Previous Topic: Set Up the Production CA ControlMinder Enterprise ManagementNext Topic: Configure the DMS Subscription


Set up the Disaster Recovery CA ControlMinder Enterprise Management

The disaster recovery Enterprise Management Server deploys and manages your enterprise policies in the event of a catastrophic system failure. Because the disaster recovery Enterprise Management Server is a subscriber of the production Enterprise Management Server, its database contains the same information about policy versions, policy scripts, and endpoint deployment status as the production Enterprise Management Server.

Note: Configure the production Enterprise Management Server before you set up the disaster recovery Enterprise Management Server.

To set up the disaster recovery Enterprise Management Server

  1. Copy the FIPSKey.dat file from the production Enterprise Management Server to the disaster recovery server. The file is located in the following directory, where JBoss_HOME indicates the directory where you installed JBoss:
    JBoss_HOME/server/default/deploy/IdentityMinder.ear/config/com/netegrity/config/keys
    
  2. Implement the Enterprise Management Server on the disaster recovery server.

    All the web-based applications, the Distribution Server, the DMS, and CA Access Control are installed.

    Important! Specify the FIPSKey.dat file you copied from the production Enterprise Management Server when you launch the installation process. For example:

    E:\EnterpriseMgmt\Disk1\InstData\NoVM\install_EntM_r125.exe -DFIPS_KEY=C:\tmp\FIPSkey.dat 
    
  3. (Optional) Implement the disaster recovery Distribution Server.

    The Message Queue and Java Connector Server are installed.

  4. (Optional) If you want to remove the local DH and use the DH on the Distribution Server, to maintain a separation between the management and distribution server, run the following command on the disaster recovery Enterprise Management Server:
    dmsmgr -remove -dh name
    
    -dh name

    Removes a DH with the name specified on the local host.

    Example: dmsmgr -remove -dh DH

    The disaster recovery DMS is created with no subscribers.

  5. Configure the Message Queue to work in failsafe mode. Do the following:
    1. Navigate to the following directory, where ACServerInstallDir is the directory where you installed the Enterprise Management Server:
      ACServerInstallDir/MessageQueue/tibco/cfgmgmt/ems/data
      
    2. Open the queues.conf file for editing.
    3. Add the word "failsafe" at the end of every queue definition line, then save and close the file.
  6. Configure CA ControlMinder Enterprise Management with local DMS.

You have installed and configured the disaster recovery Enterprise Management Server.

Example: Edit the queues.conf File

The following snippet from the queues.conf file is an example of how you amend the file to configure the Message Queue to use the shared storage.

queue/snapshots secure,store=$sys.failsafe
queue/audit secure,store=$sys.failsafe
ac_endpoint_to_server secure,store=$sys.failsafe
ac_server_to_endpoint secure,store=$sys.failsafe