The new monitoring of CzechIdM system

From the moment that you could read the article about tools for monitoring our Identity Management CzechIdM, had passed quite a few months and now we made a progress. In the new version CzechIdM, which is being tested and will soon be presented to the public, there is active monitoring and sophisticated environment offers many opportunities for administrators and most simple configuration.  Let’s look what we can in the new version CzechIdM monitored and how monitoring customize to your liking.

 

Diagram of solutionsdiagram_en

The Admin interface

In the administration interface CzechIdM there is a new tab in the main menu called “Status Page”.

synchronization_attribute_mapping3

 

If you click on it, Czech IdM starts a set of tests and displays a table with the results.

synchronization_attribute_mapping4

Each line corresponds to one test:

Administrator therefore just one click and he knows what is OK and what isn’t. CzechIdM runs required set of controls and displays the results in a table.

Configuration

Scope of of tests and their parameters can be set according to your wishes in the configuration file BCV_IdM-ear.ear/BCV_IdM-ejb.jar/META-INF/idm_configuration.properties. Tests have five parameters, their names all begin with the prefix “status_”:

All times are given in milliseconds.

Example configuration:

status_resources=Active Directory:10000;Docházky:5000;MySQL:5000
status_users=novakj:5000;pokornyp:6000
status_synchronizations=MySQL:3600000;Active Directory:900000
status_recons=MySQL:36000000
status_custom_rules=myRule1:10000:OK;myRule2:10000:SUCCESS

The above configuration ensures that every time you start the tests will be checked connection systems “Active Directory”, “Docházky” and “MySQL”, the success will be considered if the test for “Active Directory” ends correctly within 10 seconds, other two systems ends correctly within 5 seconds.

Plugin for Nagios

In the screenshot at the introduction you saw a table in the admin interface. For machine processing is more suited its text CSV format. It can be downloaded from the running CzechIdM from address /idm/admin/status/showcsv.seam. For regular monitoring you can use a script checkIdMStatus.sh that comes along with the new version. Before you run it, open it for editing and set the variables at the beginning of the script according to their own use, especially login name and password. If you set run of script in cron or if you use it as part of the monitoring system Nagios, it arrives you reporting on failed test by e-mail (please check that you correctly functioning command “mail” from the shell and you do not have very strict firewall for sending mails). Please make sure to limit the rights for the script, it contains the login name and password.

Conclusion

CzechIdM provides for administrators a new way of active monitoring. A specific set of tests may vary on individual deployments, the administrator it can easily customize the configuration file idm_configuration.properties without having to restart the application server running CzechIdM. Along with CzechIdM is also supplied control script that can serve as a plugin for Nagios. If you need help or would like some upgrades to the next version, email me at jan.effenberger@bcvsolutions.eu.

Líbí se mi to:

Další témata