Secure API Manager provides a Deployment Manager that walks you through deploying all of the components. The Deployment Manager resides in the appliance management console. You must have deployed the appropriate number of virtual appliances for your configuration before using the Deployment Manager. For more information, see Deploying the Secure API Manager Appliances.
Use the information you collected in Table 4-1, Worksheet for Appliance Login Information to deploy the Secure API Manager components. The Deployment Manager deploys all of the components during this process. You must always deploy the Database Service component first. It stores all of the configuration information for the entire system.
The following procedure assumes that you are deploying each component on a separate appliance and that you are clustering each component.
To deploy a production system:
Ensure that you have the correct network settings for the appliances. If you have to change the network settings later, you must delete the component from the Secure API Manager system, delete the appliance, redeploy the appliance, then redeploy the component. For more information, see Recording the IP Addresses, DNS Names, and Login Information for the Appliances.
Ensure that all components have direct access to the primary database without going through an L4 switch or database corrupts can occur.
Ensure that the load balancers use sticky sessions. Otherwise, the load balancers allow the different components to corrupt the information in the Database Service component. For more information about load balancing, see Using High Availability and Load Balancing with Secure API Manager.
Access the appliance management console for the appliance that you need to become the first Database Service component. Use the root user and password that you set during the deployment of the appliance. For more information, see Deploying the Secure API Manager Appliances.
https://ip-address-or-dns-name-appliance:9443Click Deployment Manager.
Click Create.
Click Database.
Create the primary Database Service component.
Specify the information for the Database Service component using the information you gathered in the worksheet. For more information, see Section 4.0, Deploying Secure API Manager.
IMPORTANT:Remember the user name and password you define for the database administrative user. You use this account to add the additional components to the Secure API Manager system. In addition, you use this account to access the database through an SQL client, when needed.
Click Save Configuration And Deploy.
Watch the status of the deployment of the Database Service component on the STATUS tab. The Deployment Manager automatically takes you to the STATUS tab.
When the STATUS tab states that the deployment is complete, click the SYSTEM tab to ensure that there is a star next to it to designate that this is the primary node in the cluster.
Deploy the second Database Service component.
Log in to the appliance management console on a second appliance that you need to become the second node of the Database Service component cluster. Use the root account and password you set for this second appliance.
https://ip-address-or-dns-name-appliance:9443Click Deployment Manager.
Click JOIN EXISTING to add this node to the new deployment.
Approve the certificate that the Deployment Manager displays or import a trusted root certificate for this appliance.
Specify the DNS name for the first Database Service node and specify the database user name and password you created in Step 8.a.
IMPORTANT:If you do not have port forwarding enabled to port 9444 on the load balancers, you must always specify the DNS name of the primary Database Service node.
Click JOIN and wait for this node to join the existing node.
Click GO TO CONFIGURATION and add the configuration information for this node.
In the Database Host field, specify the DNS name or IP address of this appliance.
Click Next three times.
Click SAVE.
Select Save configuration only, then click Save.
This saves the configuration file but does not deploy the component at this time. This option reduces the number of times an appliance has to be restarted during the deployment of the entire system.
(Conditional) If you want to deploy a third Database Service node, repeat Step 9.a through Step 9.k for this last node.
(Optional) Configure Logging.
You can configure logging at any time during the deployment when you are on the Database configuration page. These options are global and you have to perform them on only one appliance.
In the Deployment Manager, click Logging on the Database configuration page.
Select Enable.
Specify the IP address or DNS name of your Syslog server, the port, and the protocol it uses.
Deploy the Lifecycle Manager component.
Access the appliance management console for the appliance that you need to become the Lifecycle Manager component. Use the root user and password that you set during the deployment of the appliance. For more information, see Deploying the Secure API Manager Appliances.
https://ip-address-or-dns-name-appliance:9443Click Deployment Manager.
Click Join.
Specify the DNS name for the primary Database Service node and specify the database user name and password you created in Step 8.a.
IMPORTANT:If you do not have port forwarding to port 9444 enabled on the load balancers, you must always specify the DNS name of the primary Database Service node.
Click Join and wait for this node to join the system.
Approve the certificate that the Deployment Manager displays or import a trusted root certificate for this appliance.
Do not specify any information on the Database Deployment page, then click Next.
On the Lifecycle Manager Deployment page, use the information you gathered in the worksheet for the Lifecycle Manager, such as the NFS server information, to configure the Lifecycle Manager component. For more information, see Table 4-1.
Click Next twice.
Click Save.
Select Save configuration only, then click Save.
This saves the configuration file but does not deploy the component at this time. This option reduces the number of times the Deployment Manager restarts an appliance during the deployment of the entire system.
Repeat Step 11 for each additional Lifecycle Manager node that you need to deploy.
Deploy the API Gateway component.
Access the appliance management console for the appliance that you need to become the API Gateway component. Use the root user and password that you set during the deployment of the appliance. For more information, see Deploying the Secure API Manager Appliances.
https://ip-address-or-dns-name-appliance:9443Click Deployment Manager.
Click Join.
Approve the certificate that the Deployment Manager displays or import a trusted root certificate for this appliance.
Specify the DNS name for the primary Database Service node and specify the database user name and password you created in Step 8.a.
IMPORTANT:If you do not have port forwarding to port 9444 enabled on the load balancers, you must always specify the DNS name of the primary Database Service node.
Click Join and wait for this node to join the system.
Do not specify any information on the Database Deployment page, then click Next.
Do not specify any information on the Lifecycle Manager Deployment page, then click Next.
On the Gateway Deployment page, use the information you gathered in the worksheet to configure the API Gateway component. For more information, see Table 4-2.
Click Next.
Click Save.
Select Save configuration only, then click Save.
This saves the configuration file but does not deploy the component at this time. This option reduces the number of times the Deployment Manager restarts an appliance during the deployment of the entire system.
Repeat Step 13 for each additional API Gateway node that you need to deploy.
Deploy the Analytics component.
Access the appliance management console for the appliance that you need to become the Analytics component using the root user and password you set during the deployment of the appliance. For more information, see Deploying the Secure API Manager Appliances.
https://ip-address-or-dns-name-appliance:9443Click Deployment Manager.
Click Join.
Approve the certificate that the Deployment Manager displays or import a trusted root certificate for this appliance.
Specify the DNS name for the primary Database Service node and specify the database user name and password you created in Step 8.a.
IMPORTANT:If you do not have port forwarding to port 9444 enabled on the load balancers, you must always specify the DNS name of the primary Database Service node.
Click Join and wait for this node to join the system.
Do not specify any information on the Database Deployment page, then click Next.
Do not specify any information on the Lifecycle Manager Deployment page, then click Next.
Do not specify any information on the Gateway Deployment page, then click Next.
On the Analytics Deployment page, use the information that you gathered in the worksheet to configure the Analytics component. For more information, see Table 4-1.
Click Save.
Select Save configuration only, then click Save.
This saves the configuration file but does not deploy the component at this time. This option reduces the number of times an appliance has to be restarted during the deployment of the entire system.
Repeat Step 15 for each additional Analytics node you need to deploy except for the last node.
On the last Analytics node, click Save configuration, deploy this appliance, and reconfigure the entire system.
On the STATUS tab of the primary Database Service node, watch the deployment and reconfiguration of each appliance in the system. This process can take time depending on the number of nodes you deployed.
After the deployment finishes, you must complete the integration with Access Manager to complete the deployment and have a fully functioning system. For more information, see Completing the Integration Between Secure API Manager and Access Manager.