Highlighted
Consultant

Establish communication between 2 different domains where there is no trust relationship

Hi All,

We have a scenario with FNMS on prem setupon xyz domain with 2 Beacon's, Beacon 1 in xyz domain and other Beacon2 is in a DMZ zone in wxyz domain and there is no trust relationship between these domains.

Beacon 2 unable to download the policies as there is no trust relationship between xyz and wxyz domains.

I need help in resolving this issue and establish connectivity between the Beacon 2(wxyz domain) and the FNMS Main setup(xyz domain) so that it can download the policies and function normally. 

Wondering if any one have worked on this kind of setup and please suggest.

 

Regards,

Tags (1)
0 Kudos
11 Replies
Highlighted
Frequent contributor

Re: Establish communication between 2 different domains where there is no trust relationship

Hi Winvarma,

In FNMS, there is no need for Beacons to be on the same domain, or even to be on any Windows domain.

A Beacon is trusted by the Inventory server it connects to (or by another Beacon) because in the configuration of the parent connection on your Beacon, you have to enter a user name and its credentials.

To be able to connect to the Inventory server, that user - format typically is domain\user - needs to be configured as an account in FNMS. Preferably, the user should have the FNMS 'Administrator' role assigned.

As long as your Beacon 2 has an account configured that is trusted on the FNMS Inventory server and HTTPS communication can be established from the Beacon to the FNMS inventory server, the Beacon will be able to download the Policy as well as business adapter configuration settings and agent installation packages.

 

Highlighted
Consultant

Re: Establish communication between 2 different domains where there is no trust relationship

Hi ,

Thanks for the inputs may be the Subject note is not apt for my issue, the issue is that Beacon 2 it not able to access the inventory server to download the policies even though we supply the required credentials as its unable to validate credentials even though the account is given an administrator role in FNMS where in the same credentials were working fine in the Beacon 1. 

Regards,

Winvarma

0 Kudos
Highlighted
Consultant

Re: Establish communication between 2 different domains where there is no trust relationship

Hi,

Why don't you connect the Beacon 2 to Beacon 1 as a child beacon. I have such an implementation with 3 layer beacon and it's working. 

 

Highlighted
Consultant

Re: Establish communication between 2 different domains where there is no trust relationship

Hi @adrian_ritz1 ,

Thanks for the inputs,  how to validate if this is how its initially setup (child to parent)and where can we verify the logs if there were any child beacons configured earlier and if the connectivity is missing now. Later if that cannot be done what will be the impact on the Parent beacon server if we are pointing the Beacon2 from DMZ to contact Beacon 1(network requirements, prerequisites)

 

Regards,

Winvarma

0 Kudos