6.1 Installation Overview and Prerequisites
This section discusses the concepts involved in installing Access Manager to protect the example Digital Airlines Web site:
After you deploy this example, you should understand the basic features of Access Manager and know how to configure the software to protect your own Web servers and applications.
6.1.1 Installation Architecture
The diagram below illustrates how the Digital Airlines example is integrated with the Access Manager components.
Figure 6-2 Digital Airlines Architecture
This document explains how to use a browser machine and two other machines for this configuration. The SSL VPN server can be installed either in a traditional mode or with an Embedded Service Provider (ESP). For this sample configuration, you need to install the Traditional SSL VPN server with the Access Gateway Appliance. If you select to use the ESP-enabled SSL VPN server, you need to install it with the Identity Server. For this sample configuration, select to install only one version of the SSL VPN server, not both.
Table 6-1 Novell Access Manager Components
|
Administration Console |
Identity Server |
Access Gateway |
SSL VPN |
Application Web Server |
LDAP User Store |
Browser |
|---|---|---|---|---|---|---|---|
|
Machine 1 |
X |
X |
|
X |
X |
X |
|
|
Machine 2 |
|
|
X |
X |
|
|
|
|
Machine 3 |
|
|
|
|
|
|
X |
The simplified configuration described in this document is for a test environment only. It is not a recommended or supported configuration for a production environment. For example, the configuration database installed with the Administration Console should not be used as an LDAP user store in a production environment. In a production environment, you would not want to install the Administration Console, the ESP-enabled SSL VPN server, the Identity Server, and the Web server on the same machine. This simplified configuration is designed to minimize the number of machines required for a tutorial.
After deploying the Digital Airlines example, you should understand the concepts required to deploy Access Manager in a number of other configurations. In a production environment, you need to install the necessary Access Manager components according to your specific requirements. For more information about other possible installation configurations, see Recommended Installation Scenarios
in the NetIQ Access Manager 3.1 SP5 Installation Guide.
6.1.2 Deployment Overview
Prerequisite Tasks
Before starting with the Digital Airlines example, you must perform the following tasks:
-
Enable pop-ups on a Firefox browser (3.x or above) or Internet Explorer browser (7.x or above) for managing and configuring the Access Manager components.
-
Install the Novell Access Manager Administration Console, Identity Server, Access Gateway, and SSL VPN as described in the NetIQ Access Manager 3.1 SP5 Installation Guide.
-
Configure the Novell Access Manager Identity Server. For configuration details, see Section 1.3, Creating a Basic Identity Server Configuration.
IMPORTANT:The Digital Airlines procedures explain how to add a user to the configuration store of the Administration Console. These instructions assume that you have configured the Identity Server to use this configuration store as the LDAP user store. This is not a recommended configuration for a production environment. To enable this configuration for a test environment, specify the IP address of the Administration Console for the address of the server replica.
Do not configure the Access Gateway or the SSL VPN server at this time. Other tasks explain how to configure the Access Gateway and the SSL VPN server to allow access to the Digital Airlines site on the Web server.
Deployment Tasks
To configure access to the Digital Airlines site, you need to complete the following tasks:
-
Set up the Apache Web server on your Identity Server, then install the Digital Airline pages.
For more information, see Section 6.2, Setting Up the Web Server.
-
Configure the Access Gateway to protect the Web server, but allow public access to the site. See Section 6.3, Configuring Public Access to Digital Airlines.
-
Configure the Access Gateway to allow access to the protected pages. See Section 6.4, Implementing Access Restrictions.
-
Configure the SSL VPN server to allow access to the page on the Web server that is designed to be protected by the SSL VPN server. See Section 6.4.5, Initiating an SSL VPN Session.