Depending on whether you had earlier deployed RiskMinder on a single system or on a distributed system, perform the tasks that are described in one of the following sections:
To reinstall RiskMinder on a single system, perform the tasks that are described in the following sections:
Note: While you install RiskMinder 3.1.01, ensure that you specify the same primary and backup database details from arcotcommon.ini in the $ARCOT_HOME/conf/ directory.
Important! Ensure that you use the current MA password and not the default password, because the MA password has been reset during the bootstrap process that you performed during 2.x installation.
Note: If there are any warnings during the Server startup and if your transactions fail, then the upgrade has not been performed successfully. You can revert to your initial setup by following the steps that are listed in (In Error Scenario Only) Reverting to Your Initial Setup.
To install (and later configure) RiskMinder on Microsoft Windows successfully, the user account that you plan to use for the installation must belong to the Administrators group. Otherwise, some critical steps in the installation, such as DSN creation and configuration, and RiskMinder service creation, will not complete successfully, though the installation may complete without any errors.
Complete installation allows you to install all components of the RiskMinder package. These components include RiskMinder Server and the scripts that are required for setting up the database that you intend to use for RiskMinder.
Note: Before you proceed with the installation, ensure that all prerequisite software components are installed and the database is set up, as described in "Preparing for Installation" in the CA RiskMinder Installation and Deployment Guide for Microsoft Windows.
Follow these steps:
The Welcome screen appears.
The License Agreement screen appears.
The installer now checks if any other CA product is installed on the computer.
If it does not find an existing CA product installation, then you are prompted for an installation directory. In this case, the Installation Location screen appears.
If the installer detects an existing CA product installation (an existing ARCOT_HOME), then:
The Installation Type screen appears.
The Database Type screen appears.
If you selected Microsoft SQL Server, then the SQL Server Database Details screen appears.
Note: If you are using a SQL database, then ensure that the ODBC Driver version you are using is the same as the one mentioned in "Preparing for Installation" in the CA RiskMinder Installation and Deployment Guide for Microsoft Windows.
If you selected Oracle on the Database Type screen, then the Oracle Database Details screen appears.
Note: CA RiskMinder release 3.1.01 is now certified to work with Oracle Real Application Clusters (Oracle RAC). To use Oracle RAC with your RiskMinder Installation, select Oracle Database in this step, perform the next step (Step 7), and then perform the steps in Configuring CA RiskMinder for Oracle RAC (W).
If you selected MySQL on the Database Type screen, then the MySQL Database Details screen appears.
|
Parameter |
Description |
|---|---|
|
ODBC DSN |
The installer creates the DSN by using this value. RiskMinder Server then uses this DSN to connect to the RiskMinder database. The recommended value to enter is arcotdsn. Note: Database Source Name (DSN) specifies the information that is required to connect to a database by using an ODBC driver. This information includes database name, directory, database driver, User ID, and password. |
|
Server |
The host name or IP address of the RiskMinder datastore. Default Instance
Named Instance
|
|
User Name |
The database user name for RiskMinder to access the database. This name is specified by the database administrator. (MS SQL Server, typically, refers to this as login.) This user must have the create session and DBA rights. Note: The User Name for the Primary and Backup DSNs must be different. |
|
Password |
The password associated with the User Name you specified in the previous field and which is used by RiskMinder to access the database. This password is specified by the database administrator. |
|
Database |
The name of the MS SQL database instance. |
|
Port Number |
The port at which the database listens to the incoming requests. The default port at which an MS SQL database listens is 1433. However, if you would like to specify another port, enter the port value in this field. |
|
Parameter |
Description |
|---|---|
|
ODBC DSN |
The installer creates the DSN by using this value. RiskMinder Server then uses this DSN to connect to the RiskMinder database. The recommended value to enter is arcotdsn. Note: Database Source Name (DSN) specifies the information that is required to connect to a database by using an ODBC driver. This information includes database name, directory, database driver, User ID, and password. |
|
User Name |
The database user name for RiskMinder to access the database. This name is specified by the database administrator. (MS SQL Server, typically, refers to this as login.) This user must have the create session and DBA rights. Note: The User Name for the Primary and Backup DSNs must be different. |
|
Password |
The password associated with the User Name you specified in the previous field and which is used by RiskMinder to access the database. This password is specified by the database administrator. |
|
Service ID |
The Oracle System Identifier (SID) that refers to the instance of the Oracle database running on the server. |
|
Port Number |
The port at which the database listens to the incoming requests. The default port at which an Oracle database listens is 1521. However, if you would like to specify another port, enter the port value in this field. |
|
Host Name |
The host name or IP address of the RiskMinder datastore.
|
Note: If the connection was not successful, ensure that you have specified the correct database details and click Test Data Source again. Do not proceed with the installation unless the database connectivity is successful.
The Encryption Configuration screen appears. Use this screen to select the encryption mode and configure the information that is used for encryption.
|
Field Name |
Description |
|---|---|
|
Master Key |
Specify the password for the Master Key, which is stored at <install_location>\Arcot Systems\conf\securestore.enc and will be used to encrypt the data stored in the database. By default, this value is set to MasterKey. Note: If you want to change the value of Master Key after the installation, then regenerate securestore.enc with a new Master Key value. For more information, see appendix, "Changing Hardware Security Module Information After the Installation" in the CA RiskMinder Installation and Deployment Guide for Microsoft Windows. |
|
Configure HSM |
Select this option only if you will use a Hardware Security Module (HSM) to encrypt the sensitive data. If you do not select this option, then, by default, the data is encrypted by using the Software Mode. |
|
PIN |
Enter the password to connect to the HSM. |
|
Choose Hardware Module |
Choose one of the following HSMs that you plan to use:
|
|
HSM Parameters
Tip: The HSM parameter values are recorded in arcotcommon.ini, which is available in <install_location>\Arcot Systems\conf\. To change these values after installation, edit this file, as discussed in the section titled, Configuration Files and Options" in the CA RiskMinder Installation and Deployment Guide for Microsoft Windows. |
Set the following HSM information:
|
The Microsoft Visual C++ 2010 x86 Redistributable Setup screen appears. This screen appears only if the current system where you are installing RiskMinder does not have Microsoft Visual C++ 2010 x86.
The Installation Progress screen appears. This may take a few seconds. After some time the Installation Is Complete screen appears.
The Installing Arcot RiskFort screen appears. This may take several minutes.
After some time the Installation Complete screen appears.
After installation, you can access the installation log file (Arcot_RiskFort_Install_<timestamp>.log) in the <install_location> directory. For example, if you had specified the C:\Program Files directory as the installation directory, then the installation log file is created in the C:\Program Files directory.
If the installation fails for some reason, then error messages are recorded in this log file.
After you run the required database scripts, verify that the RiskMinder schemas were seeded correctly. To do so:
Note: If you are following the upgrade path, then log in to the database as the user who upgraded the database.
SELECT SERVERNAME, VERSION FROM ARRFSERVERS;
You must see the following output as a result of the preceding query:
SERVERNAME VERSION ------------------------- ---------------- RiskFort 3.1.01 RiskFortCaseManagement 3.1.01
Two components of RiskMinder, User Data Service (UDS) and Administration Console, are web-based and can be deployed on any of the following supported application servers:
Before you deploy the WAR files for these web applications on the application server of your choice, copy the files that are required by UDS and Administration Console to the appropriate location on your application server. This section walks you through the steps to copy the required crypto files to your application server and to deploy the WAR files of these web applications:
Before you deploy the WAR files for UDS and Administration Console on the application server of your choice, ensure that you set the JAVA_HOME environment variable. This JAVA_HOME must be your application server JAVA_HOME.
In addition, %JAVA_HOME%\bin\ must be added to the PATH variable. If you fail to do so, then Administration Console, UDS, and other JDK-dependent components may fail to start.
UDS and Administration Console use the following files to access the RiskMinder database securely:
<install_location>\Arcot Systems\java\lib\
<install_location>\Arcot Systems\native\win\<32bit-or-64bit>\
As a result, these files must be copied to the appropriate location on the application server where you have deployed these RiskMinder components. The following subsections provide information about copying these files for:
To copy the files that are required for database access:
Here, <Tomcat_JAVA_HOME> represents the JAVA_HOME used by your Apache Tomcat instance.
To copy the files that are required for database access:
This path must point to the location where the arcot-crypto-util.jar file is present and must also include the file name. For example, C:\Program Files\Arcot Systems\java\lib\arcot-crypto-util.jar.
This path must point to the location where the ArcotAccessKeyProvider.dll file is present.
Here, <WebSphere_JAVA_HOME> represents the JAVA_HOME used by your IBM WebSphere instance.
To copy the files that are required for database access:
Here, <Weblogic_JAVA_HOME> represents the JAVA_HOME used by your Oracle WebLogic instance.
Note: Ensure that you use the appropriate <JAVA_HOME> used by WebLogic.
To copy the files that are required for database access:
Here, <JBoss_JAVA_HOME> represents the JAVA_HOME used by your JBoss Application Server instance.
RiskMinder requires the following JDBC JAR files for the supported databases:
The following subsections walk you through the steps for copying the JDBC JAR required for your database to one of the following application servers:
To copy the required JDBC JAR file:
To copy the required JDBC JAR file:
Important! This path must point to the location where the <Database_JAR> file is present and must include the file name.
Note: If you are using Oracle database, then do not perform the configurations that are mentioned in this section, because WebLogic supports Oracle database by default.
To copy the required JDBC JAR file in the case of Microsoft SQL Server:
Here, <WebLogic_JAVA_HOME> represents the JAVA_HOME used by your Oracle WebLogic instance.
To copy the required JDBC JAR file:
<JBOSS_HOME>\server\default\lib\
Most enterprise Application Servers (such as WebSphere and Weblogic) enable you to bundle the related Java ARchive (JAR) or Web ARchive (WAR) files from one vendor (say, CA) to a single enterprise application (or archive). As a result, all the related JARs or WARs can be deployed together, and can be loaded by a class loader. This archive also contains an application.xml file, which is generated automatically and describes how to deploy each bundled module.
By default, WAR files are provided to deploy UDS and Administration Console. However if necessary, you can also change the format of these files to Enterprise ARchive (EAR) and then deploy the EAR files.
As discussed in the following subsections, you can either generate separate EAR files for both UDS and Administration Console, or you can generate a single EAR file that contains both web archives.
To create a separate EAR file each for UDS and Administration Console:
java -jar bundle-manager.jar -ear <filename.ear> -warList <filename.war>
The preceding command generates individual EAR files that are available at:
<install_location>\Arcot Systems\java\webapps\
To create a single EAR file that contains UDS and Administration Console Web archives:
java -jar bundle-manager.jar -ear <filename.ear> -warList arcotadmin.war arcotuds.war
The preceding command generates a single EAR file that is available at:
<install_location>\Arcot Systems\java\webapps\
Note: If you are deploying the Administration Console on IBM WebSphere 7.0, then instead of the following instructions, refer to the instructions in the topic that is titled "Deploying Administration Console on IBM WebSphere 7.0" in the CA RiskMinder Installation and Deployment Guide for Microsoft Windows.
Administration Console is a browser-based interface to RiskMinder that enables you to customize the server configurations and manage the deployed system.
You need the arcotadmin.war file to deploy the RiskMinder Administration Console. All Administration Console information is logged in the arcotadmin.log file. After you deploy arcotadmin.war, you can verify if it was correctly deployed by using this log file (arcotadmin.log).
Note: To manage RiskMinder by using Administration Console, ensure that Administration Console can access the system where RiskMinder Server is installed by its host name.
To deploy the Administration Console WAR file on your application server, and to verify if it was successfully deployed, perform the following steps:
Note: The deployment procedure depends on the application server that you are using. See your application server vendor documentation for detailed instructions.
For example, in the case of Apache Tomcat, you must deploy the WAR file at <APP_SERVER_HOME>\webapps\.
<JBOSS_HOME>\common\lib\
<JBOSS_HOME>\server\default\conf\
<appender name="arcotadminlog" class="org.apache.log4j.RollingFileAppender">
<errorHandler class="org.jboss.logging.util.OnlyOnceErrorHandler"></errorHandler>
<param name="Threshold" value="INFO"/>
<param name="MaxFileSize" value="10MB"/>
<param name="MaxBackupIndex" value="100"/>
<param name="Encoding" value="UTF-8"/>
<param name="Append" value="true"/>
<param name="File" value="${arcot.home}/logs/arcotadmin.log"/>
<layout class="org.apache.log4j.PatternLayout">
<param name="ConversionPattern" value="%d{yyyy-MM-dd hh:mm:ss,SSS z} : [%t] : %-5p : %-5c{3} : %m%n"/>
</layout>
<filter class="org.jboss.logging.filter.TCLMCFilter">
<param name="AcceptOnMatch" value="true"/>
<param name="DeployURL" value="arcotadmin.war"/>
</filter>
<!-- end the filter chain here -->
<filter class="org.apache.log4j.varia.DenyAllFilter"></filter>
</appender>
<category name="com.arcot"> <priority value="INFO" /> <appender-ref ref="arcotadminlog"></appender-ref> </category>
Add the following category for cryptographic operations:
<category name="com.arcot.crypto.impl.NCipherCrypter"> <priority value="FATAL" /> <appender-ref ref="arcotadminlog"></appender-ref> </category>
<JBOSS_HOME>\lib\
|
File Name |
Location |
|---|---|
|
jboss-logging-jdk-2.1.1.GA.jar |
http://repo1.maven.org/maven2/org/jboss/logging/jboss-logging-jdk/2.1.1.GA/ |
|
jboss-logging-spi-2.1.1.GA.jar |
http://repo1.maven.org/maven2/org/jboss/logging/jboss-logging-spi/2.1.1.GA/ |
|
jboss-logging-log4j-2.1.1.GA.jar |
http://repo1.maven.org/maven2/org/jboss/logging/jboss-logging-log4j/2.1.1.GA/ |
<install_location>\Arcot Systems\logs\
These lines indicate that your Administration Console was deployed successfully.
When you log in to Administration Console for the first time, use the Master Administrator (MA) credentials that are configured automatically in the database during the deployment.
To log in to Administration Console as MA:
http://<host>:<appserver_port>/arcotadmin/masteradminlogin.htm
Note: The host and port information that you specify in the preceding URL must be of the application server where you deployed Administration Console.
For example, in case of Apache Tomcat, the default host is localhost and port is 8080.
To start RiskMinder Server:
Note: If you want to stop RiskMinder Server, then follow the Steps 1 through 3, and click the Stop button in the service window.
To start Case Management Queuing Server:
Note: If you want to stop the Case Management Queuing Server, then follow the Steps 1 through 3, and click the Stop button in the service window.
RiskMinder can access user data either from a relational database (RDBMS) or directly from an LDAP server by using UDS, which is an abstraction layer that provides RiskMinder seamless access to the third-party data repositories deployed by your organization.
You need the arcotuds.war file to deploy UDS, as follows:
<install_location>\Arcot Systems\java\webapps\
For example, in the case of Apache Tomcat, deploy the WAR file at <APP_SERVER_HOME>\webapps\.
Note: The deployment procedure depends on the application server that you are using. See the application server vendor documentation for detailed instructions.
<JBOSS_HOME>\common\lib\
<JBOSS_HOME>\server\default\conf\
<appender name="arcotudslog" class="org.apache.log4j.RollingFileAppender">
<errorHandler class="org.jboss.logging.util.OnlyOnceErrorHandler"></errorHandler>
<param name="Threshold" value="INFO"/>
<param name="MaxFileSize" value="10MB"/>
<param name="MaxBackupIndex" value="100"/>
<param name="Encoding" value="UTF-8"/>
<param name="Append" value="true"/>
<param name="File" value="${arcot.home}/logs/arcotuds.log"/>
<layout class="org.apache.log4j.PatternLayout">
<param name="ConversionPattern" value="%d{yyyy-MM-dd hh:mm:ss,SSS z} : [%t] : %-5p : %-5c{3}(%L) : %m%n"/>
</layout>
<filter class="org.jboss.logging.filter.TCLMCFilter">
<param name="AcceptOnMatch" value="true"/>
<param name="DeployURL" value="arcotuds.war"/>
</filter>
<!-- end the filter chain here -->
<filter class="org.apache.log4j.varia.DenyAllFilter"></filter>
</appender>
<appender-ref ref="arcotudslog"></appender-ref>
<appender-ref ref="arcotudslog"></appender-ref>
Note: The arcotuds.log file is used for logging UDS-related information.
<install_location>\Arcot Systems\logs\
This line indicates that UDS was deployed successfully.
Important! Sample Application must not be used in production deployments. It is recommended that you build your own web application by using Sample Application as a code-reference.
Sample Application can be used to verify if RiskMinder was installed and configured properly. In addition, it demonstrates:
Sample Application is automatically installed as a part of Complete installation of RiskMinder. To deploy Sample Application:
<install_location>\Arcot Systems\samples\java\
http://<host>:<appserver_port>/riskfort-3.1.01-sample-application/index.jsp
After you have seeded the database schema, deployed UDS and Administration Console, and bootstrapped the system, and started the Server, ensure that all these components have started correctly. The log files that you must verify for this purpose is arcotriskfort.log.
To verify if the server started correctly:
<install_location>\Arcot Systems\logs\
Note: Also ensure that the log files do not contain any FATAL and WARNING messages.
The following risk-evaluation operations can be performed by using Sample Application. Each of these operations is designed to run without error when RiskMinder is installed and functional.
Note: For information about running these operations, see the CA RiskMinder Installation and Deployment Guide for Microsoft Windows.
It is recommended that you fill the following checklist with the installation and setup information for RiskMinder. This information is useful when you perform various administrative tasks.
|
Your Information |
Example Entry |
Your Entry |
|---|---|---|
|
ARCOT_HOME |
C:\Program Files\Arcot Systems |
|
|
SYSTEM INFORMATION |
||
|
Host Name |
my-bank |
|
|
User Name |
administrator |
|
|
Password |
password1234! |
|
|
Configured Components
|
RiskFort Server Administration Console User Data Service |
|
|
ADMINISTRATION CONSOLE INFORMATION |
||
|
Host Name |
localhost |
|
|
Port |
8080 |
|
|
Master Administrator Password |
mypassword1234! |
|
|
USER DATA SERVICE INFORMATION |
||
|
Host Name |
localhost |
|
|
Port |
8080 |
|
|
Application Context Root |
arcotuds |
|
To reinstall RiskMinder on a distributed system, perform the tasks that are described in the following sections:
Important! Use the database that you had migrated earlier during the upgrade operation. In addition, install RiskMinder at the same location where the older release was installed. If you install in a different location, the RiskMinder Server does not start.
Note: While you install RiskMinder 3.1.01, ensure that you specify the same primary and backup database details from arcotcommon.ini in the $ARCOT_HOME/conf/ directory.
Important! Ensure that you use the current MA password and not the default password, because the MA password has been reset during the bootstrap process that you performed during 2.x installation.
Note: If there are any warnings during the Server startup, and if your transactions fail, then the upgrade has not been performed successfully. You can revert to your initial setup by following the steps that are listed in (In Error Scenario Only) Reverting to Your Initial Setup.
To install (and later configure) RiskMinder on Microsoft Windows successfully, the user account that you plan to use for the installation must belong to the Administrators group. Otherwise, some critical steps in the installation, such as DSN creation and configuration, and the RiskMinder service creation, do not complete successfully, though the installation may complete without any errors.
In a distributed scenario, irrespective of how many systems you are distributing RiskMinder, Administration Console, Java SDKs, and Web services across, you typically install RiskMinder Server on the first system. Custom installation allows you to install only the selected components from the package. This option is recommended for advanced users.
Note: Before you proceed with the installation, ensure that all prerequisite software components are installed and the database is set up, as described in "Preparing for Installation" in the CA RiskMinder Installation and Deployment Guide for Microsoft Windows.
To install the RiskMinder components, perform the following tasks:
The Welcome screen appears.
The License Agreement screen appears.
The installer now checks if any other CA product is installed on the computer.
If it does not find an existing CA product installation, then you are prompted for an installation directory. In this case, the Installation Location screen appears.
If the installer detects an existing CA product installation (an existing ARCOT_HOME), then:
The Installation Type screen appears.
The Component Selection screen appears.
For example, to install thev RiskMinder Server, Case Management Queuing Server, and Administration Console (without the SDKs and Sample Application) on the current system, select only the following options:
Note: To install Sample Application only, select the Arcot RiskFort SDKs and Sample Application option and then proceed with the installation.
The following table describes all components that are installed by the RiskMinder installer.
|
Component |
Description |
|---|---|
|
Arcot Risk Evaluation Server |
This option installs the core Processing engine (RiskMinder Server) that serves the following requests from Administration Console:
In addition, this component also installs the following Web services that have been built into the server:
|
|
Arcot Case Management Queuing Server |
This option installs the core Queuing engine (Case Management Queuing Server) that allocates cases to the Customer Support Representatives (CSRs) who work on these cases. Note: At any given point in time, all instances of Administration Console can only connect to this single instance of Case Management Queuing Server. |
|
Arcot RiskFort SDKs and Sample Application |
This option provides programming interfaces (in form of APIs and Web services) that can be invoked by your application to forward risk evaluation requests to RiskMinder Server. This package comprises the following sub-components:
For more information on configuring these components, see "Configuring RiskMinder SDKs and Web Services" in the CA RiskMinder Installation and Deployment Guide for Microsoft Windows. |
|
Arcot Administration Console |
This option provides the Web-based interface for managing RiskMinder Server and risk evaluation-related configurations. |
|
Arcot User Data Service |
This option installs UDS that acts as an abstraction layer for accessing different types of user repositories, such as relational databases (RDBMSs) and directory servers (LDAPs.) |
Note: If you did not select the Arcot Risk Evaluation Server option on this screen, then screens in Step 7 through Step 9 do not appear.
The Database Type screen appears.
If you selected Microsoft SQL Server on the Database Type screen, then the SQL Server Database Details screen appears.
Note: If you are using a SQL database, then ensure that the ODBC Driver version you are using is the same as the one mentioned in the "Configuring Database Server" in the CA RiskMinder Installation and Deployment Guide for Microsoft Windows.
If you selected Oracle Database on the Database Type screen, then the Oracle Database Details screen appears.
Note: CA RiskMinder release 3.1.01 is now certified to work with Oracle Real Application Clusters (Oracle RAC). To use Oracle RAC with your RiskMinder Installation, select Oracle Database in this step, perform the next step (Step 9), and then perform the steps in Configuring CA RiskMinder for Oracle RAC (W).
|
Parameter |
Description |
|---|---|
|
ODBC DSN |
The installer creates the DSN by using this value. RiskMinder Server then uses this DSN to connect to the RiskMinder database. The recommended value to enter is arcotdsn. Note: Database Source Name (DSN) specifies the information that is required to connect to a database by using an ODBC driver. This information includes database name, directory, database driver, User ID, and password. |
|
Server |
The host name or IP address of the RiskMinder datastore. Default Instance
Named Instance
|
|
User Name |
The database user name for RiskMinder to access the database. This name is specified by the database administrator. (MS SQL Server, typically, refers to this as login.) This user must have the create session and DBA rights. Note: The User Name for the Primary and Backup DSNs must be different. |
|
Password |
The password associated with the User Name you specified in the previous field and which is used by RiskMinder to access the database. This password is specified by the database administrator. |
|
Database |
The name of the MS SQL database instance. |
|
Port Number |
The port at which the database listens to incoming requests. The default port at which an MS SQL database listens is 1433. However, if you would like to specify another port, enter the port value in this field. |
|
Parameter |
Description |
|---|---|
|
ODBC DSN |
The installer creates the DSN by using this value. RiskMinder Server then uses this DSN to connect to the RiskMinder database. The recommended value to enter is arcotdsn. Note: Database Source Name (DSN) specifies the information that is required to connect to a database by using an ODBC driver. This information includes database name, directory, database driver, User ID, and password. |
|
User Name |
The database user name for RiskMinder to access the database. This name is specified by the database administrator. (MS SQL Server, typically, refers to this as login.) This user must have the create session and DBA rights. Note: The User Name for the Primary and Backup DSNs must be different. |
|
Password |
The password associated with the User Name you specified in the previous field and which is used by RiskMinder to access the database. This password is specified by the database administrator. |
|
Service ID |
The Oracle System Identifier (SID) that refers to the instance of the Oracle database running on the server. |
|
Port Number |
The port at which the database listens to the incoming requests. The default port at which an Oracle database listens is 1521. However, if you would like to specify another port, enter the port value in this field. |
|
Host Name |
The host name or IP address of the RiskMinder datastore.
|
Note: If the connection was not successful, ensure that you have specified the correct database details and click Test Data Source again. Proceed only if the database connectivity is successful.
The Encryption Setup screen appears. Use this screen to select the encryption mode and configure the information that was used for encryption.
|
Field Name |
Description |
|---|---|
|
Master Key |
Specify the password for the Master Key, which is stored at <install_location>\Arcot Systems\conf\securestore.enc and will be used to encrypt the data stored in the database. By default, this value is set to MasterKey. Note: If you want to change the value of Master Key after the installation, then regenerate securestore.enc with a new Master Key value. For more information, see appendix, "Changing Hardware Security Module Information After the Installation" in the CA RiskMinder Installation and Deployment Guide for Microsoft Windows. |
|
Configure HSM |
Enter y if you want to use a Hardware Security Module (HSM) to encrypt the sensitive data. Alternatively, enter n to use the software encryption. If you do not select this option, then, by default, the data is encrypted by using the Software Mode. |
|
PIN |
Enter the password to connect to the HSM. |
|
Choose Hardware Module |
Choose one of the following HSMs that you plan to use:
|
|
HSM Parameters
Note: The HSM parameter values are recorded in arcotcommon.ini, which is available in <install_location>\Arcot Systems\conf\. To change these values after installation, edit this file, as discussed in "Configuration Files and Options" in the CA RiskMinder Installation and Deployment Guide for Microsoft Windows. |
Set the following HSM information:
|
The Microsoft Visual C++ 2010 x86 Redistributable Setup screen appears. This screen appears only if the current system where you are installing RiskMinder does not have Microsoft Visual C++ 2010 x86.
The Installation Progress screen appears. This may take a few seconds. After some time, the Installation Is Complete screen appears.
The Installing Arcot RiskFort screen appears. This may take several minutes. After some time the Install Complete screen appears.
After installation, you can access the installation log file (Arcot_RiskFort_Install_<timestamp>.log) in the <install_location> directory. For example, if you had specified the C:\Program Files directory as the installation directory, then the installation log file is created in the C:\Program Files directory.
If the installation fails for some reason, then error messages are recorded in this log file.
After you run the required database scripts, verify that the RiskMinder schemas were seeded correctly. To do so:
Note: If you are following the upgrade path, then log in to the database as the user who upgraded the database.
SELECT SERVERNAME, VERSION FROM ARRFSERVERS;
You must see the following output as a result of the preceding query:
SERVERNAME VERSION ------------------------- ---------------- RiskFort 3.1.01 RiskFortCaseManagement 3.1.01
Two components of RiskMinder, User Data Service (UDS) and Administration Console, are web-based and can be deployed on any of the following supported application servers:
Before you deploy the WAR files for these web applications on the application server of your choice, copy the files that UDS and Administration Console require to the appropriate location on your application server. This section walks you through the steps to copy the required crypto files to your application server and to deploy the WAR files of these web applications:
Before you deploy the WAR files for UDS and Administration Console on the application server of your choice, ensure that you set the JAVA_HOME environment variable. This JAVA_HOME must be your application server JAVA_HOME.
In addition, %JAVA_HOME%\bin\ must be added to the PATH variable. If you fail to do so, then Administration Console, UDS, and other JDK-dependent components may fail to start.
UDS and Administration Console use the following files to access the RiskMinder database securely:
<install_location>\Arcot Systems\java\lib\
<install_location>\Arcot Systems\native\win\<32bit-or-64bit>\
As a result, these files must be copied to the appropriate location on the application server where you have deployed these RiskMinder components. The following subsections provide information about copying these files for:
To copy the files:
Here, <Tomcat_JAVA_HOME> represents the JAVA_HOME used by your Apache Tomcat instance.
To copy the files:
This path must point to the location where the arcot-crypto-util.jar file is present and must also include the file name. For example, C:\Program Files\Arcot Systems\java\lib\arcot-crypto-util.jar.
This path must point to the location where the ArcotAccessKeyProvider.dll file is present.
Here, <WebSphere_JAVA_HOME> represents the JAVA_HOME used by your IBM WebSphere instance.
To copy the files:
Here, <WebLogic_JAVA_HOME> represents the JAVA_HOME used by your Oracle WebLogic instance.
Note: Ensure that you use the appropriate <JAVA_HOME> used by WebLogic.
To copy the files:
Here, <JBoss_JAVA_HOME> represents the JAVA_HOME used by your JBoss Application Server instance.
RiskMinder requires the following JDBC JAR files for the supported databases:
The following subsections walk you through the steps for copying the JDBC JAR required for your database to one of the following application servers:
To copy the required JDBC JAR file:
To copy the required JDBC JAR file:
Important! This path must point to the location where the <Database_JAR> file is present and must include the file name.
Note: If you are using Oracle database, then do not perform the configurations that are mentioned in this section, because WebLogic supports Oracle database by default.
To copy the required JDBC JAR file in case of Microsoft SQL Server:
Here, <WebLogic_JAVA_HOME> represents the JAVA_HOME used by your Oracle WebLogic instance.
To copy the required JDBC JAR file:
<JBOSS_HOME>\server\default\lib\
Most enterprise Application Servers (such as WebSphere and WebLogic) enable you to bundle the related Java ARchive (JAR) or Web ARchive (WAR) files from one vendor (say, CA) to a single enterprise application (or archive). As a result, all the related JARs or WARs can be deployed together, and can be loaded by a class loader. This archive also contains an application.xml file, which is generated automatically and describes how to deploy each bundled module.
By default, WAR files are provided to deploy UDS and Administration Console. However if necessary, you can also change the format of these files to Enterprise ARchive (EAR) and then deploy the EAR files.
As discussed in the following subsections, you can either generate separate EAR files for both UDS and Administration Console, or you can generate a single EAR file that contains both Web archives.
To create a separate EAR file each for UDS and Administration Console, follow these steps:
java -jar bundle-manager.jar -ear <filename.ear> -warList <filename.war>
The preceding command generates individual EAR files that are available at:
<install_location>\Arcot Systems\java\webapps\
To create a single EAR file that contains UDS and Administration Console Web archives:
java -jar bundle-manager.jar -ear <filename.ear> -warList arcotadmin.war arcotuds.war
The preceding command generates a single EAR file that is available at:
<install_location>\Arcot Systems\java\webapps\
Note: If you are deploying the Administration Console on IBM WebSphere 7.0, then instead of the following instructions, see the instructions in "Deploying Administration Console on IBM WebSphere 7.0" in the CA RiskMinder Installation and Deployment Guide for Microsoft Windows.
Administration Console is a browser-based interface to RiskMinder that enables you to customize the server configurations and manage the deployed system.
You need the arcotadmin.war file to deploy the RiskMinder Administration Console. All Administration Console information is logged in the arcotadmin.log file. After you deploy arcotadmin.war, you can verify if it was correctly deployed by using this log file (arcotadmin.log). This log file is in the %ARCOT_HOME%\Arcot Systems\logs directory.
Note: To manage RiskMinder by using Administration Console, ensure that Administration Console can access the system where RiskMinder Server is installed by its hostname.
To deploy the Administration Console WAR file on your application server, and to verify if it was successfully deployed, follow these steps:
Note: The deployment procedure depends on the application server that you are using. See your application server vendor documentation for detailed instructions.
For example, in the case of Apache Tomcat, you must deploy the WAR file at <APP_SERVER_HOME>\webapps\.
<JBOSS_HOME>\common\lib\
<JBOSS_HOME>\server\default\conf\
<appender name="arcotadminlog" class="org.apache.log4j.RollingFileAppender">
<errorHandler class="org.jboss.logging.util.OnlyOnceErrorHandler"></errorHandler>
<param name="Threshold" value="INFO"/>
<param name="MaxFileSize" value="10MB"/>
<param name="MaxBackupIndex" value="100"/>
<param name="Encoding" value="UTF-8"/>
<param name="Append" value="true"/>
<param name="File" value="${arcot.home}/logs/arcotadmin.log"/>
<layout class="org.apache.log4j.PatternLayout">
<param name="ConversionPattern" value="%d{yyyy-MM-dd hh:mm:ss,SSS z} : [%t] : %-5p : %-5c{3} : %m%n"/>
</layout>
<filter class="org.jboss.logging.filter.TCLMCFilter">
<param name="AcceptOnMatch" value="true"/>
<param name="DeployURL" value="arcotadmin.war"/>
</filter>
<!-- end the filter chain here -->
<filter class="org.apache.log4j.varia.DenyAllFilter"></filter>
</appender>
<category name="com.arcot"> <priority value="INFO" /> <appender-ref ref="arcotadminlog"></appender-ref> </category> Add the following category for cryptographic operations: <category name="com.arcot.crypto.impl.NCipherCrypter"> <priority value="FATAL" /> <appender-ref ref="arcotadminlog"></appender-ref> </category>
<JBOSS_HOME>\lib\
|
File Name |
Location |
|---|---|
|
jboss-logging-jdk-2.1.1.GA.jar |
http://repo1.maven.org/maven2/org/jboss/logging/jboss-logging-jdk/2.1.1.GA/ |
|
jboss-logging-spi-2.1.1.GA.jar |
http://repo1.maven.org/maven2/org/jboss/logging/jboss-logging-spi/2.1.1.GA/ |
|
jboss-logging-log4j-2.1.1.GA.jar |
http://repo1.maven.org/maven2/org/jboss/logging/jboss-logging-log4j/2.1.1.GA/ |
<install_location>\Arcot Systems\logs\
These lines indicate that your Administration Console was deployed successfully.
When you log in to Administration Console for the first time, use the Master Administrator (MA) credentials that are configured automatically in the database during the deployment.
To log in to Administration Console as MA:
http://<host>:<appserver_port>/arcotadmin/masteradminlogin.htm
Note: The host and port information that you specify in the preceding URL must be of the application server where you deployed Administration Console.
For example, in case of Apache Tomcat, the default host is localhost and port is 8080.
To start RiskMinder Server:
Note: If you want to stop RiskMinder Server, then follow the Steps 1 through 3, and click the Stop button in the service window.
To start Case Management Queuing Server:
Note: If you want to stop the Case Management Queuing Server, then follow the Steps 1 through 3, and click the Stop button in the service window.
RiskMinder can access user data either from a relational database (RDBMS) or directly from an LDAP server by using UDS, which is an abstraction layer that provides RiskMinder seamless access to the third-party data repositories deployed by your organization.
You need the arcotuds.war file to deploy UDS, as follows:
<install_location>\Arcot Systems\java\webapps\
For example, in the case of Apache Tomcat, deploy the WAR file at <APP_SERVER_HOME>\webapps\.
Note: The deployment procedure depends on the application server that you are using. See the application server vendor documentation for detailed instructions.
<JBOSS_HOME>\common\lib\
<JBOSS_HOME>\server\default\conf\
<appender name="arcotudslog" class="org.apache.log4j.RollingFileAppender">
<errorHandler class="org.jboss.logging.util.OnlyOnceErrorHandler"></errorHandler>
<param name="Threshold" value="INFO"/>
<param name="MaxFileSize" value="10MB"/>
<param name="MaxBackupIndex" value="100"/>
<param name="Encoding" value="UTF-8"/>
<param name="Append" value="true"/>
<param name="File" value="${arcot.home}/logs/arcotuds.log"/>
<layout class="org.apache.log4j.PatternLayout">
<param name="ConversionPattern" value="%d{yyyy-MM-dd hh:mm:ss,SSS z} : [%t] : %-5p : %-5c{3}(%L) : %m%n"/>
</layout>
<filter class="org.jboss.logging.filter.TCLMCFilter">
<param name="AcceptOnMatch" value="true"/>
<param name="DeployURL" value="arcotuds.war"/>
</filter>
<!-- end the filter chain here -->
<filter class="org.apache.log4j.varia.DenyAllFilter"></filter>
</appender>
Add the following line in the com.arcot category that you created in Deploying Administration Console:
<appender-ref ref="arcotudslog"></appender-ref>
<appender-ref ref="arcotudslog"></appender-ref>
Note: The arcotuds.log file is used for logging UDS-related information.
<install_location>\Arcot Systems\logs\
This line indicates that UDS was deployed successfully.
After you install the RiskMinder Server and Administration Console, install the other remaining components on the second system in this distributed environment. The specific components to install must have been determined when you performed your planning in "Planning the Deployment" in the CA RiskMinder Installation and Deployment Guide for Microsoft Windows.
Note: Before you proceed with the installation, ensure that all prerequisite software components are installed on this system as described in "Preparing for Installation" in the CA RiskMinder Installation and Deployment Guide for Microsoft Windows.
To install the RiskMinder components on the subsequent system:
Typically, you install the Java SDKs for Risk Evaluation and Sample Application.
Important! Sample Application must not be used in production deployments. It is recommended that you build your own web application by using Sample Application as a code-reference.
Sample Application can be used to verify if RiskMinder was installed and configured properly. In addition, it demonstrates:
Note: If you did not install Sample Application during the installation, then you can install only Sample Application by running the installer again and by selecting the SDKs and Sample Application options and proceed with the installation.
To deploy Sample Application on your application server:
<install_location>\Arcot Systems\samples\java\
http://<host>:<appserver_port>/riskfort-3.1.01-sample-application/index.jsp
The riskfort.risk-evaluation.properties file provides the parameters for the Java SDK and Sample Application to read RiskMinder Server information. Therefore, after deploying Sample Application, configure it to communicate with RiskMinder Server. This file is only available after you deploy the RiskFort Sample Application WAR file, riskfort-3.1.01-sample-application.war.
To configure the riskfort.risk-evaluation.properties file:
In case of Apache Tomcat, this file is available at:
<App_Home\riskfort-3.1.01-sample-application>\WEB-INF\classes\properties\
Here, <App_Home\riskfort-3.1.01-sample-application\> represents the directory path where RiskMinder application WAR files are deployed.
A default value is specified for the remaining parameters in the file. You can change these values, if necessary. For more information about configuration parameters, see "riskfort.risk-evaluation.properties" in the CA RiskMinder Installation and Deployment Guide for Microsoft Windows.
Set the following parameters:
For example, you can specify one of the following values:
Important! In the absolute path that you specify, ensure that you use \\ or / instead of \. This is because the change may not work, if you use the conventional \ that is used in Microsoft Windows for specifying paths.
To verify if the server started correctly:
<install_location>\Arcot Systems\logs\
Note: Also ensure that the log files do not contain any FATAL and WARNING messages.
The following risk-evaluation operations can be performed by using Sample Application. Each of these operations is designed to run without error when RiskMinder is installed and functional.
Note: For information about running these operations, see the CA RiskMinder Installation and Deployment Guide for Microsoft Windows.
It is recommended that you fill the following checklist with the installation and setup information for RiskMinder. This information is useful when you perform various administrative tasks.
|
Your Information |
Example Entry |
Your Entry |
|---|---|---|
|
ARCOT_HOME |
C:\Program Files\Arcot Systems |
|
|
SYSTEM INFORMATION |
||
|
Host Name |
my-bank |
|
|
User Name |
administrator |
|
|
Password |
password1234! |
|
|
Configured Components
|
RiskFort Server Administration Console User Data Service |
|
|
ADMINISTRATION CONSOLE INFORMATION |
||
|
Host Name |
localhost |
|
|
Port |
8080 |
|
|
Master Administrator Password |
mypassword1234! |
|
|
USER DATA SERVICE INFORMATION |
||
|
Host Name |
localhost |
|
|
Port |
8080 |
|
|
Application Context Root |
arcotuds |
|
During upgrade, if there are any warnings during the Server startup and if your transactions fail, then you may want to revert to your initial setup.
To revert to the initial setup:
Note: For information about the procedure to uninstall RiskMinder, see "Uninstalling RiskMinder" in the CA RiskMinder Installation and Deployment Guide for UNIX Platforms.
Note: For installation instructions, see the CA RiskMinder Installation and Deployment Guide that is shipped with the corresponding release.
This section describes the tasks that you must perform after upgrading to release 3.1.01.
Follow these steps:
Reconfigure SSL as follows:
This configuration is required because most administrative tasks, such as instance management and protocol configuration, are done using these ports in Administration Console in release 3.1.01.
Note: For instructions on setting up SSL between Administration Console and RiskMinder Server or Case Management Queuing Server, see "Configuring SSL" in the CA RiskMinder Administration Guide.
Note: For more information about setting the organization-specific base currency code, see Managing Global Configurations" in the CA RiskMinder Administration Guide.
Four of the predefined rules have been deprecated in release 3.1. Alternative rules have been introduced for these deprecated rules. The following table lists the deprecated and new rules and rule mnemonics:
|
Deprecated Rule Name and Rule Mnemonic |
New Rule Name and Rule Mnemonic |
|---|---|
|
DeviceID Known (DEVICEIDCHECK) |
Unknown DeviceID (UNKNOWNDEVICEID) |
|
Device MFP Match (SIGMATCH) |
Device MFP Not Match (MFPMISMATCH) |
|
User Associated with DeviceID (USERDEVICEASSOCIATED) |
User Not Associated with DeviceID (USERDEVICENOTASSOCIATED) |
|
User Known (USERKNOWN) |
Unknown User (UNKNOWNUSER) |
Important! Although these rules have been deprecated, they are still available and can be used after the upgrade. However, it is recommended that you replace each deprecated rule with the corresponding new rule by making the required changes in the rule expression.
For any of the four deprecated rules, if the rule evaluates to No, then the rule is considered to have matched and it is used for scoring. In contrast, each of the other predefined rules is considered to have matched when they evaluate to Yes.
In each of the four new rules that is introduced in release 3.1, if the rule evaluates to Yes, then the rule is considered to have matched. In this way, the four new rules are consistent with the other predefined rules.
The following table lists examples that highlight the difference between the deprecated rules and new rules:
|
Sample Use Case |
Deprecated Rule |
Deprecated Rule Result |
New Rule |
New Rule Result |
|
User does not exist in the RiskMinder database. |
USERKNOWN |
No |
UNKNOWNUSER |
Yes |
|
DeviceID does not exist in the RiskMinder database. |
DEVICEIDCHECK |
No |
UNKNOWNDEVICEID |
Yes |
|
MFP does not exist in the RiskMinder database. |
SIGMATCH |
No |
MFPMISMATCH |
Yes |
|
User is not associated with the DeviceID. |
USERDEVICEASSOCIATED |
No |
USERDEVICENOTASSOCIATED |
Yes |
Follow these steps:
To modify a rule expression:
Activate the Organizations tab.
Click the Search Organization link under Manage Organizations.
Click the Search button on the Search Organization page to display the list of organizations.
Click the name of the organization.
Click the RiskFort Configuration tab.
The Rules and Scoring Management page appears.
The configuration information for the specified ruleset appears.
The Rule Builder page opens.
Note: For detailed information about migrating a rule to the production environment and refreshing the cache, see the CA RiskMinder Administration Guide.
For information about the configuration changes made by the upgrade process, see “Reviewing Configuration Changes After Upgrade” in the CA RiskMinder Installation and Deployment Guide for Microsoft Windows.
|
Copyright © 2013 CA Technologies.
All rights reserved.
|
|