NDS iMonitor Basics Continued
Articles and Tips: article
Senior Research Engineer
Novell AppNotes
kburnett@novell.com
01 Feb 2003
This month let's continue our overview of NDS iMonitor. Once we are familiar with its power and flexibility, we can use it to solve some practical eDirectory problems.
As I stated last time, NDS iMonitor is a utility that ships with all versions of eDirectory. It provides slick diagnostic capabilities to all of your servers in your eDirectory tree. Since it is web-based, NDS iMonitor allows you to monitor your servers from any location on the network--as long as you have a web browser available.
Agent Summary Screen
Viewing NDS Server Health
If we go to the Agent Summary page, which is typically the page that comes up when you first invoke NDS iMonitor, you can view the health of all your NDS servers on the network. This includes synchronization information, agent process status, and the total number of servers known to your eDirectory tree. Let's look at each of these items a little closer
Agent Synchronization Summary.
The Agent Synchronization summary gives you a lot of information about your directory replicas, including the number and types of replicas in your tree, and the amount of time since they were successfully synchronized. Also, you can view replica errors for each type of replica in your tree. If you have only one replica or partition to view, the heading will read Partition Synchronization Status.
Servers Known to Database Totals.
You can see all of the servers known to your directory tree and determine whether they are up or down.
Agent Process Status Totals.
This screen allows you to keep track of events that are picked up by the NDS iMonitor agents running on all the servers in your directory tree. When an agent records some information, the count is incremented, with the latest error being displayed under the Type heading.
Viewing Partition Synchronization Status
Clicking over to the Agent Synchronization page allows you to view the synchronization status of your partitions. The information displayed may be filtered by selecting options listed in the Assistant frame, which is located on the left side of the screen. Let's look at the data presented in more detail.
Agent Synchronization Screen
Partition Synchronization Status.
This is the major heading that holds information about the partition, errors, last successful synchronization, maximum ring delta, and replica's perishable data delta.
Partition.
This option allows you to view the links to that partition's Replica Synchronization page.
Last Successful Sync.
This value shows the amount of time since all the replicas of a given partition successfully synchronized from the server. Since my server only has one partition, only one time is listed. In my case, this occured .004 of a second ago.
Maximum Ring Delta.
This value shows the amount of time it takes to synchronize all the data that is waiting to be synchronized across the network. For example, if you change your login script, and there's a maximum ring delta of 15 minutes, it will take a least 15 minutes for the updated login script to be accessible from all partitions in your network. If Unknown is listed under Maximum Delta Ring, then (due to synchronization issues) the maximum Delta Ring cannot be caluculated. Wait a few minutes and check back.
Replica's Perishable Data Delta.
This entry lists the amount of data on the partition which has yet to be successfully replicated and would be lost if the server went down immediately. For example, if you lost the hard drive where your directory database (DIB) resides, the changes made on this machine in the last time frame x (Perishable Data Delta) have not been replicated to another machine and would be lost from the system, as if they had never happened.
Viewing Server Connection Information
From the Agent Configuration page, click the Agent Information link in the Assistant frame. This will bring up the Connection Information screen. The functionality available on this screen will depend on your current connection rights and the version of eDirectory or NDS that you are looking at. A description of the information available on the Connection Information Table includes the following:
Server.
This is the fully distinguished name of the server whose connection information you are viewing.
Server Referral.
You can view the set of addresses by which your server can be reached. Depending on the transport, configuration and platform you are running on, you might not see this information. The information, if listed, shows that iMonitor has attempted an IP ping to the set of addresses being advertised for the server. Success is as indicated.
DNS Name.
If there is a TCP address listed in the Server Referral window, click on the address to display the DNS name just above the Connection Information window. This information, if listed, shows that iMonitor has attempted to do an address reversal on the IP address(es) that are supported by the server and it is indicating the associated DNS name.
Address.
The IP address of the server that you are viewing.
NDS Build Number.
The Internal NDS build number for the version of NDS/eDirectory that you are viewing.
Current Time.
The current time and date as seen by the server that eDirectory/NDS is running on.
Time Synchronized.
Indicates if the time on the server you are looking at has been synchronized with that of your network. eDirectory/NDS believes that time is synchronized well enough to issue time stamps that are based on the server's current time.
The time synchronization protocol might or might not currently be in a synchronized state. Time Synchronized indicates that synthetic or future time is not being used unless a replica's last-issued time stamp is greater than the current time.
Time Delta.
You can view the difference in time between iMonitor and the remote server down to seconds. A negative value indicates that iMonitor's time is ahead of the server's time; a positive value indicates that iMonitor's time is slower than the server viewed. 0 indicates that time is synchronized.
Root Most Master.
This specifies the replica that is highest or closest to the root of the naming tree is a master replica. The word TRUE indicates this.
Replica Depth.
If this value is 0, then there is only one replica in your directory tree. Otherwise, you can view the depth of the Root Most Replica, which is the number of levels between the Root Most Replica and the root of the tree.
OS.
This value indicates the Operating System on which eDirectory/NDS is running.
DS Vendor.
The company who developed this version of eDirectory/NDS. This will be Novell, Inc.
Hardware.
This lists the type of computer hardware on which the directory is running.
First Bindery Context Set.
This lists the first bindery context that you have set. If you only have one bindery context, it will be shown here.
Schema Root.
Clicking on the number next to the Schema Root will display a page showing you everything you ever wanted to know about your server's Root Schema.
Pseudo Server.
With eDirectory and NDS, it is not possible to have every server object on every other server for immediate access since there can only be one object per server. The Pseudo Server object allows a given server to maintain information about all the other servers on the network from a local perspective.
This object contains information such as the server's real name, private key (for authentication), and pertinent cached information. Using the Pseudo Server object(s), the Agent can get all server(s) information without having to request the information from the actual server(s).
Context DN.
The actual context in which the server you are getting information from (Agent) resides.
Viewing Known Servers
The Known Servers List allows you to view a list of servers known to the DIB of the source server; this is the server whose Agent you are pinging. You can filter the list to show all known servers to the DIB or to show all servers in the replica ring. If a server has an icon at the left of it, the server participates in a replica ring. The following details some of the information you can retrieve from this page:
Entry ID.
The Entry ID column lists the identifier on the local server for an object. Entry IDs can't be used across servers.
NDS Revision.
The NDS Revision column lists the NDS build number or version being cached or stored on the server with which you are communicating.
Status.
The Status column shows whether the server is up, down, or unknown. If the status shows as unknown, this means the pinged server has never needed to communicate with this server.
Viewing Replica Information
Clicking on the Partitions page allows you to view information about the replicas on the server you are communicating with. You can filter the page by selecting from the options in the Assistant frame on the left side of the page. Some of the information you can see includes:
Partition.
You can view information about the partition Tree object on the server.
Purge Time.
Data that has been deleted before the listed purge time can be removed from the DIB because all replicas have seen the deletion.
Last Modification Time.
You can view the last-issued time stamp of data written to the database for the replica. This lets you see if time is in the future and if synthetic time is being used.
Replica Synchronization.
You can click on the Replica Synchronization Summary page that refers to the partition. The Replica Synchronization page shows information about the partition synchronization status and replica status. You can also view lists of partitions and replicas.
Controlling and Configuring the DS Agent
From the Agent Configuration page, you can control and configure the DS Agent. The functionality you have at this page will depend on your current connection rights and the version of eDirectory/NDS you are viewing. Some of the things you can configure are as follows:
Agent Triggers.
You can use agent triggers to initiate certain background processes. These triggers are the equivalent to the SET DSTRACE=* option command. The triggers you can set include, Janitor, Purger, Limber, Assume All Server Up, Replication, Schema Synchronization, and Reference Check.
Background Process Settings.
You can use background process settings to modify the interval at which certain background processes run. These settings are equivalent to the SET DSTRACE=! option command. The settings include Backlink/DRL Interval, Outbound Sync Interval, Janitor Interval, Cleaner Interval and Schema Sync Interval.
Agent Synchronization.
You can use agent synchronization to disable or enable inbound or outbound synchronization. You can also specify (in hours) the amount of time you want synchronization disabled.
Database Cache.
You can configure the amount of database cache used by the DIB engine. Various cache statistics are also provided to assist you in determining whether you have an appropriate amount of cache available. Having an inadequate amount of cache can severely impact your system's performance.
Viewing Trace Option Information
From the Trace Configuration page, you can configure trace settings. NDS iMonitor's DS Trace is a server-centric feature. That is, it can only be initiated on a server where NDS iMonitor is running.
If you need to access this feature on another server, you must switch to the NDS iMonitor that is running on that server. As you upgrade servers to eDirectory 8.5 or later, iMonitor's server-centric features will be more available to you.
To access information on the Trace Configuration page, you must be the equivalent of Administrator on the server or a console operator. You are prompted to enter your username and password so your credentials can be verified before you can access information on this page.
Trace Configuration Screen
Some of the features on the Trace Configuration page include:
Submit.
You can submit changes to Trace Options and Trace Line Prefixes. If DS Trace is Off, click Submit to turn it On. If DS Trace is already On, click Submit to submit changes to the current trace.
Trace On/Off.
You can turn DS Trace On or Off by using this button. The button text will change based on the current DS Trace state. If DS Trace is On, the button text will say Trace Off. Clicking it turns DS Trace Off and vice versa. When DS Trace is Off, clicking Trace On is the equivalent to clicking Submit.
DS Trace Options.
These options apply to the events on the local DS agent where the trace is initiated. The options show errors, potential problems, and other information about eDirectory/NDS on your local server.
Turning on DS Trace options can increase CPU utilization and might reduce your system's performance. As a result, DS Trace should generally be used for diagnostic purposes. These options are a more convenient equivalent of the SET DSTRACE=+ option command.
Trace Line Prefixes.
These options allow you to choose which pieces of data are added to the beginning of any trace line. They include Time Stamp, Thread ID, and Option Tag. All trace line prefixes are selected by default.
Trace History.
This option allows you to view a list of previous trace runs. Each previous trace log is identified by the period of time, during which the trace data is being gathered.
Viewing Process Status Information
From the Agent Process Status, you can view background process status errors and more information about each error that occurred. You can filter the information on this page by selecting from the options listed in the Assistant frame on the left side of the page. Background process status that are currently reported include:
Schema synchronization
Obituary processing
External reference
Limber
Viewing DS Repair Information
Click on the wrench icon found in the NDS iMonitor tool bar. From the DS Repair page, you can view problems and back up or clean up your DIB sets. NDS iMonitor's DS Repair is a server-centric feature, so it can only be run on the server where you are running iMonitor. If you need to access the DS Repair information on another server, you must switch to the NDS iMonitor running on that server. As you upgrade more servers to eDirectory 8.5 or greater, NDS iMonitor's server-centric features will be more available to you.
As was stated with DSTrace, you need to be Administrator or equivalent or a console operator to access information on the NDS Repair page.
Some of the features on this page include:
NDS Repair Switches.
You can use the NDS Repair switches to fix problems, check for problems, or create a backup of your database. The options available on this page are determined by the selections you make prior to accessing this page. For example, if you browse a partition object and then click Repair, the Replica Repair options are shown. If you browse a non-partition object before clicking Repair, you will see that Since Object Repair is presented as an option instead of Replica Repair.
NDS Repair Advanced Switches.
Use the advanced switches to fix problems, check for problems, or create a backup of your database. You will not need to enter information in the Support Options field unless you are directed to do so by Novell Technical Support.
Start Repair.
This button does just what it says, starts the repair process after you have made all of your selections.
Conclusion
This month we have looked further at some of the features of NDS iMonitor. Next month we'll use NDS iMonitor to solve some eDirectory/NDS issues.
* Originally published in Novell AppNotes
Disclaimer
The origin of this information may be internal or external to Novell. While Novell makes all reasonable efforts to verify this information, Novell does not make explicit or implied claims to its validity.