If the security policy of your company requires all corporate databases to reside on a secured network, you must create Directory gateways to allow the Security Center applications located outside the secured network to log on to the system.
Make sure that the Number of additional Directory servers supported by your Security Center license allows you to add the Directory gateways you need to create. The Directory gateways are counted as Directory servers in your Security Center license.
Before you begin
All Security Center applications (roles and client applications) must connect to a Directory server in order to log on to the system. All Directory servers must access the Directory database where the system configuration is stored. If the Directory database resides on a secured network, no applications located outside the secured network are allowed to access it. To avoid violating the security policy, you must create Directory gateways on the non-secured network.
What you should know
- From the Config Tool home page, open the System task, and click the Roles view.
- Select the Directory Manager () role, and then click the Directory servers tab.
At the bottom of the server list, click
An extra column, Gateway, opens in the list.
- At the bottom of the list, click Add an item ().
- In the dialog box that opens, select the server you want to add, and click Add.
- Add more servers to the list if necessary.
Select the Gateway option on servers you want to use as
A Directory gateway must be located on the non-secured network. It does not need to access the Directory database, but it needs to connect to the main server. The following example shows a system with two Directory servers, one of which is the main server, and two Directory gateways.NOTE:
- Load balancing only occurs between Directory servers. A user trying to connect to a Directory gateway will not be redirected to a Directory server, and vice versa.
- The Disaster recovery option only applies to Directory servers, not to Gateways.
- Update your license to include the servers that you have just promoted to Directory gateways.
- Click Apply.
If you have client workstations that are forced to connect to a specific Directory, update their settings so they connect to one of the Directory gateways instead.