Chapter 6. Deployment 345
6.5.3 Login policy
The login policy developed for the Outlet Systems Management Solution, shown
A.3.6, “login_policy” on page 364, only logs the endpoint label on a file in order to
track that the endpoint passes this script when logging in.
6.5.4 After_login policy
The after login policy script is executed once after an initial login process. For the
Outlet Systems Management Solution, this policy handles subscriptions, profile
distributions, and installation of software packages to new endpoints.
In summary, the after_login policy developed for the Outlet Systems
Management Solution performs the following:
1. Subscribing the endpoint to the correct profile managers using the
2. Distributing hardware and software Inventory scanning profiles as well as the
basic (OS and HW) ITM monitoring profile through execution of the script
3. Executing the script to execute the
ep_customization task in order to submit the activity plan to install software,
discover and create WAS and DB2 monitoring objects, and distribute
remaining monitoring profiles.
A complete listing of the after_login policy and related scripts are available in
A.3.7, “after_policy” on page 365 ff.
6.6 Installing endpoints
To be able to manage the servers in the Outlet Solution, the Tivoli Management
Agent, otherwise known as the endpoint, needs to be installed on all systems.
The existence of the endpoint on an Outlet server is the bootstrap for enabling
the entire installation and management process.
Note: The reason for implementing the ep_customization as a task is to
provide asynchronous execution of the majority of the deployment
operations. This will offload the TMR Server and allow it to process logins
from other endpoints.
346 Implementing a Tivoli Solution for Central Management of Large Distributed Environments
To facilitate automation, it is necessary to define and enforce a strict naming
standard for the endpoints. The naming standard chosen for endpoint labels for
the Outlet Systems Management Solution is:
This will enable the policy scripts to subscribe the endpoints to the correct profile
managers based on several factors, but primarily the geographical hierarchy.
For Unix based systems, the endpoint installation is always initiated from the
command line of the TMR Server using some sort of remote access mechanism:
- rexec, ssh, and so forth. In this section, we assumed that UnitedLinux has been
installed on the Outlet Serves and that ssh has been enabled in accordance with
the description in 4.2.2, “Operating platform preparation” on page 142.
The command used to install an endpoint is winstlcf and for ssh the parameters
are as shown:
winstlcf -j -g <hubtmr>:9494 -l 9495 -n <hostname>_<region>_<store>-ep -r
<tmr>-<region>-<store>_EP -Y ‘<hostname> root <password>’
The winstlcf command shown, will install the endpoint on the target system and
assigns the hubtmr system as the intercepting gateway for the initial login.
Authentication to execute commands on the target system initiated from the hub
TMR is gained through ssh (the -j parameter) using the root user and the valid
password for that user.
To provide ease-of-use and consistency, the winstlcf command should be
scripted in any production environment, and further, perhaps would be build into
a Tivoli task. However, this will not change the fact that endpoint installation is a
manual process that must be executed by the Tivoli Administrators whenever a
new system is going to be included in the environment.
Once the endpoint is installed, it will attempt to login though the intercepting
gateway specified on the winstlcf command. At that point, the endpoint policy
scripts take control.
Note: Based on the needs of the organization, naming standards and
requirements for subscription policies should be considered carefully before
setting up a production environment.

Get Implementing a Tivoli Solution for Central Management of Large Distributed Environments now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.