The following sections explain how to change the IP address on the following devices:
Install the Administration Console with the IP address that it will always use. All devices that import into the Administration Console use this IP address to establish secure communication with the Administration Console.
The only tested method of changing the IP address so that all other devices trust the Administration Console is to install a secondary console with the new IP address and then promote the secondary console to be the primary console.
See the following sections:
Converting a secondary console into a primary console is not a simple task. The task is designed as a disaster recovery solution when the primary console is no longer available.
These instructions assume that your Identity Server and Administration Console are not on the same machine. If they are on the same machine, see Section 2.4.1, Changing the IP Address of an Administration Console.
To move a machine or change the IP address for the Identity Server:
In the Administration Console, click Devices > Identity Servers.
Click the server name.
On the General page, click Edit.
Specify the new IP address in the Management IP Address field and, if necessary, a port.
Click OK, then click Close.
On the Identity Server, stop the server communication service by using the following command:
Linux: /etc/init.d/novell-jcc stop OR rcnovell-jcc stop
Windows: net stop jccserver
Change the IP address by using an operating system utility:
Linux: Click YaST > Network Devices > Network Card, select a method, select the card, then click Edit.
Windows: Click Control Panel > Network Connections > Local Area Connection > Properties > Internet Protocol (TCP/IP) > Properties.
Change to the jcc directory:
Linux: /opt/novell/devman/jcc
Windows Server 2008: \Program Files (x86)\Novell\devman\jcc
Run the configure command:
Linux: conf/Configure.sh
Windows: conf\configure.cmd
The command must be run from the jcc directory because it needs access to files that are available from this directory.
When you are prompted for the local listener IP address, enter the new IP.
When you are prompted for the administration server IP, enter the IP address of the Administration Console.
Follow the prompts and accept the defaults for ports and admin user.
Replace all references to the old IP address in the server.xml file with the new IP address:
Change to the Tomcat configuration directory:
Linux: /opt/novell/nam/idp/conf
Windows Server 2008: \Program Files (x86)\Novell\Tomcat\conf
In a text editor, open the server.xml file.
Search for the old IP address and replace it with the new IP address.
Save your changes.
Start the server communication service by using the following command:
Linux: /etc/init.d/novell-jcc start OR rcnovell-jcc start
Windows: net start jccserver
Restart Tomcat:
Linux: Enter the following command:
/etc/init.d/novell-idp restart OR rcnovell-idp restart
Windows: Enter the following commands:
net stop Tomcat7
net start Tomcat7
To change the IP address of the Access Gateway machine, you need to configure the Access Gateway for this change. This is especially significant when the Access Gateway Appliance has only one IP address.
IMPORTANT:The new IP address must be configured in the Administration Console before you change it on the Access Gateway. If you change the address on the Access Gateway first, the Administration Console does not trust the Access Gateway and cannot establish communication.
In the Administration Console, click Devices > Access Gateways > Edit > Adapter List.
(Conditional) If the machine belongs to a cluster, select the Access Gateway from the Cluster Member list.
From the Adapter List, select the subnet mask that contains the IP address you want to change.
Select the old IP address, click Change IP Address, specify the new IP address, then click OK.
This option changes all configuration instances of the old IP address to the new IP address. For example, any reverse proxies that have been assigned the old IP address as a listening address are modified to use the new IP address as the listening address.
Click OK.
To apply your changes, click the Access Gateways link, then click Update > OK.
If you are physically moving the machine, move it before completing the rest of these steps.
Check the IP address that the Administration Console uses for managing the Access Gateway. Click Access Gateways > [Name of Access Gateway] > Edit.
If the old IP address is listed as the Management IP Address, select the new IP address. If your Access Gateway has multiple IP addresses, select the one that you want the Administration Console to use for communication with the Access Gateway.
The port should only be modified if there is another device on the Access Gateway that is using the default port of 1443.
If the name of the Access Gateway is the old IP address, modify the Name option.
Click OK.
The Administration Console uses the configured IP address to find the Access Gateway.
On the Identity Server, restart Tomcat:
Linux: Enter the following command:
/etc/init.d/novell-mag restart OR rcnovell-mag restart
Windows: Enter the following commands:
net stop Tomcat7
net start Tomcat7
If your Access Gateway stops reporting to the Administration Console after completing these steps, trigger an auto-import. See Triggering an Import Retry.
On the Access Gateway Service, use a system utility to add the new IP address.
Do not delete the old IP address at this time.
Linux: Start YaST, click Network Devices > Network Card, then select the Traditional Method.
Windows: Access the Control Panel, click Network Connections > Local Area Connection > Properties, then select Internet Protocol (TCP/IP). Click Properties > Advanced.
In the Administration Console, import the new IP address:
Click Access Gateways > [Name of Access Gateway] > New IP.
Click OK.
Wait for the command to complete.
Change the management IP address:
On the Server Details page, click Edit.
If the old IP address is listed as the Management IP Address, select the new IP address.
If your Access Gateway has multiple IP addresses, select the one that you want the Administration Console to use for communication with the Access Gateway.
(Conditional) Modify the port if there is another device on the Access Gateway that is using the default port of 1443.
If the name of the Access Gateway is the old IP address, modify the Name option.
Click OK.
The Administration Console uses the configured IP address to find the Access Gateway.
To verify that the new IP address is being used, check the health of the Access Gateway.
Edit the Access Gateway configuration so that the reverse proxies use the new IP address:
You need to complete these steps for each reverse proxy.
In the Administration Console, click Access Gateways > Edit > [Name of Reverse Proxy].
(Conditional) If a member of a cluster, select the cluster member that has a new IP address.
For the listening address, deselect the old IP address and select the new IP address.
Apply the settings and update the Access Gateway.
Verify that everything is working correctly by accessing a resource protected by this reverse proxy.
On the Access Gateway Service machine, use a system utility to remove the old IP address.
Remove the old IP address from the Administration Console:
Click Access Gateways > [Name of Access Gateway] > New IP.
Click OK.
Wait for the command to complete.
To verify that the old address has been removed, click Edit and verify that the old address is not an option for the Management IP Address.
To move a machine or change the IP address for the audit server:
In the Administration Console, click Auditing > Novell Auditing.
On the Novell Auditing page, change the IP address for the server and, if necessary, the port.
Click OK.
Update all Access Gateways.
Reboot all servers, including the Access Gateways, to use the new configuration.