CA Client Automation

  • 1.  Remote machines pointing to domain manager

    Posted Sep 12, 2017 03:00 AM

    Hi Team,

    Would like to know whether we can point 2000+ remote devices to central domain manager directly ? Is there any limitation on the agent count to point the device to central domain manager directly.

    And we only use remote control for these 2000+ devices. Is that recommeneded by CA ?

    Thanks and Regards
    Varun kumar



  • 2.  Re: Remote machines pointing to domain manager
    Best Answer

    Broadcom Employee
    Posted Sep 12, 2017 08:52 AM

    2000+ machine is too many agents to point to one Scalability Server, so pointing that any to a Domain manager is not a good idea.

     

    We usually like to have little or no agents pointing directly to the Domain Manager, since the DM is a DM, Scalability and Agent, there are a lot of different jobs the server performs, by limiting the number of agents pointing directly to it, it can use more resources for it other jobs.  I would create at least one Scalability if not two and move most or all the agents off of the DM.    If it is not too much more than 2000, you could probably move 1,500 to a remote SS and leave the 500+ on the Domain Manager. 



  • 3.  Re: Remote machines pointing to domain manager

    Posted Sep 27, 2017 10:27 PM

    Hi Gordon,

    Thank you for your help on this.

    Our customer has agreed to build 3 SS at data center and point all the remote machines to newly build SS.

     

    However, Would like to know how the remote control works if the remote machine is pointed to SS which is in data center. Will there be any delay in remote control connection ? How the remote control session will be established.Is it initiated through SS ?

     

    Thanks in advance for reply.



  • 4.  Re: Remote machines pointing to domain manager

    Broadcom Employee
    Posted Sep 27, 2017 10:44 PM

    Connections do not go through the DM or ss   the connection goes from the rc viewer to  rc host

     

     

     

    Sent from my Verizon, Samsung Galaxy smartphone



  • 5.  Re: Remote machines pointing to domain manager

    Posted Sep 28, 2017 12:10 AM

    Hey Varun,

     

    Rich is correct-- the connection is made direct, rcviewer to rchost.  However, before the connection is permitted, the rchost must validate the rcviewer's credentials.

     

    By default, RC is set to centrally managed mode:

     

    Under centralized management, the rchost is validating your DSM security profile's credentials.  That is 1- Your user's ability to access the RC features in security profiles itself, and 2- your RC permissions to access the target machine.  RC works in a most-permissive model, so as long as the computer is in a group where you have RC permissions, the connection will work.

     

    The rchost performs this check by sending a message up the infrastructure:

    rchost (agent) --> rcserver (SS) --> rcmanager (DM)

    rchost (agent) <-- rcserver (SS) <-- rcmanager (DM)

     

    Note1: If the centralized security mode is set to false, then the rchost validates your permissions locally.  In this case it authenticates without DSM permissions, using the locally available authorities, the same as if you were to login to the target's desktop.

     

    Under centralized authentication mode, there's a few additional options, as seen in the screenshot above:

     

    Authenticate via server.  Default is true.  This means the rchost will message rcserver at the SS, as I explained above.  If set to false, the rchost will message the DM directly, going around the SS and eliminating an extra step in communications, if your rchost is able to communicate directly with the DM.

     

    Enable fail safe.  In the event the rchost can't contact the SS or DM, it will fall back to local security mode.  This is a good failsafe in case there are any communication issues or otherwise happening with the SS or DM, so RC can still work.

     

    Enable security cache.  This allows the rchost to store recently authorized connections.  So if you are connecting back in a short interval, and you were previously authorized, the rchost will bypass the check and bring you straight in.

     

    So, Rich is correct the rcviewer talks directly to the rchost, but the authentication process, by default out of the box settings, leverages the scalability servers for authentication.

     

    Regards,

    Brian



  • 6.  Re: Remote machines pointing to domain manager

    Posted Sep 28, 2017 01:03 AM

    Thank you Rich & Brian.