About Unified Inventory and Topology

1 About Unified Inventory and Topology

Note:

Active Topology Automator (ATA), Unified Topology for Inventory and Automation (UTIA), and Unified Topology are used interchangeably in this document. These refer to the same application.

Unified Inventory and Topology includes the following services:

Unified Inventory Management (UIM)
Active Topology Automator (ATA)
Authentication
Authorization
OpenSearch
SmartSearch
Unified Operations Message Bus

ATA, Unified Operations Message Bus, Authentication, Authorization, and SmartSearch are cloud native containerized applications that are supported in a Kubernetes environment. UIM can be a traditional application or a cloud native instance.

The embedded topology from UIM is now available as a micro-service (ATA) based on Helidon MP.
The communication between UIM and the ATA service is asynchronous and this is achieved by using Message Bus service.
OAM is an optional Identity Provider that supports SAML 2.0 and OIDC protocol, used for single sign-on (SSO).

Unified Inventory and Topology Architecture

The following figure shows a high-level architecture of Unified Inventory and Topology and how the services communicate.

Figure 1-1 High-level Architecture of Unified Inventory and Topology

Description of "Figure 1-1 High-level Architecture of Unified Inventory and Topology"

See the corresponding architecture diagrams of the services for more information.

About UIM

UIM is a standards-based telecommunications inventory management application that enables you to model and manage customers, services, and resources. UIM supports complex business relationships and provides full life-cycle management of services and resources. UIM provides you with a real-time, unified view of customers, services, and resource inventory, enabling you to develop and introduce new services quickly and cost-effectively. UIM supports two deployment models: traditional (on-premise) deployment and cloud native deployment in a Kubernetes cluster.

About ATA

Active Topology Automator (ATA) enables you to view the service, network, and resource topologies in the form of topology graphs. ATA uses Oracle Property Graph DB to manage the topology hierarchy.

ATA has the following sub components.

ATA API
ATA PGX
ATA Consumer
ATA UI
Alarm Consumer
SmartSearch Consumer
Impact Analysis API

See ATA User’s Guide for more information.

About Authentication

Authentication leverages SAML 2.0 (Security Assertion Markup Language) and Open ID Connect (OIDC) authentication protocol of Identiy Provider (IdP) to implement the Single Sign-On (SSO) authentication solution with the services (UIM, ATA, Authorization, Message Bus, SmartSearch, OpenSearch). This enables you to seamlessly access multiple applications without being prompted to authenticate for each application separately. The main advantage of SSO is that you are authenticated only once, which is when you log in to the first application and you do not need to authenticate again when you subsequently access different applications within the same web browser session.

IdP also supports the single logout (SLO) feature. If you access multiple applications using SSO within the same web browser session, and then if you log out of any one of the applications, you are logged out of all of the applications.

Examples for authentication services are: IDCS, Keycloak, OAM, and so on.

For more information about IDCS, see https://www.oracle.com/technical-resources/articles/middleware/oracle-identity-cloud-service.html

For more information about OAM, see Administering Oracle Access Management

About Authorization

Authorization service defines a simplified and centralized approach for managing the authorization configurations for Unified Inventory and Topology services by defining the authorization policies. Authorization is the process of granting or denying access to specific resources based on the verified identity of a user whereas authentication is about verifying the identity of the user.

Authorization service is designed to provide permissions to access resources of an application for the authenticated user(s) with allowed role(s) or group(s).

Note:

Authorization service is not responsible to define users or assign role(s) or group(s) to the users.

Authorization service provides the capability to define various roles or groups in an application and define the permissions to resources under each role. For more information on Authorization, see "Deploying Authorization Service".

About OpenSearch

OpenSearch is a NoSQL database. It is an open-source search and analytics suite that makes it easy to ingest, search, visualize, and analyze data.

About SmartSearch

SmartSearch is a micronaut application, when integrated with OpenSearch, offers a powerful, flexible, and feature-rich search experience that can be tailored to specific business and user needs. Using OpenSearch as the underlying engine, SmartSearch can handle large volumes of data, perform real-time indexing, and support complex querying to enhance search relevancy. Features such as autocomplete, fuzzy matching, synonym recognition, and intelligent ranking make it easier for users to locate precise information, even if search terms are partially matched or misspelled.

About Unified Operations Message Bus

Message Bus is a distributed event store and stream-processing service. Message Bus service sends and receives events and messages asynchronously to a specific destination (called as Topic) between the services. The Message Bus service uses Apache Kafka, which is a distributed event store and stream-processing platform, as the messaging platform. For packaging or deploying, Strimzi is used. Strimzi simplifies the process of running Apache Kafka in a Kubernetes cluster. Strimzi also provides container images and operators for running Kafka on Kubernetes.

Planning UIM Installation

The following workflow helps you with information required for UIM installation.

Description of uim_planning_workflow_1.png follows

Description of the illustration uim_planning_workflow_1.png

Table 1-1 Planning UIM Installation Workflow

Workflow Action	Reference	Description
Install Traditional UIM	Unified Inventory Management Installation Overview	Provides information on installing traditional UIM using an on-premise installer.
Setup K8s Cluster	Planning and Validating Your Cloud Environment Installing Oracle Property Graph Plugin in Database https://strimzi.io/docs/operators/latest/deploying#considerations-for-data-storage-str https://kubernetes.io/docs/concepts/storage/storage-classes/	To deploy cloud native services, you must set up and validate a list of prerequisite software. Before starting the service deployments: Install property graph plugins on the PDB that are used for ATA Configure the Storage Class in Kubernetes to provision Persistent Volumes dynamically to be used for the Message Bus service and OpenSearch service.
Deploy Common Services	About the Unified Inventory and Topology Toolkit About the UIM Cloud Native Toolkit	Download the required software and set the environment variables.
Ingress Controller and External Load Balancer	About Load Balancing and Ingress Controller Installing the Ingress Controller SSL Certificates	You can use any Ingress Controller that conforms to the standard Kubernetes ingress API and that supports annotations required for UIM. Samples for Nignx are included in the toolkit. For a secure access of services, you must set up an Ingress Controller with TLS termination. TLS Termination setup for services is provided in deployment of each service..
WebLogic Operator	Installing the WebLogic Kubernetes Operator Container Image	The WebLogic Kubernetes Operator (operator) supports running your WebLogic Server and Fusion Middleware Infrastructure domains on Kubernetes,
Strimzi Operator	Strimzi Operator	Required only if ATA or NPD should to be enabled. The Strimzi Operator supports deployment of Apache Kafka cluster on Kubernetes or OpenShift.
Identity Provider	Configuring Authentication for Services	You can use any Identity Provider (IdP) that supports SAML 2.0 (Security Assertion Markup Language) and OIDC (Open ID Connect) authentication protocols for implementing SSO (Single Sign-On) authentication solution among services.
Observability Services	Setting Up Prometheus and Grafana Deploying OpenSearch and OpenSearch Dashboard	Optionally, deploy services such as Grafana, Prometheus and OpenSearch for Metrics and Log Monitoring.
Disable NPD in System Configuration		Modify $UIM_CNTK/charts/uim/config/system-config/custom-config.properties to disable NPD: `#If true, render new canvas in network visualization tab. uim.ui.networkPlanAndBuild.canvas.enabled=false openSearchEnabled=false`
Disable ATA in System Configuration		Modify $UIM_CNTK/charts/uim/config/system-config/custom-config.properties to disable ATA: `# Topology MicroService disableTopology=true microServiceEnabled=false`
Deploy UIM
Build Container Images	Creating UIM Cloud Native Images
Build Custom Images	Customizing Images	This is optional. Required while extending the base image.
Create Secrets	Creating Secrets
Create DB Schema	Installing the UIM and RCU Schemas
Update Application Configurations	Setting System Properties
Deploy Service	Creating a Basic UIM Instance
Deploy NPD/ATA Services
Authorization	Deploying Authorization Service
Message Bus	Deploying Unified Operations Message Bus
OpenSearch	Deploying OpenSearch and OpenSearch Dashboard	Oracle OCI OpenSearch has to be used in OKE Cluster environment.
SmartSearch	Deploying SmartSearch
ATA	Deploying the Active Topology Automator Service
Validation and Sanity Testing	Validation and Sanity Testing

Validation and Sanity Testing

To perform validation and sanity testing:

Log in to UIM using https://<instance>.<project>.<hostSuffix>:<LB Port>/Inventory.
If NPD is enabled, select Create Network. The Verify Guided Flow appears
1. Enter Network Name.
2. Select Create and Save New Location.
3. Associate New Location to Network and click Continue.
4. Add New Resource - Logical Device to Location.
5. Select Continue and then click Finish. The Verify Network page appears.
If ATA is enabled, open ATA using https://<instance>.<project>.topology.<hostSuffix>:<LB Port>/apps/ata-ui
1. Select Create New - Device.
2. Enter new device name (from above) and click Search.
3. Verify the device that appears.

Planning UIM Upgrade

This section provides information about planning your UIM upgrade for traditional and cloud native environments.

Planning Traditional UIM Upgrade

The following workflow helps you with information required for UIM upgrade.

Description of uim_upgrade_planning_workflow_1.png follows

Description of the illustration uim_upgrade_planning_workflow_1.png

Table 1-2 Planning Traditional UIM Upgrade Workflow

Workflow Action	Reference	Description
Upgrade Traditional UIM	Upgrading Unified Inventory Management	Provides information on installing traditional UIM using an on-premise installer.
Setup K8s Cluster	Planning and Validating Your Cloud Environment Installing Oracle Property Graph Plugin in Database https://strimzi.io/docs/operators/latest/deploying#considerations-for-data-storage-str	To deploy cloud native services, you must set up and validate a list of prerequisite software. Before starting the service deployments: Install property graph plugins on the PDB that are used for ATA Configure the Storage Class in Kubernetes to provision Persistent Volumes dynamically to be used for the Message Bus service and OpenSearch service.
Deploy Common Services	About the Unified Inventory and Topology Toolkit About the UIM Cloud Native Toolkit	Download the required software and set the environment variables.
Ingress Controller and External Load Balancer	About Load Balancing and Ingress Controller Installing the Ingress Controller SSL Certificates	You can use any Ingress Controller that conforms to the standard Kubernetes ingress API and that supports annotations required for UIM. Samples for Nignx are included in the toolkit. For a secure access of services, you must set up an Ingress Controller with TLS termination. TLS Termination setup for services is provided in deployment of each service..
WebLogic Operator	Installing the WebLogic Kubernetes Operator Container Image	The WebLogic Kubernetes Operator (operator) supports running your WebLogic Server and Fusion Middleware Infrastructure domains on Kubernetes,
Strimzi Operator	Strimzi Operator	Required only if ATA or NPD should to be enabled. The Strimzi Operator supports deployment of Apache Kafka cluster on Kubernetes or OpenShift.
Identity Provider	Configuring Authentication for Services
Observability Services	Setting Up Prometheus and Grafana Deploying OpenSearch and OpenSearch Dashboard	Optionally, deploy services such as Grafana, Prometheus and OpenSearch for Metrics and Log Monitoring.
Disable NPD in System Configuration		Modify $UIM_CNTK/charts/uim/config/system-config/custom-config.properties to disable NPD: `#If true, render new canvas in network visualization tab. uim.ui.networkPlanAndBuild.canvas.enabled=false openSearchEnabled=false`
Disable ATA in System Configuration		Modify $UIM_CNTK/charts/uim/config/system-config/custom-config.properties to disable ATA: `# Topology MicroService disableTopology=true microServiceEnabled=false`
Upgrade UIM	Moving to UIM Cloud Native from a Traditional Deployment Creating the UIM Cloud Native Images Creating a Basic UIM Cloud Native Instance Upgrading ATA
Deploy UIM
Build Container Images	Creating UIM Cloud Native Images
Build Custom Images	Customizing Images	This is optional. Required while extending the base image.
Create Secrets	Creating Secrets
Create DB Schema	Installing the UIM and RCU Schemas
Update Application Configurations	Setting System Properties
Deploy Service	Creating a Basic UIM Instance
Deploy NPD/ATA Services
Authorization	Deploying Authorization Service
Message Bus	Deploying Unified Operations Message Bus
OpenSearch	Deploying OpenSearch and OpenSearch Dashboard	Oracle OCI OpenSearch has to be used in OKE Cluster environment.
SmartSearch	Deploying SmartSearch
ATA	Deploying the Active Topology Automator Service
Migrate UIM DB to ATA DB	Installing ATA Service Schema Dynamic Data Mapping from UIM	ATA DB Schema has to be created before migrating UIM Data to Graph DB.
Migrate UIM DB to OpenSearch	Data Migration and Dynamic Attribute Mapping between UIM and SmartSearch	Data from UIM DB to OpenSearch NoSQL DB will be migrated with the help of SmartSearch and OpenSearch services.
Validation and Sanity Testing	Validation and Sanity Testing

Planning UIM Cloud Native Upgrade

The following workflow helps you with information required for UIM Cloud Native upgrade.

Description of uimcn_upgrade_planning_workflow_1.png follows

Description of the illustration uimcn_upgrade_planning_workflow_1.png

Table 1-3 Planning UIM Cloud Native Upgrade Workflow

Workflow Action	Reference	Description
Upgrade Traditional UIM	Upgrading Unified Inventory Management	Provides information on installing traditional UIM using an on-premise installer.
Setup K8s Cluster	Planning and Validating Your Cloud Environment Installing Oracle Property Graph Plugin in Database https://strimzi.io/docs/operators/latest/deploying#considerations-for-data-storage-str	To deploy cloud native services, you must set up and validate a list of prerequisite software. Before starting the service deployments: Install property graph plugins on the PDB that are used for ATA Configure the Storage Class in Kubernetes to provision Persistent Volumes dynamically to be used for the Message Bus service and OpenSearch service.
Deploy Common Services	About the Unified Inventory and Topology Toolkit About the UIM Cloud Native Toolkit	Download the required software and set the environment variables.
Ingress Controller and External Load Balancer	About Load Balancing and Ingress Controller Installing the Ingress Controller SSL Certificates	You can use any Ingress Controller that conforms to the standard Kubernetes ingress API and that supports annotations required for UIM. Samples for Nignx are included in the toolkit. For a secure access of services, you must set up an Ingress Controller with TLS termination. TLS Termination setup for services is provided in deployment of each service..
WebLogic Operator	Installing the WebLogic Kubernetes Operator Container Image	The WebLogic Kubernetes Operator (operator) supports running your WebLogic Server and Fusion Middleware Infrastructure domains on Kubernetes,
Strimzi Operator	Strimzi Operator	Required only if ATA or NPD should to be enabled. The Strimzi Operator supports deployment of Apache Kafka cluster on Kubernetes or OpenShift.
Identity Provider	Configuring Authentication for Services
Observability Services	Setting Up Prometheus and Grafana Deploying OpenSearch and OpenSearch Dashboard	Optionally, deploy services such as Grafana, Prometheus and OpenSearch for Metrics and Log Monitoring.
Disable NPD in System Configuration		Modify $UIM_CNTK/charts/uim/config/system-config/custom-config.properties to disable NPD: `#If true, render new canvas in network visualization tab. uim.ui.networkPlanAndBuild.canvas.enabled=false openSearchEnabled=false`
Disable ATA in System Configuration		Modify $UIM_CNTK/charts/uim/config/system-config/custom-config.properties to disable ATA: `# Topology MicroService disableTopology=true microServiceEnabled=false`
Upgrade UIM	Moving to UIM Cloud Native from a Traditional Deployment Creating the UIM Cloud Native Images Creating a Basic UIM Cloud Native Instance Upgrading ATA
Deploy UIM
Build Container Images	Creating UIM Cloud Native Images
Build Custom Images	Customizing Images	This is optional. Required while extending the base image.
Create Secrets	Creating Secrets
Create DB Schema	Installing the UIM and RCU Schemas
Update Application Configurations	Setting System Properties
Deploy Service	Creating a Basic UIM Instance
Deploy NPD/ATA Services
Authorization	Deploying Authorization Service
Message Bus	Deploying Unified Operations Message Bus
OpenSearch	Deploying OpenSearch and OpenSearch Dashboard	Oracle OCI OpenSearch has to be used in OKE Cluster environment.
SmartSearch	Deploying SmartSearch
ATA	Deploying the Active Topology Automator Service
Migrate UIM DB to ATA DB	Installing ATA Service Schema Dynamic Data Mapping from UIM	ATA DB Schema has to be created before migrating UIM Data to Graph DB.
Migrate UIM DB to OpenSearch	Data Migration and Dynamic Attribute Mapping between UIM and SmartSearch	Data from UIM DB to OpenSearch NoSQL DB will be migrated with the help of SmartSearch and OpenSearch services.
Validation and Sanity Testing	Validation and Sanity Testing

Installing Oracle Property Graph Plugin in Database

ATA uses Oracle Property Graph of Oracle Database that offers a powerful graph support to explore and discover complex relationships within ATA graphs.

Graph Server and Client is a software package that is required for Property Graph.

To install Property Graph:

Download Oracle Graph Server, oracle-graph-plsql-<version>.zip, from Oracle E-Delivery: https://www.oracle.com/database/technologies/spatialandgraph/property-graph-features/graph-server-and-client/graph-server-and-client-downloads.html

Note:

The versions are available at: Oracle Graph Server. See "UIM Software Compatibility" in UIM Compatibility Matrix for the corresponding version of Oracle Graph PL/SQL Patch.
Extract oracle-graph-plsql-<version>.zip and open the 19c and above folder.
Follow the instructions in the readme.md file to install Property Graph.