4.2 Understanding the Secure API Manager Deployment Manager

Secure API Manager provides a Deployment Manager that walks you through deploying all of the components in a single process to make the deployment process simpler. This allows you to configure the appropriate number of appliances and clusters for your environment at the same time. The Deployment Manager does more than deploy Secure API Manager. It also validates the communication between appliances, integrates Access Manager with Secure API Manager, and provides an overview of all of the appliances in your Secure API Manager deployment.

4.2.1 Validating Communication Between Appliances

All of the communication for the Deployment Manager takes place over SSL. Secure API Manager requires secure communication to ensure that no security issues occur when the components communicate or when you use the Deployment Manager. The Deployment Manager requires:

  • A trusted root certificate or a self-signed certificate for the SSL communication.

  • DNS names and IP addresses assigned to the appliances for your Secure API Manager system. For more information, see Deploying the Secure API Manager Appliances.

  • All components must have direct access to the primary database without going through an L4 switch or database corruption can occur.

WARNING:Do not edit the appliance configuration settings during the deployment of the Secure API Manager components. The Deployment Manager stores information on each appliance. If you edit the appliance configuration settings through the appliance management console while the Deployment Manager is configuring other components, you corrupt the components and the deployment fails. Wait until the Deployment Manager has finished configuring all of the components before editing the appliance configuration settings.

4.2.2 Understanding the Deployment Options

The Deployment Manager allows you to create a new system or join an existing system. The Deployment Manager also expects you to deploy and configure all of the appliances and components in your system through one process.

If you are creating a new system, you must always deploy the Database Service component first. The Database Service component stores the configuration information for the other components to ensure that the data and the configuration information is correct on each node depending on your specific environment and goals.

When you deploy each component or each node of a cluster, Secure API Manager stores that information in the Database Service component. To ensure that the correct information is available and synchronized properly, at the end of a deployment of an appliance you have three different options on how to proceed.

The Deployment Manager provides the following options to allow you to choose what happens to the entire system:

  • Save configuration: Select this option if you are deploying multiple appliances at the same time. This option saves the configuration information for the appliance in the database but it does not actually deploy the components and no services are available on this appliance at this time.

  • Save configuration and deploy only this appliance: Select this option if this is the first Database Service component you are deploying or if you must replace a single node in a configured Secure API Manager system. This option saves the configuration file to the database and deploys this appliance.

    If you are replacing a failed node, this option might leave other appliances in an invalid state because they might need to be reconfigured to know about this new appliance. For more information, see Recovering from a Failed Node in a Cluster.

  • Save configuration and reconfigure the entire system: Select this option to save the configuration in the database, deploy the appliance, and redeploy all other appliances in the system to receive the updated configuration information. You would use this option when you are deploying the last appliance in the system and you need to reconfigure every other appliance in the system to know about all of the other appliances.

Ensure that you collect all of the information listed in Table 4-2 before you use the Deployment Manager to deploy Secure API Manager.

4.2.3 Viewing the Secure API Manager System

The Deployment Manager also provides a STATUS tab that displays what happens when you deploy a component or deploy a component and reconfigure the entire system. Depending on which option you select at the end of the configuration of a new component, the Deployment Manager automatically takes you to the STATUS tab.

The Deployment Manager also contains an SYSTEM tab. The SYSTEM tab allows you to view all of the appliances in the Secure API Manager system from one page. The information on the SYSTEM tab is global. It does not matter which appliance management console you access, you see the same information for your system.

The SYSTEM tab also displays which node is the primary Database Service component. There must be a primary Database Service component to store the configuration information. If the primary Database Service component fails, you can make another Database Service component the primary on the SYSTEM tab. You can have only one primary Database Service component at a time.