Before you install the Sentinel Authentication Gateway, you need to download the SDK package.
There are three possible installation methods for Sentinel Authentication Gateway:
-
Install the Sentinel Authentication Gateway in the same Rhino as an existing Sentinel-VoLTE installation.
-
Use the Sentinel Authentication Gateway SDK package to download and install Rhino and the Sentinel Authentication Gateway.
-
Install and configure Rhino and the JVM manually, then use the SDK package to deploy the Sentinel Authentication Gateway into your Rhino.
Existing Sentinel-VoLTE installation
Check the Sentinel Authentication Gateway Compatibility Guide to make sure your existing Sentinel-VoLTE installation meets the product dependencies for Sentinel Authentication Gateway.
For this option, your existing Sentinel-VoLTE license in Rhino can be used.
Standalone Sentinel Authentication Gateway installations
For options 2 and 3, you need to download the required software and get a license.
Using the SDK package to install both the Rhino SDK and Sentinel Authentication Gateway software is recommended for functional testing or experimentation with Sentinel Authentication Gateway. For production installs and/or load testing it is recommended to manually install and configure Rhino and the JVM.
Cassandra Database
A Cassandra Database is required for a Sentinel Authentication Gateway installation. Cassandra needs to be Installed and Configured with the opencloud_gaa_bootstrap_info
keyspace.
Download the Sentinel Authentication Gateway SDK package
To get the latest Sentinel Authentication Gateway SDK package go to https://repo.opencloud.com/artifactory/opencloud-sentinel-gaa-3.0.0/opencloud/sentinel-gaa/3.0.0/sentinel-gaa-sdk/.
Choose the version with the highest release number.
The current version is sentinel-gaa-sdk-3.0.0.3.zip
.
You will need OpenCloud-supplied credentials to download the package. |
Get required software
Check the Sentinel Authentication Gateway Compatibility Guide for supported versions before installing any software. |
You’ll need the following software to run Sentinel Authentication Gateway:
Software | Download from… |
---|---|
Optional - to be used when installing and configuring Rhino manually |
|
Install and configure Rhino and the JVM
Optionally you can install and configure Rhino and the JVM for use with Sentinel Authentication Gateway. This is recommended for production deployments, and clustered setups.
Alternatively for Proof of Concept and lab functional testing it is recommended to use the SDK as described in Installing the BSF Server
Install Rhino
1 |
Start by choosing a location to extract the contents of the Rhino package. We’ll refer to this directory as |
---|---|
2 |
Rhino must be started at least once to generate the necessary configuration files. To start Rhino, in the start-rhino.sh (or |
3 |
Wait until Rhino is ready. It prints the following message in its log when ready: SLEE successfully started on node(s) [101] |
4 |
Stop Rhino by executing in the stop-rhino.sh --nice |
For more about installing and configuring the Rhino TAS, please see the Rhino Documentation. |
Configure Rhino and the JVM
Configure the Java Garbage Collector for improved performance
To improve the performance of the Java GC, add -XX:+ParallelRefProcEnabled
to the GCOPTIONS
variable in $RHINO_HOME/etc/defaults/read-config-variables
.
For example:
GCOPTIONS="\ -XX:+UseParNewGC \ -XX:MaxNewSize=${MAX_NEW_SIZE} -XX:NewSize=${NEW_SIZE} \ -XX:MaxPermSize=256m -XX:PermSize=256m \ -Xms${HEAP_SIZE} -Xmx${HEAP_SIZE} \ -XX:SurvivorRatio=128 \ -XX:MaxTenuringThreshold=0 \ -Dsun.rmi.dgc.server.gcInterval=0x7FFFFFFFFFFFFFFE \ -Dsun.rmi.dgc.client.gcInterval=0x7FFFFFFFFFFFFFFE \ -XX:+UseTLAB \ -XX:+DisableExplicitGC \ -XX:+ParallelRefProcEnabled \ ${VERBOSEGC} \ ${CMSOPTIONS}"
Deploying Sentinel Authentication Gateway from a different host
If you want to install Sentinel Authentication Gateway in top of an already running Rhino, and you are deploying Sentinel Authentication Gateway from a different host to your Rhino host, then you’ll need to set the socket permissions.
You do this by adding the host’s address to Rhino’s mlet configuration file — which is RHINO_HOME/config/mlet.conf
for RhinoSDK or RHINO_HOME/node-xxx/config/permachine-mlet.conf
for Rhino Production, where xxx
is the Rhino node ID.
In the configuration file, look for the XML tag <security-permission-spec>
and add the following entry, replacing IP_ADDRESS
with your installer’s IP address:
<mlets>
<mlet enabled="true">
<classpath>
<jar-url>$${rhino.dir.base.url}/lib/jmxr-adaptor.jar</jar-url>
<security-permission-spec>
.... other entries
permission java.net.SocketPermission "IP_ADDRESS", "accept,resolve";
.... other entries
</security-permission-spec>
</classpath>
</mlet>
</mlets>
Start Rhino to load the new configuration
To start Rhino, in the This applies the Rhino and JVM configuration. |
Get a license
To install the Sentinel Authentication Gateway you need a license to run Sentinel Authentication Gateway from OpenCloud. |
To install your license file:
1 |
Make sure Rhino is started and running. |
---|---|
2 |
Go to the |
3 |
In this directory, start the Rhino Console with the |
4 |
In the Rhino Console, execute this command: installlicense [PATH_TO_LICENSE_FILE] ( |
Ports
If you’re using the standard configuration, the following ports need to be open on the Sentinel Authentication Gateway TAS host’s firewall.
Port | Purpose |
---|---|
80 |
BSF HTTP traffic (Ub interface) |
8001 |
BSF HTTPS traffic (Ub interface) |
8080 |
REM GUI |
8443 |
NAF HTTPS traffic (Ua interface) |
1199-1203 |
Java RMI access |
If you’re using another configuration, the firewall should be configured for the non-standard ports. Other ports may be opened as needed. For example, if ssh is used to administer a node, then port 22 would be opened.