Previous Page: Creating an iChain Service Object  Next Page: Setting Up Protected Resources

Setting Up the iChain Proxy Server

The iChain Proxy Server functions as the primary access point into your iChain infrastructure. The iChain Proxy Server is implemented on approved hardware.

This section provides a brief introduction to the basic steps needed to set up the iChain Proxy Server. For more details, see "Installing the iChain Proxy Server on Your Network" and Using and Tuning iChain Features.

To set up the iChain Proxy Server for an iChain implementation:

  1. Access the URL of the proxy server where you installed the iChain Proxy Services software to launch the proxy server browser-based administration tool.

    For example, http://xx.xx.xx.xx:1959/appliance/config.html

    where xx.xx.xx.xx is the IP address for the proxy server. You should have configured an IP address during the installation of the iChain Proxy Services software.

    NOTE:  If the iChain Proxy Server is located behind a firewall and you are accessing the proxy server browser-based administration utility from a browser outside that firewall, you must open ports 1959, 2222, and 51100 on the firewall to administer the proxy server.

    2.

  2. Accept the default username (do not enter a password) > click OK.

    3.

  3. Click System > Actions > Password > set a password for the proxy server.

    4.

  4. Click Home > Introduction > verify that iChain Proxy Server 2.1 is installed and running on the server. (This is shown as a bitmap that lets you know if you're running version 2.1.)

    5.

  5. Click Network > IP Addresses > configure the Ethernet ports as follows:

    • Accept the Eth0 adapter existing setting.
      •
    • Set the Eth1 adapter with the private IP address for the network.
      •
    • Set the Eth2 adapter with the public IP address for the network.
      •

  6. Click Gateway-Firewall > set the iChain Proxy Services default gateway to the gateway necessary to access your public IP address.

    7.

  7. Click Network > DNS > specify the DNS domain name (for example, www.novell.com) and the IP address of the DNS server.

    8.

  8. Click Apply to have the new settings take effect.

    9.

  9. Click System > Actions > verify the internal connection to your network by pinging a server within your internal network.

    10.

To set up access to the authorization server for access control functions:

  1. Click Configure > Access Control.

    2.

  2. Specify the fully distinguished name of the ISO object name for the iChain service. You must use commas as delimiters, for example, cn=myISO,o=novell.

    3.

  3. Specify the following LDAP profile settings:

    • LDAP server addresses for the iChain LDAP access control servers
      •
    • LDAP port on the iChain LDAP access control servers
    • LDAP proxy user
      •
    • Password
      •
    • Enable secure access to LDAP server (only if you are using secure LDAP)
      •
    • LDAP server trusted root file (for secure LDAP)
      •

    NOTE:  The LDAP user name and password must have supervisor rights to the container you are searching.

    4.

  4. Click Apply.

    5.

  5. Click Refresh ACLCHECK.

    6.

To set up access to the iChain Authorization Server for authentication functions, you will need to create one or more authentication profiles. The following steps will create an LDAP authentication profile to authenticate users to your iChain Authorization Server. (You can also create SSL mutual authentication and RADIUS profiles if you want to use these authentication methods.)

  1. Click Configure > Authentication.

    2.

  2. Insert a new profile > name the profile > select LDAP Authentication and click the LDAP Options button.

    3.

  3. Set the server IP address to the iChain Authorization Server address.

    4.

  4. Select port 389 for non-secured LDAP, or port 636 for secure LDAP (or another port as configured).

    5.

  5. Enable secure access to LDAP server (only if you are using secure LDAP).

    6.

  6. Specify LDAP server trusted root file (only if you are using secure LDAP).

    7.

  7. Specify a username and password for LDAP access (leave the field blank for anonymous bind).

    8.

  8. Set Use Distinguished Name.

    9.

  9. Click Insert > enter an LDAP context (for example, ou=test,o=mycompany). Repeat for each context users will authenticate from.

    10.

  10. Click OK > OK > Apply.

    11.

To set up a Web Server accelerator:

  1. Click Configure > Web Server Accelerator > Insert.

    2.

  2. Specify a name for the accelerator, using a maximum of 8 characters. This must be unique for each Web Server accelerator.

    3.

  3. Specify a DNS name for the accelerator (for example, www.novell.com).

    This is the DNS name by which users will access the resource and should resolve to the public IP address of the iChain Proxy Server.

    4.

  4. In Web Server address, click Insert > specify the IP address of the origin Web Server that contains the desired content.

    Either the IP address or the DNS name resolving to the origin Web Server can be used. This will usually be on your private network. Clients should not be able to access this server directly, or the iChain infrastructure will be bypassed.

    5.

  5. For the Accelerator IP address, check the public IP address or addresses that the DNS name specified in Step 3 resolves to.

    6.

  6. Check Enable Authentication.

    7.

  7. Click Authentication Options > select an existing profile from the list > click Add to set the profile as the Service Profile.

    8.

  8. Click OK > OK > Apply.

    9.


  Previous Page: Creating an iChain Service Object  Next Page: Setting Up Protected Resources