You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 78 Current »

Indeed PAM Core can work as the part of an Active-Active failover cluster. Failover requires one or several additional Indeed PAM Core servers. Load balancing is performed using the HAProxy load balancer. To configure a fault-tolerant configuration, you must contact technical support support@indeed-id.com

IIS

  1. Run IIS and switch to Default Web Site
  2. Select the api application and open the Configuration Editor from Management section
  3. Open the Section: drop-down list and select system.webServer - serverRuntime item
  4. Set the uploadReadAheadSize parameter to value of 1048576
  5. Click Apply in Actions section

Indeed PAM Core

All URLs are specified in lowercase.

Switch to C:\inetpub\wwwroot\api folder and edit web.config file:

<logServer … />

  • Url - API URL for the uniform event log
<logServer Url="http://logserver.indeed-id.local/ils/api" CertificateThumbprint="" CertificateFilePath="" CertificateFilePassword="" />

<logServerClient … />:

  • EventCacheDirectory - a temporary folder for event writing
<logServerClient AppId="pam" Component="server" EventCacheDirectory="C:\Temp\ILS\Core\EventCacheDirectory" LogServerTargetConfigFile="" EventCacheSendingIntervalSec="10"/>

<encryptionSettings ... />:

  • cryptoAlgName - is the name of encryption algorithm
  • cryptoKey - is encryption key

The encryption key is generated by the IndeedPAM.KeyGen.exe utility, which is the part of the Indeed PAM distribution and is located in the /Misc directory.

<encryptionSettings cryptoAlgName="DES" cryptoKey="ea06v76ht457t2l8" />

<adUserCatalogProvider ... >:

  • serverName - is the DNS name of Domain Controller that performs Global Catalog function
  • containerPath - is the LDAP path to container or unit to be used as Active Directory user directory
  • userName - service account for working with Active Directory user directory
  • Password - service account password
<adUserCatalogProvider id="ad" serverName="dc.indeed-id.local" containerPath="OU=organization unit,DC=indeed-id,DC=local" userName="IPAMManager" password="password">


<connectionStrings> ... </connectionStrings>:

  1. <add name="DBConnection" ... />:
    • Data Source - Microsoft SQL Server Name or Instance Name
    • Initial Catalog - database Name (IPAMCore)
    • User ID - service account to use with Indeed PAM databases
    • Password - service account password
  2. <add name="JobsQueueConnectionString" ... />:
    • Data Source - Microsoft SQL Server Name or Instance Name
    • Initial Catalog - database Name (IPAMTasks)
    • User ID - service account to use with Indeed PAM databases
    • Password - service account password
<connectionStrings>
	<add name="DBConnection" connectionString="Data Source=MSSQLServer;Initial Catalog=IPAMCore;Integrated Security=False;User ID=IPAMSQLService;Password=password" providerName="System.Data.SqlClient" />
	<add name="JobsQueueConnectionString" connectionString="Data Source=MSSQLServer;Initial Catalog=IPAMTasks;Integrated Security=False;User ID=IPAMSQLService;Password=password" providerName="System.Data.SqlClient" />
</connectionStrings>

If using a Named Instance of Microsoft SQL Server, the value of the Data Source parameter must be specified in the <Server Name>\<Named instance> format.

<connectionStrings>
	<add name="DBConnection" connectionString="Data Source=MSSQLServer\Named instance; ... "/>
	<add name="JobsQueueConnectionString" connectionString="Data Source=MSSQLServer\Named instance; ... "/>
</connectionStrings>

<add key="IdpUrl" ... />:

  • value - URL Indeed PAM IdP
<add key="IdpUrl" value="https://pam.indeed-id.local/idp"/>


<add key="PamProxyIpAddresses" … />:

  • value - Indeed PAM Gateway server IP address
<add key="PamProxyIpAddresses" value="192.168.0.100" />


  • No labels