I hope that anyone can help me with this doubt.
I have this structure---->
proxy-hub (server certificate)
client-huba (client certificate) clienthubb (hub of server's x) (client certificate)
clienthubb-other (hub of server's y)
uim-server: core of cauim. is a client certificate (tunnel ssl)
proxy-hub: server of scalability. Is a server certificate (tunnel ssl)
client-huba: Is a tenant. is a client certificate (tunnel ssl)
clienthubb: Is a tenant. is a client certificate (tunnel ssl) that connect with proxy-hub, and is a server certificate (tunnel ssl) to connect the hub clienthubb-other.
clienthubb-othe: is a hub addicionality that belongs to tenant clienthubb, this hub aggroup other server because this server are in other dmz.
I configure a tunnel ssl through clienthubb and clienthubb-other but I can't see the hub on IM. Need I other configuration? or isn't possible this and i have that configure the clienthubb-other to the proxy-hub (like other tenant)
We have many clients that have 3 or more tiers.
Primary -> Proxy -> reginal ->Client hub.
so having this setup should not be an issue.
Where is your IM located? is this on the primary hub?
If you log in to IM on the client hub directly can you see the clienthubb if not then you have an issue with your tunnel setup.
if you do you might need to make sure you are running controller/robot and hub 7.93 version or newer and apply the following two KB articles to all hubs.
hub and tunnel connection settings in 7.x and 8.x - CA Knowledge
Avoiding communication errors when configuring UIM - CA Knowledge
If that does not help resolve I would suggest opening a support case.
With hub 7.80, IM often struggles to display remote hubs over 2 or more hub hops, even though every tunnel route is working.
With hub 7.93, IM no longer experience such struggle.
Well, everything struggles, not just IM. But regardless the experience is not a surprise.
Couple things that will help - maybe:
- Definitely update to the newest controller and hub you can. If nothing else that will satisfy the first ask support will make of you if you go the route of opening a support ticket. And the 7.93 versions are better than most of the others you might have. Careful with the OS support if you are using any 32 bit deployments as support for those gets dropped along the way.
-Set up your get queues and interaction between the tiers of hubs, manually if necessary, regardless of whether the hubs and queues show in the drop downs in the GUI. UIM learns the routes and network from activity on the network - usually broadcasts of information from various hubs. It seems though that the additional traffic from messaging helps it sort out what's right. At least it keeps the hubs asking to resolve names of other hubs.
- Turn off the hub broadcast feature
- On the intermediary hubs, if possible, set up firewall rules that will prevent communications in or out to any other hubs except the ones that are required.
- Restart discovery_server - make sure you are on the latest hotfix/release of that too
- Try to avoid restarting hubs - hubs are kind of like teenagers - they learn from and believe everything they see on the Internet (network) and once learnt, it's really hard to get them to unlearn. If a hub learns that another hub is down, it's going to hold onto that information until it learns otherwise. Problem is that in the meantime, it will be telling all its friends that this hub is down which might no longer be true.
- The whole learning process can take a surprising length of time - it's not instant and it's reliant on periodic broadcasts of information. With only a couple hubs it could take hours to work itself out. The frustrating thing is that next time it might be seconds. And the next time after that, days.