Updated: 07 June 2001

DECamds User's Guide

Order Number: AA--Q3JSC--TE

This guide explains how to use DECamds software to detect and fix system availability problems. It also explains how to install DECamds.

Revision/Update Information: This guide supersedes the DECamds User's Guide, Version 7.0.

Operating System and Version: OpenVMS Alpha Version 7.1
OpenVMS VAX Version 7.1

Software Version: DECamds Version 7.1

Digital Equipment Corporation Maynard, Massachusetts

Digital Equipment Corporation makes no representations that the use of its products in the manner described in this publication will not infringe on existing or future patent rights, nor do the descriptions contained in this publication imply the granting of licenses to make, use, or sell equipment or software in accordance with the description.

Possession, use, or copying of the software described in this publication is authorized only pursuant to a valid written license from Digital or an authorized sublicensor.

Digital conducts its business in a manner that conserves the environment and protects the safety and health of its employees, customers, and the community.

© Digital Equipment Corporation 1998. All rights reserved.

The following are trademarks of Digital Equipment Corporation: Bookreader, DEC, DECamds, DECdirect, DECnet, Digital, MicroVAX, OpenVMS, OpenVMS Cluster, POLYCENTER, TK, VAX, VAXcluster, VAXft, VAXserver, VAXstation, VMS, and the DIGITAL logo.

The following are third-party trademarks:

IEEE is a registered trademark of the Institute of Electrical and Electronics Engineers, Inc.

Motif is a registered trademark of the Open Software Foundation, Inc.

OSI is a registered trademark of CA Management, Inc.

All other trademarks and registered trademarks are the property of their respective holders.

ZK5929

The OpenVMS documentation set is available on CD-ROM.

Contents

Index

Intended Audience

This guide is intended for system managers who install and use DECamds software.

Document Structure

This guide contains the following chapters and appendixes:

• Chapter 1 describes an overview of DECamds software, where to install DECamds, security features, and customizing security files.
• Chapter 2 describes how to start DECamds and use online help. It also describes the System Overview window and the Event Log window.
• Chapter 3 describes how to use the DECamds data windows.
• Chapter 4 describes how to take corrective actions, called fixes, to improve system availability.
• Chapter 5 describes the tasks you can perform to filter, sort, and customize the display of system data using DECamds. It also describes how some of these tasks can optimize the performance of DECamds.
• Appendix A contains instructions for installing DECamds.
• Appendix B contains a description of all files and logical names created when DECamds is installed and gives examples of the log files that DECamds writes.
• Terms used for DECamds are defined in the Glossary.

Related Documents

The following manuals provide additional information:

• OpenVMS Version 7.2--EFT2 Release Notes describes features and changes that apply to DECamds software.
• OpenVMS System Manager's Manual describes tasks you perform to manage an OpenVMS system. It also describes installing a product with the POLYCENTER Software Installation utility.
• OpenVMS System Management Utilities Reference Manual describes utilities you use to manage an OpenVMS system.
• OpenVMS Programming Concepts Manual explains OpenVMS lock management concepts.
• OpenVMS System Messages: Companion Guide for Help Message Users explains how to use help messages.
• POLYCENTER Software Installation Utility User's Guide describes the features you can request with the PRODUCT INSTALL command when starting an installation.

For additional information on OpenVMS products and services, access the Digital OpenVMS World Wide Web site. Use the following URL:

http://www.openvms.digital.com

Reader's Comments

Digital welcomes your comments on this manual.

Print or edit the online form SYS$HELP:OPENVMSDOC_COMMENTS.TXT and send us your comments by:

Internet	openvmsdoc@zko.mts.dec.com
Fax	603 884-0120, Attention: OSSG Documentation, ZKO3-4/U08
Mail	OpenVMS Documentation Group, ZKO3-4/U08 110 Spit Brook Rd. Nashua, NH 03062-2698

How To Order Additional Documentation

Use the following World Wide Web address to order additional documentation:

http://www.openvms.digital.com:81/

If you need help deciding which documentation best meets your needs, call 800-DIGITAL (800-344-4825).

Conventions

VMScluster systems are now referred to as OpenVMS Cluster systems. Unless otherwise specified, references to OpenVMS Clusters or clusters in this document are synonymous with VMSclusters.

In this guide, every use of DECwindows and DECwindows Motif refers to DECwindows Motif for OpenVMS software.

The following conventions are used in this guide:

Ctrl/ x	A sequence such as Ctrl/ x indicates that you must hold down the key labeled Ctrl while you press another key or a pointing device button.
PF1 x	A sequence such as PF1 x indicates that you must first press and release the key labeled PF1 and then press and release another key or a pointing device button. GOLD key sequences can also have a slash (/), dash (--), or underscore (_) as a delimiter in EVE commands.
[Return]	In examples, a key name enclosed in a box indicates that you press a key on the keyboard. (In text, a key name is not enclosed in a box.)
...	Horizontal ellipsis points in examples indicate one of the following possibilities: Additional optional arguments in a statement have been omitted. The preceding item or items can be repeated one or more times. Additional parameters, values, or other information can be entered.
. . .	Vertical ellipsis points indicate the omission of items from a code example or command format; the items are omitted because they are not important to the topic being discussed.
( )	In command format descriptions, parentheses indicate that, if you choose more than one option, you must enclose the choices in parentheses.
[ ]	In command format descriptions, brackets indicate optional elements. You can choose one, none, or all of the options. (Brackets are not optional, however, in the syntax of a directory name in an OpenVMS file specification or in the syntax of a substring specification in an assignment statement.)
[|]	In command format descriptions, vertical bars separating items inside brackets indicate that you choose one, none, or more than one of the options.
{ }	In command format descriptions, braces indicate a required choice of options; you must choose one of the options listed.
text style	This text style represents the introduction of a new term or the name of an argument, an attribute, or a reason. In the HTML version of this document, this convention appears as italic text.
italic text	Italic text indicates important information, complete titles of manuals, or variables. Variables include information that varies in system output (Internal error number), in command lines (/PRODUCER= name), and in command parameters in text (where dd represents the predefined code for the device type).
UPPERCASE TEXT	Uppercase text indicates a command, the name of a routine, the name of a file, or the abbreviation for a system privilege.
Monospace type	Monospace type indicates code examples and interactive screen displays. In the C programming language, monospace type identifies the following elements: keywords, the names of independently compiled external functions and files, syntax summaries, and references to variables or identifiers introduced in an example.
-	A hyphen at the end of a command format description, command line, or code line indicates that the command or statement continues on the following line.
numbers	All numbers in text are assumed to be decimal unless otherwise noted. Nondecimal radixes---binary, octal, or hexadecimal---are explicitly indicated.

This chapter describes the following:

• Overview of DECamds
• Where to install DECamds
• Security features

The Digital Availability Manager for Distributed Systems (DECamds) is a real-time monitoring, diagnostic, and correction tool that helps you improve OpenVMS system and OpenVMS Cluster availability. DECamds also helps system programmers/analysts to target a specific node or process for detailed analysis, and system operators and service technicians to determine hardware and software issues.

DECamds simultaneously collects and analyzes system data and process data from multiple nodes and displays the output on a DECwindows Motif display. Based on the analyzed data, DECamds detects events and proposes actions to correct resource availability and system denial issues in real time.

DECamds helps improve OpenVMS system and OpenVMS Cluster availability as follows:

Availability	Alerts users to resource availability problems, suggests paths for further investigation, and recommends actions to improve availability.
Centralized Management	Provides centralized management of remote nodes within an extended local area network (LAN).
Intuitive Interface	Provides an easy-to-learn and easy-to-use DECwindows Motif user interface.
Correction Capability	Allows real-time intervention, including adjustment of node and process parameters, even when remote nodes are hung.
Customization	Adjusts to site-specific requirements through a wide range of customization options.
Scalability	Makes it easier to monitor multiple OpenVMS systems and OpenVMS Cluster systems over a single site or over multiple sites.

1.1 How Does DECamds Work?

1. The Data Provider gathers system data and transmits it to the Data Analyzer.
2. The Data Analyzer receives data from the Data Provider, analyzes the data, and displays it.

A node that has the DECamds Data Provider installed announces its availability, using a multicast LAN message, to any DECamds Data Analyzer that is installed and running. The Data Analyzer receives the Data Provider's availability announcement and a communications link is established.

The Data Analyzer portion of DECamds is a DECwindows Motif application that runs on any OpenVMS Version 6.1 or later system. Although you can run the Data Analyzer as a member of a monitored cluster, it is typically run on an OpenVMS system that is not a member of the cluster being monitored. You can have more than one Data Analyzer application executing in a LAN, but only one can be running at a time on each OpenVMS system.

System data is analyzed and translated into meaningful values and rates that are displayed in DECwindows Motif windows. The data is screened for data points that exceed thresholds that might cause system or OpenVMS Cluster availability problems. The Data Analyzer can also implement various system correction options if authorized to do so.

The Data Analyzer and Data Provider nodes communicate over an Extended LAN using an IEEE 802.3 Extended Packet format protocol. Once a secure connection is established, the Data Analyzer instructs the Data Provider to gather specific system and process data.

Figure 1-1 illustrates the interaction of the Data Analyzer and Data Provider on nodes in a cluster.

Nodes A, C, D, E, F, and H can exchange information with the Data Analyzer. Node B has defined its security to exclude the Data Analyzer from accessing its system data. Node G has not installed DECamds and does not communicate with the Data Analyzer.

Figure 1-1 DECamds Processing

This section discusses where to install the DECamds software. You can install and run the DECamds Data Analyzer from either a cluster member or a standalone system outside the cluster. However, Digital recommends that you run the Data Analyzer from outside a cluster because then you can monitor system information even if the nodes in the cluster pause or hang.

Generally, you can install and run the DECamds Data Provider on any OpenVMS Version 6.1 or later system. However, specific system requirements vary with the number of nodes to be monitored and the amount of data to be collected. Appendix A describes the specific system hardware and software requirements for installing and running the DECamds Data Analyzer and Data Provider.

1.3 Security Features

• Private LAN transport
  The DECamds protocol is based on the 802.3 Extended Packet Format (also known as SNAP). The IEEE DECamds protocol values are as follows:

  Protocol ID: 08-00-2B-80-48 Multicast Address: 09-00-2B-02-01-09

  
  If you filter protocols for bridges or routers in your network, add these values to your network protocols.

• DECamds data transfer security
  Each node running DECamds as a Data Analyzer or a Data Provider has a file containing a list of three-part codes, called security triplets. See Section 1.3.1 for more information about security triplets.
  For Data Analyzer and Data Provider nodes to exchange data, at least one security triplet must match between the files on each system. DECamds Data Provider nodes that have read access allow system data to be viewed by the Data Analyzer node. Data Provider nodes that have write access also allow fixes to be performed by the Data Analyzer node.
• DECamds security log
  The Data Provider logs all access denials and executed write instructions to the operator communication manager (OPCOM). Each log entry contains the network address of the initiator. If access is denied, the log entry also indicates whether a read or write was attempted. If a write operation was performed, the log entry indicates the process identifier (PID) of the affected process.
• OpenVMS file protection and process privileges
  When DECamds is installed, it sets directory and file protections on its system-level directories so that only the SYSTEM account can read the files. For additional security on these system-level directories and files, you can create access control lists (ACLs) to restrict and set alarms on write access to the security files. For more information about creating ACLs, see the OpenVMS Guide to System Security.

The AMDS$CONFIG logical translates to the location of the default security files, including the following:

• The AMDS$DRIVER_ACCESS.DAT file is installed on all Data Provider nodes. The file contains a list of Data Analyzer nodes to which system data can be sent. It also contains the type of access allowed for each of those nodes.
• The AMDS$CONSOLE_ACCESS.DAT file is installed on only those nodes that run the Data Analyzer portion of DECamds. It contains a list of passwords to identify itself to Data Provider nodes.

You can create additional security files in the directory associated with the AMDS$CONFIG logical name. By default, this logical name is assigned to AMDS$SYSTEM. As you customize DECamds, you can change the logical assignment of AMDS$CONFIG to read input files from other locations.

The following sections describe what a security triplet is, where to find the security files, and how to set up your security files.

1.3.1 Understanding DECamds Security Files

A security triplet determines which systems can access system data from the node. The AMDS$DRIVER_ACCESS.DAT and AMDS$CONSOLE_ACCESS.DAT files on the Data Analyzer and Data Provider systems list security triplets.

A security triplet is a three-part record that is separated by backslashes (\). A triplet consists of the following fields:

• A network address (DECnet address, hardware address, or a wildcard character)
• An 8-character (alphanumeric) password
  The password is not case sensitive, so the passwords "testtest" and "TESTTEST" are considered to be the same.
• A read or write (R or W) access verification code
  For the Data Analyzer, the security triplets that allow write access are listed last in the AMDS$CONSOLE_ACCESS.DAT security file.

The exclamation point (!) is a comment delimiter; any characters after the comment delimiter are ignored.

Table 1-1 describes the detailed format of each portion of the security triplet and then gives some examples for different situations.

Table 1-1 Security Triplet Format

Item	Description
DECnet address (area.number)	Although DECnet is not required to run DECamds, the DECnet address is used to determine a node's physical address. The DECnet address is created by using the area.number format, where area is a value from 1 to 63, and number is a value from 1 to 1023. This address is modified into a physical address of the form AA-00-04-00-xx-yy to conform to the standard IEEE 802.3 protocol for network addressing. The AA-00-04-00 prefix is associated with the Digital owned address. The xx-yy suffix is the hexadecimal representation of the address formula: area*1024+number Note If you are running on a system with more than one LAN adapter or are running DECnet-Plus networking software, then this format is not valid for you. Instead, you must use the hardware address or wildcard address format for this field.
Hardware address (08-00-2B-xx-xx-xx)	The hardware address field is the physical hardware address in the LAN adapter chip. It is used if you have multiple LAN adapters or are running the DECnet-Plus networking software on the system (as opposed to the DECnet for OpenVMS Phase IV networking software). For adapters provided by Digital, the hardware address is in the form 08-00-2B-xx-xx-xx, where the 08-00-2B portion is Digital's valid range of LAN addresses as defined by the IEEE 802 standards and the xx-xx-xx portion is chip specific. To determine the value of the hardware address on a system, use the OpenVMS System Dump Analyzer (SDA) as follows: $ ANALYZE/SYSTEM SDA> SHOW LAN The previous commands display a list of available devices. Choose the template device of the LAN adapter you will be using and then enter the following command: SDA> SHOW LAN/DEVICE=xxA0
Wildcard address (*)	The wildcard character allows any incoming triplet with a matching password field to access the Data Provider node. Use the wildcard character to allow read access and to run the console application from any node in your network. Because the Data Analyzer does not use this field, you should use the wildcard character in this field in the AMDS$CONSOLE_ACCESS.DAT file. Caution Use of the wildcard character for write access security triplets enables any system to perform system-altering fixes.

The following steps show how DECamds uses the security triplets to ensure security among DECamds nodes:

1. A message is broadcast at regular intervals to all nodes within the LAN indicating the availability of a Data Provider node to communicate with a Data Analyzer node.
2. The node running the Data Analyzer receives the availability message and returns a security triplet that identifies it to the Data Provider and requests system data from the Data Provider.
3. The Data Provider examines the security triplet to determine if the Data Analyzer is listed in the AMDS$DRIVER_ACCESS.DAT file to permit access to the system.
   • If the AMDS$DRIVER_ACCESS.DAT file lists Data Analyzer access information, then the Data Provider and the Data Analyzer can exchange information.
   • If the Data Analyzer is not listed in the AMDS$DRIVER_ACCESS.DAT file, or does not have appropriate access information, then access is denied and a message is logged to OPCOM; the Data Analyzer receives a message stating that access to that node is not permitted.

Table 1-2 describes how the Data Provider node interprets a security triplet match.

Table 1-2 Security Triplet Verification

Security Triplet	Interpretation
08-00-2B-12-34-56\HOMETOWN\W	The Data Analyzer has write access to the node only when the Data Analyzer is run from the node with this hardware address (multiadapter or DECnet-Plus system) and with the password HOMETOWN.
2.1\HOMETOWN\R	The Data Analyzer has read access to the node when run from a node with DECnet for OpenVMS Phase IV address 2.1 and the password HOMETOWN.
*\HOMETOWN\R	Any Data Analyzer with the password HOMETOWN has read access to the node.

Copyright © Compaq Computer Corporation 1998. All rights reserved. Legal

5929PRO.HTML