How to configure the CA Spectrum Secure Domain Connector (SDC) to bind to individual IP addresses on the same host so you can run multiple instances of SDC on the same machine.

Document ID : KB000009930
Last Modified Date : 14/02/2018
Show Technical Document Details

The CA Spectrum Domain Connector (SDC) has been updated to allow the process to bind to multiple IP Addresses on the same machine.  This allows for greater flexibility within networks to allow for control over traffic to that specific IP Address.  This also removes the need to have multiple machines running multiple SDC processes for different network addresses.


Historically the CA Spectrum Domain Connector (SDC) can only have one process installed:  

Before using Secure Domain Manager capabilities to manage devices and applications in secure networks with CA Spectrum, install a single SDConnector process on a host computer in the secure network. Secure Domain Manager does not support running multiple SDConnector processes on the same host computer. You must be an administrative user on your Windows system, or the root user on Solaris and Linux systems when you install the SDConnector.


This single process would bind to all IP.  Customers have expressed the need to be able to bind the SDC process to individual IP Addresses to allow for greater flexibility with routing traffic through the SDC.  This document explains how to run multiple SDC processes on the same machine.


The functionality has been enhanced in the CA Spectrum 10.2.1 release as noted in the Fixed Issues:


Symptom: Secure Domain Connector( SDC ) always listens for SNMP traps and SDM connections on all interfaces.


Resolution: Extended Secure Domain Connector( SDC ) functionality to 

allow IP-specific binding for SNMP traps and SDM connections.

(DE263283, 00627431)


The installation instructions are as follows:


        1. Stop the Secure Domain Connector Service.

        2. Run the Spectrum_10.02.00.PTF_10.2.014 patch install.

        3. Extract the SDC_Install_<platform>.tgz file.

        4. Copy the extracted sdmc directory to SDConnector machine.

        5. Install by running install.bin on Solaris/Linux or install.exe on Windows.





        To enable IP-specific binding: 


           1. Set snmp_trap_ip=<ip> in sdc.rc 

           2. Set icmp_listen_ip=<ip> in sdc.rc

           3. Add -bind <ip> to sdc.config 

           4.  Restart the Secure Domain Connector Service


To configure another instance of the SDC, copy the SDMConnector folder on the SDC machine and change/update the configuration files accordingly to have another instance (ie. rename the SDConnector process, update the sdc.rc and sdc.config to utilize another IP).


Specific configuration information is available here: 

Additional Information:

Each SDC instance creates 4 listening port sessions.


For example SDC with PID 17973 creates the port 6844, 40564, 1621 35153 and 1. 

SDC polling exits by the main interface IP with port 40564


[root@rhel-server-6 ~]# netstat -pan | grep -i sdm 

tcp 0 0* LISTEN 17973/SdmConnectorS 

tcp 0 0* LISTEN 17771/SdmConnectorS 

tcp 0 0 ESTABLISHED 17771/SdmConnectorS 

tcp 0 0 ESTABLISHED 17973/SdmConnectorS 

udp 0 0* 17973/SdmConnectorS 

udp 0 0* 17771/SdmConnectorS 

udp 0 0* 17973/SdmConnectorS 

udp 0 0* 17771/SdmConnectorS 

udp 0 0 :::36719 :::* 17771/SdmConnectorS 

udp 0 0 :::35153 :::* 17973/SdmConnectorS 

raw 0 0* 7 17973/SdmConnectorS 

raw 0 0* 7 17771/SdmConnectorS



tcp:6844 – listen port for SDM connections – configured by -bind sdc.config option 

udp:162 – snmp trap listen port – configured by snmp_trap_ip in sdc.rc 

raw:1 – icmp listen port – configured by icmp_listen_ip in sdc.rc 

The ports( udp/IPv4:40564 and udp/IPv6:35153) are snmp source and can be configured as needed.


Initially this fix was offered in PTF patch Spectrum_10.02.00.PTF_10.2.014.  This patch has been obsoleted by 10.2.1.