Deploy Access Gateway
Deployment is the process of downloading and installing the Access Gateway Virtual application. Access Gateway is usually deployed using an architecture similar to that shown in the following diagram. However, the use of high availability is not required. Access Gateway instances must be hosted in a virtual environment.
Prerequisites
- Review this topic: Access Gateway deployment prerequisites.
- Verify that Access Gateway is resolvable using DNS and is required to have a hostname assigned in DNS.
- Verify that Access Gateway can use a static IP Address. Access Gateway doesn't support using DHCP for its static IP address.
- Verify that a DNS Server and DNS Hostname (fully qualified domain name) are available to Access Gateway. Access Gateway must be resolvable using a DNS solution that end users
leverage. If end users originate from the internet, the Access Gateway solution must be publicly resolvable. Okta recommends that you use split DNS so that internal users connect to an internal IP
address and external users connect to a public IP address.
The fully qualified domain names for all applications integrated with the Access Gateway must be resolvable in DNS.
Deploy to VMWare vSphere
Access Gateway can be deployed to any of the environments described in the Supported deployment environments list. The following sections demonstrate how to deploy Access Gateway to VMware vSphere.
Download the latest OVA image
- Sign in to your Okta Org as an admin.
- Download the Okta Access Gateway image from the page.
- When prompted save the OVA file to an appropriate location.
Deploy the OVA file to VMWare vSphere/ESXi
See Deploy the Access Gateway OVA file to VMware vSphere and ESXi for instructions.
Perform required post-deployment configuration tasks
|
Task |
Description |
|---|---|
| Reset Access Gateway and verify its configuration | Initialize Access Gateway after its first boot. |
| Set the Access Gateway instance hostname | Set a hostname for Access Gateway. |
| Optional. Set the Access Gateway instance IP address | Configure a fixed IP address for Access Gateway. |
| Optional. Set Access Gateway DNS servers | Configure Access Gateway to use a split DNS process where multiple DNS servers are used. |
| Optional. Set an Access Gateway proxy server | Configure Access Gateway to be used with a proxy server. |
| Determine the Access Gateway IP address |
Determine the Access Gateway IP address for non-AWS instances. Configure the required admin entry in the local hosts file. Configure the required DNS entries. |
| Initialize the Access Gateway Admin UI console | Initialize the cookie domain and instance hostname. |
| Configure an Identity Provider in Access Gateway | Configure an Okta org as an Identity Provider. |
| Add an Access Gateway Admin UI console app | Configure an Okta org to allow access to Access Gateway using SAML. |
| Access Gateway security best practices | Examine and execute a set of common Access Gateway security best practices. |
Ensure that you appropriately name your Access Gateway nodes when you create them for use in a high-availability cluster. These names must be resolvable between Access Gateway instances before you configure high availability.
Supported deployment environments
-
VMware Workstation Player: VMware Workstation deployment
-
VMware vSphere/ESXi: VMware vSphere/ESXi deployment
-
Oracle VirtualBox: Oracle VirtualBox deployment tasks
Oracle VirtualBox is only supported for test and development use. Okta doesn't support Oracle VirtualBox for production deployments.
-
Amazon Web Services: Amazon Web Services deployment tasks
-
Oracle Cloud Infrastructure: Oracle Cloud Infrastructure deployment tasks
-
Microsoft Azure: Microsoft Azure deployment tasks