I have the following ITCM design:
- 1 Domain Manager Server (DM) on DMZ Lan (lan segment);
- 1 Scalability Server (SS) on MONITORING Lan (lan segment);
- Many itcm client agents installed on servers on another lan segment:
(DM on dmz lan) ----- firewall ----- (SS on monitoring lan)
(clients agents other lan segment)
I'm using dmsweep to scan my networks and I'm using dmsweep from DM server (start a scan from DM server on dmz lan).
My main problem is that the traffic flow between lan segments: DMZ -> clients agents lan segment is NOT ALLOWED (for security reasons).
Is there a way to start a scan from Scalability Server? Traffic between monitoring lan - clients agents lan is allowed.
You are going to have to have communication between the agent targets for the scan using dmsweep this functionality is the same as what is run behind the scenes when deployment wizard is run which you know does require the open ports to function correctly.
Many clients open the ports on a temp basis for the dmsweep and then close them up. Then you should be able to deploy agents from the staged agent packages from the scalability server. Please refer to the implementation guide for more details on this topic especially the required ports that would need to be opened.
Hope this is helpful
Code exists to do this but it is only delivered as part of the SERVER automation product, not Client Automation (even though I’m told the code is actually owned by the client auto team!).
Please open an IDEA to request that this code (known as IDManager) be included in the Client Auto media so that Client Auto users can install and use it on Scalability Servers.
You can also possibly request from product management that this code be made available to you now. This has been done at other sites. I would suggest you open a support issue for this.
Steve McCormick, ITIL
Principal Services Consultant
Please drop me an email on this email@example.com