Installing Access Manager in the NAT environment consists of the following steps:
For installation requirements, see NetIQ Access Manager System Requirements.
Before installing Access Manager components, check the network connectivity across these machines.
Verify the link latency and ensure that it is less than 100 milliseconds.
If the link latency is greater than 100ms, it might lead to performance degradation.
Synchronize time across all Access Manager components.
The primary Administration Console should be configured to synchronize time with the corporate Network Time Protocol (NTP) server if you are using RHEL 7. NTP is discontinued in RHEL 8, therefore with RHEL 8.x you must use chrony. The remaining machines should be configured to synchronize time with the primary Administration Console.
Configure the NTP server in the /etc/ntp.conf file.
For information about how to configure the NTP server, see Configuring NTP.
Run the following commands on the primary Administration Console to start the NTP server:
systemctl start ntpd
systemctl enable ntpd
Run the ntpdate pool.ntp.org command on the primary Administration Console to synchronize devices.
NOTE:The ntpd process must be running to keep the time in sync among devices.
Install the primary Administration Consoles by providing the listening IP address for the primary Administration Console.
For information about installing Administration Console, see Installing Administration Console.
Install the secondary Administration Console and repeat the above procedures for secondary Administration Console IP address.
Continue with Configuring Global Settings to add both primary and secondary Administration Consoles to the Global Settings configuration.
You need to map the private IP address of Administration Console to the public NAT IP address. You need to specify the NAT IP addresses before importing Identity Server and Access Gateway. You need to specify the NAT IP Addresses prior to importing devices. The devices that cannot reach the Private Administration Console IP address will use the NAT IP address.
Log in to Administration Console.
Select Access Manager > Global Settings.
Click New.
Select the Administration Console Listening IP address from the list.
Specify the corresponding Public NAT IP address.
If you do not specify a Public NAT IP address or if a mapping already exists for the selected Administration Console IP address, the following message is displayed:
IP Address is not valid
Click OK to continue and apply the configuration changes.
For information about how to install Identity Server, see Installing Identity Server.
User stores are LDAP directory servers to which end users authenticate. You must specify an initial user store when creating an Identity Server configuration. You use the same procedure for setting up the initial user store, adding a user store, or modifying an existing user store.
For information about how to configure Identity Server, see Configuring Identity Servers Clusters in the NetIQ Access Manager 5.0 Administration Guide.
For information about how to install Access Gateway, see Installing Access Gateway.
When you are setting up Access Gateway to protect web resources, you create and configure reverse proxies, proxy services, and protected resources. The authentication contract, authentication procedure, Authorization policy, Identity Injection policy, and Form Fill policy are configured at the resource level so that you can enable exactly what the resource requires.
For information about configuring Access Gateway, see Configuring Access Gateway in the NetIQ Access Manager 5.0 Administration Guide.