Re: LDAP-DB Sync Considerations - 2 CMS Consoles - 1 Database

forums@developer.bmc.com — Mon, 11 May 2009 17:24:02 GMT

Jake -

Thanks for the quick reply. We're using ADAM for LDAP, I don't think auto-discovery is not an option when using ADAM.

As for Patch Manager, yes, we'd be using Patch Manager (shared between both consoles) to patch.

As for ACL's, didn't really think about it too much, as I'm not sure it solves our issue. Here is our issue:

In our current console (which manages all ADAM objects - users, workstations, servers), we have policies set against users as well as machines. We have seen in testing that packages designed to run only on workstations will install on servers, if logged in with an ID which has packages assiciated to it. We want to completely eliminate the possibility of any workstation packages from running on our servers, for obvious reasons, which is what drove us to look at creating a seperate console.

Here is what the environment looks like, both current and proposed:

Current:

Single ADAM instance (replication between Active Directory and ADAM - users, workstations and servers)
Single CMS Console
Single Inventory DB

Proposed:

Two ADAM instances
- One for users, workstations and specific workstations groups
- One for servers ONLY
Two CMS Consoles
- One for users, workstations and specific workstations groups
- One for servers ONLY
Single Inventory DB

We also have a single master transmitter environment (multiple mirrors) behind a load balancer, which also would not change.

Thanks for your input, Jake!

Vincent

Re: LDAP-DB Sync Considerations - 2 CMS Consoles - 1 Database

jake_morgan@bmc.com — Mon, 11 May 2009 16:57:48 GMT

Will u be using auto discovery?

Will u be using patch mgt?

If yes to any of those have you considered using one cms with ACLs?

LDAP-DB Sync Considerations - 2 CMS Consoles - 1 Database

forums@developer.bmc.com — Mon, 11 May 2009 16:43:44 GMT

Hello,

We are evaluating the possibility of implementing a second CMS Console to manage servers exclusively.

The question is, will having two different LDAP-DB sync's with one Inventory DB affect the LDAP data stored in the Inventory DB? Meaning, if we sync data from LDAP 1 to the DB, will that data be deleted or affected in any way when data is sync'd from LDAP 2?

Thanks for your help.

Vincent

BMC Communities: Message List - LDAP-DB Sync Considerations - 2 CMS Consoles - 1 Database

Re: LDAP-DB Sync Considerations - 2 CMS Consoles - 1 Database

Re: LDAP-DB Sync Considerations - 2 CMS Consoles - 1 Database

LDAP-DB Sync Considerations - 2 CMS Consoles - 1 Database