CA Identity Suite 14.1 vApp
Because of we have to perform AD provisioning the requirement is to install the C++ Connector Server (CCS) on a Windows machine attested into managed AD Domain. Our idea, to avoid an additional dedicated machine, is to install the CCS on one of the AD Domain Controllers. May you comment out that idea or, in brief, is it a valid choice or it should be avoid for some reason?
Yes, this is a valid option. If there are multiple DC's make sure you give the domain name as the host, so I can failover between controllers.
thanks for you answer but are you suggesting to install the CCS on all the DC's and not only on one of them?
I believe Gil is stating that if there was additional DC's that you wanted to add the CCS on then to be sure to give the domain name as the host so there is no issues between failure. If you are only installing the CCS on one DC that is okay as well.
No necessarily. Using the domain name simply make sure the CSS will fail-over to another DC if there is a problem with domain services, and makes it easier to match the SSL certificates.
may you also confirm I have to configure Active Directory to accept SSL connections though the CCS is on the same Domain Controller machine. This is because CCS uses LDAP protocol and Microsoft requires SSL over LDAP to write password attribute of an AD account; is it true?
Thanks and regards,
Hi Gabriele, although I am not Gil , you are correct: you still need to configure SSL for AD even though CCS is installed on the domain controller machine.
Thanks again Russi.
I re-open the thread because I need sono specification (hardware/software) about installation of CCS on DCs and I can't found anything on docops.ca.com.
Also, because the customer has got only one AD Domain environment (Production) and he wants to use it for all the CA Identity Manager environments (Development, Test and Production) my questions are:
1. the ConnectorServer.zip package downloaded from vApp Admin UI of one environment (e.g. Development) is suitable also for the other environments (e.g. Testing and Production)?
2. one installation of CCS can be used by multiple Identity Manager environments?
The CCS is designed for a single provisioning manager registration. You might be able to get it to work with multiple IM/PS servers, but you will get inconsisted data. I would recommend against it.