We’ve installed the X64 NOM that shipped with 6.5.4, and one
thing we discovered is that it is a bit different in surprising ways to the
32-bit NOM.
We installed first of all the broker infrastructure on separate
servers:
X86 Windows Server 2003 Root Broker (intended to be the only one
in the organisation)
X86 Windows Server 2003 Authentication Broker (authenticates
against AD)
RHEL4 x64 Authentication Broker (authenticates against NIS)
Then on an X64 Windows Server 2003 server we installed:
X64 NetBackup Client
X64 Authentication Client-Only
X64 NOM
I will not claim it went perfectly; worked first time in the lab
(where we had earlier installed an x86 NOM 6.5.4), but we had some problems in
production and had to reinstall the Windows Authentication broker before NOM
successfully registered its built-in vx domains.
But now it is fine and we achieved the separation of Authentication
from the ‘consumer’ in this case NOM but in future maybe VCS, SF
Manager etc. We can add users with either NIS or AD accounts. We
want to strictly limit access to the broker servers. I admit we have not
looked at NBAC.
You will find that the documents are very contradictory as a lot
has changed over several versions, especially if you read ICS documents.
I suggest you start with the 6.5.4 documents where they exist, believe them over
older documents. There is a yellow book also that has some interesting
scenarios, but many still suggest that you must have an RB+AB or AB on the NOM
server, which is no longer needed at least with the X64 NOM.
All of the above is on VMware.
Our only remaining concern is how to migrate to OpsCenter.
An NOM is very useful, it is flagging up many problems that were
not noticed as there is not time to look at 25+ Admin GUIs.