If you are installing Access Manager components on multiple machines, ensure that the time and date are synchronized on all machines.
Ensure that the Administration Console is running. (See Section 2.0, Installing the Administration Console.)
Do not perform any configuration tasks in the Administration Console during an Identity Server installation.
If you installed the Administration Console on a separate machine, ensure that the DNS names resolve between the Identity Server and the Administration Console.
When you are installing the Identity Server on a separate machine (recommended for production environments), ensure that the following ports are open on both the Administration Console and the Identity Server:
For information about how to open ports, see Configuring the Linux Administration Console Firewall and Configuring the Windows Administration Console Firewall.
IMPORTANT:When you are installing the Identity Server on a machine with the Administration Console (not recommended for production environments), do not run simultaneous external installations of the Identity Server, Access Gateway, or SSL VPN. These installations communicate with the Administration Console. During installation, Tomcat is restarted, which can disrupt the component import process.
Verify that the machine meets the minimum requirements. See Section 3.1, Installing the Identity Server on Linux.
You must establish a static IP address for your Identity Server to reliably connect with other Access Manager components. If the IP address changes, the Identity Server can no longer communicate with the Administration Console.
NOTE:If you have modified the JSP file to customize the login page, logout page, and error messages, you can restore the JSP file after installation. You should sanitize the restored JSP file to prevent XSS attacks. For more information, see Preventing Cross-site Scripting Attacks
in the NetIQ Access Manager 4.0 SP1 Identity Server Guide.
4 GB RAM.
Dual CPU or Core (3.0 GHz or comparable chip).
100 GB hard disk.
This amount is recommended to ensure ample space for logging in a production environment. This disk space must be local and not remote.
If you have custom partitioned your hard disk with partitions as in the table below, ensure that you have free disk space mentioned against each partition:
|
Partitions |
Disk Space |
|---|---|
|
/opt/novell |
1 GB |
|
/opt/volera |
5 MB |
|
/var/opt/novell |
1GB |
|
/var |
512 MB |
|
/usr |
25 MB |
|
/etc |
1 MB |
|
/tmp/novell_access_manager |
10 MB |
|
/tmp |
10MB |
|
/ |
512 MB |
One of the following operating systems:
SUSE Linux Enterprise Server (SLES) 11 SP2 and SP3 with 64-bit operating system (physical or virtual) x86-64 hardware.
Red Hat Enterprise Linux (RHEL) 6.4, 6.5 (64-bit) (physical or virtual) and 6.6 (64-bit) (physical or virtual). For installing the RHEL packages, see Section C.0, Installing Packages and Dependent RPMs on RHEL for Access Manager.
NOTE:For details about installing Access Manager 4.0 SP1 on RHEL 6.6, see TID 7016215.
gettext
python (interpreter)
Static IP address.
IMPORTANT:
No LDAP software, such as eDirectory or OpenLDAP, can be installed. (A default installation of SLES installs and enables OpenLDAP.)
Because of library update conflicts, you cannot install Access Manager on a Linux User Management (LUM) machine.
For information about network requirements, see Network Requirements.
Installation time: about 10 minutes.
|
What you need to know to install the Identity Server |
|
Open a terminal window.
Log in to as a root user.
Access the install script.
Ensure that you have downloaded the software or that you have the CD available.
For software download instructions, see the Access Manager 4.0 Hotfix 1 Readme
.
Do one of the following:
If you are installing from CD or DVD, insert the disc into the drive, then navigate to the device. The location might be /media/cdrom, /media/cdrecorder, or /media/dvdrecorder, depending on your hardware.
If you downloaded the tar.gz file, unzip the file by using the following command:
tar -xzvf <filename>
Change to the novell-access-manager directory.
At the command prompt, run the following install script:
./install.sh
When you are prompted to install a product, specify 2, Install Identity Server, then press Enter.
This selection is also used for installing additional Identity Servers for clustering behind an L4 switch. You need to run this install for each Identity Server you add to the cluster.
NOTE: The Administration Console is accessible on ports 2080 (HTTP) and 2443 (HTTPs) if the Identity Server or SSL VPN is installed on the same machine.
The following warning is displayed:
Warning: If NAT is present between this machine and Administration Console, configure NAT in the Administration Console. Exit this installation if NAT is not configured in the Administration Console. Would you like to continue (y/n)?
For more information about how to configure NAT, see Configuring the Administration Console Behind NAT.
Specify Y to proceed.
Review and accept the License Agreement.
Specify the IP address, user ID, and password for of the primary Administration Console. Specify the local NAT IP address if local NAT is available for the Identity Server.
If the installation program rejects the credentials and IP address, ensure that the correct ports are open on both the Administration Console and the Identity Server, as described in Section 3.1.1, Prerequisites.
The following components are installed:
|
Component |
Description |
|---|---|
|
Access Manager Server Communication |
Enables network communications, including identifying devices, finding services, moving data packets, and maintaining data integrity. |
|
Identity Server |
Provides authentication and identity services for the other Access Manager components and third-party service providers. |
|
Identity Server Configuration |
Allows the Identity Server to be securely configured by the Administration Console. If the installation process terminates at this step, the probable cause is a failure to communicate with the Administration Console. Ensure that you specified the correct IP address. |
|
Access Manager Server Communications Configuration |
Enables the Identity Server to auto-import itself into the Administration Console. |
Continue with one of the following:
Verify the installation. See Verifying the Identity Server Installation
Install an Access Gateway. See Section 4.1.2, Installing the Access Gateway Appliance or Section 4.2, Installing the Access Gateway Service.
Configure the Identity Server. See Setting Up a Basic Access Manager Configuration
in the NetIQ Access Manager 4.0 SP1 Setup Guide
.