I have a quick question regarding the system identity user and its role. What exactly is this user doing?
"System Identity setup helps you create a "trust" user on servers that are part of a multi-server setup. This user enables communication among servers that are part of a domain." This is from the help topic of CiscoWorks.
In our case, we have a CSM server (3.3.1), which replicates to a second server using Symantec Veritas, but there is only one server active at a time. So what is the purpose of this user?
Are there tasks that can only be performed by this user?
The "multi-server setup" in the Help refers to the master-slave multi-server trust setup supported by DCR/Commen Services, so it obviously doesn't apply to your scenario of "multi-server" replication via a third party sw (Veritas). Furthermore, if your CSM is not using Cisco Secure ACS for authentication, you only need to be concerned with the local significance of the System Identity User, according to:
•You can choose whether to enter the System Identity username and password after installation. Communication among your servers relies on a trust model that uses certificates and shared secrets. The System Identity login is trustworthy to other servers when you use a multiserver setup and therefore facilitates communication between servers that are part of a domain. There can be one System Identity login account on a server.
•If you use Cisco Secure Access Control Server (ACS) for user authentication, you must use it to assign all CiscoWorks privileges to the System Identity user. If you do not use ACS for user authentication, the System Identity user must be a local user with system administrator privileges.