Veritas-bu

Re: [Veritas-bu] NOM Implementation

2009-12-07 07:15:22
Subject: Re: [Veritas-bu] NOM Implementation
From: "William Brown" <william.d.brown AT gsk DOT com>
To: "VERITAS-BU AT mailman.eng.auburn DOT edu" <VERITAS-BU AT mailman.eng.auburn DOT edu>
Date: Mon, 7 Dec 2009 13:14:31 +0100

We’ve installed the X64 NOM that shipped with 6.5.4, and one thing we discovered is that it is a bit different in surprising ways to the 32-bit NOM.

 

We installed first of all the broker infrastructure on separate servers:

 

X86 Windows Server 2003 Root Broker (intended to be the only one in the organisation)

X86 Windows Server 2003 Authentication Broker (authenticates against AD)

RHEL4 x64 Authentication Broker (authenticates against NIS)

 

Then on an X64 Windows Server 2003 server we installed:

 

X64 NetBackup Client

X64 Authentication Client-Only

X64 NOM

 

I will not claim it went perfectly; worked first time in the lab (where we had earlier installed an x86 NOM 6.5.4), but we had some problems in production and had to reinstall the Windows Authentication broker before NOM successfully registered its built-in vx domains.

 

But now it is fine and we achieved the separation of Authentication from the ‘consumer’ in this case NOM but in future maybe VCS, SF Manager etc.  We can add users with either NIS or AD accounts.  We want to strictly limit access to the broker servers.  I admit we have not looked at NBAC.

 

You will find that the documents are very contradictory as a lot has changed over several versions, especially if you read ICS documents.  I suggest you start with the 6.5.4 documents where they exist, believe them over older documents.  There is a yellow book also that has some interesting scenarios, but many still suggest that you must have an RB+AB or AB on the NOM server, which is no longer needed at least with the X64 NOM.

 

All of the above is on VMware.

 

Our only remaining concern is how to migrate to OpsCenter.

 

An NOM is very useful, it is flagging up many problems that were not noticed as there is not time to look at 25+ Admin GUIs.

 

William D L Brown

-----------------------------------------------------------
This e-mail was sent by GlaxoSmithKline Services Unlimited 
(registered in England and Wales No. 1047315), which is a 
member of the GlaxoSmithKline group of companies. The 
registered address of GlaxoSmithKline Services Unlimited 
is 980 Great West Road, Brentford, Middlesex TW8 9GS.
-----------------------------------------------------------

_______________________________________________
Veritas-bu maillist  -  Veritas-bu AT mailman.eng.auburn DOT edu
http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu
<Prev in Thread] Current Thread [Next in Thread>