34.3 Monitoring the Health of an Access Gateway

To view detailed health status information of an Access Gateway:

  1. In the Administration Console, click Access Manager > Access Gateways > [Name of Server] > Health.

    The status icon is followed by a description that explains the significance of the current state.

  2. To ensure that the information is current, select one of the following:

    • Click Refresh to refresh the page with the latest health available from the Administration Console.

    • Click Update from Server to send a request to the Access Gateway to update its status information. If you have made changes that affect the health of the Access Gateway, select this option. Otherwise, it can take up to five minutes for the health status to change.

  3. Examine the Services Detail section which displays the status of each service. For an Access Gateway, this includes information such as the following:

    Status Category

    If not healthy

    Status: Indicates whether the Access Gateway is online.

    Check the status of the Enterprise Service Provider Configuration. If its status does not appear in the list of services, you need to start the service provider. In the Administration Console, click Access Manager > Access Gateways > [Name of Server] > Actions > Start Service Provider.

    Also verify that network problems are not interfering with communications between the Access Gateway and the Administration Console.

    Time: Indicates the type of time configuration. Time must be configured so that it remains synchronized with the other servers in the configuration (the Identity Server, SSL VPN server, J2EE agents, Web servers, etc.).

    See Section 15.4, Setting Date and Time

    Gateway: Specifies the type of routing that is configured for the gateway.

    See Section 15.8.2, Viewing and Modifying Gateway Settings.

    DNS: Specifies whether a domain name server has been configured and is active

    (Linux only) Displays the IP address of the each configured DNS server and when the server last responded.

    (NetWare only) If the DNS server is configured but not configured for monitoring, the following message appears: (Passed) Domain and DNS Servers configured. If the DNS server is configured and monitoring is enabled, the following message appears: (Passed) Domain and DNS Servers configured and active.

    See Section 15.8.3, Viewing and Modifying DNS Settings.

    Services: Indicates the general health of all configured services.

    (Linux only) Displays messages about the health of the reverse proxy, the back-end Web servers, and internal services (the SOAP back channel and the communication module).

    (NetWare® only) Displays a general status message. For more information, see the particular services that also display an unhealthy status.

    Address: Indicates whether an IP address has been configured for the reverse proxy to listen on. This is required for the Access Gateway to function.

    See Section 13.1, Creating a Reverse Proxy and Proxy Service.

    Reverse Proxy: Specifies whether a reverse proxy has been configured. An Access Gateway must have at least one reverse proxy configured.

    See Section 13.1, Creating a Reverse Proxy and Proxy Service.

    Embedded Service Provider Communication: (Linux only) Indicates whether the embedded service provider can communicate with the Identity Server.

    Restart the embedded service provider. If restarting the embedded service provider fails, try restarting Tomcat.

    L4 and Cache: The L4 status indicates whether the Linux Access Gateway is responding to health checks from the L4 switch. The number increments with each health check for which the Access Gateway does not send a response.

    • When it reaches 13, the health is changed to yellow.

    • When it reaches 31, the health is changed to red.

    If the Access Gateway recovers and starts responding, the health turns green after 20 seconds and the unresponsive count is reset to 0.

    To fix the problem if it does not resolve itself, restart the Linux Access Gateway.

    The cache status indicates the current number of delayed cache requests and whether enough memory is available to process new requests.

    • When this number reaches 101, the health is changed to yellow.

    • When this number reaches 151, the health changes to red. To solve the problem, you need to restart the Linux Access Gateway.

    Restart the Linux Access Gateway machine by entering the following commands:

    /etc/init.d/novell-vmc stop /etc/init.d/novell-vmc start

    Embedded Service Provider Configuration: Specifies whether the Access Gateway has been configured to trust an Identity Server and whether that configuration has been applied.

    At least one Identity Server must be configured and set up as a trusted authentication source for the Access Gateway.

    A green status indicates that a configuration has been applied; it does not indicate that it is a functioning configuration.

    See Section 6.0, Configuring an Identity Server for information on configuring an Identity Server. See Section 13.1, Creating a Reverse Proxy and Proxy Service for information on assigning an Identity Server configuration to the Access Gateway.

    Configuration Data store: Indicates whether the configuration data store is functioning correctly.

    See Section 2.0, Backing Up and Restoring Components.

    Signing and Encryption Keys: Indicates whether the Signing keystore contains a key.

    Click Access Gateways > Edit > Service Provider Certificates > Signing and replace signing key in this keystore.

    HTTP Listener: Indicates whether the Access Gateway and the embedded service provider are communicating.

    Restart the Access Gateway. See Section 3.2.7, Rebooting the Access Gateway.

    Embedded Service Provider’s Trusted Identity Provider: Indicates whether the configuration that the Access Gateway trusts has been configured to contain at least one Identity Server.

    Modify the Identity Server configuration and add an Identity Server (see Section 6.1.2, Assigning an Identity Server to a Cluster Configuration) or reconfigure the Access Gateway to trust a different Identity Server configuration (see Section 13.1, Creating a Reverse Proxy and Proxy Service).

  4. Click Close.