This chapter contains the following topics:
This guide provides instructions for building an environment for this Deployment Example. These instructions were used to build, deploy and test this Deployment Example in a lab facility. When using this guide, you'll obtain the best results if you perform the tasks in the exact sequence in which they are presented. Use the Table of Contents as a master task list. Tasks are numbered for your convenience.
The last step in each task is a verification procedure. Be sure to verify the success of each task before moving on to the next task in the sequence.
This guide is designed to demonstrate just one way to deploy Access Manager with load-balancers to optimize performance and high availability. Although these instructions incorporate many recommended or “best practices,” and may be suitable in many different scenarios, this is not the only way to achieve the same results.
If you do plan to deviate from the task sequence or details described in this guide, you should refer to the relevant product documentation for information on differences in platforms, software versions or other requirement constraints.
See 2.2 Host Names and Main Service URLs Used in Examples for a quick reference of server names and component names used in this deployment example. See Part III, Reference: Summaries of Server and Component Configurations for more detailed information.
The following table describes the typographic conventions that are used in this deployment example.
Table 3–1 Typographic Conventions
Typeface |
Meaning |
Example |
---|---|---|
AaBbCc123 |
The names of commands, files, and directories, and onscreen computer output |
Edit your .login file. Use ls -a to list all files. machine_name% you have mail. |
AaBbCc123 |
What you type, contrasted with onscreen computer output |
machine_name% su Password: |
aabbcc123 |
Placeholder: replace with a real name or value |
The command to remove a file is rm filename. |
AaBbCc123 |
Book titles, new terms, and terms to be emphasized |
Read Chapter 6 in the User's Guide. A cache is a copy that is stored locally. Do not save the file. Note: Some emphasized items appear bold online. |
Installation as described in this document includes the installation and basic configuration of a Java Enterprise System (Java ES) solution. Installation, as used in this document, means using the Java ES 2004Q5 installer to copy the files for Java ES components to computer systems. You can download and unpack the installer zip files onto one host computer system, and then mount the cd image on any remote host computer systems where you must install Directory Server, Access Manager, or Web Server.
Download the Java ES installer zip files.
Start a browser, and go to http://www.sun.com/software/solaris/get.jsp.
Choose Java Enterprise System.
Follow the instructions for downloading two zip files that together will form the CD image.
Log in as a root user to a host computer system where you want to run the installer.
Copy the Java Enterprise System installer zip files to this host computer system.
Unzip each zipped file. Example:
#ls java_es_05Q4-ga-solaris-sparc-1-iso.zip java_es_05Q4-ga-solaris-sparc-2-iso.zip # unzip java_es_05Q4-ga-solaris-sparc-1-iso.zip inflating: java_es_05Q4-ga-solaris-sparc-1.iso... # unzip java_es_05Q4-ga-solaris-sparc-2-iso.zip inflating: java_es_05Q4-ga-solaris-sparc-2.iso... |
Create three directories for mounting the .iso files. Example:
# mkdir /mnt # mkdir /mnt2 # mkdir /jes-complete
Mount the .iso files.
In the following examples, replace /download-directory/ with the path to your .iso file:
# lofiadm -a /download-directory/java_es_05Q4-ga-solaris-sparc-1.iso /dev/lofi/1 # mount -F hsfs -o ro /dev/lofi/1 /mnt |
If the /dev/lofi/1 device is already in use, run this command:
# lofiadm —d /dev/lofi/1
and then retry using the lofiad -a command.
To mount the second iso file:
# lofiadm -a /download-directory/java_es_05Q4-ga-solaris-sparc-2.iso /dev/lofi/2 # mount -F hsfs -o ro /dev/lofi/2 /mnt2 # lofiadm Block Device File dev/lofi/1 /export/temp/java_es_05Q4-ga-solaris-sparc-1.iso /dev/lofi/2 /export/temp/java_es_05Q4-ga-solaris-sparc-2.iso |
Copy both mounted .iso files to the same directory.
The two .iso files together form the complete JES package, so you must copy both files into the same directory. As an alternative, you can burn each ISO onto a CD, and then run the installer from a CD drive.
# cd /mnt1 # cp -r * /jes-complete # cd /mnt2 # cp -r * /jes-complete |
After you mount the .iso files and copy them to the same directory, the installer is located in the here:
/jes-complete/Solaris_sparc
In this Deployment Example, you start the installer with the -nodisplay option:
# /jes-complete/Solaris_sparc/installer —nodisplay
You will need load balancing hardware and software to replicate this deployment environment. The load balancer hardware and software used in the lab facility for this deployment is BIG-IP® manufactured by F5 Networks. If you are using different load balancer software, see the documentation that comes with that product for detailed settings information.
The following tasks require load-balancing hardware and software:
You will need to obtain root certificate authority (CA) certificates and server SSL certificates to enable SSL in this deployment environment. The certificate issuer used in this deployment is a test CA certificate from OpenSSL. You can obtain a root CA certificate from a commercial certificate issuer such as Verisign. For more information, see the documentation provided by your certificate authority.
The following tasks require SSL certificates:
To Request an SSL Certificate for the Access Manager Load Balancer
To Install an SSL Certificate on the Access Manager Load Balancer
To Install a Root CA Certificate on the Access Manager Load Balancer
There are many ways to resolve host names used in this deployment. For example, you can us a DNS naming service, or you can include entries in a DNS database. For this particular deployment, the following entries were added to the local host file on all Unix hosts. The entries were also added to equivalent files on Windows hosts, and on client machines for where browsers are used.
xxx.xx.72.122 DirectoryServer-1 DirectoryServer-1.example.com xxx.xx.72.121 DirectoryServer-2 DirectoryServer-2.example.com xxx.xx.72.84 AccessManager-1 AccessManager-1.example.com xxx.xx.72.85 AccessManager-2 AccessManager-2.example.com xxx.xx.72.120 AuthenticationUI-1 AuthenticationUI-1.example.com xxx.xx.72.73 AuthenticationUI-2 AuthenticationUI-2.example.com xxx.xx.72.151 ProtectedResource-1 ProtectedResource-1.example.com xxx.xx.72.152 ProtectedResource-2 ProtectedResource-2.example.com xxx.xx.69.246 MessageQueue-1 MessageQueue-1.example.com xxx.xx.69.247 MessageQueue-2 MessageQueue-2.example.com xxx.xx.69.14 LoadBalancer-1 LoadBalancer-1.example.com LoadBalancer-3 LoadBalancer-3.example.com LoadBalancer-2 LoadBalancer-2.example.com xxx.xx.69.17 LoadBalancer-4 LoadBalancer-4.example.com xxx.xx.69.16 LoadBalancer-5 LoadBalancer-5.example.com LoadBalancer-6 LoadBalancer-6.example.com |
See Appendix H, Known Issues and Limitations for descriptions of problems encountered when implementing the deployment examples. The list will be updated as new information becomes available.