Wednesday, 15 May 2019

SAP HANA NOTES 15: Working with resource and Resource groups


  •  The Cockpit Manager, any user with the Cockpit Resource Administrator role can register resources and create groups of resources that other cockpit users will be able to access with SAP HANA cockpit.
  • Selecting Registered Resources allows you to see all the resources that have been registered, and to register more.
  • Selecting Resource Groups allows you to see all the groups that have been created, along with the resources and cockpit users that have been associated with each. Here, you can also create a new resource group, or add a resource or cockpit user to a group. 

TASK 1: Registering a resource

Add a resource so that cockpit users can monitor and manage it with SAP HANA cockpit.

  1. Your cockpit user has the assigned role Cockpit Resource Administrator or Cockpit Power User. If you use the Cockpit Power User role, you can register a resource, but you can't assign it to a resource group. 
  2. To create a technical user during registration, you have to provide the credentials of an administrator on the resource who has user creation privileges. If you don't have such credentials, ask someone who does to create a technical user for the resource before you register it. (The technical user is a dedicated database user the cockpit will use to collect health data from the resource. It's exempt from the password expiration policy. SAP recommends that you not allow human users to log in with the technical user's credentials.) 
  3. (optional) If you plan to encrypt the SAP Control or database connection, in SAP HANA XS advanced, you have:                                                                                                                                           1. Manually imported the server root certificate(s)                                                                         2. Trusted the certificate(s) using the command syntax xs trust-certificate                                          <ALIAS> -c   <CERT_FILE>                                                                                                   3. Exported the certificate(s) to the cockpit using the commands                                                          xs restage cockpit-hdb-service followed by xs restart service cockpit-hdb-                               svc
  4. If you plan to add the resource to a group during the registration process, the group must already exist.

Context

To make a resource available to cockpit users, first register the resource, then add the resource to at least one resource group, and finally assign cockpit users to the resource group. 

Procedure


  1.  Connect to the Cockpit Manager and sign in as a cockpit user with the Cockpit Resource Administrator role or the Cockpit Power User role. You can reach the Cockpit Manager by entering the Cockpit Manager URL created during cockpit installation, or by following the Manage Cockpit link in the cockpit. The URL takes this form:


              https://<cockpit-host>:<port-number>


click on HANA cockpit ADMIN for cockpit manager.


       2. In the Cockpit Manager, select Register a Resource.


       3.In the Resource section:

4. In the Connection section, choose whether to encrypt the cockpit's connections to SAP Control (for starting and stopping) and to the database.



○ If you encrypt the SAP Control connection, you are allowing a secure connection (HTTPS) to SAP Control (provided that you have met the prerequisite importing the trusted certificate(s) to the cockpit).

 ○ If you encrypt the database connection using a secure JDBC connection, choose whether to validate the certificate. This option lets you stipulate whether to verify that the remote server is trusted by the cockpit. Deselect the checkbox if the SAP HANA database has a certificate that differs from the one currently imported, or if you have not imported the certificate from the SAP HANA database into XS advanced. However, the recommendation is that you instead import a certificate for encrypted connections. 

Optionally, you can enter a hostname to override the one in the certificate. You could do this to avoid the validation failure that may result from the hostname in a certificate differing from the hostname that cockpit uses to connect, as in the case, for example, of a host alias, or a short hostname instead of a fully qualified domain name.





TASK 2 :Create a Technical User



Before registering a resource, set up a dedicated database user that SAP HANA cockpit will use to collect health data for monitoring (such as information on alerts and system performance).


Prerequisites 


You have the credentials of an administrator account on the resource that has user creation privileges


You can create a technical user when you register a resource with the cockpit if you can provide the credentials of an administrator on that resource with the ability to create user accounts. In that case, you need not follow the steps below. These steps are useful when a user with the Cockpit Power User role will be registering the resource. In that scenario, create a technical user for the resource before the power user registers it.

The technical user requires the CATALOG READ system privilege and SELECT on the _SYS_STATISTICS schema and is exempt from password expiration policies. 


Procedure

 1. Set up the technical user account on the resource to be registered: 

Use SQL to create the technical user required to register a resource through the SAP HANA cockpit and grant the minimum necessary authorizations: 


2. Give the technical user credentials to the person who will register the resource.

TASK 3: Edit resource settings,including SS0

Once a resource has been registered, you, as a cockpit resource administrator, may have reason to modify some of the original registration settings.

Prerequisites 

Your cockpit user has the assigned role Cockpit Resource Administrator.

Procedure 

1. Connect to the Cockpit Manager and sign in as a cockpit user with the Cockpit Resource Administrator role. 

You can reach the Cockpit Manager by entering the Cockpit Manager URL created during cockpit installation, or by following the Manage Cockpit link in the cockpit.  

The URL takes this form: https:<cockpit-host>:<port-number>

2. On the Cockpit Manager page, click Registered Resources. The Resources page lists all the systems known to the SAP HANA cockpit.

3. In the left pane, select the resource whose settings you want to modify.
4. Click Edit.

Note 

Before enabling SSO, consider migrating the Personal Security Environment (PSE) file to an indatabase store. When SSO is enabled, a new PSE file may be created, which may prevent cockpit access to stored certificates. See SAP Note 265666.
In the dialog box, in order to authorize this change, enter the credentials of an existing database user with the privileges: 
TRUST ADMIN
○ CERTIFICATE ADMIN 
○ USER ADMIN

5.Click Save.


TASK 4: Enable single sign on



TASK 5: Un register a resource




TASK 6: Override Data Collection for a Resource


No comments:

Post a Comment