...the cockpit for your IT systems


BVQ web server 

  • add scanners, to receive your data
  • activate the alerting, to see your Health Map
  • enable notifications
  • make use of reports

Grafana 

  • BVQ custom Dashboards for your systems

BVQ Expert GUI

  • complex and deep analysis tool


                                                         

vid-forward Requirements

Requirements, Server Name, User & Firewall


BVQ Server requirements

Windows Server 2016 64-Bit & Windows Server 2019

BVQ GUI is also supported on Windows 10 64-Bit

Server

CPU

RAM

HDD C: (free)

For BVQ database
recommended on
free HDD D:

Small sized 

3 GHz,   2 cores

6 GB

10 GB

20 GB
Medium Sizes 

3 GHz,   4 cores

12 GB

20 GB

120 GB
Large Size

3 GHz, 12 cores

48 GB

120 GB

800 GB

BVQ GUI client workstation

3 GHz,  4 cores

16 GB

-

 –

Supported Browsers

Name
Mozilla Firefox
Google Chrome
Apple Safari
Microsoft Edge

 

  • Create a Windows User called bvq and add this user to the Administrator group
  • Please do not name the server bvq



Calculate S, M, L depending on your Environment

as example, just one M or L result means, that we need a M or L size Server.  


VMware vSphere

Environment dimensions

The following categories of environmental dimensions can be managed in a single BVQ instance:

Object

SmallMedium

Large

Max 
vCenter1124
VMs502502.5005.000
VM virtual disks1005005.00010.000
VM SCSI LUNs1002502.5005.000
VM datastores1002502.5005.000

SAN

Environment dimensions

The following size categories can be managed in a single BVQ instance. This is true for both SAN platforms, Brocade and Cisco:

Object

SmallMedium

Large

Max 
SAN SMI Provider1124
SAN Switches41664256
SAN Switch ports12851220488192
SAN Node ports12851220488192
Zones502008003000

Storage

Environment dimensions

The number of managed objects is crucial for the dimension of the BVQ server resources. The following size categories can frequently be observed and can be managed in a single BVQ instance:

Objekt

Small

Medium

LargeMax 

VDisks

250

1.000

10.000

20.000

MDisks

60

250

2.500

5.000

Cluster

2

5

10

30

Hosts

25

100

1.000

2.000



Firewall 

BVQ Server requires access through several ports for communication between scanners and scanned systems and its database.

The following connections are required:

Connection TypeStandard TCP portBVQ ServerBVQ ClientDescription
RDP to BVQ Client3389(tick) ←(tick)Microsoft Remote Desktop Protocol for remote screen sessions
InternetN/A(question)(question)Connection to the Internet for remote maintenance or code-download
SSH to IBM SVC/Storwize/FlashSystem22(tick)(question)Secure shell access to the SVC CLI interface
HTTPS to EMC Dell Unity443(tick)
Web service with HTTPS on Unity System API
HTTPS  to VMware vCenter443

(tick)


Web service with HTTPS on VMware vCenter API
HTTPS  to IBM HMC (PowerVM)12443(tick)
Web service with HTTPS on PowerVM HMC API
HTTPS  to NetApp443(tick)
Web service with HTTPS on NetApp ONTAP System API
HTTPS to Brocade SAN switch443(tick)
Web service with HTTPS on Brocade SAN switch API
SMI provider to BNA5989(tick)
SMI interface to Brocade Network Advisor
MongoDB27017(tick) ←→(tick)Access to MongoDB
BVQ Server Web UI80(tick) ←(tick)Access to BVQ Server Web UI
BVQ Server Grafana3000(tick)(tick)Access to BVQ Grafana Web UI
BVQ SSH Server (AIX OS Agent)2222(tick)
BVQ SSH server which is used to receive data from AIX instances

Legend: (tick) mandatory connection, (question) optional connection, → outgoing connection, ← incoming connection






vid-backward Welcome to BVQ vid-forward Installation







Start the Installation

We recommend to connect to your windows server with a local "bvq" user(which should be a member of the administrators group).


Open the install file as an administrator


Installation Wizard

The installation wizard uses default values,

you are able to install and run BVQ with these values.

Default    MongoDB/BVQ    Credentials
bvqP@ssw0rd
Default    local\Windows    Credentials
bvqP@ssw0rd


During the installation you are to be asked, to end all BVQ services, this is due to the fact, that BVQ Installations and Updates work in the same way.

You do not have to fill in a domain name, if you are using a local user,
if you are using a domain user, as you do not want to have a local users, you have to fill in the correct domain name.

Finish the Installation

With clicking the final finish button the wizard will close and BVQ WebGUI will open up (Internet Explorer is not supported).

To reach the BVQ WebGUI the specific services will start, which can take up to a few minutes, after the installation.


vid-backward Requirements vid-forward First Start









Access the BVQ Server

the default address is


First start

The first login after an update or an installation you will be shown the BVQ Maintenance page.

There you need to start the schema adjustments and Activate Demo, after this task you will be redirected to the BVQ main page.

Depending on your browser, it may be necessary to clear the cache, when the sites are not loading or the screen is flickering.



The default BVQ credentials are:

userpassword
bvqP@ssw0rd


vid-backward Installation vid-forward Storage Preparations







SVC user

System preparation steps

Create a BVQ user on the system

For the communication of the BVQ SVC Scanner with the SVC CLI a user account on each SVC is mandatory, which should be at least member of the group 'Monitor'.

We recommend to create a separate user named: "bvq"

BVQ only supports user authentication via password.

*Unfortunately, before SVC Version 8.4 the performance monitoring of an SVC / Storwize cluster without the permission level 'Administrator' is not possible so far as for copying the performance statistics files from the other nodes into the config node the CLI command svctask cpdumps is mandatory. This is the only administrator-level command initiated by the BVQ SVC scanner. For all other used commands (svcinfo lsxxx) the permission level 'monitor' would be sufficient. 

User creation step by step

With SVC CLI:

SVC CLI
svctask mkuser -name bvq -usergrp Monitor -password P@ssw0rd

# For code level lower than 8.4 use:
svctask mkuser -name bvq -usergrp Administrator -password P@ssw0rd

With SVC Web GUI:

  1. Please Browse with a web browser to the following URL: https://<cluster ip address>/gui#users-users
  2. Log in with a user in the group SecurityAdmin (superuser)
  3. Click on 'Create User" and fill in the following dialogue as following:
    1. Choose "Monitor" ("Administrator" for code Level lower than 8.4) in the field "User Group"
    2. Configure a password in the field "Password"
    3. A SSH public key is not required for BVQ and we recommend not to configure it.

Check SSH access for free sessions

The number of simultaneously opened SSH sessions is limited in the SVC/Storwize to 32 sessions. If sessions are used by other applications, it should be ensured that 4 SSH sessions are free to be usable for by BVQ.

Check NTP, time and time zone

The time and the time zone of the SVC/Storwize systems have to be set correctly.

Please check if an NTP server is configured: we strongly recommend to use an NTP server to synchronize the time of all systems (SVC Nodes, Windows):

SVC CLI
svctask chcluster -ntpip <IP address of NTP Server> ### Example: svctask chcluster -ntpip 9.20.165.16


Please check whether the time zone is set correctlythe time zoneof all systems (SVC, Windows) should be set to the same value:

SVC CLI
svctask settimezone -timezone 360 ### Timezone 360: Europe/Berlin


At the end please check  whether  the expected time is actually displayed:

SVC CLI
svqueryclock ### Check the cluster's current date and time

Check performance statistics interval

The SVC performance statistics are generated regularly (in intervals) by the SVC and picked up by the BVQ SVC Scanner. BVQ supports all intervals possible in the SVC (1min to 60min). We recommend to set the time interval to 1 minute.

SVC CLI
svcinfo lssystem | while read key value; do [[ "$key" =~ ^(statistics_status|statistics_frequency)$ ]] && echo "$key $value"; done
statistics_status on
statistics_frequency 1


Set the statistics interval time:

SVC CLI
svctask startstats -interval 1 ### Set SVC Perf Statistics Interval (possible values 1-60)


Clear old performance statistic files on all nodes. It is not certain that they were created at the same point in time or they may contain no longer existing nodes.

SVC CLI
svcinfo lsnode -nohdr | while read id rest ; do svctask cleardumps -prefix /dumps/iostats $id ; done

Gather information for BVQ Scanner configuration

BVQ scanners need the following information to be configured for each System.

In addition to the BVQ licensed IBM Spectrum virtualize systems (SVC), BVQ Scanners should also be configured for each BVQ supported backend system behind them. Such Systems are already covered by your BVQ license and can be added without additional cost, but be aware to have them included in your BVQ license key file.

For each IBM storage system:

  • Cluster IP address or hostname
  • Cluster user ID and password (Administrator privileged)





Netapp user

NetApp ONTAP user

A user is required for the operation of the BVQ Scanner, which should at least have readonly Role permissions on the ONTAP Cluster.

Please create this user before the configuration of the BVQ Scanner.

We recommend the name: bvq



Ontap CLI
sec login create -user-or-group-name bvq -application http -authentication-method password -role readonly

sec login create -user-or-group-name bvq -application ontapi -authentication-method password -role readonly






Dell EMC Unity user

Unisphere user

A user is required for the operation of the BVQ Scanner, who should at least have Operator Role permissions.

(warning) Please create this user at your Unity System before the configuration of the BVQ Scanner. We recommend to name the user: bvq

Gather information for BVQ Scanner configuration

BVQ scanners need the following information to be configured for each Dell EMC Unity System:

  • Cluster IP address or hostname
  • Cluster user ID and password of the bvq user


                                               

vid-backward First Start vid-forward Network Preparations






Brocade SAN Switch preparation

A separate Brocade SAN (REST) scanner instance for each fabric has to be configured. For switches having virtual fabrics enabled, a scanner instance for each virtual fabric ID is required.

All Brocade SAN switches running FOS 8.2.1 or higher support REST API and can be used in such scanner configurations. Switches running on lower FOS levels, cannot be scanned and hence will be ignored by BVQ (see Supported Brocade systems).

It is recommended to use the fabric principal as the seed switch in the scanner configuration. Other switches in the same fabric are discovered automatically by the scanner configuration.

Switches in access gateway mode are not part of the fabric, and hence, have to be added to the configuration manually.

Brocade SAN Switch user

FOS REST API function calls are permitted or denied based on user privilege configurations determined by the role-based access control (RBAC) functionality in Fabric OS.

For switches running FOS 9, the user needs at least the permissions of the default role basicswitchadmin.
For switches running FOS 8.2.x, the user needs at least the permissions of the default role admin.
For all versions, there is no support for default switch role user, because it has no permission to observe the RBAC class configure, that BVQ needs to gather information about the switch configuration.

Depending on the specific FOS level, the following user has to be added on each and every switch you want to scan:

Add BVQ user via FOS CLI (switches with VF)
FOS 9.x:
userconfig --add bvq -r basicswitchadmin -c basicswitchadmin -l 1-128 -h 128 -d "BVQ Scanner User" -p ChangeMeP@ssw0rd
passwd bvq
> <final_password>

FOS 8.2.x:
userconfig --add bvq -r admin -c admin -l 1-128 -h 128 -d "BVQ Scanner User" -p ChangeMeP@ssw0rd
passwd bvq 
> <final_password>
Add BVQ user via FOS CLI (switches without VF)
FOS 9.x:
userconfig --add bvq -r basicswitchadmin -d "BVQ Scanner User" -p ChangeMeP@ssw0rd
passwd bvq
> <final_password>

FOS 8.2.x:
userconfig --add bvq -r admin -d "BVQ Scanner User" -p ChangeMeP@ssw0rd 
passwd bvq 
> <final_password>

Gather information for BVQ Scanner configuration

BVQ scanners need the following information to be configured for each Fabric:

  • Switch IP address or DNS name
  • Switch access - http or https
  • Switch user and password
  • Port number
  • SSL / HTTPS certificate handling

    Add BVQ user via FOS CLI (switches without VF)
    seccertmgmt show -cert https

    If you want to enable the BVQ Scanner Switch Check SSL certificate, you need to install a non self signed certificate on the switch.

  • Virtual fabric enabled/disabled & VF ID





Brocade SAN (BNA) preparation

Brocade SAN BNA / SMI Server

Important requirement: a separate system/server is needed to run the Brocade SMI Server, that scans all the switches.

Brocade SAN BNA / SMI Server user

For the operation of BVQ Brocade SAN Scanner, a user is required on the SAN BNA or Brocade SMI Server.
The user
should at least have "Operator role" and AOR (Areas Of Responsibility) ="All Fabrics, All Hosts".
(warning) Please create this user before configuring the BVQ Scanner. We recommend to name the user: bvq


Example:

Gather information for BVQ Scanner configuration

BVQ scanners need the following information to be configured for each System.

For each Brocade SAN / Switch:

  • Cluster IP address or hostname
  • Cluster user ID and password (Administrator privileged)




Cisco SAN preparation

Cisco SAN Scanner

Cisco SANs are scanned using the Cisco DCNM. Data for all SAN fabrics managed by the DCNM are automatically collected by a single Cisco SAN scanner instance. Data is collected using SMI-S.

Cisco DCNM user

A user with operator perspective is sufficient for BVQ to collect data from the DCNM (user role "network-operator"). Users with admin perspective will also work (user roles "global-admin", "network-admin", "san-admin", or "san-network-admin").

Gather information for BVQ Scanner configuration

BVQ scanners need the following information to be configured for the DCNM:

  • DCNM server IP address or DNS name
  • DCNM user and password for the bvq user
  • Port number (default: 5989)
  • SSL certificate handling
  • namespace (default: cimv2)



                                               

vid-backward Storage Preparations vid-forward Compute Preparations






IBM PowerVM preparation

Create an HMC user for BVQ

A user is required for the operation of the BVQ PowerVM Scanner who should at least have read-only (hmcviewer) access to the HMC.

(warning) Please create this user before configuring the BVQ Scanner. We recommend to name the user "bvq"

(warning) Please open the user properties dialogue and select "Allow remote access via the web"

Add User dialogueUser Properties dialogue

Enable performance data collection

BVQ can only collect performance statistics if "Data Collection" on the managed systems and LPARs is enabled.

BVQ Scanner configuration

To configure a PowerVM scanner in BVQ the following information is required:

  • IP address or hostname of the HMC
  • User and password of the HMC user for BVQ

(warning) Typically two redundant HMCs manage the same IBM Power systems. Please make sure that only one scanner for one of the HMCs is being created to avoid duplication in BVQ.







OS Agent for AIX & Linux preparation

BVQ Server preparation

AIX and Linux are the first BVQ platforms where data is not pulled from the systems by the BVQ scanner. Instead, data is sent (pushed) from the OS on the LPARs to the BVQ Server by an BVQ OS Agent using SCP. This means, an ssh-server on the BVQ Server is receiving data from the OS instances. Once an AIX or Linux BVQ Scanner is configured, the ssh-server is being started and listening on port 2222.

Important

Please ensure that port 2222 is not blocked by a firewall!

BVQ Scanner configuration

To configure an AIX or Linux BVQ scanner the following information is required:

  • NAME - Name of the AIX or Linux scanner
  • INSTANCE GROUP NAME - Select a name which is used to group all AIX or Linux Instances (=partitions) together that are running the BVQ OS Agent for AIX or Linux
  • USERNAME - This user authorizes the SCP transfer from the AIX or Linux Instances to the BVQ Server. It will be configured during the installation process

OS Agent installation

The BVQ Agent for AIX or Linux RPM installation package is automatically generated once a new BVQ AIX or Linux scanner configuration is being created in the BVQ WebUI. After the "Save"-button is pressed, the RPM package is automatically generated and can be downloaded directly. Further installation instructions can be found in the scanner configuration page or the readme included in the RPM download package.

OS User requirements

OSusergroupRestrictions
AIXrootsystemnone
AIXothersystemNo stats for FC adapters
AIXotherstaffNo stats for FC adapters and LV, VG objects
Linuxrootrootnone (other uid / gid not supported)

Alternatively, the BVQ AIX agent can be rolled out automatically to many systems using an AIX NIM server. The download package for AIX includes a script that helps configuring the NIM server.

Important!

It is essential that BVQ Server and AIX/Linux clocks are in sync. Please ensure that NTP is configured and active on all monitored systems and the BVQ Server!

The OS Agent cannot be installed or upgraded as long as NTP is not configured!







VMware vSphere preparation

A user is required for the operation of the BVQ VMware Scanner, who should at least have read-only access to the VMware vCenter system. The read-only permission for the user must be defined at the vCenter level. Permissions in a lower level (e.g. Datacenter, Cluster, ...) will lead to scan errors.

(warning) Please create this user before configuring the BVQ Scanner. We recommend to name the user: bvq

Create or select the right user role

  • Go to user roles

  • Duplicate (1) the read-only role and store it as BVQ-Read-only (2) and add the following privileges (3)
    Datastore - browse datastore
    Profile driven storage - view
    Storage views - view

Create the BVQ User for the vCenter

  • Create the bvq user with the role "BVQ-read-only"
    create it as vsphere.local or as AD user - please remember to add it correctly into the scanner dialog later

  • Add the user to the vCenter
    Add the  user to the vCenter (4) and do not forget to define it for all children

Add the right vCenter Statistics

  • Interval duration has to be 5 minutes
  • Level 2 is sufficient for standard VMware
    Level 3 should be used for VSANs


vCenter CPU usage during BVQ performance scan

During the BVQ performance scan of a vCenter server the CPU usage of the vCenter server will increase. Please monitor the vCenter server utilization depending on the workload to avoid performance degradation.

Gather information for BVQ Scanner configuration

BVQ scanners need the following information to be configured for each vCenter system:

  • vCenter IP address or hostname
  • vCenter user domain
  • vCenter ID and password of the bvq user


Preparation for the BVQ Server

For BVQ Servers which are gathering information from NetApps and vCenters, the correct DNS configuration is important.
Make sure that the BVQ Server, NetApp systems and vCenters are in the same domain and have the same DNS server configured. 

This is required to match the DNS-Name of the NFS Datastores to the corresponding IP Adresses of the NFS file shares on NetApp systems.





                                               

vid-backward Network Preparations vid-forward Connect Scanners




Add a platform-specific scanner


BVQ uses data, collected by scanners from the connected systems. The scanners are product-specific and are managed in the scanner area.

Open "Scanner" and "Scanner configuration"




Configure the scanner


"Name" the scanner

"Hostname" is the FQN or the IP

The Credentials are used for the connection to the specific system, which will be scanned.

The default values do not have to be changed

If you are configuring a Brocade scanner, you may need to use the Discover Fabric button.

If you are configuring a VMware scanner, you need to add the "/sdk" behind the URL.

Press Save & Exit 




Scanner delay

due to the different amount of data it is possible that the scanners will need quite some time to move to a green state

                                               

vid-backward Compute Preparations vid-forward Alerting






Activate the Alerting

With this step, you will take the BVQ Systems Health map into operation.

Navigate to the main tab ALERTING and then to the sub tab Configuration.

The Alert rules are categorized by systems and chapters.

Initially all predefined alert rules are disabled.

Enable some (slider) or all alert rules for the systems applicable to your environment.






System Health Map

After enabling the alert rules, the System Health Map will be ready.

Navigate to the main tab ALERTING and then to the sub tab Results.

Mouseover an alert rule, will give you a short summary of the results of the alert rule. 

By simply clicking on an section or alert, the shown area will be changed. By clicking into the center, you can drill up again.

                                               

vid-backward Connect Scanners vid-forward Monitoring with Grafana



Start Grafana monitoring in the web browser

Use http://localhost:3000 from the BVQ Server

Use http://<name of BVQ Server>:3000 if you access the BVQ server from any other workstation

When you start Grafana, use the user bvq with the password P@ssw0rd


Move to Dashboards and Browse


There you can open up the specific System and the specific Dashboard

vid-backward Alerting














  • No labels