Previous Topic: Configure the Primary Enterprise Management ServerNext Topic: Configure a Load Balancing Enterprise Management Server for High Availability

Implementation GuideInstalling a High Availability DeploymentHow to Configure CA ControlMinder Enterprise Management for High AvailabilityConfigure the Secondary Enterprise Management Server

Configure the Secondary Enterprise Management Server

The secondary Enterprise Management Server handles endpoint requests in an event of failure to the primary server.

Follow these steps:

  1. If necessary, copy the FIPS key from the primary Enterprise Management Server to a temporary directory. The file is located in the following directory: 
    JBOSS_HOME/server/default/deploy/IdentityMinder.ear/config/com/netegrity/config/keys
    JBOSS_HOME

    Defines the name of the directory where JBoss is installed.

  2. Install the Enterprise Management Server on the secondary server from a Command Prompt window and specify the full pathname to the FIPS key on the primary Enterprise Management Server.

    All the web-based applications, the Distribution Server, the DMS, and CA ControlMinder are installed.

  3. Stop all CA ControlMinder services.
  4. Modify the services to start up manually and not automatically.
  5. Set the _pmd directory_ registry key configuration setting to the full pathname of the shared storage directory you copied the DMS and the DH to. For example: Z:\PMD.

    The secondary server is configured to use the DMS and DH on the shared storage.

  6. Configure the Message Queue to use the shared storage. Do the following:
    1. Open the tibemsd.conf file for editing. This file is located by default in the following directory: 
      ACServerInstallDir/MessageQueue/tibco/cfgmgmt/ems/data
      ACServerInstallDir

      Defines the name of the directory where the Enterprise Management Server is installed.

      1. Set the location of the routes.conf, user.conf, groups.conf and queues.conf to the shared storage. For example: Z:/Tibco/users.conf
      2. Set the value of the "server" token to the cluster logical name in upper case without the suffix. For example: server=ENTMCLUSTER.
      3. Remove the following files: routes.conf, groups.conf, queues.conf, users.conf from the following directory: 
        ACServerInstallDir/MessageQueue/tibco/cfgmgmt/ems/data
      4. Set the value of the "store" token to point to the directory on the shared storage where you copied the datastore files to, for example: Z:\PMD.
      5. Save and close the file.
    2. Open the queues.conf file for editing.
    3. Append a comma and add the word "store=$sys.failsafe" at the end of every queue definition line, then save and close the file.
  7. Verify that the CA ControlMinder services are not running.
  8. Configure the DMS to authorize the secondary Enterprise Management Server, as follows:
    1. On the primary Enterprise Management Server, start the JCS, JBoss Application Server, CA ControlMinder and Message Queue services.
    2. Open a selang Command Prompt window and enter the following command: 
      host DMS__@

      A message appears informing you that you are connected to the local host.

    3. Enter the following command to display the list of authorized terminals: 
      sr TERMINAL *

      CA ControlMinder displays the details of the authorized terminals.

    4. Enter the following commands to add the secondary Enterprise Management Server to the authorized terminals list: 
      newres TERMINAL <secondary_enterprise_management_server_full_DN> audit (f) owner(nobody)defacc(r)
authorize TERMINAL <secondary_enterprise_management_server_full_DN> uid(+reportagent) access(write)
authorize TERMINAL <secondary_enterprise_management_server_full_DN> uid(DOMAIN\Administrator) access(write,read)
authorize TERMINAL <secondary_enterprise_management_server_full_DN> uid(ac_entm_pers) access(write,read)
  9. Create a batch file to start all CA ControlMinder services in case the primary Enterprise Management Server fails, as follows: 
    seosd -start
net start acrptmq
net start "CA Access Control Web Service"
net start im_jcs
net start JBAS50SVC
  10. Create a batch file to stop all CA ControlMinder service when the primary Enterprise Management Server resumes operation, as follows: 
    secons -s
net stop acrptmq
net stop "CA Access Control Web Service"
net stop im_jcs
net stop JBAS50SVC
  11. Configure the Microsoft cluster software to run the scripts on failure.

    You have configured the secondary Enterprise Management Server.

More information:

Install CA ControlMinder Enterprise Management on Windows