Installing the Java Security Service Module

Installing

The following sections provide the information you need to install the Java Security Service Module:

Note: For installation information on other Security Service Modules, see the associated installation guides.

Before You Begin

Before you begin this installation procedure, make sure you have done the following:

Note: If you start the installation process from the command line or from a script, you can specify the -log option to generate a verbose installation log. For instructions on how to generate a verbose log file during installation, see Generating a Verbose Installation Log.

Download and read the Release Notes from: http://download.oracle.com/docs/cd/E13169_01/ales/docs21/download.html
Install the Administration Application and related components.
Ensure the system requirements are met as described in Preparing to Install.

Generating a Verbose Installation Log

If you start the installation process from the command line or from a script, you can specify the -log option to generate a verbose installation log. The installation log lists messages about events during the installation process, including informational, warning, error, and fatal messages. This can be especially useful for silent installations.

Note: You may see some warning messages during in the installation log. However, unless there is a fatal error, the installation program will complete the installation successfully. The installation user interface will indicate the success or failure of the installation, and the installation log file will include an entry indicating that the installation was successful.

To create a verbose log file during installation, include the -log=/full_path_to_log_file option in the command line or script. For example:

For Windows:

ales211ssm_win32.exe -log=D:\logs\ales_install.log -log_priority=debug

For Sun Solaris:

ales211ssm_solaris32.bin -log=/opt/logs/ales_install.log -log_priority=debug

For Linux:

For Red Hat 2.1: ales211ssm_rhas21_IA32.bin -log=/opt/logs/ales_install.log -log_priority=debug
For Red Hat 3.0: ales211ssm_rhas3_IA32.bin -log=/opt/logs/ales_install.log -log_priority=debug

The path must be the full path to a file name. If the file does not exist, all folders in the path must exist before you execute the command or the installation program will not create the log file.

Starting the Installation Program

The procedure for starting the installation program varies depending the platform on which install BEA AquaLogic Enterprise Security. Therefore, separate instructions are provide for each supported platform.

Note: In a production environment, BEA recommends that you install the Security Service Modules on machines other than the machine on which the Administration Server is installed.

To start the installation program, refer to the appropriate section listed below:

Starting the Installation Program on a Windows Platform

Note: Do not install the software from a network drive. Download the software distribution to a local drive on your machine and install it from there. Also, on a Windows platform, the file system used must be NTFS, not FAT. To check the file system format, open Windows Explorer and right-click the hard drive on which you intend to do the installation and select Properties.

To install the application in a Microsoft Windows environment:

Shut down any programs that are running.

If you are installing from a CD-ROM, go to step 4. If you want to install the product by downloading it from the BEA web site:

Contact BEA Sales at http://www.bea.com/framework.jsp?CNT=sales1.htm&FP=/content/about/contact/ and request a download.

Go to the directory where you downloaded the installation file and double-click ales211ssm_win32.exe.

The BEA Installer - Security Service Module for Java window appears (see Figure 3-1).

Proceed to Running the Installation Program

If you are installing from a CD-ROM:

Insert Disk 1 into the CD-ROM drive.

If the installation program does not start automatically, open Windows Explorer and double-click the CD-ROM icon.

From the installation CD, double-click ales211ssm_win32.exe.

The BEA Installer window appears (see Figure 3-1).

Proceed to Running the Installation Program.

Figure 3-1 AquaLogic Enterprise Security Combo Installer Window

AquaLogic Enterprise Security Combo Installer Window

Starting the Installation Program on a Sun Solaris Platform

To run graphical-mode installation, your console must support a Java-based GUI. If the installation program determines that your system cannot support a Java-based GUI, the installation program automatically starts in console-mode.

To install the application in a Sun Solaris environment:

Shut down any programs that are running.

Open a command-line shell.

If you are installing from a CD-ROM, go to step 5. If you want to install the product by downloading it from the BEA web site:

Contact BEA Sales at http://www.bea.com/framework.jsp?CNT=sales1.htm&FP=/content/about/contact/ and request a download.

Go to the directory where you downloaded the file and change the protection on the install file:

chmod u+x ales211ssm_solaris32.bin

Start the installation: ales211ssm_solaris32.bin

The BEA Installer - Security Service Module for Java window appears (see Figure 3-1).

Proceed to Running the Installation Program.

If you are installing from a CD-ROM:

Insert the Disk 1 into the CD-ROM drive.

Start the installation: ales211ssm_solaris32.bin

The BEA Installer - Security Service Module for Java window appears (see Figure 3-1).

Proceed to Running the Installation Program.

Starting the Installation Program on a Linux Platform

To install the application in a Linux environment:

Shut down any programs that are running.

Set your DISPLAY variable if needed.

Open a command-line shell.

If you are installing from a CD-ROM, go to step 6. If you want to install the product by downloading it from the BEA web site:

Contact BEA Sales at http://www.bea.com/framework.jsp?CNT=sales1.htm&FP=/content/about/contact/ and request a download.

Go to the directory where you downloaded the file and change the protection on the install file:

For Red Hat 2.1: chmod u+x ales211ssm_rhas21_IA32.bin
For Red Hat 3.0: chmod u+x ales211ssm_rhas3_IA32.bin

Start the installation:

For Red Hat 2.1: ales211ssm_rhas21_IA32.bin
For Red Hat 3.0: ales211ssm_rhas3_IA32.bin

The BEA Installer - Security Service Module for Java window appears (see Figure 3-1).

Proceed to Running the Installation Program.

If you are installing from a CD-ROM:

Insert the Disk 1 into the CD-ROM drive.

Start the installation:

For Red Hat 2.1: ales211ssm_rhas21_IA32.bin
For Red Hat 3.0: ales211ssm_rhas3_IA32.bin

The BEA Installer - Security Service Module for Java window appears (see Figure 3-1).

Proceed to Running the Installation Program.

Running the Installation Program

The installation program prompts you to enter specific information about your system and configuration, as described in Table 3-1. To complete this procedure you need the following information:

Name of the BEA_HOME directory
Name of the product directory

Note: If this is the first AquaLogic Enterprise Security product you have installed on this machine, the Service Control Manager is also installed (which requires additional inputs such as the Service Control Manager directory).

Table 3-1 Running the Installation Program

In this Window:	Perform this Action:
Welcome	Click Next to proceed or cancel the installation at any time by clicking Exit.
BEA License Agreement	Read the BEA Software License Agreement, and then select Yes to indicate your acceptance of the terms of the agreement. To continue with the installation, you must accept the terms of the license agreement, click Yes, and then click Next.
Choose BEA Home Directory	Specify the BEA Home directory that serves as the central support directory for all BEA products installed on the target system. If you already have a BEA Home directory on your system, you can select that directory (recommended) or create a new BEA Home directory. If you choose to create a new directory, the installer program automatically creates the directory for you. For details about the BEA Home directory, see BEA Home Directory.
Choose product to install	Select the ALES SSM for Java component, clear the other check boxes, and click Next.
Choose Product Directory	Specify the directory in which you want to install the product software, and then click Next. You can accept the default product directory (`C:\bea\ales21-ssm\java-ssm`) or you can create a new product directory. Note: You only need to install the JAVA Security Service Module once per machine. Many Java instances can be created using the same Java Security Service Module install. Refer to the Java Instance Wizard information on how to create a Java Security Service Module instance. For additional information and a description of the resulting directory structure, see Product Installation Directory. If you choose to create a new directory, the installation program automatically creates the directory for you.
Choose Service Control Manager Directory	Specify the directory in which to install the Service Control Manager. You can accept the default directory (`ales21-scm`) or you can create a new one. Click Next to continue. Note: This step is required only if you are installing on a machine that does not already have an Security Control Manager installed.
Select Users and Groups	Specify the user names and group names to use for the Service Control Manager and Administration Application. You can accept the default settings or create a new ones. Note: When installing this product for use in a production environment, BEA recommends that you set these passwords to known values; otherwise you will not be able to modify them later. For example, you may want to modify these passwords to comply with organizational requirements. Admin User (asiadmin)—A local user account used to start the Security Service Module components. Admin Group (`asiadgrp`)—Administration Application group. Members of this group have full access to the Administration Application and log files; they can start and stop the Security Service Module components. SCM User (`scmuser`)—A local user account used to start the Service Control Manager. Security Group (`asiusers`)—Service Control Manager Group. Members of this group are allowed to use the AquaLogic Enterprise Security products. Click Next to continue.
Confirm User Selection	If the name of the user and group do not exist, they are created for you. Verify the values you entered are correct, and then click Next to continue.
User Passwords (Windows only)	Specify the password for the Administration Application User and Service Control Manager User. You can also choose the default passwords that are randomly generated. Note: If any of the users exist you must enter their passwords; the passwords are not generated randomly. Passwords are case sensitive. If you are installing the Administration Application in a production environment, BEA recommends using secure user names and passwords, and not the user names that are randomly generated. Click Next to continue.
Choose Network Interfaces	Select the network interfaces to which to bind the Service Control Manager. This is the IP Address used to listen for requests to provision policy and configuration data. Note: If you are installing the product in a production environment with more than one network card, you want to select a protected (internal) interface; you do not want to expose the Service Control Manager through a public address. Click Next to continue.
Configure Enterprise Domain for Service Control Manager (This step is required only if you are installing on a machine that does not already have an Security Control Manager installed.)	Enterprise Domain Name—The enterprise domain name is used to link all of the AquaLogic Enterprise Security components. Note: This is same enterprise domain name that you entered when you installed the BEA AquaLogic Enterprise Security Administration Application. SCM Logical Name—The name you assign to the Service Control Manager during this installation. This must match the name created on the Administration Server to which the Security Service Module will be bound. SCM Port—Port used by the Service Control Manager to receive configuration and policy data from the Administration Application; this port may not be used by any other server. Primary Server URL—The address used by your Administration Application. For example, `https://adminservername:7010/asi`. Backup Server URL—If you have a second Administration Application installed for the purpose of failover or backup, enter its address here. This is optional and may be left blank.
Installation Complete	Indicates that the installation completed successfully. Click Done to finish the installation.

Installing the SSM Without Root Privileges

It is highly recommended that you install ALES Security Service Modules using root privileges. This enables the product to create users and groups required to set up the ALES product automatically and also change permissions of files after installation. However, in some situations you may not have access to the root account. This section describes how to install and configure an SSM on UNIX without access to the root login. In this section, we assume that the user (login) name is alesuser, which belongs to the group alesgroup.

If you do not have root privileges, the SSM installer will try to install the Service Control Manager (SCM) regardless whether you have installed the ALES Administration Server on this machine before. If you have installed the ALES Administration Server before, you have to back up the SCM installation before you start to install the SSM.

For information about installing the Administration Server without root privileges, see Installing Without Root Privileges in Installing the Administration Server.

To install the SSM without root privileges:

If you have the ALES Administration Server installed on the same machine, stop the servers if they are running:

$ADMINHOME/bin/WLESadmin.sh stop

$SCMHOME/bin/WLESscm.sh stop

If you have the ALES Administration Server installed on the same machine, rename the $SCMHOME/ales21-scm folder:

mv ales21-scm/ ales21-scm-admin

Run the SSM installer using the -Dales.skip.admin.test=true command line argument. For example:

ales211ssm_rhas3_IA32.bin -Dales.skip.admin.test=true

In response to the installation program prompts, specify the username of the current user (asiadmin) as the name of the "Admin user" and asiadgrp as the "Admin group". Specify scmuser as the name of the "SCM user" and asiusers as the "Security group".

If you have the ALES Administration Server installed on this machine, enter the same "Enterprise domain name" as you entered when you installed the Administration Server (by default the domain is "asi"). Enter adminconfig as the "SCM logical name". Enter 7013 as the SCM port, assuming you have selected the default SSL ports (7010) during your Administration Server installation. Enter the "Primary Server URL" (by default, https://localhost:7010/asi).

If you have the ALES Administration Server installed on this machine, restore the $SCMHOME/ales21-scm folder from the ALES Administration Server installation.

mv ales21-scm-admin/ ales21-scm

Start the servers in different terminals.

$SCMHOME/bin/WLESscm.sh console

$ADMINHOME/bin/WLESblm.sh console

$ADMINHOME/bin/WLESarme.sh console

$ADMINHOME/bin/WLESWebLogic.sh console

You can start the servers subsequently with the "start" parameter instead of the "console" parameter and they will start in the background as daemon processes. $SCMHOME/bin/WLESscm.sh start $ADMINHOME/bin/WLESadmin.sh start

What's Next

Now that you have installed the necessary software, you must enroll and configure the Service Control Manager, create an instance of the Security Service Module and enroll the instance, and start the services. For additional instructions, see Post Installation Tasks.