Can a crossplat (UNIX/Linux) agent be multihomed in OpsMgr? (#SCOM #SYSCTR)
One of my clients recently asked me a very reasonable question that I had not considered yet. Can a crossplat agent be multihomed in OpsMgr? As background in OpsMgr a Windows agent can be multihomed to up to four different management groups (meaning the same agent can report to four different OpsMgr management groups). Some great folks at Microsoft (thank you Kris and Daniele!) pointed me to another great guy at Microsoft (shout-out to Anders!) to get the lower-down here:
<Please note, this is not an officially supported configuration>
The agent doesn’t really care what management group it is part of, but the management server cares about the certificate signing. So, to multihome the crossplat agent following steps need to occur:
- Export the management server signing certificate from any management servers that may have signed agent certs with scxcertconfig –export (on the management server)
- Import the exported certificates on all management servers in the second management group that will manage the agents (members of the resource pool) with scxcertconfig –import.
The new management servers will “trust” the certs signed by the management servers in the first management group.
- Then you can “discover” the agents on the new management server, certificate signing will not be required, and the agent will be polled by both Management Groups. The certificate that the crossplat agent has needs to be signed by the management server that runs the first discovery. As long as the servers trust that management server as a CA server, you can monitor the crossplat machine using multiple management servers which could span multiple management groups.
Blog links on this topic:
- Cross-platform failover for OpsMgr 2007: Anders Bengtsson covers this topic: http://contoso.se/blog/?p=1380
- OpsMgr 2012 SSL Certificate Errors: Anders Bengtsson covers this topic: http://contoso.se/blog/?p=2753
- Information on TechNet for how to manage resource pools for UNIX and Linux computers (including certificates for high availiability) : http://technet.microsoft.com/en-us/library/hh287152.aspx
Summary: UNIX/Linux agents can be multihomed in OpsMgr although it is not an officially supported configuration.