This section outlines steps to create and deploy virtual machines for a basic setup of Access Manager, which includes an Administration Console, an Identity Server, an Access Gateway, and a user store.
Perform the following steps to create four virtual machines: one for Administration Console, one for Identity Server, one for Access Gateway, and one for the user store.
NOTE:If you are using Azure Active Directory as the user store, deploy virtual machines only for Access Manager components. Azure hosts and manages Azure Active Directory as a service on the cloud.
Perform the following steps to create and deploy a virtual machine:
Log in to Azure.
Click New in the upper left pane of the dashboard.
In the search bar, search for SLES 12 SP5 or Red Hat Enterprise Linux 8.3 based on the operating system you want to use.
When creating a virtual machine for Active Directory, select a Windows 2016 R2 image instead of SLES or RHEL. For more information about creating a Windows virtual machine, see Quickstart: Create a Windows virtual machine in the Azure portal.
Each of these operating systems has their own licensing and costs associated with them. With the exception of the BYOS (Bring Your Own Subscription) option, each option includes a valid support license for the operating system.
NOTE:SLES 12 SP5 has been selected here as an example configuration.
Select SLES 12 SP5.
Click Create.
Configure the following settings in step 1 Basics:
|
Field |
Description |
|---|---|
|
Name |
Specify a name for the virtual machine. |
|
VM disk type |
Select SSD or HDD based on your requirements. This selection affects the list of templates displayed for selection in Step 8. |
|
User name |
Specify the name of the account that you want to use for administering the virtual machine. This username is used for ssh access to the virtual machine after deployment. |
|
Authentication type |
Select SSH public key. |
|
SSH public key |
Copy the content of your id_rsa.pub file that you have generated earlier, and paste it. |
|
Subscription |
Select the Azure subscription that should be used for the virtual machine. |
|
Resource group |
Select the resource group that you have created or determined in Step 2. |
|
Location |
Select from the list of the supported Azure location where you want to create the virtual machine. |
Click OK.
In 2 Size, click View all to see all available templates.
You can filter this list based on disk type, vCPU, and memory.
Each template has its own intended use cases, optimizations, and costs per hour of usage. Click a template that matches your requirements and the requirements of the Access Manager component that will later be installed on this virtual machine.
NOTE:You must select a virtual machine size of the Standard type if you require to configure an Azure load balancer later.
Click Select.
In 3 Settings, review networking, high availability, storage, and monitoring options by clicking the > icon.
|
Section |
Action |
|---|---|
|
High Availability |
While deploying a virtual machine for identity Server or Access Gateway, select the appropriate availability set that was created for each type in Step 3. For clustering and load balancing, place Identity Server virtual machines in one availability set and Access Gateway virtual machines in a different availability set. |
|
Storage |
keep the default value Yes for Use managed disks. |
|
Network > Virtual network |
Click Virtual network and select the virtual network that you created in Step 4. |
|
Network > Public IP Address (Optional) |
Configure the Public IP Address for this virtual machine or you can keep the default selection (dynamic addressing). If you do not specify a static address (adds an additional cost), the external IP address used to reach each virtual machine changes with each reboot. |
|
Network > Network Security Group (firewall) |
Accept the default network security group to allow incoming SSH access requests to the virtual machine used for Access Manager. The instructions to further configure these security groups are in a later section of the guide. In an advanced setup where you install multiple Administration Consoles, Identity Servers, and Access Gateways, these virtual machines should use the security group created for the first virtual machine running that component type. |
|
Extension |
Keep the default value. |
|
Auto-shutdown |
By default, this is set to Off. It is recommended to not set this option to on in a production environment. Enabling this option might result in a corrupted Access Manager setup. If it is necessary to enable Auto Shutdown, the system admin must set up a cron job to run several minutes prior to the shutdown time specified on the affected virtual machines. The cron script must be placed in the root user’s crontab and it must execute the following commands:
This script shuts down Access Manager safely prior to the Azure Auto-Shutdown happens. IMPORTANT:Before you manually shut down an Azure virtual machine containing an Access Manager installation, first run the /etc/init.d/novell-[ac|idp] stop command. This ensure that the Access Manager instance is in a safe state. |
|
Monitoring |
Disable Boot diagnostics and Guest OS diagnostics if you do not want to monitor for those options. You can change these settings later if you need these functionalities. |
Click OK.
In 4 Summary, review the summary of settings, terms of use, privacy policies, and cost of use.
Click Create.
Azure begins provisioning the virtual machine as you have configured it. This process may take a few minutes.
Verify SSH access to the virtual machine after deployment completes by running the following command:
ssh -i <keyfile> <username>@<publicIP>
Repeat Step 1 to Step 14 to create additional virtual machines.
Continue with Section 8.2.3, Configuring Network Security Groups.