SSH Tectia
Home Prev Up Next  

Setting up the Secondary Management Server

The secondary Management Server (MS2) is installed in the following steps:

  1. Install the Management Server software on the secondary server host (by installing the ssh-mgmt-server package).

  2. Set up replication of configuration and data files.

    The following configuration and data files are replicated from MS1:

    • /etc/opt/ssh-mgmt/server

    • /var/opt/ssh-mgmt/server/cds

    • /var/opt/ssh-mgmt/server/dists

    The contents of /etc/opt/ssh-mgmt/server do not change during normal operation of the Management Server. They may change when the Management Server software is upgraded, at which point the contents need to be replicated to MS2 again.

    The contents of /var/opt/ssh-mgmt/server/cds and /var/opt/ssh-mgmt/server/dists are updated whenever managed software is imported (with the ssh-mgmt-package-import tool). It is recommended that all software imports are done on MS1, and the contents of these directories are automatically replicated to MS2. If SSH Tectia Manager is not used for software deployment, these directories do not need to be replicated.

    File replication needs to be implemented with tools not provided by SSH Tectia Manager, as it does not have a built-in replication mechanism. Using rdist is recommended (for example, over a Secure Shell tunnel).

  3. Set-up failover:

    Primary Management Server

    It is recommended that a network monitoring system is set up to monitor the availability of the primary Management Server (for example, by setting up an agent or watchdog process to poll the administration web interface on MS1).

    Management Database
    [Note]Note

    Running more than one Management Servers simultaneously against the same database will cause severe problems and even corruption of the database.

    Currently, the Management Server does not have any failsafe mechanism to detect and avoid this situation. Therefore, it must be made sure that both servers are not actively connected to the database at the same time.

    Management Agents

    The Management Agents connect to the Management Server using the configured host name of the server. If the connection is lost, the Management Agents will automatically try to reconnect at randomized increasing intervals. For every reconnection attempt, they resolve the host name again from the DNS.

    When failover to MS2 needs to be done, a simple DNS update for the Management Server host name to point to MS2 instead of MS1 is enough to let the agents reconnect to MS2.

Home Prev Up Next  

Copyright 2008 SSH Communications Security Corp.
This software is protected by international copyright laws. All rights reserved.
Contact Information