Apr 07 2021 09:05 AM
Hello,
I have one question regarding Linux monitoring. My client needs to monitor Linux servers and will use resource pools constituted only with Gateway servers (network specifications make impossible the use of Management Servers). I'd like to know if I have to deploy certificates between gateways from the same resource group if I want to maintain failover with the resource group. And if I have to deploy the gateway certificates also to the central Management Servers that will eventually really monitor the Linux boxes.
Thanks in advance .
Regards,
P.
Apr 08 2021 11:28 AM - edited Apr 08 2021 11:30 AM
Solution@PhilippeAugras
Hi Philippe, as the SCX certificates are used to sign the custom OM certificate, which is used by the Nix agent, you need to have them on all members of the resource pool, which is managing the agent/to which the agents are reporting...no matter if this resource pool consists of real Management Servers or Gateway Management Servers....so the answer is YES, you need to have the X-plat certificates on all gateways in the resource pool, to which the Linux agents are reporting..
I also discussed this with a SCOM legend - Bob Cornelissen, who confirmed this also.
@BobCornelissen:
"X-plat certificates from all machines in the resource pool - to all other machines in that resource pool, gateways or management servers, but if gateways do the monitoring of the linux machines then the scom management servers do not need those X-plat certificates.
Looks like this particular scenario is linux servers connected to a group of gateways in a resource pool and the gateways - connected to mgmnt servers. In this scenario the gateways need to exchange each others SCX certificates."
Apr 11 2021 11:48 PM
Thank you very, very much to both of you @Stoyan Chalakov and @BobCornelissen .
Apr 08 2021 11:28 AM - edited Apr 08 2021 11:30 AM
Solution@PhilippeAugras
Hi Philippe, as the SCX certificates are used to sign the custom OM certificate, which is used by the Nix agent, you need to have them on all members of the resource pool, which is managing the agent/to which the agents are reporting...no matter if this resource pool consists of real Management Servers or Gateway Management Servers....so the answer is YES, you need to have the X-plat certificates on all gateways in the resource pool, to which the Linux agents are reporting..
I also discussed this with a SCOM legend - Bob Cornelissen, who confirmed this also.
@BobCornelissen:
"X-plat certificates from all machines in the resource pool - to all other machines in that resource pool, gateways or management servers, but if gateways do the monitoring of the linux machines then the scom management servers do not need those X-plat certificates.
Looks like this particular scenario is linux servers connected to a group of gateways in a resource pool and the gateways - connected to mgmnt servers. In this scenario the gateways need to exchange each others SCX certificates."