This is a step-by-step procedure to help customers and partners configure and set up NetIQ Privileged User Manager 2.3.3 with NetIQ Cloud Security Service.

NPUM Manager Setup


  1. Deploy SLES11 SP2
    1. Requires: tomcat6, unzip, ntp, gettext-runtime, sudo, java-1.7.0-ibm
  2. Copy setup files to VM
    1. managedcssvc.tgz
    2. netiq-npum-manager-2.3.3-linux-2.6-x86_64.rpm
    3. pummgr.war
  3. Install netiq-npum-manager
    1. rpm -i netiq-npum-manager-2.3.3-linux-2.6-x86_64.rpm
  4. Unarchive managedcssvc.tgz
    1. tar –xvf managedcssvc.tgz
  5. Install the three rpms from archive
    1. rpm -i managedcssvc-2.0.0-0.1.noarch.rpm activemq-5.5.1-3.1.x86_64.rpm cssevents-1.0.0-0.1.noarch.rpm
  6. Copy pummgr.war to /usr/share/ncss/repo
    1. cp pummgr.war /usr/share/ncss/repo/

NPUM Linux Agent Setup


  1. Deploy SLES11 SP2
  2. Copy NPUM Agent to VM
  3. Install Agent
    1. rpm -i netiq-npum-agent-2.3.3-linux-2.6-x86_64.rpm

NPUM Windows Agent Setup


  1. Deploy Windows VM
  2. Copy NPUM Agent to Windows VM
  3. Install Agent
    1. Run supplied MSI



  1. Install Director
    1. deploy and configure NCSS image
    2. cd /usr/share/ncss
    3. ./ -d
    4. wait for install to finish (to test, make sure you can login to provider console URL: https://<DIRECTOR_DNS>/css/Provider USER/PASSWORD: )
  2. Setup Catalog Scripts (requires curl, only tested on SuSE Linux)
    1. Unarchive catalog file
    2. cd ./scripts directory
    3. edit director.dns.dat with your director dns name
    4. cd ./scripts/catalog
  3. Import PUM Service Template
    1. ./postPUMServiceTemplate
    2. Examine output:
      <?xml version="1.0" encoding="UTF-8" standalone="yes"?>
      <ncssCatalog xmlns="urn:novell:schema:ncss:catalog" version="v.1.0">
      	<response code="CREATED">
  4. Create Tenant
    1. ./postTenantList -a -n tenantOne
    2. Save tenantId from response: <tenantId>ec0bb59c-e9a5-41d0-b665-896e77c3c32e</tenantId>
  5. Add PUM Manager To Tenant
    1. ./postTenantServiceComponentPUMManager -t <tenantId>

      example: ./postTenantServiceComponentPUMManager -t ec0bb59c-e9a5-41d0-b665-896e77c3c32e
    2. Save componentInstanceId from response: <componentInstanceId>aba07021-ea99-4ea8-ac1c-f3a1eb3d03cc</componentInstanceId>
  6. Get PUM Manager INI File
    1. ./getTenantServiceComponentIniFile -t <tenantId> -c <serviceInstanceId>

      Example: getTenantServiceComponentIniFile -t ec0bb59c-e9a5-41d0-b665-896e77c3c32e -c aba07021-ea99-4ea8-ac1c-f3a1eb3d03cc
    2. Response is in getTenantServiceComponentIniFile.reply
  7. Copy PUM Manage INI file to PUM Manager VM
    1. scp getTenantServiceComponentIniFile.reply root@<PUMManager IP>:/root/
  8. Install PUM Manager
    1. cd /usr/share/ncss
    2. ./ –m <inifile>

      Example: ./ -m /root/getTenantServiceComponentIniFile.reply
  9. Add PUM Agent To Tenant
    1. /postTenantServiceComponentPUMAgent -t <tenantId> –c <PUM Manager componentInstanceId>

      /postTenantServiceComponentPUMAgent -t ec0bb59c-e9a5-41d0-b665-896e77c3c32e –c aba07021-ea99-4ea8-ac1c-f3a1eb3d03cc
    2. Save componentInstanceId from response: <componentInstanceId>c62bcd09-36b2-448a-90ff-c7a485d1bf6c</componentInstanceId>
  10. Get PUM Agent INI File
    1. ./getTenantServiceComponentIniFile -t <tenantId> -c <PUM Agent componentInstanceId>

      Example: ./getTenantServiceComponentIniFile –t ec0bb59c-e9a5-41d0-b665-896e77c3c32e –c c62bcd09-36b2-448a-90ff-c7a485d1bf6c
  11. COPY PUM Agent INI file to PUM Agent VM
    1. scp getTenantServiceComponentIniFile.reply root@<PUMAgent IP>:/root/
  12. Install PUM Agent
    1. If Linux Agent:

      /opt/novell/npum/sbin/unifi regclnt ncssRegister <ini file>

      Example: /opt/novell/npum/sbin/unifi regclnt ncssRegister /root/getTenantServiceComponentIniFile.reply
    2. If Windows Agent:

      c:\Program Files\Novell\npum\bin\unifi.exe regclnt ncssRegister -f <ini file>

      Example: “c:\Program Files\Novell\npum\bin\unifi.exe” regclnt ncssRegister –f “c:\Users\Administrator\pum\getTenantServiceComponentIniFile.reply”

Delete PUM Agent


  1. Remove the PUMAgent from the Windows or Linux workload.
    1. Linux:

      rpm -e netiq-npum-2.3.3-0
    2. Windows:

      “Control Panel:Add Remove Programs”
  2. From NCSS Tenant Console click edit icon of the PUMAgent
    1. note the PUMAgent-Name/PUMAgent-Host values
  3. From NCSS Tenant Console launch the PUM administrative console
  4. From the PUM administrative console click on hosts
  5. Select the Host whose name/host was noted earlier
  6. In the left navigation panel click on “Delete Host”
  7. From the NCSS Tenant Console click on the delete icon.

PUM Manager SSO


  1. Login to NCSS Customer Console
  2. Select “PUM Service” from Security Services Panel
  3. Click on “<Launch administrative console>” from Services Panel
  4. Ensure PUM Manager UI launches without having to login (might need to enable popups in your browser
0 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 5 (0 votes, average: 0.00 out of 5)
You need to be a registered member to rate this post.

Disclaimer: As with everything else at NetIQ Cool Solutions, this content is definitely not supported by NetIQ, so Customer Support will not be able to help you if it has any adverse effect on your environment.  It just worked for at least one person, and perhaps it will be useful for you too.  Be sure to test in a non-production environment.

Leave a Reply


  • cpedersen says:

    Why not get this information into the documentation

    • ashishmrt ashishmrt says:

      Product documents will talk about the respective products and their features / configurations.
      As this would be an consulting activity to integrate PUM and NCSS, so partners and sales folks may require this kind of information.

By: ashishmrt
Oct 10, 2013
12:37 pm
Active Directory Authentication Automation Cloud Computing Cloud Security Configuration Customizing Data Breach DirXML Drivers End User Management Identity Manager Importing-Exporting / ICE/ LDIF Intelligent Workload Management Knowledge Depot LDAP Monitoring Open Enterprise Server Passwords Reporting Secure Access Sentinel Supported Troubleshooting Workflow