IBM DataPower Operations Dashboard v1.0.14.0

A newer version of this product documentation is available.

You are viewing an older version. View latest at IBM DPOD Documentation.

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 84 Next »

Overview

Federated architecture best fits customers that execute high load (thousands of transactions per second or more) in their gateways, where the vast majority of the transactions is executed on-premise.

The cell environment implements the federated architecture by distributing DPOD's Store and DPOD's processing (using DPOD's agents) across different federated servers.

The cell environment has two main components:

  • Cell Manager - a DPOD server (virtual or physical) that manages all Federated Cell Members (FCMs) as well as providing central DPOD services such as Web Console, reports, alerts, etc.
  • Federated Cell Member (FCM) - a DPOD server (usually physical with very fast local storage) that includes Store data nodes and agents (Syslog and WS-M) for collecting, parsing and storing data. There could be one or more federated cell members per cell.

The following diagram describes the Cell Environment:

The following procedure describes the process of establishing a DPOD cell environment.

Prerequisites

  1. DPOD cell manager and federated cell members must be with the same version (minimum version is 1.0.8.5).
  2. DPOD cell manager can be installed in both Appliance Mode or Non-Appliance Mode with Medium Load architecture type, as detailed in the Hardware and Software Requirements. The manager server can be both virtual or physical.
  3. Physical DPOD federated cell member (FCM) must be installed in Non-appliance Mode with High_20dv architecture type, as detailed in the Hardware and Software Requirements.
  4. Virtual DPOD federated cell member (FCM) must be installed in Non-appliance Mode with Medium architecture type or higher, as detailed in the Hardware and Software Requirements and in Virtual Cell Environment Installation.
  5. All DPOD federated cell member (FCM) must have the exactly the same resources such as CPUs, RAM, disk type and storage capacity.
  6. Each cell component (manager / FCM) should have two network interfaces:
    1. External interface - for DPOD users to access the Web Console (on the cell manager) and for communication between DPOD and Monitored Gateways (on both the cell manager and the members).
    2. Internal interface - for internal DPOD components inter-communication (should be a 10Gb Ethernet interface).
  7. Network ports should be opened in the network firewall as detailed below:

From

To

Ports (Defaults)

Protocol

Usage

DPOD Cell Manager

Each Monitored Device

5550 (TCP)

HTTP/S

Monitored device administration management interface

DPOD Cell Manager

DNS Server

TCP and UDP 53

DNS

DNS services. Static IP address may be used.

DPOD Cell Manager

NTP Server

123 (UDP)

NTP

Time synchronization

DPOD Cell Manager

Organizational mail server

25 (TCP)

SMTP

Send reports by email

DPOD Cell Manager

LDAP

TCP 389 / 636 (SSL).

TCP 3268 / 3269 (SSL)

LDAP

Authentication & authorization. Can be over SSL.

DPOD Cell ManagerEach DPOD Federated Cell Member443 (TCP)HTTP/SCommunication (data + management)
DPOD Cell ManagerEach DPOD Federated Cell Member9300-9305 (TCP)ElasticSearchElasticSearch Communication (data + management)
DPOD Cell ManagerEach DPOD Federated Cell Member22 (TCP)TCPSSH root access is needed for the cell installation and for admin operations from time to time.

NTP Server

DPOD Cell Manager

123 (UDP)

NTP

Time synchronization

Each Monitored Device

DPOD Cell Manager

60000-60003 (TCP)

TCP

SYSLOG Data

Each Monitored Device

DPOD Cell Manager

60020-60023 (TCP)

HTTP/S

WS-M Payloads

Users IPs         

DPOD Cell Manager

443 (TCP)

HTTP/S

DPOD's Web Console

Admins IPs         

DPOD Cell Manager

22 (TCP)

TCP

SSH

Each DPOD Federated Cell MemberDPOD Cell Manager443 (TCP)HTTP/SCommunication (data + management)
Each DPOD Federated Cell MemberDPOD Cell Manager9200, 9300-9400ElasticSearchElasticSearch Communication (data + management)

Each DPOD Federated Cell Member

DNS Server

TCP and UDP 53

DNS

DNS services

Each DPOD Federated Cell Member

NTP Server

123 (UDP)

NTP

Time synchronization

NTP Server

Each DPOD Federated Cell Member

123 (UDP)

NTP

Time synchronization

Each Monitored Device

Each DPOD Federated Cell Member

60000-60003 (TCP)

TCP

SYSLOG Data

Each Monitored Device

Each DPOD Federated Cell Member

60020-60023 (TCP)

HTTP/S

WS-M Payloads

Admins IPs         

Each DPOD Federated Cell Member

22 (TCP)

TCP

SSH

DPOD Cell ManagerEach DPOD Federated Cell Member60000-60003 (TCP)TCPSyslog keep-alive data
DPOD Cell ManagerEach DPOD Federated Cell Member60020-60023 (TCP)TCPHTTP/S WS-M keep-alive data

Cell Manager Installation

Prerequisites

  • Make sure to meet the prerequisites listed at the top of this page.
  • Install the following software package (RPM) on the cell manager: bc

DPOD Installation

Install DPOD as described in one of the following installation procedures:

  • For Appliance Mode:
    • Follow the procedure: Appliance Installation
    • During installation the user is prompted to choose the data disk type (SSD / non SSD). Choose the cell members disk type (should be SSD) instead of the cell manager disk type.
  • For Non-appliance Mode:
    • Follow the procedure: Non-Appliance Installation
    • During installation, since the cell manager has two network interfaces (see prerequisites section), the user is prompted to choose the IP address for the Web Console. Choose the IP address of the external network interface. 


After DPOD installation is complete, execute the following operating system performance optimization script and reboot the server:

/app/scripts/tune-os-parameters.sh
reboot

Federated Cell Member Installation

The following section describes the installation process of a single Federated Cell Member (FCM). Please repeat the procedure for every FCM installation.

Prerequisites

  • Make sure to meet the prerequisites listed at the top of this page.
  • Install the following software package (RPM) on the cell member: bc
  • The following software packages (RPMs) are recommended for system maintenance and troubleshooting, but are not required: telnet client, net-tools, iftop, tcpdump, pciutils, nvme-cli

DPOD Installation

  • Use Non-appliance Mode and follow the procedure: Non-Appliance Installation
    This installation (before the federation process is executed later) is similar to a standard All-In-One standalone DPOD installation.
    In order for this installation to complete successfully, all prerequisites for DPOD installation should be met as described in the installation procedure, including the 3 disk drives requirement.
  • The four-letter Installation Environment Name should be identical to the one that was chosen during the Cell Manager installation.
  • During installation, since the cell manager has two network interfaces (see prerequisites section), the user is prompted to choose the IP address for the Web Console. Choose the IP address of the external network interface.

After DPOD installation is complete, execute the following operating system performance optimization script and reboot the server:

/app/scripts/tune-os-parameters.sh
reboot

Configuring Mount Points of Cell Member before Federation

The cell member is usually a bare metal server with NVMe disks for maximizing server I/O throughput.
Each of the Store's logical nodes (service) will be bound to specific physical processor, disks and memory using NUMA (Non-Uniform Memory Access) technology.

Required information

The following table contains the list of OS mount points that should be configured along with additional information that must be gathered before federating the DPOD cell member to the cell environment.
Please copy this table, use it during the procedure, and complete the information in the empty cells as you follow the procedure:

Store NodeMount Point PathDisk BayDisk SerialDisk OS PathPCI Slot NumberNUMA Node (CPU #)
2/data2




2/data22




2 */data222




3/data3




3/data33




3 */data333




4/data4




4/data44




4 */data444




* Lines marked with asterisk (*) are relevant only in case DPOD sizing team recommends 9 disks instead of 6 disks per cell member. You may remove these lines in case you have only 6 disks per cell member.

Identifying disk bays and disk serial numbers

To identify which of the server's NVMe disk bays is bound to which of the CPUs, use the hardware manufacture documentation.
Write down the disk bay as well as the disk's serial number by visually observing the disk.

Identifying disk OS paths

To list the OS path of each disk, execute the following command and write down the disk OS path (e.g.: /dev/nvme0n1) according to the disk's serial number (e.g.: PHLE8XXXXXXC3P2EGN):

nvme -list

Expected output:
Node             SN                   Model                                    Namespace Usage                      Format           FW Rev 
---------------- -------------------- ---------------------------------------- --------- -------------------------- ---------------- --------
/dev/nvme0n1     PHLE8XXXXXXC3P2EGN   SSDPE2KE032T7L                           1         3.20 TB / 3.20 TB          512 B + 0 B      QDV1LV46
/dev/nvme1n1     PHLE8XXXXXXM3P2EGN   SSDPE2KE032T7L                           1         3.20 TB / 3.20 TB          512 B + 0 B      QDV1LV46
/dev/nvme2n1     PHLE8XXXXXX83P2EGN   SSDPE2KE032T7L                           1         3.20 TB / 3.20 TB          512 B + 0 B      QDV1LV46
/dev/nvme3n1     PHLE8XXXXXXN3P2EGN   SSDPE2KE032T7L                           1         3.20 TB / 3.20 TB          512 B + 0 B      QDV1LV46
/dev/nvme4n1     PHLE8XXXXXX63P2EGN   SSDPE2KE032T7L                           1         3.20 TB / 3.20 TB          512 B + 0 B      QDV1LV46
/dev/nvme5n1     PHLE8XXXXXXJ3P2EGN   SSDPE2KE032T7L                           1         3.20 TB / 3.20 TB          512 B + 0 B      QDV1LV46

Identifying PCI slot numbers

To list the the PCI slot for each disk OS path, execute the following command and write down the PCI slot (e.g.: 0c:00.0) according to the last part of the disk OS path (e.g.: nvme0n1):

lspci -nn | grep NVM | awk '{print $1}' | xargs -Innn bash -c "printf 'PCI Slot: nnn     '; ls -la /sys/dev/block | grep nnn"

Expected output:
PCI Slot: 0c:00.0     lrwxrwxrwx. 1 root root 0 May 16 10:26 259:2 -> ../../devices/pci0000:07/0000:07:00.0/0000:08:00.0/0000:09:02.0/0000:0c:00.0/nvme/nvme0/nvme0n1
PCI Slot: 0d:00.0     lrwxrwxrwx. 1 root root 0 May 16 10:26 259:5 -> ../../devices/pci0000:07/0000:07:00.0/0000:08:00.0/0000:09:03.0/0000:0d:00.0/nvme/nvme1/nvme1n1
PCI Slot: ad:00.0     lrwxrwxrwx. 1 root root 0 May 16 10:26 259:1 -> ../../devices/pci0000:ac/0000:ac:02.0/0000:ad:00.0/nvme/nvme2/nvme2n1
PCI Slot: ae:00.0     lrwxrwxrwx. 1 root root 0 May 16 10:26 259:0 -> ../../devices/pci0000:ac/0000:ac:03.0/0000:ae:00.0/nvme/nvme3/nvme3n1
PCI Slot: c5:00.0     lrwxrwxrwx. 1 root root 0 May 16 10:26 259:3 -> ../../devices/pci0000:c4/0000:c4:02.0/0000:c5:00.0/nvme/nvme4/nvme4n1
PCI Slot: c6:00.0     lrwxrwxrwx. 1 root root 0 May 16 10:26 259:4 -> ../../devices/pci0000:c4/0000:c4:03.0/0000:c6:00.0/nvme/nvme5/nvme5n1

Tip: you may execute the following command to list the details of all PCI slots with NVMe disks installed in the server:
lspci -nn | grep -i nvme | awk '{print $1}' | xargs -Innn lspci -v -s nnn

Tip: you may execute the following command to list all disk OS paths in the server:
ls -la /sys/dev/block

Identifying NUMA nodes

To list the NUMA node of each PCI slot, execute the following command and write down the NUMA node (e.g.: 1) according to the PCI slot (e.g.: 0c:00.0):

lspci -nn | grep -i nvme | awk '{print $1}' | xargs -Innn bash -c "printf 'PCI Slot: nnn'; lspci -v -s nnn | grep NUMA"

Expected output:
PCI Slot: 0c:00.0	Flags: bus master, fast devsel, latency 0, IRQ 45, NUMA node 1
PCI Slot: 0d:00.0	Flags: bus master, fast devsel, latency 0, IRQ 52, NUMA node 1
PCI Slot: ad:00.0	Flags: bus master, fast devsel, latency 0, IRQ 47, NUMA node 2
PCI Slot: ae:00.0	Flags: bus master, fast devsel, latency 0, IRQ 49, NUMA node 2
PCI Slot: c5:00.0	Flags: bus master, fast devsel, latency 0, IRQ 51, NUMA node 3
PCI Slot: c6:00.0	Flags: bus master, fast devsel, latency 0, IRQ 55, NUMA node 3

Example of required information

This is an example of how a row of the table should look like:

Store NodeMount Point PathDisk BayDisk SerialDisk OS PathPCI Slot NumberNUMA node (CPU #)
2/data2Bay 1PHLE8XXXXXXC3P2EGN/dev/nvme0n10c:00.01

Verifying NVMe disks speed

Execute the following command and verify all NVMe disks have the same speed (e.g.: 8GT/s):

lspci -nn | grep -i nvme | awk '{print $1}' | xargs -Innn bash -c "printf 'PCI Slot: nnn'; lspci -vvv -s nnn | grep LnkSta:"

Expected output:
PCI Slot: 0c:00.0		LnkSta:	Speed 8GT/s, Width x4, TrErr- Train- SlotClk+ DLActive- BWMgmt- ABWMgmt-
PCI Slot: 0d:00.0		LnkSta:	Speed 8GT/s, Width x4, TrErr- Train- SlotClk+ DLActive- BWMgmt- ABWMgmt-
PCI Slot: ad:00.0		LnkSta:	Speed 8GT/s, Width x4, TrErr- Train- SlotClk+ DLActive- BWMgmt- ABWMgmt-
PCI Slot: ae:00.0		LnkSta:	Speed 8GT/s, Width x4, TrErr- Train- SlotClk+ DLActive- BWMgmt- ABWMgmt-
PCI Slot: c5:00.0		LnkSta:	Speed 8GT/s, Width x4, TrErr- Train- SlotClk+ DLActive- BWMgmt- ABWMgmt-
PCI Slot: c6:00.0		LnkSta:	Speed 8GT/s, Width x4, TrErr- Train- SlotClk+ DLActive- BWMgmt- ABWMgmt-

Configuring mount points

Configure the mount points according to the table with all gathered information.
It is highly recommended to use LVM (Logical Volume Manager) to allow flexibility for future storage needs.

The following example uses LVM. You may use it for each mount point (replace vg_data2 with vg_data22/vg_data222/vg_data3 etc.):

pvcreate -ff /dev/nvme0n1
vgcreate vg_data2 /dev/nvme0n1
lvcreate -l 100%FREE -n lv_data vg_data2
mkfs.xfs -f /dev/vg_data2/lv_data

The following example is the line that should be added to /etc/fstab for each mount point (replace vg_data2 and /data2 with the appropriate values from the table):

/dev/vg_data2/lv_data    /data2                   xfs     defaults        0 0

Create a directory for each mount point (replace /data2 with the appropriate values from the table):

mkdir -p /data2

Inspecting final configuration

This example is for 6 disks per cell member and does not include other mount points that should exist, as describe in Hardware and Software Requirements.

Execute the following command and verify mount points:

lsblk

Expected output:
NAME                  MAJ:MIN RM   SIZE RO TYPE MOUNTPOINT
nvme0n1               259:2    0   2.9T  0 disk 
└─vg_data2-lv_data    253:0    0   2.9T  0 lvm  /data2
nvme1n1               259:5    0   2.9T  0 disk 
└─vg_data22-lv_data   253:11   0   2.9T  0 lvm  /data22
nvme2n1               259:1    0   2.9T  0 disk 
└─vg_data3-lv_data    253:9    0   2.9T  0 lvm  /data3
nvme3n1               259:0    0   2.9T  0 disk 
└─vg_data33-lv_data   253:10   0   2.9T  0 lvm  /data33
nvme4n1               259:3    0   2.9T  0 disk 
└─vg_data44-lv_data   253:8    0   2.9T  0 lvm  /data44
nvme5n1               259:4    0   2.9T  0 disk 
└─vg_data4-lv_data    253:7    0   2.9T  0 lvm  /data4

OS Configuration of Cell Member before Federation

Installing NUMA software

Execute the following command:

yum install numactl

Configuring local OS based firewall

Most Linux-based OS use a local firewall service (e.g.: iptables / firewalld). Since the OS of the Non-Appliance Mode DPOD installation is provided by the user, it is under the user's responsibility to allow needed connectivity to and from the server.

Configure the local firewall service to allow connectivity as described in the prerequisites section at the top of this page.

When using DPOD Appliance mode installation for the cell manager, local OS based firewall service configuration is handled by the cell member federation script.

When using DPOD Non-Appliance mode installation for the cell manager, local OS based firewall service configuration should be done by the user in addition to configuring the local OS based firewall service configuration of the cell memeber.

Cell Member Federation

In order to federate and configure the cell member, run the following script in the cell manager once per cell member.

For instance, to federate two cell members, the script should be run twice (in the cell manager) - first time with the IP address of the first cell member, and second time with the IP address of the second cell member.

Important: The script should be executed using the OS root user.

/app/scripts/configure_cell_manager.sh -a <internal IP address of the cell member> -g <external IP address of the cell member>

For example:
/app/scripts/configure_cell_manager.sh -a 172.18.100.34 -g 172.17.100.33

Note that the script writes two log files, one in the cell manager and one in the cell member. The log file names are mentioned in the script's output.

In case of a failure, the script will try to rollback the configuration changes it made, so the problem can be fixed before rerunning it again.

Cell Member Federation Post Steps

Updating service files for 4-CPU cell members

DPOD cell member is using NUMA (Non-Uniform Memory Access) technology.
The default cell member configuration binds DPOD's agent to NUMA node 0 and the Store's nodes to NUMA node 1.
If the server has 4 CPUs, the user should update the service files of nodes 2 and 3 and change the bound NUMA nodes to 2 and 3 respectively.

Note: In case the cell member has only 2 CPUs - skip this step.

To verify the amount of CPUs installed on the server, use the NUMA utility:

numactl -s | grep cpubind

Expected output for 4-CPU cell members:
cpubind: 0 1 2 3

To update the service files, execute the following command:

sed -i 's#/usr/bin/numactl --membind=1 --cpunodebind=1#/usr/bin/numactl --membind=2 --cpunodebind=2#g' /etc/init.d/MonTier-es-raw-trans-Node-2
sed -i 's#/usr/bin/numactl --membind=1 --cpunodebind=1#/usr/bin/numactl --membind=3 --cpunodebind=3#g' /etc/init.d/MonTier-es-raw-trans-Node-3

Updating service files for cell members with more than 384GB RAM

DPOD cell members with a high amount of RAM should assign more RAM to the Store services to ensure performance if storing and fetching data.

Note: In case the cell member has less than 384GB RAM - skip this step.

To update the service files, execute the following command:

sed -i 's/^NODE_HEAP_SIZE=.*/NODE_HEAP_SIZE="64G"/g' /etc/init.d/MonTier-es-raw-trans-Node-2
sed -i 's/^NODE_HEAP_SIZE=.*/NODE_HEAP_SIZE="64G"/g' /etc/init.d/MonTier-es-raw-trans-Node-3
sed -i 's/^NODE_HEAP_SIZE=.*/NODE_HEAP_SIZE="64G"/g' /etc/init.d/MonTier-es-raw-trans-Node-4

Cell Member Federation Verification

After a successful federation, you will be able to see the new federated cell member in the Manage → System → Nodes page.
For example:

Also, the new agents will be shown in the agents list in the Manage → Internal Health → Agents page:

Configure the Monitored Gateways to Use the Federated Cell Member Agents

Configure the monitored gateways to use the federated cells agents. Please follow instructions on Adding Monitored Devices.




  • No labels