DECamds User's Guide

Document revision date: 30 March 2001

DECamds User's Guide

Order Number: AA--Q3JSE--TE

April 2001

This guide explains how to use DECamds software to detect and fix system availability problems. It also explains how to install DECamds.

Revision/Update Information: This guide supersedes the DECamds User's Guide, Version 7.1.

Operating System and Version: Data Analyzer:OpenVMS Alpha and VAX Version 7.2 or later
Data Provider: OpenVMS Alpha and VAX Version 6.2 or later

Software Version: Compaq DECamds Version 7.3

Compaq Computer Corporation Houston, Texas

Compaq, VAX, VMS, and the Compaq logo Registered in U.S. Patent and Trademark Office.

OpenVMS is a trademark of Compaq Information Technologies Group, L. P. in the United States and other countries.

Motif, OSF/1, and UNIX are trademarks of The Open Group in the United States and other countries.

All other product names mentioned herein may be trademarks of their respective companies.

Confidential computer software. Valid license from Compaq required for possession, use, or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor's standard commercial license.

Compaq shall not be liable for technical or editorial errors or omissions contained herein. The information in this document is provided "as is" without warranty of any kind and is subject to change without notice. The warranties for Compaq products are set forth in the express limited warranty statements accompanying such products. Nothing herein should be construed as constituting an additional warranty.

ZK5929

The Compaq OpenVMS documentation set is available on CD-ROM.

Contents Index

Preface

Intended Audience

This guide is intended for system managers who install and use Compaq DECamds software.

Document Structure

This guide contains the following chapters and appendixes:

Chapter 1 describes an overview of DECamds software, where to install DECamds, security features, and customizing security files.
Chapter 2 describes how to start DECamds and use online help. It also describes the System Overview window and the Event Log window.
Chapter 3 describes how to use the DECamds data windows.
Chapter 4 describes how to take corrective actions, called fixes, to improve system availability.
Chapter 5 describes the tasks you can perform to filter, sort, and customize the display of system data using DECamds. It also describes how some of these tasks can optimize the performance of DECamds.
Appendix A contains instructions for installing DECamds.
Appendix B contains a description of all files and logical names created when DECamds is installed and gives examples of the log files that DECamds writes.
The Glossary defines DECamds terminology.

Reader's Comments

Compaq welcomes your comments on this manual. Please send comments to either of the following addresses:

Internet openvmsdoc@compaq.com

Mail Compaq Computer Corporation
OSSG Documentation Group, ZKO3-4/U08
110 Spit Brook Rd.
Nashua, NH 03062-2698

How to Order Additional Documentation

Use the following World Wide Web address to order additional documentation:

http://www.openvms.compaq.com/

If you need help deciding which documentation best meets your needs, call 800-282-6672.

Conventions

The following conventions are used in this guide:

Ctrl/ x A sequence such as Ctrl/ x indicates that you must hold down the key labeled Ctrl while you press another key or a pointing device button.

PF1 x A sequence such as PF1 x indicates that you must first press and release the key labeled PF1 and then press and release another key or a pointing device button.

[Return] In examples, a key name enclosed in a box indicates that you press a key on the keyboard. (In text, a key name is not enclosed in a box.)
In the HTML version of this document, this convention appears as brackets, rather than a box.

... Horizontal ellipsis points in examples indicate one of the following possibilities:

Additional optional arguments in a statement have been omitted.
The preceding item or items can be repeated one or more times.
Additional parameters, values, or other information can be entered.

.
.
. Vertical ellipsis points indicate the omission of items from a code example or command format; the items are omitted because they are not important to the topic being discussed.

( ) In command format descriptions, parentheses indicate that you must enclose choices in parentheses if you specify more than one.

[ ] In command format descriptions, brackets indicate optional choices. You can choose one or more items or no items. Do not type the brackets on the command line. However, you must include the brackets in the syntax for OpenVMS directory specifications and for a substring specification in an assignment statement.

| In command format descriptions, vertical bars separate choices within brackets or braces. Within brackets, the choices are optional; within braces, at least one choice is required. Do not type the vertical bars on the command line.

{ } In command format descriptions, braces indicate required choices; you must choose at least one of the items listed. Do not type the braces on the command line.

bold text This typeface represents the introduction of a new term. It also represents the name of an argument, an attribute, or a reason.

italic text Italic text indicates important information, complete titles of manuals, or variables. Variables include information that varies in system output (Internal error number), in command lines (/PRODUCER= name), and in command parameters in text (where dd represents the predefined code for the device type).

UPPERCASE TEXT Uppercase text indicates a command, the name of a routine, the name of a file, or the abbreviation for a system privilege.

Monospace text Monospace type indicates code examples and interactive screen displays.
In the C programming language, monospace type identifies the following elements: keywords, the names of independently compiled external functions and files, syntax summaries, and references to variables or identifiers introduced in an example.

- A hyphen at the end of a command format description, command line, or code line indicates that the command or statement continues on the following line.

numbers All numbers in text are assumed to be decimal unless otherwise noted. Nondecimal radixes---binary, octal, or hexadecimal---are explicitly indicated.

Chapter 1
Overview of DECamds

This chapter describes the following:

Overview of DECamds
Where to install the DECamds Data Analyzer
DECamds security features

Compaq DECamds is a real-time monitoring, diagnostic, and correction tool that helps you improve OpenVMS system and OpenVMS Cluster availability. DECamds also helps system programmers/analysts to target a specific node or process for detailed analysis, and system operators and service technicians to determine hardware and software issues.

DECamds simultaneously collects and analyzes system data and process data from multiple nodes and displays the output on a DECwindows Motif display. Based on the analyzed data, DECamds detects events and proposes actions to correct resource availability and system denial issues in real time.

DECamds helps improve OpenVMS system and OpenVMS Cluster availability in the following ways:

Availability Alerts users to resource availability problems, suggests paths for further investigation, and recommends actions to improve availability.

Centralized management Provides centralized management of remote nodes within an extended local area network (LAN).

Intuitive interface Provides an easy-to-learn and easy-to-use DECwindows Motif user interface.

Correction capability Allows real-time intervention, including adjustment of node and process parameters, even when remote nodes are hung.

Customization Adjusts to site-specific requirements through a wide range of customization options.

Scalability Makes it easier to monitor multiple OpenVMS systems and OpenVMS Cluster systems over a single site or over multiple sites.

1.1 How Does DECamds Work?

DECamds is a client/server application. It is installed in two parts as follows:

The Data Provider gathers system data and transmits it to the Data Analyzer.
The Data Analyzer receives data from the Data Provider, analyzes the data, and displays it.

A node that has the DECamds Data Provider installed announces its availability, using a multicast LAN message, to any DECamds Data Analyzer that is installed and running. The Data Analyzer receives the Data Provider's availability announcement and a communications link is established.

Note

The Data Provider runs at a high interrupt priority level (IPL), so it gathers data and transmits it to the Data Analyzer even if the Data Provider is on a remote node that is hung. However, because of the high IPL collection, the Data Provider cannot collect nonresident memory data, restricting some data collection in process space.

The Data Analyzer portion of DECamds is a DECwindows Motif application that runs on any OpenVMS Version 6.2 or later system. Although you can run the Data Analyzer as a member of a monitored cluster, it is typically run on an OpenVMS system that is not a member of the cluster being monitored. You can have more than one Data Analyzer application executing in a LAN, but only one can be running at a time on each OpenVMS system.

System data is analyzed and translated into meaningful values and rates that are displayed in DECwindows Motif windows. The data is screened for data points that exceed thresholds that might cause system or OpenVMS Cluster availability problems. The Data Analyzer can also implement various system correction options if authorized to do so.

The Data Analyzer and Data Provider nodes communicate over an Extended LAN using an IEEE 802.3 Extended Packet format protocol. Once a secure connection is established, the Data Analyzer instructs the Data Provider to gather specific system and process data.

Figure 1-1 illustrates the interaction of the Data Analyzer and Data Provider on nodes in a cluster.

Nodes A, C, D, E, F, and H can exchange information with the Data Analyzer. Node B has defined its security to exclude the Data Analyzer from accessing its system data. Node G has not installed DECamds and does not communicate with the Data Analyzer.

Figure 1-1 DECamds Processing

1.2 Where to Install the DECamds Data Analyzer

This section discusses where to install the DECamds Data Analyzer software. You can install and run the DECamds Data Analyzer from either a cluster member or a standalone system outside the cluster. However, Compaq recommends that you run the Data Analyzer from outside a cluster because then you can monitor system information even if the nodes in the cluster pause or hang.

Generally, you can install and run the DECamds Data Provider on any OpenVMS Version 6.2 or later system. Appendix A describes the specific system hardware and software requirements for installing and running the DECamds Data Analyzer.

1.3 DECamds Security Features

DECamds has several security features, including the following:

Private LAN transport
The DECamds protocol is based on the 802.3 Extended Packet Format (also known as SNAP). The IEEE DECamds protocol values are as follows:
Protocol ID: 08-00-2B-80-48 Multicast Address: 09-00-2B-02-01-09
If you filter protocols for bridges or routers in your network, add these values to your network protocols.
DECamds data transfer security
Each node running DECamds as a Data Analyzer or a Data Provider has a file containing a list of three-part codes, called security triplets. See Section 1.3.1 for more information about security triplets.
For Data Analyzer and Data Provider nodes to exchange data, at least one security triplet must match between the files on each system. DECamds Data Provider nodes that have read access allow system data to be viewed by the Data Analyzer node. Data Provider nodes that have write access also allow fixes to be performed by the Data Analyzer node.
DECamds security log
The Data Provider logs all access denials and executed write instructions to the operator communication manager (OPCOM). Each log entry contains the network address of the initiator. If access is denied, the log entry also indicates whether a read or write was attempted. If a write operation was performed, the log entry indicates the process identifier (PID) of the affected process.
OpenVMS file protection and process privileges
When the DECamds Data Analyzer and Data Provider are installed, they set directory and file protections on system directories so that only SYSTEM accounts can read the files. For additional security on these system directories and files, you can create access control lists (ACLs) to restrict and set alarms on write access to the security files. For more information about creating ACLs, see the OpenVMS Guide to System Security.

The AMDS$CONFIG logical translates to the location of the default security files, including the following:

The AMDS$DRIVER_ACCESS.DAT file is installed on all Data Provider nodes. The file contains a list of Data Analyzer nodes to which system data can be sent. It also contains the type of access allowed for each of those nodes.
The AMDS$CONSOLE_ACCESS.DAT file is installed on only those nodes that run the Data Analyzer portion of DECamds. It contains a list of passwords to identify itself to Data Provider nodes.

You can create additional security files in the directory associated with the AMDS$CONFIG logical name. By default, this logical name is assigned to AMDS$SYSTEM. As you customize DECamds, you can change the logical assignment of AMDS$CONFIG to read input files from other locations.

The following sections describe what a security triplet is, where to find the security files, and how to set up your security files.

1.3.1 Understanding DECamds Security Files

A security triplet determines which systems can access system data from the node. The AMDS$DRIVER_ACCESS.DAT and AMDS$CONSOLE_ACCESS.DAT files on the Data Analyzer and Data Provider systems list security triplets.

A security triplet is a three-part record that is separated by backslashes (\). A triplet consists of the following fields:

A network address (DECnet address, hardware address, or a wildcard character)
An 8-character (alphanumeric) password
The password is not case sensitive, so the passwords "testtest" and "TESTTEST" are considered to be the same.
A read or write (R or W) access verification code
For the Data Analyzer, the security triplets that allow write access are listed last in the AMDS$CONSOLE_ACCESS.DAT security file.

The exclamation point (!) is a comment delimiter; any characters after the comment delimiter are ignored.

Table 1-1 describes the detailed format of each portion of the security triplet and then gives some examples for different situations.

Table 1-1 Security Triplet Format
Item Description

DECnet address (area.number) Although DECnet is not required to run DECamds, the DECnet address is used to determine a node's physical address. The DECnet address is created by using the area.number format, where area is a value from 1 to 63, and number is a value from 1 to 1023. This address is modified into a physical address of the form AA-00-04-00-xx-yy to conform to the standard IEEE 802.3 protocol for network addressing. The AA-00-04-00 prefix is associated with the Compaq-owned address. The xx-yy suffix is the hexadecimal representation of the address formula:
area*1024+number

**Table 1-1 Security Triplet Format**
Item	Description
DECnet address (area.number)	Although DECnet is not required to run DECamds, the DECnet address is used to determine a node's physical address. The DECnet address is created by using the area.number format, where area is a value from 1 to 63, and number is a value from 1 to 1023. This address is modified into a physical address of the form AA-00-04-00-xx-yy to conform to the standard IEEE 802.3 protocol for network addressing. The AA-00-04-00 prefix is associated with the Compaq-owned address. The xx-yy suffix is the hexadecimal representation of the address formula: area*1024+number

Note

If you are running on a system with more than one LAN adapter or are running DECnet-Plus networking software, then this format is not valid for you. Instead, you must use the hardware address or wildcard address format for this field.

Item	Description
Hardware address (08-00-2B-xx-xx-xx)	The hardware address field is the physical hardware address in the LAN adapter chip. It is used if you have multiple LAN adapters or are running the DECnet-Plus networking software on the system (as opposed to the DECnet for OpenVMS Phase IV networking software). For adapters provided by Compaq, the hardware address is in the form 08-00-2B-xx-xx-xx, where the 08-00-2B portion is Compaq's valid range of LAN addresses as defined by the IEEE 802 standards and the xx-xx-xx portion is chip specific. To determine the value of the hardware address on a system, use the OpenVMS System Dump Analyzer (SDA) as follows: $ ANALYZE/SYSTEM SDA> SHOW LAN The previous commands display a list of available devices. Choose the template device of the LAN adapter you will be using and then enter the following command: SDA> SHOW LAN/DEVICE=xxA0
Wildcard address (*)	The wildcard character allows any incoming triplet with a matching password field to access the Data Provider node. Use the wildcard character to allow read access and to run the console application from any node in your network. Because the Data Analyzer does not use this field, you should use the wildcard character in this field in the AMDS$CONSOLE_ACCESS.DAT file.

Item

Description

Hardware address (08-00-2B-xx-xx-xx)

The hardware address field is the physical hardware address in the LAN adapter chip. It is used if you have multiple LAN adapters or are running the DECnet-Plus networking software on the system (as opposed to the DECnet for OpenVMS Phase IV networking software).

For adapters provided by Compaq, the hardware address is in the form 08-00-2B-xx-xx-xx, where the 08-00-2B portion is Compaq's valid range of LAN addresses as defined by the IEEE 802 standards and the xx-xx-xx portion is chip specific.

To determine the value of the hardware address on a system, use the OpenVMS System Dump Analyzer (SDA) as follows:

$ ANALYZE/SYSTEM

SDA> SHOW LAN

The previous commands display a list of available devices. Choose the template device of the LAN adapter you will be using and then enter the following command:

SDA> SHOW LAN/DEVICE=xxA0

Wildcard address (*)

The wildcard character allows any incoming triplet with a matching password field to access the Data Provider node. Use the wildcard character to allow read access and to run the console application from any node in your network.

Because the Data Analyzer does not use this field, you should use the wildcard character in this field in the AMDS$CONSOLE_ACCESS.DAT file.

Caution

Use of the wildcard character for write access security triplets enables any system to perform system-altering fixes.

The following steps show how DECamds uses the security triplets to ensure security among DECamds nodes:

A message is broadcast at regular intervals to all nodes within the LAN indicating the availability of a Data Provider node to communicate with a Data Analyzer node.
The node running the Data Analyzer receives the availability message and returns a security triplet that identifies it to the Data Provider and requests system data from the Data Provider.
The Data Provider examines the security triplet to determine if the Data Analyzer is listed in the AMDS$DRIVER_ACCESS.DAT file to permit access to the system.
- If the AMDS$DRIVER_ACCESS.DAT file lists Data Analyzer access information, then the Data Provider and the Data Analyzer can exchange information.
- If the Data Analyzer is not listed in the AMDS$DRIVER_ACCESS.DAT file, or does not have appropriate access information, then access is denied and a message is logged to OPCOM; the Data Analyzer receives a message stating that access to that node is not permitted.

Table 1-2 describes how the Data Provider node interprets a security triplet match.

Table 1-2 Security Triplet Verification
Security Triplet Interpretation

08-00-2B-12-34-56\HOMETOWN\W The Data Analyzer has write access to the node only when the Data Analyzer is run from the node with this hardware address (multiadapter or DECnet-Plus system) and with the password HOMETOWN.

2.1\HOMETOWN\R The Data Analyzer has read access to the node when run from a node with DECnet for OpenVMS Phase IV address 2.1 and the password HOMETOWN.

*\HOMETOWN\R Any Data Analyzer with the password HOMETOWN has read access to the node.

**Table 1-2 Security Triplet Verification**
Security Triplet	Interpretation
08-00-2B-12-34-56\HOMETOWN\W	The Data Analyzer has write access to the node only when the Data Analyzer is run from the node with this hardware address (multiadapter or DECnet-Plus system) and with the password HOMETOWN.
2.1\HOMETOWN\R	The Data Analyzer has read access to the node when run from a node with DECnet for OpenVMS Phase IV address 2.1 and the password HOMETOWN.
*\HOMETOWN\R	Any Data Analyzer with the password HOMETOWN has read access to the node.

Contents

Index

privacy and legal statement

5929PRO.HTML

Internet	openvmsdoc@compaq.com
Mail	Compaq Computer Corporation OSSG Documentation Group, ZKO3-4/U08 110 Spit Brook Rd. Nashua, NH 03062-2698

Ctrl/ x	A sequence such as Ctrl/ x indicates that you must hold down the key labeled Ctrl while you press another key or a pointing device button.
PF1 x	A sequence such as PF1 x indicates that you must first press and release the key labeled PF1 and then press and release another key or a pointing device button.
`[Return]`	In examples, a key name enclosed in a box indicates that you press a key on the keyboard. (In text, a key name is not enclosed in a box.) In the HTML version of this document, this convention appears as brackets, rather than a box.
...	Horizontal ellipsis points in examples indicate one of the following possibilities: Additional optional arguments in a statement have been omitted. The preceding item or items can be repeated one or more times. Additional parameters, values, or other information can be entered.
. . .	Vertical ellipsis points indicate the omission of items from a code example or command format; the items are omitted because they are not important to the topic being discussed.
( )	In command format descriptions, parentheses indicate that you must enclose choices in parentheses if you specify more than one.
[ ]	In command format descriptions, brackets indicate optional choices. You can choose one or more items or no items. Do not type the brackets on the command line. However, you must include the brackets in the syntax for OpenVMS directory specifications and for a substring specification in an assignment statement.
\|	In command format descriptions, vertical bars separate choices within brackets or braces. Within brackets, the choices are optional; within braces, at least one choice is required. Do not type the vertical bars on the command line.
{ }	In command format descriptions, braces indicate required choices; you must choose at least one of the items listed. Do not type the braces on the command line.
bold text	This typeface represents the introduction of a new term. It also represents the name of an argument, an attribute, or a reason.
italic text	Italic text indicates important information, complete titles of manuals, or variables. Variables include information that varies in system output (Internal error number), in command lines (/PRODUCER= name), and in command parameters in text (where dd represents the predefined code for the device type).
UPPERCASE TEXT	Uppercase text indicates a command, the name of a routine, the name of a file, or the abbreviation for a system privilege.
`Monospace text`	Monospace type indicates code examples and interactive screen displays. In the C programming language, monospace type identifies the following elements: keywords, the names of independently compiled external functions and files, syntax summaries, and references to variables or identifiers introduced in an example.
-	A hyphen at the end of a command format description, command line, or code line indicates that the command or statement continues on the following line.
numbers	All numbers in text are assumed to be decimal unless otherwise noted. Nondecimal radixes---binary, octal, or hexadecimal---are explicitly indicated.

Availability	Alerts users to resource availability problems, suggests paths for further investigation, and recommends actions to improve availability.
Centralized management	Provides centralized management of remote nodes within an extended local area network (LAN).
Intuitive interface	Provides an easy-to-learn and easy-to-use DECwindows Motif user interface.
Correction capability	Allows real-time intervention, including adjustment of node and process parameters, even when remote nodes are hung.
Customization	Adjusts to site-specific requirements through a wide range of customization options.
Scalability	Makes it easier to monitor multiple OpenVMS systems and OpenVMS Cluster systems over a single site or over multiple sites.