Scom 2012 knowledge sharing-3: Understanding gateway servers

Platform: System Center 2012 RTM/SP1

Gateway Server

The gateway server enables proxy management for computers outside the Kerberos trust boundary of the Management Group, such as untrusted domains. The gateway server acts as a centralized point for communication between the proxy and the management server. The proxy in the untrusted domain communicates with the gateway server, while the gateway Server communicates with one or more management servers. Because the gateway Server communicates with the Management Server only through one port (TCP 5723), the unique port must be enabled on any intervention firewall to enable the management of computers managed by multiple proxies.Multiple gateway servers can be placed in a single domain so that failover can be performed between these gateway servers when the proxy is out of contact with one of the gateway servers.. Similarly, a single gateway server can be configured to perform failover between management servers so that there is no single fault point in the communication chain.

Because the gateway server is located in a domain that is not trusted by the Management Group, certificates must be used to establish the identity, proxy, Gateway server, and Management Server of each computer.. This arrangement meets operations manager's requirements for mutual authentication.

650) This. width = 650; "Title =" 05 "style =" border-top: 0px; border-Right: 0px; Background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; padding-Right: 0px; "Border =" 0 "alt =" 05 "src =" http://img1.51cto.com/attachment/201407/18/639838_1405691047POLl.png "Height =" 484 "/>

Note: benefits of using a gateway Server

You can establish trust relationships through certificates. If 100 servers need to be monitored, You need to deploy 100 certificates for 100 servers ,.

650) This. width = 650; "Title =" Clipboard "style =" border-top: 0px; border-Right: 0px; Background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; padding-Right: 0px; "Border =" 0 "alt =" Clipboard "src =" http://img1.51cto.com/attachment/201407/18/639838_1405691068Uuzi.png "Height =" 387 "/>

If there is a gateway server, but you only need to pass the gateway server and pass the kerbros authentication, the gateway can perform the access point.

Only issue certificates to Gateway and act as access points to Process Certificate requests from untrusted regions

It can be issued by Microsoft's Certificate Server and a third-party Certificate Server.

Use momcertimport.exe to import the certificate. In the tools section of the scom installation directory

Gatewayserver in the target domain

650) This. width = 650; "Title =" Clipboard [1] "style =" border-top: 0px; border-Right: 0px; Background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; padding-Right: 0px; "Border =" 0 "alt =" Clipboard [1] "src =" http://img1.51cto.com/attachment/201407/18/639838_1405691091unv8.png "Height =" 392 "/>

Bytes ------------------------------------------------------------------------------------------------------------------

Gateway server deployment

Reference technet document: http://technet.microsoft.com/zh-cn/library/hh456445.aspx

Bytes ------------------------------------------------------------------------------------------------------------------

Monitors untrusted clients across the Internet,For example.

You need to deploy two gateway servers.

650) This. width = 650; "Title =" Clipboard [2] "style =" border-top: 0px; border-Right: 0px; Background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; padding-Right: 0px; "Border =" 0 "alt =" Clipboard [2] "src =" http://img1.51cto.com/attachment/201407/18/639838_14056911105slH.png "Height =" 289 "/>

Bytes ------------------------------------------------------------------------------------------------------------------

This article is from the blog "Zeng luxin's technical column" and will not be reposted!

Scom 2012 knowledge sharing-3: Understanding gateway servers