Use the following worksheet to gather the information you must have to complete the Secure API Manager deployment. The required information is different depending on your deployment scenario. The Value column provides a place for you to record the information before you start the deployment.
There are a few important items to understand before you deploy Secure API Manager:
You must have deployed the number of Secure API Manager appliances that you will use in your deployment before you launch the Deployment Manager. For more information, see Deploying the Secure API Manager Appliances.
If you do not have port forwarding to port 9444-enabled components on the load balancers, you must always specify the DNS name of the primary Database Service node.
Ensure that the appliances have a publicly resolvable DNS name. Otherwise, deployment fails, even for test environments.
Ensure that the components have direct access to the primary database without going through an L4 switch or database corruption can occur.
Table 4-2 Secure API Manager Worksheet
|
Item |
Value |
Notes |
|---|---|---|
|
Create Global Administrator Password |
Secure API Manager contains one default global administrator account named admin. You must create a password for this account when you deploy the first component in the system. You can change the password after you complete the deployment of the system. For more information, see |
|
|
Trusted root certificate or self-signed certificate |
|
You must have a trusted root certificate or a self-signed certificate for the Deployment Manager to work properly. The Secure API Manager components communicate over SSL. For more information, see Understanding the Secure API Manager Deployment Manager. |
|
Shared Storage NFS Server |
|
(Recommended) For production environments, we recommend that you cluster the Secure API Manager components you deploy. If you cluster the components, you must have an NFS server deployed and running in your IT environment before running the Deployment Manager. For more information, see Using High Availability and Load Balancing with Secure API Manager. |
|
Shared Storage > NFS Host IP Address |
|
The IP address of your NFS server in your IT environment. You must have an NFS server to maintain the configuration information for Secure API Manager when you cluster the nodes. For more information, see Configuring Content Synchronization for High Availability Using a Network File System Server. |
|
Shared Storage > NFS Mount |
|
The path to the mount point on the NFS server where Secure API Manager stores the configuration information in a clustered environment. For more information, Using High Availability and Load Balancing with Secure API Manager. |
|
Logging (Syslog) |
|
(Optional) Add the Syslog information if you need Secure API Manager to send the log information to a Syslog server you have installed in your IT environment. These settings are global. When you set the value on one component, all of the other components or nodes in a cluster receive this information. |
|
Logging > Remote Syslog Host |
|
The DNS name of the Syslog server that you want to use to capture the information from Secure API Manager. |
|
Logging > Remote Syslog Port |
|
The port that the Syslog server uses to communicate with Secure API Manager. |
|
Logging > Protocol |
|
The protocol that the Syslog server uses. It is either TCP or UDP. |
|
Database Service Component |
|
You must deploy the Database Service component first. The Database Service deploys the proper database for Secure API Manager to store configuration, user, and API information. WARNING:The Database Service component must run on its own appliance. Do not combine any other components with the Database Service component. |
|
Database Service Component > Load Balancer Host |
|
(Recommended) The DNS name of the load balancer host for the Database Service cluster. You must have a load balancer for each component you cluster. |
|
Database Service Component > Database User |
|
A user name for the database administrative user for the Database Service. You use this account to join other appliances to your Secure API Manager system. |
|
Database Service Component > Database Password |
|
A password for the database administrative user. |
|
Database Service Component > Database Host |
|
The DNS name of the appliance that you need to become the primary Database Service component. |
|
Database Service Component > Database Host |
|
(Recommended) The DNS name of the appliance that you need to become a node in the Database Service cluster. For a cluster, you need two or three nodes. |
|
Database Service Component > Database Host |
|
(Recommended) The DNS name of the appliance that you need to become a node in the Database Service cluster. For a cluster, you need two or three nodes. |
|
Lifecycle Manager |
|
Contains the different consoles for Secure API Manager. |
|
Lifecycle Manager > Load Balancer Host |
|
(Recommended) The DNS name of the load balancer host for the Lifecycle Manager cluster. You must have a load balancer for each component you cluster. |
|
Lifecycle Manager > Lifecycle Manager Host |
|
The DNS name of the appliance that you need to become the Lifecycle Manager component. |
|
Lifecycle Manager > Lifecycle Manager Host |
|
(Recommended) The DNS name of the appliance that you need to become a node in the Lifecycle Manager cluster. For a cluster, you need two or three nodes. |
|
Lifecycle Manager > Lifecycle Manager Host |
|
(Recommended) The DNS name of the appliance that you need to become a node in the Lifecycle Manager cluster. For a cluster, you need two or three nodes. |
|
Gateway |
|
Directs traffic to and from the APIs. |
|
Gateway > Load Balancer Host |
|
(Recommended) The DNS name of the load balancer host for the API Gateway cluster. You must have a load balancer for each component you cluster. |
|
Gateway > Gateway Host |
|
The DNS name of the appliance that you need to become the API Gateway component. |
|
Gateway > Gateway Host |
|
(Recommended) The DNS name of the appliance that you need to become a node in the API Gateway cluster. For a cluster, you need two or three nodes. |
|
Gateway > Gateway Host |
|
(Recommended) The DNS name of the appliance that you need to become a node in the API Gateway cluster. For a cluster, you need two or three nodes. |
|
Analytics |
|
Provides reports about API usage and statistics. We recommend that Analytics always runs on its own appliance. |
|
Analytics > Load Balancer Host |
|
(Recommended) The DNS name of the load balancer host for the Analytics cluster. You must have a load balancer for each component you cluster. |
|
Analytics > Analytics Host |
|
The DNS name of the appliance that you need to become the Analytics component. |
|
Analytics > Analytics Host |
|
(Recommended) The DNS name of the appliance that you need to become a node in the Analytics cluster. For a cluster, you need two or three nodes. |
|
Analytics > Analytics Host |
|
(Recommended) The DNS name of the appliance that you need to become a node in the Analytics cluster. For a cluster, you need two or three nodes. |
|
Access Manager Integration |
|
You must perform the integration with Access Manager for Secure API Manager to work. Ensure that you have created the OAuth2 application in Access Manager. For more information, see Section 3.0, Integrating Secure API Manager with Access Manager. |
|
Trusted Root Certificate from Access Manager |
|
You must import the trusted root certificate that you used to secure Access Manager into Secure API Manager to complete the Access Manager configuration. For more information, see |
|
Name |
|
A display name for the Access Manager Identity Server that appears in the Deployment Manager. |
|
Description |
|
A description of the Access Manager Identity Server. This allows you to provide additional information about the Identity Server so that other people will know which Access Manager Identity Server this is. |
|
Discovery Endpoint |
|
The Deployment Manager displays the format for the Access Manager discovery endpoint. If you populate this field correctly and import the certificate during the deployment, the Deployment Manager can auto-populate the remaining fields with the correct information. |