IMPORTANT:Because of library update conflicts, you cannot install Access Manager on a Linux User Management machine.
Ensure that the system meets the requirements for installing Access Gateway. For information about the requirements, see NetIQ Access Manager System Requirements.
An Administration Console is installed. See Installing Administration Console.
An Identity Server is installed and configured. See Installing Identity Server
Verify that the time on the machine is synchronized with the time on Administration Console. If the times differ, Access Gateway Service does not import into Administration Console.
If a firewall separates the machine and Administration Console, ensure that the required ports are opened. See Table 1-3.
Because Access Gateway Service runs as a service, the default ports (80 and 443) that Access Gateway Service uses might conflict with the ports of other services running on the machine. If there is a conflict, you need to decide which ports each service can use.
(Windows Server 2012) If the web server (IIS) has been installed by default during the Windows Server 2012 install, the Access Gateway Service installation program detects its presence from the registry and issues a shutdown command. Even if you have never activated the web server and if even it is not running, the shutdown command is issued. Because Access Gateway Service cannot be installed while the IIS server is running, the installation program needs to ensure that it is not running.
(Conditional) For SUSE Linux Enterprise Server (SLES). Ensure that the following rpms or higher versions are installed:
rsyslog-module-gtls-5.10.1-0.7.49
rsyslog-5.10.1-0.7.49
binutils 2.23.1-0.17.18
glibc-32bit
IMPORTANT:
SLES installation libraries may be distributed across multiple CDs or DVDs. In YaST > Software > Software Repositories select the required CD or DVD to install the rpm files. If the rpm files are not available on the SLES server, the Access Manager installation process takes care of installing these rpm files from the SLES repository.
To search if an rpm is installed, use rpm -qa | grep <rpm name>. For example, rpm - qa | grep libapr-util.
(Conditional) For installing the RHEL packages manually, see Section 8.0, Installing Packages and Dependent RPMs on RHEL for Access Manager.
NOTE:You can select to install these RPMs automatically along with Access Manager installation. While installing Access Manager, specify N when you get the following prompt:
Enter the local mount directory if you have the OS ISO mounted locally. This will be used as the local catalog for the additional rpms. Do you have a locally mounted ISO (y/n)?
The Access Manager installer checks the online catalog and then installs the required RPMs automatically.
2 to10 GB hard disk space per reverse proxy that requires caching and for log files. The amount varies with rollover options and logging level that you configure.
If you have custom partitioned your hard disk as follows, ensure that the free disk space mentioned against each partition is available:
|
Partition |
Disk Space |
|---|---|
|
/opt/novell |
1 GB |
|
/opt/volera |
5 MB |
|
/var/opt/novell |
1 GB |
|
/var |
512 MB |
|
/usr |
25 MB |
|
/etc |
1 MB |
|
/tmp/novell_access_manager |
10 MB |
|
/tmp |
10 MB |
|
/ |
512 MB |
NOTE:These are the minimum free disk spaces that must be available before installation or upgrade. However, it is recommended to maintain more than the specified free disk space based on the requirement of your production environment.
A static IP address and a DNS name. The ActiveMQ module of Access Gateway Service must be able to resolve the machine’s IP address to a DNS name. If the module can’t resolve the IP address, the module does not start.
Other Access Manager components should not be installed on the same machine.
For information about network requirements, see Section 1.3, Network Requirements.
NOTE:Access Gateway Service clustering is supported for devices that are on the same operating system.
You must install Access Gateway Service on a separate machine.
Installation time: about 10 minutes.
|
What you need to know |
|
Log in to the NetIQ Customer Center and follow the link that allows you to download software. For an evaluation version, download the media kit from NetIQ Downloads.
Copy the file to your machine.
For the filename, see the release-specific Release Notes.
Prepare your machine for installation:
Make your operating system installation media available.
The installation program checks for Apache dependencies and installs any missing packages.
Start installation by running the following script:
./ag_install.sh
Review and accept the License Agreement.
(Optional) Specify the local NAT IP address if the local NAT is available for Access Gateway.
Specify the IP address, user ID, and password of the primary Administration Console.
Specify the IP address of Access Gateway.
Continue with one of the following sections:
Verify the installation. See Verifying Access Gateway Installation
Configure Access Gateway. See Configuring Access Gateway in the Access Manager 4.5 Administration Guide.
IMPORTANT:(Applicable for RHEL) When you configure more than 60 proxy services, Apache fails to start. RHEL has 128 semaphore arrays by default which is inadequate for more than 60 proxy services. Apache 2.4 requires a semaphore array for each proxy service.
You must increase the number of semaphore arrays depending on the number of proxy services you are going to use. Perform the following steps to increase the number of semaphore arrays to the recommended value:
Open /etc/sysctl.conf
Add kernel.sem = 250 256000 100 1024
This creates the following:
Maximum number of arrays = 1024 (number of proxy services x 2)
Maximum semaphores per array = 250
Maximum semaphores system wide = 256000 (Maximum number of arrays x Maximum semaphores per array)
Maximum ops per semop call = 100
Use command sysctl -p to update the changes.
Start Apache.
Ensure that the system meets the requirements for installing Access Gateway. For information about the requirements, see NetIQ Access Manager System Requirements.
Ensure that the operating system (physical or virtual) is in either Standard or Enterprise Edition, with the latest patches applied.
2 to10 GB per reverse proxy that requires caching and for log files. The amount varies with rollover options and logging level that you configure
A static IP address and a DNS name. The ActiveMQ module of Access Gateway Service must be able to resolve the machine’s IP address to a DNS name. If the module cant resolve the IP address, the module does not start.
You can verify this by using the nslookup command. Enter this command with hostname in the command prompt and it should return the IP address of the host
Windows packages KB2919442 and KB2919355 must be installed before installing Access Gateway Service. These packages must be installed in the same sequence. You can verify if these packages are installed by using the following commands:
dism /online /get-packages | findstr KB2919442
dism /online /get-packages | findstr KB2919355
If these packages are installed, you will get a confirmation message. If the packages are not installed, you will not receive any response.
Other Access Manager components should not be installed on the same machine
For information about network requirements, see Section 1.3, Network Requirements.
For prerequisites, see Prerequisites.
You must install Access Gateway Service on a separate server.
Installation time: about 10 minutes.
|
What you need to know |
|
Log in to the NetIQ Customer Center and follow the link that allows you to download software. For an evaluation version, download the media kit from NetIQ Downloads.
Download the ZIP file and extract it.
For the filename, see the release-specific Access Manager Release Notes.
Disable any virus scanning programs.
To use a remote desktop for installation, use one of the following:
Current version of VNC viewer
Microsoft Remote Desktop with the /console switch for Windows XP SP2
Microsoft Remote Desktop with the /admin switch for Windows XP SP3
Double-click the executable file in the <ZIP filename> folder.
A warning is displayed stating If NAT is present between console, the NAT configuration needs to be done in Administration Console.
If NAT is configured then ensure that you configure the same in Administration Console. Else, click Continue >Next.
Review the readme, and click Next.
Review and accept the License Agreement, then click Next.
Specify the IP address, user ID, and password of the primary Administration Console.
(Conditional) Specify the local IP address, if your machine has more than one IP address, which Access Gateway Service will use for communication with Administration Console.
(Optional) Specify Access Gateway Local NAT IP address, if the device is behind NAT.
Click Next.
Configure disk cache. This holds the caching objects of Access Gateway.
NOTE:Access Gateway Appliance uses the mod_cache module filesystem provided by Apache for storing the caching objects. If you want to change the size of this cache after installation, see TID on Changing the Cache Size of an Access Gateway Appliance after Installation.
Click Next, then review the installation summary.
Click Install.
Review the log information at the following location:
C:\Program Files\Novell\log
Click Next > Done.
To verify that Access Gateway Service imported into Administration Console, wait for few minutes, log in to Administration Console, then click Devices > Access Gateways.
At this point, Access Gateway Service is not configured.
Continue with one of the following:
Configure Access Gateway. See Configuring Access Gateway in the Access Manager 4.5 Administration Guide.
Install another Access Manager component.