Duty3G/User Guide
From Documentation
| Revision as of 03:39, 19 June 2006 Daniels (Talk | contribs) ← Previous diff |
Revision as of 03:40, 19 June 2006 Daniels (Talk | contribs) (→Benefits of duty3G) Next diff → |
||
| Line 51: | Line 51: | ||
| === Benefits of duty3G === | === Benefits of duty3G === | ||
| - | ;automation: By encapsulating complex procedures into one or more duties, duty3G can help to simplify many system administration procedures. | + | ;automation: By encapsulating complex procedures into one or more duties, duty3G can help to simplify many system administration procedures. duty3G allows many routine tasks to run without any operator intervention, including chains of dependent tasks. |
| + | ;delegation: duties simplify complex tasks and hide operating system variations, so they can be reliably delegated to less-experienced staff. | ||
| + | ;control: an audit trail records full details of what duties were performed or skipped, and whether they succeeded or failed. | ||
| - | duty3G allows many routine tasks to run without any operator intervention, including chains of dependent tasks. | + | == Duty Concepts == |
| - | delegation duties simplify complex tasks and hide operating system variations, | + | |
| - | so they can be reliably delegated to less-experienced staff. | + | |
| - | control an audit trail records full details of what duties were performed or | + | |
| - | 4 Getting Started | + | |
| - | skipped, and whether they succeeded or failed. | + | |
| - | Duty Concepts | + | |
| duty3G supports scheduled, automatic and ‘at request’ duties to any host on the network | duty3G supports scheduled, automatic and ‘at request’ duties to any host on the network | ||
| (including non-UNIX hosts). It also supports ‘carry forward’ to accommodate | (including non-UNIX hosts). It also supports ‘carry forward’ to accommodate | ||
Revision as of 03:40, 19 June 2006
Contents |
Getting Started
duty3G is a menu-driven application for automating UNIX systems operations and administration in an Open Systems data center.
About this Guide
This guide is the primary reference for setting up and using duty3G. The bulk of the guide consists of ‘how-to’ material, designed to help operators and system administrators to use duty3G quickly and efficiently. It describes how to:
- install duty3G
- set up an initial configuration for duty3G
- automate routine operations tasks through the duty list
- add and maintain duties
- perform ongoing housekeeping and administration.
About this Chapter
This chapter introduces you to duty3G both from a management and a technical perspective.
At a management level, it describes:
- duty3G’s features and benefits
- duty3G concepts.
At a technical level, it introduces you to:
- installing and using duty3G
- duty3G’s software environment.
Finally, it explains:
- conventions and notation used in this manual
- where to look for more information.
This chapter and the next contain useful information to help you prepare to install and use duty3G. However, if you wish to get started immediately, skip to Appendix A—Installing Duty3G.
Who should use this guide
This guide is aimed at:
- managers who need an overview of what duty3G can do
- administrators who need to maintain duties and control access to duty3G
- operators who need to know how to initiate duties
- new duty3G users, who need to understand the basics of using the duty3G interface
- auditors who need to understand how duty3G fits in with the organization’s policies and procedures.
Management Overview
duty3G facilitates a standard approach to the management of distributed, multi-vendor UNIX data centers. It provides secure, reliable, task automation and scheduling, through:
- automation of system management functions
- delegation of operations tasks
- tighter control over data center operations.
What duty3G can do
For Data Center Managers: duty3G’s interactive duty lists ensure reliable operations by presenting prioritized lists of tasks in a consistent, easy-to-use format. It allows better allocation of resources through scheduling and delegation of tasks.
For Administrators: duty3G frees experienced staff to concentrate on high-value activities. It allows routine and repetitive tasks to be delegated to less-experienced staff by hiding complexity.
For Operations Staff: duty3G provides a dynamic checklist that shows the status of tasks in progress and reminds operators when tasks are due to be run. Overdue tasks are flagged and color coding of tasks allows at-a-glance monitoring.
For Auditors: duty3G ensures safe delegation of important and sensitive operations tasks. duty3G maintains an audit trail of duties performed and skipped and it records whether duties succeeded or failed.
Benefits of duty3G
- automation
- By encapsulating complex procedures into one or more duties, duty3G can help to simplify many system administration procedures. duty3G allows many routine tasks to run without any operator intervention, including chains of dependent tasks.
- delegation
- duties simplify complex tasks and hide operating system variations, so they can be reliably delegated to less-experienced staff.
- control
- an audit trail records full details of what duties were performed or skipped, and whether they succeeded or failed.
Duty Concepts
duty3G supports scheduled, automatic and ‘at request’ duties to any host on the network (including non-UNIX hosts). It also supports ‘carry forward’ to accommodate public holidays and weekends. What is a duty? System managers can define what operational tasks need to be performed and when, then set up the appropriate tasks as duties within duty3G. A duty can be any command or series of commands and scripts that could be entered at the shell prompt. Duties can be performed to a set schedule, or on an as-required basis, either with or without operator intervention. Extensive duty logs are maintained, and these can be used to verify that duties are being performed. Duty lists can be used to define and implement most operations procedures, including backup schedules, housekeeping tasks, security checks, audit procedures and preventive maintenance schedules. Control You can delegate specific duties to an individual operator (or group of operators) while retaining complete control over what tasks are done. Operators only have access to their preconfigured range of duties. Because duty3G’s duty list can be used to encapsulate secure functions, there is no need to provide shell access for nonprivileged or inexperienced staff. This means that facilities available at a remote site can be restricted to those delegated by the system manager. Instead of granting users access to privileged accounts, the system manager defines each function as a duty, assigns correct privilege to that duty, then gives users access to particular duties. Getting Started 5 Best practice duty3G encourages sound management practices by making it possible to perform the regular operations workload in a way that is efficient, reliable, verifiable, and repeatable. The automation of routine tasks has several benefits. • It saves time • It frees up resources • It reduces the possibility of human error by ensuring that operators never have to enter commands, but instead run predefined duties, even though these duties may require super user access. Because duty3G encapsulates local expertise, it reduces your dependence on individual skills and minimizes the operational difficulties associated with staff turnover. 6 Getting Started Technical Overview This topic describes duty3G’s software environment: • licensing • installation and configuration • starting duty3G from COSmanager or the command line • directories, environment variables, and log files • startup procedure • access security • user interface Setting Up and Using duty3G To install duty3G, you will need: • a distribution tape containing the duty3G software • an installed copy of the COSmanager application framework • a license key Licensing COSmanager uses a host-name-based licensing scheme. You supply information for each host on which duty3G and other applications are to be run. Your COSmanager distributor will give you a set of license keys that encode information about which applications can be run on each host, and for how long (that is, whether for a trial period or indefinitely). Caution Do not change the license key or product string. This will invalidate your license. You will be prompted to enter the license key and product string during the installation procedure. Getting Started 7 Installation and configuration The main steps are: 1. If COSmanager is not already installed, you must first install and configure the COSmanager application framework. See the COSmanager User Guide. 2. Install duty3G from the distribution tape by running Application > Install from the COSmanager applications menu. You will be prompted for the license key during this step. 3. Select duty3G configuration to see the list of standard duties included with duty3G. Use the Maintain menu to change existing duties or add new ones. For more details, see Appendix A—Installing COS/Duty on page 59. Starting duty3G From the COSmanager button bar (GUI) Select the Duty button. The duty console is displayed. Figure 1 — Duty console (GUI version) 8 Getting Started From the COSmanager main menu (CUI) Select the duty3G option. From the command line To launch the default version, enter: cos duty To launch a different version, enter: cos duty -v version Software Environment duty3G is installed under the home directory of the COSmanager account. All the files are owned by cosmos and belong to the cosmos group, except for a handful of database tables that are owned by root. duty3G’s log file is stored in the system spool area. COSmanager has a crontab entry to cycle all its audit trails automatically. Only authorized COSmanager users can use duty3G. Access control within duty3G is provided through roles and capabilities, which determine each user’s ability to view or modify an application’s configuration or to run selected menu options. COSmanager sets a number of variables in the user’s environment when they start duty3G. These mostly define directory names and the user’s access capabilities. You can check your environment by running env from a duty3G shell: Startup procedure When you launch duty3G from COSmanager or through the cos duty command, the following steps are performed: $ cos duty -c ksh duty: env | pg Getting Started 9 • check that duty3G has a valid licence • check that the current version of the COSmanager framework is at least the minimum version required by this application • create environment variables describing duty3G’s directory structure: its home directory ($APPL_HOME), database directory ($APPL_DB), and application path ($APPL_PATH) • if an application password is required, ask the user to enter it • if authentication is required, ask for the user’s password • prepend the application’s directories to the search paths • create environment variables for any local roles and capabilities. Along with the variables created during COSmanager startup, these determine which duties and facilities the user can access in duty3G • execute $APPL_HOME/profile. This sets environment variables specific to duty3G • display duty3G version information (GUI) • display the top-level menu or button bar for this user. Access Security Fine-grained capability controls allow users to be given limited ‘views’ of duty3G options, enabling tight control to be maintained over access to all key functions. COSmanager users are assigned one or more roles. Each role identifies a responsibility or class of users in your organization, for example ‘Senior Operator’ or ‘User’. Within each COSmanager application such as duty3G, roles are defined in terms of the access capabilities they grant. In turn, capabilities determine what menu options, duties, and actions the user can perform. Users are granted access to COSmanager via options in the COSmanager configuration menu. A number of roles are provided with COSmanager, including Manager, Config, Admin, Auditor, User, and SeniorOp. 10 Getting Started Note Changes made to a user’s security profile don’t come into effect until the next time the user invokes COSmanager. Many functions, particularly those that modify system files and COSmanager tables, require specific access capabilities. Users who do not have the right capabilities will not be able to access or even view these functions. User interface The user interface to all COSmanager applications is provided through a series of reusable software tools known collectively as The Functional Toolset. Both graphical (GUI) and character (CUI) mode interfaces are provided. As there are only a handful of different types of screen, the interface is very easy to learn. The GUI mode features a Motif-style ‘look and feel’. The GUI mode can also be used from a PC running Windows 3.11, Windows 95 or Windows NT, without the need for X emulation software. The CUI mode is intended for users who access COSmanager from a character terminal or via terminal emulation from a PC. It features a full-screen interface with support for function keys and pop-up windows. Keyboard traversal in the GUI interface is consistent with the CUI version. This allows users to swap between X displays, Windows PCs, and character terminals, with minimal retraining and without loss of productivity. The user interface is described in detail in the COSmanager User Guide. Getting Started 11 Conventions Used This manual uses the following conventions: This style is used to indicate: • text that is displayed on your screen • commands that you type in at the keyboard • the names of fields, directories and files • actions assigned to buttons or function keys Examples: Enter ‘write secoff ’ in the Command field. /etc/passwd Press Accept to schedule the backup job. Cross-references to other chapters or manuals are shown in italics—see Conventions Used, page 5 for example. Italics are also used for emphasis. Notes contain useful information and reminders that could help you to save time and effort. Example: Note Searching a large number of indexes can be very slow. Use a start and end date to limit the search to a shorter period. Cautions warn you about a procedure or action, which, if not done correctly, could cause damage to software or loss of data. Example: Caution Designating a variable as ‘core’ is an irreversible procedure. Core parameters cannot be deleted and the variable cannot be re-designated as non-core from within COS/Secure. 12 Getting Started Finding Your Way Around Menus Menu options are shown in the form Menu > Menu option. For example the instruction: “Select Users and privileges > COSmanager users” tells you to select the COSmanager users option from the Users and privileges menu as shown in Figure 2. Figure 2 — Following menu instructions Such instructions can refer to options on consoles or methtools also; executing the instruction: “Select Maintain > Add” would involve selecting the Add option from the Maintain menu as illustrated in Figure 3. Figure 3 — Using methtool menus Getting Started 13 For More Information The COSmanager User Guide explains how to install COSmanager products, including duty3G. This manual describes how to configure duty3G, how to maintain duties and roles, how to view and perform duties, and how to generate reports listing all or selected duties. Technical information about COSmanager commands can be found in the COSmanager Reference Guide. This contains manual pages for the Functional Toolset and application- specific commands, including commands used in duty3G. COSmanager promotes a ‘policies and procedures’ approach to system management, including task scheduling. How to Implement Policy Based Management and a Sample Policy and Procedures Manual are available without charge from your COSmanager distributor.