Availability Manager User's Guide
6.4.4 OpenVMS I/O Filters
When you click I/O on the Filter page, the
Availability Manager displays the OpenVMS I/O Filters page (Figure 6-8).
Figure 6-8 OpenVMS I/O Filters Page
The OpenVMS I/O Summary page (Figure 3-11) displays the values you
set on this filters page.
This filters page allows you to change values for the following data:
| Data |
Description |
|
Direct I/O Rate
|
The rate at which I/O transfers occur between the system devices and
the pages or pagelets that contain the process buffer that the system
locks in physical memory.
|
|
Buffered I/O Rate
|
The rate at which I/O transfers occur between the process buffer and an
intermediate buffer from the system buffer pool.
|
|
Paging I/O Rate
|
The rate of read attempts necessary to satisfy page faults (also known
as Page Read I/O or the Hard Fault Rate).
|
|
Open File Count
|
The number of open files.
|
|
BIO lim Remaining
|
The number of remaining buffered I/O operations available before the
process reaches its quota. BIOLM quota is the maximum number of
buffered I/O operations a process can have outstanding at one time.
|
|
DIO lim Remaining
|
The number of remaining direct I/O limit operations available before
the process reaches its quota. DIOLM quota is the maximum number of
direct I/O operations a process can have outstanding at one time.
|
|
BYTLM Remaining
|
The number of buffered I/O bytes available before the process reaches
its quota. BYTLM is the maximum number of bytes of nonpaged system
dynamic memory that a process can claim at one time.
|
|
Open File limit
|
The number of additional files the process can open before reaching its
quota. FILLM quota is the maximum number of files that can be opened
simultaneously by the process, including active network logical links.
|
6.4.5 OpenVMS Lock Contention Filters
The OpenVMS Lock Contention Filters page allows you to remove (filter
out) resource names from the Lock Contention page (Figure 3-17).
When you click Lock Contention on the Filter page, the
Availability Manager displays the OpenVMS Lock Contention Filters page
(Figure 6-9).
Figure 6-9 OpenVMS Lock Contention Filters Page
Each entry on the Lock Contention Filters page is a resource name or
part of a resource name that you want to filter out. For example, the
STRIPE$ entry filters out any value that starts with the characters
STRIPE$. To redisplay original entries, click Use default
values.
6.4.6 OpenVMS Memory Filters
When you click Memory Filters on the Filter page, the
Availability Manager displays the OpenVMS Memory Filters page (Figure 6-10).
Figure 6-10 OpenVMS Memory Filters Page
The OpenVMS Memory page (Figure 3-9) displays the values on this
filters page.
The OpenVMS Memory Filters page allows you to change values for the
following data:
| Data |
Description |
|
Working Set Count
|
The number of physical pages or pagelets of memory that the process is
using.
|
|
Working Set Size
|
The number of pages or pagelets of memory the process is allowed to
use. The operating system periodically adjusts this value based on an
analysis of page faults relative to CPU time used. An increase in this
value in large units indicates a process is receiving a lot of page
faults and its memory allocation is increasing.
|
|
Working Set Extent
|
The number of pages or pagelets of memory in the process's WSEXTENT
quota as defined in the user authorization file (UAF). The number of
pages or pagelets will not exceed the value of the system parameter
WSMAX.
|
|
Page Fault Rate
|
The number of page faults per second for the process.
|
|
Page I/O Rate
|
The rate of read attempts necessary to satisfy page faults (also known
as page read I/O or the hard fault rate).
|
6.4.7 OpenVMS Page/Swap File Filters
When you click Page/Swap File on the Filter page, the
Availability Manager displays the OpenVMS Page/Swap File Filters page
(Figure 6-11).
Figure 6-11 OpenVMS Page/Swap File Filters Page
The OpenVMS I/O Page Faults page (Figure 3-11) displays the values
that you set on this filters page.
This filters page allows you to change values for the following data:
| Data |
Description |
|
Used Blocks
|
The number of used blocks within the file.
|
|
Page File % Used
|
The percentage of the blocks from the page file that have been used.
|
|
Swap File % Used
|
The percentage of the blocks from the swap file that have been used.
|
|
Total Blocks
|
The total number of blocks in paging and swapping files.
|
|
Reservable Blocks
|
Number of reservable blocks in each paging and swapping file currently
installed. Reservable blocks can be logically claimed by a process for
a future physical allocation. A negative value indicates that the file
might be overcommitted. Note that a negative value is not an immediate
concern but indicates that the file might become overcommitted if
physical memory becomes scarce.
|
You can also select (turn on) or clear (turn off) the following options:
- Show page files
- Show swap files
6.5 Customizing Events
You can customize a number of characteristics of the events that are
displayed in the Events pane of the Application window (Figure 1-3).
When you select the Customize OpenVMS... or
Customize Windows NT... option from the Application
window's Customize menu, the Availability Manager displays a
tabbed page similar to the one shown in Figure 6-12.
Figure 6-12 Event Customization Page
You can change the values for any data that is available (does not
appear dimmed) on this page. The following table describes the data you
can change:
| Data |
Description |
|
Severity
|
Controls the severity level at which events are displayed in the Event
pane. By default, all events are displayed. Increasing this value
reduces the number of event messages in the Event pane and can improve
perceived response time.
|
|
Occurrence
|
Each Availability Manager event is assigned an
occurrence value,
that is, the number of consecutive data samples that must exceed the
event threshold before the event is signaled.
By default, events have low occurrence values. However, you might find
that a certain event indicates a problem only when it occurs repeatedly
for an extended period. You can change the occurrence value assigned to
that event so that the Availability Manager signals it only when necessary.
For example, suppose page fault spikes are common in your
environment, and the Availability Manager frequently signals intermittent
HITTLP, total page fault rate is high events. You could change
the event's occurrence value to 3, so that the total page fault rate
must exceed the threshold for three consecutive collection intervals
before being signaled to the event log.
To avoid displaying insignificant events, you can customize an event
so that the Availability Manager signals it only when it occurs continuously.
|
|
Threshold
|
Most events are checked against only one threshold; however, some
events have dual
thresholds, where the event is triggered if either one is true. For
example, for the
LOVLSP, node disk volume free space is low event, the
Availability Manager checks both of the following thresholds:
- Number of blocks remaining (
LowDiskFreeSpace.BlkRem)
- Percentage of total blocks remaining (
LowDiskFreeSpace.Percent)
|
|
Escalation
|
Not yet implemented.
|
|
User Action
|
Not yet implemented.
|
The section of the page called "Event explanation and
investigation hints" includes a description of the event and a
hint about how to correct any problems that the event signals.
6.6 Customizing Security Features
The following sections explain how to change these security features:
- Data Analyzer passwords for OpenVMS and Windows NT Data Collector
nodes
- OpenVMS Data Collector security triplets
- A Windows NT Data Collector password
Note
OpenVMS Data Collector nodes can have more than one password: each
password is part of a security triplet. (Windows NT nodes allow you to
have only one password per node.)
|
6.6.1 Changing Data Analyzer Passwords
You can change the passwords that the Windows NT Data Analyzer uses for
OpenVMS Data Collector nodes and for Windows NT Data Collector nodes.
The following sections explain how to perform both actions.
6.6.1.1 Changing a Data Analyzer Password for an OpenVMS Data Collector Node
When you click Customize OpenVMS... on the
Customize menu of the Application window, the
Availability Manager displays a Security page (Figure 6-13).
Figure 6-13 OpenVMS Security Customization Page
To change the default password for the Data Analyzer to use to access
OpenVMS Data Collector nodes, enter a password of exactly 8 uppercase
alphanumeric characters. The Availability Manager will use this password to
access OpenVMS Data Collector nodes. This password must match the
password that is part of the OpenVMS Data Collector security triplet
(see Section 1.4).
When you are satisfied with your password, click OK.
Exit the Availability Manager, and restart the application for the password to
take effect.
6.6.1.2 Changing a Data Analyzer Password for a Windows NT Data Collector Node
When you click Customize Windows NT... on the
Customize menu of the Application window, the
Availability Manager displays a Security page (Figure 6-14).
Figure 6-14 Windows NT Security Customization Page
To change the default password for the Data Analyzer to use to access
Windows NT Data Collector nodes, enter a password of exactly 8
alphanumeric characters. Note that this password is case sensitive; any
time you type it, you must use the original capitalization.
This password must also match the password for the Windows NT Data
Collector node that you want to access. (See Section 6.6.3 for
instructions for changing that password.)
When you are satisfied with your password, click OK.
Exit and restart the Availability Manager for the password to take effect.
6.6.2 Changing Security Triplets on OpenVMS Data Collector Nodes
To change security triplets on an OpenVMS Data Collector node, you must
edit the AMDS$DRIVER_ACCESS.DAT file, which is installed on all Data
Collector nodes. The following sections explain what a security triplet
is, how the Availability Manager uses it, and how to change it.
6.6.2.1 Understanding OpenVMS Security Triplets
A security triplet determines which nodes can access system data from
an OpenVMS Data Collector node. The AMDS$DRIVER_ACCESS.DAT file on
OpenVMS Data Collector nodes lists security triplets.
On OpenVMS Data Collector nodes, the AMDS$AM_CONFIG logical translates
to the location of the
default security file, AMDS$DRIVER_ACCESS.DAT.
This file is installed on all OpenVMS Data Collector nodes.
A security triplet is a three-part record whose fields are separated by
backslashes (\). A triplet consists of the following fields:
- A network address (hardware address or wildcard character)
- An 8-character alphanumeric password
The password is not case
sensitive (so the passwords "testtest" and
"TESTTEST" are considered to be the same).
- A read or write (R or W) access verification code
The exclamation point (!) is a comment delimiter; any characters to the
right of the comment delimiter are ignored.
Example
All Data Collector nodes in group FINANCE have the following
AMDS$DRIVER_ACCESS.DAT file:
*\FINGROUP\R ! Let anyone with FINGROUP password read
!
2.1\DEVGROUP\W ! Let only DECnet node 2.1 with
! DEVGROUP password perform fixes (writes)
|
6.6.2.2 How to Change a Security Triplet
Note
The configuration files for DECamds and the Availability Manager are
separate; only one set is used, depending on which startup command
procedure you use to start the driver.
See Installing the Availability Manager Version 1.4 on OpenVMS
Alpha Systems and Running DECamds and the Availability Manager
Concurrently for a further explanation of the configuration file
setup for both DECamds and the Availability Manager.
|
On each Data Collector node on which you want to change security, you
must edit the AMDS$DRIVER_ACCESS.DAT file. The data in the
AMDS$DRIVER_ACCESS.DAT file is set up as follows:
Network address\password\access
|
Use a backslash character (\) to separate the three fields.
To edit the AMDS$DRIVER_ACCESS.DAT file, follow these steps:
- Edit the network address.
The network address can be either of
the following:
- Hardware address
The hardware address field is the physical
hardware address in the LAN adapter chip. It is used if you have
multiple LAN adapters or are running the Compaq DECnet-Plus for OpenVMS
networking software on the system (not the Compaq DECnet Phase IV for
OpenVMS networking software).
For adapters provided by Compaq, the
hardware address is in the form 08-00-2B-xx-xx-xx, where the
08-00-2B portion is Compaq's valid range of LAN addresses as defined by
the IEEE 802 standards, and the xx-xx-xx portion is chip
specific.
To determine the value of the hardware address on a node,
use the OpenVMS System Dump Analyzer (SDA) as follows:
$ ANALYZE/SYSTEM
SDA> SHOW LAN
|
These commands display a list of available devices. Choose the
template device of the LAN adapter you will be using, and then enter
the following command:
SDA> SHOW LAN/DEVICE=xxA0
|
- Wildcard address
The wildcard character (*) allows any incoming
triplet with a matching password field to access the Data Collector
node. Use the wildcard character to allow read access and to run the
console application from any node in your network.
Because the Data
Analyzer does not use this field, you should use the wildcard character
in this field in the AMDS$CONSOLE_ACCESS.DAT file.
Caution: Use of the wildcard character for
write-access security triplets enables any person using that node to
perform system-altering fixes.
- Edit the password field.
The password field must
be an 8-byte alphanumeric field.
The password field gives
you a second level of protection when you want to use the wildcard
address denotation to allow multiple modes of access to your monitored
system.
- Enter either R or W as an access code.
R means READONLY allowance for the Data Analyzer. W means READ/WRITE
allowance for the Data Analyzer. (WRITE implies READ.)
OpenVMS Data Collector nodes accept more than one password. Therefore,
you might have several security triplets in an AMDS$DRIVER_ACCESS.DAT
file for one Data Collector node. For example:
*\1DECAMDS\R
*\KOINECLS\R
*\KOINEFIX\W
|
In this example, Data Analyzer nodes with the passwords 1DECAMDS and
KOINECLS would be able to see the Data Collector data, but only the
Data Analyzer node with the KOINEFIX password would be able to write or
change information, including performing fixes, on the Data Collector
node.
If you want, you can set up your AMDS$DRIVER_ACCESS.DAT file to allow
anyone in the world to read from your system but allow only a certain
node or nodes to write or change information on your system.
Note
After editing the AMDS$DRIVER_ACCESS.DAT file, you must stop and then
restart the Data Collector. This action loads the new data into the
driver.
|
6.6.2.3 How the Availability Manager Ensures Security
The Availability Manager performs these steps when using security triplets to
ensure security among Data Analyzer and Data Collector nodes:
- A message is broadcast at regular intervals to all nodes within the
LAN indicating the availability of a Data Collector node to communicate
with a Data Analyzer node.
- The node running the Data Analyzer receives the availability message
and returns a security triplet that identifies it to the Data
Collector, and requests system data from the Data Collector.
- The Data Collector examines the security triplet to determine
whether the Data Analyzer is listed in the AMDS$DRIVER_ACCESS.DAT file
to permit access to the system.
- If the AMDS$DRIVER_ACCESS.DAT file lists Data Analyzer access
information, then the Data Provider and the Data Analyzer can exchange
information.
- If the Data Analyzer is not listed in the AMDS$DRIVER_ACCESS.DAT
file or does not have appropriate access information, then access is
denied and a message is logged to OPCOM. The Data Analyzer receives a
message stating that access to that node is not permitted.
Table 6-3 describes how the Data Collector node interprets a
security triplet match.
Table 6-3 Security Triplet Verification
| Security Triplet |
Interpretation |
|
08-00-2B-12-34-56\HOMETOWN\W
|
The Data Analyzer has write access to the node only when the Data
Analyzer is run from a node with this hardware address (multiadapter or
DECnet-Plus system) and with the password HOMETOWN.
|
|
2.1\HOMETOWN\R
|
The Data Analyzer has read access to the node when run from a node with
DECnet for OpenVMS Phase IV address 2.1 and the password HOMETOWN.
|
|
*\HOMETOWN\R
|
Any Data Analyzer with the password HOMETOWN has read access to the
node.
|
6.6.3 Changing a Password on a Windows NT Data Collector
To change the Data Collector password in the Registry, follow these
steps:
- Click the Windows NT Start button. First click
Programs and then Command Prompt.
- Type
regedit
after the angle prompt (>).
The system displays a screen for the
Registry Editor, with a list of entries under My Computer.
- On the list displayed, click HKEY_LOCAL_MACHINE .
- Click SYSTEM.
- Click CurrentControlSet.
- Click Services.
- Click damdrvr.
- Click Parameters.
- Double-click Read Password. Then type a new
8-character alphanumeric password, and click OK to
make the change.
- To store the new password, click Exit under File
on the main menu bar.
- On the Control Panel, click Services and then
Stop for "PerfServ."
- Again on the Control Panel, click Devices and then
Stop for "damdrvr."
- First restart damdrvr under "Devices"
and then restart PerfServ under "Services."
This step completes the change of your Data Collector password.
|
