Previous Topic: Install CA ControlMinder Enterprise Management on WindowsNext Topic: Block HTTP Access on the Enterprise Management Server


Install CA ControlMinder Enterprise Management on Linux

Installing CA ControlMinder Enterprise Management installs all the Enterprise Management Server components. Prepare the Enterprise Management Server before you install CA ControlMinder Enterprise Management.

Use the console installation to install CA ControlMinder Enterprise Management on a Linux computer.

Follow these steps:

  1. Shut down the JBoss Application Server if it is running.
  2. Stop CA ControlMinder services if you are installing CA ControlMinder Enterprise Management on a computer that already has CA ControlMinder installed. Perform the following steps:
    1. Enter the following command to stop CA ControlMinder services:
      /opt/CA/AccessControl/bin/secons -sk
      

      CA ControlMinder is stopped.

    2. Enter the following command to unload CA ControlMinder:
      /opt/CA/AccessControl/bin/SEOS_load -u
      

    CA ControlMinder is stopped and the computer is ready for installation.

  3. Complete the following steps:
    1. Insert the appropriate CA ControlMinder Server Components DVD for your operating system into your optical disc drive.
    2. Mount the optical disc drive. Do not specify the noexec option. If you specify the noexec option, the installation fails.

      Note: In some releases of Linux, the operating system automounts the optical disc drive with the noexec option.

    3. Open a terminal window and set a writeable temporary directory as the working directory.

      Note: The installer unpacks the installation files to the working directory. If you specify a working directory on the optical media, the installation fails because the installer cannot unpack the files.

    4. Execute the installer, specifying the full path to the installer in the command. For example, if you mount the optical disc drive in the /media directory, enter the following command:
      	/media/EnterpriseMgmt/Disk1/InstData/NoVM/install_EntM.bin -i console
      

      Important! If you install CA ControlMinder Enterprise Management for High Availability, specify the same FIPS key on the primary and secondary Enterprise Management Servers. Specify a custom FIPS key if you install CA ControlMinder Enterprise Management for High Availability with FIPS support.

      Important! The product does not support special characters in the installation directory path.

    The InstallAnywhere console appears after a few moments.

  4. Complete the prompts as required. The following installation inputs are not self-explanatory:
    Select Installation Mode

    Defines the Enterprise Management Server installation mode:

    • Primary Enterprise Management Server—Select to install the primary Enterprise Management Server.
    • Load Balancing Enterprise Management Server—Select to install a Load Balancing Enterprise Management Server.
    Important! Installation mode applies to new installations only.
    Java Development Kit (JDK)

    Defines the location of an existing JDK.

    JBoss Application Server Information

    Defines the JBoss instance that you want to install the application on.

    You need to:

    • Define the JBoss folder, which is the top directory where you have JBoss installed.

      For example, /opt/jboss-4.2.3.GA

    • Define the port JBoss uses.
    • Define the port JBoss uses for secure communications (HTTPS).
    • Define the naming port number.

    Note: The CA ControlMinder Enterprise Management installation program does not use the default JBoss ports but instead adds 10000 to the default JBoss port numbers. For example, the installation program uses port number 18080 rather than port number 8080 for HTTP connections. Ensure that you specify the ports that JBoss uses.

    Communication Password

    (Primary Enterprise Management Server Only) Defines the password used for CA ControlMinder Enterprise Management Server inter-component communication.

    Note: CA ControlMinder Enterprise Management uses the communication password to manage the Message Queue keystore and administrator account, handle communication between CA ControlMinder Enterprise Management and the endpoints and manage the Java Connection Server.

    Primary Enterprise Management Server Information

    (Load Balancing Enterprise Management Server Only) Defines the Primary Enterprise Management Server host name or IP address and the full pathname to the FIPS key.

    Note: By default, the FIPS key is located in the following path, where JBoss_HOME is the directory where you installed JBoss:

    JBoss_HOME/server/default/deploy/IdentityMinder.ear/config/com/netegrity/config/keys

    Database Information

    Defines the connection details to the RDBMS:

    • Database Type—Specifies a supported RDBMS.
    • Host Name—Defines the name of the host where you have the RDBMS installed.
    • Port Number—Defines the port used by the RDBMS you specified. The installation program provides the default port for your RDBMS.
    • Service Name—(Oracle) Defines the name that identifies your RDBMS on the system. For example, for Oracle Database 10g this is orcl by default.
    • Database Name—(MS SQL) Defines the name of the database you created.
    • Username—Defines the name of the user that you created when you prepared the database.

      Note: You granted this user the appropriate database permissions when you prepared the database.

    • Password—Defines the RDBMS password of the user that you created when you prepared the database.

    The installation program checks the connection to the database before it continues.

    User Store Type

    Defines the user store type CA ControlMinder Enterprise Management uses. Select one of the following:

    • Embedded User Store—CA ControlMinder Enterprise Management stores user information in the RDBMS.
    • Active Directory—you specify the connection information details in the next screen.
    • Other User Store—you specify the user store configuration information after the CA ControlMinder Enterprise Management installation completes.

    Note: To deploy login authorization policies to UNAB, you must select either Active Directory or Other User Store as the user store. If you select Active Directory or Other User Store as the user store, you cannot create or delete users and groups in CA ControlMinder Enterprise Management. For more information about UNAB and Active Directory restrictions, see the Enterprise Administration Guide.

    Active Directory Settings

    Defines the Active Directory user store settings:

    • Host—Defines the Domain Controller host name of Active Directory.
    • Port—Defines the port used by default for LDAP queries against Active Directory, for example, 389.
    • Search Root—Defines the search root, for example, ou=DomainName, DC=com.

      Note: Set the Search Root at least one node higher in the directory tree than the Distinguished Names (DNs) for the users specified for User DN and System User. Otherwise, Enterprise Management might launch without displaying any tabs.

    • User DN—Defines the Active Directory user account name that is used to manage CA ControlMinder Enterprise Management. For example: CN=Administrator, cn=Users, DC=DomainName, DC=Com.

      Note: This user issues LDAP queries against Active Directory. You can choose to define a user with read-only privileges for this parameter. However, if you define a user with read-only privileges, you cannot assign admin roles or privileged access roles to users in CA ControlMinder Enterprise Management. Instead, you modify the member policy for each role to point to an Active Directory group.

    • Password—Defines the password of the Active Directory user account that is used to manage CA ControlMinder Enterprise Management.

    The installation program checks the connection to Active Directory before continuing.

    Note: You can use the DSQUERY directory querying utility to discover the user Distinguished Name (User DN). You must run this query on the Active Directory server. For example:

    dsquery user -name administrator
    "CN=Administrator,CN=Users,DC=lab.DC=demo"
    
    System User

    (Active Directory only) Defines the DN of the Active Directory user who is assigned the System Manager admin role in CA ControlMinder Enterprise Management.

    Example: CN=SystemUser, ou=OrganizationalUnit, DC=DomainName, DC=Com

    Note: By default, a user with the System Manager admin role can perform, create, and manage all tasks in CA ControlMinder Enterprise Management. For more information about the System Manager admin role, see the Enterprise Administration Guide.

    Administrator Password

    (Embedded user store only) Defines the password of superadmin, the CA ControlMinder Enterprise Management administrator. Make a note of the password so you can log in to CA ControlMinder Enterprise Management when the installation is complete.

    Note: In this step you create the superadmin user in the embedded user store. The superadmin user is assigned the System Manager admin role in CA ControlMinder Enterprise Management. You log in as superadmin the first time you log in to CA ControlMinder Enterprise Management. For more information about the System Manager admin role, see the Enterprise Administration Guide.

  5. Review the pre-installation summary information. If the information is correct, press Enter.

    CA ControlMinder Enterprise Management is installed.

  6. Press Enter.

    The installer closes.

  7. Reboot the computer, if necessary.

    Proceed to configure CA ControlMinder Enterprise Management for your enterprise.