WebSEAL instance configuration planning

A WebSEAL instance is a unique WebSEAL server process with a unique configuration file and listening port. WebSEAL deployments support multiple WebSEAL instances. To configure a WebSEAL instance, we must collect some information about the ISAM deployment. Unless stated otherwise, each of the following settings is required.

Administrator name and password	The authentication details for the ISAM administrative user. Default is sec_master user. We must have administrative user permissions to configure a WebSEAL instance.
Domain	The ISAM domain.
Host name	The host name the ISAM policy server uses to contact the appliance. The address corresponding to this host name must match a management interface address of the appliance. Valid values include any valid host name or IP address.
Instance name	A unique name that identifies the WebSEAL instance. Multiple WebSEAL instances can be installed on one appliance. Each instance must have a unique name. Valid characters for instance names include the alphanumeric characters ([A-Z][a-z][0-9]) plus the following characters: underscore ( _ ), hyphen ( - ), and period ( . ). No other characters are valid. Example names: web1, web2, web_3, web-4, web.5. The instance name also affects how the full server name is listed during a pdadmin server list command. For this command, the full server name has the following format: instance-webseald-host For example, an instance_name of web1 installed on a host named diamond has the following full server name: web1-webseald-diamond
Listening port	Port through which the WebSEAL instance communicates with the ISAM policy server. Default port is 7234. This port number must be unique for every WebSEAL instance. The default port is typically used by the default (first) WebSEAL instance. The installation automatically increments to the next available port. We can modify the port number if necessary. Any port number above 1024 is valid. Select a port that is not used for any other purpose.
IP address for the primary interface	The unique IP address for the WebSEAL instance. The WebSEAL server listens on this IP address for incoming requests. We must also assign each WebSEAL instance a unique HTTP and HTTPS port.
HTTP protocol and HTTP port	Accept user requests across the HTTP protocol. If we enable HTTP, we must assign a port number. The default port number is 80. This port is used by the default (first) instance. If this port is not available, the installation automatically increments to the next available port.
HTTPS protocol and HTTPS port	Accept user requests across the HTTPS protocol. If we enable HTTPS, we must assign a port number. The default port number is 443. This port is used by the default (first) instance. If this port is not available, the installation automatically increments to the next available port.
User registry - SSL communication	WebSEAL communicates with the LDAP server during authentication procedures. Use of SSL during communication with the LDAP server is optional. However, use of SSL is highly recommended for security reasons in all production deployments. Disabling of SSL usage can be considered for temporary testing or prototyping environments. To use secure SSL communication between a WebSEAL instance and the LDAP registry server, use the LDAP SSL key file for this purpose. This is the key file created and distributed during installation of the LDAP client. If the initial WebSEAL instance is set up to use secure SSL communication with LDAP, multiple instances can use the same key file. When enabling SSL communication between WebSEAL and the LDAP server, provide the following information: Key file name The file containing the LDAP SSL certificate. Certificate label LDAP client certificate label. This is optional. When the client label is not specified, the default certificate contained in the keyfile is used. Specify the client label when the keyfile contains more than one certificate, and the certificate to be used is not the default certificate. Port Port number through which to communicate with the LDAP server. The default LDAP server port number is 636.

Parent topic: WebSEAL instance configuration overview