Unsupported content This version of the documentation is no longer supported. However, the documentation is available for your convenience. You will not be able to leave comments.

Setting up a stand-alone Network Shell proxy server

Use this procedure to configure a stand-alone Network Shell proxy server. In this configuration, a deployment of an Application Server is configured to function only as a Network Shell proxy server. A stand-alone Network Shell proxy server can perform no other Application Server functionality. It cannot even access the BMC Server Automation database.

To perform this procedure, you must create a Network Shell proxy server deployment using the blasadmin utility, and you must perform some configuration tasks on the central Application Server.

Note

You cannot use Windows user mapping to grant permissions to a user on a managed server when that user is running a Network Shell client to access a managed server through a stand-alone Network Shell proxy server.

To set up a stand-alone Network Shell proxy server

  1. Install an Application Server on the machine where you want to create a stand-alone Network Shell proxy server. When installing, provide the same password for the Application Server certificate that you entered when installing the central Application Server. Do not run the Post-Install Configuration wizard.
  2. Copy the bladelogic.keystore file from a functioning Application Server in your Application Server environment. Using the copied bladelogic.keystore file, replace all occurrences of bladelogic.keystore on the Application Server where you are setting up a Network Shell proxy server.
    On the functioning Application Server, you can find bladelogic.keystore at <installDirectory>/br/deployments/_template/bladelogic.keystore. On the Network Shell proxy server, search for all instances of bladelogic.keystore that might exist within <installDirectory>/br/deployments or any of its subdirectories, such as the _template and _launcher directories.
  3. On the Network Shell proxy server, use the Application Server Administration console (that is, blasadmin) to create a new deployment of type NSH_PROXY and configure it as a stand-alone Network Shell proxy server. To accomplish this, perform the following steps:
    1. Start blasadmin for the _template deployment by entering the following:
      blasadmin -s _template
    2. Create a new default deployment of a Network Shell proxy server by entering the following:
      create <new_proxy> <base_port> NSH_PROXY
      <new_proxy> is the name of the new Network Shell proxy server you are creating.
      <base_port> is a number that is combined with offset values to determine Authentication and Application Server port numbers. For example, the offset for the authentication port is 40 by default. If the <base_port> is 9500, the authentication port would be 9540.
    3. Switch to the newly created deployment by entering the following:
      switch <new_proxy>
    4. If necessary, modify the listening port for the Network Shell proxy server by entering the following:
      set appserver ProxySvcPort #
      where # is the number of the port on the Application Server that listens for Network Shell traffic. For new deployments of an Application Server, the Network Shell proxy server listens for traffic on a port equal to base port plus 42. If this value is acceptable, you do not have to set a value for ProxySvcPort.
      If a value is not set for ProxySvcPort, the Application Server does not run a Network Shell Proxy Service.
    5. Indicate that the Network Shell proxy server should not contact the BMC Server Automation database by entering the following command:
      set appserver PwdStore file
  4. Start the Application Server on the machine where you are setting up a stand-alone Network Shell proxy server. See Starting-stopping-and-restarting-Application-Servers.
  5. Using the BMC Server Automation Console, configure the central Application Server by doing the following:
    1. Select Configuration > Infrastructure Management.
    2. Expand Application Servers, select the central Application Server, right-click, and select Edit.

    3. On the Edit Application Server Profile, for ProxyServiceURLs, enter the following: 


      service:proxysvc.bladelogic:blsess://<NSH_proxy_server_host>:<proxy_svc_port>

       In this entry, <NSH_proxy_server_host> is the host where you have set up the Network Shell proxy server and <proxy_svc_port> is the port number you defined in substep D above (under step 3).

  6. Restart the central Application Server (see Restarting a specific Application Server).
  7. Set up a client for Network Shell users. See Setting up a Network Shell Client to run in proxy mode. You must repeat this step for every Network Shell client that communicates with the Network Shell proxy server.
  8. Assign the NSH_PROXY.Connect authorization to any role that should be used to connect to a Network Shell proxy server.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*