7.1 Installing the ESP-Enabled SSL VPN

When SSL VPN is deployed without the Access Gateway, an Embedded Service Provider (ESP) component is installed along with the SSL VPN server. This deployment is called an ESP-enabled Novell SSL VPN. This deployment requires the Administration Console and the Identity Server to be installed before the SSL VP server is installed.

7.1.1 Deployment Scenarios

For installing the ESP-enabled version of SSL VPN, you have the following deployment scenarios:

Deployment Scenario 1: Installing SSL VPN on a Separate Machine

This deployment scenario consists of a demilitarized zone where the Identity Server and SSL VPN are deployed separately, without the Access Gateway. For installation instructions for this scenario, see Installing the ESP-Enabled SSL VPN.

Figure 7-1 Deployment Scenario 1

Deployment Scenario 2: Installing SSL VPN and the Identity Server on the Same Machine

This deployment scenario consists of a demilitarized zone where the Identity Server and SSL VPN are on a single machine. The Access Gateway is deployed separately. For installation instructions for this scenario, see Installing the ESP-Enabled SSL VPN.

Figure 7-2 Deployment Scenario 2

Deployment Scenario 3: Installing SSL VPN and the Administration Console on the Same Machine

This deployment scenario consists of a demilitarized zone where the SSL VPN, and Administration Console are on the same machine and the Linux Access Gateway and the Identity servers are deployed separately. For installation instructions for this scenario, see Installing the ESP-Enabled SSL VPN.

Figure 7-3 Deployment Scenario 3

Deployment Scenario 4: Installing SSL VPN, the Administration Console, and the Identity Server on the Same Machine

This deployment scenario consists of a demilitarized zone where the Identity Server, SSL VPN, and Administration Console are on the same machine and the Linux Access Gateway is deployed separately. For installation instructions for this scenario, see Installing the ESP-Enabled SSL VPN.

Figure 7-4 Deployment Scenario 4

7.1.2 Installing the ESP-Enabled SSL VPN

The following installation steps are applicable to all the deployment scenarios of the ESP-enabled SSL VPN. The individual scenarios are explained in Deployment Scenarios.

  1. Access the install script.

    1. Make sure you have downloaded the software or that you have the CD available.

      For software download instructions, see the “Novell Access Manager Readme”

    2. Do one of the following:

      • If you are installing from CD or DVD, insert the disc into the drive, then navigate to the device. The location might be /media/cdrom, /media/cdrecorder, or /media/dvdrecorder, depending on your hardware.

      • If you downloaded the tar.gz file, unpack the file by using the following command:

        tar -xzvf <filename>

    3. Change to the novell-access-manager-3.1.2-xxx directory.

  2. At a command prompt, enter the following install script command:

    ./install.sh

    You are prompted to select an installation.

  3. Type 4 to install the ESP-Enabled SSL VPN, then press Enter.

  4. Review and accept the License Agreement.

  5. (Conditional) If the SSL VPN machine has been configured with multiple IP addresses, select an IP address for the SSL VPN server when you are prompted to do so.

  6. Specify the name of the administrator for the Administration Console.

  7. Specify the administration password.

  8. Confirm the password.

  9. (Conditional) If you are installing the SSL VPN server on the same machine as the Administration Console, you are not prompted for the IP address of the Administration Console. If the Administration Console is on a different machine, provide the IP address when you are prompted for it.

  10. Wait while the SSL VPN server is installed on your system and imported into the Administration Console. This takes about 2 minutes.

    The installation ends with the following message: Installation complete.

  11. To verify the installation of the SSL VPN, continue with Section 7.4, Verifying That Your SSL VPN Service Is Installed.

  12. Add an entry in /etc/hosts file to map the SSLVPN server IP address with the domain name which the client is using to connect.

  13. If the export law permits and you want to install the high bandwidth version of SSL VPN, proceed with Section 7.3, Installing the Key for the High-Bandwidth SSLVPN.