The Sun JavaTM System Access Manager 7.1 Postinstallation Guide includes information about configuring Access Manager after installation. Usually, you perform postinstallation tasks only a few times. For example, you might want to deploy an additional instance of Access Manager or configure Access Manager for session failover.
For information about tasks that you perform on a regular basis, such as backing up Access Manager files or directory data, see the Sun Java System Access Manager 7.1 Administration Reference.
This chapter describes these topics:
For a new installation, install the first instance of Access Manager and other Sun Java Enterprise System (Java ES) components by running the Java ES installer. Information about the installer includes:
If you are deploying an Access Manager WAR file, see Chapter 12, Deploying Access Manager as a Single WAR File.
The Java ES installer is available in a media kit containing CDs or a DVD, as web download, on a pre-installed system, or from a file server on your network.
For more information, see the Getting the Java ES Software in Sun Java Enterprise System 5 Installation Guide for UNIX or the Sun Java Enterprise System 5 Installation Guide for Microsoft Windows.
You can run the Java ES installer in the following modes:
Graphical mode: An interactive wizard guides you through a series of choices on installation pages on a graphical workstation.
Text-based mode: An interactive command-line installer prompts you for responses in a terminal window.
Silent mode: The installer reads input from a state file, which is a text file containing name-value pairs of configuration information. You create a state file by running the installer with the -no and -saveState options. Then, you edit the state file for the specific host server where you plan to install the various Java ES components. Using a state file is useful for installing multiple instances on different host servers.
When you run the Java ES installer, you can select either of these configuration options for Access Manager as well as other Java ES components:
Configure Now: You configure Access Manager and the various Java ES components when you run the installer by choosing options (or using default values). Not all Java ES components support this option.
Configure Later: When you run the Java ES installer, you specify only minimal configuration values. Then, you later configure the specific components by running a script or using an administration console. Access Manager provides the amconfig script and amsamplesilent template file for postinstallation configuration.
If you plan to use BEA WebLogic Server or IBM WebSphere Application Server as the Access Manager web container, you must choose the Configure Later option when you install Access Manager.
For information about the Java ES installer, see the Sun Java Enterprise System 5 Installation Guide for UNIX or the Sun Java Enterprise System 5 Installation Guide for Microsoft Windows.
You can also download an Access Manager 7.1 WAR file from the following web site:
http://www.sun.com/download/index.jsp
If you are using the Java EE 5 SDK release, you can also download the Access Manager 7.1 WAR file (and other components) from the following web site:
http://java.sun.com/javaee/downloads/index.jsp
To deploy an Access Manager WAR file, one of the following web containers must be running on the host server:
Sun Java System Web Server 7
Sun Java System Application Server Enterprise Edition 8.2
Sun Java System Application Server Platform Edition 9 (as part of the Java EE 5 SDK release)
BEA WebLogic Server
IBM WebSphere Application Server
After you download the WAR file, follow these steps to deploy and configure Access Manager 7.1:
Deploy the Access Manager 7.1 WAR file using the web container's administrator console or CLI command.
Launch Access Manager 7.1, and you will be directed to the Configurator page, where you can provide information such as the host server URL, amadmin password, and the configuration directory.
Launch Access Manager 7.1 again, and you will be directed to the Access Manager Console login page.
For more information, see Chapter 12, Deploying Access Manager as a Single WAR File.
The Java ES installer installs the Access Manager amconfig script and silent configuration input file (amsamplesilent) in the following directory, depending on your platform:
Solaris systems: AccessManager-base/SUNWam/bin
Linux systems: AccessManager-base/identity/bin
AccessManager-base represents the Access Manager base installation directory. The default base installation directory depends on your platform:
Solaris systems: /opt
Linux systems: /opt/sun
The amconfig script is a top-level script that reads configuration variables in the amsamplesilent file (or copy of the file) and then calls other scripts as needed to perform the specific Access Manager configuration.
On Windows systems, the corresponding files are amconfig.bat and AMConfigurator.properties. These files are installed in the javaes-install-dir\identity\setup directory, where javaes-install-dir is the Java ES 5 installation directory. The default value is C:\Program Files\Sun\JavaES5.
The amsamplesilent is an ASCII text file that contains Access Manager configuration variables in the following format:
variable-name=value
For example:
DEPLOY_LEVEL=1 NEW_INSTANCE=true SERVER_HOST=amhost.example.com ...
Before you run the amconfig script, copy (and rename, if you wish) the amsamplesilent file, and then edit the variables in the file based on your system environment and the configuration you want to perform.
For a list of the variables you can set in a configuration script input file, see Access Manager amsamplesilent File Configuration Variables.
The format of the amsamplesilent file does not follow the same format or necessarily use the same variable names as a Java Enterprise System silent installation state file.
Variables in the amsamplesilent file (or copy of the file) can specify sensitive data such as administrator passwords. Make sure to secure the file as appropriate for your deployment.
The amconfig script reads the configuration variables in the amsamplesilent file (or a copy of the file) to perform various operations. For more information, see Chapter 2, Running the Access Manager amconfig Script.
After you install Access Manager, you can tune your deployment for optimum performance using the Access Manager tuning scripts. These scripts allow you to tune Access Manager, the SolarisTM Operating System (OS), the web container, and Directory Server.
The Java Enterprise System installer installs the Access Manager tuning scripts and related files in the following directory, depending on your platform:
Solaris systems: AccessManager-base/SUNWam/bin/amtune
Linux systems: AccessManager-base/identity/bin/amtune
AccessManager-base represents the Access Manager base installation directory. The default base installation directory depends on your platform:
Solaris systems: /opt
Linux systems: /opt/sun
The amtune script is a top-level script that calls other tuning scripts as needed. This script is not interactive; before you run amtune, you edit parameters in the amtune-env configuration file to specify the tuning you want to perform for your specific environment. The amtune-env configuration file includes two major sections:
Performance related parameters that you set to control the tuning
An internal section that is maintained by Access Manager engineering and should not be modified
You can run the amtune script in two modes:
Review mode: amtune reports tuning recommendations but does not make any actual changes to your environment.
Change mode: amtune makes actual changes, except for Directory Server, depending on parameters in the amtune-env configuration file.
The amtune script does not automatically tune Directory Server. Most deployments have applications other than Access Manager that also access Directory Server, so you don’t want to make tuning changes without considering how they would affect the other applications.
Before you tune Directory Server, first back up your Directory Server data.
When you run amtune, the script creates a tar file that contains the Directory Server tuning script, amtune-directory. Untar this file in a temporary directory and then run the script in review mode. When you are certain that your changes are acceptable for all applications at your deployment, run amtune-directory in change mode.
For detailed information about running the tuning scripts and setting tuning parameters in the amtune-env configuration file, see the Sun Java System Access Manager 7.1 Performance Tuning and Troubleshooting Guide.