GroupWise 6 Deployment Guide - Section 5

Novell Cool Solutions: Feature

Digg This - Slashdot This

Posted: 2 Jan 2002

<Table of Contents

Section 5: Monitoring and Maintaining Your System

The central concept in proactive system monitoring is that Frequency, Magnitude, and Duration yield Impact (FMD=I)-that is, the frequency, magnitude, and duration of a problem determine its impact on your system.

Most administrators spend lots of time trying to lower the frequency and the magnitude of problems by configuring their systems to be fault-tolerant and robust. While frequency and magnitude are critical, the problem's duration is often overlooked. By reducing the duration of a problem, you reduce its overall impact.

This is where GroupWise Monitor is most helpful. By configuring Monitor to notify you when certain statistics reach a given threshold, you can quickly resolve potential problems before they impact your users. Similarly, if there is a serious problem (let's say the server is not responding), Monitor immediately alerts you so you can proactively respond to the situation rather than having to wait for users to tell you they can't log in.

When setting thresholds in Monitor you need to be able to understand what the Management Information Base (MIB) names mean. GroupWise agent MIB files are located in the \AGENTS\SNMP directory of your GroupWise software distribution directory or GroupWise 6 CD. The MIB files list the meanings of the MIB variables and what type of values they represent. For instance, mtaClosedPostOffices is the count for post offices with which the MTA cannot communicate. If this trap exceeds 0 (mtaClosedPostOffices >=1), it means messages are not getting to or from that post office.

Sample Settings

The following are sample Monitor settings used internally at Novell.

MIB Name Operator Value Description
mtaClosedPostOffices >= 1 Post office link down
mtaClosedGateways >= 1 Gateway link down
mtaClosedDomains >= 1 Domain link down
mtaAvailDiskSpace <= 100 Critically low on disk space
mtaAvailDiskSpace <= 400 Disk space below 400 MB
mtaOtherQCount >= 500 Messages backed up (>500)
mtaINetQCount >= 500 Messages backed up (>500)
mtaINetQCount >= 100 Messages backed up (>100)
mtaClosedDomains >= 10 Domain links down
mtaOldestQMsg >= 320000 Messages queued (>60) min.
mtaOldestQMsg >= 90000 Messages queued (>15 minutes)
mtaOtherQCount >= 100 Messages backed up (>100)
mtaOtherQCount >= 500 Messages backed up (>500)
mtaINetQCount >= 500 Messages backed up (>500)
mtaINetQCount >= 1000 Messages backed up (>1000)
mtaOtherQCount >= 1000 Messages backed up (>1000)
PoaNormalQueues >= 100 Messages backed up (>100)
poaPriorityQueues >= 100 Messages backed up (>100)
poaAvailDiskSpace <= 400 Disk space below 400 MB
poaAvailDiskSpace <= 100 Critically low on disk space
poaNormalQueues >= 1000 Messages backed up (>1000)
poaNormalQueues >= 500 Messages backed up (>500)
poaPriorityQueues >= 500 Messages backed up (>500)
poaPriorityQueues >= 1000 Messages backed up (>1000)
poaDBStatusNumber >= 1 Admin database is corrupt

Secure Agent Monitoring

The MTA, POA, and GWIA agents now support HTTPs so administrators can securely access critical system statistics and information from any Web browser. The following sections outline the configuration requirements to securely monitor each agent.


Secure HTTP monitoring is based on OPENSSL standards, or a PEM format certificate. There are two ways to get a PEM format certificate:

  • Create a personal certificate using the Novell Certificate Server > export it to a PFX format > convert it to a PEM format using OPENSSL libraries.
  • Using the OPENSSL libraries, generate a public key and a certificate signing request (CSR) and submit the CSR to a public CA (Certificate of Authority like Verisign or Thawte), or use the CSR to generate a server certificate using the Novell Certificate server.

In ConsoleOne, the MTA and POA have options to enable SSL and define the path to the keyfile or certificate. Once SSL is enabled and the agents have the path to the keyfile or PEM certificate, they will accept SSL connections from browsers (i.e.,


Like the MTA and POA, GWIA uses an SSL certificate to secure HTTP monitoring. However, GWIA uses that same certificate to provide SSL connections for POP3 and IMAP4 clients over ports 995 and 993, respectively. Because POP and IMAP clients require that the certificate's host name match the GWIA server's host name, you cannot use a PFX format certificate to secure POP and IMAP connections.

To get a valid certificate for GWIA,

  1. Use the OPENSSL libraries to generate a public key and CSR.
    When generating the CSR using the OPENSSL code, the only important option is the common name field. It MUST be the same as the GWIA server's host name.
  2. Submit the CSR to a public CA or the Novell Certificate server.
  3. Combine the resulting certificate and the public key into one file.

Download the full .pdf version of this new Deployment Guide here: www.novell.com/info/collateral/docs/4621213.01/4621213.pdf


Table of Contents


Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com

© Micro Focus