4.4 Network Prerequisites

The network prerequisites consists of both service provider and customer network setup.

4.4.1 Service Provider Network Setup

  • Obtain Static IP addresses for Administration Console, Identity Server and Sentinel. If the IP address of the machine changes, the Access Manager component or components on that machine cannot start.

  • Install OS, configure Network Time Protocol (NTP) server and check connectivity.

  • Network time protocol server, which provides accurate time to the machines on your network. Time must be synchronized within one minute among the components, or the security features of the product disrupt the communication processes. You can install your own or use a publicly available server such as pool.ntp.org.

    IMPORTANT:If time is not synchronized, users cannot authenticate and access resources and data corruption can also happen in user stores.

  • An L4 switch if you are going to configure load balancing. This can be hardware or software (for example, a Linux machine running Linux Virtual Services).

  • There should be IP connectivity between different Access Manager components Since the components can be in different private networks, the connectivity can be achieved through NAT, VPNs or combination of both.

4.4.2 Customer Network Setup

  • A server configured with an LDAP directory (eDirectory 8.7 or later, Sun ONE, or Active Directory) that contains your system users. The Identity Server uses the LDAP directory to authenticate users to the system.

  • Domain name server, which resolves DNS names to IP addresses and which has reverse lookups enabled.

    Access Manager devices know each other by their IP addresses, and some requests require them to match an IP address with the device's DNS name. Without reverse lookups enabled, these requests fail. In particular, Identity Servers perform reverse lookups to their user stores. If reverse lookups are not available, host table entries can be used.

  • Obtain Static IP addresses for Administration Console, Identity Server and Sentinel. If the IP address of the machine changes, the Access Manager component or components on that machine cannot start.

  • There should be IP connectivity between different Access Manager components Since the components can be in different private networks, the connectivity can be achieved through NAT, VPNs or combination of both.