Tasks
nevisAdmin supports three main tasks:
- InfrastructureRepresents the inventory of all involved components, such as servers and instances (of nevisProxy, nevisAuth, nevisIDM, etc.), as well as the web servers hosting the applications and other services involved within the web access platform, such as LDAP or RADIUS servers.
- ConfigurationThe configuration section includes two different types of components.
- The applications define the web applications which shall become available to the Internet or intranet. Each application is assigned to the corresponding nevisProxy instances which shall be used by the end user to access the application servers which provide the application's content.
- The resource component defines the configuration patterns which are used to secure and integrate the applications into the Nevis access control infrastructure. Resources are assigned to each application to provide the necessary configuration attributes.
- Operation All configuration changes are applied by operational tasks. The operation view also provides the monitoring and control (stop/start/create/...) commands.
Workflow
Configuration of the Nevis components requires the following steps:
Enter your available infrastructure:
Open the infrastructure view and start adding the servers and instances you want to use.
- The "Zones" represent networks zones, e.g., your DMZ or the network zone where your application servers are located.
- Open the new zone and add the servers which are located within the zone. Use the server's host name when creating these objects.
- Each server hosts one or multiple instances. An instance is a software component running on the server, e.g., a nevisProxy instance, a nevisAuth instance or your Apache or IIS web server.
- The child objects of an instance are services. A service is used to bind the configured connectors to an interface using the host name and port number defined within the connector.
Configure your applications:
As soon as you have created your inventory, you may start to configure applications.
- Environments are used to store different versions of an application, e.g., an application may exist within the test environment on the one hand and within a production environment on the other.
- Add your applications within an environment and choose the nevisProxy instances which are used by the clients to access them from either the Internet or Intranet.
- Each application uses one or multiple path mappings (URL namespace). Add the path used by the client to access the application and select the application servers to which HTTP requests on these URL paths shall be forwarded. You may also add resources (filters or an SSO realm) to an application. You may create new resources within the environment as well. These resources will be available to all applications within the environment.
noteA specific instance of a Nevis component must not be used in more than one environment.
Create the configuration:
After configuring the infrastructure and environment, you may switch to the operational tasks and create a configuration snapshot for all involved applications and servers by committing your changes.
Deploy the configuration:
A committed configuration snapshot may be deployed to the instances which need configuration changes.
Migration to another environment
If the configuration has been successfully tested, you may want to migrate your settings to another environment, e.g., from a test environment to a production environment.
Copy an application:
Migrating an application and its configuration is done by copying the application and choosing the destination environment (the "copy application" function can be found at the bottom of the application view within the configuration tab).
The copy operation transfers all mappings and their resources used by the application (settings such as filters or realms) to the destination environment. If the application or resource does already exist, the objects are merged and take over the configuration of the source environment. References to infrastructure components, e.g., to services such as nevisProxy, nevisAuth or web servers, are not changed while an application is copied. They are managed for each environment in
You can either perform the copy operation within the very same nevisAdmin instance or from one nevisAdmin instance to another using the "export" and "import" functionality of nevisAdmin. We advise against importing applications created by a newer version of nevisAdmin than the instance of nevisAdmin you are importing to, because the import file may contain objects which are not known by older versions of nevisAdmin.
You might want to rollback a change. If you want to do so, you can export the application of the destination environment and archive the file before copying/importing the new configuration. This allows you to re-import the previous configuration if it should become necessary.