Implementation GuideInstalling the Enterprise Management ServerHow to Install the Enterprise Management Server Components › Install CA Access Control Enterprise Management on Linux

Previous Topic: Install CA Access Control Enterprise Management on Windows

Next Topic: How to Configure CA Access Control Enterprise Management to Use SUN ONE or CA Directory

Install CA Access Control Enterprise Management on Linux

Installing CA Access Control Enterprise Management installs all the Enterprise Management Server components. You must prepare the Enterprise Management Server before you install CA Access Control Enterprise Management.

You must use console installation to install CA Access Control Enterprise Management on a Linux computer.

Follow these steps:

  1. Shut down the JBoss Application Server if it is running.
  2. Stop CA Access Control services if you are installing CA Access Control Enterprise Management on a computer that already has CA Access Control installed.
  3. Complete the following ste[s:
    1. Insert the appropriate CA Access Control Premium Edition Server Components DVD for your operating system into your optical disc drive.
    2. Mount the optical disc drive. Do not specify the noexec option. If you specify the noexec option, the installation fails.

      Note: In some releases of Linux, the operating system automounts the optical disc drive with the noexec option.

    3. Open a terminal window and set a writeable temporary directory as the working directory.

      Note: The installer unpacks the installation files to the working directory. If you specify a working directory on the optical media, the installation fails because the installer cannot unpack the files.

    4. Execute the installer, specifying the full path to the installer in the command. For example, if you mount the optical disc drive in the /media directory, enter the following command: 
      	/media/EnterpriseMgmt/Disk1/InstData/NoVM/install_EntM_r125.bin -i console

      To use a custom FIPS key during installation, you must also specify the full pathname of the FIPS key in the command, using the format -DFIPS_KEY=path. For example, to install with a custom FIPS key located at /tmp/FIPSkey.dat:

      	/media/EnterpriseMgmt/Disk1/InstData/NoVM/install_EntM_r125.bin -i console
	-DFIPS_KEY=/tmp/FIPSkey.dat

      Important! If you install CA Access Control Enterprise Management for High Availability, specify the same FIPS key on the primary and secondary Enterprise Management Servers. Specify a custom FIPS key if you install CA Access Control Enterprise Management for High Availability with FIPS support.

    The InstallAnywhere console appears after a few moments.

  4. Complete the prompts as required. The following installation inputs are not self-explanatory:
    Java Development Kit (JDK)

    Defines the location of an existing JDK.

    JBoss Application Server Information

    Defines the JBoss instance that you want to install the application on.

    You need to:

    • Define the JBoss folder, which is the top directory where you have JBoss installed.

      For example, /opt/jboss-4.2.3.GA

    • Define the port JBoss uses.
    • Define the port JBoss uses for secure communications (HTTPS).
    • Define the naming port number.

    Note: The CA Access Control Enterprise Management installation program does not use the default JBoss ports but instead adds 10000 to the default JBoss port numbers. For example, the installation program uses port number 18080 rather than port number 8080 for HTTP connections. Ensure that you specify the ports that JBoss uses.

    Communication Password

    (Primary Enterprise Management Server Only) Defines the password used for CA Access Control Enterprise Management Server inter-component communication.

    Note: CA Access Control Enterprise Management uses the communication password to manage the Message Queue keystore and administrator account, handle communication between CA Access Control Enterprise Management and the endpoints and manage the Java Connection Server.

    Database Information

    Defines the connection details to the RDBMS:

    • Database Type—Specifies a supported RDBMS.
    • Host Name—Defines the name of the host where you have the RDBMS installed.
    • Port Number—Defines the port used by the RDBMS you specified. The installation program provides the default port for your RDBMS.
    • Service Name—(Oracle) Defines the name that identifies your RDBMS on the system. For example, for Oracle Database 10g this is orcl by default.
    • Database Name—(MS SQL) Defines the name of the database you created.
    • Username—Defines the name of the user that you created when you prepared the database.

      Note: You granted this user the appropriate database permissions when you prepared the database.

    • Password—Defines the RDBMS password of the user that you created when you prepared the database.

    The installation program checks the connection to the database before it continues.

    User Store Type

    Defines the user store type CA Access Control Enterprise Management uses. Select one of the following:

    • Embedded User Store—CA Access Control Enterprise Management stores user information in the RDBMS.
    • Active Directory—you specify the connection information details in the next screen.
    • Other User Store—you specify the user store configuration information after the CA Access Control Enterprise Management installation completes.

    Note: To deploy login authorization policies to UNAB, you must select either Active Directory or Other User Store as the user store. If you select Active Directory or Other User Store as the user store, you cannot create or delete users and groups in CA Access Control Enterprise Management. For more information about UNAB and Active Directory restrictions, see the Enterprise Administration Guide.

    Active Directory Settings

    Defines the Active Directory user store settings:

    • Host—Defines the Domain Controller host name of Active Directory.
    • Port—Defines the port used by default for LDAP queries against Active Directory, for example, 389.
    • Search Root—Defines the search root, for example, ou=DomainName, DC=com.

      Note: Set the Search Root at least one node higher in the directory tree than the Distinguished Names (DNs) for the users specified for User DN and System User. Otherwise, Enterprise Management might launch without displaying any tabs.

    • User DN—Defines the Active Directory user account name that is used to manage CA Access Control Enterprise Management. For example: CN=Administrator, cn=Users, DC=DomainName, DC=Com.

      Note: This user issues LDAP queries against Active Directory. You can choose to define a user with read-only privileges for this parameter. However, if you define a user with read-only privileges, you cannot assign admin roles or privileged access roles to users in CA Access Control Enterprise Management. Instead, you modify the member policy for each role to point to an Active Directory group.

    • Password—Defines the password of the Active Directory user account that is used to manage CA Access Control Enterprise Management.

    The installation program checks the connection to Active Directory before continuing.

    Note: You can use the DSQUERY directory querying utility to discover the user Distinguished Name (User DN). You must run this query on the Active Directory server. For example:

    dsquery user -name administrator
"CN=Administrator,CN=Users,DC=lab.DC=demo"
    System User

    (Active Directory only) Defines the DN of the Active Directory user who is assigned the System Manager admin role in CA Access Control Enterprise Management.

    Example: CN=SystemUser, ou=OrganizationalUnit, DC=DomainName, DC=Com

    Note: By default, a user with the System Manager admin role can perform, create, and manage all tasks in CA Access Control Enterprise Management. For more information about the System Manager admin role, see the Enterprise Administration Guide.

    Administrator Password

    (Embedded user store only) Defines the password of superadmin, the CA Access Control Enterprise Management administrator. Make a note of the password so you can log in to CA Access Control Enterprise Management when the installation is complete.

    Note: In this step you create the superadmin user in the embedded user store. The superadmin user is assigned the System Manager admin role in CA Access Control Enterprise Management. You log in as superadmin the first time you log in to CA Access Control Enterprise Management. For more information about the System Manager admin role, see the Enterprise Administration Guide.

  5. Review the pre-installation summary information. If the information is correct, press Enter.

    CA Access Control Enterprise Management is installed.

  6. Press Enter.

    The installer closes.

  7. Reboot the computer, if required.

    You now need to configure CA Access Control Enterprise Management for your enterprise.