The new monitoring of CzechIdM system
From the moment that you could read the article about tools for monitoring our Identity Management CzechIdM, had passed quite a few months and now we made a progress. In the new version CzechIdM, which is being tested and will soon be presented to the public, there is active monitoring and sophisticated environment offers many opportunities for administrators and most simple configuration. Let’s look what we can in the new version CzechIdM monitored and how monitoring customize to your liking.
Diagram of solutions
The Admin interface
In the administration interface CzechIdM there is a new tab in the main menu called “Status Page”.
If you click on it, Czech IdM starts a set of tests and displays a table with the results.
Each line corresponds to one test:
- The column “Type” describes the type of test, ie the information if the connection has been tested on any of the connected systems, regular starts of synchronization, functionality of a particular user or your own code.
- In the “Target” is the name of the test subject, in case of test connection with the connected system, is there name of the system.
- “Result” contains key information on how things turn out, whether successfully or not.
- ” Time elapsed” means the time required by the test. In milliseconds.
- “Message” may contain additional information. When you find that any of the tests fared badly, here you can begin to investigate why.
Administrator therefore just one click and he knows what is OK and what isn’t. CzechIdM runs required set of controls and displays the results in a table.
Configuration
Scope of of tests and their parameters can be set according to your wishes in the configuration file BCV_IdM-ear.ear/BCV_IdM-ejb.jar/META-INF/idm_configuration.properties. Tests have five parameters, their names all begin with the prefix “status_”:
- status_resources – List of connected systems, which is to be monitored connection with CzechIdM. Delimiter in the list is a semicolon, for each system you can define a time limit for the test, per colon. Use the special string “__ALL__” instead of the name of the system can determine that are to be tested all of the associated systems.
- status_users – list of users to which the operation is “checkout-checkin”, the updating of information in CzechIdM from the source systems and the inclusion of this information in connected systems. Again, you can specify multiple users by separating them with a semicolon, again, you can set a time limit for each user.
- status_synchronizations – list of connected systems, which should be checked for regularly starting synchronization. With each system name there is the maximum interval between synchronization runs separated by coma, different systems are separated by a semicolon.
- status_recons – similar to status_synchronizations, instead of synchronizing is checked regularly starting reconciliations
- status_custom_rules – tests tailored for advanced users. Can you provide a list of rules to be launched, along with every timeout and expected (error less) result.
All times are given in milliseconds.
Example configuration:
status_resources=Active Directory:10000;Docházky:5000;MySQL:5000 status_users=novakj:5000;pokornyp:6000 status_synchronizations=MySQL:3600000;Active Directory:900000 status_recons=MySQL:36000000 status_custom_rules=myRule1:10000:OK;myRule2:10000:SUCCESS
The above configuration ensures that every time you start the tests will be checked connection systems “Active Directory”, “Docházky” and “MySQL”, the success will be considered if the test for “Active Directory” ends correctly within 10 seconds, other two systems ends correctly within 5 seconds.
Plugin for Nagios
In the screenshot at the introduction you saw a table in the admin interface. For machine processing is more suited its text CSV format. It can be downloaded from the running CzechIdM from address /idm/admin/status/showcsv.seam. For regular monitoring you can use a script checkIdMStatus.sh that comes along with the new version. Before you run it, open it for editing and set the variables at the beginning of the script according to their own use, especially login name and password. If you set run of script in cron or if you use it as part of the monitoring system Nagios, it arrives you reporting on failed test by e-mail (please check that you correctly functioning command “mail” from the shell and you do not have very strict firewall for sending mails). Please make sure to limit the rights for the script, it contains the login name and password.
Conclusion
CzechIdM provides for administrators a new way of active monitoring. A specific set of tests may vary on individual deployments, the administrator it can easily customize the configuration file idm_configuration.properties without having to restart the application server running CzechIdM. Along with CzechIdM is also supplied control script that can serve as a plugin for Nagios. If you need help or would like some upgrades to the next version, email me at jan.effenberger@bcvsolutions.eu.
