Connecting to the Admin UI

Pulse Secure Virtual Traffic Manager 21.4: Cloud Services Installation and Getting Started Guide

Connecting to the Admin UI

When you create a new EC2 instance, the new EC instance is initially listed as pending while the instance starts up. You can view the status of an instance using the following command:

ec2-describe-instances

Wait until the instance is listed as running and note the public DNS name or public IP address associated with the instance. This is the address of the Traffic Manager Admin UI.

For instances running inside a VPC, if you did not assign a public IP to the Traffic Manager instance when the Traffic Manager was launched, confirm you can connect to the Admin UI using a direct connection to the private address range in the VPC through, for example, a secure VPN or NAT (Network Address Translation) based infrastructure.

If you are still unable to access the Admin UI, you must associate a public IP address with one of the private IPs defined in your instance. To do this, allocate a new Elastic IP Address through the AWS Console and associate it with the primary private IP in your instance. If you do not associate the Elastic IP address with an instance, the address remains attached to your EC2 account until you release it.

Elastic IP addresses are allocated for use with instances in EC2-Classic or a VPC, but not both. When allocating a new Elastic IP address for use with a VPC-based instance, select VPC when prompted.

When the instance is running and publicly accessible, access the following URL in your Web browser:

https://<admin_ui_address>:9090/

where <admin_ui_address> is either the public DNS name or public IP address listed by your management tool.

Verify that you can connect to the Admin UI using a Web browser and then proceed to configure your Traffic Manager instance through the Initial Configuration Wizard. For more details, see Using the Initial Configuration Wizard.

Confirming the Traffic Manager's Identity

Before you connect to the Admin UI of a newly configured Traffic Manager instance, your Web browser might report problems with the SSL certificate (either that it cannot trust it, or that the hostname in the certificate does not match the hostname in the URL). You can safely ignore this warning as the certificate is self-signed, and the hostname in the certificate might not match the URL you have used to access it (an instance's public DNS name and IP address are different to the private DNS name and IP address the instance uses within the EC2 network).

To verify the identity of the instance you are connecting to, check that the SHA-1 fingerprint of the self-signed SSL certificate matches the fingerprint of the Traffic Manager instance you want to configure. Consult the documentation for your Web browser for instructions on how to display the SSL certificate and associated SHA-1 fingerprint information for a Web site you are visiting.

To view the SHA-1 fingerprint for a Traffic Manager instance configured in EC2, check the instance EC2 console log. Click "Console output" in your graphical EC2 management tool, or run the following command:

ec2-get-console-output <instance_id>

<instance_id> is the unique ID of the instance you are trying to configure.

There might be a delay of several minutes after instance creation before the console output is available from EC2.