Cover V11, I13

Figure 1
Figure 2
Figure 3
Figure 4
Figure 5

SunTM Management Center -- A Specialist in a Specialized World

Andrew Hillier and Andres Gomez-Rivas

First released in 1998, SunTM Management Center is now in its third major release with Sun Management Center 3.0. Scaling from one system to thousands of servers, all accessible from one centralized console, Sun Management Center 3.0 is Sun's first fully scalable Element Manager for Systems Mangaement. This article will highlight the benefits that Sun Management Center provides for monitoring Sun hardware and the SolarisTM Operating Environment, as well as describe its architecture, features, and usage.


The most important infrastructure change in Sun Management Center 3.0 has been the introduction of Group Operations. This feature collapses the setting of operational thresholds for hundreds of hosts into a single task. Using Group Operations, users can load modules across a hundred agents in the enterprise, or set the thresholds for alarm conditions on any monitored property on any number of hosts. The Sun Management Center Agent profile for any number of hosts can also be synchronized with that of a "reference" host, by propagating that host's Module Configuration to the agents. This grouping infrastructure provides a point-and-click interface to these operations and replaces previous custom efforts to propagate configuration files via file transfer.

Also, the Performance Reporting Manager (PRM) add-on for Sun Management Center provides a suite of tools for graphing, analyzing, and exporting data from Sun Management Center. Utilizing the data logging capabilities of Sun Management Center agents, PRM is able to acquire the value of data properties such as system load averages, CPU utilization rates, or free disk space, over extended periods of time. The resulting data can be exported or graphed, and used to facilitate such decision-making tasks as server consolidation and capacity planning, as well as for general performance monitoring and tracking.

Other new features in 3.0 include add-ons for hardware management, service management, patch management, and the monitoring of network services such as SMTP, IMAP, POP, HTTP, Telnet, NIS, FTP, etc. New means of accessing the data are also a part of Sun Management Center 3.0. A new Web interface provides HTTP/HTTPS access to management information through any firewall, and a new command-line interface allows administrators to utilize Sun Management Center without launching the GUI. See Figure 1.

Over the past two years, customer awareness of Sun Management Center product has increased. Some of this can be attributed to the price/performance of the product. The base package is available free of charge, and add-ons are charged for only where they are utilized. Enterprise discounting allows the complete set of add-on features to be available for as little as $250 per server.


Sun Management Center is based on a three-tiered architecture, and Sun Management Center agents form the frontline of systems management. The server layer powers the configuration (security, module parameter-setting, etc.) of the agents. A console layer connects to the server layer and browses data, alarms, and log files on the agents. See Figure 2. In a typical installation, there is one server layer, with many agents reporting to that server layer, and one or more console hosts used to connect to the server layer and manage the agents.

The Sun Management Center agent is an SNMP-compliant agent. You can poll it via SNMP "get" commands, and you can configure Sun Management Center to forward SNMP traps to your existing Enterprise Management Software. Furthermore, Sun Management Center agents allow you to configure other SNMP agents as "sub-agents" of Sun Management Center. This means that you can have requests for certain SNMP Object Identifier branches deferred to an existing agent running on a different UDP port. The benefit is you need only expose and reference one UDP port to access all your SNMP agents on that host. Also, Sun provides an Advanced System Monitoring pack "module" for the Sun Management Center agent called "MIB-II Instrumentation", which fully implements RFC-1213, allowing the agent to serve up this information as well.

The Sun Management Center agents support the SNMPv2 User Security Model standard. All communication between the console/server and the agent is via this protocol. SNMPv2usec utilizes a username and password (encrypted) to verify user access to data, as well as user privileges to perform management operations (via SNMP "set" commands). This SNMPv2usec protocol is driven by security configuration information provided by the server layer.

The server layer drives all access to the Sun Management Center environment. To monitor or manage Sun Management Center agents, users must have a UNIX account on the server layer host. Furthermore, only users whose account name appears in the "esusers" file can log into Sun Management Center. A user's privileges within Sun Management Center are further defined by the Sun Management Center group membership that they possess; groups exist for Domain Administrators, Administrators, and Operators, each with a predefined category of access in the system. Users without membership in a Sun Management Center group but present in the "esusers" file will have general read-only access to all management data. All of these default permissions can be overridden on an object-by-object basis for arbitrary users or other UNIX groups.

As mentioned, the Sun Management Center server layer drives this security functionality. However, the loading of "modules" (roughly analogous to SNMP MIBs), the setting of operating thresholds, and other tasks are also affected through the use of the console. The console requires a server layer to access the agents. The configuration of hundreds of servers at a time is driven by a "grouping service" at the server layer. The server layer also maintains a comprehensive database of alarms that have occurred across the enterprise, which can be queried via the console or through the Client API.

Returning to the agent layer, where the acquisition of systems management data takes place, there are several distinctive features that Sun Management Center agents have over traditional SNMP agents. The Sun Management Center agent is dynamic; the SNMP Management Information Base (MIB) that the agent supports is defined by the modules the agent has loaded. Modules can be dynamically loaded and unloaded, so during the lifespan of the agent process, its MIB may grow or shrink as new management capabilities are required or removed from the agent.

These Sun Management Center modules encapsulate not only the model of what properties are important for managing a system, but can also include default thresholds for normal operating behavior, suggested fixes, and corrective scripts. The Sun Management Center agent allows the end-user to define exactly what constitutes "normal operating conditions". Thus, the end-user can tweak the limits on each property in the system. When a property exceeds that limit, the agent will generate an alarm and send a trap. See Figure 3.

When an alarm state has been reached, the agent can be configured to launch a "corrective action" script. The execution of this script can be delayed until a Sun Management Center administrator authorizes its execution, or the agent may be enabled to launch the script automatically. The entire configuration of all Sun Management Center components is done via plain text configuration files, and the User's manual describes how to change these settings and force these changes to take effect.

Using the Product

Before all of these features can be accessed, the software must be installed, and like most systems management products, it must be installed everywhere. The product is package based. Installation and deployment is straightforward, however, it would benefit from an installation GUI and a more sophisticated deployment mechanism.

There are three basic components that must be installed: the server, the console, and the agents. The server requires a dedicated box, and Sun provides a "Configuration and Deployment Guide" to help size the hardware (with a Netra X1 being sufficient for smaller installs and a 280R being recommended for larger environments). The console can be installed on either Solaris OE or Windows clients (using RMI to communicate with the server). The agents are lightweight and go on every "managed node" you care to put them on.

When starting it up, the first thing the user sees is the login screen, which requires a user ID, password, and server name or address. The login credentials are the same as the user's UNIX account on the Sun Management Center server layer, and any UNIX account can be authorized to use Sun Management Center simply by adding the user name to the "esusers" file on the server. The server specified is the Sun host that is running the Sun Management Center "server layer". This must be specified, as large organizations may be segregated into several server "contexts", each with their own server layer. Sun Management Center sits on the SNMPv2 "usec" (user security) model, so all of this input is used in the underlying agent communication. See Figure 4.

After this formality, the main "topology" window appears. In general, user interaction consists of double-clicking on managed objects to see a detailed view, or right clicking to bring up a context sensitive pop-up menu of possible actions. However, some functions are only accessible from the drop-down menus at the top of the window. This window, like many in Sun Management Center, provides a familiar tree browser look and feel. Here you can organize the entities in your system along several lines, including physical structure, network hierarchy, or logical function (such as "Production" or "Testing"). This organization is depicted as a tree-view on the left and a series of icons on the right, with the icons representing the contents of the currently selected "container". All of these structures are organized under "management domains", the highest-level construct in Sun Management Center.

Drilling down into these structures will inevitably end with the appearance of a "host details" browser. This window is specific to a managed node and provides the mechanism to load and unload modules, browse management data, manage alarms, edit alarm limits, view log files, and view the physical or logical configuration of the host. This is the business end of Sun Management Center, and it allows users to configure and view almost every aspect of the Sun Management Center agents. Because the agents are autonomous, the rules, thresholds, and actions specified in the host details browser translate directly into management of the target server.

The features and information present at this level are largely a function of what modules are loaded on the agent. Modules are the "building blocks" of the management configuration, and many modules exist to perform both basic and advanced management functions. There are modules to watch the kernel, inspect the hardware, launch diagnostics, scan files, monitor directories, hit Web servers with "synthetic" transactions, analyze crash dumps, launch batch jobs, and so on. If you can't find the module you need, a third party can probably provide it. Failing that, you can always build it using the graphical module builder tool, which is provided as part of the Developer Environment add-on. See Figure 5.

All of this functionality is subject to stringent access control, which means that different users and groups of users can be independently authorized to access the various features. Most "managed objects" in the system, including data properties, modules, agents, topology constructs, and even management domains, allow access control rules to be specified. This allows the product to fit well with the responsibilities and workflow of the users in small shops as well as large organizations.


Just as no other tool can manage Sun hardware as comprehensively as Sun Management Center, the converse is surely also true. That is why integration with third party ESM solutions has always been a strong mandate for Sun Management Center. Integration packages for HP Open view, Tivoli, CA, BMC, Netcool, and others are readily available, allowing hardware and software data and alarms to be brought into other tools for consideration in the broader organizational context. This strategy makes Sun servers work better in the overall environment and thus makes good sense.


If you have an environment that includes Sun servers performing critical operations, I recommend looking into Sun Management Center. It has steadily improved over the years, and the latest version has some impressive capabilities. A free download of the product can be found on Sun's Web site at: This site also contains product literature, technical details, and licensing information, as well as information on Sun partners and third parties that provide add-on solutions for Sun Management Center.

Andrew Hillier is the CTO of CiRBA Inc., a Sun Application Solutions Provider and developer of Sun Management Center add-ons. Mr. Hillier has over 13 years of experience in developing and deploying products and customized systems for financial institutions, utilities and other large organizations. Mr. Hillier can be reached at:

Andres Gomez-Rivas is an electrical engineer and has worked for 10 years in the high tech industry for IBM, Texas Instruments and Sun. He is currently a Product Manager in Sun's System Management Marketing group. Andres can be reached at:

Sun, Sun Microsystems, the Sun Logo, Sun Management Center are trademarks or registered trademarks of Sun Microsystems, Inc. in the United States and other countries.