Configuring the runtime environment

Edit online

To configure the runtime environment with the local management interface, use the Runtime Component management page.

Procedure

  1. From the top menu, select Web > Manage > Runtime Component.
  2. Click Configure.
    You can configure your policy server to be local or remote.
    • Local policy server with a remote LDAP user registry
      1. Under Policy Server, select Local.
      2. Under User Registry, select LDAP Remote.
      3. Under Common, check the check-box Restrict Management Interfaces if the local policy server should listen only on the local interface. If the box is not checked, the policy server will listen on all the available management interfaces.
      4. Click Next.
      5. On the Policy Server tab, provide settings for the fields displayed. Fields with an asterisk are required and must be completed.
        • Management Suffix: The LDAP suffix that is used to hold the IBM® Verify Identity Access secAuthority data.
          Note: To create the domain at the secAuthority=Default tree, you must leave this field blank.
        • Management Domain: The IBM Security Verify Identity Access domain name.
          Note: Make sure that the domain name you specify is unique among all domains on the LDAP server. The existence of a domain with the same name in a different suffix also causes an error. As this field is the name of the management domain, do not specify an LDAP DN.
          Here are some example settings and the corresponding result data:
          Setting Result 
          
Management Suffix: <blank>
Management Domain: Default
          		 
          secAuthority=Default
          		 
          
Management Suffix: OU=TAMDATA
Management Domain: Default
          		 
          secAuthority=Default,OU=TAMDATA
        • Administrator Password: The security administrator's password.
        • Confirm Administrator Password: The security administrator's password.
        • SSL Server Certificate Lifetime (days): The lifetime in days for the SSL server certificate.
        • SSL Compliance: Specifies any additional SSL compliance.
          Note: If FIPS is enabled on the appliance, the SSL Compliance field cannot be set to No additional compliance.
      6. Click Next.
      7. On the LDAP tab, provide settings for the fields displayed.
        • Host name: The name of the LDAP server.
        • Port: The port to be used the system communicates with the LDAP server.
        • DN: The distinguished name that is used when the system contacts the user registry.
        • Password: The password for the DN.
        • Enable SSL: Whether SSL is enabled.
        • Certificate Database: The KDB file that contains the certificate that is used to communicate with the user registry. This field is required if Enable SSL is selected.
        • Certificate Label: The label of the SSL certificate that is presented to the user registry upon request. This field is optional and is only required if SSL is enabled, and the user registry is configured to require a client certificate.
      8. Click Finish to save the settings.
    • Local policy server with a local user registry
      Note: Users and groups within the local user registry are managed through the Verify Identity Access administration framework; for example, pdadmin. All these users and groups are housed under the suffix dc=iswga.
      1. Under Policy Server, select Local.
      2. Under User Registry, select LDAP Local.
      3. Under Common, check the check-box Restrict Management Interfaces if the local policy server and user registry should listen only on the local interface. If the box is not checked, the policy server and user registry will listen on all the available management interfaces.
      4. Click Next.
      5. On the Policy Server tab, provide settings for the fields displayed. Fields with an asterisk are required and must be completed.
        • Administrator Password: The security administrator's password.
        • Confirm Administrator Password: The security administrator's password.
        • SSL Server Certificate Lifetime (days): The lifetime in days for the SSL server certificate.
        • SSL Compliance: Specifies any additional SSL compliance.
      6. Click Next.
      7. On the LDAP tab, provide settings for the fields displayed. Fields with an asterisk are required and must be completed.
        Clean existing data
        Select this check box to delete any existing data in the embedded LDAP server before the configuration.
      8. Click Finish to save the settings.
    • Remote policy server
      1. Under Policy Server, select Remote.
      2. Under User Registry, select whether to use LDAP.
      3. Click Next.
      4. On the Policy Server tab, provide settings for the fields displayed.
        • Host name: The name of the host that hosts the IBM Verify Identity Access policy server.
        • Port: The port over which communication with the IBM Verify Identity Access policy server takes place.
        • Management Domain: The IBM Verify Identity Access domain name.
      5. Click Next and complete settings on the LDAP tab.
        • Host name: The name of the LDAP server.
        • Port: The port to be used when the system communicates with the LDAP server.
      6. Click Finish to save the settings.