To install the Policy Server complete the following procedures:
In addition to the Policy Server, the installer can install and configure the following components. Review the following items before installing the Policy Server:
The OneView Monitor enables the monitoring of CA SiteMinder® components.
Note: A supported Java SDK and ServletExec/AS is required to configure the OneView Monitor.
Note: The key store and the certificate data store are automatically configured and collocated with the policy store.
Be sure that you have an SNMP Service (Master OS Agent) installed with your Windows operating system before installing the Policy Server.
Note: For more information about installing the SNMP Service, see the Windows online help system.
You can store audit logs in either a relational database or a text file. After you install the Policy Server, audit logging is set to a text file and not to ODBC by default.
Note: For a list of supported CA and third-party components, refer to the CA SiteMinder® 12.52 SP1 Platform Support Matrix on the Technical Support site.
Consider the following items before running the Policy Server installer or the Policy Server Configuration wizard:
Note: Be sure that you have met the prerequisites for configuring AD LDS as a policy store.
Important! The Policy Server installer and the Policy Server Configuration wizard cannot automatically configure a policy store that is being connected to using an SSL connection.
The Policy Server uses certified Federal Information Processing Standard (FIPS) 140-2 compliant cryptographic libraries. FIPS is a US government computer security standard that is used to accredit cryptographic modules that meet the Advanced Encryption Standard (AES). The libraries provide a FIPS mode of operation when a CA SiteMinder® environment only uses FIPS-compliant algorithms to encrypt sensitive data.
You can install the Policy Server in one of the following FIPS modes of operation.
Note: The FIPS mode a Policy Server operates in is system-specific. For more information, see the CA SiteMinder® 12.52 SP1 Platform Support Matrix on the Technical Support site.
In FIPS-migration mode, the 12.52 SP1 Policy Server continues to use existing CA SiteMinder® encryption algorithms as you migrate the 12.52 SP1 environment to use only FIPS-compliant algorithms.
Install the Policy Server in FIPS-migration mode if you are in the process of configuring the existing environment to use only FIPS-compliant algorithms.
Install the Policy Server in FIPS-only mode if the existing environment is upgraded to 12.52 SP1 and the existing environment is configured to use only FIPS-compliant algorithms.
Important! A 12.52 SP1 environment that is running in FIPS-only mode cannot operate with versions of CA SiteMinder® that do not also fully support FIPS (that is, versions before r12.0). This restriction applies to all agents, custom software using older versions of the Agent API, and custom software using PM APIs or any other API that the Policy Server exposes. Relink all such software with the 12.52 SP1 versions of the respective SDKs to achieve the required FIPS support.
Note: For more information about migrating an environment to use only FIPS-compliant algorithms, see the Upgrade Guide.
The Policy Server installer requires specific information to install the Policy Server and any optional components.
Gather the following required information before running the Policy Server installer or the Configuration wizard. You can use the Required Information Worksheet to record your values.
Default: C:\Program Files\CA
Limits: 6 to 24 characters.
Gather the following required information to configure Microsoft Active Directory LDS as a policy store:
Example: dc=ca,dc=com
Example: CN=user1,CN=people,CN=Configuration,CN=guid
Note: This user must have the necessary permissions to modify attributes and change passwords.
siteminder
Limits:
Note: We recommend that you do not use the default superuser for day-to-day operations. Rather, use the default superuser to access the Administrative UI for the first–time and then create an administrator with superuser permissions.
Gather the following required information to configure Oracle Directory Server to function as a policy store:
Default: 389
Example: o=yourorg.com
Example: cn=Directory Manager
Note: This user must have the necessary permissions to modify attributes and change passwords.
siteminder
Limits:
Note: We recommend that you do not use the default superuser for day-to-day operations. Rather, use the default superuser to access the Administrative UI for the first–time and then create an administrator with superuser permissions.
To configure Microsoft SQL Server as a policy store, gather the following required information:
Identify the IP address or name of the database host system.
Note: For more information about IPv6 support, see the CA SiteMinder® Platform Support Matrix.
Identify the named instance or the name of the database that is to function as the policy store.
Identify the port on which the database is listening.
Identify the name and password of an administrator account with permission to do the following operations:
Note: If the CA SiteMinder® schema is already present in the database, the wizard does not require the credentials of a database administrator with create permission. For more information, see Configure a SQL Server Policy Store.
The default CA SiteMinder® superuser account has maximum permissions. Determine the password for the default superuser account. The name of the default account is:
siteminder
Limits:
Note: We recommend that you do not use the default superuser for day-to-day operations. Rather, use the default superuser to access the Administrative UI for the first–time and then create an administrator with superuser permissions.
Gather the following required information to configure Oracle RDBMS as a policy store.
Identify the IP address or the name of the database host system.
Note: For more information about IPv6 support, see the CA SiteMinder® Platform Support Matrix.
Identify the service name of the database that is to function as the policy store.
Identify the port on which the database is listening.
Identify the name of an administrator account with permission to do the following operations:
Identify the password of the administrator account.
The default CA SiteMinder® superuser account has maximum permissions. Determine the password for the default superuser account. The name of the default account is:
siteminder
Limits:
Note: We recommend that you do not use the default superuser for day-to-day operations. Rather, use the default superuser to access the Administrative UI for the first–time and then create an administrator with superuser permissions.
You only have to gather OneView Monitor information if you plan on configuring the OneView Monitor.
Gather the following required information to configure the OneView Monitor. You can use the OneView Monitor Information Worksheet to record your values.
Example: /usr/local/NewAtlanta/ServletExecAS
Example: /sunjavasystem_home/location
Specifies the installed location of the Sun Java System.
Specifies the installed location of the Sun Java System Web servers.
You install the Policy Server using the installation media on the Technical Support site.
Note: For a list of installation media names, see the Policy Server Release Notes.
Follow these steps:
Specifies the name of the Policy Server installation executable.
The installer starts.
siteminder
Example: [2001:db8::1428:57ab]
The Policy Server and all selected components are installed and configured.
Note: If you experience problems during the installation, you can locate the installation log file and the policy store details file in siteminder_home\siteminder\install_config_info.
Specifies the Policy Server installation path.
Copyright © 2014 CA.
All rights reserved.
|
|