Highlighted
pedroluizcsbr
New Member.
344 views

Access Manager general questions

Hello.

I am new to Netiq AM and would like to confirm some information.
The system consists of Admin Console, IDP and AG.
The IDP and Admin Console can be installed on the same server.
The Admin Console runs on a tomcat.
IDP runs on top of another tomcat.
AG runs on a tomcat and apache.
Apache is responsible for reverse proxies.
Tomcat is responsible for ???.


The AM items are:

Admin Console runs on tomcat and is responsible for loading the admin interface:
Command to stop and start:
/etc/init.d/novell-ac stop
/etc/init.d/novell-ac start

IDP that runs on the tomcat and is responsible for the authentication of the users and relates to the AG:
Command to stop and start:
/etc/init.d/novell-idp stop
/etc/init.d/novell-idp start

ESP that runs on the AG server and is responsible for communicating the AG with the IDP for authentication purposes. Run on apache.
Command to stop and start:

Proxy Service that runs on the AG server and is responsible for controlling access to the resources created in the proxies. When the user makes a request it is the service that handles the request. Run on apache.
Command to stop and start:
/etc/init.d/novell-apache2 stop
/etc/init.d/novell-apache2 start

ActiveMQ that runs on the AG server and is responsible for communicating the AG with the admin console. Run on tomcat.
Command to stop and start:
/etc/init.d/novell-activemq stop
/etc/init.d/novell-activemq start

JCC that runs on the Admin console server and is responsible for performing the actions performed in the Admin Console running on the AG and IDP. Run on tomcat.
Command to stop and start in both IDP and AG:
/etc/init.d/novell-jcc stop
/etc/init.d/novell-jcc start

Gateway Manager that runs on the AG server and is responsible for running the commands coming from the JCC, both maintenance commands and the command that configures the proxy services. Run on apache.
Command to stop and start:
???

User Session cache that runs on the AG server and is responsible for maintaining the user session. Run on apache.
Command to stop and start:
???


What are the services for:
novell-agscd
novell-mag
novell-appliance

Please confirm or correct the above information.
Thank you.
0 Likes
4 Replies
Knowledge Partner Knowledge Partner
Knowledge Partner

Re: Access Manager general questions

On 31-05-2019 6:04 AM, pedroluizcsbr wrote:
>
> Hello.
>
> I am new to Netiq AM and would like to confirm some information.
> The system consists of Admin Console, IDP and AG.
> The IDP and Admin Console can be installed on the same server.
> The Admin Console runs on a tomcat.
> IDP runs on top of another tomcat.
> AG runs on a tomcat and apache.
> Apache is responsible for reverse proxies.
> Tomcat is responsible for ???.


NAM uses a federation model (Liberty - which is very similar to SAML). For this to work well, the access gateway comes with something referred to as a
embedded service provider or ESP. This is where tomcat comes to play as its a java app. When you enable authentication on a protected resource you'll
see that NAM redirects to a special URL called <host>/esp/idff/..... and then there's a redirect to the IDP url. The IDP then handles the
authentication and redirects the browser back to the ESP. The ESP communicates with the IDP via a soap channel to obtain the liberty token and
determine if you are authenticated. From there some more magic happens and eventually you get redirected to the protected resource and you are allowed in.

>
>


> Gateway Manager that runs on the AG server and is responsible for
> running the commands coming from the JCC, both maintenance commands and
> the command that configures the proxy services. Run on apache.
> Command to stop and start:
> ???


Pretty sure the agm is part of novell-mag as its hosted under the same tomcat instance.

>
> User Session cache that runs on the AG server and is responsible for
> maintaining the user session. Run on apache.
> Command to stop and start:
> ???


Im not exactly sure what this does but its some internal communication between MAG components as it uses purely a socket to communicate. There's no
TCP listener for it.

>
>
> What are the services for:
> novell-agscd


Session Cache Daemon, same as the user session cache

> novell-mag


This is the embedded service provider

> novell-appliance


I've never really used this but i think its just a collection of services that get stopped/started when you use this one.

Hopefully this helps.


--
Cheers,
Edward
pedroluizcsbr
New Member.

Re: Access Manager general questions

Thank you.
0 Likes
ericveysey Trusted Contributor.
Trusted Contributor.

Re: Access Manager general questions

novell-mag restarts the access gateway, much like how novell-idp restarts the idp.

novell-appliance which is only found on the NAM appliance restarts all services.

0 Likes
Micro Focus Frequent Contributor
Micro Focus Frequent Contributor

Re: Access Manager general questions

eSP is a separate java component and runs on AG. Apache communicates with eSP mainly via SOAP.

ActiveMQ that runs on the AG server and is responsible processing health and statistics data between Admin console and AG

User session cache at AG is maintained by separate daemon novell-agscd
Command to stop and start:
/etc/init.d/novell-agscd stop/start/restart

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.