Desktop Management Architecture
Download
Report
Transcript Desktop Management Architecture
Unicenter Desktop & Server
Management Network Challenges
- Latest Revision 11/28/2005
Network Challenges
© 2005 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.
Network Challenges
Overcoming network topology
issues has been simplified with
DSM r11.
2U
2U
Domain Manager
MDB
System Engine
Engine
1U
1U
1U
Scalability Server
Scalability Server
Scalability Server
Remote Site
Local LAN
DMZ
© 2005 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.
3
Communication Types
Basically, there are
only two types of
communication…
MDB
DB
DB
Domain Manager
DB
IC
Engine
IC
IC
DB
Scalability Server
IC
IC
DSM Explorer
Reporter
© 2005 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.
4
Component to DB
Component to
database via the
default or
configured database
port…
Database
Communication
• Ingres (Ingres/Net
19016 & 19017, JDBC
19023)
• Microsoft SQL Server
(Default 1433)
MDB
DB
DB
Domain Manager
DB
Engine
DB
Scalability Server
DSM Explorer
Reporter
© 2005 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.
5
Component to Component
…and component to
component via
default or
configured CAM and
multiplexer ports.
MDB
Domain Manager
Inter-Component
Communications
IC
Engine
IC
IC
Scalability Server
IC
IC
• CAM (UDP 4104, TCP 4105)
• DSM Multiplexer(4728)
DSM Explorer
Reporter
© 2005 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.
6
Domain Management Component
Overview
MDB
DB
DB
Database
Communication
Domain Manager
DB
Engine
• Ingres (Ingres/Net
DB
19016 & 19017, JDBC
19023)
• Microsoft SQL Server
(Default 1433)
Inter-Component
Communications
IC
IC
IC
Scalability Server
IC
• CAM (UDP 4104, TCP 4105)
• DSM Multiplexer(4728)
IC
DSM Explorer
Reporter
Ports shown are for default installation of database and components. Always
refer to “Ports Used by Unicenter DSM” in the DSM “Implementation Guide”
for more detailed, most accurate information.
© 2005 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.
7
Required Ports
“Opening” required ports
(a.k.a. “connectivity” ) is
only half the battle,
however.
2U
2U
Domain Manager
MDB
System Engine
Engine
1U
1U
1U
Scalability Server
Scalability Server
Remote Site
Local LAN
© 2005 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.
Scalability Server
DMZ
8
Firewall and NAT
Firewalls not only block port
communication but also conceal
the identity of the resources they
protect using Network Address
2U
Translation (NAT).
2U
Domain Manager
MDB
System Engine
Engine
1U
1U
Scalability Server
Remote Site
1U
Scalability Server
Local LAN
© 2005 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.
Scalability Server
DMZ
9
Keep Target System “Visible”
Not only must access rules allow
connectivity to the target system
but the target system must be
“visible” from the system initiating2 U
the communication.
2U
Domain Manager
MDB
System Engine
Engine
1U
1U
Scalability Server
Remote Site
1U
Scalability Server
Local LAN
© 2005 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.
Scalability Server
DMZ
10
Visibility Example
“Visible” does not necessarily mean
the IP address for the target can be
resolved and reached by the source
system directly.
2 U
2 U
Domain Manager
System Engine
Engine
1 U
1 U
Scalability Server
© 2005 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.
1 U
Scalability Server
11
Visibility Example
Domain Manager may
not be able to resolve or
reach the IP address of
the Scalability Server
directly. But, if Domain
Manager knows to
transmit data to the
“edge” device public IP
(the firewall) at the
remote site (likely
through a DNS entry)…
2 U
2 U
Domain Manager
System Engine
Engine
1 U
1 U
Scalability Server
© 2005 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.
1 U
Scalability Server
12
Visibility Example
… and the “edge” device is
configured to route certain traffic
(e.g., CAM) to the private address of
the Scalability Server…
2 U
2 U
Domain Manager
System Engine
Engine
1 U
1 U
Scalability Server
© 2005 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.
1 U
Scalability Server
13
Visibility Example
… and CAM on the Scalability
understands the traffic is destined
for it, required communications can
flow.
2 U
2 U
Domain Manager
System Engine
Engine
1 U
1 U
Scalability Server
© 2005 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.
1 U
Scalability Server
14
Common Visibility Issues
Attempt to resolve “visibility” issues before
becoming concerned with establishing
connectivity (“opening ports”).
-Common Issues:
- Target identifiers not unique
- Target identifiers cannot be resolved
2U
- Target identifiers change without notice
2U
Domain Manager
MDB
System Engine
Engine
1U
1U
Scalability Server
1U
Scalability Server
© 2005 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.
Scalability Server
15
VPN Visibility Issues
VPN is common proposed as a solution for
overcoming connectivity and visibility
issues. VPN can be used to address
connectivity issues by virtually eliminating
the firewall from the equation. However,
dependent on the type of VPN deployed
and configuration, it may introduce a
visibility issue.
2U
2U
Domain Manager
MDB
System Engine
Engine
1U
1U
Scalability Server
1U
Scalability Server
© 2005 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.
Scalability Server
16
CAM Configuration and
Troubleshooting
DSM communication in r11 is highly
dependent upon CAM. It highly likely in
complex network environments that the
“out of the box” configuration will need
to be modified.
2 U
2 U
Domain Manager
System Engine
Engine
1 U
1 U
Scalability Server
© 2005 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.
1 U
Scalability Server
17
CAM Configuration and
Troubleshooting
Local copy of the latest
version of the “CAM Admin
Guide” has been provided
and is also available online
at
http://devnews/CAM/main.
htm?current=documentatio
n.
2 U
2 U
Domain Manager
System Engine
Engine
1 U
1 U
Scalability Server
© 2005 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.
1 U
Scalability Server
18
Limited Number of Challenges
Given the interaction of DSM
components and basic
architectural design
principles the number of
challenges is fairly limited.
2U
2U
Domain Manager
MDB
System Engine
Engine
1U
1U
Scalability Server
1U
Scalability Server
© 2005 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.
Scalability Server
19
Domain Level Challenges
Since Engines should be
electronically close to the MDB, the
principle challenge at the Domain
level will be Domain Manager
communication to/from the
Scalability Server.
2U
2U
Domain Manager
MDB
System Engine
Engine
1U
1U
Scalability Server
1U
Scalability Server
© 2005 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.
Scalability Server
20
Resolution: Scalability Server
Since Domain Manager
communication to/from the
Scalability Server requires
only CAM and multiplexer
connectivity, it is a matter
of...
- Ensuring the Scalability
Server host is “visible”
from the Domain Manager
and vice versa.
- Connectivity is possible
by ensuring
communications via the
default/configured CAM
and multiplexer ports and
protocol is not blocked.
Domain Manager
CAM &
Multiplexer
Scalability Server
© 2005 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.
21
Resolution: DSM Explorer
At the Domain level, the DSM
Explorer must communicate
with the Domain Manager via
CAM and the multiplexer port.
Since it is conceivable that not
all instances will be installed
on the same LAN...
Domain Manager
CAM &
Multiplexer
- Ensure the Domain
Manager host is “visible”.
- Ensure Connectivity is
possible via the default or
configured and multiplexer
CAM ports and that
protocol is not blocked.
DSM Explorer
© 2005 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.
22
Resolution: Reporter
At the Domain level the Reporter
must communicate with the
Domain Manager via CAM and
with the MDB via the database
port. It is possible that not all
instances will be installed on the
same LAN...
- Ensure the Domain Manager
host is “visible”.
- Ensure the MDB host is
“visible”.
- Ensure Connectivity is
possible via the
default/configured CAM
port(s) and protocol is not
blocked.
- Ensure connectivity is
possible via the
MDB
Domain Manager
DB
CAM
Reporter
© 2005 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.
23
Enterprise Architecture Challenge
In an Enterprise architecture, the Enterprise
Manager must be able to communicate with
Domain Managers to link Domains and assign
the replication task to a Domain Engine.
- Ensure the Domain Manager host is
“visible”.
- Ensure Connectivity is possible via the
default/configured CAM and multiplexer
ports and protocol is not blocked to the
Enterprise Manager.
Enterprise Manager
CAM &
Multiplexer
© 2005 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.
Domain Manager
24
Domain Engine
In an Enterprise architecture, the Domain Engine assigned the
replication task must be able to initiate communications with the
Enterprise Manager via CAM to obtain connection information for the
Enterprise MDB.
- Ensure the Enterprise Manager host is “visible”.
- Ensure the default/configured CAM port(s) are not blocked to the
Enterprise host.
Enterprise Manager
CAM
Engine
© 2005 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.
25
.
Domain Engine to Enterprise MDB
Also in an Enterprise architecture, the Domain Engine
assigned the replication task must be able to access with the
Enterprise MDB.
- Ensure the Enterprise MDB host is “visible”.
- Ensure connectivity via the default/configured database
port can be established to the Enterprise MDB
MDB
DB
Engine
© 2005 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.
26
DSM Explorer to Enterprise
Manager
At the Enterprise level, the DSM
Explorer must communicate with
the Enterprise Manager and each
linked Domain Manager via CAM.
Since it is conceivable that not
all instances will be installed on
the same LAN...
Domain Manager
CAM &
Multiplexer
- Ensure the Enterprise
Manager host and linked
Domain Manager hosts are
“visible”.
- Ensure Connectivity is
possible via the
default/configured CAM
port(s) and protocol is not
blocked.
DSM Explorer
© 2005 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.
27
Reporter to Domain Manager
Reporter at the Enterprise level must communicate with the
linked Domain Managers via CAM.
- Ensure the linked Domain Manager hosts are “visible”.
- Ensure connectivity is possible via the default/configured
CAM port(s) and protocol is not blocked to the linked
Domain Managers.
Domain Manager
CAM
Reporter
© 2005 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.
28
Reporter to Domain MDB
Reporter at the Enterprise level must be able to access linked
Domain MDBs via the database port.
- Ensure the Domain MDB host is “visible”.
- Ensure connectivity is possible via the default/configured
database port to the Enterprise MDB.
MDB
Reporter
© 2005 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.
29
Questions?
© 2005 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.