Installation and Upgrade Guides › Policy Server Installation Guide › Installing the Administrative UI › Policy Server Preparation for the Web Agent Installation

Policy Server Preparation for the Web Agent Installation

Before you install a Web Agent, you must have:

• Installed the Policy Server.
• Configured a policy/key store to communicate with the Policy Server.
• Installed and registered the Administrative UI.
• Confirmed that the Policy Server can communicate with the system on which you will install the Web Agent.

Before you can register a trusted host at the Web Agent site, the following objects must be configured in the Administrative UI.

Note: For more information about configuring each of the following objects, see the Policy Server Configuration Guide.

To centrally manage Agents, configure the following using the Administrative UI:

• A CA SiteMinder® Administrator that has the right to register trusted hosts—A trusted host is a client computer where one or more CA SiteMinder® Web Agents are installed. The term trusted host refers to the physical system. There must be an administrator with the permission to register trusted hosts. The default CA SiteMinder® administrator has this permission.
• Agent identity—An Agent identity establishes a mapping between the name and the IP address of the web server instance hosting a Web Agent. You define an Agent identity from the Agents object in the Administrative UI. You assign the Agent identity a name and specify the Agent type as a Web Agent.

  Note: The name you assign for the Agent is the same name you specify in the DefaultAgentName parameter for the Agent Configuration Object.

• Host Configuration Object—A host configuration object defines the communication between the trusted host and the Policy Server after the initial connection between the two is made.

  Do not confuse the host configuration object with the trusted host configuration file, SmHost.conf, which is installed at the trusted host after a successful host registration. The settings in the SmHost.conf file let the host connect to a Policy Server for the first connection only. Subsequent connections are governed by the host configuration object.

• Agent Configuration Object—An Agent configuration object includes the parameters that define the Web Agent configuration. There are a few required parameters you are required to set for the basic operation described below.

  Note: For more information about Agent parameters, see the Web Agent Configuration Guide.

  • For all Agents—The Agent Configuration Object must include a value for the DefaultAgentName. The DefaultAgentName must match the Agent identity name you specified in the Agents object. The DefaultAgentName identifies the Agent identity that the Web Agent uses when it detects an IP address on its web server that does not have an Agent identity assigned to it.
  • For Domino Web Agents—The Agent Configuration Object must include values for the following parameters:
    • DominoDefaultUser—If the user is not in the Domino Directory, and they have been authenticated by CA SiteMinder® against another user directory, this is the name by which the Domino web agent identifies that user to the Domino server. The DominoDefaultUser value can be encrypted.
    • DominoSuperUser—Ensures that all users successfully logged into CA SiteMinder® are logged into Domino as the DominoSuperUser. The DominoSuperUser value can be encrypted.
  • For IIS Web Agents—The Agent Configuration Object must include values for the DefaultUserName and DefaultPassword parameters. The DefaultUserName and DefaultPassword identify an existing Windows account that has sufficient privileges to access resources on an IIS web server protected by CA SiteMinder®. When users need to access resources on an IIS web server protected by CA SiteMinder®, they may not have the necessary server access privileges. The Web Agent must use the Windows account, which is previously assigned by an administrator, to act as a proxy user account for users granted access by CA SiteMinder®.

  Note: If you plan to use the NTLM authentication scheme, or enable the Windows User Security Context feature, do not specify values for these IIS Web Agent parameters.