IBM Software Group Enhancements for Distributed IBM Tivoli Workload Scheduler 8.2.

IBM Software Group

Enhancements for Distributed

IBM Tivoli Workload Scheduler 8.2

2 | Copyright © 2002, IBM All Rights Reserved | September 25, 2002

Highlights

• Tivoli Technical Imperatives• Networking Security and Firewalls• Object and Administration Security• Execution Deadline Control• Return Code Management and Processing• Job Events Processing• Workload Scheduler for Applications


Tivoli Technical Imperatives

• Installation– Products are easy to install, compatible with each other– Improve the percentage of successful first-time installs– Manual steps are eliminated or automated– Maintenance is simplified

• Serviceability– Increase satisfaction by empowering customers with built-in troubleshooting

techniques– Problem resolution is efficient and accurate

• Data Warehouse– Collect historical data from many Tivoli applications in one central place– Correlate information from multiple applications when possible– Enable enterprise-level reporting– Provide out-of-the-box web-based reporting

• Presentation Consistency– Tivoli products should have a similar look-and-feel for familiarity and ease-of-use

of our products


Networking and Security

• SSL Encryption and Authentication– Network communication between ITWS systems can be configured to

use SSL

• Full Firewall support– ITWS will function even if an IP firewall exists between the FTA and its

Domain Manager

• Increased functional security– FTAs will share a security key with the Master Domain Manager so that

an FTA cannot be linked by an unknown Master


Secure Sockets Layer Protocol

• SSL is based on a public-private keys methodology

• When using SSL,– Connections are private. Encryption is

used after an initial handshake to define a secret key. Symmetric cryptography is used for data encryption (DES, RC4, etc.)

– Peer identity can be authenticated using asymmetric, or public key, cryptography (RSA, DSS, etc.)

– The connection is reliable. Message transports include message integrity checks using a keyed MAC. Secure hash functions (SHA, MD5, etc.) are used for MAC computations


Master DomainMaster Domain Manager

AIX

AIX

Domain Manager

DMA

HPUXDomain Manager

DMB

AIX Windows 2000 Solaris

DomainA DomainB

FTA1 FTA2 FTA3 FTA4

Linux

SSL Authentication and Encryption

Symphony

Unencrypted communication

SSL Encrypted communication


SSL and Workload Scheduler

• Workload Scheduler will use SSL 3– Requires all workstations participating in SSL sessions to have X.509

certificate repositories containing certificates to be exchanged for establishing the SSL session to be installed locally

• Users can define which workstations will use SSL• OpenSSL toolkit provides communication protocol and

certification management on distributed systems• OS/390 Cryptographic Services System SSL provides services

between host and distributed platforms in end-to-end environments

• Complete certificate and PKI key management is outside the scope of this release

• Note: Export of cryptographic algorithms is restricted by regulation of the US government


Firewall Compatibility

• Remote administration commands will be routed through domain hierarchy (instead of Master Domain Manager attempting direct connection to down-level FTA for start, stop, and get stdlist)

• Workload Scheduler TCP/IP communication can be limited to specific port ranges (can also promote better use of systems with multiple NICs)

• Communication characteristics for port utilization, binding, connection establishment, etc. will be well documented


Symphony

Firewall Support

IP F

irewall


AIX

AIX

Domain Manager

DMA

HPUXDomain Manager

DMB


DomainA DomainB

FTA1 FTA2 FTA3 FTA4

Linux

Plan distribution and event management

Network management commands and job log retrieval

Before

After

IP port (31111)



AIX

AIX

Domain Manager

DMA

HPUXDomain Manager

DMB


DomainA DomainB

FTA1 FTA2 FTA3 FTA4

Linux

Enhanced Security Distribution

Symphony

Security

Authorization Key

• Administrator creates secret key

• Makesec command inserts key into Security file

• Administrator distributes Security file to each TWS node

• Secret key is inserted into Symphony file by Jnextday

• Symphony’s key must match Security’s key before any links or commands are allowed

MasterB

Windows 2000


Centralized Security

• Optional feature – current de-centralized security may be continued (for backwards compatibility)

• Prohibits other systems from connecting into an existing scheduling network

• Prohibits anyone from reconfiguring existing systems to increase their abilities

• A new keyed Security mechanism will be employed– Security file may only be compiled on Master Domain Manager– Security file contains encrypted checksum and is distributed to every

FTA– Symphony file will contain the same checksum– Any link or command attempt will compare Symphony and Security

checksums– Command is denied if checksums do not match or Security file is

removed


Execution Deadline

• Each job or job stream can have a defined deadline• A job or job stream that has a defined deadline time which has

expired before it has terminated will be considered “LATE”• If a job has started and is still executing past its deadline, a

notification is sent• If a job has not started by its deadline, a notification is sent


Enhanced “UNTIL” time

• Currently a Job or Job Stream with an expired UNTIL time will not be started

• A late job will have an optional attribute, “ON_UNTIL” with three possible values:

– SUPPR – Job is not launched, no condition changed (current behavior)

– CONT – the Job or Job Stream will be started anyway when the dependencies are met

– CANC – the Job or Job Stream will be cancelled when it has not started and the UNTIL time expires


Return Code Management

• Each job definition will have user-defined criteria defining which return code(s) represent a successful job

• The “Success Condition” field can be a combination of comparison operators and logical operators

• Example– “RC = 2 OR ((RC >= 6 AND RC < 18) AND (RC != 12))”

• Each job’s return code will be sent back to the Symphony• The return code will be seen on conman “SHOWJOBS”

command and in the GUI


Return Code Processing

• The Return Code for each job is stored in the stdlist, and the Symphony file

• The jobinfo command will be enhanced to be able to retrieve the return code of any previous job

• A new environment variable will be sent through JOBMON to recovery jobs representing the return code of the abended job

• The Return Code will be represented in the “event.log” file (usually processed by Tivoli Enterprise Console) and events passed to Tivoli Business Systems Manager


Example use of Return Code Analysis

JOB1

Branch-JOB

Branch-JOB• Dependency on JOB1 & JOB2• Reads return code of JOB1

and JOB2 using “jobinfo”• Makes decision to run JOB3

or JOB4 based on status of JOB1 or JOB2

• Cancels job not selected

JOB2

JOB3 JOB4


Job Events Processing Enhancements

• New events regarding job state changes will be sent to the event.log file

• Currently, events are sent for– 101: Job Abend– 102: Job Failed– 103: Job Launched– 104: Job Done– 105: Job Suspended (UNTIL)

• New rules for Enterprise Console will be provided

• New optional events will be added showing each state change

– 106: Job Submitted– 107: Job Canceled– 108: Job Ready– 109: Job put on Hold– 110: Job Restarted– 111: Job Failed– 112: Job Successful Pending– 113: Job External– 114: Job in Intro– 115: Job STUCK– 116: Job in Wait– 117: Job Deferred– 118: Job Scheduled


Workload Scheduler for Applications

• Updated x-agent for R/3– Support for new releases of R/3

– Support for SAP Business Warehouse•Show picklists of Infopackage Jobs to schedule•Select and/or override attributes of the selected jobs

• Updated x-agent for PeopleSoft– Support for PeopleSoft 8

– Supports PeopleSoft report distributions

– Runs on Windows 2000 and UNIX

• X-agent for Oracle E-Business Suite– Support for 10.x, 11.i

IBM Software Group

Enhancements for Distributed

IBM Tivoli Workload Scheduler 8.2

IBM Software Group Enhancements for Distributed IBM Tivoli Workload Scheduler 8.2.

Documents

Transcript of IBM Software Group Enhancements for Distributed IBM Tivoli Workload Scheduler 8.2.