GAM applications deployment

Official Content
This documentation is valid for:

The purpose of this document is to explain how to take binaries to production, in an application using GeneXus Access Manager
To import the data of the GAM database into production, refer to GAM Deploy Tool.

Step by step

1. Set up a pre-production environment.

It's advisable to have a pre-production environment where you can setup the application binaries and data before going into production. 

  • In the pre-production environment you can use GeneXus to create the GAM database from scratch, and do a build all prior to taking it to production. The GAM permissions will be created in the build all process because the permissions don't exist in the database.
  • In the GeneXus pre-production environment, configure a new Connection User Name and Connection User Password, to create a new GAM connection with those credentials. This GAM connection will be different from the one configured for the test environment.
  • Use the GAM Deploy Tool to do an export from the test environment, in order to import it into the pre-production database. You may export the GAM Applications, GAM Roles, GAM Permissions, and GAM Security policies.
    An alternative to using the GAM deploy tool, is using the GAM API to populate your GAM pre-production database (creating, for example, GAM Roles and GAM Security policies).
  • Notes:
    - In  general, except in special cases, you will not export the GAM users from the test environment. Special care must be put in not carrying out to production users with high privileges that were created for test purposes only.
    - You will always have a GAM Application related to your Kb (web GAM Application). At pre-production, you should define the KB with the same name as in the test environment. Otherwise, upon exporting the GAM Applications from test and importing at pre-production, you will have two different GAM Applications for Web.

2. Create the deploy file.

  1. After doing the necessary test at pre-production, use the  Applications deploy tool to create the deployment. The deployment includes the application.gam and the connection.gam files, required to connect to the GAM Repository. 
  2. At production: one possibility is, for the first time, to backup the database at pre-production and restore it at production.
    Another option is to use the GAM Deploy Tool. In such case, if you use the GAM deploy tool command line, you will first have to create the database tables using the script distributed by GeneXus (under <GX Folder>\GAM\Platforms). Then you will do a full export at pre-production and a full import at production. You should use the "import" option with the "-new_rep_create" flag.
    If you create a new connection.gam in production, you must bear in mind that, the next time you take changes to production, you will not overwrite the connection.gam.  Another possibility is to copy the GAM connections from pre-production to production, using the "-imp_connections" flag. In this case, the connection.gam is valid for both environments, so you will not need to make changes to the deployment.

In sum, depending on the method used, you will have different options for completing the process of going into production.

Consider, in all cases, that: