5 Replies Latest reply on May 1, 2014 7:18 PM by Bill Robinson

    Bladelogic Job Execution Rules and beyond ....

      BSA version 8.3 sp3


      We are extending our Bladelogic Environment into another sector of our IT infrastructure.  Instead of setting up a second Blade environment, I have been encouraged to expand our existing setup to support our new venture.


      With that being said, we are adding 2 new Job Servers to support our expansion.  The requirements are, that the Existing Job servers should not deploy jobs to the New Environment (targets) and the 2 New Job Servers should not Deploy Jobs to the current targets.  So basically, I am going to have 2 "groups" within a single instance of Bladelogic


      Group A:

      4 Job Servers Only deploying to target group A


      Group B:

      2 job Servers Only deploying to target group B


      I am looking for the best possible way to set this up, without having to enforce users to create jobs with specific names.  So with that said, how and what is really the best way to set this up?  The ideal scenario for me, would be something like the following:


      1. By Role,  If users with Role A executes a job, it should be deployed through Group A app servers.  If users with Role B executes a job, it should be executed by Group B app servers.
      2. If Job has a target that is part of Group A, then job should be executed by App Servers in Group A.
      3. Lastly, and what should be the easiest, is to use a server property (not the description)


      Looking at the Job Execution rules, it appears the properties that can be used are pretty limited and/or I am just not understanding what is really made available to me.

        • 1. Re: Bladelogic Job Execution Rules and beyond ....
          Bill Robinson

          1 – why ?  why are you separating the workload like this ?

          2 – you can’t make routing rules by targets, only by the job itself and maybe by the user that ran it, though I’m not sure if that is possible.


          And these job servers will be in the same physical location at the other servers and the database ?

          • 2. Re: Bladelogic Job Execution Rules and beyond ....

            The Why? -- kind of a long story, the short of it is 2 main pieces


            1.) Security, Firewalls, user permissions ... I know I can handle all of the security and permissions stuff directly in BSA, but from an Infrastructure point of view, as long as someone can draw a line from App Servers in Group B to Target Servers in Group A, it is always going to be seen as a risk.  By not allowing the IPs in App Server Group B through the firewall, no line can be drawn, thus no added Risk


            2.) Workloads and performance... we have large burst of jobs that come out of Group A during small maintence windows.  We configured our Job Servers settings to account for these types of deployment and would prefer not to introduce anything new to them.


            Location Location Location:

            Not sure if this will help or make it better, but here is a quick and dirty diagram of what our environment would look like... Keep in Mind that the App Servers in Group A, App Servers in Group B, AND the Target Servers in Group B are all in the same Datacenterexample.png

            • 3. Re: Bladelogic Job Execution Rules and beyond ....
              Bill Robinson

              you can't route the jobs by target, so you have to handle it by the job.  and you can't do it by executing role either from what i can tell.  so you would need a property set on the jobs, or a naming convention, or keeping them in a certain group, or something like that.

              1 of 1 people found this helpful
              • 4. Re: Bladelogic Job Execution Rules and beyond ....

                Well, I am sure we can punch some holes through this... what I ended up doing was:


                1.) Create a new property for Jobs

                2.) Made it un-editable, required, and set the Default Value to be ??ROLE_CREATED?? (ROLE_CREATED is not an option when creating Job Execution Rules)

                3.) I could then use this property in creating my Job Execution Rules.


                Initial tests prove this to be working, but I am sure I still have some work to do...

                • 5. Re: Bladelogic Job Execution Rules and beyond ....
                  Bill Robinson

                  if it works it works


                  what if you stood up a socks proxy, and all the traffic from all appservers went through that?  would that be any better ?