> Installing the Administration Server > Post Installation Tasks

Installing the Administration Server

     Previous  Next    Open TOC in new window  Open Index in new window  View as PDF - New Window  Get Adobe Reader - New Window
Content starts here

Post Installation Tasks

This section discusses the steps you need to take after installing the Administration Server.

 

Installing the Policy Database Schema

The installer program offers you the option of installing the policy database schema as part of the installation procedure. There are two situations in which you should not install the database schema again:

If you have not installed the policy database schema, you must do so now; otherwise, you will not be able to the start the Administration Server processes.

For instructions for installing the database schema, see the following topics:

Installing the Policy Database Schema on Windows

To install the policy database schema in a Microsoft Windows environment, perform the following steps:

  1. Change to the active directory in which to install the database schema, for example:
    2. cd \bea\ales26-admin\bin
  2. To install the database schema, type:
    3. install_ales_schema.bat <db-user-name> <db-password>

    Where:

    • db-user-name—The username to use to access the database; the username for the database administrator. Owner of the policy database (optional, defaults to the user login, usually the same as the username). The policy owner is a database username or user ID that controls the database schema in the database instance.
    • db-password—Password to use to access the database; the password for the database administrator.

For more information on the database schema installation, examine the install_ales_schema.log in the log directory.

Installing the Policy Database Schema on Sun Solaris

To install the policy database schema in a Sun Solaris platform, perform the following steps:

  1. Change to the active directory in which to install the database schema, for example:
    2. cd /bea/ales26-admin/bin
  2. Locate the script install_ales_schema.sh

    3. Important: Make sure all scripts in this directory have execute permission.

  3. To install the policy database schema, type: 
    4. install_ales_schema.sh <db-user-name> <db-password>

    Where:

    • db-user-name —The username to use to access the database; the username for the database administrator. Owner of the policy database (optional, defaults to the user login, usually the same as the username). The policy owner is a database username or user ID that controls the set of database schema in the database instance.
    • db-password—The password to use to access the database; the password for the database administrator.

For more information on the database schema installation, examine the install_ales_schema.log in the log directory.

Installing the Policy Database Schema on Linux

To install the policy database schema in a Linux platform:

  1. Change to the active directory in which to install the database schema, for example:
    2. cd /bea/ales26-admin/bin
  2. Locate the script install_ales_schema.sh

    3. Important: Make sure all scripts in this directory have execute permission.

  3. To install the policy database schema, type:
    4. install_ales_schema.sh <db-user-name> <db-password>

    Where:

    • db-user-name —The username to use to access the database; the username for the database administrator. Owner of the policy database (optional, defaults to the user login, usually the same as the username). The policy owner is a database username or user ID that controls the set of database schema in the database instance.
    • db-password—The password to use to access the database; the password for the database administrator.

For more information on the database schema installation, examine the install_ales_schema.log in the log directory.

 

Starting and Stopping Processes

After you have installed the Administration Server, you must start the necessary processes by running the appropriate batch or shell scripts. On UNIX, run WLESadmin.sh start or WLESadmin.sh console. On Windows, you can start the WLESadmin start or WLESadmin console processes as services from the Programs menu or as commands from a console window.

For more detailed instructions on how to start and stop the required processes, see Starting and Stopping Processes in the Administration and Deployment Guide.

 

Logging into the Administration Console

At this time, you can log into the Administration Console and check that all the components are working correctly. For descriptions of the processes that are running, see Starting and Stopping Processes in the Administration and Deployment Guide.

To log into the Administration Console:

  1. Open Internet Explorer.

    2. To ensure that your transactions are securely encrypted, the Administration Console uses two-way Secure Socket Layers (SSL) to communicate with your Administration Server.

  2. Enter the URL for the Administration Console: 
    3. https://hostname:port/asi

    Where:

    hostname is the Domain Name Server (DNS) name or IP address of the Administration Server.

    port is the port number through which the Administration Server is connected.

    asi is the name of the Enterprise Domain (that you assigned during the installation procedure).

  3. When the login page appears, enter the username and the password granted to one of the security roles that has a login privilege and click Sign In. If you are using the default username and password, enter system (username) and weblogic (password). This is the default administrator configured on install and should only be used for the initial login.
  4. Several security certificate verification dialog boxes appear. Check OK on each one. If you do not have the proper version of the JRE installed, then on the first attempt, the console prompts you to install it.
  5. Once you have started the console, you should set up additional administrative users or configure an Authentication provider to authenticate console users to an external authentication source such as LDAP or Microsoft Windows NT and update the administration policy accordingly, as described in What's Next?.
    6. Note: The Administration Console allows administrators to edit configurations or perform other operations based on security roles granted by the administration policy. If your security roles do not permit editing of configuration data, the data is displayed in the Administration Console but is not editable. If you try to perform an operation that is not permitted, the Administration Console displays an Access Denied.

 

What's Next?

Now that you have successfully installed the Administration Server, you are ready to install your Security Service Modules and configure and deploy your security configurations and policies.

For instructions on installing Security Service Modules (SSMs), see Installing Security Service Modules.

Note: In a production environment, BEA recommends that you install your Security Service Modules on machines other than the machine on which the Administration Server is installed.

For instructions on how to write and deploy policies to SSMs to protect resources, see the Policy Managers Guide. This document describes how to define resources, identities, and roles, and how to writer authorization policies and role mapping policies. It also describes how to create policy data files that you can use to import policy data into the Administration Server and how import and export policy data.

Changing the Administrator Default Password

The default password for the administrator account (system) created by the installation should be used only for the initial login if security is a concern in your environment. This section describes how to subsequently change this password after the initial login.

Perform the following steps to change the default password for the administrator:

  1. Start the Administration Console and open the Identity Folder.
  2. Select the asi directory.
  3. Select Users, and then select user system.
  4. Click Edit and then click Set Password.

    5. Changing the password here via the console sets the password in the ALES Database Authentication provider database.

  5. Enter the existing password (the default is weblogic) and the new password. Confirm the new password and click OK.
  6. If you are using WebLogic Server as the container, you also need to edit the boot.properties file. To do this:
    1. Open the boot.properties file with the editor of your choice:

      2. BEA_HOME/ales26-admin/asiDomain/servers/asiAdminServer/security/boot.properties

    2. Delete the encrypted text in the username and password fields.
    3. Enter system in the username field and the new password (that you entered via the Administration Console) in the password field.
    4. Save the file.
  7. Run the asipassword utility.

    8. This utility encrypts the password with the key and saves it using based64 encoding into the password file.

  8. Restart the ALES server and log in into the Administration Console using the new password.

  Back to Top       Previous  Next