Installation Options and Configurations
One of the key features of the SDX software is flexibility. You can deploy all the SDX software components on a single host or distribute them among multiple hosts in one or more locations. For example, you can deploy the SAE on one host, a directory on another host, and Policy Editor on a third host. You might want to install only the components needed by an administrator on some hosts, and the components needed by developers on others.
Juniper Networks Professional Services can assist you in determining the best installation option for your operation. The following sections present sample installation possibilities.
See SDX Component Installation Sets for information about individual SDX components and recommended sets of components for different purposes.
Directory Server
The SDX software CD includes the OpenLDAP directory server as well as add-ons for OpenLDAP, Sun ONE Directory Server (formerly iPlanet Directory Server), and DirX directory server.
The SDX software operates with other directory servers; however, we currently support only OpenLDAP, Sun ONE Directory Server, and DirX directory server.
Multiple Directory Servers and Failover
The following statements apply for all directory connections used by the SAE, the EASP, and the SNMP agent, as well as the configuration connections for NICs and GALs:
- You can specify any number of directory servers. The SDX software considers the first server specified to be the primary or preferred directory server; any other servers are considered to be an ordered list of backups.
- If the primary directory server is not available or fails, the SDX software tries each of the backup servers in turn according to the ordered list. Directory connections are switched to the first available backup directory.
- If a backup directory fails, the SDX software again tries each of the directory servers in turn, beginning with the primary and proceeding through the ordered list. Directory connections are switched to the first available backup directory.
- If the primary directory recovers or becomes available, the directory connection is switched back to the primary directory.
RADIUS
Although the SDX software operates with other RADIUS systems, we currently support system integration only with Funk Steel-Belted RADIUS, Merit RADIUS, and Interlink Networks RAD-Series AAA RADIUS.
SDX support for Challenge Handshake Authentication Protocol (CHAP) depends on the integrated RADIUS software. Merit RADIUS does not support CHAP; consequently the SDX software does not support CHAP when you use Merit RADIUS. Funk Steel-Belted RADIUS does support CHAP, so when you use Funk Steel-Belted RADIUS the SDX software supports CHAP.
Installation and Configuration Sequence
The following steps show the sequence necessary for a typical SDX software installation. The sequence is independent of the hosts on which you load the software.
- Install Solaris operating system and appropriate OS patches.
- Install the SDX software components and any directory software not included with the SDX software.
- Start the directory.
See SDX Integration Guide for information about installing directory servers not supplied with the SDX software.
See SDX Integration Guide for information about installing RADIUS.
- Obtain and install your SDX software license.
- Perform preliminary configuration for the SDX components.
- Start the SAE.
NOTE: For information about deploying and customizing a demo portal, see SDX Components Guide, Vol. 2.
Installation Prerequisites
Consider the following before you begin installation of the SDX software.
Hardware
Before you start the installation, verify that sufficient disk space is available in the installation directory. See Table 11 for disk space requirements.
Software
Some packages have prerequisites for installation:
- IP Filter - You must install ipfx (the 64-bit IP Filter package) before you install ipf (the 32-bit IP Filter package). Both packages must be installed for a 64-bit Solaris system.
- Python - You must install the Python runtime environment (SMCpython) before you install the Python additional libraries (UMCpyadd).
Many of the SDX GUIs, such as Policy Editor and SDX Admin, are X-Windows applications and require configuration of the X-Windows server to provide proper font and keyboard behavior. Failure to properly configure the X-Windows server can cause problems in certain circumstances; for example, if you try to use the Japanese locale without having the required Japanese fonts. If you have any questions about X-Windows server configuration, consult technical support or the user documentation for the X-Windows server that you are using.
Root Versus Nonroot Users
A root user is typically a system administrator who has the authority to install software and maintain the system. The SDX software can be installed only by users with administrator root permissions on each host.
You can use the UNIX sudo command to enable authorized users to execute commands as if they had root privileges.
You might want authorized users with nonroot privileges to be able to configure and administer the SDX software. You can create nonroot users and groups with the UNIX admintool. See your Solaris documentation for more information. Alternatively, you can use the command described in Silent Mode to create nonroot users and groups.
Upgrades
In order to upgrade the SDX software on a host from one version to another, you must first remove the previous installation. See Uninstalling the SDX Software for more information.
Installation Conventions
The installation procedures in this guide are written with the understanding that you know how to work in a UNIX environment, including performing the following tasks: starting UNIX sessions, using UNIX xterm windows to issue commands on the UNIX command line interface, mounting CDs, navigating through the file structure, using a text editor to read and modify text files, and so on.