Gateway Configuration Menu (Appliance)

To configure a single Gateway or the first processing node of a cluster, select option 2 (Display Layer 7 Gateway configuration menu) from the Gateway main menu. You are presented with the following options:

gateway91

The procedure described in this section is suitable for configuring a single stand-alone Gateway or to configure the first node of a cluster of Gateways after replication has been configured. If you are configuring a cluster of Gateways, be sure to read "Configure a Gateway Cluster" for instructions on setting up replication and configuring the processing nodes.

WARNING:
If you are configuring the first node of a cluster, ensure that the database layer has been properly configured for replication and tested. Replication is described in "Configuring Cluster Database Replication".

To configure a single Gateway or the first processing node of a cluster, select option 2
(Display Layer 7 Gateway configuration menu) from the Gateway main menu. You are presented with the following options:

This menu allows you to configure the Gateway application
What would you like to do?

1) Upgrade the Layer 7 Gateway database
2) Create a new Layer 7 Gateway database
3) Configure the Layer 7 Gateway
4) Change the Layer 7 Gateway cluster passphrase
5) Delete the Layer 7 Gateway
6) Display the current Layer 7 Gateway configuration
7) Manage Layer 7 Gateway status
8) Reset Admin password
X) Exit

Please make a selection: 1

Using the Embedded Database

When creating a new Gateway database, you have the option of configuring a connection to a MySQL database or using the built-in embedded (non-MySQL) database on the Gateway.

The embedded database is designed for environments where it is not possible to have a separate MySQL instance. For example, your security policy may forbid operating MySQL or any other network-accessible SQL database, even on localhost
.

The embedded database is also ideal for testing or evaluating the CA API Gateway, as it can be set up quickly, without relying on an external database.

Note the following limitations when an embedded database is in effect:

Multi-node clustering is not available -- the Gateway behave as a single-node cluster.

Service metrics are not available (see Gateway Dashboard
).

The Audit Archiver is not available (see FTP Audit Archiver).

The following table describes each menu option. When configuring a new stand-alone Gateway or first processing node of a Gateway cluster, you only need to use option 2
, Create a new Gateway database
.

Option	Description
1) Upgrade the Layer 7 Gateway database	Select this option to upgrade the Gateway database to the current software version. This is required only if you’ve installed a new version of the Gateway. If an upgrade is not required, you will be notified by a message on the screen.
2) Create a new Layer 7 Gateway database	Select this option to create a database for the first (or only) Gateway node in the cluster. When configuring a database connection, you are guide through the following steps: Set Up the Gateway Database Set Up the Gateway Failover Database Set Up the SSM Administrator Set Up the Gateway Cluster Set Up the Gateway Node Fewer prompts are displayed when using the embedded database. Once the new Gateway database is created, you can no longer use option 2 on that cluster. To modify the configuration afterwards or to add additional processing nodes, use option 3, Configure the Gateway . To delete the Gateway configuration and start over again, use option 5, Delete the Gateway .
2) Create a new Layer 7 Gateway database --> Database Connection	Enter yes to configure a connection to a MySQL database. This is the default. Enter no to use the embedded database (see “Using the Embedded Database”). The first prompt you see is “Set Up the SSM Administrator”.
2) Create a new Layer 7 Gateway database --> Set Up the Gateway Database (Only applies to MySQL database connections)	Enter information about the new MySQL database: Database Host: Enter the name of the database host. If the database is installed on the same server as the Gateway, you can press [Enter ] to accept localhost . If setting up the first node of a cluster, accept “localhost” as the primary database node. You can enter the secondary database node in the next step (“Set Up the Gateway Failover Database”). Database Port: Enter the port number or press [Enter ] to accept the default port 3306 . Database Name: Enter a distinct name to define the Gateway database name or press [Enter ] to accept the default name ssg Database Username: Enter the name of the user who has access to the database or press [Enter ] to accept the default name gateway Database Password: Define a password for the database user, then retype to confirm. You can also press [Enter] twice to accept the default password 7layer Administrative Database Username: Enter the username of the root MySQL user. The default user is root . Administrative Database Password: Enter the password for the root MySQL user.
2) Create a new Layer 7 Gateway database --> Set Up the Gateway Failover Database (Only applies to MySQL database connections)	For MySQL database connections, you can optionally configure a failover database. Configure Database Failover Connection: Enter yes to configure a database failover connection or press [Enter ] to enter “no” and skip to the next part of the configuration. Database Failover Host: Enter the host name of the machine that serves as a database failover. Database Failover Port: Enter the port number to use on the failover host, or press [Enter ] to accept the default port 3306 .
2) Create a new Layer 7 Gateway database --> Set Up the SSM Administrator	Create a Policy Manager administrative user account: SSM Username: Enter the name of the Policy Manager administrative user. SSM Password: Define a password for the administrative user, then retype to confirm. For information on logging in with these credentials, see “Connecting to the Gateway”.
2) Create a new Layer 7 Gateway database --> Set Up the Gateway Cluster	Enter the host name and password for the Gateway cluster. Note: A stand-alone Gateway or a Gateway with an embedded database is considered to be a “cluster” of one. Cluster Host: Enter the Gateway cluster fully qualified domain name (FQDN) used to identify the Gateway and to generate the SSL certificate. An example of a hostname: clusterhostname.mycompany.com . Cluster Passphrase: Enter a passphrase to protect the cluster, between 6-129 characters. Retype to confirm. If you need to change the cluster hostname, you cannot do it using this menu option once it has been set. Instead, perform these steps using the Policy Manager to change a cluster host name: Set the cluster property cluster.hostname to the new name of the host. Create a new private key using the Manage Private Keys task. Be sure to set this key as the default SSL key. For more information, see “Creating a Private Key” and “Private Key Properties”. Restart all nodes in the cluster for the new cluster host name to take effect.
2) Create a new Layer 7 Gateway database --> Set Up the Gateway Node	Set up the Gateway node: Enabled: Press [Enter] to enable the node, or enter no to leave the node disabled after configuration is complete. The configuration summary is displayed. Carefully review the settings and then press [Enter ] to confirm. To make corrections, enter << to return to the appropriate step in the wizard.
2) Create a new Layer 7 Gateway database --> Configuration Results	The configuration results show either: Success: Press [Enter] to return to the Configure Gateway menu. Enter X to exit the menu, and then enter R on the main menu to reboot the appliance. You may now start the Gateway. Errors encountered: Copy and paste the log messages from the command window into a text file. Analyze the errors and run the wizard again.
3) Configure the Layer 7 Gateway	Use this option to do one of the following: Edit the settings for a Gateway node that has already been configured. Add a new processing node to a cluster. Select which settings to change: Enter 1 to change the database connection. For details, see “Create a new Gateway database --> Database Connection” above. Enter 2 to change the database failover connection. For details, see “Create a new Gateway database --> Set Up the Gateway Failover Database” above. Enter 3 to change the password for the cluster. For details, see “Create a new Gateway database --> Set Up the Gateway Cluster” above. Enter 4 to change the node configuration. For details, see “Create a new Gateway database --> Set Up the Gateway Node” above. When this option is used to add a new processing node to a cluster, you are prompted to enter the following: Database Host Database Port Database Name Database Username Failover Database Host (optional) Failover Database Port (optional) Cluster Password For more information on each of these fields, see “Configuring Subsequent Gateway Processing Nodes”.
4) Change the Layer 7 Gateway cluster passphrase	Select this option to change the passphrase for the Gateway cluster. Type the existing password. Enter the new password, between 6 to 128 characters. Retype the password to confirm. IMPORTANT NOTE FOR SAFENET LUNA HSM: If the Gateway is using the SafeNet HSM device, you must disable support for the SafeNet HSM prior to changing the master passphrase, then re-enable support afterwards. For more information, see “Managing Keystore”.
5) Delete the Layer 7 Gateway	Select this option to delete the configuration for the Gateway node. If the node being deleted is also the host for the primary database, the database can be optionally deleted by entering database administration credentials. If the database is not deleted, you can reuse it at a later time by using option 3, Configure the Gateway . Deleting the configuration is permanent. All information in the database will be lost. Enter yes to proceed with the deletion.
6) Display the current Layer 7 Gateway configuration	Select this option to view the current Gateway configuration. The following information is displayed: Database hostname Database port Database name Database user name Whether the node is enabled
7) Manage Layer 7 Gateway status	Select this option to view the current Gateway status or to stop/restart the Gateway. The following information is displayed initially: Current status of the Gateway node, which is one of: STARTING – Node is starting up WONT_START – Node encountered an unrecoverable error when starting RUNNING – Node is running normally ABNORMAL_SHUTDOWN – Node shut down unexpectedly STOPPING – Node is stopping STOPPED – Node is stopped Current time stamp When the node was started Press [Enter ] to display options that allow you to: Stop the Gateway (if currently running) Start the Gateway (if currently stopped) Restart the Gateway You should always stop and restart the Gateway using these menu options or by using the command line equivalents (“service ssg stop” and “service ssg start” , or simply “service ssg restart” ). Never stop a Gateway by turning off the appliance or use the appliance power switch to restart the Gateway.
8) Reset Admin password	Use this option to change the password of the administrative user. Enter the name of the admin user and then enter the new password.

Configure the Appliance Gateway

Content feedback and comments

CA API Gateway 9.1

Gateway Configuration Menu (Appliance)