cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

SCOM 2019 - Linux monitorint - 100 % Gateways resource pool : need for certificate export ?

PhilippeAugras
Brass Contributor

‎Apr 07 2021 09:05 AM

‎Apr 07 2021 09:05 AM

SCOM 2019 - Linux monitorint - 100 % Gateways resource pool : need for certificate export ?

Hello,

 

I have one question regarding Linux monitoring. My client needs to monitor Linux servers and will use resource pools constituted only with Gateway servers (network specifications make impossible the use of Management Servers). I'd like to know if I have to deploy certificates between gateways from the same resource group if I want to maintain failover with the resource group. And if I have to deploy the gateway certificates also to the central Management Servers that will eventually really monitor the Linux boxes.

Thanks in advance :lol:.

Regards,

P.

688 Views
0 Likes
2 Replies
Reply
2 Replies
best response confirmed by PhilippeAugras (Brass Contributor)
Stoyan Chalakov

‎Apr 08 2021 11:28 AM - edited ‎Apr 08 2021 11:30 AM

‎Apr 08 2021 11:28 AM - edited ‎Apr 08 2021 11:30 AM

Solution

Re: SCOM 2019 - Linux monitorint - 100 % Gateways resource pool : need for certificate export ?

@PhilippeAugras 
Hi Philippe, as the SCX certificates are used to sign the custom OM certificate, which is used by the Nix agent, you need to have them on all members of the resource pool, which is managing the agent/to which the agents are reporting...no matter if this resource pool consists of real Management Servers or Gateway Management Servers....so the answer is YES, you need to have the X-plat certificates on all gateways in the resource pool, to which the Linux agents are reporting..

I also discussed this with a SCOM legend - Bob Cornelissen, who confirmed this also.
@BobCornelissen:
"X-plat certificates from all machines in the resource pool - to all other machines in that resource pool, gateways or management servers, but if gateways do the monitoring of the linux machines then the scom management servers do not need those X-plat certificates.

 Looks like this particular scenario is linux servers connected to a group of gateways in a resource pool and the gateways - connected to mgmnt servers. In this scenario the gateways need to exchange each others SCX certificates."

1 Like
Reply
1 best response

Accepted Solutions
best response confirmed by PhilippeAugras (Brass Contributor)
Stoyan Chalakov

‎Apr 08 2021 11:28 AM - edited ‎Apr 08 2021 11:30 AM

‎Apr 08 2021 11:28 AM - edited ‎Apr 08 2021 11:30 AM

Solution

Re: SCOM 2019 - Linux monitorint - 100 % Gateways resource pool : need for certificate export ?

@PhilippeAugras 
Hi Philippe, as the SCX certificates are used to sign the custom OM certificate, which is used by the Nix agent, you need to have them on all members of the resource pool, which is managing the agent/to which the agents are reporting...no matter if this resource pool consists of real Management Servers or Gateway Management Servers....so the answer is YES, you need to have the X-plat certificates on all gateways in the resource pool, to which the Linux agents are reporting..

I also discussed this with a SCOM legend - Bob Cornelissen, who confirmed this also.
@BobCornelissen:
"X-plat certificates from all machines in the resource pool - to all other machines in that resource pool, gateways or management servers, but if gateways do the monitoring of the linux machines then the scom management servers do not need those X-plat certificates.

 Looks like this particular scenario is linux servers connected to a group of gateways in a resource pool and the gateways - connected to mgmnt servers. In this scenario the gateways need to exchange each others SCX certificates."

View solution in original post

1 Like
Reply