IMPORTANT:The eDirectory DIB within the Administration Console installation is not supported in a B-tree file system (BTRFS). If your Administration Console system uses BTRFS, create a separate mount point using XFS or ext4 that mounts automatically at /var/opt/novell/eDirectory to meet this requirement. For more information, see eDirectory documentation.
Ensure that the system meets the requirements for installing Administration Console.
For information about the requirements, see NetIQ Access Manager System Requirements.
If you have custom partitioned your hard disk, ensure to allocate the minimum space for each partition as mentioned in the following table:
|
Partition |
Minimum Disk Space |
|---|---|
|
/opt/novell |
1 GB |
|
/opt/volera |
5 MB |
|
/var/opt/novell |
1 GB |
|
/var |
512 MB |
|
/usr |
25 MB |
|
/etc |
1 MB |
|
/tmp/novell_access_manager |
10 MB |
|
/tmp |
10 MB |
|
/ |
512 MB |
NOTE:These are the minimum free disk spaces that must be available before installation or upgrade. However, it is recommended to maintain more than the specified free disk space based on the requirement of your production environment.
You can perform the disk partitioning based on your requirement.
For example, consider a scenario where an administrator is installing Access Manager with 100 GB disk space. The administrator wants to allocate enough space for the logs from the available space. Therefore, the administrator can partition the hard disk as follows:
|
Partition |
Disk Space |
|---|---|
|
/opt |
5 GB |
|
/var |
30 GB |
|
/tmp |
2 GB |
|
/ |
63 GB |
(Conditional) For SUSE Linux Enterprise Server (SLES), ensure that the following packages are installed:
|
Package |
Description |
|---|---|
|
perl-gettext, gettext-runtime |
The required library and tools to create and maintain message catalogs. |
|
python |
The basic Python library. |
|
compat |
Libraries to address compatibility issues. For information about enabling this repository, see TID 7004701 Use the following command to verify: rpm -qa | grep <package name> Use YaST to install the packages. |
|
binutils |
The required set of tools to create and manage binary programs. |
|
rsyslog |
The required software for forwarding audit messages. |
|
rsyslog-module-gtls |
The required TLS encryption support module for rsyslog. |
|
libXtst6-32bit |
Has dependency on iManager |
(Conditionally) For manually installing RHEL packages, see Installing Packages and Dependent RPMs on RHEL for Access Manager.
NOTE:You can select to install these RPMs automatically along with Access Manager installation. While installing Access Manager, specify N when you get the following prompt:
Enter the local mount directory if you have the OS ISO mounted locally. This will be used as the local catalog for the additional rpms. Do you have a locally mounted ISO (y/n)?
The Access Manager installer checks the online catalog and then installs the required RPMs automatically.
Ensure that the latest net-snmp package from the SLES or RedHat update channel is installed.
Zip and unzip utilities is available for the backup and restore procedure.
Ports 389 and 636 are open.
Static IP addresses.
If the IP address changes after devices have been imported, these devices can no longer communicate with Administration Console.
The tree for the configuration store is named after the server on which you install Administration Console. Check the hostname and rename the machine if the name is not appropriate for a configuration tree name.
See Section 1.3, Network Requirements.
IMPORTANT:You cannot install the following software with Administration Console:
OpenLDAP server. If it is installed, uninstall it. If you do not want to uninstall it, ensure that it does not use the port 636 or does not bind the port 389 to localhost.
The LDAP software such as eDirectory.
Other version of iManager.
In addition, you cannot add other iManager product plug-ins to this Administration Console.
You cannot install Access Manager on a Linux User Management (LUM) machine because of library update conflicts.
JRE. If it is installed, uninstall it.
Installation time: about 20 minutes.
|
What you need to create during installation |
A username and password for the Administrator. |
IMPORTANT:If Administration Console and Identity Server are installed on different servers, both use 8080 and 8443 ports. If Administration Console and Identity Server are installed on the same server, Identity Server uses 8080 and 8443 ports and Administration Console uses 2080 and 2443 ports.
If you have Red Carpet or auto update running, stop these programs before you install Administration Console.
Verify that the machine meets the minimum requirements. See Prerequisites for Installing Administration Console on Linux.
Open a terminal window.
Access the install script as a root user:
Ensure that you have downloaded the software.
For software download instructions, see the release-specific Release Notes.
If you downloaded the tar.gz file, unzip it by using the following command:
tar -xzvf <filename>
Change to the novell-access-manager directory.
At the command prompt, specify the following:
./install.sh
Ensure that you have adequate space in the system before you proceed with installation.
When you are prompted to install a product, select 1. Install Administration Console and then press Enter.
The system displays an error message if /var uses BTRFS filesystem and the installation is terminated. You can change the filesystem from BTRFS to any other available filesystem, and then try installing.
Review and accept the License Agreement.
Novell Base and JDK for NetIQ are installed.
(Optional) The installer displays a warning if the host name of the system is mapped to the IP address 127.0.0.2 in the /etc/hosts file:
An entry of 127.0.0.2 in the /etc/hosts file affects the Access Manager functionality. Do you want to proceed with removing it (y/n) [y]
Specify Y to proceed.
The host name mapping to 127.0.0.2 may cause certain Access Manager processes to encounter errors when they attempt to resolve the host name of the machine. To avoid these problems, remove the 127.0.0.2 entry from the/etc/hosts file.
Verify that the required rpms are of the latest versions. Specify Y to proceed.
Specify the IP address of the local Administrator server.
Specify whether this is a primary Administration Console in a failover group. The first Administration Console installed becomes the primary console:
You can install up to three Administration Consoles for replication and failover purposes. If this is not the primary console, you must provide the IP address of the primary Administration Console.
Specify the administration username.
Press Enter to use admin as the default admin username, or change this to a username of your choice.
NOTE:
Administration Console username does not accept special characters # (hash), & (ampersand), and ()(round brackets).
If you are installing secondary Administration Console, the username must be from the o=novell container. If the username is from any other container, the Administration Console installation fails.
Specify the administration password. Use alphanumeric characters only.
NOTE:Administration Console password does not accept : (colon) and " (double quotes) special characters.
Confirm the password, then wait for the system to install components.
This may take several minutes depending on the speed of your hardware.
The following components are installed:
|
Component |
Description |
|---|---|
|
Syslog |
Responsible for packaging and forwarding the audit log entries to the configured Syslog Server. For more information, see Auditing in the Access Manager 4.5 Administration Guide. |
|
Tomcat for NetIQ |
NetIQ packaging of the Java-based Tomcat web server used to run servlets and JavaServer Pages (JSP) associated with NetIQ Access Manager web applications. |
|
Access Manager Configuration Store |
An embedded version of eDirectory used to store user-defined server configurations, LDAP attributes, Certificate Authority keys, certificates, and other Access Manager attributes that must be securely stored. |
|
iManager |
The web-based Administration Console that provides customized and secure access to server administration utilities. It is a modified version and cannot be used to manage other eDirectory trees. |
|
Device Manager |
|
|
Administration Console |
A modification of iManager that enables management of all aspects of Access Manager. This component is not a standard iManager plug-in. It significantly modifies the tasks that iManager can perform. |
|
Identity Server Administration Plug-In |
Works in conjunction with Administration Console for managing Identity Server. |
|
REST API Service (AMService) |
|
|
Patch Management Tool |
|
Record the login URL.
When installation completes, the login URL is displayed. It looks similar to the following:
http://10.10.10.50:8080/nps
Use this to configure Access Manager components.
Continue with Configuring the Linux Administration Console Firewall.
Before you install other Access Manager components and import them into Administration Console, or before you log in to Administration Console from a client machine, you must first configure the firewall on Administration Console.
Click Computer > YaST > Security and Users > Firewall.
This launches the Firewall Configuration screen.
Click Allowed Services > Advanced.
In TCP Ports, specify the ports to open.
(Conditional) If you are installing Administration Console and Identity Server on different machine, list the following additional ports in TCP Ports:
8080
8443
3080
3443
(Conditional) If you are installing Administration Console and Identity Server on the same machine, list the following additional ports in TCP Ports:
2080
2443
(Conditional) To import an Access Gateway into Administration Console, list the following additional ports in TCP Ports:
1443
8444
1289
1290
524
636
If you are importing an Access Gateway Appliance, specify icmp in IP Protocols.
For specific information about the ports listed in Step 3 and Step 4, see Table 1-3.
NOTE:Administration Console is accessible on ports 2080 (HTTP) and 2443 (HTTPs) when Identity Server is installed on the same machine.
Restart Tomcat by running the following commands from the Administration Console command line.
/etc/init.d/novell-ac stop
/etc/init.d/novell-ac start
Continue with Section 2.3, Logging In to Administration Console.