Novell BUSINESS CONTINUITY CLUSTERING 1.1 SP1, Administration Manual

Page 1: ...Novell www novell com AUTHORIZED DOCUMENTATION Business Continuity Clustering 1 1 SP1 September 21 2010 Administration Guide for Novell Open Enterprise Server 1 SP2 Linux...

Page 2: ...S export laws You agree to not use deliverables for prohibited nuclear missile or chemical biological weaponry end uses See the Novell International Trade Services Web page http www novell com info e...

Page 3: ...stering Core Software 25 2 2 5 Installing the Identity Manager Management Templates for Business Continuity Clustering 26 2 2 6 Manual Quick Business Continuity Clustering Installation 26 2 2 7 Removi...

Page 4: ...ager Drivers for Cluster Synchronization Do Not Start 69 4 10 Identity Manager Drivers Do Not Synchronize Objects from One Cluster to Another 70 4 11 Tracing Identity Manager Communications 70 4 12 Pe...

Page 5: ...rations 89 C 1 Security Features 89 C 2 Security Configuration 89 C 2 1 BCC Configuration Settings 90 C 2 2 Security Information for Other Products 93 C 3 Other Security Considerations 94 D Documentat...

Page 6: ...6 Novell Business Continuity Clustering 1 1 Administration Guide for Linux...

Page 7: ...this manual and the other documentation included with this product Please use the User Comments feature at the bottom of each page of the online documentation or go to www novell com documentation fee...

Page 8: ...8 Novell Business Continuity Clustering 1 1 Administration Guide for Linux...

Page 9: ...s The problem is that setting up and maintaining the two or more centers is a manual process that takes a great deal of planning and synchronizing Even configuration changes must be carefully planned...

Page 10: ...page 10 Cluster of Clusters on page 11 Implementation Comparison on page 12 Stretch Clusters A stretch cluster consists of one cluster in which the nodes in the cluster are located in geographically...

Page 11: ...blocks between SANs is performed by SAN hardware but it can be done by host based mirroring for synchronous replication over short distances Figure 1 2 Cluster of Clusters Server 2B Server 3B Server...

Page 12: ...eDirectory tree IP addresses for each cluster can be on different IP subnets It accommodates more than two sites and cluster resources can fail over to separate clusters multiple site fan out failover...

Page 13: ...rovides the following advantages Integrates with SAN hardware devices to automate the failover process using standards based mechanisms such as SMI S Utilizes Novell Identity Manager technology to aut...

Page 14: ...ness Continuity Cluster Solution on page 14 Multiple Site Business Continuity Cluster Solution on page 15 Low Cost Business Continuity Cluster Solution on page 16 Two Site Business Continuity Cluster...

Page 15: ...y done by SAN vendors but can be done by host based mirroring for synchronous replication over short distances The illustration below depicts a four site business continuity cluster Server 2B Server 3...

Page 16: ...Cost Business Continuity Cluster Solution The low cost business continuity cluster solution is similar to the previous two solutions but replaces Fibre Channel arrays with iSCSI arrays Data block mir...

Page 17: ...ing on page 17 Section 2 1 2 OES 1 SP2 Linux on page 17 Section 2 1 3 Novell eDirectory 8 8 on page 18 Section 2 1 4 Novell Cluster Services 1 8 2 for Linux on page 19 Section 2 1 5 Novell iManager on...

Page 18: ...username or password contains special characters such as and so on make sure to escape each special character by preceding it with a backslash when you enter credentials The Identity Manager engine a...

Page 19: ...ands The recommended configuration is to have each cluster in the same eDirectory tree You can have a business continuity cluster with clusters in separate eDirectory trees See Appendix A Implementing...

Page 20: ...cumentation oes implgde index html page documentation oes implgde data b4dgr2g html b4dgr2k Installing and Configuring Identity Manager The node where the Identity Manager engine and the eDirectory dr...

Page 21: ...hould be considered for distances greater than 200 kilometers some of which include The amount of data being transferred The bandwidth of the link Whether or not snapshot technology is being used 2 2...

Page 22: ...stering Core Software on page 29 2 2 1 Business Continuity Cluster Component Locations The following figure illustrates where the various components needed for a business continuity cluster are instal...

Page 23: ...ator User and Group During the install you specify an existing user to be the BCC Administrator user This user should have at least Read and Write rights to the All Attribute Rights property on the Cl...

Page 24: ...Modify Trustees link 4 Specify the Cluster object name or browse and select it then click OK 5 If the BCC Administrator user is not listed as a trustee click the Add Trustee button browse and select t...

Page 25: ...usiness Continuity Clustering 1 1 Software and Configure Core Software options then click Next Both options are selected by default when you start the Business Continuity Clustering installation progr...

Page 26: ...as user root insert the CD that you created in Section 2 2 2 Downloading the Business Continuity Clustering Software on page 23 into an OES 1 SP2 Linux server and wait for the Business Continuity Clus...

Page 27: ...he scp man page for information on using scp Setting Up an NFS Server to Host the Business Continuity Clustering 1 1 Installation 1 Prepare a directory for an NFS share from within a shell To do this...

Page 28: ...ftware by running the following command from a shell yast2 bcc_autoconfig path_to_XML_profile Replace path_to_XML_profile with the path to the file you created in Step 1 on page 26 6 Remove the instal...

Page 29: ...System Mirroring Several different methods and scenarios exist for mirroring data between geographically separate sites Each method has its own strengths and weaknesses For a Business Continuity Clus...

Page 30: ...hared storage space a Storage Area Network or SAN it is important to remember that all servers attached to the shared device whether in the cluster or not have access to all of the volumes on the shar...

Page 31: ...nabled when it is created The Activate on Creation option is enabled by default This causes the pool to be activated as soon as it is created If you choose not to activate the pool you need to manuall...

Page 32: ...Volumes After an NSS partition and pool have been created and the NSS partition has been mirrored if you have not already done so you must create an NSS volume on the pool To do this follow the instr...

Page 33: ...g SAN Based Mirroring Consult your SAN vendor or SAN vendor documentation for instructions on configuring SAN based mirroring 2 3 3 LUN Masking We recommend that you implement LUN masking in your busi...

Page 34: ...page 34 Creating SSL Certificates on page 36 Synchronizing Identity Manager Drivers on page 37 Preventing Identity Manager Synchronization Loops on page 37 Configuring the Identity Manager Drivers an...

Page 35: ...Novell Fully Distinguished Name DN of the landing zone container Specify the context of the container where the cluster pool and volume objects in the other cluster are placed when they are synchroniz...

Page 36: ...tion driver Creating one certificate creates that certificate for a driver pair For example creating an SSL certificate for the Cluster Resource Synchronization driver also creates the certificate for...

Page 37: ...the DirXML Overview link 4 Search for and find the BCC driver set 5 Click the red Cluster Sync icon for the driver you want to synchronize then click the Migrate from eDirectory button 6 Click Add br...

Page 38: ...ter Three both synchronize with Cluster One This is illustrated in Figure 2 4 below Figure 2 4 Three Cluster Identity Manager Synchronization Master You could also have Cluster One synchronize with Cl...

Page 39: ...nabled for business continuity 2 4 2 Configuring Clusters for Business Continuity The following tasks must be performed on each separate Novell Cluster Services cluster that you want to be part of the...

Page 40: ...r Options link 5 Specify a cluster name or browse and select one 6 Click the Properties button then click the Business Continuity tab 7 Ensure that the Enable Business Continuity Features check box is...

Page 41: ...ript search and replace values 1 In the Resource Replacement Script section of the Business Continuity Cluster Properties page click New 2 Add the desired search and replace values then click OK The s...

Page 42: ...iManager installed 2 Specify your username and password specify the tree where you want to log in then click Login 3 In the left column click Clusters then click the Cluster Options link 4 Specify a c...

Page 43: ...fic to your SAN hardware You can add a Perl script or any commands that can be run on Linux or NetWare depending on your platform If you add commands to call outside scripts those scripts must exist o...

Page 44: ...ers then click the Cluster Options link 4 Specify a cluster name or browse and select one 5 Under Cluster Objects select the business continuity enabled cluster resource that contains the Reiser or Ex...

Page 45: ...sources for Business Continuity Cluster resources can be configured for business continuity after they are created Configuring a resource for business continuity consists of enabling that resource for...

Page 46: ...cluster pool resource by using iManager in the Setting Up Cluster Services http www novell com documentation oes cluster_admin_lx data h2mdblj1 html hil7ix1s section of the OES 1 SP2 Novell Cluster Se...

Page 47: ...alues and adding those values to the entire cluster 3 Do one of the following If this is an existing cluster resource continue with Step 1 in the Selecting Peer Clusters for the Resource section If yo...

Page 48: ...agement Configuration Information on page 42 2 5 Managing a Novell Business Continuity Cluster After you have installed set up and configured Novell Business Continuity Clustering software and resourc...

Page 49: ...e Business Continuity Clustering software chooses a destination cluster for you The destination cluster that is chosen is the first cluster that is up in the peer clusters list for this resource Migra...

Page 50: ...ck the Management link 4 Specify a cluster name or browse and select one 5 Click Connections and select a peer cluster 6 Edit the administrator username and password that the selected cluster will use...

Page 51: ...the Identity Manager preconfigured templates for iManager installed 2 Specify your username and password specify the tree where you want to log in then click Login 3 In the left column click Clusters...

Page 52: ...ovides some server console commands to help you perform certain business continuity cluster related tasks Some of the commands can be used both with Novell Cluster Services and with Novell Business Co...

Page 53: ...ss Continuity Clustering for an entire cluster cluster enable resource Enables Business Continuity Clustering for the specified resource The resource you specify must be a member of a cluster that has...

Page 54: ...un when a cluster in a BCC is brought back into service You should run this command when only one node is a member of the cluster 1 After a failure bring up one node in the cluster All other nodes sho...

Page 55: ...The former primary SAN must be demoted to secondary before bringing cluster servers back up Consult your SAN hardware documentation for instructions on demoting and promoting SANs You can use the clu...

Page 56: ...Connectivity Is Lost Users might not be able to access servers in the primary cluster but can possibly access servers in the secondary cluster If both clusters are up nothing additional is required An...

Page 57: ...the Cluster Scan For New Devices command from a secondary cluster server Ensure that remirroring completes before bringing downed cluster servers back up If necessary promote the former primary SAN ba...

Page 58: ...58 Novell Business Continuity Clustering 1 1 Administration Guide for Linux...

Page 59: ...continuity cluster Section 3 1 1 Upgrading NetWare on page 59 Section 3 1 2 Installing or Upgrading Identity Manager on page 60 Section 3 1 3 Installing Business Continuity Clustering 1 1 on page 60 S...

Page 60: ...graded to other servers in the cluster After a cluster server is upgraded and brought back online the pools volumes and resources that failed over to other servers during the upgrade process fail back...

Page 61: ...and select it then click OK 5 If the BCC Administrator user is not listed as a trustee click the Add Trustee button browse and select the User object then click OK 6 Click Assigned Rights for the BCC...

Page 62: ...inux On one cluster upgrade NetWare cluster nodes to Linux by following the instructions in Converting a NetWare Cluster to Linux http www novell com documentation oes cluster_admin_lx data bu1b1x8 ht...

Page 63: ...tity Manager Communications on page 70 Section 4 12 Peer Cluster Communication Not Working on page 71 Section 4 13 Resource Does Not Migrate to Another Cluster on page 71 Section 4 14 Resource Cannot...

Page 64: ...selected peer cluster Cannot Connect 3 This cluster cannot connect to the selected peer cluster Ping the peer cluster to see if it is up and reachable Ensure that BCC is running on the peer cluster a...

Page 65: ...e left column click DirXML then click the DirXML Overview link DirXML is called Identity Manager in the latest releases 4 Select Search Entire Tree then click Search 5 Select the driver you want to ch...

Page 66: ...is not already selected 7 Click Excluded Users and view add or remove users as desired 4 4 Security Equivalent User If resources or peers don t appear in other clusters in your BCC it is possible that...

Page 67: ...at Step 5 through Step 7 for the other drivers in your BCC You must also ensure that the BCC Administrator user has Read Write Create Erase Modify and File Scan access rights to the sys tmp directory...

Page 68: ...click the Add Trustee button browse and select the User object then click OK 6 Click Assigned Rights for the BCC Administrator user then ensure that the Read and Write check boxes are selected for the...

Page 69: ...achine where the installation is being run and restart the Business Continuity Clustering 1 1 installation program 4 9 Identity Manager Drivers for Cluster Synchronization Do Not Start If the Identity...

Page 70: ...exists The eDirectory partition on the Identity Manager node is incorrect This partition must contain the cluster container the DriverSet the Landing Zone OU and the server containers Virtual NCPTM Se...

Page 71: ...the NetWare server console The trace file is located at sys system dstrace log You might want to delete this file before starting a trace so the events logged in the file are specific to the actions...

Page 72: ...utput of the syslog to the console screen This command has limited use because only the last few entries of the log can be viewed You can use the log copy syslog command to copy the syslog to a file a...

Page 73: ...he IP address for a virtual NCP server does not change properly the problem may be caused by one of the following conditions The IP address has been changed only on the load and unload script pages Yo...

Page 74: ...anager Error Appears While Bringing a Resource Online If you get an error in iManager with a blank error string no text appears with the error message while attempting to bring a resource online it is...

Page 75: ...ID 10057730 http support novell com docs Tids Solutions 10057730 html for information on modifying the server cache Time To Live TTL value on the Novell ClientTM 4 24 Mapping Drives to Home Directorie...

Page 76: ...hostServer cn BCC_CLUSTER_HOMES_SERVER ou From_BCCP ou servers o lab The first line in the sample script instructs NSMI to run the ICE utility The b parameter automatically closes the ICE window The d...

Page 77: ...the specified buffer is not large enough 1010 Error performing a DSML read 1011 Error performing a DSML modify 1012 Operation not supported 1013 Error obtaining lock on synchronization object 1014 Inv...

Page 78: ...ity Clustering 1 1 Administration Guide for Linux 2 Open the file that is referenced in the message that appears You can get additional information on how to use the log file by entering help log at t...

Page 79: ...exist For business continuity clusters this feature can be used to copy User objects from one cluster to another cluster in a separate eDirectory tree For example if you have one tree that has 10 000...

Page 80: ...click DirXML then click DirXML Overview 10 Search the eDirectory tree for the Identity Manager driver sets by clicking Search 11 Click the User Sync driver icon then click Migrate from eDirectory 12...

Page 81: ...Identity Manager preconfigured templates for iManager installed 2 Specify your username and password specify the tree where you want to log in then click Login 3 In the left column click DirXML then...

Page 82: ...ster Three both synchronize with Cluster One This is illustrated in Figure 2 4 Figure A 2 Three Cluster Identity Manager Synchronization Master You could also have Cluster One synchronize with Cluster...

Page 83: ...ee and you want to maintain that pool s volume trustee assignments you must migrate the pool to a server with an eDirectory replica The replica must be at least read only and must contain all users Af...

Page 84: ...84 Novell Business Continuity Clustering 1 1 Administration Guide for Linux...

Page 85: ...This is called data divergence Also the mirroring or synchronization process either fails or attempts to overwrite any changed data on one cluster This causes either data loss or data corruption Sect...

Page 86: ...ining the Auto Failover Policy You can further refine auto failover policies to give you more control over if or when an auto failover occurs To do this click the Advanced button to display additional...

Page 87: ...e cluster won t be up to report this state Also adding a connection down condition to a rule with a condition that tests cluster membership is not recommended It is highly unlikely that cluster member...

Page 88: ...ation value is for information only and should not be changed 4 Under Short Polling Interval specify the number of seconds the monitor will wait each time it contacts the cluster or clusters to get he...

Page 89: ...mation for Other Products on page 93 Feature Yes No Details Users are authenticated Yes Administrative users are authenticated via eDirectory Users are authorized Yes Users are authorized via eDirecto...

Page 90: ...take effect bccSettings adminGroupName bccgroup adminGroupName authorizationCacheTTL 300 authorizationCacheTTL cimConnectTimeout 15 cimConnectTimeout Configuration Setting Possible Values Default Val...

Page 91: ...and lost All changes should be made in eDirectory Table C 3 provides additional information on each setting Table C 3 BCC XML Settings Setting Description Default Value adminGroupName The name of the...

Page 92: ...ored on the NCS Cluster object For example a default NCS BCC Peers attribute could appear similar to the following example peer cluster chicago_cluster cluster tree DIGITALAIRLINES TREE tree address 1...

Page 93: ...ttribute values are synchronized among peer cluster by the BCC specific Identity Manager driver so a change to an attribute value on one cluster causes that attribute value to be synchronized to each...

Page 94: ...PN should also be employed Product Name Links to Security Information NSS Securing Access to NSS Volumes Directories and Files http www novell com documentation oes nss_enu data bv8n39l html bv8n39l a...

Page 95: ...erations 95 If a server is accessible from outside the corporate network a local server firewall should be employed to prevent direct access by a would be intruder Audit logs should be kept and analyz...

Page 96: ...96 Novell Business Continuity Clustering 1 1 Administration Guide for Linux...

Page 97: ...nological order according to the publication date Within a dated entry changes are grouped and sequenced alphabetically Each change entry provides a link to the related topic and a brief description o...

Page 98: ...age 17 Added requirements for BASH and changes in the autoexec ncf file Section 2 1 6 Identity Manager on page 19 The NCPTM server objects for the virtual server of a BCC enabled resource are also pla...