Automated Systems Compliance Assessment With PowerView
PowerView can facilitate configuration compliance for IBM clients who have installed POWER8 and POWER9 systems in their enterprises.
By Alan Wilcox02/01/2019
With the growth of IBM PowerVM* and systems virtualization, accompanied by POWER9* enterprise systems, enterprise clients are now capable of deploying thousands of LPARs (i.e., OS instances) across many systems and sites. Consequently, standardization in provisioning and compliance with best practices has never been more critical—and clients have never been more in need of an automation approach that escalates noncompliance findings for quick identification and resolution. To help address this need, IBM Systems Lab
Services has developed an assessment package called PowerView, which is intended to facilitate configuration compliance for IBM clients who have installed POWER8* and POWER9* systems in their enterprises.
What Is PowerView?
PowerView is developed, maintained and distributed by IBM Systems Lab Services consulting group. It was created in direct response to requests from IBM Power Systems* enterprise clients: They requested a tools package they could use for self-assessments or health checks in their local environments, to enforce conformance to best practices of many configuration parameters and tunables. Their Power Systems estates typically comprise 10-20 or more POWER8 or POWER9 enterprise class system frames, often supporting hundreds of AIX* LPARs across multiple sites.
Throughout PowerView development, IBM Systems Lab Services consultants solicited frequent feedback from clients—both AIX admins and executives—on new requirements. What came across clearly and consistently was the need for a dashboard-based reporting methodology where alerts for non-compliance findings would be generated and escalated or prioritized within the dashboard. As seen in Figure 1, PowerView Entry view is the PowerView dashboard entry panel.
The navigation panel on the left is customized to each client’s Power Systems estate to promote noncompliance findings of event types the client deems critical, such as code levels that aren’t compliant with the client’s standard level or IBM’s catalog.mic and multiple PowerHA* nodes found on the same system frame.
By clicking on any navigation panel entry, users select from a list of hostnames and click through to see device-level details. Clients click three times to view the AIX source file from which the alert was generated and then view the device level summary of findings.
The lower right center of the dashboard is hostname driven and contains one entry (row) per VIO server or AIX LPAR sampled. This portion of the dashboard can be searched or sorted by hostnames within any of the following search arguments:
- Machine serial number
- VIOS or LPAR hostname fragment
- Event (compliance) category with highest error count
- Highest error count per all events analyzed
Why was PowerView Developed?
PowerView was developed in response to client requests for a consumable, non-invasive tools package, easy to maintain and devoid of any agents, which they could utilize to automate compliance to AIX and PowerVM best practices across their large Power Systems estates.
Why is PowerView’s output consumable? Many typical health checks—whether performed by IBM Lab Services, the client or a third party—tend to produce large amounts of configuration and performance information, much of which is already known by the requestor. Therefore, as part of PowerView installation, the Lab Services consultant works closely with the client to identify and prioritize the event categories of greatest concern. These categories are then captured and promoted to the navigation panel of the PowerView dashboard entry view. Here’s how PowerView works:
- Point in time collections on each AIX or VIO server concurrently (the collection program may be shared from an NFS export on the NIM master)
- Transfer collections to AIX or Linux* repository
- Repository Analysis: create CSV files, spread sheets, html and dashboard outputs
- Repository (currently under development): LPM "migrlpar" validation for each LPM candidate LPAR, via ssh call to source and destination HMCs
- Bring up the dashboard and review the information
PowerView provides a shell script containing standard AIX and VIOS commands, to be run either directly on each VIO server or AIX LPAR to be sampled or run from an NFS exported directory. For each host collection a
Referring to Figure 1, if the user selects any ATTN topic to the right of a specific hostname, they are presented with a message category web page. This page contains one line per each compliance issue type. If the user then selects the hostname link on the far left, they are presented with a table containing one line per device for that host. This is where each device’s specific configuration settings are presented. For example, note that five of the 19 AIX/VIOS hosts collected from have an "ATTN LPMFrames." This means one or more resource required by the source frame or source LPAR was not found on one or more of the list of target frames evaluated. Typing "LPMframes" into the search window then brings these five hosts to the dashboard’s hostname section. Their other ATTN data is included (see Figure 2).
Selecting the "ATTN LPMframes" button to the right of any hostname, the user sees first a message category screen. From there, they can either view source files that generated these messages by right-clicking, or they can get details about the missing resource (vlan id or SAN fabric ID0) by left-clicking.
PowerView is available from IBM Systems Lab Services as a Power to Cloud services offering, by using credits resulting from the purchase of Power Systems servers or on a contracted/fee basis.
Alan Wilcox is a senior certified executive I/T specialist in STG Lab Based Services. He can be reached at firstname.lastname@example.org.