Start the Policy Manager
You can access the Policy Manager in the following two ways:
You can access the Policy Manager in the following via the desktop client. The standard desktop client provides maximum functionality and best performance. It requires the Policy Manager application to be installed on the client computer.
As of version 9.4 CR3 of the API Gateway, the Java-based browser client version of the Policy Manager is no longer supported.
Start the Policy Manager from the Desktop Client
To start the Policy Manager as a desktop client, perform the following steps:
- Linux:Navigate to the directory where the Policy Manager is installed and then either run ./Manager.sh or double-click the .sh icon.
- Windows:Click Start, All Programs, Policy Manager, Policy Manager
After the Policy Manager is started, you can connect to the
Layer7 API Gateway.
Connect to the Gateway
Whenever you start the Policy Manager, the Login dialog automatically appears. Use this dialog to connect to the Gateway by doing either of the following steps:
- Connect to an existing Gateway or cluster by selecting its URL from the drop-down list on the Login dialog.
- Connect to a new Gateway or cluster by typing its URL in the Login dialog.
You can also display the Login dialog from within the Policy Manager by doing either of the following steps:
- ClickConnecton the Main Tool Bar (if currently connected, you must firstDisconnectbefore connecting to a different Gateway).
- SelectFile,Connectfrom the Main Menu.
Once the connection to the Gateway is established, the Policy Manager verifies your user permissions as defined by your role, and then enables the appropriate features within the system.
CA Technologies recommend using separate account for administrative access (that is, connecting to the Gateway) and for the message processing (that is, adding a user to a service policy). To simplify using separate user accounts, you may consider using different identity providers for administration/message traffic. .
The following table describes the Login dialog options:
This option specifies the login User Name and Password. Your account may be configured to remember your user name.
For security, the administrative user account will be locked for 20 minutes after five unsuccessful login attempts. No further login attempts may be made during the lockout period. The settings can be changed using the Manage Administrative User Account Policy dialog.
This option allows you to log in using a client certificate. Select the certificate from the Certificate drop-down list. To add or remove certificates from the list, click Manage and select a task.
Users with client certificates are required to use their certificates during login. The 'CN' value in the certificate must match the username.
(Logging in from a browser client)The client certificate must be imported to the browser. If your browser has only one certificate, that certificate is used as default while logging in. If you have multiple certificates, you can select from the list displayed.
This option allows you to select the Gateway to connect to from the drop-down list. If the correct Gateway is not listed, type the URL in the Gateway field, in the format machinename.domain.com. The URL is saved to the list.
Install the license file after connecting to a new Gateway.
Connecting to a non-default port
To connect to a port other than the default 8443, you must append the SSL Endpoint port number to the Gateway name. For example,
The Gateway field supports IPv6 literals for the Gateway host. The following formats are supported:
The IPv6 literals must be enclosed within square brackets ("[ ]") to be interpreted correctly.
To edit the list of client certificates:
Add a client certificate to the list
Remove a client certificate from the list
Connecting Through a Proxy
If you want to connect the Gateway through a proxy server, make the following modifications. Follow these steps before using the connection instructions mentioned in the previous section.
The modifications that are shown here are required only for the desktop client.
To configure the Policy Manager to use a proxy (Windows):
- Locate the fileLayer7 API Gateway Policy Manager.iniand open it in a text editor. This file is located in the same directory as theLayer7 API Gateway Policy Manager.exefile.
- Add the following string before the "-jar" section of the file. For example, if your .INI file ends with "-jar Manager.jar", then add the string before "-jar".-Dhttp.proxyHost=<Proxy_host>-Dhttp.proxyPort=<Proxy_port>-Dhttp.proxyUsername=<User_name>-Dhttp.proxyPassword=<User_password>
- Save and exit. The Policy Manager now uses the proxy when connecting to the Gateway.
To configure the Policy Manager to use a proxy (Linux):
- Locate the fileManager.iniand open it in a text editor. This file is located in the same directory as theManager.exeandManager.jarfiles.
- Add the following to the "extra" variable declaration.extra="...-Dhttp.proxyHost=<Proxy_host>-Dhttp.proxyPort=<Proxy_port>-Dhttp.proxyUsername=<User_name>-Dhttp.proxyPassword=<User_password>"
- Save and exit and then runManager.sh. The Policy Manager now uses the proxy host when connecting to the Gateway.
This file is located in the same directory as the
Adjust High DPI Scaling Settings for Policy Manager
These instructions address a display problem when running Policy Manager on Windows 10.
The Policy Manager may not display correctly on some high resolution monitors. If you experience display problems such as small fonts and illegible lines, try adjusting the high DPI scaling behavior of the executable file.
To adjust the display settings for Windows 10:
- Navigate to the Policy Manager installation folder.For example: c:\Program Files (x86)\CA Technologies\Layer7 API Gateway Policy Managerversion\
- Right-click theLayer7 API Gateway Policy Manager.exefile and select Properties.The properties dialog opens with the General tab selected.
- Click theCompatibilitytab.
- For Win 10 Build 16299/Version 1709: selectOverride high DPI scaling behavior, then selectSystemfrom the menu.
- For Win 10 Build 17763/Version 1809: clickChange high DPI settings, selectOverride high DPI scaling behavior, then selectSystemfrom the menu.
- Restart Windows and reopen the Policy Manager.