CloudGate Key Manager can be installed from an AMI that is available on the AWS Marketplace.
Operating system and installed packages
The
CloudGate Key Manager AMI is based on the
Amazon Linux API, and has the following additional packages installed:
java-1.8.0-openjdk
andjava-1.8.0-openjdk-devel
: CloudGate Key Manager is a Java application and requires a Java 8 runtime environment. These packages constitute an upgrade to the Java 7 OpenJDK packages that are installed by default on Amazon Linux.upstart
: CloudGate Key Manager uses theupstart
initialization daemon to start the application upon starting the instance. The CloudGate Key Managerupstart
configuration can be found in the /etc/init/cgkm.conf file.
Operating system accounts
The CloudGate Key Manager AMI has the same user accounts as the underlying Amazon Linux distribution. In particular, the system user account is ec2-user
, as it is on Amazon Linux.
In addition, a new ckgm
user that will run the CloudGate Key Manager software is added.
CloudGate Key Manager software
CloudGate Key Manager is installed in the
/opt/cgkm directory. The layout of that directory looks as follows:
Path | Description |
---|---|
cloudgate-key-manager-all.jar | The main CloudGate Key Manager application that will load the web applications listed below |
cloudgate-key-manager-web-admin.war | The CloudGate Key Manager Admin application, aimed at CloudGate Key Manager administrators |
cloudgate-key-manager-web-pdp.war | The CloudGate Key Manager Policy Decision Point application, accessed by server instances to determine whether a given user should be allowed to log in through SSH |
cloudgate-key-manager-web-scim.war | The CloudGate Key Manager SCIM Server application, accessed by SCIM-compliant identity providers to provide user and group information |
cloudgate-key-manager-web-services.war | The CloudGate Key Manager Services application, containing back-end services |
cloudgate-key-manager-web-user.war | The CloudGate Key Manager application, aimed at CloudGate Key Manager users |
init.sh | The CloudGate Key Manager initialization script, used for first-time setup |
run.sh | The CloudGate Key Manager execution script, used to run the application |
config/cloudgate-key-manager.properties | The CloudGate Key Manager configuration file |
config/web-admin-saml.xml | The CloudGate Key Manager Admin SAML configuration file, used to set up SAML-based single sign-on between CloudGate Key Manager Admin and the identity provder |
config/web-user-saml.xml | The CloudGate Key Manager SAML configuration file, used to set up SAML-based single sign-on between CloudGate Key Manager and the identity provder |
logs | The CloudGate Key Manager log files, where the current log file is named server.log, and logs are rotated on a daily basis |
work | The CloudGate Key Manager work directory; in case you are using the embedded database, this will contain the database files |
Note: Some directories and files in the above structure will only be created when
CloudGate Key Manager is first executed.
Comments
0 comments
Please sign in to leave a comment.