The purpose of this scenario is to describe the steps that you follow to upgrade from CA ControlMinder r8.0SP1. The upgrade process in the chapter assumes that you installed CA ControlMinder r8.0SP1 components on separate computers.
The information in this section is intended for system or CA ControlMinder administrators that are tasked with managing CA ControlMinder.
The following diagram illustrates the steps to complete to upgrade from CA ControlMinder r8.0SP1:
Important!
You upgrade your existing CA ControlMinder r8.0SP1 deployment by following these steps:
Before you install the Enterprise Management Server, prepare the computer by installing and configuring the prerequisites.
Note: The installation also upgrades the password PMD.
Note: You cannot upgrade the Policy Manager. Use CA ControlMinder Endpoint Management to manage policies on the endpoints.
CA ControlMinder Enterprise Management requires a relational database management system (RDBMS). You set it up before you install CA ControlMinder Enterprise Management.
You have two options for setting up your database to work with CA ControlMinder Enterprise Management:
Database preparation and CA ControlMinder Enterprise Management installation are separate. The database administrator can review and control the changes that CA ControlMinder makes to the database.
The CA ControlMinder Enterprise Management installation populates the database as part of the installation process.
Follow these steps:
Note: For a list of supported RDBMS software, see the Release Notes.
Verify that the database can be accessed locally and from a remote client.
This user must have the following permissions and settings:
The database must have the sort order SQL_Latin1_General_CP1_CI_AS.
The deployment scripts define four default user accounts that CA ControlMinder Enterprise Management uses (superadmin, selfreguser, neteautoadmin, [default user]). You can change the names of these default accounts and their passwords.
Important! Customize the scripts only if you plan to use the embedded user store. If you use Active Directory, CA ControlMinder Enterprise Management does not store account information in the central database. For more information, refer to the Implementation Guide.
Installing CA ControlMinder Enterprise Management installs all the Enterprise Management Server components. You prepare the Enterprise Management Server before you install CA ControlMinder Enterprise Management.
We recommend that you use the Prerequisite Kit installer to initiate the CA ControlMinder Enterprise Management installation. This installer installs the prerequisite third-party software and then starts the CA ControlMinder Enterprise Management installation.
Follow these steps:
The InstallAnywhere installation program starts.
\EnterpriseMgmt\Disk1\InstData\NoVM
-DFIPS_KEY=full_pathname_to_FIPS_key
For example, to install with a custom FIPS key located at C:\tmp\FIPS.key:
E:\EnterpriseMgmt\Dis1\InstData\NoVM\install_EntM_r125.exe -DFIPS_KEY=C:\tmp\FIPSkey.dat
Important! If you install CA ControlMinder Enterprise Management for High Availability, specify the same FIPS key on the primary and secondary Enterprise Management Servers. Specify a custom FIPS key if you install CA ControlMinder Enterprise Management for High Availability with FIPS support.
The InstallAnywhere installation program starts.
Defines the location of an existing JDK.
Note: If you launch the CA ControlMinder Enterprise Management installation immediately after you use the CA ControlMinder Third Party Component DVDs to install the prerequisite software, this wizard page does not appear. The installation utility configures the installation settings on this page based on the values you provided in the prerequisite software installation process.
Defines the JBoss instance that you want to install the application on.
To do this, define the:
For example, C:\jboss-4.2.3.GA on Windows or /opt/jboss-4.2.3.GA on Solaris.
(Primary Enterprise Management Server Only) Defines the password used for CA ControlMinder Enterprise Management Server inter-component communication.
Note: CA ControlMinder Enterprise Management uses the communication password to manage the Message Queue keystore and administrator account, handle communication between CA ControlMinder Enterprise Management and the endpoints and manage the Java Connection Server.
Defines the connection details to the RDBMS:
Note: You granted this user the appropriate database permissions when you prepared the database.
The installation program checks the connection to the database before it continues.
Defines the user store type CA ControlMinder Enterprise Management uses. Select one of the following:
Note: To deploy login authorization policies to UNAB, you must select either Active Directory or Other User Store as the user store. If you select Active Directory or Other User Store as the user store, you cannot create or delete users and groups in CA ControlMinder Enterprise Management. For more information about UNAB and Active Directory restrictions, see the Enterprise Administration Guide.
Defines the Active Directory user store settings:
Note: Set the Search Root at least one node higher in the directory tree than the Distinguished Names (DNs) for the users specified for User DN and System User. Otherwise, Enterprise Management might launch without displaying any tabs.
Note: This user issues LDAP queries against Active Directory. You can choose to define a user with read-only privileges for this parameter. However, if you define a user with read-only privileges, you cannot assign admin roles or privileged access roles to users in CA ControlMinder Enterprise Management. Instead, you modify the member policy for each role to point to an Active Directory group.
The installation program checks the connection to Active Directory before continuing.
Note: You can use the DSQUERY directory querying utility to discover the user Distinguished Name (User DN). You must run this query on the Active Directory server. For example:
dsquery user -name administrator "CN=Administrator,CN=Users,DC=lab.DC=demo"
(Active Directory only) Defines the DN of the Active Directory user who is assigned the System Manager admin role in CA ControlMinder Enterprise Management.
Example: CN=SystemUser, ou=OrganizationalUnit, DC=DomainName, DC=Com
Note: By default, a user with the System Manager admin role can perform, create, and manage all tasks in CA ControlMinder Enterprise Management. For more information about the System Manager admin role, see the Enterprise Administration Guide.
(Embedded user store only) Defines the password of superadmin, the CA ControlMinder Enterprise Management administrator. Make a note of the password so you can log in to CA ControlMinder Enterprise Management when the installation is complete.
Note: In this step you create the superadmin user in the embedded user store. The superadmin user is assigned the System Manager admin role in CA ControlMinder Enterprise Management. You log in as superadmin the first time you log in to CA ControlMinder Enterprise Management. For more information about the System Manager admin role, see the Enterprise Administration Guide.
CA ControlMinder Enterprise Management is installed after you complete the wizard. Reboot the computer to complete the CA ControlMinder Enterprise Management installation.
You can now configure CA ControlMinder Enterprise Management for your enterprise.
The CA ControlMinder Product Explorer lets you select between different architecture installations of CA ControlMinder and install the Runtime SDK. The Product Explorer uses a graphical interface to install CA Access Control and provides interactive feedback.
Follow these steps:
If you have autorun enabled, the Product Explorer automatically appears. Otherwise, navigate to the optical disc drive directory and double-click the PRODUCTEXPLORERX86.EXE file.
You need to select the installation option that matches the architecture of the computer you are installing on (32-bit, 64-bit x64, or 64-bit Itanium).
The Choose Setup Language window appears.
The CA ControlMinder installation program starts loading and, after a short while, the Introduction screen appears.
Note: If the installation program detects an existing installation of CA ControlMinder, you are prompted to select whether you want to upgrade CA ControlMinder.
During the installation, the installation program prompts you to supply information. For the information that you need when installing CA ControlMinder, refer to the installation worksheets.
The installation program installs CA ControlMinder. When the installation is complete, you are given the choice of restarting Windows now or later.
After your system reboots, you can check that CA ControlMinder was installed properly.
Note: If you choose to restart your computer later, an additional warning cautions you that the installation is not complete until your computer is rebooted. Some CA ControlMinder functionality, such as logon interception, does not work until after you restart your computer.
You can install CA ControlMinder on any supported OS using the install_base script. This is an interactive script but you can also run it silently.
Note: Before you run the install_base script, make sure you decide which functionality you want to install and review the install_base command so you know how to initiate the installation of this functionality. You may also want to learn first how the install_base script works.
Follow these steps:
ACInstallDir/bin/secons ‑sk ACInstallDir/bin/SEOS_load -u
To install CA ControlMinder, you need to have root permissions.
Important! If you are installing on HP from an optical disk drive, you need to ensure the proper reading of file names from the DVD. To prevent the file names from being forced into a shortened and all‑uppercase format, enter the pfs_mountd & and the pfsd & commands and make sure that the following four daemons are invoked: pfs_mountd, pfsd.rpc, pfs_mountd.rpc, and pfsd. For more information, see the man pages of the particular pfs* daemons and commands.
To run the install_base script you need to accept the End User License Agreement. After you have read the license agreement, you can continue the installation by entering the command found at the end of that file. To get the license file name and location, run install_base -h.
The install_base script starts and, based on your choices, prompts you for the appropriate installation questions.
Note: The installation script finds the appropriate compressed tar file, so typing the name the tar file for your platform is optional.
Now the CA ControlMinder installation is complete; however, it is not yet running.
Example: Upgrade to CA ControlMinder r12.6SP1 for UNIX Using Silent Install
This example shows you how to upgrade an existing CA ControlMinder r8.0SP1 endpoint to CA ControlMinder r12.6SP1 for UNIX. In this example, you install CA ControlMinder using the parameters file that enables you to install new features on the endpoint.
You use the install_base script to install CA ControlMinder r12.6SP1 in silent mode. For more information, refer to the Implementation Guide.
\Unix\Access-Control\
Use the -autocfg command and specify to use the parameters file you customized.
CA ControlMinder r12.6SP1 is installed with the options you specified.
Example: The parameters file
The parameters file lets you select the software components to add to the endpoint. If you install CA ControlMinder in native installation mode, you customize the file before you begin the installation. If you install CA ControlMinder in interactive mode, you can extract the installation parameters into a file and then customize the installation parameters.
The following is a snippet from the parameters file:
# Specifies whether you want to configure PUPM Agent # Values: "yes", "no" # Default: "no" INSTALL_PUPM="yes" # Specifies whether enables KBL audit records management # Values: yes, no # Default: no ENABLE_KBL=yes
In this example, you specified to install the SAM Integration on, (INSTALL_PUPM=yes). and enabled keyboard logging on the endpoint, (ENABLE_KBL=yes).
Example: Install the Client and Server Packages with Default Features
The following command shows how to initiate the install_base interactive script to install the client and server packages with all default CA ControlMinder features. During the installation you are asked to answer questions related to installing the client and server packages of CA ControlMinder.
/dvdrom/Unix/Access‑Control/install_base
Note: As we did not specify a package to install, the install_base command installs both client and server packages.
Example: Install the Client Package with STOP Enabled to a Custom Directory
The following command shows how to initiate the install_base interactive script to install the client package to the /opt/CA/AC directory, and enable the Stack Overflow Protection option.
/dvdrom/Unix/Access‑Control/install_base -client -stop -d /opt/CA/AC
Copyright © 2013 CA Technologies.
All rights reserved.
|
|