Professional Documents
Culture Documents
Version 7.1
Copyright 2002 BMC Software, Inc., as an unpublished work. All rights reserved. BMC Software, the BMC Software logos, and all other BMC Software product or service names are registered trademarks or trademarks of BMC Software, Inc. All other registered trademarks or trademarks belong to their respective companies. PATROL technology holds U.S. Patent Number 5655081. THE USE AND CONTENTS OF THIS DOCUMENTATION ARE GOVERNED BY THE SOFTWARE LICENSE AGREEMENT ENCLOSED AT THE BACK OF THIS DOCUMENTATION.
Telephone Fax
Customer Support
You can obtain technical support by using the Support page on the BMC Software Web site or by contacting Customer Support by telephone or e-mail. To expedite your inquiry, please see Before Contacting BMC Software.
operating system and environment information machine type operating system type, version, and service pack or other maintenance level such as PUT or PTF system hardware configuration serial numbers related software (database, application, and communication) including type, version, and service pack or maintenance level
iii
sequence of events leading to the problem commands and options that you used messages received (and the time and date that you received them) product error messages messages from the operating system, such as file system full messages from related software
iv
Contents
Contents
Chapter 1 Product Components and Capabilities
PATROL Central Operator Features . . . . . . . . . . . . . . . . . . . . . . . . . 1-2 How PATROL Central Operator Fits into PATROL Central . . . . . . . 1-3 How PATROL Central Operator Fits into PATROL . . . . . . . . . . . . . 1-4 Related Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-6 Accessing Online Help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-7 Accessing Books and Release Notes . . . . . . . . . . . . . . . . . . . . . . . . . 1-8 Where to Go from Here . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-8
Chapter 2 Installing PATROL Central Operator
Implementation Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-2 The PATROL 7.x Environment . . . . . . . . . . . . . . . . . . . . . . . . . . 2-2 Considerations for Determining Which Web Server to Use . . . . 2-3 Firewalls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-7 Installing PATROL Central Operator . . . . . . . . . . . . . . . . . . . . . . . . 2-8 Workflow for Installing PATROL Central Operator . . . . . . . . . . 2-8 Installable Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-9 System Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-10 Choosing a Typical or Custom Installation . . . . . . . . . . . . . . . . . 2-14 Required Information for a Typical Installation . . . . . . . . . . . . . 2-15 Required Information for a Custom Installation . . . . . . . . . . . . . 2-22 Installation Worksheets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-25 Installing PATROL Central Operator on Windows . . . . . . . . . . . 2-30 Installing PATROL Central Operator on Unix . . . . . . . . . . . . . . 2-43 Directory Structure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-59 Backing Up and Restoring PATROL Central and Console Modules 2-60 Where to Go from Here . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-61
Contents
Chapter 3
Configuring Your Environment for PATROL Central Operator and Running the Web Server
Setting Up User Accounts and Groups . . . . . . . . . . . . . . . . . . . . . . .3-2 User Accounts and Groups on the PATROL Console Server . . .3-2 User Accounts on Managed Systems . . . . . . . . . . . . . . . . . . . . .3-4 General Guidelines for Setting Up User Accounts and Groups .3-5 About PATROL Central Administration . . . . . . . . . . . . . . . . . . .3-7 Starting PATROL Central Administration . . . . . . . . . . . . . . . . . .3-8 Starting Related Programs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-8 Starting and Stopping the RTserver . . . . . . . . . . . . . . . . . . . . . . .3-9 Starting the PATROL Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-11 Starting the PATROL Console Server . . . . . . . . . . . . . . . . . . . . .3-13 Managing Services on Windows . . . . . . . . . . . . . . . . . . . . . . . . .3-15 Starting and Stopping the Web Server . . . . . . . . . . . . . . . . . . . . . . . .3-16 Starting and Stopping the Tomcat Servlet Container for the IIS Web Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-17 Starting and Stopping the Apache Web Server . . . . . . . . . . . . . .3-18 Starting and Stopping the Tomcat Standalone Web Server . . . . .3-19 Verifying the Installation and Execution of the Web Server and Related Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-20 Where to Go from Here . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3-21
Chapter 4 Monitoring and Managing Your Enterprise with PATROL Central Operator
Web Browser Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-2 Solaris OS Patches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-3 About the Java Plugin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-3 About Installing or Accepting the Certificate . . . . . . . . . . . . . . .4-5 Setting Up Your Monitoring Environment . . . . . . . . . . . . . . . . . . . . .4-5 Accessing PATROL Central . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-6 The PATROL Central Console Infrastructure . . . . . . . . . . . . . . .4-7 Accessing PATROL Central Operator . . . . . . . . . . . . . . . . . . . . .4-9 About Your Management Profile . . . . . . . . . . . . . . . . . . . . . . . . .4-11 Connecting to a PATROL Console Server and Selecting a Management Profile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-12 Adding Managed Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-16 Loading PATROL KMs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-19 Where to Go From Here . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4-22
vi
Chapter 5
Compatibility and Functionality . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-2 PATROL Agent Compatibility . . . . . . . . . . . . . . . . . . . . . . . . . . 5-2 KM Compatibility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-2 Developer Functionality . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-3 Differences Between PATROL Console for Windows or PATROL Console for Unix and PATROL Central Operator . . . . . . . . . . . . . 5-3 Communications with Managed Systems . . . . . . . . . . . . . . . . . . 5-4 Session and Desktop Files Versus Management Profiles . . . . . . 5-4 Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-5 User Administration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-5 User Names and Passwords for Managed Systems . . . . . . . . . . 5-6 Computer Name and Port Number Versus Managed System Name . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-6 Event Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-7 Customizations Versus Overrides . . . . . . . . . . . . . . . . . . . . . . . . 5-7 State Change Actions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-7 KM Version Arbitration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-8 Chart History . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-8 Location of Task Icons . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-9 KMs in the PATROL Object Namespace . . . . . . . . . . . . . . . . . . 5-9 Running Menu Commands and InfoBox Commands . . . . . . . . . 5-10 Migrating Console Information from PATROL Console for Windows or PATROL Console for Unix . . . . . . . . . . . . . . . . . . . . 5-10
Appendix A Troubleshooting PATROL Central Operator
Common Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . The Web Server Will Not Start . . . . . . . . . . . . . . . . . . . . . . . . . On Solaris, the Web Server Dies at Startup . . . . . . . . . . . . . . . The PATROL Central Web Page Is Not Available . . . . . . . . . . The RTserver or PATROL Console Server Is Not Responding Users Cannot Log on . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Users Cannot Add a Managed System . . . . . . . . . . . . . . . . . . . Users are Prompted to Log on to a Managed System . . . . . . . . No Online Help Exists for a Specific KM . . . . . . . . . . . . . . . . PATROL Central Does Not Prompt for Password in Attended Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Users Are Told to Accept the Certificate, But Are Never Allowed To Do So . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
A-2 A-3 A-3 A-4 A-5 A-6 A-8 A-9 A-9 A-10 A-10
Contents
vii
Gathering Troubleshooting Information . . . . . . . . . . . . . . . . . . . . . Installation Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Web Server Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Client Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Checking Which PATROL Central Ports Are In Use on Unix . Obtaining Version, System and Contact Information . . . . . . . . Dealing with Web Server Issues . . . . . . . . . . . . . . . . . . . . . . . . . . .
Appendix B Enhancing Web Server Security
About Limiting the Web Server Account . . . . . . . . . . . . . . . . . . . . . About Locking Down Files and Directories . . . . . . . . . . . . . . . . . . How Locking Down Files and Directories Works . . . . . . . . . . . When to Lock and Unlock Files and Directories . . . . . . . . . . . Locking and Unlocking Files and Directories . . . . . . . . . . . . . . About the Keystore Password and Self-signed Certificate for the Apache Web Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . About the Keystore Password and the Apache Policy File . . . . Replacing the Self-signed Certificate . . . . . . . . . . . . . . . . . . . . About Attended and Unattended Modes for the Apache Web Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Appendix C Modifying Initialization Settings After Installation
Location of the Startup Configuration File . . . . . . . . . . . . . . . . . . . C-2 About Modifying the Startup Configuration File . . . . . . . . . . . . . . C-2 What You May Modify . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C-3
Appendix D Index Environment Variables
viii
This chapter provides an overview of the PATROL Central Operator Web Edition product for users and administrators of PATROL Central Operator. This product is also called PATROL Central Operator. PATROL Central Operator Features . . . . . . . . . . . . . . . . . . . . . . . . . 1-2 How PATROL Central Operator Fits into PATROL Central . . . . . . . 1-3 How PATROL Central Operator Fits into PATROL . . . . . . . . . . . . . 1-4 Related Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-6 Accessing Online Help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-7 Accessing Books and Release Notes . . . . . . . . . . . . . . . . . . . . . . . . . 1-8 Where to Go from Here . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-8
1-1
PATROL Central Operator is part of the PATROL 7.x architecture. It communicates with PATROL Agents through the Real Time server (RTserver) and the PATROL Console Server. The PATROL Console Server acts as a centralized repository for storing PATROL Central Operator data in management profiles and serves as a mid-level tier to deliver data from managed systems to PATROL Central Operator, thereby reducing network traffic. For more information about PATROL Console Server and RTserver, see the PATROL Console Server and RTserver Getting Started.
System Monitoring and Managing
From PATROL Central Operator, you can view the state of resources, such as managed systems, applications, and parameters that are managed by PATROL. You can also perform basic PATROL operator console functions on those objects, such as parameter customizations, event management, managed system queries, and KM commands.
Note
PATROL developer functionality is not supported by PATROL Central Operator. For development functionality, use the PATROL Console for Windows or PATROL Console for Unix in developer mode.
1-2
Custom Views
You can create custom views in your management profile. A custom view is a single window that can display multiple objects. For example, you can create a custom view to display the charts of several parameters together.
1-3
For a more complete understanding of PATROL architecture, see the PATROL Fundamentals online Help.
1-4
Figure 1-1
Console Systems
Web browser
Common Services
PATROL Central Web Edition PATROL Central Operator Web Edition Other console modules RTserver Cloud
Managed Systems
PATROL Agent (version 3.5) Install PATROL solutions (KMs) for resources on each system.
PATROL products and solutions may require additional files installed throughout the infrastructure.
1-5
Related Documentation
PATROL Central Operator is supported by the following documents: PATROL Central Web Edition online Help PATROL Central Operator Web Edition online Help PATROL Central Administration Web Edition online Help PATROL Fundamentals online Help PATROL Central Operator Web Edition Getting Started PATROL Central Operator Web Edition Release Notes PATROL Console Server and RTserver Getting Started PATROL Installation Reference Manual PATROL Security User Guide PATROL Infrastructure Planning Guide
1-6
Do This
In the upper-right corner of the PATROL Central interface, click the Help icon and choose PATROL Central Help.
PATROL Central and console module pages, including fields PATROL Knowledge Modules
In the upper-right corner of the PATROL Central interface, click the Help icon and choose PATROL KM Help.
In the tree view area, right-click the application instance or class and choose Help. In the tree view area, right-click the parameter and choose Help.
1-7
See...
Chapter 2, Installing PATROL Central Operator and the PATROL Installation Reference Manual Chapter 3, Configuring Your Environment for PATROL Central Operator and Running the Web Server Chapter 4, Monitoring and Managing Your Enterprise with PATROL Central Operator Chapter 5, Using the PATROL 3.x and PATROL 7.x Consoles
1-8
2-1
Implementation Considerations
This section provides an overview of things to consider when implementing PATROL Central Operator and the PATROL 7.x architecture. For more information about implementation, see the PATROL Infrastructure Planning Guide and run the PATROL Infrastructure Planner.
The size of your environment and number of concurrent users determines the number of PATROL Console Servers and RTservers you need. For detailed explanations and guidance, see the PATROL Infrastructure Planning Guide. For more information about installing PATROL Console Server and RTserver, see the PATROL Console Server and RTserver Getting Started. For more information about installing PATROL Agent and PATROL KMs, see the getting started guide for the product or solution you are installing.
Note
You must enable the PATROL Agent 3.5 to communicate with the RTserver before you can use PATROL Central Operator to monitor that managed system. For more information, see the PATROL Console Server and RTserver Getting Started.
2-2
Unix
The Tomcat servlet container is installed with PATROL Central, regardless of the Web server that you choose. This servlet container runs Java code for PATROL Central.
IIS Web Server with Tomcat Servlet Container (Windows)
If you choose to integrate with Microsoft Internet Information Services (IIS), IIS must already be installed on the computer on which you want to install PATROL Central. The Tomcat servlet container will be installed when you install PATROL Central. The installation will add a virtual directory and an ISAPI filter, both named PATROLCentralWebEdition, to the selected IIS Web Site instance. The ISAPI filter redirects execution of Java pages to the Tomcat servlet container. IIS must be configured to support HTTPS. For specific instructions, consult your IIS documentation. As part of the process, you must obtain a trusted root certificate from a certificate authority. The certificate is required to enable Secure Sockets Layer (SSL) for the Web server. See About Certificates on page 2-6. For more information about obtaining and installing a certificate, see Certificate Information (IIS Only) on page 2-18.
2-3
If you choose to integrate with Apache version 1.3.26, both Apache and the Tomcat servlet container will be installed with PATROL Central. A new instance of Apache will be installed, even if there already is an instance of Apache on the computer. If there will be multiple Web servers on the computer, you must make certain that they do not use conflicting ports. For more information, see Web Server HTTP and HTTPS Ports (Apache and Tomcat Only) on page 2-24. A self-signed certificate is created for you, using information that you enter during the install. However, this certificate is not signed by a trusted root. You might want to replace it with a certificate from a certificate authority. For more information about the information you must provide for the certificate, see Certificate Information (Apache and Tomcat Only) on page 2-20.
Tip
For more information about Apache, see the Apache HTTP Server Web site at http://httpd.apache.org or the Apache documentation installed with Apache at http://hostname:port/manual, where hostname is the name of the server, and port is its HTTP port.
2-4
If you choose to use the Tomcat standalone Web server, then Tomcat, including the Tomcat servlet container, will be installed with PATROL Central. A new instance of Tomcat will be installed, even if there already is an instance of Tomcat on the computer. If there will be multiple Web servers on the computer, you must make certain that they do not use conflicting ports. For more information, see Web Server HTTP and HTTPS Ports (Apache and Tomcat Only) on page 2-24. A self-signed certificate is created for you, using information that you enter during the install. This certificate is sufficient for use in a test environment. For more information about the information you must provide for the certificate, see Certificate Information (Apache and Tomcat Only) on page 2-20.
Note
Good practice recommends that the Tomcat standalone Web server not be used in production environments. The Tomcat standalone Web server is not as fast or secure as Apache or IIS.
Tip
For more information about Tomcat, see the Jakarta Project Web site at http://jakarta.apache.org/tomcat or the Tomcat documentation installed with Tomcat at http://hostname:port/tomcat-docs, where hostname is the name of the server, and port is its HTTP port.
2-5
About Certificates
A Web server requires a digital certificate, which identifies the source of online transactions. This certificate is contained in a keystore for the Web server. Which Web server you use and the level of security you want determine the type of certificate you use. A certificate can be self-signed or provided by a certificate authority. A certificate provided by a certificate authority provides the browser user with more confidence that the server delivering the certificate is authentic. A certificate authority, also referred to as the certificate signing authority, is a trusted public or private organization that signs certificates using a private key unique to their organization. A certificate is validated by a hierarchy of certificate authorities that approve the certificate. This process is called a chain of trust. The final certificate authority in the chain is called the trusted root certificate authority or trusted root. Certificates also contain the name of the Web site to ensure that they are not arbitrarily moved. The Web browser will notify the user if the Web site in the certificate does not match the URL being viewed.
2-6
Firewalls
How you deal with a firewall depends on where it is located. If a firewall separates the Web server from Web browser clients, configure the firewall to allow HTTP and HTTPS communications. If a firewall separates the Web server from the computer with PATROL Console Server, install an RTserver on at least one computer on each side of the firewall. The RTservers communicate across the firewall as a single RTserver cloud. The Web server communicates with the part of the RTserver cloud on its side of the firewall. The RTserver cloud is responsible for carrying messages across the firewall.
Note
For information about configuring the RTserver cloud to work with firewalls, see the PATROL Console Server and RTserver Getting Started.
2-7
5 If needed, create
accounts as indicated in the installation information.
2-8
Installable Components
The following table lists components that can be installed as part of PATROL Central Operator.
Component
PATROL Central Operator PATROL Central Administration
Comments
This is the primary component of PATROL Central Operator. It is a console module for PATROL Central. This component provides administration of user access to PATROL. It is a console module for PATROL Central. For more information, see About PATROL Central Administration on page 3-7. This component provides the console infrastructure for console modules, such as PATROL Central Operator and PATROL Central Administration. It is automatically installed when you install a console module. Do not install PATROL Central by itself, unless you also install a different product that instructs you to do so. These help files are necessary for providing KM Help for PATROL Central Operator.
PATROL Central
KM Help Files
Before installing any of these components, ensure that the system requirements have been met (see System Requirements on page 2-10) and that you know all of the required information (see Required Information for a Typical Installation on page 2-15 and Required Information for a Custom Installation on page 2-22).
2-9
System Requirements
This section lists the system requirements for the installable components listed under Installable Components on page 2-9. You do not need to install any PATROL Central Operator components on client computers. For requirements for client computers, see Web Browser Requirements on page 4-2. Minimum Requirements
One of the following operating systems: Red Hat Linux 6.2 Red Hat Linux 7.1 Red Hat Linux 7.2 Solaris 2.7 / 7 (32, 64 bit) Solaris 8 (32, 64 bit) Windows 2000 Advanced Server - SP2 Windows 2000 Datacenter Server - SP2 Windows 2000 Server - SP2 Windows NT 4 Enterprise Edition - SP6A Windows NT 4 Server - SP6A See Solaris OS Patches on page 2-11. For security purposes, if you use a Windows system, you must use an NTFS system. FAT volumes are not supported.
Comments
You need less disk space if you do not install all of the components. The processor and memory required depends on the size of your environment. See Processor and Memory Requirements on page 2-11. See Considerations for Determining Which Web Server to Use on page 2-3 for more information.
One of the following Web servers IIS v4.0 (Windows NT) IIS v5.0 (Windows 2000) Apache v1.3.26 (Unix, installed with PATROL Central ) Tomcat v4.0.1 standalone (Windows or Unix, installed with PATROL Central) PATROL environment 100 mbps network speed
2-10
Solaris OS Patches
The latest patches for Solaris must also be installed, including the J2SE patch cluster for your version of Solaris. These patches can be retrieved from the Solaris maintenance Web site at http://sunsolve.sun.com.
Warning
The patches are necessary to address multiple problems that can range from subtle usage problems to crashes.
The processor and memory requirements vary, depending on the size of your environment. Each Web browser client is considered one console. Small environments have less than 100 managed systems and three to five consoles. Medium environments have less than 500 managed systems and five to ten consoles. Large environments have more than 500 managed systems and ten or more consoles. A typical large environment might include 1000 managed systems across multiple sites.
The following table lists processor and memory requirements for small, medium, and large environments. Minimum and recommended requirements are listed; use the recommended requirements for better performance or to support a number of console users greater than those listed in the definitions above.
2-11
Resource
Processora
Minimum Requirements
Recommended Requirements
Small environment
Single processor, Intel Pentium III at 800 Mhz (Linux and Windows) Single processor, SUN Ultra 10 at 300 MHz or Netra X1 at 400 MHz (Solaris) 512 MB Dual processor, Intel Pentium III at 800 Mhz (Linux and Windows) Dual processor, Solaris UltraSPARC 220R at 450 MHz (Solaris) 1 GB
Server memory
Medium environment
Processora Dual processor, Intel Pentium III at 800 Mhz (Linux and Windows) Dual processor, SUN Ultra 220R at 450 MHz (Solaris) 1 GB Dual processor, Intel Pentium III at 1400 MHz (Linux and Windows) Dual processor, SUN Ultra 280R at 750 MHz (Solaris) 2 GB
Server memory
Large environment
Processora Dual processor, Intel Pentium IV 1000 Mhz (Linux and Windows) Dual processor, SUN Ultra 280R at 750 MHz (Solaris) 2 GB Three- or four-processor, Intel Pentium IV 1000 Mhz (Linux and Windows) Dual processor, Solaris UltraSPARC 280R at 750 MHz (Solaris) 3 GB
Server memory
a
Specific processors are listed as examples only. You can use an equivalent processor.
2-12
Scalability Guidelines
Use the following guidelines to determine how many PATROL Central Web servers to use. Implement one PATROL Central Web server for each location. Implement PATROL Central Web server for approximately every 25 Web browser clients. This number varies, depending on what the Web browser clients are used for, and the performance burden being placed on the Web server.
Tip
For best performance, especially in a large environment, install PATROL Central and its console modules on a dedicated computer. For information on scalability considerations, see the PATROL Infrastructure Planning Guide.
2-13
You must use a Custom installation in the following cases: You want to use a security level greater than basic security. You want to install only some of the components. For example, you want to install only one console module, or you want to install KM help for only some KMs. You want to use specific ports other than the defaults. For example, you have another instance of Apache on the same computer that already uses the default ports. You want to use a specific IIS Web site instance, other than the default. You want to use a specific name for the PATROL Central sub-directory, other than the default.
2-14
The base installation directory is the location where you will install all products that you select. Additional directories will be created under the base installation directory. The default for this directory on Windows is C:\Program Files\BMC Software. The default on Unix is /opt/bmc. This directory is stored as the $BMC_ROOT or %BMC_ROOT% environment variable.
Note
All BMC Software products installed on the same computer must share the same installation directory.
Web Server
You must select which Web server to use. For more information, see Considerations for Determining Which Web Server to Use on page 2-3.
Root Login and Password (Unix only)
On Unix, you must specify the Root login name and password.
2-15
Both the PATROL Central console infrastructure and individual console modules use PATROL Console Servers. A PATROL Console Server can serve different purposes for PATROL Central and each console module. PATROL Central uses a PATROL Console Server as a security server to authenticate users. Only users who have accounts known to that PATROL Console Server can use PATROL Central or any of its console modules. Individual console modules can use the same PATROL Console Server as PATROL Central or additional PATROL Console Servers, depending on the console module. For example, in PATROL Central Operator, users can open management profiles on the PATROL Console Server used by PATROL Central or other PATROL Console Servers.
You specify the PATROL Console Server for PATROL Central during the install of PATROL Central. For information about changing this PATROL Console Server after installation, see Appendix C, Modifying Initialization Settings After Installation.
Tip
You identify a PATROL Console Server by name. By default, this name is the host name of the PATROL Console Server; however, a different name can be specified when starting the PATROL Console Server. Do not use the IP address. You can use additional PATROL Console Servers with individual console modules by including them in the RTserver cloud. For more information, see the PATROL Console Server and RTserver Getting Started. For more information about setting up user accounts on PATROL Console Servers, see Setting Up User Accounts and Groups on page 3-2. For more information about the role of the PATROL Console Server, see the PATROL Console Server and RTserver Getting Started.
BMC Software, Inc., Confidential and Proprietary Information
2-16
Web Server User Name and Group (Apache and Tomcat Only)
Before you install PATROL Central, you must create an operating system account for the Web server. The installation will ask you for the user name for the account. Do not use this account for any other purposes. On Unix, you must also be logged on as this account when you run the install. On Unix, you must also create an operating system group for the Web server account, and the account should belong to only this Web server group for security purposes. The installation will also ask you for the group name.
Example Commands for Creating the Account and Group on Unix
On Unix, to create a user and group, both called wwwadmin, and give the account a password, issue the following commands as root:
groupadd wwwadmin useradd -m -g wwwadmin wwwadmin passwd wwwadmin
You use this account to run the install, so you must also ensure that it can create the base installation directory. For example, issue the following commands to change the permissions for the wwwadmin account on the BMC_base_directory directory:
chmod ugo+rwx BMC_base_directory chown wwwadmin BMC_base_directory
2-17
If you choose to integrate with IIS, you must have a trusted root certificate from a certificate authority. The certificate is required to enable Secure Sockets Layer (SSL) for the Web server. See About Certificates on page 2-6. The general process for obtaining and installing a certificate from a certificate authority for IIS is as follows. For detailed instructions about using IIS, refer to the documentation for that product. 1. Use IIS to create a Certificate Signing Request (CSR).
Note
When creating the CSR, you must specify a bit length of 1024. This will make the certificate more secure. IIS creates a CSR in the format filename.txt, and stores it on your system in the specified directory. A typical CSR is shown below:
-----BEGIN NEW CERTIFICATE REQUEST-----MIIBpTCCAQ4CAQAwZTefgAkGA1UEBhMCVVMxCzAJBg NVBAgTAlRYMRAwDgYDVQQHEwdIb3VzdG9uMRUwEwYDVQQKEwxCTUMg U29mdHdhcmUxEjAQBgNVBAsTCXRlY2ggcHViczEMMAoGA1UEAxMDZG 9jMabcMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCyEsLg33WKokpN A4W+4eeZDxR0F/e6kr3FkdDU54JKZ0nDeXqCHKz+rVM27ahiFksUJv obnZDiZIWpearlizdfHsI37dzTxCCkfNxyzOkd/xfMIFnREq6ktYRt 3pg39LDXSC15LiJsDCgA4SG5sTBsDQv5HjITFtS8OzWpf8lQIDAQAB oAAwDQYJKoZgeorgeEBQADgYEAV/sb0tY37LvAg2XYLgLz5uKtqLWm kRJJI14pJGCrl+UVBxH/WM9VOVef2TE6lItJX24HWABb0hijsjan25 jSH5y0J0z9ZGWDJESE+3lmnopy60DkQkpcQT6v/q+7fzqRn/GziAPj Vx6huc/Sw+XMN4sVMZ6uKbrunLQQ0Vcks=-----END NEW CERTIFICATE REQUEST-----
2-18
2. Send the CSR text to the certificate authority. Several certificate authority vendors allow you to copy and paste the CSR text to their Web sites. The certificate authority typically generates a signed certificate in the format filename.cer. 3. Obtain the signed certificate from the certificate authority vendor. Several certificate authority vendors allow you to download the signed certificate from their Web sites. 4. Use IIS to install the signed certificate.
2-19
You must provide the following information for the self-signed certificate created during the installation.
Note
Commas in any of the fields will be converted to spaces. Commas are used internally as delimiters by the certificate generation tool.
Field
keystore password
Description
This is the password used to protect the keystore and the certificate. It must be at least eight characters for the Apache Web server or six characters for the Tomcat standalone Web server. This is the name of the Web server, as it will be specified in the URL for accessing the PATROL Central Web site. The Web browser will compare the server domain name in the certificate to the URL used to access the Web server. If they differ, a warning will be displayed by the browser. These fields identify your organization. These fields identify the location of your organization.
organization name and organizational unit name city, state, and country
2-20
Note
If you choose the Tomcat standalone Web server, due to limitations of the Web server implementation, the keystore password is stored unencrypted in the Tomcat server.xml file. Although this file can be read by only the Web server account, it is vulnerable if that account is compromised. Although BMC Software is not aware of such a vulnerability at present, we recommend that a nonsensitive password be used. BMC Software also recommends that you do not add sensitive certificates to the Tomcat keystore in the event that the password is discovered. The site-specific, self-signed certificate deployed during the product installation is usually sufficient.
RTserver
You must specify which RTserver to use. The format is protocol:hostname:port. The default is tcp:localhost:2059. You can use this default only if PATROL Central will use an RTserver on the local computer with the default port. For more information, see PATROL Console Server and RTserver Getting Started. For information about changing this value after installation, see Appendix C, Modifying Initialization Settings After Installation.
2-21
If you use a Custom installation, you must manually select the appropriate KM Help files for your environment on the Select Products and Components to Install screen. Users of PATROL Central Operator will not be able to access KM Help unless the KM Help files are installed on the Web server.
PATROL Central Sub-directory
The installation program creates a sub-directory for PATROL Central under the base installation directory. On Windows, the default for this directory is WebCentral. On Unix, the default is webcentral.
PATROL Security Information
You must set the level of security that you want to use. For more information, see the PATROL Security User Guide.
Note
The security level must match the security level of other PATROL components that you will be communicating with.
2-22
The Tomcat servlet container listens for termination messages on the shutdown port. The port does not need to be visible outside the Web server; however, no other applications can use this port. The default port is 8005.
Apache-Jakarta Protocol Version 13 Port (IIS and Apache Only)
The Apache-Jakarta Protocol version 13 port is used by the IIS and Apache Web servers to communicate with the Tomcat servlet container. The port does not need to be visible outside the Web server; however, no other applications can use this port. The default port is 8009.
IIS HTTPS Ports (IIS Only)
This is the port that IIS is configured to use for secure communications. The default HTTPS port is 443. For information about changing this value after installation, see Appendix C, Modifying Initialization Settings After Installation.
2-23
Web Server HTTP and HTTPS Ports (Apache and Tomcat Only)
The Web server uses these ports for unsecure (HTTP) and secure (HTTPS) communications. If there will be multiple Web servers on the computer, make sure that each Web server uses a different set of ports. If a port is already in use when you run the install, the install will prompt you to specify a different port. The default HTTP port is 80. The default HTTPS port is 443. If you do not use the default HTTP port, users will have to include the port number in the URL for accessing the PATROL Central Web site. For example, if the Web server myserver is using port 8080, view the URL http://myserver:8080. For information about changing the HTTPS port after installation, see Appendix C, Modifying Initialization Settings After Installation.
IIS Web Site Instance (IIS Only)
IIS can support multiple Web site instances. The install retrieves the list of Web site instances from the IIS metabase. Each Web site instance is identified by both its name and its instance number. You must select which instance you want to use with PATROL Central. The default is the default Web site.
Trimming Apache Web Server Log Files (Apache Only)
The Apache Web server log files can grow considerably over the course of time. For example, each image load request is logged. The installation installs a utility that truncates the log files for the Apache Web server while the Web server is running, so that they do not grow without limit. This utility can be run periodically as a job in the root crontab. You can choose the maximum log file size. The same maximum size is applied to each log file. The default value is 20MB.
BMC Software, Inc., Confidential and Proprietary Information
2-24
You can choose whether the installer automatically adds the job to the root crontab. If you chose to not add the job to the root crontab, you can add the job manually and adjust the job schedule. For more information, see Apache Web Server Logs on page A-12.
Installation Worksheets
Use these worksheets to record information for your installation.
Complete both the general worksheet and the worksheet for your Web
server.
Worksheet
General Worksheet Worksheet for IIS Web Server Worksheet for Apache Web Server Worksheet for Tomcat Standalone Web Server
Page
2-26 2-27 2-28 2-29
Tip
You can use the completed worksheets to determine if you need to use a Custom installation. For more information, see Choosing a Typical or Custom Installation on page 2-14.
2-25
Directories
Where do you want to install BMC Software products? The default is C:\Program Files\BMC Software (Windows) or /opt/bmc (Unix). What do you want to name the sub-directory for PATROL Central? The default is WebCentral (Windows) or webcentral (Unix).a
Security Information
What security level do you want to use? The default is basic.a basic level 1 level 2 level 3 level 4
RTserver Information
What is the name of the RTserver computer to use? The default is localhost. What is the port number for the RTserver to use? The default is 2059.
a
If you do not use the default, you must use a custom install.
2-26
IIS Ports
AJP 13 port The default is 8009.a HTTPS port The default is 443.a
a
If you do not use the default, you must use a custom install.
2-27
****
If you do not use the default, you must use a custom install.
2-28
Worksheet for Tomcat Standalone Web Server Tomcat User Name and Group
You will need the root login name and password (Unix only). Tomcat user name Tomcat user group (Unix only) ****
Tomcat Ports
HTTP port The default is 80.a HTTPS port The default is 443.a
****
If you do not use the default, you must use a custom install.
2-29
The following requirements must be met before you can run the installation: The computer must meet the requirements stated in System Requirements on page 2-10. If a PATROL Console Server, RTserver, or PATROL Agent are on the computer, they are stopped. You are logged on using an account in the Administrators group so that you can install software and modify user rights. All of the ports to be used by the Web server are available.
BMC Software recommends having PATROL Console Server and RTserver installed in your environment (not necessarily the same computer) before installing PATROL Central Operator.
2-30
The installation procedures for the IIS and Tomcat Web servers are slightly different.
Procedure
To Install PATROL Central Operator on Windows with IIS To Install PATROL Central Operator on Windows with the Tomcat Standalone Web Server
Page
2-31 2-40
Insert the product CD into the CD drive and run setup.exe. Then click Next to start the installation program. Review the license agreement. If you accept it, choose Accept. Then click Next.
Step 2
2-31
Step 3
On the Select Installation Option page, choose I want to install products on this computer now. Then click Next. For more information about creating an installable image, see the PATROL Installation Reference Manual.
2-32
Step 4
On the Select Type of Installation page, choose Typical or Custom as the installation type. Then click Next. For more information about the installation type, see Choosing a Typical or Custom Installation on page 2-14.
2-33
Step 5
On the Specify Installation Directory page, specify the location where you want to install BMC products. Then click Next. For more information about the installation directory, see Installation Directory on page 2-15.
2-34
Step 6
On the Select System Roles page, select Common Services as the system role. Then click Next.
2-35
Step 7
On the Select Products and Components to Install page, expand the PATROL Central - Web Edition folder and then select PATROL Central Console for Web and all Console Modules. If you chose the Custom installation, you can select individual components instead. For more information, see Installable Components on page 2-9.
Step 8
If you chose the Custom installation, on the Select Level of Security screen, select the level of security that you want to use. Then click Next. For more information, see PATROL Security Information on page 2-22.
2-36
Step 9
If you chose the Custom installation and selected Advanced security options, complete the security information. Then click Next. For more information, see PATROL Security Information on page 2-22.
Step 10
On the Select Web Server for Windows Platforms page, select Microsoft IIS. Then click Next.
Step 11
If you chose the Custom installation, specify the location where you want to install PATROL Central. Then click Next. For more information, see PATROL Central Sub-directory on page 2-22.
2-37
Step 12
On the Configure PATROL Central - Web Edition page, specify the name of the PATROL Console Server to be used as the security server. For more information, see the PATROL Console Server on page 2-16. Then click Next.
Step 13
If you chose the Custom installation, specify the shutdown port number the Tomcat servlet container. Also select whether you want to start the Tomcat servlet container as a service after the installation. Then click Next. For more information about the shutdown port number, see Tomcat Shutdown Port on page 2-23.
Step 14
If you chose the Custom installation, specify the AJP 13 port and the port that is used by Microsoft IIS for HTTPS connections. Then choose the the Web site instance to use. Then click Next. For more information, see Apache-Jakarta Protocol Version 13 Port (IIS and Apache Only) on page 2-23, IIS HTTPS Ports (IIS Only) on page 2-23, and IIS Web Site Instance (IIS Only) on page 2-24.
2-38
Step 15
On the RTSERVERS Variable Properties page, specify the RTserver to use. For more information, see RTserver on page 2-21.
Step 16
On the Review Selections and Install screen, review your product selections and configuration information. Click Back to make changes or click Start Install to complete the installation. Watch the Installation Status page to verify that the installation process completes successfully. When the installation is complete, click Next. On the SUCCESS page, if you want to review the installation log file, click View Log File. When you are done, click Finish.
Step 17
Step 18
2-39
To Install PATROL Central Operator on Windows with the Tomcat Standalone Web Server Note
It is recommended that the Tomcat standalone Web server not be used for production environments.
Step 1
Complete Step 1 through Step 9 of To Install PATROL Central Operator on Windows with IIS on page 2-31. On the Select Web Server for Windows Platforms page, select Jakarta Tomcat v4.0.1. Then click Next.
Step 2
Step 3
Continue with Step 11 on page 2-37 of To Install PATROL Central Operator on Unix with Apache through Step 13 on page 2-38.
2-40
Step 4
On the Configure PATROL Central - Web Edition for Tomcat Standalone page, specify the Tomcat user name. If you chose the Custom installation, also specify the port numbers for HTTP and HTTPS connections. Then click Next. For more information, see Web Server User Name and Group (Apache and Tomcat Only) on page 2-17 and Web Server HTTP and HTTPS Ports (Apache and Tomcat Only) on page 2-24.
2-41
Step 5
On the Configure PATROL Central - Web Edition Tomcat Certificate page, specify the self-signed certificate information. Then click Next. For more information, see Certificate Information (Apache and Tomcat Only) on page 2-20.
Step 6
Continue with Step 15 on page 2-39 of To Install PATROL Central Operator on Windows with IIS to the end of that procedure.
2-42
The following requirements must be met before you can run the installation: The computer must meet the requirements stated in System Requirements on page 2-10. You are logged on using the Web server account. For more information, see Web Server User Name and Group (Apache and Tomcat Only) on page 2-17. All of the ports to be used by the Web server are available.
BMC Software recommends having PATROL Console Server and RTserver installed in your environment (not necessarily the same computer) before installing PATROL Central Operator.
2-43
The installation procedures for the Apache and Tomcat Web servers are slightly different.
Procedure
To Install PATROL Central Operator on Unix with Apache To Install PATROL Central Operator on Unix with the Tomcat Standalone Web Server
Page
2-44 2-56
Insert the product CD into the CD drive, mount to the CD drive, and run setup.sh. Then click Next to start the installation program. Review the license agreement. If you accept it, choose Accept. Then click Next.
Step 2
2-44
Step 3
On the Select Installation Option page, choose I want to install products on this computer now. Then click Next. For more information about creating an installable image, see the PATROL Installation Reference Manual.
2-45
Step 4
Om the Select Type of Installation page, choose Typical or Custom as the installation type. Then click Next. For more information about the different types, see Choosing a Typical or Custom Installation on page 2-14.
2-46
Step 5
On the Specify Installation Directory page, specify the location where you want to install BMC Software products. Then click Next. For more information about the installation directory, see Installation Directory on page 2-15.
2-47
Step 6
On the Select System Roles page, select Common Services as the system role. Then click Next.
2-48
Step 7
On the Select Products and Components to Install page, expand the PATROL Central - Web Edition folder and then select PATROL Central Console for Web and all Console Modules. If you chose the Custom installation, you can select individual components instead. For more information, see Installable Components on page 2-9.
Step 8
If you chose the Custom installation, on the Select Level of Security screen, select the level of security that you want to use. Then click Next. For more information, see PATROL Security Information on page 2-22.
Step 9
If you chose the Custom installation and selected Advanced security options, complete the security information. Then click Next. For more information, see PATROL Security Information on page 2-22.
2-49
Step 10
If you chose the Custom installation, specify the sub-directory for PATROL Central. Then click Next. For more information about this directory, see PATROL Central Sub-directory on page 2-22.
Step 11
On the Select Web Server for Unix Platforms page, choose Apache v1.3.26 as the Web server. Then click Next.
2-50
Step 12
On the Provide the System Root Account Properties page, type the Root login name and password. Then click Next.
Note
If you chose the Custom installation, the pages for the Root login name and the PATROL Console Server are reversed. For more information, see Root Login and Password (Unix only) on page 2-15.
2-51
Step 13
On the Configure PATROL Central - Web Edition page, specify the name of the PATROL Console Server to be used as the security server. Then click Next. For more information about the installation directory, see PATROL Console Server on page 2-16.
Step 14
If you chose the Custom installation, specify the shutdown port number on which the Tomcat servlet container will listen for termination messages. For more information, see Tomcat Shutdown Port on page 2-23.
2-52
Step 15
On the Apache HTTP Server Parameters page, specify the port numbers for HTTP and HTTPS connections, and the Apache user name and group. Then click Next. For more information, see Web Server User Name and Group (Apache and Tomcat Only) on page 2-17 and Web Server HTTP and HTTPS Ports (Apache and Tomcat Only) on page 2-24.
Step 16
If you chose the Custom installation, specify if you want to automatically trim Apache log files and the maximum log file size. Then click Next. For more information, see Trimming Apache Web Server Log Files (Apache Only) on page 2-24.
Step 17
If you chose the Custom installation, specify the AJP 13 port. Then click Next. For more information, see Apache-Jakarta Protocol Version 13 Port (IIS and Apache Only) on page 2-23.
2-53
Step 18
On the Configure Apache Certificate page, specify the self-signed certificate information. Then click Next. For more information, see Certificate Information (Apache and Tomcat Only) on page 2-20.
2-54
Step 19
On the RTSERVERS Variable Properties page, specify the RTserver to use. Then click Next. For more information, see RTserver on page 2-21.
Step 20
On the Review Selections and Install page, review your product selections and configuration information. Click Back to make changes or click Start Install to complete the installation. Watch the Installation Status page to verify that the installation process completes successfully. When the installation is complete, click Next. On the SUCCESS page, if you want to review the installation log file, click View Log File. When you are done, click Finish.
Step 21
Step 22
2-55
To Install PATROL Central Operator on Unix with the Tomcat Standalone Web Server Note
It is recommended that the Tomcat standalone Web server not be used for production environments.
Step 1
Complete Step 1 through Step 10 of To Install PATROL Central Operator on Unix with Apache on page 2-44. On the Select Web Server for Unix Platforms page, choose Jakarta Tomcat v4.0.1. Then click Next.
Step 2
Step 3
Continue with Step 12 on page 2-51 of To Install PATROL Central Operator on Unix with Apache through Step 14 on page 2-52.
2-56
Step 4
On the Configure PATROL Central - Web Edition for Tomcat Standalone page, specify the Tomcat user name and group. If you chose the Custom installation, also specify the port numbers for HTTP and HTTPS connections. Then click Next. For more information, see Web Server User Name and Group (Apache and Tomcat Only) on page 2-17 and Web Server HTTP and HTTPS Ports (Apache and Tomcat Only) on page 2-24.
2-57
Step 5
On the Configure PATROL Central - Web Edition Tomcat Certificate page, specify the self-signed certificate information. Then click Next. For more information, see Certificate Information (Apache and Tomcat Only) on page 2-20.
Step 6
Continue with Step 19 on page 2-55 of To Install PATROL Central Operator on Unix with Apache to the end of that procedure.
2-58
Directory Structure
The following table describes the directories used by PATROL Central.
Directory
$BMC_ROOT $BMC_ROOT\common
Description
This directory is where BMC Software products are installed. This directory contains common components that are shared by multiple PATROL 7.x products, such as security files. This directory contains information about which components and products are installed. This directory contains files for uninstalling components and products. This directory is where PATROL Central is installed. This directory is where the Tomcat servlet container (and Tomcat Web server) are installed. This directory contains binary files. This directory contains log files. This directory contains configuration files. This directory contains configuration files.
Note
These directories refer to the webcentral sub-directory of $BMC_ROOT. By default, this directory is WebCentral on Windows, and webcentral on Unix. However, a different name for this directory could have been specified in the installation. For more information see, PATROL Central Sub-directory on page 2-22.
2-59
The PATROL Central Operator and PATROL Central Administration console modules also store data on the PATROL Console Server. For information about the PATROL Console Server, see the PATROL Console Server and RTserver Getting Started. To restore PATROL Central and the PATROL Central Operator and PATROL Central Administration console modules, reinstall them, and replace the backed-up versions of the datastore files.
Warning
When restoring PATROL Central and the PATROL Central Operator and PATROL Central Administration console modules, reinstall all of the console modules that were originally installed, and only those console modules. If you reinstall a different set of console modules, and then restore the datastore files, the PATROL Central Web page will not display the correct tabs. You can install or uninstall console modules after restoring the datastore files.
Tip
To make reinstalling easier, record the answers to installation questions on the installation worksheets. See Installation Worksheets on page 2-25. Also record any changes made to the startup configuration file. See Appendix C, Modifying Initialization Settings After Installation.
2-60
2-61
2-62
Configuring Your Environment for PATROL Central Operator and Running the Web Server
This chapter provides information for PATROL administrators about configuring the PATROL environment for PATROL Central Operator and starting programs, including the Web server. This chapter discusses the following topics: Setting Up User Accounts and Groups . . . . . . . . . . . . . . . . . . . . . . . 3-2 User Accounts and Groups on the PATROL Console Server . . . 3-2 User Accounts on Managed Systems . . . . . . . . . . . . . . . . . . . . . 3-4 General Guidelines for Setting Up User Accounts and Groups . 3-5 About PATROL Central Administration . . . . . . . . . . . . . . . . . . . 3-7 Starting PATROL Central Administration . . . . . . . . . . . . . . . . . 3-8 Starting Related Programs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-8 Starting and Stopping the RTserver . . . . . . . . . . . . . . . . . . . . . . 3-9 Starting the PATROL Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-11 Starting the PATROL Console Server . . . . . . . . . . . . . . . . . . . . . 3-13 Managing Services on Windows . . . . . . . . . . . . . . . . . . . . . . . . . 3-15 Starting and Stopping the Web Server . . . . . . . . . . . . . . . . . . . . . . . . 3-16 Starting and Stopping the Tomcat Servlet Container for the IIS Web Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-17 Starting and Stopping the Apache Web Server . . . . . . . . . . . . . . 3-18 Starting and Stopping the Tomcat Standalone Web Server . . . . 3-19 Verifying the Installation and Execution of the Web Server and Related Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-20
BMC Software, Inc., Confidential and Proprietary Information
Configuring Your Environment for PATROL Central Operator and Running the Web Server
3-1
Description
standard PATROL operators power operators operators who can only watch console objects standard PATROL administrators PATROL administrators who can configure security
3-2
Step 1
Add the account for each user of PATROL Central to the appropriate group on the default PATROL Console Server computer. If you are using additional PATROL Console Servers with PATROL Central Operator, also add the account for each user to the appropriate group on those PATROL Console Servers.
Tip
Step 2
Only the privileges and rights on the relevant PATROL Console Server are used. For example, a user who is a member of the patscadm group on only one PATROL Console Server can configure security on only that PATROL Console Server. When a user connects to the PATROL Console Server from a console, the user logs on with an operating system account. The PATROL Console Server uses the operating system account to identify the user, the groups that the user belongs to, and the PATROL privileges and rights that the user has. You set up user accounts and groups in the operating system for the PATROL Console Server. You change privileges and rights of groups or individual users by using PATROL Central Administration. For more information, see About PATROL Central Administration on page 3-7.
Configuring Your Environment for PATROL Central Operator and Running the Web Server
3-3
You set up user accounts in the operating system for each computer. You set up the impersonation table in the PATROL Console Server with PATROL Central Administration. For more information, see About PATROL Central Administration on page 3-7.
3-4
Configuring Your Environment for PATROL Central Operator and Running the Web Server
3-5
3. (Optional) In PATROL Central Administration, set up the impersonation table to provide alias accounts on the PATROL Console Server to accounts on the managed systems. If you do not set up the impersonation table, you will have to manually enter a username and password for each managed system as you add it and each time you log back in and reconnect.
Tip
If you use multiple PATROL Console Servers, set up the impersonation table on each PATROL Console Server separately. Only the impersonation table on the corresponding PATROL Console Server is used. For example, suppose a user logs on to PATROL Central with an account on the PATROL Console Server used by PATROL Central, then, in PATROL Central Operator, opens a management profile on a different PATROL Console Server. When the user tries to access a managed system in the management profile, the impersonation table on only the second PATROL Console Server is used.
3-6
For more information, see the PATROL Central Administration online Help.
Configuring Your Environment for PATROL Central Operator and Running the Web Server
3-7
You must be a member of the patscadm group on the PATROL Console Server.
To Start PATROL Central Administration Step 1
If you have not yet started the PATROL Central console infrastructure, start it. See Accessing PATROL Central on page 4-6.
Step 2
3-8
Note
For more information on starting the RTserver, see the PATROL Console Server and RTserver Getting Started.
Step 2
Configuring Your Environment for PATROL Central Operator and Running the Web Server
3-9
3-10
Note
For more information on starting the PATROL Agent, see the PATROL Agent Reference Manual. You must enable the PATROL Agent 3.5 to communicate with the RTserver before you can use PATROL Central Operator to monitor it. For more information, see PATROL Console Server and RTserver Getting Started.
Configuring Your Environment for PATROL Central Operator and Running the Web Server 3-11
Step 2
Step 2
Identify the process ID number of the PATROL Agent that you would like to shut down from the list. Type the following command, where process_ID_number is the process ID number of the PATROL Agent.
kill process_ID_number
Step 3
3-12
Note
For more information on starting PATROL Console Server, see the PATROL Console Server and RTserver Getting Started.
Step 2
Configuring Your Environment for PATROL Central Operator and Running the Web Server 3-13
3-14
For Windows NT, choose Start => Settings => Control Panel. Double-click the Services icon.
For Windows 2000, choose Start => Settings => Control Panel => Administrative Tools. Double-click the Services icon.
Open the Services dialog box. Select the name of the service. For Windows NT, click Start. For Windows 2000, choose Action => Properties, then click Start.
Open the Services dialog box. Look at the status of the service.
Configuring Your Environment for PATROL Central Operator and Running the Web Server 3-15
Open the Services dialog box. Select the name of the service. For Windows NT, click Stop. For Windows 2000, choose Action => Properties, then click Stop.
These procedures refers to the webcentral sub-directory of $BMC_ROOT. By default, this directory is WebCentral on Windows, and webcentral on Unix. However, a different name for this directory could have been specified in the installation. For more information see, PATROL Central Sub-directory on page 2-22.
3-16
Starting and Stopping the Tomcat Servlet Container for the IIS Web Server Summary:
You must start IIS and the Tomcat servlet container separately. By default, the Tomcat servlet container is started automatically as a service when it is installed. However you can also start it manually. This task describes how to start the Tomcat servlet container.
Note
For information on starting, stopping, and verifying the execution of IIS, see the documentation for that product.
Run %BMC_ROOT%\WebCentral\tomcat401\bin\pwcstart.bat.
Configuring Your Environment for PATROL Central Operator and Running the Web Server 3-17
To Start or Stop the Apache Web Server on Unix Step 1 Step 2 Step 3
Change to the root user. Change to the $BMC_ROOT/webcentral/bin directory. Enter the ./pwcctl command, followed by the appropriate command line option from the table below.
Option
start stop status
Description
This option starts the Web server. This option stops the Web server. This option checks the status of the ports used by the Web server.
3-18
Run %BMC_ROOT%\WebCentral\tomcat401\bin\pwcstart.bat.
To Start or Stop the Tomcat Web Server on Unix Step 1 Step 2
Change to the $BMC_ROOT/webcentral/bin directory. Enter the ./pwcctl command, followed by the appropriate command line option from the table below.
Option
start stop status
Description
This option starts the Web server. This option stops the Web server. This option checks the status of the ports used by the Web server.
Configuring Your Environment for PATROL Central Operator and Running the Web Server 3-19
Verifying the Installation and Execution of the Web Server and Related Components
You can verify that the Web Server, Tomcat servlet container, RTserver, and PATROL Console Server are running by viewing the URLs in the table below. In the URL to view, hostname is the name of the Web site. Typically, this is the name of the computer on which the Web server for PATROL Central is running. If the Web server is not using the default port for HTTP, include the port number in the URL. For example, if the Web server myserver is using port 8080, view the URL http://myserver:8080.
What to Verify
Is the Web server running? Is HTTPS active for the Web server? Is the Tomcat servlet container running? Are the RTserver and PATROL Console Server available?
URL to View
http://hostname https://hostname http://hostname/patrol
Comments
If the default page for the Web server is displayed, the Web server is running. If the default page for the Web server is displayed, HTTPS is active. If the PATROL Central page is displayed, the Tomcat servlet container is running. If the log on screen is displayed, the RTserver and PATROL Console Server are available.
3-20
See...
Chapter 4, Monitoring and Managing Your Enterprise with PATROL Central Operator Chapter 5, Using the PATROL 3.x and PATROL 7.x Consoles
Configuring Your Environment for PATROL Central Operator and Running the Web Server 3-21
3-22
This chapter contains information for monitoring and managing your enterprise with Web Edition of PATROL Central Operator. This chapter contains information for both users and administrators of PATROL Central Operator. This chapter discusses the following topics: Web Browser Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-2 Solaris OS Patches . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-3 About the Java Plugin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-3 About Installing or Accepting the Certificate . . . . . . . . . . . . . . . 4-5 Setting Up Your Monitoring Environment . . . . . . . . . . . . . . . . . . . . 4-5 Accessing PATROL Central . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-6 The PATROL Central Console Infrastructure . . . . . . . . . . . . . . . 4-7 Accessing PATROL Central Operator . . . . . . . . . . . . . . . . . . . . . 4-9 About Your Management Profile . . . . . . . . . . . . . . . . . . . . . . . . 4-11 Connecting to a PATROL Console Server and Selecting a Management Profile . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-12 Adding Managed Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-16 Loading PATROL KMs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-19 Where to Go From Here . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-22
4-1
Web Browser
Netscape 4.76a Netscape 4.77a (English only)
These versions of Netscape have been tested for limited compatibility and are considered tolerant of PATROL Central. However, you might experience stability and response time issues. These issues are most prominent during active sessions containing large numbers of managed systems, PATROL objects, or both.
The Web browser also must have the Java Plugin (JRE) version 1.3.1_04. See About the Java Plugin on page 4-3 for more information.
4-2
Solaris OS Patches
The latest patches for Solaris must also be installed, including the J2SE patch cluster for your version of Solaris. These patches can be retrieved from the Solaris maintenance Web site at http://sunsolve.sun.com.
Warning
The patches are necessary to address multiple problems that can range from subtle usage problems to crashes.
The Java Plugin must be installed on the client computer in order to use PATROL Central. On Windows, if the Java Plugin is not already installed on the client computer when you first access the PATROL Central Web site, PATROL Central will attempt to automatically download it from the Web server and install it. If it cannot be automatically downloaded, a page with a link for downloading it from the Web server is displayed. On Unix, if the Java Plugin is not installed, a page with a link for downloading it from the Web server is displayed.
Tip
If you must manually install the Java Plugin, click the link to download the Java Plugin and follow the instructions on the screen to ensure that you install the appropriate version for PATROL Central.
4-3
Some of your desktop applications might use a different version of the Java Plugin from the version used by PATROL Central, which can cause problems if each application does not use its corresponding version of the Java Plugin. For example, if an existing application uses an older version of the Java Plugin, you might experience problems with that application after you install the Java Plugin for PATROL Central. Similarly, if you later install an application that uses a different version of the Java Plugin from PATROL Central, you might experience problems with PATROL Central.
Avoiding Conflicts When Using Internet Explorer
To avoid these problems when using Internet Explorer, perform the following steps:
Step 1 Step 2 Step 3 Step 4 Step 5
From the Internet Explorer menu, choose Tools => Internet Options. Click the Advanced tab. Scroll to the Java (Sun) section. Clear the Use Java 2 v1.3.1_04 for <applet> (requires restart) check box. Click OK.
Avoiding Conflicts When Using Netscape on Unix
To avoid these problems when using Netscape on Unix, ensure that the $NPX_PLUGIN_PATH environment variable points to the location of the javaplugin.so file for the correct installation of the Java Plugin, before you access PATROL Central. For example, the correct version of the Java Plugin is installed in the /local/myuser/jre1.3.1_04 directory, the path would be /local/myuser/jre1.3.1_04/plugin/i386/ns4.
4-4
If you currently use the PATROL Console for Windows or the PATROL Console for Unix, see Chapter 5, Using the PATROL 3.x and PATROL 7.x Consoles for a list of differences between the classic consoles and PATROL Central Operator.
4-5
Start your Web browser application. In the Address or Location field, enter the following URL, where hostname is typically the name of the computer on which the Web server for PATROL Central is running.
http://hostname/patrol
If the Web server is not using the default port for HTTP, include the port number in the URL. For example, if the Web server myserver is using port 8080, view the URL http://myserver:8080. If the Java Plugin is not installed on the client computer, see About the Java Plugin on page 4-3 for more information. If the Web browser notifies you that it does not recognize the certificate for the Web server, see About Installing or Accepting the Certificate on page 4-5 for more information. You are prompted to log on to your security server.
Step 3
Type your user name and password for the security server and click OK. The home page for PATROL Central is displayed. See Figure 4-1 on page 4-8.
4-6
Description
The navigation area is located at the top of the PATROL Central interface. The navigation area is composed of the console module tabs, subtabs, and toolbar items. For each console module installed, one or more tabs, representing an area of functionality, are added to the navigation area. The list or tree view area is located on the left side of the PATROL Central interface. This area may display a list or tree view of objects. The results area is typically located on the right side of the PATROL Central interface. The results area displays information as you browse the tabs or select objects from the list or tree view area. The status area is located on the lower right corner of the PATROL Central interface. The status area provides information about your connection to PATROL Console Servers, RTservers, and system messages from PATROL Central Operator, as well as other console modules.
results area
status area
4-7
Figure 4-1 shows the default home page for PATROL Central.
Figure 4-1 The PATROL Central Home Page
Navigation Area
Status Area
4-8
You must have accessed PATROL Central and logged on to your security server. See page 4-6.
To Access PATROL Central Operator
4-9
Figure 4-2
If this is the first time that you have accessed PATROL Central Operator, the Open Management Profile wizard is displayed. The wizard will help you to connect to a PATROL Console Server, and to choose an existing or set up a new management profile. See Connecting to a PATROL Console Server and Selecting a Management Profile on page 4-12. The next time you access PATROL Central Operator, your last management profile will automatically be opened. At any time, you can navigate from within PATROL Central Operator back to the General Tasks page by clicking the General Tasks icon in the navigation area.
BMC Software, Inc., Confidential and Proprietary Information
4-10
PATROL Central Operator automatically saves changes to your management profile as you make them. You do not need to manually save changes to your management profile. Because management profiles are stored on the PATROL Console Server, you can access your management profile from any computer running PATROL Central Operator by connecting to the same PATROL Console Server.
Note
If you use the PATROL Console for Windows, the PATROL Console for Unix, or both, a management profile contains information similar to a desktop file. For more information, see Chapter 5, Using the PATROL 3.x and PATROL 7.x Consoles.
4-11
You must have performed the following tasks. 1. Accessed PATROL Central. See page 4-6. 2. Accessed the PATROL Central Operator General Tasks page. See page 4-9.
4-12
On the PATROL Central Operator General Tasks page, click Open Management Profile. The Console Server Service Name page of the Open Management Profile wizard is displayed.
4-13
Step 2
From the Service Name drop-down list, choose the PATROL Console Server to use. Then click Next. The Management Profile Name page of the Open Management Profile wizard is displayed.
Step 3
4-14
Step 4
Perform one of the following actions: Type a name for a new management profile and click Next. Select an existing management profile and click Next.
Note
If you select an existing management profile that is currently opened by another user, you can choose to open it as read-only. If you open it as read-only, you will not be able to make any changes, such as adding managed systems or loading KMs. For more information about read-only management profiles, see the PATROL Central Operator Web Edition online Help.
Step 5
Click Finish. PATROL Central Operator connects to the PATROL Console Server and opens the management profile.
4-15
You must have performed the following tasks. 1. Accessed PATROL Central. See page 4-6. 2. Accessed the PATROL Central Operator General Tasks page. See page 4-9. 3. Connected to the PATROL Console Server and select a management profile. See page 4-12.
4-16
On the PATROL Central Operator General Tasks page, click Add Managed Systems. The Selecting Managed Systems page of the Add Managed Systems wizard is displayed.
Tip
To select multiple managed systems, hold down the Ctrl key, and click each item you want to select. To select a range of managed systems, click the first one, then hold down the Shift key as you click the last one in the range. To select all managed systems, press Ctrl+a.
4-17
Step 2
From the list of discovered systems, choose the systems that you want to monitor. Then click Next.
Note
Depending on how user accounts are set up on the PATROL Console Server and the individual managed systems, you might be prompted for a username and password for some managed systems. For more information, see Setting Up User Accounts and Groups on page 3-2. A confirmation page is displayed.
Step 3
The managed systems are displayed in the tree view and added to your management profile.
4-18
You must have performed the following tasks. 1. Accessed PATROL Central. See page 4-6. 2. Accessed the PATROL Central Operator General Tasks page. See page 4-9. 3. Connected to the PATROL Console Server and select a management profile. See page 4-12. 4. Added the managed systems that you want to monitor. See page 4-16.
4-19
On the PATROL Central Operator General Tasks page, click Load Knowledge Modules. The Selecting Managed Systems page of the Loading Knowledge Modules wizard is displayed.
Step 2
From the list of available managed systems, select the managed systems on which to load PATROL KMs. Then click Next.
4-20
Step 3
Step 4
Select the PATROL KMs that you want to load. Then click Next. A confirmation message is displayed.
Step 5
Click Finish to close the wizard. Any PATROL KMs that were not already loaded on their respective managed systems are loaded. The PATROL KMs are displayed in the tree view area and added to your management profile.
4-21
See...
PATROL Central Operator Web Edition online Help PATROL Central Web Edition online Help PATROL Central Administration Web Edition online Help PATROL Fundamentals online Help Chapter 5, Using the PATROL 3.x and PATROL 7.x Consoles
4-22
5-1
Running Menu Commands and InfoBox Commands . . . . . . . . .5-10 Migrating Console Information from PATROL Console for Windows or PATROL Console for Unix . . . . . . . . . . . . . . . . . . . . .5-10
You can use both PATROL 3.x consoles and PATROL 7.x consoles in your PATROL environment.
KM Compatibility
A PATROL 7.x console is compatible with currently supported KMs. You can continue to use the same KMs that you used with a PATROL 3.x console. However, if a KM requires files (such as Help, icons or executables) on the PATROL Console Server or the console, features that use those files will not work until the files are installed in the appropriate locations. Local menu commands also are disabled in the Web Edition of PATROL Central Operator, unlike in Windows Edition.
5-2
Developer Functionality
The PATROL 7.x architecture currently has no console with KM developer functionality. In order to develop new KMs or change existing ones, you should continue using PATROL Console for Windows or PATROL Console for Unix.
Differences Between PATROL Console for Windows or PATROL Console for Unix and PATROL Central Operator
This section describes the primary differences between PATROL Console for Windows or PATROL Console for Unix (PATROL 3.x architecture) and PATROL Central Operator (PATROL 7.x architecture). Many of the differences come from differences between the PATROL 3.x and the PATROL 7.x architectures. For a description of the PATROL architecture, see the PATROL Fundamentals online Help.
Difference
Communications with Managed Systems Session and Desktop Files Versus Management Profiles Terminology User Administration User Names and Passwords for Managed Systems Computer Name and Port Number Versus Managed System Name Event Types Customizations Versus Overrides State Change Actions KM Version Arbitration Chart History Location of Task Icons
Page
5-4 5-4 5-5 5-5 5-6 5-6 5-7 5-7 5-7 5-8 5-8 5-9
5-3
Difference
KMs in the PATROL Object Namespace Running Menu Commands and InfoBox Commands
Page
5-9 5-10
5-4
Terminology
The following table lists terms that are different in PATROL 3.x and PATROL 7.x consoles.
PATROL Console for Windows and PATROL Console for Unix Term
agent, host
Comments
A managed system is a computer that is running the PATROL Agent software. This change corresponds to the change from agent to managed system. The alarm state in the PATROL 3.x architecture is the critical state in the PATROL 7.x architecture. However, the term alarm is still used when referring to undesirable situations without indicating a specific object state, as in alarm ranges, snoozing an alarm, or responding to an alarm.
agent query
alarm (state)
critical (state)
User Administration
For PATROL Console for Windows and PATROL Console for Unix, a users access to functionality is controlled by the patrol.conf and ptrlroles.txt files and by the ptrldev and patroldev groups, as well as by the mode of the console (developer or operator). For PATROL Central Operator, a users access to functionality is controlled by privileges and rights set for groups and users in PATROL Central Administration.
5-5
5-6
Event Types
The following table lists the event types in PATROL Console for Windows and PATROL Console for Unix and the equivalent event types in PATROL Central Operator.
PATROL Console for Windows and PATROL Console for Unix Event Type
info state change error warning alarm
warning critical
5-7
In PATROL 7.x architecture, state change actions are stored in the management profile. You must use the Windows Edition of PATROL Central Operator to define state change actions. When a management profile is open in the Web Edition of PATROL Central Operator, only state change actions that are defined to execute on the PATROL Console Server are executed. State change actions that are defined to execute on the console computer are ignored. For more information about state change actions, see the PATROL Central Operator Microsoft Windows Edition online Help.
KM Version Arbitration
In PATROL 3.x architecture, KMs are stored on both the managed system running the PATROL Agent and on the console computer. How the PATROL Agent and PATROL Console reconcile different versions of a single KM is called KM version arbitration. For specific information on KM version arbitration, see PATROL Console for Unix User Guide or PATROL Console for Microsoft Windows User Guide, Volume 1. In PATROL 7.x architecture, KM related files that are installed on the console computer are not versioned. Therefore, PATROL Central Operator does not take part in KM version arbitration.
Chart History
In PATROL Console for Windows and PATROL Console for Unix, history is shown in a separate window from the main chart. In PATROL Central Operator, history is shown in the same window as the chart. You do not have to open a separate window to view historical data. The title of the chart displays the current history range.
5-8
5-9
Migrating Console Information from PATROL Console for Windows or PATROL Console for Unix
You can migrate console information from PATROL Console for Windows and PATROL Console for Unix to a management profile for PATROL Central Operator. You must use the Windows Edition of PATROL Central Operator to migrate console information. After you migrate the console information to a management profile, you can then use the management profile with the Web Edition of PATROL Central Operator. See the PATROL Central Operator- Microsoft Windows Edition Gettng Started for more information about how to migrate console information.
5-10
This appendix provides troubleshooting information on installing and configuring PATROL Central Operator. For more troubleshooting information, see the PATROL Central Operator Web Edition online Help, PATROL Console Server and RTserver Getting Started, and PATROL Installation Reference Manual. This appendix discusses the following topics: Common Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . The Web Server Will Not Start . . . . . . . . . . . . . . . . . . . . . . . . . On Solaris, the Web Server Dies at Startup . . . . . . . . . . . . . . . The PATROL Central Web Page Is Not Available . . . . . . . . . . The RTserver or PATROL Console Server Is Not Responding Users Cannot Log on . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Users Cannot Add a Managed System . . . . . . . . . . . . . . . . . . . Users are Prompted to Log on to a Managed System . . . . . . . . No Online Help Exists for a Specific KM . . . . . . . . . . . . . . . . PATROL Central Does Not Prompt for Password in Attended Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Users Are Told to Accept the Certificate, But Are Never Allowed To Do So . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Gathering Troubleshooting Information . . . . . . . . . . . . . . . . . . . . . Installation Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Web Server Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Client Logs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
BMC Software, Inc., Confidential and Proprietary Information
A-2 A-3 A-3 A-4 A-5 A-6 A-8 A-9 A-9 A-10 A-10 A-11 A-11 A-12 A-16
A-1
Checking Which PATROL Central Ports Are In Use on Unix . A-17 Obtaining Version, System and Contact Information . . . . . . . . A-18 Dealing with Web Server Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . A-19
Common Problems
This section contains troubleshooting information for the following common problems.
Problem Type
The Web Server Will Not Start On Solaris, the Web Server Dies at Startup The PATROL Central Web Page Is Not Available The RTserver or PATROL Console Server Is Not Responding Users Cannot Log on Users Cannot Add a Managed System Users are Prompted to Log on to a Managed System No Online Help Exists for a Specific KM PATROL Central Does Not Prompt for Password in Attended Mode Users Are Told to Accept the Certificate, But Are Never Allowed To Do So
Page
A-3 A-3 A-4 A-5 A-6 A-8 A-9 A-9 A-10 A-10
A-2
Problem:
Some of the required ports are not available. For example, if you have just stopped the Web server, it might not have released the ports yet. Make sure that no processes are using the ports. See Checking Which PATROL Central Ports Are In Use on Unix on page A-17. If you just stopped the Web server, wait for it to release the ports.
Solution:
Problem:
The Tomcat servlet container or Tomcat Web server was terminated incorrectly or ran out of disk space, causing files in the WEB-INF directory to be set to zero length. Copy the files from the
$BMC_ROOT\webcentral\tomcat401\webapps\patrol\WEB-INF\backup
Solution:
directory to the
$BMC_ROOT\webcentral\tomcat401\webapps\patrol\WEB-INF directory.
Problem: Solution:
The latest Solaris patches are not applied. Apply the latest patches for Solaris. See Solaris OS Patches on page 2-11.
A-3
Problem: Solution:
The Web server is not running. Start the Web server (IIS, Apache, or Tomcat standalone). For IIS, you must also start the Tomcat servlet container separately. For more information see Starting and Stopping the Web Server on page 3-16.
Problem: Solution:
The Web server is using a different port from the default. Inform users to include the port number in the URL. For example, if the Web server myserver is using port 8080, view the URL http://myserver:8080.
Problem: Solution:
On IIS, the security certificate is not properly installed or it has expired. Install a valid security certificate. For more information, see Certificate Information (IIS Only) on page 2-18.
A-4
Problem: Solution:
The RTserver or PATROL Console Server is not running. Make sure that the RTserver and PATROL Console Server are running. For more information, see the PATROL Console Server and RTserver Getting Started. If you must start the RTserver, wait for PATROL Central to recognize that the RTserver has been started.
Problem:
PATROL Central might not be using the correct RTserver or PATROL Console Server. Make sure that PATROL Central is using the correct RTserver and PATROL Console Server and that their names are type correctly. Note that the name of the PATROL Console Server might not match the host name. For more information, see the AppendixC, Modifying Initialization Settings After Installation.
Solution:
Problem:
PATROL Central might be using a different RTserver from the PATROL Console Server. Make sure that PATROL Central and PATROL Console Server are using the same RTserver. For more information, see AppendixC, Modifying Initialization Settings After Installation and PATROL Console Server and RTserver Getting Started.
Solution:
A-5
Problem: Solution:
The PATROL Console Server might not be available on the network. To determine if the PATROL Console Server computer is available on the network, ping the host name of the computer. Note that the name of the PATROL Console Server is its host name by default; however, a different name can be specified when starting the PATROL Console Server. Also ensure that the RTserver computer and the PATROL Console Server computer can both reach each other on the network.
Problem: Solution:
The RTserver might not be available on the network. To determine if the RTserver is available on the network, telnet to the RTserver on the appropriate port. Also ensure that the RTserver computer and the Web server computer can both reach each other on the network.
Problem: Solution:
HTTPS is not active. Make sure that HTTPS is active by trying to access https://hostname:port, where hostname is the name of the server, and port is its HTTPS port. If you are using IIS, make sure that PATROL Central is using the correct HTTPS port for IIS. For more information about setting the HTTPS port, see the AppendixC, Modifying Initialization Settings After Installation.
A-6
Problem: Solution:
The user did not accept the certificate for the Web server. Inform the user to restart the Web browser and accept the certificate when accessing the PATROL Central Web site.
Problem:
The PATROL Console Server is too busy processing requests from other computers to process your log on request. (You get the Failed to log on to Console Server. Operation Timed Out error message.) Inform users to try to log on again.
Solution:
Problem: Solution:
The user might be using an incorrect user name or password. Inform the user to use a user name and password for an operating system account on the PATROL Console Server.
Problem: Solution:
The user might not have the necessary privileges. Grant the necessary privileges to the user by placing the user account in the appropriate group on the PATROL Console Server.
A-7
Problem:
The PATROL Agent software on the managed system might not be running, or it might not be using the correct RTserver. Make sure the PATROL Agent software is running on the managed system and using the correct host name and port number for the RTserver. For more information, see the PATROL Agent Reference Manual and PATROL Console Server and RTserver Getting Started.
Solution:
Problem:
The PATROL Agent software on the managed system might be a version previous to version 3.5. Make sure the PATROL Agent software is at least version 3.5. For more information, see the PATROL Agent Reference Manual.
Solution:
Problem: Solution:
The management profile might be read-only. Inform the user to use a management profile that is not read-only.
Problem: Solution:
The user might not have the necessary privileges. Grant the necessary privileges to the user by placing the user account in the appropriate group on the PATROL Console Server.
A-8
Problem: Solution:
The managed system does not recognize the user as a valid user. Set up the impersonation table for the user in PATROL Central Administration. The user can also log on to the managed system with an account on that system.
Problem:
The online Help for that KM is not installed with PATROL Central Operator. Make sure you install the appropriate online Help with the PATROL Central Operator whenever you install a new KM on a managed system.
Solution:
Problem: Solution:
A-9
Problem:
On Unix, at security level 4, attended mode, PATROL Central does not prompt for the keystore location or password when it is started. The startup script uses su - to pass the Tomcat users environment to the Tomcat process. This includes the X11 variables necessary to display a dialog box. Set your default shell, as specified in etc/passwd, to /bin/sh. If you use a different shell, such as ksh or bash, the environment is not passed so X11 is not available to the Tomcat process.
Solution:
Users Are Told to Accept the Certificate, But Are Never Allowed To Do So
Problem:
On Netscape, after a user permanently accepted the certificate for the Web site in a previous session, you re-installed the certificate on the Web server or installed a new certificate. Inform the user to delete the certificate from the browser, then reconnect to the PATROL Central Web site.
Solution:
A-10
Installation Logs
One log file is created each time the installer is run. The name of the log file is a combination of the computer name and a time stamp. The location of the file depends on the operating system. On Windows 2000, the log file is saved to the
Document and Settings\username\Application Data\BMCINSTALL\
For example, the log file for user auser on a Windows NT computer ACOMPUTER could be
C:\WINNT\Profiles\auser\Application Data\BMCinstall\ACOMPUTER_11005340189.log.
A-11
This section refers to the webcentral sub-directory of $BMC_ROOT. By default, this directory is WebCentral on Windows, and webcentral on Unix. However, a different name for this directory could have been specified in the installation. For more information see, PATROL Central Sub-directory on page 2-22.
The IIS Web server maintains log files and also places messages in the Windows Event log. The logs for IIS are located in the system_dir\LogFiles\w3svcl\ directory. These logs are most useful for monitoring HTTP requests.
Apache Web Server Logs
The Apache Web server maintains the log files in the $bmc root/common/apache/apache.1.3.26/OS/logs/ directory. The error_log file contains information about port conflicts and startup problems. The Apache Web server log files can grow considerably over the course of time. For example, each image load request is logged. The installation installs a utility to truncate the log files for the Apache Web server while the Web server is running, so that they do not grow without limit. The utility consists of the following files: the /etc/patrol.d/apache/bmctrimlog executable utility the /etc/patrol.d/apache/bmctrimlog.conf text configuration file
A-12
This utility can be run periodically as a job in the root crontab. If you chose to automatically add the job to the root crontab in the installation, the following line is added, which runs the utility every hour on the half-hour.
30 * * * * /etc/patrol.d/apache/bmctrimlog
If you chose to not add the job to the root crontab, you can add the job manually and adjust the job schedule. For more information about cron and crontab, see the man pages for them for your system. To fine-tune the log file management edit the bmctrimlog.conf file. For example, you can set different maximum sizes for each log file. See the comments in the configuration file for more information.
A-13
The following logs in the $BMC_ROOT/webcentral/tomcat401/logs directory reflect the state of the Tomcat servlet container and its integration with the Web server.
Web Server
all all all IIS Apache Apache and Tomcat standalone (Unix) IIS and Tomcat Standalone (Windows) IIS and Tomcat Standalone (Windows)
a
File
localhost_log.year-month -date.txta localhost_examples_log. year-month-date.txta localhost_access_log.ye ar-month-date.txta isapi.log mod_jk.log jvm.stdout
Description
standard output log file for Tomcat Web server example Web applications log file access log file for Tomcat Web server This file contains messages created by the Apache Jakarta Protocol 13 (AJP13) ISAPI filter. This file contains messages created by the Apache Jakarta Protocol 13 (AJP13) Apache module. This file contains the standard output of the Tomcat java process. It is usually the most useful log to look at initially. This file contains the Tomcat java process standard output messages when Tomcat is run as a service. If Tomcat is run from a command window, all output is sent to that window. This file contains the Tomcat java process standard error output messages when Tomcat is run as a service. If Tomcat is run from a command window, all output is sent to that window.
stdout.log
stderr.log
The level of verbosity in these logs is controlled by settings in the $BMC_ROOT/webcentral/tomcat401/conf/server.xml file
A-14
Description
log file for jcosjni These files are error log files for PATROL Central. The log pwc1.log is always the most recent.
The level of verbosity in these logs is controlled by the $BMC_ROOT/webcentral/tomcat401/webapps/patrol/WEB-INF/globalDe bug.cfg file.
On Windows, if you run the Tomcat Web server as a service, it also places messages into the Windows Event log.
A-15
Client Logs
The location of client logs depends on the platform of the client.
Windows Client Logs
On Windows, the Java Plugin also has its own error messages and trace file. To view error messages related to the Java Plugin, double-click the java console icon in the system tray. The location of the Java Plugin trace file depends on the operating system. On Windows 2000, the Java Plugin trace file is saved to the Document and Settings\username\plugin131_04.trace file. On Windows NT, the Java Plugin log file is saved to the Winnt\Profiles\username\plugin131_04.trace file.
On Unix, the Java Plugin trace log contains trace output from the plugin. It is contained in the home directory of the user. The typical file name is plugin131_04.trace.
A-16
Step 1 Step 2
Change to the root user. In a command window, change to the $BMC_ROOT/webcentral/bin directory. Enter the following command:
./pwcctl status
Step 3
A-17
Start your Web browser and log on to PATROL Central. In the navigation area, click the Home tab, then the About sub-tab. Click one of the following links in the list area: Version Information System Information Contact Information
A-18
Documentation
See the IIS documentation. See the following: the Apache documentation installed with Apache at http://hostname:port/manual, where hostname is the name of the server, and port is its HTTP port. the Apache HTTP Server Web site at http://httpd.apache.org. See the following the Tomcat documentation installed with Tomcat at http://hostname:port/tomcat-docs, where hostname is the name of the server, and port is its HTTP port. the Jakarta Project Web site at http://jakarta.apache.org/tomcat.
Tomcat standalone
Note
The documentation for the Web server and the documentation for PATROL Central differ in some areas. For example, in how you start the Web server. In these cases, follow the documentation for PATROL Central.
A-19
A-20
Historically, Web servers have been vulnerable to back-door attacks. Unusual URLs, combined with weaknesses in the handling of them, may allow unauthorized users to execute commands on behalf of the Web server account. This section discusses optional tasks that you can do to minimize potential damage. About Limiting the Web Server Account . . . . . . . . . . . . . . . . . . . . .B-2 About Locking Down Files and Directories . . . . . . . . . . . . . . . . . . .B-2 How Locking Down Files and Directories Works . . . . . . . . . . .B-2 When to Lock and Unlock Files and Directories . . . . . . . . . . . .B-3 Locking and Unlocking Files and Directories . . . . . . . . . . . . . .B-4 About the Keystore Password and Self-signed Certificate for the Apache Web Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .B-6 About the Keystore Password and the Apache Policy File . . . . .B-6 Replacing the Self-signed Certificate . . . . . . . . . . . . . . . . . . . . .B-7 About Attended and Unattended Modes for the Apache Web Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .B-7
B-1
B-2
B-3
The Web server and Tomcat servlet container are not running. For Apache, and Tomcat standalone, stopping the Web server also stops the Tomcat servlet container.
Note
These procedures refer to the webcentral sub-directory of $BMC_ROOT. By default, this directory is WebCentral on Windows, and webcentral on Unix. However, a different name for this directory could have been specified in the installation. For more information see, PATROL Central Sub-directory on page 2-22.
Locking and Unlocking Files and Directories for Apache on Unix Step 1 Step 2
Step 3
Step 4
Continue with the instructions for locking and unlocking files and directories for Tomcat on Unix to lock or unlock the files and directories for the Tomcat servlet container.
B-4
Locking and Unlocking Files and Directories for Tomcat on Unix Step 1 Step 2 Step 3
Change to the root account. Change to the $BMC_ROOT/webcentral/install directory. Enter the appropriate command:
./lock.sh root web_server_account $BMC_ROOT/webcentral ./unlock.sh web_server_account $BMC_ROOT/webcentral
Locking and Unlocking Files and Directories on Windows (IIS and Tomcat Standalone) Step 1 Step 2
Log on using an administrator account. In a command window, change to the %BMC_ROOT%/WebCentral/install directory. Enter the appropriate command:
lock.bat %BMC_ROOT%/WebCentral IIS_anonymous_user_account Tomcat_startup_account
Step 3
If you are using IIS, IIS_anonymous_user_account is typically IUSER_machine_name. If you are using Tomcat standalone Web server, this is the same as the Tomcat_startup_account. Tomcat_startup_account is the account used to manually start the Tomcat Web server or Tomcat servlet container. If you are running Tomcat as a service, instead of manually, you can omit this account.
unlock.bat %BMC_ROOT%/WebCentral install_account Note
This procedure does not lock down IIS specific files. See the documentation for IIS for more information about locking down those files.
B-5
About the Keystore Password and Self-signed Certificate for the Apache Web Server
This section discusses how the keystore password is saved and the implications of this implementation.
Apache operates outside the PATROL Security context. The Apache.plc policy file is used only to store and retrieve the keystore password. Other information stored in the file is not used. For more information about policy files, see the PATROL Security User Guide. If you obtain a new certificate from a certificate authority, you might also have to generate a new private key and keystore. If the new keystore is protected by a different password from the one specified in the installation, you must also update the Apache policy file.
B-6
Step 1 Step 2
If the certificate uses a private key with a different password from the previous keystore password, use the plc_password utility to update the password for the Apache.plc policy file to the new password.
Note
About Attended and Unattended Modes for the Apache Web Server
By default, Apache runs in unattended mode. It automatically retrieves the keystore password from the Apache policy file. However you can configure it for attended mode. In attended mode, an administrator must manually enter to the keystore password when starting Apache, and the Apache policy file is no longer used. The keystore password for starting Apache is specified in the installation. It is not the default password specified in the PATROL Security User Guide.
B-7
To convert Apache to attended mode, use the SSLPassPhraseDialog directive in the httpd.conf file. For more information, see the SSL documentation included with the Apache documentation at http://hostname:port/manual/mod/mod_ssl, where hostname is the name of the server, and port is its HTTP port. Do not use the plc_password utility that is documented in the PATROL Security User Guide to switch Apache to unattended or attended mode. That method does not apply to starting the Apache Web server.
B-8
C-1
This path refers to the webcentral sub-directory of $BMC_ROOT. By default, this directory is WebCentral on Windows, and webcentral on Unix. However, a different name for this directory could have been specified in the installation. For more information see, PATROL Central Sub-directory on page 2-22.
You must restart the Tomcat servlet container for any changes to the startup configuration file to take effect. For the Apache and Tomcat standalone servers, this also involves restarting the Web server.
C-2
Description
This entry specifies the RTserver to use. For more information, see RTserver on page 2-21. This entry specifies the PATROL Console Server that is used as a security server for PATROL Central. For more information, see PATROL Console Server on page 2-16. This entry specifies the HTTPS port for the Web server. For more information, see Web Server HTTP and HTTPS Ports (Apache and Tomcat Only) on page 2-24 or IIS HTTPS Ports (IIS Only) on page 2-23.
httpsPort
Tip
If you used the installation worksheets (See Installation Worksheets on page 2-25), record any changes to these entries on the worksheets.
Warning
Do not modify any other settings in the startup configuration file. They are for use by BMC Software technical support only.
C-3
C-4
Environment Variables
This appendix lists the environment variables used by PATROL Central Operator. The values of these variables are assigned at installation.
Environment Variable
BMC_ROOT PATROL_ROOT
Environment Variables
D-1
D-2
Index
Index
A
agent query 5-5 AJP v13 port 2-23 alarm ranges 5-7 alarm state, vs. critical state 5-5 aliases 3-4 Apache Web server considerations 2-4 execution of 3-18 installation worksheet 2-28 logs A-12 user name and group 2-17 specifying info for Apache Web server 2-20 specifying info for Tomcat standalone Web servers 2-20 chart history 5-8 compatibility KMs and PATROL Central Operator 5-2 PATROL Agent 5-2 console information, migrating 5-10 console infrastructure 1-3 console migration 5-10 console module 1-3 consoles 5-1 critical state vs. alarm state 5-5 custom installation 2-14 custom views 1-3 customizations, vs. overrides 5-7
C
certificate about 2-6 accepting or installing in Web browser 4-5 considerations for Apache Web server 2-4 considerations for IIS Web server 2-3 considerations for Tomcat standalone Web server 2-5 obtaining for IIS Web server 2-18
BMC Software, Inc., Confidential and Proprietary Information
D
developer functionality 5-3 diagram, PATROL architecture 1-5 directory structure 2-59 documentation manuals, availability 1-8 related 1-6
Index
E
environment variables %BMC_ROOT% D-1 %PATROL_ROOT% D-1
specifying for Apache Web server 2-24 specifying for IIS Web server 2-23 specifying for Tomcat standalone Web server 2-24
I
IIS Web server considerations 2-3 installation worksheet 2-27 logs A-12 Web site instance 2-24 impersonation 3-4 InfoBox commands 5-10 installation 2-1 about custom path 2-14 about typical path 2-14 components 2-9 directory 2-15 logs A-11 procedure for Unix 2-43 procedure for Windows 2-30 required information for custom path 2-22 required information for typical path 2-15 worksheets 2-25
F
features of PATROL Central Operator 1-2 firewalls 2-7
G
groups Apache Web server group 2-17 general guidelines for PATROL Console Server 3-5 PATROL Console Server and managed systems 3-2 setting up on for PATROL Console Server 3-2 Tomcat standalone Web server group 2-17
H
Help accessing 1-7 installing for KMs 2-22 HTTP port specifying for Apache Web server 2-24 specifying for Tomcat standalone Web server 2-24 HTTPS port changing C-3
J
Java Plugin 4-3
K
KMs console compatibility 5-2 Help files 2-22 loading 4-19
BMC Software, Inc., Confidential and Proprietary Information
L
locking down files and directories about B-2 procedure B-4
M
managed system query 5-5 managed systems adding 4-16 aliases and impersonation 3-4 architecture 1-4 name 5-6 term 5-5 user accounts 3-4 management profiles about 4-11 selecting 4-12 vs. desktop files 5-4 manuals, availability 1-8 menu commands 5-10 monitoring with PATROL Central Operator 4-1
O
overrides vs. customizations 5-7
P
patadm group 3-2 patop group 3-2 patpop group 3-2 PATROL 7.x environment 2-2 PATROL Agent execution on Windows 3-11 managed system vs. 5-5
BMC Software, Inc., Confidential and Proprietary Information
starting on Unix 3-11 stopping on Unix 3-12 verifying execution on Unix 3-12 PATROL architecture, diagram of 1-5 PATROL Central accessing 4-6 interface 4-7 main window 4-8 PATROL Central Operator vs. 1-3 PATROL Central Administration about 3-7 starting 3-8 when to use 3-7 PATROL Central Operator accessing 4-9 architecture diagram 1-5 configuring environment for 3-1 features 1-2 installing 2-1 management profile 4-11 monitoring with 4-1 PATROL and 1-4 PATROL Central vs. 1-3 system requirements 2-10 troubleshooting A-1 PATROL Central sub-directory 2-22 PATROL Console Server about 2-16 architecture 1-4 changing PATROL Central security server C-3 connecting to 4-12 execution on Windows 3-13 impersonation table 3-4 PATROL Central security server 2-16 starting on Unix 3-13 stopping on Unix 3-14 user accounts and groups 3-2 verifying execution on Unix 3-13 PATROL security information 2-22
Index
patscadm group 3-2 patwatch group 3-2 ports AJP v13 2-23 checking use of A-17 HTTP and HTTPS (Apache and Tomcat standalone Web servers) 2-24 HTTPS (IIS Web server) 2-23 managed systems 5-6 Tomcat shutdown 2-23 privileges and rights 3-2 problems, common A-2
R
release notes, availability 1-8 RTserver architecture 1-4 changing C-3 execution on Windows 3-9 specifying 2-21 starting on Unix 3-9 stopping on Unix 3-10 verifying execution on Unix 3-9
test URLs 3-20 Tomcat servlet container execution on Windows 3-17 logs A-14 Tomcat shutdown port 2-23 Tomcat standalone Web server considerations 2-5 installation worksheet 2-29 logs A-14 Web server user name and group 2-17 Tomcat Web server execution of 3-19 troubleshooting A-1 typical installation 2-14
U
URLs test 3-20 user accounts Apache Web server account 2-17 general guidelines for PATROL Console Server and managed systems 3-5 setting up on for PATROL Console Server and managed systems 3-2 Tomcat standalone Web server account 2-17
S
security enhancing for Web server B-1 Web server B-1 startup configuration file C-2 startup.cfg C-2 state change actions 5-7 system requirements 2-10
W
Web browser logs A-16 requirements 4-2 Web server Apache 2-4 choices 2-3 IIS 2-3 log files A-12
BMC Software, Inc., Confidential and Proprietary Information
T
terminology 5-5
Tomcat standalone 2-5 verifying execution of 3-20 Web server security enhancing B-1 Web server user name and group 2-17 webcentral directory 2-22 worksheets Apache Web server 2-28 general 2-26 IIS Web server 2-27 installation 2-25 Tomcat standalone Web server 2-29
Index
TRIAL LICENSE. If, as part of the ordering process, the Product is provided on a trial basis, then these terms apply: (i) this license consists solely of a non-exclusive, non-transferable evaluation license to operate the Software for the period of time specified from BMC or, if not specified, a 30 day time period ("Trial Period") only for evaluating whether You desire to acquire a capacity-based license to the Product for a fee; and (ii) Your use of the Product is on an AS IS basis without any warranty, and BMC, ITS AFFILIATES AND RESELLERS, AND LICENSORS DISCLAIM ANY AND ALL WARRANTIES (INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT) AND HAVE NO LIABILITY WHATSOEVER RESULTING FROM THE USE OF THIS PRODUCT UNDER THIS TRIAL LICENSE ("Trial License"). BMC may terminate for its convenience a Trial License upon notice to You. When the Trial Period ends, Your right to use this Product automatically expires. If You want to continue Your use of the Product beyond the Trial Period, contact BMC to acquire a capacity-based license to the Product for a fee. TERMINATION. This Agreement shall immediately terminate if You breach any of its terms. Upon termination, for any reason, You must uninstall the Software, and either certify the destruction of the Product or return it to BMC. OWNERSHIP OF THE PRODUCT. BMC or its Affiliates or licensors retain all right, title and interest to and in the BMC Product and all intellectual property, informational, industrial property and proprietary rights therein. BMC neither grants nor otherwise transfers any rights of ownership in the BMC Product to You. BMC Products are protected by applicable copyright, trade secret, and industrial and intellectual property laws. BMC reserves any rights not expressly granted to You herein. CONFIDENTIAL AND PROPRIETARY INFORMATION. The BMC Products are and contain valuable confidential information of BMC ("Confidential Information"). Confidential Information means non-public technical and non-technical information relating to the BMC Products and Support, including, without limitation, trade secret and proprietary information, and the structure and organization of the Software. You may not disclose the Confidential Information to third parties. You agree to use all reasonable efforts to prevent the unauthorized use, copying, publication or dissemination of the Product. WARRANTY. Except for a Trial License, BMC warrants that the Software will perform in substantial accordance with the Documentation for a period of one year from the date of the order. This warranty shall not apply to any problems caused by software or hardware not supplied by BMC or to any misuse of the Software. EXCLUSIVE REMEDY. BMCs entire liability, and Your exclusive remedy, for any defect in the Software during the warranty period or breach of the warranty above shall be limited to the following: BMC shall use reasonable efforts to remedy defects covered by the warranty or replace the defective Software within a reasonable period of time, or if BMC cannot remedy or replace such defective copy of the Software, then BMC shall refund the amount paid by You for the License for that Software. BMCs obligations in this section are conditioned upon Your providing BMC prompt access to the affected Software and full cooperation in resolving the claim. DISCLAIMER. EXCEPT FOR THE EXPRESS WARRANTIES ABOVE, THE PRODUCT IS PROVIDED "AS IS." BMC, ITS AFFILIATES AND LICENSORS SPECIFICALLY DISCLAIM ALL OTHER WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT. BMC DOES NOT WARRANT THAT THE OPERATION OF THE SOFTWARE WILL BE UNINTERRUPTED OR ERROR FREE, OR THAT ALL DEFECTS CAN BE CORRECTED. DISCLAIMER OF DAMAGES. IN NO EVENT IS BMC, ITS AFFILIATES OR LICENSORS LIABLE FOR ANY SPECIAL, INDIRECT, INCIDENTAL, PUNITIVE OR CONSEQUENTIAL DAMAGES RELATING TO OR ARISING OUT OF THIS AGREEMENT, SUPPORT, AND/OR THE PRODUCT (INCLUDING, WITHOUT LIMITATION, LOST PROFITS, LOST COMPUTER USAGE TIME, AND DAMAGE OR LOSS OF USE OF DATA), EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES, AND IRRESPECTIVE OF ANY NEGLIGENCE OF BMC OR WHETHER SUCH DAMAGES RESULT FROM A CLAIM ARISING UNDER TORT OR CONTRACT LAW. LIMITS ON LIABILITY. BMCS AGGREGATE LIABILITY FOR DAMAGES IS LIMITED TO THE AMOUNT PAID BY YOU FOR THE LICENSE TO THE PRODUCT. SUPPORT. If Your order includes support for the Software, then BMC agrees to provide support (24 hours a day/7 days a week) ("Support"). You will be automatically re-enrolled in Support on an annual basis unless BMC receives notice of termination from You as provided below. There is a free support period during the one year warranty period. (a) Support Terms. BMC agrees to make commercially reasonable efforts to provide the following Support: (i) For malfunctions of supported versions of the Software, BMC provides bug fixes, patches or workarounds in order to cause that copy of the Software to operate in substantial conformity with its then-current operating specifications; and (ii) BMC provides new releases or versions, so long as such new releases or versions are furnished by BMC to all other enrolled Support customers without additional charge. BMC may refuse to provide Support for any versions or releases of the Software other than the most recent version or release of such Software made available by BMC. Either party may terminate Your enrollment in Support upon providing notice to the other at least 30 days prior to the next applicable Support anniversary date. If You re-enroll in Support, BMC may charge You a reinstatement fee of 1.5 times what You would have paid if You were enrolled in Support during that time period. (b) Fees. The annual fee for Support is 20% of the Softwares list price less the applicable discount or a flat capacity based annual fee. BMC may change its prices for the Software and/or Support upon at least 30 days notice prior to Your support anniversary date.
VERIFICATION. If requested by BMC, You agree to deliver to BMC periodic written reports, whether generated manually or electronically, detailing Your use of the Software in accordance with this Agreement, including, without limitation, the License Capacity. BMC may, at its expense, audit Your use of the Software to confirm Your compliance with the Agreement. If an audit reveals that You have underpaid fees, You agree to pay such underpaid fees. If the underpaid fees exceed 5% of the fees paid, then You agree to also pay BMCs reasonable costs of conducting the audit. EXPORT CONTROLS. You agree not to import, export, re-export, or transfer, directly or indirectly, any part of the Product or any underlying information or technology except in full compliance with all United States, foreign and other applicable laws and regulations. GOVERNING LAW. This Agreement is governed by the substantive laws in force, without regard to conflict of laws principles: (a) in the State of New York, if you acquired the License in the United States, Puerto Rico, or any country in Central or South America; (b) in the Province of Ontario, if you acquired the License in Canada (subsections (a) and (b) collectively referred to as the "Americas Region"); (c) in Singapore, if you acquired the License in Japan, South Korea, Peoples Republic of China, Special Administrative Region of Hong Kong, Republic of China, Philippines, Indonesia, Malaysia, Singapore, India, Australia, New Zealand, or Thailand (collectively, "Asia Pacific Region"); or (d) in the Netherlands, if you acquired the License in any other country not described above. The United Nations Convention on Contracts for the International Sale of Goods is specifically disclaimed in its entirety. ARBITRATION. ANY DISPUTE BETWEEN YOU AND BMC ARISING OUT OF THIS AGREEMENT OR THE BREACH OR ALLEGED BREACH, SHALL BE DETERMINED BY BINDING ARBITRATION CONDUCTED IN ENGLISH. IF THE DISPUTE IS INITIATED IN THE AMERICAS REGION, THE ARBITRATION SHALL BE HELD IN NEW YORK, U.S.A., UNDER THE CURRENT COMMERCIAL OR INTERNATIONAL, AS APPLICABLE, RULES OF THE AMERICAN ARBITRATION ASSOCIATION. IF THE DISPUTE IS INITIATED IN A COUNTRY IN THE ASIA PACIFIC REGION, THE ARBITRATION SHALL BE HELD IN SINGAPORE, SINGAPORE UNDER THE CURRENT UNCITRAL ARBITRATION RULES. IF THE DISPUTE IS INITIATED IN A COUNTRY OUTSIDE OF THE AMERICAS REGION OR ASIA PACIFIC REGION, THE ARBITRATION SHALL BE HELD IN AMSTERDAM, NETHERLANDS UNDER THE CURRENT UNCITRAL ARBITRATION RULES. THE COSTS OF THE ARBITRATION SHALL BE BORNE EQUALLY PENDING THE ARBITRATORS AWARD. THE AWARD RENDERED SHALL BE FINAL AND BINDING UPON THE PARTIES AND SHALL NOT BE SUBJECT TO APPEAL TO ANY COURT, AND MAY BE ENFORCED IN ANY COURT OF COMPETENT JURISDICTION. NOTHING IN THIS AGREEMENT SHALL BE DEEMED AS PREVENTING EITHER PARTY FROM SEEKING INJUNCTIVE RELIEF FROM ANY COURT HAVING JURISDICTION OVER THE PARTIES AND THE SUBJECT MATTER OF THE DISPUTE AS NECESSARY TO PROTECT EITHER PARTYS CONFIDENTIAL INFORMATION, OWNERSHIP, OR ANY OTHER PROPRIETARY RIGHTS. ALL ARBITRATION PROCEEDINGS SHALL BE CONDUCTED IN CONFIDENCE, AND THE PARTY PREVAILING IN ARBITRATION SHALL BE ENTITLED TO RECOVER ITS REASONABLE ATTORNEYS FEES AND NECESSARY COSTS INCURRED RELATED THERETO FROM THE OTHER PARTY. U.S. GOVERNMENT RESTRICTED RIGHTS. The Software under this Agreement is "commercial computer software" as that term is described in 48 C.F.R. 252.227-7014(a)(1). If acquired by or on behalf of a civilian agency, the U.S. Government acquires this commercial computer software and/or commercial computer software documentation subject to the terms of this Agreement as specified in 48 C.F.R. 12.212 (Computer Software) and 12.211 (Technical Data) of the Federal Acquisition Regulations ("FAR") and its successors. If acquired by or on behalf of any agency within the Department of Defense ("DOD"), the U.S. Government acquires this commercial computer software and/or commercial computer software documentation subject to the terms of this Agreement as specified in 48 C.F.R. 227.7202 of the DOD FAR Supplement and its successors. MISCELLANEOUS TERMS. You agree to pay BMC all amounts owed no later than 30 days from the date of the applicable invoice, unless otherwise provided on the order for the License to the Products. You will pay, or reimburse BMC, for taxes of any kind, including sales, use, duty, tariffs, customs, withholding, property, value-added (VAT), and other similar federal, state or local taxes (other than taxes based on BMCs net income) imposed in connection with the Product and/or the Support. This Agreement constitutes the entire agreement between You and BMC and supersedes any prior or contemporaneous negotiations or agreements, whether oral, written or displayed electronically, concerning the Product and related subject matter. No modification or waiver of any provision hereof will be effective unless made in a writing signed by both BMC and You. You may not assign or transfer this Agreement or a License to a third party without BMCs prior written consent. Should any provision of this Agreement be invalid or unenforceable, the remainder of the provisions will remain in effect. The parties have agreed that this Agreement and the documents related thereto be drawn up in the English language. Les parties exigent que la prsente convention ainsi que les documents qui sy rattachent soient rdigs en anglais.
Notes