The following procedure describes how to install Identity Reporting using an installation wizard, either in GUI format or from the console. To perform a silent, unattended installation, see Section 38.2, Installing Identity Reporting Silently.
To prepare for the installation, review the prerequisites and system requirements listed in Section 36.4.2, System Requirements for Identity Reporting. Also see the Release Notes accompanying the release.
Ensure that the SIEM database in your event auditing service is running.
The installation program creates tables in the database and verifies connectivity. The program also installs a JAR file for the PostgreSQL JDBC driver, and automatically uses this file for database connectivity.
Log in to the computer where you want to install Identity Reporting.
Stop the application server, such as Tomcat.
(Conditional) If you have the .iso image file for the Identity Manager installation package, navigate to the directory containing the installation files for Identity Reporting, located by default in the products/Reporting/ directory.
(Conditional) If you downloaded Identity Reporting installation files from the NetIQ Downloads website, complete the following steps:
Navigate to the .tgz file for the downloaded image.
Extract the contents of the file to a folder on the local computer.
From the directory that contains the installation files, complete one of the following actions:
Linux (console): Enter ./rpt-install.bin -i console
Linux (GUI): Enter ./rpt-install.bin
Windows: Run rpt-install.exe
In the installation program, specify the language that you want to use for installation, and then click OK.
Review the Introduction text, and then click Next.
Accept the License Agreement, and then click Next.
To complete the guided process, specify values for the following parameters:
Installation folder
Specifies the location for the installation files.
Application server platform
Specifies the application server that will run the core (IDMRPT-Core.war), EASREST REST API (easrestapi.war), EAS Webstart (easwebstart.war), and Reporting REST API Reference WAR (rptdoc.war) files.
NOTE:Do not change the names of these WAR files. If you change the file names, the deployment process fails.
Application server details
Applies only for JBoss and Tomcat application servers.
Specifies a path to the deployment or webapps directory of the application server instance. For example, /home/netiq/idm/jboss/server/IDM/deploy or /opt/netiq/idm/apps/tomcat/webapps.
Application server connection
Represents the settings of the URL that users need to connect to Identity Reporting on the application server. For example, https:myserver.mycompany.com:8080.
NOTE:If OSP runs on a different instance of the application server, you must also select Connect to an external authentication server and specify values for the OSP server.
Specifies whether you want to use http or https. To use SSL for communication, specify https.
Specifies the DNS name or IP address of the application server. Do not use localhost.
Specifies the port that you want the application server to use for communication with Identity Reporting.
Specifies whether a different instance of the application server hosts the authentication server (OSP). The authentication server contains the list of users who can log in to Identity Reporting.
If you select this setting, also specify values for the authentication server’s Protocol, Host name, and Port.
Authentication server details
Specifies the password that you want to create for the Identity Reporting service to use when connecting to the OSP client on the authentication server.
To modify this password after installation, use the RBPM Configuration utility.
Event auditing service
Specifies whether you want to use NetIQ Event Auditing Service (EAS) to track events in Identity Reporting and the User Application.
If you select this setting, also specify the DNS name or IP address of the server that hosts EAS.
Database details (not using EAS)
Represents the settings for your SIEM database.
Applies only when you do not use EAS and your SIEM database runs on an Oracle platform.
Specifies whether your SIEM database is an Oracle database. If you select this setting, also specify values for the JDBC driver.
Applies only when your SIEM database runs on an Oracle platform.
Specifies the path to the jar file for the Oracle JDBC driver. For example, opt\oracl\ojdbc7.jar.
For more information, see Section 39.2, Running Reports on an Oracle Database.
Applies only when your SIEM database runs on an Oracle platform.
Specifies the class of the JDBC driver.
Applies only when your SIEM database runs on an Oracle platform.
Specifies the type of JDBC driver.
Applies only when you do not use EAS.
Specifies the DNS name or IP address of the server that hosts your SIEM database. Do not use localhost.
Applies only when you do not use EAS.
Specifies the name of your SIEM database.
Specifies the port for the SIEM database. The default value is 15432.
Applies only when you do not use EAS.
Specifies the name of the administrative account for the SIEM database server and owner of the event auditing schema and views.
Specifies the password for the administrative account for the database.
If you are using EAS, the installation program creates this password for the dbauser account.
Specifies the password for the account that owns the Identity Reporting schema and view in the database.
If you are using EAS, the installation program creates this password for the idmrptsrv account.
Specifies the password for the account that can access the database to run reports.
If you are using EAS, the installation program creates this password for the idmrptuser account.
Indicates whether you want the installation program to test the values specified for the database.
The installation program attempt the connection when you click Next or press Enter.
NOTE:You can continue with installation if the database connection fails. However, after installation, you must manually create the tables and connect to the database. For more information, see Section 38.3, Manually Generating the Database Schema.
Authentication details
Represents the settings for the authentication server. To modify these settings after installation, use the RBPM Configuration utility.
Specifies whether you want to use SSL protocol for connections between Identity Reporting and the authentication server.
Specifies the DNS name or IP address of the authentication server. Do not use localhost.
Specifies the port that you want the authentication server to use for communication with Identity Reporting. For example, specify 389 for a non-secure port or 636 for SSL connections.
Specifies the LDAP distinguished name (DN) for an administrator account of the authentication server. For example, cn=admin,ou=sa,o=system.
Specifies the password for the administrator account of the authentication server.
Specifies the DN of the container that lists the users that can log in to Identity Reporting. For example, o=data.
NOTE:If the DN contains special characters, you might need to escape those characters. For more information, see RFC 2253/4514 Section 2.4.
Specifies the attribute that you want to use for searching the subtree of the user container. For example, cn.
Specifies the language that you want to use for Identity Reporting. The application uses the specified local in searches.
User Application driver
Represents the settings for the User Application driver.
Specifies the name of the User Application driver.
Specifies the name of the driver set for the User Application driver.
Specifies the DN for the container that stores the driver set.
Email deliver
Represents the settings for the SMTP server that sends report notifications. To modify these settings after installation, use the RBPM Configuration utility.
Specifies the email address that you want Identity Reporting to use as the origination for email notifications.
Specifies the IP address or DNS name of the SMTP email host that Identity Reporting uses for notifications. Do not use localhost.
Specifies the port number for the SMTP server. The default value is 465.
Specifies whether you want to use SSL protocol for communication with the SMTP server.
Specifies whether you want to use authentication for communication with the SMTP server.
If you select this setting, also specify the credentials for the email server.
Applies only when you select Server requires authentication.
Specifies the name of an login account for the SMTP server.
Applies only when you select Server requires authentication.
Specifies the password of a login account for the SMTP server.
Report details
Represents the settings for maintaining completed reports.
Specifies the amount of time that Identity Reporting will retain completed reports before deleting them. For example, to specify six months, enter 6 and then select Month.
Specifies a path where you want to store the report definitions. For example, /opt/netiq/IdentityReporting.
Novel identity audit
Represents the settings for auditing activity in Identity Reporting.
Specifies whether you want to send log events to an auditing server.
If you select this setting, also specify the location for the audit log cache.
Applies only when you enable auditing for Identity Reporting.
Specifies the location of the cache directory that you want to use for auditing. For example, /opt/novell/Identity Reporting.
NOTE: Ensure that the logevent file has valid paths for the cache directory and nauditpa.jar file. If these settings are not defined correctly, Identity Reporting will not start.
NAudit certificates
Applies only when you enable auditing for Identity Reporting.
Represents the settings for the NAudit service which sends events from Identity Reporting to EAS.
Indicates whether you want to use an existing certificate for the NAudit server or create a new one.
Applies only when you want to use an existing certificate.
Lists the custom public key certificate that you want the NAudit service to use to authenticate audit messages sent to EAS.
Applies only when you want to use an existing certificate.
Specifies the path to the custom private key file that you want the NAudit service to use to authenticate audit messages sent to EAS.
Review the information in the Pre-Installation Summary window, and then click Install.
(Conditional) To use WebSphere to host Identity Reporting, continue to Section 39.1, Configuring Identity Reporting for WebSphere.