Gateway servers are used to enable agent-management of computers that are outside the Kerberos Trust boundary of management groups, such as in a domain that is not trusted. The gateway server acts as a concentration point for agent-to-management server communication. Agents in non-trusted domains communicate with the gateway server and the gateway server itself communicates with one or more management servers. Because communication between the gateway server and the management servers occurs over only port 5723 (TCP), that port is the only one that has to be opened on any intervening firewalls to enable management of multiple agent-managed computers. Multiple gateway servers can be placed in a single domain so that the agents can failover from one to the other if they lose communication with one of the gateway servers. Similarly, a single gateway server can be configured to failover between management servers so that no single point of failure exists in the communication chain.
Because the gateway server resides in a domain that is not trusted by the domain that the management group is in, certificates must be used to establish each computer's identity, agent, gateway server, and management server. This arrangement satisfies the requirement of Operations Manager for mutual authentication.
Note |
---|
In a workgroup environment, you will need to install certificates for communication between the agents and the gateway server. |
In a domain environment, the gateway server is installed on a computer in the same domain where the target computers are located. The gateway then becomes the computer where discovery of target computers is performed.
Data communications between the management server and the gateway is encrypted.
Installation Overview
Following are the recommended phases for deploying a gateway server.
- Copy the Gateway Approval tool into the Operations Manager
folder. For more information, see How to Deploy the
Gateway Approval Tool in Operations Manager 2007.
- Install the gateway server using an .msi file. For more
information, see How to Deploy the
Gateway Server Using MOMGateway.msi in Operations Manager
2007.
- Use the Gateway Approval tool to configure the management
server to use the gateway server. For more information, see
How to Use the
Gateway Approval Tool in Operations Manager 2007.
See Also
Tasks
How to Configure Agent Failover to Multiple Gateway Servers in Operations Manager 2007How to Configure Gateway Server Failover to Multiple Management Servers in Operations Manager 2007
How to Create a Certificate in an Enterprise CA for Operations Manager 2007
How to Create a Certificate in a Stand-Alone CA for Operations Manager 2007
How to Deploy the Gateway Approval Tool in Operations Manager 2007
How to Deploy the Gateway Server Using MOMGateway.msi in Operations Manager 2007
How to Import a CA Certificate for Use with Operations Manager 2007
How to Remove the Gateway Server in Operations Manager 2007
How to Use the Gateway Approval Tool in Operations Manager 2007
Concepts
Certificates in Operations Manager 2007Mutual Authentication in Operations Manager 2007
Did you find this information useful? Please send your suggestions and comments about the documentation.