Implementation GuideInstalling a High Availability DeploymentHow to Configure CA Access Control Enterprise Management for High Availability › Configure the Secondary Enterprise Management Server

Previous Topic: Configure the Primary Enterprise Management Server

Next Topic: Configure Active Directory for Failover

Configure the Secondary Enterprise Management Server

The secondary Enterprise Management Server handles endpoint requests in an event of failure to the primary server.

Follow these steps:

  1. If necessary, copy the FIPS key from the primary Enterprise Management Server to a temporary directory. The file is located in the following directory: 
    JBOSS_HOME/server/default/deploy/IdentityMinder.ear/config/com/netegrity/config/keys
    JBOSS_HOME

    Defines the name of the directory where JBoss is installed.

  2. Install the Enterprise Management Server on the secondary server from a Command Prompt window and specify the -DFIPS_KEY=<full_pathname_to_key> option.

    Important! Specify the --DFIPS_KEY option when you run the secondary Enterprise Management Server installation program. Copy the FIPS key from the primary Enterprise Management Server to the secondary Enterprise Management Server before you begin the installation process.

    All the web-based applications, the Distribution Server, the DMS, and CA Access Control are installed.

  3. Stop all CA Access Control services.
  4. Modify the services to start up manually and not automatically.
  5. Set the _pmd directory_ registry key configuration setting to the full pathname of the shared storage directory you copied the DMS and the DH to. For example: Z:\PMD.

    The secondary server is configured to use the DMS and DH on the shared storage.

  6. Configure the Message Queue to use the shared storage. Do the following:
    1. Open the tibemsd.conf file for editing. This file is located by default in the following directory: 
      ACServerInstallDir/MessageQueue/tibco/cfgmgmt/ems/data
      ACServerInstallDir

      Defines the name of the directory where the Enterprise Management Server is installed.

    2. Set the value of the "store" token to point to the directory on the shared storage where you copied the datastore files to, for example: Z:\PMD.
    3. Save and close the file.
    4. Open the queues.conf file for editing.
    5. Append a comma and add the word "failsafe" at the end of every queue definition line, then save and close the file.
  7. Verify that the CA Access Control services are not running.
  8. Configure the DMS to authorize the secondary Enterprise Management Server, as follows:
    1. On the primary Enterprise Management Server, start the JCS, JBoss Application Server, CA Access Control and Message Queue services.
    2. Open a selang Command Prompt window and enter the following command: 
      host DMS__@

      A message appears informing you that you are connected to the local host.

    3. Enter the following command to display the list of authorized terminals: 
      sr TERMINAL *

      CA Access Control displays the details of the authorized terminals.

    4. Enter the following commands to add the secondary Enterprise Management Server to the authorized terminals list: 
      newres TERMINAL <secondary_enterprise_management_server_full_DN> audit (f) owner(nobody)defacc(r)
authorize TERMINAL <ssecondary_enterprise_management_server_full_DN> uid(+reportagent) access(write)
authorize TERMINAL <ssecondary_enterprise_management_server_full_DN> uid(DOMAIN\Administrator) access(write,read)
authorize TERMINAL <secondary_enterprise_management_server_full_DN> uid(an_entm_pers) access(write,read)
  9. Create a batch file to start all CA Access Control services in case the primary Enterprise Management Server fails, as follows: 
    seosd -start
net start acrptmq
net start "CA Access Control Web Service"
net start im_jcs
net start JBAS50SVC
  10. Create a batch file to stop all CA Access Control service when the primary Enterprise Management Server resumes operation, as follows: 
    secons -s
net stop acrptmq
net stop "CA Access Control Web Service"
net stop im_jcs
net stop JBAS50SVC
  11. Configure the Microsoft cluster software to run the scripts on failure.

    You have configured the secondary Enterprise Management Server.

More information:

Install CA Access Control Enterprise Management on Windows