Sun Java System Access Manager Policy Agent 2.2 Guide for Microsoft Internet Information Services 6.0

ProcedureTo Create Configuration Files: Agent for Microsoft IIS 6.0

This task applies to all deployments of Agent for Microsoft IIS 6.0, including deployments where the agent protects Microsoft Office SharePoint or Outlook Web Access.

  1. Change to the directory:

    PolicyAgent-base\iis6\bin

    This directory stores the VB script required to create the agent configuration file

  2. Issue the following command (be aware that the command is case sensitive):

    cscript.exe IIS6CreateConfig.vbs defaultConfig
    
    IIS6CreateConfig.vbs

    is a VB script that saves your responses to prompts about the Microsoft IIS 6.0 host and the Access Manager host in a file. For this example, the file is represented by defaultConfig.

    defaultConfig

    represents the agent configuration file created by this command and for which you provide the actual name. This is a text file to which the output of the commands entered while running the script are written.


    Note –

    Give a unique name for this agent configuration file since you will need the same file to unconfigure the agent.


    The script prompts for information as it progresses with the creation of the agent configuration file. All the script prompts are displayed in this step. However, information about the responses are presented in the subsequent steps.


    Microsoft (R) Windows Script Host Version 5.6
    Copyright (C) Microsoft Corporation 1996-2001. All rights reserved.
    
    Copyright c 2004 Sun Microsystems, Inc. All rights reserved
    Use is subject to license terms
    ---------------------------------------------------------
        Microsoft (TM) Internet Information Server (6.0)
    ---------------------------------------------------------
    Enter the Agent Resource File Name [IIS6Resource.en] :
    
    Fully Qualified Host Name :
    host1.subexample.example.com
    
    Displaying the list of Web Sites and its corresponding Identifiers
    Site Name (Site Id)
    Default Web Site (1)
    Site A (1701188044)
    SharePoint Central Administration (2)
    
    Web Site Identifier :
    1
    
    Agent Protocol [http] :
    
    Agent Port Number [80] :
    
    Agent Deployment URI [/amagent] :
    
    ------------------------------------------------
    Sun Java (TM) Enterprise System Access Manager
    ------------------------------------------------
    Primary Server Host :
    host2.subexample.example.com
    
    Primary Server Protocol [http] :
    
    Primary Server Port Number [58080] :
    
    Primary Server Deployment URI [/amserver] :
    
    Primary Server Console URI [/amconsole] :
    
    Failover Server Host :
    Agent-Access Manager Shared Secret :
    
    Re-enter Shared Secret :
    
    CDSSO Enabled [false] :
    
    -----------------------------------------------------
    Agent Configuration file created ==>  defaultConfig
    -----------------------------------------------------
  3. When prompted, provide the following information about the Microsoft IIS 6.0 instance that this agent will protect:

    Agent Resource File Name: Accept the default for this prompt (IIS6Resource.en).

    Host Name: Enter the fully qualified domain name (FQDN) of the system on which Microsoft IIS 6.0 is installed.

    For example, if the host is host1, the subdomain is eng, and the domain is example.com, then the Host Name in this case is host1.eng.example.com.

    Web Site Identifier: Enter the Web Site Identifier for the specific web site for which you are creating a configuration file. Microsoft IIS 6.0 has a unique identifier associated with every web site on the web server. The Web Site Identifier is displayed when you start Microsoft Internet Information Services Manager and click Web Sites. The Identifier column indicates the unique identifier associated with every web site.

    Server Protocol: If this instance of Microsoft IIS 6.0 has been configured for SSL, then select HTTPS; otherwise select HTTP.

    Server Port: Enter the port number of the Microsoft IIS 6.0 instance that will be protected by the agent.

    Agent Deployment URI: Enter a Universal Resource Identifier (URI) that will be used to access Agent for Microsoft IIS 6.0. The default value is /amagent.


    Note –

    The web agent uses the value of the com.sun.am.policy.agents.config.agenturi.prefix property in the web agent AMAgent.properties configuration file to support some essential functions such as notification. Agent URI prefix is a configurable subset of Agent Deployment URI. It is important to set a valid URL for this property. Its value should be http://host.domain:port/agent-deployment-uri where host, domain and port are FQDN and port number of the Microsoft IIS 6.0 instance where the agent is installed and agent-deployment-uri is the URI where the Microsoft IIS 6.0 instance will look for web-agent related HTML pages. Its default value is amagent.

    The following is an example of an Agent Deployment URI:

    http://host1.example.com:80/amagent

    where the host name is host1 and the domain name is example.com.


  4. When prompted, provide the following information about the Access Manager host:

    Primary Server Host: Enter the FQDN of the primary Access Manager host.

    For example, if the host is host3, the subdomain is eng, and the domain is example.com, then the Host Name in this case is host3.eng.example.com.

    Primary Server Protocol: If the primary Access Manager host is SSL-enabled, select HTTPS. Otherwise select HTTP.

    Primary Server Port: Enter the port number for the primary Access Manager host.

    Primary Server Deployment URI: Enter the location that was specified when Access Manager was installed. The default URI for Access Manager is /amserver.

    Primary Console Deployment URI: Enter the location that was specified when Access Manager Console was installed. The default URI for Access Manager is /amconsole.

    Failover Server Host: Enter the FQDN of the secondary Access Manager host if the primary Access Manager host becomes unavailable. If no failover server host exists, then leave this field blank.

    Failover Server Port: Enter the port number of the secondary Access Manager host. If no failover server host exists, then leave this field blank.

    Failover Server Protocol: If the failover Access Manager host is SSL-enabled, select HTTPS. Otherwise select HTTP. If no failover server host exists, then leave this field blank.

    Failover Server Deployment URI: Enter the location that was specified when Access Manager was installed. The default URI for Access Manager is /amserver. If no failover server host exists, then leave this field blank.

    Failover Console Deployment URI: Enter the location that was specified when Access Manager Console was installed. The default URI for Access Manager is /amconsole. If no failover server host exists, then leave this field blank.

    Agent Access Manager Shared Secret: Enter the password for the Access Manager internal LDAP authentication user. This user is also referred to as amldapuser.

    For more information about the shared secret and its relationship with the Access Manager agent profile, see Chapter 4, The Relationship Between the Agent Profile and Web Agents in Policy Agent 2.2.

    Re-enter Shared Secret: Re-enter the password for the Access Manager internal LDAP authentication user (amldapuser).

    CDSSO Enabled: Check this box if you want to enable CDSSO.

    With the information you provide, the script creates the agent configuration file for you to use to configure this agent as described in the following section.

Next Steps

At this point, the next task to be implemented varies depending on your deployment. If you are installing Agent for Microsoft IIS 6.0 to protect Microsoft Office SharePoint or Outlook Web Access, skip to Microsoft Office SharePoint and Outlook Web Access: Configuring the Agent. For all other deployments, continue with the task that follows (Configuring Agent for Microsoft IIS 6.0 for a Web Site).