2.1 Installing the Administration Console on Linux

2.1.1 Installation Requirements on Linux

  • 4 GB RAM.

  • Dual CPU or Core (3.0 GHz or comparable chip)

  • 100 GB hard disk

    The hard disk should have ample space for logging in a production environment. This disk space must be in the local server not in the remote server.

  • One of the following operating systems:

    • SUSE Linux Enterprise Server (SLES) 11 SP4 and SLES 12 SP2 with 64-bit operating system x86-64 hardware (physical or virtual). Ensure that the following packages are installed:

      Package

      Description

      perl-gettext, gettext-runtime

      The required library and tools to create and maintain message catalogs.

      python

      The basic Python library.

      compat

      Libraries to address compatibility issues. For information about enabling this repository, see TID 7004701

      Use the following command to verify:

      rpm -qa | grep <package name>

      Use YaST to install the packages.

      binutils

      The required set of tools to create and manage binary programs.

      rsyslog

      The required software for forwarding audit messages.

      rsyslog-module-gtls

      The required TLS encryption support module for rsyslog.

      libXtst6-32bit

      Has dependency on iManager

    • Red Hat Enterprise Linux (RHEL) 6.9, 7.3, or 7.4 (64-bit) (physical or virtual). For installing the RHEL packages, see Section 6.0, Installing Packages and Dependent RPMs on RHEL for Access Manager.

  • Install the latest net-snmp package from the SLES or RedHat update channel.

  • Zip and unzip utilities must be available for the backup and restore procedure.

  • Ports 389 and 636 need to be free.

  • Static IP address (if the IP address changes after devices have been imported, these devices can no longer communicate with the Administration Console.)

  • The tree for the configuration store is named after the server on which you install the Administration Console. Check the hostname and rename the machine if the name is not appropriate for a configuration tree name.

  • The Administration Console can be installed on the same server as the Identity Server. If you are planning to install an L4 switch on a SLES server by using the Linux Virtual Services software, you can also install the Administration Console on this server.

  • Network requirements: See Section 1.3, Network Requirements.

IMPORTANT:You cannot install the following with the Administration Console:

  • OpenLDAP server. If it is installed, you must un-install it.

  • LDAP software such as eDirectory.

  • Other version of iManager. You also cannot add other iManager product plug-ins to this Administration Console.

  • Because of library update conflicts, you cannot install Access Manager on a Linux User Management (LUM) machine.

  • JRE. If you have a version installed, uninstall it.

Browser Support

  • Internet Explorer 11 and later

  • Mozilla Firefox

  • Chrome

  • Safari

  • Edge

Browser pop-ups must be enabled to use the Administration Console.

2.1.2 Installation Procedure

Installation time: about 20 minutes.

What you need to create during installation

A username and password for the Administrator.

NOTE:If the Administration Console and the Identity Server are installed on different servers, both use 8080 and 8443 ports. If the Administration Console and the Identity Server are installed on the same server, Identity Server uses 8080 and 8443 ports and Administration Console uses 2080 and 2443 ports.

  1. If you have Red Carpet or auto update running, stop these programs before you install the Administration Console.

  2. Verify that the machine meets the minimum requirements. See Section 2.1.1, Installation Requirements on Linux.

  3. Open a terminal window.

  4. Access the install script as root:

    1. Ensure that you have downloaded the software or you have the CD available.

      For software download instructions, see the release-specific Release Notes.

    2. Do one of the following:

      • Insert the CD into the drive, then navigate to the device. Specify the following:

        cd /media

        Change to your CD-ROM drive, which is usually cdrom but can be something else such as cdrecorder or dvdrecorder, depending on your hardware.

      • If you downloaded the tar.gz file, unzip it by using the following command:

        tar -xzvf <filename>

    3. Change to the novell-access-manager directory.

  5. At the command prompt, specify the following:

    ./install.sh

    Ensure that you have adequate space in the system before you proceed with installation.

  6. When you are prompted to install a product, select 1. Install Administration Console and then press Enter.

  7. Review and accept the License Agreement.

    Novell Base and JDK for NetIQ are installed.

  8. (Optional) The installer displays a warning if the host name of the system is mapped to the IP address 127.0.0.2 in the /etc/hosts file:

    An entry of 127.0.0.2 in the /etc/hosts file affects the Access Manager functionality. Do you want to proceed with removing it (y/n) [y]

    Specify Y to proceed.

    The host name mapping to 127.0.0.2 may cause certain Access Manager processes to encounter errors when they attempt to resolve the host name of the machine. To avoid these problems, remove the 127.0.0.2 entry from the/etc/hosts file.

  9. Verify that the required rpms are of the latest versions. Specify Y to proceed.

  10. Specify the IP address of the local Administrator server.

  11. Specify whether this is a primary Administration Console in a failover group. The first Administration Console installed becomes the primary console:

    You can install up to three Administration Consoles for replication and failover purposes. If this is not the primary console, you must provide the IP address of the primary Administration Console.

  12. Specify the administration username.

    Press Enter to use admin as the default admin username, or change this to a username of your choice.

    NOTE:

    • The Administration Console username does not accept special characters # (hash), & (ampersand), and ()(round brackets).

    • If you are installing secondary Administration Console, the username must be from the o=novell container. If the username is from any other container, the installer fails to install Administration Console.

  13. Specify the administration password.

    Use alphanumeric characters only.

    NOTE:The Administration Console password does not accept special characters : (colon) and " (double quotes).

  14. Confirm the password, then wait for the system to install components.

    This may take several minutes depending on the speed of your hardware.

    NOTE:Platform Agent and Novell Audit are not supported from Access Manager 4.2 onwards. The installation no longer installs Platform Agent and Novell Audit for auditing. If you upgrade from an older version of Access Manager to the latest version, Platform Agent is still available. It is recommended to use Syslog for auditing.

    The following components are installed:

    Component

    Description

    Syslog

    Responsible for packaging and forwarding the audit log entries to the configured Syslog Server. For more information, see Enabling Auditing in the NetIQ Access Manager 4.4 Administration Guide.

    Tomcat for NetIQ

    NetIQ packaging of the Java-based Tomcat Web server used to run servlets and JavaServer Pages (JSP) associated with NetIQ Access Manager Web applications.

    Access Manager Configuration Store

    An embedded version of eDirectory used to store user-defined server configurations, LDAP attributes, Certificate Authority keys, certificates, and other Access Manager attributes that must be securely stored.

    iManager

    The Web-based Administration Console that provides customized and secure access to server administration utilities. It is a modified version and cannot be used to manage other eDirectory trees.

    Device Manager

     

    Administration Console

    A modification of iManager that enables management of all aspects of Access Manager. This component is not a standard iManager plug-in. It significantly modifies the tasks that iManager can perform.

    Identity Server Administration Plug-In

    Works in conjunction with the Administration Console to specifically manage the Identity Server.

    REST API Service (AMService)

     

    Patch Management Tool

     

  15. Record the login URL.

    When installation completes, the login URL is displayed. It looks similar to the following:

    http://10.10.10.50:8080/nps

    Use this to configure Access Manager components.

  16. Continue with Configuring the Linux Administration Console Firewall.

Configuring the Linux Administration Console Firewall

Before you can install other Access Manager components and import them into the Administration Console, or before you can log in to the Administration Console from a client machine, you must first configure the firewall on the Administration Console.

  1. Click Computer > YaST > Security and Users > Firewall.

    This launches the Firewall Configuration screen.

  2. Click Allowed Services > Advanced.

  3. In the TCP Ports field, specify the ports to open.

    (Conditional) If you are installing the Administration Console and Identity Server on different machine, list the following additional ports in the TCP Ports field:

    • 8080

    • 8443

    • 3080

    • 3443

    (Conditional) If you are installing the Administration Console and Identity Server on the same machine, list the following additional ports in the TCP Ports field:

    • 2080

    • 2443

  4. (Conditional) To import an Access Gateway into the Administration Console, list the following additional ports in the TCP Ports field:

    • 1443

    • 8444

    • 1289

    • 1290

    • 524

    • 636

    If you are importing an Access Gateway Appliance, specify icmp in the IP Protocols field.

    For specific information about the ports listed in Step 3 and Step 4, see Table 1-3.

    NOTE:The Administration Console is accessible on ports 2080 (HTTP) and 2443 (HTTPs) when Identity Server is installed on the same machine.

  5. Restart Tomcat by running the following commands from the Administration Console command line.

    /etc/init.d/novell-ac stop

    /etc/init.d/novell-ac start

  6. Continue with Section 2.3, Logging In to the Administration Console.