4.1 Deploying the Secure API Manager Appliances

VMware is the only supported platform for Secure API Manager. We recommend that you have a good understanding of VMware before deploying the appliance. This guide does not contain instructions for using VMware or how to deploy appliances in VMware. Currently, the appliance is not supported in Amazon Web Service or Azure environments. For more information, see the VMware Docs website.

Each appliance has its own administrative user of root. You set the password for the root user when you deploy each appliance. It is important to have a record of the IP address, DNS name, and login information for each appliance. You can enable an additional administrative account after you deploy the appliance. For more information, see Setting Administrative Passwords in the NetIQ Secure API Manager 1.1 Administration Guide.

Use the following sections to deploy the appliances and record the appliance information for your environment.

4.1.1 Deploying a Secure API Manager Appliance

You must deploy one or more appliances that will contain one or more Secure API Manager components. When you deploy the appliance, you set the time zone of the appliance, configure the network settings for the appliance, and create a password for the root user of the appliance.

Secure API Manager uses Docker containers to create the different components. After you define the appliance-specific setting, the initialization process extracts the Docker containers for each component on the appliance.

IMPORTANT:The extraction process can take 30 minutes or longer to complete. Ensure that you wait for the appliance to complete the extraction process before configuring each component.

Each DNS name of the appliance must be publicly resolvable, even in test environments. The DNS name of each appliance must be publicly resolvable to allow the Docker containers access to the local /etc/hosts file of the appliance. If the DNS name is not publicly resolvable, the components cannot communicate with each other and the product does not work.

Ensure that you have determined the number of appliances you will need for your environment. For more information, see Understanding Deployment Scenarios.

To deploy a Secure API Manager appliance:

  1. Download the appliance file from the Customer Center. For more information, see Obtaining Secure API Manager.

  2. Deploy the appliance to your virtual environment. For more information, see Deploy an OVF or OVA Template..

  3. Power on the appliance.

  4. Select the appropriate language, then read the license and click Accept.

  5. Use the following information to configure basic settings for the appliance:

    root Password

    Specify a password for the root user on the appliance. The root user is the administrative account for the appliance. You can create an additional administrative account after you deploy the appliance. For more information, see Setting Administrative Passwords in the NetIQ Secure API Manager 1.1 Administration Guide.

    NTP Server

    Specify a primary and secondary NTP server used to keep time on the appliance.

    Region and Time Zone

    Select your region and time zone.

    Hostname and Networking options

    Specify a host name for the appliance, then select whether to use a static IP address or DHCP. If you use a static IP address, you must specify the IP address, subnet mask, the gateway, and the DNS servers.

  6. Click Finish and wait for the appliance initialization to complete.

    IMPORTANT:The initialization process can take 30 minutes or longer to complete. The initialization process extracts the images of the components.

  7. Record the IP address, DNS name, and login information for future reference and for use during the deployment of the Secure API Manager components. For more information, see Recording the IP Addresses, DNS Names, and Login Information for the Appliances.

  8. Repeat Step 2 through Step 7 for each appliance you must deploy.

After you have the appropriate number of appliances for your Secure API Manager environment, you must deploy the appropriate components on one or more of the appliances using the Deployment Manager. You must understand the Deployment Manager before trying to use it. For more information, see Understanding the Secure API Manager Deployment Manager.

4.1.2 Recording the IP Addresses, DNS Names, and Login Information for the Appliances

Each Secure API Manager appliance uses SUSE Linux Enterprise Server as the operating system. During the deployment of the appliance, you set the password for the root user and define your networking settings for the appliance.

It is very important that you keep a record of the IP address, DNS name, and login information for each appliance you deploy. You configure and manage each appliance through the appliance management console. The login for the appliance management console is the IP address or DNS name of the appliance at port 9443. You log in using the root user and the password you specify during the deployment of the appliance. Each appliance has its own password.

WARNING:There is no way to reset or retrieve the root password. If you forget or lose the root password, your only option is to delete the appliance from the virtual environment and redeploy a new appliance.

Ensure that you have the correct network settings assigned to the appliances. If you deploy a component and want to change the network settings later, Secure API Manager does not see the changes to the network settings. The IP addresses and DNS names are stored in the Database Service component and on the file system stored on the NFS server.

If you must change the network settings on an appliance at a later time, you must delete the component from Secure API Manager, delete the appliance, then redeploy the appliance with the correct network settings.

Use the following worksheet to record your appliance login information.

Table 4-1 Worksheet for Appliance Login Information

Component

IP Address:Port

DNS Name:Port

Login Information

API Gateway

 

 

 

API Gateway cluster member

 

 

 

API Gateway cluster member

 

 

 

Analytics

 

 

 

Analytics cluster member

 

 

 

Analytics cluster member

 

 

 

Database Service

 

 

 

Database Service cluster member

 

 

 

Database Service cluster member

 

 

 

Lifecycle Manager

 

 

 

Lifecycle Manager cluster member

 

 

 

Lifecycle Manager cluster member

 

 

 

The extra lines in the worksheet are for clustering the different components. For more information, see Enabling High Availability and Load Balancing.