CA Application Performance Management (APM) · with Gliffy shapes converted 01/10/2018 1.0 Lou Tedone Format fixes, minor grammar and spelling changes. Artifact Baseline

Copyright © 2018 CA. All rights reserved. All trademarks, trade names, service marks, and logos referenced herein belong to their respective companies.

Reference Architecture Version 1.1

CA Application Performance Management (APM)


Change History

Date Version Author Description of Change

08/31/2017 0.1 Lou Tedone Artifact creation

11/10/2017 0.2 Lou Tedone Added additional sections for

ATC, Universes, and other minor

changes based on team’s

feedback.

11/16/2017 0.3 Lou Tedone Updated for APM 10.7, added

additional verbiage for APM

Administrator role, split out

MOM-Collector port

assignments, HA explanation on

the architecture diagram, added

a brief section about HA, and

other minor changes based on

team’s feedback.

12/29/2017 0.4 Henrik Nissen Ravn Added REST AppMap/ATC API

HTTP communication for

federated queries.

Added description of REST API

security tokens.

Converted drawings to Visio

with Gliffy shapes converted

01/10/2018 1.0 Lou Tedone Format fixes, minor grammar

and spelling changes. Artifact

Baseline.

04/11/2018 1.1 Henrik Nissen Ravn Updating for 10.7: adjusting

diagrams, adding personas for

new features, updated sizing.

Distribution List

Date Version Name Company, Organizational Position

08/31/2017 0.1 Lou Tedone CA Architecture Team



12/29/2017 0.4 Henrik Nissen Ravn CA Architecture Team

01/10/2018 1.0 Lou Tedone CA Services, SWAT, APM

Product Management

04/11/2018 1.1 Henrik Nissen Ravn CA Architecture Team



Referenced Documents

Related Project Documentation

CA APM Product Documentation Bookshelf

https://docops.ca.com/ca-apm/10-7/en

CA Lead Practices for Application Performance Management / CA Support: APM Knowledge Center

https://support.ca.com/irj/portal/anonymous/newhome

CA APM Sizing and Performance Guide

https://docops.ca.com/ca-apm/10-7/en/installing/apm-sizing-and-performance-guide

https://docops.ca.com/ca-apm/10-5/en

https://support.ca.com/irj/portal/anonymous/newhome

https://docops.ca.com/ca-apm/10-5/en/installing/apm-sizing-and-performance-guide

5 Copyright © 2018 CA. All rights reserved. All trademarks, trade names, service marks, and logos referenced herein belong to their respective companies.

Contents

Planned End State ........................................................................................................................................................ 7

Solution Personas ......................................................................................................................................................... 9

Interaction of Personas .............................................................................................................................................. 11

Foundation Capability CA APM .................................................................................................................................. 15

Foundation Functional User Stories ........................................................................................................................... 17

Foundation Logical Architecture ................................................................................................................................ 20

Network Context ........................................................................................................................................................ 20

Network Diagram – Foundation Physical Architecture ....................................................................................... 21

Data Flows Explained .......................................................................................................................................... 22

Architecture Commentary .................................................................................................................................. 26

Foundation System Specification Requirements ....................................................................................................... 33

Foundation Physical Architecture ....................................................................................................................... 33

Base System Configuration Requirements ................................................................................................................. 33

Node Configuration ............................................................................................................................................. 35

Solution Component Ports .................................................................................................................................. 35


Chapter 1: Executive Summary

The Reference Architecture provides information relating the baseline functional feature and technical architecture required to deliver the CA APM foundational solution.

This artifact is relevant only to the implementation of the foundational solution and will be superseded by more detailed design, implementation, test and operational artifacts as part of the following phases or iterations of the project to support the maturation of the solution both functionally and technically.

Planned End State


Chapter 2: Foundation Functional Feature

This section contains the following topics:

Planned End State

Solution Personas

Interaction of Personas

Foundation Capability <Capability Name>

Foundation Functional User Stories

Planned End State The planned state is to provide a reference architecture to support the implementation of CA APM. It documents the actual Architecture (the adoption and adaptation of the recommended architecture) that will be implemented for Agile Operations. This document can be considered as the logical and physical design, illustrating how the technical solution will be implemented to meet the architecture (non-functional and environment constraints) requirements and how it will be configured or customized to support the requirements. The instantiation of the physical architecture can be found in the Build and Integration Handbook after the solution implementation.

All content contained in this document is based on CA Lead Practices and where necessary, it has been updated to reflect the corporate governance standards for architecture requirements. The following shows the APM logical system architecture. This graphic is a simple representation of an APM cluster.

Agents

Agents

EEM

Enterprise Manager

Collector

Enterprise Manager

Collector

Enterprise Manager

Collector

TIM

TIM

TIMAPM Database

Enterprise Manager

MoM

CEM Console

Team CenterWebView

APMSQLServer

Planned End State

8 Reference Architecture White Paper Template Copyright © 2018 CA. All rights reserved. All trademarks, trade names, service marks, and logos referenced herein belong to their respective companies.

This graphic is a simple representation of the UI interactions to the APM cluster.

This graphic is a simple representation of the Enterprise Team Center UI interactions to the APM cluster.

JVM

JVM

Agent

APM Database

Enterprise Manager

CEM Console

SmartStorWebView

Team Center

Workstation

Web Applications

InfrastructureAgent

OS

APIs

Scripts

Plug-ins

Agile OpsPlatform

Solution Personas


Solution Personas The following table summarizes the solution personas and how they can use the CA APM solution. Where applicable, the personas are grouped by the capability in which they play a role:

Persona (Role) Description Expected Use of the new

Solution

APM Administrator Engage with IT teams to assure all the required instrumentation is in place to effectively monitor the business service.

Solution allows for collaboration of the monitoring initiative as a means of providing a consistent, manageable service.

Configure CA APM for applications Allows them to verify that the tool monitors the business services and is operating as designed.

Integrate CA APM with other CA products

Supports connector services that allow the automated routing of alerts, thereby speeding up resolution.

Provide at-a-glance visibility of all alerts for application performance components

Allows them to create dashboards and reports for Key Performance Metrics (KPMs).

Understand capacity and sizing requirements to ensure optimal availability, accessibility, and monitoring service

Understanding and using APM Supportability metrics to ensure that the APM monitoring services are available, accessible and usable.

Agent Health View ptovide at-a-glance overview of APM agents’ health

Monitors and visualizes APM infrastructure health

Application Developer Have at-a-glance and trace visibility application software code components for the application

Possess the ability to dynamically trace troublesome components to improve application performance.

Provide at-a-glance visibility and notification of all alerts for application performance components

Understand the nature of identified problems so that they address performance gaps in the software code.

Provide the ability to quickly isolate a code fault, performance delay, and/or error in application components

Quickly use the tool to determine where to isolate the problem, in order to correct the issue.

Solution Personas



Solution

Middleware Specialist Have at-a-glance and trace visibility to the application middleware stack that supports the application

Supporting the monitoring middleware and possess ability to assess, plan and address issues before impacting the business service.

Understand the details of issues by drilling down to specific middleware component areas

Analyze trending over time that will aid in identifying and preventing problems before they happen.

Performance Test

Engineer

Drill down to component level and see alert components that are affecting performance testing

Identify the root cause and to facilitate remediation.

Have at-a-glance visibility and access to all alerts during performance testing phase

Allow fast fault isolation of performance bottlenecks before the code is propagated into production.

Production Performance

Engineer

Drill down to component level and see alert components that are affecting application performance

Identify the root cause and to facilitate rapid remediation.

Have at-a-glance visibility and access to all alerts that affect application production performance

Allow fast fault isolation of performance bottlenecks to ensure minimal impact to delivering the business service.

Production Support

Analyst

Have at-a-glance visibility into the health (application performance and availability) for IT business services

Knowledge of issues with IT infrastructure that provides oversight that will help lead to faster resolution.

Have at-a-glance visibility into the health (application performance and availability) for the IT business services

Have real time view of performance and availability of application that supports the business.


Understand the nature of identified problems so that they can follow up with the responsible resolver teams.


Allow them to see which part of the application is experiencing issues, and the impact of the issue to the business service.

Utilizing layers allows briding technology boundaries: infrastructure context to applications and transactional context to infrastructure

Allow direct tying of infrastructure issues as root-cause for applications or transactions problems as well as to expereinces




Solution

Assisted Triage Resource Analyst provides infrastructure-sourced evidence to enrich root cause problem isolation

Microservices Architect,

Engineer, and Analyst

Provide full monitoring insights into containerized applications that you architect, deploy, scale, and manage: know health, issues, availability, and performance of your applications, processes, hosts and cloud instances

From health, status, and issues overview see if and which containerization object is experiencing issues. Understand and address issues correctly with assisted triage.

Obtain full visual overview of and insight into dependencies between objects of containerized environment like imaghes, cluster, hosts, instances, and applications in real time in highly dynamic containerized envisonments

Se how your microservices and containerization environment is architected, and connected and analyze scaling and performance utilizing dependency information.

Use the collected metrics data to know the health of your containers Use the collected metrics data to as well as to streamline the up- or down-scaling of your environment

Allow you to assess if your microservices and containerization is performing and scaling optimally.


Role or Persona Name Definition

APM Administrator Individual that implements and maintains APM enterprise monitoring oversight across all Application or Business Services supported by the Enterprise Monitoring Team. Is responsible for the APM implementation, upgrades, and monitoring infrastructure capacity and health. Role has elevated server rights across the enterprise.

APM Architect Individual that provides APM enterprise monitoring oversight across all Application or Business Services support by the Enterprise Monitoring Team. Also responsible for automation, capability, standards, and process governance.

APM Consumer Individual that consumes the services in the APM product. This includes, but not limited to, UI access, metrics, reports, queries, and application performance metrics.

APM Engineer Please see APM Administrator.

CEM Administrator Individual that implements and maintains CEM enterprise monitoring oversight across all Application or Business Services supported by the Enterprise Monitoring Team. Role has elevated server rights for product installation, configuration, and maintenance.




CEM Analyst Individual that implements and maintains CEM application recordings for the Enterprise Monitoring Team. Role is also responsible for establishing service levels for Business Services and Transactions.

CEM Consumer / User Individual that consumes the services in the APM CEM product. This includes, but not limited to, UI access, reports, queries, and SLA performance metrics.

Customer The individual or organization that is responsible for accepting the product and authorizing payment to the developing organization.

Developer An individual who designs, writes and tests computer programs

Development Lead An individual who direct the performance or activities a developer or set of developers.

Director or Vice President

A senior management role that strategically oversees the activities of various management teams. Role can enforce policy.

End-User The individual or group who will use the system for its intended operational use when it is deployed in its environment. In the context of Enterprise Monitoring, End-User implies the consumer of the Application or Business Service.

End-User Representatives

A selected sample of end users who represent the total population of end users.

Executive Leadership The role is the authority that maintains governance policies of the company. Role is associated with corporate officers.

Executive Stakeholder Executive Stakeholder is the authority that manages the governance policies of the company. Role is associated with Directors or Vice Presidents.

Manager A role that encompasses providing technical and administrative direction and control to individuals performing tasks or activities within the manager’s area of responsibility. The traditional functions of a manager include planning, resourcing, organizing, directing, and controlling work within an area of responsibility.

Point of Escalation The individual, usually a manager that is a point of escalation for Development.

Project Manager or PM

The role with total business responsibility for an entire project; the individual who directs, controls, administers, and regulates a project building a software or hardware/software system. The project manager is the individual ultimately responsible to the customer.

Requester The individual that requests monitoring services from the Enterprise Monitoring Team.

Software Configuration Control Board (SCCB)

A group responsible for evaluating and approving or disapproving proposed changes to configuration items, and for ensuring implementation of approved changes.

SME Subject Matter Expert. An individual that has undisputed experience of working in the application or Business Service infrastructure, or usability of all technological components.

Technical Writer Individual responsible for ensuring that a document follows technical writing standards.




Ticket Submitter Individual who enters a problem or issue into the Incident System.


Foundation Capability CA APM The following table summarizes the capability, the technology, and the primary user stories.

Aspect Description

SR1:

Problem Identification

Real time status information is collected from CA APM Agents (e.g. System Agent); This component reports status changes and sends alarms to a third-party application

User experience can be monitored and alerted

APM monitors its own infrastructure and supports alert identification of a component fails

APM allows the extraction of metric data using APIs and web services and support alerting using SNMP trap forwarding

SR2:

Business Impact

IT to business alignment will be achieved through defining specific IT Services and the servers / services upon which they rely.

The business impact of an IT “event” is now determined through assignment of an importance level to the originating device or service

SR3:

Effective Prioritization of Events

APM determines what events to turn into alarms and what severity level is assigned.

APM determines the impact of events on particular services and generates alarms at designated severity levels

SR4:

Reduced Resource Requirements

Centralized and consolidated monitoring reduces the complexity and effort to manage the environment

Automated notification eliminates manual effort

Business impact information helps Operations staff focus on the most important events

SR5:

Reduction of APM Monitoring Environments

A single cluster will serve as a consolidated APM monitoring solution.

APM Solution is scalable to support additional growth. Additional agents can be added as business demands change to support future growth

SR6:

Centralized View of APM Application Performance Monitoring

A centralized instance provides one environment for alert management, application discovery, event gathering, single application root-cause deep dive, reporting, and notification services.

Foundation Capability CA APM


Aspect Description

SR7:

Event Management

Defined thresholds are triggered to alert Operations staff to potential problems before they become critical

Metrics trending statistics are gathered for customer analysis; the aggregated data is analysed in order to reduce the number of alarms.

Probable cause information is provided with alarms to assist IT operation staff in troubleshooting and resolving issues.

SR8:

Automated Notification

IT support staff is automatically notified of high impact events through selected notification methods, including pager, email and (optional) CA APM integration.

SR9:

Reduced Mean Time to Repair

Managing multiple APM consoles is replaced with one, single cluster console

Metrics trending statistics are gathered for customer analysis; the aggregated data is analysed in order to reduce the number of alarms.

APM supports a deep dive of transactions end-to-end.

SR10:

High Availability

The APM solution can be deployed in a fault tolerant, highly available and/or disaster recovery environment to provide greater uptime and resiliency.

SR11:

User Management, Security, and Retention

The APM solution provides specific access based on user role and credentials.

APM supports Active Directory integration

CA APM software support configurable port assignments

Special APM components will mask any inbound packet data to protect exposure to sensitive or private data elements.

APM Supports configurable and user-defined records retention and off-loading for archival purposes.

SR12:

Usability

The APM solution provides end user management to determine user impact.

The APM solution supports encrypted and unencrypted packet traffic.

The APM solution provides deep-dive monitoring to determine probable root cause for application software behaviors; middleware, and backend calls

The APM solution provides meaningful and actionable patterns and will provide improved alert quality.



Aspect Description

SR13:

Performance and Scalability

APM supports physical and virtual instances.

The APM agent provides a non-intrusive footprint on the application server layer and can be configured to have minimal impact on the application tier.

The APM solution can scale as the business needs grow.

Foundation Functional User Stories The following section summarizes the functional user stories and the personas that participate in them.

As a/an I want So that

APM Administrator Engage with IT teams to assure all the required instrumentation is in place to effectively monitor the business service.

Solution allows for collaboration of the monitoring initiative as a means of providing a consistent, manageable service.

Configure CA APM for applications Allows them to verify that the tool monitors the business services and is operating as designed.

Integrate CA APM with other CA products

Supports connector services that allow the automated routing of alerts, thereby speeding up resolution.

Provide at-a-glance visibility of all alerts for application performance components

Allows them to create dashboards and reports for Key Performance Metrics (KPMs).

Understand capacity and sizing requirements to ensure optimal availability, accessibility, and monitoring service

Understanding and using APM Supportability metrics to ensure that the APM monitoring services are available, accessible and usable.

Application Developer Have at-a-glance and trace visibility application software code components for the application

Possess the ability to dynamically trace troublesome components to improve application performance.


Understand the nature of identified problems so that they address performance gaps in the software code.



As a/an I want So that

Provide the ability to quickly isolate a code fault, performance delay, and/or error in application components

Quickly use the tool to determine where to isolate the problem, in order to correct the issue.

Middleware Specialist Have at-a-glance and trace visibility to the application middleware stack that supports the application

Supporting the monitoring middleware and possess ability to assess, plan and address issues before impacting the business service.

Understand the details of issues by drilling down to specific middleware component areas

Analyze trending over time that will aid in identifying and preventing problems before they happen.

Performance Test

Engineer

Drill down to component level and see alert components that are affecting performance testing

Identify the root cause and to facilitate remediation.

Have at-a-glance visibility and access to all alerts during performance testing phase

Allow fast fault isolation of performance bottlenecks before the code is propagated into production.

Production Performance

Engineer

Drill down to component level and see alert components that are affecting application performance

Identify the root cause and to facilitate rapid remediation.

Have at-a-glance visibility and access to all alerts that affect application production performance

Allow fast fault isolation of performance bottlenecks to ensure minimal impact to delivering the business service.

Production Support

Analyst

Have at-a-glance visibility into the health (application performance and availability) for IT business services

Knowledge of issues with IT infrastructure that provides oversight that will help lead to faster resolution.

Have at-a-glance visibility into the health (application performance and availability) for the IT business services

Have real time view of performance and availability of application that supports the business.


Understand the nature of identified problems so that they can follow up with the responsible resolver teams.


Allow them to see which part of the application is experiencing issues, and the impact of the issue to the business service.



Chapter 3: Foundation Physical Architecture

This section provides information relating to default configuration requirements that apply to the applications; for example, Port numbers for Web Services, Database Configuration, OS Configuration, and Supporting Services. The information provided must align with the associated baseline technical architecture and hence it focuses on specific platform requirements and component configurations for the CA APM solution.

This section contains the following topics:

Foundation Logical Architecture

Network Context

Foundation System Specification Requirements

Base System Configuration Requirements

Foundation Logical Architecture


Foundation Logical Architecture The following architecture illustrates the required application component packaging for the CA APM foundation solution:

Network Context The following series of diagrams provide a reference implementation architecture design for the deployment of the CA APM solution.

Agents

Agents

EEM

Enterprise Manager

Collector

Enterprise Manager

Collector

Enterprise Manager

Collector

TIM

TIM

TIMAPM Database

Enterprise Manager

MoM

CEM Console

Team CenterWebView

APMSQLServer

Network Context


Diagram Notes:

• Default Ports in Use: 80, 5001, 5250 (EEM), 5432, 5443 (if secure socket, where 5001 is used), 8080, 8081, 8088 or 8443 (when HTTPS, where 8088 is used), 8888, 51914

• For direct user connectivity to the MOM UIs, use port 8080 for WebView, and port 8081 for the APM and CEM UIs that reside on the MOM.

Network Diagram – Foundation Physical Architecture This section contains one or more views for the CA APM solution which shows the physical/virtual instantiation of the solution for the Foundation Physical Architecture environment. The unique network requirements placed on the CA APM solution is summarized in the following diagram:

TIMPort80

Port8081

Port5001

Port5001Port

8081

Port 5432

Port5432

Port5432

Port80

Port8888

Port8081

Port8081

Port8080

Port5001

Port5001

Port51914

Port80

Port5250

CA APM PORTS

EMWeb

Server

Enterprise ManagerMoM

{REST}Client

Port8081

Port5001

SPAN

Port8088

Command Center Configuration Server

Web Server

ActiveMQ Broker

Command CenterAgent Controller

EMWeb

Server

Collector

AgentAgentAgent

WebViewServer

WebView

Team Center

Port5001

Port8081

EMWeb

Server

TIMCollector

APM Database

Agent Command Center

Browser

Team CenterWebView

Browser

CEM Console

Browser

EEM Admin

Browser

Port5250

EEM Server

Workstation

APMSQLServer

ODBCPort 54320

JDBCPort 54321

JDBC/ODBCClient

Network Context


Data Flows Explained

Data flow are detailed and explained in more detail below, including external components such as SNMP and DNS.

Thicker flow lines in the diagrams denote larger data volume.

CEM Data Flow CEM data flow is as depicted in this diagram:

UI Layers

APM 10 Reference Architecture

CEM Console Line Colors

Blue Lines (normal):CEM packet processing

Blue Lines (large): Application user TCP packets

Red Lines (large): APM agent processing

Red Lines (normal): APM processing

Orange Lines (normal):APM UI connections

Orange Lines (large):APM UI processing

Green Lines (normal): represent HA failover

Black Lines (normal)Federated REST data queries (pull) or Subscribed Isengard data queries (push)

HA achieved through DNS virtual

host entry or internal CA APM

configuration

ODBC

JDBC

RESTAPI

Webserver forTeam Center& WebView

APMSQL Server

TIM

SNMP GatewayFor Traps

- or -Destination Connector

Service

Workstations

Switch

Team CenterClients

DxCCollector MOM

Secondary

TIMCollector

Collectors

MOMPrimary

Agents (up to 400)

TIMDatabase

Network Context


• TIM Server receives TCP/HTTP packets from switch SPANs and assembles into session data.

• TIM Collector Service on TIM-Collector fetches session data from TIM Server. DXC-

collector also fetches session data.

• If enabled, RTTM metrics are written to SmartStor and forwarded to MOM, when

subscribed, for custom domains, virtual agents, calculator and alert processing.

• TIM aggregation Service on TIM-Collector writes aggregated SLA-data to APM Database.

• Subscribed metrics and alerts are pushed to workstations’ graphic controls.

Agent Data Flow

Agent data flow is a depicted in this diagram:

• Agents send metrics and events data to Collectors

• Collectors store metrics and events locally

TIM

Web Server

TIMCollector

Web Server

Team Center


SwitchSwitch

Switch

CA APM CEM FLOW

APM Database

DXC Collector

SNMPGateway

Workstation

Web Server

Collector

Agent

CA APM AGENT DATA FLOW

Web Server

Team Center


APM Database

DXC Collector

SNMPGateway

Workstation

Network Context


• Subscribed metrics for custom domains, virtual agents, calculators and alerts are sent to MOM

• Alert action SNMP traps are sent to SNMP server

• On the EM/Collectors, transaction traces are processed for correlation and

vertex and edge creation to produce partial Team Center maps forwarded to Team Center for joining and written to APM database.

• Subscribed metrics and alerts are pushed to workstations’ graphic controls.

UI Data Flow UI data flow is a depicted in this diagram:

• Team Center query data from MOM that spawns federated queries to collect data from all collectors and APM database

• UI graphic controls of Team Center and WebView query (REST) and WorkStation

subscribe (Isengard) to data from MOM that manages subscription queries (Isengard) and federated queries (REST) from all collectors

• APMSQL and REST Clients submit HTTP REST requests to the MOM’s Web server

that spawns federated HTTP REST queries to all collectors’ Web servers.

• APMSQL exposes ODBC and JDBC interfaces

• REST clients consume JSON documents

APMSQLServer

Web Server

Collector

Web

Server

TIMCollector

Team CenterWebView Workstation

CA APM UI DATA FLOW

Web Server

Team Center


RESTClient

APM Database

Network Context


Agent Connectivity Data Flow Agent Connectivity Flow is as depicted in this diagram:

• The MOM notes it’s configured collectors, connects to them and sends it’s Domail.XML to them so that agent cannot connect to an unallowed collector.

• In clusters agents initially try to connect to the MOM and the MOM sends an allowed

collectors list in response. If configured the agent caches the list for resilience.

• Agents try to connect to the first collector in the received allowed list. If it fails (collector

not available or not allowed) it will retry the MOM (next in list) to get a fresh allowed collectors list.

• If the MOM is not available agents will try collectors of their cashed lists (every second

entry), if available, if not (not cached or newly started) they will keep trying the MOM.

• If overloaded due to metric clamps, the Collectors will not accepts agent connections and

will report as overloaded to the MOM. The Collector is excluded from allowed lists.

• Agents may be configured for direct collector connection that is accepted if configured.

Should only be used for pre-9 agents.

• TIM collectors should be exempted from agent connections.

• With best practices configuration host names are used for MOM and Collectors. Hence,

the DNS server is queried by agents to resolve MOM and collector host names, and by the MOM to resolve collector host names (remember, collectors are not configured with MOM’s host name). Obviously, agents are using DNS through monitored applications’ VM.

Web Server

Collector

Agent

CA APM AGENT CONNECTIVITY FLOW

Web Server

Team Center


DNSServer

Network Context


Architecture Commentary The below covers User Roles and Functions, Authentication and Authorization, User Management, Data and Communications Security, and Data Retention for APM logs.

User Roles and Functions The below describes the User Role and Functions that are part of the APM solution. Solution Administrator – This is a full administrator role with access to all CA software.

• APM: Admin security group. Given APM administrator privileges

Solution Operator – This is an intermediary “super-user” role with read-write access to

specific software and functions.

• APM: Configuration Administrator security group. Role manages general configuration

Operator – This is the typical “operator” role with read-only access d Fault/Performance

information that are related to their business unit.

• APM: Incident Analyst has access to reports and views including information on defects.

Executive – This role will be used specifically to provide “consumer” access to Executive

Insight dashboards.

• APM: Does not assign users to any APM group

Authentication and Authorization APM integrates with Active Directory and can be configured to use Active Directory (single-domain) for authentication. When a user logs in to APM, their login credentials are passed from the web browser and authenticated via the integration with Active Directory. If the user passes authentication, the user is authorized to access the product based on their role.

User Management APM User access will be provided by LDAP authentication to Active Directory. The access verification method is configured through the realms.xml file on the APM MOM. Local accounts may also be configured for fallback in case LDAP is unavailable. The current realms.xml file will be reused for the new APM infrastructure.

Data and Communications Security All components of the CA Solution can use HTTP or HTTPS for Passwords user access. Per HTTP protocol standard, even simple HTTP using Basic authentication leverages user credentials encoding using the RFC2045-MIME variant of Base64, which ensures that the passwords cannot be extracted from the data. Monitored Traffic Business transaction packet payloads may be encrypted using Secure Socket Layer protocol carried by HTTPS. The SSL PEM key must be loaded in the TIM to enable these business transactions to be monitored or the data capture must be from a clear text source.

Network Context


API REST calls use security tokens issued by Team Center for authentication and authorization. Tokens may be temporary or permanent and can be invalidated at any time. They can only be viewed (seen) on creation. For intra-component (ETC-ATC) system type tokens are used. A REST endpoint can also issue a 1 hour temporary token based on user id and password.

Data Retention for APM Logs APM logs will be retained for 6 months. These logs are typically not automatically removed and require manual intervention to purge.

Network Context


High Availability (HA)

The Enterprise Manager failover works by designating multiple Enterprise Managers in a cluster as follows:

• One Enterprise Manager as a primary computer and the other as a secondary or backup.

• Both Enterprise Managers as primary computers.

The responsibility of the secondary is to take control when the primary fails and to relinquish control when the primary recovers. The responsibility of the primary is to take control from the secondary.

You can configure Enterprise Manager failover when a pair of Enterprise Managers shares a single Introscope installation. Typically, the two Enterprise Managers are on different computers. The Introscope installation must reside on a network file system because both Enterprise Managers need read access to the Introscope installation. However only one Enterprise Manager at a time needs write access. For example, the Introscope installation could be shared using a Network Attached Storage (NAS) protocol such as these protocols:

• Network File System (NFS)

• Server Message Block (SMB)

To provide a cluster stability, CA Technologies recommends that you configure failover for your MOM Enterprise Manager. In addition, you can configure failover for one or more Collectors and CDVs within a cluster or for a standalone Enterprise Manager. If you are configuring failover for the MOM, Collectors, and CDVs in a cluster, you configure each Enterprise Manager individually.

• Additional information on configuring Enterprise Manager HA can be found here: https://docops.ca.com/ca-apm/10-7/en/administrating/configure-enterprise-manager/configure-enterprise-managers-and-clusters/use-enterprise-manager-failover

Virtualization

In a virtual environment, you can share resources to maximize your return on hardware investment or provide higher availability. However, because most of the CA software (APM, Performance Manager, Spectrum, UIM, etc.) will need to react to changing environmental conditions in real-time.

The CA software requires CPU resources, memory resources, and disk speeds to be running at optimal capacity. If any one of these resources is impacted because of another virtual machine or the virtual infrastructure places false limits on the resources available to the CA software, the performance of software will negatively be affected. Therefore, we recommend that you run CA software with CPU and memory resources that are dedicated 100 percent of the time. If you are using a storage area network (SAN), it is important to match the SAN performance requirements to be equivalent or better than those recommended in our hardware specifications.

https://docops.ca.com/ca-apm/10-5/en/administrating/configure-enterprise-manager/configure-enterprise-managers-and-clusters/use-enterprise-manager-failover



Network Context


The best practice recommendation is to fully dedicate resources that are equivalent to what would be provided by a physical system, these are specified in the hardware specifications, for Virtual Machines (VMs) being used for the CA software. Specifically, for VMWare environments, we recommend:

• Dedicated (reserved) resource group(s) should be assigned to the CA software

virtual machines(s) to ensure required resources are always made available (e.g.

reserved) regardless of the state of any other VMs running on the same server. The

specific resource group allocations should be based on the sizing information from

provided by the CA.

• Specific RAID volumes or LUN should be created with dedicated disks/spindles for

the CA software to avoid disk I/O contention from other applications which may be

sharing the same RAID or storage array. The greater the volume of disks/spindles

allocated to the RAID volume or LUN will provide greater IO distribution and will

maximize read/write times for the processes.

• Ensure that the size the virtual machine memory leaves adequate space for the Java

heap, the other memory demands of the Java virtual machine code and stack, and

any other concurrently executing process that needs memory from the guest

operating system.

• Set the memory reservation value in the VMWare Infrastructure Client to the size of

memory for the virtual machine. As any type of Memory Swapping (physical or

virtual) is detrimental to performance of JVM heap especially for Garbage

Collection.

• If your ESX host is overcommitted, ensure that the Balloon Driver is running within

the virtual machine so that memory is optimally managed.

• There is no protection for the JAVA process memory. Therefore, it is recommended

that the following calculation is used:

Network Context


VM Memory = Guest OS Memory + JVM Memory JVM Memory = JVM Max Heap [-Xmx value] + JVM Perm Gen [-xx: MaxPerSize] + Number of Concurrent Threads * Memory Per Thread [-Xss ] Note: ESX Server version 3.5 does not allow for I/O load balancing across HBA cards. By following the lead practices of dedicating necessary resources to the CA software, you will limit the issues that are caused by lack of resource availability.

Due to the nature of the CA software and how can be negatively affected by CPU, memory and disk resource constraints, great care should be taken to ensure that the software can effectively share resources based on the above requirements.

Introscope Domains and the APM UIs The implementation of Introscope domains propagate to all of the APM UIs. For federated access and security, a user is assigned to a domain using permissions granted through LDAP or standard APM security. When enforced, the user will only have access to their application as it will reside exclusively in an APM domain. For example, the APM Team Center (ATC) UI will allow the user to only view their specified domain.

For the implementation of ATC, there are circumstances where the user can cross domains (i.e. a Middleware Specialist). This type of user may be assigned at the highest level. The user is only permitted to view the content (read only) and domains may be flattened by assigning the user to a specific Universe. A Perspective would also be created in order for this persona to view all middleware metrics across multiple application servers, regardless of application. If a requirement exists where this persona can only view a subset of the middleware servers, the perspective can be set to allow a limited view based on ATC server filters.

Network Context


ATC Universe permissions can be assigned to individual users or groups of users. Groups or users who are assigned to a universe have one of three levels of permission for that universe.

• Read: With read permission, users cannot edit any Team Center values.

• Edit: With edit permissions, users can create new custom attributes, and can edit and delete custom attribute values.

• Manage: With manage permissions, users can edit custom attribute values and change universe permissions

Define and Configure Introscope Domains

Introscope uses domains to partition agents and monitoring logic to define which CA APM users can see what information. You map Introscope agents to a domain using a Perl5 regular expression in the domains.xml file. This file is located in the <EM_Home>/config directory. You use domains.xml to define your domains regardless of which security realm you are using.

In addition to configuring domains, you also configure domain permissions when setting up Introscope security. For Local security, you configure domain permissions in the domains.xml file.

There are two types of domains in Introscope:

• SuperDomain – The SuperDomain is the superset domain that contains all user-defined domains in the system. All agents are visible in the SuperDomain, but might also appear in user-defined domains. The default Introscope configuration contains only the SuperDomain. If you do not configure any other domains, all agents are mapped to the SuperDomain.

• User-defined domain – You define new domains in the domains.xml file, which is located in the <EM_Home>/config directory. The domains.xml file provides mappings of domain names to regular expressions.

The rules for defining domains in the domains.xml file are:

• Domain defining must follow valid XML file rules.

• Domain names are case-sensitive.

• Any domain must be placed inside the root XML domain element.

More information about domain setup and configuration can be found here:

https://docops.ca.com/ca-apm/10-7/en/administrating/apm-security/define-and-configure-introscope-domains



Network Context


Team Center Universes For Team Center, Universes let the administrator refine the number and types of components into easy to use groups. This refined group is a Universe. For security reasons, there is no default assignment to all users. Each user must be allocated to a Universe to view Application Performance Management. The user is warned if no Universe is associated with the user ID. As an administrator, create universes for users. Use the default universe that is created for every connected provider, or, create a custom universe. The administrator can create a universe by applying a Filter to remove unrequired component data from the data set leaving a Universe tailored to the needs of a particular user or group. The administrator can create numerous universes to create a series of manageable spaces that users can easily switch between to make navigation of the Environment easier for investigation. Alternatively, the administrator can use the same universe tool to ensure that specific user access is restricted as required by company security requirements. Note: You can quickly create universes based on existing domains. Create a filter based on the agentDomain attribute, select the domain required, and click Create Universe. As a Team Center Administrator, assign at least one universe to each user so they can access content. A universe consists of:

• A name – A unique identifier

• A filter – Defines the Team Center data set.

• A list of users – Users with access to this universe Some universes are pre-defined and created by default:

• A universe is created automatically that contains all components for a host. Host universes are named in a format “hostname components”.

• The ‘Enterprise’ Universe includes all components in the environment. Use this Universe as a starting point for creating universes.

Note: Predefined universes cannot be deleted or modified. You can use a predefined universe as the basis of a new universe. Click Edit and make modifications, click save as, and provide a new universe name. A transaction path filter identifies all components in all transaction paths that pass through a component with attribute values that are specified in the filter criteria. Example: Set the filter criteria Location = London and Owner = Steve. You see all components in all transactions that go through a component that is located in London and owned by Steve. Set Transaction Path Filters in the filter drop-down bar. More information about Universes in Team Center can be found here: https://docops.ca.com/ca-apm/10-7/en/administrating/configure-team-center/configure-universes.

https://docops.ca.com/ca-apm/10-5/en/administrating/configure-team-center/configure-universes

https://docops.ca.com/ca-apm/10-5/en/administrating/configure-team-center/configure-universes

Foundation System Specification Requirements


Foundation System Specification Requirements The hardware requirements for the solution, for highest capacity, are defined in the following subsection.

The Sizing information is dependent on third party hardware vendor specifications which is subject to change at any time, and should be confirmed with the respective vendors that it represents the latest information.

Foundation Physical Architecture The hardware required for the Foundation Physical Architecture solution is given in the following table that is an extract from the sizing and performance quide1. For detailed sizing information please consult he APM sizing and performance guide2. Please note that the requirements are for either physical or virtual servers.

APM Component Qty RAM Max Heap Size

CPUs OS &SW

Disk Space Database OS Notes

Database 1 16 GB - 8 cores 150 GB

Postgres or Oracle - 1.5 TB

Logs - 100 GB

RHEL 7 or Win 2012 R2 64 Bit

One database instance per APM cluster.


CPUs OS &SW

Disk Space SmartStore (SS)

Traces OS Notes

MOM (Primary and Secondary)

2 32 GB 16 GB 8 cores 500 GB

SS - 150 GB

Traces - 50 GB


JVM heap should not exceed 18 GB, remaining RAM is reserved for OS.

Collector for APM Agents

1 16 GB 8 GB 8 cores 150 GB

SS - 300 GB

Traces - 80 GB


Up to 10 collectors per cluster (including 2 collectors for DxC and TIMs).

Collector for DxC (Browser Agent)

1 16 GB 8 GB 8 cores 200 GB SS - 800 GB RHEL 7 or Win 2012 R2 64 Bit

One instance per cluster.

Collector for Transaction Impact Monitor (TIM) Collection service

1 8 GB 6 GB 8 cores 40 GB

SS - 20 GB

Traces - 50 GB

RHEL 7 or CENT OS

One instance per cluster. Supports multiple TIM

1 https://docops.ca.com/ca-apm/10-7/en/ca-apm-sizing-and-performance/hardware-sizing-and-performance. 2 https://docops.ca.com/ca-apm/10-7/en/ca-apm-sizing-and-performance.

https://docops.ca.com/ca-apm/10-7/en/ca-apm-sizing-and-performance/hardware-sizing-and-performance

https://docops.ca.com/ca-apm/10-7/en/ca-apm-sizing-and-performance/hardware-sizing-and-performance

https://docops.ca.com/ca-apm/10-7/en/ca-apm-sizing-and-performance


instances, maximum of 8.

Enterprise Team Center (ETC)


We recommend that you use one ETC per up to 4 clusters.

WebView Server 1 6 GB 4 GB 2 cores 300 MB

One WebView per cluster. One WebView per Enterprise Team Center. Two or more WebViews are possible behind a load balancer.

Consolidated Data Viewer (Optional)


Aggregates data from up to 10 collectors across different clusters.


CPUs OS &SW

Disk Space Data Store OS Notes

APM Command Center (Optional)

1 8 GB 6 GB 4 cores 150 GB 100 GB Linux 64 bit

Supports multiple clusters and up to 20 000 agents. Only Java agents and Infrastructure agents are currently supported.

APM Team Center User Interface

1 16 GB Intel

Core i7

Win 7 or later

For the best performance, we recommend that you use Google Chrome browser, version 58 or later, for the Team Center UI.




Node Configuration The following table summarizes the node configuration requirements:

Node Supporting Component

Configuration Requirements

MOM, Collectors,

ATC & ETC

Operating

System

RHEL7 or Windows 2012 R2 properly configured

Database Oracle Oracle Enterprise Edition, 11G R1 & R2, 12C

TIM Operating System

RHEL 7 or CentOS 6.9

Note: The information provided in this section is applicable to all nodes in all environments.

Solution Component Ports The following table summarizes the ports used by the Solution components:

From To Port (unidirectional unless stated)

Collectors MOM TCP 5001

MOM Collectors TCP 5001

Agents MOM TCP 5001

APM Users MOM TCP 5001, 8081

Admin Users MOM TCP 5001, 8081, 22

Team Center, WebView MOM TCP 5001

Agents Collectors, includes TCS and DxC TCP 5001

Admin Users All APM UIs TCP 5001, 8080,8081, 8082, 8088, 22

APM Users Team Center, WebView TCP 8080, 8082

MOM APMDB Postgres TCP 5432

Collectors APMDB Postgres TCP 5432

TIM APMDB Postgres TCP 5432

Admin Users APMDB Postgres TCP 5432

MOM SNMP Gateway TCP 162