HP OpenVMS Systems Documentation
Content starts here

DECamds User's Guide
Previous Contents Index

1.3.2 Customizing Security Files

Security files define which Data Analyzers can access data on nodes that have a Data Provider. The security files let you group nodes according to specific criteria.

Note
Compaq recommends that you group nodes according to OpenVMS Cluster membership. A node can be in only one group at a time. All nodes in a cluster must also be in the same group.

Installing DECamds initially assigns all nodes to one group. Each node that is assigned to a group is listed under the group name heading in the System Overview window.

Consider the following items when you set up customized groups:

  • OpenVMS Cluster and data integrity
    • All nodes in a cluster must be in the same group for data in the disk volume and lock contention windows to be complete and accurate.
      It is possible to include two clusters in one group, but if a cluster is divided between two groups or only partially included, the data might not be accurate.
    • Adding standalone nodes to the group will affect only the accuracy of disk volume and lock contention data.
  • Partitioning for analysis
    Specific users can have read or write access to certain subsets of nodes. For example, one Data Analyzer can be designated to monitor a certain hardware type or cluster. This is entirely independent of the group to which the nodes of that hardware type or cluster are assigned. Apart from strict security considerations, this mechanism is often used to partition systems for convenience.
    Your site might already have criteria relevant to defining groups. These could include a system management division of labor, hardware type, physical location, or work function.
    Compaq recommends that you correlate your security files to your group definitions so that all nodes in the group are visible in the System Overview window. Section 1.3 explains how to set up security files.

1.3.2.1 Setting Up Node Groups

Assign nodes in a cluster to the same group.

To assign a node to a group, perform the following steps on each Data Provider node that is to be part of the group:

  1. Assign a unique name of up to 15 alphanumeric characters to the AMDS$GROUP_NAME logical name in the AMDS$SYSTEM:AMDS$LOGICALS.COM file. For example: 


    $ AMDS$DEF AMDS$GROUP_NAME FINANCE ! Group FINANCE; OpenVMS Cluster alias
  2. Apply the logical name by restarting the Data Provider, as follows: 


    $ @SYS$STARTUP:AMDS$STARTUP.COM START

For more information about the other logical names in AMDS$LOGICALS.COM, see Appendix B.

1.3.2.2 Defining Data Exchange Access Between Nodes

The Data Provider stores access security triplets in a file called AMDS$DRIVER_ACCESS.DAT, which indicates the Data Analyzer nodes that are allowed to request that data be provided. If a Data Analyzer node is not listed in the file, access is denied.

Examples

All Data Provider nodes in Group FINANCE have the following AMDS$DRIVER_ACCESS.DAT file: 


*\FINGROUP\R   ! Let anyone with FINGROUP password read
               !
2.1\DEVGROUP\W ! Let only DECnet node 2.1 with
               ! DEVGROUP password perform fixes (writes)
               !
2.2\FINGROUP\W ! Let DECnet node 2.2 perform fixes

All Data Provider nodes in Group DEVELOPMENT have the following AMDS$DRIVER_ACCESS.DAT file: 


*\GROUPBRD\R   ! Let anyone with GROUPBRD password read
               !
2.1\DEVGROUP\W ! Let only DECnet node 2.1 with
               ! DEVGROUP password perform fixes

AMDS$CONSOLE_ACCESS.DAT file for a Data Analyzer

For a Data Analyzer to access information on any node in Groups FINANCE or DEVELOPMENT, the following access security triplets must be listed in the Data Analyzer node's AMDS$CONSOLE_ACCESS.DAT file: 


*\FINGROUP\R ! To access data on nodes in Group FINANCE
             !
*\GROUPBRD\R ! To access data on nodes in Group DEVELOPMENT
             !
*\DEVGROUP\W ! Assumes you are the owner of DECnet
             ! address 2.1 so you can access data and
             ! perform fixes on both Group FINANCE and
             ! Group DEVELOPMENT nodes.
             !
*\FINGROUP\W ! Assumes you are the owner of DECnet
             ! address 2.2 so you can access data and
             ! perform fixes on Group FINANCE nodes.

After you modify the AMDS$CONSOLE_ACCESS.DAT security file, restart the Data Analyzer with the AVAIL command to use the changes. For more information about starting DECamds, see Chapter 2.

1.3.2.3 Limiting Specific Users to Read Access

You can restrict write access for certain users by performing the following steps:

  1. Assign a search list of directories to the AMDS$CONFIG logical name in the AMDS$SYSTEM:AMDS$LOGICALS.COM file. For example: 


    $ DEFINE AMDS$CONFIG SYS$LOGIN,AMDS$SYSTEM

    Execute the procedure as follows: 


    $ @AMDS$SYSTEM:AMDS$LOGICALS
  2. Copy the AMDS$CONSOLE_ACCESS.DAT security file to the SYS$LOGIN directory of a user and edit the file for that user.
  3. Restart the Data Analyzer with the AVAIL command. For more information about starting the Data Analyzer, see Chapter 2.

The next time the user starts DECamds, the new security file will be found in their SYS$LOGIN directory and will be used. The security file found in AMDS$SYSTEM will not be read.

1.3.3 Sending Messages to OPCOM

The logical names shown in Table 1-3 control the sending of messages to OPCOM and are defined in the AMDS$LOGICALS.COM file.

Table 1-3 DECamds Logical Names for OPCOM Messages
AMDS$RM_OPCOM_READ A value of TRUE logs read failures to OPCOM.
AMDS$RM_OPCOM_WRITE A value of TRUE logs write failures to OPCOM.

To use the changes, restart the Data Analyzer with the following command on each system or use the System Management utility (SYSMAN) to run the command on all systems within the OpenVMS Cluster: 


$ @SYS$STARTUP:AMDS$STARTUP RESTART

1.3.4 Setting Broadcast Intervals for Node Availability Messages

Availability messages are broadcast by the Data Provider on nodes at regular intervals until a node establishes a link with the Data Analyzer. After a link has been established, the interval varies depending on the amount of data collection (and other factors) occurring between nodes.

You can modify the logical names in the AMDS$LOGICALS.COM file (shown in Table 1-4) to change the broadcast availability intervals.

Table 1-4 Broadcast Availability Logical Names
AMDS$RM_DEFAULT_INTERVAL Defines from 15- to 300-second intervals between availability message broadcasts.
AMDS$RM_SECONDARY_INTERVAL Defines from 15- to 1800-second intervals between availability message broadcasts after a link has been established between nodes.

To use the changes, restart the Data Analyzer with the following command on each system or by using SYSMAN to run the command on all systems within the OpenVMS Cluster: 


$ @SYS$STARTUP:AMDS$STARTUP RESTART

Chapter 2
Getting Started

This chapter describes the following:

  • How to start DECamds
  • How to use the System Overview window to monitor resource availability problems on your system
  • How to use the Event Log window to correct resource availability problems on your system

2.1 Starting DECamds

To start the DECamds Data Analyzer, enter the following command and any of the following qualifiers:
AVAIL /qualifiers

Note
If you have a recent version of DECamds or if you have Availability Manager installed, you must use the following command to invoke DECamds: 


$ AVAIL/ MOTIF

Qualifiers

/CONFIGURE

Specifies the directories from which input files are read. This can be a search list of directories or a logical defining a search list of directories.

/LOG_DIRECTORY

Specifies the directory to which log files are written. Output files can be directed to the null device, NLA0:.

/GROUP

A comma-separated list of the groups of Data Provider nodes that you want the Data Analyzer to access.

Note
If you have not already set up a group hierarchy of nodes during DECamds installation, refer to Section 1.3.2.1 for information about setting up node groups.

The following examples of commands start DECamds with input files read first from SYS$LOGIN, and then from AMDS$SYSTEM (if the files are not found in SYS$LOGIN). All output files are written to the SYS$LOGIN directory. Only data from the group you enter (such as KUDOS) is collected. 


$ DEFINE/JOB AMDS$CONFIG  SYS$LOGIN,AMDS$SYSTEM
$ AVAIL/CONFIGURE=AMDS$CONFIG/LOG_DIRECTORY=SYS$LOGIN/GROUP=(KUDOS)

When DECamds starts, it displays the System Overview and Event Log windows.

To obtain help about DECamds, choose a menu item from the Help menu.

2.2 Using the System Overview Window

The System Overview window allows you to focus on resource usage activity at a high level and to display more specific data when necessary. The System Overview window displays CPU, memory, I/O data, number of processes in CPU queues, operating system version, and hardware model for each node and group DECamds recognizes.

Figure 2-1 shows a sample System Overview window displaying the nodes that DECamds can reach and is monitoring.

Figure 2-1 System Overview Window

The System Overview window contains two kinds of information:

  • Group information, displayed in the row next to the group name, shows averages for all nodes in the group.
  • Node information, displayed in the row next to the node name, shows averages for the node.
    If the View menu is set to Hide Nodes, node information is not displayed.

Table 2-1 explains the fields displayed in the System Overview window.

Table 2-1 System Overview Window Display Fields
Field Description
Group Displays the group names in alphabetical order and the number of nodes recognized by DECamds. A group is a defined set of nodes that appear together in the System Overview window. A group can be defined by type of hardware, physical location, function, or OpenVMS Cluster alias.
NodeName Displays the name of the node in a node row.
CPU (CPU usage) In a group row, displays the average of the percentage of CPU time used by all processors weighted toward the present.

In a node row, displays the percentage of CPU time used by all processes on the node, expressed as an exponential average, weighted toward the present.

On Symmetric Multiprocessing (SMP) nodes, rates for CPU time are added and divided by the number of CPUs.

MEM (Memory rate) In a group row, displays the average of the sampled values (over time) for all processes on all nodes in a group.

In a node row, displays the percent of space in physical memory that all processes on the node are currently occupying. The value represents 100 percent minus the amount of free memory.

BIO (Buffered I/O rate) In a group row, displays the average of BIO operations of all processes on all nodes.

In a node row, displays the BIO rate for all processes on the node across the number of CPUs.

DIO (Direct I/O usage) In a group row, displays the average of DIO operations of all processes on all nodes.

In a node row, displays the DIO rate for all processes on the node.

# procs in CPU Qs (Number of processes in CPU queues) Represents the number of processes the Node Summary data collection found in the COM, COMO, MWAIT, and PWAIT CPU queues.
O.S. Version (Version of the operating system) Lists the currently loaded version of OpenVMS on the node being monitored (not the node doing the monitoring).
Hardware Model Lists the hardware model of the node being monitored.

A percentage of a used resource is shown both by number and a dynamic status bar. For group rows, the values are averaged for all nodes in the group when node summary data collection is active. (Node summary data collection is active by default on DECamds startup.)

Resource availability problems are indicated by highlighting. When an event occurs, DECamds highlights the status bar that represents the resource. Highlighting is shown in red on color monitors, by default; it is bold on monochrome monitors. You can change the highlight color. (See Chapter 5 for more information.)

When data appears dimmed, the data is more than 60 seconds old due to a user action that stopped node summary data collection. When the data is updated, the display returns to normal resolution.

Figure 2-2 shows the System Overview window options. Note that on the View menu, the Hide Nodes item toggles with Show Nodes; on the Control menu, the Disable menu choices toggle with Enable choices.

Figure 2-2 System Overview Window Menus

2.2.1 Expanding and Collapsing Group Information

Use the View menu to display group or group and node status in the System Overview window. Typically, a group is an OpenVMS Cluster. Groups are displayed in alphabetical order. Nodes within a group are also displayed in alphabetical order.

You can also expand and collapse specific group displays by clicking MB3 while the cursor is on the selected group and choosing either the Hide Nodes or Show Nodes menu item.

2.2.2 Displaying Additional Data

By default, the Data Analyzer collects, analyzes, and displays four categories of data from Data Provider nodes:

  • Node Summary
  • Page/Swap File Summary
  • Lock Contention Summary
  • Cluster Transition Summary

In addition to the default data, you can choose any of these categories of additional data to be collected, analyzed, and displayed:

  • CPU Summary
  • Memory Summary
  • Process I/O Summary
  • Disk Status Summary
  • Disk Volume Summary

You can change the default data windows that are displayed with the DECamds Application Customizations dialog box. For more information about customizing DECamds, see Chapter 5.

Note
Data gathering and display consume CPU time and network bandwidth. Request only the data you need to conclude an investigation, and then stop collecting the data (see Section 2.2.3). Whenever possible, collect data for just one node, not the entire group.

To request a specific data category, do one of the following:

  • For data on a single node or a group, in the System Overview window, click MB3 on a selected node or group, then choose Collect from the menu, and then choose a category from the submenu.
  • For data on all nodes, in the System Overview window, choose a category from the Collect menu.
  • In the Event Log window, click MB3 on a selected event and choose Display from the menu. (See Section 2.3 for information on the Event Log window.)

2.2.3 Stopping Data Collection

To stop collecting data, do one of the following:

  • Choose Stop All Data Collection from either of the following:
    • Collect menu or Control menu of the System Overview window
    • Control menu of the Event Log window

    This stops collecting for all nodes. Events are removed from the Event Log, and data values in the System Overview window go to zero and are dimmed. Use this item if you lose track of data you are collecting in the background. Then restart data collection as needed; new events appear once data collection resumes.
  • Click MB3 on a group or node name of the System Overview window to display the Collect submenu. Select Stop All Data Collection.
    This stops all data collection for the group or node you select. Node or group data in the System Overview window is zeroed.
  • From the File menu of any data window, select Stop Collecting.
    If the data window is specific to a node or group, this option stops collecting for the node or group. (Data windows are discussed in Chapter 3.)

    Note
    Choosing Close Display from the File menu of any data window closes the window but continues data collection as a background task.
  • From the File menu of the System Overview window, select Exit or Quit.

2.3 Using the Event Log Window

The Event Log window allows you to identify and correct a system problem. The Event Log window displays a warning message whenever DECamds detects a resource availability problem. Figure 2-3 shows an Event Log window.

Figure 2-3 Event Log Window

DECamds writes all events to a log file (AMDS$LOG:AMDS$EVENT_LOG.LOG). You can read this file in the Event Log window while the application is running.

Note
Ignore event messages that report the system process "SWAPPER" as having used all its quotas. The SWAPPER process is the OpenVMS memory management process; it does not have its quotas defined in the same way other system and user processes do.

Table 2-2 explains the fields displayed in the Event Log window.

Table 2-2 Event Log Window Display Fields
Field Description
Time Displays, in real time, the time that an event is detected.
Sev (Severity) Displays a value from 0 to 100. By default, events are listed in the Event Log window in order of decreasing severity. 0 is an informational message; 100 is a severe event. An event severity of 80 is high and indicates a potentially serious problem. Events with a severity of less than 50 appear dimmed, to indicate that they are less important. See Chapter 5 for information about how to change the display of severe events. Events that are critical are also sent to the OpenVMS operator communication manager (OPCOM).
Event Displays an alphanumeric identifier of the type of event.
Description Displays the node or group name and a short description of the resource availability problem.

When an event "times out" by an improvement in availability, it is removed from the display. Events that are not triggered by a condition are timed out after 30 seconds (for example, the "CFGDON, node configuration done" event). When you select an event, the event remains displayed for 15 seconds (or until you initiate another task in the window), even if the event times out.

Figure 2-4 shows the Event Log window options.

Figure 2-4 Event Log Window Menus

For information about customizing event log information, see Section 5.2.1.

Previous Next Contents Index