Installing Access Manager on Multiple Host Servers

Installing Access Manager instances on multiple host servers, with each instance accessing the same Directory Server, includes these steps:

• Deploying Access Manager Instances

• Adding Additional Instances to the Platform Server List and Realm/DNS Aliases

Deploying Access Manager Instances

To install Access Manager instances on multiple host servers, with each instance accessing the same Directory Server, follow these steps.

1. Install Access Manager on a host server by running the Java Enterprise System (Java ES) installer. When you run the installer, specify either the Configure Now or Configure Later option. For information about running the installer, see the Sun Java Enterprise System 2005Q4 Installation Guide for UNIX.

   When you run the installer, you can also install Web Server or Application Server as the Access Manager web container. To use BEA WebLogic Server or IBM WebSphere Application Server as the web container, you must first install the product before you run the run the amconfig script in the following steps. For installation instructions, see the respective BEA or IBM product documentation.

2. If you specified the Configure Later option during installation or if you need to reconfigure the Access Manager instance (for example, to use BEA WebLogic Server or IBM WebSphere Application Server as the web container), you must run the amconfig script. The amconfig script and the amsamplesilent configuration file are located in the AccessManager-base/bin directory, where AccessManager-base represents the default installation directory: /opt/SUNWam on Solaris systems and /opt/sun/identity on Linux systems.

   Run the amconfig script as follows:

   1. Copy the amsamplesilent file to a writable directory and make that directory your current directory. For example, you might create a directory named /newinstances.

   2. Rename the copy of the amsamplesilent file to describe the new instance you want to configure. For example, if you plan to create a new Access Manager instance for Web Server 6.1, you might rename the file to amwebsvr6.

   3. Set the variables in the amwebsvr6 file to configure the new instance. For example, to configure Access Manager in Realm mode:

      AM_REALM=true
      DEPLOY_LEVEL=1
      NEW_INSTANCE=true
      WEB_CONTAINER=WS6 # Web Server is the web container
      DIRECTORY_MODE=1 
      ...

      In case you might need to reconfigure or uninstall this instance later, save the new amwebsvr6 file.

   4. Run the amconfig script, specifying the new amwebsvr6 file as the silent configuration input file. For example, on Solaris systems with Access Manger installed in the default directory:

      # cd /opt/SUNWam/bin/ # ./amconfig -s ./newinstances/amwebsvr6

      Run amconfig with full path to the amsamplesilent file (or copy of the file). The script reads the variables in the amwebsvr6 file and then runs in silent mode (-s option) to configure Access manager for the web container. For more information about the amsamplesilent file and running the amconfig script, see the Sun Java System Access Manager 7 2005Q4 Administration Guide.

3. Repeat these steps on the other host servers to deploy additional Access Manager instances.

Several considerations for deploying additional Access Manager instances are:

• If you are running the Java ES installer and you want to use the same Directory Server as the first instance, check ”Yes” for “Is Directory Server provisioned with user data?”.

• If you are running the amconfig script, set variables in the copy of the amsamplesilent file. For example, to deploy Access Manager in Realm mode:

  AM_REALM=true
  DEPLOY_LEVEL=1
  NEW_INSTANCE=true
  WEB_CONTAINER=WS6 # Web Server is the web container
  DIRECTORY_MODE=4  # Directory Server is provisioned with user data
  AM_ENC_PW=password-encryption-key-value-from-the-first=instance
  ...

• If you are using non-default naming attributes and object classes, specify the custom values as appropriate for the user naming and organization naming attributes and object classes. Also, all deploy URIs (SERVER_DEPLOY_URI, CONSOLE_DEPLOY_URI, PASSWORD_DEPLOY_URI, and COMMON_DEPLOY_URI) for the web applications must match the previous installation.

• Use the same password encryption key as the first instance, as described in following Caution.

In a multiple server deployment that shares the same Directory Server, all Access Manager instances must use the same value for the password encryption key.

If you run the Java ES installer to install Access Manager on subsequent (second, third, and so on) servers in a multiple server deployment, the installer generates a new random password encryption key for each server. Therefore, when you run the installer on a subsequent server, use the encryption key value from the first Access Manager instance, which you can copy from the am.encryption.pwd attribute in the AMConfig.properties file and set as follows:

• Configure Now option. Replace the new random encryption key generated by the installer with the encryption key value from the first instance.

• Configure Later option. Set the AM_ENC_PWD variable in the copy of the amsamplesilent file with the encryption key value from the first instance before you run the amconfig script.

However, if you need to change the password encryption key for an Access Manager instance, see Appendix B, Changing the Password Encryption Key.

Adding Additional Instances to the Platform Server List and Realm/DNS Aliases

When you install multiple instances of Access Manager on different host servers, the additional instances are not added to the platform server list or the realm/DNS aliases. You must explicitly add the values for the additional Access Manager instances, as follows:

1. Log in to the Access Manager 7 2005Q4 Console as amadmin on the first Access Manager host server.

2. In the Access Manager Console, click Configuration, System Properties, and then Platform.

3. Add each additional Access Manager instance to the Platform Server List under Instance Name:

   1. In the Platform Server List under Instance Name Name, click New.

   2. In New Server Instance, add the Server and Instance Name. For example:

      • Server: http://amserver2.example.com:80

      • Instance Name: 02

   3. Click OK to add the instance.

   4. After you have added all instances, click Save.

4. Add the Realm/DNS alias for each additional Access Manager instance:

   1. In the Access Manager Console, click Access Control and then the root (top-level) realm under Realm Name.

   2. Under Realm Attributes, add the Access Manager instance to Realm/DNS Aliases and then click Add. For example: amserver2.example.com

   3. After you have added all instances, click Save.