Replicating the Patch Management (TNCPM) server

The pmconf replicate command allows you to replicate the Trusted Network Connect Patch Management (TNCPM) server. In this model, one patch manager host downloads relevant data from the Internet and then distributes this data to one or more additional patch manager hosts on the local network.

In PowerSC Standard Edition without replication, the patch manager downloads the latest service packs, open packs, and security fixes that are available in the IBM ECC and Fix Central websites. The TNC Patch Management daemon pushes the latest updated information to the TNC server, which serves as a baseline fileset to verify the clients.

This approach is maintained with patch manager replication. When replication is configured, downloading service packs, open packs, and security fixes occurs only from one TNCPM host known as the Primary TNCPM host. Replication is then performed to one or more secondary TNCPM hosts.

Consider the following benefits to using replication in an environment where there is more than one TNCPM server:
  • Because only one TNCPM host needs to be exposed to the Internet, the bandwidth requirements are reduced.
  • Populating the additional TNCPM hosts is typically much faster than if each had to separately download the same data from the Internet.
  • There is improved security because all other TNCPM hosts participating in replication do not need Internet access.

Understanding the replication flow

Replication occurs after the pmconf operation (add, delete) has completed on the primary TNCPM host. In the following add example there are 3 steps:
  1. Download the latest service packs and register with TNC.
  2. Apply any required ifixes for this service pack.
  3. Replicate the service packs and ifixes to the secondary TNCPM hosts.

    The secondary TNCPM hosts are named host1, host2, and host3 in this example:

    Done applying ifix(es).

Preparing Primary for Replication. This may take several minutes...
Starting DOWNLOAD replication... 
Testing connectivity to host1...Success
Replicating onto host1

Starting DOWNLOAD replication... 
Testing connectivity to host2...Success
Replicating onto host2

Starting DOWNLOAD replication... 
Testing connectivity to host3...Success
Replicating onto host3
Similarly, consider the following replication delete example:
# pmconf delete -p 7200-02-02

Starting REMOVE replication... 
Testing connectivity to host1...Success
Replicating onto host1

Starting REMOVE replication... 
Testing connectivity to host2...Success
Replicating onto host2

Starting REMOVE replication... 
Testing connectivity to host3...Success
Replicating onto host3