1. Security Guide
  2. Performing a Secure Offline Mediation Controller Installation

2 Performing a Secure Offline Mediation Controller Installation

This chapter describes recommended installation steps for Oracle Communications Offline Mediation Controller.

For information about installing Offline Mediation Controller, see Offline Mediation Controller Installation Guide.

Preinstallation Tasks

Perform the following preinstallation tasks:

  • Before installing Offline Mediation Controller with the Complete installation option, you must have the empty OUD instance with the base DN configured as:

    dc=ocomcexample.com

    If you want to install Offline Mediation Controller with a different base DN, see the discussion about configuring authentication using a different DN in Offline Mediation Controller Installation Guide.

  • Configure Oracle Database advanced security encryption and integrity algorithms for a secure connection from the installer. See the Oracle Database documentation for advanced security configuration parameters. This is required for the Offline Mediation Controller installer to make a secured (encrypted) database connection over the network. For more details, see Oracle Database Advanced Security Guide.

  • Verify that you have installed the latest supported version of JDK. See Offline Mediation Controller Compatibility Matrix for more information.

Installing Offline Mediation Controller Securely

When installing a deployment that includes the Administration Server, you must choose the Complete installation option to ensure that Oracle Unified Directory (OUD) is configured. For deployments on a node host that does not need the Administration Server, you can choose the Custom installation and select only the required components. See Offline Mediation Controller Installation Guide for more information.

During the Offline Mediation Controller installation, the following log files are generated in the oraInventory/logs folder. See the Oracle Universal Installer documentation for more information.

  • installActionTimeStamp.log

  • oraInstallTimeStamp.err

  • oraInstallTimeStamp.out

  • silentInstallTimeStamp.log (for silent mode installation)

    where TimeStamp is the date and time the log file was created.

The installActionTimeStamp.log and oraInstallTimeStamp.err files include details in clear text form entered in the Offline Mediation Controller installation screens. Passwords entered in the screen are not logged in any of the Offline Mediation Controller installation logs. Delete these files if you do not need them for future reference, or protect them appropriately if you do require them. These log files are created with the file-level permission 640 (owner can read/write, group members can read, others cannot do anything).

Postinstallation Tasks

Perform the following tasks after installing Offline Mediation Controller:

Configuring Certificates

To configure certificates:

  1. Create the Node Manager certificate and import it to the Administrator Server truststore. See the discussion of postinstallation tasks in Offline Mediation Controller Installation Guide.

  2. Create the Administration Server certificate and import it to the Administration Client truststore. See the discussion of postinstallation tasks in Offline Mediation Controller Installation Guide.

  3. If you need to connect to a different Node Manager or Node Host by using a single Administration Server in secure mode,
    • Create a single certificate for one of your Node Managers. This certificate will be used by all Node Managers in the chain.
    • Import the shared Node Manager certificate, OMC_home/config/nodemgr/nodeManager.cer into the corresponding adminServerTruststore.jks file on your remote Administration Server. You can use the following command on the machine where the Administration Server is installed: 
    $OMC_HOME/jre/bin/keytool -import -v -trustcacerts -alias <alias name> -file <nodeManager.cer file path> -keystore $OMC_HOME/config/adminserver/adminServerTruststore.jks
    This command asks you for the truststore password. Make sure you give different aliases for different node managers while running this import command.

    Note:

    You must have at least one certificate with the alias "nodeManager" present in the truststore. You can import any valid certificate with this specific alias (nodeManager). This certificate can be different from the shared certificate used by the Node Managers.

  4. After completing these steps, stop and restart Offline Mediation Controller.

Encoding Keystore Passwords

When secure communication is enabled, you must run the encode script to encode keystore passwords for the Administration Server and the Node Manager. You then add the encoded password to the following configuration files:

  • Administration Server: OMC_home/config/adminserver/ASkeystore.cfg

  • Node Manager: OMC_home/config/nodemgr/NMkeystore.cfg

See Offline Mediation Controller Installation Guide for more information.

Setting File Permissions

Oracle recommends keeping file permissions as restrictive as possible.

After installing Offline Mediation Controller, if you are configuring a JDBC Distribution cartridge, make sure that the file permission for its configuration file is set to 600.

The default permissions set for the installed files are as follows:

  • For non-executable files: 600

  • For executable files: 700

Uninstalling Offline Mediation Controller

The following files remain in the system after uninstalling Offline Mediation Controller:

  • Install logs in oraInventory/logs.

  • OMC_home/oui/data.properties: This file is used to auto-populate the data during re-installs.

Delete these files if you do not need them or protect them appropriately if they are required for further installations.