Professional Documents
Culture Documents
SMIII-103 Configuration Management (Marimba) Deployment
SMIII-103 Configuration Management (Marimba) Deployment
9/3/2006
Agenda
CM Infrastructure CM Inventory CM Subscription CM Software Distribution (App. Packager and Content Replicator) CM Deployment Manager
9/3/2006
CM Infrastructure
9/3/2006
Debug Report
Returns specific information and checks for problems with the tuner (for example: tuner properties, thread dump information, license information, RPC configuration and connections)
http://hostname:7717/workspace?debug&<option>=t includes the option&<option>=f excludes the option http://hostname:7717/?debug&config=t http://hostname:7717/?debug&threaddump=t
Log Report
http://hostname:7717/workspace?log http://hostname:7717/workspace/http://hostname:5282/Marimba/Current/SubscriptionService?log
9/3/2006
Status Report
9/3/2006
If you want to generate thread dumps remotely, the Java VM must be launched with the Xdebug Option. On servers (transmitters, proxies, etc.), profiles do not include the -Xdebug option for performance reasons.
Minimal Mode
Minimal mode is now a separate process known as minituner.exe and is no longer part of the tuner. This makes minimal mode more robust and the tuner more reliable.
9/3/2006
Improved Robustness and Stability IPC service switched from DDE to named pipe.
Comparing to DDE, named pipe provides a more efficient and generic bidirectional communication mechanism. It does not require applications to be GUI-based, and data exchanged can be in arbitrary format.
Receipt Service BMC Remedy Change Management could initiate a change request/task on a Marimba Tuner endpoint through Deployment Manager and Policy Manager. Tuner is to provide a receipt service so as to leave a meaningful audit trail for the work performed on an endpoint. Receipts are stored in the tuner workspace.
9/3/2006
9/3/2006
Infrastructure - Recommendations
Separate CMS, Transmitters and Windows Patch Source Java Launch Arguments:
marimba.launch.javaArgs=-Xms128m -Xmx512m -XX:PermSize=32m XX:MaxPermSize=128m
9/3/2006
Troubleshooting - Scheduler
Update schedule vs. start schedule
Subscription/Policy Service -> update.schedule Patch Service -> update.schedule Inventory/Scanner Service -> start.schedule Infrastructure Service -> start.schedule
Missed update/start schedule while the machine was off the network/turned off
Example: Subscription update schedule at 2 AM Inventory start schedule at 3 AM Marimba schedule start delay=10000
10
9/3/2006
CM Inventory
11
9/3/2006
[15/May/2006:22:23:33 -0400] - warning - 6672 Over-writing older report for machine: wuscxdw221(win32:3888154505819947868)
1
Diff 1 Inventory Service Plugin
2
Disk Queue: Diff 2 Diff 3
Diff 2
` Endpoint
3
Diff 3 Inventory Service Plugin Diff Checksum Mismatch: Diff Scan Old Checksum is for Diff 2, Plugin Local Checksum Cache has Diff 1. Request Full Scan report from Endpoint
DB Diff 1
4 5
Endpoint sends Full Scan Report Full Scan Report
Disk Queue:
13
9/3/2006
1
Diff 1 Inventory Service Plugin
2
Disk Queue: Diff 2 Diff 3
Diff 2
` Endpoint
3
Diff 3 Inventory Service Plugin Diff Checksum Mismatch: Diff Scan Old Checksum is for Diff 2, Plugin Local Checksum Cache has Diff 1. Request Special Diff report from Endpoint
DB Diff 1
4
Endpoint generates new special diff scan report between the full report at Diff 1 state and the full report at the Diff 3 state and resends back to the plugin
Disk Queue:
5
Inventory Service Plugin Diff 3'
DB Diff 3'
14
9/3/2006
Performance
SQL Server Report Center queries are basically unusable while inventory
insertions are running in the background.
while Report Center queries take place. Reason: Inserts/Updates/Deletes issue an exclusive lock Select statements issue a shared lock A shared lock cannot be issued when an exclusive lock is in place and an exclusive lock cannot be issued when a shared lock is in place You can change the behavior of locking via a lock hint: - Nolock - Enables dirty reads where a Select does NOT issue a shared lock and Select does NOT honor exclusive locks - 6.x Only Report Center interactive queries can use dirty reads (enabled through property) - 7.0 Report Center interactive queries, email reports, collections, and processing queries that another application requests can use dirty reads (enabled through UI)
9/3/2006 2006 BMC Software
15
Performance (Contd)
Inventory Plugin Tuning
Set the scan schedule as far apart as possible (24 hours, if possible). Use the scheduling vary option to reduce the load all insert at the same time load (due to time syncd machines). 3 to 5 inventory plugin Oracle database connections appears to be optimal. More connections just result in more resources and waiting instead of increasing throughput. Disk I/O is low. CPU utilization is low. Memory is low. Java GC tuning is lower priority since currently GCs / heap size growth does not appear to be causing issues.
16
9/3/2006
Tuner/History logs where inventory plugins running. System Architecture Scan schedule, # endpoints, # repeaters, # mirrors, load balancer, which plugins insert directly into database, etc. Gather any queued-up scan reports in the inventory plugin disk queue. Find out if the scan schedule is too aggressive and check if it is possible to reduce the scan schedules. In more complex environments, see if client IP Load Balancer persistence might help reducing checksum mismatches.
17
9/3/2006
CM Subscription
18
9/3/2006
Install Priority
You can now set install priority values by typing numeric values per package on the Edit Policy page. In M6, you can only scroll arrow up and down to change the install priority.
User-Based/Machine-Based Policies
Policy will be assigned based on either user-based, machine-based, or both. In M6, the only option was both. Property: marimba.subscriptionplugin.resolvetype Value: user or machine, otherwise both.
19
9/3/2006
20
9/3/2006
21
9/3/2006
Compliance (Contd)
Scheduling LDAP Sync The LDAP synchronization process is new in this release. LDAP synchronization optimizes the accuracy of compliance queries and reports by updating the configuration database with the latest available policy data. To optimize policy management workflow, schedule the following processes in sequence: Update policy service Perform inventory scans Schedule LDAP Sync Typically, you schedule the processes on a daily basis You can schedule LDAP Sync using the LDAP-to-Database Synchronization Service link on the Data Source tab in CMS System Settings Compliance Reporting In addition to viewing policy compliance information based on targets, you can now view compliance based on a specified package.
22
9/3/2006
23
9/3/2006
Whats New in Application Packager 7.0? Whats New in Content Replicator 7.0?
24
9/3/2006
25
9/3/2006
N source to N target folders Installing Unix Packages Using XML Command file to specify packaging commands {5.1 screen shot} Self-Installing Channels New package command that will facilitate installation of self-installing channels {5.2 Screen shot with syntax} Channel Signing (Credit Suisse)
26
9/3/2006
27
9/3/2006
CM Deployment Manager
28
9/3/2006
29
9/3/2006
Problems
Keeping all nodes in memory doesnt scale
Start-up time grows linear to workspace size Workspace size is restricted by available memory
Hard to:
Query data Share data with other applications Maintain referential integrity Guarantee safety of the data
30
9/3/2006
31
9/3/2006
DB-Backed Workspace
How Does This Solve The Problems?
Workspace-size scalability Tree no longer needs to be traversed at start up; start up time will be minimal Number of objects no longer limited by amount of memory Querying the data Logging data is stored in logging schema; querying will be easy Object data is stored in DBTree-schema; querying is possible but somewhat complicated Sharing data All data is in the database Referential integrity Yes, we can guarantee it. Safety of data Increases; databases are built to be safe datastores.
32
9/3/2006
DS->DM Communication
Problems
DS communicates too frequently Protocol is inefficient and simplistic DS queue logs in memory
Solutions
Tighter control of DS communication
Intelligent flushing of queue
33
9/3/2006
Solutions
Incoming data is placed in disk-based queue Limited set of processor threads read off of queue We get in control of CPU resources used for log-processing vs. UI May introduce latency in respect to reporting under high load This should be acceptable since the alternative is an unusable UI
34
9/3/2006
35
9/3/2006
Q&A
36
9/3/2006