Page 2
Further, Novell, Inc. reserves the right to make changes to any and all parts of Novell software, at any time, without any obligation to notify any person or entity of such changes.
Page 3
Novell Trademarks For Novell trademarks, see the Novell Trademark and Service Mark list (http://www.novell.com/company/legal/ trademarks/tmlist.html). Third-Party Materials All third-party trademarks are the property of their respective owners.
For the most recent version of this Administration Guide, visit the PlateSpin Orchestrate Web site (http://www.novell.com/documentation/pso_orchestrate20/). Documentation Conventions In Novell documentation, a greater-than symbol (>) is used to separate actions within a step and items in a cross-reference path. ® A trademark symbol ( , etc.) denotes a Novell trademark.
Section 1.2, “Understanding PlateSpin Orchestrate Functionality,” on page 20 1.1 Understanding PlateSpin Orchestrate Architecture PlateSpin Orchestrate from Novell is an advanced datacenter management solution designed to manage all network resources. It provides the infrastructure that manages group of ten, one hundred, or thousands of physical or virtual resources.
This section contains information about the following topics: Section 1.1.1, “The PlateSpin Orchestrate Agent,” on page 10 Section 1.1.2, “The Resource Monitor,” on page 11 Section 1.1.3, “Entity Types and Managers,” on page 11 Section 1.1.4, “Jobs,” on page 14 Section 1.1.5, “Constraint-Based Job Scheduling,”...
PlateSpin Orchestrate Server Architecture Figure 1-2 For additional information about job architecture, see “Job Architecture” in the PlateSpin Orchestrate 2.0 Developer Guide and Reference. 1.1.2 The Resource Monitor PlateSpin Orchestrate enables you to monitor your system computing resources using the built-in Resource Monitor.
Page 12
“Constraints” on page 13 “Groups” on page 14 “VM: Hosts, Images, and Instances” on page 14 “Templates” on page 14 Resources All managed resources, which are called nodes, have an agent with a socket connection to the Orchestrate Server. All resource use is metered, controlled, and audited by the Orchestrate Server. Policies govern the use of resources.
Page 13
Facts Facts represent the state of any object in the PlateSpin Orchestrate grid. They can be discovered through a job or they can be explicitly set. Facts control the behavior a job (or joblet) when it’s executing. Facts also detect and return information about that job in various UIs and server functions.
“LtConstraint” “NeConstraint” “NotConstraint” “OrConstraint” “UndefinedConstraint” Groups Resources, users, job definitions and virtual machines (VM) are managed in groups with group policies that are inherited by members of the group. VM: Hosts, Images, and Instances A virtual machine host is a resource that is able to run guest operating systems. Attributes (facts) associated with the VM host control its limitations and functionality within the Orchestrate Server.
Page 15
Multiple job archives can be delivered as a management pack in a service archive file (SAR) identified with the .sar extension. Typically, a group of related files are delivered this way. For example, the Xen30 management pack is a SAR. As shown in the following illustration, jobs include all of the code, policy, and data elements necessary to execute specific, predetermined tasks administered either through the PlateSpin Orchestrate Development Client, or from the zos command line tool.
Page 16
Parallel Processing By managing many small joblets, the Orchestrate Server can enhance system performance and maximize resource use. Managing the Cluster Life Cycle Jobs can detect demand and monitor health of system resources, then modify clusters automatically to maximize system performance and provide failover services. Discovery Jobs Some jobs provide inspection of resources to more effectively management assets.
The Job Scheduler Figure 1-4 For more information, see “Resource Selection” in “Using PlateSpin Orchestrate Jobs” in the PlateSpin Orchestrate 2.0 Developer Guide and Reference “The PlateSpin Orchestrate Job Scheduler” in the PlateSpin Orchestrate 2.0 Development Client Reference. See also “Job Scheduling”...
Each object in a job context contains the following elements: Constraint-Based Resource Brokering Figure 1-5 For more information, see “Working with Facts and Constraints” in the PlateSpin Orchestrate 2.0 Developer Guide and Reference. 1.1.6 Understanding PlateSpin Orchestrate API Interfaces There are three API interfaces available to the Orchestrate Server: Orchestrate Server Management Interface: The PlateSpin Orchestrate Server, written entirely in Java using the JMX (Java MBean) interface for management, leverages this API for the PlateSpin Orchestrate Development Client.
Page 19
PlateSpin Orchestrate Development Client Figure 1-6 Job Interface: Includes a customizable/replaceable Web application and the zosadmin command line tool. The Web-based Server Portal built with this API provides a universal job viewer from which job logs and progress can be monitored. The job interface is accessible via a Java API or CLI.
1.2.2 Policy-Based Management Policies are aggregations of facts and constraints that are used to enforce quotas, job queuing, resource restrictions, permissions, and other user and resource functions. Policies can be set on all objects and are inherited, which facilitates implementation within related resources. Facts, which might be static, dynamic or computed for complex logic, are used when jobs or test scenarios require resources in order to select a resource that exactly matches the requirements of the test, and to control the access and assignment of resources to particular jobs, users, projects, etc.
The PlateSpine Orchestrate VM Monitoring System provides robust graphical monitoring of all managed virtual resources managed on the grid. PlateSpin Orchestrate Monitoring in the VM Client Figure 1-8 For more information, see the PlateSpin Orchestrate 2.0 VM Client Guide and Reference.
Workflows Jobs can also invoke other jobs, creating hierarchies. Because of the communication between the job client (either a user/user client application or another job) it is easy to create complex workflows composed of discrete and separately versioned components. When a job is executed and an instance is created, the class that extends job is run on the server and as that logic requests resources, the class(es) that extend the joblet are automatically shipped to the requested resource to manage the remote task.
A Job in Action Figure 1-10 1.2.6 Web-Based User Interaction PlateSpin Orchestrate ships a universal job monitoring and submission interface as a Web application that natively runs on the Orchestrate Server. This application is written to the PlateSpin Orchestrate job management API and can be customized or replaced with alternative rendering as required.The figure belows shows an example of this interface, called the Server Portal.
Page 25
For more information, see the PlateSpin Orchestrate 2.0 Server Portal Reference. Basic PlateSpin Orchestrate Concepts...
® ® This section explains various security issues related to PlateSpin Orchestrate from Novell Section A.1, “User and Administrator Password Hashing Methods,” on page 27 Section A.2, “User and Agent Password Authentication,” on page 27 Section A.3, “Password Protection,” on page 28 Section A.4, “TLS Encryption,”...
For users, none of the Novell-provided client utilities stores the user-entered password to disk in either plain text or hashed form. However, temporary once-per-session credentials are stored to the disk in the users directory.
In addition to these settings for TLS configuration, there are files that need to be protected on both the server and on the client/agent. For more information, search for the TLS Certificate Installation On PlateSpin Orchestrate article at the Novell Cool Solutions Community (http://www.novell.com/ communities/coolsolutions/). A.5 Security for Administrative Services The PlateSpin Orchestrate Development Client and the zosadmin command line tool are clients to the MBean and RMI servers.
For this reason, the files in the user’s . directory should be configured to disallow novell/zoc/ access by other users. A.6 Plain Text Visibility of Sensitive Information...
Server Discovery and Multicasting The PlateSpin* Orchestrate Server, Orchestrate Agent, and other Orchestrate tools use IP multicast messages to locate servers and to announce when servers are started or shut down. If multicasting is not supported in your existing network environment, all PlateSpin Orchestrate components allow a specific machine to be specified instead of using multicast discovery.
B.3 Multi-homed Hosts A multi-homed host is a machine with more than one network interface configured. This can be anything from a Linux system being used as a network router to a laptop computer with both an active Ethernet connection and an active wireless connection. If there are two or more network interfaces active at the same time (even if only one is actually being used) the system is “multi- homed.”...