Gateway servers are used to enable agent-management of computers that are outside the Kerberos Trust boundary of management groups, such as in a domain that is not trusted. The gateway server acts as a concentration point for agent-to-management server communication. Agents in non-trusted domains communicate with the gateway server and the gateway server itself communicates with one or more management servers. Because communication between the gateway server and the management servers occurs over only port 5723 (TCP), that port is the only one that has to be opened on any intervening firewalls to enable management of multiple agent-managed computers. Multiple gateway servers can be placed in a single domain so that the agents can failover from one to the other if they lose communication with one of the gateway servers. Similarly, a single gateway server can be configured to failover between management servers so that no single point of failure exists in the communication chain.

Because the gateway server resides in a domain that is not trusted by the domain that the management group is in, certificates must be used to establish each computer's identity, agent, gateway server, and management server. This arrangement satisfies the requirement of Operations Manager for mutual authentication.

Note
In a workgroup environment, you will need to install certificates for communication between the agents and the gateway server.

In a domain environment, the gateway server is installed on a computer in the same domain where the target computers are located. The gateway then becomes the computer where discovery of target computers is performed.

Data communications between the management server and the gateway is encrypted.

Installation Overview

Following are the recommended phases for deploying a gateway server.

  1. Copy the Gateway Approval tool into the Operations Manager folder. For more information, see How to Deploy the Gateway Approval Tool in Operations Manager 2007.

  2. Install the gateway server using an .msi file. For more information, see How to Deploy the Gateway Server Using MOMGateway.msi in Operations Manager 2007.

  3. Use the Gateway Approval tool to configure the management server to use the gateway server. For more information, see How to Use the Gateway Approval Tool in Operations Manager 2007.

See Also


Did you find this information useful? Please send your suggestions and comments about the documentation.