If the security policy of your company requires all corporate databases to reside on a
secured network, you must create Directory gateways to allow the Security
Center applications located outside the secured
network to log on to the system.
Before you begin
Make sure that the
Number of additional Directory servers supported by your
Security
Center license allows you to add the
Directory gateways you need to create. The
Directory gateways are counted as
Directory
servers in your
Security
Center
license.
What you should know
All Security
Center applications (roles and
client applications) must connect to a Directory server in order to log on to the system. All
Directory servers must access the Directory database where the system configuration is stored.
If the Directory database resides on a secured network, no applications located outside the
secured network are allowed to access it. To avoid violating the security policy, you must
create Directory gateways on the non-secured network.
To create Directory gateways:
-
From the Config
Tool home page, open the
System task, and click the Roles view.
-
Select the Directory Manager () role, and then click the
Directory servers tab.
-
At the bottom of the server list, click
Advanced ().
An extra column, Gateway, opens in the list.
-
At the bottom of the list, click Add an item ().
-
In the dialog box that opens, select the server you want to add, and click
Add.
-
Add more servers to the list if necessary.
-
Select the Gateway option on servers you want to use as
Directory gateways.
A Directory gateway must be located on the non-secured network. It does not need to
access the Directory database, but it needs to connect to the main server. The following
example shows a system with two Directory servers, one of which is the main server, and
two Directory gateways.
NOTE:
- Load
balancing only occurs between servers of the same type. All Directory
servers belong to one load balancing pool, and all Directory gateways belong to
another. A user trying to connect to a Directory gateway will not be redirected to
a Directory server, and vice versa.
- The Disaster recovery option
only applies to Directory servers, not to Gateways.
-
Update your license to
include the servers that you have just promoted to Directory gateways.
-
Click Apply.
After you finish
If you have client workstations that are forced to connect to a specific Directory, update their settings so they connect to one of
the Directory gateways instead.