Installation and Upgrade Guides › Policy Server Installation Guide › Installing the Policy Server on Windows Systems › How to Install the Policy Server on Windows

How to Install the Policy Server on Windows

To install the Policy Server complete the following procedures:

1. Review the Policy Server component considerations.
2. Review the policy store considerations.
3. Review the FIPS considerations.
4. Gather information for the Policy Server installer.
5. Run the Policy Server installer.
6. (Optional) If you configured SNMP, enable SNMP event trapping.
7. (Optional) If you do not use the Policy Server installer to configure a policy store, manually configure the policy store.

More information:

Reinstall the Policy Server

Policy Server Component Considerations

In addition to the Policy Server, the installer can install and configure the following components. Review the following items before installing the Policy Server:

• OneView Monitor

  The OneView Monitor enables the monitoring of SiteMinder components.

  Note: A supported Java SDK and ServletExec/AS is required to configure the OneView Monitor.

• Policy store

  Note: The key store and the certificate data store are automatically configured and collocated with the policy store.

• SNMP

  Be sure that you have an SNMP Service (Master OS Agent) installed with your Windows operating system before installing the Policy Server.

  Note: For more information about installing the SNMP Service, see the Windows online help system.

• Audit Logs

  You can store audit logs in either a relational database or a text file. After you install the Policy Server, audit logging is set to a text file and not to ODBC by default.

Note: For a list of supported CA and third-party components, refer to the SiteMinder r12.5 Platform Support Matrix on the Technical Support site.

More information:

Locate the Platform Support Matrix

Certificate Data Store

Policy Store

Policy Store Considerations

Consider the following items before running the Policy Server installer or the Policy Server Configuration wizard:

• The Policy Server installer and the Policy Server Configuration wizard can automatically configure one of the following stores as a policy store:
  • Microsoft Active Directory Lightweight Directory Services (AD LDS)

    Note: Be sure that you have met the prerequisites for configuring AD LDS as a policy store.

  • Oracle^® Directory Enterprise Edition (formerly Sun Java^™ System Directory Server)

    Important! The Policy Server installer and the Policy Server Configuration wizard cannot automatically configure a policy store that is being connected to using an SSL connection.

  • Microsoft SQL Server^®
  • Oracle RDBMS
• (RDB policy store) The Policy Server installer or the Policy Server Configuration Wizard use specific database information to create the policy store data source. The Policy Server uses this data source to communicate with the policy store. Consider the following items:
  • The name of data source is CA SiteMinder DSN.
  • The installer saves the data source to the Microsoft ODBC Data Source Administrator tool, under the System DSN tab.
• (RDB policy store) Verify that the database server that is to host the policy store is configured to store objects in UTF–8 form. This configuration avoids possible policy store corruption.
  • (Oracle) Be sure that the database is configured to store objects in UTF–8 form. Oracle supports unicode within many of their character sets. For more information about configuring your database to store objects in UTF–8 form, see your vendor–specific documentation.
  • (SQL Server) Be sure that the database is configured using the default collation (SQL_Latin1_General_CP1_CI_AS). Using a collation that is case–sensitive can result in unexpected behaviors. For more information about configuring your database to store objects using the default collation, see your vendor–specific documentation.
• The certificate data store is automatically collocated with the policy store.
• You manually configure any other supported directory server or relational database as a policy store after installing the Policy Server. Configuring a policy store manually is detailed in this document.

More information:

Configuring SiteMinder Data Stores in a Relational Database

FIPS Considerations

The Policy Server uses certified Federal Information Processing Standard (FIPS) 140-2 compliant cryptographic libraries. FIPS is a US government computer security standard that is used to accredit cryptographic modules that meet the Advanced Encryption Standard (AES). The libraries provide a FIPS mode of operation when a SiteMinder environment only uses FIPS-compliant algorithms to encrypt sensitive data.

You can install the Policy Server in one of the following FIPS modes of operation.

Note: The FIPS mode a Policy Server operates in is system-specific. For more information, see the SiteMinder r12.5 Platform Support Matrix on the Technical Support site.

• FIPS-compatibility mode—The default FIPS mode of operation during the installation is FIPS-compatibility mode. In FIPS-compatibility mode, the environment uses existing SiteMinder algorithms to encrypt sensitive data and is compatible with previous versions SiteMinder:
  • The use of FIPS-compliant algorithms in your environment is optional.
  • If your organization does not require the use of FIPS-compliant algorithms, install the Policy Server in FIPS-compatibility mode. No further configuration is required.
• FIPS-migration mode—FIPS-migration mode lets you transition an r12.5 environment running in FIPS-compatibility mode to FIPS-only mode.

  In FIPS-migration mode, the r12.5 Policy Server continues to use existing SiteMinder encryption algorithms as you migrate the r12.5 environment to use only FIPS-compliant algorithms.

  Install the Policy Server in FIPS-migration mode if you are in the process of configuring the existing environment to use only FIPS-compliant algorithms.

• FIPS-only mode—In FIPS-only mode, the environment only uses FIPS-compliant algorithms to encrypt sensitive data.

  Install the Policy Server in FIPS-only mode if the existing environment is upgraded to r12.5 and the existing environment is configured to use only FIPS-compliant algorithms.

  Important! A r12.5 environment that is running in FIPS-only mode cannot operate with versions of SiteMinder that do not also fully support FIPS (that is, versions before r12.0). This restriction applies to all agents, custom software using older versions of the Agent API, and custom software using PM APIs or any other API that the Policy Server exposes. Relink all such software with the r12.5 versions of the respective SDKs to achieve the required FIPS support.

Note: For more information about migrating an environment to use only FIPS-compliant algorithms, see the Upgrade Guide.

More information:

Locate the Platform Support Matrix