Previous Topic: Report Server Installation RequirementsNext Topic: Policy Server Configuration Wizard


Installing the Policy Server on Windows Systems

Installation Road Map

The following diagram illustrates a sample CA SiteMinder® installation and lists the order in which you install and configure each component. Consider the following items:

More information:

Policy Server System Requirements

Policy Server

Before You Install the Policy Server

Consider the following items before installing the Policy Server:

More information:

Modified Environment Variables

How to Install the Policy Server

To install the Policy Server complete the following procedures:

  1. Review the Policy Server component considerations.
  2. Review the policy store considerations.
  3. Review the FIPS considerations.
  4. Gather information for the Policy Server installer.
  5. Run the Policy Server installer.
  6. (Optional) If you configured SNMP, enable SNMP event trapping.
  7. (Optional) If you do not use the Policy Server installer to configure a policy store, manually configure the policy store.

More information:

Reinstall the Policy Server

Policy Server Component Considerations

In addition to the Policy Server, the installer can install and configure the following components. Review the following items before installing the Policy Server:

Note: For a list of supported CA and third-party components, refer to the CA SiteMinder® 12.52 Platform Support Matrix on the Technical Support site.

More information:

Locate the Platform Support Matrix

Certificate Data Store

Policy Store

Policy Store Considerations

Consider the following items before running the Policy Server installer or the Policy Server Configuration wizard:

More information:

Configuring CA SiteMinder® Data Stores in a Relational Database

FIPS Considerations

The Policy Server uses certified Federal Information Processing Standard (FIPS) 140-2 compliant cryptographic libraries. FIPS is a US government computer security standard that is used to accredit cryptographic modules that meet the Advanced Encryption Standard (AES). The libraries provide a FIPS mode of operation when a CA SiteMinder® environment only uses FIPS-compliant algorithms to encrypt sensitive data.

You can install the Policy Server in one of the following FIPS modes of operation.

Note: The FIPS mode a Policy Server operates in is system-specific. For more information, see the CA SiteMinder® 12.52 Platform Support Matrix on the Technical Support site.

Note: For more information about migrating an environment to use only FIPS-compliant algorithms, see the Upgrade Guide.

More information:

Locate the Platform Support Matrix

Gather Information for the Installer

The Policy Server installer requires specific information to install the Policy Server and any optional components.

Note: Installation worksheets are provided to help you gather and record information prior to installing or configuring Policy Server components using the Policy Server Installation Wizard or the Policy Server Configuration Wizard. You may want to print these worksheets and use them to record required information prior to running either wizard.

Required Information

Gather the following required information before running the Policy Server installer or the Configuration wizard. You can use the Required Information Worksheet to record your values.

Active Directory LDS Server Information

Gather the following required information to configure Microsoft Active Directory LDS as a policy store:

Oracle Directory Server Information

Gather the following required information to configure Oracle Directory Server to function as a policy store:

Microsoft SQL Server Information

To configure Microsoft SQL Server as a policy store, gather the following required information:

Database server name

Identify the IP address or name of the database host system.

Note: For more information about IPv6 support, see the CA SiteMinder® Platform Support Matrix.

Database name

Identify the named instance or the name of the database that is to function as the policy store.

Database port

Identify the port on which the database is listening.

Database administrator user name and password

Identify the name and password of an administrator account with permission to do the following operations:

Note: If the CA SiteMinder® schema is already present in the database, the wizard does not require the credentials of a database administrator with create permission. For more information, see Configure a SQL Server Policy Store.

CA SiteMinder® superuser password

The default CA SiteMinder® superuser account has maximum permissions. Determine the password for the default superuser account. The name of the default account is:

siteminder

Limits:

Note: We recommend that you do not use the default superuser for day-to-day operations. Rather, use the default superuser to access the Administrative UI for the first–time and then create an administrator with superuser permissions.

Oracle RDBMS Information

Gather the following required information to configure Oracle RDBMS as a policy store.

Database server name

Identify the IP address or the name of the database host system.

Note: For more information about IPv6 support, see the CA SiteMinder® Platform Support Matrix.

Database service name

Identify the service name of the database that is to function as the policy store.

Database port

Identify the port on which the database is listening.

Database administrator user name

Identify the name of an administrator account with permission to do the following operations:

Database administrator password

Identify the password of the administrator account.

CA SiteMinder® superuser password

The default CA SiteMinder® superuser account has maximum permissions. Determine the password for the default superuser account. The name of the default account is:

siteminder

Limits:

Note: We recommend that you do not use the default superuser for day-to-day operations. Rather, use the default superuser to access the Administrative UI for the first–time and then create an administrator with superuser permissions.

OneView Monitor Information

You only have to gather OneView Monitor information if you plan on configuring the OneView Monitor.

Gather the following required information to configure the OneView Monitor. You can use the OneView Monitor Information Worksheet to record your values.

Run the Policy Server Installer

You install the Policy Server using the installation media on the Technical Support site.

Note: For a list of installation media names, see the Policy Server Release Notes.

Follow these steps:

  1. Be sure that the system meets the windows requirements.
  2. Exit all applications that are running.
  3. Do the step appropriate for your version of Windows:

    The installer starts.

  4. Use the gathered system and component information to install the Policy Server and configure Policy Server components. Considering the following items when running the installer:
  5. Review the installation settings and click Install.

    The Policy Server and all selected components are installed and configured.

  6. (Optional) If you did not use the installer to configure a policy store, manually configure the policy store.

Note: If you experience problems during the installation, you can locate the installation log file and the policy store details file in siteminder_home\siteminder\install_config_info.

siteminder_home

Specifies the Policy Server installation path.

More information:

Locate the Installation Media

Installation Media Names

Troubleshoot the Policy Server Installation

Use the following files to troubleshoot the Policy Server installation:

Enable SNMP Event Trapping

This is an optional step. You only have to enable SNMP trapping if you configured this feature when installing the Policy Server.

Note: Before completing this procedure, ensure you have an SNMP Service installed on the Windows systems.

To enable SNMP event trapping, use the XPSConfig utility to set the event handler library (eventsnmp.dll) to the XPSAudit list. The default location of eventsnmp.dll is policy_server_home\bin.

policy_server_home

Specifies the Policy Server installation location.

Note: More information on using the XPSConfig utility to set event handler libraries exists in the Policy Server Administration Guide.

To finish configuring SNMP event trapping, configure the snmptrap.conf file. The necessary SNMP prerequisites and procedures are detailed in SNMP Support.

More information:

SNMP Support Overview

Configure a Policy Store

If you did not use the Policy Server installer to configure a policy store automatically, manually configure a supported LDAP directory server or relational database as a policy store.

Unattended Policy Server Installation

After the Policy Server is manually installed on one machine, you can reinstall it or install it on a separate machine using an unattended installation mode. An unattended installation lets you install or uninstall the Policy Server without any user interaction.

The installer provides a ca-ps-installer.properties template file that lets you define installation variables. The default parameters, passwords, and paths in this file reflect the information you entered during the initial Policy Server installation. In this file, you can either store encrypted or plain text passwords. If you are using encrypted passwords, for example, a shared secret and CA SiteMinder® Super User, you must use the same ones that you entered during the initial installation since they are encrypted in the file and cannot be modified. However, you can use plain text passwords by modifying the file.

More information:

How to Run an Unattended Policy Server Install