If you installed without adding the schema, you must run a script before starting the Administration Server. The script creates database tables and ALES objects, starts the server, and loads the ALES administration policy.
To install the policy database schema:
Change to the BEA_HOME\ales30-admin\bin directory.
Important: For UNIX and Linux, all scripts in the directory must have execute permission.
Run install_ales_schema.bat | sh followed by the database administrator username and password.
How Administration Server processes run depends on the platform:
On Windows, the Administration Server and SCM are installed as services with a default startup type of manual. To configure the services for automatic startup, use the Windows Services applet.
On UNIX, the Administration Server and SCM are registered with the UNIX init subsystem and not configured to start automatically. To configure them for automatic startup, the system administrator must link it into the correct init runlevel, as shown below.
To start the Administration Server and SCM, use the methods described in Table 5-1:
Table 5-1
Platform
Description
Windows
ADMINISTRATION SERVER Open the Start menu and select Programs>BEA Aqualogic Enterprise Security>Administration Server>Start Server.
To use a command line, go to the BEA_HOME\ales30-admin\bin directory and enter WLESadmin.batstart or WLESadmin.batconsole.
WLESadmin.batconsole starts server processes in separate console windows.
SCM Open the Start menu and select Programs>BEA Aqualogic Enterprise Security>Service Control Manager>Start SCM.
To use a command line, go to the BEA_HOME\ales30-scm\bin directory and enter WLESscm.bat start or WLESscm.bat console.
WLESscm.batconsole starts SCM processes in separate console windows.
UNIX or Linux
ADMINISTRATION SERVER Enter WLESadmin.shstart or WLESadmin.shconsole.
Either command starts Administration Server processes as daemon processes and provides the same results.
SCM Go to the BEA_HOME\ales30-scm\bin directory and enter WLESscm.sh start or WLESscm.sh console.
Either command starts SCM processes as daemon processes and provides the same results.
Starting the Administration Server and SCM
Startup Option on Linux Reboots
To allow the SCM and Administration Server to start up after a reboot on Linux, set them to start on runlevel3 (non-graphical runlevel) and runlevel5 (graphical runlevel). To do this, run the following commands as root:
chkconfig --level 35 WLESscm on chkconfig --level 35 WLESadmin on
Stop the Administration Server and SCM as described in Table 5-2.
Table 5-2
Platform
Description
Windows
ADMINISTRATION SERVER Open the Start menu and select Programs>BEA Aqualogic Enterprise Security>Administration Server>Stop Server.
To use a command line, go to the BEA_HOME\ales30-admin\bin directory and enter WLESadmin.batstop.
SCM Open the Start menu and select Programs>BEA Aqualogic Enterprise Security>Service Control Manager>Stop SCM.
NOTE: To use a command line, go to the BEA_HOME\ales30-scm\bin directory and enter WLESscm.batstop.
UNIX or Linux
ADMINISTRATION SERVER Go to the BEA_HOME\ales30-admin\bin directory and enter WLESadmin.batstop.
SCM Go to the BEA_HOME\ales30-scm\bin directory and enter WLESscm.bat stop.
Stopping the Administration Server and SCM
Starting the Administration Tools
Installation of the Administration Server provides two administration tools:
The Entitlements Management Tool allows you perform the key administrative functions of managing Resources, Identities, Roles, Authorization Policies, and Membership Rules. It does not include the ability to manage SSM configurations.
The Administration Console has existed in all previous ALES versions. Although it possesses the full range of administrative features it should be used primarily for managing SSM configurations.
You should set up additional administrative users and configure an Authentication provider to authenticate them with an external source (e.g., LDAP or Microsoft Windows NT). This requires updating the administration policies involved.
What users can see and do in the console depends on their access rights as determined by existing policies. For example, users without edit rights will see “Access Denied” if they attempt to change some value.