Skip Headers
Oracle® Fusion Middleware Installation Guide for Oracle Mobile Security Suite
Release 3.0.1
Part Number E51930-03
Go to Documentation Home
Home		 Go to Table of Contents
Contents		 Go to Feedback page
Contact Us
Go to previous page
Previous		 Go to next page
Next
PDF · Mobi · ePub

5 Installing Oracle Mobile Security Suite on Linux

This chapter describes how to install Oracle Mobile Security Suite on Oracle Linux 6.

The Oracle Mobile Security Suite is delivered as a set of RPM packages, one for each of the individual server components:

You can install these RPM packages on the same or different systems, as noted in Section 2.3.2, "Mobile Security Access Server Requirements." When you install multiple server components on the same system, you must install them in the following order:

  1. Mobile Security Administrative Console: msac-3.0-0.el6.x86_64.rpm

  2. Mobile Security Notification Server: msns-3.0-0.el6.x86_64.rpm

  3. Mobile Security File Manager: msfm-3.0-0.el6.x86_64.rpm

  4. Mobile Security Access Server: msas-3.0-0.el6.x86_64.rpm

The installation processes for all server components require a PKCS#12 file containing the SSL server certificate and key, as well as the corresponding server certification CA trust chain file. Both of those files must be available on the system before installation.

All of the server components use a configuration variables file, vars.conf, as input to the configuration process. These files use the = character as a delimiter between a key on the left and the replacement value on the right. It is important to only modify the values to the right of the = character.

This chapter contains the following sections:

5.1 Installing Mobile Security Administrative Console

Follow these steps to install and configure the Mobile Security Administrative Console on Linux:

  1. Use the following command to install the Mobile Security Administrative Console RPM:

    sudo rpm -ivh msac-3.0-0.el6.x86_64.rpm

    The Mobile Security Administrative Console RPM has several dependencies. A number of these are included with the Mobile Security Administrative Console RPM in a dependency zip package. There is a dependency-install.sh script in the zip package that can be run to install the included dependencies, or the dependencies can be installed individually using the commands in the scripts as a reference. Other dependencies are normally available on Oracle Linux 6 systems. You must install any that are not present. The install command fails with an error message if any dependencies are not present.

    The Mobile Security Administrative Console is installed under: /opt/oracle/omss/msac/

  2. Edit the configuration variables file, which is installed by the Mobile Security Administrative Console RPM at: /opt/oracle/omss/msac/templates/vars.conf

    Edit this file to include all information necessary for configuration of the Mobile Security Administrative Console. Modify only the values to the right of the = character.

    The Mobile Security Administrative Console on Oracle Linux supports either a remote Oracle Database or a locally installed MySQL database. It does not support Microsoft SQL Server.

    If you are configuring the Mobile Security Administrative Console with an Oracle Database, then you must have previously created the table space and temporary table space, indicated in the respective configuration variables, in the database. The table space and temporary table space names must not be the same.

    The configuration variables that you must set for the Mobile Security Administrative Console are as follows:

    • server_name: The public host name of the Mobile Security Administrative Console. The server name must match the certificate subject name or subject alternative name present in the Mobile Security Administrative Console certificate.

    • server_admin_email: The email address of the server administrator.

    • http_port: The HTTP port exposed by the Mobile Security Administrative Console. By default this is 80.

    • server_ssl_port: The HTTPS port exposed by the Mobile Security Administrative Console. By default this is 443.

    • db_name: The name of the database configured with the Mobile Security Administrative Console. This should be mysql for the MySQL database and oracle for the Oracle Database. By default this is mysql.

    • company_name: The name of the company that you want displayed in the Mobile Security Administrative Console.

    • master_server: Indicate yes if this instance of the Mobile Security Administrative Console will be configured as the master server, or else no. The default value is yes.

    • db_created: Indicate yes if the database schema is already created, or else no. The default value is no. It must be no if the Mobile Security Administrative Console is configured with the MySQL database. If yes is indicated, then none of the following table space variables should be set.

    • db_host_name: The primary database server's host name. Leave it empty if configuring the Mobile Security Administrative Console with the MySQL database.

    • db_port: The primary database server's port. Leave it empty if configuring the Mobile Security Administrative Console with the MySQL database.

    • sec_db_host_name: The secondary database server's host name. Leave it empty if configuring the Mobile Security Administrative Console with the MySQL database.

    • sec_db_port: The secondary database server's port. Leave it empty if configuring the Mobile Security Administrative Console with the MySQL database.

    • odb_service_name: The Oracle Database service name. Leave it empty if configuring the Mobile Security Administrative Console with the MySQL database.

    • dba_user_name: The DBA user name to use when creating and populating the database schema. Leave it empty if configuring the Mobile Security Administrative Console with the MySQL database.

    • dba_pwd: The DBA user's password. Leave it empty if configuring the Mobile Security Administrative Console with the MySQL database.

    • acp_app_db_name: The Mobile Security Administrative Console application schema name. The default value is lattice. It must be lattice if configuring the Mobile Security Administrative Console with the MySQL database.

    • acp_rep_db_name: The Mobile Security Administrative Console reporting schema name. The default value is reporting. It must be reporting if configuring the Mobile Security Administrative Console with the MySQL database.

    • acp_audit_db_name: The Mobile Security Administrative Console audit schema name. The default value is audit. It must be audit if configuring the Mobile Security Administrative Console with the MySQL database and it must NOT be audit if configuring with the Oracle Database.

    • db_service_uid: The DB service UID used to access the Oracle Database by the Mobile Security Administrative Console. Leave it empty if configuring the Mobile Security Administrative Console with the MySQL database.

    • db_service_pwd: The DB service password used to access the Oracle Database by the Mobile Security Administrative Console. Leave it empty if configuring the Mobile Security Administrative Console with the MySQL database.

    • odb_lat_tspace_name: The table space name to create the application schema in the Oracle Database. Leave it empty if configuring the Mobile Security Administrative Console with the MySQL database.

    • odb_lat_tetspace_name: The temporary table space name to create the application schema in the Oracle Database. Leave it empty if configuring the Mobile Security Administrative Console with the MySQL database.

    • odb_rep_tspace_name: The table space name to create the reporting schema in the Oracle Database. Leave it empty if configuring the Mobile Security Administrative Console with the MySQL database.

    • odb_rep_tetspace_name: The temporary table space name to create the reporting schema in Oracle Database. Leave it empty if configuring the Mobile Security Administrative Console with the MySQL database.

    • odb_aud_tspace_name: The table space name to create the audit schema in the Oracle Database. Leave it empty if configuring the Mobile Security Administrative Console with the MySQL database.

    • odb_aud_tetspace_name: The temporary table space name to create the audit schema in the Oracle Database. Leave it empty if configuring the Mobile Security Administrative Console with the MySQL database.

    • odb_aapu_tspace_name: The table space name to create the application user schema in the Oracle Database. Leave it empty if configuring the Mobile Security Administrative Console with the MySQL database.

    • odb_appu_tetspace_name: The temporary table space name to create the application user schema in the Oracle Database. Leave it empty if configuring the Mobile Security Administrative Console with the MySQL database.

    • integrate_msns: Indicate yes if the Mobile Security Administrative Console will be integrated with the Mobile Security Notification Server, or else no. The default value is yes.

    • ad_enabled: Indicate yes if the Mobile Security Administrative Console will be configured with an LDAP server for user and group management, or else no. The default value is yes.

    • ldap_type: Indicate AD if the Mobile Security Administrative Console will be integrated with Microsoft Active Directory, or OUD if the Mobile Security Administrative Console will be integrated with Oracle Unified Directory. The default value is AD.

    • acp_auth_email: The administrator user name to be configured for use with the Mobile Security Administrative Console.

    • acp_auth_passwd: The administrator password to be configured for use with the Mobile Security Administrative Console.

    • ecp_auth_email: The username to be configured for use with the Mobile Security Administrative Console control panel service.

    • ecp_auth_passwd: The password to be configured for use with the Mobile Security Administrative Console control panel service.

    • httpd_user_name: The user with which the server will answer requests.

    • httpd_group_name: The group under which the server will answer requests.

    • server_cert_p12_file_path: The location of the PKCS#12 file containing the SSL server certificate and key. The corresponding PKCS#12 password will be prompted when the configuration script is run.

    • server_cert_ca_chain_file_path: The location of the server certification CA trust chain file (in PEM format).

  3. After the configuration variables file has been edited with appropriate information, run the configuration script, as follows, to configure the Mobile Security Administrative Console:

    sudo /opt/oracle/omss/msac/templates/configure.sh

    When you run the script, you are prompted twice for the password of the PKCS#12 file containing the SSL server certificate and key. If the configuration script runs without error, then the Mobile Security Administrative Console is configured with the values from the configuration variables file.

    Note:

    The configuration script also locks down the permissions on the directories and files under /opt/oracle/omss/msac/ to the user and group specified in the configuration variables file.

    Refer to Section 5.5 for instructions on how to run the Mobile Security Administrative Console.

    If the Mobile Security Administrative Console has been integrated with the Mobile Security Notification Server or an LDAP server, then you must update the configuration information for the system in the Mobile Security Administrative Console. Update this system configuration information as follows:

    1. Login to the Mobile Security Administrative Console.

    2. Go to the Settings tab.

    3. Go to LDAP Settings, update the configuration information, and click Save.

      If you have an Oracle Unified Directory installation with users under multiple domain entries (base DNs), you must specify all of the corresponding domain entries, separated by semicolons, in the base DN setting.

    4. Go to Notification Settings, update the configuration information, and click Save.

5.2 Installing Mobile Security Notification Server

Follow these steps to install and configure the Mobile Security Notification Server on Linux:

  1. Run the following command to install the Mobile Security Notification Server RPM:

    sudo rpm -ivh msns-3.0-0.el6.x86_64.rpm

    The Mobile Security Notification Server RPM has several dependencies. A number of these are included with the Mobile Security Notification Server RPM in a dependency zip package. There is a dependency-install.sh script in the zip package that can be run to install the included dependencies, or the dependencies can be installed individually using the commands in the script as a reference. Other dependencies are normally available on Oracle Linux 6 systems. You must install any that are not present. The install command fails with an error message if any dependencies are not present.

    The Mobile Security Notification Server is installed under: /opt/oracle/omss/msns/

  2. Edit the configuration variables file, which is installed by the Mobile Security Notification Server RPM at: /opt/oracle/omss/msns/templates/vars.conf

    You must include all information necessary for configuration of the Mobile Security Notification Server. The configuration variables file contains two sections, and you must only edit the first section. Modifying any information in the second section will likely result in a misconfiguration. Modify only the values to the right of the = character.

    You must set the following configuration variables:

    • server_name: The public host name of the Mobile Security File Manager. The server name must match the certificate subject name or subject alternative name present in the Mobile Security File Manager certificate.

    • http_port: The HTTP port exposed by the Mobile Security Administrative Console. By default this is 8080.

    • server_ssl_port: The HTTPS port exposed by the Mobile Security Administrative Console. By default this is 8443.

    • server_cert_p12_file_path: The location of the PKCS#12 file containing the SSL server certificate and key. The corresponding PKCS#12 password will be prompted when the configuration script is run.

    • server_cert_ca_chain_file_path: The location of the server certification CA trust chain file, in PEM format.

    • db_name: The name of the database configured with the Mobile Security Notification Server. This should be mysql for the MySQL database and oracle for the Oracle Database. By default this is mysql.

    • db_created: Indicate yes if the database schema is already created, or else no. The default value is no. It must be no if you are configuring the Mobile Security Notification Server with the MySQL database. If yes is indicated, then none of the following table space variables should be set.

    • db_host_name: The primary database server's host name. Leave it empty if configuring the Mobile Security Notification Server with the MySQL database.

    • db_port: The primary database server's port. Leave it empty if configuring the Mobile Security Notification Server with the MySQL database.

    • sec_db_host_name: The secondary database server's host name. Leave it empty if configuring the Mobile Security Notification Server with the MySQL database.

    • sec_db_port: The secondary database server's port. Leave it empty if configuring the Mobile Security Notification Server with the MySQL database.

    • odb_service_name: The Oracle Database service name. Leave it empty if configuring the Mobile Security Notification Server with the MySQL database.

    • dba_user_name: The DBA user name to use when creating and populating the database schema. Leave it empty if configuring the Mobile Security Notification Server with the MySQL database.

    • dba_pwd: The DBA user's password. Leave it empty if configuring the Mobile Security Notification Server with the MySQL database.

    • msns_db_name: The Mobile Security Notification Server application schema name. The default value is bns. It must be bns if configuring the Mobile Security Notification Server with the MySQL database.

    • odb_msns_tspace_name: The table space name to create the application schema in the Oracle Database. Leave it empty if configuring the Mobile Security Notification Server with the MySQL database.

    • odb_msns_tetspace_name: The temporary table space name to create for the application schema in the Oracle Database. Leave it empty if configuring the Mobile Security Notification Server with the MySQL database.

    • db_service_pwd: The Database service password used to access the Oracle Database by the Mobile Security Notification Server. Leave it empty if configuring the Mobile Security Notification Server with the MySQL database.

    • msns_service_uname: The Mobile Security Notification Server service user name.

    • msns_service_pwd: The Mobile Security Notification Server service password.

  3. After you have edited the configuration variables file with complete information, run the following command to configure the Mobile Security Notification Server:

    sudo /opt/oracle/omss/msns/templates/configure.sh

    When you run the script, you are prompted twice for the password of the PKCS#12 file containing the SSL server certificate and key. If the configuration script runs without error, then the Mobile Security Notification Server is configured with the values from the configuration variables file.

    Note:

    The configuration script also locks down the permissions on the directories and files under /opt/oracle/omss/msns/ to the user and group specified in the configuration variables file.

Refer to Section 5.6 for instructions on how to run the Mobile Security Notification Server.

5.3 Installing Mobile Security File Manager

Follow these steps to install and configure the Mobile Security File Manager on Linux:

  1. Run the following command to install the Mobile Security File Manager RPM:

    sudo rpm -ivh msfm-3.0-0.el6.x86_64.rpm

    The Mobile Security File Manager RPM has several dependencies. A number of these are included with the Mobile Security File Manager RPM in a dependency zip package. There is a dependency-install.sh script in the zip package that can be run to install the included dependencies, or the dependencies can be installed individually using the commands in the script as a reference. Other dependencies are normally available on Oracle Linux 6 systems. You must install any that are not present. The install command fails with an error message if any dependencies are not present.

    The Mobile Security File Manager is installed under: /opt/oracle/omss/msfm/

  2. Edit the configuration variables file, which is installed by the Mobile Security File Manager RPM at: /opt/oracle/omss/msfm/templates/vars.conf

    You must include all information necessary for configuration of the Mobile Security File Manager. The configuration variables file contains two sections, and you must only edit the first section. Modifying any information in the second section will likely result in a misconfiguration. Modify only the values to the right of the = character.

    You must set the following configuration variables:

    • server_name: The public host name of the Mobile Security File Manager. The server name must match the certificate subject name or subject alternative name present in the Mobile Security File Manager certificate.

    • http_port: The HTTP port exposed by the Mobile Security Administrative Console. By default this is 8080.

    • server_ssl_port: The HTTPS port exposed by the Mobile Security Administrative Console. By default this is 8443.

    • server_cert_p12_file_path: The location of the PKCS#12 file containing the SSL server certificate and key. The corresponding PKCS#12 password will be prompted when the configuration script is run.

    • server_cert_ca_chain_file_path: The location of the server certification CA trust chain file (in PEM format).

  3. After you have edited the configuration variables file with appropriate information, run following command:

    sudo /opt/oracle/omss/msfm/templates/configure.sh

    When you run the script, you are prompted twice for the password of the PKCS#12 file containing the SSL server certificate and key. If the configuration script runs without error, then the Mobile Security File Manager is configured with the values from the configuration variables file.

    Note:

    The configuration script also locks down the permissions on the directories and files under /opt/oracle/omss/msfm/ to the user and group specified in the configuration variables file.

Refer to Section 5.6 for instructions on how to run the Mobile Security File Manager.

5.4 Installing Mobile Security Access Server

Install and configure the Mobile Security Access Server on Linux as follows:

  1. Install the Mobile Security Access Server RPM, using the following command:

    sudo rpm -ivh msas-3.0-0.el6.x86_64.rpm

    The Mobile Security Access Server RPM has several dependencies. A number of these are included with the Mobile Security Access Server RPM in a dependency zip package. There is a dependency-install.sh script in the zip package that can be run to install the included dependencies, or the dependencies can be installed individually using the commands in the script as a reference. Other dependencies are normally available on Oracle Linux 6 systems. You must install any that are not present. The install command fails with an error message if any dependencies are not present.

    The Mobile Security Access Server is installed under: /opt/oracle/omss/msas/

  2. Edit the configuration variables file, which is installed by the Mobile Security Access Server RPM at /opt/oracle/omss/msas/templates/vars.conf.

    You must include all information necessary for configuration of the Mobile Security Access Server. The configuration variables file contains two sections, and you should edit only the first section. Modifying any information in the second section will likely result in a misconfiguration. Modify only the values to the right of the = character.

    You must set the following configuration variables for the Mobile Security Access Server:

    • HTTPD_USER: The server answers requests as this user.

    • HTTPD_GROUP: The server answers requests as a member of this group.

    • PROXY_PORT: The HTTP port exposed by the Mobile Security Access Server for standard proxy requests. By default, this is 80.

    • AUTH_PORT: The HTTPS port exposed by the Mobile Security Access Server for authentication and AppTunnel requests. By default, this is 443.

    • BMAX_SERVER_NAME: The public host name of the Mobile Security Access Server. The server name must match the certificate subject name or subject alternative name present in the Mobile Security Access Server certificate. The server name need not be the host name of the Mobile Security Access Server, but it must be resolvable in DNS by the mobile clients.

    • SERVER_P12_FILE: The location of the PKCS#12 file containing the SSL server certificate and key. When the configuration script is run, it prompts for the corresponding PKCS#12 password.

    • SERVER_CERTCHAIN_FILE: The location of the server certification CA trust chain file, in PEM format.

    • LOCAL_ACP: Indicates whether the Mobile Security Administrative Console is deployed on the same system as the Mobile Security Access Server. If they are deployed separately, then this value should be no. If they are deployed together then this value should be yes.

    • ECP_SERVICE_URL: The Mobile Security Administrative Console control panel service URL, which must include including scheme (http), port, and path, for example: https://msac.example.com:443/ecp/ecpservice

    • ECP_SERVICE_UID: The username that was previously configured for the Mobile Security Administrative Console control panel service.

    • ECP_SERVICE_PWD: The password that was previously configured for the Mobile Security Administrative Console control panel service.

    • ENABLE_OAM: Indicates whether OAM authentication should be enabled, either yes or no. If this value is yes then all of the following OAM configuration variables must be set.

    • OAM_SERVER_URL: The Oracle Access Manager Server URL including scheme (http or https) and port, for example: http://oam.example.com:1234 Required for Oracle Access Manager authentication.

    • OAM_SERVICE_END_POINT: The Oracle Access Manager OAuth service end point. But default this is oauthservice. Required for Oracle Access Manager authentication.

    • OAM_CLIENT_UID: The username that was previously configured for the Mobile Security Access Server when it was registered as an OAuth Confidential Client with the Oracle Access Manager OAuth Service. Required for Oracle Access Manager authentication.

    • OAM_CLIENT_PWD: The password/secret that was previously configured for the Mobile Security Access Server when it was registered as an OAuth Confidential Client with the Oracle Access Manager OAuth Service. Required for Oracle Access Manager authentication.

    • KRB_DOMAIN_NAME_UPPER: The primary Active Directory domain (Kerberos realm) for user authentication, in uppercase, for example: EXAMPLE.COM. Required for KINIT and PKINIT authentication. Additional domains/realms can be added to the krb5.conf file after this initial configuration.

    • KRB_DOMAIN_NAME: The primary Active Directory domain (Kerberos realm) for user authentication, in lowercase, for example: example.com. Required for KINIT and PKINIT authentication. Additional domains/realms can be added to the krb5.conf file after this initial configuration.

    • RADIUS_SERVER_INFO: The RADIUS server, port, and shared secret in the following format:radiusserver:port:sharedsecret. Required for RADIUS OTP authentication. Additional RADIUS servers can be added to the radius.conf file after this initial configuration.

    • BMAX_RADIUS_ENABLED: Indicates whether RADIUS authentication should be enabled, either yes or no. If this value is yes then all of the following RADIUS configuration variables need to be set.

    • BMAX_RADIUS_DOMAIN_NAME: The domain name to append to user names if the RADIUS server is configured to accept a domain name other than the UPN. By default, this is empty.

  3. After you have edited the configuration variables file, use the following command to configure the Mobile Security Access Server:

    sudo /opt/oracle/omss/msas/templates/configure.sh

    You are prompted twice for the password of the PKCS#12 file containing the SSL server certificate and key when the configuration script is run. If the configuration script displays does not display any errors during execution then the Mobile Security Access Server is configured with the values from the configuration variables file.

    Note:

    The configuration script also locks down the permissions on the directories and files under /opt/oracle/omss/msas/ to the user and group specified in the configuration variables file.

Refer to Section 5.5 for instructions on how to run the Mobile Security Access Server.

5.5 Running the Mobile Security Administrative Console and Access Server

The Mobile Security Administrative Console and Access Server can be started and stopped using standard Apache httpd commands.

Note:

The Mobile Security Administrative Console and Mobile Security Access Server run within Apache httpd on Oracle Linux. You must use Apache's worker MPM binary, located at: /usr/sbin/httpd.worker

After the Mobile Security Access Server has been installed and configured, you start and stop it by using the following commands:

sudo /usr/sbin/httpd.worker -f /opt/oracle/omss/msas/conf/httpd.conf -k start

sudo /usr/sbin/httpd.worker -f /opt/oracle/omss/msas/conf/httpd.conf -k stop

Use the same commands if the Mobile Security Administrative Console and Access Server have been installed together on the same system.

If the Mobile Security Administrative Console has been installed and configured on a system without the Access Server, you start and stop it by using the following commands:

sudo /usr/sbin/httpd.worker -f /opt/oracle/omss/msac/conf/httpd.conf -k start

sudo /usr/sbin/httpd.worker -f /opt/oracle/omss/msac/conf/httpd.conf -k stop

Note:

Even though sudo is used to launch the services, they run as the HTTPD_USER you specified in the configuration variables file during configuration.

You can configure cron jobs to automatically start the Mobile Security Administrative Console and Access Server on system reboot.

5.6 Running the Mobile Security Notification Server and File Manager

Use the omss command to start and stop the Mobile Security Notification Server and File Manager.

Note:

The Mobile Security Notification Server and File Manager run within Tomcat on Oracle Linux.

After you have configured the Mobile Security Notification Server and File Manager, run the following commands to start and stop them.

sudo /sbin/service omss start
sudo /sbin/service omss stop

Note:

Even though sudo is used to launch the services, they run under the tomcat user account by default. You can customize this using the standard Tomcat configuration.

You can configure cron jobs to automatically start the Mobile Security Notification Server and File Manager on system reboot.

Go to previous page
Previous		 Go to next page
Next
Go to Documentation Home
Home		 Go to Table of Contents
Contents		 Go to Feedback page
Contact Us