Chapter 3 Before You Begin

This chapter contains information you need to know before beginning the documented installation and configuration procedures. It contains the following sections:

• 3.1 Technical Reference

• 3.2 Setting Up the Load Balancers

• 3.3 Obtaining Secure Socket Layer Certificates

• 3.4 Resolving Host Names

• 3.5 Known Issues and Limitations

3.1 Technical Reference

See Chapter 2, Technical Overview for a quick reference of host machines, port numbers, operating systems, naming conventions, and component names used in this deployment example. See Part III, Reference: Summaries of Server and Component Configurations for more detailed information.

3.2 Setting Up the Load Balancers

The load balancer hardware and software used in this deployment environment is BIG-IP® manufactured by F5 Networks. If you are using different load balancer software, see the documentation that comes with that product for detailed settings information. This document assumes that you have already installed the required load balancers. The following sections require load-balancing hardware and software.

• 4.4 Configuring Load Balancer 1 for the User Data Instances

• 5.2 Configuring Load Balancer 2 for OpenSSO Enterprise

• 7.3 Configuring the Distributed Authentication User Interface Load Balancer

• 9.1 Configuring the Web Policy Agents Load Balancer

• 9.2 Configuring the J2EE Policy Agents Load Balancer

3.3 Obtaining Secure Socket Layer Certificates

In order to enable secure communications using the Secure Sockets Layer (SSL) protocol you need to obtain root certificates and server certificates from a certificate authority (CA). A CA root certificate proves that the particular CA issued a particular server certificate. CA root certificates are publicly available. The root certificate used in this deployment is a test certificate issued by OpenSSL and named ca.cer. You can obtain a root certificate from any commercial certificate issuer such as VeriSign, Thawte, Entrust, or GoDaddy.

The server certificates are requested within each procedure. You should know how to request server certificates from your CA of choice before beginning a deployment. The following sections are related to requesting, installing, and importing root and server certificates:

• To Install a Root Certificate and a Server Certificate on Directory Server 1

• To Install a Root Certificate and a Server Certificate on Directory Server 2

• To Install Application Server on the OpenSSO Enterprise 1 Host Machine

• To Install Application Server on the OpenSSO Enterprise 2 Host Machine

• To Request a Certificate for the OpenSSO Enterprise Load Balancer

• To Install a CA Root Certificate to the OpenSSO Enterprise Load Balancer

• To Install the Server Certificate to the OpenSSO Enterprise Load Balancer

• To Request and Install a Server Certificate and a Root Certificate for Web Server 1

• To Request and Install a Server Certificate and a Root Certificate for Web Server 2

• To Import the Root Certificate to the Web Server 1 JDK Certificate Store

• To Import the Root Certificate to the Web Server 2 JDK Certificate Store

• To Request a Certificate for the Distributed Authentication User Interface Load Balancer

• To Import a Root Certificate to the Distributed Authentication User Interface Load Balancer

• To Import a Certificate to the Distributed Authentication User Interface Load Balancer

3.4 Resolving Host Names

There are many ways to resolve the host names used in this deployment. You may use a DNS naming service, or you can map IP addresses to host names in the local host file on all UNIX® hosts. The same entries must also be added to equivalent files on Windows hosts, and on client machines where browsers are used. For example:

1xx.xx.xx.x1		DirectoryServer-1 	ds-1.example.com
1xx.xx.xx.x2		DirectoryServer-2 	ds-2.example.com
1xx.xx.xx.x3		OpenSSO-1 		osso-1.example.com
1xx.xx.xx.x4		OpenSSO-2 		osso-2.example.com

3.5 Known Issues and Limitations

See Appendix F, Known Issues and Limitations for descriptions of problems you may encounter when implementing the deployment example. This list will be updated as new information becomes available.

Although the instructions and procedures documented in this book incorporate many best practices, and may be suitable in many different scenarios, this is not the only way to achieve the same results. If you plan to deviate from the task sequence or details described, you should refer to the relevant product documentation for information on differences in platforms, software versions or other requirement constraints.