AppGate Console is a separate program which must either be installed on the client machine, or started via Java Web Start. It can be installed from the AppGate USB or from the web server built into the AppGate server.
AppGate console contains its own built in AppGate client which it will use to connect to the AppGate server. The console can also use a local port forward on port 2076 if one exists, but note that some features are not available if the built in client is not used.
Please note that the server version must match the console version. An error dialog will appear if the versions are incompatible.
All authorization data is stored in a database on the
AppGate server. However, updating this database is a potentially heavy
operation, therefore AppGate Console works with an intermediate
copy which is managed by ag_sdbadmind. This
daemon verifies all changes and handles locking when multiple
administrators are active at the same time.
ag_sdbadmind writes the new database to disk and
notifies ag_sdbd that changes to the database have
occurred.
Multiple administrators may work on the AppGate server concurrently. Objects are locked whenever an administrator starts to modify them and the lock is released when the administrator presses 'Save' or 'Reset', or exits the AppGate Console. Administrators will be notified when they try to change a locked object.
As mentioned above, the administrator works on an intermediate copy of the database. This means that changes made do not take effect immediately, but they are visible to other administrators as soon as they have been saved. There are three different ways the changes can be activated:
Observe that all changes all administrators have done to the database are activated when any of these events happen.
The tree view on the left side lets the administrator easily navigate between the different parts of the console. Many of the nodes in the tree are static but not all of them.
The nodes under "Role" reflects the current database and will change when the database is changed. It is also possible to change the database by rearranging the nodes. Services, folder and components can be dragged and dropped. A normal drag and drop moves the object.
If the control key is pressed while dropping an object the original is left in place and the destination will just get a reference to the original object. This means that the same object will be used from more than one place in the tree and any changes made to it will affect all places where it is used. This is indicated by a small red cross in the upper left corner of the icon in the tree.
Right-clicking on an object in the tree may bring up a context menu. The contents of this menu depends on what kind of object was pressed, but it usually allows the administrator to create a clone of the object, or to destroy it.
In the console, the cluster name is listed in the tree in the left pane as the very first entry. If the cluster name is selected, a summary of the cluster status will be displayed in the right pane. The first section contains 'AppGate cluster information'. The following information is provided in this section:
Software version: the version of the AppGate server currently installed on the system or cluster.
Total active sessions: number of sessions currently active for the entire cluster. Included in this number are sessions for each user currently connected to the cluster, as well as a session for the connection of each server in the cluster to some other server in the cluster. For instance, in a four machine cluster, there will be six sessions when the machines connect to each another. Every machine has to have a connection to every other machine. This number may be used when analyzing load balancing of multiple gateways in a cluster, as well as the user login count in the cluster.
License usage: percentage of the total licenses for the cluster currently in use.
The next statement gives a general overview of the cluster status. If the installation consists of only one server, the status of that server will be shown. If it is a cluster, the status is that of the entire cluster. There are three possible conditions to the status. They are:
GREEN:system is running in the 'Normal' range of all defined thresholds, and all daemons are up and running.
YELLOW: one or more of the 'Warning' level(s) defined for a threshold has been met. Administrator intervention is advised.
RED: one or more of the 'critical' level(s) defined for a threshold has been met OR one or more daemons have stopped responding. A red condition can also be caused if the master machine in a cluster cannot communicate with another machine in the same cluster. This could stem from a network failure, a hardware failure, or a number of other factors. Administrator intervention is required!
The next section shows an icon for each system in the AppGate cluster, and its function. The three functions for AppGate servers are database server, gateway, and log server. If a cluster has been set up where each system serves a separate function, they will be depicted that way. Clicking on any of the icons will open a detailed status screen covering that system (also located under Monitor & Status). This screen will show why a system has yellow or red status.
The next section tells how this console is connected to the cluster. This section might also contain buttons to control the roaming feature. If the console is using the embedded client and the server is at least of version 6.3, you might be able to use roaming.
Shutdown cluster: at the bottom of the screen, there is a button to shut down the cluster. From here, the administrator may choose to either reboot the cluster or power it down. Select one of the radio buttons and click on 'OK'. A confirmation dialog box will appear. If the shutdown is confirmed, then the ENTIRE AppGate cluster will be shut down or rebooted. All connections will be lost if this command is issued. Exercise extreme caution when issuing this command!
All defined server commands (see Section 4.6.8, “Server command”) can be started directly from this panel. Predefined commands are 'siteinfo', which shows information about the system, and 'terminal', which opens a terminal window on the AppGate server. Clicking on the 'Run' button of a command starts it.