IBM Tivoli Monitoring > Version 6.3 Fix Pack 2 > Administrator's Guide > Use role-based authorization policies > Work with multiple domains > Deployment scenarios
IBM Tivoli Monitoring, Version 6.3 Fix Pack 2
Multiple domains with shared roles and authorization policies
This deployment scenario uses similar strategies for user management and setup as a single domain deployment, but with the added ability to target authorization policies for specific IBM Tivoli Monitoring domains.
This deployment scenario is useful if you want to share the same authorization policy administration infrastructure for a set of domains. It allows you to create a set of common authorization policies for all domains as well as policies that are specific to one or more domains. When you grant or exclude a permission for a role, you specify whether the policy applies to all domains or a specific domain. If you do not specify a domain name with the tivcmd CLI> grant, tivcmd exclude, or tivcmd revoke commands, then the policy applies to all domains. To create a domain specific policy use the --domain argument with these commands. For more information about the tivcmd CLI commands, see the Command Reference.
- Preparation for deployment
- The following table describes what you need for this deployment:
Multiple domains with shared roles and policies deployment requirements
Quantity Component Description 1 per domain If load balancing is used, there can be multiple dashboard services hubs per domain.
Dashboard Application Services Hub Dashboard applications such as Infrastructure Management Dashboards for Servers are also installed with each domain's dashboard services hub. 1 Tivoli Authorization Policy Server The Authorization Policy Server can either be installed with Dashboard Application Services Hub for one of your domains or you can install an instance of Dashboard Application Services Hub that is just used for authorization policy administration and that does not have any dashboard applications installed. 1 per domain Hub Tivoli Enterprise Monitoring Server If Hot Standby is being used, there can be two hub monitoring servers per domain. Each hub monitoring server can have multiple remote monitoring servers connected to it. The monitoring agents are connected to the monitoring servers.
1 per domain Tivoli Enterprise Portal Server Each portal server is configured to retrieve authorization policies from the same Authorization Policy Server since there is one policy server that is being shared by all domains. 1 or more LDAP user registry Configure all of the portal servers and each Dashboard Application Services Hub to use the same set of LDAP user registries in order to share authorization policies.
Parent topic:
Deployment scenarios