Learn how to use the OpsCompass data configuration tool to save time!
What is this used for?
The OpsCompass product collects metadata for various cloud providers on behalf of our customers and presents it in useful dashboard views across cloud providers. This is done via an IAM role that is created as part of your initial OpsCompass setup and gives you the ability to see a wealth of valuable information about your cloud-based environments.
Beyond the base level of metadata included with the product, there is additional data that can only be collected by connecting to the underlying resources – such as database instances. Examples of such data include configuration items that are identified by an industry-standard benchmark such as CIS, or license and features-usage for licensed software products or appliances. This type of data is gathered using the same process regardless of whether the resources are on-premises or cloud-based.
In order to gather this type of data, a login to the monitored resource is usually required, and for this purpose, OpsCompass Configurations is where you will enter the information needed to connect to the resource and gather the required data.
Getting Started
First navigate to the License Manager using the side navigation within OpsCompass. Next, navigate to the data configuration card on the bottom right side. This will be your hub for all things configuration related.
The first time the page is opened, it will prompt you to name a new configuration that will be created for you. You can rename this configuration at any time. Each configuration will be associated with a unique configuration file that can be deployed to a data gathering environment. The details of the configuration will direct the collection and transmission of supplemental data to OpsCompass.
When you create a new file, you also have the option to set the configurations to auto-update. This feature can be turned off at any time.
Oracle Connections
One type of configuration supported by OpsCompass is the type required to connect to Oracle database instances. These configurations will be used to gather licensing and/or compliance data for configured instances.
Password is considered sensitive information and is stored within a secret-manager exclusive to the customer’s environment. It is also masked by default when viewed in this interface. The value can be retrieved and displayed by clicking on the {eye} icon.
Navigate to the Oracle Database Configurations tab and click either of the "Add New Connection" buttons. You will populate the connection information for each Oracle database that will be monitored using this configuration file.
Default credentials can be specified for use if either User or Password is left blank for any given configuration. When the configuration file is downloaded, these credentials will be substituted for any values that are left blank.
For example:
- The Connection Name will be used as part of the generated filename for the script output, so this is typically populated with “hostname_instance”, or other customer naming standard that is also valid for a Linux filename.
- Use the entries in the configuration file to identify a connection name and credentials information for each Oracle database that needs to be monitored.
- The “Host” value is the IP Address or FQDN of the host computer. It is specified as Oracle server detail, generally [//][protocol:]host[:port][/service_name] and it specifies the Oracle database instance to connect to. Refer to Oracle documentation for all syntax options.
- The “User” value is the database username that the script will use to connect to the defined instance. Leave this value blank to use the default username.
- The "Password" value is the password that the script will use to authenticate the database user. Leave this value blank to use the default username.
- There are no specific requirements regarding the username and password so use the naming and security policies in your environment when setting up this user. These credentials must match the credentials that will be used in the configuration file.
- For each configuration, there are three connection actions to choose from. The monitoring server will execute scripts against the databases selected. If you don't want the configuration to run, select skip.
- An EZ Connect string will be created in the following format “file”:
{User}/“{Password}”@{Server}. The password will be enclosed in quotes to preserve spaces and other special characters. Both User and Server will be copied as entered, so any valid EZ Connect syntax should work depending on version of client and database.
Make sure to use the "Save" button in the top right before moving another tab.
VCenter Connections
Another type of configuration supported by OpsCompass is the type required to connect to a vSphere environment – specifically an instance of vCenter. These configurations will be used to gather the virtual machine inventory, and optionally vMotion logs for the purpose of identifying virtual machines and hosts on which they run. This data is used to augment licensing data by associating virtual machines with physical hardware resources for purposes of compliance monitoring.
Password is considered sensitive information and is stored within a secret-manager exclusive to the customer’s environment. It is also masked by default when viewed in this interface. The value can be retrieved and displayed by clicking on the {eye} icon.
Navigate to the VCenter Configurations tab and click either of the "Add New Connection" buttons. You will populate the vCenter connection information for each vCenter that will be monitored in the configuration file.
- The Connection Name will be used as part of the generated filename for the script output, so this is typically populated with “hostname_instance”, or other customer naming standard.
- Use the entries in the configuration file to identify a connection name and connection information for each vCenter that needs to be monitored.
- The “Host” value is the IP Address or FQDN of the vCenter server, and may optionally include a port number following a colon, {host_or_IP}[:port], and it specifies the vCenter to connect to.
- The "User" value is the of a read-only vCenter username that the script will use to connect to the defined vCenter server. When specifying a vSphere SSO domain user, the syntax {user}@{domain} is required.
- The "Password" value is the password that the script will use to connect to the defined vCenter server.
- For each configuration, there are three connection actions to choose from. The monitoring server will execute scripts against the databases selected. If you don't want the configuration to run, select skip.
Make sure to use the "Save" button in the top right before moving another tab.
MSQL Configurations
Another type of configuration supported by OpsCompass is the type required to connect to SQL Server database instances. These configurations will be used to gather licensing and/or compliance data for configured instances.
Default credentials can be specified for use if either User or Password is left blank for any given configuration. When the configuration file is downloaded, these credentials will be substituted for any values that are left blank.
Password is considered sensitive information and is stored within a secret-manager exclusive to the customer’s environment. It is also masked by default when viewed in this interface. The value can be retrieved and displayed by clicking on the {eye} icon.
Navigate to the MSQL Configurations tab and click either of the "Add New Connection" buttons. You will populate the connection information for each SQL Server that will be monitored in the configuration file.
- The Connection Name will be used as part of the generated filename for the script output, so this is typically populated with “hostname_instance”, or other customer naming standard that is also valid for a Linux filename
- Use the entries in the configuration file to identify a connection name and credentials information for each SQL Server that needs to be monitored.
- The “Host” value is the IP Address or FQDN of the host computer. It is specified as Microsoft server detail, <computer name>[[/<instance name>] | [,<port>]] and it specifies the SQL Server instance to connect to. Refer to Microsoft documentation for all syntax options.
- Normally, the “User” value is the database username that the script will use to connect to the defined instance. However, if “Use Directory Authentication” is checked, then it will be taken as an Active Directory (or Entra ID) username and the script will attempt to establish a Kerberos authenticated session using kinit. Leave this value blank to use the default username.
- The "Password" value is the password that the script will use to authenticate either the database user or the directory user depending on the “Use Directory Authentication” checkbox. Leave this value blank to use the default username.
- There are no specific requirements regarding the username and password so use the naming and security policies in your environment when setting up this user. These credentials must match the credentials that will be used in the configuration file. These are taken as database credentials unless the “Use Directory Authentication” checkbox is used.
- The “Use Directory Authentication” checkbox indicates whether or not to use Directory Authentication (Entra ID or Active Directory). This will cause the data gathering script to attempt to establish an authenticated session using the provided credentials, which requires that kinit be setup properly on the data gathering appliance to authenticate with your directory server. This value will be inherited if/when default credentials are substituted.
- For each configuration, there are three connection actions to choose from. The monitoring server will execute scripts against the databases selected. If you don't want the configuration to run, select skip.
Data and Log File Settings
Finally you will set the data and log file settings.
First, click on "Data File Settings" and populate the entries.
These parameters are used by all of the data collection scripts and define the method that will be used to transfer the resulting data files to House of Brick for analysis as well as defining the retention times for local files.
- The "Days to retain files" value is used by each data collection script to determine how many days to retain encrypted output files locally on the monitoring server.
- The “Days to retain immediate information” is used by each data collection script to determine how many days to retain individual script output files (e.g. each database output file) locally on monitoring server
- The “File Tag” value is used by each data collection script as part of the filename generation to prevent duplicate filenames in some cases.
- Fill out the email from and email to section.
- At the bottom there is an optional email to field that will send a notification if problems are encountered during the processing of gathered data files in the Database Configuration feature.
Remember to save and then click the "Log File Settings" tab.
These parameters are used by all of the data collection scripts and define the method that will be used to transfer the resulting data files to House of Brick for analysis.
- The "Days to retain files" value is used by each data collection script to determine how many days to retain log files locally on monitoring server.
- The “File Tag” value is used by each data collection script as part of the log filename generation to prevent duplicate filenames in some cases.
Good To Know
- Make sure to always save your configuration before leaving.
- A user can have access to multiple configuration files and can access them using the dropdown next to the save.
- You can turn the auto update feature on or off for any file.
- You can add and remove as many Oracle, SQL Server, and VCenter connections as you need.