Deploying multiple Access Manager instances on different host servers, with each instance accessing the same Directory Server, includes these steps:
Install the first Access Manager instance on a host server by running the Java ES installer. Considerations for running the installer include:
When you run the installer, you can also install other Java ES components such as Directory Server, Message Queue, and either Web Server or Application Server as the Access Manager web container.
After installation, the amconfig script and the amsamplesilent configuration file are available in the following directory, depending on your platform:
Solaris systems: AccessManager-base /SUNWam/bin
Linux systems: AccessManager-base/identity/bin
Where: AccessManager-base represents the Access Manager base installation directory. On Solaris systems, the default base installation directory is /opt, and on Linux systems, it is /opt/sun.
On Windows systems, the amconfig.bat and AMConfigurator.properties files are available in the default installation directory: C:\Program files\Sun\JavaES5.
When you run the installer, specify either the Configure Now or Configure Later option.
Configure Now: You configure Access Manager and the various Java ES components when you run the installer by choosing options (or default values). Not all Java ES components support this option.
Configure Later: When you run the Java ES installer, you specify only minimal configuration values. Then, you later configure the specific components by running a script or using an administration console. Access Manager provides the amconfig script and amsamplesilent file for postinstallation configuration.
If you want to use an existing Directory Server that already contains user data, check ”Yes” for “Is Directory Server provisioned with user data?”.
To use BEA WebLogic Server or IBM WebSphere Application Server as the web container, you must choose the Configure Later option when you install Access Manager, as follows:
Install BEA WebLogic Server or IBM WebSphere Application Server by following the respective BEA or IBM product documentation.
Install Access Manager by running the installer with the Configure Later option.
Configure Access Manager for the web container by setting variables in the amsamplesilent configuration file (or a copy of the file) and then running the amconfig script.
For information about running the installer, see the Sun Java Enterprise System 5 Installation Guide for UNIX or the Sun Java Enterprise System 5 Installation Guide for Microsoft Windows.
Considerations for running the Java ES installer on Solaris, HP-UX, and Linux systems to install an Access Manager instance include:
When you run the installer, you can also install other Java ES components such as Directory Server, Message Queue, and either Web Server or Application Server as the Access Manager web container.
After installation, the amconfig script and the amsamplesilent configuration file are available in the following directory, depending on your platform:
Solaris systems: AccessManager-base /SUNWam/bin
Linux systems: AccessManager-base/identity/bin
Where: AccessManager-base represents the Access Manager base installation directory. On Solaris systems, the default base installation directory is /opt, and on Linux systems, it is /opt/sun.
When you run the installer, specify either the Configure Now or Configure Later option.
Configure Now: You configure Access Manager and the various Java ES components when you run the installer by choosing options (or default values). Not all Java ES components support this option.
Configure Later: When you run the Java ES installer, you specify only minimal configuration values. Then, you later configure the specific components by running a script or using an administration console. Access Manager provides the amconfig script and amsamplesilent file for postinstallation configuration.
If you want to use an existing Directory Server that already contains user data, check ”Yes” for “Is Directory Server provisioned with user data?”.
To use BEA WebLogic Server or IBM WebSphere Application Server as the web container, you must choose the Configure Later option when you install Access Manager, as follows:
Install BEA WebLogic Server or IBM WebSphere Application Server by following the respective BEA or IBM product documentation.
Install Access Manager by running the installer with the Configure Later option.
Configure Access Manager for the web container by setting variables in the amsamplesilent configuration file (or a copy of the file) and then running the amconfig script.
For information about running the installer, see the Sun Java Enterprise System 5 Installation Guide for UNIX or the Sun Java Enterprise System 5 Installation Guide for Microsoft Windows.
Considerations for running the Java ES installer on Windows systems to install an Access Manager instance include:
When you run the installer, you can also install other Java ES components such as Directory Server, Message Queue, and either Web Server or Application Server as the Access Manager web container.
After installation, the amconfig.bat and AMConfigurator.properties files are available in the following default installation directory: C:\Program files\sun\JavaES.
When you run the installer, specify either the “Configure Automatically during install” or “Configure Manually after install” option.
Configure Automatically during install: You configure Access Manager and the various Java ES components when you run the installer by choosing options (or default values). Not all Java ES components support this option.
Configure Manually after install: When you run the Java ES installer, you specify only minimal configuration values. Then, you later configure the specific components by running a batch file or using an administration console. Access Manager provides the amconfig.bat and AMConfigurator.properties files for postinstallation configuration.
If you want to use an existing Directory Server that already contains user data, check ”Yes” for “Is Directory Server provisioned with user data?”.
To use BEA WebLogic Server or IBM WebSphere Application Server as the web container, you must choose the “Configure Manually after install” option when you install Access Manager, as follows:
Install BEA WebLogic Server or IBM WebSphere Application Server by following the respective BEA or IBM product documentation.
Install Access Manager by running the installer with the “Configure Manually after install” option.
Configure Access Manager for the web container by setting variables in the AMConfigurator.properties configuration file (or a copy of the file) and then running amconfig.bat.
For information about running the installer, see the Sun Java Enterprise System Installation Guide for Windows.
To configure or re-configure an Access Manager instance, set variables in the amsamplesilent file (or a copy of the file) and run the amconfig script.
Login as (or become) superuser (root).
Copy and edit the amsamplesilent file.
Copy the amsamplesilent file to a writable directory and make that directory your current directory.
For example, you might create a directory named /newinstances.
Rename the copy of the amsamplesilent file to describe the new instance you want to configure.
For example, if you plan to create a new Access Manager instance for Web Server 7, you might rename the file to amwebsvr7.
Set the variables in the amwebsvr7 file to configure or reconfigure the new instance.
For example, to configure Access Manager in Realm Mode:
AM_REALM=enabled DEPLOY_LEVEL=1 NEW_INSTANCE=false WEB_CONTAINER=WS # Web Server 7 is the web container DIRECTORY_MODE=4 # Directory Server is provisioned with user data AM_ENC_PW=password-encryption-key-value-from-the-first-Access-Manager-instance ...
Considerations for setting variables in the amsamplesilent file:
If you are using non-default naming attributes and object classes, specify the custom values as appropriate for the user naming and organization naming attributes and object classes. Also, all deploy URIs (SERVER_DEPLOY_URI, CONSOLE_DEPLOY_URI, PASSWORD_DEPLOY_URI, and COMMON_DEPLOY_URI) for the web applications must match the previous installation.
Use the same password encryption key as the first instance, as described in following Caution.
In a multiple server deployment that shares the same Directory Server, all Access Manager instances must use the same value for the password encryption key.
If you run the Java ES installer to install Access Manager on subsequent (second, third, and so on) servers in a multiple server deployment, the installer generates a new random password encryption key for each server. Therefore, when you run the installer on a subsequent server, use the encryption key value from the first Access Manager instance, which you can copy from the am.encryption.pwd attribute in the AMConfig.properties file and set as follows:
Configure Now option. Replace the new random encryption key generated by the installer with the encryption key value from the first instance.
Configure Later option. Set the AM_ENC_PWD variable in the copy of the amsamplesilent file with the encryption key value from the first instance before you run the amconfig script.
However, if you need to change the password encryption key for an Access Manager instance, see Chapter 13, Changing the Password Encryption Key.
For example, on Solaris systems with Access Manager installed in the default directory, run amconfig using the new amwebsvr7 file as the configuration input file:
# cd /opt/SUNWam/bin/ # ./amconfig -s ./newinstances/amwebsvr7
Specify the full path to the amsamplesilent file (or copy of the file).
The amconfigscript reads the variables in the amwebsvr7 file and then runs in silent mode (-s option) to configure Access manager for the web container.
For more information about the amsamplesilent file and running the amconfig script, see Chapter 2, Running the Access Manager amconfig Script.
In case you might need to reconfigure or uninstall this instance later, save the new amwebsvr7 file.
When you install multiple instances of Access Manager on different host servers, the additional instances are not added to the Platform Server list or the Realm/DNS Aliases list (or the DNS Alias list in Legacy Mode). You must explicitly add these values for additional Access Manager instances.
If you are using Access Manager in Legacy Mode, see Adding Additional Instances to the Platform Server List and DNS Alias List in Legacy Mode.
Log in to the Access Manager 7.1 Console as amadmin on the first Access Manager host server.
In the Access Manager Console, click Configuration, System Properties, and then Platform.
Add each additional Access Manager instance to the Platform Server List under Instance Name:
Add the Realm/DNS alias for each additional Access Manager instance:
The following procedure refers to the Access Manager 7.1 in Legacy Mode.