CA Client Automation - 14.0

PDF
English

Tenancy Collection

Contents
cla140
Contents
Tenancy lets you manage the asset information collected from various sources within the same MDB. The collected asset information is imported into the MDB in such a way that the tenancy membership of the asset is maintained and managed within the same MDB.
CA Client Automation
 is not multi-tenant capable.
CA Client Automation
, however, can collect external inventory files and store any tenant information which can be used by other multi-tenant capable CA Products.
Asset Collector uses the collection folders to receive inventory files. You can configure the collection folders to associate tenants with individual collection folders.
The tenancies are defined in the 
ca_tenant
 MDB table. Defining a tenancy on a collection folder lets the engine populate a new column named 
tenant_id
 on the 
ca_asset 
table in the MDB. The column 
tenant_number
 from the ca_tenant table is used to configure the Asset Collector.
CA Client Automation
 cannot populate the ca_tenant table, although other CA products such as CA SDM or CA IT Asset Manager can populate it. So, when you define tenants with CA SDM or some other CA product, specify a tenancy number for each tenant. Asset Collector uses this tenancy number to differentiate between tenants.
Enable the Database for Tenancy Collection
By default, the
CA Client Automation
 database is not configured to perform tenancy collection. You must enable a number of database triggers for the MDB to maintain the tenancy columns in the database.
Execute the following statement to enable the triggers:
For Oracle database:
 
execute sp_enableTenantTriggers(1);
commit;
You must execute the command as
mdbadmin
 and not the ca_itrm user on Oracle.
For Microsoft SQL Server database:
 
exec sp_enableTenantTriggers 1
You must execute the command in the MDB namespace.
 
You can change your session to MDB namespace by executing the following command:
use mdb;
Configure Tenancy Collection
You can manage the asset information collected from various sources within the same MDB by configuring the Asset Collector configuration folders.
You can configure the Asset Collector configuration folders by specifying:
  • Tenancy for each collection folder
  • Collection folders without specifying tenants
  • Multiple collection folders for a single tenant
You cannot configure one collection folder for multiple tenants.
To configure collection folders for tenancy collection
  1. Open DSM Explorer, navigate to the Control Panel, Configuration, Configuration Policy node.
  2. Right-click a sealed policy and select Un-Seal.
    The policy is unsealed.
  3. Expand the unsealed policy, and navigate to DSM, Scalability Server, Asset Collector.
    The Asset Collector policies appear on the Asset Collector pane.
  4. Double-click Collection Folders.
    The Modify Setting dialog appears.
  5. For each row, define a collection folder and click OK.
    The tenancy number column is optional. A value specified in this column has to match with an entry in the ca_tenancy column of the ca_tenancy table in the MDB.
  6. Right-click the policy node and select Seal from the menu.
    The policy is sealed.
  7. Drag-and-drop the policy onto the Scalability Server in the All Computers folder.
    The policy is applied to the Scalability Server.
Rules for Processing Inventory Files
You can specify rules for processing the inventory files collected from multiple tenants. The rules can be based on one of the two attributes (trust level and collection time) of the inventory files.
There are two modes of operation:
  • Trust Enabled Mode (TRUE)
    Processes the inventory file based on the trust level.
    An inventory file with trust level equal to or greater than the trust level of the previous inventory file propagates to the Scalability Server.
  • Trust Disabled Mode (FALSE)
    Processes the inventory file based on the collect time.
    An inventory file with collect time higher than the collect time of the previous inventory file propagates to the Scalability Server.
To prevent resubmission of inventory records taken on the same day, define the s
ame day window
 configuration in seconds so that any inventory file having a collection time within the same day window is not processed.
If you set the same day window to zero, the check is not performed, and all inventories with a subsequent collection time are processed.
If you do not want to define processing rules for every tenant, you can define default-processing rules for the following configurations:
  • Every tenant that does not have any rule configured
  • Inventory files without a tenancy number in the collection folder
Configure Rules for Processing Inventory Files
You can specify rules for processing the inventory files collected from multiple tenants. To accept or reject an inventory file, configure rules based on trust level or collection time.
To configure rules for processing inventory files
  1. Open DSM Explorer, navigate to the Control Panel, Configuration, Configuration Policy node.
  2. Right-click a sealed policy and select Un-Seal.
    The policy is unsealed.
  3. Expand the unsealed policy, and navigate to DSM, Scalability Server, Asset Collector.
    The Asset Collector policies appear on the Asset Collector pane.
  4. Double-click Processing Rules.
    The Modify Setting dialog appears.
  5. Complete the fields in the dialog. 
    The following fields are not self-explanatory: 
    • Tenant Number
      Specifies the tenant number. 
      The tenant number here must match a tenant number defined in the collection folders table, and hence the tenant_number column of the ca_tenant table.
    • Trust Mode
      Specifies if trust mode or collection time is used to process the inventory files. Set the value to TRUE to use trust level or FALSE to use collection time to process the inventory files.
    • Same Day Window
      Specifies the collection time window in seconds. Any inventory file that has a collection time within the same day window is not processed. 
      To disable same day window, set the value to zero.
      You must define only one set of processing rules for each tenant.
    Click OK.
  6. Right-click the policy node and select Seal from the menu.
    The policy is sealed.
  7. Drag-and-drop the policy onto the Scalability Server in the All Computers folder.
    The policy is applied to the Scalability Server.
If you do not want to define processing rules for each tenant, or if you have configuration folders without a tenant number, define the following processing rules in the Asset Collector configuration section:
  • Processing Rules: Default Trust Mode
  • Processing Rules: Default Same Day Window
Defining the default rules results in the same behavior as the tenant processing rules, but are applied when the tenant specified does not have a rule defined, or the asset submitted does not have a tenant associated.
Map Origin to Trust Level
Using the Origin to Trust level mapping, you can define a trust level for an asset from a particular origin. Defining a trust level is useful when you are collecting inventory information from multiple origins. The mapping is used when the collected asset file does not have a trust level defined.
To configure origin to trust level mapping
  1. Open DSM Explorer, navigate to the Control Panel, Configuration, Configuration Policy node.
  2. Right-click a sealed policy and select Un-Seal.
    The policy is unsealed.
  3. Expand the unsealed policy, and navigate to DSM, Scalability Server, Asset Collector.
    The Asset Collector policies appear on the Asset Collector pane.
  4. Double-click Origin to Trust Mapping.
    The Modify Setting dialog appears.
  5. For each origin, define a trust level.
    Do not define multiple trust levels for the same origin. However, you can use the same trust level for multiple origins.
    Click OK.
  6. Right-click the policy node and select Seal from the menu.
    The policy is sealed.
  7. Drag-and-drop the policy onto the Scalability Server in the All Computers folder.
    The policy is applied to the Scalability Server.
Configure Tenant Number
You can specify a tenant number if you have other CA products like CA SDM which require tenant classification for a
CA Client Automation
 agent. You can associate a tenant with a
CA Client Automation
 Agent by specifying a 
tenant number
 in the configuration policy of the Scalability Server.
A Scalability Server can support only a single tenant. If you want to collect agents for different tenants, you must use a different Scalability Server for each tenant.
The tenant number is defined in the ca_tenant table by CA SDM or CA IT Asset Manager.
You must configure the tenant number that will be used for assets that are registered through a Scalability Server and is applied only when tenant number is not provided by the Asset Collector.
To configure a tenant number on the Scalability Server
  1. Open DSM Explorer, navigate to the Control Panel, Configuration, Configuration Policy node.
  2. Right-click a sealed policy and select Un-Seal.
    The policy is unsealed.
  3. Expand the unsealed policy, and navigate to DSM, Scalability Server, Common Server.
    The Common Server policies appear on the Common Server pane.
  4. Double-click Tenant Number.
    The Setting Properties dialog appears.
  5. Enter a tenant number and click OK.
    The tenant number that is applied must match a tenant number in the ca_tenant table.
  6. Right-click the policy node and select Seal from the menu.
    The policy is sealed.
  7. Drag-and-drop the policy onto the Scalability Server in the All Computers folder.
    The policy is applied to the Scalability Server.
Reject Inventory Files Having a Future Collect Time
You can configure the Asset Collector to accept only the inventory files that have a valid time stamp in the 
xml inventory unsigned files
 
(.xiu)
, and reject inventory files that have a collect time in the future. You can configure same day tolerance to define 
future date
 to assist processing of inventory files from different time zones.
To configure rejection of inventory files having a future collect time
  1. Open DSM Explorer, navigate to the Control Panel, Configuration, Configuration Policy node.
  2. Right-click a sealed policy and select Un-Seal.
    The policy is unsealed.
  3. Expand the unsealed policy, and navigate to DSM, Scalability Server, Asset Collector.
    The Asset Collector policies appear on the Asset Collector pane.
  4. Modify the following configuration parameters:
    • Collect Time: Allow inventory without a collect time
      Specifies whether inventory files without a collect time are allowed.
      Set the value to TRUE to allow inventory files without a collect time in the xml.
    • Collect Time: Future Date Tolerance
      Defines the tolerance in seconds that is applied to the current time to define a future date. 
      Any inventory file having a collect time in the future will be checked against the future data.
    • Collect Time: Reject Future Files
      Specifies whether to reject inventory files with collection time exceeding future date. 
      Set the value to TRUE to reject files that have collection time beyond the future date tolerance.
  5. Right-click the policy node and select Seal from the menu.
    The policy is sealed.
  6. Drag-and-drop the policy onto the Scalability Server in the All Computers folder.
    The policy is applied to the Scalability Server.
Configure Post-Processing Actions
When the Asset Collector processes inventory files, the following results are possible:
  • Inventory file is accepted
  • Inventory file is rejected
  • Inventory file contains an error
Asset Collector lets you define post-processing actions on above events.
If the inventory file is rejected or it contains an error, you can configure Asset Collector to delete the file, copy the file to the output folder, or rename the file with a .error extension.
If the inventory file is accepted, you can configure Asset Collector to delete the file or copy the file to the output folder.
To configure post processing actions
  1. Open DSM Explorer, navigate to the Control Panel, Configuration, Configuration Policy node.
  2. Right-click a sealed policy and select Un-Seal.
    The policy is unsealed.
  3. Expand the unsealed policy, and navigate to DSM, Scalability Server, Asset Collector.
    The Asset Collector policies appear on the Asset Collector pane.
  4. Modify the following configuration parameters:
    • Inventory File Rejected
      Specifies the action on the rejected inventory file. 
      Set the value of the parameter to 0, 1, or 2 to delete the file, move the file to the output folder, or rename the file with a .error extension respectively.
    • Inventory File Processed
      Specifies the action on the processed inventory file.
      Set the value of the parameter to 0 or 1 to delete the file, or to move the file to the output folder respectively.
    • Inventory File Error
      Specifies the action on the inventory file that contains an error.
      Set the value of the parameter to 0, 1, or 2 to delete the file, move the file to the output folder, or rename the file with a .error extension respectively.
  5. Right-click the policy node and select Seal from the menu.
    The policy is sealed.
  6. Drag-and-drop the policy onto the Scalability Server in the All Computers folder.
     The policy is applied to the Scalability Server.
Configure Asset Collector MDB Audits
You can generate audit information in the MDB for enhanced traceability and reporting.
You can configure the Asset Collector to generate audit records. These records are written into the 
CA_AC_AUDIT_LOG
 table in the MDB.
Configure Asset Collector Auditing
Asset Collector maintains an internal cache of audit events and sends them to the Scalability Server when certain thresholds in terms of size or age are reached.
You can customize the threshold values to match your environment.
To configure Asset Collector auditing
  1. Open DSM Explorer, navigate to the Control Panel, Configuration, Configuration Policy node.
  2. Right-click a sealed policy and select Un-Seal.
    The policy is unsealed.
  3. Expand the unsealed policy.
    The policy expands.
  4. Navigate to DSM, Scalability Server, Asset Collector.
    The Asset Collector policies appear on the Asset Collector pane.
  5. Modify the following configuration parameters to match your environment:
    • Audit Log: Max Age
      Defines the maximum age in seconds that the audit log queue must reach before it sends the audit log to the Scalability Server for inclusion in the MDB.
    • Audit Log: Wait Period
      Defines the polling period in seconds. The polling period is used to check the audit log queue and age by the audit component.
    • Audit Log: Max Queue Size
      Defines the maximum number of items allowed in the audit log queue before it is sent to the Scalability Server for inclusion in the MDB.
  6. Right-click the policy node and select Seal from the menu.
    The policy is sealed.
  7. Drag-and-drop the policy onto the Scalability Server in the All Computers folder.
    The policy is applied to the Scalability Server.
Configure Asset Collector Auditing Events
You can configure the events that generate an audit record from the configuration section of the Asset Collector.
To configure Asset Collector auditing events
  1. Open DSM Explorer, navigate to the Control Panel, Configuration, Configuration Policy node.
  2. Right-click a sealed policy and select Un-Seal.
    The policy is unsealed.
  3. Expand the unsealed policy.
    The policy expands.
  4. Navigate to DSM, Scalability Server, Asset Collector, Events.
    The configurable audit events appear.
  5. Configure the audit events to match your requirement as follows:
    • Audit Accepted Assets
      Specifies if an audit record is created for each successfully processed inventory file.
    • Audit Reject Collect Time Future Time
      Specifies if an audit record is created when an inventory file is rejected because the collect time specified in the file appears to be a time in the future.
    • Audit Reject Collect Time Older
      Specifies if an audit record is created when an inventory file is rejected because the collect time in the inventory file is older than a previous submission for the same asset.
    • Audit Reject Collect Time Same Day
      Specifies if an audit record is created when an inventory file is rejected because its collection time falls within the same day window of a previously processed asset.
    • Audit Reject Missing Values
      Specifies if an audit record is created when an inventory file is rejected because a key value in the file is missing.
  6. Right-click the policy node and select Seal from the menu.
    The policy is sealed.
  7. Drag-and-drop the policy onto the Scalability Server in the All Computers folder.
    The policy is applied to the Scalability Server.
Asset Collector Collection Audit Table
The Asset Collector collection audit items are written to the CA_AC_AUDIT_LOG table. This table has the following columns:
Name
Description
Asset Name
Defines the host name of the asset.
MAC Address
Defines the MAC address if available.
Scalability Server
Defines the Scalability Server that the Asset Collector reports to.
Origin
Defines the origin of the asset.
Tenant Number
Specifies the tenant identifier of the asset.
State
Specifies if the asset is accepted (0) or rejected (1).
Event Code
Specifies the Event Code for asset rejection.
Details
Indicates the reason for asset rejection.
The Event Code column of the CA_AC_AUDIT_LOG table shows the following possible event codes:
Event Code
Reason
Description
0
Not applicable
Specifies that the asset is accepted. The value is set to zero for asset accepted events.
1
Older collection time
Specifies that the asset is rejected because of a lower collection time than the last accepted inventory file for the same asset.
2
Lower trust level
Specifies that the asset is rejected because of a lower trust level than the last accepted inventory file for the same asset having trust mode enabled.
3
Same day as last submission
Specifies that the asset is rejected because its collection time falls within the same day tolerance of the last accepted inventory file for the same asset.
4
Future collect time
Specifies that the asset is rejected because its collection time represents a time in the future.
5
Missing values
Specifies that the asset is rejected because some key data fields are missing.
Audit Table Management
You can manage the size of the CA_AC_AUDIT_LOG table by purging the old records. You can purge old records by configuring values in the configuration section of Asset Collector.
To configure purging of old records
  1. Open DSM Explorer, navigate to the Control Panel, Configuration, Configuration Policy node.
  2. Right-click a sealed policy and select Un-Seal.
    The policy is unsealed.
  3. Expand the unsealed policy, and navigate to DSM, Scalability Server, Asset Collector.
    The Asset Collector policies appear on the Asset Collector pane.
  4. Modify the following parameters:
    • Audit Purge Interval
      Specifies the time in days before the audit records are purged.
      To prevent purging, set the value to zero.
    • Audit Purge Max Age
      Specifies the age in days, after which the audit records are purged.
  5. Right-click the policy node and select Seal from the menu.
    The policy is sealed.
  6. Drag-and-drop the policy onto the domain manager in the All Computers folder.
    The policy is applied to the domain manager.