beautypg.com

Google Search Appliance Configuring GSA Unification User Manual

Page 9

background image

Google Search Appliance: Configuring GSA Unification

9

Each search appliance in the configuration must be able to ping the other search appliances on
their public IP address.

The private IP addresses you choose must conform to the private address space as defined in RFC
1918 and must not overlap with the private address space used by the subnet to which the
appliances are connected. For example, if the subnet where the search appliances are deployed
uses 10.0.0.0/8, choose the private IP addresses from the 192.168.0.0/24 network. If the
192.168.0.0/24 network is used by the subnet, try the 192.168.1.0/24 range or the 172.16.0.0/12
range.

Do not use the private IP address from the 192.168.255.0/24 network.

Do not use 127.0.0.0/8.

Do not use non-private address space such as 1.0.0.0/8 or 216.239.43.0/24.

The following requirements also apply to security in a unified environment:

All security configurations on the Crawler Access pages on the secondary search appliances must
be added to the Crawler Access page on the primary search appliance.

The primary and secondary search appliances must use the same security policies.

About Authentication and Authorization within a
Unified Environment

Authentication is the process by which the search appliance verifies a user’s identity. Authorization is the
process by which the search appliance determines whether a particular authenticated user is permitted
to view a particular document. For information on search appliance authentication and authorization
configuration options, see the “Overview” of Managing Search for Controlled-Access Content.

You can set up a unified environment to handle user authorization during secure serve in one of two
ways:

The primary search appliance performs all authorization.

The secondary search appliances perform authorization first. If a user cannot be authorized to see
a particular document by the secondary search appliances, the primary search appliance attempts
to perform the authorization. This process is called delegated authorization. Delegated authorization
is enabled by checking a checkbox on the Admin Console > GSA Unification > Host Configuration
page.

If you use a Google Enterprise Connector for indexing and searching files in a content management
system and you are setting up GSA unification, you can configure authorization in one of three ways.

Configure the connector on the primary search appliance and use authorization on the primary
appliance.

Configure the connector on a secondary search appliance and use delegated authorization.

Configure the connector on a secondary search appliance and the primary search appliance, then
add a Do Not Crawl pattern on the primary appliance so that all connector crawling takes place on
the secondary search appliance. Use authorization on the primary search appliance.

See also other documents in the category Google Software: