Cloning The Drm - Red Hat CERTIFICATE SYSTEM 7.1 - ADMINISTRATOR Administrator's Manual

Cloning the Data Recovery Manager
❍

Cloning the DRM

The following are the steps to setup cloning for a DRM subsystem:
From the Object menu in the Red Hat Console, choose Create Instance Of, then choose
1.
Red Hat Certificate System. Alternatively, you can right-click the Server Group node
and choose Create Instance Of > Red Hat Certificate System. The admin console asks
you to provide a name for the new instance; enter the name of the new Data Recovery
Manager instance in the dialog provided.
The Installation Wizard displays a dialog asking you to specify whether this new
2.
instance is a clone. Answer Yes and click Next.
The Installation Wizard asks you to copy the key and certificates from the master DRM
3.
to the clone if you have not already done so.
Copy the master DRM's Certificate and Key Database.
4.
Because you want the cloned Data Recovery Manager to own the same keys and
certificates as that of the master Data Recovery Manager, you need to make the keys
and certificates used by the master available to the Data Recovery Manager clone.
❍
670 Red Hat Certificate System Administrator's Guide • September 2005
DRM's SSL server key and certificate—This depends on the way in which you
have deployed the clone environment. If you are using a load balancer, regardless
of whether or not the host machines are different, you do not need to generate a
new SSL server certificate for the cloned Data Recovery Manager, since the SSL
server certificate DN should contain the hostname of the load balancer as the
common name (CN) attribute. If the cloned Data Recovery Manager uses the same
hostname as that of the master Data Recovery Manager and you are not using a
load balancer, you can use the same SSL server certificate and key copied from the
master Data Recovery Manager. If you are not using a load balancer and your
master and cloned Data Recovery Managers exist on separate machines (e. g. - a
proprietary configuration which expects usernames [A-M] using one machine and
usernames [N-Z] using the other machine), then the SSL server certificate DN's
should contain the hostname of their resident machines with their own unique keys
obtained by using the renewal process (this scenario requires advanced manual
configuration and therefore is not recommended).
If the master Data Recovery Manager's keys and certificates are stored in the
internal/software token, you need to copy the certificate and key database files
from the master to the Data Recovery Manager clone. Here's how you do this:
In the master Data Recovery Manager's host machine, go to this directory:
I.
<server_root>/alias