Unit ObjectivesEnvironment VariablesDirectory Structure and Key FilesStarting PATROL Central Operator Microsoft Windows EditionCreating a Management ProfileUsing the Central Operator features and functionsStarting PATROL Central AdministrationUsing the Central Administration features and functionsGathering Diagnostic Data

Useful Documentation PATROL Central Operator Microsoft Windows EditionGetting Startedhttp://documents.bmc.com/supportu/documents/27/63/52763/52763.pdf

PATROL Central Infrastructure Best Practices Guidehttp://documents.bmc.com/supportu/documents/27/90/52790/52790.pdf

PATROL Support Windows PLC Sitehttp://sharepoint/PatrolCustomerSupport/Windows/default.aspx

Environment Variables

Directories and Files

Directories and Files

Starting a PCOWin

Start => All Programs => BMC PATROL => PATROL CentralStart => Run => pcentral.exe /help (lists the options)Start => Run => pcentral.exe (to start with default session of 1)Start => Run => pcentral.exe id (number between 1 and 65535 inclusive)Desktop Shortcut (created to start a custom session)

PCOWin Command Line Arguments

PATROL Central Interface

PATROL Central RTserver Selection icon

Launching PATROL Central Operator

Connecting to a Console Server, Logging In andcreating a Management Profile

1) Select Console Server2) Enter username and password3) Enter Management Profile Name

Add Managed Systems and Load Knowledge Modules1) Select Managed Systems2) Select Knowledge Modules

PATROL Central Operator Interface

Identifying a Connection ProblemUnreachableAlarmOKDisconnected

Configuration Tab

Configuration Tab/User Preferences

Configuration Tab/Save Management Profile As

Configuration Tab/Set Profile Permissions

Configuration Tab/Export Wizard

Configuration Tab/Import Wizard

Common Task tab

Common Task tab/New Folder

Common Task tab/New Chart

Common Task tab/New Custom View

Common Task tab/New Link to Web Address

Common Task tab/New ActiveX Control

Common Task tab/Simple Managed System Query

Common Task tab/Customize Multiple Parameters

Common Task tab/Customize Multiple Parameters

Common Task tab/Customize Multiple Parameters

Event Manger tab

Event Manger tab

Managed System Query tab

Managed System Query tab

Action Methods tab

Action Methods tab/New Method

Action Methods tab/New Method

PATROL Central Menu Bar/Save Workspace As

Tools Menu Bar/Customize Tools

InfoBox

Menu Commands and Interactive Menu Commands

Menu Commands and Interactive Menu Commands

Executing a Command From the System Output Window

Viewing Parameter Data

Running Commands on the PATROL ConsoleServer From PATROL Central Operator

The PATROL Console Server provides a set of built-in commands that you can run from PATROL Central Operator. You can run these built-in commands from any system output window in PATROL Central Operator.

Launching PATROL Central Administration

Connecting to a Console Server, Logging In to PATROL Central Administration1) Select Console Server2) Enter user name and password

PATROL Central Administration Interface

Managed System Groups

Managed System Groups

Predefined Groups on the PATROL Console Server

The PATROL Console Server installation process includes the creation of the operating system groups listed in the table below. These predefined groups are initially assigned PATROL rights and permissions according to a typical set of rolesthat apply to PATROL users. These groups are created as a convenience for PATROL security administrators.

Active User Groups

Active User Groups

Active Users

Rights Used in PATROL Central Operator

Rights are used to protect console functionality. This Table lists the rights relating to PATROL Central Operator that are assigned to the predefined PATROL groups during installation of the PATROL Console Server. Note that other rights that do not relate to PATROL Central Operator might also be assigned to the PATROL groups.

Rights

Permissions

Permissions/Knowledge Modules

Permissions/Knowledge Modules

Permissions/Managed System Groups

Permissions/Managed System Groups

Permissions/Managed Systems

Permissions/Managed Systems

Permissions/Management Profiles

Permissions/Management Profiles

Aliases and Impersonations

Aliases and Impersonations

Using the Support Management ProfileCreate an RTcloud with my RTserver (tcp:137.72.89.46:2059)Open the support management profile as student and connect to my managed systemsCreate the correct alias and impersonation to allow the student account to connect to all my managed systemsManaged Systems default account = patrol / sgpatrol

Gathering Diagnostic Information

Management Profile Layout TracingIf the problem can be reproduced

Start PCOWinCreate a new management profile Add the problem Managed System and Knowledge ModuleTo start trace type the following in the System Output Window%CS TRACE START 5Recreate the problem and take a screenshot (ensure this captures the problem and the date and time)6.To stop trace type the following in the System Output Window%CS TRACE START 0Log out of the management profileReturn the following Console Server files%PATROL_ROOT%\log\cserver\cserver-.log%PATROL_ROOT%\log\cserver\layout\PATROL_CSERVER_serviceID\lt_trace_%PATROL_ROOT%\log\cserver\layout\PATROL_CSERVER_serviceID\.mk4

The interface that is provided by the Windows Edition of PATROL Central is composed of the following major elements: Menu Bar The menu bar is located at the top of the main window. It contains commands for performing tasks. The commands on the Action and View menus vary, depending on the currently selected item. Navigation PaneThe navigation pane is located at the left side of the main window. It displays the hierarchy of objects that you can work with. Message PaneThe message pane is located at the bottom of the main window. It displaysinformation and error messages. Result WindowsResult windows are located in the right side of the main window. You can have several result windows open at any time. Result windows display objects, such as a Web page, the contents of a folder, charts, gauges, and custom views. LaunchPadThe LaunchPad is a special result window that contains icons for adding console modules and accessing online Help.

Menu BarNavigation BarMessage PaneResults WindowLaunch Pad The PATROL Central RTserver Selection icon allows you to define the RTserver that will be used for COS communications for PATROL Central - Microsoft Windows Edition.The Select RTServer dialog box allows you to use the RTSERVERS environment variable or specify a new RTserver connection string. RTServer Connection String specifies an RTserver connection string.Use environment variable RTSERVERS defines whether the RTSERVERS environment variable or the registry string will be used (1=RTSERVERS environment variable, 0=Registry RTServer Connection String).RTserver Choices is a list of RTserver connection strings that will be displayed in the drop-down list.When a new RTserver connection string is entered, it will be saved in the registry and used as the default for PATROL Central - Microsoft Windows Edition.The RTserver information is stored in the registry under:HKEY_CURRENT_USER\Software\BMC Software\PATROL Central\Console Preferences

In the LaunchPad, click the PATROL Central Operator icon.The PATROL Central Operator Taskpad, navigation pane, and message pane are displayed.The Configuration wizard is also displayed. The first time that you launch PATROL Central Operator, the Configuration wizard is displayed for you to specify which PATROL Console Server and management profile you want to use. The next time that you launch PATROL Central Operator on the same computer, the Configurationwizard displays the previous PATROL Console Server and management profile by default. You can also change PATROL Console Servers or management profiles at any time.

A management profile is a view of your PATROL environment that is stored on the PATROL Console Server and accessed by using PATROL Central Operator. A management profile contains the following information: any managed systems (PATROL Agents) that you have added any Knowledge Modules (KMs) that you have loaded other miscellaneous preferences and settingsAny changes you make to your management profile are saved automatically as you make them. You do not need to manually save changes to your management profile.Once you select a management profile, that management profile will be opened by default the next time you start PATROL Central Operator on the same computer.Because management profiles are stored on the PATROL Console Server, you can access your management profile from any computer that is running PATROL Central Operator by connecting to the same PATROL Console Server. PATROL Central Operator expands the PATROL Central interface by adding the following items: The Operator tab of the navigation pane displays objects in your management profile, such as managed systems, applications, parameters, folders, charts, and custom views. It also displays tasks that you run. You can also add links to Websites or ActiveX controls to the Operator tab of the navigation pane. The PATROL Central Operator Taskpad contains several tabs of icons for starting tasks. Each tab groups icons for related tasks: configuration, common tasks, event management, managed systems queries, and action methods. The PATROL Central Operator toolbar contains buttons for opening each tab of the PATROL Central Operator Taskpad. The Operator Messages tab of the message pane displays messages that relate to PATROL Central Operator (not individual managed systems).

Identifying a connection problemConnection problems can be identified by the Managed System icon. You can mouse over the managed system and read the status window to determine the connection state, and then take the appropriate actions.Disconnected State You are not connected to the system. Select the managed system, and then from the main menu, select Action > Connect to Managed System. Some common problems with disconnected systems are:Invalid passwordInvalid port numberUnreachable State There are several possible causes for an unreachable system, including:The name of the system is incorrect.The managed system is not available on the network or is shut down. Note: To determine if the system is available on the network, type the ping host_name command at the OS system prompt.The PATROL Agent software on the managed system might not be running.The PATROL Agent software on the managed system might not be using the correct RTserver.

Via the PATROL Central Console, a user can:Change parameter alarms and thresholdsSuspend parametersChange parameter polling timesChange parameter history levelsUser must have appropriate privilegesConsole Server connection account must be a member of patadmAgent connecting account must be privileged to modify Agent configurationAgent Configuration Variable changed___tuning___

InfoBoxes are available for most PATROL objects. To view an InfoBox, right-click the object and select InfoBox. A separate window opens for the object. InfoBoxes may contain the following information:Object typeAggregate stateClassConnection stateHistory retention (days)Host nameIP addressPATROL version

The user name must be a member of the patscadm group.

To facilitate the management of numerous host systems, especially in large-scale environments, you can group collections of host systems into managed system groups. This optional feature enables PATROL Console Server to manage the permissions and impersonation tables entries for these managed systems on a group basis. The following guidelines apply to using managed system groups:There are no restrictions on the number of managed system groups you can createmanaged systems you can assign to a managed system groupgroups to which individual managed systems may belong.You cannot nest managed system groups.Read and write permissions control access to managed system group configuration and definition tasks; write permission controls who may modify managed system group definitions.You can assign read and write permissions to the top-level managed system group container to apply to all managed system groups and to the individual managed system group objects.The more specific permission supersedes the more general. For example, if a server in a managed system group has individually specified permissions, the permissions for the individual managed system prevail over the permissions for the managed system group. You do not have to make changes to the impersonation table or rights defined for the group when you add or remove managed systems from a managed system group or rename a group. In setting up an impersonation table, specify the name of the managed system group in place of the managed-node service name. Because the entries in an impersonation table are evaluated in a top-down order, you should arrange the order of these entries based on your needs.

The PATROL Console Server uses groups to the control rights and permissions of the users who belong to a group. The PATROL Console Server may also use groups to determine the accounts used to authenticate the user with each managed system in a given profile. All users inherit permissions from the group to which they belong.Administrators can use groups in the following manner. Administrators can grant all members of a group a permission. However, individual members can be denied the permission, even though the permission is granted to the groupAdministrators can grant additional permissions to individual group members provided the group to which the user belongs is not denied those permissions. Administrators can deny all members of a group a permission. If a group is denied a permission, individual members cannot be granted the permission by any other means. Administrators can define the same accounts used to authenticate the user with one or more managed systems for all members of a particular group.

When a user connects to the PATROL Console Server from a console, the user logs on with an operating system account that the PATROL Console Server knows. The PATROL Console Server uses the operating system account to identify the user, the groups to which the user belongs, the PATROL rights and permissions the user has, and the accounts used to authenticate the user with each managed system in a givenprofile.The PATROL Console Server passes on the user account information or an alias to a user account to the managed system groups so that the managed systems can also identify the user. The user account can be a local or domain account.You set up user accounts in the operating system for each computer. You set up the impersonation table for aliases in the PATROL Console Server with PATROL Central Administration.

Permissions are used to control access to objects. Objects are arranged under the Permissions folder in PATROL Central Administration according to the following hierarchy: PATROL Knowledge Modules KM name Managed System Groups managed system group name KM name Managed Systems managed system name KM name Management Profiles management profile nameACLs on the objects in the hierarchy determine which groups and users have which access permissions for which objects. For more information about how permissions are inherited and wildcard objectsPermissions for Knowledge Modules

Definition of Managed System Group Permissions Read = Allowed / Not Allowed to see a Managed System within the Add Managed Systems Wizard of a Management ProfileWrite = Allowed / Not Allowed to Add a Managed System to a Host GroupCreate = Allowed / Not Allowed to Create a Managed System for a Host Group Destroy = Allowed / Not Allowed to Delete Host Groups.Subscribe = Allowed / Not Allowed to connect to Managed Systems in a Host Group.

Permissions for Managed Systems

Permissions for Management Profiles

The PATROL architecture uses operating system accounts on each managed system and an impersonation table in the PATROL Console Server to control access to each managed system. Accounts can be local accounts or domain accounts. Users can access a managed system only in the following situations: The user logs on to the PATROL Console Server with a domain account that is also known to the managed system. The user logs on to the PATROL Console Server with a local account, and the managed system has an account with an identical user name and password. The user has an account on the managed system and enters the user name and password when connecting to the managed system. The impersonation table in the PATROL Console Server is set up to provide an alias for the user to a user account on the managed system. The impersonation table in the PATROL Console Server is set up to provide an alias for the managed system group to which the user belongs. The user can connect to any managed system if the impersonation table in the PATROL Console Server is set up to provide an alias for the managed system group to which the user belongs and the user is not otherwise restricted from connecting to the managed system.You set up user accounts in the operating system for the managed system. You set upuser accounts and groups in the operating system for the PATROL Console Server.You set up the impersonation table in the PATROL Console Server with PATROLCentral Administration. You created one or more optional managed system groups toadminister aliases and impersonation for the managed host systems in the groups.