8.2 Deploying a Cluster of Single-Machine SSL VPNs
In a single-machine cluster of SSL VPNs, SSL VPN, the Identity Server, and the Administration Console are all installed on a single machine and several of these SSL VPNs are clustered. In this deployment scenario, the ESP-enabled Novell SSL VPN is used. You can deploy SSL VPN along with the Identity Server cluster or on a single Identity Server.
The following sections document the prerequisites and the procedure that are involved in configuring a cluster of single machine SSL VPNs:
8.2.1 Deployment Scenario
This sample deployment scenario consists of a cluster of four ESP-enabled Novell SSL VPNs. The following figure explains the setup:
Figure 8-2 Cluster of ESP-enabled Novell SSL VPNs Installed on a Single Machine
In this scenario, the M1 and M2 setup consists of the Administration Console, Identity Server, and the SSL VPN server installed on a single machine. M3 has the Identity Server and the SSL VPN server installed on a single machine, and M4 has only the SSL VPN server installed.
8.2.2 Prerequisites
The prerequisites for the above setup are:
-
For the hardware and software requirements, see Section 4.1, Prerequisites.
-
One public DNS name for the L4 device.
-
Three public IP addresses for the L4 device.
-
Two listening IP addresses each for the four SSL VPN servers.
NOTE:Two IP addresses are required if the UDP port is not opened in the firewall or if both Enterprise and Kiosk mode listen on the TCP port. You can also use the second IP address as the secondary IP address.
-
Three private IP addresses.
-
Security certificate.
8.2.3 Deployment Procedure
To install the ESP-enabled Novell SSL VPN on a single machine:
-
Install the Administration Console on M1.
For more information on installing the Administration Console, see
Installing the Access Manager Administration Console
in the Novell Access Manager 3.1 SP1 Installation Guide. -
Install the secondary Administration Console on M2.
For more information on how to install the secondary Administration Console, see
Installing Secondary Versions of the Administration Console
in the Novell Access Manager 3.1 SP1 Setup Guide. -
Install the Identity Server and the SSL VPN server by using the install.sh script.
For more information on installing the Identity Server, see Deployment Scenario 2: Installing SSL VPN and the Identity Server on the Same Machine.
-
Configure the Identity Server.
For more information on configuring the Identity Server, see
Configuring an Identity Server
in the Novell Access Manager 3.1 SP1 Identity Server Guide -
Assign the security certificate.
For more information, see
Enabling SSL Communication
in the Novell Access Manager 3.1 SP1 Setup Guide. -
Create a cluster of Identity Servers.
For more information on how to create a cluster of Identity Servers, see
Creating a Cluster Configuration
in the Novell Access Manager 3.1 SP1 Identity Server Guide. -
Establish a trust relationship between the Identity Server and the SSL VPN server.
For more information, see Section 9.0, Configuring Authentication for ESP-Enabled Novell SSL VPN.
-
Create a cluster of SSL VPNs on M1.
-
Install the Identity Server along with SSL VPN on M2.
For more information on how to create the SSL VPN cluster, see Section 21.1, Creating a Cluster of SSL VPN Servers.
-
Configure the Identity Server and assign it to the Identity Server cluster.
-
Configure SSL VPN and assign it to the SSL VPN server cluster.
-
Install the Identity Server along with SSL VPN on M3.
-
Configure the Identity Server and assign it to the Identity Server cluster.
-
Configure the SSL VPN server and assign it to the SSL VPN server cluster.
-
Install the SSL VPN server on M4.
For more information on installing SSL VPN on a separate machine, see Deployment Scenario 1: Installing SSL VPN on a Separate Machine.
-
Configure the SSL VPN server and assign it to the SSL VPN server cluster.
-
Configure the Client Integrity check policies and other relevant configurations for the SSL VPN cluster.
For more information on configuring SSL VPN, see Section III, Configuring SSL VPN.