Before you install the Sentinel Authentication Gateway, you need to download the SDK package.

There are three possible installation methods for Sentinel Authentication Gateway:

  1. Install the Sentinel Authentication Gateway in the same Rhino as an existing Sentinel-VoLTE installation.

  2. Use the Sentinel Authentication Gateway SDK package to download and install Rhino and the Sentinel Authentication Gateway.

  3. Install and configure Rhino and the JVM manually, then use the SDK package to deploy the Sentinel Authentication Gateway into your Rhino.

Existing Sentinel-VoLTE installation

Check the Sentinel Authentication Gateway Compatibility Guide to make sure your existing Sentinel-VoLTE installation meets the product dependencies for Sentinel Authentication Gateway.

For this option, your existing Sentinel-VoLTE license in Rhino can be used.

Standalone Sentinel Authentication Gateway installations

For options 2 and 3, you need to download the required software and get a license.

Using the SDK package to install both the Rhino SDK and Sentinel Authentication Gateway software is recommended for functional testing or experimentation with Sentinel Authentication Gateway. For production installs and/or load testing it is recommended to manually install and configure Rhino and the JVM.

Cassandra Database

A Cassandra Database is required for a Sentinel Authentication Gateway installation. Cassandra needs to be Installed and Configured with the opencloud_gaa_bootstrap_info keyspace.

Download the Sentinel Authentication Gateway SDK package

To get the latest Sentinel Authentication Gateway SDK package go to https://repo.opencloud.com/artifactory/opencloud-sentinel-gaa-3.1.0/opencloud/sentinel-gaa/3.1.0/sentinel-gaa-sdk/. Choose the version with the highest release number. The current version is sentinel-gaa-sdk-3.1.0.3.zip.

Note You will need OpenCloud-supplied credentials to download the package.

Get required software

Warning Check the Sentinel Authentication Gateway Compatibility Guide for supported versions before installing any software.

You’ll need the following software to run Sentinel Authentication Gateway:

Software Download from…​

Optional - to be used when installing and configuring Rhino manually

Install and configure Rhino and the JVM

Optionally you can install and configure Rhino and the JVM for use with Sentinel Authentication Gateway. This is recommended for production deployments, and clustered setups.

Alternatively for Proof of Concept and lab functional testing it is recommended to use the SDK as described in Installing the BSF Server

Install Rhino

1

Start by choosing a location to extract the contents of the Rhino package.

We’ll refer to this directory as RHINO_HOME.

2

Rhino must be started at least once to generate the necessary configuration files. To start Rhino, in the RHINO_HOME directory, execute:

start-rhino.sh

(or start-rhino.bat on Microsoft Windows).

3

Wait until Rhino is ready. It prints the following message in its log when ready:

SLEE successfully started on node(s) [101]

4

Stop Rhino by executing in the RHINO_HOME directory:

stop-rhino.sh --nice
Tip For more about installing and configuring the Rhino TAS, please see the Rhino Documentation.

Configure Rhino and the JVM

Configure the Java Garbage Collector for improved performance

To improve the performance of the Java GC, add -XX:+ParallelRefProcEnabled to the GCOPTIONS variable in $RHINO_HOME/etc/defaults/read-config-variables.

For example:

GCOPTIONS="\
    -XX:+UseParNewGC \
    -XX:MaxNewSize=${MAX_NEW_SIZE} -XX:NewSize=${NEW_SIZE} \
    -XX:MaxPermSize=256m -XX:PermSize=256m \
    -Xms${HEAP_SIZE} -Xmx${HEAP_SIZE} \
    -XX:SurvivorRatio=128 \
    -XX:MaxTenuringThreshold=0 \
    -Dsun.rmi.dgc.server.gcInterval=0x7FFFFFFFFFFFFFFE \
    -Dsun.rmi.dgc.client.gcInterval=0x7FFFFFFFFFFFFFFE \
    -XX:+UseTLAB \
    -XX:+DisableExplicitGC \
    -XX:+ParallelRefProcEnabled \
    ${VERBOSEGC} \
    ${CMSOPTIONS}"

Deploying Sentinel Authentication Gateway from a different host

If you want to install Sentinel Authentication Gateway in top of an already running Rhino, and you are deploying Sentinel Authentication Gateway from a different host to your Rhino host, then you’ll need to set the socket permissions.

You do this by adding the host’s address to Rhino’s mlet configuration file — which is RHINO_HOME/config/mlet.conf for RhinoSDK or RHINO_HOME/node-xxx/config/permachine-mlet.conf for Rhino Production, where xxx is the Rhino node ID.

In the configuration file, look for the XML tag <security-permission-spec> and add the following entry, replacing IP_ADDRESS with your installer’s IP address:

<mlets>
    <mlet enabled="true">
        <classpath>
            <jar-url>$${rhino.dir.base.url}/lib/jmxr-adaptor.jar</jar-url>
            <security-permission-spec>
        .... other entries

        permission java.net.SocketPermission "IP_ADDRESS", "accept,resolve";

        .... other entries
        </security-permission-spec>
        </classpath>
    </mlet>
</mlets>
Important
Start Rhino to load the new configuration

To start Rhino, in the RHINO_HOME directory run start-rhino.sh (or start-rhino.bat on Microsoft Windows).

This applies the Rhino and JVM configuration.

Get a license

Warning To install the Sentinel Authentication Gateway you need a license to run Sentinel Authentication Gateway from OpenCloud.

To install your license file:

1

Make sure Rhino is started and running.

2

Go to the RHINO_HOME/client/bin directory.

3

In this directory, start the Rhino Console with the rhino-console script (or rhino-console.bat in Microsoft Windows).

4

In the Rhino Console, execute this command:

installlicense [PATH_TO_LICENSE_FILE]

([PATH_TO_LICENSE_FILE] should be relative to the RHINO_HOME/client/bin directory.)

Ports

If you’re using the standard configuration, the following ports need to be open on the Sentinel Authentication Gateway TAS host’s firewall.

Port Purpose
80

BSF HTTP traffic (Ub interface)

8001

BSF HTTPS traffic (Ub interface)

8080

REM GUI

8443

NAF HTTPS traffic (Ua interface)

1199-1203

Java RMI access

If you’re using another configuration, the firewall should be configured for the non-standard ports. Other ports may be opened as needed. For example, if ssh is used to administer a node, then port 22 would be opened.

Previous page Next page