How do I configure multiple 5.6 Unix Manager or 7.1 Unix Agent Manager consoles to manage the same Unix agents? (NETIQKB51288)

  • Document ID:7751288
  • Creation Date:02-Feb-2007
  • Modified Date:30-Dec-2010
    • Micro Focus Products:
      Security Manager

Situation

goal
How do I configure multiple 5.6 Unix Manager (UM) or 7.1 Unix Agent Manager (UAM) consoles to manage the same Unix agents?

goal
How do I transfer the encryption key from one Unix Manager (UM) or Unix Agent Manager (UAM) console to another?

goal
How to move the 5.6 Unix Manager (UM) or 7.1 Unix Agent Manager (UAM) console to a new system?

goal
How to backup and restore 5.6 Unix Manager (UM) or 7.1 Unix Agent Manager (UAM) encryption keys ( psekfile )?

Resolution

fact
NetIQ Security Agent for Unix 5.6
NetIQ Unix Agent 7.1
Unix Manager
Unix Agent Manager

fix
The connection from the Unix agent to the UM/UAM console is controlled through the encryption key, which is the file psekfile located at:

          5.6 Unix Manager:                $PSHOME/vsaunix/<OS>/bin

          7.1 Unix Agent Manager:     $PSHOME/netiq/bin

This key is created in the console:

          5.6 Unix Manager:                Manage Agents > Licenses > Re-Generate Keys

          7.1 Unix Agent Manager:     Agent Manager > Licenses > Re-Generate Keys.

To utilize more than one UM/UAM consoles, the encryption keys need to be exported from the working console and then imported into the secondary console.

To export the encryption keys:

  1. Open the working Unix Manager console.
  2. For UM click Manage Agents > Hosts > Scan All Hosts > Hosts > Edit Hosts, and for UAM click Agent Manager > Hosts > Scan All Hosts > Hosts > Edits Hosts
  3. Select as many hosts as desired in the Current Hosts window  using  <Shift> + click  or  <Ctrl> + click
  4. Click the Exported Selected button, then give the file a name using a .psh extension and specify the desired location.  The .psh file can be copied to a network-accessible drive if needed or other secure location where it can be read by a secondary console.   A recommendation for .psh file naming would be netiq-umkeys-{mmddyyyy}.psh.
  5. Click Save.

To import the encryption keys:

  1. Open the secondary UM or UAM console.  See notes below for additional info before importing.
  2. For 5.6 UM   click Manage Agents > Hosts > Edit Hosts > Import Hosts   and  for 7.1 UAM   click Agent Manager > Hosts > Edit Hosts > Import Hosts
  3. Click Browse and select the previously saved .psh file.
  4. Click Open. The hosts from the working UM or UAM console will be added to this new or existing console.

notes

  1. The practice of saving the .psh file from the working console is good even if you do not want to import the hosts to a secondary console, as the .psh file can be used as a backup in the event that the working console computer needs to be reloaded for any reason. If the computer is reloaded without a backup and the encryption keys are not saved, they will have to be manually recreated one at a time.
  2. The format of the psekfile is the same for both the 5.6 and 7.1 agents.  However the 7.1 agents can not be imported into UM due to major differences in the scan code from UM to UAM.  Also note that the 5.6 UM based agents can be imported into the 7.1 UAM but will only paritally scan.  Once hotfix71934 has been applied to the 5.6 agent (5.6.0.72 as shown in the Patch Mgr), it will now scan completely and is able to be fully managed by the 7.1 UAM.

Additional Information

Formerly known as NETIQKB51288