Chapter 1 Before You Install

Use the information and procedures in the following sections to prepare for installation of Identity Manager:

For information about upgrading to Identity Manager 8.0, refer to the Identity Manager Upgrade guide.

Supported Software and Environments

Refer to the Identity Manager Release Notes for detailed information about software and environments that are compatible with Identity Manager.

Memory Requirements

You should determine your memory needs and set values in your application server's JVM. Do this by adding maximum and minimum heap size to the Java command line; for example:


Note	For best performance, set these values to the same size. Depending on your specific implementation, you may need to increase these recommended values if you run reconciliation.

For performance tuning purposes, you may also set the following in the waveset.property file:



Note	The max.post.memory.size specifies the maximum number of bytes that a posted file (for example., via an HTML FileSelect control) may contain without being spooled to the disk. For cases where you do not have permission to write to temp files, you should increase the max.post.memory.size to avoid having to spool to the disk. The default value is 8 Kbytes.

For additional system requirements and information, refer to the Identity Manager release notes.

Setup Task Flow

Depending on your choice of application server and database, the steps you will follow for setup differ. In general, you will:

Perform prerequisite tasks, such as installing a Java compiler and JVM, and setting up an index database

Install and configure an application server

Install and configure the Identity Manager software



Note	The installer now supports upgrading installations that have renamed/deleted/disabled the default Configurator account. The installer now prompts for the proper username and password that can import the update.xml during the upgrade post process. If the incorrect user or password is entered the user is prompted up to three times. The error should be displayed in the text box behind it. For manual installation you must provide the -U <username> -P <password> in order to pass the credentials to UpgradePostProcess.



Note	When installing Identity Manager on UNIX or Linux systems, the /var/opt/sun/install directory must exist and be writable by the user running the installer.

When using application servers with staging directories, keep the staging directory that was used for Identity Manager installation after deploying the product.

Optionally set up the Sun Identity Manager Gateway

Optionally set up PasswordSync

For some application server types and preferences, these general steps are combined, performed in a different order, or eliminated entirely.

Prerequisite Tasks

Decide Where to Store Index Repository Files

Set Up a Java Virtual Machine and Java Compiler

Set Up an Index Database

What's Next?

Decide Where to Store Index Repository Files

You must create the directory where you will store application files before launching the installation program. You can store application files in a staging folder, or you can install into your application server's Web application directory.

Using a Staging Directory

Because the applications are based on J2EE Web, you can store them in a staging folder. This staging folder is used to deploy the application into your specific application server. Typically, a Web Application Archive (.war) file is created for use in the deployment steps.

Using a Web Application Directory

You may choose to install directly into an application server's Web application directory. In this case, you will specify the Web application directory during installation. The installation program will place the Identity Manager files in folder named idm in that location by default.


Note	When using a localfiles index repository in a WebSphere application server environment, set the localfiles repository to a location outside of the Identity Manager directory.



Note	For an Oracle RAC environment as Identity Manager repository, connecting with thin driver, use the following format as url parameter in lh setup: jdbc:oracle:thin:@(DESCRIPTION=(LOAD_BALANCE=on) (ADDRESS=(PROTOCOL=TCP)(HOST=host01)(PORT=1521))( ADDRESS=(PROTOCOL=TCP)(HOST=host02)(PORT=1521)) (ADDRESS=(PROTOCOL=TCP)(HOST=host03)(PORT=1521)) (CONNECT_DATA=(SERVICE_NAME=PROD)))

Set Up a Java Virtual Machine and Java Compiler

The application requires a Java compiler and a Java Virtual Machine (JVM) to run the Java classes that perform actions within Identity Manager. Both of these can be found in a Java SDK. (The JRE packages do not include a Java compiler.)



Note	Many application servers include a JDK bundled with their installation. The JDK version that is shipped with the application server is always preferred to any other JDK installed on your server. You can run Identity Manager on BEA WebLogic application servers with all WebLogic-supported 1.5 JVMs. You should add JAVA_HOME to your list of system environment variables and to your system path. To do this, add JAVA_HOME to your system environment and JAVA_HOME\bin to your path, making sure to list it before any other Java variables. While adding JAVA_HOME to your list of system environment variables is helpful for Identity Manager, it may affect other applications.

Set Up an Index Database

You should use a third-party relational database to store the system index data. If you plan to do this, use the general procedures in this section as guidelines when setting up the index database. Your database administrator may choose to customize the provided scripts to suit your site-specific configuration and standards.



Caution	If you store the Index data in a local file system, you should select a location outside of the application or Web server directory structure. The dynamic directories created for the index data cannot be protected from intruders who might use a Web browser to scan directories serviced by the Web server.

About the Sample Database Scripts

Identity Manager provides sample database scripts that you can modify and use to create tables and indexes. You may choose to use an alternate method to create equivalent tables and indexes, but must meet these requirements:


Note	You must configure your database with a character set that will support the characters that you want to store. If you need to store multi-byte characters, you should use a character set (such as UTF-8) that supports Unicode.

Tables (or views) must exist with the names specified in the sample DDL.

Each named table (or view) must be owned by (or aliased to) the proxy user that is represented as “waveset” in the sample DDL.

Each named table (or view) must contain all the columns specified for that table in the sample DDL.

Each named column must have a data type that is consistent with the data type specified for that column in the sample DDL.

You can modify the sample scripts to suit your environment. Common changes include:

Specifying a different proxy user

Specifying different tablespaces, or separate tablespaces for tables and indexes

Changing a data type. This is acceptable if a view or the JDBC driver makes the change transparent.

Adding columns. This is acceptable if each column is nullable or defaulted.

Removing or renaming columns. This is acceptable if a view makes this transparent.

Renaming indexes



Note	If you make changes to the sample scripts, then you must make equivalent changes to any sample database upgrade scripts that you receive in the future.

If you choose to set up Index data in regular files in a file system, skip to the chapter detailing Identity Manager installation. Otherwise, go to one of the sections in this chapter to set up:

MySQL

Oracle

DB2

SQL Server

Setting Up MySQL


Note	See Supported Software and Environments for supported database server versions, and for download or product locations.

Install the MySQL software. Start the MySQL process (if it does not start automatically).

Create the database. To do this:

Copy the create_waveset_tables.mysql script from the db_scripts directory on the installation CD (or from the idm\sample directory if you have already installed) to a temporary location.

Modify the create_waveset_tables.mysql script to change the database user password.

Create the new tables by using one of the following commands:

On Windows

c:\mysql\bin\mysql -u root < create_waveset_tables.mysql

On UNIX

$MYSQL/bin/mysql -u root < create_waveset_tables.mysql

Setting Up Oracle


Note	See Supported Software and Environments for supported database server versions, and for download or product locations.

Install Oracle or confirm the connection to an Oracle database.

Connect to the Oracle instance as a user with privileges to create users and tables.

Create the database. To do this:

Copy the create_waveset_tables.oracle script from the db_scripts directory on the installation CD (or from the idm\sample directory if you have already installed) to a temporary location.

Modify the create_waveset_tables.oracle script:

Change the user password.

Change the path for DATAFILE to point to the location for your waveset.dbf data file.



Note	Your database administrator may want to modify the script to meet site-specific requirements for backup, replications, disk allocation, distribution, or other considerations.

Create the new tables by using the following command:

On Windows

sqlplus dbausername/dbapassword @create_waveset_tables.oracle

On UNIX

sqlplus dbausername/dbapassword @create_waveset_tables.oracle

Setting Up DB2

JDBC Access Considerations

DB2 offers two types of JDBC access, each of which requires a different URL format. The setup process allows you to select a preferred driver and automatically displays the corresponding URL template.

The application driver (COM.ibm.db2.jdbc.app.DB2Driver) requires local client software and a local database instance. Since DB2 runs on a separate (often dedicated) host in most production environments, the local database instance usually contains an alias to the remote database instance. In this configuration, the local database instance uses a DB2-specific protocol to communicate with the remote database instance.

The Type 2 network driver (COM.ibm.db2.jdbc.net.DB2Driver) does not require local client software or a local database. It does require that the DB2 Java Daemon (db2jd) be running on the target server. (In most production environments, the target server is a separate host, but the network driver works as well with a local database instance.) This daemon is not started by default, but the database administrator can start it manually or configure it to start automatically when the database instance starts.

The Type 4 network driver (COM.ibm.db2.jcc.DB2Driver) connects directly to the DB2 database.



Note	When using the type 4 driver (in a direct connection) with DB2 8.1.2 and above, download the following driver: com.ibm.db2.jcc.DB2Driver The following files that need to be in the $WSHOME/WEB-INF/lib directory: db2jcc db2jcc_license_cisuz.jar or db2jcc_license_cu.jar

DB2 Setup


Note	See Supported Software and Environments for supported database server versions, and for download or product locations.

Install DB2 or confirm the connection to a DB2 database.

Connect to the DB2 instance as a user with privileges to create users and tables.

Create the database. To do this:

Copy the create_waveset_tables.db2 script from the db_scripts directory on the installation CD (or from the idm\sample directory if you have already installed) to a temporary location.

Modify the create_waveset_tables.db2 script:

Change the user password.

Change the path for the CREATE_TABLESPACE command to a location appropriate for your environment.



Note	Your database administrator may want to modify the script to meet site-specific requirements for backup, replications, disk allocation, distribution, or other considerations.

Create the new tables by using the following command:

On Windows

db2 -tvf create_waveset_tables.db2

On UNIX

db2 -tvf create_waveset_tables.db2

Setting Up SQL Server


Note	See Supported Software and Environments for supported database server versions, and for download or product locations.

Install Microsoft SQL Server or confirm the connection to a SQL Server installation.

Create the database. To do this:

Copy the create_waveset_tables.sqlserver script from the db_scripts directory on the installation CD (or from the idm\sample directory if you have already installed) to a temporary location.

Modify the create_waveset_tables.sqlserver script to change the login password.



Note	Your database administrator may want to modify the script to meet site-specific requirements for backup, replications, disk allocation, distribution, or other considerations.

Create the new tables by executing the create_waveset_tables.sqlserver script, located on the installation CD; for example:

osql -E -i PathToFile\create_waveset_tables.sqlserver



Note	You must have privileges to create databases and logins.

Download and install the Microsoft SQL Server 2005 Driver for JDBC. To do this:

Go to http://www.microsoft.com/downloads website.

In the Search for a Download area, enter “SQL Server JDBC” in the keywords field, and then click Go.

Locate, download, and install the correct version of the driver for your installation.



Note	During installation, you will pause to install this driver and the Microsoft .jar files (installed with the driver) before continuing setup. Refer to the installation procedures in the following chapters for instructions.

Set Up a Service Provider Transaction Database

If you are installing Identity Manager Service Provider, then you must set up a database in which to store transaction data. If you plan to do this, use one of the following sample scripts as a starting point for creating your transaction database:

create_spe_tables.oracle

create_spe_tables.db2

Use the procedures outlined in Set Up an Index Database to guide you through the process of creating a transaction database.

Globalization Configuration

Inconsistent encodings may introduce certain globalization issues, such as incorrect handlings of multibyte characters. Make sure the locale or encoding is consistent with the following software in Identity Manager (IDM) deployment environment:


Note	You must configure your database with a character set that supports the characters that you want to store. If you need to store multi-byte characters, you should use a character set (such as UTF-8) that supports Unicode.

Application server instance

Database

Java Virtual Machine (JVM)

Refer to the documentation for these products for information about setting the locale/encoding. Also, when loading or unloading data via CSV or XML files, ensure that their encodings are consistent with Identity Manager’s deployment environment encoding to retain data integrity. For enabling localization support see Enabling Language Support.

What's Next?

Use the procedures outlined in one of the following chapters to install and set up Identity Manager for your application server type:

Installing Identity Manager for Tomcat

Installing Identity Manager for WebLogic

Installing Identity Manager for WebSphere

Installing Identity Manager for Sun Application Server.

Installing Identity Manager for JBoss

Before you begin installing Identity Manager, note that by default, the waveset.serverId Java system property is the name of the machine the application server is installed on. If you need to set this property to another value (for example, the application server machine contains multiple application server installations), add the following command to the startup script for your application server.

Previous Contents Index Next
Sun[TM] Identity Manager 8.0 Installation Guide