Cendura's Cohesion 3.5
See how included and configurable blueprints let you manage configuration for network devices while still remaining in favor with the Feds.
June 17, 2005
In revisiting Cohesion, I wanted to check out how well version 3.5 could discover, track and visualize dependencies and relationships among servers and applications. I also wanted to take advantage of the product's new ability to make or undo changes to configuration in real time or use a scheduled batch job.
Cendura Cohesion Support ChartClick to Enlarge |
Version 3.5 also provides rich dashboard views to check inventory and detect configuration changes as well as gather some application data without installing an agent using TCP port scans. But you'll want to install an agent to get a comprehensive inventory of application data to manage and control.
Simple Install
Good • Monitors and reports application changes• Enforces configuration values and parameters• Visualizes server and application dependencies and relationships Bad• Doesn't support network devices• Only IE 5.5+ need applyCohesion 3.5,starts at $150,000. Cendura Corp.,(866) 263-3911,(650) 625-5500. www.cendura.com |
The Cohesion 3.5 installation in our Syracuse University Real-World Labs® was done with the help of a Cendura software engineer. This TLC is provided with any new purchase and makes installation and configuration a breeze.
I chose a Windows 2003 Server with an Intel Xeon 2.40-GHz CPU and 2 GB of RAM to host the Cohesion server. Before running the installation program, I set up a local Microsoft SQL Server 2000 (SP3), created a Cohesion database instance to store configuration data and dedicated a user to access it. Note that the Cohesion server has multiplatform support for servers and agents and can use a variety of databases.
Once my database was in place, a wizard walked me through a default installation and configuration. It laid out Apache Tomcat 3.3 with an AJP (Apache Jakarta Project) connector. I could have used any already installed Java VM version 1.4.1_02 or later, but I chose to use Cendura's version to reduce finger-pointing if there were Java errors. Cendura registered the Cohesion server as a service under Windows and set default server ports to communicate with agents (TCP 8080). After that, Cohesion loaded my Microsoft SQL database and created the server configuration file, and I was ready to access the Web interface.I still needed Microsoft Internet Explorer 5.5+ running on a Windows platform to access the Cohesion Web administration interface. Although I have a lot of these creatures hanging out in the lab, it would be nice to see browser support expanded to other platforms.
I logged in to the UI with the default administrator user ID and password. The administrator manages user accounts and hosts, assigns roles, installs Cohesion agents, and runs advanced service-maintenance commands to run garbage collection, flush caches, reset connection pools and refresh memory usage. As administrator, I could also manage a local database of users or integrate with Active Directory or Sun's Java System Directory Server. I kept it simple and used the local directory to create another administrative user with multiple roles: a specialist to create, configure, modify or delete applications, and an architect to create, manage, modify and delete Cohesion Component Blueprints. Other roles included operator and read-only.
Parts of the Whole
Cohesion presents discovered applications--a collection of software components, such as Apache Web Server and IBM's WebSphere Application Server, discovered on servers or hosts--in a tree view of configuration details, dependencies with other applications and hosts, file system elements, run-time logs, diagnostics, utilities, and component inventory.
Blueprints, the building blocks to an application, contain the metadata for applications to help detect application instances on hosts and facilitate the capture of file system components and database elements. They also help identify inter- and intracomponent relationships and dependencies, as well as locate, analyze and manage configuration data.Cendura provides a library of blueprints for commonly used software on enterprise networks--more than 150 blueprints identify operating systems like IBM AIX, Hewlett-Packard HP-UX, Red Hat Linux, Sun Solaris and Windows. It also identifies directory servers (Active Directory), application servers (Microsoft, Oracle, SAP and Siebel), and messaging queues from IBM WebSphere and Microsoft. If Cohesion doesn't have a prebuilt blueprint for an application, it's easy enough to build one from scratch.
After I discovered hosts using a network scan utility (ICMP Ping), I selected a number of them to install agents. I left a few clients and servers out of the Agent installation and investigated Cohesion's ability to identify applications on hosts without an agent. It was only able to identify the OS and observe an instance of IIS running on Port 80--nothing to write home about. But it did give me a graphical view of dependencies and relationships among clients, Web servers and application servers in a neat graphical view.
During the scan, Cohesion also found many intermediate devices such as routers and switches, but it doesn't support them at this time. It does, however, have some insight into the configuration of F5 Networks' Big-IP load balancer.
I look forward to future support for network devices. But Cohesion has already made me a happy camper by providing in-depth tools to track and manage change for applications running on hosts. I looked at the blueprints for starters.
Blueprints in HandDiscovering all Cohesion's blueprints on all your servers can take some time. I reduced the discovery time by narrowing the number of application blueprints used with the applications in my test bed. I created standard blueprints for operating systems (Microsoft Windows, Red Hat Linux and Solaris) and applications (WebSphere Application Servers with IBM's HTTP Server and Apache 2x Servers) from Cohesion's standard blueprint components. I also created a blueprint for my Asterisk 1.0 server. Once I had my blueprints lined up, I went to discover them on hosts with agents.
Like Cohesion 2.1, version 3.5 identifies applications running on hosts from the blueprints. I easily took snapshots and compared them over time to detect changes in configuration. This time, I could also set rules in applications and component blueprints for default values and compare them to snapshots, as well as take actions to enforce configurations using a "change job" feature.
Change jobs can add, delete and change managed registry keys and values, as well as change configuration parameters. I created a new change job for the Cohesion agent across all platforms and gave it the display name "Cohesion Agent." On two servers, I changed the display name to "Cohesion Man." Then I set-scheduled the change job to work daily. At the appointed time, the change job changed the name "Cohesion Man" to "Cohesion Agent" to enforce a registry key. I repeated this with other registry key values and parameters ad nauseam. All the while, I was kept informed of job results by e-mail, SNMP and reports.
From the Cohesion dashboard, you can review everything from changes detected to application configurations. It also provides access to a number of standard reports that scrutinize agent configurations, application change history, change jobs and more. Reports are available in HTML, XLS and CSV format, and it's easy to change the format of one of the existing report templates and save it as a customized report. The reports can be scheduled, viewed online, printed or saved, but the underlying data cannot be changed. That's good for compliance purposes.
Cendura Cohesion can track and manage change across business applications and enforce configuration values and parameters using an automated scheduler. This is immediately relevant to SOX compliance. After it takes on configuration management for network devices, it will have the mettle to handle enterprisewide configuration management.Sean Doherty is a senior technology editor and lawyer based at our Syracuse University Real-World Labs®. Write to him at [email protected].
You May Also Like