Staging Integration Service host deployment and policy management for development, test, and production best practices

A staging Integration Service supports a smoother process for deploying PATROL Agents into Infrastructure Management environments in three major ways:

• It eliminates the need to manage thedecisionand assignment of PATROL Agents to production Integration Services that are separate from the deployment process. (This assumes an environment that includes multiple production Integration Service instances.) When you leverage a staging Integration Service, this decision and the assignment are automated as part of the deployment process. 
• It supports a smoother process for managing policies across development, QA, test, and production environments.
• It reduces the number of PATROL silent installation packages that have to be created and maintained.

PATROL Agent silent installation packages are created so that the staging Integration Service is defined in the package. No other Integration Service is defined in the installation packages. Although technically possible, BMC recommends as a best practice that other Integration Service instances not be defined in the installation packages. When a package is deployed and installed, the PATROL Agent checks in through the staging Integration Service. When the PATROL Agent checks in, the Presentation Server evaluates the agent selection criteria in a staging policy and uses that data to automatically assign a data collection Integration Service (or Integration Service cluster) to the PATROL Agent. The agent selection criteria can include any one or a combination of the following:

• Tag defined in the agent configuration
• Host name that the agent is running on
• Operating System that the agent is running on
• IP address or IP address range that the agent is running on
• Agent port
• Agent version
• Integration Service that the agent is already assigned to (assuming it is already assigned)
• Infrastructure Management Server that the agent is already assigned to (in this case it is through a staging Integration Service)

Integration Service policies are the only Infrastructure Management policies that are applied through a staging Integration Service. Monitoring policies are not applied through a staging Integration Service. Additionally, staging Integration Service policies are only appliedthrough a staging Integration Service instance. 

The architecture of network connections (communication protocol, ports, and so on) among the staging Integration Service, PATROL Agents, and the Infrastructure Management Server is technically the same as with other Integration Service instances.

The diagrams in the following steps illustrate the process of utilizing a staging Integration Service:

• Step 1 - Initial agent deployment
• Step 2 - Applying the Integration Service policy
• Step 3 - Production monitoring

Step 1 - Initial agent deployment

The following diagram illustrates three different Integration Service nodes and how they are used:

Roles of the Integration Services

The purpose of each Integration Service is as follows:

• The staging Integration Service is used strictly for introducing new agents to the Infrastructure Management Server. (An Integration Service has to be configured to work as a staging Integration Service.)

  Note

  The Integration Service running on an Infrastructure Management Server cannot be configured as a staging Integration Service.

• The general Integration Service is used to collect data from various PATROL Agent deployments that are installed locally on the managed nodes. The term “general” is a description of how the Integration Service is used and does not denote a configuration.
• The domain Integration Service is used to collect data from PATROL Agents that provide large volumes of data from a single source; for example, VMware vCenter, PATROL Remote Operating System Monitoring, NetApp, and so on. The term domain is a description of how the Integration Service is used and does not denote a configuration.

How does the PATROL Agent introduction process work?

A newly deployed PATROL Agent silent installation package is installed as shown in the preceding diagram. The installation package for the PATROL Agent contains configuration data that informs PATROL Agent on how to connect to the staging Integration Service. When the new Agent starts for the first time, it registers with the Presentation Server through the staging Integration Service. Presentation Server then applies a staging policy to the agent based on agent selection criteria in the policy. Agent selection criteria define the agents that the policy must be applied to. The staging policy only contains agent selection criteria and information that defines connectivity for a data collection Integration Service node (or Integration Service cluster). No other agent or KM configuration data can be defined in a staging policy.

Step 2 - Applying the Integration Service policy

After receiving the staging policy, the newly deployed PATROL Agent switches to the data collection Integration Service node (or Integration Service cluster) defined in the staging policy.  (The switch is represented by the blue arrow in the diagram.) The agent then receives monitoringpolicesthat match each monitoring policy’s agent selection criteria.

Step 3 - Production monitoring

The PATROL Agent starts monitoring and continues to receive any updates to existing monitoring policies and new monitoring policies that match the monitoring policy’s agent selection criteria.

A single staging Integration Service and a single Presentation Server instance can be used to support multiple Infrastructure Management Servers. The following diagram illustrates how this is designed for Infrastructure Management development, test, production environments.

Multiple Infrastructure Management Server deployment with a staging Integration Service host

All policies include agent selection criteria that allow you to completely control the policies that are applied to any and all PATROL Agents across the entire environment spanning development, test, and production. This allows you to install a single Presentation Server instance for the entireenvironment,and eliminates the need to recreate policies in production after they have been created indevelopmentand tested.

Staging policy configuration to support development, test, and production

You define and edit one or more of the following agent assignment configurations in a policy so it can support multiple Infrastructure Management Servers:

• Infrastructure Management Server that the agent is assigned to (this is a best practice)
• Integration Service that the agent is assigned to
• A “tag” defined in the agent configuration
• Host name that the agent is running on
• IP address that the agent is running on

The easiest method is to include the appropriate Infrastructure Management Servers in the agent selection criteria at the proper time for the policy as shown in the following figure:

Simply add the test and production Infrastructure Management Servers to the policy agent selection criteria when you are ready to apply the policy to those environments. This simplifies the process of moving configuration from QA to test, and finally to production. It also ensures that a policy is not applied to any agents in production until it has been tested and validated. 

Example policy configuration for development, test, and production

The following outlines the process shown in the preceding illustration.

Part 1 – Only the Infrastructure Management Server named “BPPMRHEL62-HM-QA” is included in the agent selection criteria when the policy is first created.

Part 2 – The Infrastructure Management Server named “BPPMRHEL62-HM-TEST” is added to the agent selection criteria with an OR after the policy has been validated in the QA environment.

Part 3 – The Infrastructure Management Server named “BPPMRHEL62-HM-PROD” is added to the agent selection criteria with an OR after the policy has been tested and validated in the BPPMRHEL62-HM-TEST environment and is ready to be applied in the production environment.

Leveraging tags and precedence in policies

Policy tags can be used to further control to which PATROL Agents policies are applied. Tags must be used to provide a second level of protection to prevent policies still in development or test from being applied to production accidentally. Leveraging tags this requires you to not only add the appropriate Infrastructure Management Server to the policy selectioncriteria,but also add the appropriate tag. This helps prevent accidentally picking the production Infrastructure Management Server and saving the policy. Additionally, tags can be used to provide greater granularity for policy assignment when the other agent selection criteriaisnot enough.

BMC recommends leveraging precedence in policies so that production policies have the highest precedence and are not superseded by development or test policies. If you follow this recommendation, you will also have to adjust the policy precedence when you want to move it from development totest,and finally from test to production.

For information about PATROL Agent tagging methods, see Creating and editing component installation packages . 

You must use the policy export/import utility to move policies between environments that have multiple Presentation Server instances. The following diagram illustrates how this is designed in the Infrastructure Management Server development, test, and production environments.

In a multiple Presentation Serverdeployment, you do not have to specify Infrastructure Management Servers in the agent selection criteria in the development and test environments. This is not needed because the environments are completely separated and do not share a common Presentation Server instance with the production environment.