Installation time: 45 to 90 minutes, depending on the hardware.
|
What you need to know |
|
You can install Access Manager Appliance on all hardware platforms supported for SLES 12 SP5 (64-bit).
Ensure that you have backed up all data and software on the disk to another machine. Access Manager Appliance installation completely erases all the data on your hard disk.
Ensure that the machine meets the minimum requirements. See Requirements for Installing Access Manager Appliance.
(Optional) If you want to try any advanced installation options such as driver installation or network installation, see the Deployment Guide.
Access Manager Appliance is installed with the following default partitions:
boot: The size is automatically calculated and the mount point is /boot.
swap: The size is double the size of the RAM and the mount point is swap.
The remaining disk space after the creation of the /boot and swap partitions is allocated as the extended drive. The extended drive has the following partitions:
root: The default size is approximately one-third the size of the extended drive and the mount point is /.
var: The default size is approximately one-third the size of the extended drive and the mount point is /var.
IMPORTANT:
Do not install or import any non-4.5 Appliance devices during installation.
From Access Manager 4.2 onwards Platform Agent and Novell Audit are no longer supported for auditing. It is recommended to use Syslog for auditing.
Installation Procedure:
Insert the Access Manager Appliance CD into the CD drive.
Select Install Appliance.
By default, the Boot From Hard Disk option is selected in the boot screen.
Press Enter.
Review the license agreement and click I Agree.
Select the region and time zone on the Clock and Time Zone page.
Click Next.
Specify the following details:
|
Field |
Description |
|---|---|
|
Host Name |
The hostname for the Access Manager Appliance machine. |
|
Domain Name |
The domain name for your network. |
|
Public IP |
Configure the following options for the public IP:
|
|
Private IP |
Configure the following options for the private IP. This is an optional configuration. If this is configured, Administration Console listens on this IP.
NOTE:You must configure this option during installation if you require the private IP address later. |
|
DNS Server 1 |
IP address of your DNS server. You must configure at least one DNS server. |
|
DNS Server 2 |
IP address of your additional DNS server. This is an optional configuration. |
|
In the Root Password section, specify password for the root user and name of the NTP server. |
|
Click Next and configure the following details under Administration Console Configuration:
|
Field |
Description |
|---|---|
|
Primary |
Deselect this option to specify if this Access Manager Appliance is not primary. If you are installing it as a secondary Access Manager Appliance then ensure that the primary Access Manager Appliance is reachable. |
|
Admin Console IP |
Specify the IP address of the primary Access Manager Appliance if this is secondary. |
|
Username |
The name of Administration Console user. NOTE:Administration Console username does not accept special characters # (hash), & (ampersand), and () (round brackets). |
|
Password |
Specify and confirm the password for the user. NOTE:Administration Console password does not accept special characters : (colon) and " (double quotes). |
Click Next.
The Installation Settings page displays the options and software you selected in the previous steps. Use the Overview tab for a list of selected options, or use the Expert tab for more details.
Do not change the software selections listed on this screen.
(Optional) To modify the installation settings for partitions, click Change.
Click Install > Install.
This process might take 45 to 90 minutes depending on the configuration and hardware.
The machine reboots after the installation is completed. It runs an auto configure script, and then Access Gateway and Identity Server components are configured.
(Optional) Verify if Access Manager Appliance is installed and configured successfully.
Log in to Administration Console (see Logging In to Administration Console) and click Devices > Access Gateways.
If the installation is successful, the IP address of Access Gateway appears in the Server list.
The Health status indicates the health state after Access Gateway is imported and registered with Administration Console.
Access Gateway health is displayed as green. The configuration takes care of establishing a trust relationship between an embedded service provider and Access Gateway and also the trust relationship with Administration before you proceed with any other configuration.
In a browser, enter the Access Manager Appliance URL. The URL is formed by using the Host Name and Domain Name provided in the Step 8. For example, if the host name is accessapp and the domain name is novell.com, the URL will be https://accessapp.novell.com. You will be redirected to the Sample Portal Page.
Click Administration Console link and log in to.
Click Devices> Access Gateways. The Servers tab displays AG-Cluster with one Access Gateway. The IP Address of Access Gateway is same as the Access Manager Appliance IP Address. The health of both the AG-Cluster and Access Gateway should display green.
Continue with one of the following sections:
The landing portal is enabled by default during the installation of Access Manager Appliance. The portal also has a sample application, which you can configure to learn Access Manager Appliance capabilities. The landing portal is visible to users, hence it is not recommended to use in a production setup. Use it for demonstration and trial purposes. Remove the landing portal after you verify all your configurations in a staging environment.
Perform the following steps to remove the landing portal:
In Administration Console, click Access Gateway > Cluster > Edit > NAM - RP.
Select the namportal path based service.
Click Delete.
Click Protected Resources and delete the following protected resources:
portal_employee
portal_manager
portal_public
portal_users
Click OK > Update.
Click Devices > Identity Servers > Servers > Edit > Roles.
Select the role policy check box, select portal_roles from the Roles Policy List, and click Disable.
Click OK > Update.
To remove the portal web application from the Access Manager Appliance filesystem, perform the following steps:
Log in to Access Manager Appliance by using any SSH client (for example, SSH in Linux and PuTTY in Windows).
Stop Administration Console by using the /etc/init.d/novell-ac stop command.
Go to the portal directory by running the cd /opt/novell/nam/adminconsole/webapps command.
Remove the portal by running the rm -rf portal command.
Start Administration Console by running the /etc/init.d/novell-ac start command.
The portal creates two default users Alice and Bob in the Appliance Configuration store.
You can remove the users by performing the following steps:
In Administration Console, click Roles and Tasks > Users > Delete User.
Specify the Object Name as bob.novell to delete Bob and alice.novell to delete Alice.
Click OK.
NOTE:If required, you can delete Employee, Manageronly, portal_formfill, portal_id_injection, portal_roles policies on the Policies page.
After upgrading Access Manager, manually remove the portal and SSL VPN related proxy service and protected resources.
In Administration Console, click Access Gateway > Cluster > Edit > NAM - RP.
Select the namportal path based service. Click Delete.
Click Protected Resources. Delete the following Protected Resources: portal and portal_public.
Click OK until Access Gateway Servers page appears. Click Update.
In Administration Console, click Access Gateway > Cluster > Edit > NAM - RP.
Select the sslvpn path based service. Click Delete.
Click Protected Resources. Delete the following Protected Resources: sslvpn and sslvpn_public.
Click OK until Access Gateway Servers page appears. Click Update.
You cannot use it to log into other eDirectory trees and manage them.
Do not download and add iManager plug-ins to this customized version. If you do, you can destroy the Access Manager Appliance schema, which can prevent you from managing Access Manager Appliance components. This can also prevent communication among the modules.
Do not start multiple sessions of Administration Console on the same machine through the same browser. Because the browser shares session information, this can cause unpredictable results in Administration Console. You can, however, start different sessions with different brands of browsers.
To log in to:
Enable browser pop-ups.
From a client machine external to your Administration Console server, launch the browser and enter the URL for Administration Console.
If the hostname of your Access Manager Appliance is www.host.com, you would enter http://www.host.com:8080/nps.
Click OK. You can select the permanent or temporary session certificate option.
Specify the administrator name and password that you defined during installation and click Login.
For information about configuring the view of Administration Console for Access Manager Appliance, see Configuring the Default View in the NetIQ Access Manager Appliance 4.5 Administration Guide.
The required fields on a configuration page contain an asterisk by the field name.
All actions such as delete, stop, and purge require verification before they are executed.
Changes are not applied to a server until you update the server.
Sessions are monitored for activity. If your session becomes inactive, you are asked to log in again and unsaved changes are lost.