I'm setting up a backup server and had a question. Right now in EEM, there is only one remote database. An installation set was created to connect to only the primary database. There are multiple machines encrypted and connected to this database.
Once I stand up a backup server and if the primary server goes down, how does the clients know to connect to the backup server if the installation set that encrypted the clients was created only to see the primary? How can I make the clients look for the primary AND the backup?
Ah, you needed to think of that when you created your original install package - you didnt have to have the backup systems exist, but you did need to register a dns name for them to know about.
Retrofitting that is not too hard though - you need to modify a couple of ini files (scm.ini and sdmcfg.ini) - you can do that externally via SMS or something, or you can use the built in deployment system to merge in the changes.
Don't just push out new files though - that will cause other problems - you need to merge the changes in.
So, you can go about this one of two ways - work out the changes yourself by comparing a system with the backup and primary server dns names, or you could get some professional help from your McAfee reseller.
First of all you DON'T want your clients to talk concurrently with two databases.
So if your primary goes down, have DNS change to bring secondary (backup) to life. To prepare for that, use names, not IP addresses for your servers (in SDMCFG.INI).
Repair your primary offline, so clients cannot use it. Shutdown backup server. Transfer database from backup to primary and refresh index. Bring primary online. Change DNS again.
But make resilent and fault tolerant primary database to start with. Simple MS cluster will work OK.Message was edited by: peter_eepc on 5/4/10 1:55:12 PM EDT
Could be. I have stopped checking some time ago, because I could not find that process (setup and failover) described well enough. If you know current link to that doc, please let us know.
What I'm trying to do is, stand up a secondary EEM, in the event that the primary goes down. The primary EEM is the only server service running. I built the secondary without starting the service and have SDBBACK pulling backups from the primary. On the EEM primary, I added the secondary to the server group. If I go to the EEPC 524 client files and import the SDMCFG.ini (with the new secondary database), can't I force sync to the old clients? Once the client receive the new SDMCFG, won't they look for the primary and secondary (which is not in service)?
almost. You need to deploy a merge ini of scm.ini and sdmcfg.ini to your clients - ONLY the new additional entries and the changes mind you.
don't deploy actual files to the machines, just deploy merge ini's with the changes.
As to why, well, I'm available at very reasonable rates through McAfee professional services ;-)
You guys have no idea how much you help me out on this forum. Thank you.
If I import the SDMCFG.ini to the client files-->right click on the .ini and click properties-->select advanced-->I'm supposed to change the file type to merge.ini?
Also, isn't the SCM.INI, machine specific and created on the client during encryption? Why would I need to change SCM.ini if it only identifies the EEPC client machine? Or how could I modify SCM.ini if it's not on EEM? Maybe i'm just misunderstanding you?
scm.ini controls what connections are used, sdmcfg.ini controls how those connections work.
so, create a new client with your primary and backup servers, grab sdmcfg and scm from it, compare that with your current client, remove the common settings and then deploy just the changes to the two files as merge ini's
you could just deploy the whole file, but I doubt it will work as there will be lots of overlap.