10 Replies Latest reply on Nov 5, 2015 11:41 PM by Bala Dengale

    BMI Callback in MAS Setup

    Bala Dengale

      Hi Team,

       

      We are stuck due to BMI Callback failure as Target servers which are in Provisioning LAN not able to reach till application server. We have only provisioning component (PXE,TFTP,DHCP) accessible from Application and back.

       

      Apart from usage of proxy any other alternative solution? We are not allowed to use any proxy / third party solution.

       

      Can we just add another application server along with provisioning component and give his details in DHCP scope for BMC Call back? Will this work?

       

      If yes what type of application server required for this? (Job/Config/All?)

       

      Thanks,

      Bala

        • 1. Re: BMI Callback in MAS Setup
          Bill Robinson

          open the port or setup forwarding/proxying.  you can use iptables to do the forwarding.

          • 2. Re: BMI Callback in MAS Setup
            Bala Dengale

            Thanks Bill,

             

            We tried convincing customer for forwarding/proxying but their security team not allowing to do so. As our App server is in open internet zone and they don't want production backend install LAN accessible through some OS/proxy level configurations.


            They are fine with another Application server in provisioning LAN but not target servers to Application server. Are above scenarios possible in MAS setup?


            Thanks,

            Bala

            • 3. Re: BMI Callback in MAS Setup
              Bill Robinson

              so they will let you put an appserver in the other lan, open all the ports back from it to the database and other appservers ?

               

              and the provisioning lan – this is a local network to the bsa db or across a wan ?

              • 4. Re: BMI Callback in MAS Setup
                Bala Dengale

                Yes.

                 

                We do have provisioning server which is in same chassis of that target blade servers connected to 2 network interfaces like PROD LAN and Install LAN. PROD LAN is accessible from BSA App server but not from Install LAN.

                 

                Target blade servers has only one LAN i.e install LAN. Traffic already open from provisioning server to application and database but not from target servers directly.

                 

                this is the reason we are exploring this option.

                • 5. Re: BMI Callback in MAS Setup
                  Bill Robinson

                  why not ? what's the issue w/ having a single port open or proxied back to the appserver ?

                  • 6. Re: BMI Callback in MAS Setup
                    Bala Dengale

                    OS Team and Network team does not allow, so only option is application level. And we missed this in initial planning and now it is against their policy and might take months, so we are exploring application server option.

                    • 7. Re: BMI Callback in MAS Setup
                      Bill Robinson

                      so it will need to be a job instance, and you will need to make sure all the ports required are open between it and the other appservers (minport through maxport, registryport, jmxmanagementport).  and you should have job routing rules setup so it never runs jobs (i'm assuming it won't be able to talk to managed targets?).

                      • 8. Re: BMI Callback in MAS Setup
                        Bala Dengale

                        Thanks Bill,

                        Really appreciate your help...!!

                         

                        We will implement and let you know if we face any issue.

                         

                        Thanks,

                        Bala

                        • 9. Re: BMI Callback in MAS Setup
                          Bill Robinson

                          bala - this is only a workable solution if this 'provisioning' appserver is in the same LAN and PHYSICAL LOCATION to the other bsa appserver and database.  i'm not sure if that was clearly spelled out above.

                           

                          when you said "We do have provisioning server which is in same chassis of that target blade servers connected to 2 network interfaces like PROD LAN and Install LAN. PROD LAN is accessible from BSA App server but not from Install LAN."  that sounds like everything is in the same physical location and on the same network.

                           

                          if your 'provisioning appserver' is not in the same PHYSICAL LOCATION and same LAN as the other appserver and db, you should not do this.

                          • 10. Re: BMI Callback in MAS Setup
                            Bala Dengale

                            Yeah Bill,

                             

                            Yes it is physically separated datacenter. We tried this and working but doesn't sound recommended with considering performance impact in future.

                             

                            Thanks for the confirmation again on this, will take this in considerations and put forward the facts with customer.

                             

                            Thanks,

                            Bala