Deployment Example 1: Access Manager 7.0 Load Balancing, Distributed Authentication UI, and Session Failover

Chapter 3 Before You Begin

This chapter contains the following topics:

3.1 About This Guide

This guide provides instructions for building an environment for this Deployment Example. These instructions were used to build, deploy and test this Deployment Example in a lab facility. When using this guide, you'll obtain the best results if you perform the tasks in the exact sequence in which they are presented. Use the Table of Contents as a master task list. Tasks are numbered for your convenience.

The last step in each task is a verification procedure. Be sure to verify the success of each task before moving on to the next task in the sequence.

This guide is designed to demonstrate just one way to deploy Access Manager with load-balancers to optimize performance and high availability. Although these instructions incorporate many recommended or “best practices,” and may be suitable in many different scenarios, this is not the only way to achieve the same results.

Caution – Caution –

If you do plan to deviate from the task sequence or details described in this guide, you should refer to the relevant product documentation for information on differences in platforms, software versions or other requirement constraints.

3.1.1 Naming Conventions

See 2.2 Host Names and Main Service URLs Used in Examples for a quick reference of server names and component names used in this deployment example. See Part III, Reference: Summaries of Server and Component Configurations for more detailed information.

3.1.2 Typographical Conventions

The following table describes the typographic conventions that are used in this deployment example.

Table 3–1 Typographic Conventions





The names of commands, files, and directories, and onscreen computer output 

Edit your .login file.

Use ls -a to list all files.

machine_name% you have mail.


What you type, contrasted with onscreen computer output 

machine_name% su



Placeholder: replace with a real name or value 

The command to remove a file is rm filename.


Book titles, new terms, and terms to be emphasized 

Read Chapter 6 in the User's Guide.

A cache is a copy that is stored locally.

Do not save the file.

Note: Some emphasized items appear bold online.

3.2 Downloading and Mounting the Java Enterprise System 2005Q4 Installer

Installation as described in this document includes the installation and basic configuration of a Java Enterprise System (Java ES) solution. Installation, as used in this document, means using the Java ES 2004Q5 installer to copy the files for Java ES components to computer systems. You can download and unpack the installer zip files onto one host computer system, and then mount the cd image on any remote host computer systems where you must install Directory Server, Access Manager, or Web Server.

ProcedureTo Download and Mount the Java Enterprise System 2005Q4 Installer

  1. Download the Java ES installer zip files.

    1. Start a browser, and go to

    2. Choose Java Enterprise System.

    Follow the instructions for downloading two zip files that together will form the CD image.

  2. Log in as a root user to a host computer system where you want to run the installer.

  3. Copy the Java Enterprise System installer zip files to this host computer system.

  4. Unzip each zipped file. Example:

    # unzip
    inflating: java_es_05Q4-ga-solaris-sparc-1.iso...  
    # unzip
    inflating: java_es_05Q4-ga-solaris-sparc-2.iso...  
  5. Create three directories for mounting the .iso files. Example:

    # mkdir /mnt
    # mkdir /mnt2
    # mkdir /jes-complete
  6. Mount the .iso files.

    In the following examples, replace /download-directory/ with the path to your .iso file:

    # lofiadm -a /download-directory/java_es_05Q4-ga-solaris-sparc-1.iso /dev/lofi/1 
     # mount -F hsfs -o ro /dev/lofi/1 /mnt

    Tip –

    If the /dev/lofi/1 device is already in use, run this command:

    # lofiadm —d /dev/lofi/1

    and then retry using the lofiad -a command.

    To mount the second iso file:

    # lofiadm -a /download-directory/java_es_05Q4-ga-solaris-sparc-2.iso /dev/lofi/2
    # mount -F hsfs -o ro /dev/lofi/2 /mnt2
    # lofiadm
    Block Device             File
    dev/lofi/1              /export/temp/java_es_05Q4-ga-solaris-sparc-1.iso
    /dev/lofi/2             /export/temp/java_es_05Q4-ga-solaris-sparc-2.iso
  7. Copy both mounted .iso files to the same directory.

    The two .iso files together form the complete JES package, so you must copy both files into the same directory. As an alternative, you can burn each ISO onto a CD, and then run the installer from a CD drive.

    # cd /mnt1
    # cp -r * /jes-complete
    # cd /mnt2
    # cp -r * /jes-complete
Next Steps

After you mount the .iso files and copy them to the same directory, the installer is located in the here:


In this Deployment Example, you start the installer with the -nodisplay option:

# /jes-complete/Solaris_sparc/installer —nodisplay

3.3 Setting Up a Load Balancer

You will need load balancing hardware and software to replicate this deployment environment. The load balancer hardware and software used in the lab facility for this deployment is BIG-IP® manufactured by F5 Networks. If you are using different load balancer software, see the documentation that comes with that product for detailed settings information.

The following tasks require load-balancing hardware and software:

3.4 Obtaining Secure Socket Layer (SSL) Certificates

You will need to obtain root certificate authority (CA) certificates and server SSL certificates to enable SSL in this deployment environment. The certificate issuer used in this deployment is a test CA certificate from OpenSSL. You can obtain a root CA certificate from a commercial certificate issuer such as Verisign. For more information, see the documentation provided by your certificate authority.

The following tasks require SSL certificates:

3.5 Resolving Host Names

There are many ways to resolve host names used in this deployment. For example, you can us a DNS naming service, or you can include entries in a DNS database. For this particular deployment, the following entries were added to the local host file on all Unix hosts. The entries were also added to equivalent files on Windows hosts, and on client machines for where browsers are used.

xxx.xx.72.122		DirectoryServer-1
xxx.xx.72.121		DirectoryServer-2
xxx.xx.72.84 	AccessManager-1
xxx.xx.72.85 	AccessManager-2
xxx.xx.72.120 	AuthenticationUI-1
xxx.xx.72.73 	AuthenticationUI-2
xxx.xx.72.151   ProtectedResource-1
xxx.xx.72.152   ProtectedResource-2
xxx.xx.69.246 	MessageQueue-1 
xxx.xx.69.247 	MessageQueue-2
xxx.xx.69.14    LoadBalancer-1 	
LoadBalancer-3 	LoadBalancer-2
xxx.xx.69.17 	LoadBalancer-4
xxx.xx.69.16 	LoadBalancer-5 	

3.6 Known Issues and Limitations

See Appendix H, Known Issues and Limitations for descriptions of problems encountered when implementing the deployment examples. The list will be updated as new information becomes available.