Synchronizing a remote server with the csmAuth certificate

Edit online

You can set up remote Copy Services Manager servers for LDAP authentication redundancy.

About this task

To configure LDAP authentication redundancy, both servers need to start csmAuth with the same truststore file (key.jks). You can use either the Copy Services Manager GUI or the CLI to synchronize remote servers with the csmAuth certificate.

Synchronizing a remote server with the csmAuth certificate by using the GUI

Edit online

You can synchronize a remote server with the csmAuth certificate by using the GUI.

Before you begin

You must have administrator authority to perform this task.

Procedure

  1. Log in to the Copy Services Manager GUI as a user with administrative authority.
  2. From the menu, click Settings > Advanced Tools.
  3. Scroll down to find the section for exporting and synchronizing a truststore file.
    Note: You can click Export to export the truststore file. This file is used for remote authentication by storage systems, including DS8000. Synchronizing does not require exporting, but it ensures that when the synchronization occurs, that the exported file can allow the storage system to use both Copy Services Manager servers.
  4. Click Synchronize to synchronize the exported truststore file onto another Copy Services Manager server. Complete the following fields:
    1. Enter the Host name or IP address for the Copy Services Manager server.
    2. Enter the Port for the Copy Services Manager server. The default port is the one that the current CLI connection is using.
      Note: If you want to synchronize from Copy Services Manager on the DS8000 HMC to another server that has a different CLI port, you might first need to unblock the firewall for that port.
    3. Enter the User name for a user with administrator authority on the Copy Services Manager server.
    4. Enter the Password for the specified user.
  5. For changes to take effect, csmAuth needs to be restarted on the destination server.

Results

One or more remote Copy Services Manager servers are synchronized with the same truststore file to enable LDAP authentication redundancy.

Synchronizing a remote server with the csmAuth certificate by using the CLI

Edit online

You can synchronize a remote server with the csmAuth certificate by using the CLI.

Before you begin

You must have administrator authority to perform this task.

Procedure

  1. Log in to the Copy Services Manager command line as a user with administrative authority.
  2. Run the syncauthservice command to synchronize remote Copy Services Manager servers with the same truststore file (key.jks). By synchronizing these files, the remote authentication can communicate with either server by using the same key_itso.jks file.
    Note: You can view the syncauthservice command help topic for more information. See the syncauthservice command in the IBM® Copy Services Manager online product documentation (http://www-01.ibm.com/support/knowledgecenter/SSESK4) for more information.

    The Command-line Interface User's Guide also provides details on the syncauthservice command.

  3. For changes to take effect, csmAuth needs to be restarted on the destination server.

Results

One or more remote Copy Services Manager servers are synchronized with the same truststore file to enable LDAP authentication redundancy.