Using Access Manager as a Web Reverse Proxy



A Forum reader recently asked:

"I need to be able to use Access Manager as a web reverse proxy. The Digital Airlines example in the basic setup document would seem to be about the right size for my needs, yet I couldn't find anything in the documentation about resources needed to do what I want.

Also, I seem to recall reading that one of the components installs its own server, which I infer to mean that I can't install it as an added service on an existing server."

And here's the response from John DaSilva ...


There are 3 major components to Access Manager for using it as a web reverse proxy.

1) The Access Gateway itself. This is an appliance install, which means it includes the OS as part of the install. There are two flavors: the NAG (Netware OS) and the LAG (Linux OS). Whatever box you dedicate to this, make sure you don't want what is already on it. This should also have the most memory, because it will do the bulk of the work. The recommendation for 100GB is mostly because of logging; the more you do, the more disk space you need. So, you may be able to get away with less.

Using the LAG, you can put the SSLVPN (actually a fourth component) on this box. This is mainly what you are looking for, but you will need the proxy features.

2) The Identity Server or Identity Provider. This will connect to your User Store for authentication. Its role is to deal with authentication. It does not have to be as robust a box as the Access Gateway.

3) The Administration Console or Configuration store. This is where all the configuration for all the pieces of Access Manager are stored. It is a good idea to have at least a second replica of this box for backup. This component is connected to by all the other components. Generally you want this inside your network, so putting it on the Identity server is not a good idea. It also stores some of the logs, but memory and CPU do not have to be as big for this. That's because it is only used by the other components to retrieve their configuration when you tell them to.

So in a nutshell, you need 3 boxes. The IDP and Admin Console can be virtual machines, but generally it is not recommended that the LAG be a virtual machine.


How To-Best Practice
Comment List