How crawling and indexing work, How onebox modules work, About security – Google Search Appliance Configuring GSA Unification User Manual

Google Search Appliance: Configuring GSA Unification

8

If a user needs to search documents in a collection that is not included in a composite collection, the
user must use the search page for that collection’s search appliance instead of the search page on the
primary search appliance.

How Crawling and Indexing Work

Crawling and indexing in a unified environment are similar to crawling and indexing in single search
appliance deployments. Each individual search appliance is configured with its own crawl patterns and
each search appliance typically crawls a discrete body of documents. For more information about
crawling and indexing in a single search appliance, see Administering Crawl.

Depending on how security is set up in a unified environment, you might have to duplicate the crawler
access settings from each secondary search appliance on the primary search appliance to ensure that
the primary search appliance can correctly authorize and serve results from the secondary search
appliances. For more information, see “About Security” on page 8 and “About Crawl Patterns” on
page 17.

How OneBox Modules Work

In a unified environment, OneBox module configuration is available only on the primary search
appliance. In other words, results served from the primary search appliance include results from
OneBox modules configured on the primary search appliance, not OneBox modules configured on the
secondary nodes. Because spelling checkers are enabled as OneBox modules, spelling check is available
only for documents indexed on the primary search appliance. A new feature, user-added results, also
uses OneBox modules.

About Security

The Google Search Appliance uses secret tokens and private IP addresses to enforce security within a
unified environment.

The search appliances in a unified environment authenticate each other using shared secret tokens that
you provide during configuration. The shared secret tokens must consist only of printable ASCII
characters.

Certain communications among the search appliances in a unified environment are conducted over a
secure private network, including search requests, search credentials transmitted as sessions, and
search results that include snippets, whether the results are authorized or not authorized. When you
set up a unified environment, you provide additional IP addresses on the Admin Console that the search
appliances uses for communicating in a virtual private network. You do not need to change anything in
your network infrastructure to meet the guidelines for the virtual private network. You do not need to
set up a private network on your existing network. You only need to make sure that the IP addresses are
available. When you provide the correct IP addresses, the search appliance creates the network. On the
Admin Console interface, the private network IP addresses are called network IP addresses.

You can assign or change the private IP addresses at any time. The following guidelines apply to the
private network IP addresses:

•

The search appliance must able to reach another search appliance’s public IP address on UDP port
500 and on IP protocol number 51 (IPsec AH). Both ports are used by IPSec, the security protocol for
communications among the appliances in the configuration.