Post on 26-Mar-2015
IBM Software Group
Enhancements for Distributed
IBM Tivoli Workload Scheduler 8.2
2 | Copyright © 2002, IBM All Rights Reserved | September 25, 2002
Highlights
• Tivoli Technical Imperatives• Networking Security and Firewalls• Object and Administration Security• Execution Deadline Control• Return Code Management and Processing• Job Events Processing• Workload Scheduler for Applications
3 | Copyright © 2002, IBM All Rights Reserved | September 25, 2002
Tivoli Technical Imperatives
• Installation– Products are easy to install, compatible with each other– Improve the percentage of successful first-time installs– Manual steps are eliminated or automated– Maintenance is simplified
• Serviceability– Increase satisfaction by empowering customers with built-in troubleshooting
techniques– Problem resolution is efficient and accurate
• Data Warehouse– Collect historical data from many Tivoli applications in one central place– Correlate information from multiple applications when possible– Enable enterprise-level reporting– Provide out-of-the-box web-based reporting
• Presentation Consistency– Tivoli products should have a similar look-and-feel for familiarity and ease-of-use
of our products
4 | Copyright © 2002, IBM All Rights Reserved | September 25, 2002
Networking and Security
• SSL Encryption and Authentication– Network communication between ITWS systems can be configured to
use SSL
• Full Firewall support– ITWS will function even if an IP firewall exists between the FTA and its
Domain Manager
• Increased functional security– FTAs will share a security key with the Master Domain Manager so that
an FTA cannot be linked by an unknown Master
5 | Copyright © 2002, IBM All Rights Reserved | September 25, 2002
Secure Sockets Layer Protocol
• SSL is based on a public-private keys methodology
• When using SSL,– Connections are private. Encryption is
used after an initial handshake to define a secret key. Symmetric cryptography is used for data encryption (DES, RC4, etc.)
– Peer identity can be authenticated using asymmetric, or public key, cryptography (RSA, DSS, etc.)
– The connection is reliable. Message transports include message integrity checks using a keyed MAC. Secure hash functions (SHA, MD5, etc.) are used for MAC computations
6 | Copyright © 2002, IBM All Rights Reserved | September 25, 2002
Master DomainMaster Domain Manager
AIX
AIX
Domain Manager
DMA
HPUXDomain Manager
DMB
AIX Windows 2000 Solaris
DomainA DomainB
FTA1 FTA2 FTA3 FTA4
Linux
SSL Authentication and Encryption
Symphony
Unencrypted communication
SSL Encrypted communication
7 | Copyright © 2002, IBM All Rights Reserved | September 25, 2002
SSL and Workload Scheduler
• Workload Scheduler will use SSL 3– Requires all workstations participating in SSL sessions to have X.509
certificate repositories containing certificates to be exchanged for establishing the SSL session to be installed locally
• Users can define which workstations will use SSL• OpenSSL toolkit provides communication protocol and
certification management on distributed systems• OS/390 Cryptographic Services System SSL provides services
between host and distributed platforms in end-to-end environments
• Complete certificate and PKI key management is outside the scope of this release
• Note: Export of cryptographic algorithms is restricted by regulation of the US government
8 | Copyright © 2002, IBM All Rights Reserved | September 25, 2002
Firewall Compatibility
• Remote administration commands will be routed through domain hierarchy (instead of Master Domain Manager attempting direct connection to down-level FTA for start, stop, and get stdlist)
• Workload Scheduler TCP/IP communication can be limited to specific port ranges (can also promote better use of systems with multiple NICs)
• Communication characteristics for port utilization, binding, connection establishment, etc. will be well documented
9 | Copyright © 2002, IBM All Rights Reserved | September 25, 2002
Symphony
Firewall Support
IP F
irewall
Master DomainMaster Domain Manager
AIX
AIX
Domain Manager
DMA
HPUXDomain Manager
DMB
AIX Windows 2000 Solaris
DomainA DomainB
FTA1 FTA2 FTA3 FTA4
Linux
Plan distribution and event management
Network management commands and job log retrieval
Before
After
IP port (31111)
10 | Copyright © 2002, IBM All Rights Reserved | September 25, 2002
Master DomainMaster Domain Manager
AIX
AIX
Domain Manager
DMA
HPUXDomain Manager
DMB
AIX Windows 2000 Solaris
DomainA DomainB
FTA1 FTA2 FTA3 FTA4
Linux
Enhanced Security Distribution
Symphony
Security
Authorization Key
• Administrator creates secret key
• Makesec command inserts key into Security file
• Administrator distributes Security file to each TWS node
• Secret key is inserted into Symphony file by Jnextday
• Symphony’s key must match Security’s key before any links or commands are allowed
MasterB
Windows 2000
11 | Copyright © 2002, IBM All Rights Reserved | September 25, 2002
Centralized Security
• Optional feature – current de-centralized security may be continued (for backwards compatibility)
• Prohibits other systems from connecting into an existing scheduling network
• Prohibits anyone from reconfiguring existing systems to increase their abilities
• A new keyed Security mechanism will be employed– Security file may only be compiled on Master Domain Manager– Security file contains encrypted checksum and is distributed to every
FTA– Symphony file will contain the same checksum– Any link or command attempt will compare Symphony and Security
checksums– Command is denied if checksums do not match or Security file is
removed
12 | Copyright © 2002, IBM All Rights Reserved | September 25, 2002
Execution Deadline
• Each job or job stream can have a defined deadline• A job or job stream that has a defined deadline time which has
expired before it has terminated will be considered “LATE”• If a job has started and is still executing past its deadline, a
notification is sent• If a job has not started by its deadline, a notification is sent
13 | Copyright © 2002, IBM All Rights Reserved | September 25, 2002
Enhanced “UNTIL” time
• Currently a Job or Job Stream with an expired UNTIL time will not be started
• A late job will have an optional attribute, “ON_UNTIL” with three possible values:
– SUPPR – Job is not launched, no condition changed (current behavior)
– CONT – the Job or Job Stream will be started anyway when the dependencies are met
– CANC – the Job or Job Stream will be cancelled when it has not started and the UNTIL time expires
14 | Copyright © 2002, IBM All Rights Reserved | September 25, 2002
Return Code Management
• Each job definition will have user-defined criteria defining which return code(s) represent a successful job
• The “Success Condition” field can be a combination of comparison operators and logical operators
• Example– “RC = 2 OR ((RC >= 6 AND RC < 18) AND (RC != 12))”
• Each job’s return code will be sent back to the Symphony• The return code will be seen on conman “SHOWJOBS”
command and in the GUI
15 | Copyright © 2002, IBM All Rights Reserved | September 25, 2002
Return Code Processing
• The Return Code for each job is stored in the stdlist, and the Symphony file
• The jobinfo command will be enhanced to be able to retrieve the return code of any previous job
• A new environment variable will be sent through JOBMON to recovery jobs representing the return code of the abended job
• The Return Code will be represented in the “event.log” file (usually processed by Tivoli Enterprise Console) and events passed to Tivoli Business Systems Manager
16 | Copyright © 2002, IBM All Rights Reserved | September 25, 2002
Example use of Return Code Analysis
JOB1
Branch-JOB
Branch-JOB• Dependency on JOB1 & JOB2• Reads return code of JOB1
and JOB2 using “jobinfo”• Makes decision to run JOB3
or JOB4 based on status of JOB1 or JOB2
• Cancels job not selected
JOB2
JOB3 JOB4
17 | Copyright © 2002, IBM All Rights Reserved | September 25, 2002
Job Events Processing Enhancements
• New events regarding job state changes will be sent to the event.log file
• Currently, events are sent for– 101: Job Abend– 102: Job Failed– 103: Job Launched– 104: Job Done– 105: Job Suspended (UNTIL)
• New rules for Enterprise Console will be provided
• New optional events will be added showing each state change
– 106: Job Submitted– 107: Job Canceled– 108: Job Ready– 109: Job put on Hold– 110: Job Restarted– 111: Job Failed– 112: Job Successful Pending– 113: Job External– 114: Job in Intro– 115: Job STUCK– 116: Job in Wait– 117: Job Deferred– 118: Job Scheduled
18 | Copyright © 2002, IBM All Rights Reserved | September 25, 2002
Workload Scheduler for Applications
• Updated x-agent for R/3– Support for new releases of R/3
– Support for SAP Business Warehouse•Show picklists of Infopackage Jobs to schedule•Select and/or override attributes of the selected jobs
• Updated x-agent for PeopleSoft– Support for PeopleSoft 8
– Supports PeopleSoft report distributions
– Runs on Windows 2000 and UNIX
• X-agent for Oracle E-Business Suite– Support for 10.x, 11.i
IBM Software Group
Enhancements for Distributed
IBM Tivoli Workload Scheduler 8.2