection=false,DeploymentManagement=false,ClusterManagement=false + - ignore the warning + - Update /root/itom-cdf.sh, export CDF\_NAMESPACE=core + - cp /root/cdf/bin/helm /usr/local/bin/ && cp /root/cdf/bin/helm /usr/bin/ && chmod a+x /usr/local/bin/helm /usr/bin/helm + - run some cdf scripts to test(if you can not use that, disconnect and reconnect) + - yq --version + - jq --version + - helm ls -n core + - sh refresh-ecr-secret.sh -r < *region-code>* +- **Velero** + - velero client config set namespace=velero + - cp /root/cdf/bin/velero /usr/local/bin/ && cp /root/cdf/bin/velero /usr/bin/ && chmod a+x /usr/local/bin/velero /usr/bin/velero + - Set velero backup per 6 hours: velero schedule create velero-< *us2-dev>* -cron --ttl 168h0m0s --schedule="0 3/6 \* \* \*"(avoid doing this if you already did that in other bastions, check by velero schedule get) +- **mount EFS** + - cd /mnt && mkdir -p efs && mkdir -p cms && mkdir -p oomt && mkdir -p monitoring && chmod o+r cms/ efs/ monitoring/ oomt/ && chmod o+x cms/ efs/ monitoring/ oomt/ (note there might be different path for different farms) + - Update /etc/fstab, Add 4 efs server as 4 lines into that file(better to copy from old bastion) +- **Other Settings** + - systemctl enable qualys-cloud-agent && systemctl start qualys-cloud-agent + - Change the file content: /etc/hostname to farmbastion, e.g. < *us2dev* >bastion + - Copy specific lines in /etc/hosts from old bastion to the same file in new bastion (depends on you) + - Check if there is any cron jobs running on the old bastion, you can copy to the new bastion(and related scripts) if you think it's valid - crontab -l (disable previous one, make sure no duplicate job running in both bastion at the same time) + - Change umask from 0027 to 0022 for both root and rocky user(Fix permissions of new file and directory not the same as old bastion) by: echo 'umask 0022' >>~/.bashrc + - echo 'source <(kubectl completion bash)' >>~/.bashrc + - echo 'source <(helm completion bash)' >>~/.bashrc + - Test settings after EC2 **restarts**: + - df -h, check the 4 efs server should be mounted + - hostname should be updated to ** bastion + - type umask, should return 0022 + - kubectl get po -n itsma + tab - should auto fill the right namespace + - helm ls -n itsma + tab - should auto fill the right namespace + - Make sure you don't see the warning: WARNING: Kubernetes configuration file is group-readable. This is insecure. +- **Post tasks** + - Update values in parameter store (search by keyworkds: bastion1, and then update IP to the new bastion IP and login user to rocky) + - Test by running jenkins job on new bastion + - Copy /root/worknodes.pem from old bastion to new bastion(under /root, this will be used for qualys agent installation on EKS worknodes) and change the permission: chmod 400 + - Shutdown the old bastion(you can terminate it after it's stable) + - Notify team about the new bastion - they will update the bat commands + +**Related pages** + +- Page: + [ESM Cloud Farm Version Tracking](/display/ICSD/ESM+Cloud+Farm+Version+Tracking) +- Page: + [How to get an Opentext Confluence account](/display/ICSD/How+to+get+an+Opentext+Confluence+account) +- Page: + [ITOM APM AppPluse Cloud Farm Information](/display/ICSD/ITOM+APM+AppPluse+Cloud+Farm+Information) +- Page: + [ITOM Cloud Service Ops Doc Management Process](/display/ICSD/ITOM+Cloud+Service+Ops+Doc+Management+Process) +- Page: + [ITOM ESM Cloud Service Catalog](/display/ICSD/ITOM+ESM+Cloud+Service+Catalog) +- Page: + [ITOM OpsB NOM Cloud Service Catalog](/display/ICSD/ITOM+OpsB+NOM+Cloud+Service+Catalog) +- Page: + [OpsB and NOM Cloud Deployments Version Tracking](/display/ICSD/OpsB+and+NOM+Cloud+Deployments+Version+Tracking) diff --git a/knowledgebase/csd-wiki/ICSD/How-to-request-a-temporary-BO-admin-account_692439033.md b/knowledgebase/csd-wiki/ICSD/How-to-request-a-temporary-BO-admin-account_692439033.md new file mode 100644 index 00000000..cfec2f8c --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/How-to-request-a-temporary-BO-admin-account_692439033.md @@ -0,0 +1,30 @@ +# How-to-request-a-temporary-BO-admin-account_692439033 +**Related pages** + +- Page: + [ESM Cloud Farm Version Tracking](/display/ICSD/ESM+Cloud+Farm+Version+Tracking) +- Page: + [How to get an Opentext Confluence account](/display/ICSD/How+to+get+an+Opentext+Confluence+account) +- Page: + [ITOM APM AppPluse Cloud Farm Information](/display/ICSD/ITOM+APM+AppPluse+Cloud+Farm+Information) +- Page: + [ITOM Cloud Service Ops Doc Management Process](/display/ICSD/ITOM+Cloud+Service+Ops+Doc+Management+Process) +- Page: + [ITOM ESM Cloud Service Catalog](/display/ICSD/ITOM+ESM+Cloud+Service+Catalog) +- Page: + [ITOM OpsB NOM Cloud Service Catalog](/display/ICSD/ITOM+OpsB+NOM+Cloud+Service+Catalog) +- Page: + [OpsB and NOM Cloud Deployments Version Tracking](/display/ICSD/OpsB+and+NOM+Cloud+Deployments+Version+Tracking) + +## Attachments: + +[image-2025-3-11\_16-7-27.png](attachments/692439033/692439026.png) (image/png) +[image-2025-3-11\_16-9-30.png](attachments/692439033/692439032.png) (image/png) + +How long user is to be active? + +Posted by mshindarov at Mar 11, 2025 05:31 EDT + +The default is for one hour, but it's configurable. + +Posted by wsun2 at Mar 12, 2025 01:55 EDT diff --git a/knowledgebase/csd-wiki/ICSD/How-to-request-for-reimbursement-of-Education-Allowance_686070542.md b/knowledgebase/csd-wiki/ICSD/How-to-request-for-reimbursement-of-Education-Allowance_686070542.md new file mode 100644 index 00000000..af63bada --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/How-to-request-for-reimbursement-of-Education-Allowance_686070542.md @@ -0,0 +1,57 @@ +# How-to-request-for-reimbursement-of-Education-Allowance_686070542 +Due to system migration, some of the links may not direct you to the right place. Please refer to the latest process on HR's site +[https://central.opentext.com/my-hr-information/my-benefits-wellbeing/education-allowance-benefit/](https://central.opentext.com/my-hr-information/my-benefits-wellbeing/education-allowance-benefit/) + +## Introduction + +This page presents all the steps to request for reimbursement of Education Allowance. + +1. Make sure you go through the details of [Education Allowance Benefit Program](https://central.opentext.com/my-hr-information/my-benefits-wellbeing/education-allowance-benefit/). Mainly for + 1. Qualifying Professional Development Opportunities +2. Talk to your manager that you want to purchase some training or education resource, and get the confirmation that you can go ahead. +3. Purchase the training or education resource. +4. **[submit this workflow](https://intranet.opentext.com/intranet/llisapi.dll/displayform/200430298/?viewid=201277160&readonly=true&sedit=false&objId=201270855&objAction=EditForm&nexturl=https%3A%2F%2Fintranet%2Eopentext%2Ecom%2Fintranet%2Fllisapi%2Edll)** for approval. Required information for the form + 1. Name. + 2. Manager and department information. + 3. Whether the request is for tuition (Formal Learning & Career Development) or professional membership/designation fees + 4. Details about the professional membership if applicable (name of association, amounts, effective dates, etc.). + 5. Details about the tuition if applicable (name of course, name of institution, amounts, effective dates, etc.). + 6. In both cases the requestor will be asked to explain how the development will benefit OpenText as documented in myCDP. +5. Once the workflow is approved, open an HR ticket to request reimbursement. Check more details in the "Requesting Reimbursement" section of [Education Allowance Benefit Program](https://central.opentext.com/my-hr-information/my-benefits-wellbeing/education-allowance-benefit/). + 1. Mention the workflow link which already got approved. + 2. Attach + 1. Invoice or evidence of the service / professional membership / tuition + 2. the payment evidence + 3. evidence showing that you are the owner of the payer bank card + 4. If it's paid in dollar and you repaid via other currency like CNY, provide the repay evidence. If this information cannot be provided, the amount of money will be paid with latest currency. + 1. The repay evidence + 2. They owner of the repay bank card +6. If there is anything else required, you will get the email from HR. Just provide the additional doc required by them. +7. Once confirmed, you will get an approval email and HR will mention to you that when the Reimbursement will be paid. + +## Reference + +1. For training or education happened outside of China or the vendor is not in China, follow the generic steps. +2. For any training or education happened in China, please try to prepare an invoice with below information. + 1. **购买方应该是:“上海微福思软件科技有限公司”(纳税人识别号:91310115MA1K3K980Y)** + 2. **发票上的货物或服务名称,应该显示“培训费”** + 3. **在完成申请、审批的流程后,请在发票备注栏填写姓名和员工号,并将发票原件寄至:** + **北京市朝阳区广顺南大街** **8号院** **1号楼** **B座** **3层** + **李艳** **收** + **电话:** **13801200134** + 4. **如果取得的是电子发票,请将** **PDF版发票发至:** **[yli2@opentext.com](mailto:yli2@opentext.com), 邮件标明员工姓名和员工号。** +3. What's the difference between the invoice with company name or not? + 1. The Chinese company name invoice will allow you to use the education fee from Chinese education fund, which is guaranteed to cover your spend. +4. Education Allowance Benefit Program + [https://central.opentext.com/my-hr-information/my-benefits-wellbeing/education-allowance-benefit/](https://central.opentext.com/my-hr-information/my-benefits-wellbeing/education-allowance-benefit/) + +## Training / Membership candidates + +1. ACM membership/year ($40 for developing countries, $99 for developed countries) + ACM [Skillbundle](https://learning.acm.org/e-learning) ($75, including a tailored version of O'Reilly, Pluralsight, Skillsoft). Check here for more [comparison between ACM skillbundle and O'Reilly subscription](https://rndwiki.houston.softwaregrp.net/confluence/display/ICS/Comparison+of+ACM+and+other+online+training+like+O%27Reilly). + [https://www.acm.org/subscribe](https://www.acm.org/subscribe) +2. O'Reilly Online learning ($499/y) + [https://www.oreilly.com/online-learning/individuals.html](https://www.oreilly.com/online-learning/individuals.html) +3. AWS Skill Builder ($449/y), includes training sessions with lab, exam prep courses, Cloud Quest, JAM, etc. + [https://skillbuilder.aws/subscriptions](https://skillbuilder.aws/subscriptions) +4. English Training + 1. [Cambly](https://confluence.opentext.com/display/ICSD/Cambly+English+Training) diff --git a/knowledgebase/csd-wiki/ICSD/How-to-setup-a-new-farm_688988216.md b/knowledgebase/csd-wiki/ICSD/How-to-setup-a-new-farm_688988216.md new file mode 100644 index 00000000..1261945b --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/How-to-setup-a-new-farm_688988216.md @@ -0,0 +1,13 @@ +# How-to-setup-a-new-farm_688988216 +1. [ITOM Cloud Service Delivery](index.html) +2. [ITOM Cloud Service Delivery](ITOM-Cloud-Service-Delivery_681555087.html) +3. [🔷Document Candidates](686065504.html) +4. [ESM Cloud Farm Construction](ESM-Cloud-Farm-Construction_688988187.html) + +Created by on Feb 06, 2025 EST + +[How to setup a new farm](https://rndwiki.houston.softwaregrp.net/confluence/display/SMA/How+to+setup+a+new+farm) + +Document generated by Confluence on Sep 15, 2025 22:28 EDT + +[Atlassian](https://www.atlassian.com/) diff --git a/knowledgebase/csd-wiki/ICSD/ITOM-APM-AppPluse-Cloud-Farm-Information_691150242.md b/knowledgebase/csd-wiki/ICSD/ITOM-APM-AppPluse-Cloud-Farm-Information_691150242.md new file mode 100644 index 00000000..fa61b1d0 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/ITOM-APM-AppPluse-Cloud-Farm-Information_691150242.md @@ -0,0 +1,4 @@ +# ITOM-APM-AppPluse-Cloud-Farm-Information_691150242 +## APM (10) + +

AWS Account ID

AWS A ccount Alias

AWS Region

AWS Region Location

APM Cloud Farms

FQDN

APM Version

Status

Landing Zone Type

021961983448ITOM-SAASAPMAppPulse-ProdUS WestOregon5Fhttps://5fctr.saas.microfocus.com/topaz/login.jspAPM 951 IP2 Patch
  • ANZ_BANK_APM
  • Alcoa_Direct
  • BUNGE_APM_PRODUCTION
  • American_Red_Cross
  • Bessemer_APM
  • CNH
  • GSA
  • IMF_APM_Production
  • Kubota_Systems

CLASSIC LZ

US WestOregon32Fhttps://032fctr.saas.microfocus.com/topaz/login.jspAPM 951 IP2 Patch
  • Telefonica_UK
  • StateOfFlorida
  • OntarioPensionBoard
  • IMF_APM_STG
  • Daimler
  • Eurovia
  • Accenture
  • Accenture_Llp

CLASSIC LZ

US WestOregon6Fhttps://6fctr.saas.microfocus.com/topaz/login.jspAPM 951 IP2 Patch
  • APTIV
  • BankOfAyudhya
  • CADENCE
  • EATON
  • IMF_APM
  • Independent_Health
  • MD_Financial_Management
  • Resona_Bank_Limited
  • Smarsh_Inc
  • SouthernCompany
  • TechMahindra_APM
  • VINCI_CONSTRUCTION_SI
  • Veolia
  • Zurich_Insurance

CLASSIC LZ

US WestOregon33Fhttps://33fctr.saas.microfocus.com/topaz/login.jspAPM 960 IP4 Patch
  • Citi_BSM9_Inhouse_Staging

CLASSIC LZ

US WestOregon35Fhttps://35fctr.saas.microfocus.com/topaz/login.jspAPM 960 IP3 Patch
  • Citi_BSM9_Inhouse_Prod

CLASSIC LZ

US WestOregon11Fhttps://11fctr.saas.microfocus.com/topaz/login.jspAPM 951 IP2 Patch
  • Marriott_International_Inc

CLASSIC LZ

US WestOregon8Fhttps://8fctr.saas.microfocus.com/topaz/login.jspAPM 960
  • OpenText_Staging

CLASSIC LZ

US WestOregon10Fhttps://10fctr.saas.microfocus.com/topaz/login.jspAPM 960
  • OpenText_Production

CLASSIC LZ

US WestOregon4Fhttps://4fctr.saas.microfocus.com/topaz/login.jspAPM 960
  • OT NOC Production Farm

CLASSIC LZ

EuropeFrankfurt3Fhttps://3fctr.saas.microfocus.com/topaz/login.jspAPM 960
  • OT NOC BackUp Farm

CLASSIC LZ

diff --git a/knowledgebase/csd-wiki/ICSD/ITOM-APM_686070432.md b/knowledgebase/csd-wiki/ICSD/ITOM-APM_686070432.md new file mode 100644 index 00000000..1a7ccaa0 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/ITOM-APM_686070432.md @@ -0,0 +1,2 @@ +# ITOM-APM_686070432 +Created by on Jan 20, 2025 EST diff --git a/knowledgebase/csd-wiki/ICSD/ITOM-Aviator_688982192.md b/knowledgebase/csd-wiki/ICSD/ITOM-Aviator_688982192.md new file mode 100644 index 00000000..2ff78032 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/ITOM-Aviator_688982192.md @@ -0,0 +1,12 @@ +# ITOM-Aviator_688982192 +1. [ITOM Cloud Service Delivery](index.html) +2. [ITOM Cloud Service Delivery](ITOM-Cloud-Service-Delivery_681555087.html) +3. [💠3 - Operation & Maintenance](682933064.html) +4. [Operational Runbook](Operational-Runbook_686073475.html) +5. [Standard Ops Runbook](Standard-Ops-Runbook_686073477.html) + +Created by on Feb 04, 2025 EST + +Document generated by Confluence on Sep 15, 2025 22:26 EDT + +[Atlassian](https://www.atlassian.com/) diff --git a/knowledgebase/csd-wiki/ICSD/ITOM-Change-Calendars_710796342.md b/knowledgebase/csd-wiki/ICSD/ITOM-Change-Calendars_710796342.md new file mode 100644 index 00000000..3abfbec4 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/ITOM-Change-Calendars_710796342.md @@ -0,0 +1,2 @@ +# ITOM-Change-Calendars_710796342 +Created by on Jul 16, 2025 EDT diff --git a/knowledgebase/csd-wiki/ICSD/ITOM-Cloud-AWS-Account-Overview_686070784.md b/knowledgebase/csd-wiki/ICSD/ITOM-Cloud-AWS-Account-Overview_686070784.md new file mode 100644 index 00000000..84223993 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/ITOM-Cloud-AWS-Account-Overview_686070784.md @@ -0,0 +1,73 @@ +# ITOM-Cloud-AWS-Account-Overview_686070784 +## ESM (11) + +| **Account ID** | **Account Name** | **Purpose** | | +| --- | --- | --- | --- | +| 609729173090 | Itom-esm0-ext-prod | US2/US24 OT internal customer farms | PROD | +| 551360491749 | Itom-esm0-ext-stg | US2 dev | DEV | +| 361684190412 | Itom-esm0-ext-trial | EU3/US7 ext customer trial farms | PROD | +| 616654404631 | Itom-esm1-ext-prod | US6/EU8/AP10/EU18 ext customer farms | PROD | +| 685481450608 | Itom-esm1-ext-stg | Cross-region/Cross account data backup | PROD | +| 772889804459 | Itom-esm2-ext-prod | JP12/BR14/CA16/SA34/EU38 ext customer farms | PROD | +| 945679946888 | Itom-esm2-ext-stg | JP12 staging | STG | +| 439259180524 | Itom-esm3-ext-prod | US26 ext customer farm | PROD | +| 402637475238 | Itom-esm4-ext-prod | EU managed farm/EU32 for aviator | PROD | +| 521526956341 | Itom-aviator0-ext-prod | ITOM Aviator Trial/PoC Instance | PROD | +| 824517076529 | Itom-aviator1-ext-stg | ITOM Aviator Official Staging Instance | STG | + +## DCA/SA Reporting(3) + +| **Account ID** | **Account Name** | **Purpose** | | +| --- | --- | --- | --- | +| 752576076998 | ITOM-DCA2-EXT-PROD | DCA/SA reporting ext customer prod instances | PROD | +| 756681444987 | ITOM-DCA2-EXT-STG | DCA/SA reporting ext customer staging instances | STG | +| 877314495298 | ITOM-DCASaaSDev-EXT-STG | Not use | | + +## SBM(1) + +| **Account ID** | **Account Name** | **Purpose** | | +| --- | --- | --- | --- | +| 719681605826 | microfocuscloud | SBM Prod instance | PROD | + +## OpsB/NOM(4) + +| **Account ID** | **Account Name** | **Purpose** | | +| --- | --- | --- | --- | +| 181608496217 | itom-sa-ext-prod | hosting production deployment by customers subscribed for OpsBridge or NOM offerings. | PROD | +| 014842986998 | ITOM-SA-EXT-STG | Staging account used for testing done by SaaS Operations | STG | +| 493286294651 | ITOM-SA-EXT-DEMO | Hosting deployment for customer doing a trial | STG | +| 789610210433 | ITOM-SA-INT-LAB | Dev Farm | DEV | +| 125670417181 | ITOM-Saautomation-INT-PROD | DevOps internal environment | DEV | +| 009719717362 | ITOM-Saautomation-INT-LAB | DevOps internal environment | DEV | + +## BPM(2) + +| **Account ID** | **Account Name** | **Purpose** | | +| --- | --- | --- | --- | +| 235326760858 | ITOM-SaaSBPM-Prod | hosting production deployment by customers subscribed for BPM | PROD | +| 935255303178 | ITOM-SaaSBPMStaging-Prod | Staging account used for testing done by SaaS Operations | STG | +| ~~776496461147~~ | ~~ITOM-BPMChina-Prod~~ | ~~hosting production deployment by customers subscribed for BPM~~ | | + +## APM/AppPulse(2) + +| **Account ID** | **Account Name** | **Purpose** | | +| --- | --- | --- | --- | +| 021961983448 | ITOM-SAASAPMAppPulse-Prod | hosting production deployment by customers subscribed for APM | PROD | +| 685243053258 | ITOM-SAASAPMStaging-Prod | Staging account used for testing done by SaaS Operations | STG | + +**Related pages** + +- Page: + [ESM Cloud Farm Version Tracking](/display/ICSD/ESM+Cloud+Farm+Version+Tracking) +- Page: + [How to get an Opentext Confluence account](/display/ICSD/How+to+get+an+Opentext+Confluence+account) +- Page: + [ITOM APM AppPluse Cloud Farm Information](/display/ICSD/ITOM+APM+AppPluse+Cloud+Farm+Information) +- Page: + [ITOM Cloud Service Ops Doc Management Process](/display/ICSD/ITOM+Cloud+Service+Ops+Doc+Management+Process) +- Page: + [ITOM ESM Cloud Service Catalog](/display/ICSD/ITOM+ESM+Cloud+Service+Catalog) +- Page: + [ITOM OpsB NOM Cloud Service Catalog](/display/ICSD/ITOM+OpsB+NOM+Cloud+Service+Catalog) +- Page: + [OpsB and NOM Cloud Deployments Version Tracking](/display/ICSD/OpsB+and+NOM+Cloud+Deployments+Version+Tracking) diff --git a/knowledgebase/csd-wiki/ICSD/ITOM-Cloud-Application-SaaS-Service-Description_686069698.md b/knowledgebase/csd-wiki/ICSD/ITOM-Cloud-Application-SaaS-Service-Description_686069698.md new file mode 100644 index 00000000..e548183b --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/ITOM-Cloud-Application-SaaS-Service-Description_686069698.md @@ -0,0 +1,17 @@ +# ITOM-Cloud-Application-SaaS-Service-Description_686069698 +**Related pages** + +- Page: + [ESM Cloud Farm Version Tracking](/display/ICSD/ESM+Cloud+Farm+Version+Tracking) +- Page: + [How to get an Opentext Confluence account](/display/ICSD/How+to+get+an+Opentext+Confluence+account) +- Page: + [ITOM APM AppPluse Cloud Farm Information](/display/ICSD/ITOM+APM+AppPluse+Cloud+Farm+Information) +- Page: + [ITOM Cloud Service Ops Doc Management Process](/display/ICSD/ITOM+Cloud+Service+Ops+Doc+Management+Process) +- Page: + [ITOM ESM Cloud Service Catalog](/display/ICSD/ITOM+ESM+Cloud+Service+Catalog) +- Page: + [ITOM OpsB NOM Cloud Service Catalog](/display/ICSD/ITOM+OpsB+NOM+Cloud+Service+Catalog) +- Page: + [OpsB and NOM Cloud Deployments Version Tracking](/display/ICSD/OpsB+and+NOM+Cloud+Deployments+Version+Tracking) diff --git a/knowledgebase/csd-wiki/ICSD/ITOM-Cloud-Applications-Version-Tracking_686069647.md b/knowledgebase/csd-wiki/ICSD/ITOM-Cloud-Applications-Version-Tracking_686069647.md new file mode 100644 index 00000000..f1dabbe4 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/ITOM-Cloud-Applications-Version-Tracking_686069647.md @@ -0,0 +1,14 @@ +# ITOM-Cloud-Applications-Version-Tracking_686069647 +1. [ITOM Cloud Service Delivery](index.html) +2. [ITOM Cloud Service Delivery](ITOM-Cloud-Service-Delivery_681555087.html) + +Created by on Jan 19, 2025 EST + +- [ESM Cloud Farm Version Tracking](ESM-Cloud-Farm-Version-Tracking_684925423.html) +- [ITOM APM AppPluse Cloud Farm Information](ITOM-APM-AppPluse-Cloud-Farm-Information_691150242.html) +- [ITOM ESM Cloud Farm Information](ITOM-ESM-Cloud-Farm-Information_686079377.html) +- [OpsB and NOM Cloud Deployments Version Tracking](OpsB-and-NOM-Cloud-Deployments-Version-Tracking_686069604.html) + +Document generated by Confluence on Sep 15, 2025 22:24 EDT + +[Atlassian](https://www.atlassian.com/) diff --git a/knowledgebase/csd-wiki/ICSD/ITOM-Cloud-Project-Progress-Tracking_686074397.md b/knowledgebase/csd-wiki/ICSD/ITOM-Cloud-Project-Progress-Tracking_686074397.md new file mode 100644 index 00000000..d1efd28e --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/ITOM-Cloud-Project-Progress-Tracking_686074397.md @@ -0,0 +1,50 @@ +# ITOM-Cloud-Project-Progress-Tracking_686074397 +Ongoing Projects + +

Type

(Internal/Customer)

Project Type

Project Name

Product

Description

Project Owner

Phase

(Planning/On Hold/Execution/Closed)

Sizing

General Health (Green/Amber/Red)

Status Update

Start Date

Planned Completion Date

Risks/Issues

Internal

Cloud Application Version Currency

DCA Product/ EKS Upgrade

DCA

Upgrade Product/EKS version

DCA knowledge-20250728_124702-Meeting Recording.mp4 - OpenText Content Management CE 25.3

Adina Lehene

Boglarka Ronai

PLANNING

Green

  • Planning dates

Internal

Cloud Operation Excellence / DevOps

Upgrade to Amazon Linux 2023

ESM

Upgrade to Amazon Linux 2023 (AL2023) as for AL2 support ends by November 26, 2025

Boglarka Ronai

Maricel Plesuvu

DILIP BEHERA

PLANNING

Green

  • Starting project, kick-off meeting scheduled

Aviator

Adina Lehene DILIP BEHERA

PLANNING

Green

  • Planning dates

OpsB/NOM

Raluca Prodan

Boglarka Ronai

PLANNING

Green

  • Started project;
  • Initial discussion with architects
  • Awaiting RnD to do first validation

Internal

New Farm deployment

Construct new farm (EU38) in EU region as existing EU8 is over its capacity

ESM

New EU38 farm (version 25.2.2 + SMA25.2.2H1+SMA25.2.2HF2+UCMDB25.2.2HF1) with all ESM capabilities

Adina Lehene

EXECUTION

Green

Internal

Product Readiness

OpsB/NOM 25.2 Release Cloud Readiness

OpsB/NOM

  • Cloud deployment automation
  • Upgrade validation
  • New capabilities validation

Raluca Prodan

EXECUTION

Green
  • Readiness with 25.2 upgrade
  • Major challenge with Vertica upgrade (Need to test backup/restore).
  • Pre-sales Trial environment has been upgraded to 25.2

Internal

Cloud Operation Excellence/DevOps

New US2 ITOM Cloud Dev Farm (ESM 25.1+OP 25.1+OpsB 25.2)

ESM

ESM/OP/OpsB

Sunny Xia

Yun Zhao

EXECUTION

Green
  • Project kick-off
  • Define Terraform Skeleton for new ESM farm cloud deployment automation

Internal

Cloud Operation Excellence / DevOps

Monitoring - Implement new database query monitoring for SMAX metrics

ESM

Monitor manage person API & SMAX workflow queue

Sunny Xia

Miroslav Shindarov

EXECUTION

Green

Has been applied to US2-dev, US2-prod,and EU8

Plan to apply on EU18

Internal

Cloud Operation Excellence / DevOps

WAF rules management/deployment automation

ESM

Automate WAF deployment and effectively manage different WAF rules for each farm.

Yu Liu

ON HOLD

Green

Already demo to team

Internal

Cloud Operation Excellence / DevOps

[SPIKE] AWS resources scheduled scaling

ESM

Yu Liu

EXECUTION

Green

Already implemented in US2-Dev

Confirmed with team about the farm and scaling policy

Internal

Cloud Operation Excellence / DevOps

Power BI Reporting – License expiration alert & notification

ESMPower BI Reporting Enhancement

Yun Zhao

ON HOLD

Green

Internal

Product Cloud Readiness

Full DR validation testing (restore from local backup)

ESM

  • Cross-Region/Cross-Account data backup
  • Restore a full farm/instance in the remote region

Yu Liu DILIP BEHERA Vibin Thadathil Krishnan

EXECUTION

Green

Now date is saved in anther account plus another region

Restore in the remote region not started

Internal

Product Cloud Readiness

NOM Cloud instances APM monitoring & SLA calculation

NOM

Basic NOM service availability check added to APM and include SLA calculation

Javier Gerardo Mora

EXECUTION

Green

Internal

Product Cloud Readiness

New SaaS Offering - AI Ops Management (OpsB Lightweight) Cloud Readiness Check

OpsB

New SaaS Offering Cloud Readiness Check

Wei Shen Raluca Prodan

EXECUTION

Internal

Product Cloud Readiness

New SaaS Offering - NOM Private Cloud Readiness Check

NOM

New SaaS Offering Cloud Readiness Check

End to end dry-run deployment and validation.

Wei Shen Raluca Prodan

EXECUTION

Internal

Product Cloud Readiness

New capability – ITOM Operation Platform Cloud Readiness Check & SaaS onboarding Program

ESM/Operation Platform

Operation 25.2 Cloud Architect Discussion & Review

Wei Shen

EXECUTION

Green
Internal

Product Cloud Readiness

New SaaS Offering – CNO Cloud Readiness Check Program

CNO/NOM

Wei Shen

EXECUTION


Green
InternalCloud Operation Excellence / DevOpsAppO POCsSMAX/ADM/VECreate OTEL POCs for different products

Boglarka Ronai

EXECUTION

Green
  • SMAX: Additional configuration: enable metrics and pod logs, moving to OpsB staging environment
  • Value Edge: configured on opsb4opsb staging environment. Some feature required may be available only in 25.4 or 26.1 releases.
  • ALM: configured on opsb4opsb staging environment. On hold due to lack of resources.

TBC

InternalSecurity & Compliance

Adopt CCOE AMI for ITOM Cloud Applications deployed on AWS EKS

ESM

Replace EKS node AMI with CCOE-certified AMI for all ESM farms

Ting Ye

EXECUTION

Green
  • Project kick-off
  • Validate to adopt certified CCOE AMI on JP 12 staging farm
  • Pending validation & signoff from Engineering

InternalSecurity & Compliance

FY25 Opentext Mega Audit Preparation

ESM

OT level mega audit review

Wei Shen

Miroslav Shindarov

EXECUTION

Green
  • Feb 4 All AWS permission removal requests approved based on FY25 Q2 AWS access review
  • Jan 27 Updated On-Spring to provide all one-time evidence
InternalSecurity & Compliance

Analyze and categorize various potential security issues scanned by Prisma/Qualys and intervene

OpsB/NOM

Analyze and correct security vulnerabilities in Cloud Application reported by Qualys and Prisma.

Vibin Thadathil Krishnan

EXECUTION

Green
InternalSecurity & Compliance

Analyze and categorize various potential security issues scanned by Prisma/Qualys and intervene

ESM

Analyze and correct security vulnerabilities in Cloud Application reported by Qualys and Prisma.

Yu Liu

EXECUTION

Green
Internal

Cloud Operation Excellence / DevOps

Monitoring – Implement new UCMDB browser metrics monitoring & self- healing

ESM/UCMDB

Add a new feature to the Grafana tool to monitor the UCMDB browser.

Add self-healing solution to save UCMDB browser pods in critical state

Sunny Xia

EXECUTION

Green

Internal

Cloud Operation Excellence / DevOps

ESM/Automation Center D2 enablement automation

ESM/AC

Enhance the AC tenant provision automation

Wenjun Sun

PLANNING

Green

Internal

Cloud Operation Excellence / DevOps

ESM/Operation Platform D2 enablement automation

ESM/Operation Platform

Build automation flow to implement OP tenant provision, enable ODL etc.

Wenjun Sun

PLANNING

Green

Internal

Cloud Operation Excellence / DevOps

ESM/Operation Platform Decommission automation

ESM/Operation Platform

Build automation flow to decommission OP tenant and Vertica database

Wenjun Sun

PLANNING

Green

Internal

Cloud Operation Excellence / DevOps

New ITOM Cloud Service Offering (X4X) – Request CNO Trial Instance

NOM/CNO

Wenjun Sun

PLANNING

Green

Internal

Cloud Operation Excellence / DevOps

New ITOM Cloud Service Offering (X4X) – Request to enable Operation Platform tenant/ ODL integration on top of exiting ESM tenant

ESM/Operation Platform

Wenjun Sun

PLANNING

Green
Internal

Cloud Operation Excellence / DevOps

New ITOM Cloud Service Offering (X4X) - Request to decommission Operation Platform tenant

ESM/Operation Platform

Wenjun Sun

PLANNING

Green

Internal

Product Cloud Readiness

Full DR validation testing

OpsB/NOM

  • Cross-Region/Cross-Account data backup
  • Restore a full farm/instance in the remote region

Girish J Babu

Sandeep Kumar Swain

PLANNING

Green
InternalVersion Currency upgradeESM 25.3 Major version upgrade to all commercial ESM FarmsESM

Adina Lehene

Boglarka Ronai

PLANNING

Green

InternalMonitoring ImprovementsGrafana SQL RDS Monitoring in additional production farms (exist in EU8 & EU18)ESM

Miroslav Shindarov

PLANNING

Green
InternalSecurity & Compliance

Adopt CCOE AMI for ITOM Cloud Applications deployed on AWS EKS

OpsB

Replace EKS node AMI with CCOE-certified AMI for all OpsB instances

Javier Gerardo Mora

PLANNING

InternalSecurity & Compliance

Adopt CCOE AMI for ITOM Cloud Applications deployed on AWS EKS

NOM

Replace EKS node AMI with CCOE-certified AMI for all NOM instances

Girish J Babu

PLANNING

InternalCloud Application Version CurrencyAPM 9.60 UpgradeAPMUpgrade farms to the latest version

Boglarka Ronai

PLANNING

Green
  • Project is on hold until we can perform the upgrade for farm 11F (needs RnD fix first). The upgrade is done for the rest of the farms.
  • 3F farm: completed
  • 4F: completed
  • 10F (OT IT): completed
  • 11F (Marriott): to be planned

TBC

  • 11F: code not working for APM 9.60

Internal

Cloud Application Version Currency

NOM 25.1 Major Version upgrade for all customer production instances

NOM

NOM 25.1 Major Version upgrade for all customer production instances

Girish J Babu

ON HOLD

Green

Customer

Customer Cloud Service

New ESM Cloud Applications Farm Construction (AWS UAE) – For FlyDubai

ESM

SMAX/UCMDB/OO/Audit

Wei Shen

ON HOLD

Green

In Salesforce the FlyDubai opportunity has an updated close date of May 15, 2025.

Hence the project is on hold

Customer

Customer Cloud Service

New ESM Cloud Application Farm (AWS Frankfurt) – For SG

ESM

SMAX/UCMDB/OO/Audit

Wei Shen

ON HOLD

Green

InternalProduct Cloud ReadinessEvaluate ESM GCP Cloud ReadinessESMEvaluate GCP for ITOM ESM

Boglarka Ronai

ON HOLD

Green
  • Change in deal: amount reduced, start date moved to November
  • Architecture diagram: draft ready
  • High level cost estimation - completed for OCF, work in progress for OCP
  • Verification for all ESM products – SMAX, uCMDB, OO – working

TBC

CustomerCustomer Cloud ServiceMF SSO switch to OT SSO authentication for ESM internal tenantsESMMF SSO switch to OT SSO authentication for ESM internal tenants

Sunny Xia

ON HOLD

Green

SAML_Migration_Tenant_List.xlsx

Software Factory Prod is completed on Sept 23

Need to plan MF IT.

InternalSecurity & Compliance

ESM WAF enablement project & Keep tracking WAF logs

ESM

Step by step enable deny mode on all ESM farms

ESM WAF Enablement Tracking

Yu Liu

ON HOLD

Green
  • Enabled Deny mode on ESM EU3/US7/US2 farm
  • Enabled Observe mode on ESM US24/US26 farm

InternalCustomer Cloud ServiceDefine customer exit processESMImprove the process of customer rollout, including details such as data export services, services for customer data erasure, etc.

Wei Shen

ON HOLD

Green
InternalCloud Cost OptimizationAWS Cost OptimizationESMOptimize resource allocation and reduce redundancies

Ling-yan Meng

Ting Ye

ON HOLD

GreenESM Cloud Infra Cost Review

InternalCloud CostAWS Cost OptimizationAWS Cost OptimizationOpsBOptimize resource allocation and reduce redundancies

Ling-yan Meng

Raluca Prodan

ON HOLD

GreenOpsB/NOM Cloud Infra Cost Review

+ +Project Sizing Template: + +| Size | Avg hours/Month | +| --- | --- | +| XS | 10 | +| S | 40 | +| M | 80 | +| L | 120 | +| XL | 160 | +| XXL | 200 | + +## Complete Projects + +| Type (Internal/Customer) | Project Type | Project Name | Product | Description | Project Owner | Phase (Planning/On Hold/Execution/Closed) | General Health (Green/Amber/Red) | Status Update | Start Date | Planned Completion Date | Risks/Issues | +| --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | +| Internal | Cloud Application Version Currency | ESM 25.2 (Patch 2) Major version upgrade to all commercial ESM Farms | ESM | ESM 25.2 (Patch 2) Upgrade (SMAX, UCMDB, OO, Audit, AC, Aviator) | [Adina Lehene](https://confluence.opentext.com/display/~alehene) [Boglarka Ronai](https://confluence.opentext.com/display/~bronai) | COMPLETED | **Green** | - EU3/US7 - April 7th - Completed - US2/US24/US26 - April 20th - Completed - US6/AP10/CA16 - May 18th - Completed - EU8/JP12/BR14/EU18/EU28 - Jul 20th - Completed | 07 Apr 2025 | 21 Jul 2025 | | +| Customer | Customer Cloud Service | Dedicated ITOM Aviator farm for EU-managed customers | ITOM Aviator | New EU-Managed customer purchased ITOM Aviator service, considering the data privacy we need to build a new ITOM Aviator farm as EU-Managed service | [Wei Shen](https://confluence.opentext.com/display/~wshen) | COMPLETED | **Green** | - CSR request submitted, waiting for budget approval - Once the cost approved, we can kick off the project - The deployment is on top of ITOM Aviator 25.1.1 with some infra changes to get rid of AWS Sagemaker - Farm EU32 has been deployed | | 31 Mar 2025 | | +| Customer | Customer Cloud Service | FZAG SMAX tenant change user UPN | ESM | FZAG SMAX tenant change user UPN | [Sunny Xia](https://confluence.opentext.com/display/~sxia2) | COMPLETED | **Green** | - FZAG EU3 dev tenant UPN change has been completed - FZAG EU8: dev completed - Need to plan EU8-prod. | 18 Jun 2024 | | | +| Internal | Cloud Operation Excellence/DevOps | Plan for AWS account migration to new SCP OU hierarchy | ESM | Plan for AWS account migration to new SCP OU hierarchy | [Yu Liu](https://confluence.opentext.com/display/~yliu5) | COMPLETED | **Green** | | | | | +| Internal | Cloud Operation Excellence/DevOps | Plan for AWS account migration to new SCP OU hierarchy | OpsB/NOM | Plan for AWS account migration to new SCP OU hierarchy | [Raluca Prodan](https://confluence.opentext.com/display/~rprodan) | COMPLETED | **Green** | | | | | +| Internal | Cloud Operation Excellence / DevOps | AWS account migration to new SCP OU hierarchy | ESM/DCA/Aviator | AWS account migration to new SCP OU hierarchy | [Yu Liu](https://confluence.opentext.com/display/~yliu5) | COMPLETE | **Green** | - DCA staging - Jan 19th - ESM staging - Feb 16th - DCA /Aviator/ESM trial - Feb 23rd - ESM prod - Mar16th - ESM prod - Apr 6th | 19 Jan 2025 | 27 Apr 2025 | | +| Internal | Cloud Application Version Currency | OpsB 25.1 Major version upgrade for all customer production instances | OpsB | OpsB 25.1 Major version upgrade for all customer production instances | [Javier Gerardo Mora](https://confluence.opentext.com/display/~jmora2) | COMPLETE | **Green** | - Feb 2 Infonavit - Feb 3 Opsb4Opsb-stg - Feb 6 OT | 01 Feb 2025 | 31 Mar 2025 | | +| Internal | Cloud Application Version Currency | ESM 25.1 Major Version Upgrade for all commercial ESM farms | ESM | ESM 25.1 Upgrade (SMAX, UCMDB, OO, Audit, Automation Center, HCMX/FinOps) | [Ting Ye](https://confluence.opentext.com/display/~tye) | COMPLETE | **Green** | - Jan 13 rd - EU3/US7– ESM 25.1 Upgrade **Done** - Jan 19 th - US2/US24/US26 – ESM 25.1 Upgrade **Done** - Feb 9 th - US6/AP10/CA16 – ESM 25.1 Upgrade **Done** - Feb 23 rd - EU8/BR14/JP12/EU18/ EU28 – ESM 25.1 Upgrade **Done** | 13 Jan 2025 | 23 Feb 2025 | | +| Customer | Customer Cloud Service | EU28 (EU managed) farm Key migration. | ESM | Per the customer's request, we need to change AWS encryption key from AWS managed key to the managed key. So all existing assets (RDS, EFS) need to be re-encrypted by new key | [Ting Ye](https://confluence.opentext.com/display/~tye) | COMPLETE | **Green** | | 09 Feb 2025 | 09 Feb 2025 | | +| Internal | Cloud Application Version Currency | ESM 25.1.2 Patch upgrade to all commercial ESM Farms | ESM | ESM 25.1.2 Upgrade(SMAX, UCMDB, OO, Audit, AC, Aviator) | [Ting Ye](https://confluence.opentext.com/display/~tye) | COMPLETE | **Green** | - JP12 staging - Mar 20th - US7/EU3 - April 7th - US2/US24/US24 - April 20rd | 20 Mar 2025 | | | +| Internal | Cloud Operation Excellence / DevOps | Validate the OO business flow in out monitoring tenant | ESM | Validate the OO business flow in out monitoring tenant (enable OO first) and submit request to APM scripting team for script development. | [Miroslav Shindarov](https://confluence.opentext.com/display/~mshindarov) | COMPLETE | **Green** | - We (me+Javier) are testing the given document for OO b. flow. We are adopting the document for Scripting team. Script is in development state. [Request #7088992:Please help with New SMAX OO monitor](https://us2-smax.saas.microfocus.com/main/Request/7088992?TENANTID=734262997) SR00380377 to Javier SC team is testing. SC team has no license for APM. At end of Jan 2025 NOC did successful UAT testing of the Script(suggested by OO RnD, Develop by Javier and tested by NOC). Next step is New project to work on gradual implementation for Prod. | | 01.Feb.2025 | we must check the consequences if this will lead to load of the tenant and what are best intervals for sending the query. Above is done. OO Monitoring script is under UAT-APM for testing. Testing is ongoing, some changes been done also.Hope to finish all next week. No more can be done, as SC team has no licenses for APM 4F for this.!! | +| Internal | Cloud Operation Excellence / DevOps | Power BI Reporting – ITOM Aviator Usage Report/Aviator License Report | ITOM Aviator | Power BI Reporting Enhancement | [Daniel van Aswegen](https://confluence.opentext.com/display/~dvanaswegen) | COMPLETE | **Green** | | | 31 Jan 2025 | | +| Internal | Cloud Operation Excellence / DevOps | Power BI Reporting – ESM Capability View to add Operation Platform/ODL enablement flag | ESM/Operation Platform | Power BI Reporting Enhancement | [Wenjun Sun](https://confluence.opentext.com/display/~wsun2) | COMPLETE | **Green** | | | 31 Jan 2025 | | +| Internal | Cloud Application Version Currency | ITOM Aviator 24.4.2 Patch Upgrade | ITOM Aviator | ITOM Aviator 24.4.2 Patch Upgrade | [Yu Liu](https://rndwiki.houston.softwaregrp.net/confluence/display/~liu.yu@microfocus.com) | COMPLETE | **Green** | | 01 Jan 2025 | 13 Feb 2025 | | +| Internal | Cloud Application Version Currency | ITOM Aviator 25.1 Major version upgrade | ITOM Aviator | ITOM Aviator 25.1 Major version upgrade | [Yu Liu](https://rndwiki.houston.softwaregrp.net/confluence/display/~liu.yu@microfocus.com) | COMPLETE | **Green** | | 01 Jan 2025 | 13 Jan 2025 | | +| Internal | Cloud Application Version Currency | AWS EKS upgrade | ESM/OpsB/NOM | Upgrade AWS EKS version to 1.29/1.30/1.31 | [Ting Ye](https://rndwiki.houston.softwaregrp.net/confluence/display/~ting.ye@microfocus.com) | COMPLETE | **Green** | EKS Version for all the ESM farms was upgraded to 1.30 by the end of Jan 13rd | | 13 Jan 2025 | | +| Internal | Cloud Application Version Currency | ESM 24.4.2 Patch Upgrade for all commercial ESM farms | ESM | ESM 24.4.2 Patch Upgrade (SMAX, UCMDB, OO, Audit, Automation Center, HCMX/FinOps) | [Ting Ye](https://rndwiki.houston.softwaregrp.net/confluence/display/~ting.ye@microfocus.com) | COMPLETE | **Green** | ESM 24.4.2 Patch Upgrade was applied to all commercial ESM farms by the end of Dec 22nd 2024 | | 22 Dec 2024 | | +| Internal | Product Cloud Readiness | Operation Platform SaaS onboarding | Operation Platform | Operation Platform Deployment on ESM production farm (EU3/EU18/US24) | [Ting Ye](https://rndwiki.houston.softwaregrp.net/confluence/display/~ting.ye@microfocus.com) | COMPLETE | **Green** | - EU3 - done - EU18/US24 - Done | 01 Oct 2024 | 30 Nov 2024 | | +| Internal | Cloud Application Version Currency | ESM FedRAMP farm 24.2 FP3 | ESM FedRAMP | ESM FedRAMP farm 24.2 FP3 | [Jeremy Thunker](https://rndwiki.houston.softwaregrp.net/confluence/display/~Jeremy.Thunker@microfocus.com) | COMPLETE | **Green** | - Upgrade deployed on 21 Dec 2024 | | 19 Jan 2025 | | +| Customer | Customer Cloud Service | AppO onboarding for Infonavit | AppO | Onboard customer | [Boglarka Ronai](https://rndwiki.houston.softwaregrp.net/confluence/display/~boglarka.ronai@microfocus.com) | COMPLETE | **Green** | - Customer to be onboarded to PCS Ticketing System - completed by CSM - 24.4. upgrade: completed. - AppO onboarding completed | 21 Oct 2024 | | | +| Internal | Cloud Operation Excellence / DevOps | New PM demo tenant on 24.4 | ESM | New PM demo tenant on 24.4 | [Wenjun Sun](https://rndwiki.houston.softwaregrp.net/confluence/display/~wen-jun.sun@microfocus.com) | COMPLETE | **Green** | Completed for: - SMAX - OO - UCMDB with activated NSACM with full active adv lifecycle - AC - SAM - HCMX - OP | 27 Sep 2024 | 29 Oct 2024 | | +| Customer (Citi) | Customer Cloud Service | Citi SSO OBM Integration | APM | Implementing single sign-on solution in APM application by using integration with OBM | [Boglarka Ronai](https://rndwiki.houston.softwaregrp.net/confluence/display/~boglarka.ronai@microfocus.com) | COMPLETE | **Green** | - Staging farm completed - Hotfix for alerts module issue applied to prod farm. | 05 Feb 2024 | 21 Nov 2024 | | +| Internal | Security & Compliance | Install Prisma Defender on ESM Farms | ESM | | [Yu Liu](https://rndwiki.houston.softwaregrp.net/confluence/display/~liu.yu@microfocus.com) | COMPLETE | **Green** | - Install Prisma Defender on all ESM farms - Install Prisma Defender on all DCA farms - Install Prisma Defender on all Aviator farms | 01 Sep 2024 | 10 Nov 2024 | | +| Internal | Security & Compliance | Install Prisma Defender | OpsB/NOM | Install Prisma Defender to all OpsB/NOM farms and standalones | [Raluca Prodan](https://rndwiki.houston.softwaregrp.net/confluence/display/~maria-raluca.bumb@microfocus.com) | COMPLETE | **Green** | | 01 Jun 2024 | 28 Nov 2024 | | +| Internal | Security & Compliance | Install Qualys Agent to all ESM Farms | ESM | Install Qualys Agent to all ESM Farms | [Yu Liu](https://rndwiki.houston.softwaregrp.net/confluence/display/~liu.yu@microfocus.com) | COMPLETE | **Green** | - All EC2s are installed with qualys agents - If eks upgrades then farm owner is responsible for installing qualys agent himself | 01 Jun 2024 | 31 Jul 2024 | | +| Internal | Security & Compliance | Install Qualys Agent | OpsB/NOM | Install Qualys Agent to all OpsB/NOM farms and standalones | [Raluca Prodan](https://rndwiki.houston.softwaregrp.net/confluence/display/~maria-raluca.bumb@microfocus.com) | COMPLETE | **Green** | | 01 Jun 2024 | 30 Sep 2024 | | +| Internal | Security & Compliance | Support ESM 3PPT testing, provide ESM tenant for pen testing | ESM | | [Ting Ye](https://rndwiki.houston.softwaregrp.net/confluence/display/~ting.ye@microfocus.com) | COMPLETE | **Green** | ESM 3PPT testing was completed on JP12 Staging farm. | | 13 Jan 2025 | | +| Internal | Security & Compliance | Support OpsB/NOM 3PPT testing, provide OpsB/NOM instances for pen testing | OpsB/NOM | | [Raluca Prodan](https://rndwiki.houston.softwaregrp.net/confluence/display/~maria-raluca.bumb@microfocus.com) | COMPLETE | **Green** | - Deployment was provided to RnD - The 3PPT was completed and report was shared with RnD - Re-testing scheduled for March | 06 Nov 2024 | 10 Dec 2024 | | +| Internal | Cloud Operation Excellence / DevOps | Aviator Hybrid provisioning flow | ESM | Create a new offering for provisioning the aviator with IP address, tenant information, and contact information | [Wenjun Sun](https://rndwiki.houston.softwaregrp.net/confluence/display/~wen-jun.sun@microfocus.com) | COMPLETE | **Green** | | | | | +| Internal | Cloud Operation Excellence / DevOps | Replace all ESM tenant internal production license with long-duration license | ESM | Replace all ESM tenant internal production license with long-duration license | [Yun Zhao](https://rndwiki.houston.softwaregrp.net/confluence/display/~yun.zhao@microfocus.com) | COMPLETE | **Green** | | | | | diff --git a/knowledgebase/csd-wiki/ICSD/ITOM-Cloud-Service-Backup-Integrity-Testing-Plan_686074315.md b/knowledgebase/csd-wiki/ICSD/ITOM-Cloud-Service-Backup-Integrity-Testing-Plan_686074315.md new file mode 100644 index 00000000..1553d9e6 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/ITOM-Cloud-Service-Backup-Integrity-Testing-Plan_686074315.md @@ -0,0 +1,51 @@ +# ITOM-Cloud-Service-Backup-Integrity-Testing-Plan_686074315 +## Introduction + +This document describes the general backup integrity testing plan to cover ITOM Cloud Deployed Products - ESM, OpsB, NOM, APM. + +## Description + +- We perform product backup integrity testing testing every 6 months to be compliant with ISO (May/June – localbackup; November/December – remote backup (DR account) +- This activity is business critical and mandatory and required by many regulations and audits. +- Some of our obligations for having the process in place and validated are: + - Ready to use and validated disaster recovery plan in place, which will help us to avoid catastrophic customer data loss (reduce damage or disruption and recover as possible in the + event of a disaster that leads to system failure or in case of customer account theft) + - Business continuity. All relevant teams, including CSD, RnD, other stakeholders will be notified one month before executing this drill + - The backup integrity testing report will be published regluarly basis to Cloud customers to prove DR resolution availbility + +## Owner + +- Assign an Owner in each Cloud Ops team to be responsible for + - Developing plans + - Updating DR resolution documents + - Overseeing the execution of backup integrity operations + - Publishing backup integrity testing result reports. + +## Plan + +- Notification to all internal stakeholders about backup integrity testing 1 month before the execution +- Backup integrity testing testing every 6 months to be compliant with ISO + - 1st backup integrity testing - **May/June** – localbackup + - 2nd backup integrity testing - **November/December** – remote backup + +## General Procedures + +- Data backup validation + - Select 1 non-prod farm/instance in a different region (AWS North Virginia, AWS Ireland, + AWS Sydney, AWS London, AWS Canada) + - There are some places where the customer data may be located: + - AWS RDS + - AWS EFS + - AWS EBS + - EKS K8S Configuration (Velero) + - EC2 Instances + - Need to be checked if there is back up data for all relevant components, if not please ensure + the backup mechanism is in place +- Perform Data Restore + - Select a specific set of backup data (with the same timestamp) for data recovery + - Record the approximate steps of the entire data recovery and how long it took +- Validate restored farm/instance + - We're leverage APM service availbility check and AWS Sythetics Check to validate success of data restore + - Confirm all major functionalities are working as expected +- Prepare backup integrity testing report + - Please refer to the attached document format to prepare the DR validation testing report. [ESM DR Validation Report - May 2023.docx](#) diff --git a/knowledgebase/csd-wiki/ICSD/ITOM-Cloud-Service-Catalog_688996225.md b/knowledgebase/csd-wiki/ICSD/ITOM-Cloud-Service-Catalog_688996225.md new file mode 100644 index 00000000..4712c44c --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/ITOM-Cloud-Service-Catalog_688996225.md @@ -0,0 +1,14 @@ +# ITOM-Cloud-Service-Catalog_688996225 +1. [ITOM Cloud Service Delivery](index.html) +2. [ITOM Cloud Service Delivery](ITOM-Cloud-Service-Delivery_681555087.html) + +Created by, last modified on Feb 08, 2025 EST + +- [ITOM Cloud Service Delivery Approval Process for New Services](ITOM-Cloud-Service-Delivery-Approval-Process-for-New-Services_688996646.html) +- [ITOM ESM Cloud Service Catalog](ITOM-ESM-Cloud-Service-Catalog_688996649.html) +- [ITOM ESM Cloud Service Monthly Report](ITOM-ESM-Cloud-Service-Monthly-Report_688996227.html) +- [ITOM OpsB NOM Cloud Service Catalog](ITOM-OpsB-NOM-Cloud-Service-Catalog_688996652.html) + +Document generated by Confluence on Sep 15, 2025 22:24 EDT + +[Atlassian](https://www.atlassian.com/) diff --git a/knowledgebase/csd-wiki/ICSD/ITOM-Cloud-Service-Delivery-Approval-Process-for-New-Services_688996646.md b/knowledgebase/csd-wiki/ICSD/ITOM-Cloud-Service-Delivery-Approval-Process-for-New-Services_688996646.md new file mode 100644 index 00000000..dc5fd584 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/ITOM-Cloud-Service-Delivery-Approval-Process-for-New-Services_688996646.md @@ -0,0 +1,103 @@ +# ITOM-Cloud-Service-Delivery-Approval-Process-for-New-Services_688996646 +## 1\. Purpose + +The purpose of this document is to establish a structured approval process for introducing new cloud services within the Cloud Service Delivery team. This ensures that all new services align with operational standards, have proper support structures, and account for workload impact on the team. + +## 2\. Scope + +This process applies to all new cloud services introduced due to product upgrades, feature additions, or customer requirements. No service shall be made available to customers without prior approval from the Cloud Service Delivery team. + +## 3\. Approval Process + +### 3.1 Service Proposal Submission + +Any new cloud service must be formally proposed by the product team, engineering, or other stakeholders. The proposal should include: + +- **Service Name & Description**: A high-level definition of the service and its purpose. +- **Business Justification**: The rationale for adding the service, including customer demand and strategic importance. +- **Technical Overview**: A detailed explanation of the service architecture, dependencies, and integration with existing cloud infrastructure. +- **Security & Compliance Considerations**: Any security, regulatory, or compliance impacts that need to be addressed. + +Important + +Please submit a new service proposal according to [New Cloud Service Proposal Template.docx](attachments/688996646/688996825.docx) + +Please schedule a meeting to communicate with the relevant ITOM Cloud Service Team and review the relevant new services proposal. + +- ITOM Cloud Service ESM Team [ITOMCloudServiceESMTeam@opentextcorporation.onmicrosoft.com](mailto:ITOMCloudServiceESMTeam@opentextcorporation.onmicrosoft.com) +- ITOM Cloud Service SO Team [ITOMCloudServiceSOTeam@opentextcorporation.onmicrosoft.com](mailto:ITOMCloudServiceSOTeam@opentextcorporation.onmicrosoft.com) +- ITOM Cloud Services APM Team [ITOMCloudServicesAPMTeam@opentextcorporation.onmicrosoft.com](mailto:ITOMCloudServicesAPMTeam@opentextcorporation.onmicrosoft.com) + +### 3.2 Cloud Service Delivery Team Review + +Upon submission, the Cloud Service Delivery team will conduct a detailed review of the proposal based on the following criteria: + +- **Operational Readiness**: Evaluation of whether the necessary infrastructure, automation, and monitoring are in place. +- **Runbook & Documentation**: The availability of an operational runbook detailing how the service will be deployed, maintained, and troubleshot. +- **Support Requirements**: Definition of support tiers, escalation paths, and team training requirements. +- **Service Level Objectives (SLOs)**: Assessment of the expected availability, performance, and reliability targets. +- **Capacity Planning**: An analysis of how the new service impacts existing workload and team resources. + +### 3.3 Approval and Implementation + +After review, the Cloud Service Delivery team will decide on one of the following: + +- **Approved**: The service meets all requirements and can proceed to production. +- **Conditional Approval**: The service requires additional work or mitigations before approval. +- **Rejected**: The service does not align with Cloud Service Delivery standards or is unfeasible. + +If approved, a formal implementation plan is created, detailing the timeline, responsibilities, and required actions for the service rollout. + +## 4\. Operational Requirements for New Services + +Each new cloud service must fulfill the following requirements before being launched: + +### 4.1 Service Definition + +- Clearly defined functionality and expected behavior. +- Dependencies and required integrations. + +### 4.2 Operational Runbook + +- Detailed step-by-step procedures for provisioning, monitoring, and troubleshooting the service. +- Escalation procedures and points of contact for issue resolution. + +### 4.3 SLO & SLA Definition + +- Established uptime, response time, and performance targets. +- Escalation paths for service degradation or incidents. + +### 4.4 Support Model + +- Defined support ownership (Cloud Service Delivery vs. Engineering/Product Team). +- Training for support personnel. + +### 4.5 Capacity & Resource Planning + +- Impact analysis on cloud infrastructure resources and personnel workload. +- Adjustments to staffing or automation as necessary. + +## 5\. Enforcement + +No new cloud service may be deployed to production or made available to customers without explicit approval from the Cloud Service Delivery team. Any unauthorized deployment will be subject to review and potential rollback until compliance is ensured. + +## 6\. Continuous Improvement + +This process will be reviewed periodically to ensure alignment with evolving cloud strategies, operational best practices, and business needs. + +**Related pages** + +- Page: + [ESM Cloud Farm Version Tracking](/display/ICSD/ESM+Cloud+Farm+Version+Tracking) +- Page: + [How to get an Opentext Confluence account](/display/ICSD/How+to+get+an+Opentext+Confluence+account) +- Page: + [ITOM APM AppPluse Cloud Farm Information](/display/ICSD/ITOM+APM+AppPluse+Cloud+Farm+Information) +- Page: + [ITOM Cloud Service Ops Doc Management Process](/display/ICSD/ITOM+Cloud+Service+Ops+Doc+Management+Process) +- Page: + [ITOM ESM Cloud Service Catalog](/display/ICSD/ITOM+ESM+Cloud+Service+Catalog) +- Page: + [ITOM OpsB NOM Cloud Service Catalog](/display/ICSD/ITOM+OpsB+NOM+Cloud+Service+Catalog) +- Page: + [OpsB and NOM Cloud Deployments Version Tracking](/display/ICSD/OpsB+and+NOM+Cloud+Deployments+Version+Tracking) diff --git a/knowledgebase/csd-wiki/ICSD/ITOM-Cloud-Service-Delivery_681555087.md b/knowledgebase/csd-wiki/ICSD/ITOM-Cloud-Service-Delivery_681555087.md new file mode 100644 index 00000000..99ad077c --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/ITOM-Cloud-Service-Delivery_681555087.md @@ -0,0 +1,111 @@ +# ITOM-Cloud-Service-Delivery_681555087 +Welcome to your new documentation space! + +**Welcome to the ITOM Cloud Service Delivery Team Documentation Space!** + +## Search this documentation + +## Featured Pages + +- Page: + [ESM Cloud Farm Version Tracking](/display/ICSD/ESM+Cloud+Farm+Version+Tracking) +- Page: + [How to get an Opentext Confluence account](/display/ICSD/How+to+get+an+Opentext+Confluence+account) +- Page: + [ITOM APM AppPluse Cloud Farm Information](/display/ICSD/ITOM+APM+AppPluse+Cloud+Farm+Information) +- Page: + [ITOM Cloud Service Ops Doc Management Process](/display/ICSD/ITOM+Cloud+Service+Ops+Doc+Management+Process) +- Page: + [ITOM ESM Cloud Service Catalog](/display/ICSD/ITOM+ESM+Cloud+Service+Catalog) +- Page: + [ITOM OpsB NOM Cloud Service Catalog](/display/ICSD/ITOM+OpsB+NOM+Cloud+Service+Catalog) +- Page: + [OpsB and NOM Cloud Deployments Version Tracking](/display/ICSD/OpsB+and+NOM+Cloud+Deployments+Version+Tracking) + +## Recently Updated Pages + +- [OpsB and NOM Cloud Deployments Version Tracking](OpsB-and-NOM-Cloud-Deployments-Version-Tracking_686069604.html "ITOM Cloud Service Delivery") + about 4 hours ago • updated by [James Francis](/display/~jfrancis3) • [view change](/pages/diffpagesbyversion.action?pageId=686069604&selectedPageVersions=64&selectedPageVersions=63) +- [OpsB and NOM Cloud Deployments Version Tracking](OpsB-and-NOM-Cloud-Deployments-Version-Tracking_719523889.html "ITOM Cloud Service Delivery") + about 9 hours ago • updated by [Ioana Matei](/display/~imatei) • [view change](/pages/diffpagesbyversion.action?pageId=686069604&selectedPageVersions=63&selectedPageVersions=62) +- [ESM Emergency Change Process](ESM-Emergency-Change-Process_718140336.html "ITOM Cloud Service Delivery") + about 11 hours ago • updated by [Adina Lehene](/display/~alehene) • [view change](/pages/diffpagesbyversion.action?pageId=718140336&selectedPageVersions=11&selectedPageVersions=10) +- [2025 16th of September - Cloud R&D Weekly Service Delivery Call](719520217.html "ITOM Cloud Service Delivery") + about 18 hours ago • updated by [Boglarka Ronai](/display/~bronai) • [view change](/pages/diffpagesbyversion.action?pageId=719520217&selectedPageVersions=4&selectedPageVersions=3) +- [ESM Cloud /FP upgrade Maintenance Window Standby Plan](703370112.html "ITOM Cloud Service Delivery") + about 19 hours ago • updated by [Adina Lehene](/display/~alehene) • [view change](/pages/diffpagesbyversion.action?pageId=703370112&selectedPageVersions=64&selectedPageVersions=63) + +## Product Readiness + +- [ITOM SaaS Service Description](ITOM-Cloud-Application-SaaS-Service-Description_686069698.html) +- ITOM SaaS Cloud Architecture +- Installation/Deployment Guide +- [Interlock Meeting](ITOM-RnD-Interlock-Meetings_686070427.html) +- Performance Sizing Guide +- Product Release Process +- Product Purchase Process +- Support Oriented Training +- Ops Oriented Training +- Product Support-ability Tooling +- Product Diagnostic Tooling +- Customer Facing Doc Portal +- Cloud Simulation Environment +- Cloud Security Sign-Off +- Product Trial/PoC Procedure +- [Cloud Readiness Check List](Cloud-Application-Cloud-Readiness-Check-List_682933055.html) + +- [ITOM Cloud AWS Account Overview](ITOM-Cloud-AWS-Account-Overview_686070784.html) +- [ITOM ESM Cloud Farm Information](ITOM-ESM-Cloud-Farm-Information_686079377.html) +- [ITOM APM AppPluse Cloud Farm Information](ITOM-APM-AppPluse-Cloud-Farm-Information_691150242.html) +- Cloud Deployment Automation +- [Product Provision Automation](Product-Provision-Automation_686070431.html) +- Product Configuration Automation +- [Product License Management](Product-License-Management_686070229.html) +- [Cloud Cost Optimization/FinOps](686065517.html) +- Cloud Capacity Management +- Business Data Collection/BI Analysis +- Off-Cloud to On-Cloud Migration +- [Multi-Cloud Deployment](Multi-cloud-deployment_686070213.html) + +## Customer Support + +- Customer Order Fulfillment +- Customer On-boarding Process +- Support Ticketing Tool System +- [Customer Cloud Service Offerings](Customer-Cloud-Service-Offerings_684947005.html) +- Customer Support Service SLA +- Customer Satisfaction Survey +- Customer Escalation Process & Path +- Service Availability Check & Monthly SLA +- Service Level Agreement +- Customer Notification Process + +## Maturity Assessment + +- Recoverability +- Usability +- Operability +- Maintainability +- Securability +- Persistability +- Mobility +- Throttleability +- Deployability +- Reliability +- Reusability +- Accoutability +- Durability +- Troubleshootability +- Defensibility +- Extensibility +- Auditability +- Application Configurability +- Observability +- Visibility +- Affordability +- Adaptability + +## Training Materials + +- Newbie training +- Record Training Session diff --git a/knowledgebase/csd-wiki/ICSD/ITOM-Cloud-Service-Ops-Change-Calendar_686069645.md b/knowledgebase/csd-wiki/ICSD/ITOM-Cloud-Service-Ops-Change-Calendar_686069645.md new file mode 100644 index 00000000..19ef3d6f --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/ITOM-Cloud-Service-Ops-Change-Calendar_686069645.md @@ -0,0 +1,4 @@ +# ITOM-Cloud-Service-Ops-Change-Calendar_686069645 +Created by , last modified on Jan 19, 2025 EST + +- [OpsB/NOM Cloud Ops Change Calendar](686069658.html) diff --git a/knowledgebase/csd-wiki/ICSD/ITOM-Cloud-Service-Ops-Doc-Management-Process_686069689.md b/knowledgebase/csd-wiki/ICSD/ITOM-Cloud-Service-Ops-Doc-Management-Process_686069689.md new file mode 100644 index 00000000..2c8e13ee --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/ITOM-Cloud-Service-Ops-Doc-Management-Process_686069689.md @@ -0,0 +1,77 @@ +# ITOM-Cloud-Service-Ops-Doc-Management-Process_686069689 +This is the process document to describe how to submit operational document to ITOM Cloud Service team. + +## 1\. What is Ops document? + +Ops documentation includes all the necessary information, procedures, and best practices related to the operational aspects of the systems and infrastructure managed within a Cloud environment. + +Explain the significance of Ops documentation in ensuring smooth operations, troubleshooting, maintaining security, and sharing knowledge among Cloud Service team members. + +## 2\. Ops Documentation Types + +**Cloud Service Team Owned Ops Documentations:** + +- System Architecture and Infrastructure +- Configuration Management +- Deployment Procedures +- Monitoring and Alerting +- Disaster and Recovery +- Security and Compliance +- Incident Management +- Scaling and Performance +- Customer Service Operation Manual +- Retrospective Record + +**RnD Team Provided Ops Documentations:** + +- New Feature Introduced SaaS Customer Service +- Product Troubleshooting Guide +- Regular Product Upgrade Procedures +- Patch/Hotfix Document/Readme +- Reusable Ops Runbook +- On-time Change Instruction (K8S, DB, Configuration etc.) + +## 3\. Ops Documentation Review Process + +- #### Submit Ops document candidate +1. Click and go to " [Document Candidates](https://confluence.opentext.com/pages/viewpage.action?pageId=686065504) " section +2. Click "Create from template" button and browser to " **** " wiki template to create new standard Ops documentation. + ![](attachments/686069689/686069674.png) + ![](attachments/686069689/686069678.png) +3. Please follow Ops documentation structure to prepare document and keep the documentation under " [Document Candidates](https://confluence.opentext.com/pages/viewpage.action?pageId=686065504) " section +- #### Schedule Documentation Review with Cloud Service Team + +![](attachments/686069689/686069682.png) + +- #### Sign-off Ops Documentation +1. Once the document is submitted to " [Document Candidates](https://confluence.opentext.com/pages/viewpage.action?pageId=686065504) ", The document author/owner need to **shcedule a review meeting** with ITOM Cloud Ops team to explain the background and details for the document. + - **ITOM Cloud Service ESM Team** [ITOMCloudServiceESMTeam@opentextcorporation.onmicrosoft.com](mailto:ITOMCloudServiceESMTeam@opentextcorporation.onmicrosoft.com) + - **ITOM Cloud Service SO Team** [ITOMCloudServiceSOTeam@opentextcorporation.onmicrosoft.com](mailto:ITOMCloudServiceSOTeam@opentextcorporation.onmicrosoft.com) + - **ITOM Cloud Services APM Team** [ITOMCloudServicesAPMTeam@opentextcorporation.onmicrosoft.com](mailto:ITOMCloudServicesAPMTeam@opentextcorporation.onmicrosoft.com) +2. Cloud Ops team will paticipant the meeting with RnD team together to review and finalize this Ops documentation +3. Cloud Ops team will considering the scenario to validate the changes mentioned in Ops documentation in Non-production Cloud environment if needed +4. After above steps are all compeleted. Cloud Service team lead will sign-off and approve the document. +5. After sign-off the document will be moved out from " [Document Candidates](https://confluence.opentext.com/pages/viewpage.action?pageId=686065504) " section to relevant Cloud Documentation Categories and marked as uneditable. +6. **Please note that only documents that have been officially reviewed and approved by the Cloud Service team can be used as reference documents for daily Cloud Service team operations work.** + +## 4\. Q & A + +###### Q: How should I get the permission to access Ops doc space or submit new Ops doc? + +A: There are currently 3 types of role permissions in ITOM Ops Doc wiki space + +- - **ITOM Cloud Ops**: Able to view and edit document, plus have permission to view and edit “restriction” page which might include contents related to controlled Cloud permissions + - **Authorized confluence user**: Able to view and add document, no permission to view and edit the “restriction” page. Can’t delete any pages from Ops doc wiki space. + - **Anonymous user**: Only view permission with all opened content, no permission to view and edit the “restriction” page. Can’t delete any pages from Ops doc wiki space. + +If you need permission to contribute Ops document in the wiki space, please contact: + +- - APJ: [Sunny Xia](https://confluence.opentext.com/display/~sxia2) [Ting Ye](https://confluence.opentext.com/display/~tye) [Wei Shen](https://confluence.opentext.com/display/~wshen) + - EMEA: [Boglarka Ronai](https://confluence.opentext.com/display/~bronai) + - AMS: [Joseiby Hernandez](https://confluence.opentext.com/display/~jhernandez2) + +###### Q: Where can find all the signed-off ops doc? + +A: Documents accessed from the Content section of the ops doc wiki space [home page](https://confluence.opentext.com/display/ICSD/ITOM+Cloud+Service+Delivery) are signed-off documents, documents that have not been reviewed or approved will remain in the [Document Candidate](https://rndwiki.houston.softwaregrp.net/confluence/pages/viewpage.action?pageId=1278251186) section. + +Welcome to review the sign-off doc or if you find some errors in the document feel free to send the message to ITOM Cloud Service team: **ITOM Cloud Service Team ** diff --git a/knowledgebase/csd-wiki/ICSD/ITOM-Cloud-Service-Team_688992849.md b/knowledgebase/csd-wiki/ICSD/ITOM-Cloud-Service-Team_688992849.md new file mode 100644 index 00000000..9bdfbadd --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/ITOM-Cloud-Service-Team_688992849.md @@ -0,0 +1,79 @@ +# ITOM-Cloud-Service-Team_688992849 +## ITOM Cloud Service Team + +### Team Manager (2) + +| Name | Email | Manager | Region | Country | Main Role | +| --- | --- | --- | --- | --- | --- | +| Wei, Shen | [wshen@opentext.com](mailto:wshen@opentext.com) | Itay Laxer | APJ | China | People Manager | +| Joseiby Hernandez | [jhernandez2@opentext.com](mailto:jhernandez2@opentext.com) | Shen Wei | AMS | Costa Rica | People Manager | + +### PMO (1) + +| Name | Email | Manager | Region | Country | Main Role | +| --- | --- | --- | --- | --- | --- | +| Boglarka Ronai | [bronai@opentext.com](mailto:bronai@opentext.com) | Itay Laxer | EMEA | Romania | PMO | + +### ESM Cloud Service Team (11) + +- ITOM Cloud Service ESM Team [ITOMCloudServiceESMTeam@opentextcorporation.onmicrosoft.com](mailto:ITOMCloudServiceESMTeam@opentextcorporation.onmicrosoft.com) + +| Name | Email | Manager | Region | Country | Product | Main Role | +| --- | --- | --- | --- | --- | --- | --- | +| Heiner Fernandez | [hfernandez@opentext.com](mailto:hfernandez@opentext.com) | Joseiby Hernandez | AMS | Costa Rica | ESM | Cloud Ops | +| Randall Araya | [raraya@opentext.com](mailto:raraya@opentext.com) | Joseiby Hernandez | AMS | Costa Rica | ESM | Cloud Ops | +| Adina Iulia Lehene | [alehene@opentext.com](mailto:alehene@opentext.com) | Florin Pavel | EMEA | Romania | ESM | Cloud Ops | +| Maricel Plesuvu | [mplesuvu@opentext.com](mailto:mplesuvu@opentext.com) | Florin Pavel | EMEA | Romania | ESM | Cloud Ops | +| Miroslav Shindarov | [mshindarov@opentext.com](mailto:mshindarov@opentext.com) | Shen Wei | EMEA | Bulgaria | ESM | Cloud Ops | +| Liu, Yu | [yliu5@opentext.com](mailto:yliu5@opentext.com) | Shen Wei | APJ | China | ESM | Cloud DevOps | +| Sun, Wenjun | [wsun2@opentext.com](mailto:wsun2@opentext.com) | Shen Wei | APJ | China | ESM | Cloud DevOps | +| Xia, Sunny | [sxia2@opentext.com](mailto:sxia2@opentext.com) | Shen Wei | APJ | China | ESM | Cloud Ops | +| Ye, Ting | [tye@opentext.com](mailto:tye@opentext.com) | Shen Wei | APJ | China | ESM | Cloud Ops | +| Zhao Yun | [yzhao3@opentext.com](mailto:yzhao3@opentext.com) | Shen Wei | APJ | China | ESM | Cloud Ops | +| Jeremy Thunker | [jthunker@opentext.com](mailto:jthunker@opentext.com) | Shen Wei | AMS | USA | ESM | Cloud Ops (FedRamp) | + +### OpsB/NOM Cloud Service Team (10) + +- ITOM Cloud Service SO Team [ITOMCloudServiceSOTeam@opentextcorporation.onmicrosoft.com](mailto:ITOMCloudServiceSOTeam@opentextcorporation.onmicrosoft.com) + +| Name | Email | Manager | Region | Country | Product | Main Role | +| --- | --- | --- | --- | --- | --- | --- | +| Jones, Tyler | [tjones2@opentext.com](mailto:tjones2@opentext.com) | Shen Wei | AMS | USA | OpsB/NOM | Cloud DevOps | +| Prodan, Raluca | [rprodan@opentext.com](mailto:rprodan@opentext.com) | Florin Pavel | EMEA | Romania | OpsB/NOM | Cloud DevOps | +| Soare, Razvan Alexandru | [rsoare@opentext.com](mailto:rsoare@opentext.com) | Florin Pavel | EMEA | Romania | OpsB/NOM | Cloud DevOps | +| Krothamiddy, Sreekanth | [ksreekanth@opentext.com](mailto:ksreekanth@opentext.com) | Sajith Kumar | APJ | Inida | OpsB/NOM | Cloud DevOps | +| Prasad Mukkamala | [pmukkamala@opentext.com](mailto:pmukkamala@opentext.com) | Shen Wei | AMS | USA | OpsB/NOM | Cloud Ops | +| Girish J Babu | [gbabu@opentext.com](mailto:gbabu@opentext.com) | Sajith Kumar | APJ | India | OpsB/NOM | Cloud Ops | +| Javier Gerardo Mora | [jmora2@opentext.com](mailto:jmora2@opentext.com) | Joseiby Hernandez | AMS | Costa Rica | OpsB/NOM | Cloud Ops | +| Sandeep Kumar Swain | [sswain2@opentext.com](mailto:sswain2@opentext.com) | Sajith Kumar | APJ | India | OpsB/NOM | Cloud Ops | +| Andrei-Cosmin Turcu | [aturcu@opentext.com](mailto:aturcu@opentext.com) | Florin Pavel | EMEA | Romania | OpsB/NOM | Cloud Ops | +| Ioana Matei | [imatei@opentext.com](mailto:imatei@opentext.com) | Florin Pavel | EMEA | Romania | OpsB/NOM | Cloud Ops | + +### APM Cloud Service Team (5) + +- ITOM Cloud Services APM Team [ITOMCloudServicesAPMTeam@opentextcorporation.onmicrosoft.com](mailto:ITOMCloudServicesAPMTeam@opentextcorporation.onmicrosoft.com) + +| Name | Email | Manager | Region | Country | Product | Main Role | +| --- | --- | --- | --- | --- | --- | --- | +| Jose Marin | [jmarin@opentext.com](mailto:jmarin@opentext.com) | Joseiby Hernandez | AMS | Costa Rica | APM | Cloud Ops | +| Javier Fonseca | [jfonseca@opentext.com](mailto:jfonseca@opentext.com) | Joseiby Hernandez | AMS | Costa Rica | APM | Cloud Ops | +| Vibin Krishnan | [vkrishnan2@opentext.com](mailto:vkrishnan2@opentext.com) | Sajith Kumar | APJ | India | APM | Cloud Ops | +| Subbareddy Gandavarapu | [sgandavarapu@opentext.com](mailto:sgandavarapu@opentext.com) | Sajith Kumar | APJ | India | APM | Cloud Ops | +| Gulamnabi A Naikwadi | [gnaikwadi@opentext.com](mailto:gnaikwadi@opentext.com) | Sajith Kumar | APJ | India | APM | Cloud Ops | + +**Related pages** + +- Page: + [ESM Cloud Farm Version Tracking](/display/ICSD/ESM+Cloud+Farm+Version+Tracking) +- Page: + [How to get an Opentext Confluence account](/display/ICSD/How+to+get+an+Opentext+Confluence+account) +- Page: + [ITOM APM AppPluse Cloud Farm Information](/display/ICSD/ITOM+APM+AppPluse+Cloud+Farm+Information) +- Page: + [ITOM Cloud Service Ops Doc Management Process](/display/ICSD/ITOM+Cloud+Service+Ops+Doc+Management+Process) +- Page: + [ITOM ESM Cloud Service Catalog](/display/ICSD/ITOM+ESM+Cloud+Service+Catalog) +- Page: + [ITOM OpsB NOM Cloud Service Catalog](/display/ICSD/ITOM+OpsB+NOM+Cloud+Service+Catalog) +- Page: + [OpsB and NOM Cloud Deployments Version Tracking](/display/ICSD/OpsB+and+NOM+Cloud+Deployments+Version+Tracking) diff --git a/knowledgebase/csd-wiki/ICSD/ITOM-ESM-Cloud-Farm-Information_686079377.md b/knowledgebase/csd-wiki/ICSD/ITOM-ESM-Cloud-Farm-Information_686079377.md new file mode 100644 index 00000000..63097cf5 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/ITOM-ESM-Cloud-Farm-Information_686079377.md @@ -0,0 +1,20 @@ +# ITOM-ESM-Cloud-Farm-Information_686079377 +## ESM Farms (19) + +

AWS Account ID

AWS A ccount Old Alias

AWS Account New Alias

AWS Region

AWS Region Location

ESM SaaS Farms

FQDN

Status

Landing Zone Type

526837505522

itom-saassmaxdev-nonprod

Oregon

LOGGING

IN USE

685481450608

ITOM-SaaSSMAXUS6STGSTAGING-Prod

itom-esm1-ext-stg

us-west-2

Oregon

BACKUP

IN USE

GW LZ

945679946888

itom-smaxjp12-ext-stg

itom-esm2-ext-stg

ap-northeast-1

Tokyo

JP12-STG

jp12-smax-testing.saas.microfocus.com

IN USE

GW LZ

551360491749

ITOM-SaaSSMAXINTERNALCUSTSTAGING-Prod

itom-esm0-ext-stg

us-west-2

Oregon

US2-DEV

us2-smax-testing.saas.microfocus.com

IN USE

GW LZ

361684190412

ITOM-SaaSMAXTRIAL-Prod

itom-esm0-ext-trial

eu-central-1

Frankfurt

EU3-PROD

eu3-smax.saas.microfocus.com

IN USE

GW LZ

us-west-2

Oregon

US7-PROD

us7-smax.saas.microfocus.com

IN USE

GW LZ

609729173090

ITOM-SMAXINTERNALCUST-PROD

itom-esm0-ext-prod

us-west-2

Oregon

US2-PROD

us2-smax.saas.microfocus.com

IN USE

GW LZ

us-west-2

Oregon

US24-PROD

us24-smax.saas.microfocus.com

IN USE

GW LZ

616654404631

ITOM-SaaSSMAXUS6-Prod

itom-esm1-ext-prod

us-west-2

Oregon

US6-PROD

us6-smax.saas.microfocus.com

IN USE

GW LZ

eu-central-1

Frankfurt

EU8-PROD

eu8-smax.saas.microfocus.com

IN USE

GW LZ

eu-central-1

Frankfurt

EU18-PROD

eu18-smax.saas.microfocus.com

IN USE

GW LZ

ap-southeast-2

Sydney

AP10-PROD

ap10-smax.saas.microfocus.com

IN USE

GW LZ

772889804459

ITOM-SaaSSMAXjp12-Prod

itom-esm2-ext-prod

ap-northeast-1

Tokyo

JP12-PROD

jp12-smax.saas.microfocus.com

IN USE

GW LZ

sa-east-1

San Paulo

BR14-PROD

br14-smax.saas.microfocus.com

IN USE

GW LZ

ca-central-1

Canada Central

CA16-PROD

ca16-smax.saas.microfocus.com

IN USE

GW LZ

af-south-1

Cape Town

SA34-PROD

sa34-smax.saas.microfocus.com

IN USE

GW LZ

eu-central-1

Frankfurt

EU38-PROD

eu38-smax.saas.microfocus.com

IN PREPARATION

GW LZ

439259180524

itom-esm3-ext-prod

itom-esm3-ext-prod

us-west-2

Oregon

US26-PROD

us26-smax.saas.microfocus.com

IN USE

GW LZ

402637475238

itom-esm4-ext-prod

eu-central-1

Frankfurt

EU28-PROD

eu28-smax.saas.microfocus.com

IN USE

GW LZ

+ +## ITOM Aviator Farms (2) + +| **AWS Account ID** | **AWS Account Alias** | **AWS Region** | **AWS Region Location** | **ITOM Aviator SaaS Farms ** | **Description** | **Status** | **Landing Zone Type** | +| --- | --- | --- | --- | --- | --- | --- | --- | +| 824517076529 | ITOM-Aviator1-EXT-STG | us-west-2 | Oregon | ###### US30-STG-ITOMAVIATOR | ITOM Aviator US30 | IN USE | GW LZ | +| 521526956341 | ITOM-Aviator0-EXT-PROD | eu-central-1 | Frankfurt | ###### EU30-PROD-ITOMAVIATOR | ITOM Aviator EU30 | IN USE | GW LZ | +| 402637475238 | ITOM-ESM4-EXT-PROD | eu-central-1 | Frankfurt | ###### EU32-PROD-ITOMAVIATOR | ITOM Aviator EU32 | IN USE | GW LZ | + +## DCA/SA Reporting Instances (5) + +

AWS Account ID

AWS Account Alias

AWS Region

AWS Region Location

DCA SaaS Instances

Description

Status

Landing Zone Type

305010689464

itom-dca-ext-prod

eu-central-1

Frankfurt

To be cleaned

Classic LZ

264669891072

itom-dca-ext-stg

eu-central-1

Frankfurt

To be cleaned

Classic LZ

752576076998

ITOM-DCA2-EXT-PROD

eu-central-1

Frankfurt

Oregon

eu2-prod-dca

eu2-prod-dca - TechM DCA Prod

IN USE

GW LZ

us6-prod-sareporting

us6-prod-sareporting for Great Eastern

IN USE

GW LZ

756681444987

ITOM-DCA2-EXT-STG

eu-central-1

Frankfurt

eu4-stg-dca

eu4-stg-dca - TechM DCA Dev

IN USE

GW LZ

Frankfurt

eu3-trial-dca

eu3-trial-dca - DCA PM demo

GW LZ

Sydney

ap5-trial-dca

ap5-trial-dca -> DCA Presales Trial/PoC

GW LZ

Oregon

us8-stg-sareporting

us8-stg-sareporting - Great Easten

IN USE

GW LZ

411804813517

itom-dca-ext-demo

NOT USE

877314495298

itom-dcasaasdev-ext-stg

NOT USE

+ +## SBM Instances + +
AWS AccountAWS Account AliasAWS Region

AWS Region Location

SBM InstancesFDQNDescriptionStatus
719681605826microfocuscloudeu-west-1IrelandSource

source.microfocuscloud.com/workcenter (Work Center)

source.microfocuscloud.com/mashupmgr (App Repo)

Primarily used for P2M for OT products, but contains a variety of business process workflows.

IN USE

Sourcetestsourcetest.microfocuscloud.com/workcenterWorkflow development environment for Source. Shares repository with Source.

IN USE

RIO

rio.microfocuscloud.com/workcenter

sdadmin.microfocuscloud.com/mashupmgr

Primarily used for License Verification and GRE workflows, but contains a variety of business process workflows.

IN USE

RIOtest

riotest.microfocuscloud.com/workcenter

riotest.microfocuscloud.com/mashupmgr

Workflow development for RIO.

IN USE

SBMOD

sbm.microfocuscloud.com/workcenter

sbm.microfocuscloud.com/mashupmgr

Workflows for Professional Services teams associated with AMC. Will likely be shuttered after divestiture. Only instance not using federated authentication due to mixture of internal/external accounts.

IN USE

diff --git a/knowledgebase/csd-wiki/ICSD/ITOM-ESM-Cloud-Service-Catalog_688996649.md b/knowledgebase/csd-wiki/ICSD/ITOM-ESM-Cloud-Service-Catalog_688996649.md new file mode 100644 index 00000000..6c74fc50 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/ITOM-ESM-Cloud-Service-Catalog_688996649.md @@ -0,0 +1,55 @@ +# ITOM-ESM-Cloud-Service-Catalog_688996649 +Created by, last modified by Adina Lehene on Sep 05, 2025 EDT + +## Introduction + +This document lists all the cloud services that are currently supported by ESM Cloud Service Team. + +If the product team needs to add new Cloud services to customers, please refer to: [ITOM Cloud Service Delivery Approval Process for New Services](ITOM-Cloud-Service-Delivery-Approval-Process-for-New-Services_688996646.html) + +## Service Catalog + +### Product Cloud Services + +
CategorySerivce NameDescriptionAudienceService Request methodRelated DocumentsService Level TargetService OwnerStatus
Trial ServiceRequest a SMAX Premium TrialThis Offering is used for requesting a SMAX Premium trial tenantOpentext InternalSubmit Service Request via X4X

No ops eng intervention

3 business days

CSD

IN USE

Request an ESM SaaS Trial/PoC Tenant (SMAX, AMX, CMS, OO)If you require a Tenant that includes more than just SMAX, you can use this offering to request. ( for HCMX please use the other offering in our Service Catalog)Opentext InternalSubmit Service Request via X4X

FAQ for SaaS Product Trials

How to provision X4X offering

3 business days

CSD

IN USE

Request an ESM SaaS Trial/PoC Tenant (UD Standalone)If you require a Tenant that includes only Universal Discovery and CMDB (no native SACM, SAM, no more post configuration), you can use this offering to request.Opentext InternalSubmit Service Request via X4X

FAQ for SaaS Product Trials

X4X offering

3 business days

CSD

IN USE

Request a HCMX SaaS Trial/PoC TenantPlease use this offering to request a HCMX Trial/PoC tenantOpentext InternalSubmit Service Request via X4X

FAQ for SaaS Product Trials
How to provision X4X offering

3 business days

CSD

IN USE

Request Customer Web TrialThis Offering is used for requesting a SMAX only web trial for external customerExternal Trial CustomerOpentext web portal

FAQ for Customer Web Trial Process

3 business days

CSD

IN USE

Request IT Operations Aviator Trial (SMAX/OPSBRIDGE)Please use this offering to request Aviator either to be added to an existing SMAX Trial / PoC Tenant or to request Aviator for OpsBridge.Opentext InternalSubmit Service Request via X4XAdd the Aviator capability
Aviator-OpsB Confl. art.
3 business days

CSD

IN USE

Extend duration for a specific Trial (SMAX, AMX, HCMX)Request to extend the duration for specific Trial tenant.Opentext InternalSubmit Service Request via X4X

FAQ for SaaS Product Trials

2 business days

CSD

IN USE

Request Tenant DecomissionCollect the tenant that is not used any more. Submit request to decommission the Trial/Poc tenantOpentext InternalSubmit Service Request via X4X

FAQ for SaaS Product Trials
X4X offering

5 business days

CSD

IN USE

Version Upgrade ServiceProduct Major Version Upgrade on ESM Cloud Farms

Planned Standard Change

External Paid Customers
Submit Change Request in OT SM9

Product Version Upgrade
OT Doc SMAX 25.3 sample

According to the change plan

CSD

IN USE

Product Patch Upgrade on ESM Cloud FarmsPlanned Standard ChangeExternal Paid Customers
Submit Change Request in OT SM9According to the change plan

CSD

IN USE

Apply Urgent Hotfix on ESM Cloud FarmsUnplanned Production ChangeExternal Paid Customers
Submit unplanned production change request via X4XAccording to the change plan

CSD

IN USE

EKS AMI Rotation on ESM Cloud FarmsThis service is used to periodically update the EKS worker node server AMI to meet security requirementsExternal Paid Customers
Submit Change Request in OT SM9According to the change plan

CSD

IN USE

Cloud Deployment ServiceDeploy a new ESM (SMAX+CMS+OO+HCMX/FinOps) Cloud Farm

This service is based on the business need to deploy a new ESM Farm and complete all the productionized tasks which include:

  • Cloud Applicaiton monitoring
  • Service Availbility monitoring
  • Configure AWS backup plan
  • Operation Automation to support this new farm
  • Tenant Provision Automation to support this new farm
  • etc.
External Paid Customers
Business Driven

According to the business plan

It takes about 1 month from project establishment to budget approval to final farm delivery

CSD

IN USE

Monitoring ServiceProduct Major Functionalities Service Avalibility CheckThis service means that when there is a new farm, or a new capbility in the product that requires a customized Service Availability check, the Cloud Servcie team needs to assist the product team and work with the APM Scripting team, Service Center team to configure and implement the APM monitoring.External Paid Customers
For new capability or product that need to have service availbility check please contact Cloud Service team24x7

CSD

IN USE

ESM Service Health Web App
  • Real-time major functionalities service healthy status
  • Publish monthly SLA result
  • Publish major incident report
  • Publish planned maintanance window schedule
External Paid Customers
24x7

CSD

IN USE

Disaster Recovery ServiceDisaster Recovery ServiceAccording to the SaaS service description, when a disaster occurs in the region where the cloud application is located, cloud application recovery and data recovery can be performed in other available areas based on the remote-region backup data. Recover the customer's business within the committed RPO/RTOExternal Paid Customers

(Document need to be updated)

24x7

CSD

IN USE

Disaster Recovery Integrity Testing and ReportAccording to the SaaS service description, conduct DR validation testing regularly and provide relevant testing reportExternal Paid Customers

(Document need to be updated)

N/A

CSD

IN USE

Cross Region & Cross AWS Account data backup serviceCross-account, cross-region data (AWS RDS, AWS EFS, K8S velero, AWS S3) backup service for all deployed customer production farmsExternal Paid Customers

(Document need to be updated)

N/A

CSD

IN USE

Security ServiceProvide service to apply OS security patch or apply remediation to all Cloud farms or AWS account according to security scan result

Implement Qualys, Prisma scans on each production AWS account and based on the results of the scans perform the necessary remediation work according to priority

External Paid CustomersN/A

CSD

IN USE

Update Cloud Application WAF rules, and provide WAF logs

Regularly update Cloud Application WAF rules, and provide WAF logs to facilitate product engineering team observation and improve WAF protection mechanisms

External Paid Customers(Document need to be updated)N/A

CSD

IN USE

Cost Optimization ServiceConduct regular multi-dimensional audits of account spending and identify where savings can be madeFrom time to time, based on the results of daily audits and review to find opptunity to save AWS cost and covert to tasks to be executed by Cloud Service teamExternal Paid CustomersN/A

CSD

IN USE

Cloud Readiness ServiceNew product/Product new capability Cloud Readiness Review ServiceThis service is used to discuss and review the cloud-readiness of new product or new capabilities derived from products.Opentext InternalBusiness DrivenAccording to the business plan

CSD

IN USE

+ +### Customer Cloud Services + +
CategorySerivce NameDescriptionAudienceService Request methodRelated DocumentsService Level TargetService OwnerStatus
Customer Cloud Service OfferingSMAX: Add an integration userThis service is to assist customer to create integration user for various external intergrations with SMAX tenantExternal Paid CustomersSubmit Service Request via PCS2 business days

CSD

IN USE

ESM: License updateThis service is to assist customer to renew license or update license allocationExternal Paid CustomersSubmit Service Request via PCS5 business days

CSD

IN USE

SMAX: Configure SAML authenticationThis service is to assist customer to configre SAML SSO authentication for SMAX tenant.External Paid CustomersSubmit Service Request via PCS5 business days

CSD

IN USE

SMAX: Configure OAuth authenticationConfigure the OAuth authentication for the OpenText SaaS customer accountExternal Paid CustomersSubmit Service Request via PCS5 business days
SMAX: Configure custom domain (NLZ)This service is to assist customer to configure custom domain for SMAX tenantExternal Paid CustomersSubmit Service Request via PCS5 business days

CSD

IN USE

SMAX: Configure custom mail senderThis service is to support customer configure their own custom email address as sender in SMAX tenant but also for customers who want to change the default "Email From Name"External Paid CustomersSubmit Service Request via PCS

Configure custom mail sender, dedicated AWS SES users
OT Doc

5 business days

CSD

IN USE

SMAX: Customize login/logout screenThis service is to configure the theme settings of the login and logout pages for customer tenant to suit customer company's look and feelExternal Paid CustomersSubmit Service Request via PCS5 business days

CSD

IN USE

SMAX: Decommission customer tenantThis service occurs when a customer exits ESM Cloud and needs to comply with the relevant customer exit process to perform relevant tasks.External Paid CustomersSubmit Service Request via PCS5 business days

CSD

IN USE

ESM: Enable ESM capabilities (CMS/OO/FinOps/AC)External Paid CustomersSubmit Service Request via PCS5 business days

CSD

IN USE

SMAX: Maintain customized language packageExternal Paid CustomersSubmit Service Request via PCS5 business days

CSD

IN USE

SMAX: Modify allowed attachement file typesThis service is to support customer to add allow attachment types in their tenantExternal Paid CustomersSubmit Service Request via PCS5 business days

CSD

IN USE

SMAX: Modify maximum attachement sizeExternal Paid CustomersSubmit Service Request via PCS5 business days

CSD

IN USE

SMAX: Customer domain certificate renewalBased on the customer SMAX tenant that has configured the custom domain, if the custom domain certificate expires, can use this service to renew domain certificatesExternal Paid CustomersSubmit Service Request via PCS5 business days

CSD

IN USE

SMAX: Configure IP allowing list serviceFor customers who have purchased the IP allowlisting service, please use this offering to provide the list of IP addresses or IP ranges to be configured by OpenText to control the access to your tenant.External Paid CustomersSubmit Service Request via PCS(Document need to be updated)5 business days

CSD

IN USE

ESM: Request a new ESM Dev/QA tenantExternal Paid CustomersSubmit Support/Service Request via PCS(Document need to be updated)5 business days

CSD

IN USE

ESM: Request Power BI gatewayThis service is to assist customers in generating FinOps reports using Power BIExternal Paid CustomersSubmit Support/Service Request via PCS5 business days

CSD

IN USE

UCMDB: Disable Native SACM and enhanced CI in SaaS

This service is to disable Native SACM feature between SMAX and UCMDB and also disable enhanced CI in UCMDB

External Paid CustomersSubmit Support/Service Request via PCS5 business days

CSD

IN USE

Aviator: Enable ITOM Aviator for ESM cloud tenant

Enable ITOM Aviator AI Service on existing customer's SMAX/UCMDB tenant

External Paid CustomersSubmit Support/Service Request via PCS5 business days

CSD

IN USE

Aviator: Setup Configuration for hybrid mode

For customers that have purchased Hybrid Aviator (Connecting our OpenText Public Cloud Aviator Service to your on premise or private cloud SMAX tenant), please submit your details below so we can start the provisioning process.

External Paid CustomersSubmit Support/Service Request via PCS5 business days

CSD

IN USE

Operation Platform: Enable Operation Platform capability (OP/UIS/ODL)

Enable Operation Platform on top of existing ESM customer tenant

External Paid CustomersSubmit Support/Service Request via PCS5 business days

CSD

IN USE

Customer CommunicationCustomer CommunicationCustomer communication via emails, service health page, PCS news to communicate planned standard changesExternal Paid Customers

Send email notification via PCS

Publish news in Service Health Page

N/A

CSD

IN USE

Customer Cloud OnboardingNew SaaS Customer Onboarding Service
  • SaaS order Fulfillment
  • Product License Generation
  • Provision Customer Tenants (Prod/Dev)
  • Allocate license to customer tenants
  • Tenant initial configuraiton
  • Send customer notification with tenant detail
  • Welcome call (Handled by CSM)
External Paid Customers2 business days

CSD

IN USE

Off-Cloud customer migrate to ESM Cloud FarmsOperation tasks to support off-cloud customer migrate to ESM cloud farm. Including tenant data import, EFS data import etc.External Paid Customers(Document need to be updated)According to the business plan

CSD

CLOUD RND

IN USE

Incident ManagementRespond to Major Incident and follow established runbooks to quickly restore SaaS servicesWhen a service outage occurs in the cloud environment, intervene as soon as possible and restore the service as quickly as possible according to the existing ops runbook.External Paid Customers

Major Incident Management Process
RnD WIki SaaS Coverage

24x7

CSD

IN USE

Major Incident RCA Tracking & Customer NotificationRoot cause analysis for major incidents occurring in the Cloud environment. Work with the engineering team to develop corrective action & preventive actionExternal Paid Customers24x7

CSD

CLOUD RND

IN USE

+ +### Internal Cloud Services + +
CategorySerivce NameDescriptionAudienceService Request methodRelated DocumentsService Level TargetService OwnerStatus
Internal Cloud Service for product engineeringUplanned Production Change Service

This service is used to handle the current unplanned changes on Cloud production environments other than planned regular major version pgrade & patch deployment. According to the current practice, these actions include but are not limited to:

  • Emergency unplanned hotfix
  • Data change in production database (not included in patch/upgrade)
  • Unplanned configuration change in production application
  • Unplanned application K8S configuration change (Adjust pod number, pod size, yaml configuration etc.)
  • Unplanned WAF Change
  • etc.
Product EngineeringSubmit unplanned production change request via X4X

CSD

IN USE

Operational Document Review & Approval ServiceThis service is used to review and approve a variety of Ops documents submitted from the RnD TeamProduct EngineeringSubmit Ops doc

CSD

IN USE

Review & Approval for New ServiceThis process applies to all new cloud services introduced due to product upgrades, feature additions, or customer requirements. No service shall be made available to customers without prior approval from the Cloud Service Delivery team.Product EngineeringSubmit new service request form

CSD

IN USE

+ +### EU-Managed Cloud Services + +| Category | Serivce Name | Description | Audience | Service Request method | Related Documents | Service Level Target | Service Owner | Status | +| --- | --- | --- | --- | --- | --- | --- | --- | --- | +| EU-Managed Cloud Service | **EU-Managed Cloud Service** | EU-Managed cloud service specifically refers to the special cloud service provided for specific EMEA customers, with specialized EMEA Cloud Ops engineer (EU residents) to perform various operations. | | | | | CSD | IN USE | + +### FedRAMP Cloud Services + +| Category | Serivce Name | Description | Audience | Service Request method | Related Documents | Service Level Target | Service Owner | +| --- | --- | --- | --- | --- | --- | --- | --- | +| | | | | | | | | +| | | | | | | | | +| | | | | | | | | +| | | | | | | | | +| | | | | | | | | + +**Related pages** + +- Page: + [ESM Cloud Farm Version Tracking](/display/ICSD/ESM+Cloud+Farm+Version+Tracking) +- Page: + [How to get an Opentext Confluence account](/display/ICSD/How+to+get+an+Opentext+Confluence+account) +- Page: + [ITOM APM AppPluse Cloud Farm Information](/display/ICSD/ITOM+APM+AppPluse+Cloud+Farm+Information) +- Page: + [ITOM Cloud Service Ops Doc Management Process](/display/ICSD/ITOM+Cloud+Service+Ops+Doc+Management+Process) +- Page: + [ITOM ESM Cloud Service Catalog](/display/ICSD/ITOM+ESM+Cloud+Service+Catalog) +- Page: + [ITOM OpsB NOM Cloud Service Catalog](/display/ICSD/ITOM+OpsB+NOM+Cloud+Service+Catalog) +- Page: + [OpsB and NOM Cloud Deployments Version Tracking](/display/ICSD/OpsB+and+NOM+Cloud+Deployments+Version+Tracking) diff --git a/knowledgebase/csd-wiki/ICSD/ITOM-ESM-Farm-Capacity-planning_706818364.md b/knowledgebase/csd-wiki/ICSD/ITOM-ESM-Farm-Capacity-planning_706818364.md new file mode 100644 index 00000000..759f0b1a --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/ITOM-ESM-Farm-Capacity-planning_706818364.md @@ -0,0 +1,62 @@ +# ITOM-ESM-Farm-Capacity-planning_706818364 +## Introduction + +This page presents the ESM farm capacity planning. + +## Principles + +1. SMAX + 1. Farm specific capacity for SMAX (Unit level) + | | Production only license threshold (premium + express) | Actions | Sizing | + | --- | --- | --- | --- | + | N/A | 0-2000 unit (0-1000 concurrent users, ie. cc) | No action. Starting from medium profile | Medium | + | Alert 0 | 2000 unit (1000 cc) | Slightly changing pod sizing based on the inputs from RnD | Medium+ | + | Alert 1 | 4000 unit (2000 cc) | Stop migrating in on-prem customers | Change profile to large | + | Alert 2 | 4600 unit (2300 cc) | Stop migrating in on-prem customers and stop adding big customers | | + | **Alert 3** | **5200 unit (2600 cc)** | **Stop adding customers** | | + 2. Sizing reference from SMAX + | Suite Product | Tenants | Size | + | --- | --- | --- | + | SMAX | 100-400 | Small | + | SMAX | 400-1000 | Medium\* | + | SMAX | 1000-3000 | Large | + \*Normally SMAX sizing starts from Medium as it comes with better HA planning +2. UCMDB + 1. Farm specific capacities are listed below + | Suite Product | Max number of CI and Relationship | Size | + | --- | --- | --- | + | UCMDB | 10 million | Small | + | UCMDB | 60 million | Medium | + | UCMDB | 200 million | Large | +3. OO + 1. | Suite Product | Tenants | Size | + | --- | --- | --- | + | OO | 1-5 | Small | + | OO | 6-20 | Medium | + +## Examples + +1. In a scenario with 4057 SMAX Premium license and 1005 SMAX Express license units. + The farm is close to out of capacity. + Once the SMAX total prod license unit increase to 5200 units (current water mark 4057+1005=5062, 138 units to go), we need to stop adding customers. + \[ESM License Detail\] + + ![](attachments/706818364/706818359.png) +2. Getting the UCMDB(CMS) Data Volume for a specific farm: \[CMS Data Volume\] PowerBI View. + 39M means the volume is between small and medium. + ![](attachments/706818364/706818368.png) + +## Reference + +1. [ESM License Detail view in PowerBI](https://app.powerbi.com/groups/fac06a69-6340-4715-b8fe-4bdc0ca9af14/reports/cf509ffe-325f-4c1b-a507-44b93e6d85ca/ReportSection891dd10b023c6bea3200?experience=power-bi) +2. [CMS Data Volume view in PowerBI](https://app.powerbi.com/groups/fac06a69-6340-4715-b8fe-4bdc0ca9af14/reports/cf509ffe-325f-4c1b-a507-44b93e6d85ca/ReportSection3f1633da808b452a8ee6?experience=power-bi) +3. [SMAX/ESM Sizing considerations for EKS deployment](https://docs.microfocus.com/doc/SMAX/23.4/EKSSizing) +4. [Universal Discovery license overview](https://docs.microfocus.com/doc/UCMDB/2023.05/DscvrLicOvrvw) +5. [Universal Discovery and CMDB SaaS Service Description](https://www.microfocus.com/media/documentation/micro-focus-universal-discovery-and-cmdb-software-as-a-service-service-description-documentation.pdf) +6. [ITOM ESM PowerBI Report](https://app.powerbi.com/groups/fac06a69-6340-4715-b8fe-4bdc0ca9af14/list?experience=power-bi) +7. [AWS Cost Estimation Template for ESM SaaS 2023.05\_v1.2.xlsx](https://opentextcorporation-my.sharepoint.com/:x:/g/personal/jhuang4_opentext_com/EVGXfAyN_9tNsMOJ-SnnZvsB4orBiy9LLvrcHj-W4Rs08A?e=EtZUnk) + +## Attachments: + +[image-2025-6-10\_17-12-46.png](attachments/706818364/706818359.png) (image/png) +[image-2025-6-10\_17-17-6.png](attachments/706818364/706818368.png) (image/png) diff --git a/knowledgebase/csd-wiki/ICSD/ITOM-ESM-License-Units-conversion_688996323.md b/knowledgebase/csd-wiki/ICSD/ITOM-ESM-License-Units-conversion_688996323.md new file mode 100644 index 00000000..ca0960dd --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/ITOM-ESM-License-Units-conversion_688996323.md @@ -0,0 +1,47 @@ +# ITOM-ESM-License-Units-conversion_688996323 +## Introduction + +This page presents the conversion of ITOM ESM License unit to sizing units. + +## Principles + +1. SMAX + 2 SMAX License Unit = 2 Named Users or 1 Concurrent User. + | Suite Product | License Unit | Licensed User | Sizing factor | + | --- | --- | --- | --- | + | SMAX | 2 | 2 Named User or 1 Concurrent User (Both of them are licensed users) | 1 Licensed User = 2.5 Online User | +2. CMS + 1. 1 Unit = 1 UD Full license + 2. Everything else is a ratio of the UD Full License + | Type | Server (Unit) | Workstation (Unit) | Docker (Unit) | + | --- | --- | --- | --- | + | Premium Discovery (UD Full) | 1 | 0.1 | 0.1 | + | Express Discovery (UD Inventory) | 0.1 | 0.1 | 0.1 | + 3. There is a simple calculation for CIs: 1 Full License / Asset Discovery License = 1000 CIs +3. OO + 1. Premium SMAX license will get two OO workflow for free. + +## Example + +1. There is one order with 1430 SMAX Units + 6500 UD Units. + 1. SMAX: + It can be 1430 named users or 715 concurrent users. So the online user range is 715 ~ 1430 x 2.5 = 1787.5 ~ 3575 Online users. + According to [SMAX/ESM Sizing considerations for EKS deployment](https://docs.microfocus.com/doc/SMAX/23.4/EKSSizing), it's medium to **large sized SMAX**. + 2. CMS: + 6500 UD Units is 6.5 million CIs. Normally ESM offer two sets of tenants: development and production. Then it's 13 million CIs in total. If it's an order with SMAX Premium, there will be more free CI being generated in CMS. Adding 50% to 100% here, then it's 19.5 to 26 million CIs. + According to CMS Section in [SMAX/ESM Sizing considerations for EKS deployment](https://docs.microfocus.com/doc/SMAX/23.4/EKSSizing), it's **medium sized CMS**. + 3. OO: + **Small sized OO** if there is only one. + +## FAQ + +1. Why the CMS size is doubled and SMAX is not doubled due to two tenants? + A: For SMAX, normally customer won't share dev tenant to end users, so there is very few users on Dev tenant. For CMS, once the CI data is loading to CMS, it's consuming the CMS resources, that's the reason it's doubled. + +## Reference + +1. [SMAX/ESM Sizing considerations for EKS deployment](https://docs.microfocus.com/doc/SMAX/23.4/EKSSizing) +2. [Universal Discovery license overview](https://docs.microfocus.com/doc/UCMDB/2023.05/DscvrLicOvrvw) +3. [Universal Discovery and CMDB SaaS Service Description](https://www.microfocus.com/media/documentation/micro-focus-universal-discovery-and-cmdb-software-as-a-service-service-description-documentation.pdf) +4. [ITOM ESM PowerBI Report](https://app.powerbi.com/groups/fac06a69-6340-4715-b8fe-4bdc0ca9af14/list?experience=power-bi) +5. [AWS Cost Estimation Template for ESM SaaS 2023.05\_v1.2.xlsx](https://opentextcorporation-my.sharepoint.com/:x:/g/personal/jhuang4_opentext_com/EVGXfAyN_9tNsMOJ-SnnZvsB4orBiy9LLvrcHj-W4Rs08A?e=EtZUnk) diff --git a/knowledgebase/csd-wiki/ICSD/ITOM-Operation-Platform_688996761.md b/knowledgebase/csd-wiki/ICSD/ITOM-Operation-Platform_688996761.md new file mode 100644 index 00000000..345970d7 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/ITOM-Operation-Platform_688996761.md @@ -0,0 +1,12 @@ +# ITOM-Operation-Platform_688996761 +1. [ITOM Cloud Service Delivery](index.html) +2. [ITOM Cloud Service Delivery](ITOM-Cloud-Service-Delivery_681555087.html) +3. [💠3 - Operation & Maintenance](682933064.html) +4. [Operational Runbook](Operational-Runbook_686073475.html) +5. [Standard Ops Runbook](Standard-Ops-Runbook_686073477.html) + +Created by on Feb 08, 2025 EST + +Document generated by Confluence on Sep 15, 2025 22:26 EDT + +[Atlassian](https://www.atlassian.com/) diff --git a/knowledgebase/csd-wiki/ICSD/ITOM-OpsB-NOM-Cloud-Service-Catalog_688996652.md b/knowledgebase/csd-wiki/ICSD/ITOM-OpsB-NOM-Cloud-Service-Catalog_688996652.md new file mode 100644 index 00000000..54d1c83b --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/ITOM-OpsB-NOM-Cloud-Service-Catalog_688996652.md @@ -0,0 +1,37 @@ +# ITOM-OpsB-NOM-Cloud-Service-Catalog_688996652 +## Introduction + +This document lists all the cloud services that are currently supported by OpsB/NOM Cloud Service Team. + +If the product engineering team needs to add new cloud services to customers, please refer to: [ITOM Cloud Service Delivery Approval Process for New Services](https://confluence.opentext.com/display/ICSD/ITOM+Cloud+Service+Delivery+Approval+Process+for+New+Services) + +## Service Catalog + +### Product Cloud Services + +
CategorySerivce NameDescriptionAudienceService Request MethodRelated DocumentsService Level TargetService OwnerStatus
Trial ServiceRequest an OpsBridge SaaS Trial environmentIf you require an OpsBridge SaaS Trial for a prospective customer, you can use this offering to request one. The environment will be available for 30 days. An extension may be granted if there is a business need.Opentext InternalSubmit Service Request via X4X

CSD

IN USE

Request a NOM SaaS Trial environmentIf you require a NOM SaaS Reporting trial for a prospective customer, you can use this offering to request one.Opentext InternalSubmit Service Request via X4X

CSD

IN USE

Version Upgrade ServiceProduct Major Version Upgrade on OpsB Cloud Instance

Planned Standard Change

External Paid Customers
Submit Change Request in PPM Essential

CSD

IN USE

Product Patch Upgrade on OpsB Cloud InstancePlanned Standard ChangeExternal Paid Customers
Submit Change Request in PPM Essential

CSD

IN USE

Product Major Version Upgrade on NOM Cloud Instance

Planned Standard Change

External Paid Customers
Submit Change Request in PPM Essential

CSD

IN USE

Product Patch Upgrade on NOM Cloud InstancePlanned Standard ChangeExternal Paid Customers
Submit Change Request in PPM Essential

CSD

IN USE

Apply urgent hotfix on OpsB/NOM Cloud InstancesUnplanned Production ChangeExternal Paid Customers
Submit unplanned production change request via X4X

CSD

IN USE

EKS AMI Rotation on OpsB/NOM Cloud InstancesThis service is used to periodically update the EKS worker node server OS to meet security requirementsExternal Paid Customers
Submit Change Request in PPM Essential

CSD

PENDING

Cloud Deployment ServiceDeploy a new OpsB Premium Instance

This service is based on the business need to deploy a new ESM Farm and complete all the productionized tasks which include:

  • Cloud Applicaiton monitoring
  • Service Availability monitoring
  • Configure AWS backup plan
  • Operation Automation to support this new farm
  • Tenant Provision Automation to support this new farm
  • etc.
External Paid Customers
Business Driven

CSD

IN USE

Deploy a new OpsB Reporting InstanceExternal Paid CustomersBusiness Driven

CSD

IN USE

Deploy a new AppO (Appliation Observability) InstanceExternal Paid CustomersBusiness Driven

CSD

IN USE

Deploy a new AI Ops Management (OpsB Express) InstanceExternal Paid CustomersBusiness Driven

CSD

IN USE

Deploy a NOM Reporting InstanceExternal Paid CustomersBusiness Driven

CSD

IN USE

Deploy a CNO (Cloud Network Observability) InstanceExternal Paid CustomersBusiness Driven

CSD

IN USE

Deploy a NOM Express InstanceExternal Paid CustomersBusiness Driven

CSD

IN USE

Monitoring ServiceProduct Major Functionalities Service Avalibility CheckThis service means that when there is a new farm, or a new capbility in the product that requires a customized Service Availability check, the Cloud Servcie team needs to assist the product team and work with the APM Scripting team, Service Center team to configure and implement the APM monitoring.External Paid Customers
For new capability or product that need to have service availbility check please contact Cloud Service team24x7

CSD

IN USE

OpsB Service Health Web App
  • Real-time major functionalities service healthy status
  • Publish monthly SLA result
  • Publish major incident report
  • Publish planned maintenance window schedule
External Paid Customers

CSD

IN USE

NOM Service Health Web App
  • Real-time major functionalities service healthy status
  • Publish monthly SLA result
  • Publish major incident report
  • Publish planned maintenance window schedule
External Paid Customers

CSD

IN USE

Disaster Recovery ServiceOpsB/NOM Disaster Recovery ServiceAccording to the SaaS service description, when a disaster occurs in the region where the cloud application is located, cloud application recovery and data recovery can be performed in other available areas based on the remote-region backup data. Recover the customer's business within the committed RPO/RTOExternal Paid Customers

(Document need to be updated)

24x7

CSD

IN USE

OpsB/NOM Disaster Recovery Integrity Testing and ReportAccording to the SaaS service description, conduct DR validation testing regularly and provide relevant testing reportExternal Paid Customers

(Document need to be updated)

N/A

CSD

IN USE

Cross Region & Cross AWS Account data backup serviceCross-account, cross-region data (AWS RDS, AWS EFS, K8S velero, AWS S3) backup service for all deployed customer production farmsExternal Paid Customers

(Document need to be updated)

N/A

CSD

IN USE

Security ServiceProvide service to apply OS security patch or apply remediation to all Cloud farms or AWS account according to security scan result

Implement Qualys, Prisma scans on each production AWS account and based on the results of the scans perform the necessary remediation work according to priority

External Paid CustomersN/A

CSD

IN USE

Update Cloud Application WAF rules, and provide WAF logs

Regularly update Cloud Application WAF rules, and provide WAF logs to facilitate product engineering team observation and improve WAF protection mechanisms

External Paid Customers(Document need to be updated)N/A

CSD

IN USE

Cost Optimization ServiceConduct regular multi-dimensional audits of account spending and identify where savings can be madeFrom time to time, based on the results of daily audits and review to find opptunity to save AWS cost and covert to tasks to be executed by Cloud Service teamExternal Paid CustomersN/A

CSD

IN USE

Cloud Readiness ServiceNew product/Product new capability Cloud Readiness Review ServiceThis service is used to discuss and review the cloud-readiness of new product or new capabilities derived from products.Opentext InternalBusiness DrivenAccording to the business plan

CSD

IN USE

+ +### Customer Cloud Services + +
CategorySerivce NameDescriptionAudienceService Request methodRelated DocumentsService Level TargetService OwnerStatus
Customer Cloud Service OfferingAll iHub related configurations
Integration Configuration (eg, Edge, BYOBI, BPM direct, SMAX, OO, Aviator)
Install OBM/RTSM content packs/packages
Configure SAML authentication
Renew certificate/metadata for SAML authentication
Install OPTIC DL content
Disable/enable AEC
Move global ID generator (eg, if UCMDB added later or OBM MoM on-prem eliminated later)
Change OBM config (Infra Settings, user roles, event forwarding)
Add views to OBM user roles
Export OPTIC DL to S3 bucket
Provide IDM audit log
Update Connected Server, hostname resolution, XPL config if OBM on-prem changes IP/hostname
Update trusted CA certificates if OBMs on-prem added/removed
Deactivate and activate the marble_dashboard_tql in JMX if a customer has modified/added a triplet

Network firewall changes if customer CIDR changes

ESM: Enable ITOM Aviator AI Service

Enable ITOM Aviator AI Service on existing customer's SMAX tenant

External Paid CustomersSubmit Support/Service Request via PCS

CSD

IN USE

Customer Cloud OnboardingNew SaaS Customer Onboarding Service
  • SaaS order Fulfillment
  • Product License Generation
  • Provision Customer Tenants (Prod/Dev)
  • Allocate license to customer tenants
  • Tenant initial configuraiton
  • Send customer notification with tenant detail
  • Welcome call (Handled by CSM)
External Paid Customers

CSD

IN USE

Incident ManagementRespond to Major Incident and follow established runbooks to quickly restore SaaS servicesWhen a service outage occurs in the cloud environment, intervene as soon as possible and restore the service as quickly as possible according to the existing ops runbook.External Paid Customers24x7

CSD

IN USE

Major Incident RCA Tracking & Customer NotificationRoot cause analysis for major incidents occurring in the Cloud environment. Work with the engineering team to develop corrective action & preventive actionExternal Paid Customers24x7

CSD

CLOUD RND

IN USE

+ +### Internal Cloud Services + +
CategorySerivce NameDescriptionAudienceService Request methodRelated DocumentsService Level TargetService OwnerStatus
Internal Cloud Service for product engineeringUplanned Production Change Service

This service is used to handle the current unplanned changes on Cloud production environments other than planned regular major version pgrade & patch deployment. According to the current practice, these actions include but are not limited to:

  • Emergency unplanned hotfix
  • Data change in production database (not included in patch/upgrade)
  • Unplanned configuration change in production application
  • Unplanned application K8S configuration change (Adjust pod number, pod size, yaml configuration etc.)
  • Unplanned WAF Change
  • etc.
Product EngineeringSubmit unplanned production change request via X4X

CSD

IN USE

Operational Document Review & Approval ServiceThis service is used to review and approve a variety of Ops documents submitted from the RnD TeamProduct EngineeringSubmit Ops doc

CSD

IN USE

Review & Approval for New ServiceThis process applies to all new cloud services introduced due to product upgrades, feature additions, or customer requirements. No service shall be made available to customers without prior approval from the Cloud Service Delivery team.Product EngineeringSubmit new service request form

CSD

IN USE

+ +**Related pages** + +- Page: + [ESM Cloud Farm Version Tracking](/display/ICSD/ESM+Cloud+Farm+Version+Tracking) +- Page: + [How to get an Opentext Confluence account](/display/ICSD/How+to+get+an+Opentext+Confluence+account) +- Page: + [ITOM APM AppPluse Cloud Farm Information](/display/ICSD/ITOM+APM+AppPluse+Cloud+Farm+Information) +- Page: + [ITOM Cloud Service Ops Doc Management Process](/display/ICSD/ITOM+Cloud+Service+Ops+Doc+Management+Process) +- Page: + [ITOM ESM Cloud Service Catalog](/display/ICSD/ITOM+ESM+Cloud+Service+Catalog) +- Page: + [ITOM OpsB NOM Cloud Service Catalog](/display/ICSD/ITOM+OpsB+NOM+Cloud+Service+Catalog) +- Page: + [OpsB and NOM Cloud Deployments Version Tracking](/display/ICSD/OpsB+and+NOM+Cloud+Deployments+Version+Tracking) diff --git a/knowledgebase/csd-wiki/ICSD/ITOM-RnD-Interlock-Meetings_686070427.md b/knowledgebase/csd-wiki/ICSD/ITOM-RnD-Interlock-Meetings_686070427.md new file mode 100644 index 00000000..cd2b2081 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/ITOM-RnD-Interlock-Meetings_686070427.md @@ -0,0 +1,2 @@ +# ITOM-RnD-Interlock-Meetings_686070427 +Created by , last modified on Jan 20, 2025 EST diff --git a/knowledgebase/csd-wiki/ICSD/ITOM-SaaS-Pain-Points_686083998.md b/knowledgebase/csd-wiki/ICSD/ITOM-SaaS-Pain-Points_686083998.md new file mode 100644 index 00000000..cd7f6fee --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/ITOM-SaaS-Pain-Points_686083998.md @@ -0,0 +1,68 @@ +# ITOM-SaaS-Pain-Points_686083998 +## Introduction + +This page presents all the pain points for SaaS delivery on the ITOM BU level. + +## Legends + +SMAX + +HCMX + +FINOPS + +OO + +OPS + +## Pain points + +- Process + - OPS Don’t wait until retro, we need a system that can record such inputs. +- Quality + - Recent system crashes caused by the new features. (Incident ID, Feature ID?) + - SMAX SMAX platform pod loads are not well balanced. (24.2 may fix it) + - It's not... + - SMAX nativeSACM consumes high resource usage, especially network. + - SMAX The SMAX still has OOTB index issues. + - SMAX Redis is the single point of failure and is not easy to debug. + - SMAX HCMX FINOPS OO Need more post upgrade tests. / CMS post upgrade issue is not acceptable + - SMAX SLT task is weekly (unplanned change is not submitted ) + - After 2024.1, CMS’s quality is not good. So many issues. +- SLA + - SMAX Missing monitoring metrics for CMS/Native SACM + - CMS not fully ready for auto-healing (rolling restart takes more than 1 minute) + - SMAX Missing correlations on several S1 / S2 alerts, for example, 5xx errors, and soft interrupts. + - 5xx errors: put errors into categories + - Soft interrupt: more metrics / diagnostics to get the detailed breakdown of the interrupt + - SMAX It is missing the overall throttling mechanism/rate limit which causes unexpected outages on the farm. + - 24.4? + - OO OO upgrade takes hours to finish, the OORAS pods can only be upgraded one after another. + - Solved in 24.3. +- Security + - OPS Missing the WAF rules rolling out, the farm is visited by malicious requests every day + - WIP + - OPS Major security KPI missing, including Qualys score, SIEM integration, etc. +- Compliance + - Missing the standard/certification for EU-managed +- Maintenance & Operation + - OPS Operation efforts increase when there are more farms, including upgrades, patches, etc (Automation rate is low.) + - OPS Monitoring need to be improved. More meaningful alerts, less false alert. + - Aligning the CPU alert threshold to 99.9%. + - OPS Troubleshooting takes lots of time. + - OPS Cannot always leverage Ops from other regions / how to grow up Ops from other regions + - OPS Too many threads, need all the members to do self-driven. + - OPS Need an option to better to utilize Shen Wei’s time + - SMAX Logging issue + - Accumulated logs cost more + - Too much logs slows down troubleshooting + - Too much log writing used up the network throughput + - OO The tenant import feature cannot handle integrations like nativeSACM and OO. + - SMAX OO Too many special settings to keep the system stable, and many of them can be lost during upgrade. +- Cost + - SMAX HCMX FINOPS OO When customer usage increases the resource doesn't increase linearly. + - SMAX HCMX FINOPS OO FinOps, SMAX, and OO consume lots of resources, CMS resource usage is OK + - The sizing of HCMX, OO are based on tenant number instead of usage. Usually for almost all the ESM farm, OO need to be medium profile ($65K/y) or even larger, which doesn't contribute any license revenue. + - FinOps cost is usually more than SMAX large profile ($113K/y) + - SMAX sizing is not helpful for medium or large sized customers. Usually the farm need to double or triple the resource required by sizing guide. + - There is no sizing guide for integration, including API integration, nativeSACM, etc. diff --git a/knowledgebase/csd-wiki/ICSD/Import-certificates-for-DND-resource-providers_688996312.md b/knowledgebase/csd-wiki/ICSD/Import-certificates-for-DND-resource-providers_688996312.md new file mode 100644 index 00000000..9e63beed --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/Import-certificates-for-DND-resource-providers_688996312.md @@ -0,0 +1,46 @@ +# Import-certificates-for-DND-resource-providers_688996312 +## Validating DND Resource Provider + +While creating or updating a provider, the following validations are performed + +- **For HTTPS connection -** Provider URL and SSL Certificate. The certificate should be in PEM format (base64). + +On successful validation, the provider is created. + +In case of validation failure, the following message is displayed. + +**The provider information you have entered couldn't be validated successfully. This is most likely due to an invalid/unreachable URL or an untrusted provider certificate. Continue anyway?** + +Select **No** to correct the values. Perform the following corrective steps - + +**For HTTPS connection** + +- Connect to control plane node and mount NFS volume on any directory (/mnt). Go to directory /mnt/..//certificate/cmp/source. Verify if SSL certificate is available in the directory. The certificate should be in PEM format (base64). +- If SSL certificate isn't present, perform the following steps. +- Obtain the SSL certificate from your provider. Connect to control plane node and copy the provider SSL certificate in the shared folder /certificate/cmp/source. + - Delete and restart pod using the following commands. + +**kubectl scale deployment itom-cmp-config-controller -n --replicas=0** + +**kubectl scale deployment itom-cmp-config-controller -n --replicas=1** + +**kubectl scale deployment itom-dnd-controller -n --replicas=0** + +**kubectl scale deployment itom-dnd-controller -n --replicas=1** + +**Related pages** + +- Page: + [ESM Cloud Farm Version Tracking](/display/ICSD/ESM+Cloud+Farm+Version+Tracking) +- Page: + [How to get an Opentext Confluence account](/display/ICSD/How+to+get+an+Opentext+Confluence+account) +- Page: + [ITOM APM AppPluse Cloud Farm Information](/display/ICSD/ITOM+APM+AppPluse+Cloud+Farm+Information) +- Page: + [ITOM Cloud Service Ops Doc Management Process](/display/ICSD/ITOM+Cloud+Service+Ops+Doc+Management+Process) +- Page: + [ITOM ESM Cloud Service Catalog](/display/ICSD/ITOM+ESM+Cloud+Service+Catalog) +- Page: + [ITOM OpsB NOM Cloud Service Catalog](/display/ICSD/ITOM+OpsB+NOM+Cloud+Service+Catalog) +- Page: + [OpsB and NOM Cloud Deployments Version Tracking](/display/ICSD/OpsB+and+NOM+Cloud+Deployments+Version+Tracking) diff --git a/knowledgebase/csd-wiki/ICSD/Incident-Management_686083927.md b/knowledgebase/csd-wiki/ICSD/Incident-Management_686083927.md new file mode 100644 index 00000000..38c63ef4 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/Incident-Management_686083927.md @@ -0,0 +1,16 @@ +# Incident-Management_686083927 +1. [ITOM Cloud Service Delivery](index.html) +2. [ITOM Cloud Service Delivery](ITOM-Cloud-Service-Delivery_681555087.html) +3. [💠3 - Operation & Maintenance](682933064.html) + +Created by, last modified by Wei Shen on Feb 12, 2025 EST + +- [ESM Emergency Change Process](ESM-Emergency-Change-Process_718140336.html) +- [ESM SaaS CSD Ops Coverage](ESM-SaaS-CSD-Ops-Coverage_718139964.html) +- [ESM Cloud Incident Tracking List](ESM-Cloud-Incident-Tracking-List_686083932.html) +- [Major Incident Definition](Major-Incident-Definition_691167040.html) +- [Major Incident Management Process](Major-Incident-Management-Process_686083938.html) + +Document generated by Confluence on Sep 15, 2025 22:25 EDT + +[Atlassian](https://www.atlassian.com/) diff --git a/knowledgebase/csd-wiki/ICSD/Innovation-and-incubation_686083965.md b/knowledgebase/csd-wiki/ICSD/Innovation-and-incubation_686083965.md new file mode 100644 index 00000000..a26f9cdb --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/Innovation-and-incubation_686083965.md @@ -0,0 +1,22 @@ +# Innovation-and-incubation_686083965 +Idea Pool + +| S.No | Category | Title | From | Active Owner | Comments | +| --- | --- | --- | --- | --- | --- | +| 1 | Operation Excellence | PG Index advisor (or SMAX Tuning advisor, an advisor to give your recommendations ) | Jacky.H | | | +| 2 | Product Excellence | AskSMAX (A chatbot to provide you responses on any SMAX issues.) | Jacky.H | | Covered by Aviator already? | +| 3 | Operation Excellence | Data archiver for PostgreSQL Database | Jacky.H | | | +| 4 | Operation Excellence | Kubernetes Traffic visualization | Jacky.H | | | +| 5 | Operation Excellence | **Patch all the farms or the farms being chosen with one click. E.g. Jenkins job** | **Jacky.H** | **[Sunny Xia](https://rndwiki.houston.softwaregrp.net/confluence/display/~sunny.xia@microfocus.com) ** | | +| 6 | Product Excellence | A more accurate suggested solution in SMAX/PCS | Jacky.H | | | +| 7 | Operation Excellence | SaaS Index tool: Help you to add farm level and tenant level index | Jacky.H | | Covered by feature already? | +| 8 | Operation Excellence | **Auto diagnostics - alert triggered diagnostics collection (e.g.: flamegraph & threaddump collection)** | **Jacky.H/Lingyan** | **[Wei Shen](https://rndwiki.houston.softwaregrp.net/confluence/display/~wei.shen2@microfocus.com) [Ting Ye](https://rndwiki.houston.softwaregrp.net/confluence/display/~ting.ye@microfocus.com) ** | Any critical issue will have a auto collection 1. Log 2. Thread dump 3. Worker sysctl log 4. Flamegraph? | +| 9 | Operation Excellence | Light-weighted log search tool for all the farms | Jacky.H | | If we need to feed the farm level log to log analytics tools like OpenSearch, in order to meet compliance requirements, we need to have multiple logging farms to be provisioned, this is not that cost efficiency. Then a light-weighted log search solution can be a good candidate for this. | +| 10 | Operation Excellence | **Aviator for Ops** | **Jacky.H** | **[Wenjun Sun](https://rndwiki.houston.softwaregrp.net/confluence/display/~wen-jun.sun@microfocus.com) [Wei Shen](https://rndwiki.houston.softwaregrp.net/confluence/display/~wei.shen2@microfocus.com) ** | Runbook, Playbook, Questionnaire | +| 11 | Operation Excellence | **SMAX4SMAX** | **Shen Wei ** | **[Ting Ye](https://rndwiki.houston.softwaregrp.net/confluence/display/~ting.ye@microfocus.com) [Ling-yan Meng](https://rndwiki.houston.softwaregrp.net/confluence/display/~lingyan.meng@microfocus.com) ** | Change management→ Operation | +| 12 | Operation Excellence | **Scheduled scaling** | **Jacky.H** | **[Yu Liu](https://rndwiki.houston.softwaregrp.net/confluence/display/~liu.yu@microfocus.com)** | Scaling based on schedules | +| 13 | Operation Excellence | **Notification automation - certificate / license expiration** | **Jacky.H** | **[Yun Zhao](https://rndwiki.houston.softwaregrp.net/confluence/display/~yun.zhao@microfocus.com) ** | Certificate / license monitoring → reporting → alerting | +| 14 | Operation Excellence | Notification automation - General solution | Jacky.H | | Using Generic notification to notify Ops and customer for various scenarios and manage it in an effective way. | +| 15 | Operation Excellence | Offering automation | Jacky.H / Shen Wei | | For example: if customer want to request for a specific offering like SMTP configuration (DKIM / SPF). | +| | | | | | | +| | | | | | | diff --git a/knowledgebase/csd-wiki/ICSD/Instrumenting-and-diagnostics_686083884.md b/knowledgebase/csd-wiki/ICSD/Instrumenting-and-diagnostics_686083884.md new file mode 100644 index 00000000..36c5502e --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/Instrumenting-and-diagnostics_686083884.md @@ -0,0 +1,8 @@ +# Instrumenting-and-diagnostics_686083884 +Created by on Jan 23, 2025 EST + +## Introduction + +When the basic monitoring cannot give you too much hints on current farm issue or outage, then you need more insights of the team, for example, instrumenting and diagnostics. + +This guide presents the guidelines for instrumenting and diagnostics. diff --git a/knowledgebase/csd-wiki/ICSD/Integrate-with-Power-BI-to-create-FinOps-reports_686065345.md b/knowledgebase/csd-wiki/ICSD/Integrate-with-Power-BI-to-create-FinOps-reports_686065345.md new file mode 100644 index 00000000..2f78bf03 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/Integrate-with-Power-BI-to-create-FinOps-reports_686065345.md @@ -0,0 +1,124 @@ +# Integrate-with-Power-BI-to-create-FinOps-reports_686065345 +## Introduction + +This topic describes the tasks that the SaaS Operations team should undertake to assist customers in generating FinOps reports using Power BI. + +To create reports using Power BI, customers will need the following services: + +- **Power BI Gateway**: A software that you can install and use in conjunction with Power BI Service. Power BI Gateway enables Power BI Service to connect to the underlying data that it can't access directly. Power BI Service, connected to Vertica through Power BI Gateway, gives access to data in Vertica and publishes them to Power BI Service. +- **Power BI Service**: A software as a service product for viewing and sharing data reports that customers build using Power BI Desktop. +- **Power BI Desktop**: A Windows desktop application for exploring data and building reports. Customers can publish Power BI Desktop reports to the web and share them with others via Power BI Service. + +The SaaS Operations team needs to complete the following steps related to Power BI Gateway: + +- Install the Microsoft Power BI Gateway on a Windows instance in the SaaS environment under the same VPC as Vertica Database Server +- Create a read-only user in Vertica +- Configure a resource pool for each tenant + +## Set up and configure Power BI Gateway + +This section describes the steps to install and configure Power BI Gateway. + +### Create a VM and install Power BI Gateway + +1. Create a Windows virtual machine in the AWS environment by following the instructions in [Launch an instance](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EC2_GetStarted.html). Note that: +- - The machine must be in the same VPC as the Vertica server, but in a private subnet that's different from the Vertica server. Don't expose this machine to a public network. + - The image must be 64-bit version of *Windows Server 2022 Base*. + - Recommended instance type: *t2.xlarge* + - When configuring Security Group, make sure you use these inbound ports: TCP 443, 5671, 5672, and from 9350 through 9354. All outbound traffic is allowed. For the source IP addresses for Power BI Service in your firewall, go to [Public Cloud](https://www.microsoft.com/download/details.aspx?id=56519), download the JSON file, and then search for **Power BI**. +1. Download the standard mode of the on-premises data gateway from the [Power BI downloads website](https://powerbi.microsoft.com/en-us/downloads/). +2. Run the downloaded file as the administrator and follow the prompts for installation. +3. Once installation is complete, start a sharing session with the customer and ask the customer to enter the **email address/account** details to register the gateway. This account will be used as the Power BI Gateway administrator. + Microsoft Login will prompt for additional authentication. Federation to customer corporate portal is also expected. The browser might ask you to add a website to the trusted sites zone. To reduce such prompts, you can choose to do so by clicking **Add**. + ![](https://staging.docs.microfocus.com/mediawiki/images/9/9d/PBIGateway_EnterEmail.png) +4. Register a new gateway on the computer. +5. Specify the gateway name and recovery key, and then click **Configure**. Also, note that you can change the region that connects the gateway to cloud services. +6. Once registered, you will get a message indicating that the installation is successful. + ![](attachments/686065345/686065335.png) + +### Harden the communication between Vertica and Power BI Gateway + +1. Log in to the bastion node. +2. Run the following command to retrieve the certificate: + `helm get values opsb ` `-n` `opsb | sed ` `-n` `'/vertica-ca.crt:/,/-----END CERTIFICATE-----/p'` `|grep ` `-v` `vertica` `-ca``.crt: | sed ` `'s/^ //g'` `> /tmp/vertica_ca.crt` +3. Move the certificate from the **tmp** directory in the bastion node to the Power BI Gateway server. +4. Log in to the Power BI Gateway server. +5. Go to Windows Start and search for **mmc** to execute it. +6. Go to **File** > **Add/Remove Snap-in**. +7. Select **Certificates** and click **Add**. +8. Select **Computer account** and click **Next**. +9. Click **Finish**. +10. Use **Find certificate** to make sure the **[saas.ca@xxx.com](mailto:saas.ca@xxx.com)** certificate is displayed + +### Create a read-only user in Vertica + +Tenant-specific DB users should have access to only tenant-specific schemas. Permissions given to tenant-specific DB users should follow the principle of least privilege. To see the views and create the dataflows in Power BI Service, you'll need to create a read-only user in Vertica. To do this, run the following script in the Vertica database as the Vertica dbadmin (check the **itom-cgro\_vertica\_db\_username** field in [t](https://rndwiki.houston.softwaregrp.net/confluence/download/attachments/1278251375/db-cmp.yaml?version=1&modificationDate=1700643383000&api=v2) he database-configmap. See the *How to get the fields* section at the bottom of this page): + +`# ` `first` `revoke` `and` `restrict` `public` `access` +`SELECT` `RESTRICT_SYSTEM_TABLES_ACCESS();` +`# Filter ` `all` `system tables so that non DB admin users can ` `only` `view` `details about themselves.` +`ALTER` `DATABASE` `DEFAULT` `SET` `DoUserSpecificFilteringInSysTables = 1;` +`# ` `grant` `select` `on` `all_tables ` `as` `it ` `is` `required ` `to` `get list ` `of` `tables using metadata API ` `in` `driver. This allows ` `user` `to` `see ` `all` `the ` `table` `names even if the ` `user` `has ` `no` `access ` `to` `it.` +`GRANT` `SELECT` `ON` `v_catalog.all_tables ` `TO` `PUBLIC``;` +`# ` `then` `for` `each tenant need ` `to` `create` `read` `-` `only` `user` +`CREATE` `USER` `QUERY_DB_USER_ IDENTIFIED ` `BY` `<` `password` `>;` +`GRANT` `USAGE ` `ON` `SCHEMA` `awsc ` `TO` `QUERY_DB_USER_;` +`GRANT` `USAGE ` `ON` `SCHEMA` `azurec ` `TO` `QUERY_DB_USER_;` +`# ` `set` `search path ` `and` `provide ` `grant` `permissions ` `for` `schema` `/tables` +`ALTER` `USER` `QUERY_DB_USER_ SEARCH_PATH awsc, azurec;` +`GRANT` `SELECT` `ON` `awsc. ` `TO` `QUERY_DB_USER_;` + +`GRANT` `SELECT` `ON` `azurec. ` `TO` `QUERY_DB_USER_;` + +- tenant: The tenant ID. +- password: The password of the read-only user. +- views to expose: The [OOTB views](https://docs.microfocus.com/doc/ESM/SaaS/BYOBI#OOTB_views) that the read-only user can have access to. For example: + `GRANT SELECT on awsc464797303.CLOUD_AWS_CUR_BILLING_BD_1D,` + `awsc464797303.CLOUD_AWS_CUR_BILLING_BD_1M,` + `awsc464797303.CLOUD_AWS_CUR_BILLING_BD_1Q,` + `awsc464797303.CLOUD_AWS_CUR_BILLING_BD_1Y,` + `awsc464797303.CLOUD_AWS_CUR_BILLING_RAW,` + `awsc464797303.CLOUD_AWS_CUR_BILLING_UD_1D,` + `awsc464797303.CLOUD_AWS_CUR_BILLING_UD_1M,` + `awsc464797303.CLOUD_AWS_CUR_BILLING_UD_1Q,` + `awsc464797303.CLOUD_AWS_CUR_BILLING_UD_1Y,` + `awsc464797303.CLOUD_AWS_CUR_USAGE_METRICS_1M TO QUERY_DB_USER_464797303;` + `GRANT SELECT ON azurec464797303.CLOUD_AZURE_CM_BILLING_1D,` + `azurec464797303.CLOUD_AZURE_CM_BILLING_1M,` + `azurec464797303.CLOUD_AZURE_CM_BILLING_1Q,` + `azurec464797303.CLOUD_AZURE_CM_BILLING_1Y,` + `azurec464797303.CLOUD_AZURE_CM_BILLING_RAW,` + `azurec464797303.CLOUD_AZURE_CM_USAGE_METRICS_1M TO QUERY_DB_USER_464797303;` + +### Configure the resource pool + +Tenant-specific applications should run queries within tenant-specific resource pools. For each tenant, you'll need to configure one resource pool. To do this, run the following script in the Vertica database as the Vertica admin: + +`# ` `Not` `reserving memory but capping the memory use. maxsize= 20% ` `in` `BYOBI use ` `case` +`CREATE` `RESOURCE POOL QUERY_SERVICE_RESOURCE_POOL_ MAXMEMORYSIZE ` `''``;  ` +`GRANT` `USAGE ` `ON` `RESOURCE POOL QUERY_SERVICE_RESOURCE_POOL_ ` `TO` `QUERY_DB_USER_;` +`ALTER` `USER` `QUERY_DB_USER_ RESOURCE POOL QUERY_SERVICE_RESOURCE_POOL_;` +`ALTER` `USER` `QUERY_DB_USER_ MAXCONNECTIONS 20;` + +### Use Power BI Service to create Dataflows + +When the customer is using Power BI Service to create dataflows, the Cloud Ops team needs to provide the customer with the following Vertica connection settings and credentials: + +![](attachments/686065345/686065337.png) + +| Field | Description | Provided by Cloud Ops | +| --- | --- | --- | +| Server | The Vertica host name. | Yes | +| Database | The Vertica database. | Yes | +| Connection | Select **Create new connection** to create and establish a new connection to the data source or select an existing connection if you've connected before. | No | +| Connection name | Enter a descriptive name for the new connection. | No | +| Data gateway | Select the Power BI gateway installed for creating FinOps reports. | No | +| Authentication kind | Basic | No | +| Username | The name of the read-only user. | Yes | +| Password | The password of the read-only user | Yes | + +#### How to get the fields + +You can find the vertica database information in the database-configmap. To do this, run the following command to find required info. For example, db host key (itom-cgro\_vertica\_db\_host) and db name key (itom\_cgro\_vertica\_db\_name). + +`kubectl edit configmap database-configmap -n {hcmx-namespace}` diff --git a/knowledgebase/csd-wiki/ICSD/Isolate-ucmdbserver-and-ucmdbbrowser-pods-in-different-worker-nodes_688996319.md b/knowledgebase/csd-wiki/ICSD/Isolate-ucmdbserver-and-ucmdbbrowser-pods-in-different-worker-nodes_688996319.md new file mode 100644 index 00000000..06feb295 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/Isolate-ucmdbserver-and-ucmdbbrowser-pods-in-different-worker-nodes_688996319.md @@ -0,0 +1,84 @@ +# Isolate-ucmdbserver-and-ucmdbbrowser-pods-in-different-worker-nodes_688996319 +In some SaaS farms, we noticed sometimes ucmdbserver and ucmdbbroser pods would be distributed into 1 worker node by K8S automatically, while it increased the risk to re-located ucmdb server / browser to another worker node when customer do some high memory consumption operations in ucmdb server/browser like schedule reports and cause server/browser restart. This runbook is a configuration guide how to isolate server and browser pods in different worker nodes to prevent the restart by following below steps: + +Note: this configuration has downtime to UCMDB server and browser pods!!! Please plan it in non business hours. + +1\. edit UCMDB statefulset +**kubectl edit statefulset itom-ucmdb -n ** +2\. Add the block **requiredDuringSchedulingIgnoredDuringExecution** to spec.template.spec.affinity.podAntiAffinity of statefulset itom-ucmdb as following +affinity: +podAntiAffinity: +preferredDuringSchedulingIgnoredDuringExecution: +\- podAffinityTerm: +labelSelector: +matchExpressions: +\- key: [app.kubernetes.io/name](http://app.kubernetes.io/name) +operator: In +values: +\- ucmdbserver +topologyKey: [kubernetes.io/hostname](http://kubernetes.io/hostname) +weight: 100 +\- podAffinityTerm: +labelSelector: +matchExpressions: +\- key: workLoad +operator: In +values: +\- ExtraHigh +topologyKey: [kubernetes.io/hostname](http://kubernetes.io/hostname) +weight: 100 +requiredDuringSchedulingIgnoredDuringExecution: +\- labelSelector: +matchExpressions: +\- key: app +operator: In +values: +\- ucmdbserver +topologyKey: [kubernetes.io/hostname](http://kubernetes.io/hostname) +\- labelSelector: +matchExpressions: +\- key: app +operator: In +values: +\- ucmdbbrowser +topologyKey: [kubernetes.io/hostname](http://kubernetes.io/hostname) +3\. edit UCMDB Browser deployment +**kubectl edit deployment itom-ucmdb-browser -n ** +4\. Add the block **requiredDuringSchedulingIgnoredDuringExecution** to spec.template.spec.affinity.podAntiAffinity of deployment itom-ucmdb-browser as following +affinity: +podAntiAffinity: +preferredDuringSchedulingIgnoredDuringExecution: +\- podAffinityTerm: +labelSelector: +matchExpressions: +\- key: [app.kubernetes.io/name](http://app.kubernetes.io/name) +operator: In +values: +\- ucmdbbrowser +topologyKey: [kubernetes.io/hostname](http://kubernetes.io/hostname) +weight: 100 +requiredDuringSchedulingIgnoredDuringExecution: +\- labelSelector: +matchExpressions: +\- key: app +operator: In +values: +\- ucmdbserver +topologyKey: [kubernetes.io/hostname](http://kubernetes.io/hostname) + +**Related pages** + +- Page: + [ESM Cloud Farm Version Tracking](/display/ICSD/ESM+Cloud+Farm+Version+Tracking) +- Page: + [How to get an Opentext Confluence account](/display/ICSD/How+to+get+an+Opentext+Confluence+account) +- Page: + [ITOM APM AppPluse Cloud Farm Information](/display/ICSD/ITOM+APM+AppPluse+Cloud+Farm+Information) +- Page: + [ITOM Cloud Service Ops Doc Management Process](/display/ICSD/ITOM+Cloud+Service+Ops+Doc+Management+Process) +- Page: + [ITOM ESM Cloud Service Catalog](/display/ICSD/ITOM+ESM+Cloud+Service+Catalog) +- Page: + [ITOM OpsB NOM Cloud Service Catalog](/display/ICSD/ITOM+OpsB+NOM+Cloud+Service+Catalog) +- Page: + [OpsB and NOM Cloud Deployments Version Tracking](/display/ICSD/OpsB+and+NOM+Cloud+Deployments+Version+Tracking) diff --git a/knowledgebase/csd-wiki/ICSD/Issues-list-per-release_696536522.md b/knowledgebase/csd-wiki/ICSD/Issues-list-per-release_696536522.md new file mode 100644 index 00000000..729a05fe --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/Issues-list-per-release_696536522.md @@ -0,0 +1,12 @@ +# Issues-list-per-release_696536522 +1. [ITOM Cloud Service Delivery](index.html) +2. [ITOM Cloud Service Delivery](ITOM-Cloud-Service-Delivery_681555087.html) +3. [💠3 - Operation & Maintenance](682933064.html) +4. [Upgrade ESM](Upgrade-ESM_706819674.html) +5. [Product Version Upgrade](Product-Version-Upgrade_686083990.html) + +Created by on Apr 07, 2025 EDT + +Document generated by Confluence on Sep 15, 2025 22:27 EDT + +[Atlassian](https://www.atlassian.com/) diff --git a/knowledgebase/csd-wiki/ICSD/Limit-data-in-thread-to-1-for-probe-sending-results-on-SaaS_688996331.md b/knowledgebase/csd-wiki/ICSD/Limit-data-in-thread-to-1-for-probe-sending-results-on-SaaS_688996331.md new file mode 100644 index 00000000..3a82709b --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/Limit-data-in-thread-to-1-for-probe-sending-results-on-SaaS_688996331.md @@ -0,0 +1,35 @@ +# Limit-data-in-thread-to-1-for-probe-sending-results-on-SaaS_688996331 +## Background + +- From the multi-customer data-in performance testing result, we learnt that the best practice is to expose only 1 data-in thread for probe sending results for each customer on SaaS. While for on-premises deployments, there's no need to limit the data-in threads, and we can't have 2 different values for the same setting for both on-premises and SaaS deployments, so we need to manually modify the data-in threads value to keep only 1 thread for probe sending results on SaaS. +- Related settings + - **[global.thread.limit.com](http://global.thread.limit.com/).hp.ucmdb.reconciliation.datain.manager.DataInManagerFactory** (total data-in threads at global level) + - **appilog.collectors.ResultProcessingThreadsNumber** (Percentage of threads for probe sending results at global level) +- Data-in threads for probe sending results = total data-in threads \* Percentage of threads for probe sending results + +## Persona + +SaaS Operations Team + +## Prerequirest + +SaaS CMS is on 2022.11 or later + +## Steps + +1. Access JMX Console as provider customer admin: **https:///jmx-console** +2. Locate and invoke the **setGlobalSettingValue** JMX method with the following parameters values: + | Parameter | Value | + | --- | --- | + | **name** | **[global.thread.limit.com](http://global.thread.limit.com/).hp.ucmdb.reconciliation.datain.manager.DataInManagerFactory** | + | **value** | **2** | + + **Important:** To limit data-in thread to 1 for probe sending results purpose only, we need to enter **2** here, as another thread is a reserved one. +3. Locate and invoke the **showSettingsByCategory** JMX method to verify the value of **[global.thread.limit.com](http://global.thread.limit.com/).hp.ucmdb.reconciliation.datain.manager.DataInManagerFactory** changes to **2.** +4. Locate and invoke the **setGlobalSettingValue** JMX method with the following parameters values: + | Parameter | Value | + | --- | --- | + | **name** | **appilog.collectors.ResultProcessingThreadsNumber** | + | **value** | **50** (in percentage) **Note:** This value indicates percentage of total threads for probe result sending purpose. In this case, 50 is 50% of the total threads (2 in our case), that is, we have 1 thread only for probe result sending purpose. | +5. Locate and invoke the **showSettingsByCategory** JMX method to verify the value of **appilog.collectors.ResultProcessingThreadsNumber** changes to **50.** +6. Restart UCMDB Server for the two settings to take effect. diff --git a/knowledgebase/csd-wiki/ICSD/List-of-Runbooks_700163214.md b/knowledgebase/csd-wiki/ICSD/List-of-Runbooks_700163214.md new file mode 100644 index 00000000..441b04bf --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/List-of-Runbooks_700163214.md @@ -0,0 +1,52 @@ +# List-of-Runbooks_700163214 +| S.No | RunBook List | Priority (Need to be reviewed) | Current Doc Author/Owner | New Owner | Comments | +| --- | --- | --- | --- | --- | --- | +| | [\[SaaS\]AWS KMS key moving from AWS managed to OT managed (ESM, UCMDB, OO and Audit) - ITOM Cloud Service Delivery - Confluence OpenText](https://confluence.opentext.com/pages/viewpage.action?pageId=688982666) | | Li-Wen Yang Tao Zhong Mu-Dan Wang | ?? | We have implemented this feature on the existing EU28 (EU-managed farm) We will keep using it for any new farm construction based on the latest ESM version, so keep this doc up-to-date is required. We have 2 new farms construction is currently in CSD team's backlog | +| | [Change SMAX/Aduit KMS to the customer managed key for EFS file system and RDS - ITOM Cloud Service Delivery - Confluence OpenText](https://confluence.opentext.com/pages/viewpage.action?pageId=688982746) | | Li-Wen Yang Mu-Dan Wang Pradeep Kumar | ?? | Same reason as above | +| | [Change the OO customer managed key for EFS file system and RDS - ITOM Cloud Service Delivery - Confluence OpenText](https://confluence.opentext.com/display/ICSD/Change+the+OO+customer+managed+key+for+EFS+file+system+and+RDS) | | Calina Alexandra Zaharia Andrei Pop | FireFighters Team | Same reason as above | +| | [UCMDB/UD AWS KMS key moving from AWS managed to OT managed - ITOM Cloud Service Delivery - Confluence OpenText](https://confluence.opentext.com/pages/viewpage.action?pageId=688983013) | | No Owner | | | +| | [Automation Center: Capability enablement and tenant management - ITOM Cloud Service Delivery - Confluence OpenText](https://confluence.opentext.com/display/ICSD/Automation+Center%3A+Capability+enablement+and+tenant+management) | | [atruta@opentext.com](mailto:atruta@opentext.com) | Bravo Team | The current tenant enablement method for AC tenants differs from the one for other ESM capabilities. AC, in particular, uses scripts provided by R&D to achieve this. What we need more is to enable tenants through the API. This part indeed needs to be updated according to the version updates. | +| | [Centralized User Authentication with OIDC and IDM (OP AS OIDC PROVIDER) - ITOM Cloud Service Delivery - Confluence OpenText](https://confluence.opentext.com/pages/viewpage.action?pageId=686073608) | LOW | Steve Berube | Monet Team | | +| | [Centralized User Authentication with OIDC and IDM (SMAX AS OIDC PROVIDER) - ITOM Cloud Service Delivery - Confluence OpenText](https://confluence.opentext.com/pages/viewpage.action?pageId=686073659) | LOW | Steve Berube | Monet Team | | +| | [Check isolated tenants per farm - ITOM Cloud Service Delivery - Confluence OpenText](https://confluence.opentext.com/display/ICSD/Check+isolated+tenants+per+farm) | LOW | [Sunny Xia](https://confluence.opentext.com/display/~sxia2) | ?? | Owned by CSD | +| | [Clean up CMS log files - ITOM Cloud Service Delivery - Confluence OpenText](https://confluence.opentext.com/display/ICSD/Clean+up+CMS+log+files) | LOW | Xiaofang 'Monica' Huang | Check with Diana [Diana Pop](https://confluence.opentext.com/display/~dpop) | | +| | [Collect customer owned SMAX OPB Agent information and check status - ITOM Cloud Service Delivery - Confluence OpenText](https://confluence.opentext.com/display/ICSD/Collect+customer+owned+SMAX+OPB+Agent+information+and+check+status) | LOW | [Wei Shen](https://confluence.opentext.com/display/~wshen) | ?? | | +| | [Configure custom SMTP for UCMDB - ITOM Cloud Service Delivery - Confluence OpenText](https://confluence.opentext.com/display/ICSD/Configure+custom+SMTP+for+UCMDB) | MEDIUM | [Ting Ye](https://confluence.opentext.com/display/~tye) | Check with Diana [Diana Pop](https://confluence.opentext.com/display/~dpop) | | +| | [Configure logging mode (Synchronous or Asynchronous) - ITOM Cloud Service Delivery - Confluence OpenText](https://confluence.opentext.com/pages/viewpage.action?pageId=686073798) | LOW | Polly Chen | ?? | | +| | [Content Pack cleanup for SaaS farms - ITOM Cloud Service Delivery - Confluence OpenText](https://confluence.opentext.com/display/ICSD/Content+Pack+cleanup+for+SaaS+farms) | LOW | [bmuresan@opentext.com](mailto:bmuresan@opentext.com) | ?? | | +| | [Disable/Enable Gateway Service/Access Log (non-helm) - ITOM Cloud Service Delivery - Confluence OpenText](https://confluence.opentext.com/pages/viewpage.action?pageId=686073835) | LOW | Rui Zhang | ?? | | +| | [Disable/Enable the platform service/access log (non-helm) - ITOM Cloud Service Delivery - Confluence OpenText](https://confluence.opentext.com/pages/viewpage.action?pageId=686073862) | LOW | Wei Zhenkun Chongtian Ding | | | +| | [Disable Native SACM manually - ITOM Cloud Service Delivery - Confluence OpenText](https://confluence.opentext.com/display/ICSD/Disable+Native+SACM+manually) | | Wen-Si Li | Check with Diana [Diana Pop](https://confluence.opentext.com/display/~dpop) | Recently we got several cases from customer to request disable Native SACM feature, it's not an officially support, so better to certify it version by version | +| | [Toggle plaftform offline NG for Native SACM - ITOM Cloud Service Delivery - Confluence OpenText](https://confluence.opentext.com/display/ICSD/Toggle+plaftform+offline+NG+for+Native+SACM) | LOW | No Owner | Check with Diana [Diana Pop](https://confluence.opentext.com/display/~dpop) | | +| | [Disable NSACM and enhance CI lifecycle in SaaS - ITOM Cloud Service Delivery - Confluence OpenText](https://confluence.opentext.com/display/ICSD/Disable+NSACM+and+enhance+CI+lifecycle+in+SaaS) | | No Owner | Check with Diana [Diana Pop](https://confluence.opentext.com/display/~dpop) | | +| | [How to change Native SACM Notification Throttling - ITOM Cloud Service Delivery - Confluence OpenText](https://confluence.opentext.com/display/ICSD/How+to+change+Native+SACM+Notification+Throttling) | LOW | [Ting Ye](https://confluence.opentext.com/display/~tye) | Check with Diana [Diana Pop](https://confluence.opentext.com/display/~dpop) | | +| | [How to generate flame graph for specific container - ITOM Cloud Service Delivery - Confluence OpenText](https://confluence.opentext.com/display/ICSD/How+to+generate+flame+graph+for+specific+container) | LOW | No Owner | ?? | | +| | [How to link "Help" to ESM SaaS Doc Portal - ITOM Cloud Service Delivery - Confluence OpenText](https://confluence.opentext.com/pages/viewpage.action?pageId=686074211) | LOW | [Wei Shen](https://confluence.opentext.com/display/~wshen) | NA | Owned by CSD | +| | [How to replace bastion with Rocky Linux - ITOM Cloud Service Delivery - Confluence OpenText](https://confluence.opentext.com/display/ICSD/How+to+replace+bastion+with+Rocky+Linux) | LOW | [Yu Liu](https://rndwiki.houston.softwaregrp.net/confluence/display/~liu.yu@microfocus.com) | NA | Owned by CSD | +| | [Aviator widget on-boarding tasks for OpsB - ITOM Cloud Service Delivery - Confluence OpenText](https://confluence.opentext.com/display/ICSD/Aviator+widget+on-boarding+tasks+for+OpsB) | | [aweber2@opentext.com](mailto:aweber2@opentext.com) [mjing@opentext.com](mailto:mjing@opentext.com) | Aqua Team | The owner should be OpsB R&D team This document needs to be updated release by release, in particular, it includes "golden tenant content" from the OpsB side, which need to be updated to existing SMAX tenant which enables for ITOM Aviator Widget for the OpsB instance. | +| | [Aviator widget on-boarding tasks for UCMDB - ITOM Cloud Service Delivery - Confluence OpenText](https://confluence.opentext.com/display/ICSD/Aviator+widget+on-boarding+tasks+for+UCMDB) | MEDIUM | Zheng-Rong (Rita) Ni | Aqua Team | Important about UCMDB to enable ITOM Aviator widget. It's newly created. We have implemented automation to cover this part | +| | [How to disable Aviator - ITOM Cloud Service Delivery - Confluence OpenText](https://confluence.opentext.com/display/ICSD/How+to+disable+Aviator) | MEDIUM | Maofeng Jing | Rosetta Team | Important! We're working to remove all deperated trial/poc tenant data from Aviator | +| | [Guide for index external websites into Aviator with IDOL web connector - ITOM Cloud Service Delivery - Confluence OpenText](https://confluence.opentext.com/display/ICSD/Guide+for+index+external+websites+into+Aviator+with+IDOL+web+connector) | LOW | [Wenjun Sun](https://confluence.opentext.com/display/~wsun2) | Rosetta Team | | +| | [How to debug in Milvus - ITOM Cloud Service Delivery - Confluence OpenText](https://confluence.opentext.com/display/ICSD/How+to+debug+in+Milvus) | LOW | [Yu Liu](https://confluence.opentext.com/display/~yliu5) | Rosetta Team | | +| | [How to reload Milvus collections for Aviator - ITOM Cloud Service Delivery - Confluence OpenText](https://confluence.opentext.com/display/ICSD/How+to+reload+Milvus+collections+for+Aviator) | LOW | Ming-Xian Li | Rosetta Team | | +| | [Configure UIS - ITOM Cloud Service Delivery - Confluence OpenText](https://confluence.opentext.com/display/ICSD/Configure+UIS) | | He Gui | Dolphin Team | Part of OP UIS configuration, not sure if any changes with the latest version | +| | [Enable Optic Data Lake - ITOM Cloud Service Delivery - Confluence OpenText](https://confluence.opentext.com/display/ICSD/Enable+Optic+Data+Lake) | | Chandan M C | Chandan M C | | +| | [Enable Optic Data Lake Preparation - ITOM Cloud Service Delivery - Confluence OpenText](https://confluence.opentext.com/display/ICSD/Enable+Optic+Data+Lake+Preparation) | | Chandan M C | Chandan M C | | +| | [Mass Update – Reusable Integration Studio Scenario - ITOM Cloud Service Delivery - Confluence OpenText](https://confluence.opentext.com/pages/viewpage.action?pageId=686074253) | LOW | [Wei Shen](https://confluence.opentext.com/display/~wshen) | | | +| | [Request access to AWS account from IGA portal - ITOM Cloud Service Delivery - Confluence OpenText](https://confluence.opentext.com/display/ICSD/Request+access+to+AWS+account+from+IGA+portal) | LOW | [Yu Liu](https://confluence.opentext.com/display/~yliu5) | NA | Owned by CSD | +| | [SaaS Change UPN Script Runbook - ITOM Cloud Service Delivery - Confluence OpenText](https://confluence.opentext.com/display/ICSD/SaaS+Change+UPN+Script+Runbook) | | Rui Zhang | Monet Team | Customer-driven project, the customer will pay additional for such a project. So better to support it version by version. | +| | [SMAX - Enable Pendo for SMAX tenant - ITOM Cloud Service Delivery - Confluence OpenText](https://confluence.opentext.com/display/ICSD/SMAX+-+Enable+Pendo+for+SMAX+tenant) | LOW | [Rui 'Henrry' Han](https://confluence.opentext.com/display/~rhan2) | | | + +| S.No | Workaround items | Priority (Need to be reviewed) | Current Doc Author/Owner | New Owner | Comments | +| --- | --- | --- | --- | --- | --- | +| | [(23.4.P1) Disable the platform access and service log on EU8 for farm stabilization - ITOM Cloud Service Delivery - Confluence OpenText](https://confluence.opentext.com/display/ICSD/%2823.4.P1%29+Disable+the+platform+access+and+service+log+on+EU8+for+farm+stabilization) | | Wei Zhenkun Chongtian Ding | | | +| | [(JP12) Enhance search accuracy of Japanese content - ITOM Cloud Service Delivery - Confluence OpenText](https://confluence.opentext.com/display/ICSD/%28JP12%29+Enhance+search+accuracy+of+Japanese+content) | | Li-Ping Sun Wei Zhenkun | | | +| | [Change TimeWindow Interval via JMX or configmap - ITOM Cloud Service Delivery - Confluence OpenText](https://confluence.opentext.com/display/ICSD/Change+TimeWindow+Interval+via+JMX+or+configmap) | | Jimmy Ji | | | +| | [Disable the gateway service log for farm stabilization - ITOM Cloud Service Delivery - Confluence OpenText](https://confluence.opentext.com/display/ICSD/Disable+the+gateway+service+log+for+farm+stabilization) | | Rui Zhang | | | +| | [Disable the platform access logs and most of service logs on EU8 for farm stabilization - ITOM Cloud Service Delivery - Confluence OpenText](https://confluence.opentext.com/display/ICSD/Disable+the+platform+access+logs+and+most+of+service+logs+on+EU8+for+farm+stabilization) | | Wei Zhenkun | | | +| | [How to check native SACM notificaiton queue in SaaS - ITOM Cloud Service Delivery - Confluence OpenText](https://confluence.opentext.com/display/ICSD/How+to+check+native+SACM+notificaiton+queue+in+SaaS) | | Alex Song | | | +| | [How to fix broken SLT data via Python script - ITOM Cloud Service Delivery - Confluence OpenText](https://confluence.opentext.com/display/ICSD/How+to+fix+broken+SLT+data+via+Python+script) | | [JiaJie Qian](https://confluence.opentext.com/display/~jqian2) [Chandan M C](https://confluence.opentext.com/display/~cmc) | [Chandan M C](https://confluence.opentext.com/display/~cmc) | | +| | [NGarm=2 for Japanese language in IDOL contents - ITOM Cloud Service Delivery - Confluence OpenText](https://confluence.opentext.com/display/ICSD/NGarm%3D2+for+Japanese+language+in+IDOL+contents) | | Wei Zhenkun | | | +| | [Optimize the IDOL archive queue for EU8 - ITOM Cloud Service Delivery - Confluence OpenText](https://confluence.opentext.com/display/ICSD/Optimize+the+IDOL+archive+queue+for+EU8) | | Li-Ping Sun Wei Zhenkun | | | +| | | | | | | +| | | | | | | diff --git a/knowledgebase/csd-wiki/ICSD/Major-Incident-Customer-Communication-Template_686083948.md b/knowledgebase/csd-wiki/ICSD/Major-Incident-Customer-Communication-Template_686083948.md new file mode 100644 index 00000000..08503f3e --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/Major-Incident-Customer-Communication-Template_686083948.md @@ -0,0 +1,36 @@ +# Major-Incident-Customer-Communication-Template_686083948 +### First Communication when incident happens + +**Symptoms** + +We regret to inform you that our ** service is currently experiencing **. Our technical team is aware of the issue and is working diligently to resolve it as soon as possible. + +We understand the inconvenience this may be causing you and we apologize for any frustration this may have caused. Our team is working around the clock to get the service back up and running. + +We will keep you updated on the progress of the investigation. + +**Impact** + +** service is currently unavailable + +### Updated communication when incident resolved + +**Start Date/Time:** + +** + +**End Date/Time:** + +** + +**Symptoms:** + +**Resolution:** + +Once the issue was recognized, the Cloud Service team took actions to **, we did... + +**Root cause analysis:** + +After an investigation by the RnD teams it was concluded that ** + +Our team is alos working to identify the underlying issue to prevent any similar incidents from happening in the future. diff --git a/knowledgebase/csd-wiki/ICSD/Major-Incident-Definition_691167040.md b/knowledgebase/csd-wiki/ICSD/Major-Incident-Definition_691167040.md new file mode 100644 index 00000000..3196543b --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/Major-Incident-Definition_691167040.md @@ -0,0 +1,112 @@ +# Major-Incident-Definition_691167040 +## Introduction + +A **Major Incident** in a SaaS Cloud Application is a high-severity issue that causes **significant disruption to business operations**, affecting a large number of customers or critical systems, and requires an **immediate, coordinated response** from multiple teams to restore normal service. + +A Major Incident ranked at the **highest level (Severity 1, P1, or Critical Incident depending on the classification system)** is characterized by the following: + +## Business Impact + +- **Total Service Outage** – The SaaS application is **completely unavailable** to all customers or a major customer base. +- **Critical Feature Failure** – A core function (e.g., authentication, database, or payment processing) is **broken across multiple tenants** or key customers. +- **Data Corruption/Loss** – A major data integrity issue affecting customer operations, such as **mass data corruption, accidental deletion without recovery options, or exposure of sensitive data**. +- **Security Breach** – A confirmed **security compromise** such as ransomware, unauthorized access to customer data, or major vulnerabilities actively exploited. +- **Regulatory/Compliance Violation Risk** – A failure causing **non-compliance** with FedRAMP, GDPR, SOC 2, HIPAA, or other critical industry regulations, leading to potential fines or penalties. +- **High-Impact SLA Breach** – Downtime or service degradation exceeding agreed-upon **Service Level Agreements (SLAs)** for critical customers or government agencies. + +## Examples of a Major Incident + +### Complete Service Outage: + +- The SaaS platform is down across all regions, preventing any customers from logging in or using the system. +- DNS failure or major cloud provider outage (e.g., AWS, GCP, Azure regional failure) causing widespread service disruption. + +### Authentication Failure: + +- **All users** are unable to log in due to a failure in **OAuth, SAML, or identity provider integration**. +- Critical authentication service (e.g., **AWS Cognito, Azure AD**) is down across multiple tenants. + +### Database and Storage Issues: + +- **RDS/Database cluster failure** leading to complete **data unavailability** for all tenants. +- Accidental **data corruption due to a failed deployment or upgrade** impacting production databases. +- **S3 or Blob Storage outage** causing loss of access to customer files. + +### Security Incidents: + +- **A security breach where customer data is exposed** (e.g., public bucket exposure, unintentional data sharing between tenants). +- **A ransomware attack or malicious insider threat** affecting production systems. +- **Unauthorized access to admin credentials** allowing potential tampering with customer data. + +### Performance Degradation at Scale: + +- API response times degrade **from milliseconds to seconds or minutes**, impacting business operations for all customers. +- **Message queue backlog (e.g., AWS SQS, Kafka, Pub/Sub) causes event processing delays** affecting order processing, billing, or notifications. + +### Failed Upgrades or Deployments Causing Outages: + +- A **failed software update causes production to crash**, requiring emergency rollback with downtime. +- A **misconfigured Kubernetes deployment** results in **service scaling failure or pod eviction**, causing widespread app unavailability. + +## Criteria for Declaring a Highest-Level Major Incident + +| **Criteria** | **Description** | +| --- | --- | +| **Scope** | Affects **multiple tenants/customers**, critical services, or the entire SaaS platform. | +| **Business Criticality** | Prevents business operations for customers, causing severe financial or reputational impact. | +| **Resolution Time** | Requires **immediate** response, often with an **SLA of 15-30 minutes for acknowledgment and rapid mitigation**. | +| **Workload Impact** | Requires **cross-team collaboration**, including **Cloud Ops, DevOps, Security, and Support**. | +| **Regulatory Compliance** | Poses a risk to **legal, security, or compliance obligations**. | + +## Incident Response Process for a Major Incident + +### A. Immediate Actions (0-15 min) + +✅ **Automated Monitoring Alerts** detect the issue and trigger an **incident response workflow**. +✅ **Incident Commander Assigned** from Cloud Ops or DevOps team. +✅ **Major Incident Bridge Opened** for real-time coordination with engineers, support, and security teams. +✅ **Customer Communication** – Status Page, email, or in-app alerts informing users of the issue. + +### B. Investigation & Mitigation (15-60 min) + +✅ **Root Cause Analysis (RCA) Begins** – Logs, traces, and error reports analyzed. +✅ **Rollback or Hotfix Deployed** – If a release caused the issue, rollback is triggered. +✅ **Failover to Backup Region** if the primary region is down. +✅ **Workarounds Communicated to Customers** if full resolution is delayed. + +### C. Recovery & Post-Mortem (1-24 hours+) + +✅ **Full Service Restored** – Confirmation of resolution and monitoring for stability. +✅ **Incident Report & RCA Published** – Detailed analysis, corrective actions, and next steps documented. +✅ **Long-Term Fixes Implemented** – Preventative measures such as **redundancy improvements, process updates, and security patches** applied. + +## Preventative Measures to Avoid High-Severity Incidents + +To minimize the chances of such critical incidents occurring: +✅ **High Availability Architectures** – Ensure multi-region failover and active-active deployments. +✅ **Chaos Engineering & Load Testing** – Simulate failures to improve system resilience. +✅ **Real-Time Monitoring & Alerting** – Use **CloudWatch, Datadog, Prometheus, or ELK Stack** to detect issues proactively. +✅ **Automated Rollbacks** – Ensure all deployments can be reverted **within minutes** if they introduce instability. +✅ **Strict Change Management** – Require **pre-production testing and approval** for all major releases. +✅ **Security Hardening & Compliance Checks** – Conduct **regular security audits and penetration testing** to prevent breaches. + +## Conclusion + +A highest-level **Major Incident in a SaaS Cloud Application** is one that **cripples business operations, affects a significant customer base, or poses severe security and compliance risks**. These require a **swift, coordinated response** to minimize downtime and prevent reputational or financial damage. A strong incident management strategy, combined with **proactive monitoring, high-availability architectures, and automation**, is key to reducing the risk and impact of such incidents. + +**Related pages** + +- Page: + [ESM Cloud Farm Version Tracking](/display/ICSD/ESM+Cloud+Farm+Version+Tracking) +- Page: + [How to get an Opentext Confluence account](/display/ICSD/How+to+get+an+Opentext+Confluence+account) +- Page: + [ITOM APM AppPluse Cloud Farm Information](/display/ICSD/ITOM+APM+AppPluse+Cloud+Farm+Information) +- Page: + [ITOM Cloud Service Ops Doc Management Process](/display/ICSD/ITOM+Cloud+Service+Ops+Doc+Management+Process) +- Page: + [ITOM ESM Cloud Service Catalog](/display/ICSD/ITOM+ESM+Cloud+Service+Catalog) +- Page: + [ITOM OpsB NOM Cloud Service Catalog](/display/ICSD/ITOM+OpsB+NOM+Cloud+Service+Catalog) +- Page: + [OpsB and NOM Cloud Deployments Version Tracking](/display/ICSD/OpsB+and+NOM+Cloud+Deployments+Version+Tracking) diff --git a/knowledgebase/csd-wiki/ICSD/Major-Incident-Management-Process_686083938.md b/knowledgebase/csd-wiki/ICSD/Major-Incident-Management-Process_686083938.md new file mode 100644 index 00000000..d02dec63 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/Major-Incident-Management-Process_686083938.md @@ -0,0 +1,125 @@ +# Major-Incident-Management-Process_686083938 +## Introduction + +This document describes the process and best practices for assessing, identifying, responding, communicating, and tracking when a Major Incident occurs in a Customer Cloud environment. + +## Identification and Detection + +- **Automated Monitoring**: Utilize robust monitoring tools to detect anomalies, performance issues, and potential outages. +- **User Reports**: Encourage users to report issues promptly via designated channels. + +### Best Practice + +- In the current Cloud service, the definition of Major Incident includes the following + - **Service Outage** - users cannot access the application to get any cloud services + - **Performance Degradation** - Performance issues are evident in the system application through monitoring and user feedback + - **Major Functionalities** - Currently it refers mainly to the main functions of each product monitored through APM + +## Initial Assessment + +- **Incident Triage**: Quickly assemble a cross-functional incident response team, including representatives from development, operations, and support. +- **Impact Analysis**: Evaluate the scope and impact of the incident on users, systems, and business operations. + +### Best Practice + +- There are many ways in which we analyze incident and assess the impact on our customers. + - **From APM monitoring** - Major Function Service Availbility Check. Currently we have Service Availability checks defined for major features in the product. Currently the Service Center team checks and alerts this monitor 24x7. As soon as a problem occurs, it will be notified in Teams Channel. However, the probability of a False Alert on this monitor is high, so it is necessary to perform a manual validation to determine if it is a real Major Incident. + - **From Unified Monitoring** - Monitor Infra, K8S node, K8S pod, applicaiton with Granfa for various pre-defined levels of metrics. For Details, please refer to: [ESM Cloud Unified Monitoring](https://rndwiki.houston.softwaregrp.net/confluence/display/ICS/ESM+Cloud+Unified+Monitoring) + - **Confirm by Manual Validation -** Once both APM Monitoring and Unified Monitoring have alerted the system, we can also check the system manually by logging in. Team member need to save the login for each farm some monitoring tenant as quickly as possible to quickly define the problem. +- Our goal is to determine if Farm has a S0/S1 level problem in the fastest way possible so that we can initiate the Incident Response process in the first place. + +## Incident Logging + +- **Centralized Logging**: Maintain a centralized incident log that captures all relevant details, timestamps, and initial impact assessment. +- **Severity Classification**: Categorize incidents based on severity to prioritize response efforts. + +### Best Practice + +- Once the Major Incident has been confirmed, we need to notify the Service Center team to create a Centralized Incident in the [PPM Essential system](https://essentials.saas.microfocus.com/itg/dashboard/app/portal/PageView.jsp) as a follow-up to the RCA update as well as define Corrective Actions and Preventive Usually the Incident Manager is defined as the RCA Owner to provide detailed information. + +## Communication + +- **Internal Communication**: Establish communication channels for the incident response team, ensuring timely updates and coordination. +- **External Communication**: Prepare predefined messages for customers and stakeholders, providing transparency about the incident. + +### Best Practice + +**Internal Communication:** + +- Create a new Teams chat group in time and add relevant stakeholders to bring attention to major incidents in time for better support. +- Relevant stakeholders include: + - Incident Manager: Can be a Cloud team lead or Senior team member, this role will be coordinated and directed in the event of an incident. + - CORE CPE Engineer: CORE CPE engineers will follow up with customers' incident-related tickets and respond to customers' related questions in a timely manner. + - Cloud Ops Engineer + - RnD Emergency Contact +- Internal communication is very important in order to save time and get all the relevant people involved in Incident's support. + +**External Communication:** + +- When a major incident occurs, we should communicate with the customer as soon as possible in order to keep them up to date. +- There are currently two main types of communication + - Send notification to specified customer groups via PCS. For details, please refer to - [Send email notification to SaaS customers via PCS](https://confluence.opentext.com/display/ICSD/Send+email+notification+to+SaaS+customers+via+PCS) + - Publish Incident Report in SaaS Service Health Page. For details, please refer to - Operation guide for SaaS Service Health Page +- It is best to follow the given format when posting a incident notificaiton: [Major Incident Customer Communication Template](https://rndwiki.houston.softwaregrp.net/confluence/display/ICS/Major+Incident+Customer+Communication+Template) + +## Resolution + +- **Runbooks and Playbooks**: Develop detailed runbooks and playbooks for common incident scenarios, outlining step-by-step resolution procedures. +- **Escalation Procedures**: Define clear escalation paths for issues that require higher-level expertise or management attention. + +### Best Practice + +- The Cloud Service team has developed a detailed runbook to address some of the most common problems, which allows you to choose the appropriate way to recover services for different types of false alarms. For details, please refer to: [Alert Runbooks based on monitoring](https://rndwiki.houston.softwaregrp.net/confluence/display/ICS/Alert+Runbooks+based+on+monitoring) +- If the service is still not restored properly through the existing runbook, we need to immediately involve RnD engineers through a pre-defined escalation path. + +## Post-Incident Review (PIR) + +- **Root Cause Analysis (RCA)**: Conduct a thorough RCA to identify the underlying cause of the incident. +- **Documentation**: Document the incident resolution process, lessons learned, and preventive measures for future incidents. + +### Best Practice + +- The current best pratices are for each major incident, Cloud service team will create a wiki page to track some important information, such as what important changes have been made during the incident, the focus of the discussion. Preventive actions planned for the future. For example: [2023/11/08 - EU8 - SMAX- Service Outage](https://rndwiki.houston.softwaregrp.net/confluence/pages/viewpage.action?pageId=1278257525) +- In addition, we will also track each major incident, and clearly define the Owner. [ESM Cloud Incident Tracking List](https://rndwiki.houston.softwaregrp.net/confluence/display/ICS/ESM+Cloud+Incident+Tracking+List) +- The Cloud Service team will drive these processes as the primary Incident Owner. +- Once the relevant Corrective Actions and Preventive Actions have been defined, the Cloud Service team's Incident Owner needs to record the CAPA information into the Major Incident in PPM Essential for ongoing tracking. For details, please refer to: [Incident Report and Actions from RCA Owner on Essentials.pdf](#) + +## Continous Improvement + +- **Iterative Updates**: Regularly update incident response procedures based on lessons learned from past incidents. +- **Training and Drills**: Conduct regular training sessions and simulated drills to ensure the incident response team is well-prepared. + +### Best Practice + +- We regularly hold updated training sessions to enhance the team's understanding of the Major Incident process and to share best practices. + +## Monitoring and Alerting Ehancements + +- **Continuous Monitoring**: Implement ongoing improvements to monitoring and alerting systems to proactively detect potential issues. +- **Automated Remediation**: Integrate automated remediation tools to address common incidents swiftly. + +### Best Practice + +- Adjust monitoring metrics in a timely manner to reduce the probability of a FALSE ALERT. We need more accurate and effective monitoring to catch problems. + +## Documentation and Knowledge Sharing + +- **Knowledge Base**: Maintain a comprehensive knowledge base with troubleshooting guides, FAQs, and resolutions for known issues. +- **Documentation Accessibility:** Ensure that incident response documentation is easily accessible to all team members. + +### Best Practice + +- We need to keep improving the runbook so that there is a consistent way for team members to monitor all levels of issues and resolve them. [Alert Runbooks based on monitoring](https://rndwiki.houston.softwaregrp.net/confluence/display/ICS/Alert+Runbooks+based+on+monitoring) + +## Review and Audit + +- **Periodic Audits**: Conduct periodic reviews and audits of the major incident management process to identify areas for improvement. +- **Compliance Checks**: Ensure that the process aligns with industry best practices and regulatory requirements. + +### Best Practice + +- We need plan the regularly conduct Major Incident rehersal to ensure that team members are familiar with the process and the importance of division of labor. + +## Training Record: + +[https://opentextcorporation-my.sharepoint.com/:v:/g/personal/wshen\_opentext\_com/EaP0NtIYS1pCn3LWaMDkpMMBX5AVF2HOQlMos7L39PMRaA?referrer=Teams.TEAMS-ELECTRON&referrerScenario=MeetingChicletGetLink.view.view](https://opentextcorporation-my.sharepoint.com/:v:/g/personal/wshen_opentext_com/EaP0NtIYS1pCn3LWaMDkpMMBX5AVF2HOQlMos7L39PMRaA?referrer=Teams.TEAMS-ELECTRON&referrerScenario=MeetingChicletGetLink.view.view&isSPOFile=1) diff --git a/knowledgebase/csd-wiki/ICSD/Major-Incident-Training_686070569.md b/knowledgebase/csd-wiki/ICSD/Major-Incident-Training_686070569.md new file mode 100644 index 00000000..366fc8ae --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/Major-Incident-Training_686070569.md @@ -0,0 +1,15 @@ +# Major-Incident-Training_686070569 +1. [ITOM Cloud Service Delivery](index.html) +2. [ITOM Cloud Service Delivery](ITOM-Cloud-Service-Delivery_681555087.html) +3. [💠6 - Training Materials](686070469.html) +4. [Newbie training](Newbie-training_686070534.html) + +Created by, last modified on Jan 20, 2025 EST + +## Training Record: + +[https://opentextcorporation-my.sharepoint.com/:v:/g/personal/wshen\_opentext\_com/EaP0NtIYS1pCn3LWaMDkpMMBX5AVF2HOQlMos7L39PMRaA?referrer=Teams.TEAMS-ELECTRON&referrerScenario=MeetingChicletGetLink.view.view](https://opentextcorporation-my.sharepoint.com/:v:/g/personal/wshen_opentext_com/EaP0NtIYS1pCn3LWaMDkpMMBX5AVF2HOQlMos7L39PMRaA?referrer=Teams.TEAMS-ELECTRON&referrerScenario=MeetingChicletGetLink.view.view&isSPOFile=1) + +Document generated by Confluence on Sep 15, 2025 22:27 EDT + +[Atlassian](https://www.atlassian.com/) diff --git a/knowledgebase/csd-wiki/ICSD/Managed-Services-for-Multi-Cloud-Platform_686070220.md b/knowledgebase/csd-wiki/ICSD/Managed-Services-for-Multi-Cloud-Platform_686070220.md new file mode 100644 index 00000000..e4341a9f --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/Managed-Services-for-Multi-Cloud-Platform_686070220.md @@ -0,0 +1,14 @@ +# Managed-Services-for-Multi-Cloud-Platform_686070220 +## Introduction + +This page presents all the services / re-requisites required for multi-cloud deployment. The cloud is not limited to AWS, Azure, GCP, etc. + +## Comparison of Managed Service for Multi-Cloud Platform + +
CategoryNative Cloud ServicesAWSGCPAzureComment
Deployment & ComputeContainer OrchestrationAWS EKS GKEAKS
Virtual MachinesAWS EC2 GCEAzure VM
Autoscaling & ElasticityAWS ASG GCP Instance GroupsAzure VM Scale Sets
Infrastructure as CodeAWS CloudFormation GCP Deployment ManagerMore generalized approach to use Terraform
Serverless FunctionsAWS Lambda GCP Cloud FunctionsAzure Functions
Service Mesh & API GatewayAWS App Mesh/API GatewayGCP API GatewayAzure API Management
Network & ConnectivityVPC & Private NetworkingAWS VPC GCP VPCAzure VNet
Load BalancingAWS ALB/ELB GCP Load BalancerAzure LoadBalancer
Service-to-Service CommunicationAWS PrivateLink GCP Private Service ConnectAzure Private Link
Hybrid ConnectivityAWS Direct ConnectGCP InterconnectAzure ExpressRoute
DNS & Traffic RoutingAWS Route 53 GCP Cloud DNSAzure DNS
CDN & Edge ServicesAWS CloudFrontGCP Cloud CDNAzure Front Door
Database & StorageManaged DatabasesAWS RDS GCP Cloud SQLAzure SQL Database
NoSQL & Key-Value StoresAWS DynamoDB GCP FirestoreAzure CosmosDB
Data WarehousingAWS RedshiftGCP BigQueryAzure Synapse
File StorageAWS EFS GCP FilestoreAzure Files
Block StorageAWS EBS GCP Persistent DisksAzure Managed Disks
Object StorageAWS S3 GCP Cloud StorageAzure Blob Storage
Backup & Disaster RecoveryAWS Backup GCP Backup and DRAzure Backup
Observability & MonitoringMetrics & MonitoringAWS CloudWatch GCP Cloud MonitoringAzure Monitor
Logging

AWS CloudWatch Logs

AWS ELK

GCP Cloud LoggingAzure Log Analytics
Tracing & APM

AWS X-Ray

AWS Synthetics

GCP Cloud TraceAzure Application Insights
SIEM & Security MonitoringAWS Security HubGCP ChronicleMicrosoft Sentinel
Identity & SecurityIAM & Role ManagementAWS IAM GCP IAMAzure AD Roles
Encryption & Key ManagementAWS KMS GCP KSAzure Key Vault
Access Control & Policy ManagementAWS SCP GCP Organization PolicyAzure Policy
Security Compliance & AuditAWS ConfigCGP Security Command CenterAzure Security Center
DDoS & WAFAWS Shield WAF GCP ArmorAzure WAF
Cost & BillingPricing Models & Cost OptimizationAWS Cost Explore GCP Billing ReportsAzure Cost ManagementMore generalized approach to use FinOps tooling
Reserved & Spot InstancesAWS Saving Plans GCP Committed Use DiscountsAzure Reservations
Resource RightsizingAWS Compute Optimizer GPC RecommenderAzure Advisor
Compliance & Data ResidencyGDPR, FedRAMP, ISO, SOC 2 Compliance
Data Residency & SovereigntyAWS OutpostsGCP Sovereign CloudAzure Sovereign Region
Industry-Specific ComplianceFinancial, Healthcare, Government Cloud Considerations
CI/CD & DevOps IntegrationCI/CD ServicesAWS CodePiplineGCP Cloud BuildAzure DevOps
Artifact ManagementAWS CodeArtifactGCP Artifact RegistryAzure Artifacts
Secret ManagementAWS Secrets Manager GCP Secret ManagerAzure Key Vault
DevSecOps & Policy EnforcementAWS InspectorGCP Binary AuthorizationAzure Defender
AI/ML & Data ProcessingAI/ML ServicesAWS SageMaker GCP Vertex AIAzure Machine Learning
Data Processing & ETLAWS GlueGCP DataflowAzure Data Factory
Streaming & Event ProcessingAWS KinesisGCP Pub/SubAzure Event Hub
Migration & InteroperabilityMigration ToolsAWS Migration HubGCP Migrate for Compute EngineAzure Migrate
Multi-Cloud ManagementAWS OutpostsGCP AnthosAzure Arc
Interoperability ConsiderationsAPIs, SDKs, Terraform Support
+ +## Multi-Cloud Readiness Check List + +A well-rounded **Operations** strategy ensures cloud environments remain **secure, scalable, cost-efficient, and highly available**. Each category plays a crucial role in maintaining **business continuity** and **performance excellence** across AWS, GCP, Azure, and niche clouds. + +
CategoryDescription
Product ReadinessCloud-Native CompatibilityAssessing cloud-native architecture readiness (12-factor apps, microservices)
Service DependenciesEvaluating integrations with cloud-managed services
Resilience & Fault ToleranceEnsuring application can handle cloud failures (e.g., auto-retries, circuit breakers)
Scalability TestingLoad testing and benchmarking across different cloud environments
Multi-Cloud InteroperabilityCompatibility of APIs, databases, authentication, and networking across clouds
Cloud Deployment & Infrastructure ManagementCompute Resource ManagementVMs, Containers, Serverless
Networking & Connectivity

VPC, Private Link, Hybrid Cloud Connections

Landing Zone

Load Balancing & Traffic Management
Storage Management
Multi-Region & High AvailabilityMulti-AZ Deployments, Global Load Balancing, Failover Strategies
Monitoring & ObservabilityInfrastructure MonitoringCPU, Memory, Disk, Network Usage (CloudWatch, Cloud Monitoring, Azure Monitor)
Application Performance Monitoring (APM)Service Latency, Error Rates, Tracing
Log Management & Analysis
Distributed Tracing & Service ObservabilityOpenTelemetry
Alerting & Notification
SIEM & Security Monitoring
Incident ManagementOn-call rotations, incident dashboards, root cause analysis (RCA)
Automated Incident Remediation (Auto-healing)AWS Lambda, GCP Cloud Functions, Azure Logic Apps for self-healing
Runbooks & PlaybooksStandardized procedures for cloud service outages and failures
Post-Incident Review & RCA ReportingIncident documentation, follow-up actions
Change Management & Release StrategyVersion Control & Change TrackingGitOps, Terraform State, Change Approval Process
Deployment StrategiesBlue-Green Deployments, Canary Releases, Feature Flags
Rollback & Recovery PlansAutomated rollbacks for failed deployments
Change Impact Analysis
Performance OptimizationAutoscaling & ElasticityAWS ASG, GCP Instance Groups, Azure VM Scale Sets
Database Performance TuningIndexing, Read Replicas, Query Optimization
Latency Reduction & CachingRedis, Memcached, AWS CloudFront, Azure CDN, GCP Cloud CDN
Service Mesh for MicroservicesIstio, Linkerd, AWS App Mesh
Proactive Performance TestingLoad testing, Chaos Engineering
Cost Optimization & Resource ManagementCloud Cost Visibility & BudgetingAWS Cost Explorer, GCP Billing Reports, Azure Cost Management
Rightsizing & Optimization
Reserved Instances & Savings PlansAWS Savings Plans, GCP Committed Use Discounts, Azure Reservations
Auto-shutdown & Scheduling for Non-production EnvironmentsAWS Compute Optimizer, GCP Recommender, Azure Advisor
Security & ComplianceIdentity & Access Management (IAM)Role-based access control (RBAC)
Encryption & Data ProtectionAWS KMS, GCP KMS, Azure Key Vault
Compliance & Audit ReadinessFedRAMP, GDPR, HIPAA, SOC 2, ISO 27001
Security Posture ManagementAWS Security Hub, GCP Security Command Center, Azure Security Center
Zero Trust & Network SegmentationPrivateLink, Firewall Rules, Security Groups, Azure NSGs
DDoS & Web Application SecurityAWS Shield, GCP Armor, Azure WAF
Backup & Disaster Recovery (DR)Automated Backups & Retention PoliciesAWS Backup, GCP Backup & DR, Azure Backup
Disaster Recovery Planning (DRP)RTO/RPO definitions, DR failover testing
Cross-Region ReplicationAWS Multi-AZ RDS, GCP Spanner, Azure Geo-Replication
Failover & High Availability (HA) SetupHot/Cold Standby, Multi-cloud DR Strategies
Automation & Infrastructure as Code (IaC)Infrastructure as Code (IaC)Terraform, AWS CloudFormation, Azure Bicep
Configuration ManagementAnsible, AWS Systems Manager, Azure DSC
Automated Workflows & RunbooksAWS Step Functions, GCP Workflows, Azure Logic Apps
Secret Management & Policy EnforcementAWS Secrets Manager, GCP Secret Manager, Azure Key Vault
DevOps & CI/CDCI/CD Pipelines & Code DeploymentAWS CodePipeline, GCP Cloud Build, Azure DevOps
Artifact ManagementAWS CodeArtifact, GCP Artifact Registry, Azure Artifacts
Policy as Code & Compliance AutomationAWS Config Rules, GCP Policy Controller, Azure Policy
DevSecOps Practices

Security Scanning in CI/CD (Snyk, Aqua, Prisma)

OT: Prisma Defender, Qualys

Hybrid & Multi-Cloud OperationsMulti-Cloud Management ToolsAWS Outposts, GCP Anthos, Azure Arc
Data Synchronization & IntegrationAWS DataSync, GCP Transfer Service, Azure Data Factory
Cross-Cloud Networking & VPNs:AWS Transit Gateway, GCP Cloud VPN, Azure Virtual WAN
Interoperability & API ManagementAWS API Gateway, GCP API Gateway, Azure API Management
diff --git a/knowledgebase/csd-wiki/ICSD/Mega-Audit-Preparation_689012718.md b/knowledgebase/csd-wiki/ICSD/Mega-Audit-Preparation_689012718.md new file mode 100644 index 00000000..b93921bc --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/Mega-Audit-Preparation_689012718.md @@ -0,0 +1,33 @@ +# Mega-Audit-Preparation_689012718 +## Introduction + +## Audit Preparation Check List + +- Quaerly AWS Account Access Review Report +- AWS Cloud Asset Inventory Report + - Include Team Owner PDL +- Cloud Applicaiton Monitoring Configuration & Alerting Sample +- Security Scaning Evidence + - Qualys Report + - Prisma Report + - Process document to handle found security issue + - Example tickets to handle changes to fix identified security issue (Qualys, Prisma) +- Snapshot evidence through AWS backup plan +- Data encryption evidence for AWS resources (RDS, EFS, EBS) + +**Related pages** + +- Page: + [ESM Cloud Farm Version Tracking](/display/ICSD/ESM+Cloud+Farm+Version+Tracking) +- Page: + [How to get an Opentext Confluence account](/display/ICSD/How+to+get+an+Opentext+Confluence+account) +- Page: + [ITOM APM AppPluse Cloud Farm Information](/display/ICSD/ITOM+APM+AppPluse+Cloud+Farm+Information) +- Page: + [ITOM Cloud Service Ops Doc Management Process](/display/ICSD/ITOM+Cloud+Service+Ops+Doc+Management+Process) +- Page: + [ITOM ESM Cloud Service Catalog](/display/ICSD/ITOM+ESM+Cloud+Service+Catalog) +- Page: + [ITOM OpsB NOM Cloud Service Catalog](/display/ICSD/ITOM+OpsB+NOM+Cloud+Service+Catalog) +- Page: + [OpsB and NOM Cloud Deployments Version Tracking](/display/ICSD/OpsB+and+NOM+Cloud+Deployments+Version+Tracking) diff --git a/knowledgebase/csd-wiki/ICSD/Migrate-roles-newly-added-in-CMS_688996336.md b/knowledgebase/csd-wiki/ICSD/Migrate-roles-newly-added-in-CMS_688996336.md new file mode 100644 index 00000000..b2d0ab84 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/Migrate-roles-newly-added-in-CMS_688996336.md @@ -0,0 +1,56 @@ +# Migrate-roles-newly-added-in-CMS_688996336 +## Introduction + +This topic describes how to migrate roles newly added in CMS. + +We provide an **sh** script to sync newly added CMS roles from IdM to the tenant. + +The steps below are per tenant. + +## Script file + +[AuthConvergence\_migration\_Release.sh](attachments/688996336/688996341.sh) + +#### Follow these steps: + +1. Upload the script to the control plane node of the suite. +2. Log in to the control plane node as a root user, copy the script to the toolkit pod, and grant the executable permissions to the script and file. +3. Go to the toolkit pod and run the following command in the directory where the script is located: + ``` + sh AuthConvergence_migration_Release.sh -a + ``` + Where is the ID of the account for which you want to migrate the roles. For example, `sh AuthConvergence_migration_Release.sh -a 123456789` + +**The script will be run if you use the right account\_id.** You can see the following message after the script is successfully executed: + +![](attachments/688996336/688996334.png) + +It will print the task info at last. If some roles have been migrated, the succeeded part should contain values, as shown below. + +![](attachments/688996336/688996335.png) + +## Introduction + +**Related pages** + +- Page: + [ESM Cloud Farm Version Tracking](/display/ICSD/ESM+Cloud+Farm+Version+Tracking) +- Page: + [How to get an Opentext Confluence account](/display/ICSD/How+to+get+an+Opentext+Confluence+account) +- Page: + [ITOM APM AppPluse Cloud Farm Information](/display/ICSD/ITOM+APM+AppPluse+Cloud+Farm+Information) +- Page: + [ITOM Cloud Service Ops Doc Management Process](/display/ICSD/ITOM+Cloud+Service+Ops+Doc+Management+Process) +- Page: + [ITOM ESM Cloud Service Catalog](/display/ICSD/ITOM+ESM+Cloud+Service+Catalog) +- Page: + [ITOM OpsB NOM Cloud Service Catalog](/display/ICSD/ITOM+OpsB+NOM+Cloud+Service+Catalog) +- Page: + [OpsB and NOM Cloud Deployments Version Tracking](/display/ICSD/OpsB+and+NOM+Cloud+Deployments+Version+Tracking) + +## Attachments: + +[image-2025-2-8\_15-6-3.png](attachments/688996336/688996334.png) (image/png) +[image-2025-2-8\_15-6-14.png](attachments/688996336/688996335.png) (image/png) +[AuthConvergence\_migration\_Release.sh](attachments/688996336/688996341.sh) (application/x-sh) +[AuthConvergence\_migration.sh](attachments/688996336/688996344.sh) (application/x-sh) diff --git a/knowledgebase/csd-wiki/ICSD/Monitoring-Alert-Serverity-Definition_686073660.md b/knowledgebase/csd-wiki/ICSD/Monitoring-Alert-Serverity-Definition_686073660.md new file mode 100644 index 00000000..738c5a24 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/Monitoring-Alert-Serverity-Definition_686073660.md @@ -0,0 +1,14 @@ +# Monitoring-Alert-Serverity-Definition_686073660 +## Introduction + +This document describes the current Alert serverity level definitions. + +## Serverity Definition: + +| | Serverity | Descrption | Example | +| --- | --- | --- | --- | +| | Critical | Critical issues that demand immediate attention. These incidents have a severe and widespread impact on services, leading to complete service outages or critical business functions being unavailable. | - Total service outage affecting all users. - Data loss with no immediate recovery option. | +| | High | High-priority issues requiring prompt attention. These incidents have a significant impact on operations but might not be as severe as S0. They need urgent resolution to minimize the impact on users and business processes. | - Major service degradation affecting a large subset of users. - Critical features experiencing issues. | +| S2 | Medium | Medium-priority issues that need attention, but may not require immediate action. These incidents have a noticeable impact on operations, but workarounds may be available. | - Partial service degradation affecting specific features or user groups. - Performance degradation impacting user experience. | +| S3 | Low | Low-priority issues that have minimal impact on operations. These incidents are typically non-critical and can be addressed in a scheduled manner. | - Minor bugs or cosmetic issues. - Non-urgent feature requests. | +| S4 | Information | Informational items or events that do not require immediate action. These may include notifications, alerts, or reports that provide insights into the system's health or performance. | - System usage statistics or trends. - Informational alerts for proactive monitoring. | diff --git a/knowledgebase/csd-wiki/ICSD/Monitoring-Database_686083870.md b/knowledgebase/csd-wiki/ICSD/Monitoring-Database_686083870.md new file mode 100644 index 00000000..7c674919 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/Monitoring-Database_686083870.md @@ -0,0 +1,72 @@ +# Monitoring-Database_686083870 +## Introduction + +This page presents all the monitoring used to cover database level monitoring, not limited to DB instance level, application level monitoring. + +## Detailed monitors + +#### Instance level monitoring + +- Locks - blocked sessions(TBD) - check every 1 minute + - Graph (To be reviewed) + ``` + SELECT count(bl.pid) AS blocked_pid_count FROM pg_catalog.pg_locks bl JOIN pg_catalog.pg_stat_activity a ON a.pid = bl.pid JOIN pg_catalog.pg_locks kl ON kl.transactionid = bl.transactionid AND kl.pid != bl.pid JOIN pg_catalog.pg_stat_activity ka ON ka.pid = kl.pid WHERE NOT bl.granted and a.query_start <= (now() - interval '5 minutes'); + ``` + - Table + ``` + SELECT bl.pid AS blocked_pid, a.usename AS blocked_user, a.query_start AS blocked_start_time , a.query AS blocked_statement, now() - a.query_start AS blocked_duration,ka.query AS blocking_statement, ka.query_start AS blocking_start_time , now() - ka.query_start AS blocking_duration, kl.pid AS blocking_pid, ka.usename AS blocking_user FROM pg_catalog.pg_locks bl JOIN pg_catalog.pg_stat_activity a ON a.pid = bl.pid JOIN pg_catalog.pg_locks kl ON kl.transactionid = bl.transactionid AND kl.pid != bl.pid JOIN pg_catalog.pg_stat_activity ka ON ka.pid = kl.pid WHERE NOT bl.granted and a.query_start <= (now() - interval '5 minutes'); + ``` +- Long active queries (TBD) - check every 10 minutes + - Graph + ``` + SELECT count(pid) AS Long_Query_count FROM pg_catalog.pg_stat_activity WHERE (now() - pg_catalog.pg_stat_activity.query_start) > interval '30 minutes' and state = 'active'; + ``` + - Table + ``` + SELECT pid, now() - pg_catalog.pg_stat_activity.query_start AS duration, state FROM pg_catalog.pg_stat_activity WHERE (now() - pg_catalog.pg_stat_activity.query_start) > interval '30 minutes' and state = 'active'; + ``` +- Capture RDS top 10 query (TBD) - check every 10 minutes + 1. Clean stat\_statement bi-weekly + 2. capture during runtime if CPU is more than 97% for 60 mins + 3. Table + ``` + Select (select datname from pg_database where oid=dbid) as db_name, query as short_query, round(total_time::numeric, 2) as total_time, calls, round(mean_time::numeric, 2) as mean, round((100 * total_time / sum(total_time::numeric) over ())::numeric, 2) as percentage_overall from pg_stat_statements order by total_time desc limit 20; + ``` + 4. Graph (Optional) + ``` + Select (select datname from pg_database where oid=dbid) as db_name, query as short_query, round((100 * total_time / sum(total_time::numeric) over ())::numeric, 2) as percentage_overall from pg_stat_statements order by total_time desc limit 20; + ``` +- Dead tuple - logical database level (TBD) - check every 10 minutes + - Table + ``` + -- Top bloating tables + select relname, n_dead_tup, last_vacuum, last_autovacuum from + pg_catalog.pg_stat_all_tables + where n_dead_tup > 0 order by n_dead_tup desc limit 20; + ``` + - Graph (Optional) + ``` + -- Top bloating tables + select relname, n_dead_tup + pg_catalog.pg_stat_all_tables + where n_dead_tup > 0 order by n_dead_tup desc limit 20; + ``` + +#### Database level customer metrics + +1. NativeSACM Transaction Context Queue - check every 10 minutes + ``` + select count(*) from transaction_context_$tenant where entity::jsonb->>'entity_type' in('Device','SystemElement','ServiceComponent','ActualService') ; + ``` +2. NativeSACM Transaction Context Queue retries - check every 10 minutes + ``` + select count(*) from transaction_context_$tenant where retry_count=2 and entity::jsonb->>'entity_type' in('Device','SystemElement','ServiceComponent','ActualService') ; + ``` +3. SLT Job queue - check every 10 minutes + ``` + select count(1) from transaction_context_$tenant a, transaction_etl_job_$tenant b where a.transaction_timestamp > b.last_taken and a.flag0 & 1 = 1 and b.job_name = 'SLT'; + ``` +4. SLT Delay time (This may need to be removed if it's the same as SLT Job Queue) - check every 10 minutes + ``` + SELECT now() - last_taken as delay FROM maas_admin.transaction_etl_job_$tenant where job_name = 'SLT';" + ``` diff --git a/knowledgebase/csd-wiki/ICSD/Monitoring-reference-for-newbie_686070588.md b/knowledgebase/csd-wiki/ICSD/Monitoring-reference-for-newbie_686070588.md new file mode 100644 index 00000000..b25a9686 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/Monitoring-reference-for-newbie_686070588.md @@ -0,0 +1,12 @@ +# Monitoring-reference-for-newbie_686070588 +## Introduction + +This page presents the reference docs or books for monitoring newbies. + +## Reference + +1. CHAP 1, CHAP 4, CHAP 6, CHAP 12, CHAP 16 in [LoadRunner and Performance Center Performance Monitoring Best Practice Guide](https://www.microfocus.com/media/documentation/loadrunner_and_performance_center_document.pdf) +2. [List of Cloudwatch metrics for your EC2 instance](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/viewing_metrics_with_cloudwatch.html) +3. [Monitoring Amazon RDS](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/MonitoringOverview.html) +4. CHAP 5~9 in [Practical Monitoring](https://learning.oreilly.com/library/view/practical-monitoring/9781491957349/) +5. CHAP 1~4, CHAP 6~7 [图解性能优化](https://book.douban.com/subject/26941642/) diff --git a/knowledgebase/csd-wiki/ICSD/Monthly-SLA_686070031.md b/knowledgebase/csd-wiki/ICSD/Monthly-SLA_686070031.md new file mode 100644 index 00000000..56e97219 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/Monthly-SLA_686070031.md @@ -0,0 +1,4 @@ +# Monthly-SLA_686070031 +Created by, last modified by Wei Shen on Feb 08, 2025 EST + +- [ESM Monthly SLA Result](ESM-Monthly-SLA-Result_686070050.html) diff --git a/knowledgebase/csd-wiki/ICSD/Multi-cloud-deployment_686070213.md b/knowledgebase/csd-wiki/ICSD/Multi-cloud-deployment_686070213.md new file mode 100644 index 00000000..fda5b08f --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/Multi-cloud-deployment_686070213.md @@ -0,0 +1,2 @@ +# Multi-cloud-deployment_686070213 +Created by on Jan 20, 2025 EST diff --git a/knowledgebase/csd-wiki/ICSD/NOM---Private-Cloud-Onboarding_704548762.md b/knowledgebase/csd-wiki/ICSD/NOM---Private-Cloud-Onboarding_704548762.md new file mode 100644 index 00000000..fb66c211 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/NOM---Private-Cloud-Onboarding_704548762.md @@ -0,0 +1,8 @@ +# NOM---Private-Cloud-Onboarding_704548762 +| CSD Name | Documentation & Templates | Owner | Status | ETA | Comments | +| --- | --- | --- | --- | --- | --- | +| **CSD02 - External Request Catalog** | [CSD-02 Request Catalog](https://intranet.opentext.com/intranet/llisapi.dll/app/nodes/177067873) | Boglarka | Completed | | - Use catalog from CSD wiki: [ITOM OpsB NOM Cloud Service Catalog - ITOM Cloud Service Delivery - Confluence OpenText](https://confluence.opentext.com/display/ICSD/ITOM+OpsB+NOM+Cloud+Service+Catalog) - Drafted - under review | +| **CSD05 - Provisioning Exit Report** | [CSD-05 Cloud Application Deployment Verification](https://intranet.opentext.com/intranet/llisapi.dll/app/nodes/177062740) | Raluca | Completed | 13 Jun 2025 | - Automation completed. - Start completing document. | +| **Dry run** | N/A | | Completed | | - Dy run - end to end - concluded on the 27th of June (VPN setup, deployment). Service availability monitoring - APM script needs to be adjusted- basic testing required | +| **CSD13 - Customer Run Book** | [CSD-13 Cloud Customer Run Book](https://intranet.opentext.com/intranet/llisapi.dll/app/nodes/177066255) | Sajith | Not started | | - TBC what is needed | +| **CSD08 - Service Monitoring and Usage Tracking** | [CSD-08 Service Monitoring and Usage Tracking](https://intranet.opentext.com/intranet/llisapi.dll/app/nodes/177065185) | | Not started | | | diff --git a/knowledgebase/csd-wiki/ICSD/New-Farm-OPS-Requirments_688988220.md b/knowledgebase/csd-wiki/ICSD/New-Farm-OPS-Requirments_688988220.md new file mode 100644 index 00000000..702a4bdf --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/New-Farm-OPS-Requirments_688988220.md @@ -0,0 +1,36 @@ +# New-Farm-OPS-Requirments_688988220 +The purpose of this page is to describe the requirements in order to operate a new SMAX SaaS farm. + +## Monitoring: + +- APM: + - A dedicated tenant with sample data deployed. + - Disable SLT from the monitoring tenant + - Applications to be created: SLA, Major functionalities, internal SLA. The SLA application name should include the farm id from CT. + - Add the SLA application to SMAX SLA, Add the internal SLA application to SMAX internal SLA. Verify that the KPIs were populated properly. +- SiteScope: + - Connect bastion server to the domain + - In case of a new region, ask PSDC to give the team members access and permissions in the SiteScope + - Copy and modified scripts from existing farms to the new bastion server and update the environment variable accordingly. + - Create an IAM user with sufficient permissions and use its keys for the AWS monitors. + - Open Rabbitmq ports so the SiteScope can reach them + - Make sure that the SiteScope can communicate with the bastion server. + - Deploy monitors from the templates +- Prometheus - enable Prometheus and Grafana + +## Setup: + +- Schedule idol compact to run periodically (daily\\weekly) +- Setup AWS backup jobs to backup RDS and EFS every 6 hours and keep the backups for one week +- The bastion server should be deployed from an AMI. If this farm is deployed in a new region or account, work with PSDC to copy the AMI accordingly. + +## Administration: + +- Add the farm to CT. +- Add a new environment to the PCS prod tenant. +- Add a service health page to the farm. Make sure you can add incident reports and maintenance windows via the operational console +- Verify that the APM data is populated. +- In case of a new AWS account - set SAML authentication to all OPS people - ticket to PSDC. +- Add password to passwords file in S3. +- Create individual users with bo admin permissions to all ops members. +- DWG reports - make sure the reports covers the new farm diff --git a/knowledgebase/csd-wiki/ICSD/Newbie-training_686070534.md b/knowledgebase/csd-wiki/ICSD/Newbie-training_686070534.md new file mode 100644 index 00000000..9b6412d8 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/Newbie-training_686070534.md @@ -0,0 +1,2 @@ +# Newbie-training_686070534 +Created by on Jan 20, 2025 EST diff --git a/knowledgebase/csd-wiki/ICSD/OO-APM-Monitoring-Business-Flow_686073823.md b/knowledgebase/csd-wiki/ICSD/OO-APM-Monitoring-Business-Flow_686073823.md new file mode 100644 index 00000000..4d005129 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/OO-APM-Monitoring-Business-Flow_686073823.md @@ -0,0 +1,168 @@ +# OO-APM-Monitoring-Business-Flow_686073823 +## Introduction + +This document describes the use cases used for OO RUM (Real User Monitoring) testing. + +## OO APM Monitoring Business Flow + +#### SMAX LOGIN + +- Login into **https://- smax.saas.microfocus.com/saw/ess?TENANTID=** +- **example: [https://oo.eu8-smax.saas.microfocus.com/oo/?tenantId=384525684](https://oo.eu8-smax.saas.microfocus.com/oo/?tenantId=384525684)** + +This will load Agent Interface. (optional): Opentext menu(3 lines) and click -Agent Interface + +#### 1.Check availability of Automation Operations + +**1.a.**Navigate to Run>Automation Operations: https://- smax.saas.microfocus.com/oo/?tenantId=#/runtimeWorkspace/runs + +![](attachments/686073823/686073726.png) + +It should load by default: Example: [https://oo.eu8-smax.saas.microfocus.com/oo/?tenantId=384525684#/runtimeWorkspace/runs](https://oo.eu8-smax.saas.microfocus.com/oo/?tenantId=384525684#/runtimeWorkspace/runs) + +**1.b.**See that Run Management > Run Explorer is available by default. + +![](attachments/686073823/686073727.png) + +**1.c.**Select Content Management. See that Flow Library is available by default. + +![](attachments/686073823/686073729.png) + +#### 2.Check availability of Orchestration Settings + +**2.a.**Navigate to Administration>Orchestration Settings: https://- smax.saas.microfocus.com/oo/?tenantId=#/systemWorkspace/t opology + +![](attachments/686073823/686073734.png) + +**2.b.**See that Topology is available by default. + +Example:[https://oo.eu8-smax.saas.microfocus.com/oo/?tenantId=384525684#/systemWorkspace/topology](https://oo.eu8-smax.saas.microfocus.com/oo/?tenantId=384525684#/systemWorkspace/topology) + +![](attachments/686073823/686073738.png) + +**2.c**.See Workers tab is available and that at least one worker is Enabled and Available + +![](attachments/686073823/686073740.png) + +#### 3.Run OO out-of-the-box AFL Flow + +**3.a.**Navigate to Run>Automation Operations as in **1.a.** above: https://- smax.saas.microfocus.com/oo/?tenantId=#/runtimeWorkspace/runs + +**3.b**.Go to Run Management > Flow Launcher + +**3.c**.Search for: ***How do I*** + +**3.d**.Pick How do I create a parallel flow + +**3.e.**Select Open Run After Launch + +**3.f.**Press Run + +![](attachments/686073823/686073743.png) + +**3.g.**See that a pop-up appears with Status message + +**3.h.**Press Resume and Wait for it to self refresh!!! + +![](attachments/686073823/686073756.png) + +**3.i.**See that the flow completes successfully in the pop-up that appears. Then click to close on top right X. + +![](attachments/686073823/686073759.png) + +**4.Run OO out-of-the-box *CloudSlang* Flow (SKIP this STEP, till OO is on 24.4.1 for all farms)** + +**4.a.**Navigate to Run>Automation Operations as in **1.a.**: https://- smax.saas.microfocus.com/oo/?tenantId=#/runtimeWorkspace/runs + +**4.b.**Go to Content Management > Flow Library + +**4.c.**Search for: **verify** + +**4.d.**Pick: **verify\_url\_is\_accessible** + +**4.e.**Fill in URL to the Automation Operations actual url (example: [https://oo.-smax.saas.microfocus.com/](https://oo.eu8-smax.saas.microfocus.com/)) + +[https://oo.eu8-smax.saas.microfocus.com](https://oo.eu8-smax.saas.microfocus.com/oo/?tenantId=384525684#/runtimeWorkspace/runs) / + +**4.f.**Press Run + +![](attachments/686073823/686073769.png) + +**4.g.**See that the flow completes successfully in the pop-up that appears and Wait for it to self refresh with final status!!! + +![](attachments/686073823/686073771.png) + +**4.h.** See that the flow completes successfully in the pop-up that appears. Then click to close on top right X. + +**5.Schedule an out-of-the-box Flow** + +- 5.a.Navigate to Run>Automation Operations as in **1.a.**: https://- smax.saas.microfocus.com/oo/?tenantId=#/runtimeWorkspace/runs + +**5.b.**Go to Run Management > Scheduler + +![](attachments/686073823/686073772.png) + +**5.c.**Press the + (create) button. + +![](attachments/686073823/686073775.png) + +**5.d.**Select flow Path + +![](attachments/686073823/686073781.png) + +**5.e.**Search for: ***generate random*** + +**5.f.**Pick up: ***generate random number from io folder***. and click SELECT. + +![](attachments/686073823/686073787.png) + +**5.g.**Press Next + +**5.h.**Pick a recurrence: ***yearly***. Make sure it is several months from the date of the schedule. + +![](attachments/686073823/686073789.png) + +**5.i.**Press Next (it will not move further unless the start time is in the future) + +**5.j.**Press Finish + +**5.k.**See that the schedule has been created and available in the list. + +![](attachments/686073823/686073796.png) + +**5.l.**Select the schedule. Press the edit button. Change the schedule name. Press Next, Next, Finish. + +**5.m.**See that the schedule has been edited and the new name is available in the list. + +![](attachments/686073823/686073810.png) + +**5.n.**Select the schedule. Press the **Delete** button Icon at top left and confirm the removal. + +- ![](attachments/686073823/686073815.png) + +**5.o.**Confirm table has no records. + +![](attachments/686073823/686073817.png) + +## Attachments: + +[image-2025-1-21\_13-49-42.png](attachments/686073823/686073726.png) (image/png) +[image-2025-1-21\_13-49-58.png](attachments/686073823/686073727.png) (image/png) +[image-2025-1-21\_13-50-16.png](attachments/686073823/686073729.png) (image/png) +[image-2025-1-21\_13-51-0.png](attachments/686073823/686073734.png) (image/png) +[image-2025-1-21\_13-51-29.png](attachments/686073823/686073738.png) (image/png) +[image-2025-1-21\_13-51-51.png](attachments/686073823/686073740.png) (image/png) +[image-2025-1-21\_13-52-11.png](attachments/686073823/686073743.png) (image/png) +[image-2025-1-21\_13-53-33.png](attachments/686073823/686073756.png) (image/png) +[image-2025-1-21\_13-53-49.png](attachments/686073823/686073759.png) (image/png) +[image-2025-1-21\_13-56-40.png](attachments/686073823/686073769.png) (image/png) +[image-2025-1-21\_13-57-2.png](attachments/686073823/686073771.png) (image/png) +[image-2025-1-21\_13-57-20.png](attachments/686073823/686073772.png) (image/png) +[image-2025-1-21\_13-57-37.png](attachments/686073823/686073775.png) (image/png) +[image-2025-1-21\_13-58-19.png](attachments/686073823/686073781.png) (image/png) +[image-2025-1-21\_13-59-11.png](attachments/686073823/686073787.png) (image/png) +[image-2025-1-21\_13-59-35.png](attachments/686073823/686073789.png) (image/png) +[image-2025-1-21\_14-0-13.png](attachments/686073823/686073796.png) (image/png) +[image-2025-1-21\_14-2-1.png](attachments/686073823/686073810.png) (image/png) +[image-2025-1-21\_14-2-31.png](attachments/686073823/686073815.png) (image/png) +[image-2025-1-21\_14-2-50.png](attachments/686073823/686073817.png) (image/png) diff --git a/knowledgebase/csd-wiki/ICSD/OP-tenant-decommission-process_690087778.md b/knowledgebase/csd-wiki/ICSD/OP-tenant-decommission-process_690087778.md new file mode 100644 index 00000000..840a2a73 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/OP-tenant-decommission-process_690087778.md @@ -0,0 +1,322 @@ +# OP-tenant-decommission-process_690087778 +## Introduction + +This guide introduce the decommission process for the Operation Platform tenant. + +## Delete the HCMX tenant + +## Delete the OP tenant + +## Deployment Parameters + +Ensure that following parameters are set appropriately + +| S.No | Parameter | Value | Significance | Reference | +| --- | --- | --- | --- | --- | +| 1 | global.di.enableHardPartitionMT | true | To enable multi-tenant phase 2 deployment | | +| 2 | global.idm.tenant | | The Super Admin Org to which the administrator belongs too. | | +| 3 | global.idm.integrationUser | | The IDM User who has permission to list the IDM tenants and create roles in IDM | | +| 4 | global.idm.integrationUserKey | | The vault secret key that contains the password for IDM user specified in global.idm.integrationUser helm parameter | | +| 5 | itomditenantmgmt.ditenantmgmt.db.dbauser | | The DBA Admin user who has permission to create users, resource pools, grant permissions, delete users and delete resource pools | | +| 6 | itomditenantmgmt.ditenantmgmt.db.dbauserkey | | The vault secret key that contains the password for DBA user specified in itomditenantmgmt.ditenantmgmt.db.dbauser helm parameter. This key should be present in prehook secret (global.preHookSecret) and also in the default secret. | | +| 7 | .Values.itomdimonitoring.monitoringDBUser | | The vertica user which needs to be used for monitoring dashboards. The user should match with the monitoring user created by dbinit. | | +| 8 | .Values.itomdimonitoring.monitoringDBUserKey | | The vault secret key that contains the password for the vertica monitoring user specified in.Values.itomdimonitoring.monitoringDBUser helm parameter. The password should match with the monitoring user password in vertica. | | + +#### Note + +1. The pre-hook secret (specified by global.preHookSecret) should contain the DBA User Password key specified by (itomditenantmgmt.ditenantmgmt.db.dbauserkey) helm parameter + +## Chart Installation + +`helm install itomditenantmgmt -n -f ` + +## Swagger SPEC + +TMS Swagger Spec is available [here](https://pages.github.houston.softwaregrp.net/di-apis/public/tenant-management/#/) + +## Steps to Onboard Tenant + +1. Get IDM Token for a user who as SUPER\_IDM\_PERMISSION + `curl` + `-k -X POST` + `https:``//` `:` `/idm-service/v3``.0` `/tokens` + `-H ` `'content-type: application/json'` `-d ` `'{"passwordCredentials":{"username":"username","password":"password"},"tenantName":"idmOrgName"}'` + + `# idmOrgName should be same as the org specified in global.idm.tenant` + `#The user must have SUPER_IDM_PERMISSION` +2. Perform TMS API Call as per the spec using the IDM token extracted in step1. + +`curl -k -X POST ` `"https://:/itom-data-ingestion-tenant-mgmt/urest/v1/tenants"` +`--header ` `'Content-Type: application/json'` `--header ` `"X-Auth-Token:"` `(Token fetched in the previous step) --data ` `@tenant_onboard_request_tenant1``.json` + +`### Sample Json (tenant_onboard_request_tenant1.json)` + +`{` + `"id"``: ``"tenant_x"``,` + `"name"``: ``"tenant_x"``,` + `"idmOrgName"``: ``"tenant_x"``,` + `"tenantParameters"``: {` + `"dbTenantName"``: ``"tenant_x"``,` + `"rwUser"``: ``"tenant_x_rw_user"``,` + `"rwUserPassword"``: ``"dbrw#tenant1"``,` + `"roUser"``: ``"tenant_x_ro_user"``,` + `"roUserPassword"``: ``"dbro#tenant1"``,` + `"resourcePools"``: [` + `{` + `"name"``: ``"itom_di_streaming_tenant_x_deployment"``,` + `"purpose"``: ``"streaming"``,` + `"memorySize"``: ``1038``,` + `"memoryUnit"``: ``"MB"``,` + `"plannedConcurrency"``: ``4` + `},` + `{` + `"name"``: ``"itom_di_monitoring_tenant_x_deployment"``,` + `"purpose"``: ``"monitoring"``,` + `"memorySize"``: ``250``,` + `"maxMemorySize"``: ``500``,` + `"memoryUnit"``: ``"MB"` + `},` + `{` + `"name"``: ``"itom_di_postload_tenant_x_deployment"``,` + `"purpose"``: ``"postload"``,` + `"memorySize"``: ``1038``,` + `"maxMemorySize"``: ``3072``,` + `"memoryUnit"``: ``"MB"` + `},` + `{` + `"name"``: ``"itom_di_dataaccess_tenant_x_deployment"``,` + `"purpose"``: ``"dataaccess"``,` + `"memorySize"``: ``1038``,` + `"memoryUnit"``: ``"MB"` + `}` +`],` + `"mbusTenantName"``: ``"tenant_x"``,` + `"backlogQuotaInMB"``: ``20``,` + `"ingestionRateInMBPerSec"``: ``2` + `}` +`}` + +`###### Sample Response ##############` +`{` + `"job_id"``: ``"44e3320b-7b8e-459e-a091-47b34a72f31e"``,` + `"operation"``: ``"DEPLOY"` +`}` + +3\. Note down the job\_id obtained as response. This job\_id can be used to track the status of tenant onboarding. + +## Steps to check the status of the tenant + +1. Get IDM Token for a user who as SUPER\_IDM\_PERMISSION + +`curl` +`-k -X POST` +`https:``//` `:` `/idm-service/v3``.0` `/tokens` +`-H ` `'content-type: application/json'` `-d ` `'{"passwordCredentials":{"username":"username","password":"password"},"tenantName":"idmOrgName"}'` + +`# idmOrgName should be same as the org specified in global.idm.tenant` +`#The user must have SUPER_IDM_PERMISSION` + +2\. Perform TMS API Call as per the spec using the IDM token extracted in step1. + +`curl -k -X GET ` `"https://:/itom-data-ingestion-tenant-mgmt/urest/v1/tenants//tenant-jobs/"` `--header ` `'Content-Type: application/json'` `--header ` `"X-Auth-Token:"` `(Token fetched in the previous step) ` + +3\. If the job\_status is successful, then tenant has been onboarded in pulsar, vertica and ODL Services. The ODL application specific roles are created in IDM. + +4\. If the job\_status is failure, then tenant specific GET API can be used to find the reason for failure. + +4.a GET API to view the status of specific tenant. + +`curl -k -X GET ` `"https://:/itom-data-ingestion-tenant-mgmt/urest/v1/tenants/"` `--header ` `'Content-Type: application/json'` `--header ` `"X-Auth-Token:"` `(Token fetched in the previous step) ` + +## Steps to list all the tenants + +1. Get IDM Token for a user who as SUPER\_IDM\_PERMISSION + +`curl` +`-k -X POST` +`https:``//` `:` `/idm-service/v3``.0` `/tokens` +`-H ` `'content-type: application/json'` `-d ` `'{"passwordCredentials":{"username":"username","password":"password"},"tenantName":"idmOrgName"}'` + +`# idmOrgName should be same as the org specified in global.idm.tenant` +`#The user must have SUPER_IDM_PERMISSION` + +2\. Perform TMS API Call as per the spec using the IDM token extracted in step1. + +`curl -k -X GET ` `"https://:/itom-data-ingestion-tenant-mgmt/urest/v1/tenants"` `--header ` `'Content-Type: application/json'` `--header ` `"X-Auth-Token:"` `(Token fetched in the previous step) ` + +## Patch Tenant + +## Steps to decommission tenant + +Only Tenants in deactivated state can be decommissioned. + +Decommissioning an active tenant is a two step process. + +1. De-activate a tenant using PATCH API +2. Decommission the tenant using DELETE API + +### De-activate the tenant + +1. 1. Get IDM Token for a user who as SUPER\_IDM\_PERMISSION + `curl` + `-k -X POST` + `https:``//` `:` `/idm-service/v3``.0` `/tokens` + `-H ` `'content-type: application/json'` `-d ` `'{"passwordCredentials":{"username":"username","password":"password"},"tenantName":"idmOrgName"}'` + + `# idmOrgName should be same as the org specified in global.idm.tenant` + `#The user must have SUPER_IDM_PERMISSION` + b. Perform TMS API Call as per the spec using the IDM token extracted in step1. +2. `curl -k -X PATCH ` `"https://:/itom-data-ingestion-tenant-mgmt/urest/v1/tenants/"` `--header ` `'Content-Type: application/json-patch+json'` `--header ` `"X-Auth-Token:"` `(Token fetched ` `in` `the previous step) --data @tenant_patch_request_tenant1.json` + + `### Sample Json (tenant_patch_request_tenant1.json)` + + `[` + `{` + `"op"``: ``"replace"``,` + `"path"``: ``"state"``,` + `"value"``: ``"DE-ACTIVATED"` + `}` + `]` + + `### Sample Request to patch tenant_x` + `curl -k -X PATCH ` `"https://:/itom-data-ingestion-tenant-mgmt/urest/v1/tenants/tenant_x"` `--header ` `'Content-Type: application/json-patch+json'` `--header ` `"X-Auth-Token:"` `(Token fetched ` `in` `the previous step) --data @tenant_patch_request_tenant1.json` + + + `###### Sample Response ##############` + `{` + `"job_id"``: ``"44e3320b-7b8e-459e-a091-47b34a72f31e"``,` + `"operation"``: ``"DEPLOY"` + `}  ` + +### De-commission the tenant + +1. 1. Get IDM Token for a user who as SUPER\_IDM\_PERMISSION + `curl` + `-k -X POST` + `https:``//` `:` `/idm-service/v3``.0` `/tokens` + `-H ` `'content-type: application/json'` `-d ` `'{"passwordCredentials":{"username":"username","password":"password"},"tenantName":"idmOrgName"}'` + + `# idmOrgName should be same as the org specified in global.idm.tenant` + `#The user must have SUPER_IDM_PERMISSION` + b. Perform TMS API Call as per the spec using the IDM token extracted in step1. + `curl -k -X DELETE ` `"https://:/itom-data-ingestion-tenant-mgmt/urest/v1/tenants/"` `--header ` `'Content-Type: application/json'` `--header ` `"X-Auth-Token:"` `(Token fetched in the previous step) ` + + `### Sample call to delete a tenant with tenant id tenant_x` + + `curl -k -X DELETE ` `"https://:/itom-data-ingestion-tenant-mgmt/urest/v1/tenants/tenant_x"` `--header ` `'Content-Type: application/json'` `--header ` `"X-Auth-Token:"` `(Token fetched in the previous step)` + +## Steps to decommission tenant in PENDING-FOR-REMOVAL state + +### 1\. Delete pulsar tenant + +1. 1. Exec into pulsar bastion pod + +`kubectl -n  ` `exec` `-it itomdipulsar-bastion-0 -c pulsar sh` + +`##### Example:` +`kubectl -n coso  ` `exec` `-it itomdipulsar-bastion-0 -c pulsar sh` + +b. Delete the pulsar tenant + +`/pulsar/bin/pulsar-admin` `tenants delete ` + +`##### Example:` +`/pulsar/bin/pulsar-admin` `tenants delete tenant_x` + +### 2\. Delete the IDM Roles + +1. 1. Get IDM Token for a user who has permissions to delete roles +1. 1. 1. `curl` + `-k -X POST` + `https:``//` `:` `/idm-service/v3``.0` `/tokens` + `-H ` `'content-type: application/json'` `-d ` `'{"passwordCredentials":{"username":"username","password":"password"},"tenantName":"idmOrgName"}'` + + `# idmOrgName should be same as the org specified in global.idm.tenant` + `#The user must have SUPER_IDM_PERMISSION` + +b. Perform IDM delete role API Call to delete di\_data\_access, di\_ingestion, di\_admin using the IDM token extracted in step1. + +`curl -k -X DELETE https:``//sac-hvm03929.swinfra.net:19443/idm-service/api/scim/organizations//roles/di_data_access" --header 'Content-Type: application/json' --header "X-Auth-Token:"(Token fetched in the previous step) ` +`curl -k -X DELETE https:``//sac-hvm03929.swinfra.net:19443/idm-service/api/scim/organizations//roles/di_ingestion" --header 'Content-Type: application/json' --header "X-Auth-Token:"(Token fetched in the previous step)  ` +`curl -k -X DELETE https:``//sac-hvm03929.swinfra.net:19443/idm-service/api/scim/organizations//roles/di_admin" --header 'Content-Type: application/json' --header "X-Auth-Token:"(Token fetched in the previous step) ` + + + `### Sample call to delete a tenant with tenant id tenant_x  ` + +`curl -k -X DELETE https:``//sac-hvm03929.swinfra.net:19443/idm-service/api/scim/organizations/tenant_x/roles/di_data_access" --header 'Content-Type: application/json' --header "X-Auth-Token:"(Token fetched in the previous step) ` +`curl -k -X DELETE https:``//sac-hvm03929.swinfra.net:19443/idm-service/api/scim/organizations/tenant_x/roles/di_ingestion" --header 'Content-Type: application/json' --header "X-Auth-Token:"(Token fetched in the previous step)  ` +`curl -k -X DELETE https:``//sac-hvm03929.swinfra.net:19443/idm-service/api/scim/organizations/tenant_x/roles/di_admin" --header 'Content-Type: application/json' --header "X-Auth-Token:"(Token fetched in the previous step)` + +### 3\. Clean up Vertica + +#### 1\. Clean up resource pools + +a. Get the list of resource pools + +`select` `LISTAGG(user_name) as ` `users` `from itom_di_tenant_management_difarm_default.db_users where tenant_id=` `''``;` +`## Example:` +`select` `LISTAGG(user_name) as ` `users` `from itom_di_tenant_management_difarm_default.db_users where tenant_id=` `'tenant_x'``;` + +b. Delete the resource pools + +`drop resource pool ` + +`Example:` +`drop resource pool itom_di_other_tenant_x_deployment_1,itom_di_streaming_tenant_x_deployment_1;` + +#### 2\. Clean up tenant related information in TMS schema + +`delete from itom_di_tenant_management_difarm_default.db_users where tenant_id=` `''``;` +`delete from itom_di_tenant_management_difarm_default.resource_pools where tenant_id=` `''``;` +`delete from itom_di_tenant_management_difarm_default.tenant where tenant_id=` `''``;` +`delete from itom_di_tenant_management_difarm_default.tenant_job_messages where job_id ` `in` `(``select` `job_id from itom_di_tenant_management_difarm_default.tenant_jobs where tenant_id=` `''``);` +`delete from itom_di_tenant_management_difarm_default.tenant_jobs where tenant_id=` `''``;` + +`### Example` + +`delete from itom_di_tenant_management_difarm_default.db_users where tenant_id=` `'tenant_x'``;` +`delete from itom_di_tenant_management_difarm_default.resource_pools where tenant_id=` `'tenant_x'``;` +`delete from itom_di_tenant_management_difarm_default.tenant where tenant_id=` `'tenant_x'``;` +`delete from itom_di_tenant_management_difarm_default.tenant_job_messages where job_id ` `in` `(``select` `job_id from itom_di_tenant_management_difarm_default.tenant_jobs where tenant_id=` `'tenant_x'``);` +`delete from itom_di_tenant_management_difarm_default.tenant_jobs where tenant_id=` `'tenant_x'``;` + +#### 3\. Clean up the tenant specific users + +a. Extract the tenant specific users + +`select` `LISTAGG(user_name) as ` `users` `from itom_di_tenant_management_difarm_default.db_users where tenant_id=` `''``;` + +`##Example:` +`select` `LISTAGG(user_name) as ` `users` `from itom_di_tenant_management_difarm_default.db_users where tenant_id=` `'tenant_x'``;` + +b. Delete the tenant specific users + +`drop user cascade;` + +`## Example:` + +`drop user tenant_12_ro_user,tenant_12_rw_user cascade;` + +## Note + +1. The ODL pods will be up and running irrespective of existence of tenants in the deployment +2. Upgrade from non-MT to Phase-2 MT or existing MT to Phase-2 MT deployment will not be supported +3. If Configuration and Streaming is performed by a user who is part of superOrg, then `X-TenantID` header should be specified in the request whose value points to the tenant on which the operation needs to be performed. +4. Only ODL roles (di\_admin, di\_ingestion, di\_data\_access) will be created in IDM. The administrator needs to create users and associate appropriate roles for configuration and streaming. + +**Related pages** + +- Page: + [ESM Cloud Farm Version Tracking](/display/ICSD/ESM+Cloud+Farm+Version+Tracking) +- Page: + [How to get an Opentext Confluence account](/display/ICSD/How+to+get+an+Opentext+Confluence+account) +- Page: + [ITOM APM AppPluse Cloud Farm Information](/display/ICSD/ITOM+APM+AppPluse+Cloud+Farm+Information) +- Page: + [ITOM Cloud Service Ops Doc Management Process](/display/ICSD/ITOM+Cloud+Service+Ops+Doc+Management+Process) +- Page: + [ITOM ESM Cloud Service Catalog](/display/ICSD/ITOM+ESM+Cloud+Service+Catalog) +- Page: + [ITOM OpsB NOM Cloud Service Catalog](/display/ICSD/ITOM+OpsB+NOM+Cloud+Service+Catalog) +- Page: + [OpsB and NOM Cloud Deployments Version Tracking](/display/ICSD/OpsB+and+NOM+Cloud+Deployments+Version+Tracking) diff --git a/knowledgebase/csd-wiki/ICSD/OpenText-Mega-Audit_686073965.md b/knowledgebase/csd-wiki/ICSD/OpenText-Mega-Audit_686073965.md new file mode 100644 index 00000000..ab498c21 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/OpenText-Mega-Audit_686073965.md @@ -0,0 +1,31 @@ +# OpenText-Mega-Audit_686073965 +## Introduction + +## Evidence + +Onspring System: [https://opentext.onspring.com/](https://opentext.onspring.com/) + +[Onspring guidelines](https://intranet.opentext.com/intranet/llisapi.dll/fetch/2001/18828385/3077721/121520041/121520046/121529209/136932358/173183713/173183717/173183725/-/Onspring_Evidence_Owner_Quick_Reference_Guide.pdf?nodeid=188163094&vernum=-2) + +[Evidence Owner Onspring Essentials Training-20240105\_030235-Meeting Recording.mp4](https://opentextcorporation-my.sharepoint.com/:v:/g/personal/velascoj_opentext_com/Eccx-97iin1BjaVmXCTgMtYB9BaGhjlaBPw0qYmwB33P6A?e=0bpXiS) + +**Population** is the entire set of data from which a sample is selected or drawn from by auditors for their testing. A population typically covers a specified audit period e.g. July 1, 2023 ~ June 30, 2024. + +![](attachments/686073965/686073921.png) + +**One-Time**: A lastest copy of an evidene that is tested once to validate efficiency and effectiveness of related control (usually refers to a policy, procedure or system configuration) + +**Observation Walk-Through** Pertains to testing interviews/observations conducted during audit fieldwork. Note that this is seperate to the preliminary walkthroughs that happen before actual audit fieldwork. + +![](attachments/686073965/686073932.png) + +![](attachments/686073965/686073936.png) + +![](attachments/686073965/686073947.png) + +## Attachments: + +[image-2025-1-21\_14-15-23.png](attachments/686073965/686073921.png) (image/png) +[image-2025-1-21\_14-16-5.png](attachments/686073965/686073932.png) (image/png) +[image-2025-1-21\_14-16-48.png](attachments/686073965/686073936.png) (image/png) +[image-2025-1-21\_14-18-5.png](attachments/686073965/686073947.png) (image/png) diff --git a/knowledgebase/csd-wiki/ICSD/Operation-excellence-improvement_686083916.md b/knowledgebase/csd-wiki/ICSD/Operation-excellence-improvement_686083916.md new file mode 100644 index 00000000..be43a74c --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/Operation-excellence-improvement_686083916.md @@ -0,0 +1,27 @@ +# Operation-excellence-improvement_686083916 +## Introduction + +This page tracks all the scenarios requiring operation excellence improvement + +## Detailed scope + +1. Any critical issue can be tracked/reported + 1. OpsB or PCS +2. Any critical issue will have a auto collection + 1. Log + 2. Thread dump + 3. Worker sysctl log + 4. Flamegraph? +3. Any critical issue can be well-assigned + 1. TBD +4. Any critical issue can be auto analyzed + 1. TBD +5. Any critical issue can be auto mitigated + 1. Auto-healing expansion + 1. Optimization ⇒ Platform need to be restarted always + 2. XMPP + 3. Other candidates + 4. XIE? + 2. Scheduled scaling + 3. Auto tuning +6. Product readiness diff --git a/knowledgebase/csd-wiki/ICSD/Operational-Runbook_686073475.md b/knowledgebase/csd-wiki/ICSD/Operational-Runbook_686073475.md new file mode 100644 index 00000000..df0aadfa --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/Operational-Runbook_686073475.md @@ -0,0 +1,6 @@ +# Operational-Runbook_686073475 +Created by on Jan 20, 2025 EST + +- [List of Runbooks](List-of-Runbooks_700163214.html) +- [Standard Ops Runbook](Standard-Ops-Runbook_686073477.html) +- [Workaround Solutions](Workaround-Solutions_686074552.html) diff --git a/knowledgebase/csd-wiki/ICSD/Operations-Platform-24.4-deployment_693612997.md b/knowledgebase/csd-wiki/ICSD/Operations-Platform-24.4-deployment_693612997.md new file mode 100644 index 00000000..ae0baaaa --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/Operations-Platform-24.4-deployment_693612997.md @@ -0,0 +1,21 @@ +# Operations-Platform-24.4-deployment_693612997 +## Operation Platform deployment in an OMT installed ENV + +

No

Phase

Install Tasks

Doc Link

Install Duration

1

Get release package

Check ESM release package

5 mins

  • UIS CP content pack
    please download the content package from market place.

2

Installation Preparation

5 mins
  • For sizing concern please contact OP team
  • If you have OMT installed, then only OP images are required to be uploaded to ECR

Install OP

  • Check EKS resources
  • Install Vertica and RDS
  • Pre-requisites to deploy OP
  • Deploy OP application

Install Vertica -

Install RDS - 30 mins

Deploy OP - 1 hour

  • EKS related notes:
    If you are using SMAX nodes directly, you only need to scale up the worker nodes for OP deployment, which requires extra 7 worker nodes.
    If you want to use dedicated worker nodes for OP, please consult OP team.
  • OP Vertica is a dedicated for OP deployment, TLS has to be enabled
  • You don't need to follow the Enable TLS on PostgreSQL to create self-signed certificate for RDS. Use AWS provided certificate.
  • Pre-requisites of OP deployment
    Install AWS load balancer and configure service is NOT necessary if you already have ALB & external access for OMT

Post-Installation Tasks

  • Create listeners and target ports for application
  • NOTE: Please check the network configurations, if internet-facing NLB is required, please update the parameter of Scheme from " Internal" to "internet-facing"
  • Verify deployment
  • Workaround of ODL connection issue in 24.4
  • NOTE: OP WAF is not yet ready

Post tasks - Administrator

  • Create ODL/UIS tenants
  • Upload UIS Content Pack to the tenants

  • Validate the UIS content (Tenant)

  • Create ODL/UIS tenants: 10 mins per tenant

  • Upload UIS Content using op-tms-cli: 1 min per tenant

  • Validate the content (tenant data): 5 mins

Backup

DR solution

  • ESM cloud backup solution

3

Functional check

Sanity check

NOTE: Before integration OP and FinOps, you have to disable the collection in FinOps side.

4

Rollback

Uninstall

+ +**Related pages** + +- Page: + [ESM Cloud Farm Version Tracking](/display/ICSD/ESM+Cloud+Farm+Version+Tracking) +- Page: + [How to get an Opentext Confluence account](/display/ICSD/How+to+get+an+Opentext+Confluence+account) +- Page: + [ITOM APM AppPluse Cloud Farm Information](/display/ICSD/ITOM+APM+AppPluse+Cloud+Farm+Information) +- Page: + [ITOM Cloud Service Ops Doc Management Process](/display/ICSD/ITOM+Cloud+Service+Ops+Doc+Management+Process) +- Page: + [ITOM ESM Cloud Service Catalog](/display/ICSD/ITOM+ESM+Cloud+Service+Catalog) +- Page: + [ITOM OpsB NOM Cloud Service Catalog](/display/ICSD/ITOM+OpsB+NOM+Cloud+Service+Catalog) +- Page: + [OpsB and NOM Cloud Deployments Version Tracking](/display/ICSD/OpsB+and+NOM+Cloud+Deployments+Version+Tracking) diff --git a/knowledgebase/csd-wiki/ICSD/Operations-Platform-tenant-enablement_688996278.md b/knowledgebase/csd-wiki/ICSD/Operations-Platform-tenant-enablement_688996278.md new file mode 100644 index 00000000..68e57bc7 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/Operations-Platform-tenant-enablement_688996278.md @@ -0,0 +1,19 @@ +# Operations-Platform-tenant-enablement_688996278 +Created by, last modified by Wenjun Sun on May 20, 2025 EDT + +## Introduction + +This Wiki Page will consolidate all the docs which describe the Operations Platform installation and integration with other service like SMAX,UCMDB,AC. + +## Steps + +| No | Phase | Doc Link | Comment | +| --- | --- | --- | --- | +| 1 | Operations Platform Installation and initial configuration | [Operations Platform 24.4 deployment](https://confluence.opentext.com/display/ICSD/Operations+Platform+24.4+deployment) [Enable Optic Data Lake Preparation](Enable-Optic-Data-Lake-Preparation_688996348.html) [Configure UIS](Configure-UIS_688987644.html) | Refer to "How to enable Feature Toggle for UIS Caching" | +| 2 | Create OP tenant Upload UIS Report | [https://staging.docs.microfocus.com/doc/oppl/Main/generateinputfiles](https://staging.docs.microfocus.com/doc/oppl/Main/generateinputfiles) [https://staging.docs.microfocus.com/doc/oppl/Main/uploaduisreportstoatenant](https://staging.docs.microfocus.com/doc/oppl/Main/uploaduisreportstoatenant) | Please re-generate the op.crt according to the doc [OpenText Documentation Portal](https://staging.docs.microfocus.com/doc/402/main/managetenantusingclitool#Get_Operations_Platform_certificate_details) if you got the below error during the OP tenant creation: tls: failed to verify certificate: x509: certificate signed by unknown authority, context: IDM token, CLI ErrorCode: 22 | +| 3 | Create OP Parameters in Parameter store | [Operations Platform key/value in Parameter Store](688988228.html) | | +| 4 | Enable Optic Data Lake | [Enable Optic Data Lake](Enable-Optic-Data-Lake_688996343.html) | | +| 5 | Enable AC | [How to deploy and enable AC](https://confluence.opentext.com/display/ICSD/How+to+deploy+and+enable+AC) | | +| 6 | Enable OP IDM OIDC Client (SMAX as OIDC Provider) | [Centralized User Authentication with OIDC and IDM (SMAX AS OIDC PROVIDER)](686073659.html) | | +| 7 | UCMDB-ODL integration | [UCMDB-ODL integration](https://rndwiki.houston.softwaregrp.net/confluence/display/dca/UCMDB-ODL+integration) | [https://staging.docs.microfocus.com/doc/UCMDB\_SaaS/Main/ucmdbintegrateodl](https://staging.docs.microfocus.com/doc/UCMDB_SaaS/Main/ucmdbintegrateodl) | +| 8 | Deploy AC and SA Flex Reports into OP | [Deploy AC and SA Flex Reports into OP](https://rndwiki.houston.softwaregrp.net/confluence/display/dca/Deploy+AC+and+SA+Flex+Reports+into+OP) | | diff --git a/knowledgebase/csd-wiki/ICSD/OpsB-Deployment-Features_696546923.md b/knowledgebase/csd-wiki/ICSD/OpsB-Deployment-Features_696546923.md new file mode 100644 index 00000000..cb7b8ef7 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/OpsB-Deployment-Features_696546923.md @@ -0,0 +1,2 @@ +# OpsB-Deployment-Features_696546923 +Created by on Apr 09, 2025 EDT diff --git a/knowledgebase/csd-wiki/ICSD/OpsB-Service-Health-Page_686084003.md b/knowledgebase/csd-wiki/ICSD/OpsB-Service-Health-Page_686084003.md new file mode 100644 index 00000000..13af970c --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/OpsB-Service-Health-Page_686084003.md @@ -0,0 +1,35 @@ +# OpsB-Service-Health-Page_686084003 +Created by on Jan 23, 2025 EST + +Production Instances +[https://health.opsbridge.saas.microfocus.com/?instance=metrolinx](https://health.opsbridge.saas.microfocus.com/?instance=metrolinx) + +[https://health.opsbridge.saas.microfocus.com/?instance=metrolinx-dev](https://health.opsbridge.saas.microfocus.com/?instance=metrolinx-dev) + +[https://health.opsbridge.saas.microfocus.com/?instance=ctti](https://health.opsbridge.saas.microfocus.com/?instance=ctti) + +[https://health.opsbridge.saas.microfocus.com/?instance=ctti-pre](https://health.opsbridge.saas.microfocus.com/?instance=ctti-pre) + +[https://health.opsbridge.saas.microfocus.com/?instance=ot](https://health.opsbridge.saas.microfocus.com/?instance=ot) + +[https://health.opsbridge.saas.microfocus.com/?instance=ot-dev](https://health.opsbridge.saas.microfocus.com/?instance=ot-dev) + +[https://health.opsbridge.saas.microfocus.com/?instance=techmahindra](https://health.opsbridge.saas.microfocus.com/?instance=techmahindra) + +[https://health.opsbridge.saas.microfocus.com/?instance=techmahindra-dev](https://health.opsbridge.saas.microfocus.com/?instance=techmahindra-dev) + +Trial Instances + +[https://health.opsbridge.saas.microfocus.com/?instance=advantageinc](https://health.opsbridge.saas.microfocus.com/?instance=advantageinc) + +[https://health.opsbridge.saas.microfocus.com/?instance=pmdemo](https://health.opsbridge.saas.microfocus.com/?instance=pmdemo) + +Dev Instances + +[https://health.opsbridge.saas.microfocus.com/?instance=montest9](https://health.opsbridge.saas.microfocus.com/?instance=montest9) + +**Related pages** + +**Content by label** + +There is no content with the specified labels diff --git a/knowledgebase/csd-wiki/ICSD/OpsB-and-NOM-Cloud-Deployments-Version-Tracking_686069604.md b/knowledgebase/csd-wiki/ICSD/OpsB-and-NOM-Cloud-Deployments-Version-Tracking_686069604.md new file mode 100644 index 00000000..61a3e675 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/OpsB-and-NOM-Cloud-Deployments-Version-Tracking_686069604.md @@ -0,0 +1,93 @@ +# OpsB-and-NOM-Cloud-Deployments-Version-Tracking_686069604 +## Trial Account - itom-sa-ext-trial (493286294651) + +## Standalone - N/A + +## Farm (Shared OPTIC) + +### OpsBridge deployments + +
Farm NameProductCustomer(Org)URLRegionVersion DeployedAWS Resource VersionTypeContactSizeIntegrationsAdd-onDeployment Date
optic-demoOpsBpmdemopmdemo.opsbridge.saas.microfocus.comOregon

25.2

V-24.3.0-0

EKS-1.31

PREMIUM

Sandeep

Medium

OpsBadvantageincadvantageinc.opsbridge.saas.microfocus.com

25.2

PREMIUM

Sandeep

Medium

APPO

NOM/CNOcno-trialcno-trial.nom.saas.microfocus.com

25.2

Micro

odl-farm-oregon-5OpsBodl5t1 (used by BMS)

odl5t1.opsbridge.saas.microfocus.com

Oregon

25.1

EKS-1.31

PREMIUM

Small

AEC

08/01

OpsBodl5t2 (used by Johnson&Johnson)

odl5t2.opsbridge.saas.microfocus.com

25.1

PREMIUM

Small

AEC

15/01

OpsBodl5t3 (used by VIncIENERGIES)

odl5t3.opsbridge.saas.microfocus.com

25.1

APPO

Small

21/01

OpsBodl5t5 (used by World Vision)odl5t5.opsbridge.saas.microfocus.com

25.1

PREMIUM

Ioana/CosminSmall

SMAX

AEC

24/07

odl-farm-oregon-6OpsBodl6t1 (NCOMAIOPS2)odl6t1.opsbridge.saas.microfocus.comOregon

25.2

EKS-1.31

PREMIUM

Small

AEC

APPO

29/01

OpsB

odl6t2 (VIncIENERGIES )

odl6t2.opsbridge.saas.microfocus.com

25.1

PREMIUM

SYNTETIC M

Small25/03
NOModl6t3 (Madrid Digital)odl6t3.nom.saas.microfocus.com

25.1

REPORTING

Small28/04
OpsBodl6t4 (titoevry)odl6t4.opsbridge.saas.microfocus.com

25.2

PREMIUM

IoanaSmall

AEC

IHUB

03/07
OpsBodl6t5 (SERPROPOC)odl6t5.opsbridge.saas.microfocus.com

25.2

PREMIUM

IoanaSmall

SMAX

AEC

03/07
OpsBodl6t6 (Tata Consumer)odl6t6.opsbridge.saas.microfocus.com

25.2

APPO

IoanaSmall24/07
+ +## OpsBridge+NOM shared deployments + +
Customer(Org)URLRegionVersion DeployedAWS Resource VersionTypeContactSizeDeployment Date
bmsbms.opsbridge.saas.microfocus.comOregon

25.1

EKS-1.31

PREMIUM

Small

14/05

bms.nom.saas.microfocus.com

25.1

REPORTING

Small

bvobsbvobs.opsbridge.saas.microfocus.com

25.1

EKS-1.31

PREMIUM

Small

bvobs.nom.saas.microfocus.com

25.1

REPORTING

Small
+ +## Production Account - itom-sa-ext-prod (181608496217) + +## Standalone + +### OpsBridge deployments + +
Customer(Org)Instance TagURLRegionVersion DeployedAWS Resource VersionTypeContactSizeIntegrationHub
corp-itcorpit-prod-opsbcorp-it.opsbridge.saas.microfocus.comOregon

24.4 P1

EKS-1.31

V-12.0.4-11

RDS-15.12

PREMIUM

Prasad Mk

Large

NO

corp-it-qacorpit-qa-opsbcorp-it-qa.opsbridge.saas.microfocus.comOregon

24.4 P1

EKS-1.31

V-12.0.4-10

RDS-15.7

PREMIUM

Prasad Mk

Medium

NO

opsb4opsbopsb4opsb-prod-opsbopsb4opsb.opsbridge.saas.microfocus.comOregon

25.1

EKS-1.31

V-12.0.4-17

RDS-16.7

PREMIUM

PSDC/Prasad Mk

Medium

NO
techmahindratechmahindra-dev-opsbtechmahindra-dev.opsbridge.saas.microfocus.comFrankfurt

24.4 P1

EKS-1.31

V-24.3.0-0

RDS-16.9

PREMIUM

Prasad Mk

Small

YES
techmahindra-prod-opsbtechmahindra.opsbridge.saas.microfocus.comFrankfurt

24.4 P1

EKS-1.31

V-24.3.0-0

RDS-16.9

PREMIUM

Prasad Mk

Medium

YES
metrolinxmetrolinx-dev-opsbmetrolinx-dev.opsbridge.saas.microfocus.comCanada

24.4 P1

EKS-1.31

V-24.3.0-0

RDS-16.9

PREMIUM

Javier Mora

Medium

YES
metrolinx-prod-opsbmetrolinx.opsbridge.saas.microfocus.comCanada

24.4 P1

EKS-1.31

V-24.3.0-0

RDS-16.9

PREMIUM

Javier Mora

Medium

YES

iconmon

(TCS)

tcs-prod-opsbiconmon.opsbridge.saas.microfocus.comLondon

24.4 P1

EKS-1.31

V-12.0.4-11

RDS-15.12

PREMIUM

Sandeep Swain

Large

YES
tcs-dev-opsbiconmon-dev.opsbridge.saas.microfocus.com

24.4 P1

EKS-1.31

V-24.3.0-0

RDS-15.12

PREMIUM

Sandeep Swain

Small

YES
+ +### NOM deployments + +
Customer(Org)Instance TagURLRegionVersion DeployedEKS VersionContactSize
nasdaqnasdaqus2-prod-nomnasdaq-us2.nom.saas.microfocus.comOregon

24.4

EKS-1.31

V-23.4.0-0

RDS-15.9

Girish J Babu

Small

nasdaqeu-prod-nomnasdaq-eu.nom.saas.microfocus.comFrankfurt

24.4

EKS-1.31

V-23.4.0-0

RDS-15.9

Girish J Babu

Small

nasdaqus2-dev-nomnasdaq-dev-us2.nom.saas.microfocus.comOregon

24.4

EKS-1.31

V-23.4.0-0

RDS-15.12

Girish J Babu

Small

+ +## Farm (Shared OPTIC) + +### OpsBridge deployments + +
Farm NameCustomer(Org)Instance TagURLRegionVersion DeployedAWS Resource VersionTypeContactSizeIntegrationHub
odl-farm-fra-3skyitaliaskyitalia-dev-opsbskyitalia-dev.opsbridge.saas.microfocus.comFrankfurt

24.4

EKS-1.31

V-12.0.4-11

RDS-16.9

REPORTING

Small
skyitalia-prod-opsbskyitalia.opsbridge.saas.microfocus.com

24.4

REPORTING

Small
odl-farm-fra-5monticgencatmonticgencat-pre-opsbmonticgencat-pre.opsbridge.saas.microfocus.comFrankfurt

24.4.P1

EKS-1.31

V-12.0.4-11

RDS-15.12

PREMIUM

Small
monticgencat-prod-opsbmonticgencat.opsbridge.saas.microfocus.com

24.4 P1

PREMIUM

Small
odl-farm-ore-2infonavitinfonavit-prod-opsbhttps://infonavit.opsbridge.saas.microfocus.com?tenant=infonavitOregon

24.4

EKS-1.31

V-12.0.4-11

RDS-15.12

APPO

Small
infonavit-col-opsbhttps://infonavit-col.opsbridge.saas.microfocus.com
odl-farm-can-1telushealthtelushealth-prod-opsbtelushealth.opsbridge.saas.microfocus.comCanada

24.4

EKS-1.31

V-24.3.0-0

RDS-16.9

INFRAO

Small
+ +### NOM deployments + +
Farm NameCustomer(Org)Instance TagURLRegionVersion DeployedAWS Resource VersionContactSize
odl-farm-oregon-01hartfordhartford-dev-nomhartford-dev.nom.saas.microfocus.comOregon

24.4

EKS-1.31

V-12.0.4-11

RDS-15.9

Girish J Babu

Nano

hartford-prod-nomhartford.nom.saas.microfocus.com

24.4

Girish J Babu

Small

experianexperian-dev-nomexperian-dev.nom.saas.microfocus.com

24.4

Girish J Babu

Small

experian-prod-nomexperian.nom.saas.microfocus.com

24.4

Girish J Babu

Medium

mitremitre-prod-nommitre.nom.saas.microfocus.com

24.4

Girish J Babu

Small

mitre-dev-nommitre-dev.nom.saas.microfocus.com

24.4

Girish J Babu

Small

odl-farm-fra-4sandozsandoz-dev-nomsandoz-dev.nom.saas.microfocus.comFrankfurt

EKS-1.31

V-12.0.4-11

RDS-15.12

Girish J Babu

Nano

sandoz-prod-nomsandoz.nom.saas.microfocus.comGirish J Babu

Small

taisataisa-dev-nomtaisa-dev.nom.saas.microfocus.comGirish J Babu

Nano

taisa-prod-nomtaisa.nom.saas.microfocus.comGirish J Babu

Nano

+ +## OpsBridge+NOM shared deployments + +
Customer(Org)Instance TagURLRegionVersion DeployedAWS Resource VersionTypeContactSize
opentextot-dev-opsbot-dev.opsbridge.saas.microfocus.comOregon

25.1

EKS-1.31

V-24.3.0-0

RDS-15.7

PREMIUM

Javier Mora

Small

ot-dev-nomot-dev.nom.saas.microfocus.com

24.4

REPORTING

Girish J Babu

Nano

opentextot-prod-opsbot.opsbridge.saas.microfocus.com

25.1

EKS-1.31

V-12.0.4-17

RDS-15.12

PREMIUM

Javier Mora

Medium

ot-prod-nomot.nom.saas.microfocus.com

25.1

REPORTING

Girish J Babu

Small

indraindra-dev-opsbindra-dev.opsbridge.saas.microfocus.comFrankfurt

24.4 P1

EKS-1.31

V-12.0.4-11

RDS-15.10

PREMIUM

Small

indra-dev-nomindra-dev.nom.saas.microfocus.com

REPORTING

Nano

indraindra-prod-opsbindra.opsbridge.saas.microfocus.com

24.4 P1

EKS-1.31

V-12.0.4

RDS-15.12

PREMIUM

Small

indra-prod-nomindra.nom.saas.microfocus.com

REPORTING

Medium

dtcc

dtcc-dev-opsb

dtcc-dev-nom

dtcc-dev.opsbridge.saas.microfocus.com

dtcc-dev.nom.saas.microfocus.com

Oregon

24.4 P1

24.3

EKS-1.31

V-12.0.4-11

RDS-15.12

REPORTING

Small

dtcc

dtcc-prod-opsb

dtcc-prod-nom

dtcc.opsbridge.saas.microfocus.com

dtcc.nom.saas.microfocus.com

24.4 P1

24.3

EKS-1.31

V-12.0.4-11

RDS-16.6

REPORTING

Medium

ferrero

ferrero-dev-opsb

ferrero-dev.opsbridge.saas.microfocus.com

Frankfurt

25.1

EKS-1.31
V-24.3.0-0

RDS-16.9

REPORTING

Small

ferrero-dev-nom

ferrero-dev.nom.saas.microfocus.com

25.1

REPORTING

Small

ferrero-prod-opsb

ferrero.opsbridge.saas.microfocus.com

25.1

EKS-1.31

V-24.3.0-0

RDS-16.9

REPORTING

Small

ferrero-prod-nom

ferrero.nom.saas.microfocus.com

25.1

REPORTING

Small

+ +## Farm (OP) + +### OpsBridge deployments + +
Farm NameCustomer(Org)Instance TagURLRegionVersion DeployedAWS Resource VersionTypeContactSizeIntegrationHub

afs121

MultichoiceMultichoice-Dev-opsbhttps://multichoicedev.opsbridge.saas.microfocus.com/South Africa

25.3

EKS-1.31

V-24.3.0-0

RDS-16.8

PREMIUM

MediumYES
Multichoice-Prod-opsbhttps://multichoice.opsbridge.saas.microfocus.com/

25.3

PREMIUM

MediumYES
+ +## Staging Account - itom-sa-ext-stg (014842986998) + +## Standalone + +### OpsBridge deployments + +| Customer(Org) | Instance Tag | URL | Region | Version Deployed | AWS Resource Version | Type | Contact | Size | IntegrationHub | +| --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | +| opsb4opsb-staging | opsb4opsb-stg-opsb | [opsb4opsb-staging.opsbridge-test.saas.microfocus.com](http://opsb4opsb-staging.opsbridge-test.saas.microfocus.com/) | Oregon | 25.1 | EKS-1.31 | PREMIUM | Prasad Mk | Small | NO | +| opentext | saasops-stg-opsb | [saasopsstg.opsbridge-test.saas.microfocus.com](http://saasopsstg.opsbridge-test.saas.microfocus.com/) | Oregon | 25.2 | EKS-1.31 | PREMIUM | Sandeep Swain | Small | YES | + +## Farm deployments (Shared OPTIC) + +### OpsBridge deployments + +
Farm NameCustomer(Org)URLRegionVersion DeployedEKS VersionTypeContactSizeIntegrationHub
+ +## Dev Account - itom-sa-int-lab (789610210433) + +## Standalone + +### OpsBridge deployments + +| Customer(Org) | Instance Tag | URL | Region | Version Deployed | AWS Resource Version | Type | Contact | Size | Add-on | IntegrationHub | +| --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | +| montest | montest-dev-opsb | [montest.opsbridge-test.saas.microfocus.com](http://montest9.opsbridge-test.saas.microfocus.com/) | Oregon | 25.1 | EKS-1.31 | PREMIUM | Carol Park | Small | | NO | + +## Farm (Shared OPTIC) + +### OpsBridge deployments + +
Farm NameCustomer(Org)URLRegionVersion DeployedEKS VersionTypeContactSizeAdd-onIntegrationHub
+ +## OT Private Cloud Account - aws\_opsbridge\_dryrun (702295241410) + +## Standalone + +### OpsBridge deployments + +| Customer(Org) | URL | Region | Version Deployed | EKS Version | Type | Contact | Size | IntegrationHub | +| --- | --- | --- | --- | --- | --- | --- | --- | --- | +| opentext | opsb-dryrun.opentext.cloud | Oregon | 24.1 | | PREMIUM | Martin Bosler | Small | YES | + +## Attachments: + +[image-2025-2-25\_8-40-52.png](attachments/686069604/691150736.png) (image/png) diff --git a/knowledgebase/csd-wiki/ICSD/Optimize-the-IDOL-archive-queue-for-EU8_686074695.md b/knowledgebase/csd-wiki/ICSD/Optimize-the-IDOL-archive-queue-for-EU8_686074695.md new file mode 100644 index 00000000..28ac555a --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/Optimize-the-IDOL-archive-queue-for-EU8_686074695.md @@ -0,0 +1,141 @@ +# Optimize-the-IDOL-archive-queue-for-EU8_686074695 +## Introduction + +The IDOL archive queue on EU8 experiences a significant backlog. To address this issue, use a script that identifies the presently executing index job as the starting point and the latest index job at that moment as the end point for the IDOL content server. Then, cancel all index jobs within this range for the **Device** record type across all tenants. + +Because this script selectively deletes specific device types, it can only differentiate index record types one by one, and then decide whether to perform the deletion operation. While each deletion request executes swiftly, the queue's index has surged to 770,000 as of Nov 10, 2023, implying that the overall execution might be time-consuming. Please plan the execution time accordingly. + +## Required steps + +1\. Log in to the bastion node. + +2\. Run the following command for the **smarta-sawarc-con-0** pod: + +``` +kubectl exec -it smarta-sawarc-con-0 -n -c smarta-sawarc-con bash +``` + +3\. Under the **/var/data** folder, create a file named **delete\_device\_index\_job.sh** with the following content and assign it the execution permission. + +``` +#!/bin/bash + +suite_admin_user="" +suite_admin_password="" + +suite_admin_token="" +get_token_time="" +device_index_num=0 +device_entity_num=0 +total_index_num=0 +total_entity_num=0 + +hostname=$(hostname) + +function delete_device() { + start_index_job=$(tail -n 200 /opt/content/logs/index.log | grep "Done Indexing IndexID" | cut -d "=" -f 2 | tail -n 1) + end_index_job=$(get_end_index_job) + echo "start_index_job: $start_index_job" + echo "end_index_job: $end_index_job" + for (( index_job_num = $start_index_job; index_job_num <= $end_index_job; index_job_num ++ )) + do + current_date_sec=$(date +%s) + sec=\`expr $current_date_sec - $get_token_time\` + if [ $sec -gt 120 ] + then + refresh_suite_admin_token + fi + if [ -e "status/${index_job_num}.data" ] + then + device_num=$(cat status/${index_job_num}.data | grep "ESS-DOCUMENT-TYPE=" | grep 'ESS-DOCUMENT-TYPE="Device"' | wc -l) + total_num=$(cat status/${index_job_num}.data | grep "ESS-DOCUMENT-TYPE=" | wc -l) + + device_entity_num=\`expr $device_entity_num + $device_num\` + + total_entity_num=\`expr $total_entity_num + $total_num\` + + total_index_num=\`expr $total_index_num + 1\` + if [ $device_num -gt 0 -a $device_num -eq $total_num ] + then + device_index_num=\`expr $device_index_num + 1\` + cancel_index_in_content $index_job_num $device_num + device_index_percentage=$(printf "%d%%" $(($device_index_num*100/$total_index_num))) + device_entity_percentage=$(printf "%d%%" $(($device_entity_num*100/$total_entity_num))) + + echo "index jobs -- device/total: $device_index_num:$total_index_num = $device_index_percentage" + echo "entity counts -- device/total: $device_entity_num:$total_entity_num = $device_entity_percentage" + echo "" + fi + + + fi + echo "${index_job_num}" > /tmp/last_canceled_index_job_num.txt + done +} + +# base64url encode +function base64url_encode { + (if [ -z "$1" ]; then cat -; else echo -n "$1"; fi) | + openssl base64 -e -A | + sed s/\\+/-/g | + sed s/\\//_/g | + sed -E s/=+$// +} + +# base64url decode +function base64url_decode { + INPUT=$(if [ -z "$1" ]; then echo -n $(cat -); else echo -n "$1"; fi) + MOD=$(($(echo -n "$INPUT" | wc -c) % 4)) + PADDING=$(if [ $MOD -eq 2 ]; then echo -n '=='; elif [ $MOD -eq 3 ]; then echo -n '=' ; fi) + echo -n "$INPUT$PADDING" | + sed s/-/+/g | + sed s/_/\\//g | + openssl base64 -d -A +} + +function cancel_index_in_content() { + cancel_cmd="https://${hostname}:1443/action=indexerGetStatus&ResponseFormat=simplejson&IndexAction=Cancel&index=$1" + base64_command=$(base64url_encode ${cancel_cmd}) + response=$(curl -kSs "https://smarta-installer-svc:8443/itom-sma-smarta-mgmt/urest/v1.1/runIDOLCmd" \ + --header 'Content-Type: application/x-www-form-urlencoded' \ + --header "Cookie: BO_AUTH_TOKEN=${suite_admin_token}" \ + --data-raw "cmdurl=${base64_command}") + response_status=$(echo $response | jq -r .idolresult.response | jq .autnresponse.responsedata.item[].description) + + echo "Try to cancel index job id: $1, contains Device entity change count: $2, status: ${response_status}" +} +function get_end_index_job() { + end_index_cmd="https://${hostname}:1443/action=indexerGetStatus&MaxResults=1&ResponseFormat=simplejson" + base64_command=$(base64url_encode ${end_index_cmd}) + response=$(curl -kSs "https://smarta-installer-svc:8443/itom-sma-smarta-mgmt/urest/v1.1/runIDOLCmd" \ + --header 'Content-Type: application/x-www-form-urlencoded' \ + --header "Cookie: BO_AUTH_TOKEN=${suite_admin_token}" \ + --data-raw "cmdurl=${base64_command}") + end_index=$(echo $response | jq -r .idolresult.response | jq -r .autnresponse.responsedata.item[].id) + + echo $end_index +} + +function refresh_suite_admin_token() { + suite_admin_token=$(curl -kSs -X POST "https://itom-bo-login-svc:8443/bo/rest/auth/token" \ +--header 'Content-Type: application/json' \ +--data-raw "{ + \"username\": \"${suite_admin_user}\", + \"password\": \"${suite_admin_password}\" +}") + get_token_time=$(date +%s) + echo "refresh_suite_admin_token" +} + +refresh_suite_admin_token +delete_device +``` + +where: + +- - userName: suite admin user name. + - password: password of your suite admin. + +4\. Run this script: **./delete\_device\_index\_job.sh** + +5\. Repeat steps 2 through 5 for the **smarta-sawarc-con-a-0** pod. diff --git a/knowledgebase/csd-wiki/ICSD/Override-UCMDB-max-probe-number-for-a-specific-customer-on-SaaS_686074263.md b/knowledgebase/csd-wiki/ICSD/Override-UCMDB-max-probe-number-for-a-specific-customer-on-SaaS_686074263.md new file mode 100644 index 00000000..386a2152 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/Override-UCMDB-max-probe-number-for-a-specific-customer-on-SaaS_686074263.md @@ -0,0 +1,16 @@ +# Override-UCMDB-max-probe-number-for-a-specific-customer-on-SaaS_686074263 +## Introduction + +The number of probes assigned to a CMS SaaS customer is subject to the license the customer has. But some customers might require more probes than what they're entitled to by their licenses, especially when their network is divided into different parts. + +In this case, you can reset the number of probes for a specific SaaS customer by invoking the JMX method **setSettingValue** with the new parameter **limit.overridden.probe.number.of.customer**. + +![](https://staging.docs.microfocus.com/mediawiki/images/5/54/cmsJMXLimitProbeNumber.PNG) + +**Notes:** + +- This setting takes effect immediately, no reboot required. +- It has higher priority over the value calculated by license if its value is greater than 0. +- It can be verified from customer's CMS UI. +- This setting is controlled by the SaaS Ops team, and the setting value can be greater than or less than the value calculated by license. +- Validation is in place. If the total count of probes of all customers is greater than the farm capacity, it returns error. diff --git a/knowledgebase/csd-wiki/ICSD/Patch-Cloud-Deployment-Process_686087749.md b/knowledgebase/csd-wiki/ICSD/Patch-Cloud-Deployment-Process_686087749.md new file mode 100644 index 00000000..6edc0e94 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/Patch-Cloud-Deployment-Process_686087749.md @@ -0,0 +1,48 @@ +# Patch-Cloud-Deployment-Process_686087749 +## Introduction + +This document describes the coordination and interaction between RnD and the Cloud team in Patch from kick off to release to final deployment to the Cloud environment. + +## Role + +| Role | Label | +| --- | --- | +| RnD CPE PMO | RND PMO | +| Cloud Service PMO | CLOUD PMO | +| RnD Engineer | RND | +| IE Engineer | IE | +| Cloud DevOps Engineer | CLOUD OPS | + +## 1.Patch Kick-off + +- When Patch kick off, inform Cloud DevOps team about the upcoming patch plan, scope and release timeline RND PMO + +## 2.Patch Cloud Deployment Plan + +- Initiate Cloud team internal meeting to discuss patch deployment timeline and maintenance window to deploy patch to Cloud environment CLOUD PMO +- Notify customer about planned maintenance window (2 weeks before the planned maintenance window) CLOUD PMO +- Create a patch Cloud deployment project plan and distribute to all stakeholders CLOUD PMO + +## 3.Patch Release + +- Notify Cloud team once the patch is official released, include detail patch release information RND PMO +- Patch document published on customer facing SaaS doc portal IE +- Patch DevOps document (install, rollback, additional steps) published on Ops doc space for further review IE + +## 4.Patch Cloud Deployment Review + +- Initiate a meeting to review patch releas packages, patch documentation, and final confirm the maintance window timeline RND PMO + - RnD PMO to involve both RND and IE if there are some specific steps in the patch which need to be further clarified with Cloud team RND PMO + - This meeting should be scheduled one day before the patch code freeze, to ensure all relevant patch intallation, additional steps are aligned with Cloud team RND PMO +- Prepare notification to customer about patch deployment maintenance window CLOUD PMO +- Cloud DevOps team to start validate patch deployment on non-production environment CLOUD OPS +- Once non-prod validated, get management's approval to move patch release to customer production environment CLOUD PMO +- Open Cloud Change Request in Change Management System and Prepare for CAB review CLOUD OPS + +## 5.Patch Cloud Deployment + +- Open the Ops change and join CAB review for upcoming patch upgrade CLOUD OPS +- Follow pre-defined maintenance window to deploy latest patch to customer production environment CLOUD OPS +- Notify customer the patch deployment is completed CLOUD OPS + +![](attachments/686087749/686088532.png) diff --git a/knowledgebase/csd-wiki/ICSD/Post-upgrade-task-for-UCMDB-24.3.2-for-US7-Salesforce-sandbox-tenant_688996352.md b/knowledgebase/csd-wiki/ICSD/Post-upgrade-task-for-UCMDB-24.3.2-for-US7-Salesforce-sandbox-tenant_688996352.md new file mode 100644 index 00000000..c34201fc --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/Post-upgrade-task-for-UCMDB-24.3.2-for-US7-Salesforce-sandbox-tenant_688996352.md @@ -0,0 +1,61 @@ +# Post-upgrade-task-for-UCMDB-24.3.2-for-US7-Salesforce-sandbox-tenant_688996352 +In UCMDB 24.3.2, Salesforce request UCMDB to deliver the OData feature ealier so Salesforce can adopt it and start developing in their side. The OData feature is disabled by default in UCMDB 24.3.2, after SaaS Ops adopt 24.3.2 in US7, need to follow below post upgrade task to enable this feature for Salesforce sandbox tenant. + +**Note:** For SaaS US7 Salesforce sandbox tenant only!!! + +1\. Login to JMX console of customer 1: https:///jmx-console + +2\. search for method: **addResource,** input2 parameters and click invoke: + +- **customerID:** **188739239** **(**US7 Salesforce sandbox tenant**)** +- **resourceType: Settings\_ODATA\_CONFIG** **![](attachments/688996352/688996350.png)** + +3\. In the popup page, copy paste below strings: + +**** + +**** + +**** + +**** + +**** + +**** + +**** + +**** + +**** + +**** + +Looks like this screenshot, save it: + +![](attachments/688996352/688996351.png) + +4\. Validate: login IdM of US7 Salesforce sandbox tenant with a cms admin user to get IDM API token: **https:///idm-admin?tenant=****, then navigate to** https:///ucmdb-server/rest-api/ **188739239** /odata/, input the cms admin user name and IdM API token, then you can see the result. + +**Related pages** + +- Page: + [ESM Cloud Farm Version Tracking](/display/ICSD/ESM+Cloud+Farm+Version+Tracking) +- Page: + [How to get an Opentext Confluence account](/display/ICSD/How+to+get+an+Opentext+Confluence+account) +- Page: + [ITOM APM AppPluse Cloud Farm Information](/display/ICSD/ITOM+APM+AppPluse+Cloud+Farm+Information) +- Page: + [ITOM Cloud Service Ops Doc Management Process](/display/ICSD/ITOM+Cloud+Service+Ops+Doc+Management+Process) +- Page: + [ITOM ESM Cloud Service Catalog](/display/ICSD/ITOM+ESM+Cloud+Service+Catalog) +- Page: + [ITOM OpsB NOM Cloud Service Catalog](/display/ICSD/ITOM+OpsB+NOM+Cloud+Service+Catalog) +- Page: + [OpsB and NOM Cloud Deployments Version Tracking](/display/ICSD/OpsB+and+NOM+Cloud+Deployments+Version+Tracking) + +## Attachments: + +[image-2025-2-8\_15-11-33.png](attachments/688996352/688996350.png) (image/png) +[image-2025-2-8\_15-11-58.png](attachments/688996352/688996351.png) (image/png) diff --git a/knowledgebase/csd-wiki/ICSD/Pre-upgrade-task-of-AC-when-upgrade-from-24.2-to-24.3_688996364.md b/knowledgebase/csd-wiki/ICSD/Pre-upgrade-task-of-AC-when-upgrade-from-24.2-to-24.3_688996364.md new file mode 100644 index 00000000..133d4365 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/Pre-upgrade-task-of-AC-when-upgrade-from-24.2-to-24.3_688996364.md @@ -0,0 +1,129 @@ +# Pre-upgrade-task-of-AC-when-upgrade-from-24.2-to-24.3_688996364 +**Introduction:** + +The exeuction of sql scripts is required when AC is enbaled for a Tenant on the ESM tenant in ESM 24.2 release, before upgrade of ESM chart to 24.3 + +It updates the existing 'Owner' of schema tables created in 24.2 to the tenant schema owner. + +## 1\. Pre-condition: + +Download the below DB scripts onto the Bastion Node. + +[https://github.houston.softwaregrp.net/oo-rnd/itom-saas-tools/blob/master/configure-ac-tenant/ds\_change\_table\_ownership.sql](https://github.houston.softwaregrp.net/oo-rnd/itom-saas-tools/blob/master/configure-ac-tenant/ds_change_table_ownership.sql) + +[https://github.houston.softwaregrp.net/oo-rnd/itom-saas-tools/blob/master/configure-ac-tenant/vps\_change\_table\_ownership.sql](https://github.houston.softwaregrp.net/oo-rnd/itom-saas-tools/blob/master/configure-ac-tenant/vps_change_table_ownership.sql) + +## 2\. Run the sql scripts: + +We need to connect to a bastion node having access to the RDS of SMAX setup. + +### 2.1. Data Sync service: + +1\. Check the Tenant schema details before running the sql sciprts: + +**1.** Connect to the acdatasyncdb. + +**`2.Check the schema details`** + +**`acdatasyncdb=# \dn`** + +**![](attachments/688996364/688996357.png)** + +3\. Pre-SQL scripts execution validation (check the 'Owner' of the schema table) + +  **`  acdatasyncdb=# \dt syncservice_.*`** + +**![](attachments/688996364/688996358.png)** + +2\. Run the Sql script from the Bastion host. + +Usage: Script iterates over the schemas of the DataSync DB named LIKE 'syncservice\_%', get the schema owner and set it as owner of the tables. + +To get password of user acdatasyncdbuser: +→ Get the secret key for db password +kubectl get cm itom-ac-database-configmap -n -o yaml + +The result is like: +**DB\_PASSWORD\_KEY**: itom\_itsma\_db\_password\_secret\_key +You may find the DB\_PASSWORD\_KEY value from the itom-ac-database-configmap + +→ Get the acdatasyncdbuser db password. +kubectl get pod -n | grep "itom-ac-data-sync" | head -1 | awk '{print $1}' +kubectl exec -n -c itom-ac-data-sync -- get\_secret + +For example: +kubectl exec $(kubectl get pod -n itsma-eks | grep "itom-ac-data-sync" | head -1 | awk '{print $1}') -n itsma-eks -c itom-ac-data-sync -- get\_secret itom\_itsma\_db\_password\_secret\_key + +Command: PGPASSWORD='' psql -h [<](http://ac-regression-01-postgres.cluster-cqfvpwi0zslp.us-west-2.rds.amazonaws.com/) postgres\_hostname> -p 5432 -d acdatasyncdb -U acdatasyncdbuser -a -f **ds\_change\_table\_ownership.sql** + +**\*** PGPASSWORD - acdatasyncdbuser database user password + +3\. Post SQL scripts execution validation (Here 'Owner' of the tables is changed post the sql script execution): + +**`acdatasyncdb=# \dt syncservice_.*`** + +![](attachments/688996364/688996359.png) + +### 2.2. Vulnerability & Patching service: + +1\. Check the Tenant schema details before running the sql sciprts: + +1\. Connect to the acpatchdb + +**`2. Check the schema details`** + +**`acpatchdb=# \dn`** + +![](attachments/688996364/688996360.png) + +3\. Pre-SQL script execution validation: (check 'Owner' of the schema tables) + +   **`   acpatchdb=# \dt vps_schema_.*`** + +![](attachments/688996364/688996361.png) + +2\. Run the Sql script from the Bastion host. + +Uasage: Script iterates over the schemas of the VPS DB named LIKE 'vps\_schema\_%', get the schema owner and sets it as owner of the tables. + +To get password of user acpatchdbuser: +→ Get the secret key for db password +kubectl get cm itom-ac-database-configmap -n -o yaml + +The result is like: +**DB\_PASSWORD\_KEY**: itom\_itsma\_db\_password\_secret\_key +You may find the DB\_PASSWORD\_KEY value from the itom-ac-database-configmap + +→ Get the acpatchdbuser db password. +kubectl get pod -n | grep "itom-ac-data-sync" | head -1 | awk '{print $1}' +kubectl exec -n -c itom-ac-data-sync -- get\_secret + +For example: +kubectl exec $(kubectl get pod -n itsma-eks | grep "itom-ac-data-sync" | head -1 | awk '{print $1}') -n itsma-eks -c itom-ac-data-sync -- get\_secret itom\_itsma\_db\_password\_secret\_key + +Command: PGPASSWORD='' psql -h -p 5432 -d acpatchdb -U acpatchdbuser -a -f **vps\_change\_table\_ownership.sql** + +\* PGPASSWORD - acpatchdbuser database user password + +3\. Post SQL scripts execution (Here 'Owner' of the table is changed post the sql script execution): + + **` acpatchdb=# \dt vps_schema_.*`** + +![](attachments/688996364/688996362.png) + +**Related pages** + +- Page: + [ESM Cloud Farm Version Tracking](/display/ICSD/ESM+Cloud+Farm+Version+Tracking) +- Page: + [How to get an Opentext Confluence account](/display/ICSD/How+to+get+an+Opentext+Confluence+account) +- Page: + [ITOM APM AppPluse Cloud Farm Information](/display/ICSD/ITOM+APM+AppPluse+Cloud+Farm+Information) +- Page: + [ITOM Cloud Service Ops Doc Management Process](/display/ICSD/ITOM+Cloud+Service+Ops+Doc+Management+Process) +- Page: + [ITOM ESM Cloud Service Catalog](/display/ICSD/ITOM+ESM+Cloud+Service+Catalog) +- Page: + [ITOM OpsB NOM Cloud Service Catalog](/display/ICSD/ITOM+OpsB+NOM+Cloud+Service+Catalog) +- Page: + [OpsB and NOM Cloud Deployments Version Tracking](/display/ICSD/OpsB+and+NOM+Cloud+Deployments+Version+Tracking) diff --git a/knowledgebase/csd-wiki/ICSD/Prepare-Document_688996354.md b/knowledgebase/csd-wiki/ICSD/Prepare-Document_688996354.md new file mode 100644 index 00000000..a665317b --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/Prepare-Document_688996354.md @@ -0,0 +1,42 @@ +# Prepare-Document_688996354 +## Customer Service Offerings + +- ~~Create Integration Users (Business Service) [Sunny Xia](https://rndwiki.houston.softwaregrp.net/confluence/display/~sunny.xia@microfocus.com)~~ +- ~~Configure SAML authentication (Business Service)~~ +- ~~Configure custom domain (NLZ) (Business Service) [Ting Ye](https://rndwiki.houston.softwaregrp.net/confluence/display/~ting.ye@microfocus.com) [Scott Deyarmond](https://rndwiki.houston.softwaregrp.net/confluence/display/~scott.deyarmond@microfocus.com)~~ +- Renew License - SMAX, CMS, OO (Paid Customer License & Internal production license) (Business Service) [Yun Zhao](https://rndwiki.houston.softwaregrp.net/confluence/display/~yun.zhao@microfocus.com) +- Modify attachments file extensions (Business Service) +- Add attachments file size (Business Service) +- ~~Configure custom mail sender, dedicated AWS SES users (Business Service) [Ting Ye](https://rndwiki.houston.softwaregrp.net/confluence/display/~ting.ye@microfocus.com)~~ +- Enable ESM Capabilities - Native SACM, SAM, OO, HCMX/FinOps, Aviator, Audit (Business Services) [Huanhuan 'Alisa' Guan](https://rndwiki.houston.softwaregrp.net/confluence/display/~huan-huan.guan@microfocus.com) +- ~~Customize Login Screen (Business Service)~~ +- ~~Custom domain certificate renewal (Business Service)~~ +- ~~Request Power BI gateway (on Windows Server) per customer request (Business Service) [Yun Zhao](https://rndwiki.houston.softwaregrp.net/confluence/display/~yun.zhao@microfocus.com)~~ +- Maintain customized language package (Business Service) +- Request new ESM tenant (Business Service) +- Decommission tenant (Business Service) +- Reactivate Trial/PoC Tenant [Huanhuan 'Alisa' Guan](https://rndwiki.houston.softwaregrp.net/confluence/display/~huan-huan.guan@microfocus.com) + +## Upgrade/Patch/Hotfix + +- ~~ESM SaaS upgrade to version 23.4 [Wei Shen](https://rndwiki.houston.softwaregrp.net/confluence/display/~wei.shen2@microfocus.com)~~ +- ~~ESM 23.4.P1 Cloud Deployment~~ ~~[Wei Shen](https://rndwiki.houston.softwaregrp.net/confluence/display/~wei.shen2@microfocus.com)~~ + +## Ops Runbook + +- Update grafana content pack after version upgrade [Sunny Xia](https://rndwiki.houston.softwaregrp.net/confluence/display/~sunny.xia@microfocus.com) +- ~~How to check OPB agent status [Wenjun Sun](https://rndwiki.houston.softwaregrp.net/confluence/display/~wen-jun.sun@microfocus.com)~~ +- How to identify and clean up isolated CMS customer tenant [Sunny Xia](https://rndwiki.houston.softwaregrp.net/confluence/display/~sunny.xia@microfocus.com) +- How to identify and clean up isolated OO customer tenant [Sunny Xia](https://rndwiki.houston.softwaregrp.net/confluence/display/~sunny.xia@microfocus.com) +- How to identify and clean up isolated HCMX customer tenant [Sunny Xia](https://rndwiki.houston.softwaregrp.net/confluence/display/~sunny.xia@microfocus.com) +- How to prepare released product binary for Cloud deployment Liu Yu + +## Process: + +- ~~Patch Cloud Deployment Process~~ ~~[Wei Shen](https://rndwiki.houston.softwaregrp.net/confluence/display/~wei.shen2@microfocus.com)~~ +- Hotfix Cloud Deployment Process +- Marjo version Upgarde Cloud Deployment Process +- ~~Emergency procution Change Process (DB change, Configuration Change, Service Restart etc.)~~ [Wei Shen](https://rndwiki.houston.softwaregrp.net/confluence/display/~wei.shen2@microfocus.com) +- Request Assistant for Production Troubleshooting Process [Wei Shen](https://rndwiki.houston.softwaregrp.net/confluence/display/~wei.shen2@microfocus.com) +- Major incident management process +- Change Management process diff --git a/knowledgebase/csd-wiki/ICSD/Prevent-unverified-IP-addresses-from-accessing-tenants_688996491.md b/knowledgebase/csd-wiki/ICSD/Prevent-unverified-IP-addresses-from-accessing-tenants_688996491.md new file mode 100644 index 00000000..973b7b58 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/Prevent-unverified-IP-addresses-from-accessing-tenants_688996491.md @@ -0,0 +1,253 @@ +# Prevent-unverified-IP-addresses-from-accessing-tenants_688996491 +This topic describes how to ensure that only the verified IP addresses have access to the SMAX, Audit, and CMS tenants. It's applicable for customers who require a high level of security and want to limit access to their tenants to a given IP range only. You can achieve this by leveraging Web Application Firewall (WAF) in AWS. See [AWS WAF](https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html) for more information about WAF. + +Follow these steps: + +1. Go to the **AWS Console** and create (up to) 3 **IP Sets** (see [Creating an IP set](https://docs.aws.amazon.com/waf/latest/developerguide/waf-ip-set-creating.html)): + - **Allow-Users-Zero-Trust-IPSet-**: The IP range used by the customer for UI access (e.g. the IPs used by the **customer** **HTTPS proxy**). + - **Allow-NAT-Gateway-IPSet**: contains the IP(s) of the NAT Gateway of current SaaS farm's VPC (see [All NAT Gateway IPs](https://rndwiki.houston.softwaregrp.net/confluence/pages/viewpage.action?spaceKey=SMA&title=ALL+NAT+Gateway+IPs) to find these IPs). This is required to allow ESM products to talk to each other via external FQDN. Also allows nginx integration traffic to be accepted by the ALB. + Note + This IP set might already exist if you have enabled other customers for zero trust, in which case it can be reused. + - **Allow-Troubleshooting-IPSet**: IPs which allow us access to troubleshoot customer tenants. You can add the IPs of some corporate proxies or (temporarily) of some select individuals that are required to access customer tenants. If temporary IPs are added please make sure to delete them after access is no longer required. +2. On farms that do not have WAFs yet, create 4 different web ACLs for SMAX/Audit/CMS/OO with default settings. See [Creating a web ACL](https://docs.aws.amazon.com/waf/latest/developerguide/web-acl-creating.html). Then add WAF rules in below steps to corresponding web ACLs. On farms which have WAFs enabled, add the below rule(s) to the corresponding existing web ACLs. +3. Add the rule to **SMAX/Audit/OO** web ACLs. Go to the **AWS Console > WAF & Shield**, find the existing web ACL or the web ACL you created in step 2. Click **Rules** tab, and then navigate to **Add rules** > **Add my own rules and rule groups.** Click the **Rule builder** > **Rule JSON editor**. Paste the following content in **JSON,** click **Validate** and then click **Add rule** to save your configuration. + ``` + { + "Name": "tenant-ip-filter-", + "Priority": 0, + "Statement": { + "AndStatement": { + "Statements": [ + { + "OrStatement": { + "Statements": [ + { + "ByteMatchStatement": { + "SearchString": "", + "FieldToMatch": { + "SingleQueryArgument": { + "Name": "tenantid" + } + }, + "TextTransformations": [ + { + "Priority": 0, + "Type": "NONE" + } + ], + "PositionalConstraint": "EXACTLY" + } + }, + { + "ByteMatchStatement": { + "SearchString": "rest/", + "FieldToMatch": { + "UriPath": {} + }, + "TextTransformations": [ + { + "Priority": 0, + "Type": "NONE" + } + ], + "PositionalConstraint": "CONTAINS" + } + }, + { + "ByteMatchStatement": { + "SearchString": "", + "FieldToMatch": { + "Cookies": { + "MatchPattern": { + "IncludedCookies": [ + "TENANTID" + ] + }, + "MatchScope": "VALUE", + "OversizeHandling": "NO_MATCH" + } + }, + "TextTransformations": [ + { + "Priority": 0, + "Type": "NONE" + } + ], + "PositionalConstraint": "EXACTLY" + } + } + ] + } + }, + { + "NotStatement": { + "Statement": { + "OrStatement": { + "Statements": [ + { + "IPSetReferenceStatement": { + "ARN": "" + } + }, + { + "IPSetReferenceStatement": { + "ARN": "" + } + }, + { + "IPSetReferenceStatement": { + "ARN": "" + } + } + ] + } + } + } + } + ] + } + }, + "Action": { + "Block": {} + }, + "VisibilityConfig": { + "SampledRequestsEnabled": true, + "CloudWatchMetricsEnabled": true, + "MetricName": "tenant-ip-filter-" + } + } + ``` + Note + Replace the `` with the real Tenant ID you wish to apply the rule to, and then replace ` ` with the ARNs of the IP Sets created in *step 1*. + + If the same customer has multiple tenants with the same IP allowlist, the rules can be consolidated. For example, instead of: + `      "ByteMatchStatement": {                             "SearchString": "",           ...` + + use: + `      "RegexMatchStatement": {           "RegexString": "^(|)$",           ...` +4. Set rule priority. For SMAX, add it after "nat-gateway-IPset" rule. For Audit and OO, put it at top. Validate and then save your configuration. Repeat this step till this rule is added to all SMAX/Audit/OO web ACLs. +5. Add the rule for CMS web ACL. Find the CMS web ACL in **AWS console** > **WAF & Shield**. Click **Rules** tab, and then navigate to **Add rules** > **Add my own rules and rule groups.** Click the **Rule builder** > **Rule JSON editor**. Paste the following content in **JSON,** click **Validate** and then click **Add rule** to save your configuration: + ``` + { + "Name": "tenant-cms-ip-filter-", + "Priority": 0, + "Statement": { + "AndStatement": { + "Statements": [ + { + "OrStatement": { + "Statements": [ + { + "ByteMatchStatement": { + "SearchString": "", + "FieldToMatch": { + "SingleQueryArgument": { + "Name": "customerid" + } + }, + "TextTransformations": [ + { + "Priority": 0, + "Type": "NONE" + } + ], + "PositionalConstraint": "EXACTLY" + } + }, + { + "ByteMatchStatement": { + "SearchString": "", + "FieldToMatch": { + "Cookies": { + "MatchPattern": { + "IncludedCookies": [ + "customerID" + ] + }, + "MatchScope": "VALUE", + "OversizeHandling": "NO_MATCH" + } + }, + "TextTransformations": [ + { + "Priority": 0, + "Type": "NONE" + } + ], + "PositionalConstraint": "EXACTLY" + } + } + ] + } + }, + { + "NotStatement": { + "Statement": { + "OrStatement": { + "Statements": [ + { + "IPSetReferenceStatement": { + "ARN": "" + } + }, + { + "IPSetReferenceStatement": { + "ARN": "" + } + }, + { + "IPSetReferenceStatement": { + "ARN": "" + } + } + ] + } + } + } + } + ] + } + }, + "Action": { + "Block": {} + }, + "VisibilityConfig": { + "SampledRequestsEnabled": true, + "CloudWatchMetricsEnabled": true, + "MetricName": "tenant-cms-ip-filter-" + } + } + ``` + Note + Replace the `` with the real Customer IDyou wish to apply the rule to (CMS customerID = SMAX TenantID), and then replace ` ` with the ARNs of the IP Sets created in *step 1*. + + If the same customer has multiple customer IDs with the same IP allowlist, the rules can be consolidated. For example, instead of: + `      "ByteMatchStatement": {                             "SearchString": "",           ...` + + use: + `      "RegexMatchStatement": {           "RegexString": "^(|)$",           ...` +6. Set rule priority as the top one. +7. On farms that did not have existing WAFs, associate the newly created Web ACLs with the corresponding ALBs + Instead of associate the ACL manually, you need to associate ALC to ALB by editing the ingress like below: + sudo kubectl edit ingress -n itsma-namespace sma-ingress -oyaml + add a line like below: + [alb.ingress.kubernetes.io/wafv2-acl-arn](http://alb.ingress.kubernetes.io/wafv2-acl-arn): arn:aws:wafv2:xxxxxxxx (which is the ARN of the Web ACL) + Note + If this WebACL only have one rule added, set "Default web ACL action for requests that don't match any rules" on the "Rules" tab to "Allow" + +**Related pages** + +- Page: + [ESM Cloud Farm Version Tracking](/display/ICSD/ESM+Cloud+Farm+Version+Tracking) +- Page: + [How to get an Opentext Confluence account](/display/ICSD/How+to+get+an+Opentext+Confluence+account) +- Page: + [ITOM APM AppPluse Cloud Farm Information](/display/ICSD/ITOM+APM+AppPluse+Cloud+Farm+Information) +- Page: + [ITOM Cloud Service Ops Doc Management Process](/display/ICSD/ITOM+Cloud+Service+Ops+Doc+Management+Process) +- Page: + [ITOM ESM Cloud Service Catalog](/display/ICSD/ITOM+ESM+Cloud+Service+Catalog) +- Page: + [ITOM OpsB NOM Cloud Service Catalog](/display/ICSD/ITOM+OpsB+NOM+Cloud+Service+Catalog) +- Page: + [OpsB and NOM Cloud Deployments Version Tracking](/display/ICSD/OpsB+and+NOM+Cloud+Deployments+Version+Tracking) diff --git a/knowledgebase/csd-wiki/ICSD/Process-for-license_709426883.md b/knowledgebase/csd-wiki/ICSD/Process-for-license_709426883.md new file mode 100644 index 00000000..ae7018be --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/Process-for-license_709426883.md @@ -0,0 +1,168 @@ +# Process-for-license_709426883 +Here you can fine a centralized licensing provisioning documentation: + +[Edit Document](/plugins/servlet/confluence/editinword/709426883/attachments/Centralized_Licensing_Provisioning_Guide.docx) + +Centralized Licensing Provisioning Documentation + +## 1\. Where Licensing Provisioning Tickets Are Logged and Picked Up + +Primary Source: MF SaaS Unified Tool (UT system) +�� [MF SaaS Unified Tool](https://ut.ct-us2.saas.microfocus.com/sm/index.do) + +\- Monitor emails from: [saas-support-do-not-reply@saas.microfocus.com](mailto:saas-support-do-not-reply@saas.microfocus.com) if the tickets are assigned to the user. + +\- Look for subject lines like: +"Ticket SR00389815 has been assigned to you - OrderFulfillment - UpdateAccount..." + +\- Monitor Teams channel: ESM SaaS Order Provision Working Group + +⚠️ Note 1: The new user must be added to the chat. Request access from an existing user in the chat + +⚠️ Note 2: Ignore ad-hoc requests via Teams from Customer Success Managers (CSMs). + +## 2\. Reference Documentation + +Confluence Articles for basic knowledge: + +\- [ESM Cloud Ops – New User Guide](https://confluence.opentext.com/pages/viewpage.action?spaceKey=ICSD&title=ESM+Cloud+Ops+-+New+User+Guide) + +\- [ITOM ESM License Units Conversion](https://confluence.opentext.com/display/ICSD/ITOM+ESM+License+Units+conversion) + +\- [ESM License Generation Detail](https://confluence.opentext.com/display/ICSD/ESM+license+generation+detail) + +Control Tower: + +\- [Control Tower Orders example](https://backoffice.saas.microfocus.com/home/bl/desktop.html?TENANTID=1#/ofs/orders/SB_712674) +\- Using filters by Order ID, Account Name, or Product from “ More filters ” if known usually are mentioned in the UT ticket attachment. + +![](plugins/servlet/benryanconversion) + +## 3\. Required Access Accounts + +Pre-requisites: +✅ Get AWS access before BO access +✅ Get INFRA account before Unified Tool access + +All sections below refer to the New User Guide: + +| Account Type | Section in Guide | +| --- | --- | +| AWS Console | #1 | +| INFRA | #11 | +| SaaS Unified Tool (UT) | #12 | +| PCS WW (SMAX) | #5.1 | +| PCS EU SMAX | #5.2 | +| X4X (Internal Cloud Service) | #6 | +| Suite-Admin Personal Accounts | #13 | + +UCMDB JMX Access: Request account from Alin Zirbo + +## 4\. Useful Links + +Tool Link/Example + +[Control Tower Homepage](https://backoffice.saas.microfocus.com/home/bl/desktop.html?TENANTID=1#/dashboard) + +[Unified Tool Homepage (UT)](https://ut.ct-us2.saas.microfocus.com/sm/index.do) + +SMAX BO - https://-smax.saas.microfocus.com/bo + +OO BO - https://oo.-smax.saas.microfocus.com/autopass/ls/license/tenant + +UCMDB JMX Console - https://cms.-smax.saas.microfocus.com/jmx-console/ + +CMS BO - https://cms.-smax.saas.microfocus.com/ucmdb-browser/?customerID=&auth=db + +[X4X Agent Interface](https://us2-smax.saas.microfocus.com/saw/ess?TENANTID=202385354) + +[License SharePoint](https://opentextcorporation.sharepoint.com/sites/MFI-SMAXSaaSDevOps/Shared%20Documents/Forms/AllItems.aspx?isAscending=false&id=%2Fsites%2FMFI%2DSMAXSaaSDevOps%2FShared%20Documents%2F2%2DESM%20SaaS%20Customer%2FLicense&sortField=Modified&viewid=250c668f%2D9c3b%2D4ad9%2Db164%2D3d6ac18e50c3) + +[PowerBI License Status](https://app.powerbi.com/groups/me/reports/cf509ffe-325f-4c1b-a507-44b93e6d85ca/ReportSection83e2db59c3f5174e72d9?experience=power-bi) + +## 5\. Licensing Provisioning Process + +## Steps for SMAX & AMX Licensing + +\- Open SaaS Unified Tool (UT) + +\- Go to Service Catalog > Search Customer Request, open the SD# (e.g. SD00499039). Or if SR# known, open it directly. + +\- Download attached.xls file + +\- Extract the details: + +- ESM farm, name of the customer, Tenant ID (correlated to CT Tenant ID) and identify the correct Tenant ID for ITOM products within PowerBI + +\- Open SMAX BO for the correct farm + +\- Locate Tenant ID or name of the customer + +\- In Excel file the license row holds the xml information that needs to be uploaded in SMAX BO, by copying the xml information and store it locally in a new xml file. + +(eg. customerName\_SMAX\_40\_Premium\_licenses\_prod.xml) + +\- In SMAX BO: + +- Licenses > Upload > Select environment and import the xml created previously. +- Confirm “Success” status + +\- Option 1: + +- Open the license uploaded, go to Allocation, use the Concurrent User or Names user license, Click on Allocate and Add to license pool + +\- Option 2: + +- Go to License-Pools and identify the customer’s pool or create a new pool +- Open the relevant License Pool > Assignments and select the license that was uploaded previously and add the Capacity and Tenant + +\- Go to the customer tenant to double check the licenses added. + +\- Take a screenshot and attach it to the UT ticket and Teams Channel for Tenant provisioning + +\- Closing the UT ticket will close the Control Tower order automatically. + +\- Customer notification: + +- Use X4X -> Set License Renewal offering +- Fill in: Farm, Customer, Tenant ID, license details + +\- Revoke the expired lienses: + +- Bo > Tenants > Licenses > Select the license > Revoke & Save + +\- Upload the Excel file,.xml and Screenshots to SharePoint. + +## CMS Licensing (UCMDB) + +Installation + +\- Open the UT ticket & download the attachment + +\- Open UCMDB JMX console using suite-admin credentials + +\- Search: addLicenseToPool + +- Enter the license key from the excel file +- Click Invoke + +\- Check via viewLicenseCapacity + +- Locate installed key +- In Allocation Form: + - Set customerID = SMAX Tenant ID + - NOTE: To identify the SMAX Tenant ID check the PowerBI link + - Set featured (first in license block) + - Enter full capacity + +\- Alternatively use allocateLicenseCapacity + +\- Validate via viewLicenseCapacity + +## CMS License Check (UCMDB Validation) + +\- Open CMS UCMDB in Browser + +\- Log in using cms-admin/password from Parameter Store if existing, or smax-admin/password from the correct Farm + +\- Click on question icon? -> About and check the Licenses and capacity diff --git a/knowledgebase/csd-wiki/ICSD/Process-on-how-to-handle-Security-Issues-found-by-Qualys-Scan_688996390.md b/knowledgebase/csd-wiki/ICSD/Process-on-how-to-handle-Security-Issues-found-by-Qualys-Scan_688996390.md new file mode 100644 index 00000000..9adde163 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/Process-on-how-to-handle-Security-Issues-found-by-Qualys-Scan_688996390.md @@ -0,0 +1,60 @@ +# Process-on-how-to-handle-Security-Issues-found-by-Qualys-Scan_688996390 +## Introduction + +This document describes the detailed process for filtering, reviewing, and addressing security issues found in Cloud Application production environments through the Qualys Security Scanning Tool. This document focuses on explaining the process and does not address specific remediation scenarios. + +## Process Summary + +![](attachments/688996390/688996387.png) + +## Filtering + +Currently we regularly aggregate and categorize Qualys Scan data for all currently covered AWS Accounts in the form of Power BI reporting. + +ITOM Qualys Scan Summary Report: [Link](https://app.powerbi.com/groups/fac06a69-6340-4715-b8fe-4bdc0ca9af14/reports/feefbf2c-3e45-4200-a1bd-43f0b1551d6a/104f6822b28d0ed32ce6?experience=power-bi) + +The purpose of Flitering is mainly to triage all the scanned problems in order to specify a reasonable fix and plan. The main points that will be categorized and managed are as follows: + +- **Severity Level**: [Description of Severity Level](https://urldefense.com/v3/__https://qualysguard.qg2.apps.qualys.com/qwebhelp/fo_portal/knowledgebase/severity_levels.htm__;!!Obbck6kTJA!dhw4YsNb0vX4dTXTxwoDb-29KMB9qYbTanPEdiH6UWaiBEQ0jdnAEwO1FYLTHmpUP6zkE1EjUREaH-hliZF34Ys$) +- **Types of problems**: Usually Qualys scanning will mainly find some problems at OS level and give appropriate references for patching and fixing them. We need to categorize the problems so that we can assign an appropriate batch fix plan to them to get more results with less effort. + +For exmaple: in the figure below, based on severity and the type of problem, we fliter out that the version of K8S (Kubernates) in some Linux servers in a given AWS account is old and approaching the end of life, and that we need to specify a plan to upgrade the version of K8S in order to achieve a more secure operating environment. + +![](attachments/688996390/688996388.png) + +## Reviewing + +Review work currently needs to be done by the **ITOM CSD Security virtual team**. The main workflow is: + +1. Export the report from the first step of the filter to determine the scope of the review. +2. Discussing and reviewing certain types of issues, agreeing on fixes, and documenting them in writing in the exported file. +3. According to the urgency of the problem, the degree of difficulty of repair to develop a reasonable repair plan. In particular, discuss whether a specific maintenance window is required, whether there will be any downtime to Cloud Applicaiton during the remediation process, and the extent of the impact on the customer. + +The review owner need to add relevant fields in export datasheet to describe detail review result: + +- **Fix Solution** - Short describe the solution to fix this issue +- **Fix Change ID** - This will link to the relevant change request for fixing the problem. +- **Status** - The review owner should responsible to update status. If Cloud Ops implement relevant change, need to update the status as "Done" to close the loop. + +![](attachments/688996390/688996389.png) + +## Fixing + +The output of the review is converted into various forms of change requests, such as upgrading the K8S version, updating the windows server patch, updating the CCOE AMI version, etc. Depending on the environment, the Cloud Ops team will define different change requests to track. To ensure that all the issues can be solved effectively. + +**Related pages** + +- Page: + [ESM Cloud Farm Version Tracking](/display/ICSD/ESM+Cloud+Farm+Version+Tracking) +- Page: + [How to get an Opentext Confluence account](/display/ICSD/How+to+get+an+Opentext+Confluence+account) +- Page: + [ITOM APM AppPluse Cloud Farm Information](/display/ICSD/ITOM+APM+AppPluse+Cloud+Farm+Information) +- Page: + [ITOM Cloud Service Ops Doc Management Process](/display/ICSD/ITOM+Cloud+Service+Ops+Doc+Management+Process) +- Page: + [ITOM ESM Cloud Service Catalog](/display/ICSD/ITOM+ESM+Cloud+Service+Catalog) +- Page: + [ITOM OpsB NOM Cloud Service Catalog](/display/ICSD/ITOM+OpsB+NOM+Cloud+Service+Catalog) +- Page: + [OpsB and NOM Cloud Deployments Version Tracking](/display/ICSD/OpsB+and+NOM+Cloud+Deployments+Version+Tracking) diff --git a/knowledgebase/csd-wiki/ICSD/Product-License-Management_686070229.md b/knowledgebase/csd-wiki/ICSD/Product-License-Management_686070229.md new file mode 100644 index 00000000..ba72cf48 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/Product-License-Management_686070229.md @@ -0,0 +1,21 @@ +# Product-License-Management_686070229 +ESM accounts workflow: + +| **Step #** | 0. | 1. | 2. | 3. | 4. | 5. | 6. | 7. | 8. | | +| --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | +| **Who?** | CSM rep. | CSM rep. | CSM rep. | SaaS Ops | CSM rep. | SaaS Ops | SaaS Ops | SaaS Ops | CSM rep. | | +| **What?** | Creating the Salesforce order | Generating the order's license in CT | Requesting a new SMAX account creation | Creating a new SMAX account | Providing new licenses | Provisioning new licenses | Notifying the customer | Updating tickets | Updating tickets | | +| **Where?** | Salesforce | Control Tower | SaaS Unified Tool | X4X | SaaS Unified Tool | BO (ESM), OO. (Autopass), JMX (UCMDB) | X4X | SaaS Unified Tool, Control Tower | | | +| **How?** | | via Autopass | | | | | | | | | + +Related articles: + +1. [Full process of deploying licenses](Full-process-of-deploying-licenses_688988271.html) +- [Converting the Named License to Concurrent License](Converting-the-Named-License-to-Concurrent-License_711830360.html) +- [ESM license generation detail](ESM-license-generation-detail_686070325.html) +- [ESM products licensing provisioning (SMAX/HCMX, UCMDB/CMS/UD, OO)](686070266.html) +- [Full process of deploying licenses](Full-process-of-deploying-licenses_688988271.html) +- [How to check ESM Tenant Product License Expiration](How-to-check-ESM-Tenant-Product-License-Expiration_686079367.html) +- [Override UCMDB max probe number for a specific customer on SaaS](Override-UCMDB-max-probe-number-for-a-specific-customer-on-SaaS_686074263.html) +- [Process for license](Process-for-license_709426883.html) +- [Request ESM Products Internal Licenses](Request-ESM-Products-Internal-Licenses_686070421.html) diff --git a/knowledgebase/csd-wiki/ICSD/Product-Provision-Automation_686070431.md b/knowledgebase/csd-wiki/ICSD/Product-Provision-Automation_686070431.md new file mode 100644 index 00000000..e9dfe1ae --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/Product-Provision-Automation_686070431.md @@ -0,0 +1,14 @@ +# Product-Provision-Automation_686070431 +1. [ITOM Cloud Service Delivery](index.html) +2. [ITOM Cloud Service Delivery](ITOM-Cloud-Service-Delivery_681555087.html) +3. [💠2 - Deployment & Configuration](682933058.html) + +Created by on Jan 20, 2025 EST + +- [ESM SaaS Tenant Provision Automation API Document](ESM-SaaS-Tenant-Provision-Automation-API-Document_686070458.html) +- [ESM Tenant Provisioning Automation](ESM-Tenant-Provisioning-Automation_686079418.html) +- [How to provision a farm](How-to-provision-a-farm_693608295.html) + +Document generated by Confluence on Sep 15, 2025 22:25 EDT + +[Atlassian](https://www.atlassian.com/) diff --git a/knowledgebase/csd-wiki/ICSD/Product-Version-Upgrade_686083990.md b/knowledgebase/csd-wiki/ICSD/Product-Version-Upgrade_686083990.md new file mode 100644 index 00000000..83aff10a --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/Product-Version-Upgrade_686083990.md @@ -0,0 +1,16 @@ +# Product-Version-Upgrade_686083990 +- [AWS RDS certificate update- Helm Simulation env](AWS-RDS-certificate-update--Helm-Simulation-env_686088156.html) +- [ESM Patch Version Rollback Capability Tracking](ESM-Patch-Version-Rollback-Capability-Tracking_692429849.html) +- [ESM SaaS Upgrade to version 25.1](ESM-SaaS-Upgrade-to-version-25.1_688988231.html) +- [ESM SaaS Upgrade to version 25.1.1 from 24.4.2](ESM-SaaS-Upgrade-to-version-25.1.1-from-24.4.2_688992593.html) +- [ESM SaaS Upgrade to version 25.1.2 from 25.1.1](ESM-SaaS-Upgrade-to-version-25.1.2-from-25.1.1_692438948.html) +- [ESM SaaS Upgrade to version 25.2 from 25.1.2](ESM-SaaS-Upgrade-to-version-25.2-from-25.1.2_693604994.html) +- [ESM SaaS Upgrade to version 25.2.2 from 25.2](ESM-SaaS-Upgrade-to-version-25.2.2-from-25.2_705001241.html) +- [ESM SaaS Upgrade to version 25.3 from 25.2.2 (SMAX 25.2.2 HF1+25.2.2.HF2+UCMDB HF1)](708228059.html) +- [ESM SaaS Upgrade to version 25.3.1 from 25.3](ESM-SaaS-Upgrade-to-version-25.3.1-from-25.3_713194452.html) +- [ESM SaaS Upgrade to version 25.3.2 from 25.3.1](ESM-SaaS-Upgrade-to-version-25.3.2-from-25.3.1_716275145.html) +- [Issues list per release](Issues-list-per-release_696536522.html) +- [Transform the suite to a Helm deployment on 24.2.FP1](Transform-the-suite-to-a-Helm-deployment-on-24.2.FP1_688996419.html) +- [Transform the suite to a Helm deployment on 24.3.2](Transform-the-suite-to-a-Helm-deployment-on-24.3.2_688996421.html) +- [Upgrade CMS from 24.3 to 24.4](Upgrade-CMS-from-24.3-to-24.4_688996436.html) +- [Upgrade CMS to 24.4.2](Upgrade-CMS-to-24.4.2_688996438.html) diff --git a/knowledgebase/csd-wiki/ICSD/Reduce-SMAX-license-buffer-in-tenant_688996392.md b/knowledgebase/csd-wiki/ICSD/Reduce-SMAX-license-buffer-in-tenant_688996392.md new file mode 100644 index 00000000..1272a720 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/Reduce-SMAX-license-buffer-in-tenant_688996392.md @@ -0,0 +1,47 @@ +# Reduce-SMAX-license-buffer-in-tenant_688996392 +## Introduction + +By default, SMAX allows a customer to exceed their license capacity by 10% before we block user logins. The reason for this is to give customers some buffer in case they occasionally hit the limit. This causes little disruption to customers who are close to the limit. But there are some customers who consistently exceed their license, continue abusing the system and do not plan to purchase additional licenses. + +For customers abusing the "buffer" and not planning to purchase additional licenses, Product Management may wish to reduce the buffer and only allow the customer to use the license capacity they are paying for. + +The following process can be followed to change the buffer from 10% to 1%. + +**NOTE: Do not perform this change without Product Management approval** + +## Procedures: + +This is a Tenant level change, but is in the global tenant settings which required BO integration user authentication. + +1. Document the change with an X4X Unplanned Change Request. Get the usual approval. Make sure you have Dean's approval also. +2. Execute the following REST call to change the tenant setting + +**REST call to change tenant setting (using bo integration user):** + +1. Get authentication token using bo integration user +2. Using postman or other rest tool, set the token from step 1 and execute the following rest call: + +Current value is 10. Change it to 1. + +PUT: https:///rest//TenantSettings/settings/LMS\_CONFIGURATION\_SETTING\_LICENSE\_SLACK + +Body: + +{"LMS\_CONFIGURATION\_SETTING\_LICENSE\_SLACK":1} + +**Related pages** + +- Page: + [ESM Cloud Farm Version Tracking](/display/ICSD/ESM+Cloud+Farm+Version+Tracking) +- Page: + [How to get an Opentext Confluence account](/display/ICSD/How+to+get+an+Opentext+Confluence+account) +- Page: + [ITOM APM AppPluse Cloud Farm Information](/display/ICSD/ITOM+APM+AppPluse+Cloud+Farm+Information) +- Page: + [ITOM Cloud Service Ops Doc Management Process](/display/ICSD/ITOM+Cloud+Service+Ops+Doc+Management+Process) +- Page: + [ITOM ESM Cloud Service Catalog](/display/ICSD/ITOM+ESM+Cloud+Service+Catalog) +- Page: + [ITOM OpsB NOM Cloud Service Catalog](/display/ICSD/ITOM+OpsB+NOM+Cloud+Service+Catalog) +- Page: + [OpsB and NOM Cloud Deployments Version Tracking](/display/ICSD/OpsB+and+NOM+Cloud+Deployments+Version+Tracking) diff --git a/knowledgebase/csd-wiki/ICSD/Remove-50-freemium-UD-Premium-license-for-existing-UD-SaaS-customers_688996394.md b/knowledgebase/csd-wiki/ICSD/Remove-50-freemium-UD-Premium-license-for-existing-UD-SaaS-customers_688996394.md new file mode 100644 index 00000000..0e19b979 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/Remove-50-freemium-UD-Premium-license-for-existing-UD-SaaS-customers_688996394.md @@ -0,0 +1,45 @@ +# Remove-50-freemium-UD-Premium-license-for-existing-UD-SaaS-customers_688996394 +### Background + +PMs decided to stop deployment of the 50 free UD licenses to our SaaS customers on their production system, and instead are moving these free licenses to non-production only. This will show up in the December price guide. This change impacts both new customers and existing customers. + +- For new customers, SaaS team will change the existing tenant provision flow in X4X accordingly. +- For existing customers, we provide this guide for SaaS team to manually remove the 50 free UD Premium licenses. + +### Steps: + +1. **Perquisition** + 1. Get the tenant ID. Note that non-production tenant only. + 2. Check which license key does the 50 free licenses come from for this tenant. Method: + 1. Login to SaaS UCMDB JMX with super admin + 2. Call JMX method: viewLicenseCapacity + 3. Search for the tenant ID. Note that usually 50 free licenses may come from the shared internal license key. Double check whether the capacity is 50. +2. **Remove 50 free UD Premium license.** Method: + 1. Call JMX method: viewLicenseCapacity + 2. Scroll to the bottom of the page, call method: Allocate license capacity to customer. Parameter: + 1. LicenseKey: use the one in Step 1.b + 2. customerID: use the one in Step 1.a + 3. featureID: 101817 (Note: 101817 is for Premium license) + 4. capacity: 0 (Note: 0 will override 50) + +Note + +- This guide is only applicable for **non-expired** licenses. +- You can find more details regarding the license JMX methods from CMS official doc portal, example: [Manage UCMDB licenses using JMX Console - Universal Discovery and CMDB - Containerized (microfocus.com)](https://docs.microfocus.com/doc/UCMDB_Containerized/23.4/SAMngLic) + +**Related pages** + +- Page: + [ESM Cloud Farm Version Tracking](/display/ICSD/ESM+Cloud+Farm+Version+Tracking) +- Page: + [How to get an Opentext Confluence account](/display/ICSD/How+to+get+an+Opentext+Confluence+account) +- Page: + [ITOM APM AppPluse Cloud Farm Information](/display/ICSD/ITOM+APM+AppPluse+Cloud+Farm+Information) +- Page: + [ITOM Cloud Service Ops Doc Management Process](/display/ICSD/ITOM+Cloud+Service+Ops+Doc+Management+Process) +- Page: + [ITOM ESM Cloud Service Catalog](/display/ICSD/ITOM+ESM+Cloud+Service+Catalog) +- Page: + [ITOM OpsB NOM Cloud Service Catalog](/display/ICSD/ITOM+OpsB+NOM+Cloud+Service+Catalog) +- Page: + [OpsB and NOM Cloud Deployments Version Tracking](/display/ICSD/OpsB+and+NOM+Cloud+Deployments+Version+Tracking) diff --git a/knowledgebase/csd-wiki/ICSD/Renew-customer-certificates-in-Nginx_688996480.md b/knowledgebase/csd-wiki/ICSD/Renew-customer-certificates-in-Nginx_688996480.md new file mode 100644 index 00000000..bb02e9cd --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/Renew-customer-certificates-in-Nginx_688996480.md @@ -0,0 +1,73 @@ +# Renew-customer-certificates-in-Nginx_688996480 +## Renew certificates for customer managed SMAX/CMS/OO FQDNs + +Customer is responsible to monitor certificate validity and should open PCS tickets when it's time to perform renewals. + +Note + +Please follow the SaaS Ops procedure to work with the customer to create the customer-managed FQDNs and generate publicly signed certificates. + +## Renewal Steps Overview + +1. Customer opens PCS ticket asking to renew certificates. +2. SaaS Ops uses normal procedure to generate certificate/key and send the crt's to the customer for signing by their CA. +3. Customer sends back the signed certificates. +4. SaaS Ops installs the new crt/key files into Nginx instance - and performs Nginx reload to pull in the renewed certs. +5. SaaS Ops test and validates certs have been renewed. + +## Typical Certificates Example + +Typically for each customer tenant a set of 3 FQDNs will be required, with examples shown for the certificate naming convention: + +| DNS name (customer) | CNAME (SaaS-managed) | Certificate/key | +| --- | --- | --- | +| [smax.esm-api.acme.com](http://smax.esm-api.acme.com/) | smax.api..[esm-saas.com](http://esm-saas.com/) | smax-acme.crt, smax-acme.key | +| [cms.esm-api.acme.com](http://cms.esm-api.acme.com/) | cms.api..[esm-saas.com](http://esm-saas.com/) | cms-acme.crt, cms-acme.key | +| [oo.esm-api.acme.com](http://oo.esm-api.acme.com/) | oo.api..[esm-saas.com](http://esm-saas.com/) | oo-acme.crt, oo-acme.key | + +If a customer has multiple tenants that need to be enabled for zero trust, use a prefix for the DNS name. For example for a test tenant: + +| DNS name (customer) | CNAME (SaaS-managed) | Certificate/key | +| --- | --- | --- | +| [tst.smax.esm-api.acme.com](http://tst.smax.esm-api.acme.com/) | tst.smax.api..[esm-saas.com](http://esm-saas.com/) | tst-smax-acme.crt, tst-smax-acme.key | +| [tst.cms.esm-api.acme.com](http://tst.cms.esm-api.acme.com/) | tst.cms.api..[esm-saas.com](http://esm-saas.com/) | tst-cms-acme.crt, tst-cms-acme.key | +| [tst.oo.esm-api.acme.com](http://tst.oo.esm-api.acme.com/) | tst.oo.api..[esm-saas.com](http://esm-saas.com/) | tst-oo-acme.crt, tst-oo-acme.key | + +The customer will also need to provide the SaaS team with publicly signed certificates for their FQDNs - these will be required by nginx as described below. + +There is also a Client "Intermediate" certificate, as specified in the nginx.conf file. On some occasions, if customer changes it then it will need to be updated on our side as well: + +ssl\_client\_certificate ssl/ ***clientCA.crt***; + +Note + +Public certificates have to be generated by the customer. We cannot use AWS-generated certificates in this case. + +## Install Renewed Certificates/Keys + +1. Open SSH session to the Nginx instance. +2. Check the Nginx config file: /etc/nginx.conf and confirm the location and names for the certificates. You should see section like the following for each of the API endpoints listed in the table above. Here is the example for SMAX: + ssl\_certificate **ssl/tst.smax.crt**; # the location of the server certificate generated for the server specified in server\_name; + ssl\_certificate\_key **ssl/tst.smax.key;** # the location of the private key of the generated for the server specified in server\_name; +3. Notice the folder and name of each file. To avoid having to change the nginx.conf file it's advised to use the same folder and names. +4. Backup the previous crt/key files. And then replace them with the new ones. +5. Reload the Nginx configuration with: systemctl reload nginx +6. Confirm Nginx status with: systemctl status nginx +7. Test and verify the renewed certificates. + +**Related pages** + +- Page: + [ESM Cloud Farm Version Tracking](/display/ICSD/ESM+Cloud+Farm+Version+Tracking) +- Page: + [How to get an Opentext Confluence account](/display/ICSD/How+to+get+an+Opentext+Confluence+account) +- Page: + [ITOM APM AppPluse Cloud Farm Information](/display/ICSD/ITOM+APM+AppPluse+Cloud+Farm+Information) +- Page: + [ITOM Cloud Service Ops Doc Management Process](/display/ICSD/ITOM+Cloud+Service+Ops+Doc+Management+Process) +- Page: + [ITOM ESM Cloud Service Catalog](/display/ICSD/ITOM+ESM+Cloud+Service+Catalog) +- Page: + [ITOM OpsB NOM Cloud Service Catalog](/display/ICSD/ITOM+OpsB+NOM+Cloud+Service+Catalog) +- Page: + [OpsB and NOM Cloud Deployments Version Tracking](/display/ICSD/OpsB+and+NOM+Cloud+Deployments+Version+Tracking) diff --git a/knowledgebase/csd-wiki/ICSD/Request-ESM-Products-Internal-Licenses_686070421.md b/knowledgebase/csd-wiki/ICSD/Request-ESM-Products-Internal-Licenses_686070421.md new file mode 100644 index 00000000..1fd5aedf --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/Request-ESM-Products-Internal-Licenses_686070421.md @@ -0,0 +1,131 @@ +# Request-ESM-Products-Internal-Licenses_686070421 +## Introduction + +This document describes how to request and apply the internal licenses obtained from the IRL (Software Entitlements Management System) platform. In the current practice, the internal license is deployed to the production farm by default and automatically assigned to the tenant during automated tenant provision. The Cloud Ops team needs to keep the internal production license up to date during daily operations. + +## 1\. Request an ESM product internal license + +##### 1.1. Access the ILR portal + +The ILR page is: [https://sld.prod.corpcloud.opentext.com/semsui/ilr](https://sld.prod.corpcloud.opentext.com/semsui/ilr) and it is accessible using the Micro Focus credentials. + +Select **Product Item** as **Product Name**. + + + +##### 1.2. Search for the product + +**a. SMAX** + +For SMAX, search for the phrase: ***Service Management Automation***. +Select the option shown in the below picture and click ***Add***. Then add the necessary capacity, the max. is 2000. + +Hint: Choose ***Service Management Automation Suite Premium - Asset Manager Enterprise Suite 1 Concurrent User E-LTU - ITSMA-AMCC***. + +![](attachments/686070421/686070394.png) + +**b. HCMX** + +For HCMX, search for the phrase: ***Hybrid Cloud Management*.** +Select the option shown in the below picture and click ***Add***. Then add the necessary capacity, the max. is 2000. +Hint: Choose for NON-PROD: ***Hybrid Cloud Management X 1 Unit for Micro Focus SaaS Internal Use Only*** and for PROD: ***Hybrid Cloud Management X 10 Unit Sub SW E-LTU*** +![](attachments/686070421/686070398.png) + +**c. OO** + +For OO, search for the phrase: ***Operations Orchestration***. +Select the option shown in the below picture and click ***Add***. Then add the necessary capacity, the max. is 2000. + +Hint: Choose ***Operations Orchestration - Operations Orchestration Concurrent Workflow Sub SW E-LTU.* +![](attachments/686070421/686070399.png)** + +**d. UCMDB (CMS)** + +For UCMDB, search for the phrase: ***Universal Configuration Management*****.** +Select the option shown in the below picture and click ***Add***. Then add the necessary capacity, the max. is 2000. + +Hint: Choose ***Universal Configuration Management - Universal Discovery 100 Premium Unit SaaS for OpenText Internal Use.* +![](attachments/686070421/686070400.png)** + +Amount screen sample: + +![](attachments/686070421/686070401.png) + +##### 1.3. Submit the Internal License Request + +Once the product chosen and the quantity entered, the request may be submitted with the **Submit** button. This will result in an order link displayed on the screen. For later reference, save it in a proper place.![](attachments/686070421/686070402.png) Once submitted, the request may be opened in SLD (Software Licensing and Download) portal using the order link. The SLD portal may be opened only in Incognito browser mode. + +## 2\. Download the ESM licenses + +2.1. Either by using the link obtained on step #1.3 above, or by accessing the SLD portal > Entitlements section and setting a filter on the order number, it leads to this page: +![](attachments/686070421/686070403.png) +2.2. In order to use a license, it needs to be activated. For that, click the button behind the blue word ***Activate***. It will lead to this screen: + +![](attachments/686070421/686070404.png) +2.3. Once the product's activation started, select the lowest option in the list, and fill in the version, i.e. the latest one, and the quantity. + +On the same screen, set a Target Name to this license activation and mind the options available here, fill in the Locking Info, and the operator email address. Click ***Next***. + +2.4. Once the activation submitted, the screen will display the license file (like \*\*.xml,\*\*.dat...) that may be downloaded or sent to the operator's email address. + +## 3\. Apply the ESM products licenses + +##### a. SMAX and HCMX + +a.1. In order to provision SMAX or HCMX licenses, login to BO using the personal *suite-admin-john* credentials from the regular BO., e.g. default link: *https://- [smax.saas.microfocus.com/bo](http://smax.saas.microfocus.com/bo)* + +and open the **LICENSES** main menu. **![](attachments/686070421/686070406.png)** a.2. Choose the **U** **pload licenses** button and: + +a.3. Select the PROD or NON-PROD environment + +a.4. Import the.xml for SMAX or.dat for HCMX license file to it. Wait until the table with the imported license shows up and the status "Success". Check the Lock Code. Click ***OK***. +**![](attachments/686070421/686070408.png)** + +a.5. In the same BO **LICENSES** main menu, the licenses may be added to a certain pool, once selected and assigned its type(s) (concurrent or named users). + +##### b. UCMDB (also known as former CMS) + +b.1. In order to provision UCMDB / CMS (UD) license, log into the JMX console page using the personal *suite-admin-john* credentials from the regular BO., default link: *https://cms.-smax.saas.microfocus.com/jmx-console/* + +and search for the **addLicenseToPool** method. Note that this applies to all UD SaaS licenses, including Premium license, Asset and CI management license, DFP connection license.**![](attachments/686070421/686070409.png)** b.2. Enter the ***licenseKey*** string in the **Value** field and press **Invoke.** + +License key string sample: 9D99 CAAA H9PQ 8HWY UAAE LGWN 79JL 297H AELC NEFA DXAU 2CSM GHTG L762 DMV7 FCNA KJVT D5KU FGVW DWZ5 LL9K 746W KLAJ 9X68 5N35 XUEG HUTQ UYRP 2X29 D7QU BGEK PK9S FWF8 HALJ 6SDU C2ZB MXRU L9KM PVBR KN8Q NZTH NM2G EJTG XK3M VYL2 7NDK WZVT 7J5B 7WWM 492Z ASS2 KTBG 5YS8 92WR RPKQ NDPQ WGRK FC8W 65Q8 YTCV 4ZQJ YVFZ MQH5 TFC6 G8R3 FPDR MJ7X 3HWJ R4R4 HDBU 9J6C 9SGL 8WSQ FGYB VCEE 9NBD 628K YJQ5 8AUE 97S6 BKS8 NXZQ DJR4 QDXZ X477 UG3M FJVU 9RSF DSVP ZRZA TRT6 VL3A 5FGF JRXR D5R7 YTN7 3F38 MMC9 J6LB 42CD SCDW QQWU TJHY 35GJ F6PE 5WL9 XQ2S S87V FUVN TCGF "1d8ebf97-85f3-48db-947c-bb68018f6c46 ILR-UDSAASPREM 24.2 Universal Discovery 100 Premium Unit SaaS for Micro Focus Internal Use" + +![](attachments/686070421/686070411.png) + +![](attachments/686070421/686070412.png) + +##### c. OO + +c.1. In order to provision OO licenses, log into the OO portal for Autopass, using the personal *suite-admin-john* credentials from the regular BO, default link: *[https://oo.-smax.saas.microfocus.com/autopass/ls/license/tenant](https://oo.us7-smax.saas.microfocus.com/autopass/ls/license/tenant "https://oo.us7-smax.saas.microfocus.com/autopass/ls/license/tenant")* and go to top-left **burger** menu, choose **LICENSE** and then **Install**. + +**![](attachments/686070421/686070414.png)** + +![](attachments/686070421/686070415.png) In order to add OO licenses to a specific customer, go to the **VIEW** top menu, select the just installed license, mind the start date and the expiration date. E.g.: + +![](attachments/686070421/714308968.png) +Press the **Assign** button and populate the requested info before **Submitting** it: + +![](attachments/686070421/714308969.png) + +Use the "Default Expiry Date" in order to copy the expiration date from the "Expiry Date" for this license provisioning. + +## Attachments: + +[image2023-3-15\_17-42-28.png](attachments/686070421/686070394.png) (image/png) +[image2023-3-15\_17-51-35.png](attachments/686070421/686070398.png) (image/png) +[image2023-3-15\_17-54-9.png](attachments/686070421/686070399.png) (image/png) +[image2023-3-15\_17-55-28.png](attachments/686070421/686070400.png) (image/png) +[image2023-3-15\_17-59-36.png](attachments/686070421/686070401.png) (image/png) +[image2023-3-15\_18-2-32.png](attachments/686070421/686070402.png) (image/png) +[image2023-3-15\_18-4-6.png](attachments/686070421/686070403.png) (image/png) +[image2023-3-15\_18-8-50.png](attachments/686070421/686070404.png) (image/png) +[image2023-9-20\_15-1-44.png](attachments/686070421/686070406.png) (image/png) +[image2023-9-20\_15-2-49.png](attachments/686070421/686070408.png) (image/png) +[image2023-9-20\_15-11-1.png](attachments/686070421/686070409.png) (image/png) +[image2023-9-20\_15-14-49.png](attachments/686070421/686070411.png) (image/png) +[image2024-5-28\_10-2-26.png](attachments/686070421/686070412.png) (image/png) +[image2023-9-20\_15-24-44.png](attachments/686070421/686070414.png) (image/png) +[image2023-9-20\_15-25-29.png](attachments/686070421/686070415.png) (image/png) +[image-2025-5-13\_13-1-26.png](attachments/686070421/714308968.png) (image/png) +[image-2025-5-13\_13-2-57.png](attachments/686070421/714308969.png) (image/png) diff --git a/knowledgebase/csd-wiki/ICSD/Request-Unplanned-Change-in-Cloud-Production-Environment-Process_686070239.md b/knowledgebase/csd-wiki/ICSD/Request-Unplanned-Change-in-Cloud-Production-Environment-Process_686070239.md new file mode 100644 index 00000000..3c4f4098 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/Request-Unplanned-Change-in-Cloud-Production-Environment-Process_686070239.md @@ -0,0 +1,85 @@ +# Request-Unplanned-Change-in-Cloud-Production-Environment-Process_686070239 +## Introduction + +This document describes how to submit a service request through the X4X tenant to request a Cloud service for unplanned changes in ITOM Cloud Production environment. + +## Request Unplanned Change in Cloud Production Environment + +This service is used to handle the current unplanned changes on Cloud production environments other than planned regular major version upgrade & patch deployment. According to the current practice, these actions include but are not limited to: + +- Emergency unplanned hotfix +- Data change in production database (not included in patch/upgrade) +- Unplanned configuration change in production application +- Unplanned application K8S configuration change (Adjust pod number, pod size, yaml configuration etc.) +- Unplanned WAF Change +- etc. + +## Process + +### Unplanned Change Preparation + +Ensure all changes to be deployed to Cloud production environment are well tested and approved + +1. If the change is a "Hotfix", ensure the hotfix was approved by RnD management team and released/published via [Hotfix Manager](https://rdapps.swinfra.net/hotfix/) + Normally RnD team need to involve Cloud team to join the CCB review meeting to evaluate the hotfix itself and give appropriate estimation of hotfix Cloud deployment timeline + Some Tips: + - Whether the hofix is to fix a major incident that should be apply to production immediately? + - It's important to show the current farm version tracking to RnD team, to ensure the hotfix is on top of the right version + - [ESM Cloud Farm Version Tracking](https://rndwiki.houston.softwaregrp.net/confluence/display/ICS/ESM+Cloud+Farm+Version+Tracking) + - [OpsB and NOM Cloud Deployments Version Tracking](OpsB-and-NOM-Cloud-Deployments-Version-Tracking_686069604.html) + - What's the exact hotfix procedures, which kind of change in the hofix - binary change, configration change, restart service etc + - Does the hotfix deployment impact the customer which might cause the service unavailable? +2. If the change is a "Database Change", ensure the " [Database Change Document](#) " is well prepared and sign-off by Product RnD System Architect and Cloud Team Solution Architect (Sample: [Cloud\_DB\_change\_149286.docx](#)) **Please note that database operation is a high risk operation. We must get approval from RnD SA as well as Cloud Service Team Manager before performing database operations. Currently we're leveraging "Cloud SA" approval process to have RnD SA review and approve such changes.** +3. The other changes, ensure the relevant Ops document are published in [ITOM Cloud Service](https://confluence.opentext.com/display/ICSD) [W](https://rndwiki.houston.softwaregrp.net/confluence/display/ICS/ITOM+Cloud+Service) [iki Space](https://confluence.opentext.com/display/ICSD) and reviewed/sign-off by Cloud Service team. Please refer: [ITOM Cloud Service Ops Doc Management Process](ITOM-Cloud-Service-Ops-Doc-Management-Process_686069689.html) + +### Submit Unplanned Change Request RND + +1. Product RnD team to prepare the unplanned change and submit request in [ITOM Cloud X4X System](https://us2-smax.saas.microfocus.com/saw/ess?TENANTID=202385354) +2. In Service Portal, Select "Internal Cloud Service" category +3. Select Service Offering "Request unplanned change in production environment" and fill all required information + 1. **Farm** (Required) + 2. **PCS Case ID** (Optional) + 3. **Justification of change** (Required) + 4. **Impact of change** (If not apply this change what's the reuslt?) (Required) + 5. **Rollback plan provide?** (Optional) + 6. **Suggested date of change** (Optional) + 7. **CPE Owner** (Required) - CORE CPE Owner drive the change + 8. **Submitter** (Required) - Prorudct RnD Team Scurm Master/PO, CORE CPE, Cloud DevOps + 9. **SA Sign-Off** (Required) - Product RnD Team SA/ Cloud Team SA + 10. **Add Attachement** (Optional) - For database change, the "Database Change Document" is mandatory for the change + Generally, the unplanned change will only be deployed to a specific Cloud environment (farm), if the change needs to be deployed to different farms, please add multiple farms. + If the change needs to be deployed to all farms, please communicate with the Cloud Team Lead for approval in advance! +4. Once the request submitted, the pre-defined **Cloud SA** need to review the change & solution in the request. + 1. Approve - The change will be assigned to Cloud Service Manager for further change execution + 2. Reject - If the risk of change is high, **Cloud SA** has the right to reject the request. Then move to offline negociation if needed. +5. Once Cloud SA approved the solution in the unplanned change, the **Cloud Service Manager** will review all the information in the request. + 1. Approve - The change will be assigned to dedicated Ops engineer for further change execution + 2. Reject - If the risk of change is high, **Cloud team Manager** has the right to reject the request. Then move to offline negociation if needed. + +### Unplanned Change Execution CLOUD OPS + +1. Assigned Ops engineer to prepare Ops change request in [OT SM9](https://sm.opentext.net/sm/index.do) +2. Follow pre-defined **Change Management Process** to review the change. Some specific changes need to request addtional approval from CAB review. +3. Follow pre-defined change date/time window to execte the change in Cloud environment +4. Once the change is done. Update the request in [ITOM Cloud X4X System](https://us2-smax.saas.microfocus.com/saw/ess?TENANTID=202385354) +5. Close the unplanned change request + 1. You need to manually edit and validate the task in the "Task Plan" + 2. Fill the **resolution notes** and **completion code** in the request + 3. After above action done, the request change will move to "Accept", and then "Closed" after couple days. + +**Related pages** + +- Page: + [ESM Cloud Farm Version Tracking](/display/ICSD/ESM+Cloud+Farm+Version+Tracking) +- Page: + [How to get an Opentext Confluence account](/display/ICSD/How+to+get+an+Opentext+Confluence+account) +- Page: + [ITOM APM AppPluse Cloud Farm Information](/display/ICSD/ITOM+APM+AppPluse+Cloud+Farm+Information) +- Page: + [ITOM Cloud Service Ops Doc Management Process](/display/ICSD/ITOM+Cloud+Service+Ops+Doc+Management+Process) +- Page: + [ITOM ESM Cloud Service Catalog](/display/ICSD/ITOM+ESM+Cloud+Service+Catalog) +- Page: + [ITOM OpsB NOM Cloud Service Catalog](/display/ICSD/ITOM+OpsB+NOM+Cloud+Service+Catalog) +- Page: + [OpsB and NOM Cloud Deployments Version Tracking](/display/ICSD/OpsB+and+NOM+Cloud+Deployments+Version+Tracking) diff --git a/knowledgebase/csd-wiki/ICSD/Request-access-to-AWS-account-from-IGA-portal_686074273.md b/knowledgebase/csd-wiki/ICSD/Request-access-to-AWS-account-from-IGA-portal_686074273.md new file mode 100644 index 00000000..0e9d38c5 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/Request-access-to-AWS-account-from-IGA-portal_686074273.md @@ -0,0 +1,14 @@ +# Request-access-to-AWS-account-from-IGA-portal_686074273 +## Introduction + +In the past we were submitting tickets to PSDC to request access for AWS accounts, now this has changed, you can do it from IGA portal by yourself, you don't have to reach to PSDC now, enjoy yourself. + +## Document + +Please refer to the attached pdf for details + +[Managing Access for heritage Micro Focus AWS acccounts via Identity Governance.pdf](attachments/686074273/686074268.pdf) + +## Attachments: + +[Managing Access for heritage Micro Focus AWS acccounts via Identity Governance.pdf](attachments/686074273/686074268.pdf) (application/pdf) diff --git a/knowledgebase/csd-wiki/ICSD/Retrospective_686083994.md b/knowledgebase/csd-wiki/ICSD/Retrospective_686083994.md new file mode 100644 index 00000000..d8534c6a --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/Retrospective_686083994.md @@ -0,0 +1,2 @@ +# Retrospective_686083994 +Created by on Jan 23, 2025 EST diff --git a/knowledgebase/csd-wiki/ICSD/Runbooks-based-on-monitoring_686083879.md b/knowledgebase/csd-wiki/ICSD/Runbooks-based-on-monitoring_686083879.md new file mode 100644 index 00000000..646b4860 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/Runbooks-based-on-monitoring_686083879.md @@ -0,0 +1,363 @@ +# Runbooks-based-on-monitoring_686083879 +## Alerts, Description and Summary + +Alerts comes with monitoring and experience. + +Here is a reference list of items to be sent as alerts. [A grafana monitoring dashboards](https://github.houston.softwaregrp.net/smax-saas-ops/ESM-Saas-Monitoring) are developed based on below list. + +1. Infrastructure + 1. Compute + 2. Network + 1. ALB 5xx (More than 50 in a 2 mins time frame) + 1. Summary: + There are more than 50 5xx errors triggered on frontend. Multiple end user may experience a production issue on their side. + 1. Check whether there is any other time-correlated alerts reporting. + 2. S2NEWALB target 5xx (TBD) + 3. Storage + 1. S3EBS (EBS disk queue depth more than 5 for more than 10 mins) + 1. Summary: + The tasks on the storage is being queued. + 1. Check + 1. whether EBS is running out of credits via EBS burst balance dashboard (Same Dashboard in the infrastructure page). + 2. whether there is a big load against EBS storage. + 2. Todo + 1. No action is required. Usually if it's node level issue, AWS autoscaling group will replace the node after a while. + 2. S2EBS (EBS burst balance below 40% for more than 30 mins ) + 1. Summary: + The load on EBS is high and the burst balance may not fulfill the request in the following quarter/hour. + 1. Check + 1. keep monitoring whether EBS is running out of credits via EBS burst balance dashboard soon (Same Dashboard in the infrastructure page). + 2. whether there is a big load against EBS storage. + 2. Todo + 1. Usually there is no action required, if the alert persists, then it's a critical issue. Please follow the todo when Burst Balance is 0. + 3. EBS (EBS burst balance is 0) + 1. Summary: + The tasks on the storage is being queued. Everything via EBS IO will be slowed down. + 1. Check + 1. whether EBS is running out of credits via EBS burst balance dashboard (Same Dashboard in the infrastructure page). + 2. whether there is a big load against EBS storage. + 2. Todo + 1. Manually login to the system to check whether it's slowing down the system, if it has been slowed down dramatically, choose one of below options to fix + 1. Switch the EBS to GP3 with a specified IOPS (in general default 12000 should be enough, if not you may enlarge it to 18000, need to switch back to 12000 once the issue is fixed) + 2. Add more storage to the EBS + 4. S2EFS (Burst credit below 40% for more than 30 mins ) + 1. Summary: + The tasks on the storage will be queued soon. + 1. Check + 1. whether EFS is running out of credits via EFS burst credit dashboard (Same Dashboard in the infrastructure page). + 2. whether there is a big load against EBS storage. + 2. Todo + 1. Manually login to the system to check whether it's slowing down the system, if it has been slowed down dramatically, choose one of below options to fix + 1. Usually there is no action required, if the alert persists, then it's a critical issue. + 5. EFS (Burst credit is 0) + 1. Summary: + The tasks on the storage is being queued. Everything via EFS IO will be slowed down. + 1. Check + 1. whether EFS is running out of credits via EFS burst credit dashboard (Same Dashboard in the infrastructure page). + 2. whether there is a big load against EBS storage. + 2. Todo + 1. Manually login to the system to check whether it's slowing down the system, if it has been slowed down dramatically, choose one of below options to fix + 1. Switch the EFS to throughput mode (for example: 60 - 100 MB/s, need to switch back once the issue is fixed) + 4. Virtualization + 5. Database + 1. S2CPU (CPU more than 97% for more than 60 mins) + 1. Summary: + The overall CPU usage is more than 97% for more than one hour. + 1. Check + 1. performance insight for top queries for anything taking more CPU + 2. Todo + 1. Keep monitoring and check whether other metrics on Database is abnormal. + 2. Get top 10 query information. + 2. S2CPU (sy: system >70% for more than 60 mins ) + 1. Summary: + The CPU is spending more time on system level processing instead of handling the business flow. + 1. Check + 1. performance insight for top queries for anything taking more CPU + 2. Todo + 1. Keep monitoring and check whether other metrics on Database is abnormal. + 3. S2CPU (si: soft interrupts > 15% for more than 60 mins ) + 1. Summary: + The CPU is spending more time on system level processing instead of handling the business flow. + 1. Check + 1. performance insight for top queries for anything taking more CPU + 2. Todo + 1. Keep monitoring and check whether other metrics on Database is abnormal. + 4. S3Disk queue depth (EBS disk queue depth more than 5 for more than 10 mins) + 1. Summary: + The tasks on the storage is being queued. + 1. Check + 1. whether EBS is running out of credits via EBS burst balance dashboard (Same Dashboard in the infrastructure page). + 2. whether there is a big load against EBS storage. + 5. S2Disk (Free Storage Space is below 500 MB) + 1. Summary: + The instance is running out of storage. + 1. Todo + 1. Add more storage to EBS + 2. Enable storage auto-scaling + 6. S2 Disk (Storage has enough space to auto-scale, (Free Space + Max Autoscaling Storage - Allocated Storage) / Allocated Storage < 0.2 ) + 1. Summary: + The instance auto-scaling quota is not enough. + 1. Todo + 1. Increase the max auto-scaling storage size. + 7. S2Memory (Free memory less than 5% for more than 5 mins) + 1. Summary: + The instance will running out of memory soon. + 1. Check + 1. Login to AWS console → RDS → Monitoring to check whether swap usage is increasing + 2. Todo + 1. Keep monitoring + 2. considering rolling restart current deployment, for example, gateway/platform/serviceportal + 8. Memory (Free memory less than 2% for more than 5 mins) + 1. Summary: + The instance will running out of memory soon. + 1. Check + 1. Login to AWS console → RDS → Monitoring to check whether swap usage is increasing + 2. Todo + 1. considering rolling restart current deployment, for example, gateway/platform/serviceportal + 2. If it's happening for 2-3 times a day and the swap usage is higher. Need to + 1. consider scaling up RDS. Usually double the memory size. + 2. Do DB tuning based on the query which is identified as memory consuming + 9. S2Storage (Burst Balance below 40% for more than 30 mins ) + 1. Summary: + The load on EBS is high and the burst balance may not fulfill the request in the following quarter/hour. + 1. Check + 1. keep monitoring whether EBS is running out of credits via EBS burst balance dashboard soon (Same Dashboard in the infrastructure page). + 2. whether there is a big load against EBS storage. + 2. Todo + 1. Usually there is no action required, if the alert persists, then it's a critical issue. Please follow the todo when Burst Balance is 0. + 10. Storage (Burst Balance is 0) + 1. Summary: + The tasks on the storage is being queued. Everything via EBS IO will be slowed down. + 1. Check + 1. whether EBS is running out of credits via EBS burst balance dashboard (Same Dashboard in the infrastructure page). + 2. whether there is a big load against EBS storage. + 2. Todo + 1. Manually login to the system to check whether it's slowing down the system, if it has been slowed down dramatically, choose one of below options to fix + 1. Switch the EBS to GP3 with a specified IOPS (in general default 12000 should be enough, if not you may enlarge it to 18000, need to switch back to 12000 once the issue is fixed) + 2. Add more storage to the EBS + 11. S2Storage (EBSByteBalance% or EBSIOBalance% below 40% for more than 30 mins ) + 1. Summary: + The load on RDS is high and the burst balance may not fulfill the request in the following quarter/hour. + 1. Check + 1. keep monitoring whether RDS is running out of credits via RDS dashboard soon (Same Dashboard in the infrastructure page). + 2. whether there is a big load against RDS storage. + 2. Todo + 1. Usually there is no action required, if the alert persists, then it's a critical issue. Please fix the top sql + 2. up size the RDS instance type + 12. Storage (EBSByteBalance% or EBSIOBalance% is 0) + 1. Summary: + The tasks on the storage is being queued. Everything via RDS IO will be slowed down + 1. Check + 1. whether RDS is running out of credits via RDS monitoring dashboard. + 2. whether there is a big load against RDS storage. + 2. Todo + 1. Manually login to the system to check whether it's slowing down the system, if it has been slowed down dramatically, choose one of below options to fix + 1. Fix the top sql + 2. Up size the RDS instance + 13. S2DBLoad (AWS Specific, via performance insight, more than 2 times of CPU number for more than one hour) + 1. Summary: + The database is overloaded. + 1. Check + 1. AWS console → RDS → Performance Insight to check which kind of operation is taking the most of time + 14. DBLoad (AWS Specific, via performance insight, more than 4 times of CPU number for more than one hour) + 1. Summary: + The database is mostly overloaded on CPU. + 1. Check + 1. AWS console → RDS → Performance Insight to check which kind of operation is taking the most of time + 15. S3DBLoadNonCPU (AWS Specific, via performance insight, more than 1 times of CPU number more than one hour) + 1. Summary: + The database is blocked on some areas other than CPU, it can be blocked by DB locks, read/write IO and other reasons. + 1. Check + 1. AWS console → RDS → Performance Insight to check which operation is taking the most of time + 16. Dead tuple (TBD) +2. OS (Node level) + 1. CPU + 1. S2CPU more than 97% for more than 60 mins + 1. Summary: + The instance is almost running out of CPU for more than 60 mins. + 1. Todo + 1. Keep monitoring + 2. S2CPU (sy: system >70% for more than 60 mins )(mark for review) + 3. Summary: + The instance too busy on its own system operation to handle the tasks for normal business. + 1. Todo + 1. Keep monitoring + 4. S2CPU (si: soft interrupts > 15% for more than 60 mins )(mark for review) + 1. Summary: + The instance is almost running out of CPU for more than 60 mins. + 1. Todo + 1. Keep monitoring + 2. Memory + 1. S3Memory more than 95% for more than 10 mins + 1. Summary: + The instance is almost running out of CPU for more than 60 mins. + 1. Todo + 1. Keep monitoring + 3. Disk + 1. S3Disk usage more than 95% + 1. Summary: + The instance is almost running out of disk. + 1. Todo + 1. Add more storage to the disk + 2. [Disk read/write latency](https://devconnected.com/monitoring-disk-i-o-on-linux-with-the-node-exporter/#b_Read_Write_Latencies) (TBD) + 3. S3 [Inode usage](https://devconnected.com/monitoring-disk-i-o-on-linux-with-the-node-exporter/#c_Number_of_inodes_on_our_system) > 97% + 1. Summary: + The instance will be blocked by the soft limit on OS level (Inode) very soon. + 1. Todo + 1. Restart pods on the instance to release inode usage + 2. If above step cannot help, need to open an incident for further analysis. + 4. [Node disk IO load](https://devconnected.com/monitoring-disk-i-o-on-linux-with-the-node-exporter/#d_Overall_IO_load_on_your_instance) (TBD) + 4. Network + 1. network operation latency(TBD) + 2. network transit error rate(TBD) + 3. network transit drop rate(TBD) + 4. network transit queue length(TBD) + 5. Throughput / bandwidth (TBD) + 5. S3Load (Load Avg 15m/core number > 200% for 35 mins ) + 1. Summary: + The instance is overloaded for more than 35 mins. + 1. Todo + 1. Keep monitoring + 2. If it happens multiple times in a day, run the rebalancing pod script. +3. Container + 1. CPU + 1. S2CPU (CPU more than 97% for more than 60 mins) + 1. Summary: + The instance is almost running out of CPU for more than 60 mins. + 1. Todo + 1. Keep monitoring + 2. Memory + 1. swap usage + 3. Disk + 1. [Disk read/write latency](https://devconnected.com/monitoring-disk-i-o-on-linux-with-the-node-exporter/#b_Read_Write_Latencies) (TBD) + 2. S3Inode usage(free/total) > 97% + 1. Summary: + The instance will be blocked by the soft limit on OS level (Inode) very soon. + 1. Todo + 1. Restart pods on the instance to release inode usage + 2. If above step cannot help, need to open an incident for further analysis. + 4. Network + 1. network transit error rate(TBD) + 2. network transit drop rate(TBD) + 5. Unavailable service (Send alert directly, TBD, because different service has different severity. Further drill down is required.) + 1. SMA + 1. critical path unavailable: svc portal / runtime ui/ gateway/ platform / redis / rabbitmq / bo-login / idm / bo-ats / ingress-nginx / sma-ui / bo-farcade + 1. Summary(Same for all the availability alerts): + The service is not available now. + 1. Todo + 1. Run 'kubectl describe -n ' and 'kubectl logs -n ' to understand the reason of the failure + 2. Try to fix based on the results from step 1. + 2. S2impact partial of business: others not in S0, search related (content, DIH, DAH, search, proxy) / auto pass / bo-ui / bo-user + 3. S3no obvious impact on business: XMPP / XIE / Smart Ticket / stx / virtual agent / ppo / web socket gateway / smart-ui / ocr / smarta-installer + 4. S4services out side of ESM / toolkit + 2. CMS + 1. critical path unavailable: itom-cms-gateway, itom-idm, itom-ingress-controller, itom-ucmdb-browser, tom-ucmdb-solr, itom-ucmdb + 2. S2impact partial of business: itom-autopass-lms, itom-vault + 3. S3no obvious impact on business: + 4. S4services out side of ESM / toolkit: itom-ucmdb-probe, itom-ucmdb-dfp-lunux-installer, itom-ucmdb-dfp-windows-installer, itom-ucmdb-localclient-installers + 6. Load + 1. S3Load Avg 15m/core number > 200% for 35 mins (TBD, because it's not observable via current metrics) + 1. Summary: + The instance is overloaded for more than 35 mins. + 1. Todo + 1. Keep monitoring + 2. If it happens multiple times in a day, run the rebalancing pod script. + 7. Threads + 1. container\_threads on process (TBD) +4. App metrics + 1. Thread + 2. Connections + 3. Limits + 4. Smart Analytics + 1. S3Content data ratio(total doc/committed doc) > 1.20 + 1. Summary: + All the query against the IDOL will take more time and get slowed down. + 1. Todo + 1. Run the jenkins job of IDOL compact. + 2. Or follow the steps in the guide below + [https://docs.microfocus.com/doc/SMAX/2022.05/Searchslow](https://docs.microfocus.com/doc/SMAX/2022.05/Searchslow) + 2. S3 Documents per Content > 3M (ignore the archive content) + 1. Sumary: + All the query against the IDOL can be impacted + 1. Todo + 1. Scale content groups: [https://docs.microfocus.com/doc/SMAX/24.4/SmartAAdmin](https://docs.microfocus.com/doc/SMAX/24.4/SmartAAdmin) + 5. Rabbitmq (each node) + 1. S3queue > 200 / 250 for more than 30 mins (200 for medium profile or lower, 250 for large profile) + 1. Summary: + The rabbitmq queues are in a higher than normal. + 1. Todo + 1. Keep monitoring + 2. If it is getting higher continuously, consider performing the same steps mentioned here. + [https://docs.microfocus.com/doc/SMAX/2022.05/RabbitMQNotStart#Solution](https://docs.microfocus.com/doc/SMAX/2022.05/RabbitMQNotStart#Solution) + 2. S3Pending Messages/Minute > 500 for more than 30 mins (Mark for review) + 1. Summary: + The pending messages in rabbitmq are getting accumulated. + 1. Todo + 1. Keep monitoring + 2. If it is getting higher continuously, consider performing the same steps mentioned here. + [https://docs.microfocus.com/doc/SMAX/2022.05/RabbitMQNotStart#Solution](https://docs.microfocus.com/doc/SMAX/2022.05/RabbitMQNotStart#Solution) + 3. Message queue not equally distributed to different cluster nodes(TBD) + 1. Summary: + Rabbitmq nodes are not working in a cluster. This can cause rabbitmq working not in a stable way. + 1. Todo + 1. Scale down the rabbitmq node which is not in the cluster. + 2. Remove the `/data/xservices/rabbitmq/x.x.x.xx/mnesia` folders on the NFS server or the bastion node + 3. Wait until the rabbitmq nodes to be ready + 6. IDM + 1. S4Active user (per profile, medium profile > 1100 for more than 30 mins, large profile > 3000 for more than 30 mins ) + 1. Summary: + The active user number is more than the target size. + 1. Todo + 1. Keep monitoring + 7. Gateway + 1. S2Tomcat https connector currentThreadsBusy > 30 for 30 mins + 1. Summary: + The active user number is more than the target size. + 1. Todo + 1. If the number do not drop, considering rolling restart current deployment, for example, gateway/platform/serviceportal + 2. If the number cannot drop after above steps, do rollong restart xmpp. + 3. If the number cannot drop after above steps, take thread dump for the pod with issue. + [How to generate thread dump and memory dumps for java applications](https://rndwiki.houston.softwaregrp.net/confluence/display/SMA/How+to+generate+thread+dump+and+memory+dumps+for+java+applications) + 2. S2Httpclient InUse > 20 for 30 mins + 1. Summary: + The active user number is more than the target size. + 1. Todo + 1. If the number do not drop, considering rolling restart current deployment, for example, gateway/platform/serviceportal + 2. If the number cannot drop after above steps, do rollong restart xmpp. + 3. If the number cannot drop after above steps, take thread dump for the pod with issue. + [How to generate thread dump and memory dumps for java applications](https://rndwiki.houston.softwaregrp.net/confluence/display/SMA/How+to+generate+thread+dump+and+memory+dumps+for+java+applications) + 8. Platform + 1. S2Tomcat https connector currentThreadsBusy > 30 for 30 mins + 1. Summary: + The active user number is more than the target size. + 1. Todo + 1. If the number do not drop, considering rolling restart current deployment, for example, gateway/platform/serviceportal + 2. If the number cannot drop after above steps, do rollong restart xmpp. + 3. If the number cannot drop after above steps, take thread dump for the pod with issue. + [How to generate thread dump and memory dumps for java applications](https://rndwiki.houston.softwaregrp.net/confluence/display/SMA/How+to+generate+thread+dump+and+memory+dumps+for+java+applications) + 2. S2Httpclient InUse > 20 for 30 mins + 1. Summary: + The active user number is more than the target size. + 1. Todo + 1. If the number do not drop, considering rolling restart current deployment, for example, gateway/platform/serviceportal + 2. If the number cannot drop after above steps, do rollong restart xmpp. + 3. If the number cannot drop after above steps, take thread dump for the pod with issue. + [How to generate thread dump and memory dumps for java applications](https://rndwiki.houston.softwaregrp.net/confluence/display/SMA/How+to+generate+thread+dump+and+memory+dumps+for+java+applications) + 9. Serviceportal + 1. S2Tomcat https connector currentThreadsBusy > 30 for 30 mins + 1. Summary: + The active user number is more than the target size. + 1. Todo + 1. If the number do not drop, considering rolling restart current deployment, for example, gateway/platform/serviceportal + 2. If the number cannot drop after above steps, do rollong restart xmpp. + 3. If the number cannot drop after above steps, take thread dump for the pod with issue. + [How to generate thread dump and memory dumps for java applications](https://rndwiki.houston.softwaregrp.net/confluence/display/SMA/How+to+generate+thread+dump+and+memory+dumps+for+java+applications) + 2. S2Httpclient InUse > 20 for 30 mins + 1. Summary: + The active user number is more than the target size. + 1. Todo + 1. If the number do not drop, considering rolling restart current deployment, for example, gateway/platform/serviceportal + 2. If the number cannot drop after above steps, do rollong restart xmpp. + 3. If the number cannot drop after above steps, take thread dump for the pod with issue. + [How to generate thread dump and memory dumps for java applications](https://rndwiki.houston.softwaregrp.net/confluence/display/SMA/How+to+generate+thread+dump+and+memory+dumps+for+java+applications) +5. Instrumental diff --git a/knowledgebase/csd-wiki/ICSD/SMAX---Enable-Pendo-for-SMAX-tenant_688982184.md b/knowledgebase/csd-wiki/ICSD/SMAX---Enable-Pendo-for-SMAX-tenant_688982184.md new file mode 100644 index 00000000..cc473831 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/SMAX---Enable-Pendo-for-SMAX-tenant_688982184.md @@ -0,0 +1,70 @@ +# SMAX---Enable-Pendo-for-SMAX-tenant_688982184 +## Introduction + +Integrate the SaaS instance of Pendo into SMAX. The integration is configured to be released only for SMAX SaaS trial tenants and non-FedRAMP environments. + +The **Pendo API key** needs to be configured for SMAX SaaS farms that require the integration to be enabled. + +## Steps to configure the Pendo API key + +Get the values.yaml file for Helm by running the command below: + +``` +helm get values -n > my-values.yaml +``` + +Open the *my-values.yaml* file and copy the snippet below into it with the correct indentation (by default 2 spaces per indentation level) and format style. + +``` +xruntime: + + xruntime-gateway: + + PENDO_API_KEY: "" +``` + +*Set PENDO\_API\_KEY to “94956982-4d2a-4052-7cf5-113fdbb85ba6” and save the change.* + +**Note:** The Pendo API key typically won't change, but if it does, contact PM Dean + +(dclayton2@opentext.com) for the new key. + +![](attachments/688982184/688982167.png) + +Run the command below to apply the change: + +``` +helm upgrade -n -f my-values.yaml +``` + +## Confirm that the current farm is SaaS and non-FedRAMP + +Check the ESM *itsma-common-configmap* by running the command below: + +``` +kubectl edit configmap itsma-common-configmap -n +``` + +Make sure ***is\_fedramp*** is *false* and ***is\_saas*** is *true*: + +![](attachments/688982184/688982176.png) + +If they are not, correct their values and restart the *itom-xruntime-gateway* pod by running the command below: + +``` +kubectl rollout restart deployment itom-xruntime-gateway -n +``` + +## Check if Pendo-SMAX integration works well + +Log in to the trial tenant as an admin. If this is your first login, you will see the following screen. + +![](attachments/688982184/688982181.png) + +Regardless of whether you click 'Deploy sample data' or 'No, thanks,' a Pendo consent dialog will pop up. + +## Attachments: + +[image-2025-2-5\_9-53-37.png](attachments/688982184/688982167.png) (image/png) +[image-2025-2-5\_9-57-22.png](attachments/688982184/688982176.png) (image/png) +[image-2025-2-5\_9-57-50.png](attachments/688982184/688982181.png) (image/png) diff --git a/knowledgebase/csd-wiki/ICSD/SMAX-APM-Monitoring-Business-Flow_686087711.md b/knowledgebase/csd-wiki/ICSD/SMAX-APM-Monitoring-Business-Flow_686087711.md new file mode 100644 index 00000000..06229baf --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/SMAX-APM-Monitoring-Business-Flow_686087711.md @@ -0,0 +1,90 @@ +# SMAX-APM-Monitoring-Business-Flow_686087711 +Created by on Jan 23, 2025 EST + +## Introduction + +This document describes the use cases used for SMAX RUM (Real User Monitoring) testing. + +## SMAX APM Monitoring Business Flow + +Authentication removed for SMAX + +#### SMAX LOGIN + +- Login into **https://- smax.saas.microfocus.com/saw/ess?TENANTID=** + +#### SMAX CREATE NEW REQUEST + +- Navigate to Requests: **https://- smax.saas.microfocus.com/saw/Requests?TENANTID=** +- Press on " **New** " +- Fill in Title +- Fill in Description +- Under " **Requested by** ", choose " **Alanis Puri** " +- "Requested For" should be automatically modified to " **Alanis Puri** " +- Press " **Save and Edit** " + +#### SMAX OPEN AND EDIT THE REQUEST + +- Open the request: **https://- smax.saas.microfocus.com/saw/Requests?TENANTID=** +- Wait that the ticket will load (select one of the ticket) +- press " **Edit** " (right panel) +- Make a change to the description +- Press " **Save** " +- should get a message " **Request # was successfully saved** " + +#### SMAX LIVE SUPPORT + +- Navigate to Live Support on the tenant: + - **https://- smax.saas.microfocus.com/saw/cti?ctiUniqueId=35935&from=menu&TENANTID=** + - (**https://- smax.saas.microfocus.com/saw/cti?ctiUniqueId=47380&from=menu&TENANTID=**) +- To get to Live Support - from the left Menu: Run > Service Request > open tab " **Live Support** ". +- Under Person, choose " **Aaron Caffrey** " +- Open the first Service Request in the list and verify it is loading + +![](attachments/686087711/686087706.png) + +#### SMAX SEARCH + +- Open **https://- smax.saas.microfocus.com/saw/ess?TENANTID=** +- Search for string " **HP Connected Drive support** " +- Verify results are showing + +![](attachments/686087711/686087710.png) + +#### SMAX ARTICLES + +- Access article found in previous step search + +#### SMAX ESS OFFERING + +- Browse to ESS: **https://- smax.saas.microfocus.com/saw/ess?TENANTID=** +- Choose Category " **Human Resources** " +- Got to " **Offering** " tab +- Search for offering " **Employee business card** " +- Press on Offering and wait for it to load + +![](attachments/686087711/686087709.png) + +#### SMAX ESS ARTICLE + +- Browse to ESS: **https://- smax.saas.microfocus.com/saw/ess?TENANTID=** +- Search Article " **HP Connected Drive support** " +- Choose the first result +- Wait for the article to load + +#### SMAX SACM + +- From the agent interface open **https://- smax.saas.microfocus.com/saw/Devices?TENANTID=** +- Make sure that devices are loaded properly + +**Related pages** + +**Content by label** + +There is no content with the specified labels + +## Attachments: + +[image-2025-1-24\_10-14-59.png](attachments/686087711/686087706.png) (image/png) +[image-2025-1-24\_10-15-30.png](attachments/686087711/686087709.png) (image/png) +[image-2025-1-24\_10-15-58.png](attachments/686087711/686087710.png) (image/png) diff --git a/knowledgebase/csd-wiki/ICSD/SMAX-maintain-custom-language-packs_688996787.md b/knowledgebase/csd-wiki/ICSD/SMAX-maintain-custom-language-packs_688996787.md new file mode 100644 index 00000000..0beed7e6 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/SMAX-maintain-custom-language-packs_688996787.md @@ -0,0 +1,19 @@ +# SMAX-maintain-custom-language-packs_688996787 +## Introduction + +**Related pages** + +- Page: + [ESM Cloud Farm Version Tracking](/display/ICSD/ESM+Cloud+Farm+Version+Tracking) +- Page: + [How to get an Opentext Confluence account](/display/ICSD/How+to+get+an+Opentext+Confluence+account) +- Page: + [ITOM APM AppPluse Cloud Farm Information](/display/ICSD/ITOM+APM+AppPluse+Cloud+Farm+Information) +- Page: + [ITOM Cloud Service Ops Doc Management Process](/display/ICSD/ITOM+Cloud+Service+Ops+Doc+Management+Process) +- Page: + [ITOM ESM Cloud Service Catalog](/display/ICSD/ITOM+ESM+Cloud+Service+Catalog) +- Page: + [ITOM OpsB NOM Cloud Service Catalog](/display/ICSD/ITOM+OpsB+NOM+Cloud+Service+Catalog) +- Page: + [OpsB and NOM Cloud Deployments Version Tracking](/display/ICSD/OpsB+and+NOM+Cloud+Deployments+Version+Tracking) diff --git a/knowledgebase/csd-wiki/ICSD/SMAX-modify-maximum-attachement-size_688996790.md b/knowledgebase/csd-wiki/ICSD/SMAX-modify-maximum-attachement-size_688996790.md new file mode 100644 index 00000000..ad630e18 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/SMAX-modify-maximum-attachement-size_688996790.md @@ -0,0 +1,19 @@ +# SMAX-modify-maximum-attachement-size_688996790 +## Introduction + +**Related pages** + +- Page: + [ESM Cloud Farm Version Tracking](/display/ICSD/ESM+Cloud+Farm+Version+Tracking) +- Page: + [How to get an Opentext Confluence account](/display/ICSD/How+to+get+an+Opentext+Confluence+account) +- Page: + [ITOM APM AppPluse Cloud Farm Information](/display/ICSD/ITOM+APM+AppPluse+Cloud+Farm+Information) +- Page: + [ITOM Cloud Service Ops Doc Management Process](/display/ICSD/ITOM+Cloud+Service+Ops+Doc+Management+Process) +- Page: + [ITOM ESM Cloud Service Catalog](/display/ICSD/ITOM+ESM+Cloud+Service+Catalog) +- Page: + [ITOM OpsB NOM Cloud Service Catalog](/display/ICSD/ITOM+OpsB+NOM+Cloud+Service+Catalog) +- Page: + [OpsB and NOM Cloud Deployments Version Tracking](/display/ICSD/OpsB+and+NOM+Cloud+Deployments+Version+Tracking) diff --git a/knowledgebase/csd-wiki/ICSD/SQL-commands-request-for-Issue-2126361---Reconciliation-Issue-due-to-duplication-of-PK-in-URM-History_686074742.md b/knowledgebase/csd-wiki/ICSD/SQL-commands-request-for-Issue-2126361---Reconciliation-Issue-due-to-duplication-of-PK-in-URM-History_686074742.md new file mode 100644 index 00000000..c5d2a776 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/SQL-commands-request-for-Issue-2126361---Reconciliation-Issue-due-to-duplication-of-PK-in-URM-History_686074742.md @@ -0,0 +1,36 @@ +# SQL-commands-request-for-Issue-2126361---Reconciliation-Issue-due-to-duplication-of-PK-in-URM-History_686074742 +For the case + +[Issue 2126361 - Reconciliation Issue due to duplication of PK in URM History](https://internal.almoctane.com/ui/entity-navigation?p=97002/20001&entityType=work_item&id=2126361), Customer was blocked by a DB duplicated error when trying to update CI type model in CMS. + +***Case ID:*** OCTIM19U2126361 Reconciliation Issue due to duplication of PK in URM History + +***Justification of the change*:** Delete the duplicated record from URM\_RESOURCES\_HISTORY table. + +***Risk Impact Analysis:*** No + +***SQL statement:*** + +**Get all duplicated history records in urm\_resources\_history table.** + +SELECT h.\* from urm\_resources u,urm\_resources\_history h where h.CUSTOMER\_ID='502897868' and u.real\_id=h.real\_id and u.commit\_revision=h.commit\_revision and u.type NOT IN ('UI\_RECENTLY\_OPENED\_RESOURCES','UI\_INVENTORY\_SETTINGS','History\_HIST\_FAILURE','UI\_DASHBOARD\_SETTINGS','UI\_USER\_PREFERENCES','UI\_CARD\_LAYOUT\_SETTINGS','UI\_PROTOCOL\_DECORATION','Settings\_PROPERTY\_SETTING'); + +**Backup the duplicated records (depend on query result above)** + +CREATE TABLE URM\_RESOURCES\_HISTORY\_backup as SELECT h.\* FROM urm\_resources\_history h INNER JOIN urm\_resources u ON u.real\_id = h.real\_id AND u.commit\_revision = h.commit\_revision where h.CUSTOMER\_ID ='502897868' and h.type NOT IN ('UI\_RECENTLY\_OPENED\_RESOURCES','UI\_INVENTORY\_SETTINGS','History\_HIST\_FAILURE','UI\_DASHBOARD\_SETTINGS','UI\_USER\_PREFERENCES','UI\_CARD\_LAYOUT\_SETTINGS','UI\_PROTOCOL\_DECORATION','Settings\_PROPERTY\_SETTING'); + +**Remove duplicated records in URM Resources History table.** + +DELETE from urm\_resources\_history h where exists (select 1 from urm\_resources r where r.real\_id = h.real\_id and r.commit\_revision = h.commit\_revision and h.customer\_id = '502897868' and h.type NOT IN ('UI\_RECENTLY\_OPENED\_RESOURCES','UI\_INVENTORY\_SETTINGS','History\_HIST\_FAILURE','UI\_DASHBOARD\_SETTINGS','UI\_USER\_PREFERENCES','UI\_CARD\_LAYOUT\_SETTINGS','UI\_PROTOCOL\_DECORATION','Settings\_PROPERTY\_SETTING')); + +***Rollback SQL statement:*** + +**Restore the backup records from URM\_RESOURCES\_HISTORY\_backup into urm\_resources\_history table:** + +INSERT into urm\_resources\_history select \* from URM\_RESOURCES\_HISTORY\_backup; + +Drop Table URM\_RESOURCES\_HISTORY\_backup; + +***SA Review/Sign-off:*** [*@Jun-Wu 'Thomas' Pan*](mailto:jun-wu.pan@microfocus.com) [@Fei Wu](mailto:wu.fei@microfocus.com) + +***CPE owner name* *:*** *Shi Nuo* diff --git a/knowledgebase/csd-wiki/ICSD/SaaS-Change-UPN-Script-Runbook_686074283.md b/knowledgebase/csd-wiki/ICSD/SaaS-Change-UPN-Script-Runbook_686074283.md new file mode 100644 index 00000000..082d47bc --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/SaaS-Change-UPN-Script-Runbook_686074283.md @@ -0,0 +1,470 @@ +# SaaS-Change-UPN-Script-Runbook_686074283 +## Introduction + +There are many scenarios where customers may need to update UPNs, such as domain migrations or company mergers. This runbook will guide the Operations team to migrate customers' UPNs using a defined mapping table. + +## Preparation + +- Tenant admin should not be included +- User migration mapping file (CSV), including old UPN, old Email, new UPN, below is the template: + - Sample CSV format: + | oldUpn | newUpn | oldEmail | newEmail | + | --- | --- | --- | --- | + | xiao1 | xiao1\_New | [xiao1\_New@microfocus.com](mailto:xiao1_New@opentext.com) | [xiao1\_New@opentext.com](mailto:xiao1_New@opentext.com) | + | xiao2 | xiao2\_New | [xiao2\_New@](mailto:xiao2_New@opentext.com) [microfocus.com](mailto:xiao1_New@opentext.com) | [xiao2\_New@opentext.com](mailto:xiao2_New@opentext.com) | + | userTKit05 | userTKit055 | [userTKit055@](mailto:userTKit055@opentext.com) [microfocus.com](mailto:xiao1_New@opentext.com) | [userTKit055@opentext.com](mailto:userTKit055@opentext.com) | +- Make sure no duplicate users in mapping file +- Make sure the migrated users should not exist in SMAX + +## Check PAT accounts + +Go into IdM's database. + +1. Get the uuid for target tenant. + +``` +select uuid,name from .organizations where name = +``` + +2\. List PAT users by uuid + +``` +select au.name, au.organization, at2.uuid from .api_token at2, .abstract_user au where at2.user_id=au.uuid and au.organization=; +``` + +3.Inform the above users that they need to use a new UPN to obtain token after migrate if they use the UPN to get the PAT token before. + +The admin user may use an api call(api/scim/organizations//users//access-tokens) to get other ordinary user's token. The may be uuid or UPN, if it's UPN, it needs to be switched to a new one. + +### Find out the user set that user's OT UPN are already existed in SMAX + +#### BO + +Go to BO's DB + +a. Create a temp mapping table + +``` +create table .mf_ot_user_mapping +( + old_upn varchar(512) not null + constraint unique_old_upn + unique, + new_upn varchar(512) not null + constraint unique_new_upn + unique, + old_email varchar(512) not null, + new_email varchar(512) not null +); +``` + +b. Copy csv data + +``` +\copy .mf_ot_user_mapping(old_upn,new_upn,old_email,new_email) FROM '' DELIMITER ',' CSV HEADER; +``` + +c. Find out users + +``` +select distinct des.* from .user_entity nu inner join +(select mp.* from .mf_ot_user_mapping mp inner join .user_entity u on lower(mp.old_upn) = lower(u.name) and lower(mp.old_upn) !=lower(mp.new_upn) and u.is_deleted=false where u.idm_organization='') des +on lower(nu.name)=lower(des.new_upn) and nu.is_deleted=false and nu.idm_organization=''; +``` + +Collect the results + +d. drop the temp table + +``` +drop table .mf_ot_user_mapping +``` + +#### IdM + +Go to IdM's DB + +a. Create a temp mapping table + +``` +create table .mf_ot_user_mapping +( + old_upn varchar(512) not null + constraint unique_old_upn + unique, + new_upn varchar(512) not null + constraint unique_new_upn + unique, + old_email varchar(512) not null, + new_email varchar(512) not null +); +``` + +b. Copy csv data + +``` +\copy .mf_ot_user_mapping(old_upn,new_upn,old_email,new_email) FROM '' DELIMITER ',' CSV HEADER; +``` + +c. Find out users + +``` +select distinct des.* from .abstract_user nu inner join + (select mp.* from .mf_ot_user_mapping mp inner join .abstract_user u on lower(mp.old_upn)=lower(u.name) and lower(mp.old_upn) !=lower(mp.new_upn) where u.organization=(select uuid from .organizations where name='')) as des + on lower(nu.name)=lower(des.new_upn) and nu.organization=(select uuid from .organizations where name=''); +``` + +Collect the resluts + +d. drop the temp table + +``` +drop table .mf_ot_user_mapping +``` + +#### EMS + +Since we need to select Person's upn from entities\_, we need to get Tenant version from RMS's DB first. + +Go to RMS's DB + +- Get tenant version + +``` +select body -> 'tenant' ->> 'version' from ."TenantData_857561481" where body -> 'tenant' ->> 'tenantId' = ''; +``` + +Go to EMS's DB + +a. Create a temp mapping table + +``` +create table .mf_ot_user_mapping +( + old_upn varchar(512) not null + constraint unique_old_upn + unique, + new_upn varchar(512) not null + constraint unique_new_upn + unique, + old_email varchar(512) not null, + new_email varchar(512) not null +); +``` + +b. Copy csv data + +``` +\copy .mf_ot_user_mapping(old_upn,new_upn,old_email,new_email) FROM '' DELIMITER ',' CSV HEADER; +``` + +c. Find out users for tenant + +- Get physical\_type\_name(Replace with the tenant version that get from RMS) + +``` +select physical_type_name from .entityDescriptor_mapping where entity_type = 'Person' AND tenant_id = '' AND logical_type_name = 'Upn'; +``` + +- Get entity\_type\_id(Replace with the tenant version that get from RMS) + +``` +select id from "entity_descriptor" where tenant_id = '' and name = 'Person'; +``` + +Find out users(Replace , with the physical\_type\_name, entity\_type\_id that get from above) + +``` +select distinct des.* from .entities_ nu inner join +(select mp.* from .mf_ot_user_mapping mp inner join .entities_ u on lower(mp.old_upn) = lower(u.) and lower(mp.old_upn) !=lower(mp.new_upn) and u.is_deleted=false and u.entity_type_id= ) des +on lower(nu.)=lower(des.new_upn) and nu.is_deleted=false and nu.entity_type_id=; +``` + +Collect the results. + +d. drop the temp table + +``` +drop table .mf_ot_user_mapping +``` + +#### RMS + +Go to RMS's DB + +a. Create a temp mapping table + +``` +create table .mf_ot_user_mapping +( + old_upn varchar(512) not null + constraint unique_old_upn + unique, + new_upn varchar(512) not null + constraint unique_new_upn + unique, + old_email varchar(512) not null, + new_email varchar(512) not null +); +``` + +b. Copy csv data + +``` +\copy .mf_ot_user_mapping(old_upn,new_upn,old_email,new_email) FROM '' DELIMITER ',' CSV HEADER; +``` + +c. Find out users for tenant + +``` +select distinct des.* from ."AuthorizationPrincipalResourceJSON_" nu inner join +(select mp.* from .mf_ot_user_mapping mp inner join ."AuthorizationPrincipalResourceJSON_" u on lower(mp.old_upn) = lower(u.body ->> 'UserId') and lower(mp.old_upn) !=lower(mp.new_upn)) des +on lower(nu.body ->> 'UserId')=lower(des.new_upn); +``` + +Collect the results. + +d. drop the temp table + +``` +drop table .mf_ot_user_mapping +``` + +**In summary, we need to get the union of all the records from BO, IdM, EMS and RMS, Then cut this part of the data from the csv file.** + +### 1.Actions in Suite + +- Disable User sync in the account + +Login to Suite Administration: + +ACCOUNTS>General>User auto-sync + +![](attachments/686074283/686074278.png) + +- Change the tenant to Inactive + +Login to Suite Administration: + +TENANTS>General>Inactive + +![](attachments/686074283/686074279.png) + +- Stop the external integration in the tenant +- Do NOT do any write action(Create/Update/Delete) on Users +- Delete the SAML authentication config in IdM + +Login to Suite Administration: + +TENANTS>IdM settings>Authentication + +![](attachments/686074283/686074280.png) + +### 2.Backup Databases: + +Ensure backups of the following databases are taken before initiating changes: + +- **Suite Administration** service database: + - `bo_user` + - `user_entity` + +``` +create table .user_entity_v0 as select * from .user_entity; +``` + +- **IDM** service database: + - `idm` + - `abstract_user` + - `abstract_user_metadata` + - `abstract_user_profile` + +``` +create table .abstract_user_v0 as select * from .abstract_user; +create table .abstract_user_metadata_v0 as select * from .abstract_user_metadata; +create table .abstract_user_profile_v0 as select * from .abstract_user_profile; +``` + +- XServices databases: + - `xservices_ems` + - entities\_ `eg:entities_140038523` + +``` +create table .entities__v0 as select * from .entities_; +``` + +- - `xservices_rms` + - AuthorizationPrincipalResourceJSON\_ `eg:AuthorizationPrincipalResourceJSON_140038523` + +``` +create table ."AuthorizationPrincipalResourceJSON__v0" as select * FROM ."AuthorizationPrincipalResourceJSON_"; +``` + +Please note the single and double **quotes** + +**Note: Please replace the value in <> according to the actual environment** + +### 3.Prepare user Data + +Provide a CSV file containing the new UPNs and corresponding old UPNs and new Emails. + +Sample CSV format: + +| oldUpn | newUpn | oldEmail | newEmail | +| --- | --- | --- | --- | +| xiao1 | xiao1\_New | [xiao1\_New@microfocus.com](mailto:xiao1_New@opentext.com) | [xiao1\_New@opentext.com](mailto:xiao1_New@opentext.com) | +| xiao2 | xiao2\_New | [xiao2\_New@](mailto:xiao2_New@opentext.com) [microfocus.com](mailto:xiao1_New@opentext.com) | [xiao2\_New@opentext.com](mailto:xiao2_New@opentext.com) | +| userTKit05 | userTKit055 | [userTKit055@](mailto:userTKit055@opentext.com) [microfocus.com](mailto:xiao1_New@opentext.com) | [userTKit055@opentext.com](mailto:userTKit055@opentext.com) | + +**We can choose a small data set to test firstly, validate these users. If everything goes fine, we can do with the rest files.** + +## Run Script + +#### Notes: + +1. This script needs to provide the old and new upn, as well as the email, the file format should be.csv. +2. In addition, you need to specify the column number of the column corresponding to the new/old UPN and old/new Email of the corresponding file and the row number starting from the line. +3. You must have the "root" privilege to execute the script. +4. Script package should include two files: **changeUserUpn.sh** and **change**, and put these two files in the same level directory. +5. The account for updating UPN should be of 3in1 type, which means that the account id and tenant id should be the same. +6. In IdM, this script is only update for SAML users, which means that if you are using non-SAML integrated authentication, this script is not suitable +7. Before the script runs, you need to back up the database +8. Before the script runs, you need to turn off the user sync of the account, and you need to set the tenant to " **Inactive** ", and stop the external integration on the tenant + +#### Follow these steps: + +1. Upload the scripts file and User data csv file to the bastion/master node of the suite +2. Log in to the bastion/master node as a root user, copy the scripts and data file to the toolkit pod, grant executable permissions to scripts and file. +3. Go into the toolkit pod and run the following command in the directory where the script is located: `sh changeUserUpn.sh -a ` Where is the ID of the account which you want to change these users under the account. For example, `sh changeUserUpn.sh -a 123456789` +4. Follow the prompts step by step to continue executing the script + +**The script will be executed after you put the correct line number in mapping file.**And you can see following messages after the script is successful executed: + +![](attachments/686074283/686074281.png) + +## Validation + +Firstly, You can check whether the user's upn and email are updated correctly in IdM/BO and SAW. If it's OK, you need to + +- configure OT's SAML in IdM +- Active Tenant and turn on User auto-sync in BO. + +Then you can do some regular validation such as: + +- The user account's UPN doesn't change before/after migration + To verify after SAML login the user can match to the original user account and role/permission settings aren’t changed +- The user account's UPN has been changed after migration + To verify after SAML login the user can match to the original user account and role/permission settings aren’t changed + To verify after SAML login the user information can be updated to new IDP information, such as email can be updated to OT email +- The user account never login SMAX tenant + To verify the new SAML user account can be created properly with new UPN in both BO and Tenant + +## Rollback + +If you need to rollback, just rollback the database that has been backed up. + +### Primary rollback: + +You can re-run the change UPN script and specify the old UPN and new UPN with reversed column numbers. + +### Secondary rollback: + +- **Suite Administration** service database: + - `bo_user` + +``` +create table .user_entity_v1 as select * from .user_entity; + +update .user_entity as S set name = B.name, email = B.email +from .user_entity_v0 as B +where S.id = B.id +and S.account_id = ''; +``` + +IDM: + +- IDM service database: + - `idm` + +``` +create table .abstract_user_v1 as select * from .abstract_user; +create table .abstract_user_metadata_v1 as select * from .abstract_user_metadata; +create table .abstract_user_profile_v1 as select * from .abstract_user_profile; + +update .abstract_user as au set name=bak.name, display_name=bak.display_name, name_lower=bak.name_lower from .abstract_user_v0 bak where au.uuid=bak.uuid and au.organization=''; + +update .abstract_user_metadata as am set field_value=bak.field_value, field_value_lower=bak.field_value_lower from .abstract_user au, abstract_user_metadata_v0 bak where am.field_key='username' and am.uuid=bak.uuid and bak.uuid=au.uuid and au.organization=''; + +update .abstract_user_metadata as am set field_value=bak.field_value, field_value_lower=bak.field_value_lower from .abstract_user au, abstract_user_metadata_v0 bak where am.field_key='email' and am.uuid=bak.uuid and bak.uuid=au.uuid and au.organization=''; + +update .abstract_user_profile as ap set user_name=bak.user_name, email=bak.email from .abstract_user au, abstract_user_profile_v0 bak where ap.uuid=bak.uuid and ap.user_id=au.uuid and au.organization=''; +``` + +- XServices databases: + - `xservices_ems` + +``` +create table .entities__v1 as select * from .entities_; + +-- get entity type id: +SELECT DISTINCT id, name FROM .entity_descriptor WHERE name in ('Person'); + +-- get tenant_version such as v27. + +-- get UPN field name: (such as schar1) +select physical_type_name from .entityDescriptor_mapping where entity_type = 'Person' AND tenant_id = '' AND logical_type_name = 'Upn'; + +-- get email field name: (such as schar2) +select physical_type_name from .entityDescriptor_mapping where entity_type = 'Person' AND tenant_id = '' AND logical_type_name = 'Email'; + +update .entities_ as S set = B., = B. +from .entities__v0 as B +where S.entity_id = B.entity_id +and S.entity_type_id = ''; +``` + +- - `xservices_rms` + +``` +alter table ."AuthorizationPrincipalResourceJSON_" rename to "AuthorizationPrincipalResourceJSON__v1"; + +create table ."AuthorizationPrincipalResourceJSON_" as select * FROM ."AuthorizationPrincipalResourceJSON__v0"; +``` + +## Troubleshooting + +### Empty mapping file + +If you see this msg that means the.csv file is empty. + +``` +Try to read the file that mappings of user UPN and Email. +time="2024-03-11 16:21:54" level=error msg="The user mappings file is empty." +The user mappings file is empty. +``` + +### Empty parameter + +``` +time="2024-03-11 17:50:02" level=error msg="Required param is EMPTY,OriginName:test1,NewName:,OriginEmail:test1,NewEmail:test1" +Required param is EMPTY,OriginName:test1,NewName:,OriginEmail:test1,NewEmail:test1 +``` + +If you see this msg that means the NewName is empty. + +### Duplicated user + +If you get this error, go to the Preparation and follow actions to find out the duplicated users. + +![](attachments/686074283/686074282.png) + +More information will be added during next testing. + +## Script Files + +change + +[change](attachments/686074283/686074285) + +changeUserUpn.sh + +[changeUserUpn.sh](attachments/686074283/686074286.sh) diff --git a/knowledgebase/csd-wiki/ICSD/SaaS-Farm-specific-settings_686074238.md b/knowledgebase/csd-wiki/ICSD/SaaS-Farm-specific-settings_686074238.md new file mode 100644 index 00000000..92cde20e --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/SaaS-Farm-specific-settings_686074238.md @@ -0,0 +1,36 @@ +# SaaS-Farm-specific-settings_686074238 +## Introduction + +This page presents all the SaaS specific settings, including but not limited to below. + +## Application level settings + +1. Disable SLT for monitoring tenant +2. Disable Logs + [Disable the platform access logs and most of service logs on EU8 for farm stabilization](https://rndwiki.houston.softwaregrp.net/confluence/display/ICS/Disable+the+platform+access+logs+and+most+of+service+logs+on+EU8+for+farm+stabilization) +3. Update tenant Settings via REST API + +## Network or Firewall level settings + +1. [Zero trust](https://staging.docs.microfocus.com/itom/ESMSaaSOps:Main/ZeroTrustSecurityConfiguration) settings. + +## Infra level settings + +1. Enable EBS Block Storage + +## Kubernetes level settings + +1. Updated directly on Kubernetes deployments, stateful sets + 1. Dedicated node selector for + 1. Different suite products: SMA, CMS, OOMT, CGRO, Audit, Monitoring, Logging + 2. Smart Analytics + ``` + nodeSelector: + Worker: content + ``` + 2. Sizing changes +2. Config map changes + +## Cloud based settings + +1. Farm specific RDS IOPS settings diff --git a/knowledgebase/csd-wiki/ICSD/Satellite-table-related-feature-blocked-due-to-fuse-exceeded_686074726.md b/knowledgebase/csd-wiki/ICSD/Satellite-table-related-feature-blocked-due-to-fuse-exceeded_686074726.md new file mode 100644 index 00000000..422b5c80 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/Satellite-table-related-feature-blocked-due-to-fuse-exceeded_686074726.md @@ -0,0 +1,70 @@ +# Satellite-table-related-feature-blocked-due-to-fuse-exceeded_686074726 +## Problem + +The SMAX license report cannot be generated, as reported by Decathlon: [https://us2-smax.saas.microfocus.com/saw/Request/318867/general?TENANTID=488503157](https://us2-smax.saas.microfocus.com/saw/Request/318867/general?TENANTID=488503157) + +The license report no longer track any more usage data. + +This was reported on Decathon 1st, other large tenants will have same issue but not report yet. + +When login SMAX tenant Agent UI and route to "People" to download the license usage report. You will find the license usage data is not up-to-date. + +![](attachments/686074726/686074723.png) + +## Environment + +EU8 and possible on any big tenants + +## Cause + +There was an old tenant level fuse satelliteMaxIdAllocations control the capacity (max ID) of all satellite tables. The default value of satelliteMaxIdAllocations is 10M. License report is based on lms\_metric\_ which is a satellite table, and costs about 15000/year. When NH go live every email was tracked in satellite table and the 10M fuse is quickly consumed. When the system running out of IDs, there is no new record can be generated into any satellite table and finally causing the license issues. The large tenant will quickly having this issue as there are too many emails. While usually dev tenant are safe. + +The following features will be impacted, complete failure: + +1. Smax license usage calculation +2. The new notification history +3. Expense line in Finance + +Quick troubleshooting can based on error msg from below log file: + +com.hp.maas.platform.exception.service.ServiceException: Cannot create new satellite entities once exceeded allocation threshold + +at com.hp.maas.platform.services.satellitemanagement.api.SatelliteExceptionFactory.reachedFuse(SatelliteExceptionFactory.java:31) + +at com.hp.maas.platform.services.satellitemanagement.dao.SatelliteDalImpl.getIdGenRange(SatelliteDalImpl.java:436) + +at com.hp.maas.platform.services.satellitemanagement.dao.SatelliteDalImpl.buildStringFromRecords(SatelliteDalImpl.java:495) + +at com.hp.maas.platform.services.satellitemanagement.dao.SatelliteDalImpl.createEntities(SatelliteDalImpl.java:142) + +at com.hp.maas.platform.services.satellitemanagement.impl.SatelliteManagementServiceImpl$1.run(SatelliteManagementServiceImpl.java:66) + +at com.hp.maas.platform.services.satellitemanagement.impl.SatelliteManagementServiceImpl$1.run(SatelliteManagementServiceImpl.java:52) + +at com.hp.maas.platform.services.satellitemanagement.impl.SatelliteDbRunner.runWithSatelliteDBPool(SatelliteDbRunner.java:19) + +at com.hp.maas.platform.services.satellitemanagement.impl.SatelliteManagementServiceImpl.processBulkUpdate(SatelliteManagementServiceImpl.java:52) + +## Solution + +#### Workaround: + +Changing the fuse value to 500M or 1B for the big production tenants on all farms to avoid escalations on the 3 features. Detail value depends on how big the tenant using Satellite table, and when the final solution would applied. + +Tenant setting name: satelliteMaxIdAllocations + +Payload of 1B (PUT): {"satelliteMaxIdAllocations": "'1000000000'"} + +Risk Impact Analysis +1\. No binary change +2\. No downtime +3\. No impact to upgrade + +### Final solution: + +Remove the fuse which is not meaningful/useful. + +Risk Impact Analysis +1\. Only binary change to ignore the fuse; can be fix in a patch and not necessary through upgrade +2\. No downtime +3\. No impact to upgrade diff --git a/knowledgebase/csd-wiki/ICSD/Scheduled-scaling_686083970.md b/knowledgebase/csd-wiki/ICSD/Scheduled-scaling_686083970.md new file mode 100644 index 00000000..5ec0fd1f --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/Scheduled-scaling_686083970.md @@ -0,0 +1,47 @@ +# Scheduled-scaling_686083970 +## Introduction + +This page presents all the contents about scheduled scaling. + +## Background + +Usually there are outages due to reaching the capacity of the farm during peak time. + +Before the auto-scaling is available, we can leverage the concept of scheduled scaling: + +## Concept + +Start up a new worker node group before the busy time begins, shutdown the new worker node group after the busy time ends. This is usually 1/3 to 1/2 of the day. So even we add 3-9 workers for the peak time, the cost is only 1-4 workers or even less, which is quite affordable. + +As per previous experience, this approach is more stable than auto scaling for two reasons + +1. It only do one scale up and scale down per day, less interruptions +2. It scale down during the non-peak hours, which has less impact on the farm + +## Details + +#### Procedure + +1. Plan for the schedule: scale up before the peak hour begins / scale down after the peak hour ends. + 1. Peak ours: for example, 7 - 18 for EU8, 8-19 for BR14, etc. +2. Setup + 1. Adding an additional worker node group for the new pods + 2. Adding a new k8s cronjob for the scheduled scaling +3. Detailed action during scale up + 1. Increase workers + 2. Adding replicas to the scalable deployments + 3. Rolling restart deployments +4. Detailed action during scale down + 1. Scale in replicas + 2. Drain and decrease workers + 3. Rolling restart deployments +5. Settings of node number based on different sizing profiles, instance type: r5.xlarge, r6i.xlarge, etc. + | Number of Concurrent User | Max nodes of group sma-autoscaling-nodes | Max nodes of non-autoscaling nodegroup | + | --- | --- | --- | + | 3000 | 10 | 6 | + | 1000 | 6 | 4 | + | Others | Adjust the number based on the node resource usage monitoring | Adjust the number based on the node resource usage monitoring | + +## Reference + +1. [SMA Autoscaling](https://rndwiki.houston.softwaregrp.net/confluence/display/SMA/SMA+Autoscaling). diff --git a/knowledgebase/csd-wiki/ICSD/Send-email-notification-to-SaaS-customers-via-PCS_686069617.md b/knowledgebase/csd-wiki/ICSD/Send-email-notification-to-SaaS-customers-via-PCS_686069617.md new file mode 100644 index 00000000..9b5d137d --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/Send-email-notification-to-SaaS-customers-via-PCS_686069617.md @@ -0,0 +1,72 @@ +# Send-email-notification-to-SaaS-customers-via-PCS_686069617 +## Introduction + +This document describes the specific steps including how to send customer notifications through the Knowledge feature of PCS. + +## When To Send Email Notification To SaaS Customers + +The Cloud Service team sends an email to the customer for notification in the following scenarios: + +1. **For planned standard change like regular major version upgrade, regular patch upgrade, planned infrastructure change.** The Cloud Service team will notify customers by email several times, one month in advance and two weeks in advance. In the notification, the documentation provided by the RnD team about the change will be quoted. + 1. What's new in the major version release + 2. Marjor version release notes + 3. Tenant Admin Task Post Upgrade + 4. etc. +2. **At the time of the SaaS Major Incident and afterwards** + 1. When a Major Incident occurs, the Cloud Service team will notify the customer by email and update the latest service repair status note according to the actual situation at that time. For example: + 2. Once the Major Incident has been resolved, the Cloud Service team will explain the RCA summary provided by the RnD team via email notification to the customer, include corrective actions and preventive action plan. For example: +3. **Ad hoc customer notification**. If there are some problems with the functionality of the product that need to communicate with the customer in a timely manner. The topics for which the RnD team needs to provide communication content contain the following important information: + 1. What's the problem? + 2. How it affects the customer? Single customer or multiple customers? + 3. What is the solution? + 4. What does the customer need to do? + 5. What's the fix plan + +## How To Send Email Notification To SaaS Customers + +### Get Role to publish knowlege + +In order to send email notification to SaaS customers in PCS, you need to get "Knowledge Publisher" role. Please contact [Brindusa Kevorkian](https://rndwiki.houston.softwaregrp.net/confluence/display/~brindusa.kevorkian@microfocus.com) to grant relevant permission to you first. + +### Prepare email notification content + +1. Go to "PCS Agent UI → Knowledge Management → "News" Tab" + ![](attachments/686069617/686069611.png) +2. Clike "New" Button +3. Prepare email notification content + 1. **Article model** - You can select article model to chose pre-defined email notification content. If you don't want to use the pre-defined model, you can clean the content and use your own format. + 2. **Title** - Same as email subject of this email notification. Best practic is to put the farm name/instance name in the title. For example: "EU8 - ESM 23.4+23.4.P1 Upgrade" + 3. **Content** - Detail email content to communicate with SaaS customers + 4. **Audience -** If the notification to be sent to SaaS customer, please select "Micro Focus SaaS Entitlement" +4. Click "Save" Button +5. Further refinement of email content + 1. Ensure " **Send Notification** " option was checked + 2. **Notification subject** - You can keep it as same value of "Title", this will be the subject in the email notification + 3. **Environment** (Optional) - You can select the target ESM farm from environment list which means all customers in this environment and all customer entitled user will receive this email notification + 4. **Customer entitlement** (Optional) - You can select the target customer entitlement which means all customer entitled users for selected customer entitlement will receive this email notification. If you decided to send notification to whole farm's customer you can skip this step and chose step "c" + 5. **Event from/Event Until** - This will be displayed in news in PCS. This "Event from" and "Even Until" reflects the start/end time of the event you described in your email. For example, planned upgrades, Service Outage, etc. + 6. **Display start/Display Until** - This "Display start" and "Display Until" reflects the start/end time of this news to be displayed in PCS service portal + 7. **Archive on** - This date reflects the news will be arhived automatically, no longer displayed in PCS service portal +6. Click "Save" Button again to save all email notification content + +### Approval chain for email notification content + +1. Once the email notificaiton content and target receiver configuration all done, you can move the phase from " **Draft** " to " **Review** " +2. In current design, we need additional approval for this news. You can notify [Brindusa Kevorkian](https://rndwiki.houston.softwaregrp.net/confluence/display/~brindusa.kevorkian@microfocus.com) to help you review the email content and approve +3. Once approve, the phase will be moved from " **Review** " to " **Publish"** +4. Now you can manually change the phase from " **Publish** " to " **External** ", then this news will be sent out as email notification. And also it will be published as a news in PCS service portal + +![](attachments/686069617/686069613.png) + +![](attachments/686069617/686069615.png) + +### Send updated email notification content + +There are a number of scenarios where you need to update the content of an email, such as changing the planned maintnance window time, communicating that an upgrade has been completed, or restoring a service after a service outage has occurred. + +In such case, you don't need to recreate a new "News" to prepare the email notification. You just need to modify the existing "News" and update content: + +1. Change the phase from " **External** " to " **Draft** ", clike " **Save** " button + ![](attachments/686069617/686069616.png) +2. Update email content and click " **Save** " button +3. Repeat the steps in " **Approval chain for email notification** " to send out an updated email notification diff --git a/knowledgebase/csd-wiki/ICSD/September-2025_718113214.md b/knowledgebase/csd-wiki/ICSD/September-2025_718113214.md new file mode 100644 index 00000000..449d4679 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/September-2025_718113214.md @@ -0,0 +1,12 @@ +# September-2025_718113214 +Created by on Sep 04, 2025 EDT + +| Florin | Raluca | Boglarka | Razvan | Ioana | Cosmin | Daniel | Adina | Maricel | Paul | | +| --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | +| | | | | | | | - EU38-PROD email setup - EU38-PROD OO install - PCS tickets - PCS-EU tickets - X4X tickets - UT tickets - RnD/CPE/QA requests/investigations - domain owneship - SMAX farms' domain microfocus.com → opentext.com - other project: | | | | + +**Related pages** + +**Content by label** + +There is no content with the specified labels diff --git a/knowledgebase/csd-wiki/ICSD/Service-Health-Page_686084001.md b/knowledgebase/csd-wiki/ICSD/Service-Health-Page_686084001.md new file mode 100644 index 00000000..127e3d20 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/Service-Health-Page_686084001.md @@ -0,0 +1,5 @@ +# Service-Health-Page_686084001 +Created by, last modified by Wei Shen on Feb 08, 2025 EST + +- [ESM Service Health Page](ESM-Service-Health-Page_688996271.html) +- [OpsB Service Health Page](OpsB-Service-Health-Page_686084003.html) diff --git a/knowledgebase/csd-wiki/ICSD/Set-up-Native-SACM-for-SaaS_688996404.md b/knowledgebase/csd-wiki/ICSD/Set-up-Native-SACM-for-SaaS_688996404.md new file mode 100644 index 00000000..f53fea95 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/Set-up-Native-SACM-for-SaaS_688996404.md @@ -0,0 +1,218 @@ +# Set-up-Native-SACM-for-SaaS_688996404 +## Introduction + +This topic guides you through the steps to prepare Native SACM in a SaaS environment. + +## Prerequisites + +Manually add an **unknown** value to the **OsFamily** attribute in UCMDB. If you have a custom **OS type** in SMAX, you must also create a corresponding **OsFamily** value in UCMDB. For more information about how to do it, see [Federation between SMA OS type and UCMDB OsFamily](https://rndwiki.houston.softwaregrp.net/itom/ESM:Main/TsNativeSacmOstype). + +## Push data from UCMDB on-premises to ESM SaaS + +To migrate data from UCMDB on-premises to ESM SaaS, contact SaaS Operations. + +## Data pre-check before data migration + +This section summarizes the preparation steps to handle the potential CI data issues (e.g., data configuration and format) that might exist in both SMAX and CMS before Native SACM can be activated. +We recommend that you manually fix these potential data issues before starting the Native SACM migration for the first time in Suite Administration. + +### Manual Pre-check on CI data + +#### Step 1. Pre-check SMAX data domain and CMS tenant definition + +There are 3 scenarios: + +##### Scenario 1. SMAX has the "Public" domain only and CMS Multi-Tenant has not been enabled + +No action is needed if the SMAX version is 2021.05 or greater. + +For earlier versions of SMAX, please contact support for a hotfix. + +##### Scenario 2. SMAX has additional domains (e.g., IT, HR, Finance) and CMS Multi-Tenant has not been enabled + +If multiple data domains exist in SMAX, you must enable CMS Multi-Tenancy first. To do this, go to the UCMDB JMX Console, disable the CI owner tenant, and then call the **enableTenant** method with the **tenantName** parameter set to **All Tenants**. + +##### Scenario 3. SMAX has additional domains (e.g., IT, HR, Finance) and CMS Multi-Tenancy has been enabled + +When SMAX has multiple data domains and CMS has multiple tenants configured, you must align the default UCMDB tenant setting with the SMAX **Public** domain. To do this, follow these steps: + +1. In the UCMDB JMX Console, call the **setGlobalDefaultTenant** method to change the system default tenant to **All Tenants**. Note that this name is fixed and unchangeable. + This action sets **All Tenants** as the default tenant at the system level and the change will take effect for newly created customers. You can view the global default tenant by invoking the **getGlobalDefaultTenant** JMX method. +2. If one or more customers already exist, perform the following steps for each of them: + 1. Call the **setTenantAsDefault** JMX method to change the default tenant to **All Tenants**. + 2. You can view the default tenant of a consumer customer by invoking the **getDefaultTenant** JMX method. + 3. Use an enrichment rule to move CIs from the original default tenant to **All Tenants** as needed. + 4. If the **System Default Tenant** exists, move CIs owned by this tenant to other tenants, and then delete it. + +**Note:** For UCMDB customers, be aware that CIs assigned to **All Tenants** are accessible to all users. + +#### Step 2. Pre-check CI data information in SMAX and CMS + +All following steps are strongly recommended **before** the data migration. + +##### Step 2.1. Global ID check for CMS CIs + +The CMS Global ID serves as the key linkage field between SMAX and CMS which means that all CMS CIs without global IDs will be ignored during the migration. Therefore, make sure all federated CMS CIs have global IDs so that they can be properly synchronized to SMAX. Federated CMS CIs include the following CI types (including all sub-CI types). + +- Service +- Business Application +- Application Resource +- Application System +- Running Software +- Cloud Service +- Node + + +Note: +For data push integrations of multiple CMS servers, for example, during SaaS onboarding process, you need to ensure that the CIs' global IDs will not be overwritten after the CIs are pushed from the source CMS server to the target CMS server. To do this, you can: + +1. Access to the JMX console. +2. Use the `getGlobalID` command in the UCMDB JMX Quick Search page. +3. Make sure that the `getGlobalID` command returns "All" in the response. +4. If the result is not "All", you need to do these steps: + 1. Go to JMX console > **setAsGlobalIdGenerator** + 2. Fill in **customerID**; Leave **dbTimeout** as empty; Set **overWriteE** **xistingGlobalIDs** as **False**. + 3. Click **Invoke**. + +##### Step 2.2. ENUM consistency check + +You need to make sure all ENUM values are aligned between SMAX and CMS. A typical out-of-the-box example is SMAX OsType and CMS OsFamily. By default, there is "Unknown" defined in SMAX OsType, which is not defined on the CMS side. You must manually add this value to the CMS OsFamily ENUM to make them consistent. + +This also applies to any other customized ENUM values in SMAX OsType and CMS OsFamily. + +For the migration process, only the SMAX OSType and CMS OsFamily are required to be aligned. + +##### Step 2.3. Complex type data format check + +In SMAX, there are 6 complex-type fields for the SMAX Device record type, which are CPUs, DiskDevices, FileSystems, IpAddresses, NetworkCards, and RunningSoftwares. All sub-attributes of these fields are of the string type, which is not accepted by the corresponding CMS attribute definition. You must detect unaligned data values and correct them in SMAX prior to the migration. + +![](attachments/688996404/688996397.png) + +The following table covers the sub-attributes of complex type fields which need special attention. + +| SN | Complex Type Attributes | Data Format Required by CMS | +| --- | --- | --- | +| 1 | IP address type | IpV4 or IpV6 only, as they are ENUM values in CMS. | +| 2 | IP address value | Keep 4 segments (e.g. 192.168.56.33) for IpV4, and 8 segments for IpV6 (e.g., 2001:3CA1:010F:001A:121B:0000:0000:0010), otherwise they will not be accepted by CMS. | +| 3 | CPU ID | String type **Note:** This field is mandatory. | +| 4 | CPU clock speed | Integer only | +| 5 | Disk device size | Integer only | +| 6 | File system size | Double only | +| 7 | Network speed | Integer only | +| 8 | Running software ports | Integer only, single port only **Note:** Multiple ports are not supported by the migration. | + +##### Step 2.4. Empty display label check for SMAX CIs + +SMAX allows for creating CIs via REST call or importing via.csv, so some SMAX local CIs may have empty display labels even though this field will always be set via UI. However, in many cases, an empty CI name is not supported by CMS, which is mapped by SMAX CI display label during migration. Therefore, you need to find every SMAX local CI with an empty display label and set a proper value, especially for Actual Service, Service Component, and System Element. + +For Device, CMS has reconciliation rules to uniquely identify one CI with different attributes, for example, BIOS UUID, BIOS Serial Number, or BIOS Asset Tag. + +In order for a successful migration, you need to make sure at least one of these key attributes in SMAX Device is not empty. For example: + +- Hostname +- Serial number +- BIOS UUID +- BIOS serial number +- BIOS asset tag +- Net BIOS name + +Specifically, for the display label, you can use one SMAX business rule that figures out the display label. As shown in the example below, you can set the hostname or other attributes which will be copied as the display label. + +![](attachments/688996404/688996400.png) + +##### Step 2.5. Duplicate display labels check for SMAX CIs + +SMAX locally allows duplicated display labels for all SACM records, the current logic during migration maps the SMAX CI display label to the UCMDB CI name for Device, Service Component, Actual Service, and the CMS CI discovered product name (for SMAX system element). However, UCMDB by default doesn't accept identical names among different CIs, therefore the duplicated CIs existing on the SMAX side will be rejected by UCMDB. + +In a real-world environment, duplicated CIs existing on the SMAX side are mostly caused by the old OPB-based integration and have been moved to **End of Life** or **Final** metaphase already. Hence, if these SMAX CIs are rejected by UCMDB, the migration mechanism will automatically re-push them to UCMDB with the **discovery\_state** attribute set to **Purgeable**, thiswill bypass the UCMDB reconciliation and will be accepted by UCMDB. This solution reduces the orphan CIs left in SMAX, thus improving the CI consistency between SMAX and UCMDB. + +Note that for any existing CI in UCMDB before the migration, no **Purgeable** flag will be set during the migration. Instead, the flag will be set by UCMDB when these CIs have aged with the enhanced CI lifecycle after Native SACM is enabled. + +If the duplicated CIs exist on the SMAX side aren't at **End of Life** or **Final** metaphases, additional steps are still needed according to different record types. + +- For Actual Services and Business Applications, you need to update their display labels to different ones, or remove the duplicate CIs, or move them to the **Final** metaphase, or perform the following steps to remove UCMDB identification rule before the migration: + 1. Go to the CMS CI Type Manager. + 2. Select the **BusinessService** CI Type. + 3. In the **Identification** pane, set the identification method to **No identification**. + 4. Save the change. + 5. Repeat step 2 to step 4 for the **InfrastructureService** and **BusinessApplication** CI Type. +- For System Elements, currently, only SMAX Running Software will be migrated to UCMDB, and duplicated discovered product names aren't allowed among multiple Running Software associated with one single node in UCMDB. Therefore, we recommend that you update their display labels to different ones, or remove the duplicated CIs, or move them to **End of Life** metaphase before the migration. +- For Devices, similarly, we recommend that you update their display labels to different ones, or remove the duplicated CIs, or move them to **End of Life** metaphase before the migration. + +Step 2.6. Review SMAX Business Rules + +Some custom business rules may conflict with the CI notification of Native SACM, please review the following types of business rules and make adjustments as needed. + +- The business rule **Define field as mandatory**. For example, if a customer defines any field as mandatory for Device through this rule, all UCMDB nodes can't be synchronized to SMAX (either creating or updating) when UCMDB can't populate the mandatory field values (e.g., any SMAX local fields such as "Owner"). To avoid this, please make sure all mandatory fields will be set by default for newly created devices in SMAX and all existing SMAX devices have all mandatory fields populated before enabling Native SACM. +- The business rule **Define field as read-only**. For example, if a customer defines any federation fields (e.g., "Serial number" or "Subtype") as read-only for Device through this rule, UCMDB nodes can be synchronized to SMAX. However, after Native SACM is enabled, any CI notifications including "Serial number" or "Subtype" will fail and cause CI inconsistency. To avoid this, please remove/disable relative read-only rules or exclude all federation fields from the rules. +- The business rule **Restrict editing of fields**. For example, if a customer restricts editing of any federation fields (e.g., "Serial number" or "Subtype") for Device through this rule, all UCMDB nodes can't be synchronized to SMAX (either creating or updating). To avoid this, please remove/disable relative restrict editing rules or exclude all federation fields from the rules. + +#### Step 3. Configure Native SACM settings and trigger Migration in Suite Administration + +By now you have fixed the known data issues and you can start to configure the Native SACM settings in Suite Administration. + +It is expected that there is a data mismatch of CIs between SMAX and CMS. You will get the following popup window. + +![](attachments/688996404/688996401.png) + +The popup window indicates that SMAX detects CIs that are different between SMAX and CMS, so a data migration is needed. Since you have already fixed the known data issues in SMAX and CMS, you can go ahead to click **MIGRATE** to start the migration. If all issues are resolved the migration will succeed and Native SACM will be automatically enabled and set to active. + +In case the migration identifies errors, the errors will be tracked in the migration report. You can download and review the report and fix the issues according to your actual business needs. You are recommended but not forced to fix all the issues. For example, if some SMAX local CI relationships fail to be migrated, and if you believe UD can discover those CI relationships in a more accurate manner and this error can be accepted anyway, it is okay for you to leave it as is. + +Do not click the **Enable** button until all issues are resolved or you can accept all remaining issues, as you CANNOT start the migration again and the data will not be in a synchronized state. + +## Migration limitations + +There are some migration limitations because CMS has different CI and CI relationship characters with SMAX. + +#### Limitation 1. Standalone system element is not supported for the migration + +CMS does not allow standalone "Running Software" to which SMAX System Element is mapped, so all standalone SMAX system element CIs will not be migrated. + +#### Limitation 2. System elements of limited OOB subtypes are supported by the migration + +SMAX system elements have 13 OOB subtypes as shown in the following screenshot, and only system elements of 4 of them (Running Software, Web Server, Database, and Application Server) are allowed to be migrated to CMS CIs of the same CI Type names if each system element is already linked to one existing device. + +![](attachments/688996404/688996402.png) + +System elements of all other 9 out-of-the-box subtypes are not supported by the migration, due to the following reasons. + +- Mapped peer CMS CI Type is abstract (e.g., Application System, Application Resource, AWS Resource, and WebService Resource), which cannot be instantiated in CMS. +- Not supported by the current mapping file between SMAX Subtype and CMS CI type (e.g., Virtualization, CI collection, and Other), and the mapping file cannot be customized in SaaS. +- Not business applicable (e.g., Database Resource and Cloud Service). + +System elements with customized or empty subtypes will not be migrated either, due to the following reasons. + +- The CMS CI type mapped with SMAX subtype does not follow a certain pattern, it is hard to guarantee the migration of system elements of customized subtypes will succeed. Currently, it is not supported. +- The base CI Type mapped to System Element is "Infrastructure Element," which is abstract and cannot be instantiated in CMS. + +#### Limitation 3: Devices of the "Cluster resource group" subtype are not supported by the migration + +CMS does not support a standalone "ClusterResourceGroup," which has to be linked with at least one cluster CI. Hence, devices of the "Cluster resource group" subtype in SMAX will not be migrated as SMAX does not support the migration of any cluster CIs in System Elements. To work around it, you may change the "ClusterResourceGroup" subtype of the device to "Other" in order to migrate it to CMS. + +## Enable enrichment rules in UCMDB + +When a CI of a federated CI type is created or discovered in UCMDB, enrichment rules are implemented for mapping Subtypes of SMA. The `SMAX` folder contains preset enrichment rules for the federated CI types. By default, these enrichment rules are inactive, we recommend that you activate them all and don't make any changes unless you have customized Subtypes. To do this, open **Enrichment Manager** in UCMDB and activate all enrichment rules in the `SMAX` folder. + +## UCMDB Browser + +To build an end-to-end topology, it's required to connect the logic with the physical elements. To do so, you can use the Assisted Service Modelling feature from the UCMDB browser. The UCMDB browser is directly accessible from the SMA UI by using the “Explore” functionality. + +**Note:** You need to have the **Enable 'Explore' in CI details** permission enabled in the user role. For details about how to enable this permission, see [Roles](https://rndwiki.houston.softwaregrp.net/itom/ESM:Main/pplRoles). + +**Related pages** + +- Page: + [ESM Cloud Farm Version Tracking](/display/ICSD/ESM+Cloud+Farm+Version+Tracking) +- Page: + [How to get an Opentext Confluence account](/display/ICSD/How+to+get+an+Opentext+Confluence+account) +- Page: + [ITOM APM AppPluse Cloud Farm Information](/display/ICSD/ITOM+APM+AppPluse+Cloud+Farm+Information) +- Page: + [ITOM Cloud Service Ops Doc Management Process](/display/ICSD/ITOM+Cloud+Service+Ops+Doc+Management+Process) +- Page: + [ITOM ESM Cloud Service Catalog](/display/ICSD/ITOM+ESM+Cloud+Service+Catalog) +- Page: + [ITOM OpsB NOM Cloud Service Catalog](/display/ICSD/ITOM+OpsB+NOM+Cloud+Service+Catalog) +- Page: + [OpsB and NOM Cloud Deployments Version Tracking](/display/ICSD/OpsB+and+NOM+Cloud+Deployments+Version+Tracking) diff --git a/knowledgebase/csd-wiki/ICSD/SocGen_686069980.md b/knowledgebase/csd-wiki/ICSD/SocGen_686069980.md new file mode 100644 index 00000000..be45186d --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/SocGen_686069980.md @@ -0,0 +1,52 @@ +# SocGen_686069980 +## Introduction + +This page presents all the information for SocGen onboarding SMAX/ESM SaaS. + +## Background + +1. Existing sizing of SocGen + 1. Unity + | Node | Hostname | K8S version | OS version | Kernel version | CPU Cores | RAM | + | --- | --- | --- | --- | --- | --- | --- | + | control-plane,master | ip-171-70-11-121.compute.eu-fr-paris.cloud.socgen | v1.26.1 | CentOS 7.9 | amd64 3.10.0-1160.81.1.el7.x86\_64 | 8 | 32GB | + | control-plane,master | ip-171-70-14-149.compute.eu-fr-paris.cloud.socgen | v1.26.1 | CentOS 7.9 | amd64 3.10.0-1160.81.1.el7.x86\_64 | 8 | 32GB | + | control-plane,master | ip-171-71-13-93.compute.eu-fr-paris.cloud.socgen | v1.26.1 | CentOS 7.9 | amd64 3.10.0-1160.81.1.el7.x86\_64 | 8 | 32GB | + | worker1 | ip-171-70-11-169.compute.eu-fr-paris.cloud.socgen | v1.26.1 | CentOS 7.9 | amd64 3.10.0-1160.81.1.el7.x86\_64 | 12 | 66GB | + | worker2 | ip-171-70-11-29.compute.eu-fr-paris.cloud.socgen | v1.26.1 | CentOS 7.9 | amd64 3.10.0-1160.81.1.el7.x86\_64 | 12 | 66GB | + | worker3 | ip-171-70-11-98.compute.eu-fr-paris.cloud.socgen | v1.26.1 | CentOS 7.9 | amd64 3.10.0-1160.81.1.el7.x86\_64 | 12 | 66GB | + | worker4 | ip-171-70-14-174.compute.eu-fr-paris.cloud.socgen | v1.26.1 | CentOS 7.9 | amd64 3.10.0-1160.81.1.el7.x86\_64 | 12 | 66GB | + | worker5 | ip-171-70-14-184.compute.eu-fr-paris.cloud.socgen | v1.26.1 | CentOS 7.9 | amd64 3.10.0-1160.81.1.el7.x86\_64 | 12 | 66GB | + | worker6 | ip-171-71-13-118.compute.eu-fr-paris.cloud.socgen | v1.26.1 | CentOS 7.9 | amd64 3.10.0-1160.81.1.el7.x86\_64 | 12 | 66GB | + | worker7 | ip-171-71-13-142.compute.eu-fr-paris.cloud.socgen | v1.26.1 | CentOS 7.9 | amd64 3.10.0-1160.81.1.el7.x86\_64 | 12 | 66GB | + | worker8 | ip-171-71-13-16.compute.eu-fr-paris.cloud.socgen | v1.26.1 | CentOS 7.9 | amd64 3.10.0-1160.81.1.el7.x86\_64 | 12 | 66GB | + | worker9 | ip-171-71-13-228.compute.eu-fr-paris.cloud.socgen | v1.26.1 | CentOS 7.9 | amd64 3.10.0-1160.81.1.el7.x86\_64 | 12 | 66GB | + | worker10 | ip-171-71-13-31.compute.eu-fr-paris.cloud.socgen | v1.26.1 | CentOS 7.9 | amd64 3.10.0-1160.81.1.el7.x86\_64 | 12 | 66GB | + | Database | | | | | 96 | 386GB | + 2. ACTA + | **Node** | **Hostname** | **K8S version** | **OS version** | **Kernel version** | **CPU Cores** | **RAM** | + | --- | --- | --- | --- | --- | --- | --- | + | control-plane,master | ip-171-70-10-17.compute.eu-fr-paris.cloud.socgen | v1.26.1 | CentOS 7.9 | amd64 3.10.0-1160.102.1.el7.x86\_64 | 12 | 32GB | + | control-plane,master | ip-171-70-9-63.compute.eu-fr-paris.cloud.socgen | v1.26.1 | CentOS 7.9 | amd64 3.10.0-1160.102.1.el7.x86\_64 | 12 | 32GB | + | control-plane,master | ip-171-71-13-116.compute.eu-fr-paris.cloud.socgen | v1.26.1 | CentOS 7.9 | amd64 3.10.0-1160.102.1.el7.x86\_64 | 12 | 32GB | + | worker1 | ip-171-70-10-236.compute.eu-fr-paris.cloud.socgen | v1.26.1 | CentOS 7.9 | amd64 3.10.0-1160.102.1.el7.x86\_64 | 8 | 65GB | + | worker2 | ip-171-70-10-73.compute.eu-fr-paris.cloud.socgen | v1.26.1 | CentOS 7.9 | amd64 3.10.0-1160.102.1.el7.x86\_64 | 8 | 65GB | + | worker3 | ip-171-70-9-153.compute.eu-fr-paris.cloud.socgen | v1.26.1 | CentOS 7.9 | amd64 3.10.0-1160.102.1.el7.x86\_64 | 8 | 65GB | + | worker4 | ip-171-70-9-178.compute.eu-fr-paris.cloud.socgen | v1.26.1 | CentOS 7.9 | amd64 3.10.0-1160.102.1.el7.x86\_64 | 8 | 65GB | + | worker5 | ip-171-71-13-200.compute.eu-fr-paris.cloud.socgen | v1.26.1 | CentOS 7.9 | amd64 3.10.0-1160.102.1.el7.x86\_64 | 8 | 65GB | + | worker6 | ip-171-71-13-203.compute.eu-fr-paris.cloud.socgen | v1.26.1 | CentOS 7.9 | amd64 3.10.0-1160.102.1.el7.x86\_64 | 8 | 65GB | + | worker7 | ip-171-71-13-53.compute.eu-fr-paris.cloud.socgen | v1.26.1 | CentOS 7.9 | amd64 3.10.0-1160.102.1.el7.x86\_64 | 8 | 65GB | + | worker8 | ip-171-71-13-83.compute.eu-fr-paris.cloud.socgen | v1.26.1 | CentOS 7.9 | amd64 3.10.0-1160.102.1.el7.x86\_64 | 8 | 65GB | + | Database | | | PG 14 | | 24 | 128GB | +2. License and concurrent users + 1. Unity + 1. 1671 Agents / 2300 License + ![](attachments/686069980/686069976.png) + 2. ACTA + 1. 196 Agents / 420 License + ![](attachments/686069980/686069979.png) + +## Attachments: + +[image-2025-1-20\_14-21-6.png](attachments/686069980/686069976.png) (image/png) +[image-2025-1-20\_14-23-18.png](attachments/686069980/686069979.png) (image/png) diff --git a/knowledgebase/csd-wiki/ICSD/Standard-Ops-Runbook_686073477.md b/knowledgebase/csd-wiki/ICSD/Standard-Ops-Runbook_686073477.md new file mode 100644 index 00000000..b8fc0d23 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/Standard-Ops-Runbook_686073477.md @@ -0,0 +1,36 @@ +# Standard-Ops-Runbook_686073477 +- [\[SaaS\]AWS KMS key moving from AWS managed to OT managed (ESM, UCMDB, OO and Audit)](688982666.html) + - [Change SMAX/Aduit KMS to the customer managed key for EFS file system and RDS](688982746.html) + - [Change the OO customer managed key for EFS file system and RDS](Change-the-OO-customer-managed-key-for-EFS-file-system-and-RDS_688982917.html) + - [UCMDB/UD AWS KMS key moving from AWS managed to OT managed](688983013.html) +- [Automation Center: Capability enablement and tenant management](686073529.html) +- [Centralized User Authentication with OIDC and IDM (OP AS OIDC PROVIDER)](686073608.html) +- [Centralized User Authentication with OIDC and IDM (SMAX AS OIDC PROVIDER)](686073659.html) +- [Check isolated tenants per farm](Check-isolated-tenants-per-farm_686073691.html) +- [Clean up CMS log files](Clean-up-CMS-log-files_686073699.html) +- [Collect customer owned SMAX OPB Agent information and check status](Collect-customer-owned-SMAX-OPB-Agent-information-and-check-status_686073768.html) +- [Configure custom SMTP for UCMDB](Configure-custom-SMTP-for-UCMDB_688983358.html) +- [Configure logging mode (Synchronous or Asynchronous)](686073798.html) +- [Content Pack cleanup for SaaS farms](Content-Pack-cleanup-for-SaaS-farms_692438713.html) +- [Disable/Enable Gateway Service/Access Log (non-helm)](686073835.html) +- [Disable/Enable the platform service/access log (non-helm)](686073862.html) +- [Disable Native SACM manually](Disable-Native-SACM-manually_686073918.html) + - [Toggle plaftform offline NG for Native SACM](Toggle-plaftform-offline-NG-for-Native-SACM_686073929.html) +- [Disable NSACM and enhance CI lifecycle in SaaS](Disable-NSACM-and-enhance-CI-lifecycle-in-SaaS_688987700.html) +- [How to change Native SACM Notification Throttling](How-to-change-Native-SACM-Notification-Throttling_686074009.html) +- [How to generate flame graph for specific container](How-to-generate-flame-graph-for-specific-container_686074188.html) +- [How to link "Help" to ESM SaaS Doc Portal](686074211.html) +- [How to replace bastion with Rocky Linux](How-to-replace-bastion-with-Rocky-Linux_688996309.html) +- [ITOM Aviator](ITOM-Aviator_688982192.html) + - [Aviator widget on-boarding tasks for OpsB](Aviator-widget-on-boarding-tasks-for-OpsB_686073595.html) + - [Aviator widget on-boarding tasks for UCMDB](Aviator-widget-on-boarding-tasks-for-UCMDB_688982982.html) + - [Deactive ITOM Aviator](Deactive-ITOM-Aviator_686073804.html) + - [How to disable Aviator](How-to-disable-Aviator_686073812.html) + - [Guide for index external websites into Aviator with IDOL web connector](Guide-for-index-external-websites-into-Aviator-with-IDOL-web-connector_686073963.html) + - [How to debug in Milvus](How-to-debug-in-Milvus_686074149.html) + - [How to reload Milvus collections for Aviator](How-to-reload-Milvus-collections-for-Aviator_686074224.html) +- [ITOM Operation Platform](ITOM-Operation-Platform_688996761.html) +- [Mass Update – Reusable Integration Studio Scenario](686074253.html) +- [Request access to AWS account from IGA portal](Request-access-to-AWS-account-from-IGA-portal_686074273.html) +- [SaaS Change UPN Script Runbook](SaaS-Change-UPN-Script-Runbook_686074283.html) +- [SMAX - Enable Pendo for SMAX tenant](SMAX---Enable-Pendo-for-SMAX-tenant_688982184.html) diff --git a/knowledgebase/csd-wiki/ICSD/Steps-to-decomission-Vertica-used-by-Classic-FinOps_687151665.md b/knowledgebase/csd-wiki/ICSD/Steps-to-decomission-Vertica-used-by-Classic-FinOps_687151665.md new file mode 100644 index 00000000..5995c40d --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/Steps-to-decomission-Vertica-used-by-Classic-FinOps_687151665.md @@ -0,0 +1,40 @@ +# Steps-to-decomission-Vertica-used-by-Classic-FinOps_687151665 +## Introduction + +These steps should be used to decomission/remove Vertica used by Classic FinOps. + +HCMX FinOps was using Vertica for storing cloud cost data and creating FinOps reports. From 24.4 version, FinOps started support of using Operations Platform (OP) and Vertica deployed as part of OP. After migrating all tenats from Classic FinOps to OP based FinOps, the Vertica used in Classic mode will remain unused. These are the steps to decomission that classic FinOps. + +## Make sure all FinOps tenants are migrated to OP + +Before decomissioning the Vertica, make sure all FinOps tenants (i.e tenants which are enabled with FinOps capability) are migrated from Classic to OP mode. Here are the steps: + +1. Login to Suite Administration https:///bo +2. Navigate to TENANTS, select a tenant. Click on Capability Settings. Navigate to Cloud Management Platform FinOps. +3. ‘Switch to Operations Platform’ should be greyed out. It should have Vertica details like ‘Vertica Hostname’, ‘Vertica Schema name’ etc. If you make sure that these Vertica related information is present, then it means the tenant is configured with OP mode. If Vertica details is not present, then tenant is in Classic mode. If so, the follow the FinOps Classic to FinOps OP migration steps. +4. Follow step 2 & 3 for all tenants i.e Navigate to every FinOps enabled tenant and make sure it is configured with OP mode. + +## Steps for Decomissioning + +1. Shudown the Classic Vertica. +2. Clean up config map entries + 1. Export itsma helm values. *helm get values sma -n itsma-helm -o yaml > itsma-helm.yaml* + 2. Update vertica details from the exported helm-values.yaml. Make sure the keys are not delated, just values are replaced as below. + 3. ``` + vertica : + dbname : NO_DB + host : NO_HOST + port : 0 + rwuser : NO_USER + tlsEnabled : false + ``` + 4. Peform helm upgrade. *helm upgrade sma chart-file -n ns -f itsma-helm.yaml.* + +## Validate + +1. Showback pods should be running and logs should not show any errors +2. Login to one of the tenant, initiate a collection. Collection should be successful. +3. Export the itmsa values (refer step a) and make sure vertica details are having the updated values. If you have backed up values yaml in a common place, please replace the exported values yaml for future reference. +4. Review the config maps + 1. kubectl describe cm vertica-database-configmap -n itsma-helm +5. Make sure the Vertica details are not pointing to an active DB. diff --git a/knowledgebase/csd-wiki/ICSD/Test_686070814.md b/knowledgebase/csd-wiki/ICSD/Test_686070814.md new file mode 100644 index 00000000..5b2bfec0 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/Test_686070814.md @@ -0,0 +1,2 @@ +# Test_686070814 +Created by on Jan 20, 2025 EST diff --git a/knowledgebase/csd-wiki/ICSD/The-sarmat-saw-con-0-pod-cannot-start-due-to-the-pod-data-was-broken-during-the-upgrade._688996417.md b/knowledgebase/csd-wiki/ICSD/The-sarmat-saw-con-0-pod-cannot-start-due-to-the-pod-data-was-broken-during-the-upgrade._688996417.md new file mode 100644 index 00000000..745e193c --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/The-sarmat-saw-con-0-pod-cannot-start-due-to-the-pod-data-was-broken-during-the-upgrade._688996417.md @@ -0,0 +1,22 @@ +# The-sarmat-saw-con-0-pod-cannot-start-due-to-the-pod-data-was-broken-during-the-upgrade._688996417 +## Problem + +1135782:smarta-saw-con-0 pod failed to be up during Patch Upgrade + +![](attachments/688996417/688996416.png) + +## Cause + +The root cause is that during the drecompact process, the patch upgrade caused a restart, which interrupted the drecompact. + +The next attempt to restart the drecompact failed, resulting in an infinite restart. + +## Solution + +**Option 1**: A notification will be created to ask the SaaS team to stop the daily drecompact before the upgrade process. (SaaS team experts may take some efforts to stop/start them for upgrade everytime) + +**Option 2:** Use the workaround: We restore the smart-saw-con-0 pod data from its mirror pod smarta-saw-con-a-0, restart them, and then everything is working to normal. (Base on SaaS operation experience, we never meet this issue before. So, SaaS team experts only need apply it once we meet this issue.) + +## Attachments: + +[image-2025-2-8\_15-49-20.png](attachments/688996417/688996416.png) (image/png) diff --git a/knowledgebase/csd-wiki/ICSD/Toggle-plaftform-offline-NG-for-Native-SACM_686073929.md b/knowledgebase/csd-wiki/ICSD/Toggle-plaftform-offline-NG-for-Native-SACM_686073929.md new file mode 100644 index 00000000..47936fdd --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/Toggle-plaftform-offline-NG-for-Native-SACM_686073929.md @@ -0,0 +1,32 @@ +# Toggle-plaftform-offline-NG-for-Native-SACM_686073929 +## Introduction + +The platform offline NG pod introduced in version 24.2 aims to address resource bottlenecks encountered during a-synced job handling, such as a job for Native SACM CI notifications. It's designed to handle high incoming loads, particularly during peak times when a large number of CIs are received from UCMDB, aiming to distribute the Native SACM CI sync task load from the current offline pod. + +By default, Native SACM relies on this pod to work. If you want, you can disable it so that Native SACM switches back to the original offline pod to process CIs. You can also enable it again after you disable it. + +## Disable Native SACM CI sync from UCMDB via Offline NG + +Perform the following steps on the bastion node: + +1. Edit the configmap: + `kubectl edit cm itom-xruntime-infra-config -n $(kubectl get namespace |grep itsma | cut -f1 -d " ")` +2. Update this parameter: + `ENABLE_SCALABLE_NATIVE_SACM: "false"` +3. Restart the offline and offline-ng pods: + `kubectl rollout restart deployment itom-xruntime-platform-offline-ng  -n $(kubectl get namespace |grep itsma | cut -f1 -d " ")` + `kubectl scale deployment itom-xruntime-platform-offline -n $(kubectl get namespace |grep itsma | cut -f1 -d " ") --replicas=0` ` kubectl scale deployment itom-xruntime-platform-offline -n $(kubectl get namespace |grep itsma | cut -f1 -d " ") --replicas=1` + +## Enable Native SACM CI sync from UCMDB via Offline NG + +Perform the following steps on the bastion node: + +1. Edit the configmap: + `kubectl edit cm itom-xruntime-infra-config ` `-n $(kubectl get namespace |grep itsma | cut -f1 -d " ") ` +2. Update this parameter: + `ENABLE_SCALABLE_NATIVE_SACM: "true"` +3. Restart the offline and offline-ng pods: + `kubectl rollout restart deployment itom-xruntime-platform-offline-ng  -n $(kubectl get namespace |grep itsma | cut -f1 -d " ")` + `kubectl scale deployment itom-xruntime-platform-offline -n $(kubectl get namespace |grep itsma | cut -f1 -d " ") --replicas=0` ` kubectl scale deployment itom-xruntime-platform-offline -n $(kubectl get namespace |grep itsma | cut -f1 -d " ") --replicas=1` +4. Check the replicas of the offline-ng pod, and change it to 1 if it is not: + `kubectl scale deployment itom-xruntime-platform-offline-ng -n $(kubectl get namespace |grep itsma | cut -f1 -d " ") --replicas=1` diff --git a/knowledgebase/csd-wiki/ICSD/Transform-the-suite-to-a-Helm-deployment-on-24.2.FP1_688996419.md b/knowledgebase/csd-wiki/ICSD/Transform-the-suite-to-a-Helm-deployment-on-24.2.FP1_688996419.md new file mode 100644 index 00000000..d062cd86 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/Transform-the-suite-to-a-Helm-deployment-on-24.2.FP1_688996419.md @@ -0,0 +1,39 @@ +# Transform-the-suite-to-a-Helm-deployment-on-24.2.FP1_688996419 +#### Helm upgrade procedure + +
SEQStepsDurationDowntime

Prerequisites

1

Make sure current suite is upgraded to version 24.2.fp1

1 minNA
2

Run the following command to make sure that all the OMT and suite pods are ready

1 min

kubectl get pod --all-namespaces|grep -v 1/1|grep -v 2/2|grep -v 3/3|grep -v 4/4|grep -v 6/6|grep -v Completed

Preparation

1

Download the ESM helm chart to bastion

2 minsNA

Download helm chart (24.2.FP1) & Unzip & Verify the signature

s3://deploy-packages/artifacts/24.2/24.2.FP1-04-29-2024-Build-185/ESM_Helm_Chart-24.2.1.zip

2Get environment variables1 min
NAMESPACE=`kubectl get namespace|grep itsma | cut -f1 -d " "`
+SYSTEM_USER_ID=$(kubectl get configmap -o jsonpath='{.data.system_user_id}' itsma-common-configmap -n $NAMESPACE)
+SYSTEM_GROUP_ID=$(kubectl get configmap -o jsonpath='{.data.system_group_id}' itsma-common-configmap -n $NAMESPACE)
+SIZE=$(kubectl get configmap -o jsonpath='{.data.itom_suite_size}' itsma-common-configmap -n $NAMESPACE)
+echo NAMESPACE: $NAMESPACE SYSTEM_USER_ID: ${SYSTEM_USER_ID}, SYSTEM_GROUP_ID: ${SYSTEM_GROUP_ID}, SIZE: ${SIZE}

NOTE: If your bastion session is expired, run this get ENV variables again. If it expires after you delete the ns, replace the variables manually when executing the command

3(Optional) Backup the suite external ingress and suite integration ingress2 mins

For ESK ENV, you will create the ingresses (suite and integration) after helm installation.

If you don't have the backup files, please do the backup in advance. For example:

NOTE: The ingress names may vary across environments

kubectl get ingress sma-ingress -n $NAMESPACE -o yaml > suite-ingress-backup.yaml

kubectl get ingress sma-int-ingress -n $NAMESPACE -o yaml > sma-int-ingress-backup.yaml

Note: After helm installation you have to re-create related ingress and alb.

4

Create additional volumes

1 min

For EKS:

Run the following commands on the bastion node.

NOTE: Please replace the mount point with the actual value:

sudo mkdir -p /mnt/efs/var/vols/itom/itsma/config-volume

sudo mkdir -p /mnt/efs/var/vols/itom/itsma/logging-volume

sudo chown -R $SYSTEM_USER_ID:$SYSTEM_GROUP_ID /mnt/efs/var/vols/itom/itsma/config-volume
sudo chown -R $SYSTEM_USER_ID:$SYSTEM_GROUP_ID /mnt/efs/var/vols/itom/itsma/logging-volume
sudo chmod g+w /mnt/efs/var/vols/itom/itsma/config-volume
sudo chmod g+w /mnt/efs/var/vols/itom/itsma/logging-volume
sudo chmod g+s /mnt/efs/var/vols/itom/itsma/config-volume
sudo chmod g+s /mnt/efs/var/vols/itom/itsma/logging-volume

5

Check folder permissions

5 mins

Using the following command to check and change folder permission (Please replace the mount point with actual value:):

Check folder permission:

sudo find /mnt/efs/var/vols/itom -type d -exec stat --format='%u:%g %A %n' '{}' \;| grep -v $SYSTEM_USER_ID:$SYSTEM_GROUP_ID

If the result doesn't include :, change the ownership of each directory or file that you created by using the chown -R : command.

For example (the command find and update the folders' permission exclude the log folder):

sudo find /mnt/efs/var/vols/itom -type d -not -path "/mnt/efs/var/vols/itom/itsma/global-volume/logs/*" -exec chown $SYSTEM_USER_ID:$SYSTEM_GROUP_ID {} +

6

Sync data to new Helm persistent volumes

6 mins

NOTE: You may want to clean up the tenant-import and tenant-export folders if the size of these 2 volumes are too large before sync.

Sync data to new PV:

cd ESM_Helm_Chart-2x.x/scripts/transformation
chmod u+x syncData.sh

Run sycnData command with your own path, for example:

sudo./syncData.sh --globalVolumePath /mnt/efs/var/vols/itom/itsma/global-volume --smartanalyticsVolumePath /mnt/efs/var/vols/itom/itsma/smartanalytics-volume --configVolumePath /mnt/efs/var/vols/itom/itsma/config-volume

NOTE: you need to press 'y' twice to complete the script

Also you could use the following command to avoid bastion connection interruption during data sync

NOTE: Please replace the mount point to actual value you use:

nohup sh -c "printf 'y\ny\ny\ny\n' | sudo./syncData.sh --globalVolumePath /mnt/efs/var/vols/itom/itsma/global-volume --smartanalyticsVolumePath /mnt/efs/var/vols/itom/itsma/smartanalytics-volume --configVolumePath /mnt/efs/var/vols/itom/itsma/config-volume" nohup.out 2>&1 &

Watch the progress by below command:

tail -f nohup.out

Gov Cloud ENV took 6 mins with below data size:

The 'global-volume' requires an additional 77 MB of free disk space.
The 'config-volume' requires an additional 70 MB of free disk space.

7

Retrieve system configurations and generate values.yaml file

  • Generate basic values.yaml

  • Generate customized values.yaml

5 mins

Before you begin, ensure that the jq and yq tools are installed

Generate basic values.yaml file based on the suite environment

cd ESM_Helm_Chart-2x.x/scripts/transformation
chmod u+x generateBasicValuesYaml.sh
./generateBasicValuesYaml.sh

NOTE: you need to press 'y' twice to complete the script

Copy the values.yaml file to the ESM_Helm_Chart-2x.x/charts/ directory.

Save a copy of the values.yaml file in a secure location as backup.

Generate customized values.yaml

Go to the ESM_Helm_Chart-2x.x/scripts/custom_settings directory.Change the script file permission and run script:

cd ESM_Helm_Chart-2x.x/esm-1.0.0+2x.x-xxx/scripts/ custom_settings

chmod u+x generateCustomSettings.sh

./generateCustomSettings.sh

The script generates a customized_values.yaml file in the current directory.

Copy the customized_values.yaml file to the ESM_Helm_Chart-2x.x/charts/ directory.

Save the customized_values.yaml file to a secure location as a backup copy.

7

Back up OMT and SMA

30 mins

Backup the whole SMAX (RDS/EFS/K8S)

Maintain Window

1

Stop SMA and OMT

5 mins45 mins

1.Stop OMT & SMA:

$CDF_HOME/bin/cdfctl runlevel set -l DOWN -n $NAMESPACE
$CDF_HOME/bin/cdfctl runlevel set -l DOWN -n core

2.Check the pods of OMT & SMA are all stopped.

kubectl get pod -n $NAMESPACE|grep -v -E 'throttling|opentelemetry|toolkit|Completed'
kubectl get pod -n core |grep -v Completed

NOTE: If your promethues pods are under core namespace, it takes time to shut down these pods

2

Clean up classic SMA resources

5 mins

Use the below command to clean the SMA resource:

kubectl delete ns $NAMESPACE

NOTE: Deleting the ns will re-created the ingress and ALB. You will create new ingress and ALB for EKS in helm installation step. Then bound the newly created the ingress alb to FedRAMP domain

Verify the ns is deleted:

kubectl get ns

Use the following command to check what resources are being used:

kubectl api-resources --verbs=list --namespaced -o name | xargs -n 1 kubectl get --show-kind --ignore-not-found -n $NAMESPACE

Patch the ingress use the following command:

kubectl patch -n $NAMESPACE --type=json --patch='[{"op": "remove", "path": "/metadata/finalizers/0"}]'

3

Sync incremental data

2 mins

Sync incremental data:

Go to the ESM_Helm_Chart-2x.x/scripts/transformation directory and run below command again:

sudo./syncData.sh --globalVolumePath /mnt/efs/var/vols/itom/itsma/global-volume --smartanalyticsVolumePath /mnt/efs/var/vols/itom/itsma/smartanalytics-volume --configVolumePath /mnt/efs/var/vols/itom/itsma/config-volume

NOTE: to sync incremental data you only need to press y for one time

The incremental sync should not cost long time as the first sync, while still you can use the below command to avoid bastion connection interruption during sync data

NOTE: Please replace the mount point with your actual environment:

nohup sh -c "printf 'y\ny\ny\ny\n' | sudo./syncData.sh --globalVolumePath /mnt/efs/var/vols/itom/itsma/global-volume --smartanalyticsVolumePath /mnt/efs/var/vols/itom/itsma/smartanalytics-volume --configVolumePath /mnt/efs/var/vols/itom/itsma/config-volume" nohup.out 2>&1 &

4

Update the label for the core namespace

1 min

Update the label for core:

kubectl patch ns core -p '{"metadata":{"labels":{" deployments.microfocus.com/deployment-name":"cdf "}}}'

5Create a deployment for the suite1 min

Create a deployment for suite:

$CDF_HOME/bin/cdfctl deployment create -d $NAMESPACE
NOTE: This command creates a deployment with your original suite namespace as the deployment name.

6Refine existing PVs1 min
  1. Go to the ESM_Helm_Chart-2x.x/scripts/transformation directory.cd ESM_Helm_Chart-2x.x/esm-1.0.0+2x.x-xxx/scripts/transformation
  2. Run the following commands:

    chmod u+x refinePV.sh
    ./refinePV.sh $SIZE
    NOTE: Press "y" after you see this message "Do you want to create pvs based on the same nfs server and nfs root path with the global-volume:? [y/n]"

  3. Run the following command to verify the PV creation.
    kubectl get pv|grep -E "config-volume|logging-volume|data-volume"|grep itsma
  4. Run the following command to verify the PV status is Available (Below command is supposed to return no result)
    kubectl get pv|grep itsma|grep -v -E "db-volume|global-volume|smartanalytics"|awk '{if ($5!="Available") print $0}'
7Restore vault data
  • Copy vault data from core-volume to global-volume
  • Copy vault secrets to the suite namespace
5 mins

Copy vault data from core-volume to global-volume
On bastion run below command:

sudo cp -R /mnt/efs/var/vols/itom/itsma/core/vault /mnt/efs/var/vols/itom/itsma/global-volume/
sudo chown -R $SYSTEM_USER_ID:$SYSTEM_GROUP_ID /mnt/efs/var/vols/itom/itsma/global-volume/vault

NOTE: Please replace the mount point with your actual environment

Copy vault secrets to the suite namespace
  1. Create script "copyVaultCredentials.sh" > Restore_vault_data
  2. Run below command
    chmod u+x copyVaultCredentials.sh
    ./copyVaultCredentials.sh $NAMESPACE
NOTE: Replace with a unique release name that you want to specify for the suite deployment.
8Start OMT5 mins
  1. Start OMT:
    $CDF_HOME/bin/cdfctl runlevel set -l UP -n core
  2. Check that all the OMT pods are ready:
    kubectl get pods -n core|grep -v 1/1|grep -v 2/2|grep -v 3/3|grep -v 4/4|grep -v Completed
9Install the ESM helm chartCreate ingress for the suite (EKS only)15 mins

Login Bastion and change folder to the ESM_Helm_Chart-2x.x/charts/ directory.
Run the helm install command:

helm install esm-1.0.0+2x.x-xxx.tgz -n $NAMESPACE -f values.yaml -f customized_values.yaml --set global.nodeSelector.Worker=label

N OTE: This release name is the one you gave in step 7

During the helm installation, monitor the status of the itom-nginx-ingress service by running the below command:

kubectl get svc -n $NAMESPACE|grep itom-nginx-ingress-svc

[EKS Only] Once the service is available, create the ingress for the suite & ingress for the SMAX integration.

For example:

kubectl create -f sma-ingress.yaml
kubectl create -f sma-ingress-integration.yaml

NOTE: The ingress yaml files are the ones you exported in Preparation - Step 3

Bound the newly created the ingress alb to FedRAMP domain

Add the newly created service port to the EKS worker's inbound security group

Reference:

10Enable helm autopass3 mins
  1. Log in to the control plane node or bastion node.
  2. Change to the ESM_Helm_Chart-2x.x/scripts/transformation directory.
  3. Change the permission of the updateAutopassKey.sh file:
    chmod u+x updateAutopassKey.sh
  4. Run the script to sync the autopass key.
    ./updateAutopassKey.sh -n $NAMESPACE
    It will restart the itom-bo-license-deployment and autopass-lm-v2 pods.
  5. After the above pods are up and running, enter the autopass page with the new URL: https:///autopass
11Ensure all suite pods & job are ready2 mins

Check helm install pod status

kubectl get pod -n $NAMESPACE|grep -v 1/1|grep -v 2/2|grep -v 3/3|grep -v 4/4|grep -v Completed

kubectl get job -n $NAMESPACE

Note: please run the following command t o delete the xruntime-upgrade-tenants job if it is 0/1:

kubectl delete job -n $ns `kubectl get job -n $ns | grep xruntime-upgrade-tenants | awk '{print $1}'`

Post-tasks

1Clean up unused pods in the OMT namespace1 minsNA

Clean up unused pods in the OMT namespace via below command:

helm upgrade apphub $CDF_HOME/charts/apphub-1.2*.tgz --reuse-values --set global.services.suiteDeployment

NOTE: If you are going to restore a single namespace after running above command, please run below workaround to fix this issue

Fix OMT clusterrolebinding and clusterrole

After helm transformation, OMT 5443 portal will no longer be in use.

2Delete unused PVs1 mins
kubectl delete pv $NAMESPACE-db-volume
+kubectl delete pv $NAMESPACE-smartanalytics-volume
+kubectl delete pv $NAMESPACE-global-volume
3Delete unused nfs folders15 minsRun the following command to clean unused nfs folder:

dbVolume=

globalVolume=

smartanalyticsVolume=

Where: and are the NFS paths of db-volume, global-volume, and smartanalytics-volume, respectively.

For example:

dbVolume=/mnt/efs/var/vols/itom/itsma/db-volume

globalVolume=/mnt/efs/var/vols/itom/itsma/global-volume

smartanalyticsVolume=/mnt/efs/var/vols/itom/itsma/smartanalytics-volume


sudo rm -rf $dbVolume
sudo rm -rf $smartanalyticsVolume
sudo rm -rf $globalVolume/data
sudo rm -rf $globalVolume/image
sudo rm -rf $globalVolume/resources
sudo rm -rf $globalVolume/config
sudo rm -rf $globalVolume/certificate
sudo rm -rf $globalVolume/tenant-export
sudo rm -rf $globalVolume/tenant-import
sudo rm -rf $globalVolume/jdbc
sudo rm -rf $globalVolume/l10n
sudo rm -rf $globalVolume/va/configs
sudo rm -rf $globalVolume/va/stopwords
sudo rm -rf $globalVolume/di
sudo rm -rf $globalVolume/logs

Verification

1SMAX30 minsNA
2NSACM Sanity
3Audit Sanity
4Audit-Collector Sanity
+ +#### Build Info: + +| Product | Build/Chart | +| --- | --- | +| **OMT** | 24.2-159 | +| **SMAX/HCMX Metadata** | 24.2.FP1-b11 | +| **SMAX/HCMX Helm chart** | esm-1.0.1+24.2.1-38 | + +#### Doc Link: + +[Transform SMAX To Helm](https://docs.microfocus.com/doc/SMAX/24.2/TransformSmaxToHelmBased) + +**Related pages** + +- Page: + [ESM Cloud Farm Version Tracking](/display/ICSD/ESM+Cloud+Farm+Version+Tracking) +- Page: + [How to get an Opentext Confluence account](/display/ICSD/How+to+get+an+Opentext+Confluence+account) +- Page: + [ITOM APM AppPluse Cloud Farm Information](/display/ICSD/ITOM+APM+AppPluse+Cloud+Farm+Information) +- Page: + [ITOM Cloud Service Ops Doc Management Process](/display/ICSD/ITOM+Cloud+Service+Ops+Doc+Management+Process) +- Page: + [ITOM ESM Cloud Service Catalog](/display/ICSD/ITOM+ESM+Cloud+Service+Catalog) +- Page: + [ITOM OpsB NOM Cloud Service Catalog](/display/ICSD/ITOM+OpsB+NOM+Cloud+Service+Catalog) +- Page: + [OpsB and NOM Cloud Deployments Version Tracking](/display/ICSD/OpsB+and+NOM+Cloud+Deployments+Version+Tracking) diff --git a/knowledgebase/csd-wiki/ICSD/Transform-the-suite-to-a-Helm-deployment-on-24.3.2_688996421.md b/knowledgebase/csd-wiki/ICSD/Transform-the-suite-to-a-Helm-deployment-on-24.3.2_688996421.md new file mode 100644 index 00000000..a47063b3 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/Transform-the-suite-to-a-Helm-deployment-on-24.3.2_688996421.md @@ -0,0 +1,29 @@ +# Transform-the-suite-to-a-Helm-deployment-on-24.3.2_688996421 +#### Helm upgrade procedure + +
SEQStepsDurationDowntime

Prerequisites

1

Make sure current suite is upgraded to version 24.3.2

1 minNA
2

Run the following command to make sure that all the OMT and suite pods are ready

1 min
kubectl get pod --all-namespaces|grep -v 1/1|grep -v 2/2|grep -v 3/3|grep -v 4/4|grep -v Completed

Preparation

1

Download the ESM helm chart to bastion

2 minsNA

Download & Unzip & Verify the signature

2Get environment variables1 min

Run below commands to get ENV variables:

NAMESPACE=`kubectl get namespace|grep itsma | cut -f1 -d " "`
SYSTEM_USER_ID=$(kubectl get configmap -o jsonpath='{.data.system_user_id}' itsma-common-configmap -n $NAMESPACE)
SYSTEM_GROUP_ID=$(kubectl get configmap -o jsonpath='{.data.system_group_id}' itsma-common-configmap -n $NAMESPACE)
SIZE=$(kubectl get configmap -o jsonpath='{.data.itom_suite_size}' itsma-common-configmap -n $NAMESPACE)
echo NAMESPACE: $NAMESPACE SYSTEM_USER_ID: ${SYSTEM_USER_ID}, SYSTEM_GROUP_ID: ${SYSTEM_GROUP_ID}, SIZE: ${SIZE}

NOTE: If your bastion session is expired, run this get ENV variables again. If it expires after you delete the ns, replace the variables manually when executing the command

3Backup the suite external ingress and suite integration ingress.

If you don't have Backup the ingress yaml files which will be used in helm install step to the tmp folder:

NOTE: The ingress names may differ between farms.

kubectl get ingress sma-ingress -n $NAMESPACE -o yaml > suite-ingress-backup.yaml

kubectl get ingress sma-int-ingress -n $NAMESPACE -o yaml > sma-int-ingress-backup.yaml

4

Create additional volumes

Configure NFS volume

1 min

For EKS:

Run the following commands on the bastion node.

NOTE: Please change the mount point with the actual value:

sudo mkdir -p /mnt/efs/var/vols/itom/itsma/config-volume
sudo mkdir -p /mnt/efs/var/vols/itom/itsma/logging-volume
sudo chown -R $SYSTEM_USER_ID:$SYSTEM_GROUP_ID /mnt/efs/var/vols/itom/itsma/config-volume
sudo chown -R $SYSTEM_USER_ID:$SYSTEM_GROUP_ID /mnt/efs/var/vols/itom/itsma/logging-volume
sudo chmod g+w /mnt/efs/var/vols/itom/itsma/config-volume
sudo chmod g+w /mnt/efs/var/vols/itom/itsma/logging-volume
sudo chmod g+s /mnt/efs/var/vols/itom/itsma/config-volume
sudo chmod g+s /mnt/efs/var/vols/itom/itsma/logging-volume

5

Check folder permissions

10 mins

Using the following command to check and change folder permission (Please replace the mount point with actual value:):

Check folder permission:

sudo find /mnt/efs/var/vols/itom -type d -exec stat --format='%u:%g %A %n' '{}' \;| grep -v $SYSTEM_USER_ID:$SYSTEM_GROUP_ID

If the result doesn't include :, change the ownership of each directory or file that you created by using the chown -R : command.

For example (the command find and update the folders' permission exclude the log folder):

sudo find /mnt/efs/var/vols/itom -type d -not -path "/mnt/efs/var/vols/itom/itsma/global-volume/logs/*" -exec chown $SYSTEM_USER_ID:$SYSTEM_GROUP_ID {} +

6

Sync data to new Helm persistent volumes

35 mins

NOTE: Please use the syncData.sh script which in 24.4 GA release package.

NOTE: You may want to clean up the tenant-import and tenant-export folders before sync.

cd ESM_Helm_Chart-2x.x/scripts/transformation
chmod u+x syncData.sh

Use the following command to avoid bastion connection interruption during sync data (Please replace the mount point to actual value you use):

nohup sh -c "printf 'y\ny\ny\ny\n' | sudo./syncData.sh --globalVolumePath /mnt/efs/var/vols/itom/itsma/global-volume --smartanalyticsVolumePath /mnt/efs/var/vols/itom/itsma/smartanalytics-volume --configVolumePath /mnt/efs/var/vols/itom/itsma/config-volume" nohup.out 2>&1 &

Watch the progress by below command:

tail -f nohup.out

For the information, 35 mins for below data size:

The 'global-volume' requires an additional 33 G of free disk space.
The 'config-volume' requires an additional 1.5 G of free disk space.

7

Retrieve system configurations and generate values.yaml file

  • Generate basic values.yaml

  • Generate customized values.yaml

5 mins

Before you begin, ensure that the jq and yq tools are installed

Create a values.yaml file based on the suite environment

cd ESM_Helm_Chart-2x.x/scripts/transformation
chmod u+x generateBasicValuesYaml.sh
./generateBasicValuesYaml.sh

Copy the values.yaml file to the ESM_Helm_Chart-2x.x/charts/ directory.

Save a copy of the values.yaml file in a secure location as backup.

Generate customized values.yaml

Go to the ESM_Helm_Chart-2x.x/scripts/custom_settings directory.Change the script file permission and run script:

cd ESM_Helm_Chart-2x.x/esm-1.0.0+2x.x-xxx/scripts/ custom_settings

chmod u+x generateCustomSettings.sh

./generateCustomSettings.sh

The script generates a customized_values.yaml file in the current directory.

Copy the customized_values.yaml file to the ESM_Helm_Chart-2x.x/charts/ directory.

Copy the customized_values.yaml file to a secure location as a backup copy.

8

Back up OMT and SMA

30 mins

Backup the whole SMAX (RDS/EFS/K8S)

Maintain Window

1

Stop SMA and OMT

10 mins70 mins

1.Stop OMT & SMA:

$CDF_HOME/bin/cdfctl runlevel set -l DOWN -n $NAMESPACE
$CDF_HOME/bin/cdfctl runlevel set -l DOWN -n core

2.Check the pods of OMT & SMA are all stopped.

kubectl get pod -n $NAMESPACE|grep -v -E 'throttling|opentelemetry|toolkit|Completed'
kubectl get pod -n core |grep -v Completed

NOTE: In SaaS simulation ENV, promethues pods are under core namespace and it takes time to shut down these pods

2

Clean up classic SMA resources

5 mins

Use the below command to clean the SMA resource:

kubectl delete ns $NAMESPACE

Verify the ns is deleted:

kubectl get ns

Use the following command to check what resources are being used:

kubectl api-resources --verbs=list --namespaced -o name | xargs -n 1 kubectl get --show-kind --ignore-not-found -n $NAMESPACE

Patch the ingress use the following command:

kubectl patch ing sma-ingress -n $NAMESPACE --type=json --patch='[{"op": "remove", "path": "/metadata/finalizers/0"}]'

3

Sync incremental data

2 mins

NOTE: Please use the syncData.sh script which in 24.4 GA release package.

Sync incremental data:

Go to the ESM_Helm_Chart-2x.x/scripts/transformation directory and run below command again:

sudo./syncData.sh --globalVolumePath /mnt/efs/var/vols/itom/itsma/global-volume --smartanalyticsVolumePath /mnt/efs/var/vols/itom/itsma/smartanalytics-volume --configVolumePath /mnt/efs/var/vols/itom/itsma/config-volume

NOTE: The incremental sync should not cost long time as the first sync, while still you can use the below command to avoid bastion connection interruption during sync data(Please change the mount point as your actual environment):

nohup sh -c "printf 'y\ny\ny\ny\n' | sudo./syncData.sh --globalVolumePath /mnt/efs/var/vols/itom/itsma/global-volume --smartanalyticsVolumePath /mnt/efs/var/vols/itom/itsma/smartanalytics-volume --configVolumePath /mnt/efs/var/vols/itom/itsma/config-volume" nohup.out 2>&1 &

Then watch the progress by below command:

tail -f nohup.out

4

Update the label for the core ns

1 min

Update the label for core:

kubectl patch ns core -p '{"metadata":{"labels":{" deployments.microfocus.com/deployment-name":"cdf "}}}'

5

Create a deployment for the suite

1 min

Create a deployment for suite:

$CDF_HOME/bin/cdfctl deployment create -d $NAMESPACE

NOTE: This command creates a deployment with your original suite namespace as the deployment name.

6

Refine existing PVs

1 min

  1. Go to the ESM_Helm_Chart-2x.x/scripts/transformation directory.

    cd ESM_Helm_Chart-2x.x/esm-1.0.0+2x.x-xxx/scripts/transformation

  2. Run the following commands:

    chmod u+x refinePV.sh 
+./refinePV.sh $SIZE
+NOTE: Enter 2 'y' when execute the shell

  3. Run the following command to verify the PV creation.

    kubectl get pv|grep -E "config-volume|logging-volume|data-volume"|grep itsma

  4. Run the following command to verify the PV status is Available (Below command is supposed to return no result)

    kubectl get pv|grep itsma|grep -v -E "db-volume|global-volume|smartanalytics"|awk '{if ($5!="Available") print $0}'

7Restore vault data
  • Copy vault data from core-volume to global-volume
  • Copy vault secrets to the suite namespace
5 mins

Copy vault data from core-volume to global-volume
On NFS server run:

sudo cp -R /mnt/efs/var/vols/itom/itsma/core/vault /mnt/efs/var/vols/itom/itsma/global-volume/
sudo chown -R $SYSTEM_USER_ID:$SYSTEM_GROUP_ID /mnt/efs/var/vols/itom/itsma/global-volume/vault

Copy vault secrets to the suite namespace

  1. Create script "copyVaultCredentials.sh" > Restore_vault_data
  2. Run below command
    chmod u+x copyVaultCredentials.sh
    ./copyVaultCredentials.sh $NAMESPACE
NOTE: Replace with a unique release name that you want to specify for the suite deployment.
8

Start OMT

5 mins
  1. Start OMT:
    $CDF_HOME/bin/cdfctl runlevel set -l UP -n core
  2. Check that all the OMT pods are ready:
    kubectl get pods -n core|grep -v 1/1|grep -v 2/2|grep -v 3/3|grep -v 4/4|grep -v Completed
9

Install the ESM helm chart

Create ingress for the suite (EKS only)

35 mins

Login Bastion and change folder to the ESM_Helm_Chart-2x.x/charts/ directory.
Run the helm install command:

helm install esm-1.0.0+2x.x-xxx.tgz -n $NAMESPACE -f values.yaml --set global.nodeSelector.Worker=label -f customized_values.yaml

NOTE: This release name is the one you gave in step 7

During the helm installation, monitor the status of the itom-nginx-ingress service by running the below command:

kubectl get svc -n $NAMESPACE|grep itom-nginx-ingress-svc

[EKS Only] Once the service is available, create the ingress for the suite & ingress for the SMAX integration.

For example:

kubectl create -f sma-ingress.yaml
kubectl create -f sma-ingress-integration.yaml

NOTE: The ingress yaml files are the ones you exported in Preparation - Step 3

Bound the newly created the ingress alb to Ops domain(**- smax.esm.com)

Add the newly created service port to the EKS worker's inbound security group

Reference:

10

Enable helm autopass

3 mins

  1. Log in to the control plane node or bastion node.

  2. Change to the ESM_Helm_Chart-2x.x/scripts/transformation directory.

  3. Change the permission of the updateAutopassKey.sh file:

    chmod u+x updateAutopassKey.sh

  4. Run the script to sync the autopass key.

    ./updateAutopassKey.sh -n $NAMESPACE

    It will restart the itom-bo-license-deployment and autopass-lm-v2 pods.

  5. After the above pods are up and running, enter the autopass page with the new URL: https:///autopass.

Ensure all suite pods & job are ready

2 mins

Check helm install pod status

kubectl get pod -n $NAMESPACE|grep -v 1/1|grep -v 2/2|grep -v 3/3|grep -v 4/4|grep -v Completed

Kubectl get job -n $NAMESPACE

Post-tasks

0

(Optional) Reinstall lost services:

Toolkit,

Monitoring,

Opentelemetry

After install the helm version suite, certain ports in suite will be reset. We have to re-enable them again in suite. Please run following command"

1.Run the following patch command:

kubectl patch svc idm-svc -n $(kubectl get namespace |grep itsma | cut -f1 -d " ") --type=json -p='[{"op":"add","path":"/spec/ports/2","value":{"name":"ssl","port":443,"protocol":"TCP","targetPort":8443}},{"op":"add","path":"/spec/ports/3","value":{"name":"metrics","port":444,"protocol":"TCP","targetPort":8444}}]'#expose nginx portkubectl patch svc itom-nginx-ingress-svc -n $(kubectl get namespace |grep itsma | cut -f1 -d " ") --type=json -p='[{"op":"add","path":"/spec/ports/1","value":{"name":"http-metrics","port":10254,"protocol":"TCP","targetPort":10254}}]'#expose redis portkubectl patch svc itom-xruntime-redis-svc -n $(kubectl get namespace |grep itsma | cut -f1 -d " ") --type=json -p='[{"op":"add","path":"/spec/ports/1","value":{"name":"https-metrics","port":9121,"protocol":"TCP","targetPort":9121}}]'#expose rabbitmq port#kubectl patch svc itom-xruntime-rabbitmq-svc -n $(kubectl get namespace |grep itsma | cut -f1 -d " ") --type=json -p='[{"op":"add","path":"/spec/ports/4","value":{"name":"http-metrics","port":9419,"protocol":"TCP","targetPort":15691}}]'#expose port for JMX platformkubectl patch svc itom-xruntime-platform-svc -n $(kubectl get namespace |grep itsma | cut -f1 -d " ") --type=json -p='[{"op":"add","path":"/spec/ports/3","value":{"name":"platform-metrics","port":5555,"protocol":"TCP","targetPort":5555}}]'kubectl patch svc itom-xruntime-platform-offline-svc -n $(kubectl get namespace |grep itsma | cut -f1 -d " ") --type=json -p='[{"op":"add","path":"/spec/ports/3","value":{"name":"platform-offline-metrics","port":5555,"protocol":"TCP","targetPort":5555}}]'kubectl patch svc itom-xruntime-platform-offline-ng-svc -n $(kubectl get namespace |grep itsma | cut -f1 -d " ") --type=json -p='[{"op":"add","path":"/spec/ports/3","value":{"name":"platform-offline-ng-metrics","port":5555,"protocol":"TCP","targetPort":5555}}]'kubectl patch svc itom-xruntime-platform-readonly-svc -n $(kubectl get namespace |grep itsma | cut -f1 -d " ") --type=json -p='[{"op":"add","path":"/spec/ports/3","value":{"name":"platform-readonly-metrics","port":5555,"protocol":"TCP","targetPort":5555}}]'#expose port for JMX gatewaykubectl patch svc itom-xruntime-gateway-svc -n $(kubectl get namespace |grep itsma | cut -f1 -d " ") --type=json -p='[{"op":"add","path":"/spec/ports/3","value":{"name":"gateway-metrics","port":5555,"protocol":"TCP","targetPort":5555}}]'#expose port for JMX service portalkubectl patch svc itom-xruntime-serviceportal-svc -n $(kubectl get namespace |grep itsma | cut -f1 -d " ") --type=json -p='[{"op":"add","path":"/spec/ports/3","value":{"name":"serviceportal-metrics","port":5555,"protocol":"TCP","targetPort":5555}}]'

2.Go to ITOM Marketplace to download all Service Monitor definitions

3.Unzip the package and navigate to the folder prometheus/servicemonitor and run the following command:

namespace=`kubectl get namespace |grep itsma| cut -f1 -d " "`
sed -i -e 's//'$namespace'/g' *.yaml

sed -i -e 's/insecureSkipVerify: false/insecureSkipVerify: true/g' *.yaml
kubectl delete -f./
kubectl create -f./

1

Clean up unused pods in the OMT namespace

5 minsNA

Run the following command to remove cdf-apiserver, cdfapiserverdb, frontendIngress, itom-frontend-ui, and itom-mng-portal resources:

helm upgrade apphub $CDF_HOME/charts/apphub-1.2*.tgz --reuse-values --set global.services.suiteDeploymentManagement=false -n core

kubectl delete deploy suite-conf-pod-itsma -n core --ignore-not-found=true

kubectl delete svc suite-conf-svc-itsma -n core --ignore-not-found=true

kubectl delete ingress suite-conf-ing-itsma -n core --ignore-not-found=true

If you are restoring a single namespace after running above command, it will fail, please do workaround with below wiki:

OMT clusterrolebinding and clusterrole

After helm transformation, OMT 5443 portal will no longer be in use.


Run the following command to clean up OMT install portal ingress for ALB controller:

kubectl delete ingress -n core -l app=install-ingress
2

Delete unused PVs

1 mins
kubectl delete pv $NAMESPACE-db-volume
+kubectl delete pv $NAMESPACE-smartanalytics-volume
+kubectl delete pv $NAMESPACE-global-volume
3

Delete unused nfs folders

15 mins

Run the following command to clean unused nfs folder:

dbVolume=

globalVolume=

smartanalyticsVolume=

Where: and are the NFS paths of db-volume, global-volume, and smartanalytics-volume, respectively.

For example:

dbVolume=/mnt/efs/var/vols/itom/itsma/db-volume

globalVolume=/mnt/efs/var/vols/itom/itsma/global-volume

smartanalyticsVolume=/mnt/efs/var/vols/itom/itsma/smartanalytics-volume


sudo rm -rf $dbVolume
sudo rm -rf $smartanalyticsVolume
sudo rm -rf $globalVolume/data
sudo rm -rf $globalVolume/image
sudo rm -rf $globalVolume/resources
sudo rm -rf $globalVolume/config
sudo rm -rf $globalVolume/certificate
sudo rm -rf $globalVolume/tenant-export
sudo rm -rf $globalVolume/tenant-import
sudo rm -rf $globalVolume/jdbc
sudo rm -rf $globalVolume/l10n
sudo rm -rf $globalVolume/va/configs
sudo rm -rf $globalVolume/va/stopwords
sudo rm -rf $globalVolume/di
sudo rm -rf $globalVolume/logs

Verification

1SMAX30 minsNA
2NSACM Sanity
3Audit Sanity
4Audit-Collector Sanity
+ +#### Doc Link: + +[Transform SMAX To Helm](https://docs.microfocus.com/doc/SMAX/24.2/TransformSmaxToHelmBased#Clean_up_unused_pods_in_the_OMT_namespace) + +**Related pages** + +- Page: + [ESM Cloud Farm Version Tracking](/display/ICSD/ESM+Cloud+Farm+Version+Tracking) +- Page: + [How to get an Opentext Confluence account](/display/ICSD/How+to+get+an+Opentext+Confluence+account) +- Page: + [ITOM APM AppPluse Cloud Farm Information](/display/ICSD/ITOM+APM+AppPluse+Cloud+Farm+Information) +- Page: + [ITOM Cloud Service Ops Doc Management Process](/display/ICSD/ITOM+Cloud+Service+Ops+Doc+Management+Process) +- Page: + [ITOM ESM Cloud Service Catalog](/display/ICSD/ITOM+ESM+Cloud+Service+Catalog) +- Page: + [ITOM OpsB NOM Cloud Service Catalog](/display/ICSD/ITOM+OpsB+NOM+Cloud+Service+Catalog) +- Page: + [OpsB and NOM Cloud Deployments Version Tracking](/display/ICSD/OpsB+and+NOM+Cloud+Deployments+Version+Tracking) diff --git a/knowledgebase/csd-wiki/ICSD/Troubleshooting-as-a-Service_693602624.md b/knowledgebase/csd-wiki/ICSD/Troubleshooting-as-a-Service_693602624.md new file mode 100644 index 00000000..f5836b3c --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/Troubleshooting-as-a-Service_693602624.md @@ -0,0 +1,67 @@ +# Troubleshooting-as-a-Service_693602624 +## Introduction + + +The main purpose of this document is to help non-Cloud Ops team members better understand the various services and tools currently provided for Cloud Application troubleshooting, so that they can be used flexibly in different scenarios and reduce dependence on Cloud Ops engineers. +Our goal is also very clear. We hope to provide a more efficient DevOps ecosystem to provide better services to our customers. + +\*\*Please note that the various services and tools mentioned below require approval and authorization, and are currently limited to members of the Cloud Ops and R&D CPE teams\*\* + +## Troubleshooting as a Service + +### Access Environment as a Service + +**Access to Customer Tenant** +We provide a method to enter the customer's tenant so that when doing troubleshooting, you can directly access the customer's environment to check the problem and understand the symptoms of the problem at the first time, so as to make the right judgment. + +**Access to ESM Farm BO, IDM, UCMDB JMX console** +We provide a method to apply for temporary user access to each farm management console + +- BO Suite Admin +- ESM IDM Admin +- UCMDB Super Admin to UCMDB JMX Console + +### Log Collection as a Service + +We provide a very comprehensive log collection automation tool. +Collect log information of a specific module within a specific time period. Users can select appropriate filtering conditions to collect logs according to different scenarios, so as to locate problems more accurately and reduce extra effort caused by excessive log size. + +### Check Configuration + +### Monitoring as a Service + +**Unified Monitoring via pre-defined Grafana Dashboard** +We provide a lot of rich implementation monitoring data for various troubleshooting. Currently we use Grafana as the monitoring UI to reflect the monitoring data of farm implementation: + +- AWS Cloud Watch Data Source - Able to have real-time infrastructure monitoring (AWS EKS/EFS/RDS) +- Prometheus Data Source - Able to check real-time application level metrics exposed by Prometheus +- Database query Data Source - Get some key indicators of the application through database query +- Containerize/K8S - Able to monitor the key monitoring data of the containerize product, container/node/pod etc. + +**Service Availability Health Page** + +### Log Analysis as a Service + + +**BI Reporting as a Service** + +**Unplanned Change Request as a Service** + +**Other Services** + +**Related pages** + +- Page: + [ESM Cloud Farm Version Tracking](/display/ICSD/ESM+Cloud+Farm+Version+Tracking) +- Page: + [How to get an Opentext Confluence account](/display/ICSD/How+to+get+an+Opentext+Confluence+account) +- Page: + [ITOM APM AppPluse Cloud Farm Information](/display/ICSD/ITOM+APM+AppPluse+Cloud+Farm+Information) +- Page: + [ITOM Cloud Service Ops Doc Management Process](/display/ICSD/ITOM+Cloud+Service+Ops+Doc+Management+Process) +- Page: + [ITOM ESM Cloud Service Catalog](/display/ICSD/ITOM+ESM+Cloud+Service+Catalog) +- Page: + [ITOM OpsB NOM Cloud Service Catalog](/display/ICSD/ITOM+OpsB+NOM+Cloud+Service+Catalog) +- Page: + [OpsB and NOM Cloud Deployments Version Tracking](/display/ICSD/OpsB+and+NOM+Cloud+Deployments+Version+Tracking) diff --git a/knowledgebase/csd-wiki/ICSD/Troubleshooting-guide-for-CMS-UI-report-scheduler-issue_688996426.md b/knowledgebase/csd-wiki/ICSD/Troubleshooting-guide-for-CMS-UI-report-scheduler-issue_688996426.md new file mode 100644 index 00000000..bc671221 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/Troubleshooting-guide-for-CMS-UI-report-scheduler-issue_688996426.md @@ -0,0 +1,53 @@ +# Troubleshooting-guide-for-CMS-UI-report-scheduler-issue_688996426 +Problem *What didn't work? Add a short description of the problem and symptom in this Text Data macro.* + +We received many incidents from DN in EU8 farm about CMS UI report scheduler function is not stable, while with existing CMS UI logs, we can't find the root cause because of limited information in the log, so we need Ops team to help get the thread dump and heap dump of CMS UI pod when the issue happens again. + +[Issue 1992037 - Scheduled Reports logs lack helpful messages for better troubleshooting purpose](https://internal.almoctane.com/ui/entity-navigation?p=97002/20001&entityType=work_item&id=1992037) + +[Issue 2003256 - Scheduled Reports status always shows "pending"](https://internal.almoctane.com/ui/entity-navigation?p=97002/20001&entityType=work_item&id=2003256) + +[Issue 2113063 - EU8 Report scheduled at CMS UI are often getting stopped or not working](https://internal.almoctane.com/ui/entity-navigation?p=97002/20001&entityType=work_item&id=2113063) + +## Environment + +*Which enviroment and customer tenant that are affected? Add a short description in this Text Data macro* EU8 DN prod tenant + +## Cause + +*Why did this happen? Describe the root cause of the problem in this Text Data macro.*The root cause is not found yet, need to get thread dump and heap dump of CMS UI pod to get more information. + +## Solution + +*How do we fix it? Describe how someone would solve the problem in a concise, step-by-step guide in this Text Data macro.* + +Follow the steps when the CMS UI report scheduler is hanging or not working again: + +1. Collect all CMS browser logs +2. Get CMS UI thread dump and heap dump: + 1. run kubectl command to enter CMS browser pod: **kubectl exec -it -n** ** -c bash** + 2. go to one folder which have write permission e.g. /tmp. + 3. run \`jstack \` to get thread dump, then wait for 10 seconds to get a 2nd thread dump for comparation purpose + 4. run 'jmap -dump:file=headdump ' to get heap dump + 5. share the heapdump and thread dump to CMS R&D + +## Related articles + +*Conveniently search and link related articles through List Data macro.* + +**Related pages** + +- Page: + [ESM Cloud Farm Version Tracking](/display/ICSD/ESM+Cloud+Farm+Version+Tracking) +- Page: + [How to get an Opentext Confluence account](/display/ICSD/How+to+get+an+Opentext+Confluence+account) +- Page: + [ITOM APM AppPluse Cloud Farm Information](/display/ICSD/ITOM+APM+AppPluse+Cloud+Farm+Information) +- Page: + [ITOM Cloud Service Ops Doc Management Process](/display/ICSD/ITOM+Cloud+Service+Ops+Doc+Management+Process) +- Page: + [ITOM ESM Cloud Service Catalog](/display/ICSD/ITOM+ESM+Cloud+Service+Catalog) +- Page: + [ITOM OpsB NOM Cloud Service Catalog](/display/ICSD/ITOM+OpsB+NOM+Cloud+Service+Catalog) +- Page: + [OpsB and NOM Cloud Deployments Version Tracking](/display/ICSD/OpsB+and+NOM+Cloud+Deployments+Version+Tracking) diff --git a/knowledgebase/csd-wiki/ICSD/Troubleshooting_688996268.md b/knowledgebase/csd-wiki/ICSD/Troubleshooting_688996268.md new file mode 100644 index 00000000..a1405626 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/Troubleshooting_688996268.md @@ -0,0 +1,13 @@ +# Troubleshooting_688996268 +1. [ITOM Cloud Service Delivery](index.html) +2. [ITOM Cloud Service Delivery](ITOM-Cloud-Service-Delivery_681555087.html) +3. [💠3 - Operation & Maintenance](682933064.html) + +Created by on Feb 08, 2025 EST + +- [How to find the suite logs for troubleshooting](How-to-find-the-suite-logs-for-troubleshooting_686074297.html) +- [How to re-trigger Native SACM data migration job](How-to-re-trigger-Native-SACM-data-migration-job_686074234.html) + +Document generated by Confluence on Sep 15, 2025 22:27 EDT + +[Atlassian](https://www.atlassian.com/) diff --git a/knowledgebase/csd-wiki/ICSD/UCMDB-APM-Monitoring-Business-Flow_686073690.md b/knowledgebase/csd-wiki/ICSD/UCMDB-APM-Monitoring-Business-Flow_686073690.md new file mode 100644 index 00000000..04fc3ab5 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/UCMDB-APM-Monitoring-Business-Flow_686073690.md @@ -0,0 +1,58 @@ +# UCMDB-APM-Monitoring-Business-Flow_686073690 +Created by, last modified by Wei Shen on Feb 06, 2025 EST + +## Introduction + +This document describes the use cases used for UCMDB RUM (Real User Monitoring) testing. + +## UCMDB APM Monitoring Business Flow + +In 24.3 UCMDB implemented a feature named ‘Global Search’ that has CMS UI layout change, this feature is enabled by default that impact 2 of current CMS APM monitoring flows: **UCMDB Search View and Report, View map**. Update these two with Global Search. + +### UCMDB UI Login + +\- browse [https://cms\_host/ucmdb-browser/ui/home](https://cms_host/ucmdb-browser/ui/home) + +\- Login with admin user + +\- Success criteria: return 200 (simplified the criteria) + +### UCMDB Inventory + +\- Click on ‘ **INVENTORY’** in the top + +\- Success criteria: see Databases card with number >0 (simplified the criteria, remove the drill down that has bad performance) + +![](attachments/686073690/686073677.png) + +### UCMDB Search View and Report + +- In the right top, click search icon +- In the expended search bar, select **Reports** +- Search ' **Cloud Host Migration** ' +- Success criteria: **Cloud Host Migration** is shown in the page under DISPLAY LABEL. + +**![](attachments/686073690/686073682.png)** + +### UCMDB View map + +- **Right click** on 'Cloud Host Migration' line +- Click on **Execute** +- Success criteria: On premise is shown in the page + +![](attachments/686073690/686073687.png) + +![](attachments/686073690/686073689.png) + +**Related pages** + +**Content by label** + +There is no content with the specified labels + +## Attachments: + +[image-2025-1-21\_13-40-38.png](attachments/686073690/686073677.png) (image/png) +[image-2025-1-21\_13-41-2.png](attachments/686073690/686073682.png) (image/png) +[image-2025-1-21\_13-41-32.png](attachments/686073690/686073687.png) (image/png) +[image-2025-1-21\_13-41-48.png](attachments/686073690/686073689.png) (image/png) diff --git a/knowledgebase/csd-wiki/ICSD/UCMDB-Server-Master-key-rotation_688996428.md b/knowledgebase/csd-wiki/ICSD/UCMDB-Server-Master-key-rotation_688996428.md new file mode 100644 index 00000000..0d5758e7 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/UCMDB-Server-Master-key-rotation_688996428.md @@ -0,0 +1,116 @@ +# UCMDB-Server-Master-key-rotation_688996428 +UD/UCMDB stores the master key for app-level encryption in the vault. This master key should be rotated as other keys used for storage encryption. + +This section enables you to rotate the master key, by creating a script that changes the UCMDB master key with a newly generated one. The new master key can be either defined by you, or randomly generated by the script. + +To rotate the master key, follow these steps: + +1. On your local machine, create the **rotate\_masterkey. sh** file with the following content: + ``` + #!/bin/bash + usage() { + echo "Usage: $0 -r -n " + exit 1 + } + while getopts ":r:n:" opt; do + case $opt in + r) RELEASE=$OPTARG ;; + n) NAMESPACE=$OPTARG ;; + *) usage ;; + esac + done + if [ -z "$RELEASE" ] || [ -z "$NAMESPACE" ]; then + usage + fi + validate_password() { + local password="$1" + if [[ ! "$password" =~ [0-9] ]]; then + echo "Error: The new master key must contain at least one number." + return 1 + fi + if [[ ! "$password" =~ [[:punct:]] ]]; then + echo "Error: The new master key must contain at least one punctuation character: +-./:[]_ " + return 1 + fi + if [ ${#password} -ne 32 ]; then + echo "Error: The new master key must be exactly 32 characters long." + return 1 + fi + return 0 + } + while true; do + read -p "Enter the new master key (32 characters) or leave empty to generate one: " NEW_KEY + if [ -z "$NEW_KEY" ]; then + PUNCT_CHAR=$( /tmp/values.tmp + echo "The Helm values file has been successfully saved" + else + echo "Failed to get the Helm values." + exit 1 + fi + jq '.acceptEula = true' /tmp/values.tmp > /tmp/values.old + rm /tmp/values.tmp + if jq . /tmp/values.old >/dev/null 2>&1; then + echo "The JSON in /tmp/values.old is valid." + else + echo "The JSON in /tmp/values.old is invalid. Please check the Helm values output." + exit 1 + fi + TEMP_FILE=$(mktemp) + jq --arg new_key "$ENCODED_KEY" '.secrets["ucmdb_master_key"] = $new_key' /tmp/values.old > "$TEMP_FILE" + if [ $? -eq 0 ]; then + echo "The ucmdb_master_key has been successfully replaced with the new encoded value." + else + echo "Failed to update the ucmdb_master_key." + exit 1 + fi + mv "$TEMP_FILE" /tmp/values.new + echo "The updated Helm values file has been saved to /tmp/values.new" + ``` +2. Run the following command to get the release name for the helm deployment, and the information about the UCMDB chart used in the deployment: + ``` + helm list -n + ``` +3. Run the following command to rotate the master key: + ``` + ./rotate_masterkey.sh -r -n + ``` +4. Enter the new master key, or press **Enter** if you want the script to generate a random one. + The master key must contain exactly 32 characters and include at least one of each of the following four types of characters: + - Uppercase alphabetic characters + - Lowercase alphabetic characters + - Numeric characters + - Special characters: `:/._+-[]` + The script returns two files: + - **\\tmp\\values.old** - contains the information from the deployment with the old master key + - **\\tmp\\values.new** - contains the information from the deployment with the new master key +5. Write down the value of the new master key, if you chose the key generated by the script. +6. Access JMX Console, and locate the **changeMasterKeyForCluster** method. Enter and confirm the new master key, and then select **Invoke**. +7. Run the following command to upgrade the helm deployment with the new master key value: + ``` + helm upgrade --namespace -f /tmp/values.new + ``` +8. Run the following commands to restart the itom-ucmdb pods: + ``` + kubectl scale -n --replicas=0 statefulset/itom-ucmdb + ``` + Wait for the itom-ucmdb pods to stop, and then run the following command: + ``` + kubectl scale -n --replicas=2 statefulset/itom-ucmdb + ``` diff --git a/knowledgebase/csd-wiki/ICSD/Update-HNSW-parameters-for-enhanced-Aviator-semantic-search-accuracy_686074753.md b/knowledgebase/csd-wiki/ICSD/Update-HNSW-parameters-for-enhanced-Aviator-semantic-search-accuracy_686074753.md new file mode 100644 index 00000000..b366b9d0 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/Update-HNSW-parameters-for-enhanced-Aviator-semantic-search-accuracy_686074753.md @@ -0,0 +1,20 @@ +# Update-HNSW-parameters-for-enhanced-Aviator-semantic-search-accuracy_686074753 +## Introduction + +This topic describes how to update the HNSW parameters to improve the semantic search accuracy on the PM tenant. + +## Update the HNSW parameters + +This task is per tenant. + +1. Log in to **https:///?#/connect**. +2. From the navigation pane on the left, select **Collection**. +3. Hover over the required collection and click the highlighted **release** button that appears at the end of this row. +4. Release the specified Vector DB collection. The collection status will change to **Unloaded**. + The Aviator capability will be unavailable until you complete all the steps in this task. During this period, the incoming index data will not be stored in this collection. +5. Click the released collectionn name. +6. On the **Schema** tab, click the remove button of the **Vector** field, and then type **drop** to confirm. +7. Click **+INDEX** of the Vector field. +8. On the dialog box that appears, enter a descriptive name and then set **Index Type** to **HNSW**, **Metric Type** to **L2**, **M** to **64**, and **Ef Construction** to **512**. Click **Create**. +9. Go back to the collection list, hover over the collection, and click the **load** button that appears at the end. +10. Load the specified Vector DB collection. The collection status will change to **Loaded**. diff --git a/knowledgebase/csd-wiki/ICSD/Update-VA-configurations-for-enhanced-Aviator-semantic-search-accuracy_686074767.md b/knowledgebase/csd-wiki/ICSD/Update-VA-configurations-for-enhanced-Aviator-semantic-search-accuracy_686074767.md new file mode 100644 index 00000000..07708b71 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/Update-VA-configurations-for-enhanced-Aviator-semantic-search-accuracy_686074767.md @@ -0,0 +1,23 @@ +# Update-VA-configurations-for-enhanced-Aviator-semantic-search-accuracy_686074767 +## Introduction + +This topic describes how to update the VA configrations to improve the semantic search accuracy on the PM tenant. + +## Update VA configurations + +1. In the same browser of the tenant, open a new tab, enter **https://ais.itsma-ng.org/sap/rest-client?TENANTID=** in the URL to go to Rest Call page. +2. Enter **virtual-agent/agentsetting**, select the **GET** method, and click **Send**. You will get the current VA configurations in the response. +3. Copy the following JASON script from the response. + +![](attachments/686074767/686074763.png) + +1. Switch to the **PUT** mode and paste the above information, change the **topK** and **scoreThreshold** parameters accordingly in the **qna** and **intent** sections, and then click **Send**. + +![](attachments/686074767/686074765.png) + +1. You can switch to **GET** mode to get the latest configurations to double check if the change takes effect. + +## Attachments: + +[VDBconfig.png](attachments/686074767/686074763.png) (image/png) +[qnaIntent.png](attachments/686074767/686074765.png) (image/png) diff --git a/knowledgebase/csd-wiki/ICSD/Upgrade-CMS-from-24.3-to-24.4_688996436.md b/knowledgebase/csd-wiki/ICSD/Upgrade-CMS-from-24.3-to-24.4_688996436.md new file mode 100644 index 00000000..746caf4e --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/Upgrade-CMS-from-24.3-to-24.4_688996436.md @@ -0,0 +1,120 @@ +# Upgrade-CMS-from-24.3-to-24.4_688996436 +## Pre-upgrade tasks + +Because of this defect: [Issue 2405372 - \[SaaS\]Customer startup fails due to having two references towards different repositories in Settings\_LDAP\_SETTING(ZA, PCS 1188476 )](https://internal.almoctane.com/ui/entity-navigation?p=97002/32001&entityType=work_item&id=2405372) + +Please run the following statement from JMX-Console, executeQuery(**UCMDB:service=DAL services**): + +> ``` +> select * from urm_Resources where type='Settings_LDAP_SETTING' AND RESOURCE_ID !='ldap.setting.UCMDB' +> ``` + +If it returns any results, there are two options to follow next(either first or the second): + +1\. Delete the inconsistency in db: for each of the returned RESOURCE\_ID, connect to the database and execute the below statement: + +> delete from urm\_Resources where type='Settings\_LDAP\_SETTING' AND RESOURCE\_ID ='resource\_id\_from\_previous\_output' + +2\. Add the param --add-exports=java.naming/com.sun.jndi.ldap=ALL-UNNAMED in values.yaml before the upgrade process. + +For ucmdbserver deployment at the of additionalOpts, like this example: + +> ucmdbserver: +> +> deployment: +> +> additionalOpts: -XX:HeapDumpPath=./runtime/log/java\_heapdump.hprof **\--add-exports=java.naming/com.sun.jndi.ldap=ALL-UNNAMED** +> +> database: +> +> dbName: cms\_ucmdb\_db +> +> schema: cms\_ucmdb\_schema +> +> user: cms\_ucmdb +> +> jvmXmxMemory: 14336 + +## Backup CMS before upgrade + +Refer to the official CMS backup doc: [https://docs.microfocus.com/doc/SMAX/24.3/CmsBackUpManagedK8S](https://docs.microfocus.com/doc/SMAX/24.3/CmsBackUpManagedK8S). + +## Perform CMS upgrade + +Refer to the official [CMS upgrade doc](https://docs.microfocus.com/doc/SMAX/24.3/CmsUpgradeManagedK8S) to do the following steps: + +1. **Download the new CMS charts package** +2. **Perform CMS version update** +3. **Troubleshooting: unable to access CMS UI after the upgrade** + +## Post upgrade steps + +The following steps are required because of the major version upgrade from Solr 8.x to Solr 9.x: + +1. Run the following command to stop the Solr pod: + ``` + kubectl scale deployment itom-ucmdb-solr -n --replicas=0 + ``` +2. Delete the **data** folder from the **nfs: data-volume/ucmdb/solr/data** file: + 1. Run the following command to navigate to the **NFS** path where the ucmdb persistent volumes are stored: + ``` + cd /data-volume/ucmdb/solr + ``` + 2. Run the following command to delete the **data** folder: + ``` + sudo rm -rf data + ``` +3. Run the following command to start the Solr pod: + ``` + kubectl scale deployment itom-ucmdb-solr -n --replicas=1 + ``` +4. Restart the UCMDB server: + 1. Run the following command: + ``` + kubectl scale -n NAMESPACE --replicas=0 statefulset/itom-ucmdb + ``` + 2. Wait until both UCMDB pods (itom-ucmdb-0 and itom-ucmdb-1) are deleted, and then run the following command: + `kubectl scale -n NAMESPACE --replicas=2 statefulset/itom-ucmdb ` + +`How to check if reindex worked?` + +- `Go to JMX-console under Topology Search Service and execute printStatusReportForAllCustomers:` +- `OK example(progress 100%):` + +![](attachments/688996436/688996431.png) + +- `NOT OK example(see last result null):` + +![](attachments/688996436/688996432.png) + +`If reindex was not run successful please use the below script to trigger the execution of reindex method from JMX for the entire farm(all customers):` + +1\. get the script - contact Alin Zirbo + +2.put the script and the jar on the cms efs at the path: cms\_data\_vol/ucmdb/server/conf/discovery/customer\_1 + +3[.cd](http://2.cd/) to customer\_1 + +4\. chmod 775 \* + +5\. chown 1999:1999 \* + +6\. edit the sts of itom-ucmdb and add for JAVA\_OPTS the next 3 lines + +\-Dcom.sun.management.jmxremote.port=29601 -Dcom.sun.management.jmxremote.authenticate=false + +\-Dcom.sun.management.jmxremote.ssl=false -Djava.rmi.server.hostname=localhost + +\-Dcom.sun.management.jmxremote.rmi.port=29601 + +7.wait too be fully up + +8.kubectl exec -it itom-ucmdb-1 -n cms -c itom-ucmdb -- /bin/bash -c "bash /ucmdb/conf/discovery/customer\_1/status.sh reindex\_all localhost" + +9\. check the results.txt from customer\_1 folder (cat results.txt) + +10\. Share the results.txt from each farm with Diana Pop(dpop@ [opentext.com](http://opentext.com/)) + +[cmdline-jmxclient-0.10.3-patched.jar](#) + +[status.sh](#) diff --git a/knowledgebase/csd-wiki/ICSD/Upgrade-CMS-to-24.4.2_688996438.md b/knowledgebase/csd-wiki/ICSD/Upgrade-CMS-to-24.4.2_688996438.md new file mode 100644 index 00000000..c6b8b351 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/Upgrade-CMS-to-24.4.2_688996438.md @@ -0,0 +1,28 @@ +# Upgrade-CMS-to-24.4.2_688996438 +## Pre-upgrade tasks + +N/A + +## Backup CMS before upgrade + +Refer to the official CMS backup doc: [https://docs.microfocus.com/doc/SMAX/24.3/CmsBackUpManaged](https://docs.microfocus.com/doc/SMAX/24.3/CmsBackUpManagedK8S) + +## Perform CMS upgrade + +Refer to the official [CMS patch upgrade doc](https://staging.docs.microfocus.com/doc/UCMDB_Containerized/24.4/2441#Apply_the_patch) to do the following steps: + +1. **Download the new CMS charts package** +2. **Perform CMS version update** + +## Post upgrade steps + +There are 1 post upgrade step need to perform: + +1. **Apply the latest version of UCMDB Monitoring package for monitoring browser related metrics** + 1. You can download it from Marketplace: [UCMDB Monitoring | ITOM Marketplace (microfocus.com)](https://www.microfocus.com/marketplace/itom/content/ucmdb-monitoring). In this version, it provides some browser related metrics, please follow below steps to deploy it: + 1. Deploy Service monitor for Prometheus scrap, get ucmdb\_browser\_metrics.yaml from the package, replace keywords which is wrapped by <> in the file and then execute below command to deploy such k8s service + kubectl apply –f ucmdb\_browser\_metrics.yaml + 2. Import ucmdb\_browser\_service\_metrics.json from the package to Grafana service which is to deploy the dashboard to view JVM status of Ucmdb Browser service + 3. Update AWS Waf to the latest version, the metrics api should not be open to public + 4. Add one chart in Ucmdb pod monitoring dashboard to observe the memory consumption of Ucmdb Browser pod + 2. Let's keep monitoring it for some time and then decide how to set the alert. diff --git a/knowledgebase/csd-wiki/ICSD/Upgrade-EKS-of-SMAX_706832577.md b/knowledgebase/csd-wiki/ICSD/Upgrade-EKS-of-SMAX_706832577.md new file mode 100644 index 00000000..93f35234 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/Upgrade-EKS-of-SMAX_706832577.md @@ -0,0 +1,13 @@ +# Upgrade-EKS-of-SMAX_706832577 +1. [ITOM Cloud Service Delivery](index.html) +2. [ITOM Cloud Service Delivery](ITOM-Cloud-Service-Delivery_681555087.html) +3. [💠3 - Operation & Maintenance](682933064.html) + +Created by on Jun 13, 2025 EDT + +- [EKS upgrade from version 1.29 to 1.30](EKS-upgrade-from-version-1.29-to-1.30_709421239.html) +- [EKS upgrade from version 1.30 to 1.31](EKS-upgrade-from-version-1.30-to-1.31_706832607.html) + +Document generated by Confluence on Sep 15, 2025 22:27 EDT + +[Atlassian](https://www.atlassian.com/) diff --git a/knowledgebase/csd-wiki/ICSD/Upgrade-ESM_706819674.md b/knowledgebase/csd-wiki/ICSD/Upgrade-ESM_706819674.md new file mode 100644 index 00000000..d0f28f96 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/Upgrade-ESM_706819674.md @@ -0,0 +1,19 @@ +# Upgrade-ESM_706819674 +- [ESM Upgrade Strategy & Planning & Process](702037723.html) +- [Patch/Hotfix Process](686083983.html) +- [Product Version Upgrade](Product-Version-Upgrade_686083990.html) + - [AWS RDS certificate update- Helm Simulation env](AWS-RDS-certificate-update--Helm-Simulation-env_686088156.html) + - [ESM Patch Version Rollback Capability Tracking](ESM-Patch-Version-Rollback-Capability-Tracking_692429849.html) + - [ESM SaaS Upgrade to version 25.1](ESM-SaaS-Upgrade-to-version-25.1_688988231.html) + - [ESM SaaS Upgrade to version 25.1.1 from 24.4.2](ESM-SaaS-Upgrade-to-version-25.1.1-from-24.4.2_688992593.html) + - [ESM SaaS Upgrade to version 25.1.2 from 25.1.1](ESM-SaaS-Upgrade-to-version-25.1.2-from-25.1.1_692438948.html) + - [ESM SaaS Upgrade to version 25.2 from 25.1.2](ESM-SaaS-Upgrade-to-version-25.2-from-25.1.2_693604994.html) + - [ESM SaaS Upgrade to version 25.2.2 from 25.2](ESM-SaaS-Upgrade-to-version-25.2.2-from-25.2_705001241.html) + - [ESM SaaS Upgrade to version 25.3 from 25.2.2 (SMAX 25.2.2 HF1+25.2.2.HF2+UCMDB HF1)](708228059.html) + - [ESM SaaS Upgrade to version 25.3.1 from 25.3](ESM-SaaS-Upgrade-to-version-25.3.1-from-25.3_713194452.html) + - [ESM SaaS Upgrade to version 25.3.2 from 25.3.1](ESM-SaaS-Upgrade-to-version-25.3.2-from-25.3.1_716275145.html) + - [Issues list per release](Issues-list-per-release_696536522.html) + - [Transform the suite to a Helm deployment on 24.2.FP1](Transform-the-suite-to-a-Helm-deployment-on-24.2.FP1_688996419.html) + - [Transform the suite to a Helm deployment on 24.3.2](Transform-the-suite-to-a-Helm-deployment-on-24.3.2_688996421.html) + - [Upgrade CMS from 24.3 to 24.4](Upgrade-CMS-from-24.3-to-24.4_688996436.html) + - [Upgrade CMS to 24.4.2](Upgrade-CMS-to-24.4.2_688996438.html) diff --git a/knowledgebase/csd-wiki/ICSD/Utilities-need-to-be-updated-after-NFS-volume-change_688996444.md b/knowledgebase/csd-wiki/ICSD/Utilities-need-to-be-updated-after-NFS-volume-change_688996444.md new file mode 100644 index 00000000..4d37a2dc --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/Utilities-need-to-be-updated-after-NFS-volume-change_688996444.md @@ -0,0 +1,45 @@ +# Utilities-need-to-be-updated-after-NFS-volume-change_688996444 +## Introduction + +This page presents all the changes required on the utilities if there is a need to change NFS volumes like helm transformation. + +## Detailed list + +1. Log collection + [https://github.houston.softwaregrp.net/smax-saas-ops/saas-devops-tools/blob/master/getlogs\_slice\_saas.sh](https://github.houston.softwaregrp.net/smax-saas-ops/saas-devops-tools/blob/master/getlogs_slice_saas.sh) +2. EFS clean up + [https://github.houston.softwaregrp.net/smax-saas-ops/saas-devops-tools/blob/563461c2ff34ecc456f85b53140d59a8ef21fd40/cleanupEFS.sh](https://github.houston.softwaregrp.net/smax-saas-ops/saas-devops-tools/blob/563461c2ff34ecc456f85b53140d59a8ef21fd40/cleanupEFS.sh) +3. Log Analytics (OpenSearch) + [https://github.houston.softwaregrp.net/smax-saas-ops/saas-logging/blob/main/Configuration/filebeat/filebeat-sma-cms.yaml](https://github.houston.softwaregrp.net/smax-saas-ops/saas-logging/blob/main/Configuration/filebeat/filebeat-sma-cms.yaml) +4. dump4SMAX + [https://github.houston.softwaregrp.net/smax-saas-ops/saas-devops-tools/blob/fdc333774f4bde8f1e3c4ea50926dec847d0de3e/dump4SMAX.sh](https://github.houston.softwaregrp.net/smax-saas-ops/saas-devops-tools/blob/fdc333774f4bde8f1e3c4ea50926dec847d0de3e/dump4SMAX.sh) +5. Install upgrade toolkit + [https://github.houston.softwaregrp.net/smax-saas-ops/saas-devops-tools/blob/cb6efc40846b45802fb9d4689470b822cd556374/install\_upgrade\_toolkit.sh](https://github.houston.softwaregrp.net/smax-saas-ops/saas-devops-tools/blob/cb6efc40846b45802fb9d4689470b822cd556374/install_upgrade_toolkit.sh) +6. reindex + [https://github.houston.softwaregrp.net/smax-saas-ops/saas-devops-tools/blob/3e301a63afaf44b70f3c96069493208694ede826/reindex.sh](https://github.houston.softwaregrp.net/smax-saas-ops/saas-devops-tools/blob/3e301a63afaf44b70f3c96069493208694ede826/reindex.sh) +7. configmap change - + ``` + database-configmap has been removed and some jenkins job are impacted + ``` + +### Documents list + +1. [(JP12) Enhance search accuracy of Japanese content](https://rndwiki.houston.softwaregrp.net/confluence/display/ICS/%28JP12%29+Enhance+search+accuracy+of+Japanese+content) +2. [ESM Cloud Disaster and Recovery Guide](https://rndwiki.houston.softwaregrp.net/confluence/display/ICS/ESM+Cloud+Disaster+and+Recovery+Guide) + +**Related pages** + +- Page: + [ESM Cloud Farm Version Tracking](/display/ICSD/ESM+Cloud+Farm+Version+Tracking) +- Page: + [How to get an Opentext Confluence account](/display/ICSD/How+to+get+an+Opentext+Confluence+account) +- Page: + [ITOM APM AppPluse Cloud Farm Information](/display/ICSD/ITOM+APM+AppPluse+Cloud+Farm+Information) +- Page: + [ITOM Cloud Service Ops Doc Management Process](/display/ICSD/ITOM+Cloud+Service+Ops+Doc+Management+Process) +- Page: + [ITOM ESM Cloud Service Catalog](/display/ICSD/ITOM+ESM+Cloud+Service+Catalog) +- Page: + [ITOM OpsB NOM Cloud Service Catalog](/display/ICSD/ITOM+OpsB+NOM+Cloud+Service+Catalog) +- Page: + [OpsB and NOM Cloud Deployments Version Tracking](/display/ICSD/OpsB+and+NOM+Cloud+Deployments+Version+Tracking) diff --git a/knowledgebase/csd-wiki/ICSD/Workaround-Solutions_686074552.md b/knowledgebase/csd-wiki/ICSD/Workaround-Solutions_686074552.md new file mode 100644 index 00000000..3d3027d3 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/Workaround-Solutions_686074552.md @@ -0,0 +1,16 @@ +# Workaround-Solutions_686074552 +- [(23.4.P1) Disable the platform access and service log on EU8 for farm stabilization](686074570.html) +- [(JP12) Enhance search accuracy of Japanese content](686074588.html) +- [Change TimeWindow Interval via JMX or configmap](Change-TimeWindow-Interval-via-JMX-or-configmap_686074596.html) +- [Disable the gateway service log for farm stabilization](Disable-the-gateway-service-log-for-farm-stabilization_686074613.html) +- [Disable the platform access logs and most of service logs on EU8 for farm stabilization](Disable-the-platform-access-logs-and-most-of-service-logs-on-EU8-for-farm-stabilization_686074621.html) +- [Disabling new rich text editor if it is already enabled](Disabling-new-rich-text-editor-if-it-is-already-enabled_708226541.html) +- [How to check native SACM notificaiton queue in SaaS](How-to-check-native-SACM-notificaiton-queue-in-SaaS_686074669.html) +- [How to fix broken SLT data via Python script](How-to-fix-broken-SLT-data-via-Python-script_686074161.html) +- [How to fix inability to add new Data Domains](How-to-fix-inability-to-add-new-Data-Domains_716270786.html) +- [NGarm=2 for Japanese language in IDOL contents](686074681.html) +- [Optimize the IDOL archive queue for EU8](Optimize-the-IDOL-archive-queue-for-EU8_686074695.html) +- [Satellite-table related feature blocked due to fuse exceeded](Satellite-table-related-feature-blocked-due-to-fuse-exceeded_686074726.html) +- [SQL commands request for Issue 2126361 - Reconciliation Issue due to duplication of PK in URM History](SQL-commands-request-for-Issue-2126361---Reconciliation-Issue-due-to-duplication-of-PK-in-URM-History_686074742.html) +- [Update HNSW parameters for enhanced Aviator semantic search accuracy](Update-HNSW-parameters-for-enhanced-Aviator-semantic-search-accuracy_686074753.html) +- [Update VA configurations for enhanced Aviator semantic search accuracy](Update-VA-configurations-for-enhanced-Aviator-semantic-search-accuracy_686074767.html) diff --git a/knowledgebase/csd-wiki/ICSD/Workaround-to-avoid-EFS-credits-used-up-after-upgrading-SaaS-UCMDB-to-24.3.2_688996457.md b/knowledgebase/csd-wiki/ICSD/Workaround-to-avoid-EFS-credits-used-up-after-upgrading-SaaS-UCMDB-to-24.3.2_688996457.md new file mode 100644 index 00000000..ce29e9f3 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/Workaround-to-avoid-EFS-credits-used-up-after-upgrading-SaaS-UCMDB-to-24.3.2_688996457.md @@ -0,0 +1,25 @@ +# Workaround-to-avoid-EFS-credits-used-up-after-upgrading-SaaS-UCMDB-to-24.3.2_688996457 +### Background: + +Previously in EU28 there was a issue reported by Evonik that the result processing thread died and caused probe discovery result not processing, but we don't know why due to insufficient information. To figure out the reason, we printed out more details in the logs ([Issue 2230863 - Results processing thread died and caused probe discovery results not processing](https://internal.almoctane.com/ui/entity-navigation?p=97002/20001&entityType=work_item&id=2230863)) in 24.3.2. + +Later after US26 upgrade to 24.3.2, we observed the same problem of result processing for Salesforce. Thanks to the more information in the log, we now know the root cause (and fixed accordingly [Issue 2386070 - Results processing component is not initialized when farm restart due to NPE and caused EFS credits used up](https://internal.almoctane.com/ui/entity-navigation?p=97002/32001&entityType=work_item&id=2386070)). But it brings another side effect that the EFS credits will be used up soon after upgrading to 24.3.2. The workaround for the side effect is to restart the problematic tenants. + +After discussion, we concluded that to avoid the same problem (EFS credits used up after upgrade) for other farms, it's better that SaaS Ops can have a check after upgrade. If the problem is reproduced, then perform below steps to work around it. + +### Steps: + +1. Prerequisite: SaaS UCMDB has been upgraded to 24.3.2 +2. Find the writer pod: kubectl get po -n cms --show-labels | grep writer +3. Go to the writer efs, choose one of the following based on step 2: + 1. cd /mnt/cms/var/vols/itom/cms/log\_volume/ucmdb/server/itom-ucmdb-0 + cd /mnt/cms/var/vols/itom/cms/log\_volume/ucmdb/server/itom-ucmdb-1 +4. vi error.log, check if there are lots of logs like below (more than 100 times per minute) + 1. 2024-09-23 06:44:12,962 ERROR \[Process Results Thread (customer 105492793; idx 1)\]\[System\] (:) - Unexpected exception happened in result processing + java.lang.NullPointerException: null + at com.hp.ucmdb.discovery.server.framework.discovery.manager.AutoDiscoveryProbeManagerImpl$ProcessResultsThread.authorizedRun(AutoDiscoveryProbeManagerImpl.java:1611) ~\[discovery-server.jar:11.8.5.12\] + at com.hp.ucmdb.discovery.server.utils.AbstractAuthorizedThread$1.executeInContext(AbstractAuthorizedThread.java:26) ~\[discovery-server.jar:11.8.5.12\] + at com.hp.ucmdb.discovery.server.utils.AbstractAuthorizedThread$1.executeInContext(AbstractAuthorizedThread.java:23) ~\[discovery-server.jar:11.8.5.12\] + at com.mercury.topaz.cmdb.shared.manage.AuthorizationContextUtils.executeInSystemAuthorizationContext(AuthorizationContextUtils.java:24) ~\[cmdb-framework.jar:11.8.5.12\] +5. if no such errors, then it's fine; if there are such errors, restart the customer mentioned in the log in jmx +6. check the error.log again to confirm if the error persists diff --git a/knowledgebase/csd-wiki/ICSD/Zero-trust-security-configuration-for-ACME_688996466.md b/knowledgebase/csd-wiki/ICSD/Zero-trust-security-configuration-for-ACME_688996466.md new file mode 100644 index 00000000..67ae3471 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/Zero-trust-security-configuration-for-ACME_688996466.md @@ -0,0 +1,46 @@ +# Zero-trust-security-configuration-for-ACME_688996466 +### This is the solution for ACME zero trust security configuration. + +### Background & Motivation + +- Inefficient nginx->ALB network path: via Transit Gateway -> LZ CheckPoint FW -> LZ NAT GW -> LZ Internet GW +- Nginx->ALB uses inefficient HTTP 1.0 protocol with no session keep-alive / no connection pooling + - required as connection pooling + dynamic IPs for ALB is only supported with Nginx Plus ($$$) +- Long standing ⁠ [PCS 490155](https://us2-smax.saas.microfocus.com/saw/Request/490155/general?TENANTID=488503157) from Achmea \[Timeout API call SMAX Saas\] + - Customer is seeing intermittent API call timeouts (randomly, about once or twice every few hours) when using the "zero trust" API calls with mTLS. Issue was narrowed down to a random TCP-level network connectivity issue between nginx and ALB via Landing Zone Network account / Checkpoint firewall / NAT gateway. + - PSDC case 5423472 \[Intermittent egress connectivity issue to Internet\] was opened, but no progress for a few weeks. + +### Architecture Highlights + +- A change in the architecture to bypass LZ Network account using a new internal NLB with an ALB-type target group: [https://aws.amazon.com/blogs/networking-and-content-delivery/application-load-balancer-type-target-group-for-network-load-balancer](https://aws.amazon.com/blogs/networking-and-content-delivery/application-load-balancer-type-target-group-for-network-load-balancer/) +- Traffic does not flow over Internet: better performance +- As NLB provides static IPs it allows the use of “free” nginx in HTTP 1.1 mode with connection pooling – much better performance + +![](attachments/688996466/688996465.png) + +### This section includes the following topics. + +1. [Configure Nginx through network load balancer](Configure-Nginx-through-network-load-balancer_688996474.html) +2. [Enable TLS 1.3 in AWS ALB](Enable-TLS-1.3-in-AWS-ALB_688996484.html) +3. [Prevent unverified IP addresses from accessing tenant](Prevent-unverified-IP-addresses-from-accessing-tenants_688996491.html) + +**Related pages** + +- Page: + [ESM Cloud Farm Version Tracking](/display/ICSD/ESM+Cloud+Farm+Version+Tracking) +- Page: + [How to get an Opentext Confluence account](/display/ICSD/How+to+get+an+Opentext+Confluence+account) +- Page: + [ITOM APM AppPluse Cloud Farm Information](/display/ICSD/ITOM+APM+AppPluse+Cloud+Farm+Information) +- Page: + [ITOM Cloud Service Ops Doc Management Process](/display/ICSD/ITOM+Cloud+Service+Ops+Doc+Management+Process) +- Page: + [ITOM ESM Cloud Service Catalog](/display/ICSD/ITOM+ESM+Cloud+Service+Catalog) +- Page: + [ITOM OpsB NOM Cloud Service Catalog](/display/ICSD/ITOM+OpsB+NOM+Cloud+Service+Catalog) +- Page: + [OpsB and NOM Cloud Deployments Version Tracking](/display/ICSD/OpsB+and+NOM+Cloud+Deployments+Version+Tracking) + +## Attachments: + +[image-2025-2-8\_16-6-56.png](attachments/688996466/688996465.png) (image/png) diff --git a/knowledgebase/csd-wiki/ICSD/index.md b/knowledgebase/csd-wiki/ICSD/index.md new file mode 100644 index 00000000..a3ae7d7b --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/index.md @@ -0,0 +1,436 @@ +# index +| Key | ICSD | +| --- | --- | +| Name | ITOM Cloud Service Delivery | +| Description | | +| Created by | dwiddis.adm (Dec 10, 2024 EST) | + +## Available Pages: + +- [ITOM Cloud Service Delivery](ITOM-Cloud-Service-Delivery_681555087.html) + - [ITOM Change Calendars](ITOM-Change-Calendars_710796342.html) + - [ESM Cloud Ops Change Calendar](ESM-Cloud-Ops-Change-Calendar_686069653.html) + - [ESM Cloud /FP upgrade Maintenance Window Standby Plan](703370112.html) + - [OpsB/NOM Change Calendar](710796348.html) + - [ITOM Cloud Applications Version Tracking](ITOM-Cloud-Applications-Version-Tracking_686069647.html) + - [ESM Cloud Farm Version Tracking](ESM-Cloud-Farm-Version-Tracking_684925423.html) + - [ESM Customer Configuration Deviations](ESM-Customer-Configuration-Deviations_713163911.html) + - [mitigation](mitigation_710799110.html) + - [ITOM APM AppPluse Cloud Farm Information](ITOM-APM-AppPluse-Cloud-Farm-Information_691150242.html) + - [ITOM ESM Cloud Farm Information](ITOM-ESM-Cloud-Farm-Information_686079377.html) + - [OpsB and NOM Cloud Deployments Version Tracking](OpsB-and-NOM-Cloud-Deployments-Version-Tracking_686069604.html) + - [OpsB/NOM Customer CIDR Whitelisting Rules](696546871.html) + - [Opsb/NOM Customer Configuration Deviations](687168826.html) + - [OpsB Deployment Features](OpsB-Deployment-Features_696546923.html) + - [ITOM Cloud Project Progress Tracking](ITOM-Cloud-Project-Progress-Tracking_686074397.html) + - [APM - CITI - Reported Vulnerabilities and Issues](APM---CITI---Reported-Vulnerabilities-and-Issues_696523815.html) + - [AWS account migrate to new SCP OU hierarchy tracking](AWS-account-migrate-to-new-SCP-OU-hierarchy-tracking_691155056.html) + - [ESM WAF Enablement Tracking](ESM-WAF-Enablement-Tracking_688996216.html) + - [NOM - Private Cloud Onboarding](NOM---Private-Cloud-Onboarding_704548762.html) + - [POCs for Application Observability (AppO)](686074401.html) + - [ITOM Cloud Service Catalog](ITOM-Cloud-Service-Catalog_688996225.html) + - [ITOM Cloud Service Delivery Approval Process for New Services](ITOM-Cloud-Service-Delivery-Approval-Process-for-New-Services_688996646.html) + - [ITOM ESM Cloud Service Catalog](ITOM-ESM-Cloud-Service-Catalog_688996649.html) + - [ITOM ESM Cloud Service Monthly Report](ITOM-ESM-Cloud-Service-Monthly-Report_688996227.html) + - [ITOM OpsB NOM Cloud Service Catalog](ITOM-OpsB-NOM-Cloud-Service-Catalog_688996652.html) + - [ITOM Cloud Service Ops Change Calendar](ITOM-Cloud-Service-Ops-Change-Calendar_686069645.html) + - [OpsB/NOM Cloud Ops Change Calendar](686069658.html) + - [ITOM Cloud Service Ops Doc Management Process](ITOM-Cloud-Service-Ops-Doc-Management-Process_686069689.html) + - [ITOM Cloud Service Team](ITOM-Cloud-Service-Team_688992849.html) + - [ITOM RnD Interlock Meetings](ITOM-RnD-Interlock-Meetings_686070427.html) + - [Agenda Template](Agenda-Template_686070456.html) + - [ITOM APM](ITOM-APM_686070432.html) + - [1st of July- SaaS RnD Weekly Service Delivery Call](1st-of-July--SaaS-RnD-Weekly-Service-Delivery-Call_709406001.html) + - [2nd of April- SaaS RnD Weekly Service Delivery Call](2nd-of-April--SaaS-RnD-Weekly-Service-Delivery-Call_694646574.html) + - [2nd of September- SaaS RnD Weekly Service Delivery Call](2nd-of-September--SaaS-RnD-Weekly-Service-Delivery-Call_716269192.html) + - [3rd of June- SaaS RnD Weekly Service Delivery Call](3rd-of-June--SaaS-RnD-Weekly-Service-Delivery-Call_704995816.html) + - [4th of February- SaaS RnD Weekly Service Delivery Call](4th-of-February--SaaS-RnD-Weekly-Service-Delivery-Call_687172360.html) + - [5th of August- SaaS RnD Weekly Service Delivery Call](5th-of-August--SaaS-RnD-Weekly-Service-Delivery-Call_713186299.html) + - [8th of April- SaaS RnD Weekly Service Delivery Call](8th-of-April--SaaS-RnD-Weekly-Service-Delivery-Call_696538688.html) + - [8th of July- SaaS RnD Weekly Service Delivery Call](8th-of-July--SaaS-RnD-Weekly-Service-Delivery-Call_709426575.html) + - [9th of September- SaaS RnD Weekly Service Delivery Call](9th-of-September--SaaS-RnD-Weekly-Service-Delivery-Call_718125827.html) + - [12th of August- SaaS RnD Weekly Service Delivery Call](12th-of-August--SaaS-RnD-Weekly-Service-Delivery-Call_714292977.html) + - [15th of April- SaaS RnD Weekly Service Delivery Call](15th-of-April--SaaS-RnD-Weekly-Service-Delivery-Call_698818488.html) + - [17th of June- SaaS RnD Weekly Service Delivery Call](17th-of-June--SaaS-RnD-Weekly-Service-Delivery-Call_706818298.html) + - [18th of February- SaaS RnD Weekly Service Delivery Call](18th-of-February--SaaS-RnD-Weekly-Service-Delivery-Call_690071638.html) + - [20th of May- SaaS RnD Weekly Service Delivery Call](20th-of-May--SaaS-RnD-Weekly-Service-Delivery-Call_700159732.html) + - [21st of January- SaaS RnD Weekly Service Delivery Call](21st-of-January--SaaS-RnD-Weekly-Service-Delivery-Call_686071896.html) + - [24th of June- SaaS RnD Weekly Service Delivery Call](24th-of-June--SaaS-RnD-Weekly-Service-Delivery-Call_708238399.html) + - [26th of August- SaaS RnD Weekly Service Delivery Call](26th-of-August--SaaS-RnD-Weekly-Service-Delivery-Call_716249627.html) + - [27th of May- SaaS RnD Weekly Service Delivery Call](27th-of-May--SaaS-RnD-Weekly-Service-Delivery-Call_704976221.html) + - [28th of January- SaaS RnD Weekly Service Delivery Call](28th-of-January--SaaS-RnD-Weekly-Service-Delivery-Call_687147597.html) + - [29th of July- SaaS RnD Weekly Service Delivery Call](29th-of-July--SaaS-RnD-Weekly-Service-Delivery-Call_713164412.html) + - [ITOM ESM](ITOM-ESM_686070445.html) + - [2025 1st of July - Cloud R&D Weekly Service Delivery Call](709402368.html) + - [2025 2nd of September - Cloud R&D Weekly Service Delivery Call](716265638.html) + - [2025 3rd of June - Cloud R&D Weekly Service Delivery Call](704991002.html) + - [2025 5th of August - Cloud R&D Weekly Service Delivery Call](713182013.html) + - [2025 5th of February - Cloud R&D Weekly Service Delivery Call](687176008.html) + - [2025 7th of May - Cloud R&D Weekly Service Delivery Call](700181409.html) + - [2025 9th of April - Cloud R&D Weekly Service Delivery Call](696538625.html) + - [2025 9th of September - Cloud R&D Weekly Service Delivery Call](718121685.html) + - [2025 10th of June - Cloud R&D Weekly Service Delivery Call](706818319.html) + - [2025 12th of August - Cloud R&D Weekly Service Delivery Call](714287979.html) + - [2025 12th of February - Cloud R&D Weekly Service Delivery Call](689004146.html) + - [2025 14th of May - Cloud R&D Weekly Service Delivery Call](703370701.html) + - [2025 16th of April - Cloud R&D Weekly Service Delivery Call](698823697.html) + - [2025 16th of July - Cloud R&D Weekly Service Delivery Call](710786556.html) + - [2025 16th of September - Cloud R&D Weekly Service Delivery Call](719520217.html) + - [2025 17th of June - Cloud R&D Weekly Service Delivery Call](706835941.html) + - [2025 19th of August - Cloud R&D Weekly Service Delivery Call](714308340.html) + - [2025 21st of May - Cloud R&D Weekly Service Delivery Call](703392016.html) + - [2025 22nd of January - Cloud R&D Weekly Service Delivery Call](686074525.html) + - [2025 22nd of July - Cloud R&D Weekly Service Delivery Call](711829941.html) + - [2025 23rd of April - Cloud R&D Weekly Service Delivery Call](700159659.html) + - [2025 24th of June - Cloud R&D Weekly Service Delivery Call](708234714.html) + - [2025 26th of August - Cloud R&D Weekly Service Delivery Call](716244914.html) + - [2025 28th of May - Cloud R&D Weekly Service Delivery Call](704975754.html) + - [2025 29th of July - Cloud R&D Weekly Service Delivery Call](711849222.html) + - [ITOM OpsB & NOM](686070449.html) + - [2025 2nd of June - OpsB/NOM - SaaS Weekly Call](704990948.html) + - [2025 4th of August - OpsB/NOM - SaaS Weekly Call](713182611.html) + - [2025 7th of July - OpsB/NOM - SaaS Weekly Call](709422674.html) + - [2025 10th of September - OpsB/NOM - SaaS Weekly Call](716269211.html) + - [2025 13th of August - OpsB/NOM - SaaS Weekly Call](714292994.html) + - [2025 13th of February - OpsB/NOM - SaaS Weekly Call](686079655.html) + - [2025 14th of July - OpsB/NOM - SaaS Weekly Call](710786579.html) + - [2025 15th of May - OpsB/NOM - SaaS Weekly Call](703375508.html) + - [2025 16th of June - OpsB/NOM - SaaS Weekly Call](706835881.html) + - [2025 20th of August - OpsB/NOM - SaaS Weekly Call](715590154.html) + - [2025 22nd of May - OpsB/NOM - SaaS Weekly Call](702042485.html) + - [2025 23rd of June - OpsB/NOM - SaaS Weekly Call](708234641.html) + - [2025 24th of April - OpsB/NOM - SaaS Weekly Call](698823755.html) + - [2025 26th of August - OpsB/NOM - SaaS Weekly Call](716244938.html) + - [2025 28th of July - OpsB/NOM - SaaS Weekly Call](711849183.html) + - [2025 30th of June - OpsB/NOM - SaaS Weekly Call](709402322.html) + - [💠1 - Product Cloud Readiness](682933049.html) + - [Cloud Application Cloud Readiness Check List](Cloud-Application-Cloud-Readiness-Check-List_682933055.html) + - [ITOM Cloud Application SaaS Service Description](ITOM-Cloud-Application-SaaS-Service-Description_686069698.html) + - [Product Trial/PoC Procedure](686070426.html) + - [ESM Trial/PoC Tenant Provision Procedures](686088202.html) + - [💠2 - Deployment & Configuration](682933058.html) + - [Cloud Cost Optimization/FinOps](686065517.html) + - [ESM Cloud AWS Infra RI & Saving Plan - Mar 2024](686065526.html) + - [ESM Cloud AWS Infra RI & Saving Plan Proposal](686065530.html) + - [ESM Cloud Infra Cost Review](ESM-Cloud-Infra-Cost-Review_686065545.html) + - [How to change the vertica server instance type](How-to-change-the-vertica-server-instance-type_686065564.html) + - [OpsB/NOM AWS Infra RI & Saving Plan Proposal](692447634.html) + - [OpsB/NOM Cloud Infra Cost Review](686065571.html) + - [ESM Farm Cloud Deployment Naming Convention](ESM-Farm-Cloud-Deployment-Naming-Convention_686065579.html) + - [EU managed farm](EU-managed-farm_686065589.html) + - [ITOM Cloud AWS Account Overview](ITOM-Cloud-AWS-Account-Overview_686070784.html) + - [Multi-cloud deployment](Multi-cloud-deployment_686070213.html) + - [GCP](GCP_686070215.html) + - [Managed Services for Multi-Cloud Platform](Managed-Services-for-Multi-Cloud-Platform_686070220.html) + - [Product License Management](Product-License-Management_686070229.html) + - [Converting the Named License to Concurrent License](Converting-the-Named-License-to-Concurrent-License_711830360.html) + - [ESM license generation detail](ESM-license-generation-detail_686070325.html) + - [ESM products licensing provisioning (SMAX/HCMX, UCMDB/CMS/UD, OO)](686070266.html) + - [Full process of deploying licenses](Full-process-of-deploying-licenses_688988271.html) + - [How to check ESM Tenant Product License Expiration](How-to-check-ESM-Tenant-Product-License-Expiration_686079367.html) + - [Override UCMDB max probe number for a specific customer on SaaS](Override-UCMDB-max-probe-number-for-a-specific-customer-on-SaaS_686074263.html) + - [Process for license](Process-for-license_709426883.html) + - [Request ESM Products Internal Licenses](Request-ESM-Products-Internal-Licenses_686070421.html) + - [Product Provision Automation](Product-Provision-Automation_686070431.html) + - [ESM SaaS Tenant Provision Automation API Document](ESM-SaaS-Tenant-Provision-Automation-API-Document_686070458.html) + - [ESM Tenant Provisioning Automation](ESM-Tenant-Provisioning-Automation_686079418.html) + - [How to provision a farm](How-to-provision-a-farm_693608295.html) + - [💠3 - Operation & Maintenance](682933064.html) + - [Alerting Response Process](Alerting-Response-Process_686073639.html) + - [Monitoring Alert Serverity Definition](Monitoring-Alert-Serverity-Definition_686073660.html) + - [APM Monitoring](APM-Monitoring_686073667.html) + - [HCMX APM Monitoring Business Flow](HCMX-APM-Monitoring-Business-Flow_686073715.html) + - [OO APM Monitoring Business Flow](OO-APM-Monitoring-Business-Flow_686073823.html) + - [SMAX APM Monitoring Business Flow](SMAX-APM-Monitoring-Business-Flow_686087711.html) + - [UCMDB APM Monitoring Business Flow](UCMDB-APM-Monitoring-Business-Flow_686073690.html) + - [Audit Compliance](Audit-Compliance_686073912.html) + - [Mega Audit Preparation](Mega-Audit-Preparation_689012718.html) + - [OpenText Mega Audit](OpenText-Mega-Audit_686073965.html) + - [Change Management](Change-Management_686070198.html) + - [Cloud Change Management Process](Cloud-Change-Management-Process_686087713.html) + - [Request Unplanned Change in Cloud Production Environment Process](Request-Unplanned-Change-in-Cloud-Production-Environment-Process_686070239.html) + - [Configuration Management](Configuration-Management_686074098.html) + - [ESM SaaS Farm Configuration Management Log](ESM-SaaS-Farm-Configuration-Management-Log_686074216.html) + - [SaaS Farm specific settings](SaaS-Farm-specific-settings_686074238.html) + - [Disaster and Recovery](Disaster-and-Recovery_686074258.html) + - [AWS Backup (EFS&RDS) And Velero](686074276.html) + - [Disaster and Recovery - RPO/RTO](686074291.html) + - [ESM Cloud Disaster and Recovery Guide](ESM-Cloud-Disaster-and-Recovery-Guide_686087723.html) + - [ITOM Cloud Service Backup Integrity Testing Plan](ITOM-Cloud-Service-Backup-Integrity-Testing-Plan_686074315.html) + - [ESM Cloud Unified Monitoring](ESM-Cloud-Unified-Monitoring_686074338.html) + - [Alert Runbooks based on monitoring](Alert-Runbooks-based-on-monitoring_686083866.html) + - [ESM Cloud Unified Monitoring v1.1](ESM-Cloud-Unified-Monitoring-v1.1_686083891.html) + - [Instrumenting and diagnostics](Instrumenting-and-diagnostics_686083884.html) + - [Monitoring Database](Monitoring-Database_686083870.html) + - [Database monitoring toolkit deployment](Database-monitoring-toolkit-deployment_686083872.html) + - [Runbooks based on monitoring](Runbooks-based-on-monitoring_686083879.html) + - [Generic Solutions and Practices](Generic-Solutions-and-Practices_686083900.html) + - [Auto healing 1.0](Auto-healing-1.0_686083903.html) + - [Auto healing 2.0](Auto-healing-2.0_686083907.html) + - [Automation of auto-healing](Automation-of-auto-healing_686083910.html) + - [Operation excellence improvement](Operation-excellence-improvement_686083916.html) + - [Incident Management](Incident-Management_686083927.html) + - [ESM Emergency Change Process](ESM-Emergency-Change-Process_718140336.html) + - [ESM SaaS CSD Ops Coverage](ESM-SaaS-CSD-Ops-Coverage_718139964.html) + - [ESM Cloud Incident Tracking List](ESM-Cloud-Incident-Tracking-List_686083932.html) + - [2023/11/08 - EU8 - SMAX- Service Outage](689008679.html) + - [2023/12/06 - EU8 - CMS - Service Outage](689008706.html) + - [2024/01/05 - EU8 - SMAX - Service Outage](689008729.html) + - [2024/01/17 - Health Page - Service Outage](689008737.html) + - [2024/01/31 - EU18 - SMAX - Service Outage](689008748.html) + - [2024/02/05 - JP12 - ESM - AWS SES Service Down](689008809.html) + - [2024/02/19 - EU18 - SMAX -- Service Outage](689011728.html) + - [2024/02/28 - EU8 - CMS - Service Outage](689011742.html) + - [2024/03/12 - EU8 - CMS - Service Outage](689011778.html) + - [2024/03/22 - EU8 - CMS - Service Outage](689011792.html) + - [2024/04/17 - EU8 - CMS - Service Outage](689011800.html) + - [2024/04/26 - EU8 - CMS - Service Outage](689011810.html) + - [2024/06/03 ~ 2024/06/04 - EU8 - CMS - Service Outage](689011828.html) + - [2024/06/06 ~ 2024/06/07 - EU8 - CMS - Service Outage](689011835.html) + - [2024/06/16 ~ 2024/06/17 - EU8 - CMS - Service Outage](689011854.html) + - [2024/07/01 - EU8 - CMS - Service Outage](689011860.html) + - [2024/07/04 - EU8 - CMS - Service Outage](689011867.html) + - [2024/07/21 - DNS Issue - CMS - Service Outage](689011875.html) + - [2024/07/25 - US26/US7(Salesforce) - CMS - Customer Escalation](689011693.html) + - [2024/07/26 - US24 - UCMDB- Service Outage](689011707.html) + - [2024/07/29 - EU8 - CMS - Service Outage](689011726.html) + - [2024/08/07 - US26 - CMS - Service Outage](689011824.html) + - [2024/08/20 - EU8 - UD/UCMDB - Service Outage](689011891.html) + - [2024/08/21 - BR14 - SMAX - Performance Slowness](689011995.html) + - [2024/09/09 - EU8 - UD/UCMDB - Service Outage](689012497.html) + - [2024/09/14 - US24 - UD/UCMDB - Service Outage](689012504.html) + - [2024/09/16 - EU8 - UD/UCMDB - Service Outage](689012522.html) + - [2024/10/07 - EU8 - SMAX - Performance Slowness](689012534.html) + - [2024/10/10 - EU3 - UD/UCMDB - Upgrade Issue](689012543.html) + - [2024/10/13 - US24 - UD/UCMDB - Service Outage](689012578.html) + - [2024/10/14 - Slowness of Farms with Custom Many to Many Relationships](689012584.html) + - [2024/11/12 - US6 - UD/UCMDB - Service Outage](689012594.html) + - [2024/11/15 - US24 - UD/UCMDB - Service Outage](689012602.html) + - [2024/12/31 - US24 - UD/UCMDB - Service Outage](689012616.html) + - [2025/01/23 - US26 - UD/UCMDB - Service Outage](690086984.html) + - [2025/02/09 - US6/US2/AP10 - SMAX- Major Function Issue](689008569.html) + - [2025/03/01 - US7 - UD/UCMDB - Service Outage](691167958.html) + - [2025/05/20 - EU28-SMAX/CMS - Service Outage](704554382.html) + - [2025/29/07 - US7-UD/UCMDB- Service Outage - OOM](713168994.html) + - [Major Incident Definition](Major-Incident-Definition_691167040.html) + - [Major Incident Management Process](Major-Incident-Management-Process_686083938.html) + - [Major Incident Customer Communication Template](Major-Incident-Customer-Communication-Template_686083948.html) + - [Innovation and incubation](Innovation-and-incubation_686083965.html) + - [Scheduled scaling](Scheduled-scaling_686083970.html) + - [Operational Runbook](Operational-Runbook_686073475.html) + - [List of Runbooks](List-of-Runbooks_700163214.html) + - [Standard Ops Runbook](Standard-Ops-Runbook_686073477.html) + - [\[SaaS\]AWS KMS key moving from AWS managed to OT managed (ESM, UCMDB, OO and Audit)](688982666.html) + - [Change SMAX/Aduit KMS to the customer managed key for EFS file system and RDS](688982746.html) + - [Change the OO customer managed key for EFS file system and RDS](Change-the-OO-customer-managed-key-for-EFS-file-system-and-RDS_688982917.html) + - [UCMDB/UD AWS KMS key moving from AWS managed to OT managed](688983013.html) + - [Automation Center: Capability enablement and tenant management](686073529.html) + - [Centralized User Authentication with OIDC and IDM (OP AS OIDC PROVIDER)](686073608.html) + - [Centralized User Authentication with OIDC and IDM (SMAX AS OIDC PROVIDER)](686073659.html) + - [Check isolated tenants per farm](Check-isolated-tenants-per-farm_686073691.html) + - [Clean up CMS log files](Clean-up-CMS-log-files_686073699.html) + - [Collect customer owned SMAX OPB Agent information and check status](Collect-customer-owned-SMAX-OPB-Agent-information-and-check-status_686073768.html) + - [Configure custom SMTP for UCMDB](Configure-custom-SMTP-for-UCMDB_688983358.html) + - [Configure logging mode (Synchronous or Asynchronous)](686073798.html) + - [Content Pack cleanup for SaaS farms](Content-Pack-cleanup-for-SaaS-farms_692438713.html) + - [Disable/Enable Gateway Service/Access Log (non-helm)](686073835.html) + - [Disable/Enable the platform service/access log (non-helm)](686073862.html) + - [Disable Native SACM manually](Disable-Native-SACM-manually_686073918.html) + - [Toggle plaftform offline NG for Native SACM](Toggle-plaftform-offline-NG-for-Native-SACM_686073929.html) + - [Disable NSACM and enhance CI lifecycle in SaaS](Disable-NSACM-and-enhance-CI-lifecycle-in-SaaS_688987700.html) + - [How to change Native SACM Notification Throttling](How-to-change-Native-SACM-Notification-Throttling_686074009.html) + - [How to generate flame graph for specific container](How-to-generate-flame-graph-for-specific-container_686074188.html) + - [How to link "Help" to ESM SaaS Doc Portal](686074211.html) + - [How to replace bastion with Rocky Linux](How-to-replace-bastion-with-Rocky-Linux_688996309.html) + - [ITOM Aviator](ITOM-Aviator_688982192.html) + - [Aviator widget on-boarding tasks for OpsB](Aviator-widget-on-boarding-tasks-for-OpsB_686073595.html) + - [Aviator widget on-boarding tasks for UCMDB](Aviator-widget-on-boarding-tasks-for-UCMDB_688982982.html) + - [Deactive ITOM Aviator](Deactive-ITOM-Aviator_686073804.html) + - [How to disable Aviator](How-to-disable-Aviator_686073812.html) + - [Guide for index external websites into Aviator with IDOL web connector](Guide-for-index-external-websites-into-Aviator-with-IDOL-web-connector_686073963.html) + - [How to debug in Milvus](How-to-debug-in-Milvus_686074149.html) + - [How to reload Milvus collections for Aviator](How-to-reload-Milvus-collections-for-Aviator_686074224.html) + - [ITOM Operation Platform](ITOM-Operation-Platform_688996761.html) + - [Configure UIS](Configure-UIS_688987644.html) + - [Enable Optic Data Lake](Enable-Optic-Data-Lake_688996343.html) + - [Enable Optic Data Lake Preparation](Enable-Optic-Data-Lake-Preparation_688996348.html) + - [Mass Update – Reusable Integration Studio Scenario](686074253.html) + - [Request access to AWS account from IGA portal](Request-access-to-AWS-account-from-IGA-portal_686074273.html) + - [SaaS Change UPN Script Runbook](SaaS-Change-UPN-Script-Runbook_686074283.html) + - [SMAX - Enable Pendo for SMAX tenant](SMAX---Enable-Pendo-for-SMAX-tenant_688982184.html) + - [Workaround Solutions](Workaround-Solutions_686074552.html) + - [(23.4.P1) Disable the platform access and service log on EU8 for farm stabilization](686074570.html) + - [(JP12) Enhance search accuracy of Japanese content](686074588.html) + - [Change TimeWindow Interval via JMX or configmap](Change-TimeWindow-Interval-via-JMX-or-configmap_686074596.html) + - [Disable the gateway service log for farm stabilization](Disable-the-gateway-service-log-for-farm-stabilization_686074613.html) + - [Disable the platform access logs and most of service logs on EU8 for farm stabilization](Disable-the-platform-access-logs-and-most-of-service-logs-on-EU8-for-farm-stabilization_686074621.html) + - [Disabling new rich text editor if it is already enabled](Disabling-new-rich-text-editor-if-it-is-already-enabled_708226541.html) + - [How to check native SACM notificaiton queue in SaaS](How-to-check-native-SACM-notificaiton-queue-in-SaaS_686074669.html) + - [How to fix broken SLT data via Python script](How-to-fix-broken-SLT-data-via-Python-script_686074161.html) + - [How to fix inability to add new Data Domains](How-to-fix-inability-to-add-new-Data-Domains_716270786.html) + - [NGarm=2 for Japanese language in IDOL contents](686074681.html) + - [Optimize the IDOL archive queue for EU8](Optimize-the-IDOL-archive-queue-for-EU8_686074695.html) + - [Satellite-table related feature blocked due to fuse exceeded](Satellite-table-related-feature-blocked-due-to-fuse-exceeded_686074726.html) + - [SQL commands request for Issue 2126361 - Reconciliation Issue due to duplication of PK in URM History](SQL-commands-request-for-Issue-2126361---Reconciliation-Issue-due-to-duplication-of-PK-in-URM-History_686074742.html) + - [Update HNSW parameters for enhanced Aviator semantic search accuracy](Update-HNSW-parameters-for-enhanced-Aviator-semantic-search-accuracy_686074753.html) + - [Update VA configurations for enhanced Aviator semantic search accuracy](Update-VA-configurations-for-enhanced-Aviator-semantic-search-accuracy_686074767.html) + - [Retrospective](Retrospective_686083994.html) + - [ITOM SaaS Pain Points](ITOM-SaaS-Pain-Points_686083998.html) + - [Service Health Page](Service-Health-Page_686084001.html) + - [ESM Service Health Page](ESM-Service-Health-Page_688996271.html) + - [OpsB Service Health Page](OpsB-Service-Health-Page_686084003.html) + - [Troubleshooting](Troubleshooting_688996268.html) + - [How to find the suite logs for troubleshooting](How-to-find-the-suite-logs-for-troubleshooting_686074297.html) + - [How to re-trigger Native SACM data migration job](How-to-re-trigger-Native-SACM-data-migration-job_686074234.html) + - [Upgrade EKS of SMAX](Upgrade-EKS-of-SMAX_706832577.html) + - [EKS upgrade from version 1.29 to 1.30](EKS-upgrade-from-version-1.29-to-1.30_709421239.html) + - [EKS upgrade from version 1.30 to 1.31](EKS-upgrade-from-version-1.30-to-1.31_706832607.html) + - [Upgrade ESM](Upgrade-ESM_706819674.html) + - [ESM Upgrade Strategy & Planning & Process](702037723.html) + - [Patch/Hotfix Process](686083983.html) + - [CSD RnD and Ops discussion topics](CSD-RnD-and-Ops-discussion-topics_713175513.html) + - [Patch Cloud Deployment Process](Patch-Cloud-Deployment-Process_686087749.html) + - [Product Version Upgrade](Product-Version-Upgrade_686083990.html) + - [AWS RDS certificate update- Helm Simulation env](AWS-RDS-certificate-update--Helm-Simulation-env_686088156.html) + - [ESM Patch Version Rollback Capability Tracking](ESM-Patch-Version-Rollback-Capability-Tracking_692429849.html) + - [ESM SaaS Upgrade to version 25.1](ESM-SaaS-Upgrade-to-version-25.1_688988231.html) + - [ESM SaaS Upgrade to version 25.1.1 from 24.4.2](ESM-SaaS-Upgrade-to-version-25.1.1-from-24.4.2_688992593.html) + - [ESM SaaS Upgrade to version 25.1.2 from 25.1.1](ESM-SaaS-Upgrade-to-version-25.1.2-from-25.1.1_692438948.html) + - [ESM SaaS Upgrade to version 25.2 from 25.1.2](ESM-SaaS-Upgrade-to-version-25.2-from-25.1.2_693604994.html) + - [ESM SaaS Upgrade to version 25.2.2 from 25.2](ESM-SaaS-Upgrade-to-version-25.2.2-from-25.2_705001241.html) + - [ESM SaaS Upgrade to version 25.3 from 25.2.2 (SMAX 25.2.2 HF1+25.2.2.HF2+UCMDB HF1)](708228059.html) + - [ESM SaaS Upgrade to version 25.3.1 from 25.3](ESM-SaaS-Upgrade-to-version-25.3.1-from-25.3_713194452.html) + - [ESM SaaS Upgrade to version 25.3.2 from 25.3.1](ESM-SaaS-Upgrade-to-version-25.3.2-from-25.3.1_716275145.html) + - [Issues list per release](Issues-list-per-release_696536522.html) + - [ESM 25.1 Issue List](ESM-25.1-Issue-List_689011325.html) + - [ESM 25.2 Issue List](ESM-25.2-Issue-List_696536531.html) + - [Transform the suite to a Helm deployment on 24.2.FP1](Transform-the-suite-to-a-Helm-deployment-on-24.2.FP1_688996419.html) + - [Transform the suite to a Helm deployment on 24.3.2](Transform-the-suite-to-a-Helm-deployment-on-24.3.2_688996421.html) + - [Upgrade CMS from 24.3 to 24.4](Upgrade-CMS-from-24.3-to-24.4_688996436.html) + - [Upgrade CMS to 24.4.2](Upgrade-CMS-to-24.4.2_688996438.html) + - [💠4 - Customer Support](682933066.html) + - [Assign PCS Cloud Service Request to Cloud Ops Group](Assign-PCS-Cloud-Service-Request-to-Cloud-Ops-Group_684946781.html) + - [Customer Cloud Service Offerings](Customer-Cloud-Service-Offerings_684947005.html) + - [Add OAuth authentication - Ops+Customer tasks](684947018.html) + - [Add OAuth Authentication - Ops Only](Add-OAuth-Authentication---Ops-Only_686065206.html) + - [Allowable SMAX Attachment Extensions](Allowable-SMAX-Attachment-Extensions_686065217.html) + - [Apply license to ESM customer tenant](Apply-license-to-ESM-customer-tenant_688996779.html) + - [Configure custom mail sender, dedicated AWS SES users](686065263.html) + - [Configure SAML authentication for SaaS Customer](Configure-SAML-authentication-for-SaaS-Customer_686065288.html) + - [Configure SMAX custom domain (New Landing Zone)](686065305.html) + - [Create Integration Users](Create-Integration-Users_686065319.html) + - [Customize the login and logout pages](Customize-the-login-and-logout-pages_686065324.html) + - [Enable ESM capabilities (UCMDB/OO/FinOps/AC/OP/ODL)](688996783.html) + - [Enable ITOM Aviator for ESM tenant](Enable-ITOM-Aviator-for-ESM-tenant_688996800.html) + - [Enable ITOM Aviator for SMAX on-premise customer](Enable-ITOM-Aviator-for-SMAX-on-premise-customer_688996802.html) + - [ESM Customer Tenant Decommission](ESM-Customer-Tenant-Decommission_688996785.html) + - [How to enable legacy Discovery UI of UCMDB/Revert back to the UCMDB UI-based discovery](690081009.html) + - [Integrate with Power BI to create FinOps reports](Integrate-with-Power-BI-to-create-FinOps-reports_686065345.html) + - [SMAX maintain custom language packs](SMAX-maintain-custom-language-packs_688996787.html) + - [SMAX modify maximum attachement size](SMAX-modify-maximum-attachement-size_688996790.html) + - [Zero trust security configuration for ACME](Zero-trust-security-configuration-for-ACME_688996466.html) + - [Configure Nginx through network load balancer](Configure-Nginx-through-network-load-balancer_688996474.html) + - [Renew customer certificates in Nginx](Renew-customer-certificates-in-Nginx_688996480.html) + - [Enable TLS 1.3 in AWS ALB](Enable-TLS-1.3-in-AWS-ALB_688996484.html) + - [Prevent unverified IP addresses from accessing tenants](Prevent-unverified-IP-addresses-from-accessing-tenants_688996491.html) + - [Customer Onboarding](Customer-Onboarding_686069933.html) + - [SocGen](SocGen_686069980.html) + - [Customer Order Fulfillment](Customer-Order-Fulfillment_686064518.html) + - [ESM SaaS Order Fulfillment Procedures](ESM-SaaS-Order-Fulfillment-Procedures_686069896.html) + - [ESM SaaS Order Fulfillment Process](ESM-SaaS-Order-Fulfillment-Process_686069900.html) + - [ESM SaaS Order Fulfillment Tracking List FY24 Q4](ESM-SaaS-Order-Fulfillment-Tracking-List-FY24-Q4_686069919.html) + - [ESM Cloud Customer Exit Process](ESM-Cloud-Customer-Exit-Process_686070016.html) + - [Monthly SLA](Monthly-SLA_686070031.html) + - [ESM Monthly SLA Result](ESM-Monthly-SLA-Result_686070050.html) + - [Send email notification to SaaS customers via PCS](Send-email-notification-to-SaaS-customers-via-PCS_686069617.html) + - [💠5 - ESM/Aviator/DCA team tasks](682933072.html) + - [September 2025](September-2025_718113214.html) + - [💠6 - Training Materials](686070469.html) + - [2025 ESM Cloud Knowlege Sharing Plan](2025-ESM-Cloud-Knowlege-Sharing-Plan_700162403.html) + - [AWS Cognito User Creation](AWS-Cognito-User-Creation_708224408.html) + - [How to get an Opentext Confluence account](How-to-get-an-Opentext-Confluence-account_688987796.html) + - [Jacky's transition](686070497.html) + - [Jacky's support on ITOM SaaS](686070506.html) + - [Newbie training](Newbie-training_686070534.html) + - [ESM Cloud Ops - New User Guide](ESM-Cloud-Ops---New-User-Guide_686088242.html) + - [How to request for reimbursement of Education Allowance](How-to-request-for-reimbursement-of-Education-Allowance_686070542.html) + - [Cambly English Training](Cambly-English-Training_706823155.html) + - [Comparison of ACM and other online training like O'Reilly](686070550.html) + - [Convert EPUB to audiobooks](Convert-EPUB-to-audiobooks_686070564.html) + - [How to download O'Reilly books](686070558.html) + - [Major Incident Training](Major-Incident-Training_686070569.html) + - [Monitoring reference for newbie](Monitoring-reference-for-newbie_686070588.html) + - [💠7 - OpsB Cloud Readiness](696546916.html) + - [🔷Document Candidates](686065504.html) + - [AC 24.4-Post Upgrade Steps](AC-24.4-Post-Upgrade-Steps_688983025.html) + - [Apply Resource Bundle Cache Config](Apply-Resource-Bundle-Cache-Config_688983031.html) + - [AWS RDS certificate update- Helm Fedramp simulation ENV](AWS-RDS-certificate-update--Helm-Fedramp-simulation-ENV_688983269.html) + - [Change tenant setting to off to disbale contains search for entity picker](Change-tenant-setting-to-off-to-disbale-contains-search-for-entity-picker_688983279.html) + - [Check existing DB indices on globalid for Native SACM per farm and add missing condition to ensure the indices can properly work](Check-existing-DB-indices-on-globalid-for-Native-SACM-per-farm-and-add-missing-condition-to-ensure-the-indices-can-properly-work_688983295.html) + - [CMS Customer setup flow with NSACM](CMS-Customer-setup-flow-with-NSACM_688983312.html) + - [Configuring HCMx and OpsB using same Vertica](Configuring-HCMx-and-OpsB-using-same-Vertica_688987648.html) + - [Disable "Delete" tenant button in BO page](688997626.html) + - [Distinguish CMS customer type and Update Customer(Name, Type)](688987730.html) + - [Enable Discovery module on UCMDB UI on SaaS](Enable-Discovery-module-on-UCMDB-UI-on-SaaS_688987735.html) + - [ESM Cloud Farm Construction](ESM-Cloud-Farm-Construction_688988187.html) + - [AWS Infrastructure Naming Rules](AWS-Infrastructure-Naming-Rules_688988195.html) + - [Default key/value in Parameter Store](688988203.html) + - [FQDN Naming Convention](FQDN-Naming-Convention_688988212.html) + - [How to setup a new farm](How-to-setup-a-new-farm_688988216.html) + - [New Farm OPS Requirments](New-Farm-OPS-Requirments_688988220.html) + - [Operations Platform key/value in Parameter Store](688988228.html) + - [ESM Order Fulfillment and Tenant Provisioning Strategy](ESM-Order-Fulfillment-and-Tenant-Provisioning-Strategy_688987756.html) + - [Failed to load data when you select offerings](Failed-to-load-data-when-you-select-offerings_688988239.html) + - [Farms' AWS pricing calculator](688988245.html) + - [FIX aviator capability on BO UI](FIX-aviator-capability-on-BO-UI_688988251.html) + - [Fix problematic indexes of long\_text\_xxxxxxxxx to avoid the performance issue when adding request comments](Fix-problematic-indexes-of-long_text_xxxxxxxxx-to-avoid-the-performance-issue-when-adding-request-comments_688988255.html) + - [GCP FinOps flow - increase backlog quota size](GCP-FinOps-flow---increase-backlog-quota-size_706806534.html) + - [How to apply ILR license for OP](How-to-apply-ILR-license-for-OP_691159135.html) + - [How to automatically collect SLT logs for troubleshooting](How-to-automatically-collect-SLT-logs-for-troubleshooting_688988287.html) + - [How to create a change request in SM9](How-to-create-a-change-request-in-SM9_693603362.html) + - [How to Create Shared Service Agent User](How-to-Create-Shared-Service-Agent-User_693607221.html) + - [How to deploy postgres exporter on SaaS to monitor postgres custom query](How-to-deploy-postgres-exporter-on-SaaS-to-monitor-postgres-custom-query_704971984.html) + - [How to Enable Enhanced CI LIfecycle](How-to-Enable-Enhanced-CI-LIfecycle_688988308.html) + - [How to export WAF logs for troubleshooting](How-to-export-WAF-logs-for-troubleshooting_688988324.html) + - [How to fix 400 login error after upgrade to 24.3](How-to-fix-400-login-error-after-upgrade-to-24.3_688988344.html) + - [How to fix Dev2Prod failure](How-to-fix-Dev2Prod-failure_688988351.html) + - [How to get the latest AWS Savings Plan rates](How-to-get-the-latest-AWS-Savings-Plan-rates_688988366.html) + - [How to integrate Grafana login with AWS Cognito](How-to-integrate-Grafana-login-with-AWS-Cognito_690087085.html) + - [How to make offline NG pod run on dedicated worker node (EU8/US6 farm only)](688996298.html) + - [How to remove specific license key for SaaS UCMDB](How-to-remove-specific-license-key-for-SaaS-UCMDB_688996303.html) + - [How to request a temporary BO admin account](How-to-request-a-temporary-BO-admin-account_692439033.html) + - [Import certificates for DND resource providers](Import-certificates-for-DND-resource-providers_688996312.html) + - [Install CMS on ESM SaaS (with SMAX)](688996317.html) + - [Isolate ucmdbserver and ucmdbbrowser pods in different worker nodes](Isolate-ucmdbserver-and-ucmdbbrowser-pods-in-different-worker-nodes_688996319.html) + - [ITOM ESM Farm Capacity planning](ITOM-ESM-Farm-Capacity-planning_706818364.html) + - [ITOM ESM License Units conversion](ITOM-ESM-License-Units-conversion_688996323.html) + - [JP12 IDOL search solution enhanced by using UI (Application Settings)](688996329.html) + - [Limit data-in thread to 1 for probe sending results on SaaS](Limit-data-in-thread-to-1-for-probe-sending-results-on-SaaS_688996331.html) + - [Migrate roles newly added in CMS](Migrate-roles-newly-added-in-CMS_688996336.html) + - [Operations Platform tenant enablement](Operations-Platform-tenant-enablement_688996278.html) + - [ESM-ODL Integration](ESM-ODL-Integration_693613201.html) + - [How to deploy and enable AC](How-to-deploy-and-enable-AC_693613103.html) + - [Operations Platform 24.4 deployment](Operations-Platform-24.4-deployment_693612997.html) + - [OP tenant decommission process](OP-tenant-decommission-process_690087778.html) + - [Post-upgrade task for UCMDB 24.3.2 for US7 Salesforce sandbox tenant](Post-upgrade-task-for-UCMDB-24.3.2-for-US7-Salesforce-sandbox-tenant_688996352.html) + - [Prepare Document](Prepare-Document_688996354.html) + - [Pre-upgrade task of AC when upgrade from 24.2 to 24.3](Pre-upgrade-task-of-AC-when-upgrade-from-24.2-to-24.3_688996364.html) + - [Private Cloud UD Arch/Security review record - Release 23.4](688996347.html) + - [Private Cloud UD - Arch/Security Review Materials](688996373.html) + - [Process on how to handle Security Issues found by Qualys Scan](Process-on-how-to-handle-Security-Issues-found-by-Qualys-Scan_688996390.html) + - [Reduce SMAX license buffer in tenant](Reduce-SMAX-license-buffer-in-tenant_688996392.html) + - [Remove 50 freemium UD Premium license for existing UD SaaS customers](Remove-50-freemium-UD-Premium-license-for-existing-UD-SaaS-customers_688996394.html) + - [Set up Native SACM for SaaS](Set-up-Native-SACM-for-SaaS_688996404.html) + - [steps essBackTenantSettingResetUpgradeStep upgrade failure](steps-essBackTenantSettingResetUpgradeStep-upgrade-failure_688996408.html) + - [Steps to decomission Vertica used by Classic FinOps](Steps-to-decomission-Vertica-used-by-Classic-FinOps_687151665.html) + - [Support EFS / EBS encryption in transit and rest for Container CMS in AWS](688996414.html) + - [The sarmat-saw-con-0 pod cannot start due to the pod data was broken during the upgrade.](The-sarmat-saw-con-0-pod-cannot-start-due-to-the-pod-data-was-broken-during-the-upgrade._688996417.html) + - [Troubleshooting as a Service](Troubleshooting-as-a-Service_693602624.html) + - [Troubleshooting guide for CMS UI report scheduler issue](Troubleshooting-guide-for-CMS-UI-report-scheduler-issue_688996426.html) + - [UCMDB Server Master key rotation](UCMDB-Server-Master-key-rotation_688996428.html) + - [Utilities need to be updated after NFS volume change](Utilities-need-to-be-updated-after-NFS-volume-change_688996444.html) + - [When an LDAP user requests an offering, the External validation failed error occurs](688996451.html) + - [Workaround to avoid EFS credits used up after upgrading SaaS UCMDB to 24.3.2](Workaround-to-avoid-EFS-credits-used-up-after-upgrading-SaaS-UCMDB-to-24.3.2_688996457.html) + - [🚮Recycle Bin](686069732.html) + - [ESM SaaS Upgrade to version](ESM-SaaS-Upgrade-to-version_708227751.html) + - [Test](Test_686070814.html) diff --git a/knowledgebase/csd-wiki/ICSD/mitigation_710799110.md b/knowledgebase/csd-wiki/ICSD/mitigation_710799110.md new file mode 100644 index 00000000..7e325da4 --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/mitigation_710799110.md @@ -0,0 +1,13 @@ +# mitigation_710799110 +Created by , last modified on Jul 16, 2025 EDT + +## Software Requirements for: Simulation Cost Control + +- [Project Introduction](#mitigation-ProjectIntroduction) +- [Functional Description](#mitigation-FunctionalDescription) +- [Non-Functional Requirements](#mitigation-Non-FunctionalRequirements) +- [User Interface](#mitigation-UserInterface) +- [Milestones](#mitigation-Milestones) +- [Glossary](#mitigation-Glossary) + +![Image of wireframe](download/resources/com.adaptavist.confluence.contentFormattingMacros:cfm-wizard-resources/cfm-blueprint-images/wireframe-image1.png) diff --git a/knowledgebase/csd-wiki/ICSD/steps-essBackTenantSettingResetUpgradeStep-upgrade-failure_688996408.md b/knowledgebase/csd-wiki/ICSD/steps-essBackTenantSettingResetUpgradeStep-upgrade-failure_688996408.md new file mode 100644 index 00000000..765889ea --- /dev/null +++ b/knowledgebase/csd-wiki/ICSD/steps-essBackTenantSettingResetUpgradeStep-upgrade-failure_688996408.md @@ -0,0 +1,25 @@ +# steps-essBackTenantSettingResetUpgradeStep-upgrade-failure_688996408 +### Background + +When JP12 was upgrading from 24.1.p2 to 24.2, upgrade steps essBackTenantSettingResetUpgradeStep failure. This step is successful only after the upgrade tenant restarts. + +Root Cause: This issue is a defect OCTCR19M2189310. In 24.1.1, temporary tenant settings(ESS\_BACKUP\_FLAG4,ESS\_BACKUP\_FLAG6,ESS\_BACKUP\_STRING1) were utilized to enhance Japanese search accuracy on the JP12-prod farm. However, when new tenant settings were introduced in version 24.2, these temporary tenant settings needed to be reset to their OOB values. A defect in the code that retrieves the tenant setting value caused the tenant upgrade process to incorrectly perceive the reset logic as failed, leading to the failure of the tenant upgrade. + +Solution: As an immediate solution, restart the Pod (itom-xruntime-upgrade-tenants). + +**Related pages** + +- Page: + [ESM Cloud Farm Version Tracking](/display/ICSD/ESM+Cloud+Farm+Version+Tracking) +- Page: + [How to get an Opentext Confluence account](/display/ICSD/How+to+get+an+Opentext+Confluence+account) +- Page: + [ITOM APM AppPluse Cloud Farm Information](/display/ICSD/ITOM+APM+AppPluse+Cloud+Farm+Information) +- Page: + [ITOM Cloud Service Ops Doc Management Process](/display/ICSD/ITOM+Cloud+Service+Ops+Doc+Management+Process) +- Page: + [ITOM ESM Cloud Service Catalog](/display/ICSD/ITOM+ESM+Cloud+Service+Catalog) +- Page: + [ITOM OpsB NOM Cloud Service Catalog](/display/ICSD/ITOM+OpsB+NOM+Cloud+Service+Catalog) +- Page: + [OpsB and NOM Cloud Deployments Version Tracking](/display/ICSD/OpsB+and+NOM+Cloud+Deployments+Version+Tracking) diff --git a/wiki/concepts/AWS-Backup.md b/wiki/concepts/AWS-Backup.md new file mode 100644 index 00000000..5c0118e0 --- /dev/null +++ b/wiki/concepts/AWS-Backup.md @@ -0,0 +1,32 @@ +--- +title: "AWS Backup" +type: concept +tags: [AWS, Backup, DR] +sources: [] +last_updated: 2026-04-18 +--- + +## Summary +AWS Backup 是 AWS 托管的集中化数据保护服务,用于跨账户和跨区域自动备份 AWS 资源。 + +## Definition +AWS Backup 是 AWS 提供的托管备份服务,支持 S3、RDS、EBS、EFS、EC2、FSx、DynamoDB 等 AWS 服务的统一备份。 + +## Key Features +- 集中管理:跨账户、跨区域备份 +- 不可变性(Immutability):防止备份被篡改或删除 +- 时间点恢复(PITR):S3 和 RDS 可在 1 秒内恢复 +- 备份计划:支持每日、每小时或自定义计划 +- 法律保留(Legal Holds):隔离备份以满足合规要求 +- 基于角色的访问控制(IAM) +- CloudWatch 集成监控 + +## Limitations +- 无法排除特定附加卷,必须备份所有卷 +- 不支持增量快照,仅支持崩溃一致性快照 +- 热备份已被 Amazon 不推荐用于数据库 + +## Connections +- [[AWS]] → 提供 [[AWS Backup]] +- [[RTO (Recovery Time Objective)]] ← 降低 [[备份和恢复]] +- [[AWS Backup]] ← 替代 [[CCIE 门户]] \ No newline at end of file diff --git a/wiki/concepts/Docker-容器化.md b/wiki/concepts/Docker-容器化.md new file mode 100644 index 00000000..b5bc3ccf --- /dev/null +++ b/wiki/concepts/Docker-容器化.md @@ -0,0 +1,47 @@ +--- +id: Docker-容器化 +title: "Docker 容器化" +type: concept +tags: + - Docker + - Containerization + - Cloud-Migration + - DevOps +last_updated: 2026-04-18 +--- + +## Aliases +- Containerization +- Containerize + +## Summary +- **定义**:使用 Docker 容器技术将应用程序及其依赖打包为标准化单元的过程 +- **目的**:实现应用的可移植性、一致性和隔离性 +- **云迁移价值**:将遗留应用容器化是云就绪的关键步骤 + +## Key Details +- **核心优势**: + - 跨环境一致性(开发、测试、生产) + - 资源隔离和高效利用 + - 快速部署和弹性伸缩 + - 简化迁移流程(lift-and-shift) +- **适用场景**: + - 微服务架构 + - 云迁移(lift-and-shift) + - 持续集成/持续部署(CI/CD) + - 开发环境标准化 +- **限制**: + - 容器内数据持久化需要额外机制(Volume) + - 有状态应用的容器化复杂度较高 + - 不适合数据库等有状态服务直接运行 + +## Octane Hub 案例 +- Octane Hub 使用 Docker 容器运行各种 Web 应用(QuickSee、Release Manager、Patch Manager) +- 容器化使其能够从本地数据中心无缝迁移到 AWS +- 数据库未直接容器化,使用 EBS 而非 EFS 存储 + +## Connections +- [[Dockerfile]] ← defines ← [[Docker-容器化]] +- [[Docker-Image]] ← builds ← [[Docker-容器化]] +- [[Octane-Hub]] ← uses ← [[Docker-容器化]] +- [[Cloud-Migration]] ← enabled_by ← [[Docker-容器化]] \ No newline at end of file diff --git a/wiki/concepts/EFS-vs-EBS.md b/wiki/concepts/EFS-vs-EBS.md new file mode 100644 index 00000000..5e5d4034 --- /dev/null +++ b/wiki/concepts/EFS-vs-EBS.md @@ -0,0 +1,60 @@ +--- +id: EFS-vs-EBS +title: "EFS vs EBS" +type: concept +tags: + - AWS + - Storage + - Cloud-Migration +last_updated: 2026-04-18 +--- + +## Aliases +- EFS +- EBS +- Elastic File System +- Elastic Block Store + +## Summary +- **EFS(Elastic File System)**:AWS 托管的网络文件系统(NFS),支持多实例共享访问 +- **EBS(Elastic Block Store)**:AWS 托管的块存储,附加到单个 EC2 实例 +- **云迁移价值**:正确选型存储对性能和成本至关重要 + +## Key Details + +### EFS 特点 +- **协议**:NFSv4 +- **访问方式**:多可用区网络访问 +- **性能模式**:通用和最大 IO 两种模式 +- **计费**:按存储量和吞吐量计费 +- **适用场景**: + - 文件共享 + - Web 服务内容 + - 备份存储 + - 容器共享存储 +- **限制**: + - 延迟较高,不适合数据库 + - 不支持本地 HDD 性能模式(处理延迟敏感工作负载时性能差) + +### EBS 特点 +- **协议**:块设备 +- **类型**:gp3/gp2、io1/io2、st1、sc1 +- **访问方式**:单实例附加 +- **性能指标**:IOPS 和吞吐量独立配置 +- **适用场景**: + - 操作系统启动盘 + - 数据库存储 + - 应用程序数据 + - 需要低延迟的 工作负载 +- **限制**: + - 仅限于单个可用区 + +## Octane Hub 案例 +- 最初考虑使用 EFS 存储,后因性能问题放弃 +- 改用 EBS 用于实时数据库,EFS 用于备份 +- 验证了 EFS 不适合数据库场景 + +## Connections +- [[AWS]] ← provides ← [[EFS-vs-EBS]] +- [[S3]] ← alternative_to ← [[EFS-vs-EBS]] +- [[Database-Migration]] ← requires ← [[EFS-vs-EBS]] \ No newline at end of file diff --git a/wiki/concepts/Packer.md b/wiki/concepts/Packer.md new file mode 100644 index 00000000..e62625f5 --- /dev/null +++ b/wiki/concepts/Packer.md @@ -0,0 +1,42 @@ +--- +id: Packer +title: "Packer" +type: concept +tags: + - DevOps + - IaC + - AMI + - AWS +last_updated: 2026-04-18 +--- + +## Aliases +- HashiCorp Packer + +## Summary +- **定义**:HashiCorp 开发的开源工具,通过模板定义自动构建机器镜像(AMI、VMDK、QCOW2 等) +- **用途**:实现基础设施的不可变部署 +- **云迁移价值**:标准化镜像构建,确保环境一致性 + +## Key Details +- **核心功能**: + - 多平台镜像构建(AWS AMI、VMware、Vagrant、Docker 等) + - JSON/HCL 模板定义 + - 预置和后置配置脚本 + - 并行构建加速 +- **工作流程**: + 1. 定义模板(Builder 配置) + 2. 运行 provisioner(配置脚本) + 3. 输出镜像 +- **与 Terraform 集成**: + - Packer 构建 AMI + - Terraform 使用 AMI 部署基础设施 + +## Octane Hub 案例 +- Octane Hub 使用 Packer 构建自定义 AMI +- 从手动控制台脚本演进到自动化镜像构建 + +## Connections +- [[Terraform]] ← uses_ami_from ← [[Packer]] +- [[Infrastructure-as-Code-IaC]] ← implementd_by ← [[Packer]] +- [[AMI]] ← built_by ← [[Packer]] \ No newline at end of file diff --git a/wiki/concepts/TerraGrunt.md b/wiki/concepts/TerraGrunt.md new file mode 100644 index 00000000..6a2fc8b3 --- /dev/null +++ b/wiki/concepts/TerraGrunt.md @@ -0,0 +1,48 @@ +--- +id: TerraGrunt +title: "TerraGrunt" +type: concept +tags: + - DevOps + - IaC + - Terraform + - AWS +last_updated: 2026-04-18 +--- + +## Aliases +- Terragrunt + +## Summary +- **定义**:Terraform 的包装工具,提供模块化、变量共享和环境隔离 +- **用途**:管理多环境、多账户的 Terraform 配置 +- **云迁移价值**:简化 Landing Zone 多账户部署 + +## Key Details +- **核心功能**: + - 远程状态存储配置 + - 模块化配置复用 + - 多环境/多账户管理 + - 自动输入变量传递 +- **工作目录结构**: + ``` + live/ + ├── prod/ + │ └── terragrunt.hcl + ├── staging/ + │ └── terragrunt.hcl + └── dev/ + └── terragrunt.hcl + ``` +- **与 Terraform 关系**: + - TerraGrunt 调用 Terraform + - 纯 Terraform 包装,不替代 + +## Octane Hub 案例 +- Octane Hub 使用 TerraGrunt 部署 AWS 基础设施 +- 从手动脚本演进到 IaC 流程 + +## Connections +- [[Terraform]] ← wrapped_by ← [[TerraGrunt]] +- [[Infrastructure-as-Code-IaC]] ← implementd_by ← [[TerraGrunt]] +- [[Multi-Account-Strategy]] ← managed_by ← [[TerraGrunt]] \ No newline at end of file diff --git a/wiki/concepts/VPC-Transit-Gateway.md b/wiki/concepts/VPC-Transit-Gateway.md new file mode 100644 index 00000000..92288335 --- /dev/null +++ b/wiki/concepts/VPC-Transit-Gateway.md @@ -0,0 +1,41 @@ +--- +id: VPC-Transit-Gateway +title: "VPC Transit Gateway" +type: concept +tags: + - AWS + - Network + - VPC + - Cloud-Migration +last_updated: 2026-04-18 +--- + +## Aliases +- Transit Gateway +- TGW + +## Summary +- **定义**:AWS 中心辐射式网络互联服务,允许跨 VPC 和本地数据中心之间的网络流量路由 +- **用途**:简化复杂网络的连接和管理 +- **云迁移价值**:实现多 VPC 统一网络架构 + +## Key Details +- **核心功能**: + - 跨 VPC 互联(数千个 VPC) + - AWS 与本地数据中心互联(通过 Direct Connect 或 VPN) + - 跨区域互联 + - 路由表控制 +- **优势**: + - 简化网络 architecture(中心辐射模型) + - 减少复杂对等连接管理 + - 集中审计和日志 +- **计费**:按小时和数据量计费 + +## Octane Hub 案例 +- Octane Hub 使用 VPC Transit Gateway 实现网络互联 +- 解决了多 VPC 和本地数据中心连接需求 + +## Connections +- [[AWS]] ← provides ← [[VPC-Transit-Gateway]] +- [[VPC]] ← connected_by ← [[VPC-Transit-Gateway]] +- [[AWS-Organizations]] ← manages ← [[VPC-Transit-Gateway]] \ No newline at end of file diff --git a/wiki/entities/CTP.md b/wiki/entities/CTP.md new file mode 100644 index 00000000..9b52cd0c --- /dev/null +++ b/wiki/entities/CTP.md @@ -0,0 +1,22 @@ +--- +title: "CTP (Cloud Transformation Program)" +type: entity +tags: [Cloud, Transformation, Program] +sources: [] +last_updated: 2026-04-18 +--- + +## Summary +CTP (Cloud Transformation Program) 是云转型计划,涉及将工作负载迁移到 AWS 云。 + +## Definition +CTP (Cloud Transformation Program) 是企业云迁移项目,目标是利用 AWS 等公有云服务重构现有基础设施。 + +## Key Activities +- 云评估与规划 +- 工作负载迁移 +- 备份与灾难恢复策略实施 + +## Related Entities +- [[AWS]] +- [[AWS Backup]] \ No newline at end of file diff --git a/wiki/entities/Holger-Rode.md b/wiki/entities/Holger-Rode.md new file mode 100644 index 00000000..2bc3a612 --- /dev/null +++ b/wiki/entities/Holger-Rode.md @@ -0,0 +1,27 @@ +--- +id: Holger-Rode +title: "Holger Rode" +type: entity +tags: + - Person + - CTO + - Software + - AWS +last_updated: 2026-04-18 +--- + +## Aliases +- Holger + +## Summary +- **角色**:Octane Hub CTO(软件工厂团队负责人) +- **贡献**:分享 Octane Hub 将生产服务迁移到 AWS 的真实经验 +- **专业领域**:云迁移、Docker 容器化、AWS 基础设施 + +## Key Details +- 在 CTP Topic 14 中分享了 Octane Hub 云迁移经验 +- 负责软件工厂团队,管理约 10TB 文件存储和大型 MSSQL 数据库 +- 主导了从 Bibling 数据中心到 AWS Landing Zone 的迁移项目 + +## Connections +- [[Octane-Hub]] ← employed_by ← [[Holger-Rode]] \ No newline at end of file diff --git a/wiki/entities/Octane-Hub.md b/wiki/entities/Octane-Hub.md new file mode 100644 index 00000000..6bdb4758 --- /dev/null +++ b/wiki/entities/Octane-Hub.md @@ -0,0 +1,33 @@ +--- +id: Octane-Hub +title: "Octane Hub" +type: entity +tags: + - Company + - Software + - AWS + - Cloud-Migration +last_updated: 2026-04-18 +--- + +## Aliases +- OctaneHub +- Octane + +## Summary +- **角色**:软件公司 +- **业务**:软件开发和运维 +- **云迁移状态**:已完成从本地数据中心到 AWS 的生产服务迁移 +- **技术栈**:Docker 容器化、Packer + Terraform/TerraGrunt、AWS Landing Zone + +## Key Details +- **CTO**:Holger Rode(软件工厂团队负责人) +- **主要应用**:QuickSee、Release Manager、Patch Manager、安全程序板 +- **基础设施**:约 10TB 文件存储和大型 MSSQL 服务器数据库 +- **迁移动因**:Bibling 数据中心即将关闭 +- **迁移目标**:无缝过渡,紧密镜像现有设置 + +## Connections +- [[AWS]] ← hosted_on ← [[Octane-Hub]] +- [[Holger-Rode]] ← works_at ← [[Octane-Hub]] +- [[Docker-容器化]] ← used_by ← [[Octane-Hub]] \ No newline at end of file diff --git a/wiki/index.md b/wiki/index.md index 8ba78c42..d3c74973 100644 --- a/wiki/index.md +++ b/wiki/index.md @@ -39,6 +39,8 @@ - [Never write another prompt](sources/never-write-another-prompt.md) — 通过工具简化 AI 提示词创建流程 +- [CTP Topic 44 AWS Backup in Micro Focus](sources/ctp-topic-44-aws-backup-in-micro-focus.md) — AWS Backup 服务及其在 Micro Focus 云迁移项目中的应用 + - [养虾日记1:我用 OpenClaw 管了 28 万张照片:一次真实的多设备照片整理实战](sources/养虾日记1-我用-OpenClaw-管了-28-万张照片-一次真实的多设备照片整理实战.md) — 利用 AI Agent 自动化整理 28 万张照片(MD5 去重 + 批次任务 + Cron 定时执行) - [教學 ChatGPT 先做知識整理,再讓 Canva、 Gamma AI 輸出簡報](sources/jiao-xue-chatgpt-xian-zuo-zhi-shi-zheng-li-zai-rang-canva-gamma-ai-shu-chu-jian-bao.md) — AI 简报制作四阶段工作流(ChatGPT 资料研究 + Canva/Gamma 设计) @@ -248,7 +250,10 @@ - [Blogwatcher Daily 技能收藏](sources/blogwatcher-daily-shou-cang.md) — RSS 订阅监控与每日摘要生成自动化 +- [CTP Topic 14 Octane Hub on AWS Real life experience](sources/ctp-topic-14-octane-hub-on-aws-real-life-experience.md) — Octane Hub 将生产服务迁移到 AWS 的真实经验分享 + ## Entities +- [Holger Rode](entities/Holger-Rode.md) — Octane Hub CTO 软件工厂团队负责人 - [Mem0](entities/Mem0.md) — Camp 1 记忆后端领导者,53.1k stars - [MemPalace](entities/MemPalace.md) — 本地优先逐字存储,46.2k stars - [Supermemory](entities/Supermemory.md) — 时间感知记忆,21.8k stars diff --git a/wiki/log.md b/wiki/log.md index 51205448..bf30b10b 100644 --- a/wiki/log.md +++ b/wiki/log.md @@ -1,3 +1,12 @@ +## [2026-04-18] ingest | CTP Topic 14 Octane Hub on AWS Real life experience +- Source file: raw/Cloud & DevOps/Public-Cloud-Learning-Sessions/01_AWS-Landing-Zone/ctp-topic-14-octane-hub-on-aws-real-life-experience-moving-production-services-i.md +- Status: ✅ 成功摄入 +- Summary: Octane Hub 将生产服务从本地数据中心迁移到 AWS 的真实经验分享,涵盖 Docker 容器化、Packer + Terraform 部署、VPC Transit Gateway 网络、EFS vs EBS 存储选型 +- Concepts created: Docker-容器化, Packer, TerraGrunt, VPC-Transit-Gateway, EFS-vs-EBS +- Entities created: Octane-Hub, Holger-Rode +- Source page: wiki/sources/ctp-topic-14-octane-hub-on-aws-real-life-experience.md +- Notes: 云迁移动因是 Bibling 数据中心即将关闭,目标是无缝过渡,初始考虑 EFS 后因性能问题改用 EBS + ## [2026-04-18] ingest | Blogwatcher Daily 技能收藏 - Source file: raw/Skills/blogwatcher-daily收藏.md - Status: ✅ 成功摄入 @@ -1282,15 +1291,15 @@ - Source page: wiki/sources/The-Myths-and-Misconceptions-About-Cloud-Computing-LinkedIn.md - Notes: 与 Cloud Adoption、Cloud Native、Hybrid Cloud、Multi-Cloud 存在概念关联 -## [2026-04-16] ingest | DevOps Maturity Model From Traditional IT to Advanced DevOps +## [2026-04-18] ingest | DevOps Maturity Model From Traditional IT to Advanced DevOps - Source file: raw/Cloud & DevOps/DevOps Maturity Model From Traditional IT to Advanced DevOps.md -- Status: ✅ 成功摄入 +- Status: ✅ 成功复摄 - Summary: DevOps 成熟度五级框架(初始/应急→局部DevOps→自动化与定义→高度优化→完全成熟),涵盖文化与战略、自动化、结构与流程、协作与共享、技术五大评估领域,以及安全集成方法和常见障碍分析 - Entities created: (无新实体) -- Concepts created/updated: DevOps 成熟度模型(新建) +- Concepts created/updated: DevOps 成熟度模型(更新) - Source page: wiki/sources/DevOps-Maturity-Model-From-Traditional-IT-to-Advanced-DevOps.md -- Notes: 与 DevOps、CI/CD 流水线、DevSecOps、IaC、敏捷实践存在概念关联 +- Notes: 复摄更新 source page 内容 ## [2026-04-16] ingest | Ubuntu服务器通过rsync实现日常增量备份 - Source file: raw/Home Office/Ubuntu服务器通过rsync实现日常增量备份.md @@ -1664,6 +1673,15 @@ - Source page: wiki/sources/AI-Memory-Tools-Two-Camps.md - Notes: +## [2026-04-18] ingest | CTP Topic 44 AWS Backup in Micro Focus +- Source file: raw/Cloud & DevOps/Public-Cloud-Learning-Sessions/01_AWS-Landing-Zone/ctp-topic-44-aws-backup-in-micro-focus.md +- Status: ✅ 成功摄入 +- Summary: AWS Backup 服务及其在 Micro Focus 云迁移项目中的应用,涵盖 DR 策略、RTO/RPO、当前备份流程差距 +- Concepts created: AWS Backup, 备份和恢复, RTO, RPO, 不可变性, 法律保留 +- Entities created: CTP, AWS +- Source page: wiki/sources/ctp-topic-44-aws-backup-in-micro-focus.md +- Notes: 与现有灾难恢复、RTO、RPO 概念关联;AWS Backup 作为新概念添加 + ## [2026-04-18] ingest | Install WSL - Source file: raw/Home Office/Install WSL.md - Status: ✅ 成功摄入 diff --git a/wiki/sources/DevOps-Maturity-Model-From-Traditional-IT-to-Advanced-DevOps.md b/wiki/sources/DevOps-Maturity-Model-From-Traditional-IT-to-Advanced-DevOps.md index 008a0f73..67650d53 100644 --- a/wiki/sources/DevOps-Maturity-Model-From-Traditional-IT-to-Advanced-DevOps.md +++ b/wiki/sources/DevOps-Maturity-Model-From-Traditional-IT-to-Advanced-DevOps.md @@ -1,41 +1,68 @@ --- title: "DevOps Maturity Model From Traditional IT to Advanced DevOps" type: source -tags: [DevOps, Maturity Model, Cloud & DevOps] -date: 2024-08-14 -source_file: raw/Cloud & DevOps/DevOps Maturity Model From Traditional IT to Advanced DevOps.md +tags: [] +date: 2025-03-01 --- +## Source File +- [[raw/Cloud & DevOps/DevOps Maturity Model From Traditional IT to Advanced DevOps.md]] + ## Summary -本文介绍了 DevOps 成熟度模型,一个用于评估组织 DevOps 实践水平的分级框架。该模型涵盖五个阶段:从初始/应急阶段(传统瀑布式开发)到完全成熟阶段(持续部署)。模型从文化与战略、自动化、结构与流程、协作与共享、技术五个关键领域进行评估,并提供具体的业务收益、安全集成方法和常见障碍分析。 +- 核心主题:DevOps 成熟度五级框架,从传统 IT 过渡到完全成熟的 DevOps 实践 +- 问题域:组织 DevOps 实践水平评估、持续改进路径规划 +- 方法/机制:五大评估维度 × 五级成熟度阶段,系统化评估组织 DevOps 能力 +- 结论/价值:结构化框架帮助组织识别当前状态、规划改进路径、实现持续交付卓越 ## Key Claims -- DevOps 成熟度模型通过五个阶段帮助组织评估当前实践水平并制定改进路线图 -- 五个成熟度阶段分别为:初始/应急阶段、局部 DevOps、自动化与定义阶段、高度优化阶段、完全成熟阶段 -- 成熟度评估的四个关键领域包括:文化与战略、自动化、结构与流程、协作与共享、技术 -- 高质量 DevOps 成熟度模型应包含:评估标准、成熟度等级、DevOps 实践、相关指标、文化指南、工具与技术、角色与职责 -- 采用 DevOps 成熟度模型可带来更快的调整能力、更好的扩展性、增强的运营绩效、更快的交付时间、改进的质量 +- DevOps 成熟度模型是评估组织 DevOps 实践的结构化框架,帮助评估当前实践、识别改进领域、规划升级路径 +- 五级成熟度:初始/应急 → 局部 DevOps → 自动化与定义 → 高度优化 → 完全成熟 +- 四大评估维度:文化与战略、自动化、结构与流程、协作与共享、技术 +- DevSecOps 核心:将开发、运营、安全融合为统一流程 +- 关键指标:MTTR、MTTD、MTTA、部署频率、变更失败率、回滚率 ## Key Quotes -> "The DevOps maturity model is a structured framework that guides organizations through adopting and implementing DevOps principles." — DevOps 成熟度模型定义 +> "The core of DevOps security is merging development, operations, and security into a unified process." — DevSecOps 核心理念 + +> "DevOps practices help organizations swiftly adjust to evolving market trends and customer needs." — 业务价值体现 ## Key Concepts - [[DevOps 成熟度模型]]:评估组织 DevOps 实践水平的五级框架 -- [[DevOps]]:结合开发与运营实现持续软件交付的方法论 - [[CI/CD 流水线]]:自动化测试、集成和部署的持续交付管道 - [[DevSecOps]]:在 CI/CD 流水线中深度集成安全工具的文化理念 - [[Infrastructure as Code (IaC)]]:通过代码实现一致性、版本控制的基础设施管理 -- [[敏捷实践]]:Scrum、Kanban 等迭代开发方法论 +- [[DevOps 文化]]:打破开发与运维壁垒,优先协作、持续学习和客户导向的文化理念 +- [[MTTR]]:平均恢复时间,衡量故障恢复效率 +- [[IaC]]:基础设施即代码,自动化基础设施管理 ## Key Entities (本文档未涉及需要创建页面的人、公司或产品实体) ## Connections - [[DevOps 成熟度模型]] ← extends ← [[DevOps]] -- [[DevOps 成熟度模型]] ← includes ← [[CI/CD 流水线]] -- [[DevOps 成熟度模型]] ← includes ← [[DevSecOps]] -- [[DevOps 成熟度模型]] ← includes ← [[Infrastructure as Code (IaC)]] -- [[DevOps 成熟度模型]] ← includes ← [[敏捷实践]] +- [[DevSecOps]] ← core_principle ← DevOps 与安全融合 +- [[CI/CD 流水线]] ← enables ← 持续交付 +- [[Infrastructure as Code (IaC)]] ← supports ← 基础设施自动化 ## Contradictions (暂无) + +## 五级成熟度对比 + +| 阶段 | 组织 | 交付 | 自动化 | 测试 | 安全 | 监控 | +|------|------|------|--------|------|------|------| +| Phase1 初始/应急 | 团队孤立工作 | 瀑布式、里程碑驱动 | 手动管理服务器 | 手动测试、瓶颈 | 发布前几周才介入 | 用户报告故障 | +| Phase2 局部 DevOps | 小团队试点合作 | 引入敏捷实践 | 部分自动化 | 单元/集成/E2E 测试 | 独立安全团队 | 关键告警 | +| Phase3 自动化与定义 | 标准流程定义 | 全面敏捷集成 | 大部分基础设施自动化 | 安全扫描集成到开发流程 | 安全参与设计讨论 | 持续监控 | +| Phase4 高度优化 | 跨职能协作 | 频繁部署 | 不可变基础设施 | 性能/负载测试 | 依赖管理、持续监控 | 应用健康追踪 | +| Phase5 完全成熟 | 自治全栈团队 | 每日多部署 | 零人工干预 | 实时数据决策 | 安全门禁 | 最高可用性 | + +## 常见障碍 +- 开发与运维沟通不畅 +- 缺乏明确目标战略 +- 抵制变革 +- 投资不足 +- 治理薄弱 +- 流程僵化 +- 忽略终端用户 +- 与业务流程集成不足 \ No newline at end of file diff --git a/wiki/sources/ctp-topic-14-octane-hub-on-aws-real-life-experience.md b/wiki/sources/ctp-topic-14-octane-hub-on-aws-real-life-experience.md new file mode 100644 index 00000000..e73f29af --- /dev/null +++ b/wiki/sources/ctp-topic-14-octane-hub-on-aws-real-life-experience.md @@ -0,0 +1,74 @@ +--- +id: ctp-topic-14-octane-hub-on-aws-real-life-experience +title: "CTP Topic 14 Octane Hub on AWS: Real-Life Experiences" +type: source +tags: + - AWS + - Octane-Hub + - Migration + - CTP + - Cloud-Migration + - Landing-Zone +sources: + - NAS /volume2/work/Public Cloud Learning Sessions/CTP _ Topic 14_ Octane Hub on AWS_ Real life experience moving production services into the new land.mp4 +last_updated: 2026-04-18 +--- + +## Source File +- [[raw/Cloud & DevOps/Public-Cloud-Learning-Sessions/01_AWS-Landing-Zone/ctp-topic-14-octane-hub-on-aws-real-life-experience-moving-production-services-i.md]] + +## Summary +- **核心主题**:Octane Hub 将生产服务从本地数据中心迁移到 AWS 的真实经验分享 +- **问题域**:云迁移规划、技术选型、网络配置、存储方案、IaC 实施 +- **方法/机制**: + - Docker 容器化部署模式 + - Packer + Terraform/TerraGrunt 基础设施即代码 + - VPC Transit Gateway 网络互联 + - 标签系统资源管理 + - EBS + EFS 分层存储策略 +- **结论/价值**:通过紧密镜像现有设置实现无缝过渡,验证了 Landing Zone 架构的可行性 + +## Key Claims +- Octane Hub 团队使用 Docker 容器运行各种 Web 应用,包括 QuickSee、Release Manager、Patch Manager 等,处理约 10TB 文件存储和大型 MSSQL 数据库 +- 云迁移的动因是 Bibling 数据中心即将关闭,目标是实现无缝过渡,紧密镜像现有设置以避免在 Go Live 期间进行重大技术变更 +- 初始考虑 EFS 用于存储,但因性能问题(数据库无法直接在 EFS 上运行)不适用,改用 EBS 用于实时数据库,EFS 用于备份 +- 部署方式从控制台脚本演变为使用 Packer 构建 AMI,使用 Terraform/TerraGrunt 部署 +- 网络问题需要多次 PCS 请求,与网络团队协作解决,使用 VPC Transit Gateway 并实施标签系统管理访问 +- DNS 设置使用 Cname 指向 AWS software infra.net 域,通过 Route 53 管理 + +## Key Quotes +> "云转型计划提供了帮助,团队在 5 月左右获得了概念验证 Landing Zone 账户的访问权限,随后在 6 月获得了生产账户" +> "团队目标是实现无缝过渡,紧密镜像现有设置以避免在 Go Live 期间进行重大技术变更" +> "最初考虑 EFS 用于存储,但由于性能问题(数据库无法直接在 EFS 上运行)不适用,改用 EBS 用于实时数据库" + +## Key Concepts +- [[Docker-容器化]]:Octane Hub 的主要部署模式,容器化遗留应用实现云就绪 +- [[Packer]]:用于构建自定义 AMI 的工具 +- [[Terraform-TerraGrunt]]:基础设施即代码的部署流程 +- [[VPC-Transit-Gateway]]:AWS 网络互联解决方案 +- [[标签系统]]:基于角色和环境管理资源访问 +- [[EFS-vs-EBS]]:文件存储与块存储的性能差异,EFS 不适合数据库场景 +- [[Multi-Account-Strategy]]:AWS 多账号架构策略 + +## Key Entities +- [[Octane-Hub]]:一家软件公司,演讲者 Holger Rode 为其 CTO 软件工厂团队负责人 +- [[AWS]]:Amazon Web Services,AWS 云平台 +- [[Holger-Rode]]:Octane Hub CTO 软件工厂团队负责人,分享迁移经验 + +## Connections +- [[Octane-Hub]] ← uses ← [[Docker-容器化]] +- [[Docker-容器化]] ← managed_by ← [[Terraform-TerraGrunt]] +- [[AWS-Landing-Zone]] ← enables ← [[Multi-Account-Strategy]] +- [[ctp-topic-14-octane-hub-on-aws-real-life-experience]] ← related_to ← [[ctp-topic-7-saas-landing-zone-design]] + +## Contradictions +- 与 Landing Zone 最佳实践可能存在差异: + - 冲突点:EFS 原被考虑用于存储,后因性能问题放弃 + - 当前观点:数据库应使用 EBS 块存储而非 EFS 文件存储 + - 对方观点:为了简化管理,优先选择托管存储服务 + +## Action Items +- [ ] 评估现有工作负载是否适合容器化 +- [ ] 规划数据库从 MSSQL 到 Postgres 的迁移路径 +- [ ] 检查 EBS/EFS 存储选型是否合理 +- [ ] 制定 DR 和高可用性改进计划 \ No newline at end of file diff --git a/wiki/sources/ctp-topic-44-aws-backup-in-micro-focus.md b/wiki/sources/ctp-topic-44-aws-backup-in-micro-focus.md new file mode 100644 index 00000000..9ba9bfe0 --- /dev/null +++ b/wiki/sources/ctp-topic-44-aws-backup-in-micro-focus.md @@ -0,0 +1,52 @@ +--- +title: "CTP Topic 44 AWS Backup in Micro Focus" +type: source +tags: + - AWS + - Backup + - DR + - CTP +date: 2026-04-14 +--- + +## Source File +- [[raw/Cloud & DevOps/Public-Cloud-Learning-Sessions/01_AWS-Landing-Zone/ctp-topic-44-aws-backup-in-micro-focus.md]] + +## Summary +- 核心主题:AWS Backup 服务及其在 Micro Focus 云迁移项目中的应用 +- 问题域:云数据保护、灾难恢复策略、AWS 托管服务 +- 方法/机制:AWS Backup 集中化备份、跨账户跨区域复制、不可变性保护、法律保留 +- 结论/价值:AWS Backup 提供统一的备份管理,支持 S3、RDS 等服务的托管备份,弥补当前流程的分散式管理缺陷 + +## Key Claims +- AWS Backup 是托管服务,用于集中化和自动化数据保护 +- AWS Backup 支持跨账户和跨区域备份,提供不可变性防止勒索软件威胁 +- S3 和 RDS 时间点恢复可在 1 秒以内完成 +- 当前备份流程是分散的,涉及多个团队,增加错误风险 + +## Key Quotes +> "AWS Backup 是一个托管服务,用于在 AWS 云中集中化和自动化数据保护。" + +> "灾难恢复策略根据 RTO 和 RPO 而有所不同,从备份和恢复到 Active-Active 有四种主要策略。" + +## Key Concepts +- [[AWS Backup]]:AWS 托管服务,集中化数据保护 +- [[RTO]](Recovery Time Objective):恢复时间目标 +- [[RPO]](Recovery Point Objective):恢复点目标 +- [[不可变性]](Immutability):备份防篡改保护机制 +- [[法律保留]](Legal Holds):合规隔离备份 +- [[备份和恢复]](Backup and Restore):最基本的 DR 策略 + +## Key Entities +- [[AWS]]:Amazon Web Services,云服务商 +- [[CTP]]:Cloud Transformation Program,云迁移计划 +- [[CCIE 门户]]:当前管理快照的内部平台 + +## Connections +- [[AWS Backup]] ← depends_on ← [[S3]] +- [[AWS Backup]] ← depends_on ← [[RDS]] +- [[AWS Backup]] ← extends ← [[EC2 Backup]] +- [[RTO]] ← depends_on ← [[灾难恢复策略]] +- [[备份和恢复]] ← implements ← [[RTO]]: 8+ 小时 + +## Contradictions \ No newline at end of file