Using OpenCM to govern your Digital Business Platform landscape
|Issue 4, 2018||Download PDF|
OpenCM is an open source configuration management governance tool, emphasizing the ability to control what is, and should be, the correct configuration settings of different webMethods installations. A regular webMethods installation on a single server consists of 500-1,000 configuration properties and, therefore, cannot be manually documented, nor audited when the amount of installations grows. OpenCM is now an open source tool available for any customer wishing to increase the level of insight and control in order to reduce the risk of having QA verifications and production runtime performed in an invalid context.
The starting point for automatic baselining of configuration properties is by extracting all possible configuration information (e.g., Integration Server (IS) package versions, JVM® memory settings, Terracotta fix versions, Universal Messaging realm settings, JDBC® Connection properties, etc.). The extracted information is stored within OpenCM (offline) and can then act as a "source of truth" for what property values SHOULD be. It is also a runtime property repository, storing information of what property values ACTUALLY are at a particular moment in time (runtime snapshot). Having this information readily available, it is possible to perform various CM governance functions:
- Asserting that configuration settings are what they should be (between the “source of truth” baseline configuration and the current runtime)
- Asserting that configuration settings are the same in between the different installations (e.g., between two cluster nodes, between test and production, etc.)
- Understanding what was changed on a particular installation compared to default product settings (as set when first installed)
Many organizations have separated and isolated runtime domains for different environments (such as test vs. production) but OpenCM allows for a consolidated view, thus enabling CM governance across these domains.
OpenCM provides the ability to automate the complete process of extracting, comparing and producing the reports necessary for auditing your environments. It is using the Software AG Platform Manager as the primary vehicle for retrieving the runtime information.
Fig 1: Continuous Auditing: Extract, Compare and Report
OpenCM also comes with a user interface, allowing for easy navigation around your Digital Business Platform infrastructure landscape and providing the ability to easily drill down into detailed configuration item values. With a few clicks, one can swiftly see the current fix level of an IS in production, for example.
Auditing differences and reporting
One of the comparison reports produced when performing assertions is an Excel® spreadsheet that shows values for every installation across multiple environments. When a row is colored red, it means that one of the values (or multiple values) for the particular property is different when they in reality should have been the same.
Fig 3: Reporting: Highlighting Differences
We recommend reading through the OpenCM Users Guide, since the tool is based on a much wider configuration management strategy and its current capabilities are fulfilling a subset of all of the requirements for a full-fledged CM repository, especially when it comes to a change management perspective.
However, the ability to extract information, perform automatic baselining of configuration settings (as opposed to manually filling the repo) and the ability to perform continuous and automatic audits are considered CM cornerstones that are already in place.
There are many ideas on how to improve OpenCM to become an even more useful tool and we also welcome all ideas. Here are a selected few:
- Deduction of communication contracts between different installed components, i.e., it should then be possible to detect cross-environment configuration settings (which may have been incorrectly configured), for example, a “DEV” Integration Server JNDI connection to a ”TEST” Universal Messaging provider.
- Configuration property feed to other automation tools, e.g., using Command Central (for provisioning, configuration changes or fix installations), the necessary configuration information is retrieved from OpenCM, as opposed to storing them redundantly within external scripts and property files.
- Ability to drive configuration changes from OpenCM (via scripts/UI), i.e., the starting point of any configuration change is driven from the source of truth to the target runtime installations. This means that OpenCM would become part of the overall change process. This also could involve introducing traceability information (i.e., knowing who changed what and when).
- Ability to mirror an existing installation to a new installation, e.g., ability to (on-demand) set up a production-like installation for maintenance purposes with minimal effort.
- Produce various reports: for example, the ability to generate a list of firewall rules required to set up a new environment with source:port and target:port combinations; likewise with load balancer configurations.
Access to the OpenCM tool and documentation can be found at Software AG GitHub® at: https://github.com/SoftwareAG/OpenCM
The larger the Digital Business Platform landscape, the larger the risk of misconfigurations. The larger the organization, the higher the effort to maintain an off-line documentation version of configuration properties. That in turn results in a higher probability that offline information is stale, incorrect, duplicated and lacking coverage. OpenCM should help mitigate many of these issues, thus improving the overall quality of the Digital Business Platform runtime.