Layer7 API Management

I am currently doing an implementation at a customer who uses SCOM to monitor their systems. Does anyone have experience with using a SCOM agent to monitor the gateway? Or is there any documentation available for it?

Is it possible to monitor services similar to how this is done with SNMP?

Hi Michiel,

I was able to integrate SCOM using SNMP.

By default gateways come with SNMP agent and server installed on them. You just need to configure SCOM SNMP server with gateway's SNMP agent.

The KB's to turn on SNMP on gateways:

https://na32.salesforce.com/kA050000000LPgW?popup=true&caseId=5003800000hsX1P

https://na32.salesforce.com/kA050000000LRG7?popup=true&caseId=5003800000hsX1P

Make sure you change community string from public to some secret. And define OIDs in your configuration file.

Thank you,

Aniket

Hi Aniket,

I know about the SNMP option, but this customer prefers to use the SCOM agent. They are afraid their network could be flooded by SNMP traffic based on past experience. Even though I don't see how that would happen with polling an SNMP agent, only SNMP traps could cause an uncontrolled amount of traffic.

We are still struggling with getting the SCOM agent installed as well, but I think we will manage that in the end.

Thanks,

Michiel

Hi Michiel,

SNMP protocol runs on udp and could alert client before any tcp/ REST/ soap failures. I guess at your customers they'd have SNMP traps for too many details or custom oids. There are also some obvious security issues with SNMP.

SNMP works great in our growing SOA environment.

Also I think the more you customize Gateway's environment from out of box solution, the more you would tangle yourself in supportability and manageability issues. Just my two cents. And in considering these supportability issues SCOM expert had advised me to use SNMP.

Thanks,

Aniket

Hi Aniket,

I've been in Infrastructure Management (CA Spectrum etc) for over 10 years so I know all about SNMP and I would actually prefer it too. As long as everything is configured correctly, there should be no issue at all. But they have had a bad experience SNMP in the past so they are very hesitant to try it again now. So in an attempt to at least try to help them to do it their way, I'm looking for more info on how to do a SCOM agent based setup. But as I mentioned before, just getting the SCOM agent installed is already proving to be a challenge because of the hardening of the gateway and the lack of Linux expertise in what is mostly a Microsoft house in the case of this customer. I have quite a bit of Linux experience, but this is my first time working with SCOM. So I'm hoping someone else already went through this an is willing to share so I don't have to reinvent the wheel. But it could still turn out we actually do need a new invention in this case So far Google also hasn't been very helpful...

Thanks,

Michiel

Nice to see someone familiar here!

I joined this community today.

Really interested in the SCOM agent configuration. Did that work for you or still a lot to figure out? At this point I'm investigating monitoring solutions that can monitor the whole chain of servers/services. Is  that even possible with SCOM and working with SCOM agents?

Michiel,

The API Management support team has a standard disclaimer for installing third party applications on the appliance form factors.

"When possible, we recommend that you utilize the built-in functionality of the API Gateway before installing external applications. We permit our customers to install additional applications without terminating or negatively impacting the support agreement between your organization and ours when the Gateway's built-in functionality does not meet your requirements.

Carrying out thorough testing in non-critical environments is recommended before escalating the deployment to more business-critical production systems. Please keep in mind that we may request that this software or application be removed from the system during subsequent support requests where we feel the third-party application may be interfering with the proper operation of the Gateway

Lastly, we do not include updates for external applications, tools, or their dependencies in Gateway patches. Upgrading an appliance may cause previously working configurations of your third-party tool to break--and such action would not be supported by CA Support. Since we do not provide updates for these external applications--we also do not test them. As such, external applications may create security vulnerabilities in our appliance that would not be present on a certified Gateway appliance."

I wanted to make sure that we outlined what is supported. We have not seen the complete steps on how to get this to work within the gateway. Due to locked down nature of the gateway, the manual steps outlined here will probably allow for it to work. Install SCOM Agent on Red Hat Enterprise Linux 6 (linux agent installation) | scomskills>blog From a security stand point, I would recommend that you don't use the blanket sudoers configuration but use the fine grain control outlined in the article.

Additional resources:

https://technet.microsoft.com/en-us/system-center-docs/om/manage/install-agent-and-certificate-on-unix-and-linux-compute… 

http://social.technet.microsoft.com/wiki/contents/articles/7375.configuring-sudo-elevation-for-unix-and-linux-monitoring… 

Sincerely,

Stephen Hughes

Director, CA Support