CA Risk Authentication UNIX Installation Guide › How to Deploy CA Risk Authentication on a Single System

How to Deploy CA Risk Authentication on a Single System

To install the CA Risk Authentication components, use the CA Risk Authentication 8.0 InstallAnywhere Wizard. This wizard supports Complete and Custom installation types.

Note: To install and configure CA Risk Authentication on a single computer, use the Complete option when you run the installer.

The following illustration shows the tasks to perform for installing CA Risk Authentication 8.0:

RA_Single_Installation

Perform the following tasks:

Important!

Consider the following points while installing CA Risk Authentication on a single system:

Verify that the <install_location> does not contain any special characters (such as ~ ! @ # $ % ^ & * ( ) _ + = { }[ ] ’ ").
The MySQL database name must not contain dot(.) characters.
Currently, you cannot modify or repair CA Risk Authentication components by using the installer. You must uninstall the component and then re-install it.
Do not close the installer window, if the installation is in progress. If at any time during the installation (especially during the last stages), you click the Cancel button to abort the installation, then the installer may not remove all the directories that it has created so far. You must manually clean up the installation directory, <install_location>\Arcot Systems\, and its subdirectories.
If you run the installer on a system that already contains an instance of an existing ARCOT_HOME, then:
- You are not prompted for an installation directory.
- You are not prompted for the database setup. The installer uses the existing database.
- You are not prompted to set up encryption.
- You can install and use CA Strong Authentication along with CA Risk Authentication. Both products use certain common components, which are copied during the installation of either product. If you have already installed CA Strong Authentication and you are now starting the CA Risk Authentication installation procedure, the CA Risk Authentication installer can detect the presence of the common components that were copied during the CA Strong Authentication installation. The CA Risk Authentication installer then displays the screens for performing a custom installation.

This section contains the following topics:

Perform a Complete Installation

How to Prepare an Application Server

Deploy Administration Console

Perform the Bootstrapping Task for the System

Start the CA Risk Authentication Server Service

Start the CA Risk Authentication Case Management Service

Deploy User Data Service [USD]

Deploy User Behavior Profiling Application

Deploy the Sample Application

Verify the Installation

How to Use the Sample Application for Risk Evaluation

Apply the Post-Installation Checklist

Perform a Complete Installation

To install CA Risk Authentication use a single user account for installation from the Administrators group. Otherwise, the critical steps in the installation, do not complete successfully, though the installation may complete without any errors.

Perform a Complete installation to install all of the components of the CA Risk Authentication package. These components include CA Risk Authentication Server and the scripts that are required for setting up the database.

Follow these steps:

Log in and navigate to the directory where you untarred the installer.
Verify that you have the permission to run the installer. If not, run the following command:
- (On Solaris) chmod a=rx CA Risk Authentication-8.0-Solaris-Installer.bin
- (On Linux) chmod a=rx CA Risk Authentication-8.0-Linux-Installer.bin
Run the installer by enter the following command and then pressing Enter:
- For Solaris: prompt> sh CA Risk Authentication-8.0-Solaris-Installer.bin
- For Linux: prompt> sh CA Risk Authentication-8.0-Linux-Installer.bin
  Note: If you are executing the installer with root login, then a warning message appears. Enter Y to continue, or enter N to quit the installation. If you have exit the installer screen, then run the installer again.
Click Next.
Carefully read the License Agreement and press Enter to go to the next screen of the license text. You may have to press Enter multiple times.
Enter y to accept the acceptance of License Agreement and to continue with the installation.

Note: If you press n, then a warning message is displayed and the installation is stopped.

The installer now checks if other CA products exist on the system.

If the installer detects an existing CA product installation (an existing ARCOT_HOME), then:
- You are not prompted for an installation directory.
- You are not prompted for the database and encryption setup. The installer uses the existing database and encryption settings. As a result, you can move to Step 6, though the configuration is disabled. You do not have to perform Step 10 as the screens of it do not get displayed.
Click Next.
Perform one of the following steps for choosing the installation location:
- Enter the absolute path of the directory where you want to install CA Risk Authentication and press Enter to continue.
  Note: The installation directory name that you specify must not contain any spaces. If it does, then some CA Risk Authentication scripts and tools may not function as intended.
- Press Enter to accept the default directory that is displayed by the installer.
(Applicable only if you are installing on a system that already has an existing Advanced Authentication product installed) Select one of the following options, and press Enter:
- 1: Enter a new path.
- 2: Use the location at which the existing Advanced Authentication product is installed.
Enter 1 to select the default (Complete) installation that installs all components, and press Enter.
Enter the number corresponding to your choice of database (1. MS SQL Server 2. Oracle Database 3. MySQL), and press Enter.
- Microsoft SQL Server
  Note: If you are using a SQL database, verify that the ODBC Driver version you are using is the same as the one mentioned in Preparing for Installation.
- Oracle Database
  Note: CA Risk Authentication is certified to work with Oracle Real Application Clusters (Oracle RAC). To use Oracle RAC on CA Risk Authentication Installation, select Oracle Database in this step, perform the next step (Step 7), and then perform the steps in Configuring CA Risk Authentication for Oracle RAC (W).
- MySQL
Based on your database choice the following screens get displayed:
Complete the following information, and press Enter:
- Microsoft SQL Server:
  
  ODBC DSN
  
  Defines the value by which the installer creates the DSN. CA Risk Authentication Server then uses this DSN to connect to the CA Risk Authentication database. The recommended value to enter is arcotdsn.
  
  Server
  
  Specifies the host name or IP address of the CA Risk Authentication datastore.
  
  Default Instance
  
  Syntax: <server_name>
  
  Example: demodatabase
  
  Named Instance
  
  Syntax: <server_name>\<instance_name>
  
  Example: demodatabase\instance1
  
  User Name
  
  Specifies the database user name. The user must have the create session and DBA rights.
  
  Note: The User Name for the Primary and Backup DSNs must be different.
  
  Password
  
  Specifies the password associated with the User Name. This password is specified by the database administrator.
  
  Database
  
  Specifies the name of the MS SQL database instance.
  
  Port Number
  
  Specifies the port number at which the database listens to the incoming requests.
  
  Default Port:1433
- Oracle Server:
  
  ODBC DSN
  
  Specifies the value by which the installer creates the DSN. CA Risk Authentication Server then uses this DSN to connect to the CA Risk Authentication database. The recommended value to enter is arcotdsn.
  
  User Name
  
  Specifies the database user name for CA Risk Authentication to access the database. This name is specified by the database administrator.
  
  The user must have the create session and DBA rights.
  
  Note: The User Name for the Primary and Backup DSNs must be different.
  
  Password
  
  Specifies the password associated with the User Name you specified in the previous field. This password is specified by the database administrator.
  
  Service ID
  
  Specifies the Oracle System Identifier (SID) that refers to the instance of the Oracle database running on the server.
  
  Port Number
  
  Specifies the port at which the database listens to the incoming requests..
  
  Default: 1521
  
  Host Name
  
  Specifies the host name or IP address of the CA Risk Authentication datastore.
  
  Syntax: <server_name>
  
  Example: demodatabase
- MySQL Server:
  
  DBC DSN
  
  Specifies the value by which the installer creates the DSN. CA Risk Authentication Server then uses this DSN to connect to the CA Risk Authentication database. The recommended value to enter is arcotdsn.
  
  Server
  
  Specifies the host name or IP address of the CA Risk Authentication datastore.
  
  Default Instance
  
  Syntax: <server_name>
  
  Example: demodatabase
  
  Named Instance
  
  Syntax: <server_name>\<instance_name>
  
  Example: demodatabase\instance1
  
  User Name
  
  Specifies the database user name for CA Risk Authentication to access the database. This name is specified by the database administrator.
  
  The user must have the create session and DBA rights.
  
  Note: The User Name for the Primary and Backup DSNs must be different.
  
  Password
  
  Specifies the password associated with the User Name you specified in the previous field. This password is specified by the database administrator
  
  Database
  
  Specifies the name of the MySQL database instance.
  
  Port Number
  
  Specifies the port at which the database listens to the incoming requests.
  
  Default: 3306
For backup database access configuration , perform one of the following steps:
- Type n to skip the configuration of the secondary DSN, when prompted, and press Enter.
- Type y to configure the secondary DSN, when prompted, and press Enter.
Select the encryption mode and enter the information that is used for encryption.
Master Key

Specifies the password for the Master Key which is used to encrypt the data stored in the database.

Default Value: MasterKey

Note: If you want to change the value of Master Key after the installation, then regenerate securestore.enc with a new Master Key value. See Changing Hardware Security Module Information After the Installation for more information.

Configure HSM

(Optional) Specifies if you will use a Hardware Security Module (HSM) to encrypt the sensitive data. If you do not select this option, then, by default, the data is encrypted by using the Software Mode.

PIN

Identifies the password to connect to the HSM.

Choose Hardware Module
Specifies one of the following HSMs:
- 1. Luna HSM
- 2. nCipher netHSM
HSM Parameters
Set the following HSM information:

Shared Library: The absolute path to the PKCS#11 shared library corresponding to the HSM.

For Luna (cryptoki.dll) and for nCipher netHSM (cknfast.dll), specify the absolute path and name of the file.

Storage Slot Number: The HSM slot where the 3DES keys used for encrypting the data are available.
- For Luna, the default value is 0.
- For nCipher netHSM, the default value is 1.
Note: The HSM parameter values are recorded in arcotcommon.ini, which is available in <install_location>\Arcot Systems\conf\. To change these values after installation, edit this file, as discussed in Configuration Files and Options.

Click Next.
Review the information in the Pre-Installation Summary screen, and press Enter.
Press Enter to begin Installation. If you would like to change a configuration on any of the previous screens, click Back until you reach the screen. Make the required changes, and press Enter to proceed to continue.
Press Enter. This may take several minutes, because the installer now does the following tasks:
- It copies all the components and their related binaries in the installation directory.
- It stores database settings in the arcotcommon.ini file and the password in the securestore.enc file.
- It writes to the required INI files.
- It sets the environment variables such as, JNI_LIBRARY_PATH for Administration Console and ODBC_HOME, ODBCINI, ORACLE_HOME, and ORACLE_LIB_PATH in the arrfenv file.
- It creates or overwrites, as specified in a previous screen, the Primary DSN and Backup DSN (if selected and configured) by using the selected ODBC driver in the odbc.ini file.
After the preceding tasks are completed successfully, the Installation is complete.
Press Enter to exit the installer.
You may have to wait for a few minutes (for the installer to clean up temporary files) until the prompt reappears.
Verify that UTF-8 support is enabled. To do so perform the following steps:
1. Navigate to the <install_location>/arcot/odbc32v70wf/odbc.ini file.
2. Locate the [ODBC] section.
3. Ensure that the IANAAppCodePage=106 entry is present in the section.
4. If you do not find this entry, then add it.
5. Save and close the file.

Note: After the installation is completed, perform the post-installation tasks that are discussed in Performing Post-Installation Tasks.

Installation Logs

After installation, you can access the installation log file (Arcot_RiskFort_Install_<timestamp>.log) in the <install_location> directory. For example, if you had specified the /opt directory as the installation directory, then the installation log file is created in the /opt directory.

If the installation fails for some reason, then error messages are recorded in this log file.