Registering Units

You can register Guardium units for central management either from the Central Manager or from the unit itself. Regardless of how the registration is done, the Central Manager and all managed units must have the same system shared secret. If the unit to be managed is already registered for central management with another manager, unregister the unit from that central manager before you register it with the new manager. Be sure to understand exactly what happens to that unit when it is registered and unregistered for central management.

Note: If the user that is logged in to a managed unit does not exist on the Central Manager, the session is invalidated. It remains invalidated until the unit is registered with a Central Manager.

What Happens during Registration

The following actions happen on registration.

The unit type is set to managed and manager IP is stored.
Product key of manager is applied. (License key is not propagated with Ping or User sync. It is sent on registration or when the system refreshes.)
All job scheduling is reset to default.
All psml files (portal GUI customizations) are removed.
All local users and roles are removed.
List of threshold alerts that is not be evaluated is reset.
Users roles, permissions from manager are loaded.
Custom classes, user uploaded JARs, LDAP truststore from manager are uploaded.
Database connection from managed to manager is enabled.
Database connection from manager to managed is enabled.
CAS listener is started if needed.

After registration all definitions of reports, queries, groups, policies, audits, and more are retrieved from the Central manager.

If the Registered Unit Status Remains Offline

If you know the unit that is registered is online and accessible from the Central Manager, but its status remains offline, then complete the following steps.

Verify that the unit to be managed is online, accessible, and operational by using a browser window to log in to the Guardium system on that unit.
Click Refresh for the unit.
Check that you entered the correct IP address for the unit.
Check that the unit has the same shared secret as the Central Manager.

Note: If the registration of a unit is offline, the registration request persists. It is resent to the IP/port specified on a set interval until the unit registers. A registration request that does not succeed expires after seven days.

Registering from a Managed Unit

On a managed unit, you can use the GUI to register the unit with the Central Manager. Otherwise, you can use the CLI register command as described in Registering a Managed Unit with the CLI.

Click Setup > Central Management > Registration and Load Balance to open Central Management Registration.
For Host IP, enter the IP address of the Central Manager.
For Port, enter the https port for the Central Manager (usually 8443).
Click Register.

After you register on the managed unit, it initiates communication with the Central Manager, and nothing more needs to be done.

Note: The central management unit must be online and accessible by this unit when you register for central management. In contrast, when you register units for management from the central management unit, you can register units that are not currently accessible.

Registering a Managed Unit with the CLI

On the managed unit, log in to the CLI.
Type register management <Manager IP> <Manager Port>

After you register on the managed unit, it initiates communication with the Central Manager, and nothing more needs to be done.

Registering units from the Central Manager

You can register units that are not currently accessible.

Navigate to Manage > Central Management > Central Management to open Central Management.
Click Register New. The unit Registration page opens.
Enter the Unit IP and port, and click Save. The Central Management page refreshes with the new unit.