OPM Tenants

About OPM Tenants

Operations Performance Management (OPM) utilizes the platform's tenancy management services to support multitenancy. A tenant is a group of users that shares a common access to a specific OPM application instance. A common set of underlying web services provides functionality to each tenant and provides secure access to customer-specific resources and data.

A system administrator creates tenants for customer access. When adding a new tenant, the system administrator assigns a primary administrator for that tenant.

After a customer is onboarded to a new tenant the following happen:
  • Tenants subscribe to use OPM services and apps.
  • The platform's tenant provisioning service creates a tenant-specific application instance for OPM.

In the newly configured tenant, the primary tenant administrator can log on to complete the initial setup tasks, such as setting the ingestor password, creating users, and assigning user privileges.

Set Up Your Tenant Structure

Before users can access the application (specific tenant organization), the OPM tenant or user administrator must set up the tenant structure.

The tenant administrator needs to complete the following tasks to support a tenant architecture in OPM:

  • Create a permission set to enable asset ingestion and add a user with this permission set. This step is essential before ingesting assets into the tenant.
  • Add other users and administrators.
  • Ingest asset model, tag classification and data (including asset instances, connections, and tag associations).
  • Ingest the time-series data for the input tags to be used in the analytics.
  • Ingest alert templates necessary for building your analytic template.
  • Add user groups and link them to the appropriate permission sets.
  • Add assets to users and user groups.
  • Register your tenant's Event Hub with the Alerts service on production.

Configure Tenant Display Preferences

You can configure the display preferences for all the users of the tenant.

Before You Begin

You must have tenant admin permissions to access the Tenant Preferences page.

Procedure

  1. In the module navigation menu, navigate to Tenant Preferences.
    The Tenant Preferences page appears.
  2. Select the Display tab.
  3. As needed, enter the values in the following fields.
    Field NamesDescription
    Asset Display NameDisplays the name of the asset based on the following options:
    • GE: Displays the asset name. By default, this option is selected.
    • Customer: Displays the alias name of the asset that you provided. This name appears on the Asset page. Select the () button to switch between GE and Customer name.
    LanguageDetermines the display language. By default, US English is selected. You can select the preferred language from the following options:
    • Chinese (Simplified)
    • Dutch (Netherlands)
    • French (France)
    • German (Germany)
    • Italian (Italy)
    • Japanese
    • Polish
    • Portuguese (Brazil)
    • Russian
    • Spanish (Spain)
    • US English
    System of MeasureDetermines the system of measure. You can select your preferred system of measure in the drop-down list box.
    Note: The values in the drop-down list box appear based on the values that you configure in the Systems of Measure Configuration section. None and Metric are the system-provided system of measures, and by default, None is selected.
    TimeZoneDetermines the time zone of your location. You can select your preferred time zone from the drop-down list box.

    If you select Site Local as your preferred time zone, all the date or time values will be converted to the time zone of your asset.

    Note:
    • The selected time zone affects only this application.
    • Any selected time zone that observes Daylight Savings Time automatically observes the local time.
  4. Select Save.
    A message appears, indicating that the changes will take effect after you log out and then log in to the application.
  5. Select OK.

What To Do Next

Log out of the application and then log in for the changes to take effect.
Note: The display preferences that are configured in the Tenant Preferences page appear as default preferences for all users of the tenant, except for the users who have set their own display preferences in the User Preferences page.

Configure the Module Navigation Menu Using Navigation Profiles

A navigation profile contains information about the set of menu items that should appear in the module navigation menu.

Before You Begin

  • Ensure that you have the tenant admin permissions to access the Tenant Preferences page.

About This Task

You can select a navigation profile if you want to switch to the user interface of a specific product for all the users of a tenant. For example, if you want to change the user interface to display the menu that is available for GE Digital APM, you can select the APM navigation profile. The following navigation profiles are available for you to select:
  • APM
  • Predix Essentials
  • Predix Essentials & APM
  • Predix Essentials & OPM
  • Predix Essentials, APM & OPM
The following images display the different sets of menu items that appear based on the navigation profiles that you select:
  • Module navigation menu that appears when you select the APM navigation profile.


  • Module navigation menu that appears when you select the Predix Essentials navigation profile.


  • Module navigation menu that appears when you select the Predix Essentials & OPM navigation profile.


Procedure

  1. In the module navigation menu, navigate to Tenant Preferences.
    The Tenant Preferences page appears.
  2. Select the Module Navigation tab.
    The Module Navigation section appears.
  3. In the Select a Navigation Profile drop-down list box, select the products that you want to appear in the module navigation menu.
    Note: If you select a navigation profile other than the default navigation profile, only the module navigation menu configured for that profile appears. You cannot access custom applications using the menu.

    or

    Select Reset Module Navigation Settings to Default.
    Note: This setting shows menu items that are based on your permissions.
    A message appears, stating that your changes are saved. This configuration is applied to all the users of the tenant.
    Note: You can access only the menu items for which you have permission to access.

What To Do Next

Sign out of the application, and then sign in to access the module navigation menu that you have configured.

Set or Change the Ingestor Password

Before You Begin

You must have an GE Digital APM tenant available. You must also have tenant administrator credentials to perform the initial tenant setup.

About This Task

During tenant setup, you must provide the ingestor password used by asset and alert ingestion services to ingest assets, alerts, and time series data into your current tenant. This password is unique to each tenant, as the asset model and instances are exclusive to that tenant. Provide a complex password that complies with your enterprise policies for password safekeeping.

When setting or changing a password, use the following guidelines:
  • The password is case-sensitive and should be at least eight characters long.
  • You must use a combination of alphanumeric characters.
  • You can use special characters.
  • You cannot use consecutive characters such as 123 or abc.
  • You cannot repeat characters more than two times consecutively; for example, looop or 777.
The following are examples of invalid passwords:
Aaaron777
b!rthday20009
@bc1xyz
rapper123

After setup, you can also change the ingestor password at any time.

Procedure

  1. Sign in to your GE Digital APM tenant with your administrator credentials.
  2. In the module navigation menu, navigate to Setup.
  3. Depending on whether you are setting up a new password or changing the password, one of the following applies:
    • If you are setting up the password for the first time, you will be presented with a password setup page.
    • If you are changing an existing password, click Change Ingestor Password.
  4. Enter a new password, and then re-enter the password to confirm.
  5. Select Submit to save your changes.

What To Do Next

Once the password is set, you can ingest data into GE Digital APM.

Obtain the Authorization Token for Data Ingestion

Before You Begin

You need the following:
  • The token request URL.
  • Get the following information from the Setup section:
    • Token Request URL
    • Client ID
    • Username
  • The ingestion password that you set up during first-time tenant access as an administrator.
  • Access to a REST client such as Postman or Advanced REST client, or curl CLI.

About This Task

Use this procedure to obtain an authorization bearer token before ingesting data (assets, alerts, or time series) into a specific tenant. Tokens are client-specific and usually expire within a set time period. You must obtain a new token every time your token expires.

Procedure

  1. Access your REST client.
  2. Enter the token request URL in the HOST value field.
    Note: This URL is used to authenticate the token before connecting to the respective ingestion service. You can obtain this from the Setup section.
  3. Select the POST method.
  4. In the request authorization: enter or select the following:
    1. Select Basic Auth.
    2. In the Username field, enter the Client ID obtained from the Setup section.
    3. Leave the password blank.
    The authorization headers auto populate in the request.
  5. In the request body, select x-www-form-urlencoded.
  6. Enter the following query parameters (key-value pairs):
    Note: You can obtain the values from the Setup section.
    OptionDescription
    grant_typeGrant type for ingestion. The default value is password.
    usernameIngestion account username (for example, 07F28C049E0F4F29B8E85E4A6C916D7F_ingestor).
    passwordIngestion account password created during the initial tenant setup.
  7. Select Send.

Results

On successful ingestion, you receive the authorization bearer token as a JSON response; copy this information into a temporary file. Also, make note of the expires_in field in the JSON response, as it gives the expiration time in seconds.

Example

The following code sample shows a JSON response :

{
  "access_token": "eyJhbGciOiJSUzI1NiJ9.eyJqdGkiOiI1ZTJjOTBlYS05ZWRkLTRkYTEtODBjOC00YTBkNjdmNzdlZjMiLCJzdWIiOiI2YWY0YjBlNi1mZmY4LTRmOWEtYTdhNC1mYzI5Nzg4ZTY5YzAiLCJzY29wZSI6WyJvcGVuaWQiXSwiY2xpZW50X2lkIjoiaW5nZXN0b3IuREU2QjcxODQyODI0NENGMkE0MDlGM0YwRUU1OTBBNzQiLCJjaWQiOiJpbmdlc3Rvci5ERTZCNzE4NDI4MjQ0Q0YyQTQwOUYzRjBFRTU5MEE3NCIsImF6cCI6ImluZ2VzdG9yLkRFNkI3MTg0MjgyNDRDRjJBNDA5RjNGMEVFNTkwQTc0IiwiZ3JhbnRfdHlwZSI6InBhc3N3b3JkIiwidXNlcl9pZCI6IjZhZjRiMGU2LWZmZjgtNGY5YS1hN2E0LWZjMjk3ODhlNjljMCIsIm9yaWdpbiI6InVhYSIsInVzZXJfbmFtZSI6IjlCMjY0QUU3MDk2NzQ3QzM4MEM2QjA5OUU2NkQ3NTdBX2luZ2VzdG9yIiwiZW1haWwiOiI5QjI2NEFFNzA5Njc0N0MzODBDNkIwOTlFNjZENzU3QV9pbmdlc3RvckBhcG0tYXBwbGljYXRpb24tYWNjZXB0YW5jZS5ncmMtYXBwcy5zdmMuaWNlLmdlLmNvbSIsImF1dGhfdGltZSI6MTQ0OTE2NTQyNywicmV2X3NpZyI6ImJiNjI3MzU0IiwiaWF0IjoxNDQ5MTY1NDI3LCJleHAiOjE0NDkyNTE4MjcsImlzcyI6Imh0dHBzOi8vMDRiOGM4OTEtZWRlYS00NGQ0LWI3YmEtYmIzMGQ3MDA2ZDU5LnByZWRpeC11YWEtc3lzaW50LmdyYy1hcHBzLnN2Yy5pY2UuZ2UuY29tL29hdXRoL3Rva2VuIiwiemlkIjoiMDRiOGM4OTEtZWRlYS00NGQ0LWI3YmEtYmIzMGQ3MDA2ZDU5IiwiYXVkIjpbImluZ2VzdG9yLkRFNkI3MTg0MjgyNDRDRjJBNDA5RjNGMEVFNTkwQTc0Iiwib3BlbmlkIl19.dtcD0uYyahB0ocp6I7xPoefwAxPBiXx0yqVxrmPHxagXEwuK9a1SswiG9-dIByf6ty2PMPDau4UeMwxzZg29DE6qxfEWXEOP4J7Uy_H2AiM9V9WqJg7Q2NbVoEYwlKfnH8RIScz20nDLP1IEqFHld1Kf7MhXwxhcLVed250Z0I7qmMlB1axqjcWqeBv2BdLUlgja1o5YOa9A9xq46rwZ81TyGyAu9_UavibYO6H9l4cYQYJkU5TwFJdY4D83hvxRtXpUownDC7wHVWDHUP1DXpu44F3uMkBB40K8FqbzQQmhujOmSbV5hdVaSF_QBu71a59KI78knEyclDa0BK5GHA",
  "token_type": "bearer",
  "refresh_token": "eyJhbGciOiJSUzI1NiJ9.eyJqdGkiOiIzZTU0NTgzZS0xZjIwLTQ0ZjUtODk2NC0zMTQxNDcyYzhiMzUtciIsInN1YiI6IjZhZjRiMGU2LWZmZjgtNGY5YS1hN2E0LWZjMjk3ODhlNjljMCIsInNjb3BlIjpbIm9wZW5pZCJdLCJpYXQiOjE0NDkxNjU0MjcsImV4cCI6MTQ0OTc3MDIyNywiY2lkIjoiaW5nZXN0b3IuREU2QjcxODQyODI0NENGMkE0MDlGM0YwRUU1OTBBNzQiLCJjbGllbnRfaWQiOiJpbmdlc3Rvci5ERTZCNzE4NDI4MjQ0Q0YyQTQwOUYzRjBFRTU5MEE3NCIsImlzcyI6Imh0dHBzOi8vMDRiOGM4OTEtZWRlYS00NGQ0LWI3YmEtYmIzMGQ3MDA2ZDU5LnByZWRpeC11YWEtc3lzaW50LmdyYy1hcHBzLnN2Yy5pY2UuZ2UuY29tL29hdXRoL3Rva2VuIiwiemlkIjoiMDRiOGM4OTEtZWRlYS00NGQ0LWI3YmEtYmIzMGQ3MDA2ZDU5IiwiZ3JhbnRfdHlwZSI6InBhc3N3b3JkIiwidXNlcl9uYW1lIjoiOUIyNjRBRTcwOTY3NDdDMzgwQzZCMDk5RTY2RDc1N0FfaW5nZXN0b3IiLCJvcmlnaW4iOiJ1YWEiLCJ1c2VyX2lkIjoiNmFmNGIwZTYtZmZmOC00ZjlhLWE3YTQtZmMyOTc4OGU2OWMwIiwicmV2X3NpZyI6ImJiNjI3MzU0IiwiYXVkIjpbImluZ2VzdG9yLkRFNkI3MTg0MjgyNDRDRjJBNDA5RjNGMEVFNTkwQTc0Iiwib3BlbmlkIl19.Kc4PioQAOeHNeGacFwfePhLSogh06RR8c4zQPPr46rD_S49UHegOq1Uv3cWnP6sttL25GaPeidTnYyFLADFF-GyORkdmKUjx4CiAdQucoKusidjoNJQmaQNhicL62B2goUNf9VYztjrBqHGZkKt2DvdtU0RtXAkgc-qFUo2ToMQj86hqc80OhiIb_2mnXOOWZswrrfxPizgk9zL22-i6a00LGsptJZ2ErCDSmpGBka6h6H-N8vVWTsOhx_nnp7jUHKGZOZQjcsqSIWwRosIE_G6kgGMpL2L_bLgDVpZiQ3Ri19K5J7co1y4TqjMF3kvXb0rOdIJsDO1PCfMztAazlw",
  "expires_in": 86399,
  "scope": "openid",
  "jti": "5e2c90ea-9edd-4da1-80c8-4a0d67f77ef3"
}

What To Do Next

You can perform data ingestion.

Register your OPM Tenant with Alert Service

As a tenant administrator, you must register your production ready OPM tenant specific Event Hub instance with the Alert Service in production.

Before You Begin

You need the following:
  • Oauth token to register with the Alert service Event Hub instance for your tenant.
    Important: Make sure you have a valid, unexpired token. Tokens are client specific and usually expire within a set time. Look for the token expiration in the JSON response.
  • On the Setup section, get the following information:
    • Client ID
    • Alert service URL
    • Username
  • Tenant specific event hub zoneId
  • Tenant specific username and password (for example, analytics.user.<tenant alias>)
  • Ingestion Password that was created during initial tenant setup.
  • Access to a REST client such as Postman or Advanced REST client.

About This Task

Procedure

  1. Access your REST client.
  2. Enter the Alert service URL in the HOST value field, for example, https://apm-event-ingestor-alerts-svc-prod.app-api.aws-usw02-pr.predix.io/v1/addConfig.
  3. Select the POST method.
  4. In the Body tab, enter the following key-value pairs:
    Table 1. Service Headers
    ParameterDescription
    AuthorizationEnter the token_type followed by a space, then the access_token from the response you previously obtained, for example, bearer eyJhbGciOiJSUzI1NiJ9.A... The following code sample includes a bearer token:
    {
  "access_token": "eyJhbGciOiJSUzI1NiJ9.A...",
  "token_type": "bearer",
  "refresh_token": "eyJhbGciOiJSUzI1NiJ9.e..",
  "expires_in": 86399,
  "scope": "openid",
  "jti": "5e2c90ea-9edd-4da1-80c8-4a0d67f77ef3"
}
    tenantThe unique ID for the tenant (for example, 07F28C049E0F4F29B8E85E4A6C916D7F)
    Content-TypeSelect application/json
  5. In the body enter the payload. The example payload shows variables within angular brackets <> replace them with the appropriate values.
    {
"scopePrefix":"predix-event-hub.zones",
"eventHubUri":"event-hub-aws-usw02.data-services.predix.io",
"eventhubPort":443,
"apmAuthUrl":"https://d1e53858-2903-4c21-86c0-95edc7a5cef2.predix-uaa.run.aws-usw02-pr.ice.predix.io/oauth/token",
"authUrl":"https://d1e53858-2903-4c21-86c0-95edc7a5cef2.predix-uaa.run.aws-usw02-pr.ice.predix.io/oauth/token",
"tenant":"<tenant uuid>",
"ingestorUser":"analytics.user.<tenant alias>",
"password":<"<analytics.user.<tenant alias> password>",
"clientId":"<stuff client id>",
"clientSecret":"<stuff client secret>",
"zoneId":"<eventhub zoneId>",
"ingestorClientId":"<ingestor client id>:"
}
    Note:

    ingestorClientId value requires a terminating colon :

  6. Select Send.

Results

On successful acceptance, you will receive a 200 OK with the message: Added configuration for zone: <eventhub zoneId>