Reverting to earlier Centrify DirectAccess Access Manager instance on dead machine?

Showing results for 
Search instead for 
Do you mean 
Reply
Participant II
Posts: 5
Registered: ‎04-11-2018
#1 of 6 1,160
Accepted Solution

Reverting to earlier Centrify DirectAccess Access Manager instance on dead machine?

Hi,

 

If I restore a VM with Centrify DirectAccess Access Manager, which is the only instance of Centrify, but not the only DC, which multiple Linux machines talk to, what will happen?

Does it just use AD and so will resync, or does it store it on the dead machine and so will loose all the changes?

 

I currently have a machine that fails to boot, it is the only instance of the Centrify Manager, the last point in time I can restore it to is from over a year ago. (Insert screaming here)

 

Thanks.

Posts: 941
Topics: 3
Kudos: 260
Blog Posts: 6
Ideas: 0
Solutions: 122
Registered: ‎07-06-2010
#2 of 6 1,155

Re: Reverting to earlier Centrify DirectAccess Access Manager instance on dead machine?

Thank you for using Centrify.

 

Good news for you.  Access Manager is just a client that communicates with Active Directory to help you manage the UNIX and access data stored in AD.

 

The UNIX/Linux clients communicate to AD directly and do NOT communicate with Access Manager.

 

Please note that Centrify does not install anything on Domain Controllers, or require schema extensions.  All Centrify requires from AD is an OU/Container to store the UNIX and access policies.  The management tools (i.e. Access Manager, Powershell, adedit, SDK) communicate directly to AD as do the UNIX/Linux clients.  

 

Therefore, all you need to do is install Access Manager on any other system joined to Active Directory.  When you open Access manager, right click on Zones, click Find Now and open your Zones.

 

If you were running the Zone Provisioning Service to automate UNIX profile management, find another member server to install the ZPA service on.

 

Please let us know if you have any other questions.

 

Regards,

 

 

Felderi Santiago
VP of Enterprise Solutions
Centrify Corporation
Found my response helpful? Click the Kudos button!
Follow Centrify:
Centrify Guru I
Posts: 2,295
Registered: ‎07-26-2012
#3 of 6 1,154

Re: Reverting to earlier Centrify DirectAccess Access Manager instance on dead machine?

@leia-yeomans,

 

Welcome to the Centrify community.

 

The answer is:  nothing happens; all continues to work as expected.

 

All the information used by Centrify clients is stored in Active Directory.  This is the same scenario if you were to lose a system with Active Directory Users and Computers.  These consoles can be installed in any Privileged Access Workstation*

 

Note that your question was about Access Manager.  The answer is not the same if you are talking about a system running Zone Provisioning Agent, Report Services, Licensing Service or DirectAudit.  Those components do require redundancy in design planning.

 

* A privilege Access Workstation is a dedicated system for Windows administration.  The key here is that it should be dedicated to consoles and make sure it does not have email or internet connectivity.

 

R.P

Want to learn more about practical Centrify examples? Check out my blog at http://centrifying.blogspot.com
Follow Centrify:
Participant II
Posts: 5
Registered: ‎04-11-2018
#4 of 6 1,149

Re: Reverting to earlier Centrify DirectAccess Access Manager instance on dead machine?

Hi Fel,

 

Thanks! It looks to have all come up OK, it can see the changes I made since then, thank you very much. :)

 

(Looks like I cannot mark both as the solution, which is a shame. Both very helpful answers. :))

 

Thanks,

Leia

Participant II
Posts: 5
Registered: ‎04-11-2018
#5 of 6 1,148

Re: Reverting to earlier Centrify DirectAccess Access Manager instance on dead machine?

Hi R.P,

 

Thanks! It all looks OK now, syncing has happened and can see recent changes. Phew!

 

(Looks like I cannot mark both as the solution, which is a shame. Both very helpful answers. :))

 

Thanks,

Leia

Posts: 941
Topics: 3
Kudos: 260
Blog Posts: 6
Ideas: 0
Solutions: 122
Registered: ‎07-06-2010
#6 of 6 1,145

Re: Reverting to earlier Centrify DirectAccess Access Manager instance on dead machine?

Good to hear.

 

No worries about who gets credit for the solution.  We're a team and here to help you the customer.

 

Take care,

 

Fel.

Felderi Santiago
VP of Enterprise Solutions
Centrify Corporation
Found my response helpful? Click the Kudos button!
Follow Centrify: