Implementing CA Access Control High Availability on Microsoft Windows 2008 Cluster

Document ID : KB000049566
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

This scenario describes how to configure a VMware vCenter 4.1 for high availability and how to implement and test CA Access Control Enterprise Management in that environment.

Solution:

Follow these steps to deploy CA Access Control in high availability on VMware vCenter 4.1:

  1. Create a VM cluster

  2. Configure the cluster for high availability

  3. Install CA Access Control Enterprise Management on a dedicated Microsoft Windows Server virtual machine.

    Note: For more information about installing CA Access Control Enterprise Management, refer to the Implementation Guide.

  4. Verify CA Access Control Enterprise Management deployment (see page 9).

Create a Virtual Machine Cluster

Before installing and configuring the Enterprise Management Server, the system administrator or the VMware administrator configures a virtual machines cluster.

Note : The following procedure contains recommended steps for creating a cluster and may not apply to your environment.

Follow these steps:

  1. Open the VMware vSphere client to log in to the VMware vCenter.

  2. Select the data center where you want to create the cluster and right-click it.

The options menu open.

  1. Select the New Cluster option.

    Figure 1

  2. Enter the cluster name and select the Turn On vSphere HA option. Click Next.

    Figure 2

  3. Select the Enable Host Monitoring option from the Host Monitoring Status section. Click

    Figure 3

  4. (Optional) Select Power Off from the Host Isolation Response menu. Select this option to enable the virtual machine to automatically shut down of it detects it is isolated from the network. Click Next.

  5. Select the VM Monitoring Only option from the VM Monitoring menu. Click Next.

    Figure 4

  6. Select to disable Enhanced vMotion Compatibility (EVC). Click Next.

    Figure 5

  7. Select the recommended option for the swap file location and click Next.

  8. Review the options you selected and click Finish.

VMware vCenter creates the cluster. Next you add hosts to the cluster.

Configure a VM Cluster for High Availability

After preparing the VMware vCenter 4.1, the system or VMware administrator adds hosts to the cluster. The administrator must add at least two hosts to the cluster to enable high availability.

Follow these steps:

  1. From the VMware vSphere client, select the cluster you created and right click it.

  2. Select Add Host.

The following wizard opens:

Figure 6

  1. Specify the host name and authorization parameters. Click Next to complete the wizard.

  2. Repeat the steps to add another host.

  3. Install CA Access Control Enterprise Management on a dedicated Microsoft Windows Server 2008 virtual machine and add that machine to the cluster.

Note: For more information about installing CA Access Control Enterprise Management, refer to the Implementation Guide.

Verify CA Access Control Enterprise Management High Availability Deployment

After the system or VMware administrator configured the cluster for high availability and installed CA Access Control Enterprise Management on a dedicated virtual machine in the cluster, the administrator verifies that the deployment completed successfully.

Follow these steps:

  1. Start up the Enterprise Management Server.

  2. Log in to CA Access Control Enterprise Management.

  3. Create a PUPM endpoint of type Windows Agentless and discover privileged account on the endpoint.

    Note: For more information about creating PUPM endpoints and discovering privileged accounts, refer to the Enterprise Administration Guide.

  4. Check out the account password

  5. Using the VMware vSphere client, stop the host that currently runs CA Access Control Enterprise Management.

The host is stopped. VMware vCenter starts up another host in the cluster after 30 seconds.

  1. Wait until the virtual machine starts up on one of the hosts in the cluster.

  2. Log in to CA Access Control Enterprise Management.

  3. Go to My Accounts and verify that the account password is still checked out.