Previous Topic: Create Batch File to Check Status of CA ControlMinder ServicesNext Topic: Verify High Availability Setup


Configure the Secondary Enterprise Management Server

The secondary Enterprise Management Server handles endpoint requests in an event of failure to the primary server.

Follow these steps:

  1. Copy the FIPS key from the primary Enterprise Management Server to a temporary directory. The file is located in the following directory:
    JBOSS_HOME/server/default/deploy/IdentityMinder.ear/config/com/netegrity/config/keys
    
    JBOSS_HOME

    Defines the name of the directory where JBoss is installed.

  2. Install the Enterprise Management Server on the secondary server from a Command Prompt window and specify the full pathname to the FIPS key on the primary Enterprise Management Server.

    Note: Verify that the same database and communication password details are the same as used for the primary Enterprise Management Server.

    All the web-based applications, the Distribution Server, the DMS, and CA ControlMinder are installed.

  3. Stop all CA ControlMinder daemons.
  4. Modify the services to start up manually and not automatically.
  5. Set the _pmd directory_ token configuration setting to the full pathname of the shared storage directory you copied the DMS and the DH to. For example: /shared/AccessControlServer/.

    The secondary server is configured to use the DMS and DH on the shared storage.

  6. Configure the Message Queue to use the shared storage. Do the following:
    1. Open the tibemsd.conf file for editing. This file is located by default in the following directory:
      ACServerInstallDir/MessageQueue/tibco/cfgmgmt/ems/data
      
      ACServerInstallDir

      Defines the name of the directory where you installed the Enterprise Management Server.

      The following is an example to copy Message Queue datastore files:

      # cp -r /opt/CA/AccessControlServer/MessageQueue/tibco/cfgmgmt/ems/data /shared/MessageQueue/data/
      
      1. Set the location of the routes.conf, user.conf, groups.conf and queues.conf to the shared storage. For example: /shared/MessageQueue/data/users.conf.
      2. Set the value of the server token to the cluster logical name in upper case without the suffix. For example: server=ENTMCLUSTER.

      Note: The installation writes the computer name as the original value. The value should be changed to a short name of the cluster, without the domain name, in upper case. If the cluster DNS name is “entmcluster.ca.com” then specify ENTMCLUSTER.

      1. Remove the following files: routes.conf, groups.conf, queues.conf, users.conf from the following directory:
        ACServerInstallDir/MessageQueue/tibco/cfgmgmt/ems/data
        
      2. Set the value of the store token to point to the directory on the shared storage where you copied the datastore files to, for example: /shared/MessageQueue/datastore.
      3. Save and close the file.
    2. Modify the Tibco folders so that Tibco users have read and write access.
      1. Create Tibco group with gid 65534. The following is an example to create Tibco folder:
        # groupadd -g 65534 tibco
        
      2. Create Tibco user with uid 65534. The following is an example to create Tibco user:
        # useradd -g 65534 -u 65534 tibco
        
      3. Change Default Tibco directory permissions to allow rwx access only to the Tibco user. The following is an example to change the directory permissions to allow rwx access only to the Tibco user:
        #chown -R tibco /opt/CA/AccessControlServer/MessageQueue/
        
        #chmod -R u=rwx,go= /opt/CA/AccessControlServer/MessageQueue/
        
  7. Verify that the CA ControlMinder daemons are not running.
  8. Create a batch file to start all CA ControlMinder services in case the primary Enterprise Management Server fails.
  9. Create a batch file to stop all CA ControlMinder services when the primary Enterprise Management Server resumes operation.
  10. Create a batch file to check the status of CA ControlMinder services.
  11. Configure the cluster software to run the scripts on failure.

    You have configured the secondary Enterprise Management Server.