beautypg.com

Dce servers, Dce nodes – HP UX B6941-90001 User Manual

Page 438

background image

438

Chapter 10

Tuning, Troubleshooting, Security, and Maintenance

ITO Security

In addition, all participating nodes must be member of DCE cells, which
are configured to trust each other.

ITO does not require specific DCE configuration. An installed DCE
runtime (client part) including shared libraries and the RPC daemon
(

rpcd

/

dced

) are sufficient. However, these components are necessary on

all ITO managed nodes running a DCE, ITO agent. The client
components include the necessary client parts for authenticated RPC,
too. Consequently, it is not necessary to install additional DCE
components on all managed nodes.

For more detailed information on DCE, see the product-specific
documentation and “Configuring DCE Nodes to use Authenticated
RPCs” on page 439.

DCE Servers

It is necessary to have at least one Cell Directory Service and a security
server running in a DCE cell. These systems should be reliable,
sufficiently powerful (CPU, RAM), and connected via a fast network link
to all participating ITO nodes. Although a DCE server system can also be
an ITO management server or a managed node, it is recommended that
the DCE servers be separate from the ITO management server in order
to distribute demand on resources. It is also highly recommended that
you consider the option of configuring the DCE server system as an ITO
managed node. In this way, ITO can monitor the health and status of the
DCE server system.

NOTE

In addition to the DCE runtime package, a dedicated, DCE, server
system requires the DCE server components, which have to be purchased
separately.

DCE Nodes

Each managed node running the DCE ITO agent and each management
server must be member of a DCE cell. The initial cell member must be a
DCE server system—this step configures the DCE-cell administrator
cell_admin, who plays an important role in all further DCE
configuration. To configure a node to run in a DCE cell, use the DCE
utility

dce_config

, which provides a menu-driven configuration of the

local node. The user must run this utility on each node which is intended
to be used for DCE authenticated RPC. ITO nodes which are not also
DCE server systems have to be set up as client nodes. For details refer to
the DCE installation manuals.