Prerequisites for Applications Manager

Discussed below are the prerequisites for managing the various monitors:


Application Servers

Glassfish

While monitoring Glassfish application servers, make the following changes in the domain.xml file and then restart it:

  • Change the "accept-all" property to "true" for the "jmx-connector" node : <jmx-connector accept-all="true"

The configuration line should look like this:
<jmx-connector accept-all="true" address="0.0.0.0" auth-realm-name="admin-realm" enabled="true" name="system" port="8686" protocol="rmi_jrmp" security-enabled="false"/>

JBoss

The prerequisites for managing the various versions of JBoss server are:

JBoss Version 3.x and 4.x

To monitor JBoss, the http-invoker.sar should be deployed in the JBoss Server. The application (http-invoker.sar) is by default deployed in the JBoss server.

If the http port of the JBoss server is changed then the port number in the attribute InvokerURLSuffix should also be modified in JBOSS_HOME/server/default/deploy/http-invoker.sar/META-INF/jboss-service.xml file.

JBoss Version 5x

To monitor JBoss 5.x version, jbossagent.sar should be deployed in JBoss server. To deploy, follow the steps below:

  • Copy jbossagent.sar from location <Applications Manager home>/working/resources and paste under<JBOSS_HOME>/server/default/deploy
  • If you are running JBoss in different domain like all, then deployment target folder would be<JBOSS_HOME>/server/all/deploy.

JBoss Version 6.x

To monitor JBoss 6.x version, jbossagent.sar should be deployed in JBoss server. To deploy, follow the steps below:

Example:
<bean class="org.jboss.services.binding.ServiceBindingMetadata">
<property name="serviceName">
jboss.remoting:service=JMXConnectorServer,protocol=rmi
</property>
<property name="port">1090</property>
<property name="description">RMI/JRMP socket for connecting to the JMX MBeanServer</property>
</bean>

  • Copy jbossagent.sar from location <Applications Manager home>/working/resources and paste under<JBOSS_HOME>/server/default/deploy
  • If you are running JBoss in different domain like all, then deployment target folder would be<JBOSS_HOME>/server/all/deploy.
  • Provide the rmiRegistryPort which is available in<JBOSS_HOME>/server/<domainname>/conf/bindingservice.beans/META-INF/bindings-jboss-beans.xml file. The default port is 1090.

Note: JBOSS 6 EAP should be added as JBoss 7

JBoss Version 7.x and above

To add a new monitor for JBoss Version 7.x and above you must provide a management port. The default port is 9990.

JBoss Wildfly

  1. Change the Management port binding to use the network accessible interface:
    • In the JBoss config file (i.e. <JBOSS_HOME>\standalone\configuration\standalone-full.xml) change jboss.bind.address.management:127.0.0.1 to jboss.bind.address.management 0.0.0.0
    • Restart the service
  2. Add a JBoss administration user for monitoring:
    • <JBOSS_HOME>/bin/add-user.bat <USERID> <PASSWORD> ManagementRealm -silent

Oracle Application Server

Applications Manager uses the Dynamic Monitoring Service (DMS) provided by Oracle Application Server to monitor the same. For this reason, the DMS Servlet has to be made accessible to the system where the Applications Manager is running.

To enable the access, please follow the instructions provided below
[The instructions are referred from the Oracle website: http://docs.oracle.com/cd/B14099_19/core.1012/b14001/monitor.htm]

By default, the dms0/AggreSpy URL is redirected and the redirect location is protected, allowing only the localhost (127.0.0.1) to access the AggreSpy Servlet.

To view metrics from a system other than the localhost you need to change the DMS configuration for the system that is running the Oracle Application Server that you want to monitor by modifying the file $ORACLE_HOME/Apache/Apache/conf/dms.conf on UNIX, or%ORACLE_HOME%\Apache\Apache\conf\dms.conf on Windows systems.

The following example shows a sample default configuration from dms.conf. This configuration limits AggreSpy to access metrics on the localhost (127.0.0.1). The port shown, 7200, may differ on your installation.

Example: Sample dms.conf File for localhost Access for DMS Metrics
# proxy to DMS AggreSpy

Redirect /dms0/AggreSpy http://localhost:7200/dmsoc4j/AggreSpy
#DMS VirtualHost for access and logging control
Listen 127.0.0.1:7200
OpmnHostPort http://localhost:7200

<VirtualHost 127.0.0.1:7200>

ServerName 127.0.0.1

By changing the dms.conf configuration to specify the host that provides, or serves DMS metrics, you can allow users on systems other than the localhost to access the DMS metrics from the location http://host:port/dms0/AggreSpy.

Caution: Modifying dms.conf has security implications. Only modify this file if you understand the security implications for your site. By exposing metrics to systems other than the localhost, you allow other sites to potentially view critical Oracle Application Server internal status and runtime information.

To view metrics from a system other than the localhost (127.0.0.1), do the following:

  • Modify dms.conf by changing the entries with the value for localhost "127.0.0.1" shown in Example to the name of the server providing the metrics (obtain the server name from the ServerName directive in the httpd.conf file, for example tv.us.oracle.com).
  • Find below a sample updated dms.conf that allows access from a system other than the localhost (127.0.0.1)

    Example: Sample dms.conf File for Remote Host Access for DMS Metrics:
    # proxy to DMS AggreSpy
    Redirect /dms0/AggreSpy http://tv.us.oracle.com:7200/dmsoc4j/AggreSpy
    #DMS VirtualHost for access and logging control
    Listen tv.us.oracle.com:7200
    OpmnHostPort http://tv.us.oracle.com:7200
    <VirtualHost tv.us.oracle.com:7200>
    ServerName tv.us.oracle.com

  • Restart, or stop and start the Oracle HTTP Server using Application Server Control Console or using the Oracle Process Manager and Notification Server opmnctl command.

    For example,
    %opmnctl restartproc process-type=HTTP_Server
    or
    %opmnctl stopproc process-type=HTTP_Server
    %opmnctl startproc process-type=HTTP_Server

After performing the above steps, please ensure that you are able to access the URL http://<host>:7200/dmsoc4j/AggreSpy from the Applications Manager system.

To check if a user has select privilege:

We suggest you to execute the below query directly in your Oracle machine and check if a connected user has select privilege or not :

select TABLE_NAME,PRIVILEGE from user_tab_privs_recd where table_name in ('ALL_SCHEDULER_JOB_RUN_DETAILS','V_$RMAN_BACKUP_JOB_DETAILS','ALL_SCHEDULER_JOBS','ALL_SCHEDULER_RUNNING_JOBS');

If there is no row selected or privilege column does not have select value for the above table_name columns, then the user doesn't have privilege to access the table.

To grant Privilege:

Use the following query:

grant select on tablename to username;

Example: grant select on V_$RMAN_BACKUP_JOB_DETAILS to monitoruser;
Note : As above, you have to give grant permission on all the tables mentioned in the above query

Tomcat

Applications Manager agent has to be deployed in Tomcat Servers 3.x and 4.x. More

Tomcat 3.x and 4.x needs no user name and password. In case of Tomcat 5.x and above, an application named Manager must be running in it for Applications Manager to monitor the Tomcat server. By default, this application will be running in the server.If you have customized the manager application (Eg., \qamanager), then you can use the option "Tomcat Manager Application URI" in the client, for Applications Manager to monitor the Tomcat server.

For Tomcat Versions 5.x & 6.x and 7.x:

  • The user role to access the server must be manager (versions 5.x & 6.x) / manager-jmx (version 7.x).
  • To add a role as "manager" (versions 5.x & 6.x) / "manager-jmx" (version 7.x) for any of the users such as tomcat, role1, or both, you need make changes in tomcat-users.xml file located in the <TOMCAT-HOME>/conf directory.

For Tomcat 8:

Remote access to Application Manager is restricted, by default.

Add the IP address of APM in CATALINA_HOME/webapps/host-manager/META-INF/context.xml (under 'allow =' )

<Valve className="org.apache.catalina.valves.RemoteAddrValve"
allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" />

Example:

Default configurations in tomcat-users.xml in Tomcat Server.

<tomcat-users>
<role rolename="tomcat" />
<role rolename="role1" />
<user username="tomcat" password="tomcat" roles="tomcat" />
<user username="role1" password="tomcat" roles="role1" />
<user username="both" password="tomcat" roles="tomcat,role1" />
</tomcat-users>

After adding the roles for the "tomcat" user, the modified entries will be as follows:

<tomcat-users>
<role rolename="tomcat" />
<role rolename="role1" />
<role rolename="manager" />
<user username="tomcat" password="tomcat" roles="tomcat,manager" />
<user username="role1" password="tomcat" roles="role1" />
<user username="both" password="tomcat" roles="tomcat,role1" />
</tomcat-users>

On making the configuration, restart the Tomcat Server.
Now, when adding a new Tomcat (5.x and above) monitor, specify the username/password as tomcat/tomcat when discovering the Tomcat Server.

[Click the link to view an example tomcat-users.xml for versions 5.x / 6.x and tomcat-users.xml for versions 7.x]

Note:
1) After adding the Manager role in tomcat-users.xml, you should be able to access the manager application - <Host>:<PORT>/manager/status (Provide manager user credentials).
2) If the application is not accessible, add the following entry in server.xml, under 'Engine' context:
<Realm className="org.apache.catalina.realm.MemoryRealm" />
3) Restart the server and try to access manager application.

WebLogic Server

To monitor WebLogic 6.1:

Follow the steps given below:

  1. Provide only Admin user name.
  2. Copy Weblogic.jar from folder <Weblogic Home>/weblogic61/server/lib in Remote WebLogic server version 6. Copy to <AppManager Home >\working\classes\weblogic\version6 folder in the machine where Applications Manager is running

To monitor WebLogic 7.x:

You should set the weblogic.disableMBeanAuthorization and weblogic.management.anonymousAdminLookupEnabled variables to true for enabling data collection. Follow the steps given below:

  • Edit startWLS.cmdsh present in the <WLS_HOME>/server/bin directory and add the following arguments
    -Dweblogic.disableMBeanAuthorization=true

    -Dweblogic.management.anonymousAdminLookupEnabled=true
    Click here for Sample startWLS.cmd/sh
  • Restart the WebLogic Server for the changes to take effect
  • Copy Weblogic.jar from folder <Weblogic Home>/weblogic70/server/lib in Remote WebLogic server version 7. Copy to <AppManager Home>\working\classes\weblogic\version7 folder in the machine where Applications Manager is running

To monitor WebLogic 8.x:

You should set the weblogic.disableMBeanAuthorization and weblogic.management.anonymousAdminLookupEnabled variables to true for enabling data collection. Follow the steps given below:

  • Edit startWLS.cmdsh present in the <WLS_HOME>/server/bin directory and add the following arguments
    -Dweblogic.disableMBeanAuthorization=true

    -Dweblogic.management.anonymousAdminLookupEnabled=true Click here for Sample startWLS.cmd/sh
  • Restart the WebLogic Server for the changes to take effect
  • Copy Weblogic.jar from folder <Weblogic Home>/weblogic81/server/lib in Remote WebLogic server version 8 Copy to <AppManager Home>\working\classes\weblogic\version8 folder in the machine where Applications Manager is running.

To monitor WebLogic 9.x:

Copy Weblogic.jar from folder <Weblogic Home>/weblogic92/server/lib in Remote WebLogic server version 9 . Copy to <AppManager Home>\working\classes\weblogic\version9 folder in the machine where Applications Manager is running.


To monitor WebLogic 10.x , 11g:

Copy Weblogic.jar, wlclient.jar, wljmsclient.jar, wlthint3client.jar from folder <Weblogic Home>/wlserver/server/lib in Remote WebLogic server. Copy to <AppManager Home>\working\classes\weblogic\version10 folder in machine where Applications Manager is running.


To monitor WebLogic 12.x:

Copy wlclient.jar and wljmxclient.jar from folder <Weblogic Home>/wlserver/server/lib in Remote WebLogic server. Copy to <AppManager Home>\working\classes\weblogic\version12 folder in machine where Applications Manager is running.

Note: WL_HOME is the Weblogic Installation directory


For SSL support over Weblogic:

Weblogic certificate has to be imported to Appmanager12/working/jre/lib/security/cacerts file. This certificate can be imported through Appmanager12/bin/WeblogicCertificate.bat/sh files.

Syntax: WeblogicCertificate.bat [import] [Full path of weblogic server certificate] [alias name]

Example: D:\ManageEngine\APM\jun26_2_t3s\AppManager12\bin> WeblogicCertificate.bat import "G:\Oracle\Middleware\Oracle_Home\user_projects\domains\MyDomain\root.cer" mykey

Note:
* If customer is monitoring all three versions of weblogic (10.x, 11g, 12C), then get the jars from latest version of WebLogic (Version 12c).
* SSL option is enabled in the UI only for version 9 and above.

The ports that need to be opened when the Weblogic Monitor is behind the firewall: Two-way communication between WebLogic listening port (default : 7001) and Applications Manager web server port (default : 9090).


For WebLogic 7.x, 8.x:

"%JAVA_HOME%\bin\java" %JAVA_VM% %MEM_ARGS% %JAVA_OPTIONS% -classpath "%CLASSPATH%" -Dweblogic.Name=%SERVER_NAME% -Dbea.home="C:\WebLogic\WL7.0" -Dweblogic.disableMBeanAuthorization=true -Dweblogic.management.anonymousAdminLookupEnabled=true -Dweblogic.management.username=%WLS_USER% -Dweblogic.management.password=%WLS_PW% -Dweblogic.management.server=%ADMIN_URL% -Dweblogic.ProductionModeEnabled=%STARTMODE% -Djava.security.policy="%WL_HOME%\server\lib\weblogic.policy" weblogic.Server
goto finish

:runAdmin
@echo on
"%JAVA_HOME%\bin\java" %JAVA_VM% %MEM_ARGS% %JAVA_OPTIONS% -classpath "%CLASSPATH%" -Dweblogic.Name=%SERVER_NAME% -Dbea.home="C:\WebLogic\WL7.0" -Dweblogic.disableMBeanAuthorization=true -Dweblogic.management.anonymousAdminLookupEnabled=true -Dweblogic.management.username=%WLS_USER% -Dweblogic.management.password=%WLS_PW% -Dweblogic.ProductionModeEnabled=%STARTMODE% -Djava.security.policy="%WL_HOME%\server\lib\weblogic.policy" weblogic.Server

 

WebSphere Application Server

Prerequisites for WebSphere Versions 8.x and below

For base deployment:

You have to modify the Performance Monitor Interface (PMI) Specification Level from "None" to "Standard". Then deploy the perfServletApp.ear file, which uses the PMI infrastructure to retrieve the performance information from WebSphere Application Server, in the WebSphere. Restart WebSphere Application Server.

For Network deployment:

You have to modify the PMI Sepcifictaion Level from "None"to "Standard" in all the WebSphere Servers in Network Deployment. Then deploy theperfServletApp.ear file, which uses the PMI infrastructure to retrieve the performance information from WebSphere Application Server, in any one of the WebSphere Servers in the Network Deployment. Restart WebSphere Application Server.

Note: Steps to check whether WebSphere monitor has been correctly set

To modify PMI specification level:

  • Connect to the Admin console - http://<Host>:<Port>/admin/
  • On the left-side tree, expand the Servers node.
  • Click on Application Servers link. This will display the list of servers running in the node.
  • Click on the server for which data collection has to be enabled.
  • In the Additional Properties table, click on Performance Monitoring Service.
  • Change the Initial specification level to "Standard" and then apply the changes. Also enable (select) Startup.

To deploy perfServletApp.ear:

  • Open the Admin console
  • Go to Applications then Application Types, then WebSphere enterprise applications.
  • Click Install and select local system.
  • Browse the perf servlet application then click ok.
  • The Default Path is <WAS_INSTALLED_PATH>/<APP_SERVER_NAME>/installableApps/PerfServletApp.ear
  • Accept all default options and select Next until finish then click Save.
  • After successfully installed this application, restart the node server once in order to work the perf servlet work correctly.

To check the perf servlet output, open the following url from your browser:

http://localhost:<PORT>/wasPerfTool/servlet/perfservlet?connector=SOAP&port=8880 <PORT> - 9080 (Default)

Steps to Check whether Websphere monitor has been correctly set

For Base Deployment:

To ensure whether the PMI & perfServletApp are configured properly in WebSphere, invoke the below URL & check whether the data is returned in XML format.

http://WebSphereHost:Port/wasPerfTool/servlet/perfservlet?connector=SOAP&port=SOAP-PORT

where

  • WebSphere Host - Host in which WebSphere Application Server is running
  • WebSphere Port - HTTP Transport port of the WebSphere Application server [How to locate HTTP Port]
  • SOAP Port - SOAP Port of WebSphere [How to locate SOAP Port]

For Network Deployment:

To ensure whether the PMI & perfServletApp are configured properly in WebSphere, invoke the below URL & check whether the data is returned in XML format.

http://WebSphereHost:Port/wasPerfTool/servlet/perfservlet?connector=SOAP&port=NetworkDeployerSOAP-PORT&HOST=NetworkDeployerHost

where

  • WebSphere Host - The host of the websphere application server in which the perf servlet application is installed
  • Websphere Port - HTTP Transport port of the Websphere server in which the perf servlet application is installed [How to locate HTTP Port]
  • NetworkDeployer SOAP PORT - The SOAP port of the domain manager (DMGR) [How to locate SOAP Port]
  • Network Deployer Host - The host in which the domain manager is running.

Note: Also check whether WebSphere admin user is added to the monitor group of the perfservletApp.

How to locate SOAP Port?

1. Login to Admin console

2. Expand the server link on left side tree. Click on Application Servers

3. In Base mode, various WebSpheres will be listed down. Click on the WebSphere's name- > Under Additional Properties, click on End Points link -> click on SOAP connector address. You can get the SOAP port from there.

4. In Network Deployment mode, Click DMGR - > Under Additional Properties, click on End Points link -> click on SOAP connector address - You can get the SOAP port from there.

How to find the HTTP Transport port?

1. Login to Admin console

2. Expand the Server link on left side tree, Click on Application Servers

3. Various WebSpheres will be listed down. Click on the WebSphere's name- > Under Additional Properties, click on Web Container link -> click on HTTP Transports link. You can get the HTTP port from there.

Prerequisites for WebSphere Versions 9:

  • Enable Performance Monitoring Infrastructure (PMI) in application server (for base mode), and in all application servers and the node agents ( in ND mode ) which you want to monitor.
  • Go to Websphere Console, then Servers and All servers.
  • Click on the server name, then "Performance Monitoring Infrastructure (PMI)" under "Performance" tab.
  • Check the box "Enable Performance Monitoring Infrastructure".
  • Click Apply, Save and Restart the server.
  • Go to the Websphere Console, System Administration then Node agents
  • Click on the node agent, then "Performance Monitoring Infrastructure (PMI)".
  • Check the box "Enable Performance Monitoring Infrastructure".
  • Click Apply, Save and Restart the server.
  • For Network deployment mode, enable Global security
  • Go to the Websphere Console, go to Security then Global Security.
  • Under "Administrative security", check "Enable administrative security".
  • Click Apply, Save and Restart the server.
  • SSL certificates has to be added to APM incase SSL is enabled or Global security is enabled.

Steps: https://pitstop.manageengine.com/support/manageengine/ShowHomePage.do#Solutions/dv/24000434757058

Resin Server

JMX MBeans are used to monitor Resin Application server's activity. To enable JMX, open Resin.XML and add the below JVM arguments or start Resin.exe with the below JVM arguments

-Dcom.sun.management.jmxremote.port=1099 -Dcom.sun.management.jmxremote.ssl=false
-Dcom.sun.management.jmxremote.authenticate=false

Replace 1099 with the actual port number of the JMX agent

Jetty Server

JMX MBeans are used to monitor Jetty server's performance. To enable JMX,

  1. Add the below JVM arguments on Jetty start up:
    -Dcom.sun.management.jmxremote.port=9999
    -Dcom.sun.management.jmxremote.ssl=false
    -Dcom.sun.management.jmxremote.authenticate=false
    -Dcom.sun.management.jmxremote
    • Replace 9999 with the actual port number of the JMX agent
  2. Add the following line in start.ini file --module=jmx

Database Servers

Microsoft SQL Database Server

For monitoring a Microsoft SQL database server, the SQL user account used for monitoring should have access to MASTER, MSDB and DISTRIBUTION databases. User should have the following roles:

sysadmin server role : Go to SQL Server Management Studio -> Go to Logins -> Choose the respective user and open properties -> Go to 'Server roles' and select sysadmin role -> Save the option and proceed with adding the SQL monitor in Applications Manager.

(OR)

  1. Provide VIEW SERVER STATE permission on the server to the respective SQL user. To grant VIEW SERVER STATE, you can use any of the following methods:
    • Execute the following query,
      GRANT VIEW SERVER STATE TO username;
    • In SQL Management Studio for user Choose Properties -> Securables -> Click Add ( under Securables ) -> Choose 'All objects of the Types...' -> Choose Servers -> Choose Grant for 'View server state' permission.
  2. Provide the following DB roles:
    • DB Role required for master database : public, db_datareader
    • DB Role required for msdb database : public, db_datareader, SQLAgentReaderRole, SQLAgentOperatorRole (For SQL Jobs monitoring)
    • DB Role required for distribution database : public, db_datareader (For SQL Replications monitoring)

MySQL Database Servers

MySQL monitor requires MySQL Java Connector to be present in the Applications Manager classpath. You can verify this by following these steps:

  • Check AppManager_home/working/mysql/MMMySQLDriver/ directory for the file mysql_connector.jar
  • If the .jar file is not present, you can download it from here (for MYSQL versions older than 5.7) or here (for MYSQL version 5.7 and newer).
  • Rename the file as mysql_connector.jar
  • In the machine, where Applications Manager is running, copy the downloaded mysql_connector.jar to AppManager_home/working/mysql/MMMySQLDriver/ directory.
  • Restart Applications Manager.

Privileges Required:

While monitoring a MySQL database server, ensure that you assign a username that has permission to access the MySQL database from the host where Applications Manager is running. An alternate way is to add a relevant user who has the privileges to do the same. The user should have privileges to execute SELECT, SHOW DATABASES, REPLICATION commands in the MySQL server.

For enabling these privileges, execute the following commands in the remote MySQL Server:

If MySQL version is below 5.7:

INSERT INTO user (Host,User) VALUES('<host>','<user>');
GRANT SELECT,SHOW DATABASES,REPLICATION CLIENT ON *.* TO '<user>'@'<host>';
FLUSH PRIVILEGES; (Use the host name - Applications Manager machine).

If MySQL version is above 5.7:

CREATE USER <user>@'%' IDENTIFIED BY 'password';
GRANT SELECT,SHOW DATABASES,REPLICATION CLIENT ON *.* TO '<user>'@'<host>';
FLUSH PRIVILEGES; (Use the host name - Applications Manager machine).

PostgreSQL

The PostgreSQL installers include the database server, pgAdmin and StackBuilder.

The 8.x installers are supported on:

  • Ubuntu 6.06 and above
  • Fedora 6 and above
  • openSUSE 10 and above
  • SLES 9 and above, CentOS/RHEL 4 and above
  • Mac OS X 10.4 and above (Intel and PPC)
  • Windows XP and above.

The 9.x installers are supported on:

  • Ubuntu 8.04 and above
  • Fedora 10 and above
  • openSUSE 11 and above
  • SLES 11 and above
  • CentOS/RHEL 5 and above
  • Mac OS X 10.5 and above (Intel 32 and 64 bit)
  • Windows XP and above.

Applications Manager uses PostgreSQL's subsystem statistics collector to monitor PostgreSQL server activity. By default, the statistics collector is accessible. If you have problems in adding a new PostgreSQL server, follow the steps given below:

  1. Open postgresql.conf under <postgres home>/data
  2. Check value of configuration parameter listen address it has to be "*", if not change it to "*". Click here for more details on configuring postgresql.conf
  3. Open pg_hba.conf under /data
  4. Add a new line host all all 0.0.0.0/0 md5 to allow all machines with proper password authentication to access PostgreSQL DB server. Click here for more details on configuring pg_hba.conf

IBM Informix

JDBC Driver:

To monitor IBM Informix DB, make sure that the ifxjdbc.jar file is present in the location:<ProductHome>\working\classes directory. The jar file can be copied from the IBM Informix installation location, <IBM Informix Home>\jdbc\lib\jar. Restart Applications Manager after copying the file.

User Privileges:

To add an Informix DB monitor, a user requires Connect database-level privileges and he should be able to access sysmaster database.

SAP HANA

  1. Need to copy ngdbc.jar into the location /working/classes. ngdbc.jar can be copied from installed SAP HANA Client folder.
  2. SAP HANA Client can be downloaded from here.
  3. If HANA is running on Cloud Platform, in addition to the above ngdbc.jar, SAP Cloud platform SDK is also needed. Copy the "lib" folder and neo.bat/sh file from SDK_HOME/tools to APM_HOME/working/hanacloud/tools/
  4. Restart Applications Manager after performing the above steps.
  5. Provide the below privileges for SAP HANA DB User.
    1. System privilege CATALOG READ.
    2. Object privilege SELECT on the schema _SYS_STATISTICS.
    To grant the above privileges, execute the below statements in SAP HANA SQL console.(Replace USER_NAME with actual HANA DB Username)
    1. GRANT MONITORING to < USER_NAME >
    2. CALL GRANT_ACTIVATED_ROLE ('sap.hana.admin.roles:Monitoring','< USER_NAME >')

Oracle Database Servers

A user with CONNECT and SELECT_CATALOG_ROLE roles is required for oracle monitoring in Applications Manager. Configure a user with these permissions and use the credentials in Applications Manager

Prerequisites for monitoring Oracle Alert Log metrics:

Login as SYS user and run the following queries:

  • Create or replace view v_$appman_alertlog_ext as select * from x$dbgalertext
  • Create or replace public synonym v$appman_alertlog_ext for sys.v_$appman_alertlog_ext
  • Grant select on v$appman_alertlog_ext to [USERUSEDFORORACLEDBSERVERMONITOR]

Note: Oracle DB Alert log monitoring is supported for version Oracle 11g and above only

Prerequisites for monitoring Oracle Redo Log metrics

Login as SYS user and run the following queries:

  • Create or replace view v_$appman_redolog_cp_ext as select * from x$kcccp
  • Create or replace public synonym v$appman_redolog_cp_ext for sys.v_$appman_redolog_cp_ext
  • Grant select on v$appman_redolog_cp_ext to [USERUSEDFORORACLEDBSERVERMONITOR]
  • Create or replace view v_$appman_redolog_le_ext as select * from x$kccle
  • Create or replace public synonym v$appman_redolog_le_ext for sys.v_$appman_redolog_le_ext
  • Grant select on v$appman_redolog_le_ext to [USERUSEDFORORACLEDBSERVERMONITOR]

MongoDB Servers

Supported Versions: MongoDB 3.2 and older versions. We support mongod services and mopngos services

To create a MongoDB monitor in Applications Manager, a user should have read privileges to all the MongoDB databases

SAP MaxDB

sapdbc.jar should be copied to Appmanager_Home\working\classes folder. By default, this jar will be available under <MaxDB_InstallationPath>\runtime\jar\sapdbc.jar.

CLOUD APPS

Microsoft Azure

Microsoft Azure Monitor can be added using 2 methods,

  • Azure Organizational Account (Powershell)
  • AD Application & Service Principal

Discovery using Azure Organizational Account (Powershell) – Mode 1

1. Installing AzureRM Powershell module on Applications Manager server:

Open Powershell prompt with Administrator privileges. Run the following commands,

# Install the Azure Resource Manager modules from the PowerShell Gallery

Install-Module AzureRM

# Install the Azure Service Management modules from the PowerShell Gallery

Install-Module Azure

In case if you get the following error upon executing the above commands, then install the downloader from http://aka.ms/webpi-azps

Install-Module: The term ‘Install-Module’ is not recognized as the name of a cmdlet, function, script file or operable program

 

To check if the modules are installed successfully:
Open Powershell prompt with Administrator privileges. Run the following command,

Login-AzureRmAccount

If this opens a pop-up asking for Azure credentials, this means the required modules are installed successfully.

For further troubleshooting regarding installing the module, refer https://docs.microsoft.com/en-us/powershell/azureps-cmdlets-docs/

2. Create a Organizational account using Microsoft azure administrator permissions

Log in to Azure Portal (https://manage.windowsazure.com) using the credentials of Microsoft account(@outlook.com or @live.com) using which the subscription was created.

  • Select Active Directory
  • Select the default directory
  • Select “Users”
  • Select “Add User”
  • Make sure to select under “Type of user” : “New user in your organization”, Write down the user account name of your user
  • Make sure to select “Global admin”
  • Note down the Email Id & temporary password of your user (Needed in next step)

3. Assign the Azure subscription to your organizational account

  • Go to “Settings”-Last section of vertical pane
  • Select “Administrators” in this overview
  • Select “Add” on the menu below and assign the Email address of the newly created organizational account
  • Select the subscription that you want to monitor.

  • Sign out of the current account.
  • Sign in using the newly created Email address and temporary password
  • You will be prompted to change the password, when logging in for the first time
  • Change and note down the new password

Provide this Email ID to ‘UserEmail’ field and Password to ‘Password’ field in the New monitor page, while using the mode ‘Azure Organizational Account (Powershell’ of Applications Manager.

Discovery using AD Application & Service Principal – Mode 2

1. Create Active Directory Application

  • Log in to Azure Portal(https://portal.azure.com) using the credentials of Microsoft account(@outlook.com or @live.com) using which the subscription was created.
  • Select ‘Azure Active Directory’ from the left pane
  • Select ‘App registrations’
  • Select ‘Add’
  • Provide a name & URL for the application (Sample SignOn URL to use : https://apm-apmtester.msappproxy.net )
  • Click create.

2. Getting Client ID,Tenant ID & AppKey

  • Select ‘Azure Active Directory’ from the left pane
  • Select ‘App registrations’ → Select your application
  • Copy the value given as ‘Application ID’ . This is your Client ID
  • To get AppKey, select ‘Keys’
  • Give description and duration of the key. When done, give ‘Save’
  • Store the value of the key that is displayed. This is your AppKey
  • Go to ‘Azure Active Directory’ → Properties
  • Copy the value given as ‘Directory ID’ . This is your Tenant ID

3. Assign a role to the application

  • Select ‘Subscriptions’ from the left pane
  • Select ‘Access Control(‘IAM’)
  • Select ‘Add’
  • Select the role as ‘Owner’
  • Search for your application and select it
  • Select OK to finish assigning the role

Provide the Client ID, Tenant ID and Appkey in the New monitor page of Applications Manager.

Prerequisites for Enabling Guest OS:

Metrics monitored when Guest OS monitoring is enabled

  • Disk Utilization
  • Disk IO Statistics
  • Network Interface

Steps to be done on Applications Manager Server

1. Enabling Powershell Remoting ( To collect metrics by remoting into Azure VMs)

Open Powershell prompt with Administrator privileges

Run the following commands,

Set-ExecutionPolicy Unrestricted

#To configure Windows PowerShell for remoting, type the following command:

Enable-PSRemoting -force

#Configure the TrustedHosts setting so that appmanager can trust the connections from other servers :

Set-Item wsman:\localhost\client\trustedhosts *

#To increase the maximum number of concurrent shells that a user can remotely open):

Set-Item WSMan:\localhost\Shell\MaxShellsPerUser -value 25 -WarningAction SilentlyContinue

#To set idle timeout value for sessions : Determines how long the session stays open if the remote computer does not receive any communication from the local computer, including the heartbeat signal. When the interval expires, the session closes:

Set-Item WSMan:\localhost\Shell\IdleTimeout -value 60000 -WarningAction SilentlyContinue

#Restart the WinRM service for changes to take effect:

Restart-Service WinRM

2. Provide outgoing access on all ports for Applications manager server machine

3. Run Applications Manager with administrator privilege

4. Powershell script execution has to be enabled on Applications manager server

Execute the below cmdlet from an administrator powershell window:

Set-ExecutionPolicy Unrestricted

If the above cmdlet produces an Error as below, you can configure Powershell Script Execution via Group Policy Editor:

 

Configure Powershell Script Execution via Group Policy Editor

  • Open the Group Policy Editor from Control Panel→ Edit Group Policy (or) run gpedit.msc from Start menu.
  • To configure, navigate under Computer Configuration to Policies\Administrative Templates\Windows Components\Windows PowerShell.
  • You should see a setting called Turn on Script Execution like in the following image:

  • Double-click the setting. You will want to enable it and select an option from the drop down.

  • Set it to “Allow All Scripts”.
  • Click Apply and OK.

Prerequisites for adding a Virtual Machine

Microsoft Azure - Enable Diagnostics Extension (Windows & Linux VM)

Steps to Enable Diagnostics Extension for WINDOWS VMs :

  • Log in to Azure Portal (https://portal.azure.com) using the credentials of 'Administrator'
  • Navigate to your virtual machine
  • Click on 'Diagnostics settings' on the vertical pane. Select 'Agent' tab and click on 'Remove' at the bottom, as shown in the below image.

  • Under 'Overview' tab, click on 'Enable guest level monitoring' and click Save as shown in the image below.

  • Restart the VM

Steps to Enable Diagnostics Extension for LINUX VMs :

  • Log in to Azure Portal(https://portal.azure.com) using the credentials of 'Administrator'
  • Navigate to your virtual machine
  • Click on 'Diagnostics settings' on the vertical pane. Make Status as 'On', Choose a storage account and click 'Save' as shown below.

  • Restart the VM

GENERAL BEHAVIOUR

Note: In case if you change the resource group of any Virtual machine in Azure portal, then provide the updated details (Virtual Machine ResourceID and Resource Group Name) in the Edit monitor page of that Virtual machine in APM for data collection to happen.

Windows Azure Cloud Services (Classic)

  • To add Windows Azure in Applications Manager, you must first export file of your Windows Azure Managed Certificates (eg., testcertificate.pfx) and password of the pfx file.
  • To monitor Windows Azure in Applications Manager, invoke the batch script exportCertificateToAppManager.bat in the <Applications Manager Home>\bin directory.

Office 365

  • The Office 365 work or school account that you use for these procedures needs to be a member of an Office 365 admin role. For more information, see About Office 365 admin roles. The office 365 admin account used for monitoring must be assigned the below roles: Exchange administrator, SharePoint administrator or Skype For Business administrator.
Limitation: Accounts with multi factor authentication are not yet supported.
  • You can use the following 64-bit versions of Windows:
    • Windows 10
    • Windows 8.1 or Windows 8
    • Windows Server 2016
    • Windows Server 2012 R2 or Windows Server 2012
    • Windows Server 2008 R2 SP1*
* You need to install the Microsoft .NET Framework 4.5.x and then the Windows Management Framework 4.0. For more information, see Installing the .NET Framework and download the latest version of Windows Management Framework.

You need to use a 64-bit version of Windows because of the requirements for the Skype for Business Online module and one of the Office 365 modules.

  • Powershell version 4 or above.
To check the powershell version installed, open up a powershell prompt and run:
>$PSVersionTable
Check for the PSVersion attribute from the output
  1. To configure Windows PowerShell for remoting, type the following command:
    Enable-PSRemoting -force
  2. Configure the TrustedHosts setting on Appmanager machine, so that remote computers can trust it:
    Set-Item wsman:\localhost\client\trustedhosts
    *
  3. Set Execution Policy:
    Set-ExecutionPolicy RemoteSigned
  4. Restart the Windows Remote Management (WinRM) so the new settings will take effect:
    Restart-Service WinRM.

AWS Monitoring

AWS account users are required to use their AWS Access Key and Secret Access Key to add an AWS monitor in Applications Manager. By default, AWS users have administrator privileges and can access AWS Service APIs. However, if your AWS user account has limited permission, here is the list of APIs used to collect metrics from the respective AWS services and performance metrics from CloudWatch:

  • STS - getCallerIdentity ( for IAM user with limited permissions)
  • EC2 - describe-instances ,
  • EC2 actions - StartInstances , StopInstances and RebootInstances
  • EBS - describeVolumes
  • RDS - describe-db-instances
  • RDS - describeDBClusters
  • S3 - listBuckets , listObjects

The common API call - 'getMetricStatistics' is used for all the metrics that we collect from Cloudwatch.

Amazon EC2 Instances

To collect operating system-level metrics like Memory and Disk, you must deploy the Cloud-Watch Agent inside EC2 instance. The agent will send your data to Cloud-Watch from where Applications Manager fetches and displays it in the console. Click here to know more about how you can collect metrics from Amazon ec2 instances and on-premises servers with the Cloud-Watch Agent.

AWS account users are required to use their AWS Access Key and Secret Access Key to add an AWS monitor in Applications Manager. By default, AWS users have administrator privileges and can access AWS Service APIs. However, if your AWS user account has limited permission, here is the list of APIs used to collect metrics from the respective AWS services and performance metrics from CloudWatch:

  • EC2 - describe-instances
  • EC2 actions - StartInstances , StopInstances and RebootInstances

The common API call - 'getMetricStatistics' is used for all the metrics that we collect from Cloudwatch.

Amazon RDS Instances

AWS account users are required to use their AWS Access Key and Secret Access Key to add an AWS monitor in Applications Manager. By default, AWS users have administrator privileges and can access AWS Service APIs. However, if your AWS user account has limited permission, here is the list of APIs used to collect metrics from the respective AWS services and performance metrics from CloudWatch:

  • RDS - describe-db-instances
  • RDS - describeDBClusters

The common API call - 'getMetricStatistics' is used for all the metrics that we collect from Cloudwatch.

Amazon DynamoDB Monitoring

AWS account users are required to use their AWS Access Key and Secret Access Key to add an AWS monitor in Applications Manager. By default, AWS users have administrator privileges and can access AWS Service APIs. However, if your AWS user account has limited permission, here is the list of APIs used to collect metrics from the respective AWS services and performance metrics from CloudWatch:

  • listTables
  • describeTable

The common API call - 'getMetricStatistics' is used for all the metrics that we collect from Cloudwatch.

Microsoft Azure SQL Database

  • Turn on diagnostics:
    • In Azure portal, navigate to the Azure SQL database to be monitored -> Click on Diagnostics settings -> Add a diagnostics setting by Archiving to a Storage account -> Provide a Storage account name -> The checkbox AllMetrics should be selected -> Save
  • Firewall rule configuration in portal:
    • In Azure portal, navigate to the Azure SQL database to be monitored -> Click on Overview -> Select Set Server Firewall -> Add your Client IPs to the list. Client should add all his public IPs under the firewall settings in SQL server.
    • Refer link for setting server firewall
  • Allowing outgoing access on port 1433:
    • For Applications manager to access and monitor the Azure SQL database, ensure that the firewall on your network and Applications Manager installed server allows outgoing communication on TCP port 1433.

ERP

Oracle EBS

Applications Manager uses the Dynamic Monitoring Service (DMS) to monitor performance and availability of Oracle E-Business Suite. You can access performance metrics using servlets from the following URLs for different versions of EBS from Applications Managers:

  • EBS R11 - http://<host>:<port>/dms0/AggreSpy
  • EBS R12.0 - http://<host>:<port>/dms0/Spy
  • EBS R12.2.0 - http://<host>:<port>/dms/Spy

For Oracle E-Business Suite Version R11i, the DMS Servlet has to be made accessible to the system where Applications Manager is running. For Versions R12.0 and R12.2.0, the DMS Servlet should be accessible by default. It is recommended that you test to ensure that the Servlet is accessible to the Applications Manager system. [The instructions given below are referred from the Oracle website.]

For Oracle E-Business Suite R11i:

By default, the dms0/AggreSpy URL is protected, allowing only the localhost (127.0.0.1) to access the AggreSpy Servlet. To view metrics from a system other than the localhost, you need to change the DMS configuration for the system running the Oracle EBS that you want to monitor by modifying the trusted.conf file. This can be done as follows:

  • Open the trusted.conf file under $ORACLE_HOME/Apache/Apache/conf on a UNIX system, or%ORACLE_HOME%\Apache\Apache\conf\ on a Windows system.
  • Add the Applications Manager Hostname and IPaddress in the Allow from list as shown in the following example:
    <Location ~ "/(dms0|DMS|Spy|AggreSpy)">

    Order deny,allow

    Deny from all

    Allow from localhost

    Allow from <list of TRUSTED IPs>

    </Location>
  • Now open the httpd.conf and httpd_pls.conf files and check if the trusted.conf file is included. The Files are present under$ORACLE_HOME/Apache/Apache/conf on a UNIX system, or %ORACLE_HOME%\Apache\Apache\conf\ on a Windows system. If the trusted.conf file is not included, add the following lines in both the files and save:
    # Include the trusted.conf file

    include $ORACLE_HOME/Apache/Apache/conf/trusted.conf
  • Restart Oracle E-Business Suite and ensure that you are able to access the URL http://<host>:<port>/dms0/AggreSpy from the Applications Manager system.

For Oracle E-Business Suite R12.0:

Ensure that you are able to access the URL http://<host>:<port>/dms0/Spy (Hostname = Hostname with domain name, Port number = OAS listening port) from the Applications Manager system.

For Oracle E-Business Suite R12.2.0:

Ensure that you are able to access the URL http://<host>:<port>/dms/Spy (Hostname = Hostname with domain name, Port number = Weblogic Admin Server listening port) from the Applications Manager system. Users must enter the credentials of their Weblogic Admin server in their Oracle E-Business Suite to access the URL.

Caution: Modifying trusted.conf has security implications. Modify this file only if you understand the security implications for your site. By exposing metrics to systems other than the localhost, you allow other sites to potentially view critical Oracle EBS Server internal status and runtime information.

SAP Server, SAP CCMS

SAP Server Monitoring and SAP CCMS Monitoring requires SAP JavaConnector ( JCo) to be present in Applications Manager's classpath.

For Windows:

  • Download and unzip the SAP JavaConnector [SAP JCo 3.0.x] from here. Depending on the hardware architecture of host machine where Applications Manager is running, make sure you download the respective zip file.
  • In the machine, where Applications Manager is running, copy sapjco3.jar and sapjco3.dll and sapjco3.pdb under AppManager_home/working/lib directory.
  • Microsoft Visual Studio C/C++ runtime libraries need to be installed in Applications Manager's host machine. To verify, check for the presence of "Microsoft redistributable runtime DLLs VS2005 SP1" in ControlPanel -> Program and Features. if not, follow the instructions in SAP note 684106 to install the Microsoft Visual Studio 2005 C/C++ runtime libraries in Applications Manager's host machine.
  • Restart Applications Manager.

Note: Do not copy the sapjco3.dll neither into the {windows-dir}system32 nor into the {windows-dir}SysWOW64 directory. This will break the operability of other JCo versions that are already installed on the same system. Furthermore you would risk that the current installation also would not work anymore, if the sapjco3.dll gets replaced in the respective Windows system directory in the future.

For Linux:

  • Download and unzip SAP JavaConnector[SAP JCo 3.0.x] from here. Depending on the hardware processor of the host machine where Applications Manager is installed. make sure you download the respective zip file.
  • In the machine, where Applications Manager is running, copy sapjco3.jar and libsapjco3.so under AppManager_home/working/lib directory.
  • Restart Applications Manager.

Note: The user name provided while adding SAP monitor should have sufficient privileges to access CCMS and Background job metrics. To check this, the user can execute RZ20 transaction in the SAP GUI and see if the CCMS monitor sets can be displayed.

Microsoft Dynamics CRM / 365 (On-Premise)

To monitor a Microsoft Dynamics CRM / 365 application, use an Administrator user account with permission to execute WMI queries on 'root\CIMV2' namespace of the Dynamics CRM / 365 Server.

The following software must be installed and running on your computer before you try to execute WMI queries:

  • Microsoft .Net framework 3.5
  • Microsoft .Net framework 4.7

Firewall access for monitoring:

Ports required for monitoring via WMI.

  • Windows Management Instrumentation (WMI) (default : TCP 445)
  • Remote Procedure Call (RPC) (default :TCP 135)
  • Target server uses random port above 1024 by default to respond back for remote communication (DCOM) (default : TCP 1025 to 1030)

Powershell – Enable Script Execution:

Powershell script execution must be enabled on Applications manager server for data collection. Here is how you can do it:

Execute the below cmdlet from an administrator powershell window:

Set-ExecutionPolicy Unrestricted

If the above cmdlet produces an Error as below, you can configure Powershell Script Execution via Group Policy Editor:

Configure Powershell Script Execution via Group Policy Editor

  • Open the Group Policy Editor from Control Panel→ Edit Group Policy (or) run gpedit.msc from Start menu.
  • To configure, navigate under Computer Configuration to Policies\Administrative Templates\Windows Components\Windows PowerShell.
  • You should see a setting called Turn on Script Execution like in the following image:

  • Double-click the setting. You will want to enable it and select an option from the drop down.

  • Set it to “Allow All Scripts”.
  • Click Apply and OK.

Microsoft Dynamics AX

Supported versions of Microsoft Dynamics AX: Microsoft Dynamics AX 2012, Microsoft Dynamics AX 2012 R2, Microsoft Dynamics AX 2012 R3
  • The following software must be installed and running on your computer before you try to execute WMI queries:
    • Microsoft .Net framework 3.5
    • Microsoft .Net framework 4.7
  • To monitor a Microsoft Dynamics AX application, use an Administrator user account which has the permission to execute WMI queries on 'root\CIMV2' namespace of the AX Server.
  • Firewall access for monitoring- Ports required for monitoring via WMI:
    • Windows Management Instrumentation (WMI) (default : TCP 445)
    • Remote Procedure Call (RPC) (default : TCP 135)
    • Target server uses random port above 1024 by default to respond back for remote communication (DCOM) (default : TCP 1025 to 1030)

Servers

Windows

Currently windows hardware performance monitoring is supported in SNMP and WMI monitoring mode:

SNMP Mode of monitoring:

Monitoring Dell hardware status:

  • Dell OpenManage Server Administrator and make sure SNMP agent is enabled.
  • Installation steps http://www.dell.com/downloads/global/power/ps2q06-20050112-Lou-OE.pdf.

Monitoring HP hardware status:

  • HP System Insight Manager (SIM v6.2 or higher is recommended) and make sure SNMP agent is enabled
  • Installation steps http://h20000.www2.hp.com/bc/docs/support/SupportManual/c00293378/c00293378.pdf

Determine if SNMP responds for the OID properly. Below are the correct OID'S for each vendor:

  • For HP: 1.3.6.1.4.1.232.2.2.2.1.0
  • For Dell: 1.3.6.1.4.1.674.10892.1.300.10.1.8.1

WMI mode of monitoring:

The following conditions must be met before you can proceed troubleshooting WMI nodes:

  • The node has successfully been added via WMI.
  • WMI is working properly on the remote server.
  • HP System Insight Manager (SIM v6.2 or higher is recommended) is installed on the remote server and running.
  • Dell OpenManage Server Administrator is installed on the remote server and running.

If WMI, Execute the below cmdlet from Powershell prompt with Administrator privileges :

Set-ExecutionPolicy Unrestricted

This is to allow execution of powershell scripts, which handle proper process termination during Datacollection

For WMI Mode of Monitoring:

In Windows Server 2008 and later versions, and in Windows Vista and later versions, use the following dynamic port range:

Start port: 49152

End port: 65535

If your computer network environment uses only Windows Server 2012, Windows Server 2008 R2, Windows Server 2008, Windows 8, Windows 7, or Windows Vista, you must enable connectivity over the high port range of 49152 through 65535.

Windows 2000, Windows XP, and Windows Server 2003 use the following dynamic port range:

Start port: 1025

End port: 5000

If your computer network environment uses Windows Server 2012, Windows Server 2008 R2, Windows Server 2008, Windows 8, Windows 7, or Windows Vista together with versions of Windows earlier than Windows Server 2008 and Windows Vista, you must enable connectivity over both the following port ranges:

High port range 49152 through 65535

Low port range 1025 through 5000

Services

JMX Applications

To monitor a JMX Applications, the following java runtime options are to be added to your application

  • Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=1099
  • Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=false

Replace 1099 with the actual port number of the agent

Example:

  • To enable JMX Applications in JBoss:
    • Edit the run.sh/bat under JBoss home/bin.
      Append the following command to JAVA_OPTS,
      JAVA_OPTS =-Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=1099 -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=false %JAVA_OPTS%
  • To enable JMX Applications in JBoss 7 and above:
    • Copy the jboss-client.jar from <JBoss Home>/bin/client/ and place it under <Applications Manager Home>/working/classes/jboss/as7 directory.
  • To enable JMX Applications in Tomcat:
    • JAVA_OPTS =-Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=1099 -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=false %JAVA_OPTS%
  • To enable SSL for JMX applications
    • -Dcom.sun.management.jmxremote.ssl=true
  • To enable authentication, use of authentication is recommended. If you do not want to use authentication, you should change the value to false.
    • -Dcom.sun.management.jmxremote.authenticate=true
  • If you are using authentication, specify the location of the password file
    • -Dcom.sun.management.jmxremote.password.file=c:\jmxremote.password
  • If you are using authentication, specify the location of the access file
    • -Dcom.sun.management.jmxremote.access.file=c:\jmxremote.access

Refer Oracle documentation in this regard: http://docs.oracle.com/javase/1.5.0/docs/guide/management/agent.html#remote

Note: To know more about monitoring a JMX Application if your application is behind a firewall, check out this blog post. Also please note that the ping/telnet/nslookup should be working for the remote JMX:
telnet hostname port
ping hostname
ping IPAddress
nslookup hostname
nslookup IPAddress

Ceph Storage Monitor

Ceph status command is used to collect performance stats of Ceph Storage Monitor. The user given, should have read privileage to ceph.keyring file. Ensure the ceph.keyring file has appropriate permissions set (e.g., chmod 644) on your client machine.

Hadoop Monitor

1. To monitor Hadoop via REST API:

  • No Authentication:
    • URL http://<host>:<port>/jmx should be able to accessed from the Applications Manager machine for both Namenode and Jobtracker/ResourceManager
  • Simple Authentication:
    • URL http://<host>:<port>/jmx?user.name=<Hadoop host username> should be able to access from the Applications Manager machine for both Namenode and Jobtracker/ResourceManager

2. To monitor Hadoop via JMX:

  • Add the following java runtime options to 'HADOOP_NAMENODE_OPTS'; 'HADOOP_JOBTRACKER_OPTS' in Hadoop-env.sh with unique port.
    • -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.port=8004

Apache Zookeeper

Prerequisites for monitoring Apache Zookeeper:

  • Remote JMX should be enabled.
  • To ensure that please open the ZKServer file under bin folder and check the below following:
    1. JMXPORT =<PORT NO>
    2. ZOOMAIN="-Djava.rmi.server.hostname=<IP address > -Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=$JMXPORT -Dcom.sun.management.jmxremote.authenticate=$JMXAUTH -Dcom.sun.management.jmxremote.ssl=$JMXSSL -Dzookeeper.jmx.log4j.disable=$JMXLOG4J org.apache.zookeeper.server.quorum.QuorumPeerMain"
Note: Replace <PORT NO> with JMXPORT and <IP address > with IP address of the machine.

Java/Transactions

APM Insight

APM Insight includes a remote monitoring agent which has to be deployed in your application instances. Know more about APM Insight Agent.

Java Runtime Monitor

To monitor a JDK1.5 JVM and above, add the following JVM arguments to your application:

-Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=1099 -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=false

To monitor IBM JDK1.5 JVM and above, add the following JVM arguments to your application:

-Djavax.management.builder.initial= -Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=1099 -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=false

Note: Port number '1099' can be replaced with the actual port number of the JMX agent.

  • To enable Java Runtime Monitor in JBoss:
    • Edit the run.sh/bat under JBoss home/bin. Append the following command to JAVA_OPTS
      JAVA_OPTS =-Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=1099 -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=false %JAVA_OPTS%
  • To enable Java Runtime Monitor in JBoss 7 and above:
    • Copy the jboss-client.jar from <JBoss Home>/bin/client/ and place it under <Applications Manager Home>/working/classes/jboss/as7 directory.
  • To enable Java Runtime Monitor in Tomcat do the following:
    • Edit the catalina.sh/bat under Tomcat home/bin. Append the following command to JAVA_OPTS
      JAVA_OPTS =-Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=1099 -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=false %JAVA_OPTS%
  • To enable SSL over JMX, use the following JMX parameters in addition to the above, and restart the server.
    • JMX Parameters:
      -Dcom.sun.management.jmxremote.ssl=true
      -Djavax.net.ssl.keyStore="E:/APMBuilds/certificates/jmx.keystore"
      -Djavax.net.ssl.keyStorePassword=password
      -Djavax.net.ssl.trustStore="E:/APMBuilds/certificates/jmx.truststore"
      -Djavax.net.ssl.trustStorePassword=password
    • Additionally, import the server certificate to "<AppManager_Home>\working\jre\lib\security\cacerts" file and restart the server.
      • Syntax:
        keytool -import -alias <certificat_aliasname> -file <target Application server Certificate> -keystore "<AppManager_Home>\working\jre\lib\security\cacerts" -storepass changeit -noprompt

      • Example:
        keytool -import -alias jmxcert -file "E:\APMBuilds\certificates\ssloverjmx.cer" -keystore "C:\Program Files (x86)\AppManager14\working\jre\lib\security\cacerts" -storepass changeit -noprompt

In the Tomcat Environment:

Make sure the catalina-jmx-remote.jar file is present in the $TOMCAT_HOME/lib location. This jar file can be downloaded for your version of Tomcat from the Apache website from the extras section (sample link: http://archive.apache.org/dist/tomcat/tomcat-7/v7.0.55/bin/extras/catalina-jmx-remote.jar).

Enable JMX in WebLogic

  • Open the startWebLogic.bat file in a text editor.
  • Find the JAVA_OPTS line and add the following:
    -Dcom.sun.management.jmxremote
    -Dcom.sun.management.jmxremote.port=8888
    -Dcom.sun.management.jmxremote.authenticate=false
    -Dcom.sun.management.jmxremote.ssl=false
  • Restart WebLogic.

Mail Servers

Exchange Server:

Monitoring of Exchange Server is possible only if Applications Manager is running in a Windows System. Exchange Monitoring supports two Modes of Monitoring

  • Using WMI - if WMI is enabled in the remote machine in which Exchange Server is running and
  • Using Windows PowerShell technology - To use Powershell for data collection, make sure the proper steps have been followed to enable and use remote commands in Windows PowerShell both in the Applications Manager server and the remote server.

Creating User Accounts, adding users and assigning roles

User Account Used for Monitoring:

The User Account used to add the monitor should be a member of View-Only Organization Management group. Make sure that the group has the following Roles assigned - Mailbox Search & Monitoring.

For Exchange View-Only Administrators:

This role allows read access only to Exchange organization container and containers with Exchange recipients in AD. They can verify settings, but can not change or add any settings. Only Powershell "Get-<cmdlet>" can be executed.

Adding Users and Assigning Roles

Adding Users to the View-Only Organization Management group and assigning roles in:

  • Exchange 2010/2013/2016
    • Open Exchange Mangement Console in the Exchange Server.
    • To check if the user is already under View-Only Organization Management role group: Get-RoleGroupMember "View-Only Organization Management" | where-object {$_.Name -eq "<Username>"}
    • If the user is not under the specified role group,execute the below cmdlet to add the user: Add-RoleGroupMember "View-Only Organization Management" -Member <Username>
    • Next Add the two roles for View-Only Organization Management role group
    • New-ManagementRoleAssignment -SecurityGroup "View-Only Organization Management" -Role "Monitoring"
    • New-ManagementRoleAssignment -SecurityGroup "View-Only Organization Management" -Role "Mailbox Search"
  • Exchange 2007:
    • Open Exchange Management Shell.
    • Execute the following cmdlet: Add-ExchangeAdministrator –Identity <Username> –Role ViewOnlyAdmin

Configuring ConnectionURI for Powershell Remoting

The ConnectionURI is used to establish a connection to a remote computer using the URI address of the related HTTP or HTTPS endpoint.These connections are made over TCP port 80 for HTTP and TCP port 443 for HTTPS. By default,the connection URI is of the form http://<Hostname/IPaddress>/powershell and uses Kerberos authentication.

  • With Kerberos Authentication: When the machine running Exchange Server is joined to the same domain as the machine running Applications Manager, either HTTP or HTTPS can be used with Kerberos Authentication.
  • If Kerberos Authentication is not supported , or the machine is in another domain, the other option is to configure Basic Authentication for powershell virtual directory. To configure basic authentication in Exchange 2013, 2010 or 2007 using IIS Manager:
    • Open IIS Manager.
    • In the Connections pane, expand Default Web Site, and then click PowerShell.
    • Click Authentication in the results pane and enable Basic Authentication.

NoteIf you decide to use Basic Authentication, HTTPS should be used as mode of connection for connectionURI. If the connectionURI should be customized it can be done so by clicking the "Customize ConnectionURI" option in new monitor page. To provide a different port for the connectionUri provide it in the following format: <https://<hostname>/Powershell:<portnumber> (or) <http://<hostname>/Powershell:<portnumber>
For Example: http://win-exchange13/Powershell:4444

Middleware/Portal

IBM WebSphere MQ Monitor

To monitor IBM Websphere MQ Series, the following jar files must be added to the respective locations:

For IBM Websphere MQ Series version Jar files to be added Location in Websphere MQ Location in Applications Manager
Version 5.x/6.x
  1. com.ibm.mq.jar
  2. com.ibm.mq.pcf-6.x.jar
  3. connector.jar

Download the supportpac MS0B WebSphere MQ Java classes for PCF, the com.ibm.mq.pcf-6.1.jar file for version 6 and older versions.

The jar files can be found under <Websphere MQ Home Directory>\Java\lib directory.

Copy the jar files to<ProductHome> \working\jre\lib\ext directory.
Version 7
  1. connector.jar
  2. com.ibm.mq.jar
  3. com.ibm.mq.pcf.jar
  4. com.ibm.mq.jmqi.jar
  5. com.ibm.mq.headers.jar
  6. com.ibm.mq.commonservices.jar
All the jar files can be found under<Websphere MQ Home Directory>\Java\lib directory. Copy the jar files to<ProductHome> \working\jre\lib\ext directory.
Version 8 and above
  1. com.ibm.mq.jar
  2. com.ibm.mq.pcf.jar
  3. com.ibm.mq.jmqi.jar
  4. com.ibm.mq.headers.jar and
  5. com.ibm.mq.commonservices.jar
  6. com.ibm.mq.allclient.jar
All the jar files can be found under<Websphere MQ Home Directory>\Java\lib directory. Copy the jar files to<ProductHome> \working\jre\lib\ext directory.

IBM WebSphere Message Broker

To discover Message Broker, the following jars are required:

  • ConfigManagerProxy.jar located at <Broker Home Directory> \classes directory.
  • ibmjsseprovider2.jar located at <Broker Home Directory>\jre\lib directory.

Copy the two jar files to <AppManager Installation>\working\jre\lib\ext directory.

Note: Copy these jar files to <JavaHome>\jre\lib\ext directory if external JDK is configured for AppManager. Restart Applications Manager and try adding the monitor.

For IBM Integration Bus(MessageBroker 10.x):

  • The following jars are required to monitor IIB:
    IntegrationAPI.jar

    jetty-io.jar

    jetty-util.jar
    websocket-api.jar

    websocket-client.jar

    websocket-common.jar
  • IntegrationAPI.jar located at <Broker Home Directory>\common\classes directory.
  • jetty-io.jar, jetty-util.jar, websocket-api.jar, websocket-client.jar, websocket-common.jar located at <Broker Home Directory>\common\jetty\lib directory.
  • Copy the jar files to <ProductHome>\working\jre\lib\ext directory.

Note: Copy these jar files to <JavaHome>\jre\lib\ext directory if external JDK is configured for AppManager. Restart Applications Manager and try adding the monitor.

WebLogic Integration Server

Note: WebLogic Integration Server needs some additional configuration and conditions to be followed for monitoring.

  • For monitoring WebLogic Integration Server 8.x, you should set the weblogic.disableMBeanAuthorization andweblogic.management.anonymousAdminLookup system variable to true for enabling data collection.
  • Follow the steps given below:
    • Edit startWLS.cmd\sh present in the <WLS_HOME>/server/bin directory and add the following argument -Dweblogic.disableMBeanAuthorization=true and -Dweblogic.management.anonymousAdminLookupEnabled=true (click on the link to view the sample startWLS.cmd\sh file)
    • Restart the WebLogic Integration Server for the changes to take effect.
    • Copy weblogic.jar from folder /weblogic81/server/lib in Remote WebLogic server version 8 and place it under <AppManager Home >\working\classes\weblogic\version8 folder in the machine where Applications Manager is running.

Microsoft Office SharePoint Server

For SharePoint Standalone Server:
WMI Mode:

  • WMI access to remote server is required.

PowerShell Mode:

For SharePoint Farm Server:

Perform the following steps on the SharePoint Server(s).

  • In the Server Manager, add the user account used for adding the Sharepoint to the following Groups:
    • Remote Desktop Users
    • WinRMRemoteWMIUsers__
    • WSS_ADMIN_WPG
  • Open the Sharepoint Management shell as an administrator and execute the below commands one by one:
    • Enable-PSRemoting -Force
    • Enable-WSManCredSSP –Role Server
    • winrm set winrm/config/winrs '@{MaxShellsPerUser="25"}'
      [This is Optional].
    • winrm set winrm/config/winrs '@{MaxMemoryPerShellMB="600"}'
      [This is Optional].
    • Get-SPShellAdmin
      [This command will return all the users who have the SharePoint_Shell_Access role].
    • Get-SPDatabase | Add-SPShellAdmin DOMAIN\UserName
      [Replace Domain\Username with the user used to add the SharePoint Server].
    • Get-SPShellAdmin
      [The added user should be listed.]
    • Set-PSSessionConfiguration -Name Microsoft.PowerShell32 –ShowSecurityDescriptorUI
      [This command will open up a dialog box. Add the user(s) with Read and Execute permissions then click OK]
      .
    • Run the above command again to ensure the permissions were applied correctly.

Perform the following steps on the Applications Manager Server.

  • Open Windows PowerShell as Administrator.
  • Execute the below commands in the Administrator PowerShell:
    • Enable-WSManCredSSP -Role client -DelegateComputer “SharePointServerName”
      [Replace SharePointServerName with the FQDN of the SharePoint server].
    • $cred=get-Credential
    • $s=new-PSsession “SharePointServerName” -authentication credssp -credential $cred
      [Replace SharePointServerName with the FQDN of the SharePoint server].
    • Invoke-Command -Session $s -ScriptBlock {Add-PSSnapin Microsoft.SharePoint.PowerShell;}
    • Invoke-Command -Session $s -ScriptBlock {get-SPContentDatabase}
      [This will return all the content databases in your SharePoint farm and ensure you have access].
    • Invoke-Command -Session $s -ScriptBlock {get-spserviceinstance}
      [This will return the SharePoint service instances and ensure you have access].
    • Enter-PSSession -session $s
      [You will now see the servers name in [ ] PS: c:\users\\documents].
    • Exit-PSSession

If there are any errors related to permissions issue while executing the above commands, resolve the same.
For any issues related to Add-SPShellAdmin, check the following link: https://technet.microsoft.com/en-us/library/ff607596.aspx

Microsoft BizTalk Monitoring

To monitor a Microsoft BizTalk Server, the user must have Administrator privileges. To use Powershell for data collection, make sure the proper steps have been followed to enable powershell remoting.

Azure Service Bus

To add an Azure Service Bus Namespace in Applications Manager, a .pfx file (which contains the cryptographic information of private keys) of the certificate uploaded in Azure Management certificates is required.
In the console, execute the script <APM_HOME>/bin/exportCertificateToAppManager.sh/bat file to export the managed certificate of your account to Applications Manager.
To know more about creating certificates and uploading in Windows Azure portal, Click here.

Example:
<APM_HOME>/bin/exportCertificateToAppManager.bat [testCertificate.pfx] [password]

Apache ActiveMQ

Using JMX to monitor Apache ActiveMQ

Apache ActiveMQ has extensive support for JMX to allow you to monitor and control the behavior of the broker via the JMX MBeans.

You can enable/disable JMX support as follows:

  • Run a broker setting the broker property useJmx to true (enabled by default) i.e.
    For xbean configuration:
    <broker useJmx="true" brokerName="BROKER1">
    ...
    </broker>
  • Run a JMX console
    $ jconsole
  • The ActiveMQ broker should appear in the list of local connections, if you are running JConsole on the same host as ActiveMQ.

Virtualization

VMware Horizon View Connection Broker

Prerequisite for adding the Connection Broker monitor in the Applications Manager host:

VMware Horizon View Connection Broker monitor uses Windows PowerShell technology. Follow these steps to enable Windows PowerShell Remoting in the Applications Manager server and the remotely monitored Horizon View server:

Enable and Use Remote Commands in Windows PowerShell in Applications Manager server and remote server:

For using PowerShell in Applications Manager, you need Windows Management Framework (Windows PowerShell 2.0 and WinRM 2.0) on both Applications Manager server and the remote Windows server. For more details refer http://support.microsoft.com/kb/968929. Also ensure that Windows PowerShell is enabled in both servers (Open Control Panel. Select Programs and Features. In the Tasks list, click Turn Windows features on or off. When the Server Manager console opens, check if Windows PowerShell is enabled)

You can verify the availability of Windows Remote Management (WinRM) service and configure PowerShell for remoting by following these steps:

  • Start Windows PowerShell as an administrator by right-clicking the Windows PowerShell shortcut and selecting Run As Administrator.
  • To configure Windows PowerShell for remoting, type the following command:
    Enable-PSRemoting –force
  • Configure the TrustedHosts setting on both computers, so that computers will trust each other:
  • On Remote Monitored Server:
    Set-Item wsman:\localhost\client\trustedhosts <Applications Manager hostname>
  • On Applications Manager Sever:
    Set-Item wsman:\localhost\client\trustedhosts *
  • On both computers, restart the Windows Remote Management (WinRM) so the new settings will take effect:
    Restart-Service WinRM

You can test the configuration and connection from Applications Manager using the Test-WSMan -ComputerName <remote server> command. This command tests whether the WinRM service is running on the remote computer and if Applications Manager can communicate with the remote server.

Docker

Docker and Docker Container metrics are collected via their REST API, so Docker's REST API should be enabled to add a Docker Monitor.

To enable remote API:

  1. Open etc\default\docker file
  2. Add the below option
    DOCKER OPTS='-H tcp://0.0.0.0:4243-H=unix:///var/run/docker.sock'
  3. Save the file.
  4. Restart Docker.

Web Server / Services

PHP

Place the phpstats.php file in the webserver's document root. The phpstats.php can be found in <Applications Manager Home>/working/resourcesdirectory.

Apache

Enabling the Server status and the Extended-status will give additional information for the Apache server.

To enable the Server Status, follow the steps given below:

  • In Apache's httpd.conf file, locate "Location /server-status" tag.
  • Remove the comment in the Location/Server-status tag, to Enable SetHandler server-status.
  • Change the attribute "deny from all" to "Allow from all".
  • Remove the comment in "LoadModule status_module modules/mod_status.so".
  • Save the conf file and restart the Apache Server.

To enable the Extended-status, follow the steps given below:

  • Locate "ExtendedStatus" Attribute in httpd.conf file.
  • Remove the comment to enable the status.
  • Save the conf file and restart the Apache Server.

HAProxy

To monitor a HAProxy instance:
  • Open the 'stats' port for collecting the metrics.
  • To enable metrics collection, add the following content at the bottom of the file /etc/haproxy/haproxy.cfg:
    listen stats :9000
    mode http
    stats enable
    stats hide-version
    stats realm Haproxy\ Statistics
    stats uri /
    stats auth Username:Password
  • Restart the HAProxy instance. This will open up the stats in the port '9000' (we have specified 9000 as the port in this configuration). You can further add the same HAProxy for monitoring using the hostname and port.

Note:
* You can change the port (9000 by default) to any free port that you wish to use.
* The line number 7 is for setting up basic authentication for this stats url. A user can provide his own username and password.
* We use the following URL to collect metrics: http://[HOSTNAME]:[PORT]/;csv
(Replace [HOSTNAME] and [PORT] with the respective hostname of the HAProxy instance and port which is mentioned in the above configuration).

Nginx

To Enable the Nginx Server Status, follow the steps given below:

  • Configure the location /server_status method in <NGINX_HOME>/conf/nginx.conf file, to enable server_status.
  • The value of stub_status attribute should be "on".
  • Change the attribute "deny all" to "Allow all".
  • Save the conf file and restart the Nginx Server.

Real Browser Monitoring (RBM)

RBM requires network connectivity between the RBM agent and the Applications Manager server. This network connectivity can be ensured with the help of the VPN or NAT or by assigning an direct IP Address to the Applications Manager server. In the case where an agent is deployed within the local network and another one in a remote site, a dual NIC or any one of the above means would be required to ensure this connectivity.

For any further support please contact appmanager-support@manageengine.com. You can visit Troubleshooting details.

ManageEngine ADManager Plus

Mode of Monitoring: Remote JMX

Prerequisites for monitoring ManageEngine ADManager Plus:

1. Add below entries in wrapper.conf /run.bat:

D:\ManageEngine Products\ADManager Plus\conf\wrapper.conf

or

D:\ManageEngine Products\ADManager Plus\bin\run.bat

Enable Remote JMX

wrapper.java.additional.16=-Dcom.sun.management.jmxremote

wrapper.java.additional.17=-Dcom.sun.management.jmxremote.port=1999

wrapper.java.additional.18=-Dcom.sun.management.jmxremote.ssl=false

wrapper.java.additional.19=-Dcom.sun.management.jmxremote.authenticate=false

2. To monitor PGSQL DB,do the following changes:

  • D:\ManageEngine Products\ADManager Plus \pgsql\data\postgresql.conf
    Uncomment and update ip address: listen_addresses = '172.22.168.171'
  • D:\ManageEngine Products\ADManager Plus \pgsql\data\pg_hba.conf
    # IPv4 local connections:
    #host all all 127.0.0.1/32 trust
    host all all 0.0.0.0/0 trust
  • D:\ManageEngine Products\ADManager Plus\conf\database_params.conf
    Update the hostname/ipadress instead of localhost .

For PGSQL/MSSQL database, Statistics will be collected by connecting to the database.

ManageEngine ServiceDesk Plus

Prerequisites:

To monitor PGSQL DB , do the following changes :

  • C:\ManageEngine\ServiceDesk\pgsql\data\postgresql.conf

Uncomment and update ip address : listen_addresses = '172.22.168.171'

  • C:\ManageEngine\ServiceDesk\pgsql\data\pg_hba.conf
    # IPv4 local connections:
    #host all all 127.0.0.1/32 trust
    host all all 0.0.0.0/0 trust
  • Update the hostname/ipadress instead of localhost in <SDP_HOME>\ServiceDesk\server\default\deploy\postgres-ds.xml file.

ManageEngine OpManager

Mode of Monitoring: Remote JMX

For PGSQL DB, statistics will be collected by connecting to the database.

Prerequisites for monitoring ManageEngine OpManager:

1. For Windows:

Add below entries in wrapper.conf /run.bat

C:\ManageEngine\OpManager\conf\wrapper.conf .

Or

C:\ManageEngine\OpManager\bin\run.bat

  • # Enable Remote JMX
    wrapper.java.additional.16=-Dcom.sun.management.jmxremote
    wrapper.java.additional.17=-Dcom.sun.management.jmxremote.port=1999
    wrapper.java.additional.18=-Dcom.sun.management.jmxremote.ssl=false
    wrapper.java.additional.19=-Dcom.sun.management.jmxremote.authenticate=false

For Linux:

Add the following entry in run.sh:

  • JAVA_OPTS="$JAVA_OPTS
    -Dcom.sun.management.jmxremote
    -Dcom.sun.management.jmxremote.port=1999
    -Dcom.sun.management.jmxremote.authenticate=false
    -Dcom.sun.management.jmxremote.ssl=false"

2. To monitor PGSQL DB, do the following changes:

  • Open postgresql.conf under <postgres home>/data
  • Check the value of the configuration parameter listen address. It should be "*". Click here for more details on configuring postgresql.conf
  • open pg_hba.conf under <postgres home>/data
  • Add a new line host all all 0.0.0.0/0 md5 to allow all the machines with proper password authentication to acces PostgreSQL database server. Click here for more details on configuring pg_hba.conf.
  • Open C:\ManageEngine\OpManager\conf\database_params.conf.
  • Update the hostname/ipadress instead of localhost.