Install on the First System

CA Risk Authentication UNIX Installation Guide › How to Deploy CA Risk Authentication on Distributed System › Install on the First System

Install on the First System

In a distributed system installation you install the CA Risk Authentication Server on the first system.

We recommend Custom Installation for advanced users as it allows selected components installation.

For successful installation, the user account that you plan to use for the installation must belong to the Administrators group.

Note: Verify that all prerequisite software components are installed and the database is set up, as described in Prepare for Installation.

Follow these steps:

Log in and navigate to the directory where you untarred the installer.
Verify that you have the permissions required to run the installer. If not, run the following command:
- On Linux: chmod a=rx CA Risk Authentication-8.0-Linux-Installer.bin
Run the installer by typing the following command and then pressing Enter:
- For Linux:
```
prompt> sh Arcot-RiskFort-8.0-Linux-Installer.bin
```
Note: If you are running the installer with root login, then a warning message appears. Enter Y to continue, or enter N to quit the installation. If you exit the installer screen, then run the installer again.
Press Enter to continue with the installation.
Carefully read the License Agreement. Enter y to accept the acceptance of License Agreement and press Enter for the next step.
Note: If you press n, then a warning message is displayed and the installation is aborted.
Perform the following steps from Choose Installation Location:
- Enter the absolute path of the directory where you want to install CA Risk Authentication and press Enter to continue.
  Note: The installation directory name that you specify must not contain any spaces. Otherwise, some CA Risk Authentication scripts and tools may not function as intended.
- Press Enter to accept the default directory that is displayed by the installer.
The installer displays the installation options that are supported by CA Risk Authentication.
(Applicable only if you are installing on a system that already has an existing Advanced Authentication product installed) The installer displays the following options:
- 1 - Enter a new path.
- 2 - Use the location at which the existing CA Advanced Authentication product is installed.
(Applicable only if you are installing on a system that already has an existing CA Advanced Authentication product installed) Select the required option and press Enter to continue with the installation.
Note: If you selected option 1 or 2, then a new directory named arcot is created in the specified location.
Type 2 and press Enter to accept the Customize installation option and to continue with the installation.
Specify a comma-separated list (without any space between the comma and the number) of numbers representing the CA Risk Authentication components you want to install and press Enter to continue.
The following table gives the information on the components:

Component	Description
Risk Evaluation Server	It installs the core Processing engine (CA Risk Authentication Server) that serves the following requests from Administration Console: Risk Evaluation Configuration In addition, this component also installs the following Web services that have been built into the server: Risk Evaluation Web Service: Provides the web-based programming interface for risk evaluation with CA Risk Authentication Server. User Management Web Service: Provides the web-based programming interface for the creation and management of users. Administration Web Service: Provides the web-based programming interface used by Administration Console.
CA Risk Authentication Case Management Server	It installs the core Queuing engine (CA Risk Authentication Case Management Server) that allocates cases to the Customer Support Representatives (CSRs) who work on these cases. Note: At any given point in time, all instances of Administration Console can only connect to this single instance of CA Risk Authentication Case Management Server.
CA Risk Authentication SDKs and Sample Application	It provides programming interfaces (in form of APIs and Web services) that can be invoked by your application to forward risk evaluation requests to CA Risk Authentication Server. This package comprises the following sub-components: Risk Evaluation SDK: Provides the Java programming interface for risk evaluation with CA Risk Authentication Server. Sample Application: Demonstrates the usage of CA Risk Authentication Java APIs. It can be used to verify if CA Risk Authentication was installed successfully, and if it is able to perform risk evaluation requests. Refer to Configuring CA Risk Authentication SDKs and Web Services for more information.
Administration Console	This provides the Web-based interface for managing CA Risk Authentication Server and risk evaluation-related configurations.
User Data Service	It installs UDS that acts as an abstraction layer for accessing different types of user repositories, such as relational databases (RDBMSs) and directory servers (LDAPs.)
User Behavior Profiling	It measures the similarity or dissimilarity of the current transaction to prior access by the same user, or that of their peer group in cases of insufficient data.

Example: To install CA Risk Authentication Server, CA Risk Authentication Case Management Server, and Administration Console (without the SDKs and Sample Application) on the current system, you specify:

1,2,4,5

Note: If the Server component was not selected for installation on this screen, then the screens in Step 11 through Step 16 are not shown.

If you are installing in a location where an Advanced Authentication product is already installed, then the installer uses the same database configuration as the installed product. As a result, the screens in Step 11 through Step 15 are not shown.

Specify the number corresponding to your choice of database, and press Enter to continue:
- 1 - Microsoft SQL Server
- 2 - Oracle Database
- 3 - MySQL
Note: CA Risk Authentication is now certified to work with Oracle Real Application Clusters (Oracle RAC). To use Oracle RAC with your CA Risk Authentication Installation, select Oracle Database in this step, perform the next step (Step 12), and then perform the steps in Configuring CA Risk Authentication for Oracle RAC.
Enter the information that is listed in the following table if you specified 1 (SQL Server) in the preceding step.

Parameter	Description
ODBC DSN	The installer creates the DSN by using this value. CA Risk Authentication Server then uses this DSN to connect to the database. The recommended value to enter is arcotdsn. Note: Database Source Name (DSN) specifies the information that is required to connect to a database by using an ODBC driver. This information includes database name, directory, database driver, User ID, and password.
Server	The host name or IP address of the CA Risk Authentication datastore. Default Instance Syntax: <server_name> Example: demodatabase Named Instance Syntax: <server_name>\<instance_name> Example: demodatabase\instance1
User Name	The database user name for CA Risk Authentication to access the database. This name is specified by the database administrator. (MS SQL Server, typically, refers to this as login.) This user must have the create session and DBA rights. Note: The User Name for the Primary and Backup DSNs must be different.
Password	The password associated with the User Name you specified in the previous field and which is used by CA Risk Authentication to access the database. This password is specified by the database administrator.
Database	The name of the MS SQL database instance.
Port Number	The port at which the database listens to the incoming requests. The default port is 1433. However, if you would like to specify another port, enter the port value in this field.

If you specified 2 (Oracle) in the preceding step, enter the following information in the table.

Parameter	Description
ODBC DSN	The installer creates the DSN by using this value. CA Risk Authentication Server then uses this DSN to connect to the CA Risk Authentication database. The recommended value to enter is arcotdsn. Note: Database Source Name (DSN) specifies the information that is required to connect to a database by using an ODBC driver. This information includes database name, directory, database driver, User ID, and password.
User Name	The database user name for CA Risk Authentication to access the database. This name is specified by the database administrator. (MS SQL Server, typically, refers to this as login.) This user must have the create session and DBA rights. Note: The User Name for the Primary and Backup DSNs must be different.
Password	The password associated with the User Name you specified in the previous field and which is used by CA Risk Authentication to access the database. This password is specified by the database administrator.
Service ID	The Oracle System Identifier (SID) that refers to the instance of the Oracle database running on the server.
Port Number	The port at which the database listens to the incoming requests. The default port at which an Oracle database listens is 1521. However, if you would like to specify another port, enter the port value in this field.
Host Name	The host name or IP address of the CA Risk Authentication datastore. Syntax: <server_name> Example: demodatabase If you selected MySQL, then fill in the following information:
Parameter	Description
ODBC DSN	The installer creates the DSN by using this value. CA Risk Authentication Server then uses this DSN to connect to the CA Risk Authentication database. The recommended value to enter is arcotdsn. Note: Database Source Name (DSN) specifies the information that is required to connect to a database by using an ODBC driver. This information includes database name, directory, database driver, User ID, and password.
Server	The host name or IP address of the CA Risk Authentication datastore. Default Instance Syntax: <server_name> Example: demodatabase Named Instance Syntax: <server_name>\<instance_name> Example: demodatabase\instance1
User Name	The database user name for CA Risk Authentication to access the database. This name is specified by the database administrator. This user must have the create session and DBA rights. Note: The User Name for the Primary and Backup DSNs must be different.
Password	The password associated with the User Name you specified in the previous field and which is used by CA Risk Authentication to access the database. This password is specified by the database administrator.
Database	The name of the MySQL database instance.
Port Number	The port at which the database listens to the incoming requests. The default port at which an MySQL database listens is 3306. However, if you would like to specify another port, enter the port value in this field.

Perform one of the following steps on the backup database access configuration screen:
- Type N to skip the configuration of the secondary DSN, when prompted, and press Enter to continue to the next screen.
- Type Y to configure the secondary DSN, when prompted, and press Enter to continue.
See the tables in the previous step for database-specific information about the tasks to be performed.
Press Enter to continue.
Specify the following information for encryption setup:
Master Key

Specifies the password for the Master Key, which is stored at <install_location>\Arcot Systems\conf\securestore.enc and is used to encrypt the data stored in the database. By default, this value is set to MasterKey.

Note: If you want to change the value of Master Key after the installation, then you must regenerate securestore.enc with a new Master Key value. See Changing Hardware Security Module Information After the Installation for more information.

Configure HSM

Identifies if you use a Hardware Security Module (HSM) to encrypt the sensitive data.

If you do not select this option, then by default, the data is encrypted by using the Software Mode.

PIN

Specifies the password to connect to the HSM.

Choose Hardware Module

Specifies HSMs that you plan to use between two options, Luna HSM and nCipher netHSM.

HSM Parameters
Specifies the following HSM information:
- Shared Library: The absolute path to the PKCS#11 shared library corresponding to the HSM.
  For Luna (cryptoki.dll) and for nCipher netHSM (cknfast.dll), specify the absolute path and name of the file.
- Storage Slot Number: The HSM slot where the 3DES keys used for encrypting the data are available.
  For Luna, the default value is 0.
  
  For nCipher netHSM, the default value is 1.
Press Enter.
Carefully review the product details displayed and press Enter to proceed with the installation.
The installation may take several minutes, because the installer does the following tasks in the back-end:
- Copies all the components and their related binaries in the installation directory.
- Stores database settings in the arcotcommon.ini file and the password in the securestore.enc file.
- Writes to the required INI files.
- Sets the environment variables such as, JNI_LIBRARY_PATH for Administration Console and ODBC_HOME, ODBCINI, ORACLE_HOME, and ORACLE_LIB_PATH in the arrfenv file.
- Creates or overwrites, as specified in a previous screen, the Primary DSN and Backup DSN (if selected and configured) by using the selected ODBC driver in the odbc.ini file.
After the preceding tasks are completed successfully, the Installation Complete screen appears.
Press Enter to exit the installer.
Check the installation log file (Arcot_RiskFort_Install_<timestamp>.log), which is available in the <install_location>/arcot/ directory.
To verify that UTF-8 support is enabled, do the following:
1. Navigate to the <install_location>/arcot/odbc32v70wf/odbc.ini file.
2. Locate the [ODBC] section.
3. Ensure that the IANAAppCodePage=106 entry is present in the section.
4. If you do not find this entry, then add it.
5. Save and close the file.

Installation Logs

After you complete the installation, you can access the installation log file (Arcot_RiskFort_Install_<timestamp>.log) in the <install_location> directory.

Example: If you had specified the C:\Program Files directory as the installation directory, then the installation log file is created in the C:\Program Files directory.

If the installation fails for some reason, then error messages are recorded in this log file.