This section explains requirements for installing Access Manager Appliance. For a list of current filenames and for information about installing the latest release, see the Release Notes of that release on the NetIQ Access Manager Documentation Web site.
Access Manager Appliance installer installs all components on a single server, so software and hardware requirements are same for all components. Section 1.2, Access Manager Versus Access Manager Appliance lists differences between previously shipped Access Manager versus Access Manager Appliance.
Access Manager Appliance is based on the SUSE Linux Enterprise Server (SLES) 11 SP4 64-bit operating system. The hard disk, RAM, and CPU requirements are same for all components.
For network requirements, see Section 1.3, Network Requirements.
The following are the hardware requirements:
8 GB RAM
Dual CPU or core (3.0 GHz or comparable chip)
100 GB hard disk
The hard disk should have ample space for logging in a production environment. This disk space must be local and not remote.
2 to10 GB per reverse proxy that requires caching and for log files. The amount varies with the rollover options and logging level that you configure.
The static IP address and an assigned DNS name (hostname and domain name) for your Access Manager Appliance.
The following browsers are supported for users to log in to Access Manager Appliance:
Internet Explorer 11 and later
Mozilla Firefox
Chrome
Edge
IMPORTANT:Browser pop-ups must be enabled to use Administration Console.
Clients can use any browser or operating system when accessing resources protected by Access Gateway.
You must install Access Manager Appliance by burning Access Manager Appliance ISO on a DVD.
The virtual machine must have enough resources. The requirements for a virtual machine need to match the requirements for a physical machine. To achieve the performance similar to a physical machine, increase the memory and CPU requirements.
For the hard disk, RAM, and CPU requirements, each virtual machine must meet the following minimum requirements:
100 GB of disk space
8 GB RAM
2 CPUs
You can install Access Manager on virtual machines that support an operating system supported by your Access Manager version and component. For example, SLES 11 SP4 with 64-bit operating system x86-64 hardware.
NOTE:SLES 11 SP4 64-bit Access Manager Appliance does not support XEN paravirtualization.
The following sections contain installation tips for virtual machines:
Even when virtual machines are configured to use a network time protocol (NTP) server, time does not stay synchronized because the machines periodically lose their connection to the NTP server. The easiest solution is to configure primary Access Manager Appliance to use an NTP server and configure other Access Manager Appliance to use a cron job to synchronize their time with primary Access Manager Appliance.
Perform the following steps to synchronize time with the primary Administration Console:
Configure the NTP server in the /etc/ntp.conf file. For information about how to configure the NTP server, see Configuring NTP.
Run the following command on the primary Administration Console to start the NTP server:
rcntp start
Run the ntpdate pool.ntp.org command on the primary Administration Console to synchronize devices.
NOTE:The ntpd process must be running to keep the time in sync among devices.
How you deploy your virtual machines can greatly influence Access Manager Appliance performance. Deploy maximum of four Access Manager Appliance virtual machines on a single piece of hardware. When you start deploying more than four, components of Access Manager Appliance start competing with each other for same hardware resources at the same time. You can include other types of services that the machine can support if they do not use the same hardware resources that Access Manager Appliance components use.
The configured CPUs must match the hardware CPUs on the machine. Performance is drastically reduced if you allocate more virtual CPUs than actually exist on the machine.
Another potential bottleneck is IO. For best performance, each virtual machine should have its own hard disk, or you need a SAN that is capable of handling the IO traffic.
For example, if you have one 16-CPU machine, you get better performance when you configure the machine to have four Access Gateways with 4 assigned CPUs than you get when you configure the machine to have eight Access Gateways with 2 assigned CPUs. If the machines are dedicated to Access Manager Appliance components, you get better performance from two 8-CPU machines than you get from one 16-CPU machine.The setup depends on your unique environment and hardware and virtualization configuration for your cluster.
Use the E1000 network adapter for Access Manager Appliance installation on VMWare ESX.
Your network environment must meet the following requirements:
A server configured with an LDAP directory (eDirectory, Sun ONE, or Active Directory) that contains your system users. Administration uses the LDAP directory to authenticate users to the system.
Web servers with content or applications that need protection.
Clients with an Internet browser.
Static IP addresses for each Access Manager Appliance. If the IP address of the machine changes, Access Manager Appliance components cannot start.
Domain name server, which resolves DNS names to IP addresses and that has reverse lookups enabled.
Access Manager Appliance components know each other by their IP addresses. Some requests require them to match an IP address with the device's DNS name. Without reverse lookups enabled, these requests fail. In particular, Identity Servers perform reverse lookups to their user stores. If the reverse lookups are not available, host table entries can be used.
Network time protocol (NTP) server provides accurate time to the machines on your network. Time must be synchronized within one minute among the components, or the security features of the product disrupt the communication processes. You can install your own or use a publicly available server such as pool.ntp.org.
IMPORTANT:If time is not synchronized, users cannot authenticate and access resources.