Traveling To The Cloud – Monitoring IBM Bluemix Applications

More and more customers are deploying parts of their applications to the cloud. Reasons for this, differ as our customers do. What is in common for all customers, that they want to have the same visibility about performance and availability they have with on-premise application environments.

With IBM Bluemix we have a powerful cloud environment to deploy mission critical applications, including services to monitor your deployed application. With IBM Application Performance Management (APM), IBM offers an enterprise-class monitoring solution, where users can monitor their traditional data center as well as their Cloud based resources in one place.

In this article I describe, how to integrate the IBM Bluemix environment into an existing APM environment.

First of all, what components are required:

  • Application Performance Management Server V8

  • Bluemix Services

    • Monitoring & Analytics

    • Secure Gateway

Let us start with the APM Server. To integrate the IBM Bluemix Monitoring and Analytics into an existing APM environment, APM environment has to be enabled to do so. By executing the script /opt/ibm/ccm/Bluemix_Integration.sh the APM server is prepared to receive monitoring information from IBM Bluemix.

The second step is implementing the Secure Gateway service in IBM Bluemix.

The service could be found within the Integrate pillar. After selecting “Secure Gateway” you choose the appropriate plan and add this service to your environment.

Next push the button to add a gateway client:

By doing so, you can define the required credentials and download the client software.

I deactivated the token expiration feature in my demo environment. Please keep your security requirements in mind and act accordingly.

After that you will find an icon like this on your IBM Bluemix workspace.

By clicking on this icon you get the following screen.

Use the button “Add clients” to get the instructions for the remaining steps.

You have now the choice how you want to use the secure gateway. You could download the client software binary to your operating system and install the client on a system of your choice. Second choice is to run the client inside a Docker container, or finally, if you have an IBM DataPower system available you could activate the secure gateway client in this environment.

But where should the Secure Client be located?

The connection will be finally initiated from the M & A service to the APM server. This means, after the client has connected to the Secure Gateway server and the secure tunnel has been established, the tunnel will be used by the Bluemix environment to connect to the APM server. So there will be connection between the client and the APM server. This connection has to be possible. Please keep any internal firewalls in mind, if you try to connect.

In my scenario, I picked the IBM Installer option and downloaded the RPM package for my RHEL 6 operating system. After finishing the download, I installed the software.

After installing the client software, we have to update the file /etc/ibm/sgenvironment.conf.

Copy the GATEWAY_ID:

Copy the security token SECTOKEN:

To make any connection work, you have to define an ACL file, which describes which network connections are acceptable. By default, all communications are forbidden. A sample file could be found under /opt/ibm/securegateway/client/SampleACLFile.txt.

Here is my sample:

To make the IBM Secure Gateway Client for Bluemix an automatic starting service, I copied the file

/opt/ibm/securegateway/client/upstart/securegateway_clientd

to

/etc/init.d/.

Then I made ii an automatic starting service by issuing

chkconfig securegateway_clientd on.

Define the connection from IBM Bluemix container to the APM Server

Next we have to go back to the IBM Bluemix application and add a destination in our Secure Gateway service.

After the Secure Gateway client is finished, only a few steps are remaining.

We now have to set two environment variables for the M&A service to direct its monitoring information to the APM server.