How to reconfigure SDM/SDC setup to enable fault-isolation and to save currently existing SDM/SDC tunnel discovered device configuration in CA Spectrum.
DX NetOps Spectrum all releases
Spectrum Secure Domain Connector reconfiguration with existing SDC Host configuration.
The CA Spectrum Secure Domain Connector logic will, by default, create a SDConnector process application model which could not be used for "connection" setup in the VNM. By this then, the Spectrum Fault Isolation may not work as expected. To enable the full CA Spectrum Fault Isolation logic, the SDConnector logic must be hosted by a device model (i.e. Host-Model/Workstation or IP-device/pingable) by reconfiguring this while keeping the set of SDM managed devices still available.
CA Spectrum Secure Domain manager setup is triggered by SDM configuration file import (see Secure Domain Manager - Information tab - Subview "Import"). The folllowing procedure will remove the SDConnector process application model, discover then the SDC Host device model and re-import by SDM - and will then re-use the existing "DMZ" device configurations. Means - this allows to change the SDC representing model (from SDConnector process application model to a SDC Host device model) which then allows to enable the fault isolation without affecting the existing device models for this SDM/SDC logic.
Procedure:
./SDM/sdm.config
(saved current config and remove the current sdm.config file off - so having "no import file") ./SDM/sdm.config
again netstat -an | grep 6844
(default port for SDC/SDM is 6844
) that SDM/SDC tunnel comes up sdc_managed
" devices are showing correct status (i.e. poll-interval +60 seconds) Now you can enable the "connection" setup to enable Spectrum Secure Domain manager SDM/SDC fault isolation logic (RCA).
When running the SDM import while the "SDC Host" device model way created before this import, then the SDM import logfile will show the re-use for the device/host-model (in this example here, the "pingable" for x.x.x.x);
[<userName>@<hostName>Logs]$ more SDMConfigImportLog.20160108180232
Importing new SDM configuration into SPECTRUM...
Parsing SDM configuration in sdm.config file...
Done parsing SDM configuration
Modeling new SDM configuration in SPECTRUM database...
Found model x.x.x.x of type Pingable for SDConnector
x.x.x.x
Done modeling new SDM configuration in SPECTRUM database
Done importing new SDM configuration into SPECTRUM