After you issue the agentadmin command and accept the license agreement (if necessary) the installation program appears, prompting you for information.
The steps in the installation program are displayed in this section in an example interaction. Your answers to prompts can differ slightly or greatly from this example depending upon your specific deployment. In the example, most of the defaults have been accepted. This example is provided for your reference and does not necessarily indicate the precise information you should enter.
The following bulleted list provides key points about the installation program.
Each step in the installation program includes an explanation that is followed by a more succinct prompt.
For most of the steps you can type any of the following characters to get the results described:
Type the question mark to display Help information for that specific step.
Type the left arrow symbol to go back to the previous interaction.
Type the exclamation point to exit the program.
Most of the steps provide a default value that can be accepted or replaced. If a default value is correct for your site, accept it. If it is not correct, enter the correct value.
The following list provides information about specific prompts in the installation. Often the prompt is self explanatory. However, at other times you might find the extra information presented here to be very helpful. This extra information is often not obvious. Study this section carefully before issuing the agentadmin --install command.
The deployment URI for the agent application is required for the agent to perform necessary housekeeping tasks such as registering policy and session notifications, legacy browser support, and CDSSO support. Accept /agentapp as the default value for this interaction. Once the installation is completed, browse the directory PolicyAgent-base/etc. Use the agentapp.war file to deploy the agent application in the application container. Please note that the deployment URI for agent application during install time should match the deployment URI for the same application when deployed in the J2EE container.
This key is used to encrypt sensitive information such the passwords. The key should be at least 12 characters long. A key is generated randomly and provided as the default. You can accept the random key generated by the installer or create your own using the .agentadmin --getEncryptKey command.
For information about creating a new encryption key, see agentadmin --getEncryptKey.
An agent profile should have been created as a pre-installation step. The creation of the agent profile is mentioned in that section. For the pre-installation steps, see Preparing to Install Agent for SAP Enterprise Portal 7.0/Web Application Server 7.0. For the actual information on creating an agent profile, see Creating a J2EE Agent Profile.
In summary, the J2EE agent communicates with Access Manager with a specific ID and password created through an agent profile using Access Manager Console. For J2EE agents, the creation of an agent profile is mandatory. Access Manager uses the agent profile to authenticate an agent. This is part of the security infrastructure.
The J2EE password file should have been created as a pre-installation step. For the pre-installation steps, see Preparing to Install Agent for SAP Enterprise Portal 7.0/Web Application Server 7.0.
When the installation program prompts you for the password for the agent, enter the fully qualified path to this password file.
After you have completed all the steps, a summary of your responses appears followed by options that allow you to navigate through those responses to accept or reject them.
When the summary appears, note the agent instance name, such as agent-001. You might be prompted for this name during the configuration process.
About the options, the default option is 1, Continue with Installation.
If you are satisfied with the summary, choose 1 (the default).
If you want to edit input from the last interaction, choose 2.
If you want to edit input starting at the beginning of the installation program, choose 3.
If you want to exit the installation program without installing, choose 4.
You can edit your responses as necessary, return to the options list, and choose option 1 to finally process your responses.
The following example is a sample installation snapshot of Policy Agent 2.2 for SAP Enterprise Portal 7.0/Web Application Server 7.0. By no means does this sample represent a real deployment scenario.
The section following this example, Implications of Specific Deployment Scenarios in Agent for SAP Enterprise Portal 7.0/Web Application Server 7.0, explains specific deployment scenarios, such as installing the agent on a Web Application Server (WebAS) domain. If any of these deployment scenarios apply to your deployment, you might need to respond to prompts in a specified manner during the installation as explained in that section. Review the explanations in that section before proceeding with the installation. Those explanations are divided into subsections as follows:
Installing Agent for SAP Enterprise Portal 7.0/Web Application Server 7.0 in a Clustered Environment
************************************************************************ Welcome to the Access Manager Policy Agent for SAP WebAS and Enterprise Portal ************************************************************************ Enter the complete path to the directory of your SAP server ID. This directory uniquely identifies the SAP instance that is secured by this Agent. [ ? : Help, ! : Exit ] Enter the SAP Server <SID> Directory Path [/usr/sap/J2E/JC00/j2ee/cluster/server0]: Enter true if the agent is being installed on a WebAS domain. Enter true only if the agent is installed on WebAS domain. CAUTION : Entering a wrong value will result in the failure of the installation process. [ ? : Help, < : Back, ! : Exit ] Is the agent being installed on a WebAS domain ? [false]: Enter the fully qualified host name of the server where Access Manager Services are installed. [ ? : Help, < : Back, ! : Exit ] Access Manager Services Host: subcompany22.company22.example.com Enter the port number of the Server that runs Access Manager Services. [ ? : Help, < : Back, ! : Exit ] Access Manager Services port [80]: Enter http/https to specify the protocol used by the Server that runs Access Manager services. [ ? : Help, < : Back, ! : Exit ] Access Manager Services Protocol [http]: Enter the Deployment URI for Access Manager Services. [ ? : Help, < : Back, ! : Exit ] Access Manager Services Deployment URI [/amserver]: Enter the fully qualified host name on which the Application Server protected by the agent is installed. [ ? : Help, < : Back, ! : Exit ] Enter the Agent Host name: Enter the fully qualified host name on which the Application Server protected by the agent is installed. [ ? : Help, < : Back, ! : Exit ] Enter the Agent Host name: employee.company22.example.com Enter the preferred port number on which the application server provides its services. [ ? : Help, < : Back, ! : Exit ] Enter the port number for Application Server instance [80]: Select http or https to specify the protocol used by the Application server instance that will be protected by Access Manager Policy Agent. [ ? : Help, < : Back, ! : Exit ] Enter the Preferred Protocol for Application Server instance [http]: Enter the deployment URI for the Agent Application. This Application is used by the agent for internal housekeeping. [ ? : Help, < : Back, ! : Exit ] Enter the Deployment URI for the Agent Application [/agentapp]: Enter a valid Encryption Key. [ ? : Help, < : Back, ! : Exit ] Enter the Encryption Key [UuFkSS0bpli/rY/KqYrGjd6ISaRIQEjT]: Enter a valid Agent profile name. Before proceeding with the agent installation, please ensure that a valid Agent profile exists in Access Manager. [ ? : Help, < : Back, ! : Exit ] Enter the Agent Profile name: exampleagent Enter the path to a file that contains the password to be used for identifying the Agent. [ ? : Help, < : Back, ! : Exit ] Enter the path to the password file: /export/temp/passwordfile ----------------------------------------------- SUMMARY OF YOUR RESPONSES ----------------------------------------------- SAP <SID> Directory : /usr/sap/J2E/JC00/j2ee/cluster/server0 Agent Installed on WebAS domain : false Access Manager Services Host : subcompany22.company22.example.com Access Manager Services Port : 80 Access Manager Services Protocol : http Access Manager Services Deployment URI : /amserver Agent Host name : employee.company22.example.com Application Server Instance Port number : 80 Protocol for Application Server instance : http Deployment URI for the Agent Application : /agentapp Encryption Key : UuFkSS0bpli/rY/KqYrGjd6ISaRIQEjT Agent Profile name : agent2.2 Agent Profile Password file name : /export00/password Verify your settings above and decide from the choices below. 1. Continue with Installation 2. Back to the last interaction 3. Start Over 4. Exit Please make your selection [1]: |
The following sections refer to specific deployment scenarios involving Policy Agent 2.2 for SAP Enterprise Portal 7.0/Web Application Server 7.0. These scenarios are likely to affect how you respond to prompts during the installation process. You might also need to perform additional configurations.
During installation, you are prompted about the domain on which you are installing the agent. The installer configures the installation differently depending upon the deployment container to which the domain is associated: SAP Web Application Server 7.0 or SAP Enterprise Portal 7.0.
The two deployment containers each require that you perform specific post-installation tasks as described in Chapter 4, Post-Installation Tasks of Policy Agent 2.2 for SAP Enterprise Portal 7.0/Web Application Server 7.0.
As shown in the following task description, to install this agent on a Web Application Server 7.0 (WebAS) domain, enter true when prompted. If you are installing the agent on an Enterprise Portal 7.0 domain, do not change this value from its default value of false.
The prompt shown in this procedure appears in the agent installation program, which is described in Example of Installation Program Interaction in Agent for SAP Enterprise Portal 7.0/Web Application Server 7.0.
Enter true to the following prompt:
Enter true if the agent is being installed on a WebAS domain [ ? : Help, < : Back, ! : Exit ] Is the agent being installed on a WebAS domain ? [true]:
One instance of Agent for SAP Enterprise Portal 7.0/Web Application Server 7.0 protecting the SAP Enterprise Portal 7.0 application in addition to another instance running on Web Application Server 7.0 is a supported configuration, however the installation process differs slightly. For example, if you first run the installation program on the SAP Enterprise Portal 7.0 application, you are not required to run the installation program again on the Web Application Server 7.0 instance. Also, you will only be able to configure one config and locale class path in the SAP J2EE configuration tool.
If you are installing the agent on an SAP Enterprise Portal 7.0 domain before installing the agent on an SAP Web Application Server 7.0 domain, follow the instructions for installation and post-installation of SAP Enterprise Portal 7.0 as provided in this guide. You can then configure the second agent instance for SAP Web Application Server 7.0 also following the post-installation task descriptions in this guide, but specifically for SAP Web Application Server 7.0.
To create a cluster in your SAP environment, you can either add additional dialogue instances to the central instance or add additional server processes to your existing central instance. Obtain information on setting up such a cluster at http://help.sap.com/.
Whether your cluster consists of multiple dialogue instances with one or more server processes, or multiple server processes for a central instance, you will need to perform the agent installation process on each server node that you would like the agent to protect. For example the following path represents server0 on the central instance:
/usr/sap/J2E/JC03/j2ee/cluster/server0
And the following path represents server1 on the dialog instance:
/usr/sap/J2E/J04/j2ee/cluster/server1
For the preceding examples, you must provide the corresponding directory structure to the first agent installation interaction. Similarly, on each node, you must deploy the agent application as described in To Deploy the agentapp.war file for SAP Enterprise Portal 7.0/Web Application Server 7.0.
At the end of the installation process, the installation program prints the status of the installation along with the installed J2EE agent information. The information that the program displays can be very useful. For example, the program displays the agent instance name, which is needed when configuring a remote instance. The program also displays the location of specific files, which can be of great importance. In fact, you might want to view the installation log file once the installation is complete, before performing the post-installation steps as described in Chapter 4, Post-Installation Tasks of Policy Agent 2.2 for SAP Enterprise Portal 7.0/Web Application Server 7.0.
The location of directories displayed by the installer are specific. However, throughout this guide and specifically in Summary of Agent Installation shown in this section, PolicyAgent-base is used to describe the directory where the distribution files are stored for a specific J2EE agent.
The following example serves as a quick description of the location of the J2EE agent base directory (PolicyAgent-base) of Policy Agent 2.2 for SAP Enterprise Portal 7.0/Web Application Server 7.0.
The following directory represents PolicyAgent-base of Agent for SAP Enterprise Portal 7.0/Web Application Server 7.0:
Agent-HomeDirectory/j2ee_agents/sap_v7_agent |
where Agent-HomeDirectory is the directory you choose in which to unpack the J2EE agent binaries.
Information regarding the location of the J2EE agent base directory is explained in detail in Location of the J2EE Agent Base Directory in Policy Agent 2.2.
The following type of information is printed by the installer:
SUMMARY OF AGENT INSTALLATION ----------------------------- Agent instance name: Agent_001 Agent Configuration file location: PolicyAgent-base/Agent_001/config/AMAgent.properties Agent Audit directory location: PolicyAgent-base/Agent_001/logs/audit Agent Debug directory location: PolicyAgent-base/Agent_001/logs/debug Install log file location: PolicyAgent-base/logs/audit/install.log Thank you for using Access Manager Policy Agent |
Once the agent is installed, the directories shown in the preceding example are created in the agent_00x directory, which for this example is specifically Agent_001. Those directories and files are briefly described in the following paragraphs.
Location of the J2EE agent AMAgent.properties configuration file for the agent instance. Every instance of a J2EE agent has a unique copy of this file. You can configure this file to meet your site's requirements. For more information, see the following sections:
Location of the J2EE agent local audit trail.
Location of all debug files required to debug an agent installation or configuration issue.
Location of the file that has the agent install file location. If the installation failed for any reason, you can look at this file to diagnose the issue.