3.12.1 Installation Overview and Prerequisites

This section discusses the concepts involved in installing Access Manager to protect the example Digital Airlines website:

After you deploy this example, you must understand the basic features of Access Manager and know how to configure the software to protect your own web servers and applications.

Installation Architecture

The following diagram illustrates how the Digital Airlines website is integrated with Access Manager.

Figure 3-26 Digital Airlines Architecture

This document explains how to use a browser machine and two other machines for this configuration.

Table 3-1 Access Manager Components

 

Administration Console

Identity Server

Access Gateway

Application Web Server

LDAP User Store

Browser

Machine 1

X

X

 

X

X

 

Machine 2

 

 

X

 

 

 

Machine 3

 

 

 

 

 

X

The simplified configuration described in this document is for a test environment only. It is not a recommended or supported configuration for a production environment. For example, the configuration database installed with Administration Console must not be used as an LDAP user store in a production environment. In a production environment, you would not want to install Administration Console, Identity Server, and web server on the same machine. This simplified configuration is designed to minimize the number of machines required for a tutorial.

After deploying the Digital Airlines example, you must understand the concepts required to deploy Access Manager in a number of other configurations. In a production environment, you need to install the necessary Access Manager components according to your specific requirements. For more information about other possible installation configurations, see the Installing Access Manager in the NetIQ Access Manager 4.4 Installation and Upgrade Guide.

Deployment Overview

Prerequisite Tasks

Before starting with the Digital Airlines example, you must perform the following tasks:

  • Enable pop-ups on the web browser for managing and configuring the Access Manager components. For information about supported version of web browsers, see NetIQ Access Manager 4.4 Installation and Upgrade Guide.

  • Install Access Manager Administration Console, Identity Server, and Access Gateway as described in the Installing Access Manager in the NetIQ Access Manager 4.4 Installation and Upgrade Guide.

  • Configure the Access Manager Identity Server. For configuration details, see Section 3.3, Configuring an Identity Server.

    IMPORTANT:The Digital Airlines procedures explain how to add a user to the configuration store of Administration Console. These instructions assume that you have configured Identity Server to use this configuration store as the LDAP user store. This is not a recommended configuration for a production environment. To enable this configuration for a test environment, specify the IP address of Administration Console for the address of the server replica.

Do not configure Access Gateway at this time. Other tasks explain how to configure Access Gateway to allow access to the Digital Airlines site on the web server.

Deployment Tasks

To configure access to the Digital Airlines site, you need to complete the following tasks:

  1. Set up the Apache web server on your Identity Server, then install the Digital Airline pages.

    For more information, see Section 3.12.2, Setting Up the Web Server.

  2. Configure Access Gateway to protect the web server, but allow public access to the site. See Section 3.12.3, Configuring Public Access to Digital Airlines.

  3. Configure Access Gateway to allow access to the protected pages. See Section 3.12.4, Implementing Access Restrictions.