Service Provider Network Setup
Obtain Static IP addresses for Administration Console, Identity Server, and Analytics Server or Sentinel. If the IP address of the machine changes, Access Manager components on that machine cannot start.
Install operating system, configure Network Time Protocol (NTP) server, and check connectivity.
NOTE:You can use NTP with RHEL 7.x. NTP is discontinued in RHEL 8, therefore with RHEL 8.x you must use chrony.
NTP server, which provides accurate time to the machines on your network. Time must be synchronized within one minute among the components, or the security features of the product disrupt the communication processes. You can install your own or use a publicly available server such as pool.ntp.org.
IMPORTANT:If time is not synchronized, users cannot authenticate and access resources and data corruption can also happen in user stores.
An L4 switch if you need to configure load balancing. This can be hardware or software (for example, a Linux machine running Linux Virtual Services).
IP connectivity is established between different Access Manager components. Because the components can be in different private networks, you can use NAT, VPNs, or combination of both to achieve connectivity.
Customer Network Setup
A server configured with an LDAP directory (eDirectory 8.8.8.8 or later, or Active Directory) that contains your system users. Identity Server uses the LDAP directory to authenticate users to the system.
Domain name server, which resolves DNS names to IP addresses and which has reverse lookups enabled.
Access Manager devices communicate to each other by their IP addresses, and some requests require them to match an IP address with the device's DNS name. Without reverse lookups enabled, these requests fail. In particular, Identity Servers perform reverse lookups to their user stores. If reverse lookups are not available, host table entries can be used.
Obtain Static IP addresses for Administration Console, Identity Server, and Analytics Server or Sentinel. If the IP address of the machine changes, Access Manager components on that machine cannot start.
IP connectivity is established between different Access Manager components. Because the components can be in different private networks, you can use NAT, VPNs, or combination of both to achieve connectivity.