Symantec IGA

  • Private Community
 View Only

  • 1.  Suggestion on where to install CCS

    Posted Jan 18, 2018 04:34 AM

    CA Identity Suite 14.1 vApp

     

    Because of we have to perform AD provisioning the requirement is to install the C++ Connector Server (CCS) on a Windows machine attested into managed AD Domain. Our idea, to avoid an additional dedicated machine, is to install the CCS on one of the AD Domain Controllers. May you comment out that idea or, in brief, is it a valid choice or it should be avoid for some reason?

     

    Thanks,

    Gabriele  



  • 2.  Re: Suggestion on where to install CCS
    Best Answer

    Broadcom Employee
    Posted Jan 18, 2018 04:59 AM

    Yes, this is a valid option. If there are multiple DC's make sure you give the domain name as the host, so I can failover between controllers.



  • 3.  Re: Suggestion on where to install CCS

    Posted Jan 18, 2018 06:00 AM

    Hi Gil,

    thanks for you answer but are you suggesting to install the CCS on all the DC's and not only on one of them?



  • 4.  Re: Suggestion on where to install CCS

    Posted Jan 18, 2018 03:25 PM

    Hello Gabriele,

     

    I believe Gil is stating that if there was additional DC's that you wanted to add the CCS on then to be sure to give the domain name as the host so there is no issues between failure. If you are only installing the CCS on one DC that is okay as well.

     

    Thanks,

    Luke



  • 5.  Re: Suggestion on where to install CCS

    Broadcom Employee
    Posted Jan 21, 2018 02:41 AM

    No necessarily. Using the domain name simply make sure the CSS will fail-over to another DC if there is a problem with domain services, and makes it easier to match the SSL certificates.



  • 6.  Re: Suggestion on where to install CCS

    Posted Feb 09, 2018 03:29 AM

    Hi Gil,

    may you also confirm I have to configure Active Directory to accept SSL connections though the CCS is on the same Domain Controller machine. This is because CCS uses LDAP protocol and Microsoft requires SSL over LDAP to write password attribute of an AD account; is it true?

    Thanks and regards,

    Gabriele



  • 7.  Re: Suggestion on where to install CCS

    Broadcom Employee
    Posted Feb 09, 2018 04:18 AM

    Hi Gabriele, although I am not Gil , you are correct: you still need to configure SSL for AD even though CCS is installed on the domain controller machine.

    KR
    Russi



  • 8.  Re: Suggestion on where to install CCS

    Posted Feb 09, 2018 04:20 AM

    Thanks again Russi.



  • 9.  Re: Suggestion on where to install CCS

    Posted Jan 30, 2018 05:50 AM

    Hi all,

    I re-open the thread because I need sono specification (hardware/software) about installation of CCS on DCs and I can't found anything on docops.ca.com.

     Also, because the customer has got only one AD Domain environment (Production) and he wants to use it for all the CA Identity Manager environments (Development, Test and Production) my questions are:

    1. the ConnectorServer.zip package downloaded from vApp Admin UI of one environment (e.g. Development) is suitable also for the other environments (e.g. Testing and Production)?

    2. one installation of CCS can be used by multiple Identity Manager environments?

     

    Thanks and regards,

    Gabriele.



  • 10.  Re: Suggestion on where to install CCS

    Broadcom Employee
    Posted Jan 30, 2018 06:36 AM

    The CCS is designed for a single provisioning manager registration. You might be able to get it to work with multiple IM/PS servers, but you will get inconsisted data. I would recommend against it.