The secondary Enterprise Management Server handles endpoint requests in an event of failure to the primary server.
- If necessary, copy the FIPS key from the primary Enterprise Management Server to a temporary directory. The file is located in the following directory:
JBOSS_HOME/server/default/deploy/IdentityMinder.ear/config/com/netegrity/config/keys
- JBOSS_HOME
-
Defines the name of the directory where JBoss is installed.
- Install the Enterprise Management Server on the secondary server from a Command Prompt window and specify the -DFIPS_KEY=<full_pathname_to_key> option.
Important! Specify the --DFIPS_KEY option when you run the secondary Enterprise Management Server installation program. Copy the FIPS key from the primary Enterprise Management Server to the secondary Enterprise Management Server before you begin the installation process.
All the web-based applications, the Distribution Server, the DMS, and CA ControlMinder are installed.
- Stop all CA ControlMinder services.
- Modify the services to start up manually and not automatically.
- Set the _pmd directory_ registry key configuration setting to the full pathname of the shared storage directory you copied the DMS and the DH to. For example: Z:\PMD.
The secondary server is configured to use the DMS and DH on the shared storage.
- Configure the Message Queue to use the shared storage. Do the following:
- Open the tibemsd.conf file for editing. This file is located by default in the following directory:
ACServerInstallDir/MessageQueue/tibco/cfgmgmt/ems/data
- ACServerInstallDir
-
Defines the name of the directory where the Enterprise Management Server is installed.
- Set the value of the "store" token to point to the directory on the shared storage where you copied the datastore files to, for example: Z:\PMD.
- Save and close the file.
- Open the queues.conf file for editing.
- Append a comma and add the word "store=$sys.failsafe" at the end of every queue definition line, then save and close the file.
- Verify that the CA ControlMinder services are not running.
- Configure the DMS to authorize the secondary Enterprise Management Server, as follows:
- On the primary Enterprise Management Server, start the JCS, JBoss Application Server, CA ControlMinder and Message Queue services.
- Open a selang Command Prompt window and enter the following command:
host DMS__@
A message appears informing you that you are connected to the local host.
- Enter the following command to display the list of authorized terminals:
sr TERMINAL *
CA ControlMinder displays the details of the authorized terminals.
- Enter the following commands to add the secondary Enterprise Management Server to the authorized terminals list:
newres TERMINAL <secondary_enterprise_management_server_full_DN> audit (f) owner(nobody)defacc(r)
authorize TERMINAL <ssecondary_enterprise_management_server_full_DN> uid(+reportagent) access(write)
authorize TERMINAL <ssecondary_enterprise_management_server_full_DN> uid(DOMAIN\Administrator) access(write,read)
authorize TERMINAL <secondary_enterprise_management_server_full_DN> uid(an_entm_pers) access(write,read)
- Create a batch file to start all CA ControlMinder services in case the primary Enterprise Management Server fails, as follows:
seosd -start
net start acrptmq
net start "CA Access Control Web Service"
net start im_jcs
net start JBAS50SVC
- Create a batch file to stop all CA ControlMinder service when the primary Enterprise Management Server resumes operation, as follows:
secons -s
net stop acrptmq
net stop "CA Access Control Web Service"
net stop im_jcs
net stop JBAS50SVC
- Configure the Microsoft cluster software to run the scripts on failure.
You have configured the secondary Enterprise Management Server.
