> Installing Security Service Modules > Installing

Installing Security Service Modules

     Previous  Next    Open TOC in new window  Open Index in new window  View as PDF - New Window  Get Adobe Reader - New Window
Content starts here

Installing

The following sections provide the information you need to install the ALES Security Service Modules:

 

Before you Begin

Before you begin this installation procedure, make sure you do the following:

Note: If you start the installation process from the command line or from a script, you can specify the -log option to generate a verbose installation log. For instructions on how to generate a verbose log file during installation, see Generating a Verbose Installation Log.

Generating a Verbose Installation Log

If you start the installation process from the command line or from a script, you can specify the -log option to generate a verbose installation log. The installation log lists messages about events during the installation process, including informational, warning, error, and fatal messages. This can be especially useful for silent installations.

Note: You may see some warning messages during in the installation log. However, unless there is a fatal error, the installation program will complete the installation successfully. The installation user interface will indicate the success or failure of the installation, and the installation log file will include an entry indicating that the installation was successful.

To generate a verbose log file during installation, include the -log=/full_path_to_log_file option in the command line or script. For example:

For Windows: 

ales220ssm_win32.exe -log=D:\logs\ales_install.log -log-priority=debug

For Sun Solaris: 

ales220ssm_solaris32.bin -log=/opt/logs/ales_install.log -log-priority=debug

For Linux:

For Red Hat 2.1: 

ales220ssm_rhas21_IA32.bin -log=/opt/logs/ales_install.log -log-priority=debug

For Red Hat 3.0: 

ales220ssm_rhas3_IA32.bin -log=/opt/logs/ales_install.log -log-priority=debug

For IBM AIX: 

java -jar ales220ssm_aix32.jar -log=/opt/logs/ales_install.log -log-priority=debug

The path must be the full path to a file name. If the file does not exist, all folders in the path must exist before you execute the command or the installation program will not create the log file.

 

Starting the Installation Program

The procedure for starting the installation program varies depending the platform on which you install BEA AquaLogic Enterprise Security. Therefore, separate instructions are provide for each supported platform.

Note: In a production environment, BEA recommends that you install the Security Service Modules on machines other than the machine on which the Administration Server is installed.

To start the installation program, refer to the appropriate section listed below:

Starting the Installation Program on a Windows Platform

Note: Do not install the software from a network drive. Download the software distribution to a local drive on your machine and install it from there. Also, on a Windows platform, the file system used must be NTFS, not FAT. To check the file system format, open Windows Explorer and right-click the hard drive on which you intend to do the installation and select Properties.

To install the application in a Microsoft Windows environment:

  1. Shut down any programs that are running.
  2. Log in to the local machine.
  3. If you are installing from a CD-ROM, go to step 4. If you want to install the product by downloading it from the BEA web site:
    1. Contact BEA Sales at http://www.bea.com/framework.jsp?CNT=sales1.htm&FP=/content/about/contact/ and request a download.
    2. Go to the directory where you downloaded the installation file and double-click ales220ssm_win32.exe.

      3. The BEA Installer - Security Service Module window appears (see Figure 3-1).

    3. Proceed to Running the Installation Program.
  4. If you are installing from a CD-ROM:
    1. Insert Disk 2 into the CD-ROM drive.

      2. If the installation program does not start automatically, open Windows Explorer and double-click the CD-ROM icon.

    2. From the installation CD, double-click ales220ssm_win32.exe.

      3. The BEA Installer - Security Service Module window appears (see Figure 3-1).

    3. Proceed to Running the Installation Program.

Starting the Installation Program on a Sun Solaris Platform

To run graphical-mode installation, your console must support a Java-based GUI. If the installation program determines that your system cannot support a Java-based GUI, the installation program automatically starts console-mode installation.

  1. Shut down any programs that are running.
  2. Log in to the machine.
  3. Open a command-line shell.
  4. If you are installing from a CD-ROM, go to step 5. If you want to install the product by downloading it from the BEA web site:
    1. Contact BEA Sales at http://www.bea.com/framework.jsp?CNT=sales1.htm&FP=/content/about/contact/ and request a download.
    2. Go to the directory where you downloaded the file and change the protection on the install file:
      3. chmod u+x ales220ssm_solaris32.bin
    3. Start the installation: ales220ssm_solaris32.bin

      4. The BEA Installer - Security Service Module window appears (see Figure 3-1).

    4. Proceed to Running the Installation Program.
  5. If you are installing from a CD-ROM:
    1. Insert the Disk 2 into the CD-ROM drive.
    2. In a command shell, go to the directory where you installed the CD-ROM and change the protection on the install file:

      3. chmod a+x ales220ssm_solaris32.bin

    3. Enter this command to start the installation: ales220ssm_solaris32.bin

      4. The BEA Installer - Security Service Module window appears (see Figure 3-1).

    4. Proceed to Running the Installation Program.

Starting the Installation Program on a Linux Platform

To run graphical-mode installation, your console must support a Java-based GUI. If the installation program determines that your system cannot support a Java-based GUI, the installation program automatically starts console-mode installation.

  1. Shut down any programs that are running.
  2. Log in to the machine.
  3. Set your DISPLAY variable if needed.
  4. Open a command-line shell.
  5. If you are installing from a CD-ROM, go to step 6. If you want to install the product by downloading it from the BEA web site:
    1. Contact BEA Sales at http://www.bea.com/framework.jsp?CNT=sales1.htm&FP=/content/about/contact/ and request a download.
    2. Go to the directory where you downloaded the file and change the protection on the install file:

      3. For Red Hat 2.1: chmod u+x ales220ssm_rhas21_IA32.bin

      For Red Hat 3.0: chmod u+x ales220ssm_rhas3_IA32.bin

    3. Start the installation:

      4. For Red Hat 2.1: ales220ssm_rhas21_IA32.bin

      For Red Hat 3.0: ales220ssm_rhas3_IA32.bin

      The BEA Installer - Security Service Module window appears (see Figure 3-1).

    4. Proceed to Running the Installation Program.
  6. If you are installing from a CD-ROM:
    1. Insert the Disk 2 into the CD-ROM drive.
    2. In a command shell, go to the directory where you installed the CD-ROM and enter this command to change the protection on the install file:

      3. For Red Hat 2.1: chmod u+x ales220ssm_rhas21_IA32.bin

      For Red Hat 3.0: chmod u+x ales220ssm_rhas3_IA32.bin

    3. Enter this command to start the installation:

      4. For Red Hat 2.1: ales220ssm_rhas21_IA32.bin

      For Red Hat 3.0: ales220ssm_rhas3_IA32.bin

      The BEA Installer window appears (see Figure 3-1).

    4. Proceed to Running the Installation Program.

Starting the Installation Program on an IBM AIX Platform

To run graphical-mode installation, your console must support a Java-based GUI. If the installation program determines that your system cannot support a Java-based GUI, the installation program automatically starts console-mode installation.

  1. Log in to the machine.
  2. Open a command-line shell.
  3. Download the Security Service Module installation file, ales220ssm_aix32.jar, from the BEA web site. Contact BEA Sales at http://www.bea.com/framework.jsp?CNT=sales1.htm&FP=/content/about/contact/ to request a download.
  4. Start the installation with this command:
    5. java -jar ales220ssm_aix32.jar
  5. The AquaLogic Enterprise Security - Security Service Module installer window appears (see Figure 3-1).
  6. Proceed to Running the Installation Program.
    7. Figure 3-1 AquaLogic Enterprise Security SSM Installer Window


    AquaLogic Enterprise Security SSM Installer Window

 

Running the Installation Program

The installation program prompts you to enter specific information about your system and configuration as described in Table 3-1. To complete this procedure you need the following information:

Note: If this is the first AquaLogic Enterprise Security product you have installed on this machine, the Service Control Manager is also included as part of the installation (which requires additional inputs, such as the Service Control Manager directory).

Table 3-1 Running the Installation Program 
In this Window:
Perform this Action:
Welcome
Click Next to proceed, or cancel the installation at any time by clicking Exit.
BEA License Agreement
Read the BEA Software License Agreement, and then select Yes to indicate your acceptance of the terms of the agreement. To continue with the installation, you must accept the terms of the license agreement, click Yes, and then click Next.
Choose BEA Home Directory
Specify the BEA Home directory that serves as the central support directory for all BEA products installed on the target system. If you already have a BEA Home directory on your system, you can select that directory (recommended) or create a new BEA Home directory. If you choose to create a new directory, the installer program automatically creates the directory for you. For details about the BEA Home directory, see BEA Home Directory.
Choose product to install
Select the SSMs you wish to install, clear the other check boxes, and click Next.
Choose Product Directory
Specify the directory in which you want to install the product software, and then click Next. You can accept the default product directory (for example, C:\bea\ales22-ssm\wls-ssm) or you can create a new product directory.

Note: If you are installing on a machine with existing BEA AquaLogic Enterprise products or on a machine that you intend to install other BEA AquaLogic Enterprise products (for example, the Administration Server or another Security Service Module) you must select a different directory.

For additional information and a description of the resulting directory structure, see Product Installation Directory.
If you choose to create a new directory, the installation program automatically creates the directory for you, if necessary.
When you click Next, the installation program begins copying the components you specified to your system. If you have installed other products then you will see Installation Complete. Otherwise, continue installing the Service Control Manager.
Choose Service Control Manager Directory
Specify the directory in which to install the Service Control Manager. You can accept the default directory (ales22-scm) or you can create a new one.
Click Next to continue.
Choose Network Interface
Select the network interfaces to which to bind the Service Control Manager. This is the IP Address used to listen for requests to provision policy and configuration data.

Note: If you are installing the security service module in a production environment with more than one network card, you want to select a protected (internal) interface; you do not want to expose the Service Control Manager through a public address.

Click Next to continue.
Configure Enterprise Domain for Service Control Manager
Enterprise Domain Name—The enterprise domain name is used to link all of the AquaLogic Enterprise Security components.

Note: This is same enterprise domain name that you entered when you installed the BEA AquaLogic Enterprise Security Administration Server.

SCM Logical Name—The name you assign to the Service Control Manager during this installation.
SCM Port—Port used by the Service Control Manager to receive configuration and policy data from the Administration Server; may not be used by any other server.

Note: The SCM values are different from the SCM values defined when you installed the BEA AquaLogic Enterprise Security Administration Server.

Primary Server URL—The address used by your Administration Server.
Backup Server URL—If you have a second Administration Server installed for the purpose of failover or backup, enter its address here. This field is optional and may be left blank.
Installation Complete
Indicates that the installation completed successfully. Click Done to finish the installation.

 

Upgrading from ALES 2.1

ALES 2.2 includes a utility to help you upgrade from AquaLogic Enterprise Security 2.1. Note that no upgrade is available for Apache and Microsoft IIS Web Server SSM instances. If you have an existing installation of ALES 2.1, follow this upgrade procedure. For information about upgrading the Administration Server, see Upgrading from ALES 2.1 in Installing the Administration Server.

  1. Make sure you have read and delete permission for the ALES 2.1 files. You must be logged in as a member of the asidgrp group (or whatever group you used when installing ALES 2.1).
  2. Stop the ALES 2.1 processes, including the Administration Server, BLM, ARME, SCM, and SSM instances. For more information, see Starting and Stopping ALES Components in the Administration and Deployment Guide.
  3. If you have installed the ALES 2.1 Administration Server on the same machine on which you have installed one or more ALES 2.1 SSMs, be sure to upgrade the Administration Server before you upgrade any SSMs.
  4. Run the ALES 2.2 SSM installer on the machines on which your ALES 2.1 SSMs are installed. The ALES 2.2 SSM installer detects the ALES 2.1 installation and uses its configuration information.
  5. Run the upgrade script, which is located in BEA_HOME/ales22-ssm/upgrade. In response to the prompts, supply the location of the ALES 2.1 SSM instance to be upgraded and the destination of the ALES 2.2 SSM instance to be created. These locations may be the same.

 

Installing in Silent Mode

You can run the SSM installation in silent mode. Silent installation mode allows you to run the installer once on one machine and then use the configuration of that machine to duplicate SSM installation on multiple machines. When you run the installation program in silent mode, the installation program reads the configuration information it needs from an XML file that you specify in the command that launches the installation program.

When you run the installation program not in silent mode, it creates an XML file, located at BEA_HOME/ales22-ssm/<ssm>/adm/silent_install_ssm.xml . You can edit this XML file and use it when you run the installation program in silent mode. You need to edit the silent_install_ssm.xml file to set the values described in Table 3-2. Each installation parameter is specified in the XML file as the value of a <data-value> element, as in the following example: 

<data-value name="USER_INSTALL_DIR" value="C:\bea\ales22-admin" />

The values you set in the <data-value> elements correspond generally to the responses you enter when you run the installation program not in silent mode, which are described in Table 3-1.

Table 3-2 Silent Installation Configuration File
Data Element Name
Description
Default or Sample Value
BEAHOME
BEA_HOME directory in which to install the Administration Server
C:\bea
USER_INSTALL_DIR
Directory within BEA_HOME directory in which to install the SSM
C:\bea\ales22-wls-ssm
SCM_INSTALL_DIR
Directory within BEA_HOME directory in which to install the Service Control Manager
C:\bea\ales22-scm
COMPONENT_PATHS
Specifies the SSMs to install, separated by the pipe ( | ) character. Possible component selections are:
  • WLES SSM COMBO/WLES SSM for Web Service
  • WLES SSM COMBO/WLES SSM for Web Service
  • WLES SSM COMBO/WLES SSM for IIS
  • WLES SSM COMBO/WLES SSM for Apache
  • WLES SSM COMBO/WLES SSM for WLS8.1
  • WLES SSM COMBO/WLES SSM for WLS9
  
SCM_INTERFACE_LIST
A comma-separated list of IP addresses of the network interfaces to which to bind the Service Control Manager.
 
ENTERPRISE_DOMAIN_
NAME
The name assigned to this domain when you installed the Administration Server.
asi
SCM_NAME
The name you assign to the Service Control Manager during this installation.
 
SCM_PORT
Port used by the Service Control Manager to receive configuration and policy data from the Administration Server; may not be used by any other server.
 
SCM_PRIMARY_ADMIN_
URL
The address used by your Administration Server.
 
SCM_BACKUP_ADMIN_URL
The address used by your secondary (backup) Administration Server, if you have one. Optional.
 

To run the SSM installation in silent mode, use one of the following commands:

 

What's Next

Now that you have installed the necessary software, you must enroll the Service Control Manager, create an instance of the Security Service Module and enroll the instance, and then start the services. For additional instructions, see Post Installation Tasks.


  Back to Top       Previous  Next