The Infrastructure Deployment component lets you remotely install agent and scalability server software to target computers that are not running Client Automation software. This can only be done using the facilities offered by the underlying operating systems on source and target computers, and is subject to any restrictions imposed by an enterprise network configuration.
The initial step when deploying infrastructure software is to remotely install a small “primer” application, the DMPrimer, onto the target computer. This DMPrimer software is responsible for subsequent transfer of infrastructure software component installation images, and the invocation of their installation. When delivering the DMPrimer to the target computers, the deployment manager must supply user credentials that are valid on the target.
The DMPrimer is transferred to the target system using one of the following mechanisms. If the target computer's operating system is known to the deployment manager, an appropriate transfer mechanism is selected. If the target operating system cannot be determined, each of the following mechanisms is attempted in turn.
The deployment manager tries to connect to a Windows network share on the target system. By default, the share name used is ADMIN$, however, this can be altered by means of the "defaultTargetShare" configuration policy. This mechanism is available only from deployment managers running on a Windows-based platform and will only succeed on some Windows targets. Windows variants such as Windows XP Home do not support this deployment mechanism.
This mechanism works on any computer running an SSH server, however, it is mainly useful when targeting Linux or UNIX computers.
Note: When deploying to Solaris systems, CA recommends that you use either SunSSH v1.1 (or higher) or the latest version of OpenSSH.See the following website for additional details about patches applicable for Solaris platforms and versions: http://opensolaris.org/os/community/security/projects/SSH.
If you are running a firewall on the target computer, ensure that the SSH port (22) is enabled to permit connection from the deployment manager. You should also check that the SSH server on the target computer is configured to use an RSA key along with the 3DES cipher for encryption and the HMAC-SHA1 message authentication code (MAC). Most SSH servers will support this configuration by default, but if they do not then you should consult your SSH server documentation for instructions on how to add this.
Important! On Solaris 11 the default ciphers for sshd are aes128-ctr, aes192-ctr, aes256-ctr, arcfour128, arcfour256, arcfour. The deployment needs 3DES, so you need to add "Ciphers 3des-cbc" to sshd configuration file and restart the sshd.
To successfully deploy to a UNIX or Linux agent, configure the /etc/ssh/sshd_config configuration file of your recent SSH implementation as follows:
When deploying to some IBM AIX systems that are running both an IPv4 and IPv6 stack, using an IPv6 address, the target computer SSH server may be listening only on port 22 for IPv4. This would cause the deployment to fail. To correct this, edit the sshd_config configuration file and set the ListenAddress to "::".
When deploying to Solaris 11, follow these steps:
CONSOLE=/dev/console
/etc/default/login.
vi /etc/default/login
#CONSOLE=/dev/console
;type=role
or use the command:
rolemod -K type=normal root
Note: If you want the SSH communication between the deployment manager and the target computer to be FIPS-compliant, you must verify that the SSH server running on the target is also using FIPS-compliant cryptographic module, apart from setting FIPS-only mode on the deployment manager.
This mechanism is mainly useful when targeting UNIX systems that do not support SSH. Use of Telnet/FTP is becoming less widespread because of inherent security weaknesses in these protocols, and is being superseded by SSH/SFTP.
When using this connection method, Telnet commands are executed on target computers that pull the DMPrimer installation image from an FTP server located in the manager.
Important! Some modern operating systems do not encourage, and sometimes actively prohibit, the remote installation of software. If you try to deploy Client Automation software to these systems, you will usually see the deployment fail with a status of “No primer transport”. In such cases, installation of Client Automation software components may be performed in other ways, for example, installation off physical distribution media such as DVD.
Alternatively, you can install the DMPrimer software manually. This will allow deployment of the Client Automation infrastructure without having to rely on facilities offered by the underlying operating systems.
To determine whether automatic deployment is possible in your environment, you can perform some simple checks by running the following standard operating system operations:
|
Copyright © 2014 CA Technologies.
All rights reserved.
|
|