In order to administer or monitor an IceGrid deployment, you need to connect to the IceGrid registry of this deployment. If your IceGrid registry is replicated, you can connect to any replica for monitoring purposes; if you intend to change definitions, for example describe a new server, you need to connect to the master IceGrid registry. This page describes how to connect to an IceGrid registry.
On this page:
Use File > Login...
or press the button to open the Saved Connections
dialog:
Then double-click on the IceGrid registry you want to connect to, or select the IceGrid registry and click on the Connect
button.
If the connection contains saved credentials, IceGrid Admin will immediately attempt to connect to the selected IceGrid registry with these credentials. Otherwise, it will open a new dialog to request the missing password (two passwords in some cases), such as:
In the Saved Connections
dialog, click on New Connection
to open the New Connection wizard.
Below are 3 typical connections to illustrate the wizard steps:
We create a TCP connection to the IceGrid registry running on localhost:
Step 1: we select Direct Connection
Step 2: we enter the name of your IceGrid instance. This corresponds to the IceGrid.InstanceName
property in the target IceGrid registry configuration.
Step 3: we enter the addressing information as a hostname and port number
Step 4: we enter localhost
for the Hostname, leave port number blank and keep TCP as the protocol
Step 5: we enter a username and password for this connection
Step 6: we click on the Finish
button to save the connection; IceGrid Admin then attempts to connect to the IceGrid registry
We create a SSL connection to a directly-reachable IceGrid registry, and authenticate with this IceGrid registry using our X.509 key (also used for SSL authentication). The target IceGrid registry must be configured to accept SSL connections and authentication using SSL credentials; see IceGrid.Registry.AdminSSLPermissionsVerifier.
Steps 1 to 3 are identical to the simple TCP connection described above.
Step 4: we enter the hostname of the IceGrid registry, we leave the port number empty to use the default IceGrid port number (4061 for TCP and 4062 for SSL), and we select SSL for Protocol
Step 5: yes, we want to provide a X.509 certificate for SSL authentication
Step 6: we select the X.509 key used for SSL authentication from the Alias drop-down list; list this corresponds to the My Certificates set in the Certificate Manager described in the next section. Click on the Import...
button to open the Certificate Manager dialog.
Step 7: we choose to use this X.509 certificate (carried through the SSL connection) to authenticate ourselves with the IceGrid registry.
Step 8: we click on the Finish
button to save the connection and connect to the IceGrid registry. Unless we entered (and therefore saved) the X.509 key password with the connection, we are prompted for this password:
We connect to an IceGrid registry "behind" a Glacier2 router. In this case, we need to connect to the Glacier2 router and authenticate ourselves with this Glacier2 router. We do not provide any information about the IceGrid registry itself: we will connect to the IceGrid registry identified by the target Glacier2 router configuration. See Glacier2 Integration with IceGrid.
Step 1: we select Routed Connection
Step 2: we enter the instance name of our Glacier2 router. This corresponds to the Glacier2.InstanceName
property in the target Glacier2 router configuration.
Step 3: we enter the addressing information for the target Glacier2 router as a hostname and port number
Step 4: we choose not to authenticate ourselves for SSL, so we do not provide a X.509 certificate.
Step 5: we provide a username and password for the connection to the Glacier2 router
Step 6: we click on the Finish
to save the connection; IceGrid Admin then attempts to connect to the IceGrid registry through the Glacier2 router.
IceGrid Admin maintains a persistent store of X.509 certificates for SSL connections with IceGrid registries. You can import, view and remove these certificates with the Certificate Manager. Use File > Certificate Manager...
or click on the Import...
button in the Connection wizard to open the Certificate Manager:
The Certificate Manager maintains 3 sets of certificates:
You do not need to import server certificates or CA certificates prior to establishing a SSL connection with an IceGrid registry or Glacier2 router. IceGrid Admin performs the following checks when establishing a SSL connection:
Yes, Always Trust
, the certificate is added in the persistent Server Certificates set.A "client" X.509 certificate (saved in My Certificates) is only necessary when the target IceGrid registry or Glacier2 router requires one. This depends on the setting of the IceSSL.VerifyPeer
property in those servers: when IceSSL.VerifyPeer
is 2, IceGrid Admin must provide a valid certificate. If you forget to provide a certificate, or provide an invalid certificate, the connection establishment will fail with an IceSSL error comparable to the following:
In the Saved Connections
dialog, click on Edit Connection
to edit a connection. This opens the Connection wizard for your saved connection. With this wizard, IceGrid Admin does not attempt to connect to the target IceGrid registry when you click on the Finish
button.
Use File > Logout
or press the button to disconnect from an IceGrid registry. This clears all information in the Live Deployment pane.