In addition to using the predefined profiles, you can create your own server-specific Access Profiles.
Follow these steps:
Accesses other servers in your enterprise in Port Probe Access Mode. Select this option if you do not intend to install a CA Configuration Automation Agent on the servers that are associated with this profile.
Accesses other servers in your enterprise in Agent Access Mode. Select this option if you have installed or intend to install a CA Configuration Automation Agent on the servers that are associated with this profile. If you select this option, complete the following Agent and Agent Installation fields:
Specifies how the server where the agent is installed is configured with the CA Configuration Automation Server:
Self Registered Agent: Enables an CA Configuration Automation Agent to register itself when it tests communications with the CA Configuration Automation Server. After the agent self-registers, the product considers the host a managed server. When you select this option, the agent obtains the agent listening port.
Manually Configured Agent: Enables you to specify the CA Configuration Automation Agent listening port number. Select this option on a server that uses a Pass-through Agent for communication with the CA Configuration Automation Server. You can also select this option if your CA Configuration Automation Server is configured to communicate securely using SSL. Define the Pass-through Agent proxy type in Step 6.
Defines the CA Configuration Automation Agent listening port number.
Default: 8063
Specifies whether the CA Configuration Automation Server communicates with the agent using an SSL-secured connection. Create a certificate authority before you secure a CA Configuration Automation Agent.
Identifies the location where the CA Configuration Automation Agent software is installed.
Default (Windows):
\Program Files\CA\CA Configuration Automation Agent
Default (UNIX):
/opt/CA/CCAAgent
Specifies whether to install the Java Virtual Machine (JVM) distributed with CA Configuration Automation. The CA Configuration Automation Agent installation requires a JVM on the target server:
Yes: Install the CA Technologies-supplied JVM.
No: Use a previously installed JVM.
Note: To locate the existing JVM, provide a commonly known installation location. If the CA Configuration Automation Agent installation fails, select Yes in this field and try installing the agent again.
Defines the user ID of the administrative user with authorization and privileges to connect to and install the CA Configuration Automation agent.
Defines the password that is associated with the specified System Account.
Verifies that the password matches the string that you entered in the System Password field.
Specifies whether you can use the sudo command to access and gather information about the remote UNIX and Linux servers. The sudo command enables the users that are defined in the /etc/sudoers configuration file to run commands. The sudo command lets users run commands as if they were users with different (in the case of the root user, unlimited) permissions.
If you enable sudo, comment out the Default requiretty entry in the /etc/sudoers file as follows:
# Default requiretty
For more information, see Configuring sudo for UNIX and Linux Softagent Discovery.
Specifies whether to enable agent logging.
Note: To conserve space and enhance security, some environments discourage writing log files to servers. You can also enable or disable the agent logging in the CA Configuration Automation Agent configuration file (agent.conf).
Specifies whether to enable the server ping. Clear the Server Ping check box to disable the server ping in the following instances:
• You encounter IP address and name resolution conflicts.
• The server has multiple Network Interface Cards (NICs). The product pings the server to ensure that it identifies with the intended NIC.
• Agents are installed on servers that have a firewall between that server and the CA Configuration Automation Server.
You can also enable or disable the server ping in the CA Configuration Automation Agent configuration file (agent.conf).
Note: The product requires you to enable the server ping to populate the CA Configuration Automation Agent-related details accurately on the attribute sheets and manage lists.
Accesses and collects data from associated servers using the Secure Shell (SSH). SSH provides authentication and secure encrypted communications over insecure networks. If you select this option, complete the following SSH fields:
Specifies whether SSH with Credentials or SSH with Key File is used to access and retrieve data from discovered servers.
Defines the SSH communications port.
Default: 22
Defines the SSH login account.
Specifies whether you can use the sudo command to access and gather information about the remote UNIX and Linux servers. The sudo command enables the users that are defined in the /etc/sudoers configuration file to run commands. The sudo command lets users run commands as if they were users with different (in the case of the root user, unlimited) permissions.
If you enable sudo, comment out the Default requiretty entry in the /etc/sudoers file as follows:
# Default requiretty
For more information, see Configuring sudo for UNIX and Linux Softagent Discovery.
Defines the interval (in milliseconds) before the product considers an SSH connection request to a remote server to have failed.
Default: 900000 (15 minutes)
Specifies whether the product performs file-based server verification and automatically verifies the remote servers. To increase security, clear the check box and provide the known hosts file name in the SSH Host File field.
Defines the file that the product uses to validate remote servers.
Default: <home-directory>/.ssh/known_hosts
Specifies whether to use the Secure File Transfer Clients (SFTP) or Secure Copy (SCP) to perform SSH Discovery.
The product requires the SFTP during discovery using SSH and WMISSH access modes. The SFTP handles the following functions:
• Transfer a file to a remote server.
• Get a file from a remote server.
• Remove a file from a remote server.
• Run a script on a remote server.
If you select SFTP and the SFTP service is not running on the remote server, the CA Configuration Automation Server logs the following message:
<message_number>: Discovery failed on Server "<server_name>"
You can either start the SFTP service on the remote server or use SCP as the secure file transfer client.
Default: SFTP
Defines the SSH password. The product displays this field only when you select the SSH with Credentials mode.
Confirms that the password matches the text string that is entered in the Account Password field. This field appears only when the SSH with Credentials mode is selected.
Defines the private key file. To create the public and private key files, use puttygen.exe or a similar utility. After you create the files, copy the private key to the CA Configuration Automation Server home directory and the public key to the SSH server. For example, on copSSH, copy the public key into \copSSH\home\Administrator\.ssh\authorized-keys.
The product displays this field only when you select the SSH with KeyFile mode.
Specifies the key format, either ssh-dss or ssh-rsa. The product displays this field only when you select the SSH with KeyFile mode.
(Optional) Defines a key file protection passphrase. Associate the passphrase with the key files when they are created. The product displays this field only when you select the SSH with KeyFile mode.
Specifies whether the CA Configuration Automation Server uses the Telnet Access Mode to access other servers in your enterprise. If you select this option, complete the following Telnet fields:
Defines the Telnet listening port.
Default: 23
Defines a valid user account on the remote server.
Defines the password that is associated with the specified account.
Verifies that the password matches the string that you entered in the Account Password field.
Specifies whether you can use the sudo command to access and gather information about the remote UNIX and Linux servers. The sudo command enables the users that are defined in the /etc/sudoers configuration file to run commands. The sudo command lets users run commands as if they were users with different (in the case of the root user, unlimited) permissions.
If you enable sudo, comment out the Default requiretty entry in the /etc/sudoers file as follows:
# Default requiretty
For more information, see Configuring sudo for UNIX and Linux Softagent Discovery.
Defines the interval (in milliseconds) before the product considers a Telnet connection request to a remote server to have failed.
Default: 900000 (15 minutes)
Specifies whether the discovery looks for the Login Prompt, the Password Prompt, and the Shell Prompt values while it attempts to access the remote server. These fields contain the standard Telnet prompts by default, but they can vary on some systems.
Defines the login prompt for which the access profile gains access. When the profile locates the specified prompt, it enters the information in the Account field of an access profile. You can edit this field if the target server uses a prompt other than the login prompt.
Defines the password prompt for which the access profile gains access. When the profile locates the specified prompt, it enters the information in the Account Password field of an access profile. You can edit this field if the target server users a prompt other than password.
Defines the shell prompt for which the access profile looks to issue commands after gaining access. You can edit this field if the target server users a shell prompt other than #.
Specifies whether the CA Configuration Automation Server uses Microsoft Windows Management Instrumentation (WMI) Access Mode to access other servers in your enterprise to discover software components.
If your CA Configuration Automation Server is installed on a UNIX or Linux host, you cannot use a WMI Access Profile to access target Windows servers. To access target the Windows servers using a WMI Access Profile, at least one CA Configuration Automation Grid Server must be installed on a Windows server.
If you select this option, complete the following fields:
Defines a valid user account on the remote server. To use a WMI access profile to access the target servers, run the CCA Server service, and the CCA Grid service with domain credentials. You must have administrator privileges on the host and target servers to run the services.
Defines the password that is associated with the specified User.
Verifies that the password matches the string that you entered in the Password field.
Specifies whether CA Configuration Automation Server accesses other servers in your enterprise using a combination of WMI and SSH Access Modes. This combination enables the discovery to use methodologies that are optimized for discovering and accessing both Windows and Linux/UNIX servers.
If you select this option:
a. Specify whether to use SSH with Credentials or SSH with KeyFile
b. Complete the appropriate SSH and WMI fields.
The Proxy page appears.
Specifies that the CA Configuration Automation Server communicates with the CA Configuration Automation Agent directly. No Proxy is the default setting.
Specifies that the CA Configuration Automation Server communicates with the CA Configuration Automation Agent through a firewall gateway. If you select this proxy type, complete the following fields:
Defines the name or IP address of the proxy server.
Defines the port on which the proxy server listens.
Specifies that the communication between the CA Configuration Automation Server and the CA Configuration Automation Agent is secure and encrypted. If you select this proxy type, complete the following fields:
Specifies the name or IP address of the SSH host computer. The drop-down list is populated with all the servers listed in the Server table on the Server tab.
Defines the SSH communications port.
Default: 22
Defines the SSH login account.
Defines the SSH account password.
Verifies that the password matches the string that you entered in the SSH Account Password field.
Specifies that the CA Configuration Automation Server communicates with the CA Configuration Automation Agent through an intermediary agent. The pass-through agent consolidates communications from multiple CA Configuration Automation Agents and is a single point of communication with the CA Configuration Automation Server. The drop-down list is populated with all the servers listed in the Server table on the Server tab.
If you select Pass-through Agent, set the Agent Mode to Manually Configure Agent and then set the Access Mode page Agent Port field. Step 5 defines how to set the Agent Mode to Manually Configure Agent.
You can configure cascading pass-through agents, but only the first proxy-hop supports SSH.
The following illustration is an example of the cascading pass-through agents:
Specifies that the communication between the CA Configuration Automation Server and the target server is through a proxy server. If you select this proxy type, complete the following fields:
Defines the name of the proxy server.
Defines a valid user account with administrator credentials to log in to the proxy server using WMI.
Defines the administrator password that is associated with the Account value.
Verifies that the password matches the string that you entered in the Password field.
Defines the name of the proxy server. The product updates this value with the proxy server name that is specified in the WMI Server Host Name field.
Note: If you change the FTP Server value, the product updates the WMI Server Host Name value. The FTP connection must communicate from the CA Configuration Automation server to the FTP server, and from the target server to the FTP server. The FTP connection must use the short name or host name.
Defines the FTP server listening port.
Defines the FTP root directory.
Defines the name of the FTP server user account.
Defines the password that is associated with the Account value.
The product creates the profile and displays it in the Access Profile table.
|
Copyright © 2014 CA.
All rights reserved.
|
|