Verifying server to server connectivity

For a single-server installation, ensure that the server can ping both its short and fully qualified host name. For a three-server environment, verify that each server can ping associated servers. You also must set and synchronize the correct date and time on each server.

About this task

If you use the three-server environment, perform this procedure on the Data server, the Core server, and the Analytics server. Always perform this task in the single-server environment.

Procedure

To verify server connectivity and time settings:

  1. For a single-server only, verify that the server can connect to itself: 
    ping server_short_name
ping server.example.com
  2. Start SSH, enable remote root login if disabled, and verify that the root user can log in:
    Note: Perform these steps as the root user. For a three-server topology, complete these steps on each ICFM server.
    1. Start SSH if not already started: 
      service sshd start
    2. If disabled, enable remote root login and password authentication:
      1. Edit the /etc/ssh/sshd_config file in a text editor.
      2. Find the lines containing PermitRootLogin and PasswordAuthentication.
      3. Ensure that both values are set to yes and save the file. Then run the following command to restart the SSH service:
        service sshd restart
    3. Choose from the following:
      • For a single server installation:
        While logged into a Terminal session to the ICFM server, verify that the root user can log in to the ICFM server via SSH:
        ssh -l root icfm_server.example.com
        Note: You must be able to log in as the root user via SSH for ICFM product and fix pack installations. You must also be able to log in as root from the ICFM server to the optional, supplemental server.
      • For a three server installation:
        While logged into a Terminal session to the ICFM Data server, verify that the root user can log in to the Data, Core, and Analytics servers via SSH:
        ssh-l root data_server.example.com
ssh-l root core_server.example.com
ssh-l root analytics_server.example.com
        Note: You must be able to log in as the root user via SSH for ICFM product and fix pack installations. You must also be able to log in as root from the Data server to the optional, supplemental server.
  3. For a three-server topology only, verify that each server can connect to the other two servers:
    1. To verify that the Data server can connect to the Core and Analytics servers, enter the following commands on the Data server: 
      ping core_server_short_name
ping core_server.example.com
ping analytics_server_short_name
ping analytics_server.example.com
    2. To verify that the Core server can connect to the Data and Analytics servers, enter the following commands on the Core server: 
      ping data_server_short_name
ping data_server.example.com
ping analytics_server_short_name
ping analytics_server.example.com
    3. To verify that the Analytics server can connect to the Data and Core servers, enter the following commands on the Analytics server: 
      ping data_server_short_name
ping data_server.example.com
ping core_server_short_name
ping core_server.example.com
    4. While logged into a Terminal session to the Core server, verify that the root user can log in to both the Data and Analytics servers using key-based authentication via SSH: 
      ssh root@icfm_data_server.example.com ls
ssh root@icfm_analytics_server.example.com ls
    5. Use the date command to ensure that the date and time across all servers are the same. IBM® Counter Fraud Management requires that all three servers have the same date and time. It is a best practice to configure each server to synchronize its time with a Network Time Protocol (NTP) server. Refer to your Linux documentation for details on the date command.
      Attention: If your servers are in a dark network (without internet access), you might require a hardware clock to synchronize time, especially because Kerberos uses time stamps, among other criteria, to determine ticket validity.
      For RHEL 6.7, the following commands install the NTP daemon and synchronize with time servers that you configure in /etc/ntp.conf:
      # install the service
yum install ntp

# configure time servers
vi /etc/ntp.conf

# enable ntp daemon in these runlevels
chkconfig --level 345 ntpd on

# start the service
service start ntpd

# check if ntpd is running properly
ntpq -p
ntpstat

# troubleshoot issues
service ntpd stop
ntpdate 192.168.1.1 (IP of your time server)
service ntpd start