2.2 Installing the Administration Console on Windows

2.2.1 Installation Requirements on Windows

  • 4 GB RAM

  • Dual CPU or Core (3.0 GHz or comparable chip)

  • 100 GB hard disk

    The hard disk should have ample space for logging in a production environment. This disk space must be in the local server and not in the remote server.

  • Windows Server 2008 R2 and 2012 R2, 64-bit operating system (physical or virtual), in either Standard or Enterprise Edition, with the latest patches applied.

  • Static IP address

  • Ports 389 and 636 need to be free

For information about browser support, see Browser Support.

For information about network requirements, see Section 1.3, Network Requirements.

2.2.2 Installation Procedure

Installation time: about 20 minutes.

What you need to create during installation

A username and password for the Administrator.

NOTE:If the Administration Console and the Identity Server are installed on different servers, both use 8080 and 8443 ports. If the Administration Console and the Identity Server are installed on the same server, Identity Server uses 8080 and 8443 ports and Administration Console uses 2080 and 2443 ports.

  1. Verify that the machine meets the minimum requirements. See Section 2.2.1, Installation Requirements on Windows.

  2. Close any running applications and disable any virus scanning programs.

  3. (Conditional) To use a remote desktop for installation, use one of the following:

    • Current version of VNC viewer

    • Microsoft Remote Desktop with the /console switch for Windows XP SP2

    • Microsoft Remote Desktop with the /admin switch for Windows XP SP3

  4. Download software and execute it.

    For software download instructions, see the release-specific Readme.

  5. Read the introduction, then click Next.

  6. Accept the license agreement, then click Next.

  7. Select Access Manager Administration Console, then click Next.

    If you are also installing the Identity Server on this machine, you can also select Access Manager Identity Server.

  8. Specify whether this is a primary Administration Console in a failover group, then click Next.

    The first Administration Console installed becomes the primary console.

    You can install up to three Administration Consoles for replication and failover purposes. If this is not the primary console, you must provide the IP address for the primary Administration Console.

  9. Specify an administration user ID and password.

  10. Specify the static IP address of the machine.

  11. Click Next, then review the summary.

    A message prompt to enable or disable the SSL renegotiation appears during the installation.

    WARNING:This installer is bundled with JDK, which has the SSL renegotiation disabled by default. If you use x509 authentication, then SSL renegotiation must be enabled. Would you like to enable SSL renegotiation for this session Y/N [N].

    SSL renegotiation is disabled by default because the TLS, SSL protocol 3.0 or earlier are vulnerable to man-in-the-middle attack. The preferred option is to disable the SSL renegotiation when using the x509 certificate based authentication under the following scenarios:

    1. Browser to identity provider when using the x509 certificate based authentication.

    2. Identity provider to identity provider communication when using the x509 certificate for mutual authentication.

    3. Secure LDAP connections with mutual authentication into the LDAP user store.

  12. Click Install.

    The configuration database takes awhile to install and configure.

  13. (Optional) After the installation completes, view the install log file found in the following location:

    Windows Server: \Program Files (x86)\Novell\log\AccessManagerServer_ InstallLog.log

  14. Restart the server.

    IMPORTANT:You must restart the server before installing any other Access Manager components.

  15. Continue with Configuring the Windows Administration Console Firewall.

Configuring the Windows Administration Console Firewall

Before you can install other Access Manager components and import them into the Administration Console, or before you can log in to the Administration Console from a client machine, you must first configure the firewall on the Administration Console.

  1. Click Control Panel > Windows Firewall.

  2. Click Advanced, then for the Local Area Connection, click Settings.

  3. For each port that needs to be opened, click Add, then Specify the following details:

    Field

    Description

    Description of service

    Specify a name. For example, Admin Console Access for port 8080 or Secure Admin Console Access for port 8443.

    Name or IP address

    Specify the IP address of the Administration Console.

    External Port number for this service

    Specify the port.

    Open the following ports:

    • 8080

    • 8443

  4. (Conditional) If you are importing an Access Gateway into the Administration Console, add the following ports:

    • 1443

    • 8444

    • 1289

    • 524

    • 636

    For specific information about the ports listed in Step 3 and Step 4, see Table 1-3.

  5. (Conditional) If you are importing an Access Gateway Appliance, click ICMP, select all options, then click OK twice.

  6. Run the following commands to restart Tomcat:

    net stop Tomcat7
net start Tomcat7

  7. Continue with Section 2.3, Logging In to the Administration Console: