Skip to content

Sterling Control Center Monitor Quickstart


The instructions in this section will walk you through the steps necessary for setting up a demo environment that can be quickly shown to customers to showcase the art of the possible.

This demo in no way removes the need for following the tutorial style instructions that are documented in other sections of this guide. The instructions below will set up a pre-canned application demo environment to show to the customers.


Create a custom Git Organization

Create a new Git Organization to host the different GitOps repositories.


Make sure you do not populate your GitHub organization with cloned repositories. The GitHub organization must be empty and will be populated automatically by the environment provisioning.


  1. Log in to and select the option to create a New organization.

    New Organization

  2. Click on Create a free organization plan.

  3. Complete the wizard by filling in the Organization account name and Contact email fields. Select the My personal account bullet and complete the verification step and click Next.

  4. Skip the step to add members to the Organization.

  5. Complete the Welcome to GitHub questionnaire and click Submit.

  6. Congratulations, you have successfully created a new Github Organization.


    Please ensure your GitHub organization is Public and not Private.

Create a Git Personal Access Token (PAT)

Create a new Git Personal Access Token with the appropriate scopes. This will be required to run the application pipelines or to set up webhooks.


  1. Log in to and click on Settings.

    New Organization

  2. Select Developer settings and click on Personal access tokens.

  3. Provide a name for the token, set the Expiration to 90 days ,set the following scopes and click Generate token.

    GitHub Personal Access Token scopes

    Token Scopes
    Token Scopes

  4. Copy and save the Personal Access Token. You will not be able to retrieve this value again later.

Red Hat OpenShift on IBM Cloud cluster with GitOps Configuration

Create the cluster

  1. Provision a Red Hat OpenShift on IBM Cloud cluster with GitOps Configuration from IBM Technology Zone. Select the OpenShift + GitOps Configuration tile.

  2. Click the Reserve now radio button.

  3. Provide a name for the cluster, select Practice / Self-Education for the purpose and choose the region to provision the cluster.

  4. Once a Preferred Geography has been selected, provide the appropriate Worker Node Count and Worker Node Flavor values based on the requirements for this quickstart listed in the note below. Finally, click Submit.


    For this IBM App Connect Enterprise Quickstart we recommend you to request the Red Hat OpenShift on IBM Cloud cluster with GitOps Configuration with the following size:

    • Worker Node Count = 3
    • Worker Node Flavor = 8 CPU x 32 GB

Use the cluster

You will receive an email once the cluster provisioning is complete. The email will contain details on the cluster including the ArgoCD Console URL and admin credentials. This same information can also be found on the My reservations from IBM Technology Zone.

Once your cluster is ready, proceed to the next step to select resources to deploy.

Install required CLIs

  • Install the Github CLI (version 1.14.0+)
  • Install the OpenShift CLI oc (version 4.7 or 4.8)

    • Log into your OCP cluster, substituting the --token and --server parameters with your values:

      oc login --token=<token> --server=<server>

      If you are unsure of these values, click your user ID in the OpenShift web console and select Copy login command.

  • Install the kubeseal CLI

    The kubeseal utility uses asymmetric crypto to encrypt secrets that only the controller can decrypt. These encrypted secrets are encoded in a SealedSecret resource which can safely be checked into your gitops repo. The controller will decrypt the secretes and install into your cluster.

Select resources to deploy

This recipe is for deploying Sterling Control Center Monitor (SCCM) in the sccm namespace. This recipe also assumes you've already deployed the Sterling File Gateway recipe - either b2bi-nonprod and b2bi-prod, or both.

In particular, these infra resources are assumed to have already been deployed (aside from the B2Bi specific resources):

- argocd/namespace-sealed-secrets.yaml
- argocd/daemonset-sync-global-pullsecret.yaml

Infrastructure - kustomization.yaml (in multi-tenancy-gitops repository)

  1. Edit the Infrastructure layer ${GITOPS_PROFILE}/1-infra/kustomization.yaml, un-comment the following lines, commit and push the changes and synchronize the infra Application in the ArgoCD console.

    cd multi-tenancy-gitops/0-bootstrap/single-cluster/1-infra

    In, kustomization.yaml:

    - argocd/namespace-sccm.yaml
    - argocd/serviceaccounts-sccm.yaml
    - argocd/sccm-clusterwide.yaml

    💡 NOTE
    Commit and Push the changes for multi-tenancy-gitops

Services - instances folder (in multi-tenancy-gitops-services repository)

NOTE: This recipe can be implemented using a combination of storage classes. Not all combination will work, but the following table lists the storage classes that have been tested successfully:

| Component | Access Mode | IBM Cloud | OCS/ODF |
| --- | --- | --- | --- |
| DB2 | RWO | ibmc-block-gold | ocs-storagecluster-cephfs |
| PEM | RWX | managed-nfs-storage | ocs-storagecluster-cephfs |
  1. Clone the services repo for GitOps: open a terminal window and clone the multi-tenancy-gitops-services repository under your Git Organization.

    git clone${GIT_ORG}/multi-tenancy-gitops-services.git
  2. Generate the yaml files for the SCCM pre-requisite components which includes the secrets and PVCs required by the SCCM helm chart.
    NOTE: Make sure you are logged into your OpenShift cluster before proceeding.

    1. Go to the instances/ibm-sccm-setup directory:

      cd multi-tenancy-gitops-services/instances/ibm-sccm-setup
    2. Generate the pre-requisite yaml files for SCCM (this includes keystore and truststore files using a self-signed certificate for demo purposes which is used by SCCM to secure connections with the SCCM engine, including between the web console and the browser; refer:

      CC_DB_PASSWORD=db2inst1 \
      ADMIN_USER_PASSWORD=password \
      JMS_PASSWORD=password \
      KEYSTORE_PASSWORD=password \
      TRUSTSTORE_PASSWORD=password \
      EMAIL_PASSWORD=password \
      USER_KEY=password \
      KEY_ALIAS=self \

      As part of creating the self-signed certificate for the JKS files required by SCCM, you will be prompted for the following (respond as follows):

      Enter keystore password: password
      Trust this certificate? [no]: y

      If the script runs successfully, it will generate the following files: - ibm-sccm-input-pvc.yaml - ibm-sccm-keystore-jks.yaml - ibm-sccm-pvc.yaml - ibm-sccm-secret.yaml

    💡 NOTE
    Add the generated files to the repository, and Commit and Push the changes for multi-tenancy-gitops-services

Services - kustomization.yaml (in multi-tenancy-gitops repository)

  1. Deploy the DB2 and pre-requisite resources for SCCM in the main multi-tenancy-gitops repository

    1. Edit the Services layer ${GITOPS_PROFILE}/2-services/kustomization.yaml by uncommenting the following lines to install the pre-requisites for SCCM.

      # SCCM
      - argocd/instances/ibm-sccm-db2.yaml
      - argocd/instances/ibm-sccm-setup.yaml
    2. (Optional) If necessary, modify the DB2 storage class for the environment that you use, the files are in ${GITOPS_PROFILE}/2-services/argocd/instances. Edit ibm-sccm-db2.yaml to change the storageClassName if necessary.

    💡 NOTE
    Commit and Push the changes for multi-tenancy-gitops and Refresh the ArgoCD application services.

    Make sure that the sterling toolkit pod does not throw any error. Wait for 5-10 minutes until the database is fully initialized.

    Push the changes & sync ArgoCD and make sure db2 database script completes successfully (check db2-0 pod Logs).

Services - instances folder (in multi-tenancy-gitops-services repository)

  1. Generate values.yaml file for the SCCM Helm Chart in the multi-tenancy-gitops-services repo; note that the default storage class is using managed-nfs-storage - if you are installing on ODF, set RWX_STORAGECLASS=ocs-storagecluster-cephfs.:

    cd multi-tenancy-gitops-services/instances/ibm-sccm
    In order to deploy SCCM, SMTP settings are required which SCCM uses for sending emails triggered by system events based on business rules (refer:
    ADMIN_EMAIL_ADDRESS=<change_me> \
    EMAIL_HOST_NAME=<change_me> \
    EMAIL_PORT=<change_me> \
    EMAIL_USER=<change_me> \
    EMAIL_RESPOND=<change_me> \
    CC_ADMIN_EMAIL_ADDRESS=<change_me> \
    KEY_ALIAS=self \

    For example: \ \
    EMAIL_PORT=465 \ \ \ \
    KEY_ALIAS=self \

    💡 NOTE
    Add the generated values.yaml file to the repository, and Commit and Push the changes for multi-tenancy-gitops-services

Services - kustomization.yaml (in multi-tenancy-gitops repository)

  1. Edit the Services layer ${GITOPS_PROFILE}/2-services/kustomization.yaml by uncommenting the following line to install SCCM, commit and push the changes and Refresh the services Application in the ArgoCD console:

    # SCCM
    - argocd/instances/ibm-sccm.yaml

    💡 NOTE
    Commit and Push the changes for multi-tenancy-gitops and Refresh the ArgoCD application services. This will take around 10-15 mins including all the database setup and application startup. Make sure sccm pod starts successfully (check ibm-sccm-ibm-sccm-0 pod Logs indicate at the end -> ---Configuration Completed---).

Services - instances folder (in multi-tenancy-gitops-services repository)

⚠️ Warning:
If you decided to scale the pods or upgrade the version you should do the following steps:

This is to prevent running the setup job again

  • Step 1:
    cd multi-tenancy-gitops-services/instances/ibm-sccm
  • Step 2:
  • Inside values.yaml, find & set
    dbInit: "false"
  • Commit and push the changes for the multi-tenancy-gitops-services repo.


  1. Retrieve the Sterling Control Center Monitor console URL.

    oc get route -n sccm ibm-sccm-ibm-sccm -o template --template='https://{{}}'
  2. Log in with the default credentials: User ID: admin Password: password

    💡 NOTE
    Since we used a self-signed certificate, you may need to use a browser that allows connection to a site with a self-signed certificate such as Firefox