dsm r11 architecture - network challenges
TRANSCRIPT
-
7/31/2019 DSM r11 Architecture - Network Challenges
1/30
IT Client Manager
(formerly DSM - Unicenter Desktop & Server Management)Network Challenges
- Latest Revision 11/28/2005
-
7/31/2019 DSM r11 Architecture - Network Challenges
2/30
Network Challenges
2005 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies.
-
7/31/2019 DSM r11 Architecture - Network Challenges
3/30
2005 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies. 3
Network Challenges
Overcoming network topology
issues has been simplified withDSM r11.
Scalability Server
1 U
Scalability Server
1 U
Scalability Server
1 U
Domain Manager
System Engine
2 U
Engine
MDB
2 U
Remote Site Local LAN DMZ
-
7/31/2019 DSM r11 Architecture - Network Challenges
4/30
2005 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies. 4
Communication Types
Basically, there areonly two types of
communication
Domain Manager
MDB
Engine
Scalability Server
DSM Explorer
Reporter
DB
DB
DB
IC
IC
IC
IC
DB
IC
-
7/31/2019 DSM r11 Architecture - Network Challenges
5/30
2005 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies. 5
Component to DB
Component to
database via the
default or
configured database
port
DatabaseCommunication
Ingres (Ingres/Net
19016 & 19017, JDBC
19023)
Microsoft SQL Server
(Default 1433)
Domain Manager
MDB
Engine
Scalability Server
DSM Explorer
Reporter
DB
DB
DB
DB
-
7/31/2019 DSM r11 Architecture - Network Challenges
6/30
2005 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies. 6
Component to Component
and component to
component via
default or
configured CAM and
multiplexer ports.Inter-ComponentCommunications
CAM (UDP 4104, TCP 4105)
DSM Multiplexer(4728)
Domain Manager
MDB
Engine
Scalability Server
DSM Explorer
Reporter
IC
IC
IC
IC
IC
-
7/31/2019 DSM r11 Architecture - Network Challenges
7/30
2005 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies. 7
Domain Management ComponentOverview
Domain Manager
MDB
Engine
Scalability Server
DSM Explorer
Reporter
DB
DB
DB
IC
IC
IC
IC
DB
IC
Inter-ComponentCommunications
CAM (UDP 4104, TCP 4105)
DSM Multiplexer(4728)
DatabaseCommunication
Ingres (Ingres/Net
19016 & 19017, JDBC19023)
Microsoft SQL Server
(Default 1433)
Ports shown are for default installation of database and components. Alwaysrefer to Ports Used by Unicenter DSM in the DSM Implementation Guidefor more detailed, most accurate information.
http://localhost/var/www/apps/conversion/current/tmp/scratch8049/DSM%20documentation/index.htmhttp://localhost/var/www/apps/conversion/current/tmp/scratch8049/DSM%20documentation/index.htm -
7/31/2019 DSM r11 Architecture - Network Challenges
8/30
2005 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies. 8
Required Ports
Opening required ports
(a.k.a. connectivity ) is
only half the battle,
however.
Scalability Server
1 U
Scalability Server
1 U
Scalability Server
1 U
Domain Manager
System Engine
2 U
Engine
MDB
2 U
Remote Site Local LAN DMZ
-
7/31/2019 DSM r11 Architecture - Network Challenges
9/30
2005 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies. 9
Firewall and NATFirewalls not only block port
communication but also concealthe identity of the resources theyprotect using Network AddressTranslation (NAT).
Scalability Server
1 U
Scalability Server
1 U
Scalability Server
1 U
Domain Manager
System Engine
2 U
Engine
MDB
2 U
Remote SiteLocal LAN
DMZ
-
7/31/2019 DSM r11 Architecture - Network Challenges
10/30
2005 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies. 10
Keep Target System Visible
Not only must access rules allowconnectivity to the target systembut the target system must bevisible from the system initiatingthe communication.
Scalability Server
1 U
Scalability Server
1 U
Scalability Server
1 U
Domain Manager
System Engine
2 U
Engine
MDB
2 U
Remote SiteLocal LAN
DMZ
-
7/31/2019 DSM r11 Architecture - Network Challenges
11/30
2005 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies. 11
Visibility Example
Visible does not necessarily mean
the IP address for the target can be
resolved and reached by the source
system directly.
Scalability Server
1 U
Scalability Server
1 U
Domain Manager
System Engine
2 U
Engine
-
7/31/2019 DSM r11 Architecture - Network Challenges
12/30
2005 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies. 12
Visibility ExampleDomain Manager may
not be able to resolve orreach the IP address of
the Scalability Server
directly. But, if Domain
Manager knows to
transmit data to the
edge device public IP
(the firewall) at the
remote site (likely
through a DNS entry)
Scalability Server
1 U
Scalability Server
1 U
Domain Manager
System Engine
2 U
Engine
-
7/31/2019 DSM r11 Architecture - Network Challenges
13/30
2005 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies. 13
Visibility Example and the edge device is
configured to route certain traffic(e.g., CAM) to the private address of
the Scalability Server
Scalability Server
1 U
Scalability Server
1 U
Domain Manager
System Engine
2 U
Engine
-
7/31/2019 DSM r11 Architecture - Network Challenges
14/30
2005 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies. 14
Visibility Example and CAM on the Scalability
understands the traffic is destinedfor it, required communications can
flow.
Scalability Server
1 U
Scalability Server
1 U
Domain Manager
System Engine
2 U
Engine
-
7/31/2019 DSM r11 Architecture - Network Challenges
15/30
2005 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies. 15
Common Visibility IssuesAttempt to resolve visibility issues before
becoming concerned with establishingconnectivity (opening ports).
-Common Issues:
- Target identifiers not unique
- Target identifiers cannot be resolved
- Target identifiers change without notice
Scalability Server
1 U
Scalability Server
1 U
Scalability Server
1 U
Domain Manager
System Engine
2 U
Engine
MDB
2 U
-
7/31/2019 DSM r11 Architecture - Network Challenges
16/30
2005 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies. 16
VPN Visibility IssuesVPN is common proposed as a solution for
overcoming connectivity and visibilityissues. VPN can be used to addressconnectivity issues by virtually eliminatingthe firewall from the equation. However,dependent on the type of VPN deployedand configuration, it may introduce avisibility issue.
Scalability Server
1 U
Scalability Server
1 U
Scalability Server
1 U
Domain Manager
System Engine
2 U
Engine
MDB
2 U
-
7/31/2019 DSM r11 Architecture - Network Challenges
17/30
2005 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies. 17
CAM Configuration andTroubleshootingDSM communication in r11 is highly
dependent upon CAM. It highly likely incomplex network environments that the
out of the box configuration will need
to be modified.
Scalability Server
1 U
Scalability Server
1 U
Domain Manager
System Engine
2 U
Engine
-
7/31/2019 DSM r11 Architecture - Network Challenges
18/30
2005 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies. 18
CAM Configuration andTroubleshootingLocal copy of the latest
version of the CAM AdminGuide has been provided
and is also available online
at
http://devnews/CAM/main.
htm?current=documentatio
n.
Scalability Server
1 U
Scalability Server
1 U
Domain Manager
System Engine
2 U
Engine
http://localhost/var/www/apps/conversion/current/tmp/scratch8049/CAM%20Documentation/cam%20admin%20guide.dochttp://localhost/var/www/apps/conversion/current/tmp/scratch8049/CAM%20Documentation/cam%20admin%20guide.dochttp://devnews/CAM/main.htm?current=documentationhttp://devnews/CAM/main.htm?current=documentationhttp://devnews/CAM/main.htm?current=documentationhttp://devnews/CAM/main.htm?current=documentationhttp://devnews/CAM/main.htm?current=documentationhttp://devnews/CAM/main.htm?current=documentationhttp://devnews/CAM/main.htm?current=documentationhttp://localhost/var/www/apps/conversion/current/tmp/scratch8049/CAM%20Documentation/cam%20admin%20guide.dochttp://localhost/var/www/apps/conversion/current/tmp/scratch8049/CAM%20Documentation/cam%20admin%20guide.doc -
7/31/2019 DSM r11 Architecture - Network Challenges
19/30
2005 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies. 19
Limited Number of Challenges
Given the interaction of DSM
components and basicarchitectural designprinciples the number ofchallenges is fairly limited.
Scalability Server
1 U
Scalability Server
1 U
Scalability Server
1 U
Domain Manager
System Engine
2 U
Engine
MDB
2 U
-
7/31/2019 DSM r11 Architecture - Network Challenges
20/30
2005 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies. 20
Domain Level Challenges
Since Engines should be
electronically close to the MDB, the
principle challenge at the Domain
level will be Domain Manager
communication to/from the
Scalability Server.
Scalability Server
1 U
Scalability Server
1 U
Scalability Server
1 U
Domain Manager
System Engine
2 U
Engine
MDB
2 U
-
7/31/2019 DSM r11 Architecture - Network Challenges
21/30
2005 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies. 21
Resolution: Scalability Server
Since Domain Manager
communication to/from theScalability Server requires
only CAM and multiplexer
connectivity, it is a matter
of...
- Ensuring the Scalability
Server host is visible
from the Domain Manager
and vice versa.
- Connectivity is possibleby ensuring
communications via the
default/configured CAM
and multiplexer ports and
protocol is not blocked.
Domain Manager
Scalability Server
CAM &
Multiplexer
-
7/31/2019 DSM r11 Architecture - Network Challenges
22/30
2005 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies. 22
Resolution: DSM Explorer
At the Domain level, the DSM
Explorer must communicate
with the Domain Manager via
CAM and the multiplexer port.
Since it is conceivable that not
all instances will be installedon the same LAN...
- Ensure the Domain
Manager host is visible.
- Ensure Connectivity ispossible via the default or
configured and multiplexer
CAM ports and that
protocol is not blocked.
Domain Manager
DSM Explorer
CAM &
Multiplexer
-
7/31/2019 DSM r11 Architecture - Network Challenges
23/30
2005 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies. 23
Resolution: Reporter
At the Domain level the Reporter
must communicate with theDomain Manager via CAM and
with the MDB via the database
port. It is possible that not all
instances will be installed on the
same LAN...- Ensure the Domain Manager
host is visible.
- Ensure the MDB host is
visible.
- Ensure Connectivity ispossible via the
default/configured CAM
port(s) and protocol is not
blocked.
- Ensure connectivity is
possible via the
Domain Manager
MDB
Reporter
DB
CAM
-
7/31/2019 DSM r11 Architecture - Network Challenges
24/30
2005 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies. 24
Enterprise Architecture Challenge
In an Enterprise architecture, the Enterprise
Manager must be able to communicate withDomain Managers to link Domains and assign
the replication task to a Domain Engine.
- Ensure the Domain Manager host is
visible.
- Ensure Connectivity is possible via the
default/configured CAM and multiplexer
ports and protocol is not blocked to the
Enterprise Manager.
Domain ManagerEnterprise ManagerCAM &
Multiplexer
-
7/31/2019 DSM r11 Architecture - Network Challenges
25/30
2005 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies. 25
Domain Engine
In an Enterprise architecture, the Domain Engine assigned the
replication task must be able to initiate communications with the
Enterprise Manager via CAM to obtain connection information for the
Enterprise MDB.
- Ensure the Enterprise Manager host is visible.
- Ensure the default/configured CAM port(s) are not blocked to the
Enterprise host.
Enterprise Manager
Engine
CAM
-
7/31/2019 DSM r11 Architecture - Network Challenges
26/30
2005 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies. 26
.
Domain Engine to Enterprise MDB
Also in an Enterprise architecture, the Domain Engine
assigned the replication task must be able to access with the
Enterprise MDB.
- Ensure the Enterprise MDB host is visible.
- Ensure connectivity via the default/configured database
port can be established to the Enterprise MDB
MDB
Engine
DB
DSM E l t E t i
-
7/31/2019 DSM r11 Architecture - Network Challenges
27/30
2005 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies. 27
DSM Explorer to EnterpriseManagerAt the Enterprise level, the DSM
Explorer must communicate with
the Enterprise Manager and each
linked Domain Manager via CAM.
Since it is conceivable that not
all instances will be installed on
the same LAN...
- Ensure the Enterprise
Manager host and linked
Domain Manager hosts are
visible.
- Ensure Connectivity is
possible via the
default/configured CAM
port(s) and protocol is not
blocked.
Domain Manager
DSM Explorer
CAM &Multiplexer
-
7/31/2019 DSM r11 Architecture - Network Challenges
28/30
2005 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies. 28
Reporter to Domain Manager
Reporter at the Enterprise level must communicate with the
linked Domain Managers via CAM.
- Ensure the linked Domain Manager hosts are visible.
- Ensure connectivity is possible via the default/configured
CAM port(s) and protocol is not blocked to the linked
Domain Managers.
CAM
Reporter
Domain Manager
-
7/31/2019 DSM r11 Architecture - Network Challenges
29/30
2005 Computer Associates International, Inc. (CA). All trademarks, trade names, services marks and logos referenced herein belong to their respective companies. 29
Reporter to Domain MDB
Reporter at the Enterprise level must be able to access linked
Domain MDBs via the database port.
- Ensure the Domain MDB host is visible.
- Ensure connectivity is possible via the default/configured
database port to the Enterprise MDB.
Reporter
MDB
-
7/31/2019 DSM r11 Architecture - Network Challenges
30/30
Questions?
2005C t A i t I t ti l I (CA) All t d k t d i k d l f dh i b l t th i ti i