6.2 Deploying iFolder Server

This section describes how to configure Novell® iFolder® 3.7 servers in a Multi-server environment.

6.2.1 Configuring the iFolder Enterprise Server

After you install the iFolder enterprise server, you must configure the iFolder services, including LDAP, iFolder system, and iFolder administration settings. To configure iFolder enterprise server, do the following:

  1. Log in as the root user, or open a terminal console, enter su, then enter a password to log in as root.

  2. Change the directory by typing cd /usr/bin at the command prompt.

  3. Run simias-server-setup.

  4. Follow the on-screen instructions to proceed through the iFolder Enterprise Server configuration.

The table summarizes the decisions you make:

Settings

Description

Server data path

The case-sensitive address of the location where the iFolder enterprise server stores iFolder application files as well as the users' iFolders and files.

For example:

/var/simias/data/simias

This location cannot be modified after install.

Server name

A unique name to identify your iFolder server. For example, IF3EastS.

Configure mode of communication for iFolder

There are three options to choose from:

  • SSL: Enables a secure connection between the iFolder server, iFolder Web Admin server, iFolder Web Access server, and the iFolder clients. iFolder uses the HTTPS channel for communication.

  • Non SSL: Enables unsecured communication between the iFolder server, Web Admin server, Web Access server, and the clients. iFolder uses the HTTP channel for communication.

  • Both: Enables you to select secure or non secure channel for communication between the iFolder server, Web Admin server, Web Access server, and the clients. By default, these components use the HTTPS (secure) communication channel. However, all components can also be configured to use HTTP channel.

iFolder public URL Host or IP Address

The public URL to reach the iFolder server.

IMPORTANT:You must specify the DNS name of the server as iFolder Public URL to connect the client to the server using a DNS name. In this case, users need not remember all the IP addresses they are provisioned to. A single DNS name can map them to the respective server IP based on their location .

iFolder private URLHost or IP Address

The private URL corresponding to the iFolder server to allow communication between the servers within the iFolder domain. The Private URL and the Public URL can be the same.

NOTE:You can use a single URL for the iFolder server if it is accessed only inside the corporate firewall. If the server needs to be accessed outside the firewall, you must provide two different URLs: Private and Public. The private URL is used for server to server communication within the corporate firewall and this should not be exposed outside the firewall. The public URL is used for the iFolder clients that can communicate from outside the corporate firewall. The clients can be inside or outside of the firewall and based on this, you can use private or public URL, or use public URL all the time.

Slave server

Defines if you want the installation to be a master server installation or a slave server installation.

System Name

Name used to identify the iFolder System to users. A unique name to identify your iFolder 3 server. For example, iFolder Server.

System Description

Descriptive label for your iFolder 3 server. For example, iFolder3 Enterprise Server.

Path to the Recovery Agent Certificates

The path to the recovery agent certificates that are used for recovering the encryption key. After you configure the path to the Recovery Agent, you must load the Agent certificates to this location.

LDAP Server

The IP address of the LDAP server.

Secure connection between the LDAP server and the iFolder Server

Establishes a secure connection between the LDAP server and the iFolder server. If the LDAP server co-exists on the same machine as the iFolder server, an administrator can disable SSL, which increases the performance of LDAP authentications.

LDAP admin DN

The username for the default iFolder Admin user. Use the full distinguished name of the iFolder Admin user. For example: cn=admin,o=acme. If Active Directory is the LDAP source, ensure that the iFolder Admin user is created using Active Directory tools before specifying it here.

LDAP admin password

Specify a password for the iFolder Admin user.

LDAP Proxy DN

The full distinguished name of the LDAP Proxy user. For example: cn=iFolderproxy,o=acme. This user must have the Read right to the LDAP service. The LDAP Proxy user is used for provisioning the users between the iFolder Enterprise Server and the LDAP server. If the Proxy user does not exist, it is created and granted the Read right to the root of the tree. If the Proxy user already exists, but the given credentials don’t match, then a new Proxy user is automatically created. The Proxy user's domain name (dn) and password are stored by the iFolder. If Active Directory is the LDAP source, ensure that the iFolder Proxy user is created using Active Directory tools before you specify it here.

LDAP Proxy Password

Password for the LDAP Proxy user.

LDAP Search Context

The tree context to be searched for users. For example, o=acme, o=acme2,oro=acme3. If no context is specified, only the iFolder Admin user is provisioned for services during the install.

IMPORTANT:Ensure that the LDAP search context you have specified is present in the LDAP server. If the LDAP search context is not present, the iFolder installation fails.

LDAP Naming Attribute

LDAP attribute of the User account to apply when authenticating users. Each user enters a Username in this specified format at login time. Common Name (cn) is the default and an e-mail address (e-mail) is the other option. For example, if a user named John Smith has a common name of jsmith and e-mail as john.smith@example.com, this field determines whether the user enters jsmith or john.smith@example.com as the Username when logging in to the iFolder server. This setting cannot be changed after the install using the Web Admin console.

Configure LDAP Groups plugin

Specifies LDAP Groups plug-in support. If this is not enabled, iFolder will not have the LDAP Groups support enabled.

6.2.2 Configuring the iFolder Slave Server

To configure iFolder slave server, do the following:

  1. Log in as the root user, or open a terminal console, enter su, then enter a password to log in as root.

  2. Change the directory by typing cd /usr/bin at the command prompt.

  3. Run simias-server-setup --ldap-server=<iFolder LDAP IP address> --prompt.

    Here, iFolder LDAP IP address can either be the one configured in iFolder Master server or it can be the LDAP replica server of the LDAP server configured on iFolder master server.

  4. Follow the on-screen instructions to proceed through the iFolder Slave Server configuration.

NOTE:After the iFolder server configuration, you must restart the Apache server for proper configuration of iFolder Web Admin and iFolder Web Access

The table summarizes the decisions you make:

Settings

Description

Server data path

The case-sensitive address of the location where the iFolder enterprise server stores iFolder application files as well as the users' iFolders and files.

For example:

/var/simias/data/simias

This location cannot be modified after install.

Server name

A unique name to identify your iFolder server. For example, IF3EastS.

Configure mode of communication for iFolder

There are three options to choose from:

  • SSL: Enables a secure connection between the iFolder server, iFolder Web Admin server, iFolder Web Access server, and the iFolder clients. iFolder uses the HTTPS channel for communication.

  • Non SSL: Enables unsecured communication between the iFolder server, Web Admin server, Web Access server, and the clients. iFolder uses the HTTP channel for communication.

  • Both: Enables you to select secure or non secure channel for communication between the iFolder server, Web Admin server, Web Access server, and the clients. By default, these components use the HTTPS (secure) communication channel. However, all components can also be configured to use HTTP channel.

iFolder public URL Host or IP Address

The public URL to reach the iFolder server.

IMPORTANT:You must specify the DNS name of the server as iFolder Public URL to connect the client to the server using a DNS name. In this case, users need not remember all the IP addresses they are provisioned to. A single DNS name can map them to the respective server IP based on their location .

iFolder private URL Host or IP Address

The private URL corresponding to the iFolder server to allow communication between the servers within the iFolder domain. The Private URL and the Public URL can be the same.

NOTE:You can use a single URL for the iFolder server if it is accessed only inside the corporate firewall. If the server needs to be accessed outside the firewall, you must provide two different URLs: Private and Public. The private URL is used for server to server communication within the corporate firewall and this should not be exposed outside the firewall. The public URL is used for the iFolder clients that can communicate from outside the corporate firewall. The clients can be inside or outside of the firewall and based on this, you can use private or public URL, or use public URL all the time.

Slave server

Defines if you want the installation to be a master server installation or a slave server installation.

Private URL of Master Server

The private URL of the Master iFolder server that holds the master iFolder data for synchronization to the current iFolder Server. For example: https://127.0.0.1:443/simias10.

IMPORTANT:iFolder Master server and slave servers must be in the same eDirectory tree.

Path to the Recovery Agent Certificates

The path to the recovery agent certificates that are used for recovering the encryption key. After you configure the path to the Recovery Agent, you must load the Agent certificates to this location.

System Admin

The Simias default administrator. If the system is configured to use an external identity source, the distinguished name (dn) should be used.

System Admin Password

Password for the system admin user.

Configure LDAP Groups plugin

Specifies LDAP Groups plug-in support. If this is not enabled, iFolder will not have the LDAP Groups support enabled.

LDAP Server

The IP address of the LDAP server.

Secure connection between the LDAP server and the iFolder Server

Establishes a secure connection between the LDAP server and the iFolder server. If the LDAP server co-exists on the same machine as the iFolder server, an administrator can disable SSL, which increases the performance of LDAP authentications.

LDAP Proxy Password

Password for the LDAP Proxy user.

LDAP Search Context

The tree context to be searched for users. For example, o=acme, o=acme2,oro=acme3. If no context is specified, only the iFolder Admin user is provisioned for services during the install.

IMPORTANT:Ensure that the LDAP search context you have specified is present in the LDAP server. If the LDAP search context is not present, the iFolder installation fails.

6.2.3 Configuring iFolder Web Access

After you install the iFolder Web Access server, you must specify which iFolder enterprise server it supports and the user-friendly URL that users enter in their Web browsers to access it. To configure iFolder Web Access, follow the steps given below:

  1. Log in as the root user, or open a terminal console, enter su, then enter a password to log in as root.

  2. Change the directory by typing cd /usr/bin at the command prompt.

  3. Run ifolder-web-setup.

  4. Follow the on-screen instructions to proceed through the iFolder Web Access configuration.

    Install Settings

    Description

    Web Access Alias

    The user-friendly path for accessing iFolder services on the specified iFolder enterprise server.

    For example:

    /ifolder

    Require SSL

    Establishes a secure connection between the Web browser and the iFolder Web Access application. This enables a secure SSL channel between the two.

    Require Server SSL

    Establishes a secure connection between the iFolder Server and the iFolder Web Access application.

    iFolder Server URL

    The host or IP address of the iFolder Enterprise Server to be used by the iFolder Web Access application. This Web Access application performs all the user-specific iFolder operations on the host that runs the iFolder Enterprise Server.

    Redirect URL for iChain/AccessGateway

    The redirect URL for iChain/AccessGateway that will be used by the iFolder Web Access application. This URL is used for the proper logout of iChain/AccessGateway sessions along with the iFolder session.

6.2.4 Configuring iFolder Web Admin

After you install the iFolder Web Admin server, you must specify which iFolder enterprise server it supports and the user-friendly URL that users enter in their Web browsers to access it. To configure iFolder Web Admin server, follow the steps given below:

  1. Log in as the root user, or open a terminal console, enter su, then enter a password to log in as root.

  2. Change the directory by typing cd /usr/bin at the command prompt.

  3. Run ifolder-admin-setup.

  4. Follow the on-screen instructions to proceed through the iFolder Web Admin configuration.

    Install Settings

    Description

    Web Admin Alias

    The user-friendly path for accessing iFolder services on the specified iFolder 3 enterprise server.

    For example:

    /admin

    Require SSL

    Establishes a secure connection between the Web browser and the iFolder Web Admin application. This enables a secure SSL channel between the two.

    Require Server SSL

    Establishes a secure connection between the iFolder Server and the iFolder Web Admin application.

    iFolder Server URL

    The host or IP address of the iFolder Enterprise Server to be used by the iFolder Web Admin application. This Web Admin application performs all the user-specific iFolder operations on the host that runs the iFolder Enterprise Server.

    Redirect URL for iChain/AccessGateway

    The redirect URL for iChain/AccessGateway that will be used by the iFolder Web Admin application. This URL is used for the proper logout of iChain/AccessGateway sessions along with the iFolder session.

6.2.5 Managing Server IP Change

Given below are the steps to change the iFolder service IP addresses:

  1. To change the IP address of an iFolder Enterprise server,

    1. In the Web Admin console, click the Server tab and select the desired server.

      1. Change the Public URL and Private URL to reflect the new IP address and click OK.

      2. If the IP address change is for a master server, change the master URL for all the slave servers by using the Server details page of the respective slave servers listed in the Server page.

        For more information on this, see Accessing and Viewing the Server Details Page.

      3. If the LDAP server is configured to the same server, change the URL by using the Server details page.

        For more information on this, see LDAP Server.

  2. To change the IP address of the Web Admin server,

    1. In a terminal console, run the following command and change the iFolder enterprise server URL used by the Web Admin server application.

      /usr/bin/ifolder-admin-setup

  3. To change the IP address of the Web Access server,

    1. In a terminal console, run the following command and change the iFolder enterprise server URL used by the Web Access server application.

      /usr/bin/ifolder-access-setup

  4. Restart the system.

IMPORTANT:You must ensure that all the users whose iFolder clients are connected to the old server IP, are updated the client with the new IP address of the server. For more information on configuring server IP address in an iFolder client, see Viewing and Modifying iFolder Account Settings in the Novell iFolder 3.7 Cross-Platform User Guide.

If the server is SSL enabled, you must ensure that the new SSL certificate is accepted by all the iFolder users.If a DNS name is used in the iFolder set-up and the new IP address uses the existing DNS name, then you don’t need to change the DNS name for the client, instead accept the new certificate.