LMS 2.6 Multi-Server Server Setup

Answered Question

Hi,

We currently have a single LMS 2.6 server running all applications and integrated with ACS. The deployment guide says multi-server setup is supported in LMS 2.6, but I cannot find a good link that gives more info.

Can someone please point me in the right direction related to best practices and license requirement for multi-server in ACS integrated environment?

Thank you.

I have this problem too.
0 votes
Correct Answer by Joe Clarke about 8 years 6 months ago

See http://www.cisco.com/en/US/products/sw/cscowork/ps2425/prod_white_papers_list.html for our LMS white papers. The large scale deployment paper will be of particular interest. It's for LMS 3.0, but the concepts still apply to LMS 2.6.

In general, you will need to purchase a license for each LMS server unless you plan on separating the bundle. That is, if no application is duplicated on each server, you only have to use one license. If, however, you install the same application on two different servers, then you will need a separate license for each server. Note: Common Services does not count. You can install as many copies of Common Services as you want.

Another leading practice is to integrate each server with DCR master/slave as well as Single Sign On master/slave. This way, there is one device and credentials list that gets replicated across all servers. Additionally, you only need to authenticate against one server, then you will be able to transparently move to each server without entering your username/password again.

Since ACS is in the picture, you will also need to integrate each server with the same ACS server/cluster. While SSO takes care of centralized authentication, it does not synchronize users across all LMS servers. Therefore, you will still need the ACS integration on all servers to handle authorization.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Joe Clarke Thu, 07/17/2008 - 12:37

See http://www.cisco.com/en/US/products/sw/cscowork/ps2425/prod_white_papers_list.html for our LMS white papers. The large scale deployment paper will be of particular interest. It's for LMS 3.0, but the concepts still apply to LMS 2.6.

In general, you will need to purchase a license for each LMS server unless you plan on separating the bundle. That is, if no application is duplicated on each server, you only have to use one license. If, however, you install the same application on two different servers, then you will need a separate license for each server. Note: Common Services does not count. You can install as many copies of Common Services as you want.

Another leading practice is to integrate each server with DCR master/slave as well as Single Sign On master/slave. This way, there is one device and credentials list that gets replicated across all servers. Additionally, you only need to authenticate against one server, then you will be able to transparently move to each server without entering your username/password again.

Since ACS is in the picture, you will also need to integrate each server with the same ACS server/cluster. While SSO takes care of centralized authentication, it does not synchronize users across all LMS servers. Therefore, you will still need the ACS integration on all servers to handle authorization.

Thanks very much - excellent response as always!!!

I did see the LMS 3.0 doc, but wasn't sure it if was completely applicable to 2.6.

One more question though - I can understand splitting the applications help divide the load on servers; but in terms of server failure, we still have to restore from backed up data as for a single server scenario. So, from a total redundancy perspective you would run two servers with all applications and additional license - correct?

Thank you.

Joe Clarke Thu, 07/17/2008 - 13:34

The CiscoWorks Assistant pieces of LMS 3.0 do not apply the LMS 2.6. However, concepts of DCR master/slave, SSO, and ACS integration do apply. The one caveat with ACS integration in LMS 2.6 is that it is up to you to create the Super Admin role in ACS under each LMS application. This is the role that must be assigned to the System Identity User.

For HA, yes, you would need to install all apps on both servers. Each server would need its own license. In this case, we have recommended customers turn polling intervals down on the secondary server when it is running as a backup. We also recommend you send syslogs to both servers, but do not allow syslog-triggered configand inventory fetches on the backup server. Instead, the backup server will get the config and inventory updates during its periodic fetch cycles.

The downside of this manual HA configuration is that you will need to increase polling, and enable certain tasks that you disabled on the backup when and if it becomes the active primary.

Thank you.

Just to clarify the Redundant Server setup;

1. We install all apps on the new server with new license.

2. We make the peer-server account on each server the System Identity User of the other server. (I assume the SysIdUser are unique to each server)

3. Make the existing server the Master.

4. Integrate the second server with ACS, just as we have done for the existing server.

5. Update polling intervals and other syslog options on new server to reduce network traffic. Make a note of standard settings to update these in case of failure.

This is good enough or am I missing something?

Joe Clarke Fri, 07/18/2008 - 08:16

The System Identity User should the same on both servers.

Making the existing server the Master involves configuring it as a DCR master AND an SSO master. The two are separate and unrelated. Just be aware that is a two-step process.

You might find it useful to restore a backup from the first server to the second server just to get started. If you do this, you will need to modify NMSROOT/lib/classpath/com/cisco/nm/dcr/dcr.ini and make sure DCR_GROUP_ID and DCR_ID are unique on both servers.

Actions

This Discussion