4.3 Installing the Access Gateway Service

4.3.1 Installing the Access Gateway Service on Linux

IMPORTANT:Because of library update conflicts, you cannot install Access Manager on a Linux User Management machine.

Linux Requirements

  • One of the following operating systems:

    • SUSE Linux Enterprise Server (SLES) 11 SP4 and SLES 12 (64-bit) (physical or virtual).

    • Red Hat Enterprise Linux (RHEL) 6.6 (64-bit) (physical or virtual) and 7.0 (64-bit) (physical or virtual)

  • 4 GB RAM.

  • Dual CPU or Core (3.0 GHz or comparable chip).

  • 2 to10 GB hard disk space per reverse proxy that requires caching and for log files. The amount varies with rollover options and logging level that you configure.

  • A static IP address and a DNS name. The ActiveMQ module of the Access Gateway Service must be able to resolve the machine’s IP address to a DNS name. If the module can’t resolve the IP address, the module does not start.

  • Other Access Manager components should not be installed on the same machine.

  • For installing the RHEL packages, see Section 5.0, Installing Packages and Dependent RPMs on RHEL for Access Manager.

For information about network requirements, see Section 1.3, Network Requirements.

Prerequisites

  • An Administration Console must be installed before you install the Access Gateway Service. See Section 2.0, Installing the Administration Console.

  • An Identity Server must be installed and configured before installing the Access Gateway Service. See, Section 3.0, Installing the Identity Servers.

  • Verify that the server meets the minimum requirements. See Section 4.3.1, Installing the Access Gateway Service on Linux.

  • Verify that the time on the machine is synchronized with the time on the Administration Console. If the times differ, the Access Gateway Service does not import into the Administration Console.

  • If a firewall separates the machine and the Administration Console, ensure that the required ports are opened. See Table 1-3.

  • Because the Access Gateway Service is running as a service, the default ports (80 and 443), which the Access Gateway Service uses might conflict with the ports of other services running on the machine. If there is a conflict, you need to decide which ports each service can use.

  • (Windows Server 2008/2012) If the Web server (IIS) has been installed by default during the Windows Server 2008/2012 install. The Access Gateway Service installation program detects its presence from the registry and issues a shutdown command. Even if you have never activated the Web server and if even it is not running, the shutdown command is issued. Because the Access Gateway Service cannot be installed while the IIS server is running, the installation program needs to ensure that it is not running.

NOTE:The Access Gateway Service clustering is supported for devices that are on the same operating system.

Installation Procedure

Installation time: about 10 minutes.

What you need to know

  • Username and password of the administrator.

  • IP address of the Administration Console.

IMPORTANT:The Access Gateway Service must be installed on a separate machine.

  1. Log in to the Novell Customer Center and follow the link that allows you to download software. For an evaluation version, download the media kit from Novell Downloads.

  2. Copy the file to your machine.

    For the filename, see the NetIQ Access Manager Readme.

  3. Prepare your machine for installation:

    Make your operating system installation media available.

    The installation program checks for Apache dependencies and installs any missing packages.

  4. Start installation by running the following script:

    ./ag_install.sh

  5. Review and accept the License Agreement.

  6. Specify the IP address, user ID, and password of the primary Administration Console.

  7. (Optional) Specify the local NAT IP address if the local NAT is available for the Access Gateway.

  8. Continue with one of the following sections:

4.3.2 Installing the Access Gateway Service on Windows

Windows Requirements

  • Windows Server 2008 R2 or 2012 R2, 64-bit operating system, in either Standard or Enterprise Edition, with the latest patches applied (physical or virtual)

  • 4 GB RAM

  • Dual CPU or Core (3.0 GHz or comparable chip)

  • 2 to10 GB per reverse proxy that requires caching and for log files. The amount varies with rollover options and logging level that you configure

  • A static IP address and a DNS name. The ActiveMQ module of the Access Gateway Service must be able to resolve the machine’s IP address to a DNS name. If the module cant resolve the IP address, the module does not start.

    You can verify this by using the nslookup command. Enter this command with hostname in the command prompt and it should return the IP address of the host

  • Other Access Manager components should not be installed on the same machine

For information about network requirements, see Section 1.3, Network Requirements.

For prerequisites, see Prerequisites.

Installation Procedure

Installation time: about 10 minutes.

What you need to know

  • Username and password of the administrator.

  • IP address of the Administration Console.

IMPORTANT:The Access Gateway Service must be installed on a separate server.

  1. Log in to the NetIQ Customer Center and follow the link that allows you to download software. For an evaluation version, download the media kit from NetIQ Downloads.

  2. Copy the file to your machine.

    For the filename, see the release-specific NetIQ Access Manager Readme.

  3. Disable any virus scanning programs.

  4. To use a remote desktop for installation, use one of the following:

    • Current version of VNC viewer

    • Microsoft Remote Desktop with the /console switch for Windows XP SP2

    • Microsoft Remote Desktop with the /admin switch for Windows XP SP3

  5. Double click the executable file.

    A warning is displayed stating If NAT is present between console, the NAT configuration needs to be done in Administration Console.

    If NAT is configured then ensure that you configure the same in the Administration Console. Else, click Continue >Next.

  6. Review the readme, and click Next.

  7. Review and accept the License Agreement, then click Next.

  8. Specify the IP address, user ID, and password of the primary Administration Console.

  9. (Conditional) Specify the local IP address, if your machine has more than one IP address, which the Access Gateway Service will use for communication with the Administration Console.

  10. (Optional) Specify the Access Gateway Local NAT IP address, if the device is behind NAT.

  11. Click Next.

  12. Configure disk cache. This holds the caching objects of the Access Gateway.

    NOTE:The Access Gateway Appliance uses the mod_cache module filesystem provided by Apache for storing the caching objects. If you want to change the size of this cache after installation, see TID on Changing the Cache Size of an Access Gateway Appliance after Installation.

  13. Click Next, then review the installation summary.

  14. Click Install.

  15. Review the log information at the following location:

    C:\Program Files\Novell\log
    
  16. Click Next > Done.

  17. To verify that the Access Gateway Service imported into the Administration Console, wait for few minutes, log in to the Administration Console, then click Devices > Access Gateways.

    At this point, the Access Gateway Service is not configured.

  18. Continue with one of the following: