# Configuring-HCMx-and-OpsB-using-same-Vertica_688987648
## Introduction

This page describes how to configure OpsB to use Vertica which is installed through HCMx. Here the main challenge is how to do cross communication between SMAX SaaS account and OpsB SaaS account.

## Deployment Diagram

![](attachments/688987648/688987652.png)

## Install HCMx

Follow the regular SaaS steps to install HCMx

Refer official doc link: [Install on AWS (EKS) - Service Management Automation X (microfocus.com)](https://docs.microfocus.com/doc/SMAX/24.2/EKS)

## Configuration for cross AWS account communication (uses AWS Privatelink)

***Ports used from HCMx side:***

- From OpsB to HCMx: 5433

***Ports used from OpsB side:***

- From HCMx to OpsB: 31051 or 6651 (based on property: global.di.externalDNS.enabled), by default its 6651
- From HCMx to OpsB: 18443 (ODL administration API)
- From HCMx to OpsB: 5050 (ODL receiver API)

For the above cross account communications, AWS Private Link configured. This includes Endpoint Service which connects to private NLB of required service on source and Endpoint on client side which connects to Endpoint Service created on Source.

Note: Make sure the exposed port through Endpoint Service opened using Security Group of Endpoint on client side.

Once all private links configured, need to edit Scheduler Config map to overwrite pulsar datasource value to Interface Endpoint on UDX plugin which connects with port 6651.

Edit ConfigMap "itom-di-udx-scheduler-scheduler" in OpsB namespace and replace the Interface Endpoint for property "pulsar.datasource.host"

### Create Network Load Balancer for Vertica

**Go to AWS console to create a Target Group for Vertica**

<table><tbody><tr><th><p>Section</p></th><th><p>Item</p></th><th><p>Value</p></th></tr><tr><td rowspan="5"><p>Basic configuration</p></td><td><p>Target type</p></td><td><p>IP addresses</p></td></tr><tr><td><p>Target group name</p></td><td><p>NLB-for-Vertica-TG</p></td></tr><tr><td><p>Protocol: Port</p></td><td><p>TCP: 5433</p></td></tr><tr><td><p>IP address type</p></td><td><p>IPv4</p></td></tr><tr><td><p>VPC</p></td><td><p><em>VPC of the Vertica DB server</em></p></td></tr><tr><td><p>Others</p></td><td><p>/</p></td><td><p><em>Leave default</em></p></td></tr></tbody></table>

**Go to AWS console to create a Network load balancer for Vertica**

<table><tbody><tr><th><p>Section</p></th><th><p>Item</p></th><th><p>Value</p></th></tr><tr><td rowspan="3"><p>Basic configuration</p></td><td><p>Load balancer name</p></td><td><p><em>NLB-for-Vertica</em></p></td></tr><tr><td><p>Scheme</p></td><td><p><em>Internal</em></p></td></tr><tr><td><p>IP address type</p></td><td><p><em>IPv4</em></p></td></tr><tr><td rowspan="2"><p>Network mapping</p></td><td><p>VPC</p></td><td><p><em>VPC of the Vertica DB server</em></p></td></tr><tr><td><p>Mappings</p></td><td><p><em>us-west-2a: private subnet1</em></p><p><em>us-west-2b: private subnet2</em></p><p><em>us-west-2c: private subnet3</em></p></td></tr><tr><td><p>Security groups</p></td><td><p>Security groups</p></td><td><p><em>The security group of the Vertica DB server</em></p></td></tr><tr><td><p>Listeners and routing</p></td><td><p>Protocol</p></td><td><p><em>TCP</em></p></td></tr><tr><td></td><td><p>Port</p></td><td><p><em>5433</em></p></td></tr><tr><td></td><td><p>Forward to</p></td><td><p>NLB-for-Vertica-TG</p></td></tr></tbody></table>

### Create Endpoint Service for Vertica

**Go to AWS console to create an Endpoint Service for Vertica**

<table><tbody><tr><th><p>Section</p></th><th><p>Item</p></th><th><p>Value</p></th></tr><tr><td rowspan="2"><p>Endpoint service settings</p></td><td><p>Name</p></td><td><p>Vertica-endpoint-service</p></td></tr><tr><td><p>Load balancer type</p></td><td><p>Network</p></td></tr><tr><td><p>Available load balancers</p></td><td><p>Select the load balancers</p></td><td><p><em>NLB-for-Vertica</em></p></td></tr><tr><td rowspan="2"><p>Additional settings</p></td><td><p>Acceptance required</p></td><td><p>Checked</p></td></tr><tr><td><p>Supported IP address types</p></td><td><p>IPv4</p></td></tr></tbody></table>

### Create Endpoints for Vertica connect to OpsB

**Go to AWS console to create an Endpoint for Pulsar**

<table><tbody><tr><th><p>Section</p></th><th><p>Item</p></th><th><p>Value</p></th></tr><tr><td rowspan="2"><p>Endpoint settings</p></td><td><p>Name tag</p></td><td><p>Vertica-Pulsar-endpoint</p></td></tr><tr><td><p>Service category</p></td><td><p>Other endpoint services</p></td></tr><tr><td><p>Service settings</p></td><td><p>Service name</p></td><td><p><em>The pulsar service name shared from OpsB</em></p></td></tr><tr><td rowspan="2"><p>VPC</p></td><td><p>VPC</p></td><td><p>The VPC of Vertica</p></td></tr><tr><td><p>Additional settings</p></td><td><p>Leave as default</p></td></tr></tbody></table>

**Go to AWS console to create an Endpoint for DI Admin**

<table><tbody><tr><th><p>Section</p></th><th><p>Item</p></th><th><p>Value</p></th></tr><tr><td rowspan="2"><p>Endpoint settings</p></td><td><p>Name tag</p></td><td><p>Vertica-DI-Admin-endpoint</p></td></tr><tr><td><p>Service category</p></td><td><p>Other endpoint services</p></td></tr><tr><td><p>Service settings</p></td><td><p>Service name</p></td><td><p><em>The DI Admin service name shared from OpsB</em></p></td></tr><tr><td rowspan="2"><p>VPC</p></td><td><p>VPC</p></td><td><p>The VPC of Vertica</p></td></tr><tr><td><p>Additional settings</p></td><td><p>Leave as default</p></td></tr></tbody></table>

**Go to AWS console to create an Endpoint for DI receiver**

<table><tbody><tr><th><p>Section</p></th><th><p>Item</p></th><th><p>Value</p></th></tr><tr><td rowspan="2"><p>Endpoint settings</p></td><td><p>Name tag</p></td><td><p>Vertica-DI-Receiver-endpoint</p></td></tr><tr><td><p>Service category</p></td><td><p>Other endpoint services</p></td></tr><tr><td><p>Service settings</p></td><td><p>Service name</p></td><td><p><em>The DI receiver service name shared from OpsB</em></p></td></tr><tr><td rowspan="2"><p>VPC</p></td><td><p>VPC</p></td><td><p>The VPC of Vertica</p></td></tr><tr><td><p>Additional settings</p></td><td><p>Leave as default</p></td></tr></tbody></table>

### Create inbound rules in the security group of Vertica

1. **Go to AWS Console to find the security group of the Vertica**
2. **Click “Actions” to edit inbound rules**
3. **Add three rules as**

| Type | Protocol | Port range | Source | Description |
| --- | --- | --- | --- | --- |
| Custom TCP | TCP | 6651 | Custom: 0.0.0.0/0 | itom-pulsar |
| Custom TCP | TCP | 18443 | Custom: 0.0.0.0/0 | itom-di-administration |
| Custom TCP | TCP | 5050 | Custom: 0.0.0.0/0 | itom-di-receiver |

## Vertica Customisation on HCMx Vertica Instance

## Configure Vertica for ODL communication

Get the pulsarudx packge

[https://orgartifactory.swinfra.net/artifactory/itom-opsbridge-helm-release/opsbridge-suite-chart/24.2/opsbridge-suite-chart-2.8.1+24.2.1-35.zip](https://orgartifactory.swinfra.net/artifactory/itom-opsbridge-helm-release/opsbridge-suite-chart/24.2/opsbridge-suite-chart-2.8.1+24.2.1-35.zip)

Extract the package, get the opsbridge-suite-chart/tools/itom-di-pulsarudx-<VERSION>.x86\_64.rpm

In Bastion host

from the unzipped opsb chart copy pulsarudx plugin to vertica (use the command below)

scp -r -i ~/id\_tmp opsbridge-suite-chart/tools/itom-di-pulsarudx-<VERSION>.x86\_64.rpm [vertica@](mailto:vertica@10.0.1.247) [<](mailto:centos@3.137.215.72) [verticaIP>](mailto:vertica@10.0.1.247):/home/vertica  

In vertica VM

- vsql --version ( make sure it compatible vertica version for opsb)
- sudo su  
	rpm -iv itom-di-pulsarudx-<VERSION>.x86\_64.rpm

### Create tenant in vertica (Use HCMx tenant ID with "t" prefix for tenant name)

- cd /usr/local/itom-di-pulsarudx/bin  
	./dbinit.sh genconfig
- mv /usr/local/itom-di-pulsarudx/conf/dbinit\_conf.yaml /usr/local/itom-di-pulsarudx/conf/dbinit\_conf.yaml-bkp
- sed -i s/t123456789/t<hcmx\_tenant\_id>/g /home/vertica/dbinit\_conf.yaml
- cp -f /home/vertica/dbinit\_conf.yaml /usr/local/itom-di-pulsarudx/conf/dbinit\_conf.yaml  
	./dbinit.sh -g  
	Provide Admin\_1234 as all prompts of password
- ./dbinit.sh list  
	Tenant |Deployment |Read Only User |Read Write User |  
	txxxxxxx |default |txxxxxxx\_rouser |txxxxxxx\_rwuser
- Please find the sample file attached

[dbinit\_conf\_sample\_saas.yaml](attachments/688987648/688987655.yaml)

## Install OpsB

**(Use HCMx tenant ID with "t" prefix for tenant name)**

Follow regular SaaS steps to install OpsB with following changes,

Refer official doc link: [Install Operations Bridge - Operations Bridge - Containerized (microfocus.com)](https://docs.microfocus.com/doc/Containerized_Operations_Bridge/24.2/Install)

- Install ODL Message Bus (Pulsar) in different namespace (example: optic-shared). Create tenant in ODL message bus
- In OpsB values yaml, provide HCMx Vertica details such as hostname, port, RO user, RW user and TLS enabled. (Using helm install command, Vertica certificate will be passed)

## Config the OPTIC Data Lake Capability on ESM BO

### Download OPTIC Data Lake certificates

Take `https://<OpsbServerName>:443/` as an example.

Follow the below steps to get certificates:

1. Visit `https://<OpsbServerName>:443/`, click **Not secure** and **Certificate is not valid**.
2. Go to the **Details** tab and select the root certificate, then click **Export**.

Get Administration and Data receiver URLs:

- Get the DNS Name of the data-ingestion-administration endpoint as the DI-Admin-FQDN
- https://<DI-Admin-FQDN>:18443/itom-data-ingestion-administration
- Get the DNS Name of the data-ingestion-receiver endpoint as the DI-Receiver-FQDN
- https://<DI-Receiver-FQDN>:5050/itom-data-ingestion-receiver

Follow the below steps to get certificates:

1. Visit https://<DI-Admin-FQDN>:18443/, click **Not secure** and **Certificate is not valid**.
2. Go to the **Details** tab and select the root certificate, then click **Export**.
3. Visit https://<DI-Receiver-FQDN>:5050/, click **Not secure** and **Certificate is not valid**.
4. Go to the **Details** tab and select the root certificate, then click **Export**.

### Import OPTIC Data Lake certificates

Copy the certificates to the following directory on the NFS server of SMAX: < `global-volume>/certificate/source`. For example, `/var/vols/itom/itsma/global-volume/certificate/source`

`Or <config-volume>/certificate/source (Helm transformed). For example, /var/vols/itom/itsma/config-volume/certificate/source`

Notice: In this step, please assure the owner of certificates is 1999:1999. For command, chown -R 1999:1999 <certificate.pem>

### Restart pods

Restart SMAX pods by running commands on a control plane node or the bastion node:

1. Run the following commands to restart the SMAX platform pods.
	kubectl rollout restart deployment -n itsma-xxxx itom-xruntime-platform
	kubectl rollout restart deployment -n itsma-xxxx itom-xruntime-platform-offline
2. Run the following command to restart the bo-ats pod.
	kubectl rollout restart deployment -n itsma-xxxx itom-bo-ats-deployment

## Create a credential for OPTIC Data Lake

To create a credential for OPTIC Data Lake, follow these steps:

1. Log in to Suite Administration as the suite admin: https://<external access host of SMAX>/bo.
2. Click **Configurations**.
3. On the **Credential Store** tab, click **New**.
4. In the **Credential** dialog box, specify these fields:
	View Fullscreen
	| Field | Description |
	| --- | --- |
	| Name | The display name of the required credential you want to create for the OPTIC DL IdM. |
	| Tenant | The tenant ID, which is required when you add capabilities after installing the suite.  The tenant you select must be active. |
	| IdM endpoint | The endpoint of the OPTIC DL IdM that you want to connect. For example, `https://<OpsbServerName>:<Port>`. |
	| Organization | The organization of the OPTIC DL IdM. |
	| User name | The name of the IdM user with the DI ADMIN role and/or DI INGESTION role.  If you use one single IdM user for both the **DI ADMIN** role and the **DI INGESTION** role, you only need to create one credential. If you use two different users for the **DI ADMIN** role and the **DI INGESTION** role, make sure you create two credentials for each of them. You can only create or delete one credential at a time. |
	| Security type | The security type. You can select either **PASSWORD** or **VAULT**. |
	| Password | The password of the user. Enter the password if you selected **PASSWORD** as the security type. |
	| Vault | The vault key. Enter the vault key if you selected **VAULT** as the security type. |
5. Click **Test connection**. If the action fails, check if the field values are correct.
6. Click **Save**. It will generate a UUID for this credential. You can use this UUID to connect to the OPTIC DL IdM.
7. Notice the Opsbridge team to grant the DI\_ADMIN, DI\_DATAACCESS, DI\_INGESTION roles to the new created users.

## Deploy the OPTIC Data Lake capability

Follow these steps to deploy the OPTIC Data Lake capability for the tenant:

1. Log in to Suite Administration as the suite admin: https://<external access host of SMAX>/bo.
2. Click **Tenants**.
3. Click and open the tenant for which you just created the credential.
4. On the **Capability settings** tab, click **Deploy new capability**.
5. In the **Pre-check** step, in the **Capability** dropdown box, select **OPTIC Data Lake**.
	Only when a Premium license has been added to the selected tenant, the OPTIC Data Lake option will appear in the dropdown box.
6. In **Administration URL**, enter `https://<DI-Admin-FQDN>:18443/itom-data-ingestion-administration`.
7. In **Credential for** **administration**,select the credential you just created.
8. Click **Next**.
9. In the **Config and deploy** step, in **Data receiver URL**, enter `https://<DI-Receiver-FQDN>:5050/itom-data-ingestion-receiver`.
10. In **Credential for data receiver**, select the credential you just created.
11. Check the acknowledge box.
12. Click **Deploy**.
13. The deployment is now completed. Note that the OPTIC Data Lake capability can only be deployed once, however, you can change the configurations through the **Capability settings** tab later.

## Configure the integration

Once the OPTIC Data Lake capability is deployed, the SMAX tenant admin or the Integration admin (**People** > **Roles** > **On-Premise Bridge/Integration** > **Administrator**) needs to configure the integration:

1. Go to the agent interface.
2. In **Integration Management**, select **Integration configuration**.
3. Click and expand the **OPTIC Data Lake** node.
4. You can enable OPTIC Data Lake either for specific record types or for all supported record types. You can enable OPTIC Data Lake for specific record types. To do this, click **Add**, select the desired record type, and then click **Save**. Click **Save** in the main window**,** then click **Apply**. Once the record type is added, it will appear in the left-side pane. Alternatively, you can enable OPTIC Data Lake for all supported record types. To do this, check the **Apply for all record types** box, click **Save**, then click **Apply**. However, by enabling it for all supported record types, the data throughput might surge and impact the system's performance.
5. Now, the SMAX metadata will be synchronized and the database structure will be created in OPTIC Data Lake.  
	**Note:** The COMPLEX\_TYPE, IMAGE, LARGE\_TEXT, and RICH\_TEXT metadata is not supported and won't be synchronized.

## Data synchronization

After the OPTIC Data Lake integration has been configured:

- Any changes to the SMAX metadata will be synchronized to OPTIC Data Lake instantly.
- Any changes to the SMAX record data will be synchronized to OPTIC Data Lake every 15 minutes. Note that the maximum number of database transactions per job is 1000.

## Configure UIS

## Enable Feature Toggle for UIS Data clean up on time series bar chart

1) Enable Feature Toggle in bvd helm configure map, on the Kubernetes master machine:

```
kubectl -n <namespace> edit configmap bvd-config
```

Search **featureToggles,** and add **"ENABLE\_DATA\_CLEAN\_UP": true** inside {}. The result should be like below, if previous value is empty:

featureToggles: {"ENABLE\_DATA\_CLEAN\_UP": true}

![](attachments/688987648/688987656.png)

## Configure Optic Switcher with single sign on (Azure IDP solution)

Refer to: [Configure Optic Switcher with single sign on (Azure IDP solution)](https://rndwiki.houston.softwaregrp.net/confluence/pages/viewpage.action?pageId=1290634151)

## Validating Setup

- Open UIS reports and check the data getting populated
- Open DBLog on Vertica to look for any errors, there should not be any errors in that log. This shows if any error on UDx plugin to pulsar proxy communication.
- Configure entity push in BO and see entities are getting into Vertica. This confirms ODL functionality correctly works or not.