Applicable to Entuity v19.0 and below.
- For Entuity v20.0, please see this article.
- For Entuity v21.0 upwards, please see this article.
Multi-server configuration page
To create a multi-server configuration (to add a remote server)
To delete a remote server from a multi-server configuration
To assign a flow collector to an Entuity server
To delete a flow collector from an Entuity server
To identify which server is collecting flow data
To assign or deallocate license credits
Considerations for setting up multipe servers
Monitoring multiple Entuity servers
Recommended best practices for setting up user groups and user permissions across multiple servers
Entuity enables you to create trusts between servers. This means that one server can use the resources of another server or of multiple servers.
With a multi-server configuration, you can use an Entuity server to:
- act as a non-polling central server that uses remote servers to poll the network.
- act as a central license server for all of its remote servers. Although you can have more than one central licensing server, a remote server can only accept license credits from one central licensing server at any one time.
- use the flow collection capabilities of its remote servers.
- use network paths discovered by SurePath.
- view details of another server through the System Information page.
- launch the client of a remote Entuity server (although the administrator will have to log in).
Trust between servers is verified through an Administrator user account, which must have the same credential set on all connected servers. Both Administrators and non-administrators can access the information in remote servers if they have user accounts on those servers.
If the user you are currently logged in as does not exist on the remote server, the Multi-Server Configuration will give a status of "no User on Remote Server" after it is added. You will not get any content from that remote server whilst you are logged in as a user that does not exist on it.
Multi-server configuration page:
The Multi-Server Configuration page is accessed via Main Menu and then Administration.
This page can potentially contain 2 sections, depending on what you have installed:
-
Entuity Servers:
- this lists remote Entuity servers. These are servers to which the current server can already access.
- you can also manage these servers, add new servers (Add button) and (if you have a Central License Server license) manage their license credit allocation (Licenses button).
- This section contains a table detailing the following:
Attribute Description Server name of the remote Entuity server. Web Port web port used by the remote server. SSL whether the remote server uses SSL. Show whether you want to show the contents of this remote server in the local server's UI (e.g. through the Explorer). Click the Show or Hide buttons below the table to toggle this on or off. Status current state of trust between the remote server and the local server, which can be one of the following:
-OK, the remote server considers the local server to be a trusted server, allowing it access.
-No Trust, the remote server may have previously allowed the local server access, but has now revoked that access.
-Server Down, the remote server application is down, but the server machine is responding to ping.
-Communication Failure - the remote server machine is down, i.e. not responding to ping.
Max remote flow collectors maximum number of flow collectors on this remote server. Basic device licenses
Allocated (Used)basic device licenses allocated to this server, with those used licenses in (brackets). Full device licenses
Allocated (Used)full device licenses allocated to this server, with those used licenses in (brackets). Associated device licenses
Allocated (Used)associated device licenses allocated to this server, with those used licenses in (brackets). From Entuity v19.0 P02 upwards, this will display 'Unlimited' if an unlimited associated device license is applied to the server. Config Management device licenses
Allocated (Used)configuration management device licenses allocated to this server, with those used licenses in (brackets). From Entuity v19.0 P02 upwards, this will display 'Unlimited' if an unlimited config management device license is applied to the server. Object licenses Allocated (Used) object licenses allocated to this server, with those used licenses in (brackets). Path licenses Allocated (Used) path licenses allocated to this server, with those used licenses in (brackets). Last contacted date and time of the remote server's last contact with its Central Licensing Server.
For further details of Entuity licensing, please see this section.
- click Manage Central Entuity Servers in the top right of the page to display the Central Entuity Servers page. This page lists central Entuity servers that have access to the current Entuity server.
- on this page, you can remove trusted Entuity servers by ticking the box of the server you want to remove and then clicking Delete. Entuity will remove the selected server(s) from the Central Entuity Servers page. On the remote server's Remote Entuity Servers page, this local server would not have a status of No Trust. This would prevent that remote server from displaying this local server's contents through its UI (e.g. through the Explorer).
- on this page, you can remove trusted Entuity servers by ticking the box of the server you want to remove and then clicking Delete. Entuity will remove the selected server(s) from the Central Entuity Servers page. On the remote server's Remote Entuity Servers page, this local server would not have a status of No Trust. This would prevent that remote server from displaying this local server's contents through its UI (e.g. through the Explorer).
-
Assigned Flow Collectors:
- this lists flow collectors assigned to the current Entuity server. An Entuity server receives and displays flow data from the flow collectors assigned to it.
- a flow collector can only be assigned to one Entuity server at a time, but one Entuity server running IFA Premium can have as many collectors assigned to it as its license permits.
- This section contains a table detailing the following:
Attribute Description Server resolved name or IP address of the remote flow collector. Web Port web port used by the remote flow collector. SSL whether the remote flow collector uses SSL. Status current status of the remote flow collector.
To create a multi-server configuration (to add a remote server):
- In the Main Menu, click Administration.
- Click Multi-Server Configuration. Make sure you are on the Remote Entuity Servers page - if you are on the Central Entuity Servers page, click Remote Entuity Servers in the top right.
- Under the Remote Entuity Servers section, click Add.
- This opens the Add Remote Entuity Server page.
- Specify the name or IP address of the remote server you are adding in the Server field.
- Specify the web port used by the remote server in the Web Port field.
- Select the SSL tickbox if it used by the remote Entuity server.
- Enter a valid user account name and password belonging to the Administration group in the Username and Password fields.
- Click Submit. If you would like to cancel, click Cancel.
- This will take you back to the Multi-Server Configuration page. The remote server(s) that you have added will be displayed in the table in the Entuity Servers section.
For help and information on consolidating servers in a multi-server configuration, please see this section.
To delete a remote server from a multi-server configuration:
- Navigate to Multi-Server Configuration and ensure you are on the Remote Entuity Servers page, as described above.
- Select the server you would like to delete, and click Delete.
An Entuity server can receive and display flow data from the flow collectors that are assigned to it. Note, if you reassign a flow collector from one server to another, all of the data collected and retained by that flow collector when it was managed by the original server will be lost.
To assign a flow collector to an Entuity server:
If you are using Entuity v20.0 upwards, please see this article.
- Navigate to Multi-Server Configuration page and ensure you are on the Remote Entuity Servers page, as described above.
- Under the Assigned Flow Collectors section, click Add....
- This displays the Add Flow Collector page.
- Specify the name or IP address of the remote server you are adding in the Server field.
- Specify the web port used by the remote server in the Web Port field.
- Select the SSL tickbox if it used by the remote Entuity server.
- Enter a valid user account name and password belonging to the Administration group in the Username and Password fields.
- Click Submit. If you would like to cancel, click Cancel.
- If the submission is successful, you will be returned to the Multi-Server Configuration page. The flow collector(s) that you have added will be displayed in the table in the Assigned Flow Collectors section.
To delete a flow collector from an Entuity server:
If you are using Entuity v20.0 upwards, please see this article.
- Navigate to Multi-Server Configuration and ensure you are on the Remote Entuity Servers page, as described above.
- Select the flow collector you would like to delete, and click Delete.
To identify which server is collecting flow data:
- Navigate to Multi-Server Configuration, as described above. You will need to be on the Central Entuity Servers page. If you are on the Remote Entuity Servers, click Manage Central Entuity Servers in the top right of the browser.
- The table displayed lists the remote servers that can access information on the central Entuity server. It also tells you if the central Entuity server is acting a the master server for flow collection.
To assign or deallocate license credits:
The Multi-Server Configuration page is where you can assign or deallocate license credits to or from pollers when the server is acting as a Central License Server. Please see the article sections on Central License Servers and Assigning license credits for further help and information on this.
When using multiple Entuity servers, you can assign each Entuity server its own license, tied to its host identifier which specifies the modules and integrations permitted on that server. This standalone license can also set the object and device credits available to the server.
Cloning Entuity servers:
When installing multiple Entuity servers, you might want to clone an existing install, especially where Entuity is installed to a virtual machine. For example, you may want to clone a server that has the required View configuration, user profiles, and report definitions.
There are considerations regarding cloned Entuity servers, however:
- the cloned server may be managing devices, and usually you would not want multiple servers managing the same devices.
- the cloned server would include a license tied to the original server. When licensing is controlled through a Central Licensing Server, then you must assign the new cloned server a license, or when assigned locally you must then obtain a new license.
- the cloned server would have the same server identifier (serverid) as the original server.
After you have cloned an Entuity server that has been used to manage your network (i.e. it includes user profiles and is managing devices), you need to do the following:
- assign to the cloned server its own server identifier. This is important in multi-server environments where Entuity servers are identified through their server identifier.
- to assign a server identifier, ensure the cloned server is not running, and then from the command line run the following:
configure serverid new
- to assign a server identifier, ensure the cloned server is not running, and then from the command line run the following:
- obtain a new license from your Entuity representative.
If you want to retain or remove details from the original server:
- if you want to retain the user permissions, View structures and report definitions, but not the device inventory, then you must remove all devices from the Device Inventory page.
- if you want to start with a fresh installation, during install and configure you will need to instruct Entuity to delete the database.
Considerations for setting up multiple servers:
In multi-server environments, you should determine how you intend to group devices before assigning them to an Entuity server.
- Root cause analysis is local to each Entuity server. All hops along critical traceroute paths should be managed on the same server.
- Maps only show and maintain connections between devices managed by the same Entuity server. You can include devices managed by different servers on the same map, but you will need to manually connect them through manual topology.
- Connected End Host IP address identification requires ARP cache information to be collected on the same Entuity server that is managing the switches to which the hosts are connected (please see below).
Collecting ARP cache information:
In multi-server environments, an Entuity server may not manage routers from which it requires ARP cache information to perform end host IP address resolution on devices that it does manage.
For example, if you have two separate offices and a core distribution network that joins the two, it makes sense to manage the core routers on the same server. You can then build maps to display the core distribution network. The two offices you can manage on separate Entuity servers. However, this might leave one of the servers (the one that does not manage the core) without distribution routers from which to extract ARP cache data, which is used to populate connected end host IP addresses.
Rather than have multiple Entuity servers managing the same routers, you can (through a device file) configure ipman to collect ARP cache information from these routers. By default, provost runs ipman with -f, but does not reference a device file. You must create a device file, and then through entuity.cfg identify it to ipman. ipman can then collect ARP cache information from the routers specified in the device file.
- Create a tab delimited text file containing the hostname or IP address, and SNMP read community string, for each router that ipman polls.
For example, the file entuity_home\etc\arp_cache_devices.cfg contains:
10.12.12.1 public
rLondon01 commstring - In entuity.cfg, specify the name of the device file, D:\Entuity\etc\entuity.cfg:
[ipman]
devicefile=D:\Entuity\etc\arp_cache_devices.cfg
The next time you run ipman, it will reference the device file.
Note, Entuity recommends that you use the example location and name of the device file to ensure it is maintained during Entuity upgrades.
Monitoring multiple Entuity servers:
An Entuity central server polls its remote servers to check their reachability. The polling mechanism checks all layers of the central and remote server connection. By default, if the response time of any given remote server drops below the predefined timeout:
- the central server will stop requesting information from the remote server, e.g. requests are automatically disabled for the remote server's events and incidents, managed object details etc.
- the remote server will be reported as having a connection failure on the Multi-Server Configuration page.
- the central server will continue to poll all remote servers for their availability. This allows the central server to start re-polling a remote server when it becomes reachable again.
Example multi-server setup:
In this example, there is a network managed by 4 Entuity servers: Server 1, Server 2, Server 3 and Server 4. You want to grant Server 1 access to the other three servers, and you do this by logging into Server 1 and entering the details of the other three servers through the Remote Entuity Servers page.
When you log in to one of the remote servers, e.g. Server 3, then through its Central Entuity Servers page you can see which Entuity servers have access to Server 3, which in this example will only be Server 1. You have the option of revoking the access of Server 1.
Entuity servers can act as both a central and a remote server. In this example, you may want to allow more than one server to access information collected by the other servers. You could therefore allow Server 3 access to Server 1 and Server 2. In this case, on Server 3:
- Server 1 appears as both a central and remote server, reflecting the mutual level of trust.
- Server 2 appears as only a remote server, reflecting the one-way trust relationship.
- Server 4 is not visible, because it was not added to Server 3 as a remote server.
Server 3 is added as a central server to Server 1 and Server 2.
It is possible to configure all Entuity servers to act as both remote and central servers. This allows users (with the appropriate access levels) to access information on all servers from any other Entuity server.
Recommended best practices for setting up user groups and user permissions across multiple servers:
Entuity recommends mirroring configuration across all servers as far as possible. This would require you to create the same user groups on each server, and then add the same permissions to each group on each server. Account Administration can be undertaken through the UI via the Account Management page, or via Entuity's RESTfulAPI functionality.
However, there are circumstances where you might want to have different permissions per server, for example in the case of MSPs who might want to keep access between customer servers separate. In this case, you will need to go to the individual server and change the permissions there, e.g. turning off permissions for Customer B on Customer A’s server.
Comments
0 comments
Please sign in to leave a comment.