Previous Topic: Agent Installation Compared to Agent ConfigurationNext Topic: How to Configure Certain Settings for the SiteMinder WSS Agent for IIS Manually


Run the Unattended or Silent Installation and Configuration Programs for your Agent for IIS

The unattended or silent installation option can help you automate the installation and configuration process. This method saves time if you have a large CA SiteMinder® Web Services Security environment that uses many agents with identical settings.

For example, suppose the Agents in your environment use the same web server version, installation directory, Agent Configuration Object and Policy Servers. Use the installation wizard or console-based installation program for your first installation. Afterwards, you could create your own script to run the installation program with the .properties file the wizard or console-based installation program created.

Follow these steps:

  1. Run the following wizards on your first IIS web server (in the order shown):
    1. The CA SiteMinder® Web Services Security Installation wizard.
    2. The CA SiteMinder® Web Services Security Configuration wizard.
  2. Locate the following file on your first IIS web server:
    WSS_home\install_config_info\ca-wss-installer.properties
    

    Note: If the path contains spaces, surround it with quotes.

    WSS_Home

    Specifies the path to where CA SiteMinder® Web Services Security is installed.

    Default: C:\Program Files\CA\Web Services Security

  3. Perform each of the following steps on the other IIS web server nodes in your environment:

    Note: To automate this process, create your own customized script to execute these files on your systems. Use any scripting language that you want.

    1. Create a temporary directory on an IIS web server node.
    2. Copy the following files from your first IIS web server (from Steps 1 and 2) to the temporary directory on your other IIS web server:
      • The SiteMinder WSS Agent Installation executable file.
      • The ca-pepconfig-installer.properties file.
    3. Open a Command Prompt window with Administrative privileges in the temporary directory.
    4. Run the following command:
      agent_executable -f properties_file -i silent
      

      The SiteMinder WSS Agent for IIS is installed and configured on the node automatically.

    5. (Optional) Delete the temporary directory from your web server node.
  4. Repeat Step 3 for each additional web server in your CA SiteMinder® environment that uses the configuration that the settings in your ca-wss-installer.properties file specify.
Add CA SiteMinder® Web Services Security Protection to Additional Virtual Sites on IIS Web Servers Silently

If your IIS web server already has a SiteMinder WSS Agent for IIS installed, you can protect any additional virtual websites on the web server. For example, if you add two new virtual sites named Example2 and Example3 to your IIS server, you can protect web services on them with CA SiteMinder® Web Services Security.

If you do not want to run configuration wizard, or if you have many IIS web servers in a server farm, use the silent mode.

The CA SiteMinder® Web Services Security configuration program supports a silent or unattended mode that requires no interaction from the end user.

Follow these steps:

  1. Locate the following file on your first IIS web server.
    WSS_Home\install_config_info\ca-wss-installer.properties
    
    WSS_Home

    Specifies the path to where CA SiteMinder® Web Services Security is installed.

    Default: C:\Program Files\CA\Web Services Security

  2. Perform each of the following steps on the IIS web servers to which you want to protect the additional virtual sites:

    Note: To automate this process, create your own customized script to execute these files on your systems. Use any scripting language that you want.

    Note: In this context, the first server refers to the IIS web server in a farm where the shared configuration information is stored. A node refers to any other IIS web servers in the farm which read the shared configuration from the first server.

    1. Create a temporary directory on an IIS web server node.
    2. Copy the following files from your first IIS web server (from Steps 1 and 2) to the temporary directory on your IIS web server node:
      • SiteMinder WSS Agent configuration executable file (ca-pep-config.exe).
      • SiteMinder WSS Agent ca-wss-installer.properties file.
    3. Open the ca-wss-installer.properties file with a text editor.
    4. Locate the following parameter:
      CONFIGURE_SITES=

      Specifies the names of IIS 7.x web sites to protect on an IIS 7.x web server. Verify that these names match those names shown in under the Sites folder in the Internet Information Services (IIS) Manager of your web server. Separate multiple website names with commas.

      For more information, see the comments in the ca-wss-installer.properties file.

      Example: Default Web Site,Example1,Example2

    5. Add the names of the web sites you want to configure to the previous parameter. Remove the names of any other sites on the web server that you want to leave unchanged.
    6. Locate the following parameter:
      HOST_REGISTRATION_YES=

      Specifies if the agent configuration program registers the agent with a Policy Server. Each web server requires only one trusted host registration is required. Set the value of this parameter to 0 if you have previously registered a web server with the Policy Server as a trusted host.

      Default: 1 (yes)

      Limits: 0 (no registration), 1 (registration)

    7. If the IIS web server is already registered as a trusted host with the CA SiteMinder® Policy Server, change the value of the previous parameter to 0. Otherwise, the configuration program registers the web server as a trusted host.
    8. Open a Command Prompt window with Administrative privileges in the temporary directory.

      Important! Before running a CA SiteMinder® utility or executable on Windows Server 2008, open the command-line window with administrator permissions. Open the command-line window this way, even if your account has administrator privileges.

    9. Run the following command:
      ca-pep-config.exe -f ca-wss-installer.properties -i silent
      

      The SiteMinder WSS Agent for IIS is installed and configured on the node automatically.

    10. (Optional) Delete the temporary directory from your web server node.
  3. Repeat Step 2 for each additional IIS web server node in your environment that uses the configuration specified by the settings in your ca-wss-installer.properties file.
Remove a SiteMinder WSS Agent Configuration from an IIS Web Server Silently

To remove the CA SiteMinder® Web Services Security protection from all the websites on an IIS web server without using the CA SiteMinder® Web Services Security configuration wizard, use silent or unattended mode. This mode requires no interaction from the end user.

Follow these steps:

  1. Locate the following file on your first IIS web server.
    WSS_Home\install_config_info\ca-wa-installer.properties
    
    WSS_Home

    Specifies the path to where CA SiteMinder® Web Services Security is installed.

    Default: C:\Program Files\CA\Web Services Security

  2. Perform each of the following steps on the IIS web servers to which you want to remove protection from virtual sites:

    Note: To automate this process, create your own customized script to execute these files on your systems. Use any scripting language that you want.

    Note: In this context, the first server refers to the IIS web server in a farm where the shared configuration information is stored. A node refers to any other IIS web servers in the farm which read the shared configuration from the first server.

    1. Open the following directory on an IIS web server node.
      WSS_Home\install_config_info
      
    2. Copy the ca-wss-installer.properties file from your first IIS web server (from Step 1) to the install_config_info directory on your IIS web server node.
    3. Open the ca-wss-installer.properties file with a text editor.
    4. Locate the following parameter:
      UNCONFIGURE_SITES=

      Specifies the names of IIS 7.x web sites from which to remove CA SiteMinder® Web Services Security protection on an IIS 7.x web server. Verify that these names match those names shown in under the Sites folder in the Internet Information Services (IIS) Manager of your web server. Separate multiple website names with commas.

      Removing the SiteMinder WSS Agent configuration from a website leaves its resources unprotected.

      For more information, see the comments in the ca-soasm-installer.properties file.

      Example: Default Web Site,Example4,Example5

    5. Enter the names of the websites you want to unconfigure in the previous parameter.
    6. Locate the following parameter:
      CONFIGURE_SITES=

      Specifies the names of IIS 7.x web sites to protect on an IIS 7.x web server. Verify that these names match those names shown in under the Sites folder in the Internet Information Services (IIS) Manager of your web server. Separate multiple website names with commas.

      For more information, see the comments in the ca-wss-installer.properties file.

      Example: Default Web Site,Example1,Example2

    7. Verify that the previous parameter contains no website names.
    8. Open a command prompt window with Administrative privileges.

      Important! Before running a CA SiteMinder® utility or executable on Windows Server 2008, open the command-line window with administrator permissions. Open the command-line window this way, even if your account has administrator privileges.

    9. Run the following command:
      ca-pep-config.exe -f properties_file -i silent
      

      The websites are unconfigured on the node automatically.

  3. Repeat Step 2 for each additional IIS web server node in your environment that uses the configuration specified by the settings in your ca-wss-installer.properties file.
Remove CA SiteMinder® Web Services Security Protection From Some Virtual Sites on IIS Web Servers Silently

If your IIS web server already has a SiteMinder WSS Agent for IIS installed, you can remove protection from some virtual websites on the web server. For example, suppose you want to remove protection from only two of the virtual sites named Example4 and Example5 from to your IIS server. Modify the ca-wss-installer.properties file to remove the configuration from those two virtual websites while leaving the protection for the other websites unchanged.

If you do not want to run the configuration wizard, or if you have many IIS web servers in a server farm, use the silent mode.

The CA SiteMinder® Web Services Security configuration program supports a silent or unattended mode that requires no interaction from the end user.

Follow these steps:

  1. Locate the following file on your first IIS web server.
    WSS_Home\install_config_info\ca-wa-installer.properties
    
    WSS_Home

    Specifies the path to where CA SiteMinder® Web Services Security is installed.

    Default: C:\Program Files\CA\Web Services Security

  2. Perform each of the following steps on the IIS web servers from which you want to remove the protection of the additional virtual sites:

    Note: To automate this process, create your own customized script to execute these files on your systems. Use any scripting language that you want.

    Note: In this context, the first server refers to the IIS web server in a farm where the shared configuration information is stored. A node refers to any other IIS web servers in the farm which read the shared configuration from the first server.

    1. Copy the ca-wss-installer.properties file from your first IIS web server (from Step 1) to the install_config_info directory on your IIS web server node:
    2. Open the ca-wss-installer.properties file with a text editor.
    3. Locate the following parameter:
      UNCONFIGURE_SITES=

      Specifies the names of IIS 7.x web sites from which to remove CA SiteMinder® Web Services Security protection on an IIS 7.x web server. Verify that these names match those names shown in under the Sites folder in the Internet Information Services (IIS) Manager of your web server. Separate multiple website names with commas.

      Removing the SiteMinder WSS Agent configuration from a website leaves its resources unprotected.

      For more information, see the comments in the ca-soasm-installer.properties file.

      Example: Default Web Site,Example4,Example5

    4. Add the names of the web sites from which you want to remove the configuration to the previous parameter. Remove the names of any other sites on the web server that you want to leave unchanged.
    5. Locate the following parameter:
      HOST_REGISTRATION_YES=

      Specifies if the agent configuration program registers the agent with a Policy Server. Each web server requires only one trusted host registration is required. Set the value of this parameter to 0 if you have previously registered a web server with the Policy Server as a trusted host.

      Default: 1 (yes)

      Limits: 0 (no registration), 1 (registration)

    6. If the IIS web server is already registered as a trusted host with the CA SiteMinder® Policy Server, set the previous parameter to 0. Otherwise, the configuration program registers the web server as a trusted host.
    7. Open a Command Prompt window with Administrative privileges in the temporary directory.

      Important! Before running a CA SiteMinder® utility or executable on Windows Server 2008, open the command-line window with administrator permissions. Open the command-line window this way, even if your account has administrator privileges.

    8. Run the following command:
      ca-pep-config.exe -f ca-wss-installer.properties -i silent
      

      The CA SiteMinder® Web Services Security configuration is removed from the selected virtual sites on the node automatically.

  3. Repeat Step 2 for each additional IIS web server node in your environment that uses the configuration specified by the settings in your ca-wss-installer.properties file.