Sun Java(TM) Systems Identity Manager 7.1 Installation Guide |
Chapter 1
Before You InstallUse the information and procedures in the following sections to prepare for installation of Identity Manager:
Supported Software and EnvironmentsThis section lists software and environments that are compatible with the software:
Operating Systems
Application Servers
The application server you use with these applications must be Servlet 2.3-compliant and installed with the included Java platform (unless noted as follows):
- Apache Tomcat
- BEA WebLogic® Express 8.1 (with JDK 1.4.2)
- BEA WebLogic® Server 8.1 (with JDK 1.4.2)
- BEA WebLogic® Server 9.1 and 9.2 (with JDK 1.5)
- IBM WebSphere® 6.0, 6.1
- IBM WebSphere® Application Server - Express Version 5.1.1 (with JDK 1.4.2)
- JBoss Application Server 4.0.4
- Sun ONE Application Server 7
- Sun Java System Application Server Platform Edition 8, 8.2
- Sun Java System Application Server Platform Edition and Enterprise Edition 8.1
- Sun Java System Application Server Platform Edition 9
Browsers
Repository Database Servers
See DBMS Recovery and the Repository for DBMS recovery information.
Sun Identity Manager Gateway
SeeInstall the Sun Identity Manager Gateway, for further information on the Sun Identity Manager Gateway.
Supported Resources
See the Identity Manager Resources Reference for a list of all supported resource adapters.
Web Servers
Note
Integration between an application server and Web server is not required. You may choose to use a Web server for better load balancing and for increased security (through the https protocol).
- Apache 1.3.19
- iPlanet 4.1
- Microsoft Internet Information Server (IIS) 4.0, 5.0
- Sun ONE Web Server 6
Note
When using Web Server 6 add the Java mail.jar and activation.jar files to the WEB-INF/lib directory. The mail and activation jar files can be found at:
http://java.sun.com/products/javamail http://java.sun.com/products/beans/glasgow/jaf.html
Memory RequirementsYou should determine your memory needs and set values in your application server's JVM. Do this by adding maximum and minimum heap size to the Java command line; for example:
java -Xmx512M -Xms512M
For performance tuning purposes, you may also set the following in the waveset.property file:
max.post.memory.size value
For additional system requirements and information, refer to the Identity Manager release notes.
Setup Task FlowDepending on your choice of application server and database, the steps you will follow for setup differ. In general, you will:
- Perform prerequisite tasks, such as installing a Java compiler and JVM, and setting up an index database
- Install and configure an application server
- Install and configure the Identity Manager software
When using application servers with staging directories, keep the staging directory that was used for Identity Manager installation after deploying the product.
For some application server types and preferences, these general steps are combined, performed in a different order, or eliminated entirely.
Prerequisite TasksBefore installing the Identity Manager software, you need to:
Decide Where to Store Index Repository Files
You must create the directory where you will store application files before launching the installation program. You can store application files in a staging folder, or you can install into your application server's Web application directory.
Using a Staging Directory
Because the applications are based on J2EE Web, you can store them in a staging folder. This staging folder is used to deploy the application into your specific application server. Typically, a Web Application Archive (.war) file is created for use in the deployment steps.
Using a Web Application Directory
You may choose to install directly into an application server's Web application directory. In this case, you will specify the Web application directory during installation. The installation program will place the Identity Manager files in folder named idm in that location by default.
Note
When using a localfiles index repository in a WebSphere application server environment, set the localfiles repository to a location outside of the Identity Manager directory.
Set Up a Java Virtual Machine and Java Compiler
The application requires a Java compiler and a Java Virtual Machine (JVM) to run the Java classes that perform actions within Identity Manager. Both of these can be found in a Java SDK. (The JRE packages do not include a Java compiler.)
Set Up an Index Database
You should use a third-party relational database to store the system index data. If you plan to do this, use the general procedures in this section as guidelines when setting up the index database. Your database administrator may choose to customize the provided scripts to suit your site-specific configuration and standards.
About the Sample Database Scripts
Identity Manager provides sample database scripts that you can modify and use to create tables and indexes. You may choose to use an alternate method to create equivalent tables and indexes, but must meet these requirements:
- Tables (or views) must exist with the names specified in the sample DDL.
- Each named table (or view) must be owned by (or aliased to) the proxy user that is represented as “waveset” in the sample DDL.
- Each named table (or view) must contain all the columns specified for that table in the sample DDL.
- Each named column must have a data type that is consistent with the data type specified for that column in the sample DDL.
You can modify the sample scripts to suit your environment. Common changes include:
- Specifying a different proxy user
- Specifying different tablespaces, or separate tablespaces for tables and indexes
- Changing a data type. This is acceptable if a view or the JDBC driver makes the change transparent.
- Adding columns. This is acceptable if each column is nullable or defaulted.
- Removing or renaming columns. This is acceptable if a view makes this transparent.
- Renaming indexes
If you choose to set up Index data in regular files in a file system, skip to the chapter detailing Identity Manager installation. Otherwise, go to one of the sections in this chapter to set up:
Setting Up MySQL
Follow these steps to set up MySQL for use with Identity Manager.
Note
- For additional information about setting up and configuring MySQL, refer to Configuring MySQL.
- See Supported Software and Environments for supported database server versions, and for download or product locations.
- Install the MySQL software. Start the MySQL process (if it does not start automatically).
- Create the database. To do this:
- Copy the create_waveset_tables.mysql script from the db_scripts directory on the installation CD (or from the idm\sample directory if you have already installed) to a temporary location.
- Modify the create_waveset_tables.mysql script to change the database user password.
- Create the new tables by using one of the following commands:
On Windows
c:\mysql\bin\mysql -u root < create_waveset_tables.mysql
On UNIX
$MYSQL/bin/mysql -u root < create_waveset_tables.mysql
Setting Up Oracle
Follow these steps to set up Oracle for use with Identity Manager.
Note
See Supported Software and Environments for supported database server versions, and for download or product locations.
- Install Oracle or confirm the connection to an Oracle database.
- Connect to the Oracle instance as a user with privileges to create users and tables.
- Create the database. To do this:
- Copy the create_waveset_tables.oracle script from the db_scripts directory on the installation CD (or from the idm\sample directory if you have already installed) to a temporary location.
- Modify the create_waveset_tables.oracle script:
- Change the user password.
- Change the path for DATAFILE to point to the location for your waveset.dbf data file.
Note
Your database administrator may want to modify the script to meet site-specific requirements for backup, replications, disk allocation, distribution, or other considerations.
- Create the new tables by using the following command:
On Windows
sqlplus dbausername/dbapassword @create_waveset_tables.oracle
On UNIX
sqlplus dbausername/dbapassword @create_waveset_tables.oracle
Setting Up DB2
Before setting up DB2, you should decide how DB2 will provide JDBC access.
JDBC Access Considerations
DB2 offers two types of JDBC access, each of which requires a different URL format. The setup process allows you to select a preferred driver and automatically displays the corresponding URL template.
The application driver (COM.ibm.db2.jdbc.app.DB2Driver) requires local client software and a local database instance. Since DB2 runs on a separate (often dedicated) host in most production environments, the local database instance usually contains an alias to the remote database instance. In this configuration, the local database instance uses a DB2-specific protocol to communicate with the remote database instance.
The Type 2 network driver (COM.ibm.db2.jdbc.net.DB2Driver) does not require local client software or a local database. It does require that the DB2 Java Daemon (db2jd) be running on the target server. (In most production environments, the target server is a separate host, but the network driver works as well with a local database instance.) This daemon is not started by default, but the database administrator can start it manually or configure it to start automatically when the database instance starts.
The Type 4 network driver (COM.ibm.db2.jcc.DB2Driver) connects directly to the DB2 database.
DB2 Setup
Follow these steps to set up DB2.
Note
See Supported Software and Environments for supported database server versions, and for download or product locations.
- Install DB2 or confirm the connection to a DB2 database.
- Connect to the DB2 instance as a user with privileges to create users and tables.
- Create the database. To do this:
- Copy the create_waveset_tables.db2 script from the db_scripts directory on the installation CD (or from the idm\sample directory if you have already installed) to a temporary location.
- Modify the create_waveset_tables.db2 script:
- Change the user password.
- Change the path for the CREATE_TABLESPACE command to a location appropriate for your environment.
Note
Your database administrator may want to modify the script to meet site-specific requirements for backup, replications, disk allocation, distribution, or other considerations.
Create the new tables by using the following command:
On Windows
db2 -tvf create_waveset_tables.db2
On UNIX
db2 -tvf create_waveset_tables.db2
Setting Up SQL Server
Follow these steps to set up SQL Server.
Note
See Supported Software and Environments for supported database server versions, and for download or product locations.
- Install Microsoft SQL Server or confirm the connection to a SQL Server installation.
- Create the database. To do this:
- Copy the create_waveset_tables.sqlserver script from the db_scripts directory on the installation CD (or from the idm\sample directory if you have already installed) to a temporary location.
- Modify the create_waveset_tables.sqlserver script to change the login password.
Note
Your database administrator may want to modify the script to meet site-specific requirements for backup, replications, disk allocation, distribution, or other considerations.
- Create the new tables by executing the create_waveset_tables.sqlserver script, located on the installation CD; for example:
osql -E -i PathToFile\create_waveset_tables.sqlserver
- Download and install the Microsoft SQL Server 2005 Driver for JDBC. To do this:
Set Up a Service Provider Edition Transaction Database
If you are installing Identity Manager Service Provider Edition, then you must set up a database in which to store transaction data. If you plan to do this, use one of the following sample scripts as a starting point for creating your transaction database:
Use the procedures outlined in Set Up an Index Database to guide you through the process of creating a transaction database.
Globalization Configuration
Inconsistent encodings may introduce certain globalization issues, such as incorrect handlings of multibyte characters. Make sure the locale or encoding is consistent with the following software in Identity Manager (IDM) deployment environment:
In globalized environments, UTF-8 should be implemented on all products.
Refer to the documentation for these products for information about setting the locale/encoding. Also, when loading or unloading data via CSV or XML files, ensure that their encodings are consistent with Identity Manager’s deployment environment encoding to retain data integrity. For enabling localization support see Enabling Language Support.
What's Next?
Use the procedures outlined in one of the following chapters to install and set up Identity Manager for your application server type:
Before you begin installing Identity Manager, note that by default, the waveset.serverId Java system property is the name of the machine the application server is installed on. If you need to set this property to another value (for example, the application server machine contains multiple application server installations), add the following command to the startup script for your application server.
-Dwaveset.serverId=Name