COSmanager/User Guide
From Documentation
Revision as of 06:25, 18 April 2006 Daniels (Talk | contribs) (→Introduction) ← Previous diff |
Revision as of 06:26, 18 April 2006 Daniels (Talk | contribs) (→Overview) Next diff → |
||
Line 83: | Line 83: | ||
== Overview == | == Overview == | ||
- | + | This chapter introduces you to COSmanager both from a management and a technical | |
+ | perspective. | ||
+ | At a management level, it explains: | ||
+ | • what COSmanager can do | ||
+ | • the COSmanager family of applications. | ||
+ | At a technical level, it introduces you to: | ||
+ | • setting up and using COSmanager | ||
+ | • the COSmanager software environment, including its system account, directory | ||
+ | structure, access control, and variables | ||
+ | • customizing COSmanager menus and scripts | ||
+ | • the COSmanager user interface. | ||
+ | This chapter contains useful information for helping you prepare to install and use | ||
+ | COSmanager. However, if you wish to get started immediately, skip to Installing | ||
+ | COSMOS on page 27. | ||
+ | 8 Overview | ||
+ | Management Overview | ||
+ | COSmanager facilitates a standard approach to the management of distributed | ||
+ | Open Systems data centers, through: | ||
+ | • Automation of system management functions | ||
+ | • Delegation of operations tasks | ||
+ | • Control over data centre operations | ||
+ | It provides: | ||
+ | • a full suite of powerful system management applications | ||
+ | • sophisticated but easy-to-use access controls. COSmanager can only be | ||
+ | invoked by authorized users. Users have limited ‘views’ of COSmanager | ||
+ | functions based on their roles and responsibilities, enabling tight supervision | ||
+ | to be maintained over access to key functions. Controls over shell | ||
+ | access and super user privileges are also provided | ||
+ | • a standard interface to data center operations, through customized COSmanager | ||
+ | menus and interfaces to third-party software | ||
+ | • a policies and procedures approach to data center management. | ||
+ | COSmanager Applications | ||
+ | COSmanager comprises a suite of applications that cover all the main areas of system | ||
+ | management. These applications are designed to work well together and to integrate | ||
+ | with third-party products. | ||
+ | COS/Admin | ||
+ | COS/Admin provides a consistent interface to system administration and user management | ||
+ | in multi-vendor, multi-host environments. It includes a comprehensive set | ||
+ | of facilities that standardize and improve on the basic services provided by individual | ||
+ | vendors. COS/Admin services include: | ||
+ | • user administration | ||
+ | • process management | ||
+ | Overview 9 | ||
+ | • filesystem management | ||
+ | • basic performance monitoring | ||
+ | backup3g | ||
+ | backup3g provides policy-based backup and data recovery in Open Systems data | ||
+ | centers. backup3g’s flexible client/server model supports both centralized and distributed | ||
+ | backup models, including backup of non-UNIX clients (NT, Novell, Windows). | ||
+ | backup3g also supports: | ||
+ | • high-speed file recovery | ||
+ | • all standard UNIX backup formats (cpio, dump, tar and raw filesystem) | ||
+ | • flexible backup job scheduling, including automated and unattended backups | ||
+ | • multi-volume backups | ||
+ | • appending backups | ||
+ | • tape stackers, jukeboxes and automated tape libraries | ||
+ | • drive pooling | ||
+ | • full media management | ||
+ | • intelligent backup of Oracle databases through the ORAback module | ||
+ | COS/Batch | ||
+ | COS/Batch has facilities for scheduling, submitting and controlling batch jobs. | ||
+ | COS/Batch supports: | ||
+ | • job suites, comprising multiple related steps | ||
+ | • inter-job dependencies | ||
+ | • flexible job scheduling | ||
+ | • an unlimited number of queues to stream jobs with similar priority or | ||
+ | requirements | ||
+ | 10 Overview | ||
+ | duty3g | ||
+ | duty3g brings automation and scheduling to data center operations. Routine operations | ||
+ | and system administration procedures can be encapsulated as duties. Duties can | ||
+ | be scheduled to run on particular days or within a time-band. If operator input is | ||
+ | required duty3g prompts the appropriate staff at the scheduled time, otherwise it | ||
+ | starts the duty automatically. ‘At-request’ duties can be called up at any time. | ||
+ | duty3g’s advantages include: | ||
+ | • it hides complexity: less-experienced staff can run most tasks without needing | ||
+ | to remember complex commands | ||
+ | • security: particular tasks requiring root privilege can be delegated to junior | ||
+ | staff without them needing to be given the root password | ||
+ | • automation: jobs that don’t require operator intervention run automatically | ||
+ | at the scheduled time | ||
+ | • control: duty3g maintains an audit trail of what duties were performed or | ||
+ | skipped, and whether duties that ran succeeded or failed. | ||
+ | COS/Patrol | ||
+ | COS/Patrol provides application and system resource monitoring, and is designed | ||
+ | to increase management efficiency of large-scale distributed computing environments. | ||
+ | COS/Patrol features: | ||
+ | • proactive management of resources | ||
+ | • loadable knowledge modules | ||
+ | • built-in self-tuning and load balancing | ||
+ | • extensive database and platform support | ||
+ | • interoperability with other management solutions | ||
+ | COS/Print | ||
+ | COS/Print is an advanced network-aware print spooling and print management | ||
+ | package for UNIX. COS/Print features: | ||
+ | • print queue management, including reprinting and forward- and back-spaccosmos. | ||
+ | Overview 11 | ||
+ | ing of print jobs | ||
+ | • fine control over print job attributes, including job defaults or templates | ||
+ | • printer selection based on printer class, location and queue status | ||
+ | • support for forms, filters and special stationery | ||
+ | • fault alerting and recovery | ||
+ | • compatibility with standard UNIX print commands (lp and lpd) | ||
+ | COS/Relay | ||
+ | COS/Relay takes software from a central host and automatically compresses, distributes | ||
+ | and installs it on nominated target hosts. COS/Relay features: | ||
+ | • automatic software distribution and rollout | ||
+ | • error-checking and auditing | ||
+ | • user-defined reusable configuration | ||
+ | • access control and security | ||
+ | • support for non-UNIX nodes | ||
+ | COS/Report | ||
+ | COS/Report provides secure report generation, distribution and viewing. | ||
+ | • reports can be taken from existing disk files or generated as required by | ||
+ | another application or by COS/Report itself | ||
+ | • reports can be distributed by any service available on your network, including | ||
+ | network printer, e-mail or fax | ||
+ | • reports can be broken into logical views, so that information is tailored for | ||
+ | different recipients | ||
+ | • multiple report generations can be stored on disk and easily retrieved | ||
+ | 12 Overview | ||
+ | COS/Secure | ||
+ | COS/Secure is a flexible framework for implementing your security policies. It provides: | ||
+ | • system access control, including control over login access and application | ||
+ | access | ||
+ | • audit trail management | ||
+ | • password strength control | ||
+ | • password aging | ||
+ | • periodic security checks as recommended by X/Open | ||
+ | COS/Sentinel | ||
+ | COS/Sentinel provides network-wide event detection, service level monitoring and | ||
+ | automated response. COS/Sentinel promotes a ‘service level’ approach to system | ||
+ | management, and features: | ||
+ | • flexible response to events, including predefined automatic and manuallyinitiated | ||
+ | responses and escalation of unresolved problems | ||
+ | • notification via e-mail, message box, fax or pager | ||
+ | • customized console views, allowing staff to quickly diagnose and resolve | ||
+ | problems within their domain | ||
+ | • optional knowledge bases for specific RDBMS, applications and clients | ||
+ | • interfaces to other system management products such as HP Openview and | ||
+ | SunNet Manager | ||
+ | COS/Chargeback | ||
+ | COS/Chargeback provides comprehensive resource accounting for distributed | ||
+ | Open Systems computing facilities. COS/Chargeback lets you monitor and calculate | ||
+ | charges for resources such as disk space, memory use, CPU time, and RDBMS use. | ||
+ | It features: | ||
+ | • data collection by user, group and project | ||
+ | • predefined ‘accountants’ for common UNIX and RDBMS services | ||
+ | Overview 13 | ||
+ | • flexible charging rates | ||
+ | • output in graphical or tabular format or by export to a third-party spreadsheet, | ||
+ | presentation or data analysis package. | ||
+ | 14 Overview | ||
+ | Setting Up and Using COSmanager | ||
+ | This topic provides an overview of how to install COSmanager and COSmanager | ||
+ | applications, including setting up an initial configuration. | ||
+ | If you are installing COSmanager for the first time, the steps are: | ||
+ | 1. install the COSmanager framework from the distribution tape by running | ||
+ | the FSinstall script | ||
+ | 2. set up an initial configuration for COSmanager by running a series of configuration | ||
+ | tasks from the COSmanager configuration menu | ||
+ | 3. install and configure each COSmanager application | ||
+ | When you restart COSmanager, the new applications will appear on your COSmanager | ||
+ | main menu or button bar. A configuration menu for each application will | ||
+ | appear on the Product configuration menu. | ||
+ | Note You should only need to run FSinstall once on a host. Once | ||
+ | COSmanager is installed, you can use the COSmanager | ||
+ | configuration menu to install COSmanager applications or to | ||
+ | reinstall or upgrade the COSmanager framework. | ||
+ | Overview 15 | ||
+ | Figure 1 — Overview of installing and configuring COSmanager | ||
+ | 1. Install COSmanager | ||
+ | 2. Run COSmanager | ||
+ | 3. For each | ||
+ | initial configuration | ||
+ | from tape using | ||
+ | COSmanager product: | ||
+ | FSinstall | ||
+ | tasks | ||
+ | Install application | ||
+ | from tape through | ||
+ | the COSmanager | ||
+ | configuration menu | ||
+ | Configure the | ||
+ | application through | ||
+ | the product’s own | ||
+ | configuration menu | ||
+ | 16 Overview | ||
+ | Installing COSmanager | ||
+ | To install COSmanager, you need access to a root shell, a COSmanager distribution | ||
+ | tape, and a license key. The main steps in the procedure are: | ||
+ | • in a root shell, unload the installation script FSinstall from the distribution | ||
+ | tape into /tmp | ||
+ | • run FSinstall. FSinstall creates the COSmanager user account and | ||
+ | group, then copies the COSmanager files from the tape to the nominated | ||
+ | directory | ||
+ | • supply a license key to verify that your license is both current and valid for | ||
+ | this host | ||
+ | • configure Terminfo definitions for all terminal types that will be used with | ||
+ | COSmanager | ||
+ | The installation procedure is described in full in Installing COSMOS on page 27. | ||
+ | Initial Configuration | ||
+ | After installation the next step is to set up COSmanager, by logging in to the COSmanager | ||
+ | user ID and running some or all of the configuration tasks. | ||
+ | During configuration you will create at least one COSmanager user with Manager | ||
+ | level access. Once this is done, access via the COSmanager account should be disabled, | ||
+ | to prevent login access. The COSmanager account is only intended for initial | ||
+ | setup. | ||
+ | The configuration procedure is described in detail in Configuring COSMOS on | ||
+ | page 35. This involves setting up details of the system management environment | ||
+ | and specific functions to be performed. | ||
+ | Standard configuration uses a wide range of default settings, to which you add | ||
+ | details of your system environment, users and administration procedures. | ||
+ | Customized configuration is more complex and would normally be used when setting | ||
+ | up larger networked environments or more complex installations. | ||
+ | Overview 17 | ||
+ | Detailed planning of system management policies and procedures should take place | ||
+ | prior to configuring COSmanager. Your COSmanager distributor can assist. | ||
+ | Once you have installed and configured the COSmanager framework the next task | ||
+ | is to install your COSmanager applications. See Installing COSMOS Applications and | ||
+ | Modules on page 67. | ||
+ | Starting COSmanager | ||
+ | COSmanager is invoked by using the cos command. All attempts to invoke COSmanager | ||
+ | applications are logged. | ||
+ | Authorized COSmanager users are system users who have been added to the COSmanager | ||
+ | users table. They are given access to COSmanager using their own individual | ||
+ | security profile. | ||
+ | System groups can also be added to the COSmanager users table, so users in these | ||
+ | groups have general access to COSmanager even if they are not individually listed as | ||
+ | COSmanager users. | ||
+ | Users who are not in the COSmanager users table either personally or through their | ||
+ | group have the privileges of the DEFAULT COSmanager user. Initially this gives | ||
+ | only display capability. You can add other capabilities to expand access for | ||
+ | DEFAULT users. If you remove all capabilities from the DEFAULT user then only | ||
+ | authorized users and groups can access COSmanager. | ||
+ | The GUI version of the main menu is a button bar: | ||
+ | Figure 2 — COSmanager button bar (GUI version) | ||
+ | Note The options displayed depend on the user’s security profile and on | ||
+ | which applications are installed. | ||
+ | 18 Overview | ||
+ | Selecting a button launches the main menu or window for the corresponding application. | ||
+ | You can also launch an application directly from the command line: | ||
+ | cos application-name [ -v version ] | ||
+ | Examples: | ||
+ | See the cos(1) manual page for a full description of the cos command. | ||
+ | cos sentinel launches the default version of COS/Sentinel. | ||
+ | cos sentinel -v 1.0 launches version 1.0 of COS/Sentinel. | ||
+ | Overview 19 | ||
+ | The COSmanager Environment | ||
+ | This section gives a brief overview of COSmanager’s software environment. It | ||
+ | describes COSmanager’s directory structure, interfaces, and startup procedure, and | ||
+ | touches on customization, licensing, access security, and support procedures. | ||
+ | The COSmanager Environment | ||
+ | COSmanager creates an entry in the system password and group files, both called | ||
+ | COSmanager. The password for the COSmanager account is set during the | ||
+ | installation phase. This account is only used for the initial configuration. | ||
+ | COSmanager is installed in the home directory of the COSmanager account, by | ||
+ | default /usr/COSmanager, though you can choose a different directory. All the | ||
+ | files are owned by COSmanager and belong to the COSmanager group, except | ||
+ | for a handful of setuid commands and COSmanager tables that are owned by root | ||
+ | or belong to group other. | ||
+ | COSmanager creates its application framework and audit trails in the system spool | ||
+ | area, and creates a crontab entry to cycle the audit trails automatically. | ||
+ | COSmanager does not modify the UNIX kernel in any way. | ||
+ | Only authorized COSmanager users can use a COSmanager application. Access | ||
+ | control within COSmanager is provided through roles and capabilities, which determine | ||
+ | each user’s ability to view or modify an application’s configuration or to run | ||
+ | selected menu options. | ||
+ | COSmanager sets a number of variables in each COSmanager user’s environment | ||
+ | when they start COSmanager. These mostly define directory names and the user’s | ||
+ | access capabilities. You can check your environment by exiting to a shell from within | ||
+ | COSmanager and running env. | ||
+ | The user interface is provided through a series of software tools called the Functional | ||
+ | Toolset (see fs_tools(1)). Data management is handled by a set of relational | ||
+ | database commands called The Functional Database (see db(1)). The | ||
+ | database provides well-defined interfaces to UNIX files, abstracted in terms of the | ||
+ | relational database model. | ||
+ | 20 Overview | ||
+ | Figure 3 — COSmanager application structure | ||
+ | COSmanager Startup Procedure | ||
+ | The cos command sets up the environment for the COSmanager user. Its main | ||
+ | functions are as follows: | ||
+ | • display COSmanager version information (GUI) | ||
+ | • check that at least one COSmanager application has a valid licence | ||
+ | • increase ULIMIT for this process to the maximum, to allow recovery of | ||
+ | large files (ULIMIT is a system configuration parameter that defines the | ||
+ | maximum size for a file) | ||
+ | • execute the COSmanager profile. This sets environment variables containing | ||
+ | print output control information, search paths, the preferred date format, | ||
+ | and other settings | ||
+ | Note Don’t edit the COSmanager profile. All these variables can be set | ||
+ | from the Global parameters option under COSmanager | ||
+ | configuration. | ||
+ | • create environment variables describing COSmanager’s directory structure: | ||
+ | its home directory ($APPL_HOME), the location of the database tables | ||
+ | User Interface | ||
+ | Application- | ||
+ | Specific | ||
+ | Programs | ||
+ | Data Management | ||
+ | The Functional | ||
+ | Toolset | ||
+ | The Functional | ||
+ | Database | ||
+ | COSmanager | ||
+ | COS/Sentinel | ||
+ | backup3g | ||
+ | duty3g | ||
+ | … | ||
+ | Overview 21 | ||
+ | ($APPL_DB), and the application path ($APPL_PATH) | ||
+ | • create environment variables for each of this user’s roles and capabilities. | ||
+ | These determine which COSmanager facilities the user can access | ||
+ | • check that one of the hosts on the network has been defined as the Master | ||
+ | Administration Host | ||
+ | • if any application details have changed, rebuild this user’s top-level menu | ||
+ | and Product configuration menu | ||
+ | • if authentication is required, ask for the user’s password | ||
+ | • display the top-level menu or button bar for this user. | ||
+ | Application Startup Procedure | ||
+ | When you launch an application from the COSmanager main menu or through the | ||
+ | cos command, the following steps are also performed: | ||
+ | • check that the current version of the COSmanager framework is at least the | ||
+ | minimum version required by this application | ||
+ | • if there is an application password, ask the user to enter it | ||
+ | • if authentication is required, ask for the user’s password | ||
+ | • prepend the application’s directories to the search paths. | ||
+ | • if an add-on module is installed under the application, prepend the module’s | ||
+ | directories to the search paths | ||
+ | • create environment variables for any local roles and capabilities. These | ||
+ | determine which facilities the user can access in this application | ||
+ | • if there is an application profile, execute it. This sets any application-specific | ||
+ | environment variables | ||
+ | • display the application’s top-level menu or button bar for this user. | ||
+ | To check the COSmanager environment | ||
+ | If you have shell access you can examine the environment variables created by COSmanager. | ||
+ | 1. Exit to a shell from the COSmanager pulldown. Run the env command and | ||
+ | save the output in a file. | ||
+ | 22 Overview | ||
+ | 2. Exit to a shell from a COSmanager application. Run the env command and | ||
+ | save the output in a second file. | ||
+ | 3. Exit from COSmanager. Run env from the command line and save the output | ||
+ | in a third file. | ||
+ | 4. Compare the output from the three env commands. | ||
+ | Licensing | ||
+ | COSmanager uses a host-based licensing scheme. You supply information for each | ||
+ | host on which the COSmanager framework and any COSmanager applications are | ||
+ | to be run. Your COSmanager distributor will give you a set of license keys and product | ||
+ | strings that encode information about which applications can be run on each | ||
+ | host, and for how long (that is, whether for a trial period or indefinitely). | ||
+ | Caution Do not change the license key or product string. This will invalidate your license. | ||
+ | You will be prompted to enter the license key and product string during the installation | ||
+ | procedure. | ||
+ | Upon request, licensed COSmanager customers will be granted free of charge the | ||
+ | right to use The Functional Toolset to develop local software applications on designated | ||
+ | hosts. | ||
+ | The COSmanager User Interface | ||
+ | The user interface to all COSmanager applications is provided through a series of | ||
+ | reusable software tools known collectively as The Functional Toolset. Both graphical | ||
+ | (GUI) and character (CUI) mode interfaces are provided. | ||
+ | The GUI mode features a Motif-style ‘look and feel’. The CUI mode features a fullscreen | ||
+ | mode with support for function keys and pop-up windows. As there are only | ||
+ | a handful of different types of screen, the interface is very easy to learn. | ||
+ | Overview 23 | ||
+ | Keyboard traversal in the GUI interface is consistent with the CUI version. This | ||
+ | allows users to swap between X displays and character terminals with minimal | ||
+ | retraining and without loss of productivity. | ||
+ | The interface is described in detail in Appendix A—the COSMOS User Interface. | ||
+ | Customizing COSmanager | ||
+ | You can customize COSmanager menus, shell scripts and prompt forms to suit your | ||
+ | site’s needs. For example, you can use COSmanager as a consistent front end to all | ||
+ | your system administration applications by adding new options to existing COSmanager | ||
+ | menus or to the application table. | ||
+ | Caution Don’t change the original COSmanager scripts. If you do, it will harder to upgrade | ||
+ | COSmanager and your changes may be lost. Instead, copy the file to the corresponding | ||
+ | local directory and edit the copy. | ||
+ | The standard COSmanager scripts are stored in several subdirectories under | ||
+ | $APPL_HOME, including: | ||
+ | There is a parallel directory hierarchy for your custom scripts; | ||
+ | $APPL_HOME/local. The COSmanager environment includes path variables listing | ||
+ | the directories to be searched for menus, executables and prompt forms. Scripts | ||
+ | in the local directories appear earlier in the path than scripts of the same name in the | ||
+ | COSmanager distribution. | ||
+ | Caution Don’t customize the COSmanager main menu COSmanager.menu or the COSmanager | ||
+ | configuration menu COSconfig.menu. These are generated automatically | ||
+ | whenever the application table is updated, so any manual edits you make will be | ||
+ | overwritten. | ||
+ | $APPL_HOME/menu menu description files | ||
+ | $APPL_HOME/prompt prompt forms | ||
+ | $APPL_HOME/bin scripts and executables | ||
+ | 24 Overview | ||
+ | To add an option to the main COSmanager menu or button bar, add an entry to the | ||
+ | application table. See To Add a Local Application on page 83. | ||
+ | Access Security | ||
+ | COSmanager users are assigned one or more roles. Each role identifies a responsibility | ||
+ | or class of users in your organization, for example ‘Senior Operator’ or ‘User’. | ||
+ | Within each COSmanager application, roles are defined in terms of the access capabilities | ||
+ | they grant. In turn, capabilities determine what menu options and actions the | ||
+ | user can perform. | ||
+ | Users are granted access to COSmanager via options in the COSmanager configuration | ||
+ | menu. | ||
+ | The default configuration (as distributed) includes the COSmanager user account, | ||
+ | which is specified with the highest security level and super user privileges. This is provided | ||
+ | to enable initial setup of security levels and super users. | ||
+ | A number of roles are provided with COSmanager, including Manager, Config, | ||
+ | Admin, Auditor, User, and SeniorOp. | ||
+ | Note Changes made to a user’s security profile don’t come into effect until | ||
+ | the next time the user invokes COSmanager. | ||
+ | Many functions, particularly those that modify system files and COSmanager tables, | ||
+ | require specific access capabilities. Users who do not have the right capabilities will | ||
+ | not be able to access or even view these functions. | ||
+ | Application Development | ||
+ | The Functional Toolset is the enabling technology used to develop COSmanager | ||
+ | applications. It comprises a suite of reusable software tools and a database management | ||
+ | system. | ||
+ | Overview 25 | ||
+ | The tools implement a consistent and well-defined user interface. The database | ||
+ | allows full relational databases to be built and manipulated under UNIX using flat | ||
+ | files for tables. | ||
+ | Upon request, licensed COSmanager customers will be granted free of charge the | ||
+ | right to use the Toolset to develop local software applications on designated hosts, | ||
+ | for example to add to the facilities provided by COSmanager. See your COSmanager | ||
+ | distributor to apply for a license. | ||
+ | Note Support for local applications developed using the Toolset may be | ||
+ | provided at the discretion of your COSmanager distributor. Such | ||
+ | support is not covered under the terms and conditions of the | ||
+ | COSmanager maintenance agreement. | ||
+ | Customer Support Procedures | ||
+ | On installation of COSmanager, clients will be provided with support service contact | ||
+ | numbers and details of problem management procedures. | ||
+ | Problems that are notified to Functional Software will be logged and tracked | ||
+ | through to resolution. | ||
+ | Normally, software modifications will not be distributed immediately to clients. At | ||
+ | regular intervals, these modifications will be incorporated into a new version of | ||
+ | COSmanager. | ||
== Where to from here == | == Where to from here == |
Revision as of 06:26, 18 April 2006
Introduction
This manual is the primary reference for installing and setting up COSmanager products and is designed to help you use COSmanager quickly and efficiently. It describes: • COSmanager products and how they work together • installing and licensing the COSmanager framework and COSmanager products • configuring the COSmanager framework and COSmanager products • controlling security access for COSmanager users and super users • the COSmanager user interface. 2 backup3G Introduction About this chapter This chapter shows you how to get the most from the COSmanager manuals. It contains: • a brief summary of what COSmanager can do for managers, administrators, operations staff, end-users and auditors • conventions and notation used in this manual • where to look for more information Who should use this guide This guide is aimed at: • managers who need an overview of what the COSmanager family of products can do • administrators who need to install COSmanager software or understand how COSmanager will affect their network • new COSmanager users, who need to understand the basics of using the COSmanager interface • auditors who need to understand how COSmanager fits in with the organization’s policies and procedures. backup3G Introduction 3 What COSmanager Can Do COSmanager provides systems and operations management for distributed open systems data centers. COSmanager includes a management framework, a suite of system management applications, and an enabling technology that allows you to automate key system administration functions. The user interface to COSmanager applications is provided through a set of software tools called The Functional Toolset. This means that the screens look similar and work in a similar way, on both character-based and X Windows terminals. Appendix A explains how to use the interface tools. For Data Center Managers: COSmanager ensures a secure, efficient, and reliable computing service to end-users. COSmanager provides a management overview of the current state of your data center operations in terms of service levels. Through automation and delegation of routine tasks it retains expert knowledge, reduces the burden on experienced staff and provides a learning path for junior staff. For Administrators: COSmanager automates routine and repetitive administration tasks, freeing experienced staff for higher-value work. It allows centralized control over distributed networks. Because tasks can be safely delegated, it reduces the number of staff who need to know the root password. For Operations Staff: COSmanager handles many tedious housekeeping tasks automatically. COSmanager presents operators with a view of their daily workload, and provides a consistent interface across different versions of UNIX. For Auditors: COSmanager promotes a ‘policy and procedures’ approach to system management. It documents the procedures that are meant to be performed and provides audit trails that record what duties are actually performed, so that agreed policy can be compared with actual practice. 4 backup3G Introduction Conventions Used In This Manual This style is used to indicate: • objects displayed on your screen such as buttons and field names. Example: “Set the Format field to ‘cpio’ then press Accept”. • the names of commands, directories and files. Examples: /etc/passwd, cpio • options on menus and pulldowns. Examples: This style indicates variable data that you enter. Example: “The contents of variables can be displayed by entering set <variablename>.” Note Notes contain useful information and reminders that could help you to save time and effort. Caution Cautions warn you about a procedure or action, which, if not done correctly, could cause damage to software or loss of data. “Select Maintain > Add” “Select Users and privileges > COSmanager users” backup3G Introduction 5 For More Information This manual describes how to install COSmanager applications. Each application has its own manual explaining in detail how to configure and use it—for example backup3g User Guide. Technical information about COSmanager commands can be found in the COSmanager Reference Guide. This contains manual pages for the Functional Toolset and application- specific commands. COSmanager promotes a ‘policies and procedures’ approach to system management. How to Implement Policy Based Management and a Sample Policy and Procedures Manual are available without charge from your COSmanager distributor.
Overview
This chapter introduces you to COSmanager both from a management and a technical perspective. At a management level, it explains: • what COSmanager can do • the COSmanager family of applications. At a technical level, it introduces you to: • setting up and using COSmanager • the COSmanager software environment, including its system account, directory structure, access control, and variables • customizing COSmanager menus and scripts • the COSmanager user interface. This chapter contains useful information for helping you prepare to install and use COSmanager. However, if you wish to get started immediately, skip to Installing COSMOS on page 27. 8 Overview Management Overview COSmanager facilitates a standard approach to the management of distributed Open Systems data centers, through: • Automation of system management functions • Delegation of operations tasks • Control over data centre operations It provides: • a full suite of powerful system management applications • sophisticated but easy-to-use access controls. COSmanager can only be invoked by authorized users. Users have limited ‘views’ of COSmanager functions based on their roles and responsibilities, enabling tight supervision to be maintained over access to key functions. Controls over shell access and super user privileges are also provided • a standard interface to data center operations, through customized COSmanager menus and interfaces to third-party software • a policies and procedures approach to data center management. COSmanager Applications COSmanager comprises a suite of applications that cover all the main areas of system management. These applications are designed to work well together and to integrate with third-party products. COS/Admin COS/Admin provides a consistent interface to system administration and user management in multi-vendor, multi-host environments. It includes a comprehensive set of facilities that standardize and improve on the basic services provided by individual vendors. COS/Admin services include: • user administration • process management Overview 9 • filesystem management • basic performance monitoring backup3g backup3g provides policy-based backup and data recovery in Open Systems data centers. backup3g’s flexible client/server model supports both centralized and distributed backup models, including backup of non-UNIX clients (NT, Novell, Windows). backup3g also supports: • high-speed file recovery • all standard UNIX backup formats (cpio, dump, tar and raw filesystem) • flexible backup job scheduling, including automated and unattended backups • multi-volume backups • appending backups • tape stackers, jukeboxes and automated tape libraries • drive pooling • full media management • intelligent backup of Oracle databases through the ORAback module COS/Batch COS/Batch has facilities for scheduling, submitting and controlling batch jobs. COS/Batch supports: • job suites, comprising multiple related steps • inter-job dependencies • flexible job scheduling • an unlimited number of queues to stream jobs with similar priority or requirements 10 Overview duty3g duty3g brings automation and scheduling to data center operations. Routine operations and system administration procedures can be encapsulated as duties. Duties can be scheduled to run on particular days or within a time-band. If operator input is required duty3g prompts the appropriate staff at the scheduled time, otherwise it starts the duty automatically. ‘At-request’ duties can be called up at any time. duty3g’s advantages include: • it hides complexity: less-experienced staff can run most tasks without needing to remember complex commands • security: particular tasks requiring root privilege can be delegated to junior staff without them needing to be given the root password • automation: jobs that don’t require operator intervention run automatically at the scheduled time • control: duty3g maintains an audit trail of what duties were performed or skipped, and whether duties that ran succeeded or failed. COS/Patrol COS/Patrol provides application and system resource monitoring, and is designed to increase management efficiency of large-scale distributed computing environments. COS/Patrol features: • proactive management of resources • loadable knowledge modules • built-in self-tuning and load balancing • extensive database and platform support • interoperability with other management solutions COS/Print COS/Print is an advanced network-aware print spooling and print management package for UNIX. COS/Print features: • print queue management, including reprinting and forward- and back-spaccosmos. Overview 11 ing of print jobs • fine control over print job attributes, including job defaults or templates • printer selection based on printer class, location and queue status • support for forms, filters and special stationery • fault alerting and recovery • compatibility with standard UNIX print commands (lp and lpd) COS/Relay COS/Relay takes software from a central host and automatically compresses, distributes and installs it on nominated target hosts. COS/Relay features: • automatic software distribution and rollout • error-checking and auditing • user-defined reusable configuration • access control and security • support for non-UNIX nodes COS/Report COS/Report provides secure report generation, distribution and viewing. • reports can be taken from existing disk files or generated as required by another application or by COS/Report itself • reports can be distributed by any service available on your network, including network printer, e-mail or fax • reports can be broken into logical views, so that information is tailored for different recipients • multiple report generations can be stored on disk and easily retrieved 12 Overview COS/Secure COS/Secure is a flexible framework for implementing your security policies. It provides: • system access control, including control over login access and application access • audit trail management • password strength control • password aging • periodic security checks as recommended by X/Open COS/Sentinel COS/Sentinel provides network-wide event detection, service level monitoring and automated response. COS/Sentinel promotes a ‘service level’ approach to system management, and features: • flexible response to events, including predefined automatic and manuallyinitiated responses and escalation of unresolved problems • notification via e-mail, message box, fax or pager • customized console views, allowing staff to quickly diagnose and resolve problems within their domain • optional knowledge bases for specific RDBMS, applications and clients • interfaces to other system management products such as HP Openview and SunNet Manager COS/Chargeback COS/Chargeback provides comprehensive resource accounting for distributed Open Systems computing facilities. COS/Chargeback lets you monitor and calculate charges for resources such as disk space, memory use, CPU time, and RDBMS use. It features: • data collection by user, group and project • predefined ‘accountants’ for common UNIX and RDBMS services Overview 13 • flexible charging rates • output in graphical or tabular format or by export to a third-party spreadsheet, presentation or data analysis package. 14 Overview Setting Up and Using COSmanager This topic provides an overview of how to install COSmanager and COSmanager applications, including setting up an initial configuration. If you are installing COSmanager for the first time, the steps are: 1. install the COSmanager framework from the distribution tape by running the FSinstall script 2. set up an initial configuration for COSmanager by running a series of configuration tasks from the COSmanager configuration menu 3. install and configure each COSmanager application When you restart COSmanager, the new applications will appear on your COSmanager main menu or button bar. A configuration menu for each application will appear on the Product configuration menu. Note You should only need to run FSinstall once on a host. Once COSmanager is installed, you can use the COSmanager configuration menu to install COSmanager applications or to reinstall or upgrade the COSmanager framework. Overview 15 Figure 1 — Overview of installing and configuring COSmanager 1. Install COSmanager 2. Run COSmanager 3. For each initial configuration from tape using COSmanager product: FSinstall tasks Install application from tape through the COSmanager configuration menu Configure the application through the product’s own configuration menu 16 Overview Installing COSmanager To install COSmanager, you need access to a root shell, a COSmanager distribution tape, and a license key. The main steps in the procedure are: • in a root shell, unload the installation script FSinstall from the distribution tape into /tmp • run FSinstall. FSinstall creates the COSmanager user account and group, then copies the COSmanager files from the tape to the nominated directory • supply a license key to verify that your license is both current and valid for this host • configure Terminfo definitions for all terminal types that will be used with COSmanager The installation procedure is described in full in Installing COSMOS on page 27. Initial Configuration After installation the next step is to set up COSmanager, by logging in to the COSmanager user ID and running some or all of the configuration tasks. During configuration you will create at least one COSmanager user with Manager level access. Once this is done, access via the COSmanager account should be disabled, to prevent login access. The COSmanager account is only intended for initial setup. The configuration procedure is described in detail in Configuring COSMOS on page 35. This involves setting up details of the system management environment and specific functions to be performed. Standard configuration uses a wide range of default settings, to which you add details of your system environment, users and administration procedures. Customized configuration is more complex and would normally be used when setting up larger networked environments or more complex installations. Overview 17 Detailed planning of system management policies and procedures should take place prior to configuring COSmanager. Your COSmanager distributor can assist. Once you have installed and configured the COSmanager framework the next task is to install your COSmanager applications. See Installing COSMOS Applications and Modules on page 67. Starting COSmanager COSmanager is invoked by using the cos command. All attempts to invoke COSmanager applications are logged. Authorized COSmanager users are system users who have been added to the COSmanager users table. They are given access to COSmanager using their own individual security profile. System groups can also be added to the COSmanager users table, so users in these groups have general access to COSmanager even if they are not individually listed as COSmanager users. Users who are not in the COSmanager users table either personally or through their group have the privileges of the DEFAULT COSmanager user. Initially this gives only display capability. You can add other capabilities to expand access for DEFAULT users. If you remove all capabilities from the DEFAULT user then only authorized users and groups can access COSmanager. The GUI version of the main menu is a button bar: Figure 2 — COSmanager button bar (GUI version) Note The options displayed depend on the user’s security profile and on which applications are installed. 18 Overview Selecting a button launches the main menu or window for the corresponding application. You can also launch an application directly from the command line: cos application-name [ -v version ] Examples: See the cos(1) manual page for a full description of the cos command. cos sentinel launches the default version of COS/Sentinel. cos sentinel -v 1.0 launches version 1.0 of COS/Sentinel. Overview 19 The COSmanager Environment This section gives a brief overview of COSmanager’s software environment. It describes COSmanager’s directory structure, interfaces, and startup procedure, and touches on customization, licensing, access security, and support procedures. The COSmanager Environment COSmanager creates an entry in the system password and group files, both called COSmanager. The password for the COSmanager account is set during the installation phase. This account is only used for the initial configuration. COSmanager is installed in the home directory of the COSmanager account, by default /usr/COSmanager, though you can choose a different directory. All the files are owned by COSmanager and belong to the COSmanager group, except for a handful of setuid commands and COSmanager tables that are owned by root or belong to group other. COSmanager creates its application framework and audit trails in the system spool area, and creates a crontab entry to cycle the audit trails automatically. COSmanager does not modify the UNIX kernel in any way. Only authorized COSmanager users can use a COSmanager application. Access control within COSmanager is provided through roles and capabilities, which determine each user’s ability to view or modify an application’s configuration or to run selected menu options. COSmanager sets a number of variables in each COSmanager user’s environment when they start COSmanager. These mostly define directory names and the user’s access capabilities. You can check your environment by exiting to a shell from within COSmanager and running env. The user interface is provided through a series of software tools called the Functional Toolset (see fs_tools(1)). Data management is handled by a set of relational database commands called The Functional Database (see db(1)). The database provides well-defined interfaces to UNIX files, abstracted in terms of the relational database model. 20 Overview Figure 3 — COSmanager application structure COSmanager Startup Procedure The cos command sets up the environment for the COSmanager user. Its main functions are as follows: • display COSmanager version information (GUI) • check that at least one COSmanager application has a valid licence • increase ULIMIT for this process to the maximum, to allow recovery of large files (ULIMIT is a system configuration parameter that defines the maximum size for a file) • execute the COSmanager profile. This sets environment variables containing print output control information, search paths, the preferred date format, and other settings Note Don’t edit the COSmanager profile. All these variables can be set from the Global parameters option under COSmanager configuration. • create environment variables describing COSmanager’s directory structure: its home directory ($APPL_HOME), the location of the database tables User Interface Application- Specific Programs Data Management The Functional Toolset The Functional Database COSmanager COS/Sentinel backup3g duty3g … Overview 21 ($APPL_DB), and the application path ($APPL_PATH) • create environment variables for each of this user’s roles and capabilities. These determine which COSmanager facilities the user can access • check that one of the hosts on the network has been defined as the Master Administration Host • if any application details have changed, rebuild this user’s top-level menu and Product configuration menu • if authentication is required, ask for the user’s password • display the top-level menu or button bar for this user. Application Startup Procedure When you launch an application from the COSmanager main menu or through the cos command, the following steps are also performed: • check that the current version of the COSmanager framework is at least the minimum version required by this application • if there is an application password, ask the user to enter it • if authentication is required, ask for the user’s password • prepend the application’s directories to the search paths. • if an add-on module is installed under the application, prepend the module’s directories to the search paths • create environment variables for any local roles and capabilities. These determine which facilities the user can access in this application • if there is an application profile, execute it. This sets any application-specific environment variables • display the application’s top-level menu or button bar for this user. To check the COSmanager environment If you have shell access you can examine the environment variables created by COSmanager. 1. Exit to a shell from the COSmanager pulldown. Run the env command and save the output in a file. 22 Overview 2. Exit to a shell from a COSmanager application. Run the env command and save the output in a second file. 3. Exit from COSmanager. Run env from the command line and save the output in a third file. 4. Compare the output from the three env commands. Licensing COSmanager uses a host-based licensing scheme. You supply information for each host on which the COSmanager framework and any COSmanager applications are to be run. Your COSmanager distributor will give you a set of license keys and product strings that encode information about which applications can be run on each host, and for how long (that is, whether for a trial period or indefinitely). Caution Do not change the license key or product string. This will invalidate your license. You will be prompted to enter the license key and product string during the installation procedure. Upon request, licensed COSmanager customers will be granted free of charge the right to use The Functional Toolset to develop local software applications on designated hosts. The COSmanager User Interface The user interface to all COSmanager applications is provided through a series of reusable software tools known collectively as The Functional Toolset. Both graphical (GUI) and character (CUI) mode interfaces are provided. The GUI mode features a Motif-style ‘look and feel’. The CUI mode features a fullscreen mode with support for function keys and pop-up windows. As there are only a handful of different types of screen, the interface is very easy to learn. Overview 23 Keyboard traversal in the GUI interface is consistent with the CUI version. This allows users to swap between X displays and character terminals with minimal retraining and without loss of productivity. The interface is described in detail in Appendix A—the COSMOS User Interface. Customizing COSmanager You can customize COSmanager menus, shell scripts and prompt forms to suit your site’s needs. For example, you can use COSmanager as a consistent front end to all your system administration applications by adding new options to existing COSmanager menus or to the application table. Caution Don’t change the original COSmanager scripts. If you do, it will harder to upgrade COSmanager and your changes may be lost. Instead, copy the file to the corresponding local directory and edit the copy. The standard COSmanager scripts are stored in several subdirectories under $APPL_HOME, including: There is a parallel directory hierarchy for your custom scripts; $APPL_HOME/local. The COSmanager environment includes path variables listing the directories to be searched for menus, executables and prompt forms. Scripts in the local directories appear earlier in the path than scripts of the same name in the COSmanager distribution. Caution Don’t customize the COSmanager main menu COSmanager.menu or the COSmanager configuration menu COSconfig.menu. These are generated automatically whenever the application table is updated, so any manual edits you make will be overwritten. $APPL_HOME/menu menu description files $APPL_HOME/prompt prompt forms $APPL_HOME/bin scripts and executables 24 Overview To add an option to the main COSmanager menu or button bar, add an entry to the application table. See To Add a Local Application on page 83. Access Security COSmanager users are assigned one or more roles. Each role identifies a responsibility or class of users in your organization, for example ‘Senior Operator’ or ‘User’. Within each COSmanager application, roles are defined in terms of the access capabilities they grant. In turn, capabilities determine what menu options and actions the user can perform. Users are granted access to COSmanager via options in the COSmanager configuration menu. The default configuration (as distributed) includes the COSmanager user account, which is specified with the highest security level and super user privileges. This is provided to enable initial setup of security levels and super users. A number of roles are provided with COSmanager, including Manager, Config, Admin, Auditor, User, and SeniorOp. Note Changes made to a user’s security profile don’t come into effect until the next time the user invokes COSmanager. Many functions, particularly those that modify system files and COSmanager tables, require specific access capabilities. Users who do not have the right capabilities will not be able to access or even view these functions. Application Development The Functional Toolset is the enabling technology used to develop COSmanager applications. It comprises a suite of reusable software tools and a database management system. Overview 25 The tools implement a consistent and well-defined user interface. The database allows full relational databases to be built and manipulated under UNIX using flat files for tables. Upon request, licensed COSmanager customers will be granted free of charge the right to use the Toolset to develop local software applications on designated hosts, for example to add to the facilities provided by COSmanager. See your COSmanager distributor to apply for a license. Note Support for local applications developed using the Toolset may be provided at the discretion of your COSmanager distributor. Such support is not covered under the terms and conditions of the COSmanager maintenance agreement. Customer Support Procedures On installation of COSmanager, clients will be provided with support service contact numbers and details of problem management procedures. Problems that are notified to Functional Software will be logged and tracked through to resolution. Normally, software modifications will not be distributed immediately to clients. At regular intervals, these modifications will be incorporated into a new version of COSmanager.
Where to from here
Installing COSmanager Applications and Modules
Managing COSmanager Applications