apm_bridge Configuration

Install the apm_bridge package from the CA UIM archive on the discovery_server hub. Typically, the primary hub. No license is required. Please ensure that the uimapi 9.0.2 or later package is downloaded and deployed on the UMP robot.
uimpga-ga
apmbridge_Conf
Install the apm_bridge package from the CA UIM archive on the discovery_server hub. Typically, the primary hub. No license is required. Please ensure that the uimapi 9.0.2 or later package is downloaded and deployed on the UMP robot.
2
Prerequisites
  1. Ensure that the apm_bridge probe is deployed on the primary hub robot in your CA UIM 9.0.2 or later environment.
  2. Download the uimapi 9.0.2 or later package from the web archive to the hub local archive.
  3. Deploy the uimapi 9.0.2 or later package on the UMP robot in your CA UIM 9.0.2 or later environment.
  4. Verify that DX Operational Intelligence mode is enabled as Use Case for apm_bridge from Raw Config.
    1. In Raw Config, navigate to Setup, Use Case, and verify the following key/value pairs:
    2. scenario = doi
    3. probe_list = probe 1, probe 2 comma-separated (For for example, aws, vmware)
Configuration
Use the probe utility (pu) to configure the apm_bridge.
In the probe utility, follow these steps:
  1. Call the
    configure_uimapi_endpoint
    callback to configure the apm_bridge connection to the CA UIM API. Create or set the following key/value pairs:
    1. host
      - the host server for wasp probe with UMP and UIMAPI deployed.
    2. port
      - the port number used by wasp (with UIM API deployed). Typically, the wasp port is 80.
    3. user
      - specify the CA UIM administrator user name.
    4. password
      - specify the CA UIM administrator password.
  2. Call the
    add_profile
    callback to configure access to the DX Operational Intelligence API for a single tenant. When the proper configuration is provided, the integration becomes active for that tenant.
    1. port
      - Specify the Port number (
      Default: 80, for https connections: 443
      )
      If you are using DX Operational Intelligence - SaaS, the protocol and port are always HTTPS and 443.
      If you are using DX Operational Intelligence on-premise, the protocol and port are dependent on your OpenShift or Kubernetes implementation. The port for the HTTP protocol is 80 and the port for the HTTPS protocol is 443.
    2. host
      - Specify the TAS Service OpenShift route/ Hostname
      • For DX Operational Intelligence On-prem environments:
        • Obtain and enter the NASS URL (apmservices-gateway endpoint)
          • You can obtain the NASS URL as follows:
            • If you are using
              OpenShift
              :
              oc get routes -n<namespace> | egrep apmservices-gateway
            • If you are using
              Kubernetes
              :
              kubectl get ingress -n<namespace> | grep apmservices-gateway
      • For DX Operational Intelligence SaaS environments:
        • For the NASS URL, navigate to DX SaaS -> Settings -> Connection Parameters page
          . Note down the NASS endpoint.
    3. token
      - generate a token to integrate with DX Operational Intelligence.
      • For DX Operational Intelligence On-prem environments:
        • Obtain Agent/Tenant token
          .
          • Generate an Agent token if you have installed DX APM.
          • Generate a Tenant token if you don't have DX APM.
            You must login as MASTERADMIN to the Cluster Management for generating token
      • For DX Operational Intelligence SaaS environments:
        • For the NASS tenant token, navigate to DX SaaS -> Settings -> Connection Parameters page
          . Note down the Ingestion token.
    4. origin
      - specify the CA UIM origin that is dedicated to the tenant. The origin is typically the CA UIM primary hub where the apm_bridge is installed.
      If you wish to send data from the secondary hub through apm_bridge, specify the secondary hub hostname comma separated after the primary hub in the Origin field.
    5. useSSL
      - Set to TRUE to use SSL. Default value is FALSE.
      SSL is enabled by default for cloud installations of DX Operational Intelligence. If SSL is disabled for DX Operational Intelligence in an on-premise installation, for example, set this value to FALSE.
    6. adminConsoleHost
      - Specify the Admin Console host (default protocol: http, default port: 80).
    7. operatorConsoleHost
      - Specify the Operator Console host (default protocol: http, default port: 80).
      To use a custom protocol or port for “adminConsoleHost” or “operatorConsoleHost”, specify as the following.
      Example: https://hostname:8443
You do not need to restart the apm_bridge probe after running the callbacks. The configuration file is automatically read during the next update cycle.
Synchronization Rate
You can modify the frequency (in minutes) in which the data is synchronized from apm_bridge to NextGen TAS, by modifying the value for the
"sync_rate"
key. The default value is 5 (Minutes).
<inventory_service>
sync_rate = 5
</inventory_service>
Config Items
You can enable CI (Config Items) to be published, by adding the publish_config_items key.
Add the
"publish_config_items"
key, if you wish to publish CI data, Devices and folders. If the value for this key is 0, only devices are published.
Deleting a profile
  1. Call the
    delete_profile
    callback to delete the profile. 
Control Callbacks
The
shutdown_and_disable
callback attempts to empty and disable all the queues that are created by the probe, and deactivate the probe. Typically, the probe creates one queue for alarms, one queue for QoS, and one queue for inventory. Use the
shutdown_and_disable
callback if you experience issues.
The
reactivate_queues
callback attempts to activate all the queues that the probe uses. The callback does not create queues. The queues must already exist. If the queues are already active, the callback does nothing. Use the
reactivate_queues
callback to restore service after a call to
shutdown_and_disable.
Access UIMAPI over https protocol
The following steps are needed when the UIMAPI is accessible only over https protocol. Perform these steps on the server on which apm_bridge is deployed.
  1. Download UMP/UIM API Server SSL certificate into a temporary folder {tempfolder} by running the command
    "openssl s_client -connect {UMP/UIMAPI Server}:{SSL Port} < /dev/null | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > public.crt".
    OR
    Access UMP/UIM API url https://{UMP/UIMAPI Server}:{port}/uimapi through browser and save the certificate from site information into a temporary folder {tempfolder}. Sample UIM API URL over SSL: https://<uimserver>/uimapi/docs/index.html
  2. Execute the following command
    "[UIM JRE Path]\bin\keytool" -import -alias umpcert -keystore "[UIM JRE Path]\lib\security\cacerts" -file "C:\tmp\umpcert.cer"
    When prompted for "Enter Keystore Password:" - enter the value "changeit".
    When prompted for "Trust this certificate? " - enter the value "yes".
    Sample:
    "C:\Program Files\Nimsoft\jre\jre8u232b09\bin\keytool" -import -alias umpcert -keystore "C:\Program Files\Nimsoft\jre\jre8u232b09\lib\security\cacerts" -file "C:\tmp\umpcert.cer".
Update default payload size on slower networks
Additional Configuration:
Default chunk size set to 1000 and probe sends every 1000 vertices or edges at once.
You may configure the size using
setup/inventory_service/apmgraph_chunksize
parameter.
Example:
<setup> .... <inventory_service> sync_rate = 5 apmgraph_chunksize = 1000 </inventory_service> .... </setup>
Support for large-scale deployments with more number of UIM groups
Additional Configuration:
Currently probe considers only 50 parent groups. If there are more than 50 parents groups, it sends devices without group data.
You can configure the size using
setup/inventory_service/grp_recursion_level
parameter.
Example:
<setup> .... <inventory_service> sync_rate = 5 apmgraph_chunksize = 1000
grp_recursion_level = 50
</inventory_service> .... </setup>
Troubleshooting and Additional Logs
To change the apm_bridge configuration, edit the
apm_bridge.cfg
configuration file with a text editor, or use Raw Configure to update key/value pairs. You can add the following key/ value pairs to enable additional logs and for troubleshooting:
<topology_service>
save_incoming_graphs = 1
log_outgoing_request = 1
publish_config_items = 0
</topology_service>
All the keys are disabled by default, (value = 0). Modify the value of the config key to enable the parameter (value=1).
  • Enable the
    "save_incoming_graphs"
    key, to save the incoming topology from vmware or aws probe to the Debug folder.
  • Enable the
    "log_outgoing_request"
    key, to log information sent by apm_bridge to NextGen TAS for CA APM. This information is saved in the Debug > tasrequests folder. Please ensure that you have adequate space in your machine, as enabling this will take up available free space.
apm_bridge probe does not send all devices to DX Operational Intelligence
Symptom:
apm_bridge probe is not sending all the UIM devices to the DX Operational Intelligence console.
Solution:
All the UIM devices are not displayed in the DX Operational Intelligence console due to the origin setting. You can get all the devices and groups in the DXI OI console by adding all the origins (comma-separated) in the apm_bridge settings.