Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Minor

This articles describes the access point in Nexus Smart ID Digital Access component (Hybrid Access Gateway) and also how to add and configure an access point.

What is the access point?

Excerpt
The access point is the gatekeeper for all resource and access requests. It interacts with the policy service to validate queries and authorize access. You can set up several access points, to handle situations with large numbers of access requests (load balancing).

The access point functionality can be divided into web access and access via the Digital Access Client.

  • The web access supports a secure connection to information that is presented in HTML format in standard web browsers.
  • By using the access client, secure access is enabled from more advanced TCP/IP clients such as Telnet. For more information, see Digital Access Client.
Note

A first access point was added during setup of the Hybrid Access Gateway system, see Deploy Hybrid Access Gateway and do initial setup. To change this setting or to add another access point, use the instructions on this page.

How does the access point function?

  • Users can connect to the access point through any standard browser supporting SSL 3.0.
  • The access points can operate in any network that supports TCP/IP with ports open for both HTTP and SSL. OpenSSL algorithms are supported, with no limitation of key lengths.
  • The access point supports a number of authentication methods used to identify and verify identification of users.

  • Advanced access control is implemented in the access point. The access control is performed in conjunction with a firewall and the access control in internal systems.

  • The access points provide for validation of digital signatures when integrated with a Public Key Infrastructure (PKI) solution.
  • The session to the client is handled by the use of cookies. Cookies generated from internal systems are never passed on from the access point to the client.

Prerequisites

Expand
titlePrerequisites for load balancing

The user must add multiple access points and add Load balancing listener in order to configure mirroring of access points in Configure Load Balancing page.

To add load balancing listener:

  1. Go to each registered access point and click Add Additional Listener...
  2. Enter details and select Type as "Load Balance".
  3. Click Add when done.

Step-by-step instruction

Expand
titleLog in to Hybrid Access Gateway administration interface
  1.  Log in to the Hybrid Access Gateway administration interface with your admin user.


Expand
titleAdd access point
  1. In the Hybrid Access Gateway administration interface, go to Manage System.
  2. Click Access Points > Add Access Point...
  3. Enter settings for the access point. For more information, click the ?-sign.
  4. When finished, click Add.


Expand
titleSet up and configure an access point
  1. In the Hybrid Access Gateway administration interface, go to Manage System.
  2. Click Access Points.
  3. Select the access point that you want to configure in the list of registered access points.
  4. Edit the settings for the access point. For more information, click the ?-sign.
  5. Click Save when done.


Expand
titleEdit global access point settings
  1. In the Hybrid Access Gateway administration interface, go to Manage System.
  2. Click Access Points > Manage Global Access Point Settings.
  3. Enter settings for Performance, Cipher Suites (see below), and make advanced settings, for example, Session Control, Cookie Persistance and Client Access.
  4. Click Save when done.

Anchor
ciphersuites
ciphersuites

Expand
titleCheck supported cipher suites
  1. In the Hybrid Access Gateway administration interface, go to Manage system > Access Point.
  2. Click Manage Global Access Points Settings and select the Cipher Suites tab.
  3. Make sure that these cipher suites are in the list of supported cipher suites, or else add them to the list:
    ECDHE_RSA_AES_128_CBC_SHA
    ECDHE_RSA_AES_128_CBC_SHA256
    ECDHE_RSA_AES_128_GCM_SHA256
    ECDHE_RSA_AES_256_CBC_SHA
    ECDHE_RSA_AES_256_CBC_SHA384
    ECDHE_RSA_AES_256_GCM_SHA384
    RSA_AES_128_GCM_SHA256
    RSA_AES_256_GCM_SHA384
  4. Click Save.


Expand
titleConfigure load balancing
  1. In the Hybrid Access Gateway administration interface, go to Manage System.
  2. Click Access Points > Configure Load Balancing...
  3. Enter settings for load balancing. For more information, click the ?-sign.
  4. For Mirrored Access Points, select any two access points to be mirrored along with load balancing listener.
  5. Click Save when done.