2.5 Managing the iChain Proxy Server

The proxy server can be configured and managed in the following ways:

2.5.1 The Proxy Administration Tool

The Proxy Administration tool is unlike other management utilities because its interface appears in your browser as an HTML page originating from the proxy server. The only programs running on your workstation are a Java-compatible Web browser and the Java* components required by the HTML page. To access the Proxy Administration tool, open a browser and enter http://ipaddress:1959/appliance/config.html in the address bar. The ipaddress is the IP address of your iChain server.

If you experience problems with the interface, such as the page freezing, you can usually solve the problem by re-clicking an icon or refreshing the page.

2.5.2 The Command Line Interface

Although it is possible to configure and monitor an iChain Proxy Server using only the iChain command line interface, we strongly recommend that you use the Proxy Administration Tool for all administrative tasks whenever possible.

The Proxy Administration Tool includes extensive cross-checking, helpful messages, and other program features to ensure that the iChain Proxy Server is configured correctly for optimal performance. The command line interface does not include these features. Even the most expert users can overlook critical steps in configuring the iChain Proxy Server from the command line interface.

For more information about using the command line interface, see Section 18.0, Using Start Up Options and the Command Line Interface.

The evaluation version of iChain expires and does not work after 90 days. When the evaluation version expires, the iChain Proxy Server does not function, and you need to re-image your machine. You must purchase an iChain license and apply a Product Activation Credential in order for iChain to continue working after 90 days.

You can activate iChain by using one of two methods. The first method involves the following tasks:

The second method involves the following tasks:

This section also contains the following topics:

Purchasing an iChain License

To purchase an iChain license, see the iChain How to Buy Web page

After you purchase an iChain license, Novell sends you a Customer ID via e-mail. The e-mail also contains a URL to the Novell site where you can obtain a generic credential. If you do not remember or do not receive your Customer ID, please call the Novell Activation Center at 1-800-418-8373 in the U.S. In all other locations, call 1-801-861-8373. (You will be charged for calls made using the 801 area code.) You can also chat with us online.

Activating iChain Using a Generic Credential

  1. After purchasing a license, you will receive an e-mail from Novell with your Customer ID. The e-mail also contains a link under the Order Detail section to the site where you can obtain your generic credential. Click the link to go to the site. See Figure 2-1.

    Figure 2-1 Order Detail Section of the E-Mail

    IMPORTANT:Only three differing e-mail addresses can be used to access the link where you can obtain the generic credential. If you try to access the link with more than three e-mail addresses, it is considered as a security risk and you are denied access. Additionally, only the e-mail address designated as the owner/contract for the Customer ID will receive the e-mail containing the Order Detail section with the information on obtaining the generic license. If your response e-mail does not contain the Order Detail section, you need to contact the Customer ID person within your organization to obtain the generic credential.

    After clicking the link, you should see a page similar to Figure 2-2:

    Figure 2-2 Electronic License Distribution Page

  2. Click the license download link and either save (download) or open the .html file.

    After the file is opened, its content should be similar to the content shown in Figure 2-3:

    Figure 2-3 Activation Credential

  3. Proceed to Installing the Product Activation Credential Received from Novell for instructions on how to activate iChain.

Activating iChain Using a Product Activation Request

You use your Customer ID to create a Product Activation Request. After you create a Product Activation Request, you submit this request to Novell at the Novell Product Activator Web site (http://www.novell.com/activator). After you submit the Product Activation Request, Novell sends you an e-mail containing a Product Activation Credential that you use to activate iChain.

Generating a Product Activation Request

You should not attempt to generate a Product Activation Request until you have configured your Access Control page in the Proxy Administration Tool and have enabled FTP.

If you are using a generic credential, you do not need to generate a Product Activation Request. See Activating iChain Using a Generic Credential.

You use your Customer ID to generate a Product Activation Request in ConsoleOne. You must have an iChain Service Object (ISO) already set up to generate a Product Activation Request to activate iChain. See Chapter 11, “Using the iChain Service Object” in the online iChain 2.3 documentation for details. The iChain Proxy Server must be able to access the ISO via LDAP in order to generate the activation request.

You need to generate only one Product Activation Request for each ISO where iChain is installed for each iChain license that you have acquired.

  1. Open ConsoleOne.

    You must use the version of ConsoleOne that you installed with iChain 2.3.

  2. Click Wizards > Create an iChain Activation Request.

  3. Select the iChain Service Object (ISO) where you want iChain to be activated, then click Next.

  4. Type your Novell Customer ID, then click Next.

  5. A dialog box appears, asking whether you want to automatically or manually notify the proxy server of the activation request. If you have FTP enabled on the proxy (see Installing the iChain Proxy Services Software), you can click Yes and enter the IP address and config password of any iChain Proxy Server that has been configured to read this ISO.

    Otherwise, click No and enter the command:

    getactivationrequest

    from the iChain command line interface.

  6. The wizard then waits for the iChain Proxy Server to generate a Product Activation Request. Every 30 seconds you are prompted to ask whether you want to continue to wait for a response. If no response occurs, ensure that there is LDAP communication between the iChain Proxy Server and the ISO.

  7. Do one of these steps:

    Specify the name of the Activation Request file and where you want the file written to, then click Next.

    or

    Copy the Activation Request in the text area to the Clipboard. You paste the contents of this file in a text area at the Novell Product Activator Web site.

    IMPORTANT:Do not edit the contents of the Product Activation Request.

    or

    If you are working on a machine without a browser, save the file to a diskette to upload at a machine that has a browser.

  8. Click Launch to launch the Novell Product Activator Web site.

  9. Continue with Submitting an Activation Request.

Submitting an Activation Request

You submit the Product Activation Request that you generated in ConsoleOne to the Novell Product Activator Web site.

  1. Log in at the Product Activator Web site.

    You must have an eLogin account to access the Product Activator Web site. If you do not already have an eLogin account, you must create one when you visit the Product Activator site.

  2. Click Browse to specify the path to the Product Activation Request file, or paste the text of the Product Activation Request into the text area.

    If you copied the Product Activation Request to a diskette, make sure you put the request on the computer you are working on.

    IMPORTANT:Do not edit the contents of the Product Activation Request.

  3. Click Submit.

  4. Mark the product you are activating.

    You need to activate each line item.

  5. Click Submit.

    Novell generates a Product Activation Credential based on the Product Activation Request you submitted and sends that credential to you via e-mail.

Installing the Product Activation Credential Received from Novell

You activate iChain by installing the Product Activation Credential you received from Novell. (The process is the same, whether you have a Product Activation Credential from Novell or you are using a generic credential.)You install this file via ConsoleOne. If a tree has multiple iChain Service Objects (ISOs), the Product Activation Credential must be installed for each ISO.

NOTE:Make sure you install the Product Activation Credential on the same tree where you generated the Product Activation Request.

  1. Open the e-mail that contains the Product Activation Credential from Novell.

    You can also use the generic credential on your product page for use with iChain. All of the following steps are identical, and you don't need to submit an activation request in this case.

  2. Do one of these steps:

    Save the Product Activation Credential file.

    or

    Open the Product Activation Credential file, then copy the contents of the Product Activation Credential file to your clipboard.

    IMPORTANT:Do not edit the contents of the Product Activation Request.

  3. Open ConsoleOne.

  4. Click Wizards, then click Install an iChain Activation.

  5. Select the iChain Service Object (ISO), then click Next.

  6. Do one of these steps:

    Specify where you saved the iChain Activation Credential, then click Next.

    or

    If you copied the contents to a clipboard, paste the contents of the iChain Activation Credential in the text area, then click Next.

  7. A dialog box appears, asking whether you want to automatically or manually notify the proxy server of the new credential. If you have FTP enabled on the proxy (see Installing the iChain Proxy Services Software), you can click Yes and enter the IP address and config password of any iChain Proxy Server that has been configured to read this ISO.

    Otherwise, click No and enter the command:

    refreshcredentials

    from the iChain command line interface.

    If you have multiple iChain Proxy Servers reading the same ISO, such as when the Session Broker is used for load balancing and failover, you can only automatically notify one of them of the new credential. You need to enter the command refreshcredentials on the console of all other iChain Proxy Servers in order for them to immediately recognize the new credential.

  8. Click Finish.

Viewing Product Activations for iChain

For each of your purchases of an iChain license, you can see the product activations you have installed for those licenses for iChain on the Proxy Administration Tool on the Home > Introduction panel.

Troubleshooting iChain Activation Problems

You must configure the LDAP/Authorization Server information in the Proxy Administration Tool. This information is entered by going to Configure, then clicking the Access Control tab. Make sure you enter the following information: the iChain Service Object LDAP Name (this requires that the ISO object has been configured in eDirectory), the LDAP Server Address, LDAP Port, LDAP Proxy User and Password. Also, the Proxy User must have sufficient rights (if you aren't sure, use admin). For more information about setting up proxy users, see the Novell Technical Information Document, “LDAP Proxy User Minimum Rights for iChain”.

Most problems with generating activation requests and installing credentials are caused by faulty LDAP communication between the iChain Proxy Server and the ISO, and are also caused by the LDAP user having only browse rights to the LDAP server. To troubleshoot these problems, enter No when prompted to notify the iChain Proxy Server automatically in the wizard, and enter getactivationrequest from the iChain Proxy Server console if you are generating an activation request, or refreshcredentials if you are installing a new credential.

If an error occurs, make a note of the error code and contact the Novell Activation Center at 1-800-418-8373 in the U.S. In all other locations, call 1-801-861-8373. (You will be charged for calls made using the 801 area code.) You can also chat with us online.

In addition, make sure that:

  • The eDirectory schema has been correctly extended for iChain. (You can check the local ice.log file, created by default in the c:\winnt directory, to make sure the schema updates were successful.)

  • You are not trying to install the Activation Request file as an Activation Credential.

  • The credential you are using was created from an activation request generated on the same tree where your ISO is located. The credential functions only on a specific tree.

  • The LDAP user is not limited to having only browse rights to the LDAP server.

When you go into debug mode (unlock / debug) on the proxy command line interface, select Proxy menu, option 19, option 4 to look at the ISO object information. It indicates whether a problem exists.