ishenwei/nexus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Auto-sync: 2026-04-18 17:09

Browse Source
This commit is contained in:
weishen
2026-04-18 17:09:43 +08:00
parent 60d2f8254b
commit 3f2e1765d8
276 changed files with 17241 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
knowledgebase/csd-wiki/ICSD/AC-24.4-Post-Upgrade-Steps_688983025.md Normal file
View File

@@ -0,0 +1,24 @@
# AC-24.4-Post-Upgrade-Steps_688983025
**1\. AC Data Maintenance Jobs - Remove the older Postgres Procedue for purge of the AC services**
As part of ' [Issue 2348102 - \[AC\]: The tasks records for AC services (DataSync & VPS) are not purged, as part of daily maintenance jobs.](https://internal.almoctane.com/ui/entity-navigation?p=97002/32001&entityType=work_item&id=2348102)' we've some changes to the database procedures. Hence we need to delete the existing 'create\_procedues.dlm' file from the below location to have the Data-Maintenance cronjob working as expected.
Steps:
1\. Login the bastion host where the K8s is running.
2\. Goto File Loation: /efs/var/vols/itom/itsma/logging-volume/ac/data-maintenance/logs/itsma-eks/maintenance
(i.e. the NFS mounted patch for data-minaternance\]
3\. Remove the file 'create\_procedures.dlm
rm -r create\_procedures.dlm
File Name: create\_procedures.dlm
Note: Here after the deletion, the file get created newly with the latest changes, once the cron job is scheduled to run next time.
Sample of file path and file name (highlighted)
![](attachments/688983025/688983024.png)
## Attachments:
[image2024-9-20\_17-4-41.png](attachments/688983025/688983024.png) (image/png)

13
knowledgebase/csd-wiki/ICSD/APM---CITI---Reported-Vulnerabilities-and-Issues_696523815.md Normal file
View File

@@ -0,0 +1,13 @@
# APM---CITI---Reported-Vulnerabilities-and-Issues_696523815
| Ticket UT | Vulnerabilities Reported in APM 960 version in March 2025 | Owner | Priority | CPE Cases | Comments | Status | Apply on Staging | Deadline to implement on prod |
| --- | --- | --- | --- | --- | --- | --- | --- | --- |
| SD00496396/IM00495939 | Cross-site Scripting - DOM Based. Issue Discovered from Vulnerability Assessment | SubbaReddy | H1 | OCTIM19G2471704 | - Fix applied on 33F staging farm, positive feedback from customer. | **Closed** | Completed | Completed |
| SD00496831/IM00496084 | Cross-site Scripting (Pre-Authentication) Issue Discovered from Vulnerability Assessment | SubbaReddy | H1 | OCTIM19G2472007 | - Retest successful - Deployed on production environment on the 25th of May | **Closed** | 02 May 2025 | 18 May 2025 |
| SD00496835/IM00496087 | Unauthorized Write Access (Post-authentication) Issue Discovered from Vulnerability Assessment | SubbaReddy | H2 | OCTIM19G2472008 | - H2 issue retest successful - Applied on the Production HF on 20 <sup>th</sup> July. | **Closed** | 22 Jun 2025 | 20 Jul 2025 |
| IM00496092/SD00496846 | Weak Password Complexity Issue Discovered from Vulnerability Assessment | SubbaReddy | H3 | OCTIM19G2472009 | - No password complexity to be implemented, the customer confirmed retest was successful. | **Closed** | | |
| IM00496093/SD00496849 | No Account Lockout After Multiple Failed Attempts Issue Discovered from Vulnerability Assessment | SubbaReddy | H5 | OCTIM19G2472010 | - No password complexity to be implemented, the customer confirmed retest was successful. | **Closed** | | |
| IM00496100/SD00496860 | Sensitive Information Passed in Cleartext in GET URL Issue Discovered from Vulnerability Assessment | SubbaReddy | M2 | OCTIM19G2473081 | - Fix deployed on staging, awaiting customer feedback - Confirmation received from customer that pretest is successful. - To be applied this weekend to prod | **Closed** | 02 May 2025 | 08 Jun 2025 |
| IM00496099/SD00496859 | Suspicious Files Found in Recursive Directory Issue Discovered from Vulnerability Assessment | SubbaReddy | M1 | OCTIM19G2473082 | - Validated with RnD Team that the files are required for APM, justification provided to the customer. The customer confirmed this can be closed | **Closed** | | |
| IM00496101/SD00496861 | Session Remains Active After Logout Issue Discovered from Vulnerability Assessment | SubbaReddy | M3 | OCTIM19G2472092 | - **New fix applied, still not working** - **RnD investigation required.** | Under investigation | 28 Aug 2025 | |
| IM00496102/SD00496863 | Server-Side Request Forgery Issue Discovered from Vulnerability Assessment | SubbaReddy | M4 | OCTIM19G2473083 | **Closed** | 01 Jun 2025 | 22 Jun 2025 |
| IM00495787/SD00496057 | BPM Agents Tab Error | SubbaReddy | H4 | OCTIM19G2471324 | - This was blocked by Vulnerability was detected in 2022, provided the details to customer, pending with VA retest. | **Closed** | Completed | |

15
knowledgebase/csd-wiki/ICSD/APM-Monitoring_686073667.md Normal file
View File

@@ -0,0 +1,15 @@
# APM-Monitoring_686073667
1. [ITOM Cloud Service Delivery](index.html)
2. [ITOM Cloud Service Delivery](ITOM-Cloud-Service-Delivery_681555087.html)
3. [💠3 - Operation & Maintenance](682933064.html)
Created by, last modified by Wei Shen on Feb 08, 2025 EST
- [HCMX APM Monitoring Business Flow](HCMX-APM-Monitoring-Business-Flow_686073715.html)
- [OO APM Monitoring Business Flow](OO-APM-Monitoring-Business-Flow_686073823.html)
- [SMAX APM Monitoring Business Flow](SMAX-APM-Monitoring-Business-Flow_686087711.html)
- [UCMDB APM Monitoring Business Flow](UCMDB-APM-Monitoring-Business-Flow_686073690.html)
Document generated by Confluence on Sep 15, 2025 22:25 EDT
[Atlassian](https://www.atlassian.com/)

70
knowledgebase/csd-wiki/ICSD/AWS-Cognito-User-Creation_708224408.md Normal file
View File

@@ -0,0 +1,70 @@
# AWS-Cognito-User-Creation_708224408
## AWS Cognito users are used for authentication to login to the following Ops tools:
- **SaaS Ops Jenkins Tool** - [https://saas-ops.itsma-ng.net/](https://saas-ops.itsma-ng.net/)
- **ESM SaaS System Health Page Ops Console** - [https://smax-health.saas.microfocus.com/ops](https://smax-health.saas.microfocus.com/ops) (Use this permission to support SaaS 911 case to publish the incident report for customer communication)
- **ESM Saas ELK Log Analysis (OpenSearch)** - Contains 14 days of logs. Currently available only for the following farms: US2, US6/EU8, EU30 (aviator)
- **Grafana Monitors for ESM SaaS Farms**
CSD Ops team have the permission needed to create users in AWS Cognito. Currently, there are 3 user persona's:
- CSD Ops team - admins
- CSD Ops team - team member
- Core CPE Team limited access
To streamline the user creation process, follow the process below to create new users based on their persona.
This process eliminates the need for back and forth and simplifies the new user onboarding. Basically, the Ops team will pre-create the user, login the first time, set the roles and also configure the account so the enduser performs a single step of reset password to gain access.
## Create and Configure User - jenkins admin access needed
1. Login to AWS console using your personal Ops team account. Access account: 361684190412 and set region to United States (Oregon).
2. Access AWS Cognito / User Pools - you should see the existing user pool: "notes-user-pool" Click on notes-user-pool, then click on Users on left menu.
3. Click "Create user" button: use any value for the password but write it down since you will need it in the next step.
4. ![](attachments/708224408/708224302.png)
5. Note down the new user id. You may need to do a search using the email address to get this.
6. Access Jenkins using the new user
1. [https://saas-ops.itsma-ng.net/](https://saas-ops.itsma-ng.net/)
2. Make sure you are logged out of your own account.
3. Login with the new user account using the password you pre-set.
4. You will be forced to set a new password. This one is not important, because we will tell the new user to reset their password on first access.
5. Will get Access Denied message in the screen - at this point, the user has been created in Jenkins and will allow us to setup their profile in the following steps.
6. Logout of new user account.
7. Login to jenkins with your admin account
1. From Jenkins main Dashboard, use the global search at the top to find the new user id like: 333a6473-6b8a-4b16-bbcb-4bd8512e158e
2. Click Configure menu item on left - **NOTE**: you must have jenkins Administrator role. If not, contact one of the team who has the admin role.
3. Set the user Full Name - change it from the id to the first/last name of the user
4. Set the appropriate roles depending if this is a Ops or CPE team member (see section below).
8. Tell the user to access Jenkins URL and have them use the Forgot Password option
## Role Assignment in Jenkins
Ops team should set the role based on the user persona - Ops Admin OR CPE Team member.
1. Login to Jenkins with your Admin user account
2. Click on Manage Jenkins in left menu
3. Scroll down to Security section and click on Manage and Assign Roles
4. Click on Assign Roles in left menu.
5. There are 2 sections and you need to add the user in both: Global roles + Item roles
6. At the bottom of each list, click the Add User button
7. Use the cognito user id like: 333a6473-6b8a-4b16-bbcb-4bd8512e158e
8. ![](attachments/708224408/708224395.png)
9. ![](attachments/708224408/708224406.png)
10. After you add to both lists, make sure to press the Save button
**Related pages**
- Page:
[ESM Cloud Farm Version Tracking](/display/ICSD/ESM+Cloud+Farm+Version+Tracking)
- Page:
[How to get an Opentext Confluence account](/display/ICSD/How+to+get+an+Opentext+Confluence+account)
- Page:
[ITOM APM AppPluse Cloud Farm Information](/display/ICSD/ITOM+APM+AppPluse+Cloud+Farm+Information)
- Page:
[ITOM Cloud Service Ops Doc Management Process](/display/ICSD/ITOM+Cloud+Service+Ops+Doc+Management+Process)
- Page:
[ITOM ESM Cloud Service Catalog](/display/ICSD/ITOM+ESM+Cloud+Service+Catalog)
- Page:
[ITOM OpsB NOM Cloud Service Catalog](/display/ICSD/ITOM+OpsB+NOM+Cloud+Service+Catalog)
- Page:
[OpsB and NOM Cloud Deployments Version Tracking](/display/ICSD/OpsB+and+NOM+Cloud+Deployments+Version+Tracking)

68
knowledgebase/csd-wiki/ICSD/AWS-Infrastructure-Naming-Rules_688988195.md Normal file
View File

@@ -0,0 +1,68 @@
# AWS-Infrastructure-Naming-Rules_688988195
**EC2 Instance**
- eu8-prod-smax-worker
- eu8-prod-cms-worker
- eu8-prod-cms-probe-windows
- eu8-prod-oo-worker
- eu8-prod-monitor-worker
- eu8-prod-logging-worker
- eu8-prod-logging-logstash-linux
- eu8-prod-bastion-server-linux
- eu8-prod-bastion-server-windows
- eu8-prod-vertica-node-linux
- eu8-prod-vertica-mc-linux
- eu8-prod-opb-agent-server-windows
- eu8-prod-sm-server-windows
- eu8-prod-idol-server-windows
- eu8-prod-jenkins-server-linux
**RDS**
**EFS**
- us1-prod-smax-efs
- us1-prod-cms-efs
- us1-prod-oo-efs
- us2-dev-smax-efs
- us2-dev-oo-efs
**Subnets**
- us24-prod-public-subnet-1
- us24-prod-public-subnet-2
- us24-prod-public-subnet-3
- us24-prod-private-subnet-1
- us24-prod-private-subnet-2
- us24-prod-private-subnet-3
- us24-prod-database-subnet-1
- us24-prod-database-subnet-2
**SecurityGroup**:
- us24-prod-bastion-securitygroup
**Backup Plan**
- - us1-prod-aws-backup-plan
- us2-prod-aws-backup-plan
- jp12-stg-aws-backup-plan
Backup Rules
- - us1-prod-6h-backup-rule
- us2-prod-6h-backup-rule
**Resource Assignment**
**S3 bucket for Vertica**
- us2-prod-vertica-data
**S3 bucket for Velero**
**AWS CloudWatch Naming Rules**
Monitoring SMAX Tenant
Carnaries

2
knowledgebase/csd-wiki/ICSD/AWS-RDS-certificate-update--Helm-Fedramp-simulation-ENV_688983269.md Normal file
View File

File diff suppressed because one or more lines are too long

9
knowledgebase/csd-wiki/ICSD/AWS-RDS-certificate-update--Helm-Simulation-env_686088156.md Normal file
View File

File diff suppressed because one or more lines are too long

36
knowledgebase/csd-wiki/ICSD/AWS-account-migrate-to-new-SCP-OU-hierarchy-tracking_691155056.md Normal file
View File

@@ -0,0 +1,36 @@
# AWS-account-migrate-to-new-SCP-OU-hierarchy-tracking_691155056
Note: The change is totally executed by SRE team and CSD team is responsible only for validation after the change is done
| **AWS account #** | **AWS account name** | **Planned Date** | **Execution Date** | **Executed By** | |
| --- | --- | --- | --- | --- | --- |
| 877314495298 | itom-dcasaasdev-ext-stg | Loganathan G | No customer, already applied |
| 756681444987 | itom-dca2-ext-stg | **Feb 16 <sup>th</sup>** | **Mar 2 <sup>nd</sup>** | Loganathan G | |
| 824517076529 | itom-aviator0-ext-stg | **Feb 16 <sup>th</sup>** | **Mar 2 <sup>nd</sup>** | Saisumanth Kanumuri | |
| 551360491749 | itom-esm0-ext-stg | **Feb 16 <sup>th</sup>** | **Mar 2 <sup>nd</sup>** | Mahendra Reddy K | |
| 685481450608 | itom-esm1-ext-stg | **Feb 16 <sup>th</sup>** | **Mar 2 <sup>nd</sup>** | Loganathan G | No customer, backup account |
| 945679946888 | itom-esm2-ext-stg | **Feb 16 <sup>th</sup>** | **Mar 2 <sup>nd</sup>** | Bhargava Lekkala | |
| 752576076998 | itom-dca2-ext-prod | **Feb 23 <sup>th</sup>** | **Mar 16 <sup>th</sup>** | Rejoy MR | |
| 521526956341 | itom-aviator0-ext-prod | **Feb 23 <sup>th</sup>** | **Mar 16 <sup>th</sup>** | Vinod Kumar Keshava Rao | |
| 361684190412 | itom-esm0-ext-trial | **Feb 23 <sup>th</sup>** | **Mar 16 <sup>th</sup>** | Pradeep Acharya | |
| 609729173090 | itom-esm0-ext-prod | **Mar 16 <sup>th</sup>** | **Apr 6 <sup>th</sup>** | Vinod Kumar Keshava Rao | Internal customer |
| 439259180524 | itom-esm3-ext-prod | **Mar 16 <sup>th</sup>** | **Apr 6 <sup>th</sup>** | Rajaram H K | External customers |
| 616654404631 | itom-esm1-ext-prod | **Apr 6 <sup>th</sup>** | **Apr 27 <sup>th</sup>** | Anant Panchal | Key External customers |
| 772889804459 | itom-esm2-ext-prod | **Apr 6 <sup>th</sup>** | **Apr 27 <sup>th</sup>** | Anant Panchal | Key External customers |
| 402637475238 | itom-esm4-ext-prod | **Apr 6 <sup>th</sup>** | **Apr 27 <sup>th</sup>** | Loganathan G | EU managed customers |
**Related pages**
- Page:
[ESM Cloud Farm Version Tracking](/display/ICSD/ESM+Cloud+Farm+Version+Tracking)
- Page:
[How to get an Opentext Confluence account](/display/ICSD/How+to+get+an+Opentext+Confluence+account)
- Page:
[ITOM APM AppPluse Cloud Farm Information](/display/ICSD/ITOM+APM+AppPluse+Cloud+Farm+Information)
- Page:
[ITOM Cloud Service Ops Doc Management Process](/display/ICSD/ITOM+Cloud+Service+Ops+Doc+Management+Process)
- Page:
[ITOM ESM Cloud Service Catalog](/display/ICSD/ITOM+ESM+Cloud+Service+Catalog)
- Page:
[ITOM OpsB NOM Cloud Service Catalog](/display/ICSD/ITOM+OpsB+NOM+Cloud+Service+Catalog)
- Page:
[OpsB and NOM Cloud Deployments Version Tracking](/display/ICSD/OpsB+and+NOM+Cloud+Deployments+Version+Tracking)

134
knowledgebase/csd-wiki/ICSD/Add-OAuth-Authentication---Ops-Only_686065206.md Normal file
View File

@@ -0,0 +1,134 @@
# Add-OAuth-Authentication---Ops-Only_686065206
## Introduction
OAuth is an open protocol to allow secure authorization. Setting up the OAuth authentication enables the suite to verify the identity of users and access users' private resources in the identity provider such as OpenID Connect. Users don't need to share their credentials.
OAuth users can access the tenant after the configurations are completed. The user profile is synced to Suite Administration after the user logs in to the tenant for the first time.
**Limitations:**
OAuth user can't be used for the following integration use cases:
- Publishing Operations Orchestration (OO) flows from OO Designer to OO Central
- SMAX and Design and Deploy (DND) integration
- DND and OO integration via DND integration user
## Collect required info from customer
Before setting up OAuth authentication, collect the following information from the customer:
| Field | Description |
| --- | --- |
| Client ID | The value of the Client ID that you get from the OpenID identity provider. |
| Client Secret | The value of the Client Secret that you get from the OpenID identity provider. |
| HTTP Method | The HTTP method of getting a user's information from the endpoint. The supported values are "GET" and "POST". **Caution:** By selecting The GET option, you are disabling or bypassing security features, thereby exposing the system to increased security risks. By using this option, you understand and agree to assume all associated risks and hold OpenText harmless for the same. |
| IDP URL | The endpoint or URL path provided by the OpenID Identity Provider. If **User Info Endpoint**, **Token Endpoint**, **Authentication Endpoint**, and **Logout Endpoint** are defined as relative paths, the IDP URL will be used as the base URL to construct the endpoint URLs. |
| Username Attribute | The attribute to define a username. |
| User Info Endpoint | An OAuth 2.0 Protected Resource that returns Claims about the authenticated end user. For example, **/userinfo**. |
| Token Endpoint | The token endpoint of the OpenID identity provider. The Token Endpoint is used to obtain a Token Response. For example, **/token**. |
| Authentication Endpoint | The Authorization Endpoint performs authentication of an end user. This is done by sending the user agent to the authorization server's endpoint for authentication and authorization, using request parameters defined by OAuth 2.0 and additional parameters and parameter values defined by OpenID Connect. For example, **/authorize**. |
| Logout Endpoint | The token endpoint where you can end a session. |
| Proxy | The corporate proxy used to connect IdM pods to the OAuth authentication server. |
Besides the above information, customer also needs to provide the claim attribute names for the following user attributes.
| Setting | Required | Description |
| --- | --- | --- |
| First Name | Yes | First name of the user. |
| Family Name | Yes | Family name of the user. |
| Middle Name | No | Middle name of the user. |
| Office Phone Number | No | Office phone number of the user. |
| Home Phone Number | No | Home phone number of the user. |
| Mobile Phone Number | No | Mobile phone number of the user. |
| Zip Code | No | Zip code of the user. |
| Language | No | Language of the user. |
| Customer UID | No | Unique ID. |
| Location | No | Location of the user. |
## Configure proxy
Before adding an OAuth authentication, check if your network is working.
To check if the endpoint is accessible in container:
1. Go to the container by running this command: kubectl exec -ti <IdM pod> -n <suite namespace> -c idm -- bash
2. Run a curl command to check if the token or userinfo is returned.
For example, for keycloak: curl -k https://<OAuth IDP FQDN>:<Port>/auth/realms/<realm>/protocol/openid-connect/userinfo
A sample successful connection looks like below: {"error":"invalid\_request","error\_description":"Token not provided"}
A failed connection looks like below: curl: (7) Failed to connect to <OAuth IDP FQDN:Port>: Connection refused
If the connection fails, add your company's proxy settings to the deployment:
1. Log in to a bastion node as root or a sudo user, and run the following command to update the IdM deployment:
`kubectl edit deployment idm -n <suite namespace> `
2. Press i and add the following to the env section:
`- name: HTTPS_PROXY   value: <proxy> - name: HTTP_PROXY   value: <proxy>`
3. Press:wq to save the file and quit. Wait until the idm pod is running. You can run the following command to check the idm pod status:
`kubectl get pods -n <suite namespace> | grep idm`
To add the OAuth authentication, create a configuration for OAuth, and then create a configuration group for the OAuth configuration.
### Create an OAuth configuration
To create an OAuth configuration, follow these steps:
1. In Suite Administration, click the **IdM settings** tab in the tenant detail page. The system opens the **Authentication** page for the corresponding organization in the IdM Admin Portal of the suite.
2. From the **CONFIGURATIONS** section, click to add one authentication.
3. Select **OAUTH** as the authentication type from the drop-down list, and then click **CREATE**.
4. Enter the related OAuth configuration settings. You can get the information from your OpenID identity provider. See OMT doc [Set up OAuth 2.0 authentication - OPTIC Management Toolkit (microfocus.com)](https://staging.docs.microfocus.com/doc/OMT/Main/SetUpOAuth) for more information.
<table><tbody><tr><th>Field</th><th>Required</th><th>Description</th></tr><tr><td>Display Name</td><td>Yes</td><td>The display name of this configuration.</td></tr><tr><td>Shared in same family</td><td>No</td><td>Share the authentication settings within the same family. The supported values are "false" and "true''. See OMT doc.</td></tr><tr><td>Client ID</td><td>Yes</td><td>The value of Client ID that you get from the OpenID identity provider.</td></tr><tr><td>Client Secret</td><td>Yes</td><td>The value of Client Secret that you get from the OpenID identity provider.</td></tr><tr><td>HTTP Method</td><td>Yes</td><td>The HTTP method of getting a user's information from the endpoint. The supported values are "GET" and "POST".<br><strong>Caution:</strong> By selecting The GET option, you are disabling or bypassing security features, thereby exposing the system to increased security risks. By using this option, you understand and agree to assume all associated risks and hold <code>OpenText</code> harmless for the same.</td></tr><tr><td>IDP URL</td><td>Yes</td><td>The endpoint or URL path provided by the OpenID Identity Provider. The URL set for "Redirect URL" will be directed to the IDP URL.</td></tr><tr><td>Redirect URI</td><td>Yes</td><td>The value of redirect URI of the IDM URL for login. See OMT doc.</td></tr><tr><td>Scope</td><td>Yes</td><td>The value of scope. For example, "openid email". See OMT doc.</td></tr><tr><td>State Supported</td><td>No</td><td>Whether support the State Supported feature. The supported values are "false" and "true''. See OMT doc.</td></tr><tr><td>Username Attribute</td><td>Yes</td><td>The attribute to define a username.</td></tr><tr><td>User Info Endpoint</td><td>No</td><td>An OAuth 2.0 Protected Resource that returns Claims about the authenticated end user. For example, /userinfo.</td></tr><tr><td>Token Endpoint</td><td>Yes</td><td>The token endpoint of the OpenID identity provider. The Token Endpoint is used to obtain a Token Response. For example, /token.</td></tr><tr><td>Authentication Endpoint</td><td>Yes</td><td>The Authorization Endpoint performs authentication of an end user. This is done by sending the user agent to the authorization server's endpoint for authentication and authorization, using request parameters defined by OAuth 2.0 and additional parameters and parameter values defined by OpenID Connect. For example, /authorize.</td></tr><tr><td>Logout Endpoint</td><td>No</td><td colspan="1">The token endpoint where you can end a session.</td></tr><tr><td colspan="1">Additional Parameter</td><td colspan="1">No</td><td colspan="1">The additional parameter for authentication. See OMT doc.</td></tr></tbody></table>
5. Click **SAVE**.
### Create a configuration group for OAuth
To create a configuration group for OAuth, follow these steps:
1. After you create an OAuth configuration, from the **CONFIGURATION GROUPS** section, click to add an authentication group.
2. In the **Name** field, enter **oauth**.
3. In the **Display Name** field, enter a display name for the authentication group.
4. In **Authentication Group Type**, select the authentication group type (or types).
If you select **WEB Default**, IdM will use this authentication group by default when a user logs in through the UI. Changing the authentication method for UI logins using this option won't sync with Suite Administration. To effect this change, use the **default login type** field on the tenant's General tab within Suite Administration.
Don't select the **API Default** option.
5. In the **Configurations** field, select the OAuth authentication configuration that you just created. You can add only one OAuth authentication configuration to the OAuth configuration group.
6. Click **SAVE**.
### Example: configure OAuth authentication with Google accounts
To enable OAuth-based Google Sign-In on a SMAX tenant:
1. Log in to Suite Administration, go to **Tenants**, and select the tenant that you want to enable OAuth-based Google Sign-In.
2. Click the **IdM settings** tab in the tenant detail page, from the **CONFIGURATIONS** section, click to add one authentication.
3. Select **OAUTH** as the authentication type, and then click **CREATE**.
4. Enter the following OAuth configuration settings.
<table><tbody><tr><th>Field</th><th>Description</th></tr><tr><td>Display Name</td><td>The display name of this configuration.</td></tr><tr><td>Client ID</td><td>The value of Client ID that you get from step 5 above.</td></tr><tr><td>Client Secret</td><td>The value of Client Secret that you get from step 5 above.</td></tr><tr><td>IDP URL</td><td><a href="https://accounts.google.com/">https://accounts.google.com</a></td></tr><tr><td>Scope</td><td>openid profile email</td></tr><tr><td>User Info Endpoint</td><td><a href="https://openidconnect.googleapis.com/v1/userinfo">https://openidconnect.googleapis.com/v1/userinfo</a></td></tr><tr><td>Token Endpoint</td><td><a href="https://oauth2.googleapis.com/token">https://oauth2.googleapis.com/token</a></td></tr><tr><td>Authorization Endpoint</td><td><a href="https://accounts.google.com/o/oauth2/v2/auth">https://accounts.google.com/o/oauth2/v2/auth</a></td></tr><tr><td>Logout Endpoint</td><td colspan="1"><a href="https://accounts.google.com/Logout">https://accounts.google.com/Logout</a><br></td></tr><tr><td colspan="1">Additional Parameter</td><td colspan="1">The additional parameter for authentication.</td></tr></tbody></table>
5. Click **SAVE**.
### Example: configure OAuth authentication with Azure accounts
1. Go to IdM admin portal.
2. Click **Authentication** and click **Add**. In the dialog box that appears, select **OAUTH** and click **Create**.![](attachments/686065206/686065196.png)
After clicking **Create**, the following page will appear.
![](attachments/686065206/686065199.png)
**Check the information provided by the customer at the top of this page and use those info when configuring the fields here.**
- **Client Id**: the application (client) ID.
- **Client secret**: the secret value.
- **Http Method**: Use the info provided by the customer
- **Idp URIs**: choose any endpoint URL in step 1.5, fragment the url and end with **"/v2.0"**.
Example: endpoint url: [https://login.microsoftonline.com/856b813c-16e5-49a5-85ec-6f081e13b527/oauth2/v2.0/authorize](https://login.microsoftonline.com/856b813c-16e5-49a5-85ec-6f081e13b527/oauth2/v2.0/authorize)
fragment: [https://login.microsoftonline.com/856b813c-16e5-49a5-85ec-6f081e13b527/oauth2/v2.0](https://login.microsoftonline.com/856b813c-16e5-49a5-85ec-6f081e13b527/oauth2/v2.0/authorize)
- **Username Attribute:** Use the info provided by the customer
- **Userinfo Endpoint**: [https://graph.microsoft.com/oidc/userinfo](https://graph.microsoft.com/oidc/userinfo) (in Azure, the userinfo endpoint is special, the way to get the URL will be introduced in the following document.)
- **Token Endpoint**: [/token](https://oauth2.googleapis.com/token)
- **Authentication Endpoint**: [/](https://oauth2.googleapis.com/token) authorize
- **Logout Endpoint**: Suggested: /logout. If you want to redirect to another place, you can attach the URL at the end, such as: /logout?post\_logout\_redirect\_uri= [https://<FQDN>:<Port>/<targetURL>/](https://sgdlitvm0172.hpeswlab.net:8888/idm-admin/) (**the URL structure should be corresponding with the vendor's reguirements, some vendor may not following the standardized protocol, please refer to the offical documents**)
#### Related topic
Microsoft identity platform and OpenID Connect protocol \[[https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-protocols-oidc#send-a-sign-out-request](https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-protocols-oidc#send-a-sign-out-request)\]

884
knowledgebase/csd-wiki/ICSD/Alert-Runbooks-based-on-monitoring_686083866.md Normal file
View File

@@ -0,0 +1,884 @@
# Alert-Runbooks-based-on-monitoring_686083866
## Alerts, Description and Actions
Alerts comes with monitoring and experience.
Here is a reference list of items to be sent as alerts. [A grafana monitoring dashboards](https://github.houston.softwaregrp.net/smax-saas-ops/ESM-Saas-Monitoring) are developed based on below list.
### Alert Runbook: \[ S0 - Urgent \] \[ farm-name \] ALB HTTP 5XX Count alert
**Alert Description:** This alert is triggered when there are more than 34 5xx errors triggered on frontend in 3mins. Multiple end user may experience a production issue on their side.
**Alert Severity:** S0 - Urgent
**Alert Trigger Conditions:**
- Metric: ALB HTTP 5XX Count
- Threshold: 34
- Duration: 3 minutes
**Actions:**
1. Check whether there is any other time-correlated alerts reporting.
### Alert Runbook: \[ S3 - Warning \] \[ farm-name \] EBS Disk Queue Depth alert
**Alert Description:** This alert is triggered when EBS disk queue depth more than 5 for more than 10 mins. The tasks on the storage is being queued.
**Alert Severity:** S3 - Warning
**Alert Trigger Conditions:**
- Metric: EBS disk queue depth
- Threshold: 5
- Duration: 10 minutes
**Actions:**
1. Check
1. whether EBS is running out of credits via EBS burst balance dashboard (Same Dashboard in the infrastructure page).
2. whether there is a big load against EBS storage.
2. Todo
1. No action is required. Usually if it's node level issue, AWS autoscaling group will replace the node after a while.
### Alert Runbook: \[ S2 - Error \] \[ farm-name \] EBS Burst Balance Average alert
**Alert Description:** This alert is triggered when EBS burst balance below 40% for more than 30 mins. The load on EBS is high and the burst balance may not fulfill the request in the following quarter/hour.
**Alert Severity:** S2 - Error
**Alert Trigger Conditions:**
- Metric: EBS burst balance
- Threshold: 40%
- Duration: 30 minutes
**Actions:**
1. Check
1. keep monitoring whether EBS is running out of credits via EBS burst balance dashboard soon (Same Dashboard in the infrastructure page).
2. whether there is a big load against EBS storage.
2. Todo
1. Usually there is no action required, if the alert persists, then it's a critical issue. Please follow the todo when Burst Balance is 0.
### Alert Runbook: \[ S0 - Urgent \] \[ farm-name \] EBS Burst Balance Average alert
**Alert Description:** This alert is triggered when EBS burst balance EBS burst balance is 0. The tasks on the storage is being queued. Everything via EBS IO will be slowed down.
**Alert Severity:** S0 - Urgent
**Alert Trigger Conditions:**
- Metric: EBS burst balance
- Threshold: 0
- Duration: immediately
**Actions:**
1. Check
1. whether EBS is running out of credits via EBS burst balance dashboard (Same Dashboard in the infrastructure page).
2. whether there is a big load against EBS storage.
2. Todo
1. Manually login to the system to check whether it's slowing down the system, if it has been slowed down dramatically, choose one of below options to fix
1. Switch the EBS to GP3 with a specified IOPS (in general default 3000/12000 should be enough, if not you may enlarge it to 18000, need to switch back to 3000/12000 once the issue is fixed)
### Alert Runbook: \[ S2 - Error \] \[ farm-name \] EFS Burst Credit Balance alert
**Alert Description:** This alert is triggered when Burst credit below 40% for more than 30 mins. The tasks on the storage will be queued soon.
**Alert Severity:** S2 - Error
**Alert Trigger Conditions:**
- Metric: EFS Burst Credit Balance
- Threshold: 40%
- Duration: 30 minutes
**Actions:**
1. Check
1. whether EFS is running out of credits via EFS burst credit dashboard (Same Dashboard in the infrastructure page).
2. whether there is a big load against EBS storage.
2. Todo
1. Manually login to the system to check whether it's slowing down the system, if it has been slowed down dramatically, choose one of below options to fix
1. Usually there is no action required, if the alert persists, then it's a critical issue.
### Alert Runbook: \[ S0 - Urgent \] \[ farm-name \] EFS Burst Credit Balance alert
**Alert Description:** This alert is triggered when EFS Burst credit is 0. The tasks on the storage is being queued. Everything via EFS IO will be slowed down.
**Alert Severity:** S0 - Urgent
**Alert Trigger Conditions:**
- Metric: EFS Burst credit
- Threshold: 0
- Duration: immdediatey
**Actions:**
1. Check
1. whether EFS is running out of credits via EFS burst credit dashboard (Same Dashboard in the infrastructure page).
2. whether there is a big load against EBS storage.
2. Todo
1. Manually login to the system to check whether it's slowing down the system, if it has been slowed down dramatically, choose one of below options to fix
1. Switch the EFS to throughput mode (for example: 60 - 100 MB/s, need to switch back once the issue is fixed)
### Alert Runbook: \[ S2 - Error \] \[ farm-name \] RDS CPU Utilization alert
**Alert Description:** This alert is triggered when RDS CPU more than 97% for more than 60 mins. The overall CPU usage is more than 97% for more than one hour.
**Alert Severity:** S2 - Error
**Alert Trigger Conditions:**
- Metric: RDS CPU Utilization
- Threshold: 97%
- Duration: 60mins
**Actions:**
1. Check
1. performance insight for top queries for anything taking more CPU
2. Todo
1. Keep monitoring and check whether other metrics on Database is abnormal.
2. Get top 10 query information.
### Alert Runbook: \[ S2 - Error \] \[ farm-name \] RDS cpuUtilization System alert
**Alert Description:** This alert is triggered when RDS sy: system >70% for more than 60 mins. The CPU is spending more time on system level processing instead of handling the business flow.
**Alert Severity:** S2 - Error
**Alert Trigger Conditions:**
- Metric: RDS cpuUtilization System
- Threshold: 70%
- Duration: 60mins
**Actions:**
1. Check
1. performance insight for top queries for anything taking more CPU
2. Todo
1. Keep monitoring and check whether other metrics on Database is abnormal.
### Alert Runbook: \[ S2 - Error \] \[ farm-name \] RDS CPU Soft Interrupts alert
**Alert Description:** This alert is triggered when RDS si: soft interrupts > 15% for more than 60 mins. The CPU is spending more time on system level processing instead of handling the business flow.
**Alert Severity:** S2 - Error
**Alert Trigger Conditions:**
- Metric: RDS CPU Soft Interrupts
- Threshold: 15%
- Duration: 60mins
**Actions:**
1. Check
1. performance insight for top queries for anything taking more CPU
2. Todo
1. Keep monitoring and check whether other metrics on Database is abnormal.
### Alert Runbook: \[ S3 - Warning \] \[ farm-name \] RDS Disk queue depth alert
**Alert Description:** This alert is triggered when RDS EBS disk queue depth more than 5 for more than 10 mins. The tasks on the storage is being queued.
**Alert Severity:** S3 - Warning
**Alert Trigger Conditions:**
- Metric: RDS Disk queue depth
- Threshold: 5
- Duration: 10mins
**Actions:**
1. Check
1. whether EBS is running out of credits via EBS burst balance dashboard (Same Dashboard in the infrastructure page).
2. whether there is a big load against EBS storage.
### Alert Runbook: \[ S2 - Error \] \[ farm-name \] RDS Disk Free Storage Space alert
**Alert Description:** This alert is triggered when RDS disk Free Storage Space is below 500 MB. The instance is running out of storage.
**Alert Severity:** S2 - Error
**Alert Trigger Conditions:**
- Metric: RDS Disk Free Storage Space
- Threshold: 500
- Duration: immdediatey
**Actions:**
1. Todo
a. Add more storage to EBS
b. Enable storage auto-scaling
### Alert Runbook: RDS storage auto-scaling quota is not enough
**Alert Description:** This alert is triggered when Storage don't has enough space to auto-scale, (Free Space + Max Autoscaling Storage - Allocated Storage) / Allocated Storage < 0.2. The instance is running out of storage.
**Alert Severity:** S2 - Error
**Alert Trigger Conditions:**
- Metric: Free Space + Max Autoscaling Storage - Allocated Storage) / Allocated Storage
- Threshold: 0.2
- Duration: TBD
**Actions:**
1. Todo
1. Increase the max auto-scaling storage size.
### Alert Runbook: \[ S2 - Error \] \[ farm-name \] RDS Free Memory Percentage alert
**Alert Description:** This alert is triggered when RDS free memory less than 5% for more than 5 mins. The instance will running out of memory soon.
**Alert Severity:** S2 - Error
**Alert Trigger Conditions:**
- Metric: RDS Free Memory Percentage
- Threshold: 5%
- Duration: 5mins
**Actions:**
1. Check
Login to AWS console → RDS → Monitoring to check whether swap usage is increasing
2. Todo
a. Keep monitoring
b. considering rolling restart current deployment, for example, gateway/platform/serviceportal
### Alert Runbook: \[ S0 - Urgent \] \[ farm-name \] RDS Free Memory Percentage alert
**Alert Description:** This alert is triggered when free memory less than 2% for more than 5 mins. The instance will running out of memory soon.
**Alert Severity:** S0 - Urgent
**Alert Trigger Conditions:**
- Metric: RDS Free Memory Percentage
- Threshold: 2%
- Duration: 5mins
**Actions:**
1. Check
1. Login to AWS console → RDS → Monitoring to check whether swap usage is increasing
2. Todo
1. considering rolling restart current deployment, for example, gateway/platform/serviceportal
2. If it's happening for 2-3 times a day and the swap usage is higher. Need to
1. consider scaling up RDS. Usually double the memory size.
2. Do DB tuning based on the query which is identified as memory consuming
### Alert Runbook: \[ S2 - Error \] \[ farm-name \] RDS Burst Balance alert
**Alert Description:** This alert is triggered when RDS Burst Balance below 40% for more than 30 mins. The load on EBS is high and the burst balance may not fulfill the request in the following quarter/hour.
**Alert Severity:** S2 - Error
**Alert Trigger Conditions:**
- Metric: RDS Burst Balance
- Threshold: 40%
- Duration: 30mins
**Actions:**
1. Check
1. keep monitoring whether EBS is running out of credits via EBS burst balance dashboard soon (Same Dashboard in the infrastructure page).
2. whether there is a big load against EBS storage.
2. Todo
1. Usually there is no action required, if the alert persists, then it's a critical issue. Please follow the todo when Burst Balance is 0.
### Alert Runbook: \[ S0 - Urgent \] \[ farm-name \] RDS Burst Balance alert
**Alert Description:** This alert is triggered when RDS Burst Balance is 0. The tasks on the storage is being queued. Everything via EBS IO will be slowed down.
**Alert Severity:** S0 - Urgent
**Alert Trigger Conditions:**
- Metric:RDS Burst credit
- Threshold: 0
- Duration: immediately
**Actions:**
1. Check
1. whether EBS is running out of credits via EBS burst balance dashboard (Same Dashboard in the infrastructure page).
2. whether there is a big load against EBS storage.
2. Todo
1. Manually login to the system to check whether it's slowing down the system, if it has been slowed down dramatically, choose one of below options to fix
1. Switch the EBS to GP3 with a specified IOPS (in general default 12000 should be enough, if not you may enlarge it to 18000, need to switch back to 12000 once the issue is fixed)
2. Add more storage to the EBS
### Alert Runbook: \[ S2 - Error \] \[ farm-name \] SMA/CMS RDS DBLoad alert
**Alert Description:** This alert is triggered when DBLoad is more than 2 times of CPU number for more than one hour(AWS Specific, via performance insight). The database is overloaded.
**Alert Severity:** S2 - Error
**Alert Trigger Conditions:**
- Metric:RDS DBLoad
- Threshold: 2 times of CPU number
- Duration: 1 hour
**Actions:**
1. Check
1. AWS console → RDS → Performance Insight to check which kind of operation is taking the most of time
### Alert Runbook: \[ S1 - Critical \] \[ farm-name \] SMA/CMS RDS DBLoad alert
**Alert Description:** This alert is triggered when DBLoad is more than 4 times of CPU number for more than one hour. The database is mostly overloaded on CPU.
**Alert Severity:** S1 - Critical
**Alert Trigger Conditions:**
- Metric:RDS DBLoad
- Threshold: 4 times of CPU number
- Duration: one hour
**Actions:**
1. Check
1. AWS console → RDS → Performance Insight to check which kind of operation is taking the most of time
### Alert Runbook: \[ S3 - Warning \] \[ farm-name \] SMA/CMS RDS DBLoadNonCPU alert
**Alert Description:** This alert is triggered when DBLoadNonCPU is more than 1 times of CPU number more than one hour. The database is blocked on some areas other than CPU, it can be blocked by DB locks, read/write IO and other reasons.
**Alert Severity:** S3 - Warning
**Alert Trigger Conditions:**
- Metric:RDS DBLoadNonCPU
- Threshold: 1 times of CPU number
- Duration: 1 hour
**Actions:**
1. Check
1. AWS console → RDS → Performance Insight to check which operation is taking the most of time
### Alert Runbook: \[ S2 - Error \] \[ farm-name\] Node CPU Usage alert
**Alert Description:** This alert is triggered when node CPU more than 97% for more than 60 mins. The instance is almost running out of CPU for more than 60 mins.
**Alert Severity:** S2 - Error
**Alert Trigger Conditions:**
- Metric:Node CPU Usage
- Threshold: 97%
- Duration: 60mins
**Actions:**
1. Todo
1. Keep monitoring
### Alert Runbook: \[ S2 - Error \] \[ farm-name \] Node CPU System alert
**Alert Description:** This alert is triggered when node sy: system >70% for more than 60 mins. The instance too busy on its own system operation to handle the tasks for normal business.
**Alert Severity:** S2 - Error
**Alert Trigger Conditions:**
- Metric:Node CPU System
- Threshold: 70%
- Duration: 60mins
**Actions:**
1. Todo
1. Keep monitoring
### Alert Runbook: \[ S2 - Error \] \[ farm-name \] Node CPU Soft Interrupts alert
**Alert Description:** This alert is triggered when node si: soft interrupts > 15% for more than 60 mins. The instance is almost running out of CPU for more than 60 mins.
**Alert Severity:** S2 - Error
**Alert Trigger Conditions:**
- Metric:Node CPU Soft Interrupts
- Threshold: 15%
- Duration: 60mins
**Actions:**
1. Todo
1. Keep monitoring
### Alert Runbook: \[ S3 - Warning \] \[ farm-name \] Node Mem Usage alert
**Alert Description:** This alert is triggered when node memory more than 95% for more than 10 mins. The instance is almost running out of Mem for more than 60 mins.
**Alert Severity:** S3 - Warning
**Alert Trigger Conditions:**
- Metric:Node Mem Usage
- Threshold: 95%
- Duration: 10mins
**Actions:**
1. Todo
1. Keep monitoring
### Alert Runbook: \[ S3 - Warning \] \[ farm-name \] Node Disk Usage alert
**Alert Description:** This alert is triggered when node disk usage more than 95%. The instance is almost running out of disk.
**Alert Severity:** S3 - Warning
**Alert Trigger Conditions:**
- Metric:Node Disk Usage
- Threshold: 95%
- Duration: immdediatey
**Actions:**
1. Todo
1. Add more storage to the disk
### Alert Runbook: \[ S3 - Warning \] \[ farm-name \] Disk Inode Usage alert
**Alert Description:** This alert is triggered when disk inode usage is more than 97%. The instance will be blocked by the soft limit on OS level (Inode) very soon.
**Alert Severity:** S3 - Warning
**Alert Trigger Conditions:**
- Metric:Disk Inode Usage
- Threshold: 97%
- Duration: immdediatey
**Actions:**
1. Todo
1. Restart pods on the instance to release inode usage
2. If above step cannot help, need to open an incident for further analysis.
### Alert Runbook: \[ S3 - Warning \] \[ farm-name \] Node Load Avg 15m/core
**Alert Description:** This alert is triggered when node Load Avg 15m/core number > 200% for 35 mins. The instance is overloaded for more than 35 mins.
**Alert Severity:** S3 - Warning
**Alert Trigger Conditions:**
- Metric:Node Load Avg 15m/core
- Threshold: 2
- Duration: 35mins
**Actions:**
1. Todo
1. Keep monitoring
2. If it happens multiple times in a day, run the rebalancing pod script.
### Alert Runbook: \[ S2 - Error \] \[ farm-name \] Pod CPU usage alert
**Alert Description:** This alert is triggered when CPU more than 97% for more than 60 mins. The instance is almost running out of CPU for more than 60 mins.
**Alert Severity:** S2 - Error
**Alert Trigger Conditions:**
- Metric:Pod CPU usage
- Threshold: 97%
- Duration: 60mins
**Actions:**
1. Todo
1. Keep monitoring
### Alert Runbook: \[ S3 - Warning \] \[ farm-name \] Pod Inode Usage alert
**Alert Description:** This alert is triggered when pod Inode usage(free/total) is more than 97%. The instance will be blocked by the soft limit on OS level (Inode) very soon.
**Alert Severity:** S3 - Warning
**Alert Trigger Conditions:**
- Metric:Pod Inode Usage
- Threshold: 97%
- Duration: immdediatey
**Actions:**
1. Todo
1. Restart pods on the instance to release inode usage
2. If above step cannot help, need to open an incident for further analysis.
### Alert Runbook: \[ S0 - Urgent \] \[ farm-name \] SMA Unavailable k8s resource alert
**Alert Description:** This alert is triggered when these services (portal / runtime ui/ gateway/ platform / redis / rabbitmq / bo-login / idm / bo-ats / ingress-nginx / sma-ui / bo-farcade) are not available now.
**Alert Severity:** S0 - Urgent
**Alert Trigger Conditions:**
- Metric:services not available
- Threshold: 0
- Duration: immdediatey
**Actions:**
1. Todo
1. Run 'kubectl describe <pod name> -n <namespace>' and 'kubectl logs <pod name> -n <namespace>' to understand the reason of the failure
2. Try to fix based on the results from step 1.
### Alert Runbook: \[ S2 - Error \] \[ farm-name \] SMA Unavailable k8s resource alert
**Alert Description:** This alert is triggered when these services (others not in S0, search related (content, DIH, DAH, search, proxy) / auto pass / bo-ui / bo-user) are not available now.
**Alert Severity:** S2 - Error
**Alert Trigger Conditions:**
- Metric:services not available
- Threshold: 0
- Duration: immdediatey
**Actions:**
1. Todo
1. Run 'kubectl describe <pod name> -n <namespace>' and 'kubectl logs <pod name> -n <namespace>' to understand the reason of the failure
2. Try to fix based on the results from step 1.
### Alert Runbook: \[ S3 - Warning \] \[ farm-name \] SMA Unavailable k8s resource alert
**Alert Description:** This alert is triggered when these services (XMPP / XIE / Smart Ticket / stx / virtual agent / ppo / web socket gateway / smart-ui / ocr / smarta-installer ) are not available now.
**Alert Severity:** S3 - Warning
**Alert Trigger Conditions:**
- Metric:services not available
- Threshold: 0
- Duration: immdediatey
**Actions:**
1. Todo
1. Run 'kubectl describe <pod name> -n <namespace>' and 'kubectl logs <pod name> -n <namespace>' to understand the reason of the failure
2. Try to fix based on the results from step 1.
### Alert Runbook: \[ S4 - Info \] \[ farm-name \] SMA Unavailable k8s resource alert
**Alert Description:** This alert is triggered when services out side of ESM / toolkit are not available now.
**Alert Severity:** S4 - Info
**Alert Trigger Conditions:**
- Metric:services not available
- Threshold: 0
- Duration: immdediatey
**Actions:**
1. Todo
1. Run 'kubectl describe <pod name> -n <namespace>' and 'kubectl logs <pod name> -n <namespace>' to understand the reason of the failure
2. Try to fix based on the results from step 1.
### Alert Runbook: \[ S0 - Urgent \] \[ farm-name \] CMS Unavailable k8s resource alert
**Alert Description:** This alert is triggered when these services (itom-cms-gateway, itom-idm, itom-ingress-controller, itom-ucmdb-browser, tom-ucmdb-solr, itom-ucmdb) are not available now.
**Alert Severity:** S0 - Urgent
**Alert Trigger Conditions:**
- Metric:services not available
- Threshold: 0
- Duration: immdediatey
**Actions:**
1. Todo
1. Run 'kubectl describe <pod name> -n <namespace>' and 'kubectl logs <pod name> -n <namespace>' to understand the reason of the failure
2. Try to fix based on the results from step 1.
### Alert Runbook: \[ S2 - Error \] \[ farm-name \] CMS Unavailable k8s resource alert
**Alert Description:** This alert is triggered when these services ( itom-autopass-lms, itom-vault) are not available now.
**Alert Severity:** S2 - Error
**Alert Trigger Conditions:**
- Metric:services not available
- Threshold: 0
- Duration: immdediatey
**Actions:**
1. Todo
1. Run 'kubectl describe <pod name> -n <namespace>' and 'kubectl logs <pod name> -n <namespace>' to understand the reason of the failure
2. Try to fix based on the results from step 1.
### Alert Runbook: \[ S4 - Info \] \[ farm-name \] CMS Unavailable k8s resource alert
**Alert Description:** This alert is triggered when these services ( itom-ucmdb-probe, itom-ucmdb-dfp-lunux-installer, itom-ucmdb-dfp-windows-installer, itom-ucmdb-localclient-installers ) are not available now.
**Alert Severity:** S4 - Info
**Alert Trigger Conditions:**
- Metric:services not available
- Threshold: 0
- Duration: immdediatey
**Actions:**
1. Todo
1. Run 'kubectl describe <pod name> -n <namespace>' and 'kubectl logs <pod name> -n <namespace>' to understand the reason of the failure
2. Try to fix based on the results from step 1.
### Alert Runbook: Pod Load Avg 10s
**Alert Description:** This alert is triggered when Pod Load Avg 10s is more than 200% for 35mins.
**Alert Severity:** S3 - Warning
**Alert Trigger Conditions:**
- Metric:Pod Load Avg 10s
- Threshold: 200%
- Duration: 35mins
**Actions:**
1. Todo
1. Keep monitoring
2. If it happens multiple times in a day, run the rebalancing pod script.
### Alert Runbook: \[ S3 - Warning \] \[ farm-name \] SmartA Data Compact Ration alert
**Alert Description:** This alert is triggered when content data ratio(total doc/committed doc) is more than 1.20. All the query against the IDOL will take more time and get slowed down.
**Alert Severity:** S3 - Warning
**Alert Trigger Conditions:**
- Metric:SmartA Data Compact Ration
- Threshold: 1.20
- Duration: immdediatey
**Actions:**
1. Todo
1. Run the jenkins job of IDOL compact.
2. Or follow the steps in the guide below
[https://docs.microfocus.com/doc/SMAX/23.4/Searchslow](https://docs.microfocus.com/doc/SMAX/23.4/Searchslow)
### Alert Runbook: \[ S3 - Warning \] \[ farm-name \] Rabbitmq Queue alert
**Alert Description:** This alert is triggered when each rabbitmq node queue > 200 / 250 for more than 30 mins (200 for medium profile or lower, 250 for large profile). The rabbitmq queues are in a higher than normal.
**Alert Severity:** S3 - Warning
**Alert Trigger Conditions:**
- Metric:Rabbitmq Queue
- Threshold: 200/250
- Duration: 30mins
**Actions:**
1. Todo
1. Keep monitoring
2. If it is getting higher continuously, consider performing the same steps mentioned here.
[https://docs.microfocus.com/doc/SMAX/23.4/RabbitMQNotStart#Solution](https://docs.microfocus.com/doc/SMAX/23.4/RabbitMQNotStart#Solution)
### Alert Runbook: \[ S3 - Warning \] \[ farm-name \] Rabbitmq Messages/Minute alert
**Alert Description:** This alert is triggered when Pending Messages/Minute > 500 for more than 30 mins. The pending messages in rabbitmq are getting accumulated.
**Alert Severity:** S3 - Warning
**Alert Trigger Conditions:**
- Metric:Rabbitmq Messages/Minute
- Threshold: 500
- Duration: 30mins
**Actions:**
1. Todo
1. Keep monitoring
2. If it is getting higher continuously, consider performing the same steps mentioned here.
[https://docs.microfocus.com/doc/SMAX/23.4/RabbitMQNotStart#Solution](https://docs.microfocus.com/doc/SMAX/23.4/RabbitMQNotStart#Solution)
### Alert Runbook: Message queue not equally distributed to different cluster nodes
**Alert Description:** This alert is triggered when Message queue not equally distributed to different cluster nodes. Rabbitmq nodes are not working in a cluster. This can cause rabbitmq working not in a stable way.
**Alert Severity:** S1 - Critical
**Alert Trigger Conditions:**
- Metric:Rabbitmq Message queue
- Threshold: TBD
- Duration: TBD
**Actions:**
1. Todo
1. Scale down the rabbitmq node which is not in the cluster.
2. Remove the `<rabbitmq-infra-rabbitmq-n>/data/xservices/rabbitmq/x.x.x.xx/mnesia` folders on the NFS server or the bastion node
3. Wait until the rabbitmq nodes to be ready
### Alert Runbook: \[ S4 - Info \] \[ farm-name \] IDM active users alert
**Alert Description:** This alert is triggered when per profile, medium profile > 1100 for more than 30 mins, large profile > 3000 for more than 30 mins. The active user number is more than the target size.
**Alert Severity:** S4 - Info
**Alert Trigger Conditions:**
- Metric:IDM active users
- Threshold: 1100/3000
- Duration: 30mins
**Actions:**
1. Todo
1. Keep monitoring
### Alert Runbook: \[ S2 - Error \] \[ farm-name \] Gateway Tomcat https connector currentThreadsBusy alert
**Alert Description:** This alert is triggered when Tomcat https connector currentThreadsBusy > 30 for 30 mins. The active user number is more than the target size.
**Alert Severity:** S2 - Error
**Alert Trigger Conditions:**
- Metric:Gateway Tomcat https connector currentThreadsBusy
- Threshold: 30
- Duration: 30mins
**Actions:**
1. Todo
1. If the number do not drop, considering rolling restart current deployment, for example, gateway/platform/serviceportal
2. If the number cannot drop after above steps, do rollong restart xmpp.
3. If the number cannot drop after above steps, take thread dump for the pod with issue.
[How to generate thread dump and memory dumps for java applications](https://rndwiki.houston.softwaregrp.net/confluence/display/SMA/How+to+generate+thread+dump+and+memory+dumps+for+java+applications)
### Alert Runbook: \[ S2 - Error \] \[ farm-name \] Gateway Httpclient InUse alert
**Alert Description:** This alert is triggered when Httpclient InUse > 20 for 30 mins. The active user number is more than the target size.
**Alert Severity:** S2 - Error
**Alert Trigger Conditions:**
- Metric:Gateway Httpclient InUse
- Threshold: 20
- Duration: 30mins
**Actions:**
1. Todo
1. If the number do not drop, considering rolling restart current deployment, for example, gateway/platform/serviceportal
2. If the number cannot drop after above steps, do rollong restart xmpp.
3. If the number cannot drop after above steps, take thread dump for the pod with issue.
[How to generate thread dump and memory dumps for java applications](https://rndwiki.houston.softwaregrp.net/confluence/display/SMA/How+to+generate+thread+dump+and+memory+dumps+for+java+applications)
### Alert Runbook: \[ S2 - Error \] \[ farm-name \] Platform Tomcat https connector currentThreadsBusy alert
**Alert Description:** This alert is triggered when Tomcat https connector currentThreadsBusy > 30 for 30 mins. The active user number is more than the target size.
**Alert Severity:** S2 - Error
**Alert Trigger Conditions:**
- Metric:Platform Tomcat https connector currentThreadsBusy
- Threshold: 30
- Duration: 30mins
**Actions:**
1. Todo
1. If the number do not drop, considering rolling restart current deployment, for example, gateway/platform/serviceportal
2. If the number cannot drop after above steps, do rollong restart xmpp.
3. If the number cannot drop after above steps, take thread dump for the pod with issue.
[How to generate thread dump and memory dumps for java applications](https://rndwiki.houston.softwaregrp.net/confluence/display/SMA/How+to+generate+thread+dump+and+memory+dumps+for+java+applications)
### Alert Runbook: \[ S2 - Error \] \[ farm-name \] Platform Httpclient InUse alert
**Alert Description:** This alert is triggered when Httpclient InUse > 20 for 30 mins. The active user number is more than the target size.
**Alert Severity:** S2 - Error
**Alert Trigger Conditions:**
- Metric:Platform Httpclient InUse
- Threshold: 20
- Duration: 30mins
**Actions:**
1. Todo
1. If the number do not drop, considering rolling restart current deployment, for example, gateway/platform/serviceportal
2. If the number cannot drop after above steps, do rollong restart xmpp.
3. If the number cannot drop after above steps, take thread dump for the pod with issue.
[How to generate thread dump and memory dumps for java applications](https://rndwiki.houston.softwaregrp.net/confluence/display/SMA/How+to+generate+thread+dump+and+memory+dumps+for+java+applications)
### Alert Runbook: \[ S2 - Error \] \[ farm-name \] Serviceportal Tomcat https connector currentThreadsBusy alert
**Alert Description:** This alert is triggered when Tomcat https connector currentThreadsBusy > 30 for 30 mins. The active user number is more than the target size.
**Alert Severity:** S2 - Error
**Alert Trigger Conditions:**
- Metric:Serviceportal Tomcat https connector currentThreadsBusy
- Threshold: 30
- Duration: 30mins
**Actions:**
1. Todo
1. If the number do not drop, considering rolling restart current deployment, for example, gateway/platform/serviceportal
2. If the number cannot drop after above steps, do rollong restart xmpp.
3. If the number cannot drop after above steps, take thread dump for the pod with issue.
[How to generate thread dump and memory dumps for java applications](https://rndwiki.houston.softwaregrp.net/confluence/display/SMA/How+to+generate+thread+dump+and+memory+dumps+for+java+applications)
### Alert Runbook: \[ S2 - Error \] \[ farm-name \] Serviceportal Httpclient InUse alert
**Alert Description:** This alert is triggered when Httpclient InUse > 20 for 30 mins. The active user number is more than the target size.
**Alert Severity:** S2 - Error
**Alert Trigger Conditions:**
- Metric:Serviceportal Httpclient InUse
- Threshold: 20
- Duration: 30mins
**Actions:**
1. Todo
1. If the number do not drop, considering rolling restart current deployment, for example, gateway/platform/serviceportal
2. If the number cannot drop after above steps, do rollong restart xmpp.
3. If the number cannot drop after above steps, take thread dump for the pod with issue.
[How to generate thread dump and memory dumps for java applications](https://rndwiki.houston.softwaregrp.net/confluence/display/SMA/How+to+generate+thread+dump+and+memory+dumps+for+java+applications)

2
knowledgebase/csd-wiki/ICSD/Alerting-Response-Process_686073639.md Normal file
View File

@@ -0,0 +1,2 @@
# Alerting-Response-Process_686073639
Created by on Jan 21, 2025 EST

20
knowledgebase/csd-wiki/ICSD/Allowable-SMAX-Attachment-Extensions_686065217.md Normal file
View File

@@ -0,0 +1,20 @@
# Allowable-SMAX-Attachment-Extensions_686065217
## Introduction
In SaaS, customers may request changes to allow different attachment types in their tenant. The default list CAN be customized, but only with attachment externsions which have already been approved by the PM team.
The following screen print shows the default list (out of the box) of allowable extensions. It is common that customers will request changes to this list:
![](attachments/686065217/686065216.png)
## Approved Attachment Extensions
The following PCS article shows the approved list of attachment extensions:[https://us2-smax.saas.microfocus.com/saw/Article/107708/general?TENANTID=488503157](https://us2-smax.saas.microfocus.com/saw/Article/107708/general?TENANTID=488503157)
If a customer is requesting to add an extension which is not on this list, you must first get approval from PM team (Dean Clayton).
Either way if the extension is approved or denied add an entry on the article for future reference
## Attachments:
[image2024-1-9\_10-37-24.png](attachments/686065217/686065216.png) (image/png)

74
knowledgebase/csd-wiki/ICSD/Apply-Resource-Bundle-Cache-Config_688983031.md Normal file
View File

@@ -0,0 +1,74 @@
# Apply-Resource-Bundle-Cache-Config_688983031
## Purpose
The RDS CPU usage rate for resource bundle exceeds 5%. It is recommended to execute the runbook when the total RDS CPU rate is high.
## Introduction
There are 3 configmap keys added for Resource Bundle Local Cache in SMAX 24.3 version, this doc is used to provide scripts to apply this change.
## Add Configmap Keys
Run following cmd:
```
kubectl patch configmap itom-xruntime-infra-config -n <itsma_namespace> --type merge -p '{"data":{"RESOURCE_BUNDLE_HEAVY_TENANT": "<tenant_ids>", "RESOURCE_BUNDLE_MAX_SLIGHT_TENANT_SIZE": "10", "RESOURCE_BUNDLE_MAX_LOCALE_SIZE": "2"}}'
```
Replace <itsma\_namespace> and <tenant\_ids> with corresponding values. If there are multi heavy tenants, split them with space.
Here is a example:
```
kubectl patch configmap itom-xruntime-infra-config -n itsma-byqde --type merge -p '{"data":{"RESOURCE_BUNDLE_HEAVY_TENANT": "555500000", "RESOURCE_BUNDLE_MAX_SLIGHT_TENANT_SIZE": "10", "RESOURCE_BUNDLE_MAX_LOCALE_SIZE": "2"}}'
```
## Add env to platform pods
a.Create a patched yaml file and add env
```
spec:
template:
spec:
containers:
- name: itom-xruntime-platform
env:
- name: RESOURCE_BUNDLE_HEAVY_TENANT
valueFrom:
configMapKeyRef:
name: itom-xruntime-infra-config
key: RESOURCE_BUNDLE_HEAVY_TENANT
- name: RESOURCE_BUNDLE_MAX_SLIGHT_TENANT_SIZE
valueFrom:
configMapKeyRef:
name: itom-xruntime-infra-config
key: RESOURCE_BUNDLE_MAX_SLIGHT_TENANT_SIZE
- name: RESOURCE_BUNDLE_MAX_LOCALE_SIZE
valueFrom:
configMapKeyRef:
name: itom-xruntime-infra-config
key: RESOURCE_BUNDLE_MAX_LOCALE_SIZE
```
b.Apply patch-platform.yaml file for all platform pods
```
kubectl patch deployment itom-xruntime-platform -n <itsma_namespace> --patch-file patch-platform.yaml
```
All the platform pods(itom-xruntime-platform,itom-xruntime-platform-offline,itom-xruntime-platform-offline-ng,itom-xruntime-platform-readonly) need to apply this change.
## Validation
Go into platform pod, print env
```
echo $RESOURCE_BUNDLE_HEAVY_TENANT
```
Check the result is not empty.
## Verification
The RDS CPU usage rate for the resource bundle decreases compared to the value before applying the resolution after 1 working day.

17
knowledgebase/csd-wiki/ICSD/Apply-license-to-ESM-customer-tenant_688996779.md Normal file
View File

@@ -0,0 +1,17 @@
# Apply-license-to-ESM-customer-tenant_688996779
**Related pages**
- Page:
[ESM Cloud Farm Version Tracking](/display/ICSD/ESM+Cloud+Farm+Version+Tracking)
- Page:
[How to get an Opentext Confluence account](/display/ICSD/How+to+get+an+Opentext+Confluence+account)
- Page:
[ITOM APM AppPluse Cloud Farm Information](/display/ICSD/ITOM+APM+AppPluse+Cloud+Farm+Information)
- Page:
[ITOM Cloud Service Ops Doc Management Process](/display/ICSD/ITOM+Cloud+Service+Ops+Doc+Management+Process)
- Page:
[ITOM ESM Cloud Service Catalog](/display/ICSD/ITOM+ESM+Cloud+Service+Catalog)
- Page:
[ITOM OpsB NOM Cloud Service Catalog](/display/ICSD/ITOM+OpsB+NOM+Cloud+Service+Catalog)
- Page:
[OpsB and NOM Cloud Deployments Version Tracking](/display/ICSD/OpsB+and+NOM+Cloud+Deployments+Version+Tracking)

32
knowledgebase/csd-wiki/ICSD/Assign-PCS-Cloud-Service-Request-to-Cloud-Ops-Group_684946781.md Normal file
View File

@@ -0,0 +1,32 @@
# Assign-PCS-Cloud-Service-Request-to-Cloud-Ops-Group_684946781
## Introduction
## Assign Cloud Service Request in PCS
As you know our SaaS customer will submit both Service Request and Support Request to request all kinds of Cloud Service. Normally such Cloud Service request will be handled by Cloud Ops team with pre-defined Ops runbook.
When you assign the PCS ticket to “ **SD:ESM SaaS Ops** ” group please ensure such request are related with pre-defined Cloud Service list.
![](attachments/684946781/684946790.png)
You need also to change the field “ **Classification -> Service** ” to select the appropriate service to clarify the purpose of the service request.
![](attachments/684946781/684946789.png)
If the customer request is not that clear, please ensure all clarification is done before assign the case to Cloud Ops group. This will help to improve the efficiency of case handling.
If the customer request service is not in the list, please contact [Wei Shen](https://rndwiki.houston.softwaregrp.net/confluence/display/~wei.shen2@microfocus.com) [Brindusa Kevorkian](https://rndwiki.houston.softwaregrp.net/confluence/display/~brindusa.kevorkian@microfocus.com) for further clarification.
## PCS Cloud Service Dashboard
[https://app.powerbi.com/groups/fac06a69-6340-4715-b8fe-4bdc0ca9af14/reports/7a59b943-4ea1-42db-ad28-ad588614c918/ReportSectionb16be4fb47c90e542096?experience=power-bi](https://app.powerbi.com/groups/fac06a69-6340-4715-b8fe-4bdc0ca9af14/reports/7a59b943-4ea1-42db-ad28-ad588614c918/ReportSectionb16be4fb47c90e542096?experience=power-bi)
![](attachments/684946781/684946791.png)
## Introduction
## Attachments:
[image2023-11-20\_13-29-5.png](attachments/684946781/684946789.png) (image/png)
[image2023-11-20\_13-29-32.png](attachments/684946781/684946790.png) (image/png)
[image2023-11-22\_21-16-19.png](attachments/684946781/684946791.png) (image/png)

5
knowledgebase/csd-wiki/ICSD/Audit-Compliance_686073912.md Normal file
View File

@@ -0,0 +1,5 @@
# Audit-Compliance_686073912
Created by, last modified by Wei Shen on Feb 13, 2025 EST
- [Mega Audit Preparation](Mega-Audit-Preparation_689012718.html)
- [OpenText Mega Audit](OpenText-Mega-Audit_686073965.html)

33
knowledgebase/csd-wiki/ICSD/Auto-healing-1.0_686083903.md Normal file
View File

@@ -0,0 +1,33 @@
# Auto-healing-1.0_686083903
## Introduction
This page presents all the specifications for fixing or healing.
## Types of healing
#### Scheduled healing
- Weekly - Rolling restart key deployments
- Weekly - Smart Analytics Content Compact
#### Event triggered healing
- ALB 5xx alert - Rolling restart key deployments
- Database free memory alert - Rolling restart key deployments
- Smart Analytics Content data ratio(total doc/committed doc) alert - Smart Analytics Content Compact
- Tomcat https connector threads/MAX threads alert - Rolling restart specific deployments
- Httpclient InUse/Max alert - Rolling restart specific deployments
## Mechanism to survive between false alarms
The auto healing steps may caused by false alarms. In order to protect the farm from those auto healing steps, it's always required to use the actions with no availability and performance impact.
For example, even the auto healing steps are triggered by accident, it should not impact the availability and performance of the farm. The mechanism can be in but not limited to below list:
- The jobs can only be triggered once an hour
- Once restart is required, rolling restart should be used
- If the job is not executed successfully, notifications will be sent to administrators
## Threshold
For the thresholds, please consider the numbers from the guide in [monitoring](https://rndwiki.houston.softwaregrp.net/confluence/display/SMA/Monitoring).

122
knowledgebase/csd-wiki/ICSD/Auto-healing-2.0_686083907.md Normal file
View File

@@ -0,0 +1,122 @@
# Auto-healing-2.0_686083907
This page presents all the specifications for auto-fixing or auto-healing. It's a newer version based [v1.0](https://rndwiki.houston.softwaregrp.net/confluence/display/ICS/Auto+healing+1.0?src=contextnavpagetreemode)
## Requirement
Nowadays, customers have very strict requirements on SLA. In order to get the earliest alert on the availability issue, they even run Application Performance Monitoring probe three times every minute to detect the health of the target application they are using, in order to get the earliest alert on the availability issue.
An SLA of 99.99% is becoming a standard for most of the business critical applications.
In order to meet above requirements, once a critical application issue happens, which is impacting the SLA, it need to be resolved or recovered within minutes, otherwise customer escalations will arrive.
However, it's not possible for a human to react to any critical issues within a few minutes. Thus, the auto healing idea is born, which leverages the auto healing applications to resolve the issues without human intervention.
## Architecture Diagram
#### Overall workflow
![](https://rndwiki.houston.softwaregrp.net/confluence/download/attachments/1294436735/image2024-2-22_17-6-4.png?version=1&modificationDate=1708593982000&api=v2)
- The auto healing can be triggerred by schdule / alert / manual input trigger
- Analysis process decides the workflow and triggers actions
- An example of actions can be collecting logs / rolling restart / compact storage.
#### An example of auto healing
![](https://rndwiki.houston.softwaregrp.net/confluence/download/attachments/1294436735/image2024-2-22_17-14-42.png?version=1&modificationDate=1708593986000&api=v2)
1. The monitoring system keep monitoring the SMAX App IDOL Content data ratio (total doc/committed doc), when it's reaching to more than 1.2, grafana sends the request to API gateway.
2. A healing action is then triggered, since there is only one action, analysis process is not triggered.
3. The app doing the action fetches the configuration and credentials from AWS Parameter Store. (In this case, DynamoDB is not used. It will be used when there are lots of data to be collected and consolidated.)
4. The app sends the request to the farm to resolve the issue.
5. All the audit or logs will be kept in s3.
## Scope
For Auto healing 1.0, it's mainly to roll out a quick recovery option to PoC the capability of the solution.
For Auto healing 2.0, the scope is changed to below
1. Expanding to more farms with an easy way.
1. Todo: add tasks in basecamp
2. Expanding to collection actions.
1. Define the runbooks
2. Rollout the collection actions - POC
3. Expanding the trigger and actions.
1. Define the trigger
2. Define the action
3. Rollout the new triggers and actions
4. Exploring the Analysis process if possible.
5. Exploring the possibility of leveraging OpsB
## Concepts
#### Trigger
The entrance of the auto-healing.
- Scheduler: e.g.: 2:00 AM Daily
- User input
- Event: e.g.:
- ALB HTTP 5XX Count (More than 34 in a 3 mins time frame)
- Database Memory (Free memory less than 2% for more than 5 mins)
- SMAX App IDOL Content data ratio(total doc/committed doc) > 1.20
- SMAX App Tomcat https connector currentThreadsBusy > 30 for 30 mins
- SMAX App Httpclient InUse > 20 for 30 mins
#### Analysis Process (Optional)
This process does the analysis and also decides the procedure of different actions like collections and healing actions. If there is only one action, analysis process is optional.
#### Collection Actions
The group of actions to do collection jobs.
- Collect application logs
- Collect application dumps (thread dump, memory dump, etc)
- Collect application traces
- Add information to an incident
#### Healing Actions
The group of actions to do healing jobs.
- Rolling restart key deployments
- SMAX App Smart Analytics Content Compact
#### Target environment
The farms with specific issue.
#### Farm
A deployment of suite product.
## Combined triggers and healings
#### Scheduled healing
- Weekly - Rolling restart key deployments
- Weekly - Smart Analytics Content Compact
#### Event triggered healing
- ALB 5xx alert - Rolling restart key deployments
- Database free memory alert - Rolling restart key deployments
- Smart Analytics Content data ratio(total doc/committed doc) alert - Smart Analytics Content Compact
- Tomcat https connector threads/MAX threads alert - Rolling restart specific deployments
- Httpclient InUse/Max alert - Rolling restart specific deployments
## Mechanism to survive with false alarms
The auto healing steps may caused by false alarms. In order to protect the farm from those auto healing steps, it's always required to use the actions with no availability and performance impact.
For example, even the auto healing steps are triggered by accident, it should not impact the availability and performance of the farm. The mechanism can be in but not limited to below list:
- The jobs can only be triggered once an hour
- Once restart is required, rolling restart should be used
- If the job is not executed successfully, notifications will be sent to administrators
## Reference
1. [ESM Cloud Unified Monitoring](https://rndwiki.houston.softwaregrp.net/confluence/display/ICS/ESM+Cloud+Unified+Monitoring)

19
knowledgebase/csd-wiki/ICSD/Automation-of-auto-healing_686083910.md Normal file
View File

@@ -0,0 +1,19 @@
# Automation-of-auto-healing_686083910
Created by on Jan 23, 2025 EST
## Introduction
This page presents all the activities required for automation of auto-healing.
## Auto Deployment
1. Basic infra deployment (supports auto-healing)
1. API gateway
2. DynamoDB (Optional)
3. Parameter Store
4. S3
2. Auto-application deployment
1. Analysis App
2. Collecting Actions App
3. Healing Actions App
3. Notification / Audit / Logging configurations

159
knowledgebase/csd-wiki/ICSD/Aviator-widget-on-boarding-tasks-for-OpsB_686073595.md Normal file
View File

@@ -0,0 +1,159 @@
# Aviator-widget-on-boarding-tasks-for-OpsB_686073595
## Introduction
This documents provides a sequence of tasks required for Aviator widget on-boarding on OpsB as a reference for operations team. Follow the tasks one by one.
**Assumptions**
- The ESM SMAX tenant and ITOM Aviator services mentioned in this document refer to ITOM ESM Cloud Offering and ITOM Aviator Cloud Offering.
- The ITOM Aviator service mentioned in this document serves OpsB Cloud Offering and OpsB On-Premise.
- ITOM Cloud Service Team: ESM/ITOM Aviator Cloud Service, OpsB Cloud Service;
- The ESM tenant admin user is created for OpsB customer who own the OpsB instance;
- The OpsB instance admin is the OpsB customer admin user;
###### Training
[KT\_ How to configure ITOM Aviator Widget for OpsB-20240521\_093308-Meeting Recording.mp4](https://opentextcorporation.sharepoint.com/:v:/s/ITOMSmartObservabilityCloudService/EY2k70siNgxGgwRfQSMuu_sB9iRudgIorKwF_yGgNG_3HA?e=v45MXS)
## Compatibility
| OpsB | ESM SMAX | ITOM Aviator |
| --- | --- | --- |
| 24.4 | 24.4 | 24.4 |
## Prepare Aviator server
### Task 1: Apply for a ESM tenant
**Performed by: OpsB/NOM Cloud Service Team
**
Contact ESM Cloud Service Team to apply for a ESM tenant (SMAX Only).
Provide the following information:
- FQDN of OpsB server (for task 4), e.g. [https://obm.internal.customer.com](https://obm.internal.customer.com/)
### Task 2: Enable the Aviator capability for ESM SMAX tenant
**Performed by: ESM Cloud Service team
**
Refer to the following document to add the Aviator capability for a specific tenant.
[https://staging.docs.microfocus.com/itom/ITOM\_Aviator:Main/AddAviatorSaaS](https://staging.docs.microfocus.com/itom/ITOM_Aviator:Main/AddAviatorSaaS)
### Task 3: Import OpsB AI content
**Performed by: ESM Cloud Service team
**
A pre-defined dataset, crawled from external websites, is ready to prepare the OpsB tenant. The dataset includes:
- PostgreSQL
- Kubernetes
- OBM
- OpsBridge
- Vertica
**Pre-requisites:**
python 3 installed
pip3 install requests
**Steps:**
1. Download the **GoldenTenant-25.2.zip** file:
[GoldenTenant-25.2.zip](https://opentextcorporation.sharepoint.com/:u:/s/ITOMSmartObservabilityCloudService/EfBIA67Rb-dGpppRuVTxobwBK3UpuIbpslrz5UbGWglflw?e=Iwue0q)
2. Go to the bastion server of the farm and create a workspaces diectory and cd to there.
3. Unzip the files to your directory, which include the **GoldenTenant** folder and the **ImportGoldenTenant.py** file.
4. Use the following command to run the **ImportGoldenTenant.py** file to import the data to the target ESM tenant.
Replace <host\_name> and <tenant\_id> with the host name and tenant id of the target tenant.
Replace <password> with the credential of the system integration account
Replace <input\_path> with the import path of the Golden tenant data
```
python ImportGoldenTenant.py --host <host_name> --tenant_id <tenant_id> --integration_usr bo-integration@dummy.com --integration_pwd <password> --input_dir <input_path>
```
5. Validate the import in the **import\_process\_log.txt** log file. If the import process is triggered successfully, in the last line in the log file, the "total failed" number should be zero:
```
*********Total x split file, y split files success, 0 split files failed, total success x doc, total failed 0 doc.******
```
6. Validate remote article in Smart Analytics:
After about 8 minutes (Delay sync interval), open Smart Analytics (**Suite administration >CONFIGURATIONS >Smart analytics >XService DAH 0**), and then enter the following query:
```
https://smarta-saw-dah-0:1443/action=query&text=*&FieldText=(MATCH{RemoteArticle}:ESS-DOCUMENT-TYPE)&print=all&DatabaseMatch=xservices_idol_<tenant_id>
```
Click the **RUN** button.
![](attachments/686073595/686073577.png)
## Prepare cross site configuration between OpsB and Aviator server
### Task 4: Set CORS allow domain for OpsB
**Performed by: ESM operations team**
1. Log in SMAX agent page, go to "Administration -> AI Studio -> Configurations".
2. Set the base URL of OpsB server to " **Allowed origins for Aviator service** ", e.g. [https://obm.internal.customer.com:1234](https://obm.internal.customer.com:1234/ "https://obm.internal.customer.com:1234/"))
![](attachments/686073595/686073580.png)
## (Optional) Set SSO authentication
### (Optional) Task 5: Apply to setup SSO for OpsB and ESM
**Performed by: Customer / OpsB/NOM cloud service team / ESM operations team
**
Configure SAML authentication and setup SSO for OpsB and ESM. Both are following the this guide: [https://docs.microfocus.com/doc/ESM/SaaS/ConfigureSAML](https://docs.microfocus.com/doc/ESM/SaaS/ConfigureSAML "https://docs.microfocus.com/doc/esm/saas/configuresaml")
If you skip this task, then the end users will get a popup window to enter the credentials when accessing the Aviator widget.
## Configure Aviator server in OpsB
### Task 6: Provide Aviator config data
**Performed by: ESM Cloud Service team**
ESM Cloud Service team provides required information to OpsB/NOM cloud service team:
- Aviator service host name of SMAX, e.g.: [https://eu3-smax-saas.microfocus.com](https://eu3-smax-saas.microfocus.com/)
- ![](attachments/686073595/686073584.png)
- Tenant ID, e.g. 1000003
- ESM tenant admin user credential, which is used for task 8
### Task 7: Aviator server integration
**Performed by: OpsB/NOM cloud service team (Customer for on-prem)
**
After the Aviator capability has been successfully configured, ESM Cloud Service team will provide the SMAX server information to OpsB instance admin, so that OpsB instance admin can configure the Aviator integration into OBM. This requires a restart of all OBM omi servers.
- OBM URL: **https://<OBM Domain Name>/obm/?tenant=Provider**
- Administration → Infrastructure Settings → Integrations → Aviator
- Aviator URL: Acutually this is SMAX FQDN which configured tenant to connect Aviator. e.g. [https://eu3-smax-saas.microfocus.com](https://eu3-smax-saas.microfocus.com/)
- Aviator Tenant: SMAX tenant ID
- Enble Aviator: true
- Aviator Authentication Group
- If you didn't configure SSO in task 5, then the value will be "db"
- If you configured SSO in task 5, then the value will be the CONGIGURATION GROUP name for above SMAX tenant. See Aviator Authentication Group value provided in task 6.
![](attachments/686073595/686073587.png)
![](attachments/686073595/686073589.png)
### (Optional) Task 8: Configure AI models
**Performed by: OpsB/NOM cloud service team (24.2 only, as not supported to be done by customer yet)
**
Perform this step if you have to add new AI models.
Index external knowledge using IDOL connectors. See [Index external knowledge using IDOL connectors](https://staging.docs.microfocus.com/itom/SMAX:Main/IndexKnowledgeFromIDOL "Index external knowledge using IDOL connectors").
### Validate Aviator Widget in OBM
**Performed by**: OpsB/NOM cloud service team
Please go to OpsB home page and launch the Aviator by clicking the icon in the masthead. The widget should be launched successfully as below:
![](attachments/686073595/686073592.png)

89
knowledgebase/csd-wiki/ICSD/Aviator-widget-on-boarding-tasks-for-UCMDB_688982982.md Normal file
View File

@@ -0,0 +1,89 @@
# Aviator-widget-on-boarding-tasks-for-UCMDB_688982982
## Introduction
This documents provides a sequence of tasks required for Aviator widget on-boarding on UCMDB as a reference for SaaS operations team. Follow the tasks one by one.
## Compatibility
| UCMDB | ESM SMAX | ITOM Aviator |
| --- | --- | --- |
| 25.1 | 25.1 | 25.1 |
## Task 1: Prepare ESM tenant
#### Scenario 1: Onboarding a New ESM Tenant
Steps:
1. Apply for an ESM Tenant:
- Contact the ESM Cloud Service Team to apply for an ESM tenant, which includes both SMAX and UCMDB.
3. Enable the Aviator Capability for the SMAX Tenant:
- Follow the instructions in the documentation to add the Aviator capability to the tenant([https://docs.microfocus.com/doc/SMAX/24.4/AddAviator](https://docs.microfocus.com/doc/SMAX/24.4/AddAviator))
#### Scenario 2: Existing ESM Tenant Without Aviator Capability Enabled
Steps:
1. Enable the Aviator Capability for the SMAX Tenant:
- Follow the instructions in the documentation to add the Aviator capability to the tenant([https://docs.microfocus.com/doc/SMAX/24.4/AddAviator](https://docs.microfocus.com/doc/SMAX/24.4/AddAviator))
#### Scenario 3: Existing ESM Tenant With Aviator Already Enabled, go to Task 2 directly
## Task 2: Add UCMDB AI content with SMAX Tenant Admin user (only required for 25.1)
Steps:
1. Log in SMAX agent page, go to "Administration -> Studio
2. In Dropdown list select “Aviator Models".
3. Select Tab “Import Data”, click “Browse” upload CSV file “AviatorModel\_UCMDB.csv”, import it.
[AviatorModel\_UCMDB.csv](attachments/688982982/688982971.csv)
## Task 3: Set CORS allow domain for UCMDB
Steps:
1. Log in SMAX agent page, go to "Administration -> AI Studio -> Configurations".
2. Set the base URL of UCMDB server to "Allowed origins for Aviator service", e.g. [https://cms.esmupg.itsma-ng.org](https://cms.esmupg.itsma-ng.org/))
## (Optional) Task 4: Apply to setup SSO for UCMDB and ESM
Refer to the following document to configure SAML authentication and setup SSO for UCMDB and SMAX.
[Associate SMAX tenants with UCMDB customers for Single Sign-On - Service Management Automation X](https://docs.microfocus.com/doc/SMAX/23.4/AssociateTenantCustomer)
If you skip this task, then the end users will get a popup window to enter the credentials when accessing the Aviator widget.
## Task 5: Aviator server integration with UCMDB
Add below settings for Aviator, they are all customer specific. And will take effect after re-login. Below are descriptions of settings added for Aviator.
- Mandatory:
- aviator.host (Aviator Host Name or IP address)
- aviator.tenant (Aviator Tenant ID)
- Optional:
- aviator.port (Aviator Server Port, Default 443)
- aviator.root.context (Aviator Server URL Root Context, Default /)
- aviator.idm.auth.group (Aviator Authentication Configuration Group Name, it is required when using
Steps:
1. Use UCMDB sysadmin user login UCMDB URL: https://<UCMDB Domain Name>/jmx-console/
2. Use method setSettingValue to set "Aviator Host Name or IP address"
1. customerID: <customer id of UCMDB> (example: 100000002)
2. name: aviator.host
3. value: <Aviator service host name of SMAX> (example: [eu3-smax-saas.microfocus.com](https://eu3-smax-saas.microfocus.com/))
3. Use method setSettingValue to set "Aviator Tenant ID"
1. customerID: <customer id of UCMDB> (example: 100000002)
2. name: aviator.tenant
3. value: <Tenant ID of SMAX enabled aviator> (example: 1000002)
## Task6: Validate Aviator Widget in UCMDB
- The Aviator widget is shown after login to UCMDB web UI.
- User can login to Aviator widget.
- When drill down into CI detail from Inventory, CI explorer, Global Search, the CI Summary button is shown. Can summarize individual CI and its related CI
- E.g. Go to CI explorer search for CI of node, Right click one CI and click properties, go to CI detail page. "Summarize this CI" button show and can summarize individual CI and its related CI
- User can ask ci related question using chat box, e.g. list this ci disk information
![](attachments/688982982/688982977.png)

192
knowledgebase/csd-wiki/ICSD/CMS-Customer-setup-flow-with-NSACM_688983312.md Normal file
View File

@@ -0,0 +1,192 @@
# CMS-Customer-setup-flow-with-NSACM_688983312
## Prerequisite for New SaaS fram
### Step 1: Configure CMS Multi-tenancy
1. **Enable CMS multi-tenant mode in a new SaaS farm**
By default CMS multi-tenant mode is **disabled**. This is a one-time job, when a new SaaS farm is set up, perform the following steps to enable CMS multi-tenant mode, if the SaaS farm has enabled CMS MT before, skip it.
- Open the UCMDB Server JMX Console of the Provider Customer, and search for **enableTenant**.
- In the enableTenant section, enter the value **All Tenants** for tenantName. This is the name of the default UCMDB tenant of the first customer.
- Click Invoke.
- Restart the UCMDB server pod by the command:
```
kubectl rollout restart sts itom-ucmdb -n <namespace></namespace>
```
- After the UCMDB default tenant is created, the multi-tenancy mode is enabled and all available UCMDB customers will have the default tenant **All Tenants** created.
2. **Disable SaaS CMS Owner tenant**
Follow these steps to disable CI owner tenant so that owner tenant and consumer tenants won't mix up.
- Open the UCMDB Server JMX Console of the Provider Customer, and search for **setGlobalSettingValue**.
- Enter **[multi.tenancy.ci](http://multi.tenancy.ci/).ownerTenant.disabled** for name and set value to true.
- Click **Invoke**
![](https://staging.docs.microfocus.com/mediawiki/images/a/ad/disable-owner-tenantpng.png)
## Scenario 1 - Brand new CMS customer
### Step 1: Provison a CMS customer via X4X (all tasks are automated)
Auto creates a new CMS customer with the same tenantID as the SMAX tenant via X4X, including:
- Create a customer via JMX
- Bind customer to IdM Org and create an admin group with SuperAdmin\[CMDB\] role, and bind tenant admin user to this group
- Allocate license
- NSACM needed post tasks:
- Set specific Identification rules as 'No Identification' for BusinessApplication, BusinessService, and InfrastructureService
- Add unknown in OsFamily
- Enable enhanced CI lifecycle
- **Configure metaphase default value as 'Inherited from the parent node' for node elements (Cpu, DiskDevice, FileSystem, and Interface in UCMDB**
- Enable NSACM
### Step 2: Configure Remote CMS
See details: [Config Remote CMS](https://docs.microfocus.com/doc/SMAX/24.3/SsoUcmdb).
### Step 3: Enable enrichment rules in UCMDB (no need after 23.4)
When a CI of a federated CI type is created or discovered in UCMDB, enrichment rules are implemented for mapping Subtypes of SMA. The SMAX folder contains preset enrichment rules for the federated CI types. By default, these enrichment rules are inactive, we recommend that you activate them all and don't make any changes unless you have customized Subtypes. To do this, open Enrichment Manager in UCMDB and activate all enrichment rules in the SMAX folder as below screenshot, this may take hours based on the customers data volume.
![](https://staging.docs.microfocus.com/mediawiki/images/d/d7/smax-enrichmentrules.png)
## Scenario 2 - On-premises UCMDB customer migrates to SaaS CMS
### Step 1: Provison a CMS customer via X4X
Auto creates a new CMS customer with the same tenantID as the SMAX tenant via X4X, including:
- Create a customer via JMX
- Bind customer to IdM Org and create an admin group with SuperAdmin\[CMDB\] role, and bind tenant admin user to this group
- Allocate license
### Step 2: Migrate On-prem UCMDB data to SaaS CMS (TS team)
- Remove the CMS customer-provisioned in step one and keep the other settings.
- TS team will use DB move script to help the customer do the data migration from On-prem UMCBD to SaaS CMS, including:
- pg\_restore the database into the intermediate Database
- Export a pgb file from the intermediate database
- import the pgb file into the target database
- Disable aging
- Set On-Prem UCMDB consumer tenant as "All Tenants", set owner tenant as "All Tenants" via script
- Create a new CMS customer with the same ID as the SMAX tenant
- Restart the customer
- Apply content pack:
- Run rebuildModelDBSchemaAndViews JMX call and then Upgrade CP
- Align the history:
- Run alignHistoryForType JMX call
### Step 3: Map the CMS Consumer customer to the IdM organization
To define the mapping between the CMS Consumercustomer and the IdM organization, follow these steps as **suite-admin**:
1. Log in to the JMX Console of the CMS Provider customer: **https://<EXTERNAL\_ACCESS\_HOST>:<PORT>/jmx-console**
2. Search for the **assignIDMInfo** JMX method in the **UCMDB:service=Customer and States Services** category.
3. Provide values for the following parameters:
View Fullscreen
| Parameter | Required | Description | Example |
| --- | --- | --- | --- |
| customerID | Yes | Enter the CMS Consumer customer ID that you created in "Step 2: Create a CMS Consumer customer". This should be the same as the SMAX tenant ID created in step 1. | 654596672 |
| tenantName | Yes | Enter the IdM organization ID. This is the same as the SMAX tenant ID created in step 1. This will then map the CMS customer ID to the IdM organization. | 654596672 |
| defaultGroup | No | This sets the Default UCMDB group used by IdM users. Users in that group will inherit all the roles assigned to that default group. Make sure the default group is assigned with proper permissions for accessing CMS UI and if relevant the UCMDB Admin UI. | |
4. Click **Invoke**.
After you invoke the **assignIDMInfo** operation in JMX, the system automatically triggers a process to seed the CMS OOTB roles to the mapped IdM organization.
To check the seeding status, follow these steps as **suite-admin**:
1. Log in to the JMX Console of the CMS Provider customer: **https://<EXTERNAL\_ACCESS\_HOST>:<PORT>/jmx-console**
2. Search for the **showAllCustomers** JMX method in the **UCMDB:service=Customer and States Services** category.
3. Make sure that the value of column **Seeding role status** is **SUCCESS**.
### Step 4: Assign the CMS license (SaaS Ops team)
1. Sanity check CMS Customer
2. In case the CI update fails with the following error, run the jmx call alignHistoryForType for this customer
![](https://staging.docs.microfocus.com/mediawiki/images/b/b7/java_n47PobNjfb.png)
### Step 5: Set specific Identification rules as 'No Identification'
Log in to UCMDB Admin UI via the Local client of the **new created CMS customer**, locate to **BusinessApplication**, **BusinessService,** and **InfrastructureService,** and set the **Identification** as **No Identification** for all of them, like the below screenshot:
![](https://staging.docs.microfocus.com/mediawiki/images/8/8d/no-indentification.png)
### Step 6: Extra configuration for Native SACM enablement
1. **Add unknown in OsFamily**
Log in to UCMDB Admin UI via the Local client of the **newly created CMS customer**, click **CI Types** at the top, select **System Type Manager**, search **OsFamily** and edit, add unknown then click **OK** and **Apply**.
![](https://staging.docs.microfocus.com/mediawiki/images/8/83/OsFamaily.png)
### Step 7: Enable Native SACM
See details: [Enable Native SACM](https://staging.docs.microfocus.com/itom/ESM:Main/NativeSacmSaas).
### Step 8: Populate the metaphase name (no need after 23.4)
**TODO, add more details**
**sap/rest-client**
**PUT../rest/531307643/cmsx/metaphaseName/reUpgrade**
2\. due to **OCTCR19U1736320,** needs to clean up the license management [CleanUpLicenseTag](https://staging.docs.microfocus.com/itom/ESMSaaSOps:Main/CleanUpLicenseTag) once the metaphase name population is done
3\. after the metaphase name is populated, need to run the full reindex of Solr to prevent potential OutOfMemory issue caused by incremental index:
![](https://staging.docs.microfocus.com/mediawiki/images/5/5b/ApplicationFrameHost_hKeyZEwzj2.png)
### Step 9: Configure Remote CMS
See details: [Config Remote CMS](https://docs.microfocus.com/doc/SMAX/24.3/SsoUcmdb).
### Step 10: Enable enrichment rules in UCMDB (Communicate with the customer) (no need after 23.4)
When a CI of a federated CI type is created or discovered in UCMDB, enrichment rules are implemented for mapping Subtypes of SMA. The SMAX folder contains preset enrichment rules for the federated CI types. By default, these enrichment rules are inactive, we recommend that you activate them all and don't make any changes unless you have customized Subtypes. To do this, open Enrichment Manager in UCMDB and activate all enrichment rules in the SMAX folder as below screenshot, this may spend hours based on the customers data volume.
![](https://staging.docs.microfocus.com/mediawiki/images/d/d7/smax-enrichmentrules.png)
### Step 11: Enable enhanced CI lifecycle (Optional)
It's recommended to enable the enhanced CI lifecycle.
If the customer has the aging enabled on-prem, perform the following steps; if the customer doesn't have the aging enabled on-prem and does not agree to use the enhanced CI lifecycle solution, skip this step; if the customer doesn't have the aging enabled on-prem, and they agree to use the enhanced CI lifecycle solution, perform the following steps
1. #### Enable the setting of enhanced CI lifecycle in CMS
See details: [Enable enhanced CI lifecycle in CMS UI](https://staging.docs.microfocus.com/itom/ESM:Main/CILifecycleAging#Enable_enhanced_CI_lifecycle_in_CMS_UI).
2. #### Configure metaphase for node elements in UCMDB
This is an additional step for the following NodeElement CI types in UCMDB: **Cpu**, **DiskDevice**, **FileSystem**, and **Interface**.
These NodeElement CI types correspond to CI attributes in SMAX. You need to manually configure metaphase for them so that they are included in the enhanced CI aging solution.
![](https://staging.docs.microfocus.com/mediawiki/images/3/37/SMA202205_ci_aging_NodeElement.png)
To enable aging for a NodeElement CI type:
1. Log in to the UCMDB Server.
2. Go to **CI Type Manager** > **CI Type**, and select a node element CI type.
3. Go to **Attributes**, select **Meta Phase** and thenclick the Edit icon.
4. Select **Enable default value**, enter **Inherited from the parent node** or any other non-empty value in the **Default value** field and then click **OK**.
Now, all newly created/detected NodeElement CIs will have a default value for metaphase. Then, you need to run enrichment rules to make sure all existing NodeElement CIs have a metaphase value. To do this, follow these steps:
1. Log in to the UCMDB Server.
2. Go to **CI Type Manager** > **CI Type**, and then select **ConfigurationItem**.
3. Click the **Attributes** tab, select **Meta Phase**, then click **Edit**.
4. On the **Advanced** tab, check the **Editable** checkbox, then click **OK**.
5. Go to **Enrichment Manager** and create a new rule under the **SMAX** node.
6. In the **New Enrichment Rule** wizard, name the new rule and click **Next** till the end.
7. From the **CI Type Selector** on the right, find **ConfigurationItem** > **InfrastructureElement** > **NodeElement** > **CPU** and drag it to the main window in the center.
8. In **Query Mode**, double-click the CPU icon.
9. On the **Attributes** tab, create a new condition and click **OK**:
- **Attribute Name** = **Meta Phase - (string)**
- **Operator** = **Is null**
10. In **Enrichment Mode**, double-click the CPU icon.
11. Select **Meta Phase**, then enter **Inherited from the parent node** in the **Value** box. Click **OK**.
12. Right-click the rule you just created, then click **Activate Rule**.
13. Now, the rule for **CPU** is running. Repeat the same steps for **DiskDevice**, **FileSystem**, and **Interface**.
14. Wait till there are no node elements with the null meta phase. You can make sure of this using a query in **IT Universe Manager**.
15. Right-click each rule and click **Deactivate Rule**.
16. Remove all these four rules
### Step 12: Validate CIs are consistent between SMAX and CMS
There is a Jenkins job for this purpose
### Step 13: Customer actions
1. SMAX post-upgrade actions
2. Reconfigure Probes and credentials
3. [Enable aging in CMS](https://staging.docs.microfocus.com/itom/ESMSaaSOps:Main/CmsAging#Enable_agingging#Enable_aging).

73
knowledgebase/csd-wiki/ICSD/CSD-RnD-and-Ops-discussion-topics_713175513.md Normal file
View File

@@ -0,0 +1,73 @@
# CSD-RnD-and-Ops-discussion-topics_713175513
## Introduction
This document tracks down the requests from one side to the other, on SMAX, Aviator and DCA farms: upgrades, improvements, infrastructure changes etc.
## Roles
| Role | Label |
| --- | --- |
| Cloud Service PMO | CLOUD PMO |
| Cloud DevOps Engineer | CLOUD OPS |
| Core CPE Brindusa K. | CORE CPE |
| PPM Dean Clayton | PPM |
| Aviator PMO | AV. PMO |
| Aviator RnD Engineer | AV. RND |
| SMAX PMO | SMAX PMO |
| ESM PM/RnD | ESM PRND |
| UCMDB PM/RnD | UCMDB PRND |
| OO PM/RnD | OO PRND |
| OP PM/RnD | OP PRND |
| DCA PM/RnD | |
| Automation Center RnD | |
## SMAX, Aviator and DCA farms here
## Questions, requests, opportunities, micro-projects between SMAX, Aviator and DCA Ops and RnD teams
## Format (The rules of the game)
#
Topic title: Title of the topic
Details: As many tracking details as possible including at least: what is the current status, what is the next step, what are dependencies, who is the owner of this thread
Requested by: What team initiated it
Requested to: Who is the final answer being awaited from
Pending: Who is this topic pending on at the moment
Aviator
| | Status | Topic title | Details | Requested by | Requested to | Pending | Replies |
| --- | --- | --- | --- | --- | --- | --- | --- |
| 1 | ONGOING | Staging documentation on Aviator upgrade | Asked via email thread "Aviator 25.3 post-upgrade discussion", [Adina Lehene](https://confluence.opentext.com/display/~alehene) | CLOUD OPS | AV. RND | AV. PMO or AV. RND | |
| 2 | ONGOING | Aviator on EKS 1.32 compatibility and upgrade | Asked via email thread "AWS EKS 1.32 on Aviator", [Adina Lehene](https://confluence.opentext.com/display/~alehene) | CLOUD OPS | AV. RND | AV. PMO or AV. RND | Ops to start planning along with AL2023 AMI |
| 3 | ONGOING | Amazon Linux 2023 CCOE AMI compatibility and upgrade | Asked via email thread "Aviator change AMI to Amazon Linux 2023 (AL2023) by November 26, 2025", [Adina Lehene](https://confluence.opentext.com/display/~alehene) | CLOUD OPS | AV. RND | AV. PMO or AV. RND~~ 19 Sep 2025 | R&D certified AL2023 CCoE AMI. Ops need to adopt along with EKS 1.32 upgrade and start testing in September |
| 4 | ONGOING | Switch gp2 to gp3 on Aviator farm(s) | Asked via email thread "EU30-PROD Aviator farm needs more disk space and more nodes (additional costs)" [Adina Lehene](https://confluence.opentext.com/display/~alehene) | CLOUD OPS | PPM | CORE CPE or PPM | R&D is testing on their Staging environment. Saravanan will update soon. |
| 5 | ONGOING | New upcoming Aviator farms requests | Asked via email thread "Aviator farms of OSM", [Adina Lehene](https://confluence.opentext.com/display/~alehene) Follow-up: Tuesday 05 Aug 2025 | CLOUD OPS | PPM | AV. PMO or AV. RND and PPM | Still in discussion with management level for CSR |
| 6 | ONGOING | EU30 farm disk size issue | Asked via email thread "EU30-PROD Aviator farm needs more disk space and more nodes (additional costs)" [Adina Lehene](https://confluence.opentext.com/display/~alehene) | CLOUD OPS | PPM | CORE CPE or PPM | This can be executed along with gp2 to gp3 conversion |
| 7 | ONGOING | EU32-PROD replicated env. into RnD env. | Driving the email thread "EU30 and EU32 Aviator farm CI's" Asked verbally in a CSD team meeting via Sajith Kumar. CLOUD OPS to prepare a comparison between EU30 and EU32, [DILIP BEHERA](https://confluence.opentext.com/display/~dbehera2) and [Adina Lehene](https://confluence.opentext.com/display/~alehene) | AV. RND | CLOUD OPS | CLOUD OPS | Comparison document is ready and shared with R&D |
| 8 | ANSWERED | Aviator 25.3.1 and 25.3.2 compatibility with SMAX inquires | Asked via email thread "EU30-Aviator upgrade to 25.3 - Language Models issue 22/07/2025", [DILIP BEHERA](https://confluence.opentext.com/display/~dbehera2) and [Adina Lehene](https://confluence.opentext.com/display/~alehene) | CLOUD OPS | AV. RND | AV. RND | 1\. If Aviator-SMAX will work if: SMAX on 25.2.2 and some\* HFs, while Aviator on 25.3.1? **Tanuj: Yes, it should work this combination and also SMAX+ Aviator on 25.3.1 should work.** 2\. If Aviator-SMAX will work if: SMAX on 25.2.2 and some\* HFs, while Aviator on 25.3.2? **Tanuj: Yes, it should work this combination as this is a patch.** 3\. For an Aviator farm on version 25.3, in order to upgrade it to 25.3.2, is the 25.3.1 patch strictly necessary to get applied on it or 25.3.1 may be skipped? **Tanuj: NO, We have GEMINI feature introduced on 25.3.1,so please upgrade to 25.3.1 then to 25.3.2 and that's the plan we agree upon for all the farms as 25.3.2 will still take time.** |
| 9 | ONGOING | All Aviator farms | Asked via email thread "Identifying relevant logs for Aviator module investigation workflow", [Adina Lehene](https://confluence.opentext.com/display/~alehene) and [DILIP BEHERA](https://confluence.opentext.com/display/~dbehera2) | AV. RND | CLOUD OPS | AV. RND | |
SMAX
| | Status | Topic title | Details | Requested by | Requested to | Pending | Replies |
| --- | --- | --- | --- | --- | --- | --- | --- |
| 1 | ONGOING | X4X not provisioning trial tenants after ESM upgrade on US2-PROD | Email thread: "ESM Trial requests - US2-PROD", [Adina Lehene](https://confluence.opentext.com/display/~alehene) | CLOUD OPS | CLOUD OPS Shanghai | CLOUD OPS Shanghai | |
| 2 | | | | | | | |
DCA
| | Status | Topic title | Details | Requested by | Requested to | Pending | Replies |
| --- | --- | --- | --- | --- | --- | --- | --- |
| 1 | ONGOING | DCA farms upgrading ITOM and EKS vers. | Asked via email thread "DCA SaaS", [Adina Lehene](https://confluence.opentext.com/display/~alehene) | CLOUD OPS | | | |
| 2 | DONE | One DCA farm decommissioning | Discussed in the meeting "SA Reporting SaaS account - Migration to Operations Platform Multitenant", [Sajith Kumar A R](https://confluence.opentext.com/display/~ssajith) and [Adina Lehene](https://confluence.opentext.com/display/~alehene) | CLOUD OPS | | | Thread closed. |
| 3 | | | | | | | |
Automation Center (AC)
| | Status | Topic title | Details | Requested by | Requested to | Pending | Replies |
| --- | --- | --- | --- | --- | --- | --- | --- |
| 1 | ONGOING | Enabling AC on a SMAX tenant on EU28 | Email thread: "Automation Center on SMAX farms", [Adina Lehene](https://confluence.opentext.com/display/~alehene) | CLOUD OPS | | [Vunnava Tanujaraja](https://confluence.opentext.com/display/~tvunnava) | |
| 2 | | | | | | | |

22
knowledgebase/csd-wiki/ICSD/Cambly-English-Training_706823155.md Normal file
View File

@@ -0,0 +1,22 @@
# Cambly-English-Training_706823155
1. [ITOM Cloud Service Delivery](index.html)
2. [ITOM Cloud Service Delivery](ITOM-Cloud-Service-Delivery_681555087.html)
3. [💠6 - Training Materials](686070469.html)
4. [Newbie training](Newbie-training_686070534.html)
5. [How to request for reimbursement of Education Allowance](How-to-request-for-reimbursement-of-Education-Allowance_686070542.html)
Created by on Jun 11, 2025 EDT
![](attachments/706823155/706823154.png)
![](attachments/706823155/706823150.png)
## Attachments:
[image-2025-6-11\_15-50-45.png](attachments/706823155/706823150.png) (image/png)
[image-2025-6-11\_15-51-13.png](attachments/706823155/706823152.png) (image/png)
[image-2025-6-11\_15-51-35.png](attachments/706823155/706823154.png) (image/png)
Document generated by Confluence on Sep 15, 2025 22:27 EDT
[Atlassian](https://www.atlassian.com/)

2
knowledgebase/csd-wiki/ICSD/Change-Management_686070198.md Normal file
View File

@@ -0,0 +1,2 @@
# Change-Management_686070198
Created by on Jan 20, 2025 EST

56
knowledgebase/csd-wiki/ICSD/Change-TimeWindow-Interval-via-JMX-or-configmap_686074596.md Normal file
View File

@@ -0,0 +1,56 @@
# Change-TimeWindow-Interval-via-JMX-or-configmap_686074596
## Introduction
With Native SACM enabled, the system collects GraphQL queries from different threads at the TimeWindow interval to generate a batch query for cms-gateway. The default interval of TimeWindow is 100 ms, and you can change it to a larger value via JMX or configmap. A larger interval allows the system to collect more queries in the batch query, but it also causes a side effect that it takes a longer time to finish the processing of a single CI.
## Procedure
You can use either JMX or configmap to achieve this.
## Using JMX
For versions earlier than 23.4.P2, you can change the TimeWindow interval via JMX. To do this, follow these steps:
1. Make sure JDK 8 is installed.
2. Download the JMX widget from [https://github.com/jiaqi/jmxterm/releases/download/v1.0.2/jmxterm-1.0.2-uber.jar](https://github.com/jiaqi/jmxterm/releases/download/v1.0.2/jmxterm-1.0.2-uber.jar "https://github.com/jiaqi/jmxterm/releases/download/v1.0.2/jmxterm-1.0.2-uber.jar") to a directory on the bastion node.
3. Copy the [changeTWInterval.sh](attachments/686074596/686074599.sh) shell script to the same directory that stores jmxterm-1.0.2-uber.jar.
4. Run the “sh changeTWInterval.sh” command to set the interval to 500 ms. Or, change the interval to another value (for example, 600) with “sh changeTWInterval.sh 600”.
**Note: This method doesn't need a pod restart, however, when a pod restart does take place, the change will be rolled back.** **The Cloud Ops team needs to take care of this.**
## Using configmap
For version 24.1 and 24.2, you can change the OOTB value of GraphqlTimeWindow by modifying the configmap and deployment.
For 24.1, follow these steps:
1. Run the following command on the control plane node to create a configmap key:
```
kubectl patch configmap itom-xruntime-infra-config --patch '{"data": {"CMSX_TIME_WINDOW_TIME_INTERVAL": "<Interval>"}}' -n <SuiteNamespace>
```
**Note:** Replace *<Interval>* and *<SuiteNamespace>* with the expected time interval (ms) and the suite namespace. The minimum value of CMSX\_TIME\_WINDOW\_TIME\_INTERVAL is 100 and the maximum value is 60000000 (1 hour). If you set a value larger than this, 60000000 would be used as this interval. A suitable ***Interval*** improves the performance. For example, setting it to 200 increases the number of query batches.
2. Run the following command on the control plane node to add an environment variable in the lookup container for the platform offline deployment:
```
kubectl patch deployment itom-xruntime-platform-offline -n <SuiteNamespace> --patch '{"spec": {"template": {"spec": {"initContainers": [{"name": "lookup-install","env": [{"name":"CMSX_TIME_WINDOW_TIME_INTERVAL", "valueFrom":{"configMapKeyRef":{"name":"itom-xruntime-infra-config", "key": "CMSX_TIME_WINDOW_TIME_INTERVAL", "optional": true}}}]}]}}}}'
```
**Note:** Replace ***<SuiteNamespace>*** with the actual suite namespace.
3. If the platform offline pod doesn't restart automatically, manually restart it by running the following command on the control plane node:
```
kubectl rollout restart deployment itom-xruntime-platform-offline -n <SuiteNamespace>
```
**Note:** Replace ***<SuiteNamespace>*** with the actual suite namespace.
For 24.2, follow these steps:
1. Run the following command on the control plane node to change a configmap key:
```
kubectl patch configmap itom-xruntime-infra-config --patch '{"data": {"CMSX_TIME_WINDOW_TIME_INTERVAL": "<Interval>"}}' -n <SuiteNamespace>
```
**Note:** Replace *<Interval>* and *<SuiteNamespace>* with the expected time interval (ms) and the suite namespace. The minimum value of CMSX\_TIME\_WINDOW\_TIME\_INTERVAL is 100 and the maximum value is 60000000 (1 hour). If you set a value larger than this, 60000000 would be used as this interval. A suitable ***Interval*** improves the performance. For example, setting it to 200 increases the number of query batches.
2. Manually restart the platform offline pod by running the following command on the control plane node:
```
kubectl rollout restart deployment itom-xruntime-platform-offline -n <SuiteNamespace>
```
**Note:** Replace ***<SuiteNamespace>*** with the actual suite namespace.
**Note: This method needs a pod restart and the changes will be saved.**

15
knowledgebase/csd-wiki/ICSD/Change-tenant-setting-to-off-to-disbale-contains-search-for-entity-picker_688983279.md Normal file
View File

@@ -0,0 +1,15 @@
# Change-tenant-setting-to-off-to-disbale-contains-search-for-entity-picker_688983279
## Introduction
It is for customer testing the behavior when the tenant settings " **Enable the “Contains” search for entity pickers and text filters** " is off. When set to On, the “Contains” search will be the default setting for dropdown lists of entity links/Many2Many associations, text filters in grids/reports, and the "Find" widget for filtering the People/Groups list. When set to Off, the “Starts with” search will be used by default.
## Steps
1. Login to https://<FQDN>/saw/admin/tenantSettings?TENANTID=<TENANTID>
2. Find the toggle " **Enable the “Contains” search for entity pickers and text filters** "
3. Set it to off and save.
## Test Setps
1. Refresh page https://<FQDN>/saw/Requests?TENANTID=<TENANTID> to make sure the latest tenant settings have been loaded.
2. Click new button and select the Offering then input 2 characters like "ウェ" to the search box then you should not see the message " **Please enter at least 3 characters to start the "Contains" search** ".

150
knowledgebase/csd-wiki/ICSD/Change-the-OO-customer-managed-key-for-EFS-file-system-and-RDS_688982917.md Normal file
View File

@@ -0,0 +1,150 @@
# Change-the-OO-customer-managed-key-for-EFS-file-system-and-RDS_688982917
### Note: This wiki is only used for OO
### Prerequisite
1. Create 2 KMS customer-managed keys, one for EFS, and the other one for RDS.
> Please refer to [https://docs.aws.amazon.com/kms/latest/developerguide/create-symmetric-cmk.html](https://docs.aws.amazon.com/kms/latest/developerguide/create-symmetric-cmk.html)
>
> 1. Sign in to the AWS Management Console and open the AWS Key Management Service (AWS KMS) console at [https://console.aws.amazon.com/kms](https://console.aws.amazon.com/kms).
> 2. To change the AWS Region, use the Region selector in the upper-right corner of the page.
> 3. In the navigation pane, choose **Customer managed keys**.
> 4. Choose **Create key**.
> 5. To create a symmetric encryption KMS key, for **Key type** choose **Symmetric**.
> 6. In **Key usage**, the **Encrypt and decrypt** option is selected for you.
> 7. In **Advanced options,** you can import key material from you key management infratructure into AWS KMS. In **Regionality,** please choose **Multi-Region key. [https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys-conceptual.html](https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys-conceptual.html)**
> 8. Choose **Next**.
> 9. Type an alias for the KMS key,like "saas-efs-key". The alias name cannot begin with `aws/`. The `aws/` prefix is reserved by Amazon Web Services to represent AWS managed keys in your account.
>
> Repeat the above steps to create a key for rds, like "saas-rds-key".
2. Create the EFS replication
> Please refer to [https://docs.aws.amazon.com/efs/latest/ug/create-replication.html#create-replication-new](https://docs.aws.amazon.com/efs/latest/ug/create-replication.html#create-replication-new)
>
> ![](attachments/688982917/688982914.png)
>
> 1. Sign in to the AWS Management Console and open the Amazon EFS console at [https://console.aws.amazon.com/efs/](https://console.aws.amazon.com/efs/).
> 2. Open the file system that you want to replicate:
> 1. In the left navigation pane, choose **File systems**.
> 2. In the **File systems** list, choose the file system that you want to replicate. The file system that you choose cannot be a source or destination file system in an existing replication configuration.
> 3. Choose the **Replication** tab.
> 4. In the **Replication** section, choose **Create replication**.
> 5. In the **Replication settings** section, define the replication settings:
> 1. For **Replication configuration**, choose **Replicate to a new file system**.
> 2. For **Destination AWS Region**, choose the AWS Region in which to replicate the file system.
> 6. In the **Destination file system settings** section, define the destination file system settings.
> 1. For **File system type**, choose choose **Regional**.
> 2. For **Encryption**,choose the KMS key like "saas-efs-key".
3. Mount the destination file system:[https://docs.aws.amazon.com/efs/latest/ug/accessing-fs.html](https://docs.aws.amazon.com/efs/latest/ug/accessing-fs.html).
1. Sign in to the AWS Management Console and open the Amazon EFS console at [https://console.aws.amazon.com/efs/](https://console.aws.amazon.com/efs/).
2. In the left navigation pane, choose **File systems**. The **File systems** page displays the EFS file systems in your account.
3. Choose the file system that you want to manage mount targets for by choosing its **Name** or the **File system ID** to display the file system details page.
4. Choose **Network,** click **Create mount target.**
5. In **Network**, select your VPC.
6. In **Mount targets**, select the private subnet id and the EFS Security groups one by on
4. Deploy the Amazon EFS CSI driver to your Amazon EKS cluster. [https://docs.aws.amazon.com/eks/latest/userguide/efs-csi.html](https://docs.aws.amazon.com/eks/latest/userguide/efs-csi.html)
1. Configure the bastion node. If you already have a bastion node, skip this step.
```shell
# Access to the bastion node. such as 'i-0da6195baed41d3d8'.
# Optional. Make the EC2 as a real bastion node. You have to install OMT capabilities named 'Tools'.
./install --capabilities ClusterManagement=false,DeploymentManagement=false,LogCollection=false,Monitoring=false,MonitoringContent=false,NfsProvisioner=false,Tools=true,K8sBackup=false
source ~/.bashrc
# Make sure $CDF_HOME printing '/root/cdf'.
echo $CDF_HOME
# Install binary kubectl.
curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
chmod +x kubectl
cp kubectl /usr/bin/
# update kubeconfig
export AWS_ACCESS_KEY_ID= xxx
export AWS_SECRET_ACCESS_KEY= xxx
export AWS_SESSION_TOKEN= xxx
export AWS_DEFAULT_REGION="us-west-2"
curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
unzip awscliv2.zip
sudo ./aws/install --update
export PATH=/usr/local/bin:$PATH
aws sts get-caller-identity
aws eks update-kubeconfig --name encrypt-0-cluster
# Verify that we can access to the k8s cluster.
kubectl get ns
# Download OMT_External_K8s_24.4-270.zip on the bastion node.
wget https://orgartifactory.swinfra.net/artifactory/itom-buildoutput/cdf-daily-build/24.4-byok/OMT_External_K8s_24.4-270.zip
unzip 24.4-byok/OMT_External_K8s_24.4-270.zip
```
### Maintain Window
1. On the bastion node, run the following command to stop OO. ( SMAX can either be stopped or running )
```shell
cd ${CDF_HOME}/scripts
./cdfctl.sh runlevel set -l DOWN -n ${OO_NAMESPACE}
# Make sure there is no Running pods under the namespaces.
```
2. Create a DB snapshot
> Please refer to [https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER\_ManagingManualBackups.html](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_ManagingManualBackups.html)
>
> ![](attachments/688982917/688982915.png)
3. Copy the DB snapshot (from step 2) for Amazon RDS
> Please refer to [https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER\_CopySnapshot.html](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_CopySnapshot.html)
>
> **Master key: select your created customer key for RDS**
4. Rename the source DB instance to a new one. Please refer to [https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER\_RenameInstance.html](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_RenameInstance.html)
5. Restore to a new DB instance using the same instance name as source DB
> Please refer to [https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER\_RestoreFromSnapshot.html](https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/USER_RestoreFromSnapshot.html)
>
> **Make sure that only the kms key is diffent, other configurations are the same. For example, option groupsize multi az and so on.**
6. Ensure all the data has been synced from the source EFS to the target EFS. Then delete the EFS Replication.
1. Create a marker file on the source EFS.
2. Wait for the marker file to appear on the target EFS.
3. Delete the EFS Replication.
7. Recreate PVs and PVCs using the new EFS
```shell
# Recreate PV according to yaml files generated during Prerequisite
# Make sure there is no Running pods under the namespaces. # get modifyEFS.sh script, please check attachment.
chmod +x modifyEFS
.sh./modifyEFS.sh --help # to get all the available options for this script
# The result will look like this:
#Options:
# modify Change the EFS ID and recreate PersistentVolumes (PV) and PersistentVolumeClaims (PVC).
# restore Restore the PersistentVolumes (PV) and PersistentVolumeClaims (PVC) from backups.
#Examples:
# ./modifyEFS.sh modify
# ./modifyEFS.sh restore
./modifyEFS.sh modify# Once you run this, a menu will appear for all the required values to be filled in#for example:Please enter the namespace: oo-helmPlease enter the new EFS name/id: fs-07a0b7d3308a0dbdf
```
[modifyEFS.sh](attachments/688982917/688982913.sh)
Running this script will do the following:
1. 1. stop the OO pods ( if running )
2. recreate PVs and PVCs with the new EFS id/DNS name
Note
If the current env is **NOT** encrypted in transit (NOT using the csi driver) then, for "new efs id" please insert the DNS name (like: [fs-06d7d8ae861f5xxxx.efs.us-west-2.amazonaws.com](http://fs-06d7d8ae861f5xxxx.efs.us-west-2.amazonaws.com/))
If the current env **IS** encrypted in transit (using the csi driver) then, for "new efs id" please insert only the EFS ID (like: fs-06d7d8ae861f5xxxx)
3. start the OO pods
The script returns these messages upon completion:
\[INFO\] OO started successfully with the original replica counts.
\[INFO\] EFS has been modified successfully.
8\. Verify the k8s cluster is running.
1. 1. Check all the pods are in a Running state.
```shell
kubectl get pods -n ${OO_NAMESPACE}
```
2. Login to SMAX and access OO through the portal.
9\. Modify all the ec2 instances/bastion mounts(/etc/fstab) which mount source EFS to the new one ( if not already done as part of SMAX PV/PVC recreation )
10\. Wait a couple of days to make sure that the transition to customer managed key is working smoothly, and then delete AWS old EFS and old RDS.
### Rollback
If you meet any issues during step '7. Recreate PVs and PVCs using the new EFS', you can rollback to the original EFS.
1. ```shell
./modifyEFS.sh restore
```

34
knowledgebase/csd-wiki/ICSD/Check-existing-DB-indices-on-globalid-for-Native-SACM-per-farm-and-add-missing-condition-to-ensure-the-indices-can-properly-work_688983295.md Normal file
View File

@@ -0,0 +1,34 @@
# Check-existing-DB-indices-on-globalid-for-Native-SACM-per-farm-and-add-missing-condition-to-ensure-the-indices-can-properly-work_688983295
## Background
The Native SACM feature will cause tons of the following SQL **when CMS notification load is heavy**:
```
SELECT SystemElement.entity_id AS "Id", SystemElement.schar0 AS "DisplayLabel", CAST(SystemElement.ssmallint0 AS SMALLINT ) AS "SubType", SystemElement.schar4 AS "GlobalId", SystemElement.data_domains AS "DataDomains", CAST(SystemElement.sint1 AS INTEGER) AS "BitPosition", CAST(SystemElement.sint2 AS INTEGER) AS "BitmapId", SystemElement.last_update_time AS "LastUpdateTime" FROM entities_xxxxxxxxx SystemElement WHERE ( (upper(SystemElement.schar4) = upper($1)) AND SystemElement.is_deleted = $2 ) AND SystemElement.entity_type_id = $3 ORDER BY SystemElement.entity_id ASC LIMIT $4
```
Due to historical reasons, some existing DB indices on globalid were created without the accurate condition ("is\_deleted=false") for the four Native SACM entities (Device, Actual Service, Service Component, and System Element), **similar SQLs including the above one will cause high CPU load on the DB server**.
## Reason
Due to historical reasons, the index on some old tenants doesn't have “is\_deleted=false” in the WHERE condition. On some newer tenants, the index's WHERE condition is fine.
## Solution
If the index is not created as expected, we would drop them and create the new ones. Please run the following steps for the whole farm.
1. Get the create INDEX SQLs by running the following SQL. If you get empty result, then you can ignore the next steps. If not, keep the CREATE INDEX SQLs, but dont run the CREATE INDEX SQL at this step.
```
select indexdef||' AND is_deleted = false;'from pg_indexes where INDEXDEF LIKE '%WHERE%' AND indexdef not like '%WHERE%is_deleted%' AND tablename like 'entitie%' AND indexname like '%upper%globalid%';
```
2. Get the ANALYZE SQLs.
```
select 'ANALYZE '||tablename||';' from pg_indexes where INDEXDEF LIKE '%WHERE%' AND indexdef not like '%WHERE%is_deleted%' AND tablename like 'entitie%' AND indexname like '%upper%device_globalid%';
```
3. Run the following SQL to generate the DROP indexes SQL.
```
select 'DROP INDEX '||indexname||';'from pg_indexes where INDEXDEF LIKE '%WHERE%' AND indexdef not like '%WHERE%is_deleted%' AND tablename like 'entitie%' and indexname like '%upper%globalid%';
```
4. Run the DROP INDEX SQLs you get from step3.
5. Run the CREATE INDEX SQLs you get from step1.
6. Run the ANALYZE TABLE SQLs you get from step2.

24
knowledgebase/csd-wiki/ICSD/Check-isolated-tenants-per-farm_686073691.md Normal file
View File

@@ -0,0 +1,24 @@
# Check-isolated-tenants-per-farm_686073691
## Introduction
This document is to introduce how to use Jenkins job to check isolated tenants per farm before upgrade.
## Use Jenkins job to check isolated tenants
1. Open Jenkins job. [https://saas-ops.itsma-ng.net/job/ESM-SaaS-Check-Isolated-Tenants/](https://saas-ops.itsma-ng.net/job/ESM-SaaS-Check-Isolated-Tenants/)
![](attachments/686073691/686073675.png)
2. Click "Build with Parameters", choose "farm\_name" and Click "Build"
3. After the job is completed,check job's status.
1. If job is green(Success),it means that there is no isolated tenants on this farm. Open the build, and Click "Console Output", at the end of the output, it looks like this.
![](attachments/686073691/686073676.png)
2. If job is red(Failed),it means that there is isolated tenants on this farm. Open the build, and Click "Console Output", scroll down to the ending of the output, check the detailed check results.
The job checks SMAX tenant status firstly, if some tenant's status isn't ACTIVE or INACTIVE, the SMAX check result will show tenant ID like below.
![](attachments/686073691/686073679.png) ![](attachments/686073691/686073681.png)
## Attachments:
[image2023-11-14\_16-41-3.png](attachments/686073691/686073675.png) (image/png)
[image2023-11-14\_16-52-26.png](attachments/686073691/686073676.png) (image/png)
[image2023-11-14\_16-55-32.png](attachments/686073691/686073679.png) (image/png)
[image2023-11-14\_16-57-24.png](attachments/686073691/686073681.png) (image/png)

33
knowledgebase/csd-wiki/ICSD/Clean-up-CMS-log-files_686073699.md Normal file
View File

@@ -0,0 +1,33 @@
# Clean-up-CMS-log-files_686073699
You may find that the size of logs on your file storage, especially the <cms-log-volume> folder, keeps growing. For example, the size of the <cms-log-volume> folder may reach 120 GB after CMS has been running for a few months. To reduce the log size, you can safely remove or archive old log files in the log folders while the CMS is running.
### How to delete log files from a log folder
You can delete log files that are older than certain days ( for example, 60 days) from your file storage. To do this, run the following command on the file storage server:
nohup find {log folder} -type f -atime +{day} -mtime +{day} -ctime +{day} -exec stat '{}' \\+, -type f -atime +{day} -mtime +{day} -ctime +{day} -exec rm -f '{}' \\+ > {output.log} &
Where:
- {log folder}: is the folder from which you want to delete the log files that meet the specified condition
- {day}: specify the same value (in days) for the atime, mtime, and ctime parameters:
- **mtime**: modification time, the time when the file was last modified. When the content of a file changes, its mtime changes.
- **ctime**: change time, the time when the file's property changes. It always changes when the mtime changes, and also changes when the file's permissions, name or location changes.
- **atime**: access time, which is updated when the file is read by an application or a command such as grep or cat
- {output.log} is the log file to which you want to write the output log message
Log folders to clean up
Normally, you only need to clean up the following log folders on the NFS server:
| **Log folder** | **Example 1** | **Example 2** | **Note** |
| --- | --- | --- | --- |
| <cms-log-volume>/logs | /var/vols/itom/cms/log\_volume | /mnt/cms/var/vols/itom/cms/log\_volume | <cms-log-volume> is the CMS log NFS volume |
The following example commands will delete all the files in the specified folders when all of their atime, mtime, and ctime values are older than 60 days.
**nohup find /mnt/cms/var/vols/itom/cms/log\_volume -type f -atime +60 -mtime +60 -ctime +60 -exec stat '{}' \\+, -type f -atime +60 -mtime +60 -ctime +60 -exec rm -f '{}' \\+ > /tmp/cleanupCMS.log &**
Note:if you meet 'permission deny' error when running the command, you can add sudo:
**nohup find /mnt/cms/var/vols/itom/cms/log\_volume -type f -atime +60 -mtime +60 -ctime +60 -exec stat '{}' \\+, -type f -atime +60 -mtime +60 -ctime +60 -exec sudo rm -f '{}' \\+ > /tmp/cleanupCMS.log &**

79
knowledgebase/csd-wiki/ICSD/Cloud-Change-Management-Process_686087713.md Normal file
View File

@@ -0,0 +1,79 @@
# Cloud-Change-Management-Process_686087713
## Introduction
This document describes how to manage changes in an Opentext Cloud environment.
## Change Type
### Planned Change
Change is defined as anything - hardware, software, system components, services or processes that is deliberately introduced into the production environment and which may affect a service level agreement (SLA) or otherwise affect the functioning of the environment or one of its components.
Changes may be required for many reasons, including, but not limited to:
- User requests
- Vendor recommended/required changes
- Changes in regulations
- Hardware and/or software upgrades
- Hardware or software failures
- Changes or modifications to the infrastructure
- Unforeseen events
- Periodic Changes
All changes falling under this definition should be governed by a change management policy, and implemented by a change management methodology and change management process.
Planned Changes will be scheduled at least two (2) weeks in advance when Customer action is required, or at least four (4) days in advance otherwise.
### Emergency Changes
Critical change to prevent service functionality or availability.
Emergency Changes require approval of Cloud Delivery Manager, TO Manager or CS Manager.
Emergency Change will be scheduled at least one (1) day in advance unless it is critical to resolve a major incident immediately.
## Customer Notification
Opentext Cloud Service will use a centralized notification system to deliver proactive communications about service changes, outages, and scheduled maintenance.
Details can be found on the relevant Service Health portal for your service which includes:
- Current availability of the SMAX environment that their tenants are part of
- Details of any upcoming planned maintenance
- Outage reports for any incidents that have been identified by our support teams
- Historical SLO data
For example: [https://smax-health.saas.microfocus.com/](https://smax-health.saas.microfocus.com/)
## Change Approval
![](attachments/686087713/686087714.png)
## Change Record
For any changes, need to submit change record in the [Essentials](https://essentials.saas.microfocus.com/itg/dashboard/app/portal/PageView.jsp) system.
For details, please refer to document How to submit Change Record in Essentials System.
## CAB Review
### No CAB Required
Such change will not be discussed in the CAB meeting. List of changes that are mostly routine and were pre approved by an executive.
The likelihood of those changes to disrupt service is very slim and those changes are executed frequently.
e.g.:
- Monthly Patch Upgrade
- Routine EKS upgrade
- etc.
### CAB Required:
All non exempt changes, mostly changes that will occur during maintenance window, and involves more than one executer.
e.g.:
- Product major version upgrade
- AWS Infrastructure Change
- Landing zone migration
- etc.

45
knowledgebase/csd-wiki/ICSD/Collect-customer-owned-SMAX-OPB-Agent-information-and-check-status_686073768.md Normal file
View File

@@ -0,0 +1,45 @@
# Collect-customer-owned-SMAX-OPB-Agent-information-and-check-status_686073768
## Introduction
This document describes how to utilize an existing automation job to gather information and current status of all user-configured SMAX OPB agents on an ESM farm.
## Collect SaaS Farm SMAX OPB agent status
- Login to [ESM SaaS Operation Automation System (Jenkins)](https://saas-ops.itsma-ng.net/)
- Click " [ESM-SaaS-SMAX-OPB-Agent-Info-Collection](https://saas-ops.itsma-ng.net/job/ESM-SaaS-SMAX-OPB-Agent-Info-Collection/) " job
- Click "Build Now" to trigger the job, this job will start to collect all SaaS customer's OPB agent status for each farm
![](attachments/686073768/686073717.png)
- Once the job finished, an email will be sent to Cloud DevOps PDL **<MFI-ESM-SaaS-DevOps@ [opentext.com](http://opentext.com/) >** with the attachement of OPB agent status report
![](attachments/686073768/686073718.png)
## Check SMAX OPB agent status report
- Extract the zip file, you will find the report file "smax\_opb\_agents.csv"
- Check the report you will get following information:
- OPB agent belongs to the customer farm, tenant id
- OPB agent name
- OPB agent ID
- OPB agent version
- OPB agent last seen timestamp
- OPB agent status
## How to use this report
- We can use this report to check the status of the OPB agent in the early and late stages of the farm upgrade to determine whether the OPB agent is automatically upgraded successfully.
- A successful upgrade of the OPB agent is marked by the version number being updated to the latest, the **last seen timestamp** being updated to the most recent time, and the status being ready.
## Check SMAX OPB Agent Status in BI Report
[https://app.powerbi.com/groups/fac06a69-6340-4715-b8fe-4bdc0ca9af14/reports/cf509ffe-325f-4c1b-a507-44b93e6d85ca/ReportSection79d51b9702cdd9e9f366?experience=power-bi](https://app.powerbi.com/groups/fac06a69-6340-4715-b8fe-4bdc0ca9af14/reports/cf509ffe-325f-4c1b-a507-44b93e6d85ca/ReportSection79d51b9702cdd9e9f366?experience=power-bi)
![](attachments/686073768/686073721.png)
## Attachments:
[downloadyWfgg054641.zip](attachments/686073768/686073714.zip) (application/zip)
[image2023-11-3\_13-50-29.png](attachments/686073768/686073717.png) (image/png)
[image2023-11-3\_13-55-27.png](attachments/686073768/686073718.png) (image/png)
[image2023-11-3\_13-58-44.png](attachments/686073768/686073721.png) (image/png)

2
knowledgebase/csd-wiki/ICSD/Configuration-Management_686074098.md Normal file
View File

@@ -0,0 +1,2 @@
# Configuration-Management_686074098
Created by on Jan 21, 2025 EST

275
knowledgebase/csd-wiki/ICSD/Configure-Nginx-through-network-load-balancer_688996474.md Normal file
View File

@@ -0,0 +1,275 @@
# Configure-Nginx-through-network-load-balancer_688996474
## Create customer managed SMAX/CMS/OO FQDNs and corresponding certificates
Note
**Please follow the SaaS Ops procedure to work with the customer to create the customer-managed FQDNs and generate publicly signed certificates.**
Typically for each customer tenant a set of 3 FQDNs will be required, which need to be DNS-mapped (CNAME) to 3 intermediate FQDNs (managed by SaaS), such as (just an example):
| DNS name (customer) | CNAME (SaaS-managed) | Certificate/key |
| --- | --- | --- |
| [smax.esm-api.acme.com](http://smax.esm-api.acme.com/) | smax.api.<customerid>.[esm-saas.com](http://esm-saas.com/) | smax-acme.crt, smax-acme.key |
| [cms.esm-api.acme.com](http://cms.esm-api.acme.com/) | cms.api.<customerid>.[esm-saas.com](http://esm-saas.com/) | cms-acme.crt, cms-acme.key |
| [oo.esm-api.acme.com](http://oo.esm-api.acme.com/) | oo.api.<customerid>.[esm-saas.com](http://esm-saas.com/) | oo-acme.crt, oo-acme.key |
The 3 CNAMEs will need to be created under the [esm-saas.com](http://esm-saas.com/) domain (managed under Route53 by SaaS team) and provided to the customer for DNS mapping. As a convention, the <customerid> is the ID of the Customer entity in PCS for that particular customer.
If a customer has multiple tenants that need to be enabled for zero trust, use a prefix for the DNS name. For example for a test tenant:
| DNS name (customer) | CNAME (SaaS-managed) | Certificate/key |
| --- | --- | --- |
| [tst.smax.esm-api.acme.com](http://tst.smax.esm-api.acme.com/) | tst.smax.api.<customerid>.[esm-saas.com](http://esm-saas.com/) | tst-smax-acme.crt, tst-smax-acme.key |
| [tst.cms.esm-api.acme.com](http://tst.cms.esm-api.acme.com/) | tst.cms.api.<customerid>.[esm-saas.com](http://esm-saas.com/) | tst-cms-acme.crt, tst-cms-acme.key |
| [tst.oo.esm-api.acme.com](http://tst.oo.esm-api.acme.com/) | tst.oo.api.<customerid>.[esm-saas.com](http://esm-saas.com/) | tst-oo-acme.crt, tst-oo-acme.key |
The customer will also need to provide the SaaS team with publicly signed certificates for their FQDNs - these will be required by nginx as described below.
Note
Public certificates have to be generated by the customer. We cannot use AWS-generated certificates in this case.
## Create and configure Nginx service machine
You'll need to create two Nginx service machines to achieve high availability. This section provides detailed steps on how to create and configure the Nginx service machines.
### Create and Deploy EC2 instance
1. Sign in to AWS, and then navigate to **EC2 >** **Instance**.
2. Click **Launch instances** in the right corner.
3. Enter a name. For example, `nginx-1`.
4. For Application and OS Images (Amazon Machine Image), choose an Amazon Machine Image (CCOE AMI for SaaS Operation), and then select the **64-bit(x86)** Architecture. See [Nginx on AWS](https://docs.nginx.com/nginx/deployment-guides/amazon-web-services/ec2-instances-for-nginx/) for more information.
5. Select **t3.medium** as the Instance type.
6. In Name and tags section at top of page enter tags necessary for SaaS deployment. Copy the tags similar to another instance in the same farm. **If you don't do this the deployment will fail.**
7. Select one key pair name in the **Key pair** section.
8. For Network settings, click the **Edit** button
- Select the **existing VPC** of current farm where smax/cms/oo are running, and select one **existing private subnet**.
- Select **Disable** for the Auto-assign public IP filed.
- Select **Create security group** and then enter a name and description.
- For Inbound Security Group Rules, add **SSH** and **HTTPS** rules.
Note
Set the source type of the **HTTPS** rule to the security group of the NLB created below (you will have to come back here to add this rule after you create the NLB and its security group).
Set the source type of the **SSH** rule to the bastion security group to limit SSH access to nginx server from the bastion node only.
9. Set the **Configure storage section** to **100 GiB gp3**.
10. Click the **Launch instance** button.
### Install Nginx service
1. Use SSH to access the nginx server machine from the resource defined in the above SSH rule.
2. Install the Nginx service by running the following command.
```
sudo yum -y install nginx
```
### Configure the nginx.conf file
1. Go to nginx configuration file folder via running `cd /etc/nginx` command. Back up the original `nginx.conf` file
2. Create a `/etc/nginx/ssl ` folder and copy the customer-issued public certificates and keys into it
3. Create a file `albCA.crt` in `/etc/nginx/ssl ` containing the root CA and any intermediate CAs used to sign the SaaS farm certificate on ALB (e.g. `eu18-smax.saas.microfocus.com`)
4. Run the following command to modify the `nginx.conf` file.
```
sudo vim nginx.conf
```
5. Edit the file as below.
```
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log notice;
pid /run/nginx.pid;
# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
keepalive_timeout 60;
types_hash_max_size 4096;
client_body_timeout 60s; # maximum time for reading the body of a client request. This value can be set globally or in each server. You may use the same value as customer's client request body timeout;
client_max_body_size 50m; # maximum allowed size of the client request body. This value can be set globally or in each server. You may use the same value as customer's client request body size;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
underscores_in_headers on;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
# Used to resolve DNS name of the proxy_pass server
# 169.254.169.253 is the well known DNS server in AWS VPC
resolver 169.254.169.253;
# Repeat the 3 server sections below for each tenant that has zero trust enabled.
# For each tenant/product combination, set the proper server_name, ssl_certificate and ssl_certificate_key
server {
listen 443 ssl; # listen on port 443 and enable SSL/TLS secure connections, 443 is an example, you may use other port;
server_name smax.esm-api.acme.com; # specify the server name, the value should be SMAX FQDN allocated for the customer, for example smax.esm-api.acme.com;
ssl_certificate ssl/smax-acme.crt; # the location of the server certificate generated for the server specified in server_name;
ssl_certificate_key ssl/smax-acme.key; # the location of the private key of the generated for the server specified in server_name;
client_body_timeout 60s; # maximum time for reading the body of a client request sent to SMAX
client_max_body_size 50m; # maximum allowed size of the client request body sent to SMAX
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers 'TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256:TLS_AES_128_CCM_8_SHA256:TLS_AES_128_CCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384';
ssl_prefer_server_ciphers on;
location / {
set $backend_server eu18-smax.saas.microfocus.com; # The SMAX FQDN of current farm, take eu18 as an example
proxy_pass https://$backend_server; # Use a variable so that DNS lookup is forced every time
proxy_set_header Host $backend_server; # Sets the request header Host to the specified backend server
proxy_ssl_verify on; # Enable SSL authentication for proxy requests
proxy_ssl_trusted_certificate ssl/albCA.crt; # Specifies the location of CA certificate from which the proxy requests SSL security authentication, in this case, the CA cert of SMAX application load balancer.
}
}
server {
listen 443 ssl; # listen on port 443 and enable SSL/TLS secure connections, 443 is an example, you may use other port
server_name cms.esm-api.acme.com; # specify the server name, the value should be CMS FQDN allocated for the customer, for example cms.esm-api.acme.com;
ssl_certificate ssl/cms-acme.crt; # the location of the server certificate generated for the server specified in server_name
ssl_certificate_key ssl/cms-acme.key; # the location of server key generated for the server specified in server_name
client_body_timeout 60s; # maximum time for reading the body of a client request sent to CMS
client_max_body_size 50m; # maximum allowed size of the client request body sent to CMS
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers 'TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256:TLS_AES_128_CCM_8_SHA256:TLS_AES_128_CCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384';
ssl_prefer_server_ciphers on;
location / {
set $backend_server cms.eu18-smax.saas.microfocus.com; # The CMS FQDN of current farm, take eu18 as an example
proxy_pass https://$backend_server; # Use a variable so that DNS lookup is forced every time
proxy_set_header Host $backend_server; # Sets the request header Host to the specified backend server
proxy_ssl_verify on; # Enable SSL authentication for proxy requests
proxy_ssl_trusted_certificate ssl/albCA.crt; # Specifies the location of CA certificate from which the proxy requests SSL security authentication, in this case, the CA cert of CMS application load balancer.
}
}
server {
listen 443 ssl; # listen on port 443 and enable SSL/TLS secure connections, 443 is an example, you may use other port
server_name oo.esm-api.acme.com; # specify the server name, the value should be OO FQDN allocated for the customer, for example oo.esm-api.acme.com;
ssl_certificate ssl/oo-acme.crt; # the location of the server certificate generated for the server specified in server_name
ssl_certificate_key ssl/oo-acme.key; # the location of server key generated for the server specified in server_name
client_body_timeout 60s; # maximum time for reading the body of a client request sent to OO
client_max_body_size 50m; # maximum allowed size of the client request body sent to OO
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers 'TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256:TLS_AES_128_CCM_8_SHA256:TLS_AES_128_CCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384';
ssl_prefer_server_ciphers on;
location / {
set $backend_server oo.eu18-smax.saas.microfocus.com; # The OO FQDN of current farm, take eu18 as an example
proxy_pass https://$backend_server; # Use a variable so that DNS lookup is forced every time
proxy_set_header Host $backend_server; # Sets the request header Host to the specified backend server
proxy_ssl_verify on; # Enable SSL authentication for proxy requests
proxy_ssl_trusted_certificate ssl/albCA.crt; # Specifies the location of CA certificate from which the proxy requests SSL security authentication, in this case, the CA cert of OO application load balancer.
}
}
}
```
6. Enable and start the nginx service by running the following command.
```
sudo systemctl enable nginx
sudo systemctl start nginx
```
### Create the second nginx service machine
Create the second nginx service machine with the same steps as above. However, it should be in a different availability zone of current VPC for high availability. For example, nginx-2.
Note
The certificates applied to NLB will need to be publicly signed by a public CA, so normally the customer gateway will accept them.
## Create a target group
1. Navigate to **EC2** > **Target groups**.
2. Click the **Create target group** button in the right corner.
3. Select **Instance** as the target type.
4. Enter a name for the target group. For example, `nlb-tg`.
5. Select **TCP** as the protocol, and then enter `443` as Port.
6. Select the existing **VPC** of your current farm where smax/cms/oo are running.
7. Select **TCP** as the Health check protocol.
8. Click **Next**.
9. From the Register target page, select the instance ID whose Name is displayed as the **two nginx service machines** that you created in previous steps.
10. Click the **Include as pending below** button. The two Nginx instances will be listed in the **Targets** section.
11. Click the **Create target group** button.
The target group has been created successfully.
## Create a Network Load Balancer
1. Sign in to AWS, and then navigate to **EC2** > **Load Balancers**.
2. Click the **Create load balancer** button on the right corner.
3. Select the **Network Load Balancer** the balancer type, and then click the **Create** button.
4. Enter a proper name for **Load balancer name**. For example, NLB-Acme.
5. Use the default value `Internet-facing` for the **Scheme** section.
6. Use the default value `IPv4` for the **IP address type** section.
7. In the **Network mapping** section, select the **existing VPC** of current farm where SMAX/CMS/OO are running, then map to the **3 public subnets** of the VPC, use default values for others.
8. In **Security groups** section, click create a new security group. Give a security group name, description, select the same VPC in step 7, add one inboud rule whose type is **HTTPS**, source IP is the **IP range for customer's API gateway**. Delete the default security group. Refresh and select the newly created security group. For troubleshooting purpose you may add some additional IP ranges. For SaaS enter the tag: Owner: ESM
9. In the **Listeners and routing** section, select **TCP** as the protocol, and then set the Port to `443`.
10. Select the target group you created above. For example, select **nlb-tg**.
11. For Saas, enter Tags by copying them from another sample LB.
12. Click the **Create load balancer** button.
13. Select this NLB and go to the detail page, you will see the listeners of target groups.
14. Go back to the security group of the EC2 instance(s) of nginx and set the HTTPS rule source type to the security group of the NLB (as described above).
## Edit a Network Load Balancer Security Group
For the step #7 above, in the section **Create a Network Load Balancer**, operate, when requested, the change:
1. Sign in to AWS, and then navigate to **EC2** > **Security Groups**.
2. Choose the right ZeroTrust Security group, e.g. sg-0e4a9f16dadd46485 - zerotrust-nlb-sg on EU18.
3. Check the **Inbound Rules** section and choose **Edit inbound rules**.
4. Remove and/or add the requested IP/IP range in a new rule. Save the changes.
## Map CNAMEs to the NLB
Map the 3 CNAMEs created under Route53 to the NLB (use Alias to NLB DNS name), for example:
| DNS CNAME | Alias |
| --- | --- |
| smax.api.<customerid>.[esm-saas.com](http://esm-saas.com/) | <NLB DNS name> |
| cms.api.<customerid>.[esm-saas.com](http://esm-saas.com/) | <NLB DNS name> |
| oo.api.<customerid>.[esm-saas.com](http://esm-saas.com/) | <NLB DNS name> |
## Testing
### Validate certificates on the customer managed FQDN's
From within the Zero Trust Nginx instance, you can use a curl command like this to confirm the certificate from customer is valid:
```
curl -v --resolve tst.smax.esm-api.acme.com:443:127.0.0.1 https://tst.smax.esm-api.achmea.nl
```
![](attachments/688996474/688996473.png)
### Use Postman to check network connectivity
You can perform a REST call on the customer FQDN to validate connectivity. For example:
POST: https://tst.smax.esm-api.acme.com/auth/authentication-endpoint/authenticate/token?TENANTID=<TENANT\_ID >
Note
This requires that your proxy ip address is part of the IP allowlist.
If you don't configure mTLS, you will get an error: 400 No required SSL certificate was sent But at least this verifies network connectivity.
This requires that your proxy ip address is part of the IP allowlist
**Related pages**
- Page:
[ESM Cloud Farm Version Tracking](/display/ICSD/ESM+Cloud+Farm+Version+Tracking)
- Page:
[How to get an Opentext Confluence account](/display/ICSD/How+to+get+an+Opentext+Confluence+account)
- Page:
[ITOM APM AppPluse Cloud Farm Information](/display/ICSD/ITOM+APM+AppPluse+Cloud+Farm+Information)
- Page:
[ITOM Cloud Service Ops Doc Management Process](/display/ICSD/ITOM+Cloud+Service+Ops+Doc+Management+Process)
- Page:
[ITOM ESM Cloud Service Catalog](/display/ICSD/ITOM+ESM+Cloud+Service+Catalog)
- Page:
[ITOM OpsB NOM Cloud Service Catalog](/display/ICSD/ITOM+OpsB+NOM+Cloud+Service+Catalog)
- Page:
[OpsB and NOM Cloud Deployments Version Tracking](/display/ICSD/OpsB+and+NOM+Cloud+Deployments+Version+Tracking)

51
knowledgebase/csd-wiki/ICSD/Configure-SAML-authentication-for-SaaS-Customer_686065288.md Normal file
View File

@@ -0,0 +1,51 @@
# Configure-SAML-authentication-for-SaaS-Customer_686065288
## Introduction
This document describe how to configre SAML authentication for SaaS customer. Before this, the SaaS customer should follow the [online doc](https://docs.microfocus.com/doc/ESM/SaaS/ConfigureSAML) to finish the IDP configuration and submit service request in PCS to share IDP meta data to Cloud team. The Cloud Ops engineer can follow this document to conitnue the rest part of configration in IdM.
## Create a SAML configuration in IdM
To create a SAML configuration, follow these steps:
1. In Suite Administration, click the **IdM settings** tab in the tenant detail page. The system opens the **Authentication** page for the corresponding organization in the IdM Admin Portal of the suite.
2. From the **CONFIGURATIONS** section, click "+" to add one authentication.
3. Select **SAML** as the authentication type from the drop-down list, and then click **CREATE**.
4. Enter the related SAML configuration settings:
1. Enter the display name. Naming Rules: <customer name>-<prod or dev>-saml
2. Do one of the following:
- Select **IDP Metadata URL**, enter the following IdP metadata URL, and then upload the certificate of the IdP.
- ADFS: `https://*<ad_host>*/FederationMetadata/2007-06/FederationMetadata.xml`
- Azure AD: The App Federation Metadata URL you noted during SAML configuration in Azure
- Select **IDP Metadata**, and then upload the IdP metadata file.
- ADFS: You can download the metadata file from this URL: `https://*<ad_host>*/FederationMetadata/2007-06/FederationMetadata.xml`
- Azure AD: The Federation Metadata XML you downloaded during SAML configuration in Azure
5. Click **SAVE**.
## Create a SAML configuration group in IdM
To create a configuration group for SAML, follow these steps:
1. After you create a SAML configuration, from the **CONFIGURATION GROUPS** section, click "+" to add an authentication group.
2. In the **Name** field, enter **saml**.
Note: You must use **saml** as the name for the SAML configuration group. Otherwise, the default login type feature in Suite Administration doesn't work.
3. In the **Display Name** field, enter a display name for the authentication group.
4. In **Authentication Group Type**, select **Normal**.
5. In the **Configurations** field, select the SAML authentication configuration that you just created.
Note: You can add only one SAML authentication configuration to the SAML configuration group.
6. Click **SAVE**.
Now, you have completed the SAML configurations. SAML users can access the tenant. After the user logs in to the tenant for the first time, the system automatically synchronizes their user profiles to Suite Administration.
## Verify the SAML SSO configuration
To verify that the SAML SSO configuration works, check the following:
- Users added in the IdP can log in to Service Management using their IdP user credentials.
- After such a user logs in to Service Management, you can see the user record for the user created in Suite Administration, and various user-related fields that correspond to the outgoing claim types or claims you added in the IdP have the IdP value populated.
- Once above change is completed, the SaaS Ops engineer should schedule a call with customer to validate the SSO login and user record information in IDM/BO/SMAX tenant
1. Ask an existing user to login via SSO
2. check the claims updated in IDM
3. check the fields in BO and SMAX tenant is correct, like "First Name", "Last Name", "Email", "User Prinsiple Name"
4. Check user sync - Force the sync between IDM and BO, on the Account page > Users tab ( **don't touch** the "Hard sync user" button the the Tenant form)
5. Check user sync - Go into the tenant and force the Sync button on the Person grid (BO -> SMAX tenant)
6. The testing should cover both new user (create new a user in IDM) and existing user (mapping to existing user in IDM)

39
knowledgebase/csd-wiki/ICSD/Configure-UIS_688987644.md Normal file
View File

@@ -0,0 +1,39 @@
# Configure-UIS_688987644
## Configure Optic Switcher with single sign on (Azure IDP solution)
Refer to: [Configure Optic Switcher with single sign on (Azure IDP solution)](https://rndwiki.houston.softwaregrp.net/confluence/pages/viewpage.action?pageId=1290634151)
## How to enable Feature Toggle for UIS Data clean up on time series bar chart
1) Enable Feature Toggle in bvd helm configure map, on the Kubernetes master machine:
```
kubectl -n <namespace> edit configmap bvd-config
```
Search **featureToggles,** and add **"ENABLE\_DATA\_CLEAN\_UP": true** inside {}. The result should be like below, if previous value is empty:
featureToggles: {"ENABLE\_DATA\_CLEAN\_UP": true}
![](attachments/688987644/688987643.png)
## How to enable Feature Toggle for UIS Caching
The feature toggle " **QueryCaching** " controls whether caching is enabled or disabled at the system level. By default, it is set to **false** (disabled). If it is set to **false**, all frontend and backend UIS data collector caching-related features will no longer have any effect.
- Run the following commands:
**Configure feature toggle**
`# Get namespace of UIS`
`kubectl get ns`
`# Edit config map`
`kubectl edit configmap bvd-config -n {namespace}`
- Search " **featureToggles".** Set the value of " **QueryCaching** " to **true** or **false**. If " **QueryCaching** " does not exist, please add it to {}, for example:
**Set QueryCaching**
`bvd.featureToggles: ``'{"QueryCaching":true}'`
- Save the change.
- Wait for about tens of seconds and refresh the browser page.
## Attachments:
[image2024-5-9\_16-12-0.png](attachments/688987644/688987643.png) (image/png)

56
knowledgebase/csd-wiki/ICSD/Configure-custom-SMTP-for-UCMDB_688983358.md Normal file
View File

@@ -0,0 +1,56 @@
# Configure-custom-SMTP-for-UCMDB_688983358
## Introduction
## Step 1. Get AWS SMTP server host
The smtp server host is dedicated for each region of AWS. Please refer to SMTP Endpoints of [Amazon Simple Email Service endpoints and quotas](https://docs.aws.amazon.com/general/latest/gr/ses.html) for details.
## Step 2. Create email credentials for the UCMDB - Optional
This step to create a custom sender SES identity is OPTIONAL. This is only needed if the customer requires a "custom sender" email address.
You can use the Farm AWS SES identity details instead. This is actually the preferred method.
Note: for the below steps you need to login to AWS Console using the ESM user, or ask someone from PSEC (MFI-Product Security Operations <MFI-ProductSecOps@ [opentext.com](http://opentext.com/) >) to create this IAM user.
1. Open the **“Amazon Simple Email Service”** on the AWS console
2. Go to select the **“SMTP Settings”** on left pane, click **“Create SMTP credentials”** in the **“Simple Mail Transfer Protocol (SMTP) settings”**
![](https://staging.docs.microfocus.com/mediawiki/images/8/86/esmemailsetting1.png)
1. Give the new IAM user name as **“ses-smtp-user.{farm alias}-{tenantId}”**, for example:
![](https://staging.docs.microfocus.com/mediawiki/images/5/5a/esmemailsetting2.png)
1. Click **Create**.
2. **Due to a limitation in UCMDB,the SMTP User password doesn't support special character like(/ \* -),so you have to repeat the IAM user creation until you got a Secret Key contains only alphabetic character.**
3. Save the access key, username, and access secret key into parameter store. The parameter path format:
- /{farm}/tenant/{tenantId}/iam/ses/key: Access key
- /{farm}/tenant/{tenantId}/iam/ses/name: Username
- /{farm}/tenant/{tenantId}/iam/ses/secret: Access Secret Key
## Step 3. Verify customers email address in AWS SES identity
Refer to [Configure custom mail sender, dedicated AWS SES users](https://rndwiki.houston.softwaregrp.net/confluence/display/ICS/Configure+custom+mail+sender%2C+dedicated+AWS+SES+users) to verify customers email address in AWS SES identity
## Step 4. Configure SMTP via JMX
1. Log into JMX Console and for **setSettingValue** ![](attachments/688983358/688983336.png)
2. Search JMX method **listResourceTypes**, input tenantid and click invoke.
Click **Settings\_STATE\_CUSTOMER\_SETTING**
Click **email.send.from
**Manually input the email sender in <value> if the value is not correct,click 'save resource'.
You may see a value like: <value>sma\_noreply&amp;#x40;[microfocus.com](http://microfocus.com/) </value> with hex code for the "@" character. Change it to the visible "@" character on your keyboard.**
![](attachments/688983358/688983341.png)
**
3. Search JMX method **showSettingsByCategory**, input customerID, **Mail Settings** as category and click invoke. Review all the values you input.
![](attachments/688983358/688983343.png)
4. example
## Step 5. Test to send report
1. log into CMS UI https://cms.<farm-alias>-smax.saas.microfocus.com/ucmdb-browser/ui/reports?customerID=123456789
2. Go to ![](attachments/688983358/688983346.png)
3. ![](attachments/688983358/688983351.png)

254
knowledgebase/csd-wiki/ICSD/Configuring-HCMx-and-OpsB-using-same-Vertica_688987648.md Normal file
View File

@@ -0,0 +1,254 @@
# Configuring-HCMx-and-OpsB-using-same-Vertica_688987648
## Introduction
This page describes how to configure OpsB to use Vertica which is installed through HCMx. Here the main challenge is how to do cross communication between SMAX SaaS account and OpsB SaaS account.
## Deployment Diagram
![](attachments/688987648/688987652.png)
## Install HCMx
Follow the regular SaaS steps to install HCMx
Refer official doc link: [Install on AWS (EKS) - Service Management Automation X (microfocus.com)](https://docs.microfocus.com/doc/SMAX/24.2/EKS)
## Configuration for cross AWS account communication (uses AWS Privatelink)
***Ports used from HCMx side:***
- From OpsB to HCMx: 5433
***Ports used from OpsB side:***
- From HCMx to OpsB: 31051 or 6651 (based on property: global.di.externalDNS.enabled), by default its 6651
- From HCMx to OpsB: 18443 (ODL administration API)
- From HCMx to OpsB: 5050 (ODL receiver API)
For the above cross account communications, AWS Private Link configured. This includes Endpoint Service which connects to private NLB of required service on source and Endpoint on client side which connects to Endpoint Service created on Source.
Note: Make sure the exposed port through Endpoint Service opened using Security Group of Endpoint on client side.
Once all private links configured, need to edit Scheduler Config map to overwrite pulsar datasource value to Interface Endpoint on UDX plugin which connects with port 6651.
Edit ConfigMap "itom-di-udx-scheduler-scheduler" in OpsB namespace and replace the Interface Endpoint for property "pulsar.datasource.host"
### Create Network Load Balancer for Vertica
**Go to AWS console to create a Target Group for Vertica**
<table><tbody><tr><th><p>Section</p></th><th><p>Item</p></th><th><p>Value</p></th></tr><tr><td rowspan="5"><p>Basic configuration</p></td><td><p>Target type</p></td><td><p>IP addresses</p></td></tr><tr><td><p>Target group name</p></td><td><p>NLB-for-Vertica-TG</p></td></tr><tr><td><p>Protocol: Port</p></td><td><p>TCP: 5433</p></td></tr><tr><td><p>IP address type</p></td><td><p>IPv4</p></td></tr><tr><td><p>VPC</p></td><td><p><em>VPC of the Vertica DB server</em></p></td></tr><tr><td><p>Others</p></td><td><p>/</p></td><td><p><em>Leave default</em></p></td></tr></tbody></table>
**Go to AWS console to create a Network load balancer for Vertica**
<table><tbody><tr><th><p>Section</p></th><th><p>Item</p></th><th><p>Value</p></th></tr><tr><td rowspan="3"><p>Basic configuration</p></td><td><p>Load balancer name</p></td><td><p><em>NLB-for-Vertica</em></p></td></tr><tr><td><p>Scheme</p></td><td><p><em>Internal</em></p></td></tr><tr><td><p>IP address type</p></td><td><p><em>IPv4</em></p></td></tr><tr><td rowspan="2"><p>Network mapping</p></td><td><p>VPC</p></td><td><p><em>VPC of the Vertica DB server</em></p></td></tr><tr><td><p>Mappings</p></td><td><p><em>us-west-2a: private subnet1</em></p><p><em>us-west-2b: private subnet2</em></p><p><em>us-west-2c: private subnet3</em></p></td></tr><tr><td><p>Security groups</p></td><td><p>Security groups</p></td><td><p><em>The security group of the Vertica DB server</em></p></td></tr><tr><td><p>Listeners and routing</p></td><td><p>Protocol</p></td><td><p><em>TCP</em></p></td></tr><tr><td></td><td><p>Port</p></td><td><p><em>5433</em></p></td></tr><tr><td></td><td><p>Forward to</p></td><td><p>NLB-for-Vertica-TG</p></td></tr></tbody></table>
### Create Endpoint Service for Vertica
**Go to AWS console to create an Endpoint Service for Vertica**
<table><tbody><tr><th><p>Section</p></th><th><p>Item</p></th><th><p>Value</p></th></tr><tr><td rowspan="2"><p>Endpoint service settings</p></td><td><p>Name</p></td><td><p>Vertica-endpoint-service</p></td></tr><tr><td><p>Load balancer type</p></td><td><p>Network</p></td></tr><tr><td><p>Available load balancers</p></td><td><p>Select the load balancers</p></td><td><p><em>NLB-for-Vertica</em></p></td></tr><tr><td rowspan="2"><p>Additional settings</p></td><td><p>Acceptance required</p></td><td><p>Checked</p></td></tr><tr><td><p>Supported IP address types</p></td><td><p>IPv4</p></td></tr></tbody></table>
### Create Endpoints for Vertica connect to OpsB
**Go to AWS console to create an Endpoint for Pulsar**
<table><tbody><tr><th><p>Section</p></th><th><p>Item</p></th><th><p>Value</p></th></tr><tr><td rowspan="2"><p>Endpoint settings</p></td><td><p>Name tag</p></td><td><p>Vertica-Pulsar-endpoint</p></td></tr><tr><td><p>Service category</p></td><td><p>Other endpoint services</p></td></tr><tr><td><p>Service settings</p></td><td><p>Service name</p></td><td><p><em>The pulsar service name shared from OpsB</em></p></td></tr><tr><td rowspan="2"><p>VPC</p></td><td><p>VPC</p></td><td><p>The VPC of Vertica</p></td></tr><tr><td><p>Additional settings</p></td><td><p>Leave as default</p></td></tr></tbody></table>
**Go to AWS console to create an Endpoint for DI Admin**
<table><tbody><tr><th><p>Section</p></th><th><p>Item</p></th><th><p>Value</p></th></tr><tr><td rowspan="2"><p>Endpoint settings</p></td><td><p>Name tag</p></td><td><p>Vertica-DI-Admin-endpoint</p></td></tr><tr><td><p>Service category</p></td><td><p>Other endpoint services</p></td></tr><tr><td><p>Service settings</p></td><td><p>Service name</p></td><td><p><em>The DI Admin service name shared from OpsB</em></p></td></tr><tr><td rowspan="2"><p>VPC</p></td><td><p>VPC</p></td><td><p>The VPC of Vertica</p></td></tr><tr><td><p>Additional settings</p></td><td><p>Leave as default</p></td></tr></tbody></table>
**Go to AWS console to create an Endpoint for DI receiver**
<table><tbody><tr><th><p>Section</p></th><th><p>Item</p></th><th><p>Value</p></th></tr><tr><td rowspan="2"><p>Endpoint settings</p></td><td><p>Name tag</p></td><td><p>Vertica-DI-Receiver-endpoint</p></td></tr><tr><td><p>Service category</p></td><td><p>Other endpoint services</p></td></tr><tr><td><p>Service settings</p></td><td><p>Service name</p></td><td><p><em>The DI receiver service name shared from OpsB</em></p></td></tr><tr><td rowspan="2"><p>VPC</p></td><td><p>VPC</p></td><td><p>The VPC of Vertica</p></td></tr><tr><td><p>Additional settings</p></td><td><p>Leave as default</p></td></tr></tbody></table>
### Create inbound rules in the security group of Vertica
1. **Go to AWS Console to find the security group of the Vertica**
2. **Click “Actions” to edit inbound rules**
3. **Add three rules as**
| Type | Protocol | Port range | Source | Description |
| --- | --- | --- | --- | --- |
| Custom TCP | TCP | 6651 | Custom: 0.0.0.0/0 | itom-pulsar |
| Custom TCP | TCP | 18443 | Custom: 0.0.0.0/0 | itom-di-administration |
| Custom TCP | TCP | 5050 | Custom: 0.0.0.0/0 | itom-di-receiver |
## Vertica Customisation on HCMx Vertica Instance
## Configure Vertica for ODL communication
Get the pulsarudx packge
[https://orgartifactory.swinfra.net/artifactory/itom-opsbridge-helm-release/opsbridge-suite-chart/24.2/opsbridge-suite-chart-2.8.1+24.2.1-35.zip](https://orgartifactory.swinfra.net/artifactory/itom-opsbridge-helm-release/opsbridge-suite-chart/24.2/opsbridge-suite-chart-2.8.1+24.2.1-35.zip)
Extract the package, get the opsbridge-suite-chart/tools/itom-di-pulsarudx-<VERSION>.x86\_64.rpm
In Bastion host
from the unzipped opsb chart copy pulsarudx plugin to vertica (use the command below)
scp -r -i ~/id\_tmp opsbridge-suite-chart/tools/itom-di-pulsarudx-<VERSION>.x86\_64.rpm [vertica@](mailto:vertica@10.0.1.247) [<](mailto:centos@3.137.215.72) [verticaIP>](mailto:vertica@10.0.1.247):/home/vertica
In vertica VM
- vsql --version ( make sure it compatible vertica version for opsb)
- sudo su
rpm -iv itom-di-pulsarudx-<VERSION>.x86\_64.rpm
### Create tenant in vertica (Use HCMx tenant ID with "t" prefix for tenant name)
- cd /usr/local/itom-di-pulsarudx/bin
./dbinit.sh genconfig
- mv /usr/local/itom-di-pulsarudx/conf/dbinit\_conf.yaml /usr/local/itom-di-pulsarudx/conf/dbinit\_conf.yaml-bkp
- sed -i s/t123456789/t<hcmx\_tenant\_id>/g /home/vertica/dbinit\_conf.yaml
- cp -f /home/vertica/dbinit\_conf.yaml /usr/local/itom-di-pulsarudx/conf/dbinit\_conf.yaml
./dbinit.sh -g
Provide Admin\_1234 as all prompts of password
- ./dbinit.sh list
Tenant |Deployment |Read Only User |Read Write User |
txxxxxxx |default |txxxxxxx\_rouser |txxxxxxx\_rwuser
- Please find the sample file attached
[dbinit\_conf\_sample\_saas.yaml](attachments/688987648/688987655.yaml)
## Install OpsB
**(Use HCMx tenant ID with "t" prefix for tenant name)**
Follow regular SaaS steps to install OpsB with following changes,
Refer official doc link: [Install Operations Bridge - Operations Bridge - Containerized (microfocus.com)](https://docs.microfocus.com/doc/Containerized_Operations_Bridge/24.2/Install)
- Install ODL Message Bus (Pulsar) in different namespace (example: optic-shared). Create tenant in ODL message bus
- In OpsB values yaml, provide HCMx Vertica details such as hostname, port, RO user, RW user and TLS enabled. (Using helm install command, Vertica certificate will be passed)
## Config the OPTIC Data Lake Capability on ESM BO
### Download OPTIC Data Lake certificates
Take `https://<OpsbServerName>:443/` as an example.
Follow the below steps to get certificates:
1. Visit `https://<OpsbServerName>:443/`, click **Not secure** and **Certificate is not valid**.
2. Go to the **Details** tab and select the root certificate, then click **Export**.
Get Administration and Data receiver URLs:
- Get the DNS Name of the data-ingestion-administration endpoint as the DI-Admin-FQDN
- https://<DI-Admin-FQDN>:18443/itom-data-ingestion-administration
- Get the DNS Name of the data-ingestion-receiver endpoint as the DI-Receiver-FQDN
- https://<DI-Receiver-FQDN>:5050/itom-data-ingestion-receiver
Follow the below steps to get certificates:
1. Visit https://<DI-Admin-FQDN>:18443/, click **Not secure** and **Certificate is not valid**.
2. Go to the **Details** tab and select the root certificate, then click **Export**.
3. Visit https://<DI-Receiver-FQDN>:5050/, click **Not secure** and **Certificate is not valid**.
4. Go to the **Details** tab and select the root certificate, then click **Export**.
### Import OPTIC Data Lake certificates
Copy the certificates to the following directory on the NFS server of SMAX: < `global-volume>/certificate/source`. For example, `/var/vols/itom/itsma/global-volume/certificate/source`
`Or <config-volume>/certificate/source (Helm transformed). For example, /var/vols/itom/itsma/config-volume/certificate/source`
Notice: In this step, please assure the owner of certificates is 1999:1999. For command, chown -R 1999:1999 <certificate.pem>
### Restart pods
Restart SMAX pods by running commands on a control plane node or the bastion node:
1. Run the following commands to restart the SMAX platform pods.
kubectl rollout restart deployment -n itsma-xxxx itom-xruntime-platform
kubectl rollout restart deployment -n itsma-xxxx itom-xruntime-platform-offline
2. Run the following command to restart the bo-ats pod.
kubectl rollout restart deployment -n itsma-xxxx itom-bo-ats-deployment
## Create a credential for OPTIC Data Lake
To create a credential for OPTIC Data Lake, follow these steps:
1. Log in to Suite Administration as the suite admin: https://<external access host of SMAX>/bo.
2. Click **Configurations**.
3. On the **Credential Store** tab, click **New**.
4. In the **Credential** dialog box, specify these fields:
View Fullscreen
| Field | Description |
| --- | --- |
| Name | The display name of the required credential you want to create for the OPTIC DL IdM. |
| Tenant | The tenant ID, which is required when you add capabilities after installing the suite. The tenant you select must be active. |
| IdM endpoint | The endpoint of the OPTIC DL IdM that you want to connect. For example, `https://<OpsbServerName>:<Port>`. |
| Organization | The organization of the OPTIC DL IdM. |
| User name | The name of the IdM user with the DI ADMIN role and/or DI INGESTION role. If you use one single IdM user for both the **DI ADMIN** role and the **DI INGESTION** role, you only need to create one credential. If you use two different users for the **DI ADMIN** role and the **DI INGESTION** role, make sure you create two credentials for each of them. You can only create or delete one credential at a time. |
| Security type | The security type. You can select either **PASSWORD** or **VAULT**. |
| Password | The password of the user. Enter the password if you selected **PASSWORD** as the security type. |
| Vault | The vault key. Enter the vault key if you selected **VAULT** as the security type. |
5. Click **Test connection**. If the action fails, check if the field values are correct.
6. Click **Save**. It will generate a UUID for this credential. You can use this UUID to connect to the OPTIC DL IdM.
7. Notice the Opsbridge team to grant the DI\_ADMIN, DI\_DATAACCESS, DI\_INGESTION roles to the new created users.
## Deploy the OPTIC Data Lake capability
Follow these steps to deploy the OPTIC Data Lake capability for the tenant:
1. Log in to Suite Administration as the suite admin: https://<external access host of SMAX>/bo.
2. Click **Tenants**.
3. Click and open the tenant for which you just created the credential.
4. On the **Capability settings** tab, click **Deploy new capability**.
5. In the **Pre-check** step, in the **Capability** dropdown box, select **OPTIC Data Lake**.
Only when a Premium license has been added to the selected tenant, the OPTIC Data Lake option will appear in the dropdown box.
6. In **Administration URL**, enter `https://<DI-Admin-FQDN>:18443/itom-data-ingestion-administration`.
7. In **Credential for** **administration**,select the credential you just created.
8. Click **Next**.
9. In the **Config and deploy** step, in **Data receiver URL**, enter `https://<DI-Receiver-FQDN>:5050/itom-data-ingestion-receiver`.
10. In **Credential for data receiver**, select the credential you just created.
11. Check the acknowledge box.
12. Click **Deploy**.
13. The deployment is now completed. Note that the OPTIC Data Lake capability can only be deployed once, however, you can change the configurations through the **Capability settings** tab later.
## Configure the integration
Once the OPTIC Data Lake capability is deployed, the SMAX tenant admin or the Integration admin (**People** > **Roles** > **On-Premise Bridge/Integration** > **Administrator**) needs to configure the integration:
1. Go to the agent interface.
2. In **Integration Management**, select **Integration configuration**.
3. Click and expand the **OPTIC Data Lake** node.
4. You can enable OPTIC Data Lake either for specific record types or for all supported record types. You can enable OPTIC Data Lake for specific record types. To do this, click **Add**, select the desired record type, and then click **Save**. Click **Save** in the main window**,** then click **Apply**. Once the record type is added, it will appear in the left-side pane. Alternatively, you can enable OPTIC Data Lake for all supported record types. To do this, check the **Apply for all record types** box, click **Save**, then click **Apply**. However, by enabling it for all supported record types, the data throughput might surge and impact the system's performance.
5. Now, the SMAX metadata will be synchronized and the database structure will be created in OPTIC Data Lake.
**Note:** The COMPLEX\_TYPE, IMAGE, LARGE\_TEXT, and RICH\_TEXT metadata is not supported and won't be synchronized.
## Data synchronization
After the OPTIC Data Lake integration has been configured:
- Any changes to the SMAX metadata will be synchronized to OPTIC Data Lake instantly.
- Any changes to the SMAX record data will be synchronized to OPTIC Data Lake every 15 minutes. Note that the maximum number of database transactions per job is 1000.
## Configure UIS
## Enable Feature Toggle for UIS Data clean up on time series bar chart
1) Enable Feature Toggle in bvd helm configure map, on the Kubernetes master machine:
```
kubectl -n <namespace> edit configmap bvd-config
```
Search **featureToggles,** and add **"ENABLE\_DATA\_CLEAN\_UP": true** inside {}. The result should be like below, if previous value is empty:
featureToggles: {"ENABLE\_DATA\_CLEAN\_UP": true}
![](attachments/688987648/688987656.png)
## Configure Optic Switcher with single sign on (Azure IDP solution)
Refer to: [Configure Optic Switcher with single sign on (Azure IDP solution)](https://rndwiki.houston.softwaregrp.net/confluence/pages/viewpage.action?pageId=1290634151)
## Validating Setup
- Open UIS reports and check the data getting populated
- Open DBLog on Vertica to look for any errors, there should not be any errors in that log. This shows if any error on UDx plugin to pulsar proxy communication.
- Configure entity push in BO and see entities are getting into Vertica. This confirms ODL functionality correctly works or not.

68
knowledgebase/csd-wiki/ICSD/Content-Pack-cleanup-for-SaaS-farms_692438713.md Normal file
View File

@@ -0,0 +1,68 @@
# Content-Pack-cleanup-for-SaaS-farms_692438713
### Context
Over time we see a lot of older CP versions pilling up on our SaaS farms. Each CP zip file is around 350-400MB and it's stored in the DB and on the disk. This can become a problem over time.
Also, the UCMDB server has some scheduled tasks to check the DB and the disk for newer CP files, calculate their checksums, and decide if the DB and disk storage need to be synched for newer CP zip files. This takes time and resources and has a performance impact. The UCMDB server does not do a CP zip file cleanup OOTB.
### A. Identify what we have before the cleanup
1. Get the list of used CPs from UCMDB server JMX using the method *viewSystemInformation*
2. Get the current list of CP versions from the DB. From JMX invoke *executeQuery* with the SQL query *select version from content\_packs*
3. Example of output for the query
4. *select version from content\_packs*
![](attachments/692438713/692438700.png)
5. Get the list of CPs from the disk. The path is /mnt/cms/var/vols/itom/cms/data-volume/ucmdb/server/content/content\_packs
6. Example of the available CPs on the disk
![](attachments/692438713/692438701.png)
### B. Evaluate what we have
1. Check that the DB list is the same as the disk list. They should be the same
2. Compare the list from the DB and the one from *viewSystemInformation* to find the CP versions that are not used. In the DB list, CP versions are not present in *viewSystemInformation* . These are the CP versions to be deleted
1. On the disk we may have directories with the same version as some of the CP zip files like CP-24.4.zip and directory 24.4.89. Both of them refer to CP 24.4 and can be deleted if they are not in the Support Matrix and if no customer is using that CP version.
3. Be careful about CP version and build number. We can have versions 24.4 build 116 and 24.4 build 117 and they are considered distinct CP versions. None, one or both can be used by a customer(s).
4. The current supported CP versions for the deployed UCMDB version need to be kept even if they are not used by any customer as any customer can upgrade to it and we support these versions. The CP Support Matrix is found at [https://docs.microfocus.com/doc/Universal\_Discovery\_Content\_Pack/24.4/CPSupportMatrix](https://docs.microfocus.com/doc/Universal_Discovery_Content_Pack/24.4/CPSupportMatrix)
1. Example: for UCMDB 24.4 we support CP 23.4 but we need to keep this version even if no customer is using it.
5. Do a backup of content\_packs folder which can be removed after 1 week if there is no issue
### C. Cleanup
1. When the UCMDB servers are stopped we can delete from the DB and disk the CP versions from above that were not found in *viewSystemInformation*
1. *set replicas to 0 for itom-ucmdb sts ( kubectl scale sts itom-ucmdb --replicas=0 -n cms )*
2. *check both ucmdb pods are stopped*
2. Selective deletion of the unused/useless CP versions from the DB and disk. Once you identify a CP version(and build!) that is not used by any customer from *viewSystemInformation,* it can be deleted from the disk and from the DB one by one. This will take more time but it's safer and the server startup is not affected.
3. Keep supported versions as mentioned in step **B.4**
4. Query to delete from UCMDB DB a specific CP version from DB delete from CONTENT\_PACKS where version = '2022.11.99'
1. Execute the query from UCMDB RDS, at this time, the UCMDB server is stopped, so can't delete it from JMX console
2. use instead of 2022.11.99 any CP version that is no longer needed
5. Set replicas back to 2 for itom-ucmdb-sts ( kubectl scale sts itom-ucmdb --replicas=2 -n cms )
### D. Validate the results
1. Check the output of *viewSystemInformation*
2. List the available CP version in DB with the SQL query *select version from content\_packs*
3. List the files in */mnt/cms/var/vols/itom/cms/data-volume/ucmdb/server/content/content\_packs*
4. We should have the same count of CPs and the same CP versions in all 3 sources from above
In the past we had an unofficial cleanup procedure for the on-premise UCMDB
[https://community.microfocus.com/it\_ops\_mgt/ucmdb/f/discussions/140155/maintenance-tip-cleanup-of-the-old-content-packs](https://community.microfocus.com/it_ops_mgt/ucmdb/f/discussions/140155/maintenance-tip-cleanup-of-the-old-content-packs "https://community.microfocus.com/it_ops_mgt/ucmdb/f/discussions/140155/maintenance-tip-cleanup-of-the-old-content-packs")
**Related pages**
- Page:
[ESM Cloud Farm Version Tracking](/display/ICSD/ESM+Cloud+Farm+Version+Tracking)
- Page:
[How to get an Opentext Confluence account](/display/ICSD/How+to+get+an+Opentext+Confluence+account)
- Page:
[ITOM APM AppPluse Cloud Farm Information](/display/ICSD/ITOM+APM+AppPluse+Cloud+Farm+Information)
- Page:
[ITOM Cloud Service Ops Doc Management Process](/display/ICSD/ITOM+Cloud+Service+Ops+Doc+Management+Process)
- Page:
[ITOM ESM Cloud Service Catalog](/display/ICSD/ITOM+ESM+Cloud+Service+Catalog)
- Page:
[ITOM OpsB NOM Cloud Service Catalog](/display/ICSD/ITOM+OpsB+NOM+Cloud+Service+Catalog)
- Page:
[OpsB and NOM Cloud Deployments Version Tracking](/display/ICSD/OpsB+and+NOM+Cloud+Deployments+Version+Tracking)

27
knowledgebase/csd-wiki/ICSD/Convert-EPUB-to-audiobooks_686070564.md Normal file
View File

@@ -0,0 +1,27 @@
# Convert-EPUB-to-audiobooks_686070564
AI and relevant technologies are increasing everyone's processing speed on information.
In order to process more, it's a good idea to convert EPUB books to audiobooks. So that you can listen to the books when walking, jogging or doing some sports.
Here is the project to do the conversion.
[https://github.com/p0n1/epub\_to\_audiobook](https://github.com/p0n1/epub_to_audiobook "https://github.com/p0n1/epub_to_audiobook")
For windows users, check this link for more detailed setup
[https://gist.github.com/p0n1/cba98859cdb6331cc1aab835d62e4fba](https://gist.github.com/p0n1/cba98859cdb6331cc1aab835d62e4fba "https://gist.github.com/p0n1/cba98859cdb6331cc1aab835d62e4fba")
For Audio examples, Azure TTS / OpenAI TTS / Edge TTS can be used. You can start with Edge TTS as it's free. Other two options comes with better voice quality and emotion.
List of voices available in Edge TTS.txt
[https://gist.github.com/BettyJJ/17cbaa1de96235a7f5773b8690a20462](https://gist.github.com/BettyJJ/17cbaa1de96235a7f5773b8690a20462 "https://gist.github.com/bettyjj/17cbaa1de96235a7f5773b8690a20462")
Some examples of commands to do the conversion.
```
# English Book
python main.py "input\bookname.epub" "output_path" --tts edge --language en-US --voice_name en-US-MichelleNeural
python main.py "input\bookname.epub" "output_path" --tts edge --language en-US --voice_name fr-FR-VivienneMultilingualNeural
# Chinese Book
python main.py "input\bookname.epub" "output_path" --tts edge --language zh-CN --voice_name zh-CN-XiaoxiaoNeural
```

11
knowledgebase/csd-wiki/ICSD/Converting-the-Named-License-to-Concurrent-License_711830360.md Normal file
View File

@@ -0,0 +1,11 @@
# Converting-the-Named-License-to-Concurrent-License_711830360
1. Identify the correct Tenant, License Pool and License ID. Please refer to the "Process for license" guide.
2. Select the License -> Revoke
3. Open the License Pool -> Open the License Allocation.
4. In License Allocation, please change the set up of Named or Concurrent Users accordingly.
5. Apply the license to the customer pool
6. Allocate the license to the customer tenant.
**These steps can be applied to convert from Concurrent to Named Licenses too.**
In case there are no licenses remaining in the License Pool, the Sales team should generate a new license and to be applied and follow the steps from "Process for license" guide.

41
knowledgebase/csd-wiki/ICSD/Create-Integration-Users_686065319.md Normal file
View File

@@ -0,0 +1,41 @@
# Create-Integration-Users_686065319
## Introduction
This document is to introduce how to create an integration user via Jenkins when PCS ticket is to request to add an integration user.
## Use Jenkins job to create integration user
1. Sample PCS Service Request for integration user creation
![](attachments/686065319/686065312.png)
2. Open the Jenkins job. [https://saas-ops.itsma-ng.net/job/ESM-SaaS-Create-Integration-User/](https://saas-ops.itsma-ng.net/job/ESM-SaaS-Create-Integration-User/)
3. Input all parameters, and click "Build"
The *customer\_alias*, *Integration\_app*,*customer\_receiver\_email* can be get from PCS ticket **Catalog Offering** Part.
The common *Integration\_app* may cover:
- - rest
- sap
- opbagent
- oo
- oocon
- obm
- idm
- ldap
- cms
- cit
- datalake
![](attachments/686065319/686065314.png)
![](attachments/686065319/686065315.png)
4\. After the Jenkins job is completed, the user will be created, and the initial password set link will be sent to the "customer\_receiver\_email" email address.
5\. Update this information to customer in PCS ticket. All are done.
## Attachments:
[image2023-11-1\_16-42-30.png](attachments/686065319/686065312.png) (image/png)
[image2023-11-1\_16-51-22.png](attachments/686065319/686065314.png) (image/png)
[image2023-11-1\_16-50-1.png](attachments/686065319/686065315.png) (image/png)

18
knowledgebase/csd-wiki/ICSD/Customer-Cloud-Service-Offerings_684947005.md Normal file
View File

@@ -0,0 +1,18 @@
# Customer-Cloud-Service-Offerings_684947005
- [Add OAuth authentication - Ops+Customer tasks](684947018.html)
- [Allowable SMAX Attachment Extensions](Allowable-SMAX-Attachment-Extensions_686065217.html)
- [Apply license to ESM customer tenant](Apply-license-to-ESM-customer-tenant_688996779.html)
- [Configure custom mail sender, dedicated AWS SES users](686065263.html)
- [Configure SAML authentication for SaaS Customer](Configure-SAML-authentication-for-SaaS-Customer_686065288.html)
- [Configure SMAX custom domain (New Landing Zone)](686065305.html)
- [Create Integration Users](Create-Integration-Users_686065319.html)
- [Customize the login and logout pages](Customize-the-login-and-logout-pages_686065324.html)
- [Enable ESM capabilities (UCMDB/OO/FinOps/AC/OP/ODL)](688996783.html)
- [Enable ITOM Aviator for ESM tenant](Enable-ITOM-Aviator-for-ESM-tenant_688996800.html)
- [Enable ITOM Aviator for SMAX on-premise customer](Enable-ITOM-Aviator-for-SMAX-on-premise-customer_688996802.html)
- [ESM Customer Tenant Decommission](ESM-Customer-Tenant-Decommission_688996785.html)
- [How to enable legacy Discovery UI of UCMDB/Revert back to the UCMDB UI-based discovery](690081009.html)
- [Integrate with Power BI to create FinOps reports](Integrate-with-Power-BI-to-create-FinOps-reports_686065345.html)
- [SMAX maintain custom language packs](SMAX-maintain-custom-language-packs_688996787.html)
- [SMAX modify maximum attachement size](SMAX-modify-maximum-attachement-size_688996790.html)
- [Zero trust security configuration for ACME](Zero-trust-security-configuration-for-ACME_688996466.html)

2
knowledgebase/csd-wiki/ICSD/Customer-Onboarding_686069933.md Normal file
View File

@@ -0,0 +1,2 @@
# Customer-Onboarding_686069933
Created by on Jan 20, 2025 EST

2
knowledgebase/csd-wiki/ICSD/Customer-Order-Fulfillment_686064518.md Normal file
View File

@@ -0,0 +1,2 @@
# Customer-Order-Fulfillment_686064518
Created by on Jan 16, 2025 EST

12
knowledgebase/csd-wiki/ICSD/Customize-the-login-and-logout-pages_686065324.md Normal file
View File

@@ -0,0 +1,12 @@
# Customize-the-login-and-logout-pages_686065324
## Introduction
As a suite administrator, you can configure the theme settings of the login and logout pages for each tenant to suit your company's look and feel. To do this, go to the IdM Admin Portal by clicking the **IdM settings** tab on the tenant details page from Suite Administration.
## Document
Please refer to official published document:
SMAX 25.2: [https://docs.microfocus.com/doc/423/25.2/customizeloginlogoutpages](https://docs.microfocus.com/doc/423/25.2/customizeloginlogoutpages)
SMAX 23.4: [https://docs.microfocus.com/doc/SMAX/23.4/CustomizeLoginLogoutPages](https://docs.microfocus.com/doc/SMAX/23.4/CustomizeLoginLogoutPages)

18
knowledgebase/csd-wiki/ICSD/Database-monitoring-toolkit-deployment_686083872.md Normal file
View File

@@ -0,0 +1,18 @@
# Database-monitoring-toolkit-deployment_686083872
Created by on Jan 23, 2025 EST
## Introduction
This page presents all the steps to deploy SMAX database monitoring toolkit
## Sections
1. PG stored procedure
2. Prometheus & Grafana related setup
3. Tuning based on the toolkit
**Related pages**
**Content by label**
There is no content with the specified labels

18
knowledgebase/csd-wiki/ICSD/Deactive-ITOM-Aviator_686073804.md Normal file
View File

@@ -0,0 +1,18 @@
# Deactive-ITOM-Aviator_686073804
1. [ITOM Cloud Service Delivery](index.html)
2. [ITOM Cloud Service Delivery](ITOM-Cloud-Service-Delivery_681555087.html)
3. [💠3 - Operation & Maintenance](682933064.html)
4. [Operational Runbook](Operational-Runbook_686073475.html)
5. [Standard Ops Runbook](Standard-Ops-Runbook_686073477.html)
6. [ITOM Aviator](ITOM-Aviator_688982192.html)
Created by, last modified by Wei Shen on Feb 04, 2025 EST
This chapter will includes:
- [How to disable Aviator](https://confluence.opentext.com/display/ICSD/How+to+disable+Aviator)
- Decommission and Remove Data
Document generated by Confluence on Sep 15, 2025 22:26 EDT
[Atlassian](https://www.atlassian.com/)

62
knowledgebase/csd-wiki/ICSD/Disable-NSACM-and-enhance-CI-lifecycle-in-SaaS_688987700.md Normal file
View File

@@ -0,0 +1,62 @@
# Disable-NSACM-and-enhance-CI-lifecycle-in-SaaS_688987700
Salesforce is a CMS standalone customer, previously OpenText want Salesforce to show interest on AMX, so at the beginning of Salesforce tenant provisioning, we use current ESM SaaS automation to set up SMAX + CMS + NSACM, with enhanced CI lifecycle enabled, after CMS 24.1 upgrade, we enhanced the CI lifecycle solution that CI deletion from all sources can't be physically deleted but set discovered state as 'purgeable', this is not applicable to Salesforce standalone CMS use case, so we need to disable NSACM and enhance CI lifecycle for Salesforce by performing below steps.
### Disable NSACM
Step 1: Disable NSACM flag manually by following: [Disable Native SACM manually](https://confluence.opentext.com/display/ICSD/Disable+Native+SACM+manually).
Step 2: Clean up SMAX existing CIs, choose **one of the ways**:
**For small data volume via SMAX UI:**
1. From the main menu, select **Build > Service Asset & Configuration**.
2. From **SACM Home**, select **Devices**.
3. Drill down the grid for device, system element, service component, actual service respectively, select all CIs in the list, and click Delete to mass delete them, ignore the warning like “maximum 500 records are allowed in one batch..”
**For large data volume via database:**
In the xservices\_ems database for SMAX
1) Run the following SQL command to count CI number for each entity type, replace <tenant-ID> to the real SMAX tenant ID:
***select [d.name](http://d.name/),count(1) from maas\_admin.entities\_<tenant-ID> e inner join (select distinct id,name from maas\_admin.entity\_descriptor where name in ('Device','ActualService','SystemElement','ServiceComponent')) d on e.entity\_type\_id= [d.id](http://d.id/) where e.is\_deleted=false group by 1***
Get the results like
![](attachments/688987700/688987689.png)
2) Run the following SQL to soft delete all CIs of each entity type, replace <tenant-ID> to the real SMAX tenant ID:
***update maas\_admin.entities\_<tenant-ID> set is\_deleted=true where entity\_type\_id in (select distinct id from maas\_admin.entity\_descriptor where name in ('Device','ActualService','SystemElement','ServiceComponent')) and is\_deleted=false***
3) Re-run SQL in #1 and make sure all CIs are gone.
![](attachments/688987700/688987690.png)
4) You can also go to SMAX agent interface UI, double check all devices, system elements, service components, actual services are gone.
### Disable enhanced CI lifecycle
1. Go to JMX-console URM Services - use listResourceTypes iterate this for each customer ID
- - Settings\_STATE\_CUSTOMER\_SETTING and select **[enable.enhanced.ci](http://enable.enhanced.ci/).lifecycle** open it and set it as false instead of **true**:
2\. To clean up the cache from UCMDB, you can perform **one of the ways** to make this change effective:
- Restart this customer: Go to JMX, search for 'stopCustomer', input the related customerID, wait for few mins, go back to JMX, search for 'startCustomer', input the related customerID
- Restart server just to make sure the setting is reset
3\. Validate the enhanced Ci lifecycle is disabled: go to CMS UI → Home → Administration → Infrastructure Settings Management → search for enhanced Ci lifecycle, check the value is false.
![](attachments/688987700/688987693.png)
### Post-operation tasks owned by customer
After SaaS Ops disabled NSACM and enhanced CI lifecycle, there are some tasks need CMS customer to handle with existing CMS CIs. Customers can review these tasks and choose whether they need to do it or not based on their business.
1. Clean up useless attributes in existing Cis: **metaphase, discovery\_state,** **sd\_type.** These 3 attributes are used for enhanced CI lifecycle and NSACM, its useless now, customer can create an enrichment rule to set the value of these 3 attributes to empty
2. Multi-tenancy is enabled by default in SaaS farm, the default tenant is All Tenants so it will not impact single tenant use case. With MT enabled, under NSACM solution, there are some additional steps performed in SaaS CMS customer, please check whether you need to revert the changes:
1. Disable OwnerTenant attribute, do you need to enable it?
2. ![](attachments/688987700/688987694.png)
3. Change Identification rule to No identification for 3 CI types, do you need to set it to default value?
4. ![](attachments/688987700/688987696.png)
3. For enhanced CI lifecycle solution, there is a step to assign the attribute metaphase for node element CI type with default value: **Inherited from the parent node**. You may need to set the default value to empty if you have done this step before, see the setting details: [https://docs.microfocus.com/doc/SMAX/23.4/EnableEnhancedCiAging#Configure\_metaphase\_for\_node\_elements\_in\_UCMDB](https://docs.microfocus.com/doc/SMAX/23.4/EnableEnhancedCiAging#Configure_metaphase_for_node_elements_in_UCMDB).

48
knowledgebase/csd-wiki/ICSD/Disable-Native-SACM-manually_686073918.md Normal file
View File

@@ -0,0 +1,48 @@
# Disable-Native-SACM-manually_686073918
## Introduction
When moving tenants, if the source tenant has Native SACM enabled and the target tenant only needs the data from the source tenant and doesn't want Native SACM. This topic describes how to disable Native SACM manually.
## Instructions
To disable Native SACM manually, follow these steps:
1. In the database, run the following SQL command:
```
UPDATE maas_admin."TenantSettings_<Tenant_ID>" set body = body || '{"value": "false"}' where body->>'key'='ENABLE_CMSX'
```
2. In a web browser, go to https://<hostname>/sap/rest-client?TENANTID=<Tenant\_ID>.
**NOTE**: Replace <hostname> and <Tenant\_ID> with the FQDN of the SaaS farm and the tenant ID, respectively.
3. ![](attachments/686073918/686073898.png)
4. Select **POST** as the request method and click **Send**.
5. In the bo\_ats database, run the following SQL command:
```
UPDATE bo_db_user.tenant_entity set native_sacm_enabled='false' where id='<Tenant_ID>'
```
Replace <Tenant\_ID> with the actual tenant ID.
6. Restart platform offline pod to shutdown the websocket client.
**(In SMAX version 24.2 and later where the offline ng pod is adopted by default, the following actions are also required to finish disabling Native SACM)**
## Restart the offline NG pod
Restart the pod to release the task listener:
`kubectl rollout restart deployment itom-xruntime-platform-offline-ng -n $(kubectl get namespace |grep itsma | cut -f1 -d " ")`
## Delete the Native SACM rabbitmq queue for for the tenant
1. Enter the rabbitmq pod:
`kubectl exec infra-rabbitmq-0 -c itom-xruntime-rabbitmq -n $(kubectl get namespace |grep itsma | cut -f1 -d " ")` ` -it bash`
2. Check if the queues exist:
`rabbitmqctl list_queues --vhost xservices4|grep WorkerTask_CMSX|awk -F' ' '{print $1}' |grep <tenantId>`
3. Delete the queues for the specified tenant:
`rabbitmqctl delete_queue WorkerTask_CMSXSystemElementQueue_<tenantId> --vhost xservices4`
`rabbitmqctl delete_queue WorkerTask_CMSXServiceComponentQueue_<tenantId>  --vhost xservices4`
`rabbitmqctl delete_queue WorkerTask_CMSXDeviceQueue_<tenantId> --vhost xservices4`
`rabbitmqctl delete_queue WorkerTask_CMSXActualServiceQueue_<tenantId> --vhost xservices4`
## Attachments:
[image-2025-1-21\_14-13-22.png](attachments/686073918/686073898.png) (image/png)

36
knowledgebase/csd-wiki/ICSD/Disable-the-gateway-service-log-for-farm-stabilization_686074613.md Normal file
View File

@@ -0,0 +1,36 @@
# Disable-the-gateway-service-log-for-farm-stabilization_686074613
## Introduction
The farm is down due to high I/O activity on gateway workers. To work around this issue, disable the gateway log file.
The scenario to be covered is platform high threads issue caused by too many log writes, it will not restart platform, it will cause the farm down as gateway will be hanging there due to pending threads.
This is a farm-level task.
## Required steps
1. Create a patch file named **gateway-disable-log-patch.yaml** with the following content.
```
spec:
template:
spec:
containers:
- name: gateway
env:
- name: GATEWAY_LOG_LEVEL
value: 'OFF'
command:
- sh
- -c
- |
cat /opt/apache-tomcat/conf/server.xml
sed -i "s/<Valve className=\"com.microfocus.maas.platform.runtime.CustomAccessLog\"/<\!-- <Valve className=\"com.microfocus.maas.platform.runtime.CustomAccessLog\"/" /opt/apache-tomcat/conf/server*.xml
sed -i "s/OUTGOING_ITEM_COUNT}r \"\/>/OUTGOING_ITEM_COUNT}r \"\/> -->/" /opt/apache-tomcat/conf/server*.xml
ls /opt/apache-tomcat/conf
cat /opt/apache-tomcat/conf/server.xml
/entrypoint.sh
```
2. Apply the patch file on the bastion.
```
kubectl patch deployment -n <itsma-namespace> itom-xruntime-gateway --patch-file gateway-disable-log-patch.yaml
```

52
knowledgebase/csd-wiki/ICSD/Disable-the-platform-access-logs-and-most-of-service-logs-on-EU8-for-farm-stabilization_686074621.md Normal file
View File

@@ -0,0 +1,52 @@
# Disable-the-platform-access-logs-and-most-of-service-logs-on-EU8-for-farm-stabilization_686074621
## Introduction
The farm is down due to high I/O activity. To work around this issue, disable the platform access and service logs on EU8.
The scenario to be addressed involves a platform high thread issue caused by excessive log writes. This situation will not trigger a platform restart but has the potential to bring down the entire farm as the platform becomes unresponsive due to an accumulation of pending threads.
This is a farm-level task.
It will keep the log level of the following packages as **INFO**:
**com.hp.maas.platform.services.workflow**
**com.hp.maas.platform.ems**
**com.hp.maas.platform.services.notification**
**com.hp.maas.platform.services.notificationhistory**
**com.hp.maas.platform.services.mail**
## Required steps
1. Create a patch file named **platform-patch.yaml** with the following content.
```
spec:
template:
spec:
containers:
- name: itom-xruntime-platform
startupProbe:
periodSeconds: 30
timeoutSeconds: 60
failureThreshold: 60
initialDelaySeconds: 120
exec:
command:
- sh
- -c
- |
sed -i "5s/value=\"INFO\"/value=\"OFF\"/" /opt/apache-tomcat/webapps/platform-webapp/WEB-INF/classes/logback.xml &&
sed -i "s/<Valve className=\"com.microfocus.maas.platform.runtime.CustomAccessLog\"/<\!-- <Valve className=\"com.microfocus.maas.platform.runtime.CustomAccessLog\"/" /opt/apache-tomcat/conf/server*.xml &&
sed -i "s/OUTGOING_ITEM_COUNT}r \"\/>/OUTGOING_ITEM_COUNT}r \"\/> -->/" /opt/apache-tomcat/conf/server*.xml &&
sed -i "s/<logger level=\"\${logger.defaultThreshold}\" name=\"com.hp.maas.platform.services.workflow\">/<logger level=\"INFO\" name=\"com.hp.maas.platform.services.workflow\">/g" /opt/apache-tomcat/webapps/platform-webapp/WEB-INF/classes/sync/log-platform-base.xml &&
sed -i "s/<logger level=\"\${logger.defaultThreshold}\" name=\"com.hp.maas.platform.ems\">/<logger level=\"INFO\" name=\"com.hp.maas.platform.ems\">/g" /opt/apache-tomcat/webapps/platform-webapp/WEB-INF/classes/sync/log-platform-base.xml &&
sed -i "s/<logger level=\"\${logger.defaultThreshold}\" name=\"com.hp.maas.platform.services.notification\">/<logger level=\"INFO\" name=\"com.hp.maas.platform.services.notification\">/g" /opt/apache-tomcat/webapps/platform-webapp/WEB-INF/classes/sync/log-platform-base.xml &&
sed -i "s/<logger level=\"\${logger.defaultThreshold}\" name=\"com.hp.maas.platform.services.notificationhistory\">/<logger level=\"INFO\" name=\"com.hp.maas.platform.services.notificationhistory\">/g" /opt/apache-tomcat/webapps/platform-webapp/WEB-INF/classes/sync/log-platform-base.xml &&
sed -i "s/<logger level=\"\${logger.defaultThreshold}\" name=\"com.hp.maas.platform.services.mail\">/<logger level=\"INFO\" name=\"com.hp.maas.platform.services.mail\">/g" /opt/apache-tomcat/webapps/platform-webapp/WEB-INF/classes/sync/log-platform-base.xml
```
2. Apply the patch file on the control plane node.
`kubectl patch deploy itom-xruntime-platform -n <namespace> --patch-file platform-patch.yaml`
3. (Optional) If you want to disable the logging file of the **platform-offline** pod, run this command:
`kubectl patch deploy itom-xruntime-platform-offline -n <namespace> --patch-file platform-patch.yaml`

27
knowledgebase/csd-wiki/ICSD/Disabling-new-rich-text-editor-if-it-is-already-enabled_708226541.md Normal file
View File

@@ -0,0 +1,27 @@
# Disabling-new-rich-text-editor-if-it-is-already-enabled_708226541
**Introduction**
This topic describes how to disable new rich text editor if it is already enabled. This is applicable to 25.2 release.
**Steps to be followed**
1. Log in as a tenant admin, and in the same browser of the tenant, open a new tab and navigate to the rest client: https://{smax\_fqdn}/sap/rest-client?TENANTID={tenant\_id}
2. Set PUT mode for the rest call and enter common-settings/setting/ENABLE\_FROALA as the endpoint and use this as the payload to disable it: {"value":"false"}
![](attachments/708226541/708226528.png)
3\. Switch to GET mode for the same endpoint to verify the value set.
![](attachments/708226541/708226529.png)
**Note:**
- If there are few changes already done using the new rich text editor, then moving back to classic might lead to few formatting issues for pre-existing data.
- This workaround is applicable to Japanese customer and the issue will be fixed with [https://kmviewer.saas.microfocus.com/#/OCTCR19XW2503055](https://kmviewer.saas.microfocus.com/#/OCTCR19XW2503055) and [https://kmviewer.saas.microfocus.com/#/OCTCR19XW2501549](https://kmviewer.saas.microfocus.com/#/OCTCR19XW2501549).
## Attachments:
[image-2025-6-19\_11-40-26.png](attachments/708226541/708226531.png) (image/png)
[image-2025-6-19\_11-40-26-1.png](attachments/708226541/708226533.png) (image/png)
[image-2025-6-19\_11-40-26.png](attachments/708226541/708226528.png) (image/png)
[image-2025-6-19\_11-40-26-1.png](attachments/708226541/708226529.png) (image/png)

2
knowledgebase/csd-wiki/ICSD/Disaster-and-Recovery_686074258.md Normal file
View File

@@ -0,0 +1,2 @@
# Disaster-and-Recovery_686074258
Created by on Jan 21, 2025 EST

32
knowledgebase/csd-wiki/ICSD/EKS-upgrade-from-version-1.29-to-1.30_709421239.md Normal file
View File

@@ -0,0 +1,32 @@
# EKS-upgrade-from-version-1.29-to-1.30_709421239
1. Upgrade coredns,kube-proxy,aws-node add-ons before EKS upgrade.
[https://docs.aws.amazon.com/eks/latest/userguide/managing-coredns.html](https://docs.aws.amazon.com/eks/latest/userguide/managing-coredns.html "https://docs.aws.amazon.com/eks/latest/userguide/managing-coredns.html")
[https://docs.aws.amazon.com/eks/latest/userguide/managing-vpc-cni.html](https://docs.aws.amazon.com/eks/latest/userguide/managing-vpc-cni.html "https://docs.aws.amazon.com/eks/latest/userguide/managing-vpc-cni.html")
[https://docs.aws.amazon.com/eks/latest/userguide/managing-kube-proxy.html](https://docs.aws.amazon.com/eks/latest/userguide/managing-kube-proxy.html "https://docs.aws.amazon.com/eks/latest/userguide/managing-kube-proxy.html")
**If custom networking(non-routable CIDR) is enabled on this farm, please re-enable it after updating VPC CNI plugin.**
`kubectl set env daemonset aws-node -n kube-system AWS_VPC_K8S_CNI_CUSTOM_NETWORK_CFG=` `true`
2. Upgrade EKS Cluster from 1.30 to 1.31,you may refer to [How to upgrade EKS in SaaS](https://rndwiki.houston.softwaregrp.net/confluence/display/SMA/How+to+upgrade+EKS+in+SaaS)
3. Run attached script,it will automatically create New Worker nodes and add tags.
`nohup sh create-eks-worker.sh &`
4. Taint all the 1.30 worker nodes
`nodes=$(kubectl get nodes | grep -i v1.``30` `| awk ` `'{print $1}'``)`
`for` `node in $nodes`
`do`
`kubectl taint nodes ${node} podReScheduler=value:NoSchedule`
`done`
5. Upgrade ESM 25.2.2 for OMT,SMAX,CMS,OOMT and Audit.
6. Check if there is any pods still on 1.30 worker nodes,if so,manually restart it.
`nodes=$(kubectl get nodes | grep -i v1.``30` `| awk ` `'{print $1}'``)`
`for` `node in $nodes`
`do`
`kubectl get po -o wide -A | grep -i $node | grep -v ` `'aws-node-\|kube-proxy-\|ebs-csi-node\|twistlock-defender\|itom-prometheus-node-exporter-\|itom-throttling-controller\|Completed'` `| awk ` `'{print $1,$2}'`
`done`
Or you can use attached script to rolling restart the pods by namespace
`Usage: ./rollingMigratePodsByNamespace.sh namespace1 namespace2 . .`
`nohup sh rollingMigratePodsByNamespace.sh audit core kube-system &`
7. **Terminate old 1.29 worker nodes**
8. After all old worknodes not displayed in the output of: kubectl get no, install qualys agents on the new worknodes, you can achieve this by copying the attached shell script to bastion and run it with(except for us24-prod): sh install\_qualys\_agent.sh **<farmName>**
9. SSH to one of the new worknode, check the qualys is installed by typing: **service qualys-cloud-agent status**

148
knowledgebase/csd-wiki/ICSD/EKS-upgrade-from-version-1.30-to-1.31_706832607.md Normal file
View File

@@ -0,0 +1,148 @@
# EKS-upgrade-from-version-1.30-to-1.31_706832607
## Introduction
This page describes the steps for upgrading the EKS cluster of ESM in SaaS environment, from version 1.30 to 1.31.
Reference resources: [https://rndwiki.houston.softwaregrp.net/confluence/pages/viewpage.action?spaceKey=SMA&title=How%20to%20upgrade%20EKS%20in%20SaaS](https://rndwiki.houston.softwaregrp.net/confluence/pages/viewpage.action?spaceKey=SMA&title=How%20to%20upgrade%20EKS%20in%20SaaS)
The process has 3 main parts: 1. Upgrading the add-ons; 2. Upgrading the EKS cluster; 3. Upgrading the EKS worker node groups.
## 1\. Upgrading the add-ons
The add-ons **coredns**, **vpc-cni** and **kube-proxy** need to be upgraded before driving the EKS upgrade. Here are the referenced instructions:
[https://docs.aws.amazon.com/eks/latest/userguide/managing-coredns.html](https://docs.aws.amazon.com/eks/latest/userguide/managing-coredns.html "https://docs.aws.amazon.com/eks/latest/userguide/managing-coredns.html")
[https://docs.aws.amazon.com/eks/latest/userguide/managing-vpc-cni.html](https://docs.aws.amazon.com/eks/latest/userguide/managing-vpc-cni.html "https://docs.aws.amazon.com/eks/latest/userguide/managing-vpc-cni.html")
[https://docs.aws.amazon.com/eks/latest/userguide/managing-kube-proxy.html](https://docs.aws.amazon.com/eks/latest/userguide/managing-kube-proxy.html "https://docs.aws.amazon.com/eks/latest/userguide/managing-kube-proxy.html")
**1.1. Upgrading the *coredns* add-on**
Open the subsequent referenced Amazon page: [https://docs.aws.amazon.com/eks/latest/userguide/coredns-add-on-self-managed-update.html](https://docs.aws.amazon.com/eks/latest/userguide/coredns-add-on-self-managed-update.html).
1.1.1 **Confirm**, in the bastion's cli, that you have the self-managed type of the add-on installed on your cluster. Replace my-cluster with the name of your cluster.
aws eks describe-addon --cluster-name my-cluster --addon-name coredns --query addon.addonVersion --output text
e.g. aws eks describe-addon --cluster-name us2-dev-eks-cluster --addon-name coredns --query addon.addonVersion --output text
If an error message is returned, you have the self-managed type of the add-on installed on your cluster.
1.1.2. **Check** the version of the container image that is currently installed on the cluster.
kubectl describe deployment coredns -n kube-system | grep Image | cut -d ":" -f 3
1.1.3. **Check** the current CoreDNS image version:
kubectl describe deployment coredns -n kube-system | grep Image
1.1.4. Since the upgrade is made to CoreDNS v1.11.4-eksbuild.14, **add** the endpointslices permission to the system:coredns Kubernetes clusterrole.
kubectl edit clusterrole system:coredns -n kube-system
Add the following lines under the existing permissions lines in the rules section of the file.
\[...\]
\- apiGroups:
\- [discovery.k8s.io](http://discovery.k8s.io/)
resources:
\- endpointslices
verbs:
\- list
\- watch
\[...\]
1.1.5. **Update** the CoreDNS - replace just the region and the image version:
kubectl set image deployment.apps/coredns -n kube-system coredns= [602401143452.dkr.ecr.us-west-2.amazonaws.com/eks/coredns:v1.11.4-eksbuild.14](http://602401143452.dkr.ecr.us-west-2.amazonaws.com/eks/coredns:v1.11.4-eksbuild.14)
1.1.5. **Check** the pods in the kube-system namespace and the add-on version now installed:
kubectl get pods -n kube-system
kubectl describe deployment coredns -n kube-system | grep Image | cut -d ":" -f 3
**1.2. Upgrading the *vpc-cni* add-on**
Open the subsequent referenced Amazon page: [https://docs.aws.amazon.com/eks/latest/userguide/vpc-add-on-self-managed-update.html](https://docs.aws.amazon.com/eks/latest/userguide/vpc-add-on-self-managed-update.html)
1.2.1. **Confirm** that the Amazon EKS type of the add-on is not installed on the cluster. Replace my-cluster with the name of your cluster.
aws eks describe-addon --cluster-name my-cluster --addon-name vpc-cni --query addon.addonVersion --output text
If an error message is returned, the Amazon EKS type of the add-on is not installed on the cluster.
e.g. aws eks describe-addon --cluster-name us2-dev-eks-cluster --addon-name vpc-cni --query addon.addonVersion --output text
1.2.2. **Check** the version of the container image that is currently installed on the cluster.
kubectl describe daemonset aws-node --namespace kube-system | grep amazon-k8s-cni: | cut -d: -f 3
1.2.3. Navigate to /opt/25/2 and **backup** the current settings so to configure the same settings once the version is updated:
cd /opt/25.2/
kubectl get daemonset aws-node -n kube-system -o yaml > aws-k8s-cni-old.yaml
cat aws-k8s-cni-old.yaml
1.2.4. **Check** the latest available version table on the page: [https://docs.aws.amazon.com/eks/latest/userguide/managing-vpc-cni.html#vpc-cni-latest-available-version](https://docs.aws.amazon.com/eks/latest/userguide/managing-vpc-cni.html#vpc-cni-latest-available-version) => v1.19.5-eksbuild.3
1.2.5. Create a folder for the EKS upgrade and **download** the vpc-cni manifest file in it:
mkdir eks\_upgrade\_1.31
cd eks\_upgrade\_1.31/
curl -O [https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/v1.19.5/config/master/aws-k8s-cni.yaml](https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/v1.19.5/config/master/aws-k8s-cni.yaml)
1.2.6. **Apply** the modified manifest to the cluster:
kubectl apply -f aws-k8s-cni.yaml
1.2.7. **Check** the pods in the kube-system namespace and the add-on version now installed:
watch 'kubectl get pods -n kube-system '
kubectl describe daemonset aws-node --namespace kube-system | grep amazon-k8s-cni: | cut -d: -f 3
1.2.8. Since custom networking (non-routable CIDR) is enabled on this farm, **re-enable** it after updating VPC CNI plugin.
kubectl set env daemonset aws-node -n kube-system AWS\_VPC\_K8S\_CNI\_CUSTOM\_NETWORK\_CFG=true
and **check** again the pods:
watch 'kubectl get pods -n kube-system '
**1.3. Upgrading the *kube-proxy* add-on**
Open the following in the AWS content tree page: [https://docs.aws.amazon.com/eks/latest/userguide/kube-proxy-add-on-self-managed-update.html](https://docs.aws.amazon.com/eks/latest/userguide/kube-proxy-add-on-self-managed-update.html)
1.3.1. **Check** that the self-managed type of the add-on is installed on the cluster. Replace my-cluster with the name of your cluster.
aws eks describe-addon --cluster-name my-cluster --addon-name kube-proxy --query addon.addonVersion --output text
e.g. aws eks describe-addon --cluster-name us2-dev-eks-cluster --addon-name kube-proxy --query addon.addonVersion --output text
If an error message is returned, then the self-managed type of the add-on is installed on your cluster.
1.3.2. **Check** the version of the container image that is currently installed on the cluster.
kubectl describe daemonset kube-proxy -n kube-system | grep Image
1.3.3. **Update** the kube-proxy add-on using the minimal version:
kubectl set image daemonset.apps/kube-proxy -n kube-system kube-proxy= [602401143452.dkr.ecr.us-west-2.amazonaws.com/eks/kube-proxy:v1.31.9-minimal-eksbuild.2](http://602401143452.dkr.ecr.us-west-2.amazonaws.com/eks/kube-proxy:v1.31.9-minimal-eksbuild.2)
1.3.4. **Check** that the new version is now installed on the cluster.
watch 'kubectl get pods -n kube-system'
kubectl get pods -n kube-system | grep kube-proxy
kubectl describe daemonset kube-proxy -n kube-system | grep Image | cut -d ":" -f 3
## 2\. Upgrading the EKS cluster
Login AWS console, go to the EKS service, click "Update now" and choose the targeted version, 1.31 in this case. Click "Update" and wait until the upgrade is completed, 15~45 minutes.
![](attachments/706832607/706832864.png)
![](attachments/706832607/706832865.png)
Once the EKS cluster is upgraded to the new version, upgrade the worker nodes to the new version accordingly.
## 3\. Upgrading the EKS worker node groups
Open the subsequent referenced Amazon page: [https://docs.aws.amazon.com/eks/latest/userguide/update-workers.html](https://docs.aws.amazon.com/eks/latest/userguide/update-workers.html)
3.1. **Create** a dedicated location on the Linux bastion for the EKS node groups upgrade
3.2. **Download** the scripts from this location: [https://rndwiki.houston.softwaregrp.net/confluence/pages/viewpageattachments.action?pageId=1309586390&metadataLink=true](https://rndwiki.houston.softwaregrp.net/confluence/pages/viewpageattachments.action?pageId=1309586390&metadataLink=true)
3.3. If the preparation of the new node groups is being done in a different day than the one when the node groups are being actually upgraded, make sure that new node groups are created with 0 desired size, by **commenting** the last line in the script:
\# aws eks update-nodegroup-config --cluster-name $eks\_name --nodegroup-name $old\_nodegroup\_name-workernodes-1-$eks\_version --scaling-config minSize=$min\_size,maxSize=$max\_size,desiredSize=$desired\_size 2>&1 >/dev/null
3.4. **Run** the creation node group creation script [create-eks-worker.sh](attachments/706832607/709421232.sh):
sh./create-eks-worker.sh
If the script is not formatted properly, use the below command to **format** it correctly and re-run the script:
dos2unix create-eks-worker.sh
3.5. If not all the labels are created on each node group, use the script [tag\_ASG.sh](attachments/706832607/709421233.sh) here to **tag** them:
sh./tag\_ASG.sh
3.6. If one node is overloaded with pods, **evaluate** the pods on a certain node:
kubectl taint nodes ${currentNodeName} podReScheduler=value:NoExecute
3.7. **Scale** up the new node group to the desired size
AWS UI > EKS > <the cluster name> > Compute > <each worker node group> > Edit >
3.8. **Taint** the old worker nodes by running the in-line script lines:
nodes=$(kubectl get nodes | grep -i v1.30 | awk '{print $1}')
for node in $nodes
do
kubectl taint nodes ${node} podReScheduler=value:NoSchedule
done
3.9. **Check** if there are any pods still on the previous version, e.g. 1.30, worker nodes, by running these in-line script lines:
nodes=$(kubectl get nodes | grep -i v1.30 | awk '{print $1}')
for node in $nodes
do
kubectl get po -o wide -A | grep -i $node | grep -v 'aws-node-\\|kube-proxy-\\|ebs-csi-node\\|twistlock-defender\\|itom-prometheus-node-exporter-\\|itom-throttling-controller\\|Completed' | awk '{print $1,$2}'
done
3.10. If there are pods running on 1.30, only on small namespaces like: audit, core, kube-system, cert-manager, velero, manually **restart** them with the script [rollingMigratePodsByNamespace.sh](attachments/706832607/709421199.sh):
./rollingMigratePodsByNamespace.sh <namespace1> <namespace2>..
nohup sh rollingMigratePodsByNamespace.sh audit core kube-system &
e.g.
./rollingMigratePodsByNamespace.sh cert-manager kube-system monitoring velero
**Note:** It is not safe to run the script on big namespaces like itsma, core or monitoring.
3.11. Manually **restart** the pods on the itsma, core, monitoring namespaces:
kubectl delete pod itom-toolkit-6c5f5745b-cfzqx -n itsma-ohs8f
kubectl delete pod filebeat-drxl5 -n logging
kubectl delete pod suite-conf-pod-itsma-6854dd8f74-5c9dm -n core
3.12. **Check** again as on step #3.9 above.
3.13. Terminate and **delete** old version, e.g. 1.30, worker nodes.
AWS UI > EKS > <the cluster name> > Compute > <old node groups> > Delete.
3.14. Once all the old worknodes are terminated, **install** the Qualys agents on the new worknodes, except for US24-PROD, by using the install\_qualys\_agent.sh script install\_qualys\_agent.sh:
sh install\_qualys\_agent.sh <farmName>
e.g. sh install\_qualys\_agent.sh us6-prod
3.15. **SSH** to one of the new worknode, check that Qualys is installed by typing: service qualys-cloud-agent status
ssh -i worknodes.pem [ec2-user@ip-10-210-96-76.us-west-2.compute.intern](mailto:ec2-user@ip-10-210-96-76.us-west-2.compute.intern) al
service qualys-cloud-agent status
exit

9
knowledgebase/csd-wiki/ICSD/ESM-25.1-Issue-List_689011325.md Normal file
View File

@@ -0,0 +1,9 @@
# ESM-25.1-Issue-List_689011325
## Hot Issues
| No. | Product | Priority | Issue Title | PCS Reference | Customer Encountered (Y/N) | Customer Name | Regression (Y/N) | Defect | CPE Owner | Cloud Ops Owner | R&D Owner | Status/Comments |
| --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- |
| 1. | SMAX | | Unable to access Agent UI - Context Filtering Error | Request 1454802, 1457845, 1452840, 1455119 Incident 1454828 | Y | US Steel (US6) Centra Health (US6) Seguros (US6) Envirosuite (AP10) | Y | OCTCR19XW2460218 | [Wenying Zhu](https://confluence.opentext.com/display/~wzhu3) | [Sunny Xia](https://confluence.opentext.com/display/~sxia2) | [Xiaoning Li](https://confluence.opentext.com/display/~xli7) | - SAML users with Upn/login name capitalization differing in the Person record vs BO/IDM cannot access agent UI - Regression introduced by the Pendo support feature - Feb 10: Hotfix deployed on EU3/US7/US2/US6/AP10/US24/CA16/US26 |
| 2. | SMAX | HIGH | Unable to create new contacts | Request 1454868, 1461969 Incident 1455854 | Y | Catholic Education Parramatta (AP10) Estafeta (US6) | Y | OCTCR19XW2462519 | [Pooja B](https://confluence.opentext.com/display/~poojab) | | @Quanguo Yang | - When trying to create a contact record from Person grid, nothing happens - Feb 11: Workaround provided: explicitly assign (Role-View, Authorization Principal Resource-Create) to user |
| 3 | SMAX | HIGH | The Date/time of response submission format of the survey report is wrong | Request 1478318, Incident 1478567 | Y | Terpel (US6) | Y | | [Laurent Juvigny](https://confluence.opentext.com/display/~ljuvigny) | | | - When exporting the survey data, the date format contains "Uhr UTC" - Feb 17: reproduced on upgraded farms. |
| 4 | SMAX | HIGH | Endless loop detection of integration studio has some issues and does not work | | ?? | | Y | OCTCR19XW2465259 | [Ming-Yan Li](https://confluence.opentext.com/display/~mli3) | | @Ding-Jun Chen | - Can have a significant impact on farm resource utilization, if scenarios don't have the relevant safety checks in place - Feb 20: Preparing hotfix to deploy with 25.1.1 farm upgrade on Dec 23 + another hotfix on 25.1.0 for already upgraded farms. |

19
knowledgebase/csd-wiki/ICSD/ESM-25.2-Issue-List_696536531.md Normal file
View File

@@ -0,0 +1,19 @@
# ESM-25.2-Issue-List_696536531
## 1.1. Hot Issues
| No. | Product | Priority | Issue Title | PCS Reference | Customer Encountered (Y/N) | Customer Name | Regression (Y/N) | Defect | CPE Owner | Cloud Ops Owner | R&D Owner | Status/Comments |
| --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- |
| 1. | SMAX | MEDIUM | Multiple occurrences of "internal key" display rather than multi-lingual label | Request 1601106 Incident 1601397 | Y | Achmea (EU3) PCS (US2) | Y (if previously reported issue was supposed to be fixed) | OCTCR19XW2495434 | Steve Hirschfeld | | Ramesh Mandala | - Not a new behavior, observed in previous releases but was supposed to be fixed (OCTCR19M2135574) with logic to invalidate the cache during an upgrade. - Observed on lists (Achmea), Request "Accept" phase (PCS), new CSM-related fields in Request (PCS) - Workaround: use incognito, will eventually disappear on its own after a few days. Supposed to also work if clear cache - User impact, individual users may not know how to address it and can trigger increase ticket load on the customer admin team. |
| 2. | UCMDB | HIGH | Not able to "Edit" integrations in Integration Studio | Request 1641808 Incident OCTIM19XW2496420 | Y | OT Corp IT (US24) Salesforce (US26) | Y | OCTCR19XW2495657 | Brad Baughman | | Bianca Voina | - 12MAY25 - UPDATE - Defect found with new 25.2 adapters not handling filters used by API calls resulting in 500 ERROR. - Edit & Create actions not working in UCMDB UI Integration Studio after upgrading Probes and deploying CP 25.2. - NOTE Edit & Create worked after UCMDB upgrade to 25.2 but stopped after Probe and CP upgrades to 25.2 - Fix released in 25.2.1 |
| 3 | SMAX | HIGH | Not able to save a new field when given a "reference to" | Request 1668974 Incident 1671526 | Y | OpenText IT (US24) | Y | OCTCR19XW2495601 | Mei Chen | | Vijay Kumar | - Regression, we added a validation to the workflow by mistake, which caused the problem: if a hidden field is referenced in the workflow, then the configuration can't be saved until we remove the related rules or uncheck the hidden attributes. - Fixed in 25.2.2 |
| 4 | SMAX | HIGH | Microsoft365EmailIntegration - Endpoint Token Expiry Issue after product release 25.2 | Request 1647123 Incident 1651831 | Y | OpenText IT (US24) | ?? | OCTCR19XW2499311 | Carl Vankoughnett | | Shirisha Kandhagatla | - Newly added integration endpoints have token expiring after several hours - Fix planned for 25.3 |
| 5 | SMAX | HIGH | Unable to retrieve Survey Result Analytic table from Odata connection in PowerBI When trying to retrieve survey results in Survey, getting an error message | Request 1704060 Request 1704073 Request 1735086 Incident 1703985 | Y | Centra Health (US6) US Steel (US6) World Vision (AP10) | Y | OCTCR19XW2501653 | Carl Vankoughnett | | | - Confirmed regression - Hotfix request submitted - Applies to existing tenants, new field added in 25.2 for reporting SLA info but no upgrader added to support the modification for existing tenants |
| 6 | SMAX | MEDIUM | Japanese double-byte characters entered in the Description field cannot be saved when new rich text editor is enabled | [1710300 \| Request](https://us2-smax.saas.microfocus.com/saw/Request/1710300/general?TENANTID=488503157) | N | US7 Pre Sales | Y | OCTCR19XW2501549 | Ming-Yan Li | | Chhaya Singh | - Issue can only be reproduced when new rich-text editor is enabled in application settings - workaround is provided: To work around the isuse, you can add one new line in the end of rich text field such as Description field by clicking Enter in keyboard. |
| 7 | SMAX | | Portal users are unable to view details of requests via my requests and via approval screens | Request 1872021 Incident 1876677 | Y | Linde (EU18) | Y | OCTCR19XW2518492 | Alin Zirbo | | Ram Kiran Koka <rkoka@ [opentext.com](http://opentext.com/) > | - Caused by the number of ENTITY\_LINK fields on Request, due to the addition of CSM -related fields combined with customer using all custom fields - Reaches a PG limit on number of column in a query (32767) - Fixed in 25.2.2 HF4 and HF6 |
| 8 | SMAX | HIGH | SMAX offerings with audiences cannot be displayed/opened | Request 66328 (EU) Request 1883116 | Y | Evonik (EU28) TJSP (BR14) | Y | OCTCR19XW2520674 | Alin Zirbo | | Gowtham S <gowthams2@ [opentext.com](http://opentext.com/) > | - The upgrader updating the EntitlementRuleDefinition table in 25.2 handles up to 250 records only - Workaround at DB level - Fixed in 25.2.2 HF7 |
| 9 | SMAX | HIGH | Strange behaviors with Integration Studio scenarios | Request 1882933 Request 1856402 Request 1894100 Request 1891258 | Y | Migros (EU8) BV (EU8) TJSP (BR14) OT IT (US24) | Y | OCTCR19XW2519775 | Carl Vankoughnett Waleed Mohamed | | Mohit Joshi <mjoshi3@ [opentext.com](http://opentext.com/) > | - Caused by caching of the integration user used across various Integration Studio scenarios |
| 10 | SMAX | MEDIUM | Unable to use the "Export to PDF" function | Request 1883526 | Y | Linde (EU18) | Y | OCTCR19XW2519775 | Brindusa | | Gowtham S <gowthams2@ [opentext.com](http://opentext.com/) > | - Caused by the number of ENTITY\_LINK fields on Request, due to the addition of CSM -related fields combined with customer using all custom fields - Reaches a PG limit on number of column in a query (32767) - Fixed in 25.2.2 HF7 |
| 11 | SMAX | HIGH | Unable to navigate to the next page in the Package module | Request1882270 Request 1882265 | Y | | Y | OCTCR19XW2518615 | Sabithra | | Chhaya Singh | - Regression - If all the modules are selected, the 'Next' button is hidden. However, it may become visible when you zoom out the page - Fixed in 25.4 |
| 12. | SMAX | HIGH | 'Suggested Solutions' and 'Possibly Related Requests' Buttons Overlapping with 'Solution' Field on Incident Record | Request 1913843 | Y | | Y | OCTCR19XW2522185 | Sabithra | | Chhaya Singh | - Regression - Caused by new rich text editor - When we press the "Suggested solutions " button on an incident record, it overlap with the "Solution" field, making them unusable. Also, We can't select the "X" button on the right, so we can't go back. |
| 13. | SMAX | MEDIUM | Switching the menu clears changes in previous menu | Request 1892798 | Y | | Y | OCTCR19XW2518919 | Sabithra | | Chhaya singh | - Regression - when in a request we make changes for example under the "general" tab,switch to the involved ci's and add one,then save. The changes made under general do not get saved. - Fixed in 25.4 |
| 14. | SMAX | MEDIUM | Self service portal users get an error message when they press the buttons 'Join Discussion' and 'View request' in the email notification | Request 1919136 Request 1913762 Incident 1917928 | Y | | Y | OCTCR19XW2526048 | Sabithra | | Chhaya singh | - Regression - Self service portal users get an error message when they press the buttons 'Join Discussion' and 'View request' in the email notification - It is working as expected in version 25.1. - Fixed in 25.4 |

61
knowledgebase/csd-wiki/ICSD/ESM-Cloud-Customer-Exit-Process_686070016.md Normal file
View File

@@ -0,0 +1,61 @@
# ESM-Cloud-Customer-Exit-Process_686070016
## Introduction
When a SaaS customer decides to leave, it's crucial to handle the transition smoothly and professionally to ensure a positive experience, which can impact future business opportunities and the companys reputation. This document describes the main processes and actions regarding customer exits.
## Service Description about Service Decomission
Service Decommissioning
Upon expiration or termination of the SaaS Order Term, Micro Focus may disable all Customer access to
SaaS, and Customer shall promptly return to Micro Focus (or at Micro Focuss request destroy) any
Micro Focus materials.
Micro Focus will make available to Customer any SaaS Data in Micro Focus possession in the format
generally provided by Micro Focus. The target timeframe is set forth below in Termination Data
Retrieval Period SLO. After such time, Micro Focus shall have no obligation to maintain or provide any
such data, which will be deleted in the ordinary course.
### Communication and Coordination
- **Notify Relevant Teams**: Inform all relevant internal teams (support, billing, account management, cloud service etc.) about the customer's decision.
- **Designate a Point of Contact**: Assign a single point of contact to manage the transition and ensure all queries are addressed promptly. Usually it's the CSM.
### Data Management
- **Data Backup and Export**: Ensure the customer can export their data easily. Provide assistance if necessary.
- **Data Deletion**: Plan for secure deletion of the customers data from your servers after a certain period, in compliance with data protection regulations and your data retention policy.
- **Data Access Period**: Provide a clear timeline for how long their data will remain accessible after service termination.
### Security and Compliance
- **Revoke Access**: Ensure all user accounts associated with the customer are disabled and access to the system is revoked.
- **Compliance Check**: Ensure that the termination process complies with all relevant legal and regulatory requirements, such as GDPR or CCPA.
## Detailed Steps for customer exit
### Customer to submit service request to trigger customer exit project
The customer needs to submit a service request in PCS to start the customer exit process. All related communication will be still handled in PCS until all the tasks are done and close the user account in PCS.
- In the request, the customer needs to clarify the following specific needs:
Whether they wish to export existing ESM/SMAX transaction data?
What's the expected date customer want all tenant data to be emptied out completely?
What's the exact date Opentext to commit all relevant date (including backup data) will be cleaned out completely?
What's the exact data to close PCS support channel?
### Assist with data export
- Whats the suggestion to customer to export data?
- SMAX
- SMAX Offer customer to use OData export to export data
- Cloud Ops team can help to use existing OOTB OData export script to export SMAX transaction data per tenant
- CMS/HCMX/OO
- Not support by now
- PCS data
- No Support by now
### Plan data deletion
- Notification to customer to notify when we will terminate the tenant and delete all data
- Cloud Ops will handle such notification from PCS.
- Scope of data deletion
- Data retention- farm level data retention is only 7 days. After 7 days customer data will permanently removed from Cloud environment

255
knowledgebase/csd-wiki/ICSD/ESM-Cloud-Disaster-and-Recovery-Guide_686087723.md Normal file
View File

@@ -0,0 +1,255 @@
# ESM-Cloud-Disaster-and-Recovery-Guide_686087723
## Introduction
The guide based on the latest ESM disaster and recovery solution, backing up data from source farm and restoring it to a new target farm
Which means you will discard current farm and restore on it on the new farm(cross AWS account, cross region).
## Backup all the data from the source farm
- Backup Data
- Backup efs server for cms, smax, oomt, prometheus
- Backup RDS server for cms, smax, oomt, audit service
- Backup vertica db if CGRO is enabled in the source farm(optional)
- Backup all the k8s configuration files using velero
- Backup all cert files in **target** farm(smax, cdf, cms, oomt, audit) - /mnt/efs/var/vols/itom/itsma/global-volume/certificate/
- Transfer Data
- Transfer all the snapshots to target farm(maybe takes time, depends on the size of data)
- Push all images
- Push all images to target farm
- To make sure data is consistent, the creation time for all the backups should not be too far way, better to sit within 2 hours.
- Tips
- Using backup vault to transer efs backups.
- Copy and share rds snapshots with **customer key**
- Refer to the link: How to share an RDS snapshot
## Prepare new EKS cluster in the new target farm
- Shutdown the farm that is running in target farm(optional, if available ip is enough you can skip it)
- Build new vpc & subnet from CloudFormation(Make sure you are **not** using **saml** login into AWS console, instead you should login with your or service account) - in this case, we don't do this but just reuse the existing resources
- Build new EKS cluster from CloudFormation(**add or update tag for 3 private subnets**: [kubernetes.io/cluster/ *<cluster-name>* =shared](http://kubernetes.io/cluster/); [kubernetes.io/role/internal-elb=1](http://kubernetes.io/role/internal-elb=1))
- Build new EKS worker nodes: smax, cms, oomt, prometheus(NodeInstanceRole: value from Outputs tab when you create EKS cluster)
- Check the node groups are exactly the same as source farm(instance type, instance number, kubernetes labels)
- Build new EKS bastion(kubectl get nodes returns the correct output)
- Security group inbound rule check(Add sg of bastion server to EKS control panel SG inbound rule; Add EKS control panel SG to new EFS SG inbound rule)
Refer to the link: [https://docs.microfocus.com/doc/SMAX/23.4/TasksOnAWS](https://docs.microfocus.com/doc/SMAX/23.4/TasksOnAWS)
## Setting up velero
- Download velero binary and copy into $PATH(wget [https://github.com/vmware-tanzu/velero/releases/download/v1.4.2/velero-v1.4.2-linux-amd64.tar.gz](https://github.com/vmware-tanzu/velero/releases/download/v1.4.2/velero-v1.4.2-linux-amd64.tar.gz) && tar -zxvf velero-v1.4.2-linux-amd64.tar.gz && cd velero-\* && chmod a+x velero && mv velero /usr/local/bin/)
- Create bucket in S3 for velero
- Setup velero deployment(velero install --provider aws --plugins velero/velero-plugin-for-aws:v1.1.0 --bucket $BUCKET --backup-location-config region=$REGION --snapshot-location-config region=$REGION --secret-file./credentials-velero
- Check velero functions by running: velero backup create test1
Refer to the link to install velero: [https://github.com/vmware-tanzu/velero-plugin-for-aws](https://github.com/vmware-tanzu/velero-plugin-for-aws)
You can also refer to the link to config velero backups automatically: [https://github.houston.softwaregrp.net/smax-saas-ops/saas-devops-tools/blob/master/velero\_backup.sh](https://github.houston.softwaregrp.net/smax-saas-ops/saas-devops-tools/blob/master/velero_backup.sh)
Velero should be installed on both source farm and target farm, in saas farm we have setup one user for DR in each farm, please install velero using that account
## Restore infra in target farm
- Restore new smax rds server from snapshot - pay attention to the RDS type, storage type & size
- Restore new cms rds server from snapshot
- Restore new oomt rds server from snapshot(if has)
- Restore new audit rds server from snapshot(if has)
- Restore vetical db for CGRO(optional, if CGRO is enabled in the farm)
- Restore new smax efs server from snapshot(you should **Add mount target** after restore so that IPs will be assigned, same for cms & prometheus efs servers) - T **ime consume task**
- Restore new cms efs server from snapshot
- Restore new oomt efs server from snapshot
- Restore new prometheus efs server from snapshot(optional, if you care about promehteus data)
To save time, these tasks in the section can be done **parallely**
## Update K8S resources
- Download current CDF installtion bundel in new bastion and run:./install --capabilities Tools=true,Monitoring=false,LogCollection=false,DeploymentManagement=false,ClusterManagement=false
- Download velero backups and shell script, which is used to batch update the parameters in K8S resources(put shell script under the directory of **backups** so that we have **9** files in total)
- Replace all images from velero backups, e.g.: sh replaceVeleroConf.sh " [*551360491748*.dkr.ecr.*us-west-2*.amazonaws.com](http://551360491748.dkr.ecr.us-west-2.amazonaws.com/) \\/ *hpeswitom* " " [*551360491750*.dkr.ecr.*us-west-1*.amazonaws.com](http://551360491750.dkr.ecr.us-west-2.amazonaws.com/) \\/ *hpeswitomsandbox* " false
- Replace aws account(if changed): sh replaceVeleroConf.sh *source\_aws\_account* *target\_aws\_account* false
- Replace region(if changed): sh replaceVeleroConf.sh *us-west-2* *us-west-1* false
- Replace org name(if changed): sh replaceVeleroConf.sh "\\" *hpeswitom* \\"" "\\" *hpeswitomsandbox* \\"" false
- Replace fqdn(if changed): sh replaceVeleroConf.sh " *[us2-smax.saas.microfocus.com](http://us2-smax.saas.microfocus.com/)* " " *[us2-smax-testing.saas.microfocus.com](http://us2-smax-testing.saas.microfocus.com/)* " false - use change fqdn script is another appraoch. take care of the certificate and saml
- Replace efs server from velero backups(if you are restoring on the same farm and restoring to the same efs, you can skip this step since efs server endpoints never changed)
```
sh replaceVeleroConf.sh source_smax_efs target_smax_efs false
sh replaceVeleroConf.sh source_cms_efs target_cms_efs false
sh replaceVeleroConf.sh source_oomt_efs target_oomt_efs false
sh replaceVeleroConf.sh source_prometheus_efs target_prometheus_efs false
```
- Replace vertica server from velero backups(optional) - sh replaceVeleroConf.sh *source\_vertica\_ip* *target\_vertica\_ip* false (if you are restoring on the same farm, you can skip this step if vertica ip not changed)
- Replace rds server from velero backups(if you are restoring on the same farm, you can skip this step if rds endpoints not changed)
```
sh replaceVeleroConf.sh source_smax_rds target_smax_rds false
sh replaceVeleroConf.sh source_cms_rds target_cms_rds false
sh replaceVeleroConf.sh source_oomt_rds target_oomt_rds false
sh replaceVeleroConf.sh source_audit_rds target_audit_rds true
```
- Upload the updated backup files to target S3 bucket(rm -rf replaceVeleroConf.sh && cd.. && aws s3 cp --recursive *backup\_Name* / s3://target\_bucket/backups/backup\_Name/)
- Check you have get the correct backups(velero backup get - should return the backup from source farm now)
## Perform restore in target farm
- Disable smtp in target farm(optional) - doing this by adding outbound rule for Network ACLs(id:99 Port 25, Deny all)
- Mount new efs server for smax, cms, oomt, prometheus in new bastion(mount -t nfs4 -o nfsvers=4.1,rsize=1048576,wsize=1048576,hard,timeo=600,retrans=2 *<SMAX EFS endpoint>:/* */mnt/efs*) - You can skip this step if efs endpoints not changed
- Also add efs in /etc/fstab, otherwise mount point lost after a VM restart - You can skip this step if efs endpoints not changed
- Delete pv in case pv is already created
- Delete ns of itsma- *xxxxx*, cms, core, oomt, audit, prometheus if the namespaces is still there
- Perform full restore: velero restore create --from-backup <backup.all.example1> --wait
- Only restore one namespace(optional): velero restore create --from-backup <backup.all.example1> --wait --include-namespaces= *cms*
- Update credentials of itom-vault container in case the pod can not up
PASSPHRASE=$(kubectl get secret vault-passphrase -n core -o json 2>/dev/null | jq -r '.data.passphrase')
VAULT\_CREDENTIAL\_SECRET=$(kubectl get secret vault-credential -n core -o json 2>/dev/null )
ENCRYPTED\_ROOT\_TOKEN=$(echo ${VAULT\_CREDENTIAL\_SECRET} | jq -r '.data."root.token"')
VAULT\_TOKEN=$(echo ${ENCRYPTED\_ROOT\_TOKEN} | openssl aes-256-cbc -md sha256 -a -d -pass pass:"${PASSPHRASE}")
echo ${VAULT\_TOKEN}
kubectl exec -it $(kubectl get pod -ncore -ocustom-columns=NAME:.[metadata.name](http://metadata.name/) |grep itom-vault| head -1) -ncore -- bash
export VAULT\_ADDR= [https://itom-vault.core:8200](https://itom-vault.core:8200/)
export VAULT\_TOKEN=<VAULT\_TOKEN>
vault write -tls-skip-verify auth/kubernetes/config kubernetes\_host=" [https://kubernetes.default](https://kubernetes.default/) " kubernetes\_ca\_cert=@/var/run/secrets/ [kubernetes.io/serviceaccount/ca.crt](http://kubernetes.io/serviceaccount/ca.crt)
- Helm upgrade apphub for cdf - All helm releases should update, this includes core, cms and maybe oomt in the future
/root/cdf/bin/helm get values apphub -n core > apphub.yaml
update apphub.yaml with new values(dburl, host,registry,orgName,externalAccessHost)
/root/cdf/bin/helm upgrade apphub /root/cdf/charts/apphub-1.20.0+20211100.219.tgz -f apphub.yaml -n core
- Helm upgrade cms releases - update smax.crt,database.host,smax.host,orgName,registry,externalAccessHost,idmAuthUrl,idmServiceUrl(pay attention to host and idmServiceUrl, we have different values between saas farms)
- Helm upgrade apphub for prometheus - update orgName,registry,externalAccessHost
- Helm upgrade oomt releases(optional, if you have enabled oomt)
- Helm upgrade audit service releases(optional, if you have enabled audit service)
- Wait until all the pods are up(kubectl get pod --all-namespaces|grep -vE '1/1|2/2|3/3|4/4|Completed')
- There is a known issue if smax transformed to helm, you will have to do the **helm upgrade** for itsma since most DND pods are waiting for the jobs
- Sometimes dnd-upgrade-jobs failed, just deleted the pods and related pods that are in Init states
## Certificates
- Update SMAX cert by:./replaceExternalAccessHost.sh -c *<certificate\_path>* -k *<key\_path>* -t *<cacert\_path>* -n *<new FQDN>*
- Update CMS and SAM cert by:
Get current cms cert from **source** farm:
```
helm ls -n cms && helm get values cms-release -n cms > /tmp/cms.yaml
```
Put cms cert files under the directory of: /mnt/efs/var/vols/itom/itsma/global-volume/certificate/source/, the cert files will be imported automatically(make sure 1999:1999 is set)
Restart platfrom and platform-offline pods
- You can also update cert files for DND and OO: [https://docs.microfocus.com/doc/SMAX/23.4/SMAXChangeFQDN](https://docs.microfocus.com/doc/SMAX/23.4/SMAXChangeFQDN)
- Update cert files for OOMT if OOMT is enabled
- Update cert files for Audit service if audit is enabled
## Application load balancer
- Configure Load balancer for smax - refer to: [https://docs.microfocus.com/doc/SMAX/23.4/EKSDeploySuite](https://docs.microfocus.com/doc/SMAX/23.4/EKSDeploySuite)
- Configure Load balancer for management portal: 5443
- Configure Load balancer for prometheus(optional)
- Rebuild ALB controller in kube-system(delete the deployment of aws-load-balancer-controller, under the namespace of kube-system, and recreate it, pay attention to the values of cluster-name, region)
- Delete and rebuild 3 ingress for cms - Please be noted that ALB name will be changed
- Delete and rebuild 3 ingress for oomt(optional)
- Delete and rebuild 3 ingress for audit(optional)
- Bind DNS records in Route53 for smax, cms, oomt and audit service
You can config ALB controller following the guide: [https://docs.aws.amazon.com/eks/latest/userguide/aws-load-balancer-controller.html](https://docs.aws.amazon.com/eks/latest/userguide/aws-load-balancer-controller.html)
Also note that all nodePort will be changed, register ALB with new nodePort, so that we will have healthy status
And the ALB for cms also changed(append random string to DNS name, so you have to update route53 with correct values)
## Manual updates after restore
- Sensitive data update, depends on your business(update smtp server, update integration password, delete some customer tenants, update bo password for some tenant)
- Update CMS integration url in BO page(Select tenant → Application settings → Configuration Management settings, update CMS gateway service)
- Update SAM integration url in BO page(Select tenant → Capability settings → Software Asset Management, update CMS gateway url)
- Update DND integration url in Agent portal(Open tenant agent page → Administration → Providers → Aggregation providers)
- Update csa\_access\_point in DB(e.g. update dnd\_ *339803511*.csa\_access\_point set uri=' *[https://us2-smax-testing.saas.microfocus.com/339803511/oo](https://us2-smax-testing.saas.microfocus.com/339803511/oo)* ' where uuid=' *8a50b56d7406291f01740629c9f9013a* ';)
- Update OOMT Integration URL in BO page(Select tenant → Capability settings, update OO integration URL and OO login URL)
- Update OPB agent and endpoints in Agent portal
- Update topology in OO Deployment Operations(ras server has to be reconfigured)
- Update settings in prometheus and granfa - Optional
Update cm of itom-granfa(append below values to data.grafana.ini.root\_url)
root\_url = [https://us2-smax-testing.saas.microfocus.com/grafana](https://us2-smax-testing.saas.microfocus.com:9000/grafana)
\[smtp\]
enabled = true
host = *[email-smtp.us-west-2.amazonaws.com](http://email-smtp.us-west-2.amazonaws.com/)*:25
user = *aws\_access\_key\_id*
password = *aws\_secret\_access\_key*
skip\_verify = true
from\_address = *[sma\_noreply@microfocus.com](mailto:sma_noreply@microfocus.com)*
from\_name = *US2Dev\_Grafana*
\[rendering\]
server\_url = [http://bitnami-grafana-image-renderer:8080/render](http://bitnami-grafana-image-renderer:8080/render)
callback\_url = [https://itom-grafana:80/](https://itom-grafana:80/)
**Restart pod of** **itom-grafana-xxxxx**
Open granfa and update the user of datasource, make sure you are using correct key in the right farm
- Update yamls\_outputs in SMAX efs server(better to change all yaml files to readonly)
- Please note we have different **cms integration url for different farm**: e.g. [https://int.cms.fqdn:445/cms-gateway](https://int.cms.fqdn:445/cms-gateway) in us2-dev and [https://int.fqdn:445/cms-gateway](https://int.fqdn:445/cms-gateway) in us2-prod
We have updated yamls for currently deployments, but values are still not changed in /mnt/efs/var/vols/itom/itsma/global-volume/yamls\_output/, so if we execute the command:
```
kubectl delete -f xxxx.deployment.yaml & kubectl create -f xxxx.deployment.yaml
```
, pods can not up
## Validation
- Source farm not impacted
- Disable or enable smtp in restored farm(optional, depends on your business)
- Check the status of all the pods
- Smax testing in restored farm(bo, ess page, agent page, idol search)
- DND integration testing, try to execute one OO flow
- CMS integration testing, try to open jmx-console, ucmdb-browser, and CI sync with smax
- CGRO integration testing - Optional
- Audit Service testing - Optional
- Premetheus testing - All data is shown correctly in granfa, alertmanager works
## Issues you may meet
- kubectl get svc return none due to Fedrate login
- pv not bound while restoring eks farm(add sg of EKS control panel to efs inbound rule)
- cms can not up(only restore cms from velero backups solves it)
- smartA pods failed to start up due to some files are not copyed from source farm(take smarta-saw-con for example, but you may meet other)
```
kubectl scale sts smarta-saw-con --replicas=0 -n itsma-xxxxx
delete all files under the directory of: /mnt/efs/var/vols/itom/itsma/itsma-smarta-saw-con-0/smarta-saw-con-0/data
kubectl scale sts smarta-saw-con --replicas=2 -n itsma-xxxxx
```
- pods not up due to image not pushed to ECR(minor version difference between source & target farm)
- ingress not created(reconfig ALB controller in kube-system)
- Integration not work between cms & smax (manually update integration url in bo)
- Integration not work between oo & smax (manually update integration url in agent & db)
- Grafana alerts are sent as us2-prod but actually are from us2-dev(reconfig grafana)
- SAML login not works(till now)
- CMS integration not works due to different gateway url format(int.**cms**.fqdn in us2-dev but int.fqdn in us2-prod)
- Not all rabbitmq nodes are added into cluster, in my case only infra-rabbitmq-0 is there
kubectl scale sts infra-rabbitmq -n *itsma-ohs8f* --replicas=1
delete all files under the directory of /mnt/efs/var/vols/itom/itsma/ *rabbitmq-infra-rabbitmq-1(2)* /data/xservices/rabbitmq/ *3.7.1.14* /mnesia
kubectl scale sts infra-rabbitmq -n *itsma-ohs8f* --replicas=3
## Leftover
- Not switched to spot instance yet
- Old EFS server still there(other resources in AWS should have been deleted)
- Backup plan should be changed to save cost
- Contents of yaml\_outputs in EFS server are from source farm, should be changed manually
- Some records in parameter store are not updated and there are many invalid record
- API call not stable according to wenjun(solved by infra rabbitmq)
- Saml login still failed

17
knowledgebase/csd-wiki/ICSD/ESM-Cloud-Farm-Construction_688988187.md Normal file
View File

@@ -0,0 +1,17 @@
# ESM-Cloud-Farm-Construction_688988187
1. [ITOM Cloud Service Delivery](index.html)
2. [ITOM Cloud Service Delivery](ITOM-Cloud-Service-Delivery_681555087.html)
3. [🔷Document Candidates](686065504.html)
Created by, last modified by Wei Shen on Feb 08, 2025 EST
- [AWS Infrastructure Naming Rules](AWS-Infrastructure-Naming-Rules_688988195.html)
- [Default key/value in Parameter Store](688988203.html)
- [FQDN Naming Convention](FQDN-Naming-Convention_688988212.html)
- [How to setup a new farm](How-to-setup-a-new-farm_688988216.html)
- [New Farm OPS Requirments](New-Farm-OPS-Requirments_688988220.html)
- [Operations Platform key/value in Parameter Store](688988228.html)
Document generated by Confluence on Sep 15, 2025 22:28 EDT
[Atlassian](https://www.atlassian.com/)

40
knowledgebase/csd-wiki/ICSD/ESM-Cloud-Farm-Version-Tracking_684925423.md Normal file
View File

@@ -0,0 +1,40 @@
# ESM-Cloud-Farm-Version-Tracking_684925423
## ESM Cloud Farms
| Farm | ###### SMAX/HCMX | ###### SMAX/HCMX ###### PATCH/HOTFIX | ###### UD/UCMDB | ###### UD/UCMDB ###### PATCH/HOTFIX | ###### OO | ###### OO ###### PATCH/HOTFIX | ###### AUDIT | ###### AUDIT ###### PATCH/HOTFIX | ###### AUTOMATION ###### CENTER | ###### OPERATIONPLATFORM | ###### OPERATIONPLATFORMPATCH/HOTFIX | ###### OMT | ###### FINOPS(Classic) | ###### EKS VERSION |
| --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- |
| ###### US2-DEV | 25.3 | 25.3.2 | 25.3 | 25.3.2 | 25.3 | 25.3.2 | 25.3 | 25.3.2 | N/A | N/A | | N/A | N/A | 1.31 |
| ###### JP12-STG | 25.3 | 25.3.1 | 25.3 | 25.3.1 | 25.3 | 25.3.1 | 25.3 | 25.3.1 | N/A | N/A | N/A | 25.3.1 | N/A | 1.31 |
| ###### AP10-PROD | 25.3 | 25.3.1 | 25.3 | 25.3.1 | 25.3 | 25.3.1 | 25.3 | 25.3.1 | N/A | N/A | N/A | 25.3.1 | N/A | 1.31 |
| ###### BR14-PROD | 25.2 | 25.2.2 25.2.2 HF1 25.2.2 HF2 | 25.2 | 25.2.2.HF1 | 25.2 | 25.2.2 | 25.2 | 25.2.2 | N/A | N/A | N/A | 25.2.2 | N/A | 1.31 |
| ###### CA16-PROD | 25.3 | 25.3.1 | 25.3 | 25.3.1 | 25.3 | 25.3.1 | 25.3 | 25.3.1 | N/A | N/A | N/A | 25.3.1 | N/A | 1.31 |
| ###### EU3-PROD | 25.3.1 | 25.3 LP HF | 25.3 | 25.3.1 | 25.3 | 25.3.1 | 25.3 | 25.3.1 | 25.3.1 | 25.3 | 25.3.1 | 25.3.1 | ![(tick)](images/icons/emoticons/check.svg) | 1.31 |
| ###### EU8-PROD | 25.2 | 25.2.2 25.2.2 HF10 25.2 LP HF | 25.2 | 25.2.2.HF2 | 25.2 | 25.2.2 | 25.2 | 25.2.2 | N/A | N/A | N/A | 25.2.2 | N/A | 1.31 |
| ###### EU18-PROD | 25.2 | 25.2.2 25.2.2 HF1 25.2.2 HF2 25.2.2 HF10 25.2.2 HF14 | 25.2 | 25.2.2.HF1 | 25.2 | 25.2.2 | 25.2 | 25.2.2 | N/A | 25.2 | | 25.2 | ![(tick)](images/icons/emoticons/check.svg) | 1.31 |
| ###### EU28-PROD | 25.2 | 25.2.2 25.2.2 HF1 25.2.2 HF225.2.2 HF7 | 25.2 | 25.2.2.HF1 | 25.2 | 25.2.2 | 25.2 | 25.2.2 | N/A | N/A | N/A | N/A | N/A | 1.31 |
| ###### EU38-PROD | 25.3 | 25.3.1 | 25.3 | 25.3.1 | N/A | N/A | 25.3 | 25.3.1 | N/A | N/A | N/A | N/A | N/A | 1.31 |
| ###### JP12-PROD | 25.2 | 25.2.2 25.2.2 HF2 25.2.2 HF2 | 25.2 | 25.2.2.HF1 | 25.2 | 25.2.2 | 25.2 | 25.2.2 | N/A | N/A | N/A | 25.2 | N/A | 1.31 |
| ###### SA34-PROD | 25.3 | 25.3.1 | 25.3 | 25.3.1 | 25.3 | N25.3.1 | 25.3 | 25.3.1 | N/A | N/A | N/A | N/A | N/A | 1.31 |
| ###### US2-PROD | 25.2 | 25.2.2 25.2.2 HF1 25.2.2 HF2 | 25.2 | 25.2.2.HF1 | 25.2 | 25.2.2 | 25.2 | 25.2.2 | N/A | N/A | N/A | 25.2.2 | ![(tick)](images/icons/emoticons/check.svg) | 1.31 |
| ###### US6-PROD | 25.2 | 25.2.0.HF225.2.2 HF1 25.2.2.HF1 | 25.2 | 25.2.2.HF1 | 25.2 | 25.2.2 | 25.2 | 25.2.2 | N/A | N/A | N/A | 25.2.2 | N/A | 1.31 |
| ###### US7-PROD | 25.3 | 25.3.1 | 25.3 | 25.3.1 | 25.3 | 25.3.1 | 25.3 | 25.3.1 | | N/A | N/A | 25.3.1 | ![(tick)](images/icons/emoticons/check.svg) | 1.31 |
| ###### US24-PROD | 25.2 | 25.2.2 25.2.2 HF1 25.2.2 HF2 25.2.2 HF5 25.2.2 HF8 25.2.2 HF10 25.2.2 HF11 25.2.2 HF12 25.2.2 HF13 | 25.2 | 25.2.2.HF1 | 25.2 | 25.2.2 | 25.2 | 25.2.2 | 25.2 | 25.2 | N/A | 25.2.2 | ![(minus)](images/icons/emoticons/forbidden.svg) | 1.31 |
| ###### US26-PROD | 25.2 | 25.2.2 25.2.2 HF1 25.2.2 HF2 | 25.2 | 25.2.2.HF1 | N/A | N/A | 25.2 | 25.2.2 | N/A | N/A | N/A | 25.2.2 | N/A | 1.31 |
## AIS Cloud Aviator Farms
| Farm | ###### AVIATOR | ###### AVIATOR ###### PATCH/HOTFIX | ###### EKS VERSION |
| --- | --- | --- | --- |
| ###### US30-STG-ITOMAVIATOR | 25.3 | 25.3.2 | 1.31 |
| ###### EU30-PROD-ITOMAVIATOR | 25.3 | 25.3.1 25.3.1.HF1 | 1.31 |
| ###### EU32-PROD-ITOMAVIATOR | 25.3 | 25.3.0 | 1.31 |
## DCA Cloud Farms
| | ###### SERVICE TYPE | ###### ITOM DCA | ###### EKS VERSION | ###### STATUS |
| --- | --- | --- | --- | --- |
| ###### EU3-TRIAL-DCA | ~~DCA Premium~~ | 23.4 GA | 1.30 | |
| ###### EU4-STG-DCA | DCA Premium | 23.4 GA | | IN USE |
| ###### EU2-PROD-DCA | DCA Premium | 23.4 GA | | IN USE |
| ###### US8-STG-REPORTING | SA Reporting | 23.4 GA | | IN USE |
| ###### US6-PROD-REPORTING | SA Reporting | 23.4 GA | | IN USE |

19
knowledgebase/csd-wiki/ICSD/ESM-Cloud-Incident-Tracking-List_686083932.md Normal file
View File

@@ -0,0 +1,19 @@
# ESM-Cloud-Incident-Tracking-List_686083932
| Incident Date | Time (UTC) | Farm | Product | Version | Incident ID (PPM) | Incident ID (PCS) | CPE Owner | RnD RCA Owner | CS Incident Owner | @RCA Provided |
| --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- |
| | 13:07 - 17.46 | BR14 | SMAX | 24.3.1.HF1 | | | [Scott Deyarmond](https://rndwiki.houston.softwaregrp.net/confluence/display/~scott.deyarmond@microfocus.com) | [De-Yong 'Chris' Tu](https://rndwiki.houston.softwaregrp.net/confluence/display/~deyong.tu@microfocus.com) | [Ling-yan Meng](https://rndwiki.houston.softwaregrp.net/confluence/display/~lingyan.meng@microfocus.com) | |
| | 10:59-11:09 | EU8 | CMS | 24.2.1 | 152451 | : | [Fang Liu](https://rndwiki.houston.softwaregrp.net/confluence/display/~fang.liu@microfocus.com) | | | |
| | 12:26-17:00 | Multiple Farms | | | 152372 Multi Customer Availability issues for ESM - CMS on Multiple Regions | | | [Ling-yan Meng](https://rndwiki.houston.softwaregrp.net/confluence/display/~lingyan.meng@microfocus.com) | [Wei Shen](https://rndwiki.houston.softwaregrp.net/confluence/display/~wei.shen2@microfocus.com) | |
| 17 Jun 2024 | | EU8 | CMS | 24.2.1 | 152066 - Multi customer availability issue for SMAX EU8 CMS Major Functionality in AWS Frankfurt | | | | | [Xiaofang 'Monica' Huang](https://rndwiki.houston.softwaregrp.net/confluence/display/~xiaofang.huang@microfocus.com) |
| 16 Jun 2024 | | EU8 | CMS | 24.2.1 | 152029 - Multi Customer Major Functionality issues for SMAX EU8 CMS in AWS Frankfurt | | | [Jun-Wu 'Thomas' Pan](https://rndwiki.houston.softwaregrp.net/confluence/display/~jun-wu.pan@microfocus.com) | [Ling-yan Meng](https://rndwiki.houston.softwaregrp.net/confluence/display/~lingyan.meng@microfocus.com) | [Xiaofang 'Monica' Huang](https://rndwiki.houston.softwaregrp.net/confluence/display/~xiaofang.huang@microfocus.com) |
| 06 Jun 2024 | | EU8 | CMS | 24.2.1 | | | | | | |
| 04 Jun 2024 | | EU8 | CMS | 24.2.1 | | | | | | |
| 26 Apr 2024 | | EU8 | CMS | 23.4.P2 | 151606 - Multiple Customer Availability Issues for SMAX EU8 CMS in AWS Frankfurt | | | | | |
| 17 Apr 2024 | | EU8 | CMS | 23.4.P2 | \- Multiple Customer Availability Issues SMAX EU8 CMS Major Functionality APM in Frankfurt | PCS 700915 | [Fang Liu](https://rndwiki.houston.softwaregrp.net/confluence/display/~fang.liu@microfocus.com) | | [Sunny Xia](https://rndwiki.houston.softwaregrp.net/confluence/display/~sunny.xia@microfocus.com) | |
| 23 Mar 2024 | 3:00 - 3:30 | EU8 | CMS | 23.4.P2 | 151418 - Multi Customer Major Functionality Issues for SMAX EU8 in AWS Frankfurt | | [Wenying Zhu](https://rndwiki.houston.softwaregrp.net/confluence/display/~wenying.zhu@microfocus.com) | [Jun-Wu 'Thomas' Pan](https://rndwiki.houston.softwaregrp.net/confluence/display/~jun-wu.pan@microfocus.com) | [Yu Liu](https://rndwiki.houston.softwaregrp.net/confluence/display/~liu.yu@microfocus.com) | [Xiaofang 'Monica' Huang](https://rndwiki.houston.softwaregrp.net/confluence/display/~xiaofang.huang@microfocus.com) |
| 22 Mar 2024 | 10:30 - 10:36 | EU8 | CMS | 23.4.P2 | [151385 - Multiple Customer Availability Issues for SMAX EU8 in AWS Canada](https://essentials.saas.microfocus.com/itg/web/knta/crt/RequestDetail.jsp?REQUEST_ID=151385) | PCS 641280 | [Ling-yan Meng](https://rndwiki.houston.softwaregrp.net/confluence/display/~lingyan.meng@microfocus.com) | [Xiaofang 'Monica' Huang](https://rndwiki.houston.softwaregrp.net/confluence/display/~xiaofang.huang@microfocus.com) | [Ionut-Alexandru Bacalu](https://rndwiki.houston.softwaregrp.net/confluence/display/~ionut.bacalu@microfocus.com) | [Xiaofang 'Monica' Huang](https://rndwiki.houston.softwaregrp.net/confluence/display/~xiaofang.huang@microfocus.com) |
| 19 Feb 2024 | 12:00 - 12:50 | EU18 | SMAX | 23.4.P2 | [151140 - Multi Customer Availability issue for SMAX Major Functionality EU18 in Oregon](https://essentials.saas.microfocus.com/itg/web/knta/crt/RequestDetail.jsp?REQUEST_ID=151140) | [PCS 566815](https://us2-smax.saas.microfocus.com/saw/Incident/566815/general?TENANTID=488503157) | [Ling-yan Meng](https://rndwiki.houston.softwaregrp.net/confluence/display/~lingyan.meng@microfocus.com) | [De-Yong 'Chris' Tu](https://rndwiki.houston.softwaregrp.net/confluence/display/~deyong.tu@microfocus.com) | [Ionut-Alexandru Bacalu](https://rndwiki.houston.softwaregrp.net/confluence/display/~ionut.bacalu@microfocus.com) | [De-Yong 'Chris' Tu](https://rndwiki.houston.softwaregrp.net/confluence/display/~deyong.tu@microfocus.com) |
| 05 Jan 2024 | 13:30 - 13:43 | EU8 | SMAX | 23.4.P2 | [150723 - Multi Customer Availability issues for SMAX EU8 in Frankfurt](https://essentials.saas.microfocus.com/itg/web/knta/crt/RequestDetail.jsp?REQUEST_ID=150723) | [PCS 488691](https://us2-smax.saas.microfocus.com/saw/Incident/488691/general?TENANTID=488503157) | [Ling-yan Meng](https://rndwiki.houston.softwaregrp.net/confluence/display/~lingyan.meng@microfocus.com) | [De-Yong 'Chris' Tu](https://rndwiki.houston.softwaregrp.net/confluence/display/~deyong.tu@microfocus.com) | [Ionut-Alexandru Bacalu](https://rndwiki.houston.softwaregrp.net/confluence/display/~ionut.bacalu@microfocus.com) | [De-Yong 'Chris' Tu](https://rndwiki.houston.softwaregrp.net/confluence/display/~deyong.tu@microfocus.com) |
| 05 Dec 2023 | 17:40 - 17:53 | EU8 | CMS | 23.4.P1 | [150487 - Multi Customer Major Functionality issues for SMAX EU8 CMS in Frankfurt](https://essentials.saas.microfocus.com/itg/web/knta/crt/RequestDetail.jsp?REQUEST_ID=150487) | [PCS 438686](https://us2-smax.saas.microfocus.com/saw/Incident/438686/general?TENANTID=488503157) | [Fang Liu](https://rndwiki.houston.softwaregrp.net/confluence/display/~fang.liu@microfocus.com) | [Xiaofang 'Monica' Huang](https://rndwiki.houston.softwaregrp.net/confluence/display/~xiaofang.huang@microfocus.com) | [Sunny Xia](https://rndwiki.houston.softwaregrp.net/confluence/display/~sunny.xia@microfocus.com) | [Sheng-Yu Chen](https://rndwiki.houston.softwaregrp.net/confluence/display/~sheng-yu.chen@microfocus.com) |
| | | | | | | | | | | |
| | | | | | | | | | | |

289
knowledgebase/csd-wiki/ICSD/ESM-Cloud-Infra-Cost-Review_686065545.md Normal file
View File

@@ -0,0 +1,289 @@
# ESM-Cloud-Infra-Cost-Review_686065545
## Introduction
This page presents all the ESM SaaS related cost review results.
## 2025-07-15
eu8+18: 18 unsued ebs reduce 250$ monthly +140 ebs's on gp2 which need to go on gp3=250$monthly REVIEWING
## 2025-05-13
1. \[EU-Managed eu28-eu32\] Change EBS from gp2 to gp3, save $64.00 per month REVIEWING
2. \[EU-Managed eu28-eu32\] Remove unused EBS, save $10 per month REVIEWING
3. \[EU-Managed eu28-eu32\] Upgrade the EKS version to 1.32 before 2025-07-23 for eu28 and eu32, to prevent $1000/mo extra cost on extend support REVIEWING Owner: Maricel EU28 upgrade planned on 2002-07-20, EU32 upgrade planned on 2025-07-17
4\. \[EU-Managed eu28-eu32\] Remove SageMaker, save $240/mo REVIEWING
## 2025-05-07
1. Remove SageMaker, save REVIEWING Owner: Ting
## 2025-04-07
1. Set remove policy for EBS snapshots, save around $100/mo, the problem is that this cost is keep growing. NO PLAN Owner: Ting Checked that it's managed by velero.
example: us24-prod-eks-cluster-dynamic-pvc-29b4c73e-edb7-49e1-9ca9-ce653f04ed57,
2. Upgrade the EKS version to 1.32 before 2025-07-23, to prevent $6000/mo extra cost on extend support REVIEWING Owner: Ting, change together with CCoE new image, after 25.2 upgrade.
3. US2-DEV
1. Change the op RDS from t3.xlarge > t4g.large, as the cpu usage is less than 5%, save around $100/mo depends on the usage REVIEWING Owner: Ting ask Sunny for a change.
2. Change the op RDS disk from io2 to gp3, as gp3 is cheaper and provide more IOPS, save around $ **500** /mo REVIEWING Owner: Ting
1. make sure the future op database start with t4g.large and gp3
2. may be we can remove few instances, as there are 3 OP related RDS. NO PLAN
3. turn off the RDS if the system is not in use. save around $100~500/mo NO PLAN
4. remove manual RDS snapshot keep recent 30 days: $300+ REVIEWING Owner: Ting
4. Apply the ecr storage cleanup solution: $ **500DONE** owner: [Ting Ye](https://rndwiki.houston.softwaregrp.net/confluence/display/~ting.ye@microfocus.com)
## 2025-03-28
Reorganize the FinOps related tasks:
1. EU18
1. Migrate "Tech Mahindra - YIT Prod-1947697" to new FinOps and then remove the old vertica, save around **$1300/m** REVIEWING owner: shenwei to check with PM
2. US24
1. Remove the old vertica, save around $ **1500** /m It's stopped for a month, owner: Ting DONE 11 Apr 2025
3. EU3
1. Migrate 4 remaining tenants from FinOps\_Classic to new FinOps and then remove the old vertica, save around **$1300/mo** REVIEWING owner: shenwei to check with presales
4. US2
1. Decommission 920775298 and 263660258 which are using FinOps\_Classic, then remove the vertica, save around $ **500** /mo REVIEWING Lingyan has confirmed with Alex Dominic Savio William. Owner: shenwei
## 2025-03-25
1. Add RI and SP on EU28, saved around **$1300/mo** DONE 25 Mar 2025
2. Add RI for OpenSearch on US2-PROD (Covering US2/US6), save 339$/mo DONE 25 Mar 2025
3. Add RI for OpenSearch on EU8, save 339$/mo. DONE 25 Mar 2025
4. Based on the system usage, resize us2 smax RDS m6g.4xlarge → r6g.2xlarge, cms RDS r6g.2xlarge → r6g.xlarge, save around $ **1100** /mo DONE
## 2025-02-27
1. Change all the EC2 instances from m5/r5 to m6i/r6i with better performance REVIEWING
1. Asked RnD to test the new instance type. if we choose m6a/r6a can save around $3000+/m without performance improvements [Feature 2481012 - \[Cost saving\] \[SaaS\] Suppor AMD EC2 servers which can save up to $3000/month on SaaS](https://internal.almoctane.com/ui/entity-navigation?p=97002/32001&entityType=work_item&id=2481012)
2. And m6g/r6g can save even more like 9000$, but most likely it's not working, pending RnD for testing. NO PLAN Danny: Arm-Based EC2 cannot be used for worker node, because our applications are not built for ARM processors!
## 2025-01-08
1. Cleanup SMAX EFS, save around $ **1500/m**, owner: [Ting Ye](https://rndwiki.houston.softwaregrp.net/confluence/display/~ting.ye@microfocus.com)
JP12-STG,EU3,US7,US2-Prod,US6,EU8,AP10 DONE 28 Mar 2025
2. US6
1. After decommission Ford, resize the farm, save around $400/mo DONE
Also Dick's Sporting good just onboard, we may not change the sizing, but make sure to remove files on efs.
3. EU3
1. Decommission legacy Carbon server and ALBs, save around $200/m DONE
## 2024-12-11
1. EU18
1. Change the op RDS from t3.xlarge > t3.large, as the cpu usage is less than 5%, save around $120/m DONE
2. Change the RDS disk from io2 to gp3, as gp3 is cheaper and provide more IOPS, save around $350/m DONE
2. EU3
1. Change the op RDS from t3.xlarge > t3.large, as the cpu usage is less than 5%, save around $120/m DONE
2. Change the RDS disk from io2 to gp3, as gp3 is cheaper and provide more IOPS, save around $350/m DONE
3. us24
1. Change the op RDS from t3.xlarge > t3.large, as the cpu usage is less than 5%, save around $120/m DONE
4. RI for OP RDS save around $100/m DONE
## 2024-09-20
1. Terminate the old bastion node. Save around $300/m. DONE
## 2024-08-28
1. Turn off the auto RDS backup, as we have the "AWS Backup service". Save around $300/m. DONE
1. us2-prod oomt, eu18-prod oo/cms/smax, ap10 oomt, ca16 oo/cms/smax, jp12-stg cms/oo/smax.
2. Finish the Helm Post-transformation tasks, save more than $100/m. REVIEWING
3. Remove the OMT ingress (16.43$ \* 12 = $197). Reviewing the situation with RnD, RnD may provide a step to do it. REVIEWING
[https://docs.microfocus.com/doc/SMAX/24.2/TransformSmaxToHelmBased#Clean\_up\_OMT\_resources\_in\_the\_OMT\_namespace](https://docs.microfocus.com/doc/SMAX/24.2/TransformSmaxToHelmBased#Clean_up_OMT_resources_in_the_OMT_namespace)
[Issue 2323030 - \[Doc\] \[SaaS\] Remove unnessary OMT resoruces after helm transformation.](https://internal.almoctane.com/ui/entity-navigation?p=97002/32001&entityType=work_item&id=2323030)
## 2024-07-08
1. Clean up the RDS backup tables in the database (not saving money but preventing the cost to increase) REVIEWING
1. Audit (rnd review)
2. revinfo (rnd confirmed to truncate) need a change
3. bak tables (ops review)
## 2024-05-14
1. Change all workers volume type from gp2 to gp3. Save around $ **1000/m**. Plan with CCoE ami change PLANNED
2. OpenSearch on US2-Dev Around 800$ Plan to decommission DONE owner: Ting
3. EU18
1. Reduce the vertica data node size from m4.4xlarge to r5.2xlarge: Save $600/m NO PLAN owner: Scott
4. Review the backup procedure for potential issues on cost
1. Change the kms key os RDS, so that we can enable incremental backup. Can save around $ **2000** +/m REVIEWING Solution is ready, requires a downtime
5. Need to check the saving plan usage 80%~90%, need to check with Vinay. List the number DONE 25 Mar 2025 by lingyan, coverage 99% by the company
6. Remove the us2-dev EKS [smax-cluster-us2dev](https://us-west-2.console.aws.amazon.com/eks/home?region=us-west-2#/clusters/smax-cluster-us2dev) in 551360491749: $300/m DONE By Ting
7. Review the saving plan for us26 Owner:Lingyan DONE 25 Mar 2025 by lingyan, coverage 99% by the company
## 2024-05-08
1. Change cross-region retention from 14 days to 7 days DONE [Yu Liu](https://rndwiki.houston.softwaregrp.net/confluence/display/~liu.yu@microfocus.com)
2. Remove the local backup generated by cross-region backup owner: DONE [Yu Liu](https://rndwiki.houston.softwaregrp.net/confluence/display/~liu.yu@microfocus.com)
3. Cleanup SMAX EFS to reduce the cost: $ **2000**, owner: [Ting Ye](https://rndwiki.houston.softwaregrp.net/confluence/display/~ting.ye@microfocus.com)
,JP12-STG,EU3,US7,US2-Prod,US6,EU8,AP10 DONE
4. Checking if we can change the backup type to cold backup for efs owner: NO PLAN [Yu Liu](https://rndwiki.houston.softwaregrp.net/confluence/display/~liu.yu@microfocus.com)
5. Remove the us1 EKS in 361684190412, as it cost $400 for eks extended support owner: [Ting Ye](https://rndwiki.houston.softwaregrp.net/confluence/display/~ting.ye@microfocus.com) DONE
6. check the ecr storage cleanup solution: $ **800** owner: [Ting Ye](https://rndwiki.houston.softwaregrp.net/confluence/display/~ting.ye@microfocus.com)
\--US2-dev,EU3-Prod,US7-Prod DONE
7. Check the CMS efs cleanup solution with rnd owner: [Ling-yan Meng](https://rndwiki.houston.softwaregrp.net/confluence/display/~lingyan.meng@microfocus.com) DONE [Clean up CMS log files](https://rndwiki.houston.softwaregrp.net/confluence/display/ICS/Clean+up+CMS+log+files)
1. Cleanup CMS EFS to reduce the cost: $ **500** owner: [Ting Ye](https://rndwiki.houston.softwaregrp.net/confluence/display/~ting.ye@microfocus.com) DONE
2. US2-dev,US2-Prod,EU3,US7,US24 Done
3. JP12,BR14,CA16,US26 Done
## 2024-04-28
1. US6/EU8/AP10/EU18
1. EU8
1. remove not used tenant-export/tenant-import 400GB packages: 200$ DONE
## 2024-03-25
1. US6/EU8/AP10/EU18
1. AP10
1. remove manual RDS snapshot keep recent 30 days: $85 DONE
2. remove unused ALB (save 16.43$ \* 7 = 115$ ) Check FQDN and traffic, peer review before removal REVIEWING
1. [acd2b58c6b3fc40a3a911c79dd0f8105-7bb8644d3ea49e82.elb.ap-southeast-2.amazonaws.com](http://acd2b58c6b3fc40a3a911c79dd0f8105-7bb8644d3ea49e82.elb.ap-southeast-2.amazonaws.com/) (k8s-itsmatbx-itomngin-1af9765940)
2. [internal-SMAX-EKS-ALB-832470617.ap-southeast-2.elb.amazonaws.com](http://internal-smax-eks-alb-832470617.ap-southeast-2.elb.amazonaws.com/)
3. [internal-CMS-ALB-1420616780.ap-southeast-2.elb.amazonaws.com](http://internal-cms-alb-1420616780.ap-southeast-2.elb.amazonaws.com/)
4. [internal-cms-smax-integration-605090270.ap-southeast-2.elb.amazonaws.com](http://internal-cms-smax-integration-605090270.ap-southeast-2.elb.amazonaws.com/) (should be the legacy integration)
5. [internal-k8s-ap10prodcmsalb-99eed8dbd4-1596301489.ap-southeast-2.elb.amazonaws.com](http://internal-k8s-ap10prodcmsalb-99eed8dbd4-1596301489.ap-southeast-2.elb.amazonaws.com/)
6. [internal-k8s-oopublic-e2b012afab-1414584707.ap-southeast-2.elb.amazonaws.com](http://internal-k8s-oopublic-e2b012afab-1414584707.ap-southeast-2.elb.amazonaws.com/)
7. [internal-k8s-ap10auditalb-f2e1f6a5de-476511256.ap-southeast-2.elb.amazonaws.com](http://internal-k8s-ap10auditalb-f2e1f6a5de-476511256.ap-southeast-2.elb.amazonaws.com/)
2. US6
1. remove manual RDS snapshot keep recent 30 days: $ **300** + DONE
2. remove unused ALB (save 16.43$ \* 8 = 131$ ) Check FQDN and traffic, peer review before removal REVIEWING
1. [ad2b5ab2128d842a4ab7a8479b91d6ca-5f7aeea4304fc4ab.elb.us-west-2.amazonaws.com](http://ad2b5ab2128d842a4ab7a8479b91d6ca-5f7aeea4304fc4ab.elb.us-west-2.amazonaws.com/) (k8s-itsmaohs-itomngin-b928fd8ff6)
2. [internal-SMAX-ALB-1780068998.us-west-2.elb.amazonaws.com](http://internal-smax-alb-1780068998.us-west-2.elb.amazonaws.com/)
3. [internal-subdomain-testing-1383237556.us-west-2.elb.amazonaws.com](http://internal-subdomain-testing-1383237556.us-west-2.elb.amazonaws.com/)
4. [internal-CMS-ALB-103193064.us-west-2.elb.amazonaws.com](http://internal-cms-alb-103193064.us-west-2.elb.amazonaws.com/)
5. [internal-ALB-For-Integration-1506362286.us-west-2.elb.amazonaws.com](http://internal-alb-for-integration-1506362286.us-west-2.elb.amazonaws.com/)
6. [internal-k8s-us6prodcmsalb-05d13e29f6-1782663167.us-west-2.elb.amazonaws.com](http://internal-k8s-us6prodcmsalb-05d13e29f6-1782663167.us-west-2.elb.amazonaws.com/)
7. [internal-k8s-oomtpublic-8b587340e7-989485052.us-west-2.elb.amazonaws.com](http://internal-k8s-oomtpublic-8b587340e7-989485052.us-west-2.elb.amazonaws.com/)
8. [internal-k8s-us6auditalb-b4c1ac47bd-1257080049.us-west-2.elb.amazonaws.com](http://internal-k8s-us6auditalb-b4c1ac47bd-1257080049.us-west-2.elb.amazonaws.com/)
3. EU8
1. remove manual RDS snapshot keep recent 30 days: $ **400** + DONE
2. remove unused ALB (save 16.43$ \* 8 = 131$ ) Check FQDN and traffic, peer review before removal REVIEWING
1. [internal-CMS-ALB-EU8-50066461.eu-central-1.elb.amazonaws.com](http://internal-cms-alb-eu8-50066461.eu-central-1.elb.amazonaws.com/)
2. [internal-k8s-eu8cmsext-09c603805a-1635150560.eu-central-1.elb.amazonaws.com](http://internal-k8s-eu8cmsext-09c603805a-1635150560.eu-central-1.elb.amazonaws.com/)
3. [internal-EU8-ALB-For-Integration-1099466715.eu-central-1.elb.amazonaws.com](http://internal-eu8-alb-for-integration-1099466715.eu-central-1.elb.amazonaws.com/)
4. [af67eb4c5555d47aab1230aaeafbfcfd-82a881994f2d96b7.elb.eu-central-1.amazonaws.com](http://af67eb4c5555d47aab1230aaeafbfcfd-82a881994f2d96b7.elb.eu-central-1.amazonaws.com/) (k8s-itsmah3c-itomngin-c4e78faf0f)
5. [internal-SMAX-ALB-582960966.eu-central-1.elb.amazonaws.com](http://internal-smax-alb-582960966.eu-central-1.elb.amazonaws.com/)
6. [internal-EU8-ALB-For-Integration-1099466715.eu-central-1.elb.amazonaws.com](http://internal-eu8-alb-for-integration-1099466715.eu-central-1.elb.amazonaws.com/)
7. [aff85e03390924d0c9a6eae56cf2b525-6a24d3a3cd2ad390.elb.eu-central-1.amazonaws.com](http://aff85e03390924d0c9a6eae56cf2b525-6a24d3a3cd2ad390.elb.eu-central-1.amazonaws.com/) (this one has traffic on 80, k8s-itsmah3c-itomngin-21d82011c2)
8. [internal-k8s-oomtpublic-8f26407304-488986183.eu-central-1.elb.amazonaws.com](http://internal-k8s-oomtpublic-8f26407304-488986183.eu-central-1.elb.amazonaws.com/)
4. EU18
5. US6-STG
1. (us-east-1) remove manual RDS snapshot keep recent 30 days: $40+ DONE
2. (us-west-2) remove manual RDS snapshot keep recent 30 days: $100+ DONE
2. JP12/BR14/CA16
1. JP12
1. remove manual RDS snapshot keep recent 30 days: $70 DONE
2. BR14
3. CA16
4. jp12-stg
1. remove manual RDS snapshot keep recent 30 days: $40 DONE
3. US2/US2-DEV/US24
1. US2
1. remove manual RDS snapshot keep recent 30 days: $ **1000** + DONE
2. US2-DEV
1. remove manual RDS snapshot keep recent 30 days: $200+ DONE
2. (us-east-1) remove manual RDS snapshot keep recent 30 days: $20+ DONE
3. US24
1. remove manual RDS snapshot keep recent 30 days: $20 DONE
4. EU3/US7
1. EU3
1. remove manual RDS snapshot keep recent 30 days: $ **500** + DONE
2. US7
1. remove manual RDS snapshot keep recent 30 days: $ **500** + DONE
5. EU22/US26
1. EU22
2. US26
1. remove manual RDS snapshot keep recent 30 days DONE
2. CMS RDS r6g.4xlarge -> r6g.2xlarge (save $800) last 4 weeks peak CPU 10% DONE
## 2023-12-19
Make sure to **check and keep the max\_connections**
1. US6/EU8/AP10/EU18
1. AP10
1. OO RDS: m6g.2xlarge → r6g.xlarge (save $150) last 4 weeks peak CPU 12% DONE
2. US6
1. OO RDS: m6g.2xlarge → r6g.xlarge (save $150) last 4 weeks peak CPU 6% DONE
3. EU8
1. OO RDS
1. m6g.2xlarge -> r6g.xlarge (save $150) last 4 weeks peak CPU 15% DONE
2. IO1 3000 -> GP3 IOPS 12000 (save $300) DONE
4. EU18
1. SMAX RDS m6g.4xlarge -> r6g.2xlarge (save $300) last 4 weeks peak CPU 18% DONE
2. OO RDS: m6g.2xlarge → r6g.xlarge (save $150) last 4 weeks peak CPU 9% DONE
2. JP12/BR14/CA16
1. JP12
1. SMAX RDS m6g.2xlarge -> r6g.xlarge (save $150) last 4 weeks peak CPU 13% DONE
2. CMS RDS m6g.2xlarge -> r6g.xlarge (save $150) last 4 weeks peak CPU 6% DONE
3. OO RDS: m6g.2xlarge → r6g.xlarge (save $150) last 4 weeks peak CPU 14% DONE
2. BR14
1. CMS RDS m6g.2xlarge -> r6g.xlarge (save $150) last 4 weeks peak CPU 9% DONE
2. OO RDS: m6g.2xlarge → r6g.xlarge (save $150) last 4 weeks peak CPU 5% DONE
3. CA16
1. SMAX RDS m6g.2xlarge -> r6g.xlarge (save $150) last 4 weeks peak CPU 5% DONE
2. OO RDS: m6g.2xlarge → r6g.xlarge (save $150) last 4 weeks peak CPU 4% DONE
4. jp12-stg
1. OO RDS: m5.2xlarge → r6g.xlarge DONE
3. US2/US24
1. US2
1. OO RDS: m6g.2xlarge → r6g.xlarge (save $150) last 4 weeks peak CPU 19% DONE
4. EU3/US7
1. EU3
1. CMS RDS m6g.2xlarge -> r6g.xlarge (save $150) last 4 weeks peak CPU 15% DONE
2. OO RDS: m6g.2xlarge → r6g.xlarge (save $150) last 4 weeks peak CPU 17% DONE
2. US7
1. OO RDS: m6g.2xlarge → r6g.xlarge (save $150) last 4 weeks peak CPU 10% DONE
## 2023-11-30
1. US6/EU8/AP10/EU18
1. US6
1. CMS RDS: IO1 10000 IOPS → GP3 IOPS ($1093.5 → $86.25) DONE
2. SMA RDS:
1. r6g.4xlarge → r6g.2xlarge (save $1312) Last 4 week free memory more than 80G, CPU less than 30%. **Check and keep the max\_connections** DONE
2. GP2 → GP3 DONE
3. ~~CMS RDS: m6g.4xlarge → r6g.2xlarge ($823 -> $741 → $463) Need to wait till **Dec 18th** for RI expiration for $463 Last 4 weeks CPU < 30%, Min Free memory 31G
~~As the load on 7th Dec is higher than 60%.
4. Remove manual & backup snapshots, keep recent 30 days: $400+ DONE
2. EU8
1. SMA RDS: GP2 4500G → GP3 4500G 18000 IOPS 1000 MBPS ($1229 → $1616 ) Last 4 week IOPS peak time: 17000-18000, MBPS peak time: 450 MBPS DONE As the us6 worked, we can plan the eu8 change
1. We can only switch to 18000 IOPS 500 MBPS at first and keep monitoring, if required, increase to 1000 MBPS, it will require less than $100 per month. Based on the monitoring, we need to change the MBPS from 500 MBPS to 1000 MBPS. DONE
2. Remove manual & backup snapshots keep recent 30 days: $1000+DONE
3. Disable EFS throughput mode for monitoring: $350 DONE
3. AP10
1. Remove manual & backup snapshots keep recent 30 days: $100+ DONE
2. JP12/BR14/CA16
1. JP12
1. Remove manual & backup snapshots keep recent 30 days: $50+DONE
2. BR14
1. Remove manual & backup snapshots keep recent 30 days: $150+DONE
3. CA16
1. Remove manual & backup snapshots keep recent 30 days: $50+DONE
3. US2/US24
1. US2
1. SMA RDS: IO1 2000G 3000 IOPS → GP3 2000G 12000 IOPS ($1100→ $460) Last 4 week IOPS peak time: 2500-4000, MBPS peak time: 70-150 MBPS DONE
2. CMS RDS: IO1 500G 3000 IOPS → GP3 500G 12000 IOPS ($1100→ $460) Last 4 week IOPS peak time: 2500-4000, MBPS peak time: 70-150 MBPSDONE
2. US24
1. SMA RDS:
1. m6g.2xlarge → r6g.xlarge ($998→ $726) DONE
2. disable multi-AZ: save $363 DONE
2. OO RDS: m6g.2xlarge → r6g.xlarge ($499 →$363) **Check and keep the max\_connections** DONE
3. Vertica
1. ~~Reduce the vertica data node number from 3 to 1~~
2. Reduce the vertica data node size from r5.8xlarge to r5.4xlarge: $1600 DONE
**Need to request RI before Dec 18th. [Wei Shen](https://rndwiki.houston.softwaregrp.net/confluence/display/~wei.shen2@microfocus.com)**
**Improve the instance type to newer version. RnD**
**Backup policy: keep only one month.**
Check us2 tenant FinOps usage, may be it's been moved to us24?
[https://us2-smax.saas.microfocus.com:443/saw/ess?TENANTID=920775298](https://us2-smax.saas.microfocus.com/saw/ess?TENANTID=920775298)
Posted by lmeng2 at Mar 28, 2025 02:39 EDT

73
knowledgebase/csd-wiki/ICSD/ESM-Cloud-Ops---New-User-Guide_686088242.md Normal file
View File

@@ -0,0 +1,73 @@
# ESM-Cloud-Ops---New-User-Guide_686088242
## Overview
This page provides a guidance for new member in ESM Cloud Ops team.
## System Access
| # | | Links | Admin | Comments |
| --- | --- | --- | --- | --- |
| 1. | AWS Console login | [AWS Console Login](http://awslogin.publiccloud.microfocus.net/) [Request access to AWS account from IGA portal](Request-access-to-AWS-account-from-IGA-portal_686074273.html) for the ESM, Aviator and DCA AWS accounts listed [here](https://confluence.opentext.com/display/ICSD/ITOM+Cloud+AWS+Account+Overview). IGA link [here](https://stackc.iga.cyberresprod.com/). For ESM Cloud Ops Engineer please request access with role " **Fed\_Account\_ESM\_SaaS\_Ops** " | [Sajith Kumar A R](https://confluence.opentext.com/display/~ssajith) | AWS Account Owner will approve the access request MF account to login |
| 2. | ITOM Cloud Service Delivery Wiki | [ITOM Cloud Service Delivery](https://confluence.opentext.com/display/ICSD) [How to get an Opentext Confluence account](How-to-get-an-Opentext-Confluence-account_688987796.html) | [Sajith Kumar A R](https://confluence.opentext.com/display/~ssajith) | ITOM CSD Wiki Space OT Confluence account to login |
| 3. | Cloud DevOps Sharepoint | [https://opentextcorporation.sharepoint.com/sites/MFI-SMAXSaaSDevOps/SitePages/Home.aspx](https://opentextcorporation.sharepoint.com/sites/MFI-SMAXSaaSDevOps/SitePages/Home.aspx) | [Sajith Kumar A R](https://confluence.opentext.com/display/~ssajith) [Boglarka Ronai](https://confluence.opentext.com/display/~bronai) | Team's SharePoint OT account to login |
| 4. | Add New User to PDL | - ITOM Cloud Service Team <ITOMCloudServiceTeam@ [opentextcorporation.onmicrosoft.com](http://opentextcorporation.onmicrosoft.com/) > - ITOM Cloud Service ESM Team <ITOMCloudServiceESMTeam@ [opentextcorporation.onmicrosoft.com](http://opentextcorporation.onmicrosoft.com/) > - ITOM Cloud Service SO Team <ITOMCloudServiceSOTeam@ [opentextcorporation.onmicrosoft.com](http://opentextcorporation.onmicrosoft.com/) > - ITOM Cloud Services APM Team <ITOMCloudServices [APMTeam@opentextcorporation.onmicrosoft.com](mailto:APMTeam@opentextcorporation.onmicrosoft.com) > | [Boglarka Ronai](https://confluence.opentext.com/display/~bronai) | Team PDL |
| 5.1. | PCS (Proactive Customer Support) - SMAX | [https://pcs.saas.microfocus.com/](https://pcs.saas.microfocus.com/) | [Brindusa Kevorkian](https://confluence.opentext.com/display/~bkevorkian) [Sajith Kumar A R](https://confluence.opentext.com/display/~ssajith) | To handle customer service request OT account to login |
| 5.2. | PCS EU SMAX | [https://pcs-eu.saas.microfocus.com/saw/Requests](https://pcs-eu.saas.microfocus.com/saw/Requests) | [Alin-Bogdan Zirbo](https://confluence.opentext.com/display/~azirbo) | To handle EU customer service request OT account to login |
| 6. | X4X (Internal Cloud Service) - SMAX | [https://us2-smax.saas.microfocus.com/saw/ess?TENANTID=202385354](https://us2-smax.saas.microfocus.com/saw/ess?TENANTID=202385354) | [Sajith Kumar A R](https://confluence.opentext.com/display/~ssajith) | Tenant Provision, Unplanned change requests OT account to login |
| 7. | ESM SaaS RnD Basecamp | [https://3.basecamp.com/4227251/projects/19597039](https://3.basecamp.com/4227251/projects/19597039) | [Sajith Kumar A R](https://confluence.opentext.com/display/~ssajith) | Tasks assignment & tracking Basecamp account to login |
| 8. | ESM Cloud Ops Tooling | Jenkins: [https://saas-ops.itsma-ng.net/](https://saas-ops.itsma-ng.net/) System health Page Ops Console: [http://smax-health.saas.microfocus.com/ops](http://smax-health.saas.microfocus.com/ops) Logging farm: | [Maricel Plesuvu](https://confluence.opentext.com/display/~mplesuvu) | AWS Cognito user account to login For Jenkins, System Health Page Logging farm, etc |
| 9. | ESM Cloud Ops Favorites | [SaaS Favorites](https://rndwiki.houston.softwaregrp.net/confluence/display/SMAXaaS/SaaS+Favorites) (To be updated) | N/A | All in one link page for SaaS |
| 10. | INFRA account | Steps: 1\. Request your manager's approval, e.g. Shen Wei, Florin Pavel, via email and have it saved as.msg. 2\. Log a ticket in Self Service using the offering "Domain Management": [https://us2-smax.saas.microfocus.com/saw/ess/requestTracking/9465777?TENANTID=734262997](https://us2-smax.saas.microfocus.com/saw/ess/requestTracking/9465777?TENANTID=734262997) Inside the ticket add: 2.1. the approval from step #1 2.2. the attached [OpenText SaaS disclaimer.pdf](attachments/686088242/702037978.pdf) filled in 2.3. the attached [Infra Access Request.docx](attachments/686088242/702037980.docx) properly filled in. 3\. The password will expire every 3 months. For that, use the instructions in the attached [INFRA account password reset.txt](attachments/686088242/702038073.txt). | [Florin Pavel](https://confluence.opentext.com/display/~fpavel) [Sajith Kumar A R](https://confluence.opentext.com/display/~ssajith) | Use this [offering](https://us2-smax.saas.microfocus.com/saw/ess/offeringPage/17746?query=domain%20management&TENANTID=734262997) on this SMAX. E.g. #9465777. |
| 11. | SaaS Unified Tool | [https://ut.ct-us2.saas.microfocus.com/sm/index.do](https://ut.ct-us2.saas.microfocus.com/sm/index.do) Once the INFRA account created, the access to UT may be requested. For that, log a ticket in Self Service using the offering "Domain Management": [https://us2-smax.saas.microfocus.com/saw/ess/requestTracking/9465777?TENANTID=734262997](https://us2-smax.saas.microfocus.com/saw/ess/requestTracking/9465777?TENANTID=734262997) and specify that the INFRA account too. E.g. "Kindly grant me access to SaaS Unified Tool: [https://ut.ct-us2.saas.microfocus.com/sm/index.do](https://ut.ct-us2.saas.microfocus.com/sm/index.do) with the same rights like wei.shen2. I already have an INFRA account enabled with the ID: Username: Adina.Lehene" Note: Every 3 months the password expires. In order to reset it, follow A) or B): A) Use this link to change your password: [Password Reset Tool](https://10.208.15.14/RDWeb/Pages/en-US/password.aspx), while using **CheckPoint VPN. **B) Contact: [MFI-PSDC-Service-Center@opentext.com](mailto:MFI-PSDC-Service-Center@opentext.com) or [sbiswal@opentext.com](mailto:sbiswal@opentext.com). | @MFI-PSDC-Service-Center@opentext.com [Saswati Biswal](https://confluence.opentext.com/display/~sbiswal) | Use this offering on this SMAX. E.g. #9498890. |
| 12. | BO (BackOffice) | https://<farm-name>- [smax.saas.microfocus.com/bo](http://smax.saas.microfocus.com/bo) In order to log into BO, use the suite-admin generic or the suite-admin-personal account. The suite-admin generic account's credentials are found in the proper AWS Parameter Store account, according to this table [Suite-admin generic accounts credentials.xlsx](attachments/686088242/703392717.xlsx) (see column K). Steps to create a suite-admin-personal accounts: 0\. Log into the proper [AWS account](https://authenticate.microfocus.net/nidp/app/login?id=MultiGenericAA&sid=0&option=credential&sid=0&target=https%3A%2F%2Fauthenticate.microfocus.net%2Fnidp%2Fsaml2%2Fidpsend%3FPID%3Dawslogin.publiccloud.microfocus.net) in order to retrieve the correspondent farm's suite-admin credentials according to the table mentioned above. 1\. Log into the target farm's BO as suite-admin with the credentials retrieved from the Parameter store of the AWS correspondent farm. 2\. Go to Users. 2.1. Create a new user with the role of suite-admin and the format *suite-admin-john* 2.2. Open any tenant. 2.3. Go to IDM. Press once again "Organizations". 2.4. Filter the categories by "sysbo" and choose it. 2.5. Go to "Groups". 2.6. Select and open the "Administrators" group. 2.7. Add the newly created suite-admin-user into the *Administrators* group. | | AWS access is a prerequisite. |
| 13. | IRL (Software Entitlements Management System) | [https://sld.prod.corpcloud.opentext.com/semsui/ilr](https://sld.prod.corpcloud.opentext.com/semsui/ilr) | | MF main credentials |
| 14.1. | SLD (Software Licenses and Downloads) | [https://sld.microfocus.com](https://sld.microfocus.com/) (web browser private mode) In order to create an account: 1\. Use the @ [microfocus.com](http://microfocus.com/) email address 2\. In order to confirm the account and receive its password, log a service request on the tenant: [https://us2-smax.saas.microfocus.com/saw/ess/requestTracking/36283818?TENANTID=973580388](https://us2-smax.saas.microfocus.com/saw/ess/requestTracking/36283818?TENANTID=973580388) or contact the team: [SLD\_SUP\_TEAM@opentext.com](mailto:SLD_SUP_TEAM@opentext.com); contact people: [halla2@opentext.com](mailto:halla2@opentext.com), [apalakuru@opentext.com](mailto:apalakuru@opentext.com) 3\. Once the registered account confirmed and the initial password received, reset the password. | [SLD\_SUP\_TEAM@opentext.com](mailto:SLD_SUP_TEAM@opentext.com) @Hari Kishan Naidu Alla @Akhilesh Palakuru | MF email and dedicated pwd |
| 14.2. | Software Licensing and Download | [https://sld.microfocus.com](https://sld.microfocus.com/) | | Use this [offering](https://us2-smax.saas.microfocus.com/saw/ess/offeringPage/1239784?TENANTID=973580388) on this SMAX, via incognito browser. |
| 15. | PHT GitLab repo | Older ref. Confl. art.: [Build Hub Contact#RequestGitLabSupport](https://confluence.opentext.com/display/UBMT/Build+Hub+Contact#BuildHubContact-RequestGitLabSupport) SaaS: [https://gitlab.otxlab.net/csd/esm-cloud/smax-saas-ops/esm-waf](https://gitlab.otxlab.net/csd/esm-cloud/smax-saas-ops/esm-waf) RnD: [https://gitlab.otxlab.net/itom/itsma-x/esm-waf](https://gitlab.otxlab.net/itom/itsma-x/esm-waf) | RnD PHT: [Raluca Prodan](https://confluence.opentext.com/display/~rprodan) RnD CSD: [Raluca Prodan](https://confluence.opentext.com/display/~rprodan) | |
| 16. | Prisma | Prisma link: [https://app.prismacloud.io/home/runtime](https://app.prismacloud.io/home/runtime) In order to create an account: 1. Go to [Commercial Systems Access Workflow (opentext.com)](https://intranet.opentext.com/intranet/llisapi.dll/displayform/2001/18828385/3077721/141992044/20740378/110054872/214218608/214203932/?viewid=220171445&readonly=true&sedit=false&objId=214220329&objAction=EditForm&nexturl=https%3A%2F%2Fintranet%2Eopentext%2Ecom%2Fintranet%2Fllisapi%2Edll) 2. Under "Department", select "Network Operations" 3. Under "Access Type", "Select Individual Systems" 4. Under Access Information, select "Info Sec" 5. Under "Security Tools", type "PrismaCloud - please copy the access from..." 6. Under "Reason", type "Provide the justification for your request". | | |
## Product related knowledge
| Index | Status | Issues | Comments |
| --- | --- | --- | --- |
| What is SMA? | ![(tick)](images/icons/emoticons/check.svg) | | - [GO through the videos of our product](https://rndwiki.houston.softwaregrp.net/confluence/display/SMA/Generic+Product+Knowledge) - [Youtube Introduction](https://www.youtube.com/watch?v=EY00wNqDkso) - [Youtube In-depth Overview](https://www.youtube.com/watch?v=aOzzhy7izX8) |
| What is ESM? (Enterprise Service Management) | ![(tick)](images/icons/emoticons/check.svg) | | - [Youtube Introduction](https://www.youtube.com/watch?v=2lhczXokuy8) - [Microfocus Official description](https://www.microfocus.com/en-us/what-is/enterprise-service-management) |
| AWS 10 minutes tutorial series | ![(tick)](images/icons/emoticons/check.svg) | | - [Link](https://aws.amazon.com/getting-started/tutorials/) |
| Get familiar with AWS | ![(tick)](images/icons/emoticons/check.svg) | | - [Safari](https://www.safaribooksonline.com/learning-paths/learning-path-amazon/9780135116548/) course (First 8 Chapter) (No longer available after Nov 17th, 2023) - [LiveSession 2nd Edition](https://learning.oreilly.com/videos/amazon-web-services/9780135581247/) Use [this link](https://opentextcorporation.sharepoint.com/:f:/s/MFI-SMAXSaaSDevOps/EpzYHAhEhoFDkx_D_ykzgNMBjBu2S4PC-HiQchaJHpoyxA?e=ULSxUf) if previous one is not working. |
| Get familiar with Kubernetes and docker | ![(tick)](images/icons/emoticons/check.svg) | | - [Learning Docker](https://www.linkedin.com/learning/learning-docker-2/why-create-containers-using-docker?u=16620580) (No longer available after Nov 17th, 2023) [Learning Kubernetes](https://www.linkedin.com/learning/learning-kubernetes/how-to-use-the-exercise-files?u=16620580) (No longer available after Nov 17th, 2023) |
| Get familiar with SMA | ![(tick)](images/icons/emoticons/check.svg) | | - [Overview](https://docs.microfocus.com/itom/ITOM:Service_Management_Automation/Home) - [List of products](https://docs.microfocus.com/?ITSMA) |
| Setup a production level environment on AWS | ![(tick)](images/icons/emoticons/check.svg) | | - [Link](https://docs.microfocus.com/doc/SMAX/24.4/EKS) |
| Maintain an EKS solution | | | |
## ESM SaaS Specific knowledge
| Index | Status | Issues | Comments |
| --- | --- | --- | --- |
| ESM SaaS Architecture (Legacy Landing Zone) | ![(tick)](images/icons/emoticons/check.svg) | | 1. [Recording](https://web.microsoftstream.com/video/7a02725a-9d73-4552-81f7-07fc89dc2237) |
| ESM SaaS session to ESM teams which are relatively new to SaaS operation model | ![(tick)](images/icons/emoticons/check.svg) | | 1. [Session 1](https://microfocusinternational-my.sharepoint.com/:v:/g/personal/deepak-kalathil_perazhi_microfocus_com/ERhV3ddNmhVBjg-BR-SAhIsBPon0Qfs030KqXU4Al8msBA?e=voDI7d) 2. [Session 2](https://microfocusinternational-my.sharepoint.com/:v:/g/personal/deepak-kalathil_perazhi_microfocus_com/EeqXCCh51lVIuVXMGgh78R4Bp93xXTWl2zqc-dX71SO1Dg?e=AmnAt6) 3. [Slides](https://microfocusinternational.sharepoint.com/:p:/s/SMAXSaaSDevOps/EYQJYJEMUThFir1YGzHB5m0BgxEF_RQUXSWVZHhUw-XYhg?e=cZe5UQ) |
| SaaS Collaborations with ADM Group | | | 1. Session 1 2. Session 2 |
## Advanced knowledge
| Index | Status | Issues | Comments |
| --- | --- | --- | --- |
| Kubernetes Internals 1. Node / Pod 2. Kubectl (Client) 3. Kubelet 4. API Server 5. Ingress 6. Daemonset/Statefulset/Pod/Deployment/ReplicationController 7. Configmap 8. ETCD 9. Service/Load balancing /Network 10. PV (Storage) | | | 1. [https://kubernetes.io/docs/home/](https://kubernetes.io/docs/home/) 2. [Kubernetes in action](https://www.safaribooksonline.com/library/view/kubernetes-in-action/9781617293726/) |
| Partner Training | | | [Partner Training(Chinese)](https://rndwiki.houston.softwaregrp.net/confluence/pages/viewpage.action?title=Partner+Training&spaceKey=SMA) |
| | | | [How to generate short term key for programmatic access to AWS account or role](https://rndwiki.houston.softwaregrp.net/confluence/display/SMA/How+to+generate+short+term+key+for+programmatic+access+to+AWS+account+or+role) |
| How to solve CDF/Suite issues in real world? | | | |
| Docker | | | [Latest Docker doc](https://docs.docker.com/get-started/overview/) [Docker 1.13 doc](https://docs.docker.com/v1.13/) |
| Cloud related knowledge | | | [AWS in Action](https://learning.oreilly.com/library/view/amazon-web-services/9781617295119/) |
| Master Cloud-Native Infrastructure with Kubernetes | | | Training materials from [LinkedIn Learning](https://www.linkedin.com/learning/paths/master-cloud-native-infrastructure-with-kubernetes?u=16620580) (No longer available after Nov 17th, 2023) |
| Business domain knowledge - ITIL | | | ITIL docs |
| CDF APIs | | | 1. https://<FQDN>:5443/suiteInstaller/swagger-ui.html 2. [Sample](https://docs.microfocus.com/itom/ITOM_Container_Deployment_Foundation:2018.08/Administer/Change_the_external_access_hostname) to connect to swagger ui. (From Step 2) |
| CDF documentation | | | [doc](https://rndwiki.houston.softwaregrp.net/confluence/display/sharedservices/Documentation+v2018.08) |
| Point Product APIs | | | 1. xservice: [https://<FQDN>/v10/help/en/full/Content/8000\_DeveloperGuide/ApiRESTIntro.htm](https://jh-test7.itsma-ng.net/v10/help/en/full/Content/8000_DeveloperGuide/ApiRESTIntro.htm) 2. IDOL: |
| Product Knowledge - SM | | | [Service Manager 9.61](https://docs.microfocus.com/SM/9.61/Codeless/Content/Home.htm) [Service](https://www.youtube.com/watch?v=tdm1njlFCLU) [Manager 9.40 Capability Overview](https://www.youtube.com/watch?v=tdm1njlFCLU) (Video) |
| Product Knowledge - X | | | [Old Saw document](https://saw.saas.hpe.com/help/en/full/Content/Home/ServiceAnywhereHomePage.htm) X document: [https://<FQDN>/v10/help/en/full/Content/8000\_DeveloperGuide/ApiRESTIntro.htm](https://jh-test7.itsma-ng.net/v10/help/en/full/Content/8000_DeveloperGuide/ApiRESTIntro.htm) |
| Product Knowledge - IDOL | | | [Get Start](https://www.microfocus.com/documentation/idol/IDOL/Servers/IDOLServer/11.0/Guides/pdf/English/IDOL_11.0_GettingStarted_en.pdf) [IDOL Expert](https://www.microfocus.com/documentation/idol/IDOL/Servers/IDOLServer/11.0/Guides/html/English/expert/index.html) [Other IDOL documents](https://www.microfocus.com/documentation/idol/IDOL_11_0/) IDOL introduction on 2018.08 by Sean Blanchflower [Video](https://web.microsoftstream.com/video/1b3f943a-9231-4912-993e-63c53831a3a0) [Slides](https://microfocusinternational-my.sharepoint.com/:b:/g/personal/sean_blanchflower_microfocus_com/EYso5J-VMZ5Dju5Og4Tk_vUBaCES0RHZOqGhyVc7g0EBwg?e=i3uo0Y) |
| AWS OpenSearch based ELK | | | 1. [Recording](https://microfocusinternational-my.sharepoint.com/:v:/g/personal/wei_shen2_microfocus_com/EfPtYTQyvkFJldhgoGk4cVMBnM_xmzCpX7k8C9I4ey8mwg) 2. [Slides](https://microfocusinternational.sharepoint.com/:p:/t/ITSMA/EUZtcs8d9MNFr8NnMX_qLR8BD_BmpLCSGlaIbfMWvaW1AA) 3. [Provisioning](https://rndwiki.houston.softwaregrp.net/confluence/display/SMA/Provision+AWS+OpenSearch+based+ELK) 4. [How to support ELK log analytics](https://rndwiki.houston.softwaregrp.net/confluence/display/SMA/How+to+support+ELK) |
| Request Infra MMS account to access SiteScope | | | [https://us2-smax.saas.microfocus.com/saw/ess/offeringPage/17746?TENANTID=734262997](https://us2-smax.saas.microfocus.com/saw/ess/offeringPage/17746?TENANTID=734262997) Domain Services Options: Active Directory/Account Services; Domain Name: Infra.mms; Request Service On: Personal Account; Select Action: Create |
## Much Further knowledge
<table><colgroup><col> <col> <col> <col></colgroup><tbody><tr><th>Index</th><th>Status</th><th>Issues</th><th>Comments</th></tr><tr><td colspan="1">Micro Focus Reference Architecture</td><td colspan="1"></td><td colspan="1"></td><td colspan="1"><a href="https://web.microsoftstream.com/video/aa3110cb-45a9-403b-8899-a26dbb1137a5">Video</a><br><a href="https://microfocusinternational.sharepoint.com/:b:/s/Product/cpohub/ESuqutcGRpFKhjM31zj7iqwB05p0omcmNrLEGiSBnjpAnA?e=stFyr4">Slides</a></td></tr><tr><td colspan="1"></td><td colspan="1"></td><td colspan="1"></td><td colspan="1"></td></tr></tbody></table>

35
knowledgebase/csd-wiki/ICSD/ESM-Cloud-Ops-Change-Calendar_686069653.md Normal file
View File

@@ -0,0 +1,35 @@
# ESM-Cloud-Ops-Change-Calendar_686069653
[https://opentextcorporation.sharepoint.com/sites/MFI-SMAXSaaSDevOps/Lists/ESM%20Cloud%20Calendar/calendar.aspx](https://opentextcorporation.sharepoint.com/sites/MFI-SMAXSaaSDevOps/Lists/ESM%20Cloud%20Calendar/calendar.aspx)
## ESM 25.4 Upgrade Plan (Oct 2025 ~ Dec 2025)
## ESM 25.3 Upgrade Plan (Jul 2025 ~ Sep 2025)
![](attachments/686069653/716244536.png)
## ESM 25.2 Upgrade Plan (Mar 2025 ~ Jun 2025)
## Attachments:
[image-2025-1-20\_11-1-8.png](attachments/686069653/686069650.png) (image/png)
[image-2025-1-20\_11-1-43.png](attachments/686069653/686069652.png) (image/png)
[image-2025-2-17\_15-17-57.png](attachments/686069653/690071325.png) (image/png)
[image-2025-3-21\_12-15-13.png](attachments/686069653/693621083.png) (image/png)
[image-2025-3-21\_12-23-19.png](attachments/686069653/693621092.png) (image/png)
[image-2025-3-21\_12-25-3.png](attachments/686069653/693621098.png) (image/png)
[image-2025-3-25\_10-14-29.png](attachments/686069653/694621603.png) (image/png)
[image-2025-5-19\_9-55-39.png](attachments/686069653/703387765.png) (image/png)
[image-2025-6-23\_9-47-59.png](attachments/686069653/708233750.png) (image/png)
[image-2025-6-23\_9-48-22.png](attachments/686069653/708233751.png) (image/png)
[image-2025-7-2\_13-3-2.png](attachments/686069653/709410415.png) (image/png)
[image-2025-7-2\_13-5-12.png](attachments/686069653/709410427.png) (image/png)
[image-2025-7-9\_10-37-27.png](attachments/686069653/710773365.png) (image/png)
[image-2025-7-16\_10-54-52.png](attachments/686069653/710796236.png) (image/png)
[image-2025-7-16\_11-5-41.png](attachments/686069653/710796261.png) (image/png)
[image-2025-7-28\_14-17-57.png](attachments/686069653/711848853.png) (image/png)
[image-2025-8-1\_15-36-21.png](attachments/686069653/713178370.png) (image/png)
[image-2025-8-20\_17-12-6.png](attachments/686069653/715595499.png) (image/png)
[image-2025-8-21\_11-53-19.png](attachments/686069653/715598386.png) (image/png)
[image-2025-8-22\_10-3-46.png](attachments/686069653/715603437.png) (image/png)
[image-2025-8-25\_9-57-2.png](attachments/686069653/716244536.png) (image/png)
[image-2025-9-3\_13-50-1.png](attachments/686069653/716274533.png) (image/png)

26
knowledgebase/csd-wiki/ICSD/ESM-Cloud-Unified-Monitoring-v1.1_686083891.md Normal file
View File

File diff suppressed because one or more lines are too long

26
knowledgebase/csd-wiki/ICSD/ESM-Cloud-Unified-Monitoring_686074338.md Normal file
View File

File diff suppressed because one or more lines are too long

38
knowledgebase/csd-wiki/ICSD/ESM-Customer-Configuration-Deviations_713163911.md Normal file
View File

@@ -0,0 +1,38 @@
# ESM-Customer-Configuration-Deviations_713163911
1. [ITOM Cloud Service Delivery](index.html)
2. [ITOM Cloud Service Delivery](ITOM-Cloud-Service-Delivery_681555087.html)
3. [ITOM Cloud Applications Version Tracking](ITOM-Cloud-Applications-Version-Tracking_686069647.html)
4. [ESM Cloud Farm Version Tracking](ESM-Cloud-Farm-Version-Tracking_684925423.html)
Created by on Jul 29, 2025 EDT
## ESM Cloud Farms
| Farm | Region | Configuration Deviations | Notes |
| --- | --- | --- | --- |
| AP10-Prod | Sydney | | |
| BR14-Prod | Sao Paulo | | |
| CA16-Prod | Canada | | |
| EU3-Prod | Frankfurt | | |
| EU8-Prod | Frankfurt | | |
| EU28-Prod | Frankfurt | | |
| EU38-Prod | Frankfurt | | |
| JP12-Prod | Seoul | | |
| SA34-Prod | Africa (Cape Town) | | |
| US2-Prod | Oregon | | |
| US7-Prod | Oregon | | |
| US24-Prod | Oregon | | |
| US26-Prod | Oregon | | |
## AIS Cloud Farms
| Farm | Region | Configuration Deviations | Notes |
| --- | --- | --- | --- |
| US30-Prod | Oregon | | |
| EU32-Prod | Frankfurt | | |
| | | | |
| | | | |
Document generated by Confluence on Sep 15, 2025 22:24 EDT
[Atlassian](https://www.atlassian.com/)

44
knowledgebase/csd-wiki/ICSD/ESM-Customer-Tenant-Decommission_688996785.md Normal file
View File

@@ -0,0 +1,44 @@
# ESM-Customer-Tenant-Decommission_688996785
## Introduction
This guide help user to use X4X service offering to request a ESM customer tenant decommission.
## Service Offering for ordinary user
1. Go to X4X tenant: [https://us2-smax.saas.microfocus.com/saw/ess?TENANTID=202385354](https://us2-smax.saas.microfocus.com/saw/ess?TENANTID=202385354)
2. Check Service Catalog: Trial
3. Check service offering: Request Tenant Decommission
4. Input the justification for the request, which farm the tenant located in and tenant ID, submit.
5. The Ops team will receive the notification of the request.
## Service offering for Ops team member
1. Go to X4X tenant: [https://us2-smax.saas.microfocus.com/saw/ess?TENANTID=202385354](https://us2-smax.saas.microfocus.com/saw/ess?TENANTID=202385354)
2. Check Service Catalog: ESM Provisioning
3. Check service offering: Set Tenant Decommission
4. Input the justification for the request, which farm the tenant located in
5. and Select the SMAX tenant which hostname is tenant ID, same as CMS, OO and DND, leave it if empty, submit.
6. Click "Delete Immediately" if tenant could be decommissioned right now.
7. Input the source request id if there have the relevent request from x4x or PCS.
8. The request will be approved by ShenWei and Wenjun to go to the decommission process.
Resources:
1. KT on ESM tenant decommissioning: [Open Text Intranet](https://intranet.opentext.com/intranet/llisapi.dll/app/nodes/263386543?tab=1)
**Related pages**
- Page:
[ESM Cloud Farm Version Tracking](/display/ICSD/ESM+Cloud+Farm+Version+Tracking)
- Page:
[How to get an Opentext Confluence account](/display/ICSD/How+to+get+an+Opentext+Confluence+account)
- Page:
[ITOM APM AppPluse Cloud Farm Information](/display/ICSD/ITOM+APM+AppPluse+Cloud+Farm+Information)
- Page:
[ITOM Cloud Service Ops Doc Management Process](/display/ICSD/ITOM+Cloud+Service+Ops+Doc+Management+Process)
- Page:
[ITOM ESM Cloud Service Catalog](/display/ICSD/ITOM+ESM+Cloud+Service+Catalog)
- Page:
[ITOM OpsB NOM Cloud Service Catalog](/display/ICSD/ITOM+OpsB+NOM+Cloud+Service+Catalog)
- Page:
[OpsB and NOM Cloud Deployments Version Tracking](/display/ICSD/OpsB+and+NOM+Cloud+Deployments+Version+Tracking)

38
knowledgebase/csd-wiki/ICSD/ESM-Emergency-Change-Process_718140336.md Normal file
View File

@@ -0,0 +1,38 @@
# ESM-Emergency-Change-Process_718140336
## Introduction
This is the process for a CSD ESM Operations engineer to operate an emergency change logged by any of the teams: Core CPE, Support, RnD, QA. The process is subject to change.
**!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Note: Please mark this page as "Liked" that means that you have acknowledged it!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!**
## Process
Here is the summary of the process:
1\. The customer logs a support request or a service request for an issue impacting their productivity.
2\. Any non-Ops team engineer receives the request on #1 and concludes that an emergency change is needed to fix the issue.
3\. The non-Ops engineer logs an incident in PCS and asks for the emergency intervention from SaaS Ops team. Make sure to be clear about what and how needs to be operated. Also the non-Ops engineer logs an Unplanned Change in X4X that will follow the flow: the Ops engineer will update it with the emergency intervention, it will be approved by the management, it will be picked up by an Ops engineer and it will be closed (since it had been already operated).
4\. The non-Ops engineer requests the intervention of the Ops engineer team via the **ESM Cloud Team (CORE CPE & Cloud Service)** chat. If there is no feedback within 15 minutes, the non-Ops engineer calls the on-call Ops engineer in order to operate the emergency change logged on #3.
5\. The Ops engineer answers the phone call made on #4 and operates the emergency change according to the details specified in the incident logged on #3.
6\. At the end of the emergency change operated by the Ops engineer, he/she updates the incident logged on #3 and also leaves a comment in the Unplanned Change logged on point #3, to document the intervention. He/She also reassigns the PCS incident back to its requester's team and name.
## The visual summary of the process
## Conclusions
In case of an emergency change that requires the ESM CSD Ops team intervention, if there is no feedback in the Teams channel **ESM Cloud Team (CORE CPE & Cloud Service)** within 15 minutes, please check who is the on-call Operations engineer at the moment of the incident on the [EverBridge portal](https://member.everbridge.net/manage/453003085617753/1956345255324613#/scheduling/my-schedule) and contact him/her by phone, according the the Confluence page [here](https://confluence.opentext.com/display/ICSD/ESM+SaaS+RnD+Coverage).
**!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Note: Please mark this page as "Liked" that means that you have acknowledged it!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!**
## Useful links
On-call schedule of the CSD ESM Operations team: [EverBridge portal](https://member.everbridge.net/manage/453003085617753/1956345255324613#/scheduling/my-schedule).
Work phone no. of the CSD ESM Operations team: [Confluence page](https://confluence.opentext.com/display/ICSD/ESM+SaaS+CSD+Ops+Coverage).
X4X link: [X4X Self Service Portal](https://us2-smax.saas.microfocus.com/saw/ess?TENANTID=202385354)

91
knowledgebase/csd-wiki/ICSD/ESM-Farm-Cloud-Deployment-Naming-Convention_686065579.md Normal file
View File

@@ -0,0 +1,91 @@
# ESM-Farm-Cloud-Deployment-Naming-Convention_686065579
## Introduction
## New Farm FQDN Naming Convention
### ESM SaaS Farm:
- SMAX: https://<farm-alias>- [smax.saas.microfocus.com](http://smax.saas.microfocus.com/)
- CMS: https://cms.<farm-alias>-smax.saas.microfocus.com
- OO: https://oo.<farm-alias>- [smax.saas.microfocus.com](http://smax.saas.microfocus.com/)
- Audit: https://audit.<farm-alias>-smax.saas.microfocus.com
### DCA Instance
https://<dca-alias>.[saas.microfocus.com](http://saas.microfocus.com/)
DCA Alias: <instance alias>-<instance type>-<dca/sareporting>
For example: [https://us6-prod-dca.saas.microfocus.com](https://us6-prod-dca.saas.microfocus.com/)
## AWS Infrastructure Naming Convention
### EC2 Instance
- eu8-prod-smax-worker
- eu8-prod-cms-worker
- eu8-prod-cms-probe-windows
- eu8-prod-oo-worker
- eu8-prod-monitor-worker
- eu8-prod-logging-worker
- eu8-prod-logging-logstash-linux
- eu8-prod-bastion-server-linux
- eu8-prod-bastion-server-windows
- eu8-prod-vertica-node-linux
- eu8-prod-vertica-mc-linux
- eu8-prod-opb-agent-server-windows
- eu8-prod-sm-server-windows
- eu8-prod-idol-server-windows
- eu8-prod-jenkins-server-linux
### RDS
- us1-prod-smax-rds
- us1-prod-cms-rds
- us1-prod-oo-rds
- us2-dev-smax-rds
### EFS
- us1-prod-smax-efs
- us1-prod-cms-efs
- us1-prod-oo-efs
- us2-dev-smax-efs
- us2-dev-oo-efs
### Subnets
- us24-prod-public-subnet-1
- us24-prod-public-subnet-2
- us24-prod-public-subnet-3
- us24-prod-private-subnet-1
- us24-prod-private-subnet-2
- us24-prod-private-subnet-3
- us24-prod-database-subnet-1
- us24-prod-database-subnet-2
### SecurityGroup:
- us24-prod-bastion-securitygroup
### Backup Plan
- - us1-prod-aws-backup-plan
- us2-prod-aws-backup-plan
- jp12-stg-aws-backup-plan
#### Backup Rules
- - us1-prod-6h-backup-rule
- us2-prod-6h-backup-rule
#### Resource Assignment
### S3 bucket for Vertica
- us2-prod-vertica-data
### S3 bucket for Velero
- us2-prod-velero-backup-file
- us1-prod-velero-backup-file

57
knowledgebase/csd-wiki/ICSD/ESM-Monthly-SLA-Result_686070050.md Normal file
View File

@@ -0,0 +1,57 @@
# ESM-Monthly-SLA-Result_686070050
## SMAX SLA
| | Aug 2025 | July 2025 | June 2025 | May 2025 | Apr 2025 | Mar 2025 | Feb 2025 | Dec 2024 | Nov 2024 | Oct 2024 | Sept 2024 | Jul 2024 | Jun 2024 | May 2024 | Apr 2024 | Mar 2024 | Feb 2024 | Jan 2024 |
| --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- |
| ###### EU3-PROD | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% |
| ###### US7-PROD | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% |
| ###### US2-PROD | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% |
| ###### US6-PROD | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% |
| ###### EU8-PROD | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 99.975% |
| ###### AP10-PROD | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% |
| ###### JP12-PROD | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% |
| ###### BR14-PROD | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 99,836% | 100% | 100% | 100% | 100% | 100% | 100% | 100% |
| ###### US24-PROD | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% |
| ###### CA16-PROD | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% |
| ###### EU18-PROD | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 99,884% | 100% |
| ###### US26-PROD | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% |
| ###### US28-PROD | 100% | 100% | 100% | 99.993% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | | | | | | |
| ###### SA34-PROD | 100% | 100% | 100% | | | | | | | | | | | | | | | | | |
## CMS SLA
| | Aug 2025 | July 2025 | June 2025 | May 2025 | Apr 2025 | Mar 2025 | Feb 2025 | Sep 2024 | Apr 2024 |
| --- | --- | --- | --- | --- | --- | --- | --- | --- | --- |
| ###### EU3-PROD | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% |
| ###### US7-PROD | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 99.481% | 100% | 100% | 100% | 100% | 100% | 100% |
| ###### US2-PROD | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 99.497% | 100% | 100% | 100% | 100% | 100% | 100% |
| ###### US6-PROD | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 99.372% | 100% | 100% | 100% | 100% | 100% | 100% |
| ###### EU8-PROD | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 99.959% | 99.975% | 100% | 99.922% | 99.921% | 99.920% | 99.977% |
| ###### AP10-PROD | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% |
| ###### JP12-PROD | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% |
| ###### BR14-PROD | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 99.447% | 100% | 100% | 100% | 100% | 100% | 100% |
| ###### US24-PROD | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 99.523% | 100% | 100% | 100% | 100% | 100% | 100% |
| ###### CA16-PROD | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 99.422% | 100% | 100% | 100% | 100% | 100% | 100% |
| ###### EU18-PROD | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% |
| ###### US26-PROD | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 99.413% | 100% | 100% | 100% | 100% | 100% | 100% |
| ###### US28-PROD | 100% | 100% | 100% | 99.926% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | 100% | | | | | | |
| ###### SA34-PROD | 100% | 100% | 100% | | | | | | | | | | | | | | | | | |
## Introduction
**Related pages**
- Page:
[ESM Cloud Farm Version Tracking](/display/ICSD/ESM+Cloud+Farm+Version+Tracking)
- Page:
[How to get an Opentext Confluence account](/display/ICSD/How+to+get+an+Opentext+Confluence+account)
- Page:
[ITOM APM AppPluse Cloud Farm Information](/display/ICSD/ITOM+APM+AppPluse+Cloud+Farm+Information)
- Page:
[ITOM Cloud Service Ops Doc Management Process](/display/ICSD/ITOM+Cloud+Service+Ops+Doc+Management+Process)
- Page:
[ITOM ESM Cloud Service Catalog](/display/ICSD/ITOM+ESM+Cloud+Service+Catalog)
- Page:
[ITOM OpsB NOM Cloud Service Catalog](/display/ICSD/ITOM+OpsB+NOM+Cloud+Service+Catalog)
- Page:
[OpsB and NOM Cloud Deployments Version Tracking](/display/ICSD/OpsB+and+NOM+Cloud+Deployments+Version+Tracking)

151
knowledgebase/csd-wiki/ICSD/ESM-ODL-Integration_693613201.md Normal file
View File

@@ -0,0 +1,151 @@
# ESM-ODL-Integration_693613201
## This is wiki helps the R&D team for the successfully integration of ESM and Operation Platform Integration for a tenant.
## Pre-requisites:
###### ESM and OP charts are deployed on the same cluster on different name spaces.
###### ESM tenat is created and Automation Center capabilty is enabled
###### ESM tenant, the Operation Platform tenant and users are created
## 1\. Configure OPTIC Data Lake certificates
## Download OPTIC Data Lake certificates
[https://docs.microfocus.com/doc/SMAX/24.3/IntegrateODL](https://docs.microfocus.com/doc/SMAX/24.3/IntegrateODL)
Follow the below steps to get Opeation Platform certificates:
1. 1. Invoke `https://<OpsbServerName>:443/ browser`, click **Not secure** and **Certificate is not valid**.
2. Go to the **Details** tab and select the root certificate, then click **Export**.
(Optional) If you want to use ports different from 443, you also need to import different certificates for them. For example, you have the following Administration and Data receiver URLs:
- - https://< `OpsbServerName` >:30004/itom-data-ingestion-administration
- https://< `OpsbServerName` >:30001/itom-data-ingestion-receiver
\* Follow the aove steps to get the Administrator (or) Receiver certificates
## Import ODL certificate into SMAX
Export the certificates and copy into path: /var/vols/itom/itsma/<global-volume>/certificate/source
Eg: /var/vols/itom/itsma/config-volume/certificate/source
On SaaS envrioment: /efs/var/vols/itom/itsma/config-volume/certificate/source
## 2\. Restart SMAX pods by running commands on a control plane node or the bastion node:
## Connect to the basion node of the SMAX cluster to run the K8 commands:
1\. Run the following commands to restart the SMAX platform pods.
```
kubectl rollout restart deployment -n itsma-xxxx itom-xruntime-platform
kubectl rollout restart deployment -n itsma-xxxx itom-xruntime-platform-offline
```
2\. Run the following command to restart the bo-ats pod.
```
kubectl rollout restart deployment -n itsma-xxxx itom-bo-ats-deployment
3. Run the following command to restart the ac-vulnerability-patching
kubectl rollout restart deployment -n itsma-xxxx itom-ac-vulnerability-and-patching
* Wait until all the pods are deleted pods are started and running successfully
```
## 3\. Login to BO to Deploy the OP capability for tenant.
## Create ODL IDM organization for the tenant.
1\. Login to BO and click on specific tenant, goto "Configurations=>Credentials store"
2\. Add IDM user credentials (with di-admin and di-ingestion role) in SMAX BO interface=>Configurations=>Credentials store
Here the Organization name should be name of OperationPlattform <tenant\_name>
![](attachments/693613201/693613167.png)
## Deploy OPTIC Data Lake Capability for the tenant
1\. In the Tenant → Application Settings, click on 'Deploy new Capability and follow the below steps:
a. Select OPTIC Data Lake
b. Provide the Administrator URL: [https://dawn120.dev.opsware.com:30443/itom-data-ingestion-administration](https://dawn120.dev.opsware.com:30443/itom-data-ingestion-administration)
c. Select the credentail user and click 'OK'
2\. Repeat the setting for 'Receiver UR:
b. Provide the Receiver URL: [https://dawn120.dev.opsware.com:30443/itom-data-ingestion-receiver](https://dawn120.dev.opsware.com:30443/itom-data-ingestion-receiver)
c. Select the credentail user and click 'OK'
![](attachments/693613201/693613177.png)
![](attachments/693613201/693613181.png)
![](attachments/693613201/693613182.png)
## 4\. Enable ODL Integration in Agent Interface for the tenant
## Login to Agent Interface => Integration Management=>Integration Configuration:
1\. Click 'Add' and select the AC entity types and saved.
a. Device
b. Actual Sevice
c. CVE
d. Vulnerability
e. Patch
f. Policy
g. Policy Implementations
2\. Click on 'OPTIC Data Lake' and select 'Appy' button to create OP tables
3\. Click on 'OPTIC Data Lake' and select 'Active' and Save.
![](attachments/693613201/693613187.png)
Select the required record type or all record types for data ingestion into ODL
![](attachments/693613201/693613189.png)
Add all the required record types, check "Active" to ingest data and click on Apply to create required tables in ODL Vertica
![](attachments/693613201/693613193.png)
**Note:** Without enabling ODL capability, data will not sync in the Vertica DB.
**Known Limitation:**
- The data sync is successful only for those AC existing entites which are sucessfully sycned in ESM database
- The data ingeration for AC entities is sucessful only from the point of integration to Operation Platform is done (i.e Full Sync support to push data created before integration is not supproted)
( i.e. for any existing data available before the Operation Platform integration, the data ingestion wil not work, we need to re-ingest the data to sync in OP)
**Related pages**
- Page:
[ESM Cloud Farm Version Tracking](/display/ICSD/ESM+Cloud+Farm+Version+Tracking)
- Page:
[How to get an Opentext Confluence account](/display/ICSD/How+to+get+an+Opentext+Confluence+account)
- Page:
[ITOM APM AppPluse Cloud Farm Information](/display/ICSD/ITOM+APM+AppPluse+Cloud+Farm+Information)
- Page:
[ITOM Cloud Service Ops Doc Management Process](/display/ICSD/ITOM+Cloud+Service+Ops+Doc+Management+Process)
- Page:
[ITOM ESM Cloud Service Catalog](/display/ICSD/ITOM+ESM+Cloud+Service+Catalog)
- Page:
[ITOM OpsB NOM Cloud Service Catalog](/display/ICSD/ITOM+OpsB+NOM+Cloud+Service+Catalog)
- Page:
[OpsB and NOM Cloud Deployments Version Tracking](/display/ICSD/OpsB+and+NOM+Cloud+Deployments+Version+Tracking)

15
knowledgebase/csd-wiki/ICSD/ESM-Order-Fulfillment-and-Tenant-Provisioning-Strategy_688987756.md Normal file
View File

@@ -0,0 +1,15 @@
# ESM-Order-Fulfillment-and-Tenant-Provisioning-Strategy_688987756
## Introduction
This document describes how to perform proper order fulfillment and generate a tenant license when CSM receives a SaaS Order from an ESM customer. It also gives the Cloud Ops team a reference on how to perform proper tenant provisioning.
## Order License Strategy
| Product | License Type | | | | | |
| --- | --- | --- | --- | --- | --- | --- |
| SMAX | SMAX Express License | | | | | |
| | SMAX Premium License | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |
| | | | | | | |

27
knowledgebase/csd-wiki/ICSD/ESM-Patch-Version-Rollback-Capability-Tracking_692429849.md Normal file
View File

@@ -0,0 +1,27 @@
# ESM-Patch-Version-Rollback-Capability-Tracking_692429849
If a patch has DB schema change or not
| | Service Management & Cloud Management & Asset Management | Comments |
| --- | --- | --- |
| 25.1.2 | No | |
| 25.2.1 | Yes | XIE liquibase change added for a new feature in this patch 25.2.1 |
| 25.2.2 | No | |
| 25.3.1 | No | |
| 25.3.2 | No | |
**Related pages**
- Page:
[ESM Cloud Farm Version Tracking](/display/ICSD/ESM+Cloud+Farm+Version+Tracking)
- Page:
[How to get an Opentext Confluence account](/display/ICSD/How+to+get+an+Opentext+Confluence+account)
- Page:
[ITOM APM AppPluse Cloud Farm Information](/display/ICSD/ITOM+APM+AppPluse+Cloud+Farm+Information)
- Page:
[ITOM Cloud Service Ops Doc Management Process](/display/ICSD/ITOM+Cloud+Service+Ops+Doc+Management+Process)
- Page:
[ITOM ESM Cloud Service Catalog](/display/ICSD/ITOM+ESM+Cloud+Service+Catalog)
- Page:
[ITOM OpsB NOM Cloud Service Catalog](/display/ICSD/ITOM+OpsB+NOM+Cloud+Service+Catalog)
- Page:
[OpsB and NOM Cloud Deployments Version Tracking](/display/ICSD/OpsB+and+NOM+Cloud+Deployments+Version+Tracking)

25
knowledgebase/csd-wiki/ICSD/ESM-SaaS-CSD-Ops-Coverage_718139964.md Normal file
View File

@@ -0,0 +1,25 @@
# ESM-SaaS-CSD-Ops-Coverage_718139964
## Introduction
Here is the current list of CSD ESM Operations engineers. This is subject to changes.
## Contact list
| Role | Name | Phone no. | Location | Timezone | On-call ROTA |
| --- | --- | --- | --- | --- | --- |
| Sr. Mgr. CSD | Sajith Kumar | +919900239972 | Bangalore, India | UTC+5.5 | yes |
| Sr. Mgr. CSD | Ernie Riedelbach | +1720 842 3843 | Provo, UT, USA | UTC-6 | yes |
| Sr. Ops. Eng. | Adina Lehene | +40731819699 | Cluj-Napoca, RO | UTC+3 | yes |
| Sr. Ops. Eng. | Maricel Plesuvu | +40731822607 | Cluj-Napoca, RO | UTC+3 | yes |
| Sr. Ops. Eng. | Paul Badiu | | Cluj-Napoca, RO | UTC+3 | not yet |
| Sr. Ops. Eng. | Miroslav Shindarov | +359888810500 | Sofia, BG | UTC+3 | yes |
| Sr. Ops. Eng. | Dilip Behera | +919902721855 | Bangalore, India | UTC+5.5 | yes |
| Sr. Ops. Eng. | Vibin Thadathil Krishnan | +918550024462 | Bangalore, India | UTC+5.5 | yes |
| Sr. Ops. Eng. | M R Rejoy | | Bangalore, India | UTC+5.5 | yes |
| Sr. Ops. Eng. | Heiner Fernandez | +50688260989 | Cost Rica | UTC-6 | yes |
| Sr. Ops. Eng. | Manmohan Parmar | | Waterloo, ON, CAN | UTC-4 | not yet |
| Sr. Ops. Eng. | Sainath Goriparthi | | Mississauga, ON, CAN | UTC-4 | not yet |
## Conclusions
In case of an emergency, please check who is the on-call Operations engineer at the moment of the incident on the [EverBridge portal](https://member.everbridge.net/manage/453003085617753/1956345255324613#/scheduling/my-schedule) and contact them by phone.

4
knowledgebase/csd-wiki/ICSD/ESM-SaaS-Farm-Configuration-Management-Log_686074216.md Normal file
View File

@@ -0,0 +1,4 @@
# ESM-SaaS-Farm-Configuration-Management-Log_686074216
| US2-DEV | US2-PROD | EU3-PROD | US6-PROD | US7-PROD | EU8-PROD | AP10-PROD | JP12-PROD | JP12-STG | BR14-PROD | CA16-PROD | EU18-PROD | US24-PROD | US26-PROD | EU28 |
| --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- |
| | Change Native SACM throttling control 100->500 | Zero-trust | Changed sawarc-con: MaxSyncDelay from 480 to 1200 | | - [Change TimeWindow Interval via JMX or configmap](https://rndwiki.houston.softwaregrp.net/confluence/display/ICS/Change+TimeWindow+Interval+via+JMX+or+configmap) 100->500 - [Optimize the IDOL archive queue for EU8](https://rndwiki.houston.softwaregrp.net/confluence/display/ICS/Optimize+the+IDOL+archive+queue+for+EU8) - Allocate OLP to a specific worker node m5.2xlarge - Change farm level NSACM throttling control → 1000 - Change OLP CPU 4 →7 - Allocate dedicate node group for IDOL servers. - : | | [Japanese search accuracy enhancement](https://rndwiki.houston.softwaregrp.net/confluence/display/ICS/ESM+23.4.P1+Cloud+Deployment#ESM23.4.P1CloudDeployment-JP12Only!!!AdditionaltasksforJapanesesearchaccuracyenhancement) | | - 3886288: | | Zero-trust | | | Change Native SACM throttling control 500 |

44
knowledgebase/csd-wiki/ICSD/ESM-SaaS-Order-Fulfillment-Procedures_686069896.md Normal file
View File

@@ -0,0 +1,44 @@
# ESM-SaaS-Order-Fulfillment-Procedures_686069896
## Introduction
This document details how to fulfill SMAX/AMX/HCMX SaaS orders in Control Tower. It contains the licenses for generating customer orders through Control Tower.
## Receive ESM SaaS Orders
- When a new SaaS order comes in, PDL " [smax\_saas\_orders@](mailto:smax_saas_orders@microfocus.com) [microfocus.com](http://microfocus.com/) " receives an email notification that the new order has been generated in Control Tower and requires team to perform order provisioning actions
![](attachments/686069896/686069892.png)
- According to customer's purchase, the SaaS order may include different products and different number of license units. To understand the structure of ESM products, please refer to <ESM Product Structure & License>
- In the notification email, there is a specific Control Tower SaaS order ID, next we need to provision the order in Control Tower based on this ID
## Order Fulfillment Procedures
- Please refer to document to get detail order fulfillment procedures: [SMAX\_Provisioning\_Flow.docx](#)
- Please noticed the above document is using SMAX as example to describe the order fulfillment procedures, there are following products in ESM should be follow the same procedures if it included in customer's order
- Asset Management X
- Hybrid Cloud Management X
- Hybrid Cloud Management X FinOps Express
- Hybrid Cloud Management X Premium
- Operations Orchestration
- Service Management Automation X
- Service Management Automation X Express
- Universal Discovery
## Best Practices
### Customer Order License Management
- Once the licenses for the relevant products have been generated and downloaded via the UT ticket attachment, in order to facilitate the organization of these licenses the best practice is to upload these source excel file to [SharePoint folder](https://opentextcorporation.sharepoint.com/sites/MFI-SMAXSaaSDevOps/Shared%20Documents/Forms/AllItems.aspx?id=%2Fsites%2FMFI%2DSMAXSaaSDevOps%2FShared%20Documents%2F2%2DESM%20SaaS%20Customer%2FLicense&viewid=250c668f%2D9c3b%2D4ad9%2Db164%2D3d6ac18e50c3) with specific naming rules like:
**<customer>\_<product name>\_<license unit number>\_<prod or dev tenant>.xls**
For example:
![](attachments/686069896/686069894.png)
- After then, the Cloud engineer can extract the license key from the source excel file and save as real product license file. The new product license file name can keep as same naming rules.
- For SMAX its XML format
- For CMS it's text format
For example:
- With this practice, it will be easy for Cloud Ops engineer to apply correct license to customer's prod/dev tenants.

19
knowledgebase/csd-wiki/ICSD/ESM-SaaS-Order-Fulfillment-Process_686069900.md Normal file
View File

@@ -0,0 +1,19 @@
# ESM-SaaS-Order-Fulfillment-Process_686069900
## Introduction
This document is to introduce the ESM SaaS Order Fulfillment Process and the flow how to manage the E2E customer tenant provision and license assignment.
## Process
1. Receive new order ID and create new record in SharePoint Excel File: [ESM SaaS Order Fulfillment Tracking List.xls](https://opentextcorporation.sharepoint.com/:x:/s/MFI-SMAXSaaSDevOps/Eb_O7Hm-OzNNoB0NwWbdb1EBtl4dPZBQPctsdGhL9QTfGA?e=YXMJnc) and assign owner [Boglarka Ronai](https://rndwiki.houston.softwaregrp.net/confluence/display/~boglarka.ronai@microfocus.com)
(Old method was not working because of permissions on wiki page: [https://rndwiki.houston.softwaregrp.net/confluence/display/ICS/ESM+SaaS+Order+Fulfillment+Tracking+List](https://rndwiki.houston.softwaregrp.net/confluence/display/ICS/ESM+SaaS+Order+Fulfillment+Tracking+List) )
1. CT Order Provision & License File Generation [@Waldo Machado](mailto:wmachado@opentext.com) or [@Hasan Ahmed Shaik](mailto:hshaik@opentext.com)
2. X4X Tenant Provision (NEW BUSINESS ONLY) [@Miroslav Shindarov](mailto:mshindarov@opentext.com) [@Wenjun Sun](mailto:wsun2@opentext.com)
3. Assign License to Tenant [@Miroslav Shindarov](mailto:mshindarov@opentext.com) [@Wenjun Sun](mailto:wsun2@opentext.com)
4. PCS Create New Entitlement [@Brindusa Kevorkian](mailto:bkevorkian@opentext.com) [@Wei Shen](mailto:wshen@opentext.com)
5. PCS - Create New Tenant Record and Link to Entitlement [@Miroslav Shindarov](mailto:mshindarov@opentext.com) [@Wenjun Sun](mailto:wsun2@opentext.com)
2. Communication
1. Using Teams Channel “ESM SaaS Order Provision Working Group” to communicate all order provisioning & license # questions
3. Update Status
1. Once task is done, the owner update the status in the wiki page and Teams channel
2. [@Boglarka Ronai](mailto:bronai@opentext.com) to check overall progress and status

4
knowledgebase/csd-wiki/ICSD/ESM-SaaS-Order-Fulfillment-Tracking-List-FY24-Q4_686069919.md Normal file
View File

@@ -0,0 +1,4 @@
# ESM-SaaS-Order-Fulfillment-Tracking-List-FY24-Q4_686069919
| Date | Order ID | Customer Account | Product | Order Detail | New Business/Amendment | CT Order Provision | CT Order Provisioning Date | CT License File Generated | X4X Tenant Provision | SMAX Assign License To Tenant | PCS Create New Entitlement | PCS Create Tenant Record | PCS Customer Welcome Call | PCS Create first PCS users |
| --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- |
| | SOPTL00010000174 & SB\_707092 | [Caixa Economica Montepio Geral](https://backoffice.saas.microfocus.com/home/bl/desktop.html?TENANTID=1#/customers/784102255/tab/accountInfo) | Service Management Automation X | 50 - Service Management Automation X Premium By 1 Unit SaaS | | | | | | | | | | |

453
knowledgebase/csd-wiki/ICSD/ESM-SaaS-Tenant-Provision-Automation-API-Document_686070458.md Normal file
View File

@@ -0,0 +1,453 @@
# ESM-SaaS-Tenant-Provision-Automation-API-Document_686070458
## Introduction
ESM SaaS products include SMAX, CMS, OO, HCMX, etc. All these products are automatically deployed on AWS through a set of AWS lambda functions.
These functions are triggered by calling the API interface of each function. They will execute the internal APIs of ESM SaaS one by one to complete the configuration work.
This is a detailed description of the steps to perform.
## SMAX tenant provisioning
### Customer creation
This function is for creating a Customer in the BO.
- **URI****:** https://{SMAX\_FQDN}/x4x/lambda/customerCreation
- **Execution APIs:**
| No | Function | Method | URL Path |
| --- | --- | --- | --- |
| 1 | Get the BO auth token | POST | {SMAX\_FQDN}/bo/rest/auth/token |
| 2 | Create a **Customer** | POST | {SMAX\_FQDN}/bo/rest/entities/customer |
### Tenant creation
This function is for deploying a tenant in the BO and creating associated admin users and SMAX licenses.
- **URI:** https://{SMAX\_FQDN}/x4x/lambda/tenantCreation
- **Execution APIs:**
| No | Function | Method | URL Path |
| --- | --- | --- | --- |
| 1 | Get the BO auth token | POST | {SMAX\_FQDN}/bo/rest/auth/token |
| 2 | Greate an **Account** | POST | {SMAX\_FQDN}/bo/rest/entities/account |
| 3 | Create a tenant | POST | {SMAX\_FQDN}/bo/rest/entities/tenant |
| 4 | Create an admin user | POST | {SMAX\_FQDN}/bo/rest/entities/user |
| 5 | Create a customer user | POST | {SMAX\_FQDN}/bo/rest/entities/user |
| 6 | Attach the users to the tenant | PUT | {SMAX\_FQDN}/bo/rest/entities/user/attachOrRemove |
| 7 | Set the admin user as the tenant owner | PUT | {SMAX\_FQDN}/bo/rest/entities/tenant/{ESM\_TENANT\_ID} |
| 8 | Create a license | POST | {SMAX\_FQDN}/bo/rest/entities/license |
| 9 | Assign license to the tenant | POST | {SMAX\_FQDN}/bo/rest/license activities/assign |
| 10 | Deploy the tenant | POST | {SMAX\_FQDN}/bo/rest/entities/tenant/deploy |
### Tenant status
This function is for checking or editing the status of a tenant.
- **URI:** https://{SMAX\_FQDN}/x4x/lambda/tenantStatus
- **Execution APIs:**
| No | Function | Method | URL Path |
| --- | --- | --- | --- |
| 1 | Get the BO auth token | POST | {SMAX\_FQDN}/bo/rest/auth/token |
| 2 | Get the tenant status | GET | {SMAX\_FQDN}/bo/rest/entities/tenant/{ESM\_TENANT\_ID} |
| 3 | Update the tenant status | PUT | {SMAX\_FQDN}/bo/rest/entities/tenant/{ESM\_TENANT\_ID} |
### Tenant Google Analytics switch
This function is for enable/disable the google analytics for the tenant.
- **URI:** https://{SMAX\_FQDN}/x4x/lambda/tenantConfig/GATrackingId
- **Execution APIs:**
| No | Function | Method | URL Path |
| --- | --- | --- | --- |
| 1 | Get the SMAX auth token | POST | {SMAX\_FQDN}/auth/authentication-endpoint/authenticate/token?tenantId={ESM\_TENANT\_ID} |
| 2 | Set Google Analytics tracking ID | PUT | {SMAX\_FQDN}/rest/{ESM\_TENANT\_ID}/common-settings/setting/GA\_TRACKING\_ID |
| 3 | Enable or Disable Google Analytics | PUT | {SMAX\_FQDN}/rest/{ESM\_TENANT\_ID}/common-settings/setting/ENABLE\_GA |
### Put authorization principal to the customer user
This function is for grant a SMAX role on a customer user.
- **URI:** https://{SMAX\_FQDN}/x4x/lambda/tenantConfig/setPermission
- **Execution APIs:**
| No | Function | Method | URL Path |
| --- | --- | --- | --- |
| 1 | Get the SMAX auth token | POST | {SMAX\_FQDN}/auth/authentication-endpoint/authenticate/token?tenantId={ESM\_TENANT\_ID} |
| 2 | Get the current authorization principal | GET | {SMAX\_FQDN}/rest/{ESM\_TENANT\_ID}/rms/AuthorizationPrincipalResourceJSON?filter=UserId+=+'{customerEmail}' |
| 3 | Put the new authorization principal | PUT | {SMAX\_FQDN}/rest/{ESM\_TENANT\_ID}/rms/AuthorizationPrincipalResourceJSON/{resourceId} |
### Deploy SMAX demo data
This function is for deploying the SMAX demo data.
- **URI:** https://{SMAX\_FQDN}/x4x/lambda/tenantConfig/smaxDemoData
- **Execution APIs:**
| No | Function | Method | URL Path |
| --- | --- | --- | --- |
| 1 | Get the SMAX auth token | POST | {SMAX\_FQDN}/auth/authentication-endpoint/authenticate/token?tenantId={ESM\_TENANT\_ID} |
| 2 | Validate SMAX Demo Data | GET | {SMAX\_FQDN}/rest/{ESM\_TENANT\_ID}/ess/deployment/validateDemoDataNotDeployed |
| 3 | Deploy SMAX Demo Data | GET | {SMAX\_FQDN}/rest/{ESM\_TENANT\_ID}/ess/deployment/deployBetaData |
### Enable self-password reset
This function is for enable self-password reset function.
- **URI:** https://{SMAX\_FQDN}/x4x/lambda/tenantConfig/selfPasswordReset
- **Execution APIs:**
| No | Function | Method | URL Path |
| --- | --- | --- | --- |
| 1 | Get the IDM auth token | POST | {SMAX\_FQDN}/idm-service/v3.0/tokens |
| 2 | PUT self-password reset metadata | PUT | {SMAX\_FQDN}/idm-service/api/scim/organizations/{ESM\_TENANT\_ID}/metadata |
### Disable notification service
This function is for disable the notification service of a tenant.
- **URI:** https://{SMAX\_FQDN}/x4x/lambda/tenantConfig/emailService
- **Execution APIs:**
| No | Function | Method | URL Path |
| --- | --- | --- | --- |
| 1 | Get the SMAX auth token | POST | {SMAX\_FQDN}/auth/authentication-endpoint/authenticate/token?tenantId={ESM\_TENANT\_ID} |
| 2 | Disable notification service | PUT | {SMAX\_FQDN}/rest/{ESM\_TENANT\_ID}/common-settings/setting/NOTIFICATION\_SERVICE\_ENABLED |
### Set CMS client download link
This function is for set CMS download link in the integration configuration page
- **URI:** https://{SMAX\_FQDN}/x4x/lambda/tenantConfig/cmsDownloadLink
- **Execution APIs:**
| No | Function | Method | URL Path |
| --- | --- | --- | --- |
| 1 | Get the integration user's auth token | POST | {SMAX\_FQDN}/auth/authentication-endpoint/authenticate/token?tenantId={ESM\_TENANT\_ID} |
| 2 | Set CMS client's download link | PUT | {SMAX\_FQDN}/rest/{ESM\_TENANT\_ID}/TenantSettings/settings/CMS\_DOWNLOAD\_SERVICE |
### Set OO client download link
This function is for set OO download link in the integration configuration page
- **URI:** https://{SMAX\_FQDN}/x4x/lambda/tenantConfig/ooDownloadLink
- **Execution APIs:**
| No | Function | Method | URL Path |
| --- | --- | --- | --- |
| 1 | Get the integration user's auth token | POST | {SMAX\_FQDN}/auth/authentication-endpoint/authenticate/token?tenantId={ESM\_TENANT\_ID} |
| 2 | Set OO client's download link | PUT | {SMAX\_FQDN}/rest/{ESM\_TENANT\_ID}/TenantSettings/settings/OO\_DOWNLOAD\_SERVICE |
### Update navigation trusted domain
This function is for update navigation trusted domain of the tenant
- **URI:** https://{SMAX\_FQDN}/x4x/lambda/tenantConfig/navigationTrustedDomain
- **Execution APIs:**
| No | Function | Method | URL Path |
| --- | --- | --- | --- |
| 1 | Get the SMAX auth token | POST | {SMAX\_FQDN}/auth/authentication-endpoint/authenticate/token?tenantId={ESM\_TENANT\_ID} |
| 2 | Update the navigation trusted domain | PUT | {SMAX\_FQDN}/rest/{ESM\_TENANT\_ID}/common-settings/setting/NavigationTrustedDomains |
### Tenant deletion
This function is for delete tenant
- **URI:** https://{SMAX\_FQDN}/x4x/lambda/tenantDeletion
- **Execution APIs:**
| No | Function | Method | URL Path |
| --- | --- | --- | --- |
| 1 | Get the BO auth token | POST | {SMAX\_FQDN}/bo/rest/auth/token |
| 2 | Get the tenant | GET | {SMAX\_FQDN}/bo/rest/entities/tenant/{ESM\_TENANT\_ID} |
| 3 | Update tenant to inactive | PUT | {SMAX\_FQDN}/bo/rest/entities/tenant/{ESM\_TENANT\_ID} |
| 4 | Delete the tenant | DELETE | {SMAX\_FQDN}/bo/rest/entities/tenant |
### Account deletion
This function is for delete account
- **URI:** https://{SMAX\_FQDN}/x4x/lambda/accountDeletion
- **Execution APIs:**
| No | Function | Method | URL Path |
| --- | --- | --- | --- |
| 1 | Get the BO auth token | POST | {SMAX\_FQDN}/bo/rest/auth/token |
| 2 | Get the users of the account | GET | {SMAX\_FQDN}/bo/rest/entities/user?timeStamp={{NOW}}&filter=((account+eq+"{{accountId}}")+and+((name+nin+"bo-integration@ [dummy.com](http://dummy.com/),saw-integration-internal@ [dummy.com](http://dummy.com/),saw-integration-external@ [dummy.com](http://dummy.com/) ")+or+(idmOrganization+neq+"sysbo")))&offset=0&limit=100 |
| 3 | Delete the users | DELETE | {SMAX\_FQDN}/bo/rest/entities/user |
| 4 | Delete the tenant | DELETE | {SMAX\_FQDN}/bo/rest/entities/account |
## CMS Tenant provisioning
### CMS tenant creation
This function is for creating a CMS tenant
- **URI:** https://{SMAX\_FQDN}/x4x/lambda/cmsCustomerCreation
- **Execution APIs:**
| No | Function | Method | URL Path |
| --- | --- | --- | --- |
| 1 | Get the CMS auth token | POST | {CMS\_FQDN}/cms-gateway/urest/v1/1/authentication?target=cms |
| 2 | Create a CMS tenant | POST | {CMS\_FQDN}/cms-gateway/urest/v1/tenants |
### CMS tenant post-configuration
This function is for post-config after the CMS tenant creation
- **URI:** https://{SMAX\_FQDN}/x4x/lambda/cmsGroupCreation
- **Execution APIs:**
| No | Function | Method | URL Path |
| --- | --- | --- | --- |
| 1 | Get the ucmdb auth token | POST | {CMS\_FQDN}/ucmdb-server/rest-api/authenticate |
| 2 | Get CMS internal license | GET | {CMS\_FQDN}/ucmdb-server/rest-api/uiserver/license/capacity |
| 3 | Allocate license to the CMS tenant | PATCH | {CMS\_FQDN}/ucmdb-server/rest-api/uiserver/license/customers/{ESM\_TENANT\_ID}/capacity |
| 4 | Get the BO auth token | POST | {SMAX\_FQDN}/bo/rest/auth/token |
| 5 | Create the CMS admin user | POST | {SMAX\_FQDN}/bo/rest/entities/user |
| 6 | Create the CMS integration user | POST | {SMAX\_FQDN}/bo/rest/entities/user |
| 7 | Attach the CMS users to the tenant | PUT | {SMAX\_FQDN}/bo/rest/entities/user/attachOrRemove |
| 8 | Get the IDM auth token | POST | {SMAX\_FQDN}/idm-service/v3.0/tokens |
| 9 | Create an IDM Group for CMS | POST | {SMAX\_FQDN}/idm-service/api/scim/organizations/{ESM\_TENANT\_ID}/groups |
| 10 | Bind the CMS admin role to the IDM group | PUT | {SMAX\_FQDN}/idm-service/api/scim/organizations/{ESM\_TENANT\_ID}/roles/SuperAdmin/groups/{groupName} |
| 11 | Bind the CMS admin user to the IDM group | POST | {SMAX\_FQDN}/idm-service/api/scim/organizations/{ESM\_TENANT\_ID}/groups/{groupName}/members |
| 12 | Bind the CMS integration user to the IDM group | POST | {SMAX\_FQDN}/idm-service/api/scim/organizations/{ESM\_TENANT\_ID}/groups/{groupName}/members |
| 13 | Bind the customer user to the IDM group | POST | {SMAX\_FQDN}/idm-service/api/scim/organizations/{ESM\_TENANT\_ID}/groups/{groupName}/members |
### CMS tenant status
This function is for checking or stopping a CMS tenant
- **URI:** https://{SMAX\_FQDN}/x4x/lambda/cmsCustomerStatus
- **Execution APIs:**
| No | Function | Method | URL Path |
| --- | --- | --- | --- |
| 1 | Get the CMS auth token | POST | {CMS\_FQDN}/cms-gateway/urest/v1/1/authentication?target=cms |
| 2 | Get the CMS tenant | GET | {CMS\_FQDN}/cms-gateway/urest/v1/tenants/{cmsCustomerId} |
| 3 | Get the ucmdb auth token to stop tenant | POST | {CMS\_FQDN}/ucmdb-server/rest-api/authenticate |
| 4 | Stop the CMS tenant | PUT | {CMS\_FQDN}/ucmdb-server/rest-api/customers/{cmsCustomerId} |
### CMS tenant deletion
This function is for delete a CMS tenant
- **URI:** https://{SMAX\_FQDN}/x4x/lambda/cmsCustomerDeletion
- **Execution APIs:**
| No | Function | Method | URL Path |
| --- | --- | --- | --- |
| 1 | Get the ucmdb auth token | POST | {CMS\_FQDN}/ucmdb-server/rest-api/authenticate |
| 2 | Delete the CMS tenant | DELETE | {CMS\_FQDN}/ucmdb-server/rest-api/customers/{cmsCustomerId} |
### Native SACM enablement
This function is for enable Native SACM
- **URI:** https://{SMAX\_FQDN}/x4x/lambda/sacmEnablement
- **Execution APIs:**
| No | Function | Method | URL Path |
| --- | --- | --- | --- |
| 1 | Get the BO auth token | POST | {SMAX\_FQDN}/bo/rest/auth/token |
| 2 | Deploy the Native SACM | POST | {SMAX\_FQDN}/bo/rest/entities/tenant/{ESM\_TENANT\_ID}/sam |
| 3 | Enable the Native SACM | POST | {SMAX\_FQDN}/bo/rest/entities/tenant/{ESM\_TENANT\_ID}/forceEnable |
### SAM enablement
This function is for enable SAM
- **URI:** https://{SMAX\_FQDN}/x4x/lambda/samEnablement
- **Execution APIs:**
| No | Function | Method | URL Path |
| --- | --- | --- | --- |
| 1 | Get the BO auth token | POST | {SMAX\_FQDN}/bo/rest/auth/token |
| 2 | Pre-check the SAM capability deployment | POST | {SMAX\_FQDN}/bo/rest/entities/tenant/{ESM\_TENANT\_ID}/capabilities/readiness |
| 3 | Deploy the SAM capability | POST | {SMAX\_FQDN}/bo/rest/entities/tenant/{ESM\_TENANT\_ID}/capabilities |
| 4 | Enable the SAM capability | PUT | {SMAX\_FQDN}/bo/rest/entities/tenant/{ESM\_TENANT\_ID}/capabilities |
## OO enablement
### OO capability creation
This function is for creating OO capability
- **URI:** https://{SMAX\_FQDN}/x4x/lambda/ooEnablement/createOO
- **Execution APIs:**
| No | Function | Method | URL Path |
| --- | --- | --- | --- |
| 1 | Get the BO auth token | POST | {SMAX\_FQDN}/bo/rest/auth/token |
| 2 | Pre-check the OO capability deployment | POST | {SMAX\_FQDN}/bo/rest/entities/tenant/{ESM\_TENANT\_ID}/capabilities/readiness |
| 3 | Deploy the OO capability | POST | {SMAX\_FQDN}/bo/rest/entities/tenant/{ESM\_TENANT\_ID}/capabilities |
| 4 | Create the OO integration user | POST | {SMAX\_FQDN}/bo/rest/entities/user |
| 5 | Attach the integration user to the tenant | PUT | {SMAX\_FQDN}/bo/rest/entities/user/attachOrRemove |
### OO capability enablement
This function is for enable OO capability
- **URI:** https://{SMAX\_FQDN}/x4x/lambda/ooEnablement/enableOO
- **Execution APIs:**
| No | Function | Method | URL Path |
| --- | --- | --- | --- |
| 1 | Get the BO auth token | POST | {SMAX\_FQDN}/bo/rest/auth/token |
| 2 | Get the OO deployment status | GET | {SMAX\_FQDN}/bo/rest/entities/tenant/{ESM\_TENANT\_ID}/capabilities |
| 3 | Enable the OO capability | PUT | {SMAX\_FQDN}/bo/rest/entities/tenant/{ESM\_TENANT\_ID}/capabilities |
| 4 | Get the IDM auth token | POST | {SMAX\_FQDN}/idm-service/v3.0/tokens |
| 5 | Bing the customer user to the OO admin group | POST | {SMAX\_FQDN}/idm-service/api/scim/organizations/{ESM\_TENANT\_ID}/groups/OO\_ADMINISTRATORS/members |
| 6 | Bing the integration user to the OO admin group | POST | {SMAX\_FQDN}/idm-service/api/scim/organizations/{ESM\_TENANT\_ID}/groups/OO\_ADMINISTRATORS/members |
| 7 | Get the OO internal license | POST | {OO\_FQDN}/autopass/wsservices/v11/license/view |
| 8 | Assign the OO license to the tenant | POST | {OO\_FQDN}/autopass/services/v12/tenant/license/assign |
| 9 | Change the min/max pool size | PATCH | {OO\_FQDN}/oocontroller/rest/v1/tenants/{ESM\_TENANT\_ID} |
## DND enablement
### DND capability creation
This function is for creating DND capability
- **URI:** https://{SMAX\_FQDN}/x4x/lambda/dndEnablement/createDND
- **Execution APIs:**
| No | Function | Method | URL Path |
| --- | --- | --- | --- |
| 1 | Get the BO auth token | POST | {SMAX\_FQDN}/bo/rest/auth/token |
| 2 | Pre-check the DND capability deployment | POST | {SMAX\_FQDN}/bo/rest/entities/tenant/{ESM\_TENANT\_ID}/capabilities/readiness |
| 3 | Create the DND admin user | POST | {SMAX\_FQDN}/bo/rest/entities/user |
| 4 | Create the DND transport user | POST | {SMAX\_FQDN}/bo/rest/entities/user |
| 5 | Attach the users to the tenant | PUT | {SMAX\_FQDN}/bo/rest/entities/user/attachOrRemove |
| 6 | Deploy the DND capability | POST | {SMAX\_FQDN}/bo/rest/entities/tenant/{ESM\_TENANT\_ID}/capabilities |
### DND capability enablement
This function is for enable DND capability
- **URI:** https://{SMAX\_FQDN}/x4x/lambda/dndEnablement/enableDND
- **Execution APIs:**
| No | Function | Method | URL Path |
| --- | --- | --- | --- |
| 1 | Get the BO auth token | POST | {SMAX\_FQDN}/bo/rest/auth/token |
| 2 | Get the DND deployment status | GET | {SMAX\_FQDN}/bo/rest/entities/tenant/{ESM\_TENANT\_ID}/capabilities |
| 3 | Enable the DND capability | PUT | {SMAX\_FQDN}/bo/rest/entities/tenant/{ESM\_TENANT\_ID}/capabilities |
| 4 | Assign the DND license to the tenant | POST | {SMAX\_FQDN}/bo/rest/licenseActivities/assign |
| 5 | Get the IDM auth token | POST | {SMAX\_FQDN}/idm-service/v3.0/tokens |
| 6 | Bing the SMAX admin user to the CS admin group | POST | {SMAX\_FQDN}/idm-service/api/scim/organizations/{ESM\_TENANT\_ID}/groups/CS\_ADMINISTRATORS/members |
| 7 | Bing the customer user to the CS admin group | POST | {SMAX\_FQDN}/idm-service/api/scim/organizations/{ESM\_TENANT\_ID}/groups/CS\_ADMINISTRATORS/members |
| 8 | Bing the customer user to the DND admin group | POST | {SMAX\_FQDN}/idm-service/api/scim/organizations/{ESM\_TENANT\_ID}/groups/DND\_ADMINISTRATORS/members |
## CGRO enablement
### CGRO capability creation
This function is for creating CGRO capability
- **URI:** https://{SMAX\_FQDN}/x4x/lambda/cgroEnablement/createCGRO
- **Execution APIs:**
| No | Function | Method | URL Path |
| --- | --- | --- | --- |
| 1 | Get the BO auth token | POST | {SMAX\_FQDN}/bo/rest/auth/token |
| 2 | Pre-check the CGRO capability deployment | POST | {SMAX\_FQDN}/bo/rest/entities/tenant/{ESM\_TENANT\_ID}/capabilities/readiness |
| 3 | Create the CGRO admin user | POST | {SMAX\_FQDN}/bo/rest/entities/user |
| 5 | Attach the user to the tenant | PUT | {SMAX\_FQDN}/bo/rest/entities/user/attachOrRemove |
| 6 | Deploy the CGRO capability | POST | {SMAX\_FQDN}/bo/rest/entities/tenant/{ESM\_TENANT\_ID}/capabilities |
### CGRO capability enablement
This function is for enable CGRO capability
- **URI:** https://{SMAX\_FQDN}/x4x/lambda/cgroEnablement/enableCGRO
- **Execution APIs:**
| No | Function | Method | URL Path |
| --- | --- | --- | --- |
| 1 | Get the BO auth token | POST | {SMAX\_FQDN}/bo/rest/auth/token |
| 2 | Get CGRO deployment status | GET | {SMAX\_FQDN}/bo/rest/entities/tenant/{ESM\_TENANT\_ID}/capabilities |
| 3 | Enable CGRO capability | PUT | {SMAX\_FQDN}/bo/rest/entities/tenant/{ESM\_TENANT\_ID}/capabilities |
| 4 | Get the IDM auth token | POST | {SMAX\_FQDN}/idm-service/v3.0/tokens |
| 5 | Bing the SMAX admin user to the CGRO admin group | POST | {SMAX\_FQDN}/idm-service/api/scim/organizations/{ESM\_TENANT\_ID}/groups/CGRO\_ADMINISTRATORS/members |
| 6 | Bing the customer user to the CGRO admin group | POST | {SMAX\_FQDN}/idm-service/api/scim/organizations/{ESM\_TENANT\_ID}/groups/CGRO\_ADMINISTRATORS/members |
## ITOM Aviator enablement
### ITOM Aviator enablement
This function is for enable ITOM Aviator capability
- **URI:** https://{SMAX\_FQDN}/x4x/lambda/aviatorEnablement
- **Execution APIs:**
| No | Function | Method | URL Path |
| --- | --- | --- | --- |
| 1 | Get the BO auth token | POST | {SMAX\_FQDN}/bo/rest/auth/token |
| 2 | Pre-check the ITOM Aviator capability deployment | POST | {SMAX\_FQDN}/bo/rest/entities/tenant/{ESM\_TENANT\_ID}/capabilities/readiness |
| 3 | Deploy the ITOM Aviator capability | POST | {SMAX\_FQDN}/bo/rest/entities/tenant/{ESM\_TENANT\_ID}/capabilities |
| 4 | Enable the ITOM Aviator capability | PUT | {SMAX\_FQDN}/bo/rest/entities/tenant/{ESM\_TENANT\_ID}/capabilities |
## HCMX FinOps
### Tenant key chain generation
This function is for the key chain for the HCMX FinOps
- **URI:** https://{SMAX\_FQDN}/x4x/lambda/hcmxPostConfig/keychain
- **Execution APIs:**
| No | Function | Method | URL Path |
| --- | --- | --- | --- |
| 1 | Get the SMAX auth token | POST | {SMAX\_FQDN}/auth/authentication-endpoint/authenticate/token?TENANTID={ESM\_TENANT\_ID} |
| 2 | Generate tenant key chain | POST | {SMAX\_FQDN}/rest/{ESM\_TENANT\_ID}/encryption/tenant\_key\_chain |
| 3 | Get tenant key chain for the validation | GET | {SMAX\_FQDN}/rest/{ESM\_TENANT\_ID}/encryption/tenant\_key\_chain/{ESM\_TENANT\_ID}/status |
### Application settings
This function is for updating the application settings of the HCMX FinOps
- **URI:** https://{SMAX\_FQDN}/x4x/lambda/hcmxPostConfig/appsettings
- **Execution APIs:**
| No | Function | Method | URL Path |
| --- | --- | --- | --- |
| 1 | Get the SMAX auth token | POST | {SMAX\_FQDN}/auth/authentication-endpoint/authenticate/token?TENANTID={ESM\_TENANT\_ID} |
| 2 | Update the customization restriction policy | PUT | {SMAX\_FQDN}/rest/{ESM\_TENANT\_ID}/common-settings/setting/CustomizationRestrictionPolicy |
| 3 | Update the experience mode | PUT | {SMAX\_FQDN}/rest/{ESM\_TENANT\_ID}/common-settings/setting/ENABLE\_SMAXMENU\_MODE |
| 4 | Enable the CGRO integration | PUT | {SMAX\_FQDN}/rest/{ESM\_TENANT\_ID}/common-settings/setting/ENABLE\_CGRO\_INTEGRATION |
| 5 | Enable the Service Design and Deployment | PUT | {SMAX\_FQDN}/rest/{ESM\_TENANT\_ID}/common-settings/setting/ENABLE\_SERVICE\_DESIGNS |
| 6 | Enable the Operations Orchestration | PUT | {SMAX\_FQDN}/rest/{ESM\_TENANT\_ID}/common-settings/setting/ENABLE\_MT\_OO\_INTEGRATION |
| 7 | Enable the Aggregation | PUT | {SMAX\_FQDN}/rest/{ESM\_TENANT\_ID}/common-settings/setting/ENABLE\_AGGREGATION\_NORTH\_STAR |
### Microsoft Azure capsules installation
This function is for installing the Microsoft Azure capsules
- **URI:** https://{SMAX\_FQDN}/x4x/lambda/hcmxPostConfig/capsule\_azure
- **Execution APIs:**
| No | Function | Method | URL Path |
| --- | --- | --- | --- |
| 1 | Get the SMAX auth token | POST | {SMAX\_FQDN}/auth/authentication-endpoint/authenticate/token?TENANTID={ESM\_TENANT\_ID} |
| 2 | Install Microsoft Azure 3.2.0 capsule | POST | {SMAX\_FQDN}/content-store-gateway/v1/{ESM\_TENANT\_ID}/content-packages/ |
| 3 | Install Microsoft Azure 3.2.0 installation status | GET | {SMAX\_FQDN}/content-store-gateway/v1/{ESM\_TENANT\_ID}/content-packages/46501b17-6264-4698-97bb-cedca4d8a4e0/3.2.0 |
| 4 | Install Microsoft Azure 3.3.1 capsule | POST | {SMAX\_FQDN}/content-store-gateway/v1/{ESM\_TENANT\_ID}/content-packages/ |
| 5 | Install Microsoft Azure 3.3.1 installation status | GET | {SMAX\_FQDN}/content-store-gateway/v1/{ESM\_TENANT\_ID}/content-packages/46501b17-6264-4698-97bb-cedca4d8a4e0/3.3.1 |
| 6 | Install Microsoft Azure 3.4.0 capsule | POST | {SMAX\_FQDN}/content-store-gateway/v1/{ESM\_TENANT\_ID}/content-packages/ |
| 7 | Install Microsoft Azure 3.4.0 installation status | GET | {SMAX\_FQDN}/content-store-gateway/v1/{ESM\_TENANT\_ID}/content-packages/46501b17-6264-4698-97bb-cedca4d8a4e0/3.4.0 |
### Microsoft AWS capsules installation
This function is for installing the AWS capsules
- **URI:** https://{SMAX\_FQDN}/x4x/lambda/hcmxPostConfig/capsule\_aws
- **Execution APIs:**
| No | Function | Method | URL Path |
| --- | --- | --- | --- |
| 1 | Get the SMAX auth token | POST | {SMAX\_FQDN}/auth/authentication-endpoint/authenticate/token?TENANTID={ESM\_TENANT\_ID} |
| 2 | Install AWS 3.1.0 capsule | POST | {SMAX\_FQDN}/content-store-gateway/v1/{ESM\_TENANT\_ID}/content-packages/ |
| 3 | Install AWS 3.1.0 installation status | GET | {SMAX\_FQDN}/content-store-gateway/v1/{ESM\_TENANT\_ID}/content-packages/cd27f32e-fddb-4d3f-baae-c2ac91b476ec/3.1.0 |
| 4 | Install AWS 3.2.1 capsule | POST | {SMAX\_FQDN}/content-store-gateway/v1/{ESM\_TENANT\_ID}/content-packages/ |
| 5 | Install AWS 3.2.1 installation status | GET | {SMAX\_FQDN}/content-store-gateway/v1/{ESM\_TENANT\_ID}/content-packages/cd27f32e-fddb-4d3f-baae-c2ac91b476ec/3.2.1 |
### Microsoft GCP capsules installation
This function is for installing the GCP capsules
- **URI:** https://{SMAX\_FQDN}/x4x/lambda/hcmxPostConfig/capsule\_gcp
- **Execution APIs:**
| No | Function | Method | URL Path |
| --- | --- | --- | --- |
| 1 | Get the SMAX auth token | POST | {SMAX\_FQDN}/auth/authentication-endpoint/authenticate/token?TENANTID={ESM\_TENANT\_ID} |
| 2 | Install GCP 2.0.0 capsule | POST | {SMAX\_FQDN}/content-store-gateway/v1/{ESM\_TENANT\_ID}/content-packages/ |
| 3 | Install GCP 2.0.0 installation status | GET | {SMAX\_FQDN}/content-store-gateway/v1/{ESM\_TENANT\_ID}/content-packages/4ffd2627-11e8-4194-ba35-92415fcc98b0/2.0.0 |
### Microsoft VMware capsules installation
This function is for installing the VMware capsules
- **URI:** https://{SMAX\_FQDN}/x4x/lambda/hcmxPostConfig/capsule\_vmware
- **Execution APIs:**
| No | Function | Method | URL Path |
| --- | --- | --- | --- |
| 1 | Get the SMAX auth token | POST | {SMAX\_FQDN}/auth/authentication-endpoint/authenticate/token?TENANTID={ESM\_TENANT\_ID} |
| 2 | Install VMware vCenter 19.0.0 capsule | POST | {SMAX\_FQDN}/content-store-gateway/v1/{ESM\_TENANT\_ID}/content-packages/ |
| 3 | Install VMware vCenter 19.0.0 installation status | GET | {SMAX\_FQDN}/content-store-gateway/v1/{{ESM\_TENANT\_ID}}/content-packages/a88dd597-cea0-24a7-1921-e60066394a3e/19.0.0 |
| 4 | Install VMware vCenter 3.1.0 capsule | POST | {SMAX\_FQDN}/content-store-gateway/v1/{ESM\_TENANT\_ID}/content-packages/ |
| 5 | Install VMware vCenter 3.1.0 installation status | GET | {SMAX\_FQDN}/content-store-gateway/v1/{{ESM\_TENANT\_ID}}/content-packages/a9ea8c81-c3e8-4bd3-a3d4-146ea00c8be2/3.1.0 |

4
knowledgebase/csd-wiki/ICSD/ESM-SaaS-Upgrade-to-version-25.1.1-from-24.4.2_688992593.md Normal file
View File

File diff suppressed because one or more lines are too long

8
knowledgebase/csd-wiki/ICSD/ESM-SaaS-Upgrade-to-version-25.1.2-from-25.1.1_692438948.md Normal file
View File

File diff suppressed because one or more lines are too long

4
knowledgebase/csd-wiki/ICSD/ESM-SaaS-Upgrade-to-version-25.1_688988231.md Normal file
View File

File diff suppressed because one or more lines are too long

4
knowledgebase/csd-wiki/ICSD/ESM-SaaS-Upgrade-to-version-25.2-from-25.1.2_693604994.md Normal file
View File

File diff suppressed because one or more lines are too long

8
knowledgebase/csd-wiki/ICSD/ESM-SaaS-Upgrade-to-version-25.2.2-from-25.2_705001241.md Normal file
View File

File diff suppressed because one or more lines are too long

8
knowledgebase/csd-wiki/ICSD/ESM-SaaS-Upgrade-to-version-25.3.1-from-25.3_713194452.md Normal file
View File

File diff suppressed because one or more lines are too long

8
knowledgebase/csd-wiki/ICSD/ESM-SaaS-Upgrade-to-version-25.3.2-from-25.3.1_716275145.md Normal file
View File

File diff suppressed because one or more lines are too long

8
knowledgebase/csd-wiki/ICSD/ESM-SaaS-Upgrade-to-version_708227751.md Normal file
View File

File diff suppressed because one or more lines are too long

19
knowledgebase/csd-wiki/ICSD/ESM-Service-Health-Page_688996271.md Normal file
View File

@@ -0,0 +1,19 @@
# ESM-Service-Health-Page_688996271
## Introduction
**Related pages**
- Page:
[ESM Cloud Farm Version Tracking](/display/ICSD/ESM+Cloud+Farm+Version+Tracking)
- Page:
[How to get an Opentext Confluence account](/display/ICSD/How+to+get+an+Opentext+Confluence+account)
- Page:
[ITOM APM AppPluse Cloud Farm Information](/display/ICSD/ITOM+APM+AppPluse+Cloud+Farm+Information)
- Page:
[ITOM Cloud Service Ops Doc Management Process](/display/ICSD/ITOM+Cloud+Service+Ops+Doc+Management+Process)
- Page:
[ITOM ESM Cloud Service Catalog](/display/ICSD/ITOM+ESM+Cloud+Service+Catalog)
- Page:
[ITOM OpsB NOM Cloud Service Catalog](/display/ICSD/ITOM+OpsB+NOM+Cloud+Service+Catalog)
- Page:
[OpsB and NOM Cloud Deployments Version Tracking](/display/ICSD/OpsB+and+NOM+Cloud+Deployments+Version+Tracking)

220
knowledgebase/csd-wiki/ICSD/ESM-Tenant-Provisioning-Automation_686079418.md Normal file
View File

@@ -0,0 +1,220 @@
# ESM-Tenant-Provisioning-Automation_686079418
## Introduction
This guide introduces how to leverage the SMAX4SMAX tenant to deploy an ESM tenant, including all ESM capabilities (SMAX/HCMX/CMS/OO/SAM/ITOM Aviator).
Here is the diagram to describe the X4X(SMAX4SMAX) tenant provision automation architecture:
![](https://staging.docs.microfocus.com/mediawiki/images/8/8f/Snipaste_2022-05-10_10-06-52.jpg)
## ESM Tenant Provision Strategy for SaaS Customers
Based on the discussion with PM, the following is the strategy for ESM tenant provisioning for different SaaS customer types:
- CMS + Native SACM should be deployed as default for all new customers in SaaS, (SMAX Premium, HCMX, AMX) and only SMAX Express will be limited unless a customer purchases discovery licenses or asks after deployment
- Important
If this is an existing SMAX customer who is adding on ucmdb, NSACM, UD or SAM: an onboarding checklist and pre-check must be done BEFORE the automated deployment of NSACM. Please check with CSM, Ops leaders and SaaS leaders before deployments to coordinate the NSACM onboarding process for this customer. Failure to follow can result in impacts to the customer.
- HCMX needs UCMDB by default after we introduce IaC Gateway, so we can deploy CMS for HCMX orders
- During X4X tenant provision automation is just using the SMAX internal production license, once the SaaS Ops team receives the official licenses be sure to follow the below table:
- Changing the license type according to the SaaS order
- Revoking internal production licenses
- Manually update the experience mode inside the tenant
- Except for tenant provision please double-check the number of assigned license units to ensure it is aligned with customer-purchased license units
- Please ensure to configure the correct experience mode in the SMAX tenant according to the license type
- If the customer didnt specify the # of concurrent licenses or named license, lets by default allocate license units as the concurrent user license
![](https://staging.docs.microfocus.com/mediawiki/images/f/f9/Snipaste_2022-09-24_09-06-08.jpg)
## Login to the SMAX4SMAX (X4X) tenant
Please login to the SMAX4SMAX tenant by your Micro Focus account:
[https://smax4smax.saas.microfocus.com](https://smax4smax.saas.microfocus.com/) or
[https://us2-smax.saas.microfocus.com/saw/ess?TENANTID=202385354](https://us2-smax.saas.microfocus.com/saw/ess?TENANTID=202385354)
## 1\. Service Offering Instruction
### 1.1 Create a new ESM SaaS Customer
Before the tenant provisioning, we may create a **Customer** first. One Customer can correspond to multiple tenants, and one tenant can only correspond to one Customer. If the **Customer** corresponding to the tenant you want to create already exists, you can skip this step.
After logging into your X4X tenant, select the " **Create New ESM SaaS Customer** " service on the service portal to create a new **Customer**. Enter the Customer name and select the farm where the Customer will be deployed.
![](attachments/686079418/686079394.png)
![](https://staging.docs.microfocus.com/mediawiki/images/4/4e/20220510001.png)
Once you submit the form, it will create a new request.
Enter the agent interface to find the request, and a task plan will be run to call BO's API and create a " **Customer** " in BO.
At the same time, a new record for the **Vendor** with company type "Customer" will be created in SMAX.
![](https://staging.docs.microfocus.com/mediawiki/images/3/38/20220510002.png)
![](https://staging.docs.microfocus.com/mediawiki/images/7/7c/20220510003.png)
### 1.2 Provision a new ESM tenant (optional CMS, OO, DND, Aviator, FinOps)
Now we could apply the service offering “ **Provision a new ESM tenant (optional CMS, OO, DND, Aviator, FinOps)** ” to create a new ESM tenant.
![](attachments/686079418/686079398.png)
#### Request Form Description
##### SaaS Farm
This is the farm on which the tenant will be located.
This list will show the customer related to the "SaaS Farm". Please create a new one with step 1.1 if yours does not exist.
##### Tenant Name
Enter the tenants name.
##### Tenant Type
there are two choices for the tenant type. The “Production” tenant is for the paid customer and will be assigned an **internal production license**. The "Dev" tenant will be assigned an **internal non-production license**.
##### Source Request
If pre-sales or PM needs an ESM tenant for a demo or POC, they can only request it by raising a trial request in X4X. When the Ops team receives the trial request, they will start provisioning the tenant according to the trial request. As a source request, entering it in this field will help us track the status of the entire trial tenant workflow.
##### License Expiration Time
If this is a trial or temporary tenant, provide the tenant expiration date. For paying tenants, please skip.
##### Are you the Primary contact for this SMAX Tenant?
If so, the workflow sets the current requester as the tenant owner and creates an administrator account for the requester during tenant configuration. Otherwise, you must provide the **Customer First Name**, **Customer Last Name**, and **Customer Contact Email** from later steps to create an administrator account as the primary contact.
##### Source Requestor
If there is a source request, enter the requester of the source request, otherwise, enter the current requester.
##### SMAX Demo Data
Check it will deploy the SMAX demo data automatically after the ESM tenant deployment.
##### SaaS Product
Select the SaaS product type you are going to provision.
##### CMS Required? (with SAM enabled)
Check this if you need the CMS, the workflow will also enable the Native SACM and SAM.
##### OO Required?
Check this if the OO is going to be deployed.
##### DND Required?
Check this if the DND is going to be deployed.
##### FinOps Required?
Check this if the CGRO is going to be deployed.
##### ITOM Aviator Required?
Check this if the ITOM Aviator is needed. Currently, it is only available on the EU3.
#### Workflow Description
After the form is submitted, a new request will be generated, and the request's task plan will start executing and call BO's API to create and deploy a new tenant.
![](https://staging.docs.microfocus.com/mediawiki/images/8/87/20220510005.png)
### 1.3 Provision add-on capabilities to an existing tenant
You can now use "Provision add-on capabilities to an existing tenant" to enable capabilities on existing tenants you own.
![](attachments/686079418/686079400.png)
Please refer to **1.2** for all form instructions.
## Email Notification
Once the tenant deployment is successful, the primary contact will receive a notification email indicating that SMAX is ready.
![](attachments/686079418/686079407.png)
## ESM Tenant System Account Owned by SaaS Ops
During the tenant creation, some system user accounts owned by the OPS team will be created.
![](https://staging.docs.microfocus.com/mediawiki/images/6/6b/Snipaste_2022-05-10_14-00-33.jpg)
The username and password will be stored in the AWS parameter store. To get them, we need to install AWS CLI first.
The installation media: [https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2-windows.html](https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2-windows.html)
The installation guide: [https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2-windows.html](https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2-windows.html)
We can execute the command to get the username and password:
**For SMAX:**
aws ssm get-parameter name /{farm}/tenant/{tenantId}/smax/admin/name
aws ssm get-parameter name /{farm}/tenant/{tenantId}/smax/admin/password with-decryption
**For CMS:**
aws ssm get-parameter name /{farm}/tenant/{tenantId}/cms/admin/name
aws ssm get-parameter name /{farm}/tenant/{tenantId}/cms/admin/password with-decryption
**For DND:**
aws ssm get-parameter name /{farm}/tenant/{tenantId}/dnd/admin/name
aws ssm get-parameter name /{farm}/tenant/{tenantId}/dnd/admin/password with-decryption
aws ssm get-parameter name /{farm}/tenant/{tenantId}/dnd/integration/name
aws ssm get-parameter name /{farm}/tenant/{tenantId}/dnd/integration/password with-decryption
Please replace the {farm} as the farm on which the tenant is located.
## 2\. Tenant Configuration in BO
### 2.1. Forget password
The SMAX tenant is turned on the forget password feature by default. We also could customize the configuration in BO. For example, its [https://us1-smax.saas.microfocus.com/bo](https://us1-smax.saas.microfocus.com/bo) for the US1 farm. We could log on to BO with suite-admin credentials and select the tenant needs to change. And go to the **“IdM settings”**.
![](https://staging.docs.microfocus.com/mediawiki/images/c/cc/P1.png)
Select **“Customization”** and update the settings in **“FORGOTTEN PASSWORDS”**.
![](https://staging.docs.microfocus.com/mediawiki/images/2/21/P2.png)
### 2.2. Internal Production License
The tenant has installed an internal production license by default. We could check it in the **“Licenses”** tab from BO for SMAX and HCMX.
![](https://staging.docs.microfocus.com/mediawiki/images/4/4b/P3.png)
For OO, we could check it in the “Autopass” UI like [https://oo.us1-smax.saas.microfocus.com/autopass](https://oo.us1-smax.saas.microfocus.com/autopass) ” for the US1 farm with suite-admin credentials.
![](https://staging.docs.microfocus.com/mediawiki/images/4/48/P4.png)
### 2.3. CMS/HCMX/OO Admin Permission Assignment
The tenant will create a default admin account with admin permission. If we need to add more accounts as admin, go to the **“IDM settings”** of BO and the **“Groups”** tab.
![](https://staging.docs.microfocus.com/mediawiki/images/c/cc/P1.png)
We could find a group name the same as the tenant ID, which is the CMS admin group.
![](https://staging.docs.microfocus.com/mediawiki/images/8/85/P6x3.png)
We could add associate people to the **“Associated Users”** and the people have been grant the admin role for CMS.
![](https://staging.docs.microfocus.com/mediawiki/images/6/64/P7.png)
For the HCMX Content Store, we could add users to **“Content Store Tenant Administrators”** to grant the content store admin role.
![](https://staging.docs.microfocus.com/mediawiki/images/d/d0/P8.png)
For DND, we could add users to **“DND Administrators”** to grant DND admin role.
![](https://staging.docs.microfocus.com/mediawiki/images/4/49/P9.png)
For OO, we could add users to **“OO Administrators”** to grant OO admin role.
![](https://staging.docs.microfocus.com/mediawiki/images/a/a4/P10.png)

40
knowledgebase/csd-wiki/ICSD/ESM-WAF-Enablement-Tracking_688996216.md Normal file
View File

@@ -0,0 +1,40 @@
# ESM-WAF-Enablement-Tracking_688996216
ESM Cloud Farms
| | ###### SMAX | ###### UCMDB | ###### AUDIT | ###### AVIATOR |
| --- | --- | --- | --- | --- |
| ###### JP12-STG | DENY | DENY | DENY | N/A |
| ###### US2-DEV | DENY | DENY | DENY | N/A |
| ###### AP10-PROD | OBSERVE | NO | NO | N/A |
| ###### BR14-PROD | NO | NO | NO | N/A |
| ###### CA16-PROD | DENY | NO | NO | N/A |
| ###### EU3-PROD | DENY | OBSERVE | OBSERVE | N/A |
| ###### EU8-PROD | NO | NO | NO | N/A |
| ###### EU18-PROD | NO | NO | NO | N/A |
| ###### EU28-PROD | NO | NO | NO | N/A |
| ###### EU30-AVIATOR | N/A | N/A | N/A | DENY |
| ###### EU32-AVIATOR | N/A | N/A | N/A | NO |
| ###### JP12-PROD | NO | NO | NO | N/A |
| ###### SA34-PROD | DENY | NO | NO | N/A |
| ###### US2-PROD | DENY | NO | NO | N/A |
| ###### US6-PROD | OBSERVE | NO | NO | N/A |
| ###### US7-PROD | DENY | OBSERVE | OBSERVE | N/A |
| ###### US24-PROD | DENY | NO | NO | N/A |
| ###### US26-PROD | DENY | NO | NO | N/A |
**Related pages**
- Page:
[ESM Cloud Farm Version Tracking](/display/ICSD/ESM+Cloud+Farm+Version+Tracking)
- Page:
[How to get an Opentext Confluence account](/display/ICSD/How+to+get+an+Opentext+Confluence+account)
- Page:
[ITOM APM AppPluse Cloud Farm Information](/display/ICSD/ITOM+APM+AppPluse+Cloud+Farm+Information)
- Page:
[ITOM Cloud Service Ops Doc Management Process](/display/ICSD/ITOM+Cloud+Service+Ops+Doc+Management+Process)
- Page:
[ITOM ESM Cloud Service Catalog](/display/ICSD/ITOM+ESM+Cloud+Service+Catalog)
- Page:
[ITOM OpsB NOM Cloud Service Catalog](/display/ICSD/ITOM+OpsB+NOM+Cloud+Service+Catalog)
- Page:
[OpsB and NOM Cloud Deployments Version Tracking](/display/ICSD/OpsB+and+NOM+Cloud+Deployments+Version+Tracking)

96
knowledgebase/csd-wiki/ICSD/ESM-license-generation-detail_686070325.md Normal file
View File

@@ -0,0 +1,96 @@
# ESM-license-generation-detail_686070325
## SMAX
For SMAX we sell the licenses based on a number of “user units”.
- Every customer will purchase 1 foundation license + a quantity of the add on 1 unit license
- for each foundation there is a matching 1 unit sku
- We then have 2 different license types “Express” And “Premium”.
- A customer cannot mix license types on the same tenant
- Premium licenses include 1 prod and 1 dev tenant
- Express licenses only include 1 prod. There is no dev tenant included
- There is 1 exception to this and that is the “powered by” Express foundation SKU a special sku that includes the dev tenant ( its limited to only certain partners)
- 1 <sup>st</sup> Dev tenant for a customer must always be provisioned on the same farm as their production tenant.
In the tables below I have listed the quantity of units included with each license type.
When it comes to licenses being applied to dev instances the general rule of thumb is 25% of the total number of “user units” is applied to the dev tenant
- So for example if a customer purchased 1x SA-AB918 + 10x SA-AB919 ( providing a total of 60 units), 15 units would be applied to the dev tenant.
- We are ok with rounding up on dev tenants, so for example if a customer just bought the SA-AB918 license ( 50 units) then you can deploy 13 units on dev.
- In general we are “ok” if we apply a few extra on dev.
- I guess if we want to make sure control tower does this properly and generates the license files, we should assume the foundation includes that 25% quantity ( 13 for a 50 unit foundation and 5 for a 20 unit foundation)
**complicated bit**
- There is a non-production tenant SKU that allows a customer to purchase a “dev” ( customer can purchase as many additional non production tenants as they like).
- Each non production tenant follows the above plan and gets 25% of production units applied to the tenant
- We typically see express customers purchase this ( to get a “dev” tenant) and in those cases the tenant would be deployed on the same farm
- but we also see many customers use this to purchase a 2 <sup>nd</sup> non production tenant
- We allow the customer to choose the deployment location of this tenant. Some choose to have it on the same farm as the others, but some will ask for this to go on the EU3 / US7 farms that get upgraded earlier, so that they can get early access to play with the new release
- For non-production tenant SKU, CS Ops will follow the same strategy to generate license for a "dev" tenant.
| **SKU** | **Name** | **units included for prod** | **Dev included as standard?** |
| --- | --- | --- | --- |
| **SA-AC055** | MSP SMAX Express 1 unit | 1 | N |
| **SA-AC054** | MSP Express Foundation | 20 | N |
| **SA-AC190** | Fedramp SMAX express 1 unit | 1 | N |
| **SA-AC189** | Fedramp SMAX express foundation | 20 | N |
| **SA-AB923** | SMAX Express 1 unit | 1 | N |
| **SA-AB922** | SMAX Express Foundation | 20 | N |
| **SA-AB998** | Express Powered By Foundation | 20 | Y |
| **SA-AB999** | Express Powered By 1 Unit | 1 | Y |
| **SKU** | **Name** | **units included for prod** | **Dev included as standard?** |
| --- | --- | --- | --- |
| **SA-AC053** | MSP SMAX Premium 1 unit | 1 | Y |
| **SA-AC052** | MSP SMAX Premium foundation | 20 | Y |
| **SA-AC188** | Fedramp Premium 1 unit | 1 | Y |
| **SA-AC187** | Fedramp Premium Foundation | 50 | Y |
| **SA-AB919** | SMAX Premium 1 unit | 1 | Y |
| **SA-AB918** | SMAX premium Foundation | 50 | Y |
| **SA-AB921** | Premium Powered By 1 unit | 1 | Y |
| **SA-AB920** | Premium Powered By Foundation | 20 | Y |
## UCMDB
There are 2 deployment modes for Universal Discovery and CMDB in SaaS. Customers may purchase Universal Discovery capability as part of their SMAX/AMX/HCMX purchase which then includes the UCMDB Foundation license as part of the SMAX/AMX/HCMX Foundation product. Or they can purchase a UCMDB Foundation license separately and use Universal Discovery and CMDB outside the scope of SMAX/AMX/HCMX.
UCMDB Foundation licenses would typically be sold when the customer has another ITSM tool they use instead of SMAX (i.e. ServiceNow, JiraSM, BMC, or their own ITSM software).
- Standalone UCMDB Foundation (SA-AC098) provides 1 UCMDB Foundation license + 500 Premium Discovery licenses. This deployment is based on the standard ESM SaaS deployment and can be shared with other customers.
- Dedicated UCMDB Foundation (SA-AC236) provides 1 UCMDB Foundation license + 20,000 Premium Discovery licenses. This deployment is based on the standard ESM SaaS deployment but does not have any other customer assigned to this farm.
Universal Discovery licenses work in either deployment mode.
- Premium Discovery licenses (SA-AB820) provide for full discovery of 1 server and include capacity for 1,000 CIs and relationships
- Asset Discovery licenses (SA-AB882) provide inventory discovery for 1 server or desktop, and includes the ability to run any discovery job necessary to fully meet the SAM requirement of AMX. Asset Discovery license also provide for 1,000 CIs and relationships per license.
- CI Management licenses are the same SKU as the Asset Discovery license (SA-AB882) and can be used to import 20 devices (servers or desktops/laptops), or can simply be used to provide additional storage capacity (1,000 CIs and relationships per license).
- In all cases, each license, regardless of the type (except for Probe Connection licenses), provides storage capacity for 1,000 CIs and relationships.
- Probe connection licenses (SA-AC238) are available for every 1,000 licenses (regardless of type)
- 1 1,999 licenses = 1 probe
- 2,000 2,999 licenses = 2 probes
- 3,000 3,999 licenses = 3 probes
- etc
- Universal Discovery Foundation licenses provide for 1 prod tenant and 1 dev tenant. Universal Discovery licenses purchased as part of a SMAX/AMX/HCMX deal will follow whatever tenant rules apply for the SMAX purchase.
- 1 <sup>st</sup> Dev tenant for a customer must always be provisioned on the same farm as their production tenant.
In the tables below I have listed the quantity of units included with each license type.
Dev license rule of thumb
When it comes to licenses being applied to dev instances the general rule of thumb is 25% of the total number of Universal Discovery licenses (Premium or Asset or CI Management) is applied to the dev tenant
- So for example if a customer purchased 1,000 x SA-AB882 + 1000 x SA-AB820 (providing a total of 2,000 licenses), 250 x SA-AB882 and 250 x SA-AB820 would be deployed to DEV
- We are ok with rounding up on dev tenants.
- If a customer requests more than 25% license on their DEV, contact the Universal Discovery and CMDB Product Managers.
| **SKU** | **Name** | **units included for prod** | **Dev included as standard?** |
| --- | --- | --- | --- |
| **SA-AC098** | Universal Discovery and CMDB Foundation 500 Unit SaaS | 1 | Y |
| **SA-AC236** | Universal Discovery Dedicated Foundation 20000 Unit SaaS | 1 | Y |
| **SA-AB882** | Universal Discover (UD) Asset Discovery and CI Management 1 Unit SaaS | 1 | N |
| **SA-AB820** | Universal Discovery 1 Premium SaaS | 1 | N |
| **SA-AC238** | Universal Discovery Additional DFP Connection 1 Unit SaaS | 1 | N |
| **SA-AC194** | Universal Discovery Asset Discovery and CI Management FedRAMP 1 Unit SaaS | 1 | N |
| **SA-AC193** | Universal Discovery 1 Premium FedRAMP SaaS | 1 | N |

77
knowledgebase/csd-wiki/ICSD/EU-managed-farm_686065589.md Normal file
View File

@@ -0,0 +1,77 @@
# EU-managed-farm_686065589
## Introduction
This page presents all the information for the EU (European Union) managed farm. It's also called DPZ (Data Protection Zone) in OpenText.
## Background
Customers like government, insurance and banking in Europe usually have requirements to have a dedicated farm which is isolated on multiple areas.
1. The support engineers need to live in EU
2. The support engineers need to be EU citizen
3. The data need to stay within EU
4. Combined requirement which is one of below
1. 1+3 (Preferred by ITOM SaaS PMs)
2. 2+3
3. 1+2+3 (Similar to FedRAMP)
## Isolation considerations
1. Supporting engineer isolation
1. App Ops - EU engineers
2. SRE / Network / Infra Ops - EU engineers?
3. Cloud Vendor - N/A
2. Account & Credentials isolation
1. Only allow EU engineers to connect to the infra during operation
2. Isolation of authentication (Like SAML, OKTA, those data can be kept outside of EU as long as it's OpenText employee data.)
3. Dedicated LZ?
4. Dedicated AWS Account
3. Domain isolation (optional for EU)
1. Dedicated FQDN
4. Supporting pipelines (optional for EU)
5. Supporting system like PCS (Proactive Customer System)
1. Dedicated PCS (The LDAP/SAML need to be in EU as it will keep the customer data.)
## Required services in Landing Zone
1. Central Services required for the 1st phase\*
(\*1st phase means once it's ready, App Ops can start the work)
1. Dedicated AWS Accounts with SAML & OU setup
1. LZ Accounts
2. App Accounts
2. Landing Zone functions
1. GW (Shared Account for AMI purpose, Security Account, Central Infra Logging like CloudTrail and AWS Config)
2. Core (Network including firewall and TGW)
2. Central Services required for the 2nd phase
1. Landing Zone functions
1. Core (AD/DNS)
2. EPO
3. Qualys
4. ArcSight
3. Central Services not required for the 1st & 2nd phase
1. Central Monitoring like sitescope
2. Central Log analytics
3. Artifactory
## Questionnaire for different functions as data processors
| **Function** | **Process Customer Data?** | **Access Requirement** | **Compliance Status** | **Gaps to comply** | **Remediation Measures** |
| --- | --- | --- | --- | --- | --- |
| **AWS Services** | - Yes (depends on the service) | - Supporting function with customer data processing need to be located within EU-boundaries. | - No (AWS support personnel is worldwide) | - AWS doesnt have an offering to process customer data within EU that meets ECB timeline | - Enable encryption at rest and encryption in transit. |
| **Infrastructure - Foundations** | - Yes | - Access control need to restrict the ability to access customer data | - Yes (Infrastructure Foundations engineers can be worldwide) | - Shared Landing Zone will have | - Choose one of below - Build Dedicated Landing Zone - Define boundaries in those infra accounts and have isolated role for EU and other access. |
| **Infrastructure Backing Services - DBA** | - Yes | - Supporting function with customer data processing need to be located within EU-boundaries. | - Yes (Normally the DBA role is played by Application Operations, who works in EU.) | - Since only EU personnel is allowed to work on this, they can only work 8x5, not 7x24. | - Further agreement need to be aligned with customer or additional support is required. |
| **Infrastructure Storage** | - Yes | - Supporting function with customer data processing need to be located within EU-boundaries. | - Yes (Normally the Infrastructure - Storage role is played by Application Operations, who works in EU.) | - Since only EU personnel is allowed to work on this, they can only work 8x5, not 7x24. | - Further agreement need to be aligned with customer or additional support is required. |
| **Cloud Operations and Level 2 Support** | - Yes | - Supporting function with customer data processing need to be located within EU-boundaries. Access control need to restrict the ability to access customer data if not required. | - Yes | - Since only EU personnel is allowed to work on this, they can only work 8x5, not 7x24. | - Further agreement need to be aligned with customer or additional support is required. |
| **PAAS /SRE** | - Yes | - Supporting function with customer data processing need to be located within EU-boundaries. | - No (PAAS /SRE engineers can be worldwide) | - OpenText doesnt have an offering to process customer data within EU that meets ECB timeline | - Enable encryption at rest and encryption in transit. |
| **Customer Support - Level 1 Support** | - Yes | - Supporting function need to be located within EU-boundaries. | - Yes | - Since only EU personnel is allowed to work on this, they can only work 8x5, not 7x24. | - Further agreement need to be aligned with customer or additional support is required. |
| **Engineering Support - Level 3 Support** | - No | - OT personnel access: non-restricted assignment to EU persons located in EU. Shared Logs with non-EU staff needs exclude PII. Sharing screen will require customer approval. | - Yes | | |
## Certifications
1. Currently it's not expected to cover any Europe certifications.
2. Several certifications can be considered in the future.
## Further considerations
1. As AWS European Sovereign Cloud is built in progress, which will provide isolation similar to GovCloud. It will be considered as a future phase of migration to provide better service to customers.
[https://aws.amazon.com/blogs/aws/in-the-works-aws-european-sovereign-cloud/](https://aws.amazon.com/blogs/aws/in-the-works-aws-european-sovereign-cloud/)

34
knowledgebase/csd-wiki/ICSD/Enable-Discovery-module-on-UCMDB-UI-on-SaaS_688987735.md Normal file
View File

@@ -0,0 +1,34 @@
# Enable-Discovery-module-on-UCMDB-UI-on-SaaS_688987735
## Introduction
By default, on SaaS, users could only run discovery/integration on UCMDB Web UI.
In order to enable discovery module on Applet UI, you could invoke the JMX method **setSettingValue** with the parameter **appilog.collectors.enableZoneBasedDiscovery** and set it to **false**.
![](attachments/688987735/688987734.png)
Then in UCMDB UI, the following modules will be displayed (If you already opened Local Client, please close the old window, and open a new window):
\-Integration Studio
\-Universal Discovery
\-Service Discovery
\-Discovery job in Reconciliation Priority
\-Data Flow Probe Setup
\-Data Flow Probe Status
**Note the following if you decide to switch from UCMDB Web UI-based discovery solution to UCMDB UI-based discovery solution:**
- You CANNOT run discovery from both UCMDB Web UI and UCMDB UI at the same time. You can use either the UCMDB Web UI-based discovery solution, or the UCMDB UI-based discovery solution.
- DO NOT switch to UCMDB UI-based discovery solution if you already started using UCMDB Web UI for discovery. Otherwise the configuraitons you made in UCMDB Web UI will get lost.
- This setting takes effect immediately, no reboot required.
- This setting is controlled by the SaaS Ops team.
- After disabling this setting, users cannot run discovery/integration on UCMDB Web UI.
## Attachments:
[image2024-8-5\_15-21-7.png](attachments/688987735/688987734.png) (image/png)

19
knowledgebase/csd-wiki/ICSD/Enable-ITOM-Aviator-for-ESM-tenant_688996800.md Normal file
View File

@@ -0,0 +1,19 @@
# Enable-ITOM-Aviator-for-ESM-tenant_688996800
## Introduction
**Related pages**
- Page:
[ESM Cloud Farm Version Tracking](/display/ICSD/ESM+Cloud+Farm+Version+Tracking)
- Page:
[How to get an Opentext Confluence account](/display/ICSD/How+to+get+an+Opentext+Confluence+account)
- Page:
[ITOM APM AppPluse Cloud Farm Information](/display/ICSD/ITOM+APM+AppPluse+Cloud+Farm+Information)
- Page:
[ITOM Cloud Service Ops Doc Management Process](/display/ICSD/ITOM+Cloud+Service+Ops+Doc+Management+Process)
- Page:
[ITOM ESM Cloud Service Catalog](/display/ICSD/ITOM+ESM+Cloud+Service+Catalog)
- Page:
[ITOM OpsB NOM Cloud Service Catalog](/display/ICSD/ITOM+OpsB+NOM+Cloud+Service+Catalog)
- Page:
[OpsB and NOM Cloud Deployments Version Tracking](/display/ICSD/OpsB+and+NOM+Cloud+Deployments+Version+Tracking)

19
knowledgebase/csd-wiki/ICSD/Enable-ITOM-Aviator-for-SMAX-on-premise-customer_688996802.md Normal file
View File

@@ -0,0 +1,19 @@
# Enable-ITOM-Aviator-for-SMAX-on-premise-customer_688996802
## Introduction
**Related pages**
- Page:
[ESM Cloud Farm Version Tracking](/display/ICSD/ESM+Cloud+Farm+Version+Tracking)
- Page:
[How to get an Opentext Confluence account](/display/ICSD/How+to+get+an+Opentext+Confluence+account)
- Page:
[ITOM APM AppPluse Cloud Farm Information](/display/ICSD/ITOM+APM+AppPluse+Cloud+Farm+Information)
- Page:
[ITOM Cloud Service Ops Doc Management Process](/display/ICSD/ITOM+Cloud+Service+Ops+Doc+Management+Process)
- Page:
[ITOM ESM Cloud Service Catalog](/display/ICSD/ITOM+ESM+Cloud+Service+Catalog)
- Page:
[ITOM OpsB NOM Cloud Service Catalog](/display/ICSD/ITOM+OpsB+NOM+Cloud+Service+Catalog)
- Page:
[OpsB and NOM Cloud Deployments Version Tracking](/display/ICSD/OpsB+and+NOM+Cloud+Deployments+Version+Tracking)

79
knowledgebase/csd-wiki/ICSD/Enable-Optic-Data-Lake-Preparation_688996348.md Normal file
View File

@@ -0,0 +1,79 @@
# Enable-Optic-Data-Lake-Preparation_688996348
This is wiki helps the R&D team for the preparation of ESM and Operation Platform Integration for a tenant.
Pre-condition:
ESM is deployed in a namsapce
Operation Platfrom is deployed a diferent namepsace
Automation Center capabilty is enabled for a Tenant
## 1\. Configure OPTIC Data Lake certificates
### Download OPTIC Data Lake certificates
[https://docs.microfocus.com/doc/SMAX/24.3/IntegrateODL](https://docs.microfocus.com/doc/SMAX/24.3/IntegrateODL)
Take `https://<OpsbServerName>:30443/` as an example.
Follow the below steps to get certificates:
1. Invoke Visit `https://<OpsbServerName>:30443/ browser`, click **Not secure** and **Certificate is not valid**.
2. Go to the **Details** tab and select the root certificate, then click **Export**.
If you want to use ports different from 443, you also need to import different certificates for them. For example, you have the following Administration and Data receiver URLs:
- https://< `OpsbServerName` >:30004/itom-data-ingestion-administration
- https://< `OpsbServerName` >:30001/itom-data-ingestion-receiver
Follow the below steps to get certificates:
1. `Invoke https://<OpsbServerName>:30004/`, click **Not secure** and **Certificate is not valid**.
2. Go to the **Details** tab and select the root certificate, then click **Export**.
3. Visit `https://<OpsbServerName>:30001/`, click **Not secure** and **Certificate is not valid**.
4. Go to the **Details** tab and select the root certificate, then click **Export**.
### Import ODL certificate into SMAX
Export the crt and copy into /var/vols/itom/itsma/<global-volume>/certificate/source Eg: /var/vols/itom/itsma/config-volume/certificate/source
On AWS: /efs/var/vols/itom/itsma/config-volume/certificate/source
## 2\. Restart SMAX pods by running commands on a control plane node or the bastion node:
Connect to the master node of the SMAX cluster deployed and running.
1. Run the following commands to restart the SMAX platform pods.
```
kubectl rollout restart deployment -n itsma-xxxx itom-xruntime-platform
kubectl rollout restart deployment -n itsma-xxxx itom-xruntime-platform-offline
```
2\. Run the following command to restart the bo-ats pod.
```
kubectl rollout restart deployment -n itsma-xxxx itom-bo-ats-deployment
3. Run the following command to restart the ac-vulnerability-patching
kubectl rollout restart deployment -n itsma-xxxx itom-ac-vulnerability-and-patching
[Wait until all the pods are deleted pods are started and running successfully]
```
**Related pages**
- Page:
[ESM Cloud Farm Version Tracking](/display/ICSD/ESM+Cloud+Farm+Version+Tracking)
- Page:
[How to get an Opentext Confluence account](/display/ICSD/How+to+get+an+Opentext+Confluence+account)
- Page:
[ITOM APM AppPluse Cloud Farm Information](/display/ICSD/ITOM+APM+AppPluse+Cloud+Farm+Information)
- Page:
[ITOM Cloud Service Ops Doc Management Process](/display/ICSD/ITOM+Cloud+Service+Ops+Doc+Management+Process)
- Page:
[ITOM ESM Cloud Service Catalog](/display/ICSD/ITOM+ESM+Cloud+Service+Catalog)
- Page:
[ITOM OpsB NOM Cloud Service Catalog](/display/ICSD/ITOM+OpsB+NOM+Cloud+Service+Catalog)
- Page:
[OpsB and NOM Cloud Deployments Version Tracking](/display/ICSD/OpsB+and+NOM+Cloud+Deployments+Version+Tracking)

Some files were not shown because too many files have changed in this diff Show More