Prerequisites for Automatically Deploying the Application Infrastructure
The Infrastructure Deployment component lets you install agent software to target computers remotely. The installation can only be completed using the functionality of the underlying operating systems on source and target computers. The installation is subject to restrictions that result from an enterprise network configuration.
casa
The
Server Automation
Infrastructure Deployment component lets you install agent software to target computers remotely. The installation can only be completed using the functionality of the underlying operating systems on source and target computers. The installation is subject to restrictions that result from an enterprise network configuration.The initial step when deploying software is to install the IDPrimer application remotely to the target computer. The IDPrimer application then transfers and installs the software component installation images. When delivering the IDPrimer to the target computers, the deployment manager must supply user credentials that are valid on the target.
The IDPrimer is transferred to the target system using one of the following mechanisms. If the target operating system is known to the deployment manager, an appropriate transfer mechanism is selected. If the target operating system cannot be determined, the deployment manager tries each of the following mechanisms:
- Opening a network shareThe deployment manager tries to connect to a Windows network share on the target system. The share name ADMIN$ is used by default. The IDManager configuration option controls the default share name. This mechanism is available only from deployment managers running in a Windows-based environment. Windows variants (for example, Windows XP Home) do not support this deployment mechanism.
- Opening a network connectionThe deployment manager uses the SSH protocol to open a network connection to the target computer, then uses SFTP to transfer the primer installation package. This mechanism works on any computer running an SSH server. However, it is useful when targeting Linux or UNIX computers.When deploying to Solaris systems, CA Technologies recommends that you use either SunSSH v1.1 (or higher) or the latest version of OpenSSH. See http://opensolaris.org/os/community/security/projects/SSH for more information about patches that are applicable to Solaris platforms and versions.If you are running a firewall on the target computer, verify that the following conditions are met:
- The SSH port (22) is enabled to permit connection from the deployment manager
- The SSH server on the target computer is configured to use an RSA key with the 3DES cipher for encryption and the HMAC-SHA1 message authentication code (MAC).
Most SSH servers support this configuration by default. If they do not, consult the SSH server documentation for more information.To deploy to a UNIX or Linux agent, configure the /etc/ssh/sshd_config file of your recent SSH implementation as follows:- Set PasswordAuthentication toYes
- Set PermitRootLogin toYesor configure sudo/pfexec as described in section Remote Deployment to UNIX/Linux Using a Nonprivileged User Account
- Verify that the SFTP subsystem is enabled
Remote Deployment supports deploying software to systems with the /tmp file system mounted with the noexec flag.When deploying to some IBM AIX systems that run both an IPv4 and IPv6 stack using an IPv6 address, configure the target computer SSH server to use port 22 for IPv4. To configure SSH, edit the sshd_config file and set the ListenAddress to "::".If you want the SSH communication between the deployment manager and the target computer to be FIPS-compliant, verify that the SSH server running on the target uses FIPS-compliant cryptographic module, apart from setting FIPS-only mode on the deployment manager.
Some modern operating systems do not encourage, and sometimes actively prohibit, the remote installation of software. If you try to deploy software to such systems, the deployment fails with a status of
No Primer Transport
. In such cases, install the software components in other ways (for example, use physical distribution media such as DVD).Alternatively, you can preinstall or provision machines with the IDPrimer software. This process allows deployment without relying on facilities from the underlying operating systems. In cases where no authentication is completed, supply the valid credentials before the deployments being authorized.
To determine whether your environment allows automatic deployment, run the following standard operating system operations to complete a simple verification:
- To use Windows shares to deliver the IDPrimer image, map a share from your deployment manager host computer to each deployment target computer. Use the target user credentials that are supplied in the deployment request.Default share:ADMIN$
- To use SSH to deliver the IDPrimer image, you must be able to connect using SSH from the deployment manager to the deployment target computers.