3.10. General Management: Disconnected Systems

Disconnected systems are a unique use case because the system is offline, either off the corporate network or possible entirely lacking Internet access. This means that the system has no ability to access any subscription or content services, so any changes to the system must be manual.

3.10.1. The Environment: Security Environments and Backup Systems

Disconnected systems are simply any system that cannot connect to the Internet or, possibly, even an intranet. The products and subscriptions for that system, and the system itself, should still be included in an inventory.
This frequently means servers in secure locations where they are prevented by business rules from connecting to the Internet. It can also include backup systems, which may be kept offline until needed.
Most of the subscription and content operations are performed over the network. For example, the rhsmcertd process checks for updated subscription information every four hours by connecting to the given subscription service. If a system cannot connect to the Internet, than almost all of those management tasks cannot be performed.

3.10.2. Workflow

The disconnected system workflow follows the same conceptual path as a workflow like Section 3.3, “Customer Portal: Autoattaching Systems”, except that instead of using the tooling to connect to the required services and perform the services automatically, an administrator has to configure and copy certificates around manually.
Registering Disconnected Systems

Figure 12. Registering Disconnected Systems

  1. Create the system's entry.
    The simplest thing is to create this entry in the Customer Portal, which is a global view of all systems in the company. If a subscription service like Subscription Asset Manager is used, then the disconnected system can be associated with a local organization and system group, which could be useful if the system will be brought online later.
  2. Attach subscriptions to the system. If the system were online, the Red Hat Subscription Manager would pull in a list of available subscriptions and then communicate that back to the subscription service (much like a waiter taking an order in a restaurant). In that way, both the local system and the subscription service are aware of what is attached to the system.
    With a disconnected system, the appropriate subscriptions need to be set aside and attached to the system first so that the subscription service is aware of the assignments.
  3. Download all of the certificates for the system, both the identity (registration) certificate and all of the associated attached subscription certificates.
  4. Copy the identity certificate into the appropriate location. This tells the system what its registration information is.
  5. Copy the subscription certificates into the appropriate location.
    This tells the system what subscriptions it has attached to it, without having to query the subscription service for available subscriptions.

3.10.3. Options and Details

Virtually all of the additional configuration options — both system-level configuration like setting a service level and infrastructure-level configuration like using a different subscription or content service — are not applicable to a disconnected system as long as it is disconnected. Most parameters, such as autoattaching, configure operations that occur automatically over the network.
One thing to plan is what configuration should be used if the system is ever brought online. For example, if the rest of the infrastructure is using Satellite 6 rather than Customer Portal Subscription Management hosted services, the disconnected system should probably also be registered to the Satellite 6 services rather than Customer Portal Subscription Management. For security rules, that system may never be brought online, so that configuration may always be irrelevant. Backup systems could come online at any time, which would make proper configuration important.