To manage a QDB with Control Center, use the Control Center console to add the QDB. Note that you cannot add a QDB to more than one CCDB.
After you add a QDB, its agent computers are automatically displayed in Control Center management groups that are configured to include All Repositories, such as the Master management group.
The primary QDB is the QDB that contains the Knowledge Scripts that you want to use when running AppManager jobs from Control Center. If you have more than one QDB, you can change the primary QDB. For more information, see Section 2.3.2, Performing QDB Management Tasks.
Before you add a QDB:
If the QDB is in a different domain than the Control Center console user, ensure that both domains are trusted.
Properly configure Kerberos delegation and SQL Server DTC settings. If you do not properly configure the QDB computer, the Control Center console adds the QDB but does not allow you to manage the computers. For more information, see the Installation Guide for AppManager, available on the AppManager Documentation page.
To manage more than one QDB with Control Center, configure Control Center to use the same authentication method to communicate with all QDBs. The authentication method you choose depends on how the SQL Server Agent service is configured. For example, if the service on the CCDB computer runs as LocalSystem, and you add the QDB using Windows authentication, the Cache Manager cannot communicate with the QDB.
When you add a QDB earlier than the current version, the command queue service runs a patch script to enable the QDB to synchronize with the CCDB. The command queue service displays the status of the patch in the Queue Manager. Before you add an earlier version of a QDB, be sure to apply the latest QDB hotfixes.
Control Center does not upgrade the QDB to the latest AppManager version. For information about upgrading the QDB, see the Upgrade and Migration Guide for AppManager, available on the AppManager Documentation page.
Configure SQL Server and AppManager security to enable Control Center to communicate with the QDB you want to add.
To configure SQL Server and AppManager security:
In Microsoft SQL Server Management Studio, add the Log On As account for the NetIQ AppManager Control Center Command Queue Service to the list of database users on the QDB and make sure the account has the db_owner database role.
Add the Windows user account for each Control Center user to the list of database users on the QDB. Give each user the same permissions they have on the primary QDB.
|
To enable the user to... |
Do this... |
|---|---|
|
|
|
|
In AppManager Security Manager, give the QDB user the same AppManager role they have on the primary QDB.
|
To enable the user to... |
Do this... |
|---|---|
|
|
|
|
You are now ready to add the QDB to Control Center. For more information, see Section 2.3.2, Performing QDB Management Tasks.
You can use the Control Center console to perform the following QDB management tasks:
Add QDBs.
Configure the cache settings.
Cache settings determine how the Control Center Cache Manager synchronizes event and job information in each QDB in the Control Center console. You can improve the overall performance of the Control Center console by reducing the amount of information the Cache Manager must synchronize.
By default, the Cache Manager synchronizes:
Open and acknowledged events.
All jobs except closed jobs.
Change the authentication method.
You must be a member of the Control Center Administrator group to change the authentication method that Control Center uses to access the QDB.
You can change the authentication method for Control Center, for example, if your corporate security policy requires you to use Windows authentication for all applications or if you choose to implement FIPS-compliant security.
Before changing the authentication method:
If the SQL Server Agent service on the CCDB computer is running as a domain user account, make sure this account has privileges on each QDB.
Make sure all QDBs that Control Center manages use the same authentication method.
Correctly configure the Log On As account for the SQL Server Agent service:
To use Windows authentication, configure the Log On As account for the SQL Server Agent service on the CCDB computer as a Windows user account with permissions on the QDB. You can configure the SQL Server Agent service with the same Log On As account as the command queue service.
To use SQL authentication, the Log On As account for the SQL Server Agent service on the CCDB computer can be LocalSystem or a SQL user account with permissions on the QDB.
If you are migrating a QDB, Control Center must use Windows authentication to connect to the QDB for the migration.
For more information about migrating a QDB, see the Upgrade and Migration Guide for AppManager, available on the AppManager Documentation page.
Consider whether you are using or plan to use only FIPS-compliant algorithms for AppManager security. If you enforce FIPS-only compliance, the console continues to accept SQL authentication, with certain limitations:
The console cannot add or modify a QDB.
The console cannot create SQL accounts.
For more informatin about AppManager FIPS compliance, see the Administrator Guide for AppManager, available on the AppManager Documentation page.
Change the primary QDB.
You must be a member of the Control Center Administrator group to change the primary QDB.
The primary QDB is the QDB that contains the Knowledge Scripts that you use when you run AppManager jobs.
When you change the primary QDB, it can take some time for Control Center to update the list of Knowledge Scripts in the CCDB to match the Knowledge Scripts in the primary QDB.
You cannot start a new job, view the properties of a running job, or update a job when Control Center synchronizes the Knowledge Scripts in the primary QDB.
Remove QDBs from Control Center.
You must be a member of the Control Center Administrator group to remove a QDB.
Before you remove the QDB from Control Center, remove it from any management groups that still include it as a member. For more information, see Section 4.3, Working with Management Groups.
If the QDB you want to remove is the primary QDB, designate a new primary QDB before you remove the current primary QDB.
If you move a QDB from one SQL Server to another, you do not need to remove the QDB from the CCDB. Use the Control Center console to update the new SQL Server details for the QDB. For more information, see the Upgrade and Migration Guide for AppManager, available on the AppManager Documentation page
After you remove a QDB from Control Center, the CCDB no longer contains the event and job information and the information is no longer available in the Control Center console. The existing jobs, events, and data remain in the QDB.
To perform QDB management tasks:
Log on to the Control Center console with a login account that is a member of the Administrator group. This user must also have the db_owner database role for the QDB you are managing.
On the Global Tasks tab of the ribbon, in the Administration group, click Manage Repositories.
Complete the appropriate action:
|
To... |
Do this... |
|---|---|
|
Add a QDB |
|
|
Configure the cache settings |
|
|
Change the authentication method |
|
|
Change the primary QDB |
|
|
Remove a QDB |
Select the QDB you want to remove, and then click Remove. |