Scom 2012 knowledge sharing-3: Understanding gateway servers

Source: Internet
Author: User
Tags failover

Platform: System Center 2012 RTM/SP1


Gateway Server

The gateway server enables proxy management for computers outside the Kerberos trust boundary of the Management Group, such as untrusted domains. The gateway server acts as a centralized point for communication between the proxy and the management server. The proxy in the untrusted domain communicates with the gateway server, while the gateway Server communicates with one or more management servers. Because the gateway Server communicates with the Management Server only through one port (TCP 5723), the unique port must be enabled on any intervention firewall to enable the management of computers managed by multiple proxies.Multiple gateway servers can be placed in a single domain so that failover can be performed between these gateway servers when the proxy is out of contact with one of the gateway servers.. Similarly, a single gateway server can be configured to perform failover between management servers so that there is no single fault point in the communication chain.

Because the gateway server is located in a domain that is not trusted by the Management Group, certificates must be used to establish the identity, proxy, Gateway server, and Management Server of each computer.. This arrangement meets operations manager's requirements for mutual authentication.

650) This. width = 650; "Title =" 05 "style =" border-top: 0px; border-Right: 0px; Background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; padding-Right: 0px; "Border =" 0 "alt =" 05 "src =" http://img1.51cto.com/attachment/201407/18/639838_1405691047POLl.png "Height =" 484 "/>

Note: benefits of using a gateway Server

You can establish trust relationships through certificates. If 100 servers need to be monitored, You need to deploy 100 certificates for 100 servers ,.


650) This. width = 650; "Title =" Clipboard "style =" border-top: 0px; border-Right: 0px; Background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; padding-Right: 0px; "Border =" 0 "alt =" Clipboard "src =" http://img1.51cto.com/attachment/201407/18/639838_1405691068Uuzi.png "Height =" 387 "/>

If there is a gateway server, but you only need to pass the gateway server and pass the kerbros authentication, the gateway can perform the access point.

Only issue certificates to Gateway and act as access points to Process Certificate requests from untrusted regions

It can be issued by Microsoft's Certificate Server and a third-party Certificate Server.

Use momcertimport.exe to import the certificate. In the tools section of the scom installation directory

Gatewayserver in the target domain



650) This. width = 650; "Title =" Clipboard [1] "style =" border-top: 0px; border-Right: 0px; Background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; padding-Right: 0px; "Border =" 0 "alt =" Clipboard [1] "src =" http://img1.51cto.com/attachment/201407/18/639838_1405691091unv8.png "Height =" 392 "/>

Bytes ------------------------------------------------------------------------------------------------------------------


Gateway server deployment

Reference technet document: http://technet.microsoft.com/zh-cn/library/hh456445.aspx

Bytes ------------------------------------------------------------------------------------------------------------------

Monitors untrusted clients across the Internet,For example.

You need to deploy two gateway servers.

650) This. width = 650; "Title =" Clipboard [2] "style =" border-top: 0px; border-Right: 0px; Background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; padding-Right: 0px; "Border =" 0 "alt =" Clipboard [2] "src =" http://img1.51cto.com/attachment/201407/18/639838_14056911105slH.png "Height =" 289 "/>

Bytes ------------------------------------------------------------------------------------------------------------------

This article is from the blog "Zeng luxin's technical column" and will not be reposted!

Scom 2012 knowledge sharing-3: Understanding gateway servers

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.