Upload
blanche-collins
View
218
Download
0
Tags:
Embed Size (px)
Citation preview
Unicenter Desktop & Server Management Network Challenges
- Latest Revision 11/28/2005
Network Challenges
© 2005 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.
© 2005 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies. 3
Network ChallengesOvercoming network topology issues has been simplified with DSM r11.
Scalability Server
1 U
Scalability Server
1 U
Scalability Server
1 U
Domain Manager
System Engine
2 U
Engine
MDB
2 U
Remote Site Local LAN DMZ
© 2005 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies. 4
Communication Types
Basically, there are only two types of communication…
Domain Manager
MDB
Engine
Scalability Server
DSM Explorer
Reporter
DB
DB
DB
IC
IC
IC
IC
DB
IC
© 2005 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies. 5
Component to DB
Component to database via the default or configured database port…
DatabaseCommunication
• Ingres (Ingres/Net 19016 & 19017, JDBC 19023)
• Microsoft SQL Server (Default 1433)
Domain Manager
MDB
Engine
Scalability Server
DSM Explorer
Reporter
DB
DB
DB
DB
© 2005 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies. 6
Component to Component
…and component to component via default or configured CAM and multiplexer ports.
Inter-ComponentCommunications
• CAM (UDP 4104, TCP 4105)• DSM Multiplexer(4728)
Domain Manager
MDB
Engine
Scalability Server
DSM Explorer
Reporter
IC
IC
IC
IC
IC
© 2005 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies. 7
Domain Management Component Overview
Domain Manager
MDB
Engine
Scalability Server
DSM Explorer
Reporter
DB
DB
DB
IC
IC
IC
IC
DB
IC
Inter-ComponentCommunications
• CAM (UDP 4104, TCP 4105)• DSM Multiplexer(4728)
DatabaseCommunication
• Ingres (Ingres/Net 19016 & 19017, JDBC 19023)
• Microsoft SQL Server (Default 1433)
Ports shown are for default installation of database and components. Always refer to “Ports Used by Unicenter DSM” in the DSM “Implementation Guide” for more detailed, most accurate information.
© 2005 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies. 8
Required Ports
“Opening” required ports (a.k.a. “connectivity” ) is only half the battle, however.
Scalability Server
1 U
Scalability Server
1 U
Scalability Server
1 U
Domain Manager
System Engine
2 U
Engine
MDB
2 U
Remote Site Local LAN DMZ
© 2005 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies. 9
Firewall and NATFirewalls not only block port communication but also conceal the identity of the resources they protect using Network Address Translation (NAT).
Scalability Server
1 U
Scalability Server
1 U
Scalability Server
1 U
Domain Manager
System Engine
2 U
Engine
MDB
2 U
Remote Site Local LAN DMZ
© 2005 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies. 10
Keep Target System “Visible”
Not only must access rules allow connectivity to the target system but the target system must be “visible” from the system initiating the communication.
Scalability Server
1 U
Scalability Server
1 U
Scalability Server
1 U
Domain Manager
System Engine
2 U
Engine
MDB
2 U
Remote Site Local LAN DMZ
© 2005 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies. 11
Visibility Example
“Visible” does not necessarily mean the IP address for the target can be resolved and reached by the source system directly.
© 2005 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies. 12
Visibility ExampleDomain Manager may not be able to resolve or reach the IP address of the Scalability Server directly. But, if Domain Manager knows to transmit data to the “edge” device public IP (the firewall) at the remote site (likely through a DNS entry)…
© 2005 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies. 13
Visibility Example… and the “edge” device is configured to route certain traffic (e.g., CAM) to the private address of the Scalability Server…
© 2005 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies. 14
Visibility Example… and CAM on the Scalability understands the traffic is destined for it, required communications can flow.
© 2005 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies. 15
Common Visibility Issues Attempt to resolve “visibility” issues before becoming concerned with establishing connectivity (“opening ports”).
-Common Issues:- Target identifiers not unique- Target identifiers cannot be resolved- Target identifiers change without notice
Scalability Server
1 U
Scalability Server
1 U
Scalability Server
1 U
Domain Manager
System Engine
2 U
Engine
MDB
2 U
© 2005 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies. 16
VPN Visibility Issues VPN is common proposed as a solution for overcoming connectivity and visibility issues. VPN can be used to address connectivity issues by virtually eliminating the firewall from the equation. However, dependent on the type of VPN deployed and configuration, it may introduce a visibility issue.
Scalability Server
1 U
Scalability Server
1 U
Scalability Server
1 U
Domain Manager
System Engine
2 U
Engine
MDB
2 U
© 2005 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies. 17
CAM Configuration and TroubleshootingDSM communication in r11 is highly dependent upon CAM. It highly likely in complex network environments that the “out of the box” configuration will need to be modified.
© 2005 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies. 18
CAM Configuration and TroubleshootingLocal copy of the latest version of the “CAM Admin Guide” has been provided and is also available online at http://devnews/CAM/main.htm?current=documentation.
© 2005 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies. 19
Limited Number of Challenges
Given the interaction of DSM components and basic architectural design principles the number of challenges is fairly limited.
Scalability Server
1 U
Scalability Server
1 U
Scalability Server
1 U
Domain Manager
System Engine
2 U
Engine
MDB
2 U
© 2005 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies. 20
Domain Level Challenges
Since Engines should be electronically close to the MDB, the principle challenge at the Domain level will be Domain Manager communication to/from the Scalability Server.
Scalability Server
1 U
Scalability Server
1 U
Scalability Server
1 U
Domain Manager
System Engine
2 U
Engine
MDB
2 U
© 2005 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies. 21
Resolution: Scalability Server
Since Domain Manager communication to/from the Scalability Server requires only CAM and multiplexer connectivity, it is a matter of...
- Ensuring the Scalability Server host is “visible” from the Domain Manager and vice versa.
- Connectivity is possible by ensuring communications via the default/configured CAM and multiplexer ports and protocol is not blocked.
Domain Manager
Scalability Server
CAM &Multiplexer
© 2005 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies. 22
Resolution: DSM Explorer
At the Domain level, the DSM Explorer must communicate with the Domain Manager via CAM and the multiplexer port. Since it is conceivable that not all instances will be installed on the same LAN...
- Ensure the Domain Manager host is “visible”.
- Ensure Connectivity is possible via the default or configured and multiplexer CAM ports and that protocol is not blocked.
Domain Manager
DSM Explorer
CAM &Multiplexer
© 2005 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies. 23
Resolution: Reporter
At the Domain level the Reporter must communicate with the Domain Manager via CAM and with the MDB via the database port. It is possible that not all instances will be installed on the same LAN...
- Ensure the Domain Manager host is “visible”.
- Ensure the MDB host is “visible”.
- Ensure Connectivity is possible via the default/configured CAM port(s) and protocol is not blocked.
- Ensure connectivity is possible via the default/configured database port.
Domain Manager
MDB
Reporter
DB
CAM
© 2005 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies. 24
Enterprise Architecture Challenge
In an Enterprise architecture, the Enterprise Manager must be able to communicate with Domain Managers to link Domains and assign the replication task to a Domain Engine.
- Ensure the Domain Manager host is “visible”.- Ensure Connectivity is possible via the
default/configured CAM and multiplexer ports and protocol is not blocked to the Enterprise Manager.
Domain ManagerEnterprise ManagerCAM &
Multiplexer
© 2005 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies. 25
Domain Engine
In an Enterprise architecture, the Domain Engine assigned the replication task must be able to initiate communications with the Enterprise Manager via CAM to obtain connection information for the Enterprise MDB.
- Ensure the Enterprise Manager host is “visible”.
- Ensure the default/configured CAM port(s) are not blocked to the Enterprise host.
Enterprise Manager
Engine
CAM
© 2005 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies. 26
.Domain Engine to Enterprise MDB
Also in an Enterprise architecture, the Domain Engine assigned the replication task must be able to access with the Enterprise MDB.
- Ensure the Enterprise MDB host is “visible”.
- Ensure connectivity via the default/configured database port can be established to the Enterprise MDB
MDB
Engine
DB
© 2005 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies. 27
DSM Explorer to Enterprise ManagerAt the Enterprise level, the DSM Explorer must communicate with the Enterprise Manager and each linked Domain Manager via CAM. Since it is conceivable that not all instances will be installed on the same LAN...
- Ensure the Enterprise Manager host and linked Domain Manager hosts are “visible”.
- Ensure Connectivity is possible via the default/configured CAM port(s) and protocol is not blocked.
Domain Manager
DSM Explorer
CAM &Multiplexer
© 2005 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies. 28
Reporter to Domain Manager
Reporter at the Enterprise level must communicate with the linked Domain Managers via CAM.
- Ensure the linked Domain Manager hosts are “visible”.
- Ensure connectivity is possible via the default/configured CAM port(s) and protocol is not blocked to the linked Domain Managers.
CAM
Reporter
Domain Manager
© 2005 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies. 29
Reporter to Domain MDB
Reporter at the Enterprise level must be able to access linked Domain MDBs via the database port.
- Ensure the Domain MDB host is “visible”.
- Ensure connectivity is possible via the default/configured database port to the Enterprise MDB.
Reporter
MDB
Questions?
© 2005 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.