300 likes | 487 Views
Unicenter Desktop & Server Management Network Challenges. Latest Revision 11/28/2005. Network Challenges. © 2005 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies. Network Challenges.
E N D
Unicenter Desktop & Server Management Network Challenges Latest Revision 11/28/2005
Network Challenges © 2005 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.
Network Challenges Overcoming network topology issues has been simplified with DSM r11. Remote Site Local LAN DMZ
Communication Types Basically, there are only two types of communication…
Component to DB Component to database via the default or configured database port… • Database • Communication • Ingres (Ingres/Net 19016 & 19017, JDBC 19023) • Microsoft SQL Server (Default 1433)
Component to Component …and component to component via default or configured CAM and multiplexer ports. • Inter-Component • Communications • CAM (UDP 4104, TCP 4105) • DSM Multiplexer(4728)
Domain Management Component Overview • Database • Communication • Ingres (Ingres/Net 19016 & 19017, JDBC 19023) • Microsoft SQL Server (Default 1433) • Inter-Component • Communications • CAM (UDP 4104, TCP 4105) • DSM Multiplexer(4728) Ports shown are for default installation of database and components. Always refer to “Ports Used by Unicenter DSM” in the DSM “Implementation Guide” for more detailed, most accurate information.
Required Ports “Opening” required ports (a.k.a. “connectivity” ) is only half the battle, however. Remote Site Local LAN DMZ
Firewall and NAT Firewalls not only block port communication but also conceal the identity of the resources they protect using Network Address Translation (NAT). Remote Site Local LAN DMZ
Keep Target System “Visible” Not only must access rules allow connectivity to the target system but the target system must be “visible” from the system initiating the communication. Local LAN Remote Site DMZ
Visibility Example “Visible” does not necessarily mean the IP address for the target can be resolved and reached by the source system directly.
Visibility Example Domain Manager may not be able to resolve or reach the IP address of the Scalability Server directly. But, if Domain Manager knows to transmit data to the “edge” device public IP (the firewall) at the remote site (likely through a DNS entry)…
Visibility Example … and the “edge” device is configured to route certain traffic (e.g., CAM) to the private address of the Scalability Server…
Visibility Example … and CAM on the Scalability understands the traffic is destined for it, required communications can flow.
Common Visibility Issues Attempt to resolve “visibility” issues before becoming concerned with establishing connectivity (“opening ports”). • Common Issues: • Target identifiers not unique • Target identifiers cannot be resolved • Target identifiers change without notice
VPN Visibility Issues VPN is common proposed as a solution for overcoming connectivity and visibility issues. VPN can be used to address connectivity issues by virtually eliminating the firewall from the equation. However, dependent on the type of VPN deployed and configuration, it may introduce a visibility issue.
CAM Configuration and Troubleshooting DSM communication in r11 is highly dependent upon CAM. It highly likely in complex network environments that the “out of the box” configuration will need to be modified.
CAM Configuration and Troubleshooting Local copy of the latest version of the “CAM Admin Guide” has been provided and is also available online at http://devnews/CAM/main.htm?current=documentation.
Limited Number of Challenges Given the interaction of DSM components and basic architectural design principles the number of challenges is fairly limited.
Domain Level Challenges Since Engines should be electronically close to the MDB, the principle challenge at the Domain level will be Domain Manager communication to/from the Scalability Server.
Resolution: Scalability Server Since Domain Manager communication to/from the Scalability Server requires only CAM and multiplexer connectivity, it is a matter of... • Ensuring the Scalability Server host is “visible” from the Domain Manager and vice versa. • Connectivity is possible by ensuring communications via the default/configured CAM and multiplexer ports and protocol is not blocked.
Resolution: DSM Explorer At the Domain level, the DSM Explorer must communicate with the Domain Manager via CAM and the multiplexer port. Since it is conceivable that not all instances will be installed on the same LAN... • Ensure the Domain Manager host is “visible”. • Ensure Connectivity is possible via the default or configured and multiplexer CAM ports and that protocol is not blocked.
Resolution: Reporter At the Domain level the Reporter must communicate with the Domain Manager via CAM and with the MDB via the database port. It is possible that not all instances will be installed on the same LAN... • Ensure the Domain Manager host is “visible”. • Ensure the MDB host is “visible”. • Ensure Connectivity is possible via the default/configured CAM port(s) and protocol is not blocked. • Ensure connectivity is possible via the default/configured database port.
Enterprise Architecture Challenge In an Enterprise architecture, the Enterprise Manager must be able to communicate with Domain Managers to link Domains and assign the replication task to a Domain Engine. • Ensure the Domain Manager host is “visible”. • Ensure Connectivity is possible via the default/configured CAM and multiplexer ports and protocol is not blocked to the Enterprise Manager.
Domain Engine In an Enterprise architecture, the Domain Engine assigned the replication task must be able to initiate communications with the Enterprise Manager via CAM to obtain connection information for the Enterprise MDB. • Ensure the Enterprise Manager host is “visible”. • Ensure the default/configured CAM port(s) are not blocked to the Enterprise host.
Domain Engine to Enterprise MDB . Also in an Enterprise architecture, the Domain Engine assigned the replication task must be able to access with the Enterprise MDB. • Ensure the Enterprise MDB host is “visible”. • Ensure connectivity via the default/configured database port can be established to the Enterprise MDB
DSM Explorer to Enterprise Manager At the Enterprise level, the DSM Explorer must communicate with the Enterprise Manager and each linked Domain Manager via CAM. Since it is conceivable that not all instances will be installed on the same LAN... • Ensure the Enterprise Manager host and linked Domain Manager hosts are “visible”. • Ensure Connectivity is possible via the default/configured CAM port(s) and protocol is not blocked.
Reporter to Domain Manager Reporter at the Enterprise level must communicate with the linked Domain Managers via CAM. • Ensure the linked Domain Manager hosts are “visible”. • Ensure connectivity is possible via the default/configured CAM port(s) and protocol is not blocked to the linked Domain Managers.
Reporter to Domain MDB Reporter at the Enterprise level must be able to access linked Domain MDBs via the database port. • Ensure the Domain MDB host is “visible”. • Ensure connectivity is possible via the default/configured database port to the Enterprise MDB.
Questions? © 2005 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.