AnsweredAssumed Answered

CA ControlMinder deployment in 5 sites

Question asked by monru01 Employee on Feb 6, 2014
Latest reply on Mar 13, 2014 by monru01

Hi team

We are going to deploy the CA Control Minder  release 12.8 (using the CA Directory as User Store) with the next features: SAM Endpoints and CA Control Minder Endpoints (Access Control Agents)

We are working to create architecture to satisfy the next requirements

  •   CA Control Minder HA without the use of the Microsoft Windows Cluster Services (they don’t want to use the  Windows Cluster share storage)
  •   The client wants to integrate endpoints to CA Control Minder, defined in to 5 sites.
  •   These 5 sites are located in places separate geographically.
  •   Every site has communication each other and every site has different kinds of endpoints (Servers, routers, firewalls…)
  •   Install CA Control Minder on 5 sites and the possibility to always stay available, don’t care which sites are available.
  •   Access using by one URL to the CA Control Minder Enterprise Console to manage their different endpoints.
  •   The client also want to ensure the availability of the services across the 5 sites , it means , if some of the sites lose the connection with the others, the service of  CA Control Minder SAM  continues.

To satisfy the last requirements, we are working with the next solution:

  •   Define one CA Control Minder Enterprise Server installed in one site, we are going to call: CA Control Minder Enterprise Server Master.
  •   Install in the rest 4 sites the CA Control Minder Enterprise Servers called “slaves” and all of them  (including the CA Control Minder Enterprise Master ) pointing to  the same instance of MSQL Server which is in mirroring mode using the MSQL tools.
  •   Replicate the next  components: Messages Queue, DH_ and DMS_ configuration files from the CA Control Minder Enterprise Server Master to the rest 4 sites using software to replicate the files (for example : CA ArcServer )
  •   The Control Minder master is always available to connect to the Endpoints and the rest of CA Control Minders installed in the 4 sites are down.  If the CA Control Minder Enterprise Server Master is down or lost the communications with the rest of the endpoints defined in to the 4 sites, one of the CA Control Minder Enterprise Server Slave is up and the service of SAM and the deployment of ACL’s are available and so on…

       And if the CA Control Minder Enterprise Master is available again, the CA Control Minder Enterprise Slave is down and the replication of the DH_ , DMS_ and the Messages Queue is    replicated to the CA Control Minder Slave to the Master , in order to cover any differences of data.

  •   To monitoring the CA Control Minder services, we are going to use an Monitoring Software of services.
  •   We are going to use the CA Control Minder Load Balancer to provide access to the CA Control Minder Enterprise Services through one url.

What do you think about this solution that we try to implement?

Do you think is supported the replication of the DH, DMS and the Messages Queue via the using of replication software via the CA ArcServe?

Any suggestion is welcome...

My Best Regards

Ruber Monterrubio

Technical Consultant

Outcomes