Configure prerequisites for server-based flexible management


When you deploy a valid server-based flexible management policy to a management server, the management server begins to forward messages and message operations. Before you do this, you must ensure that management servers and nodes meet a number of prerequisites. Some tasks are mandatory, and other tasks are optional.

To configure prerequisites for server-based flexible management

  1. Configure trusted certificates for multiple management servers

    Before management servers can communicate with each other using the HTTPS protocol, you must exchange their trusted certificates. Also, to enable a management server to communicate with HTTPS nodes that another management server owns (for example to start actions or deploy policies), you must update the trusted certificates on the nodes.

  2. Exchange node configurations

    Management servers immediately discard all messages from unknown nodes. Therefore, before a management server can accept forwarded messages, you must upload the appropriate node configurations.

  3. Optional. Configure action-allowed and secondary managers

    By default, only a node's primary management server can start actions on the node. To enable other management servers to start actions on a node, you must specify action-allowed management servers in a flexible management policy and deploy it to the node.

    To enable other management servers to become a node's primary management server, you can specify secondary management servers in the same policy. If a node has the HTTPS agent, the secondary management servers can also deploy policies and packages to the node.

You can also exchange other configuration data between management servers. This is only necessary if you need to have policies and instructions, user roles, tools, services, or instrumentation available on other management servers.

Related Topics: