Installation time: 45 to 90 minutes, depending on the hardware.
|
What you need to know |
|
Access Manager Appliance can be installed on all supported hardware platforms for SLES 11 SP4 (64-bit).
Ensure that you have backed up all data and software on the disk to another machine. The Access Manager Appliance installation completely erases all the data on your hard disk.
Ensure that the machine meets the minimum hardware requirements. See Section 2.1, Installation Requirements.
(Optional) If you want to try any advanced installation options such as driver installation or network installation, see the Deployment Guide.
Access Manager Appliance is installed with the following default partitions:
boot: The size is automatically calculated and the mount point is /boot.
swap: The size is double the size of the RAM and the mount point is swap.
The remaining disk space after the creation of the /boot and swap partitions is allocated as the extended drive. The extended drive has the following partitions:
root: The default size is one-third the size of the extended drive and the mount point is /.
var: The default size is one-third the size of the extended drive and the mount point is /var.
NOTE:Do not install or import any non- 4.1 Appliance devices during installation.
Access Manager Appliance does not support configuring multiple network interfaces during installation. The eth0 interface is configured by default, and if you require multiple interfaces, you can configure them through the Administration Console after installation.
Insert the Access Manager Appliance CD into the CD drive.
The boot screen appears.
By default, the Boot From Hard Disk option is selected in the boot screen.
Use the Down-arrow key to select Install Appliance.
Press Enter.
Review the agreement on the License Agreement page, then click I Agree.
Select the region and time zone on the Clock and Time Zone page.
Click Next.
Configure the details on the Appliance Configuration page:
|
Field |
Description |
|---|---|
|
Host Name |
The hostname for the Access Manager Appliance machine. |
|
Domain Name |
The domain name for your network. |
|
Public IP |
Configure the following options for the public IP:
|
|
Private IP |
Configure the following options for the private IP. This is an optional configuration. If this is configured, the Administration Console listens on this IP.
|
|
DNS Server 1 |
IP address of your DNS server. You must configure at least one DNS server. |
|
DNS Server 2 |
IP address of your additional DNS server. This is an optional configuration. |
|
In the Root Password section, specify password for the root user and name of the NTP server. |
|
Click Next.
Configure the following details under the Administration Console Configuration:
|
Field |
Description |
|---|---|
|
Primary |
Deselect this option to specify if this Access Manager Appliance is not primary. If you are installing it as a secondary Access Manager Appliance then ensure that the primary Access Manager Appliance is reachable. |
|
Admin Console IP |
Specify the IP address of the primary Access Manager Appliance if this is secondary. |
|
Username |
The name of the Administration Console user. NOTE:The Administration Console username does not accept special characters # (hash), & (ampersand), and () (round brackets). |
|
Password |
Specify and confirm the password for the user. NOTE:The Administration Console password does not accept special characters : (colon) and " (double quotes). |
Click Next.
The Installation Settings page appears. This page displays the options and software you selected in the previous steps. Use the Overview tab for a list of selected options, or use the Expert tab for more details.
Do not change the software selections listed on this screen.
(Optional) To modify the installation settings for partitions, click Change.
Click Install > Install.
This process might take 45 to 90 minutes depending on the configuration and hardware.
The machine reboots after the installation is completed. It runs an auto configure script, and then the Access Gateway and Identity Server components are configured.
(Optional) Verify if Access Manager Appliance is installed and configured successfully.
Log in to the Administration Console. See Section 2.2.4, Logging In to the Administration Console), then click Devices > Access Gateways.
If the installation was successful, the IP address of your Access Gateway appears in the Server list.
The Health status indicates the health state after the Access Gateway is imported and registers with the Administration Console.
The Access Gateway health is displayed as green. The configuration takes care of establishing a trust relationship between an embedded service provider and the Access Gateway and also the trust relationship with the Identity Server before you proceed with any other configuration.
In a browser, enter the Access Manager Appliance URL. The Access Manager Appliance URL is formed by using the Host Name and Domain Name provided in the Step 8. For example, if the host name is accessapp and the domain name is novell.com, then the URL will be https://accessapp.novell.com. You will be redirected to the Sample Portal Page.
Click the Administration Console link and log in to.
Click Devices> Access Gateways. The Servers tab displays AG-Cluster with one Access Gateway. The IP Address of the Access Gateway is same as the Access Manager Appliance IP Address. The health of both the AG-Cluster and Access Gateway should display green.
Continue with one of the following sections:
The landing portal is enabled by default during the installation of Access Manager Appliance. The portal also has a sample application, which you can configure to learn Access Manager Appliance capabilities. The landing portal is visible to users, hence it is not recommended to use in the production setup. Use it for demonstration and trial purposes. Remove the landing portal after you verify all your configurations in a staging environment.
Perform the following steps to remove the landing portal:
In the Administration Console, click Access Gateway > Cluster > Edit > NAM - RP.
Select the namportal path based service.
Click Delete.
Click Protected Resources.
Delete the following protected resources:
portal_employee
portal_manager
portal_public
portal_users
Click OK > Update.
In the Administration Console, click Devices > Identity Servers > Servers > Edit > Roles.
Select the role policy check box, select the portal_roles role from the Roles Policy List, and click Disable.
Click OK > Update.
To remove the portal web application from the Access Manager Appliance filesystem, perform the following steps:
Log in to Access Manager Appliance by using any SSH client (for example, SSH in Linux and PuTTY in Windows).
Stop the Administration Console by using the /etc/init.d/novell-ac stop command.
Go to the portal directory by running the cd /opt/novell/nam/adminconsole/webapps command.
Remove the portal by running the rm -rf portal command.
Start the Administration Console by running the /etc/init.d/novell-ac start command.
The portal creates two default users Alice and Bob in the Appliance Configuration store.
You can remove the users by performing the following steps:
In the Administration Console, click Roles and Tasks > Users > Delete User.
In the Delete User page, specify the Object Name as bob.novell to delete Bob and alice.novell to delete Alice.
Click OK.
NOTE:Optional: You can delete basic authorization, fill allowance, fillRole, and role assignment policies on the Policies page.
The Administration Console is a combination of iManager and a device manager. It has been customized for Access Manager Appliance so that it can manage the Access Manager Appliance components.
You cannot use it to log into other eDirectory trees and manage them.
You should not download and add iManager plug-ins to this customized version. If you do, you can destroy the Access Manager Appliance schema, which can prevent you from managing the Access Manager Appliance components. This can also prevent communication among the modules.
You should not start multiple sessions of the Administration Console on the same machine through the same browser. Because the browser shares session information, this can cause unpredictable results in the Administration Console. You can, however, start different sessions with different brands of browsers.
To log in to:
Enable browser pop-ups.
From a client machine external to your Administration Console server, launch your preferred browser and enter the URL for the Administration Console.
If the hostname of your Access Manager Appliance is www.host.com, you would enter http://www.host.com:8080/nps.
Click OK. You can select either the permanent or temporary session certificate option.
Specify the administrator name and password that you defined during installation and click Login. Access Manager Appliance Dashboard opens.
For more information about this view or about configuring the Administration Console for Access Manager Appliance 4.0 view, see Configuring the Default View in the NetIQ Access Manager Appliance 4.1 Administration Guide.
IMPORTANT:All of the configuration and management tasks in the Access Manager Appliance documentation assume that you know how to log in to the Administration Console.
To understand the conventions of the Administration Console, see Section 2.2.5, Administration Console Conventions.
The required fields on a configuration page contain an asterisk by the field name.
All actions such as delete, stop, and purge require verification before they are executed.
Changes are not applied to a server until you update the server.
Sessions are monitored for activity. If your session becomes inactive, you are asked to log in again and unsaved changes are lost.