Install the First System

CA Strong Authentication Windows Installation Guide › How to Deploy CA Strong Authentication on Distributed Systems › Install the First System

Install the First System

To install CA Strong Authentication the user account that you plan to use for installation must belong to the Administrators group.

In a distributed scenario you install CA Strong Authentication Server on the first system. Custom installation allows you to install only the selected components from the package. This option is recommended for advanced users.

Follow these steps:

Double-click the installer CA Strong Authentication-<version_number>-Windows-Installer.exe.
Click the Next button to proceed.
The License Agreement screen appears.
Accept the license agreement carefully and click the Next.
The installer now checks if any other CA product is installed on the computer.

If it does not find an existing CA product installation, you are prompted for an installation directory. In this case, the Installation Location screen appears.

If the installer detects an existing CA product installation, you are not prompted for an installation directory. The Installation Location Screen: Previous Installation Detected screen appears when an existing ARCOT_HOME was located on the computer.
Accept the default directory specified by the installer or click Choose to navigate and to specify a different directory.
Click Next to install in the specified directory.

The Installation Type screen appears.
Select the Custom option to install the selected components and click Next.
The Component Selection screen appears.
Deselect the components that are not required. By default, all components are selected for installation.
The following table describes all available components:

Component	Description
CA Strong Authentication Server	This option installs the core Processing engine (CA Strong Authentication Server) that serves the following requests from SDKs, CA Advanced Authentication, and web services: Credential Issuance Configurations Credential Authentication Configurations Server Configurations In addition, this component also enables you to access the following Web services: Authentication and Authorization Web service - Provides the programming interface for authenticating and authorizing users. Issuance SDK and Web Services - Provides the programming interface for creating, reading, and updating user credential information in the CA Strong Authentication database. Authentication Web Service - Provides the programming interface for authenticating users. Credential Management Web Service - Provides the programming interface for creation and management of user credentials. Administration Web Service - Provides the programming interface used by the CA Strong Authentication Administration Console. Bulk Operations Web Service: Provides the programming interface for uploading and fetching OATH tokens.
Java SDK and WS	This option provides programming interfaces (in form of APIs and Web Services) that can be invoked by your application to forward authentication and user credential issuance requests to the CA Strong Authentication Server. This package comprises the following sub-components: Authentication Java SDK and Web Services- Provides the programming interface for authentication with CA Strong Authentication Server. Credential Management Java SDK and Web Services - Provides the programming interface for creation and management of user credentials. Administration Web Service - Provides the programming interface for creating configurations. Bulk Operations Web Service: Provides the programming interface for uploading and fetching OATH tokens. Refer to chapter, "Configuring CA Strong Authentication Java SDKs and Web Services" for more information on configuring these components.
Sample Application	This option provides Web-based interface for demonstrating the usage of the Java APIs. In addition it is able to perform credential management and authentication requests.
CA Advanced Authentication	This option provides the Web-based interface for managing CA Strong Authentication Server and authentication-related configurations.
User Data Service	This option installs UDS that acts as an abstraction layer for accessing different types of user repositories, such as relational databases (RDBMSs) and directory servers (LDAPs.)

After you have selected all the desired components for installation, click Next.
The Database Type screen appears.
Select the database type, and then click Next to proceed.
Depending on the database you selected, the corresponding Database Details screen appears.

Note: CA Strong Authentication supports Oracle Real Application Clusters (Oracle RAC). To use Oracle RAC select Oracle Database in this step, and then perform the steps in Configuring CA Strong Authentication for Oracle RAC.

Depending on the database that you selected, perform one of the following steps:

Microsoft SQL Server Database Details
1. Enter the required information as described in the following table:

Field	Description
ODBC DSN	CA Strong Authentication Server uses the ODBC DSN to connect to the database. The recommended value to enter is arcotdsn. The installer creates the DSN using this value.
Server	The host name or IP address of the database server. If SQL server is deployed in Named Instance mode, then you must also enter a slash "\" followed by the instance name, refer to vendor documentation for more information on this. Default Instance Syntax: <Server Name> Example: demodatabase Named instance Syntax: <Server Name>\<instance name> Example: demodatabase\instance1
User Name	The user account that is used to access the database (SQL Server refers to this as login). This name is specified by the database administrator. Note: The User Name for the Primary and Backup DSN must be different.
Password	The password that that is associated with the user account. This password is specified by the database administrator.
Database	The name of the database that.
Port Number	The port on which the database server listens to the incoming requests.

Test for successful database connection by clicking Test Data Source.
After completing the test, click Next to proceed.
Go to Step 10.

IBM DB2 (UDB) Database Details
1. Enter the required information as described in the following table:

Field	Description
ODBC DSN	CA Strong Authentication Server uses the ODBC DSN to connect to the database. The recommended value to enter is arcotdsn. The installer creates the DSN using this value.
Server	The host name or IP address of the database server. If the database is deployed in Named Instance mode, then you must also enter a slash "\" followed by the instance name, refer to vendor documentation for more information on this. Default Instance Syntax: <Server Name> Example: demodatabase Named instance Syntax: <Server Name>\<instance name> Example: demodatabase\instance1
User Name	The user account that is used to access the database (SQL Server refers to this as login). This name is specified by the database administrator. Note: The User Name for the Primary and Backup DSN must be different.
Password	The password that is associated with the user account. This password is specified by the database administrator.
Port Number	The port on which the database server listens to the incoming requests.
Database	The name of the database that CA Strong Authentication will access.

Click Next to proceed.
Go to Step 10.

Oracle Database Details
1. Enter the required information as described in the following table:

Field	Description
ODBC DSN	CA Strong Authentication Server uses the ODBC DSN to connect to the CA Strong Authentication database. The recommended value to enter is arcotdsn. The installer creates the DSN using this value.
User Name	The User Name that CA Strong Authentication uses to access the database. This name is specified by the database administrator. Note: The User Name for the Primary and Backup DSN should be different.
Password	The password that CA Strong Authentication uses to access the database. This password is specified by the database administrator.
Service ID	The Oracle System Identifier that refers to the instance of the Oracle database running on the Oracle server.
Port Number	The port on which the database server listens to the incoming requests.
Host Name	The host name or the IP address of the computer where the Oracle server is available. Syntax: <Host Name or IP address> Example: demodatabase

Test for successful database connection by clicking Test Data Source.
After completing the test, click Next to proceed.

MySQL Database Details
1. Enter the required information as described in the following table:

Field	Description
ODBC DSN	CA Strong Authentication Server uses the ODBC DSN to connect to the CA Strong Authentication database. The recommended value to enter is arcotdsn. The installer creates the DSN using this value.
Server	The host name or IP address of the database server. If SQL server is deployed in Named Instance mode, then you must also enter a slash "\" followed by the instance name, refer to vendor documentation for more information on this. Default Instance Syntax: <Server Name> Example: demodatabase Named instance Syntax: <Server Name>\<instance name> Example: demodatabase\instance1
User Name	The User Name that CA Strong Authentication uses to access the database (SQL Server refers to this as login). This name is specified by the database administrator. Note: The User Name for the Primary and Backup DSN must be different.
Password	The password that CA Strong Authentication uses to access the database. This password is specified by the database administrator.
Database	The name of the database that CA Strong Authentication will access.
Port Number	The port on which the database server listens to the incoming requests.

Test for successful database connection by clicking Test Data Source.
After completing the test, click Next to proceed.
Go to Step 10.

The Encryption Configuration screen appears. This screen is used to select the encryption mode and set the information used for encryption.

Enter the following information in this screen:
- Master Key: Enter the master key, which will be used to encrypt the data stored in the database. By default, the value of master key is set to MasterKey. This key is stored in the securestore.enc file located at <install_location>\Arcot Systems\conf.
  If you want to change the value of the master key after the installation, then you must regenerate the securestore.enc file with a new master key value. For more information, see the CA Strong Authentication Administration Guide.
- Configure HSM: Select this option only if you want to use a Hardware Security Module (HSM) to encrypt the sensitive data. If not selected, the default software mode is used to encrypt the data.
  Note: The following options are enabled only if you choose to Configure HSM.
- PIN: Enter the password that is used to connect to the HSM.
- Choose Hardware Module: Choose the HSM that you plan to use. Following are the HSMs that CA Strong Authentication supports:
  - Luna HSM
  - nCipher netHSM
- HSM Parameters: Set the following HSM information:
  - Shared Library: The absolute path to the PKCS#11 shared library corresponding to the HSM.
    For Luna (cryptoki.dll) and for nCipher netHSM (cknfast.dll), specify the absolute path and name of the file.
- Storage Slot Number: The HSM slot where the 3DES keys used for encrypting the data are present. The default value for Luna is 0, and for nCipher netHSM the default value is 1.
Click Next to continue.

The Pre-Installation Summary screen appears.
If you want to change any of the installation settings, then click the Previous button or click the Install button to proceed with the installation.
The Microsoft Visual C++ 2010 x86 Redistributable Setup screen appears. This screen appears only if the current system where you are installing CA Strong Authentication does not have Microsoft Visual C++ 2010 x86.
Select the I have read and accept the license terms option, and click Install.
The Installation Progress screen appears. This might take a few seconds. After some time the Installation Is Complete screen appears.
Click Finish.
Click Done to exit the installation wizard.