2.5 Restoring an Access Gateway

If an Access Gateway machine experiences a hardware failure, such as a failed hard disk, you can preserve its configuration and have it applied to the replacement machine.

2.5.1 Clustered Access Gateway

If the hardware fails on an Access Gateway machine that belongs to a cluster:

  1. In the Administration Console, view the configuration of the cluster. Click Devices > Access Gateways.

  2. (Conditional) If the failed Access Gateway is the primary server, assign another server to be the primary server:

    1. On the Access Gateways page, click [Name of Cluster] > Edit.

    2. For the Primary Server field, select another server to be the primary server, then click OK > Close.

    3. Click Identity Servers > Update.

  3. Delete the failed Access Gateway from the cluster. Click Access Gateways, select the failed Access Gateway, then click Actions > Remove from Cluster.

    IMPORTANT:Do not delete the Access Gateway from the Administration Console.

  4. On the new machine, install the Access Gateway, specifying the same Administration Console, IP address, host name, and domain name as the failed machine.

  5. (Conditional) If you have customized error messages, copy the message files to the Access Gateway.

  6. (Conditional) If you have configured the Access Gateway Alliance to use touch files, re-create the touch files on the Access Gateway Appliance. For a list of touch files, see Using Touch Files in the NetIQ Access Manager 3.1 SP5 Access Gateway Guide.

  7. When the machine imports into the Administration Console, add the machine to the Access Gateway cluster:

    1. In the Administration Console, click Devices > Access Gateways.

    2. Select the name of the Access Gateway, then click Actions > Assign to Cluster > [Name of Cluster].

    3. Update the Access Gateway.

2.5.2 Single Access Gateway

If the failed Access Gateway is a single machine and you want to preserve its configuration:

  1. Do not delete the Access Gateway from the Administration Console.

    If you delete the Access Gateway from the Administration Console, the configuration information is deleted.

  2. On the new machine, install the Access Gateway software, using the same IP address, host name, and domain name as the failed device and specifying the same Administration Console.

  3. (Conditional) If you have customized error messages, copy the message files to the Access Gateway.

  4. (Conditional) If you have configured the Access Gateway Appliance to use touch files, re-create the touch files on the Access Gateway Appliance. For a list of touch files, see Using Touch Files in the NetIQ Access Manager 3.1 SP5 Access Gateway Guide.

  5. When the installation has completed and the device has been imported in the Administration Console, verify the following:

    1. Check its trusted relationship with the Identity Server. Click Devices > Access Gateways > Edit > Reverse Proxy / Authentication.

    2. If you have configured the Access Gateway to use SSL, reconfigure the certificates for the listener. Click Devices > Access Gateways > Edit > [Name of Reverse Proxy].

    3. Save any changes, and update the Access Gateway.