Replacing a server - BlueCat Integrity - 26.1.0

Address Manager Administration Guide
ft:locale
en-US
Product name
BlueCat Integrity
Version
26.1.0

A server must first be disabled in the Address Manager user interface and removed from BAM control before it can be replaced.

If you disable a server and remove it from Address Manager control, you can use the Replace function in Address Manager to replace a server with a new unit of the same type.

Prerequisites: Prior to replacing the server in Address Manager, log in to the DNS/DHCP Server Administration Console and reset the server from Address Manager control. For details, refer to Removing a DNS/DHCP Server from Address Manager control.

To replace a server:

  1. Select the Servers tab in the sidebar, then select Servers.
  2. Select the row actions button () for a disabled server, then select Replace.
  3. Under Server, set the following parameters:
    • Name—enter the name for the server. This name is used only in the Address Manager user interface and isn't associated with deployed DNS data.
    • Hostname—The host name used for the server on the network. For example, myhost.example.com
    • Management address—enter the IPv4 or IPv6 address configured on the eth0 interface in the DNS/DHCP Server Administration Console. If Dedicated Management is enabled, enter the IPv4 or IPv6 address configured on the eth2 interface.
    • Reset service on remote DNS/DHCP Server—by default, this option is deselected. This allows you to replace the DNS/DHCP Server while maintaining existing configurations for DNS, DHCP, and TFTP services. Select the check box only if you have modified the IPv4 or IPv6 addresses of the Service interface or want to reset configurations for DNS, DHCP, and TFTP services on the DNS/DHCP Server.
      Note: Resetting DNS/DHCP Server services will result in a service outage. This service outage will last until you have deployed services to the replacement system.

      Only reset DNS/DHCP Server services if you are replacing the DNS/DHCP Server with a new appliance of a different type or reconfiguring the IPv4 or IPv6 addresses of the Service interface on the appliance. BlueCat recommends that you schedule a maintenance window before performing a reset of DNS/DHCP Server services.

    • Upgrade to latest version—by default, this option is deselected. This provides a safe environment to add a DNS/DHCP Server in Address Manager without applying an unintentional software update. Select the checkbox only if you want to apply the latest version of DNS/DHCP Server software once the appliance is under Address Manager control.
      Note: BlueCat recommends upgrading the DNS/DHCP Server software only after first adding the server to Address Manager. Add the server without selecting the Upgrade to latest version checkbox. After the server has been added to Address Manager, upgrade the server software. For details, refer to Upgrading DNS/DHCP Server software.
    • Password—enter the server password. For more information on the default server password, refer to BlueCat default login credentials (you must be authenticated to view this topic).
    • Location(Optional) select a location from the drop-down menu on which the server object that you are adding or editing will be based. The most often used location objects will be shown at the top of the list followed by all other lists in alphabetical order.
  4. On the Interfaces tab, select Detect server settings. Address Manager will check the DNS/DHCP Server software version, interface count, state of Dedicated Management, IP address, and redundancy scenario (4-port appliances only).
    Important: Selecting Detect server settings is mandatory to ensure that Address Manager properly identifies the current DNS/DHCP Server interface configuration.
    The following fields are automatically populated based on the current configuration set through the DNS/DHCP Server Administration Console (the available fields depend on the number of interfaces of your DNS/DHCP Server):
    • Primary IPv4 services address and prefix length—read-only. This is the IPv4 address and netmask that will be used only for services traffic such as DNS, DHCP, DHCPv6 and TFTP (3 and 4-port appliances only).
    • Primary IPv6 services address and and prefix length—read-only. Displays the IPv6 service address and subnet previously configured through the DNS/DHCP Server Administration Console.
    • Enable xHA Backbone—select the checkbox if you want to configure the xHA interface and specify the IPv4 or IPv6 address and netmask/subnet to be used.
      Note: When configuring an IPv6 address for the xHA backbone, the prefix must be set between the accepted CIDR range of 64 to 127.
    • Enable redundancy—select the checkbox to enable networking redundancy (4-port appliances only) or deselect to disable network redundancy. From the Scenario drop-down menu, select either Active/Backup or Active/Active (802.3ad).
      Note: You can't enable network redundancy from the Add Server page if any VLAN interfaces are present on the Service interface (eth0). If necessary, remove any configured VLAN interfaces using the DNS/DHCP Server Administration Console, then add the server to Address Manager and enable network redundancy. Once the server is under Address Manager control you can configure VLAN interfaces from the Address Manager user interface (Servers > Service Configuration > Interfaces).

      If you require VLAN Tagging with port bonding, you must first enable bonding then immediately configure VLAN interfaces.

    • Enable encrypted notifications—encryption of notifications is disabled by default. Select the checkbox to enable encrypted notifications between Address Manager and DNS/DHCP servers.
      Note:

      About Encrypted Notifications: By default, Address Manager to DNS/DHCP Server communication (the command channel) is secured by TLS on top of TCP using port 10042. However, by default dynamic updates to DNS and DHCP lease information are passed from DNS/DHCP Server to Address Manager (the notification channel) using signed updates rather than full channel encryption (primarily UDP over port 10045). By enabling encrypted notifications, DNS/DHCP Server to Address Manager notifications are secured by TLS on top of TCP using port 10046.

      • The Enable encrypted notifications checkbox is available only for BDDS v9.4.0 or greater.
      • This checkbox only appears after detecting server settings.
      • The ability to toggle the notifications channel between encrypted/unencrypted will be removed in a future release of Address Manager; all communications related to notifications between Address Manager and DNS/DHCP Servers will be encrypted by default with no option to disable encryption.
      • Encrypted notification requires certain ports to be opened on the firewall, see Address Manager service ports for more information.
  5. On the HSM support tab, complete the following:
    Note: In order to enable HSM support on managed DNS/DHCP Servers, you must have previously created an HSM configuration in Address Manager. For complete information on configuring HSM, refer to Configuring HSM.
    • Enable HSM Support—Select the checkbox. The HSM servers drop-down menu is displayed. Select an HSM server from the drop-down menu and select the add icon (+). Repeat this step to add multiple HSM servers.
    • The HSM server at the top of the order will be the Primary; HSM servers below the Primary will be the Secondary, Tertiary. Select the remove icon (x) to remove an HSM server from the list.
  6. In the Change control section, add comments if required.
  7. Select Replace.
  8. Deploy the configuration to the replaced server to ensure proper continuation of services.