Previous Topic: Run the Prerequisite Software Installation Utility

Next Topic: Install CA Access Control Enterprise Management on Linux

Implementation GuideInstalling the Enterprise Management ServerHow to Install the Enterprise Management Server Components

How to Install the Enterprise Management Server Components

The Enterprise Management Server components let you centrally manage your enterprise deployment of CA Access Control. After you install the Enterprise Management Server components, you install the reporting service and the CA Access Control and UNAB endpoints.

Before you begin the implementation, verify that the computers you are using meet the required hardware and software specifications.

Note: For more information about the required hardware and software specifications, see the CA Access Control Compatibility Matrix that is available from the CA Access Control product page on CA Support.

To install the Enterprise Management Server components, do the following:

  1. Prepare the Enterprise Management Server.

    Before you install the Enterprise Management Server, prepare the computer by installing and configuring the prerequisites.

    Note: We recommend that you install the latest software updates and patches for your system before you install the Enterprise Management Server.

  2. Install the master CA Access Control Enterprise Management.

    All the web-based applications, the Distribution Server, the DMS, and CA Access Control are installed.

  3. (Optional) Install the Load Balancing Enterprise Management Servers.
  4. (Optional) Configure the Enterprise Management Server to use Sun ONE directory or CA Directory user stores.

    You can define CA Access Control Enterprise Management to use the Sun ONE or CA Directory user stores in place of Active Directory or the relational database user store.

  5. (Optional) Configure the Enterprise Management Server for SSL communication, as follows:
    1. Configure JBoss for SSL communications.
    2. (Active Directory) Configure the Enterprise Management Server for SSL communication.
  6. (Optional) Set up advanced configuration.

    Use the CA Identity Manager Management Console to perform advanced configuration tasks, such as to modify the properties of the central database to generate custom reports and configure CA Access Control Enterprise Management to send email notifications when a specific event occurs.

  7. (Optional) Implement enterprise reporting.

    The Enterprise Management Server provides reporting capabilities through a CA Business Intelligence Common Reporting server (CA Access Control Report Portal).

  8. (Optional) Integrate with CA User Activity Reporting Module.

    You have installed the Enterprise Management Server. You can now install and configure your endpoints.

More information:

How to Set Up Reporting Service Server Components

Distribution Server Requirements

Install CA Access Control Enterprise Management on Windows

Installing CA Access Control Enterprise Management installs all the Enterprise Management Server components. You must prepare the Enterprise Management Server before you install CA Access Control Enterprise Management.

We recommend that you use the Prerequisite Kit installer to initiate the CA Access Control Enterprise Management installation. This installer installs the prerequisite third-party software and then starts the CA Access Control Enterprise Management installation.

Note: You cannot install CA Access Control Enterprise Management by network install. Copy the entire contents of the Disk 1 directory of the CA Access Control Premium Edition Server Components DVD to your installation directory or map a drive to the DVD instead.

Follow these steps:

  1. Stop JBoss Application Server if it is running.
  2. Stop CA Access Control services if you are installing CA Access Control Enterprise Management on a computer that already has CA Access Control installed.
  3. Insert the CA Access Control Premium Edition Server Components DVD for Windows into your optical disc drive.
  4. Expand the Components folder in the Product Explorer, select CA Access Control Enterprise Management, then click Install.
    1. (Optional) Specify the full pathname of a custom FIPS key to use during installation.

      For example, to install with a custom FIPS key located at C:\tmp\FIPS.key:

      E:\EnterpriseMgmt\Disk1\InstData\NoVM\install_EntM.exe -DFIPS_KEY=C:\tmp\FIPSkey.dat

    Important! If you install CA Access Control Enterprise Management for High Availability, specify the same FIPS key on the primary and secondary Enterprise Management Servers. Specify a custom FIPS key if you install CA Access Control Enterprise Management for High Availability with FIPS support.

  5. Complete the wizard as required. The following installation inputs are not self-explanatory:
    Select Installation Mode

    Defines the Enterprise Management Server installation mode:

    • Primary Enterprise Management Server—Select to install the primary Enterprise Management Server.
    • Load Balancing Enterprise Management Server—Select to install a Load Balancing Enterprise Management Server.

    Important! Installation mode applies to new installations only.

    Choose Install Folder

    Defines the full path of the installation folder.

    Default: \ProgramFiles\CA\AccessControlServer\

    Note: On 64 bit operating systems the default installation folder is:

    \Program Files(x86)\CA\AccessControlServer\
    Java Development Kit (JDK)

    Defines the location of an existing JDK.

    Note: If you launch the CA Access Control Enterprise Management installation immediately after you use the CA Access Control Premium Edition Third Party Component DVDs to install the prerequisite software, this wizard page does not appear. The installation utility configures the installation settings on this page based on the values you provided in the prerequisite software installation process.

    JBoss Application Server Information

    Defines the JBoss instance that you want to install the application on.

    To do this, define the:

    • JBoss folder, which is the top directory where you have JBoss installed.

      For example, C:\jboss-4.2.3.GA on Windows or /opt/jboss-4.2.3.GA on Solaris.

    • URL, which is the IP address or host name of the computer you are installing on.
    • Port JBoss uses.
    • Port JBoss uses for secure communications (HTTPS).
    • Naming port number.

    Note: If you launch the CA Access Control Enterprise Management installation immediately after you use the CA Access Control Premium Edition Third Party Component DVDs to install the prerequisite software, this wizard page does not appear. The installation utility configures the installation settings on this page based on the values you provided in the prerequisite software installation process.

    Communication Password

    (Primary Enterprise Management Server Only) Defines the password used for CA Access Control Enterprise Management Server inter-component communication.

    Note: CA Access Control Enterprise Management uses the communication password to manage the Message Queue keystore and administrator account, handle communication between CA Access Control Enterprise Management and the endpoints and manage the Java Connection Server.

    Primary Enterprise Management Server Information

    (Load Balancing Enterprise Management Server Only) Defines the Primary Enterprise Management Server host name or IP address and the full pathname to the FIPS key.

    Note: By default, the FIPS key is located in the following path, where JBoss_HOME is the directory where you installed JBoss:

    JBoss_HOME/server/default/deploy/IdentityMinder.ear/config/com/netegrity/config/keys

    Database Information

    Defines the connection details to the RDBMS:

    • Database Type—Specifies a supported RDBMS.
    • Host Name—Defines the name of the host where you have the RDBMS installed.
    • Port Number—Defines the port used by the RDBMS you specified. The installation program provides the default port for your RDBMS.
    • Service Name—(Oracle) Defines the name that identifies your RDBMS on the system. For example, for Oracle Database 10g this is orcl by default.
    • Database Name—(MS SQL) Defines the name of the database you created.
    • Username—Defines the name of the user that you created when you prepared the database.

      Note: You granted this user the appropriate database permissions when you prepared the database.

    • Password—Defines the RDBMS password of the user that you created when you prepared the database.

    The installation program checks the connection to the database before it continues.

    Active Directory Settings

    Defines the Active Directory user store settings:

    • Host—Defines the Domain Controller host name of Active Directory.
    • Port—Defines the port used by default for LDAP queries against Active Directory, for example, 389.
    • Search Root—Defines the search root, for example, ou=DomainName, DC=com.

      Note: Set the Search Root at least one node higher in the directory tree than the Distinguished Names (DNs) for the users specified for User DN and System User. Otherwise, Enterprise Management might launch without displaying any tabs.

    • User DN—Defines the Active Directory user account name that is used to manage CA Access Control Enterprise Management. For example: CN=Administrator, cn=Users, DC=DomainName, DC=Com.

      Note: This user issues LDAP queries against Active Directory. You can choose to define a user with read-only privileges for this parameter. However, if you define a user with read-only privileges, you cannot assign admin roles or privileged access roles to users in CA Access Control Enterprise Management. Instead, you modify the member policy for each role to point to an Active Directory group.

    • Password—Defines the password of the Active Directory user account that is used to manage CA Access Control Enterprise Management.

    The installation program checks the connection to Active Directory before continuing.

    Note: You can use the DSQUERY directory querying utility to discover the user Distinguished Name (User DN). You must run this query on the Active Directory server. For example:

    dsquery user -name administrator
"CN=Administrator,CN=Users,DC=lab.DC=demo"
    System User

    (Active Directory only) Defines the DN of the Active Directory user who is assigned the System Manager admin role in CA Access Control Enterprise Management.

    Example: CN=SystemUser, ou=OrganizationalUnit, DC=DomainName, DC=Com

    Note: By default, a user with the System Manager admin role can perform, create, and manage all tasks in CA Access Control Enterprise Management. For more information about the System Manager admin role, see the Enterprise Administration Guide.

    Administrator Password

    (Embedded user store only) Defines the password of superadmin, the CA Access Control Enterprise Management administrator. Make a note of the password so you can log in to CA Access Control Enterprise Management when the installation is complete.

    Note: In this step you create the superadmin user in the embedded user store. The superadmin user is assigned the System Manager admin role in CA Access Control Enterprise Management. You log in as superadmin the first time you log in to CA Access Control Enterprise Management. For more information about the System Manager admin role, see the Enterprise Administration Guide.

    The Enterprise Management Server is installed after you complete the wizard. Reboot the computer to complete the installation.

  6. Select Yes, restart my system and click Done.

    The computer reboots. You can now configure CA Access Control Enterprise Management for your enterprise.

More information:

Active Directory Restrictions