NetIQ recommends that you review the following prerequisites and considerations before starting the installation process.
When installing the Event Auditing Service, consider the following:
The installation program depends on the following specific version of the Openssl libraries:
libssl.so.0.9.8
libcrypto.so.0.9.8
If a newer version is installed in the system, it is necessary to create a symbolic link preserving these names.
(Conditional) On SLES 12.x and RHEL 6.x or 7.x computers, the Openssl libraries are in the /lib64 directory by default. It is preferred to use the bundled upgrade version of the Openssl libraries.
For example: If the current version of Openssl libraries on your system is libopenssl_1_0_0 then, run the following commands:
ln -s libssl.so.1.0.0 libssl.so.0.9.8
ln -s libcrypto.so.1.0.0 libcrypto.so.0.9.8
KornShell must be installed because the EAS installation scripts use KornShell, which is located by default at /bin/ksh. KornShell is usually bundled with all of the Linux operating system environments.
NetIQ recommends that you synchronize the time on the computer where you install EAS with the computers hosting components that interact with the service, such as Identity Reporting and other Identity Manager components. Otherwise, you might experience configuration problems.
When installing Identity Reporting, consider the following prerequisites and considerations:
Requires a supported and configured version of the following Identity Manager components:
Identity applications, including the User Application driver
An exclusive event auditing service, such as Sentinel or NetIQ Event Auditing Service, installed on a separate Linux computer. You cannot have multiple reporting instances communicating with a single EAS environment.
Driver for Data Collection Service
Driver for the Managed System Gateway service
For more information about required versions and patches for these components, see the latest Release Notes. For more information about installing the drivers, see Section 40.0, Managing the Drivers for Reporting.
Ensure that the Identity Vault includes the SecretStore module, and that the module is configured. For more information, see Section 11.1.2, Adding SecretStore to the Identity Vault Schema.
Do not install Identity Reporting on a server in a clustered environment.
(Conditional) To run reports against an Oracle 12c database, you must install the appropriate JDBC file. For more information, see Section 39.2, Running Reports on an Oracle Database.
(Conditional) You can use your own Tomcat installation program instead of the one provided in the Identity Manager installation kit. However, to use the Apache Log4j service with your version of Tomcat, ensure that you have the appropriate files installed. For more information, see Section 26.6, Using the Apache Log4j Service to Log Sign-on and Password Events.
Assign the Report Administrator role to any users that you want to be able to access reporting functionality.
Ensure that all servers in your Identity Manager environment are set to the same time, particularly the servers for the database and EAS components. If you do not synchronize the time on your servers, some reports might be empty when executed. For example, this issue can affect data related to new users when the servers hosting the Identity Manager engine and the Warehouse have different time stamps. If you create and then modify a user, the reports are populated with data.
Depending on the application server that you want to use with the identity applications, the installation process modifies some entries for JRE mapping in the setenv.sh file.
Tomcat: JAVA_OPTs or CATALINA_OPTS
JBoss: JAVA_HOME or JRE_HOME
By default, the convenience installer for Tomcat places the setenv.sh file in the /opt/netiq/idm/apps/tomcat/bin/ directory. The installer also configures the JRE location in the file.
(Optional) You can configure Identity Reporting to work with NetIQ Access Manager 4.0 using SAML 2.0 authentication. For more information, see Section 45.0, Using SAML Authentication with NetIQ Access Manager for Single Sign-on.