Installing WebLogic Server v8.1 Security Service Module

Installing

The following sections provide the information you need to install the WebLogic Server 8.1 Security Service Module:

Note: For installation information on other security service modules, see the associated installation guides.

Before You Begin

Before you begin this installation procedure, make sure you do the following:

Note: If you start the installation process from the command line or from a script, you can specify the -log option to generate a verbose installation log. For instructions on how to generate a verbose log file during installation, see Generating a Verbose Installation Log.

Install WebLogic Server 8.1.
Download and read the Release Notes from: http://download.oracle.com/docs/cd/E13169_01/ales/docs21/download.html
Install the Administration Server and related components.
Ensure the system requirements are met as described in Installation Prerequisites.

Generating a Verbose Installation Log

If you start the installation process from the command line or from a script, you can specify the -log option to generate a verbose installation log. The installation log lists messages about events during the installation process, including informational, warning, error, and fatal messages. This can be especially useful for silent installations.

Note: You may see some warning messages during in the installation log. However, unless there is a fatal error, the installation program will complete the installation successfully. The installation user interface will indicate the success or failure of the installation, and the installation log file will include an entry indicating that the installation was successful.

To generate a verbose log file during installation, include the -log=/full_path_to_log_file option in the command line or script. For example:

For Windows:

ales211ssm_win32.exe -log=D:\logs\ales_install.log -log_priority=debug

For Sun Solaris:

ales211ssm_solaris32.bin -log=/opt/logs/ales_install.log -log_priority=debug

For Linux:

For Red Hat 2.1: ales211ssm_rhas21_IA32.bin -log=/opt/logs/ales_install.log -log_priority=debug
For Red Hat 3.0: ales211ssm_rhas3_IA32.bin -log=/opt/logs/ales_install.log -log_priority=debug

For IBM AIX:

java -jar ales211ssm_aix32.jar -log=/opt/logs/ales_install.log -log_priority=debug

The path must be the full path to a file name. If the file does not exist, all folders in the path must exist before you execute the command or the installation program will not create the log file.

Starting the Installation Program

The procedure for starting the installation program varies depending the platform on which install BEA AquaLogic Enterprise Security. Therefore, separate instructions are provided for each supported platform.

Note: In a production environment, BEA recommends that you install the Security Service Modules on machines other than the machine on which the Administration Server is installed.

To start the installation program, refer to the appropriate section listed below:

Starting the Installation Program on a Windows Platform

Note: Do not install the software from a network drive. Download the software distribution to a local drive on your machine and install it from there. Also, on a Windows platform, the file system used must be NTFS, not FAT. To check the file system format, open Windows Explorer and right-click the hard drive on which you intend to do the installation and select Properties.

To install the application in a Microsoft Windows environment:

Shut down any programs that are running.

If you are installing from a CD-ROM, go to step 4. If you want to install the product by downloading it from the BEA web site:

Contact BEA Sales at http://www.bea.com/framework.jsp?CNT=sales1.htm&FP=/content/about/contact/ and request a download.

Go to the directory where you downloaded the installation file and double-click ales211ssm_win32.exe.

The AquaLogic Enterprise Security - Security Service Module installer window appears (see Figure 3-1).

Proceed to Running the Installation Program.

If you are installing from a CD-ROM:

Insert Disk 1 into the CD-ROM drive.

If the installation program does not start automatically, open Windows Explorer and double-click the CD-ROM icon.

From the installation CD, double-click ales211ssm_win32.exe.

The AquaLogic Enterprise Security - Security Service Module installer window appears (see Figure 3-1).

Proceed to Running the Installation Program.

Starting the Installation Program on a Sun Solaris Platform

To run graphical-mode installation, your console must support a Java-based GUI. If the installation program determines that your system cannot support a Java-based GUI, the installation program automatically starts console-mode installation.

Shut down any programs that are running.

Open a command-line shell.

If you are installing from a CD-ROM, go to step 5. If you want to install the product by downloading it from the BEA web site:

Contact BEA Sales at http://www.bea.com/framework.jsp?CNT=sales1.htm&FP=/content/about/contact/ and request a download.

Go to the directory where you downloaded the file and change the protection on the install file:

chmod u+x ales211ssm_solaris32.bin

Start the installation: ales211ssm_solaris32.bin

The AquaLogic Enterprise Security - Security Service Module installer window appears (see Figure 3-1).

Proceed to Running the Installation Program.

If you are installing from a CD-ROM:

Insert the Disk 1 into the CD-ROM drive.

In a command shell, go to the directory where you installed the CD-ROM and change the protection on the install file:

chmod a+x ales211ssm_solaris32.bin

Enter this command to start the installation: ales211ssm_solaris32.bin

The AquaLogic Enterprise Security - Security Service Module installer window appears (see Figure 3-1).

Proceed to Running the Installation Program.

Starting the Installation Program on a Linux Platform

Shut down any programs that are running.

Set your DISPLAY variable if needed.

Open a command-line shell.

If you are installing from a CD-ROM, go to step 6. If you want to install the product by downloading it from the BEA web site:

Contact BEA Sales at http://www.bea.com/framework.jsp?CNT=sales1.htm&FP=/content/about/contact/ and request a download.

Go to the directory where you downloaded the file and change the protection on the install file:

For Red Hat 2.1: chmod u+x ales211ssm_rhas21_IA32.bin
For Red Hat 3.0: chmod u+x ales211ssm_rhas3_IA32.bin

Start the installation:

For Red Hat 2.1: ales211ssm_rhas21_IA32.bin
For Red Hat 3.0: ales211ssm_rhas3_IA32.bin
The AquaLogic Enterprise Security - Security Service Module installer window appears (see Figure 3-1).

Proceed to Running the Installation Program.

If you are installing from a CD-ROM:

Insert the Disk 1 into the CD-ROM drive.

In a command shell, go to the directory where you installed the CD-ROM and enter this command to change the protection on the install file:

For Red Hat 2.1: chmod u+x ales211ssm_rhas21_IA32.bin
For Red Hat 3.0: chmod u+x ales211ssm_rhas3_IA32.bin

Enter this command to start the installation:

For Red Hat 2.1: ales211ssm_rhas21_IA32.bin
For Red Hat 3.0: ales211ssm_rhas3_IA32.bin
The AquaLogic Enterprise Security - Security Service Module installer window appears (see Figure 3-1).

Proceed to Running the Installation Program.

Starting the Installation Program on an IBM AIX Platform

Open a command-line shell.

Download the Security Service Module installation file, ales211ssm_aix32.jar, from the BEA web site. Contact BEA Sales at http://www.bea.com/framework.jsp?CNT=sales1.htm&FP=/content/about/contact/ to request a download.

Start the installation with this command:

java -jar ales211ssm_aix32.jar

The AquaLogic Enterprise Security - Security Service Module installer window appears (see Figure 3-1).

Proceed to Running the Installation Program.

Figure 3-1 AquaLogic Enterprise Security SSM Installer Window

AquaLogic Enterprise Security SSM Installer Window

Running the Installation Program

The installation program prompts you to enter specific information about your system and configuration as described in Table 3-1. To complete this procedure you need the following information:

Name of the BEA_HOME directory
Name of the product directory

Note: If this is the first AquaLogic Enterprise Security product you have installed on this machine, the Service Control Manager is also included as part of the installation (which requires additional inputs, such as the Service Control Manager directory).

Table 3-1 Running the Installation Program

In this Window:	Perform this Action:
Welcome	Click Next to proceed, or cancel the installation at any time by clicking Exit.
BEA License Agreement	Read the BEA Software License Agreement, and then select Yes to indicate your acceptance of the terms of the agreement. To continue with the installation, you must accept the terms of the license agreement, click Yes, and then click Next.
Choose BEA Home Directory	Specify the BEA Home directory that serves as the central support directory for all BEA products installed on the target system. If you already have a BEA Home directory on your system, you can select that directory (recommended) or create a new BEA Home directory. If you choose to create a new directory, the installer program automatically creates the directory for you. For details about the BEA Home directory, see BEA Home Directory.
Choose product to install	Select ALES SSM for WLS8.1 component, clear the other check boxes, and click Next.
Choose Product Directory	Specify the directory in which you want to install the product software, and then click Next. You can accept the default product directory (`C:\bea\ales21-ssm\wls-ssm`) or you can create a new product directory. Note: If you are installing on a machine with existing BEA AquaLogic Enterprise products or on a machine that you intend to install other BEA AquaLogic Enterprise products (for example, the Administration Server or another Security Service Module) you must select a different directory. For additional information and a description of the resulting directory structure, see Product Installation Directory. If you choose to create a new directory, the installation program automatically creates the directory for you, if necessary. When you click Next, the installation program begins copying the components you specified to your system. If you have installed other products then you will see Installation Complete. Otherwise, continue installing the Service Control Manager.
Choose Service Control Manager Directory	Specify the directory in which to install the Service Control Manager. You can accept the default directory (`ales21-scm`) or you can create a new one. Click Next to continue.
Select Users and Groups	Specify the user names and group names to use for the Service Control Manager and Administration Server. You can accept the default settings or create a new ones. Note: When installing this product for use in a production environment, BEA recommends that you set these passwords to known values; otherwise you will not be able to modify them later. For example, you may want to modify these passwords to comply with organizational requirements. Admin User (asiadmin)—A local user account used to start the Administration Server components. Admin Group (`asiadgrp`)—Administration Server group. Members of this group have full access to Administration Server and log files; they can start and stop the Administration Server components. SCM User (`scmuser`)—A local user account used to start the Service Control Manager. Security Group (`asiusers`)—Service Control Manager Group. Members of this group are allowed to use the AquaLogic Enterprise Security products. Click Next to continue.
Confirm User Selection	If the users and groups do not exist, they are created for you. If you specified users and groups other than the defaults, verify the values you entered are correct, and then click Next.
User Passwords (Windows only)	Specify the password for the Administration Server User and Service Control Manager User. You can also choose the default passwords that are randomly generated. Note: If any of the users exist you must enter their passwords; the passwords are not generated randomly. Passwords are case sensitive. If you are installing the Administration Server in a production environment, BEA recommends using secure user names and passwords, and not those that are randomly generated. Click Next to continue.
Choose Network Interface	Select the network interfaces to which to bind the Service Control Manager. This is the IP Address used to listen for requests to provision policy and configuration data. Note: If you are installing the security service module in a production environment with more than one network card, you want to select a protected (internal) interface; you do not want to expose the Service Control Manager through a public address. Click Next to continue.
Configure Enterprise Domain for Service Control Manager	Enterprise Domain Name—The enterprise domain name is used to link all of the AquaLogic Enterprise Security components. Note: This is same enterprise domain name that you entered when you installed the BEA AquaLogic Enterprise Security Administration Server. SCM Logical Name—The name you assign to the Service Control Manager during this installation. SCM Port—Port used by the Service Control Manager to receive configuration and policy data from the Administration Server; may not be used by any other server. Note: The SCM values are different the SCM values defined when you installed the BEA AquaLogic Enterprise Security Administration Server. Primary Server URL—The address used by your Administration Server. Backup Server URL—If you have a second Administration Server installed for the purpose of failover or backup, enter its address here. This field is optional and may be left blank.
Installation Complete	Indicates that the installation completed successfully. Click Done to finish the installation.

Installing the SSM Without Root Privileges

It is highly recommended that you install ALES Security Service Modules using root privileges. This enables the product to create users and groups required to set up the ALES product automatically and also change permissions of files after installation. However, in some situations you may not have access to the root account. This section describes how to install and configure an SSM on UNIX without access to the root login. In this section, we assume that the user (login) name is alesuser, which belongs to the group alesgroup.

If you do not have root privileges, the SSM installer will try to install the Service Control Manager (SCM) regardless whether you have installed the ALES Administration Server on this machine before. If you have installed the ALES Administration Server before, you have to back up the SCM installation before you start to install the SSM.

For information about installing the Administration Server without root privileges, see Installing Without Root Privileges in Installing the Administration Server.

To install the SSM without root privileges:

If you have the ALES Administration Server installed on the same machine, stop the servers if they are running:

$ADMINHOME/bin/WLESadmin.sh stop

$SCMHOME/bin/WLESscm.sh stop

If you have the ALES Administration Server installed on the same machine, rename the $SCMHOME/ales21-scm folder:

mv ales21-scm/ ales21-scm-admin

Run the SSM installer using the -Dales.skip.admin.test=true command line argument. For example:

ales211ssm_rhas3_IA32.bin -Dales.skip.admin.test=true

In response to the installation program prompts, specify the username of the current user (asiadmin) as the name of the "Admin user" and asiadgrp as the "Admin group". Specify scmuser as the name of the "SCM user" and asiusers as the "Security group".

If you have the ALES Administration Server installed on this machine, enter the same "Enterprise domain name" as you entered when you installed the Administration Server (by default the domain is "asi"). Enter adminconfig as the "SCM logical name". Enter 7013 as the SCM port, assuming you have selected the default SSL ports (7010) during your Administration Server installation. Enter the "Primary Server URL" (by default, https://localhost:7010/asi).

If you have the ALES Administration Server installed on this machine, restore the $SCMHOME/ales21-scm folder from the ALES Administration Server installation.

mv ales21-scm-admin/ ales21-scm

Start the servers in different terminals.

$SCMHOME/bin/WLESscm.sh console

$ADMINHOME/bin/WLESblm.sh console

$ADMINHOME/bin/WLESarme.sh console

$ADMINHOME/bin/WLESWebLogic.sh console

You can start the servers subsequently with the "start" parameter instead of the "console" parameter and they will start in the background as daemon processes. $SCMHOME/bin/WLESscm.sh start $ADMINHOME/bin/WLESadmin.sh start

What's Next

Now that you have installed the necessary software, you must enroll the Service Control Manager, create an instance of the Security Service Module and enroll the instance, and then start the services. For additional instructions, see Post Installation Tasks.