Management Center -- A Specialist in a Specialized World
Andrew Hillier and Andres Gomez-Rivas
First released in 1998, SunTM Management Center is
now in its third major release with Sun Management Center 3.0. Scaling
from one system to thousands of servers, all accessible from one
centralized console, Sun Management Center 3.0 is Sun's first
fully scalable Element Manager for Systems Mangaement. This article
will highlight the benefits that Sun Management Center provides
for monitoring Sun hardware and the SolarisTM Operating
Environment, as well as describe its architecture, features, and
The most important infrastructure change in Sun Management Center
3.0 has been the introduction of Group Operations. This feature
collapses the setting of operational thresholds for hundreds of
hosts into a single task. Using Group Operations, users can load
modules across a hundred agents in the enterprise, or set the thresholds
for alarm conditions on any monitored property on any number of
hosts. The Sun Management Center Agent profile for any number of
hosts can also be synchronized with that of a "reference"
host, by propagating that host's Module Configuration to the
agents. This grouping infrastructure provides a point-and-click
interface to these operations and replaces previous custom efforts
to propagate configuration files via file transfer.
Also, the Performance Reporting Manager (PRM) add-on for Sun Management
Center provides a suite of tools for graphing, analyzing, and exporting
data from Sun Management Center. Utilizing the data logging capabilities
of Sun Management Center agents, PRM is able to acquire the value
of data properties such as system load averages, CPU utilization
rates, or free disk space, over extended periods of time. The resulting
data can be exported or graphed, and used to facilitate such decision-making
tasks as server consolidation and capacity planning, as well as
for general performance monitoring and tracking.
Other new features in 3.0 include add-ons for hardware management,
service management, patch management, and the monitoring of network
services such as SMTP, IMAP, POP, HTTP, Telnet, NIS, FTP, etc. New
means of accessing the data are also a part of Sun Management Center
3.0. A new Web interface provides HTTP/HTTPS access to management
information through any firewall, and a new command-line interface
allows administrators to utilize Sun Management Center without launching
the GUI. See Figure 1.
Over the past two years, customer awareness of Sun Management
Center product has increased. Some of this can be attributed to
the price/performance of the product. The base package is available
free of charge, and add-ons are charged for only where they are
utilized. Enterprise discounting allows the complete set of add-on
features to be available for as little as $250 per server.
Sun Management Center is based on a three-tiered architecture,
and Sun Management Center agents form the frontline of systems management.
The server layer powers the configuration (security, module parameter-setting,
etc.) of the agents. A console layer connects to the server layer
and browses data, alarms, and log files on the agents. See Figure
2. In a typical installation, there is one server layer, with many
agents reporting to that server layer, and one or more console hosts
used to connect to the server layer and manage the agents.
The Sun Management Center agent is an SNMP-compliant agent. You
can poll it via SNMP "get" commands, and you can configure
Sun Management Center to forward SNMP traps to your existing Enterprise
Management Software. Furthermore, Sun Management Center agents allow
you to configure other SNMP agents as "sub-agents" of
Sun Management Center. This means that you can have requests for
certain SNMP Object Identifier branches deferred to an existing
agent running on a different UDP port. The benefit is you need only
expose and reference one UDP port to access all your SNMP agents
on that host. Also, Sun provides an Advanced System Monitoring pack
"module" for the Sun Management Center agent called "MIB-II
Instrumentation", which fully implements RFC-1213, allowing
the agent to serve up this information as well.
The Sun Management Center agents support the SNMPv2 User Security
Model standard. All communication between the console/server and
the agent is via this protocol. SNMPv2usec utilizes a username and
password (encrypted) to verify user access to data, as well as user
privileges to perform management operations (via SNMP "set"
commands). This SNMPv2usec protocol is driven by security configuration
information provided by the server layer.
The server layer drives all access to the Sun Management Center
environment. To monitor or manage Sun Management Center agents,
users must have a UNIX account on the server layer host. Furthermore,
only users whose account name appears in the "esusers"
file can log into Sun Management Center. A user's privileges
within Sun Management Center are further defined by the Sun Management
Center group membership that they possess; groups exist for Domain
Administrators, Administrators, and Operators, each with a predefined
category of access in the system. Users without membership in a
Sun Management Center group but present in the "esusers"
file will have general read-only access to all management data.
All of these default permissions can be overridden on an object-by-object
basis for arbitrary users or other UNIX groups.
As mentioned, the Sun Management Center server layer drives this
security functionality. However, the loading of "modules"
(roughly analogous to SNMP MIBs), the setting of operating thresholds,
and other tasks are also affected through the use of the console.
The console requires a server layer to access the agents. The configuration
of hundreds of servers at a time is driven by a "grouping service"
at the server layer. The server layer also maintains a comprehensive
database of alarms that have occurred across the enterprise, which
can be queried via the console or through the Client API.
Returning to the agent layer, where the acquisition of systems
management data takes place, there are several distinctive features
that Sun Management Center agents have over traditional SNMP agents.
The Sun Management Center agent is dynamic; the SNMP Management
Information Base (MIB) that the agent supports is defined by the
modules the agent has loaded. Modules can be dynamically loaded
and unloaded, so during the lifespan of the agent process, its MIB
may grow or shrink as new management capabilities are required or
removed from the agent.
These Sun Management Center modules encapsulate not only the model
of what properties are important for managing a system, but can
also include default thresholds for normal operating behavior, suggested
fixes, and corrective scripts. The Sun Management Center agent allows
the end-user to define exactly what constitutes "normal operating
conditions". Thus, the end-user can tweak the limits on each
property in the system. When a property exceeds that limit, the
agent will generate an alarm and send a trap. See Figure 3.
When an alarm state has been reached, the agent can be configured
to launch a "corrective action" script. The execution
of this script can be delayed until a Sun Management Center administrator
authorizes its execution, or the agent may be enabled to launch
the script automatically. The entire configuration of all Sun Management
Center components is done via plain text configuration files, and
the User's manual describes how to change these settings and
force these changes to take effect.
Using the Product
Before all of these features can be accessed, the software must
be installed, and like most systems management products, it must
be installed everywhere. The product is package based. Installation
and deployment is straightforward, however, it would benefit from
an installation GUI and a more sophisticated deployment mechanism.
There are three basic components that must be installed: the server,
the console, and the agents. The server requires a dedicated box,
and Sun provides a "Configuration and Deployment Guide"
to help size the hardware (with a Netra X1 being sufficient for
smaller installs and a 280R being recommended for larger environments).
The console can be installed on either Solaris OE or Windows clients
(using RMI to communicate with the server). The agents are lightweight
and go on every "managed node" you care to put them on.
When starting it up, the first thing the user sees is the login
screen, which requires a user ID, password, and server name or address.
The login credentials are the same as the user's UNIX account
on the Sun Management Center server layer, and any UNIX account
can be authorized to use Sun Management Center simply by adding
the user name to the "esusers" file on the server. The
server specified is the Sun host that is running the Sun Management
Center "server layer". This must be specified, as large
organizations may be segregated into several server "contexts",
each with their own server layer. Sun Management Center sits on
the SNMPv2 "usec" (user security) model, so all of this
input is used in the underlying agent communication. See Figure
After this formality, the main "topology" window appears.
In general, user interaction consists of double-clicking on managed
objects to see a detailed view, or right clicking to bring up a
context sensitive pop-up menu of possible actions. However, some
functions are only accessible from the drop-down menus at the top
of the window. This window, like many in Sun Management Center,
provides a familiar tree browser look and feel. Here you can organize
the entities in your system along several lines, including physical
structure, network hierarchy, or logical function (such as "Production"
or "Testing"). This organization is depicted as a tree-view
on the left and a series of icons on the right, with the icons representing
the contents of the currently selected "container". All
of these structures are organized under "management domains",
the highest-level construct in Sun Management Center.
Drilling down into these structures will inevitably end with the
appearance of a "host details" browser. This window is
specific to a managed node and provides the mechanism to load and
unload modules, browse management data, manage alarms, edit alarm
limits, view log files, and view the physical or logical configuration
of the host. This is the business end of Sun Management Center,
and it allows users to configure and view almost every aspect of
the Sun Management Center agents. Because the agents are autonomous,
the rules, thresholds, and actions specified in the host details
browser translate directly into management of the target server.
The features and information present at this level are largely
a function of what modules are loaded on the agent. Modules are
the "building blocks" of the management configuration,
and many modules exist to perform both basic and advanced management
functions. There are modules to watch the kernel, inspect the hardware,
launch diagnostics, scan files, monitor directories, hit Web servers
with "synthetic" transactions, analyze crash dumps, launch
batch jobs, and so on. If you can't find the module you need,
a third party can probably provide it. Failing that, you can always
build it using the graphical module builder tool, which is provided
as part of the Developer Environment add-on. See Figure 5.
All of this functionality is subject to stringent access control,
which means that different users and groups of users can be independently
authorized to access the various features. Most "managed objects"
in the system, including data properties, modules, agents, topology
constructs, and even management domains, allow access control rules
to be specified. This allows the product to fit well with the responsibilities
and workflow of the users in small shops as well as large organizations.
Just as no other tool can manage Sun hardware as comprehensively
as Sun Management Center, the converse is surely also true. That
is why integration with third party ESM solutions has always been
a strong mandate for Sun Management Center. Integration packages
for HP Open view, Tivoli, CA, BMC, Netcool, and others are readily
available, allowing hardware and software data and alarms to be
brought into other tools for consideration in the broader organizational
context. This strategy makes Sun servers work better in the overall
environment and thus makes good sense.
If you have an environment that includes Sun servers performing
critical operations, I recommend looking into Sun Management Center.
It has steadily improved over the years, and the latest version
has some impressive capabilities. A free download of the product
can be found on Sun's Web site at: http://www.sun.com/sunmanagementcenter.
This site also contains product literature, technical details, and
licensing information, as well as information on Sun partners and
third parties that provide add-on solutions for Sun Management Center.
Andrew Hillier is the CTO of CiRBA Inc., a Sun Application
Solutions Provider and developer of Sun Management Center add-ons.
Mr. Hillier has over 13 years of experience in developing and deploying
products and customized systems for financial institutions, utilities
and other large organizations. Mr. Hillier can be reached at: email@example.com.
Andres Gomez-Rivas is an electrical engineer and has worked
for 10 years in the high tech industry for IBM, Texas Instruments
and Sun. He is currently a Product Manager in Sun's System
Management Marketing group. Andres can be reached at: firstname.lastname@example.org.
Sun, Sun Microsystems, the Sun Logo, Sun Management Center
are trademarks or registered trademarks of Sun Microsystems, Inc.
in the United States and other countries.