Connecting a CommandCentral Storage Managed Host to a second Management Server

Article:TECH164893  |  Created: 2011-07-18  |  Updated: 2012-01-31  |  Article URL http://www.symantec.com/docs/TECH164893
Article Type
Technical Solution


Environment

Issue



How to connect a Managed Host to a second Management Server  (also known as cross-domaining)


Environment



CommandCentral Storage Management Server and Managed host running in the Windows Operating Environment


Solution



The instructions provided are for the Windows operating system:


How To Attach A Managed Host To A Second Domain


RDP into the Managed Host as Administrator.

 

1. Click Start > Run, type "cmd", and hit the enter key.

 

2. In the DOS console type "set", hit enter, and check the path.

  If the path for CCS is not set, add the following:
# set PATH=%PATH%;C:\Program Files\VERITAS\CommandCentral Storage\HAL\bin;C:\Program Files\VERITAS\Security\Authentication\bin

 

3. Change directory to HAL\bin and login.
# cd "C:\Program Files\VERITAS\CommandCentral Storage\HAL\bin"
# halsecurity login

Note: the default password is "password"

 

4. Identify the original management server (MS) and broker host by going to the managed host and running
# halsecurity show-info

Note: The broker host name returned is the primary MS
Leave this console running until later

 

 


RDP into the secondary MS as Administrator

 

1. Click Start > Run, type "cmd", and hit the enter key.

 

2. In the DOS console type "set", hit enter, and check the path.

 If the path for CCS is not set, add the following:
# set PATH=%PATH%;C:\Program Files\VERITAS\CommandCentral Storage\HAL\bin;C:\Program Files\VERITAS\Security\Authentication\bin

 

3. Change directory to HAL\bin and login.
# cd "C:\Program Files\VERITAS\CommandCentral Storage\HAL\bin"
# halsecurity login

Note: the default password is "password"

 

4. Setup a trust between the Secondary MS and the Primary MS HALdomain's authentication broker to facilitate SSL communications:
# vssat setuptrust --broker <primaryMS>.<domain>.<extension> --securitylevel high

 

Note: Twp hyphens are required.

The output will resemble:

User Name:      root

Domain Name:    root@primaryMS.domain.extension

...

Answer "Y" to "Do you want to trust the above"

 
 

5. Check how the domain name prints out in the trust, use the exact string after root@ in the grant-join domain command.

If it prints out the short name, type this:
# halsecurity grant-join-domain <primaryMS>

If it prints out the fully qualified name, type this:
# halsecurity grant-join-domain <primaryMS>.<domain>.<extension>

 


RDP into the primary MS as Administrator

 

1. Click Start > Run, type "cmd", and hit the enter key.

 

2. In the DOS console type "set", hit enter, and check the path.

 If the path for CCS is not set, add the following:
# set PATH=%PATH%;C:\Program Files\VERITAS\CommandCentral Storage\HAL\bin;C:\Program Files\VERITAS\Security\Authentication\bin

 

3. Change directory to HAL\bin and login.
# cd "C:\Program Files\VERITAS\CommandCentral Storage\HAL\bin"
# halsecurity login

 

4. Setup a trust between the primary MS and the secondary MS HALdomain's authentication broker to facilitate SSL communications:
# vssat setuptrust --broker <secondaryMS>.<mydomain>.<extension> --securitylevel high

 

Note: Twp hyphens are required.

The output will resemble:

User Name:      root

Domain Name:    root@secondaryMS.domain.extension

...

Answer "Y" to "Do you want to trust the above"

 
 

5. Check how the domain name prints out in the trust, use the exact string after root@ in the grant-join domain command.

If it prints out the short name, type this:
# halsecurity grant-join-domain <secondaryMS>

 

If it prints out the fully qualified name, type this:
# halsecurity grant-join-domain <secondaryMS>.<domain>.<extension>

 

Configure the cross domain from the primary MS to the secondary MS.


Configure the primary MS to send information to the secondary MS regarding specific hosts.

 

1. RDP into primary MS.
 
 

2. Create a text file with the list of managed hosts (for this example it will be called "mhlist.txt:), one per line in the following format:
MHname.domain.extension

# C:\Program Files\VERITAS\CommandCentral Storage\HAL\bin>perl MH_crossdomain.pl --new-MS-host <secondaryMS>.<domain>.<extension>   --conf-file mhlist.txt

 

(Primary method) Configure the MH to send information to the secondary MS.

 

1. RDP into Managed Host.

 

2. Using the existing running console, setup a trust between the MH and the secondary MS authentication broker to enable SSL communications:
# cd C:\Program Files\VERITAS\CommandCentral Storage\HAL
# halenv.bat
# cd bin
# vssat setuptrust --broker <secondaryMS>.<domain>.<extension> --securitylevel high

Answer "Y" to "Do you want to trust the above"

# haldomain attach --domainroot <secondaryMS>.<domain>.<extension>

If successfully run you are done.


(Alternative method) Configure the secondary MS to authorize information transfer with the MH.

1. RDP into secondary MS.

Issue the following commands to attach the secondary MS to the MH HALdomain:
# cd "C:\Program Files\VERITAS\CommandCentral Storage\HAL\bin"
# halsecurity login
# haldomain attach --domainroot <secondaryMS>.<domain>.<extension> --host <MH>.<domain>.<extension>

 

You are done




Article URL http://www.symantec.com/docs/TECH164893


Terms of use for this information are found in Legal Notices