Adding and configuring resources

After you complete the installation and initial configuration, continue to prepare the deployment by configuring other network resources.

To finish preparing your deployment, you must complete several more configuration tasks. The following procedure suggests one possible sequence for completing further configuration, but you can configure network resources in any order.

You use the SafeLinx Administrator to configure and administer most resources. For more information about SafeLinx Administrator, see Using the SafeLinx Administrator.

  1. If you plan to use separate organizational units (OUs) to group your network resources, define the organizational hierarchy that you want to use. If you want, you can create a resource in one OU, such as Default Resources, and use SafeLinx Administrator to move it to a different OU later. For more information, see Organizational units.
  2. If you did not use the wizard to add a SafeLinx Server during the initial configuration, create a SafeLinx Server resource. For more information, see Defining a SafeLinx Server by using the SafeLinx Administrator.
  3. If you want to use HTTP access services, mobile access services, or messaging services, and did not add them during the initial configuration, add them now. For more information, see Adding HTTP access services, Adding a mobile access service, and Adding messaging services.
  4. To support mobile access services, you must add Mobile network connections (MNCs) and mobile network interfaces (MNIs). You can add multiple MNCs of the same type to support different network optimizations. For more information, see Adding a mobile network connection and Adding a mobile network interface.
  5. Configure a directory server to authenticate users. For more information, see Configuring a directory server.
    If you plan to support mobile access services only, and you do not want to use an external directory server, you can create local user accounts. For more information, see Adding users.
  6. Create authentication profiles and assign them to HTTP access services or connection profiles.

    By default, SafeLinx includes a System authentication profile, that uses the password field in a user's LDAP record to validate sessions. System authentication also includes an extension of lightweight third-party authentication (LTPA) and single sign-on (SSO) properties that can be enabled after the authentication. You can use the default System profile or add profiles to support other authentication methods, including RADIUS, certificate-based, and LDAP-bind.

    Authentication profiles can be chained together to form multiple methods of authenticating clients. For information about chaining authentication methods for HTTP access services, see Enabling authentication chaining between RADIUS and LDAP for HTTP access services. For information about chaining authentication methods for mobile access services, see Authentication profiles.
  7. To ensure privacy, set up TLS encryption between nodes in the deployment. For an overview of the different connections that you can secure, see Security options.
  8. Create groups so that you can manage resources jointly rather than separately. After you create a group, you can add specific resources to it, such as MNCs, clusters, broadcast user list, devices, DHCP users, packet-mapping or NAT, and filters. For more information, see Groups.
  9. To designate people to manage SafeLinx resources, add administrators. For more information, see Administrators.
  10. Set up clustering for SafeLinx Servers that support mobile access services only. Clustering is not supported for HTTP access services. For more information, see Cluster managers and Configuring cluster nodes.