Previous Topic: How to Configure CA ControlMinder Enterprise Management for High AvailabilityNext Topic: Configure the Secondary Enterprise Management Server


Configure the Primary Enterprise Management Server

The primary Enterprise Management Server is the central management server and contains components and tools that let you deploy policies to endpoints, manage privileged accounts, and define resources, accessors, and access levels.

Follow these steps:

  1. If you did not do so, install CA ControlMinder Enterprise Management on the primary server.

    All the web-based applications, the Distribution Server, the DMS, and CA ControlMinder are installed.

  2. Stop all CA ControlMinder services.
  3. Modify the services to start up manually and not automatically.
  4. Copy the DMS and the DH to the shared storage as follows:
    1. Locate the DMS directory and copy it to the shared storage. This directory is located in the following location:
      ACServerInstallDir/APMS/AccessControl/data/DMS__
      
      ACServerInstallDir

      Defines the name of the directory where the Enterprise Management Server is installed.

    2. Locate the DH directory and copy it to the shared storage. This directory is located in the following location:
      ACServerInstallDir/APMS/AccessControl/Data/DH__
      
    3. Locate the DH__WRITER directory and copy it to the shared storage. By default this directory is located in the following location:
      ACServerInstallDir/APMS/AccessControl/Data/DH__WRITER
      
    4. Set the _pmd directory_ registry key configuration setting to the full pathname of the shared storage directory you copied the DMS and the DH to. For example: Z:\PMD.

    The primary server is configured to use the DMS and DH on the shared storage.

  5. Configure the Message Queue to use the shared storage as follows:
    1. Move the following files to the shared storage: routes.conf, groups.conf, queues.conf, users.conf

      These files are located in the following directory:

      ACServerInstallDir/MessageQueue/tibco/cfgmgmt/ems/data
      
    2. Move the Message Queue datastore files to the shared storage. These files are located under the following directory:
      ACServerInstallDir/MessageQueue/tibco/cfgmgmt/ems/data/datastore
      
    3. Open the tibemsd.conf file for editing. This file is located by default in the following directory:
      ACServerInstallDir/MessageQueue/tibco/cfgmgmt/ems/data
      
      1. Set the location of the routes.conf, user.conf, groups.conf and queues.conf to the shared storage. For example: Z:/Tibco/users.conf
      2. Set the value of the "store" token to point to the directory on the shared storage where you copied the datastore files to. For example:Z:\PMD\DATASTORE
      3. Set the value of the "server" token to the cluster logical name in upper case without the suffix. For example: server=ENTMCLUSTER.
      4. Save and close the file.
    4. Open the queues.conf file for editing.
      1. Append a comma and add the word "store=$sys.failsafe" at the end of every queue definition line.
      2. Save and close the file.
  6. Create a batch file to start all CA ControlMinder services when the primary Enterprise Management Server resumes operation, as follows:
    seosd -start
    net start acrptmq
    net start "CA Access Control Web Service"
    net start im_jcs
    net start JBAS50SVC
    
  7. Create a batch file to stop all CA ControlMinder service when the primary Enterprise Management Server fails, as follows:
    secons -s
    
    net stop acrptmq
    net stop "CA Access Control Web Service"
    net stop im_jcs
    net stop JBAS50SVC
    
  8. Configure the cluster software to run the scripts on failure.
  9. Start all CA ControlMinder services

Example: Edit the queues.conf File

The following snippet from the queues.conf file is an example of how you amend the file to configure the Message Queue to use the shared storage.

queue/snapshots secure,store=$sys.failsafe
queue/audit secure,store=$sys.failsafe
ac_endpoint_to_server secure,store=$sys.failsafe
ac_server_to_endpoint secure,store=$sys.failsafe

More information:

Install CA ControlMinder Enterprise Management on Windows