|
|
|
The Infrastructure Deployment component lets you remotely install agent software to target computers. The installation can only be done using the functionalities of the underlying operating systems on source and target computers. The installation is subject to any restrictions resulting from an enterprise network configuration.
The initial step when deploying software is to install a small primer application remotely, the IDPrimer, onto the target computer. The IDPrimer software is responsible for subsequent transfer of software component installation images, and the invocation of their installation. When delivering the IDPrimer to the target computers, the deployment manager must supply user credentials that are valid on the target.
The IDPrimer is transferred to the target system using one of the following mechanisms. If the target operating system is known to the deployment manager, an appropriate transfer mechanism is selected. If the target operating system cannot be determined, each of the following mechanisms is attempted in turn.
The deployment manager tries to connect to a Windows network share on the target system. By default, the share name that is used is ADMIN$. IDManager configuration option controlls the default share name. This mechanism is available only from deployment managers running on a Windows-based environment. Windows variants such as Windows XP Home do not support this deployment mechanism.
This mechanism works on any computer running an SSH server, however, it is useful when targeting Linux or UNIX computers.
Note: When deploying to Solaris systems, we recommend that you use either SunSSH v1.1 (or higher) or the latest version of OpenSSH. Refer to the following website for additional details about patches applicable for Solaris platforms and versions: http://opensolaris.org/os/community/security/projects/SSH.
If you are running a firewall on the target computer, verify the following conditions are met:
Note: Most SSH servers support this configuration by default, but if they do not, consult your SSH server documentation for further instructions.
To deploy to a UNIX or Linux agent, configure the /etc/ssh/sshd_config configuration file of your recent SSH implementation as follows:
Remote Deployment supports deploying software to systems with the /tmp file system mounted with the noexec flag.
When deploying to some IBM AIX systems that are running both an IPv4 and IPv6 stack, using an IPv6 address, configure the target computer SSH server to use port 22 for IPv4. To configure SSH, edit the sshd_config configuration file and set the ListenAddress to "::".
Note: If you want the SSH communication between the deployment manager and the target computer to be FIPS-compliant, verify that the SSH server running on the target is also using FIPS-compliant cryptographic module, apart from setting FIPS-only mode on the deployment manager.
Important! Some modern operating systems do not encourage, and sometimes actively prohibit, the remote installation of software. If you try to deploy software to these systems, the deployment fails with a status of No Primer Transport. In such cases, install the software components in other ways, for example, using physical distribution media such as DVD.
Alternatively, you can preinstall or provision machines with the IDPrimer software. This process allows deployment without having to rely on facilities offered by the underlying operating systems. In cases where no authentication has been carried out, supply valid credentials before deployments being authorized.
To determine whether automatic deployment is possible in your environment, you can perform some simple checks by running the following standard operating system operations:
Default share: ADMIN$
| Copyright © 2013 CA. All rights reserved. |
|