Staging Integration Service host deployment and policy management for development, test, and production best practices
The staging Integration Service provides a single point in the environment where all newly deployed PATROL Agents can register into the solution stack. The following topics describe how the staging Integration Service functions and best practices for deployment and configuration of a staging Integration Service.
Staging Integration Service functions
A staging Integration Service supports a smoother process for deploying PATROL Agents into TrueSight Infrastructure Management environments in three major ways:
- It eliminates the need to manage the decision and assignment of PATROL Agents to production Integration Services that are separate from the deployment process. (This assumes an environment that includes multiple production Integration Service instances.) When you leverage a staging Integration Service, this decision and the assignment are automated as part of the deployment process.
- It supports a smoother process for managing policies across development, QA, test, and production environments.
- It reduces the number of PATROL silent installation packages that have to be created and maintained.
PATROL Agentsilent installation packages are created so that the staging Integration Service is defined in the package. No other Integration Service is defined in the installation packages. Although technically possible, BMC recommends as a best practice that other Integration Service instances not be defined in the installation packages. When a package is deployed and installed, the PATROL Agent checks in through the staging Integration Service. When the PATROL Agent checks in, the TrueSight Presentation Server evaluates thein a staging policy and uses that data to automatically assign a data collection Integration Service (or Integration Service cluster) to the PATROL Agent. The agent selection criteria can include any one or a combination of the following:
- Tag defined in the agent configuration
- Host name that the agent is running on
- Operating System that the agent is running on
- IP address or IP address range that the agent is running on
- Agent port
- Agent version
- Integration Service that the agent is already assigned to (assuming it is already assigned)
- TrueSight Infrastructure Management Server that the agent is already assigned to (in this case it is through a staging Integration Service)
Integration Service policies are the only TrueSight Infrastructure Management policies that are applied through a staging Integration Service. Monitoring policies are not applied through a staging Integration Service. Additionally, staging Integration Service policies are only applied through a staging Integration Service instance.
The architecture of network connections (communication protocol, ports, and so on) among the staging Integration Service, PATROL Agents, and the TrueSight Infrastructure Management Server is technically the same as with other Integration Service instances.
Staging process for PATROL Agents
The diagrams in the following steps illustrate the process of utilizing a staging Integration Service:
- Step 1 - Initial agent deployment
- Step 2 - Applying the Integration Service policy
- Step 3 - Production monitoring
Step 1 - Initial agent deployment
The following diagram illustrates three different Integration Service nodes and how they are used:
Roles of the Integration Services
The purpose of each Integration Service is as follows:
The staging Integration Service is used strictly for introducing new agents to the TrueSight Infrastructure Management Server. (An Integration Service has to be .)
The Integration Service running on an TrueSight Infrastructure Management Server cannot be configured as a staging Integration Service.
- The general Integration Service is used to collect data from various PATROL Agent deployments that are installed locally on the managed nodes. The term “general” is a description of how the Integration Service is used and does not denote a configuration.
- The domain Integration Service is used to collect data from PATROL Agents that provide large volumes of data from a single source; for example, VMware vCenter, PATROL Remote Operating System Monitoring, NetApp, and so on. The term domain is a description of how the Integration Service is used and does not denote a configuration.
How does the PATROL Agent introduction process work?
A newly deployed PATROL Agent silent installation package is installed as shown in the preceding diagram. The installation package for the PATROL Agent contains configuration data that informs PATROL Agent on how to connect to the staging Integration Service. When the new PATROL Agent starts for the first time, it registers with the TrueSight Presentation Server through the staging Integration Service. TrueSight Presentation Server then applies a staging policy to the agent based onin the policy. Agent selection criteria define the agents that the policy must be applied to. The staging policy only contains agent selection criteria and information that defines connectivity for a data collection Integration Service node (or Integration Service cluster). No other agent or KM configuration data can be defined in a staging policy.
Step 2 - Applying the Integration Service policy
After receiving the staging policy, the newly deployed PATROL Agent switches to the data collection Integration Service node (or Integration Service cluster) defined in the staging policy. (The switch is represented by the blue arrow in the diagram.) The agent then receives monitoring polices that match each monitoring policy’s agent selection criteria.
Step 3 - Production monitoring
The PATROL Agent starts monitoring and continues to receive any updates to existing monitoring policies and new monitoring policies that match the monitoring policy’s agent selection criteria.
Agents do not move from development to test, and then to production. All agents must first check in with the appropriate staging Integration Service, and then move to their data collection Integration Service. This supports the concept of creating installation packages for development and test only, separate from production.
Staging policy configuration for multiple servers with a singleTrueSight Presentation Server
A single staging Integration Service and a single TrueSight Presentation Server instance can be used to support multiple Infrastructure Management Servers. The following diagram illustrates how this is designed for TrueSight Infrastructure Management development, test, production environments.
Multiple TrueSight Infrastructure Management Server deployment with a staging Integration Service host
All policies include agent selection criteria that allow you to completely control the policies that are applied to any and all PATROL Agents across the entire environment spanning development, test, and production. This allows you to install a single TrueSight Presentation Server instance for the entire environment, and eliminates the need to recreate policies in production after they have been created in development and tested.
Staging policy configuration to support development, test, and production
You define and edit one or more of the following agent assignment configurations in a policy so it can support multiple TrueSight Infrastructure Management Servers:
- TrueSight Infrastructure Management Server that the agent is assigned to (this is a best practice)
- Integration Service that the agent is assigned to
- A “tag” defined in the agent configuration
- Host name that the agent is running on
- IP address that the agent is running on
The easiest method is to include the appropriate TrueSight Infrastructure Management Servers in the agent selection criteria at the proper time for the policy as shown in the following figure:
Simply add the test and production TrueSight Infrastructure Management Servers to the policy agent selection criteria when you are ready to apply the policy to those environments. This simplifies the process of moving configuration from QA to test, and finally to production. It also ensures that a policy is not applied to any agents in production until it has been tested and validated.
- It is extremely important that this process be managed carefully. Utilizing TrueSight Infrastructure Management Servers in the agent selection criteria is powerful and has far-reaching, global implications. If you add a production TrueSight Infrastructure Management Server to the agent selection criteria for a policy by mistake, the policy might be unintentionally applied to hundreds or thousands of agents in production.
At least one TrueSight Infrastructure Management Server must be included in the agent selection criteria to enable you to control to which TrueSight Infrastructure Management environments the policy is applied. If you do not include at least one TrueSight Infrastructure Management Server, the policy is applied to all agents, across all TrueSight Infrastructure Management Servers that match the agent selection criteria of the policy. Additionally, multiple TrueSight Infrastructure Management Server values must be grouped () and related with a boolean “OR” as in the preceding screen shot. If you use a boolean “AND” to relate the agent selection criterion, the policy is not applied because an agent cannot register with multiple TrueSight Infrastructure Management Servers.
The policy’s agent selection criteria updates and deletes existing policies on all PATROL Agents that match the criteria. Consequently, it is not possible to test policy edits that currently apply to production without impacting production using the process outlined in the example. Separate policies must be created to test edits in the development and test environments by using the export/import utility.
Leveraging tags and precedence in policies
Policy tags can be used to further control to which PATROL Agentss policies are applied. Tags must be used to provide a second level of protection to prevent policies still in development or test from being applied to production accidentally. Leveraging tags this requires you to not only add the appropriate TrueSight Infrastructure Management Server to the policy selection criteria, but also add the appropriate tag. This helps prevent accidentally picking the production TrueSight Infrastructure Management Server and saving the policy. Additionally, tags can be used to provide greater granularity for policy assignment when the other agent selection criteria is not enough.
BMC recommends leveraging precedence in policies so that production policies have the highest precedence and are not superseded by development or test policies. If you follow this recommendation, you will also have to adjust the policy precedence when you want to move it from development to test, and finally from test to production.
For information about PATROL Agenttagging methods, see
Staging policy configuration for multiple servers with multipleTrueSight Presentation Serverinstances
You must use the policy export/import utility to move policies between environments that have multiple TrueSight Presentation Server instances. The following diagram illustrates how this is designed in the TrueSight Infrastructure Management Server development, test, and production environments.
In a multiple TrueSight Presentation Server deployment, you do not have to specify TrueSight Infrastructure Management Servers in the agent selection criteria in the development and test environments. This is not needed because the environments are completely separated and do not share a common TrueSight Presentation Server instance with the production environment.
Best practices for deploying the Integration Service with respect to staging and policy management
Integration Service nodes can be connected to any TrueSight Infrastructure Management Server across the environment.
BMC recommends the following best practices for staging Integration Services and TrueSight Presentation Server:
- Set up a single staging Integration Service for each environment; for example, one for development, one for test, and one for production. Or, if you have a single TrueSight Presentation Server instance for all environments, set up a single staging Integration Service for the entire implementation when possible.
- In large environments, designate at least one remote Integration Service node as a staging Integration service node.
- Set up high availability for staging Integration Service nodes. This is especially important in environments where deployment of managed nodes and PATROL Agents is rapid and often; for example, in a cloud services provider environment. Setting up high availability for the staging Integration Services ensures limited or no disruption of the monitoring deployment process.
- Limit the number of staging Integration Service nodes deployed in each environment. Limit this number to one or a single high availability pair per environment if possible. This reduces the number of components that must be maintained. It also eases administration and assignment of monitoring policies across each environment.
- Limit TrueSight Presentation Server to one instance in one TrueSight Infrastructure Management Server (TrueSight Infrastructure Management Server cluster) for each environment where development, QA, test, and production are each separate environments. This helps control the application of policies within the different environments. You can facilitate this by using the export/import capability of policy content and by assigning the appropriate TrueSight Infrastructure Management Server to the agent selection criteria.
- Do not move agents from development to test and then to the production environment. Only configuration policies must be moved among environments.