P.S.M. Swamiji wrote:
Suppose you want inserting a smartcard1 to go to sparc server
and inserting a smartcard2 to go to x86 server can be done by
using below AMGH config.
1. Configure AMGH using /opt/SUNWut/sbin/utamghadm -s
/opt/SUNWutref/amgh/utamghref_allkeys_script
on all the servers being part of AMGH (make sure LAN enabled on all
the servers)
2. utrestart -c
3. Create /opt/SUNWutref/amgh/back_end_db file with the following entries
token=smartcard1 host=sparc_server
token=smartcard2 host=x86_server
Although this is a good approach for a POC or an initial deployment, we
do not recommend use of the reference AMGH scripts in production
environments.
Although the scripts are fully functional, they are intended as
*reference* use only, to illustrate the use of the interface as an aid
to writing your own script which matches your enterprise needs. They
are not stable interfaces. They may change in a patch or upgrade, and
their design goal is "clarity of example for API use". They have not
been designed with production use needs in mind, such as scalability,
maintainability, stability, user provisioning, etc. Some of the reasons
for this design choice are detailed in my blog How-To guide.
Things to keep in mind when adapting the reference code or writing your
own script:
- Do you have an HA DS today containing user data, which could be
leveraged and extended to hold the AMGH FOG name for each user?
If so, this will simplify user provisioning (employees joining or
leaving your company) by avoiding fragmentation of user data into
multiple repositories which must be managed individually.
It will also solve the data synchronization and update issues
compared to using a flat file on each server, and avoid SPOF issues
resulting from NFS sharing such a file.
- How do you intend to distribute your AMGH scripts to each server, and
keep them in sync as you change them?
Finally, you really shouldn't be putting your own content into
/opt/SUNWutref, since the Solaris (or Linux) packaging framework assumes
that belongs to SRSS packages/RPMs, and you can lose changes during
patches/upgrades.
-Bob
_______________________________________________
SunRay-Users mailing list
[email protected]
http://www.filibeto.org/mailman/listinfo/sunray-users
