InterSystems Enterprise Manager
A new, free application for managing instances of Caché and Ensemble - Enterprise Manager (EM) has appeared in the InterSystems product stack. In this article I will talk about the main features of the new product. The application is actively developed and supports Caché, Ensemble and HealthShare version 2014.1+.
InterSystems EM provides tools for centralized management of InterSystems products. EM eliminates the need to manually change settings related to security, users, licensing, namespace, and databases, and allows for a uniform policy for changing server configurations, eliminating manual input errors. EM will allow administrators to control who can make changes, as well as compare and cancel any changes that have been made.
EM is a standalone, secure application. After starting to manage InterSystems products using EM, all communications between the EM and the managed instance are encrypted (using SSL / TLS or WSS).
')
The main function of the Enterprise Manager is to manage the various settings of the instances belonging to groups, where the settings are grouped into 5 different services. All these settings can be changed using an interface similar to an ordinary system management portal.
Combining instances into groups, EM allows you to manage settings so that all group members receive changes at the same time. However, a managed instance can get all its settings not from the same group, but from several that manage different services. In addition, for individual instances it is possible to individually redefine some group settings.
EM allows you to subscribe groups to master groups, so the hierarchy of some conditional setting can be represented as follows:
This combination of services, groups and master groups gives you more flexibility in customization: any setting can be set globally for all managed instances, changed within a separate group, and finally redefined for a separate instance. The list of services is as follows:
The installation is similar to the installation of a regular Caché server, the installation is described in detail on Habre for Windows habrahabr.ru/post/183340 and Linux (CentOS 6.5) habrahabr.ru/company/intersystems/blog/217567
The only thing worth saying is that during the installation process you will be asked to come up with an admin password - do not forget it!
You can check the installation and start working at
Login : Manager, and the password entered during installation.
I note that work with EM is conducted only through the EM management portal.
When you first log in, you will be asked to choose a security policy, there are 3 of them:
After you select a security policy, the main EM Management Portal window opens.
Add the first instance to the EM management. For simplicity, we will assume that you installed Caché or Ensemble on the same server as EM, and named the installation PROD and the server port 57772.
As you can see, our instance does not belong to any groups, and none of its services, respectively, are managed. Indeed, going to the portal management system of the instance can be seen that all settings are still available for editing.
Now the PROD instance is managed by the “ProdConfig” group. There are no changes to the PROD management portal. For example, let's go to Log Settings by choosing System Administration> Configuration> System Configuration> Journal Settings (Logging Settings> Log Settings). The screenshot shows that all settings are now available in read only mode.
What happened? Changes were made, then approved, and only then sent to the servers. These actions require the user to have different privileges (they are all available from the Administrator Manager), so the separation of access rights can be configured.
If you look at the PROD instance management portal, the value of the changed setting should be 5.
So, we have a configured PROD server, and we want to clone these settings to another server and then generally administer these servers together. Pretty typical task. Let the new server be called TEST and be installed on the same or any other host. Next, do the following:
Sometimes the changes made are undesirable and need to be rolled back. It is also important to monitor all changes made in server configurations.
This article shows the main functionality of the Enterprise Manager.
Documentation
Download EM
InterSystems EM provides tools for centralized management of InterSystems products. EM eliminates the need to manually change settings related to security, users, licensing, namespace, and databases, and allows for a uniform policy for changing server configurations, eliminating manual input errors. EM will allow administrators to control who can make changes, as well as compare and cancel any changes that have been made.
EM is a standalone, secure application. After starting to manage InterSystems products using EM, all communications between the EM and the managed instance are encrypted (using SSL / TLS or WSS).
')
Main functions
The main function of the Enterprise Manager is to manage the various settings of the instances belonging to groups, where the settings are grouped into 5 different services. All these settings can be changed using an interface similar to an ordinary system management portal.
Combining instances into groups, EM allows you to manage settings so that all group members receive changes at the same time. However, a managed instance can get all its settings not from the same group, but from several that manage different services. In addition, for individual instances it is possible to individually redefine some group settings.
EM allows you to subscribe groups to master groups, so the hierarchy of some conditional setting can be represented as follows:
This combination of services, groups and master groups gives you more flexibility in customization: any setting can be set globally for all managed instances, changed within a separate group, and finally redefined for a separate instance. The list of services is as follows:
| Configuration | License | Areas | Security | Users |
|---|---|---|---|---|
| Magazine Start settings SQL Devices Cluster Localization | License management | ECP area management | Roles Web Application Resources Security Settings Audit | user management Ldap |
Installation
The installation is similar to the installation of a regular Caché server, the installation is described in detail on Habre for Windows habrahabr.ru/post/183340 and Linux (CentOS 6.5) habrahabr.ru/company/intersystems/blog/217567
The only thing worth saying is that during the installation process you will be asked to come up with an admin password - do not forget it!
You can check the installation and start working at
Login : Manager, and the password entered during installation.
I note that work with EM is conducted only through the EM management portal.
When you first log in, you will be asked to choose a security policy, there are 3 of them:
- Unsecured - not recommended for operational use
- WS Security - SOAP protocol extension
- SSL / TLS
After you select a security policy, the main EM Management Portal window opens.
Add Instance
Add the first instance to the EM management. For simplicity, we will assume that you installed Caché or Ensemble on the same server as EM, and named the installation PROD and the server port 57772.
So, let's add the PROD instance under EM control.
- From the instance management system portal, select the EM menu item from the System Administration tab.
- On the page that opens, click the Apply button.
- In the form that appears, enter information about the server EM
- Network location: localhost
- Port: 57780 - Standard EM Port
- Prefix: leave blank
- Click the Next button
- Enter PROD instance information
- Description: PROD
- Network location: localhost
- Port: 57772
- Prefix: leave blank
- Click Finish . Management Request Submitted
- Now we take it. From the EM Management Portal click on the link * Notifications
- Click on the Accept Request button
- Is done. Go to the list of managed instances by clicking on the View managed instances button.
Change settings
As you can see, our instance does not belong to any groups, and none of its services, respectively, are managed. Indeed, going to the portal management system of the instance can be seen that all settings are still available for editing.
Let's create a new group that will manage the Configuration service.
- Go to EM Management Portal by clicking Menu -> Groups
- Click on the New Group button
- In the window that appears, fill in the fields:
- Name: ProdConfig
- Description: Configuration from Prod
- In the list of services select: Configuration
- Click Finish
The group is created, now we will add PROD instance there
- Go to the EM Management Portal by clicking Menu -> Instances
- In the table that opens - the list of managed instances, click on the link “PROD: <Host name of your computer>”.
- Click the Assign to Group button
- Select the “ProdConfig” group by clicking on the corresponding row in the table and click the Next button
- Click Finish
Now the PROD instance is managed by the “ProdConfig” group. There are no changes to the PROD management portal. For example, let's go to Log Settings by choosing System Administration> Configuration> System Configuration> Journal Settings (Logging Settings> Log Settings). The screenshot shows that all settings are now available in read only mode.
Change the setting for the number of days after which the log files are deleted.
Now the value of this setting is 7.
- Go to the EM management portal in the Groups menu item.
- Select ProdConfig from the list of groups
- Select Configuration from the list of services.
- Click the Edit button
- On the page that opens, select System Configuration >> Journal Settings
- Change the value of “After this many days” to 5
- Click the Submit Changes button
- Enter a description of the changes in the Description field and click the Submit button.
- Click on the Approve Changes button
- Click on the Approve button
- Click the Activate Changes button
- Press the Activate button
What happened? Changes were made, then approved, and only then sent to the servers. These actions require the user to have different privileges (they are all available from the Administrator Manager), so the separation of access rights can be configured.
If you look at the PROD instance management portal, the value of the changed setting should be 5.
Clone settings
So, we have a configured PROD server, and we want to clone these settings to another server and then generally administer these servers together. Pretty typical task. Let the new server be called TEST and be installed on the same or any other host. Next, do the following:
- Add a TEST instance to EM (as was done with PROD in p. Adding an instance)
- Add a managed TEST instance to those groups whose service settings we want to see on the TEST server.
- All - the new server is also configured as PROD and will carry all the settings of the group.
Audit and change rollback
Sometimes the changes made are undesirable and need to be rolled back. It is also important to monitor all changes made in server configurations.
These tasks are solved when working with the audit database.
- In the Enterprise Manager Management Portal go to Home> Systems Management> Auditing> View Audit Database
- In the “Event Name” field, enter “Edit” and click the Search button
- View detailed information about the changes made.
Now cancel the change.
- Go to the EM Management Portal in the menu> Groups
- Click on the link ProdConfig
- Select Configuration service
- Click on the View History link
- Click View Changes to make sure that this is the change you are going to undo. Diff between different configurations will be shown.
- Click on the Close button
- Click on the Revert button
- Click on the OK button
- On the ProdConfig group page (Menu> Groups> ProdConfig), click Submit.
- Click the Submit button
- Click on the Approve Changes button
- Click on the Approve button
Total
This article shows the main functionality of the Enterprise Manager.
useful links
Documentation
Download EM
Source: https://habr.com/ru/post/239975/
All Articles