Is it possible to use CNAMEs for SSC and WIE?
I want to use friendlier DNS names for the SSC and WIE servers in my environment. Is this possible? Any time I try to change it when reinitializing WIE, it doesn't work - I always have to use the hostname of the system or the IP address.
This can probably be done successfully, but it depends on how your DNS system is set and also the ability of your various clients to resolve the given name. Documentation and understanding between the app server, DNS, and network admins will be very important to prevent outages later.
During the WIE Initialization, you are asked for the SSC Server URL, SSC administrator login, WebInspect Enterprise Manager URL, and the WebInspect Enterprise service account defined among the SSC Users. These URLs will generally look like the following samples.
When all the set-up is complete, this is how it operates. Clients browsing to the SSC server use the URL for hostname1. They are authenticated there using the SSC User listings. Clients connecting directly to the WIE Manager such as WIE Console (thick client) or WebInspect desktop, or Sensor configuration) use the URL shown above for hostname2. Human clients browsing to the WIE web console use that WIE URL appended with /WebConsole. When the human's browser attempts this connection, they are redirected to the SSC URL on hostname1. They are asked to log into the SSC UI, and then the browser redirects them to the WIE URL over on hostname2. This is why it is critical that both hostnames can be resolved by your two servers as well as all remote clients. As a common example of a bad choice, using a hostname such as "localhost" in the WIE Initialization will work fine for the local admin installing WIE, but will fail for all remote users.
I am not sure why you would prefer CNAMEs, but I will assume it is similar to a client we had who wanted a Cold Fail Over option. SSC and WIE do not support Hot Fail Over options, e.g. clusters, HA, et al. The best option is to have an identical app server and perhaps a mirrored or latest copy database server on stand-by, with the understanding that the admins will need to manually bring that on-line in the event of an outage of the primary system.
My client instigated an alias system so the alias always pointed to the live app servers, but gave them the option to alter the alias to the stand-by servers in case that was needed. I do not know the technical details on how they set this up, and although they mentioned a Load Balancer it could possibly have been done with CNAMEs. The primary benefit to this configuration was that the clients would not need to know the hostnames of the servers specifically nor change their Bookmarks if and when the Fail Over occurred, even though they might experience a loss of connectivity for a period of time.
- Alias1 = SSCserver > pointed to the IP of hostname1
- Alias2 = WIEserver > pointed to the IP of hostname2
- hostname1.example.com = stand-by SSC server - HP services active
- hostname2.example.com = stand-by WIE server - HP services active
- hostname3.example.com = stand-by SSC server - HP services disabled
- hostname4.example.com = stand-by WIE server - HP services disabled
- hostname5.example.com = the fully redundant SQL Server used by all 4 servers (consider this a hidden aspect of the network configuration, as its Fail Over situations were already handled separately)
Users would connect to Alias1 or Alias2, and all servers had proper DNS records to resolve to one another successfully, as did all clients. Sadly, the replacement administrators had some difficulties when they arrived, because all of this set-up had not been expressed documented and posted as an internal standard for their app server configuration. They ran into some network issues when addresses were moved, and we eventually got it untangled and reset.
Users will connect to the Alias URLs only. Hostnames 1 and 2 are "bonded" together using the WIE Initialization program on hostname2. Hostnames 3 and 4 are "bonded" together using the WIE Initialization program on hostname4.
-- Habeas Data
Micro Focus Fortify Customers-Only Forums – https://community.softwaregrp.com/t5/Fortify/ct-p/fortify