Anonymous_User Absent Member.
Absent Member.
389 views

NAM basic setup


Hi all,
As I know, ref to the basic system architecture
Access gateway , identity server place at DMZ,
LDAP, admin console, ,J2EE place in trust zone.

1. why each component required to separate each stand alone server on
this system architecture?

2. This system architecture Is it the security or technology consider?

3. Can I combine "access gateway and identity server" ior "dentity and
LDAP server" to one stand alone server e.g use VMware?

Thanks
Simon


--
simonlch05
------------------------------------------------------------------------
simonlch05's Profile: https://forums.netiq.com/member.php?userid=484
View this thread: https://forums.netiq.com/showthread.php?t=2892

0 Likes
4 Replies
Anonymous_User Absent Member.
Absent Member.

Re: NAM basic setup


simonlch05;12097 Wrote:
> Hi all,
> As I know, ref to the basic system architecture
> Access gateway , identity server place at DMZ,
> LDAP, admin console, ,J2EE place in trust zone.
>
> 1. why each component required to separate each stand alone server on
> this system architecture?
>
> 2. This system architecture Is it the security or technology consider?
>
> 3. Can I combine "access gateway and identity server" ior "dentity and
> LDAP server" to one stand alone server e.g use VMware?
>
> Thanks
> Simon


1) You definitely weren't the first to ask this question, which is why
the 3.2 release of Access Manager now allows the combining of various
components. For example, you can now install the administration console
and IDP on the same machine. They also provide a "single box"
appliance, which combines the administration console, IDP, and MAG all
on a single server.

2) The main advantage that I see in this architecture is flexibility.
It allows you to easily manage multiple IDP clusters, ESP clusters, and
other service providers. For example, I can easily add SAML service
providers without touching the access gateways. I can also easily add
or replace IDP servers and MAG servers without any impact to the other
components. I have worked with less flexible systems in the past, and I
consider this architecture to be greatly superior for all but the
simplest deployments.

3) You have the "single box" option I mentioned above, which combines
all the main NAM components (AC, IDP, and MAG) into one appliance. You
cannot install a separate LDAP server on the administration console, as
it is running an embedded eDirectory for its configuration information.
If you wanted to, you could probably install it on the IDP. However,
most companies tend to use a dedicated LDAP cluster, so I don't think
that use case comes up a whole lot.


--
MatthewEhle
------------------------------------------------------------------------
MatthewEhle's Profile: https://forums.netiq.com/member.php?userid=4
View this thread: https://forums.netiq.com/showthread.php?t=2892

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: NAM basic setup


We use NAM 3.1.4
Access manager service
Did the "single box" appliance function build in NAM 3.1.4?
Or this is new function of NAM3.2?


--
simonlch05
------------------------------------------------------------------------
simonlch05's Profile: https://forums.netiq.com/member.php?userid=484
View this thread: https://forums.netiq.com/showthread.php?t=2892

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: NAM basic setup

On 28.08.2012 18:14, simonlch05 wrote:
>
> We use NAM 3.1.4
> Access manager service
> Did the "single box" appliance function build in NAM 3.1.4?
> Or this is new function of NAM3.2?


"Single box" appliance is new in 3.2

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: NAM basic setup

simonlch05 wrote:

>
> We use NAM 3.1.4
> Access manager service
> Did the "single box" appliance function build in NAM 3.1.4?
> Or this is new function of NAM3.2?


Do you have the option to go for NAM 3.2? If so, I would recommend it,
not just because you can get the single box option (if you wanna go
down that path) but if you want to upgrade to NAM 3.2 in the nearby
future it would save you a rebuild.

--
Cheers,
Edward
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.