Filter
Top Products
438 Chapter 10
Tuning, Troubleshooting, Security, and Maintenance
ITO Security
In addition, all participating nodes must be member of DCE cells, which
are configured to trust each other.
ITO does not require specific DCE configuration. An installed DCE
runtime (client part) including shared libraries and the RPC daemon
(rpcd/dced) are sufficient. However, these components are necessary on
all ITO managed nodes running a DCE, ITO agent. The client
components include the necessary client parts for authenticated RPC,
too. Consequently, it is not necessary to install additional DCE
components on all managed nodes.
For more detailed information on DCE, see the product-specific
documentation and “Configuring DCE Nodes to use Authenticated
RPCs” on page 439.
DCE Servers
It is necessary to have at least one Cell Directory Service and a security
server running in a DCE cell. These systems should be reliable,
sufficiently powerful (CPU, RAM), and connected via a fast network link
to all participating ITO nodes. Although a DCE server system can also be
an ITO management server or a managed node, it is recommended that
the DCE servers be separate from the ITO management server in order
to distribute demand on resources. It is also highly recommended that
you consider the option of configuring the DCE server system as an ITO
managed node. In this way, ITO can monitor the health and status of the
DCE server system.
NOTE In addition to the DCE runtime package, a dedicated, DCE, server
system requires the DCE server components, which have to be purchased
separately.
DCE Nodes
Each managed node running the DCE ITO agent and each management
server must be member of a DCE cell. The initial cell member must be a
DCE server system—this step configures the DCE-cell administrator
cell_admin, who plays an important role in all further DCE
configuration. To configure a node to run in a DCE cell, use the DCE
utility dce_config, which provides a menu-driven configuration of the
local node. The user must run this utility on each node which is intended
to be used for DCE authenticated RPC. ITO nodes which are not also
DCE server systems have to be set up as client nodes. For details refer to
the DCE installation manuals.