Multiple Server Installations

When installing the CSA MC software on multiple servers, you must decide which components to place on which servers. There are three components to implement:

• CSA MC Configuration Graphical User Interface (GUI)

• Event and Polling Services

• MS SQL 2000 Database

You can place these components on up to three servers as necessary. The following sections cover a few of the common implementation options.

Single CSA MC and an Additional Server for MS SQL 2000

It is common for organizations to want to use existing SQL deployments with CSA or to break out the CSA SQL database to another server, so that the appropriate staff can manage and maintain it. The following steps explain the MS SQL 2000 installation and preparation that you must complete prior to installing the CSA MC components on the other server.

Step 1 Start the installation of MS SQL 2000 by running autorun.exe on your licensed installation CD.

Step 2 Select SQL Server 2000 Components.

Step 3 Select Install Database Server.

Step 4 The Wizard now starts, press Next.

Step 5 Select Local Computer, and then press Next.

Step 6 Select Create a new instance of SQL Server, or install client tools and press Next.

Step 7 Enter your name and company and press Next. Step 8 Read and accept the license agreement. Step 9 Select Server and Client Tools and press Next. Step 10 Select Default and press Next.

Step 11 Select Typical and set the database path or leave the default and press Next.

Step 12 Select Use the same account for each service, and then provide a service account and password. Click Next.

Step 13 Select Mixed Mode Authentication and check the Blank Password box to leave the service account (SA) account blank and press Next and then press Next again to proceed.

Step 14 Select your appropriate license information for the SQL server.

Step 15 Setup continues and completes.

Step 16 You can now install SQL Service Pack 3a if necessary.

Make sure to ignore the security threat warning and leave the password for SA blank.

If you install SP3a, which is required, be sure to select Upgrade MS Search and Apply SP3a.

Step 17 After install completes, reboot the server.

Step 18 Start the SQL Enterprise Manager application from the Program Files menu.

Step 19 Right-click on the server and select Edit SQL server registration properties.

Step 20 Choose SQL Server authentication and enter SA or another account that has privileges on this database.

Step 21 Right-click on the Server name and select Properties.

Step 22 Click the large Network Configuration button at the bottom and verify that TCP/IP is selected and on the right side of the screen. If you need to add TCP/IP, stop and restart the SQLSERVER service.

Step 23 Right-click on databases and select New.

Step 24 Name the new database CSAMC45 and press OK.

Step 25 Right-click the new database and select Properties.

Step 26 Click on the Filegroups tab and type ANALYSIS in the empty name field. Press OK when finished.

Step 27 Right-click the new database and select Properties.

Step 28 Click on the Data files tab. In the File Name field, add a datafile named csamc45analysis_data. In the space allocated field, enter 20 and in the filegroup filed, select ANALYSIS from the dropdown menu. Press OK when finished.

Step 29 Expand the Security folder under the database server.

Step 30 Right-click logins and select New Login.

Step 31 Create a user name such as CSAUSER and choose SQL Server Authentication. Enter a password for this user, then select the CSAMC45 database from the dropdown menu. Press OK when complete.

Step 32 Confirm the password and press OK. Step 33 Click Yes.

Step 34 Expand the CSAMC45 database you created earlier.

Step 35 Right-click Users and select New Database User.

Step 36 Select the user you created earlier from the dropdown box.

Step 37 Add db_ddladmin, db_datareader, and db_datawriter Permissions, and then press OK.

This completes the necessary steps to install MS SQL 2000 on a remote server and also to preconfigure all components in the database necessary for you to proceed with the CSA MC installation on the other server. The first CSA MC server you install automatically becomes the Event and Polling server. It is also the Configuration GUI server until you install a second CSA MC. Then you should use the second server as the Configuration server. The following steps explain the differences in the installation of a CSA MC, which uses this remote database:

Step 1 Verify CiscoWorks Common Services is loaded and working correctly on your server by logging into the interface.

Step 2 Verify you have the necessary CSA licenses and software available.

Step 3 Follow the installation procedure outlined for installing a single CSA MC server deployment until you reach the database selection page.

Step 4 Select Remote Database and press Next.

Step 5 You must now enter the following to connect to the remote database as displayed in Figure 6-14:

— Server Name—The resolvable name of the server for the remote SQL connection

— Database Name—The name created earlier, which was CSAMC45

— User Name—The user created earlier, which was CSAUSER

— Password—The password provided for this user

Figure 6-14 Databases Connection Information

Figure 6-14 Databases Connection Information

Step 6 Click Next.

Step 7 Continue with the installation steps you used for the single CSA MC

installation. In Figure 6-15, notice that the progress bar skips many steps because the database is not local. This image is from the third server of a three-server installation. In this example, you can see that the policies were already installed in the database so there was no need to perform that action and many others.

Figure 6-15 Installation Progress for Multi-Server

Installing Management Center for Cisco Security Agents V4.5

Step 8 Upon completion, look in the Windows Registry, as shown in Figure 616, at the keys located in HKEY_LOCAL_MACHINE\SOFTWARE\ Cisco\CSAMC45. You can see that the local CSA MC is configured to use the remote server:

— DBP: Database Password

— DSN: Database DSN referring to your SQL server

Figure 6-16 SQL Information Listed in the Registry

Figure 6-16 SQL Information Listed in the Registry

Registry Edit View Favorites Help

H Ü HKEY_CURRENT_U5ER Tj

Registry Edit View Favorites Help

H Ü HKEY_CURRENT_U5ER Tj

I Data

B O HKEY_LOCAL_MACHINE 0-CI HARDWARE ffl-CI 5AM

a SECURITY R _J SOFTWARE

[^BaseDir

SlFullVersion

^LogDir

[äj»]PolidesDir i^ProductRootDir

[aj>]TmpDir

REG_SZ REG_SZ REG_SZ REG_5Z REG_5Z REG_SZ REG_SZ REG_SZ REG_5Z REG_5Z REG_5Z REG_SZ REG_SZ REG_SZ

(value not set)

C:\PROGRA~l\C5COpx\C5AMCi5

C:\PROGRA~l\CSCOpx\CSAMCJ5\bin

C:\PROGRA~l\C5COpx\C5AMC45\cfg password csauser

(+1 O Apache Grcup

B O HKEY_LOCAL_MACHINE 0-CI HARDWARE ffl-CI 5AM

a SECURITY R _J SOFTWARE

(+1 O Apache Grcup

l+J Cj kesDjrce Maiag l~~l Cisco by stems 0 Q Classes B O Clierrs E Ohm ri|illni i

DSN=csamc45DSN !SERVER=csasgl ! DATABASE=csamc,..

C:\PROGRA~l\CSCOpx\C5AMC45\export

C:\PROGRA~l\C5COpx\C5AMC45\log Cisco Systems

C:\PROGRA~l\CSCOpx\CSAMC-45\policies

C:\PROGRA~l\C5COpx

C:\PROGRA~l\CSCOpx\CSAMCi5\tmp

l+J Cj kesDjrce Maiag l~~l Cisco by stems 0 Q Classes B O Clierrs E Ohm ri|illni i

;ion

S-Cl FLEXlm License Mana 0-Û INTEL H-Cl JavaSoft 1+1-TH Live Software B L_| Microsoft S"C] Nico Mak Computing B O ODBC BÛ Policies j~'~l Program Groups B O Seagate Software •-T^l Secure

You can now verify that the CSA MC is functional by logging into the system. You should notice that the installation process is not much different except for the many steps associated with installing the MS SQL 2000 server and preconfiguring the database. You should make sure you have a qualified technician perform the SQL installation if you are not confident that you can configure it and its maintenance procedures appropriately.

Two CSA MC and an Additional Server for MS SQL 2000

Installing another CSA MC server to create a three-server environment out of a two-server environment is an easy procedure. Follow these steps to accomplish this task:

Step 1 Verify CiscoWorks Common Services is loaded and working correctly on your server by logging into the interface.

Step 2 Verify that you have the necessary CSA licenses and software available.

Step 3 Connect to the first CSA MC server you installed and stop the

CiscoWorks Services. This is an extremely important step, and you should always perform it before updating the CSA MC software on the

My Computer\HKEY_LOCAL_MACHINE\50FTWARE\Clsco\C5AMC45

servers, so you do not end up in multiple servers with multiple product versions online at the same time. Perform this by entering the following at a command-line:

Step 4 Follow the installation procedure that was outlined for installing a single CSA MC server deployment until you reach the database selection page.

Step 5 Select Remote Database and press Next.

Step 6 You must now enter the following to connect to the remote database:

— Server Name: The resolvable name of the server for the remote SQL connection

— Database Name: The name created earlier, which was CSAMC45

— User Name: The user created earlier, which was CSAUSER

— Password: The password provided for this user

Step 7 Press Next.

Step 8 Notice that there is less installed than previously as the database is already populated and configured.

Step 9 After completion, you can restart the services on the original CSA MC.

You now have two CSA MC servers and a dedicated database server functioning in the CSA

MC architecture. To verify the installation in the SQL database, look at the mc_config table in the CSAMC45 database. You will see multiple servers listed, as shown in Figure 6-17.

Figure 6-17 mc_config Table Displays Multiple MCs in SQL

Figure 6-17 mc_config Table Displays Multiple MCs in SQL

Remember that the original CSA MC always becomes the Event and Polling server and that the second CSA MC installed becomes the Configuration GUI. This is because the original server installs all necessary components and certificates required to function without an additional server if a second is never installed. After the second server installation begins, it detects the previous configuration in the current database and assumes its role as the configuration server within the multi-server architecture.

NOTE If you use multiple servers for your deployment, all configuration and events are stored in the SQL database. This fact makes it possible to create cloned servers or images of the servers running the non-database CSA MC components, so that you could have a cold spare server ready in the case of a server failure. If you have a server failure, simply remove the failed system from the network and replace it with the cloned standby. You now have a fully functional configuration.

Was this article helpful?

0 0

Post a comment