Chapter 10 Installing the Sun Identity Manager Gateway
Identity Manager requires a lightweight gateway to manage resources that cannot be directly accessed from the server. If you plan to set up any of the following resource adapters, you must install the Sun Identity Manager Gateway.
-
Windows Active Directory
-
Domino
-
Novell NetWare, including GroupWise
-
Remedy
-
RSA ACE/Server
-
Scripted Gateway
These resources include systems that require API calls that are platform specific. With the Gateway installed on the target platform, Identity Manager can make the API calls that are needed to interact with the resource.
Prerequisites
You must ensure that the Identity Manager Gateway is made highly available and that Gateway machines are properly configured. Please review the following prerequisites.
-
The Gateway may be installed on at least Windows 2000 SP3 and Windows 2003 platforms.
-
You should run an instance of the Gateway on multiple machines to prevent the Gateway from becoming a single point of failure. Configure your network to provide failover if the main Gateway instance dies.
-
Placing the Gateways behind a device that load balances is not a supported configuration and will cause certain Identity Manager functions to fail.
-
All Windows domains managed by a Gateway must be part of the same forest. Managing domains across forest boundaries is unsupported. If you have multiple forests, install at least one Gateway in each forest.
-
Systems that are running the Identity Manager Gateway should be configured so that Dr. xWatson does not produce visual notifications. If this feature is set and the Gateway encounters an error, the process will hang until the pop-up window is closed.
-
The Gateway system should also be configured to use a default ANSI codepage that is compatible with all data that Identity Manager manages.
-
If you need to access resources that use different code pages, install a separate Gateway for each code page. The Gateway and resource should implement the same code page.
-
You should use UTF-8 whenever possible, and if multiple resources are to be accessed from a single Gateway, the Gateway and all resources should all be configured to use UTF-8.
-
Refer to the following web page for information about setting international support on Windows XP and Server 2003 systems:
http://www.microsoft.com/globaldev/handson/user/xpintlsupp.mspx
Installation
To Install the Identity Manager Gateway
Before You Begin
Select the Windows machine on which to install the Gateway. It must be a member of the domain in which the accounts and other objects will be managed (the managed domain) or a member of a domain that is trusted by the managed domain. The Gateway does not need to run on a domain controller.
Note –
For better performance, the Gateway should be located near (from a network connectivity perspective) the domain controllers of the managed domain.
-
If you are selecting a system that is not the Identity Manager server, then:
-
From the directory where the Gateway files are installed, run the following command to install the Gateway as a service:gateway -i
-
Run the following command to start the Gateway service:gateway -s
Note –-
You can stop the Gateway service by running the command:gateway -k
-
You can also start and stop the Gateway by following these steps:
-
Open the Windows Control Panel.
-
Open Services. (In Windows, Services is located in Administrative Tools.)
-
Select Identity Manager Gateway.
-
Click Start or Stop.
-
-
Failure Messages
Two common messages and their likely causes when working with the Gateway are as follows:
-
’Overlapped I/O operation is in progress’
The most common cause of this message is that you have asked for the service to be installed or removed before a prior installation or removal has fully completed. Check the state of the service.
-
’Input/output error’
The most common cause of this is that you do not have rights to work with this service.
- © 2010, Oracle Corporation and/or its affiliates