The Need for End to End Awareness

Best Practices No Comments »

In the past week I’ve had two customers mention how they are lacking / need an “End to End Awareness” for their environment. They both mentioned how their Host and SRM tools are device specific and while great in some respects they failed to provide a comprehensive view of their environment’s performance.

This drew me back to my own days as an end user when all the SMI-S compliant tools that were at my disposal gave me wonderful topologies, capacity planning features and end to end views but failed to provide the ‘awareness’ on performance I craved. Worse still I was often guilty of still zoning and provisioning with the legacy SAN switch management tool or the Storage Array Management Console, despite all the APIs that were running in my heterogeneous environment to give me that ‘single management pane’. The simple reason was despite all the management capabilities, I was concerned that I still needed the legacy tools to get some detailed picture of what impact my changes would have on the environment’s performance. In hindsight even this wasn’t good enough as I was depending on averaged out / polling intervals that gave me metrics which were unable to go the millisecond granularity I needed.

Hence another one of my personal conundrums as a Solutions Consultant for Virtual Instruments: Our solution offers the Awareness of performance that allows you to see every single I/O from HBA to Switch port to LUN that complements the SRM and device specific tools that already exist. We are able to measure every single FC transaction down to the millisecond. So while it’s great that I am now able to explain to customers this unique solution that provides the granular End to End Awareness of performance that I also personally craved, I’m now no longer an end user and hence can’t take advantage of the platform myself!


howto No Comments »

How to “ping” a system using SNMP… but why? We all know that Ping is an ICMP protocol-based tool, and that firewalls treat different protocols, well, differently.

Clearly, if an ICMP round-trip or timed decay works, then there is some routing, but that doesn’t prove, nor disprove, that SNMP gets through.

The most direct method would be a basic “hi, what’s your name?”:

snmpget -t 5 -r 2 -v 1 -c public

In essence: “timeout 5s, retry 2”, “version 1, authentication: community: public”, that’s to be expected, and will flex in different protocols.

The IP address is obvious too; the OID is the “what’s your name?” part:
$ snmpget -t 5 -r 2 -v 1 -c public
SNMPv2-MIB::sysDescr.0 = STRING: Linux UberHugeDiskNAS #1594 Fri Feb 25 19:01:31 CST 2011 ppc

The equivalent in sapwalk2.exe?

sapwalk2.exe -v v1 -c public -i -s -n 1
#sapwalk: ver 2.7
#Copyright (c) 1994-2006 SIMPLESOFT Inc.
#Address=, StartOid=
#TimeOut=90000, MaxRetries=3, CompareFlag=0, DebugFlag=0 , OctetString , Linux UberHugeDiskNAS #1594 Fri Feb 25 19:01:31 CST 2011 ppc
#ERROR: Walk terminated as max variable count [1] exceeded.

(too easy!)

XPathSet in Java

howto No Comments »

After thrashing with sed, awk, and various other attempts to cleanly edit XML, I kept thinking “why don’t I use xpathset”?

xpathset is a tool based on an example in xmlsoft — I’ve got a copy on my cnp-tools project — but it runs on Linux, and my employer uses Windows for all supported installs of its Java-based product. That seems a non-happener.

Sometime last night, I remembered that we are a Java company, and I can compile and share Java code without incurring support issues, additional compiler toolchains, licenses, etc while still leveraging the underlying strength of my coworkers where needed.

From 7pm to 9pm I built using to effect behavior similar to xpathset; it took another 4 hours to clean up and document, but it’s available if you would like to re-use it. Although I didn’t open up xpathset while I was working (xpathset based on an xmlsoft example, hence MIT license), I’m certain I reused the same concepts I used in that tool, so I should license as MIT.

In this example, we are (and it is sequential!):

  1. load input.xml
  2. registering “textfile.txt” as the replacement value
  3. searching for XPath “//ScanTask[@name=’scanExample1′]/@file” and replacing all matches for “textfile.txt”
  4. writing the result to output.xml

The example I did this for is a filename fix in an Axeda EDD_TEXT.xml file. It is possible to read and write the same file, effecting an in-place edit — with Axeda, there may be a timing issue: I’ve found that the file cannot be written on occasion.

The side-effect of the underlying javax.xml.transform technology used is that the attributes are alphabetized on the way in or out of the DOM, so don’t be too surprised if your attributes are re-ordered. Also, indentation may change.

Changing IT Role in News Publishing Company

Best Practices, EMC World No Comments »

During one of the “cattle call” lunches at EMC World last week, I sat with an operations manager from a leading U.S. news publisher, who had an interesting observation on how the role of IT has changed at his company.

He reminded me that today, publishing no longer means just “paper.”  For new-age publishers, their bread and butter consists of assimilating, publishing, indexing, and archiving online content.  Their business, in effect, rides on the Internet, and their readers expect no latency in their online apps.  The benchmark is really the physical experience of reading a book, magazine, or newspaper.  There are a lot of news publishers on the Web, so the penalty for downtime or slowdowns is immediate … people go elsewhere.

Beyond just current news, this publisher has to maintain a massive archive of articles.  Because of the huge spikes in readership on an hourly or daily basis, this news leader makes heavy use of virtualization to help balance the load.

Because of this, virtualization tracking and guaranteeing performance are major challenges.  The old ways that sort of work in the purely physical world really aren’t working for them, so they are looking for better measuring and monitoring tools.  He said that his current tools will alert his team to problems, but in a virtualized world, those tools aren’t actually leading them to the cause of the problem.  At the same time, the IT department is on the hook for performance-based SLAs.  So they’re wasting money buying more and more gear to hedge their bets, realizing that it can’t go on forever.  Not with the margins in online publishing.

In between bites of short ribs, he told me about a company he’s talking to which measures the kinds of metrics that’ll help him meet his SLAs.  At first, I was worried that maybe VI had a new competitor, but then he noticed my badge and said, “Hey, it’s you guys.”  Small world.  It’ll be fun to see how his investigation progresses.

Nagios/Icinga: Confirm user login

howto No Comments »

Recently, we have a strange situation that certain critical users cannot log into an FTP server. Of course, Icinga is helping me to check this going forward:

First, define a service check:

define service{
use bidaily-service
service_description FTP Login
check_command check_ncftpls!''
notifications_enabled 0

Next, catch that odd case when the script itself is missing (in past, payload of Nagios packages has added/dropped parts that I need)

define servicedependency{
dependent_service_description FTP Login
host_name localhost
service_description Runnable check_ncftpls
execution_failure_criteria w,c,u
notification_failure_criteria w,c,u

Finally, the script itself:


NCFTPLS=$(which ncftpls) ||{ echo "FAIL ncftpls not found"; exit 2; }
test -x ${NCFTPLS} || { echo "FAIL ${NCFTPLS} runnable|"; exit 2; }

${NCFTPLS} $@ &OK"; exit 0; }

echo "${NCFTPLS} failed"
exit 2

Now, I could’ve/should’ve used the hostname in the check itself, but I was more interested in just getting it there. I will probably clean it up someday, make it more reusable, but there it is.

Note that I did not establish a dependency on the ncftpls -bearing package itself in my RPM hierarchy simply because it’s perfectly fine for the “runnable” to fail, and the script itself will never thereafter hit the FTP server until the script it safely runnable. Sure, it’s listed as a failure, but it’s a choice against a huge dependency that typically brings in 100 packages of inconsistent perl and such (hey, “just hit cpan”, they’ll do that in datacenters, sure)

Updated the Nagios/LDAP patch as a git changeset at…

Uncategorized Comments Off on Updated the Nagios/LDAP patch as a git changeset at…
Updated the Nagios/LDAP patch as a git changeset at git:// (branch: ldap) -- see also

Nagios-LDAP Patch Updated

howto No Comments »

I’m updating my LDAP patch for Nagios based on the most-recent release; I’m also doing it as a git repos so that it’s reusable in a more independent way.

First, there are a few non-LDAP-specific changes needed:
1) commit 06d6ca4e7dfc44b1f93dcd836625ec20a1bbc3f1 — use true/false rather than only 0/1 for booleans
2) commit b37f9f5cbc8cc93796ec68d7f7359634eca56ed3 — propagates EPOCH and BROKER build flags through specfile

Next, there are LDAP-specific changes:
1) commit 561f2521aac88244694dcd0ea264acaa3c6796a2 — read in the LDAP-based config as described in

This is all available in git://

I haven’t ported over my test-harness, so it’s fairly unknown code right now. I’m using it, but shifting back to Icinga.

Softlink to Expose Folders in Finder

howto No Comments »

I was creating a dropbox for photo-import, and I found that I could not select iPhoto’s “Auto Import” folder for sharing.

Instead, I found that “creating an alias” (ie a softlink) gave me the solution:

  1. control-click or right-click the “Music” folder, “Show Package Contents” to see inside
  2. Navigate to the “Auto Import” directory
  3. Right-click Auto Import, “Make Alias”, and drag the “Auto Import Alias” to your desktop or home directory
  4. System Properties, “Sharing”, check the “File Sharing” to activate sharing
  5. Click the “+” under the list of shared folders to add a folder, and navigate to your “Auto Import Alias” — but don’t click OK
  6. Clicking a second time on “Auto Import Alias” will turn the filename in the top of the browser to “Auto Import” — click OK now
  7. On the newly-added “Auto Import” item, select “Everyone” in the “Users” column, and make sure “Write Only (dropbox)” is selected in the third column to make sure no one can read your photos before they’re imported

What you’ve done is “follow symlinks” — follow the Alias to its origin — much like a spawning salmon seeks the streamhead where it hatched (yeah, a sex analogy, but it’s not a sex blog!)

Effectively, the “alias” or “softlink” or “symlink” has allowed you to access a folder that MacOSX probably doesn’t intend you to… software guys would say I was exposing a protected/private member function (“exposing”, “member function” — I swear it’s not a sex blog).

Now, you can sit on a remote system and drag-n-drop photos to the import folder. iPhoto will not import then unless it’s running; if it’s not running, then it’ll import on next startup.

NOTE: allowing anyone to drag-n-drop import files to your photos on a portable laptop might be a risky idea. “seriously, officer, that childporn is not mine”.

WP Theme & Icons by N.Design Studio
Entries RSS Comments RSS Log in