2.1 Installing Administration Console on Linux

IMPORTANT:The eDirectory DIB within the Administration Console installation is not supported in a B-tree file system (BTRFS). If your Administration Console system uses BTRFS, create a separate mount point using XFS or ext4 that mounts automatically at /var/opt/novell/eDirectory to meet this requirement. For more information, see eDirectory documentation.

2.1.1 System Requirements on Linux

  • 4 GB RAM

  • Dual CPU or Core (3.0 GHz or comparable chip)

  • 100 GB hard disk

    The hard disk must have ample space for logging in a production environment. This disk space must be in the local server not in the remote server.

  • If you have custom partitioned your hard disk as follows, ensure that you have allocated the minimum space for each partition as mentioned in the following table:

    Partition

    Minimum Disk Space

    /opt/novell

    1 GB

    /opt/volera

    5 MB

    /var/opt/novell

    1 GB

    /var

    512 MB

    /usr

    25 MB

    /etc

    1 MB

    /tmp/novell_access_manager

    10 MB

    /tmp

    10 MB

    /

    512 MB

    You can perform the disk partitioning based on your requirement.

    For example, consider a scenario where an administrator is installing Access Manager with 100 GB disk space. The administrator wants to allocate enough space for the logs from the available space. Therefore, the administrator can partition the hard disk as follows:

    Partition

    Disk Space

    /opt

    5 GB

    /var

    30 GB

    /tmp

    2 GB

    /

    63 GB

  • One of the following operating systems:

    • SUSE Linux Enterprise Server (SLES) 11 SP4 or SLES 12 SP3 with 64-bit operating system x86-64 hardware (physical or virtual).

      Ensure that the following packages are installed:

      Package

      Description

      perl-gettext, gettext-runtime

      The required library and tools to create and maintain message catalogs.

      python

      The basic Python library.

      compat

      Libraries to address compatibility issues. For information about enabling this repository, see TID 7004701

      Use the following command to verify:

      rpm -qa | grep <package name>

      Use YaST to install the packages.

      binutils

      The required set of tools to create and manage binary programs.

      rsyslog

      The required software for forwarding audit messages.

      rsyslog-module-gtls

      The required TLS encryption support module for rsyslog.

      libXtst6-32bit

      Has dependency on iManager

    • Red Hat Enterprise Linux (RHEL) 6.9 or RHEL 7.4 (64-bit) (physical or virtual).

      For installing the RHEL packages, see Section 8.0, Installing Packages and Dependent RPMs on RHEL for Access Manager.

      NOTE:Access Manager 4.4 SP1 onwards, you can select to install these RPMs automatically along with Access Manager installation. While installing Access Manager, specify N when you get the following prompt:

      Enter the local mount directory if you have the OS ISO mounted locally. This will be used as the local catalog for the additional rpms.
      Do you have a locally mounted ISO (y/n)?

      The Access Manager installer checks the online catalog and then installs the required RPMs automatically.

  • The latest net-snmp package from the SLES or RedHat update channel is installed.

  • Zip and unzip utilities is available for the backup and restore procedure.

  • Ports 389 and 636 are open.

  • Static IP addresses.

    If the IP address changes after devices have been imported, these devices can no longer communicate with Administration Console.

  • The tree for the configuration store is named after the server on which you install Administration Console. Check the hostname and rename the machine if the name is not appropriate for a configuration tree name.

  • In the \etc\hosts file, add the IP address that you choose to install Administration Console along with the fully qualified domain name. This is applicable for servers with two NIC cards.

Browser Support

  • Internet Explorer 11.0.9600.18738 Update Versions 11.0.44 (KB4025252)

  • Mozilla Firefox 54.0.1

  • Chrome 60.0.3112.101

  • Edge 38.14393.0.0/ EdgeHTML 14.14393

Browser pop-ups must be enabled to use Administration Console.

Network Requirements

See Section 1.3, Network Requirements.

IMPORTANT:You cannot install the following software with Administration Console:

  • OpenLDAP server. If it is installed, uninstall it. If you do not want to uninstall it, ensure that it does not use the port 636 or does not bind the port 389 to localhost.

  • The LDAP software such as eDirectory.

  • Other version of iManager.

    In addition, you cannot add other iManager product plug-ins to this Administration Console.

  • You cannot install Access Manager on a Linux User Management (LUM) machine because of library update conflicts.

  • JRE. If it is installed, uninstall it.

2.1.2 Installation Procedure

Installation time: about 20 minutes.

What you need to create during installation

A username and password for the Administrator.

IMPORTANT:If Administration Console and Identity Server are installed on different servers, both use 8080 and 8443 ports. If Administration Console and Identity Server are installed on the same server, Identity Server uses 8080 and 8443 ports and Administration Console uses 2080 and 2443 ports.

  1. If you have Red Carpet or auto update running, stop these programs before you install Administration Console.

  2. Verify that the machine meets the minimum requirements. See Section 2.1.1, System Requirements on Linux.

  3. Open a terminal window.

  4. Access the install script as a root user:

    1. Ensure that you have downloaded the software or you have the CD available.

      For software download instructions, see the release-specific Release Notes.

    2. Do one of the following:

      • Insert the CD into the drive, then navigate to the device. Specify the following:

        cd /media

        Change to your CD-ROM drive, which is usually cdrom but can be something else such as cdrecorder or dvdrecorder, depending on your hardware.

      • If you downloaded the tar.gz file, unzip it by using the following command:

        tar -xzvf <filename>

    3. Change to the novell-access-manager directory.

  5. At the command prompt, specify the following:

    ./install.sh

    Ensure that you have adequate space in the system before you proceed with installation.

  6. When you are prompted to install a product, select 1. Install Administration Console and then press Enter.

    From Access Manager 4.4 SP2 onwards, the system displays an error message if /var uses BTRFS filesystem and the installation is terminated. You can change the filesystem from BTRFS to any other available filesystem, and then try installing.

  7. Review and accept the License Agreement.

  8. (Optional) The installer displays a warning if the host name of the system is mapped to the IP address 127.0.0.2 in the /etc/hosts file:

    An entry of 127.0.0.2 in the /etc/hosts file affects the Access Manager functionality. Do you want to proceed with removing it (y/n) [y]

    Specify Y to proceed.

    The host name mapping to 127.0.0.2 may cause certain Access Manager processes to encounter errors when they attempt to resolve the host name of the machine. To avoid these problems, remove the 127.0.0.2 entry from the/etc/hosts file.

  9. (Applicable for Access Manager 4.4 and earlier versions on RHEL) Verify that the required rpms are of the latest versions. Specify Y to proceed.

  10. (Conditional) If the server two NIC cards, then specify the IP address of the local Administrator server.

    NOTE:The installer fails to install Administration Console if the specified IP address is not listed in the \etc\hosts file.

    You must update the hosts file with the IP address and the fully qualified domain name, then restart the installation.

  11. Specify whether this is a primary Administration Console in a failover group. The first Administration Console installed becomes the primary console:

    You can install up to three Administration Consoles for replication and failover purposes. If this is not the primary console, you must provide the IP address of the primary Administration Console.

  12. Specify the administration username.

    Press Enter to use admin as the default admin username, or change this to a username of your choice.

    NOTE:

    • Administration Console username does not accept special characters # (hash), & (ampersand), and ()(round brackets).

    • If you are installing secondary Administration Console, the username must be from the o=novell container. If the username is from any other container, the Administration Console installation fails.

  13. Specify the administration password.

    Use alphanumeric characters only.

    NOTE:Administration Console password does not accept special characters : (colon) and " (double quotes).

  14. Confirm the password, then wait for the system to install components.

    This may take several minutes depending on the speed of your hardware.

    The following components are installed:

    Component

    Description

    Syslog

    Responsible for packaging and forwarding the audit log entries to the configured Syslog Server. For more information, see Enabling Auditing in the NetIQ Access Manager 4.4 Administration Guide.

    Tomcat for NetIQ

    NetIQ packaging of the Java-based Tomcat web server used to run servlets and JavaServer Pages (JSP) associated with NetIQ Access Manager web applications.

    Access Manager Configuration Store

    An embedded version of eDirectory used to store user-defined server configurations, LDAP attributes, Certificate Authority keys, certificates, and other Access Manager attributes that must be securely stored.

    iManager

    The web-based Administration Console that provides customized and secure access to server administration utilities. It is a modified version and cannot be used to manage other eDirectory trees.

    Device Manager

     

    Administration Console

    A modification of iManager that enables management of all aspects of Access Manager. This component is not a standard iManager plug-in. It significantly modifies the tasks that iManager can perform.

    Identity Server Administration Plug-In

    Works in conjunction with Administration Console for managing Identity Server.

    REST API Service (AMService)

     

    Patch Management Tool

     

  15. Record the login URL.

    When installation completes, the login URL is displayed. It looks similar to the following:

    http://10.10.10.50:8080/nps

    Use this to configure Access Manager components.

  16. Continue with Configuring the Linux Administration Console Firewall.

Configuring the Linux Administration Console Firewall

Before you install other Access Manager components and import them into Administration Console, or before you log in to Administration Console from a client machine, you must first configure the firewall on Administration Console.

  1. Click Computer > YaST > Security and Users > Firewall.

    This launches the Firewall Configuration screen.

  2. Click Allowed Services > Advanced.

  3. In TCP Ports, specify the ports to open.

    (Conditional) If you are installing Administration Console and Identity Server on different machine, list the following additional ports in TCP Ports:

    • 8080

    • 8443

    • 3080

    • 3443

    (Conditional) If you are installing Administration Console and Identity Server on the same machine, list the following additional ports in TCP Ports:

    • 2080

    • 2443

  4. (Conditional) To import an Access Gateway into Administration Console, list the following additional ports in TCP Ports:

    • 1443

    • 8444

    • 1289

    • 1290

    • 524

    • 636

    If you are importing an Access Gateway Appliance, specify icmp in IP Protocols.

    For specific information about the ports listed in Step 3 and Step 4, see Table 1-3.

    NOTE:Administration Console is accessible on ports 2080 (HTTP) and 2443 (HTTPs) when Identity Server is installed on the same machine.

  5. Restart Tomcat by running the following commands from the Administration Console command line.

    /etc/init.d/novell-ac stop

    /etc/init.d/novell-ac start

  6. Continue with Section 2.3, Logging In to Administration Console.