Skills MAS SysAdmins Must Learn

Who this is for: Maximo administrators at any level who need a concrete learning plan for the MAS transition. Whether you are targeting a SaaS deployment or an on-prem OpenShift environment, this post gives you the roadmap.

Read time: 16 minutes

We have talked about how the sysadmin role changes in both SaaS and on-prem MAS deployments. Now comes the practical question: what exactly do you need to learn, and in what order?

In our experience, the administrators who struggle most during MAS transitions are not the ones who lack intelligence or motivation. They are the ones who try to learn everything at once, or who learn the wrong things first. A facilities admin spending three weeks on Kubernetes networking when their organization is deploying MAS SaaS is wasting precious time. An on-prem admin who skips Linux fundamentals to jump straight into OpenShift operator development is building on sand.

This post provides a structured, prioritized learning path. We have organized skills by deployment model (SaaS vs on-prem), priority level (critical vs important vs nice-to-have), and timeline (what to learn first, second, third).

The Two Skill Tracks

MAS administration splits into two tracks based on your deployment model. The SaaS track is a subset of the on-prem track -- everything a SaaS admin needs, an on-prem admin also needs, plus substantially more.

SaaS Admin Core Skills

These are the foundational skills every MAS SaaS administrator must develop:

  1. IAM and SSO (OAuth2, OIDC) -- Identity and access management
  2. API Usage Basics -- REST API interaction and testing
  3. Integration Troubleshooting -- Diagnosing data flow issues
  4. MAS UI Configuration -- System administration through the MAS interface
  5. Automation Scripting Basics -- Python/Jython automation scripts
  6. Upgrade Testing -- Validating SaaS updates in sandbox environments
  7. AppPoints Licensing -- Understanding and optimizing license consumption
  8. Data Governance -- Data quality, retention, and compliance

On-Prem Admin Skills (SaaS Skills Plus)

On-prem admins need all of the above, plus:

  1. Kubernetes Fundamentals -- Core container orchestration concepts
  2. OpenShift Administration -- Red Hat's enterprise Kubernetes platform
  3. Operator Concepts -- Operator Lifecycle Manager, Custom Resources
  4. Linux Administration -- RHEL/CoreOS command-line proficiency
  5. Container Fundamentals -- Docker/Podman, images, registries
  6. Storage Classes and Persistent Volumes -- Kubernetes storage management
  7. Network Routing and Ingress -- Service discovery, routes, load balancing
  8. API Gateways -- External API exposure and rate limiting
  9. Monitoring Tools (Grafana, Prometheus) -- Observability stack
  10. CI/CD Pipelines -- Automated testing and deployment
  11. YAML, Helm, and Terraform -- Infrastructure-as-code tooling

Skill Priority Matrix

Not all skills carry equal weight. This matrix helps you decide where to invest your time first.

SaaS Admin Priority Matrix

Skill — Priority — Impact if Missing — Time to Learn

IAM / SSO (OAuth2, OIDC) — Critical — Users cannot log in, security vulnerabilities — 2-4 weeks

MAS UI Configuration — Critical — Cannot administer the system — 2-3 weeks

API Usage Basics — Critical — Cannot integrate or automate — 2-3 weeks

Integration Troubleshooting — Critical — Data flow failures go unresolved — 3-4 weeks

AppPoints Licensing — Important — License non-compliance, cost overruns — 1-2 weeks

Automation Scripting — Important — Manual work that should be automated — 3-4 weeks

Upgrade Testing — Important — Production issues after SaaS updates — 2-3 weeks

Data Governance — Nice-to-have — Long-term compliance and data quality risk — 2-3 weeks

On-Prem Admin Priority Matrix (Additional Skills)

Skill — Priority — Impact if Missing — Time to Learn

Linux Administration — Critical — Cannot operate the platform at all — 4-6 weeks

Kubernetes Fundamentals — Critical — Cannot understand the runtime environment — 4-6 weeks

OpenShift Administration — Critical — Cannot manage the cluster — 4-6 weeks

Operator Concepts — Critical — Cannot manage MAS lifecycle — 2-3 weeks

Container Fundamentals — Critical — Cannot troubleshoot pod issues — 2-3 weeks

Storage Classes / PVs — Important — Storage failures, data loss risk — 2-3 weeks

Monitoring (Grafana/Prometheus) — Important — Blind to system health — 3-4 weeks

Network Routing / Ingress — Important — Connectivity and access issues — 2-3 weeks

YAML / Helm / Terraform — Important — Cannot manage configuration as code — 3-4 weeks

CI/CD Pipelines — Nice-to-have — Manual deployment processes — 3-4 weeks

API Gateways — Nice-to-have — Limited API management capability — 2-3 weeks

The 12-Month Learning Path

Here is a structured timeline that we have seen work well across multiple MAS transition projects. Adjust based on your starting point and deployment model.

Months 1-3: Foundation

Goal: Build the base layer of knowledge that everything else depends on.

SaaS Track:

  • Month 1: IAM and SSO fundamentals
    • Learn OAuth2 authorization flows (authorization code, client credentials)
    • Understand OIDC (OpenID Connect) token validation
    • Practice configuring SSO with Azure AD or Keycloak
    • Lab: Set up a test Keycloak instance and configure SAML/OIDC federation
    • Real-world application: Every user login, every API call, every integration authentication uses these protocols
  • Month 2: MAS UI and API basics
    • Navigate all areas of the MAS administration interface
    • Learn the MAS REST API structure and authentication
    • Practice API calls using curl, Postman, or similar tools
    • Lab: Use the MAS API to create a user, assign security groups, and query system status

`bash
# Example: Authenticate and query MAS API
# Get an API key from MAS administration
curl -s -H "apikey: YOUR_API_KEY" \
"https://masinstance.mas.example.com/api/os/mxperson?oslc.select=personid,displayname&oslc.pageSize=5"
`

  • Month 3: Integration troubleshooting
    • Understand MAS integration patterns (REST, message queues, App Connect)
    • Learn to trace data flow from source system through integration to Maximo
    • Practice reading integration logs and error messages
    • Lab: Set up a simple integration flow and deliberately break it, then diagnose and fix

On-Prem Track (same as SaaS plus):

  • Month 1: Linux fundamentals
    • File system navigation, permissions, process management
    • systemd service management
    • Network troubleshooting (ss, curl, dig, nslookup)
    • Package management (rpm, yum/dnf)
    • Lab: Install RHEL in a VM, configure networking, set up SSH keys
  • Month 2: Container fundamentals
    • Docker/Podman basics: build, run, inspect, logs
    • Container images, registries, and tags
    • Volume mounts and networking
    • Lab: Containerize a simple application, push to a registry, run with persistent storage

`bash
# Build and run a container
podman build -t my-test-app:latest .
podman run -d --name test -p 8080:8080 -v /data:/app/data my-test-app:latest
podman logs -f test
podman exec -it test /bin/bash
`

  • Month 3: Kubernetes fundamentals
    • Pods, Deployments, Services, ConfigMaps, Secrets
    • Namespaces, labels, and selectors
    • kubectl/oc basic commands
    • Lab: Deploy a multi-container application on Minikube or Kind

`bash
# Core Kubernetes commands you will use daily
kubectl get pods -n my-namespace
kubectl describe pod my-pod -n my-namespace
kubectl logs my-pod -n my-namespace -c my-container
kubectl apply -f my-resource.yaml
kubectl delete pod my-pod -n my-namespace
`

Months 3-6: Core Competency

Goal: Develop the skills you will use every day in MAS administration.

SaaS Track:

  • Month 4: Automation scripting
    • Maximo automation script patterns (Jython/Python)
    • Script triggers: object events, actions, attribute launch points
    • Error handling and logging in scripts
    • Lab: Write automation scripts for common scenarios (auto-assignment, validation, notification)
  • Month 5: AppPoints licensing and data governance
    • Understand AppPoints consumption model
    • Monitor and optimize license usage
    • Data retention policies and archive strategies
    • Lab: Run an AppPoints utilization report, identify optimization opportunities
  • Month 6: Upgrade testing and environment management
    • Sandbox environment configuration
    • Test plan development for SaaS updates
    • Regression testing strategies
    • Lab: Validate a MAS update in a sandbox environment before production acceptance

On-Prem Track (same as SaaS plus):

  • Month 4: OpenShift administration
    • OpenShift-specific concepts: Routes, BuildConfigs, DeploymentConfigs
    • OpenShift web console navigation
    • User and role management (RBAC)
    • Lab: Deploy an application on OpenShift, configure routes, set up RBAC

`bash
# OpenShift-specific commands
oc new-project mas-test
oc get routes -n mas-test
oc adm policy add-role-to-user admin developer -n mas-test
oc get clusteroperators
`

  • Month 5: Operators and Custom Resources
    • Operator Lifecycle Manager (OLM)
    • Custom Resource Definitions (CRDs)
    • Operator installation and subscription management
    • Lab: Install an operator from OperatorHub, create a Custom Resource, observe reconciliation

`yaml
# Example: Understanding a Custom Resource
apiVersion: apps.mas.ibm.com/v1
kind: ManageApp
metadata:
name: inst1-masdev
namespace: mas-inst1-manage
spec:
settings:
deployment:
serverBundles:
all:
replica: 2
routeSubDomain: all
`

  • Month 6: Storage and networking
    • Storage classes, PVCs, CSI drivers
    • OpenShift networking: Services, Routes, NetworkPolicies
    • Ingress controllers and load balancing
    • Lab: Configure a storage class, create PVCs, set up network policies

Months 6-12: Advanced and Specialization

Goal: Build expertise in areas that differentiate competent admins from exceptional ones.

SaaS Track:

  • Months 7-9: Advanced integration and API management
    • Complex integration patterns with App Connect
    • API versioning and lifecycle management
    • Webhook configuration and event-driven integrations
    • Lab: Build an end-to-end integration using App Connect and MAS APIs
  • Months 10-12: Advanced troubleshooting and optimization
    • Performance analysis using MAS health dashboards
    • Advanced SSO troubleshooting (token expiration, claim mapping)
    • Capacity planning based on usage metrics
    • Lab: Diagnose and resolve a complex multi-system integration failure

On-Prem Track (same as SaaS plus):

  • Months 7-8: Monitoring and observability
    • Prometheus metrics, recording rules, and alerting rules
    • Grafana dashboard creation and management
    • Log aggregation with Elasticsearch/Fluentd/Kibana or Loki
    • Lab: Build a custom Grafana dashboard for MAS pod health

`yaml
# Example: Prometheus alerting rule for MAS
apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule
metadata:
name: mas-pod-alerts
namespace: mas-inst1-core
spec:
groups:

  • name: mas-pod-health

rules:

  • alert: MASPodCrashLooping

expr: rate(kube_pod_container_status_restarts_total{namespace=~"mas-.*"}[15m]) > 0
for: 10m
labels:
severity: warning
annotations:
summary: "MAS pod {{ $labels.pod }} is crash looping"
description: "Pod {{ $labels.pod }} in namespace {{ $labels.namespace }} has been restarting."
`

  • Months 9-10: Infrastructure as code
    • Helm chart structure and values files
    • Terraform for infrastructure provisioning
    • Ansible for configuration management
    • GitOps with ArgoCD or Flux
    • Lab: Manage a MAS deployment configuration using a GitOps repository
  • Months 11-12: CI/CD and advanced operations
    • Pipeline design for MAS configuration promotion
    • Blue-green and canary deployment strategies
    • Disaster recovery planning and testing
    • Performance tuning at the cluster level
    • Lab: Build a CI/CD pipeline that promotes MAS configuration from dev to staging to production

Certifications and Training Resources

Certifications validate your skills and provide structured learning paths. Here are the most relevant certifications for MAS administrators.

Recommended Certifications

Certification — Provider — Relevance — Difficulty — Cost

IBM Certified Administrator - Maximo Application Suite v8.x — IBM — Directly applicable to MAS admin role — Moderate — ~$200

Certified Kubernetes Administrator (CKA) — CNCF/Linux Foundation — Essential for on-prem admins — Challenging — ~$395

Red Hat Certified System Administrator (RHCSA) — Red Hat — Linux foundation for on-prem — Moderate — ~$450

Red Hat Certified Specialist in OpenShift Administration — Red Hat — Directly applicable to on-prem — Challenging — ~$450

Prometheus Certified Associate (PCA) — CNCF/Linux Foundation — Monitoring expertise — Moderate — ~$250

HashiCorp Terraform Associate — HashiCorp — Infrastructure as code — Moderate — ~$70

Certification Priority by Track

SaaS Admin Certification Path:

  1. IBM Certified Administrator - Maximo Application Suite (start here)
  2. Consider API-focused certifications from Postman or similar

On-Prem Admin Certification Path:

  1. RHCSA (Linux foundation)
  2. CKA (Kubernetes fundamentals)
  3. Red Hat OpenShift Administration
  4. IBM Certified Administrator - MAS
  5. Prometheus Certified Associate
  6. Terraform Associate (if using IaC)

Free vs Paid Training Resources

Free Resources

Resource — What It Covers — Quality — URL

Kubernetes Official Tutorials — Core K8s concepts with interactive labs — Excellent — kubernetes.io/docs/tutorials

Red Hat Developer Program — OpenShift sandbox, free courses — Excellent — developers.redhat.com

IBM Documentation — MAS configuration, APIs, operators — Good — ibm.com/docs/en/mas-cd

Prometheus Documentation — Metrics, queries, alerting — Excellent — prometheus.io/docs

Grafana Tutorials — Dashboard creation, data sources — Good — grafana.com/tutorials

Helm Documentation — Chart creation, values, templates — Good — helm.sh/docs

KillerCoda Interactive Labs — Hands-on K8s scenarios in browser — Excellent — killercoda.com

CNCF Free Courses (edX) — Intro to Kubernetes, cloud-native — Good — edx.org (search CNCF)

Paid Resources

Resource — What It Covers — Cost — Quality

Linux Academy / A Cloud Guru — K8s, OpenShift, Linux, Terraform — ~$35/month — Excellent

Red Hat Training (DO280/DO180) — Official OpenShift admin courses — ~$3,000-4,000 per course — Excellent

IBM Training — MAS-specific administration courses — Varies ($500-2,000) — Good

KodeKloud — CKA/CKAD prep with hands-on labs — ~$15/month — Excellent

Udemy (KodeKloud courses) — CKA, CKAD, OpenShift prep — ~$15-30 per course — Good

O'Reilly Learning — Books, videos, interactive labs — ~$49/month — Excellent

Key insight: We have seen the best results from combining free documentation for conceptual learning with paid hands-on labs for practical skill-building. Reading about Kubernetes is useful. Running commands on a real cluster is transformative.

Hands-On Lab Suggestions

Each skill area benefits from deliberate practice. Here are specific lab exercises we recommend.

IAM / SSO Labs

  1. Install Keycloak locally using Docker/Podman and configure an OIDC client
  2. Set up SAML federation between Keycloak and a test application
  3. Debug a failing SSO login by inspecting SAML assertions and OIDC tokens using browser developer tools
  4. Configure multi-factor authentication in Keycloak and test the user experience

API Labs

  1. Use Postman or curl to authenticate against the MAS API and perform CRUD operations
  2. Build a simple script that reads work orders from MAS and writes a summary report
  3. Create an API collection with environment variables for dev, staging, and production
  4. Test rate limiting by writing a script that makes rapid API calls and observing throttling behavior

Kubernetes / OpenShift Labs

  1. Deploy a 3-tier application (web frontend, API backend, database) on Minikube
  2. Simulate a pod failure and observe self-healing behavior
  3. Configure horizontal pod autoscaling and generate load to trigger scaling
  4. Set up a PVC with a specific storage class and verify data persistence across pod restarts
  5. Create RBAC roles that restrict a user to read-only access in a specific namespace
  6. Install an operator from OperatorHub and manage its lifecycle

Monitoring Labs

  1. Deploy Prometheus and Grafana on a Kubernetes cluster
  2. Create a custom dashboard showing pod CPU, memory, restart count, and network I/O
  3. Write an alerting rule that fires when pod memory exceeds 80% of its limit
  4. Set up a notification channel (email or Slack) for Prometheus alerts
  5. Build a recording rule that pre-aggregates expensive queries

Infrastructure as Code Labs

  1. Write a Helm chart for a simple application with configurable replicas and resource limits
  2. Use Terraform to provision a VM or cloud resource and manage its lifecycle
  3. Set up a GitOps repository with ArgoCD watching for configuration changes
  4. Create an Ansible playbook that configures a Linux server with prerequisites for OpenShift

Self-Assessment Checklist

Use this checklist to evaluate where you stand today. Be honest -- this is for your benefit.

SaaS Admin Self-Assessment

Rate yourself on each skill: 1 = Cannot do it, 2 = Need guidance, 3 = Can do independently, 4 = Can teach others.

IAM and SSO:

Skill — 1 — 2 — 3 — 4

Explain OAuth2 authorization code flow — — — —

Configure an OIDC identity provider in MAS — — — —

Troubleshoot SSO login failures using browser developer tools — — — —

Explain the difference between authentication and authorization in MAS — — — —

API Usage:

Skill — 1 — 2 — 3 — 4

Authenticate against the MAS REST API — — — —

Perform CRUD operations on Maximo objects via API — — — —

Read API documentation and construct requests for unfamiliar endpoints — — — —

Understand API error codes and diagnose common failures — — — —

Integration:

Skill — 1 — 2 — 3 — 4

Trace data flow through an integration from source to destination — — — —

Read integration logs and identify where a failure occurred — — — —

Understand the difference between synchronous and asynchronous integration — — — —

Configure basic message reprocessing for failed integrations — — — —

MAS UI Configuration:

Skill — 1 — 2 — 3 — 4

Manage users, security groups, and application entitlements — — — —

Configure workspace settings and application deployments — — — —

Navigate the System Health dashboard and interpret its metrics — — — —

Manage automation scripts and configure launch points — — — —

Scoring: Add up your ratings across all 16 skills (maximum 64).

  • 48-64 points: You are SaaS-admin ready. Focus on advanced optimization.
  • 32-47 points: Solid foundation. Fill targeted gaps using the Month 4-6 plan.
  • 16-31 points: Good starting point. Follow the complete Month 1-6 plan.
  • Below 16 points: Start from the beginning. Invest in structured learning before taking on MAS admin responsibilities.

On-Prem Admin Self-Assessment (Additional Skills)

Rate yourself: 1 = Cannot do it, 2 = Need guidance, 3 = Can do independently, 4 = Can teach others.

Linux:

Skill — 1 — 2 — 3 — 4

Navigate the filesystem, manage permissions, and edit files from the command line — — — —

Troubleshoot network connectivity (ping, curl, ss, dig) — — — —

Manage systemd services and read journal logs — — — —

Write basic shell scripts for automation — — — —

Kubernetes / OpenShift:

Skill — 1 — 2 — 3 — 4

Use kubectl/oc to manage pods, deployments, and services — — — —

Read and write YAML for Kubernetes resources — — — —

Troubleshoot a pod that will not start (describe, logs, events) — — — —

Configure RBAC roles and bindings — — — —

Manage operators via OLM (subscriptions, install plans, CSVs) — — — —

Configure storage classes, PVCs, and verify volume binding — — — —

Monitoring:

Skill — 1 — 2 — 3 — 4

Query Prometheus using PromQL — — — —

Create or modify Grafana dashboards — — — —

Configure alerting rules and notification channels — — — —

Set up log aggregation and search through centralized logs — — — —

Infrastructure as Code:

Skill — 1 — 2 — 3 — 4

Read and modify Helm charts — — — —

Write basic Terraform configurations — — — —

Understand GitOps concepts and work with ArgoCD or Flux — — — —

Write Ansible playbooks for configuration management — — — —

Scoring: Add up your ratings across all 18 skills (maximum 72).

  • 54-72 points: You are on-prem ready. Focus on advanced topics and leadership.
  • 36-53 points: Strong foundation. Focus on your weakest skill areas.
  • 18-35 points: Significant learning needed. Follow the Month 1-12 plan systematically.
  • Below 18 points: Start with Linux fundamentals and container basics. Build up systematically before taking on OpenShift responsibilities.

How Each Skill Is Applied: Real-World Examples

Abstract skills become meaningful when you see how they are used in practice. Here are scenarios that connect skills to real MAS admin work.

IAM/SSO in Practice

Scenario: A new acquisition joins the company. Their 500 field technicians need MAS access through the parent company's Azure AD. You configure OIDC federation between Azure AD and MAS, map Azure AD security groups to MAS security groups, and set up just-in-time user provisioning so accounts are created on first login. Without IAM/SSO skills, this is a support ticket to IBM. With them, it is a Tuesday afternoon task.

Kubernetes in Practice

Scenario: Monday morning, 200 technicians report that the mobile app is slow. You check pod metrics and discover that the Manage API pods are at 95% memory utilization with frequent garbage collection pauses. You increase the memory limit in the ManageApp Custom Resource, the operator rolls out new pods with the higher limit, and performance returns to normal -- all without a restart or outage.

# Before: insufficient memory
spec:
  settings:
    deployment:
      serverBundles:
        all:
          replica: 3
          resources:
            limits:
              memory: 4Gi
# After: increased memory limit
spec:
  settings:
    deployment:
      serverBundles:
        all:
          replica: 3
          resources:
            limits:
              memory: 6Gi

Monitoring in Practice

Scenario: You set up a Prometheus alert that fires when the certificate for the MAS external route expires within 14 days. At 3 AM on a Saturday, the alert triggers. Instead of discovering an outage Monday morning when nobody can log in, the on-call engineer renews the certificate and avoids any user impact. That alert took 20 minutes to configure. It saved 4 hours of outage and an emergency change request.

Integration Troubleshooting in Practice

Scenario: Work orders created in SAP are not appearing in MAS. You trace the integration flow: SAP sends a message to the integration bus, the bus routes to the MAS API. Using the integration log viewer, you discover that SAP changed a field format in their latest update, causing JSON parsing failures. You identify the specific field, work with the SAP team to align formats, reprocess the failed messages, and close the incident -- all without involving IBM support.

Key insight: Every skill on this list maps to a real problem you will face in production. The question is not "will I use this?" but "when will I need this, and will I be ready?"

Building a Team Learning Plan

If you are a manager building a team for MAS administration, here is how to structure the skill development across your team.

SaaS Team (3-4 people)

Role — Primary Focus — Secondary Focus

Lead Admin — IAM/SSO, MAS UI, upgrade testing — Integration troubleshooting, API

Integration Specialist — Integration troubleshooting, API usage — Automation scripting, data governance

Automation Developer — Automation scripting, API usage — MAS UI configuration, testing

On-Prem Team (5-7 people)

Role — Primary Focus — Secondary Focus

MAS Platform Lead — Operators, MAS CR management, upgrades — Monitoring, capacity planning

OpenShift Admin — Cluster management, networking, storage — Monitoring, CI/CD

Monitoring Engineer — Prometheus, Grafana, log aggregation — OpenShift, alerting

Integration Specialist — API management, App Connect, Kafka — Troubleshooting, automation

Security Specialist — IAM/SSO, certificates, RBAC — Network policies, secrets management

Cross-train at least two people on every critical skill. Single points of failure in knowledge are as dangerous as single points of failure in infrastructure.

Key Takeaways

  1. Prioritize ruthlessly. Learn critical skills first (IAM, Kubernetes, operators). Nice-to-have skills can wait.
  2. Match your learning to your deployment model. SaaS admins do not need deep Kubernetes skills. On-prem admins cannot skip them.
  3. Hands-on practice is non-negotiable. Set up lab environments, break things deliberately, and learn to fix them.
  4. Certifications provide structure. Use certification study paths as learning guides even if you do not take the exam.
  5. Build team capability, not individual heroes. Cross-train across critical skills to eliminate knowledge bottlenecks.

References

Series Navigation:

Previous: Part 4 — How the SysAdmin Role Changes in MAS On-Prem
Next: Part 6 — The Daily Toolset of MAS Admins

View the full MAS ADMIN series index →

Part 5 of the "MAS ADMIN" series | Published by TheMaximoGuys