Share:|

Do you use policies? Do you find them easy to use? How would you like to see them improved? We want your feedback, please comment below or submit an Idea via the BMC Community to help us improve policy functionality to better meet your needs.

 

Here’s a quick overview of policies:

PATROL Agents collect performance data and generate events for availability metrics. A monitoring solution is a set of instructions that the PATROL Agent uses to monitor objects in your environment. For a PATROL Agent to monitor a system, it needs instructions and information about what to monitor, how and when to generate an alert or event, and where to send the data and events. Solution administrators and tenant administrators configure these instructions and information in policies. A policy is applied to the PATROL Agents based on conditions such as Agent name, Agent port, Agent version, Agent tag, and so on. If an Agent matches the conditions defined in multiple policies, then the configuration across the policies are applied to the Agent.

The following types of policies can be created:

  • Monitoring policy: To define and configure monitoring criteria and apply them to selected PATROL Agents. Some examples of monitoring criteria are configuring monitoring solutions on PATROL Agents, creating thresholds on Infrastructure Management servers, and copying baselines between similar instances of Infrastructure Management servers.
  • Blackout policy: To stop a PATROL Agent from performing certain actions such as stopping data collection, event generation, or recovery actions. This policy applies to PATROL Agents and the related data collection, events, and recovery actions. It does not apply to the behavior of the Infrastructure Management server. Before defining this policy, you must define the time frame for which you want the policy to be applicable.
  • Staging policy: To configure a PATROL Agent to communicate with the Infrastructure Management server by using a specified Integration Service. When a package is deployed, and installed, the PATROL Agent checks in through the staging Integration Service. When the PATROL Agent checks in, the Presentation Server evaluates the Agent selection criteria in a staging policy and uses that data to automatically assign a data collection Integration Service (or Integration Service cluster) to the PATROL Agent.

 

When new PATROL Agents check into the environment, because of the configured policies, the Agents automatically receive the appropriate configuration and begin monitoring according to it. As administrators, you need not take any additional steps to apply policies. When an existing policy is modified, the changes are automatically applied to the respective Agents without having to manually initiate the application of these changes. These capabilities significantly speed up and simplify the administration process assuming all policy configurations have been created appropriately. For more information about working with policies, see Managing policies

 

TrueSight uses Role-based access for policies

Authorization profiles enable role-based access (RBAC) to policy management. Each authorization profile is associated with one or more Remedy Single Sign-On realms and comprises user groups, roles and permissions, and objects. For more information, see Role-based access

 

By default, Solution Administrators have full access to all policies in all realms (tenants). Tenant Administrators have full access to all policies in their realm (tenant). Do you find the role based access suitable or do you see areas for improvement?

 

Use the Infrastructure Policies page to view and manage a policy. By default, Solution Administrators have full access to all policies in all realms (tenants). Tenant Administrators have full access to all policies in their realm (tenant). Certain policy management operations can only be performed by the owner of the policy. For more information about the different types of policies, see Policy management

 

To view the Infrastructure Policies page, in the navigation pane of the TrueSight console, expand Configuration and select Infrastructure Policies.

  See Also: Specifying objects in an authorization profile and Working with event management policies

 

To create, modify, or copy a policy

Depending on the type of policy that you want to create, in the Infrastructure Policies page, click the tab for that policy type.

  • To create a policy: Click the Main action menu and select Create Policy. Alternatively, click the Create Policy button. The Create Policy page is displayed where you can configure the policy as per your requirements.
  • To modify a policy: Click the action menu of the policy that you want to modify and select Edit. The Edit Policy page is displayed with the policy configurations that you can modify as per your requirements.

NOTES:

  • Only the owner of a policy (user who creates the policy) can modify the associated user group and sharing status of a policy.
  • A policy can be modified by only one user at a time and it will be locked for other users. A Solution Administrator can forcibly unlock a policy to modify it. Tenant Administrators can unlock policies within their specific tenants.
  • Users of the associated user group can view, enable, disable, delete, and modify the policy. They cannot modify the associated user group and sharing status of the policy.

To create a copy of a policy: Click the action menu of the policy that you want to copy and select Copy. The Create Policy page is displayed with the configurations of the copied policy. You can modify the configurations as per your requirements.

 

NOTE: If you are not a user of the associated user group in the original policy, then you need to first select a user group. If the selected user group does not have access to monitoring solutions or configuration tabs from the original policy, then they will not be available in the copied policy.

 

 

For more information, see the following topics:

Policy type

Reference

Monitoring

Defining a monitoring policy

 

Blackout

Defining a blackout policy

Staging

Defining a staging policy

 

 

To delete a policy

  1. Depending on the type of policy that you want to delete, in the Infrastructure Policies page, click the tab for that policy type.
  2. Ensure that the policy to be deleted is in disabled state. If not, click the action menu of the policy and select Disable.
  3. Click the policy action menu and select Delete.

To enable or disable a policy

  1. Depending on the type of policy that you want to work on, in the Infrastructure Policies page, click the tab for that policy type.
  1. Click the policy action menu and select Enable for an already disabled policy, or Disable for an enabled policy.

NOTE: Do not enable policies until they have been tested and validated in the development and test environments.

 

 

To share a policy with the associated user group or remove the applied sharing

You can share or remove sharing with the associated user group only for policies that you have created.

  1. Depending on the type of policy that you want to work on, in the Infrastructure Policies page, click the tab for that policy type.
  2. Click the policy action menu and select Share or Remove Sharing depending on the current sharing status of the policy.

To find or view a specific policy

  • Use any one or a combination of the following filters on the page to search for a specific policy:
  • Tenant filter by using the tenant action menu
  • Policy properties such as Enabled, Disabled, Shared, and Not Shared by using the Quick filters
  • Policy name by using the Policy search icon.
  • To view details of a policy, click the policy name.

 

That is a bit about policies and what you can do with them. We have seen many users who use policies and may use them extensively, so we do understand the importance of improving policy performance and scalability.

 

Common Policy Issues in Support

Over the years, we have seen a few types of issues with policy and policy management, here are a few of the more commonly seen issues;

 

  • Policies are not getting applied to Patrol Agent - We are facing issues where the policies created from CMA shows applied Patrol Agent and in Managed services it shows no policies are applied - this can show up as any variation of policies are not being applied. The cause varies and the recommendation is to collect the tssh dump export on the TSPS server and the PATROL Agent logs as we will need to confirm what is happening on both TSPS and PATROL Agent.

 

  • TSPS 10.5:Poll interval getting reset after saving the TSPS Policy and  TSPS 10.5:Timeout parameter getting reset after saving the TSPS Policy

        Inside "Infrastructure Policies" I modify the timeout parameter from 30 seconds to 60 seconds and save the policy. The message is "Policy is updated". However, the changes were                  not  saved. Solution: A point-fix for 10.5 was created to address this. If you encounter this issue, please contact BMC Support to obtain this hotfix

 

  • "This policy cannot be edited now because it is already open for editing by another user" seen when attempting to edit an Infrastructure Policy in TrueSight
    Solution: Hold SHIFT and ALT, then click on the three menu buttons for the Infrastructure Policy. This will give you an Unlock menu pick. Select that to fix the problem.

 

  • "The policy changes cannot be saved. Bad Request " error upon any attempt to create a simple policy in TrueSight 10.5

        Solution: There is a known issue with TS 10.x and TSCO 10.5 plugin

        There is a fix for the issue in the CHF for TSCO 10.5 available at: ftp://ftp.bmc.com/pub/perform/co/chf/10.5.00/

 

          Installation steps:

          1. Login in TSCO as an administrator

          2. Go to Administration >SYSTEM >Maintenance

          3. Upload and install the package 10.5.00.01.C00003_AS.patch using the "Upload patch or additional package file" section at the bottom of the page

          4. Wait until the installation of 10.5.00.01.C00003_AS.patch is completed (status = ENDED)

          5. Do the same steps #3, #4 for the package 10.5.00.01.C00003_EE.patch

          6. Go to Administration >VIEWS >Views and download the new version of the co-plugin

          7. Update the new version of the plugin in TSPS  with the steps reported here:

 

  • The Presentation server is unable to retrieve the Policy data. Contact your TrueSight Administrator

       The TrueSight.log shows:ERROR [Thread-39,EXECUTOR_POOL] CMA BMC_TS-CMA854101 Unable to retrieve policies

       java.lang.StringIndexOutOfBoundsException: String index out of range: -11

       Solution: This was seen in TrueSight 10.5.00 and a pointfix has been created, please contact BMC Support if you see this issue on 10.5.00

 

  • How to move BPPM 9.6 CMA policies to TrueSight?
    Solution: Here are the steps to export a CMA BPPM 9.6 policy and import it into CMA TS for any user

        ++++++++++++++++++++++++++++++++++++++++
      1) Export the policy from BPPM, this will create a .mo file with the policy defined in a json format 

      2) Open the .mo file in a editor

      3) At the bottom of each policy is a section which includes the following field names: name, id, type, agentSelectionCriteria, tenant, precedence,description, enabled
      4) Add the following three new fields to the policy json record: shared, associatedUserGroup, owner. Change the owner field to an ldap user
      "shared" : false,
      "associatedUserGroup" : "Administrators",
      "owner" : "admin",
       4a) Where
             owner - Username to which the ownership of this policy belongs to.
             associatedUserGroup - This should be one of the groups associated with owner.
             shared - this is to indicate if the policy is shared with other users from the above group.
       5) In the policy make sure the values for tenant (name, id) point to the correct SSO realm. In my test policy it looks like the following
                "tenant" : {
                "name" : "BmcRealm",
                "id" : "BmcRealm"
                 },
      6) Here is a sample of the policy section after the changes
                "precedence" : 100
                "name" : "Policy name",
                "id" : "b1f2ae2e-6b69-5aa2-1234-8a4dee93d18d",
                "shared" : true,
                "associatedUserGroup" : "Administrators",
                "owner" : "jdoe",
                "type" : "monitoring",
                "enabled" : false,
                "description" : "",
                "tenant" : {
                "name" : "BmcRealm",
                "id" : "BmcRealm"
                  },
                "precedence" : 100,
                "agentSelectionCriteria" : "agentName STARTS_WITH \"server_name\" "
       7) Copy this file to the TS server
       8) In a command window go to the following directory /truesightpserver/bin
       9) Invoke the following command. Note: just use the directory do not specify a file, the utility will import all .mo files in the directory
           cmapolicymigration.bat import -d <Directory location for the exported policy files>
           ++++++++++++++++++++++++++++++++++++++++

 

  • Without apparent reason, Monitoring policies in CMA get unexpectedly disabled, which stops the monitoring in all the applicable Patrol Agents.

        TrueSight 10 requires Atrium SSO for authentication. Internally a validation job is scheduled to run in TSPS every 30 minutes after TSPS restart. The policyValidationTask  and is

         designed  to disable the policies with associateUserGroup which is not present in SSO anymore. In this case, the policies are disabled even if only Atrium SSO server is down/stopped,             which should not be the case. (the policies can get disabled within between 1 and 30 minutes, depending on next planned execution of the validation task that can be see in CMA.log          file). BMC has created Defect ID QM001886940 to address this.

 

     Workaround

     Currently there is no config change available to stop/unschedule the policyValidationTask job, however to minimize the impact until the defect is addressed in coming release, we can                increase the time the validation task is executed.

 

     Below are the steps to increase the property that controls the validation task execution.

     The property that controls the validation task in TSPS server is 'policyValidationSyncPeriod'.

     This property has a  default value of 30 (minutes), so we can modify it to not launch every 30 mins but to launch for instance once per day (1440) or even to a bigger value (99999).       Follow the steps below:

 

                1. Open a CMD window in TSPS machine and change directory to TS_HOME\bin

                   (Ex. C:\Program Files\BMC Software\TrueSightPServer\truesightpserver\bin)

 

                2. Change the property value in TSPS to a higher value (for instance 1440 minutes which is 1 day, it can be even set it to much higher value) with command:

                   tssh properties set policyValidationSyncPeriod 1440

                   You can list and see the new value running command:

                   tssh properties list

 

                3. Stop and Start TSPS for the new value to take effect:

                   tssh server stop

                   and then run:

                   tssh server start

 

                4. After the config change, the first Validation task will be launched after the new number of minutes specified in the step #2

 

These are just a few of the types of issues we see. If you do have any questions or encounter issues with policies, roles, or anything TrueSight related, please do not hesitate to contact BMC Support.

AMIGO.jpg

 

Interested in upgrading to TrueSight 11.0?

Upgrading can be intimidating and time consuming, but the upgrade to TrueSight 11.0 can be made less painful with the use of our AMIGO program! Users are open to use the AMIGO reference to request assistance with reviewing your upgrade plans.

If you are thinking of upgrading, check out the upgrade documentation here

 

Also, be sure to check whether you need to do a phased upgrade depending on your current product and version. There’s a quick chart to check at this link

 

Finally, when upgrading from an earlier release that requires phased upgrades, consider the benefits of migrating. For more information about the pros and cons of migrating, see Benefits and risks to upgrades and migrations.

Regardless of where you fall in the upgrade/migrate path, let us help you!

The BMC Assisted MIGration Offering, or AMIGO, is a program designed to assist our customers in planning and preparing for product upgrades from an older, to a newer supported version.  By engaging with BMC Technical Support Analysts, you will be provided with materials containing guidelines and best practices to aid in compiling your own upgrade plan. An upgrade expert will then review your plan, and offer advice and suggestions to ensure success through proper planning and testing.

The AMIGO program consists of a Starter Phase and a Review Phase.  Each phase is initiated by opening a support case, and ends when the case is closed.

In the Starter Phase, an AMIGO Starter case is opened.  Reference material will be provided and a call with a Technical Support Analyst will take place to discuss the details of your upgrade, and address any questions you may have.  The AMIGO Starter case will be closed, and the next step will be for you to prepare a documented upgrade plan.

In the Review Phase, an AMIGO Review case is opened preferably two weeks prior to a set upgrade date.  A call will be scheduled with an upgrade expert to review your detailed plan, providing feedback and recommendations, along with answers to any outstanding questions.  As needed, a follow up discussion with a Technical Support Analyst may take place for feedback after the upgrade is performed.

The AMIGO program includes:

» A “Question and Answer” session before you upgrade

» A review of your upgrade plan with Customer Support

» An upgrade checklist

» Helpful tips and tricks for upgrade success from previous customer upgrades

» A follow-up session with Customer Support to let them know how it went. This will help BMC to enhance the process.

 

To get started, please review the details here

Then open a BMC Support issue containing your environment information (product, version, OS, etc.) and the planned date of the installation, if known. We will contact you promptly, and work with you to ensure a successful and timely outcome.

 

Connect with TrueSight Operations Management Webinar Details

Did you attend our latest TrueSight Webinar? The Connect with TrueSight Operations Management v11.0 Best Practices Webinar Series held another successful webinar on November 14th to provide a TrueSight 11.0 Overview. Missed the session? Click the link below and select the Recorded Session link to see what you missed.

Webinar Recording

 

The next session is right around the corner, don’t miss - TrueSight Operations Management version 11.0 Architecture and Scalability - December 12th, 2017 – Check the link above closer to the date for registration information, or let us know here and we’ll add you to the invite list to make sure you’re notified. Comment below with your name and email address and we’ll send the invite directly to you!

 

TrueSight 10.7 users – Fix Pack 1 has been released

For anyone using 10.7 and who has not had the opportunity to, please plan to apply Fix Pack 1. The details for the fix can be found hereJ

Just a note of caution:

The 10.7 Fix Pack 1 includes the following cumulative hotfixes:

  • TrueSight Presentation Server 10.7.00.000.018
  • TrueSight Infrastructure Management 10.7.00.000.022

If you have already installed a hotfix later than these versions on a product, do not install 10.7 Fix Pack 1 on that product.

 

 

Computer.png

New Knowledge Base Content

Here are a few new Knowledge Articles added over the last month:

 

 

Header 1Header 2
000145493Compatibility of Patrol Reporting with Oracle DB12.2.0.1
000145240

Custom KM is not being seen in Global thresholds tab or the server threshold configuration window

000145110

Cannot load modules/mod_ssl.so into server: libssl.so.1.0.0: cannot open shared object file: No such file or directory" seen when trying to start httpd process on BPPM server

000144878Notification policy not sending emails for events MC_CELL_ACTION_RESULT shows exit code 0 
000144424jserver sending updates for PATROL_ENRICHMENT to cell yet no slots have changed. This causes the cell to become intermittently busy
000145112PORT_NON_ROOT_USER_VALIDATION_PORT message reports that the user does not have permission to use port number 80 during the TSOM 11.0 install
000144701Poor performance and response time from the Operations Console in IE after upgrading to BPPM 9.5 Service Pack 2
000144651How can we extract the BEM Match table information?
000145539Unable to De-register Child from CMA - One or more Integration Service is associated with Cluster
000144858Vulnerability remediation for BMC TrueSight 10.7

 

 

 

Feedback.jpg

 

Feedback Request:

We’re back with our monthly blog and we’re open to hearing your thoughts on topics and areas of concern which may be of benefit to you! Post your comments regarding what you want to see!