ITM v6.3 Login Policies

Something that many ITM v6 customers have been requesting for some years has finally arrived [indirectly] with ITM v6.3 – login policies, i.e. the ability to run script based policies when a new Managed System connects to the ITM infrastructure. This feature enables the automation of TEMS assignment, both the primary and backup TEMS for an agent, plus “after login” logic that is only limited by your scripting ability! One obvious “after login” application here is to assign agents to Managed System Group Objects and hence automate the distribution of function based situations on connection. A similar capability was a part of the legacy Tivoli Management Framework and significantly reduced the manual administration of the environment.

Why do I say the feature has been introduced indirectly with ITM v6.3? Well this capability it is not shipped as part of the core product, although it is mentioned in the Administration Guide. The code and documentation is available for download from the ITM “Best Practice” section of the IBM DeveloperWorks Wiki.

Installation is relatively straight forward, although TEMS restarts may be required for environment variable updates. Customisations are required to two Perl scripts “selectTEMS.pl” and “afterLogin.pl”. These scripts are run when the managed system connect. Information specific to the managed system and its connection is available to the scripts, e.g. TEMS and managed system name, and can form the basis of the logic for the TEMS selection and after login logic.

The after login policy extract below demonstrates a simple update to the default script to assign new Linux managed systems to a function based Managed System Group Object (or MSL). The login daemon starts a dedicated thread to process the individual managed systems and so isolates the overhead of the processing from the main daemon.

Example ITM v6.3 After Login Policy

Example ITM v6.3 After Login Policy

There are some limitations with the function, not least that it has only been fully tested on Linux, but the potential to reduce ITM administration tasks means it’s worth testing further.