PingIntelligence

Deploying the PingIntelligence policy

Use the PingIntelligence automated policy tool to deploy the shared flow.

Using the PingIntelligence automated policy tool, you deploy the shared flow either by the flow hook or the flow callout policy, which is configured in the command line. Choose either the included ASE self-signed certificate or a certificate authority (CA)-signed certificate.

  • Flow hook

  • Flow callout

Deploying the PingIntelligence policy for flow hook

About this task

With a flow hook, the PingIntelligence shared flow is applied to all APIs in the environment of an organization.

Steps

  1. Deploy the shared flow:

    Choose from:

    • Deploy with self-signed certificate: To deploy the PingIntelligence policy with self-signed certificate, run the following command.

      /opt/pingidentity/pi/apigee/bin/deploy.sh -fh
      Checking Apigee connectivity
      Apigee connectivity ... success
      Generating policies
      
      Deploying PI Apigee policy Flow Hook
      
      1) PingIntelligence-Encrypted-Config-KVM status ... not-applicable
      2) PingIntelligence-Config-KVM status ... not-applicable
      3) ASE Server status ... deployed
      4) Truststore status ... deployed
      5) Upload pem file status ... deployed
      6) Cache status ... deployed
      7) Request policy upload status ... deployed
      8) Response policy upload status ... deployed
      9) Request policy deployment status ... deployed
      10) Response policy deployment status ... deployed
      11) Preproxy Flow hook status ... deployed
      12) Postproxy Flow hook status ... deployed
      
      Deployment of PI Policy finished successfully
    • Deploy with CA-signed certificate: To deploy the PingIntelligence policy with CA-signed certificate, run the following command.

      /opt/pingidentity/pi/apigee/bin/deploy.sh -fh -ca
      
      Checking Apigee connectivity
      Apigee connectivity ... success
      Generating policies
      
      Deploying PI Apigee policy Flow Hook
      
      1) PingIntelligence-Encrypted-Config-KVM status ... not-applicable
      2) PingIntelligence-Config-KVM status ... not-applicable
      3) ASE Server status ... deployed
      4) Truststore status ... not-applicable - running using CA signed certificate
      5) Upload pem file status ... not-applicable - running using CA signed certificate
      6) Cache status ... deployed
      7) Request policy upload status ... deployed
      8) Response policy upload status ... deployed
      9) Request policy deployment status ... deployed
      10) Response policy deployment status ... deployed
      11) Preproxy Flow hook status ... deployed
      12) Postproxy Flow hook status ... deployed
      
      Deployment of PI Policy finished successfully
  2. After you deploy the flow hook using the PingIntelligence tool, to verify the status of the deployment, run the following command.

    /opt/pingidentity/pi/apigee/bin/status.sh
    Checking Apigee connectivity
    Apigee connectivity ... success
    
    Checking the PI Apigee Policy Flow Hook deployment status
    
    1) PingIntelligence-Config-KVM status ... not applicable
    2) PingIntelligence-Encrypted-Config-KVM status ... not applicable
    3) ASE target status ... deployed
    4) Cache status ... deployed
    5) Truststore status ... deployed
    6) Request Policy status ... deployed
    7) Response Policy status ... deployed
    8) Preproxy hook status ... deployed
    9) Postproxy hook status ... deployed
    
    PI Apigee Policy is already installed

Deploying the PingIntelligence policy for Flow Callout

About this task

In the Flow Callout, the PingIntelligence policy is applied on a per API basis in the environment of an organization.

Steps

  1. Deploy the shared flow:

    Choose from:

    • Deploy with self-signed certificate: To deploy the PingIntelligence policy with self-signed certificate, run the following command.

      /opt/pingidentity/pi/apigee/bin/deploy.sh -fc
      Checking Apigee connectivity
      Apigee connectivity ... success
      Generating policies
      
      Deploying PI Apigee policy Flow Call Out
      
      1) PingIntelligence-Encrypted-Config-KVM status ... not-applicable
      2) PingIntelligence-Config-KVM status ... not-applicable
      3) ASE Server status ... deployed
      4) Truststore status ... deployed
      5) Upload pem file status ... deployed
      6) Cache status ... deployed
      7) Request policy upload status ... deployed
      8) Response policy upload status ... deployed
      9) Request policy deployment status ... deployed
      10) Response policy deployment status ... deployed
      11) Preproxy Flow call out status ... deployed
      12) Postproxy Flow call out status ... deployed
      
      Deployment of PI Policy finished successfully
    • Deploy with CA-signed certificate: To deploy the PingIntelligence policy with CA-signed certificate, run the following command.

      bin/deploy.sh -fc -ca
      
      Checking Apigee connectivity
      Apigee connectivity ... success
      Generating policies
      
      Deploying PI Apigee policy Flow Call Out
      
      1) PingIntelligence-Encrypted-Config-KVM status ... not-applicable
      2) PingIntelligence-Config-KVM status ... not-applicable
      3) ASE Server status ... deployed
      4) Truststore status ... not-applicable - running using CA signed certificate
      5) Upload pem file status ... not-applicable - running using CA signed certificate
      6) Cache status ... deployed
      7) Request policy upload status ... deployed
      8) Response policy upload status ... deployed
      9) Request policy deployment status ... deployed
      10) Response policy deployment status ... deployed
      11) Preproxy Flow call out status ... deployed
      12) Postproxy Flow call out status ... deployed
      
      Deployment of PI Policy finished successfully
  2. After deploying the Flow Call Out using the PingIntelligence tool, to verify the status of the deployment, run the following command.

    /opt/pingidentity/pi/apigee/bin/status.sh
    Checking Apigee connectivity
    Apigee connectivity ... success
    
    Checking the PI Apigee Policy Flow Call Out deployment status
    
    1) PingIntelligence-Config-KVM status ... not applicable
    2) PingIntelligence-Encrypted-Config-KVM status ... not applicable
    3) ASE target status ... deployed
    4) Cache status ... deployed
    5) Truststore status ... deployed
    6) Request Policy status ... deployed
    7) Response Policy status ... deployed
    8) Preproxy call out status ... deployed
    9) Postproxy call out status ... deployed
    
    PI Apigee Policy is already installed