Ghost Solution Suite

 View Only
Back to discussions
Expand all | Collapse all

Moving Ghsot Console Clients (macs) from one ghost server to another

  • 1.  Moving Ghsot Console Clients (macs) from one ghost server to another

    Posted Mar 06, 2009 04:47 AM

    Hello please help if you can,

     

    I'm trying to move a list of over 300 pc's macs from and old ghost server to a new one with a different license etc

     

    does anyone know what file this mac list will be held in, or if i can move them and how to do it?

     

    many thanks

     

    G.



  • 2.  RE: Moving Ghsot Console Clients (macs) from one ghost server to another

    Posted Mar 06, 2009 07:27 AM

    Moving clients from server to server is not, unfortunately, something that the server UI currently makes easy. The most important thing to understand about the client-server relationship is that it is built around a concept that is a security one, the trust relationship.

    Because client machines allow their managing server to do anything at all to them -replace the operating system, wipe the hard disk, run any program - the relationship between client and server represents an absolute and complete level of trust.

    Technically, that trust relationship is embodied by the use of public-key cryptography. The PUBKEY.CRT file is generated by the server to match its secret private key (stored in the PRIVKEY.CRT file) and a copy of the PUBKEY.CRT is held by the clients and used for two things; it provides the basic information used to locate the server, and in addition it provides the key that the clients use to challenge the server to prove that it is legitimate.

    In GSS2.5 and earlier, the information held on the console about the clients isn't therefore the most important thing about the client-server relationship. If you delete a client in the console UI, it will simply reconnect to the same server since that's the one that it knows from the PUBKEY.CRT that is the one it trusts.

    If you have a second GSS console install, that should have its own unique PRIVKEY.CRT and PUBKEY.CRT files. To make a client that is currently under management by one console managed by another, you therefore need to transfer the appropriate PUBKEY.CRT to the client and then restart the console client service, to get it to re-bind itself to the server specified by the new PUBKEY.CRT file.

    One complication is that images you take of a machine using the GSS console tend to capture not just the installed client software, but the PUBKEY.CRT - the identity of a specific server instance - and so when you have multiple server instances, you have to watch out for this. In future releases of GSS, we hope to make it so that when an image is sent out to a client bound to a particular server instance, we can ensure that any newly-deployed operating system has the PUBKEY.CRT copied into it so that the client stays bound to the right server, but at the moment the one in the image will be used after reboot.