A modified graphic of a computer network is the logo for AEP Networks, a provider of remote access and data security products, including public key infrastructure solutions and our award-winning SSL VPN internet security appliances.
Home Contact Us
 
 
    SmartGate
Technical Notes
Licensing
Download Software
Partner Resources
FAQs
Service Request
Beta Test Program
Policies
   
homesupportsmartgate supporttechnical notesarchives007

SmartGate Technical Notes

Tech Note: 007

Configuring a Backup SmartGate Server

Information and Setup.

Applies to: SmartGate 4.1.x and later.
Last updated: July 20th, 2001.

SUMMARY
  • Step-by-Step instructions for setting up a backup SmartGate Server.
  • Description of SmartGate Server files involved in the backup process.
INSTRUCTIONS

Example Configuration Information, use information for your servers in a real configuration:

Primary SmartGate Server:
External IP: 10.1.2.10
Internal IP: 10.1.1.10
Subnet: 255.255.255.0


Backup SmartGate Server
External IP: 10.1.2.11
Internal IP: 10.1.2.11
Subnet: 255.255.255.0
Introduction

An additional computer, other than the one running the Authentication Server can be set up as a backup host storing a redundant user database. If the Authentication server fails then the backup server takes over the authentication process. It is recommended that that the backup server is created before users OLR to the primary authentication server.

To set up a redundant user database:
  1. Do a complete installation of the SmartGate server software on a separate computer; excluding the Citrix License. The license does not have to be activated since certificate and license key will be copied from the primary SmartGate server to the backup SmartGate server.

    The host name of the backup server should be different from the main SmartGate server. For instance, if your SmartGate server is yourcompanyname.com, your backup server may be yourcomanyname2.com.
  2. Configure the backup server exactly the same as you're your primary SmartGate server. All the following files should be copied to the backup host:

    - All key files, i.e., your public/private key pair and certificate (keyname.pub, keyname.prv, and keyname.cer)
    - Remove any keyname.pub, keyname.prv, and keyname.cer created in the backup server.
    - All access control list (acl) and deny lists (sweb.acl, sweb.dny, sgate.acl, sgate.dny, adm-gw.acl, and sgshim.acl). - Some files may not appear in the data directory if they were not configured in the SmartGate Admin.
    - Configuration options including system definitions, OLR data requirements, and single-port mapping rules (sgconf.ini, reginfo.dat, an sgproxy.conf)
    - The secret.key file containing your shared secret key
    - Any user UID server files (Rules File)
  3. Using SmartGate Admin, connect to your main SmartGate server. Configure the following settings:

    · On the backup server, add the hostname or IP address of the your backup server host to the Authentication Client hosts settings

    · On the primary server, type the type the hostname or IP address and the port number of the backup host in the Backup server host and port text box. While the port number is configurable, the redundant database has a default port number of 3901, which is recommended.

    Note: If you are using the Remote Authentication Server settings, you must also configure the sgconf.ini file on the computer where the Authentication Server resides to recognizer the SmartGate server(s) connecting to it. Use the Authentication Client hosts settings on that computer
  4. If the machine running the SmartGate server fails for any reason, change the host name and the IP addresses of the backup server to that of the original Authentication server. Install your Citrix License Key on to your backup server.
  5. A soon as the license key is installed, you should be up and running and the new server SmartGate server will look identical to your end users.
Note: Unless a backup host has been set up and his option is specified, no backup server will be created. If this option is turned on with an existing database, first copy the existing database (sgusrdb.idx) to the backup server because mirroring occurs in real time.

Glossary of Files

Files Purpose
sgate.acl Provides access control for secured TCP services including E-mail, FTP, Oracle, Telnet server, rlogin Proxy support, etc.
sgate.dny Denies access to specified TCP services including E-mail, FTP, Oracle, Telnet server, rlogin Proxy support, etc.
sweb.acl Provides access control to your web server
sweb.dny Denies access to specified web servers
sgusrdb.idx The user database stores the SmartGate User ID enabled/disabled status, user's long name, group to which the user is assigned, and authentication key for each user.
adm-gw.acl Specifies the users who have administrative privileges to access the SmartGate server and perform remote administration. It also specifies which level of administrative rights they have and which groups they may administer.
sgconf.ini Dynamically controls the SmartGate serve's behavior. The sgconf.ini file provides information to SmartGate servers about your specific environment (e.g. where the authentication server resides and whether you are using Web servers that require access tickets)
reginfo.dat This file defines the data entry fields displayed to users when they perform OLR methods are being used (e.g. VONE, Entrust, Netrust, and PKI), each method can display unique data entry fields. The OLR information is read from reginfo.dat into an HTML file to be opened by your user's web browser.


back to Technical Notes Archives


  
 

About | News | Solutions | Products | Demo | Where To Buy | Partners | Support | Contact Us | Sitemap| Webmaster | Legal | Home